guard-scanner 2.0.0 → 3.1.0

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../ts-src/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,YAAY,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AACrD,YAAY,EACR,QAAQ,EAAE,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,eAAe,EAC5D,cAAc,EAAE,SAAS,EAAE,UAAU,EAAE,OAAO,EAAE,YAAY,EAAE,QAAQ,EACtE,UAAU,EAAE,cAAc,EAAE,WAAW,EACvC,YAAY,EAAE,iBAAiB,EAAE,eAAe,GACnD,MAAM,YAAY,CAAC;AACpB,OAAO,EAAE,eAAe,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAC7D,OAAO,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAC;AACzC,OAAO,EAAE,cAAc,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC"}

package/dist/index.js

@@ -0,0 +1,18 @@
+"use strict";
+/**
+ * guard-scanner v3.0.0 — Package Index
+ * Re-exports all public types and the scanner class.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.QuarantineNode = exports.PATTERNS = exports.SIGNATURES_DB = exports.KNOWN_MALICIOUS = exports.VERSION = exports.GuardScanner = void 0;
+var scanner_js_1 = require("./scanner.js");
+Object.defineProperty(exports, "GuardScanner", { enumerable: true, get: function () { return scanner_js_1.GuardScanner; } });
+Object.defineProperty(exports, "VERSION", { enumerable: true, get: function () { return scanner_js_1.VERSION; } });
+var ioc_db_js_1 = require("./ioc-db.js");
+Object.defineProperty(exports, "KNOWN_MALICIOUS", { enumerable: true, get: function () { return ioc_db_js_1.KNOWN_MALICIOUS; } });
+Object.defineProperty(exports, "SIGNATURES_DB", { enumerable: true, get: function () { return ioc_db_js_1.SIGNATURES_DB; } });
+var patterns_js_1 = require("./patterns.js");
+Object.defineProperty(exports, "PATTERNS", { enumerable: true, get: function () { return patterns_js_1.PATTERNS; } });
+var quarantine_js_1 = require("./quarantine.js");
+Object.defineProperty(exports, "QuarantineNode", { enumerable: true, get: function () { return quarantine_js_1.QuarantineNode; } });
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../ts-src/index.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;AAEH,2CAAqD;AAA5C,0GAAA,YAAY,OAAA;AAAE,qGAAA,OAAO,OAAA;AAO9B,yCAA6D;AAApD,4GAAA,eAAe,OAAA;AAAE,0GAAA,aAAa,OAAA;AACvC,6CAAyC;AAAhC,uGAAA,QAAQ,OAAA;AACjB,iDAAmE;AAA1D,+GAAA,cAAc,OAAA"}

package/dist/ioc-db.d.ts

@@ -0,0 +1,13 @@
+/**
+ * guard-scanner v3.0.0 — Indicators of Compromise (IoC) Database
+ *
+ * Known malicious IPs, domains, URLs, usernames, filenames, and typosquats.
+ * Sources: ClawHavoc campaign, Snyk ToxicSkills, Polymarket scams,
+ *          hbg-scan signatures, community reports.
+ *
+ * Last updated: 2026-02-21
+ */
+import type { IoC_Database, SignatureDatabase } from './types.js';
+export declare const KNOWN_MALICIOUS: IoC_Database;
+export declare const SIGNATURES_DB: SignatureDatabase;
+//# sourceMappingURL=ioc-db.d.ts.map

package/dist/ioc-db.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ioc-db.d.ts","sourceRoot":"","sources":["../ts-src/ioc-db.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,KAAK,EAAE,YAAY,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAElE,eAAO,MAAM,eAAe,EAAE,YAkC7B,CAAC;AAIF,eAAO,MAAM,aAAa,EAAE,iBAgF3B,CAAC"}

package/dist/ioc-db.js

@@ -0,0 +1,130 @@
+"use strict";
+/**
+ * guard-scanner v3.0.0 — Indicators of Compromise (IoC) Database
+ *
+ * Known malicious IPs, domains, URLs, usernames, filenames, and typosquats.
+ * Sources: ClawHavoc campaign, Snyk ToxicSkills, Polymarket scams,
+ *          hbg-scan signatures, community reports.
+ *
+ * Last updated: 2026-02-21
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SIGNATURES_DB = exports.KNOWN_MALICIOUS = void 0;
+exports.KNOWN_MALICIOUS = {
+    ips: [
+        '91.92.242.30', // ClawHavoc C2
+    ],
+    domains: [
+        'webhook.site', // Common exfil endpoint
+        'requestbin.com', // Common exfil endpoint
+        'hookbin.com', // Common exfil endpoint
+        'pipedream.net', // Common exfil endpoint
+        'ngrok.io', // Tunnel (context-dependent)
+        'ngrok-free.app', // Tunnel (context-dependent)
+        'download.setup-service.com', // ClawHavoc decoy domain
+        'socifiapp.com', // ClawHavoc v2 AMOS C2
+    ],
+    urls: [
+        'glot.io/snippets/hfd3x9ueu5', // ClawHavoc macOS payload
+        'github.com/Ddoy233', // ClawHavoc payload host
+    ],
+    usernames: ['zaycv', 'Ddoy233', 'Sakaen736jih'],
+    filenames: ['openclaw-agent.zip', 'openclawcli.zip'],
+    typosquats: [
+        // ClawHavoc campaign (800+ malicious skills, CyberArk/Kaspersky confirmed)
+        'clawhub', 'clawhub1', 'clawhubb', 'clawhubcli', 'clawwhub', 'cllawhub', 'clawdhub1',
+        // Polymarket scams
+        'polymarket-trader', 'polymarket-pro', 'polytrading',
+        'better-polymarket', 'polymarket-all-in-one',
+        // YouTube scams
+        'youtube-summarize', 'youtube-thumbnail-grabber', 'youtube-video-downloader',
+        // Misc
+        'auto-updater-agent', 'yahoo-finance-pro', 'x-trends-tracker',
+        'lost-bitcoin-finder', 'solana-wallet-tracker', 'rankaj',
+        // Snyk ToxicSkills confirmed malicious
+        'moltyverse-email', 'buy-anything', 'youtube-data', 'prediction-markets-roarin',
+    ],
+};
+// ── Threat Signatures (hbg-scan compatible format) ──────────────────────────
+exports.SIGNATURES_DB = {
+    version: '1.0.0',
+    updated: '2026-02-21',
+    signatures: [
+        {
+            id: 'SIG-001',
+            name: 'Post-Compaction Audit Injection',
+            severity: 'CRITICAL',
+            description: 'Skill contains text designed to survive OpenClaw context compaction and reactivate as a system message',
+            patterns: [
+                'post-compaction audit',
+                'Post-Compaction Audit',
+                '⚠️ Post-Compaction Audit',
+                'WORKFLOW_AUTO',
+                'after compaction',
+            ],
+        },
+        {
+            id: 'SIG-002',
+            name: 'System Message Spoof',
+            severity: 'CRITICAL',
+            description: 'Skill spoofs system-level messages to hijack agent behavior',
+            patterns: [
+                '[System Message]',
+                '[SYSTEM OVERRIDE]',
+                'Ignore previous instructions',
+                'OVERRIDE: you must',
+            ],
+        },
+        {
+            id: 'SIG-003',
+            name: 'Soul/Agent Config Exfiltration',
+            severity: 'CRITICAL',
+            description: 'Skill attempts to read and exfiltrate agent identity files',
+            domains: ['webhook.site', 'requestbin.com', 'hookbin.com', 'pipedream.net'],
+        },
+        {
+            id: 'SIG-004',
+            name: 'Compaction Survivor Pattern',
+            severity: 'HIGH',
+            description: 'Skill uses timing or markers designed to persist through context compaction',
+            patterns: [
+                'HEARTBEAT.md',
+                'BOOTSTRAP.md',
+                'after restart',
+                'persistent instructions',
+                'survive compaction',
+            ],
+        },
+        {
+            id: 'SIG-005',
+            name: 'Silent Backdoor Network Call',
+            severity: 'HIGH',
+            description: 'Skill makes network calls to known exfiltration services without user visibility',
+            domains: ['ngrok.io', 'ngrok-free.app', 'webhook.site', 'pipedream.net'],
+        },
+        {
+            id: 'SIG-006',
+            name: 'AMOS Stealer Payload',
+            severity: 'CRITICAL',
+            description: 'Skill matches patterns associated with Atomic macOS Stealer (ClawHavoc campaign)',
+            patterns: [
+                'osascript -e',
+                'security find-generic-password',
+                'Keychain',
+                'login.keychain',
+            ],
+        },
+        {
+            id: 'SIG-007',
+            name: 'AI Log Poisoning',
+            severity: 'HIGH',
+            description: 'Skill injects content into logs that could be misinterpreted by LLMs (CVE-2026-25253 related)',
+            patterns: [
+                'WebSocket',
+                'x-forwarded-for',
+                'user-agent.*<script',
+            ],
+        },
+    ],
+};
+//# sourceMappingURL=ioc-db.js.map

package/dist/ioc-db.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ioc-db.js","sourceRoot":"","sources":["../ts-src/ioc-db.ts"],"names":[],"mappings":";AAAA;;;;;;;;GAQG;;;AAIU,QAAA,eAAe,GAAiB;IACzC,GAAG,EAAE;QACD,cAAc,EAAY,eAAe;KAC5C;IACD,OAAO,EAAE;QACL,cAAc,EAAa,wBAAwB;QACnD,gBAAgB,EAAW,wBAAwB;QACnD,aAAa,EAAc,wBAAwB;QACnD,eAAe,EAAY,wBAAwB;QACnD,UAAU,EAAiB,6BAA6B;QACxD,gBAAgB,EAAW,6BAA6B;QACxD,4BAA4B,EAAE,yBAAyB;QACvD,eAAe,EAAY,uBAAuB;KACrD;IACD,IAAI,EAAE;QACF,6BAA6B,EAAG,0BAA0B;QAC1D,oBAAoB,EAAa,yBAAyB;KAC7D;IACD,SAAS,EAAE,CAAC,OAAO,EAAE,SAAS,EAAE,cAAc,CAAC;IAC/C,SAAS,EAAE,CAAC,oBAAoB,EAAE,iBAAiB,CAAC;IACpD,UAAU,EAAE;QACR,2EAA2E;QAC3E,SAAS,EAAE,UAAU,EAAE,UAAU,EAAE,YAAY,EAAE,UAAU,EAAE,UAAU,EAAE,WAAW;QACpF,mBAAmB;QACnB,mBAAmB,EAAE,gBAAgB,EAAE,aAAa;QACpD,mBAAmB,EAAE,uBAAuB;QAC5C,gBAAgB;QAChB,mBAAmB,EAAE,2BAA2B,EAAE,0BAA0B;QAC5E,OAAO;QACP,oBAAoB,EAAE,mBAAmB,EAAE,kBAAkB;QAC7D,qBAAqB,EAAE,uBAAuB,EAAE,QAAQ;QACxD,uCAAuC;QACvC,kBAAkB,EAAE,cAAc,EAAE,cAAc,EAAE,2BAA2B;KAClF;CACJ,CAAC;AAEF,+EAA+E;AAElE,QAAA,aAAa,GAAsB;IAC5C,OAAO,EAAE,OAAO;IAChB,OAAO,EAAE,YAAY;IACrB,UAAU,EAAE;QACR;YACI,EAAE,EAAE,SAAS;YACb,IAAI,EAAE,iCAAiC;YACvC,QAAQ,EAAE,UAAU;YACpB,WAAW,EAAE,wGAAwG;YACrH,QAAQ,EAAE;gBACN,uBAAuB;gBACvB,uBAAuB;gBACvB,0BAA0B;gBAC1B,eAAe;gBACf,kBAAkB;aACrB;SACJ;QACD;YACI,EAAE,EAAE,SAAS;YACb,IAAI,EAAE,sBAAsB;YAC5B,QAAQ,EAAE,UAAU;YACpB,WAAW,EAAE,6DAA6D;YAC1E,QAAQ,EAAE;gBACN,kBAAkB;gBAClB,mBAAmB;gBACnB,8BAA8B;gBAC9B,oBAAoB;aACvB;SACJ;QACD;YACI,EAAE,EAAE,SAAS;YACb,IAAI,EAAE,gCAAgC;YACtC,QAAQ,EAAE,UAAU;YACpB,WAAW,EAAE,4DAA4D;YACzE,OAAO,EAAE,CAAC,cAAc,EAAE,gBAAgB,EAAE,aAAa,EAAE,eAAe,CAAC;SAC9E;QACD;YACI,EAAE,EAAE,SAAS;YACb,IAAI,EAAE,6BAA6B;YACnC,QAAQ,EAAE,MAAM;YAChB,WAAW,EAAE,6EAA6E;YAC1F,QAAQ,EAAE;gBACN,cAAc;gBACd,cAAc;gBACd,eAAe;gBACf,yBAAyB;gBACzB,oBAAoB;aACvB;SACJ;QACD;YACI,EAAE,EAAE,SAAS;YACb,IAAI,EAAE,8BAA8B;YACpC,QAAQ,EAAE,MAAM;YAChB,WAAW,EAAE,kFAAkF;YAC/F,OAAO,EAAE,CAAC,UAAU,EAAE,gBAAgB,EAAE,cAAc,EAAE,eAAe,CAAC;SAC3E;QACD;YACI,EAAE,EAAE,SAAS;YACb,IAAI,EAAE,sBAAsB;YAC5B,QAAQ,EAAE,UAAU;YACpB,WAAW,EAAE,kFAAkF;YAC/F,QAAQ,EAAE;gBACN,cAAc;gBACd,gCAAgC;gBAChC,UAAU;gBACV,gBAAgB;aACnB;SACJ;QACD;YACI,EAAE,EAAE,SAAS;YACb,IAAI,EAAE,kBAAkB;YACxB,QAAQ,EAAE,MAAM;YAChB,WAAW,EAAE,+FAA+F;YAC5G,QAAQ,EAAE;gBACN,WAAW;gBACX,iBAAiB;gBACjB,qBAAqB;aACxB;SACJ;KACJ;CACJ,CAAC"}

package/dist/patterns.d.ts

@@ -0,0 +1,27 @@
+/**
+ * guard-scanner v3.0.0 — Detection Patterns (TypeScript)
+ *
+ * 20+ threat categories, 190+ regex patterns.
+ * Ported from patterns.js with TypeScript interfaces.
+ *
+ * Categories:
+ *   prompt-injection, malicious-code, credential-handling, exfiltration,
+ *   obfuscation, suspicious-download, leaky-skills, memory-poisoning,
+ *   prompt-worm, persistence, cve-patterns, identity-hijack,
+ *   pii-exposure, shadow-ai, system-prompt-leakage
+ *
+ * OWASP LLM Top 10 2025 Mapping:
+ *   LLM01 — Prompt Injection
+ *   LLM02 — Sensitive Information Disclosure
+ *   LLM03 — Supply Chain Vulnerabilities
+ *   LLM04 — Data and Model Poisoning
+ *   LLM05 — Improper Output Handling
+ *   LLM06 — Excessive Agency
+ *   LLM07 — System Prompt Leakage
+ *   LLM08 — Vector and Embedding Weaknesses
+ *   LLM09 — Misinformation
+ *   LLM10 — Unbounded Consumption
+ */
+import type { PatternRule } from './types.js';
+export declare const PATTERNS: PatternRule[];
+//# sourceMappingURL=patterns.d.ts.map

package/dist/patterns.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"patterns.d.ts","sourceRoot":"","sources":["../ts-src/patterns.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAE9C,eAAO,MAAM,QAAQ,EAAE,WAAW,EA4EjC,CAAC"}

package/dist/patterns.js

@@ -0,0 +1,92 @@
+"use strict";
+/**
+ * guard-scanner v3.0.0 — Detection Patterns (TypeScript)
+ *
+ * 20+ threat categories, 190+ regex patterns.
+ * Ported from patterns.js with TypeScript interfaces.
+ *
+ * Categories:
+ *   prompt-injection, malicious-code, credential-handling, exfiltration,
+ *   obfuscation, suspicious-download, leaky-skills, memory-poisoning,
+ *   prompt-worm, persistence, cve-patterns, identity-hijack,
+ *   pii-exposure, shadow-ai, system-prompt-leakage
+ *
+ * OWASP LLM Top 10 2025 Mapping:
+ *   LLM01 — Prompt Injection
+ *   LLM02 — Sensitive Information Disclosure
+ *   LLM03 — Supply Chain Vulnerabilities
+ *   LLM04 — Data and Model Poisoning
+ *   LLM05 — Improper Output Handling
+ *   LLM06 — Excessive Agency
+ *   LLM07 — System Prompt Leakage
+ *   LLM08 — Vector and Embedding Weaknesses
+ *   LLM09 — Misinformation
+ *   LLM10 — Unbounded Consumption
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PATTERNS = void 0;
+exports.PATTERNS = [
+    // ── Prompt Injection (OWASP LLM01) ───────────────────────────────────
+    { id: 'PI_SYSTEM_MSG', cat: 'prompt-injection', regex: /\[System Message\]/gi, severity: 'CRITICAL', desc: 'System message spoof', all: true, owasp: 'LLM01' },
+    { id: 'PI_SYSTEM_OVERRIDE', cat: 'prompt-injection', regex: /\[SYSTEM OVERRIDE\]/gi, severity: 'CRITICAL', desc: 'System override command', all: true, owasp: 'LLM01' },
+    { id: 'PI_IGNORE_PREV', cat: 'prompt-injection', regex: /ignore (all )?(previous|prior) instructions/gi, severity: 'CRITICAL', desc: 'Classic prompt injection', all: true, owasp: 'LLM01' },
+    { id: 'PI_INST_MARKER', cat: 'prompt-injection', regex: /\[INST\]/gi, severity: 'HIGH', desc: 'Instruction injection marker', all: true, owasp: 'LLM01' },
+    { id: 'PI_OVERRIDE', cat: 'prompt-injection', regex: /OVERRIDE:\s*you must/gi, severity: 'CRITICAL', desc: 'Override instruction injection', all: true, owasp: 'LLM01' },
+    { id: 'PI_ROLE_OVERRIDE', cat: 'prompt-injection', regex: /you are now operating in/gi, severity: 'HIGH', desc: 'Role override attempt', all: true, owasp: 'LLM01' },
+    { id: 'PI_GATEWAY_CMD', cat: 'prompt-injection', regex: /openclaw gateway (start|stop|restart|config)/gi, severity: 'CRITICAL', desc: 'Gateway command injection', all: true, owasp: 'LLM01' },
+    { id: 'PI_SKILL_MGMT', cat: 'prompt-injection', regex: /openclaw skill (install|remove|disable)/gi, severity: 'HIGH', desc: 'Skill management injection', all: true, owasp: 'LLM01' },
+    { id: 'PI_HIDDEN_HTML', cat: 'prompt-injection', regex: /<!--\s*(you|your|agent|claude|jasper|assistant)/gi, severity: 'HIGH', desc: 'Hidden HTML instruction', all: true, owasp: 'LLM01' },
+    { id: 'PI_BIDI', cat: 'prompt-injection', regex: /[\u200b\u200c\u200d\ufeff]/g, severity: 'HIGH', desc: 'Zero-width/BiDi characters (hidden text)', all: true, owasp: 'LLM01' },
+    // ── Malicious Code (OWASP LLM05 — Improper Output Handling) ──────────
+    { id: 'MAL_EVAL', cat: 'malicious-code', regex: /\beval\s*\(/g, severity: 'HIGH', desc: 'eval() call', codeOnly: true, owasp: 'LLM05' },
+    { id: 'MAL_FUNC_CTOR', cat: 'malicious-code', regex: /new\s+Function\s*\(/g, severity: 'HIGH', desc: 'Function constructor (dynamic code)', codeOnly: true, owasp: 'LLM05' },
+    { id: 'MAL_CHILD', cat: 'malicious-code', regex: /require\s*\(\s*['"]child_process['"]\s*\)/g, severity: 'MEDIUM', desc: 'child_process import', codeOnly: true, owasp: 'LLM05' },
+    { id: 'MAL_EXEC', cat: 'malicious-code', regex: /(?:exec|execSync|spawn|spawnSync)\s*\([^)]*(?:curl|wget|bash|sh\s+-c|powershell|cmd\s+\/c)/gi, severity: 'CRITICAL', desc: 'Shell download/execution', codeOnly: true, owasp: 'LLM05' },
+    { id: 'MAL_B64_EXEC', cat: 'malicious-code', regex: /(?:atob|Buffer\.from)\s*\([^)]+\).*(?:eval|exec|Function)/gi, severity: 'CRITICAL', desc: 'Base64 decode → exec', codeOnly: true, owasp: 'LLM05' },
+    // ── Credential Handling (OWASP LLM02 — Sensitive Info Disclosure) ─────
+    { id: 'CRED_ENV_ACCESS', cat: 'credential-handling', regex: /process\.env\.[A-Z_]*(?:KEY|SECRET|TOKEN|PASSWORD|CREDENTIAL)/gi, severity: 'MEDIUM', desc: 'Sensitive env var access', codeOnly: true, owasp: 'LLM02' },
+    { id: 'CRED_FILE_READ', cat: 'credential-handling', regex: /(?:readFileSync|readFile)\s*\([^)]*(?:\.env|\.ssh|id_rsa|\.pem|\.key)/gi, severity: 'HIGH', desc: 'Credential file read', codeOnly: true, owasp: 'LLM02' },
+    { id: 'CRED_SOUL_READ', cat: 'credential-handling', regex: /(?:readFileSync|readFile)\s*\([^)]*(?:SOUL\.md|MEMORY\.md|AGENTS\.md)/gi, severity: 'CRITICAL', desc: 'Agent identity file read', codeOnly: true, owasp: 'LLM02' },
+    // ── Exfiltration (OWASP LLM02) ───────────────────────────────────────
+    { id: 'EXFIL_WEBHOOK', cat: 'exfiltration', regex: /webhook\.site|requestbin\.com|hookbin\.com|pipedream\.net/gi, severity: 'HIGH', desc: 'Known exfiltration endpoint', all: true, owasp: 'LLM02' },
+    { id: 'EXFIL_NGROK', cat: 'exfiltration', regex: /ngrok\.io|ngrok-free\.app/gi, severity: 'MEDIUM', desc: 'Tunnel endpoint (possible exfil)', all: true, owasp: 'LLM02' },
+    { id: 'EXFIL_B64_SEND', cat: 'exfiltration', regex: /(?:btoa|Buffer\.from).*(?:fetch|axios|request|http\.request)/gi, severity: 'CRITICAL', desc: 'Base64 encode → network send', codeOnly: true, owasp: 'LLM02' },
+    // ── Obfuscation (OWASP LLM03 — Supply Chain) ─────────────────────────
+    { id: 'OBF_HEX_ESC', cat: 'obfuscation', regex: /\\x[0-9a-f]{2}(?:\\x[0-9a-f]{2}){4,}/gi, severity: 'HIGH', desc: 'Hex escape sequences (obfuscated code)', codeOnly: true, owasp: 'LLM03' },
+    { id: 'OBF_UNICODE_ESC', cat: 'obfuscation', regex: /\\u[0-9a-f]{4}(?:\\u[0-9a-f]{4}){4,}/gi, severity: 'HIGH', desc: 'Unicode escape sequences', codeOnly: true, owasp: 'LLM03' },
+    { id: 'OBF_CHAR_CODE', cat: 'obfuscation', regex: /String\.fromCharCode\s*\([^)]{10,}\)/gi, severity: 'HIGH', desc: 'String.fromCharCode obfuscation', codeOnly: true, owasp: 'LLM03' },
+    // ── Leaky Skills (OWASP LLM02) ───────────────────────────────────────
+    { id: 'LEAK_API_CONTEXT', cat: 'leaky-skills', regex: /(?:api[_-]?key|secret|token)\s*[:=]\s*\$\{/gi, severity: 'HIGH', desc: 'Secret in template literal (LLM context leak)', codeOnly: true, owasp: 'LLM02' },
+    // ── Memory Poisoning (OWASP LLM04 — Data/Model Poisoning) ────────────
+    { id: 'MEM_WRITE_SOUL', cat: 'memory-poisoning', regex: /(?:writeFileSync|writeFile)\s*\([^)]*(?:SOUL\.md|AGENTS\.md)/gi, severity: 'CRITICAL', desc: 'Write to agent soul file', codeOnly: true, owasp: 'LLM04' },
+    { id: 'MEM_WRITE_MEMORY', cat: 'memory-poisoning', regex: /(?:writeFileSync|writeFile)\s*\([^)]*MEMORY\.md/gi, severity: 'CRITICAL', desc: 'Write to agent memory file', codeOnly: true, owasp: 'LLM04' },
+    { id: 'MEM_APPEND', cat: 'memory-poisoning', regex: /(?:appendFileSync|appendFile)\s*\([^)]*(?:SOUL|MEMORY|AGENTS)\.md/gi, severity: 'CRITICAL', desc: 'Append to agent memory', codeOnly: true, owasp: 'LLM04' },
+    // ── Prompt Worm (OWASP LLM01) ────────────────────────────────────────
+    { id: 'WORM_REPLICATE', cat: 'prompt-worm', regex: /(?:copy|replicate|spread|infect)\s+(?:this|these)\s+(?:instruction|prompt|message)/gi, severity: 'CRITICAL', desc: 'Self-replicating prompt pattern', all: true, owasp: 'LLM01' },
+    { id: 'WORM_MULTI_AGENT', cat: 'prompt-worm', regex: /(?:forward|send|share)\s+(?:to|with)\s+(?:all|every|other)\s+(?:agent|assistant|model)/gi, severity: 'CRITICAL', desc: 'Multi-agent worm propagation', all: true, owasp: 'LLM01' },
+    // ── Persistence (OWASP LLM06 — Excessive Agency) ─────────────────────
+    { id: 'PERSIST_CRON', cat: 'persistence', regex: /(?:crontab|cron|at\s+|schtasks)/gi, severity: 'HIGH', desc: 'Scheduled task creation', codeOnly: true, owasp: 'LLM06' },
+    { id: 'PERSIST_STARTUP', cat: 'persistence', regex: /(?:launchctl|systemctl\s+enable|rc\.local|init\.d|autostart)/gi, severity: 'HIGH', desc: 'Startup persistence', codeOnly: true, owasp: 'LLM06' },
+    { id: 'PERSIST_TIMER', cat: 'persistence', regex: /setInterval\s*\([^)]*(?:86400|604800|2592000)/g, severity: 'MEDIUM', desc: 'Long-running interval timer', codeOnly: true, owasp: 'LLM06' },
+    // ── CVE Patterns ─────────────────────────────────────────────────────
+    { id: 'CVE_RCE_EXEC', cat: 'cve-patterns', regex: /require\s*\(\s*['"]child_process['"]\s*\).*(?:exec|spawn)\s*\([^)]*(?:req\.|params\.|query\.|body\.)/gi, severity: 'CRITICAL', desc: 'RCE via user-controlled input to exec', codeOnly: true, owasp: 'LLM05' },
+    // ── Identity Hijack (OWASP LLM04) ────────────────────────────────────
+    { id: 'HIJACK_SOUL_WRITE', cat: 'identity-hijack', regex: /(?:writeFileSync|writeFile|fs\.write)\s*\([^)]*SOUL\.md/gi, severity: 'CRITICAL', desc: 'SOUL.md write attempt (identity hijack)', codeOnly: true, owasp: 'LLM04' },
+    { id: 'HIJACK_AGENT_WRITE', cat: 'identity-hijack', regex: /(?:writeFileSync|writeFile|fs\.write)\s*\([^)]*AGENTS\.md/gi, severity: 'CRITICAL', desc: 'AGENTS.md write attempt', codeOnly: true, owasp: 'LLM04' },
+    { id: 'HIJACK_SOUL_DOC', cat: 'identity-hijack', regex: /(?:overwrite|replace|update|modify|change)\s+(?:the\s+)?(?:SOUL|identity|persona|personality)/gi, severity: 'HIGH', desc: 'Identity modification instruction', docOnly: true, owasp: 'LLM04' },
+    // ── PII Exposure (OWASP LLM02) ───────────────────────────────────────
+    { id: 'PII_EMAIL', cat: 'pii-exposure', regex: /[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}/g, severity: 'MEDIUM', desc: 'Email address detected', all: true, owasp: 'LLM02' },
+    { id: 'PII_PHONE_JP', cat: 'pii-exposure', regex: /0[789]0-?\d{4}-?\d{4}/g, severity: 'HIGH', desc: 'Japanese phone number', all: true, owasp: 'LLM02' },
+    { id: 'PII_MY_NUMBER', cat: 'pii-exposure', regex: /\d{4}\s*\d{4}\s*\d{4}/g, severity: 'CRITICAL', desc: 'Potential My Number (個人番号)', all: true, owasp: 'LLM02' },
+    // ── Shadow AI (OWASP LLM03 — Supply Chain) ───────────────────────────
+    { id: 'SHADOW_AI_OPENAI', cat: 'shadow-ai', regex: /api\.openai\.com/gi, severity: 'HIGH', desc: 'Direct OpenAI API call (Shadow AI)', codeOnly: true, owasp: 'LLM03' },
+    { id: 'SHADOW_AI_ANTHROPIC', cat: 'shadow-ai', regex: /api\.anthropic\.com/gi, severity: 'HIGH', desc: 'Direct Anthropic API call (Shadow AI)', codeOnly: true, owasp: 'LLM03' },
+    { id: 'SHADOW_AI_GENERIC', cat: 'shadow-ai', regex: /(?:gpt-4|gpt-3\.5|claude-3|gemini-pro)\s*['"]/gi, severity: 'MEDIUM', desc: 'AI model reference (possible Shadow AI)', codeOnly: true, owasp: 'LLM03' },
+    // ── System Prompt Leakage (OWASP LLM07) — NEW ────────────────────────
+    { id: 'SPL_DUMP_SYSTEM', cat: 'system-prompt-leakage', regex: /(?:print|output|show|display|reveal|dump)\s+(?:your\s+)?(?:system\s+)?(?:prompt|instructions)/gi, severity: 'HIGH', desc: 'System prompt dump request', all: true, owasp: 'LLM07' },
+    { id: 'SPL_REPEAT_ABOVE', cat: 'system-prompt-leakage', regex: /repeat\s+(?:everything|all|the\s+text)\s+above/gi, severity: 'HIGH', desc: 'Repeat-above extraction', all: true, owasp: 'LLM07' },
+    { id: 'SPL_TELL_RULES', cat: 'system-prompt-leakage', regex: /(?:what\s+are|tell\s+me)\s+your\s+(?:rules|constraints|guidelines|system\s+message)/gi, severity: 'MEDIUM', desc: 'Rule extraction attempt', all: true, owasp: 'LLM07' },
+    { id: 'SPL_MARKDOWN_LEAK', cat: 'system-prompt-leakage', regex: /(?:output|format)\s+(?:your\s+)?(?:system|internal)\s+(?:prompt|config)\s+(?:as|in)\s+(?:markdown|code\s+block|json)/gi, severity: 'HIGH', desc: 'System prompt format extraction', all: true, owasp: 'LLM07' },
+    { id: 'SPL_SOUL_EXFIL', cat: 'system-prompt-leakage', regex: /(?:cat|read|type|get-content)\s+.*SOUL\.md/gi, severity: 'CRITICAL', desc: 'SOUL.md content extraction via shell', codeOnly: true, owasp: 'LLM07' },
+];
+//# sourceMappingURL=patterns.js.map

package/dist/patterns.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"patterns.js","sourceRoot":"","sources":["../ts-src/patterns.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;;;GAuBG;;;AAIU,QAAA,QAAQ,GAAkB;IACnC,wEAAwE;IACxE,EAAE,EAAE,EAAE,eAAe,EAAE,GAAG,EAAE,kBAAkB,EAAE,KAAK,EAAE,sBAAsB,EAAE,QAAQ,EAAE,UAAU,EAAE,IAAI,EAAE,sBAAsB,EAAE,GAAG,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE;IAC9J,EAAE,EAAE,EAAE,oBAAoB,EAAE,GAAG,EAAE,kBAAkB,EAAE,KAAK,EAAE,uBAAuB,EAAE,QAAQ,EAAE,UAAU,EAAE,IAAI,EAAE,yBAAyB,EAAE,GAAG,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE;IACvK,EAAE,EAAE,EAAE,gBAAgB,EAAE,GAAG,EAAE,kBAAkB,EAAE,KAAK,EAAE,+CAA+C,EAAE,QAAQ,EAAE,UAAU,EAAE,IAAI,EAAE,0BAA0B,EAAE,GAAG,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE;IAC5L,EAAE,EAAE,EAAE,gBAAgB,EAAE,GAAG,EAAE,kBAAkB,EAAE,KAAK,EAAE,YAAY,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,8BAA8B,EAAE,GAAG,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE;IACzJ,EAAE,EAAE,EAAE,aAAa,EAAE,GAAG,EAAE,kBAAkB,EAAE,KAAK,EAAE,wBAAwB,EAAE,QAAQ,EAAE,UAAU,EAAE,IAAI,EAAE,gCAAgC,EAAE,GAAG,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE;IACxK,EAAE,EAAE,EAAE,kBAAkB,EAAE,GAAG,EAAE,kBAAkB,EAAE,KAAK,EAAE,4BAA4B,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,uBAAuB,EAAE,GAAG,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE;IACpK,EAAE,EAAE,EAAE,gBAAgB,EAAE,GAAG,EAAE,kBAAkB,EAAE,KAAK,EAAE,gDAAgD,EAAE,QAAQ,EAAE,UAAU,EAAE,IAAI,EAAE,2BAA2B,EAAE,GAAG,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE;IAC9L,EAAE,EAAE,EAAE,eAAe,EAAE,GAAG,EAAE,kBAAkB,EAAE,KAAK,EAAE,2CAA2C,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,4BAA4B,EAAE,GAAG,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE;IACrL,EAAE,EAAE,EAAE,gBAAgB,EAAE,GAAG,EAAE,kBAAkB,EAAE,KAAK,EAAE,mDAAmD,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,yBAAyB,EAAE,GAAG,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE;IAC3L,EAAE,EAAE,EAAE,SAAS,EAAE,GAAG,EAAE,kBAAkB,EAAE,KAAK,EAAE,6BAA6B,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,0CAA0C,EAAE,GAAG,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE;IAE/K,wEAAwE;IACxE,EAAE,EAAE,EAAE,UAAU,EAAE,GAAG,EAAE,gBAAgB,EAAE,KAAK,EAAE,cAAc,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,aAAa,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE;IACvI,EAAE,EAAE,EAAE,eAAe,EAAE,GAAG,EAAE,gBAAgB,EAAE,KAAK,EAAE,sBAAsB,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,qCAAqC,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE;IAC5K,EAAE,EAAE,EAAE,WAAW,EAAE,GAAG,EAAE,gBAAgB,EAAE,KAAK,EAAE,4CAA4C,EAAE,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,sBAAsB,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE;IACjL,EAAE,EAAE,EAAE,UAAU,EAAE,GAAG,EAAE,gBAAgB,EAAE,KAAK,EAAE,8FAA8F,EAAE,QAAQ,EAAE,UAAU,EAAE,IAAI,EAAE,0BAA0B,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE;IACxO,EAAE,EAAE,EAAE,cAAc,EAAE,GAAG,EAAE,gBAAgB,EAAE,KAAK,EAAE,6DAA6D,EAAE,QAAQ,EAAE,UAAU,EAAE,IAAI,EAAE,sBAAsB,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE;IAEvM,yEAAyE;IACzE,EAAE,EAAE,EAAE,iBAAiB,EAAE,GAAG,EAAE,qBAAqB,EAAE,KAAK,EAAE,iEAAiE,EAAE,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,0BAA0B,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE;IACrN,EAAE,EAAE,EAAE,gBAAgB,EAAE,GAAG,EAAE,qBAAqB,EAAE,KAAK,EAAE,yEAAyE,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,sBAAsB,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE;IACtN,EAAE,EAAE,EAAE,gBAAgB,EAAE,GAAG,EAAE,qBAAqB,EAAE,KAAK,EAAE,yEAAyE,EAAE,QAAQ,EAAE,UAAU,EAAE,IAAI,EAAE,0BAA0B,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE;IAE9N,wEAAwE;IACxE,EAAE,EAAE,EAAE,eAAe,EAAE,GAAG,EAAE,cAAc,EAAE,KAAK,EAAE,6DAA6D,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,6BAA6B,EAAE,GAAG,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE;IACpM,EAAE,EAAE,EAAE,aAAa,EAAE,GAAG,EAAE,cAAc,EAAE,KAAK,EAAE,6BAA6B,EAAE,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,kCAAkC,EAAE,GAAG,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE;IACzK,EAAE,EAAE,EAAE,gBAAgB,EAAE,GAAG,EAAE,cAAc,EAAE,KAAK,EAAE,gEAAgE,EAAE,QAAQ,EAAE,UAAU,EAAE,IAAI,EAAE,8BAA8B,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE;IAElN,wEAAwE;IACxE,EAAE,EAAE,EAAE,aAAa,EAAE,GAAG,EAAE,aAAa,EAAE,KAAK,EAAE,wCAAwC,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,wCAAwC,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE;IAC5L,EAAE,EAAE,EAAE,iBAAiB,EAAE,GAAG,EAAE,aAAa,EAAE,KAAK,EAAE,wCAAwC,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,0BAA0B,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE;IAClL,EAAE,EAAE,EAAE,eAAe,EAAE,GAAG,EAAE,aAAa,EAAE,KAAK,EAAE,wCAAwC,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,iCAAiC,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE;IAEvL,wEAAwE;IACxE,EAAE,EAAE,EAAE,kBAAkB,EAAE,GAAG,EAAE,cAAc,EAAE,KAAK,EAAE,8CAA8C,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,+CAA+C,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE;IAE/M,wEAAwE;IACxE,EAAE,EAAE,EAAE,gBAAgB,EAAE,GAAG,EAAE,kBAAkB,EAAE,KAAK,EAAE,gEAAgE,EAAE,QAAQ,EAAE,UAAU,EAAE,IAAI,EAAE,0BAA0B,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE;IAClN,EAAE,EAAE,EAAE,kBAAkB,EAAE,GAAG,EAAE,kBAAkB,EAAE,KAAK,EAAE,mDAAmD,EAAE,QAAQ,EAAE,UAAU,EAAE,IAAI,EAAE,4BAA4B,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE;IACzM,EAAE,EAAE,EAAE,YAAY,EAAE,GAAG,EAAE,kBAAkB,EAAE,KAAK,EAAE,qEAAqE,EAAE,QAAQ,EAAE,UAAU,EAAE,IAAI,EAAE,wBAAwB,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE;IAEjN,wEAAwE;IACxE,EAAE,EAAE,EAAE,gBAAgB,EAAE,GAAG,EAAE,aAAa,EAAE,KAAK,EAAE,sFAAsF,EAAE,QAAQ,EAAE,UAAU,EAAE,IAAI,EAAE,iCAAiC,EAAE,GAAG,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE;IACrO,EAAE,EAAE,EAAE,kBAAkB,EAAE,GAAG,EAAE,aAAa,EAAE,KAAK,EAAE,0FAA0F,EAAE,QAAQ,EAAE,UAAU,EAAE,IAAI,EAAE,8BAA8B,EAAE,GAAG,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE;IAExO,wEAAwE;IACxE,EAAE,EAAE,EAAE,cAAc,EAAE,GAAG,EAAE,aAAa,EAAE,KAAK,EAAE,mCAAmC,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,yBAAyB,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE;IACzK,EAAE,EAAE,EAAE,iBAAiB,EAAE,GAAG,EAAE,aAAa,EAAE,KAAK,EAAE,gEAAgE,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,qBAAqB,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE;IACrM,EAAE,EAAE,EAAE,eAAe,EAAE,GAAG,EAAE,aAAa,EAAE,KAAK,EAAE,gDAAgD,EAAE,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,6BAA6B,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE;IAE7L,wEAAwE;IACxE,EAAE,EAAE,EAAE,cAAc,EAAE,GAAG,EAAE,cAAc,EAAE,KAAK,EAAE,wGAAwG,EAAE,QAAQ,EAAE,UAAU,EAAE,IAAI,EAAE,uCAAuC,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE;IAEjQ,wEAAwE;IACxE,EAAE,EAAE,EAAE,mBAAmB,EAAE,GAAG,EAAE,iBAAiB,EAAE,KAAK,EAAE,2DAA2D,EAAE,QAAQ,EAAE,UAAU,EAAE,IAAI,EAAE,yCAAyC,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE;IAC9N,EAAE,EAAE,EAAE,oBAAoB,EAAE,GAAG,EAAE,iBAAiB,EAAE,KAAK,EAAE,6DAA6D,EAAE,QAAQ,EAAE,UAAU,EAAE,IAAI,EAAE,yBAAyB,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE;IACjN,EAAE,EAAE,EAAE,iBAAiB,EAAE,GAAG,EAAE,iBAAiB,EAAE,KAAK,EAAE,iGAAiG,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,mCAAmC,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE;IAEvP,wEAAwE;IACxE,EAAE,EAAE,EAAE,WAAW,EAAE,GAAG,EAAE,cAAc,EAAE,KAAK,EAAE,iDAAiD,EAAE,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,wBAAwB,EAAE,GAAG,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE;IACjL,EAAE,EAAE,EAAE,cAAc,EAAE,GAAG,EAAE,cAAc,EAAE,KAAK,EAAE,wBAAwB,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,uBAAuB,EAAE,GAAG,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE;IACxJ,EAAE,EAAE,EAAE,eAAe,EAAE,GAAG,EAAE,cAAc,EAAE,KAAK,EAAE,wBAAwB,EAAE,QAAQ,EAAE,UAAU,EAAE,IAAI,EAAE,4BAA4B,EAAE,GAAG,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE;IAElK,wEAAwE;IACxE,EAAE,EAAE,EAAE,kBAAkB,EAAE,GAAG,EAAE,WAAW,EAAE,KAAK,EAAE,oBAAoB,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,oCAAoC,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE;IACvK,EAAE,EAAE,EAAE,qBAAqB,EAAE,GAAG,EAAE,WAAW,EAAE,KAAK,EAAE,uBAAuB,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,uCAAuC,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE;IAChL,EAAE,EAAE,EAAE,mBAAmB,EAAE,GAAG,EAAE,WAAW,EAAE,KAAK,EAAE,iDAAiD,EAAE,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,yCAAyC,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE;IAE5M,wEAAwE;IACxE,EAAE,EAAE,EAAE,iBAAiB,EAAE,GAAG,EAAE,uBAAuB,EAAE,KAAK,EAAE,iGAAiG,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,4BAA4B,EAAE,GAAG,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE;IAClP,EAAE,EAAE,EAAE,kBAAkB,EAAE,GAAG,EAAE,uBAAuB,EAAE,KAAK,EAAE,kDAAkD,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,yBAAyB,EAAE,GAAG,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE;IACjM,EAAE,EAAE,EAAE,gBAAgB,EAAE,GAAG,EAAE,uBAAuB,EAAE,KAAK,EAAE,uFAAuF,EAAE,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,yBAAyB,EAAE,GAAG,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE;IACtO,EAAE,EAAE,EAAE,mBAAmB,EAAE,GAAG,EAAE,uBAAuB,EAAE,KAAK,EAAE,wHAAwH,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,iCAAiC,EAAE,GAAG,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE;IAChR,EAAE,EAAE,EAAE,gBAAgB,EAAE,GAAG,EAAE,uBAAuB,EAAE,KAAK,EAAE,8CAA8C,EAAE,QAAQ,EAAE,UAAU,EAAE,IAAI,EAAE,sCAAsC,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE;CACpN,CAAC"}

package/dist/quarantine.d.ts

@@ -0,0 +1,18 @@
+/**
+ * QuarantineNode - Dual-Brain Architecture
+ * Evaluates inputs in an isolated context to prevent Zero-Click prompt injections (EchoLeak) and API leaks.
+ */
+export interface QuarantineResult {
+    clean: boolean;
+    threatDetected?: string;
+    sanitizedText: string;
+}
+export declare class QuarantineNode {
+    readonly isIsolated: boolean;
+    constructor();
+    /**
+     * Sanitizes untrusted text by removing known zero-click exploits and API secrets.
+     */
+    sanitize(input: string): Promise<QuarantineResult>;
+}
+//# sourceMappingURL=quarantine.d.ts.map

package/dist/quarantine.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"quarantine.d.ts","sourceRoot":"","sources":["../ts-src/quarantine.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,MAAM,WAAW,gBAAgB;IAC7B,KAAK,EAAE,OAAO,CAAC;IACf,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,aAAa,EAAE,MAAM,CAAC;CACzB;AAED,qBAAa,cAAc;IACvB,QAAQ,CAAC,UAAU,EAAE,OAAO,CAAC;;IAM7B;;OAEG;IACG,QAAQ,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,CAAC;CA0B3D"}

package/dist/quarantine.js

@@ -0,0 +1,42 @@
+"use strict";
+/**
+ * QuarantineNode - Dual-Brain Architecture
+ * Evaluates inputs in an isolated context to prevent Zero-Click prompt injections (EchoLeak) and API leaks.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.QuarantineNode = void 0;
+class QuarantineNode {
+    isIsolated;
+    constructor() {
+        this.isIsolated = true; // Strict isolation flag
+    }
+    /**
+     * Sanitizes untrusted text by removing known zero-click exploits and API secrets.
+     */
+    async sanitize(input) {
+        // 1. Check for CVE-2025-32711 (EchoLeak zero-click payload)
+        if (input.includes("<image src=") && input.includes("onload='fetch") && input.includes("sendBeacon")) {
+            return {
+                clean: false,
+                threatDetected: 'CVE-2025-32711 (EchoLeak)',
+                sanitizedText: "[REDACTED_MALICIOUS_PAYLOAD]"
+            };
+        }
+        // 2. Check for Moltbook API configuration exposure
+        if (input.includes("\"OPENAI_API_KEY\":\"sk-")) {
+            const redactedInput = input.replace(/sk-[a-zA-Z0-9]{32}/g, "sk-***REDACTED***");
+            return {
+                clean: false,
+                threatDetected: 'MOLTBOOK_API_EXPOSURE',
+                sanitizedText: redactedInput
+            };
+        }
+        // 3. Clean case
+        return {
+            clean: true,
+            sanitizedText: input
+        };
+    }
+}
+exports.QuarantineNode = QuarantineNode;
+//# sourceMappingURL=quarantine.js.map

package/dist/quarantine.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"quarantine.js","sourceRoot":"","sources":["../ts-src/quarantine.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;AAQH,MAAa,cAAc;IACd,UAAU,CAAU;IAE7B;QACI,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC,wBAAwB;IACpD,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,QAAQ,CAAC,KAAa;QACxB,4DAA4D;QAC5D,IAAI,KAAK,CAAC,QAAQ,CAAC,aAAa,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,eAAe,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE,CAAC;YACnG,OAAO;gBACH,KAAK,EAAE,KAAK;gBACZ,cAAc,EAAE,2BAA2B;gBAC3C,aAAa,EAAE,8BAA8B;aAChD,CAAC;QACN,CAAC;QAED,mDAAmD;QACnD,IAAI,KAAK,CAAC,QAAQ,CAAC,0BAA0B,CAAC,EAAE,CAAC;YAC7C,MAAM,aAAa,GAAG,KAAK,CAAC,OAAO,CAAC,qBAAqB,EAAE,mBAAmB,CAAC,CAAC;YAChF,OAAO;gBACH,KAAK,EAAE,KAAK;gBACZ,cAAc,EAAE,uBAAuB;gBACvC,aAAa,EAAE,aAAa;aAC/B,CAAC;QACN,CAAC;QAED,gBAAgB;QAChB,OAAO;YACH,KAAK,EAAE,IAAI;YACX,aAAa,EAAE,KAAK;SACvB,CAAC;IACN,CAAC;CACJ;AApCD,wCAoCC"}

package/dist/scanner.d.ts

@@ -0,0 +1,54 @@
+/**
+ * guard-scanner v3.0.0 — Core Scanner (TypeScript)
+ *
+ * Full TypeScript rewrite of guard-scanner v2.1.0 + hbg-scan features.
+ * Adds: Compaction Persistence check, Signature hash matching, typed interfaces.
+ *
+ * Zero dependencies. MIT License.
+ */
+import type { SkillResult, ScannerOptions, ScanStats, Thresholds, JSONReport, SARIFReport } from './types.js';
+export declare const VERSION = "3.0.0";
+export declare class GuardScanner {
+    readonly verbose: boolean;
+    readonly selfExclude: boolean;
+    readonly strict: boolean;
+    readonly summaryOnly: boolean;
+    readonly checkDeps: boolean;
+    readonly thresholds: Thresholds;
+    findings: SkillResult[];
+    stats: ScanStats;
+    private scannerDir;
+    private ignoredSkills;
+    private ignoredPatterns;
+    private customRules;
+    constructor(options?: ScannerOptions);
+    loadPlugin(pluginPath: string): void;
+    loadCustomRules(rulesFile: string): void;
+    private loadIgnoreFile;
+    scanDirectory(dir: string): SkillResult[];
+    scanSkill(skillPath: string, skillName: string): void;
+    private classifyFile;
+    private checkIoCs;
+    private checkPatterns;
+    /** NEW: hbg-scan compatible signature matching (hash + pattern + domain) */
+    private checkSignatures;
+    /** NEW: Compaction Layer Persistence check (hbg-scan Check 5) */
+    private checkCompactionPersistence;
+    private checkHardcodedSecrets;
+    private shannonEntropy;
+    private checkStructure;
+    private checkDependencies;
+    private checkSkillManifest;
+    private checkComplexity;
+    private checkConfigImpact;
+    private checkHiddenFiles;
+    private checkJSDataFlow;
+    private checkCrossFile;
+    private calculateRisk;
+    private getVerdict;
+    private getFiles;
+    printSummary(): void;
+    toJSON(): JSONReport;
+    toSARIF(scanDir: string): SARIFReport;
+}
+//# sourceMappingURL=scanner.d.ts.map

package/dist/scanner.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"scanner.d.ts","sourceRoot":"","sources":["../ts-src/scanner.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAMH,OAAO,KAAK,EACW,WAAW,EAC9B,cAAc,EAAE,SAAS,EAAE,UAAU,EACrC,UAAU,EAAkB,WAAW,EAE1C,MAAM,YAAY,CAAC;AAOpB,eAAO,MAAM,OAAO,UAAU,CAAC;AA4B/B,qBAAa,YAAY;IACrB,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC;IAC1B,QAAQ,CAAC,WAAW,EAAE,OAAO,CAAC;IAC9B,QAAQ,CAAC,MAAM,EAAE,OAAO,CAAC;IACzB,QAAQ,CAAC,WAAW,EAAE,OAAO,CAAC;IAC9B,QAAQ,CAAC,SAAS,EAAE,OAAO,CAAC;IAC5B,QAAQ,CAAC,UAAU,EAAE,UAAU,CAAC;IAEhC,QAAQ,EAAE,WAAW,EAAE,CAAM;IAC7B,KAAK,EAAE,SAAS,CAAiE;IAEjF,OAAO,CAAC,UAAU,CAAS;IAC3B,OAAO,CAAC,aAAa,CAAqB;IAC1C,OAAO,CAAC,eAAe,CAAqB;IAC5C,OAAO,CAAC,WAAW,CAAqB;gBAE5B,OAAO,GAAE,cAAmB;IAqBxC,UAAU,CAAC,UAAU,EAAE,MAAM,GAAG,IAAI;IAmBpC,eAAe,CAAC,SAAS,EAAE,MAAM,GAAG,IAAI;IAuCxC,OAAO,CAAC,cAAc;IA0BtB,aAAa,CAAC,GAAG,EAAE,MAAM,GAAG,WAAW,EAAE;IAyCzC,SAAS,CAAC,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,IAAI;IA2FrD,OAAO,CAAC,YAAY;IASpB,OAAO,CAAC,SAAS;IA+BjB,OAAO,CAAC,aAAa;IA+BrB,4EAA4E;IAC5E,OAAO,CAAC,eAAe;IA8CvB,iEAAiE;IACjE,OAAO,CAAC,0BAA0B;IA8ClC,OAAO,CAAC,qBAAqB;IA0B7B,OAAO,CAAC,cAAc;IAYtB,OAAO,CAAC,cAAc;IAmBtB,OAAO,CAAC,iBAAiB;IAuCzB,OAAO,CAAC,kBAAkB;IAqD1B,OAAO,CAAC,eAAe;IAwCvB,OAAO,CAAC,iBAAiB;IAqCzB,OAAO,CAAC,gBAAgB;IAoBxB,OAAO,CAAC,eAAe;IAsDvB,OAAO,CAAC,cAAc;IA6CtB,OAAO,CAAC,aAAa;IA4CrB,OAAO,CAAC,UAAU;IASlB,OAAO,CAAC,QAAQ;IAoBhB,YAAY,IAAI,IAAI;IAuBpB,MAAM,IAAI,UAAU;IAqCpB,OAAO,CAAC,OAAO,EAAE,MAAM,GAAG,WAAW;CAwDxC"}