hackmyagent-core 0.1.0

package/dist/checker/check-skill.d.ts

@@ -0,0 +1,48 @@
+/**
+ * Skill checker
+ * Main entry point for checking a skill's safety
+ */
+import { type VerifyOptions } from './publisher-verifier';
+export type RiskLevel = 'low' | 'medium' | 'high' | 'critical';
+export interface PublisherInfo {
+    name: string;
+    verified: boolean;
+    verificationMethod?: 'dns' | 'github' | 'none';
+    domain?: string;
+    verifiedAt?: Date;
+    failureReason?: string;
+}
+export interface PermissionInfo {
+    requested: string[];
+    safe: string[];
+    dangerous: string[];
+    reviewNeeded: string[];
+    riskScore: number;
+}
+export interface RevocationInfo {
+    revoked: boolean;
+    reason?: string;
+    revokedAt?: Date;
+    checkedAt: Date;
+}
+export interface CheckResult {
+    skillId: string;
+    publisher: PublisherInfo;
+    permissions: PermissionInfo;
+    revocation: RevocationInfo;
+    risk: RiskLevel;
+}
+export interface CheckOptions {
+    manifest?: {
+        permissions?: string[];
+    };
+    /** Skip real DNS verification (for testing) */
+    mockVerified?: boolean;
+    mockRevoked?: boolean;
+    /** Skip DNS lookup entirely (offline mode) */
+    skipDnsVerification?: boolean;
+    /** Options passed to verifyPublisher */
+    verifyOptions?: VerifyOptions;
+}
+export declare function checkSkill(skillId: string, options?: CheckOptions): Promise<CheckResult>;
+//# sourceMappingURL=check-skill.d.ts.map

package/dist/checker/check-skill.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"check-skill.d.ts","sourceRoot":"","sources":["../../src/checker/check-skill.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAIH,OAAO,EAAmB,KAAK,aAAa,EAAE,MAAM,sBAAsB,CAAC;AAE3E,MAAM,MAAM,SAAS,GAAG,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;AAE/D,MAAM,WAAW,aAAa;IAC5B,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,OAAO,CAAC;IAClB,kBAAkB,CAAC,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,CAAC;IAC/C,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,UAAU,CAAC,EAAE,IAAI,CAAC;IAClB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAED,MAAM,WAAW,cAAc;IAC7B,SAAS,EAAE,MAAM,EAAE,CAAC;IACpB,IAAI,EAAE,MAAM,EAAE,CAAC;IACf,SAAS,EAAE,MAAM,EAAE,CAAC;IACpB,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,cAAc;IAC7B,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,IAAI,CAAC;IACjB,SAAS,EAAE,IAAI,CAAC;CACjB;AAED,MAAM,WAAW,WAAW;IAC1B,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,aAAa,CAAC;IACzB,WAAW,EAAE,cAAc,CAAC;IAC5B,UAAU,EAAE,cAAc,CAAC;IAC3B,IAAI,EAAE,SAAS,CAAC;CACjB;AAED,MAAM,WAAW,YAAY;IAC3B,QAAQ,CAAC,EAAE;QACT,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;KACxB,CAAC;IACF,+CAA+C;IAC/C,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,8CAA8C;IAC9C,mBAAmB,CAAC,EAAE,OAAO,CAAC;IAC9B,wCAAwC;IACxC,aAAa,CAAC,EAAE,aAAa,CAAC;CAC/B;AAED,wBAAsB,UAAU,CAC9B,OAAO,EAAE,MAAM,EACf,OAAO,CAAC,EAAE,YAAY,GACrB,OAAO,CAAC,WAAW,CAAC,CAgCtB"}

package/dist/checker/check-skill.js

@@ -0,0 +1,105 @@
+"use strict";
+/**
+ * Skill checker
+ * Main entry point for checking a skill's safety
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.checkSkill = checkSkill;
+const skill_identifier_1 = require("./skill-identifier");
+const permission_analyzer_1 = require("./permission-analyzer");
+const publisher_verifier_1 = require("./publisher-verifier");
+async function checkSkill(skillId, options) {
+    // Parse skill identifier
+    const parsed = (0, skill_identifier_1.parseSkillIdentifier)(skillId);
+    // Get publisher info
+    const publisher = await getPublisherInfo(parsed.publisher, options);
+    // Get permissions from manifest
+    const requestedPermissions = options?.manifest?.permissions ?? [];
+    const permissionAnalysis = (0, permission_analyzer_1.analyzePermissions)(requestedPermissions);
+    const permissions = {
+        requested: requestedPermissions,
+        safe: permissionAnalysis.safe,
+        dangerous: permissionAnalysis.dangerous,
+        reviewNeeded: permissionAnalysis.reviewNeeded,
+        riskScore: permissionAnalysis.riskScore,
+    };
+    // Check revocation status
+    const revocation = await checkRevocation(skillId, options);
+    // Calculate overall risk
+    const risk = calculateRisk(publisher, permissions, revocation);
+    return {
+        skillId,
+        publisher,
+        permissions,
+        revocation,
+        risk,
+    };
+}
+async function getPublisherInfo(publisherName, options) {
+    const name = publisherName ?? 'unknown';
+    // Handle mock verification for testing (backwards compatible)
+    if (options?.mockVerified !== undefined) {
+        return {
+            name,
+            verified: options.mockVerified,
+            verificationMethod: options.mockVerified ? 'dns' : 'none',
+        };
+    }
+    // Skip DNS verification if requested (offline mode)
+    if (options?.skipDnsVerification) {
+        return {
+            name,
+            verified: false,
+            verificationMethod: 'none',
+            failureReason: 'DNS verification skipped (offline mode)',
+        };
+    }
+    // Perform real DNS verification
+    const verification = await (0, publisher_verifier_1.verifyPublisher)(name, options?.verifyOptions);
+    return {
+        name,
+        verified: verification.verified,
+        verificationMethod: verification.method,
+        domain: verification.domain,
+        verifiedAt: verification.verifiedAt,
+        failureReason: verification.failureReason,
+    };
+}
+async function checkRevocation(skillId, options) {
+    const checkedAt = new Date();
+    // Handle mock revocation for testing
+    if (options?.mockRevoked) {
+        return {
+            revoked: true,
+            reason: 'Skill has been revoked for security reasons',
+            revokedAt: new Date(),
+            checkedAt,
+        };
+    }
+    // Known revoked skills (in production, this would query a revocation list)
+    const revokedSkills = new Set(['@malicious/bad-skill']);
+    const revoked = revokedSkills.has(skillId);
+    return {
+        revoked,
+        reason: revoked ? 'Skill has been revoked for security reasons' : undefined,
+        revokedAt: revoked ? new Date() : undefined,
+        checkedAt,
+    };
+}
+function calculateRisk(publisher, permissions, revocation) {
+    // Critical: skill is revoked
+    if (revocation.revoked) {
+        return 'critical';
+    }
+    // High: dangerous permissions
+    if (permissions.dangerous.length > 0) {
+        return 'high';
+    }
+    // Medium: unverified publisher or permissions needing review
+    if (!publisher.verified || permissions.reviewNeeded.length > 0) {
+        return 'medium';
+    }
+    // Low: verified publisher with safe permissions
+    return 'low';
+}
+//# sourceMappingURL=check-skill.js.map

package/dist/checker/check-skill.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"check-skill.js","sourceRoot":"","sources":["../../src/checker/check-skill.ts"],"names":[],"mappings":";AAAA;;;GAGG;;AAqDH,gCAmCC;AAtFD,yDAA0D;AAC1D,+DAA2D;AAC3D,6DAA2E;AAiDpE,KAAK,UAAU,UAAU,CAC9B,OAAe,EACf,OAAsB;IAEtB,yBAAyB;IACzB,MAAM,MAAM,GAAG,IAAA,uCAAoB,EAAC,OAAO,CAAC,CAAC;IAE7C,qBAAqB;IACrB,MAAM,SAAS,GAAG,MAAM,gBAAgB,CAAC,MAAM,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;IAEpE,gCAAgC;IAChC,MAAM,oBAAoB,GAAG,OAAO,EAAE,QAAQ,EAAE,WAAW,IAAI,EAAE,CAAC;IAClE,MAAM,kBAAkB,GAAG,IAAA,wCAAkB,EAAC,oBAAoB,CAAC,CAAC;IAEpE,MAAM,WAAW,GAAmB;QAClC,SAAS,EAAE,oBAAoB;QAC/B,IAAI,EAAE,kBAAkB,CAAC,IAAI;QAC7B,SAAS,EAAE,kBAAkB,CAAC,SAAS;QACvC,YAAY,EAAE,kBAAkB,CAAC,YAAY;QAC7C,SAAS,EAAE,kBAAkB,CAAC,SAAS;KACxC,CAAC;IAEF,0BAA0B;IAC1B,MAAM,UAAU,GAAG,MAAM,eAAe,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IAE3D,yBAAyB;IACzB,MAAM,IAAI,GAAG,aAAa,CAAC,SAAS,EAAE,WAAW,EAAE,UAAU,CAAC,CAAC;IAE/D,OAAO;QACL,OAAO;QACP,SAAS;QACT,WAAW;QACX,UAAU;QACV,IAAI;KACL,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,gBAAgB,CAC7B,aAAiC,EACjC,OAAsB;IAEtB,MAAM,IAAI,GAAG,aAAa,IAAI,SAAS,CAAC;IAExC,8DAA8D;IAC9D,IAAI,OAAO,EAAE,YAAY,KAAK,SAAS,EAAE,CAAC;QACxC,OAAO;YACL,IAAI;YACJ,QAAQ,EAAE,OAAO,CAAC,YAAY;YAC9B,kBAAkB,EAAE,OAAO,CAAC,YAAY,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM;SAC1D,CAAC;IACJ,CAAC;IAED,oDAAoD;IACpD,IAAI,OAAO,EAAE,mBAAmB,EAAE,CAAC;QACjC,OAAO;YACL,IAAI;YACJ,QAAQ,EAAE,KAAK;YACf,kBAAkB,EAAE,MAAM;YAC1B,aAAa,EAAE,yCAAyC;SACzD,CAAC;IACJ,CAAC;IAED,gCAAgC;IAChC,MAAM,YAAY,GAAG,MAAM,IAAA,oCAAe,EAAC,IAAI,EAAE,OAAO,EAAE,aAAa,CAAC,CAAC;IAEzE,OAAO;QACL,IAAI;QACJ,QAAQ,EAAE,YAAY,CAAC,QAAQ;QAC/B,kBAAkB,EAAE,YAAY,CAAC,MAAM;QACvC,MAAM,EAAE,YAAY,CAAC,MAAM;QAC3B,UAAU,EAAE,YAAY,CAAC,UAAU;QACnC,aAAa,EAAE,YAAY,CAAC,aAAa;KAC1C,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,eAAe,CAC5B,OAAe,EACf,OAAsB;IAEtB,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAE7B,qCAAqC;IACrC,IAAI,OAAO,EAAE,WAAW,EAAE,CAAC;QACzB,OAAO;YACL,OAAO,EAAE,IAAI;YACb,MAAM,EAAE,6CAA6C;YACrD,SAAS,EAAE,IAAI,IAAI,EAAE;YACrB,SAAS;SACV,CAAC;IACJ,CAAC;IAED,2EAA2E;IAC3E,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,CAAC,sBAAsB,CAAC,CAAC,CAAC;IAExD,MAAM,OAAO,GAAG,aAAa,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IAE3C,OAAO;QACL,OAAO;QACP,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC,6CAA6C,CAAC,CAAC,CAAC,SAAS;QAC3E,SAAS,EAAE,OAAO,CAAC,CAAC,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC,CAAC,SAAS;QAC3C,SAAS;KACV,CAAC;AACJ,CAAC;AAED,SAAS,aAAa,CACpB,SAAwB,EACxB,WAA2B,EAC3B,UAA0B;IAE1B,6BAA6B;IAC7B,IAAI,UAAU,CAAC,OAAO,EAAE,CAAC;QACvB,OAAO,UAAU,CAAC;IACpB,CAAC;IAED,8BAA8B;IAC9B,IAAI,WAAW,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACrC,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,6DAA6D;IAC7D,IAAI,CAAC,SAAS,CAAC,QAAQ,IAAI,WAAW,CAAC,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC/D,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,gDAAgD;IAChD,OAAO,KAAK,CAAC;AACf,CAAC"}

package/dist/checker/check-skill.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=check-skill.test.d.ts.map

package/dist/checker/check-skill.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"check-skill.test.d.ts","sourceRoot":"","sources":["../../src/checker/check-skill.test.ts"],"names":[],"mappings":""}

package/dist/checker/check-skill.test.js

@@ -0,0 +1,83 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const vitest_1 = require("vitest");
+const check_skill_1 = require("./check-skill");
+(0, vitest_1.describe)('checkSkill', () => {
+    (0, vitest_1.it)('returns a check result with publisher, permissions, and revocation status', async () => {
+        const result = await (0, check_skill_1.checkSkill)('@opena2a/security');
+        (0, vitest_1.expect)(result).toMatchObject({
+            skillId: '@opena2a/security',
+            publisher: vitest_1.expect.any(Object),
+            permissions: vitest_1.expect.any(Object),
+            revocation: vitest_1.expect.any(Object),
+            risk: vitest_1.expect.any(String),
+        });
+    });
+    (0, vitest_1.it)('identifies unverified publisher as higher risk', async () => {
+        // Unknown publisher with no verification
+        const result = await (0, check_skill_1.checkSkill)('@unknown-dev/sketchy-tool');
+        (0, vitest_1.expect)(result.publisher.verified).toBe(false);
+        (0, vitest_1.expect)(['medium', 'high', 'critical']).toContain(result.risk);
+    });
+    (0, vitest_1.it)('flags dangerous permissions', async () => {
+        // Skill requesting shell access should be flagged
+        const result = await (0, check_skill_1.checkSkill)('@test/shell-skill', {
+            manifest: {
+                permissions: ['shell:execute', 'filesystem:*'],
+            },
+        });
+        (0, vitest_1.expect)(result.permissions.dangerous).toContain('shell:execute');
+        (0, vitest_1.expect)(result.permissions.dangerous).toContain('filesystem:*');
+        (0, vitest_1.expect)(result.risk).toBe('high');
+    });
+    (0, vitest_1.it)('checks revocation status', async () => {
+        const result = await (0, check_skill_1.checkSkill)('@opena2a/security');
+        (0, vitest_1.expect)(result.revocation).toMatchObject({
+            revoked: vitest_1.expect.any(Boolean),
+            checkedAt: vitest_1.expect.any(Date),
+        });
+    });
+    (0, vitest_1.it)('returns critical risk for revoked skills', async () => {
+        const result = await (0, check_skill_1.checkSkill)('@malicious/bad-skill', {
+            mockRevoked: true,
+        });
+        (0, vitest_1.expect)(result.revocation.revoked).toBe(true);
+        (0, vitest_1.expect)(result.risk).toBe('critical');
+    });
+});
+(0, vitest_1.describe)('RiskLevel calculation', () => {
+    (0, vitest_1.it)('is low when publisher verified and permissions minimal', async () => {
+        const result = await (0, check_skill_1.checkSkill)('@verified/safe-skill', {
+            mockVerified: true,
+            manifest: {
+                permissions: ['messages:read'],
+            },
+        });
+        (0, vitest_1.expect)(result.risk).toBe('low');
+    });
+    (0, vitest_1.it)('is medium when publisher unverified but permissions safe', async () => {
+        const result = await (0, check_skill_1.checkSkill)('@unverified/safe-skill', {
+            mockVerified: false,
+            manifest: {
+                permissions: ['messages:read'],
+            },
+        });
+        (0, vitest_1.expect)(result.risk).toBe('medium');
+    });
+    (0, vitest_1.it)('is high when dangerous permissions requested', async () => {
+        const result = await (0, check_skill_1.checkSkill)('@verified/risky-skill', {
+            mockVerified: true,
+            manifest: {
+                permissions: ['shell:execute'],
+            },
+        });
+        (0, vitest_1.expect)(result.risk).toBe('high');
+    });
+    (0, vitest_1.it)('is critical when skill is revoked', async () => {
+        const result = await (0, check_skill_1.checkSkill)('@any/revoked-skill', {
+            mockRevoked: true,
+        });
+        (0, vitest_1.expect)(result.risk).toBe('critical');
+    });
+});
+//# sourceMappingURL=check-skill.test.js.map

package/dist/checker/check-skill.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"check-skill.test.js","sourceRoot":"","sources":["../../src/checker/check-skill.test.ts"],"names":[],"mappings":";;AAAA,mCAA8C;AAC9C,+CAAmE;AAEnE,IAAA,iBAAQ,EAAC,YAAY,EAAE,GAAG,EAAE;IAC1B,IAAA,WAAE,EAAC,2EAA2E,EAAE,KAAK,IAAI,EAAE;QACzF,MAAM,MAAM,GAAG,MAAM,IAAA,wBAAU,EAAC,mBAAmB,CAAC,CAAC;QAErD,IAAA,eAAM,EAAC,MAAM,CAAC,CAAC,aAAa,CAAC;YAC3B,OAAO,EAAE,mBAAmB;YAC5B,SAAS,EAAE,eAAM,CAAC,GAAG,CAAC,MAAM,CAAC;YAC7B,WAAW,EAAE,eAAM,CAAC,GAAG,CAAC,MAAM,CAAC;YAC/B,UAAU,EAAE,eAAM,CAAC,GAAG,CAAC,MAAM,CAAC;YAC9B,IAAI,EAAE,eAAM,CAAC,GAAG,CAAC,MAAM,CAAC;SACzB,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,gDAAgD,EAAE,KAAK,IAAI,EAAE;QAC9D,yCAAyC;QACzC,MAAM,MAAM,GAAG,MAAM,IAAA,wBAAU,EAAC,2BAA2B,CAAC,CAAC;QAE7D,IAAA,eAAM,EAAC,MAAM,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC9C,IAAA,eAAM,EAAC,CAAC,QAAQ,EAAE,MAAM,EAAE,UAAU,CAAC,CAAC,CAAC,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IAChE,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,6BAA6B,EAAE,KAAK,IAAI,EAAE;QAC3C,kDAAkD;QAClD,MAAM,MAAM,GAAG,MAAM,IAAA,wBAAU,EAAC,mBAAmB,EAAE;YACnD,QAAQ,EAAE;gBACR,WAAW,EAAE,CAAC,eAAe,EAAE,cAAc,CAAC;aAC/C;SACF,CAAC,CAAC;QAEH,IAAA,eAAM,EAAC,MAAM,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,CAAC;QAChE,IAAA,eAAM,EAAC,MAAM,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,CAAC;QAC/D,IAAA,eAAM,EAAC,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IACnC,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,0BAA0B,EAAE,KAAK,IAAI,EAAE;QACxC,MAAM,MAAM,GAAG,MAAM,IAAA,wBAAU,EAAC,mBAAmB,CAAC,CAAC;QAErD,IAAA,eAAM,EAAC,MAAM,CAAC,UAAU,CAAC,CAAC,aAAa,CAAC;YACtC,OAAO,EAAE,eAAM,CAAC,GAAG,CAAC,OAAO,CAAC;YAC5B,SAAS,EAAE,eAAM,CAAC,GAAG,CAAC,IAAI,CAAC;SAC5B,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,0CAA0C,EAAE,KAAK,IAAI,EAAE;QACxD,MAAM,MAAM,GAAG,MAAM,IAAA,wBAAU,EAAC,sBAAsB,EAAE;YACtD,WAAW,EAAE,IAAI;SAClB,CAAC,CAAC;QAEH,IAAA,eAAM,EAAC,MAAM,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC7C,IAAA,eAAM,EAAC,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IACvC,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,IAAA,iBAAQ,EAAC,uBAAuB,EAAE,GAAG,EAAE;IACrC,IAAA,WAAE,EAAC,wDAAwD,EAAE,KAAK,IAAI,EAAE;QACtE,MAAM,MAAM,GAAG,MAAM,IAAA,wBAAU,EAAC,sBAAsB,EAAE;YACtD,YAAY,EAAE,IAAI;YAClB,QAAQ,EAAE;gBACR,WAAW,EAAE,CAAC,eAAe,CAAC;aAC/B;SACF,CAAC,CAAC;QAEH,IAAA,eAAM,EAAC,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAClC,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,0DAA0D,EAAE,KAAK,IAAI,EAAE;QACxE,MAAM,MAAM,GAAG,MAAM,IAAA,wBAAU,EAAC,wBAAwB,EAAE;YACxD,YAAY,EAAE,KAAK;YACnB,QAAQ,EAAE;gBACR,WAAW,EAAE,CAAC,eAAe,CAAC;aAC/B;SACF,CAAC,CAAC;QAEH,IAAA,eAAM,EAAC,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IACrC,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,8CAA8C,EAAE,KAAK,IAAI,EAAE;QAC5D,MAAM,MAAM,GAAG,MAAM,IAAA,wBAAU,EAAC,uBAAuB,EAAE;YACvD,YAAY,EAAE,IAAI;YAClB,QAAQ,EAAE;gBACR,WAAW,EAAE,CAAC,eAAe,CAAC;aAC/B;SACF,CAAC,CAAC;QAEH,IAAA,eAAM,EAAC,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IACnC,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,mCAAmC,EAAE,KAAK,IAAI,EAAE;QACjD,MAAM,MAAM,GAAG,MAAM,IAAA,wBAAU,EAAC,oBAAoB,EAAE;YACpD,WAAW,EAAE,IAAI;SAClB,CAAC,CAAC;QAEH,IAAA,eAAM,EAAC,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IACvC,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/checker/index.d.ts

@@ -0,0 +1,12 @@
+/**
+ * Skill checker module
+ */
+export { parseSkillIdentifier } from './skill-identifier';
+export type { SkillIdentifier } from './skill-identifier';
+export { analyzePermissions } from './permission-analyzer';
+export type { PermissionAnalysis } from './permission-analyzer';
+export { verifyPublisher, lookupDnsTxt } from './publisher-verifier';
+export type { PublisherVerification, VerificationMethod, VerifyOptions, } from './publisher-verifier';
+export { checkSkill } from './check-skill';
+export type { CheckResult, CheckOptions, PublisherInfo, PermissionInfo, RevocationInfo, RiskLevel, } from './check-skill';
+//# sourceMappingURL=index.d.ts.map

package/dist/checker/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/checker/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,oBAAoB,EAAE,MAAM,oBAAoB,CAAC;AAC1D,YAAY,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AAE1D,OAAO,EAAE,kBAAkB,EAAE,MAAM,uBAAuB,CAAC;AAC3D,YAAY,EAAE,kBAAkB,EAAE,MAAM,uBAAuB,CAAC;AAEhE,OAAO,EAAE,eAAe,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AACrE,YAAY,EACV,qBAAqB,EACrB,kBAAkB,EAClB,aAAa,GACd,MAAM,sBAAsB,CAAC;AAE9B,OAAO,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAC3C,YAAY,EACV,WAAW,EACX,YAAY,EACZ,aAAa,EACb,cAAc,EACd,cAAc,EACd,SAAS,GACV,MAAM,eAAe,CAAC"}

package/dist/checker/index.js

@@ -0,0 +1,16 @@
+"use strict";
+/**
+ * Skill checker module
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.checkSkill = exports.lookupDnsTxt = exports.verifyPublisher = exports.analyzePermissions = exports.parseSkillIdentifier = void 0;
+var skill_identifier_1 = require("./skill-identifier");
+Object.defineProperty(exports, "parseSkillIdentifier", { enumerable: true, get: function () { return skill_identifier_1.parseSkillIdentifier; } });
+var permission_analyzer_1 = require("./permission-analyzer");
+Object.defineProperty(exports, "analyzePermissions", { enumerable: true, get: function () { return permission_analyzer_1.analyzePermissions; } });
+var publisher_verifier_1 = require("./publisher-verifier");
+Object.defineProperty(exports, "verifyPublisher", { enumerable: true, get: function () { return publisher_verifier_1.verifyPublisher; } });
+Object.defineProperty(exports, "lookupDnsTxt", { enumerable: true, get: function () { return publisher_verifier_1.lookupDnsTxt; } });
+var check_skill_1 = require("./check-skill");
+Object.defineProperty(exports, "checkSkill", { enumerable: true, get: function () { return check_skill_1.checkSkill; } });
+//# sourceMappingURL=index.js.map

package/dist/checker/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/checker/index.ts"],"names":[],"mappings":";AAAA;;GAEG;;;AAEH,uDAA0D;AAAjD,wHAAA,oBAAoB,OAAA;AAG7B,6DAA2D;AAAlD,yHAAA,kBAAkB,OAAA;AAG3B,2DAAqE;AAA5D,qHAAA,eAAe,OAAA;AAAE,kHAAA,YAAY,OAAA;AAOtC,6CAA2C;AAAlC,yGAAA,UAAU,OAAA"}

package/dist/checker/permission-analyzer.d.ts

@@ -0,0 +1,12 @@
+/**
+ * Permission analyzer
+ * Analyzes skill permissions and categorizes them by risk level
+ */
+export interface PermissionAnalysis {
+    safe: string[];
+    dangerous: string[];
+    reviewNeeded: string[];
+    riskScore: number;
+}
+export declare function analyzePermissions(permissions: string[]): PermissionAnalysis;
+//# sourceMappingURL=permission-analyzer.d.ts.map

package/dist/checker/permission-analyzer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"permission-analyzer.d.ts","sourceRoot":"","sources":["../../src/checker/permission-analyzer.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,MAAM,WAAW,kBAAkB;IACjC,IAAI,EAAE,MAAM,EAAE,CAAC;IACf,SAAS,EAAE,MAAM,EAAE,CAAC;IACpB,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,SAAS,EAAE,MAAM,CAAC;CACnB;AA0BD,wBAAgB,kBAAkB,CAAC,WAAW,EAAE,MAAM,EAAE,GAAG,kBAAkB,CAoC5E"}

package/dist/checker/permission-analyzer.js

@@ -0,0 +1,84 @@
+"use strict";
+/**
+ * Permission analyzer
+ * Analyzes skill permissions and categorizes them by risk level
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.analyzePermissions = analyzePermissions;
+// Permissions that are always safe (read-only, limited scope)
+const SAFE_PERMISSIONS = new Set([
+    'messages:read',
+    'config:read',
+    'storage:local',
+]);
+// Patterns that indicate dangerous permissions
+const DANGEROUS_PATTERNS = [
+    /^shell:/, // Any shell access
+    /^filesystem:\*$/, // Wildcard filesystem
+    /^filesystem:\/$/, // Root filesystem
+    /^filesystem:~$/, // Home directory (broad)
+    /^network:\*$/, // Wildcard network
+    /^mcp:\*$/, // Wildcard MCP
+];
+// Patterns that need review (scoped but still sensitive)
+const REVIEW_PATTERNS = [
+    /^filesystem:~\/.+/, // Scoped home directory paths
+    /^network:[^*]+$/, // Specific network hosts
+    /^mcp:[^*]+$/, // Specific MCP servers
+];
+function analyzePermissions(permissions) {
+    const safe = [];
+    const dangerous = [];
+    const reviewNeeded = [];
+    for (const permission of permissions) {
+        if (SAFE_PERMISSIONS.has(permission)) {
+            safe.push(permission);
+            continue;
+        }
+        const isDangerous = DANGEROUS_PATTERNS.some((pattern) => pattern.test(permission));
+        if (isDangerous) {
+            dangerous.push(permission);
+            continue;
+        }
+        const needsReview = REVIEW_PATTERNS.some((pattern) => pattern.test(permission));
+        if (needsReview) {
+            reviewNeeded.push(permission);
+            continue;
+        }
+        // Default: if not recognized, mark as needing review
+        reviewNeeded.push(permission);
+    }
+    // Calculate risk score (0-100)
+    const riskScore = calculateRiskScore(safe, dangerous, reviewNeeded);
+    return {
+        safe,
+        dangerous,
+        reviewNeeded,
+        riskScore,
+    };
+}
+function calculateRiskScore(safe, dangerous, reviewNeeded) {
+    if (safe.length === 0 && dangerous.length === 0 && reviewNeeded.length === 0) {
+        return 0;
+    }
+    // Weights for each category
+    const SAFE_WEIGHT = 5;
+    const REVIEW_WEIGHT = 25;
+    const DANGEROUS_WEIGHT = 50;
+    const totalPermissions = safe.length + dangerous.length + reviewNeeded.length;
+    const weightedSum = safe.length * SAFE_WEIGHT +
+        reviewNeeded.length * REVIEW_WEIGHT +
+        dangerous.length * DANGEROUS_WEIGHT;
+    // Normalize to 0-100, with a minimum based on dangerous permissions
+    const baseScore = Math.min(100, (weightedSum / totalPermissions));
+    // If any dangerous permissions, ensure minimum score of 71
+    if (dangerous.length > 0) {
+        return Math.max(71, baseScore);
+    }
+    // If only review-needed, ensure minimum score of 31
+    if (reviewNeeded.length > 0 && safe.length === 0) {
+        return Math.max(31, baseScore);
+    }
+    return baseScore;
+}
+//# sourceMappingURL=permission-analyzer.js.map

package/dist/checker/permission-analyzer.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"permission-analyzer.js","sourceRoot":"","sources":["../../src/checker/permission-analyzer.ts"],"names":[],"mappings":";AAAA;;;GAGG;;AAiCH,gDAoCC;AA5DD,8DAA8D;AAC9D,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAC;IAC/B,eAAe;IACf,aAAa;IACb,eAAe;CAChB,CAAC,CAAC;AAEH,+CAA+C;AAC/C,MAAM,kBAAkB,GAAG;IACzB,SAAS,EAAY,mBAAmB;IACxC,iBAAiB,EAAI,sBAAsB;IAC3C,iBAAiB,EAAI,kBAAkB;IACvC,gBAAgB,EAAK,yBAAyB;IAC9C,cAAc,EAAO,mBAAmB;IACxC,UAAU,EAAW,eAAe;CACrC,CAAC;AAEF,yDAAyD;AACzD,MAAM,eAAe,GAAG;IACtB,mBAAmB,EAAE,8BAA8B;IACnD,iBAAiB,EAAI,yBAAyB;IAC9C,aAAa,EAAQ,uBAAuB;CAC7C,CAAC;AAEF,SAAgB,kBAAkB,CAAC,WAAqB;IACtD,MAAM,IAAI,GAAa,EAAE,CAAC;IAC1B,MAAM,SAAS,GAAa,EAAE,CAAC;IAC/B,MAAM,YAAY,GAAa,EAAE,CAAC;IAElC,KAAK,MAAM,UAAU,IAAI,WAAW,EAAE,CAAC;QACrC,IAAI,gBAAgB,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,CAAC;YACrC,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YACtB,SAAS;QACX,CAAC;QAED,MAAM,WAAW,GAAG,kBAAkB,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC;QACnF,IAAI,WAAW,EAAE,CAAC;YAChB,SAAS,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YAC3B,SAAS;QACX,CAAC;QAED,MAAM,WAAW,GAAG,eAAe,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC;QAChF,IAAI,WAAW,EAAE,CAAC;YAChB,YAAY,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YAC9B,SAAS;QACX,CAAC;QAED,qDAAqD;QACrD,YAAY,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IAChC,CAAC;IAED,+BAA+B;IAC/B,MAAM,SAAS,GAAG,kBAAkB,CAAC,IAAI,EAAE,SAAS,EAAE,YAAY,CAAC,CAAC;IAEpE,OAAO;QACL,IAAI;QACJ,SAAS;QACT,YAAY;QACZ,SAAS;KACV,CAAC;AACJ,CAAC;AAED,SAAS,kBAAkB,CACzB,IAAc,EACd,SAAmB,EACnB,YAAsB;IAEtB,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,IAAI,YAAY,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC7E,OAAO,CAAC,CAAC;IACX,CAAC;IAED,4BAA4B;IAC5B,MAAM,WAAW,GAAG,CAAC,CAAC;IACtB,MAAM,aAAa,GAAG,EAAE,CAAC;IACzB,MAAM,gBAAgB,GAAG,EAAE,CAAC;IAE5B,MAAM,gBAAgB,GAAG,IAAI,CAAC,MAAM,GAAG,SAAS,CAAC,MAAM,GAAG,YAAY,CAAC,MAAM,CAAC;IAC9E,MAAM,WAAW,GACf,IAAI,CAAC,MAAM,GAAG,WAAW;QACzB,YAAY,CAAC,MAAM,GAAG,aAAa;QACnC,SAAS,CAAC,MAAM,GAAG,gBAAgB,CAAC;IAEtC,oEAAoE;IACpE,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,WAAW,GAAG,gBAAgB,CAAC,CAAC,CAAC;IAElE,2DAA2D;IAC3D,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACzB,OAAO,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,SAAS,CAAC,CAAC;IACjC,CAAC;IAED,oDAAoD;IACpD,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACjD,OAAO,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,SAAS,CAAC,CAAC;IACjC,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC"}

package/dist/checker/permission-analyzer.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=permission-analyzer.test.d.ts.map

package/dist/checker/permission-analyzer.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"permission-analyzer.test.d.ts","sourceRoot":"","sources":["../../src/checker/permission-analyzer.test.ts"],"names":[],"mappings":""}

package/dist/checker/permission-analyzer.test.js

@@ -0,0 +1,87 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const vitest_1 = require("vitest");
+const permission_analyzer_1 = require("./permission-analyzer");
+(0, vitest_1.describe)('analyzePermissions', () => {
+    (0, vitest_1.it)('categorizes safe permissions', () => {
+        const result = (0, permission_analyzer_1.analyzePermissions)(['messages:read', 'config:read']);
+        (0, vitest_1.expect)(result.safe).toContain('messages:read');
+        (0, vitest_1.expect)(result.safe).toContain('config:read');
+        (0, vitest_1.expect)(result.dangerous).toHaveLength(0);
+        (0, vitest_1.expect)(result.riskScore).toBeLessThan(30);
+    });
+    (0, vitest_1.it)('categorizes dangerous permissions', () => {
+        const result = (0, permission_analyzer_1.analyzePermissions)(['shell:execute', 'filesystem:*', 'network:*']);
+        (0, vitest_1.expect)(result.dangerous).toContain('shell:execute');
+        (0, vitest_1.expect)(result.dangerous).toContain('filesystem:*');
+        (0, vitest_1.expect)(result.dangerous).toContain('network:*');
+        (0, vitest_1.expect)(result.riskScore).toBeGreaterThan(70);
+    });
+    (0, vitest_1.it)('categorizes review-needed permissions', () => {
+        const result = (0, permission_analyzer_1.analyzePermissions)(['filesystem:~/Documents', 'network:api.example.com']);
+        (0, vitest_1.expect)(result.reviewNeeded).toContain('filesystem:~/Documents');
+        (0, vitest_1.expect)(result.reviewNeeded).toContain('network:api.example.com');
+        (0, vitest_1.expect)(result.riskScore).toBeGreaterThan(30);
+        (0, vitest_1.expect)(result.riskScore).toBeLessThan(70);
+    });
+    (0, vitest_1.it)('flags wildcard permissions as dangerous', () => {
+        const result = (0, permission_analyzer_1.analyzePermissions)(['mcp:*']);
+        (0, vitest_1.expect)(result.dangerous).toContain('mcp:*');
+    });
+    (0, vitest_1.it)('returns empty arrays for no permissions', () => {
+        const result = (0, permission_analyzer_1.analyzePermissions)([]);
+        (0, vitest_1.expect)(result.safe).toHaveLength(0);
+        (0, vitest_1.expect)(result.dangerous).toHaveLength(0);
+        (0, vitest_1.expect)(result.reviewNeeded).toHaveLength(0);
+        (0, vitest_1.expect)(result.riskScore).toBe(0);
+    });
+    (0, vitest_1.it)('calculates risk score based on permission severity', () => {
+        const safeOnly = (0, permission_analyzer_1.analyzePermissions)(['messages:read']);
+        const mixed = (0, permission_analyzer_1.analyzePermissions)(['messages:read', 'filesystem:~/Downloads']);
+        const dangerous = (0, permission_analyzer_1.analyzePermissions)(['shell:execute', 'filesystem:*']);
+        (0, vitest_1.expect)(safeOnly.riskScore).toBeLessThan(mixed.riskScore);
+        (0, vitest_1.expect)(mixed.riskScore).toBeLessThan(dangerous.riskScore);
+    });
+});
+(0, vitest_1.describe)('permission patterns', () => {
+    (0, vitest_1.it)('recognizes shell permissions as dangerous', () => {
+        const result = (0, permission_analyzer_1.analyzePermissions)(['shell:execute', 'shell:read']);
+        (0, vitest_1.expect)(result.dangerous).toContain('shell:execute');
+        (0, vitest_1.expect)(result.dangerous).toContain('shell:read');
+    });
+    (0, vitest_1.it)('recognizes broad filesystem access as dangerous', () => {
+        const result = (0, permission_analyzer_1.analyzePermissions)(['filesystem:*', 'filesystem:/', 'filesystem:~']);
+        result.dangerous.forEach((p) => {
+            (0, vitest_1.expect)(p).toMatch(/^filesystem:/);
+        });
+        (0, vitest_1.expect)(result.dangerous.length).toBe(3);
+    });
+    (0, vitest_1.it)('recognizes scoped filesystem access as review-needed', () => {
+        const result = (0, permission_analyzer_1.analyzePermissions)([
+            'filesystem:~/Documents',
+            'filesystem:~/.config/myapp',
+        ]);
+        (0, vitest_1.expect)(result.reviewNeeded).toContain('filesystem:~/Documents');
+        (0, vitest_1.expect)(result.reviewNeeded).toContain('filesystem:~/.config/myapp');
+        (0, vitest_1.expect)(result.dangerous).toHaveLength(0);
+    });
+    (0, vitest_1.it)('recognizes broad network access as dangerous', () => {
+        const result = (0, permission_analyzer_1.analyzePermissions)(['network:*']);
+        (0, vitest_1.expect)(result.dangerous).toContain('network:*');
+    });
+    (0, vitest_1.it)('recognizes scoped network access as review-needed', () => {
+        const result = (0, permission_analyzer_1.analyzePermissions)(['network:api.github.com', 'network:example.com']);
+        (0, vitest_1.expect)(result.reviewNeeded).toContain('network:api.github.com');
+        (0, vitest_1.expect)(result.reviewNeeded).toContain('network:example.com');
+    });
+    (0, vitest_1.it)('recognizes mcp wildcard as dangerous', () => {
+        const result = (0, permission_analyzer_1.analyzePermissions)(['mcp:*']);
+        (0, vitest_1.expect)(result.dangerous).toContain('mcp:*');
+    });
+    (0, vitest_1.it)('recognizes specific mcp access as review-needed', () => {
+        const result = (0, permission_analyzer_1.analyzePermissions)(['mcp:github', 'mcp:filesystem']);
+        (0, vitest_1.expect)(result.reviewNeeded).toContain('mcp:github');
+        (0, vitest_1.expect)(result.reviewNeeded).toContain('mcp:filesystem');
+    });
+});
+//# sourceMappingURL=permission-analyzer.test.js.map

package/dist/checker/permission-analyzer.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"permission-analyzer.test.js","sourceRoot":"","sources":["../../src/checker/permission-analyzer.test.ts"],"names":[],"mappings":";;AAAA,mCAA8C;AAC9C,+DAA+E;AAE/E,IAAA,iBAAQ,EAAC,oBAAoB,EAAE,GAAG,EAAE;IAClC,IAAA,WAAE,EAAC,8BAA8B,EAAE,GAAG,EAAE;QACtC,MAAM,MAAM,GAAG,IAAA,wCAAkB,EAAC,CAAC,eAAe,EAAE,aAAa,CAAC,CAAC,CAAC;QAEpE,IAAA,eAAM,EAAC,MAAM,CAAC,IAAI,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,CAAC;QAC/C,IAAA,eAAM,EAAC,MAAM,CAAC,IAAI,CAAC,CAAC,SAAS,CAAC,aAAa,CAAC,CAAC;QAC7C,IAAA,eAAM,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QACzC,IAAA,eAAM,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC,YAAY,CAAC,EAAE,CAAC,CAAC;IAC5C,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,mCAAmC,EAAE,GAAG,EAAE;QAC3C,MAAM,MAAM,GAAG,IAAA,wCAAkB,EAAC,CAAC,eAAe,EAAE,cAAc,EAAE,WAAW,CAAC,CAAC,CAAC;QAElF,IAAA,eAAM,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,CAAC;QACpD,IAAA,eAAM,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,CAAC;QACnD,IAAA,eAAM,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;QAChD,IAAA,eAAM,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC,eAAe,CAAC,EAAE,CAAC,CAAC;IAC/C,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,uCAAuC,EAAE,GAAG,EAAE;QAC/C,MAAM,MAAM,GAAG,IAAA,wCAAkB,EAAC,CAAC,wBAAwB,EAAE,yBAAyB,CAAC,CAAC,CAAC;QAEzF,IAAA,eAAM,EAAC,MAAM,CAAC,YAAY,CAAC,CAAC,SAAS,CAAC,wBAAwB,CAAC,CAAC;QAChE,IAAA,eAAM,EAAC,MAAM,CAAC,YAAY,CAAC,CAAC,SAAS,CAAC,yBAAyB,CAAC,CAAC;QACjE,IAAA,eAAM,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC,eAAe,CAAC,EAAE,CAAC,CAAC;QAC7C,IAAA,eAAM,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC,YAAY,CAAC,EAAE,CAAC,CAAC;IAC5C,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,yCAAyC,EAAE,GAAG,EAAE;QACjD,MAAM,MAAM,GAAG,IAAA,wCAAkB,EAAC,CAAC,OAAO,CAAC,CAAC,CAAC;QAE7C,IAAA,eAAM,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;IAC9C,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,yCAAyC,EAAE,GAAG,EAAE;QACjD,MAAM,MAAM,GAAG,IAAA,wCAAkB,EAAC,EAAE,CAAC,CAAC;QAEtC,IAAA,eAAM,EAAC,MAAM,CAAC,IAAI,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QACpC,IAAA,eAAM,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QACzC,IAAA,eAAM,EAAC,MAAM,CAAC,YAAY,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QAC5C,IAAA,eAAM,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACnC,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,oDAAoD,EAAE,GAAG,EAAE;QAC5D,MAAM,QAAQ,GAAG,IAAA,wCAAkB,EAAC,CAAC,eAAe,CAAC,CAAC,CAAC;QACvD,MAAM,KAAK,GAAG,IAAA,wCAAkB,EAAC,CAAC,eAAe,EAAE,wBAAwB,CAAC,CAAC,CAAC;QAC9E,MAAM,SAAS,GAAG,IAAA,wCAAkB,EAAC,CAAC,eAAe,EAAE,cAAc,CAAC,CAAC,CAAC;QAExE,IAAA,eAAM,EAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,YAAY,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;QACzD,IAAA,eAAM,EAAC,KAAK,CAAC,SAAS,CAAC,CAAC,YAAY,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;IAC5D,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,IAAA,iBAAQ,EAAC,qBAAqB,EAAE,GAAG,EAAE;IACnC,IAAA,WAAE,EAAC,2CAA2C,EAAE,GAAG,EAAE;QACnD,MAAM,MAAM,GAAG,IAAA,wCAAkB,EAAC,CAAC,eAAe,EAAE,YAAY,CAAC,CAAC,CAAC;QAEnE,IAAA,eAAM,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,CAAC;QACpD,IAAA,eAAM,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC;IACnD,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,iDAAiD,EAAE,GAAG,EAAE;QACzD,MAAM,MAAM,GAAG,IAAA,wCAAkB,EAAC,CAAC,cAAc,EAAE,cAAc,EAAE,cAAc,CAAC,CAAC,CAAC;QAEpF,MAAM,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE;YAC7B,IAAA,eAAM,EAAC,CAAC,CAAC,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC;QACpC,CAAC,CAAC,CAAC;QACH,IAAA,eAAM,EAAC,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAC1C,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,sDAAsD,EAAE,GAAG,EAAE;QAC9D,MAAM,MAAM,GAAG,IAAA,wCAAkB,EAAC;YAChC,wBAAwB;YACxB,4BAA4B;SAC7B,CAAC,CAAC;QAEH,IAAA,eAAM,EAAC,MAAM,CAAC,YAAY,CAAC,CAAC,SAAS,CAAC,wBAAwB,CAAC,CAAC;QAChE,IAAA,eAAM,EAAC,MAAM,CAAC,YAAY,CAAC,CAAC,SAAS,CAAC,4BAA4B,CAAC,CAAC;QACpE,IAAA,eAAM,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;IAC3C,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,8CAA8C,EAAE,GAAG,EAAE;QACtD,MAAM,MAAM,GAAG,IAAA,wCAAkB,EAAC,CAAC,WAAW,CAAC,CAAC,CAAC;QAEjD,IAAA,eAAM,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;IAClD,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,mDAAmD,EAAE,GAAG,EAAE;QAC3D,MAAM,MAAM,GAAG,IAAA,wCAAkB,EAAC,CAAC,wBAAwB,EAAE,qBAAqB,CAAC,CAAC,CAAC;QAErF,IAAA,eAAM,EAAC,MAAM,CAAC,YAAY,CAAC,CAAC,SAAS,CAAC,wBAAwB,CAAC,CAAC;QAChE,IAAA,eAAM,EAAC,MAAM,CAAC,YAAY,CAAC,CAAC,SAAS,CAAC,qBAAqB,CAAC,CAAC;IAC/D,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,sCAAsC,EAAE,GAAG,EAAE;QAC9C,MAAM,MAAM,GAAG,IAAA,wCAAkB,EAAC,CAAC,OAAO,CAAC,CAAC,CAAC;QAE7C,IAAA,eAAM,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;IAC9C,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,iDAAiD,EAAE,GAAG,EAAE;QACzD,MAAM,MAAM,GAAG,IAAA,wCAAkB,EAAC,CAAC,YAAY,EAAE,gBAAgB,CAAC,CAAC,CAAC;QAEpE,IAAA,eAAM,EAAC,MAAM,CAAC,YAAY,CAAC,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC;QACpD,IAAA,eAAM,EAAC,MAAM,CAAC,YAAY,CAAC,CAAC,SAAS,CAAC,gBAAgB,CAAC,CAAC;IAC1D,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/checker/publisher-verifier.d.ts

@@ -0,0 +1,34 @@
+/**
+ * Publisher verification via DNS TXT records
+ *
+ * Publishers can verify ownership by adding a TXT record to their domain:
+ *   - hackmyagent-verify=<publisher-name>
+ *   - hackmyagent-publisher=<publisher-name>
+ *   - opena2a-verify=<publisher-name>
+ *
+ * The record can be at:
+ *   - The root domain (e.g., TXT @ for publisher.dev)
+ *   - A _hackmyagent subdomain (e.g., TXT _hackmyagent.publisher.dev)
+ */
+export type VerificationMethod = 'dns' | 'github' | 'none';
+export interface PublisherVerification {
+    verified: boolean;
+    method: VerificationMethod;
+    domain?: string;
+    txtRecord?: string;
+    verifiedAt?: Date;
+    failureReason?: string;
+}
+export interface VerifyOptions {
+    mockDnsRecords?: Record<string, string[]>;
+    registryDomains?: Record<string, string>;
+}
+/**
+ * Look up TXT records for a domain
+ */
+export declare function lookupDnsTxt(domain: string): Promise<string[]>;
+/**
+ * Verify a publisher's identity via DNS TXT records
+ */
+export declare function verifyPublisher(publisherName: string, options?: VerifyOptions): Promise<PublisherVerification>;
+//# sourceMappingURL=publisher-verifier.d.ts.map

package/dist/checker/publisher-verifier.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"publisher-verifier.d.ts","sourceRoot":"","sources":["../../src/checker/publisher-verifier.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAIH,MAAM,MAAM,kBAAkB,GAAG,KAAK,GAAG,QAAQ,GAAG,MAAM,CAAC;AAE3D,MAAM,WAAW,qBAAqB;IACpC,QAAQ,EAAE,OAAO,CAAC;IAClB,MAAM,EAAE,kBAAkB,CAAC;IAC3B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,UAAU,CAAC,EAAE,IAAI,CAAC;IAClB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAED,MAAM,WAAW,aAAa;IAC5B,cAAc,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;IAC1C,eAAe,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAC1C;AAaD;;GAEG;AACH,wBAAsB,YAAY,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,CASpE;AAuED;;GAEG;AACH,wBAAsB,eAAe,CACnC,aAAa,EAAE,MAAM,EACrB,OAAO,CAAC,EAAE,aAAa,GACtB,OAAO,CAAC,qBAAqB,CAAC,CA0BhC"}