ferret-scan 2.1.2 → 2.3.0

package/CHANGELOG.md

@@ -7,6 +7,18 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+### Security
+- **`redact: true` by default**: `DEFAULT_CONFIG.redact` flipped from `false` to `true` — secrets found during a scan are now redacted in all output formats (console, CI logs, SARIF, HTML, CSV) without requiring any opt-in
+- **ReDoS prevention enforced in custom rules**: `customRules.ts` now compiles all user-supplied patterns via `compileSafePattern` (previously used raw `new RegExp()`), closing the path by which a malicious `.ferret/rules.yml` could hang a CI build; validation step likewise uses `compileSafePattern` to reject unsafe patterns before load
+- **Dependency vulnerabilities patched**: `npm audit fix` resolves all 7 vulnerabilities (1 critical Handlebars JS injection, 3 high ReDoS in minimatch/picomatch/flatted, 3 moderate)
+
+### Changed
+- **Windows platform support**: Removed `"os": ["!win32"]` exclusion; `package.json` now lists `linux`, `darwin`, and `win32`. Platform guards were already in place in `Quarantine.ts` and `gitHooks.ts`
+
+### Fixed
+- **SECURITY.md accuracy**: Supported version table updated to `2.x` (was incorrectly showing `1.x`); custom rules threat mitigation description now accurately describes the `compileSafePattern` enforcement path
+- **Dockerfile version label**: Updated `org.opencontainers.image.version` from `2.1.0` to `2.2.0` for consistency
+
 ### Planned Features
 - Complete LSP server implementation
 - Complete IntelliJ plugin implementation
@@ -16,6 +28,29 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - REST API for third-party integrations
 - SIEM/SOAR integrations
 
+## [2.2.0] - 2026-04-23
+
+### Security
+- **Bounded content cache**: Replaced unbounded `Map` with `BoundedContentCache` (256 MB aggregate cap, 10,000 entry limit, 1 MB per-file cap with LRU eviction) to prevent OOM on large repos
+- **Quarantine hardening**: Quarantine directory created with mode `0700` (owner-only) on POSIX; permissions verified after creation with a warning if loose; disk-space pre-checked via `statfsSync` before any quarantine operation
+- **BUILTIN_FIXES startup validation**: All 9 built-in remediation patterns validated by `compileSafePattern` at module load time — a bad pattern fails fast at startup rather than at first use
+- **Hybrid AST deadline**: `analyzeFile` now enforces both a per-code-block cap (default 500 ms, `maxBlockMs`) and a file-scoped total cap (default 2 s, `maxMs`). A single hostile markdown block can no longer starve all subsequent blocks of their analysis budget
+- **ReDoS prevention hardened**: `compileSafePattern` updated to screen alternation-inside-quantified-groups patterns; `globToRegex` escapes all regex metacharacters and anchors patterns; all correlation and AST pattern execution runs through `runBounded`
+- **`statfsSync` bigint safety**: Explicit `Number()` coercion in `hasSufficientDiskSpace` guards against future `{ bigint: true }` call-sites
+- **`ignoreComments` regex fix**: Alternation order corrected (longest-first: `ignore-next-line`, `ignore-line`, `ignore`) so `ferret-ignore-next-line` is no longer mis-parsed as `ferret-ignore`
+
+### Added
+- **JSON schema sync**: `src/schemas/ferret-config.schema.json` now generated from the runtime zod schema via `npm run schema:generate`; CI enforces drift detection with `npm run schema:check`
+- **Coverage thresholds**: Per-module Jest coverage thresholds for `safeRegex`, `glob`, `contentCache`, `Fixer`, `Quarantine`, `AstAnalyzer`, all four reporters, `WatchMode`, and `policyEnforcement` — silent regressions now fail CI
+- **CI benchmark regression detection**: `scripts/bench-compare.mjs` compares benchmark results against the cached main-branch baseline and fails PRs that regress by >20%
+
+### Tests
+- **673 tests** across 39 test suites (was 244 tests)
+- New unit tests: `AstAnalyzer`, `ConsoleReporter`, `HtmlReporter`, `SarifReporter`, `WatchMode`, `contentCache`, `safeRegex`, `glob`, `Fixer`, `Quarantine`, `ignoreComments`, `mcpValidator`, `policyEnforcement`, `cliOptions`
+- New integration tests: `remediation` (scan→fix→rescan, quarantine→restore, dry-run, backup round-trip) and `cli` (subprocess exit-code contract for `--version`, `--help`, scan, SARIF output)
+- HtmlReporter XSS escape verified: `<script>` in finding values renders as `&lt;script&gt;`
+- SarifReporter validates SARIF 2.1.0 shape, severity mapping, rule deduplication, and location encoding
+
 ## [2.1.0] - 2026-02-16
 
 ### Added

package/README.md

@@ -19,7 +19,7 @@
 ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠁⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢻⣿⣟⣿⣿⠿⣿⡿⠟⠁
 ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠙⠻⠯⠝⠋⠀⠀⠀⠀
 </pre>
-<strong>Security Scanner for AI CLI Configurations</strong>
+<strong>Static Security Scanner for AI CLI and MCP Configurations</strong>
 </p>
 
 <p align="center">
@@ -42,9 +42,9 @@
 
 ---
 
-**Ferret** is a security scanner purpose-built for AI assistant configurations. It detects prompt injections, credential leaks, jailbreak attempts, and malicious patterns in your AI CLI setup before they become problems.
+**Ferret** is a static security scanner purpose-built for AI assistant configurations. It detects prompt injections, credential leaks, jailbreak attempts, and malicious patterns in your AI CLI and MCP server configs before they become problems.
 
-Threat intelligence uses a local indicator database by default (no external feeds unless you add indicators).
+Scanning is **local and offline by default** — no data leaves your machine. Threat intelligence uses a local indicator database (no external feeds unless you opt in).
 
 ```
 $ ferret scan .
@@ -106,21 +106,23 @@ Ferret understands AI CLI structures and catches **AI-specific threats** that ge
 
 ## Advanced Features
 
-**IDE Integration**
-- **VS Code Extension**: Real-time security scanning with inline diagnostics and quick fixes
-
-**Analysis Engines**
+**Analysis Engines** (all implemented, local/offline)
 - **MITRE ATLAS mapping**: Every finding mapped to ATLAS adversary techniques
-- **LLM-assisted analysis**: Optional AI-powered threat detection (OpenAI-compatible APIs)
+- **LLM-assisted analysis**: Optional AI-powered threat detection via OpenAI-compatible APIs (opt-in, networked)
 - **Semantic analysis**: TypeScript AST-based code analysis
 - **Cross-file correlation**: Detect multi-file attack chains
 - **Entropy analysis**: Secret detection via Shannon entropy
 - **Threat intelligence**: Local indicator database matching
 
+**IDE Integration**
+- **VS Code Extension**: Real-time security scanning with inline diagnostics and quick fixes (build from source)
+
 **Planned Features**
 - Language Server Protocol (LSP) for universal IDE support
 - IntelliJ plugin
-- Runtime behavior monitoring
+- MCP server trust scoring and provenance verification
+- SBOM/AIBOM generation for AI configurations
+- Runtime behavior monitoring and anomaly detection (currently static analysis only)
 - Compliance framework assessments (SOC2, ISO 27001, GDPR)
 - Community rule sharing platform
 
@@ -850,14 +852,16 @@ ferret scan . --thorough --format atlas -o atlas-layer.json
 
 ## Planned Features
 
+- MCP server trust scoring and package provenance verification
+- SBOM/AIBOM generation for AI configurations
 - Language Server Protocol (LSP) for Neovim, Emacs, Sublime Text
 - IntelliJ plugin for JetBrains IDEs
-- Runtime behavior monitoring and anomaly detection
+- Runtime behavior monitoring and anomaly detection (tool is currently static analysis only)
 - Compliance framework assessments (SOC2, ISO 27001, GDPR)
 - Community rule sharing platform
 - CI/CD plugins for Jenkins, Azure DevOps
 - REST API for third-party integrations
-- Threat intel updates from external sources
+- Threat intel feeds from external sources (currently local DB only)
 - More LLM providers and local-first presets
 
 ## IDE Integration

package/bin/ferret.js

@@ -5,8 +5,8 @@
  */
 
 import { Command } from 'commander';
-import { readFileSync } from 'node:fs';
-import { resolve, dirname } from 'node:path';
+import { readFileSync, existsSync } from 'node:fs';
+import { resolve, dirname, basename } from 'node:path';
 import { fileURLToPath } from 'node:url';
 import { scan, getExitCode } from '../dist/scanner/Scanner.js';
 import { loadConfig, getAIConfigPaths } from '../dist/utils/config.js';
@@ -52,6 +52,7 @@ import { installHooks, uninstallHooks, getHookStatus } from '../dist/features/gi
 import { loadCustomRules, validateCustomRulesFile } from '../dist/features/customRules.js';
 import { analyzeEntropy, entropyFindingsToFindings } from '../dist/features/entropyAnalysis.js';
 import { validateMcpConfig, findAndValidateMcpConfigs, mcpAssessmentsToFindings } from '../dist/features/mcpValidator.js';
+import { scoreMcpServer } from '../dist/features/mcpTrustScore.js';
 import { compareScanResults, formatComparisonReport, saveScanResult, loadScanResult } from '../dist/features/scanDiff.js';
 import { sendWebhook, detectWebhookType } from '../dist/features/webhooks.js';
 import { analyzeDependencies, dependencyAssessmentsToFindings, findAndAnalyzeDependencies } from '../dist/features/dependencyRisk.js';
@@ -89,14 +90,14 @@ program
   .option('-w, --watch', 'Watch mode - rescan on file changes')
   .option('--ci', 'CI mode - minimal output, suitable for pipelines')
   .option('-v, --verbose', 'Verbose output with context')
-  .option('--threat-intel', 'Enable threat intelligence feeds (experimental)')
-  .option('--semantic-analysis', 'Enable AST-based semantic analysis')
-  .option('--correlation-analysis', 'Enable cross-file correlation analysis')
-  .option('--entropy-analysis', 'Enable entropy-based secret detection')
+  .option('--threat-intel', '[EXPERIMENTAL] Enable local threat intelligence matching (built-in IoC database; add custom indicators via `ferret intel add`)')
+  .option('--semantic-analysis', 'Enable AST-based semantic analysis of code blocks in config files')
+  .option('--correlation-analysis', '[EXPERIMENTAL] Enable cross-file correlation analysis (detects multi-file attack chains; higher false-positive rate on large repos)')
+  .option('--entropy-analysis', 'Enable entropy-based secret detection (Shannon entropy scoring)')
   .option('--mcp-validation', 'Enable MCP server configuration validation')
   .option('--dependency-analysis', 'Enable dependency risk analysis (package.json)')
-  .option('--dependency-audit', 'Run npm audit as part of dependency analysis (slow, may require network)')
-  .option('--capability-mapping', 'Enable AI agent capability mapping')
+  .option('--dependency-audit', 'Run npm audit as part of dependency analysis (slow, requires network)')
+  .option('--capability-mapping', '[EXPERIMENTAL] Enable AI agent capability mapping (heuristic-based; expect false positives on complex configs)')
   .option('--config-only', 'Restrict scanning to high-signal AI config files (reduces noise)')
   .option('--marketplace <mode>', 'Marketplace scan mode: off, configs, all')
   .option('--no-doc-dampening', 'Disable documentation severity dampening (reduces false positives in docs)')
@@ -238,6 +239,17 @@ program
       // Apply auto-fix if enabled
       const shouldAutoFix = options.autoFix || options.autoRemediation;
 
+      // Warn when experimental features are enabled
+      const experimentalEnabled = [
+        options.threatIntel && 'threat-intel',
+        options.correlationAnalysis && 'correlation-analysis',
+        options.capabilityMapping && 'capability-mapping',
+      ].filter(Boolean);
+      if (experimentalEnabled.length > 0 && !options.ci) {
+        const names = experimentalEnabled.join(', ');
+        console.warn(`\n⚠  EXPERIMENTAL: ${names} — findings from these analyzers are heuristic-based and may have a higher false-positive rate. Review results carefully.\n`);
+      }
+
       // If no paths specified and no AI CLI configs found, show helpful message
       if (config.paths.length === 0) {
         console.error('No AI CLI configuration directories found.');
@@ -267,7 +279,7 @@ program
       // Apply baseline filtering if enabled
       if (!options.ignoreBaseline) {
         const baselinePath = options.baseline || getDefaultBaselinePath(config.paths);
-        const baseline = loadBaseline(baselinePath);
+        const baseline = await loadBaseline(baselinePath);
         if (baseline) {
           console.log(`📋 Applying baseline from: ${baselinePath}`);
           result = filterAgainstBaseline(result, baseline);
@@ -514,7 +526,7 @@ baselineCmd
       const baselinePath = options.output || getDefaultBaselinePath(config.paths);
       const baseline = createBaseline(result, options.description);
 
-      saveBaseline(baseline, baselinePath);
+      await saveBaseline(baseline, baselinePath);
       console.log(`✅ Created baseline with ${baseline.findings.length} findings`);
       console.log(`📋 Baseline saved to: ${baselinePath}`);
 
@@ -528,10 +540,10 @@ baselineCmd
   .command('show')
   .description('Show baseline information')
   .argument('[file]', 'Baseline file path (defaults to .ferret-baseline.json)')
-  .action((file) => {
+  .action(async (file) => {
     try {
       const baselinePath = file || getDefaultBaselinePath([process.cwd()]);
-      const baseline = loadBaseline(baselinePath);
+      const baseline = await loadBaseline(baselinePath);
 
       if (!baseline) {
         console.error(`No baseline found at: ${baselinePath}`);
@@ -578,7 +590,7 @@ baselineCmd
   .action(async (file, options) => {
     try {
       const baselinePath = file || getDefaultBaselinePath([process.cwd()]);
-      const baseline = loadBaseline(baselinePath);
+      const baseline = await loadBaseline(baselinePath);
 
       if (!baseline) {
         console.error(`No baseline found at: ${baselinePath}`);
@@ -1120,6 +1132,90 @@ mcpCmd
     }
   });
 
+mcpCmd
+  .command('audit')
+  .description('Score every MCP server in a config for trust and security posture')
+  .argument('[path]', 'Path to .mcp.json or directory to search (default: current directory)')
+  .option('-f, --format <format>', 'Output format: table, json', 'table')
+  .option('--fail-on <level>', 'Exit non-zero when any server is at or below this trust level: critical, low, medium', 'critical')
+  .action((path, options) => {
+    try {
+      const targetPath = path ? resolve(path) : process.cwd();
+
+      // Locate .mcp.json files
+      const { configs } = findAndValidateMcpConfigs(targetPath);
+      const mcpFiles = configs.map(c => c.path);
+
+      // Also try direct file if it looks like an mcp config
+      if (mcpFiles.length === 0 && existsSync(targetPath) && targetPath.endsWith('.json')) {
+        mcpFiles.push(targetPath);
+      }
+
+      if (mcpFiles.length === 0) {
+        console.log('No MCP configuration files found');
+        process.exit(0);
+      }
+
+      const trustLevelOrder = { CRITICAL: 0, LOW: 1, MEDIUM: 2, HIGH: 3 };
+      const failOrder = { critical: 0, low: 1, medium: 2, high: 3 };
+      const failThreshold = failOrder[options.failOn] ?? 0;
+
+      const allResults = [];
+      let worstTrust = 'HIGH';
+
+      for (const mcpFile of mcpFiles) {
+        let parsed;
+        try {
+          parsed = JSON.parse(readFileSync(mcpFile, 'utf-8'));
+        } catch {
+          console.error(`  Failed to parse ${mcpFile}`);
+          continue;
+        }
+
+        const servers = parsed.mcpServers ?? parsed.servers ?? {};
+        for (const [name, cfg] of Object.entries(servers)) {
+          const trust = scoreMcpServer({ ...cfg, name });
+          allResults.push({ file: basename(mcpFile), name, ...trust });
+          if (trustLevelOrder[trust.trustLevel] < trustLevelOrder[worstTrust]) {
+            worstTrust = trust.trustLevel;
+          }
+        }
+      }
+
+      if (options.format === 'json') {
+        console.log(JSON.stringify({ servers: allResults, worstTrust }, null, 2));
+      } else {
+        const levelIcon = { HIGH: '✅', MEDIUM: '⚠️ ', LOW: '🟠', CRITICAL: '🔴' };
+        console.log('\n  MCP SERVER TRUST AUDIT\n');
+        console.log(`  ${'Server'.padEnd(28)} ${'Score'.padEnd(7)} ${'Trust'.padEnd(10)} Flags`);
+        console.log('  ' + '─'.repeat(80));
+        for (const r of allResults) {
+          const icon = levelIcon[r.trustLevel] ?? '?';
+          const flags = r.flags.length > 0 ? r.flags[0].slice(0, 48) + (r.flags[0].length > 48 ? '…' : '') : '';
+          console.log(`  ${icon} ${r.name.padEnd(26)} ${String(r.score).padEnd(7)} ${r.trustLevel.padEnd(10)} ${flags}`);
+          if (r.flags.length > 1) {
+            for (const f of r.flags.slice(1)) {
+              console.log(`       ${''.padEnd(26)} ${''.padEnd(7)} ${''.padEnd(10)} ${f.slice(0, 48)}`);
+            }
+          }
+        }
+        console.log('');
+        console.log(`  ${allResults.length} server(s) audited  |  Worst trust level: ${worstTrust}`);
+        console.log('');
+      }
+
+      const exitLevel = failOrder[worstTrust.toLowerCase()] ?? 3;
+      if (exitLevel <= failThreshold) {
+        process.exit(1);
+      }
+      process.exit(0);
+
+    } catch (error) {
+      console.error('Error auditing MCP configs:', error.message);
+      process.exit(1);
+    }
+  });
+
 // Dependency analysis commands
 const depsCmd = program
   .command('deps')

package/dist/__tests__/AgentMonitor.test.d.ts

@@ -0,0 +1,6 @@
+/**
+ * AgentMonitor Tests
+ * Tests for the AgentMonitor class in src/monitoring/AgentMonitor.ts
+ */
+export {};
+//# sourceMappingURL=AgentMonitor.test.d.ts.map

package/dist/__tests__/AgentMonitor.test.js

@@ -0,0 +1,235 @@
+/**
+ * AgentMonitor Tests
+ * Tests for the AgentMonitor class in src/monitoring/AgentMonitor.ts
+ */
+import { AgentMonitor, agentMonitor } from '../monitoring/AgentMonitor.js';
+function makeConfig(overrides = {}) {
+    return {
+        enabled: true,
+        watchPaths: [],
+        trackNetwork: false,
+        trackFileSystem: false,
+        trackResources: false,
+        anomalyDetection: true,
+        ...overrides,
+    };
+}
+describe('AgentMonitor', () => {
+    let monitor;
+    beforeEach(() => {
+        monitor = new AgentMonitor();
+    });
+    afterEach(async () => {
+        await monitor.stopMonitoring();
+    });
+    // -------------------------------------------------------------------------
+    // startMonitoring / stopMonitoring
+    // -------------------------------------------------------------------------
+    describe('startMonitoring', () => {
+        it('starts monitoring without error', async () => {
+            await expect(monitor.startMonitoring(makeConfig())).resolves.toBeUndefined();
+        });
+        it('is idempotent – calling twice does not throw', async () => {
+            await monitor.startMonitoring(makeConfig());
+            await expect(monitor.startMonitoring(makeConfig())).resolves.toBeUndefined();
+        });
+        it('starts with trackResources=true', async () => {
+            await expect(monitor.startMonitoring(makeConfig({ trackResources: true }))).resolves.toBeUndefined();
+        });
+        it('starts with trackNetwork=true', async () => {
+            await expect(monitor.startMonitoring(makeConfig({ trackNetwork: true }))).resolves.toBeUndefined();
+        });
+        it('starts with trackFileSystem=true and watchPaths', async () => {
+            await expect(monitor.startMonitoring(makeConfig({ trackFileSystem: true, watchPaths: ['/tmp'] }))).resolves.toBeUndefined();
+        });
+    });
+    describe('stopMonitoring', () => {
+        it('stops without error even when not started', async () => {
+            await expect(monitor.stopMonitoring()).resolves.toBeUndefined();
+        });
+        it('clears execution history on stop', async () => {
+            await monitor.startMonitoring(makeConfig());
+            monitor.trackExecution({ command: 'test-cmd', agentType: 'test' });
+            expect(monitor.getExecutionHistory()).toHaveLength(1);
+            await monitor.stopMonitoring();
+            expect(monitor.getExecutionHistory()).toHaveLength(0);
+        });
+    });
+    // -------------------------------------------------------------------------
+    // trackExecution
+    // -------------------------------------------------------------------------
+    describe('trackExecution', () => {
+        it('returns an execution id string', () => {
+            const id = monitor.trackExecution({ command: 'ls', agentType: 'test' });
+            expect(typeof id).toBe('string');
+            expect(id).toMatch(/^exec_/);
+        });
+        it('stores execution in history', () => {
+            monitor.trackExecution({ command: 'ls', agentType: 'test' });
+            expect(monitor.getExecutionHistory()).toHaveLength(1);
+        });
+        it('fills in defaults for missing fields', () => {
+            const id = monitor.trackExecution({});
+            const history = monitor.getExecutionHistory();
+            const exec = history.find(e => e.id === id);
+            expect(exec).toBeDefined();
+            expect(exec?.agentType).toBe('unknown');
+            expect(exec?.command).toBe('');
+            expect(exec?.args).toEqual([]);
+            expect(exec?.networkActivity).toEqual([]);
+            expect(exec?.fileSystemActivity).toEqual([]);
+        });
+        it('emits execution-started event', () => {
+            const listener = jest.fn();
+            monitor.on('execution-started', listener);
+            monitor.trackExecution({ command: 'echo', agentType: 'test' });
+            expect(listener).toHaveBeenCalledTimes(1);
+            expect(listener.mock.calls[0][0]).toMatchObject({ command: 'echo' });
+        });
+        it('supports multiple executions', () => {
+            monitor.trackExecution({ command: 'cmd1' });
+            monitor.trackExecution({ command: 'cmd2' });
+            monitor.trackExecution({ command: 'cmd3' });
+            expect(monitor.getExecutionHistory()).toHaveLength(3);
+        });
+    });
+    // -------------------------------------------------------------------------
+    // completeExecution
+    // -------------------------------------------------------------------------
+    describe('completeExecution', () => {
+        it('does nothing if id is unknown', () => {
+            expect(() => monitor.completeExecution('nonexistent-id', 0)).not.toThrow();
+        });
+        it('sets endTime, exitCode, and duration on known execution', () => {
+            const id = monitor.trackExecution({ command: 'sleep', agentType: 'test' });
+            monitor.completeExecution(id, 0);
+            const exec = monitor.getExecutionHistory().find(e => e.id === id);
+            expect(exec?.exitCode).toBe(0);
+            expect(exec?.endTime).toBeInstanceOf(Date);
+            expect(typeof exec?.duration).toBe('number');
+            expect(exec.duration).toBeGreaterThanOrEqual(0);
+        });
+        it('emits execution-completed event', () => {
+            const listener = jest.fn();
+            monitor.on('execution-completed', listener);
+            const id = monitor.trackExecution({ command: 'test', agentType: 'test' });
+            monitor.completeExecution(id, 1);
+            expect(listener).toHaveBeenCalledTimes(1);
+            expect(listener.mock.calls[0][0]).toMatchObject({ exitCode: 1 });
+        });
+    });
+    // -------------------------------------------------------------------------
+    // Baseline & anomaly detection
+    // -------------------------------------------------------------------------
+    describe('baseline updates', () => {
+        it('starts with empty baselines', () => {
+            expect(monitor.getBaselines().size).toBe(0);
+        });
+        it('builds baseline after completing an execution', () => {
+            const id = monitor.trackExecution({ command: 'my-cmd', agentType: 'test' });
+            monitor.completeExecution(id, 0);
+            expect(monitor.getBaselines().has('my-cmd')).toBe(true);
+        });
+        it('updates baseline across multiple executions', () => {
+            for (let i = 0; i < 3; i++) {
+                const id = monitor.trackExecution({ command: 'repeat-cmd', agentType: 'test' });
+                monitor.completeExecution(id, 0);
+            }
+            const baseline = monitor.getBaselines().get('repeat-cmd');
+            expect(baseline?.executions).toBe(3);
+        });
+    });
+    describe('anomaly detection', () => {
+        it('emits anomalies-detected on CPU spike', () => {
+            const anomalyListener = jest.fn();
+            monitor.on('anomalies-detected', anomalyListener);
+            // Establish baseline with normal CPU usage
+            const id1 = monitor.trackExecution({
+                command: 'spike-cmd',
+                agentType: 'test',
+                resources: { cpuPercent: 10, memoryMB: 100, diskReadMB: 0, diskWriteMB: 0 },
+            });
+            monitor.completeExecution(id1, 0);
+            // Now simulate a CPU spike (> 2.5x baseline)
+            const id2 = monitor.trackExecution({
+                command: 'spike-cmd',
+                agentType: 'test',
+                resources: { cpuPercent: 5000, memoryMB: 100, diskReadMB: 0, diskWriteMB: 0 },
+            });
+            monitor.completeExecution(id2, 0);
+            expect(anomalyListener).toHaveBeenCalled();
+            const call = anomalyListener.mock.calls[anomalyListener.mock.calls.length - 1][0];
+            expect(call.anomalies.some(a => a.type === 'resource_spike')).toBe(true);
+        });
+        it('emits anomalies-detected on memory spike', () => {
+            const anomalyListener = jest.fn();
+            monitor.on('anomalies-detected', anomalyListener);
+            const id1 = monitor.trackExecution({
+                command: 'mem-cmd',
+                agentType: 'test',
+                resources: { cpuPercent: 5, memoryMB: 50, diskReadMB: 0, diskWriteMB: 0 },
+            });
+            monitor.completeExecution(id1, 0);
+            // 2x spike
+            const id2 = monitor.trackExecution({
+                command: 'mem-cmd',
+                agentType: 'test',
+                resources: { cpuPercent: 5, memoryMB: 10000, diskReadMB: 0, diskWriteMB: 0 },
+            });
+            monitor.completeExecution(id2, 0);
+            expect(anomalyListener).toHaveBeenCalled();
+        });
+        it('emits anomalies-detected for suspicious file access', () => {
+            const anomalyListener = jest.fn();
+            monitor.on('anomalies-detected', anomalyListener);
+            // Establish baseline first
+            const id1 = monitor.trackExecution({ command: 'file-cmd', agentType: 'test' });
+            monitor.completeExecution(id1, 0);
+            // Execution that accesses sensitive files
+            const id2 = monitor.trackExecution({
+                command: 'file-cmd',
+                agentType: 'test',
+                fileSystemActivity: [
+                    { timestamp: new Date(), operation: 'read', path: '/home/user/.env', bytes: 100 },
+                    { timestamp: new Date(), operation: 'read', path: '/home/user/.ssh/id_rsa', bytes: 200 },
+                ],
+            });
+            monitor.completeExecution(id2, 0);
+            expect(anomalyListener).toHaveBeenCalled();
+            const lastCall = anomalyListener.mock.calls[anomalyListener.mock.calls.length - 1][0];
+            expect(lastCall.anomalies.some(a => a.type === 'suspicious_files')).toBe(true);
+        });
+        it('emits anomalies-detected for unusual network activity', () => {
+            const anomalyListener = jest.fn();
+            monitor.on('anomalies-detected', anomalyListener);
+            // Establish baseline with minimal network
+            const id1 = monitor.trackExecution({
+                command: 'net-cmd',
+                agentType: 'test',
+                networkActivity: [{ timestamp: new Date(), direction: 'outbound', protocol: 'tcp', host: 'example.com', port: 80, bytes: 100 }],
+            });
+            monitor.completeExecution(id1, 0);
+            // Big spike (> 3x)
+            const id2 = monitor.trackExecution({
+                command: 'net-cmd',
+                agentType: 'test',
+                networkActivity: [
+                    { timestamp: new Date(), direction: 'outbound', protocol: 'tcp', host: 'evil.com', port: 443, bytes: 1_000_000_000 },
+                ],
+            });
+            monitor.completeExecution(id2, 0);
+            expect(anomalyListener).toHaveBeenCalled();
+            const lastCall = anomalyListener.mock.calls[anomalyListener.mock.calls.length - 1][0];
+            expect(lastCall.anomalies.some(a => a.type === 'unusual_network')).toBe(true);
+        });
+    });
+    // -------------------------------------------------------------------------
+    // Exported singleton
+    // -------------------------------------------------------------------------
+    describe('agentMonitor singleton', () => {
+        it('is an instance of AgentMonitor', () => {
+            expect(agentMonitor).toBeInstanceOf(AgentMonitor);
+        });
+    });
+});
+//# sourceMappingURL=AgentMonitor.test.js.map

package/dist/__tests__/AtlasNavigatorReporter.test.d.ts

@@ -0,0 +1,6 @@
+/**
+ * AtlasNavigatorReporter Tests
+ * Tests for MITRE ATLAS Navigator layer generation.
+ */
+export {};
+//# sourceMappingURL=AtlasNavigatorReporter.test.d.ts.map