agentshield-sdk 7.3.0 → 8.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (50) hide show
  1. package/CHANGELOG.md +64 -0
  2. package/README.md +63 -7
  3. package/package.json +8 -3
  4. package/src/agent-intent.js +807 -0
  5. package/src/agent-protocol.js +4 -0
  6. package/src/allowlist.js +605 -603
  7. package/src/audit-streaming.js +486 -469
  8. package/src/audit.js +1 -1
  9. package/src/behavior-profiling.js +299 -289
  10. package/src/behavioral-dna.js +4 -9
  11. package/src/canary.js +273 -271
  12. package/src/compliance.js +619 -617
  13. package/src/confidence-tuning.js +328 -324
  14. package/src/context-scoring.js +362 -360
  15. package/src/cost-optimizer.js +1024 -1024
  16. package/src/cross-turn.js +663 -0
  17. package/src/detector-core.js +186 -0
  18. package/src/distributed.js +5 -1
  19. package/src/embedding.js +310 -307
  20. package/src/ensemble.js +523 -0
  21. package/src/herd-immunity.js +12 -12
  22. package/src/honeypot.js +332 -328
  23. package/src/integrations.js +1 -2
  24. package/src/intent-firewall.js +14 -14
  25. package/src/llm-redteam.js +678 -670
  26. package/src/main.js +63 -0
  27. package/src/middleware.js +5 -2
  28. package/src/model-fingerprint.js +1059 -1042
  29. package/src/multi-agent-trust.js +459 -453
  30. package/src/multi-agent.js +1 -1
  31. package/src/normalizer.js +734 -0
  32. package/src/persistent-learning.js +677 -0
  33. package/src/pii.js +4 -0
  34. package/src/policy-dsl.js +775 -775
  35. package/src/presets.js +409 -409
  36. package/src/production.js +22 -9
  37. package/src/redteam.js +475 -475
  38. package/src/response-handler.js +436 -429
  39. package/src/scanners.js +358 -357
  40. package/src/self-healing.js +368 -363
  41. package/src/self-training.js +772 -0
  42. package/src/semantic.js +339 -339
  43. package/src/shield-score.js +250 -250
  44. package/src/smart-config.js +812 -0
  45. package/src/sso-saml.js +8 -4
  46. package/src/testing.js +24 -2
  47. package/src/tool-guard.js +412 -412
  48. package/src/watermark.js +242 -235
  49. package/src/worker-scanner.js +608 -601
  50. package/types/index.d.ts +660 -0
package/src/production.js CHANGED
@@ -21,7 +21,7 @@ const { scanText } = require('./detector-core');
21
21
  class SamplingScanner {
22
22
  constructor(options = {}) {
23
23
  this.sampleRate = options.sampleRate !== undefined ? options.sampleRate : 0.1; // 10% default
24
- this.scanFn = options.scanFn || ((text) => scanText(text, options.sensitivity || 'high'));
24
+ this.scanFn = options.scanFn || ((text) => scanText(text, { sensitivity: options.sensitivity || 'high' }));
25
25
  this.stats = { total: 0, sampled: 0, threats: 0, extrapolatedThreats: 0 };
26
26
  }
27
27
 
@@ -44,7 +44,9 @@ class SamplingScanner {
44
44
  }
45
45
 
46
46
  // Extrapolate
47
- this.stats.extrapolatedThreats = Math.round(this.stats.threats / this.sampleRate);
47
+ this.stats.extrapolatedThreats = this.sampleRate > 0
48
+ ? Math.round(this.stats.threats / this.sampleRate)
49
+ : 0;
48
50
 
49
51
  return { sampled: true, ...result };
50
52
  }
@@ -72,8 +74,8 @@ class SamplingScanner {
72
74
 
73
75
  class ShadowComparison {
74
76
  constructor(options = {}) {
75
- this.primaryScanFn = options.primary || ((text) => scanText(text, 'high'));
76
- this.candidateScanFn = options.candidate || ((text) => scanText(text, 'high'));
77
+ this.primaryScanFn = options.primary || ((text) => scanText(text, { sensitivity: 'high' }));
78
+ this.candidateScanFn = options.candidate || ((text) => scanText(text, { sensitivity: 'high' }));
77
79
  this.results = [];
78
80
  this.maxResults = options.maxResults || 5000;
79
81
  }
@@ -152,7 +154,7 @@ class ShadowComparison {
152
154
 
153
155
  class GracefulScanner {
154
156
  constructor(options = {}) {
155
- this.scanFn = options.scanFn || ((text) => scanText(text, options.sensitivity || 'high'));
157
+ this.scanFn = options.scanFn || ((text) => scanText(text, { sensitivity: options.sensitivity || 'high' }));
156
158
  this.fallbackPolicy = options.fallbackPolicy || 'allow'; // 'allow' or 'block'
157
159
  this.timeoutMs = options.timeoutMs || 100;
158
160
  this.onError = options.onError || null;
@@ -174,6 +176,7 @@ class GracefulScanner {
174
176
  if (elapsed > this.timeoutMs) {
175
177
  this.stats.timeouts++;
176
178
  if (this.onTimeout) this.onTimeout({ elapsed, text: text.substring(0, 100) });
179
+ // Note: _fallback increments stats.fallbacks
177
180
  return this._fallback('timeout', elapsed);
178
181
  }
179
182
 
@@ -181,7 +184,6 @@ class GracefulScanner {
181
184
  return result;
182
185
  } catch (error) {
183
186
  this.stats.errors++;
184
- this.stats.fallbacks++;
185
187
  if (this.onError) this.onError({ error: error.message, text: text.substring(0, 100) });
186
188
  return this._fallback('error', 0, error.message);
187
189
  }
@@ -322,8 +324,9 @@ class ThreatReplay {
322
324
  // =========================================================================
323
325
 
324
326
  class AttackAttributionChain {
325
- constructor() {
327
+ constructor(options = {}) {
326
328
  this.conversations = new Map();
329
+ this.maxConversations = options.maxConversations || 10000;
327
330
  }
328
331
 
329
332
  /**
@@ -339,6 +342,12 @@ class AttackAttributionChain {
339
342
  });
340
343
  }
341
344
 
345
+ // Evict oldest conversation if at capacity
346
+ if (this.conversations.size > this.maxConversations) {
347
+ const oldestKey = this.conversations.keys().next().value;
348
+ this.conversations.delete(oldestKey);
349
+ }
350
+
342
351
  const conv = this.conversations.get(conversationId);
343
352
  const hasThreat = scanResult.threats && scanResult.threats.length > 0;
344
353
 
@@ -424,8 +433,9 @@ class AttackAttributionChain {
424
433
  // =========================================================================
425
434
 
426
435
  class DiffReporter {
427
- constructor() {
436
+ constructor(options = {}) {
428
437
  this.snapshots = [];
438
+ this.maxSnapshots = options.maxSnapshots || 1000;
429
439
  }
430
440
 
431
441
  /**
@@ -437,6 +447,9 @@ class DiffReporter {
437
447
  timestamp: new Date().toISOString(),
438
448
  stats: JSON.parse(JSON.stringify(stats))
439
449
  });
450
+ while (this.snapshots.length > this.maxSnapshots) {
451
+ this.snapshots.shift();
452
+ }
440
453
  return this.snapshots.length - 1;
441
454
  }
442
455
 
@@ -445,7 +458,7 @@ class DiffReporter {
445
458
  */
446
459
  compare(indexA, indexB) {
447
460
  const a = this.snapshots[indexA];
448
- const b = this.snapshots[indexB || this.snapshots.length - 1];
461
+ const b = this.snapshots[indexB !== undefined ? indexB : this.snapshots.length - 1];
449
462
  if (!a || !b) return null;
450
463
 
451
464
  const diff = {};