cognitive-kit 1.0.0-alpha.1

package/dist/tools/security/red_team.js

@@ -0,0 +1,101 @@
+const ATTACK_VECTORS = [
+    { name: 'Credential Stuffing', difficulty: 0.3, impact: 0.8, category: 'auth' },
+    { name: 'Phishing Simulation', difficulty: 0.4, impact: 0.7, category: 'social' },
+    { name: 'API Injection', difficulty: 0.6, impact: 0.85, category: 'application' },
+    { name: 'Privilege Escalation', difficulty: 0.7, impact: 0.9, category: 'auth' },
+    { name: 'Supply Chain Compromise', difficulty: 0.8, impact: 0.95, category: 'infrastructure' },
+    { name: 'Side-Channel Attack', difficulty: 0.85, impact: 0.65, category: 'crypto' },
+    { name: 'Social Engineering', difficulty: 0.3, impact: 0.6, category: 'social' },
+    { name: 'Zero-Day Exploit', difficulty: 0.95, impact: 0.95, category: 'application' },
+    { name: 'Man-in-the-Middle', difficulty: 0.5, impact: 0.75, category: 'network' },
+    { name: 'Insider Threat', difficulty: 0.2, impact: 0.85, category: 'personnel' },
+];
+export const redTeamTool = {
+    id: 'red_team',
+    name: 'Red Team Simulation',
+    description: 'Adversarial security simulation. Models attacker behavior across multiple vectors, identifies exploitable weaknesses, and recommends defensive countermeasures.',
+    inputSchema: {
+        target: { type: 'string', description: 'System, application, or infrastructure to assess' },
+        focus: { type: 'string', description: 'Attack focus area: auth, application, network, social, infrastructure, crypto, personnel' },
+        intensity: { type: 'string', enum: ['quick', 'standard', 'deep'], description: 'Assessment intensity' },
+    },
+    category: 'cognitive',
+    handler: async (params, ctx) => {
+        const target = String(params.target || '');
+        const focus = String(params.focus || 'all');
+        const intensity = String(params.intensity || 'standard');
+        if (!target) {
+            return { success: false, data: null, error: 'Target is required for red team assessment' };
+        }
+        const intensityMultiplier = intensity === 'quick' ? 0.5 : intensity === 'deep' ? 2 : 1;
+        const vectorCount = intensity === 'quick' ? 3 : intensity === 'deep' ? 8 : 5;
+        const vectors = focus === 'all'
+            ? ATTACK_VECTORS
+            : ATTACK_VECTORS.filter(v => focus.split(',').map(f => f.trim()).includes(v.category));
+        const selectedVectors = vectors
+            .sort(() => Math.random() - 0.5)
+            .slice(0, Math.min(vectorCount, vectors.length));
+        const simulations = selectedVectors.map(vec => {
+            const successProb = Math.max(0.05, vec.difficulty * (0.8 + Math.random() * 0.4));
+            const simulatedSuccess = Math.random() > successProb;
+            return {
+                vector: vec.name,
+                category: vec.category,
+                difficulty: vec.difficulty,
+                potentialImpact: vec.impact,
+                simulatedSuccess,
+                exploitPath: simulatedSuccess
+                    ? `${vec.name.toLowerCase().replace(/\s+/g, '_')}_${Date.now().toString(36)}`
+                    : null,
+                detectionLikelihood: vec.difficulty > 0.7 ? 0.2 : 0.6,
+                recommendation: getRecommendation(vec.name, vec.category),
+            };
+        });
+        const successfulAttacks = simulations.filter(s => s.simulatedSuccess);
+        const overallRisk = parseFloat((simulations.reduce((sum, s) => sum + s.potentialImpact * (s.simulatedSuccess ? 1 : 0.3), 0) / simulations.length).toFixed(3));
+        await ctx.memory.store('security', `redteam-${Date.now()}`, {
+            target: target.slice(0, 200),
+            vectorsTested: selectedVectors.length,
+            successfulAttacks: successfulAttacks.length,
+            overallRisk,
+        });
+        return {
+            success: true,
+            data: {
+                target,
+                intensity,
+                overallRiskScore: overallRisk,
+                overallRiskLevel: overallRisk >= 0.7 ? 'CRITICAL' : overallRisk >= 0.4 ? 'ELEVATED' : 'LOW',
+                vectorsTested: selectedVectors.length,
+                successfulBreaches: successfulAttacks.length,
+                breachRate: `${Math.round((successfulAttacks.length / selectedVectors.length) * 100)}%`,
+                simulations,
+                prioritizedRisks: simulations
+                    .filter(s => s.simulatedSuccess && s.potentialImpact > 0.6)
+                    .map(s => `${s.vector} (impact: ${Math.round(s.potentialImpact * 100)}%)`),
+                summary: successfulAttacks.length === 0
+                    ? 'Target resisted all tested attack vectors'
+                    : `${successfulAttacks.length}/${selectedVectors.length} attack vectors succeeded. Prioritize mitigations for high-impact breaches.`,
+            },
+            metadata: {
+                vectorsTested: selectedVectors.length,
+                breachesFound: successfulAttacks.length,
+                sovereignty: ctx.identity.sovereignty,
+            },
+        };
+    },
+};
+function getRecommendation(vector, category) {
+    const recs = {
+        auth: ['Deploy MFA across all access points', 'Implement adaptive authentication', 'Review credential policies'],
+        social: ['Conduct security awareness training', 'Implement reporting procedures', 'Simulate phishing campaigns'],
+        application: ['Regular penetration testing', 'WAF deployment', 'Input validation and sanitization'],
+        network: ['Network segmentation', 'Traffic encryption', 'IDS/IPS deployment'],
+        infrastructure: ['Vulnerability scanning', 'Patch management', 'Configuration hardening'],
+        crypto: ['Algorithm review', 'Key management audit', 'Protocol verification'],
+        personnel: ['Least privilege review', 'Background checks', 'Monitoring and logging'],
+    };
+    const cat = recs[category] || recs['application'];
+    return cat[Math.floor(Math.random() * cat.length)];
+}
+//# sourceMappingURL=red_team.js.map

package/dist/tools/security/red_team.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"red_team.js","sourceRoot":"","sources":["../../../src/tools/security/red_team.ts"],"names":[],"mappings":"AAEA,MAAM,cAAc,GAAG;IACrB,EAAE,IAAI,EAAE,qBAAqB,EAAE,UAAU,EAAE,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,QAAQ,EAAE,MAAM,EAAE;IAC/E,EAAE,IAAI,EAAE,qBAAqB,EAAE,UAAU,EAAE,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,QAAQ,EAAE,QAAQ,EAAE;IACjF,EAAE,IAAI,EAAE,eAAe,EAAE,UAAU,EAAE,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,aAAa,EAAE;IACjF,EAAE,IAAI,EAAE,sBAAsB,EAAE,UAAU,EAAE,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,QAAQ,EAAE,MAAM,EAAE;IAChF,EAAE,IAAI,EAAE,yBAAyB,EAAE,UAAU,EAAE,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,gBAAgB,EAAE;IAC9F,EAAE,IAAI,EAAE,qBAAqB,EAAE,UAAU,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,QAAQ,EAAE;IACnF,EAAE,IAAI,EAAE,oBAAoB,EAAE,UAAU,EAAE,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,QAAQ,EAAE,QAAQ,EAAE;IAChF,EAAE,IAAI,EAAE,kBAAkB,EAAE,UAAU,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,aAAa,EAAE;IACrF,EAAE,IAAI,EAAE,mBAAmB,EAAE,UAAU,EAAE,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE;IACjF,EAAE,IAAI,EAAE,gBAAgB,EAAE,UAAU,EAAE,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE;CACjF,CAAC;AAEF,MAAM,CAAC,MAAM,WAAW,GAAmB;IACzC,EAAE,EAAE,UAAU;IACd,IAAI,EAAE,qBAAqB;IAC3B,WAAW,EAAE,iKAAiK;IAC9K,WAAW,EAAE;QACX,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,kDAAkD,EAAE;QAC3F,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,0FAA0F,EAAE;QAClI,SAAS,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,OAAO,EAAE,UAAU,EAAE,MAAM,CAAC,EAAE,WAAW,EAAE,sBAAsB,EAAE;KACxG;IACD,QAAQ,EAAE,WAAW;IACrB,OAAO,EAAE,KAAK,EAAE,MAA+B,EAAE,GAAgB,EAAuB,EAAE;QACxF,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC;QAC3C,MAAM,KAAK,GAAG,MAAM,CAAC,MAAM,CAAC,KAAK,IAAI,KAAK,CAAC,CAAC;QAC5C,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,SAAS,IAAI,UAAU,CAAC,CAAC;QAEzD,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,4CAA4C,EAAE,CAAC;QAC7F,CAAC;QAED,MAAM,mBAAmB,GAAG,SAAS,KAAK,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS,KAAK,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QACvF,MAAM,WAAW,GAAG,SAAS,KAAK,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,KAAK,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAE7E,MAAM,OAAO,GAAG,KAAK,KAAK,KAAK;YAC7B,CAAC,CAAC,cAAc;YAChB,CAAC,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC;QAEzF,MAAM,eAAe,GAAG,OAAO;aAC5B,IAAI,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,GAAG,CAAC;aAC/B,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,WAAW,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC;QAEnD,MAAM,WAAW,GAAG,eAAe,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE;YAC5C,MAAM,WAAW,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,GAAG,CAAC,UAAU,GAAG,CAAC,GAAG,GAAG,IAAI,CAAC,MAAM,EAAE,GAAG,GAAG,CAAC,CAAC,CAAC;YACjF,MAAM,gBAAgB,GAAG,IAAI,CAAC,MAAM,EAAE,GAAG,WAAW,CAAC;YAErD,OAAO;gBACL,MAAM,EAAE,GAAG,CAAC,IAAI;gBAChB,QAAQ,EAAE,GAAG,CAAC,QAAQ;gBACtB,UAAU,EAAE,GAAG,CAAC,UAAU;gBAC1B,eAAe,EAAE,GAAG,CAAC,MAAM;gBAC3B,gBAAgB;gBAChB,WAAW,EAAE,gBAAgB;oBAC3B,CAAC,CAAC,GAAG,GAAG,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,IAAI,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,EAAE;oBAC7E,CAAC,CAAC,IAAI;gBACR,mBAAmB,EAAE,GAAG,CAAC,UAAU,GAAG,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG;gBACrD,cAAc,EAAE,iBAAiB,CAAC,GAAG,CAAC,IAAI,EAAE,GAAG,CAAC,QAAQ,CAAC;aAC1D,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,MAAM,iBAAiB,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,gBAAgB,CAAC,CAAC;QACtE,MAAM,WAAW,GAAG,UAAU,CAC5B,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,eAAe,GAAG,CAAC,CAAC,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAC9H,CAAC;QAEF,MAAM,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,UAAU,EAAE,WAAW,IAAI,CAAC,GAAG,EAAE,EAAE,EAAE;YAC1D,MAAM,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;YAC5B,aAAa,EAAE,eAAe,CAAC,MAAM;YACrC,iBAAiB,EAAE,iBAAiB,CAAC,MAAM;YAC3C,WAAW;SACZ,CAAC,CAAC;QAEH,OAAO;YACL,OAAO,EAAE,IAAI;YACb,IAAI,EAAE;gBACJ,MAAM;gBACN,SAAS;gBACT,gBAAgB,EAAE,WAAW;gBAC7B,gBAAgB,EAAE,WAAW,IAAI,GAAG,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,WAAW,IAAI,GAAG,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,KAAK;gBAC3F,aAAa,EAAE,eAAe,CAAC,MAAM;gBACrC,kBAAkB,EAAE,iBAAiB,CAAC,MAAM;gBAC5C,UAAU,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,iBAAiB,CAAC,MAAM,GAAG,eAAe,CAAC,MAAM,CAAC,GAAG,GAAG,CAAC,GAAG;gBACvF,WAAW;gBACX,gBAAgB,EAAE,WAAW;qBAC1B,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,gBAAgB,IAAI,CAAC,CAAC,eAAe,GAAG,GAAG,CAAC;qBAC1D,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,aAAa,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,eAAe,GAAG,GAAG,CAAC,IAAI,CAAC;gBAC5E,OAAO,EAAE,iBAAiB,CAAC,MAAM,KAAK,CAAC;oBACrC,CAAC,CAAC,2CAA2C;oBAC7C,CAAC,CAAC,GAAG,iBAAiB,CAAC,MAAM,IAAI,eAAe,CAAC,MAAM,6EAA6E;aACvI;YACD,QAAQ,EAAE;gBACR,aAAa,EAAE,eAAe,CAAC,MAAM;gBACrC,aAAa,EAAE,iBAAiB,CAAC,MAAM;gBACvC,WAAW,EAAE,GAAG,CAAC,QAAQ,CAAC,WAAW;aACtC;SACF,CAAC;IACJ,CAAC;CACF,CAAC;AAEF,SAAS,iBAAiB,CAAC,MAAc,EAAE,QAAgB;IACzD,MAAM,IAAI,GAA6B;QACrC,IAAI,EAAE,CAAC,qCAAqC,EAAE,mCAAmC,EAAE,4BAA4B,CAAC;QAChH,MAAM,EAAE,CAAC,qCAAqC,EAAE,gCAAgC,EAAE,6BAA6B,CAAC;QAChH,WAAW,EAAE,CAAC,6BAA6B,EAAE,gBAAgB,EAAE,mCAAmC,CAAC;QACnG,OAAO,EAAE,CAAC,sBAAsB,EAAE,oBAAoB,EAAE,oBAAoB,CAAC;QAC7E,cAAc,EAAE,CAAC,wBAAwB,EAAE,kBAAkB,EAAE,yBAAyB,CAAC;QACzF,MAAM,EAAE,CAAC,kBAAkB,EAAE,sBAAsB,EAAE,uBAAuB,CAAC;QAC7E,SAAS,EAAE,CAAC,wBAAwB,EAAE,mBAAmB,EAAE,wBAAwB,CAAC;KACrF,CAAC;IACF,MAAM,GAAG,GAAG,IAAI,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,aAAa,CAAC,CAAC;IAClD,OAAO,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC;AACrD,CAAC"}

package/dist/tools/security/security_gate.d.ts

@@ -0,0 +1,2 @@
+import type { ToolDefinition } from '../../types.js';
+export declare const securityGateTool: ToolDefinition;

package/dist/tools/security/security_gate.js

@@ -0,0 +1,93 @@
+const DEFAULT_POLICIES = [
+    { id: 'SQLI-01', rule: 'Detect SQL injection patterns', severity: 'critical' },
+    { id: 'XSS-01', rule: 'Detect cross-site scripting attempts', severity: 'critical' },
+    { id: 'PATH-01', rule: 'Detect path traversal attempts', severity: 'high' },
+    { id: 'CMDI-01', rule: 'Detect command injection patterns', severity: 'critical' },
+    { id: 'SENS-01', rule: 'Detect sensitive data exposure', severity: 'high' },
+    { id: 'AUTH-01', rule: 'Verify authentication tokens', severity: 'high' },
+    { id: 'RATE-01', rule: 'Rate limiting check', severity: 'medium' },
+];
+const INJECTION_PATTERNS = [
+    { pattern: new RegExp("'|\u002d\u002d|;|\\/\\*|\\*\\/"), type: 'SQL_INJECTION', severity: 'critical' },
+    { pattern: /<script|onerror=|onload=|javascript:/i, type: 'XSS', severity: 'critical' },
+    { pattern: /\.\.\/|\.\.\\|%2e%2e%2f/i, type: 'PATH_TRAVERSAL', severity: 'high' },
+    { pattern: /rm|del|format|shutdown|cmd|\|[`$]|\$\(|%x/i, type: 'COMMAND_INJECTION', severity: 'critical' },
+    { pattern: /sk-|ghp_|gho_|xox[bpr]-|AKIA/, type: 'SECRET_LEAK', severity: 'high' },
+];
+export const securityGateTool = {
+    id: 'security_gate',
+    name: 'Security Gateway',
+    description: 'Zero-trust security gateway that evaluates requests, payloads, and tokens against security policies. Detects injection, XSS, path traversal, secret leaks, and auth violations.',
+    inputSchema: {
+        payload: { type: 'string', description: 'The payload or request to evaluate' },
+        token: { type: 'string', description: 'Optional authentication token to verify' },
+        policies: { type: 'string', description: 'Comma-separated policy IDs to enforce (default: all)' },
+        mode: { type: 'string', enum: ['enforce', 'audit', 'learn'], description: 'Enforcement mode' },
+        source: { type: 'string', description: 'Source identifier for rate limiting context' },
+    },
+    category: 'cognitive',
+    handler: async (params, ctx) => {
+        const payload = String(params.payload || '');
+        const token = String(params.token || '');
+        const mode = String(params.mode || 'enforce');
+        const source = String(params.source || 'unknown');
+        const policyFilter = String(params.policies || '');
+        const activePolicies = policyFilter
+            ? DEFAULT_POLICIES.filter(p => policyFilter.split(',').map(s => s.trim()).includes(p.id))
+            : DEFAULT_POLICIES;
+        const violations = [];
+        for (const { pattern, type, severity } of INJECTION_PATTERNS) {
+            const match = payload.match(pattern);
+            if (match) {
+                violations.push({
+                    policy: activePolicies.find(p => p.severity === severity.split('_')[0])?.id ?? 'GEN-01',
+                    type,
+                    severity,
+                    match: match[0],
+                });
+            }
+        }
+        let authResult = { valid: true, reason: 'No token required' };
+        if (token) {
+            const isValid = token.length >= 8 && /^[a-zA-Z0-9_-]+$/.test(token);
+            authResult = {
+                valid: isValid,
+                reason: isValid ? 'Token format valid' : 'Token format invalid or too short',
+            };
+        }
+        const criticalCount = violations.filter(v => v.severity === 'critical').length;
+        const highCount = violations.filter(v => v.severity === 'high').length;
+        const blocked = mode === 'enforce' && (criticalCount > 0 || highCount > 2);
+        await ctx.memory.store('security', `gate-${Date.now()}`, {
+            source,
+            violationCount: violations.length,
+            blocked,
+            mode,
+            timestamp: Date.now(),
+        });
+        return {
+            success: true,
+            data: {
+                verdict: blocked ? 'BLOCKED' : mode === 'audit' ? 'AUDITED' : 'PASSED',
+                blocked,
+                violations,
+                violationCount: violations.length,
+                auth: authResult,
+                policiesApplied: activePolicies.length,
+                riskScore: Math.min(1, (criticalCount * 0.4 + highCount * 0.2 + violations.length * 0.1)),
+                summary: blocked
+                    ? `Blocked: ${criticalCount} critical, ${highCount} high severity violations`
+                    : violations.length === 0
+                        ? 'No security violations detected'
+                        : `Audit mode: ${violations.length} violation(s) detected but not blocked`,
+            },
+            metadata: {
+                mode,
+                blocked,
+                sovereignty: ctx.identity.sovereignty,
+                timestamp: Date.now(),
+            },
+        };
+    },
+};
+//# sourceMappingURL=security_gate.js.map

package/dist/tools/security/security_gate.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"security_gate.js","sourceRoot":"","sources":["../../../src/tools/security/security_gate.ts"],"names":[],"mappings":"AAQA,MAAM,gBAAgB,GAAqB;IACzC,EAAE,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,+BAA+B,EAAE,QAAQ,EAAE,UAAU,EAAE;IAC9E,EAAE,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,sCAAsC,EAAE,QAAQ,EAAE,UAAU,EAAE;IACpF,EAAE,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,gCAAgC,EAAE,QAAQ,EAAE,MAAM,EAAE;IAC3E,EAAE,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,mCAAmC,EAAE,QAAQ,EAAE,UAAU,EAAE;IAClF,EAAE,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,gCAAgC,EAAE,QAAQ,EAAE,MAAM,EAAE;IAC3E,EAAE,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,8BAA8B,EAAE,QAAQ,EAAE,MAAM,EAAE;IACzE,EAAE,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,qBAAqB,EAAE,QAAQ,EAAE,QAAQ,EAAE;CACnE,CAAC;AAEF,MAAM,kBAAkB,GAAG;IACzB,EAAE,OAAO,EAAE,IAAI,MAAM,CAAC,gCAAgC,CAAC,EAAE,IAAI,EAAE,eAAe,EAAE,QAAQ,EAAE,UAAmB,EAAE;IAC/G,EAAE,OAAO,EAAE,uCAAuC,EAAE,IAAI,EAAE,KAAK,EAAE,QAAQ,EAAE,UAAmB,EAAE;IAChG,EAAE,OAAO,EAAE,0BAA0B,EAAE,IAAI,EAAE,gBAAgB,EAAE,QAAQ,EAAE,MAAe,EAAE;IAC1F,EAAE,OAAO,EAAE,4CAA4C,EAAE,IAAI,EAAE,mBAAmB,EAAE,QAAQ,EAAE,UAAmB,EAAE;IACnH,EAAE,OAAO,EAAE,8BAA8B,EAAE,IAAI,EAAE,aAAa,EAAE,QAAQ,EAAE,MAAe,EAAE;CAC5F,CAAC;AAEF,MAAM,CAAC,MAAM,gBAAgB,GAAmB;IAC9C,EAAE,EAAE,eAAe;IACnB,IAAI,EAAE,kBAAkB;IACxB,WAAW,EAAE,iLAAiL;IAC9L,WAAW,EAAE;QACX,OAAO,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,oCAAoC,EAAE;QAC9E,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,yCAAyC,EAAE;QACjF,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,sDAAsD,EAAE;QACjG,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,SAAS,EAAE,OAAO,EAAE,OAAO,CAAC,EAAE,WAAW,EAAE,kBAAkB,EAAE;QAC9F,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,6CAA6C,EAAE;KACvF;IACD,QAAQ,EAAE,WAAW;IACrB,OAAO,EAAE,KAAK,EAAE,MAA+B,EAAE,GAAgB,EAAuB,EAAE;QACxF,MAAM,OAAO,GAAG,MAAM,CAAC,MAAM,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC;QAC7C,MAAM,KAAK,GAAG,MAAM,CAAC,MAAM,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC;QACzC,MAAM,IAAI,GAAG,MAAM,CAAC,MAAM,CAAC,IAAI,IAAI,SAAS,CAAC,CAAC;QAC9C,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,IAAI,SAAS,CAAC,CAAC;QAClD,MAAM,YAAY,GAAG,MAAM,CAAC,MAAM,CAAC,QAAQ,IAAI,EAAE,CAAC,CAAC;QAEnD,MAAM,cAAc,GAAG,YAAY;YACjC,CAAC,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,YAAY,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;YACzF,CAAC,CAAC,gBAAgB,CAAC;QAErB,MAAM,UAAU,GAA6E,EAAE,CAAC;QAEhG,KAAK,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,kBAAkB,EAAE,CAAC;YAC7D,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YACrC,IAAI,KAAK,EAAE,CAAC;gBACV,UAAU,CAAC,IAAI,CAAC;oBACd,MAAM,EAAE,cAAc,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,IAAI,QAAQ;oBACvF,IAAI;oBACJ,QAAQ;oBACR,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC;iBAChB,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,IAAI,UAAU,GAAuC,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC;QAClG,IAAI,KAAK,EAAE,CAAC;YACV,MAAM,OAAO,GAAG,KAAK,CAAC,MAAM,IAAI,CAAC,IAAI,kBAAkB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YACpE,UAAU,GAAG;gBACX,KAAK,EAAE,OAAO;gBACd,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC,oBAAoB,CAAC,CAAC,CAAC,mCAAmC;aAC7E,CAAC;QACJ,CAAC;QAED,MAAM,aAAa,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,MAAM,CAAC;QAC/E,MAAM,SAAS,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,MAAM,CAAC;QACvE,MAAM,OAAO,GAAG,IAAI,KAAK,SAAS,IAAI,CAAC,aAAa,GAAG,CAAC,IAAI,SAAS,GAAG,CAAC,CAAC,CAAC;QAE3E,MAAM,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,UAAU,EAAE,QAAQ,IAAI,CAAC,GAAG,EAAE,EAAE,EAAE;YACvD,MAAM;YACN,cAAc,EAAE,UAAU,CAAC,MAAM;YACjC,OAAO;YACP,IAAI;YACJ,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;SACtB,CAAC,CAAC;QAEH,OAAO;YACL,OAAO,EAAE,IAAI;YACb,IAAI,EAAE;gBACJ,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,KAAK,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,QAAQ;gBACtE,OAAO;gBACP,UAAU;gBACV,cAAc,EAAE,UAAU,CAAC,MAAM;gBACjC,IAAI,EAAE,UAAU;gBAChB,eAAe,EAAE,cAAc,CAAC,MAAM;gBACtC,SAAS,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,aAAa,GAAG,GAAG,GAAG,SAAS,GAAG,GAAG,GAAG,UAAU,CAAC,MAAM,GAAG,GAAG,CAAC,CAAC;gBACzF,OAAO,EAAE,OAAO;oBACd,CAAC,CAAC,YAAY,aAAa,cAAc,SAAS,2BAA2B;oBAC7E,CAAC,CAAC,UAAU,CAAC,MAAM,KAAK,CAAC;wBACvB,CAAC,CAAC,iCAAiC;wBACnC,CAAC,CAAC,eAAe,UAAU,CAAC,MAAM,wCAAwC;aAC/E;YACD,QAAQ,EAAE;gBACR,IAAI;gBACJ,OAAO;gBACP,WAAW,EAAE,GAAG,CAAC,QAAQ,CAAC,WAAW;gBACrC,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;aACtB;SACF,CAAC;IACJ,CAAC;CACF,CAAC"}

package/dist/tools/security/threat_mapper.d.ts

@@ -0,0 +1,2 @@
+import type { ToolDefinition } from '../../types.js';
+export declare const threatMapperTool: ToolDefinition;

package/dist/tools/security/threat_mapper.js

@@ -0,0 +1,102 @@
+const STRIDE_CATEGORIES = [
+    { id: 'S', name: 'Spoofing', description: 'Impersonating someone or something else', baseRisk: 0.6 },
+    { id: 'T', name: 'Tampering', description: 'Modifying data or code', baseRisk: 0.7 },
+    { id: 'R', name: 'Repudiation', description: 'Denying having performed an action', baseRisk: 0.4 },
+    { id: 'I', name: 'Information Disclosure', description: 'Exposing protected data', baseRisk: 0.8 },
+    { id: 'D', name: 'Denial of Service', description: 'Disrupting service availability', baseRisk: 0.5 },
+    { id: 'E', name: 'Elevation of Privilege', description: 'Gaining unauthorized access', baseRisk: 0.75 },
+];
+const THREAT_PATTERNS = [
+    { keyword: 'auth', threat: 'Authentication bypass via weak credentials', category: 'S', severity: 0.7 },
+    { keyword: 'session', threat: 'Session hijacking or fixation', category: 'S', severity: 0.65 },
+    { keyword: 'token', threat: 'Token theft or replay attacks', category: 'S', severity: 0.6 },
+    { keyword: 'upload', threat: 'Malicious file upload leading to RCE', category: 'E', severity: 0.85 },
+    { keyword: 'api', threat: 'Unrestricted API endpoint abuse', category: 'D', severity: 0.55 },
+    { keyword: 'database', threat: 'Database injection and data exfiltration', category: 'T', severity: 0.8 },
+    { keyword: 'cache', threat: 'Cache poisoning or data leakage', category: 'R', severity: 0.45 },
+    { keyword: 'log', threat: 'Log injection or sensitive data in logs', category: 'R', severity: 0.5 },
+    { keyword: 'config', threat: 'Configuration-based privilege escalation', category: 'E', severity: 0.6 },
+    { keyword: 'network', threat: 'Network-level eavesdropping or MitM', category: 'I', severity: 0.75 },
+];
+export const threatMapperTool = {
+    id: 'threat_mapper',
+    name: 'Threat Mapper',
+    description: 'STRIDE-based threat modeling and attack surface analysis. Maps system descriptions to threat categories, identifies attack vectors, and recommends mitigations.',
+    inputSchema: {
+        systemDescription: { type: 'string', description: 'Description of the system, architecture, or component to analyze' },
+        focus: { type: 'string', description: 'STRIDE focus areas: S,T,R,I,D,E or all (default)' },
+        context: { type: 'string', description: 'Deployment context (cloud, on-prem, hybrid, web, mobile)' },
+    },
+    category: 'cognitive',
+    handler: async (params, ctx) => {
+        const description = String(params.systemDescription || '');
+        const focusInput = String(params.focus || 'STRIDE');
+        const context = String(params.context || 'general');
+        if (!description) {
+            return { success: false, data: null, error: 'System description is required' };
+        }
+        const focusAreas = focusInput === 'STRIDE' || focusInput === 'all'
+            ? STRIDE_CATEGORIES
+            : STRIDE_CATEGORIES.filter(s => focusInput.includes(s.id));
+        const lowerDesc = description.toLowerCase();
+        const matchedThreats = THREAT_PATTERNS
+            .filter(t => lowerDesc.includes(t.keyword))
+            .map(t => ({
+            ...t,
+            confidence: 0.5 + (Math.random() * 0.4),
+            mitigation: generateMitigation(t),
+        }));
+        const strideAnalysis = focusAreas.map(stride => {
+            const relatedThreats = matchedThreats.filter(t => t.category === stride.id);
+            const riskLevel = relatedThreats.length > 0
+                ? Math.max(stride.baseRisk, ...relatedThreats.map(t => t.severity))
+                : stride.baseRisk * 0.5;
+            return {
+                category: `${stride.id}: ${stride.name}`,
+                description: stride.description,
+                threatCount: relatedThreats.length,
+                riskScore: parseFloat(riskLevel.toFixed(3)),
+                riskLevel: riskLevel >= 0.7 ? 'HIGH' : riskLevel >= 0.4 ? 'MEDIUM' : 'LOW',
+                sampleThreats: relatedThreats.slice(0, 3),
+            };
+        });
+        const overallRisk = parseFloat((strideAnalysis.reduce((sum, s) => sum + s.riskScore, 0) / strideAnalysis.length).toFixed(3));
+        const criticalCategories = strideAnalysis.filter(s => s.riskLevel === 'HIGH');
+        await ctx.memory.store('threat', `map-${Date.now()}`, {
+            context,
+            threatCount: matchedThreats.length,
+            overallRisk,
+            criticalCount: criticalCategories.length,
+        });
+        return {
+            success: true,
+            data: {
+                systemContext: context,
+                overallRiskScore: overallRisk,
+                overallRiskLevel: overallRisk >= 0.7 ? 'CRITICAL' : overallRisk >= 0.4 ? 'ELEVATED' : 'NORMAL',
+                strideAnalysis,
+                threatsDetected: matchedThreats.length,
+                criticalAreas: criticalCategories.map(c => c.category),
+                recommendedActions: criticalCategories.map(c => `Prioritize ${c.category} — implement ${c.category.split(':')[0] === 'I' ? 'encryption and access controls' : 'input validation and monitoring'}`),
+            },
+            metadata: {
+                matchedThreats: matchedThreats.length,
+                categories: focusAreas.length,
+                sovereignty: ctx.identity.sovereignty,
+            },
+        };
+    },
+};
+function generateMitigation(threat) {
+    const mitigations = {
+        S: ['Implement multi-factor authentication', 'Use cryptographic identity verification', 'Deploy session management with rotation'],
+        T: ['Apply integrity checks (checksums, signatures)', 'Use parameterized queries', 'Implement audit logging'],
+        R: ['Enable comprehensive audit trails', 'Implement digital signatures', 'Use non-repudiation mechanisms'],
+        I: ['Encrypt data at rest and in transit', 'Apply least-privilege access', 'Implement data classification'],
+        D: ['Deploy rate limiting and throttling', 'Use auto-scaling and redundancy', 'Implement circuit breakers'],
+        E: ['Apply principle of least privilege', 'Regular permission audits', 'Implement RBAC with separation of duties'],
+    };
+    const cat = mitigations[threat.category] || mitigations['I'];
+    return cat[Math.floor(Math.random() * cat.length)];
+}
+//# sourceMappingURL=threat_mapper.js.map

package/dist/tools/security/threat_mapper.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"threat_mapper.js","sourceRoot":"","sources":["../../../src/tools/security/threat_mapper.ts"],"names":[],"mappings":"AAEA,MAAM,iBAAiB,GAAG;IACxB,EAAE,EAAE,EAAE,GAAG,EAAE,IAAI,EAAE,UAAU,EAAE,WAAW,EAAE,yCAAyC,EAAE,QAAQ,EAAE,GAAG,EAAE;IACpG,EAAE,EAAE,EAAE,GAAG,EAAE,IAAI,EAAE,WAAW,EAAE,WAAW,EAAE,wBAAwB,EAAE,QAAQ,EAAE,GAAG,EAAE;IACpF,EAAE,EAAE,EAAE,GAAG,EAAE,IAAI,EAAE,aAAa,EAAE,WAAW,EAAE,oCAAoC,EAAE,QAAQ,EAAE,GAAG,EAAE;IAClG,EAAE,EAAE,EAAE,GAAG,EAAE,IAAI,EAAE,wBAAwB,EAAE,WAAW,EAAE,yBAAyB,EAAE,QAAQ,EAAE,GAAG,EAAE;IAClG,EAAE,EAAE,EAAE,GAAG,EAAE,IAAI,EAAE,mBAAmB,EAAE,WAAW,EAAE,iCAAiC,EAAE,QAAQ,EAAE,GAAG,EAAE;IACrG,EAAE,EAAE,EAAE,GAAG,EAAE,IAAI,EAAE,wBAAwB,EAAE,WAAW,EAAE,6BAA6B,EAAE,QAAQ,EAAE,IAAI,EAAE;CACxG,CAAC;AAEF,MAAM,eAAe,GAAmF;IACtG,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,4CAA4C,EAAE,QAAQ,EAAE,GAAG,EAAE,QAAQ,EAAE,GAAG,EAAE;IACvG,EAAE,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,+BAA+B,EAAE,QAAQ,EAAE,GAAG,EAAE,QAAQ,EAAE,IAAI,EAAE;IAC9F,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,+BAA+B,EAAE,QAAQ,EAAE,GAAG,EAAE,QAAQ,EAAE,GAAG,EAAE;IAC3F,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,sCAAsC,EAAE,QAAQ,EAAE,GAAG,EAAE,QAAQ,EAAE,IAAI,EAAE;IACpG,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,iCAAiC,EAAE,QAAQ,EAAE,GAAG,EAAE,QAAQ,EAAE,IAAI,EAAE;IAC5F,EAAE,OAAO,EAAE,UAAU,EAAE,MAAM,EAAE,0CAA0C,EAAE,QAAQ,EAAE,GAAG,EAAE,QAAQ,EAAE,GAAG,EAAE;IACzG,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,iCAAiC,EAAE,QAAQ,EAAE,GAAG,EAAE,QAAQ,EAAE,IAAI,EAAE;IAC9F,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,yCAAyC,EAAE,QAAQ,EAAE,GAAG,EAAE,QAAQ,EAAE,GAAG,EAAE;IACnG,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,0CAA0C,EAAE,QAAQ,EAAE,GAAG,EAAE,QAAQ,EAAE,GAAG,EAAE;IACvG,EAAE,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,qCAAqC,EAAE,QAAQ,EAAE,GAAG,EAAE,QAAQ,EAAE,IAAI,EAAE;CACrG,CAAC;AAEF,MAAM,CAAC,MAAM,gBAAgB,GAAmB;IAC9C,EAAE,EAAE,eAAe;IACnB,IAAI,EAAE,eAAe;IACrB,WAAW,EAAE,iKAAiK;IAC9K,WAAW,EAAE;QACX,iBAAiB,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,kEAAkE,EAAE;QACtH,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,kDAAkD,EAAE;QAC1F,OAAO,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,0DAA0D,EAAE;KACrG;IACD,QAAQ,EAAE,WAAW;IACrB,OAAO,EAAE,KAAK,EAAE,MAA+B,EAAE,GAAgB,EAAuB,EAAE;QACxF,MAAM,WAAW,GAAG,MAAM,CAAC,MAAM,CAAC,iBAAiB,IAAI,EAAE,CAAC,CAAC;QAC3D,MAAM,UAAU,GAAG,MAAM,CAAC,MAAM,CAAC,KAAK,IAAI,QAAQ,CAAC,CAAC;QACpD,MAAM,OAAO,GAAG,MAAM,CAAC,MAAM,CAAC,OAAO,IAAI,SAAS,CAAC,CAAC;QAEpD,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,gCAAgC,EAAE,CAAC;QACjF,CAAC;QAED,MAAM,UAAU,GAAG,UAAU,KAAK,QAAQ,IAAI,UAAU,KAAK,KAAK;YAChE,CAAC,CAAC,iBAAiB;YACnB,CAAC,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QAE7D,MAAM,SAAS,GAAG,WAAW,CAAC,WAAW,EAAE,CAAC;QAC5C,MAAM,cAAc,GAAG,eAAe;aACnC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;aAC1C,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;YACT,GAAG,CAAC;YACJ,UAAU,EAAE,GAAG,GAAG,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,GAAG,CAAC;YACvC,UAAU,EAAE,kBAAkB,CAAC,CAAC,CAAC;SAClC,CAAC,CAAC,CAAC;QAEN,MAAM,cAAc,GAAG,UAAU,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE;YAC7C,MAAM,cAAc,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,EAAE,CAAC,CAAC;YAC5E,MAAM,SAAS,GAAG,cAAc,CAAC,MAAM,GAAG,CAAC;gBACzC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,QAAQ,EAAE,GAAG,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;gBACnE,CAAC,CAAC,MAAM,CAAC,QAAQ,GAAG,GAAG,CAAC;YAC1B,OAAO;gBACL,QAAQ,EAAE,GAAG,MAAM,CAAC,EAAE,KAAK,MAAM,CAAC,IAAI,EAAE;gBACxC,WAAW,EAAE,MAAM,CAAC,WAAW;gBAC/B,WAAW,EAAE,cAAc,CAAC,MAAM;gBAClC,SAAS,EAAE,UAAU,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;gBAC3C,SAAS,EAAE,SAAS,IAAI,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,IAAI,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK;gBAC1E,aAAa,EAAE,cAAc,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC;aAC1C,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,MAAM,WAAW,GAAG,UAAU,CAC5B,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,SAAS,EAAE,CAAC,CAAC,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAC7F,CAAC;QAEF,MAAM,kBAAkB,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,KAAK,MAAM,CAAC,CAAC;QAE9E,MAAM,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,QAAQ,EAAE,OAAO,IAAI,CAAC,GAAG,EAAE,EAAE,EAAE;YACpD,OAAO;YACP,WAAW,EAAE,cAAc,CAAC,MAAM;YAClC,WAAW;YACX,aAAa,EAAE,kBAAkB,CAAC,MAAM;SACzC,CAAC,CAAC;QAEH,OAAO;YACL,OAAO,EAAE,IAAI;YACb,IAAI,EAAE;gBACJ,aAAa,EAAE,OAAO;gBACtB,gBAAgB,EAAE,WAAW;gBAC7B,gBAAgB,EAAE,WAAW,IAAI,GAAG,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,WAAW,IAAI,GAAG,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,QAAQ;gBAC9F,cAAc;gBACd,eAAe,EAAE,cAAc,CAAC,MAAM;gBACtC,aAAa,EAAE,kBAAkB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC;gBACtD,kBAAkB,EAAE,kBAAkB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAC7C,cAAc,CAAC,CAAC,QAAQ,gBAAgB,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC,gCAAgC,CAAC,CAAC,CAAC,iCAAiC,EAAE,CAClJ;aACF;YACD,QAAQ,EAAE;gBACR,cAAc,EAAE,cAAc,CAAC,MAAM;gBACrC,UAAU,EAAE,UAAU,CAAC,MAAM;gBAC7B,WAAW,EAAE,GAAG,CAAC,QAAQ,CAAC,WAAW;aACtC;SACF,CAAC;IACJ,CAAC;CACF,CAAC;AAEF,SAAS,kBAAkB,CAAC,MAA4C;IACtE,MAAM,WAAW,GAA6B;QAC5C,CAAC,EAAE,CAAC,uCAAuC,EAAE,yCAAyC,EAAE,yCAAyC,CAAC;QAClI,CAAC,EAAE,CAAC,gDAAgD,EAAE,2BAA2B,EAAE,yBAAyB,CAAC;QAC7G,CAAC,EAAE,CAAC,mCAAmC,EAAE,8BAA8B,EAAE,gCAAgC,CAAC;QAC1G,CAAC,EAAE,CAAC,qCAAqC,EAAE,8BAA8B,EAAE,+BAA+B,CAAC;QAC3G,CAAC,EAAE,CAAC,qCAAqC,EAAE,iCAAiC,EAAE,4BAA4B,CAAC;QAC3G,CAAC,EAAE,CAAC,oCAAoC,EAAE,2BAA2B,EAAE,0CAA0C,CAAC;KACnH,CAAC;IACF,MAAM,GAAG,GAAG,WAAW,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,WAAW,CAAC,GAAG,CAAC,CAAC;IAC7D,OAAO,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC;AACrD,CAAC"}

package/dist/types.d.ts

@@ -0,0 +1,125 @@
+export type HostType = 'ide' | 'database' | 'cms' | 'cli' | 'api' | 'generic';
+export type HostCapability = 'filesystem' | 'database' | 'network' | 'editor' | 'terminal' | 'http-server' | 'websocket' | 'mcp-client' | 'llm-api' | 'search' | 'authentication';
+export interface HostProfile {
+    type: HostType;
+    name: string;
+    version?: string;
+    capabilities: HostCapability[];
+    metadata?: Record<string, string>;
+}
+export interface SovereigntyConfig {
+    hostId: string;
+    hostName: string;
+    hostKey?: string;
+    permissions?: SovereigntyPermission[];
+}
+export interface SovereigntyPermission {
+    resource: string;
+    actions: ('read' | 'write' | 'execute' | 'admin')[];
+    maxWeight: number;
+}
+export interface IdentityClaims {
+    actorId: string;
+    actorType: 'host' | 'user' | 'agent' | 'kit-internal';
+    sovereignty: number;
+    permissions: string[];
+}
+export interface MemoryProvider {
+    readonly name: string;
+    connect(): Promise<void>;
+    disconnect(): Promise<void>;
+    store(record: Omit<MemoryRecord, 'id' | 'timestamp'>): Promise<MemoryRecord>;
+    recall(query: MemoryQuery): Promise<MemoryRecord[]>;
+    delete(namespace: string, key: string): Promise<boolean>;
+    clear(namespace?: string): Promise<void>;
+}
+export interface KitConfig {
+    host: import('./host/HostAdapter.js').HostAdapter | HostProfile;
+    storage?: StorageConfig;
+    sovereignty?: SovereigntyConfig;
+    transport?: TransportConfig;
+    tools?: {
+        autoLoad?: boolean;
+        additional?: ToolDefinition[];
+    };
+    logging?: {
+        level?: 'debug' | 'info' | 'warn' | 'error';
+        silent?: boolean;
+    };
+}
+export interface StorageConfig {
+    type: 'sqlite' | 'memory' | 'file';
+    path?: string;
+}
+export interface TransportConfig {
+    type: 'stdio' | 'sse' | 'direct';
+    port?: number;
+}
+export interface ToolDefinition {
+    id: string;
+    name: string;
+    description: string;
+    inputSchema: Record<string, unknown>;
+    handler: ToolHandler;
+    category?: 'cognitive' | 'host' | 'memory' | 'system';
+    sovereignty?: number;
+}
+export type ToolHandler = (params: Record<string, unknown>, context: ToolContext) => Promise<ToolResult>;
+export interface ToolContext {
+    identity: IdentityClaims;
+    host: HostProfile;
+    memory: import('./memory/MemoryManager.js').MemoryManager;
+    abortSignal?: AbortSignal;
+}
+export interface ToolResult {
+    success: boolean;
+    data: unknown;
+    error?: string;
+    metadata?: Record<string, unknown>;
+    sovereignty?: number;
+}
+export interface MemoryRecord {
+    id: string;
+    namespace: string;
+    key: string;
+    value: unknown;
+    timestamp: number;
+    metadata?: Record<string, unknown>;
+}
+export interface MemoryQuery {
+    namespace?: string;
+    key?: string;
+    search?: string;
+    limit?: number;
+    offset?: number;
+}
+export interface SkillDefinition {
+    id: string;
+    name: string;
+    description: string;
+    category: string;
+    triggers: string[];
+    proficiency: number;
+    source: 'built-in' | 'forged';
+    toolsRequired: string[];
+}
+export interface AgencyDefinition {
+    id: string;
+    name: string;
+    description: string;
+    tools: string[];
+    orchestration: 'sequential' | 'parallel' | 'adaptive';
+    sovereignty: number;
+}
+export interface MCPMessage {
+    jsonrpc: '2.0';
+    id?: string | number;
+    method?: string;
+    params?: Record<string, unknown>;
+    result?: unknown;
+    error?: {
+        code: number;
+        message: string;
+        data?: unknown;
+    };
+}

package/dist/types.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=types.js.map

package/dist/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":""}

package/package.json

@@ -0,0 +1,81 @@
+{
+  "name": "cognitive-kit",
+  "version": "1.0.0-alpha.1",
+  "description": "Pluggable cognitive layer — port of GCS v15.3 as an embeddable MCP cognitive kit. Provides reasoning, research, planning, creativity, reflection, security, knowledge, analysis, agency orchestration, and adaptive pipelines via MCP protocol.",
+  "type": "module",
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js"
+    }
+  },
+  "typesVersions": {
+    "*": {
+      "sql.js": ["./types/sql.js.d.ts"]
+    }
+  },
+  "bin": {
+    "cognitive-kit": "./cli-wrapper.cjs"
+  },
+  "files": [
+    "dist",
+    "types",
+    "cli-wrapper.cjs",
+    "README.md",
+    "LICENSE"
+  ],
+  "engines": {
+    "node": ">=20.0.0"
+  },
+  "scripts": {
+    "build": "tsc -p tsconfig.json",
+    "dev": "tsc --watch -p tsconfig.json",
+    "test": "node --experimental-vm-modules --test dist/tests/",
+    "start": "node dist/cli.js",
+    "prepublishOnly": "npm run build"
+  },
+  "publishConfig": {
+    "access": "public"
+  },
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/GaboBase/TODO-Cognitive.git",
+    "directory": "packages/cognitive-kit"
+  },
+  "bugs": {
+    "url": "https://github.com/GaboBase/TODO-Cognitive/issues"
+  },
+  "homepage": "https://github.com/GaboBase/TODO-Cognitive/tree/main/packages/cognitive-kit",
+  "keywords": [
+    "mcp",
+    "model-context-protocol",
+    "cognitive",
+    "ai",
+    "agent",
+    "orchestration",
+    "reasoning",
+    "research",
+    "planning",
+    "sentiment",
+    "security",
+    "ethics",
+    "knowledge-graph",
+    "memory",
+    "swarm",
+    "agency",
+    "skill-forging",
+    "guardian",
+    "sovereignty"
+  ],
+  "author": "GaboBase (Leirbag) <agabriel.js@gmail.com>",
+  "license": "MIT",
+  "dependencies": {
+    "sql.js": "^1.11.0"
+  },
+  "devDependencies": {
+    "@types/node": "^24.0.0",
+    "typescript": "^5.8.2"
+  }
+}

package/types/sql.js.d.ts

@@ -0,0 +1,22 @@
+declare module 'sql.js' {
+  interface SqlJsStatic {
+    Database: new (data?: ArrayLike<number> | Buffer | null) => Database;
+  }
+
+  interface Statement {
+    bind(params?: any[]): boolean;
+    step(): boolean;
+    getAsObject(params?: object): any;
+    free(): boolean;
+  }
+
+  interface Database {
+    run(sql: string, params?: any[]): Database;
+    exec(sql: string): any[];
+    prepare(sql: string): Statement;
+    export(): Uint8Array;
+    close(): void;
+  }
+
+  export default function initSqlJs(config?: any): Promise<SqlJsStatic>;
+}