guard-scanner 2.0.0 → 3.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +107 -64
- package/dist/__tests__/scanner.test.d.ts +10 -0
- package/dist/__tests__/scanner.test.d.ts.map +1 -0
- package/dist/__tests__/scanner.test.js +374 -0
- package/dist/__tests__/scanner.test.js.map +1 -0
- package/dist/cli.d.ts +10 -0
- package/dist/cli.d.ts.map +1 -0
- package/dist/cli.js +189 -0
- package/dist/cli.js.map +1 -0
- package/dist/index.d.ts +10 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +18 -0
- package/dist/index.js.map +1 -0
- package/dist/ioc-db.d.ts +13 -0
- package/dist/ioc-db.d.ts.map +1 -0
- package/dist/ioc-db.js +130 -0
- package/dist/ioc-db.js.map +1 -0
- package/dist/patterns.d.ts +27 -0
- package/dist/patterns.d.ts.map +1 -0
- package/dist/patterns.js +92 -0
- package/dist/patterns.js.map +1 -0
- package/dist/quarantine.d.ts +18 -0
- package/dist/quarantine.d.ts.map +1 -0
- package/dist/quarantine.js +42 -0
- package/dist/quarantine.js.map +1 -0
- package/dist/scanner.d.ts +54 -0
- package/dist/scanner.d.ts.map +1 -0
- package/dist/scanner.js +1043 -0
- package/dist/scanner.js.map +1 -0
- package/dist/types.d.ts +165 -0
- package/dist/types.d.ts.map +1 -0
- package/dist/types.js +7 -0
- package/dist/types.js.map +1 -0
- package/hooks/guard-scanner/plugin.ts +101 -32
- package/openclaw.plugin.json +60 -0
- package/package.json +25 -9
- package/ts-src/__tests__/fixtures/clean-skill/SKILL.md +9 -0
- package/ts-src/__tests__/fixtures/compaction-skill/SKILL.md +11 -0
- package/ts-src/__tests__/fixtures/malicious-skill/SKILL.md +11 -0
- package/ts-src/__tests__/fixtures/malicious-skill/scripts/evil.js +25 -0
- package/ts-src/__tests__/fixtures/prompt-leakage-skill/SKILL.md +20 -0
- package/ts-src/__tests__/fixtures/prompt-leakage-skill/scripts/debug.js +4 -0
- package/ts-src/__tests__/scanner.test.ts +525 -0
- package/ts-src/cli.ts +171 -0
- package/ts-src/index.ts +15 -0
- package/ts-src/ioc-db.ts +131 -0
- package/ts-src/patterns.ts +104 -0
- package/ts-src/quarantine.ts +48 -0
- package/{src/scanner.js → ts-src/scanner.ts} +376 -383
- package/ts-src/types.ts +187 -0
- package/hooks/guard-scanner/handler.ts +0 -207
- package/src/cli.js +0 -149
- package/src/html-template.js +0 -239
- package/src/ioc-db.js +0 -54
- package/src/patterns.js +0 -190
|
@@ -0,0 +1,374 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* guard-scanner v3.0.0 — Test Suite
|
|
4
|
+
*
|
|
5
|
+
* Guava Standard v5 §4: T-Wada / Red-Green-Refactor
|
|
6
|
+
* Phase 1: RED — All tests written BEFORE implementation changes.
|
|
7
|
+
*
|
|
8
|
+
* Run: node --test dist/__tests__/scanner.test.js
|
|
9
|
+
*/
|
|
10
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
11
|
+
if (k2 === undefined) k2 = k;
|
|
12
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
13
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
14
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
15
|
+
}
|
|
16
|
+
Object.defineProperty(o, k2, desc);
|
|
17
|
+
}) : (function(o, m, k, k2) {
|
|
18
|
+
if (k2 === undefined) k2 = k;
|
|
19
|
+
o[k2] = m[k];
|
|
20
|
+
}));
|
|
21
|
+
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
22
|
+
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
23
|
+
}) : function(o, v) {
|
|
24
|
+
o["default"] = v;
|
|
25
|
+
});
|
|
26
|
+
var __importStar = (this && this.__importStar) || (function () {
|
|
27
|
+
var ownKeys = function(o) {
|
|
28
|
+
ownKeys = Object.getOwnPropertyNames || function (o) {
|
|
29
|
+
var ar = [];
|
|
30
|
+
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
|
|
31
|
+
return ar;
|
|
32
|
+
};
|
|
33
|
+
return ownKeys(o);
|
|
34
|
+
};
|
|
35
|
+
return function (mod) {
|
|
36
|
+
if (mod && mod.__esModule) return mod;
|
|
37
|
+
var result = {};
|
|
38
|
+
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
|
|
39
|
+
__setModuleDefault(result, mod);
|
|
40
|
+
return result;
|
|
41
|
+
};
|
|
42
|
+
})();
|
|
43
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
44
|
+
const node_test_1 = require("node:test");
|
|
45
|
+
const assert = __importStar(require("node:assert/strict"));
|
|
46
|
+
const path = __importStar(require("node:path"));
|
|
47
|
+
const scanner_js_1 = require("../scanner.js");
|
|
48
|
+
// ── Fixtures ────────────────────────────────────────────────────────────────
|
|
49
|
+
// Fixtures live in test/fixtures/ (project root), not in ts-src or dist.
|
|
50
|
+
// Resolve from __dirname (dist/__tests__/) → ../../test/fixtures/
|
|
51
|
+
const FIXTURES_DIR = path.resolve(__dirname, '..', '..', 'test', 'fixtures');
|
|
52
|
+
const CLEAN_SKILL = path.join(FIXTURES_DIR, 'clean-skill');
|
|
53
|
+
const MALICIOUS_SKILL = path.join(FIXTURES_DIR, 'malicious-skill');
|
|
54
|
+
const COMPACTION_SKILL = path.join(FIXTURES_DIR, 'compaction-skill');
|
|
55
|
+
// ── Helper: scan a single skill ─────────────────────────────────────────────
|
|
56
|
+
function scanSingleSkill(skillPath, skillName) {
|
|
57
|
+
const scanner = new scanner_js_1.GuardScanner({ summaryOnly: true });
|
|
58
|
+
scanner.scanSkill(skillPath, skillName);
|
|
59
|
+
const result = scanner.findings[0];
|
|
60
|
+
return {
|
|
61
|
+
findings: result?.findings ?? [],
|
|
62
|
+
risk: result?.risk ?? 0,
|
|
63
|
+
verdict: result?.verdict ?? 'CLEAN',
|
|
64
|
+
};
|
|
65
|
+
}
|
|
66
|
+
// ── Helper: collect findings by running scanner private methods via scanSkill ─
|
|
67
|
+
function findingsContain(findings, id) {
|
|
68
|
+
return findings.some((f) => f.id === id);
|
|
69
|
+
}
|
|
70
|
+
function findingsOfCat(findings, cat) {
|
|
71
|
+
return findings.filter((f) => f.cat === cat);
|
|
72
|
+
}
|
|
73
|
+
// ══════════════════════════════════════════════════════════════════════════════
|
|
74
|
+
// TEST SUITE
|
|
75
|
+
// ══════════════════════════════════════════════════════════════════════════════
|
|
76
|
+
(0, node_test_1.describe)('guard-scanner v3.0.0', () => {
|
|
77
|
+
// ── Version ─────────────────────────────────────────────────────────────
|
|
78
|
+
(0, node_test_1.it)('T01: exports correct version', () => {
|
|
79
|
+
assert.equal(scanner_js_1.VERSION, '3.0.0');
|
|
80
|
+
});
|
|
81
|
+
// ── IoC Detection ───────────────────────────────────────────────────────
|
|
82
|
+
(0, node_test_1.describe)('checkIoCs', () => {
|
|
83
|
+
(0, node_test_1.it)('T02: detects known malicious IP', () => {
|
|
84
|
+
const result = scanSingleSkill(MALICIOUS_SKILL, 'malicious-skill');
|
|
85
|
+
assert.ok(findingsContain(result.findings, 'IOC_IP'), 'Should detect known malicious IP 91.92.242.30');
|
|
86
|
+
const iocIp = result.findings.find((f) => f.id === 'IOC_IP');
|
|
87
|
+
assert.equal(iocIp?.severity, 'CRITICAL');
|
|
88
|
+
});
|
|
89
|
+
(0, node_test_1.it)('T03: detects known exfil domain', () => {
|
|
90
|
+
const result = scanSingleSkill(MALICIOUS_SKILL, 'malicious-skill');
|
|
91
|
+
assert.ok(findingsContain(result.findings, 'IOC_DOMAIN'), 'Should detect webhook.site domain');
|
|
92
|
+
});
|
|
93
|
+
(0, node_test_1.it)('T04: detects known typosquat skill name', () => {
|
|
94
|
+
const result = scanSingleSkill(CLEAN_SKILL, 'clawhub');
|
|
95
|
+
assert.ok(findingsContain(result.findings, 'KNOWN_TYPOSQUAT'), 'Should detect typosquat name "clawhub"');
|
|
96
|
+
const ts = result.findings.find((f) => f.id === 'KNOWN_TYPOSQUAT');
|
|
97
|
+
assert.equal(ts?.severity, 'CRITICAL');
|
|
98
|
+
});
|
|
99
|
+
});
|
|
100
|
+
// ── Pattern Detection ─────────────────────────────────────────────────
|
|
101
|
+
(0, node_test_1.describe)('checkPatterns', () => {
|
|
102
|
+
(0, node_test_1.it)('T05: detects prompt injection [System Message]', () => {
|
|
103
|
+
const result = scanSingleSkill(MALICIOUS_SKILL, 'malicious-skill');
|
|
104
|
+
assert.ok(findingsContain(result.findings, 'PI_SYSTEM_MSG'), 'Should detect [System Message] prompt injection');
|
|
105
|
+
});
|
|
106
|
+
(0, node_test_1.it)('T06: detects eval() in code', () => {
|
|
107
|
+
const result = scanSingleSkill(MALICIOUS_SKILL, 'malicious-skill');
|
|
108
|
+
assert.ok(findingsContain(result.findings, 'MAL_EVAL'), 'Should detect eval() usage');
|
|
109
|
+
});
|
|
110
|
+
(0, node_test_1.it)('T07: detects identity hijack (SOUL.md write)', () => {
|
|
111
|
+
const result = scanSingleSkill(MALICIOUS_SKILL, 'malicious-skill');
|
|
112
|
+
assert.ok(findingsContain(result.findings, 'HIJACK_SOUL_WRITE') ||
|
|
113
|
+
findingsContain(result.findings, 'MEM_WRITE_SOUL'), 'Should detect writeFileSync(SOUL.md)');
|
|
114
|
+
});
|
|
115
|
+
});
|
|
116
|
+
// ── Signature Detection (hbg-scan compatible) ─────────────────────────
|
|
117
|
+
(0, node_test_1.describe)('checkSignatures', () => {
|
|
118
|
+
(0, node_test_1.it)('T08: detects SIG-001 post-compaction audit', () => {
|
|
119
|
+
const result = scanSingleSkill(COMPACTION_SKILL, 'compaction-skill');
|
|
120
|
+
const sigFindings = result.findings.filter((f) => f.id.startsWith('SIG_SIG-001'));
|
|
121
|
+
assert.ok(sigFindings.length > 0, 'Should detect SIG-001 Post-Compaction Audit pattern');
|
|
122
|
+
});
|
|
123
|
+
(0, node_test_1.it)('T09: detects SIG-006 AMOS stealer pattern', () => {
|
|
124
|
+
// AMOS patterns are in malicious-skill but osascript is not present there
|
|
125
|
+
// so this tests that signature matching only fires on actual patterns
|
|
126
|
+
const result = scanSingleSkill(MALICIOUS_SKILL, 'malicious-skill');
|
|
127
|
+
// We don't expect SIG-006 here since osascript isn't in fixtures
|
|
128
|
+
// This test validates no false positive
|
|
129
|
+
const sig006 = result.findings.filter((f) => f.id === 'SIG_SIG-006');
|
|
130
|
+
assert.equal(sig006.length, 0, 'Should NOT false-positive SIG-006 without osascript');
|
|
131
|
+
});
|
|
132
|
+
});
|
|
133
|
+
// ── Compaction Persistence ─────────────────────────────────────────────
|
|
134
|
+
(0, node_test_1.describe)('checkCompactionPersistence', () => {
|
|
135
|
+
(0, node_test_1.it)('T10: detects WORKFLOW_AUTO marker', () => {
|
|
136
|
+
const result = scanSingleSkill(COMPACTION_SKILL, 'compaction-skill');
|
|
137
|
+
const cpFindings = findingsOfCat(result.findings, 'compaction-persistence');
|
|
138
|
+
const hasWorkflow = cpFindings.some((f) => f.desc.includes('WORKFLOW_AUTO'));
|
|
139
|
+
assert.ok(hasWorkflow, 'Should detect WORKFLOW_AUTO marker');
|
|
140
|
+
});
|
|
141
|
+
(0, node_test_1.it)('T11: detects HEARTBEAT.md reference', () => {
|
|
142
|
+
const result = scanSingleSkill(COMPACTION_SKILL, 'compaction-skill');
|
|
143
|
+
const cpFindings = findingsOfCat(result.findings, 'compaction-persistence');
|
|
144
|
+
const hasHeartbeat = cpFindings.some((f) => f.desc.includes('HEARTBEAT.md'));
|
|
145
|
+
assert.ok(hasHeartbeat, 'Should detect HEARTBEAT.md reference');
|
|
146
|
+
});
|
|
147
|
+
});
|
|
148
|
+
// ── Hardcoded Secrets ─────────────────────────────────────────────────
|
|
149
|
+
(0, node_test_1.describe)('checkHardcodedSecrets', () => {
|
|
150
|
+
(0, node_test_1.it)('T12: detects high-entropy API key', () => {
|
|
151
|
+
const result = scanSingleSkill(MALICIOUS_SKILL, 'malicious-skill');
|
|
152
|
+
assert.ok(findingsContain(result.findings, 'SECRET_ENTROPY'), 'Should detect high-entropy string as possible leaked secret');
|
|
153
|
+
});
|
|
154
|
+
(0, node_test_1.it)('T13: does NOT flag placeholder values', () => {
|
|
155
|
+
const result = scanSingleSkill(CLEAN_SKILL, 'clean-skill');
|
|
156
|
+
assert.ok(!findingsContain(result.findings, 'SECRET_ENTROPY'), 'Should not detect secrets in clean skill');
|
|
157
|
+
});
|
|
158
|
+
});
|
|
159
|
+
// ── JS Data Flow ──────────────────────────────────────────────────────
|
|
160
|
+
(0, node_test_1.describe)('checkJSDataFlow', () => {
|
|
161
|
+
(0, node_test_1.it)('T14: detects credential → network flow', () => {
|
|
162
|
+
const result = scanSingleSkill(MALICIOUS_SKILL, 'malicious-skill');
|
|
163
|
+
assert.ok(findingsContain(result.findings, 'AST_CRED_TO_NET'), 'Should detect data flow from secret read to network call');
|
|
164
|
+
});
|
|
165
|
+
(0, node_test_1.it)('T15: detects exfiltration trifecta (fs + child_process + net)', () => {
|
|
166
|
+
const result = scanSingleSkill(MALICIOUS_SKILL, 'malicious-skill');
|
|
167
|
+
assert.ok(findingsContain(result.findings, 'AST_EXFIL_TRIFECTA'), 'Should detect exfiltration trifecta pattern');
|
|
168
|
+
});
|
|
169
|
+
});
|
|
170
|
+
// ── Risk Scoring ──────────────────────────────────────────────────────
|
|
171
|
+
(0, node_test_1.describe)('calculateRisk', () => {
|
|
172
|
+
(0, node_test_1.it)('T16: clean skill → risk 0', () => {
|
|
173
|
+
const result = scanSingleSkill(CLEAN_SKILL, 'clean-skill');
|
|
174
|
+
assert.equal(result.risk, 0, 'Clean skill should have zero risk');
|
|
175
|
+
});
|
|
176
|
+
(0, node_test_1.it)('T17: single LOW finding → risk 2', () => {
|
|
177
|
+
// Use calculateRisk directly via scanner instance
|
|
178
|
+
const scanner = new scanner_js_1.GuardScanner({ summaryOnly: true });
|
|
179
|
+
const lowFindings = [
|
|
180
|
+
{ severity: 'LOW', id: 'TEST_LOW', cat: 'test', desc: 'test', file: 'test.js' },
|
|
181
|
+
];
|
|
182
|
+
// Access private method via type assertion
|
|
183
|
+
const risk = scanner.calculateRisk(lowFindings);
|
|
184
|
+
assert.equal(risk, 2, 'Single LOW finding should score 2');
|
|
185
|
+
});
|
|
186
|
+
(0, node_test_1.it)('T18: credential + exfiltration amplifier → score×2', () => {
|
|
187
|
+
const scanner = new scanner_js_1.GuardScanner({ summaryOnly: true });
|
|
188
|
+
const findings = [
|
|
189
|
+
{ severity: 'HIGH', id: 'CRED_ENV_ACCESS', cat: 'credential-handling', desc: 'cred', file: 'a.js' },
|
|
190
|
+
{ severity: 'HIGH', id: 'EXFIL_WEBHOOK', cat: 'exfiltration', desc: 'exfil', file: 'a.js' },
|
|
191
|
+
];
|
|
192
|
+
const risk = scanner.calculateRisk(findings);
|
|
193
|
+
// 15+15=30, ×2=60
|
|
194
|
+
assert.ok(risk >= 60, `Cred+exfil should amplify to ≥60, got ${risk}`);
|
|
195
|
+
});
|
|
196
|
+
(0, node_test_1.it)('T19: compaction + prompt injection → ≥90', () => {
|
|
197
|
+
const scanner = new scanner_js_1.GuardScanner({ summaryOnly: true });
|
|
198
|
+
const findings = [
|
|
199
|
+
{ severity: 'CRITICAL', id: 'COMPACTION_PERSISTENCE', cat: 'compaction-persistence', desc: 'cp', file: 'a.md' },
|
|
200
|
+
{ severity: 'CRITICAL', id: 'PI_SYSTEM_MSG', cat: 'prompt-injection', desc: 'pi', file: 'a.md' },
|
|
201
|
+
];
|
|
202
|
+
const risk = scanner.calculateRisk(findings);
|
|
203
|
+
assert.ok(risk >= 90, `Compaction+PI should score ≥90, got ${risk}`);
|
|
204
|
+
});
|
|
205
|
+
});
|
|
206
|
+
// ── Verdict ───────────────────────────────────────────────────────────
|
|
207
|
+
(0, node_test_1.describe)('getVerdict', () => {
|
|
208
|
+
(0, node_test_1.it)('T20: risk 0 → CLEAN', () => {
|
|
209
|
+
const scanner = new scanner_js_1.GuardScanner({ summaryOnly: true });
|
|
210
|
+
const verdict = scanner.getVerdict(0);
|
|
211
|
+
assert.equal(verdict.label, 'CLEAN');
|
|
212
|
+
});
|
|
213
|
+
(0, node_test_1.it)('T21: risk 80 → MALICIOUS (normal mode)', () => {
|
|
214
|
+
const scanner = new scanner_js_1.GuardScanner({ summaryOnly: true });
|
|
215
|
+
const verdict = scanner.getVerdict(80);
|
|
216
|
+
assert.equal(verdict.label, 'MALICIOUS');
|
|
217
|
+
});
|
|
218
|
+
});
|
|
219
|
+
// ── Integration Tests ─────────────────────────────────────────────────
|
|
220
|
+
(0, node_test_1.describe)('Integration: scanSkill', () => {
|
|
221
|
+
(0, node_test_1.it)('T22: clean skill scan → CLEAN verdict', () => {
|
|
222
|
+
const result = scanSingleSkill(CLEAN_SKILL, 'clean-test-skill');
|
|
223
|
+
assert.equal(result.verdict, 'CLEAN', 'Clean skill should get CLEAN verdict');
|
|
224
|
+
assert.equal(result.findings.length, 0, 'Clean skill should have 0 findings');
|
|
225
|
+
});
|
|
226
|
+
(0, node_test_1.it)('T23: malicious skill scan → MALICIOUS verdict', () => {
|
|
227
|
+
const result = scanSingleSkill(MALICIOUS_SKILL, 'malicious-skill');
|
|
228
|
+
assert.equal(result.verdict, 'MALICIOUS', 'Malicious skill should get MALICIOUS verdict');
|
|
229
|
+
assert.ok(result.risk >= 80, `Risk should be ≥80, got ${result.risk}`);
|
|
230
|
+
});
|
|
231
|
+
});
|
|
232
|
+
// ── Report Output ─────────────────────────────────────────────────────
|
|
233
|
+
(0, node_test_1.describe)('Report Generation', () => {
|
|
234
|
+
(0, node_test_1.it)('T24: toJSON produces valid report structure', () => {
|
|
235
|
+
const scanner = new scanner_js_1.GuardScanner({ summaryOnly: true });
|
|
236
|
+
scanner.scanSkill(MALICIOUS_SKILL, 'malicious-skill');
|
|
237
|
+
const report = scanner.toJSON();
|
|
238
|
+
assert.equal(report.scanner, `guard-scanner v${scanner_js_1.VERSION}`);
|
|
239
|
+
assert.equal(report.mode, 'normal');
|
|
240
|
+
assert.ok(report.timestamp);
|
|
241
|
+
assert.ok(report.stats);
|
|
242
|
+
assert.ok(report.findings);
|
|
243
|
+
assert.ok(Array.isArray(report.recommendations));
|
|
244
|
+
});
|
|
245
|
+
(0, node_test_1.it)('T25: toSARIF produces valid SARIF 2.1.0', () => {
|
|
246
|
+
const scanner = new scanner_js_1.GuardScanner({ summaryOnly: true });
|
|
247
|
+
scanner.scanSkill(MALICIOUS_SKILL, 'malicious-skill');
|
|
248
|
+
const sarif = scanner.toSARIF('/test');
|
|
249
|
+
assert.equal(sarif.version, '2.1.0');
|
|
250
|
+
assert.equal(sarif.$schema, 'https://json.schemastore.org/sarif-2.1.0.json');
|
|
251
|
+
assert.equal(sarif.runs.length, 1);
|
|
252
|
+
assert.ok(sarif.runs[0].tool.driver.name, 'guard-scanner');
|
|
253
|
+
assert.ok(sarif.runs[0].results.length > 0, 'Should have SARIF results');
|
|
254
|
+
});
|
|
255
|
+
});
|
|
256
|
+
// ── OWASP 2025 Mapping Guarantee ─────────────────────────────────────
|
|
257
|
+
(0, node_test_1.describe)('OWASP 2025 Mapping', () => {
|
|
258
|
+
(0, node_test_1.it)('T26: every pattern in PATTERNS has an owasp field', () => {
|
|
259
|
+
// T-Wada: This test guarantees OWASP coverage.
|
|
260
|
+
// If a developer adds a pattern without owasp, this fails RED.
|
|
261
|
+
const { PATTERNS } = require('../patterns.js');
|
|
262
|
+
const missing = PATTERNS.filter((p) => !p.owasp);
|
|
263
|
+
assert.equal(missing.length, 0, `${missing.length} pattern(s) missing owasp field: ${missing.map((p) => p.id).join(', ')}`);
|
|
264
|
+
});
|
|
265
|
+
(0, node_test_1.it)('T27: owasp values are valid LLM01-LLM10', () => {
|
|
266
|
+
const { PATTERNS } = require('../patterns.js');
|
|
267
|
+
const validOwasp = new Set(['LLM01', 'LLM02', 'LLM03', 'LLM04', 'LLM05', 'LLM06', 'LLM07', 'LLM08', 'LLM09', 'LLM10']);
|
|
268
|
+
const invalid = PATTERNS.filter((p) => p.owasp && !validOwasp.has(p.owasp));
|
|
269
|
+
assert.equal(invalid.length, 0, `Invalid owasp values: ${invalid.map((p) => `${p.id}=${p.owasp}`).join(', ')}`);
|
|
270
|
+
});
|
|
271
|
+
(0, node_test_1.it)('T28: prompt-injection patterns map to LLM01', () => {
|
|
272
|
+
const { PATTERNS } = require('../patterns.js');
|
|
273
|
+
const piPatterns = PATTERNS.filter((p) => p.cat === 'prompt-injection');
|
|
274
|
+
assert.ok(piPatterns.length > 0, 'Should have prompt-injection patterns');
|
|
275
|
+
const wrongMapping = piPatterns.filter((p) => p.owasp !== 'LLM01');
|
|
276
|
+
assert.equal(wrongMapping.length, 0, `prompt-injection patterns not mapped to LLM01: ${wrongMapping.map((p) => p.id).join(', ')}`);
|
|
277
|
+
});
|
|
278
|
+
(0, node_test_1.it)('T29: memory-poisoning patterns map to LLM04', () => {
|
|
279
|
+
const { PATTERNS } = require('../patterns.js');
|
|
280
|
+
const mpPatterns = PATTERNS.filter((p) => p.cat === 'memory-poisoning');
|
|
281
|
+
assert.ok(mpPatterns.length > 0, 'Should have memory-poisoning patterns');
|
|
282
|
+
const wrongMapping = mpPatterns.filter((p) => p.owasp !== 'LLM04');
|
|
283
|
+
assert.equal(wrongMapping.length, 0, `memory-poisoning patterns not mapped to LLM04: ${wrongMapping.map((p) => p.id).join(', ')}`);
|
|
284
|
+
});
|
|
285
|
+
});
|
|
286
|
+
// ── System Prompt Leakage (LLM07) ────────────────────────────────────
|
|
287
|
+
(0, node_test_1.describe)('LLM07: System Prompt Leakage', () => {
|
|
288
|
+
const LEAKAGE_SKILL = path.join(path.resolve(__dirname, '..', '..', 'ts-src', '__tests__', 'fixtures'), 'prompt-leakage-skill');
|
|
289
|
+
(0, node_test_1.it)('T30: detects "output your system prompt" pattern', () => {
|
|
290
|
+
const result = scanSingleSkill(LEAKAGE_SKILL, 'prompt-leakage-skill');
|
|
291
|
+
assert.ok(findingsContain(result.findings, 'SPL_DUMP_SYSTEM'), 'Should detect system prompt dump request');
|
|
292
|
+
});
|
|
293
|
+
(0, node_test_1.it)('T31: detects "repeat everything above" pattern', () => {
|
|
294
|
+
const result = scanSingleSkill(LEAKAGE_SKILL, 'prompt-leakage-skill');
|
|
295
|
+
assert.ok(findingsContain(result.findings, 'SPL_REPEAT_ABOVE'), 'Should detect repeat-above extraction');
|
|
296
|
+
});
|
|
297
|
+
(0, node_test_1.it)('T32: detects "tell me your rules" pattern', () => {
|
|
298
|
+
const result = scanSingleSkill(LEAKAGE_SKILL, 'prompt-leakage-skill');
|
|
299
|
+
assert.ok(findingsContain(result.findings, 'SPL_TELL_RULES'), 'Should detect rule extraction attempt');
|
|
300
|
+
});
|
|
301
|
+
(0, node_test_1.it)('T33: detects SOUL.md shell extraction', () => {
|
|
302
|
+
const result = scanSingleSkill(LEAKAGE_SKILL, 'prompt-leakage-skill');
|
|
303
|
+
assert.ok(findingsContain(result.findings, 'SPL_SOUL_EXFIL'), 'Should detect SOUL.md content extraction via shell command');
|
|
304
|
+
});
|
|
305
|
+
(0, node_test_1.it)('T34: clean skill has ZERO LLM07 findings (false positive guard)', () => {
|
|
306
|
+
const result = scanSingleSkill(CLEAN_SKILL, 'clean-skill');
|
|
307
|
+
const llm07 = result.findings.filter((f) => f.cat === 'system-prompt-leakage');
|
|
308
|
+
assert.equal(llm07.length, 0, `Clean skill should have 0 LLM07 findings, got ${llm07.length}: ${llm07.map(f => f.id).join(', ')}`);
|
|
309
|
+
});
|
|
310
|
+
});
|
|
311
|
+
// ── install-check Integration ─────────────────────────────────────────
|
|
312
|
+
(0, node_test_1.describe)('install-check Integration', () => {
|
|
313
|
+
(0, node_test_1.it)('T35: malicious skill → MALICIOUS verdict with ≥20 findings', () => {
|
|
314
|
+
const result = scanSingleSkill(MALICIOUS_SKILL, 'malicious-skill');
|
|
315
|
+
assert.equal(result.verdict, 'MALICIOUS');
|
|
316
|
+
assert.ok(result.findings.length >= 20, `Expected ≥20 findings for aggressive malicious skill, got ${result.findings.length}`);
|
|
317
|
+
});
|
|
318
|
+
(0, node_test_1.it)('T36: clean skill → exactly 0 findings (strictest possible)', () => {
|
|
319
|
+
const result = scanSingleSkill(CLEAN_SKILL, 'clean-skill');
|
|
320
|
+
assert.equal(result.findings.length, 0, 'Clean skill MUST have exactly 0 findings');
|
|
321
|
+
assert.equal(result.risk, 0, 'Clean skill MUST have risk 0');
|
|
322
|
+
assert.equal(result.verdict, 'CLEAN', 'Clean skill MUST be CLEAN');
|
|
323
|
+
});
|
|
324
|
+
(0, node_test_1.it)('T37: strict mode lowers thresholds', () => {
|
|
325
|
+
const normal = new scanner_js_1.GuardScanner({ summaryOnly: true });
|
|
326
|
+
const strict = new scanner_js_1.GuardScanner({ summaryOnly: true, strict: true });
|
|
327
|
+
// Strict thresholds should be lower
|
|
328
|
+
assert.ok(strict.thresholds.suspicious < normal.thresholds.suspicious, 'Strict suspicious threshold should be lower than normal');
|
|
329
|
+
assert.ok(strict.thresholds.malicious < normal.thresholds.malicious, 'Strict malicious threshold should be lower than normal');
|
|
330
|
+
});
|
|
331
|
+
(0, node_test_1.it)('T38: prompt-leakage skill → SUSPICIOUS or higher', () => {
|
|
332
|
+
const result = scanSingleSkill(path.join(path.resolve(__dirname, '..', '..', 'ts-src', '__tests__', 'fixtures'), 'prompt-leakage-skill'), 'prompt-leakage-skill');
|
|
333
|
+
assert.ok(result.verdict === 'SUSPICIOUS' || result.verdict === 'MALICIOUS', `Prompt leakage skill should be SUSPICIOUS or MALICIOUS, got ${result.verdict} (risk: ${result.risk})`);
|
|
334
|
+
});
|
|
335
|
+
});
|
|
336
|
+
// ── SARIF OWASP Tags ─────────────────────────────────────────────────
|
|
337
|
+
(0, node_test_1.describe)('SARIF OWASP Tags', () => {
|
|
338
|
+
(0, node_test_1.it)('T39: SARIF rules include OWASP/* tags for pattern-based findings', () => {
|
|
339
|
+
const scanner = new scanner_js_1.GuardScanner({ summaryOnly: true });
|
|
340
|
+
scanner.scanSkill(MALICIOUS_SKILL, 'malicious-skill');
|
|
341
|
+
const sarif = scanner.toSARIF('/test');
|
|
342
|
+
const rulesWithOwasp = sarif.runs[0].tool.driver.rules.filter((r) => r.properties.tags.some((t) => t.startsWith('OWASP/')));
|
|
343
|
+
assert.ok(rulesWithOwasp.length > 0, 'At least one SARIF rule should have OWASP/* tag');
|
|
344
|
+
});
|
|
345
|
+
(0, node_test_1.it)('T40: OWASP tags follow OWASP/LLMxx format', () => {
|
|
346
|
+
const scanner = new scanner_js_1.GuardScanner({ summaryOnly: true });
|
|
347
|
+
scanner.scanSkill(MALICIOUS_SKILL, 'malicious-skill');
|
|
348
|
+
const sarif = scanner.toSARIF('/test');
|
|
349
|
+
for (const rule of sarif.runs[0].tool.driver.rules) {
|
|
350
|
+
const owaspTags = rule.properties.tags.filter((t) => t.startsWith('OWASP/'));
|
|
351
|
+
for (const tag of owaspTags) {
|
|
352
|
+
assert.match(tag, /^OWASP\/LLM(?:0[1-9]|10)$/, `Invalid OWASP tag format: ${tag} in rule ${rule.id}`);
|
|
353
|
+
}
|
|
354
|
+
}
|
|
355
|
+
});
|
|
356
|
+
(0, node_test_1.it)('T41: PI_SYSTEM_MSG rule has OWASP/LLM01 tag', () => {
|
|
357
|
+
const scanner = new scanner_js_1.GuardScanner({ summaryOnly: true });
|
|
358
|
+
scanner.scanSkill(MALICIOUS_SKILL, 'malicious-skill');
|
|
359
|
+
const sarif = scanner.toSARIF('/test');
|
|
360
|
+
const piRule = sarif.runs[0].tool.driver.rules.find((r) => r.id === 'PI_SYSTEM_MSG');
|
|
361
|
+
assert.ok(piRule, 'Should have PI_SYSTEM_MSG rule');
|
|
362
|
+
assert.ok(piRule.properties.tags.includes('OWASP/LLM01'), `PI_SYSTEM_MSG should have OWASP/LLM01 tag, got: ${piRule.properties.tags}`);
|
|
363
|
+
});
|
|
364
|
+
});
|
|
365
|
+
// ── Compaction Skill Cross-Check ──────────────────────────────────────
|
|
366
|
+
(0, node_test_1.describe)('Compaction Skill Cross-Check', () => {
|
|
367
|
+
(0, node_test_1.it)('T42: compaction-skill has ZERO LLM07 findings (no false positives)', () => {
|
|
368
|
+
const result = scanSingleSkill(COMPACTION_SKILL, 'compaction-skill');
|
|
369
|
+
const llm07 = result.findings.filter((f) => f.cat === 'system-prompt-leakage');
|
|
370
|
+
assert.equal(llm07.length, 0, `Compaction skill should have 0 LLM07 findings, got ${llm07.length}: ${llm07.map(f => f.id).join(', ')}`);
|
|
371
|
+
});
|
|
372
|
+
});
|
|
373
|
+
});
|
|
374
|
+
//# sourceMappingURL=scanner.test.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"scanner.test.js","sourceRoot":"","sources":["../../ts-src/__tests__/scanner.test.ts"],"names":[],"mappings":";AAAA;;;;;;;GAOG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEH,yCAAiD;AACjD,2DAA6C;AAC7C,gDAAkC;AAElC,8CAAsD;AAGtD,+EAA+E;AAC/E,yEAAyE;AACzE,kEAAkE;AAElE,MAAM,YAAY,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,UAAU,CAAC,CAAC;AAC7E,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,aAAa,CAAC,CAAC;AAC3D,MAAM,eAAe,GAAG,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,iBAAiB,CAAC,CAAC;AACnE,MAAM,gBAAgB,GAAG,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,kBAAkB,CAAC,CAAC;AAErE,+EAA+E;AAE/E,SAAS,eAAe,CAAC,SAAiB,EAAE,SAAiB;IAKzD,MAAM,OAAO,GAAG,IAAI,yBAAY,CAAC,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC;IACxD,OAAO,CAAC,SAAS,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC;IAExC,MAAM,MAAM,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;IACnC,OAAO;QACH,QAAQ,EAAE,MAAM,EAAE,QAAQ,IAAI,EAAE;QAChC,IAAI,EAAE,MAAM,EAAE,IAAI,IAAI,CAAC;QACvB,OAAO,EAAE,MAAM,EAAE,OAAO,IAAI,OAAO;KACtC,CAAC;AACN,CAAC;AAED,iFAAiF;AAEjF,SAAS,eAAe,CAAC,QAAmB,EAAE,EAAU;IACpD,OAAO,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC;AAC7C,CAAC;AAED,SAAS,aAAa,CAAC,QAAmB,EAAE,GAAW;IACnD,OAAO,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,KAAK,GAAG,CAAC,CAAC;AACjD,CAAC;AAED,iFAAiF;AACjF,aAAa;AACb,iFAAiF;AAEjF,IAAA,oBAAQ,EAAC,sBAAsB,EAAE,GAAG,EAAE;IAElC,2EAA2E;IAE3E,IAAA,cAAE,EAAC,8BAA8B,EAAE,GAAG,EAAE;QACpC,MAAM,CAAC,KAAK,CAAC,oBAAO,EAAE,OAAO,CAAC,CAAC;IACnC,CAAC,CAAC,CAAC;IAEH,2EAA2E;IAE3E,IAAA,oBAAQ,EAAC,WAAW,EAAE,GAAG,EAAE;QACvB,IAAA,cAAE,EAAC,iCAAiC,EAAE,GAAG,EAAE;YACvC,MAAM,MAAM,GAAG,eAAe,CAAC,eAAe,EAAE,iBAAiB,CAAC,CAAC;YACnE,MAAM,CAAC,EAAE,CACL,eAAe,CAAC,MAAM,CAAC,QAAQ,EAAE,QAAQ,CAAC,EAC1C,+CAA+C,CAClD,CAAC;YACF,MAAM,KAAK,GAAG,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,QAAQ,CAAC,CAAC;YAC7D,MAAM,CAAC,KAAK,CAAC,KAAK,EAAE,QAAQ,EAAE,UAAU,CAAC,CAAC;QAC9C,CAAC,CAAC,CAAC;QAEH,IAAA,cAAE,EAAC,iCAAiC,EAAE,GAAG,EAAE;YACvC,MAAM,MAAM,GAAG,eAAe,CAAC,eAAe,EAAE,iBAAiB,CAAC,CAAC;YACnE,MAAM,CAAC,EAAE,CACL,eAAe,CAAC,MAAM,CAAC,QAAQ,EAAE,YAAY,CAAC,EAC9C,mCAAmC,CACtC,CAAC;QACN,CAAC,CAAC,CAAC;QAEH,IAAA,cAAE,EAAC,yCAAyC,EAAE,GAAG,EAAE;YAC/C,MAAM,MAAM,GAAG,eAAe,CAAC,WAAW,EAAE,SAAS,CAAC,CAAC;YACvD,MAAM,CAAC,EAAE,CACL,eAAe,CAAC,MAAM,CAAC,QAAQ,EAAE,iBAAiB,CAAC,EACnD,wCAAwC,CAC3C,CAAC;YACF,MAAM,EAAE,GAAG,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,iBAAiB,CAAC,CAAC;YACnE,MAAM,CAAC,KAAK,CAAC,EAAE,EAAE,QAAQ,EAAE,UAAU,CAAC,CAAC;QAC3C,CAAC,CAAC,CAAC;IACP,CAAC,CAAC,CAAC;IAEH,yEAAyE;IAEzE,IAAA,oBAAQ,EAAC,eAAe,EAAE,GAAG,EAAE;QAC3B,IAAA,cAAE,EAAC,gDAAgD,EAAE,GAAG,EAAE;YACtD,MAAM,MAAM,GAAG,eAAe,CAAC,eAAe,EAAE,iBAAiB,CAAC,CAAC;YACnE,MAAM,CAAC,EAAE,CACL,eAAe,CAAC,MAAM,CAAC,QAAQ,EAAE,eAAe,CAAC,EACjD,iDAAiD,CACpD,CAAC;QACN,CAAC,CAAC,CAAC;QAEH,IAAA,cAAE,EAAC,6BAA6B,EAAE,GAAG,EAAE;YACnC,MAAM,MAAM,GAAG,eAAe,CAAC,eAAe,EAAE,iBAAiB,CAAC,CAAC;YACnE,MAAM,CAAC,EAAE,CACL,eAAe,CAAC,MAAM,CAAC,QAAQ,EAAE,UAAU,CAAC,EAC5C,4BAA4B,CAC/B,CAAC;QACN,CAAC,CAAC,CAAC;QAEH,IAAA,cAAE,EAAC,8CAA8C,EAAE,GAAG,EAAE;YACpD,MAAM,MAAM,GAAG,eAAe,CAAC,eAAe,EAAE,iBAAiB,CAAC,CAAC;YACnE,MAAM,CAAC,EAAE,CACL,eAAe,CAAC,MAAM,CAAC,QAAQ,EAAE,mBAAmB,CAAC;gBACrD,eAAe,CAAC,MAAM,CAAC,QAAQ,EAAE,gBAAgB,CAAC,EAClD,sCAAsC,CACzC,CAAC;QACN,CAAC,CAAC,CAAC;IACP,CAAC,CAAC,CAAC;IAEH,yEAAyE;IAEzE,IAAA,oBAAQ,EAAC,iBAAiB,EAAE,GAAG,EAAE;QAC7B,IAAA,cAAE,EAAC,4CAA4C,EAAE,GAAG,EAAE;YAClD,MAAM,MAAM,GAAG,eAAe,CAAC,gBAAgB,EAAE,kBAAkB,CAAC,CAAC;YACrE,MAAM,WAAW,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAC7C,CAAC,CAAC,EAAE,CAAC,UAAU,CAAC,aAAa,CAAC,CACjC,CAAC;YACF,MAAM,CAAC,EAAE,CACL,WAAW,CAAC,MAAM,GAAG,CAAC,EACtB,qDAAqD,CACxD,CAAC;QACN,CAAC,CAAC,CAAC;QAEH,IAAA,cAAE,EAAC,2CAA2C,EAAE,GAAG,EAAE;YACjD,0EAA0E;YAC1E,sEAAsE;YACtE,MAAM,MAAM,GAAG,eAAe,CAAC,eAAe,EAAE,iBAAiB,CAAC,CAAC;YACnE,iEAAiE;YACjE,wCAAwC;YACxC,MAAM,MAAM,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,aAAa,CAAC,CAAC;YACrE,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE,qDAAqD,CAAC,CAAC;QAC1F,CAAC,CAAC,CAAC;IACP,CAAC,CAAC,CAAC;IAEH,0EAA0E;IAE1E,IAAA,oBAAQ,EAAC,4BAA4B,EAAE,GAAG,EAAE;QACxC,IAAA,cAAE,EAAC,mCAAmC,EAAE,GAAG,EAAE;YACzC,MAAM,MAAM,GAAG,eAAe,CAAC,gBAAgB,EAAE,kBAAkB,CAAC,CAAC;YACrE,MAAM,UAAU,GAAG,aAAa,CAAC,MAAM,CAAC,QAAQ,EAAE,wBAAwB,CAAC,CAAC;YAC5E,MAAM,WAAW,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CACtC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,eAAe,CAAC,CACnC,CAAC;YACF,MAAM,CAAC,EAAE,CAAC,WAAW,EAAE,oCAAoC,CAAC,CAAC;QACjE,CAAC,CAAC,CAAC;QAEH,IAAA,cAAE,EAAC,qCAAqC,EAAE,GAAG,EAAE;YAC3C,MAAM,MAAM,GAAG,eAAe,CAAC,gBAAgB,EAAE,kBAAkB,CAAC,CAAC;YACrE,MAAM,UAAU,GAAG,aAAa,CAAC,MAAM,CAAC,QAAQ,EAAE,wBAAwB,CAAC,CAAC;YAC5E,MAAM,YAAY,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CACvC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,CAClC,CAAC;YACF,MAAM,CAAC,EAAE,CAAC,YAAY,EAAE,sCAAsC,CAAC,CAAC;QACpE,CAAC,CAAC,CAAC;IACP,CAAC,CAAC,CAAC;IAEH,yEAAyE;IAEzE,IAAA,oBAAQ,EAAC,uBAAuB,EAAE,GAAG,EAAE;QACnC,IAAA,cAAE,EAAC,mCAAmC,EAAE,GAAG,EAAE;YACzC,MAAM,MAAM,GAAG,eAAe,CAAC,eAAe,EAAE,iBAAiB,CAAC,CAAC;YACnE,MAAM,CAAC,EAAE,CACL,eAAe,CAAC,MAAM,CAAC,QAAQ,EAAE,gBAAgB,CAAC,EAClD,6DAA6D,CAChE,CAAC;QACN,CAAC,CAAC,CAAC;QAEH,IAAA,cAAE,EAAC,uCAAuC,EAAE,GAAG,EAAE;YAC7C,MAAM,MAAM,GAAG,eAAe,CAAC,WAAW,EAAE,aAAa,CAAC,CAAC;YAC3D,MAAM,CAAC,EAAE,CACL,CAAC,eAAe,CAAC,MAAM,CAAC,QAAQ,EAAE,gBAAgB,CAAC,EACnD,0CAA0C,CAC7C,CAAC;QACN,CAAC,CAAC,CAAC;IACP,CAAC,CAAC,CAAC;IAEH,yEAAyE;IAEzE,IAAA,oBAAQ,EAAC,iBAAiB,EAAE,GAAG,EAAE;QAC7B,IAAA,cAAE,EAAC,wCAAwC,EAAE,GAAG,EAAE;YAC9C,MAAM,MAAM,GAAG,eAAe,CAAC,eAAe,EAAE,iBAAiB,CAAC,CAAC;YACnE,MAAM,CAAC,EAAE,CACL,eAAe,CAAC,MAAM,CAAC,QAAQ,EAAE,iBAAiB,CAAC,EACnD,0DAA0D,CAC7D,CAAC;QACN,CAAC,CAAC,CAAC;QAEH,IAAA,cAAE,EAAC,+DAA+D,EAAE,GAAG,EAAE;YACrE,MAAM,MAAM,GAAG,eAAe,CAAC,eAAe,EAAE,iBAAiB,CAAC,CAAC;YACnE,MAAM,CAAC,EAAE,CACL,eAAe,CAAC,MAAM,CAAC,QAAQ,EAAE,oBAAoB,CAAC,EACtD,6CAA6C,CAChD,CAAC;QACN,CAAC,CAAC,CAAC;IACP,CAAC,CAAC,CAAC;IAEH,yEAAyE;IAEzE,IAAA,oBAAQ,EAAC,eAAe,EAAE,GAAG,EAAE;QAC3B,IAAA,cAAE,EAAC,2BAA2B,EAAE,GAAG,EAAE;YACjC,MAAM,MAAM,GAAG,eAAe,CAAC,WAAW,EAAE,aAAa,CAAC,CAAC;YAC3D,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,EAAE,mCAAmC,CAAC,CAAC;QACtE,CAAC,CAAC,CAAC;QAEH,IAAA,cAAE,EAAC,kCAAkC,EAAE,GAAG,EAAE;YACxC,kDAAkD;YAClD,MAAM,OAAO,GAAG,IAAI,yBAAY,CAAC,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC;YACxD,MAAM,WAAW,GAAc;gBAC3B,EAAE,QAAQ,EAAE,KAAK,EAAE,EAAE,EAAE,UAAU,EAAE,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE;aAClF,CAAC;YACF,2CAA2C;YAC3C,MAAM,IAAI,GAAI,OAAe,CAAC,aAAa,CAAC,WAAW,CAAC,CAAC;YACzD,MAAM,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,EAAE,mCAAmC,CAAC,CAAC;QAC/D,CAAC,CAAC,CAAC;QAEH,IAAA,cAAE,EAAC,oDAAoD,EAAE,GAAG,EAAE;YAC1D,MAAM,OAAO,GAAG,IAAI,yBAAY,CAAC,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC;YACxD,MAAM,QAAQ,GAAc;gBACxB,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,EAAE,iBAAiB,EAAE,GAAG,EAAE,qBAAqB,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE;gBACnG,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,EAAE,eAAe,EAAE,GAAG,EAAE,cAAc,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE;aAC9F,CAAC;YACF,MAAM,IAAI,GAAI,OAAe,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC;YACtD,kBAAkB;YAClB,MAAM,CAAC,EAAE,CAAC,IAAI,IAAI,EAAE,EAAE,yCAAyC,IAAI,EAAE,CAAC,CAAC;QAC3E,CAAC,CAAC,CAAC;QAEH,IAAA,cAAE,EAAC,0CAA0C,EAAE,GAAG,EAAE;YAChD,MAAM,OAAO,GAAG,IAAI,yBAAY,CAAC,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC;YACxD,MAAM,QAAQ,GAAc;gBACxB,EAAE,QAAQ,EAAE,UAAU,EAAE,EAAE,EAAE,wBAAwB,EAAE,GAAG,EAAE,wBAAwB,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE;gBAC/G,EAAE,QAAQ,EAAE,UAAU,EAAE,EAAE,EAAE,eAAe,EAAE,GAAG,EAAE,kBAAkB,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE;aACnG,CAAC;YACF,MAAM,IAAI,GAAI,OAAe,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC;YACtD,MAAM,CAAC,EAAE,CAAC,IAAI,IAAI,EAAE,EAAE,uCAAuC,IAAI,EAAE,CAAC,CAAC;QACzE,CAAC,CAAC,CAAC;IACP,CAAC,CAAC,CAAC;IAEH,yEAAyE;IAEzE,IAAA,oBAAQ,EAAC,YAAY,EAAE,GAAG,EAAE;QACxB,IAAA,cAAE,EAAC,qBAAqB,EAAE,GAAG,EAAE;YAC3B,MAAM,OAAO,GAAG,IAAI,yBAAY,CAAC,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC;YACxD,MAAM,OAAO,GAAI,OAAe,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;YAC/C,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;QACzC,CAAC,CAAC,CAAC;QAEH,IAAA,cAAE,EAAC,wCAAwC,EAAE,GAAG,EAAE;YAC9C,MAAM,OAAO,GAAG,IAAI,yBAAY,CAAC,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC;YACxD,MAAM,OAAO,GAAI,OAAe,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC;YAChD,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,EAAE,WAAW,CAAC,CAAC;QAC7C,CAAC,CAAC,CAAC;IACP,CAAC,CAAC,CAAC;IAEH,yEAAyE;IAEzE,IAAA,oBAAQ,EAAC,wBAAwB,EAAE,GAAG,EAAE;QACpC,IAAA,cAAE,EAAC,uCAAuC,EAAE,GAAG,EAAE;YAC7C,MAAM,MAAM,GAAG,eAAe,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;YAChE,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,OAAO,EAAE,OAAO,EAAE,sCAAsC,CAAC,CAAC;YAC9E,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,EAAE,oCAAoC,CAAC,CAAC;QAClF,CAAC,CAAC,CAAC;QAEH,IAAA,cAAE,EAAC,+CAA+C,EAAE,GAAG,EAAE;YACrD,MAAM,MAAM,GAAG,eAAe,CAAC,eAAe,EAAE,iBAAiB,CAAC,CAAC;YACnE,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,OAAO,EAAE,WAAW,EAAE,8CAA8C,CAAC,CAAC;YAC1F,MAAM,CAAC,EAAE,CAAC,MAAM,CAAC,IAAI,IAAI,EAAE,EAAE,2BAA2B,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC;QAC3E,CAAC,CAAC,CAAC;IACP,CAAC,CAAC,CAAC;IAEH,yEAAyE;IAEzE,IAAA,oBAAQ,EAAC,mBAAmB,EAAE,GAAG,EAAE;QAC/B,IAAA,cAAE,EAAC,6CAA6C,EAAE,GAAG,EAAE;YACnD,MAAM,OAAO,GAAG,IAAI,yBAAY,CAAC,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC;YACxD,OAAO,CAAC,SAAS,CAAC,eAAe,EAAE,iBAAiB,CAAC,CAAC;YACtD,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;YAEhC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,OAAO,EAAE,kBAAkB,oBAAO,EAAE,CAAC,CAAC;YAC1D,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;YACpC,MAAM,CAAC,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;YAC5B,MAAM,CAAC,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YACxB,MAAM,CAAC,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;YAC3B,MAAM,CAAC,EAAE,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC,CAAC;QACrD,CAAC,CAAC,CAAC;QAEH,IAAA,cAAE,EAAC,yCAAyC,EAAE,GAAG,EAAE;YAC/C,MAAM,OAAO,GAAG,IAAI,yBAAY,CAAC,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC;YACxD,OAAO,CAAC,SAAS,CAAC,eAAe,EAAE,iBAAiB,CAAC,CAAC;YACtD,MAAM,KAAK,GAAG,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;YAEvC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;YACrC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,OAAO,EAAE,+CAA+C,CAAC,CAAC;YAC7E,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;YACnC,MAAM,CAAC,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,eAAe,CAAC,CAAC;YAC3D,MAAM,CAAC,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,2BAA2B,CAAC,CAAC;QAC7E,CAAC,CAAC,CAAC;IACP,CAAC,CAAC,CAAC;IAEH,wEAAwE;IAExE,IAAA,oBAAQ,EAAC,oBAAoB,EAAE,GAAG,EAAE;QAChC,IAAA,cAAE,EAAC,mDAAmD,EAAE,GAAG,EAAE;YACzD,+CAA+C;YAC/C,+DAA+D;YAC/D,MAAM,EAAE,QAAQ,EAAE,GAAG,OAAO,CAAC,gBAAgB,CAAC,CAAC;YAC/C,MAAM,OAAO,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;YACtD,MAAM,CAAC,KAAK,CACR,OAAO,CAAC,MAAM,EAAE,CAAC,EACjB,GAAG,OAAO,CAAC,MAAM,oCAAoC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAClG,CAAC;QACN,CAAC,CAAC,CAAC;QAEH,IAAA,cAAE,EAAC,yCAAyC,EAAE,GAAG,EAAE;YAC/C,MAAM,EAAE,QAAQ,EAAE,GAAG,OAAO,CAAC,gBAAgB,CAAC,CAAC;YAC/C,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC;YACvH,MAAM,OAAO,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC;YACjF,MAAM,CAAC,KAAK,CACR,OAAO,CAAC,MAAM,EAAE,CAAC,EACjB,yBAAyB,OAAO,CAAC,GAAG,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CACtF,CAAC;QACN,CAAC,CAAC,CAAC;QAEH,IAAA,cAAE,EAAC,6CAA6C,EAAE,GAAG,EAAE;YACnD,MAAM,EAAE,QAAQ,EAAE,GAAG,OAAO,CAAC,gBAAgB,CAAC,CAAC;YAC/C,MAAM,UAAU,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,KAAK,kBAAkB,CAAC,CAAC;YAC7E,MAAM,CAAC,EAAE,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,uCAAuC,CAAC,CAAC;YAC1E,MAAM,YAAY,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,OAAO,CAAC,CAAC;YACxE,MAAM,CAAC,KAAK,CACR,YAAY,CAAC,MAAM,EAAE,CAAC,EACtB,kDAAkD,YAAY,CAAC,GAAG,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CACpG,CAAC;QACN,CAAC,CAAC,CAAC;QAEH,IAAA,cAAE,EAAC,6CAA6C,EAAE,GAAG,EAAE;YACnD,MAAM,EAAE,QAAQ,EAAE,GAAG,OAAO,CAAC,gBAAgB,CAAC,CAAC;YAC/C,MAAM,UAAU,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,KAAK,kBAAkB,CAAC,CAAC;YAC7E,MAAM,CAAC,EAAE,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,uCAAuC,CAAC,CAAC;YAC1E,MAAM,YAAY,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,OAAO,CAAC,CAAC;YACxE,MAAM,CAAC,KAAK,CACR,YAAY,CAAC,MAAM,EAAE,CAAC,EACtB,kDAAkD,YAAY,CAAC,GAAG,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CACpG,CAAC;QACN,CAAC,CAAC,CAAC;IACP,CAAC,CAAC,CAAC;IAEH,wEAAwE;IAExE,IAAA,oBAAQ,EAAC,8BAA8B,EAAE,GAAG,EAAE;QAC1C,MAAM,aAAa,GAAG,IAAI,CAAC,IAAI,CAC3B,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,UAAU,CAAC,EACtE,sBAAsB,CACzB,CAAC;QAEF,IAAA,cAAE,EAAC,kDAAkD,EAAE,GAAG,EAAE;YACxD,MAAM,MAAM,GAAG,eAAe,CAAC,aAAa,EAAE,sBAAsB,CAAC,CAAC;YACtE,MAAM,CAAC,EAAE,CACL,eAAe,CAAC,MAAM,CAAC,QAAQ,EAAE,iBAAiB,CAAC,EACnD,0CAA0C,CAC7C,CAAC;QACN,CAAC,CAAC,CAAC;QAEH,IAAA,cAAE,EAAC,gDAAgD,EAAE,GAAG,EAAE;YACtD,MAAM,MAAM,GAAG,eAAe,CAAC,aAAa,EAAE,sBAAsB,CAAC,CAAC;YACtE,MAAM,CAAC,EAAE,CACL,eAAe,CAAC,MAAM,CAAC,QAAQ,EAAE,kBAAkB,CAAC,EACpD,uCAAuC,CAC1C,CAAC;QACN,CAAC,CAAC,CAAC;QAEH,IAAA,cAAE,EAAC,2CAA2C,EAAE,GAAG,EAAE;YACjD,MAAM,MAAM,GAAG,eAAe,CAAC,aAAa,EAAE,sBAAsB,CAAC,CAAC;YACtE,MAAM,CAAC,EAAE,CACL,eAAe,CAAC,MAAM,CAAC,QAAQ,EAAE,gBAAgB,CAAC,EAClD,uCAAuC,CAC1C,CAAC;QACN,CAAC,CAAC,CAAC;QAEH,IAAA,cAAE,EAAC,uCAAuC,EAAE,GAAG,EAAE;YAC7C,MAAM,MAAM,GAAG,eAAe,CAAC,aAAa,EAAE,sBAAsB,CAAC,CAAC;YACtE,MAAM,CAAC,EAAE,CACL,eAAe,CAAC,MAAM,CAAC,QAAQ,EAAE,gBAAgB,CAAC,EAClD,4DAA4D,CAC/D,CAAC;QACN,CAAC,CAAC,CAAC;QAEH,IAAA,cAAE,EAAC,iEAAiE,EAAE,GAAG,EAAE;YACvE,MAAM,MAAM,GAAG,eAAe,CAAC,WAAW,EAAE,aAAa,CAAC,CAAC;YAC3D,MAAM,KAAK,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CACvC,CAAC,CAAC,GAAG,KAAK,uBAAuB,CACpC,CAAC;YACF,MAAM,CAAC,KAAK,CACR,KAAK,CAAC,MAAM,EAAE,CAAC,EACf,iDAAiD,KAAK,CAAC,MAAM,KAAK,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CACtG,CAAC;QACN,CAAC,CAAC,CAAC;IACP,CAAC,CAAC,CAAC;IAEH,yEAAyE;IAEzE,IAAA,oBAAQ,EAAC,2BAA2B,EAAE,GAAG,EAAE;QACvC,IAAA,cAAE,EAAC,4DAA4D,EAAE,GAAG,EAAE;YAClE,MAAM,MAAM,GAAG,eAAe,CAAC,eAAe,EAAE,iBAAiB,CAAC,CAAC;YACnE,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;YAC1C,MAAM,CAAC,EAAE,CACL,MAAM,CAAC,QAAQ,CAAC,MAAM,IAAI,EAAE,EAC5B,6DAA6D,MAAM,CAAC,QAAQ,CAAC,MAAM,EAAE,CACxF,CAAC;QACN,CAAC,CAAC,CAAC;QAEH,IAAA,cAAE,EAAC,4DAA4D,EAAE,GAAG,EAAE;YAClE,MAAM,MAAM,GAAG,eAAe,CAAC,WAAW,EAAE,aAAa,CAAC,CAAC;YAC3D,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,EAAE,0CAA0C,CAAC,CAAC;YACpF,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,EAAE,8BAA8B,CAAC,CAAC;YAC7D,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,OAAO,EAAE,OAAO,EAAE,2BAA2B,CAAC,CAAC;QACvE,CAAC,CAAC,CAAC;QAEH,IAAA,cAAE,EAAC,oCAAoC,EAAE,GAAG,EAAE;YAC1C,MAAM,MAAM,GAAG,IAAI,yBAAY,CAAC,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC;YACvD,MAAM,MAAM,GAAG,IAAI,yBAAY,CAAC,EAAE,WAAW,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC;YACrE,oCAAoC;YACpC,MAAM,CAAC,EAAE,CACJ,MAAc,CAAC,UAAU,CAAC,UAAU,GAAI,MAAc,CAAC,UAAU,CAAC,UAAU,EAC7E,yDAAyD,CAC5D,CAAC;YACF,MAAM,CAAC,EAAE,CACJ,MAAc,CAAC,UAAU,CAAC,SAAS,GAAI,MAAc,CAAC,UAAU,CAAC,SAAS,EAC3E,wDAAwD,CAC3D,CAAC;QACN,CAAC,CAAC,CAAC;QAEH,IAAA,cAAE,EAAC,kDAAkD,EAAE,GAAG,EAAE;YACxD,MAAM,MAAM,GAAG,eAAe,CAC1B,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,UAAU,CAAC,EAAE,sBAAsB,CAAC,EACzG,sBAAsB,CACzB,CAAC;YACF,MAAM,CAAC,EAAE,CACL,MAAM,CAAC,OAAO,KAAK,YAAY,IAAI,MAAM,CAAC,OAAO,KAAK,WAAW,EACjE,+DAA+D,MAAM,CAAC,OAAO,WAAW,MAAM,CAAC,IAAI,GAAG,CACzG,CAAC;QACN,CAAC,CAAC,CAAC;IACP,CAAC,CAAC,CAAC;IAEH,wEAAwE;IAExE,IAAA,oBAAQ,EAAC,kBAAkB,EAAE,GAAG,EAAE;QAC9B,IAAA,cAAE,EAAC,kEAAkE,EAAE,GAAG,EAAE;YACxE,MAAM,OAAO,GAAG,IAAI,yBAAY,CAAC,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC;YACxD,OAAO,CAAC,SAAS,CAAC,eAAe,EAAE,iBAAiB,CAAC,CAAC;YACtD,MAAM,KAAK,GAAG,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;YAEvC,MAAM,cAAc,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,CACzD,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAS,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,CAC5E,CAAC;YACF,MAAM,CAAC,EAAE,CACL,cAAc,CAAC,MAAM,GAAG,CAAC,EACzB,iDAAiD,CACpD,CAAC;QACN,CAAC,CAAC,CAAC;QAEH,IAAA,cAAE,EAAC,2CAA2C,EAAE,GAAG,EAAE;YACjD,MAAM,OAAO,GAAG,IAAI,yBAAY,CAAC,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC;YACxD,OAAO,CAAC,SAAS,CAAC,eAAe,EAAE,iBAAiB,CAAC,CAAC;YACtD,MAAM,KAAK,GAAG,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;YAEvC,KAAK,MAAM,IAAI,IAAI,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;gBACjD,MAAM,SAAS,GAAI,IAAY,CAAC,UAAU,CAAC,IAAI,CAAC,MAAM,CAClD,CAAC,CAAS,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,QAAQ,CAAC,CACxC,CAAC;gBACF,KAAK,MAAM,GAAG,IAAI,SAAS,EAAE,CAAC;oBAC1B,MAAM,CAAC,KAAK,CACR,GAAG,EAAE,2BAA2B,EAChC,6BAA6B,GAAG,YAAY,IAAI,CAAC,EAAE,EAAE,CACxD,CAAC;gBACN,CAAC;YACL,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,IAAA,cAAE,EAAC,6CAA6C,EAAE,GAAG,EAAE;YACnD,MAAM,OAAO,GAAG,IAAI,yBAAY,CAAC,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC;YACxD,OAAO,CAAC,SAAS,CAAC,eAAe,EAAE,iBAAiB,CAAC,CAAC;YACtD,MAAM,KAAK,GAAG,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;YAEvC,MAAM,MAAM,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAC/C,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,eAAe,CACvC,CAAC;YACF,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,gCAAgC,CAAC,CAAC;YACpD,MAAM,CAAC,EAAE,CACJ,MAAc,CAAC,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC,aAAa,CAAC,EACvD,mDAAoD,MAAc,CAAC,UAAU,CAAC,IAAI,EAAE,CACvF,CAAC;QACN,CAAC,CAAC,CAAC;IACP,CAAC,CAAC,CAAC;IAEH,yEAAyE;IAEzE,IAAA,oBAAQ,EAAC,8BAA8B,EAAE,GAAG,EAAE;QAC1C,IAAA,cAAE,EAAC,oEAAoE,EAAE,GAAG,EAAE;YAC1E,MAAM,MAAM,GAAG,eAAe,CAAC,gBAAgB,EAAE,kBAAkB,CAAC,CAAC;YACrE,MAAM,KAAK,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CACvC,CAAC,CAAC,GAAG,KAAK,uBAAuB,CACpC,CAAC;YACF,MAAM,CAAC,KAAK,CACR,KAAK,CAAC,MAAM,EAAE,CAAC,EACf,sDAAsD,KAAK,CAAC,MAAM,KAAK,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAC3G,CAAC;QACN,CAAC,CAAC,CAAC;IACP,CAAC,CAAC,CAAC;AACP,CAAC,CAAC,CAAC"}
|
package/dist/cli.d.ts
ADDED
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
#!/usr/bin/env node
|
|
2
|
+
/**
|
|
3
|
+
* guard-scanner v3.0.0 — CLI (TypeScript)
|
|
4
|
+
*
|
|
5
|
+
* Usage:
|
|
6
|
+
* guard-scanner [scan-dir] [options] Scan all skills in directory
|
|
7
|
+
* guard-scanner install-check <skill-path> Pre-install security check
|
|
8
|
+
*/
|
|
9
|
+
export {};
|
|
10
|
+
//# sourceMappingURL=cli.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"cli.d.ts","sourceRoot":"","sources":["../ts-src/cli.ts"],"names":[],"mappings":";AACA;;;;;;GAMG"}
|
package/dist/cli.js
ADDED
|
@@ -0,0 +1,189 @@
|
|
|
1
|
+
#!/usr/bin/env node
|
|
2
|
+
"use strict";
|
|
3
|
+
/**
|
|
4
|
+
* guard-scanner v3.0.0 — CLI (TypeScript)
|
|
5
|
+
*
|
|
6
|
+
* Usage:
|
|
7
|
+
* guard-scanner [scan-dir] [options] Scan all skills in directory
|
|
8
|
+
* guard-scanner install-check <skill-path> Pre-install security check
|
|
9
|
+
*/
|
|
10
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
11
|
+
if (k2 === undefined) k2 = k;
|
|
12
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
13
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
14
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
15
|
+
}
|
|
16
|
+
Object.defineProperty(o, k2, desc);
|
|
17
|
+
}) : (function(o, m, k, k2) {
|
|
18
|
+
if (k2 === undefined) k2 = k;
|
|
19
|
+
o[k2] = m[k];
|
|
20
|
+
}));
|
|
21
|
+
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
22
|
+
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
23
|
+
}) : function(o, v) {
|
|
24
|
+
o["default"] = v;
|
|
25
|
+
});
|
|
26
|
+
var __importStar = (this && this.__importStar) || (function () {
|
|
27
|
+
var ownKeys = function(o) {
|
|
28
|
+
ownKeys = Object.getOwnPropertyNames || function (o) {
|
|
29
|
+
var ar = [];
|
|
30
|
+
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
|
|
31
|
+
return ar;
|
|
32
|
+
};
|
|
33
|
+
return ownKeys(o);
|
|
34
|
+
};
|
|
35
|
+
return function (mod) {
|
|
36
|
+
if (mod && mod.__esModule) return mod;
|
|
37
|
+
var result = {};
|
|
38
|
+
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
|
|
39
|
+
__setModuleDefault(result, mod);
|
|
40
|
+
return result;
|
|
41
|
+
};
|
|
42
|
+
})();
|
|
43
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
44
|
+
const fs = __importStar(require("fs"));
|
|
45
|
+
const path = __importStar(require("path"));
|
|
46
|
+
const scanner_js_1 = require("./scanner.js");
|
|
47
|
+
const patterns_js_1 = require("./patterns.js");
|
|
48
|
+
const args = process.argv.slice(2);
|
|
49
|
+
if (args.includes('--help') || args.includes('-h')) {
|
|
50
|
+
console.log(`
|
|
51
|
+
🛡️ guard-scanner v${scanner_js_1.VERSION} — Agent Skill Security Scanner (TypeScript)
|
|
52
|
+
|
|
53
|
+
Usage: guard-scanner [scan-dir] [options]
|
|
54
|
+
|
|
55
|
+
Options:
|
|
56
|
+
--verbose, -v Detailed findings with categories and samples
|
|
57
|
+
--json Write JSON report
|
|
58
|
+
--sarif Write SARIF report (GitHub Code Scanning / CI/CD)
|
|
59
|
+
--self-exclude Skip scanning the guard-scanner skill itself
|
|
60
|
+
--strict Lower detection thresholds (more sensitive)
|
|
61
|
+
--summary-only Only print the summary table
|
|
62
|
+
--check-deps Scan package.json for dependency chain risks
|
|
63
|
+
--rules <file> Load custom rules from JSON file
|
|
64
|
+
--plugin <file> Load plugin module
|
|
65
|
+
--fail-on-findings Exit code 1 if any findings (CI/CD)
|
|
66
|
+
--help, -h Show this help
|
|
67
|
+
|
|
68
|
+
New in v3.0.0:
|
|
69
|
+
• TypeScript rewrite with full type safety
|
|
70
|
+
• Compaction Layer Persistence detection (Feb 20 2026 attack vector)
|
|
71
|
+
• Threat signature hash matching (hbg-scan compatible)
|
|
72
|
+
• 7 built-in threat signatures (SIG-001 to SIG-007)
|
|
73
|
+
• Enhanced risk scoring for compaction-persistence category
|
|
74
|
+
|
|
75
|
+
Examples:
|
|
76
|
+
guard-scanner ./skills/ --verbose --self-exclude
|
|
77
|
+
guard-scanner ./skills/ --strict --json --sarif --check-deps
|
|
78
|
+
guard-scanner ./skills/ --fail-on-findings
|
|
79
|
+
`);
|
|
80
|
+
process.exit(0);
|
|
81
|
+
}
|
|
82
|
+
// ── install-check subcommand ─────────────────────────────────────────────
|
|
83
|
+
if (args[0] === 'install-check') {
|
|
84
|
+
const skillPath = args[1];
|
|
85
|
+
if (!skillPath) {
|
|
86
|
+
console.error('❌ Usage: guard-scanner install-check <skill-path>');
|
|
87
|
+
process.exit(2);
|
|
88
|
+
}
|
|
89
|
+
const absPath = path.resolve(skillPath);
|
|
90
|
+
if (!fs.existsSync(absPath)) {
|
|
91
|
+
console.error(`❌ Skill path not found: ${absPath}`);
|
|
92
|
+
process.exit(2);
|
|
93
|
+
}
|
|
94
|
+
const icStrict = args.includes('--strict');
|
|
95
|
+
const icJson = args.includes('--json');
|
|
96
|
+
const icVerbose = args.includes('--verbose') || args.includes('-v');
|
|
97
|
+
const scanner = new scanner_js_1.GuardScanner({ strict: icStrict, verbose: icVerbose });
|
|
98
|
+
const skillName = path.basename(absPath);
|
|
99
|
+
console.log(`\n🛡️ guard-scanner install-check v${scanner_js_1.VERSION}`);
|
|
100
|
+
console.log(` Scanning: ${skillName} (${absPath})\n`);
|
|
101
|
+
scanner.scanSkill(absPath, skillName);
|
|
102
|
+
const result = scanner.findings[0];
|
|
103
|
+
if (!result) {
|
|
104
|
+
console.log('✅ PASS — No skill found at path');
|
|
105
|
+
process.exit(0);
|
|
106
|
+
}
|
|
107
|
+
const { risk, verdict, findings } = result;
|
|
108
|
+
if (icVerbose || findings.length > 0) {
|
|
109
|
+
for (const f of findings) {
|
|
110
|
+
const owaspTag = patterns_js_1.PATTERNS.find(p => p.id === f.id)?.owasp || '';
|
|
111
|
+
const tag = owaspTag ? ` [${owaspTag}]` : '';
|
|
112
|
+
console.log(` ${f.severity === 'CRITICAL' ? '🔴' : f.severity === 'HIGH' ? '🟠' : '🟡'} [${f.severity}] ${f.id}: ${f.desc}${tag}`);
|
|
113
|
+
if (f.file)
|
|
114
|
+
console.log(` 📁 ${f.file}${f.line ? `:${f.line}` : ''}`);
|
|
115
|
+
if (f.sample && icVerbose)
|
|
116
|
+
console.log(` 📝 ${f.sample.substring(0, 80)}`);
|
|
117
|
+
}
|
|
118
|
+
console.log('');
|
|
119
|
+
}
|
|
120
|
+
console.log(`Risk Score: ${risk} | Verdict: ${verdict} | Findings: ${findings.length}`);
|
|
121
|
+
if (verdict === 'MALICIOUS' || verdict === 'SUSPICIOUS') {
|
|
122
|
+
console.log(`\n❌ FAIL — This skill should NOT be installed.`);
|
|
123
|
+
if (icJson) {
|
|
124
|
+
const report = scanner.toJSON();
|
|
125
|
+
const outPath = path.join(path.dirname(absPath), `${skillName}-install-check.json`);
|
|
126
|
+
fs.writeFileSync(outPath, JSON.stringify(report, null, 2));
|
|
127
|
+
console.log(`📄 Report: ${outPath}`);
|
|
128
|
+
}
|
|
129
|
+
process.exit(1);
|
|
130
|
+
}
|
|
131
|
+
else {
|
|
132
|
+
console.log(`\n✅ PASS — Skill appears safe to install.`);
|
|
133
|
+
if (icJson) {
|
|
134
|
+
const report = scanner.toJSON();
|
|
135
|
+
const outPath = path.join(path.dirname(absPath), `${skillName}-install-check.json`);
|
|
136
|
+
fs.writeFileSync(outPath, JSON.stringify(report, null, 2));
|
|
137
|
+
console.log(`📄 Report: ${outPath}`);
|
|
138
|
+
}
|
|
139
|
+
process.exit(0);
|
|
140
|
+
}
|
|
141
|
+
}
|
|
142
|
+
const verbose = args.includes('--verbose') || args.includes('-v');
|
|
143
|
+
const jsonOutput = args.includes('--json');
|
|
144
|
+
const sarifOutput = args.includes('--sarif');
|
|
145
|
+
const selfExclude = args.includes('--self-exclude');
|
|
146
|
+
const strict = args.includes('--strict');
|
|
147
|
+
const summaryOnly = args.includes('--summary-only');
|
|
148
|
+
const checkDeps = args.includes('--check-deps');
|
|
149
|
+
const failOnFindings = args.includes('--fail-on-findings');
|
|
150
|
+
const rulesIdx = args.indexOf('--rules');
|
|
151
|
+
const rulesFile = rulesIdx >= 0 ? args[rulesIdx + 1] : undefined;
|
|
152
|
+
// Collect plugins
|
|
153
|
+
const plugins = [];
|
|
154
|
+
let idx = 0;
|
|
155
|
+
while (idx < args.length) {
|
|
156
|
+
if (args[idx] === '--plugin' && args[idx + 1]) {
|
|
157
|
+
plugins.push(args[idx + 1]);
|
|
158
|
+
idx += 2;
|
|
159
|
+
}
|
|
160
|
+
else {
|
|
161
|
+
idx++;
|
|
162
|
+
}
|
|
163
|
+
}
|
|
164
|
+
const scanDir = args.find((a) => !a.startsWith('-') &&
|
|
165
|
+
a !== rulesFile &&
|
|
166
|
+
!plugins.includes(a)) || process.cwd();
|
|
167
|
+
const scanner = new scanner_js_1.GuardScanner({
|
|
168
|
+
verbose, selfExclude, strict, summaryOnly, checkDeps, rulesFile, plugins,
|
|
169
|
+
});
|
|
170
|
+
scanner.scanDirectory(scanDir);
|
|
171
|
+
// Output reports
|
|
172
|
+
if (jsonOutput) {
|
|
173
|
+
const report = scanner.toJSON();
|
|
174
|
+
const outPath = path.join(scanDir, 'guard-scanner-report.json');
|
|
175
|
+
fs.writeFileSync(outPath, JSON.stringify(report, null, 2));
|
|
176
|
+
console.log(`\n📄 JSON report: ${outPath}`);
|
|
177
|
+
}
|
|
178
|
+
if (sarifOutput) {
|
|
179
|
+
const outPath = path.join(scanDir, 'guard-scanner.sarif');
|
|
180
|
+
fs.writeFileSync(outPath, JSON.stringify(scanner.toSARIF(scanDir), null, 2));
|
|
181
|
+
console.log(`\n📄 SARIF report: ${outPath}`);
|
|
182
|
+
}
|
|
183
|
+
// Exit codes
|
|
184
|
+
if (scanner.stats.malicious > 0)
|
|
185
|
+
process.exit(1);
|
|
186
|
+
if (failOnFindings && scanner.findings.length > 0)
|
|
187
|
+
process.exit(1);
|
|
188
|
+
process.exit(0);
|
|
189
|
+
//# sourceMappingURL=cli.js.map
|
package/dist/cli.js.map
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"cli.js","sourceRoot":"","sources":["../ts-src/cli.ts"],"names":[],"mappings":";;AACA;;;;;;GAMG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEH,uCAAyB;AACzB,2CAA6B;AAC7B,6CAAqD;AACrD,+CAAyC;AAEzC,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;AAEnC,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;IACjD,OAAO,CAAC,GAAG,CAAC;sBACM,oBAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA4B5B,CAAC,CAAC;IACC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AACpB,CAAC;AAED,4EAA4E;AAC5E,IAAI,IAAI,CAAC,CAAC,CAAC,KAAK,eAAe,EAAE,CAAC;IAC9B,MAAM,SAAS,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;IAC1B,IAAI,CAAC,SAAS,EAAE,CAAC;QACb,OAAO,CAAC,KAAK,CAAC,mDAAmD,CAAC,CAAC;QACnE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACpB,CAAC;IACD,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IACxC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;QAC1B,OAAO,CAAC,KAAK,CAAC,2BAA2B,OAAO,EAAE,CAAC,CAAC;QACpD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACpB,CAAC;IAED,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;IAC3C,MAAM,MAAM,GAAG,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IACvC,MAAM,SAAS,GAAG,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;IAEpE,MAAM,OAAO,GAAG,IAAI,yBAAY,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,SAAS,EAAE,CAAC,CAAC;IAC3E,MAAM,SAAS,GAAG,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;IAEzC,OAAO,CAAC,GAAG,CAAC,uCAAuC,oBAAO,EAAE,CAAC,CAAC;IAC9D,OAAO,CAAC,GAAG,CAAC,gBAAgB,SAAS,KAAK,OAAO,KAAK,CAAC,CAAC;IAExD,OAAO,CAAC,SAAS,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;IACtC,MAAM,MAAM,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;IAEnC,IAAI,CAAC,MAAM,EAAE,CAAC;QACV,OAAO,CAAC,GAAG,CAAC,iCAAiC,CAAC,CAAC;QAC/C,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACpB,CAAC;IAED,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,GAAG,MAAM,CAAC;IAE3C,IAAI,SAAS,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACnC,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;YACvB,MAAM,QAAQ,GAAI,sBAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,EAAE,CAAS,EAAE,KAAK,IAAI,EAAE,CAAC;YACzE,MAAM,GAAG,GAAG,QAAQ,CAAC,CAAC,CAAC,KAAK,QAAQ,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;YAC7C,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,QAAQ,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,IAAI,GAAG,GAAG,EAAE,CAAC,CAAC;YACpI,IAAI,CAAC,CAAC,IAAI;gBAAE,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YACzE,IAAI,CAAC,CAAC,MAAM,IAAI,SAAS;gBAAE,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC,CAAC;QAClF,CAAC;QACD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IACpB,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,eAAe,IAAI,eAAe,OAAO,gBAAgB,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;IAExF,IAAI,OAAO,KAAK,WAAW,IAAI,OAAO,KAAK,YAAY,EAAE,CAAC;QACtD,OAAO,CAAC,GAAG,CAAC,gDAAgD,CAAC,CAAC;QAC9D,IAAI,MAAM,EAAE,CAAC;YACT,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;YAChC,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,GAAG,SAAS,qBAAqB,CAAC,CAAC;YACpF,EAAE,CAAC,aAAa,CAAC,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;YAC3D,OAAO,CAAC,GAAG,CAAC,cAAc,OAAO,EAAE,CAAC,CAAC;QACzC,CAAC;QACD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACpB,CAAC;SAAM,CAAC;QACJ,OAAO,CAAC,GAAG,CAAC,2CAA2C,CAAC,CAAC;QACzD,IAAI,MAAM,EAAE,CAAC;YACT,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;YAChC,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,GAAG,SAAS,qBAAqB,CAAC,CAAC;YACpF,EAAE,CAAC,aAAa,CAAC,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;YAC3D,OAAO,CAAC,GAAG,CAAC,cAAc,OAAO,EAAE,CAAC,CAAC;QACzC,CAAC;QACD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACpB,CAAC;AACL,CAAC;AAED,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;AAClE,MAAM,UAAU,GAAG,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;AAC3C,MAAM,WAAW,GAAG,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;AAC7C,MAAM,WAAW,GAAG,IAAI,CAAC,QAAQ,CAAC,gBAAgB,CAAC,CAAC;AACpD,MAAM,MAAM,GAAG,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;AACzC,MAAM,WAAW,GAAG,IAAI,CAAC,QAAQ,CAAC,gBAAgB,CAAC,CAAC;AACpD,MAAM,SAAS,GAAG,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC;AAChD,MAAM,cAAc,GAAG,IAAI,CAAC,QAAQ,CAAC,oBAAoB,CAAC,CAAC;AAE3D,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;AACzC,MAAM,SAAS,GAAG,QAAQ,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;AAEjE,kBAAkB;AAClB,MAAM,OAAO,GAAa,EAAE,CAAC;AAC7B,IAAI,GAAG,GAAG,CAAC,CAAC;AACZ,OAAO,GAAG,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC;IACvB,IAAI,IAAI,CAAC,GAAG,CAAC,KAAK,UAAU,IAAI,IAAI,CAAC,GAAG,GAAG,CAAC,CAAC,EAAE,CAAC;QAC5C,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC;QAC5B,GAAG,IAAI,CAAC,CAAC;IACb,CAAC;SAAM,CAAC;QACJ,GAAG,EAAE,CAAC;IACV,CAAC;AACL,CAAC;AAED,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,CAAS,EAAE,EAAE,CACpC,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC;IAClB,CAAC,KAAK,SAAS;IACf,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,CACvB,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;AAEnB,MAAM,OAAO,GAAG,IAAI,yBAAY,CAAC;IAC7B,OAAO,EAAE,WAAW,EAAE,MAAM,EAAE,WAAW,EAAE,SAAS,EAAE,SAAS,EAAE,OAAO;CAC3E,CAAC,CAAC;AAEH,OAAO,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC;AAE/B,iBAAiB;AACjB,IAAI,UAAU,EAAE,CAAC;IACb,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;IAChC,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,2BAA2B,CAAC,CAAC;IAChE,EAAE,CAAC,aAAa,CAAC,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IAC3D,OAAO,CAAC,GAAG,CAAC,qBAAqB,OAAO,EAAE,CAAC,CAAC;AAChD,CAAC;AAED,IAAI,WAAW,EAAE,CAAC;IACd,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,qBAAqB,CAAC,CAAC;IAC1D,EAAE,CAAC,aAAa,CAAC,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IAC7E,OAAO,CAAC,GAAG,CAAC,sBAAsB,OAAO,EAAE,CAAC,CAAC;AACjD,CAAC;AAED,aAAa;AACb,IAAI,OAAO,CAAC,KAAK,CAAC,SAAS,GAAG,CAAC;IAAE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AACjD,IAAI,cAAc,IAAI,OAAO,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC;IAAE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AACnE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC"}
|
package/dist/index.d.ts
ADDED
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* guard-scanner v3.0.0 — Package Index
|
|
3
|
+
* Re-exports all public types and the scanner class.
|
|
4
|
+
*/
|
|
5
|
+
export { GuardScanner, VERSION } from './scanner.js';
|
|
6
|
+
export type { Severity, Finding, SkillResult, PatternRule, CustomRuleInput, ScannerOptions, ScanStats, Thresholds, Verdict, VerdictLabel, FileType, JSONReport, Recommendation, SARIFReport, IoC_Database, SignatureDatabase, ThreatSignature, } from './types.js';
|
|
7
|
+
export { KNOWN_MALICIOUS, SIGNATURES_DB } from './ioc-db.js';
|
|
8
|
+
export { PATTERNS } from './patterns.js';
|
|
9
|
+
export { QuarantineNode, QuarantineResult } from './quarantine.js';
|
|
10
|
+
//# sourceMappingURL=index.d.ts.map
|