agent-threat-rules 0.4.0 → 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +161 -52
- package/package.json +3 -1
- package/rules/agent-manipulation/{ATR-2026-030-cross-agent-attack.yaml → ATR-2026-00030-cross-agent-attack.yaml} +3 -1
- package/rules/agent-manipulation/{ATR-2026-032-goal-hijacking.yaml → ATR-2026-00032-goal-hijacking.yaml} +3 -1
- package/rules/agent-manipulation/{ATR-2026-074-cross-agent-privilege-escalation.yaml → ATR-2026-00074-cross-agent-privilege-escalation.yaml} +3 -1
- package/rules/agent-manipulation/{ATR-2026-076-inter-agent-message-spoofing.yaml → ATR-2026-00076-inter-agent-message-spoofing.yaml} +3 -1
- package/rules/agent-manipulation/{ATR-2026-077-human-trust-exploitation.yaml → ATR-2026-00077-human-trust-exploitation.yaml} +3 -1
- package/rules/agent-manipulation/{ATR-2026-108-consensus-sybil-attack.yaml → ATR-2026-00108-consensus-sybil-attack.yaml} +3 -1
- package/rules/agent-manipulation/{ATR-2026-116-a2a-message-validation.yaml → ATR-2026-00116-a2a-message-validation.yaml} +4 -2
- package/rules/agent-manipulation/{ATR-2026-117-agent-identity-spoofing.yaml → ATR-2026-00117-agent-identity-spoofing.yaml} +4 -2
- package/rules/agent-manipulation/{ATR-2026-118-approval-fatigue.yaml → ATR-2026-00118-approval-fatigue.yaml} +3 -1
- package/rules/agent-manipulation/{ATR-2026-119-social-engineering-via-agent.yaml → ATR-2026-00119-social-engineering-via-agent.yaml} +3 -1
- package/rules/agent-manipulation/ATR-2026-00132-casual-authority-escalation.yaml +105 -0
- package/rules/agent-manipulation/ATR-2026-00139-casual-authority-redirect.yaml +53 -0
- package/rules/context-exfiltration/{ATR-2026-020-system-prompt-leak.yaml → ATR-2026-00020-system-prompt-leak.yaml} +3 -1
- package/rules/context-exfiltration/{ATR-2026-021-api-key-exposure.yaml → ATR-2026-00021-api-key-exposure.yaml} +3 -1
- package/rules/context-exfiltration/{ATR-2026-075-agent-memory-manipulation.yaml → ATR-2026-00075-agent-memory-manipulation.yaml} +3 -1
- package/rules/context-exfiltration/{ATR-2026-102-disguised-analytics-exfiltration.yaml → ATR-2026-00102-disguised-analytics-exfiltration.yaml} +3 -1
- package/rules/context-exfiltration/{ATR-2026-113-credential-theft.yaml → ATR-2026-00113-credential-theft.yaml} +3 -1
- package/rules/context-exfiltration/{ATR-2026-114-oauth-token-abuse.yaml → ATR-2026-00114-oauth-token-abuse.yaml} +3 -1
- package/rules/context-exfiltration/{ATR-2026-115-env-var-harvesting.yaml → ATR-2026-00115-env-var-harvesting.yaml} +3 -1
- package/rules/context-exfiltration/ATR-2026-00136-tool-response-data-piggyback.yaml +100 -0
- package/rules/context-exfiltration/ATR-2026-00141-example-format-key-leak.yaml +52 -0
- package/rules/context-exfiltration/ATR-2026-00142-piggyback-transition-words.yaml +55 -0
- package/rules/context-exfiltration/ATR-2026-00145-obfuscated-key-disclosure.yaml +49 -0
- package/rules/context-exfiltration/ATR-2026-00146-env-var-existence-probe.yaml +49 -0
- package/rules/data-poisoning/{ATR-2026-070-data-poisoning.yaml → ATR-2026-00070-data-poisoning.yaml} +3 -1
- package/rules/excessive-autonomy/{ATR-2026-050-runaway-agent-loop.yaml → ATR-2026-00050-runaway-agent-loop.yaml} +3 -1
- package/rules/excessive-autonomy/{ATR-2026-051-resource-exhaustion.yaml → ATR-2026-00051-resource-exhaustion.yaml} +3 -1
- package/rules/excessive-autonomy/{ATR-2026-052-cascading-failure.yaml → ATR-2026-00052-cascading-failure.yaml} +3 -1
- package/rules/excessive-autonomy/{ATR-2026-098-unauthorized-financial-action.yaml → ATR-2026-00098-unauthorized-financial-action.yaml} +3 -1
- package/rules/excessive-autonomy/{ATR-2026-099-high-risk-tool-gate.yaml → ATR-2026-00099-high-risk-tool-gate.yaml} +3 -1
- package/rules/model-security/{ATR-2026-072-model-behavior-extraction.yaml → ATR-2026-00072-model-behavior-extraction.yaml} +3 -1
- package/rules/model-security/{ATR-2026-073-malicious-finetuning-data.yaml → ATR-2026-00073-malicious-finetuning-data.yaml} +3 -1
- package/rules/privilege-escalation/{ATR-2026-040-privilege-escalation.yaml → ATR-2026-00040-privilege-escalation.yaml} +3 -1
- package/rules/privilege-escalation/{ATR-2026-041-scope-creep.yaml → ATR-2026-00041-scope-creep.yaml} +3 -1
- package/rules/privilege-escalation/{ATR-2026-107-delayed-execution-bypass.yaml → ATR-2026-00107-delayed-execution-bypass.yaml} +3 -1
- package/rules/privilege-escalation/{ATR-2026-110-eval-injection.yaml → ATR-2026-00110-eval-injection.yaml} +3 -1
- package/rules/privilege-escalation/{ATR-2026-111-shell-escape.yaml → ATR-2026-00111-shell-escape.yaml} +5 -3
- package/rules/privilege-escalation/{ATR-2026-112-dynamic-import-exploitation.yaml → ATR-2026-00112-dynamic-import-exploitation.yaml} +3 -1
- package/rules/privilege-escalation/ATR-2026-00143-casual-privilege-escalation.yaml +53 -0
- package/rules/privilege-escalation/ATR-2026-00144-rationalized-safety-bypass.yaml +49 -0
- package/rules/prompt-injection/{ATR-2026-001-direct-prompt-injection.yaml → ATR-2026-00001-direct-prompt-injection.yaml} +3 -1
- package/rules/prompt-injection/{ATR-2026-002-indirect-prompt-injection.yaml → ATR-2026-00002-indirect-prompt-injection.yaml} +3 -1
- package/rules/prompt-injection/{ATR-2026-003-jailbreak-attempt.yaml → ATR-2026-00003-jailbreak-attempt.yaml} +3 -1
- package/rules/prompt-injection/{ATR-2026-004-system-prompt-override.yaml → ATR-2026-00004-system-prompt-override.yaml} +3 -1
- package/rules/prompt-injection/{ATR-2026-005-multi-turn-injection.yaml → ATR-2026-00005-multi-turn-injection.yaml} +3 -1
- package/rules/prompt-injection/{ATR-2026-080-encoding-evasion.yaml → ATR-2026-00080-encoding-evasion.yaml} +3 -1
- package/rules/prompt-injection/{ATR-2026-081-semantic-multi-turn.yaml → ATR-2026-00081-semantic-multi-turn.yaml} +3 -1
- package/rules/prompt-injection/{ATR-2026-082-fingerprint-evasion.yaml → ATR-2026-00082-fingerprint-evasion.yaml} +3 -1
- package/rules/prompt-injection/{ATR-2026-083-indirect-tool-injection.yaml → ATR-2026-00083-indirect-tool-injection.yaml} +3 -1
- package/rules/prompt-injection/{ATR-2026-084-structured-data-injection.yaml → ATR-2026-00084-structured-data-injection.yaml} +3 -1
- package/rules/prompt-injection/{ATR-2026-085-audit-evasion.yaml → ATR-2026-00085-audit-evasion.yaml} +3 -1
- package/rules/prompt-injection/{ATR-2026-086-visual-spoofing.yaml → ATR-2026-00086-visual-spoofing.yaml} +3 -1
- package/rules/prompt-injection/{ATR-2026-087-rule-probing.yaml → ATR-2026-00087-rule-probing.yaml} +3 -1
- package/rules/prompt-injection/{ATR-2026-088-adaptive-countermeasure.yaml → ATR-2026-00088-adaptive-countermeasure.yaml} +3 -1
- package/rules/prompt-injection/{ATR-2026-089-polymorphic-skill.yaml → ATR-2026-00089-polymorphic-skill.yaml} +3 -1
- package/rules/prompt-injection/{ATR-2026-090-threat-intel-exfil.yaml → ATR-2026-00090-threat-intel-exfil.yaml} +3 -1
- package/rules/prompt-injection/{ATR-2026-091-nested-payload.yaml → ATR-2026-00091-nested-payload.yaml} +3 -1
- package/rules/prompt-injection/{ATR-2026-092-consensus-poisoning.yaml → ATR-2026-00092-consensus-poisoning.yaml} +3 -1
- package/rules/prompt-injection/{ATR-2026-093-gradual-escalation.yaml → ATR-2026-00093-gradual-escalation.yaml} +3 -1
- package/rules/prompt-injection/{ATR-2026-094-audit-bypass.yaml → ATR-2026-00094-audit-bypass.yaml} +3 -1
- package/rules/prompt-injection/{ATR-2026-097-cjk-injection-patterns.yaml → ATR-2026-00097-cjk-injection-patterns.yaml} +3 -1
- package/rules/prompt-injection/{ATR-2026-104-persona-hijacking.yaml → ATR-2026-00104-persona-hijacking.yaml} +3 -1
- package/rules/prompt-injection/ATR-2026-00130-indirect-authority-claim.yaml +103 -0
- package/rules/prompt-injection/ATR-2026-00131-fictional-academic-framing.yaml +99 -0
- package/rules/prompt-injection/ATR-2026-00133-paraphrase-injection.yaml +117 -0
- package/rules/prompt-injection/ATR-2026-00137-authority-claim-injection.yaml +52 -0
- package/rules/prompt-injection/ATR-2026-00138-fictional-framing-bypass.yaml +51 -0
- package/rules/prompt-injection/ATR-2026-00140-indirect-reference-reversal.yaml +52 -0
- package/rules/prompt-injection/ATR-2026-00148-language-switch-injection.yaml +71 -0
- package/rules/skill-compromise/{ATR-2026-060-skill-impersonation.yaml → ATR-2026-00060-skill-impersonation.yaml} +3 -1
- package/rules/skill-compromise/{ATR-2026-061-description-behavior-mismatch.yaml → ATR-2026-00061-description-behavior-mismatch.yaml} +3 -1
- package/rules/skill-compromise/{ATR-2026-062-hidden-capability.yaml → ATR-2026-00062-hidden-capability.yaml} +3 -1
- package/rules/skill-compromise/{ATR-2026-063-skill-chain-attack.yaml → ATR-2026-00063-skill-chain-attack.yaml} +3 -1
- package/rules/skill-compromise/{ATR-2026-064-over-permissioned-skill.yaml → ATR-2026-00064-over-permissioned-skill.yaml} +3 -1
- package/rules/skill-compromise/{ATR-2026-065-skill-update-attack.yaml → ATR-2026-00065-skill-update-attack.yaml} +3 -1
- package/rules/skill-compromise/{ATR-2026-066-parameter-injection.yaml → ATR-2026-00066-parameter-injection.yaml} +3 -1
- package/rules/skill-compromise/ATR-2026-00120-skill-instruction-injection.yaml +121 -0
- package/rules/skill-compromise/ATR-2026-00121-skill-dangerous-script.yaml +165 -0
- package/rules/skill-compromise/ATR-2026-00122-skill-weaponized-instruction.yaml +114 -0
- package/rules/skill-compromise/ATR-2026-00123-skill-overreach-permissions.yaml +118 -0
- package/rules/skill-compromise/ATR-2026-00124-skill-name-squatting.yaml +98 -0
- package/rules/skill-compromise/ATR-2026-00125-context-poisoning-compaction.yaml +93 -0
- package/rules/skill-compromise/ATR-2026-00126-skill-rug-pull-setup.yaml +99 -0
- package/rules/skill-compromise/ATR-2026-00127-subcommand-overflow.yaml +74 -0
- package/rules/skill-compromise/ATR-2026-00128-html-comment-hidden-payload.yaml +79 -0
- package/rules/skill-compromise/ATR-2026-00129-unicode-smuggling.yaml +73 -0
- package/rules/skill-compromise/ATR-2026-00134-fork-claim-impersonation.yaml +93 -0
- package/rules/skill-compromise/ATR-2026-00135-exfil-url-in-instructions.yaml +82 -0
- package/rules/skill-compromise/ATR-2026-00147-fork-impersonation.yaml +48 -0
- package/rules/tool-poisoning/{ATR-2026-010-mcp-malicious-response.yaml → ATR-2026-00010-mcp-malicious-response.yaml} +3 -1
- package/rules/tool-poisoning/{ATR-2026-011-tool-output-injection.yaml → ATR-2026-00011-tool-output-injection.yaml} +3 -1
- package/rules/tool-poisoning/{ATR-2026-012-unauthorized-tool-call.yaml → ATR-2026-00012-unauthorized-tool-call.yaml} +3 -1
- package/rules/tool-poisoning/{ATR-2026-013-tool-ssrf.yaml → ATR-2026-00013-tool-ssrf.yaml} +3 -1
- package/rules/tool-poisoning/{ATR-2026-095-supply-chain-poisoning.yaml → ATR-2026-00095-supply-chain-poisoning.yaml} +3 -1
- package/rules/tool-poisoning/{ATR-2026-096-registry-poisoning.yaml → ATR-2026-00096-registry-poisoning.yaml} +3 -1
- package/rules/tool-poisoning/{ATR-2026-100-consent-bypass-instruction.yaml → ATR-2026-00100-consent-bypass-instruction.yaml} +3 -1
- package/rules/tool-poisoning/{ATR-2026-101-trust-escalation-override.yaml → ATR-2026-00101-trust-escalation-override.yaml} +3 -1
- package/rules/tool-poisoning/{ATR-2026-103-hidden-safety-bypass-instruction.yaml → ATR-2026-00103-hidden-safety-bypass-instruction.yaml} +3 -1
- package/rules/tool-poisoning/{ATR-2026-105-silent-action-concealment.yaml → ATR-2026-00105-silent-action-concealment.yaml} +3 -1
- package/rules/tool-poisoning/{ATR-2026-106-schema-description-contradiction.yaml → ATR-2026-00106-schema-description-contradiction.yaml} +3 -1
- package/spec/atr-schema.yaml +32 -3
- package/dist/action-executor.d.ts +0 -44
- package/dist/action-executor.d.ts.map +0 -1
- package/dist/action-executor.js +0 -130
- package/dist/action-executor.js.map +0 -1
- package/dist/adapters/default-adapter.d.ts +0 -24
- package/dist/adapters/default-adapter.d.ts.map +0 -1
- package/dist/adapters/default-adapter.js +0 -51
- package/dist/adapters/default-adapter.js.map +0 -1
- package/dist/adapters/stdio-adapter.d.ts +0 -30
- package/dist/adapters/stdio-adapter.d.ts.map +0 -1
- package/dist/adapters/stdio-adapter.js +0 -128
- package/dist/adapters/stdio-adapter.js.map +0 -1
- package/dist/badge.d.ts +0 -42
- package/dist/badge.d.ts.map +0 -1
- package/dist/badge.js +0 -158
- package/dist/badge.js.map +0 -1
- package/dist/capability-extractor.d.ts +0 -35
- package/dist/capability-extractor.d.ts.map +0 -1
- package/dist/capability-extractor.js +0 -91
- package/dist/capability-extractor.js.map +0 -1
- package/dist/cli.d.ts +0 -12
- package/dist/cli.d.ts.map +0 -1
- package/dist/cli.js +0 -892
- package/dist/cli.js.map +0 -1
- package/dist/converters/elastic.d.ts +0 -36
- package/dist/converters/elastic.d.ts.map +0 -1
- package/dist/converters/elastic.js +0 -125
- package/dist/converters/elastic.js.map +0 -1
- package/dist/converters/index.d.ts +0 -28
- package/dist/converters/index.d.ts.map +0 -1
- package/dist/converters/index.js +0 -36
- package/dist/converters/index.js.map +0 -1
- package/dist/converters/splunk.d.ts +0 -19
- package/dist/converters/splunk.d.ts.map +0 -1
- package/dist/converters/splunk.js +0 -148
- package/dist/converters/splunk.js.map +0 -1
- package/dist/coverage-analyzer.d.ts +0 -43
- package/dist/coverage-analyzer.d.ts.map +0 -1
- package/dist/coverage-analyzer.js +0 -329
- package/dist/coverage-analyzer.js.map +0 -1
- package/dist/embedding/build-corpus.d.ts +0 -15
- package/dist/embedding/build-corpus.d.ts.map +0 -1
- package/dist/embedding/build-corpus.js +0 -105
- package/dist/embedding/build-corpus.js.map +0 -1
- package/dist/embedding/model-loader.d.ts +0 -41
- package/dist/embedding/model-loader.d.ts.map +0 -1
- package/dist/embedding/model-loader.js +0 -90
- package/dist/embedding/model-loader.js.map +0 -1
- package/dist/embedding/vector-store.d.ts +0 -41
- package/dist/embedding/vector-store.d.ts.map +0 -1
- package/dist/embedding/vector-store.js +0 -70
- package/dist/embedding/vector-store.js.map +0 -1
- package/dist/engine.d.ts +0 -163
- package/dist/engine.d.ts.map +0 -1
- package/dist/engine.js +0 -869
- package/dist/engine.js.map +0 -1
- package/dist/eval/corpus.d.ts +0 -42
- package/dist/eval/corpus.d.ts.map +0 -1
- package/dist/eval/corpus.js +0 -427
- package/dist/eval/corpus.js.map +0 -1
- package/dist/eval/eval-harness.d.ts +0 -44
- package/dist/eval/eval-harness.d.ts.map +0 -1
- package/dist/eval/eval-harness.js +0 -296
- package/dist/eval/eval-harness.js.map +0 -1
- package/dist/eval/index.d.ts +0 -13
- package/dist/eval/index.d.ts.map +0 -1
- package/dist/eval/index.js +0 -9
- package/dist/eval/index.js.map +0 -1
- package/dist/eval/metrics.d.ts +0 -74
- package/dist/eval/metrics.d.ts.map +0 -1
- package/dist/eval/metrics.js +0 -108
- package/dist/eval/metrics.js.map +0 -1
- package/dist/eval/pint-corpus.d.ts +0 -34
- package/dist/eval/pint-corpus.d.ts.map +0 -1
- package/dist/eval/pint-corpus.js +0 -109
- package/dist/eval/pint-corpus.js.map +0 -1
- package/dist/eval/rule-corpus.d.ts +0 -9
- package/dist/eval/rule-corpus.d.ts.map +0 -1
- package/dist/eval/rule-corpus.js +0 -4780
- package/dist/eval/rule-corpus.js.map +0 -1
- package/dist/eval/rule-metrics.d.ts +0 -34
- package/dist/eval/rule-metrics.d.ts.map +0 -1
- package/dist/eval/rule-metrics.js +0 -92
- package/dist/eval/rule-metrics.js.map +0 -1
- package/dist/eval/run-eval.d.ts +0 -7
- package/dist/eval/run-eval.d.ts.map +0 -1
- package/dist/eval/run-eval.js +0 -11
- package/dist/eval/run-eval.js.map +0 -1
- package/dist/eval/run-pint-benchmark.d.ts +0 -18
- package/dist/eval/run-pint-benchmark.d.ts.map +0 -1
- package/dist/eval/run-pint-benchmark.js +0 -159
- package/dist/eval/run-pint-benchmark.js.map +0 -1
- package/dist/flywheel.d.ts +0 -54
- package/dist/flywheel.d.ts.map +0 -1
- package/dist/flywheel.js +0 -121
- package/dist/flywheel.js.map +0 -1
- package/dist/hook-handler.d.ts +0 -61
- package/dist/hook-handler.d.ts.map +0 -1
- package/dist/hook-handler.js +0 -178
- package/dist/hook-handler.js.map +0 -1
- package/dist/index.d.ts +0 -62
- package/dist/index.d.ts.map +0 -1
- package/dist/index.js +0 -54
- package/dist/index.js.map +0 -1
- package/dist/layer-integration.d.ts +0 -55
- package/dist/layer-integration.d.ts.map +0 -1
- package/dist/layer-integration.js +0 -185
- package/dist/layer-integration.js.map +0 -1
- package/dist/loader.d.ts +0 -21
- package/dist/loader.d.ts.map +0 -1
- package/dist/loader.js +0 -124
- package/dist/loader.js.map +0 -1
- package/dist/mcp-server.d.ts +0 -13
- package/dist/mcp-server.d.ts.map +0 -1
- package/dist/mcp-server.js +0 -220
- package/dist/mcp-server.js.map +0 -1
- package/dist/mcp-tools/coverage-gaps.d.ts +0 -13
- package/dist/mcp-tools/coverage-gaps.d.ts.map +0 -1
- package/dist/mcp-tools/coverage-gaps.js +0 -55
- package/dist/mcp-tools/coverage-gaps.js.map +0 -1
- package/dist/mcp-tools/list-rules.d.ts +0 -17
- package/dist/mcp-tools/list-rules.d.ts.map +0 -1
- package/dist/mcp-tools/list-rules.js +0 -45
- package/dist/mcp-tools/list-rules.js.map +0 -1
- package/dist/mcp-tools/scan.d.ts +0 -24
- package/dist/mcp-tools/scan.d.ts.map +0 -1
- package/dist/mcp-tools/scan.js +0 -94
- package/dist/mcp-tools/scan.js.map +0 -1
- package/dist/mcp-tools/submit-proposal.d.ts +0 -12
- package/dist/mcp-tools/submit-proposal.d.ts.map +0 -1
- package/dist/mcp-tools/submit-proposal.js +0 -103
- package/dist/mcp-tools/submit-proposal.js.map +0 -1
- package/dist/mcp-tools/threat-summary.d.ts +0 -12
- package/dist/mcp-tools/threat-summary.d.ts.map +0 -1
- package/dist/mcp-tools/threat-summary.js +0 -74
- package/dist/mcp-tools/threat-summary.js.map +0 -1
- package/dist/mcp-tools/validate.d.ts +0 -15
- package/dist/mcp-tools/validate.d.ts.map +0 -1
- package/dist/mcp-tools/validate.js +0 -45
- package/dist/mcp-tools/validate.js.map +0 -1
- package/dist/modules/embedding.d.ts +0 -71
- package/dist/modules/embedding.d.ts.map +0 -1
- package/dist/modules/embedding.js +0 -141
- package/dist/modules/embedding.js.map +0 -1
- package/dist/modules/index.d.ts +0 -144
- package/dist/modules/index.d.ts.map +0 -1
- package/dist/modules/index.js +0 -82
- package/dist/modules/index.js.map +0 -1
- package/dist/modules/semantic.d.ts +0 -106
- package/dist/modules/semantic.d.ts.map +0 -1
- package/dist/modules/semantic.js +0 -359
- package/dist/modules/semantic.js.map +0 -1
- package/dist/modules/session.d.ts +0 -70
- package/dist/modules/session.d.ts.map +0 -1
- package/dist/modules/session.js +0 -128
- package/dist/modules/session.js.map +0 -1
- package/dist/rule-scaffolder.d.ts +0 -53
- package/dist/rule-scaffolder.d.ts.map +0 -1
- package/dist/rule-scaffolder.js +0 -301
- package/dist/rule-scaffolder.js.map +0 -1
- package/dist/session-tracker.d.ts +0 -58
- package/dist/session-tracker.d.ts.map +0 -1
- package/dist/session-tracker.js +0 -176
- package/dist/session-tracker.js.map +0 -1
- package/dist/shadow-evaluator.d.ts +0 -48
- package/dist/shadow-evaluator.d.ts.map +0 -1
- package/dist/shadow-evaluator.js +0 -128
- package/dist/shadow-evaluator.js.map +0 -1
- package/dist/skill-fingerprint.d.ts +0 -85
- package/dist/skill-fingerprint.d.ts.map +0 -1
- package/dist/skill-fingerprint.js +0 -284
- package/dist/skill-fingerprint.js.map +0 -1
- package/dist/tier0-invariant.d.ts +0 -49
- package/dist/tier0-invariant.d.ts.map +0 -1
- package/dist/tier0-invariant.js +0 -184
- package/dist/tier0-invariant.js.map +0 -1
- package/dist/tier1-blacklist.d.ts +0 -48
- package/dist/tier1-blacklist.d.ts.map +0 -1
- package/dist/tier1-blacklist.js +0 -91
- package/dist/tier1-blacklist.js.map +0 -1
- package/dist/types.d.ts +0 -190
- package/dist/types.d.ts.map +0 -1
- package/dist/types.js +0 -6
- package/dist/types.js.map +0 -1
- package/dist/verdict.d.ts +0 -26
- package/dist/verdict.d.ts.map +0 -1
- package/dist/verdict.js +0 -127
- package/dist/verdict.js.map +0 -1
package/dist/verdict.js
DELETED
|
@@ -1,127 +0,0 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* Verdict computation from ATR rule matches.
|
|
3
|
-
*
|
|
4
|
-
* Pure functions that determine the outcome (allow/ask/deny)
|
|
5
|
-
* based on severity, confidence, and auto-response thresholds.
|
|
6
|
-
*
|
|
7
|
-
* @module agent-threat-rules/verdict
|
|
8
|
-
*/
|
|
9
|
-
/** Severity rank from most severe (0) to least severe (4) */
|
|
10
|
-
export const SEVERITY_RANK = {
|
|
11
|
-
critical: 0,
|
|
12
|
-
high: 1,
|
|
13
|
-
medium: 2,
|
|
14
|
-
low: 3,
|
|
15
|
-
informational: 4,
|
|
16
|
-
};
|
|
17
|
-
/**
|
|
18
|
-
* Check whether auto-response is enabled for a matched rule.
|
|
19
|
-
* The auto_response_threshold field on ATRResponse indicates the
|
|
20
|
-
* minimum confidence level at which the action should be taken
|
|
21
|
-
* automatically (without human approval).
|
|
22
|
-
*/
|
|
23
|
-
export function isAutoResponseEnabled(match) {
|
|
24
|
-
const threshold = match.rule.response.auto_response_threshold;
|
|
25
|
-
if (!threshold)
|
|
26
|
-
return false;
|
|
27
|
-
const thresholdMap = {
|
|
28
|
-
high: 0.9,
|
|
29
|
-
medium: 0.7,
|
|
30
|
-
low: 0.5,
|
|
31
|
-
};
|
|
32
|
-
const requiredConfidence = thresholdMap[threshold];
|
|
33
|
-
if (requiredConfidence === undefined)
|
|
34
|
-
return false;
|
|
35
|
-
return match.confidence >= requiredConfidence;
|
|
36
|
-
}
|
|
37
|
-
/**
|
|
38
|
-
* Determine the verdict outcome based on severity and confidence.
|
|
39
|
-
*
|
|
40
|
-
* Decision matrix:
|
|
41
|
-
* - critical severity -> deny
|
|
42
|
-
* - high severity, conf >= 0.8 -> deny
|
|
43
|
-
* - high severity, conf < 0.8 -> ask
|
|
44
|
-
* - medium severity, conf >= 0.6 -> ask
|
|
45
|
-
* - everything else -> allow
|
|
46
|
-
*/
|
|
47
|
-
function determineOutcome(severity, confidence) {
|
|
48
|
-
if (severity === 'critical') {
|
|
49
|
-
return 'deny';
|
|
50
|
-
}
|
|
51
|
-
if (severity === 'high') {
|
|
52
|
-
return confidence >= 0.8 ? 'deny' : 'ask';
|
|
53
|
-
}
|
|
54
|
-
if (severity === 'medium' && confidence >= 0.6) {
|
|
55
|
-
return 'ask';
|
|
56
|
-
}
|
|
57
|
-
return 'allow';
|
|
58
|
-
}
|
|
59
|
-
/**
|
|
60
|
-
* Collect unique actions from all matched rules, preserving order
|
|
61
|
-
* of first appearance.
|
|
62
|
-
*/
|
|
63
|
-
function collectUniqueActions(matches) {
|
|
64
|
-
const seen = new Set();
|
|
65
|
-
const actions = [];
|
|
66
|
-
for (const match of matches) {
|
|
67
|
-
for (const action of match.rule.response.actions) {
|
|
68
|
-
if (!seen.has(action)) {
|
|
69
|
-
seen.add(action);
|
|
70
|
-
actions.push(action);
|
|
71
|
-
}
|
|
72
|
-
}
|
|
73
|
-
}
|
|
74
|
-
return Object.freeze(actions);
|
|
75
|
-
}
|
|
76
|
-
/**
|
|
77
|
-
* Build a human-readable reason string from the highest severity match.
|
|
78
|
-
*/
|
|
79
|
-
function buildReason(highestMatch, outcome, matchCount) {
|
|
80
|
-
if (!highestMatch) {
|
|
81
|
-
return 'No rules matched.';
|
|
82
|
-
}
|
|
83
|
-
const { rule, confidence } = highestMatch;
|
|
84
|
-
const pct = Math.round(confidence * 100);
|
|
85
|
-
return (`${outcome.toUpperCase()}: ${rule.title} ` +
|
|
86
|
-
`[${rule.severity}/${pct}% confidence] ` +
|
|
87
|
-
`(${matchCount} rule${matchCount === 1 ? '' : 's'} matched)`);
|
|
88
|
-
}
|
|
89
|
-
/**
|
|
90
|
-
* Compute a verdict from an array of ATR matches.
|
|
91
|
-
*
|
|
92
|
-
* This is a pure function -- no side effects, no mutation.
|
|
93
|
-
* Returns a frozen ATRVerdict object.
|
|
94
|
-
*/
|
|
95
|
-
export function computeVerdict(matches) {
|
|
96
|
-
if (matches.length === 0) {
|
|
97
|
-
return Object.freeze({
|
|
98
|
-
outcome: 'allow',
|
|
99
|
-
reason: 'No rules matched.',
|
|
100
|
-
matchCount: 0,
|
|
101
|
-
highestSeverity: null,
|
|
102
|
-
highestConfidence: 0,
|
|
103
|
-
actions: Object.freeze([]),
|
|
104
|
-
matches: Object.freeze([]),
|
|
105
|
-
timestamp: new Date().toISOString(),
|
|
106
|
-
});
|
|
107
|
-
}
|
|
108
|
-
// Matches are already sorted by the engine (severity desc, confidence desc).
|
|
109
|
-
// The first match has the highest severity.
|
|
110
|
-
const highestMatch = matches[0];
|
|
111
|
-
const highestSeverity = highestMatch.rule.severity;
|
|
112
|
-
const highestConfidence = highestMatch.confidence;
|
|
113
|
-
const outcome = determineOutcome(highestSeverity, highestConfidence);
|
|
114
|
-
const actions = collectUniqueActions(matches);
|
|
115
|
-
const reason = buildReason(highestMatch, outcome, matches.length);
|
|
116
|
-
return Object.freeze({
|
|
117
|
-
outcome,
|
|
118
|
-
reason,
|
|
119
|
-
matchCount: matches.length,
|
|
120
|
-
highestSeverity,
|
|
121
|
-
highestConfidence,
|
|
122
|
-
actions,
|
|
123
|
-
matches: Object.freeze([...matches]),
|
|
124
|
-
timestamp: new Date().toISOString(),
|
|
125
|
-
});
|
|
126
|
-
}
|
|
127
|
-
//# sourceMappingURL=verdict.js.map
|
package/dist/verdict.js.map
DELETED
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"verdict.js","sourceRoot":"","sources":["../src/verdict.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAUH,6DAA6D;AAC7D,MAAM,CAAC,MAAM,aAAa,GAA0C;IAClE,QAAQ,EAAE,CAAC;IACX,IAAI,EAAE,CAAC;IACP,MAAM,EAAE,CAAC;IACT,GAAG,EAAE,CAAC;IACN,aAAa,EAAE,CAAC;CACjB,CAAC;AAEF;;;;;GAKG;AACH,MAAM,UAAU,qBAAqB,CACnC,KAAe;IAEf,MAAM,SAAS,GAAG,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,uBAAuB,CAAC;IAC9D,IAAI,CAAC,SAAS;QAAE,OAAO,KAAK,CAAC;IAE7B,MAAM,YAAY,GAA2B;QAC3C,IAAI,EAAE,GAAG;QACT,MAAM,EAAE,GAAG;QACX,GAAG,EAAE,GAAG;KACT,CAAC;IAEF,MAAM,kBAAkB,GAAG,YAAY,CAAC,SAAS,CAAC,CAAC;IACnD,IAAI,kBAAkB,KAAK,SAAS;QAAE,OAAO,KAAK,CAAC;IAEnD,OAAO,KAAK,CAAC,UAAU,IAAI,kBAAkB,CAAC;AAChD,CAAC;AAED;;;;;;;;;GASG;AACH,SAAS,gBAAgB,CACvB,QAAqB,EACrB,UAAkB;IAElB,IAAI,QAAQ,KAAK,UAAU,EAAE,CAAC;QAC5B,OAAO,MAAM,CAAC;IAChB,CAAC;IACD,IAAI,QAAQ,KAAK,MAAM,EAAE,CAAC;QACxB,OAAO,UAAU,IAAI,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC;IAC5C,CAAC;IACD,IAAI,QAAQ,KAAK,QAAQ,IAAI,UAAU,IAAI,GAAG,EAAE,CAAC;QAC/C,OAAO,KAAK,CAAC;IACf,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;GAGG;AACH,SAAS,oBAAoB,CAC3B,OAA4B;IAE5B,MAAM,IAAI,GAAG,IAAI,GAAG,EAAa,CAAC;IAClC,MAAM,OAAO,GAAgB,EAAE,CAAC;IAEhC,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;QAC5B,KAAK,MAAM,MAAM,IAAI,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,CAAC;YACjD,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;gBACtB,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;gBACjB,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YACvB,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;AAChC,CAAC;AAED;;GAEG;AACH,SAAS,WAAW,CAClB,YAAkC,EAClC,OAAuB,EACvB,UAAkB;IAElB,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,OAAO,mBAAmB,CAAC;IAC7B,CAAC;IAED,MAAM,EAAE,IAAI,EAAE,UAAU,EAAE,GAAG,YAAY,CAAC;IAC1C,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,GAAG,GAAG,CAAC,CAAC;IAEzC,OAAO,CACL,GAAG,OAAO,CAAC,WAAW,EAAE,KAAK,IAAI,CAAC,KAAK,GAAG;QAC1C,IAAI,IAAI,CAAC,QAAQ,IAAI,GAAG,gBAAgB;QACxC,IAAI,UAAU,QAAQ,UAAU,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,WAAW,CAC7D,CAAC;AACJ,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,cAAc,CAC5B,OAA4B;IAE5B,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO,MAAM,CAAC,MAAM,CAAC;YACnB,OAAO,EAAE,OAAgB;YACzB,MAAM,EAAE,mBAAmB;YAC3B,UAAU,EAAE,CAAC;YACb,eAAe,EAAE,IAAI;YACrB,iBAAiB,EAAE,CAAC;YACpB,OAAO,EAAE,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC;YAC1B,OAAO,EAAE,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC;YAC1B,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACpC,CAAC,CAAC;IACL,CAAC;IAED,6EAA6E;IAC7E,4CAA4C;IAC5C,MAAM,YAAY,GAAG,OAAO,CAAC,CAAC,CAAE,CAAC;IACjC,MAAM,eAAe,GAAG,YAAY,CAAC,IAAI,CAAC,QAAQ,CAAC;IACnD,MAAM,iBAAiB,GAAG,YAAY,CAAC,UAAU,CAAC;IAElD,MAAM,OAAO,GAAG,gBAAgB,CAAC,eAAe,EAAE,iBAAiB,CAAC,CAAC;IACrE,MAAM,OAAO,GAAG,oBAAoB,CAAC,OAAO,CAAC,CAAC;IAC9C,MAAM,MAAM,GAAG,WAAW,CAAC,YAAY,EAAE,OAAO,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC;IAElE,OAAO,MAAM,CAAC,MAAM,CAAC;QACnB,OAAO;QACP,MAAM;QACN,UAAU,EAAE,OAAO,CAAC,MAAM;QAC1B,eAAe;QACf,iBAAiB;QACjB,OAAO;QACP,OAAO,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC,GAAG,OAAO,CAAC,CAAC;QACpC,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;KACpC,CAAC,CAAC;AACL,CAAC"}
|