agent-threat-rules 2.1.3 → 2.1.5

package/dist/converters/sage-reverse.js

@@ -0,0 +1,216 @@
+/**
+ * Sage → ATR Converter (reverse direction)
+ *
+ * Converts a Sage threat rule (from gendigitalinc/sage `threats/*.yaml`) into
+ * an ATR YAML rule suitable for contribution back to the ATR corpus.
+ *
+ * This is the smaller half of the bidirectional bridge. The forward
+ * direction (atrToSage) sees the heavy traffic; this reverse direction
+ * exists so that Sage maintainers who write rules in Sage's format can
+ * contribute them upstream to ATR without manual schema rewriting.
+ *
+ * Lossy spots:
+ * - Sage has no description field; we emit a placeholder description that
+ *   humans must fill in before merging into ATR.
+ * - Sage has no test_cases; we emit a TODO block instructing humans to add
+ *   true_positives + true_negatives (required for ATR PR acceptance).
+ * - Sage has no compliance metadata (eu_ai_act, nist_ai_rmf, etc.); humans
+ *   must add these if the rule maps to a regulatory framework.
+ * - Sage has no references (mitre_atlas, owasp_llm, etc.); humans must add.
+ * - Sage `match_on: command|url|file_path|content|domain` → ATR field name.
+ *   The translation is heuristic since Sage's "command" channel doesn't have
+ *   a perfect ATR equivalent (closest is tool_args at invocation time).
+ *
+ * @module agent-threat-rules/converters/sage-reverse
+ */
+// ── Reverse mappings ───────────────────────────────────────────────────────
+/**
+ * Sage category → ATR category. Inverse of CATEGORY_MAP in sage.ts.
+ * Unknown Sage categories pass through with a warning; humans should review.
+ */
+const CATEGORY_REVERSE_MAP = Object.freeze({
+    prompt_injection: 'prompt-injection',
+    mcp_poisoning: 'tool-poisoning',
+    context_exfiltration: 'context-exfiltration',
+    agent_manipulation: 'agent-manipulation',
+    privilege_escalation: 'privilege-escalation',
+    excessive_autonomy: 'excessive-autonomy',
+    data_poisoning: 'data-poisoning',
+    model_abuse: 'model-abuse',
+    skill_compromise: 'skill-compromise',
+});
+const SEVERITY_REVERSE_MAP = Object.freeze({
+    critical: 'critical',
+    high: 'high',
+    medium: 'medium',
+    low: 'low',
+});
+/**
+ * Sage action → ATR action list. Sage's `block` could mean block_input,
+ * block_output, or block_tool depending on context; default to the most
+ * conservative `block_input + alert` combination.
+ */
+function reverseAction(sage) {
+    switch (sage) {
+        case 'block':
+            return ['block_input', 'alert'];
+        case 'require_approval':
+            return ['escalate', 'alert'];
+        case 'log':
+            return ['alert'];
+    }
+}
+/**
+ * Sage match_on → ATR field name. Sage's "command" is closest to ATR's
+ * tool_args at invocation; "file_path" maps similarly. "domain" has no clean
+ * ATR equivalent (no DNS-tier rules in current ATR corpus).
+ */
+function reverseMatchOn(sageMatchOn) {
+    switch (sageMatchOn) {
+        case 'url':
+            return 'url';
+        case 'command':
+            return 'tool_args';
+        case 'file_path':
+            return 'tool_args';
+        case 'content':
+            return 'content';
+        case 'domain':
+            return 'tool_args';
+    }
+}
+// ── Confidence ─────────────────────────────────────────────────────────────
+/**
+ * Convert Sage's numeric confidence (0.0-1.0) to ATR's `tags.confidence`
+ * string enum (high/medium/low).
+ */
+function sageConfidenceToAtrConfidence(c) {
+    if (c >= 0.85)
+        return 'high';
+    if (c >= 0.6)
+        return 'medium';
+    return 'low';
+}
+// ── Core reverse conversion ────────────────────────────────────────────────
+/**
+ * Generate an ATR id placeholder. Real production use should override this
+ * with a maintainer-assigned final id at PR time.
+ */
+function placeholderAtrId(sageId) {
+    // e.g. CLT-PI-001 → ATR-2026-PI001 (placeholder, human reviews)
+    const idPart = sageId.replace(/^CLT-/, '').replace(/-/g, '');
+    const year = new Date().getFullYear();
+    return `ATR-${year}-${idPart.padStart(5, '0').slice(0, 5)}`;
+}
+/**
+ * Convert a single Sage rule to an ATR rule.
+ *
+ * The output rule has TODO markers in description and test_cases fields
+ * that humans must fill in before merging. See module docstring for lossy
+ * spots that require human enrichment.
+ */
+export function sageToAtr(sage) {
+    const warnings = [];
+    // Category map with warning on unknown
+    const atrCategory = CATEGORY_REVERSE_MAP[sage.category];
+    if (!atrCategory) {
+        warnings.push({
+            sageId: sage.id,
+            kind: 'category_unknown',
+            detail: `Sage category "${sage.category}" not in known reverse map; defaulting to skill-compromise (closest catch-all)`,
+        });
+    }
+    // match_on can be single or array. For ATR, we emit one condition per
+    // match_on field.
+    const matchOnList = Array.isArray(sage.match_on)
+        ? [...sage.match_on]
+        : [sage.match_on];
+    if (matchOnList.length > 1) {
+        warnings.push({
+            sageId: sage.id,
+            kind: 'match_on_ambiguous',
+            detail: `Multi-channel match_on=${matchOnList.join(',')} expanded to ${matchOnList.length} ATR conditions`,
+        });
+    }
+    // Build conditions. If Sage rule has case_insensitive: true, wrap the
+    // regex with (?i) prefix so the ATR rule preserves case-insensitive
+    // semantics when run on an ATR engine.
+    const regexValue = sage.case_insensitive
+        ? sage.pattern.startsWith('(?i)')
+            ? sage.pattern
+            : `(?i)${sage.pattern}`
+        : sage.pattern;
+    const conditions = matchOnList.map((m) => ({
+        field: reverseMatchOn(m),
+        operator: 'regex',
+        value: regexValue,
+        description: `Imported from Sage rule ${sage.id}`,
+    }));
+    warnings.push({
+        sageId: sage.id,
+        kind: 'missing_description',
+        detail: 'Description placeholder used — fill in attack details before merging',
+    });
+    warnings.push({
+        sageId: sage.id,
+        kind: 'missing_test_cases',
+        detail: 'Sage rules ship without test cases — add true_positives + true_negatives before ATR PR',
+    });
+    warnings.push({
+        sageId: sage.id,
+        kind: 'missing_compliance',
+        detail: 'Add compliance.eu_ai_act + nist_ai_rmf + iso_42001 if rule maps to regulatory frameworks',
+    });
+    warnings.push({
+        sageId: sage.id,
+        kind: 'missing_references',
+        detail: 'Add references.mitre_atlas / mitre_attack / owasp_llm / cve where applicable',
+    });
+    const now = new Date();
+    const dateStr = `${now.getUTCFullYear()}/${String(now.getUTCMonth() + 1).padStart(2, '0')}/${String(now.getUTCDate()).padStart(2, '0')}`;
+    const rule = {
+        title: sage.title,
+        id: placeholderAtrId(sage.id),
+        status: 'draft', // require human review before stable
+        description: 'TODO: replace this placeholder. Describe the attack pattern this rule detects, what it does NOT detect, ' +
+            `and any known false-positive surface. Imported from Sage rule ${sage.id} ` +
+            `(${sage.upstream_url ?? 'no upstream url'}).`,
+        author: 'Sage (Gen Digital Inc.)',
+        date: dateStr,
+        schema_version: '0.1',
+        detection_tier: 'pattern',
+        maturity: 'experimental',
+        severity: SEVERITY_REVERSE_MAP[sage.severity],
+        tags: {
+            category: atrCategory ?? 'skill-compromise',
+            confidence: sageConfidenceToAtrConfidence(sage.confidence),
+        },
+        agent_source: {
+            type: 'tool_call',
+        },
+        detection: {
+            conditions,
+            condition: 'any',
+        },
+        response: {
+            actions: reverseAction(sage.action),
+        },
+        // Confidence: ATR's numeric scale is 0-100; multiply Sage's 0-1.
+        confidence: Math.round(sage.confidence * 100),
+    };
+    return { rule, warnings };
+}
+/**
+ * Reverse-convert many Sage rules.
+ */
+export function sageToAtrBatch(sageRules) {
+    const rules = [];
+    const warnings = [];
+    for (const sage of sageRules) {
+        const result = sageToAtr(sage);
+        rules.push(result.rule);
+        warnings.push(...result.warnings);
+    }
+    return { rules, warnings };
+}
+//# sourceMappingURL=sage-reverse.js.map

package/dist/converters/sage-reverse.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sage-reverse.js","sourceRoot":"","sources":["../../src/converters/sage-reverse.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AA4BH,8EAA8E;AAE9E;;;GAGG;AACH,MAAM,oBAAoB,GAA0C,MAAM,CAAC,MAAM,CAAC;IACjF,gBAAgB,EAAE,kBAAkB;IACpC,aAAa,EAAE,gBAAgB;IAC/B,oBAAoB,EAAE,sBAAsB;IAC5C,kBAAkB,EAAE,oBAAoB;IACxC,oBAAoB,EAAE,sBAAsB;IAC5C,kBAAkB,EAAE,oBAAoB;IACxC,cAAc,EAAE,gBAAgB;IAChC,WAAW,EAAE,aAAa;IAC1B,gBAAgB,EAAE,kBAAkB;CACpC,CAAC,CAAC;AAEH,MAAM,oBAAoB,GAAgD,MAAM,CAAC,MAAM,CAAC;IACvF,QAAQ,EAAE,UAAU;IACpB,IAAI,EAAE,MAAM;IACZ,MAAM,EAAE,QAAQ;IAChB,GAAG,EAAE,KAAK;CACV,CAAC,CAAC;AAEH;;;;GAIG;AACH,SAAS,aAAa,CAAC,IAAgB;IACtC,QAAQ,IAAI,EAAE,CAAC;QACd,KAAK,OAAO;YACX,OAAO,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC;QACjC,KAAK,kBAAkB;YACtB,OAAO,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;QAC9B,KAAK,KAAK;YACT,OAAO,CAAC,OAAO,CAAC,CAAC;IACnB,CAAC;AACF,CAAC;AAED;;;;GAIG;AACH,SAAS,cAAc,CAAC,WAAwB;IAC/C,QAAQ,WAAW,EAAE,CAAC;QACrB,KAAK,KAAK;YACT,OAAO,KAAK,CAAC;QACd,KAAK,SAAS;YACb,OAAO,WAAW,CAAC;QACpB,KAAK,WAAW;YACf,OAAO,WAAW,CAAC;QACpB,KAAK,SAAS;YACb,OAAO,SAAS,CAAC;QAClB,KAAK,QAAQ;YACZ,OAAO,WAAW,CAAC;IACrB,CAAC;AACF,CAAC;AAED,8EAA8E;AAE9E;;;GAGG;AACH,SAAS,6BAA6B,CAAC,CAAS;IAC/C,IAAI,CAAC,IAAI,IAAI;QAAE,OAAO,MAAM,CAAC;IAC7B,IAAI,CAAC,IAAI,GAAG;QAAE,OAAO,QAAQ,CAAC;IAC9B,OAAO,KAAK,CAAC;AACd,CAAC;AAED,8EAA8E;AAE9E;;;GAGG;AACH,SAAS,gBAAgB,CAAC,MAAc;IACvC,gEAAgE;IAChE,MAAM,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;IAC7D,MAAM,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IACtC,OAAO,OAAO,IAAI,IAAI,MAAM,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC;AAC7D,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,SAAS,CAAC,IAAc;IACvC,MAAM,QAAQ,GAAqB,EAAE,CAAC;IAEtC,uCAAuC;IACvC,MAAM,WAAW,GAAG,oBAAoB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IACxD,IAAI,CAAC,WAAW,EAAE,CAAC;QAClB,QAAQ,CAAC,IAAI,CAAC;YACb,MAAM,EAAE,IAAI,CAAC,EAAE;YACf,IAAI,EAAE,kBAAkB;YACxB,MAAM,EAAE,kBAAkB,IAAI,CAAC,QAAQ,gFAAgF;SACvH,CAAC,CAAC;IACJ,CAAC;IAED,sEAAsE;IACtE,kBAAkB;IAClB,MAAM,WAAW,GAAkB,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC;QAC9D,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,QAAQ,CAAC;QACpB,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAEnB,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC5B,QAAQ,CAAC,IAAI,CAAC;YACb,MAAM,EAAE,IAAI,CAAC,EAAE;YACf,IAAI,EAAE,oBAAoB;YAC1B,MAAM,EAAE,0BAA0B,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,gBAAgB,WAAW,CAAC,MAAM,iBAAiB;SAC1G,CAAC,CAAC;IACJ,CAAC;IAED,sEAAsE;IACtE,oEAAoE;IACpE,uCAAuC;IACvC,MAAM,UAAU,GAAG,IAAI,CAAC,gBAAgB;QACvC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,MAAM,CAAC;YAChC,CAAC,CAAC,IAAI,CAAC,OAAO;YACd,CAAC,CAAC,OAAO,IAAI,CAAC,OAAO,EAAE;QACxB,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC;IAEhB,MAAM,UAAU,GAAwB,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAC/D,KAAK,EAAE,cAAc,CAAC,CAAC,CAAC;QACxB,QAAQ,EAAE,OAAO;QACjB,KAAK,EAAE,UAAU;QACjB,WAAW,EAAE,2BAA2B,IAAI,CAAC,EAAE,EAAE;KACjD,CAAC,CAAC,CAAC;IAEJ,QAAQ,CAAC,IAAI,CAAC;QACb,MAAM,EAAE,IAAI,CAAC,EAAE;QACf,IAAI,EAAE,qBAAqB;QAC3B,MAAM,EAAE,sEAAsE;KAC9E,CAAC,CAAC;IACH,QAAQ,CAAC,IAAI,CAAC;QACb,MAAM,EAAE,IAAI,CAAC,EAAE;QACf,IAAI,EAAE,oBAAoB;QAC1B,MAAM,EAAE,wFAAwF;KAChG,CAAC,CAAC;IACH,QAAQ,CAAC,IAAI,CAAC;QACb,MAAM,EAAE,IAAI,CAAC,EAAE;QACf,IAAI,EAAE,oBAAoB;QAC1B,MAAM,EAAE,0FAA0F;KAClG,CAAC,CAAC;IACH,QAAQ,CAAC,IAAI,CAAC;QACb,MAAM,EAAE,IAAI,CAAC,EAAE;QACf,IAAI,EAAE,oBAAoB;QAC1B,MAAM,EAAE,8EAA8E;KACtF,CAAC,CAAC;IAEH,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;IACvB,MAAM,OAAO,GAAG,GAAG,GAAG,CAAC,cAAc,EAAE,IAAI,MAAM,CAAC,GAAG,CAAC,WAAW,EAAE,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,GAAG,CAAC,UAAU,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC;IAEzI,MAAM,IAAI,GAAY;QACrB,KAAK,EAAE,IAAI,CAAC,KAAK;QACjB,EAAE,EAAE,gBAAgB,CAAC,IAAI,CAAC,EAAE,CAAC;QAC7B,MAAM,EAAE,OAAO,EAAE,qCAAqC;QACtD,WAAW,EACV,0GAA0G;YAC1G,iEAAiE,IAAI,CAAC,EAAE,GAAG;YAC3E,IAAI,IAAI,CAAC,YAAY,IAAI,iBAAiB,IAAI;QAC/C,MAAM,EAAE,yBAAyB;QACjC,IAAI,EAAE,OAAO;QACb,cAAc,EAAE,KAAK;QACrB,cAAc,EAAE,SAAS;QACzB,QAAQ,EAAE,cAAc;QACxB,QAAQ,EAAE,oBAAoB,CAAC,IAAI,CAAC,QAAQ,CAAC;QAC7C,IAAI,EAAE;YACL,QAAQ,EAAE,WAAW,IAAI,kBAAkB;YAC3C,UAAU,EAAE,6BAA6B,CAAC,IAAI,CAAC,UAAU,CAAC;SAC1D;QACD,YAAY,EAAE;YACb,IAAI,EAAE,WAAW;SACjB;QACD,SAAS,EAAE;YACV,UAAU;YACV,SAAS,EAAE,KAAK;SAChB;QACD,QAAQ,EAAE;YACT,OAAO,EAAE,aAAa,CAAC,IAAI,CAAC,MAAM,CAAC;SACnC;QACD,iEAAiE;QACjE,UAAU,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,UAAU,GAAG,GAAG,CAAC;KAC7C,CAAC;IAEF,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;AAC3B,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,cAAc,CAC7B,SAA8B;IAE9B,MAAM,KAAK,GAAc,EAAE,CAAC;IAC5B,MAAM,QAAQ,GAAqB,EAAE,CAAC;IACtC,KAAK,MAAM,IAAI,IAAI,SAAS,EAAE,CAAC;QAC9B,MAAM,MAAM,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC;QAC/B,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QACxB,QAAQ,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,QAAQ,CAAC,CAAC;IACnC,CAAC;IACD,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC;AAC5B,CAAC"}

package/dist/converters/sage.d.ts

@@ -0,0 +1,123 @@
+/**
+ * ATR → Sage (gendigitalinc/sage) Converter
+ *
+ * Converts ATR YAML rules into Sage's threat rule schema, suitable for
+ * Sage's `threats/agent-layer.yaml`. Sage uses a single-pattern-per-rule
+ * schema with `match_on` controlling the artifact channel; ATR uses
+ * multi-condition rules with `field`-targeted regexes.
+ *
+ * Conversion strategy (per research memo):
+ * - One ATR rule → one or more Sage rules, grouped by `field` target.
+ *   Conditions on the same field combine via regex alternation.
+ * - ATR `field` values (user_input, agent_output, content, tool_response,
+ *   tool_args, tool_name, tool_description) collapse to Sage `match_on:
+ *   content`. Sage's other channels (command, url, file_path, domain) are
+ *   command-time matchers and do not have ATR equivalents in the current
+ *   corpus.
+ * - ATR `response.actions` (10 values) collapse to Sage `action` (3
+ *   values: block / require_approval / log) by strongest-wins semantics.
+ * - ATR `(?i)` inline flag (PCRE) is extracted into Sage's rule-level
+ *   `case_insensitive: true` because the Sage runtime regex compiler is
+ *   JavaScript and does not support inline flag groups.
+ * - ATR `detection_tier: semantic` rules are SKIPPED — they require LLM
+ *   evaluation, not deterministic regex.
+ * - License: ATR rules are MIT; Sage's `threats/*.yaml` are DRL 1.1. Per-rule
+ *   comment in the output preserves upstream attribution per both licenses.
+ *
+ * Used by: scripts/sync-with-atr.ts (Sage maintainers can run this script
+ * to regenerate threats/agent-layer.yaml from a pinned ATR version), and
+ * by any downstream tool that consumes ATR but wants Sage-flavoured output.
+ *
+ * @module agent-threat-rules/converters/sage
+ */
+import type { ATRRule } from '../types.js';
+export type SageSeverity = 'critical' | 'high' | 'medium' | 'low';
+export type SageAction = 'block' | 'require_approval' | 'log';
+export type SageMatchOn = 'command' | 'url' | 'file_path' | 'content' | 'domain';
+export interface SageRule {
+    readonly id: string;
+    readonly category: string;
+    readonly severity: SageSeverity;
+    readonly confidence: number;
+    readonly action: SageAction;
+    readonly pattern: string;
+    readonly match_on: SageMatchOn | readonly SageMatchOn[];
+    readonly title: string;
+    readonly expires_at: string | null;
+    readonly revoked: boolean;
+    readonly case_insensitive?: boolean;
+    /** Non-standard provenance fields preserved per the Sage loader's permissive parsing. */
+    readonly upstream?: string;
+    readonly upstream_url?: string;
+    readonly upstream_license?: string;
+    /** 1-2 sentence attack-scenario summary derived from ATR `description`, emitted as a `# Detects:` comment in YAML output. */
+    readonly detects?: string;
+}
+export interface ConversionWarning {
+    readonly ruleId: string;
+    readonly kind: 'semantic_tier_skipped' | 'unsupported_action_dropped' | 'regex_compat_issue' | 'split_by_length' | 'condition_without_field' | 'no_convertible_conditions' | 'deprecated_skipped' | 'draft_marked_revoked';
+    readonly detail: string;
+}
+export interface ConvertResult {
+    readonly rules: readonly SageRule[];
+    readonly warnings: readonly ConversionWarning[];
+}
+/**
+ * Generate a Sage rule id matching Sage's existing 3-digit-suffix convention.
+ * Format: CLT-<PREFIX>-<NNN> where PREFIX is the 2-3 letter category code.
+ *
+ * The id is generated sequentially by an IdAllocator passed in by the caller,
+ * NOT derived from the ATR id. This matches Sage's convention (CLT-PI-001,
+ * CLT-MCP-001, etc.) instead of producing weird-looking ids like CLT-PRV-0441.
+ *
+ * The ATR provenance survives in the `# Upstream: ATR-2026-NNNNN` comment.
+ */
+export declare class SageIdAllocator {
+    private counters;
+    /**
+     * Construct with optional starting offsets per category. Pass
+     * `{prompt_injection: 8}` to start prompt_injection ids at 008 (after
+     * Sage's existing CLT-PI-001..007, for example).
+     */
+    constructor(startingOffsets?: Readonly<Record<string, number>>);
+    next(sageCategory: string, channelDisambiguator: string | null): string;
+}
+/**
+ * Convert a single ATR rule to one or more Sage rules.
+ *
+ * Returns one Sage rule per unique `field` target in the ATR rule's detection
+ * conditions. Most ATR rules in the current corpus target a single field
+ * (user_input or tool_response or content), producing 1 Sage rule each.
+ *
+ * Lossy spots (documented in the bridge research memo):
+ * - Multi-condition rules with mixed case-sensitivity → whole rule becomes
+ *   case-insensitive
+ * - `condition: all` semantics → ignored; alternation always treats as OR
+ * - `response.actions` reduced to strongest single action
+ * - All compliance/metadata fields (eu_ai_act, mitre_atlas, references, etc.)
+ *   are dropped (not in Sage schema). They survive in the upstream_url link.
+ */
+export declare function atrToSage(atr: ATRRule, idAllocator?: SageIdAllocator): ConvertResult;
+/**
+ * Convert many ATR rules to Sage rules. Aggregates warnings and uses a shared
+ * id allocator so that the resulting Sage rules have sequential 3-digit ids
+ * (CLT-PRV-001, CLT-PRV-002, ...) within each category, matching Sage's
+ * existing convention.
+ *
+ * @param atrRules the ATR rules to convert
+ * @param startingOffsets optional starting offsets per Sage category — pass
+ *   `{prompt_injection: 7}` if Sage's existing rules already use CLT-PI-001
+ *   through CLT-PI-007 so the new rules start at CLT-PI-008.
+ */
+export declare function atrToSageBatch(atrRules: readonly ATRRule[], startingOffsets?: Readonly<Record<string, number>>): ConvertResult;
+/**
+ * Serialize a list of Sage rules to a YAML string suitable for inclusion in
+ * `threats/agent-layer.yaml`. The output matches the style used in Sage's
+ * existing agent-layer.yaml (no list indentation, double-quoted ids,
+ * single-line regex pattern, upstream comment after each rule).
+ *
+ * Caller is responsible for prepending file-level comments (license,
+ * generation timestamp, upstream version) before this output.
+ */
+export declare function sageRulesToYaml(rules: readonly SageRule[]): string;
+//# sourceMappingURL=sage.d.ts.map

package/dist/converters/sage.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sage.d.ts","sourceRoot":"","sources":["../../src/converters/sage.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+BG;AAEH,OAAO,KAAK,EACX,OAAO,EAIP,MAAM,aAAa,CAAC;AAIrB,MAAM,MAAM,YAAY,GAAG,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;AAClE,MAAM,MAAM,UAAU,GAAG,OAAO,GAAG,kBAAkB,GAAG,KAAK,CAAC;AAC9D,MAAM,MAAM,WAAW,GAAG,SAAS,GAAG,KAAK,GAAG,WAAW,GAAG,SAAS,GAAG,QAAQ,CAAC;AAEjF,MAAM,WAAW,QAAQ;IACxB,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,QAAQ,EAAE,YAAY,CAAC;IAChC,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,MAAM,EAAE,UAAU,CAAC;IAC5B,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,QAAQ,EAAE,WAAW,GAAG,SAAS,WAAW,EAAE,CAAC;IACxD,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IACnC,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC;IAC1B,QAAQ,CAAC,gBAAgB,CAAC,EAAE,OAAO,CAAC;IACpC,yFAAyF;IACzF,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,CAAC;IAC/B,QAAQ,CAAC,gBAAgB,CAAC,EAAE,MAAM,CAAC;IACnC,6HAA6H;IAC7H,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC;CAC1B;AAED,MAAM,WAAW,iBAAiB;IACjC,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,IAAI,EACV,uBAAuB,GACvB,4BAA4B,GAC5B,oBAAoB,GACpB,iBAAiB,GACjB,yBAAyB,GACzB,2BAA2B,GAC3B,oBAAoB,GACpB,sBAAsB,CAAC;IAC1B,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;CACxB;AAED,MAAM,WAAW,aAAa;IAC7B,QAAQ,CAAC,KAAK,EAAE,SAAS,QAAQ,EAAE,CAAC;IACpC,QAAQ,CAAC,QAAQ,EAAE,SAAS,iBAAiB,EAAE,CAAC;CAChD;AAmOD;;;;;;;;;GASG;AACH,qBAAa,eAAe;IAC3B,OAAO,CAAC,QAAQ,CAA6B;IAE7C;;;;OAIG;gBACS,eAAe,GAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAM;IAMlE,IAAI,CAAC,YAAY,EAAE,MAAM,EAAE,oBAAoB,EAAE,MAAM,GAAG,IAAI,GAAG,MAAM;CAQvE;AAkLD;;;;;;;;;;;;;;GAcG;AACH,wBAAgB,SAAS,CACxB,GAAG,EAAE,OAAO,EACZ,WAAW,GAAE,eAAuC,GAClD,aAAa,CAuHf;AAuGD;;;;;;;;;;GAUG;AACH,wBAAgB,cAAc,CAC7B,QAAQ,EAAE,SAAS,OAAO,EAAE,EAC5B,eAAe,GAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAM,GACpD,aAAa,CAUf;AAID;;;;;;;;GAQG;AACH,wBAAgB,eAAe,CAAC,KAAK,EAAE,SAAS,QAAQ,EAAE,GAAG,MAAM,CAElE"}