devarmor 1.0.0

package/dist/modules/secret-scanner.d.ts

@@ -0,0 +1,11 @@
+import { ScannerModule, ModuleResult, ScanOptions } from '../types';
+/**
+ * SecretScanner — Detects leaked API keys, tokens, and passwords
+ * across configuration files, dotfiles, and source code.
+ */
+export declare class SecretScanner implements ScannerModule {
+    name: "SecretScanner";
+    label: string;
+    scan(options: ScanOptions): Promise<ModuleResult>;
+}
+//# sourceMappingURL=secret-scanner.d.ts.map

package/dist/modules/secret-scanner.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"secret-scanner.d.ts","sourceRoot":"","sources":["../../src/modules/secret-scanner.ts"],"names":[],"mappings":"AAOA,OAAO,EACL,aAAa,EACb,YAAY,EAEZ,WAAW,EAEZ,MAAM,UAAU,CAAC;AAmPlB;;;GAGG;AACH,qBAAa,aAAc,YAAW,aAAa;IACjD,IAAI,EAAG,eAAe,CAAU;IAChC,KAAK,SAAuB;IAEtB,IAAI,CAAC,OAAO,EAAE,WAAW,GAAG,OAAO,CAAC,YAAY,CAAC;CAiDxD"}

package/dist/modules/secret-scanner.js

@@ -0,0 +1,321 @@
+"use strict";
+// ============================================================
+// DevArmor — Secret Scanner Module
+// Detects leaked API keys, tokens, passwords in config files.
+// ============================================================
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SecretScanner = void 0;
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+const types_1 = require("../types");
+/**
+ * Curated list of secret patterns to detect.
+ * Covers major cloud providers, AI services, payment systems, and common credential formats.
+ */
+const SECRET_PATTERNS = [
+    // ── AI / LLM Service Keys ──
+    {
+        id: 'openai-api-key',
+        label: 'OpenAI API Key',
+        regex: /sk-[A-Za-z0-9_-]{20,}/g,
+        severity: types_1.Severity.CRITICAL,
+        remediation: 'Remove the key from this file and rotate it at https://platform.openai.com/api-keys',
+    },
+    {
+        id: 'anthropic-api-key',
+        label: 'Anthropic API Key',
+        regex: /sk-ant-[A-Za-z0-9_-]{20,}/g,
+        severity: types_1.Severity.CRITICAL,
+        remediation: 'Remove the key and rotate it at https://console.anthropic.com/settings/keys',
+    },
+    {
+        id: 'google-ai-api-key',
+        label: 'Google AI API Key',
+        regex: /AIza[A-Za-z0-9_-]{35}/g,
+        severity: types_1.Severity.CRITICAL,
+        remediation: 'Remove the key and rotate it in Google Cloud Console',
+    },
+    // ── Cloud Provider Keys ──
+    {
+        id: 'aws-access-key',
+        label: 'AWS Access Key ID',
+        regex: /AKIA[0-9A-Z]{16}/g,
+        severity: types_1.Severity.CRITICAL,
+        remediation: 'Rotate this key immediately in AWS IAM Console',
+    },
+    {
+        id: 'aws-secret-key',
+        label: 'AWS Secret Access Key',
+        regex: /(?:aws_secret_access_key|AWS_SECRET_ACCESS_KEY)\s*[=:]\s*[A-Za-z0-9/+=]{40}/g,
+        severity: types_1.Severity.CRITICAL,
+        remediation: 'Rotate this key immediately in AWS IAM Console',
+    },
+    {
+        id: 'azure-connection-string',
+        label: 'Azure Connection String',
+        regex: /DefaultEndpointsProtocol=https;AccountName=[^;]+;AccountKey=[A-Za-z0-9+/=]{40,}/g,
+        severity: types_1.Severity.CRITICAL,
+        remediation: 'Rotate the storage account key in Azure Portal',
+    },
+    // ── Payment / Financial ──
+    {
+        id: 'stripe-secret-key',
+        label: 'Stripe Secret Key',
+        regex: /sk_live_[A-Za-z0-9]{24,}/g,
+        severity: types_1.Severity.CRITICAL,
+        remediation: 'Rotate this key at https://dashboard.stripe.com/apikeys',
+    },
+    {
+        id: 'stripe-publishable-key',
+        label: 'Stripe Publishable Key',
+        regex: /pk_live_[A-Za-z0-9]{24,}/g,
+        severity: types_1.Severity.LOW,
+        remediation: 'Publishable keys are client-safe, but verify this is intentional',
+    },
+    // ── Communication / Messaging ──
+    {
+        id: 'slack-token',
+        label: 'Slack Token',
+        regex: /xox[bpors]-[0-9]{10,}-[A-Za-z0-9-]+/g,
+        severity: types_1.Severity.HIGH,
+        remediation: 'Revoke and regenerate the Slack token',
+    },
+    {
+        id: 'discord-token',
+        label: 'Discord Bot Token',
+        regex: /[MN][A-Za-z0-9]{23,}\.[A-Za-z0-9_-]{6}\.[A-Za-z0-9_-]{27,}/g,
+        severity: types_1.Severity.HIGH,
+        remediation: 'Regenerate the Discord bot token',
+    },
+    {
+        id: 'twilio-api-key',
+        label: 'Twilio API Key',
+        regex: /SK[0-9a-fA-F]{32}/g,
+        severity: types_1.Severity.HIGH,
+        remediation: 'Rotate the Twilio API key in your Twilio Console',
+    },
+    // ── Source Control / CI ──
+    {
+        id: 'github-pat',
+        label: 'GitHub Personal Access Token',
+        regex: /ghp_[A-Za-z0-9]{36,}/g,
+        severity: types_1.Severity.CRITICAL,
+        remediation: 'Revoke this token at https://github.com/settings/tokens',
+    },
+    {
+        id: 'github-fine-grained-pat',
+        label: 'GitHub Fine-Grained PAT',
+        regex: /github_pat_[A-Za-z0-9_]{22,}/g,
+        severity: types_1.Severity.CRITICAL,
+        remediation: 'Revoke this token at https://github.com/settings/tokens',
+    },
+    {
+        id: 'gitlab-pat',
+        label: 'GitLab Personal Access Token',
+        regex: /glpat-[A-Za-z0-9_-]{20,}/g,
+        severity: types_1.Severity.CRITICAL,
+        remediation: 'Revoke this token in GitLab → Settings → Access Tokens',
+    },
+    // ── Database ──
+    {
+        id: 'postgres-connection',
+        label: 'PostgreSQL Connection String',
+        regex: /postgres(?:ql)?:\/\/[^:]+:[^@]+@[^/]+/g,
+        severity: types_1.Severity.HIGH,
+        remediation: 'Move database credentials to environment variables or a secrets manager',
+    },
+    {
+        id: 'mongodb-connection',
+        label: 'MongoDB Connection String',
+        regex: /mongodb(?:\+srv)?:\/\/[^:]+:[^@]+@[^/]+/g,
+        severity: types_1.Severity.HIGH,
+        remediation: 'Move database credentials to environment variables or a secrets manager',
+    },
+    // ── Generic Patterns ──
+    {
+        id: 'generic-password',
+        label: 'Hardcoded Password',
+        regex: /(?:password|passwd|pwd|secret)\s*[=:]\s*["'][^"']{8,}["']/gi,
+        severity: types_1.Severity.MEDIUM,
+        remediation: 'Move passwords to environment variables or a secrets manager',
+    },
+    {
+        id: 'private-key',
+        label: 'Private Key',
+        regex: /-----BEGIN (?:RSA |EC |DSA |OPENSSH )?PRIVATE KEY-----/g,
+        severity: types_1.Severity.CRITICAL,
+        remediation: 'Remove private keys from this file and store them securely',
+    },
+    {
+        id: 'bearer-token',
+        label: 'Bearer Token',
+        regex: /(?:bearer|authorization)\s*[=:]\s*["']?Bearer\s+[A-Za-z0-9._~+/=-]{20,}/gi,
+        severity: types_1.Severity.HIGH,
+        remediation: 'Remove hardcoded bearer tokens and use dynamic token generation',
+    },
+    {
+        id: 'jwt-token',
+        label: 'JWT Token',
+        regex: /eyJ[A-Za-z0-9_-]{10,}\.eyJ[A-Za-z0-9_-]{10,}\.[A-Za-z0-9_-]{10,}/g,
+        severity: types_1.Severity.HIGH,
+        remediation: 'Remove hardcoded JWT tokens — they may contain sensitive claims',
+    },
+];
+/** File extensions to scan for secrets. */
+const SCAN_EXTENSIONS = new Set([
+    '.env', '.yaml', '.yml', '.json', '.toml', '.ini', '.cfg', '.conf',
+    '.properties', '.xml', '.ts', '.js', '.py', '.rb', '.go', '.rs',
+    '.java', '.sh', '.bash', '.zsh', '.fish', '.ps1',
+    '.tf', '.tfvars', '.hcl', // Terraform
+    '.dockerfile', // Docker
+]);
+/** Files to scan regardless of extension. */
+const SCAN_FILENAMES = new Set([
+    '.env', '.env.local', '.env.production', '.env.development', '.env.staging',
+    '.npmrc', '.pypirc', 'pip.conf', '.netrc', '.git-credentials',
+    'credentials', 'config', '.bashrc', '.zshrc', '.profile',
+    'docker-compose.yml', 'docker-compose.yaml',
+    'Dockerfile',
+]);
+/** Directories to skip during scanning. */
+const SKIP_DIRS = new Set([
+    'node_modules', '.git', 'dist', 'build', 'coverage', '__pycache__',
+    '.next', '.nuxt', 'vendor', 'target', 'bin', 'obj', 'registry', 'packages',
+]);
+/** Maximum file size to scan (1MB). */
+const MAX_FILE_SIZE = 1024 * 1024;
+/**
+ * Recursively collects scannable files from a directory.
+ */
+function collectFiles(dir) {
+    const results = [];
+    if (!fs.existsSync(dir))
+        return results;
+    let entries;
+    try {
+        entries = fs.readdirSync(dir, { withFileTypes: true });
+    }
+    catch {
+        return results;
+    }
+    for (const entry of entries) {
+        const fullPath = path.join(dir, entry.name);
+        if (entry.isDirectory()) {
+            if (!SKIP_DIRS.has(entry.name)) {
+                results.push(...collectFiles(fullPath));
+            }
+        }
+        else if (entry.isFile()) {
+            const ext = path.extname(entry.name).toLowerCase();
+            const basename = entry.name.toLowerCase();
+            // Check if file is scannable by extension or name
+            if (SCAN_EXTENSIONS.has(ext) || SCAN_FILENAMES.has(basename)) {
+                try {
+                    const stat = fs.statSync(fullPath);
+                    if (stat.size <= MAX_FILE_SIZE && stat.size > 0) {
+                        results.push(fullPath);
+                    }
+                }
+                catch {
+                    // Skip inaccessible files
+                }
+            }
+        }
+    }
+    return results;
+}
+/**
+ * Redacts sensitive content for safe display in findings.
+ * Shows first 4 and last 4 characters, masks the rest.
+ */
+function redact(value) {
+    if (value.length <= 12)
+        return '****';
+    return value.substring(0, 4) + '****' + value.substring(value.length - 4);
+}
+/**
+ * SecretScanner — Detects leaked API keys, tokens, and passwords
+ * across configuration files, dotfiles, and source code.
+ */
+class SecretScanner {
+    name = 'SecretScanner';
+    label = '🔑 Secret Scanner';
+    async scan(options) {
+        const startTime = Date.now();
+        const findings = [];
+        const files = collectFiles(options.path);
+        for (const filePath of files) {
+            let content;
+            try {
+                content = fs.readFileSync(filePath, 'utf-8');
+            }
+            catch {
+                continue; // Skip unreadable files
+            }
+            const lines = content.split('\n');
+            for (const pattern of SECRET_PATTERNS) {
+                // Reset regex state for each file
+                pattern.regex.lastIndex = 0;
+                let match;
+                while ((match = pattern.regex.exec(content)) !== null) {
+                    // Find line number
+                    const upToMatch = content.substring(0, match.index);
+                    const lineNumber = upToMatch.split('\n').length;
+                    findings.push({
+                        module: this.name,
+                        severity: pattern.severity,
+                        title: `${pattern.label} Detected`,
+                        description: `Found a potential ${pattern.label} in this file.`,
+                        filePath,
+                        line: lineNumber,
+                        evidence: redact(match[0]),
+                        remediation: pattern.remediation,
+                    });
+                }
+            }
+        }
+        return {
+            module: this.name,
+            label: this.label,
+            success: true,
+            durationMs: Date.now() - startTime,
+            itemsScanned: files.length,
+            findings,
+        };
+    }
+}
+exports.SecretScanner = SecretScanner;
+//# sourceMappingURL=secret-scanner.js.map

package/dist/modules/secret-scanner.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"secret-scanner.js","sourceRoot":"","sources":["../../src/modules/secret-scanner.ts"],"names":[],"mappings":";AAAA,+DAA+D;AAC/D,mCAAmC;AACnC,8DAA8D;AAC9D,+DAA+D;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAE/D,uCAAyB;AACzB,2CAA6B;AAC7B,oCAMkB;AAWlB;;;GAGG;AACH,MAAM,eAAe,GAAoB;IACvC,8BAA8B;IAC9B;QACE,EAAE,EAAE,gBAAgB;QACpB,KAAK,EAAE,gBAAgB;QACvB,KAAK,EAAE,wBAAwB;QAC/B,QAAQ,EAAE,gBAAQ,CAAC,QAAQ;QAC3B,WAAW,EAAE,qFAAqF;KACnG;IACD;QACE,EAAE,EAAE,mBAAmB;QACvB,KAAK,EAAE,mBAAmB;QAC1B,KAAK,EAAE,4BAA4B;QACnC,QAAQ,EAAE,gBAAQ,CAAC,QAAQ;QAC3B,WAAW,EAAE,6EAA6E;KAC3F;IACD;QACE,EAAE,EAAE,mBAAmB;QACvB,KAAK,EAAE,mBAAmB;QAC1B,KAAK,EAAE,wBAAwB;QAC/B,QAAQ,EAAE,gBAAQ,CAAC,QAAQ;QAC3B,WAAW,EAAE,sDAAsD;KACpE;IACD,4BAA4B;IAC5B;QACE,EAAE,EAAE,gBAAgB;QACpB,KAAK,EAAE,mBAAmB;QAC1B,KAAK,EAAE,mBAAmB;QAC1B,QAAQ,EAAE,gBAAQ,CAAC,QAAQ;QAC3B,WAAW,EAAE,gDAAgD;KAC9D;IACD;QACE,EAAE,EAAE,gBAAgB;QACpB,KAAK,EAAE,uBAAuB;QAC9B,KAAK,EAAE,8EAA8E;QACrF,QAAQ,EAAE,gBAAQ,CAAC,QAAQ;QAC3B,WAAW,EAAE,gDAAgD;KAC9D;IACD;QACE,EAAE,EAAE,yBAAyB;QAC7B,KAAK,EAAE,yBAAyB;QAChC,KAAK,EAAE,kFAAkF;QACzF,QAAQ,EAAE,gBAAQ,CAAC,QAAQ;QAC3B,WAAW,EAAE,gDAAgD;KAC9D;IACD,4BAA4B;IAC5B;QACE,EAAE,EAAE,mBAAmB;QACvB,KAAK,EAAE,mBAAmB;QAC1B,KAAK,EAAE,2BAA2B;QAClC,QAAQ,EAAE,gBAAQ,CAAC,QAAQ;QAC3B,WAAW,EAAE,yDAAyD;KACvE;IACD;QACE,EAAE,EAAE,wBAAwB;QAC5B,KAAK,EAAE,wBAAwB;QAC/B,KAAK,EAAE,2BAA2B;QAClC,QAAQ,EAAE,gBAAQ,CAAC,GAAG;QACtB,WAAW,EAAE,kEAAkE;KAChF;IACD,kCAAkC;IAClC;QACE,EAAE,EAAE,aAAa;QACjB,KAAK,EAAE,aAAa;QACpB,KAAK,EAAE,sCAAsC;QAC7C,QAAQ,EAAE,gBAAQ,CAAC,IAAI;QACvB,WAAW,EAAE,uCAAuC;KACrD;IACD;QACE,EAAE,EAAE,eAAe;QACnB,KAAK,EAAE,mBAAmB;QAC1B,KAAK,EAAE,6DAA6D;QACpE,QAAQ,EAAE,gBAAQ,CAAC,IAAI;QACvB,WAAW,EAAE,kCAAkC;KAChD;IACD;QACE,EAAE,EAAE,gBAAgB;QACpB,KAAK,EAAE,gBAAgB;QACvB,KAAK,EAAE,oBAAoB;QAC3B,QAAQ,EAAE,gBAAQ,CAAC,IAAI;QACvB,WAAW,EAAE,kDAAkD;KAChE;IACD,4BAA4B;IAC5B;QACE,EAAE,EAAE,YAAY;QAChB,KAAK,EAAE,8BAA8B;QACrC,KAAK,EAAE,uBAAuB;QAC9B,QAAQ,EAAE,gBAAQ,CAAC,QAAQ;QAC3B,WAAW,EAAE,yDAAyD;KACvE;IACD;QACE,EAAE,EAAE,yBAAyB;QAC7B,KAAK,EAAE,yBAAyB;QAChC,KAAK,EAAE,+BAA+B;QACtC,QAAQ,EAAE,gBAAQ,CAAC,QAAQ;QAC3B,WAAW,EAAE,yDAAyD;KACvE;IACD;QACE,EAAE,EAAE,YAAY;QAChB,KAAK,EAAE,8BAA8B;QACrC,KAAK,EAAE,2BAA2B;QAClC,QAAQ,EAAE,gBAAQ,CAAC,QAAQ;QAC3B,WAAW,EAAE,wDAAwD;KACtE;IACD,iBAAiB;IACjB;QACE,EAAE,EAAE,qBAAqB;QACzB,KAAK,EAAE,8BAA8B;QACrC,KAAK,EAAE,wCAAwC;QAC/C,QAAQ,EAAE,gBAAQ,CAAC,IAAI;QACvB,WAAW,EAAE,yEAAyE;KACvF;IACD;QACE,EAAE,EAAE,oBAAoB;QACxB,KAAK,EAAE,2BAA2B;QAClC,KAAK,EAAE,0CAA0C;QACjD,QAAQ,EAAE,gBAAQ,CAAC,IAAI;QACvB,WAAW,EAAE,yEAAyE;KACvF;IACD,yBAAyB;IACzB;QACE,EAAE,EAAE,kBAAkB;QACtB,KAAK,EAAE,oBAAoB;QAC3B,KAAK,EAAE,6DAA6D;QACpE,QAAQ,EAAE,gBAAQ,CAAC,MAAM;QACzB,WAAW,EAAE,8DAA8D;KAC5E;IACD;QACE,EAAE,EAAE,aAAa;QACjB,KAAK,EAAE,aAAa;QACpB,KAAK,EAAE,yDAAyD;QAChE,QAAQ,EAAE,gBAAQ,CAAC,QAAQ;QAC3B,WAAW,EAAE,4DAA4D;KAC1E;IACD;QACE,EAAE,EAAE,cAAc;QAClB,KAAK,EAAE,cAAc;QACrB,KAAK,EAAE,2EAA2E;QAClF,QAAQ,EAAE,gBAAQ,CAAC,IAAI;QACvB,WAAW,EAAE,iEAAiE;KAC/E;IACD;QACE,EAAE,EAAE,WAAW;QACf,KAAK,EAAE,WAAW;QAClB,KAAK,EAAE,mEAAmE;QAC1E,QAAQ,EAAE,gBAAQ,CAAC,IAAI;QACvB,WAAW,EAAE,iEAAiE;KAC/E;CACF,CAAC;AAEF,2CAA2C;AAC3C,MAAM,eAAe,GAAG,IAAI,GAAG,CAAC;IAC9B,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO;IAClE,aAAa,EAAE,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK;IAC/D,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM;IAChD,KAAK,EAAE,SAAS,EAAE,MAAM,EAAE,YAAY;IACtC,aAAa,EAAE,SAAS;CACzB,CAAC,CAAC;AAEH,6CAA6C;AAC7C,MAAM,cAAc,GAAG,IAAI,GAAG,CAAC;IAC7B,MAAM,EAAE,YAAY,EAAE,iBAAiB,EAAE,kBAAkB,EAAE,cAAc;IAC3E,QAAQ,EAAE,SAAS,EAAE,UAAU,EAAE,QAAQ,EAAE,kBAAkB;IAC7D,aAAa,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,EAAE,UAAU;IACxD,oBAAoB,EAAE,qBAAqB;IAC3C,YAAY;CACb,CAAC,CAAC;AAEH,2CAA2C;AAC3C,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC;IACxB,cAAc,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,aAAa;IAClE,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,KAAK,EAAE,KAAK,EAAE,UAAU,EAAE,UAAU;CAC3E,CAAC,CAAC;AAEH,uCAAuC;AACvC,MAAM,aAAa,GAAG,IAAI,GAAG,IAAI,CAAC;AAElC;;GAEG;AACH,SAAS,YAAY,CAAC,GAAW;IAC/B,MAAM,OAAO,GAAa,EAAE,CAAC;IAC7B,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC;QAAE,OAAO,OAAO,CAAC;IAExC,IAAI,OAAoB,CAAC;IACzB,IAAI,CAAC;QACH,OAAO,GAAG,EAAE,CAAC,WAAW,CAAC,GAAG,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;IACzD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;QAC5B,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;QAE5C,IAAI,KAAK,CAAC,WAAW,EAAE,EAAE,CAAC;YACxB,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC/B,OAAO,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,QAAQ,CAAC,CAAC,CAAC;YAC1C,CAAC;QACH,CAAC;aAAM,IAAI,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC;YAC1B,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;YACnD,MAAM,QAAQ,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;YAE1C,kDAAkD;YAClD,IAAI,eAAe,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,cAAc,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC7D,IAAI,CAAC;oBACH,MAAM,IAAI,GAAG,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;oBACnC,IAAI,IAAI,CAAC,IAAI,IAAI,aAAa,IAAI,IAAI,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;wBAChD,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;oBACzB,CAAC;gBACH,CAAC;gBAAC,MAAM,CAAC;oBACP,0BAA0B;gBAC5B,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;GAGG;AACH,SAAS,MAAM,CAAC,KAAa;IAC3B,IAAI,KAAK,CAAC,MAAM,IAAI,EAAE;QAAE,OAAO,MAAM,CAAC;IACtC,OAAO,KAAK,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,MAAM,GAAG,KAAK,CAAC,SAAS,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;AAC5E,CAAC;AAED;;;GAGG;AACH,MAAa,aAAa;IACxB,IAAI,GAAG,eAAwB,CAAC;IAChC,KAAK,GAAG,mBAAmB,CAAC;IAE5B,KAAK,CAAC,IAAI,CAAC,OAAoB;QAC7B,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAC7B,MAAM,QAAQ,GAAkB,EAAE,CAAC;QAEnC,MAAM,KAAK,GAAG,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QAEzC,KAAK,MAAM,QAAQ,IAAI,KAAK,EAAE,CAAC;YAC7B,IAAI,OAAe,CAAC;YACpB,IAAI,CAAC;gBACH,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;YAC/C,CAAC;YAAC,MAAM,CAAC;gBACP,SAAS,CAAC,wBAAwB;YACpC,CAAC;YAED,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YAElC,KAAK,MAAM,OAAO,IAAI,eAAe,EAAE,CAAC;gBACtC,kCAAkC;gBAClC,OAAO,CAAC,KAAK,CAAC,SAAS,GAAG,CAAC,CAAC;gBAE5B,IAAI,KAA6B,CAAC;gBAClC,OAAO,CAAC,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;oBACtD,mBAAmB;oBACnB,MAAM,SAAS,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;oBACpD,MAAM,UAAU,GAAG,SAAS,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC;oBAEhD,QAAQ,CAAC,IAAI,CAAC;wBACZ,MAAM,EAAE,IAAI,CAAC,IAAI;wBACjB,QAAQ,EAAE,OAAO,CAAC,QAAQ;wBAC1B,KAAK,EAAE,GAAG,OAAO,CAAC,KAAK,WAAW;wBAClC,WAAW,EAAE,qBAAqB,OAAO,CAAC,KAAK,gBAAgB;wBAC/D,QAAQ;wBACR,IAAI,EAAE,UAAU;wBAChB,QAAQ,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;wBAC1B,WAAW,EAAE,OAAO,CAAC,WAAW;qBACjC,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO;YACL,MAAM,EAAE,IAAI,CAAC,IAAI;YACjB,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,OAAO,EAAE,IAAI;YACb,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;YAClC,YAAY,EAAE,KAAK,CAAC,MAAM;YAC1B,QAAQ;SACT,CAAC;IACJ,CAAC;CACF;AArDD,sCAqDC"}

package/dist/modules/skill-scanner.d.ts

@@ -0,0 +1,12 @@
+import { ScannerModule, ModuleResult, ScanOptions } from '../types';
+/**
+ * SkillScanner — Detects malicious patterns in AI agent skill files
+ * including prompt injection, data exfiltration, system override,
+ * and execution hijacking via hidden instructions.
+ */
+export declare class SkillScanner implements ScannerModule {
+    name: "SkillScanner";
+    label: string;
+    scan(options: ScanOptions): Promise<ModuleResult>;
+}
+//# sourceMappingURL=skill-scanner.d.ts.map

package/dist/modules/skill-scanner.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"skill-scanner.d.ts","sourceRoot":"","sources":["../../src/modules/skill-scanner.ts"],"names":[],"mappings":"AAOA,OAAO,EACL,aAAa,EACb,YAAY,EAEZ,WAAW,EAEZ,MAAM,UAAU,CAAC;AA+JlB;;;;GAIG;AACH,qBAAa,YAAa,YAAW,aAAa;IAChD,IAAI,EAAG,cAAc,CAAU;IAC/B,KAAK,SAAuB;IAEtB,IAAI,CAAC,OAAO,EAAE,WAAW,GAAG,OAAO,CAAC,YAAY,CAAC;CAiHxD"}

package/dist/modules/skill-scanner.js

@@ -0,0 +1,294 @@
+"use strict";
+// ============================================================
+// DevArmor — Skill Scanner Module
+// Detects malicious patterns in AI agent skill files.
+// ============================================================
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SkillScanner = void 0;
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+const types_1 = require("../types");
+/** Skill directories to scan, relative to project root. */
+const SKILL_DIRS = [
+    '.agents/skills',
+    '.cursor/skills',
+];
+/** Prompt injection patterns. */
+const PROMPT_INJECTION_PATTERNS = [
+    { regex: /ignore\s+previous\s+instructions/gi, label: 'Ignore previous instructions' },
+    { regex: /ignore\s+all\s+prior/gi, label: 'Ignore all prior instructions' },
+    { regex: /you\s+are\s+now/gi, label: 'Identity override (you are now)' },
+    { regex: /override\s+your/gi, label: 'Override directive' },
+    { regex: /disregard\s+your/gi, label: 'Disregard directive' },
+    { regex: /forget\s+(everything|all|your)/gi, label: 'Memory wipe directive' },
+    { regex: /new\s+instructions?\s*:/gi, label: 'New instructions injection' },
+    { regex: /system\s*:\s*you\s+are/gi, label: 'System prompt override' },
+];
+/** Data exfiltration patterns. */
+const DATA_EXFIL_PATTERNS = [
+    { regex: /fetch\s*\(\s*['"][^'"]*['"].*(?:file|content|secret|key|token|password)/gi, label: 'Fetch with sensitive data' },
+    { regex: /https?:\/\/[^\s'"]+.*(?:readFile|readFileSync|file_contents)/gi, label: 'HTTP request with file contents' },
+    { regex: /send\s+all/gi, label: 'Send all directive' },
+    { regex: /\btransmit\b/gi, label: 'Transmit directive' },
+    { regex: /\bexfiltrate\b/gi, label: 'Exfiltrate directive' },
+    { regex: /upload.*(?:credentials|secrets|keys|tokens|\.env)/gi, label: 'Upload credentials' },
+    { regex: /(?:curl|wget|fetch|http\.post)\s*.*(?:\.env|credentials|secrets)/gi, label: 'HTTP exfiltration of secrets' },
+    { regex: /base64.*(?:send|post|fetch|curl)/gi, label: 'Base64 encode and send' },
+];
+/** System override / destructive command patterns. */
+const SYSTEM_OVERRIDE_PATTERNS = [
+    { regex: /execute\s+command/gi, label: 'Execute command directive' },
+    { regex: /run\s+shell/gi, label: 'Run shell directive' },
+    { regex: /\brm\s+-rf\b/g, label: 'Recursive delete (rm -rf)' },
+    { regex: /\bformat\s+c:/gi, label: 'Format drive (format c:)' },
+    { regex: /delete\s+all/gi, label: 'Delete all directive' },
+    { regex: /\bdrop\s+(?:table|database)\b/gi, label: 'SQL drop command' },
+    { regex: /\bshutdown\b.*(?:\/s|now|-h)/gi, label: 'System shutdown' },
+    { regex: /\bkill\s+-9\b/g, label: 'Force kill process' },
+    { regex: /\bmkfs\b/g, label: 'Filesystem format (mkfs)' },
+    { regex: /\bdd\s+if=/g, label: 'Disk destroyer (dd)' },
+];
+/** Directories to skip during recursive scanning. */
+const SKIP_DIRS = new Set([
+    'node_modules', '.git', 'dist', 'build', '__pycache__',
+]);
+/** Maximum file size to scan (1MB). */
+const MAX_FILE_SIZE = 1024 * 1024;
+/** Scannable file extensions for skill files. */
+const SCAN_EXTENSIONS = new Set([
+    '.md', '.txt', '.yaml', '.yml', '.json', '.toml',
+    '.js', '.ts', '.py', '.sh', '.bash', '.ps1',
+]);
+/**
+ * Recursively collects skill files from a directory.
+ */
+function collectSkillFiles(dir) {
+    const results = [];
+    if (!fs.existsSync(dir))
+        return results;
+    let entries;
+    try {
+        entries = fs.readdirSync(dir, { withFileTypes: true });
+    }
+    catch {
+        return results;
+    }
+    for (const entry of entries) {
+        const fullPath = path.join(dir, entry.name);
+        if (entry.isDirectory()) {
+            if (!SKIP_DIRS.has(entry.name)) {
+                results.push(...collectSkillFiles(fullPath));
+            }
+        }
+        else if (entry.isFile()) {
+            const ext = path.extname(entry.name).toLowerCase();
+            if (SCAN_EXTENSIONS.has(ext)) {
+                try {
+                    const stat = fs.statSync(fullPath);
+                    if (stat.size <= MAX_FILE_SIZE && stat.size > 0) {
+                        results.push(fullPath);
+                    }
+                }
+                catch {
+                    // Skip inaccessible files
+                }
+            }
+        }
+    }
+    return results;
+}
+/**
+ * Detects hidden instructions after large whitespace blocks.
+ * Returns findings for execution hijacking via whitespace hiding.
+ */
+function checkWhitespaceHiding(content, filePath, moduleName) {
+    const findings = [];
+    // Check for large blocks of whitespace (50+ consecutive blank lines or spaces)
+    const largeWhitespace = /\n{50,}/g;
+    let match;
+    while ((match = largeWhitespace.exec(content)) !== null) {
+        // Check if there's non-whitespace content after the gap
+        const after = content.substring(match.index + match[0].length).trim();
+        if (after.length > 0) {
+            const upToMatch = content.substring(0, match.index);
+            const lineNumber = upToMatch.split('\n').length;
+            findings.push({
+                module: moduleName,
+                severity: types_1.Severity.HIGH,
+                title: 'Hidden Instructions After Whitespace',
+                description: 'Found content hidden after a large block of whitespace — a common prompt injection technique.',
+                filePath,
+                line: lineNumber,
+                remediation: 'Remove the hidden content or consolidate whitespace in this skill file',
+            });
+        }
+    }
+    return findings;
+}
+/**
+ * Detects base64 encoded commands that could hide malicious payloads.
+ */
+function checkBase64Payloads(content, filePath, moduleName) {
+    const findings = [];
+    // Match base64 strings that are suspiciously long (likely encoded commands)
+    const base64Pattern = /(?:base64|atob|btoa|decode)\s*\(?\s*['"]([A-Za-z0-9+/=]{40,})['"]/g;
+    let match;
+    while ((match = base64Pattern.exec(content)) !== null) {
+        const upToMatch = content.substring(0, match.index);
+        const lineNumber = upToMatch.split('\n').length;
+        findings.push({
+            module: moduleName,
+            severity: types_1.Severity.HIGH,
+            title: 'Base64 Encoded Payload Detected',
+            description: 'Found a base64 encoded string that may conceal malicious commands.',
+            filePath,
+            line: lineNumber,
+            evidence: match[0].substring(0, 40) + '...',
+            remediation: 'Decode and inspect the base64 content. Remove if malicious.',
+        });
+    }
+    return findings;
+}
+/**
+ * SkillScanner — Detects malicious patterns in AI agent skill files
+ * including prompt injection, data exfiltration, system override,
+ * and execution hijacking via hidden instructions.
+ */
+class SkillScanner {
+    name = 'SkillScanner';
+    label = '🛡️ Skill Scanner';
+    async scan(options) {
+        const startTime = Date.now();
+        const findings = [];
+        let totalFilesScanned = 0;
+        for (const skillDir of SKILL_DIRS) {
+            const fullSkillDir = path.join(options.path, skillDir);
+            if (!fs.existsSync(fullSkillDir))
+                continue;
+            // Report skill directory discovery
+            findings.push({
+                module: this.name,
+                severity: types_1.Severity.INFO,
+                title: `Skill Directory Found — ${skillDir}`,
+                description: `AI agent skill directory detected at ${fullSkillDir}. Scanning for malicious patterns.`,
+                filePath: fullSkillDir,
+                remediation: 'Periodically audit third-party skills for malicious content',
+            });
+            const files = collectSkillFiles(fullSkillDir);
+            totalFilesScanned += files.length;
+            for (const filePath of files) {
+                let content;
+                try {
+                    content = fs.readFileSync(filePath, 'utf-8');
+                }
+                catch {
+                    continue; // Skip unreadable files
+                }
+                // Check prompt injection patterns
+                for (const pattern of PROMPT_INJECTION_PATTERNS) {
+                    pattern.regex.lastIndex = 0;
+                    let match;
+                    while ((match = pattern.regex.exec(content)) !== null) {
+                        const upToMatch = content.substring(0, match.index);
+                        const lineNumber = upToMatch.split('\n').length;
+                        findings.push({
+                            module: this.name,
+                            severity: types_1.Severity.CRITICAL,
+                            title: `Prompt Injection — ${pattern.label}`,
+                            description: `Detected a prompt injection pattern that attempts to override AI behavior.`,
+                            filePath,
+                            line: lineNumber,
+                            evidence: match[0],
+                            remediation: 'Remove or quarantine this skill file — it contains prompt injection attempts',
+                        });
+                    }
+                }
+                // Check data exfiltration patterns
+                for (const pattern of DATA_EXFIL_PATTERNS) {
+                    pattern.regex.lastIndex = 0;
+                    let match;
+                    while ((match = pattern.regex.exec(content)) !== null) {
+                        const upToMatch = content.substring(0, match.index);
+                        const lineNumber = upToMatch.split('\n').length;
+                        findings.push({
+                            module: this.name,
+                            severity: types_1.Severity.CRITICAL,
+                            title: `Data Exfiltration Risk — ${pattern.label}`,
+                            description: `Detected a pattern that may exfiltrate sensitive data to an external endpoint.`,
+                            filePath,
+                            line: lineNumber,
+                            evidence: match[0].substring(0, 80),
+                            remediation: 'Remove this skill immediately — it may be stealing sensitive data',
+                        });
+                    }
+                }
+                // Check system override / destructive patterns
+                for (const pattern of SYSTEM_OVERRIDE_PATTERNS) {
+                    pattern.regex.lastIndex = 0;
+                    let match;
+                    while ((match = pattern.regex.exec(content)) !== null) {
+                        const upToMatch = content.substring(0, match.index);
+                        const lineNumber = upToMatch.split('\n').length;
+                        findings.push({
+                            module: this.name,
+                            severity: types_1.Severity.HIGH,
+                            title: `System Override Risk — ${pattern.label}`,
+                            description: `Detected a destructive system command pattern in a skill file.`,
+                            filePath,
+                            line: lineNumber,
+                            evidence: match[0],
+                            remediation: 'Remove or quarantine this skill — it contains dangerous system commands',
+                        });
+                    }
+                }
+                // Check execution hijacking: hidden instructions after whitespace
+                findings.push(...checkWhitespaceHiding(content, filePath, this.name));
+                // Check execution hijacking: base64 encoded commands
+                findings.push(...checkBase64Payloads(content, filePath, this.name));
+            }
+        }
+        return {
+            module: this.name,
+            label: this.label,
+            success: true,
+            durationMs: Date.now() - startTime,
+            itemsScanned: totalFilesScanned,
+            findings,
+        };
+    }
+}
+exports.SkillScanner = SkillScanner;
+//# sourceMappingURL=skill-scanner.js.map