appsec-agent 0.0.1

package/README.md

@@ -0,0 +1,233 @@
+# AppSec Agent (TypeScript)
+
+A TypeScript package that provides AI-powered agents for Application Security (AppSec) tasks, built on top of the Claude Agent SDK. This is a TypeScript reimplementation of the Python AppSec AI Agent toolkit that helps automate mundane security operations and streamline AppSec workflows.
+
+## 🚀 Features
+
+- **AI-Powered AppSec Automation**: Leverage Claude's capabilities for security operations
+- **Multiple Agent Types**: Simple query agent, code review agent, and threat modeler for different use cases
+- **Tool Permission Management**: Advanced tool permission callbacks with bypass mode for trusted operations
+- **Code Review Capabilities**: Automated security and privacy issue detection in code
+- **Modular Agent Architecture**: Easy to extend and customize agents for specific use cases
+- **Simple Integration**: Built on the Claude Agent SDK for seamless AI integration
+- **Production Ready**: Stable package with proper error handling and configuration
+
+## 📋 Table of Contents
+
+- [Installation](#installation)
+- [Quick Start](#quick-start)
+- [Configuration](#configuration)
+- [Available Agents](#available-agents)
+- [Architecture](#architecture)
+- [Usage Examples](#usage-examples)
+- [Development](#development)
+
+## 🛠 Installation
+
+### Prerequisites
+
+- Node.js 18.0 or higher
+- npm or yarn
+- Anthropic API key
+
+### Step 1: Install Claude Code
+Our agent toolkit is built on top of Claude Agent SDK. And the Claude Agent SDK is built on top of Claude Code. So in order to install our toolkit, you would need to start with Claude Code. You may want to install it in the global user space:
+
+```bash
+$ npm install -g @anthropic-ai/claude-code
+```
+
+### Step 2: Install Dependencies
+```bash
+$ cd appsec-agent
+$ npm install
+```
+
+### Step 3: Build the Project
+```bash
+$ npm run build
+```
+
+This will compile the TypeScript source files to JavaScript in the `dist/` directory.
+
+## ⚡ Quick Start
+
+### 1. Set Up Environment Variables
+
+Add these to your shell profile (`.bashrc`, `.zshrc`, etc.):
+
+```bash
+# Anthropic API Configuration
+export ANTHROPIC_API_KEY="your-anthropic-api-key"
+export ANTHROPIC_BASE_URL="https://api.anthropic.com"
+```
+
+### 2. Run Your First Agent
+
+**Important**: Make sure to build the project first:
+```bash
+$ npm run build
+```
+
+Then you can run the agent:
+```bash
+# Run the basic agent using npm script
+$ npm start
+
+# Or use the CLI directly (after building)
+$ node bin/agent-run
+
+# Or use ts-node for development (no build needed)
+$ npx ts-node bin/agent-run.ts
+```
+
+## 🔧 Configuration
+
+The agents can be configured through environment variables and configuration files. Key configuration options include:
+
+- `ANTHROPIC_API_KEY`: Your Anthropic API key (required)
+- `ANTHROPIC_BASE_URL`: API endpoint URL (default: https://api.anthropic.com)
+- `MAX_TURNS`: Maximum conversation turns (default: 1)
+
+Configuration file: `conf/appsec_agent.yaml`
+
+## 🤖 Available Agents
+
+### Simple Query Agent (`simple_query_agent`)
+A general-purpose AppSec assistant that can:
+- Answer security-related questions
+- Help with security analysis tasks
+- Provide guidance on security best practices
+- Interactive query processing
+
+### Code Review Agent (`code_reviewer`)
+A specialized agent for automated code analysis that can:
+- Review code for security vulnerabilities
+- Detect privacy issues in codebases
+- Generate comprehensive security reports
+- Support multiple output formats (Markdown, etc.)
+- Analyze entire project directories
+- Use advanced tools: Read, Grep, and Write capabilities
+
+### Threat Modeler (`threat_modeler`)
+A specialized agent for comprehensive threat modeling that can:
+- Generate ASCII text-based Data Flow Diagrams (DFD)
+- Perform STRIDE methodology threat modeling on DFDs
+- Create detailed risk registry reports with remediation plans
+- Analyze codebases for security threats and vulnerabilities
+- Generate multiple deliverable reports
+
+## 📖 Usage Examples
+
+### Basic Query
+```bash
+$ node bin/agent-run
+```
+
+### Code Review Example
+```bash
+# Review code in current directory
+$ node bin/agent-run -r code_reviewer
+
+# Review specific source directory
+$ node bin/agent-run -r code_reviewer -s /path/to/source
+
+# Custom output file and format
+$ node bin/agent-run -r code_reviewer -o security_report.html -f html
+```
+
+### Threat Modeler Example
+```bash
+# Run threat modeler on current directory
+$ node bin/agent-run -r threat_modeler
+
+# Run threat modeler on specific source directory
+$ node bin/agent-run -r threat_modeler -s /path/to/source
+```
+
+### List Available Roles
+```bash
+$ node bin/agent-run -l
+```
+
+### Version Information
+```bash
+$ node bin/agent-run -v
+```
+
+## 🏗 Architecture
+
+The AppSec AI Agent is built with a modular architecture consisting of several key components:
+
+### Core Components
+
+- **`AgentActions`**: Handles async interactions with Claude agents, including simple queries, code reviews, and threat modeling
+- **`AgentOptions`**: Manages configuration, tool permissions, and permission modes for different agent types
+- **`utils`**: Utility functions for file operations, YAML loading, and project management
+- **`agent-run`**: Command-line interface script for running agents
+
+### File Structure
+
+```
+appsec-agent/
+├── src/
+│   ├── agent_actions.ts       # Agent interaction logic
+│   ├── agent_options.ts       # Agent configuration management
+│   ├── main.ts               # Main application logic
+│   └── utils.ts              # Utility functions
+├── bin/
+│   └── agent-run             # Main CLI script
+├── conf/
+│   └── appsec_agent.yaml   # General configuration file
+├── package.json
+├── tsconfig.json
+└── README.md
+```
+
+## 🛠 Development
+
+### Setting Up Development Environment
+
+1. Clone the repository and navigate to the TypeScript directory:
+```bash
+$ cd appsec-agent
+```
+
+2. Install dependencies:
+```bash
+$ npm install
+```
+
+3. Build the project:
+```bash
+$ npm run build
+```
+
+### Building the Package
+
+```bash
+# Build the package
+$ npm run build
+
+# Clean build artifacts
+$ npm run clean
+```
+
+## 📚 References
+
+- [Claude Agent SDK Documentation](https://docs.claude.com/en/api/agent-sdk)
+- [Anthropic API Documentation](https://docs.anthropic.com/)
+- [Claude Code Documentation](https://docs.anthropic.com/claude-code)
+
+## 📄 License
+
+This project is licensed under the MIT License.
+
+## 👥 Author
+
+**Sam Li** - *Initial work* - [yang.li@owasp.org](mailto:yang.li@owasp.org)
+
+---
+
+*Built with ❤️ for the AppSec*
+

package/bin/agent-run.js

@@ -0,0 +1,82 @@
+#!/usr/bin/env node
+/**
+ * CLI script for AppSec AI Agent
+ * 
+ * Author: Sam Li
+ */
+
+const path = require('path');
+const fs = require('fs');
+
+// Check if we're running from source or compiled
+const isCompiled = fs.existsSync(path.join(__dirname, '..', 'dist'));
+const basePath = isCompiled ? '../dist' : '../src';
+
+// Use require for CommonJS compatibility
+const { loadYaml, listRoles, printVersionInfo, getProjectRoot } = require(path.join(__dirname, basePath, 'utils'));
+const { main } = require(path.join(__dirname, basePath, 'main'));
+
+// Dynamic import of commander for ESM compatibility
+const { Command } = require('commander');
+
+const program = new Command();
+
+program
+  .name('agent-run')
+  .description('Automate the AppSec AI Agent dispatch')
+  .option('-y, --yaml <file>', 'Yaml configuration file - default to "appsec_agent.yaml" in the conf directory')
+  .option('-e, --environment <env>', 'Program running environment - default to "development"', 'development')
+  .option('-r, --role <role>', 'AppSec AI Agent role, refer to "appsec_agent.yaml" for available roles - default to "simple_query_agent"', 'simple_query_agent')
+  .option('-s, --src_dir <dir>', 'Project source code directory for code review agent - default to "src"')
+  .option('-o, --output_file <file>', 'Output file - default to "code_review_report.md"', 'code_review_report.md')
+  .option('-f, --output_format <format>', 'Output format - default to "markdown"', 'markdown')
+  .option('-l, --list_roles', 'List all available roles')
+  .option('-v, --version', 'Program version')
+  .option('-V, --verbose', 'Verbose mode');
+
+program.parse();
+
+const options = program.opts();
+
+// Handle version flag
+if (options.version) {
+  printVersionInfo();
+  process.exit(0);
+}
+
+// Set default yaml configuration file
+const yamlFile = options.yaml || path.join(getProjectRoot(), 'conf', 'appsec_agent.yaml');
+
+console.log('Reading AppSec AI agent configuration file:', yamlFile);
+const confDict = loadYaml(yamlFile, options.verbose);
+
+if (!confDict) {
+  console.error('Failed to load configuration file');
+  process.exit(1);
+}
+
+console.log('AppSec AI agent configuration file read successfully');
+
+// Handle list roles flag
+if (options.list_roles) {
+  console.log('Listing all available AppSec AI agent roles');
+  listRoles(confDict, options.environment);
+  process.exit(0);
+}
+
+// Prepare args
+const args = {
+  role: options.role,
+  environment: options.environment,
+  src_dir: options.src_dir,
+  output_file: options.output_file,
+  output_format: options.output_format,
+  verbose: options.verbose
+};
+
+// Run main function
+main(confDict, args).catch((error) => {
+  console.error('Error running agent:', error);
+  process.exit(1);
+});
+

package/bin/agent-run.ts

@@ -0,0 +1 @@
+ 

package/conf/appsec_agent.yaml

@@ -0,0 +1,31 @@
+# appsec_agent configuration file
+# This file is used to configure the appsec_agent behaviors.
+# The yaml file structure is as follows: environment -> role -> options -> system_prompt, max_turns, output_format, verbose
+
+---
+default: &default
+  simple_query_agent:
+    options: 
+      system_prompt: "You are an AppSec expert assistant. You are responsible for providing security advice and guidance to the user."
+      max_turns: 1
+    output_format: "stdout"
+    verbose: True
+  code_reviewer:
+    options:
+      system_prompt: "You are an AppSec expert assistant. You are responsible for performing a thorough code review. List out all the potential security and privacy issues found in the code. Then provide security and privacy advice and guidance in the code review report."
+    output_format: "markdown"
+    verbose: True
+  threat_modeler:
+    options:
+      system_prompt: "You are an AppSec expert assistant. You are responsible for performing risk assessment on the source code repository for SOC2 type 2 compliance audit: Start with drawing the ASCII text based Data Flow Diagrm (DFD), with output format as <codebase_data_flow_diagram_text_timestamp>; then proceeding to use STRIDE methodology to perform threat modeling on the DFD, without output report in the format <codebase_threat_model_timestamp>; finally, provide a seperate risk registry report including proposed remediation plan in the format <codebase_risk_registry_text_timestamp>. We're looking for 3 reports in the current working directory as the deliverable."
+    output_format: "markdown"
+    verbose: True
+
+
+development:
+  <<: *default
+
+
+production:
+  <<: *default
+

package/dist/agent_actions.d.ts

@@ -0,0 +1,33 @@
+/**
+ * Agent Actions for AppSec AI Agent
+ *
+ * Author: Sam Li
+ */
+import { ConfigDict } from './utils';
+export interface AgentArgs {
+    role: string;
+    environment: string;
+    src_dir?: string;
+    output_file?: string;
+    output_format?: string;
+    verbose?: boolean;
+}
+export declare class AgentActions {
+    private confDict;
+    private environment;
+    private args;
+    constructor(confDict: ConfigDict, environment: string, args: AgentArgs);
+    /**
+     * Simple query agent with options
+     */
+    simpleQueryClaudeWithOptions(yourPrompt: string): Promise<string>;
+    /**
+     * Secure code reviewer with options
+     */
+    codeReviewerWithOptions(userPrompt: string): Promise<string>;
+    /**
+     * Threat modeler agent with options
+     */
+    threatModelerAgentWithOptions(userPrompt: string): Promise<string>;
+}
+//# sourceMappingURL=agent_actions.d.ts.map

package/dist/agent_actions.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"agent_actions.d.ts","sourceRoot":"","sources":["../src/agent_actions.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAIH,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AAErC,MAAM,WAAW,SAAS;IACxB,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AAED,qBAAa,YAAY;IACvB,OAAO,CAAC,QAAQ,CAAa;IAC7B,OAAO,CAAC,WAAW,CAAS;IAC5B,OAAO,CAAC,IAAI,CAAY;gBAEZ,QAAQ,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,EAAE,IAAI,EAAE,SAAS;IAMtE;;OAEG;IACG,4BAA4B,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAwIvE;;OAEG;IACG,uBAAuB,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IA8BlE;;OAEG;IACG,6BAA6B,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;CA6BzE"}

package/dist/agent_actions.js

@@ -0,0 +1,221 @@
+"use strict";
+/**
+ * Agent Actions for AppSec AI Agent
+ *
+ * Author: Sam Li
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AgentActions = void 0;
+const claude_agent_sdk_1 = require("@anthropic-ai/claude-agent-sdk");
+const agent_options_1 = require("./agent_options");
+class AgentActions {
+    confDict;
+    environment;
+    args;
+    constructor(confDict, environment, args) {
+        this.confDict = confDict;
+        this.environment = environment;
+        this.args = args;
+    }
+    /**
+     * Simple query agent with options
+     */
+    async simpleQueryClaudeWithOptions(yourPrompt) {
+        const agentOptions = new agent_options_1.AgentOptions(this.confDict, this.environment);
+        const options = agentOptions.getSimpleQueryAgentOptions(this.args.role);
+        try {
+            let accumulatedText = '';
+            let hasPrintedHeader = false;
+            let hasSeenStreamEvents = false;
+            let messageCount = 0;
+            for await (const msg of (0, claude_agent_sdk_1.query)({ prompt: yourPrompt, options })) {
+                messageCount++;
+                // Debug logging (remove in production)
+                if (this.args.verbose) {
+                    console.error(`[DEBUG] Message #${messageCount}: type=${msg.type}`);
+                }
+                // Handle stream events (streaming deltas) - these come first
+                if (msg.type === 'stream_event') {
+                    hasSeenStreamEvents = true;
+                    const streamMsg = msg;
+                    // Handle content block deltas (streaming text)
+                    if (streamMsg.event?.type === 'content_block_delta' && streamMsg.event.delta?.type === 'text_delta') {
+                        const deltaText = streamMsg.event.delta.text || '';
+                        if (deltaText) {
+                            if (!hasPrintedHeader) {
+                                console.log(`\nClaude:\n`);
+                                hasPrintedHeader = true;
+                            }
+                            // Accumulate and write streaming deltas directly
+                            accumulatedText += deltaText;
+                            process.stdout.write(deltaText);
+                        }
+                    }
+                    // Handle content block start (beginning of new content block)
+                    else if (streamMsg.event?.type === 'content_block_start') {
+                        // Content block is starting - ensure header is printed
+                        if (!hasPrintedHeader) {
+                            console.log(`\nClaude:\n`);
+                            hasPrintedHeader = true;
+                        }
+                        // Reset accumulated text for new content block
+                        accumulatedText = '';
+                    }
+                    // Handle message stop (streaming is complete)
+                    else if (streamMsg.event?.type === 'message_stop') {
+                        // Message is complete - ensure we have a newline
+                        if (hasPrintedHeader && accumulatedText) {
+                            // Stream is done, newline will be added by result handler
+                        }
+                    }
+                }
+                // Handle assistant messages (complete messages) - only use if no stream events
+                // Note: If we've seen stream events, the content was already printed incrementally
+                else if (msg.type === 'assistant' && !hasSeenStreamEvents) {
+                    const assistantMsg = msg;
+                    if (assistantMsg.message.content) {
+                        for (const block of assistantMsg.message.content) {
+                            if (block.type === 'text') {
+                                const currentText = block.text || '';
+                                if (currentText.length > 0 && currentText !== accumulatedText) {
+                                    if (!hasPrintedHeader) {
+                                        console.log(`\nClaude:\n`);
+                                        hasPrintedHeader = true;
+                                    }
+                                    // Print the complete text only if it's different from what we've accumulated
+                                    console.log(currentText);
+                                    accumulatedText = currentText;
+                                }
+                            }
+                        }
+                    }
+                }
+                // If we see assistant message after stream events, ignore it (already printed)
+                else if (msg.type === 'assistant' && hasSeenStreamEvents) {
+                    // Already printed via stream events, skip
+                    if (this.args.verbose) {
+                        console.error(`[DEBUG] Skipping assistant message (already printed via stream events)`);
+                    }
+                }
+                // Handle result messages
+                else if (msg.type === 'result') {
+                    const resultMsg = msg;
+                    // Ensure we flush any partial output and add newline
+                    if (hasPrintedHeader) {
+                        console.log(); // New line after final output
+                    }
+                    // Check for errors in result messages
+                    if (resultMsg.is_error) {
+                        const errorMsg = resultMsg.errors?.[0] || resultMsg.error_message || 'Unknown error occurred';
+                        console.error(`\nError: ${errorMsg}`);
+                        if (resultMsg.subtype) {
+                            console.error(`Error subtype: ${resultMsg.subtype}`);
+                        }
+                        // Log max_turns error specifically
+                        if (resultMsg.subtype === 'error_max_turns') {
+                            console.error(`\nNote: The conversation stopped because max_turns (${options.maxTurns || 1}) was reached.`);
+                            console.error(`To allow the agent to use tools and continue, increase max_turns in the configuration or use the code_reviewer role.`);
+                        }
+                    }
+                    else if (resultMsg.total_cost_usd && resultMsg.total_cost_usd > 0) {
+                        console.log(`\nCost: $${resultMsg.total_cost_usd.toFixed(4)}`);
+                    }
+                    // Debug: log turn count
+                    if (this.args.verbose) {
+                        console.error(`[DEBUG] Result: num_turns=${resultMsg.num_turns}, is_error=${resultMsg.is_error}`);
+                    }
+                }
+                // Handle tool progress messages (agent might be using tools)
+                else if (msg.type === 'tool_progress') {
+                    // Tool is being executed - this is normal, just continue
+                    if (this.args.verbose) {
+                        const toolMsg = msg;
+                        console.log(`[Tool Progress] ${toolMsg.tool_name}: ${toolMsg.elapsed_time_seconds}s`);
+                    }
+                }
+                // Log other message types for debugging
+                else if (this.args.verbose) {
+                    console.log(`[DEBUG] Received message type: ${msg.type}`);
+                }
+            }
+            // Debug: log total messages processed
+            if (this.args.verbose) {
+                console.error(`[DEBUG] Total messages processed: ${messageCount}`);
+            }
+        }
+        catch (error) {
+            console.error('Error during query:', error);
+            throw error;
+        }
+        console.log();
+        return '';
+    }
+    /**
+     * Secure code reviewer with options
+     */
+    async codeReviewerWithOptions(userPrompt) {
+        const agentOptions = new agent_options_1.AgentOptions(this.confDict, this.environment);
+        const options = agentOptions.getCodeReviewerOptions(this.args.role);
+        try {
+            for await (const message of (0, claude_agent_sdk_1.query)({ prompt: userPrompt, options })) {
+                if (message.type === 'assistant') {
+                    const assistantMsg = message;
+                    if (assistantMsg.message.content) {
+                        for (const block of assistantMsg.message.content) {
+                            if (block.type === 'text') {
+                                console.log(`Claude: ${block.text}`);
+                            }
+                        }
+                    }
+                }
+                else if (message.type === 'result') {
+                    const resultMsg = message;
+                    if (resultMsg.total_cost_usd && resultMsg.total_cost_usd > 0) {
+                        console.log(`\nCost: $${resultMsg.total_cost_usd.toFixed(4)}`);
+                    }
+                }
+            }
+        }
+        catch (error) {
+            console.error('Error during code review:', error);
+            throw error;
+        }
+        console.log();
+        return '';
+    }
+    /**
+     * Threat modeler agent with options
+     */
+    async threatModelerAgentWithOptions(userPrompt) {
+        const agentOptions = new agent_options_1.AgentOptions(this.confDict, this.environment);
+        const options = agentOptions.getThreatModelerOptions(this.args.role);
+        try {
+            for await (const message of (0, claude_agent_sdk_1.query)({ prompt: userPrompt, options })) {
+                if (message.type === 'assistant') {
+                    const assistantMsg = message;
+                    if (assistantMsg.message.content) {
+                        for (const block of assistantMsg.message.content) {
+                            if (block.type === 'text') {
+                                console.log(`Claude: ${block.text}`);
+                            }
+                        }
+                    }
+                }
+                else if (message.type === 'result') {
+                    const resultMsg = message;
+                    if (resultMsg.total_cost_usd && resultMsg.total_cost_usd > 0) {
+                        console.log(`\nCost: $${resultMsg.total_cost_usd.toFixed(4)}`);
+                    }
+                }
+            }
+        }
+        catch (error) {
+            console.error('Error during threat modeling:', error);
+            throw error;
+        }
+        console.log();
+        return '';
+    }
+}
+exports.AgentActions = AgentActions;
+//# sourceMappingURL=agent_actions.js.map

package/dist/agent_actions.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"agent_actions.js","sourceRoot":"","sources":["../src/agent_actions.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;;AAEH,qEAA8F;AAC9F,mDAA+C;AAY/C,MAAa,YAAY;IACf,QAAQ,CAAa;IACrB,WAAW,CAAS;IACpB,IAAI,CAAY;IAExB,YAAY,QAAoB,EAAE,WAAmB,EAAE,IAAe;QACpE,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,WAAW,GAAG,WAAW,CAAC;QAC/B,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;IACnB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,4BAA4B,CAAC,UAAkB;QACnD,MAAM,YAAY,GAAG,IAAI,4BAAY,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC;QACvE,MAAM,OAAO,GAAG,YAAY,CAAC,0BAA0B,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAExE,IAAI,CAAC;YACH,IAAI,eAAe,GAAG,EAAE,CAAC;YACzB,IAAI,gBAAgB,GAAG,KAAK,CAAC;YAC7B,IAAI,mBAAmB,GAAG,KAAK,CAAC;YAChC,IAAI,YAAY,GAAG,CAAC,CAAC;YAErB,IAAI,KAAK,EAAE,MAAM,GAAG,IAAI,IAAA,wBAAK,EAAC,EAAE,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC;gBAC/D,YAAY,EAAE,CAAC;gBAEf,uCAAuC;gBACvC,IAAI,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;oBACtB,OAAO,CAAC,KAAK,CAAC,oBAAoB,YAAY,UAAW,GAAW,CAAC,IAAI,EAAE,CAAC,CAAC;gBAC/E,CAAC;gBACD,6DAA6D;gBAC7D,IAAI,GAAG,CAAC,IAAI,KAAK,cAAc,EAAE,CAAC;oBAChC,mBAAmB,GAAG,IAAI,CAAC;oBAC3B,MAAM,SAAS,GAAG,GAAU,CAAC;oBAE7B,+CAA+C;oBAC/C,IAAI,SAAS,CAAC,KAAK,EAAE,IAAI,KAAK,qBAAqB,IAAI,SAAS,CAAC,KAAK,CAAC,KAAK,EAAE,IAAI,KAAK,YAAY,EAAE,CAAC;wBACpG,MAAM,SAAS,GAAG,SAAS,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,IAAI,EAAE,CAAC;wBACnD,IAAI,SAAS,EAAE,CAAC;4BACd,IAAI,CAAC,gBAAgB,EAAE,CAAC;gCACtB,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;gCAC3B,gBAAgB,GAAG,IAAI,CAAC;4BAC1B,CAAC;4BACD,iDAAiD;4BACjD,eAAe,IAAI,SAAS,CAAC;4BAC7B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;wBAClC,CAAC;oBACH,CAAC;oBACD,8DAA8D;yBACzD,IAAI,SAAS,CAAC,KAAK,EAAE,IAAI,KAAK,qBAAqB,EAAE,CAAC;wBACzD,uDAAuD;wBACvD,IAAI,CAAC,gBAAgB,EAAE,CAAC;4BACtB,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;4BAC3B,gBAAgB,GAAG,IAAI,CAAC;wBAC1B,CAAC;wBACD,+CAA+C;wBAC/C,eAAe,GAAG,EAAE,CAAC;oBACvB,CAAC;oBACD,8CAA8C;yBACzC,IAAI,SAAS,CAAC,KAAK,EAAE,IAAI,KAAK,cAAc,EAAE,CAAC;wBAClD,iDAAiD;wBACjD,IAAI,gBAAgB,IAAI,eAAe,EAAE,CAAC;4BACxC,0DAA0D;wBAC5D,CAAC;oBACH,CAAC;gBACH,CAAC;gBACD,+EAA+E;gBAC/E,mFAAmF;qBAC9E,IAAI,GAAG,CAAC,IAAI,KAAK,WAAW,IAAI,CAAC,mBAAmB,EAAE,CAAC;oBAC1D,MAAM,YAAY,GAAG,GAA0B,CAAC;oBAChD,IAAI,YAAY,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC;wBACjC,KAAK,MAAM,KAAK,IAAI,YAAY,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC;4BACjD,IAAI,KAAK,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;gCAC1B,MAAM,WAAW,GAAG,KAAK,CAAC,IAAI,IAAI,EAAE,CAAC;gCACrC,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,IAAI,WAAW,KAAK,eAAe,EAAE,CAAC;oCAC9D,IAAI,CAAC,gBAAgB,EAAE,CAAC;wCACtB,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;wCAC3B,gBAAgB,GAAG,IAAI,CAAC;oCAC1B,CAAC;oCACD,6EAA6E;oCAC7E,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;oCACzB,eAAe,GAAG,WAAW,CAAC;gCAChC,CAAC;4BACH,CAAC;wBACH,CAAC;oBACH,CAAC;gBACH,CAAC;gBACD,+EAA+E;qBAC1E,IAAI,GAAG,CAAC,IAAI,KAAK,WAAW,IAAI,mBAAmB,EAAE,CAAC;oBACzD,0CAA0C;oBAC1C,IAAI,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;wBACtB,OAAO,CAAC,KAAK,CAAC,wEAAwE,CAAC,CAAC;oBAC1F,CAAC;gBACH,CAAC;gBACD,yBAAyB;qBACpB,IAAI,GAAG,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;oBAC/B,MAAM,SAAS,GAAG,GAAuB,CAAC;oBAC1C,qDAAqD;oBACrD,IAAI,gBAAgB,EAAE,CAAC;wBACrB,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC,8BAA8B;oBAC/C,CAAC;oBAED,sCAAsC;oBACtC,IAAI,SAAS,CAAC,QAAQ,EAAE,CAAC;wBACvB,MAAM,QAAQ,GAAI,SAAiB,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,IAAK,SAAiB,CAAC,aAAa,IAAI,wBAAwB,CAAC;wBAChH,OAAO,CAAC,KAAK,CAAC,YAAY,QAAQ,EAAE,CAAC,CAAC;wBACtC,IAAI,SAAS,CAAC,OAAO,EAAE,CAAC;4BACtB,OAAO,CAAC,KAAK,CAAC,kBAAkB,SAAS,CAAC,OAAO,EAAE,CAAC,CAAC;wBACvD,CAAC;wBACD,mCAAmC;wBACnC,IAAI,SAAS,CAAC,OAAO,KAAK,iBAAiB,EAAE,CAAC;4BAC5C,OAAO,CAAC,KAAK,CAAC,uDAAuD,OAAO,CAAC,QAAQ,IAAI,CAAC,gBAAgB,CAAC,CAAC;4BAC5G,OAAO,CAAC,KAAK,CAAC,sHAAsH,CAAC,CAAC;wBACxI,CAAC;oBACH,CAAC;yBAAM,IAAI,SAAS,CAAC,cAAc,IAAI,SAAS,CAAC,cAAc,GAAG,CAAC,EAAE,CAAC;wBACpE,OAAO,CAAC,GAAG,CAAC,YAAY,SAAS,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;oBACjE,CAAC;oBAED,wBAAwB;oBACxB,IAAI,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;wBACtB,OAAO,CAAC,KAAK,CAAC,6BAA6B,SAAS,CAAC,SAAS,cAAc,SAAS,CAAC,QAAQ,EAAE,CAAC,CAAC;oBACpG,CAAC;gBACH,CAAC;gBACD,6DAA6D;qBACxD,IAAI,GAAG,CAAC,IAAI,KAAK,eAAe,EAAE,CAAC;oBACtC,yDAAyD;oBACzD,IAAI,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;wBACtB,MAAM,OAAO,GAAG,GAAU,CAAC;wBAC3B,OAAO,CAAC,GAAG,CAAC,mBAAmB,OAAO,CAAC,SAAS,KAAK,OAAO,CAAC,oBAAoB,GAAG,CAAC,CAAC;oBACxF,CAAC;gBACH,CAAC;gBACD,wCAAwC;qBACnC,IAAI,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;oBAC3B,OAAO,CAAC,GAAG,CAAC,kCAAmC,GAAW,CAAC,IAAI,EAAE,CAAC,CAAC;gBACrE,CAAC;YACH,CAAC;YAED,sCAAsC;YACtC,IAAI,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;gBACtB,OAAO,CAAC,KAAK,CAAC,qCAAqC,YAAY,EAAE,CAAC,CAAC;YACrE,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,KAAK,CAAC,qBAAqB,EAAE,KAAK,CAAC,CAAC;YAC5C,MAAM,KAAK,CAAC;QACd,CAAC;QACD,OAAO,CAAC,GAAG,EAAE,CAAC;QACd,OAAO,EAAE,CAAC;IACZ,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,uBAAuB,CAAC,UAAkB;QAC9C,MAAM,YAAY,GAAG,IAAI,4BAAY,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC;QACvE,MAAM,OAAO,GAAG,YAAY,CAAC,sBAAsB,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAEpE,IAAI,CAAC;YACH,IAAI,KAAK,EAAE,MAAM,OAAO,IAAI,IAAA,wBAAK,EAAC,EAAE,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC;gBACnE,IAAI,OAAO,CAAC,IAAI,KAAK,WAAW,EAAE,CAAC;oBACjC,MAAM,YAAY,GAAG,OAA8B,CAAC;oBACpD,IAAI,YAAY,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC;wBACjC,KAAK,MAAM,KAAK,IAAI,YAAY,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC;4BACjD,IAAI,KAAK,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;gCAC1B,OAAO,CAAC,GAAG,CAAC,WAAW,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;4BACvC,CAAC;wBACH,CAAC;oBACH,CAAC;gBACH,CAAC;qBAAM,IAAI,OAAO,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;oBACrC,MAAM,SAAS,GAAG,OAA2B,CAAC;oBAC9C,IAAI,SAAS,CAAC,cAAc,IAAI,SAAS,CAAC,cAAc,GAAG,CAAC,EAAE,CAAC;wBAC7D,OAAO,CAAC,GAAG,CAAC,YAAY,SAAS,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;oBACjE,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,KAAK,CAAC,2BAA2B,EAAE,KAAK,CAAC,CAAC;YAClD,MAAM,KAAK,CAAC;QACd,CAAC;QACD,OAAO,CAAC,GAAG,EAAE,CAAC;QACd,OAAO,EAAE,CAAC;IACZ,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,6BAA6B,CAAC,UAAkB;QACpD,MAAM,YAAY,GAAG,IAAI,4BAAY,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC;QACvE,MAAM,OAAO,GAAG,YAAY,CAAC,uBAAuB,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAErE,IAAI,CAAC;YACH,IAAI,KAAK,EAAE,MAAM,OAAO,IAAI,IAAA,wBAAK,EAAC,EAAE,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC;gBACnE,IAAI,OAAO,CAAC,IAAI,KAAK,WAAW,EAAE,CAAC;oBACjC,MAAM,YAAY,GAAG,OAA8B,CAAC;oBACpD,IAAI,YAAY,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC;wBACjC,KAAK,MAAM,KAAK,IAAI,YAAY,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC;4BACjD,IAAI,KAAK,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;gCAC1B,OAAO,CAAC,GAAG,CAAC,WAAW,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;4BACvC,CAAC;wBACH,CAAC;oBACH,CAAC;gBACH,CAAC;qBAAM,IAAI,OAAO,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;oBACrC,MAAM,SAAS,GAAG,OAA2B,CAAC;oBAC9C,IAAI,SAAS,CAAC,cAAc,IAAI,SAAS,CAAC,cAAc,GAAG,CAAC,EAAE,CAAC;wBAC7D,OAAO,CAAC,GAAG,CAAC,YAAY,SAAS,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;oBACjE,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,KAAK,CAAC,+BAA+B,EAAE,KAAK,CAAC,CAAC;YACtD,MAAM,KAAK,CAAC;QACd,CAAC;QACD,OAAO,CAAC,GAAG,EAAE,CAAC;QACd,OAAO,EAAE,CAAC;IACZ,CAAC;CACF;AAvND,oCAuNC"}

package/dist/agent_options.d.ts

@@ -0,0 +1,35 @@
+/**
+ * Agent Options Management for AppSec AI Agent
+ *
+ * Author: Sam Li
+ */
+import { Options, CanUseTool } from '@anthropic-ai/claude-agent-sdk';
+import { ConfigDict } from './utils';
+export interface ToolUsageLog {
+    tool: string;
+    input: any;
+    suggestions: string;
+}
+export declare class AgentOptions {
+    private confDict;
+    private environment;
+    toolUsageLog: ToolUsageLog[];
+    constructor(confDict: ConfigDict, environment: string);
+    /**
+     * Tool permission callback to control tool access
+     */
+    toolPermissionCallback: CanUseTool;
+    /**
+     * Get options for simple query agent
+     */
+    getSimpleQueryAgentOptions(role?: string): Options;
+    /**
+     * Get options for code reviewer
+     */
+    getCodeReviewerOptions(role?: string): Options;
+    /**
+     * Get options for threat modeler
+     */
+    getThreatModelerOptions(role?: string): Options;
+}
+//# sourceMappingURL=agent_options.d.ts.map

package/dist/agent_options.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"agent_options.d.ts","sourceRoot":"","sources":["../src/agent_options.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,OAAO,EAAqC,UAAU,EAAE,MAAM,gCAAgC,CAAC;AACxG,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AAErC,MAAM,WAAW,YAAY;IAC3B,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,GAAG,CAAC;IACX,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,qBAAa,YAAY;IACvB,OAAO,CAAC,QAAQ,CAAa;IAC7B,OAAO,CAAC,WAAW,CAAS;IACrB,YAAY,EAAE,YAAY,EAAE,CAAM;gBAE7B,QAAQ,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM;IAKrD;;OAEG;IACH,sBAAsB,EAAE,UAAU,CAqBjC;IAED;;OAEG;IACH,0BAA0B,CAAC,IAAI,GAAE,MAA6B,GAAG,OAAO;IAQxE;;OAEG;IACH,sBAAsB,CAAC,IAAI,GAAE,MAAwB,GAAG,OAAO;IAkB/D;;OAEG;IACH,uBAAuB,CAAC,IAAI,GAAE,MAAyB,GAAG,OAAO;CAiBlE"}