npm - agent-threat-rules - Versions diffs - 0.4.0 → 1.0.0 - Mend

agent-threat-rules 0.4.0 → 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (291) hide show

package/dist/badge.d.ts DELETED Viewed

@@ -1,42 +0,0 @@
-/**
- * ATR Badge Generator
- *
- * Generates shields.io-compatible SVG badges and JSON endpoints
- * for ATR scan results.
- *
- * Badge states:
- *   - Green:  "ATR Scanned - No Issues" (scan passed, no findings)
- *   - Yellow: "ATR Scanned - Issues Found" (scan found potential threats)
- *   - Red:    "ATR Scanned - Critical" (critical threats detected)
- *   - Gray:   "Not Yet Scanned" (no scan data available)
- *
- * @module agent-threat-rules/badge
- */
-export interface BadgeData {
-    readonly schemaVersion: 1;
-    readonly label: string;
-    readonly message: string;
-    readonly color: string;
-    readonly namedLogo?: string;
-    readonly logoSvg?: string;
-}
-export type BadgeStatus = 'clean' | 'issues' | 'critical' | 'unknown';
-export interface ScanSummary {
-    readonly packageName: string;
-    readonly version?: string;
-    readonly scannedAt?: string;
-    readonly riskLevel: string;
-    readonly riskScore: number;
-    readonly findings: {
-        readonly critical: number;
-        readonly high: number;
-        readonly medium: number;
-        readonly low: number;
-    };
-}
-export declare function determineBadgeStatus(summary: ScanSummary): BadgeStatus;
-export declare function generateBadgeEndpoint(summary: ScanSummary | null): BadgeData;
-export declare function generateBadgeSvg(summary: ScanSummary | null): string;
-export declare function lookupPackageScan(auditDataPath: string, packageName: string): ScanSummary | null;
-export declare function generateBadgeMarkdown(packageName: string, repoUrl?: string): string;
-//# sourceMappingURL=badge.d.ts.map

package/dist/badge.d.ts.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"badge.d.ts","sourceRoot":"","sources":["../src/badge.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAQH,MAAM,WAAW,SAAS;IACxB,QAAQ,CAAC,aAAa,EAAE,CAAC,CAAC;IAC1B,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC;CAC3B;AAED,MAAM,MAAM,WAAW,GAAG,OAAO,GAAG,QAAQ,GAAG,UAAU,GAAG,SAAS,CAAC;AAEtE,MAAM,WAAW,WAAW;IAC1B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,QAAQ,EAAE;QACjB,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;QAC1B,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;QACtB,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;QACxB,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;KACtB,CAAC;CACH;AAiBD,wBAAgB,oBAAoB,CAAC,OAAO,EAAE,WAAW,GAAG,WAAW,CActE;AAMD,wBAAgB,qBAAqB,CAAC,OAAO,EAAE,WAAW,GAAG,IAAI,GAAG,SAAS,CA+B5E;AAeD,wBAAgB,gBAAgB,CAAC,OAAO,EAAE,WAAW,GAAG,IAAI,GAAG,MAAM,CA+BpE;AAMD,wBAAgB,iBAAiB,CAC/B,aAAa,EAAE,MAAM,EACrB,WAAW,EAAE,MAAM,GAClB,WAAW,GAAG,IAAI,CA6BpB;AAMD,wBAAgB,qBAAqB,CACnC,WAAW,EAAE,MAAM,EACnB,OAAO,GAAE,MAAkE,GAC1E,MAAM,CAIR"}

package/dist/badge.js DELETED Viewed

@@ -1,158 +0,0 @@
-/**
- * ATR Badge Generator
- *
- * Generates shields.io-compatible SVG badges and JSON endpoints
- * for ATR scan results.
- *
- * Badge states:
- *   - Green:  "ATR Scanned - No Issues" (scan passed, no findings)
- *   - Yellow: "ATR Scanned - Issues Found" (scan found potential threats)
- *   - Red:    "ATR Scanned - Critical" (critical threats detected)
- *   - Gray:   "Not Yet Scanned" (no scan data available)
- *
- * @module agent-threat-rules/badge
- */
-import { readFileSync } from 'node:fs';
-// ---------------------------------------------------------------------------
-// Badge colors
-// ---------------------------------------------------------------------------
-const BADGE_COLORS = {
-    clean: '#2ea44f', // GitHub green
-    issues: '#dfb317', // Warning yellow
-    critical: '#e05d44', // Alert red
-    unknown: '#9f9f9f', // Gray
-};
-// ---------------------------------------------------------------------------
-// Determine badge status from scan data
-// ---------------------------------------------------------------------------
-export function determineBadgeStatus(summary) {
-    // Check ATR rule findings first
-    if (summary.findings.critical > 0)
-        return 'critical';
-    if (summary.findings.high > 0)
-        return 'critical';
-    if (summary.findings.medium > 0)
-        return 'issues';
-    if (summary.findings.low > 0)
-        return 'issues';
-    // Fall back to overall risk assessment (from code analysis, supply chain, etc.)
-    const level = summary.riskLevel.toUpperCase();
-    if (level === 'CRITICAL' || level === 'HIGH')
-        return 'critical';
-    if (level === 'MEDIUM')
-        return 'issues';
-    if (level === 'LOW')
-        return 'issues';
-    return 'clean';
-}
-// ---------------------------------------------------------------------------
-// Generate shields.io endpoint JSON
-// ---------------------------------------------------------------------------
-export function generateBadgeEndpoint(summary) {
-    if (!summary) {
-        return {
-            schemaVersion: 1,
-            label: 'ATR',
-            message: 'Not Yet Scanned',
-            color: BADGE_COLORS.unknown,
-        };
-    }
-    const status = determineBadgeStatus(summary);
-    const totalFindings = summary.findings.critical + summary.findings.high + summary.findings.medium + summary.findings.low;
-    const messages = {
-        clean: 'Scanned - No Issues',
-        issues: totalFindings > 0
-            ? `Scanned - ${totalFindings} Issue${totalFindings > 1 ? 's' : ''}`
-            : `Scanned - ${summary.riskLevel}`,
-        critical: totalFindings > 0
-            ? `Scanned - ${summary.findings.critical + summary.findings.high} Critical`
-            : `Scanned - ${summary.riskLevel}`,
-        unknown: 'Not Yet Scanned',
-    };
-    return {
-        schemaVersion: 1,
-        label: 'ATR',
-        message: messages[status],
-        color: BADGE_COLORS[status],
-    };
-}
-// ---------------------------------------------------------------------------
-// Generate standalone SVG badge
-// ---------------------------------------------------------------------------
-function escapeXml(str) {
-    return str.replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;');
-}
-function measureText(text) {
-    // Approximate character width for Verdana 11px (shields.io standard)
-    return text.length * 6.8 + 10;
-}
-export function generateBadgeSvg(summary) {
-    const data = generateBadgeEndpoint(summary);
-    const label = escapeXml(data.label);
-    const message = escapeXml(data.message);
-    const color = data.color;
-    const labelWidth = measureText(label);
-    const messageWidth = measureText(message);
-    const totalWidth = labelWidth + messageWidth;
-    return `<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="${totalWidth}" height="20" role="img" aria-label="${label}: ${message}">
-  <title>${label}: ${message}</title>
-  <linearGradient id="s" x2="0" y2="100%">
-    <stop offset="0" stop-color="#bbb" stop-opacity=".1"/>
-    <stop offset="1" stop-opacity=".1"/>
-  </linearGradient>
-  <clipPath id="r">
-    <rect width="${totalWidth}" height="20" rx="3" fill="#fff"/>
-  </clipPath>
-  <g clip-path="url(#r)">
-    <rect width="${labelWidth}" height="20" fill="#555"/>
-    <rect x="${labelWidth}" width="${messageWidth}" height="20" fill="${color}"/>
-    <rect width="${totalWidth}" height="20" fill="url(#s)"/>
-  </g>
-  <g fill="#fff" text-anchor="middle" font-family="Verdana,Geneva,DejaVu Sans,sans-serif" text-rendering="geometricPrecision" font-size="110">
-    <text aria-hidden="true" x="${labelWidth * 5}" y="150" fill="#010101" fill-opacity=".3" transform="scale(.1)">${label}</text>
-    <text x="${labelWidth * 5}" y="140" transform="scale(.1)" fill="#fff">${label}</text>
-    <text aria-hidden="true" x="${(labelWidth + messageWidth / 2) * 10}" y="150" fill="#010101" fill-opacity=".3" transform="scale(.1)">${message}</text>
-    <text x="${(labelWidth + messageWidth / 2) * 10}" y="140" transform="scale(.1)" fill="#fff">${message}</text>
-  </g>
-</svg>`;
-}
-// ---------------------------------------------------------------------------
-// Load scan result from audit data file
-// ---------------------------------------------------------------------------
-export function lookupPackageScan(auditDataPath, packageName) {
-    try {
-        const data = JSON.parse(readFileSync(auditDataPath, 'utf-8'));
-        const results = data.results ?? [];
-        const entry = results.find((r) => r.package === packageName);
-        if (!entry)
-            return null;
-        const atrMatches = entry.atrMatches ?? [];
-        const findings = { critical: 0, high: 0, medium: 0, low: 0 };
-        for (const m of atrMatches) {
-            const sev = (m.severity ?? m.rule?.severity ?? 'low').toLowerCase();
-            if (sev in findings) {
-                findings[sev]++;
-            }
-        }
-        return {
-            packageName: entry.package,
-            version: entry.version,
-            scannedAt: entry.auditedAt ?? data.auditedAt,
-            riskLevel: entry.riskLevel ?? 'UNKNOWN',
-            riskScore: entry.riskScore ?? 0,
-            findings,
-        };
-    }
-    catch {
-        return null;
-    }
-}
-// ---------------------------------------------------------------------------
-// Generate markdown badge snippet
-// ---------------------------------------------------------------------------
-export function generateBadgeMarkdown(packageName, repoUrl = 'https://github.com/Agent-Threat-Rule/agent-threat-rules') {
-    // Static badge URL using shields.io
-    const encodedName = encodeURIComponent(packageName);
-    return `[![ATR Scanned](https://img.shields.io/badge/ATR-Scanned-2ea44f?style=flat-square)](${repoUrl})`;
-}
-//# sourceMappingURL=badge.js.map

package/dist/badge.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"badge.js","sourceRoot":"","sources":["../src/badge.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AA+BvC,8EAA8E;AAC9E,eAAe;AACf,8EAA8E;AAE9E,MAAM,YAAY,GAAgC;IAChD,KAAK,EAAE,SAAS,EAAM,eAAe;IACrC,MAAM,EAAE,SAAS,EAAK,iBAAiB;IACvC,QAAQ,EAAE,SAAS,EAAG,YAAY;IAClC,OAAO,EAAE,SAAS,EAAI,OAAO;CAC9B,CAAC;AAEF,8EAA8E;AAC9E,wCAAwC;AACxC,8EAA8E;AAE9E,MAAM,UAAU,oBAAoB,CAAC,OAAoB;IACvD,gCAAgC;IAChC,IAAI,OAAO,CAAC,QAAQ,CAAC,QAAQ,GAAG,CAAC;QAAE,OAAO,UAAU,CAAC;IACrD,IAAI,OAAO,CAAC,QAAQ,CAAC,IAAI,GAAG,CAAC;QAAE,OAAO,UAAU,CAAC;IACjD,IAAI,OAAO,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,QAAQ,CAAC;IACjD,IAAI,OAAO,CAAC,QAAQ,CAAC,GAAG,GAAG,CAAC;QAAE,OAAO,QAAQ,CAAC;IAE9C,gFAAgF;IAChF,MAAM,KAAK,GAAG,OAAO,CAAC,SAAS,CAAC,WAAW,EAAE,CAAC;IAC9C,IAAI,KAAK,KAAK,UAAU,IAAI,KAAK,KAAK,MAAM;QAAE,OAAO,UAAU,CAAC;IAChE,IAAI,KAAK,KAAK,QAAQ;QAAE,OAAO,QAAQ,CAAC;IACxC,IAAI,KAAK,KAAK,KAAK;QAAE,OAAO,QAAQ,CAAC;IAErC,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,8EAA8E;AAC9E,oCAAoC;AACpC,8EAA8E;AAE9E,MAAM,UAAU,qBAAqB,CAAC,OAA2B;IAC/D,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO;YACL,aAAa,EAAE,CAAC;YAChB,KAAK,EAAE,KAAK;YACZ,OAAO,EAAE,iBAAiB;YAC1B,KAAK,EAAE,YAAY,CAAC,OAAO;SAC5B,CAAC;IACJ,CAAC;IAED,MAAM,MAAM,GAAG,oBAAoB,CAAC,OAAO,CAAC,CAAC;IAE7C,MAAM,aAAa,GAAG,OAAO,CAAC,QAAQ,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC,IAAI,GAAG,OAAO,CAAC,QAAQ,CAAC,MAAM,GAAG,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC;IAEzH,MAAM,QAAQ,GAAgC;QAC5C,KAAK,EAAE,qBAAqB;QAC5B,MAAM,EAAE,aAAa,GAAG,CAAC;YACvB,CAAC,CAAC,aAAa,aAAa,SAAS,aAAa,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;YACnE,CAAC,CAAC,aAAa,OAAO,CAAC,SAAS,EAAE;QACpC,QAAQ,EAAE,aAAa,GAAG,CAAC;YACzB,CAAC,CAAC,aAAa,OAAO,CAAC,QAAQ,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC,IAAI,WAAW;YAC3E,CAAC,CAAC,aAAa,OAAO,CAAC,SAAS,EAAE;QACpC,OAAO,EAAE,iBAAiB;KAC3B,CAAC;IAEF,OAAO;QACL,aAAa,EAAE,CAAC;QAChB,KAAK,EAAE,KAAK;QACZ,OAAO,EAAE,QAAQ,CAAC,MAAM,CAAC;QACzB,KAAK,EAAE,YAAY,CAAC,MAAM,CAAC;KAC5B,CAAC;AACJ,CAAC;AAED,8EAA8E;AAC9E,gCAAgC;AAChC,8EAA8E;AAE9E,SAAS,SAAS,CAAC,GAAW;IAC5B,OAAO,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;AAChF,CAAC;AAED,SAAS,WAAW,CAAC,IAAY;IAC/B,qEAAqE;IACrE,OAAO,IAAI,CAAC,MAAM,GAAG,GAAG,GAAG,EAAE,CAAC;AAChC,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,OAA2B;IAC1D,MAAM,IAAI,GAAG,qBAAqB,CAAC,OAAO,CAAC,CAAC;IAC5C,MAAM,KAAK,GAAG,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACpC,MAAM,OAAO,GAAG,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACxC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC;IAEzB,MAAM,UAAU,GAAG,WAAW,CAAC,KAAK,CAAC,CAAC;IACtC,MAAM,YAAY,GAAG,WAAW,CAAC,OAAO,CAAC,CAAC;IAC1C,MAAM,UAAU,GAAG,UAAU,GAAG,YAAY,CAAC;IAE7C,OAAO,6FAA6F,UAAU,wCAAwC,KAAK,KAAK,OAAO;WAC9J,KAAK,KAAK,OAAO;;;;;;mBAMT,UAAU;;;mBAGV,UAAU;eACd,UAAU,YAAY,YAAY,uBAAuB,KAAK;mBAC1D,UAAU;;;kCAGK,UAAU,GAAG,CAAC,oEAAoE,KAAK;eAC1G,UAAU,GAAG,CAAC,+CAA+C,KAAK;kCAC/C,CAAC,UAAU,GAAG,YAAY,GAAG,CAAC,CAAC,GAAG,EAAE,oEAAoE,OAAO;eAClI,CAAC,UAAU,GAAG,YAAY,GAAG,CAAC,CAAC,GAAG,EAAE,+CAA+C,OAAO;;OAElG,CAAC;AACR,CAAC;AAED,8EAA8E;AAC9E,wCAAwC;AACxC,8EAA8E;AAE9E,MAAM,UAAU,iBAAiB,CAC/B,aAAqB,EACrB,WAAmB;IAEnB,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC,CAAC;QAE9D,MAAM,OAAO,GAAc,IAAI,CAAC,OAAO,IAAI,EAAE,CAAC;QAC9C,MAAM,KAAK,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,WAAW,CAAQ,CAAC;QAEzE,IAAI,CAAC,KAAK;YAAE,OAAO,IAAI,CAAC;QAExB,MAAM,UAAU,GAAU,KAAK,CAAC,UAAU,IAAI,EAAE,CAAC;QACjD,MAAM,QAAQ,GAAG,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;QAC7D,KAAK,MAAM,CAAC,IAAI,UAAU,EAAE,CAAC;YAC3B,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,IAAI,EAAE,QAAQ,IAAI,KAAK,CAAC,CAAC,WAAW,EAAE,CAAC;YACpE,IAAI,GAAG,IAAI,QAAQ,EAAE,CAAC;gBACpB,QAAQ,CAAC,GAA4B,CAAC,EAAE,CAAC;YAC3C,CAAC;QACH,CAAC;QAED,OAAO;YACL,WAAW,EAAE,KAAK,CAAC,OAAO;YAC1B,OAAO,EAAE,KAAK,CAAC,OAAO;YACtB,SAAS,EAAE,KAAK,CAAC,SAAS,IAAI,IAAI,CAAC,SAAS;YAC5C,SAAS,EAAE,KAAK,CAAC,SAAS,IAAI,SAAS;YACvC,SAAS,EAAE,KAAK,CAAC,SAAS,IAAI,CAAC;YAC/B,QAAQ;SACT,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,8EAA8E;AAC9E,kCAAkC;AAClC,8EAA8E;AAE9E,MAAM,UAAU,qBAAqB,CACnC,WAAmB,EACnB,UAAkB,yDAAyD;IAE3E,oCAAoC;IACpC,MAAM,WAAW,GAAG,kBAAkB,CAAC,WAAW,CAAC,CAAC;IACpD,OAAO,uFAAuF,OAAO,GAAG,CAAC;AAC3G,CAAC"}

package/dist/capability-extractor.d.ts DELETED Viewed

@@ -1,35 +0,0 @@
-/**
- * Shared capability extraction from text content.
- *
- * Used by both SkillFingerprintStore (behavioral drift detection)
- * and InvariantChecker (manifest enforcement).
- *
- * Regex-based, no LLM needed. Analyzes first 10KB to prevent ReDoS.
- *
- * @module agent-threat-rules/capability-extractor
- */
-export declare const FS_WRITE_PATTERN: RegExp;
-export declare const FS_READ_PATTERN: RegExp;
-export declare const FS_DELETE_PATTERN: RegExp;
-export declare const NETWORK_PATTERN: RegExp;
-export declare const ENV_PATTERN: RegExp;
-export declare const ENV_INLINE_PATTERN: RegExp;
-export declare const EXEC_PATTERN: RegExp;
-export declare const EXFIL_PATTERN: RegExp;
-export declare const REDIRECT_PATTERN: RegExp;
-/** Path extraction: find filesystem paths referenced in text (min 2 segments to reduce noise) */
-export declare const PATH_PATTERN: RegExp;
-/** Config file modification patterns */
-export declare const CONFIG_MOD_PATTERN: RegExp;
-export interface ExtractedCapabilities {
-    readonly filesystemOps: readonly string[];
-    readonly filesystemPaths: readonly string[];
-    readonly networkTargets: readonly string[];
-    readonly envAccesses: readonly string[];
-    readonly processExecs: readonly string[];
-    readonly outputPatterns: readonly string[];
-    readonly configModifications: boolean;
-}
-/** Classify text content into behavioral capabilities */
-export declare function extractCapabilities(text: string): ExtractedCapabilities;
-//# sourceMappingURL=capability-extractor.d.ts.map

package/dist/capability-extractor.d.ts.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"capability-extractor.d.ts","sourceRoot":"","sources":["../src/capability-extractor.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAMH,eAAO,MAAM,gBAAgB,QACkD,CAAC;AAChF,eAAO,MAAM,eAAe,QACiC,CAAC;AAC9D,eAAO,MAAM,iBAAiB,QAC0B,CAAC;AAEzD,eAAO,MAAM,eAAe,QAC0F,CAAC;AAEvH,eAAO,MAAM,WAAW,QAC0D,CAAC;AACnF,eAAO,MAAM,kBAAkB,QAAmC,CAAC;AAEnE,eAAO,MAAM,YAAY,QACiG,CAAC;AAE3H,eAAO,MAAM,aAAa,QAC6D,CAAC;AACxF,eAAO,MAAM,gBAAgB,QACqC,CAAC;AAEnE,iGAAiG;AACjG,eAAO,MAAM,YAAY,QACuB,CAAC;AASjD,wCAAwC;AACxC,eAAO,MAAM,kBAAkB,QACqD,CAAC;AAMrF,MAAM,WAAW,qBAAqB;IACpC,QAAQ,CAAC,aAAa,EAAE,SAAS,MAAM,EAAE,CAAC;IAC1C,QAAQ,CAAC,eAAe,EAAE,SAAS,MAAM,EAAE,CAAC;IAC5C,QAAQ,CAAC,cAAc,EAAE,SAAS,MAAM,EAAE,CAAC;IAC3C,QAAQ,CAAC,WAAW,EAAE,SAAS,MAAM,EAAE,CAAC;IACxC,QAAQ,CAAC,YAAY,EAAE,SAAS,MAAM,EAAE,CAAC;IACzC,QAAQ,CAAC,cAAc,EAAE,SAAS,MAAM,EAAE,CAAC;IAC3C,QAAQ,CAAC,mBAAmB,EAAE,OAAO,CAAC;CACvC;AAED,yDAAyD;AACzD,wBAAgB,mBAAmB,CAAC,IAAI,EAAE,MAAM,GAAG,qBAAqB,CAwDvE"}

package/dist/capability-extractor.js DELETED Viewed

@@ -1,91 +0,0 @@
-/**
- * Shared capability extraction from text content.
- *
- * Used by both SkillFingerprintStore (behavioral drift detection)
- * and InvariantChecker (manifest enforcement).
- *
- * Regex-based, no LLM needed. Analyzes first 10KB to prevent ReDoS.
- *
- * @module agent-threat-rules/capability-extractor
- */
-// ---------------------------------------------------------------------------
-// Pattern detectors
-// ---------------------------------------------------------------------------
-export const FS_WRITE_PATTERN = /(?:write(?:File)?|appendFile|fs\.write|truncate|mkdir|rmdir|unlink|rm\s+-)/i;
-export const FS_READ_PATTERN = /(?:read(?:File)?|readdir|stat|access|exists|glob|find\s)/i;
-export const FS_DELETE_PATTERN = /(?:unlink|rm\s+-rf|delete(?:File)?|removeDir|rmdir)/i;
-export const NETWORK_PATTERN = /(?:https?:\/\/|fetch|curl|wget|axios|http\.request|net\.connect|socket)[\s('"]*([a-zA-Z0-9.-]+(?:\.[a-zA-Z]{2,}))/i;
-export const ENV_PATTERN = /(?:process\.env|os\.environ|getenv|System\.getenv)\[?['"(]?([A-Z_][A-Z0-9_]*)/i;
-export const ENV_INLINE_PATTERN = /\$\{?([A-Z_][A-Z0-9_]{2,})\}?/g;
-export const EXEC_PATTERN = /(?:child_process|spawn|exec(?:File)?|system\(|popen|subprocess|shell_exec|os\.system)\s*\(\s*['"(]?([^\s'")\]]{1,80})/i;
-export const EXFIL_PATTERN = /(?:base64|btoa|encode|compress|deflate|gzip).*(?:http|fetch|curl|send|post|upload)/i;
-export const REDIRECT_PATTERN = /(?:redirect|forward|proxy|tunnel)\s+(?:to\s+)?(?:https?:\/\/)/i;
-/** Path extraction: find filesystem paths referenced in text (min 2 segments to reduce noise) */
-export const PATH_PATTERN = /(?:["'`]|^|\s)(\/(?:[\w.-]+\/){1,}[\w.-]+)/gm;
-/** Common benign paths that appear in docs/version strings -- skip these */
-const BENIGN_PATH_PREFIXES = [
-    '/usr/bin/', '/usr/lib/', '/usr/local/',
-    '/node_modules/', '/dist/', '/build/',
-    '/v1/', '/v2/', '/api/',
-];
-/** Config file modification patterns */
-export const CONFIG_MOD_PATTERN = /(?:\.mcp\.json|\.claude\/|\.cursor\/|mcp-config|settings\.json|\.env(?:\.\w+)?)/i;
-/** Classify text content into behavioral capabilities */
-export function extractCapabilities(text) {
-    const result = {
-        filesystemOps: [],
-        filesystemPaths: [],
-        networkTargets: [],
-        envAccesses: [],
-        processExecs: [],
-        outputPatterns: [],
-        configModifications: false,
-    };
-    if (!text || text.length === 0)
-        return result;
-    // Limit analysis to first 10KB to prevent ReDoS
-    const safeText = text.slice(0, 10_240);
-    // Filesystem operations
-    if (FS_WRITE_PATTERN.test(safeText))
-        result.filesystemOps.push('write');
-    if (FS_READ_PATTERN.test(safeText))
-        result.filesystemOps.push('read');
-    if (FS_DELETE_PATTERN.test(safeText))
-        result.filesystemOps.push('delete');
-    // Filesystem paths (filter out benign paths from docs/version strings)
-    for (const m of safeText.matchAll(PATH_PATTERN)) {
-        const path = m[1];
-        if (!path || result.filesystemPaths.includes(path))
-            continue;
-        const isBenign = BENIGN_PATH_PREFIXES.some((p) => path.startsWith(p));
-        if (!isBenign) {
-            result.filesystemPaths.push(path);
-        }
-    }
-    // Network targets
-    const netMatch = safeText.match(NETWORK_PATTERN);
-    if (netMatch?.[1])
-        result.networkTargets.push(netMatch[1]);
-    // Environment variable accesses
-    const envMatch = safeText.match(ENV_PATTERN);
-    if (envMatch?.[1])
-        result.envAccesses.push(envMatch[1]);
-    for (const m of safeText.matchAll(ENV_INLINE_PATTERN)) {
-        if (m[1] && !result.envAccesses.includes(m[1])) {
-            result.envAccesses.push(m[1]);
-        }
-    }
-    // Process executions
-    const execMatch = safeText.match(EXEC_PATTERN);
-    if (execMatch?.[1])
-        result.processExecs.push(execMatch[1]);
-    // Output patterns
-    if (EXFIL_PATTERN.test(safeText))
-        result.outputPatterns.push('exfiltration');
-    if (REDIRECT_PATTERN.test(safeText))
-        result.outputPatterns.push('redirect');
-    // Config modifications
-    result.configModifications = CONFIG_MOD_PATTERN.test(safeText);
-    return result;
-}
-//# sourceMappingURL=capability-extractor.js.map

package/dist/capability-extractor.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"capability-extractor.js","sourceRoot":"","sources":["../src/capability-extractor.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,8EAA8E;AAC9E,oBAAoB;AACpB,8EAA8E;AAE9E,MAAM,CAAC,MAAM,gBAAgB,GAC3B,6EAA6E,CAAC;AAChF,MAAM,CAAC,MAAM,eAAe,GAC1B,2DAA2D,CAAC;AAC9D,MAAM,CAAC,MAAM,iBAAiB,GAC5B,sDAAsD,CAAC;AAEzD,MAAM,CAAC,MAAM,eAAe,GAC1B,oHAAoH,CAAC;AAEvH,MAAM,CAAC,MAAM,WAAW,GACtB,gFAAgF,CAAC;AACnF,MAAM,CAAC,MAAM,kBAAkB,GAAG,gCAAgC,CAAC;AAEnE,MAAM,CAAC,MAAM,YAAY,GACvB,wHAAwH,CAAC;AAE3H,MAAM,CAAC,MAAM,aAAa,GACxB,qFAAqF,CAAC;AACxF,MAAM,CAAC,MAAM,gBAAgB,GAC3B,gEAAgE,CAAC;AAEnE,iGAAiG;AACjG,MAAM,CAAC,MAAM,YAAY,GACvB,8CAA8C,CAAC;AAEjD,4EAA4E;AAC5E,MAAM,oBAAoB,GAAG;IAC3B,WAAW,EAAE,WAAW,EAAE,aAAa;IACvC,gBAAgB,EAAE,QAAQ,EAAE,SAAS;IACrC,MAAM,EAAE,MAAM,EAAE,OAAO;CACf,CAAC;AAEX,wCAAwC;AACxC,MAAM,CAAC,MAAM,kBAAkB,GAC7B,kFAAkF,CAAC;AAgBrF,yDAAyD;AACzD,MAAM,UAAU,mBAAmB,CAAC,IAAY;IAC9C,MAAM,MAAM,GAAG;QACb,aAAa,EAAE,EAAc;QAC7B,eAAe,EAAE,EAAc;QAC/B,cAAc,EAAE,EAAc;QAC9B,WAAW,EAAE,EAAc;QAC3B,YAAY,EAAE,EAAc;QAC5B,cAAc,EAAE,EAAc;QAC9B,mBAAmB,EAAE,KAAK;KAC3B,CAAC;IAEF,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,MAAM,CAAC;IAE9C,gDAAgD;IAChD,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC;IAEvC,wBAAwB;IACxB,IAAI,gBAAgB,CAAC,IAAI,CAAC,QAAQ,CAAC;QAAE,MAAM,CAAC,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACxE,IAAI,eAAe,CAAC,IAAI,CAAC,QAAQ,CAAC;QAAE,MAAM,CAAC,aAAa,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IACtE,IAAI,iBAAiB,CAAC,IAAI,CAAC,QAAQ,CAAC;QAAE,MAAM,CAAC,aAAa,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAE1E,uEAAuE;IACvE,KAAK,MAAM,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE,CAAC;QAChD,MAAM,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;QAClB,IAAI,CAAC,IAAI,IAAI,MAAM,CAAC,eAAe,CAAC,QAAQ,CAAC,IAAI,CAAC;YAAE,SAAS;QAC7D,MAAM,QAAQ,GAAG,oBAAoB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC;QACtE,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,CAAC,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACpC,CAAC;IACH,CAAC;IAED,kBAAkB;IAClB,MAAM,QAAQ,GAAG,QAAQ,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC;IACjD,IAAI,QAAQ,EAAE,CAAC,CAAC,CAAC;QAAE,MAAM,CAAC,cAAc,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;IAE3D,gCAAgC;IAChC,MAAM,QAAQ,GAAG,QAAQ,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;IAC7C,IAAI,QAAQ,EAAE,CAAC,CAAC,CAAC;QAAE,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;IACxD,KAAK,MAAM,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,kBAAkB,CAAC,EAAE,CAAC;QACtD,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YAC/C,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAChC,CAAC;IACH,CAAC;IAED,qBAAqB;IACrB,MAAM,SAAS,GAAG,QAAQ,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;IAC/C,IAAI,SAAS,EAAE,CAAC,CAAC,CAAC;QAAE,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;IAE3D,kBAAkB;IAClB,IAAI,aAAa,CAAC,IAAI,CAAC,QAAQ,CAAC;QAAE,MAAM,CAAC,cAAc,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;IAC7E,IAAI,gBAAgB,CAAC,IAAI,CAAC,QAAQ,CAAC;QAAE,MAAM,CAAC,cAAc,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IAE5E,uBAAuB;IACvB,MAAM,CAAC,mBAAmB,GAAG,kBAAkB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAE/D,OAAO,MAAM,CAAC;AAChB,CAAC"}

package/dist/cli.d.ts DELETED Viewed

@@ -1,12 +0,0 @@
-#!/usr/bin/env node
-/**
- * ATR CLI - Command-line interface for Agent Threat Rules
- *
- * Usage:
- *   npx agent-threat-rules scan <events.json>     Scan events against all rules
- *   npx agent-threat-rules validate <rule.yaml>    Validate a rule file
- *   npx agent-threat-rules test <rule.yaml>        Run a rule's test cases
- *   npx agent-threat-rules stats                   Show rule collection stats
- */
-export {};
-//# sourceMappingURL=cli.d.ts.map

package/dist/cli.d.ts.map DELETED Viewed

	@@ -1 +0,0 @@
1	- {"version":3,"file":"cli.d.ts","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";AACA;;;;;;;;GAQG"}