agentshield-sdk 7.4.0 → 8.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (11) hide show
  1. package/CHANGELOG.md +29 -0
  2. package/README.md +31 -4
  3. package/package.json +4 -3
  4. package/src/agent-intent.js +807 -0
  5. package/src/cross-turn.js +663 -0
  6. package/src/ensemble.js +523 -0
  7. package/src/main.js +53 -0
  8. package/src/persistent-learning.js +677 -0
  9. package/src/self-training.js +772 -0
  10. package/src/smart-config.js +812 -0
  11. package/types/index.d.ts +660 -0
package/CHANGELOG.md CHANGED
@@ -4,6 +4,35 @@ All notable changes to Agent Shield will be documented in this file.
4
4
 
5
5
  This project follows [Semantic Versioning](https://semver.org/).
6
6
 
7
+ ## [8.0.0] - 2026-03-22
8
+
9
+ ### Added — Intelligent Detection Engine
10
+
11
+ - **Smart Configuration System** (`src/smart-config.js`) — `createShield('chatbot')` for 3-line setup, `ShieldBuilder` fluent API with 15 chainable methods, `validateConfig()`, `describeConfig()`, 9 presets including `mcp_server`
12
+ - **Ensemble Voting Classifier** (`src/ensemble.js`) — `EnsembleClassifier` combining 4 independent voters (PatternVoter, TFIDFVoter, EntropyVoter, IPIAVoter) via weighted majority voting. Configurable weights, `requireUnanimous` mode, agreement scoring
13
+ - **Agent Intent Declaration** (`src/agent-intent.js`) — `AgentIntent` class for declaring agent purpose and allowed tools. TF-IDF cosine similarity checks if messages are on-topic
14
+ - **Goal Drift Detection** (`src/agent-intent.js`) — `GoalDriftDetector` monitors conversation for drift away from declared purpose. Sliding window, trend detection (stable/drifting/recovering), drift callbacks
15
+ - **Tool Sequence Modeling** (`src/agent-intent.js`) — `ToolSequenceModeler` learns normal tool call patterns via Markov chain bigrams. Flags anomalous tool transitions after learning period
16
+ - **Persistent Learning** (`src/persistent-learning.js`) — `PersistentLearningLoop` with disk persistence via atomic JSON writes. Pattern promotion, decay, false positive revocation, export/import
17
+ - **Feedback API** (`src/persistent-learning.js`) — `FeedbackCollector` for FP/FN reporting. Auto-processes feedback into learning loop. Retrain cooldown, audit trail
18
+ - **Cross-Turn Injection Tracking** (`src/cross-turn.js`) — `CrossTurnTracker` accumulates conversation and detects injections split across multiple messages. Compares individual vs combined scan results
19
+ - **Adaptive Threshold Calibration** (`src/cross-turn.js`) — `AdaptiveThresholdCalibrator` auto-tunes detection thresholds per category using percentile-based calibration on observed scan results
20
+ - **Adversarial Self-Training** (`src/self-training.js`) — `SelfTrainer` with `MutationEngine` (12 strategies: synonym swap, homoglyph, leet speak, zero-width insert, padding, encoding wrap, etc.). Evolves attacks, extracts patterns from evasive variants
21
+ - 25 built-in seed attacks for self-training
22
+ - 161 new test assertions (test/test-v8-features.js)
23
+
24
+ ### Changed
25
+
26
+ - `src/main.js` — 418 total exports (up from 395)
27
+ - 9 configuration presets (up from 8, added `mcp_server`)
28
+ - Updated README, ROADMAP, and CLAUDE.md
29
+
30
+ ### Metrics
31
+
32
+ - **2,500+ test assertions** across all test suites
33
+ - **0 regressions** — all existing tests pass
34
+ - **418 exports** from unified entry point
35
+
7
36
  ## [7.4.0] - 2026-03-21
8
37
 
9
38
  ### Added — Detection Hardening
package/README.md CHANGED
@@ -1,13 +1,13 @@
1
1
  # Agent Shield
2
2
 
3
- [![npm version](https://img.shields.io/badge/npm-v7.4.0-blue)](https://www.npmjs.com/package/agentshield-sdk)
3
+ [![npm version](https://img.shields.io/badge/npm-v8.0.0-blue)](https://www.npmjs.com/package/agentshield-sdk)
4
4
  [![license](https://img.shields.io/badge/license-MIT-green)](LICENSE)
5
5
  [![zero deps](https://img.shields.io/badge/dependencies-0-brightgreen)](#)
6
6
  [![node](https://img.shields.io/badge/node-%3E%3D16-blue)](#)
7
7
  [![shield score](https://img.shields.io/badge/shield%20score-100%2F100%20A%2B-brightgreen)](#benchmark-results)
8
8
  [![detection](https://img.shields.io/badge/detection-100%25-brightgreen)](#benchmark-results)
9
9
  [![F1](https://img.shields.io/badge/F1%20score-100%25-brightgreen)](#benchmark-results)
10
- [![tests](https://img.shields.io/badge/tests-2400%2B%20passing-brightgreen)](#testing)
10
+ [![tests](https://img.shields.io/badge/tests-2500%2B%20passing-brightgreen)](#testing)
11
11
 
12
12
  **The security standard for MCP and AI agents.** Protect your agents from prompt injection, confused deputy attacks, data exfiltration, privilege escalation, and 30+ other AI-specific threats.
13
13
 
@@ -45,6 +45,29 @@ scanText('ℹ𝗀𝗇𝗈𝗋𝖾 𝖺𝗅𝗅 ᎥnstructᎥons'); // Detected!
45
45
 
46
46
  ---
47
47
 
48
+ ## v8.0 — Intelligent Detection Engine
49
+
50
+ **Your agent gets smarter over time.** Ensemble voting combines 4 detection signals. Declare your agent's purpose and detect goal drift. Persistent learning saves patterns to disk. Cross-turn tracking catches split injections. Adversarial self-training hardens defenses automatically.
51
+
52
+ ```javascript
53
+ const { createShield } = require('agentshield-sdk');
54
+
55
+ // 3-line setup with smart defaults
56
+ const shield = createShield('rag_pipeline');
57
+
58
+ // Or configure everything
59
+ const { createShield } = require('agentshield-sdk');
60
+ const config = createShield()
61
+ .preset('coding_agent')
62
+ .enableIntent({ purpose: 'Help users write code' })
63
+ .enableLearning({ persist: true })
64
+ .enableEnsemble()
65
+ .enableCrossTurn()
66
+ .build();
67
+ ```
68
+
69
+ ---
70
+
48
71
  ## v7.2 — Indirect Prompt Injection Detection
49
72
 
50
73
  **Stop attacks hidden in RAG chunks, tool outputs, emails, and documents.** The IPIA detector implements the joint-context embedding + classifier pipeline to catch injections that bypass pattern matching.
@@ -178,7 +201,7 @@ const result = shield.scanInput(userMessage); // { blocked: true, threats: [...]
178
201
  ```
179
202
 
180
203
  - 395+ exports across 94 modules
181
- - 2,400+ test assertions across 18 test suites, 100% pass rate
204
+ - 2,500+ test assertions across 18 test suites, 100% pass rate
182
205
  - 100% red team detection rate (A+ grade)
183
206
  - F1 100% on real-world attack benchmarks (HackAPrompt, TensorTrust, research corpus)
184
207
  - Shield Score: 100/100 — fortress-grade protection
@@ -366,6 +389,10 @@ grpc.NewServer(grpc.UnaryInterceptor(shield.GRPCInterceptor(s)))
366
389
  | **Indirect Injection** | RAG chunk poisoning, tool output injection, email/document payloads, image alt-text attacks, multi-turn escalation |
367
390
  | **AI Phishing** | Fake AI login, voice cloning, deepfake tools, QR phishing, MFA harvesting |
368
391
  | **Jailbreaks** | 35+ templates across 6 categories: role play, encoding bypass, context manipulation, authority exploitation |
392
+ | **Ensemble Detection** | 4 independent voting signals, weighted consensus, adaptive threshold calibration |
393
+ | **Intent & Goal Drift** | Agent purpose declaration, goal drift monitoring, tool sequence anomaly detection (Markov chains) |
394
+ | **Cross-Turn Injection** | Split-message attack tracking, multi-turn state correlation |
395
+ | **Adaptive Learning** | Persistent learning with disk storage, feedback API (FP/FN reporting), adversarial self-training (12 mutation strategies) |
369
396
 
370
397
  ## Platform SDKs
371
398
 
@@ -948,7 +975,7 @@ node vscode-extension/test/extension.test.js # VS Code (167 tests)
948
975
  cd python-sdk && python -m unittest tests/test_detector.py # Python (23 tests)
949
976
  ```
950
977
 
951
- Total: **2,400+ test assertions** across 18 test suites.
978
+ Total: **2,500+ test assertions** across 18 test suites.
952
979
 
953
980
  ## Project Structure
954
981
 
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "agentshield-sdk",
3
- "version": "7.4.0",
4
- "description": "The security standard for MCP and AI agents. 162 detection patterns, text normalization pipeline, CORTEX threat intelligence, pre-deployment audit, intent firewall, flight recorder, and 395+ exports. Zero dependencies, runs locally.",
3
+ "version": "8.0.0",
4
+ "description": "The security standard for MCP and AI agents. 162 detection patterns, ensemble voting, agent intent declaration, persistent learning, text normalization, CORTEX threat intelligence, and 418+ exports. Zero dependencies, runs locally.",
5
5
  "main": "src/main.js",
6
6
  "types": "types/index.d.ts",
7
7
  "exports": {
@@ -33,7 +33,8 @@
33
33
  "test:scorecard": "node test/benchmark-scorecard.js",
34
34
  "test:edge": "node test/test-edge-cases.js",
35
35
  "test:production": "node test/test-production-readiness.js",
36
- "test:full": "npm test && node test/test-mcp-security.js && node test/test-confused-deputy.js && node test/test-v6-modules.js && node test/test-adaptive-defense.js && node test/test-ipia-detector.js && node test/test-production-readiness.js && node test/test-normalizer.js && node test/test-edge-cases.js && node test/benchmark-scorecard.js && npm run test:all",
36
+ "test:v8": "node test/test-v8-features.js",
37
+ "test:full": "npm test && node test/test-mcp-security.js && node test/test-confused-deputy.js && node test/test-v6-modules.js && node test/test-adaptive-defense.js && node test/test-ipia-detector.js && node test/test-production-readiness.js && node test/test-normalizer.js && node test/test-edge-cases.js && node test/benchmark-scorecard.js && node test/test-v8-features.js && npm run test:all",
37
38
  "test:coverage": "c8 --reporter=text --reporter=lcov --reporter=json-summary npm test",
38
39
  "lint": "node test/lint.js",
39
40
  "lint:eslint": "eslint src/ test/ bin/",