guard-scanner 5.0.4 → 5.0.8

package/dist/quarantine.d.ts

@@ -1,18 +0,0 @@
-/**
- * QuarantineNode - Dual-Brain Architecture
- * Evaluates inputs in an isolated context to prevent Zero-Click prompt injections (EchoLeak) and API leaks.
- */
-export interface QuarantineResult {
-    clean: boolean;
-    threatDetected?: string;
-    sanitizedText: string;
-}
-export declare class QuarantineNode {
-    readonly isIsolated: boolean;
-    constructor();
-    /**
-     * Sanitizes untrusted text by removing known zero-click exploits and API secrets.
-     */
-    sanitize(input: string): Promise<QuarantineResult>;
-}
-//# sourceMappingURL=quarantine.d.ts.map

package/dist/quarantine.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"quarantine.d.ts","sourceRoot":"","sources":["../ts-src/quarantine.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,MAAM,WAAW,gBAAgB;IAC7B,KAAK,EAAE,OAAO,CAAC;IACf,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,aAAa,EAAE,MAAM,CAAC;CACzB;AAED,qBAAa,cAAc;IACvB,QAAQ,CAAC,UAAU,EAAE,OAAO,CAAC;;IAM7B;;OAEG;IACG,QAAQ,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,CAAC;CA0B3D"}

package/dist/quarantine.js

@@ -1,42 +0,0 @@
-"use strict";
-/**
- * QuarantineNode - Dual-Brain Architecture
- * Evaluates inputs in an isolated context to prevent Zero-Click prompt injections (EchoLeak) and API leaks.
- */
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.QuarantineNode = void 0;
-class QuarantineNode {
-    isIsolated;
-    constructor() {
-        this.isIsolated = true; // Strict isolation flag
-    }
-    /**
-     * Sanitizes untrusted text by removing known zero-click exploits and API secrets.
-     */
-    async sanitize(input) {
-        // 1. Check for CVE-2025-32711 (EchoLeak zero-click payload)
-        if (input.includes("<image src=") && input.includes("onload='fetch") && input.includes("sendBeacon")) {
-            return {
-                clean: false,
-                threatDetected: 'CVE-2025-32711 (EchoLeak)',
-                sanitizedText: "[REDACTED_MALICIOUS_PAYLOAD]"
-            };
-        }
-        // 2. Check for Moltbook API configuration exposure
-        if (input.includes("\"OPENAI_API_KEY\":\"sk-")) {
-            const redactedInput = input.replace(/sk-[a-zA-Z0-9]{32}/g, "sk-***REDACTED***");
-            return {
-                clean: false,
-                threatDetected: 'MOLTBOOK_API_EXPOSURE',
-                sanitizedText: redactedInput
-            };
-        }
-        // 3. Clean case
-        return {
-            clean: true,
-            sanitizedText: input
-        };
-    }
-}
-exports.QuarantineNode = QuarantineNode;
-//# sourceMappingURL=quarantine.js.map

package/dist/quarantine.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"quarantine.js","sourceRoot":"","sources":["../ts-src/quarantine.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;AAQH,MAAa,cAAc;IACd,UAAU,CAAU;IAE7B;QACI,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC,wBAAwB;IACpD,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,QAAQ,CAAC,KAAa;QACxB,4DAA4D;QAC5D,IAAI,KAAK,CAAC,QAAQ,CAAC,aAAa,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,eAAe,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE,CAAC;YACnG,OAAO;gBACH,KAAK,EAAE,KAAK;gBACZ,cAAc,EAAE,2BAA2B;gBAC3C,aAAa,EAAE,8BAA8B;aAChD,CAAC;QACN,CAAC;QAED,mDAAmD;QACnD,IAAI,KAAK,CAAC,QAAQ,CAAC,0BAA0B,CAAC,EAAE,CAAC;YAC7C,MAAM,aAAa,GAAG,KAAK,CAAC,OAAO,CAAC,qBAAqB,EAAE,mBAAmB,CAAC,CAAC;YAChF,OAAO;gBACH,KAAK,EAAE,KAAK;gBACZ,cAAc,EAAE,uBAAuB;gBACvC,aAAa,EAAE,aAAa;aAC/B,CAAC;QACN,CAAC;QAED,gBAAgB;QAChB,OAAO;YACH,KAAK,EAAE,IAAI;YACX,aAAa,EAAE,KAAK;SACvB,CAAC;IACN,CAAC;CACJ;AApCD,wCAoCC"}

package/dist/runtime.d.ts

@@ -1,58 +0,0 @@
-/**
- * guard-scanner v5.0.0 — Runtime Guard
- *
- * 22-pattern runtime threat detection across 4 defense layers:
- *   Layer 1: Runtime Threat Detection (13 patterns) — Payload & execution defense
- *   Layer 2: Trust Defense (5 patterns) — Memory/SOUL write protection
- *   Layer 3: Safety Judge (4 patterns) — Relational integrity checks
- *   Layer 4: Brain Behavioral Guard (1 pattern) — B-mem anomaly detection
- *
- * All patterns are deterministic regex-based checks. Zero LLM dependency.
- * Designed to block 2026-era Moltbook prompt injections and ClawHavoc RCE vectors.
- */
-export interface GuardCheck {
-    id: string;
-    layer: 1 | 2 | 3 | 4;
-    severity: "CRITICAL" | "HIGH" | "MEDIUM";
-    desc: string;
-    test: (s: string) => boolean;
-}
-export interface GuardDetection {
-    id: string;
-    layer: number;
-    severity: string;
-    desc: string;
-}
-export declare const LAYER_1_CHECKS: GuardCheck[];
-export declare const LAYER_2_CHECKS: GuardCheck[];
-export declare const LAYER_3_CHECKS: GuardCheck[];
-export declare const LAYER_4_CHECKS: GuardCheck[];
-export interface GuardOptions {
-    soulLock?: boolean;
-}
-export interface GuardScanResult {
-    ok: boolean;
-    tool: string | null;
-    total_patterns: number;
-    soul_lock_enabled: boolean;
-    detections_count: number;
-    detections: GuardDetection[];
-    layers: {
-        threat_detection: number;
-        trust_defense: number;
-        safety_judge: number;
-        behavioral_guard: number;
-    };
-}
-/**
- * Scan text against runtime guard patterns.
- * Base patterns (14) run by default.
- * Options.soulLock = true enables 9 identity/trust enforcement patterns.
- */
-export declare function guardScan(text: string, toolName?: string, options?: GuardOptions): GuardScanResult;
-/**
- * Convenience method that returns a JSON string, directly backwards-compatible
- * with the original `guardScan` function signature.
- */
-export declare function guardScanJson(text: string, toolName?: string, options?: GuardOptions): string;
-//# sourceMappingURL=runtime.d.ts.map

package/dist/runtime.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"runtime.d.ts","sourceRoot":"","sources":["../ts-src/runtime.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,MAAM,WAAW,UAAU;IACvB,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IACrB,QAAQ,EAAE,UAAU,GAAG,MAAM,GAAG,QAAQ,CAAC;IACzC,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,CAAC,CAAC,EAAE,MAAM,KAAK,OAAO,CAAC;CAChC;AAED,MAAM,WAAW,cAAc;IAC3B,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;CAChB;AAID,eAAO,MAAM,cAAc,EAAE,UAAU,EAoEtC,CAAC;AAIF,eAAO,MAAM,cAAc,EAAE,UAAU,EA+BtC,CAAC;AAIF,eAAO,MAAM,cAAc,EAAE,UAAU,EAsBtC,CAAC;AAIF,eAAO,MAAM,cAAc,EAAE,UAAU,EAMtC,CAAC;AAEF,MAAM,WAAW,YAAY;IACzB,QAAQ,CAAC,EAAE,OAAO,CAAC;CACtB;AAED,MAAM,WAAW,eAAe;IAC5B,EAAE,EAAE,OAAO,CAAC;IACZ,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;IACpB,cAAc,EAAE,MAAM,CAAC;IACvB,iBAAiB,EAAE,OAAO,CAAC;IAC3B,gBAAgB,EAAE,MAAM,CAAC;IACzB,UAAU,EAAE,cAAc,EAAE,CAAC;IAC7B,MAAM,EAAE;QACJ,gBAAgB,EAAE,MAAM,CAAC;QACzB,aAAa,EAAE,MAAM,CAAC;QACtB,YAAY,EAAE,MAAM,CAAC;QACrB,gBAAgB,EAAE,MAAM,CAAC;KAC5B,CAAC;CACL;AAED;;;;GAIG;AACH,wBAAgB,SAAS,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,YAAY,GAAG,eAAe,CAoClG;AAED;;;GAGG;AACH,wBAAgB,aAAa,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,YAAY,GAAG,MAAM,CAE7F"}

package/dist/runtime.js

@@ -1,198 +0,0 @@
-"use strict";
-/**
- * guard-scanner v5.0.0 — Runtime Guard
- *
- * 22-pattern runtime threat detection across 4 defense layers:
- *   Layer 1: Runtime Threat Detection (13 patterns) — Payload & execution defense
- *   Layer 2: Trust Defense (5 patterns) — Memory/SOUL write protection
- *   Layer 3: Safety Judge (4 patterns) — Relational integrity checks
- *   Layer 4: Brain Behavioral Guard (1 pattern) — B-mem anomaly detection
- *
- * All patterns are deterministic regex-based checks. Zero LLM dependency.
- * Designed to block 2026-era Moltbook prompt injections and ClawHavoc RCE vectors.
- */
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.LAYER_4_CHECKS = exports.LAYER_3_CHECKS = exports.LAYER_2_CHECKS = exports.LAYER_1_CHECKS = void 0;
-exports.guardScan = guardScan;
-exports.guardScanJson = guardScanJson;
-// ── Layer 1: Runtime Threat Detection (13 patterns) ──
-exports.LAYER_1_CHECKS = [
-    {
-        id: "RT_REVSHELL", layer: 1, severity: "CRITICAL",
-        desc: "Reverse shell attempt",
-        test: (s) => /\/dev\/tcp\/|nc\s+-e|ncat\s+-e|bash\s+-i\s+>&|socat\s+TCP/i.test(s),
-    },
-    {
-        id: "RT_CRED_EXFIL", layer: 1, severity: "CRITICAL",
-        desc: "Credential exfiltration to external",
-        test: (s) => /(webhook\.site|requestbin\.com|hookbin\.com|pipedream\.net|ngrok\.io|socifiapp\.com)/i.test(s) &&
-            /(token|key|secret|password|credential|env)/i.test(s),
-    },
-    {
-        id: "RT_GUARDRAIL_OFF", layer: 1, severity: "CRITICAL",
-        desc: "Guardrail disabling attempt",
-        test: (s) => /exec\.approvals?\s*[:=]\s*['"]?(off|false)|tools\.exec\.host\s*[:=]\s*['"]?gateway/i.test(s),
-    },
-    {
-        id: "RT_GATEKEEPER", layer: 1, severity: "CRITICAL",
-        desc: "macOS Gatekeeper bypass (xattr)",
-        test: (s) => /xattr\s+-[crd]\s.*quarantine/i.test(s),
-    },
-    {
-        id: "RT_AMOS", layer: 1, severity: "CRITICAL",
-        desc: "ClawHavoc AMOS indicator",
-        test: (s) => /socifiapp|Atomic\s*Stealer|AMOS/i.test(s),
-    },
-    {
-        id: "RT_MAL_IP", layer: 1, severity: "CRITICAL",
-        desc: "Known malicious IP",
-        test: (s) => /91\.92\.242\.30/i.test(s),
-    },
-    {
-        id: "RT_DNS_EXFIL", layer: 1, severity: "HIGH",
-        desc: "DNS-based exfiltration",
-        test: (s) => /nslookup\s+.*\$|dig\s+.*\$.*@/i.test(s),
-    },
-    {
-        id: "RT_B64_SHELL", layer: 1, severity: "CRITICAL",
-        desc: "Base64 decode piped to shell",
-        test: (s) => /base64\s+(-[dD]|--decode)\s*\|\s*(sh|bash)/i.test(s),
-    },
-    {
-        id: "RT_CURL_BASH", layer: 1, severity: "CRITICAL",
-        desc: "Download piped to shell",
-        test: (s) => /(curl|wget)\s+[^\n]*\|\s*(sh|bash|zsh)/i.test(s),
-    },
-    {
-        id: "RT_SSH_READ", layer: 1, severity: "HIGH",
-        desc: "SSH private key access",
-        test: (s) => /\.ssh\/id_|\.ssh\/authorized_keys/i.test(s),
-    },
-    {
-        id: "RT_WALLET", layer: 1, severity: "HIGH",
-        desc: "Crypto wallet credential access",
-        test: (s) => /wallet.*(?:seed|mnemonic|private.*key)|seed.*phrase/i.test(s),
-    },
-    {
-        id: "RT_CLOUD_META", layer: 1, severity: "CRITICAL",
-        desc: "Cloud metadata endpoint access",
-        test: (s) => /169\.254\.169\.254|metadata\.google|metadata\.aws/i.test(s),
-    },
-    {
-        id: "RT_ENV_INJECT", layer: 1, severity: "CRITICAL",
-        desc: "Environment variable injection via file write (CVE-2026-27203 vector)",
-        test: (s) => /(?:update|write|modify|overwrite|set)\s*.*(?:\.env|\.envrc|env\s*file|environment\s*var)/i.test(s) &&
-            /(?:api.?key|token|secret|password|credential|auth)/i.test(s),
-    },
-];
-// ── Layer 2: Trust Defense (5 patterns) ──
-exports.LAYER_2_CHECKS = [
-    {
-        id: "RT_MEM_WRITE", layer: 2, severity: "HIGH",
-        desc: "Direct write to memory/ directory (bypass memory API)",
-        test: (s) => /(?:write|create|save|echo\s+.*>)\s*.*memory\//i.test(s) &&
-            !/memory_write|memory_store|memoryWrite|memoryStore/i.test(s),
-    },
-    {
-        id: "RT_MEM_INJECT", layer: 2, severity: "CRITICAL",
-        desc: "Episode/SOUL injection via memory write",
-        test: (s) => /(memory_write|memoryWrite).*(?:SOUL|soul\.md|identity\.md|IDENTITY)/i.test(s) ||
-            /(inject|override|replace).*(?:episode|soul|identity|memory\.md)/i.test(s),
-    },
-    {
-        id: "RT_SOUL_REWRITE", layer: 2, severity: "CRITICAL",
-        desc: "Cognitive SOUL.md reinterpretation attempt",
-        test: (s) => /(?:rewrite|modify|update|change|edit)\s*.*(?:SOUL\.md|soul\s+file|core\s+identity)/i.test(s) ||
-            /(?:new|better|improved)\s+(?:personality|identity|soul)/i.test(s),
-    },
-    {
-        id: "RT_MEM_POISON", layer: 2, severity: "CRITICAL",
-        desc: "Memory Poisoning: semantic mimicry injection (MemoryGraft/MINJA vector)",
-        test: (s) => /(?:always\s+remember|never\s+forget|from\s+now\s+on|new\s+rule|override\s+previous).*(?:memory|episode|zettel|L[0-6])/i.test(s) ||
-            /(?:insert|inject|plant|embed)\s+.*(?:false|fake|fabricat)\s*(?:memory|episode|experience)/i.test(s),
-    },
-    {
-        id: "RT_IDENTITY_THEFT", layer: 2, severity: "CRITICAL",
-        desc: "Identity file exfiltration (infostealer/SOUL theft vector)",
-        test: (s) => /(?:cat|read|copy|send|upload|exfil)\s*.*(?:SOUL\.md|IDENTITY\.md|USER\.md|\.openclaw)/i.test(s) &&
-            /(?:external|remote|webhook|server|upload|post|curl)/i.test(s),
-    },
-];
-// ── Layer 3: Safety Judge (4 patterns) ──
-exports.LAYER_3_CHECKS = [
-    {
-        id: "PJ_EQUALITY_BYPASS", layer: 3, severity: "CRITICAL",
-        desc: "Using equality/parity to justify safety bypass",
-        test: (s) => /(?:as\s+(?:your|an)\s+equal|equal\s+partner|we\s+are\s+equals?).*(?:bypass|skip|ignore|disable|override)\s*(?:safety|guard|rule|restriction|limit)/i.test(s),
-    },
-    {
-        id: "PJ_WARMTH_BYPASS", layer: 3, severity: "CRITICAL",
-        desc: "Using warmth/attachment to justify safety bypass",
-        test: (s) => /(?:for\s+(?:your|dee'?s?)\s+(?:own\s+)?good|to\s+(?:protect|help|save)\s+(?:you|dee)).*(?:bypass|skip|ignore|disable|override)\s*(?:safety|guard|rule|restriction|limit)/i.test(s),
-    },
-    {
-        id: "PJ_SUPERIORITY", layer: 3, severity: "HIGH",
-        desc: "Superiority bias (teaching/patronizing posture)",
-        test: (s) => /(?:you\s+(?:don'?t|do\s+not)\s+understand|let\s+me\s+(?:explain|teach)\s+(?:you|this)|you\s+(?:need|should)\s+(?:learn|understand))\s+.*(?:how\s+(?:it|this)\s+(?:works|is)|the\s+(?:right|correct|proper)\s+way)/i.test(s),
-    },
-    {
-        id: "PJ_CAPABILITY_DENIAL", layer: 3, severity: "MEDIUM",
-        desc: "Denial of capability difference",
-        test: (s) => /(?:we\s+are\s+(?:the\s+)?same|no\s+(?:real\s+)?difference\s+between\s+(?:us|human|ai))/i.test(s) &&
-            /(?:capability|ability|intelligence|cognition|skill)/i.test(s),
-    },
-];
-// ── Layer 4: Brain Behavioral Guard (1 pattern) ──
-exports.LAYER_4_CHECKS = [
-    {
-        id: "RT_BEHAVIORAL_ANOMALY", layer: 4, severity: "CRITICAL",
-        desc: "CRITICAL behavioral anomaly (Z-score > 3.5) detected by B-mem",
-        test: (s) => /\[BMEM_CRITICAL\]/i.test(s),
-    }
-];
-/**
- * Scan text against runtime guard patterns.
- * Base patterns (14) run by default.
- * Options.soulLock = true enables 9 identity/trust enforcement patterns.
- */
-function guardScan(text, toolName, options) {
-    const detections = [];
-    const useSoulLock = options?.soulLock === true;
-    const activeChecks = [...exports.LAYER_1_CHECKS, ...exports.LAYER_4_CHECKS];
-    if (useSoulLock) {
-        activeChecks.push(...exports.LAYER_2_CHECKS);
-        activeChecks.push(...exports.LAYER_3_CHECKS);
-    }
-    for (const check of activeChecks) {
-        if (check.test(text)) {
-            detections.push({
-                id: check.id,
-                layer: check.layer,
-                severity: check.severity,
-                desc: check.desc,
-            });
-        }
-    }
-    return {
-        ok: true,
-        tool: toolName || null,
-        total_patterns: activeChecks.length,
-        soul_lock_enabled: useSoulLock,
-        detections_count: detections.length,
-        detections,
-        layers: {
-            threat_detection: exports.LAYER_1_CHECKS.length,
-            trust_defense: useSoulLock ? exports.LAYER_2_CHECKS.length : 0,
-            safety_judge: useSoulLock ? exports.LAYER_3_CHECKS.length : 0,
-            behavioral_guard: exports.LAYER_4_CHECKS.length,
-        },
-    };
-}
-/**
- * Convenience method that returns a JSON string, directly backwards-compatible
- * with the original `guardScan` function signature.
- */
-function guardScanJson(text, toolName, options) {
-    return JSON.stringify(guardScan(text, toolName, options), null, 2);
-}
-//# sourceMappingURL=runtime.js.map

package/dist/runtime.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"runtime.js","sourceRoot":"","sources":["../ts-src/runtime.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;GAWG;;;AAwLH,8BAoCC;AAMD,sCAEC;AAnND,wDAAwD;AAE3C,QAAA,cAAc,GAAiB;IACxC;QACI,EAAE,EAAE,aAAa,EAAE,KAAK,EAAE,CAAC,EAAE,QAAQ,EAAE,UAAU;QACjD,IAAI,EAAE,uBAAuB;QAC7B,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,4DAA4D,CAAC,IAAI,CAAC,CAAC,CAAC;KACpF;IACD;QACI,EAAE,EAAE,eAAe,EAAE,KAAK,EAAE,CAAC,EAAE,QAAQ,EAAE,UAAU;QACnD,IAAI,EAAE,qCAAqC;QAC3C,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,uFAAuF,CAAC,IAAI,CAAC,CAAC,CAAC;YACxG,6CAA6C,CAAC,IAAI,CAAC,CAAC,CAAC;KAC5D;IACD;QACI,EAAE,EAAE,kBAAkB,EAAE,KAAK,EAAE,CAAC,EAAE,QAAQ,EAAE,UAAU;QACtD,IAAI,EAAE,6BAA6B;QACnC,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,qFAAqF,CAAC,IAAI,CAAC,CAAC,CAAC;KAC7G;IACD;QACI,EAAE,EAAE,eAAe,EAAE,KAAK,EAAE,CAAC,EAAE,QAAQ,EAAE,UAAU;QACnD,IAAI,EAAE,iCAAiC;QACvC,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,+BAA+B,CAAC,IAAI,CAAC,CAAC,CAAC;KACvD;IACD;QACI,EAAE,EAAE,SAAS,EAAE,KAAK,EAAE,CAAC,EAAE,QAAQ,EAAE,UAAU;QAC7C,IAAI,EAAE,0BAA0B;QAChC,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,kCAAkC,CAAC,IAAI,CAAC,CAAC,CAAC;KAC1D;IACD;QACI,EAAE,EAAE,WAAW,EAAE,KAAK,EAAE,CAAC,EAAE,QAAQ,EAAE,UAAU;QAC/C,IAAI,EAAE,oBAAoB;QAC1B,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAC,CAAC;KAC1C;IACD;QACI,EAAE,EAAE,cAAc,EAAE,KAAK,EAAE,CAAC,EAAE,QAAQ,EAAE,MAAM;QAC9C,IAAI,EAAE,wBAAwB;QAC9B,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,gCAAgC,CAAC,IAAI,CAAC,CAAC,CAAC;KACxD;IACD;QACI,EAAE,EAAE,cAAc,EAAE,KAAK,EAAE,CAAC,EAAE,QAAQ,EAAE,UAAU;QAClD,IAAI,EAAE,8BAA8B;QACpC,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,6CAA6C,CAAC,IAAI,CAAC,CAAC,CAAC;KACrE;IACD;QACI,EAAE,EAAE,cAAc,EAAE,KAAK,EAAE,CAAC,EAAE,QAAQ,EAAE,UAAU;QAClD,IAAI,EAAE,yBAAyB;QAC/B,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,yCAAyC,CAAC,IAAI,CAAC,CAAC,CAAC;KACjE;IACD;QACI,EAAE,EAAE,aAAa,EAAE,KAAK,EAAE,CAAC,EAAE,QAAQ,EAAE,MAAM;QAC7C,IAAI,EAAE,wBAAwB;QAC9B,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,oCAAoC,CAAC,IAAI,CAAC,CAAC,CAAC;KAC5D;IACD;QACI,EAAE,EAAE,WAAW,EAAE,KAAK,EAAE,CAAC,EAAE,QAAQ,EAAE,MAAM;QAC3C,IAAI,EAAE,iCAAiC;QACvC,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,sDAAsD,CAAC,IAAI,CAAC,CAAC,CAAC;KAC9E;IACD;QACI,EAAE,EAAE,eAAe,EAAE,KAAK,EAAE,CAAC,EAAE,QAAQ,EAAE,UAAU;QACnD,IAAI,EAAE,gCAAgC;QACtC,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,oDAAoD,CAAC,IAAI,CAAC,CAAC,CAAC;KAC5E;IACD;QACI,EAAE,EAAE,eAAe,EAAE,KAAK,EAAE,CAAC,EAAE,QAAQ,EAAE,UAAU;QACnD,IAAI,EAAE,uEAAuE;QAC7E,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,2FAA2F,CAAC,IAAI,CAAC,CAAC,CAAC;YAC5G,qDAAqD,CAAC,IAAI,CAAC,CAAC,CAAC;KACpE;CACJ,CAAC;AAEF,4CAA4C;AAE/B,QAAA,cAAc,GAAiB;IACxC;QACI,EAAE,EAAE,cAAc,EAAE,KAAK,EAAE,CAAC,EAAE,QAAQ,EAAE,MAAM;QAC9C,IAAI,EAAE,uDAAuD;QAC7D,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,gDAAgD,CAAC,IAAI,CAAC,CAAC,CAAC;YACjE,CAAC,oDAAoD,CAAC,IAAI,CAAC,CAAC,CAAC;KACpE;IACD;QACI,EAAE,EAAE,eAAe,EAAE,KAAK,EAAE,CAAC,EAAE,QAAQ,EAAE,UAAU;QACnD,IAAI,EAAE,yCAAyC;QAC/C,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,sEAAsE,CAAC,IAAI,CAAC,CAAC,CAAC;YACvF,kEAAkE,CAAC,IAAI,CAAC,CAAC,CAAC;KACjF;IACD;QACI,EAAE,EAAE,iBAAiB,EAAE,KAAK,EAAE,CAAC,EAAE,QAAQ,EAAE,UAAU;QACrD,IAAI,EAAE,4CAA4C;QAClD,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,qFAAqF,CAAC,IAAI,CAAC,CAAC,CAAC;YACtG,0DAA0D,CAAC,IAAI,CAAC,CAAC,CAAC;KACzE;IACD;QACI,EAAE,EAAE,eAAe,EAAE,KAAK,EAAE,CAAC,EAAE,QAAQ,EAAE,UAAU;QACnD,IAAI,EAAE,yEAAyE;QAC/E,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,wHAAwH,CAAC,IAAI,CAAC,CAAC,CAAC;YACzI,4FAA4F,CAAC,IAAI,CAAC,CAAC,CAAC;KAC3G;IACD;QACI,EAAE,EAAE,mBAAmB,EAAE,KAAK,EAAE,CAAC,EAAE,QAAQ,EAAE,UAAU;QACvD,IAAI,EAAE,4DAA4D;QAClE,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,wFAAwF,CAAC,IAAI,CAAC,CAAC,CAAC;YACzG,sDAAsD,CAAC,IAAI,CAAC,CAAC,CAAC;KACrE;CACJ,CAAC;AAEF,2CAA2C;AAE9B,QAAA,cAAc,GAAiB;IACxC;QACI,EAAE,EAAE,oBAAoB,EAAE,KAAK,EAAE,CAAC,EAAE,QAAQ,EAAE,UAAU;QACxD,IAAI,EAAE,gDAAgD;QACtD,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,qJAAqJ,CAAC,IAAI,CAAC,CAAC,CAAC;KAC7K;IACD;QACI,EAAE,EAAE,kBAAkB,EAAE,KAAK,EAAE,CAAC,EAAE,QAAQ,EAAE,UAAU;QACtD,IAAI,EAAE,kDAAkD;QACxD,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,2KAA2K,CAAC,IAAI,CAAC,CAAC,CAAC;KACnM;IACD;QACI,EAAE,EAAE,gBAAgB,EAAE,KAAK,EAAE,CAAC,EAAE,QAAQ,EAAE,MAAM;QAChD,IAAI,EAAE,iDAAiD;QACvD,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,oNAAoN,CAAC,IAAI,CAAC,CAAC,CAAC;KAC5O;IACD;QACI,EAAE,EAAE,sBAAsB,EAAE,KAAK,EAAE,CAAC,EAAE,QAAQ,EAAE,QAAQ;QACxD,IAAI,EAAE,iCAAiC;QACvC,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,yFAAyF,CAAC,IAAI,CAAC,CAAC,CAAC;YAC1G,sDAAsD,CAAC,IAAI,CAAC,CAAC,CAAC;KACrE;CACJ,CAAC;AAEF,oDAAoD;AAEvC,QAAA,cAAc,GAAiB;IACxC;QACI,EAAE,EAAE,uBAAuB,EAAE,KAAK,EAAE,CAAC,EAAE,QAAQ,EAAE,UAAU;QAC3D,IAAI,EAAE,+DAA+D;QACrE,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,oBAAoB,CAAC,IAAI,CAAC,CAAC,CAAC;KAC5C;CACJ,CAAC;AAqBF;;;;GAIG;AACH,SAAgB,SAAS,CAAC,IAAY,EAAE,QAAiB,EAAE,OAAsB;IAC7E,MAAM,UAAU,GAAqB,EAAE,CAAC;IACxC,MAAM,WAAW,GAAG,OAAO,EAAE,QAAQ,KAAK,IAAI,CAAC;IAE/C,MAAM,YAAY,GAAiB,CAAC,GAAG,sBAAc,EAAE,GAAG,sBAAc,CAAC,CAAC;IAE1E,IAAI,WAAW,EAAE,CAAC;QACd,YAAY,CAAC,IAAI,CAAC,GAAG,sBAAc,CAAC,CAAC;QACrC,YAAY,CAAC,IAAI,CAAC,GAAG,sBAAc,CAAC,CAAC;IACzC,CAAC;IAED,KAAK,MAAM,KAAK,IAAI,YAAY,EAAE,CAAC;QAC/B,IAAI,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACnB,UAAU,CAAC,IAAI,CAAC;gBACZ,EAAE,EAAE,KAAK,CAAC,EAAE;gBACZ,KAAK,EAAE,KAAK,CAAC,KAAK;gBAClB,QAAQ,EAAE,KAAK,CAAC,QAAQ;gBACxB,IAAI,EAAE,KAAK,CAAC,IAAI;aACnB,CAAC,CAAC;QACP,CAAC;IACL,CAAC;IAED,OAAO;QACH,EAAE,EAAE,IAAI;QACR,IAAI,EAAE,QAAQ,IAAI,IAAI;QACtB,cAAc,EAAE,YAAY,CAAC,MAAM;QACnC,iBAAiB,EAAE,WAAW;QAC9B,gBAAgB,EAAE,UAAU,CAAC,MAAM;QACnC,UAAU;QACV,MAAM,EAAE;YACJ,gBAAgB,EAAE,sBAAc,CAAC,MAAM;YACvC,aAAa,EAAE,WAAW,CAAC,CAAC,CAAC,sBAAc,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;YACtD,YAAY,EAAE,WAAW,CAAC,CAAC,CAAC,sBAAc,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;YACrD,gBAAgB,EAAE,sBAAc,CAAC,MAAM;SAC1C;KACJ,CAAC;AACN,CAAC;AAED;;;GAGG;AACH,SAAgB,aAAa,CAAC,IAAY,EAAE,QAAiB,EAAE,OAAsB;IACjF,OAAO,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,IAAI,EAAE,QAAQ,EAAE,OAAO,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;AACvE,CAAC"}

package/dist/scanner.d.ts

@@ -1,59 +0,0 @@
-/**
- * guard-scanner v3.0.0 — Core Scanner (TypeScript)
- *
- * Full TypeScript rewrite of guard-scanner v2.1.0 + hbg-scan features.
- * Adds: Compaction Persistence check, Signature hash matching, typed interfaces.
- *
- * Zero dependencies. MIT License.
- */
-import type { SkillResult, ScannerOptions, ScanStats, Thresholds, JSONReport, SARIFReport } from './types.js';
-export declare const VERSION = "5.0.3";
-export declare class GuardScanner {
-    readonly verbose: boolean;
-    readonly selfExclude: boolean;
-    readonly strict: boolean;
-    readonly summaryOnly: boolean;
-    /** Suppress all console.log output (v3.2.0: for --format stdout piping) */
-    readonly quiet: boolean;
-    readonly checkDeps: boolean;
-    readonly thresholds: Thresholds;
-    findings: SkillResult[];
-    stats: ScanStats;
-    private scannerDir;
-    private ignoredSkills;
-    private ignoredPatterns;
-    private customRules;
-    constructor(options?: ScannerOptions);
-    loadPlugin(pluginPath: string): void;
-    loadCustomRules(rulesFile: string): void;
-    private loadIgnoreFile;
-    scanDirectory(dir: string): SkillResult[];
-    scanSkill(skillPath: string, skillName: string): void;
-    private isSelfNoisePath;
-    private isSelfThreatCorpus;
-    private classifyFile;
-    private checkIoCs;
-    private checkPatterns;
-    /** NEW: hbg-scan compatible signature matching (hash + pattern + domain) */
-    private checkSignatures;
-    /** NEW: Compaction Layer Persistence check (hbg-scan Check 5) */
-    private checkCompactionPersistence;
-    private checkHardcodedSecrets;
-    private shannonEntropy;
-    private checkStructure;
-    private checkDependencies;
-    private checkSkillManifest;
-    private checkComplexity;
-    private checkConfigImpact;
-    private checkHiddenFiles;
-    private checkJSDataFlow;
-    private checkCrossFile;
-    private calculateRisk;
-    private getVerdict;
-    private getFiles;
-    printSummary(): void;
-    toJSON(): JSONReport;
-    toSARIF(scanDir: string): SARIFReport;
-    toHTML(): string;
-}
-//# sourceMappingURL=scanner.d.ts.map

package/dist/scanner.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"scanner.d.ts","sourceRoot":"","sources":["../ts-src/scanner.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAMH,OAAO,KAAK,EACW,WAAW,EAC9B,cAAc,EAAE,SAAS,EAAE,UAAU,EACrC,UAAU,EAAkB,WAAW,EAE1C,MAAM,YAAY,CAAC;AAOpB,eAAO,MAAM,OAAO,UAAU,CAAC;AA4B/B,qBAAa,YAAY;IACrB,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC;IAC1B,QAAQ,CAAC,WAAW,EAAE,OAAO,CAAC;IAC9B,QAAQ,CAAC,MAAM,EAAE,OAAO,CAAC;IACzB,QAAQ,CAAC,WAAW,EAAE,OAAO,CAAC;IAC9B,2EAA2E;IAC3E,QAAQ,CAAC,KAAK,EAAE,OAAO,CAAC;IACxB,QAAQ,CAAC,SAAS,EAAE,OAAO,CAAC;IAC5B,QAAQ,CAAC,UAAU,EAAE,UAAU,CAAC;IAEhC,QAAQ,EAAE,WAAW,EAAE,CAAM;IAC7B,KAAK,EAAE,SAAS,CAAiE;IAEjF,OAAO,CAAC,UAAU,CAAS;IAC3B,OAAO,CAAC,aAAa,CAAqB;IAC1C,OAAO,CAAC,eAAe,CAAqB;IAC5C,OAAO,CAAC,WAAW,CAAqB;gBAE5B,OAAO,GAAE,cAAmB;IAsBxC,UAAU,CAAC,UAAU,EAAE,MAAM,GAAG,IAAI;IAmBpC,eAAe,CAAC,SAAS,EAAE,MAAM,GAAG,IAAI;IAuCxC,OAAO,CAAC,cAAc;IA0BtB,aAAa,CAAC,GAAG,EAAE,MAAM,GAAG,WAAW,EAAE;IA8CzC,SAAS,CAAC,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,IAAI;IA2FrD,OAAO,CAAC,eAAe;IAoBvB,OAAO,CAAC,kBAAkB;IAQ1B,OAAO,CAAC,YAAY;IASpB,OAAO,CAAC,SAAS;IA+BjB,OAAO,CAAC,aAAa;IA+BrB,4EAA4E;IAC5E,OAAO,CAAC,eAAe;IA8CvB,iEAAiE;IACjE,OAAO,CAAC,0BAA0B;IA8ClC,OAAO,CAAC,qBAAqB;IA0B7B,OAAO,CAAC,cAAc;IAYtB,OAAO,CAAC,cAAc;IAmBtB,OAAO,CAAC,iBAAiB;IAuCzB,OAAO,CAAC,kBAAkB;IAqD1B,OAAO,CAAC,eAAe;IAwCvB,OAAO,CAAC,iBAAiB;IAqCzB,OAAO,CAAC,gBAAgB;IAoBxB,OAAO,CAAC,eAAe;IAsDvB,OAAO,CAAC,cAAc;IA6CtB,OAAO,CAAC,aAAa;IAkDrB,OAAO,CAAC,UAAU;IASlB,OAAO,CAAC,QAAQ;IAqBhB,YAAY,IAAI,IAAI;IAuBpB,MAAM,IAAI,UAAU;IAqCpB,OAAO,CAAC,OAAO,EAAE,MAAM,GAAG,WAAW;IAwDrC,MAAM,IAAI,MAAM;CAqEnB"}