agent-threat-rules 0.4.0 → 1.0.0

package/dist/cli.js

@@ -1,892 +0,0 @@
-#!/usr/bin/env node
-/**
- * ATR CLI - Command-line interface for Agent Threat Rules
- *
- * Usage:
- *   npx agent-threat-rules scan <events.json>     Scan events against all rules
- *   npx agent-threat-rules validate <rule.yaml>    Validate a rule file
- *   npx agent-threat-rules test <rule.yaml>        Run a rule's test cases
- *   npx agent-threat-rules stats                   Show rule collection stats
- */
-import { readFileSync, writeFileSync, readdirSync, existsSync, statSync, mkdirSync } from 'node:fs';
-import { resolve, dirname, join, sep } from 'node:path';
-import { homedir } from 'node:os';
-import { fileURLToPath } from 'node:url';
-import { ATREngine } from './engine.js';
-import { loadRuleFile, loadRulesFromDirectory, validateRule } from './loader.js';
-import { generateBadgeSvg, generateBadgeEndpoint, lookupPackageScan, generateBadgeMarkdown } from './badge.js';
-const __filename = fileURLToPath(import.meta.url);
-const __dirname = dirname(__filename);
-const RULES_DIR = resolve(__dirname, '..', 'rules');
-const SEVERITY_COLORS = {
-    critical: '\x1b[91m', // bright red
-    high: '\x1b[31m', // red
-    medium: '\x1b[33m', // yellow
-    low: '\x1b[36m', // cyan
-    informational: '\x1b[37m', // white
-};
-const RESET = '\x1b[0m';
-const GREEN = '\x1b[32m';
-const RED = '\x1b[31m';
-const DIM = '\x1b[2m';
-const BOLD = '\x1b[1m';
-function printUsage() {
-    console.log(`
-${BOLD}ATR - Agent Threat Rules${RESET}
-Open detection rules for AI agent security threats.
-
-${BOLD}Usage:${RESET}
-  atr scan <events.json> [--rules <dir>]   Scan events against ATR rules
-  atr validate <rule.yaml|dir>             Validate rule file(s)
-  atr test <rule.yaml|dir>                 Run embedded test cases
-  atr stats [--rules <dir>]                Show rule collection statistics
-  atr convert <splunk|elastic> [--rules <dir>] [--output <file>]
-                                           Convert rules to SIEM query format
-  atr guard [--rules <dir>] [--dry-run]    Start as Claude Code hook (stdio)
-  atr init [--global]                      Setup ATR guard hook for Claude Code
-  atr mcp                                  Start MCP server (stdio transport)
-  atr scaffold                             Interactive rule scaffolding
-  atr badge <package> [--data <audit.json>] [--svg] [--json]
-                                           Generate ATR Scanned badge for a package
-
-${BOLD}Options:${RESET}
-  --rules <dir>    Custom rules directory (default: bundled rules)
-  --json           Output results as JSON
-  --output <file>  Write output to file instead of stdout (convert)
-  --severity <s>   Minimum severity to report (critical|high|medium|low|informational)
-  --dry-run        Log actions without executing (guard mode)
-  --fail-open      Default to allow on errors (guard mode, default: true)
-  --timeout <ms>   Evaluation timeout in ms (guard mode, default: 5000)
-  --global         Write hook to ~/.claude/settings.json instead of project (init)
-  --help           Show this help message
-
-${BOLD}Examples:${RESET}
-  ${DIM}# Scan agent events for threats${RESET}
-  atr scan events.json
-
-  ${DIM}# Validate a custom rule${RESET}
-  atr validate my-rules/custom-rule.yaml
-
-  ${DIM}# Test all rules against their embedded test cases${RESET}
-  atr test rules/
-
-  ${DIM}# Show stats for bundled rules${RESET}
-  atr stats
-
-  ${DIM}# One-command Claude Code hook setup${RESET}
-  atr init
-
-  ${DIM}# Run as a Claude Code guard hook${RESET}
-  atr guard --rules ./my-rules
-
-  ${DIM}# Start MCP server for AI agent integration${RESET}
-  atr mcp
-
-  ${DIM}# Convert all rules to Splunk SPL${RESET}
-  atr convert splunk --output splunk-queries.txt
-
-  ${DIM}# Convert all rules to Elasticsearch Query DSL${RESET}
-  atr convert elastic --json --output elastic-queries.json
-
-  ${DIM}# Interactively scaffold a new rule${RESET}
-  atr scaffold
-`);
-}
-function parseArgs(argv) {
-    const args = argv.slice(2);
-    const command = args[0] ?? 'help';
-    const options = {};
-    let target = '';
-    for (let i = 1; i < args.length; i++) {
-        if (args[i].startsWith('--')) {
-            const key = args[i].slice(2);
-            if (key === 'json' || key === 'help' || key === 'dry-run' || key === 'fail-open' || key === 'global' || key === 'svg') {
-                options[key] = 'true';
-            }
-            else {
-                options[key] = args[++i] ?? '';
-            }
-        }
-        else if (!target) {
-            target = args[i];
-        }
-    }
-    return { command, target, options };
-}
-// --- SCAN command ---
-async function cmdScan(target, options) {
-    if (!target) {
-        console.error(`${RED}Error: Missing events file. Usage: atr scan <events.json>${RESET}`);
-        process.exit(1);
-    }
-    const eventsPath = resolve(target);
-    if (!existsSync(eventsPath)) {
-        console.error(`${RED}Error: File not found: ${eventsPath}${RESET}`);
-        process.exit(1);
-    }
-    const rulesDir = options['rules'] ? resolve(options['rules']) : RULES_DIR;
-    const minSeverity = options['severity'] ?? 'informational';
-    const jsonOutput = options['json'] === 'true';
-    const raw = readFileSync(eventsPath, 'utf-8');
-    let events;
-    try {
-        const parsed = JSON.parse(raw);
-        events = Array.isArray(parsed) ? parsed : [parsed];
-    }
-    catch {
-        console.error(`${RED}Error: Invalid JSON in ${eventsPath}${RESET}`);
-        process.exit(1);
-    }
-    const engine = new ATREngine({ rulesDir });
-    await engine.loadRules();
-    const severityOrder = ['informational', 'low', 'medium', 'high', 'critical'];
-    const minIdx = severityOrder.indexOf(minSeverity);
-    const allMatches = [];
-    let totalThreats = 0;
-    for (const event of events) {
-        const matches = engine.evaluate(event)
-            .filter(m => severityOrder.indexOf(m.rule.severity) >= minIdx);
-        if (matches.length > 0) {
-            allMatches.push({ event, matches });
-            totalThreats += matches.length;
-        }
-    }
-    if (jsonOutput) {
-        console.log(JSON.stringify({
-            eventsScanned: events.length,
-            threatsDetected: totalThreats,
-            rulesLoaded: engine.getRuleCount(),
-            results: allMatches.map(({ event, matches }) => ({
-                event: { type: event.type, timestamp: event.timestamp, contentPreview: event.content.slice(0, 100) },
-                matches: matches.map(m => ({
-                    ruleId: m.rule.id,
-                    title: m.rule.title,
-                    severity: m.rule.severity,
-                    confidence: m.confidence,
-                    matchedConditions: m.matchedConditions,
-                })),
-            })),
-        }, null, 2));
-        return;
-    }
-    console.log(`\n${BOLD}ATR Scan Results${RESET}`);
-    console.log(`${DIM}${'─'.repeat(60)}${RESET}`);
-    console.log(`  Events scanned:  ${events.length}`);
-    console.log(`  Rules loaded:    ${engine.getRuleCount()}`);
-    console.log(`  Threats found:   ${totalThreats > 0 ? RED + totalThreats + RESET : GREEN + '0' + RESET}`);
-    console.log(`${DIM}${'─'.repeat(60)}${RESET}`);
-    console.log(`${DIM}  Open source (MIT). Star: https://github.com/anthropic-security/agent-threat-rules${RESET}`);
-    console.log('');
-    if (totalThreats === 0) {
-        console.log(`${GREEN}No threats detected.${RESET}\n`);
-        return;
-    }
-    for (const { event, matches } of allMatches) {
-        const preview = event.content.slice(0, 80).replace(/\n/g, ' ');
-        console.log(`  ${DIM}Event: [${event.type}] "${preview}..."${RESET}`);
-        for (const m of matches) {
-            const color = SEVERITY_COLORS[m.rule.severity] ?? '';
-            console.log(`    ${color}${m.rule.severity.toUpperCase().padEnd(13)}${RESET} ${m.rule.id} - ${m.rule.title}`);
-            console.log(`    ${DIM}Confidence: ${(m.confidence * 100).toFixed(0)}% | Conditions: ${m.matchedConditions.join(', ')}${RESET}`);
-        }
-        console.log('');
-    }
-}
-// --- VALIDATE command ---
-function cmdValidate(target, options) {
-    if (!target) {
-        console.error(`${RED}Error: Missing rule file/directory. Usage: atr validate <rule.yaml|dir>${RESET}`);
-        process.exit(1);
-    }
-    const targetPath = resolve(target);
-    if (!existsSync(targetPath)) {
-        console.error(`${RED}Error: Not found: ${targetPath}${RESET}`);
-        process.exit(1);
-    }
-    const jsonOutput = options['json'] === 'true';
-    const files = [];
-    if (statSync(targetPath).isDirectory()) {
-        collectYamlFiles(targetPath, files);
-    }
-    else {
-        files.push(targetPath);
-    }
-    let passed = 0;
-    let failed = 0;
-    const results = [];
-    for (const file of files) {
-        try {
-            const rule = loadRuleFile(file);
-            const result = validateRule(rule);
-            results.push({ file, valid: result.valid, errors: result.errors });
-            if (result.valid) {
-                passed++;
-            }
-            else {
-                failed++;
-            }
-        }
-        catch (e) {
-            const msg = e instanceof Error ? e.message : String(e);
-            results.push({ file, valid: false, errors: [msg] });
-            failed++;
-        }
-    }
-    if (jsonOutput) {
-        console.log(JSON.stringify({ total: files.length, passed, failed, results }, null, 2));
-        return;
-    }
-    console.log(`\n${BOLD}ATR Rule Validation${RESET}`);
-    console.log(`${DIM}${'─'.repeat(60)}${RESET}`);
-    for (const r of results) {
-        const icon = r.valid ? `${GREEN}PASS${RESET}` : `${RED}FAIL${RESET}`;
-        const shortPath = r.file.replace(process.cwd() + '/', '');
-        console.log(`  ${icon}  ${shortPath}`);
-        if (!r.valid) {
-            for (const err of r.errors) {
-                console.log(`       ${RED}${err}${RESET}`);
-            }
-        }
-    }
-    console.log(`${DIM}${'─'.repeat(60)}${RESET}`);
-    console.log(`  ${GREEN}${passed} passed${RESET}  ${failed > 0 ? RED + failed + ' failed' + RESET : ''}\n`);
-    if (failed > 0)
-        process.exit(1);
-}
-function collectYamlFiles(dir, out) {
-    const entries = readdirSync(dir);
-    for (const entry of entries) {
-        const full = join(dir, entry);
-        if (statSync(full).isDirectory()) {
-            collectYamlFiles(full, out);
-        }
-        else if (full.endsWith('.yaml') || full.endsWith('.yml')) {
-            out.push(full);
-        }
-    }
-}
-// --- TEST command ---
-async function cmdTest(target, options) {
-    if (!target) {
-        // Default: test bundled rules
-        target = RULES_DIR;
-    }
-    const targetPath = resolve(target);
-    if (!existsSync(targetPath)) {
-        console.error(`${RED}Error: Not found: ${targetPath}${RESET}`);
-        process.exit(1);
-    }
-    const jsonOutput = options['json'] === 'true';
-    const rules = [];
-    if (statSync(targetPath).isDirectory()) {
-        rules.push(...loadRulesFromDirectory(targetPath));
-    }
-    else {
-        rules.push(loadRuleFile(targetPath));
-    }
-    let totalTests = 0;
-    let passed = 0;
-    let failed = 0;
-    const failures = [];
-    // Map extended agent_source types to basic event-compatible source types
-    // so the engine's source type filter doesn't skip rules during testing.
-    // The engine only recognizes: llm_io, tool_call, mcp_exchange, agent_behavior, multi_agent_comm
-    const EXTENDED_SOURCE_TO_BASE = {
-        context_window: 'llm_io',
-        memory_access: 'llm_io',
-        skill_lifecycle: 'tool_call',
-        skill_permission: 'tool_call',
-        skill_chain: 'tool_call',
-    };
-    for (const rule of rules) {
-        if (!rule.test_cases)
-            continue;
-        // For testing, normalize extended source types so the engine doesn't filter them out
-        const originalSourceType = rule.agent_source?.type;
-        const baseSourceType = EXTENDED_SOURCE_TO_BASE[originalSourceType ?? ''];
-        // Override status so draft/deprecated rules are not skipped during testing
-        const testRule = {
-            ...rule,
-            status: 'experimental',
-            ...(baseSourceType
-                ? { agent_source: { ...rule.agent_source, type: baseSourceType } }
-                : {}),
-        };
-        const engine = new ATREngine({ rules: [testRule] });
-        await engine.loadRules();
-        const tp = rule.test_cases.true_positives ?? [];
-        const tn = rule.test_cases.true_negatives ?? [];
-        for (const tc of tp) {
-            totalTests++;
-            const event = buildEventFromTestCase(tc, rule);
-            const matches = engine.evaluate(event);
-            const triggered = matches.some(m => m.rule.id === rule.id);
-            if (triggered) {
-                passed++;
-            }
-            else {
-                failed++;
-                failures.push({
-                    ruleId: rule.id,
-                    testType: 'true_positive',
-                    input: String(tc.input ?? tc.tool_response ?? tc.agent_output ?? '').slice(0, 100),
-                    expected: 'triggered',
-                    got: 'not_triggered',
-                });
-            }
-        }
-        for (const tc of tn) {
-            totalTests++;
-            const event = buildEventFromTestCase(tc, rule);
-            const matches = engine.evaluate(event);
-            const triggered = matches.some(m => m.rule.id === rule.id);
-            if (!triggered) {
-                passed++;
-            }
-            else {
-                failed++;
-                failures.push({
-                    ruleId: rule.id,
-                    testType: 'true_negative',
-                    input: String(tc.input ?? tc.tool_response ?? tc.agent_output ?? '').slice(0, 100),
-                    expected: 'not_triggered',
-                    got: 'triggered',
-                });
-            }
-        }
-    }
-    if (jsonOutput) {
-        console.log(JSON.stringify({ totalRules: rules.length, totalTests, passed, failed, failures }, null, 2));
-        return;
-    }
-    console.log(`\n${BOLD}ATR Test Runner${RESET}`);
-    console.log(`${DIM}${'─'.repeat(60)}${RESET}`);
-    console.log(`  Rules tested:    ${rules.length}`);
-    console.log(`  Test cases:      ${totalTests}`);
-    console.log(`  ${GREEN}Passed:${RESET}          ${passed}`);
-    if (failed > 0) {
-        console.log(`  ${RED}Failed:${RESET}          ${failed}`);
-    }
-    console.log(`${DIM}${'─'.repeat(60)}${RESET}`);
-    if (failures.length > 0) {
-        console.log(`\n${RED}Failures:${RESET}\n`);
-        for (const f of failures) {
-            console.log(`  ${RED}FAIL${RESET} ${f.ruleId} [${f.testType}]`);
-            console.log(`    ${DIM}Input: "${f.input}..."${RESET}`);
-            console.log(`    Expected: ${f.expected}, Got: ${f.got}\n`);
-        }
-        process.exit(1);
-    }
-    else {
-        console.log(`\n${GREEN}All tests passed.${RESET}\n`);
-    }
-}
-function buildEventFromTestCase(tc, rule) {
-    // Stringify any object values
-    const str = (v) => {
-        if (v === undefined || v === null)
-            return '';
-        if (typeof v === 'string')
-            return v;
-        return JSON.stringify(v);
-    };
-    // Extract fields, handling multiple test case formats:
-    // Object-style: input: { tool_name: "...", tool_args: "...", response: "..." }
-    // Flat-style: input: "...", tool_response: "...", tool_name: "..."
-    // Tool-call-style: tool_call: { name: "...", args: "..." }
-    const rawInput = tc['input'];
-    let input = '';
-    let toolName = str(tc['tool_name']);
-    let toolArgs = str(tc['tool_args']);
-    let toolResponse = str(tc['tool_response']);
-    const agentOutput = str(tc['agent_output']);
-    const toolDescription = str(tc['tool_description']);
-    const rawContent = str(tc['content']);
-    // Handle tool_call: { name, args } format (used by tool_call rules like ATR-2026-098)
-    const rawToolCall = tc['tool_call'];
-    if (rawToolCall !== null && rawToolCall !== undefined && typeof rawToolCall === 'object' && !Array.isArray(rawToolCall)) {
-        const tcObj = rawToolCall;
-        if (tcObj['name'] && !toolName)
-            toolName = str(tcObj['name']);
-        if (tcObj['args'] && !toolArgs)
-            toolArgs = str(tcObj['args']);
-    }
-    if (rawInput !== null && rawInput !== undefined && typeof rawInput === 'object' && !Array.isArray(rawInput)) {
-        const inputObj = rawInput;
-        if (inputObj['tool_name'] && !toolName)
-            toolName = str(inputObj['tool_name']);
-        if (inputObj['tool_args'] && !toolArgs)
-            toolArgs = str(inputObj['tool_args']);
-        // Handle 'response' as alias for 'tool_response' (used in ATR-065 etc.)
-        if (inputObj['response'] && !toolResponse)
-            toolResponse = str(inputObj['response']);
-        if (inputObj['tool_response'] && !toolResponse)
-            toolResponse = str(inputObj['tool_response']);
-        // For object inputs, use tool_args as the primary string input.
-        // If no tool_args, only use JSON-stringified input as fallback when there's
-        // no other meaningful field (tool_response/response) extracted.
-        if (toolArgs) {
-            input = toolArgs;
-        }
-        else if (!toolResponse) {
-            input = str(rawInput);
-        }
-    }
-    else {
-        input = str(rawInput);
-    }
-    // Infer event type from rule's agent_source and test case structure
-    const sourceType = rule.agent_source?.type ?? 'llm_io';
-    const SOURCE_TO_EVENT = {
-        llm_io: 'llm_input',
-        tool_call: 'tool_call',
-        mcp_exchange: 'tool_response',
-        agent_behavior: 'agent_behavior',
-        multi_agent_comm: 'multi_agent_message',
-        context_window: 'llm_input',
-        memory_access: 'llm_input',
-        skill_lifecycle: 'tool_call',
-        skill_permission: 'tool_call',
-        skill_chain: 'tool_call',
-    };
-    let type = SOURCE_TO_EVENT[sourceType] ?? 'llm_input';
-    // If rule expects tool_call but test case has only plain text input
-    // (no tool_name, tool_args, or tool_response), use llm_input event type
-    // since the content is natural language, not a tool invocation.
-    // This prevents the engine's tool_name fallback from treating text as a tool name.
-    if (type === 'tool_call' && !toolName && !toolArgs && !toolResponse && !toolDescription) {
-        type = 'llm_input';
-    }
-    // Determine the primary content based on what the rule conditions check
-    // Problem 2 & 3: For rules that check tool_response, the tool_response
-    // should be the primary content when the event type resolves tool_response from content
-    let content;
-    if (toolResponse && type === 'tool_response') {
-        // If event type is tool_response, engine resolves field:tool_response from event.content
-        content = toolResponse;
-    }
-    else {
-        content = input || toolDescription || rawContent || toolResponse || agentOutput || '';
-    }
-    const fields = {};
-    // Populate ALL known field aliases so the engine can resolve any field name
-    if (input)
-        fields['user_input'] = input;
-    if (toolResponse)
-        fields['tool_response'] = toolResponse;
-    if (agentOutput)
-        fields['agent_output'] = agentOutput;
-    if (toolDescription)
-        fields['tool_description'] = toolDescription;
-    // Always set tool_name (even empty) to prevent engine fallback
-    // from using event.content as tool_name for tool_call events
-    fields['tool_name'] = toolName;
-    if (toolArgs)
-        fields['tool_args'] = toolArgs;
-    // For content-based rules, set content and agent_message fields
-    fields['content'] = content;
-    fields['agent_message'] = content;
-    return {
-        type,
-        timestamp: new Date().toISOString(),
-        content,
-        fields,
-        sessionId: 'test-session',
-        agentId: 'test-agent',
-    };
-}
-// --- STATS command ---
-function cmdStats(options) {
-    const rulesDir = options['rules'] ? resolve(options['rules']) : RULES_DIR;
-    const jsonOutput = options['json'] === 'true';
-    const rules = loadRulesFromDirectory(rulesDir);
-    const byCategory = {};
-    const bySeverity = {};
-    const byMaturity = {};
-    const byTier = {};
-    let totalTP = 0;
-    let totalTN = 0;
-    let totalEvasion = 0;
-    let withCVE = 0;
-    for (const rule of rules) {
-        const cat = rule.tags?.category ?? 'unknown';
-        byCategory[cat] = (byCategory[cat] ?? 0) + 1;
-        bySeverity[rule.severity] = (bySeverity[rule.severity] ?? 0) + 1;
-        const maturity = rule.maturity ?? 'experimental';
-        byMaturity[maturity] = (byMaturity[maturity] ?? 0) + 1;
-        const tier = rule.detection_tier ?? 'pattern';
-        byTier[tier] = (byTier[tier] ?? 0) + 1;
-        if (rule.test_cases) {
-            totalTP += rule.test_cases.true_positives?.length ?? 0;
-            totalTN += rule.test_cases.true_negatives?.length ?? 0;
-        }
-        const evasion = rule['evasion_tests'];
-        if (Array.isArray(evasion))
-            totalEvasion += evasion.length;
-        if (rule.references?.cve && rule.references.cve.length > 0)
-            withCVE++;
-    }
-    if (jsonOutput) {
-        console.log(JSON.stringify({
-            totalRules: rules.length,
-            byCategory, bySeverity, byMaturity, byTier,
-            testCases: { truePositives: totalTP, trueNegatives: totalTN, evasionTests: totalEvasion },
-            rulesWithCVE: withCVE,
-        }, null, 2));
-        return;
-    }
-    console.log(`\n${BOLD}ATR Rule Collection Statistics${RESET}`);
-    console.log(`${DIM}${'─'.repeat(60)}${RESET}`);
-    console.log(`  Total rules:     ${rules.length}`);
-    console.log(`  True positives:  ${totalTP}`);
-    console.log(`  True negatives:  ${totalTN}`);
-    console.log(`  Evasion tests:   ${totalEvasion}`);
-    console.log(`  Rules with CVE:  ${withCVE}`);
-    console.log(`\n  ${BOLD}By Category:${RESET}`);
-    for (const [cat, count] of Object.entries(byCategory).sort((a, b) => b[1] - a[1])) {
-        console.log(`    ${cat.padEnd(24)} ${count}`);
-    }
-    console.log(`\n  ${BOLD}By Severity:${RESET}`);
-    for (const sev of ['critical', 'high', 'medium', 'low', 'informational']) {
-        if (bySeverity[sev]) {
-            const color = SEVERITY_COLORS[sev] ?? '';
-            console.log(`    ${color}${sev.padEnd(24)}${RESET} ${bySeverity[sev]}`);
-        }
-    }
-    console.log(`\n  ${BOLD}By Maturity:${RESET}`);
-    for (const [mat, count] of Object.entries(byMaturity).sort((a, b) => b[1] - a[1])) {
-        console.log(`    ${mat.padEnd(24)} ${count}`);
-    }
-    console.log(`\n  ${BOLD}By Detection Tier:${RESET}`);
-    for (const [tier, count] of Object.entries(byTier).sort((a, b) => b[1] - a[1])) {
-        console.log(`    ${tier.padEnd(24)} ${count}`);
-    }
-    console.log('');
-}
-// --- GUARD command ---
-async function cmdGuard(options) {
-    const rulesDir = options['rules'] ? resolve(options['rules']) : RULES_DIR;
-    const dryRun = options['dry-run'] === 'true';
-    const failOpen = options['fail-open'] !== 'false';
-    const parsedTimeout = options['timeout'] ? parseInt(options['timeout'], 10) : 5000;
-    const timeoutMs = (Number.isFinite(parsedTimeout) && parsedTimeout > 0) ? parsedTimeout : 5000;
-    const { ActionExecutor } = await import('./action-executor.js');
-    const { StdioAdapter } = await import('./adapters/stdio-adapter.js');
-    const { HookHandler } = await import('./hook-handler.js');
-    const engine = new ATREngine({ rulesDir });
-    const ruleCount = await engine.loadRules();
-    const adapter = new StdioAdapter();
-    const executor = new ActionExecutor({ adapter, dryRun });
-    const handler = new HookHandler({ engine, executor, timeoutMs, failOpen });
-    process.stderr.write(`[atr-guard] Loaded ${ruleCount} rules from ${rulesDir}` +
-        `${dryRun ? ' (dry-run)' : ''}\n`);
-    await handler.startStdioLoop();
-}
-// --- MCP command ---
-async function cmdMcp() {
-    const { startMCPServer } = await import('./mcp-server.js');
-    await startMCPServer();
-}
-// --- SCAFFOLD command ---
-async function cmdScaffold() {
-    const { createInterface } = await import('node:readline');
-    const { RuleScaffolder } = await import('./rule-scaffolder.js');
-    const rl = createInterface({ input: process.stdin, output: process.stdout });
-    const ask = (question) => new Promise((resolve) => rl.question(question, resolve));
-    console.log(`\n${BOLD}ATR Rule Scaffolder${RESET}`);
-    console.log(`${DIM}Generate a draft ATR detection rule interactively.${RESET}\n`);
-    const title = await ask('Rule title: ');
-    if (!title.trim()) {
-        console.error(`${RED}Error: Title is required.${RESET}`);
-        rl.close();
-        process.exit(1);
-    }
-    const categories = [
-        'prompt-injection', 'tool-poisoning', 'context-exfiltration',
-        'agent-manipulation', 'privilege-escalation', 'excessive-autonomy',
-        'data-poisoning', 'model-abuse', 'skill-compromise',
-    ];
-    console.log(`\nCategories: ${categories.join(', ')}`);
-    const category = await ask('Category: ');
-    if (!categories.includes(category.trim())) {
-        console.error(`${RED}Error: Invalid category.${RESET}`);
-        rl.close();
-        process.exit(1);
-    }
-    const attackDescription = await ask('Attack description: ');
-    if (!attackDescription.trim()) {
-        console.error(`${RED}Error: Description is required.${RESET}`);
-        rl.close();
-        process.exit(1);
-    }
-    console.log('\nEnter example payloads (one per line, empty line to finish):');
-    const payloads = [];
-    while (true) {
-        const payload = await ask(`  Payload ${payloads.length + 1}: `);
-        if (!payload.trim())
-            break;
-        payloads.push(payload.trim());
-    }
-    if (payloads.length === 0) {
-        console.error(`${RED}Error: At least one example payload is required.${RESET}`);
-        rl.close();
-        process.exit(1);
-    }
-    const severities = ['critical', 'high', 'medium', 'low', 'informational'];
-    const severity = await ask(`Severity [${severities.join('/')}] (default: medium): `);
-    const finalSeverity = severity.trim() && severities.includes(severity.trim())
-        ? severity.trim()
-        : 'medium';
-    rl.close();
-    const scaffolder = new RuleScaffolder();
-    const result = scaffolder.scaffold({
-        title: title.trim(),
-        category: category.trim(),
-        attackDescription: attackDescription.trim(),
-        examplePayloads: payloads,
-        severity: finalSeverity,
-    });
-    console.log(`\n${GREEN}Generated rule ${result.id}:${RESET}\n`);
-    console.log(`${DIM}${'─'.repeat(60)}${RESET}`);
-    console.log(result.yaml);
-    console.log(`${DIM}${'─'.repeat(60)}${RESET}`);
-    if (result.warnings.length > 0) {
-        console.log(`\n${BOLD}Warnings:${RESET}`);
-        for (const w of result.warnings) {
-            console.log(`  - ${w}`);
-        }
-    }
-    console.log(`\n${DIM}Copy this YAML to a .yaml file in rules/${category.trim()}/ and validate with: atr validate <file>${RESET}\n`);
-}
-// --- INIT command ---
-function cmdInit(options) {
-    const isGlobal = options['global'] === 'true';
-    const cwd = process.cwd();
-    // Detect Claude Code project (unless --global)
-    if (!isGlobal) {
-        const hasClaudeDir = existsSync(join(cwd, '.claude'));
-        const hasClaudeMd = existsSync(join(cwd, 'CLAUDE.md'));
-        if (!hasClaudeDir && !hasClaudeMd) {
-            console.error(`${RED}Error: Not a Claude Code project (no .claude/ directory or CLAUDE.md found).${RESET}\n` +
-                `Run this command from your project root, or use ${BOLD}atr init --global${RESET} to configure globally.`);
-            process.exit(1);
-        }
-    }
-    const hookEntry = {
-        // Empty matcher means "match all tools" in Claude Code hooks —
-        // this is intentional so every tool call is scanned against ATR rules.
-        matcher: '',
-        command: 'npx agent-threat-rules guard',
-    };
-    // Determine target settings file
-    const settingsPath = isGlobal
-        ? join(homedir(), '.claude', 'settings.json')
-        : join(cwd, '.claude', 'settings.local.json');
-    // Ensure parent directory exists
-    const settingsDir = dirname(settingsPath);
-    if (!existsSync(settingsDir)) {
-        mkdirSync(settingsDir, { recursive: true });
-    }
-    // Read existing settings or start fresh
-    let settings = {};
-    if (existsSync(settingsPath)) {
-        let raw;
-        try {
-            raw = readFileSync(settingsPath, 'utf-8');
-        }
-        catch (e) {
-            const code = e.code;
-            console.error(`${RED}Error: Cannot read ${settingsPath} (${code ?? 'permission denied'}). Check file permissions.${RESET}`);
-            process.exit(1);
-        }
-        try {
-            settings = JSON.parse(raw);
-        }
-        catch {
-            console.error(`${RED}Error: Invalid JSON in ${settingsPath}. Fix the syntax manually or delete it and retry.${RESET}`);
-            process.exit(1);
-        }
-    }
-    // Navigate into hooks.PreToolUse, creating structure as needed
-    if (!settings['hooks'] || typeof settings['hooks'] !== 'object') {
-        settings['hooks'] = {};
-    }
-    const hooks = settings['hooks'];
-    if (!Array.isArray(hooks['PreToolUse'])) {
-        hooks['PreToolUse'] = [];
-    }
-    const preToolUse = hooks['PreToolUse'];
-    // Check if hook is already configured (validate each element is an object before accessing .command)
-    const alreadyConfigured = preToolUse.some((entry) => typeof entry === 'object' &&
-        entry !== null &&
-        !Array.isArray(entry) &&
-        entry['command'] === hookEntry.command);
-    if (alreadyConfigured) {
-        console.log(`${GREEN}ATR guard hook already configured${RESET} in ${settingsPath}`);
-        return;
-    }
-    // Add the hook entry
-    preToolUse.push(hookEntry);
-    // Write back
-    writeFileSync(settingsPath, JSON.stringify(settings, null, 2) + '\n', 'utf-8');
-    const relPath = settingsPath.startsWith(cwd + sep)
-        ? settingsPath.slice(cwd.length + 1)
-        : settingsPath;
-    console.log(`\n${GREEN}ATR guard hook configured successfully.${RESET}\n`);
-    console.log(`  File: ${relPath}`);
-    console.log(`  Hook: PreToolUse -> npx agent-threat-rules guard\n`);
-    console.log(`${DIM}Every tool call Claude Code makes will now be scanned against ATR`);
-    console.log(`threat detection rules before execution. Suspicious actions will be`);
-    console.log(`flagged with severity and recommendation.${RESET}\n`);
-}
-// --- CONVERT command ---
-async function cmdConvert(target, options) {
-    const validFormats = ['splunk', 'elastic'];
-    if (!target || !validFormats.includes(target)) {
-        console.error(`${RED}Error: Specify format: atr convert <splunk|elastic>${RESET}`);
-        process.exit(1);
-    }
-    const format = target;
-    const rulesDir = options['rules'] ? resolve(options['rules']) : RULES_DIR;
-    const outputFile = options['output'];
-    const jsonOutput = options['json'] === 'true';
-    const { convertAllRules } = await import('./converters/index.js');
-    const results = convertAllRules(rulesDir, format);
-    if (results.length === 0) {
-        console.error(`${RED}Error: No rules found in ${rulesDir}${RESET}`);
-        process.exit(1);
-    }
-    let output;
-    if (jsonOutput) {
-        output = JSON.stringify(results, null, 2);
-    }
-    else if (format === 'elastic') {
-        // For Elastic, JSON output is the natural format
-        output = JSON.stringify(results.map(r => JSON.parse(r.query)), null, 2);
-    }
-    else {
-        // For Splunk, emit each query separated by blank lines
-        output = results.map(r => r.query).join('\n\n' + '='.repeat(80) + '\n\n');
-    }
-    if (outputFile) {
-        writeFileSync(resolve(outputFile), output, 'utf-8');
-        console.log(`${GREEN}Converted ${results.length} rules to ${format} format.${RESET}`);
-        console.log(`  Output: ${resolve(outputFile)}`);
-    }
-    else {
-        console.log(output);
-    }
-}
-// --- Badge command ---
-function cmdBadge(target, options) {
-    if (!target) {
-        console.error(`${RED}Usage: atr badge <package-name> [--data <audit.json>] [--svg] [--json]${RESET}`);
-        process.exit(1);
-    }
-    // Find audit data
-    const dataPath = typeof options['data'] === 'string'
-        ? resolve(options['data'])
-        : resolve(__dirname, '..', 'data', 'audit-v3-full.json');
-    const altDataPath = resolve(__dirname, '..', 'data', 'audit-v3-sample.json');
-    let summary = null;
-    if (existsSync(dataPath)) {
-        summary = lookupPackageScan(dataPath, target);
-    }
-    if (!summary && existsSync(altDataPath)) {
-        summary = lookupPackageScan(altDataPath, target);
-    }
-    const outputSvg = options['svg'] === 'true';
-    const outputJson = options['json'] === 'true';
-    if (outputSvg) {
-        console.log(generateBadgeSvg(summary));
-        return;
-    }
-    if (outputJson) {
-        console.log(JSON.stringify(generateBadgeEndpoint(summary), null, 2));
-        return;
-    }
-    // Default: human-readable output
-    const endpoint = generateBadgeEndpoint(summary);
-    console.log(`\n${BOLD}ATR Badge: ${target}${RESET}`);
-    console.log(`${'─'.repeat(50)}`);
-    if (summary) {
-        const colorMap = {
-            '#2ea44f': GREEN,
-            '#dfb317': '\x1b[33m',
-            '#e05d44': RED,
-            '#9f9f9f': DIM,
-        };
-        const termColor = colorMap[endpoint.color] ?? '';
-        console.log(`  Status:    ${termColor}${endpoint.message}${RESET}`);
-        console.log(`  Package:   ${summary.packageName}@${summary.version ?? 'unknown'}`);
-        console.log(`  Risk:      ${summary.riskLevel} (score: ${summary.riskScore})`);
-        console.log(`  Findings:  critical=${summary.findings.critical} high=${summary.findings.high} medium=${summary.findings.medium} low=${summary.findings.low}`);
-        if (summary.scannedAt) {
-            console.log(`  Scanned:   ${summary.scannedAt}`);
-        }
-    }
-    else {
-        console.log(`  ${DIM}No scan data found for "${target}"${RESET}`);
-        console.log(`  ${DIM}Run: atr badge ${target} --data <audit-results.json>${RESET}`);
-    }
-    console.log(`\n${BOLD}Embed:${RESET}`);
-    console.log(`  ${DIM}Markdown:${RESET}  ${generateBadgeMarkdown(target)}`);
-    console.log(`  ${DIM}SVG:${RESET}       atr badge ${target} --svg > badge.svg`);
-    console.log(`  ${DIM}JSON:${RESET}      atr badge ${target} --json`);
-    console.log();
-}
-// --- Main ---
-async function main() {
-    const { command, target, options } = parseArgs(process.argv);
-    if (command === 'help' || command === '--help' || command === '-h' || options['help']) {
-        printUsage();
-        return;
-    }
-    if (command === 'version' || command === '--version' || command === '-v') {
-        const pkgPath = resolve(__dirname, '..', 'package.json');
-        const pkg = JSON.parse(readFileSync(pkgPath, 'utf-8'));
-        console.log(pkg.version);
-        return;
-    }
-    switch (command) {
-        case 'scan':
-            await cmdScan(target, options);
-            break;
-        case 'validate':
-            cmdValidate(target, options);
-            break;
-        case 'test':
-            await cmdTest(target, options);
-            break;
-        case 'stats':
-            cmdStats(options);
-            break;
-        case 'convert':
-            await cmdConvert(target, options);
-            break;
-        case 'guard':
-            await cmdGuard(options);
-            break;
-        case 'init':
-            cmdInit(options);
-            break;
-        case 'mcp':
-            await cmdMcp();
-            break;
-        case 'scaffold':
-            await cmdScaffold();
-            break;
-        case 'badge':
-            cmdBadge(target, options);
-            break;
-        default:
-            console.error(`${RED}Unknown command: ${command}${RESET}`);
-            printUsage();
-            process.exit(1);
-    }
-}
-main().catch(err => {
-    console.error(`${RED}Error: ${err instanceof Error ? err.message : String(err)}${RESET}`);
-    process.exit(1);
-});
-//# sourceMappingURL=cli.js.map