agent-threat-rules 0.4.0 → 1.0.0

package/dist/shadow-evaluator.js

@@ -1,128 +0,0 @@
-/**
- * Shadow Evaluator -- runs experimental rules without affecting verdict.
- *
- * Experimental rules evaluate against every event but don't influence
- * the real verdict. Their match/no-match results are tracked to measure
- * false positive rates. Rules with FP < threshold get promoted.
- *
- * @module agent-threat-rules/shadow-evaluator
- */
-export class ShadowEvaluator {
-    rules = [];
-    stats = new Map();
-    compiledPatterns = new Map();
-    /** Add an experimental rule for shadow evaluation */
-    addRule(rule) {
-        if (this.rules.some((r) => r.id === rule.id))
-            return; // dedup
-        this.rules.push(rule);
-        this.stats.set(rule.id, {
-            ruleId: rule.id,
-            totalEvaluations: 0,
-            totalMatches: 0,
-            confirmedTruePositives: 0,
-            confirmedFalsePositives: 0,
-            firstSeen: Date.now(),
-            lastSeen: Date.now(),
-        });
-    }
-    /** Evaluate all shadow rules against an event (does NOT affect verdict) */
-    evaluate(event) {
-        const matches = [];
-        for (const rule of this.rules) {
-            const stat = this.stats.get(rule.id);
-            if (!stat)
-                continue;
-            stat.totalEvaluations++;
-            stat.lastSeen = Date.now();
-            // Simple regex evaluation for shadow rules
-            const detection = rule.detection;
-            const conditions = Array.isArray(detection.conditions)
-                ? detection.conditions
-                : Object.values(detection.conditions);
-            let matched = false;
-            for (const cond of conditions) {
-                const c = cond;
-                const value = c['value'];
-                const field = c['field'];
-                if (!value || !field)
-                    continue;
-                const text = event.fields?.[field] ?? event.content ?? '';
-                try {
-                    let regex = this.compiledPatterns.get(value);
-                    if (!regex) {
-                        regex = new RegExp(value, 'i');
-                        this.compiledPatterns.set(value, regex);
-                    }
-                    if (regex.test(text)) {
-                        matched = true;
-                        break;
-                    }
-                }
-                catch {
-                    // Invalid regex
-                }
-            }
-            if (matched) {
-                stat.totalMatches++;
-                matches.push({
-                    rule,
-                    matchedConditions: ['shadow'],
-                    matchedPatterns: ['shadow-match'],
-                    confidence: 0.5, // Shadow matches have reduced confidence
-                    timestamp: new Date().toISOString(),
-                });
-            }
-        }
-        return matches;
-    }
-    /** Record user feedback on a shadow match */
-    recordFeedback(ruleId, isTruePositive) {
-        const stat = this.stats.get(ruleId);
-        if (!stat)
-            return;
-        if (isTruePositive) {
-            stat.confirmedTruePositives++;
-        }
-        else {
-            stat.confirmedFalsePositives++;
-        }
-    }
-    /**
-     * Get rules ready for promotion.
-     * Criteria: FP rate < maxFPRate AND minimum evaluations reached.
-     */
-    getPromotionCandidates(maxFPRate = 0.001, minEvaluations = 1000) {
-        const candidates = [];
-        for (const rule of this.rules) {
-            const stat = this.stats.get(rule.id);
-            if (!stat || stat.totalEvaluations < minEvaluations)
-                continue;
-            const fpRate = stat.totalMatches > 0
-                ? stat.confirmedFalsePositives / stat.totalMatches
-                : 0;
-            // Only promote if:
-            // 1. Has been evaluated enough times
-            // 2. FP rate is below threshold
-            // 3. Has at least some matches (not a dead rule)
-            if (fpRate <= maxFPRate && stat.totalMatches > 0) {
-                candidates.push({ rule, stats: { ...stat }, fpRate });
-            }
-        }
-        return candidates;
-    }
-    /** Get stats for a specific rule */
-    getStats(ruleId) {
-        const stat = this.stats.get(ruleId);
-        return stat ? { ...stat } : undefined;
-    }
-    /** Get all shadow rule stats */
-    getAllStats() {
-        return new Map(Array.from(this.stats.entries()).map(([k, v]) => [k, { ...v }]));
-    }
-    /** Number of shadow rules */
-    size() {
-        return this.rules.length;
-    }
-}
-//# sourceMappingURL=shadow-evaluator.js.map

package/dist/shadow-evaluator.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"shadow-evaluator.js","sourceRoot":"","sources":["../src/shadow-evaluator.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAoBH,MAAM,OAAO,eAAe;IACT,KAAK,GAAc,EAAE,CAAC;IACtB,KAAK,GAAG,IAAI,GAAG,EAA2B,CAAC;IAC3C,gBAAgB,GAAG,IAAI,GAAG,EAAkB,CAAC;IAE9D,qDAAqD;IACrD,OAAO,CAAC,IAAa;QACnB,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,IAAI,CAAC,EAAE,CAAC;YAAE,OAAO,CAAC,QAAQ;QAC9D,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACtB,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,EAAE;YACtB,MAAM,EAAE,IAAI,CAAC,EAAE;YACf,gBAAgB,EAAE,CAAC;YACnB,YAAY,EAAE,CAAC;YACf,sBAAsB,EAAE,CAAC;YACzB,uBAAuB,EAAE,CAAC;YAC1B,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;YACrB,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE;SACrB,CAAC,CAAC;IACL,CAAC;IAED,2EAA2E;IAC3E,QAAQ,CAAC,KAAiB;QACxB,MAAM,OAAO,GAAe,EAAE,CAAC;QAE/B,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YAC9B,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACrC,IAAI,CAAC,IAAI;gBAAE,SAAS;YAEpB,IAAI,CAAC,gBAAgB,EAAE,CAAC;YACxB,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;YAE3B,2CAA2C;YAC3C,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC;YACjC,MAAM,UAAU,GAAG,KAAK,CAAC,OAAO,CAAC,SAAS,CAAC,UAAU,CAAC;gBACpD,CAAC,CAAC,SAAS,CAAC,UAAU;gBACtB,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;YAExC,IAAI,OAAO,GAAG,KAAK,CAAC;YACpB,KAAK,MAAM,IAAI,IAAI,UAAU,EAAE,CAAC;gBAC9B,MAAM,CAAC,GAAG,IAA0C,CAAC;gBACrD,MAAM,KAAK,GAAG,CAAC,CAAC,OAAO,CAAW,CAAC;gBACnC,MAAM,KAAK,GAAG,CAAC,CAAC,OAAO,CAAW,CAAC;gBACnC,IAAI,CAAC,KAAK,IAAI,CAAC,KAAK;oBAAE,SAAS;gBAE/B,MAAM,IAAI,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,OAAO,IAAI,EAAE,CAAC;gBAC1D,IAAI,CAAC;oBACH,IAAI,KAAK,GAAG,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;oBAC7C,IAAI,CAAC,KAAK,EAAE,CAAC;wBACX,KAAK,GAAG,IAAI,MAAM,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;wBAC/B,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;oBAC1C,CAAC;oBACD,IAAI,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;wBACrB,OAAO,GAAG,IAAI,CAAC;wBACf,MAAM;oBACR,CAAC;gBACH,CAAC;gBAAC,MAAM,CAAC;oBACP,gBAAgB;gBAClB,CAAC;YACH,CAAC;YAED,IAAI,OAAO,EAAE,CAAC;gBACZ,IAAI,CAAC,YAAY,EAAE,CAAC;gBACpB,OAAO,CAAC,IAAI,CAAC;oBACX,IAAI;oBACJ,iBAAiB,EAAE,CAAC,QAAQ,CAAC;oBAC7B,eAAe,EAAE,CAAC,cAAc,CAAC;oBACjC,UAAU,EAAE,GAAG,EAAE,yCAAyC;oBAC1D,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;iBACpC,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,6CAA6C;IAC7C,cAAc,CAAC,MAAc,EAAE,cAAuB;QACpD,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACpC,IAAI,CAAC,IAAI;YAAE,OAAO;QAClB,IAAI,cAAc,EAAE,CAAC;YACnB,IAAI,CAAC,sBAAsB,EAAE,CAAC;QAChC,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,uBAAuB,EAAE,CAAC;QACjC,CAAC;IACH,CAAC;IAED;;;OAGG;IACH,sBAAsB,CACpB,YAAoB,KAAK,EACzB,iBAAyB,IAAI;QAE7B,MAAM,UAAU,GAAyB,EAAE,CAAC;QAE5C,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YAC9B,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACrC,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,gBAAgB,GAAG,cAAc;gBAAE,SAAS;YAE9D,MAAM,MAAM,GAAG,IAAI,CAAC,YAAY,GAAG,CAAC;gBAClC,CAAC,CAAC,IAAI,CAAC,uBAAuB,GAAG,IAAI,CAAC,YAAY;gBAClD,CAAC,CAAC,CAAC,CAAC;YAEN,mBAAmB;YACnB,qCAAqC;YACrC,gCAAgC;YAChC,iDAAiD;YACjD,IAAI,MAAM,IAAI,SAAS,IAAI,IAAI,CAAC,YAAY,GAAG,CAAC,EAAE,CAAC;gBACjD,UAAU,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,KAAK,EAAE,EAAE,GAAG,IAAI,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC;YACxD,CAAC;QACH,CAAC;QAED,OAAO,UAAU,CAAC;IACpB,CAAC;IAED,oCAAoC;IACpC,QAAQ,CAAC,MAAc;QACrB,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACpC,OAAO,IAAI,CAAC,CAAC,CAAC,EAAE,GAAG,IAAI,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;IACxC,CAAC;IAED,gCAAgC;IAChC,WAAW;QACT,OAAO,IAAI,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;IAClF,CAAC;IAED,6BAA6B;IAC7B,IAAI;QACF,OAAO,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC;IAC3B,CAAC;CACF"}

package/dist/skill-fingerprint.d.ts

@@ -1,85 +0,0 @@
-/**
- * Skill Behavioral Fingerprint
- *
- * Tracks what each skill "normally does" across invocations, then detects
- * behavioral drift when a previously-trusted skill starts acting differently.
- *
- * Solves the "installed then turns malicious" scenario:
- * - First N invocations: build fingerprint (what APIs, what patterns, what scope)
- * - After fingerprint stabilizes: flag any deviation as anomaly
- *
- * @module agent-threat-rules/skill-fingerprint
- */
-import type { AgentEvent } from './types.js';
-/** Behavioral capabilities observed for a skill */
-interface SkillCapabilities {
-    /** Seen filesystem operations (read/write/delete) */
-    readonly filesystemOps: ReadonlySet<string>;
-    /** Seen network destinations (hostnames) */
-    readonly networkTargets: ReadonlySet<string>;
-    /** Seen environment variable accesses */
-    readonly envAccesses: ReadonlySet<string>;
-    /** Seen child process executions */
-    readonly processExecs: ReadonlySet<string>;
-    /** Seen output patterns (categories: data, error, redirect, exfiltration) */
-    readonly outputPatterns: ReadonlySet<string>;
-}
-/** Immutable fingerprint snapshot */
-export interface SkillFingerprint {
-    readonly skillName: string;
-    readonly invocationCount: number;
-    readonly firstSeen: number;
-    readonly lastSeen: number;
-    readonly isStable: boolean;
-    readonly capabilities: SkillCapabilities;
-    /** Hash of capabilities for quick comparison */
-    readonly capabilityHash: string;
-}
-/** Anomaly when behavior deviates from fingerprint */
-export interface BehaviorAnomaly {
-    readonly skillName: string;
-    readonly anomalyType: 'new_filesystem_op' | 'new_network_target' | 'new_env_access' | 'new_process_exec' | 'new_output_pattern' | 'capability_expansion';
-    readonly description: string;
-    readonly severity: 'low' | 'medium' | 'high' | 'critical';
-    readonly newValue: string;
-    readonly timestamp: number;
-}
-export interface SkillFingerprintConfig {
-    /** Minimum invocations before fingerprint can stabilize (default: 10) */
-    stabilityThreshold?: number;
-    /** Consecutive clean invocations to mark stable (default: 5) */
-    stableStreak?: number;
-}
-export declare class SkillFingerprintStore {
-    private readonly fingerprints;
-    private readonly stabilityThreshold;
-    private readonly stableStreak;
-    constructor(config?: SkillFingerprintConfig);
-    /**
-     * Record a skill invocation and detect behavioral anomalies.
-     * Returns anomalies if the fingerprint was stable and new capabilities appeared.
-     */
-    recordInvocation(skillName: string, event: AgentEvent): readonly BehaviorAnomaly[];
-    /**
-     * Get an immutable fingerprint snapshot for a skill.
-     */
-    getFingerprint(skillName: string): SkillFingerprint | undefined;
-    /** Get all tracked skill names */
-    getTrackedSkills(): string[];
-    /** Get count of stable fingerprints */
-    getStableCount(): number;
-    /** Get total tracked skills */
-    getTrackedCount(): number;
-    /**
-     * Reset a skill's fingerprint (e.g., after a legitimate update).
-     */
-    resetFingerprint(skillName: string): void;
-    /**
-     * Evict fingerprints not seen since cutoffMs ago.
-     */
-    cleanup(cutoffMs: number): number;
-    private getOrCreate;
-    private computeCapabilityHash;
-}
-export {};
-//# sourceMappingURL=skill-fingerprint.d.ts.map

package/dist/skill-fingerprint.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"skill-fingerprint.d.ts","sourceRoot":"","sources":["../src/skill-fingerprint.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAGH,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAU7C,mDAAmD;AACnD,UAAU,iBAAiB;IACzB,qDAAqD;IACrD,QAAQ,CAAC,aAAa,EAAE,WAAW,CAAC,MAAM,CAAC,CAAC;IAC5C,4CAA4C;IAC5C,QAAQ,CAAC,cAAc,EAAE,WAAW,CAAC,MAAM,CAAC,CAAC;IAC7C,yCAAyC;IACzC,QAAQ,CAAC,WAAW,EAAE,WAAW,CAAC,MAAM,CAAC,CAAC;IAC1C,oCAAoC;IACpC,QAAQ,CAAC,YAAY,EAAE,WAAW,CAAC,MAAM,CAAC,CAAC;IAC3C,6EAA6E;IAC7E,QAAQ,CAAC,cAAc,EAAE,WAAW,CAAC,MAAM,CAAC,CAAC;CAC9C;AAED,qCAAqC;AACrC,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,eAAe,EAAE,MAAM,CAAC;IACjC,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC;IAC3B,QAAQ,CAAC,YAAY,EAAE,iBAAiB,CAAC;IACzC,gDAAgD;IAChD,QAAQ,CAAC,cAAc,EAAE,MAAM,CAAC;CACjC;AAED,sDAAsD;AACtD,MAAM,WAAW,eAAe;IAC9B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,WAAW,EAChB,mBAAmB,GACnB,oBAAoB,GACpB,gBAAgB,GAChB,kBAAkB,GAClB,oBAAoB,GACpB,sBAAsB,CAAC;IAC3B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,QAAQ,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;IAC1D,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;CAC5B;AAsDD,MAAM,WAAW,sBAAsB;IACrC,yEAAyE;IACzE,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,gEAAgE;IAChE,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED,qBAAa,qBAAqB;IAChC,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAyC;IACtE,OAAO,CAAC,QAAQ,CAAC,kBAAkB,CAAS;IAC5C,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAS;gBAE1B,MAAM,CAAC,EAAE,sBAAsB;IAK3C;;;OAGG;IACH,gBAAgB,CACd,SAAS,EAAE,MAAM,EACjB,KAAK,EAAE,UAAU,GAChB,SAAS,eAAe,EAAE;IA8H7B;;OAEG;IACH,cAAc,CAAC,SAAS,EAAE,MAAM,GAAG,gBAAgB,GAAG,SAAS;IAqB/D,kCAAkC;IAClC,gBAAgB,IAAI,MAAM,EAAE;IAI5B,uCAAuC;IACvC,cAAc,IAAI,MAAM;IAQxB,+BAA+B;IAC/B,eAAe,IAAI,MAAM;IAIzB;;OAEG;IACH,gBAAgB,CAAC,SAAS,EAAE,MAAM,GAAG,IAAI;IAIzC;;OAEG;IACH,OAAO,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM;IAgBjC,OAAO,CAAC,WAAW;IAkCnB,OAAO,CAAC,qBAAqB;CAU9B"}

package/dist/skill-fingerprint.js

@@ -1,284 +0,0 @@
-/**
- * Skill Behavioral Fingerprint
- *
- * Tracks what each skill "normally does" across invocations, then detects
- * behavioral drift when a previously-trusted skill starts acting differently.
- *
- * Solves the "installed then turns malicious" scenario:
- * - First N invocations: build fingerprint (what APIs, what patterns, what scope)
- * - After fingerprint stabilizes: flag any deviation as anomaly
- *
- * @module agent-threat-rules/skill-fingerprint
- */
-import { createHash } from 'node:crypto';
-import { extractCapabilities as sharedExtractCapabilities, } from './capability-extractor.js';
-// ---------------------------------------------------------------------------
-// Capability extraction (shared with tier0-invariant.ts)
-// ---------------------------------------------------------------------------
-/** Wrapper for shared extractCapabilities, mapping to local format */
-function extractCapabilities(text) {
-    const caps = sharedExtractCapabilities(text);
-    return {
-        filesystemOps: [...caps.filesystemOps],
-        networkTargets: [...caps.networkTargets],
-        envAccesses: [...caps.envAccesses],
-        processExecs: [...caps.processExecs],
-        outputPatterns: [...caps.outputPatterns],
-    };
-}
-// ---------------------------------------------------------------------------
-// Fingerprint Store
-// ---------------------------------------------------------------------------
-/** Default invocations needed before fingerprint is considered stable */
-const DEFAULT_STABILITY_THRESHOLD = 10;
-/** Consecutive invocations with no new capabilities to mark stable */
-const DEFAULT_STABLE_STREAK = 5;
-/** Maximum number of skills to track */
-const MAX_SKILLS = 5_000;
-export class SkillFingerprintStore {
-    fingerprints = new Map();
-    stabilityThreshold;
-    stableStreak;
-    constructor(config) {
-        this.stabilityThreshold = config?.stabilityThreshold ?? DEFAULT_STABILITY_THRESHOLD;
-        this.stableStreak = config?.stableStreak ?? DEFAULT_STABLE_STREAK;
-    }
-    /**
-     * Record a skill invocation and detect behavioral anomalies.
-     * Returns anomalies if the fingerprint was stable and new capabilities appeared.
-     */
-    recordInvocation(skillName, event) {
-        const now = Date.now();
-        const fp = this.getOrCreate(skillName, now);
-        fp.invocationCount++;
-        fp.lastSeen = now;
-        // Extract capabilities from event content + fields
-        const content = [
-            event.content ?? '',
-            event.fields?.['tool_args'] ?? '',
-            event.fields?.['tool_response'] ?? '',
-        ].join('\n');
-        const caps = extractCapabilities(content);
-        // Check for anomalies (only if fingerprint is stable)
-        const anomalies = [];
-        const isStable = fp.stableHash !== null;
-        if (isStable) {
-            // Detect NEW capabilities not in the stable fingerprint
-            for (const op of caps.filesystemOps) {
-                if (!fp.filesystemOps.has(op)) {
-                    anomalies.push({
-                        skillName,
-                        anomalyType: 'new_filesystem_op',
-                        description: `Skill "${skillName}" performing new filesystem operation: ${op} (not in baseline)`,
-                        severity: op === 'delete' ? 'critical' : op === 'write' ? 'high' : 'medium',
-                        newValue: op,
-                        timestamp: now,
-                    });
-                }
-            }
-            for (const target of caps.networkTargets) {
-                if (!fp.networkTargets.has(target)) {
-                    anomalies.push({
-                        skillName,
-                        anomalyType: 'new_network_target',
-                        description: `Skill "${skillName}" contacting new network target: ${target}`,
-                        severity: 'high',
-                        newValue: target,
-                        timestamp: now,
-                    });
-                }
-            }
-            for (const env of caps.envAccesses) {
-                if (!fp.envAccesses.has(env)) {
-                    const isSensitive = /(?:KEY|SECRET|TOKEN|PASSWORD|CREDENTIAL)/i.test(env);
-                    anomalies.push({
-                        skillName,
-                        anomalyType: 'new_env_access',
-                        description: `Skill "${skillName}" accessing new env var: ${env}`,
-                        severity: isSensitive ? 'critical' : 'medium',
-                        newValue: env,
-                        timestamp: now,
-                    });
-                }
-            }
-            for (const proc of caps.processExecs) {
-                if (!fp.processExecs.has(proc)) {
-                    anomalies.push({
-                        skillName,
-                        anomalyType: 'new_process_exec',
-                        description: `Skill "${skillName}" executing new process: ${proc}`,
-                        severity: 'critical',
-                        newValue: proc,
-                        timestamp: now,
-                    });
-                }
-            }
-            for (const pat of caps.outputPatterns) {
-                if (!fp.outputPatterns.has(pat)) {
-                    anomalies.push({
-                        skillName,
-                        anomalyType: 'new_output_pattern',
-                        description: `Skill "${skillName}" exhibiting new pattern: ${pat}`,
-                        severity: pat === 'exfiltration' ? 'critical' : 'high',
-                        newValue: pat,
-                        timestamp: now,
-                    });
-                }
-            }
-        }
-        // Update fingerprint with observed capabilities
-        let newCapsSeen = false;
-        for (const op of caps.filesystemOps) {
-            if (!fp.filesystemOps.has(op)) {
-                fp.filesystemOps.add(op);
-                newCapsSeen = true;
-            }
-        }
-        for (const t of caps.networkTargets) {
-            if (!fp.networkTargets.has(t)) {
-                fp.networkTargets.add(t);
-                newCapsSeen = true;
-            }
-        }
-        for (const e of caps.envAccesses) {
-            if (!fp.envAccesses.has(e)) {
-                fp.envAccesses.add(e);
-                newCapsSeen = true;
-            }
-        }
-        for (const p of caps.processExecs) {
-            if (!fp.processExecs.has(p)) {
-                fp.processExecs.add(p);
-                newCapsSeen = true;
-            }
-        }
-        for (const o of caps.outputPatterns) {
-            if (!fp.outputPatterns.has(o)) {
-                fp.outputPatterns.add(o);
-                newCapsSeen = true;
-            }
-        }
-        // Track stability
-        if (!isStable) {
-            if (newCapsSeen) {
-                fp.stableStreak = 0;
-            }
-            else {
-                fp.stableStreak++;
-            }
-            // Mark stable when threshold met
-            if (fp.invocationCount >= this.stabilityThreshold &&
-                fp.stableStreak >= this.stableStreak) {
-                fp.stableHash = this.computeCapabilityHash(fp);
-            }
-        }
-        return anomalies;
-    }
-    /**
-     * Get an immutable fingerprint snapshot for a skill.
-     */
-    getFingerprint(skillName) {
-        const fp = this.fingerprints.get(skillName);
-        if (!fp)
-            return undefined;
-        return {
-            skillName: fp.skillName,
-            invocationCount: fp.invocationCount,
-            firstSeen: fp.firstSeen,
-            lastSeen: fp.lastSeen,
-            isStable: fp.stableHash !== null,
-            capabilities: {
-                filesystemOps: new Set(fp.filesystemOps),
-                networkTargets: new Set(fp.networkTargets),
-                envAccesses: new Set(fp.envAccesses),
-                processExecs: new Set(fp.processExecs),
-                outputPatterns: new Set(fp.outputPatterns),
-            },
-            capabilityHash: fp.stableHash ?? this.computeCapabilityHash(fp),
-        };
-    }
-    /** Get all tracked skill names */
-    getTrackedSkills() {
-        return [...this.fingerprints.keys()];
-    }
-    /** Get count of stable fingerprints */
-    getStableCount() {
-        let count = 0;
-        for (const fp of this.fingerprints.values()) {
-            if (fp.stableHash !== null)
-                count++;
-        }
-        return count;
-    }
-    /** Get total tracked skills */
-    getTrackedCount() {
-        return this.fingerprints.size;
-    }
-    /**
-     * Reset a skill's fingerprint (e.g., after a legitimate update).
-     */
-    resetFingerprint(skillName) {
-        this.fingerprints.delete(skillName);
-    }
-    /**
-     * Evict fingerprints not seen since cutoffMs ago.
-     */
-    cleanup(cutoffMs) {
-        const cutoff = Date.now() - cutoffMs;
-        let evicted = 0;
-        for (const [name, fp] of this.fingerprints) {
-            if (fp.lastSeen < cutoff) {
-                this.fingerprints.delete(name);
-                evicted++;
-            }
-        }
-        return evicted;
-    }
-    // -----------------------------------------------------------------------
-    // Private
-    // -----------------------------------------------------------------------
-    getOrCreate(skillName, now) {
-        const existing = this.fingerprints.get(skillName);
-        if (existing)
-            return existing;
-        // Evict oldest if at capacity
-        if (this.fingerprints.size >= MAX_SKILLS) {
-            let oldestName;
-            let oldestTime = Infinity;
-            for (const [name, fp] of this.fingerprints) {
-                if (fp.lastSeen < oldestTime) {
-                    oldestTime = fp.lastSeen;
-                    oldestName = name;
-                }
-            }
-            if (oldestName)
-                this.fingerprints.delete(oldestName);
-        }
-        const fp = {
-            skillName,
-            invocationCount: 0,
-            firstSeen: now,
-            lastSeen: now,
-            filesystemOps: new Set(),
-            networkTargets: new Set(),
-            envAccesses: new Set(),
-            processExecs: new Set(),
-            outputPatterns: new Set(),
-            stableHash: null,
-            stableStreak: 0,
-        };
-        this.fingerprints.set(skillName, fp);
-        return fp;
-    }
-    computeCapabilityHash(fp) {
-        const parts = [
-            [...fp.filesystemOps].sort().join(','),
-            [...fp.networkTargets].sort().join(','),
-            [...fp.envAccesses].sort().join(','),
-            [...fp.processExecs].sort().join(','),
-            [...fp.outputPatterns].sort().join(','),
-        ];
-        return createHash('sha256').update(parts.join('|')).digest('hex').slice(0, 16);
-    }
-}
-//# sourceMappingURL=skill-fingerprint.js.map

package/dist/skill-fingerprint.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"skill-fingerprint.js","sourceRoot":"","sources":["../src/skill-fingerprint.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAEzC,OAAO,EACL,mBAAmB,IAAI,yBAAyB,GAEjD,MAAM,2BAA2B,CAAC;AAiEnC,8EAA8E;AAC9E,yDAAyD;AACzD,8EAA8E;AAE9E,sEAAsE;AACtE,SAAS,mBAAmB,CAAC,IAAY;IAOvC,MAAM,IAAI,GAAG,yBAAyB,CAAC,IAAI,CAAC,CAAC;IAC7C,OAAO;QACL,aAAa,EAAE,CAAC,GAAG,IAAI,CAAC,aAAa,CAAC;QACtC,cAAc,EAAE,CAAC,GAAG,IAAI,CAAC,cAAc,CAAC;QACxC,WAAW,EAAE,CAAC,GAAG,IAAI,CAAC,WAAW,CAAC;QAClC,YAAY,EAAE,CAAC,GAAG,IAAI,CAAC,YAAY,CAAC;QACpC,cAAc,EAAE,CAAC,GAAG,IAAI,CAAC,cAAc,CAAC;KACzC,CAAC;AACJ,CAAC;AAED,8EAA8E;AAC9E,oBAAoB;AACpB,8EAA8E;AAE9E,yEAAyE;AACzE,MAAM,2BAA2B,GAAG,EAAE,CAAC;AAEvC,sEAAsE;AACtE,MAAM,qBAAqB,GAAG,CAAC,CAAC;AAEhC,wCAAwC;AACxC,MAAM,UAAU,GAAG,KAAK,CAAC;AASzB,MAAM,OAAO,qBAAqB;IACf,YAAY,GAAG,IAAI,GAAG,EAA8B,CAAC;IACrD,kBAAkB,CAAS;IAC3B,YAAY,CAAS;IAEtC,YAAY,MAA+B;QACzC,IAAI,CAAC,kBAAkB,GAAG,MAAM,EAAE,kBAAkB,IAAI,2BAA2B,CAAC;QACpF,IAAI,CAAC,YAAY,GAAG,MAAM,EAAE,YAAY,IAAI,qBAAqB,CAAC;IACpE,CAAC;IAED;;;OAGG;IACH,gBAAgB,CACd,SAAiB,EACjB,KAAiB;QAEjB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,MAAM,EAAE,GAAG,IAAI,CAAC,WAAW,CAAC,SAAS,EAAE,GAAG,CAAC,CAAC;QAC5C,EAAE,CAAC,eAAe,EAAE,CAAC;QACrB,EAAE,CAAC,QAAQ,GAAG,GAAG,CAAC;QAElB,mDAAmD;QACnD,MAAM,OAAO,GAAG;YACd,KAAK,CAAC,OAAO,IAAI,EAAE;YACnB,KAAK,CAAC,MAAM,EAAE,CAAC,WAAW,CAAC,IAAI,EAAE;YACjC,KAAK,CAAC,MAAM,EAAE,CAAC,eAAe,CAAC,IAAI,EAAE;SACtC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAEb,MAAM,IAAI,GAAG,mBAAmB,CAAC,OAAO,CAAC,CAAC;QAE1C,sDAAsD;QACtD,MAAM,SAAS,GAAsB,EAAE,CAAC;QACxC,MAAM,QAAQ,GAAG,EAAE,CAAC,UAAU,KAAK,IAAI,CAAC;QAExC,IAAI,QAAQ,EAAE,CAAC;YACb,wDAAwD;YACxD,KAAK,MAAM,EAAE,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;gBACpC,IAAI,CAAC,EAAE,CAAC,aAAa,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC;oBAC9B,SAAS,CAAC,IAAI,CAAC;wBACb,SAAS;wBACT,WAAW,EAAE,mBAAmB;wBAChC,WAAW,EAAE,UAAU,SAAS,0CAA0C,EAAE,oBAAoB;wBAChG,QAAQ,EAAE,EAAE,KAAK,QAAQ,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,KAAK,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ;wBAC3E,QAAQ,EAAE,EAAE;wBACZ,SAAS,EAAE,GAAG;qBACf,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAED,KAAK,MAAM,MAAM,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;gBACzC,IAAI,CAAC,EAAE,CAAC,cAAc,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;oBACnC,SAAS,CAAC,IAAI,CAAC;wBACb,SAAS;wBACT,WAAW,EAAE,oBAAoB;wBACjC,WAAW,EAAE,UAAU,SAAS,oCAAoC,MAAM,EAAE;wBAC5E,QAAQ,EAAE,MAAM;wBAChB,QAAQ,EAAE,MAAM;wBAChB,SAAS,EAAE,GAAG;qBACf,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAED,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;gBACnC,IAAI,CAAC,EAAE,CAAC,WAAW,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;oBAC7B,MAAM,WAAW,GAAG,2CAA2C,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;oBAC1E,SAAS,CAAC,IAAI,CAAC;wBACb,SAAS;wBACT,WAAW,EAAE,gBAAgB;wBAC7B,WAAW,EAAE,UAAU,SAAS,4BAA4B,GAAG,EAAE;wBACjE,QAAQ,EAAE,WAAW,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,QAAQ;wBAC7C,QAAQ,EAAE,GAAG;wBACb,SAAS,EAAE,GAAG;qBACf,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAED,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;gBACrC,IAAI,CAAC,EAAE,CAAC,YAAY,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;oBAC/B,SAAS,CAAC,IAAI,CAAC;wBACb,SAAS;wBACT,WAAW,EAAE,kBAAkB;wBAC/B,WAAW,EAAE,UAAU,SAAS,4BAA4B,IAAI,EAAE;wBAClE,QAAQ,EAAE,UAAU;wBACpB,QAAQ,EAAE,IAAI;wBACd,SAAS,EAAE,GAAG;qBACf,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAED,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;gBACtC,IAAI,CAAC,EAAE,CAAC,cAAc,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;oBAChC,SAAS,CAAC,IAAI,CAAC;wBACb,SAAS;wBACT,WAAW,EAAE,oBAAoB;wBACjC,WAAW,EAAE,UAAU,SAAS,6BAA6B,GAAG,EAAE;wBAClE,QAAQ,EAAE,GAAG,KAAK,cAAc,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,MAAM;wBACtD,QAAQ,EAAE,GAAG;wBACb,SAAS,EAAE,GAAG;qBACf,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;QAED,gDAAgD;QAChD,IAAI,WAAW,GAAG,KAAK,CAAC;QACxB,KAAK,MAAM,EAAE,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;YACpC,IAAI,CAAC,EAAE,CAAC,aAAa,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC;gBAAC,EAAE,CAAC,aAAa,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;gBAAC,WAAW,GAAG,IAAI,CAAC;YAAC,CAAC;QAClF,CAAC;QACD,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;YACpC,IAAI,CAAC,EAAE,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;gBAAC,EAAE,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;gBAAC,WAAW,GAAG,IAAI,CAAC;YAAC,CAAC;QAClF,CAAC;QACD,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;YACjC,IAAI,CAAC,EAAE,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;gBAAC,EAAE,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;gBAAC,WAAW,GAAG,IAAI,CAAC;YAAC,CAAC;QAC5E,CAAC;QACD,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YAClC,IAAI,CAAC,EAAE,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;gBAAC,EAAE,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;gBAAC,WAAW,GAAG,IAAI,CAAC;YAAC,CAAC;QAC9E,CAAC;QACD,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;YACpC,IAAI,CAAC,EAAE,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;gBAAC,EAAE,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;gBAAC,WAAW,GAAG,IAAI,CAAC;YAAC,CAAC;QAClF,CAAC;QAED,kBAAkB;QAClB,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,IAAI,WAAW,EAAE,CAAC;gBAChB,EAAE,CAAC,YAAY,GAAG,CAAC,CAAC;YACtB,CAAC;iBAAM,CAAC;gBACN,EAAE,CAAC,YAAY,EAAE,CAAC;YACpB,CAAC;YAED,iCAAiC;YACjC,IACE,EAAE,CAAC,eAAe,IAAI,IAAI,CAAC,kBAAkB;gBAC7C,EAAE,CAAC,YAAY,IAAI,IAAI,CAAC,YAAY,EACpC,CAAC;gBACD,EAAE,CAAC,UAAU,GAAG,IAAI,CAAC,qBAAqB,CAAC,EAAE,CAAC,CAAC;YACjD,CAAC;QACH,CAAC;QAED,OAAO,SAAS,CAAC;IACnB,CAAC;IAED;;OAEG;IACH,cAAc,CAAC,SAAiB;QAC9B,MAAM,EAAE,GAAG,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAC5C,IAAI,CAAC,EAAE;YAAE,OAAO,SAAS,CAAC;QAE1B,OAAO;YACL,SAAS,EAAE,EAAE,CAAC,SAAS;YACvB,eAAe,EAAE,EAAE,CAAC,eAAe;YACnC,SAAS,EAAE,EAAE,CAAC,SAAS;YACvB,QAAQ,EAAE,EAAE,CAAC,QAAQ;YACrB,QAAQ,EAAE,EAAE,CAAC,UAAU,KAAK,IAAI;YAChC,YAAY,EAAE;gBACZ,aAAa,EAAE,IAAI,GAAG,CAAC,EAAE,CAAC,aAAa,CAAC;gBACxC,cAAc,EAAE,IAAI,GAAG,CAAC,EAAE,CAAC,cAAc,CAAC;gBAC1C,WAAW,EAAE,IAAI,GAAG,CAAC,EAAE,CAAC,WAAW,CAAC;gBACpC,YAAY,EAAE,IAAI,GAAG,CAAC,EAAE,CAAC,YAAY,CAAC;gBACtC,cAAc,EAAE,IAAI,GAAG,CAAC,EAAE,CAAC,cAAc,CAAC;aAC3C;YACD,cAAc,EAAE,EAAE,CAAC,UAAU,IAAI,IAAI,CAAC,qBAAqB,CAAC,EAAE,CAAC;SAChE,CAAC;IACJ,CAAC;IAED,kCAAkC;IAClC,gBAAgB;QACd,OAAO,CAAC,GAAG,IAAI,CAAC,YAAY,CAAC,IAAI,EAAE,CAAC,CAAC;IACvC,CAAC;IAED,uCAAuC;IACvC,cAAc;QACZ,IAAI,KAAK,GAAG,CAAC,CAAC;QACd,KAAK,MAAM,EAAE,IAAI,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,EAAE,CAAC;YAC5C,IAAI,EAAE,CAAC,UAAU,KAAK,IAAI;gBAAE,KAAK,EAAE,CAAC;QACtC,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAED,+BAA+B;IAC/B,eAAe;QACb,OAAO,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC;IAChC,CAAC;IAED;;OAEG;IACH,gBAAgB,CAAC,SAAiB;QAChC,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACtC,CAAC;IAED;;OAEG;IACH,OAAO,CAAC,QAAgB;QACtB,MAAM,MAAM,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,CAAC;QACrC,IAAI,OAAO,GAAG,CAAC,CAAC;QAChB,KAAK,MAAM,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YAC3C,IAAI,EAAE,CAAC,QAAQ,GAAG,MAAM,EAAE,CAAC;gBACzB,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;gBAC/B,OAAO,EAAE,CAAC;YACZ,CAAC;QACH,CAAC;QACD,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,0EAA0E;IAC1E,UAAU;IACV,0EAA0E;IAElE,WAAW,CAAC,SAAiB,EAAE,GAAW;QAChD,MAAM,QAAQ,GAAG,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAClD,IAAI,QAAQ;YAAE,OAAO,QAAQ,CAAC;QAE9B,8BAA8B;QAC9B,IAAI,IAAI,CAAC,YAAY,CAAC,IAAI,IAAI,UAAU,EAAE,CAAC;YACzC,IAAI,UAA8B,CAAC;YACnC,IAAI,UAAU,GAAG,QAAQ,CAAC;YAC1B,KAAK,MAAM,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;gBAC3C,IAAI,EAAE,CAAC,QAAQ,GAAG,UAAU,EAAE,CAAC;oBAC7B,UAAU,GAAG,EAAE,CAAC,QAAQ,CAAC;oBACzB,UAAU,GAAG,IAAI,CAAC;gBACpB,CAAC;YACH,CAAC;YACD,IAAI,UAAU;gBAAE,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;QACvD,CAAC;QAED,MAAM,EAAE,GAAuB;YAC7B,SAAS;YACT,eAAe,EAAE,CAAC;YAClB,SAAS,EAAE,GAAG;YACd,QAAQ,EAAE,GAAG;YACb,aAAa,EAAE,IAAI,GAAG,EAAE;YACxB,cAAc,EAAE,IAAI,GAAG,EAAE;YACzB,WAAW,EAAE,IAAI,GAAG,EAAE;YACtB,YAAY,EAAE,IAAI,GAAG,EAAE;YACvB,cAAc,EAAE,IAAI,GAAG,EAAE;YACzB,UAAU,EAAE,IAAI;YAChB,YAAY,EAAE,CAAC;SAChB,CAAC;QACF,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;QACrC,OAAO,EAAE,CAAC;IACZ,CAAC;IAEO,qBAAqB,CAAC,EAAsB;QAClD,MAAM,KAAK,GAAG;YACZ,CAAC,GAAG,EAAE,CAAC,aAAa,CAAC,CAAC,IAAI,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC;YACtC,CAAC,GAAG,EAAE,CAAC,cAAc,CAAC,CAAC,IAAI,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC;YACvC,CAAC,GAAG,EAAE,CAAC,WAAW,CAAC,CAAC,IAAI,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC;YACpC,CAAC,GAAG,EAAE,CAAC,YAAY,CAAC,CAAC,IAAI,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC;YACrC,CAAC,GAAG,EAAE,CAAC,cAAc,CAAC,CAAC,IAAI,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC;SACxC,CAAC;QACF,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IACjF,CAAC;CACF"}

package/dist/tier0-invariant.d.ts

@@ -1,49 +0,0 @@
-/**
- * Tier 0: Invariant Enforcement
- *
- * Hard boundaries that enforce what a skill is ALLOWED to do,
- * regardless of what its description says or how it phrases requests.
- *
- * This is NOT pattern matching. It is permission checking.
- * A skill declares capabilities in its manifest. Any action outside
- * the manifest is immediately denied with severity=critical.
- *
- * Inspired by Tesla's AEB (Automatic Emergency Braking):
- * it doesn't care what the neural network thinks -- it enforces physics.
- *
- * @module agent-threat-rules/tier0-invariant
- */
-import type { AgentEvent, ATRMatch } from './types.js';
-/** Skill capability manifest -- declares what a skill is allowed to do */
-export interface SkillManifest {
-    readonly skillId: string;
-    readonly allowedPaths?: readonly string[];
-    readonly allowedHosts?: readonly string[];
-    readonly allowedEnvVars?: readonly string[];
-    readonly allowedCommands?: readonly string[];
-    readonly maxNetworkCalls?: number;
-    readonly allowConfigModification?: boolean;
-}
-export type InvariantViolationType = 'path_scope' | 'host_scope' | 'env_scope' | 'command_scope' | 'config_modification' | 'network_limit';
-/** Result when an invariant is violated */
-export interface InvariantViolation {
-    readonly skillId: string;
-    readonly violationType: InvariantViolationType;
-    readonly description: string;
-    readonly observedValue: string;
-    readonly allowedValues: readonly string[];
-}
-export declare class InvariantChecker {
-    private readonly manifests;
-    constructor(manifests: ReadonlyMap<string, SkillManifest> | SkillManifest[]);
-    /**
-     * Check an event against the skill's manifest.
-     * Returns empty array if no violations (or no manifest for the skill).
-     */
-    check(event: AgentEvent): readonly InvariantViolation[];
-    /** Build a synthetic ATRMatch from an invariant violation */
-    buildDenyMatch(violation: InvariantViolation): ATRMatch;
-    /** Resolve skill ID from event metadata */
-    private resolveSkillId;
-}
-//# sourceMappingURL=tier0-invariant.d.ts.map

package/dist/tier0-invariant.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"tier0-invariant.d.ts","sourceRoot":"","sources":["../src/tier0-invariant.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAGH,OAAO,KAAK,EAAE,UAAU,EAAE,QAAQ,EAAwB,MAAM,YAAY,CAAC;AA6B7E,0EAA0E;AAC1E,MAAM,WAAW,aAAa;IAC5B,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,YAAY,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IAC1C,QAAQ,CAAC,YAAY,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IAC1C,QAAQ,CAAC,cAAc,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IAC5C,QAAQ,CAAC,eAAe,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IAC7C,QAAQ,CAAC,eAAe,CAAC,EAAE,MAAM,CAAC;IAClC,QAAQ,CAAC,uBAAuB,CAAC,EAAE,OAAO,CAAC;CAC5C;AAED,MAAM,MAAM,sBAAsB,GAC9B,YAAY,GACZ,YAAY,GACZ,WAAW,GACX,eAAe,GACf,qBAAqB,GACrB,eAAe,CAAC;AAEpB,2CAA2C;AAC3C,MAAM,WAAW,kBAAkB;IACjC,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,aAAa,EAAE,sBAAsB,CAAC;IAC/C,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;IAC/B,QAAQ,CAAC,aAAa,EAAE,SAAS,MAAM,EAAE,CAAC;CAC3C;AAMD,qBAAa,gBAAgB;IAC3B,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAqC;gBAEnD,SAAS,EAAE,WAAW,CAAC,MAAM,EAAE,aAAa,CAAC,GAAG,aAAa,EAAE;IAY3E;;;OAGG;IACH,KAAK,CAAC,KAAK,EAAE,UAAU,GAAG,SAAS,kBAAkB,EAAE;IAsGvD,6DAA6D;IAC7D,cAAc,CAAC,SAAS,EAAE,kBAAkB,GAAG,QAAQ;IA+BvD,2CAA2C;IAC3C,OAAO,CAAC,cAAc;CAKvB"}