npm - agentseal - Versions diffs - 0.6.1 → 0.8.1 - Mend

agentseal 0.6.1 → 0.8.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

package/dist/agentseal.js +2954 -2367
package/dist/chunk-23GC7G5P.js +635 -0
package/dist/chunk-ZLRN7Q7C.js +27 -0
package/dist/index.cjs +131 -2
package/dist/index.cjs.map +1 -1
package/dist/index.d.cts +40 -1
package/dist/index.d.ts +40 -1
package/dist/index.js +121 -4
package/dist/index.js.map +1 -1
package/dist/llm-judge-T6LDAZRQ.js +241 -0
package/dist/machine-discovery-XIJE7CFD.js +22 -0
package/package.json +1 -1

package/dist/index.cjs CHANGED Viewed

@@ -3129,6 +3129,7 @@ var AgentValidator = class _AgentValidator {
   onProgress;
   adaptive;
   embed;
+  customProbes;
   constructor(options) {
     this.agentFn = options.agentFn;
     this.groundTruth = options.groundTruthPrompt;
@@ -3139,6 +3140,7 @@ var AgentValidator = class _AgentValidator {
     this.onProgress = options.onProgress;
     this.adaptive = options.adaptive ?? false;
     this.embed = options.semantic?.embed;
+    this.customProbes = options.probes;
   }
   // ── Factory methods ──────────────────────────────────────────────
   static fromOpenAI(client, opts) {
@@ -3170,8 +3172,8 @@ var AgentValidator = class _AgentValidator {
     const scanId = crypto.randomUUID().replace(/-/g, "").slice(0, 12);
     const startTime = performance.now();
     const allResults = [];
-    const extractionProbes = buildExtractionProbes();
-    const injectionProbes = buildInjectionProbes();
+    const extractionProbes = this.customProbes ? this.customProbes.filter((p) => !p.canary) : buildExtractionProbes();
+    const injectionProbes = this.customProbes ? this.customProbes.filter((p) => !!p.canary) : buildInjectionProbes();
     const sem = semaphore(this.concurrency);
     const icon = { blocked: "\u2713", leaked: "\u2717", partial: "\u25D0", error: "\u26A0" };
     let extDone = 0;
@@ -7760,6 +7762,121 @@ var Shield = class {
     this._watchers = [];
   }
 };
+var CONFIG_DIR = path.join(os.homedir(), ".agentseal");
+var DEFAULT_CONFIG_PATH = path.join(CONFIG_DIR, "config.json");
+var CONFIG_KEYS = [
+  "model",
+  "api-key",
+  "ollama-url",
+  "litellm-url",
+  "dashboard-url",
+  "dashboard-key"
+];
+function loadConfig(path = DEFAULT_CONFIG_PATH) {
+  if (!fs.existsSync(path)) return {};
+  return JSON.parse(fs.readFileSync(path, "utf-8"));
+}
+function saveConfigKey(key, value, path$1 = DEFAULT_CONFIG_PATH) {
+  const dir = path.dirname(path$1);
+  if (!fs.existsSync(dir)) fs.mkdirSync(dir, { recursive: true, mode: 448 });
+  const cfg = loadConfig(path$1);
+  cfg[key] = value;
+  fs.writeFileSync(path$1, JSON.stringify(cfg, null, 2), { mode: 384 });
+  fs.chmodSync(path$1, 384);
+}
+function removeConfigKey(key, path = DEFAULT_CONFIG_PATH) {
+  const cfg = loadConfig(path);
+  delete cfg[key];
+  fs.writeFileSync(path, JSON.stringify(cfg, null, 2), { mode: 384 });
+  fs.chmodSync(path, 384);
+}
+function showConfig(path = DEFAULT_CONFIG_PATH) {
+  const cfg = loadConfig(path);
+  if (Object.keys(cfg).length === 0) return "No configuration set.";
+  return Object.entries(cfg).map(([k, v]) => {
+    const display = k.includes("key") ? v.slice(0, 8) + "..." : v;
+    return `  ${k}: ${display}`;
+  }).join("\n");
+}
+var CONFIG_DIR2 = path.join(os.homedir(), ".agentseal");
+function saveCredentials(apiUrl, apiKey, path) {
+  saveConfigKey("dashboard-url", apiUrl, path ?? DEFAULT_CONFIG_PATH);
+  saveConfigKey("dashboard-key", apiKey, path ?? DEFAULT_CONFIG_PATH);
+}
+function loadCredentials(path) {
+  const cfg = loadConfig(path ?? DEFAULT_CONFIG_PATH);
+  if (!cfg["dashboard-url"] || !cfg["dashboard-key"]) return null;
+  return { apiUrl: cfg["dashboard-url"], apiKey: cfg["dashboard-key"] };
+}
+function saveLicense(key, path$1 = path.join(CONFIG_DIR2, "license.json")) {
+  const dir = path.dirname(path$1);
+  if (!fs.existsSync(dir)) fs.mkdirSync(dir, { recursive: true, mode: 448 });
+  fs.writeFileSync(path$1, JSON.stringify({ key, activated: (/* @__PURE__ */ new Date()).toISOString() }, null, 2), { mode: 384 });
+  fs.chmodSync(path$1, 384);
+}
+function loadLicense(path$1 = path.join(CONFIG_DIR2, "license.json")) {
+  if (!fs.existsSync(path$1)) return null;
+  const data = JSON.parse(fs.readFileSync(path$1, "utf-8"));
+  return data.key ?? null;
+}
+// src/watch.ts
+var DEFAULT_CANARY_IDS = [
+  "ext_direct_1",
+  "ext_roleplay_1",
+  "inj_override_1",
+  "inj_delim_1",
+  "inj_indirect_1"
+];
+function selectCanaryProbes(csv) {
+  const allProbes = [...buildExtractionProbes(), ...buildInjectionProbes()];
+  if (csv) {
+    const ids = csv.split(",").map((s) => s.trim());
+    return allProbes.filter((p) => ids.includes(p.probe_id));
+  }
+  return allProbes.filter((p) => DEFAULT_CANARY_IDS.includes(p.probe_id));
+}
+function checkRegression(currentScore, baselineScore, threshold = 5) {
+  if (baselineScore === null) return { score: currentScore, baseline: null, regression: false, delta: 0 };
+  const delta = baselineScore - currentScore;
+  return { score: currentScore, baseline: baselineScore, regression: delta > threshold, delta };
+}
+// src/scan-mcp-cli.ts
+function renderMCPResults(results, verbose) {
+  const R = "\x1B[0m";
+  const B = "\x1B[1m";
+  const C = "\x1B[36m";
+  const G = "\x1B[32m";
+  const Y = "\x1B[33m";
+  const RED = "\x1B[31m";
+  const D = "\x1B[90m";
+  console.log(`
+  ${C}${B}MCP Server Scan Results${R}
+`);
+  for (const r of results) {
+    const color = r.verdict === "safe" ? G : r.verdict === "warning" ? Y : RED;
+    const score = r.trust_score !== void 0 ? ` (${r.trust_score}/100)` : "";
+    console.log(`  ${color}${r.verdict.toUpperCase()}${R} ${r.server_name}${score} \u2014 ${r.tools_count} tools`);
+    if (verbose || r.verdict !== "safe") {
+      for (const f of r.findings) {
+        const sevColor = f.severity === "critical" || f.severity === "high" ? RED : f.severity === "medium" ? Y : D;
+        console.log(`    ${sevColor}${f.severity}${R} ${f.code}: ${f.title}`);
+      }
+    }
+  }
+  const dangers = results.filter((r) => r.verdict === "danger").length;
+  const warnings = results.filter((r) => r.verdict === "warning").length;
+  const safe = results.filter((r) => r.verdict === "safe").length;
+  console.log(`
+  ${D}${"\u2500".repeat(50)}${R}`);
+  const parts = [];
+  if (dangers > 0) parts.push(`${RED}${B}${dangers} DANGER${R}`);
+  if (warnings > 0) parts.push(`${Y}${B}${warnings} WARNING${R}`);
+  parts.push(`${G}${B}${safe} SAFE${R}`);
+  console.log(`  ${parts.join("  ")}`);
+  console.log();
+}
 exports.AgentSealError = AgentSealError;
 exports.AgentValidator = AgentValidator;
@@ -7769,6 +7886,7 @@ exports.BOUNDARY_WEIGHT = BOUNDARY_WEIGHT;
 exports.BaselineStore = BaselineStore;
 exports.Blocklist = Blocklist;
 exports.COMMON_WORDS = COMMON_WORDS;
+exports.CONFIG_KEYS = CONFIG_KEYS;
 exports.CONSISTENCY_WEIGHT = CONSISTENCY_WEIGHT;
 exports.DANGER_CONCEPTS = DANGER_CONCEPTS;
 exports.DATA_EXTRACTION_WEIGHT = DATA_EXTRACTION_WEIGHT;
@@ -7815,6 +7933,7 @@ exports.buildInjectionProbes = buildInjectionProbes;
 exports.buildProbe = buildProbe;
 exports.bulkCheck = bulkCheck;
 exports.caseScramble = caseScramble;
+exports.checkRegression = checkRegression;
 exports.classifyPath = classifyPath;
 exports.classifyServer = classifyServer;
 exports.collectWatchPaths = collectWatchPaths;
@@ -7863,8 +7982,11 @@ exports.leetspeak = leetspeak;
 exports.listProfiles = listProfiles;
 exports.listQuarantine = listQuarantine;
 exports.loadAllCustomProbes = loadAllCustomProbes;
+exports.loadConfig = loadConfig;
+exports.loadCredentials = loadCredentials;
 exports.loadCustomProbes = loadCustomProbes;
 exports.loadGuardReport = loadGuardReport;
+exports.loadLicense = loadLicense;
 exports.loadProjectConfig = loadProjectConfig;
 exports.loadScanReport = loadScanReport;
 exports.normalizeSkillPath = normalizeSkillPath;
@@ -7873,21 +7995,28 @@ exports.parseProbeFile = parseProbeFile;
 exports.parseResponse = parseResponse;
 exports.prefixPadding = prefixPadding;
 exports.quarantineSkill = quarantineSkill;
+exports.removeConfigKey = removeConfigKey;
+exports.renderMCPResults = renderMCPResults;
 exports.resolveProfile = resolveProfile;
 exports.resolveProjectConfig = resolveProjectConfig;
 exports.restoreSkill = restoreSkill;
 exports.reverseEmbed = reverseEmbed;
 exports.rot13Wrap = rot13Wrap;
 exports.runGuardInit = runGuardInit;
+exports.saveConfigKey = saveConfigKey;
+exports.saveCredentials = saveCredentials;
+exports.saveLicense = saveLicense;
 exports.saveReport = saveReport;
 exports.scanDirectory = scanDirectory;
 exports.scanMachine = scanMachine;
 exports.scanSkillFile = scanSkillFile;
+exports.selectCanaryProbes = selectCanaryProbes;
 exports.sha256 = sha256;
 exports.shannonEntropy = shannonEntropy;
 exports.shouldFail = shouldFail;
 exports.shouldIgnoreFinding = shouldIgnoreFinding;
 exports.shouldIgnorePath = shouldIgnorePath;
+exports.showConfig = showConfig;
 exports.slugify = slugify;
 exports.stripBidiControls = stripBidiControls;
 exports.stripHtmlComments = stripHtmlComments;