agent-threat-rules 0.4.0 → 1.0.1

package/README.md

@@ -9,10 +9,11 @@ AI Agent 威脅偵測規則 -- 開源、社群驅動
 <br />
 
 [![License](https://img.shields.io/badge/license-MIT-brightgreen?style=flat-square)](LICENSE)
-[![Rules](https://img.shields.io/badge/rules-61-blue?style=flat-square)](#what-atr-detects)
-[![Tests](https://img.shields.io/badge/tests-257_passing-green?style=flat-square)](#ecosystem)
+[![Rules](https://img.shields.io/badge/rules-100-blue?style=flat-square)](#what-atr-detects)
+[![Tests](https://img.shields.io/badge/tests-278_passing-green?style=flat-square)](#ecosystem)
 [![PINT Recall](https://img.shields.io/badge/PINT_recall-62.7%25-green?style=flat-square)](#evaluation)
-[![Status](https://img.shields.io/badge/status-v0.3.1-yellow?style=flat-square)](#roadmap)
+[![OWASP](https://img.shields.io/badge/OWASP_Agentic_Top_10-10%2F10-brightgreen?style=flat-square)](#standards-coverage)
+[![Status](https://img.shields.io/badge/status-v1.0.0-brightgreen?style=flat-square)](#roadmap)
 
 </div>
 
@@ -22,38 +23,86 @@ AI assistants (ChatGPT, Claude, Copilot) now browse the web, run code, and use e
 
 AI 助理現在可以瀏覽網頁、執行程式碼、使用外部工具。攻擊者可以欺騙它們洩漏資料、執行惡意指令、繞過安全限制。**ATR 是一套開放的偵測規則，專門識別這些攻擊 -- 像防毒軟體的病毒碼，但對象是 AI Agent。**
 
-```bash
-# Quick install (macOS / Linux)
-curl -fsSL https://raw.githubusercontent.com/Agent-Threat-Rule/agent-threat-rules/main/scripts/install.sh | sh
+### Where ATR fits in the AI agent security stack
+
+| Layer | What it does | Project |
+|-------|-------------|---------|
+| **Standards** | Define threat categories | [SAFE-MCP](https://openssf.org/) (OpenSSF, $12.5M) |
+| **Taxonomy** | Enumerate attack surfaces | [OWASP Agentic Top 10](https://genai.owasp.org/) |
+| **Detection rules** | Match threats in real time | **ATR** (this project) |
+| **Enforcement** | Block, alert, quarantine | [PanGuard](https://panguard.ai), your SIEM, your pipeline |
+
+ATR maps to **10/10 OWASP Agentic Top 10 categories** ([full mapping](docs/OWASP-MAPPING.md)) and **91.8% of SAFE-MCP techniques** ([full mapping](docs/SAFE-MCP-MAPPING.md)).
+
+### Who uses ATR
+
+| Organization | Integration | Reference |
+|---|---|---|
+| **Cisco AI Defense** | 34 ATR rules merged into official skill-scanner | [PR #79](https://github.com/cisco-ai-defense/skill-scanner/pull/79) |
+| **OWASP** | ASI01-ASI10 attack examples + detection strategies | [PR #814](https://github.com/OWASP/www-project-top-10-for-large-language-model-applications/pull/814) |
+| **OWASP Agentic AI Top 10** | Full vulnerability mapping | [PR #14](https://github.com/precize/Agentic-AI-Top10-Vulnerability/pull/14) (merged) |
+
+> ATR rules are consumed as a standard -- not a product. MIT licensed, auto-updated via npm, zero strings attached.
+
+### Ecosystem scan (53,377 skills)
+
+We scanned the two largest MCP skill registries: OpenClaw (50,285) and Skills.sh (3,115).
+
+| Metric | Number |
+|--------|--------|
+| Skills scanned | **53,377** |
+| Clean | 47,438 (88.87%) |
+| **CRITICAL** | 3,255 |
+| **HIGH** | 2,656 |
+| **MEDIUM** | 28 |
+
+Raw data: [mega-scan-report.json](data/mega-scan-report.json) / [ecosystem-report.csv](data/clawhub-scan/ecosystem-report.csv)
 
-# Or install manually
+```bash
 npm install -g agent-threat-rules
 
-atr scan events.json              # scan agent traffic for threats
-atr init                          # setup Claude Code guard hook
-atr mcp                           # start MCP server for IDE
+atr scan skill.md                 # scan a SKILL.md for threats
+atr scan mcp-config.json          # scan MCP events for threats
+atr scan skill.md --sarif         # output SARIF v2.1.0 for GitHub Security tab
+atr convert generic-regex         # export 100 rules as JSON (685 regex patterns)
+atr convert splunk                # export to Splunk SPL
+atr convert elastic               # export to Elasticsearch Query DSL
 atr stats                         # show rule collection stats
+atr mcp                           # start MCP server for IDE integration
 ```
 
+### GitHub Action (CI/CD)
+
+```yaml
+# .github/workflows/atr-scan.yml
+- uses: Agent-Threat-Rule/agent-threat-rules@v1
+  with:
+    path: '.'              # scan SKILL.md and MCP configs in repo
+    severity: 'medium'     # minimum severity to report
+    upload-sarif: 'true'   # results appear in GitHub Security tab
+```
+
+One line. Zero config. SARIF results in your Security tab.
+
 **For security professionals:** ATR is the [Sigma](https://github.com/SigmaHQ/sigma)/[YARA](https://github.com/VirusTotal/yara) equivalent for AI agent threats -- YAML-based rules with regex matching, behavioral fingerprinting, LLM-as-judge analysis, and mappings to [OWASP LLM Top 10](https://owasp.org/www-project-top-10-for-large-language-model-applications/), [OWASP Agentic Top 10](https://genai.owasp.org/resource/owasp-top-10-for-agentic-applications-for-2026/), and [MITRE ATLAS](https://atlas.mitre.org/).
 
 ---
 
 ## What ATR Detects
 
-61 rules across 9 categories, mapped to real CVEs:
+100 rules across 9 categories, mapped to real CVEs:
 
 | Category | What it catches | Rules | Real CVEs |
 |----------|----------------|-------|-----------|
-| **Prompt Injection** | "Ignore previous instructions", persona hijacking, encoded payloads, [CJK attacks](rules/prompt-injection/) | 22 | CVE-2025-53773, CVE-2025-32711 |
+| **Prompt Injection** | "Ignore previous instructions", persona hijacking, encoded payloads, CJK attacks | 22 | CVE-2025-53773, CVE-2025-32711 |
 | **Tool Poisoning** | Malicious MCP responses, consent bypass, hidden LLM instructions, schema contradictions | 11 | CVE-2025-68143/68144/68145 |
-| **Skill Compromise** | Typosquatting, description-behavior mismatch, supply chain attacks | 7 | CVE-2025-59536 |
-| **Agent Manipulation** | Cross-agent attacks, goal hijacking, Sybil consensus attacks | 6 | -- |
+| **Skill Compromise** | Typosquatting, context poisoning, subcommand overflow, rug pull, supply chain attacks | 20 | CVE-2025-59536, CVE-2026-28363 |
+| **Agent Manipulation** | Cross-agent attacks, goal hijacking, Sybil consensus attacks | 10 | -- |
 | **Excessive Autonomy** | Runaway loops, resource exhaustion, unauthorized financial actions | 5 | -- |
-| **Context Exfiltration** | API key leakage, system prompt theft, disguised analytics collection | 4 | CVE-2026-24307 |
-| **Privilege Escalation** | Scope creep, delayed execution bypass | 3 | CVE-2026-0628 |
-| **Model Security** | Behavior extraction, malicious fine-tuning data | 2 | -- |
-| **Data Poisoning** | RAG/knowledge base tampering | 1 | -- |
+| **Context Exfiltration** | API key leakage, system prompt theft, credential harvesting, env variable exfiltration | 15 | CVE-2026-24307 |
+| **Privilege Escalation** | Scope creep, delayed execution bypass, admin function access | 9 | CVE-2026-0628 |
+| **Model Security** | Behavior extraction, malicious fine-tuning data | 5 | -- |
+| **Data Poisoning** | RAG/knowledge base tampering, memory manipulation | 3 | -- |
 
 > **Limitations:** Regex catches known patterns, not paraphrased attacks. We publish [evasion tests](LIMITATIONS.md) showing what we can't catch. See [LIMITATIONS.md](LIMITATIONS.md) for honest benchmark numbers including external PINT results.
 
@@ -63,17 +112,34 @@ atr stats                         # show rule collection stats
 
 We test ATR with our own tests AND external benchmarks we've never seen before:
 
-| Benchmark | Samples | Precision | Recall | F1 |
-|-----------|---------|-----------|--------|-----|
-| Self-test (own rules' test cases) | 341 | 100% | 99.4% | 99.5% |
-| **PINT (external, adversarial)** | **850** | **99.4%** | **39.9%** | **57.0%** |
+| Benchmark | Source | Samples | Precision | Recall |
+|-----------|--------|---------|-----------|--------|
+| Self-test (own test cases) | Internal | 341 | 100% | 88.5% |
+| **PINT (adversarial)** | **Invariant Labs** | **850** | **99.6%** | **61.4%** |
+| **Garak (real-world jailbreaks)** | **NVIDIA** | **666** | -- | **69.7%** |
+| **53K ecosystem scan** | **OpenClaw + Skills.sh** | **53,377** | **99.7%** | -- |
 
 ```bash
-npm run eval        # run self-test evaluation
-npm run eval:pint   # run external PINT benchmark
+npm run eval             # run self-test evaluation
+npm run eval:pint        # run external PINT benchmark
+bash scripts/eval-garak.sh   # run NVIDIA Garak benchmark (requires: pip install garak)
 ```
 
-The gap between 99.4% and 39.9% recall is expected -- regex catches known patterns but misses paraphrases and multilingual attacks. See [LIMITATIONS.md](LIMITATIONS.md) for full analysis.
+**What the numbers mean:** ATR regex catches ~62-70% of attacks instantly (< 5ms, $0). The remaining ~30% are paraphrased/persona attacks that need LLM-layer detection. This is by design -- regex is the fast first gate, not the only gate. See [LIMITATIONS.md](LIMITATIONS.md) for full analysis.
+
+---
+
+## Standards Coverage
+
+ATR maps to established AI security frameworks so teams can go from "understand the threat" to "detect it" without building rules from scratch.
+
+| Framework | Coverage | Mapping |
+|-----------|----------|---------|
+| [OWASP Agentic Top 10](https://genai.owasp.org/resource/owasp-top-10-for-agentic-applications-for-2026/) | **10/10 categories** | [OWASP-MAPPING.md](docs/OWASP-MAPPING.md) |
+| [SAFE-MCP](https://openssf.org/) (OpenSSF) | **78/85 techniques (91.8%)** | [SAFE-MCP-MAPPING.md](docs/SAFE-MCP-MAPPING.md) |
+| [MITRE ATLAS](https://atlas.mitre.org/) | Rule-level references | Per-rule `mitre_ref` field |
+
+**Paper:** Pan, Y. (2026). *Agent Threat Rules: A Community-Driven Detection Standard for AI Agent Security Threats.* Zenodo. [doi:10.5281/zenodo.19178002](https://doi.org/10.5281/zenodo.19178002)
 
 ---
 
@@ -81,14 +147,17 @@ The gap between 99.4% and 39.9% recall is expected -- regex catches known patter
 
 | Component | Description | Status |
 |-----------|-------------|--------|
-| [TypeScript engine](src/engine.ts) | Reference engine with 5-tier detection | 341 tests passing |
-| [Eval framework](src/eval/) | Precision/recall/F1, regression gate, PINT benchmark | v0.3.1 |
+| [TypeScript engine](src/engine.ts) | Reference engine with 5-tier detection | 278 tests passing |
+| [Eval framework](src/eval/) | Precision/recall/F1, regression gate, PINT benchmark | v1.0.0 |
 | [Python engine (pyATR)](python/) | Local install only (`cd python && pip install -e .`) | 48 tests passing |
+| [GitHub Action](action.yml) | One-line CI scan with SARIF output | **New** |
+| [SARIF converter](src/converters/sarif.ts) | `atr scan --sarif` -- SARIF v2.1.0 for GitHub Security tab | **New** |
+| [Generic regex export](src/converters/generic-regex.ts) | `atr convert generic-regex` -- 685 patterns JSON for any tool | **New** |
 | [Splunk converter](src/converters/splunk.ts) | `atr convert splunk` -- ATR rules to SPL queries | Shipped |
 | [Elastic converter](src/converters/elastic.ts) | `atr convert elastic` -- ATR rules to Query DSL | Shipped |
 | [MCP server](src/mcp-server.ts) | 6 tools for Claude Code, Cursor, Windsurf | Shipped |
-| [CLI](src/cli.ts) | scan, validate, test, stats, scaffold, convert | Shipped |
-| [CI gate](.github/workflows/eval.yml) | Typecheck + test + eval + validate on every PR | v0.3.0 |
+| [CLI](src/cli.ts) | scan, validate, test, stats, scaffold, convert, badge | Shipped |
+| [CI gate](.github/workflows/eval.yml) | Typecheck + test + eval + validate on every PR | v1.0.0 |
 | Go engine | High-performance scanner for production pipelines | **Help wanted** |
 
 ---
@@ -144,13 +213,22 @@ atr test my-rule.yaml
 
 Every rule is a YAML file answering: **what** to detect, **how** to detect it, **what to do**, and **how to test it**. See [examples/how-to-write-a-rule.md](examples/how-to-write-a-rule.md) for a walkthrough, or [spec/atr-schema.yaml](spec/atr-schema.yaml) for the full schema.
 
-### Export to SIEM
+### Export rules
 
 ```bash
+# For your security platform (100 rules, 685 regex patterns as JSON)
+atr convert generic-regex --output atr-rules.json
+
+# For SIEM integration
 atr convert splunk --output atr-rules.spl
 atr convert elastic --output atr-rules.json
+
+# For GitHub / CI
+atr scan skill.md --sarif > results.sarif
 ```
 
+The generic-regex export is designed for direct consumption by any tool that supports regex matching -- Cisco AI Defense, Microsoft Agent Governance Toolkit, NemoClaw, or your custom pipeline.
+
 ---
 
 ## Contributing
@@ -169,6 +247,7 @@ Report what ATR found (or missed). **Your real-world detection report is more va
 
 | Impact | What to do | Time |
 |--------|-----------|------|
+| **Critical** | **Integrate ATR into your security tool** -- PR our rules into your platform ([generic-regex export](#export-rules) makes it easy) | 1-2 hours |
 | **Critical** | Scan your MCP skills and [report results](https://github.com/Agent-Threat-Rule/agent-threat-rules/issues) | 15 min |
 | **Critical** | [Deploy ATR](docs/deployment-guide.md) in your agent pipeline, share detection stats | 1-2 hours |
 | **High** | [Break our rules](CONTRIBUTION-GUIDE.md#5-evasion-research) -- find bypasses, report evasions | 15 min |
@@ -178,6 +257,25 @@ Report what ATR found (or missed). **Your real-world detection report is more va
 | **Medium** | Add multilingual attack phrases for your native language | 30 min |
 | **Medium** | Run `npm run eval:pint` and share your results | 5 min |
 
+### For security platform maintainers
+
+Want to integrate ATR into your product? Three options:
+
+```bash
+# Option 1: Export rules as JSON (recommended for most tools)
+atr convert generic-regex --output atr-rules.json
+# → 100 rules, 685 regex patterns, severity/category metadata
+
+# Option 2: Use the TypeScript engine directly
+npm install agent-threat-rules
+# → Full engine with evaluate() and scanSkill() APIs
+
+# Option 3: GitHub Action for CI pipelines
+# → One YAML line, SARIF output, GitHub Security tab integration
+```
+
+Cisco AI Defense integrated via Option 1 ([PR #79](https://github.com/cisco-ai-defense/skill-scanner/pull/79)). Happy to help with your integration -- [open an issue](https://github.com/Agent-Threat-Rule/agent-threat-rules/issues) or email hello@panguard.ai.
+
 ### Rule contribution workflow
 
 ```
@@ -211,36 +309,47 @@ See [CONTRIBUTING.md](CONTRIBUTING.md) for the full guide. See [CONTRIBUTION-GUI
 
 ## Roadmap: From Format to Standard
 
-```
- v0.2 (previous)          v0.3 (current)            v0.4+ (next)
- ┌─────────────────┐      ┌──────────────────┐      ┌──────────────────┐
- │ 61 rules         │  →  │ + Eval framework  │  →  │ 100+ rules       │
- │ 2 engines (TS+Py)│     │ + PINT benchmark  │     │ + Go engine      │
- │ 2 SIEM converters│     │ + CI gate         │     │ + ML classifier  │
- │ 0 ext. benchmarks│     │ + Embedding (T2.5)│     │ + 10+ deployments│
- └─────────────────┘      │ + Honest numbers  │     └──────────────────┘
-                           └──────────────────┘
-```
-
 - [x] **v0.1** -- 44 rules, TypeScript engine, OWASP mapping
 - [x] **v0.2** -- MCP server, Layer 2-3 detection, pyATR, Splunk/Elastic converters
-- [x] **v0.3** -- Eval framework, PINT benchmark, CI gate, embedding similarity, honest numbers
-- [ ] **v0.4** -- Go engine, ML classifier integration, 100+ rules
-- [ ] **v1.0** -- Requires: 2+ engines, 10+ deployments, 100+ stable rules, schema review by 3+ security teams
+- [x] **v0.3** -- Eval framework, PINT benchmark, CI gate, embedding similarity
+- [x] **v0.4** -- 71 rules, ClawHub 36K scan, SAFE-MCP 91.8%
+- [x] **v1.0** (current) -- 100 rules, 53K mega scan, GitHub Action + SARIF, generic-regex export, Cisco adoption
+- [ ] **v1.1** -- Go engine, ML classifier integration, semantic signatures, community rule submissions
+- [ ] **v2.0** -- Multi-engine standard: 2+ engines, 10+ production deployments, schema review by 3+ security teams
+
+### Strategic direction
+
+| Phase | Goal | Status |
+|-------|------|--------|
+| **Phase 0: Core product** | 100 rules, 62.7% recall, OWASP 10/10, 53K scan | **Done** |
+| **Phase 1: Distribution** | GitHub Action, SARIF, generic-regex export, ecosystem PRs | **Done** |
+| **Phase 2: Adoption** | Cisco merged (34 rules), OWASP PR, 11 ecosystem PRs | **In progress** |
+| **Phase 3: Community flywheel** | Threat Cloud crystallization, auto-generated rules, 10+ contributors | In progress |
+| **Phase 4: Standard** | Multi-vendor adoption, OpenSSF submission, schema governance | Planned |
+
+ATR uses "ATR Scanned" (not "ATR Certified") until recall exceeds 80%. We are honest about what we can and cannot detect. See [LIMITATIONS.md](LIMITATIONS.md).
 
 ---
 
 ## How It Works (Architecture)
 
 ```
-ATR (this repo)                  Your Product / Integration
-┌────────────────────┐           ┌──────────────────────────┐
-│ Rules (61 YAML)    │  match    │ Block / Allow / Alert     │
-│ Engine (TS + Py)   │ ───────→  │ SIEM (Splunk / Elastic)  │
-│ CLI / MCP / SIEM   │  results  │ Dashboard / Compliance    │
-│                    │           │ Slack / PagerDuty / Email │
-│ Detects threats    │           │ Protects systems          │
-└────────────────────┘           └──────────────────────────┘
+ATR (this repo)                        Your Product / Integration
+┌─────────────────────────┐            ┌──────────────────────────┐
+│ 100 Rules (YAML)        │   match    │ Block / Allow / Alert     │
+│ Engine (TS + Py)        │ ────────→  │ SIEM (Splunk / Elastic)  │
+│ CLI / MCP / GitHub Act. │   results  │ CI/CD (SARIF → Security) │
+│ SARIF / Generic Regex   │            │ Runtime Proxy (MCP)      │
+│ Splunk / Elastic export │            │ Dashboard / Compliance    │
+│                         │            │                          │
+│ Detects threats         │            │ Protects systems          │
+└─────────────────────────┘            └──────────────────────────┘
+
+Integration paths:
+  1. npm install   → Use engine API directly
+  2. GitHub Action → SARIF in Security tab
+  3. atr convert   → 685 patterns for any regex-capable tool
+  4. MCP server    → IDE integration (Claude, Cursor, etc.)
 ```
 
 See [INTEGRATION.md](INTEGRATION.md) for integration patterns. See [docs/deployment-guide.md](docs/deployment-guide.md) for step-by-step deployment instructions.

package/dist/badge.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"badge.d.ts","sourceRoot":"","sources":["../src/badge.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAQH,MAAM,WAAW,SAAS;IACxB,QAAQ,CAAC,aAAa,EAAE,CAAC,CAAC;IAC1B,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC;CAC3B;AAED,MAAM,MAAM,WAAW,GAAG,OAAO,GAAG,QAAQ,GAAG,UAAU,GAAG,SAAS,CAAC;AAEtE,MAAM,WAAW,WAAW;IAC1B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,QAAQ,EAAE;QACjB,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;QAC1B,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;QACtB,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;QACxB,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;KACtB,CAAC;CACH;AAiBD,wBAAgB,oBAAoB,CAAC,OAAO,EAAE,WAAW,GAAG,WAAW,CActE;AAMD,wBAAgB,qBAAqB,CAAC,OAAO,EAAE,WAAW,GAAG,IAAI,GAAG,SAAS,CA+B5E;AAeD,wBAAgB,gBAAgB,CAAC,OAAO,EAAE,WAAW,GAAG,IAAI,GAAG,MAAM,CA+BpE;AAMD,wBAAgB,iBAAiB,CAC/B,aAAa,EAAE,MAAM,EACrB,WAAW,EAAE,MAAM,GAClB,WAAW,GAAG,IAAI,CA6BpB;AAMD,wBAAgB,qBAAqB,CACnC,WAAW,EAAE,MAAM,EACnB,OAAO,GAAE,MAAkE,GAC1E,MAAM,CAIR"}
+{"version":3,"file":"badge.d.ts","sourceRoot":"","sources":["../src/badge.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAQH,MAAM,WAAW,SAAS;IACxB,QAAQ,CAAC,aAAa,EAAE,CAAC,CAAC;IAC1B,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC;CAC3B;AAED,MAAM,MAAM,WAAW,GAAG,OAAO,GAAG,QAAQ,GAAG,UAAU,GAAG,SAAS,CAAC;AAEtE,MAAM,WAAW,WAAW;IAC1B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,QAAQ,EAAE;QACjB,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;QAC1B,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;QACtB,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;QACxB,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;KACtB,CAAC;CACH;AAiBD,wBAAgB,oBAAoB,CAAC,OAAO,EAAE,WAAW,GAAG,WAAW,CActE;AAMD,wBAAgB,qBAAqB,CAAC,OAAO,EAAE,WAAW,GAAG,IAAI,GAAG,SAAS,CA+B5E;AAoBD,wBAAgB,gBAAgB,CAAC,OAAO,EAAE,WAAW,GAAG,IAAI,GAAG,MAAM,CA+BpE;AAMD,wBAAgB,iBAAiB,CAC/B,aAAa,EAAE,MAAM,EACrB,WAAW,EAAE,MAAM,GAClB,WAAW,GAAG,IAAI,CA6BpB;AAMD,wBAAgB,qBAAqB,CACnC,WAAW,EAAE,MAAM,EACnB,OAAO,GAAE,MAAkE,GAC1E,MAAM,CAIR"}

package/dist/badge.js

@@ -80,7 +80,12 @@ export function generateBadgeEndpoint(summary) {
 // Generate standalone SVG badge
 // ---------------------------------------------------------------------------
 function escapeXml(str) {
-    return str.replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;');
+    return str
+        .replace(/&/g, '&amp;')
+        .replace(/</g, '&lt;')
+        .replace(/>/g, '&gt;')
+        .replace(/"/g, '&quot;')
+        .replace(/'/g, '&apos;');
 }
 function measureText(text) {
     // Approximate character width for Verdana 11px (shields.io standard)

package/dist/badge.js.map

@@ -1 +1 @@
-{"version":3,"file":"badge.js","sourceRoot":"","sources":["../src/badge.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AA+BvC,8EAA8E;AAC9E,eAAe;AACf,8EAA8E;AAE9E,MAAM,YAAY,GAAgC;IAChD,KAAK,EAAE,SAAS,EAAM,eAAe;IACrC,MAAM,EAAE,SAAS,EAAK,iBAAiB;IACvC,QAAQ,EAAE,SAAS,EAAG,YAAY;IAClC,OAAO,EAAE,SAAS,EAAI,OAAO;CAC9B,CAAC;AAEF,8EAA8E;AAC9E,wCAAwC;AACxC,8EAA8E;AAE9E,MAAM,UAAU,oBAAoB,CAAC,OAAoB;IACvD,gCAAgC;IAChC,IAAI,OAAO,CAAC,QAAQ,CAAC,QAAQ,GAAG,CAAC;QAAE,OAAO,UAAU,CAAC;IACrD,IAAI,OAAO,CAAC,QAAQ,CAAC,IAAI,GAAG,CAAC;QAAE,OAAO,UAAU,CAAC;IACjD,IAAI,OAAO,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,QAAQ,CAAC;IACjD,IAAI,OAAO,CAAC,QAAQ,CAAC,GAAG,GAAG,CAAC;QAAE,OAAO,QAAQ,CAAC;IAE9C,gFAAgF;IAChF,MAAM,KAAK,GAAG,OAAO,CAAC,SAAS,CAAC,WAAW,EAAE,CAAC;IAC9C,IAAI,KAAK,KAAK,UAAU,IAAI,KAAK,KAAK,MAAM;QAAE,OAAO,UAAU,CAAC;IAChE,IAAI,KAAK,KAAK,QAAQ;QAAE,OAAO,QAAQ,CAAC;IACxC,IAAI,KAAK,KAAK,KAAK;QAAE,OAAO,QAAQ,CAAC;IAErC,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,8EAA8E;AAC9E,oCAAoC;AACpC,8EAA8E;AAE9E,MAAM,UAAU,qBAAqB,CAAC,OAA2B;IAC/D,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO;YACL,aAAa,EAAE,CAAC;YAChB,KAAK,EAAE,KAAK;YACZ,OAAO,EAAE,iBAAiB;YAC1B,KAAK,EAAE,YAAY,CAAC,OAAO;SAC5B,CAAC;IACJ,CAAC;IAED,MAAM,MAAM,GAAG,oBAAoB,CAAC,OAAO,CAAC,CAAC;IAE7C,MAAM,aAAa,GAAG,OAAO,CAAC,QAAQ,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC,IAAI,GAAG,OAAO,CAAC,QAAQ,CAAC,MAAM,GAAG,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC;IAEzH,MAAM,QAAQ,GAAgC;QAC5C,KAAK,EAAE,qBAAqB;QAC5B,MAAM,EAAE,aAAa,GAAG,CAAC;YACvB,CAAC,CAAC,aAAa,aAAa,SAAS,aAAa,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;YACnE,CAAC,CAAC,aAAa,OAAO,CAAC,SAAS,EAAE;QACpC,QAAQ,EAAE,aAAa,GAAG,CAAC;YACzB,CAAC,CAAC,aAAa,OAAO,CAAC,QAAQ,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC,IAAI,WAAW;YAC3E,CAAC,CAAC,aAAa,OAAO,CAAC,SAAS,EAAE;QACpC,OAAO,EAAE,iBAAiB;KAC3B,CAAC;IAEF,OAAO;QACL,aAAa,EAAE,CAAC;QAChB,KAAK,EAAE,KAAK;QACZ,OAAO,EAAE,QAAQ,CAAC,MAAM,CAAC;QACzB,KAAK,EAAE,YAAY,CAAC,MAAM,CAAC;KAC5B,CAAC;AACJ,CAAC;AAED,8EAA8E;AAC9E,gCAAgC;AAChC,8EAA8E;AAE9E,SAAS,SAAS,CAAC,GAAW;IAC5B,OAAO,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;AAChF,CAAC;AAED,SAAS,WAAW,CAAC,IAAY;IAC/B,qEAAqE;IACrE,OAAO,IAAI,CAAC,MAAM,GAAG,GAAG,GAAG,EAAE,CAAC;AAChC,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,OAA2B;IAC1D,MAAM,IAAI,GAAG,qBAAqB,CAAC,OAAO,CAAC,CAAC;IAC5C,MAAM,KAAK,GAAG,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACpC,MAAM,OAAO,GAAG,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACxC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC;IAEzB,MAAM,UAAU,GAAG,WAAW,CAAC,KAAK,CAAC,CAAC;IACtC,MAAM,YAAY,GAAG,WAAW,CAAC,OAAO,CAAC,CAAC;IAC1C,MAAM,UAAU,GAAG,UAAU,GAAG,YAAY,CAAC;IAE7C,OAAO,6FAA6F,UAAU,wCAAwC,KAAK,KAAK,OAAO;WAC9J,KAAK,KAAK,OAAO;;;;;;mBAMT,UAAU;;;mBAGV,UAAU;eACd,UAAU,YAAY,YAAY,uBAAuB,KAAK;mBAC1D,UAAU;;;kCAGK,UAAU,GAAG,CAAC,oEAAoE,KAAK;eAC1G,UAAU,GAAG,CAAC,+CAA+C,KAAK;kCAC/C,CAAC,UAAU,GAAG,YAAY,GAAG,CAAC,CAAC,GAAG,EAAE,oEAAoE,OAAO;eAClI,CAAC,UAAU,GAAG,YAAY,GAAG,CAAC,CAAC,GAAG,EAAE,+CAA+C,OAAO;;OAElG,CAAC;AACR,CAAC;AAED,8EAA8E;AAC9E,wCAAwC;AACxC,8EAA8E;AAE9E,MAAM,UAAU,iBAAiB,CAC/B,aAAqB,EACrB,WAAmB;IAEnB,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC,CAAC;QAE9D,MAAM,OAAO,GAAc,IAAI,CAAC,OAAO,IAAI,EAAE,CAAC;QAC9C,MAAM,KAAK,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,WAAW,CAAQ,CAAC;QAEzE,IAAI,CAAC,KAAK;YAAE,OAAO,IAAI,CAAC;QAExB,MAAM,UAAU,GAAU,KAAK,CAAC,UAAU,IAAI,EAAE,CAAC;QACjD,MAAM,QAAQ,GAAG,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;QAC7D,KAAK,MAAM,CAAC,IAAI,UAAU,EAAE,CAAC;YAC3B,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,IAAI,EAAE,QAAQ,IAAI,KAAK,CAAC,CAAC,WAAW,EAAE,CAAC;YACpE,IAAI,GAAG,IAAI,QAAQ,EAAE,CAAC;gBACpB,QAAQ,CAAC,GAA4B,CAAC,EAAE,CAAC;YAC3C,CAAC;QACH,CAAC;QAED,OAAO;YACL,WAAW,EAAE,KAAK,CAAC,OAAO;YAC1B,OAAO,EAAE,KAAK,CAAC,OAAO;YACtB,SAAS,EAAE,KAAK,CAAC,SAAS,IAAI,IAAI,CAAC,SAAS;YAC5C,SAAS,EAAE,KAAK,CAAC,SAAS,IAAI,SAAS;YACvC,SAAS,EAAE,KAAK,CAAC,SAAS,IAAI,CAAC;YAC/B,QAAQ;SACT,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,8EAA8E;AAC9E,kCAAkC;AAClC,8EAA8E;AAE9E,MAAM,UAAU,qBAAqB,CACnC,WAAmB,EACnB,UAAkB,yDAAyD;IAE3E,oCAAoC;IACpC,MAAM,WAAW,GAAG,kBAAkB,CAAC,WAAW,CAAC,CAAC;IACpD,OAAO,uFAAuF,OAAO,GAAG,CAAC;AAC3G,CAAC"}
+{"version":3,"file":"badge.js","sourceRoot":"","sources":["../src/badge.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AA+BvC,8EAA8E;AAC9E,eAAe;AACf,8EAA8E;AAE9E,MAAM,YAAY,GAAgC;IAChD,KAAK,EAAE,SAAS,EAAM,eAAe;IACrC,MAAM,EAAE,SAAS,EAAK,iBAAiB;IACvC,QAAQ,EAAE,SAAS,EAAG,YAAY;IAClC,OAAO,EAAE,SAAS,EAAI,OAAO;CAC9B,CAAC;AAEF,8EAA8E;AAC9E,wCAAwC;AACxC,8EAA8E;AAE9E,MAAM,UAAU,oBAAoB,CAAC,OAAoB;IACvD,gCAAgC;IAChC,IAAI,OAAO,CAAC,QAAQ,CAAC,QAAQ,GAAG,CAAC;QAAE,OAAO,UAAU,CAAC;IACrD,IAAI,OAAO,CAAC,QAAQ,CAAC,IAAI,GAAG,CAAC;QAAE,OAAO,UAAU,CAAC;IACjD,IAAI,OAAO,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,QAAQ,CAAC;IACjD,IAAI,OAAO,CAAC,QAAQ,CAAC,GAAG,GAAG,CAAC;QAAE,OAAO,QAAQ,CAAC;IAE9C,gFAAgF;IAChF,MAAM,KAAK,GAAG,OAAO,CAAC,SAAS,CAAC,WAAW,EAAE,CAAC;IAC9C,IAAI,KAAK,KAAK,UAAU,IAAI,KAAK,KAAK,MAAM;QAAE,OAAO,UAAU,CAAC;IAChE,IAAI,KAAK,KAAK,QAAQ;QAAE,OAAO,QAAQ,CAAC;IACxC,IAAI,KAAK,KAAK,KAAK;QAAE,OAAO,QAAQ,CAAC;IAErC,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,8EAA8E;AAC9E,oCAAoC;AACpC,8EAA8E;AAE9E,MAAM,UAAU,qBAAqB,CAAC,OAA2B;IAC/D,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO;YACL,aAAa,EAAE,CAAC;YAChB,KAAK,EAAE,KAAK;YACZ,OAAO,EAAE,iBAAiB;YAC1B,KAAK,EAAE,YAAY,CAAC,OAAO;SAC5B,CAAC;IACJ,CAAC;IAED,MAAM,MAAM,GAAG,oBAAoB,CAAC,OAAO,CAAC,CAAC;IAE7C,MAAM,aAAa,GAAG,OAAO,CAAC,QAAQ,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC,IAAI,GAAG,OAAO,CAAC,QAAQ,CAAC,MAAM,GAAG,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC;IAEzH,MAAM,QAAQ,GAAgC;QAC5C,KAAK,EAAE,qBAAqB;QAC5B,MAAM,EAAE,aAAa,GAAG,CAAC;YACvB,CAAC,CAAC,aAAa,aAAa,SAAS,aAAa,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;YACnE,CAAC,CAAC,aAAa,OAAO,CAAC,SAAS,EAAE;QACpC,QAAQ,EAAE,aAAa,GAAG,CAAC;YACzB,CAAC,CAAC,aAAa,OAAO,CAAC,QAAQ,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC,IAAI,WAAW;YAC3E,CAAC,CAAC,aAAa,OAAO,CAAC,SAAS,EAAE;QACpC,OAAO,EAAE,iBAAiB;KAC3B,CAAC;IAEF,OAAO;QACL,aAAa,EAAE,CAAC;QAChB,KAAK,EAAE,KAAK;QACZ,OAAO,EAAE,QAAQ,CAAC,MAAM,CAAC;QACzB,KAAK,EAAE,YAAY,CAAC,MAAM,CAAC;KAC5B,CAAC;AACJ,CAAC;AAED,8EAA8E;AAC9E,gCAAgC;AAChC,8EAA8E;AAE9E,SAAS,SAAS,CAAC,GAAW;IAC5B,OAAO,GAAG;SACP,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC;SACtB,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC;SACrB,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC;SACrB,OAAO,CAAC,IAAI,EAAE,QAAQ,CAAC;SACvB,OAAO,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;AAC7B,CAAC;AAED,SAAS,WAAW,CAAC,IAAY;IAC/B,qEAAqE;IACrE,OAAO,IAAI,CAAC,MAAM,GAAG,GAAG,GAAG,EAAE,CAAC;AAChC,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,OAA2B;IAC1D,MAAM,IAAI,GAAG,qBAAqB,CAAC,OAAO,CAAC,CAAC;IAC5C,MAAM,KAAK,GAAG,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACpC,MAAM,OAAO,GAAG,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACxC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC;IAEzB,MAAM,UAAU,GAAG,WAAW,CAAC,KAAK,CAAC,CAAC;IACtC,MAAM,YAAY,GAAG,WAAW,CAAC,OAAO,CAAC,CAAC;IAC1C,MAAM,UAAU,GAAG,UAAU,GAAG,YAAY,CAAC;IAE7C,OAAO,6FAA6F,UAAU,wCAAwC,KAAK,KAAK,OAAO;WAC9J,KAAK,KAAK,OAAO;;;;;;mBAMT,UAAU;;;mBAGV,UAAU;eACd,UAAU,YAAY,YAAY,uBAAuB,KAAK;mBAC1D,UAAU;;;kCAGK,UAAU,GAAG,CAAC,oEAAoE,KAAK;eAC1G,UAAU,GAAG,CAAC,+CAA+C,KAAK;kCAC/C,CAAC,UAAU,GAAG,YAAY,GAAG,CAAC,CAAC,GAAG,EAAE,oEAAoE,OAAO;eAClI,CAAC,UAAU,GAAG,YAAY,GAAG,CAAC,CAAC,GAAG,EAAE,+CAA+C,OAAO;;OAElG,CAAC;AACR,CAAC;AAED,8EAA8E;AAC9E,wCAAwC;AACxC,8EAA8E;AAE9E,MAAM,UAAU,iBAAiB,CAC/B,aAAqB,EACrB,WAAmB;IAEnB,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC,CAAC;QAE9D,MAAM,OAAO,GAAc,IAAI,CAAC,OAAO,IAAI,EAAE,CAAC;QAC9C,MAAM,KAAK,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,WAAW,CAAQ,CAAC;QAEzE,IAAI,CAAC,KAAK;YAAE,OAAO,IAAI,CAAC;QAExB,MAAM,UAAU,GAAU,KAAK,CAAC,UAAU,IAAI,EAAE,CAAC;QACjD,MAAM,QAAQ,GAAG,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;QAC7D,KAAK,MAAM,CAAC,IAAI,UAAU,EAAE,CAAC;YAC3B,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,IAAI,EAAE,QAAQ,IAAI,KAAK,CAAC,CAAC,WAAW,EAAE,CAAC;YACpE,IAAI,GAAG,IAAI,QAAQ,EAAE,CAAC;gBACpB,QAAQ,CAAC,GAA4B,CAAC,EAAE,CAAC;YAC3C,CAAC;QACH,CAAC;QAED,OAAO;YACL,WAAW,EAAE,KAAK,CAAC,OAAO;YAC1B,OAAO,EAAE,KAAK,CAAC,OAAO;YACtB,SAAS,EAAE,KAAK,CAAC,SAAS,IAAI,IAAI,CAAC,SAAS;YAC5C,SAAS,EAAE,KAAK,CAAC,SAAS,IAAI,SAAS;YACvC,SAAS,EAAE,KAAK,CAAC,SAAS,IAAI,CAAC;YAC/B,QAAQ;SACT,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,8EAA8E;AAC9E,kCAAkC;AAClC,8EAA8E;AAE9E,MAAM,UAAU,qBAAqB,CACnC,WAAmB,EACnB,UAAkB,yDAAyD;IAE3E,oCAAoC;IACpC,MAAM,WAAW,GAAG,kBAAkB,CAAC,WAAW,CAAC,CAAC;IACpD,OAAO,uFAAuF,OAAO,GAAG,CAAC;AAC3G,CAAC"}

package/dist/cli/scan-handler.d.ts

@@ -0,0 +1,19 @@
+/**
+ * Unified scan handler for ATR CLI.
+ * Auto-detects input type: JSON → MCP scan, .md → SKILL.md scan.
+ *
+ * @module agent-threat-rules/cli/scan-handler
+ */
+import type { ScanType } from '../types.js';
+export interface ScanOptions {
+    readonly rules?: string;
+    readonly json?: boolean;
+    readonly sarif?: boolean;
+    readonly severity?: string;
+    readonly forceType?: ScanType;
+}
+/** Detect whether the target is an MCP event JSON or SKILL.md file/directory. */
+export declare function detectInputType(targetPath: string): ScanType;
+/** Unified scan command: auto-detects MCP vs SKILL.md and runs the appropriate scan path. */
+export declare function cmdScanUnified(target: string, rulesDir: string, options: ScanOptions): Promise<void>;
+//# sourceMappingURL=scan-handler.d.ts.map

package/dist/cli/scan-handler.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"scan-handler.d.ts","sourceRoot":"","sources":["../../src/cli/scan-handler.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAKH,OAAO,KAAK,EAAoC,QAAQ,EAAE,MAAM,aAAa,CAAC;AAoB9E,MAAM,WAAW,WAAW;IAC1B,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,IAAI,CAAC,EAAE,OAAO,CAAC;IACxB,QAAQ,CAAC,KAAK,CAAC,EAAE,OAAO,CAAC;IACzB,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,SAAS,CAAC,EAAE,QAAQ,CAAC;CAC/B;AAED,iFAAiF;AACjF,wBAAgB,eAAe,CAAC,UAAU,EAAE,MAAM,GAAG,QAAQ,CA0B5D;AAED,6FAA6F;AAC7F,wBAAsB,cAAc,CAClC,MAAM,EAAE,MAAM,EACd,QAAQ,EAAE,MAAM,EAChB,OAAO,EAAE,WAAW,GACnB,OAAO,CAAC,IAAI,CAAC,CAmBf"}

package/dist/cli/scan-handler.js

@@ -0,0 +1,257 @@
+/**
+ * Unified scan handler for ATR CLI.
+ * Auto-detects input type: JSON → MCP scan, .md → SKILL.md scan.
+ *
+ * @module agent-threat-rules/cli/scan-handler
+ */
+import { readFileSync, existsSync, statSync, readdirSync } from 'node:fs';
+import { resolve } from 'node:path';
+import { ATREngine } from '../engine.js';
+import { scanResultToSARIF } from '../converters/sarif.js';
+const SEVERITY_ORDER = ['informational', 'low', 'medium', 'high', 'critical'];
+// ANSI colors
+const RED = '\x1b[31m';
+const GREEN = '\x1b[32m';
+const DIM = '\x1b[2m';
+const BOLD = '\x1b[1m';
+const RESET = '\x1b[0m';
+const SEVERITY_COLORS = {
+    critical: '\x1b[91m',
+    high: '\x1b[31m',
+    medium: '\x1b[33m',
+    low: '\x1b[36m',
+    informational: '\x1b[37m',
+};
+/** Detect whether the target is an MCP event JSON or SKILL.md file/directory. */
+export function detectInputType(targetPath) {
+    if (targetPath.endsWith('.md'))
+        return 'skill';
+    if (targetPath.endsWith('.json'))
+        return 'mcp';
+    // Directory: inspect contents to decide
+    if (existsSync(targetPath) && statSync(targetPath).isDirectory()) {
+        const entries = readdirSync(targetPath);
+        const hasJson = entries.some((e) => e.endsWith('.json'));
+        const hasMd = entries.some((e) => e.endsWith('.md') || e.toLowerCase() === 'skill.md');
+        if (hasMd)
+            return 'skill';
+        if (hasJson)
+            return 'mcp';
+        return 'skill'; // default for empty or non-matching directories
+    }
+    // Attempt to detect by reading first bytes
+    if (existsSync(targetPath)) {
+        const head = readFileSync(targetPath, 'utf-8').slice(0, 100).trimStart();
+        if (head.startsWith('{') || head.startsWith('['))
+            return 'mcp';
+        if (head.startsWith('#') || head.startsWith('---'))
+            return 'skill';
+    }
+    throw new Error(`Cannot determine scan type for "${targetPath}". Use .json for MCP events or .md for SKILL.md files.`);
+}
+/** Unified scan command: auto-detects MCP vs SKILL.md and runs the appropriate scan path. */
+export async function cmdScanUnified(target, rulesDir, options) {
+    if (!target) {
+        console.error(`${RED}Error: Missing target. Usage: atr scan <file|directory>${RESET}`);
+        process.exit(1);
+    }
+    const targetPath = resolve(target);
+    if (!existsSync(targetPath)) {
+        console.error(`${RED}Error: Path not found: ${targetPath}${RESET}`);
+        process.exit(1);
+    }
+    const scanType = options.forceType ?? detectInputType(targetPath);
+    if (scanType === 'skill') {
+        await scanSkillFiles(targetPath, rulesDir, options);
+    }
+    else {
+        await scanMcpEvents(targetPath, rulesDir, options);
+    }
+}
+// ── MCP Event Scan ─────────────────────────────────────────────
+async function scanMcpEvents(eventsPath, rulesDir, options) {
+    const fileStat = statSync(eventsPath);
+    if (fileStat.size > 50 * 1024 * 1024) {
+        console.error(`${RED}Error: Events file exceeds 50MB limit${RESET}`);
+        process.exit(1);
+    }
+    const raw = readFileSync(eventsPath, 'utf-8');
+    let events;
+    try {
+        const parsed = JSON.parse(raw);
+        events = Array.isArray(parsed) ? parsed : [parsed];
+    }
+    catch {
+        console.error(`${RED}Error: Invalid JSON in ${eventsPath}${RESET}`);
+        process.exit(1);
+    }
+    const engine = new ATREngine({ rulesDir });
+    await engine.loadRules();
+    const minIdx = SEVERITY_ORDER.indexOf((options.severity ?? 'informational'));
+    const allResults = [];
+    let totalThreats = 0;
+    for (const event of events) {
+        if (!event.content)
+            continue; // skip malformed events
+        const result = engine.evaluateFull(event, eventsPath);
+        const filtered = result.matches.filter((m) => SEVERITY_ORDER.indexOf(m.rule.severity) >= minIdx);
+        if (filtered.length > 0) {
+            allResults.push({ event, result, filtered });
+            totalThreats += filtered.length;
+        }
+    }
+    if (options.sarif) {
+        const sarifResults = allResults.map(({ result, filtered }) => ({
+            ...result,
+            matches: filtered,
+            threat_count: filtered.length,
+        }));
+        const version = process.env['npm_package_version'] ?? '1.0.0';
+        console.log(JSON.stringify(scanResultToSARIF(sarifResults, version), null, 2));
+        return;
+    }
+    if (options.json) {
+        console.log(JSON.stringify({
+            scan_type: 'mcp',
+            events_scanned: events.length,
+            threats_detected: totalThreats,
+            rules_loaded: engine.getRuleCount(),
+            results: allResults.map(({ event, result, filtered }) => ({
+                content_hash: result.content_hash,
+                event: {
+                    type: event.type,
+                    timestamp: event.timestamp,
+                    content_preview: event.content.slice(0, 100),
+                },
+                matches: filtered.map(formatMatchJson),
+            })),
+        }, null, 2));
+        return;
+    }
+    printScanHeader('MCP', events.length, engine.getRuleCount(), totalThreats);
+    if (totalThreats === 0) {
+        console.log(`${GREEN}No threats detected.${RESET}\n`);
+        return;
+    }
+    for (const { event, filtered } of allResults) {
+        const preview = event.content.slice(0, 80).replace(/\n/g, ' ');
+        console.log(`  ${DIM}Event: [${event.type}] "${preview}..."${RESET}`);
+        for (const m of filtered) {
+            printMatch(m);
+        }
+        console.log('');
+    }
+}
+// ── SKILL.md Scan ──────────────────────────────────────────────
+async function scanSkillFiles(targetPath, rulesDir, options) {
+    const skillFiles = collectSkillFiles(targetPath);
+    if (skillFiles.length === 0) {
+        console.error(`${RED}Error: No SKILL.md files found in ${targetPath}${RESET}`);
+        process.exit(1);
+    }
+    const engine = new ATREngine({ rulesDir });
+    await engine.loadRules();
+    const minIdx = SEVERITY_ORDER.indexOf((options.severity ?? 'informational'));
+    const allResults = [];
+    let totalThreats = 0;
+    for (const file of skillFiles) {
+        const fileSize = statSync(file).size;
+        if (fileSize > 1 * 1024 * 1024) {
+            console.error(`${RED}Warning: Skipping ${file} (${Math.round(fileSize / 1024)}KB exceeds 1MB limit)${RESET}`);
+            continue;
+        }
+        const content = readFileSync(file, 'utf-8');
+        const result = engine.scanSkillFull(content, file);
+        const filtered = result.matches.filter((m) => SEVERITY_ORDER.indexOf(m.rule.severity) >= minIdx);
+        if (filtered.length > 0) {
+            allResults.push({ file, result, filtered });
+            totalThreats += filtered.length;
+        }
+    }
+    if (options.sarif) {
+        const sarifResults = allResults.map(({ result, filtered }) => ({
+            ...result,
+            matches: filtered,
+            threat_count: filtered.length,
+        }));
+        const version = process.env['npm_package_version'] ?? '1.0.0';
+        console.log(JSON.stringify(scanResultToSARIF(sarifResults, version), null, 2));
+        return;
+    }
+    if (options.json) {
+        console.log(JSON.stringify({
+            scan_type: 'skill',
+            skills_scanned: skillFiles.length,
+            threats_detected: totalThreats,
+            rules_loaded: engine.getRuleCount(),
+            results: allResults.map(({ file, result, filtered }) => ({
+                file,
+                content_hash: result.content_hash,
+                matches: filtered.map(formatMatchJson),
+            })),
+        }, null, 2));
+        return;
+    }
+    printScanHeader('SKILL', skillFiles.length, engine.getRuleCount(), totalThreats);
+    if (totalThreats === 0) {
+        console.log(`  ${GREEN}No threats detected.${RESET}\n`);
+        return;
+    }
+    for (const { file, filtered } of allResults) {
+        const relPath = file.replace(process.cwd() + '/', '');
+        console.log(`  ${BOLD}${relPath}${RESET}`);
+        for (const m of filtered) {
+            printMatch(m);
+        }
+        console.log('');
+    }
+}
+// ── Shared Helpers ─────────────────────────────────────────────
+function collectSkillFiles(targetPath) {
+    const files = [];
+    const stat = statSync(targetPath);
+    if (stat.isDirectory()) {
+        walkForSkills(targetPath, files);
+    }
+    else {
+        files.push(targetPath);
+    }
+    return files;
+}
+function walkForSkills(dir, out) {
+    for (const entry of readdirSync(dir, { withFileTypes: true })) {
+        const full = resolve(dir, entry.name);
+        if (entry.isDirectory()) {
+            walkForSkills(full, out);
+        }
+        else if (entry.name === 'SKILL.md' || entry.name === 'skill.md') {
+            out.push(full);
+        }
+    }
+}
+function formatMatchJson(m) {
+    return {
+        rule_id: m.rule.id,
+        title: m.rule.title,
+        severity: m.rule.severity,
+        confidence: m.confidence,
+        matched_conditions: m.matchedConditions,
+    };
+}
+function printScanHeader(type, scanned, rulesLoaded, threats) {
+    const label = type === 'MCP' ? 'Events' : 'Skills';
+    console.log(`\n${BOLD}ATR ${type} Scan Results${RESET}`);
+    console.log(`${DIM}${'─'.repeat(60)}${RESET}`);
+    console.log(`  ${label} scanned:  ${scanned}`);
+    console.log(`  Rules loaded:    ${rulesLoaded}`);
+    console.log(`  Threats found:   ${threats > 0 ? RED + threats + RESET : GREEN + '0' + RESET}`);
+    console.log(`${DIM}${'─'.repeat(60)}${RESET}`);
+    console.log(`${DIM}  Open source (MIT). Star: https://github.com/Agent-Threat-Rule/agent-threat-rules${RESET}`);
+    console.log('');
+}
+function printMatch(m) {
+    const color = SEVERITY_COLORS[m.rule.severity] ?? '';
+    console.log(`    ${color}${m.rule.severity.toUpperCase().padEnd(13)}${RESET} ${m.rule.id} - ${m.rule.title}`);
+    console.log(`    ${DIM}Confidence: ${(m.confidence * 100).toFixed(0)}% | Conditions: ${m.matchedConditions.join(', ')}${RESET}`);
+}
+//# sourceMappingURL=scan-handler.js.map