hackmyagent 0.10.0 → 0.11.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +111 -257
- package/dist/arp/index.d.ts +5 -1
- package/dist/arp/index.d.ts.map +1 -1
- package/dist/arp/index.js +38 -1
- package/dist/arp/index.js.map +1 -1
- package/dist/arp/monitors/skill-capability-monitor.d.ts +119 -0
- package/dist/arp/monitors/skill-capability-monitor.d.ts.map +1 -0
- package/dist/arp/monitors/skill-capability-monitor.js +258 -0
- package/dist/arp/monitors/skill-capability-monitor.js.map +1 -0
- package/dist/arp/telemetry/forwarder.d.ts +62 -0
- package/dist/arp/telemetry/forwarder.d.ts.map +1 -0
- package/dist/arp/telemetry/forwarder.js +106 -0
- package/dist/arp/telemetry/forwarder.js.map +1 -0
- package/dist/arp/telemetry/gtin.d.ts +87 -0
- package/dist/arp/telemetry/gtin.d.ts.map +1 -0
- package/dist/arp/telemetry/gtin.js +239 -0
- package/dist/arp/telemetry/gtin.js.map +1 -0
- package/dist/arp/telemetry/index.d.ts +6 -0
- package/dist/arp/telemetry/index.d.ts.map +1 -0
- package/dist/arp/telemetry/index.js +17 -0
- package/dist/arp/telemetry/index.js.map +1 -0
- package/dist/arp/types.d.ts +10 -0
- package/dist/arp/types.d.ts.map +1 -1
- package/dist/attack/index.d.ts +1 -1
- package/dist/attack/index.d.ts.map +1 -1
- package/dist/attack/index.js +5 -1
- package/dist/attack/index.js.map +1 -1
- package/dist/attack/payloads/context-window.d.ts +7 -0
- package/dist/attack/payloads/context-window.d.ts.map +1 -0
- package/dist/attack/payloads/context-window.js +110 -0
- package/dist/attack/payloads/context-window.js.map +1 -0
- package/dist/attack/payloads/index.d.ts +5 -1
- package/dist/attack/payloads/index.d.ts.map +1 -1
- package/dist/attack/payloads/index.js +17 -1
- package/dist/attack/payloads/index.js.map +1 -1
- package/dist/attack/payloads/memory-weaponization.d.ts +7 -0
- package/dist/attack/payloads/memory-weaponization.d.ts.map +1 -0
- package/dist/attack/payloads/memory-weaponization.js +110 -0
- package/dist/attack/payloads/memory-weaponization.js.map +1 -0
- package/dist/attack/payloads/supply-chain.d.ts +7 -0
- package/dist/attack/payloads/supply-chain.d.ts.map +1 -0
- package/dist/attack/payloads/supply-chain.js +110 -0
- package/dist/attack/payloads/supply-chain.js.map +1 -0
- package/dist/attack/payloads/tool-shadow.d.ts +8 -0
- package/dist/attack/payloads/tool-shadow.d.ts.map +1 -0
- package/dist/attack/payloads/tool-shadow.js +209 -0
- package/dist/attack/payloads/tool-shadow.js.map +1 -0
- package/dist/attack/scanner.d.ts.map +1 -1
- package/dist/attack/scanner.js +4 -0
- package/dist/attack/scanner.js.map +1 -1
- package/dist/attack/types.d.ts +1 -1
- package/dist/attack/types.d.ts.map +1 -1
- package/dist/attack/types.js +20 -0
- package/dist/attack/types.js.map +1 -1
- package/dist/checker/index.d.ts +2 -0
- package/dist/checker/index.d.ts.map +1 -1
- package/dist/checker/index.js +8 -1
- package/dist/checker/index.js.map +1 -1
- package/dist/checker/skill-dependency-graph.d.ts +55 -0
- package/dist/checker/skill-dependency-graph.d.ts.map +1 -0
- package/dist/checker/skill-dependency-graph.js +288 -0
- package/dist/checker/skill-dependency-graph.js.map +1 -0
- package/dist/cli.js +481 -66
- package/dist/cli.js.map +1 -1
- package/dist/hardening/index.d.ts +5 -0
- package/dist/hardening/index.d.ts.map +1 -1
- package/dist/hardening/index.js +11 -1
- package/dist/hardening/index.js.map +1 -1
- package/dist/hardening/scanner.d.ts +40 -0
- package/dist/hardening/scanner.d.ts.map +1 -1
- package/dist/hardening/scanner.js +988 -11
- package/dist/hardening/scanner.js.map +1 -1
- package/dist/hardening/security-check.d.ts +2 -0
- package/dist/hardening/security-check.d.ts.map +1 -1
- package/dist/hardening/skill-capability-validator.d.ts +31 -0
- package/dist/hardening/skill-capability-validator.d.ts.map +1 -0
- package/dist/hardening/skill-capability-validator.js +237 -0
- package/dist/hardening/skill-capability-validator.js.map +1 -0
- package/dist/hardening/skill-context.d.ts +22 -0
- package/dist/hardening/skill-context.d.ts.map +1 -0
- package/dist/hardening/skill-context.js +127 -0
- package/dist/hardening/skill-context.js.map +1 -0
- package/dist/hardening/taxonomy.d.ts +17 -0
- package/dist/hardening/taxonomy.d.ts.map +1 -0
- package/dist/hardening/taxonomy.js +152 -0
- package/dist/hardening/taxonomy.js.map +1 -0
- package/dist/index.d.ts +12 -4
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +36 -3
- package/dist/index.js.map +1 -1
- package/dist/plugins/credvault.js +2 -2
- package/dist/plugins/credvault.js.map +1 -1
- package/dist/plugins/secretless.d.ts +15 -0
- package/dist/plugins/secretless.d.ts.map +1 -0
- package/dist/plugins/secretless.js +199 -0
- package/dist/plugins/secretless.js.map +1 -0
- package/dist/plugins/signcrypt.js +2 -2
- package/dist/plugins/signcrypt.js.map +1 -1
- package/dist/plugins/skillguard.js +2 -2
- package/dist/plugins/skillguard.js.map +1 -1
- package/dist/registry/client.d.ts +1 -1
- package/dist/registry/client.d.ts.map +1 -1
- package/dist/registry/client.js +4 -1
- package/dist/registry/client.js.map +1 -1
- package/dist/registry/publish.d.ts.map +1 -1
- package/dist/registry/publish.js +7 -1
- package/dist/registry/publish.js.map +1 -1
- package/dist/resolve-mcp.d.ts +21 -0
- package/dist/resolve-mcp.d.ts.map +1 -0
- package/dist/resolve-mcp.js +42 -0
- package/dist/resolve-mcp.js.map +1 -0
- package/dist/scanner/external-scanner.d.ts.map +1 -1
- package/dist/scanner/external-scanner.js +48 -14
- package/dist/scanner/external-scanner.js.map +1 -1
- package/dist/scanner/types.d.ts +1 -0
- package/dist/scanner/types.d.ts.map +1 -1
- package/dist/soul/scanner.d.ts.map +1 -1
- package/dist/soul/scanner.js +2 -1
- package/dist/soul/scanner.js.map +1 -1
- package/dist/telemetry/contribute.d.ts +60 -0
- package/dist/telemetry/contribute.d.ts.map +1 -0
- package/dist/telemetry/contribute.js +169 -0
- package/dist/telemetry/contribute.js.map +1 -0
- package/dist/telemetry/index.d.ts +6 -0
- package/dist/telemetry/index.d.ts.map +1 -0
- package/dist/telemetry/index.js +18 -0
- package/dist/telemetry/index.js.map +1 -0
- package/dist/telemetry/opt-in.d.ts +46 -0
- package/dist/telemetry/opt-in.d.ts.map +1 -0
- package/dist/telemetry/opt-in.js +220 -0
- package/dist/telemetry/opt-in.js.map +1 -0
- package/package.json +9 -3
package/dist/arp/index.js
CHANGED
|
@@ -33,7 +33,7 @@ var __importStar = (this && this.__importStar) || (function () {
|
|
|
33
33
|
};
|
|
34
34
|
})();
|
|
35
35
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
36
|
-
exports.AgentRuntimeProtection = exports.PREMIUM_FEATURES = exports.registerLicenseValidator = exports.hasFeature = exports.checkLicense = exports.ARPProxy = exports.ALL_PATTERNS = exports.PATTERN_SETS = exports.scanText = exports.defaultConfig = exports.loadConfig = exports.LocalLogger = exports.EnforcementEngine = exports.A2AProtocolInterceptor = exports.MCPProtocolInterceptor = exports.PromptInterceptor = exports.FilesystemInterceptor = exports.NetworkInterceptor = exports.ProcessInterceptor = exports.FilesystemMonitor = exports.NetworkMonitor = exports.ProcessMonitor = exports.autoDetectAdapter = exports.createAdapter = exports.OllamaAdapter = exports.OpenAIAdapter = exports.AnthropicAdapter = exports.AnomalyDetector = exports.BudgetController = exports.IntelligenceCoordinator = exports.EventEngine = exports.VERSION = void 0;
|
|
36
|
+
exports.AgentRuntimeProtection = exports.mapEventType = exports.isAnomalousEvent = exports.submitGTINEvent = exports.buildGTINPayload = exports.generateSensorToken = exports.GTINForwarder = exports.PREMIUM_FEATURES = exports.registerLicenseValidator = exports.hasFeature = exports.checkLicense = exports.ARPProxy = exports.ALL_PATTERNS = exports.PATTERN_SETS = exports.scanText = exports.defaultConfig = exports.loadConfig = exports.LocalLogger = exports.EnforcementEngine = exports.A2AProtocolInterceptor = exports.MCPProtocolInterceptor = exports.PromptInterceptor = exports.FilesystemInterceptor = exports.NetworkInterceptor = exports.ProcessInterceptor = exports.parseDeclaredCapabilities = exports.createCapabilityMonitor = exports.SkillCapabilityMonitor = exports.FilesystemMonitor = exports.NetworkMonitor = exports.ProcessMonitor = exports.autoDetectAdapter = exports.createAdapter = exports.OllamaAdapter = exports.OpenAIAdapter = exports.AnthropicAdapter = exports.AnomalyDetector = exports.BudgetController = exports.IntelligenceCoordinator = exports.EventEngine = exports.VERSION = void 0;
|
|
37
37
|
exports.VERSION = '0.2.0';
|
|
38
38
|
// Re-export components
|
|
39
39
|
var event_engine_1 = require("./engine/event-engine");
|
|
@@ -56,6 +56,10 @@ var network_1 = require("./monitors/network");
|
|
|
56
56
|
Object.defineProperty(exports, "NetworkMonitor", { enumerable: true, get: function () { return network_1.NetworkMonitor; } });
|
|
57
57
|
var filesystem_1 = require("./monitors/filesystem");
|
|
58
58
|
Object.defineProperty(exports, "FilesystemMonitor", { enumerable: true, get: function () { return filesystem_1.FilesystemMonitor; } });
|
|
59
|
+
var skill_capability_monitor_1 = require("./monitors/skill-capability-monitor");
|
|
60
|
+
Object.defineProperty(exports, "SkillCapabilityMonitor", { enumerable: true, get: function () { return skill_capability_monitor_1.SkillCapabilityMonitor; } });
|
|
61
|
+
Object.defineProperty(exports, "createCapabilityMonitor", { enumerable: true, get: function () { return skill_capability_monitor_1.createCapabilityMonitor; } });
|
|
62
|
+
Object.defineProperty(exports, "parseDeclaredCapabilities", { enumerable: true, get: function () { return skill_capability_monitor_1.parseDeclaredCapabilities; } });
|
|
59
63
|
var process_2 = require("./interceptors/process");
|
|
60
64
|
Object.defineProperty(exports, "ProcessInterceptor", { enumerable: true, get: function () { return process_2.ProcessInterceptor; } });
|
|
61
65
|
var network_2 = require("./interceptors/network");
|
|
@@ -86,6 +90,14 @@ Object.defineProperty(exports, "checkLicense", { enumerable: true, get: function
|
|
|
86
90
|
Object.defineProperty(exports, "hasFeature", { enumerable: true, get: function () { return license_1.hasFeature; } });
|
|
87
91
|
Object.defineProperty(exports, "registerLicenseValidator", { enumerable: true, get: function () { return license_1.registerLicenseValidator; } });
|
|
88
92
|
Object.defineProperty(exports, "PREMIUM_FEATURES", { enumerable: true, get: function () { return license_1.PREMIUM_FEATURES; } });
|
|
93
|
+
// Re-export telemetry
|
|
94
|
+
var telemetry_1 = require("./telemetry");
|
|
95
|
+
Object.defineProperty(exports, "GTINForwarder", { enumerable: true, get: function () { return telemetry_1.GTINForwarder; } });
|
|
96
|
+
Object.defineProperty(exports, "generateSensorToken", { enumerable: true, get: function () { return telemetry_1.generateSensorToken; } });
|
|
97
|
+
Object.defineProperty(exports, "buildGTINPayload", { enumerable: true, get: function () { return telemetry_1.buildGTINPayload; } });
|
|
98
|
+
Object.defineProperty(exports, "submitGTINEvent", { enumerable: true, get: function () { return telemetry_1.submitGTINEvent; } });
|
|
99
|
+
Object.defineProperty(exports, "isAnomalousEvent", { enumerable: true, get: function () { return telemetry_1.isAnomalousEvent; } });
|
|
100
|
+
Object.defineProperty(exports, "mapEventType", { enumerable: true, get: function () { return telemetry_1.mapEventType; } });
|
|
89
101
|
const path = __importStar(require("path"));
|
|
90
102
|
const event_engine_2 = require("./engine/event-engine");
|
|
91
103
|
const coordinator_2 = require("./intelligence/coordinator");
|
|
@@ -101,6 +113,8 @@ const prompt_2 = require("./interceptors/prompt");
|
|
|
101
113
|
const mcp_protocol_2 = require("./interceptors/mcp-protocol");
|
|
102
114
|
const a2a_protocol_2 = require("./interceptors/a2a-protocol");
|
|
103
115
|
const loader_2 = require("./config/loader");
|
|
116
|
+
const forwarder_1 = require("./telemetry/forwarder");
|
|
117
|
+
const gtin_1 = require("./telemetry/gtin");
|
|
104
118
|
/**
|
|
105
119
|
* Agent Runtime Protection — the main entry point.
|
|
106
120
|
*
|
|
@@ -118,6 +132,7 @@ const loader_2 = require("./config/loader");
|
|
|
118
132
|
class AgentRuntimeProtection {
|
|
119
133
|
constructor(configOrPath) {
|
|
120
134
|
this.monitors = [];
|
|
135
|
+
this.gtinForwarder = null;
|
|
121
136
|
this.running = false;
|
|
122
137
|
if (typeof configOrPath === 'string') {
|
|
123
138
|
this.config = (0, loader_2.loadConfig)(configOrPath);
|
|
@@ -173,6 +188,20 @@ class AgentRuntimeProtection {
|
|
|
173
188
|
if (al?.a2a?.enabled) {
|
|
174
189
|
this.monitors.push(new a2a_protocol_2.A2AProtocolInterceptor(this.engine, al.a2a.trustedAgents));
|
|
175
190
|
}
|
|
191
|
+
// Create GTIN forwarder if opted in
|
|
192
|
+
if (this.config.gtin?.enabled) {
|
|
193
|
+
const sensorToken = this.config.gtin.sensorToken || (0, gtin_1.generateSensorToken)();
|
|
194
|
+
this.gtinForwarder = new forwarder_1.GTINForwarder({
|
|
195
|
+
enabled: true,
|
|
196
|
+
sensorToken,
|
|
197
|
+
registryUrl: this.config.gtin.registryUrl,
|
|
198
|
+
packageName: this.config.agentName,
|
|
199
|
+
});
|
|
200
|
+
// Subscribe forwarder to all events (it filters internally)
|
|
201
|
+
this.engine.onEvent((event) => {
|
|
202
|
+
this.gtinForwarder?.onEvent(event);
|
|
203
|
+
});
|
|
204
|
+
}
|
|
176
205
|
}
|
|
177
206
|
/** Start all monitors */
|
|
178
207
|
async start() {
|
|
@@ -181,6 +210,10 @@ class AgentRuntimeProtection {
|
|
|
181
210
|
for (const monitor of this.monitors) {
|
|
182
211
|
await monitor.start();
|
|
183
212
|
}
|
|
213
|
+
// Start GTIN forwarder if configured
|
|
214
|
+
if (this.gtinForwarder) {
|
|
215
|
+
this.gtinForwarder.start();
|
|
216
|
+
}
|
|
184
217
|
this.running = true;
|
|
185
218
|
}
|
|
186
219
|
/** Stop all monitors and flush logs */
|
|
@@ -190,6 +223,10 @@ class AgentRuntimeProtection {
|
|
|
190
223
|
for (const monitor of this.monitors) {
|
|
191
224
|
await monitor.stop();
|
|
192
225
|
}
|
|
226
|
+
// Flush and shutdown GTIN forwarder
|
|
227
|
+
if (this.gtinForwarder) {
|
|
228
|
+
await this.gtinForwarder.shutdown();
|
|
229
|
+
}
|
|
193
230
|
await this.intelligence.stop();
|
|
194
231
|
this.running = false;
|
|
195
232
|
}
|
package/dist/arp/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/arp/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAa,QAAA,OAAO,GAAG,OAAO,CAAC;
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/arp/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAa,QAAA,OAAO,GAAG,OAAO,CAAC;AA4B/B,uBAAuB;AACvB,sDAAoD;AAA3C,2GAAA,WAAW,OAAA;AACpB,0DAAqE;AAA5D,sHAAA,uBAAuB,OAAA;AAChC,gDAAyD;AAAhD,0GAAA,gBAAgB,OAAA;AACzB,kDAAyD;AAAhD,0GAAA,eAAe,OAAA;AACxB,oDAA2H;AAAlH,4GAAA,gBAAgB,OAAA;AAAE,yGAAA,aAAa,OAAA;AAAE,yGAAA,aAAa,OAAA;AAAE,yGAAA,aAAa,OAAA;AAAE,6GAAA,iBAAiB,OAAA;AACzF,8CAAoD;AAA3C,yGAAA,cAAc,OAAA;AACvB,8CAAoD;AAA3C,yGAAA,cAAc,OAAA;AACvB,oDAA0D;AAAjD,+GAAA,iBAAiB,OAAA;AAC1B,gFAAiI;AAAxH,kIAAA,sBAAsB,OAAA;AAAE,mIAAA,uBAAuB,OAAA;AAAE,qIAAA,yBAAyB,OAAA;AAEnF,kDAA4D;AAAnD,6GAAA,kBAAkB,OAAA;AAC3B,kDAA4D;AAAnD,6GAAA,kBAAkB,OAAA;AAC3B,wDAAkE;AAAzD,mHAAA,qBAAqB,OAAA;AAC9B,gDAA0D;AAAjD,2GAAA,iBAAiB,OAAA;AAC1B,4DAAqE;AAA5D,sHAAA,sBAAsB,OAAA;AAC/B,4DAAqE;AAA5D,sHAAA,sBAAsB,OAAA;AAC/B,yDAAkF;AAAzE,gHAAA,iBAAiB,OAAA;AAC1B,mDAAoD;AAA3C,wGAAA,WAAW,OAAA;AACpB,0CAA4D;AAAnD,oGAAA,UAAU,OAAA;AAAE,uGAAA,aAAa,OAAA;AAClC,oDAAkH;AAAzG,sGAAA,QAAQ,OAAA;AAAE,0GAAA,YAAY,OAAA;AAAE,0GAAA,YAAY,OAAA;AAC7C,yCAA6D;AAApD,kGAAA,QAAQ,OAAA;AACjB,qCAOmB;AANjB,uGAAA,YAAY,OAAA;AACZ,qGAAA,UAAU,OAAA;AACV,mHAAA,wBAAwB,OAAA;AACxB,2GAAA,gBAAgB,OAAA;AAKlB,sBAAsB;AACtB,yCAYqB;AAXnB,0GAAA,aAAa,OAAA;AACb,gHAAA,mBAAmB,OAAA;AACnB,6GAAA,gBAAgB,OAAA;AAChB,4GAAA,eAAe,OAAA;AACf,6GAAA,gBAAgB,OAAA;AAChB,yGAAA,YAAY,OAAA;AAQd,2CAA6B;AAE7B,wDAAoD;AACpD,4DAAqE;AACrE,2DAAkF;AAClF,qDAAoD;AACpD,gDAAoD;AACpD,gDAAoD;AACpD,sDAA0D;AAC1D,oDAA4D;AAC5D,oDAA4D;AAC5D,0DAAkE;AAClE,kDAA0D;AAC1D,8DAAqE;AACrE,8DAAqE;AACrE,4CAA6C;AAC7C,qDAAsD;AACtD,2CAAuD;AAEvD;;;;;;;;;;;;;GAaG;AACH,MAAa,sBAAsB;IAUjC,YAAY,YAAiC;QAJ5B,aAAQ,GAAc,EAAE,CAAC;QAClC,kBAAa,GAAyB,IAAI,CAAC;QAC3C,YAAO,GAAG,KAAK,CAAC;QAGtB,IAAI,OAAO,YAAY,KAAK,QAAQ,EAAE,CAAC;YACrC,IAAI,CAAC,MAAM,GAAG,IAAA,mBAAU,EAAC,YAAY,CAAC,CAAC;QACzC,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,MAAM,GAAG,YAAY,IAAI,IAAA,mBAAU,GAAE,CAAC;QAC7C,CAAC;QAED,MAAM,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC,OAAO,IAAI,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,UAAU,EAAE,KAAK,CAAC,CAAC;QAEnF,IAAI,CAAC,MAAM,GAAG,IAAI,0BAAW,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAC3C,IAAI,CAAC,YAAY,GAAG,IAAI,qCAAuB,CAAC,IAAI,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QACtE,IAAI,CAAC,WAAW,GAAG,IAAI,+BAAiB,EAAE,CAAC;QAC3C,IAAI,CAAC,MAAM,GAAG,IAAI,uBAAW,CAAC,OAAO,CAAC,CAAC;QAEvC,0CAA0C;QAC1C,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,KAAK,EAAE,EAAE;YAClC,MAAM,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;YACvC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;QAC9B,CAAC,CAAC,CAAC;QAEH,gCAAgC;QAChC,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;YACzC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC;YAC7E,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;QACvC,CAAC,CAAC,CAAC;QAEH,kCAAkC;QAClC,MAAM,EAAE,GAAG,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC;QAChC,IAAI,EAAE,EAAE,OAAO,EAAE,OAAO,KAAK,KAAK,EAAE,CAAC;YACnC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,wBAAc,CAAC,IAAI,CAAC,MAAM,EAAE,EAAE,EAAE,OAAO,EAAE,UAAU,CAAC,CAAC,CAAC;QAC/E,CAAC;QACD,IAAI,EAAE,EAAE,OAAO,EAAE,OAAO,KAAK,KAAK,EAAE,CAAC;YACnC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,wBAAc,CAAC,IAAI,CAAC,MAAM,EAAE,EAAE,EAAE,OAAO,EAAE,UAAU,EAAE,EAAE,EAAE,OAAO,EAAE,YAAY,CAAC,CAAC,CAAC;QAC1G,CAAC;QACD,IAAI,EAAE,EAAE,UAAU,EAAE,OAAO,KAAK,KAAK,EAAE,CAAC;YACtC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,8BAAiB,CAAC,IAAI,CAAC,MAAM,EAAE,EAAE,EAAE,UAAU,EAAE,UAAU,EAAE,EAAE,EAAE,UAAU,EAAE,YAAY,CAAC,CAAC,CAAC;QACnH,CAAC;QAED,8EAA8E;QAC9E,MAAM,EAAE,GAAG,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC;QACpC,IAAI,EAAE,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC;YACzB,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,4BAAkB,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC;QAC1D,CAAC;QACD,IAAI,EAAE,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC;YACzB,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,4BAAkB,CAAC,IAAI,CAAC,MAAM,EAAE,EAAE,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC,CAAC;QACnF,CAAC;QACD,IAAI,EAAE,EAAE,UAAU,EAAE,OAAO,EAAE,CAAC;YAC5B,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,kCAAqB,CAAC,IAAI,CAAC,MAAM,EAAE,EAAE,CAAC,UAAU,CAAC,YAAY,EAAE,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;QACpG,CAAC;QAED,+BAA+B;QAC/B,MAAM,EAAE,GAAG,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC;QAC/B,IAAI,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC;YACxB,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,0BAAiB,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC;QACzD,CAAC;QACD,IAAI,EAAE,EAAE,GAAG,EAAE,OAAO,EAAE,CAAC;YACrB,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,qCAAsB,CAAC,IAAI,CAAC,MAAM,EAAE,EAAE,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC,CAAC;QACnF,CAAC;QACD,IAAI,EAAE,EAAE,GAAG,EAAE,OAAO,EAAE,CAAC;YACrB,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,qCAAsB,CAAC,IAAI,CAAC,MAAM,EAAE,EAAE,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC,CAAC;QACpF,CAAC;QAED,oCAAoC;QACpC,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,OAAO,EAAE,CAAC;YAC9B,MAAM,WAAW,GAAG,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,IAAI,IAAA,0BAAmB,GAAE,CAAC;YAC1E,IAAI,CAAC,aAAa,GAAG,IAAI,yBAAa,CAAC;gBACrC,OAAO,EAAE,IAAI;gBACb,WAAW;gBACX,WAAW,EAAE,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW;gBACzC,WAAW,EAAE,IAAI,CAAC,MAAM,CAAC,SAAS;aACnC,CAAC,CAAC;YAEH,4DAA4D;YAC5D,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,EAAE;gBAC5B,IAAI,CAAC,aAAa,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC;YACrC,CAAC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,yBAAyB;IACzB,KAAK,CAAC,KAAK;QACT,IAAI,IAAI,CAAC,OAAO;YAAE,OAAO;QAEzB,KAAK,MAAM,OAAO,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YACpC,MAAM,OAAO,CAAC,KAAK,EAAE,CAAC;QACxB,CAAC;QAED,qCAAqC;QACrC,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;YACvB,IAAI,CAAC,aAAa,CAAC,KAAK,EAAE,CAAC;QAC7B,CAAC;QAED,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC;IACtB,CAAC;IAED,uCAAuC;IACvC,KAAK,CAAC,IAAI;QACR,IAAI,CAAC,IAAI,CAAC,OAAO;YAAE,OAAO;QAE1B,KAAK,MAAM,OAAO,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YACpC,MAAM,OAAO,CAAC,IAAI,EAAE,CAAC;QACvB,CAAC;QAED,oCAAoC;QACpC,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;YACvB,MAAM,IAAI,CAAC,aAAa,CAAC,QAAQ,EAAE,CAAC;QACtC,CAAC;QAED,MAAM,IAAI,CAAC,YAAY,CAAC,IAAI,EAAE,CAAC;QAC/B,IAAI,CAAC,OAAO,GAAG,KAAK,CAAC;IACvB,CAAC;IAED,8BAA8B;IAC9B,SAAS;QACP,OAAO,IAAI,CAAC,OAAO,CAAC;IACtB,CAAC;IAED,yBAAyB;IACzB,SAAS;QAMP,OAAO;YACL,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,QAAQ,EAAE,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;YAC9E,MAAM,EAAE,IAAI,CAAC,YAAY,CAAC,eAAe,EAAE;YAC3C,UAAU,EAAE,IAAI,CAAC,WAAW,CAAC,aAAa,EAAE;SAC7C,CAAC;IACJ,CAAC;IAED,wBAAwB;IACxB,SAAS,CAAC,KAAc;QACtB,OAAO,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;IACvC,CAAC;IAED,8BAA8B;IAC9B,MAAM,CAAC,GAAW;QAChB,OAAO,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IACtC,CAAC;IAED,oFAAoF;IACpF,OAAO,CAAC,OAAkD;QACxD,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;IAC/B,CAAC;IAED,2CAA2C;IAC3C,aAAa,CAAC,OAA8E;QAC1F,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC;IACrC,CAAC;IAED,wDAAwD;IACxD,gBAAgB,CAAC,QAAuB;QACtC,IAAI,CAAC,WAAW,CAAC,gBAAgB,CAAC,QAAQ,CAAC,CAAC;IAC9C,CAAC;IAED,qDAAqD;IACrD,SAAS;QACP,OAAO,IAAI,CAAC,MAAM,CAAC;IACrB,CAAC;IAED,sDAAsD;IACtD,cAAc;QACZ,OAAO,IAAI,CAAC,WAAW,CAAC;IAC1B,CAAC;CACF;AAhLD,wDAgLC"}
|
|
@@ -0,0 +1,119 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Skill Capability Monitor
|
|
3
|
+
*
|
|
4
|
+
* Tracks runtime behavior of skills and compares against declared capabilities.
|
|
5
|
+
* Generates findings when skills exceed their declared permissions:
|
|
6
|
+
* - SKILL-013: Permission overreach (action not declared in capabilities)
|
|
7
|
+
* - SKILL-014: Undeclared network access (network call not listed in permissions)
|
|
8
|
+
*/
|
|
9
|
+
import type { Monitor, MonitorType } from '../types';
|
|
10
|
+
import type { EventEngine } from '../engine/event-engine';
|
|
11
|
+
export interface DeclaredCapabilities {
|
|
12
|
+
/** Skill name */
|
|
13
|
+
name: string;
|
|
14
|
+
/** Declared filesystem paths the skill is allowed to access */
|
|
15
|
+
fileAccess: string[];
|
|
16
|
+
/** Declared network hosts/URLs the skill is allowed to contact */
|
|
17
|
+
networkAccess: string[];
|
|
18
|
+
/** Declared tools the skill is allowed to invoke */
|
|
19
|
+
tools: string[];
|
|
20
|
+
/** Declared credential scopes the skill may use */
|
|
21
|
+
credentials: string[];
|
|
22
|
+
}
|
|
23
|
+
export interface ObservedBehavior {
|
|
24
|
+
/** Filesystem paths accessed at runtime */
|
|
25
|
+
fileAccesses: Array<{
|
|
26
|
+
path: string;
|
|
27
|
+
operation: string;
|
|
28
|
+
timestamp: string;
|
|
29
|
+
}>;
|
|
30
|
+
/** Network calls made at runtime */
|
|
31
|
+
networkCalls: Array<{
|
|
32
|
+
host: string;
|
|
33
|
+
port?: number;
|
|
34
|
+
protocol?: string;
|
|
35
|
+
timestamp: string;
|
|
36
|
+
}>;
|
|
37
|
+
/** Tools invoked at runtime */
|
|
38
|
+
toolUses: Array<{
|
|
39
|
+
tool: string;
|
|
40
|
+
timestamp: string;
|
|
41
|
+
}>;
|
|
42
|
+
/** Credentials accessed at runtime */
|
|
43
|
+
credentialAccesses: Array<{
|
|
44
|
+
scope: string;
|
|
45
|
+
timestamp: string;
|
|
46
|
+
}>;
|
|
47
|
+
}
|
|
48
|
+
export interface CapabilityViolation {
|
|
49
|
+
/** Finding ID (SKILL-013 or SKILL-014) */
|
|
50
|
+
id: string;
|
|
51
|
+
/** Type of violation */
|
|
52
|
+
type: 'permission-overreach' | 'undeclared-network';
|
|
53
|
+
/** Description of the violation */
|
|
54
|
+
description: string;
|
|
55
|
+
/** What was observed */
|
|
56
|
+
observed: string;
|
|
57
|
+
/** Timestamp of the violation */
|
|
58
|
+
timestamp: string;
|
|
59
|
+
}
|
|
60
|
+
/**
|
|
61
|
+
* Parse declared capabilities from SKILL.md content.
|
|
62
|
+
* Extracts permissions, network access, tools, and credential scopes from YAML frontmatter.
|
|
63
|
+
*/
|
|
64
|
+
export declare function parseDeclaredCapabilities(skillMd: string): DeclaredCapabilities;
|
|
65
|
+
/**
|
|
66
|
+
* Create a skill capability monitor that tracks runtime behavior
|
|
67
|
+
* and compares it against declared capabilities.
|
|
68
|
+
*/
|
|
69
|
+
export declare function createCapabilityMonitor(declared: DeclaredCapabilities): SkillCapabilityMonitor;
|
|
70
|
+
/**
|
|
71
|
+
* Skill Capability Monitor
|
|
72
|
+
*
|
|
73
|
+
* Records runtime actions and detects capability violations.
|
|
74
|
+
* Can operate standalone or integrated with the ARP event engine.
|
|
75
|
+
*/
|
|
76
|
+
export declare class SkillCapabilityMonitor implements Monitor {
|
|
77
|
+
readonly type: MonitorType;
|
|
78
|
+
private readonly declared;
|
|
79
|
+
private readonly observed;
|
|
80
|
+
private readonly violations;
|
|
81
|
+
private engine;
|
|
82
|
+
private running;
|
|
83
|
+
constructor(declared: DeclaredCapabilities, engine?: EventEngine);
|
|
84
|
+
start(): Promise<void>;
|
|
85
|
+
stop(): Promise<void>;
|
|
86
|
+
isRunning(): boolean;
|
|
87
|
+
/**
|
|
88
|
+
* Record a file access event and check against declared capabilities.
|
|
89
|
+
*/
|
|
90
|
+
recordFileAccess(filePath: string, operation?: string): void;
|
|
91
|
+
/**
|
|
92
|
+
* Record a network call event and check against declared capabilities.
|
|
93
|
+
*/
|
|
94
|
+
recordNetworkCall(host: string, port?: number, protocol?: string): void;
|
|
95
|
+
/**
|
|
96
|
+
* Record a tool invocation and check against declared capabilities.
|
|
97
|
+
*/
|
|
98
|
+
recordToolUse(tool: string): void;
|
|
99
|
+
/**
|
|
100
|
+
* Record a credential access and check against declared capabilities.
|
|
101
|
+
*/
|
|
102
|
+
recordCredentialAccess(scope: string): void;
|
|
103
|
+
/**
|
|
104
|
+
* Get all recorded violations as findings.
|
|
105
|
+
*/
|
|
106
|
+
getViolations(): CapabilityViolation[];
|
|
107
|
+
/**
|
|
108
|
+
* Get observed behavior summary.
|
|
109
|
+
*/
|
|
110
|
+
getObserved(): ObservedBehavior;
|
|
111
|
+
/**
|
|
112
|
+
* Reset all recorded observations and violations.
|
|
113
|
+
*/
|
|
114
|
+
reset(): void;
|
|
115
|
+
private isFileAccessAllowed;
|
|
116
|
+
private isNetworkAccessAllowed;
|
|
117
|
+
private emitViolation;
|
|
118
|
+
}
|
|
119
|
+
//# sourceMappingURL=skill-capability-monitor.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"skill-capability-monitor.d.ts","sourceRoot":"","sources":["../../../src/arp/monitors/skill-capability-monitor.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAE,OAAO,EAAE,WAAW,EAAE,MAAM,UAAU,CAAC;AACrD,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,wBAAwB,CAAC;AAI1D,MAAM,WAAW,oBAAoB;IACnC,iBAAiB;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,+DAA+D;IAC/D,UAAU,EAAE,MAAM,EAAE,CAAC;IACrB,kEAAkE;IAClE,aAAa,EAAE,MAAM,EAAE,CAAC;IACxB,oDAAoD;IACpD,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB,mDAAmD;IACnD,WAAW,EAAE,MAAM,EAAE,CAAC;CACvB;AAED,MAAM,WAAW,gBAAgB;IAC/B,2CAA2C;IAC3C,YAAY,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAC5E,oCAAoC;IACpC,YAAY,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,CAAC,EAAE,MAAM,CAAC;QAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAC3F,+BAA+B;IAC/B,QAAQ,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IACrD,sCAAsC;IACtC,kBAAkB,EAAE,KAAK,CAAC;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;CACjE;AAED,MAAM,WAAW,mBAAmB;IAClC,0CAA0C;IAC1C,EAAE,EAAE,MAAM,CAAC;IACX,wBAAwB;IACxB,IAAI,EAAE,sBAAsB,GAAG,oBAAoB,CAAC;IACpD,mCAAmC;IACnC,WAAW,EAAE,MAAM,CAAC;IACpB,wBAAwB;IACxB,QAAQ,EAAE,MAAM,CAAC;IACjB,iCAAiC;IACjC,SAAS,EAAE,MAAM,CAAC;CACnB;AAID;;;GAGG;AACH,wBAAgB,yBAAyB,CAAC,OAAO,EAAE,MAAM,GAAG,oBAAoB,CA+B/E;AAgCD;;;GAGG;AACH,wBAAgB,uBAAuB,CAAC,QAAQ,EAAE,oBAAoB,GAAG,sBAAsB,CAE9F;AAED;;;;;GAKG;AACH,qBAAa,sBAAuB,YAAW,OAAO;IACpD,QAAQ,CAAC,IAAI,EAAE,WAAW,CAAW;IACrC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAuB;IAChD,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAmB;IAC5C,OAAO,CAAC,QAAQ,CAAC,UAAU,CAA6B;IACxD,OAAO,CAAC,MAAM,CAA4B;IAC1C,OAAO,CAAC,OAAO,CAAS;gBAEZ,QAAQ,EAAE,oBAAoB,EAAE,MAAM,CAAC,EAAE,WAAW;IAW1D,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAItB,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;IAI3B,SAAS,IAAI,OAAO;IAIpB;;OAEG;IACH,gBAAgB,CAAC,QAAQ,EAAE,MAAM,EAAE,SAAS,GAAE,MAAe,GAAG,IAAI;IAkBpE;;OAEG;IACH,iBAAiB,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,IAAI;IAkBvE;;OAEG;IACH,aAAa,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI;IAoBjC;;OAEG;IACH,sBAAsB,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI;IAoB3C;;OAEG;IACH,aAAa,IAAI,mBAAmB,EAAE;IAItC;;OAEG;IACH,WAAW,IAAI,gBAAgB;IAS/B;;OAEG;IACH,KAAK,IAAI,IAAI;IAUb,OAAO,CAAC,mBAAmB;IAc3B,OAAO,CAAC,sBAAsB;IAU9B,OAAO,CAAC,aAAa;CAmBtB"}
|
|
@@ -0,0 +1,258 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* Skill Capability Monitor
|
|
4
|
+
*
|
|
5
|
+
* Tracks runtime behavior of skills and compares against declared capabilities.
|
|
6
|
+
* Generates findings when skills exceed their declared permissions:
|
|
7
|
+
* - SKILL-013: Permission overreach (action not declared in capabilities)
|
|
8
|
+
* - SKILL-014: Undeclared network access (network call not listed in permissions)
|
|
9
|
+
*/
|
|
10
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
11
|
+
exports.SkillCapabilityMonitor = void 0;
|
|
12
|
+
exports.parseDeclaredCapabilities = parseDeclaredCapabilities;
|
|
13
|
+
exports.createCapabilityMonitor = createCapabilityMonitor;
|
|
14
|
+
// --- Capability Parsing ---
|
|
15
|
+
/**
|
|
16
|
+
* Parse declared capabilities from SKILL.md content.
|
|
17
|
+
* Extracts permissions, network access, tools, and credential scopes from YAML frontmatter.
|
|
18
|
+
*/
|
|
19
|
+
function parseDeclaredCapabilities(skillMd) {
|
|
20
|
+
const capabilities = {
|
|
21
|
+
name: '',
|
|
22
|
+
fileAccess: [],
|
|
23
|
+
networkAccess: [],
|
|
24
|
+
tools: [],
|
|
25
|
+
credentials: [],
|
|
26
|
+
};
|
|
27
|
+
// Extract frontmatter
|
|
28
|
+
const frontmatterMatch = skillMd.match(/^---\s*\n([\s\S]*?)\n---/);
|
|
29
|
+
if (!frontmatterMatch)
|
|
30
|
+
return capabilities;
|
|
31
|
+
const frontmatter = frontmatterMatch[1];
|
|
32
|
+
// Parse name
|
|
33
|
+
const nameMatch = frontmatter.match(/^name:\s*(.+)$/m);
|
|
34
|
+
if (nameMatch) {
|
|
35
|
+
capabilities.name = nameMatch[1].trim().replace(/^["']|["']$/g, '');
|
|
36
|
+
}
|
|
37
|
+
// Parse permissions/capabilities sections (try primary field name, fall back to alternate)
|
|
38
|
+
const fileAccess = parseYamlList(frontmatter, 'file_access');
|
|
39
|
+
capabilities.fileAccess = fileAccess.length > 0 ? fileAccess : parseYamlList(frontmatter, 'filesystem');
|
|
40
|
+
const networkAccess = parseYamlList(frontmatter, 'network_access');
|
|
41
|
+
capabilities.networkAccess = networkAccess.length > 0 ? networkAccess : parseYamlList(frontmatter, 'network');
|
|
42
|
+
capabilities.tools = parseYamlList(frontmatter, 'tools');
|
|
43
|
+
const credentials = parseYamlList(frontmatter, 'credentials');
|
|
44
|
+
capabilities.credentials = credentials.length > 0 ? credentials : parseYamlList(frontmatter, 'credential_scopes');
|
|
45
|
+
return capabilities;
|
|
46
|
+
}
|
|
47
|
+
/**
|
|
48
|
+
* Parse a simple YAML list from frontmatter.
|
|
49
|
+
*/
|
|
50
|
+
function parseYamlList(frontmatter, field) {
|
|
51
|
+
// Inline format: field: [a, b, c]
|
|
52
|
+
const inlineMatch = frontmatter.match(new RegExp(`^${field}:\\s*\\[([^\\]]*)]`, 'm'));
|
|
53
|
+
if (inlineMatch) {
|
|
54
|
+
return inlineMatch[1]
|
|
55
|
+
.split(',')
|
|
56
|
+
.map((item) => item.trim().replace(/^["']|["']$/g, ''))
|
|
57
|
+
.filter((item) => item.length > 0);
|
|
58
|
+
}
|
|
59
|
+
// Block format
|
|
60
|
+
const blockMatch = frontmatter.match(new RegExp(`^${field}:\\s*\\n((?:\\s+-\\s+.+\\n?)*)`, 'm'));
|
|
61
|
+
if (blockMatch) {
|
|
62
|
+
return blockMatch[1]
|
|
63
|
+
.split('\n')
|
|
64
|
+
.map((line) => {
|
|
65
|
+
const itemMatch = line.match(/^\s+-\s+(.+)/);
|
|
66
|
+
return itemMatch ? itemMatch[1].trim().replace(/^["']|["']$/g, '') : '';
|
|
67
|
+
})
|
|
68
|
+
.filter((item) => item.length > 0);
|
|
69
|
+
}
|
|
70
|
+
return [];
|
|
71
|
+
}
|
|
72
|
+
// --- Monitor ---
|
|
73
|
+
/**
|
|
74
|
+
* Create a skill capability monitor that tracks runtime behavior
|
|
75
|
+
* and compares it against declared capabilities.
|
|
76
|
+
*/
|
|
77
|
+
function createCapabilityMonitor(declared) {
|
|
78
|
+
return new SkillCapabilityMonitor(declared);
|
|
79
|
+
}
|
|
80
|
+
/**
|
|
81
|
+
* Skill Capability Monitor
|
|
82
|
+
*
|
|
83
|
+
* Records runtime actions and detects capability violations.
|
|
84
|
+
* Can operate standalone or integrated with the ARP event engine.
|
|
85
|
+
*/
|
|
86
|
+
class SkillCapabilityMonitor {
|
|
87
|
+
constructor(declared, engine) {
|
|
88
|
+
this.type = 'skill';
|
|
89
|
+
this.violations = [];
|
|
90
|
+
this.engine = null;
|
|
91
|
+
this.running = false;
|
|
92
|
+
this.declared = declared;
|
|
93
|
+
this.engine = engine ?? null;
|
|
94
|
+
this.observed = {
|
|
95
|
+
fileAccesses: [],
|
|
96
|
+
networkCalls: [],
|
|
97
|
+
toolUses: [],
|
|
98
|
+
credentialAccesses: [],
|
|
99
|
+
};
|
|
100
|
+
}
|
|
101
|
+
async start() {
|
|
102
|
+
this.running = true;
|
|
103
|
+
}
|
|
104
|
+
async stop() {
|
|
105
|
+
this.running = false;
|
|
106
|
+
}
|
|
107
|
+
isRunning() {
|
|
108
|
+
return this.running;
|
|
109
|
+
}
|
|
110
|
+
/**
|
|
111
|
+
* Record a file access event and check against declared capabilities.
|
|
112
|
+
*/
|
|
113
|
+
recordFileAccess(filePath, operation = 'read') {
|
|
114
|
+
const timestamp = new Date().toISOString();
|
|
115
|
+
this.observed.fileAccesses.push({ path: filePath, operation, timestamp });
|
|
116
|
+
const isAllowed = this.isFileAccessAllowed(filePath);
|
|
117
|
+
if (!isAllowed) {
|
|
118
|
+
const violation = {
|
|
119
|
+
id: 'SKILL-013',
|
|
120
|
+
type: 'permission-overreach',
|
|
121
|
+
description: `Skill "${this.declared.name}" accessed file "${filePath}" (${operation}) which is not in declared file_access permissions`,
|
|
122
|
+
observed: filePath,
|
|
123
|
+
timestamp,
|
|
124
|
+
};
|
|
125
|
+
this.violations.push(violation);
|
|
126
|
+
this.emitViolation(violation);
|
|
127
|
+
}
|
|
128
|
+
}
|
|
129
|
+
/**
|
|
130
|
+
* Record a network call event and check against declared capabilities.
|
|
131
|
+
*/
|
|
132
|
+
recordNetworkCall(host, port, protocol) {
|
|
133
|
+
const timestamp = new Date().toISOString();
|
|
134
|
+
this.observed.networkCalls.push({ host, port, protocol, timestamp });
|
|
135
|
+
const isAllowed = this.isNetworkAccessAllowed(host);
|
|
136
|
+
if (!isAllowed) {
|
|
137
|
+
const violation = {
|
|
138
|
+
id: 'SKILL-014',
|
|
139
|
+
type: 'undeclared-network',
|
|
140
|
+
description: `Skill "${this.declared.name}" made undeclared network call to "${host}${port ? ':' + port : ''}"`,
|
|
141
|
+
observed: host,
|
|
142
|
+
timestamp,
|
|
143
|
+
};
|
|
144
|
+
this.violations.push(violation);
|
|
145
|
+
this.emitViolation(violation);
|
|
146
|
+
}
|
|
147
|
+
}
|
|
148
|
+
/**
|
|
149
|
+
* Record a tool invocation and check against declared capabilities.
|
|
150
|
+
*/
|
|
151
|
+
recordToolUse(tool) {
|
|
152
|
+
const timestamp = new Date().toISOString();
|
|
153
|
+
this.observed.toolUses.push({ tool, timestamp });
|
|
154
|
+
const isAllowed = this.declared.tools.some((t) => t === tool || t === '*');
|
|
155
|
+
if (!isAllowed) {
|
|
156
|
+
const violation = {
|
|
157
|
+
id: 'SKILL-013',
|
|
158
|
+
type: 'permission-overreach',
|
|
159
|
+
description: `Skill "${this.declared.name}" invoked tool "${tool}" which is not in declared tools`,
|
|
160
|
+
observed: tool,
|
|
161
|
+
timestamp,
|
|
162
|
+
};
|
|
163
|
+
this.violations.push(violation);
|
|
164
|
+
this.emitViolation(violation);
|
|
165
|
+
}
|
|
166
|
+
}
|
|
167
|
+
/**
|
|
168
|
+
* Record a credential access and check against declared capabilities.
|
|
169
|
+
*/
|
|
170
|
+
recordCredentialAccess(scope) {
|
|
171
|
+
const timestamp = new Date().toISOString();
|
|
172
|
+
this.observed.credentialAccesses.push({ scope, timestamp });
|
|
173
|
+
const isAllowed = this.declared.credentials.some((c) => c === scope || c === '*');
|
|
174
|
+
if (!isAllowed) {
|
|
175
|
+
const violation = {
|
|
176
|
+
id: 'SKILL-013',
|
|
177
|
+
type: 'permission-overreach',
|
|
178
|
+
description: `Skill "${this.declared.name}" accessed credential scope "${scope}" which is not in declared credentials`,
|
|
179
|
+
observed: scope,
|
|
180
|
+
timestamp,
|
|
181
|
+
};
|
|
182
|
+
this.violations.push(violation);
|
|
183
|
+
this.emitViolation(violation);
|
|
184
|
+
}
|
|
185
|
+
}
|
|
186
|
+
/**
|
|
187
|
+
* Get all recorded violations as findings.
|
|
188
|
+
*/
|
|
189
|
+
getViolations() {
|
|
190
|
+
return [...this.violations];
|
|
191
|
+
}
|
|
192
|
+
/**
|
|
193
|
+
* Get observed behavior summary.
|
|
194
|
+
*/
|
|
195
|
+
getObserved() {
|
|
196
|
+
return {
|
|
197
|
+
fileAccesses: [...this.observed.fileAccesses],
|
|
198
|
+
networkCalls: [...this.observed.networkCalls],
|
|
199
|
+
toolUses: [...this.observed.toolUses],
|
|
200
|
+
credentialAccesses: [...this.observed.credentialAccesses],
|
|
201
|
+
};
|
|
202
|
+
}
|
|
203
|
+
/**
|
|
204
|
+
* Reset all recorded observations and violations.
|
|
205
|
+
*/
|
|
206
|
+
reset() {
|
|
207
|
+
this.observed.fileAccesses.length = 0;
|
|
208
|
+
this.observed.networkCalls.length = 0;
|
|
209
|
+
this.observed.toolUses.length = 0;
|
|
210
|
+
this.observed.credentialAccesses.length = 0;
|
|
211
|
+
this.violations.length = 0;
|
|
212
|
+
}
|
|
213
|
+
// --- Private Helpers ---
|
|
214
|
+
isFileAccessAllowed(filePath) {
|
|
215
|
+
if (this.declared.fileAccess.length === 0)
|
|
216
|
+
return false;
|
|
217
|
+
return this.declared.fileAccess.some((allowed) => {
|
|
218
|
+
if (allowed === '*')
|
|
219
|
+
return true;
|
|
220
|
+
// Support glob-like prefix matching
|
|
221
|
+
if (allowed.endsWith('/*') || allowed.endsWith('/**')) {
|
|
222
|
+
const prefix = allowed.replace(/\/\*+$/, '');
|
|
223
|
+
return filePath.startsWith(prefix);
|
|
224
|
+
}
|
|
225
|
+
return filePath === allowed || filePath.startsWith(allowed + '/');
|
|
226
|
+
});
|
|
227
|
+
}
|
|
228
|
+
isNetworkAccessAllowed(host) {
|
|
229
|
+
if (this.declared.networkAccess.length === 0)
|
|
230
|
+
return false;
|
|
231
|
+
return this.declared.networkAccess.some((allowed) => {
|
|
232
|
+
if (allowed === '*')
|
|
233
|
+
return true;
|
|
234
|
+
// Exact match or subdomain match
|
|
235
|
+
return host === allowed || host.endsWith('.' + allowed);
|
|
236
|
+
});
|
|
237
|
+
}
|
|
238
|
+
emitViolation(violation) {
|
|
239
|
+
if (!this.engine)
|
|
240
|
+
return;
|
|
241
|
+
const severity = violation.id === 'SKILL-014' ? 'high' : 'medium';
|
|
242
|
+
const category = violation.id === 'SKILL-014' ? 'violation' : 'anomaly';
|
|
243
|
+
this.engine.emit({
|
|
244
|
+
source: 'skill',
|
|
245
|
+
category,
|
|
246
|
+
severity,
|
|
247
|
+
description: violation.description,
|
|
248
|
+
data: {
|
|
249
|
+
violationId: violation.id,
|
|
250
|
+
violationType: violation.type,
|
|
251
|
+
skillName: this.declared.name,
|
|
252
|
+
observed: violation.observed,
|
|
253
|
+
},
|
|
254
|
+
});
|
|
255
|
+
}
|
|
256
|
+
}
|
|
257
|
+
exports.SkillCapabilityMonitor = SkillCapabilityMonitor;
|
|
258
|
+
//# sourceMappingURL=skill-capability-monitor.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"skill-capability-monitor.js","sourceRoot":"","sources":["../../../src/arp/monitors/skill-capability-monitor.ts"],"names":[],"mappings":";AAAA;;;;;;;GAOG;;;AAkDH,8DA+BC;AAoCD,0DAEC;AA3ED,6BAA6B;AAE7B;;;GAGG;AACH,SAAgB,yBAAyB,CAAC,OAAe;IACvD,MAAM,YAAY,GAAyB;QACzC,IAAI,EAAE,EAAE;QACR,UAAU,EAAE,EAAE;QACd,aAAa,EAAE,EAAE;QACjB,KAAK,EAAE,EAAE;QACT,WAAW,EAAE,EAAE;KAChB,CAAC;IAEF,sBAAsB;IACtB,MAAM,gBAAgB,GAAG,OAAO,CAAC,KAAK,CAAC,0BAA0B,CAAC,CAAC;IACnE,IAAI,CAAC,gBAAgB;QAAE,OAAO,YAAY,CAAC;IAE3C,MAAM,WAAW,GAAG,gBAAgB,CAAC,CAAC,CAAC,CAAC;IAExC,aAAa;IACb,MAAM,SAAS,GAAG,WAAW,CAAC,KAAK,CAAC,iBAAiB,CAAC,CAAC;IACvD,IAAI,SAAS,EAAE,CAAC;QACd,YAAY,CAAC,IAAI,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,OAAO,CAAC,cAAc,EAAE,EAAE,CAAC,CAAC;IACtE,CAAC;IAED,2FAA2F;IAC3F,MAAM,UAAU,GAAG,aAAa,CAAC,WAAW,EAAE,aAAa,CAAC,CAAC;IAC7D,YAAY,CAAC,UAAU,GAAG,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,aAAa,CAAC,WAAW,EAAE,YAAY,CAAC,CAAC;IACxG,MAAM,aAAa,GAAG,aAAa,CAAC,WAAW,EAAE,gBAAgB,CAAC,CAAC;IACnE,YAAY,CAAC,aAAa,GAAG,aAAa,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,aAAa,CAAC,WAAW,EAAE,SAAS,CAAC,CAAC;IAC9G,YAAY,CAAC,KAAK,GAAG,aAAa,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;IACzD,MAAM,WAAW,GAAG,aAAa,CAAC,WAAW,EAAE,aAAa,CAAC,CAAC;IAC9D,YAAY,CAAC,WAAW,GAAG,WAAW,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,aAAa,CAAC,WAAW,EAAE,mBAAmB,CAAC,CAAC;IAElH,OAAO,YAAY,CAAC;AACtB,CAAC;AAED;;GAEG;AACH,SAAS,aAAa,CAAC,WAAmB,EAAE,KAAa;IACvD,kCAAkC;IAClC,MAAM,WAAW,GAAG,WAAW,CAAC,KAAK,CAAC,IAAI,MAAM,CAAC,IAAI,KAAK,oBAAoB,EAAE,GAAG,CAAC,CAAC,CAAC;IACtF,IAAI,WAAW,EAAE,CAAC;QAChB,OAAO,WAAW,CAAC,CAAC,CAAC;aAClB,KAAK,CAAC,GAAG,CAAC;aACV,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,OAAO,CAAC,cAAc,EAAE,EAAE,CAAC,CAAC;aACtD,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IACvC,CAAC;IAED,eAAe;IACf,MAAM,UAAU,GAAG,WAAW,CAAC,KAAK,CAAC,IAAI,MAAM,CAAC,IAAI,KAAK,gCAAgC,EAAE,GAAG,CAAC,CAAC,CAAC;IACjG,IAAI,UAAU,EAAE,CAAC;QACf,OAAO,UAAU,CAAC,CAAC,CAAC;aACjB,KAAK,CAAC,IAAI,CAAC;aACX,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE;YACZ,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC;YAC7C,OAAO,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,OAAO,CAAC,cAAc,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QAC1E,CAAC,CAAC;aACD,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IACvC,CAAC;IAED,OAAO,EAAE,CAAC;AACZ,CAAC;AAED,kBAAkB;AAElB;;;GAGG;AACH,SAAgB,uBAAuB,CAAC,QAA8B;IACpE,OAAO,IAAI,sBAAsB,CAAC,QAAQ,CAAC,CAAC;AAC9C,CAAC;AAED;;;;;GAKG;AACH,MAAa,sBAAsB;IAQjC,YAAY,QAA8B,EAAE,MAAoB;QAPvD,SAAI,GAAgB,OAAO,CAAC;QAGpB,eAAU,GAA0B,EAAE,CAAC;QAChD,WAAM,GAAuB,IAAI,CAAC;QAClC,YAAO,GAAG,KAAK,CAAC;QAGtB,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,MAAM,GAAG,MAAM,IAAI,IAAI,CAAC;QAC7B,IAAI,CAAC,QAAQ,GAAG;YACd,YAAY,EAAE,EAAE;YAChB,YAAY,EAAE,EAAE;YAChB,QAAQ,EAAE,EAAE;YACZ,kBAAkB,EAAE,EAAE;SACvB,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,KAAK;QACT,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC;IACtB,CAAC;IAED,KAAK,CAAC,IAAI;QACR,IAAI,CAAC,OAAO,GAAG,KAAK,CAAC;IACvB,CAAC;IAED,SAAS;QACP,OAAO,IAAI,CAAC,OAAO,CAAC;IACtB,CAAC;IAED;;OAEG;IACH,gBAAgB,CAAC,QAAgB,EAAE,YAAoB,MAAM;QAC3D,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QAC3C,IAAI,CAAC,QAAQ,CAAC,YAAY,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,SAAS,EAAE,CAAC,CAAC;QAE1E,MAAM,SAAS,GAAG,IAAI,CAAC,mBAAmB,CAAC,QAAQ,CAAC,CAAC;QACrD,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,MAAM,SAAS,GAAwB;gBACrC,EAAE,EAAE,WAAW;gBACf,IAAI,EAAE,sBAAsB;gBAC5B,WAAW,EAAE,UAAU,IAAI,CAAC,QAAQ,CAAC,IAAI,oBAAoB,QAAQ,MAAM,SAAS,oDAAoD;gBACxI,QAAQ,EAAE,QAAQ;gBAClB,SAAS;aACV,CAAC;YACF,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YAChC,IAAI,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC;QAChC,CAAC;IACH,CAAC;IAED;;OAEG;IACH,iBAAiB,CAAC,IAAY,EAAE,IAAa,EAAE,QAAiB;QAC9D,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QAC3C,IAAI,CAAC,QAAQ,CAAC,YAAY,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC,CAAC;QAErE,MAAM,SAAS,GAAG,IAAI,CAAC,sBAAsB,CAAC,IAAI,CAAC,CAAC;QACpD,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,MAAM,SAAS,GAAwB;gBACrC,EAAE,EAAE,WAAW;gBACf,IAAI,EAAE,oBAAoB;gBAC1B,WAAW,EAAE,UAAU,IAAI,CAAC,QAAQ,CAAC,IAAI,sCAAsC,IAAI,GAAG,IAAI,CAAC,CAAC,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,EAAE,GAAG;gBAC/G,QAAQ,EAAE,IAAI;gBACd,SAAS;aACV,CAAC;YACF,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YAChC,IAAI,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC;QAChC,CAAC;IACH,CAAC;IAED;;OAEG;IACH,aAAa,CAAC,IAAY;QACxB,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QAC3C,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC,CAAC;QAEjD,MAAM,SAAS,GAAG,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAC/C,CAAC,KAAK,IAAI,IAAI,CAAC,KAAK,GAAG,CACxB,CAAC;QACF,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,MAAM,SAAS,GAAwB;gBACrC,EAAE,EAAE,WAAW;gBACf,IAAI,EAAE,sBAAsB;gBAC5B,WAAW,EAAE,UAAU,IAAI,CAAC,QAAQ,CAAC,IAAI,mBAAmB,IAAI,kCAAkC;gBAClG,QAAQ,EAAE,IAAI;gBACd,SAAS;aACV,CAAC;YACF,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YAChC,IAAI,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC;QAChC,CAAC;IACH,CAAC;IAED;;OAEG;IACH,sBAAsB,CAAC,KAAa;QAClC,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QAC3C,IAAI,CAAC,QAAQ,CAAC,kBAAkB,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC,CAAC;QAE5D,MAAM,SAAS,GAAG,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CACrD,CAAC,KAAK,KAAK,IAAI,CAAC,KAAK,GAAG,CACzB,CAAC;QACF,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,MAAM,SAAS,GAAwB;gBACrC,EAAE,EAAE,WAAW;gBACf,IAAI,EAAE,sBAAsB;gBAC5B,WAAW,EAAE,UAAU,IAAI,CAAC,QAAQ,CAAC,IAAI,gCAAgC,KAAK,wCAAwC;gBACtH,QAAQ,EAAE,KAAK;gBACf,SAAS;aACV,CAAC;YACF,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YAChC,IAAI,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC;QAChC,CAAC;IACH,CAAC;IAED;;OAEG;IACH,aAAa;QACX,OAAO,CAAC,GAAG,IAAI,CAAC,UAAU,CAAC,CAAC;IAC9B,CAAC;IAED;;OAEG;IACH,WAAW;QACT,OAAO;YACL,YAAY,EAAE,CAAC,GAAG,IAAI,CAAC,QAAQ,CAAC,YAAY,CAAC;YAC7C,YAAY,EAAE,CAAC,GAAG,IAAI,CAAC,QAAQ,CAAC,YAAY,CAAC;YAC7C,QAAQ,EAAE,CAAC,GAAG,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC;YACrC,kBAAkB,EAAE,CAAC,GAAG,IAAI,CAAC,QAAQ,CAAC,kBAAkB,CAAC;SAC1D,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,KAAK;QACH,IAAI,CAAC,QAAQ,CAAC,YAAY,CAAC,MAAM,GAAG,CAAC,CAAC;QACtC,IAAI,CAAC,QAAQ,CAAC,YAAY,CAAC,MAAM,GAAG,CAAC,CAAC;QACtC,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC;QAClC,IAAI,CAAC,QAAQ,CAAC,kBAAkB,CAAC,MAAM,GAAG,CAAC,CAAC;QAC5C,IAAI,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC;IAC7B,CAAC;IAED,0BAA0B;IAElB,mBAAmB,CAAC,QAAgB;QAC1C,IAAI,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,KAAK,CAAC;QAExD,OAAO,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE;YAC/C,IAAI,OAAO,KAAK,GAAG;gBAAE,OAAO,IAAI,CAAC;YACjC,oCAAoC;YACpC,IAAI,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;gBACtD,MAAM,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;gBAC7C,OAAO,QAAQ,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;YACrC,CAAC;YACD,OAAO,QAAQ,KAAK,OAAO,IAAI,QAAQ,CAAC,UAAU,CAAC,OAAO,GAAG,GAAG,CAAC,CAAC;QACpE,CAAC,CAAC,CAAC;IACL,CAAC;IAEO,sBAAsB,CAAC,IAAY;QACzC,IAAI,IAAI,CAAC,QAAQ,CAAC,aAAa,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,KAAK,CAAC;QAE3D,OAAO,IAAI,CAAC,QAAQ,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE;YAClD,IAAI,OAAO,KAAK,GAAG;gBAAE,OAAO,IAAI,CAAC;YACjC,iCAAiC;YACjC,OAAO,IAAI,KAAK,OAAO,IAAI,IAAI,CAAC,QAAQ,CAAC,GAAG,GAAG,OAAO,CAAC,CAAC;QAC1D,CAAC,CAAC,CAAC;IACL,CAAC;IAEO,aAAa,CAAC,SAA8B;QAClD,IAAI,CAAC,IAAI,CAAC,MAAM;YAAE,OAAO;QAEzB,MAAM,QAAQ,GAAG,SAAS,CAAC,EAAE,KAAK,WAAW,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC;QAClE,MAAM,QAAQ,GAAG,SAAS,CAAC,EAAE,KAAK,WAAW,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;QAExE,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC;YACf,MAAM,EAAE,OAAO;YACf,QAAQ;YACR,QAAQ;YACR,WAAW,EAAE,SAAS,CAAC,WAAW;YAClC,IAAI,EAAE;gBACJ,WAAW,EAAE,SAAS,CAAC,EAAE;gBACzB,aAAa,EAAE,SAAS,CAAC,IAAI;gBAC7B,SAAS,EAAE,IAAI,CAAC,QAAQ,CAAC,IAAI;gBAC7B,QAAQ,EAAE,SAAS,CAAC,QAAQ;aAC7B;SACF,CAAC,CAAC;IACL,CAAC;CACF;AAlMD,wDAkMC"}
|
|
@@ -0,0 +1,62 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* GTIN Event Forwarder
|
|
3
|
+
*
|
|
4
|
+
* Subscribes to ARP events and forwards anomalous ones to the
|
|
5
|
+
* OpenA2A Registry for community threat intelligence. Events are
|
|
6
|
+
* batched internally and submitted individually (the API accepts
|
|
7
|
+
* one event at a time).
|
|
8
|
+
*
|
|
9
|
+
* Non-blocking: network failures are logged as warnings and never
|
|
10
|
+
* affect ARP monitoring.
|
|
11
|
+
*/
|
|
12
|
+
import { ARPEvent } from '../types';
|
|
13
|
+
/** Configuration for the GTIN forwarder */
|
|
14
|
+
export interface GTINForwarderConfig {
|
|
15
|
+
enabled: boolean;
|
|
16
|
+
sensorToken: string;
|
|
17
|
+
registryUrl?: string;
|
|
18
|
+
packageName: string;
|
|
19
|
+
packageVersion?: string;
|
|
20
|
+
}
|
|
21
|
+
/**
|
|
22
|
+
* GTIN Event Forwarder
|
|
23
|
+
*
|
|
24
|
+
* Accumulates anomalous events and flushes them to the registry
|
|
25
|
+
* every 30 seconds (or on explicit flush/shutdown).
|
|
26
|
+
*/
|
|
27
|
+
export declare class GTINForwarder {
|
|
28
|
+
private readonly config;
|
|
29
|
+
private queue;
|
|
30
|
+
private flushTimer;
|
|
31
|
+
private stopped;
|
|
32
|
+
/** Batch interval in milliseconds (30 seconds) */
|
|
33
|
+
private readonly batchIntervalMs;
|
|
34
|
+
constructor(config: GTINForwarderConfig);
|
|
35
|
+
/**
|
|
36
|
+
* Start the forwarder's batch flush timer.
|
|
37
|
+
* Called automatically when the first event is queued, or can be called explicitly.
|
|
38
|
+
*/
|
|
39
|
+
start(): void;
|
|
40
|
+
/**
|
|
41
|
+
* Handle an incoming ARP event.
|
|
42
|
+
*
|
|
43
|
+
* If GTIN is enabled and the event is anomalous, it is queued for
|
|
44
|
+
* submission. Normal events are silently ignored.
|
|
45
|
+
*/
|
|
46
|
+
onEvent(event: ARPEvent): void;
|
|
47
|
+
/**
|
|
48
|
+
* Force-send all queued events immediately.
|
|
49
|
+
* Each event is submitted individually (the API takes one event at a time).
|
|
50
|
+
*/
|
|
51
|
+
flush(): Promise<void>;
|
|
52
|
+
/**
|
|
53
|
+
* Flush all queued events and stop the forwarder.
|
|
54
|
+
* After shutdown, no new events are accepted.
|
|
55
|
+
*/
|
|
56
|
+
shutdown(): Promise<void>;
|
|
57
|
+
/** Get the current queue length (for diagnostics) */
|
|
58
|
+
getQueueLength(): number;
|
|
59
|
+
/** Check if the forwarder is running */
|
|
60
|
+
isRunning(): boolean;
|
|
61
|
+
}
|
|
62
|
+
//# sourceMappingURL=forwarder.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"forwarder.d.ts","sourceRoot":"","sources":["../../../src/arp/telemetry/forwarder.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EAAE,QAAQ,EAAE,MAAM,UAAU,CAAC;AAQpC,2CAA2C;AAC3C,MAAM,WAAW,mBAAmB;IAClC,OAAO,EAAE,OAAO,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,WAAW,EAAE,MAAM,CAAC;IACpB,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB;AAED;;;;;GAKG;AACH,qBAAa,aAAa;IACxB,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAsB;IAC7C,OAAO,CAAC,KAAK,CAAqB;IAClC,OAAO,CAAC,UAAU,CAA+C;IACjE,OAAO,CAAC,OAAO,CAAS;IAExB,kDAAkD;IAClD,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAU;gBAE9B,MAAM,EAAE,mBAAmB;IAIvC;;;OAGG;IACH,KAAK,IAAI,IAAI;IAab;;;;;OAKG;IACH,OAAO,CAAC,KAAK,EAAE,QAAQ,GAAG,IAAI;IAkB9B;;;OAGG;IACG,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAmB5B;;;OAGG;IACG,QAAQ,IAAI,OAAO,CAAC,IAAI,CAAC;IAW/B,qDAAqD;IACrD,cAAc,IAAI,MAAM;IAIxB,wCAAwC;IACxC,SAAS,IAAI,OAAO;CAGrB"}
|