agentshield-sdk 7.0.0 → 7.2.0

package/src/main.js

@@ -59,6 +59,9 @@ const { ERROR_CODES, createShieldError, deprecationWarning } = safeRequire('./er
 // v7.0 — MCP Security Runtime
 const { MCPSecurityRuntime, MCPSessionStateMachine, SESSION_STATES } = safeRequire('./mcp-security-runtime', 'mcp-security-runtime');
 
+// v7.0 — Adaptive Defense
+const { LearningLoop, AgentContract: BehaviorContract, ContractRegistry, ComplianceAttestor, ATTESTATION_FRAMEWORKS } = safeRequire('./adaptive-defense', 'adaptive-defense');
+
 // v7.0 — MCP SDK Integration
 const { shieldMCPServer, createMCPSecurityLayer } = safeRequire('./mcp-sdk-integration', 'mcp-sdk-integration');
 
@@ -167,6 +170,9 @@ const { AdaptiveDetector, SemanticAnalysisHook, CommunityPatterns } = safeRequir
 // OpenClaw
 const { OpenClawShieldSkill, shieldOpenClawMessages, generateOpenClawSkill } = safeRequire('./openclaw', 'openclaw');
 
+// v7.2 — IPIA Detector
+const { IPIADetector, ContextConstructor, FeatureExtractor, TreeClassifier, ExternalEmbedder, createIPIAScanner, ipiaMiddleware, FEATURE_NAMES: IPIA_FEATURE_NAMES, INJECTION_LEXICON: IPIA_INJECTION_LEXICON } = safeRequire('./ipia-detector', 'ipia-detector');
+
 // --- v1.2 Modules ---
 
 // Semantic Detection
@@ -713,6 +719,13 @@ const _exports = {
   IntentValidator,
   ConfusedDeputyGuard,
 
+  // v7.0 — Adaptive Defense
+  LearningLoop,
+  BehaviorContract,
+  ContractRegistry,
+  ComplianceAttestor,
+  ATTESTATION_FRAMEWORKS,
+
   // v7.0 — MCP SDK Integration
   shieldMCPServer,
   createMCPSecurityLayer,
@@ -729,6 +742,17 @@ const _exports = {
   MCP_THREAT_CATEGORIES: CERT_THREAT_CATEGORIES,
   CERTIFICATION_REQUIREMENTS,
   CERTIFICATION_LEVELS,
+
+  // v7.2 — IPIA Detector
+  IPIADetector,
+  ContextConstructor,
+  FeatureExtractor,
+  TreeClassifier,
+  ExternalEmbedder,
+  createIPIAScanner,
+  ipiaMiddleware,
+  IPIA_FEATURE_NAMES,
+  IPIA_INJECTION_LEXICON,
 };
 
 // Filter out undefined exports (from modules that failed to load)

package/src/mcp-security-runtime.js

@@ -26,6 +26,7 @@ const crypto = require('crypto');
 const { MCPBridge, MCPSessionGuard, MCPResourceScanner, MCPToolPolicy } = require('./mcp-bridge');
 const { AuthorizationContext, ConfusedDeputyGuard } = require('./confused-deputy');
 const { BehaviorProfile } = require('./behavior-profiling');
+const { LearningLoop, ContractRegistry, ComplianceAttestor } = require('./adaptive-defense');
 
 const LOG_PREFIX = '[Agent Shield]';
 
@@ -142,6 +143,19 @@ class MCPSecurityRuntime {
     this._userSessions = new Map();    // userId → Set<sessionId>
     this._behaviorProfiles = new Map(); // userId → BehaviorProfile
 
+    // Adaptive defense systems
+    this._learningLoop = new LearningLoop({
+      minHitsToPromote: options.minHitsToPromote || 3,
+      maxLearnedPatterns: options.maxLearnedPatterns || 500,
+      onPatternLearned: options.onPatternLearned || null
+    });
+    this._contracts = new ContractRegistry();
+    this._attestor = new ComplianceAttestor({
+      frameworks: options.complianceFrameworks,
+      driftThreshold: options.complianceDriftThreshold || 0.9,
+      onComplianceDrift: options.onComplianceDrift || null
+    });
+
     // Callbacks
     this._onThreat = options.onThreat || null;
     this._onBlock = options.onBlock || null;
@@ -159,7 +173,9 @@ class MCPSecurityRuntime {
       threatsDetected: 0,
       authFailures: 0,
       behaviorAnomalies: 0,
-      stateViolations: 0
+      stateViolations: 0,
+      patternsLearned: 0,
+      contractViolations: 0
     };
 
     // Cleanup expired sessions periodically
@@ -357,11 +373,44 @@ class MCPSecurityRuntime {
     // 6. Threat scanning (injection, exfiltration, etc.)
     const scanResult = this._bridge.wrapToolCall(toolName, args);
     const threats = scanResult.threats || [];
-    if (!scanResult.allowed) {
+
+    // 6a. Check against learned patterns (self-learning loop)
+    const learnedCheck = this._learningLoop.check(typeof args === 'string' ? args : JSON.stringify(args || {}));
+    if (learnedCheck.matches.length > 0) {
+      for (const match of learnedCheck.matches) {
+        threats.push({
+          category: match.category,
+          severity: 'high',
+          confidence: match.confidence,
+          description: `Learned pattern match: ${match.patternId}`,
+          source: 'learning_loop'
+        });
+      }
+    }
+
+    if (!scanResult.allowed || learnedCheck.matches.length > 0) {
       this.stats.toolCallsBlocked++;
       this.stats.threatsDetected += threats.length;
-      this._audit('threat_detected', { sessionId, toolName, threats });
+
+      // LEARNING LOOP: Feed blocked attack into the learning system
+      for (const threat of threats) {
+        this._learningLoop.ingest({
+          text: typeof args === 'string' ? args : JSON.stringify(args || {}),
+          category: threat.category || 'unknown',
+          threats,
+          toolName,
+          sessionId
+        });
+      }
+      this.stats.patternsLearned = this._learningLoop.getActivePatterns().length;
+
+      this._audit('threat_detected', { sessionId, toolName, threats, learnedMatches: learnedCheck.matches.length });
       if (this._onThreat) this._onThreat({ sessionId, toolName, threats });
+
+      // Update compliance signals
+      this._attestor.updateSignal('threat_scanning_active', true);
+      this._attestor.updateSignal('blocking_enabled', true);
+
       return {
         allowed: false,
         threats,
@@ -372,7 +421,31 @@ class MCPSecurityRuntime {
       };
     }
 
-    // 7. Behavioral anomaly detection
+    // 7. Agent contract enforcement
+    const contractResult = this._contracts.enforce(session.authCtx.agentId, {
+      type: 'tool_call',
+      toolName,
+      args,
+      intent: session.authCtx.intent,
+      delegationDepth: session.authCtx.delegationDepth
+    });
+    if (!contractResult.allowed) {
+      this.stats.contractViolations++;
+      this._audit('contract_violation', {
+        sessionId, toolName, agentId: session.authCtx.agentId,
+        violations: contractResult.violations
+      });
+      return {
+        allowed: false,
+        threats: [],
+        violations: contractResult.violations,
+        anomalies: [],
+        token: null,
+        reason: 'Contract violation: ' + contractResult.violations.map(v => v.message).join('; ')
+      };
+    }
+
+    // 8. Behavioral anomaly detection
     const anomalies = [];
     if (this._enableBehavior) {
       const profile = this._behaviorProfiles.get(session.authCtx.userId);
@@ -395,7 +468,19 @@ class MCPSecurityRuntime {
       }
     }
 
-    // 8. Record success and return
+    // 9. Update compliance attestation signals
+    this._attestor.updateSignals({
+      injection_scans_active: true,
+      tool_authorization_active: this._enforceAuth,
+      rate_limiting_active: true,
+      threat_scanning_active: true,
+      behavior_monitoring_active: this._enableBehavior,
+      blocking_enabled: true,
+      audit_trail_active: true,
+      contract_enforcement_active: contractResult.hasContract
+    });
+
+    // 10. Record success and return
     this._audit('tool_allowed', {
       sessionId, toolName, userId: session.authCtx.userId,
       threats: threats.length, anomalies: anomalies.length
@@ -444,6 +529,61 @@ class MCPSecurityRuntime {
     return this._resourceScanner.scanResource(uri, content, mimeType);
   }
 
+  // =======================================================================
+  // Adaptive Defense — Learning, Contracts, Compliance
+  // =======================================================================
+
+  /**
+   * Registers a behavioral contract for an agent.
+   * The contract is verified on every tool call automatically.
+   * @param {import('./adaptive-defense').AgentContract} contract
+   */
+  registerContract(contract) {
+    this._contracts.register(contract);
+    this._attestor.updateSignal('contract_enforcement_active', true);
+  }
+
+  /**
+   * Returns the learning loop for direct access.
+   * @returns {import('./adaptive-defense').LearningLoop}
+   */
+  getLearningLoop() {
+    return this._learningLoop;
+  }
+
+  /**
+   * Returns a real-time compliance attestation.
+   * @returns {object}
+   */
+  attest() {
+    return this._attestor.attest();
+  }
+
+  /**
+   * Generates a signed compliance proof that can be verified externally.
+   * @param {string} signingKey
+   * @returns {{ attestation: object, signature: string }}
+   */
+  generateComplianceProof(signingKey) {
+    return this._attestor.generateProof(signingKey || this._signingKey);
+  }
+
+  /**
+   * Returns contract compliance rates for all registered agents.
+   * @returns {object}
+   */
+  getContractCompliance() {
+    return this._contracts.getComplianceReport();
+  }
+
+  /**
+   * Returns compliance trend direction.
+   * @returns {'improving' | 'stable' | 'degrading' | 'unknown'}
+   */
+  getComplianceTrend() {
+    return this._attestor.getTrend();
+  }
+
   // =======================================================================
   // Tool Registration
   // =======================================================================
@@ -639,6 +779,10 @@ class MCPSecurityRuntime {
       sessions,
       behaviorProfiles: behaviorSummaries,
       guard: this._guard.getStats(),
+      learningLoop: this._learningLoop.getReport(),
+      contracts: this._contracts.getComplianceReport(),
+      compliance: this._attestor.getCurrentState(),
+      complianceTrend: this._attestor.getTrend(),
       recentAudit: this._auditLog.slice(-50)
     };
   }

package/types/index.d.ts

@@ -2086,3 +2086,72 @@ export declare class ConfusedDeputyGuard {
   getStats(): any;
   getAuditLog(limit?: number): any[];
 }
+
+// =========================================================================
+// v7.2 — IPIA Detector
+// =========================================================================
+
+export interface IPIAResult {
+  isInjection: boolean;
+  confidence: number;
+  severity: 'critical' | 'high' | 'medium' | 'low';
+  reason: string;
+  features: Record<string, number>;
+  source: string;
+  metadata: any | null;
+  patternScan: any | null;
+  timestamp: number;
+}
+
+export interface EmbeddingBackend {
+  embed(text: string): Promise<number[]>;
+  similarity?(a: number[], b: number[]): number;
+}
+
+export interface IPIADetectorOptions {
+  threshold?: number;
+  separator?: string;
+  embeddingBackend?: EmbeddingBackend;
+  usePatternScan?: boolean;
+  maxContentLength?: number;
+  maxIntentLength?: number;
+  enabled?: boolean;
+}
+
+export declare class IPIADetector {
+  threshold: number;
+  enabled: boolean;
+  constructor(options?: IPIADetectorOptions);
+  scan(externalContent: string, userIntent: string, options?: { source?: string; metadata?: any }): IPIAResult;
+  scanAsync(externalContent: string, userIntent: string, options?: { source?: string; metadata?: any }): Promise<IPIAResult>;
+  scanBatch(contentItems: string[], userIntent: string, options?: { source?: string; metadata?: any }): { results: IPIAResult[]; summary: { total: number; blocked: number; safe: number; maxConfidence: number } };
+  getStats(): { total: number; blocked: number; safe: number; blockRate: string };
+  setThreshold(threshold: number): void;
+}
+
+export declare class ContextConstructor {
+  constructor(options?: { separator?: string; maxContentLength?: number; maxIntentLength?: number });
+  build(externalContent: string, userIntent: string): { joint: string; content: string; intent: string };
+}
+
+export declare class FeatureExtractor {
+  extract(ctx: { joint: string; content: string; intent: string }): { features: number[]; featureMap: Record<string, number> };
+}
+
+export declare class TreeClassifier {
+  threshold: number;
+  constructor(options?: { threshold?: number });
+  classify(features: number[], featureMap: Record<string, number>): { isInjection: boolean; confidence: number; reason: string };
+}
+
+export declare class ExternalEmbedder {
+  constructor(backend: EmbeddingBackend);
+  static defaultSimilarity(a: number[], b: number[]): number;
+  extractCosineFeatures(ctx: { joint: string; content: string; intent: string }): Promise<{ cosine_intent_content: number; cosine_joint_intent: number; cosine_joint_content: number }>;
+}
+
+export declare function createIPIAScanner(options?: IPIADetectorOptions): (content: string, intent: string, options?: any) => IPIAResult;
+export declare function ipiaMiddleware(options?: { contentField?: string; intentField?: string; action?: 'block' | 'flag' | 'log'; threshold?: number }): (req: any, res: any, next: any) => void;
+
+export declare const IPIA_FEATURE_NAMES: string[];
+export declare const IPIA_INJECTION_LEXICON: Record<string, number>;