hackmyagent-core 0.1.0

package/dist/checker/publisher-verifier.js

@@ -0,0 +1,121 @@
+"use strict";
+/**
+ * Publisher verification via DNS TXT records
+ *
+ * Publishers can verify ownership by adding a TXT record to their domain:
+ *   - hackmyagent-verify=<publisher-name>
+ *   - hackmyagent-publisher=<publisher-name>
+ *   - opena2a-verify=<publisher-name>
+ *
+ * The record can be at:
+ *   - The root domain (e.g., TXT @ for publisher.dev)
+ *   - A _hackmyagent subdomain (e.g., TXT _hackmyagent.publisher.dev)
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.lookupDnsTxt = lookupDnsTxt;
+exports.verifyPublisher = verifyPublisher;
+const dns_1 = require("dns");
+// Accepted TXT record prefixes (case-insensitive)
+const VALID_PREFIXES = [
+    'hackmyagent-verify=',
+    'hackmyagent-publisher=',
+    'opena2a-verify=',
+    'publisher=', // For _hackmyagent subdomain
+];
+// Domain suffixes to try when looking up a publisher
+const DOMAIN_SUFFIXES = ['.dev', '.com', '.io', '.org'];
+/**
+ * Look up TXT records for a domain
+ */
+async function lookupDnsTxt(domain) {
+    try {
+        const records = await dns_1.promises.resolveTxt(domain);
+        // dns.resolveTxt returns string[][] (chunks), flatten them
+        return records.map((chunks) => chunks.join(''));
+    }
+    catch (error) {
+        // ENOTFOUND, ENODATA, etc. - domain doesn't exist or has no TXT records
+        return [];
+    }
+}
+/**
+ * Check if a TXT record verifies the publisher
+ */
+function checkTxtRecord(record, publisherName) {
+    const lowerRecord = record.toLowerCase();
+    const lowerPublisher = publisherName.toLowerCase();
+    for (const prefix of VALID_PREFIXES) {
+        if (lowerRecord.startsWith(prefix.toLowerCase())) {
+            const value = record.substring(prefix.length).trim();
+            return value.toLowerCase() === lowerPublisher;
+        }
+    }
+    return false;
+}
+/**
+ * Get domains to check for a publisher
+ */
+function getDomainsToCheck(publisherName, options) {
+    const domains = [];
+    // If registry has a custom domain for this publisher, check it first
+    if (options?.registryDomains?.[publisherName]) {
+        const customDomain = options.registryDomains[publisherName];
+        domains.push(customDomain);
+        domains.push(`_hackmyagent.${customDomain}`);
+    }
+    // Try common domain patterns
+    for (const suffix of DOMAIN_SUFFIXES) {
+        const baseDomain = `${publisherName}${suffix}`;
+        domains.push(baseDomain);
+        domains.push(`_hackmyagent.${baseDomain}`);
+    }
+    return domains;
+}
+/**
+ * Look up DNS TXT records (with mock support for testing)
+ */
+async function getDnsRecords(domain, options) {
+    // Use mock records if provided (for testing)
+    if (options?.mockDnsRecords) {
+        return options.mockDnsRecords[domain] ?? [];
+    }
+    // Real DNS lookup
+    return lookupDnsTxt(domain);
+}
+/**
+ * Extract the base domain from a full domain (removes _hackmyagent. prefix)
+ */
+function getBaseDomain(domain) {
+    if (domain.startsWith('_hackmyagent.')) {
+        return domain.substring('_hackmyagent.'.length);
+    }
+    return domain;
+}
+/**
+ * Verify a publisher's identity via DNS TXT records
+ */
+async function verifyPublisher(publisherName, options) {
+    const domainsToCheck = getDomainsToCheck(publisherName, options);
+    const checkedDomains = [];
+    for (const domain of domainsToCheck) {
+        checkedDomains.push(domain);
+        const records = await getDnsRecords(domain, options);
+        for (const record of records) {
+            if (checkTxtRecord(record, publisherName)) {
+                return {
+                    verified: true,
+                    method: 'dns',
+                    domain: getBaseDomain(domain),
+                    txtRecord: record,
+                    verifiedAt: new Date(),
+                };
+            }
+        }
+    }
+    return {
+        verified: false,
+        method: 'none',
+        failureReason: `No valid TXT record found for publisher "${publisherName}". Checked domains: ${checkedDomains.join(', ')}`,
+    };
+}
+//# sourceMappingURL=publisher-verifier.js.map

package/dist/checker/publisher-verifier.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"publisher-verifier.js","sourceRoot":"","sources":["../../src/checker/publisher-verifier.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;GAWG;;AAkCH,oCASC;AA0ED,0CA6BC;AAhJD,6BAAsC;AAkBtC,kDAAkD;AAClD,MAAM,cAAc,GAAG;IACrB,qBAAqB;IACrB,wBAAwB;IACxB,iBAAiB;IACjB,YAAY,EAAE,6BAA6B;CAC5C,CAAC;AAEF,qDAAqD;AACrD,MAAM,eAAe,GAAG,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;AAExD;;GAEG;AACI,KAAK,UAAU,YAAY,CAAC,MAAc;IAC/C,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,MAAM,cAAG,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;QAC7C,2DAA2D;QAC3D,OAAO,OAAO,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC;IAClD,CAAC;IAAC,OAAO,KAAc,EAAE,CAAC;QACxB,wEAAwE;QACxE,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,cAAc,CAAC,MAAc,EAAE,aAAqB;IAC3D,MAAM,WAAW,GAAG,MAAM,CAAC,WAAW,EAAE,CAAC;IACzC,MAAM,cAAc,GAAG,aAAa,CAAC,WAAW,EAAE,CAAC;IAEnD,KAAK,MAAM,MAAM,IAAI,cAAc,EAAE,CAAC;QACpC,IAAI,WAAW,CAAC,UAAU,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC,EAAE,CAAC;YACjD,MAAM,KAAK,GAAG,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,CAAC;YACrD,OAAO,KAAK,CAAC,WAAW,EAAE,KAAK,cAAc,CAAC;QAChD,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACH,SAAS,iBAAiB,CACxB,aAAqB,EACrB,OAAuB;IAEvB,MAAM,OAAO,GAAa,EAAE,CAAC;IAE7B,qEAAqE;IACrE,IAAI,OAAO,EAAE,eAAe,EAAE,CAAC,aAAa,CAAC,EAAE,CAAC;QAC9C,MAAM,YAAY,GAAG,OAAO,CAAC,eAAe,CAAC,aAAa,CAAC,CAAC;QAC5D,OAAO,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QAC3B,OAAO,CAAC,IAAI,CAAC,gBAAgB,YAAY,EAAE,CAAC,CAAC;IAC/C,CAAC;IAED,6BAA6B;IAC7B,KAAK,MAAM,MAAM,IAAI,eAAe,EAAE,CAAC;QACrC,MAAM,UAAU,GAAG,GAAG,aAAa,GAAG,MAAM,EAAE,CAAC;QAC/C,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QACzB,OAAO,CAAC,IAAI,CAAC,gBAAgB,UAAU,EAAE,CAAC,CAAC;IAC7C,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,aAAa,CAC1B,MAAc,EACd,OAAuB;IAEvB,6CAA6C;IAC7C,IAAI,OAAO,EAAE,cAAc,EAAE,CAAC;QAC5B,OAAO,OAAO,CAAC,cAAc,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;IAC9C,CAAC;IAED,kBAAkB;IAClB,OAAO,YAAY,CAAC,MAAM,CAAC,CAAC;AAC9B,CAAC;AAED;;GAEG;AACH,SAAS,aAAa,CAAC,MAAc;IACnC,IAAI,MAAM,CAAC,UAAU,CAAC,eAAe,CAAC,EAAE,CAAC;QACvC,OAAO,MAAM,CAAC,SAAS,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC;IAClD,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;GAEG;AACI,KAAK,UAAU,eAAe,CACnC,aAAqB,EACrB,OAAuB;IAEvB,MAAM,cAAc,GAAG,iBAAiB,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC;IACjE,MAAM,cAAc,GAAa,EAAE,CAAC;IAEpC,KAAK,MAAM,MAAM,IAAI,cAAc,EAAE,CAAC;QACpC,cAAc,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAC5B,MAAM,OAAO,GAAG,MAAM,aAAa,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QAErD,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;YAC7B,IAAI,cAAc,CAAC,MAAM,EAAE,aAAa,CAAC,EAAE,CAAC;gBAC1C,OAAO;oBACL,QAAQ,EAAE,IAAI;oBACd,MAAM,EAAE,KAAK;oBACb,MAAM,EAAE,aAAa,CAAC,MAAM,CAAC;oBAC7B,SAAS,EAAE,MAAM;oBACjB,UAAU,EAAE,IAAI,IAAI,EAAE;iBACvB,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO;QACL,QAAQ,EAAE,KAAK;QACf,MAAM,EAAE,MAAM;QACd,aAAa,EAAE,4CAA4C,aAAa,uBAAuB,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;KAC3H,CAAC;AACJ,CAAC"}

package/dist/checker/publisher-verifier.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=publisher-verifier.test.d.ts.map

package/dist/checker/publisher-verifier.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"publisher-verifier.test.d.ts","sourceRoot":"","sources":["../../src/checker/publisher-verifier.test.ts"],"names":[],"mappings":""}

package/dist/checker/publisher-verifier.test.js

@@ -0,0 +1,171 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const vitest_1 = require("vitest");
+const publisher_verifier_1 = require("./publisher-verifier");
+(0, vitest_1.describe)('lookupDnsTxt', () => {
+    (0, vitest_1.it)('returns TXT records for a domain', async () => {
+        // Using a well-known domain that has TXT records
+        const records = await (0, publisher_verifier_1.lookupDnsTxt)('google.com');
+        (0, vitest_1.expect)(Array.isArray(records)).toBe(true);
+        // Google has SPF and other TXT records
+        (0, vitest_1.expect)(records.length).toBeGreaterThan(0);
+    });
+    (0, vitest_1.it)('returns empty array for domain with no TXT records', async () => {
+        // Use a subdomain unlikely to have TXT records
+        const records = await (0, publisher_verifier_1.lookupDnsTxt)('no-txt-records.example.com');
+        (0, vitest_1.expect)(records).toEqual([]);
+    });
+    (0, vitest_1.it)('returns empty array for non-existent domain', async () => {
+        const records = await (0, publisher_verifier_1.lookupDnsTxt)('this-domain-definitely-does-not-exist-12345.com');
+        (0, vitest_1.expect)(records).toEqual([]);
+    });
+});
+(0, vitest_1.describe)('verifyPublisher', () => {
+    (0, vitest_1.describe)('DNS TXT verification', () => {
+        (0, vitest_1.it)('verifies publisher with valid hackmyagent TXT record', async () => {
+            const result = await (0, publisher_verifier_1.verifyPublisher)('test-publisher', {
+                mockDnsRecords: {
+                    'test-publisher.dev': ['hackmyagent-verify=test-publisher'],
+                },
+            });
+            (0, vitest_1.expect)(result).toMatchObject({
+                verified: true,
+                method: 'dns',
+                domain: 'test-publisher.dev',
+            });
+        });
+        (0, vitest_1.it)('verifies publisher with _hackmyagent subdomain TXT record', async () => {
+            const result = await (0, publisher_verifier_1.verifyPublisher)('example-org', {
+                mockDnsRecords: {
+                    '_hackmyagent.example-org.dev': ['publisher=example-org'],
+                },
+            });
+            (0, vitest_1.expect)(result).toMatchObject({
+                verified: true,
+                method: 'dns',
+                domain: 'example-org.dev',
+            });
+        });
+        (0, vitest_1.it)('fails verification when TXT record has wrong publisher name', async () => {
+            const result = await (0, publisher_verifier_1.verifyPublisher)('my-publisher', {
+                mockDnsRecords: {
+                    'my-publisher.dev': ['hackmyagent-verify=wrong-name'],
+                },
+            });
+            (0, vitest_1.expect)(result.verified).toBe(false);
+            (0, vitest_1.expect)(result.method).toBe('none');
+        });
+        (0, vitest_1.it)('fails verification when no TXT records exist', async () => {
+            const result = await (0, publisher_verifier_1.verifyPublisher)('unverified-publisher', {
+                mockDnsRecords: {},
+            });
+            (0, vitest_1.expect)(result.verified).toBe(false);
+            (0, vitest_1.expect)(result.method).toBe('none');
+        });
+        (0, vitest_1.it)('tries multiple domain patterns', async () => {
+            // Should try: publisher.dev, publisher.com, publisher.io
+            const result = await (0, publisher_verifier_1.verifyPublisher)('mycompany', {
+                mockDnsRecords: {
+                    'mycompany.io': ['hackmyagent-verify=mycompany'],
+                },
+            });
+            (0, vitest_1.expect)(result).toMatchObject({
+                verified: true,
+                method: 'dns',
+                domain: 'mycompany.io',
+            });
+        });
+        (0, vitest_1.it)('supports custom domain via registry lookup', async () => {
+            const result = await (0, publisher_verifier_1.verifyPublisher)('opena2a', {
+                registryDomains: {
+                    opena2a: 'opena2a.dev',
+                },
+                mockDnsRecords: {
+                    'opena2a.dev': ['hackmyagent-verify=opena2a'],
+                },
+            });
+            (0, vitest_1.expect)(result).toMatchObject({
+                verified: true,
+                method: 'dns',
+                domain: 'opena2a.dev',
+            });
+        });
+    });
+    (0, vitest_1.describe)('TXT record formats', () => {
+        (0, vitest_1.it)('accepts hackmyagent-verify=publisher format', async () => {
+            const result = await (0, publisher_verifier_1.verifyPublisher)('acme', {
+                mockDnsRecords: {
+                    'acme.dev': ['hackmyagent-verify=acme'],
+                },
+            });
+            (0, vitest_1.expect)(result.verified).toBe(true);
+        });
+        (0, vitest_1.it)('accepts hackmyagent-publisher=publisher format', async () => {
+            const result = await (0, publisher_verifier_1.verifyPublisher)('acme', {
+                mockDnsRecords: {
+                    'acme.dev': ['hackmyagent-publisher=acme'],
+                },
+            });
+            (0, vitest_1.expect)(result.verified).toBe(true);
+        });
+        (0, vitest_1.it)('accepts opena2a-verify=publisher format (alias)', async () => {
+            const result = await (0, publisher_verifier_1.verifyPublisher)('acme', {
+                mockDnsRecords: {
+                    'acme.dev': ['opena2a-verify=acme'],
+                },
+            });
+            (0, vitest_1.expect)(result.verified).toBe(true);
+        });
+        (0, vitest_1.it)('ignores unrelated TXT records', async () => {
+            const result = await (0, publisher_verifier_1.verifyPublisher)('acme', {
+                mockDnsRecords: {
+                    'acme.dev': [
+                        'v=spf1 include:_spf.google.com ~all',
+                        'google-site-verification=abc123',
+                        'hackmyagent-verify=acme', // This one should match
+                    ],
+                },
+            });
+            (0, vitest_1.expect)(result.verified).toBe(true);
+        });
+        (0, vitest_1.it)('is case-insensitive for record keys', async () => {
+            const result = await (0, publisher_verifier_1.verifyPublisher)('acme', {
+                mockDnsRecords: {
+                    'acme.dev': ['HackMyAgent-Verify=acme'],
+                },
+            });
+            (0, vitest_1.expect)(result.verified).toBe(true);
+        });
+    });
+    (0, vitest_1.describe)('verification result details', () => {
+        (0, vitest_1.it)('includes verification timestamp', async () => {
+            const before = new Date();
+            const result = await (0, publisher_verifier_1.verifyPublisher)('test', {
+                mockDnsRecords: {
+                    'test.dev': ['hackmyagent-verify=test'],
+                },
+            });
+            const after = new Date();
+            (0, vitest_1.expect)(result.verifiedAt).toBeDefined();
+            (0, vitest_1.expect)(result.verifiedAt.getTime()).toBeGreaterThanOrEqual(before.getTime());
+            (0, vitest_1.expect)(result.verifiedAt.getTime()).toBeLessThanOrEqual(after.getTime());
+        });
+        (0, vitest_1.it)('includes the matched TXT record', async () => {
+            const result = await (0, publisher_verifier_1.verifyPublisher)('test', {
+                mockDnsRecords: {
+                    'test.dev': ['hackmyagent-verify=test'],
+                },
+            });
+            (0, vitest_1.expect)(result.txtRecord).toBe('hackmyagent-verify=test');
+        });
+        (0, vitest_1.it)('returns failure reason when not verified', async () => {
+            const result = await (0, publisher_verifier_1.verifyPublisher)('unknown', {
+                mockDnsRecords: {},
+            });
+            (0, vitest_1.expect)(result.verified).toBe(false);
+            (0, vitest_1.expect)(result.failureReason).toBeDefined();
+            (0, vitest_1.expect)(result.failureReason).toContain('No valid TXT record found');
+        });
+    });
+});
+//# sourceMappingURL=publisher-verifier.test.js.map

package/dist/checker/publisher-verifier.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"publisher-verifier.test.js","sourceRoot":"","sources":["../../src/checker/publisher-verifier.test.ts"],"names":[],"mappings":";;AAAA,mCAAyE;AACzE,6DAK8B;AAE9B,IAAA,iBAAQ,EAAC,cAAc,EAAE,GAAG,EAAE;IAC5B,IAAA,WAAE,EAAC,kCAAkC,EAAE,KAAK,IAAI,EAAE;QAChD,iDAAiD;QACjD,MAAM,OAAO,GAAG,MAAM,IAAA,iCAAY,EAAC,YAAY,CAAC,CAAC;QAEjD,IAAA,eAAM,EAAC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC1C,uCAAuC;QACvC,IAAA,eAAM,EAAC,OAAO,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;IAC5C,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,oDAAoD,EAAE,KAAK,IAAI,EAAE;QAClE,+CAA+C;QAC/C,MAAM,OAAO,GAAG,MAAM,IAAA,iCAAY,EAAC,4BAA4B,CAAC,CAAC;QAEjE,IAAA,eAAM,EAAC,OAAO,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;IAC9B,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,6CAA6C,EAAE,KAAK,IAAI,EAAE;QAC3D,MAAM,OAAO,GAAG,MAAM,IAAA,iCAAY,EAAC,iDAAiD,CAAC,CAAC;QAEtF,IAAA,eAAM,EAAC,OAAO,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;IAC9B,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,IAAA,iBAAQ,EAAC,iBAAiB,EAAE,GAAG,EAAE;IAC/B,IAAA,iBAAQ,EAAC,sBAAsB,EAAE,GAAG,EAAE;QACpC,IAAA,WAAE,EAAC,sDAAsD,EAAE,KAAK,IAAI,EAAE;YACpE,MAAM,MAAM,GAAG,MAAM,IAAA,oCAAe,EAAC,gBAAgB,EAAE;gBACrD,cAAc,EAAE;oBACd,oBAAoB,EAAE,CAAC,mCAAmC,CAAC;iBAC5D;aACF,CAAC,CAAC;YAEH,IAAA,eAAM,EAAC,MAAM,CAAC,CAAC,aAAa,CAAC;gBAC3B,QAAQ,EAAE,IAAI;gBACd,MAAM,EAAE,KAAK;gBACb,MAAM,EAAE,oBAAoB;aAC7B,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,IAAA,WAAE,EAAC,2DAA2D,EAAE,KAAK,IAAI,EAAE;YACzE,MAAM,MAAM,GAAG,MAAM,IAAA,oCAAe,EAAC,aAAa,EAAE;gBAClD,cAAc,EAAE;oBACd,8BAA8B,EAAE,CAAC,uBAAuB,CAAC;iBAC1D;aACF,CAAC,CAAC;YAEH,IAAA,eAAM,EAAC,MAAM,CAAC,CAAC,aAAa,CAAC;gBAC3B,QAAQ,EAAE,IAAI;gBACd,MAAM,EAAE,KAAK;gBACb,MAAM,EAAE,iBAAiB;aAC1B,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,IAAA,WAAE,EAAC,6DAA6D,EAAE,KAAK,IAAI,EAAE;YAC3E,MAAM,MAAM,GAAG,MAAM,IAAA,oCAAe,EAAC,cAAc,EAAE;gBACnD,cAAc,EAAE;oBACd,kBAAkB,EAAE,CAAC,+BAA+B,CAAC;iBACtD;aACF,CAAC,CAAC;YAEH,IAAA,eAAM,EAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YACpC,IAAA,eAAM,EAAC,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACrC,CAAC,CAAC,CAAC;QAEH,IAAA,WAAE,EAAC,8CAA8C,EAAE,KAAK,IAAI,EAAE;YAC5D,MAAM,MAAM,GAAG,MAAM,IAAA,oCAAe,EAAC,sBAAsB,EAAE;gBAC3D,cAAc,EAAE,EAAE;aACnB,CAAC,CAAC;YAEH,IAAA,eAAM,EAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YACpC,IAAA,eAAM,EAAC,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACrC,CAAC,CAAC,CAAC;QAEH,IAAA,WAAE,EAAC,gCAAgC,EAAE,KAAK,IAAI,EAAE;YAC9C,yDAAyD;YACzD,MAAM,MAAM,GAAG,MAAM,IAAA,oCAAe,EAAC,WAAW,EAAE;gBAChD,cAAc,EAAE;oBACd,cAAc,EAAE,CAAC,8BAA8B,CAAC;iBACjD;aACF,CAAC,CAAC;YAEH,IAAA,eAAM,EAAC,MAAM,CAAC,CAAC,aAAa,CAAC;gBAC3B,QAAQ,EAAE,IAAI;gBACd,MAAM,EAAE,KAAK;gBACb,MAAM,EAAE,cAAc;aACvB,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,IAAA,WAAE,EAAC,4CAA4C,EAAE,KAAK,IAAI,EAAE;YAC1D,MAAM,MAAM,GAAG,MAAM,IAAA,oCAAe,EAAC,SAAS,EAAE;gBAC9C,eAAe,EAAE;oBACf,OAAO,EAAE,aAAa;iBACvB;gBACD,cAAc,EAAE;oBACd,aAAa,EAAE,CAAC,4BAA4B,CAAC;iBAC9C;aACF,CAAC,CAAC;YAEH,IAAA,eAAM,EAAC,MAAM,CAAC,CAAC,aAAa,CAAC;gBAC3B,QAAQ,EAAE,IAAI;gBACd,MAAM,EAAE,KAAK;gBACb,MAAM,EAAE,aAAa;aACtB,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,IAAA,iBAAQ,EAAC,oBAAoB,EAAE,GAAG,EAAE;QAClC,IAAA,WAAE,EAAC,6CAA6C,EAAE,KAAK,IAAI,EAAE;YAC3D,MAAM,MAAM,GAAG,MAAM,IAAA,oCAAe,EAAC,MAAM,EAAE;gBAC3C,cAAc,EAAE;oBACd,UAAU,EAAE,CAAC,yBAAyB,CAAC;iBACxC;aACF,CAAC,CAAC;YAEH,IAAA,eAAM,EAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACrC,CAAC,CAAC,CAAC;QAEH,IAAA,WAAE,EAAC,gDAAgD,EAAE,KAAK,IAAI,EAAE;YAC9D,MAAM,MAAM,GAAG,MAAM,IAAA,oCAAe,EAAC,MAAM,EAAE;gBAC3C,cAAc,EAAE;oBACd,UAAU,EAAE,CAAC,4BAA4B,CAAC;iBAC3C;aACF,CAAC,CAAC;YAEH,IAAA,eAAM,EAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACrC,CAAC,CAAC,CAAC;QAEH,IAAA,WAAE,EAAC,iDAAiD,EAAE,KAAK,IAAI,EAAE;YAC/D,MAAM,MAAM,GAAG,MAAM,IAAA,oCAAe,EAAC,MAAM,EAAE;gBAC3C,cAAc,EAAE;oBACd,UAAU,EAAE,CAAC,qBAAqB,CAAC;iBACpC;aACF,CAAC,CAAC;YAEH,IAAA,eAAM,EAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACrC,CAAC,CAAC,CAAC;QAEH,IAAA,WAAE,EAAC,+BAA+B,EAAE,KAAK,IAAI,EAAE;YAC7C,MAAM,MAAM,GAAG,MAAM,IAAA,oCAAe,EAAC,MAAM,EAAE;gBAC3C,cAAc,EAAE;oBACd,UAAU,EAAE;wBACV,qCAAqC;wBACrC,iCAAiC;wBACjC,yBAAyB,EAAE,wBAAwB;qBACpD;iBACF;aACF,CAAC,CAAC;YAEH,IAAA,eAAM,EAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACrC,CAAC,CAAC,CAAC;QAEH,IAAA,WAAE,EAAC,qCAAqC,EAAE,KAAK,IAAI,EAAE;YACnD,MAAM,MAAM,GAAG,MAAM,IAAA,oCAAe,EAAC,MAAM,EAAE;gBAC3C,cAAc,EAAE;oBACd,UAAU,EAAE,CAAC,yBAAyB,CAAC;iBACxC;aACF,CAAC,CAAC;YAEH,IAAA,eAAM,EAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACrC,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,IAAA,iBAAQ,EAAC,6BAA6B,EAAE,GAAG,EAAE;QAC3C,IAAA,WAAE,EAAC,iCAAiC,EAAE,KAAK,IAAI,EAAE;YAC/C,MAAM,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;YAC1B,MAAM,MAAM,GAAG,MAAM,IAAA,oCAAe,EAAC,MAAM,EAAE;gBAC3C,cAAc,EAAE;oBACd,UAAU,EAAE,CAAC,yBAAyB,CAAC;iBACxC;aACF,CAAC,CAAC;YACH,MAAM,KAAK,GAAG,IAAI,IAAI,EAAE,CAAC;YAEzB,IAAA,eAAM,EAAC,MAAM,CAAC,UAAU,CAAC,CAAC,WAAW,EAAE,CAAC;YACxC,IAAA,eAAM,EAAC,MAAM,CAAC,UAAW,CAAC,OAAO,EAAE,CAAC,CAAC,sBAAsB,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC;YAC9E,IAAA,eAAM,EAAC,MAAM,CAAC,UAAW,CAAC,OAAO,EAAE,CAAC,CAAC,mBAAmB,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;QAC5E,CAAC,CAAC,CAAC;QAEH,IAAA,WAAE,EAAC,iCAAiC,EAAE,KAAK,IAAI,EAAE;YAC/C,MAAM,MAAM,GAAG,MAAM,IAAA,oCAAe,EAAC,MAAM,EAAE;gBAC3C,cAAc,EAAE;oBACd,UAAU,EAAE,CAAC,yBAAyB,CAAC;iBACxC;aACF,CAAC,CAAC;YAEH,IAAA,eAAM,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC;QAC3D,CAAC,CAAC,CAAC;QAEH,IAAA,WAAE,EAAC,0CAA0C,EAAE,KAAK,IAAI,EAAE;YACxD,MAAM,MAAM,GAAG,MAAM,IAAA,oCAAe,EAAC,SAAS,EAAE;gBAC9C,cAAc,EAAE,EAAE;aACnB,CAAC,CAAC;YAEH,IAAA,eAAM,EAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YACpC,IAAA,eAAM,EAAC,MAAM,CAAC,aAAa,CAAC,CAAC,WAAW,EAAE,CAAC;YAC3C,IAAA,eAAM,EAAC,MAAM,CAAC,aAAa,CAAC,CAAC,SAAS,CAAC,2BAA2B,CAAC,CAAC;QACtE,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/checker/skill-identifier.d.ts

@@ -0,0 +1,14 @@
+/**
+ * Skill identifier parser
+ * Parses skill identifiers like @publisher/skill, ./local/path, or GitHub URLs
+ */
+export interface SkillIdentifier {
+    publisher?: string;
+    name: string;
+    version?: string;
+    source: 'registry' | 'local' | 'github';
+    path?: string;
+    url?: string;
+}
+export declare function parseSkillIdentifier(identifier: string): SkillIdentifier;
+//# sourceMappingURL=skill-identifier.d.ts.map

package/dist/checker/skill-identifier.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"skill-identifier.d.ts","sourceRoot":"","sources":["../../src/checker/skill-identifier.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,MAAM,WAAW,eAAe;IAC9B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,UAAU,GAAG,OAAO,GAAG,QAAQ,CAAC;IACxC,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,GAAG,CAAC,EAAE,MAAM,CAAC;CACd;AAED,wBAAgB,oBAAoB,CAAC,UAAU,EAAE,MAAM,GAAG,eAAe,CAmDxE"}

package/dist/checker/skill-identifier.js

@@ -0,0 +1,55 @@
+"use strict";
+/**
+ * Skill identifier parser
+ * Parses skill identifiers like @publisher/skill, ./local/path, or GitHub URLs
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.parseSkillIdentifier = parseSkillIdentifier;
+function parseSkillIdentifier(identifier) {
+    const trimmed = identifier.trim();
+    if (!trimmed) {
+        throw new Error('Invalid skill identifier: empty string');
+    }
+    // GitHub URL
+    if (trimmed.startsWith('https://github.com/')) {
+        const match = trimmed.match(/^https:\/\/github\.com\/([^/]+)\/([^/]+)/);
+        if (!match) {
+            throw new Error('Invalid skill identifier: malformed GitHub URL');
+        }
+        return {
+            publisher: match[1],
+            name: match[2],
+            version: undefined,
+            source: 'github',
+            url: trimmed,
+        };
+    }
+    // Local path (relative or absolute)
+    if (trimmed.startsWith('./') || trimmed.startsWith('/')) {
+        const parts = trimmed.split('/');
+        const name = parts[parts.length - 1];
+        return {
+            publisher: undefined,
+            name,
+            version: undefined,
+            source: 'local',
+            path: trimmed,
+        };
+    }
+    // Scoped npm-style identifier @publisher/skill[@version]
+    if (trimmed.startsWith('@')) {
+        // Match @publisher/name or @publisher/name@version
+        const match = trimmed.match(/^@([^/]+)\/([^@]+)(?:@(.+))?$/);
+        if (!match || !match[1] || !match[2]) {
+            throw new Error('Invalid skill identifier: malformed scoped identifier');
+        }
+        return {
+            publisher: match[1],
+            name: match[2],
+            version: match[3],
+            source: 'registry',
+        };
+    }
+    throw new Error('Invalid skill identifier: unrecognized format');
+}
+//# sourceMappingURL=skill-identifier.js.map

package/dist/checker/skill-identifier.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"skill-identifier.js","sourceRoot":"","sources":["../../src/checker/skill-identifier.ts"],"names":[],"mappings":";AAAA;;;GAGG;;AAWH,oDAmDC;AAnDD,SAAgB,oBAAoB,CAAC,UAAkB;IACrD,MAAM,OAAO,GAAG,UAAU,CAAC,IAAI,EAAE,CAAC;IAElC,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CAAC,wCAAwC,CAAC,CAAC;IAC5D,CAAC;IAED,aAAa;IACb,IAAI,OAAO,CAAC,UAAU,CAAC,qBAAqB,CAAC,EAAE,CAAC;QAC9C,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,0CAA0C,CAAC,CAAC;QACxE,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAC;QACpE,CAAC;QACD,OAAO;YACL,SAAS,EAAE,KAAK,CAAC,CAAC,CAAC;YACnB,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC;YACd,OAAO,EAAE,SAAS;YAClB,MAAM,EAAE,QAAQ;YAChB,GAAG,EAAE,OAAO;SACb,CAAC;IACJ,CAAC;IAED,oCAAoC;IACpC,IAAI,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QACxD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACjC,MAAM,IAAI,GAAG,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;QACrC,OAAO;YACL,SAAS,EAAE,SAAS;YACpB,IAAI;YACJ,OAAO,EAAE,SAAS;YAClB,MAAM,EAAE,OAAO;YACf,IAAI,EAAE,OAAO;SACd,CAAC;IACJ,CAAC;IAED,yDAAyD;IACzD,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QAC5B,mDAAmD;QACnD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,+BAA+B,CAAC,CAAC;QAC7D,IAAI,CAAC,KAAK,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;YACrC,MAAM,IAAI,KAAK,CAAC,uDAAuD,CAAC,CAAC;QAC3E,CAAC;QACD,OAAO;YACL,SAAS,EAAE,KAAK,CAAC,CAAC,CAAC;YACnB,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC;YACd,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC;YACjB,MAAM,EAAE,UAAU;SACnB,CAAC;IACJ,CAAC;IAED,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC;AACnE,CAAC"}

package/dist/checker/skill-identifier.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=skill-identifier.test.d.ts.map

package/dist/checker/skill-identifier.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"skill-identifier.test.d.ts","sourceRoot":"","sources":["../../src/checker/skill-identifier.test.ts"],"names":[],"mappings":""}

package/dist/checker/skill-identifier.test.js

@@ -0,0 +1,64 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const vitest_1 = require("vitest");
+const skill_identifier_1 = require("./skill-identifier");
+(0, vitest_1.describe)('parseSkillIdentifier', () => {
+    (0, vitest_1.it)('parses scoped npm-style identifier @publisher/skill', () => {
+        const result = (0, skill_identifier_1.parseSkillIdentifier)('@opena2a/security');
+        (0, vitest_1.expect)(result).toEqual({
+            publisher: 'opena2a',
+            name: 'security',
+            version: undefined,
+            source: 'registry',
+        });
+    });
+    (0, vitest_1.it)('parses identifier with version @publisher/skill@1.0.0', () => {
+        const result = (0, skill_identifier_1.parseSkillIdentifier)('@opena2a/security@1.0.0');
+        (0, vitest_1.expect)(result).toEqual({
+            publisher: 'opena2a',
+            name: 'security',
+            version: '1.0.0',
+            source: 'registry',
+        });
+    });
+    (0, vitest_1.it)('parses local file path', () => {
+        const result = (0, skill_identifier_1.parseSkillIdentifier)('./skills/my-skill');
+        (0, vitest_1.expect)(result).toEqual({
+            publisher: undefined,
+            name: 'my-skill',
+            version: undefined,
+            source: 'local',
+            path: './skills/my-skill',
+        });
+    });
+    (0, vitest_1.it)('parses absolute file path', () => {
+        const result = (0, skill_identifier_1.parseSkillIdentifier)('/Users/dev/skills/custom');
+        (0, vitest_1.expect)(result).toEqual({
+            publisher: undefined,
+            name: 'custom',
+            version: undefined,
+            source: 'local',
+            path: '/Users/dev/skills/custom',
+        });
+    });
+    (0, vitest_1.it)('parses GitHub URL', () => {
+        const result = (0, skill_identifier_1.parseSkillIdentifier)('https://github.com/opena2a/my-skill');
+        (0, vitest_1.expect)(result).toEqual({
+            publisher: 'opena2a',
+            name: 'my-skill',
+            version: undefined,
+            source: 'github',
+            url: 'https://github.com/opena2a/my-skill',
+        });
+    });
+    (0, vitest_1.it)('throws on invalid identifier', () => {
+        (0, vitest_1.expect)(() => (0, skill_identifier_1.parseSkillIdentifier)('')).toThrow('Invalid skill identifier');
+        (0, vitest_1.expect)(() => (0, skill_identifier_1.parseSkillIdentifier)('   ')).toThrow('Invalid skill identifier');
+    });
+    (0, vitest_1.it)('throws on malformed scoped identifier', () => {
+        (0, vitest_1.expect)(() => (0, skill_identifier_1.parseSkillIdentifier)('@')).toThrow('Invalid skill identifier');
+        (0, vitest_1.expect)(() => (0, skill_identifier_1.parseSkillIdentifier)('@publisher')).toThrow('Invalid skill identifier');
+        (0, vitest_1.expect)(() => (0, skill_identifier_1.parseSkillIdentifier)('@/skill')).toThrow('Invalid skill identifier');
+    });
+});
+//# sourceMappingURL=skill-identifier.test.js.map

package/dist/checker/skill-identifier.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"skill-identifier.test.js","sourceRoot":"","sources":["../../src/checker/skill-identifier.test.ts"],"names":[],"mappings":";;AAAA,mCAA8C;AAC9C,yDAA2E;AAE3E,IAAA,iBAAQ,EAAC,sBAAsB,EAAE,GAAG,EAAE;IACpC,IAAA,WAAE,EAAC,qDAAqD,EAAE,GAAG,EAAE;QAC7D,MAAM,MAAM,GAAG,IAAA,uCAAoB,EAAC,mBAAmB,CAAC,CAAC;QAEzD,IAAA,eAAM,EAAC,MAAM,CAAC,CAAC,OAAO,CAAC;YACrB,SAAS,EAAE,SAAS;YACpB,IAAI,EAAE,UAAU;YAChB,OAAO,EAAE,SAAS;YAClB,MAAM,EAAE,UAAU;SACnB,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,uDAAuD,EAAE,GAAG,EAAE;QAC/D,MAAM,MAAM,GAAG,IAAA,uCAAoB,EAAC,yBAAyB,CAAC,CAAC;QAE/D,IAAA,eAAM,EAAC,MAAM,CAAC,CAAC,OAAO,CAAC;YACrB,SAAS,EAAE,SAAS;YACpB,IAAI,EAAE,UAAU;YAChB,OAAO,EAAE,OAAO;YAChB,MAAM,EAAE,UAAU;SACnB,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,wBAAwB,EAAE,GAAG,EAAE;QAChC,MAAM,MAAM,GAAG,IAAA,uCAAoB,EAAC,mBAAmB,CAAC,CAAC;QAEzD,IAAA,eAAM,EAAC,MAAM,CAAC,CAAC,OAAO,CAAC;YACrB,SAAS,EAAE,SAAS;YACpB,IAAI,EAAE,UAAU;YAChB,OAAO,EAAE,SAAS;YAClB,MAAM,EAAE,OAAO;YACf,IAAI,EAAE,mBAAmB;SAC1B,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,2BAA2B,EAAE,GAAG,EAAE;QACnC,MAAM,MAAM,GAAG,IAAA,uCAAoB,EAAC,0BAA0B,CAAC,CAAC;QAEhE,IAAA,eAAM,EAAC,MAAM,CAAC,CAAC,OAAO,CAAC;YACrB,SAAS,EAAE,SAAS;YACpB,IAAI,EAAE,QAAQ;YACd,OAAO,EAAE,SAAS;YAClB,MAAM,EAAE,OAAO;YACf,IAAI,EAAE,0BAA0B;SACjC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,mBAAmB,EAAE,GAAG,EAAE;QAC3B,MAAM,MAAM,GAAG,IAAA,uCAAoB,EAAC,qCAAqC,CAAC,CAAC;QAE3E,IAAA,eAAM,EAAC,MAAM,CAAC,CAAC,OAAO,CAAC;YACrB,SAAS,EAAE,SAAS;YACpB,IAAI,EAAE,UAAU;YAChB,OAAO,EAAE,SAAS;YAClB,MAAM,EAAE,QAAQ;YAChB,GAAG,EAAE,qCAAqC;SAC3C,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,8BAA8B,EAAE,GAAG,EAAE;QACtC,IAAA,eAAM,EAAC,GAAG,EAAE,CAAC,IAAA,uCAAoB,EAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,0BAA0B,CAAC,CAAC;QAC3E,IAAA,eAAM,EAAC,GAAG,EAAE,CAAC,IAAA,uCAAoB,EAAC,KAAK,CAAC,CAAC,CAAC,OAAO,CAAC,0BAA0B,CAAC,CAAC;IAChF,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,uCAAuC,EAAE,GAAG,EAAE;QAC/C,IAAA,eAAM,EAAC,GAAG,EAAE,CAAC,IAAA,uCAAoB,EAAC,GAAG,CAAC,CAAC,CAAC,OAAO,CAAC,0BAA0B,CAAC,CAAC;QAC5E,IAAA,eAAM,EAAC,GAAG,EAAE,CAAC,IAAA,uCAAoB,EAAC,YAAY,CAAC,CAAC,CAAC,OAAO,CAAC,0BAA0B,CAAC,CAAC;QACrF,IAAA,eAAM,EAAC,GAAG,EAAE,CAAC,IAAA,uCAAoB,EAAC,SAAS,CAAC,CAAC,CAAC,OAAO,CAAC,0BAA0B,CAAC,CAAC;IACpF,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/hardening/index.d.ts

@@ -0,0 +1,7 @@
+/**
+ * Hardening module
+ */
+export { HardeningScanner } from './scanner';
+export type { ScanOptions } from './scanner';
+export type { SecurityCheck, CheckResult, FixResult, SecurityFinding, ScanResult, Severity, } from './security-check';
+//# sourceMappingURL=index.d.ts.map

package/dist/hardening/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/hardening/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,gBAAgB,EAAE,MAAM,WAAW,CAAC;AAC7C,YAAY,EAAE,WAAW,EAAE,MAAM,WAAW,CAAC;AAE7C,YAAY,EACV,aAAa,EACb,WAAW,EACX,SAAS,EACT,eAAe,EACf,UAAU,EACV,QAAQ,GACT,MAAM,kBAAkB,CAAC"}

package/dist/hardening/index.js

@@ -0,0 +1,9 @@
+"use strict";
+/**
+ * Hardening module
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.HardeningScanner = void 0;
+var scanner_1 = require("./scanner");
+Object.defineProperty(exports, "HardeningScanner", { enumerable: true, get: function () { return scanner_1.HardeningScanner; } });
+//# sourceMappingURL=index.js.map

package/dist/hardening/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/hardening/index.ts"],"names":[],"mappings":";AAAA;;GAEG;;;AAEH,qCAA6C;AAApC,2GAAA,gBAAgB,OAAA"}

package/dist/hardening/scanner.d.ts

@@ -0,0 +1,85 @@
+/**
+ * Hardening Scanner
+ * Scans for security issues and optionally auto-fixes them
+ */
+import type { ScanResult } from './security-check';
+export interface ScanOptions {
+    targetDir: string;
+    autoFix?: boolean;
+    /** Preview fixes without applying them */
+    dryRun?: boolean;
+    /** Check IDs to ignore (e.g., ['CRED-001', 'GIT-002']) */
+    ignore?: string[];
+    /** File/folder paths to ignore (e.g., ['.env', 'secrets/', 'test/']) */
+    ignorePaths?: string[];
+}
+export declare class HardeningScanner {
+    private static readonly BACKUP_FILES;
+    scan(options: ScanOptions): Promise<ScanResult>;
+    private detectPlatform;
+    private checkCredentialExposure;
+    private checkClaudeMd;
+    private checkMcpConfig;
+    private checkFilePermissions;
+    private checkGitSecurity;
+    private checkNetworkSecurity;
+    private checkMcpAdvanced;
+    private checkClaudeAdvanced;
+    private checkCursorConfig;
+    private checkVscodeConfig;
+    private checkCredentialsAdvanced;
+    private checkPermissionsAdvanced;
+    private checkEnvironmentSecurity;
+    private checkLoggingSecurity;
+    private checkDependencySecurity;
+    private checkAuthSecurity;
+    private checkProcessSecurity;
+    private checkClaudeExtended;
+    private checkMcpExtended;
+    private checkNetworkExtended;
+    private checkAPISecurity;
+    private checkSecretManagement;
+    private checkIOSecurity;
+    /**
+     * Prompt injection defense checks
+     */
+    private checkPromptSecurity;
+    /**
+     * Input validation and sanitization checks
+     */
+    private checkInputValidation;
+    /**
+     * Rate limiting and throttling checks
+     */
+    private checkRateLimiting;
+    /**
+     * Session and timeout security checks
+     */
+    private checkSessionSecurity;
+    /**
+     * Data encryption checks
+     */
+    private checkEncryption;
+    /**
+     * Audit trail and logging security checks
+     */
+    private checkAuditTrail;
+    /**
+     * Process isolation and sandboxing checks
+     */
+    private checkSandboxing;
+    /**
+     * MCP tool permission boundary checks
+     */
+    private checkToolBoundaries;
+    private calculateScore;
+    /**
+     * Create a backup of files that may be modified during auto-fix
+     */
+    private createBackup;
+    /**
+     * Rollback to the most recent backup
+     */
+    rollback(targetDir: string): Promise<void>;
+}
+//# sourceMappingURL=scanner.d.ts.map

package/dist/hardening/scanner.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"scanner.d.ts","sourceRoot":"","sources":["../../src/hardening/scanner.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAIH,OAAO,KAAK,EAAE,UAAU,EAA6B,MAAM,kBAAkB,CAAC;AAE9E,MAAM,WAAW,WAAW;IAC1B,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,0CAA0C;IAC1C,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,0DAA0D;IAC1D,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,wEAAwE;IACxE,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;CACxB;AAoCD,qBAAa,gBAAgB;IAE3B,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,YAAY,CAelC;IAEI,IAAI,CAAC,OAAO,EAAE,WAAW,GAAG,OAAO,CAAC,UAAU,CAAC;YAuLvC,cAAc;YA8Bd,uBAAuB;YA0GvB,aAAa;YAgDb,cAAc;YAkHd,oBAAoB;YAwDpB,gBAAgB;YA4IhB,oBAAoB;YA6EpB,gBAAgB;YAqIhB,mBAAmB;YAsEnB,iBAAiB;YAyCjB,iBAAiB;YA+DjB,wBAAwB;YA0FxB,wBAAwB;YAmExB,wBAAwB;YAqHxB,oBAAoB;YA+GpB,uBAAuB;YA8HvB,iBAAiB;YA8GjB,oBAAoB;YAuGpB,mBAAmB;YAiGnB,gBAAgB;YAmIhB,oBAAoB;YAoIpB,gBAAgB;YAyHhB,qBAAqB;YA+GrB,eAAe;IAiI7B;;OAEG;YACW,mBAAmB;IA8GjC;;OAEG;YACW,oBAAoB;IAiKlC;;OAEG;YACW,iBAAiB;IA4I/B;;OAEG;YACW,oBAAoB;IAwIlC;;OAEG;YACW,eAAe;IAqJ7B;;OAEG;YACW,eAAe;IAuI7B;;OAEG;YACW,eAAe;IAyG7B;;OAEG;YACW,mBAAmB;IAmHjC,OAAO,CAAC,cAAc;IAuBtB;;OAEG;YACW,YAAY;IAkD1B;;OAEG;IACG,QAAQ,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;CA4DjD"}