agent-threat-rules 1.1.0 → 1.2.0

package/dist/index.js

@@ -54,4 +54,6 @@ export { ActionExecutor } from './action-executor.js';
 export { DefaultAdapter } from './adapters/default-adapter.js';
 export { StdioAdapter } from './adapters/stdio-adapter.js';
 export { HookHandler } from './hook-handler.js';
+// Quality Standard — RFC-001 reference implementation
+export * as quality from './quality/index.js';
 //# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,mEAAmE;AACnE,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAExC,OAAO,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AAEpD,OAAO,EAAE,YAAY,EAAE,sBAAsB,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AACjF,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAEtD,OAAO,EAAE,kBAAkB,EAAE,MAAM,mBAAmB,CAAC;AAEvD,oEAAoE;AACpE,OAAO,EAAE,gBAAgB,EAAE,MAAM,sBAAsB,CAAC;AAGxD,oEAAoE;AACpE,OAAO,EAAE,iBAAiB,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAC;AAG9E,oEAAoE;AACpE,OAAO,EAAE,mBAAmB,EAAE,MAAM,2BAA2B,CAAC;AAGhE,oEAAoE;AACpE,OAAO,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AAEzD,OAAO,EAAE,WAAW,EAAE,iBAAiB,EAAE,MAAM,6BAA6B,CAAC;AAE7E,OAAO,EAAE,mBAAmB,EAAE,kBAAkB,EAAE,MAAM,6BAA6B,CAAC;AAGtF,mEAAmE;AACnE,OAAO,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AAEpD,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AACrD,kDAAkD;AAClD,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AAEvD,kDAAkD;AAClD,OAAO,EAAE,qBAAqB,EAAE,MAAM,wBAAwB,CAAC;AAQ/D,mEAAmE;AACnE,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAEtD,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAG1D,mEAAmE;AACnE,OAAO,EAAE,WAAW,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AAErE,OAAO,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAC;AACnD,OAAO,EAAE,aAAa,EAAE,MAAM,yBAAyB,CAAC;AACxD,OAAO,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAE1D,oEAAoE;AACpE,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AAExD,OAAO,EAAE,eAAe,EAAE,MAAM,eAAe,CAAC;AAGhD,mEAAmE;AACnE,qDAAqD;AACrD,qDAAqD;AACrD,OAAO,EAAE,cAAc,EAAE,aAAa,EAAE,qBAAqB,EAAE,MAAM,cAAc,CAAC;AACpF,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAEtD,OAAO,EAAE,cAAc,EAAE,MAAM,+BAA+B,CAAC;AAC/D,OAAO,EAAE,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAC3D,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,mEAAmE;AACnE,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAExC,OAAO,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AAEpD,OAAO,EAAE,YAAY,EAAE,sBAAsB,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AACjF,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAEtD,OAAO,EAAE,kBAAkB,EAAE,MAAM,mBAAmB,CAAC;AAEvD,oEAAoE;AACpE,OAAO,EAAE,gBAAgB,EAAE,MAAM,sBAAsB,CAAC;AAGxD,oEAAoE;AACpE,OAAO,EAAE,iBAAiB,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAC;AAG9E,oEAAoE;AACpE,OAAO,EAAE,mBAAmB,EAAE,MAAM,2BAA2B,CAAC;AAGhE,oEAAoE;AACpE,OAAO,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AAEzD,OAAO,EAAE,WAAW,EAAE,iBAAiB,EAAE,MAAM,6BAA6B,CAAC;AAE7E,OAAO,EAAE,mBAAmB,EAAE,kBAAkB,EAAE,MAAM,6BAA6B,CAAC;AAGtF,mEAAmE;AACnE,OAAO,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AAEpD,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AACrD,kDAAkD;AAClD,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AAEvD,kDAAkD;AAClD,OAAO,EAAE,qBAAqB,EAAE,MAAM,wBAAwB,CAAC;AAQ/D,mEAAmE;AACnE,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAEtD,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAG1D,mEAAmE;AACnE,OAAO,EAAE,WAAW,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AAErE,OAAO,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAC;AACnD,OAAO,EAAE,aAAa,EAAE,MAAM,yBAAyB,CAAC;AACxD,OAAO,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAE1D,oEAAoE;AACpE,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AAExD,OAAO,EAAE,eAAe,EAAE,MAAM,eAAe,CAAC;AAGhD,mEAAmE;AACnE,qDAAqD;AACrD,qDAAqD;AACrD,OAAO,EAAE,cAAc,EAAE,aAAa,EAAE,qBAAqB,EAAE,MAAM,cAAc,CAAC;AACpF,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAEtD,OAAO,EAAE,cAAc,EAAE,MAAM,+BAA+B,CAAC;AAC/D,OAAO,EAAE,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAC3D,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAGhD,sDAAsD;AACtD,OAAO,KAAK,OAAO,MAAM,oBAAoB,CAAC"}

package/dist/quality/adapters/atr.d.ts

@@ -0,0 +1,65 @@
+/**
+ * ATR Quality Standard — ATR YAML Adapter
+ *
+ * Parses an ATR YAML rule (either as raw string or pre-parsed object) and
+ * produces RuleMetadata that the quality gate and scoring functions
+ * understand.
+ *
+ * @module agent-threat-rules/quality/adapters/atr
+ */
+import type { RuleMetadata } from "../types.js";
+/**
+ * Loose shape of an ATR rule file — matches what actually appears in
+ * rules/**\/*.yaml, not the strict type. This lets us adapt rules even if
+ * they're missing optional fields.
+ */
+interface RawATRRule {
+    id?: string;
+    title?: string;
+    status?: string;
+    maturity?: string;
+    detection?: {
+        conditions?: unknown;
+        false_positives?: unknown[];
+    };
+    test_cases?: {
+        true_positives?: unknown[];
+        true_negatives?: unknown[];
+    };
+    evasion_tests?: unknown[];
+    references?: {
+        owasp_llm?: unknown[];
+        owasp_agentic?: unknown[];
+        mitre_atlas?: unknown[];
+        mitre_attack?: unknown[];
+    };
+    author?: string;
+    wild_samples?: number;
+    wild_fp_rate?: number;
+    wild_validated?: string;
+    metadata_provenance?: {
+        mitre_atlas?: string;
+        mitre_attack?: string;
+        owasp_llm?: string;
+        owasp_agentic?: string;
+        test_cases?: string;
+        evasion_tests?: string;
+        false_positives?: string;
+    };
+}
+/**
+ * Parse an ATR YAML rule string into RuleMetadata.
+ *
+ * @param yamlContent - Raw YAML content
+ * @returns RuleMetadata (throws if YAML is invalid or missing required fields)
+ */
+export declare function parseATRRule(yamlContent: string): RuleMetadata;
+/**
+ * Convert a parsed ATR rule object into RuleMetadata.
+ *
+ * Accepts the loose shape returned by yaml.load() so callers that already
+ * have a parsed object don't need to re-serialize.
+ */
+export declare function atrRuleToMetadata(rule: RawATRRule): RuleMetadata;
+export {};
+//# sourceMappingURL=atr.d.ts.map

package/dist/quality/adapters/atr.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"atr.d.ts","sourceRoot":"","sources":["../../../src/quality/adapters/atr.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAGH,OAAO,KAAK,EAIV,YAAY,EACb,MAAM,aAAa,CAAC;AAErB;;;;GAIG;AACH,UAAU,UAAU;IAClB,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE;QACV,UAAU,CAAC,EAAE,OAAO,CAAC;QACrB,eAAe,CAAC,EAAE,OAAO,EAAE,CAAC;KAC7B,CAAC;IACF,UAAU,CAAC,EAAE;QACX,cAAc,CAAC,EAAE,OAAO,EAAE,CAAC;QAC3B,cAAc,CAAC,EAAE,OAAO,EAAE,CAAC;KAC5B,CAAC;IACF,aAAa,CAAC,EAAE,OAAO,EAAE,CAAC;IAC1B,UAAU,CAAC,EAAE;QACX,SAAS,CAAC,EAAE,OAAO,EAAE,CAAC;QACtB,aAAa,CAAC,EAAE,OAAO,EAAE,CAAC;QAC1B,WAAW,CAAC,EAAE,OAAO,EAAE,CAAC;QACxB,YAAY,CAAC,EAAE,OAAO,EAAE,CAAC;KAC1B,CAAC;IACF,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,mBAAmB,CAAC,EAAE;QACpB,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,aAAa,CAAC,EAAE,MAAM,CAAC;QACvB,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,aAAa,CAAC,EAAE,MAAM,CAAC;QACvB,eAAe,CAAC,EAAE,MAAM,CAAC;KAC1B,CAAC;CACH;AAED;;;;;GAKG;AACH,wBAAgB,YAAY,CAAC,WAAW,EAAE,MAAM,GAAG,YAAY,CAM9D;AAED;;;;;GAKG;AACH,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,UAAU,GAAG,YAAY,CA2DhE"}

package/dist/quality/adapters/atr.js

@@ -0,0 +1,154 @@
+/**
+ * ATR Quality Standard — ATR YAML Adapter
+ *
+ * Parses an ATR YAML rule (either as raw string or pre-parsed object) and
+ * produces RuleMetadata that the quality gate and scoring functions
+ * understand.
+ *
+ * @module agent-threat-rules/quality/adapters/atr
+ */
+import { load as parseYaml } from "js-yaml";
+/**
+ * Parse an ATR YAML rule string into RuleMetadata.
+ *
+ * @param yamlContent - Raw YAML content
+ * @returns RuleMetadata (throws if YAML is invalid or missing required fields)
+ */
+export function parseATRRule(yamlContent) {
+    const parsed = parseYaml(yamlContent);
+    if (!parsed || typeof parsed !== "object") {
+        throw new Error("Invalid YAML: not an object");
+    }
+    return atrRuleToMetadata(parsed);
+}
+/**
+ * Convert a parsed ATR rule object into RuleMetadata.
+ *
+ * Accepts the loose shape returned by yaml.load() so callers that already
+ * have a parsed object don't need to re-serialize.
+ */
+export function atrRuleToMetadata(rule) {
+    const id = rule.id ?? "<unknown>";
+    const title = rule.title ?? "<untitled>";
+    // Prefer `maturity` field; fall back to `status` if maturity is absent.
+    // Normalize common aliases: `test` -> `experimental`, anything unknown -> `draft`.
+    const rawMaturity = (rule.maturity ?? rule.status ?? "draft").toLowerCase();
+    const maturity = normalizeMaturity(rawMaturity);
+    const conditions = countConditions(rule.detection?.conditions);
+    const truePositives = Array.isArray(rule.test_cases?.true_positives)
+        ? rule.test_cases.true_positives.length
+        : 0;
+    const trueNegatives = Array.isArray(rule.test_cases?.true_negatives)
+        ? rule.test_cases.true_negatives.length
+        : 0;
+    const evasionTests = Array.isArray(rule.evasion_tests)
+        ? rule.evasion_tests.length
+        : 0;
+    const hasOwaspRef = hasAnyArrayItem(rule.references?.owasp_llm) ||
+        hasAnyArrayItem(rule.references?.owasp_agentic);
+    const hasMitreRef = hasAnyArrayItem(rule.references?.mitre_atlas) ||
+        hasAnyArrayItem(rule.references?.mitre_attack);
+    const hasFalsePositiveDocs = Array.isArray(rule.detection?.false_positives) &&
+        rule.detection.false_positives.length > 0;
+    // LLM-generated detection: author contains "Crystallization" or "LLM"
+    const author = (rule.author ?? "").toLowerCase();
+    const llmGenerated = author.includes("crystallization") ||
+        author.includes("llm") ||
+        author.includes("mirofish");
+    const provenance = extractProvenance(rule.metadata_provenance);
+    return {
+        id,
+        title,
+        maturity,
+        conditions,
+        truePositives,
+        trueNegatives,
+        evasionTests,
+        hasOwaspRef,
+        hasMitreRef,
+        hasFalsePositiveDocs,
+        ...(rule.wild_samples !== undefined
+            ? { wildSamples: rule.wild_samples }
+            : {}),
+        ...(rule.wild_fp_rate !== undefined
+            ? { wildFpRate: rule.wild_fp_rate }
+            : {}),
+        ...(rule.wild_validated ? { wildValidatedAt: rule.wild_validated } : {}),
+        ...(llmGenerated ? { llmGenerated: true } : {}),
+        ...(provenance ? { provenance } : {}),
+    };
+}
+/** Parse metadata_provenance field and normalize values to Provenance enum */
+function extractProvenance(raw) {
+    if (!raw || typeof raw !== "object")
+        return undefined;
+    const result = {
+        ...(raw.mitre_atlas
+            ? { mitre_atlas: normalizeProvenance(raw.mitre_atlas) }
+            : {}),
+        ...(raw.mitre_attack
+            ? { mitre_attack: normalizeProvenance(raw.mitre_attack) }
+            : {}),
+        ...(raw.owasp_llm ? { owasp_llm: normalizeProvenance(raw.owasp_llm) } : {}),
+        ...(raw.owasp_agentic
+            ? { owasp_agentic: normalizeProvenance(raw.owasp_agentic) }
+            : {}),
+        ...(raw.test_cases
+            ? { test_cases: normalizeProvenance(raw.test_cases) }
+            : {}),
+        ...(raw.evasion_tests
+            ? { evasion_tests: normalizeProvenance(raw.evasion_tests) }
+            : {}),
+        ...(raw.false_positives
+            ? { false_positives: normalizeProvenance(raw.false_positives) }
+            : {}),
+    };
+    return Object.keys(result).length > 0 ? result : undefined;
+}
+function normalizeProvenance(raw) {
+    const v = raw.toLowerCase().trim();
+    if (v === "human-reviewed" || v === "human")
+        return "human-reviewed";
+    if (v === "community-contributed" || v === "community")
+        return "community-contributed";
+    if (v === "auto-generated" || v === "auto")
+        return "auto-generated";
+    if (v === "llm-generated" || v === "llm")
+        return "llm-generated";
+    // Unknown value — treat as auto-generated (conservative)
+    return "auto-generated";
+}
+/**
+ * ATR rules use two different condition formats:
+ *  - Array: `conditions: [{ field, operator, value }, ...]`
+ *  - Named map: `conditions: { name1: {...}, name2: {...} }`
+ *
+ * Count layers in either format.
+ */
+function countConditions(conditions) {
+    if (Array.isArray(conditions))
+        return conditions.length;
+    if (conditions !== null && typeof conditions === "object") {
+        return Object.keys(conditions).length;
+    }
+    return 0;
+}
+function hasAnyArrayItem(value) {
+    return Array.isArray(value) && value.length > 0;
+}
+function normalizeMaturity(raw) {
+    switch (raw) {
+        case "draft":
+            return "draft";
+        case "experimental":
+        case "test": // ATR legacy alias
+            return "experimental";
+        case "stable":
+            return "stable";
+        case "deprecated":
+            return "deprecated";
+        default:
+            return "draft";
+    }
+}
+//# sourceMappingURL=atr.js.map

package/dist/quality/adapters/atr.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"atr.js","sourceRoot":"","sources":["../../../src/quality/adapters/atr.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAE,IAAI,IAAI,SAAS,EAAE,MAAM,SAAS,CAAC;AAgD5C;;;;;GAKG;AACH,MAAM,UAAU,YAAY,CAAC,WAAmB;IAC9C,MAAM,MAAM,GAAG,SAAS,CAAC,WAAW,CAAkC,CAAC;IACvE,IAAI,CAAC,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;QAC1C,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;IACjD,CAAC;IACD,OAAO,iBAAiB,CAAC,MAAM,CAAC,CAAC;AACnC,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,iBAAiB,CAAC,IAAgB;IAChD,MAAM,EAAE,GAAG,IAAI,CAAC,EAAE,IAAI,WAAW,CAAC;IAClC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,IAAI,YAAY,CAAC;IACzC,wEAAwE;IACxE,mFAAmF;IACnF,MAAM,WAAW,GAAG,CAAC,IAAI,CAAC,QAAQ,IAAI,IAAI,CAAC,MAAM,IAAI,OAAO,CAAC,CAAC,WAAW,EAAE,CAAC;IAC5E,MAAM,QAAQ,GAAa,iBAAiB,CAAC,WAAW,CAAC,CAAC;IAE1D,MAAM,UAAU,GAAG,eAAe,CAAC,IAAI,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC;IAC/D,MAAM,aAAa,GAAG,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,UAAU,EAAE,cAAc,CAAC;QAClE,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,cAAc,CAAC,MAAM;QACvC,CAAC,CAAC,CAAC,CAAC;IACN,MAAM,aAAa,GAAG,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,UAAU,EAAE,cAAc,CAAC;QAClE,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,cAAc,CAAC,MAAM;QACvC,CAAC,CAAC,CAAC,CAAC;IACN,MAAM,YAAY,GAAG,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,aAAa,CAAC;QACpD,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM;QAC3B,CAAC,CAAC,CAAC,CAAC;IAEN,MAAM,WAAW,GACf,eAAe,CAAC,IAAI,CAAC,UAAU,EAAE,SAAS,CAAC;QAC3C,eAAe,CAAC,IAAI,CAAC,UAAU,EAAE,aAAa,CAAC,CAAC;IAClD,MAAM,WAAW,GACf,eAAe,CAAC,IAAI,CAAC,UAAU,EAAE,WAAW,CAAC;QAC7C,eAAe,CAAC,IAAI,CAAC,UAAU,EAAE,YAAY,CAAC,CAAC;IACjD,MAAM,oBAAoB,GACxB,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,EAAE,eAAe,CAAC;QAC9C,IAAI,CAAC,SAAS,CAAC,eAAe,CAAC,MAAM,GAAG,CAAC,CAAC;IAE5C,sEAAsE;IACtE,MAAM,MAAM,GAAG,CAAC,IAAI,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;IACjD,MAAM,YAAY,GAChB,MAAM,CAAC,QAAQ,CAAC,iBAAiB,CAAC;QAClC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC;QACtB,MAAM,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;IAE9B,MAAM,UAAU,GAAG,iBAAiB,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;IAE/D,OAAO;QACL,EAAE;QACF,KAAK;QACL,QAAQ;QACR,UAAU;QACV,aAAa;QACb,aAAa;QACb,YAAY;QACZ,WAAW;QACX,WAAW;QACX,oBAAoB;QACpB,GAAG,CAAC,IAAI,CAAC,YAAY,KAAK,SAAS;YACjC,CAAC,CAAC,EAAE,WAAW,EAAE,IAAI,CAAC,YAAY,EAAE;YACpC,CAAC,CAAC,EAAE,CAAC;QACP,GAAG,CAAC,IAAI,CAAC,YAAY,KAAK,SAAS;YACjC,CAAC,CAAC,EAAE,UAAU,EAAE,IAAI,CAAC,YAAY,EAAE;YACnC,CAAC,CAAC,EAAE,CAAC;QACP,GAAG,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,CAAC,EAAE,eAAe,EAAE,IAAI,CAAC,cAAc,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACxE,GAAG,CAAC,YAAY,CAAC,CAAC,CAAC,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAC/C,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KACtC,CAAC;AACJ,CAAC;AAED,8EAA8E;AAC9E,SAAS,iBAAiB,CACxB,GAAsC;IAEtC,IAAI,CAAC,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ;QAAE,OAAO,SAAS,CAAC;IACtD,MAAM,MAAM,GAAuB;QACjC,GAAG,CAAC,GAAG,CAAC,WAAW;YACjB,CAAC,CAAC,EAAE,WAAW,EAAE,mBAAmB,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE;YACvD,CAAC,CAAC,EAAE,CAAC;QACP,GAAG,CAAC,GAAG,CAAC,YAAY;YAClB,CAAC,CAAC,EAAE,YAAY,EAAE,mBAAmB,CAAC,GAAG,CAAC,YAAY,CAAC,EAAE;YACzD,CAAC,CAAC,EAAE,CAAC;QACP,GAAG,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,mBAAmB,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAC3E,GAAG,CAAC,GAAG,CAAC,aAAa;YACnB,CAAC,CAAC,EAAE,aAAa,EAAE,mBAAmB,CAAC,GAAG,CAAC,aAAa,CAAC,EAAE;YAC3D,CAAC,CAAC,EAAE,CAAC;QACP,GAAG,CAAC,GAAG,CAAC,UAAU;YAChB,CAAC,CAAC,EAAE,UAAU,EAAE,mBAAmB,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE;YACrD,CAAC,CAAC,EAAE,CAAC;QACP,GAAG,CAAC,GAAG,CAAC,aAAa;YACnB,CAAC,CAAC,EAAE,aAAa,EAAE,mBAAmB,CAAC,GAAG,CAAC,aAAa,CAAC,EAAE;YAC3D,CAAC,CAAC,EAAE,CAAC;QACP,GAAG,CAAC,GAAG,CAAC,eAAe;YACrB,CAAC,CAAC,EAAE,eAAe,EAAE,mBAAmB,CAAC,GAAG,CAAC,eAAe,CAAC,EAAE;YAC/D,CAAC,CAAC,EAAE,CAAC;KACR,CAAC;IACF,OAAO,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;AAC7D,CAAC;AAED,SAAS,mBAAmB,CAAC,GAAW;IACtC,MAAM,CAAC,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC,IAAI,EAAE,CAAC;IACnC,IAAI,CAAC,KAAK,gBAAgB,IAAI,CAAC,KAAK,OAAO;QAAE,OAAO,gBAAgB,CAAC;IACrE,IAAI,CAAC,KAAK,uBAAuB,IAAI,CAAC,KAAK,WAAW;QACpD,OAAO,uBAAuB,CAAC;IACjC,IAAI,CAAC,KAAK,gBAAgB,IAAI,CAAC,KAAK,MAAM;QAAE,OAAO,gBAAgB,CAAC;IACpE,IAAI,CAAC,KAAK,eAAe,IAAI,CAAC,KAAK,KAAK;QAAE,OAAO,eAAe,CAAC;IACjE,yDAAyD;IACzD,OAAO,gBAAgB,CAAC;AAC1B,CAAC;AAED;;;;;;GAMG;AACH,SAAS,eAAe,CAAC,UAAmB;IAC1C,IAAI,KAAK,CAAC,OAAO,CAAC,UAAU,CAAC;QAAE,OAAO,UAAU,CAAC,MAAM,CAAC;IACxD,IAAI,UAAU,KAAK,IAAI,IAAI,OAAO,UAAU,KAAK,QAAQ,EAAE,CAAC;QAC1D,OAAO,MAAM,CAAC,IAAI,CAAC,UAAqC,CAAC,CAAC,MAAM,CAAC;IACnE,CAAC;IACD,OAAO,CAAC,CAAC;AACX,CAAC;AAED,SAAS,eAAe,CAAC,KAAc;IACrC,OAAO,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC;AAClD,CAAC;AAED,SAAS,iBAAiB,CAAC,GAAW;IACpC,QAAQ,GAAG,EAAE,CAAC;QACZ,KAAK,OAAO;YACV,OAAO,OAAO,CAAC;QACjB,KAAK,cAAc,CAAC;QACpB,KAAK,MAAM,EAAE,mBAAmB;YAC9B,OAAO,cAAc,CAAC;QACxB,KAAK,QAAQ;YACX,OAAO,QAAQ,CAAC;QAClB,KAAK,YAAY;YACf,OAAO,YAAY,CAAC;QACtB;YACE,OAAO,OAAO,CAAC;IACnB,CAAC;AACH,CAAC"}

package/dist/quality/adapters/index.d.ts

@@ -0,0 +1,10 @@
+/**
+ * ATR Quality Standard — Rule Format Adapters
+ *
+ * Adapters convert vendor-specific rule formats into the canonical
+ * RuleMetadata interface that the scoring and validation functions consume.
+ *
+ * @module agent-threat-rules/quality/adapters
+ */
+export { parseATRRule, atrRuleToMetadata } from "./atr.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/quality/adapters/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/quality/adapters/index.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,YAAY,EAAE,iBAAiB,EAAE,MAAM,UAAU,CAAC"}

package/dist/quality/adapters/index.js

@@ -0,0 +1,10 @@
+/**
+ * ATR Quality Standard — Rule Format Adapters
+ *
+ * Adapters convert vendor-specific rule formats into the canonical
+ * RuleMetadata interface that the scoring and validation functions consume.
+ *
+ * @module agent-threat-rules/quality/adapters
+ */
+export { parseATRRule, atrRuleToMetadata } from "./atr.js";
+//# sourceMappingURL=index.js.map

package/dist/quality/adapters/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/quality/adapters/index.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,YAAY,EAAE,iBAAiB,EAAE,MAAM,UAAU,CAAC"}

package/dist/quality/compute-confidence.d.ts

@@ -0,0 +1,45 @@
+/**
+ * ATR Quality Standard — Confidence Scoring
+ *
+ * Pure function implementing the RFC-001 §2 confidence formula:
+ *
+ *   confidence = round(
+ *       precision_score    * 0.40
+ *     + wild_validation    * 0.30
+ *     + coverage_score     * 0.20
+ *     + evasion_docs       * 0.10
+ *   )
+ *
+ * @module agent-threat-rules/quality/compute-confidence
+ */
+import type { ConfidenceScore, DeploymentRecommendation, RuleMetadata } from "./types.js";
+/**
+ * Compute the confidence score for a rule.
+ *
+ * Score is in [0, 100]. Higher is more trustworthy.
+ *
+ * @param rule - Rule metadata (vendor-agnostic)
+ * @returns Score breakdown and total
+ */
+export declare function computeConfidence(rule: RuleMetadata): ConfidenceScore;
+/**
+ * Map a confidence score to a deployment recommendation.
+ *
+ * This is the consumer-facing signal: "should I deploy this rule in
+ * blocking mode, alert mode, or not at all?"
+ */
+export declare function deploymentFor(score: number): DeploymentRecommendation;
+/**
+ * Apply the cross-context penalty to a match's contribution.
+ *
+ * When a rule designed for one scan context (e.g. MCP runtime) fires in
+ * a different context (e.g. SKILL.md static scan), the match's contribution
+ * is downweighted by 0.7. This prevents cross-context noise from inflating
+ * overall detection confidence.
+ *
+ * @param score - The base confidence score of the rule
+ * @param isCrossContext - True if the match is outside the rule's native context
+ * @returns Adjusted score
+ */
+export declare function applyCrossContextPenalty(score: number, isCrossContext: boolean): number;
+//# sourceMappingURL=compute-confidence.d.ts.map

package/dist/quality/compute-confidence.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"compute-confidence.d.ts","sourceRoot":"","sources":["../../src/quality/compute-confidence.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,KAAK,EACV,eAAe,EACf,wBAAwB,EACxB,YAAY,EACb,MAAM,YAAY,CAAC;AAKpB;;;;;;;GAOG;AACH,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,YAAY,GAAG,eAAe,CAiCrE;AAuDD;;;;;GAKG;AACH,wBAAgB,aAAa,CAAC,KAAK,EAAE,MAAM,GAAG,wBAAwB,CAMrE;AAED;;;;;;;;;;;GAWG;AACH,wBAAgB,wBAAwB,CACtC,KAAK,EAAE,MAAM,EACb,cAAc,EAAE,OAAO,GACtB,MAAM,CAER"}

package/dist/quality/compute-confidence.js

@@ -0,0 +1,133 @@
+/**
+ * ATR Quality Standard — Confidence Scoring
+ *
+ * Pure function implementing the RFC-001 §2 confidence formula:
+ *
+ *   confidence = round(
+ *       precision_score    * 0.40
+ *     + wild_validation    * 0.30
+ *     + coverage_score     * 0.20
+ *     + evasion_docs       * 0.10
+ *   )
+ *
+ * @module agent-threat-rules/quality/compute-confidence
+ */
+/** Max confidence an LLM-generated rule can reach without human review */
+const LLM_CAP_WITHOUT_REVIEW = 70;
+/**
+ * Compute the confidence score for a rule.
+ *
+ * Score is in [0, 100]. Higher is more trustworthy.
+ *
+ * @param rule - Rule metadata (vendor-agnostic)
+ * @returns Score breakdown and total
+ */
+export function computeConfidence(rule) {
+    const precisionScore = computePrecisionScore(rule);
+    const wildValidationScore = computeWildValidationScore(rule);
+    const coverageScore = computeCoverageScore(rule);
+    const evasionScore = computeEvasionScore(rule);
+    const rawTotal = precisionScore * 0.4 +
+        wildValidationScore * 0.3 +
+        coverageScore * 0.2 +
+        evasionScore * 0.1;
+    let total = Math.round(rawTotal);
+    let capped = false;
+    // LLM-generated rules are capped at LLM_CAP_WITHOUT_REVIEW until a human reviews them.
+    // Rationale: LLMs can produce subtly wrong rules that pass static validation
+    // but fail in the wild. Human review is the only reliable backstop.
+    if (rule.llmGenerated === true && rule.humanReviewed !== true) {
+        if (total > LLM_CAP_WITHOUT_REVIEW) {
+            total = LLM_CAP_WITHOUT_REVIEW;
+            capped = true;
+        }
+    }
+    return {
+        total,
+        precisionScore: Math.round(precisionScore),
+        wildValidationScore: Math.round(wildValidationScore),
+        coverageScore: Math.round(coverageScore),
+        evasionScore: Math.round(evasionScore),
+        capped,
+    };
+}
+/**
+ * Precision component (weight 0.40).
+ *
+ * If wild FP rate is measured, use it directly: (1 - fpRate/100) * 100.
+ * Otherwise, estimate from test case coverage: more test cases = higher
+ * confidence in precision (max at 10 total).
+ */
+function computePrecisionScore(rule) {
+    if (rule.wildFpRate !== undefined &&
+        rule.wildSamples !== undefined &&
+        rule.wildSamples > 0) {
+        const fpRate = Math.max(0, Math.min(100, rule.wildFpRate));
+        return 100 - fpRate;
+    }
+    // Fallback: estimate from test case depth
+    const testCaseCount = rule.truePositives + rule.trueNegatives;
+    return Math.min(testCaseCount / 10, 1) * 100;
+}
+/**
+ * Wild validation component (weight 0.30).
+ *
+ * Scales with sample size up to 10,000 samples. More real-world data
+ * = higher score. A rule tested on 0 samples gets 0. A rule tested on
+ * 10,000+ samples gets 100.
+ */
+function computeWildValidationScore(rule) {
+    const samples = rule.wildSamples ?? 0;
+    return Math.min(samples / 10000, 1) * 100;
+}
+/**
+ * Coverage component (weight 0.20).
+ *
+ * Scales with number of detection conditions (layers). A single-condition
+ * rule gets 20. A 5+ condition rule gets 100. Defense in depth matters.
+ */
+function computeCoverageScore(rule) {
+    return Math.min(rule.conditions / 5, 1) * 100;
+}
+/**
+ * Evasion documentation component (weight 0.10).
+ *
+ * Rewards honest acknowledgment of known bypasses. A rule with 0 evasion
+ * tests gets 0. A rule with 5+ evasion tests gets 100.
+ */
+function computeEvasionScore(rule) {
+    return Math.min(rule.evasionTests / 5, 1) * 100;
+}
+/**
+ * Map a confidence score to a deployment recommendation.
+ *
+ * This is the consumer-facing signal: "should I deploy this rule in
+ * blocking mode, alert mode, or not at all?"
+ */
+export function deploymentFor(score) {
+    if (score >= 90)
+        return "block-in-production";
+    if (score >= 80)
+        return "block-with-monitoring";
+    if (score >= 60)
+        return "alert-only";
+    if (score >= 40)
+        return "evaluation-only";
+    return "do-not-deploy";
+}
+/**
+ * Apply the cross-context penalty to a match's contribution.
+ *
+ * When a rule designed for one scan context (e.g. MCP runtime) fires in
+ * a different context (e.g. SKILL.md static scan), the match's contribution
+ * is downweighted by 0.7. This prevents cross-context noise from inflating
+ * overall detection confidence.
+ *
+ * @param score - The base confidence score of the rule
+ * @param isCrossContext - True if the match is outside the rule's native context
+ * @returns Adjusted score
+ */
+export function applyCrossContextPenalty(score, isCrossContext) {
+    return isCrossContext ? Math.round(score * 0.7) : score;
+}
+//# sourceMappingURL=compute-confidence.js.map

package/dist/quality/compute-confidence.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"compute-confidence.js","sourceRoot":"","sources":["../../src/quality/compute-confidence.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAQH,0EAA0E;AAC1E,MAAM,sBAAsB,GAAG,EAAE,CAAC;AAElC;;;;;;;GAOG;AACH,MAAM,UAAU,iBAAiB,CAAC,IAAkB;IAClD,MAAM,cAAc,GAAG,qBAAqB,CAAC,IAAI,CAAC,CAAC;IACnD,MAAM,mBAAmB,GAAG,0BAA0B,CAAC,IAAI,CAAC,CAAC;IAC7D,MAAM,aAAa,GAAG,oBAAoB,CAAC,IAAI,CAAC,CAAC;IACjD,MAAM,YAAY,GAAG,mBAAmB,CAAC,IAAI,CAAC,CAAC;IAE/C,MAAM,QAAQ,GACZ,cAAc,GAAG,GAAG;QACpB,mBAAmB,GAAG,GAAG;QACzB,aAAa,GAAG,GAAG;QACnB,YAAY,GAAG,GAAG,CAAC;IAErB,IAAI,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;IACjC,IAAI,MAAM,GAAG,KAAK,CAAC;IAEnB,uFAAuF;IACvF,6EAA6E;IAC7E,oEAAoE;IACpE,IAAI,IAAI,CAAC,YAAY,KAAK,IAAI,IAAI,IAAI,CAAC,aAAa,KAAK,IAAI,EAAE,CAAC;QAC9D,IAAI,KAAK,GAAG,sBAAsB,EAAE,CAAC;YACnC,KAAK,GAAG,sBAAsB,CAAC;YAC/B,MAAM,GAAG,IAAI,CAAC;QAChB,CAAC;IACH,CAAC;IAED,OAAO;QACL,KAAK;QACL,cAAc,EAAE,IAAI,CAAC,KAAK,CAAC,cAAc,CAAC;QAC1C,mBAAmB,EAAE,IAAI,CAAC,KAAK,CAAC,mBAAmB,CAAC;QACpD,aAAa,EAAE,IAAI,CAAC,KAAK,CAAC,aAAa,CAAC;QACxC,YAAY,EAAE,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC;QACtC,MAAM;KACP,CAAC;AACJ,CAAC;AAED;;;;;;GAMG;AACH,SAAS,qBAAqB,CAAC,IAAkB;IAC/C,IACE,IAAI,CAAC,UAAU,KAAK,SAAS;QAC7B,IAAI,CAAC,WAAW,KAAK,SAAS;QAC9B,IAAI,CAAC,WAAW,GAAG,CAAC,EACpB,CAAC;QACD,MAAM,MAAM,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC;QAC3D,OAAO,GAAG,GAAG,MAAM,CAAC;IACtB,CAAC;IACD,0CAA0C;IAC1C,MAAM,aAAa,GAAG,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC,aAAa,CAAC;IAC9D,OAAO,IAAI,CAAC,GAAG,CAAC,aAAa,GAAG,EAAE,EAAE,CAAC,CAAC,GAAG,GAAG,CAAC;AAC/C,CAAC;AAED;;;;;;GAMG;AACH,SAAS,0BAA0B,CAAC,IAAkB;IACpD,MAAM,OAAO,GAAG,IAAI,CAAC,WAAW,IAAI,CAAC,CAAC;IACtC,OAAO,IAAI,CAAC,GAAG,CAAC,OAAO,GAAG,KAAK,EAAE,CAAC,CAAC,GAAG,GAAG,CAAC;AAC5C,CAAC;AAED;;;;;GAKG;AACH,SAAS,oBAAoB,CAAC,IAAkB;IAC9C,OAAO,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,UAAU,GAAG,CAAC,EAAE,CAAC,CAAC,GAAG,GAAG,CAAC;AAChD,CAAC;AAED;;;;;GAKG;AACH,SAAS,mBAAmB,CAAC,IAAkB;IAC7C,OAAO,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,YAAY,GAAG,CAAC,EAAE,CAAC,CAAC,GAAG,GAAG,CAAC;AAClD,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,aAAa,CAAC,KAAa;IACzC,IAAI,KAAK,IAAI,EAAE;QAAE,OAAO,qBAAqB,CAAC;IAC9C,IAAI,KAAK,IAAI,EAAE;QAAE,OAAO,uBAAuB,CAAC;IAChD,IAAI,KAAK,IAAI,EAAE;QAAE,OAAO,YAAY,CAAC;IACrC,IAAI,KAAK,IAAI,EAAE;QAAE,OAAO,iBAAiB,CAAC;IAC1C,OAAO,eAAe,CAAC;AACzB,CAAC;AAED;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,wBAAwB,CACtC,KAAa,EACb,cAAuB;IAEvB,OAAO,cAAc,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;AAC1D,CAAC"}

package/dist/quality/index.d.ts

@@ -0,0 +1,36 @@
+/**
+ * ATR Quality Standard — Public API
+ *
+ * Vendor-neutral library for scoring and validating AI agent threat detection
+ * rules. See docs/proposals/001-atr-quality-standard-rfc.md for the RFC.
+ *
+ * @example Compute a confidence score for an ATR rule
+ * ```typescript
+ * import { parseATRRule, computeConfidence } from 'agent-threat-rules/quality';
+ * import { readFileSync } from 'node:fs';
+ *
+ * const yaml = readFileSync('rules/prompt-injection/ATR-2026-00001.yaml', 'utf-8');
+ * const rule = parseATRRule(yaml);
+ * const score = computeConfidence(rule);
+ * console.log(`Confidence: ${score.total}/100`);
+ * ```
+ *
+ * @example Run a rule through the quality gate
+ * ```typescript
+ * import { parseATRRule, validateRuleMeetsStandard } from 'agent-threat-rules/quality';
+ *
+ * const rule = parseATRRule(yamlContent);
+ * const gate = validateRuleMeetsStandard(rule, 'experimental');
+ * if (!gate.passed) {
+ *   console.error('Rule rejected:', gate.issues);
+ * }
+ * ```
+ *
+ * @module agent-threat-rules/quality
+ */
+export type { Maturity, RuleMetadata, ConfidenceScore, QualityGateResult, PromotionDecision, DemotionDecision, FpReport, DeploymentRecommendation, } from "./types.js";
+export { computeConfidence, deploymentFor, applyCrossContextPenalty, } from "./compute-confidence.js";
+export { validateRuleMeetsStandard, getRequirements } from "./quality-gate.js";
+export { canPromote, shouldDemote, getMaturityThresholds, } from "./validate-maturity.js";
+export { parseATRRule, atrRuleToMetadata } from "./adapters/atr.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/quality/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/quality/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA6BG;AAGH,YAAY,EACV,QAAQ,EACR,YAAY,EACZ,eAAe,EACf,iBAAiB,EACjB,iBAAiB,EACjB,gBAAgB,EAChB,QAAQ,EACR,wBAAwB,GACzB,MAAM,YAAY,CAAC;AAGpB,OAAO,EACL,iBAAiB,EACjB,aAAa,EACb,wBAAwB,GACzB,MAAM,yBAAyB,CAAC;AAGjC,OAAO,EAAE,yBAAyB,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AAG/E,OAAO,EACL,UAAU,EACV,YAAY,EACZ,qBAAqB,GACtB,MAAM,wBAAwB,CAAC;AAGhC,OAAO,EAAE,YAAY,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC"}

package/dist/quality/index.js

@@ -0,0 +1,39 @@
+/**
+ * ATR Quality Standard — Public API
+ *
+ * Vendor-neutral library for scoring and validating AI agent threat detection
+ * rules. See docs/proposals/001-atr-quality-standard-rfc.md for the RFC.
+ *
+ * @example Compute a confidence score for an ATR rule
+ * ```typescript
+ * import { parseATRRule, computeConfidence } from 'agent-threat-rules/quality';
+ * import { readFileSync } from 'node:fs';
+ *
+ * const yaml = readFileSync('rules/prompt-injection/ATR-2026-00001.yaml', 'utf-8');
+ * const rule = parseATRRule(yaml);
+ * const score = computeConfidence(rule);
+ * console.log(`Confidence: ${score.total}/100`);
+ * ```
+ *
+ * @example Run a rule through the quality gate
+ * ```typescript
+ * import { parseATRRule, validateRuleMeetsStandard } from 'agent-threat-rules/quality';
+ *
+ * const rule = parseATRRule(yamlContent);
+ * const gate = validateRuleMeetsStandard(rule, 'experimental');
+ * if (!gate.passed) {
+ *   console.error('Rule rejected:', gate.issues);
+ * }
+ * ```
+ *
+ * @module agent-threat-rules/quality
+ */
+// Scoring
+export { computeConfidence, deploymentFor, applyCrossContextPenalty, } from "./compute-confidence.js";
+// Validation
+export { validateRuleMeetsStandard, getRequirements } from "./quality-gate.js";
+// Maturity transitions
+export { canPromote, shouldDemote, getMaturityThresholds, } from "./validate-maturity.js";
+// Adapters
+export { parseATRRule, atrRuleToMetadata } from "./adapters/atr.js";
+//# sourceMappingURL=index.js.map

package/dist/quality/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/quality/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA6BG;AAcH,UAAU;AACV,OAAO,EACL,iBAAiB,EACjB,aAAa,EACb,wBAAwB,GACzB,MAAM,yBAAyB,CAAC;AAEjC,aAAa;AACb,OAAO,EAAE,yBAAyB,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AAE/E,uBAAuB;AACvB,OAAO,EACL,UAAU,EACV,YAAY,EACZ,qBAAqB,GACtB,MAAM,wBAAwB,CAAC;AAEhC,WAAW;AACX,OAAO,EAAE,YAAY,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC"}

package/dist/quality/quality-gate.d.ts

@@ -0,0 +1,68 @@
+/**
+ * ATR Quality Standard — Quality Gate
+ *
+ * Checks whether a rule meets the minimum quality bar for a target maturity
+ * level. Used by TC crystallization pipeline to reject weak LLM-generated
+ * rules before they enter the proposal pipeline.
+ *
+ * See docs/proposals/001-atr-quality-standard-rfc.md §3 for the required
+ * metadata matrix.
+ *
+ * @module agent-threat-rules/quality/quality-gate
+ */
+import type { Maturity, QualityGateResult, RuleMetadata } from "./types.js";
+/**
+ * Minimum requirements for each maturity level.
+ * Thresholds match RFC-001 §3. Adjust here to tune the bar.
+ *
+ * The experimental gate uses 3/3 (matching Cisco-merge practice) and
+ * accepts any provenance (auto-generated OK). The stable gate requires
+ * 5/5 with 3 evasion tests AND human-reviewed provenance for MITRE/OWASP.
+ */
+declare const REQUIREMENTS: {
+    readonly draft: {
+        readonly minConditions: 1;
+        readonly minTruePositives: 1;
+        readonly minTrueNegatives: 1;
+        readonly minEvasionTests: 0;
+        readonly requireOwasp: false;
+        readonly requireMitre: false;
+        readonly requireFalsePositiveDocs: false;
+        readonly requireHumanReviewedProvenance: false;
+    };
+    readonly experimental: {
+        readonly minConditions: 3;
+        readonly minTruePositives: 3;
+        readonly minTrueNegatives: 3;
+        readonly minEvasionTests: 0;
+        readonly requireOwasp: true;
+        readonly requireMitre: true;
+        readonly requireFalsePositiveDocs: true;
+        readonly requireHumanReviewedProvenance: false;
+    };
+    readonly stable: {
+        readonly minConditions: 3;
+        readonly minTruePositives: 5;
+        readonly minTrueNegatives: 5;
+        readonly minEvasionTests: 3;
+        readonly requireOwasp: true;
+        readonly requireMitre: true;
+        readonly requireFalsePositiveDocs: true;
+        readonly requireHumanReviewedProvenance: true;
+    };
+};
+/**
+ * Validate a rule against the quality bar for a target maturity level.
+ *
+ * @param rule - Rule metadata
+ * @param target - Target maturity level to validate against (default: rule.maturity)
+ * @returns Gate result with passed/failed and human-readable issues
+ */
+export declare function validateRuleMeetsStandard(rule: RuleMetadata, target?: Maturity): QualityGateResult;
+/**
+ * Public accessor for the requirements table.
+ * Useful for documentation generators and UIs that display the quality bar.
+ */
+export declare function getRequirements(): typeof REQUIREMENTS;
+export {};
+//# sourceMappingURL=quality-gate.d.ts.map

package/dist/quality/quality-gate.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"quality-gate.d.ts","sourceRoot":"","sources":["../../src/quality/quality-gate.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,KAAK,EACV,QAAQ,EAER,iBAAiB,EACjB,YAAY,EACb,MAAM,YAAY,CAAC;AAEpB;;;;;;;GAOG;AACH,QAAA,MAAM,YAAY;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA+BR,CAAC;AAQX;;;;;;GAMG;AACH,wBAAgB,yBAAyB,CACvC,IAAI,EAAE,YAAY,EAClB,MAAM,CAAC,EAAE,QAAQ,GAChB,iBAAiB,CAiFnB;AAMD;;;GAGG;AACH,wBAAgB,eAAe,IAAI,OAAO,YAAY,CAErD"}