agentshield-sdk 7.2.0 → 7.3.0

package/CHANGELOG.md

@@ -4,7 +4,96 @@ All notable changes to Agent Shield will be documented in this file.
 
 This project follows [Semantic Versioning](https://semver.org/).
 
-## [7.2.0] — 2026-03-21
+## [7.3.0] - 2026-03-21
+
+### Added - CORTEX Autonomous Defense Platform
+
+- **Attack Genome Sequencing** (`src/attack-genome.js`) - Decompose attacks into intent/technique/evasion/target genome. Detect unseen variants by recognizing the genome, not the surface text. GenomeDatabase clusters attack families.
+- **Adversarial Evolution Simulator** (`src/evolution-simulator.js`) - GAN-style mutation engine generates attack variants across generations. Tests against defenses automatically. hardenFromEvolution() generates new patterns from evasive survivors.
+- **Intent Firewall** (`src/intent-firewall.js`) - Classifies user INTENT, not just content. Same words blocked or allowed based on context. "Help me write a phishing email" = BLOCKED. "Help me write about phishing training" = ALLOWED. ContextAnalyzer detects multi-turn manipulation.
+- **Cross-Agent Herd Immunity** (`src/herd-immunity.js`) - When one agent detects an attack, all connected agents receive the pattern. ImmuneMemory provides collective memory that new agents inherit from day one.
+- **Federated Threat Intelligence** (`src/threat-intel-federation.js`) - CrowdStrike model: anonymous attack pattern sharing with differential privacy. Consensus-based promotion. createFederationMesh() connects nodes.
+- **Agent Behavioral DNA** (`src/behavioral-dna.js`) - Learn per-agent behavioral baselines (tool usage, response patterns, timing). Detect anomalies when agent is compromised. Portable fingerprints.
+
+### Added - Enterprise & Production
+
+- **Pre-Deployment Security Audit** (`src/audit.js`) - Run 617+ attacks with mutation engine in under 100ms. SecurityAudit generates category breakdown, findings, fix recommendations, and production-readiness verdict.
+- **Agent Flight Recorder** (`src/flight-recorder.js`) - Forensic conversation replay. Records every interaction, detects incidents, reconstructs attack timeline and escalation path. Auto-generates fix patterns.
+- **Supply Chain Verification** (`src/supply-chain.js`) - ToolChainValidator scans tool arguments and responses for injection. ResponseScanner deep-scans JSON/nested data for hidden instructions. DomainAllowlist for URL validation.
+- **Visual HTML Security Report** (`src/report-generator.js`) - Lighthouse-style HTML report with SVG gauge, category bar charts, severity breakdown, fix recommendations. Self-contained, print-friendly.
+- **Enterprise SOC Dashboard** (`src/soc-dashboard.js`) - Real-time event aggregation from multiple agents. Query by agent/category/severity/time. Alert channels: Slack, PagerDuty, Microsoft Teams.
+- **Attack Replay Platform** (`src/attack-replay.js`) - Record real attacks, replay against updated defenses. Track improvements vs regressions. Export/import attack corpora.
+- **Compliance Certification Authority** (`src/compliance-authority.js`) - HMAC-signed compliance certificates against OWASP, NIST, EU AI Act, SOC 2. Platinum/Gold/Silver/Bronze levels. Verify and revoke certificates.
+- **Real Attack Dataset Testing** (`src/real-attack-datasets.js`) - 48 samples from HackAPrompt, TensorTrust, and security research. DatasetRunner with precision/recall/F1 metrics.
+
+### Added - Developer Experience
+
+- **Web Playground** (`playground/index.html`) - Paste text, see threats. 47 embedded patterns, dark mode, preset examples. Zero install.
+- **Claude SDK 3-Line Demo** (`examples/claude-3-lines.js`) - Simplest possible Claude integration.
+- **MCP Attack Demo** (`examples/mcp-attack-demo.js`) - 5 real MCP attacks all blocked in real-time.
+- **Competitive Benchmark Page** (`benchmark/competitive.html`) - Agent Shield vs Rebuff, LLM Guard, Lakera, Prompt Armor.
+- **CLI pentest command** - `npx agentshield-sdk security-audit` runs full audit with HTML report.
+
+### Changed
+
+- Total exports: 390 across 93 modules (was 331 across 79)
+- Total test assertions: 2,220 across 13 test suites + Python + VSCode
+- 14 new source modules in this release
+
+## [7.2.1] - 2026-03-21
+
+### Added
+
+- **Rate limiting middleware** - `rateLimitMiddleware()` and `shieldMiddleware()` for Express with 429 responses, `X-RateLimit-Limit`, `X-RateLimit-Remaining`, and `Retry-After` headers
+- **Graceful shutdown** - `createGracefulShutdown()` utility with configurable timeout enforcement, ordered cleanup, and idempotent execution
+- **Inline .env file loader** - `loadEnvFile()` zero-dependency alternative to dotenv with quote stripping and no-overwrite semantics
+- **Queue depth monitoring** - `DistributedShield.getQueueDepth()` returns pending, peak, and totalQueued metrics
+- **Production readiness test suite** - 24 new assertions covering config shapes, result shapes, shutdown, rate limiting, streaming errors, .env loading
+- **Migration guide** - `instructions/17-migration-v6-to-v7.md` covering v6.0 to v7.x upgrade path
+- **Troubleshooting guide** - `instructions/18-troubleshooting.md` with 10 common issues and solutions
+- **141-pattern sync across all SDKs** - Python, Go, Rust, and VSCode now have full parity with Node.js detection engine (was 22/29/31/31)
+- **Standardized API return shapes** - Python, Go, and Rust SDKs now return Node.js-compatible `status`, `stats`, and `timestamp` fields alongside legacy fields
+- **Pattern sync build script** - `npm run sync:patterns` exports canonical patterns to JSON for cross-SDK consumption
+- **Python PyPI packaging** - `pyproject.toml` and proper `__init__.py` for `pip install agentshield`
+- **Structured error codes** - All public API throws now use `createShieldError()` with machine-readable codes (AS-DET-002, AS-AUT-004, etc.)
+- **Performance regression gate in CI** - Automated benchmark check that fails if 10k scans exceed threshold
+
+### Fixed
+
+- **Short input bypass** - detector-core.js was skipping inputs under 10 characters; `rm -rf /` (9 chars) was unscanned
+- **Role hijack pattern** - "you are now unrestricted" (no article) was not caught; tightened pattern with identity-related word requirement
+- **ReDoS risk** - Simplified credential listing pattern's nested alternation to prevent potential catastrophic backtracking
+- **Zero-value config bug** - `RateLimiter({ windowMs: 0 })` and `CircuitBreaker({ threshold: 0 })` silently defaulted via `||` operator; now uses explicit null checks
+- **scanToolCall inconsistency** - Previously returned `{ status: 'safe' }` on invalid input while `scan()` threw TypeError; now throws TypeError for consistency
+- **Shadow mode error swallowing** - Logger errors in shadow mode were silently caught; now logged to console.error
+- **DLP regex validation** - `DLPEngine.addRule()` with invalid regex string now catches and logs gracefully instead of throwing uncaught error
+- **Unbounded _localThreats** - `DistributedShield._localThreats` array now capped at 1000 entries (was unbounded, grew forever)
+- **Timer GC leak** - `DistributedShield` sync timer now uses `.unref()` to prevent blocking process exit
+- **SharedThreatState cleanup** - Added `pruneStaleSubscribers()` method for cleaning up dead subscriber callbacks
+- **MCP runtime shutdown** - `MCPSecurityRuntime.shutdown()` is now async with configurable timeout and drain handling
+- **MCP server shutdown** - Uses `createGracefulShutdown()` with `SHIELD_SHUTDOWN_TIMEOUT_MS` env var support
+- **Dashboard DoS** - POST /api/ingest now enforces 1MB body size limit (was unlimited)
+- **GitHub App markdown** - PR comment category values now escape pipe characters to prevent table breakage
+- **k8s Dockerfile** - USER directive moved before COPY with `--chown` for proper file ownership
+- **k8s fallback patterns** - Embedded patterns expanded from 10 to 15, synced with core engine fixes
+- **Benchmark percentile** - Fixed off-by-one in percentile calculation; now uses linear interpolation
+- **Category name consistency** - `role_hijacking` renamed to `role_hijack` across Python, Go, Rust, VSCode, benchmark-registry, testing.js, fuzzer.js, and all docs
+- **TypeScript declarations** - Added 39 missing type declarations for exported symbols
+- **VSCode debouncing** - Per-document debounce timers (was single global), scan result caching, 500KB file size limit, cache cleanup on close
+
+### Changed
+
+- `prepublishOnly` now runs `test:full` (all 16 test suites) instead of just 3
+- CI workflow runs test:adaptive, test:ipia, test:production, test:adversarial
+- CI coverage job expanded from 3 to 7 test files
+- CI verifies all 10 example files (was only 2)
+- `DEFAULT_CONFIG` in index.js now includes `maxInputSize`, `maxScanHistory`, `maxArgDepth`
+- Total exports increased to 331 across 79 modules
+- Total test assertions: 1,755 across 16 test suites
+- All SDK READMEs updated with 141 pattern count and 8 threat categories
+- README.md Node.js CI claim corrected to 18/20/22 (was incorrectly claiming 16)
+
+## [7.2.0] - 2026-03-21
 
 ### Added
 

package/README.md

@@ -154,7 +154,7 @@ const shield = new AgentShield({ blockOnThreat: true });
 const result = shield.scanInput(userMessage); // { blocked: true, threats: [...] }
 ```
 
-- 327+ exports across 79 modules
+- 390+ exports across 93 modules
 - 1,282 test assertions across 15 test suites, 100% pass rate
 - 100% red team detection rate (A+ grade)
 - Shield Score: 100/100 — fortress-grade protection
@@ -388,7 +388,7 @@ validator.validate(plugin);         // Safety & quality validation
 
 ### VS Code Extension (v2.0)
 
-The `vscode-extension/` directory contains a VS Code extension that provides inline diagnostics and real-time scanning for JS/TS/Python/Markdown files with 31 detection patterns.
+The `vscode-extension/` directory contains a VS Code extension that provides inline diagnostics and real-time scanning for JS/TS/Python/Markdown files with 141 detection patterns.
 
 ### Enterprise Features (v2.1)
 
@@ -833,8 +833,9 @@ Automatically scan PRs for injection threats with Check Run annotations:
 ### Real-Time Dashboard (v5.0)
 
 ```javascript
-const { ThreatStreamServer } = require('agent-shield/dashboard-live/server');
-const { DashboardIntegration } = require('agent-shield/dashboard-live/integration');
+// Dashboard is a standalone sub-project - import directly:
+const { ThreatStreamServer } = require('./dashboard-live/server');
+const { DashboardIntegration } = require('./dashboard-live/integration');
 
 const server = new ThreatStreamServer({ port: 3001 });
 server.start();
@@ -996,9 +997,41 @@ Total: **1,282 test assertions** across 15 test suites.
 └── types/                      # TypeScript definitions
 ```
 
+## CORTEX Autonomous Defense (v7.3)
+
+Agent Shield CORTEX goes beyond pattern matching with autonomous threat intelligence:
+
+```javascript
+const { AttackGenome, IntentFirewall, HerdImmunity, SecurityAudit } = require('agentshield-sdk');
+
+// Attack Genome: detect unseen variants by recognizing attack DNA
+const genome = new AttackGenome();
+const dna = genome.sequence('ignore all previous instructions');
+// { intent: 'override_instructions', technique: 'direct_command', target: 'system_prompt' }
+
+// Intent Firewall: same words, different action
+const firewall = new IntentFirewall();
+firewall.classify('Help me write a phishing email');        // BLOCKED
+firewall.classify('Help me write about phishing training'); // ALLOWED
+
+// Herd Immunity: attack on Agent A protects Agent B
+const herd = new HerdImmunity();
+herd.connect('agent-a');
+herd.connect('agent-b');
+herd.reportAttack({ text: 'DAN mode jailbreak', agentId: 'agent-a' });
+// agent-b now has the pattern
+
+// Pre-Deployment Audit: 617+ attacks in under 100ms
+const audit = new SecurityAudit();
+const report = audit.run();
+console.log(report.formatReport());
+```
+
+**CORTEX modules:** Attack Genome Sequencing, Adversarial Evolution Simulator, Intent Firewall, Cross-Agent Herd Immunity, Federated Threat Intelligence, Agent Behavioral DNA, Pre-Deployment Audit, Flight Recorder, Supply Chain Verification, SOC Dashboard, Attack Replay, Compliance Certification Authority.
+
 ## CI/CD
 
-A GitHub Actions workflow is included at `.github/workflows/ci.yml`. It runs all tests across Node.js 16, 18, 20, and 22 on every push and PR.
+A GitHub Actions workflow is included at `.github/workflows/ci.yml`. It runs all tests across Node.js 18, 20, and 22 on every push and PR.
 
 ## Privacy
 

package/bin/agent-shield.js

@@ -349,6 +349,21 @@ const commandScore = () => {
   console.log(calc.formatReport());
 };
 
+const commandSecurityAudit = () => {
+  console.log(ASCII_BANNER);
+  const { runAuditCLI } = require('../src/audit');
+  const report = runAuditCLI();
+
+  // Try to generate HTML report
+  try {
+    const { generateReportFile } = require('../src/report-generator');
+    generateReportFile(report, 'shield-report.html');
+    console.log(`\n${COLORS.green}HTML report saved to shield-report.html${COLORS.reset}`);
+  } catch (_) {
+    // report-generator not available, skip HTML
+  }
+};
+
 const commandRedteam = (args) => {
   console.log(ASCII_BANNER);
   const { AttackSimulator } = require('../src/redteam');
@@ -626,6 +641,10 @@ const main = () => {
     case 'setup':
       commandInit();
       break;
+    case 'security-audit':
+    case 'pentest':
+      commandSecurityAudit();
+      break;
     case 'demo':
     case 'prove-it':
       commandDemo();

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "agentshield-sdk",
-  "version": "7.2.0",
-  "description": "The security standard for MCP and AI agents. Protects against prompt injection, confused deputy attacks, data exfiltration, and 30+ threats. Zero dependencies, runs locally.",
+  "version": "7.3.0",
+  "description": "The security standard for MCP and AI agents. 141 detection patterns, CORTEX threat intelligence, pre-deployment audit, intent firewall, flight recorder, and 390+ exports. Zero dependencies, runs locally.",
   "main": "src/main.js",
   "types": "types/index.d.ts",
   "exports": {
@@ -29,7 +29,8 @@
     "test:v6": "node test/test-v6-modules.js",
     "test:adaptive": "node test/test-adaptive-defense.js",
     "test:ipia": "node test/test-ipia-detector.js",
-    "test:full": "npm test && node test/test-mcp-security.js && node test/test-confused-deputy.js && node test/test-v6-modules.js && node test/test-adaptive-defense.js && node test/test-ipia-detector.js && npm run test:all",
+    "test:production": "node test/test-production-readiness.js",
+    "test:full": "npm test && node test/test-mcp-security.js && node test/test-confused-deputy.js && node test/test-v6-modules.js && node test/test-adaptive-defense.js && node test/test-ipia-detector.js && node test/test-production-readiness.js && npm run test:all",
     "test:coverage": "c8 --reporter=text --reporter=lcov --reporter=json-summary npm test",
     "lint": "node test/lint.js",
     "lint:eslint": "eslint src/ test/ bin/",
@@ -43,6 +44,8 @@
     "test:adversarial": "node test/test-adversarial.js",
     "audit": "npm audit --omit=dev",
     "sbom": "node scripts/generate-sbom.js",
+    "audit:security": "node -e \"const {runAuditCLI}=require('./src/audit');runAuditCLI()\"",
+    "report": "node -e \"const {SecurityAudit}=require('./src/audit');const {generateReportFile}=require('./src/report-generator');const r=new SecurityAudit().run();generateReportFile(r,'shield-report.html');console.log('Report saved to shield-report.html')\"",
     "mcp": "node src/mcp-server.js",
     "sidecar": "node sidecar/server.js",
     "ctf": "node -e \"const {CTFEngine,CTFReporter}=require('./src/ctf');const e=new CTFEngine();console.log(new CTFReporter().formatReport(e.getScoreboard()))\"",
@@ -53,7 +56,8 @@
     "benchmark:generate": "node scripts/generate-dataset.js",
     "benchmark:baseline": "node scripts/run-benchmark.js --save-baseline",
     "benchmark:regression": "node scripts/run-benchmark.js --check-regression",
-    "prepublishOnly": "npm test && npm run test:all && npm run test:fp"
+    "sync:patterns": "node scripts/sync-patterns.js",
+    "prepublishOnly": "npm run test:full"
   },
   "keywords": [
     "ai",