npm - devarmor - Versions diffs - 1.0.0 - Mend

devarmor 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (51) hide show

package/LICENSE +21 -0
package/README.md +35 -0
package/dist/cli.d.ts +3 -0
package/dist/cli.d.ts.map +1 -0
package/dist/cli.js +140 -0
package/dist/cli.js.map +1 -0
package/dist/index.d.ts +3 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +13 -0
package/dist/index.js.map +1 -0
package/dist/modules/agent-residue.d.ts +11 -0
package/dist/modules/agent-residue.d.ts.map +1 -0
package/dist/modules/agent-residue.js +283 -0
package/dist/modules/agent-residue.js.map +1 -0
package/dist/modules/mcp-auditor.d.ts +12 -0
package/dist/modules/mcp-auditor.d.ts.map +1 -0
package/dist/modules/mcp-auditor.js +290 -0
package/dist/modules/mcp-auditor.js.map +1 -0
package/dist/modules/posture-checker.d.ts +11 -0
package/dist/modules/posture-checker.d.ts.map +1 -0
package/dist/modules/posture-checker.js +315 -0
package/dist/modules/posture-checker.js.map +1 -0
package/dist/modules/secret-scanner.d.ts +11 -0
package/dist/modules/secret-scanner.d.ts.map +1 -0
package/dist/modules/secret-scanner.js +321 -0
package/dist/modules/secret-scanner.js.map +1 -0
package/dist/modules/skill-scanner.d.ts +12 -0
package/dist/modules/skill-scanner.d.ts.map +1 -0
package/dist/modules/skill-scanner.js +294 -0
package/dist/modules/skill-scanner.js.map +1 -0
package/dist/report/html.d.ts +6 -0
package/dist/report/html.d.ts.map +1 -0
package/dist/report/html.js +116 -0
package/dist/report/html.js.map +1 -0
package/dist/report/json.d.ts +9 -0
package/dist/report/json.d.ts.map +1 -0
package/dist/report/json.js +69 -0
package/dist/report/json.js.map +1 -0
package/dist/report/terminal.d.ts +6 -0
package/dist/report/terminal.d.ts.map +1 -0
package/dist/report/terminal.js +162 -0
package/dist/report/terminal.js.map +1 -0
package/dist/scanner.d.ts +9 -0
package/dist/scanner.d.ts.map +1 -0
package/dist/scanner.js +145 -0
package/dist/scanner.js.map +1 -0
package/dist/types.d.ts +91 -0
package/dist/types.d.ts.map +1 -0
package/dist/types.js +17 -0
package/dist/types.js.map +1 -0
package/package.json +50 -0

package/LICENSE ADDED Viewed

@@ -0,0 +1,21 @@
+MIT License
+Copyright (c) 2026 amaju
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md ADDED Viewed

@@ -0,0 +1,35 @@
+# DevArmor
+**One CLI command to secure your entire AI-powered developer workstation.**
+DevArmor is an integrated security scanner built specifically for modern developer workflows involving autonomous AI agents, Local LLMs, and Model Context Protocol (MCP) integrations. It identifies secrets, agent residue, overly permissive skills, and workstation misconfigurations.
+## Installation
+```bash
+npm install -g devarmor
+```
+## Features
+- **SecretScanner**: Detects hardcoded API keys, tokens, and credentials.
+- **AgentResidueScanner**: Finds leftover artifacts from AI agent sessions.
+- **MCPAuditor**: Analyzes your MCP configuration for security risks.
+- **SkillScanner**: Inspects agent skills for dangerous permissions.
+- **PostureChecker**: Validates your overall workstation security posture.
+## Usage
+Run a full security scan on your current directory:
+```bash
+devarmor scan .
+```
+Generate an HTML report:
+```bash
+devarmor scan . --report html
+```
+## License
+MIT

package/dist/cli.d.ts ADDED Viewed

@@ -0,0 +1,3 @@
+/** Sets up and runs the CLI. */
+export declare function cli(): Promise<void>;
+//# sourceMappingURL=cli.d.ts.map

package/dist/cli.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"cli.d.ts","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":"AA4DA,gCAAgC;AAChC,wBAAsB,GAAG,IAAI,OAAO,CAAC,IAAI,CAAC,CAiEzC"}

package/dist/cli.js ADDED Viewed

@@ -0,0 +1,140 @@
+"use strict";
+// ============================================================
+// DevArmor — CLI Interface
+// One CLI command to secure your AI-powered developer workstation.
+// ============================================================
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.cli = cli;
+const commander_1 = require("commander");
+const scanner_1 = require("./scanner");
+const terminal_1 = require("./report/terminal");
+const json_1 = require("./report/json");
+const html_1 = require("./report/html");
+/** Dynamic import helper for ESM-only chalk. */
+async function getChalk() { return (await Promise.resolve().then(() => __importStar(require('chalk')))).default; }
+/** Valid module names for --modules flag validation. */
+const VALID_MODULES = [
+    'SecretScanner',
+    'AgentResidueScanner',
+    'MCPAuditor',
+    'SkillScanner',
+    'PostureChecker',
+];
+/** Prints the ASCII art banner. */
+async function printBanner() {
+    const chalk = await getChalk();
+    const banner = `
+${chalk.cyan.bold('  ╔══════════════════════════════════════════════╗')}
+${chalk.cyan.bold('  ║')}${chalk.white.bold('  ██████╗ ███████╗██╗   ██╗ █████╗ ██████╗  ')}${chalk.cyan.bold('║')}
+${chalk.cyan.bold('  ║')}${chalk.white.bold('  ██╔══██╗██╔════╝██║   ██║██╔══██╗██╔══██╗ ')}${chalk.cyan.bold('║')}
+${chalk.cyan.bold('  ║')}${chalk.white.bold('  ██║  ██║█████╗  ██║   ██║███████║██████╔╝ ')}${chalk.cyan.bold('║')}
+${chalk.cyan.bold('  ║')}${chalk.white.bold('  ██║  ██║██╔══╝  ╚██╗ ██╔╝██╔══██║██╔══██╗ ')}${chalk.cyan.bold('║')}
+${chalk.cyan.bold('  ║')}${chalk.white.bold('  ██████╔╝███████╗ ╚████╔╝ ██║  ██║██║  ██║ ')}${chalk.cyan.bold('║')}
+${chalk.cyan.bold('  ║')}${chalk.white.bold('  ╚═════╝ ╚══════╝  ╚═══╝  ╚═╝  ╚═╝╚═╝  ╚═╝ ')}${chalk.cyan.bold('║')}
+${chalk.cyan.bold('  ║')}${chalk.yellow.bold('       ─── ARMOR ───────────────────────────')}${chalk.cyan.bold('║')}
+${chalk.cyan.bold('  ╚══════════════════════════════════════════════╝')}
+${chalk.dim('  One CLI command to secure your AI-powered workstation.')}
+${chalk.dim('  v1.0.0')}
+`;
+    console.log(banner);
+}
+/**
+ * Parses a comma-separated module list and validates module names.
+ */
+function parseModules(value) {
+    if (!value)
+        return [];
+    const names = value.split(',').map((s) => s.trim());
+    const invalid = names.filter((n) => !VALID_MODULES.includes(n));
+    if (invalid.length > 0) {
+        console.error(`Error: Unknown module(s): ${invalid.join(', ')}`);
+        console.error(`Valid modules: ${VALID_MODULES.join(', ')}`);
+        process.exit(1);
+    }
+    return names;
+}
+/** Sets up and runs the CLI. */
+async function cli() {
+    await printBanner();
+    const program = new commander_1.Command();
+    program
+        .name('devarmor')
+        .description('One CLI command to secure your entire AI-powered developer workstation.')
+        .version('1.0.0');
+    program
+        .command('scan')
+        .description('Scan your workstation for security issues')
+        .option('-p, --path <dir>', 'Root directory to scan', '.')
+        .option('-r, --report <format>', 'Report format: terminal, html, or json', 'terminal')
+        .option('-f, --fix', 'Attempt to auto-fix certain issues', false)
+        .option('-v, --verbose', 'Enable verbose logging', false)
+        .option('-m, --modules <list>', 'Comma-separated list of modules to run (e.g. SecretScanner,MCPAuditor)', '')
+        .action(async (opts) => {
+        const scanOptions = {
+            path: opts.path,
+            report: opts.report,
+            fix: opts.fix,
+            verbose: opts.verbose,
+            modules: parseModules(opts.modules),
+        };
+        // Validate report format
+        if (!['terminal', 'html', 'json'].includes(scanOptions.report)) {
+            console.error(`Error: Invalid report format "${scanOptions.report}". Use terminal, html, or json.`);
+            process.exit(1);
+        }
+        const report = await (0, scanner_1.runScan)(scanOptions);
+        // Render the requested report format
+        switch (scanOptions.report) {
+            case 'json':
+                await (0, json_1.renderJsonReport)(report);
+                break;
+            case 'html':
+                (0, html_1.generateHtmlReport)(report, 'devarmor-report.html');
+                console.log('\nHTML report generated at devarmor-report.html');
+                break;
+            case 'terminal':
+            default:
+                await (0, terminal_1.renderTerminalReport)(report);
+                break;
+        }
+        // Exit with non-zero code if critical findings exist
+        if (report.summary.critical > 0) {
+            process.exit(1);
+        }
+    });
+    await program.parseAsync(process.argv);
+}
+//# sourceMappingURL=cli.js.map

package/dist/cli.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"cli.js","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";AAAA,+DAA+D;AAC/D,2BAA2B;AAC3B,mEAAmE;AACnE,+DAA+D;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA0D/D,kBAiEC;AAzHD,yCAAoC;AACpC,uCAAoC;AACpC,gDAAyD;AACzD,wCAAiD;AACjD,wCAAmD;AAGnD,gDAAgD;AAChD,KAAK,UAAU,QAAQ,KAAK,OAAO,CAAC,wDAAa,OAAO,GAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC;AAErE,wDAAwD;AACxD,MAAM,aAAa,GAAiB;IAClC,eAAe;IACf,qBAAqB;IACrB,YAAY;IACZ,cAAc;IACd,gBAAgB;CACjB,CAAC;AAEF,mCAAmC;AACnC,KAAK,UAAU,WAAW;IACxB,MAAM,KAAK,GAAG,MAAM,QAAQ,EAAE,CAAC;IAE/B,MAAM,MAAM,GAAG;EACf,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,oDAAoD,CAAC;EACrE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,8CAA8C,CAAC,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC;EAChH,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,8CAA8C,CAAC,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC;EAChH,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,8CAA8C,CAAC,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC;EAChH,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,8CAA8C,CAAC,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC;EAChH,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,8CAA8C,CAAC,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC;EAChH,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,8CAA8C,CAAC,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC;EAChH,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,8CAA8C,CAAC,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC;EACjH,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,oDAAoD,CAAC;EACrE,KAAK,CAAC,GAAG,CAAC,0DAA0D,CAAC;EACrE,KAAK,CAAC,GAAG,CAAC,UAAU,CAAC;CACtB,CAAC;IAEA,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;AACtB,CAAC;AAED;;GAEG;AACH,SAAS,YAAY,CAAC,KAAa;IACjC,IAAI,CAAC,KAAK;QAAE,OAAO,EAAE,CAAC;IACtB,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;IACpD,MAAM,OAAO,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAe,CAAC,CAAC,CAAC;IAC9E,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACvB,OAAO,CAAC,KAAK,CAAC,6BAA6B,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACjE,OAAO,CAAC,KAAK,CAAC,kBAAkB,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAC5D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,OAAO,KAAqB,CAAC;AAC/B,CAAC;AAED,gCAAgC;AACzB,KAAK,UAAU,GAAG;IACvB,MAAM,WAAW,EAAE,CAAC;IAEpB,MAAM,OAAO,GAAG,IAAI,mBAAO,EAAE,CAAC;IAE9B,OAAO;SACJ,IAAI,CAAC,UAAU,CAAC;SAChB,WAAW,CAAC,yEAAyE,CAAC;SACtF,OAAO,CAAC,OAAO,CAAC,CAAC;IAEpB,OAAO;SACJ,OAAO,CAAC,MAAM,CAAC;SACf,WAAW,CAAC,2CAA2C,CAAC;SACxD,MAAM,CAAC,kBAAkB,EAAE,wBAAwB,EAAE,GAAG,CAAC;SACzD,MAAM,CACL,uBAAuB,EACvB,wCAAwC,EACxC,UAAU,CACX;SACA,MAAM,CAAC,WAAW,EAAE,oCAAoC,EAAE,KAAK,CAAC;SAChE,MAAM,CAAC,eAAe,EAAE,wBAAwB,EAAE,KAAK,CAAC;SACxD,MAAM,CACL,sBAAsB,EACtB,wEAAwE,EACxE,EAAE,CACH;SACA,MAAM,CAAC,KAAK,EAAE,IAAI,EAAE,EAAE;QACrB,MAAM,WAAW,GAAgB;YAC/B,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,MAAM,EAAE,IAAI,CAAC,MAA+B;YAC5C,GAAG,EAAE,IAAI,CAAC,GAAG;YACb,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,OAAO,EAAE,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC;SACpC,CAAC;QAEF,yBAAyB;QACzB,IAAI,CAAC,CAAC,UAAU,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,MAAM,CAAC,EAAE,CAAC;YAC/D,OAAO,CAAC,KAAK,CAAC,iCAAiC,WAAW,CAAC,MAAM,iCAAiC,CAAC,CAAC;YACpG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,IAAA,iBAAO,EAAC,WAAW,CAAC,CAAC;QAE1C,qCAAqC;QACrC,QAAQ,WAAW,CAAC,MAAM,EAAE,CAAC;YAC3B,KAAK,MAAM;gBACT,MAAM,IAAA,uBAAgB,EAAC,MAAM,CAAC,CAAC;gBAC/B,MAAM;YACR,KAAK,MAAM;gBACT,IAAA,yBAAkB,EAAC,MAAM,EAAE,sBAAsB,CAAC,CAAC;gBACnD,OAAO,CAAC,GAAG,CAAC,iDAAiD,CAAC,CAAC;gBAC/D,MAAM;YACR,KAAK,UAAU,CAAC;YAChB;gBACE,MAAM,IAAA,+BAAoB,EAAC,MAAM,CAAC,CAAC;gBACnC,MAAM;QACV,CAAC;QAED,qDAAqD;QACrD,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,GAAG,CAAC,EAAE,CAAC;YAChC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC,CAAC,CAAC;IAEL,MAAM,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;AACzC,CAAC"}

package/dist/index.d.ts ADDED Viewed

@@ -0,0 +1,3 @@
+#!/usr/bin/env node
+export {};
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":""}

package/dist/index.js ADDED Viewed

@@ -0,0 +1,13 @@
+#!/usr/bin/env node
+"use strict";
+// ============================================================
+// DevArmor — Entry Point
+// One CLI command to secure your AI-powered developer workstation.
+// ============================================================
+Object.defineProperty(exports, "__esModule", { value: true });
+const cli_1 = require("./cli");
+(0, cli_1.cli)().catch((err) => {
+    console.error('Fatal error:', err);
+    process.exit(1);
+});
+//# sourceMappingURL=index.js.map

package/dist/index.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;AACA,+DAA+D;AAC/D,yBAAyB;AACzB,mEAAmE;AACnE,+DAA+D;;AAE/D,+BAA4B;AAE5B,IAAA,SAAG,GAAE,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;IAClB,OAAO,CAAC,KAAK,CAAC,cAAc,EAAE,GAAG,CAAC,CAAC;IACnC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}

package/dist/modules/agent-residue.d.ts ADDED Viewed

@@ -0,0 +1,11 @@
+import { ScannerModule, ModuleResult, ScanOptions } from '../types';
+/**
+ * AgentResidueScanner — Detects credentials leaked in AI agent
+ * conversation history, config files, and cache directories.
+ */
+export declare class AgentResidueScanner implements ScannerModule {
+    name: "AgentResidueScanner";
+    label: string;
+    scan(options: ScanOptions): Promise<ModuleResult>;
+}
+//# sourceMappingURL=agent-residue.d.ts.map

package/dist/modules/agent-residue.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"agent-residue.d.ts","sourceRoot":"","sources":["../../src/modules/agent-residue.ts"],"names":[],"mappings":"AAQA,OAAO,EACL,aAAa,EACb,YAAY,EAEZ,WAAW,EAEZ,MAAM,UAAU,CAAC;AA0HlB;;;GAGG;AACH,qBAAa,mBAAoB,YAAW,aAAa;IACvD,IAAI,EAAG,qBAAqB,CAAU;IACtC,KAAK,SAA8B;IAE7B,IAAI,CAAC,OAAO,EAAE,WAAW,GAAG,OAAO,CAAC,YAAY,CAAC;CA8HxD"}

package/dist/modules/agent-residue.js ADDED Viewed

@@ -0,0 +1,283 @@
+"use strict";
+// ============================================================
+// DevArmor — Agent Residue Scanner Module
+// Scans AI agent history directories for leaked credentials.
+// ============================================================
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AgentResidueScanner = void 0;
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+const os = __importStar(require("os"));
+const types_1 = require("../types");
+/** Known AI agent directories relative to user home. */
+const AGENT_DIRS = [
+    { name: 'Claude Code', dir: '.claude' },
+    { name: 'Cursor', dir: '.cursor' },
+    { name: 'Codex (OpenAI)', dir: '.codex' },
+    { name: 'Gemini (Google)', dir: '.gemini' },
+    { name: 'GitHub Copilot', dir: '.github-copilot' },
+    { name: 'Windsurf', dir: '.windsurf' },
+    { name: 'Aider', dir: '.aider' },
+    { name: 'Continue', dir: '.continue' },
+];
+/** Sensitive file patterns within agent directories. */
+const SENSITIVE_FILE_PATTERNS = [
+    'config.json',
+    'auth.json',
+    'credentials.json',
+    'mcp.json',
+    'settings.json',
+    'claude_desktop_config.json',
+];
+/** Patterns that indicate credential leakage in conversation logs. */
+const RESIDUE_PATTERNS = [
+    {
+        id: 'api-key-in-log',
+        label: 'API Key in Conversation Log',
+        regex: /(?:sk-[A-Za-z0-9_-]{20,}|sk-ant-[A-Za-z0-9_-]{20,}|AIza[A-Za-z0-9_-]{35}|AKIA[0-9A-Z]{16}|ghp_[A-Za-z0-9]{36,})/g,
+        severity: types_1.Severity.CRITICAL,
+        remediation: 'Clear agent history and rotate any exposed keys immediately',
+    },
+    {
+        id: 'env-var-in-log',
+        label: 'Environment Variable Value in Log',
+        regex: /(?:API_KEY|SECRET_KEY|ACCESS_TOKEN|AUTH_TOKEN|DATABASE_URL|PRIVATE_KEY)\s*[=:]\s*["']?[A-Za-z0-9_/+=.-]{10,}/gi,
+        severity: types_1.Severity.HIGH,
+        remediation: 'Rotate the exposed credential and clear agent conversation history',
+    },
+    {
+        id: 'password-in-log',
+        label: 'Password Leaked in Conversation',
+        regex: /(?:password|passwd|pwd)\s*[=:]\s*["'][^"']{6,}["']/gi,
+        severity: types_1.Severity.HIGH,
+        remediation: 'Change the password immediately and clear agent history',
+    },
+    {
+        id: 'connection-string-in-log',
+        label: 'Database Connection String in Log',
+        regex: /(?:postgres|mongodb|mysql|redis):\/\/[^:]+:[^@]+@[^\s"']+/gi,
+        severity: types_1.Severity.HIGH,
+        remediation: 'Rotate database credentials and clear agent history',
+    },
+    {
+        id: 'private-key-in-log',
+        label: 'Private Key Material in Log',
+        regex: /-----BEGIN (?:RSA |EC |DSA |OPENSSH )?PRIVATE KEY-----/g,
+        severity: types_1.Severity.CRITICAL,
+        remediation: 'Regenerate the keypair immediately — the private key is compromised',
+    },
+    {
+        id: 'jwt-in-log',
+        label: 'JWT Token in Conversation Log',
+        regex: /eyJ[A-Za-z0-9_-]{10,}\.eyJ[A-Za-z0-9_-]{10,}\.[A-Za-z0-9_-]{10,}/g,
+        severity: types_1.Severity.MEDIUM,
+        remediation: 'Verify if the JWT is still valid and revoke if necessary',
+    },
+];
+/** Maximum file size to scan (5MB — logs can be large). */
+const MAX_LOG_SIZE = 5 * 1024 * 1024;
+/**
+ * Redacts sensitive content for safe display.
+ */
+function redact(value) {
+    if (value.length <= 12)
+        return '****';
+    return value.substring(0, 4) + '****' + value.substring(value.length - 4);
+}
+/**
+ * Recursively find files in a directory (shallow depth for logs).
+ */
+function findFiles(dir, maxDepth = 4, currentDepth = 0) {
+    const results = [];
+    if (currentDepth > maxDepth || !fs.existsSync(dir))
+        return results;
+    let entries;
+    try {
+        entries = fs.readdirSync(dir, { withFileTypes: true });
+    }
+    catch {
+        return results;
+    }
+    for (const entry of entries) {
+        const fullPath = path.join(dir, entry.name);
+        if (entry.isDirectory()) {
+            // Skip very deep or large directories
+            if (entry.name !== 'node_modules' && entry.name !== '.git') {
+                results.push(...findFiles(fullPath, maxDepth, currentDepth + 1));
+            }
+        }
+        else if (entry.isFile()) {
+            const ext = path.extname(entry.name).toLowerCase();
+            if (['.json', '.jsonl', '.log', '.txt', '.yaml', '.yml', '.toml'].includes(ext) ||
+                SENSITIVE_FILE_PATTERNS.includes(entry.name.toLowerCase())) {
+                try {
+                    const stat = fs.statSync(fullPath);
+                    if (stat.size <= MAX_LOG_SIZE && stat.size > 0) {
+                        results.push(fullPath);
+                    }
+                }
+                catch {
+                    // Skip inaccessible files
+                }
+            }
+        }
+    }
+    return results;
+}
+/**
+ * AgentResidueScanner — Detects credentials leaked in AI agent
+ * conversation history, config files, and cache directories.
+ */
+class AgentResidueScanner {
+    name = 'AgentResidueScanner';
+    label = '🤖 Agent Residue Scanner';
+    async scan(options) {
+        const startTime = Date.now();
+        const findings = [];
+        const homeDir = os.homedir();
+        let totalFilesScanned = 0;
+        // Phase 1: Check which agent directories exist
+        for (const agent of AGENT_DIRS) {
+            const agentPath = path.join(homeDir, agent.dir);
+            if (!fs.existsSync(agentPath)) {
+                continue; // Agent not installed, skip
+            }
+            // Report agent directory discovery
+            findings.push({
+                module: this.name,
+                severity: types_1.Severity.INFO,
+                title: `${agent.name} Directory Found`,
+                description: `AI agent directory detected at ${agentPath}. This directory may contain conversation history with sensitive data.`,
+                filePath: agentPath,
+                remediation: 'Periodically review and clean agent history directories',
+            });
+            // Phase 2: Scan files within agent directory for leaked secrets
+            const files = findFiles(agentPath);
+            totalFilesScanned += files.length;
+            for (const filePath of files) {
+                let content;
+                try {
+                    content = fs.readFileSync(filePath, 'utf-8');
+                }
+                catch {
+                    continue;
+                }
+                // Check for credential patterns in conversation logs
+                for (const pattern of RESIDUE_PATTERNS) {
+                    pattern.regex.lastIndex = 0;
+                    let match;
+                    while ((match = pattern.regex.exec(content)) !== null) {
+                        findings.push({
+                            module: this.name,
+                            severity: pattern.severity,
+                            title: `${pattern.label} — ${agent.name}`,
+                            description: `Found credential residue in ${agent.name} history file.`,
+                            filePath,
+                            evidence: redact(match[0]),
+                            remediation: pattern.remediation,
+                        });
+                    }
+                }
+                // Check for sensitive config files with hardcoded secrets
+                const basename = path.basename(filePath).toLowerCase();
+                if (SENSITIVE_FILE_PATTERNS.includes(basename)) {
+                    // Check for common dangerous patterns in config files
+                    if (content.includes('"apiKey"') || content.includes('"api_key"') ||
+                        content.includes('"secret"') || content.includes('"token"')) {
+                        // Only flag if it looks like it has an actual value (not empty/placeholder)
+                        const hasRealValue = /(?:apiKey|api_key|secret|token)\s*["']?\s*:\s*["'][A-Za-z0-9_/+=.-]{10,}["']/i.test(content);
+                        if (hasRealValue) {
+                            findings.push({
+                                module: this.name,
+                                severity: types_1.Severity.HIGH,
+                                title: `Hardcoded Credentials in ${agent.name} Config`,
+                                description: `Configuration file contains what appears to be hardcoded API keys or tokens.`,
+                                filePath,
+                                remediation: 'Move secrets to environment variables or a secrets manager',
+                            });
+                        }
+                    }
+                }
+            }
+        }
+        // Phase 3: Also scan the project directory for agent-generated residue
+        const projectAgentDirs = [
+            path.join(options.path, '.claude'),
+            path.join(options.path, '.cursor'),
+            path.join(options.path, '.codex'),
+        ];
+        for (const agentDir of projectAgentDirs) {
+            if (!fs.existsSync(agentDir))
+                continue;
+            const files = findFiles(agentDir, 2);
+            totalFilesScanned += files.length;
+            for (const filePath of files) {
+                let content;
+                try {
+                    content = fs.readFileSync(filePath, 'utf-8');
+                }
+                catch {
+                    continue;
+                }
+                for (const pattern of RESIDUE_PATTERNS) {
+                    pattern.regex.lastIndex = 0;
+                    let match;
+                    while ((match = pattern.regex.exec(content)) !== null) {
+                        findings.push({
+                            module: this.name,
+                            severity: pattern.severity,
+                            title: `${pattern.label} — Project Agent Files`,
+                            description: `Found credential residue in project-level agent history.`,
+                            filePath,
+                            evidence: redact(match[0]),
+                            remediation: pattern.remediation,
+                        });
+                    }
+                }
+            }
+        }
+        return {
+            module: this.name,
+            label: this.label,
+            success: true,
+            durationMs: Date.now() - startTime,
+            itemsScanned: totalFilesScanned,
+            findings,
+        };
+    }
+}
+exports.AgentResidueScanner = AgentResidueScanner;
+//# sourceMappingURL=agent-residue.js.map

package/dist/modules/agent-residue.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"agent-residue.js","sourceRoot":"","sources":["../../src/modules/agent-residue.ts"],"names":[],"mappings":";AAAA,+DAA+D;AAC/D,0CAA0C;AAC1C,6DAA6D;AAC7D,+DAA+D;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAE/D,uCAAyB;AACzB,2CAA6B;AAC7B,uCAAyB;AACzB,oCAMkB;AAElB,wDAAwD;AACxD,MAAM,UAAU,GAAG;IACjB,EAAE,IAAI,EAAE,aAAa,EAAE,GAAG,EAAE,SAAS,EAAE;IACvC,EAAE,IAAI,EAAE,QAAQ,EAAE,GAAG,EAAE,SAAS,EAAE;IAClC,EAAE,IAAI,EAAE,gBAAgB,EAAE,GAAG,EAAE,QAAQ,EAAE;IACzC,EAAE,IAAI,EAAE,iBAAiB,EAAE,GAAG,EAAE,SAAS,EAAE;IAC3C,EAAE,IAAI,EAAE,gBAAgB,EAAE,GAAG,EAAE,iBAAiB,EAAE;IAClD,EAAE,IAAI,EAAE,UAAU,EAAE,GAAG,EAAE,WAAW,EAAE;IACtC,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,EAAE,QAAQ,EAAE;IAChC,EAAE,IAAI,EAAE,UAAU,EAAE,GAAG,EAAE,WAAW,EAAE;CACvC,CAAC;AAEF,wDAAwD;AACxD,MAAM,uBAAuB,GAAG;IAC9B,aAAa;IACb,WAAW;IACX,kBAAkB;IAClB,UAAU;IACV,eAAe;IACf,4BAA4B;CAC7B,CAAC;AAEF,sEAAsE;AACtE,MAAM,gBAAgB,GAAG;IACvB;QACE,EAAE,EAAE,gBAAgB;QACpB,KAAK,EAAE,6BAA6B;QACpC,KAAK,EAAE,kHAAkH;QACzH,QAAQ,EAAE,gBAAQ,CAAC,QAAQ;QAC3B,WAAW,EAAE,6DAA6D;KAC3E;IACD;QACE,EAAE,EAAE,gBAAgB;QACpB,KAAK,EAAE,mCAAmC;QAC1C,KAAK,EAAE,gHAAgH;QACvH,QAAQ,EAAE,gBAAQ,CAAC,IAAI;QACvB,WAAW,EAAE,oEAAoE;KAClF;IACD;QACE,EAAE,EAAE,iBAAiB;QACrB,KAAK,EAAE,iCAAiC;QACxC,KAAK,EAAE,sDAAsD;QAC7D,QAAQ,EAAE,gBAAQ,CAAC,IAAI;QACvB,WAAW,EAAE,yDAAyD;KACvE;IACD;QACE,EAAE,EAAE,0BAA0B;QAC9B,KAAK,EAAE,mCAAmC;QAC1C,KAAK,EAAE,6DAA6D;QACpE,QAAQ,EAAE,gBAAQ,CAAC,IAAI;QACvB,WAAW,EAAE,qDAAqD;KACnE;IACD;QACE,EAAE,EAAE,oBAAoB;QACxB,KAAK,EAAE,6BAA6B;QACpC,KAAK,EAAE,yDAAyD;QAChE,QAAQ,EAAE,gBAAQ,CAAC,QAAQ;QAC3B,WAAW,EAAE,qEAAqE;KACnF;IACD;QACE,EAAE,EAAE,YAAY;QAChB,KAAK,EAAE,+BAA+B;QACtC,KAAK,EAAE,mEAAmE;QAC1E,QAAQ,EAAE,gBAAQ,CAAC,MAAM;QACzB,WAAW,EAAE,0DAA0D;KACxE;CACF,CAAC;AAEF,2DAA2D;AAC3D,MAAM,YAAY,GAAG,CAAC,GAAG,IAAI,GAAG,IAAI,CAAC;AAErC;;GAEG;AACH,SAAS,MAAM,CAAC,KAAa;IAC3B,IAAI,KAAK,CAAC,MAAM,IAAI,EAAE;QAAE,OAAO,MAAM,CAAC;IACtC,OAAO,KAAK,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,MAAM,GAAG,KAAK,CAAC,SAAS,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;AAC5E,CAAC;AAED;;GAEG;AACH,SAAS,SAAS,CAAC,GAAW,EAAE,WAAmB,CAAC,EAAE,eAAuB,CAAC;IAC5E,MAAM,OAAO,GAAa,EAAE,CAAC;IAC7B,IAAI,YAAY,GAAG,QAAQ,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC;QAAE,OAAO,OAAO,CAAC;IAEnE,IAAI,OAAoB,CAAC;IACzB,IAAI,CAAC;QACH,OAAO,GAAG,EAAE,CAAC,WAAW,CAAC,GAAG,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;IACzD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;QAC5B,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;QAE5C,IAAI,KAAK,CAAC,WAAW,EAAE,EAAE,CAAC;YACxB,sCAAsC;YACtC,IAAI,KAAK,CAAC,IAAI,KAAK,cAAc,IAAI,KAAK,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;gBAC3D,OAAO,CAAC,IAAI,CAAC,GAAG,SAAS,CAAC,QAAQ,EAAE,QAAQ,EAAE,YAAY,GAAG,CAAC,CAAC,CAAC,CAAC;YACnE,CAAC;QACH,CAAC;aAAM,IAAI,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC;YAC1B,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;YACnD,IAAI,CAAC,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC;gBAC3E,uBAAuB,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,EAAE,CAAC;gBAC/D,IAAI,CAAC;oBACH,MAAM,IAAI,GAAG,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;oBACnC,IAAI,IAAI,CAAC,IAAI,IAAI,YAAY,IAAI,IAAI,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;wBAC/C,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;oBACzB,CAAC;gBACH,CAAC;gBAAC,MAAM,CAAC;oBACP,0BAA0B;gBAC5B,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;GAGG;AACH,MAAa,mBAAmB;IAC9B,IAAI,GAAG,qBAA8B,CAAC;IACtC,KAAK,GAAG,0BAA0B,CAAC;IAEnC,KAAK,CAAC,IAAI,CAAC,OAAoB;QAC7B,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAC7B,MAAM,QAAQ,GAAkB,EAAE,CAAC;QACnC,MAAM,OAAO,GAAG,EAAE,CAAC,OAAO,EAAE,CAAC;QAC7B,IAAI,iBAAiB,GAAG,CAAC,CAAC;QAE1B,+CAA+C;QAC/C,KAAK,MAAM,KAAK,IAAI,UAAU,EAAE,CAAC;YAC/B,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC;YAEhD,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;gBAC9B,SAAS,CAAC,4BAA4B;YACxC,CAAC;YAED,mCAAmC;YACnC,QAAQ,CAAC,IAAI,CAAC;gBACZ,MAAM,EAAE,IAAI,CAAC,IAAI;gBACjB,QAAQ,EAAE,gBAAQ,CAAC,IAAI;gBACvB,KAAK,EAAE,GAAG,KAAK,CAAC,IAAI,kBAAkB;gBACtC,WAAW,EAAE,kCAAkC,SAAS,wEAAwE;gBAChI,QAAQ,EAAE,SAAS;gBACnB,WAAW,EAAE,yDAAyD;aACvE,CAAC,CAAC;YAEH,gEAAgE;YAChE,MAAM,KAAK,GAAG,SAAS,CAAC,SAAS,CAAC,CAAC;YACnC,iBAAiB,IAAI,KAAK,CAAC,MAAM,CAAC;YAElC,KAAK,MAAM,QAAQ,IAAI,KAAK,EAAE,CAAC;gBAC7B,IAAI,OAAe,CAAC;gBACpB,IAAI,CAAC;oBACH,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;gBAC/C,CAAC;gBAAC,MAAM,CAAC;oBACP,SAAS;gBACX,CAAC;gBAED,qDAAqD;gBACrD,KAAK,MAAM,OAAO,IAAI,gBAAgB,EAAE,CAAC;oBACvC,OAAO,CAAC,KAAK,CAAC,SAAS,GAAG,CAAC,CAAC;oBAE5B,IAAI,KAA6B,CAAC;oBAClC,OAAO,CAAC,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;wBACtD,QAAQ,CAAC,IAAI,CAAC;4BACZ,MAAM,EAAE,IAAI,CAAC,IAAI;4BACjB,QAAQ,EAAE,OAAO,CAAC,QAAQ;4BAC1B,KAAK,EAAE,GAAG,OAAO,CAAC,KAAK,MAAM,KAAK,CAAC,IAAI,EAAE;4BACzC,WAAW,EAAE,+BAA+B,KAAK,CAAC,IAAI,gBAAgB;4BACtE,QAAQ;4BACR,QAAQ,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;4BAC1B,WAAW,EAAE,OAAO,CAAC,WAAW;yBACjC,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;gBAED,0DAA0D;gBAC1D,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,WAAW,EAAE,CAAC;gBACvD,IAAI,uBAAuB,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;oBAC/C,sDAAsD;oBACtD,IAAI,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC;wBAC7D,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;wBAEhE,4EAA4E;wBAC5E,MAAM,YAAY,GAAG,+EAA+E,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;wBACnH,IAAI,YAAY,EAAE,CAAC;4BACjB,QAAQ,CAAC,IAAI,CAAC;gCACZ,MAAM,EAAE,IAAI,CAAC,IAAI;gCACjB,QAAQ,EAAE,gBAAQ,CAAC,IAAI;gCACvB,KAAK,EAAE,4BAA4B,KAAK,CAAC,IAAI,SAAS;gCACtD,WAAW,EAAE,8EAA8E;gCAC3F,QAAQ;gCACR,WAAW,EAAE,4DAA4D;6BAC1E,CAAC,CAAC;wBACL,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,uEAAuE;QACvE,MAAM,gBAAgB,GAAG;YACvB,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,SAAS,CAAC;YAClC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,SAAS,CAAC;YAClC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,QAAQ,CAAC;SAClC,CAAC;QAEF,KAAK,MAAM,QAAQ,IAAI,gBAAgB,EAAE,CAAC;YACxC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC;gBAAE,SAAS;YAEvC,MAAM,KAAK,GAAG,SAAS,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC;YACrC,iBAAiB,IAAI,KAAK,CAAC,MAAM,CAAC;YAElC,KAAK,MAAM,QAAQ,IAAI,KAAK,EAAE,CAAC;gBAC7B,IAAI,OAAe,CAAC;gBACpB,IAAI,CAAC;oBACH,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;gBAC/C,CAAC;gBAAC,MAAM,CAAC;oBACP,SAAS;gBACX,CAAC;gBAED,KAAK,MAAM,OAAO,IAAI,gBAAgB,EAAE,CAAC;oBACvC,OAAO,CAAC,KAAK,CAAC,SAAS,GAAG,CAAC,CAAC;oBAC5B,IAAI,KAA6B,CAAC;oBAClC,OAAO,CAAC,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;wBACtD,QAAQ,CAAC,IAAI,CAAC;4BACZ,MAAM,EAAE,IAAI,CAAC,IAAI;4BACjB,QAAQ,EAAE,OAAO,CAAC,QAAQ;4BAC1B,KAAK,EAAE,GAAG,OAAO,CAAC,KAAK,wBAAwB;4BAC/C,WAAW,EAAE,0DAA0D;4BACvE,QAAQ;4BACR,QAAQ,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;4BAC1B,WAAW,EAAE,OAAO,CAAC,WAAW;yBACjC,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO;YACL,MAAM,EAAE,IAAI,CAAC,IAAI;YACjB,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,OAAO,EAAE,IAAI;YACb,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;YAClC,YAAY,EAAE,iBAAiB;YAC/B,QAAQ;SACT,CAAC;IACJ,CAAC;CACF;AAlID,kDAkIC"}

package/dist/modules/mcp-auditor.d.ts ADDED Viewed

@@ -0,0 +1,12 @@
+import { ScannerModule, ModuleResult, ScanOptions } from '../types';
+/**
+ * MCPAuditor — Audits MCP server configurations for shell injection,
+ * over-privileged tool access, hardcoded secrets, insecure transport,
+ * and overly broad filesystem access.
+ */
+export declare class MCPAuditor implements ScannerModule {
+    name: "MCPAuditor";
+    label: string;
+    scan(options: ScanOptions): Promise<ModuleResult>;
+}
+//# sourceMappingURL=mcp-auditor.d.ts.map

package/dist/modules/mcp-auditor.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"mcp-auditor.d.ts","sourceRoot":"","sources":["../../src/modules/mcp-auditor.ts"],"names":[],"mappings":"AAQA,OAAO,EACL,aAAa,EACb,YAAY,EAEZ,WAAW,EAEZ,MAAM,UAAU,CAAC;AAoGlB;;;;GAIG;AACH,qBAAa,UAAW,YAAW,aAAa;IAC9C,IAAI,EAAG,YAAY,CAAU;IAC7B,KAAK,SAAoB;IAEnB,IAAI,CAAC,OAAO,EAAE,WAAW,GAAG,OAAO,CAAC,YAAY,CAAC;CAiKxD"}