hackmyagent-core 0.3.2 → 0.3.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +2 -2
- package/dist/benchmarks/index.d.ts +1 -1
- package/dist/benchmarks/index.js +1 -1
- package/dist/benchmarks/oasb-1.d.ts +24 -7
- package/dist/benchmarks/oasb-1.d.ts.map +1 -1
- package/dist/benchmarks/oasb-1.js +582 -81
- package/dist/benchmarks/oasb-1.js.map +1 -1
- package/dist/index.d.ts +1 -1
- package/dist/index.js +1 -1
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -38,7 +38,7 @@ AI agents are powerful but introduce new attack surfaces. Skills can be maliciou
|
|
|
38
38
|
## Installation
|
|
39
39
|
|
|
40
40
|
```bash
|
|
41
|
-
# Use directly with npx
|
|
41
|
+
# Use directly with npx
|
|
42
42
|
npx hackmyagent secure
|
|
43
43
|
|
|
44
44
|
# Or install globally
|
|
@@ -193,7 +193,7 @@ hackmyagent attack --local --verbose
|
|
|
193
193
|
|
|
194
194
|
### `hackmyagent secure --benchmark`
|
|
195
195
|
|
|
196
|
-
Run the OASB-1 (
|
|
196
|
+
Run the OASB-1 (Open Agent Security Benchmark) against your agent configuration.
|
|
197
197
|
|
|
198
198
|
```bash
|
|
199
199
|
# Run benchmark (L1 by default)
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
/**
|
|
2
2
|
* Benchmarks module
|
|
3
|
-
* OASB (
|
|
3
|
+
* OASB (Open Agent Security Benchmark) implementations
|
|
4
4
|
*/
|
|
5
5
|
export { OASB_1_CATEGORIES, OASB_1_VERSION, OASB_1_NAME, getControlsForLevel, getControlsForCategory, getCheckIdsForLevel, calculateRating, } from './oasb-1';
|
|
6
6
|
export type { BenchmarkLevel, BenchmarkControl, BenchmarkCategory, BenchmarkResult, BenchmarkCategoryResult, BenchmarkControlResult, } from './oasb-1';
|
package/dist/benchmarks/index.js
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
/**
|
|
3
3
|
* Benchmarks module
|
|
4
|
-
* OASB (
|
|
4
|
+
* OASB (Open Agent Security Benchmark) implementations
|
|
5
5
|
*/
|
|
6
6
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
7
7
|
exports.AVAILABLE_BENCHMARKS = exports.calculateRating = exports.getCheckIdsForLevel = exports.getControlsForCategory = exports.getControlsForLevel = exports.OASB_1_NAME = exports.OASB_1_VERSION = exports.OASB_1_CATEGORIES = void 0;
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
/**
|
|
2
|
-
* OASB-1:
|
|
2
|
+
* OASB-1: Open Agent Security Benchmark
|
|
3
3
|
* Version 1.0.0
|
|
4
4
|
*
|
|
5
5
|
* Maps OASB-1 controls to HackMyAgent check IDs
|
|
@@ -11,15 +11,32 @@ export interface BenchmarkControl {
|
|
|
11
11
|
category: string;
|
|
12
12
|
level: BenchmarkLevel;
|
|
13
13
|
scored: boolean;
|
|
14
|
+
/** Detailed description of the control requirement */
|
|
14
15
|
description: string;
|
|
16
|
+
/** Why this control is important - threat context and risk */
|
|
17
|
+
rationale?: string;
|
|
18
|
+
/** Step-by-step instructions to verify compliance */
|
|
19
|
+
audit?: string;
|
|
20
|
+
/** Step-by-step instructions to implement the control */
|
|
21
|
+
remediation?: string;
|
|
22
|
+
/** Potential impact of implementing this control */
|
|
23
|
+
impact?: string;
|
|
24
|
+
/** Default value/state in most deployments */
|
|
25
|
+
defaultValue?: string;
|
|
15
26
|
/** HackMyAgent check IDs that verify this control */
|
|
16
27
|
checkIds: string[];
|
|
17
|
-
/** Control is automated
|
|
28
|
+
/** Control is automated, manual, or forward-looking */
|
|
18
29
|
verification: 'automated' | 'manual' | 'forward';
|
|
19
|
-
/**
|
|
20
|
-
|
|
21
|
-
/**
|
|
22
|
-
|
|
30
|
+
/** External references (OWASP, NIST, etc.) */
|
|
31
|
+
references?: string[];
|
|
32
|
+
/** Mapping to compliance frameworks */
|
|
33
|
+
frameworkMappings?: {
|
|
34
|
+
cisControls?: string[];
|
|
35
|
+
nistCsf?: string[];
|
|
36
|
+
owaspTop10?: string[];
|
|
37
|
+
iso27001?: string[];
|
|
38
|
+
soc2?: string[];
|
|
39
|
+
};
|
|
23
40
|
}
|
|
24
41
|
export interface BenchmarkCategory {
|
|
25
42
|
id: number;
|
|
@@ -91,5 +108,5 @@ export declare function getCheckIdsForLevel(level: BenchmarkLevel): string[];
|
|
|
91
108
|
*/
|
|
92
109
|
export declare function calculateRating(l1Compliance: number, l2Compliance: number, l3Compliance: number, level: BenchmarkLevel): BenchmarkResult['rating'];
|
|
93
110
|
export declare const OASB_1_VERSION = "1.0.0";
|
|
94
|
-
export declare const OASB_1_NAME = "OASB-1:
|
|
111
|
+
export declare const OASB_1_NAME = "OASB-1: Open Agent Security Benchmark";
|
|
95
112
|
//# sourceMappingURL=oasb-1.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oasb-1.d.ts","sourceRoot":"","sources":["../../src/benchmarks/oasb-1.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,MAAM,MAAM,cAAc,GAAG,IAAI,GAAG,IAAI,GAAG,IAAI,CAAC;AAEhD,MAAM,WAAW,gBAAgB;IAC/B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,cAAc,CAAC;IACtB,MAAM,EAAE,OAAO,CAAC;
|
|
1
|
+
{"version":3,"file":"oasb-1.d.ts","sourceRoot":"","sources":["../../src/benchmarks/oasb-1.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,MAAM,MAAM,cAAc,GAAG,IAAI,GAAG,IAAI,GAAG,IAAI,CAAC;AAEhD,MAAM,WAAW,gBAAgB;IAC/B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,cAAc,CAAC;IACtB,MAAM,EAAE,OAAO,CAAC;IAEhB,sDAAsD;IACtD,WAAW,EAAE,MAAM,CAAC;IAEpB,8DAA8D;IAC9D,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB,qDAAqD;IACrD,KAAK,CAAC,EAAE,MAAM,CAAC;IAEf,yDAAyD;IACzD,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB,oDAAoD;IACpD,MAAM,CAAC,EAAE,MAAM,CAAC;IAEhB,8CAA8C;IAC9C,YAAY,CAAC,EAAE,MAAM,CAAC;IAEtB,qDAAqD;IACrD,QAAQ,EAAE,MAAM,EAAE,CAAC;IAEnB,uDAAuD;IACvD,YAAY,EAAE,WAAW,GAAG,QAAQ,GAAG,SAAS,CAAC;IAEjD,8CAA8C;IAC9C,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;IAEtB,uCAAuC;IACvC,iBAAiB,CAAC,EAAE;QAClB,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;QACvB,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;QACnB,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;QACtB,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;QACpB,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;KACjB,CAAC;CACH;AAED,MAAM,WAAW,iBAAiB;IAChC,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,gBAAgB,EAAE,CAAC;CAC9B;AAED,MAAM,WAAW,eAAe;IAC9B,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,cAAc,CAAC;IACtB,SAAS,EAAE,IAAI,CAAC;IAChB,oCAAoC;IACpC,UAAU,EAAE,MAAM,CAAC;IACnB,+BAA+B;IAC/B,YAAY,EAAE,MAAM,CAAC;IACrB,6CAA6C;IAC7C,YAAY,EAAE,MAAM,CAAC;IACrB,gDAAgD;IAChD,YAAY,EAAE,MAAM,CAAC;IACrB,iCAAiC;IACjC,MAAM,EAAE,WAAW,GAAG,WAAW,GAAG,SAAS,GAAG,mBAAmB,GAAG,SAAS,CAAC;IAChF,UAAU,EAAE,uBAAuB,EAAE,CAAC;IACtC,6BAA6B;IAC7B,aAAa,EAAE,MAAM,CAAC;IACtB,2BAA2B;IAC3B,cAAc,EAAE,MAAM,CAAC;IACvB,2BAA2B;IAC3B,cAAc,EAAE,MAAM,CAAC;IACvB,0DAA0D;IAC1D,kBAAkB,EAAE,MAAM,CAAC;CAC5B;AAED,MAAM,WAAW,uBAAuB;IACtC,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,sBAAsB,EAAE,CAAC;CACpC;AAED,MAAM,WAAW,sBAAsB;IACrC,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,cAAc,CAAC;IACtB,MAAM,EAAE,QAAQ,GAAG,QAAQ,GAAG,YAAY,CAAC;IAC3C,2CAA2C;IAC3C,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,iCAAiC;IACjC,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED;;GAEG;AACH,eAAO,MAAM,iBAAiB,EAAE,iBAAiB,EA2sChD,CAAC;AAEF;;GAEG;AACH,wBAAgB,mBAAmB,CAAC,KAAK,EAAE,cAAc,GAAG,gBAAgB,EAAE,CAO7E;AAED;;GAEG;AACH,wBAAgB,sBAAsB,CAAC,YAAY,EAAE,MAAM,GAAG,gBAAgB,EAAE,CAK/E;AAED;;GAEG;AACH,wBAAgB,mBAAmB,CAAC,KAAK,EAAE,cAAc,GAAG,MAAM,EAAE,CASnE;AAED;;GAEG;AACH,wBAAgB,eAAe,CAC7B,YAAY,EAAE,MAAM,EACpB,YAAY,EAAE,MAAM,EACpB,YAAY,EAAE,MAAM,EACpB,KAAK,EAAE,cAAc,GACpB,eAAe,CAAC,QAAQ,CAAC,CAsB3B;AAED,eAAO,MAAM,cAAc,UAAU,CAAC;AACtC,eAAO,MAAM,WAAW,0CAA0C,CAAC"}
|