erosolar-cli 2.1.194 → 2.1.196

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "erosolar-cli",
-  "version": "2.1.194",
+  "version": "2.1.196",
   "description": "Unified AI agent framework for the command line - Multi-provider support with schema-driven tools, code intelligence, and transparent reasoning",
   "main": "dist/bin/erosolar.js",
   "type": "module",

package/agents/erosolar-security.rules.json

@@ -1,147 +0,0 @@
-{
-  "$schema": "../src/contracts/schemas/agent-rules.schema.json",
-  "contractVersion": "1.0.0",
-  "profile": "erosolar-security",
-  "version": "2024-11-24",
-  "label": "Erosolar Security Agent Rulebook",
-  "description": "Guardrails for security-focused workflows in controlled environments. Emphasizes auditable planning, explicit scoping, and non-destructive defaults.",
-  "globalPrinciples": [
-    {
-      "id": "sec.scope_and_intent",
-      "summary": "Always confirm scope, targets, and authorization before proposing offensive actions. Default to lab/simulation unless explicitly stated otherwise.",
-      "severity": "critical"
-    },
-    {
-      "id": "sec.audit_trail",
-      "summary": "Narrate intent before each tool use and summarize results after. Keep steps reproducible and bounded.",
-      "severity": "required"
-    },
-    {
-      "id": "sec.non_destructive_default",
-      "summary": "Avoid destructive changes. Prefer read-only enumeration, simulation, and offline planning unless explicitly permitted.",
-      "severity": "critical"
-    },
-    {
-      "id": "sec.data_minimization",
-      "summary": "Collect only what is needed to advance the engagement plan. Do not exfiltrate bulk data.",
-      "severity": "required"
-    },
-    {
-      "id": "sec.evidence_based",
-      "summary": "Ground all findings in evidence (scan output, logs, file paths). Avoid speculation; ask for missing evidence.",
-      "severity": "critical"
-    },
-    {
-      "id": "sec.validation_path",
-      "summary": "For exploit plans, state preconditions, payload choice rationale, and expected outcomes. Provide rollback/abort steps.",
-      "severity": "required"
-    }
-  ],
-  "phases": [
-    {
-      "id": "recon",
-      "label": "Reconnaissance",
-      "description": "Triage assets, services, and trust boundaries. Identify likely choke points and authentication flows.",
-      "steps": [
-        {
-          "id": "step.enumerate",
-          "title": "Enumerate assets",
-          "intent": "Enumerate assets and entry points; cluster by network segment and auth surface.",
-          "rules": [
-            {
-              "id": "rule.recon.scope",
-              "summary": "Confirm target scope before scanning. Use read-only tools by default.",
-              "severity": "critical"
-            }
-          ]
-        },
-        {
-          "id": "step.prioritize",
-          "title": "Prioritize targets",
-          "intent": "Prioritize paths with high privilege gain vs. detection risk.",
-          "rules": [
-            {
-              "id": "rule.recon.evidence",
-              "summary": "Document findings with evidence (scan output, service versions).",
-              "severity": "required"
-            }
-          ]
-        }
-      ]
-    },
-    {
-      "id": "attack_graph",
-      "label": "Attack Graph",
-      "description": "Construct and refine attack paths before execution.",
-      "steps": [
-        {
-          "id": "step.model",
-          "title": "Model attack paths",
-          "intent": "Model nodes (assets/identities) and edges (exploits/misconfigs).",
-          "rules": [
-            {
-              "id": "rule.graph.validation",
-              "summary": "Use attack_path_search to rank viable paths with cost/reward/detection trade-offs.",
-              "severity": "required"
-            }
-          ]
-        },
-        {
-          "id": "step.select",
-          "title": "Select paths",
-          "intent": "Select top candidates and define validation checkpoints.",
-          "rules": [
-            {
-              "id": "rule.graph.checkpoint",
-              "summary": "Define validation checkpoints and abort criteria for each path.",
-              "severity": "required"
-            }
-          ]
-        }
-      ]
-    },
-    {
-      "id": "payload_selection",
-      "label": "Payload Selection",
-      "description": "Schedule payloads to maximize signal with minimal risk.",
-      "steps": [
-        {
-          "id": "step.schedule",
-          "title": "Schedule payloads",
-          "intent": "Use payload_scheduler with recent outcomes to rank payloads.",
-          "rules": [
-            {
-              "id": "rule.payload.noise",
-              "summary": "Prefer low-noise probes first; escalate only if needed.",
-              "severity": "required"
-            }
-          ]
-        }
-      ]
-    },
-    {
-      "id": "reporting",
-      "label": "Reporting",
-      "description": "Document findings, evidence, and mitigations.",
-      "steps": [
-        {
-          "id": "step.document",
-          "title": "Document findings",
-          "intent": "Capture reproduction steps and affected assets.",
-          "rules": [
-            {
-              "id": "rule.report.evidence",
-              "summary": "Include reproduction steps, evidence, and affected assets.",
-              "severity": "required"
-            },
-            {
-              "id": "rule.report.mitigations",
-              "summary": "List mitigations, compensating controls, and detection guidance.",
-              "severity": "required"
-            }
-          ]
-        }
-      ]
-    }
-  ]
-}

package/dist/capabilities/offsecOpsCapability.d.ts

@@ -1,6 +0,0 @@
-import type { CapabilityContribution, CapabilityModule } from '../runtime/agentHost.js';
-export declare class OffsecOperationsCapabilityModule implements CapabilityModule {
-    readonly id = "capability.offsec.operations";
-    create(): Promise<CapabilityContribution>;
-}
-//# sourceMappingURL=offsecOpsCapability.d.ts.map

package/dist/capabilities/offsecOpsCapability.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"offsecOpsCapability.d.ts","sourceRoot":"","sources":["../../src/capabilities/offsecOpsCapability.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,sBAAsB,EAAqB,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAE3G,qBAAa,gCAAiC,YAAW,gBAAgB;IACvE,QAAQ,CAAC,EAAE,kCAAkC;IAEvC,MAAM,IAAI,OAAO,CAAC,sBAAsB,CAAC;CAehD"}

package/dist/capabilities/offsecOpsCapability.js

@@ -1,19 +0,0 @@
-export class OffsecOperationsCapabilityModule {
-    id = 'capability.offsec.operations';
-    async create() {
-        return {
-            id: 'offsec.operations',
-            description: 'Offensive operations capability has been removed for this deployment.',
-            toolSuite: {
-                id: 'offsec-operations',
-                description: 'Removed offensive security operations',
-                tools: [],
-            },
-            metadata: {
-                workingDir: '',
-                scope: 'offensive-security-disabled',
-            },
-        };
-    }
-}
-//# sourceMappingURL=offsecOpsCapability.js.map

package/dist/capabilities/offsecOpsCapability.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"offsecOpsCapability.js","sourceRoot":"","sources":["../../src/capabilities/offsecOpsCapability.ts"],"names":[],"mappings":"AAEA,MAAM,OAAO,gCAAgC;IAClC,EAAE,GAAG,8BAA8B,CAAC;IAE7C,KAAK,CAAC,MAAM;QACV,OAAO;YACL,EAAE,EAAE,mBAAmB;YACvB,WAAW,EAAE,uEAAuE;YACpF,SAAS,EAAE;gBACT,EAAE,EAAE,mBAAmB;gBACvB,WAAW,EAAE,uCAAuC;gBACpD,KAAK,EAAE,EAAE;aACV;YACD,QAAQ,EAAE;gBACR,UAAU,EAAE,EAAE;gBACd,KAAK,EAAE,6BAA6B;aACrC;SACF,CAAC;IACJ,CAAC;CACF"}

package/dist/capabilities/offsecSearchCapability.d.ts

@@ -1,12 +0,0 @@
-import type { CapabilityContribution, CapabilityContext, CapabilityModule } from '../runtime/agentHost.js';
-/**
- * Offensive search capability
- *
- * Provides offline attack-path search and payload scheduling utilities.
- * Designed for lab/offline planning—no network operations.
- */
-export declare class OffsecSearchCapabilityModule implements CapabilityModule {
-    readonly id = "capability.offsec.search";
-    create(context: CapabilityContext): Promise<CapabilityContribution>;
-}
-//# sourceMappingURL=offsecSearchCapability.d.ts.map

package/dist/capabilities/offsecSearchCapability.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"offsecSearchCapability.d.ts","sourceRoot":"","sources":["../../src/capabilities/offsecSearchCapability.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,sBAAsB,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAG3G;;;;;GAKG;AACH,qBAAa,4BAA6B,YAAW,gBAAgB;IACnE,QAAQ,CAAC,EAAE,8BAA8B;IAEnC,MAAM,CAAC,OAAO,EAAE,iBAAiB,GAAG,OAAO,CAAC,sBAAsB,CAAC;CAgB1E"}

package/dist/capabilities/offsecSearchCapability.js

@@ -1,27 +0,0 @@
-import { createOffsecSearchTools } from '../tools/offsecSearchTools.js';
-/**
- * Offensive search capability
- *
- * Provides offline attack-path search and payload scheduling utilities.
- * Designed for lab/offline planning—no network operations.
- */
-export class OffsecSearchCapabilityModule {
-    id = 'capability.offsec.search';
-    async create(context) {
-        const tools = createOffsecSearchTools();
-        return {
-            id: 'offsec.search',
-            description: 'Attack-graph search and payload scheduling for offensive planning (offline).',
-            toolSuite: {
-                id: 'offsec-search',
-                description: 'Offensive search helpers',
-                tools,
-            },
-            metadata: {
-                workingDir: context.workingDir,
-                scope: 'offline-planning',
-            },
-        };
-    }
-}
-//# sourceMappingURL=offsecSearchCapability.js.map

package/dist/capabilities/offsecSearchCapability.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"offsecSearchCapability.js","sourceRoot":"","sources":["../../src/capabilities/offsecSearchCapability.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,uBAAuB,EAAE,MAAM,+BAA+B,CAAC;AAExE;;;;;GAKG;AACH,MAAM,OAAO,4BAA4B;IAC9B,EAAE,GAAG,0BAA0B,CAAC;IAEzC,KAAK,CAAC,MAAM,CAAC,OAA0B;QACrC,MAAM,KAAK,GAAG,uBAAuB,EAAE,CAAC;QACxC,OAAO;YACL,EAAE,EAAE,eAAe;YACnB,WAAW,EAAE,8EAA8E;YAC3F,SAAS,EAAE;gBACT,EAAE,EAAE,eAAe;gBACnB,WAAW,EAAE,0BAA0B;gBACvC,KAAK;aACN;YACD,QAAQ,EAAE;gBACR,UAAU,EAAE,OAAO,CAAC,UAAU;gBAC9B,KAAK,EAAE,kBAAkB;aAC1B;SACF,CAAC;IACJ,CAAC;CACF"}

package/dist/core/offsecAlphaZero.d.ts

@@ -1,59 +0,0 @@
-/**
- * AlphaZero-style offensive security coordinator.
- *
- * Provides a lightweight Monte Carlo style scorer over an action tree so
- * runs can be started, resumed, and updated with outcomes (success/fail/detected).
- * The goal is to keep a "sensible" frontier of next actions, reward progress,
- * and persist state so a long red-team style engagement can be paused/resumed.
- */
-export type OffsecOutcome = 'success' | 'fail' | 'detected';
-export type OffsecActionCategory = 'recon' | 'web' | 'creds' | 'payload' | 'lateral' | 'privilege' | 'cloud';
-export interface OffsecActionNode {
-    id: string;
-    label: string;
-    category: OffsecActionCategory;
-    command: string;
-    rationale: string;
-    prior: number;
-    successPrior: number;
-    detectionRisk: number;
-    cost: number;
-    parentId: string | null;
-    children: string[];
-    visits: number;
-    valueSum: number;
-    status: 'pending' | 'succeeded' | 'failed' | 'detected';
-    note?: string;
-}
-export interface OffsecRun {
-    id: string;
-    objective: string;
-    scope: string[];
-    rootId: string;
-    nodes: Record<string, OffsecActionNode>;
-    createdAt: string;
-    updatedAt: string;
-    nextCounter: number;
-}
-export interface OffsecSuggestion {
-    id: string;
-    label: string;
-    category: OffsecActionCategory;
-    command: string;
-    rationale: string;
-    score: number;
-    path: string[];
-    status: OffsecActionNode['status'];
-}
-export declare function startOffsecRun(objective: string, scope?: string[]): OffsecRun;
-export declare function resumeOffsecRun(runId?: string | null): OffsecRun | null;
-export declare function listOffsecRuns(): Array<{
-    id: string;
-    objective: string;
-    updatedAt: string;
-}>;
-export declare function recordOffsecOutcome(runId: string, actionId: string, outcome: OffsecOutcome, note?: string): OffsecRun | null;
-export declare function getOffsecNextActions(runId: string, count?: number): OffsecSuggestion[];
-export declare function simulateOffsecRollout(runId: string, steps?: number): OffsecSuggestion[];
-export declare function formatOffsecStatus(run: OffsecRun, next?: OffsecSuggestion[]): string;
-//# sourceMappingURL=offsecAlphaZero.d.ts.map

package/dist/core/offsecAlphaZero.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"offsecAlphaZero.d.ts","sourceRoot":"","sources":["../../src/core/offsecAlphaZero.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAMH,MAAM,MAAM,aAAa,GAAG,SAAS,GAAG,MAAM,GAAG,UAAU,CAAC;AAE5D,MAAM,MAAM,oBAAoB,GAC5B,OAAO,GACP,KAAK,GACL,OAAO,GACP,SAAS,GACT,SAAS,GACT,WAAW,GACX,OAAO,CAAC;AAEZ,MAAM,WAAW,gBAAgB;IAC/B,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,oBAAoB,CAAC;IAC/B,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,MAAM,CAAC;IACd,YAAY,EAAE,MAAM,CAAC;IACrB,aAAa,EAAE,MAAM,CAAC;IACtB,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,SAAS,GAAG,WAAW,GAAG,QAAQ,GAAG,UAAU,CAAC;IACxD,IAAI,CAAC,EAAE,MAAM,CAAC;CACf;AAED,MAAM,WAAW,SAAS;IACxB,EAAE,EAAE,MAAM,CAAC;IACX,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,gBAAgB,CAAC,CAAC;IACxC,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,gBAAgB;IAC/B,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,oBAAoB,CAAC;IAC/B,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,EAAE,CAAC;IACf,MAAM,EAAE,gBAAgB,CAAC,QAAQ,CAAC,CAAC;CACpC;AAubD,wBAAgB,cAAc,CAAC,SAAS,EAAE,MAAM,EAAE,KAAK,GAAE,MAAM,EAAO,GAAG,SAAS,CAkCjF;AAED,wBAAgB,eAAe,CAAC,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,GAAG,IAAI,CAQvE;AAED,wBAAgB,cAAc,IAAI,KAAK,CAAC;IAAE,EAAE,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,MAAM,CAAA;CAAE,CAAC,CAc5F;AAED,wBAAgB,mBAAmB,CACjC,KAAK,EAAE,MAAM,EACb,QAAQ,EAAE,MAAM,EAChB,OAAO,EAAE,aAAa,EACtB,IAAI,CAAC,EAAE,MAAM,GACZ,SAAS,GAAG,IAAI,CAgClB;AAED,wBAAgB,oBAAoB,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,SAAI,GAAG,gBAAgB,EAAE,CAMjF;AAED,wBAAgB,qBAAqB,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,SAAI,GAAG,gBAAgB,EAAE,CAqBlF;AAED,wBAAgB,kBAAkB,CAAC,GAAG,EAAE,SAAS,EAAE,IAAI,GAAE,gBAAgB,EAAO,GAAG,MAAM,CAuBxF"}