ai-trust 0.2.14 → 0.2.16
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/scanner/hma.d.ts +0 -2
- package/dist/scanner/hma.d.ts.map +1 -1
- package/dist/scanner/hma.js +46 -4
- package/dist/scanner/hma.js.map +1 -1
- package/package.json +3 -2
package/dist/scanner/hma.d.ts
CHANGED
|
@@ -33,12 +33,10 @@ export interface HmaFinding {
|
|
|
33
33
|
}
|
|
34
34
|
/**
|
|
35
35
|
* Check if HMA (hackmyagent) is available on the system.
|
|
36
|
-
* Tries npx first, then checks for global install.
|
|
37
36
|
*/
|
|
38
37
|
export declare function isHmaAvailable(): Promise<boolean>;
|
|
39
38
|
/**
|
|
40
39
|
* Run HMA security scan against a directory.
|
|
41
|
-
* Uses `npx hackmyagent secure --format json <dir>`.
|
|
42
40
|
*
|
|
43
41
|
* @returns Parsed scan results
|
|
44
42
|
* @throws If HMA is not available or scan fails to produce valid output
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"hma.d.ts","sourceRoot":"","sources":["../../src/scanner/hma.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAOH,MAAM,WAAW,eAAe;IAC9B,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE,MAAM,CAAC;IACnB,IAAI,EAAE,MAAM,CAAC;CACd;AAED,MAAM,WAAW,aAAa;IAC5B,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,UAAU,EAAE,CAAC;IACvB,4EAA4E;IAC5E,gBAAgB,CAAC,EAAE,eAAe,EAAE,CAAC;IACrC,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,UAAU;IACzB,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;IACjD,MAAM,EAAE,OAAO,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,qEAAqE;IACrE,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;
|
|
1
|
+
{"version":3,"file":"hma.d.ts","sourceRoot":"","sources":["../../src/scanner/hma.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAOH,MAAM,WAAW,eAAe;IAC9B,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE,MAAM,CAAC;IACnB,IAAI,EAAE,MAAM,CAAC;CACd;AAED,MAAM,WAAW,aAAa;IAC5B,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,UAAU,EAAE,CAAC;IACvB,4EAA4E;IAC5E,gBAAgB,CAAC,EAAE,eAAe,EAAE,CAAC;IACrC,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,UAAU;IACzB,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;IACjD,MAAM,EAAE,OAAO,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,qEAAqE;IACrE,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AA6CD;;GAEG;AACH,wBAAsB,cAAc,IAAI,OAAO,CAAC,OAAO,CAAC,CAUvD;AAED;;;;;GAKG;AACH,MAAM,WAAW,cAAc;IAC7B,+EAA+E;IAC/E,IAAI,CAAC,EAAE,OAAO,CAAC;CAChB;AAED,wBAAsB,UAAU,CAC9B,SAAS,EAAE,MAAM,EACjB,OAAO,GAAE,cAAmB,GAC3B,OAAO,CAAC,aAAa,CAAC,CAsCxB"}
|
package/dist/scanner/hma.js
CHANGED
|
@@ -5,13 +5,54 @@
|
|
|
5
5
|
import { execFile } from "node:child_process";
|
|
6
6
|
import { promisify } from "node:util";
|
|
7
7
|
const execFileAsync = promisify(execFile);
|
|
8
|
+
/**
|
|
9
|
+
* Resolve the HMA binary. Resolution order:
|
|
10
|
+
* 1. Bundled: node_modules/.bin/hackmyagent (always correct version)
|
|
11
|
+
* 2. Global: hackmyagent in PATH
|
|
12
|
+
* 3. npx fallback (may use stale cache)
|
|
13
|
+
*
|
|
14
|
+
* Returns { cmd, prefixArgs } where:
|
|
15
|
+
* cmd="/path/to/hackmyagent", prefixArgs=[] (bundled or global)
|
|
16
|
+
* cmd="npx", prefixArgs=["hackmyagent"] (npx fallback)
|
|
17
|
+
*/
|
|
18
|
+
let _resolvedHma = null;
|
|
19
|
+
async function resolveHma() {
|
|
20
|
+
if (_resolvedHma)
|
|
21
|
+
return _resolvedHma;
|
|
22
|
+
// 1. Try bundled binary (hackmyagent is a direct dependency)
|
|
23
|
+
try {
|
|
24
|
+
const { fileURLToPath } = await import("node:url");
|
|
25
|
+
const { dirname, join } = await import("node:path");
|
|
26
|
+
const thisDir = dirname(fileURLToPath(import.meta.url));
|
|
27
|
+
// Walk up from dist/scanner/ to package root, then into node_modules/.bin
|
|
28
|
+
const bundled = join(thisDir, "..", "..", "node_modules", ".bin", "hackmyagent");
|
|
29
|
+
await execFileAsync(bundled, ["--version"], { timeout: 10_000 });
|
|
30
|
+
_resolvedHma = { cmd: bundled, prefixArgs: [] };
|
|
31
|
+
return _resolvedHma;
|
|
32
|
+
}
|
|
33
|
+
catch {
|
|
34
|
+
// Bundled not found (dev mode, or dependency not installed)
|
|
35
|
+
}
|
|
36
|
+
// 2. Try global binary
|
|
37
|
+
try {
|
|
38
|
+
await execFileAsync("hackmyagent", ["--version"], { timeout: 10_000 });
|
|
39
|
+
_resolvedHma = { cmd: "hackmyagent", prefixArgs: [] };
|
|
40
|
+
return _resolvedHma;
|
|
41
|
+
}
|
|
42
|
+
catch {
|
|
43
|
+
// Not found globally
|
|
44
|
+
}
|
|
45
|
+
// 3. Fall back to npx
|
|
46
|
+
_resolvedHma = { cmd: "npx", prefixArgs: ["hackmyagent"] };
|
|
47
|
+
return _resolvedHma;
|
|
48
|
+
}
|
|
8
49
|
/**
|
|
9
50
|
* Check if HMA (hackmyagent) is available on the system.
|
|
10
|
-
* Tries npx first, then checks for global install.
|
|
11
51
|
*/
|
|
12
52
|
export async function isHmaAvailable() {
|
|
13
53
|
try {
|
|
14
|
-
|
|
54
|
+
const hma = await resolveHma();
|
|
55
|
+
await execFileAsync(hma.cmd, [...hma.prefixArgs, "--version"], {
|
|
15
56
|
timeout: 15_000,
|
|
16
57
|
});
|
|
17
58
|
return true;
|
|
@@ -22,14 +63,15 @@ export async function isHmaAvailable() {
|
|
|
22
63
|
}
|
|
23
64
|
export async function runHmaScan(targetDir, options = {}) {
|
|
24
65
|
const deep = options.deep ?? true;
|
|
25
|
-
const
|
|
66
|
+
const hma = await resolveHma();
|
|
67
|
+
const args = [...hma.prefixArgs, "secure", "--format", "json"];
|
|
26
68
|
if (deep) {
|
|
27
69
|
args.push("--deep");
|
|
28
70
|
}
|
|
29
71
|
args.push(targetDir);
|
|
30
72
|
try {
|
|
31
73
|
// HMA may exit non-zero when findings exist, so we handle that
|
|
32
|
-
const { stdout } = await execFileAsync(
|
|
74
|
+
const { stdout } = await execFileAsync(hma.cmd, args, { timeout: deep ? 180_000 : 120_000 });
|
|
33
75
|
return parseHmaOutput(stdout);
|
|
34
76
|
}
|
|
35
77
|
catch (err) {
|
package/dist/scanner/hma.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"hma.js","sourceRoot":"","sources":["../../src/scanner/hma.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAC9C,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AAEtC,MAAM,aAAa,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC;AAkC1C
|
|
1
|
+
{"version":3,"file":"hma.js","sourceRoot":"","sources":["../../src/scanner/hma.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAC9C,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AAEtC,MAAM,aAAa,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC;AAkC1C;;;;;;;;;GASG;AACH,IAAI,YAAY,GAAiD,IAAI,CAAC;AAEtE,KAAK,UAAU,UAAU;IACvB,IAAI,YAAY;QAAE,OAAO,YAAY,CAAC;IAEtC,6DAA6D;IAC7D,IAAI,CAAC;QACH,MAAM,EAAE,aAAa,EAAE,GAAG,MAAM,MAAM,CAAC,UAAU,CAAC,CAAC;QACnD,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,MAAM,MAAM,CAAC,WAAW,CAAC,CAAC;QACpD,MAAM,OAAO,GAAG,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;QACxD,0EAA0E;QAC1E,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,cAAc,EAAE,MAAM,EAAE,aAAa,CAAC,CAAC;QACjF,MAAM,aAAa,CAAC,OAAO,EAAE,CAAC,WAAW,CAAC,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC,CAAC;QACjE,YAAY,GAAG,EAAE,GAAG,EAAE,OAAO,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC;QAChD,OAAO,YAAY,CAAC;IACtB,CAAC;IAAC,MAAM,CAAC;QACP,4DAA4D;IAC9D,CAAC;IAED,uBAAuB;IACvB,IAAI,CAAC;QACH,MAAM,aAAa,CAAC,aAAa,EAAE,CAAC,WAAW,CAAC,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC,CAAC;QACvE,YAAY,GAAG,EAAE,GAAG,EAAE,aAAa,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC;QACtD,OAAO,YAAY,CAAC;IACtB,CAAC;IAAC,MAAM,CAAC;QACP,qBAAqB;IACvB,CAAC;IAED,sBAAsB;IACtB,YAAY,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,UAAU,EAAE,CAAC,aAAa,CAAC,EAAE,CAAC;IAC3D,OAAO,YAAY,CAAC;AACtB,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc;IAClC,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,UAAU,EAAE,CAAC;QAC/B,MAAM,aAAa,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,GAAG,GAAG,CAAC,UAAU,EAAE,WAAW,CAAC,EAAE;YAC7D,OAAO,EAAE,MAAM;SAChB,CAAC,CAAC;QACH,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAaD,MAAM,CAAC,KAAK,UAAU,UAAU,CAC9B,SAAiB,EACjB,UAA0B,EAAE;IAE5B,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,IAAI,IAAI,CAAC;IAClC,MAAM,GAAG,GAAG,MAAM,UAAU,EAAE,CAAC;IAC/B,MAAM,IAAI,GAAG,CAAC,GAAG,GAAG,CAAC,UAAU,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,CAAC,CAAC;IAC/D,IAAI,IAAI,EAAE,CAAC;QACT,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IACtB,CAAC;IACD,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IAErB,IAAI,CAAC;QACH,+DAA+D;QAC/D,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,aAAa,CACpC,GAAG,CAAC,GAAG,EACP,IAAI,EACJ,EAAE,OAAO,EAAE,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,EAAE,CACtC,CAAC;QAEF,OAAO,cAAc,CAAC,MAAM,CAAC,CAAC;IAChC,CAAC;IAAC,OAAO,GAAY,EAAE,CAAC;QACtB,oEAAoE;QACpE,IACE,GAAG;YACH,OAAO,GAAG,KAAK,QAAQ;YACvB,QAAQ,IAAI,GAAG;YACf,OAAQ,GAA2B,CAAC,MAAM,KAAK,QAAQ,EACvD,CAAC;YACD,MAAM,MAAM,GAAI,GAA0B,CAAC,MAAM,CAAC;YAClD,IAAI,MAAM,CAAC,IAAI,EAAE,EAAE,CAAC;gBAClB,IAAI,CAAC;oBACH,OAAO,cAAc,CAAC,MAAM,CAAC,CAAC;gBAChC,CAAC;gBAAC,MAAM,CAAC;oBACP,wBAAwB;gBAC1B,CAAC;YACH,CAAC;QACH,CAAC;QACD,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,MAAM,IAAI,KAAK,CAAC,oBAAoB,OAAO,EAAE,CAAC,CAAC;IACjD,CAAC;AACH,CAAC;AAED,SAAS,cAAc,CAAC,MAAc;IACpC,sEAAsE;IACtE,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IACjC,IAAI,OAAO,GAAG,EAAE,CAAC;IAEjB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QAC7B,IAAI,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YACzB,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACpC,MAAM;QACR,CAAC;IACH,CAAC;IAED,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;IACxD,CAAC;IAED,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IAEhC,MAAM,MAAM,GAAkB;QAC5B,KAAK,EAAE,GAAG,CAAC,KAAK,IAAI,CAAC;QACrB,QAAQ,EAAE,GAAG,CAAC,QAAQ,IAAI,GAAG;QAC7B,QAAQ,EAAE,CAAC,GAAG,CAAC,QAAQ,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAA0B,EAAE,EAAE,CAAC,CAAC;YAClE,OAAO,EAAE,CAAC,CAAC,OAAO,IAAI,EAAE;YACxB,IAAI,EAAE,CAAC,CAAC,IAAI,IAAI,EAAE;YAClB,WAAW,EAAE,CAAC,CAAC,WAAW,IAAI,EAAE;YAChC,QAAQ,EAAE,CAAC,CAAC,QAAQ,IAAI,EAAE;YAC1B,QAAQ,EAAE,CAAC,CAAC,QAAQ,IAAI,KAAK;YAC7B,MAAM,EAAE,CAAC,CAAC,MAAM,IAAI,IAAI;YACxB,OAAO,EAAE,CAAC,CAAC,OAAO,IAAI,EAAE;YACxB,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,GAAG,EAAE,CAAC,CAAC,GAAG;YACV,WAAW,EAAE,CAAC,CAAC,WAAiC;SACjD,CAAC,CAAC;QACH,WAAW,EAAE,GAAG,CAAC,WAAW,IAAI,SAAS;QACzC,SAAS,EAAE,GAAG,CAAC,SAAS,IAAI,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;KACrD,CAAC;IAEF,mEAAmE;IACnE,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,IAAI,GAAG,CAAC,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC3E,MAAM,CAAC,gBAAgB,GAAG,GAAG,CAAC,gBAAgB,CAAC,GAAG,CAChD,CAAC,EAA2B,EAAE,EAAE,CAAC,CAAC;YAChC,WAAW,EAAG,EAAE,CAAC,WAAsB,IAAI,SAAS;YACpD,WAAW,EAAG,EAAE,CAAC,WAAsB,IAAI,SAAS;YACpD,UAAU,EAAE,OAAO,EAAE,CAAC,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;YACjE,IAAI,EAAG,EAAE,CAAC,IAAe,IAAI,EAAE;SAChC,CAAC,CACH,CAAC;IACJ,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "ai-trust",
|
|
3
|
-
"version": "0.2.
|
|
3
|
+
"version": "0.2.16",
|
|
4
4
|
"description": "Trust verification CLI for AI packages — check MCP servers, A2A agents, and AI tools before you install",
|
|
5
5
|
"homepage": "https://opena2a.org/ai-trust",
|
|
6
6
|
"repository": {
|
|
@@ -42,7 +42,8 @@
|
|
|
42
42
|
"@opena2a/contribute": "^0.1.0",
|
|
43
43
|
"@opena2a/shared": "^0.1.0",
|
|
44
44
|
"chalk": "^5.3.0",
|
|
45
|
-
"commander": "^12.1.0"
|
|
45
|
+
"commander": "^12.1.0",
|
|
46
|
+
"hackmyagent": "^0.15.2"
|
|
46
47
|
},
|
|
47
48
|
"devDependencies": {
|
|
48
49
|
"@types/node": "^20.11.0",
|