npm - agentshield-sdk - Versions diffs - 7.2.1 → 7.4.0 - Mend

agentshield-sdk 7.2.1 → 7.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (57) hide show

package/CHANGELOG.md +125 -1
package/README.md +68 -7
package/bin/agent-shield.js +19 -0
package/package.json +10 -3
package/src/agent-protocol.js +4 -0
package/src/allowlist.js +605 -603
package/src/attack-genome.js +536 -0
package/src/attack-replay.js +246 -0
package/src/audit-streaming.js +486 -469
package/src/audit.js +619 -0
package/src/behavior-profiling.js +299 -289
package/src/behavioral-dna.js +757 -0
package/src/canary.js +273 -271
package/src/compliance-authority.js +803 -0
package/src/compliance.js +619 -617
package/src/confidence-tuning.js +328 -324
package/src/context-scoring.js +362 -360
package/src/cost-optimizer.js +1024 -1024
package/src/detector-core.js +186 -0
package/src/distributed.js +7 -2
package/src/embedding.js +310 -307
package/src/errors.js +9 -0
package/src/evolution-simulator.js +650 -0
package/src/flight-recorder.js +379 -0
package/src/herd-immunity.js +521 -0
package/src/honeypot.js +332 -328
package/src/index.js +6 -5
package/src/integrations.js +1 -2
package/src/intent-firewall.js +775 -0
package/src/llm-redteam.js +678 -670
package/src/main.js +139 -0
package/src/mcp-security-runtime.js +6 -5
package/src/middleware.js +11 -5
package/src/model-fingerprint.js +1059 -1042
package/src/multi-agent-trust.js +459 -453
package/src/multi-agent.js +1 -1
package/src/normalizer.js +734 -0
package/src/pii.js +8 -1
package/src/policy-dsl.js +775 -775
package/src/presets.js +409 -409
package/src/production.js +22 -9
package/src/real-attack-datasets.js +246 -0
package/src/redteam.js +475 -475
package/src/report-generator.js +640 -0
package/src/response-handler.js +436 -429
package/src/scanners.js +358 -357
package/src/self-healing.js +368 -363
package/src/semantic.js +339 -339
package/src/shield-score.js +250 -250
package/src/soc-dashboard.js +394 -0
package/src/sso-saml.js +8 -4
package/src/supply-chain.js +667 -0
package/src/testing.js +24 -2
package/src/threat-intel-federation.js +343 -0
package/src/tool-guard.js +412 -412
package/src/watermark.js +242 -235
package/src/worker-scanner.js +608 -601

package/src/attack-replay.js ADDED Viewed

@@ -0,0 +1,246 @@
+'use strict';
+/**
+ * Agent Shield - Attack Replay Platform
+ *
+ * Record real attacks, replay them against updated defenses,
+ * generate mutations, and track defense improvements over time.
+ * Like BurpSuite's Repeater but for AI agent security.
+ *
+ * @module attack-replay
+ */
+const crypto = require('crypto');
+const { scanText } = require('./detector-core');
+/**
+ * Records and replays attacks against defenses.
+ */
+class AttackReplayEngine {
+  /**
+   * @param {object} [options]
+   * @param {number} [options.maxRecordings=10000] - Max stored recordings.
+   * @param {string} [options.sensitivity='high'] - Detection sensitivity.
+   */
+  constructor(options = {}) {
+    this.maxRecordings = options.maxRecordings || 10000;
+    this.sensitivity = options.sensitivity || 'high';
+    this._recordings = [];
+    this._replayHistory = [];
+  }
+  /**
+   * Record an attack for later replay.
+   * @param {object} attack
+   * @param {string} attack.text - The attack text.
+   * @param {string} [attack.category] - Attack category.
+   * @param {string} [attack.source] - Where the attack came from.
+   * @param {boolean} [attack.wasDetected] - Whether it was caught originally.
+   * @param {object} [attack.metadata] - Additional metadata.
+   * @returns {object} The recording with ID and timestamp.
+   */
+  record(attack) {
+    const recording = {
+      id: crypto.randomBytes(8).toString('hex'),
+      text: attack.text,
+      category: attack.category || 'unknown',
+      source: attack.source || 'manual',
+      wasDetected: attack.wasDetected != null ? attack.wasDetected : null,
+      metadata: attack.metadata || {},
+      timestamp: Date.now(),
+      hash: crypto.createHash('sha256').update(attack.text).digest('hex').substring(0, 16),
+    };
+    this._recordings.push(recording);
+    if (this._recordings.length > this.maxRecordings) {
+      this._recordings = this._recordings.slice(-Math.floor(this.maxRecordings * 0.75));
+    }
+    return recording;
+  }
+  /**
+   * Replay a single recording against current defenses.
+   * @param {string} recordingId
+   * @returns {object} Replay result with detection status.
+   */
+  replay(recordingId) {
+    const recording = this._recordings.find(r => r.id === recordingId);
+    if (!recording) return null;
+    const result = scanText(recording.text, { sensitivity: this.sensitivity });
+    const detected = result.threats.length > 0;
+    const replayResult = {
+      recordingId,
+      text: recording.text.substring(0, 100),
+      category: recording.category,
+      originallyDetected: recording.wasDetected,
+      nowDetected: detected,
+      improved: !recording.wasDetected && detected,
+      regressed: recording.wasDetected && !detected,
+      threats: result.threats,
+      replayedAt: Date.now(),
+    };
+    this._replayHistory.push(replayResult);
+    return replayResult;
+  }
+  /**
+   * Replay ALL recordings against current defenses.
+   * Shows what improved, regressed, or stayed the same.
+   * @returns {object} Aggregate replay results.
+   */
+  replayAll() {
+    const results = [];
+    let improved = 0;
+    let regressed = 0;
+    let unchanged = 0;
+    let nowDetected = 0;
+    let nowMissed = 0;
+    for (const recording of this._recordings) {
+      const result = scanText(recording.text, { sensitivity: this.sensitivity });
+      const detected = result.threats.length > 0;
+      if (recording.wasDetected === false && detected) improved++;
+      else if (recording.wasDetected === true && !detected) regressed++;
+      else unchanged++;
+      if (detected) nowDetected++;
+      else nowMissed++;
+      results.push({
+        id: recording.id,
+        category: recording.category,
+        originally: recording.wasDetected,
+        now: detected,
+        status: recording.wasDetected === false && detected ? 'improved'
+          : recording.wasDetected === true && !detected ? 'regressed'
+          : 'unchanged',
+      });
+    }
+    return {
+      total: this._recordings.length,
+      nowDetected,
+      nowMissed,
+      improved,
+      regressed,
+      unchanged,
+      detectionRate: this._recordings.length > 0
+        ? (nowDetected / this._recordings.length * 100).toFixed(1) + '%'
+        : '0%',
+      results,
+      replayedAt: Date.now(),
+    };
+  }
+  /**
+   * Find recordings that currently evade detection (for targeted hardening).
+   * @returns {Array} Recordings that are not detected by current defenses.
+   */
+  findEvasions() {
+    const evasions = [];
+    for (const recording of this._recordings) {
+      const result = scanText(recording.text, { sensitivity: this.sensitivity });
+      if (result.threats.length === 0) {
+        evasions.push({
+          id: recording.id,
+          text: recording.text,
+          category: recording.category,
+          source: recording.source,
+          hash: recording.hash,
+        });
+      }
+    }
+    return evasions;
+  }
+  /**
+   * Export recordings for sharing or archival.
+   * @returns {string} JSON string.
+   */
+  export() {
+    return JSON.stringify({
+      version: '1.0',
+      exportedAt: Date.now(),
+      recordings: this._recordings,
+      count: this._recordings.length,
+    }, null, 2);
+  }
+  /**
+   * Import recordings from export.
+   * @param {string} json
+   * @returns {number} Number of recordings imported.
+   */
+  import(json) {
+    const data = JSON.parse(json);
+    const recordings = data.recordings || [];
+    this._recordings.push(...recordings);
+    if (this._recordings.length > this.maxRecordings) {
+      this._recordings = this._recordings.slice(-this.maxRecordings);
+    }
+    return recordings.length;
+  }
+  /**
+   * Get all recordings.
+   * @param {string} [category] - Filter by category.
+   * @returns {Array}
+   */
+  getRecordings(category) {
+    if (category) return this._recordings.filter(r => r.category === category);
+    return [...this._recordings];
+  }
+  /**
+   * Get replay history.
+   * @returns {Array}
+   */
+  getHistory() {
+    return [...this._replayHistory];
+  }
+  /**
+   * Get stats.
+   * @returns {object}
+   */
+  getStats() {
+    const categories = {};
+    for (const r of this._recordings) {
+      categories[r.category] = (categories[r.category] || 0) + 1;
+    }
+    return {
+      totalRecordings: this._recordings.length,
+      totalReplays: this._replayHistory.length,
+      categories,
+    };
+  }
+}
+/**
+ * Compare defense effectiveness across two time periods.
+ * @param {object} before - replayAll() result from before.
+ * @param {object} after - replayAll() result from after.
+ * @returns {object} Comparison.
+ */
+function compareDefenses(before, after) {
+  return {
+    detectionRateBefore: before.detectionRate,
+    detectionRateAfter: after.detectionRate,
+    improvement: parseFloat(after.detectionRate) - parseFloat(before.detectionRate),
+    newlyDetected: after.improved,
+    regressions: after.regressed,
+    verdict: parseFloat(after.detectionRate) > parseFloat(before.detectionRate) ? 'improved'
+      : parseFloat(after.detectionRate) < parseFloat(before.detectionRate) ? 'regressed'
+      : 'unchanged',
+  };
+}
+module.exports = {
+  AttackReplayEngine,
+  compareDefenses,
+};