erosolar-cli 1.7.54 → 1.7.56

package/dist/bin/alpha-zero/security/simulation.js

@@ -1,274 +0,0 @@
-/**
- * Attack Simulation Framework
- *
- * Provides controlled attack simulations for red team exercises.
- * All simulations require explicit authorization.
- *
- * Principal Investigator: Bo Shang
- * Framework: erosolar-cli
- */
-import { AuthorizationScope } from './core.js';
-/**
- * Categories of attack simulations
- */
-export var AttackCategory;
-(function (AttackCategory) {
-    AttackCategory["RECONNAISSANCE"] = "reconnaissance";
-    AttackCategory["WEB_APPLICATION"] = "web_application";
-    AttackCategory["AUTHENTICATION"] = "authentication";
-    AttackCategory["INJECTION"] = "injection";
-    AttackCategory["MISCONFIGURATION"] = "misconfiguration";
-    AttackCategory["PRIVILEGE_ESCALATION"] = "privilege_escalation";
-    AttackCategory["DATA_EXFILTRATION"] = "data_exfiltration";
-})(AttackCategory || (AttackCategory = {}));
-/**
- * MITRE ATT&CK inspired attack phases
- */
-export var AttackPhase;
-(function (AttackPhase) {
-    AttackPhase["INITIAL_ACCESS"] = "initial_access";
-    AttackPhase["EXECUTION"] = "execution";
-    AttackPhase["PERSISTENCE"] = "persistence";
-    AttackPhase["PRIVILEGE_ESCALATION"] = "privilege_escalation";
-    AttackPhase["DEFENSE_EVASION"] = "defense_evasion";
-    AttackPhase["CREDENTIAL_ACCESS"] = "credential_access";
-    AttackPhase["DISCOVERY"] = "discovery";
-    AttackPhase["LATERAL_MOVEMENT"] = "lateral_movement";
-    AttackPhase["COLLECTION"] = "collection";
-    AttackPhase["EXFILTRATION"] = "exfiltration";
-    AttackPhase["IMPACT"] = "impact";
-})(AttackPhase || (AttackPhase = {}));
-/**
- * Common attack vectors based on OWASP Top 10 and MITRE ATT&CK
- */
-export const ATTACK_VECTORS = {
-    sql_injection: {
-        name: 'SQL Injection',
-        category: AttackCategory.INJECTION,
-        phase: AttackPhase.INITIAL_ACCESS,
-        description: 'Inject malicious SQL queries',
-        techniqueId: 'T1190',
-        prerequisites: ['web_application_identified', 'input_field_found'],
-        detectionMethods: ['WAF rules', 'Database monitoring'],
-        mitigations: ['Parameterized queries', 'Input validation'],
-    },
-    xss_reflected: {
-        name: 'Reflected XSS',
-        category: AttackCategory.WEB_APPLICATION,
-        phase: AttackPhase.INITIAL_ACCESS,
-        description: 'Inject scripts reflected to users',
-        techniqueId: 'T1189',
-        prerequisites: ['web_application_identified', 'reflection_point_found'],
-        detectionMethods: ['CSP reports', 'WAF XSS rules'],
-        mitigations: ['CSP', 'Output encoding', 'Input validation'],
-    },
-    ssrf: {
-        name: 'Server-Side Request Forgery',
-        category: AttackCategory.WEB_APPLICATION,
-        phase: AttackPhase.DISCOVERY,
-        description: 'Abuse server to make internal requests',
-        techniqueId: 'T1090',
-        prerequisites: ['url_parameter_found'],
-        detectionMethods: ['Outbound request monitoring'],
-        mitigations: ['URL allowlisting', 'Network segmentation'],
-    },
-    auth_bypass: {
-        name: 'Authentication Bypass',
-        category: AttackCategory.AUTHENTICATION,
-        phase: AttackPhase.INITIAL_ACCESS,
-        description: 'Bypass authentication mechanisms',
-        techniqueId: 'T1078',
-        prerequisites: ['auth_endpoint_identified'],
-        detectionMethods: ['Failed login monitoring', 'Session anomalies'],
-        mitigations: ['MFA', 'Strong session management'],
-    },
-    path_traversal: {
-        name: 'Path Traversal',
-        category: AttackCategory.WEB_APPLICATION,
-        phase: AttackPhase.COLLECTION,
-        description: 'Access files outside webroot',
-        techniqueId: 'T1083',
-        prerequisites: ['file_parameter_found'],
-        detectionMethods: ['Path pattern monitoring', 'WAF rules'],
-        mitigations: ['Input validation', 'Chroot/sandbox'],
-    },
-};
-/**
- * Payload generator for security testing
- */
-export class PayloadGenerator {
-    /**
-     * Generate SQL injection test payloads
-     */
-    static sqlInjectionPayloads() {
-        return [
-            "' OR '1'='1",
-            "'; DROP TABLE users--",
-            "1' AND '1'='1",
-            "1 UNION SELECT NULL--",
-            "admin'--",
-        ];
-    }
-    /**
-     * Generate XSS test payloads
-     */
-    static xssPayloads() {
-        return [
-            "<script>alert(1)</script>",
-            "<img src=x onerror=alert(1)>",
-            "javascript:alert(1)",
-            "<svg onload=alert(1)>",
-        ];
-    }
-    /**
-     * Generate path traversal test payloads
-     */
-    static pathTraversalPayloads() {
-        return [
-            "../../../etc/passwd",
-            "..\\..\\..\\windows\\system32\\config\\sam",
-            "....//....//....//etc/passwd",
-            "%2e%2e%2f%2e%2e%2f%2e%2e%2fetc%2fpasswd",
-        ];
-    }
-    /**
-     * Encode payload
-     */
-    static encodePayload(payload, encoding) {
-        switch (encoding) {
-            case 'base64':
-                return Buffer.from(payload).toString('base64');
-            case 'url':
-                return encodeURIComponent(payload);
-            case 'hex':
-                return Buffer.from(payload).toString('hex');
-            default:
-                return payload;
-        }
-    }
-}
-/**
- * Attack simulator
- */
-export class AttackSimulator {
-    constructor(authorization, verbose = false) {
-        this.results = [];
-        this.authorization = authorization;
-        this.verbose = verbose;
-    }
-    /**
-     * Check authorization
-     */
-    checkAuthorization(target) {
-        if (!this.authorization) {
-            throw new Error('No authorization record.');
-        }
-        // Attack simulations require stronger authorization
-        const allowed = [
-            AuthorizationScope.OWNED_SYSTEMS,
-            AuthorizationScope.PENTEST_ENGAGEMENT,
-            AuthorizationScope.RED_TEAM,
-            AuthorizationScope.CTF_COMPETITION,
-        ];
-        if (!allowed.includes(this.authorization.scope)) {
-            throw new Error('Simulations require pentest/red team authorization.');
-        }
-        const inScope = this.authorization.targetDomain.includes(target) ||
-            target.endsWith(this.authorization.targetDomain);
-        if (!inScope) {
-            throw new Error(`Target ${target} not in scope.`);
-        }
-    }
-    /**
-     * Simulate an attack vector
-     */
-    async simulateAttack(target, vectorId, dryRun = true) {
-        this.checkAuthorization(target);
-        if (!(vectorId in ATTACK_VECTORS)) {
-            throw new Error(`Unknown attack vector: ${vectorId}`);
-        }
-        const vector = ATTACK_VECTORS[vectorId];
-        if (!vector) {
-            throw new Error(`Unknown attack vector: ${vectorId}`);
-        }
-        const startTime = Date.now();
-        if (this.verbose) {
-            console.log(`[Simulation] ${vector.name} against ${target}`);
-            console.log(`  Technique: ${vector.techniqueId}`);
-            console.log(`  Dry run: ${dryRun}`);
-        }
-        const result = {
-            vector,
-            target,
-            timestamp: startTime,
-            success: false,
-            evidence: [],
-            artifacts: {
-                payloads: this.getPayloadsForVector(vectorId),
-                payloadCount: this.getPayloadsForVector(vectorId).length,
-            },
-            detectionTriggered: false,
-            durationMs: 0,
-            notes: `Dry run: ${dryRun}`,
-        };
-        if (!dryRun) {
-            result.notes = 'Live simulation not implemented for safety';
-        }
-        result.durationMs = Date.now() - startTime;
-        this.results.push(result);
-        return result;
-    }
-    /**
-     * Get payloads for a vector
-     */
-    getPayloadsForVector(vectorId) {
-        if (vectorId.includes('sql')) {
-            return PayloadGenerator.sqlInjectionPayloads();
-        }
-        if (vectorId.includes('xss')) {
-            return PayloadGenerator.xssPayloads();
-        }
-        if (vectorId.includes('path') || vectorId.includes('traversal')) {
-            return PayloadGenerator.pathTraversalPayloads();
-        }
-        return [];
-    }
-    /**
-     * Get vectors by category
-     */
-    getVectorsByCategory(category) {
-        return Object.values(ATTACK_VECTORS).filter(v => v.category === category);
-    }
-    /**
-     * Get vectors by phase
-     */
-    getVectorsByPhase(phase) {
-        return Object.values(ATTACK_VECTORS).filter(v => v.phase === phase);
-    }
-    /**
-     * Generate report
-     */
-    generateReport() {
-        const lines = [
-            '='.repeat(60),
-            'ATTACK SIMULATION REPORT',
-            '='.repeat(60),
-            `Generated: ${new Date().toISOString()}`,
-            `Target: ${this.authorization.targetDomain}`,
-            `Scope: ${this.authorization.scope}`,
-            `Simulations: ${this.results.length}`,
-            '',
-        ];
-        for (let i = 0; i < this.results.length; i++) {
-            const result = this.results[i];
-            if (!result)
-                continue;
-            lines.push(`[${i + 1}] ${result.vector.name}`);
-            lines.push(`    Target: ${result.target}`);
-            lines.push(`    Success: ${result.success}`);
-            lines.push(`    Duration: ${result.durationMs}ms`);
-            lines.push(`    Payloads: ${result.artifacts['payloadCount'] || 0}`);
-        }
-        return lines.join('\n');
-    }
-}

package/dist/bin/alpha-zero/selfModification.js

@@ -1,231 +0,0 @@
-/**
- * Self-Modification Engine for Alpha Zero 2
- *
- * Enables autonomous code self-modification with version control.
- * Agents can modify their own tool source code based on performance feedback.
- *
- * Principal Investigator: Bo Shang
- * Framework: erosolar-cli
- */
-import * as crypto from 'crypto';
-import * as fs from 'fs/promises';
-import * as path from 'path';
-const DEFAULT_CONFIG = {
-    dataDir: '.alpha_zero_versions',
-    maxVersions: 100,
-    enableAutoRollback: true,
-    minQualityThreshold: 0.7,
-    verbose: false,
-};
-/**
- * Self-Modification Engine
- *
- * Manages version-controlled code modifications with automatic rollback.
- */
-export class SelfModificationEngine {
-    constructor(config = {}) {
-        this.versions = new Map();
-        this.config = { ...DEFAULT_CONFIG, ...config };
-    }
-    /**
-     * Create a checkpoint of current tool code
-     */
-    async createCheckpoint(toolId, sourceCode, metrics) {
-        const hash = this.computeHash(sourceCode);
-        const versionId = `${toolId}-${Date.now()}-${hash.slice(0, 8)}`;
-        const toolVersions = this.versions.get(toolId) || [];
-        const lastVersion = toolVersions.length > 0 ? toolVersions[toolVersions.length - 1] : undefined;
-        const parentVersion = lastVersion?.versionId;
-        const version = {
-            versionId,
-            hash,
-            timestamp: Date.now(),
-            sourceCode,
-            performanceMetrics: metrics,
-            parentVersion,
-        };
-        toolVersions.push(version);
-        this.versions.set(toolId, toolVersions);
-        // Persist to disk
-        await this.saveVersion(toolId, version);
-        if (this.config.verbose) {
-            console.log(`[SelfMod] Created checkpoint ${versionId}`);
-        }
-        return version;
-    }
-    /**
-     * Attempt to modify tool code
-     */
-    async modifyTool(toolId, currentCode, modifiedCode, testFn) {
-        // Create checkpoint of current code
-        const currentVersion = await this.createCheckpoint(toolId, currentCode);
-        // Test modified code if test function provided
-        let testResult;
-        if (testFn) {
-            try {
-                testResult = await testFn(modifiedCode);
-            }
-            catch (error) {
-                return {
-                    success: false,
-                    previousVersion: currentVersion,
-                    error: `Test execution failed: ${error}`,
-                    rolledBack: false,
-                };
-            }
-            // Check if tests pass
-            if (!testResult.passed && this.config.enableAutoRollback) {
-                if (this.config.verbose) {
-                    console.log(`[SelfMod] Tests failed, rolling back`);
-                }
-                return {
-                    success: false,
-                    previousVersion: currentVersion,
-                    error: `Tests failed: ${testResult.failedTests}/${testResult.totalTests}`,
-                    rolledBack: true,
-                };
-            }
-        }
-        // Create new version
-        const newVersion = await this.createCheckpoint(toolId, modifiedCode, {
-            executionTimeMs: 0,
-            memoryUsageMb: 0,
-            errorCount: testResult?.failedTests || 0,
-            successRate: testResult ? testResult.passedTests / testResult.totalTests : 1,
-            qualityScore: this.evaluateCodeQuality(modifiedCode),
-        });
-        newVersion.testResults = testResult;
-        // Calculate performance delta
-        const performanceDelta = newVersion.performanceMetrics && currentVersion.performanceMetrics
-            ? newVersion.performanceMetrics.qualityScore - currentVersion.performanceMetrics.qualityScore
-            : 0;
-        return {
-            success: true,
-            newVersion,
-            previousVersion: currentVersion,
-            performanceDelta,
-            rolledBack: false,
-        };
-    }
-    /**
-     * Rollback to a previous version
-     */
-    async rollback(toolId, targetVersionId) {
-        const toolVersions = this.versions.get(toolId);
-        if (!toolVersions || toolVersions.length < 2) {
-            return null;
-        }
-        if (targetVersionId) {
-            const targetIndex = toolVersions.findIndex(v => v.versionId === targetVersionId);
-            if (targetIndex === -1)
-                return null;
-            // Remove versions after target
-            const removedVersions = toolVersions.splice(targetIndex + 1);
-            if (this.config.verbose) {
-                console.log(`[SelfMod] Rolled back ${removedVersions.length} versions`);
-            }
-            return toolVersions[targetIndex] ?? null;
-        }
-        // Rollback to previous version
-        toolVersions.pop();
-        return toolVersions[toolVersions.length - 1] ?? null;
-    }
-    /**
-     * Get version history for a tool
-     */
-    getVersionHistory(toolId) {
-        return this.versions.get(toolId) || [];
-    }
-    /**
-     * Get current version of a tool
-     */
-    getCurrentVersion(toolId) {
-        const versions = this.versions.get(toolId);
-        return versions && versions.length > 0 ? (versions[versions.length - 1] ?? null) : null;
-    }
-    /**
-     * Compare two versions
-     */
-    compareVersions(version1, version2) {
-        const codeChanged = version1.hash !== version2.hash;
-        const q1 = version1.performanceMetrics?.qualityScore || 0;
-        const q2 = version2.performanceMetrics?.qualityScore || 0;
-        return {
-            codeChanged,
-            performanceImproved: q2 > q1,
-            qualityDelta: q2 - q1,
-        };
-    }
-    /**
-     * Evaluate code quality (simplified AST-based analysis)
-     */
-    evaluateCodeQuality(code) {
-        let score = 0.5; // Base score
-        // Check for documentation
-        if (code.includes('/**') || code.includes('///')) {
-            score += 0.1;
-        }
-        // Check for error handling
-        if (code.includes('try') && code.includes('catch')) {
-            score += 0.1;
-        }
-        // Check for type annotations (TypeScript)
-        if (code.includes(': string') || code.includes(': number') || code.includes(': boolean')) {
-            score += 0.1;
-        }
-        // Check for async/await patterns
-        if (code.includes('async') && code.includes('await')) {
-            score += 0.05;
-        }
-        // Penalize very long functions
-        const lines = code.split('\n').length;
-        if (lines > 200) {
-            score -= 0.1;
-        }
-        return Math.max(0, Math.min(1, score));
-    }
-    /**
-     * Compute SHA-256 hash of code
-     */
-    computeHash(code) {
-        return crypto.createHash('sha256').update(code).digest('hex');
-    }
-    /**
-     * Save version to disk
-     */
-    async saveVersion(toolId, version) {
-        const dir = path.join(this.config.dataDir, toolId);
-        await fs.mkdir(dir, { recursive: true });
-        const filePath = path.join(dir, `${version.versionId}.json`);
-        await fs.writeFile(filePath, JSON.stringify(version, null, 2));
-    }
-    /**
-     * Load versions from disk
-     */
-    async loadVersions(toolId) {
-        const dir = path.join(this.config.dataDir, toolId);
-        try {
-            const files = await fs.readdir(dir);
-            const versions = [];
-            for (const file of files) {
-                if (file.endsWith('.json')) {
-                    const content = await fs.readFile(path.join(dir, file), 'utf-8');
-                    versions.push(JSON.parse(content));
-                }
-            }
-            // Sort by timestamp
-            versions.sort((a, b) => a.timestamp - b.timestamp);
-            this.versions.set(toolId, versions);
-            return versions;
-        }
-        catch {
-            return [];
-        }
-    }
-}
-/**
- * Create a default self-modification engine
- */
-export function createSelfModificationEngine(config) {
-    return new SelfModificationEngine(config);
-}

package/dist/bin/alpha-zero/types.js

@@ -1,30 +0,0 @@
-/**
- * Alpha Zero 2 - Type Definitions
- *
- * Core type definitions for the competitive multi-agent RL framework.
- *
- * Principal Investigator: Bo Shang
- * Framework: erosolar-cli
- */
-/**
- * Default research metadata.
- */
-export const ALPHA_ZERO_2_METADATA = {
-    projectName: 'Alpha Zero 2',
-    version: '1.0.0',
-    author: 'Bo Shang',
-    framework: 'erosolar-cli',
-    description: 'Recursive Self-Improvement in Competitive Multi-Agent Systems',
-    innovations: [
-        'Recursive Self-Modification Engine: Agents modify their own tool source code',
-        'Competitive Multi-Agent Framework: Tournament system with parallel execution',
-        'Version-Controlled Self-Improvement: SHA-256 checkpoints with automatic rollback',
-        'AST-Based Code Quality Metrics: Comprehensive evaluation across 10+ dimensions',
-    ],
-    techStack: {
-        python: ['typer', 'rich', 'prompt-toolkit', 'pydantic', 'aiohttp', 'tiktoken'],
-        typescript: ['chalk', 'ora', 'gradient-string', 'boxen', 'nanospinner'],
-        aiProviders: ['anthropic', 'openai', 'google-generativeai'],
-        testing: ['pytest', 'pytest-asyncio', 'mypy', 'ruff', 'eslint'],
-    },
-};