npm - ai-trust - Versions diffs - 0.2.0 → 0.2.3 - Mend

ai-trust 0.2.0 → 0.2.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (33) hide show

package/README.md +91 -46
package/dist/api/client.d.ts +2 -0
package/dist/api/client.d.ts.map +1 -1
package/dist/api/client.js +4 -0
package/dist/api/client.js.map +1 -1
package/dist/commands/audit.d.ts.map +1 -1
package/dist/commands/audit.js +63 -38
package/dist/commands/audit.js.map +1 -1
package/dist/commands/check.d.ts.map +1 -1
package/dist/commands/check.js +44 -40
package/dist/commands/check.js.map +1 -1
package/dist/index.js +1 -1
package/dist/index.js.map +1 -1
package/dist/output/formatter.d.ts.map +1 -1
package/dist/output/formatter.js +50 -3
package/dist/output/formatter.js.map +1 -1
package/dist/scanner/hma.d.ts +2 -0
package/dist/scanner/hma.d.ts.map +1 -1
package/dist/scanner/hma.js +1 -0
package/dist/scanner/hma.js.map +1 -1
package/dist/telemetry/contribute.d.ts +54 -0
package/dist/telemetry/contribute.d.ts.map +1 -0
package/dist/telemetry/contribute.js +123 -0
package/dist/telemetry/contribute.js.map +1 -0
package/dist/telemetry/index.d.ts +6 -0
package/dist/telemetry/index.d.ts.map +1 -0
package/dist/telemetry/index.js +6 -0
package/dist/telemetry/index.js.map +1 -0
package/dist/telemetry/opt-in.d.ts +53 -0
package/dist/telemetry/opt-in.d.ts.map +1 -0
package/dist/telemetry/opt-in.js +238 -0
package/dist/telemetry/opt-in.js.map +1 -0
package/package.json +6 -1

package/dist/telemetry/opt-in.js ADDED Viewed

@@ -0,0 +1,238 @@
+/**
+ * Contribution Opt-In Prompt
+ *
+ * Handles the user's consent to share anonymized scan findings
+ * with the OpenA2A Registry.
+ *
+ * Config/counting is delegated to @opena2a/shared (the canonical
+ * source for ~/.opena2a/config.json). If @opena2a/shared is not
+ * available at runtime, falls back to a local implementation.
+ */
+import { existsSync, mkdirSync, readFileSync, writeFileSync } from "fs";
+import { join } from "path";
+/** Resolved backend -- lazy-initialized on first call. */
+let _backend;
+function resolveBackend() {
+    if (_backend)
+        return _backend;
+    try {
+        // eslint-disable-next-line @typescript-eslint/no-require-imports
+        const shared = require("@opena2a/shared");
+        if (typeof shared.isContributeEnabled === "function" &&
+            typeof shared.setContributeEnabled === "function" &&
+            typeof shared.incrementScanCount === "function" &&
+            typeof shared.shouldPromptContribute === "function" &&
+            typeof shared.dismissContributePrompt === "function") {
+            _backend = {
+                // Shared returns boolean (false when not configured).
+                // ai-trust callers expect undefined for "not yet configured",
+                // but shouldPromptContribute() handles that distinction via
+                // scan-count thresholds, so returning false here is acceptable.
+                isContributeEnabled: shared.isContributeEnabled,
+                setContributeEnabled: shared.setContributeEnabled,
+                incrementScanCount: shared.incrementScanCount,
+                shouldPromptContribute: shared.shouldPromptContribute,
+                dismissContributePrompt: shared.dismissContributePrompt,
+            };
+            return _backend;
+        }
+    }
+    catch {
+        // @opena2a/shared not installed -- fall through to local backend
+    }
+    _backend = createLocalBackend();
+    return _backend;
+}
+function getConfigPath() {
+    const home = process.env.OPENA2A_HOME || join(require("os").homedir(), ".opena2a");
+    return join(home, "config.json");
+}
+function readConfig() {
+    const configPath = getConfigPath();
+    try {
+        if (existsSync(configPath)) {
+            return JSON.parse(readFileSync(configPath, "utf-8"));
+        }
+    }
+    catch {
+        // Corrupt config -- treat as empty
+    }
+    return {};
+}
+function writeConfig(config) {
+    const configPath = getConfigPath();
+    const dir = require("path").dirname(configPath);
+    mkdirSync(dir, { recursive: true });
+    writeFileSync(configPath, JSON.stringify(config, null, 2) + "\n", {
+        mode: 0o600,
+    });
+}
+function createLocalBackend() {
+    return {
+        isContributeEnabled() {
+            const config = readConfig();
+            if (config.contribute?.enabled === true)
+                return true;
+            if (config.contribute?.enabled === false)
+                return false;
+            return undefined;
+        },
+        setContributeEnabled(enabled) {
+            const config = readConfig();
+            if (!config.contribute)
+                config.contribute = {};
+            config.contribute.enabled = enabled;
+            const scanCount = config.contribute.scanCount ?? 0;
+            if (scanCount >= 9)
+                config.contribute.promptedAtTen = true;
+            writeConfig(config);
+        },
+        incrementScanCount() {
+            const config = readConfig();
+            if (!config.contribute)
+                config.contribute = {};
+            config.contribute.scanCount = (config.contribute.scanCount ?? 0) + 1;
+            writeConfig(config);
+            return config.contribute.scanCount;
+        },
+        shouldPromptContribute() {
+            const config = readConfig();
+            if (config.contribute?.enabled === true ||
+                config.contribute?.enabled === false) {
+                return false;
+            }
+            const scanCount = config.contribute?.scanCount ?? 0;
+            if (scanCount === 0)
+                return true;
+            if (scanCount >= 9 && !config.contribute?.promptedAtTen)
+                return true;
+            return false;
+        },
+        dismissContributePrompt() {
+            const config = readConfig();
+            if (!config.contribute)
+                config.contribute = {};
+            config.contribute.promptedAtTen = true;
+            writeConfig(config);
+        },
+    };
+}
+// ---------------------------------------------------------------------------
+// Public API (signatures preserved for backward compatibility)
+// ---------------------------------------------------------------------------
+/**
+ * Check whether the contribution setting is enabled.
+ *
+ * Returns:
+ *   true  - user explicitly opted in
+ *   false - user explicitly opted out (or default in shared backend)
+ *   undefined - not yet configured (local fallback only; shared backend
+ *               defaults to false, so callers should rely on
+ *               shouldPromptContribute() for prompt logic)
+ */
+export function isContributeEnabled() {
+    return resolveBackend().isContributeEnabled();
+}
+/**
+ * Check whether we should show the contribution prompt.
+ *
+ * ai-trust-specific: also checks for TTY (non-interactive environments
+ * should never prompt). The backend handles scan-count thresholds
+ * and cooldown/dismiss logic.
+ */
+export function shouldPromptContribute() {
+    if (!process.stdin.isTTY || !process.stdout.isTTY)
+        return false;
+    return resolveBackend().shouldPromptContribute();
+}
+/**
+ * Increment the scan count. Called after each scan completes,
+ * regardless of contribution setting.
+ */
+export function incrementScanCount() {
+    resolveBackend().incrementScanCount();
+}
+/**
+ * Save the user's contribution choice to the config file.
+ */
+export function saveContributeChoice(enabled) {
+    resolveBackend().setContributeEnabled(enabled);
+    if (!enabled) {
+        resolveBackend().dismissContributePrompt();
+    }
+}
+/**
+ * Display the contribution opt-in prompt and return the user's choice.
+ *
+ * Uses raw stdin to read a single keypress (Y/N).
+ * Returns true if the user opted in, false otherwise.
+ */
+export async function showContributePrompt() {
+    const lines = [
+        "",
+        "Help improve security for the AI agent community.",
+        "",
+        "Share anonymized scan findings with the OpenA2A Registry?",
+        "No personal data. No source code. Only check pass/fail results.",
+        "You can opt out anytime: opena2a config set contribute false",
+        "",
+        "[Y] Yes, contribute   [N] No thanks",
+    ];
+    for (const line of lines) {
+        process.stderr.write(line + "\n");
+    }
+    const answer = await readSingleKey();
+    const enabled = answer.toLowerCase() === "y";
+    saveContributeChoice(enabled);
+    if (enabled) {
+        process.stderr.write("\nContribution enabled. Thank you.\n");
+    }
+    else {
+        process.stderr.write("\nContribution disabled. You can enable it later: opena2a config set contribute true\n");
+    }
+    return enabled;
+}
+/**
+ * Read a single keypress from stdin.
+ * Falls back to 'n' after a 30-second timeout.
+ */
+function readSingleKey() {
+    return new Promise((resolve) => {
+        const stdin = process.stdin;
+        const wasRaw = stdin.isRaw;
+        // Timeout after 30 seconds -- default to 'n'
+        const timer = setTimeout(() => {
+            cleanup();
+            resolve("n");
+        }, 30_000);
+        function cleanup() {
+            clearTimeout(timer);
+            stdin.removeListener("data", onData);
+            if (stdin.isRaw !== wasRaw) {
+                stdin.setRawMode(wasRaw ?? false);
+            }
+            stdin.pause();
+        }
+        function onData(data) {
+            const char = data.toString().trim().toLowerCase();
+            cleanup();
+            resolve(char || "n");
+        }
+        stdin.setRawMode(true);
+        stdin.resume();
+        stdin.once("data", onData);
+    });
+}
+/**
+ * Reset the backend (for testing).
+ * When forceLocal is true, skips @opena2a/shared resolution and uses the
+ * local file-based backend. This allows tests to control config via
+ * OPENA2A_HOME without the shared backend ignoring that env var.
+ */
+export function _resetBackend(forceLocal = false) {
+    _backend = undefined;
+    if (forceLocal) {
+        _backend = createLocalBackend();
+    }
+}
+//# sourceMappingURL=opt-in.js.map

package/dist/telemetry/opt-in.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"opt-in.js","sourceRoot":"","sources":["../../src/telemetry/opt-in.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,IAAI,CAAC;AACxE,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAc5B,0DAA0D;AAC1D,IAAI,QAAmC,CAAC;AAExC,SAAS,cAAc;IACrB,IAAI,QAAQ;QAAE,OAAO,QAAQ,CAAC;IAE9B,IAAI,CAAC;QACH,iEAAiE;QACjE,MAAM,MAAM,GAAG,OAAO,CAAC,iBAAiB,CAAC,CAAC;QAC1C,IACE,OAAO,MAAM,CAAC,mBAAmB,KAAK,UAAU;YAChD,OAAO,MAAM,CAAC,oBAAoB,KAAK,UAAU;YACjD,OAAO,MAAM,CAAC,kBAAkB,KAAK,UAAU;YAC/C,OAAO,MAAM,CAAC,sBAAsB,KAAK,UAAU;YACnD,OAAO,MAAM,CAAC,uBAAuB,KAAK,UAAU,EACpD,CAAC;YACD,QAAQ,GAAG;gBACT,sDAAsD;gBACtD,8DAA8D;gBAC9D,4DAA4D;gBAC5D,gEAAgE;gBAChE,mBAAmB,EAAE,MAAM,CAAC,mBAAmB;gBAC/C,oBAAoB,EAAE,MAAM,CAAC,oBAAoB;gBACjD,kBAAkB,EAAE,MAAM,CAAC,kBAAkB;gBAC7C,sBAAsB,EAAE,MAAM,CAAC,sBAAsB;gBACrD,uBAAuB,EAAE,MAAM,CAAC,uBAAuB;aACxD,CAAC;YACF,OAAO,QAAQ,CAAC;QAClB,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,iEAAiE;IACnE,CAAC;IAED,QAAQ,GAAG,kBAAkB,EAAE,CAAC;IAChC,OAAO,QAAQ,CAAC;AAClB,CAAC;AAgBD,SAAS,aAAa;IACpB,MAAM,IAAI,GACR,OAAO,CAAC,GAAG,CAAC,YAAY,IAAI,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,UAAU,CAAC,CAAC;IACxE,OAAO,IAAI,CAAC,IAAI,EAAE,aAAa,CAAC,CAAC;AACnC,CAAC;AAED,SAAS,UAAU;IACjB,MAAM,UAAU,GAAG,aAAa,EAAE,CAAC;IACnC,IAAI,CAAC;QACH,IAAI,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;YAC3B,OAAO,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC,CAAC;QACvD,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,mCAAmC;IACrC,CAAC;IACD,OAAO,EAAE,CAAC;AACZ,CAAC;AAED,SAAS,WAAW,CAAC,MAAqB;IACxC,MAAM,UAAU,GAAG,aAAa,EAAE,CAAC;IACnC,MAAM,GAAG,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;IAChD,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACpC,aAAa,CAAC,UAAU,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,EAAE;QAChE,IAAI,EAAE,KAAK;KACZ,CAAC,CAAC;AACL,CAAC;AAED,SAAS,kBAAkB;IACzB,OAAO;QACL,mBAAmB;YACjB,MAAM,MAAM,GAAG,UAAU,EAAE,CAAC;YAC5B,IAAI,MAAM,CAAC,UAAU,EAAE,OAAO,KAAK,IAAI;gBAAE,OAAO,IAAI,CAAC;YACrD,IAAI,MAAM,CAAC,UAAU,EAAE,OAAO,KAAK,KAAK;gBAAE,OAAO,KAAK,CAAC;YACvD,OAAO,SAAS,CAAC;QACnB,CAAC;QAED,oBAAoB,CAAC,OAAgB;YACnC,MAAM,MAAM,GAAG,UAAU,EAAE,CAAC;YAC5B,IAAI,CAAC,MAAM,CAAC,UAAU;gBAAE,MAAM,CAAC,UAAU,GAAG,EAAE,CAAC;YAC/C,MAAM,CAAC,UAAU,CAAC,OAAO,GAAG,OAAO,CAAC;YACpC,MAAM,SAAS,GAAG,MAAM,CAAC,UAAU,CAAC,SAAS,IAAI,CAAC,CAAC;YACnD,IAAI,SAAS,IAAI,CAAC;gBAAE,MAAM,CAAC,UAAU,CAAC,aAAa,GAAG,IAAI,CAAC;YAC3D,WAAW,CAAC,MAAM,CAAC,CAAC;QACtB,CAAC;QAED,kBAAkB;YAChB,MAAM,MAAM,GAAG,UAAU,EAAE,CAAC;YAC5B,IAAI,CAAC,MAAM,CAAC,UAAU;gBAAE,MAAM,CAAC,UAAU,GAAG,EAAE,CAAC;YAC/C,MAAM,CAAC,UAAU,CAAC,SAAS,GAAG,CAAC,MAAM,CAAC,UAAU,CAAC,SAAS,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;YACrE,WAAW,CAAC,MAAM,CAAC,CAAC;YACpB,OAAO,MAAM,CAAC,UAAU,CAAC,SAAS,CAAC;QACrC,CAAC;QAED,sBAAsB;YACpB,MAAM,MAAM,GAAG,UAAU,EAAE,CAAC;YAC5B,IACE,MAAM,CAAC,UAAU,EAAE,OAAO,KAAK,IAAI;gBACnC,MAAM,CAAC,UAAU,EAAE,OAAO,KAAK,KAAK,EACpC,CAAC;gBACD,OAAO,KAAK,CAAC;YACf,CAAC;YACD,MAAM,SAAS,GAAG,MAAM,CAAC,UAAU,EAAE,SAAS,IAAI,CAAC,CAAC;YACpD,IAAI,SAAS,KAAK,CAAC;gBAAE,OAAO,IAAI,CAAC;YACjC,IAAI,SAAS,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,UAAU,EAAE,aAAa;gBAAE,OAAO,IAAI,CAAC;YACrE,OAAO,KAAK,CAAC;QACf,CAAC;QAED,uBAAuB;YACrB,MAAM,MAAM,GAAG,UAAU,EAAE,CAAC;YAC5B,IAAI,CAAC,MAAM,CAAC,UAAU;gBAAE,MAAM,CAAC,UAAU,GAAG,EAAE,CAAC;YAC/C,MAAM,CAAC,UAAU,CAAC,aAAa,GAAG,IAAI,CAAC;YACvC,WAAW,CAAC,MAAM,CAAC,CAAC;QACtB,CAAC;KACF,CAAC;AACJ,CAAC;AAED,8EAA8E;AAC9E,+DAA+D;AAC/D,8EAA8E;AAE9E;;;;;;;;;GASG;AACH,MAAM,UAAU,mBAAmB;IACjC,OAAO,cAAc,EAAE,CAAC,mBAAmB,EAAE,CAAC;AAChD,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,sBAAsB;IACpC,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,KAAK,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK;QAAE,OAAO,KAAK,CAAC;IAChE,OAAO,cAAc,EAAE,CAAC,sBAAsB,EAAE,CAAC;AACnD,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,kBAAkB;IAChC,cAAc,EAAE,CAAC,kBAAkB,EAAE,CAAC;AACxC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,oBAAoB,CAAC,OAAgB;IACnD,cAAc,EAAE,CAAC,oBAAoB,CAAC,OAAO,CAAC,CAAC;IAC/C,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,cAAc,EAAE,CAAC,uBAAuB,EAAE,CAAC;IAC7C,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,oBAAoB;IACxC,MAAM,KAAK,GAAG;QACZ,EAAE;QACF,mDAAmD;QACnD,EAAE;QACF,2DAA2D;QAC3D,iEAAiE;QACjE,8DAA8D;QAC9D,EAAE;QACF,qCAAqC;KACtC,CAAC;IAEF,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,GAAG,IAAI,CAAC,CAAC;IACpC,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,aAAa,EAAE,CAAC;IACrC,MAAM,OAAO,GAAG,MAAM,CAAC,WAAW,EAAE,KAAK,GAAG,CAAC;IAC7C,oBAAoB,CAAC,OAAO,CAAC,CAAC;IAE9B,IAAI,OAAO,EAAE,CAAC;QACZ,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,sCAAsC,CAAC,CAAC;IAC/D,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,wFAAwF,CACzF,CAAC;IACJ,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;GAGG;AACH,SAAS,aAAa;IACpB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;QAC7B,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC;QAC5B,MAAM,MAAM,GAAG,KAAK,CAAC,KAAK,CAAC;QAE3B,6CAA6C;QAC7C,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE;YAC5B,OAAO,EAAE,CAAC;YACV,OAAO,CAAC,GAAG,CAAC,CAAC;QACf,CAAC,EAAE,MAAM,CAAC,CAAC;QAEX,SAAS,OAAO;YACd,YAAY,CAAC,KAAK,CAAC,CAAC;YACpB,KAAK,CAAC,cAAc,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;YACrC,IAAI,KAAK,CAAC,KAAK,KAAK,MAAM,EAAE,CAAC;gBAC3B,KAAK,CAAC,UAAU,CAAC,MAAM,IAAI,KAAK,CAAC,CAAC;YACpC,CAAC;YACD,KAAK,CAAC,KAAK,EAAE,CAAC;QAChB,CAAC;QAED,SAAS,MAAM,CAAC,IAAY;YAC1B,MAAM,IAAI,GAAG,IAAI,CAAC,QAAQ,EAAE,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;YAClD,OAAO,EAAE,CAAC;YACV,OAAO,CAAC,IAAI,IAAI,GAAG,CAAC,CAAC;QACvB,CAAC;QAED,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;QACvB,KAAK,CAAC,MAAM,EAAE,CAAC;QACf,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC7B,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,aAAa,CAAC,UAAU,GAAG,KAAK;IAC9C,QAAQ,GAAG,SAAS,CAAC;IACrB,IAAI,UAAU,EAAE,CAAC;QACf,QAAQ,GAAG,kBAAkB,EAAE,CAAC;IAClC,CAAC;AACH,CAAC"}

package/package.json CHANGED Viewed

@@ -1,7 +1,11 @@
 {
   "name": "ai-trust",
-  "version": "0.2.0",
+  "version": "0.2.3",
   "description": "Trust verification CLI for AI packages — check MCP servers, A2A agents, and AI tools before you install",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/opena2a-org/ai-trust.git"
+  },
   "type": "module",
   "main": "dist/index.js",
   "bin": {
@@ -33,6 +37,7 @@
   "author": "OpenA2A",
   "license": "Apache-2.0",
   "dependencies": {
+    "@opena2a/shared": "^0.1.0",
     "chalk": "^5.3.0",
     "commander": "^12.1.0"
   },