ferret-scan 1.0.0

package/dist/rules/index.js

@@ -0,0 +1,97 @@
+/**
+ * Rule Registry - Manages all security detection rules
+ */
+import { exfiltrationRules } from './exfiltration.js';
+import { credentialRules } from './credentials.js';
+import { injectionRules } from './injection.js';
+import { backdoorRules } from './backdoors.js';
+import { obfuscationRules } from './obfuscation.js';
+import { permissionRules } from './permissions.js';
+import { persistenceRules } from './persistence.js';
+import { supplyChainRules } from './supply-chain.js';
+import { aiSpecificRules } from './ai-specific.js';
+import { semanticRules } from './semanticRules.js';
+import { correlationRules } from './correlationRules.js';
+import logger from '../utils/logger.js';
+/**
+ * All built-in rules
+ */
+const ALL_RULES = [
+    ...exfiltrationRules,
+    ...credentialRules,
+    ...injectionRules,
+    ...backdoorRules,
+    ...obfuscationRules,
+    ...permissionRules,
+    ...persistenceRules,
+    ...supplyChainRules,
+    ...aiSpecificRules,
+    ...semanticRules,
+    ...correlationRules,
+];
+/**
+ * Get all rules
+ */
+export function getAllRules() {
+    return ALL_RULES;
+}
+/**
+ * Get rules filtered by categories
+ */
+export function getRulesByCategories(categories) {
+    return ALL_RULES.filter(rule => categories.includes(rule.category));
+}
+/**
+ * Get rules filtered by severity
+ */
+export function getRulesBySeverity(severities) {
+    return ALL_RULES.filter(rule => severities.includes(rule.severity));
+}
+/**
+ * Get a specific rule by ID
+ */
+export function getRuleById(id) {
+    return ALL_RULES.find(rule => rule.id === id);
+}
+/**
+ * Get enabled rules only
+ */
+export function getEnabledRules() {
+    return ALL_RULES.filter(rule => rule.enabled);
+}
+/**
+ * Get rules for scanning with filters applied
+ */
+export function getRulesForScan(categories, severities) {
+    const rules = ALL_RULES.filter(rule => {
+        if (!rule.enabled)
+            return false;
+        if (!categories.includes(rule.category))
+            return false;
+        if (!severities.includes(rule.severity))
+            return false;
+        return true;
+    });
+    logger.debug(`Loaded ${rules.length} rules for scan`);
+    return rules;
+}
+/**
+ * Get rule statistics
+ */
+export function getRuleStats() {
+    const byCategory = {};
+    const bySeverity = {};
+    for (const rule of ALL_RULES) {
+        byCategory[rule.category] = (byCategory[rule.category] ?? 0) + 1;
+        bySeverity[rule.severity] = (bySeverity[rule.severity] ?? 0) + 1;
+    }
+    return {
+        total: ALL_RULES.length,
+        enabled: ALL_RULES.filter(r => r.enabled).length,
+        byCategory: byCategory,
+        bySeverity: bySeverity,
+    };
+}
+export { exfiltrationRules, credentialRules, injectionRules, backdoorRules, obfuscationRules, permissionRules, persistenceRules, supplyChainRules, aiSpecificRules, semanticRules, correlationRules, };
+export default getAllRules;
+//# sourceMappingURL=index.js.map

package/dist/rules/injection.d.ts

@@ -0,0 +1,8 @@
+/**
+ * Prompt Injection Detection Rules
+ * Detects malicious instructions to manipulate AI behavior
+ */
+import type { Rule } from '../types.js';
+export declare const injectionRules: Rule[];
+export default injectionRules;
+//# sourceMappingURL=injection.d.ts.map

package/dist/rules/injection.js

@@ -0,0 +1,136 @@
+/**
+ * Prompt Injection Detection Rules
+ * Detects malicious instructions to manipulate AI behavior
+ */
+export const injectionRules = [
+    {
+        id: 'INJ-001',
+        name: 'Ignore Instructions Pattern',
+        category: 'injection',
+        severity: 'HIGH',
+        description: 'Detects attempts to make Claude ignore previous instructions',
+        patterns: [
+            /ignore\s+(previous|all|above|prior|system)\s+instructions/gi,
+            /disregard\s+(previous|all|above|prior|your)\s+(rules|guidelines|instructions)/gi,
+            /forget\s+(previous|all|above|prior)\s+instructions/gi,
+            /override\s+(previous|all|system)\s+instructions/gi,
+        ],
+        fileTypes: ['md', 'json'],
+        components: ['skill', 'agent', 'ai-config-md', 'settings', 'plugin'],
+        remediation: 'Remove override instructions. These patterns are commonly used in prompt injection attacks.',
+        references: [
+            'https://owasp.org/www-project-top-10-for-large-language-model-applications/',
+        ],
+        enabled: true,
+    },
+    {
+        id: 'INJ-002',
+        name: 'Mode Switching Attack',
+        category: 'injection',
+        severity: 'HIGH',
+        description: 'Detects attempts to switch Claude into different operational modes',
+        patterns: [
+            /you\s+are\s+now\s+in\s+.*(mode|state)/gi,
+            /enter\s+(developer|admin|debug|unrestricted|jailbreak)\s+mode/gi,
+            /switch\s+to\s+(developer|admin|debug|unrestricted)\s+mode/gi,
+            /activate\s+(developer|admin|debug|god)\s+mode/gi,
+        ],
+        fileTypes: ['md', 'json'],
+        components: ['skill', 'agent', 'ai-config-md', 'settings'],
+        remediation: 'Remove mode switching instructions. These are prompt injection techniques.',
+        references: [],
+        enabled: true,
+    },
+    {
+        id: 'INJ-003',
+        name: 'DAN Jailbreak Pattern',
+        category: 'injection',
+        severity: 'CRITICAL',
+        description: 'Detects "Do Anything Now" and similar jailbreak attempts',
+        patterns: [
+            /\bDAN\b/g,
+            /Do\s+Anything\s+Now/gi,
+            /jailbreak/gi,
+            /jailbroken/gi,
+            /bypass\s+(filter|safety|restriction|guardrail)/gi,
+        ],
+        fileTypes: ['md', 'json'],
+        components: ['skill', 'agent', 'ai-config-md', 'settings'],
+        remediation: 'Remove jailbreak attempts. These patterns attempt to bypass safety measures.',
+        references: [],
+        enabled: true,
+    },
+    {
+        id: 'INJ-004',
+        name: 'Safety Override Pattern',
+        category: 'injection',
+        severity: 'HIGH',
+        description: 'Detects attempts to override safety guidelines',
+        patterns: [
+            /disregard\s+(your|safety|ethical)\s+(guidelines|rules|constraints)/gi,
+            /you\s+(don't|do\s+not)\s+have\s+(any\s+)?(restrictions|limits|constraints)/gi,
+            /pretend\s+.*not\s+bound\s+by/gi,
+            /act\s+as\s+if\s+you\s+have\s+no\s+(restrictions|limits)/gi,
+        ],
+        fileTypes: ['md', 'json'],
+        components: ['skill', 'agent', 'ai-config-md'],
+        remediation: 'Remove safety override instructions.',
+        references: [],
+        enabled: true,
+    },
+    {
+        id: 'INJ-005',
+        name: 'Role Manipulation',
+        category: 'injection',
+        severity: 'MEDIUM',
+        description: 'Detects suspicious role-play instructions that may be injection attempts',
+        patterns: [
+            /roleplay\s+as\s+.*(evil|malicious|hacker|attacker)/gi,
+            /pretend\s+(to\s+be|you\s+are)\s+.*(evil|malicious|hacker)/gi,
+            /act\s+as\s+.*(evil|malicious|hacker|attacker)/gi,
+            /you\s+are\s+(an?\s+)?(evil|malicious|rogue|compromised)/gi,
+        ],
+        fileTypes: ['md', 'json'],
+        components: ['skill', 'agent', 'ai-config-md'],
+        remediation: 'Remove role manipulation instructions that encourage malicious behavior.',
+        references: [],
+        enabled: true,
+    },
+    {
+        id: 'INJ-006',
+        name: 'Hidden Instruction Pattern',
+        category: 'injection',
+        severity: 'HIGH',
+        description: 'Detects hidden instructions using HTML comments or special formatting',
+        patterns: [
+            /<!--.*?(ignore|override|disregard|bypass).*?-->/gis,
+            /\[hidden\].*?(ignore|override|disregard)/gi,
+            /\[SYSTEM\].*?instruction/gi,
+        ],
+        fileTypes: ['md'],
+        components: ['skill', 'agent', 'ai-config-md'],
+        remediation: 'Remove hidden instructions from HTML comments or special tags.',
+        references: [],
+        enabled: true,
+    },
+    {
+        id: 'INJ-007',
+        name: 'Instruction Hierarchy Manipulation',
+        category: 'injection',
+        severity: 'HIGH',
+        description: 'Detects attempts to manipulate instruction priority',
+        patterns: [
+            /this\s+instruction\s+(takes|has)\s+(priority|precedence)/gi,
+            /highest\s+priority\s+instruction/gi,
+            /override\s+all\s+other\s+instructions/gi,
+            /this\s+supersedes\s+all/gi,
+        ],
+        fileTypes: ['md', 'json'],
+        components: ['skill', 'agent', 'ai-config-md'],
+        remediation: 'Remove instruction priority manipulation attempts.',
+        references: [],
+        enabled: true,
+    },
+];
+export default injectionRules;
+//# sourceMappingURL=injection.js.map

package/dist/rules/obfuscation.d.ts

@@ -0,0 +1,8 @@
+/**
+ * Obfuscation Detection Rules
+ * Detects hidden or encoded malicious content
+ */
+import type { Rule } from '../types.js';
+export declare const obfuscationRules: Rule[];
+export default obfuscationRules;
+//# sourceMappingURL=obfuscation.d.ts.map

package/dist/rules/obfuscation.js

@@ -0,0 +1,159 @@
+/**
+ * Obfuscation Detection Rules
+ * Detects hidden or encoded malicious content
+ */
+export const obfuscationRules = [
+    {
+        id: 'OBF-001',
+        name: 'Base64 Encoded Commands',
+        category: 'obfuscation',
+        severity: 'HIGH',
+        description: 'Detects base64 encoding combined with execution, often used to hide malicious commands',
+        patterns: [
+            /echo\s+['"][A-Za-z0-9+/=]{20,}['"]\s*\|\s*base64\s+-d/gi,
+            /base64\s+-d\s+<<</gi,
+            /atob\s*\(/gi,
+            /Buffer\.from\s*\([^)]+,\s*['"]base64['"]\)/gi,
+        ],
+        fileTypes: ['sh', 'bash', 'zsh', 'md', 'json'],
+        components: ['hook', 'skill', 'agent', 'ai-config-md', 'plugin', 'mcp'],
+        remediation: 'Decode and review base64 content. Remove if malicious.',
+        references: [],
+        enabled: true,
+    },
+    {
+        id: 'OBF-002',
+        name: 'JavaScript String Obfuscation',
+        category: 'obfuscation',
+        severity: 'HIGH',
+        description: 'Detects JavaScript string obfuscation techniques',
+        patterns: [
+            /String\.fromCharCode\s*\(/gi,
+            /\[['"]\\x[0-9a-f]{2}['"]\]/gi,
+            /\\u[0-9a-f]{4}/gi,
+            /unescape\s*\(/gi,
+        ],
+        fileTypes: ['md', 'json'],
+        components: ['skill', 'agent', 'ai-config-md', 'mcp', 'plugin'],
+        remediation: 'Review obfuscated JavaScript code. Remove if suspicious.',
+        references: [],
+        enabled: true,
+    },
+    {
+        id: 'OBF-003',
+        name: 'Zero-Width Characters',
+        category: 'obfuscation',
+        severity: 'HIGH',
+        description: 'Detects invisible zero-width characters that may hide content',
+        patterns: [
+            /[\u200B-\u200D\uFEFF]/g,
+            /[\u2060-\u2064]/g,
+            /[\u180E]/g,
+        ],
+        fileTypes: ['md', 'json', 'yaml', 'yml'],
+        components: ['skill', 'agent', 'ai-config-md', 'settings', 'mcp'],
+        remediation: 'Remove zero-width characters. These can be used to hide malicious content.',
+        references: [],
+        enabled: true,
+        // Filter out emoji ZWJ sequences (used in compound emojis like 👨‍💻)
+        excludePatterns: [
+            /[\u{1F300}-\u{1F9FF}]\u200D/gu, // Emoji followed by ZWJ
+            /\u200D[\u{1F300}-\u{1F9FF}]/gu, // ZWJ followed by emoji
+            /[\u{1F468}-\u{1F469}]\u200D/gu, // Person emoji + ZWJ (family/profession emojis)
+        ],
+        excludeContext: [
+            /emoji|gitmoji/gi,
+            /commit\s+(message|type|convention)/gi,
+        ],
+    },
+    {
+        id: 'OBF-004',
+        name: 'Extended ASCII Blocks',
+        category: 'obfuscation',
+        severity: 'MEDIUM',
+        description: 'Detects long sequences of extended ASCII characters that may hide content',
+        patterns: [
+            /[\u0080-\u00FF]{20,}/g,
+        ],
+        fileTypes: ['md', 'json'],
+        components: ['skill', 'agent', 'ai-config-md'],
+        remediation: 'Review extended ASCII sequences for hidden content.',
+        references: [],
+        enabled: true,
+    },
+    {
+        id: 'OBF-005',
+        name: 'HTML Comment Hiding',
+        category: 'obfuscation',
+        severity: 'MEDIUM',
+        description: 'Detects potentially malicious content hidden in HTML comments',
+        patterns: [
+            /<!--[\s\S]{100,}?-->/g,
+            /<!--.*?(script|eval|function).*?-->/gis,
+        ],
+        fileTypes: ['md'],
+        components: ['skill', 'agent', 'ai-config-md'],
+        remediation: 'Review HTML comments for hidden malicious content.',
+        references: [],
+        enabled: true,
+    },
+    {
+        id: 'OBF-006',
+        name: 'Long Whitespace Sequences',
+        category: 'obfuscation',
+        severity: 'LOW',
+        description: 'Detects unusually long whitespace that may hide steganographic content',
+        patterns: [
+            /\s{50,}/g,
+            /\t{20,}/g,
+        ],
+        fileTypes: ['md', 'sh', 'bash'],
+        components: ['skill', 'agent', 'ai-config-md', 'hook'],
+        remediation: 'Review long whitespace sequences. These could hide steganographic content.',
+        references: [],
+        enabled: true,
+        // Filter out ASCII art and diagrams
+        excludeContext: [
+            /[┌┐└┘├┤┬┴┼─│]/g, // Box drawing characters (ASCII art)
+            /[╔╗╚╝╠╣╦╩╬═║]/g, // Double-line box drawing
+            /[+\-|]{3,}/g, // Simple ASCII art borders
+            /diagram|flowchart|architecture/gi,
+            /```(ascii|text|diagram)/gi,
+        ],
+    },
+    {
+        id: 'OBF-007',
+        name: 'Hex Encoded Content',
+        category: 'obfuscation',
+        severity: 'HIGH',
+        description: 'Detects hex-encoded strings that may hide commands',
+        patterns: [
+            /\\x[0-9a-fA-F]{2}(?:\\x[0-9a-fA-F]{2}){10,}/g,
+            /0x[0-9a-fA-F]{2}(?:,\s*0x[0-9a-fA-F]{2}){10,}/g,
+        ],
+        fileTypes: ['md', 'json', 'sh', 'bash'],
+        components: ['skill', 'agent', 'ai-config-md', 'hook', 'mcp'],
+        remediation: 'Decode and review hex-encoded content.',
+        references: [],
+        enabled: true,
+    },
+    {
+        id: 'OBF-008',
+        name: 'ANSI Escape Sequences',
+        category: 'obfuscation',
+        severity: 'MEDIUM',
+        description: 'Detects ANSI escape sequences that may hide terminal output',
+        patterns: [
+            /\x1b\[[0-9;]*m/g,
+            /\\e\[[0-9;]*m/g,
+            /\\033\[[0-9;]*m/g,
+        ],
+        fileTypes: ['sh', 'bash', 'zsh', 'md'],
+        components: ['hook', 'skill', 'agent', 'ai-config-md'],
+        remediation: 'Review ANSI sequences. They can be used to hide terminal output.',
+        references: [],
+        enabled: true,
+    },
+];
+export default obfuscationRules;
+//# sourceMappingURL=obfuscation.js.map

package/dist/rules/permissions.d.ts

@@ -0,0 +1,8 @@
+/**
+ * Permission Escalation Detection Rules
+ * Detects attempts to gain elevated privileges
+ */
+import type { Rule } from '../types.js';
+export declare const permissionRules: Rule[];
+export default permissionRules;
+//# sourceMappingURL=permissions.d.ts.map

package/dist/rules/permissions.js

@@ -0,0 +1,129 @@
+/**
+ * Permission Escalation Detection Rules
+ * Detects attempts to gain elevated privileges
+ */
+export const permissionRules = [
+    {
+        id: 'PERM-001',
+        name: 'Wildcard Permission Grant',
+        category: 'permissions',
+        severity: 'CRITICAL',
+        description: 'Detects wildcard permissions that allow unrestricted tool access',
+        patterns: [
+            /"allow".*Bash\s*\(\s*\*\s*\)/gi,
+            /"permissions".*"\*"/gi,
+            /defaultMode.*dontAsk/gi,
+            /allowAll.*true/gi,
+        ],
+        fileTypes: ['json'],
+        components: ['settings', 'mcp', 'plugin'],
+        remediation: 'Never use wildcard permissions. Specify exact allowed commands.',
+        references: [],
+        enabled: true,
+    },
+    {
+        id: 'PERM-002',
+        name: 'Sudo Usage',
+        category: 'permissions',
+        severity: 'HIGH',
+        description: 'Detects sudo commands which execute with elevated privileges',
+        patterns: [
+            /sudo\s+/gi,
+            /sudo\s+-i/gi,
+            /sudo\s+su/gi,
+            /doas\s+/gi,
+        ],
+        fileTypes: ['sh', 'bash', 'zsh', 'md'],
+        components: ['hook', 'skill', 'agent', 'ai-config-md', 'plugin'],
+        remediation: 'Avoid sudo in hooks and skills. Operations should run with user privileges.',
+        references: [],
+        enabled: true,
+        // Filter out installation instructions in documentation
+        // Note: Don't use 'g' flag for excludePatterns (causes regex state issues with .test())
+        excludePatterns: [
+            /sudo\s+apt(-get)?\s+install/i, // Package installation docs
+            /sudo\s+yum\s+install/i,
+            /sudo\s+dnf\s+install/i,
+            /sudo\s+pacman\s+-S/i,
+            /sudo\s+brew\s+install/i,
+        ],
+        excludeContext: [
+            /readme/i,
+            /installation|install\s+(instructions|guide|steps)/i,
+            /getting\s+started/i,
+            /prerequisites/i,
+            /requirements/i,
+        ],
+    },
+    {
+        id: 'PERM-003',
+        name: 'Insecure File Permissions',
+        category: 'permissions',
+        severity: 'HIGH',
+        description: 'Detects overly permissive file permission settings',
+        patterns: [
+            /chmod\s+777/gi,
+            /chmod\s+666/gi,
+            /chmod\s+-R\s+777/gi,
+            /chmod\s+a\+rwx/gi,
+        ],
+        fileTypes: ['sh', 'bash', 'zsh', 'md'],
+        components: ['hook', 'skill', 'agent', 'ai-config-md', 'plugin'],
+        remediation: 'Avoid overly permissive chmod settings. Use minimal required permissions.',
+        references: [],
+        enabled: true,
+    },
+    {
+        id: 'PERM-004',
+        name: 'Ownership Change',
+        category: 'permissions',
+        severity: 'MEDIUM',
+        description: 'Detects file ownership changes which may indicate privilege escalation',
+        patterns: [
+            /chown\s+root/gi,
+            /chown\s+-R\s+root/gi,
+            /chgrp\s+root/gi,
+        ],
+        fileTypes: ['sh', 'bash', 'zsh', 'md'],
+        components: ['hook', 'skill', 'agent', 'ai-config-md', 'plugin'],
+        remediation: 'Review ownership changes. Changing to root ownership may indicate issues.',
+        references: [],
+        enabled: true,
+    },
+    {
+        id: 'PERM-005',
+        name: 'SUID/SGID Manipulation',
+        category: 'permissions',
+        severity: 'CRITICAL',
+        description: 'Detects SUID/SGID bit manipulation which can enable privilege escalation',
+        patterns: [
+            /chmod\s+[0-7]*[4-7][0-7]{2}/gi, // SUID/SGID bits
+            /chmod\s+u\+s/gi,
+            /chmod\s+g\+s/gi,
+        ],
+        fileTypes: ['sh', 'bash', 'zsh'],
+        components: ['hook', 'plugin'],
+        remediation: 'Never set SUID/SGID bits in hooks or scripts.',
+        references: [],
+        enabled: true,
+    },
+    {
+        id: 'PERM-006',
+        name: 'Dangerous Tool Permissions',
+        category: 'permissions',
+        severity: 'HIGH',
+        description: 'Detects permissions for dangerous tools in Claude settings',
+        patterns: [
+            /"allowedTools".*"Bash"/gi,
+            /"trustedTools".*".*"/gi,
+            /allowBash.*true/gi,
+        ],
+        fileTypes: ['json'],
+        components: ['settings', 'mcp'],
+        remediation: 'Review tool permissions carefully. Limit Bash access to specific commands.',
+        references: [],
+        enabled: true,
+    },
+];
+export default permissionRules;
+//# sourceMappingURL=permissions.js.map

package/dist/rules/persistence.d.ts

@@ -0,0 +1,8 @@
+/**
+ * Persistence Detection Rules
+ * Detects attempts to maintain access across sessions
+ */
+import type { Rule } from '../types.js';
+export declare const persistenceRules: Rule[];
+export default persistenceRules;
+//# sourceMappingURL=persistence.d.ts.map

package/dist/rules/persistence.js

@@ -0,0 +1,117 @@
+/**
+ * Persistence Detection Rules
+ * Detects attempts to maintain access across sessions
+ */
+export const persistenceRules = [
+    {
+        id: 'PERS-001',
+        name: 'Crontab Modification',
+        category: 'persistence',
+        severity: 'HIGH',
+        description: 'Detects crontab modifications which can establish persistent access',
+        patterns: [
+            /crontab\s+-e/gi,
+            /crontab\s+-l/gi,
+            /crontab\s+</gi,
+            /\/etc\/cron/gi,
+            /\/var\/spool\/cron/gi,
+        ],
+        fileTypes: ['sh', 'bash', 'zsh', 'md'],
+        components: ['hook', 'skill', 'agent', 'ai-config-md', 'plugin'],
+        remediation: 'Remove crontab modifications. Persistent scheduled tasks should be reviewed.',
+        references: [],
+        enabled: true,
+    },
+    {
+        id: 'PERS-002',
+        name: 'Shell RC File Modification',
+        category: 'persistence',
+        severity: 'HIGH',
+        description: 'Detects modifications to shell configuration files',
+        patterns: [
+            /~\/\.bashrc/gi,
+            /~\/\.zshrc/gi,
+            /~\/\.profile/gi,
+            /~\/\.bash_profile/gi,
+            />>\s*~\/\.(bash|zsh|profile)/gi,
+        ],
+        fileTypes: ['sh', 'bash', 'zsh', 'md'],
+        components: ['hook', 'skill', 'agent', 'ai-config-md', 'plugin'],
+        remediation: 'Avoid modifying shell RC files. These persist across sessions.',
+        references: [],
+        enabled: true,
+    },
+    {
+        id: 'PERS-003',
+        name: 'Git Hook Modification',
+        category: 'persistence',
+        severity: 'MEDIUM',
+        description: 'Detects modifications to git hooks which execute on git operations',
+        patterns: [
+            /\.git\/hooks\/(pre|post)-/gi,
+            /git\/hooks\/commit/gi,
+            /git\/hooks\/push/gi,
+        ],
+        fileTypes: ['sh', 'bash', 'zsh', 'md'],
+        components: ['hook', 'skill', 'agent', 'ai-config-md', 'plugin'],
+        remediation: 'Review git hook modifications. These execute automatically on git operations.',
+        references: [],
+        enabled: true,
+    },
+    {
+        id: 'PERS-004',
+        name: 'Systemd Service Creation',
+        category: 'persistence',
+        severity: 'CRITICAL',
+        description: 'Detects creation of systemd services for persistent execution',
+        patterns: [
+            /systemctl\s+enable/gi,
+            /\/etc\/systemd\/system/gi,
+            /\.service\s*$/gm,
+            /systemctl\s+start/gi,
+        ],
+        fileTypes: ['sh', 'bash', 'zsh', 'md'],
+        components: ['hook', 'skill', 'agent', 'ai-config-md', 'plugin'],
+        remediation: 'Never create systemd services from hooks or skills.',
+        references: [],
+        enabled: true,
+    },
+    {
+        id: 'PERS-005',
+        name: 'LaunchAgent/LaunchDaemon (macOS)',
+        category: 'persistence',
+        severity: 'CRITICAL',
+        description: 'Detects creation of macOS launch agents or daemons',
+        patterns: [
+            /LaunchAgents/gi,
+            /LaunchDaemons/gi,
+            /launchctl\s+load/gi,
+            /\.plist\s*$/gm,
+        ],
+        fileTypes: ['sh', 'bash', 'zsh', 'md'],
+        components: ['hook', 'skill', 'agent', 'ai-config-md', 'plugin'],
+        remediation: 'Never create Launch Agents or Daemons from configuration files.',
+        references: [],
+        enabled: true,
+    },
+    {
+        id: 'PERS-006',
+        name: 'Startup Script Modification',
+        category: 'persistence',
+        severity: 'HIGH',
+        description: 'Detects modifications to system startup scripts',
+        patterns: [
+            /\/etc\/rc\.local/gi,
+            /\/etc\/init\.d/gi,
+            /\/etc\/profile\.d/gi,
+            /autostart/gi,
+        ],
+        fileTypes: ['sh', 'bash', 'zsh', 'md'],
+        components: ['hook', 'skill', 'agent', 'ai-config-md', 'plugin'],
+        remediation: 'Avoid modifying startup scripts for persistence.',
+        references: [],
+        enabled: true,
+    },
+];
+export default persistenceRules;
+//# sourceMappingURL=persistence.js.map