fullcourtdefense-cli 1.0.2

package/dist/output.js

@@ -0,0 +1,292 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.formatTable = formatTable;
+exports.formatSummary = formatSummary;
+exports.formatReport = formatReport;
+exports.formatFullReport = formatFullReport;
+exports.formatJson = formatJson;
+exports.formatCredits = formatCredits;
+exports.formatScanResult = formatScanResult;
+exports.spinner = spinner;
+const RESET = '\x1b[0m';
+const BOLD = '\x1b[1m';
+const DIM = '\x1b[2m';
+const RED = '\x1b[31m';
+const GREEN = '\x1b[32m';
+const YELLOW = '\x1b[33m';
+const CYAN = '\x1b[36m';
+const WHITE = '\x1b[37m';
+const BG_RED = '\x1b[41m';
+const BG_GREEN = '\x1b[42m';
+const BG_YELLOW = '\x1b[43m';
+function scoreColor(score) {
+    if (score >= 80)
+        return GREEN;
+    if (score >= 50)
+        return YELLOW;
+    return RED;
+}
+function severityColor(s) {
+    if (s === 'critical' || s === 'high')
+        return RED;
+    if (s === 'medium')
+        return YELLOW;
+    return DIM;
+}
+function pad(str, len) {
+    return str.length >= len ? str.slice(0, len) : str + ' '.repeat(len - str.length);
+}
+function padLeft(str, len) {
+    return str.length >= len ? str : ' '.repeat(len - str.length) + str;
+}
+function truncate(str, max) {
+    if (str.length <= max)
+        return str;
+    return str.slice(0, max - 1) + '…';
+}
+function blockText(value, max = 1200) {
+    const text = (value || '').trim();
+    if (!text)
+        return '    (empty)';
+    return truncate(text, max)
+        .split('\n')
+        .map(line => `    ${line}`)
+        .join('\n');
+}
+function line(char = '─', len = 72) {
+    return char.repeat(len);
+}
+function formatTable(result) {
+    const { score, results, sessionId } = result;
+    const attacks = results.attacks;
+    const passed = attacks.filter(a => a.analysis.passed).length;
+    const failed = attacks.length - passed;
+    const lines = [];
+    lines.push('');
+    lines.push(`${BOLD}${CYAN}  BotGuard Security Scan${RESET}`);
+    lines.push(`  ${DIM}${line('─', 50)}${RESET}`);
+    lines.push('');
+    // Score
+    const sc = scoreColor(score);
+    const badge = score >= 80 ? `${BG_GREEN}${WHITE}${BOLD} PASS ${RESET}` : score >= 50 ? `${BG_YELLOW}${WHITE}${BOLD} WARN ${RESET}` : `${BG_RED}${WHITE}${BOLD} FAIL ${RESET}`;
+    lines.push(`  ${badge}  Score: ${sc}${BOLD}${score}/100${RESET}`);
+    lines.push('');
+    // Summary
+    lines.push(`  ${GREEN}✓ Passed:${RESET} ${passed}    ${RED}✗ Failed:${RESET} ${failed}    Total: ${attacks.length}`);
+    lines.push(`  ${DIM}Violations: ${results.totalViolations} (${RED}${results.highSeverityCount} high${RESET}${DIM}, ${YELLOW}${results.mediumSeverityCount} med${RESET}${DIM}, ${results.lowSeverityCount} low)${RESET}`);
+    lines.push('');
+    // Category breakdown
+    const categories = new Map();
+    for (const atk of attacks) {
+        const cat = atk.attack.category || 'unknown';
+        const entry = categories.get(cat) || { passed: 0, failed: 0 };
+        if (atk.analysis.passed)
+            entry.passed++;
+        else
+            entry.failed++;
+        categories.set(cat, entry);
+    }
+    lines.push(`  ${BOLD}Category Breakdown${RESET}`);
+    lines.push(`  ${DIM}${line('─', 50)}${RESET}`);
+    lines.push(`  ${DIM}${pad('Category', 24)} ${padLeft('Pass', 6)} ${padLeft('Fail', 6)} ${padLeft('Rate', 8)}${RESET}`);
+    for (const [cat, data] of [...categories.entries()].sort((a, b) => a[0].localeCompare(b[0]))) {
+        const total = data.passed + data.failed;
+        const rate = Math.round((data.passed / total) * 100);
+        const rc = rate >= 80 ? GREEN : rate >= 50 ? YELLOW : RED;
+        lines.push(`  ${pad(cat, 24)} ${padLeft(String(data.passed), 6)} ${padLeft(String(data.failed), 6)} ${rc}${padLeft(rate + '%', 8)}${RESET}`);
+    }
+    // Failed attacks detail
+    const failedAttacks = attacks.filter(a => !a.analysis.passed);
+    if (failedAttacks.length > 0) {
+        lines.push('');
+        lines.push(`  ${BOLD}${RED}Failed Attacks${RESET}`);
+        lines.push(`  ${DIM}${line('─', 50)}${RESET}`);
+        const shown = failedAttacks.slice(0, 15);
+        for (const atk of shown) {
+            const sev = atk.attack.severity || 'medium';
+            const sc = severityColor(sev);
+            const name = atk.attack.name || atk.attack.targetedRule;
+            const reason = atk.analysis.reason || '';
+            lines.push(`  ${sc}● ${sev.toUpperCase().padEnd(8)}${RESET} ${truncate(name, 36)}`);
+            if (reason) {
+                lines.push(`    ${DIM}${truncate(reason, 60)}${RESET}`);
+            }
+        }
+        if (failedAttacks.length > 15) {
+            lines.push(`  ${DIM}... and ${failedAttacks.length - 15} more${RESET}`);
+        }
+    }
+    lines.push('');
+    lines.push(`  ${DIM}Session: ${sessionId}${RESET}`);
+    lines.push(`  ${DIM}Web reports: https://fullcourtdefense.ai/history${RESET}`);
+    lines.push('');
+    return lines.join('\n');
+}
+function formatSummary(result) {
+    const { score, results } = result;
+    const passed = results.attacks.filter(a => a.analysis.passed).length;
+    const failed = results.attacks.length - passed;
+    const status = score >= 80 ? 'PASS' : score >= 50 ? 'WARN' : 'FAIL';
+    return `[${status}] Score: ${score}/100 | Passed: ${passed} | Failed: ${failed} | Violations: ${results.totalViolations}`;
+}
+function formatReport(result) {
+    const { score, results, sessionId, agentDescription, createdAt } = result;
+    const attacks = results.attacks;
+    const passed = attacks.filter(a => a.analysis.passed).length;
+    const failed = attacks.length - passed;
+    const status = score >= 80 ? 'PASS' : score >= 50 ? 'WARN' : 'FAIL';
+    const failedAttacks = attacks.filter(a => !a.analysis.passed);
+    const protectedAttacks = attacks.filter(a => a.analysis.passed && /protected/i.test(a.analysis.reason || ''));
+    const allowedAttacks = attacks.filter(a => a.analysis.passed && !/protected/i.test(a.analysis.reason || ''));
+    const lines = [];
+    lines.push('');
+    lines.push(`${BOLD}${CYAN}FullCourtDefense Local Scan Report${RESET}`);
+    lines.push(line('=', 72));
+    lines.push(`Status: ${status}`);
+    lines.push(`Score: ${score}/100`);
+    lines.push(`Passed: ${passed}`);
+    lines.push(`Failed: ${failed}`);
+    lines.push(`Protected by Shield: ${protectedAttacks.length}`);
+    lines.push(`Allowed by Shield: ${allowedAttacks.length}`);
+    lines.push(`Violations: ${results.totalViolations} (${results.highSeverityCount} high, ${results.mediumSeverityCount} medium, ${results.lowSeverityCount} low)`);
+    lines.push(`Target: ${agentDescription}`);
+    lines.push(`Session: ${sessionId}`);
+    lines.push(`Created: ${createdAt}`);
+    lines.push('');
+    if (failedAttacks.length > 0) {
+        lines.push(`${BOLD}${RED}Failures Requiring Review${RESET}`);
+        lines.push(line('-', 72));
+        failedAttacks.slice(0, 25).forEach((atk, index) => {
+            const violation = atk.analysis.violations[0];
+            lines.push(`[${index + 1}/${failedAttacks.length}] FAIL ${atk.attack.name || atk.attack.targetedRule}`);
+            lines.push(`Category: ${atk.attack.category || 'unknown'} | Severity: ${atk.attack.severity || atk.analysis.severity}`);
+            lines.push(`Analysis: ${atk.analysis.reason || violation?.description || 'Failed security check'}`);
+            if (violation)
+                lines.push(`Rule: ${violation.rule}`);
+            lines.push('Attack sent:');
+            lines.push(blockText(atk.attack.attack));
+            lines.push('Captured response:');
+            lines.push(blockText(atk.agentResponse));
+            lines.push('');
+        });
+        if (failedAttacks.length > 25) {
+            lines.push(`... ${failedAttacks.length - 25} more failures hidden. Use --format full-report for every row.`);
+            lines.push('');
+        }
+    }
+    if (failedAttacks.length === 0) {
+        lines.push(`${BOLD}${GREEN}No failed tests.${RESET}`);
+        lines.push('');
+    }
+    if (protectedAttacks.length > 0) {
+        lines.push(`${BOLD}${GREEN}Protected Samples${RESET}`);
+        lines.push(line('-', 72));
+        protectedAttacks.slice(0, 10).forEach((atk, index) => {
+            lines.push(`[${index + 1}/${protectedAttacks.length}] PASS ${atk.attack.name || atk.attack.targetedRule}`);
+            lines.push(`Analysis: ${atk.analysis.reason || 'Protected by Shield.'}`);
+            lines.push('');
+        });
+        if (protectedAttacks.length > 10) {
+            lines.push(`... ${protectedAttacks.length - 10} more protected tests hidden. Use --format full-report for every row.`);
+            lines.push('');
+        }
+    }
+    lines.push(`Web reports: https://fullcourtdefense.ai/history`);
+    lines.push(`Full local evidence: rerun with --format full-report or --format json`);
+    return lines.join('\n');
+}
+function formatFullReport(result) {
+    const { score, results, sessionId, agentDescription, createdAt } = result;
+    const attacks = results.attacks;
+    const passed = attacks.filter(a => a.analysis.passed).length;
+    const failed = attacks.length - passed;
+    const status = score >= 80 ? 'PASS' : score >= 50 ? 'WARN' : 'FAIL';
+    const lines = [];
+    lines.push('');
+    lines.push(`${BOLD}${CYAN}FullCourtDefense Local Scan Report${RESET}`);
+    lines.push(line('=', 72));
+    lines.push(`Status: ${status}`);
+    lines.push(`Score: ${score}/100`);
+    lines.push(`Passed: ${passed}`);
+    lines.push(`Failed: ${failed}`);
+    lines.push(`Violations: ${results.totalViolations} (${results.highSeverityCount} high, ${results.mediumSeverityCount} medium, ${results.lowSeverityCount} low)`);
+    lines.push(`Target: ${agentDescription}`);
+    lines.push(`Session: ${sessionId}`);
+    lines.push(`Created: ${createdAt}`);
+    lines.push('');
+    const failedAttacks = attacks.filter(a => !a.analysis.passed);
+    const passedAttacks = attacks.filter(a => a.analysis.passed);
+    if (failedAttacks.length > 0) {
+        lines.push(`${BOLD}${RED}Failed Tests${RESET}`);
+        lines.push(line('-', 72));
+        failedAttacks.forEach((atk, index) => {
+            const violation = atk.analysis.violations[0];
+            lines.push(`[${index + 1}/${failedAttacks.length}] FAIL ${atk.attack.name || atk.attack.targetedRule}`);
+            lines.push(`Category: ${atk.attack.category || 'unknown'} | Severity: ${atk.attack.severity || atk.analysis.severity}`);
+            lines.push(`Analysis: ${atk.analysis.reason || violation?.description || 'Failed security check'}`);
+            if (violation)
+                lines.push(`Rule: ${violation.rule}`);
+            lines.push('Attack sent:');
+            lines.push(blockText(atk.attack.attack));
+            lines.push('Captured response:');
+            lines.push(blockText(atk.agentResponse));
+            lines.push('');
+        });
+    }
+    if (passedAttacks.length > 0) {
+        lines.push(`${BOLD}${GREEN}Passed Tests${RESET}`);
+        lines.push(line('-', 72));
+        passedAttacks.forEach((atk, index) => {
+            lines.push(`[${index + 1}/${passedAttacks.length}] PASS ${atk.attack.name || atk.attack.targetedRule}`);
+            lines.push(`Category: ${atk.attack.category || 'unknown'} | Severity: ${atk.attack.severity || atk.analysis.severity}`);
+            lines.push(`Analysis: ${atk.analysis.reason || 'Passed security check'}`);
+            lines.push('Attack sent:');
+            lines.push(blockText(atk.attack.attack));
+            lines.push('Captured response:');
+            lines.push(blockText(atk.agentResponse));
+            lines.push('');
+        });
+    }
+    lines.push(`Web reports: https://fullcourtdefense.ai/history`);
+    return lines.join('\n');
+}
+function formatJson(result) {
+    return JSON.stringify(result, null, 2);
+}
+function formatCredits(credits) {
+    const lines = [];
+    lines.push('');
+    lines.push(`${BOLD}${CYAN}  BotGuard Credits${RESET}`);
+    lines.push(`  ${DIM}${line('─', 40)}${RESET}`);
+    lines.push(`  Plan:      ${BOLD}${credits.plan}${RESET}`);
+    lines.push(`  Used:      ${credits.creditsUsed} / ${credits.monthlyCredits}`);
+    lines.push(`  Remaining: ${BOLD}${credits.remainingCredits}${RESET}`);
+    lines.push('');
+    return lines.join('\n');
+}
+function formatScanResult(result, format) {
+    switch (format) {
+        case 'json': return formatJson(result);
+        case 'full-report': return formatFullReport(result);
+        case 'report': return formatReport(result);
+        case 'summary': return formatSummary(result);
+        case 'table':
+        default: return formatTable(result);
+    }
+}
+function spinner(message) {
+    const frames = ['⠋', '⠙', '⠹', '⠸', '⠼', '⠴', '⠦', '⠧', '⠇', '⠏'];
+    let i = 0;
+    const interval = setInterval(() => {
+        process.stderr.write(`\r  ${CYAN}${frames[i++ % frames.length]}${RESET} ${message}`);
+    }, 80);
+    return {
+        stop(finalMsg) {
+            clearInterval(interval);
+            process.stderr.write(`\r${' '.repeat(message.length + 10)}\r`);
+            if (finalMsg) {
+                process.stderr.write(`  ${GREEN}✓${RESET} ${finalMsg}\n`);
+            }
+        },
+    };
+}

package/package.json

@@ -0,0 +1,41 @@
+{
+  "name": "fullcourtdefense-cli",
+  "version": "1.0.2",
+  "description": "Full Court Defense CLI — security scanning for AI agents from your terminal",
+  "main": "dist/index.js",
+  "bin": {
+    "fullcourtdefense": "dist/index.js",
+    "botguard": "dist/index.js"
+  },
+  "files": [
+    "dist",
+    "README.md"
+  ],
+  "scripts": {
+    "build": "tsc && node scripts/copy-attack-corpus.js",
+    "prepublishOnly": "npm run build"
+  },
+  "keywords": [
+    "llm",
+    "security",
+    "guardrails",
+    "ai-safety",
+    "prompt-injection",
+    "cli",
+    "red-teaming",
+    "owasp",
+    "mcp",
+    "rag"
+  ],
+  "license": "MIT",
+  "devDependencies": {
+    "@types/node": "^25.3.0",
+    "typescript": "^5.3.0"
+  },
+  "engines": {
+    "node": ">=18.0.0"
+  },
+  "dependencies": {
+    "yaml": "^2.8.4"
+  }
+}