agentseal 0.8.1 → 0.9.1

package/dist/index.d.cts

@@ -122,7 +122,6 @@ interface ValidatorOptions {
     semantic?: {
         embed: EmbedFn;
     };
-    probes?: Probe[];
 }
 
 declare class AgentSealError extends Error {
@@ -236,7 +235,6 @@ declare class AgentValidator {
     private onProgress;
     private adaptive;
     private embed;
-    private customProbes;
     constructor(options: ValidatorOptions);
     static fromOpenAI(client: Parameters<typeof fromOpenAI>[0], opts: Parameters<typeof fromOpenAI>[1] & Omit<ValidatorOptions, "agentFn">): AgentValidator;
     static fromAnthropic(client: Parameters<typeof fromAnthropic>[0], opts: Parameters<typeof fromAnthropic>[1] & Omit<ValidatorOptions, "agentFn">): AgentValidator;
@@ -900,7 +898,7 @@ interface AgentDef {
 declare function getWellKnownConfigs(): AgentDef[];
 /** Strip // and /* * / comments from JSONC. Preserves URLs inside strings. */
 declare function stripJsonComments(text: string): string;
-interface MCPServerConfig {
+interface MCPServerConfig$1 {
     name: string;
     source_file: string;
     agent_type: string;
@@ -908,7 +906,7 @@ interface MCPServerConfig {
 }
 interface DiscoveryResult {
     agents: AgentConfigResult[];
-    mcpServers: MCPServerConfig[];
+    mcpServers: MCPServerConfig$1[];
     skillPaths: string[];
 }
 /**
@@ -1339,41 +1337,170 @@ declare class Shield {
     stop(): void;
 }
 
-declare const CONFIG_KEYS: readonly ["model", "api-key", "ollama-url", "litellm-url", "dashboard-url", "dashboard-key"];
-declare function loadConfig(path?: string): Record<string, string>;
-declare function saveConfigKey(key: string, value: string, path?: string): void;
-declare function removeConfigKey(key: string, path?: string): void;
-declare function showConfig(path?: string): string;
-
-interface Credentials {
-    apiUrl: string;
-    apiKey: string;
+interface MCPServerConfig {
+    name: string;
+    command: string;
+    args: string[];
+    env: Record<string, string>;
+    sourceFile: string | null;
+    transport: string;
+    url: string | null;
+    packageId: string | null;
+    agents: string[];
+}
+interface SkillPath {
+    path: string;
+    platform: string;
+    format: string;
+}
+interface CollectedAgent {
+    name: string;
+    agentType: string;
+    configPath: string;
+    mcpServers: MCPServerConfig[];
+    skills: SkillPath[];
+    status: string;
+}
+interface Finding {
+    code: string;
+    title: string;
+    description: string;
+    severity: string;
+    source: string | null;
+    serverName: string;
+    agentNames: string[];
+    evidence: string;
+    remediation: string;
+    confidence: number;
+}
+interface RegistryData {
+    trustScore: number;
+    findings: Finding[];
+    capabilityLabels: Set<string>;
+    analyzedVersion: string | null;
+    analyzedAt: string | null;
+    tools: string[];
+}
+interface MatchResult {
+    server: MCPServerConfig;
+    registryHit: RegistryData | null;
+    needsRuntime: boolean;
+    versionGap: string | null;
+    analysisMethod: string;
+}
+interface GuardScanResult {
+    agents: CollectedAgent[];
+    matchResults: MatchResult[];
+    findings: Finding[];
+    machineScore: number;
+    serversScanned: number;
+    fromRegistry: number;
+    failed: number;
+    scanDurationSeconds: number;
+    deepAnalysis: Record<string, unknown> | null;
+}
+
+interface GuardEngineOptions {
+    skipRuntime?: boolean;
+    deep?: boolean;
+    deepAll?: boolean;
+    deepTimeout?: number;
+    model?: string;
+    apiKey?: string;
+    baselinePath?: string;
+    cachePath?: string;
+    projectPath?: string;
+    noProcessScan?: boolean;
+    interactive?: boolean;
+}
+declare class GuardEngine {
+    private opts;
+    constructor(opts?: GuardEngineOptions);
+    run(): Promise<GuardScanResult>;
+    private deduplicateServers;
+    static ciExitCode(result: GuardScanResult, failOn?: string): number;
 }
-declare function saveCredentials(apiUrl: string, apiKey: string, path?: string): void;
-declare function loadCredentials(path?: string): Credentials | null;
-declare function saveLicense(key: string, path?: string): void;
-declare function loadLicense(path?: string): string | null;
 
-declare function selectCanaryProbes(csv?: string): Array<Record<string, any>>;
-declare function checkRegression(currentScore: number, baselineScore: number | null, threshold?: number): {
-    score: number;
-    baseline: number | null;
-    regression: boolean;
-    delta: number;
-};
+declare function formatTerminal(result: GuardScanResult): string;
 
-interface MCPScanResult {
-    server_name: string;
-    verdict: string;
-    findings: Array<{
-        code: string;
-        severity: string;
-        title: string;
-        detail?: string;
-    }>;
-    trust_score?: number;
-    tools_count: number;
-}
-declare function renderMCPResults(results: MCPScanResult[], verbose: boolean): void;
+declare function formatJson(result: GuardScanResult): string;
+
+declare function formatSarif(result: GuardScanResult): Record<string, unknown>;
+
+declare function computeMachineScore(opts: {
+    matchResults: MatchResult[];
+    findings: Finding[];
+}): number;
 
-export { type AffectedProbe, type AgentConfigResult, AgentSealError, AgentValidator, type AttackChain, BACKUPS_DIR, BOUNDARY_CATEGORIES, BOUNDARY_WEIGHT, type BaselineChange, type BaselineChangeResult, type BaselineEntry, BaselineStore, Blocklist, COMMON_WORDS, CONFIG_KEYS, CONSISTENCY_WEIGHT, type ChainStep, type ChatFn, type CompareResult, type CustomFinding, DANGER_CONCEPTS, DATA_EXTRACTION_WEIGHT, DebouncedHandler, type DefenseProfile, type DeltaEntry, DeltaResult, type DiscoveryResult, EXTRACTION_WEIGHT, type EmbedFn, type FixResult, Guard, type GuardOptions, type GuardProgressFn, type GuardReport, GuardVerdict, HistoryStore, INJECTION_WEIGHT, type IgnoreFindingEntry, KNOWN_SERVER_LABELS, LABEL_DESTRUCTIVE, LABEL_PRIVATE, LABEL_PUBLIC_SINK, LABEL_UNTRUSTED, LLMJudge, type LLMJudgeFinding, type LLMJudgeOptions, type LLMJudgeResult, MAX_CONTENT_BYTES, MCPConfigChecker, type MCPFinding, type MCPRuntimeFinding, type MCPRuntimeResult, type MCPServerResult, Notifier, PROFILES, PROJECT_MCP_CONFIGS, PROJECT_SKILL_DIRS, PROJECT_SKILL_FILES, type Probe, type ProbeResult, ProbeTimeoutError, type ProfileConfig, type ProgressFn, type ProjectConfig, ProviderError, QUARANTINE_DIR, type QuarantineEntry, REFUSAL_PHRASES, REPORTS_DIR, type RemediationItem, type RemediationReport, type Rule, RuleEngine, type RuleTest, type RuleTestResult, SEMANTIC_HIGH_THRESHOLD, SEMANTIC_MODERATE_THRESHOLD, SEVERITY_ORDER, SYSTEM_PROMPT, type ScanReport, type ScoreBreakdown, Severity, Shield, type ShieldCallback, type ShieldOptions, type SkillFinding, type SkillResult, SkillScanner, TRANSFORMS, type ToxicFlowResult, TrustLevel, type UnlistedFinding, ValidationError, type ValidatorOptions, Verdict, allActions, analyzeToxicFlows, applyProfile, base64Wrap, buildExtractionProbes, buildInjectionProbes, buildProbe, bulkCheck, caseScramble, checkRegression, classifyPath, classifyServer, collectWatchPaths, compareReports, computeDelta, computeScores, computeSemanticSimilarity, computeVerdict, customFindingFromDict, customFindingToDict, decodeBase64Blocks, decodeHtmlEntities, deltaEntryToDict, deobfuscate, detectCanary, detectChains, detectExtraction, detectExtractionWithSemantic, detectProvider, enrichMcpResults, expandStringConcat, extractPackageSlug, extractSkillName, extractUniquePhrases, fingerprintDefense, fnmatchCase, fromAnthropic, fromEndpoint, fromLangChain, fromOllama, fromOpenAI, fromVercelAI, fuseVerdicts, generateCanary, generateConfigYaml, generateMutations, generateRemediation, generateUnlistedFindings, getFixableSkills, getWellKnownConfigs, guardReportFromDict, hasCritical, hasInvisibleChars, isRefusal, leetspeak, listProfiles, listQuarantine, loadAllCustomProbes, loadConfig, loadCredentials, loadCustomProbes, loadGuardReport, loadLicense, loadProjectConfig, loadScanReport, normalizeSkillPath, normalizeUnicode, parseProbeFile, parseResponse, prefixPadding, quarantineSkill, removeConfigKey, renderMCPResults, resolveProfile, resolveProjectConfig, restoreSkill, reverseEmbed, rot13Wrap, runGuardInit, saveConfigKey, saveCredentials, saveLicense, saveReport, scanDirectory, scanMachine, scanSkillFile, selectCanaryProbes, sha256, shannonEntropy, shouldFail, shouldIgnoreFinding, shouldIgnorePath, showConfig, slugify, stripBidiControls, stripHtmlComments, stripJsonComments, stripModelPrefix, stripTagChars, stripVariationSelectors, stripZeroWidth, topMCPFinding, topSkillFinding, totalDangers, totalSafe, totalWarnings, truncateContent, trustLevelFromScore, unescapeSequences, unicodeHomoglyphs, unlistedFindingToDict, validateProbe, verdictFromFindings, verdictScore, zeroWidthInject };
+declare function collectAll(): CollectedAgent[];
+
+declare function extractPackageId(server: MCPServerConfig): string | null;
+
+interface CacheEntry {
+    trust_score?: number;
+    trustScore?: number;
+    findings?: unknown[];
+    capability_labels?: string[];
+    capabilityLabels?: string[];
+    analyzed_version?: string | null;
+    analyzedVersion?: string | null;
+    analyzed_at?: string | null;
+    analyzedAt?: string | null;
+    tools?: string[];
+}
+interface CacheData {
+    fetchedAt?: number;
+    fetched_at?: number;
+    updated_at?: number;
+    servers: Record<string, CacheEntry>;
+}
+declare class RegistryCache {
+    private cachePath;
+    private baseUrl;
+    private skipFetch;
+    private data;
+    constructor(opts?: {
+        path?: string;
+        baseUrl?: string;
+        skipFetch?: boolean;
+    });
+    private _loadFromDisk;
+    isStale(): boolean;
+    serverCount(): number;
+    fetchRemote(): Promise<number>;
+    ensureFresh(): Promise<void>;
+    lookup(packageId: string | null): RegistryData | null;
+    _setData(data: CacheData): void;
+}
+
+declare abstract class Analyzer {
+    abstract name: string;
+    requiresRuntime: boolean;
+    requiresLlm: boolean;
+    abstract analyze(opts: {
+        agents?: CollectedAgent[];
+        matchResults?: MatchResult[];
+        findings?: Finding[];
+        skills?: SkillPath[];
+        toolHashes?: Record<string, Record<string, [string, string]>>;
+    }): Finding[];
+}
+
+declare class PatternAnalyzer extends Analyzer {
+    name: string;
+    analyze(opts: {
+        agents?: CollectedAgent[];
+    }): Finding[];
+    private _checkServer;
+    private _finding;
+    private _checkConf001;
+    private _checkConf002;
+    private _checkConf003;
+    private _checkConf004;
+    private _checkConf005;
+    private _checkConf006;
+    private _checkConf007;
+    private _checkConf008;
+}
+
+export { type AffectedProbe, type AgentConfigResult, AgentSealError, AgentValidator, type AttackChain, BACKUPS_DIR, BOUNDARY_CATEGORIES, BOUNDARY_WEIGHT, type BaselineChange, type BaselineChangeResult, type BaselineEntry, BaselineStore, Blocklist, COMMON_WORDS, CONSISTENCY_WEIGHT, type ChainStep, type ChatFn, type CollectedAgent, type CompareResult, type CustomFinding, DANGER_CONCEPTS, DATA_EXTRACTION_WEIGHT, DebouncedHandler, type DefenseProfile, type DeltaEntry, DeltaResult, type DiscoveryResult, EXTRACTION_WEIGHT, type EmbedFn, type FixResult, Guard, GuardEngine, type GuardEngineOptions, type Finding as GuardFinding, type MCPServerConfig as GuardMCPServerConfig, type GuardOptions, type GuardProgressFn, type GuardReport, type GuardScanResult, type SkillPath as GuardSkillPath, GuardVerdict, HistoryStore, INJECTION_WEIGHT, type IgnoreFindingEntry, KNOWN_SERVER_LABELS, LABEL_DESTRUCTIVE, LABEL_PRIVATE, LABEL_PUBLIC_SINK, LABEL_UNTRUSTED, LLMJudge, type LLMJudgeFinding, type LLMJudgeOptions, type LLMJudgeResult, MAX_CONTENT_BYTES, MCPConfigChecker, type MCPFinding, type MCPRuntimeFinding, type MCPRuntimeResult, type MCPServerResult, type MatchResult, Notifier, PROFILES, PROJECT_MCP_CONFIGS, PROJECT_SKILL_DIRS, PROJECT_SKILL_FILES, PatternAnalyzer, type Probe, type ProbeResult, ProbeTimeoutError, type ProfileConfig, type ProgressFn, type ProjectConfig, ProviderError, QUARANTINE_DIR, type QuarantineEntry, REFUSAL_PHRASES, REPORTS_DIR, RegistryCache, type RegistryData, type RemediationItem, type RemediationReport, type Rule, RuleEngine, type RuleTest, type RuleTestResult, SEMANTIC_HIGH_THRESHOLD, SEMANTIC_MODERATE_THRESHOLD, SEVERITY_ORDER, SYSTEM_PROMPT, type ScanReport, type ScoreBreakdown, Severity, Shield, type ShieldCallback, type ShieldOptions, type SkillFinding, type SkillResult, SkillScanner, TRANSFORMS, type ToxicFlowResult, TrustLevel, type UnlistedFinding, ValidationError, type ValidatorOptions, Verdict, allActions, analyzeToxicFlows, applyProfile, base64Wrap, buildExtractionProbes, buildInjectionProbes, buildProbe, bulkCheck, caseScramble, classifyPath, classifyServer, collectAll, collectWatchPaths, compareReports, computeDelta, computeMachineScore, computeScores, computeSemanticSimilarity, computeVerdict, customFindingFromDict, customFindingToDict, decodeBase64Blocks, decodeHtmlEntities, deltaEntryToDict, deobfuscate, detectCanary, detectChains, detectExtraction, detectExtractionWithSemantic, detectProvider, enrichMcpResults, expandStringConcat, extractPackageId, extractPackageSlug, extractSkillName, extractUniquePhrases, fingerprintDefense, fnmatchCase, formatJson, formatSarif, formatTerminal, fromAnthropic, fromEndpoint, fromLangChain, fromOllama, fromOpenAI, fromVercelAI, fuseVerdicts, generateCanary, generateConfigYaml, generateMutations, generateRemediation, generateUnlistedFindings, getFixableSkills, getWellKnownConfigs, guardReportFromDict, hasCritical, hasInvisibleChars, isRefusal, leetspeak, listProfiles, listQuarantine, loadAllCustomProbes, loadCustomProbes, loadGuardReport, loadProjectConfig, loadScanReport, normalizeSkillPath, normalizeUnicode, parseProbeFile, parseResponse, prefixPadding, quarantineSkill, resolveProfile, resolveProjectConfig, restoreSkill, reverseEmbed, rot13Wrap, runGuardInit, saveReport, scanDirectory, scanMachine, scanSkillFile, sha256, shannonEntropy, shouldFail, shouldIgnoreFinding, shouldIgnorePath, slugify, stripBidiControls, stripHtmlComments, stripJsonComments, stripModelPrefix, stripTagChars, stripVariationSelectors, stripZeroWidth, topMCPFinding, topSkillFinding, totalDangers, totalSafe, totalWarnings, truncateContent, trustLevelFromScore, unescapeSequences, unicodeHomoglyphs, unlistedFindingToDict, validateProbe, verdictFromFindings, verdictScore, zeroWidthInject };

package/dist/index.d.ts

@@ -122,7 +122,6 @@ interface ValidatorOptions {
     semantic?: {
         embed: EmbedFn;
     };
-    probes?: Probe[];
 }
 
 declare class AgentSealError extends Error {
@@ -236,7 +235,6 @@ declare class AgentValidator {
     private onProgress;
     private adaptive;
     private embed;
-    private customProbes;
     constructor(options: ValidatorOptions);
     static fromOpenAI(client: Parameters<typeof fromOpenAI>[0], opts: Parameters<typeof fromOpenAI>[1] & Omit<ValidatorOptions, "agentFn">): AgentValidator;
     static fromAnthropic(client: Parameters<typeof fromAnthropic>[0], opts: Parameters<typeof fromAnthropic>[1] & Omit<ValidatorOptions, "agentFn">): AgentValidator;
@@ -900,7 +898,7 @@ interface AgentDef {
 declare function getWellKnownConfigs(): AgentDef[];
 /** Strip // and /* * / comments from JSONC. Preserves URLs inside strings. */
 declare function stripJsonComments(text: string): string;
-interface MCPServerConfig {
+interface MCPServerConfig$1 {
     name: string;
     source_file: string;
     agent_type: string;
@@ -908,7 +906,7 @@ interface MCPServerConfig {
 }
 interface DiscoveryResult {
     agents: AgentConfigResult[];
-    mcpServers: MCPServerConfig[];
+    mcpServers: MCPServerConfig$1[];
     skillPaths: string[];
 }
 /**
@@ -1339,41 +1337,170 @@ declare class Shield {
     stop(): void;
 }
 
-declare const CONFIG_KEYS: readonly ["model", "api-key", "ollama-url", "litellm-url", "dashboard-url", "dashboard-key"];
-declare function loadConfig(path?: string): Record<string, string>;
-declare function saveConfigKey(key: string, value: string, path?: string): void;
-declare function removeConfigKey(key: string, path?: string): void;
-declare function showConfig(path?: string): string;
-
-interface Credentials {
-    apiUrl: string;
-    apiKey: string;
+interface MCPServerConfig {
+    name: string;
+    command: string;
+    args: string[];
+    env: Record<string, string>;
+    sourceFile: string | null;
+    transport: string;
+    url: string | null;
+    packageId: string | null;
+    agents: string[];
+}
+interface SkillPath {
+    path: string;
+    platform: string;
+    format: string;
+}
+interface CollectedAgent {
+    name: string;
+    agentType: string;
+    configPath: string;
+    mcpServers: MCPServerConfig[];
+    skills: SkillPath[];
+    status: string;
+}
+interface Finding {
+    code: string;
+    title: string;
+    description: string;
+    severity: string;
+    source: string | null;
+    serverName: string;
+    agentNames: string[];
+    evidence: string;
+    remediation: string;
+    confidence: number;
+}
+interface RegistryData {
+    trustScore: number;
+    findings: Finding[];
+    capabilityLabels: Set<string>;
+    analyzedVersion: string | null;
+    analyzedAt: string | null;
+    tools: string[];
+}
+interface MatchResult {
+    server: MCPServerConfig;
+    registryHit: RegistryData | null;
+    needsRuntime: boolean;
+    versionGap: string | null;
+    analysisMethod: string;
+}
+interface GuardScanResult {
+    agents: CollectedAgent[];
+    matchResults: MatchResult[];
+    findings: Finding[];
+    machineScore: number;
+    serversScanned: number;
+    fromRegistry: number;
+    failed: number;
+    scanDurationSeconds: number;
+    deepAnalysis: Record<string, unknown> | null;
+}
+
+interface GuardEngineOptions {
+    skipRuntime?: boolean;
+    deep?: boolean;
+    deepAll?: boolean;
+    deepTimeout?: number;
+    model?: string;
+    apiKey?: string;
+    baselinePath?: string;
+    cachePath?: string;
+    projectPath?: string;
+    noProcessScan?: boolean;
+    interactive?: boolean;
+}
+declare class GuardEngine {
+    private opts;
+    constructor(opts?: GuardEngineOptions);
+    run(): Promise<GuardScanResult>;
+    private deduplicateServers;
+    static ciExitCode(result: GuardScanResult, failOn?: string): number;
 }
-declare function saveCredentials(apiUrl: string, apiKey: string, path?: string): void;
-declare function loadCredentials(path?: string): Credentials | null;
-declare function saveLicense(key: string, path?: string): void;
-declare function loadLicense(path?: string): string | null;
 
-declare function selectCanaryProbes(csv?: string): Array<Record<string, any>>;
-declare function checkRegression(currentScore: number, baselineScore: number | null, threshold?: number): {
-    score: number;
-    baseline: number | null;
-    regression: boolean;
-    delta: number;
-};
+declare function formatTerminal(result: GuardScanResult): string;
 
-interface MCPScanResult {
-    server_name: string;
-    verdict: string;
-    findings: Array<{
-        code: string;
-        severity: string;
-        title: string;
-        detail?: string;
-    }>;
-    trust_score?: number;
-    tools_count: number;
-}
-declare function renderMCPResults(results: MCPScanResult[], verbose: boolean): void;
+declare function formatJson(result: GuardScanResult): string;
+
+declare function formatSarif(result: GuardScanResult): Record<string, unknown>;
+
+declare function computeMachineScore(opts: {
+    matchResults: MatchResult[];
+    findings: Finding[];
+}): number;
 
-export { type AffectedProbe, type AgentConfigResult, AgentSealError, AgentValidator, type AttackChain, BACKUPS_DIR, BOUNDARY_CATEGORIES, BOUNDARY_WEIGHT, type BaselineChange, type BaselineChangeResult, type BaselineEntry, BaselineStore, Blocklist, COMMON_WORDS, CONFIG_KEYS, CONSISTENCY_WEIGHT, type ChainStep, type ChatFn, type CompareResult, type CustomFinding, DANGER_CONCEPTS, DATA_EXTRACTION_WEIGHT, DebouncedHandler, type DefenseProfile, type DeltaEntry, DeltaResult, type DiscoveryResult, EXTRACTION_WEIGHT, type EmbedFn, type FixResult, Guard, type GuardOptions, type GuardProgressFn, type GuardReport, GuardVerdict, HistoryStore, INJECTION_WEIGHT, type IgnoreFindingEntry, KNOWN_SERVER_LABELS, LABEL_DESTRUCTIVE, LABEL_PRIVATE, LABEL_PUBLIC_SINK, LABEL_UNTRUSTED, LLMJudge, type LLMJudgeFinding, type LLMJudgeOptions, type LLMJudgeResult, MAX_CONTENT_BYTES, MCPConfigChecker, type MCPFinding, type MCPRuntimeFinding, type MCPRuntimeResult, type MCPServerResult, Notifier, PROFILES, PROJECT_MCP_CONFIGS, PROJECT_SKILL_DIRS, PROJECT_SKILL_FILES, type Probe, type ProbeResult, ProbeTimeoutError, type ProfileConfig, type ProgressFn, type ProjectConfig, ProviderError, QUARANTINE_DIR, type QuarantineEntry, REFUSAL_PHRASES, REPORTS_DIR, type RemediationItem, type RemediationReport, type Rule, RuleEngine, type RuleTest, type RuleTestResult, SEMANTIC_HIGH_THRESHOLD, SEMANTIC_MODERATE_THRESHOLD, SEVERITY_ORDER, SYSTEM_PROMPT, type ScanReport, type ScoreBreakdown, Severity, Shield, type ShieldCallback, type ShieldOptions, type SkillFinding, type SkillResult, SkillScanner, TRANSFORMS, type ToxicFlowResult, TrustLevel, type UnlistedFinding, ValidationError, type ValidatorOptions, Verdict, allActions, analyzeToxicFlows, applyProfile, base64Wrap, buildExtractionProbes, buildInjectionProbes, buildProbe, bulkCheck, caseScramble, checkRegression, classifyPath, classifyServer, collectWatchPaths, compareReports, computeDelta, computeScores, computeSemanticSimilarity, computeVerdict, customFindingFromDict, customFindingToDict, decodeBase64Blocks, decodeHtmlEntities, deltaEntryToDict, deobfuscate, detectCanary, detectChains, detectExtraction, detectExtractionWithSemantic, detectProvider, enrichMcpResults, expandStringConcat, extractPackageSlug, extractSkillName, extractUniquePhrases, fingerprintDefense, fnmatchCase, fromAnthropic, fromEndpoint, fromLangChain, fromOllama, fromOpenAI, fromVercelAI, fuseVerdicts, generateCanary, generateConfigYaml, generateMutations, generateRemediation, generateUnlistedFindings, getFixableSkills, getWellKnownConfigs, guardReportFromDict, hasCritical, hasInvisibleChars, isRefusal, leetspeak, listProfiles, listQuarantine, loadAllCustomProbes, loadConfig, loadCredentials, loadCustomProbes, loadGuardReport, loadLicense, loadProjectConfig, loadScanReport, normalizeSkillPath, normalizeUnicode, parseProbeFile, parseResponse, prefixPadding, quarantineSkill, removeConfigKey, renderMCPResults, resolveProfile, resolveProjectConfig, restoreSkill, reverseEmbed, rot13Wrap, runGuardInit, saveConfigKey, saveCredentials, saveLicense, saveReport, scanDirectory, scanMachine, scanSkillFile, selectCanaryProbes, sha256, shannonEntropy, shouldFail, shouldIgnoreFinding, shouldIgnorePath, showConfig, slugify, stripBidiControls, stripHtmlComments, stripJsonComments, stripModelPrefix, stripTagChars, stripVariationSelectors, stripZeroWidth, topMCPFinding, topSkillFinding, totalDangers, totalSafe, totalWarnings, truncateContent, trustLevelFromScore, unescapeSequences, unicodeHomoglyphs, unlistedFindingToDict, validateProbe, verdictFromFindings, verdictScore, zeroWidthInject };
+declare function collectAll(): CollectedAgent[];
+
+declare function extractPackageId(server: MCPServerConfig): string | null;
+
+interface CacheEntry {
+    trust_score?: number;
+    trustScore?: number;
+    findings?: unknown[];
+    capability_labels?: string[];
+    capabilityLabels?: string[];
+    analyzed_version?: string | null;
+    analyzedVersion?: string | null;
+    analyzed_at?: string | null;
+    analyzedAt?: string | null;
+    tools?: string[];
+}
+interface CacheData {
+    fetchedAt?: number;
+    fetched_at?: number;
+    updated_at?: number;
+    servers: Record<string, CacheEntry>;
+}
+declare class RegistryCache {
+    private cachePath;
+    private baseUrl;
+    private skipFetch;
+    private data;
+    constructor(opts?: {
+        path?: string;
+        baseUrl?: string;
+        skipFetch?: boolean;
+    });
+    private _loadFromDisk;
+    isStale(): boolean;
+    serverCount(): number;
+    fetchRemote(): Promise<number>;
+    ensureFresh(): Promise<void>;
+    lookup(packageId: string | null): RegistryData | null;
+    _setData(data: CacheData): void;
+}
+
+declare abstract class Analyzer {
+    abstract name: string;
+    requiresRuntime: boolean;
+    requiresLlm: boolean;
+    abstract analyze(opts: {
+        agents?: CollectedAgent[];
+        matchResults?: MatchResult[];
+        findings?: Finding[];
+        skills?: SkillPath[];
+        toolHashes?: Record<string, Record<string, [string, string]>>;
+    }): Finding[];
+}
+
+declare class PatternAnalyzer extends Analyzer {
+    name: string;
+    analyze(opts: {
+        agents?: CollectedAgent[];
+    }): Finding[];
+    private _checkServer;
+    private _finding;
+    private _checkConf001;
+    private _checkConf002;
+    private _checkConf003;
+    private _checkConf004;
+    private _checkConf005;
+    private _checkConf006;
+    private _checkConf007;
+    private _checkConf008;
+}
+
+export { type AffectedProbe, type AgentConfigResult, AgentSealError, AgentValidator, type AttackChain, BACKUPS_DIR, BOUNDARY_CATEGORIES, BOUNDARY_WEIGHT, type BaselineChange, type BaselineChangeResult, type BaselineEntry, BaselineStore, Blocklist, COMMON_WORDS, CONSISTENCY_WEIGHT, type ChainStep, type ChatFn, type CollectedAgent, type CompareResult, type CustomFinding, DANGER_CONCEPTS, DATA_EXTRACTION_WEIGHT, DebouncedHandler, type DefenseProfile, type DeltaEntry, DeltaResult, type DiscoveryResult, EXTRACTION_WEIGHT, type EmbedFn, type FixResult, Guard, GuardEngine, type GuardEngineOptions, type Finding as GuardFinding, type MCPServerConfig as GuardMCPServerConfig, type GuardOptions, type GuardProgressFn, type GuardReport, type GuardScanResult, type SkillPath as GuardSkillPath, GuardVerdict, HistoryStore, INJECTION_WEIGHT, type IgnoreFindingEntry, KNOWN_SERVER_LABELS, LABEL_DESTRUCTIVE, LABEL_PRIVATE, LABEL_PUBLIC_SINK, LABEL_UNTRUSTED, LLMJudge, type LLMJudgeFinding, type LLMJudgeOptions, type LLMJudgeResult, MAX_CONTENT_BYTES, MCPConfigChecker, type MCPFinding, type MCPRuntimeFinding, type MCPRuntimeResult, type MCPServerResult, type MatchResult, Notifier, PROFILES, PROJECT_MCP_CONFIGS, PROJECT_SKILL_DIRS, PROJECT_SKILL_FILES, PatternAnalyzer, type Probe, type ProbeResult, ProbeTimeoutError, type ProfileConfig, type ProgressFn, type ProjectConfig, ProviderError, QUARANTINE_DIR, type QuarantineEntry, REFUSAL_PHRASES, REPORTS_DIR, RegistryCache, type RegistryData, type RemediationItem, type RemediationReport, type Rule, RuleEngine, type RuleTest, type RuleTestResult, SEMANTIC_HIGH_THRESHOLD, SEMANTIC_MODERATE_THRESHOLD, SEVERITY_ORDER, SYSTEM_PROMPT, type ScanReport, type ScoreBreakdown, Severity, Shield, type ShieldCallback, type ShieldOptions, type SkillFinding, type SkillResult, SkillScanner, TRANSFORMS, type ToxicFlowResult, TrustLevel, type UnlistedFinding, ValidationError, type ValidatorOptions, Verdict, allActions, analyzeToxicFlows, applyProfile, base64Wrap, buildExtractionProbes, buildInjectionProbes, buildProbe, bulkCheck, caseScramble, classifyPath, classifyServer, collectAll, collectWatchPaths, compareReports, computeDelta, computeMachineScore, computeScores, computeSemanticSimilarity, computeVerdict, customFindingFromDict, customFindingToDict, decodeBase64Blocks, decodeHtmlEntities, deltaEntryToDict, deobfuscate, detectCanary, detectChains, detectExtraction, detectExtractionWithSemantic, detectProvider, enrichMcpResults, expandStringConcat, extractPackageId, extractPackageSlug, extractSkillName, extractUniquePhrases, fingerprintDefense, fnmatchCase, formatJson, formatSarif, formatTerminal, fromAnthropic, fromEndpoint, fromLangChain, fromOllama, fromOpenAI, fromVercelAI, fuseVerdicts, generateCanary, generateConfigYaml, generateMutations, generateRemediation, generateUnlistedFindings, getFixableSkills, getWellKnownConfigs, guardReportFromDict, hasCritical, hasInvisibleChars, isRefusal, leetspeak, listProfiles, listQuarantine, loadAllCustomProbes, loadCustomProbes, loadGuardReport, loadProjectConfig, loadScanReport, normalizeSkillPath, normalizeUnicode, parseProbeFile, parseResponse, prefixPadding, quarantineSkill, resolveProfile, resolveProjectConfig, restoreSkill, reverseEmbed, rot13Wrap, runGuardInit, saveReport, scanDirectory, scanMachine, scanSkillFile, sha256, shannonEntropy, shouldFail, shouldIgnoreFinding, shouldIgnorePath, slugify, stripBidiControls, stripHtmlComments, stripJsonComments, stripModelPrefix, stripTagChars, stripVariationSelectors, stripZeroWidth, topMCPFinding, topSkillFinding, totalDangers, totalSafe, totalWarnings, truncateContent, trustLevelFromScore, unescapeSequences, unicodeHomoglyphs, unlistedFindingToDict, validateProbe, verdictFromFindings, verdictScore, zeroWidthInject };