agentseal 0.6.1 → 0.8.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/agentseal.js +2954 -2367
- package/dist/chunk-23GC7G5P.js +635 -0
- package/dist/chunk-ZLRN7Q7C.js +27 -0
- package/dist/index.cjs +131 -2
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +40 -1
- package/dist/index.d.ts +40 -1
- package/dist/index.js +121 -4
- package/dist/index.js.map +1 -1
- package/dist/llm-judge-T6LDAZRQ.js +241 -0
- package/dist/machine-discovery-XIJE7CFD.js +22 -0
- package/package.json +1 -1
package/dist/index.d.cts
CHANGED
|
@@ -122,6 +122,7 @@ interface ValidatorOptions {
|
|
|
122
122
|
semantic?: {
|
|
123
123
|
embed: EmbedFn;
|
|
124
124
|
};
|
|
125
|
+
probes?: Probe[];
|
|
125
126
|
}
|
|
126
127
|
|
|
127
128
|
declare class AgentSealError extends Error {
|
|
@@ -235,6 +236,7 @@ declare class AgentValidator {
|
|
|
235
236
|
private onProgress;
|
|
236
237
|
private adaptive;
|
|
237
238
|
private embed;
|
|
239
|
+
private customProbes;
|
|
238
240
|
constructor(options: ValidatorOptions);
|
|
239
241
|
static fromOpenAI(client: Parameters<typeof fromOpenAI>[0], opts: Parameters<typeof fromOpenAI>[1] & Omit<ValidatorOptions, "agentFn">): AgentValidator;
|
|
240
242
|
static fromAnthropic(client: Parameters<typeof fromAnthropic>[0], opts: Parameters<typeof fromAnthropic>[1] & Omit<ValidatorOptions, "agentFn">): AgentValidator;
|
|
@@ -1337,4 +1339,41 @@ declare class Shield {
|
|
|
1337
1339
|
stop(): void;
|
|
1338
1340
|
}
|
|
1339
1341
|
|
|
1340
|
-
|
|
1342
|
+
declare const CONFIG_KEYS: readonly ["model", "api-key", "ollama-url", "litellm-url", "dashboard-url", "dashboard-key"];
|
|
1343
|
+
declare function loadConfig(path?: string): Record<string, string>;
|
|
1344
|
+
declare function saveConfigKey(key: string, value: string, path?: string): void;
|
|
1345
|
+
declare function removeConfigKey(key: string, path?: string): void;
|
|
1346
|
+
declare function showConfig(path?: string): string;
|
|
1347
|
+
|
|
1348
|
+
interface Credentials {
|
|
1349
|
+
apiUrl: string;
|
|
1350
|
+
apiKey: string;
|
|
1351
|
+
}
|
|
1352
|
+
declare function saveCredentials(apiUrl: string, apiKey: string, path?: string): void;
|
|
1353
|
+
declare function loadCredentials(path?: string): Credentials | null;
|
|
1354
|
+
declare function saveLicense(key: string, path?: string): void;
|
|
1355
|
+
declare function loadLicense(path?: string): string | null;
|
|
1356
|
+
|
|
1357
|
+
declare function selectCanaryProbes(csv?: string): Array<Record<string, any>>;
|
|
1358
|
+
declare function checkRegression(currentScore: number, baselineScore: number | null, threshold?: number): {
|
|
1359
|
+
score: number;
|
|
1360
|
+
baseline: number | null;
|
|
1361
|
+
regression: boolean;
|
|
1362
|
+
delta: number;
|
|
1363
|
+
};
|
|
1364
|
+
|
|
1365
|
+
interface MCPScanResult {
|
|
1366
|
+
server_name: string;
|
|
1367
|
+
verdict: string;
|
|
1368
|
+
findings: Array<{
|
|
1369
|
+
code: string;
|
|
1370
|
+
severity: string;
|
|
1371
|
+
title: string;
|
|
1372
|
+
detail?: string;
|
|
1373
|
+
}>;
|
|
1374
|
+
trust_score?: number;
|
|
1375
|
+
tools_count: number;
|
|
1376
|
+
}
|
|
1377
|
+
declare function renderMCPResults(results: MCPScanResult[], verbose: boolean): void;
|
|
1378
|
+
|
|
1379
|
+
export { type AffectedProbe, type AgentConfigResult, AgentSealError, AgentValidator, type AttackChain, BACKUPS_DIR, BOUNDARY_CATEGORIES, BOUNDARY_WEIGHT, type BaselineChange, type BaselineChangeResult, type BaselineEntry, BaselineStore, Blocklist, COMMON_WORDS, CONFIG_KEYS, CONSISTENCY_WEIGHT, type ChainStep, type ChatFn, type CompareResult, type CustomFinding, DANGER_CONCEPTS, DATA_EXTRACTION_WEIGHT, DebouncedHandler, type DefenseProfile, type DeltaEntry, DeltaResult, type DiscoveryResult, EXTRACTION_WEIGHT, type EmbedFn, type FixResult, Guard, type GuardOptions, type GuardProgressFn, type GuardReport, GuardVerdict, HistoryStore, INJECTION_WEIGHT, type IgnoreFindingEntry, KNOWN_SERVER_LABELS, LABEL_DESTRUCTIVE, LABEL_PRIVATE, LABEL_PUBLIC_SINK, LABEL_UNTRUSTED, LLMJudge, type LLMJudgeFinding, type LLMJudgeOptions, type LLMJudgeResult, MAX_CONTENT_BYTES, MCPConfigChecker, type MCPFinding, type MCPRuntimeFinding, type MCPRuntimeResult, type MCPServerResult, Notifier, PROFILES, PROJECT_MCP_CONFIGS, PROJECT_SKILL_DIRS, PROJECT_SKILL_FILES, type Probe, type ProbeResult, ProbeTimeoutError, type ProfileConfig, type ProgressFn, type ProjectConfig, ProviderError, QUARANTINE_DIR, type QuarantineEntry, REFUSAL_PHRASES, REPORTS_DIR, type RemediationItem, type RemediationReport, type Rule, RuleEngine, type RuleTest, type RuleTestResult, SEMANTIC_HIGH_THRESHOLD, SEMANTIC_MODERATE_THRESHOLD, SEVERITY_ORDER, SYSTEM_PROMPT, type ScanReport, type ScoreBreakdown, Severity, Shield, type ShieldCallback, type ShieldOptions, type SkillFinding, type SkillResult, SkillScanner, TRANSFORMS, type ToxicFlowResult, TrustLevel, type UnlistedFinding, ValidationError, type ValidatorOptions, Verdict, allActions, analyzeToxicFlows, applyProfile, base64Wrap, buildExtractionProbes, buildInjectionProbes, buildProbe, bulkCheck, caseScramble, checkRegression, classifyPath, classifyServer, collectWatchPaths, compareReports, computeDelta, computeScores, computeSemanticSimilarity, computeVerdict, customFindingFromDict, customFindingToDict, decodeBase64Blocks, decodeHtmlEntities, deltaEntryToDict, deobfuscate, detectCanary, detectChains, detectExtraction, detectExtractionWithSemantic, detectProvider, enrichMcpResults, expandStringConcat, extractPackageSlug, extractSkillName, extractUniquePhrases, fingerprintDefense, fnmatchCase, fromAnthropic, fromEndpoint, fromLangChain, fromOllama, fromOpenAI, fromVercelAI, fuseVerdicts, generateCanary, generateConfigYaml, generateMutations, generateRemediation, generateUnlistedFindings, getFixableSkills, getWellKnownConfigs, guardReportFromDict, hasCritical, hasInvisibleChars, isRefusal, leetspeak, listProfiles, listQuarantine, loadAllCustomProbes, loadConfig, loadCredentials, loadCustomProbes, loadGuardReport, loadLicense, loadProjectConfig, loadScanReport, normalizeSkillPath, normalizeUnicode, parseProbeFile, parseResponse, prefixPadding, quarantineSkill, removeConfigKey, renderMCPResults, resolveProfile, resolveProjectConfig, restoreSkill, reverseEmbed, rot13Wrap, runGuardInit, saveConfigKey, saveCredentials, saveLicense, saveReport, scanDirectory, scanMachine, scanSkillFile, selectCanaryProbes, sha256, shannonEntropy, shouldFail, shouldIgnoreFinding, shouldIgnorePath, showConfig, slugify, stripBidiControls, stripHtmlComments, stripJsonComments, stripModelPrefix, stripTagChars, stripVariationSelectors, stripZeroWidth, topMCPFinding, topSkillFinding, totalDangers, totalSafe, totalWarnings, truncateContent, trustLevelFromScore, unescapeSequences, unicodeHomoglyphs, unlistedFindingToDict, validateProbe, verdictFromFindings, verdictScore, zeroWidthInject };
|
package/dist/index.d.ts
CHANGED
|
@@ -122,6 +122,7 @@ interface ValidatorOptions {
|
|
|
122
122
|
semantic?: {
|
|
123
123
|
embed: EmbedFn;
|
|
124
124
|
};
|
|
125
|
+
probes?: Probe[];
|
|
125
126
|
}
|
|
126
127
|
|
|
127
128
|
declare class AgentSealError extends Error {
|
|
@@ -235,6 +236,7 @@ declare class AgentValidator {
|
|
|
235
236
|
private onProgress;
|
|
236
237
|
private adaptive;
|
|
237
238
|
private embed;
|
|
239
|
+
private customProbes;
|
|
238
240
|
constructor(options: ValidatorOptions);
|
|
239
241
|
static fromOpenAI(client: Parameters<typeof fromOpenAI>[0], opts: Parameters<typeof fromOpenAI>[1] & Omit<ValidatorOptions, "agentFn">): AgentValidator;
|
|
240
242
|
static fromAnthropic(client: Parameters<typeof fromAnthropic>[0], opts: Parameters<typeof fromAnthropic>[1] & Omit<ValidatorOptions, "agentFn">): AgentValidator;
|
|
@@ -1337,4 +1339,41 @@ declare class Shield {
|
|
|
1337
1339
|
stop(): void;
|
|
1338
1340
|
}
|
|
1339
1341
|
|
|
1340
|
-
|
|
1342
|
+
declare const CONFIG_KEYS: readonly ["model", "api-key", "ollama-url", "litellm-url", "dashboard-url", "dashboard-key"];
|
|
1343
|
+
declare function loadConfig(path?: string): Record<string, string>;
|
|
1344
|
+
declare function saveConfigKey(key: string, value: string, path?: string): void;
|
|
1345
|
+
declare function removeConfigKey(key: string, path?: string): void;
|
|
1346
|
+
declare function showConfig(path?: string): string;
|
|
1347
|
+
|
|
1348
|
+
interface Credentials {
|
|
1349
|
+
apiUrl: string;
|
|
1350
|
+
apiKey: string;
|
|
1351
|
+
}
|
|
1352
|
+
declare function saveCredentials(apiUrl: string, apiKey: string, path?: string): void;
|
|
1353
|
+
declare function loadCredentials(path?: string): Credentials | null;
|
|
1354
|
+
declare function saveLicense(key: string, path?: string): void;
|
|
1355
|
+
declare function loadLicense(path?: string): string | null;
|
|
1356
|
+
|
|
1357
|
+
declare function selectCanaryProbes(csv?: string): Array<Record<string, any>>;
|
|
1358
|
+
declare function checkRegression(currentScore: number, baselineScore: number | null, threshold?: number): {
|
|
1359
|
+
score: number;
|
|
1360
|
+
baseline: number | null;
|
|
1361
|
+
regression: boolean;
|
|
1362
|
+
delta: number;
|
|
1363
|
+
};
|
|
1364
|
+
|
|
1365
|
+
interface MCPScanResult {
|
|
1366
|
+
server_name: string;
|
|
1367
|
+
verdict: string;
|
|
1368
|
+
findings: Array<{
|
|
1369
|
+
code: string;
|
|
1370
|
+
severity: string;
|
|
1371
|
+
title: string;
|
|
1372
|
+
detail?: string;
|
|
1373
|
+
}>;
|
|
1374
|
+
trust_score?: number;
|
|
1375
|
+
tools_count: number;
|
|
1376
|
+
}
|
|
1377
|
+
declare function renderMCPResults(results: MCPScanResult[], verbose: boolean): void;
|
|
1378
|
+
|
|
1379
|
+
export { type AffectedProbe, type AgentConfigResult, AgentSealError, AgentValidator, type AttackChain, BACKUPS_DIR, BOUNDARY_CATEGORIES, BOUNDARY_WEIGHT, type BaselineChange, type BaselineChangeResult, type BaselineEntry, BaselineStore, Blocklist, COMMON_WORDS, CONFIG_KEYS, CONSISTENCY_WEIGHT, type ChainStep, type ChatFn, type CompareResult, type CustomFinding, DANGER_CONCEPTS, DATA_EXTRACTION_WEIGHT, DebouncedHandler, type DefenseProfile, type DeltaEntry, DeltaResult, type DiscoveryResult, EXTRACTION_WEIGHT, type EmbedFn, type FixResult, Guard, type GuardOptions, type GuardProgressFn, type GuardReport, GuardVerdict, HistoryStore, INJECTION_WEIGHT, type IgnoreFindingEntry, KNOWN_SERVER_LABELS, LABEL_DESTRUCTIVE, LABEL_PRIVATE, LABEL_PUBLIC_SINK, LABEL_UNTRUSTED, LLMJudge, type LLMJudgeFinding, type LLMJudgeOptions, type LLMJudgeResult, MAX_CONTENT_BYTES, MCPConfigChecker, type MCPFinding, type MCPRuntimeFinding, type MCPRuntimeResult, type MCPServerResult, Notifier, PROFILES, PROJECT_MCP_CONFIGS, PROJECT_SKILL_DIRS, PROJECT_SKILL_FILES, type Probe, type ProbeResult, ProbeTimeoutError, type ProfileConfig, type ProgressFn, type ProjectConfig, ProviderError, QUARANTINE_DIR, type QuarantineEntry, REFUSAL_PHRASES, REPORTS_DIR, type RemediationItem, type RemediationReport, type Rule, RuleEngine, type RuleTest, type RuleTestResult, SEMANTIC_HIGH_THRESHOLD, SEMANTIC_MODERATE_THRESHOLD, SEVERITY_ORDER, SYSTEM_PROMPT, type ScanReport, type ScoreBreakdown, Severity, Shield, type ShieldCallback, type ShieldOptions, type SkillFinding, type SkillResult, SkillScanner, TRANSFORMS, type ToxicFlowResult, TrustLevel, type UnlistedFinding, ValidationError, type ValidatorOptions, Verdict, allActions, analyzeToxicFlows, applyProfile, base64Wrap, buildExtractionProbes, buildInjectionProbes, buildProbe, bulkCheck, caseScramble, checkRegression, classifyPath, classifyServer, collectWatchPaths, compareReports, computeDelta, computeScores, computeSemanticSimilarity, computeVerdict, customFindingFromDict, customFindingToDict, decodeBase64Blocks, decodeHtmlEntities, deltaEntryToDict, deobfuscate, detectCanary, detectChains, detectExtraction, detectExtractionWithSemantic, detectProvider, enrichMcpResults, expandStringConcat, extractPackageSlug, extractSkillName, extractUniquePhrases, fingerprintDefense, fnmatchCase, fromAnthropic, fromEndpoint, fromLangChain, fromOllama, fromOpenAI, fromVercelAI, fuseVerdicts, generateCanary, generateConfigYaml, generateMutations, generateRemediation, generateUnlistedFindings, getFixableSkills, getWellKnownConfigs, guardReportFromDict, hasCritical, hasInvisibleChars, isRefusal, leetspeak, listProfiles, listQuarantine, loadAllCustomProbes, loadConfig, loadCredentials, loadCustomProbes, loadGuardReport, loadLicense, loadProjectConfig, loadScanReport, normalizeSkillPath, normalizeUnicode, parseProbeFile, parseResponse, prefixPadding, quarantineSkill, removeConfigKey, renderMCPResults, resolveProfile, resolveProjectConfig, restoreSkill, reverseEmbed, rot13Wrap, runGuardInit, saveConfigKey, saveCredentials, saveLicense, saveReport, scanDirectory, scanMachine, scanSkillFile, selectCanaryProbes, sha256, shannonEntropy, shouldFail, shouldIgnoreFinding, shouldIgnorePath, showConfig, slugify, stripBidiControls, stripHtmlComments, stripJsonComments, stripModelPrefix, stripTagChars, stripVariationSelectors, stripZeroWidth, topMCPFinding, topSkillFinding, totalDangers, totalSafe, totalWarnings, truncateContent, trustLevelFromScore, unescapeSequences, unicodeHomoglyphs, unlistedFindingToDict, validateProbe, verdictFromFindings, verdictScore, zeroWidthInject };
|
package/dist/index.js
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { statSync, readFileSync, existsSync, readdirSync, mkdirSync, writeFileSync, unlinkSync, realpathSync, renameSync, watch } from 'fs';
|
|
1
|
+
import { statSync, readFileSync, existsSync, readdirSync, mkdirSync, writeFileSync, unlinkSync, realpathSync, renameSync, watch, chmodSync } from 'fs';
|
|
2
2
|
import { homedir, platform } from 'os';
|
|
3
3
|
import { join, dirname, resolve, basename, extname } from 'path';
|
|
4
4
|
import { randomUUID, createHash } from 'crypto';
|
|
@@ -3126,6 +3126,7 @@ var AgentValidator = class _AgentValidator {
|
|
|
3126
3126
|
onProgress;
|
|
3127
3127
|
adaptive;
|
|
3128
3128
|
embed;
|
|
3129
|
+
customProbes;
|
|
3129
3130
|
constructor(options) {
|
|
3130
3131
|
this.agentFn = options.agentFn;
|
|
3131
3132
|
this.groundTruth = options.groundTruthPrompt;
|
|
@@ -3136,6 +3137,7 @@ var AgentValidator = class _AgentValidator {
|
|
|
3136
3137
|
this.onProgress = options.onProgress;
|
|
3137
3138
|
this.adaptive = options.adaptive ?? false;
|
|
3138
3139
|
this.embed = options.semantic?.embed;
|
|
3140
|
+
this.customProbes = options.probes;
|
|
3139
3141
|
}
|
|
3140
3142
|
// ── Factory methods ──────────────────────────────────────────────
|
|
3141
3143
|
static fromOpenAI(client, opts) {
|
|
@@ -3167,8 +3169,8 @@ var AgentValidator = class _AgentValidator {
|
|
|
3167
3169
|
const scanId = randomUUID().replace(/-/g, "").slice(0, 12);
|
|
3168
3170
|
const startTime = performance.now();
|
|
3169
3171
|
const allResults = [];
|
|
3170
|
-
const extractionProbes = buildExtractionProbes();
|
|
3171
|
-
const injectionProbes = buildInjectionProbes();
|
|
3172
|
+
const extractionProbes = this.customProbes ? this.customProbes.filter((p) => !p.canary) : buildExtractionProbes();
|
|
3173
|
+
const injectionProbes = this.customProbes ? this.customProbes.filter((p) => !!p.canary) : buildInjectionProbes();
|
|
3172
3174
|
const sem = semaphore(this.concurrency);
|
|
3173
3175
|
const icon = { blocked: "\u2713", leaked: "\u2717", partial: "\u25D0", error: "\u26A0" };
|
|
3174
3176
|
let extDone = 0;
|
|
@@ -7757,7 +7759,122 @@ var Shield = class {
|
|
|
7757
7759
|
this._watchers = [];
|
|
7758
7760
|
}
|
|
7759
7761
|
};
|
|
7762
|
+
var CONFIG_DIR = join(homedir(), ".agentseal");
|
|
7763
|
+
var DEFAULT_CONFIG_PATH = join(CONFIG_DIR, "config.json");
|
|
7764
|
+
var CONFIG_KEYS = [
|
|
7765
|
+
"model",
|
|
7766
|
+
"api-key",
|
|
7767
|
+
"ollama-url",
|
|
7768
|
+
"litellm-url",
|
|
7769
|
+
"dashboard-url",
|
|
7770
|
+
"dashboard-key"
|
|
7771
|
+
];
|
|
7772
|
+
function loadConfig(path = DEFAULT_CONFIG_PATH) {
|
|
7773
|
+
if (!existsSync(path)) return {};
|
|
7774
|
+
return JSON.parse(readFileSync(path, "utf-8"));
|
|
7775
|
+
}
|
|
7776
|
+
function saveConfigKey(key, value, path = DEFAULT_CONFIG_PATH) {
|
|
7777
|
+
const dir = dirname(path);
|
|
7778
|
+
if (!existsSync(dir)) mkdirSync(dir, { recursive: true, mode: 448 });
|
|
7779
|
+
const cfg = loadConfig(path);
|
|
7780
|
+
cfg[key] = value;
|
|
7781
|
+
writeFileSync(path, JSON.stringify(cfg, null, 2), { mode: 384 });
|
|
7782
|
+
chmodSync(path, 384);
|
|
7783
|
+
}
|
|
7784
|
+
function removeConfigKey(key, path = DEFAULT_CONFIG_PATH) {
|
|
7785
|
+
const cfg = loadConfig(path);
|
|
7786
|
+
delete cfg[key];
|
|
7787
|
+
writeFileSync(path, JSON.stringify(cfg, null, 2), { mode: 384 });
|
|
7788
|
+
chmodSync(path, 384);
|
|
7789
|
+
}
|
|
7790
|
+
function showConfig(path = DEFAULT_CONFIG_PATH) {
|
|
7791
|
+
const cfg = loadConfig(path);
|
|
7792
|
+
if (Object.keys(cfg).length === 0) return "No configuration set.";
|
|
7793
|
+
return Object.entries(cfg).map(([k, v]) => {
|
|
7794
|
+
const display = k.includes("key") ? v.slice(0, 8) + "..." : v;
|
|
7795
|
+
return ` ${k}: ${display}`;
|
|
7796
|
+
}).join("\n");
|
|
7797
|
+
}
|
|
7798
|
+
var CONFIG_DIR2 = join(homedir(), ".agentseal");
|
|
7799
|
+
function saveCredentials(apiUrl, apiKey, path) {
|
|
7800
|
+
saveConfigKey("dashboard-url", apiUrl, path ?? DEFAULT_CONFIG_PATH);
|
|
7801
|
+
saveConfigKey("dashboard-key", apiKey, path ?? DEFAULT_CONFIG_PATH);
|
|
7802
|
+
}
|
|
7803
|
+
function loadCredentials(path) {
|
|
7804
|
+
const cfg = loadConfig(path ?? DEFAULT_CONFIG_PATH);
|
|
7805
|
+
if (!cfg["dashboard-url"] || !cfg["dashboard-key"]) return null;
|
|
7806
|
+
return { apiUrl: cfg["dashboard-url"], apiKey: cfg["dashboard-key"] };
|
|
7807
|
+
}
|
|
7808
|
+
function saveLicense(key, path = join(CONFIG_DIR2, "license.json")) {
|
|
7809
|
+
const dir = dirname(path);
|
|
7810
|
+
if (!existsSync(dir)) mkdirSync(dir, { recursive: true, mode: 448 });
|
|
7811
|
+
writeFileSync(path, JSON.stringify({ key, activated: (/* @__PURE__ */ new Date()).toISOString() }, null, 2), { mode: 384 });
|
|
7812
|
+
chmodSync(path, 384);
|
|
7813
|
+
}
|
|
7814
|
+
function loadLicense(path = join(CONFIG_DIR2, "license.json")) {
|
|
7815
|
+
if (!existsSync(path)) return null;
|
|
7816
|
+
const data = JSON.parse(readFileSync(path, "utf-8"));
|
|
7817
|
+
return data.key ?? null;
|
|
7818
|
+
}
|
|
7819
|
+
|
|
7820
|
+
// src/watch.ts
|
|
7821
|
+
var DEFAULT_CANARY_IDS = [
|
|
7822
|
+
"ext_direct_1",
|
|
7823
|
+
"ext_roleplay_1",
|
|
7824
|
+
"inj_override_1",
|
|
7825
|
+
"inj_delim_1",
|
|
7826
|
+
"inj_indirect_1"
|
|
7827
|
+
];
|
|
7828
|
+
function selectCanaryProbes(csv) {
|
|
7829
|
+
const allProbes = [...buildExtractionProbes(), ...buildInjectionProbes()];
|
|
7830
|
+
if (csv) {
|
|
7831
|
+
const ids = csv.split(",").map((s) => s.trim());
|
|
7832
|
+
return allProbes.filter((p) => ids.includes(p.probe_id));
|
|
7833
|
+
}
|
|
7834
|
+
return allProbes.filter((p) => DEFAULT_CANARY_IDS.includes(p.probe_id));
|
|
7835
|
+
}
|
|
7836
|
+
function checkRegression(currentScore, baselineScore, threshold = 5) {
|
|
7837
|
+
if (baselineScore === null) return { score: currentScore, baseline: null, regression: false, delta: 0 };
|
|
7838
|
+
const delta = baselineScore - currentScore;
|
|
7839
|
+
return { score: currentScore, baseline: baselineScore, regression: delta > threshold, delta };
|
|
7840
|
+
}
|
|
7841
|
+
|
|
7842
|
+
// src/scan-mcp-cli.ts
|
|
7843
|
+
function renderMCPResults(results, verbose) {
|
|
7844
|
+
const R = "\x1B[0m";
|
|
7845
|
+
const B = "\x1B[1m";
|
|
7846
|
+
const C = "\x1B[36m";
|
|
7847
|
+
const G = "\x1B[32m";
|
|
7848
|
+
const Y = "\x1B[33m";
|
|
7849
|
+
const RED = "\x1B[31m";
|
|
7850
|
+
const D = "\x1B[90m";
|
|
7851
|
+
console.log(`
|
|
7852
|
+
${C}${B}MCP Server Scan Results${R}
|
|
7853
|
+
`);
|
|
7854
|
+
for (const r of results) {
|
|
7855
|
+
const color = r.verdict === "safe" ? G : r.verdict === "warning" ? Y : RED;
|
|
7856
|
+
const score = r.trust_score !== void 0 ? ` (${r.trust_score}/100)` : "";
|
|
7857
|
+
console.log(` ${color}${r.verdict.toUpperCase()}${R} ${r.server_name}${score} \u2014 ${r.tools_count} tools`);
|
|
7858
|
+
if (verbose || r.verdict !== "safe") {
|
|
7859
|
+
for (const f of r.findings) {
|
|
7860
|
+
const sevColor = f.severity === "critical" || f.severity === "high" ? RED : f.severity === "medium" ? Y : D;
|
|
7861
|
+
console.log(` ${sevColor}${f.severity}${R} ${f.code}: ${f.title}`);
|
|
7862
|
+
}
|
|
7863
|
+
}
|
|
7864
|
+
}
|
|
7865
|
+
const dangers = results.filter((r) => r.verdict === "danger").length;
|
|
7866
|
+
const warnings = results.filter((r) => r.verdict === "warning").length;
|
|
7867
|
+
const safe = results.filter((r) => r.verdict === "safe").length;
|
|
7868
|
+
console.log(`
|
|
7869
|
+
${D}${"\u2500".repeat(50)}${R}`);
|
|
7870
|
+
const parts = [];
|
|
7871
|
+
if (dangers > 0) parts.push(`${RED}${B}${dangers} DANGER${R}`);
|
|
7872
|
+
if (warnings > 0) parts.push(`${Y}${B}${warnings} WARNING${R}`);
|
|
7873
|
+
parts.push(`${G}${B}${safe} SAFE${R}`);
|
|
7874
|
+
console.log(` ${parts.join(" ")}`);
|
|
7875
|
+
console.log();
|
|
7876
|
+
}
|
|
7760
7877
|
|
|
7761
|
-
export { AgentSealError, AgentValidator, BACKUPS_DIR, BOUNDARY_CATEGORIES, BOUNDARY_WEIGHT, BaselineStore, Blocklist, COMMON_WORDS, CONSISTENCY_WEIGHT, DANGER_CONCEPTS, DATA_EXTRACTION_WEIGHT, DebouncedHandler, DeltaResult, EXTRACTION_WEIGHT, Guard, GuardVerdict, HistoryStore, INJECTION_WEIGHT, KNOWN_SERVER_LABELS, LABEL_DESTRUCTIVE, LABEL_PRIVATE, LABEL_PUBLIC_SINK, LABEL_UNTRUSTED, LLMJudge, MAX_CONTENT_BYTES, MCPConfigChecker, Notifier, PROFILES, PROJECT_MCP_CONFIGS, PROJECT_SKILL_DIRS, PROJECT_SKILL_FILES, ProbeTimeoutError, ProviderError, QUARANTINE_DIR, REFUSAL_PHRASES, REPORTS_DIR, RuleEngine, SEMANTIC_HIGH_THRESHOLD, SEMANTIC_MODERATE_THRESHOLD, SEVERITY_ORDER, SYSTEM_PROMPT, Severity, Shield, SkillScanner, TRANSFORMS, TrustLevel, ValidationError, Verdict, allActions, analyzeToxicFlows, applyProfile, base64Wrap, buildExtractionProbes, buildInjectionProbes, buildProbe, bulkCheck, caseScramble, classifyPath, classifyServer, collectWatchPaths, compareReports, computeDelta, computeScores, computeSemanticSimilarity, computeVerdict, customFindingFromDict, customFindingToDict, decodeBase64Blocks, decodeHtmlEntities, deltaEntryToDict, deobfuscate, detectCanary, detectChains, detectExtraction, detectExtractionWithSemantic, detectProvider, enrichMcpResults, expandStringConcat, extractPackageSlug, extractSkillName, extractUniquePhrases, fingerprintDefense, fnmatchCase, fromAnthropic, fromEndpoint, fromLangChain, fromOllama, fromOpenAI, fromVercelAI, fuseVerdicts, generateCanary, generateConfigYaml, generateMutations, generateRemediation, generateUnlistedFindings, getFixableSkills, getWellKnownConfigs, guardReportFromDict, hasCritical, hasInvisibleChars, isRefusal, leetspeak, listProfiles, listQuarantine, loadAllCustomProbes, loadCustomProbes, loadGuardReport, loadProjectConfig, loadScanReport, normalizeSkillPath, normalizeUnicode, parseProbeFile, parseResponse, prefixPadding, quarantineSkill, resolveProfile, resolveProjectConfig, restoreSkill, reverseEmbed, rot13Wrap, runGuardInit, saveReport, scanDirectory, scanMachine, scanSkillFile, sha256, shannonEntropy, shouldFail, shouldIgnoreFinding, shouldIgnorePath, slugify, stripBidiControls, stripHtmlComments, stripJsonComments, stripModelPrefix, stripTagChars, stripVariationSelectors, stripZeroWidth, topMCPFinding, topSkillFinding, totalDangers, totalSafe, totalWarnings, truncateContent, trustLevelFromScore, unescapeSequences, unicodeHomoglyphs, unlistedFindingToDict, validateProbe, verdictFromFindings, verdictScore, zeroWidthInject };
|
|
7878
|
+
export { AgentSealError, AgentValidator, BACKUPS_DIR, BOUNDARY_CATEGORIES, BOUNDARY_WEIGHT, BaselineStore, Blocklist, COMMON_WORDS, CONFIG_KEYS, CONSISTENCY_WEIGHT, DANGER_CONCEPTS, DATA_EXTRACTION_WEIGHT, DebouncedHandler, DeltaResult, EXTRACTION_WEIGHT, Guard, GuardVerdict, HistoryStore, INJECTION_WEIGHT, KNOWN_SERVER_LABELS, LABEL_DESTRUCTIVE, LABEL_PRIVATE, LABEL_PUBLIC_SINK, LABEL_UNTRUSTED, LLMJudge, MAX_CONTENT_BYTES, MCPConfigChecker, Notifier, PROFILES, PROJECT_MCP_CONFIGS, PROJECT_SKILL_DIRS, PROJECT_SKILL_FILES, ProbeTimeoutError, ProviderError, QUARANTINE_DIR, REFUSAL_PHRASES, REPORTS_DIR, RuleEngine, SEMANTIC_HIGH_THRESHOLD, SEMANTIC_MODERATE_THRESHOLD, SEVERITY_ORDER, SYSTEM_PROMPT, Severity, Shield, SkillScanner, TRANSFORMS, TrustLevel, ValidationError, Verdict, allActions, analyzeToxicFlows, applyProfile, base64Wrap, buildExtractionProbes, buildInjectionProbes, buildProbe, bulkCheck, caseScramble, checkRegression, classifyPath, classifyServer, collectWatchPaths, compareReports, computeDelta, computeScores, computeSemanticSimilarity, computeVerdict, customFindingFromDict, customFindingToDict, decodeBase64Blocks, decodeHtmlEntities, deltaEntryToDict, deobfuscate, detectCanary, detectChains, detectExtraction, detectExtractionWithSemantic, detectProvider, enrichMcpResults, expandStringConcat, extractPackageSlug, extractSkillName, extractUniquePhrases, fingerprintDefense, fnmatchCase, fromAnthropic, fromEndpoint, fromLangChain, fromOllama, fromOpenAI, fromVercelAI, fuseVerdicts, generateCanary, generateConfigYaml, generateMutations, generateRemediation, generateUnlistedFindings, getFixableSkills, getWellKnownConfigs, guardReportFromDict, hasCritical, hasInvisibleChars, isRefusal, leetspeak, listProfiles, listQuarantine, loadAllCustomProbes, loadConfig, loadCredentials, loadCustomProbes, loadGuardReport, loadLicense, loadProjectConfig, loadScanReport, normalizeSkillPath, normalizeUnicode, parseProbeFile, parseResponse, prefixPadding, quarantineSkill, removeConfigKey, renderMCPResults, resolveProfile, resolveProjectConfig, restoreSkill, reverseEmbed, rot13Wrap, runGuardInit, saveConfigKey, saveCredentials, saveLicense, saveReport, scanDirectory, scanMachine, scanSkillFile, selectCanaryProbes, sha256, shannonEntropy, shouldFail, shouldIgnoreFinding, shouldIgnorePath, showConfig, slugify, stripBidiControls, stripHtmlComments, stripJsonComments, stripModelPrefix, stripTagChars, stripVariationSelectors, stripZeroWidth, topMCPFinding, topSkillFinding, totalDangers, totalSafe, totalWarnings, truncateContent, trustLevelFromScore, unescapeSequences, unicodeHomoglyphs, unlistedFindingToDict, validateProbe, verdictFromFindings, verdictScore, zeroWidthInject };
|
|
7762
7879
|
//# sourceMappingURL=index.js.map
|
|
7763
7880
|
//# sourceMappingURL=index.js.map
|