agentshield-sdk 8.0.0 → 10.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (51) hide show
  1. package/CHANGELOG.md +19 -0
  2. package/LICENSE +21 -21
  3. package/README.md +26 -60
  4. package/bin/agentshield-audit +51 -0
  5. package/package.json +7 -10
  6. package/src/adaptive.js +330 -330
  7. package/src/alert-tuning.js +480 -480
  8. package/src/audit-streaming.js +1 -1
  9. package/src/badges.js +196 -196
  10. package/src/behavioral-dna.js +12 -0
  11. package/src/canary.js +2 -3
  12. package/src/certification.js +563 -563
  13. package/src/circuit-breaker.js +2 -2
  14. package/src/confused-deputy.js +4 -0
  15. package/src/conversation.js +494 -494
  16. package/src/cross-turn.js +3 -17
  17. package/src/ctf.js +462 -462
  18. package/src/detector-core.js +71 -152
  19. package/src/document-scanner.js +795 -795
  20. package/src/drift-monitor.js +344 -0
  21. package/src/encoding.js +429 -429
  22. package/src/enterprise.js +405 -405
  23. package/src/flight-recorder.js +2 -0
  24. package/src/i18n-patterns.js +523 -523
  25. package/src/index.js +19 -0
  26. package/src/main.js +61 -41
  27. package/src/mcp-guard.js +974 -0
  28. package/src/micro-model.js +762 -0
  29. package/src/ml-detector.js +316 -0
  30. package/src/model-finetuning.js +884 -884
  31. package/src/multimodal.js +296 -296
  32. package/src/nist-mapping.js +2 -2
  33. package/src/observability.js +330 -330
  34. package/src/openclaw.js +450 -450
  35. package/src/otel.js +544 -544
  36. package/src/owasp-2025.js +1 -1
  37. package/src/owasp-agentic.js +420 -0
  38. package/src/plugin-marketplace.js +628 -628
  39. package/src/plugin-system.js +349 -349
  40. package/src/policy-extended.js +635 -635
  41. package/src/policy.js +443 -443
  42. package/src/prompt-leakage.js +2 -2
  43. package/src/real-attack-datasets.js +2 -2
  44. package/src/redteam-cli.js +439 -0
  45. package/src/supply-chain-scanner.js +691 -0
  46. package/src/testing.js +5 -1
  47. package/src/threat-encyclopedia.js +629 -629
  48. package/src/threat-intel-network.js +1017 -1017
  49. package/src/token-analysis.js +467 -467
  50. package/src/tool-output-validator.js +354 -354
  51. package/src/watermark.js +1 -2
package/src/circuit-breaker.js CHANGED
@@ -245,9 +245,8 @@ class RateLimiter {
245
245
  const cutoff = now - this.windowMs;
246
246
 
247
247
  this.requestTimestamps = this.requestTimestamps.filter(t => t > cutoff);
248
- this.requestTimestamps.push(now);
249
248
 
250
- if (this.requestTimestamps.length > this.maxRequests) {
249
+ if (this.requestTimestamps.length >= this.maxRequests) {
251
250
  if (this.onLimit) {
252
251
  try {
253
252
  this.onLimit({ count: this.requestTimestamps.length, windowMs: this.windowMs });
@@ -262,6 +261,7 @@ class RateLimiter {
262
261
  };
263
262
  }
264
263
 
264
+ this.requestTimestamps.push(now);
265
265
  return {
266
266
  allowed: true,
267
267
  remaining: this.maxRequests - this.requestTimestamps.length
package/src/confused-deputy.js CHANGED
@@ -566,6 +566,10 @@ class ConfusedDeputyGuard {
566
566
  }
567
567
 
568
568
  if (!authCtx) {
569
+ if (this.logOnly) {
570
+ this.stats.denied++;
571
+ return { allowed: false, violations: [{ type: 'missing_context', message: 'AuthorizationContext required (log-only mode)' }], requiresApproval: false, token: null };
572
+ }
569
573
  this.stats.allowed++;
570
574
  return { allowed: true, violations: [], requiresApproval: false, token: null };
571
575
  }