agent-threat-rules 2.1.3 → 2.1.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/action-executor.d.ts +1 -1
- package/dist/action-executor.d.ts.map +1 -1
- package/dist/action-executor.js +13 -11
- package/dist/action-executor.js.map +1 -1
- package/dist/adapters/default-adapter.d.ts +2 -1
- package/dist/adapters/default-adapter.d.ts.map +1 -1
- package/dist/adapters/default-adapter.js +14 -11
- package/dist/adapters/default-adapter.js.map +1 -1
- package/dist/adapters/stdio-adapter.d.ts +2 -1
- package/dist/adapters/stdio-adapter.d.ts.map +1 -1
- package/dist/adapters/stdio-adapter.js +43 -26
- package/dist/adapters/stdio-adapter.js.map +1 -1
- package/dist/converters/index.d.ts +4 -0
- package/dist/converters/index.d.ts.map +1 -1
- package/dist/converters/index.js +2 -0
- package/dist/converters/index.js.map +1 -1
- package/dist/converters/sage-reverse.d.ts +52 -0
- package/dist/converters/sage-reverse.d.ts.map +1 -0
- package/dist/converters/sage-reverse.js +216 -0
- package/dist/converters/sage-reverse.js.map +1 -0
- package/dist/converters/sage.d.ts +123 -0
- package/dist/converters/sage.d.ts.map +1 -0
- package/dist/converters/sage.js +702 -0
- package/dist/converters/sage.js.map +1 -0
- package/dist/types.d.ts +24 -17
- package/dist/types.d.ts.map +1 -1
- package/package.json +9 -1
- package/rules/context-exfiltration/ATR-2026-00449-spring-ai-chatmemory-cross-user-leak.yaml +196 -0
- package/rules/data-poisoning/ATR-2026-00450-spring-ai-prompt-memory-poisoning.yaml +196 -0
- package/rules/privilege-escalation/ATR-2026-00451-litellm-admin-sqli-cisa-kev.yaml +204 -0
- package/rules/tool-poisoning/ATR-2026-00448-spring-ai-milvus-filter-injection.yaml +193 -0
|
@@ -7,7 +7,7 @@
|
|
|
7
7
|
*
|
|
8
8
|
* @module agent-threat-rules/action-executor
|
|
9
9
|
*/
|
|
10
|
-
import type { ActionResult, ExecutionContext, PlatformAdapter } from
|
|
10
|
+
import type { ActionResult, ExecutionContext, PlatformAdapter } from "./types.js";
|
|
11
11
|
export interface ActionExecutorConfig {
|
|
12
12
|
readonly adapter: PlatformAdapter;
|
|
13
13
|
readonly dryRun?: boolean;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"action-executor.d.ts","sourceRoot":"","sources":["../src/action-executor.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,KAAK,EAEV,YAAY,EACZ,gBAAgB,EAChB,eAAe,EAChB,MAAM,YAAY,CAAC;
|
|
1
|
+
{"version":3,"file":"action-executor.d.ts","sourceRoot":"","sources":["../src/action-executor.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,KAAK,EAEV,YAAY,EACZ,gBAAgB,EAChB,eAAe,EAChB,MAAM,YAAY,CAAC;AAgCpB,MAAM,WAAW,oBAAoB;IACnC,QAAQ,CAAC,OAAO,EAAE,eAAe,CAAC;IAClC,QAAQ,CAAC,MAAM,CAAC,EAAE,OAAO,CAAC;IAC1B,QAAQ,CAAC,gBAAgB,CAAC,EAAE,CAAC,MAAM,EAAE,YAAY,KAAK,IAAI,CAAC;CAC5D;AAED,qBAAa,cAAc;IACzB,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAkB;IAC1C,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAU;IACjC,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAC,CAAiC;gBAEvD,MAAM,EAAE,oBAAoB;IAMxC;;;;;;;;OAQG;IACG,OAAO,CAAC,OAAO,EAAE,gBAAgB,GAAG,OAAO,CAAC,SAAS,YAAY,EAAE,CAAC;IAgB1E;;OAEG;IACH,OAAO,CAAC,kBAAkB;IAW1B;;OAEG;YACW,UAAU;IAmDxB,2CAA2C;IAC3C,cAAc,IAAI,MAAM;IAIxB,uCAAuC;IACvC,QAAQ,IAAI,OAAO;CAGpB"}
|
package/dist/action-executor.js
CHANGED
|
@@ -19,19 +19,21 @@ const ACTION_PRIORITY = {
|
|
|
19
19
|
alert: 7,
|
|
20
20
|
escalate: 8,
|
|
21
21
|
snapshot: 9,
|
|
22
|
+
shadow: 10,
|
|
22
23
|
};
|
|
23
24
|
/** Map action names to PlatformAdapter method names */
|
|
24
25
|
const ACTION_METHOD_MAP = {
|
|
25
|
-
block_input:
|
|
26
|
-
block_output:
|
|
27
|
-
block_tool:
|
|
28
|
-
quarantine_session:
|
|
29
|
-
reset_context:
|
|
30
|
-
alert:
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
26
|
+
block_input: "blockInput",
|
|
27
|
+
block_output: "blockOutput",
|
|
28
|
+
block_tool: "blockTool",
|
|
29
|
+
quarantine_session: "quarantineSession",
|
|
30
|
+
reset_context: "resetContext",
|
|
31
|
+
alert: "alert",
|
|
32
|
+
shadow: "shadow",
|
|
33
|
+
snapshot: "snapshot",
|
|
34
|
+
escalate: "escalate",
|
|
35
|
+
reduce_permissions: "reducePermissions",
|
|
36
|
+
kill_agent: "killAgent",
|
|
35
37
|
};
|
|
36
38
|
export class ActionExecutor {
|
|
37
39
|
adapter;
|
|
@@ -98,7 +100,7 @@ export class ActionExecutor {
|
|
|
98
100
|
});
|
|
99
101
|
}
|
|
100
102
|
const method = this.adapter[methodName];
|
|
101
|
-
if (typeof method !==
|
|
103
|
+
if (typeof method !== "function") {
|
|
102
104
|
return Object.freeze({
|
|
103
105
|
action,
|
|
104
106
|
success: false,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"action-executor.js","sourceRoot":"","sources":["../src/action-executor.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AASH,sEAAsE;AACtE,MAAM,eAAe,GAAwC;IAC3D,UAAU,EAAE,CAAC;IACb,WAAW,EAAE,CAAC;IACd,YAAY,EAAE,CAAC;IACf,UAAU,EAAE,CAAC;IACb,kBAAkB,EAAE,CAAC;IACrB,kBAAkB,EAAE,CAAC;IACrB,aAAa,EAAE,CAAC;IAChB,KAAK,EAAE,CAAC;IACR,QAAQ,EAAE,CAAC;IACX,QAAQ,EAAE,CAAC;
|
|
1
|
+
{"version":3,"file":"action-executor.js","sourceRoot":"","sources":["../src/action-executor.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AASH,sEAAsE;AACtE,MAAM,eAAe,GAAwC;IAC3D,UAAU,EAAE,CAAC;IACb,WAAW,EAAE,CAAC;IACd,YAAY,EAAE,CAAC;IACf,UAAU,EAAE,CAAC;IACb,kBAAkB,EAAE,CAAC;IACrB,kBAAkB,EAAE,CAAC;IACrB,aAAa,EAAE,CAAC;IAChB,KAAK,EAAE,CAAC;IACR,QAAQ,EAAE,CAAC;IACX,QAAQ,EAAE,CAAC;IACX,MAAM,EAAE,EAAE;CACX,CAAC;AAEF,uDAAuD;AACvD,MAAM,iBAAiB,GAAuD;IAC5E,WAAW,EAAE,YAAY;IACzB,YAAY,EAAE,aAAa;IAC3B,UAAU,EAAE,WAAW;IACvB,kBAAkB,EAAE,mBAAmB;IACvC,aAAa,EAAE,cAAc;IAC7B,KAAK,EAAE,OAAO;IACd,MAAM,EAAE,QAAQ;IAChB,QAAQ,EAAE,UAAU;IACpB,QAAQ,EAAE,UAAU;IACpB,kBAAkB,EAAE,mBAAmB;IACvC,UAAU,EAAE,WAAW;CACxB,CAAC;AAQF,MAAM,OAAO,cAAc;IACR,OAAO,CAAkB;IACzB,MAAM,CAAU;IAChB,gBAAgB,CAAkC;IAEnE,YAAY,MAA4B;QACtC,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC;QAC9B,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC,MAAM,IAAI,KAAK,CAAC;QACrC,IAAI,CAAC,gBAAgB,GAAG,MAAM,CAAC,gBAAgB,CAAC;IAClD,CAAC;IAED;;;;;;;;OAQG;IACH,KAAK,CAAC,OAAO,CAAC,OAAyB;QACrC,MAAM,OAAO,GAAG,IAAI,CAAC,kBAAkB,CAAC,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QACjE,MAAM,OAAO,GAAmB,EAAE,CAAC;QAEnC,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;YAC7B,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;YACtD,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YAErB,IAAI,IAAI,CAAC,gBAAgB,EAAE,CAAC;gBAC1B,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC;YAChC,CAAC;QACH,CAAC;QAED,OAAO,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAChC,CAAC;IAED;;OAEG;IACK,kBAAkB,CACxB,OAA6B;QAE7B,MAAM,MAAM,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC;QACrC,OAAO,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;YAC1B,MAAM,EAAE,GAAG,eAAe,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YACpC,MAAM,EAAE,GAAG,eAAe,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YACpC,OAAO,EAAE,GAAG,EAAE,CAAC;QACjB,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,UAAU,CACtB,MAAiB,EACjB,OAAyB;QAEzB,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QAE3C,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;YAChB,OAAO,MAAM,CAAC,MAAM,CAAC;gBACnB,MAAM;gBACN,OAAO,EAAE,IAAI;gBACb,OAAO,EAAE,4BAA4B,MAAM,EAAE;gBAC7C,SAAS;aACV,CAAC,CAAC;QACL,CAAC;QAED,IAAI,CAAC;YACH,MAAM,UAAU,GAAG,iBAAiB,CAAC,MAAM,CAAC,CAAC;YAC7C,IAAI,CAAC,UAAU,EAAE,CAAC;gBAChB,OAAO,MAAM,CAAC,MAAM,CAAC;oBACnB,MAAM;oBACN,OAAO,EAAE,KAAK;oBACd,OAAO,EAAE,mBAAmB,MAAM,EAAE;oBACpC,SAAS;iBACV,CAAC,CAAC;YACL,CAAC;YAED,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,UAAU,CAEzB,CAAC;YAEd,IAAI,OAAO,MAAM,KAAK,UAAU,EAAE,CAAC;gBACjC,OAAO,MAAM,CAAC,MAAM,CAAC;oBACnB,MAAM;oBACN,OAAO,EAAE,KAAK;oBACd,OAAO,EAAE,YAAY,IAAI,CAAC,OAAO,CAAC,IAAI,yBAAyB,UAAU,EAAE;oBAC3E,SAAS;iBACV,CAAC,CAAC;YACL,CAAC;YAED,OAAO,MAAM,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QAClD,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YACjE,OAAO,MAAM,CAAC,MAAM,CAAC;gBACnB,MAAM;gBACN,OAAO,EAAE,KAAK;gBACd,OAAO,EAAE,WAAW,MAAM,aAAa,OAAO,EAAE;gBAChD,SAAS;aACV,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,2CAA2C;IAC3C,cAAc;QACZ,OAAO,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC;IAC3B,CAAC;IAED,uCAAuC;IACvC,QAAQ;QACN,OAAO,IAAI,CAAC,MAAM,CAAC;IACrB,CAAC;CACF"}
|
|
@@ -7,7 +7,7 @@
|
|
|
7
7
|
*
|
|
8
8
|
* @module agent-threat-rules/adapters/default-adapter
|
|
9
9
|
*/
|
|
10
|
-
import type { ActionResult, ExecutionContext, PlatformAdapter } from
|
|
10
|
+
import type { ActionResult, ExecutionContext, PlatformAdapter } from "../types.js";
|
|
11
11
|
export declare class DefaultAdapter implements PlatformAdapter {
|
|
12
12
|
readonly name = "default";
|
|
13
13
|
blockInput(ctx: ExecutionContext): Promise<ActionResult>;
|
|
@@ -16,6 +16,7 @@ export declare class DefaultAdapter implements PlatformAdapter {
|
|
|
16
16
|
quarantineSession(ctx: ExecutionContext): Promise<ActionResult>;
|
|
17
17
|
resetContext(ctx: ExecutionContext): Promise<ActionResult>;
|
|
18
18
|
alert(ctx: ExecutionContext): Promise<ActionResult>;
|
|
19
|
+
shadow(ctx: ExecutionContext): Promise<ActionResult>;
|
|
19
20
|
snapshot(ctx: ExecutionContext): Promise<ActionResult>;
|
|
20
21
|
escalate(ctx: ExecutionContext): Promise<ActionResult>;
|
|
21
22
|
reducePermissions(ctx: ExecutionContext): Promise<ActionResult>;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"default-adapter.d.ts","sourceRoot":"","sources":["../../src/adapters/default-adapter.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,KAAK,EACV,YAAY,EACZ,gBAAgB,EAChB,eAAe,EAChB,MAAM,aAAa,CAAC;AAcrB,qBAAa,cAAe,YAAW,eAAe;IACpD,QAAQ,CAAC,IAAI,aAAa;IAEpB,UAAU,CAAC,GAAG,EAAE,gBAAgB,GAAG,OAAO,CAAC,YAAY,CAAC;IAIxD,WAAW,CAAC,GAAG,EAAE,gBAAgB,GAAG,OAAO,CAAC,YAAY,CAAC;IAIzD,SAAS,CAAC,GAAG,EAAE,gBAAgB,GAAG,OAAO,CAAC,YAAY,CAAC;IAIvD,iBAAiB,CAAC,GAAG,EAAE,gBAAgB,GAAG,OAAO,CAAC,YAAY,CAAC;IAI/D,YAAY,CAAC,GAAG,EAAE,gBAAgB,GAAG,OAAO,CAAC,YAAY,CAAC;IAI1D,KAAK,CAAC,GAAG,EAAE,gBAAgB,GAAG,OAAO,CAAC,YAAY,CAAC;IAInD,QAAQ,CAAC,GAAG,EAAE,gBAAgB,GAAG,OAAO,CAAC,YAAY,CAAC;IAItD,QAAQ,CAAC,GAAG,EAAE,gBAAgB,GAAG,OAAO,CAAC,YAAY,CAAC;IAItD,iBAAiB,CAAC,GAAG,EAAE,gBAAgB,GAAG,OAAO,CAAC,YAAY,CAAC;IAI/D,SAAS,CAAC,GAAG,EAAE,gBAAgB,GAAG,OAAO,CAAC,YAAY,CAAC;CAG9D"}
|
|
1
|
+
{"version":3,"file":"default-adapter.d.ts","sourceRoot":"","sources":["../../src/adapters/default-adapter.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,KAAK,EACV,YAAY,EACZ,gBAAgB,EAChB,eAAe,EAChB,MAAM,aAAa,CAAC;AAcrB,qBAAa,cAAe,YAAW,eAAe;IACpD,QAAQ,CAAC,IAAI,aAAa;IAEpB,UAAU,CAAC,GAAG,EAAE,gBAAgB,GAAG,OAAO,CAAC,YAAY,CAAC;IAIxD,WAAW,CAAC,GAAG,EAAE,gBAAgB,GAAG,OAAO,CAAC,YAAY,CAAC;IAIzD,SAAS,CAAC,GAAG,EAAE,gBAAgB,GAAG,OAAO,CAAC,YAAY,CAAC;IAIvD,iBAAiB,CAAC,GAAG,EAAE,gBAAgB,GAAG,OAAO,CAAC,YAAY,CAAC;IAI/D,YAAY,CAAC,GAAG,EAAE,gBAAgB,GAAG,OAAO,CAAC,YAAY,CAAC;IAI1D,KAAK,CAAC,GAAG,EAAE,gBAAgB,GAAG,OAAO,CAAC,YAAY,CAAC;IAInD,MAAM,CAAC,GAAG,EAAE,gBAAgB,GAAG,OAAO,CAAC,YAAY,CAAC;IAIpD,QAAQ,CAAC,GAAG,EAAE,gBAAgB,GAAG,OAAO,CAAC,YAAY,CAAC;IAItD,QAAQ,CAAC,GAAG,EAAE,gBAAgB,GAAG,OAAO,CAAC,YAAY,CAAC;IAItD,iBAAiB,CAAC,GAAG,EAAE,gBAAgB,GAAG,OAAO,CAAC,YAAY,CAAC;IAI/D,SAAS,CAAC,GAAG,EAAE,gBAAgB,GAAG,OAAO,CAAC,YAAY,CAAC;CAG9D"}
|
|
@@ -16,36 +16,39 @@ function createResult(action, ctx) {
|
|
|
16
16
|
});
|
|
17
17
|
}
|
|
18
18
|
export class DefaultAdapter {
|
|
19
|
-
name =
|
|
19
|
+
name = "default";
|
|
20
20
|
async blockInput(ctx) {
|
|
21
|
-
return createResult(
|
|
21
|
+
return createResult("block_input", ctx);
|
|
22
22
|
}
|
|
23
23
|
async blockOutput(ctx) {
|
|
24
|
-
return createResult(
|
|
24
|
+
return createResult("block_output", ctx);
|
|
25
25
|
}
|
|
26
26
|
async blockTool(ctx) {
|
|
27
|
-
return createResult(
|
|
27
|
+
return createResult("block_tool", ctx);
|
|
28
28
|
}
|
|
29
29
|
async quarantineSession(ctx) {
|
|
30
|
-
return createResult(
|
|
30
|
+
return createResult("quarantine_session", ctx);
|
|
31
31
|
}
|
|
32
32
|
async resetContext(ctx) {
|
|
33
|
-
return createResult(
|
|
33
|
+
return createResult("reset_context", ctx);
|
|
34
34
|
}
|
|
35
35
|
async alert(ctx) {
|
|
36
|
-
return createResult(
|
|
36
|
+
return createResult("alert", ctx);
|
|
37
|
+
}
|
|
38
|
+
async shadow(ctx) {
|
|
39
|
+
return createResult("shadow", ctx);
|
|
37
40
|
}
|
|
38
41
|
async snapshot(ctx) {
|
|
39
|
-
return createResult(
|
|
42
|
+
return createResult("snapshot", ctx);
|
|
40
43
|
}
|
|
41
44
|
async escalate(ctx) {
|
|
42
|
-
return createResult(
|
|
45
|
+
return createResult("escalate", ctx);
|
|
43
46
|
}
|
|
44
47
|
async reducePermissions(ctx) {
|
|
45
|
-
return createResult(
|
|
48
|
+
return createResult("reduce_permissions", ctx);
|
|
46
49
|
}
|
|
47
50
|
async killAgent(ctx) {
|
|
48
|
-
return createResult(
|
|
51
|
+
return createResult("kill_agent", ctx);
|
|
49
52
|
}
|
|
50
53
|
}
|
|
51
54
|
//# sourceMappingURL=default-adapter.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"default-adapter.js","sourceRoot":"","sources":["../../src/adapters/default-adapter.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAQH,SAAS,YAAY,CACnB,MAA8B,EAC9B,GAAqB;IAErB,OAAO,MAAM,CAAC,MAAM,CAAC;QACnB,MAAM;QACN,OAAO,EAAE,IAAI;QACb,OAAO,EAAE,IAAI,MAAM,iCAAiC,GAAG,CAAC,OAAO,CAAC,OAAO,EAAE;QACzE,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;KACpC,CAAC,CAAC;AACL,CAAC;AAED,MAAM,OAAO,cAAc;IAChB,IAAI,GAAG,SAAS,CAAC;IAE1B,KAAK,CAAC,UAAU,CAAC,GAAqB;QACpC,OAAO,YAAY,CAAC,aAAa,EAAE,GAAG,CAAC,CAAC;IAC1C,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,GAAqB;QACrC,OAAO,YAAY,CAAC,cAAc,EAAE,GAAG,CAAC,CAAC;IAC3C,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,GAAqB;QACnC,OAAO,YAAY,CAAC,YAAY,EAAE,GAAG,CAAC,CAAC;IACzC,CAAC;IAED,KAAK,CAAC,iBAAiB,CAAC,GAAqB;QAC3C,OAAO,YAAY,CAAC,oBAAoB,EAAE,GAAG,CAAC,CAAC;IACjD,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,GAAqB;QACtC,OAAO,YAAY,CAAC,eAAe,EAAE,GAAG,CAAC,CAAC;IAC5C,CAAC;IAED,KAAK,CAAC,KAAK,CAAC,GAAqB;QAC/B,OAAO,YAAY,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;IACpC,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,GAAqB;QAClC,OAAO,YAAY,CAAC,UAAU,EAAE,GAAG,CAAC,CAAC;IACvC,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,GAAqB;QAClC,OAAO,YAAY,CAAC,UAAU,EAAE,GAAG,CAAC,CAAC;IACvC,CAAC;IAED,KAAK,CAAC,iBAAiB,CAAC,GAAqB;QAC3C,OAAO,YAAY,CAAC,oBAAoB,EAAE,GAAG,CAAC,CAAC;IACjD,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,GAAqB;QACnC,OAAO,YAAY,CAAC,YAAY,EAAE,GAAG,CAAC,CAAC;IACzC,CAAC;CACF"}
|
|
1
|
+
{"version":3,"file":"default-adapter.js","sourceRoot":"","sources":["../../src/adapters/default-adapter.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAQH,SAAS,YAAY,CACnB,MAA8B,EAC9B,GAAqB;IAErB,OAAO,MAAM,CAAC,MAAM,CAAC;QACnB,MAAM;QACN,OAAO,EAAE,IAAI;QACb,OAAO,EAAE,IAAI,MAAM,iCAAiC,GAAG,CAAC,OAAO,CAAC,OAAO,EAAE;QACzE,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;KACpC,CAAC,CAAC;AACL,CAAC;AAED,MAAM,OAAO,cAAc;IAChB,IAAI,GAAG,SAAS,CAAC;IAE1B,KAAK,CAAC,UAAU,CAAC,GAAqB;QACpC,OAAO,YAAY,CAAC,aAAa,EAAE,GAAG,CAAC,CAAC;IAC1C,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,GAAqB;QACrC,OAAO,YAAY,CAAC,cAAc,EAAE,GAAG,CAAC,CAAC;IAC3C,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,GAAqB;QACnC,OAAO,YAAY,CAAC,YAAY,EAAE,GAAG,CAAC,CAAC;IACzC,CAAC;IAED,KAAK,CAAC,iBAAiB,CAAC,GAAqB;QAC3C,OAAO,YAAY,CAAC,oBAAoB,EAAE,GAAG,CAAC,CAAC;IACjD,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,GAAqB;QACtC,OAAO,YAAY,CAAC,eAAe,EAAE,GAAG,CAAC,CAAC;IAC5C,CAAC;IAED,KAAK,CAAC,KAAK,CAAC,GAAqB;QAC/B,OAAO,YAAY,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;IACpC,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,GAAqB;QAChC,OAAO,YAAY,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;IACrC,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,GAAqB;QAClC,OAAO,YAAY,CAAC,UAAU,EAAE,GAAG,CAAC,CAAC;IACvC,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,GAAqB;QAClC,OAAO,YAAY,CAAC,UAAU,EAAE,GAAG,CAAC,CAAC;IACvC,CAAC;IAED,KAAK,CAAC,iBAAiB,CAAC,GAAqB;QAC3C,OAAO,YAAY,CAAC,oBAAoB,EAAE,GAAG,CAAC,CAAC;IACjD,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,GAAqB;QACnC,OAAO,YAAY,CAAC,YAAY,EAAE,GAAG,CAAC,CAAC;IACzC,CAAC;CACF"}
|
|
@@ -7,7 +7,7 @@
|
|
|
7
7
|
*
|
|
8
8
|
* @module agent-threat-rules/adapters/stdio-adapter
|
|
9
9
|
*/
|
|
10
|
-
import type { ActionResult, ExecutionContext, PlatformAdapter } from
|
|
10
|
+
import type { ActionResult, ExecutionContext, PlatformAdapter } from "../types.js";
|
|
11
11
|
export declare class StdioAdapter implements PlatformAdapter {
|
|
12
12
|
readonly name = "stdio";
|
|
13
13
|
private readonly responseBuffer;
|
|
@@ -22,6 +22,7 @@ export declare class StdioAdapter implements PlatformAdapter {
|
|
|
22
22
|
quarantineSession(ctx: ExecutionContext): Promise<ActionResult>;
|
|
23
23
|
resetContext(ctx: ExecutionContext): Promise<ActionResult>;
|
|
24
24
|
alert(ctx: ExecutionContext): Promise<ActionResult>;
|
|
25
|
+
shadow(ctx: ExecutionContext): Promise<ActionResult>;
|
|
25
26
|
snapshot(ctx: ExecutionContext): Promise<ActionResult>;
|
|
26
27
|
escalate(ctx: ExecutionContext): Promise<ActionResult>;
|
|
27
28
|
reducePermissions(ctx: ExecutionContext): Promise<ActionResult>;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"stdio-adapter.d.ts","sourceRoot":"","sources":["../../src/adapters/stdio-adapter.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,KAAK,EACV,YAAY,EACZ,gBAAgB,EAChB,eAAe,EAChB,MAAM,aAAa,CAAC;AAcrB,qBAAa,YAAa,YAAW,eAAe;IAClD,QAAQ,CAAC,IAAI,WAAW;IACxB,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAiB;IAEhD;;;OAGG;IACH,cAAc,IAAI,SAAS,OAAO,EAAE;IAM9B,UAAU,CAAC,GAAG,EAAE,gBAAgB,GAAG,OAAO,CAAC,YAAY,CAAC;IAUxD,WAAW,CAAC,GAAG,EAAE,gBAAgB,GAAG,OAAO,CAAC,YAAY,CAAC;IAUzD,SAAS,CAAC,GAAG,EAAE,gBAAgB,GAAG,OAAO,CAAC,YAAY,CAAC;IAWvD,iBAAiB,CAAC,GAAG,EAAE,gBAAgB,GAAG,OAAO,CAAC,YAAY,CAAC;
|
|
1
|
+
{"version":3,"file":"stdio-adapter.d.ts","sourceRoot":"","sources":["../../src/adapters/stdio-adapter.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,KAAK,EACV,YAAY,EACZ,gBAAgB,EAChB,eAAe,EAChB,MAAM,aAAa,CAAC;AAcrB,qBAAa,YAAa,YAAW,eAAe;IAClD,QAAQ,CAAC,IAAI,WAAW;IACxB,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAiB;IAEhD;;;OAGG;IACH,cAAc,IAAI,SAAS,OAAO,EAAE;IAM9B,UAAU,CAAC,GAAG,EAAE,gBAAgB,GAAG,OAAO,CAAC,YAAY,CAAC;IAUxD,WAAW,CAAC,GAAG,EAAE,gBAAgB,GAAG,OAAO,CAAC,YAAY,CAAC;IAUzD,SAAS,CAAC,GAAG,EAAE,gBAAgB,GAAG,OAAO,CAAC,YAAY,CAAC;IAWvD,iBAAiB,CAAC,GAAG,EAAE,gBAAgB,GAAG,OAAO,CAAC,YAAY,CAAC;IAa/D,YAAY,CAAC,GAAG,EAAE,gBAAgB,GAAG,OAAO,CAAC,YAAY,CAAC;IAS1D,KAAK,CAAC,GAAG,EAAE,gBAAgB,GAAG,OAAO,CAAC,YAAY,CAAC;IAWnD,MAAM,CAAC,GAAG,EAAE,gBAAgB,GAAG,OAAO,CAAC,YAAY,CAAC;IAqBpD,QAAQ,CAAC,GAAG,EAAE,gBAAgB,GAAG,OAAO,CAAC,YAAY,CAAC;IAetD,QAAQ,CAAC,GAAG,EAAE,gBAAgB,GAAG,OAAO,CAAC,YAAY,CAAC;IAWtD,iBAAiB,CAAC,GAAG,EAAE,gBAAgB,GAAG,OAAO,CAAC,YAAY,CAAC;IAa/D,SAAS,CAAC,GAAG,EAAE,gBAAgB,GAAG,OAAO,CAAC,YAAY,CAAC;CAS9D"}
|
|
@@ -16,7 +16,7 @@ function makeResult(action, message) {
|
|
|
16
16
|
});
|
|
17
17
|
}
|
|
18
18
|
export class StdioAdapter {
|
|
19
|
-
name =
|
|
19
|
+
name = "stdio";
|
|
20
20
|
responseBuffer = [];
|
|
21
21
|
/**
|
|
22
22
|
* Get buffered responses and clear the buffer.
|
|
@@ -29,62 +29,79 @@ export class StdioAdapter {
|
|
|
29
29
|
}
|
|
30
30
|
async blockInput(ctx) {
|
|
31
31
|
const entry = {
|
|
32
|
-
action:
|
|
32
|
+
action: "block_input",
|
|
33
33
|
verdict: ctx.verdict.outcome,
|
|
34
34
|
reason: ctx.verdict.reason,
|
|
35
35
|
};
|
|
36
36
|
this.responseBuffer.push(entry);
|
|
37
|
-
return makeResult(
|
|
37
|
+
return makeResult("block_input", "Input blocked via stdio protocol");
|
|
38
38
|
}
|
|
39
39
|
async blockOutput(ctx) {
|
|
40
40
|
const entry = {
|
|
41
|
-
action:
|
|
41
|
+
action: "block_output",
|
|
42
42
|
verdict: ctx.verdict.outcome,
|
|
43
43
|
reason: ctx.verdict.reason,
|
|
44
44
|
};
|
|
45
45
|
this.responseBuffer.push(entry);
|
|
46
|
-
return makeResult(
|
|
46
|
+
return makeResult("block_output", "Output blocked via stdio protocol");
|
|
47
47
|
}
|
|
48
48
|
async blockTool(ctx) {
|
|
49
49
|
const entry = {
|
|
50
|
-
action:
|
|
50
|
+
action: "block_tool",
|
|
51
51
|
verdict: ctx.verdict.outcome,
|
|
52
52
|
reason: ctx.verdict.reason,
|
|
53
|
-
tool: ctx.event.fields?.[
|
|
53
|
+
tool: ctx.event.fields?.["tool_name"] ?? "unknown",
|
|
54
54
|
};
|
|
55
55
|
this.responseBuffer.push(entry);
|
|
56
|
-
return makeResult(
|
|
56
|
+
return makeResult("block_tool", "Tool blocked via stdio protocol");
|
|
57
57
|
}
|
|
58
58
|
async quarantineSession(ctx) {
|
|
59
59
|
const entry = {
|
|
60
|
-
action:
|
|
60
|
+
action: "quarantine_session",
|
|
61
61
|
verdict: ctx.verdict.outcome,
|
|
62
|
-
sessionId: ctx.sessionId ??
|
|
62
|
+
sessionId: ctx.sessionId ?? "unknown",
|
|
63
63
|
};
|
|
64
64
|
this.responseBuffer.push(entry);
|
|
65
|
-
return makeResult(
|
|
65
|
+
return makeResult("quarantine_session", "Session quarantined via stdio protocol");
|
|
66
66
|
}
|
|
67
67
|
async resetContext(ctx) {
|
|
68
68
|
const entry = {
|
|
69
|
-
action:
|
|
69
|
+
action: "reset_context",
|
|
70
70
|
verdict: ctx.verdict.outcome,
|
|
71
71
|
};
|
|
72
72
|
this.responseBuffer.push(entry);
|
|
73
|
-
return makeResult(
|
|
73
|
+
return makeResult("reset_context", "Context reset via stdio protocol");
|
|
74
74
|
}
|
|
75
75
|
async alert(ctx) {
|
|
76
76
|
const alertMsg = {
|
|
77
|
-
type:
|
|
77
|
+
type: "alert",
|
|
78
78
|
severity: ctx.verdict.highestSeverity,
|
|
79
79
|
reason: ctx.verdict.reason,
|
|
80
80
|
matchCount: ctx.verdict.matchCount,
|
|
81
81
|
};
|
|
82
|
-
process.stderr.write(JSON.stringify(alertMsg) +
|
|
83
|
-
return makeResult(
|
|
82
|
+
process.stderr.write(JSON.stringify(alertMsg) + "\n");
|
|
83
|
+
return makeResult("alert", "Alert written to stderr");
|
|
84
|
+
}
|
|
85
|
+
async shadow(ctx) {
|
|
86
|
+
// Shadow mode: record the match for audit but never surface it to
|
|
87
|
+
// the user or the agent runtime. Output is gated behind an env var
|
|
88
|
+
// so production consumers can opt-in to the audit stream.
|
|
89
|
+
if (process.env.ATR_SHADOW_LOG) {
|
|
90
|
+
const shadowMsg = {
|
|
91
|
+
type: "shadow",
|
|
92
|
+
severity: ctx.verdict.highestSeverity,
|
|
93
|
+
reason: ctx.verdict.reason,
|
|
94
|
+
matchCount: ctx.verdict.matchCount,
|
|
95
|
+
ruleIds: ctx.matches.map((m) => m.rule.id),
|
|
96
|
+
timestamp: new Date().toISOString(),
|
|
97
|
+
};
|
|
98
|
+
process.stderr.write(JSON.stringify(shadowMsg) + "\n");
|
|
99
|
+
}
|
|
100
|
+
return makeResult("shadow", "Shadow match recorded (no user-facing output)");
|
|
84
101
|
}
|
|
85
102
|
async snapshot(ctx) {
|
|
86
103
|
const snapshotData = {
|
|
87
|
-
type:
|
|
104
|
+
type: "snapshot",
|
|
88
105
|
event: {
|
|
89
106
|
type: ctx.event.type,
|
|
90
107
|
contentPreview: ctx.event.content.slice(0, 200),
|
|
@@ -93,36 +110,36 @@ export class StdioAdapter {
|
|
|
93
110
|
matchCount: ctx.verdict.matchCount,
|
|
94
111
|
timestamp: new Date().toISOString(),
|
|
95
112
|
};
|
|
96
|
-
process.stderr.write(JSON.stringify(snapshotData) +
|
|
97
|
-
return makeResult(
|
|
113
|
+
process.stderr.write(JSON.stringify(snapshotData) + "\n");
|
|
114
|
+
return makeResult("snapshot", "Snapshot written to stderr");
|
|
98
115
|
}
|
|
99
116
|
async escalate(ctx) {
|
|
100
117
|
const escalation = {
|
|
101
|
-
type:
|
|
118
|
+
type: "escalation",
|
|
102
119
|
severity: ctx.verdict.highestSeverity,
|
|
103
120
|
reason: ctx.verdict.reason,
|
|
104
121
|
matchCount: ctx.verdict.matchCount,
|
|
105
122
|
};
|
|
106
|
-
process.stderr.write(JSON.stringify(escalation) +
|
|
107
|
-
return makeResult(
|
|
123
|
+
process.stderr.write(JSON.stringify(escalation) + "\n");
|
|
124
|
+
return makeResult("escalate", "Escalation written to stderr");
|
|
108
125
|
}
|
|
109
126
|
async reducePermissions(ctx) {
|
|
110
127
|
const entry = {
|
|
111
|
-
action:
|
|
128
|
+
action: "reduce_permissions",
|
|
112
129
|
verdict: ctx.verdict.outcome,
|
|
113
130
|
reason: ctx.verdict.reason,
|
|
114
131
|
};
|
|
115
132
|
this.responseBuffer.push(entry);
|
|
116
|
-
return makeResult(
|
|
133
|
+
return makeResult("reduce_permissions", "Permissions reduced via stdio protocol");
|
|
117
134
|
}
|
|
118
135
|
async killAgent(ctx) {
|
|
119
136
|
const entry = {
|
|
120
|
-
action:
|
|
137
|
+
action: "kill_agent",
|
|
121
138
|
verdict: ctx.verdict.outcome,
|
|
122
139
|
reason: ctx.verdict.reason,
|
|
123
140
|
};
|
|
124
141
|
this.responseBuffer.push(entry);
|
|
125
|
-
return makeResult(
|
|
142
|
+
return makeResult("kill_agent", "Agent kill requested via stdio protocol");
|
|
126
143
|
}
|
|
127
144
|
}
|
|
128
145
|
//# sourceMappingURL=stdio-adapter.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"stdio-adapter.js","sourceRoot":"","sources":["../../src/adapters/stdio-adapter.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAQH,SAAS,UAAU,CACjB,MAA8B,EAC9B,OAAe;IAEf,OAAO,MAAM,CAAC,MAAM,CAAC;QACnB,MAAM;QACN,OAAO,EAAE,IAAI;QACb,OAAO;QACP,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;KACpC,CAAC,CAAC;AACL,CAAC;AAED,MAAM,OAAO,YAAY;IACd,IAAI,GAAG,OAAO,CAAC;IACP,cAAc,GAAc,EAAE,CAAC;IAEhD;;;OAGG;IACH,cAAc;QACZ,MAAM,IAAI,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,GAAG,IAAI,CAAC,cAAc,CAAC,CAAC,CAAC;QACrD,IAAI,CAAC,cAAc,CAAC,MAAM,GAAG,CAAC,CAAC;QAC/B,OAAO,IAAI,CAAC;IACd,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,GAAqB;QACpC,MAAM,KAAK,GAAG;YACZ,MAAM,EAAE,aAAa;YACrB,OAAO,EAAE,GAAG,CAAC,OAAO,CAAC,OAAO;YAC5B,MAAM,EAAE,GAAG,CAAC,OAAO,CAAC,MAAM;SAC3B,CAAC;QACF,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAChC,OAAO,UAAU,CAAC,aAAa,EAAE,kCAAkC,CAAC,CAAC;IACvE,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,GAAqB;QACrC,MAAM,KAAK,GAAG;YACZ,MAAM,EAAE,cAAc;YACtB,OAAO,EAAE,GAAG,CAAC,OAAO,CAAC,OAAO;YAC5B,MAAM,EAAE,GAAG,CAAC,OAAO,CAAC,MAAM;SAC3B,CAAC;QACF,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAChC,OAAO,UAAU,CAAC,cAAc,EAAE,mCAAmC,CAAC,CAAC;IACzE,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,GAAqB;QACnC,MAAM,KAAK,GAAG;YACZ,MAAM,EAAE,YAAY;YACpB,OAAO,EAAE,GAAG,CAAC,OAAO,CAAC,OAAO;YAC5B,MAAM,EAAE,GAAG,CAAC,OAAO,CAAC,MAAM;YAC1B,IAAI,EAAE,GAAG,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,WAAW,CAAC,IAAI,SAAS;SACnD,CAAC;QACF,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAChC,OAAO,UAAU,CAAC,YAAY,EAAE,iCAAiC,CAAC,CAAC;IACrE,CAAC;IAED,KAAK,CAAC,iBAAiB,CAAC,GAAqB;QAC3C,MAAM,KAAK,GAAG;YACZ,MAAM,EAAE,oBAAoB;YAC5B,OAAO,EAAE,GAAG,CAAC,OAAO,CAAC,OAAO;YAC5B,SAAS,EAAE,GAAG,CAAC,SAAS,IAAI,SAAS;SACtC,CAAC;QACF,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAChC,OAAO,UAAU,
|
|
1
|
+
{"version":3,"file":"stdio-adapter.js","sourceRoot":"","sources":["../../src/adapters/stdio-adapter.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAQH,SAAS,UAAU,CACjB,MAA8B,EAC9B,OAAe;IAEf,OAAO,MAAM,CAAC,MAAM,CAAC;QACnB,MAAM;QACN,OAAO,EAAE,IAAI;QACb,OAAO;QACP,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;KACpC,CAAC,CAAC;AACL,CAAC;AAED,MAAM,OAAO,YAAY;IACd,IAAI,GAAG,OAAO,CAAC;IACP,cAAc,GAAc,EAAE,CAAC;IAEhD;;;OAGG;IACH,cAAc;QACZ,MAAM,IAAI,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,GAAG,IAAI,CAAC,cAAc,CAAC,CAAC,CAAC;QACrD,IAAI,CAAC,cAAc,CAAC,MAAM,GAAG,CAAC,CAAC;QAC/B,OAAO,IAAI,CAAC;IACd,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,GAAqB;QACpC,MAAM,KAAK,GAAG;YACZ,MAAM,EAAE,aAAa;YACrB,OAAO,EAAE,GAAG,CAAC,OAAO,CAAC,OAAO;YAC5B,MAAM,EAAE,GAAG,CAAC,OAAO,CAAC,MAAM;SAC3B,CAAC;QACF,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAChC,OAAO,UAAU,CAAC,aAAa,EAAE,kCAAkC,CAAC,CAAC;IACvE,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,GAAqB;QACrC,MAAM,KAAK,GAAG;YACZ,MAAM,EAAE,cAAc;YACtB,OAAO,EAAE,GAAG,CAAC,OAAO,CAAC,OAAO;YAC5B,MAAM,EAAE,GAAG,CAAC,OAAO,CAAC,MAAM;SAC3B,CAAC;QACF,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAChC,OAAO,UAAU,CAAC,cAAc,EAAE,mCAAmC,CAAC,CAAC;IACzE,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,GAAqB;QACnC,MAAM,KAAK,GAAG;YACZ,MAAM,EAAE,YAAY;YACpB,OAAO,EAAE,GAAG,CAAC,OAAO,CAAC,OAAO;YAC5B,MAAM,EAAE,GAAG,CAAC,OAAO,CAAC,MAAM;YAC1B,IAAI,EAAE,GAAG,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,WAAW,CAAC,IAAI,SAAS;SACnD,CAAC;QACF,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAChC,OAAO,UAAU,CAAC,YAAY,EAAE,iCAAiC,CAAC,CAAC;IACrE,CAAC;IAED,KAAK,CAAC,iBAAiB,CAAC,GAAqB;QAC3C,MAAM,KAAK,GAAG;YACZ,MAAM,EAAE,oBAAoB;YAC5B,OAAO,EAAE,GAAG,CAAC,OAAO,CAAC,OAAO;YAC5B,SAAS,EAAE,GAAG,CAAC,SAAS,IAAI,SAAS;SACtC,CAAC;QACF,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAChC,OAAO,UAAU,CACf,oBAAoB,EACpB,wCAAwC,CACzC,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,GAAqB;QACtC,MAAM,KAAK,GAAG;YACZ,MAAM,EAAE,eAAe;YACvB,OAAO,EAAE,GAAG,CAAC,OAAO,CAAC,OAAO;SAC7B,CAAC;QACF,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAChC,OAAO,UAAU,CAAC,eAAe,EAAE,kCAAkC,CAAC,CAAC;IACzE,CAAC;IAED,KAAK,CAAC,KAAK,CAAC,GAAqB;QAC/B,MAAM,QAAQ,GAAG;YACf,IAAI,EAAE,OAAO;YACb,QAAQ,EAAE,GAAG,CAAC,OAAO,CAAC,eAAe;YACrC,MAAM,EAAE,GAAG,CAAC,OAAO,CAAC,MAAM;YAC1B,UAAU,EAAE,GAAG,CAAC,OAAO,CAAC,UAAU;SACnC,CAAC;QACF,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,GAAG,IAAI,CAAC,CAAC;QACtD,OAAO,UAAU,CAAC,OAAO,EAAE,yBAAyB,CAAC,CAAC;IACxD,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,GAAqB;QAChC,kEAAkE;QAClE,mEAAmE;QACnE,0DAA0D;QAC1D,IAAI,OAAO,CAAC,GAAG,CAAC,cAAc,EAAE,CAAC;YAC/B,MAAM,SAAS,GAAG;gBAChB,IAAI,EAAE,QAAQ;gBACd,QAAQ,EAAE,GAAG,CAAC,OAAO,CAAC,eAAe;gBACrC,MAAM,EAAE,GAAG,CAAC,OAAO,CAAC,MAAM;gBAC1B,UAAU,EAAE,GAAG,CAAC,OAAO,CAAC,UAAU;gBAClC,OAAO,EAAE,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC1C,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;aACpC,CAAC;YACF,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,GAAG,IAAI,CAAC,CAAC;QACzD,CAAC;QACD,OAAO,UAAU,CACf,QAAQ,EACR,+CAA+C,CAChD,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,GAAqB;QAClC,MAAM,YAAY,GAAG;YACnB,IAAI,EAAE,UAAU;YAChB,KAAK,EAAE;gBACL,IAAI,EAAE,GAAG,CAAC,KAAK,CAAC,IAAI;gBACpB,cAAc,EAAE,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;aAChD;YACD,OAAO,EAAE,GAAG,CAAC,OAAO,CAAC,OAAO;YAC5B,UAAU,EAAE,GAAG,CAAC,OAAO,CAAC,UAAU;YAClC,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACpC,CAAC;QACF,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,GAAG,IAAI,CAAC,CAAC;QAC1D,OAAO,UAAU,CAAC,UAAU,EAAE,4BAA4B,CAAC,CAAC;IAC9D,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,GAAqB;QAClC,MAAM,UAAU,GAAG;YACjB,IAAI,EAAE,YAAY;YAClB,QAAQ,EAAE,GAAG,CAAC,OAAO,CAAC,eAAe;YACrC,MAAM,EAAE,GAAG,CAAC,OAAO,CAAC,MAAM;YAC1B,UAAU,EAAE,GAAG,CAAC,OAAO,CAAC,UAAU;SACnC,CAAC;QACF,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,GAAG,IAAI,CAAC,CAAC;QACxD,OAAO,UAAU,CAAC,UAAU,EAAE,8BAA8B,CAAC,CAAC;IAChE,CAAC;IAED,KAAK,CAAC,iBAAiB,CAAC,GAAqB;QAC3C,MAAM,KAAK,GAAG;YACZ,MAAM,EAAE,oBAAoB;YAC5B,OAAO,EAAE,GAAG,CAAC,OAAO,CAAC,OAAO;YAC5B,MAAM,EAAE,GAAG,CAAC,OAAO,CAAC,MAAM;SAC3B,CAAC;QACF,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAChC,OAAO,UAAU,CACf,oBAAoB,EACpB,wCAAwC,CACzC,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,GAAqB;QACnC,MAAM,KAAK,GAAG;YACZ,MAAM,EAAE,YAAY;YACpB,OAAO,EAAE,GAAG,CAAC,OAAO,CAAC,OAAO;YAC5B,MAAM,EAAE,GAAG,CAAC,OAAO,CAAC,MAAM;SAC3B,CAAC;QACF,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAChC,OAAO,UAAU,CAAC,YAAY,EAAE,yCAAyC,CAAC,CAAC;IAC7E,CAAC;CACF"}
|
|
@@ -29,4 +29,8 @@ export { ruleToElastic } from './elastic.js';
|
|
|
29
29
|
export { scanResultToSARIF } from './sarif.js';
|
|
30
30
|
export { ruleToGenericRegex, rulesToGenericRegex } from './generic-regex.js';
|
|
31
31
|
export type { GenericRegexRule, GenericRegexPattern } from './generic-regex.js';
|
|
32
|
+
export { atrToSage, atrToSageBatch, sageRulesToYaml, SageIdAllocator } from './sage.js';
|
|
33
|
+
export type { SageRule, SageSeverity, SageAction, SageMatchOn, ConvertResult as SageConvertResult, ConversionWarning as SageConversionWarning, } from './sage.js';
|
|
34
|
+
export { sageToAtr, sageToAtrBatch } from './sage-reverse.js';
|
|
35
|
+
export type { ReverseConvertResult, ReverseWarning } from './sage-reverse.js';
|
|
32
36
|
//# sourceMappingURL=index.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/converters/index.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,aAAa,CAAC;AAK3C,MAAM,MAAM,UAAU,GAAG,QAAQ,GAAG,SAAS,CAAC;AAC9C,MAAM,MAAM,YAAY,GAAG,UAAU,GAAG,OAAO,GAAG,eAAe,CAAC;AAElE,MAAM,WAAW,cAAc;IAC7B,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,MAAM,EAAE,UAAU,CAAC;IAC5B,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;CACxB;AAED;;GAEG;AACH,wBAAgB,WAAW,CAAC,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,UAAU,GAAG,cAAc,CAY7E;AAED;;GAEG;AACH,wBAAgB,eAAe,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,UAAU,GAAG,SAAS,cAAc,EAAE,CAG/F;AAED,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AACxC,OAAO,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAC7C,OAAO,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAC/C,OAAO,EAAE,kBAAkB,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AAC7E,YAAY,EAAE,gBAAgB,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/converters/index.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,aAAa,CAAC;AAK3C,MAAM,MAAM,UAAU,GAAG,QAAQ,GAAG,SAAS,CAAC;AAC9C,MAAM,MAAM,YAAY,GAAG,UAAU,GAAG,OAAO,GAAG,eAAe,CAAC;AAElE,MAAM,WAAW,cAAc;IAC7B,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,MAAM,EAAE,UAAU,CAAC;IAC5B,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;CACxB;AAED;;GAEG;AACH,wBAAgB,WAAW,CAAC,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,UAAU,GAAG,cAAc,CAY7E;AAED;;GAEG;AACH,wBAAgB,eAAe,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,UAAU,GAAG,SAAS,cAAc,EAAE,CAG/F;AAED,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AACxC,OAAO,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAC7C,OAAO,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAC/C,OAAO,EAAE,kBAAkB,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AAC7E,YAAY,EAAE,gBAAgB,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AAChF,OAAO,EAAE,SAAS,EAAE,cAAc,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,WAAW,CAAC;AACxF,YAAY,EACX,QAAQ,EACR,YAAY,EACZ,UAAU,EACV,WAAW,EACX,aAAa,IAAI,iBAAiB,EAClC,iBAAiB,IAAI,qBAAqB,GAC1C,MAAM,WAAW,CAAC;AACnB,OAAO,EAAE,SAAS,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AAC9D,YAAY,EAAE,oBAAoB,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC"}
|
package/dist/converters/index.js
CHANGED
|
@@ -35,4 +35,6 @@ export { ruleToSPL } from './splunk.js';
|
|
|
35
35
|
export { ruleToElastic } from './elastic.js';
|
|
36
36
|
export { scanResultToSARIF } from './sarif.js';
|
|
37
37
|
export { ruleToGenericRegex, rulesToGenericRegex } from './generic-regex.js';
|
|
38
|
+
export { atrToSage, atrToSageBatch, sageRulesToYaml, SageIdAllocator } from './sage.js';
|
|
39
|
+
export { sageToAtr, sageToAtrBatch } from './sage-reverse.js';
|
|
38
40
|
//# sourceMappingURL=index.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/converters/index.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAGH,OAAO,EAAE,sBAAsB,EAAE,MAAM,cAAc,CAAC;AACtD,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AACxC,OAAO,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAa7C;;GAEG;AACH,MAAM,UAAU,WAAW,CAAC,IAAa,EAAE,MAAkB;IAC3D,MAAM,KAAK,GAAG,MAAM,KAAK,QAAQ;QAC/B,CAAC,CAAC,SAAS,CAAC,IAAI,CAAC;QACjB,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;IAEjD,OAAO;QACL,MAAM,EAAE,IAAI,CAAC,EAAE;QACf,KAAK,EAAE,IAAI,CAAC,KAAK;QACjB,QAAQ,EAAE,IAAI,CAAC,QAAQ;QACvB,MAAM;QACN,KAAK;KACN,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,eAAe,CAAC,QAAgB,EAAE,MAAkB;IAClE,MAAM,KAAK,GAAG,sBAAsB,CAAC,QAAQ,CAAC,CAAC;IAC/C,OAAO,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,WAAW,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC,CAAC;AACtD,CAAC;AAED,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AACxC,OAAO,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAC7C,OAAO,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAC/C,OAAO,EAAE,kBAAkB,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/converters/index.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAGH,OAAO,EAAE,sBAAsB,EAAE,MAAM,cAAc,CAAC;AACtD,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AACxC,OAAO,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAa7C;;GAEG;AACH,MAAM,UAAU,WAAW,CAAC,IAAa,EAAE,MAAkB;IAC3D,MAAM,KAAK,GAAG,MAAM,KAAK,QAAQ;QAC/B,CAAC,CAAC,SAAS,CAAC,IAAI,CAAC;QACjB,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;IAEjD,OAAO;QACL,MAAM,EAAE,IAAI,CAAC,EAAE;QACf,KAAK,EAAE,IAAI,CAAC,KAAK;QACjB,QAAQ,EAAE,IAAI,CAAC,QAAQ;QACvB,MAAM;QACN,KAAK;KACN,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,eAAe,CAAC,QAAgB,EAAE,MAAkB;IAClE,MAAM,KAAK,GAAG,sBAAsB,CAAC,QAAQ,CAAC,CAAC;IAC/C,OAAO,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,WAAW,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC,CAAC;AACtD,CAAC;AAED,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AACxC,OAAO,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAC7C,OAAO,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAC/C,OAAO,EAAE,kBAAkB,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AAE7E,OAAO,EAAE,SAAS,EAAE,cAAc,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,WAAW,CAAC;AASxF,OAAO,EAAE,SAAS,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC"}
|
|
@@ -0,0 +1,52 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Sage → ATR Converter (reverse direction)
|
|
3
|
+
*
|
|
4
|
+
* Converts a Sage threat rule (from gendigitalinc/sage `threats/*.yaml`) into
|
|
5
|
+
* an ATR YAML rule suitable for contribution back to the ATR corpus.
|
|
6
|
+
*
|
|
7
|
+
* This is the smaller half of the bidirectional bridge. The forward
|
|
8
|
+
* direction (atrToSage) sees the heavy traffic; this reverse direction
|
|
9
|
+
* exists so that Sage maintainers who write rules in Sage's format can
|
|
10
|
+
* contribute them upstream to ATR without manual schema rewriting.
|
|
11
|
+
*
|
|
12
|
+
* Lossy spots:
|
|
13
|
+
* - Sage has no description field; we emit a placeholder description that
|
|
14
|
+
* humans must fill in before merging into ATR.
|
|
15
|
+
* - Sage has no test_cases; we emit a TODO block instructing humans to add
|
|
16
|
+
* true_positives + true_negatives (required for ATR PR acceptance).
|
|
17
|
+
* - Sage has no compliance metadata (eu_ai_act, nist_ai_rmf, etc.); humans
|
|
18
|
+
* must add these if the rule maps to a regulatory framework.
|
|
19
|
+
* - Sage has no references (mitre_atlas, owasp_llm, etc.); humans must add.
|
|
20
|
+
* - Sage `match_on: command|url|file_path|content|domain` → ATR field name.
|
|
21
|
+
* The translation is heuristic since Sage's "command" channel doesn't have
|
|
22
|
+
* a perfect ATR equivalent (closest is tool_args at invocation time).
|
|
23
|
+
*
|
|
24
|
+
* @module agent-threat-rules/converters/sage-reverse
|
|
25
|
+
*/
|
|
26
|
+
import type { ATRRule } from '../types.js';
|
|
27
|
+
import type { SageRule } from './sage.js';
|
|
28
|
+
export interface ReverseConvertResult {
|
|
29
|
+
readonly rule: ATRRule;
|
|
30
|
+
readonly warnings: readonly ReverseWarning[];
|
|
31
|
+
}
|
|
32
|
+
export interface ReverseWarning {
|
|
33
|
+
readonly sageId: string;
|
|
34
|
+
readonly kind: 'missing_description' | 'missing_test_cases' | 'missing_compliance' | 'missing_references' | 'category_unknown' | 'match_on_ambiguous';
|
|
35
|
+
readonly detail: string;
|
|
36
|
+
}
|
|
37
|
+
/**
|
|
38
|
+
* Convert a single Sage rule to an ATR rule.
|
|
39
|
+
*
|
|
40
|
+
* The output rule has TODO markers in description and test_cases fields
|
|
41
|
+
* that humans must fill in before merging. See module docstring for lossy
|
|
42
|
+
* spots that require human enrichment.
|
|
43
|
+
*/
|
|
44
|
+
export declare function sageToAtr(sage: SageRule): ReverseConvertResult;
|
|
45
|
+
/**
|
|
46
|
+
* Reverse-convert many Sage rules.
|
|
47
|
+
*/
|
|
48
|
+
export declare function sageToAtrBatch(sageRules: readonly SageRule[]): {
|
|
49
|
+
readonly rules: readonly ATRRule[];
|
|
50
|
+
readonly warnings: readonly ReverseWarning[];
|
|
51
|
+
};
|
|
52
|
+
//# sourceMappingURL=sage-reverse.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"sage-reverse.d.ts","sourceRoot":"","sources":["../../src/converters/sage-reverse.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AAEH,OAAO,KAAK,EACX,OAAO,EAKP,MAAM,aAAa,CAAC;AACrB,OAAO,KAAK,EAAE,QAAQ,EAAyC,MAAM,WAAW,CAAC;AAEjF,MAAM,WAAW,oBAAoB;IACpC,QAAQ,CAAC,IAAI,EAAE,OAAO,CAAC;IACvB,QAAQ,CAAC,QAAQ,EAAE,SAAS,cAAc,EAAE,CAAC;CAC7C;AAED,MAAM,WAAW,cAAc;IAC9B,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,IAAI,EACV,qBAAqB,GACrB,oBAAoB,GACpB,oBAAoB,GACpB,oBAAoB,GACpB,kBAAkB,GAClB,oBAAoB,CAAC;IACxB,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;CACxB;AAwFD;;;;;;GAMG;AACH,wBAAgB,SAAS,CAAC,IAAI,EAAE,QAAQ,GAAG,oBAAoB,CAoG9D;AAED;;GAEG;AACH,wBAAgB,cAAc,CAC7B,SAAS,EAAE,SAAS,QAAQ,EAAE,GAC5B;IAAE,QAAQ,CAAC,KAAK,EAAE,SAAS,OAAO,EAAE,CAAC;IAAC,QAAQ,CAAC,QAAQ,EAAE,SAAS,cAAc,EAAE,CAAA;CAAE,CAStF"}
|