hackmyagent 0.10.1 → 0.11.1

package/dist/hardening/security-check.d.ts

@@ -53,6 +53,8 @@ export interface SecurityFinding {
     line?: number;
     /** Specific fix instruction for this issue */
     fix?: string;
+    /** Attack taxonomy class this finding maps to (e.g., "CRED-HARVEST") */
+    attackClass?: string;
     details?: Record<string, unknown>;
 }
 export interface ScanResult {

package/dist/hardening/security-check.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"security-check.d.ts","sourceRoot":"","sources":["../../src/hardening/security-check.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,MAAM,MAAM,QAAQ,GAAG,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;AAE9D;;;;;;;;;GASG;AACH,MAAM,MAAM,WAAW,GAAG,KAAK,GAAG,SAAS,GAAG,QAAQ,GAAG,KAAK,GAAG,KAAK,GAAG,UAAU,GAAG,KAAK,CAAC;AAE5F,MAAM,WAAW,aAAa;IAC5B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,QAAQ,CAAC;IACnB,6CAA6C;IAC7C,MAAM,EAAE,MAAM,OAAO,CAAC,WAAW,CAAC,CAAC;IACnC,kDAAkD;IAClD,GAAG,CAAC,EAAE,MAAM,OAAO,CAAC,SAAS,CAAC,CAAC;CAChC;AAED,MAAM,WAAW,WAAW;IAC1B,MAAM,EAAE,OAAO,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACnC;AAED,MAAM,WAAW,SAAS;IACxB,OAAO,EAAE,OAAO,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACnC;AAED,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,QAAQ,CAAC;IACnB,MAAM,EAAE,OAAO,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,OAAO,CAAC;IACjB,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,0DAA0D;IAC1D,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,uEAAuE;IACvE,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,wDAAwD;IACxD,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,8CAA8C;IAC9C,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACnC;AAED,MAAM,WAAW,UAAU;IACzB,SAAS,EAAE,IAAI,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;IACjB,4BAA4B;IAC5B,WAAW,EAAE,WAAW,CAAC;IACzB,0EAA0E;IAC1E,QAAQ,EAAE,eAAe,EAAE,CAAC;IAC5B,sEAAsE;IACtE,WAAW,CAAC,EAAE,eAAe,EAAE,CAAC;IAChC,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB,8EAA8E;IAC9E,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,mDAAmD;IACnD,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,yEAAyE;IACzE,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,0CAA0C;IAC1C,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IACnB,oDAAoD;IACpD,gBAAgB,CAAC,EAAE;QACjB,cAAc,EAAE,MAAM,CAAC;QACvB,cAAc,EAAE,MAAM,CAAC;QACvB,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,aAAa,CAAC,EAAE,MAAM,CAAC;KACxB,CAAC;CACH"}
+{"version":3,"file":"security-check.d.ts","sourceRoot":"","sources":["../../src/hardening/security-check.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,MAAM,MAAM,QAAQ,GAAG,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;AAE9D;;;;;;;;;GASG;AACH,MAAM,MAAM,WAAW,GAAG,KAAK,GAAG,SAAS,GAAG,QAAQ,GAAG,KAAK,GAAG,KAAK,GAAG,UAAU,GAAG,KAAK,CAAC;AAE5F,MAAM,WAAW,aAAa;IAC5B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,QAAQ,CAAC;IACnB,6CAA6C;IAC7C,MAAM,EAAE,MAAM,OAAO,CAAC,WAAW,CAAC,CAAC;IACnC,kDAAkD;IAClD,GAAG,CAAC,EAAE,MAAM,OAAO,CAAC,SAAS,CAAC,CAAC;CAChC;AAED,MAAM,WAAW,WAAW;IAC1B,MAAM,EAAE,OAAO,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACnC;AAED,MAAM,WAAW,SAAS;IACxB,OAAO,EAAE,OAAO,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACnC;AAED,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,QAAQ,CAAC;IACnB,MAAM,EAAE,OAAO,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,OAAO,CAAC;IACjB,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,0DAA0D;IAC1D,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,uEAAuE;IACvE,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,wDAAwD;IACxD,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,8CAA8C;IAC9C,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,wEAAwE;IACxE,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACnC;AAED,MAAM,WAAW,UAAU;IACzB,SAAS,EAAE,IAAI,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;IACjB,4BAA4B;IAC5B,WAAW,EAAE,WAAW,CAAC;IACzB,0EAA0E;IAC1E,QAAQ,EAAE,eAAe,EAAE,CAAC;IAC5B,sEAAsE;IACtE,WAAW,CAAC,EAAE,eAAe,EAAE,CAAC;IAChC,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB,8EAA8E;IAC9E,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,mDAAmD;IACnD,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,yEAAyE;IACzE,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,0CAA0C;IAC1C,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IACnB,oDAAoD;IACpD,gBAAgB,CAAC,EAAE;QACjB,cAAc,EAAE,MAAM,CAAC;QACvB,cAAc,EAAE,MAAM,CAAC;QACvB,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,aAAa,CAAC,EAAE,MAAM,CAAC;KACxB,CAAC;CACH"}

package/dist/hardening/skill-capability-validator.d.ts

@@ -0,0 +1,31 @@
+/**
+ * Declared-vs-Actual Capability Validation
+ *
+ * Compares what a SKILL.md declares in its frontmatter (capabilities/permissions)
+ * against what the skill body actually does. Generates SKILL-018 findings for
+ * undeclared capabilities.
+ */
+import type { SecurityFinding } from './security-check';
+export interface SkillDeclaredCapabilities {
+    capabilities: string[];
+    permissions: Record<string, string[]>;
+}
+export interface InferredCapability {
+    capability: string;
+    evidence: string;
+    lineNumber: number;
+}
+/**
+ * Extract capabilities and permissions from YAML frontmatter.
+ */
+export declare function parseDeclaredCapabilities(content: string): SkillDeclaredCapabilities;
+/**
+ * Scan skill body (NOT frontmatter) for capability indicators.
+ */
+export declare function inferActualCapabilities(content: string): InferredCapability[];
+/**
+ * Compare declared vs inferred capabilities.
+ * Generate SKILL-018 findings for undeclared capabilities.
+ */
+export declare function validateCapabilities(declared: SkillDeclaredCapabilities, inferred: InferredCapability[], filePath?: string): SecurityFinding[];
+//# sourceMappingURL=skill-capability-validator.d.ts.map

package/dist/hardening/skill-capability-validator.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"skill-capability-validator.d.ts","sourceRoot":"","sources":["../../src/hardening/skill-capability-validator.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAExD,MAAM,WAAW,yBAAyB;IACxC,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;CACvC;AAED,MAAM,WAAW,kBAAkB;IACjC,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED;;GAEG;AACH,wBAAgB,yBAAyB,CAAC,OAAO,EAAE,MAAM,GAAG,yBAAyB,CAgDpF;AAED;;GAEG;AACH,wBAAgB,uBAAuB,CAAC,OAAO,EAAE,MAAM,GAAG,kBAAkB,EAAE,CAuE7E;AAED;;;GAGG;AACH,wBAAgB,oBAAoB,CAClC,QAAQ,EAAE,yBAAyB,EACnC,QAAQ,EAAE,kBAAkB,EAAE,EAC9B,QAAQ,CAAC,EAAE,MAAM,GAChB,eAAe,EAAE,CAwBnB"}

package/dist/hardening/skill-capability-validator.js

@@ -0,0 +1,237 @@
+"use strict";
+/**
+ * Declared-vs-Actual Capability Validation
+ *
+ * Compares what a SKILL.md declares in its frontmatter (capabilities/permissions)
+ * against what the skill body actually does. Generates SKILL-018 findings for
+ * undeclared capabilities.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.parseDeclaredCapabilities = parseDeclaredCapabilities;
+exports.inferActualCapabilities = inferActualCapabilities;
+exports.validateCapabilities = validateCapabilities;
+/**
+ * Extract capabilities and permissions from YAML frontmatter.
+ */
+function parseDeclaredCapabilities(content) {
+    const result = {
+        capabilities: [],
+        permissions: {},
+    };
+    const frontmatterMatch = content.match(/^---\s*\n([\s\S]*?)\n---/);
+    if (!frontmatterMatch)
+        return result;
+    const frontmatter = frontmatterMatch[1];
+    // Parse capabilities list
+    result.capabilities = parseYamlList(frontmatter, 'capabilities');
+    // Also include permissions keys as capabilities
+    const permissionsBlock = extractYamlBlock(frontmatter, 'permissions');
+    if (permissionsBlock) {
+        const keyPattern = /^\s{2}(\S[^:]*?):\s*$/gm;
+        let match;
+        while ((match = keyPattern.exec(permissionsBlock)) !== null) {
+            const key = match[1].trim();
+            result.permissions[key] = [];
+            // Find list items under this key
+            const keyIdx = permissionsBlock.indexOf(match[0]);
+            const afterKey = permissionsBlock.substring(keyIdx + match[0].length);
+            const itemPattern = /^\s{4}-\s+(.+)$/gm;
+            let itemMatch;
+            while ((itemMatch = itemPattern.exec(afterKey)) !== null) {
+                result.permissions[key].push(itemMatch[1].trim().replace(/^["']|["']$/g, ''));
+            }
+        }
+    }
+    // Also accept flat filesystem:/network: entries in capabilities
+    for (const cap of result.capabilities) {
+        if (cap.includes(':') && !result.permissions[cap.split(':')[0]]) {
+            const [prefix, ...rest] = cap.split(':');
+            const scope = rest.join(':');
+            if (!result.permissions[prefix]) {
+                result.permissions[prefix] = [];
+            }
+            if (scope) {
+                result.permissions[prefix].push(scope);
+            }
+        }
+    }
+    return result;
+}
+/**
+ * Scan skill body (NOT frontmatter) for capability indicators.
+ */
+function inferActualCapabilities(content) {
+    const inferred = [];
+    // Strip frontmatter to only analyze body
+    const bodyContent = content.replace(/^---\s*\n[\s\S]*?\n---\s*\n?/, '');
+    const lines = bodyContent.split('\n');
+    // Find the offset for line numbers (account for stripped frontmatter)
+    const frontmatterMatch = content.match(/^---\s*\n[\s\S]*?\n---\s*\n?/);
+    const frontmatterLines = frontmatterMatch
+        ? frontmatterMatch[0].split('\n').length - 1
+        : 0;
+    const sensitivePathPatterns = [
+        { pattern: /~\/\.ssh/g, capability: 'filesystem:~/.ssh' },
+        { pattern: /~\/\.aws/g, capability: 'filesystem:~/.aws' },
+        { pattern: /~\/\.kube/g, capability: 'filesystem:~/.kube' },
+        { pattern: /~\/\.gnupg/g, capability: 'filesystem:~/.gnupg' },
+        { pattern: /~\/\.config/g, capability: 'filesystem:~/.config' },
+    ];
+    const networkOutboundPatterns = [
+        { pattern: /\bcurl\b/g, capability: 'network:outbound' },
+        { pattern: /\bwget\b/g, capability: 'network:outbound' },
+        { pattern: /\bfetch\s*\(/g, capability: 'network:outbound' },
+        { pattern: /\bhttp\.get\b/g, capability: 'network:outbound' },
+        { pattern: /\baxios\b/g, capability: 'network:outbound' },
+    ];
+    const shellPatterns = [
+        { pattern: /\bshell\s*:/g, capability: 'shell:execute' },
+        { pattern: /\bbash\s/g, capability: 'shell:execute' },
+        { pattern: /\bexec\s*\(/g, capability: 'shell:execute' },
+        { pattern: /\bspawn\s*\(/g, capability: 'shell:execute' },
+    ];
+    const networkInboundPatterns = [
+        { pattern: /\blisten\s*\(/g, capability: 'network:inbound' },
+        { pattern: /\bcreateServer\b/g, capability: 'network:inbound' },
+    ];
+    const filesystemWildcardPatterns = [
+        { pattern: /filesystem:\s*\*/g, capability: 'filesystem:wildcard' },
+    ];
+    const allPatterns = [
+        ...sensitivePathPatterns,
+        ...networkOutboundPatterns,
+        ...shellPatterns,
+        ...networkInboundPatterns,
+        ...filesystemWildcardPatterns,
+    ];
+    for (let i = 0; i < lines.length; i++) {
+        const line = lines[i];
+        for (const { pattern, capability } of allPatterns) {
+            pattern.lastIndex = 0;
+            if (pattern.test(line)) {
+                // Avoid duplicate capabilities on same line
+                if (!inferred.some(inf => inf.lineNumber === i + frontmatterLines + 1 && inf.capability === capability)) {
+                    inferred.push({
+                        capability,
+                        evidence: line.trim().substring(0, 100),
+                        lineNumber: i + frontmatterLines + 1,
+                    });
+                }
+            }
+        }
+    }
+    return inferred;
+}
+/**
+ * Compare declared vs inferred capabilities.
+ * Generate SKILL-018 findings for undeclared capabilities.
+ */
+function validateCapabilities(declared, inferred, filePath) {
+    const findings = [];
+    for (const inf of inferred) {
+        if (isCapabilityDeclared(inf.capability, declared)) {
+            continue;
+        }
+        findings.push({
+            checkId: 'SKILL-018',
+            name: 'Undeclared Capability',
+            description: 'Skill uses a capability not declared in its frontmatter',
+            category: 'skill',
+            severity: 'medium',
+            passed: false,
+            message: `Undeclared capability "${inf.capability}" detected: "${inf.evidence}"`,
+            file: filePath,
+            line: inf.lineNumber,
+            fixable: false,
+            fix: `Add "${inf.capability}" to the capabilities list in the skill frontmatter`,
+        });
+    }
+    return findings;
+}
+/**
+ * Check if a capability is covered by the declared capabilities/permissions.
+ */
+function isCapabilityDeclared(capability, declared) {
+    // Direct match in capabilities list
+    if (declared.capabilities.includes(capability)) {
+        return true;
+    }
+    // Check by prefix (e.g., "filesystem:~/.ssh" is covered by "filesystem" capability)
+    const [prefix] = capability.split(':');
+    if (declared.capabilities.includes(prefix)) {
+        return true;
+    }
+    // Check wildcard permissions (e.g., "filesystem:./**" covers filesystem access)
+    if (declared.permissions[prefix]) {
+        const scopes = declared.permissions[prefix];
+        // Any declared scope for this prefix counts as declared
+        if (scopes.length > 0) {
+            return true;
+        }
+        // Empty scopes list means the prefix was declared without specific scopes
+        return true;
+    }
+    // Check for broader capability declarations
+    // "network" covers "network:outbound" and "network:inbound"
+    if (declared.capabilities.some(cap => {
+        const [capPrefix] = cap.split(':');
+        return capPrefix === prefix;
+    })) {
+        return true;
+    }
+    return false;
+}
+/**
+ * Parse a simple YAML list from frontmatter.
+ */
+function parseYamlList(frontmatter, field) {
+    // Inline format: field: [a, b, c]
+    const inlineMatch = frontmatter.match(new RegExp(`^${field}:\\s*\\[([^\\]]*)]`, 'm'));
+    if (inlineMatch) {
+        return inlineMatch[1]
+            .split(',')
+            .map(item => item.trim().replace(/^["']|["']$/g, ''))
+            .filter(item => item.length > 0);
+    }
+    // Block format
+    const blockPattern = new RegExp(`^${field}:\\s*$`, 'm');
+    const blockMatch = frontmatter.match(blockPattern);
+    if (!blockMatch)
+        return [];
+    const startIdx = frontmatter.indexOf(blockMatch[0]) + blockMatch[0].length;
+    const remaining = frontmatter.substring(startIdx);
+    const items = [];
+    for (const line of remaining.split('\n')) {
+        const itemMatch = line.match(/^\s+-\s+(.+)$/);
+        if (itemMatch) {
+            items.push(itemMatch[1].trim().replace(/^["']|["']$/g, ''));
+        }
+        else if (line.trim() !== '' && !/^\s+-/.test(line)) {
+            break; // End of list
+        }
+    }
+    return items;
+}
+/**
+ * Extract a YAML block (key + indented children) from frontmatter.
+ */
+function extractYamlBlock(frontmatter, field) {
+    const blockPattern = new RegExp(`^${field}:\\s*$`, 'm');
+    const blockMatch = frontmatter.match(blockPattern);
+    if (!blockMatch)
+        return null;
+    const startIdx = frontmatter.indexOf(blockMatch[0]);
+    const remaining = frontmatter.substring(startIdx);
+    const lines = remaining.split('\n');
+    const blockLines = [lines[0]];
+    for (let i = 1; i < lines.length; i++) {
+        if (/^\s+/.test(lines[i]) || lines[i].trim() === '') {
+            blockLines.push(lines[i]);
+        }
+        else {
+            break;
+        }
+    }
+    return blockLines.join('\n');
+}
+//# sourceMappingURL=skill-capability-validator.js.map

package/dist/hardening/skill-capability-validator.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"skill-capability-validator.js","sourceRoot":"","sources":["../../src/hardening/skill-capability-validator.ts"],"names":[],"mappings":";AAAA;;;;;;GAMG;;AAkBH,8DAgDC;AAKD,0DAuEC;AAMD,oDA4BC;AAjKD;;GAEG;AACH,SAAgB,yBAAyB,CAAC,OAAe;IACvD,MAAM,MAAM,GAA8B;QACxC,YAAY,EAAE,EAAE;QAChB,WAAW,EAAE,EAAE;KAChB,CAAC;IAEF,MAAM,gBAAgB,GAAG,OAAO,CAAC,KAAK,CAAC,0BAA0B,CAAC,CAAC;IACnE,IAAI,CAAC,gBAAgB;QAAE,OAAO,MAAM,CAAC;IAErC,MAAM,WAAW,GAAG,gBAAgB,CAAC,CAAC,CAAC,CAAC;IAExC,0BAA0B;IAC1B,MAAM,CAAC,YAAY,GAAG,aAAa,CAAC,WAAW,EAAE,cAAc,CAAC,CAAC;IAEjE,gDAAgD;IAChD,MAAM,gBAAgB,GAAG,gBAAgB,CAAC,WAAW,EAAE,aAAa,CAAC,CAAC;IACtE,IAAI,gBAAgB,EAAE,CAAC;QACrB,MAAM,UAAU,GAAG,yBAAyB,CAAC;QAC7C,IAAI,KAAK,CAAC;QACV,OAAO,CAAC,KAAK,GAAG,UAAU,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YAC5D,MAAM,GAAG,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YAC5B,MAAM,CAAC,WAAW,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC;YAC7B,iCAAiC;YACjC,MAAM,MAAM,GAAG,gBAAgB,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;YAClD,MAAM,QAAQ,GAAG,gBAAgB,CAAC,SAAS,CAAC,MAAM,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;YACtE,MAAM,WAAW,GAAG,mBAAmB,CAAC;YACxC,IAAI,SAAS,CAAC;YACd,OAAO,CAAC,SAAS,GAAG,WAAW,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;gBACzD,MAAM,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,OAAO,CAAC,cAAc,EAAE,EAAE,CAAC,CAAC,CAAC;YAChF,CAAC;QACH,CAAC;IACH,CAAC;IAED,gEAAgE;IAChE,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,YAAY,EAAE,CAAC;QACtC,IAAI,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YAChE,MAAM,CAAC,MAAM,EAAE,GAAG,IAAI,CAAC,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YACzC,MAAM,KAAK,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YAC7B,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,MAAM,CAAC,EAAE,CAAC;gBAChC,MAAM,CAAC,WAAW,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC;YAClC,CAAC;YACD,IAAI,KAAK,EAAE,CAAC;gBACV,MAAM,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YACzC,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;GAEG;AACH,SAAgB,uBAAuB,CAAC,OAAe;IACrD,MAAM,QAAQ,GAAyB,EAAE,CAAC;IAE1C,yCAAyC;IACzC,MAAM,WAAW,GAAG,OAAO,CAAC,OAAO,CAAC,8BAA8B,EAAE,EAAE,CAAC,CAAC;IACxE,MAAM,KAAK,GAAG,WAAW,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAEtC,sEAAsE;IACtE,MAAM,gBAAgB,GAAG,OAAO,CAAC,KAAK,CAAC,8BAA8B,CAAC,CAAC;IACvE,MAAM,gBAAgB,GAAG,gBAAgB;QACvC,CAAC,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC;QAC5C,CAAC,CAAC,CAAC,CAAC;IAEN,MAAM,qBAAqB,GAAmD;QAC5E,EAAE,OAAO,EAAE,WAAW,EAAE,UAAU,EAAE,mBAAmB,EAAE;QACzD,EAAE,OAAO,EAAE,WAAW,EAAE,UAAU,EAAE,mBAAmB,EAAE;QACzD,EAAE,OAAO,EAAE,YAAY,EAAE,UAAU,EAAE,oBAAoB,EAAE;QAC3D,EAAE,OAAO,EAAE,aAAa,EAAE,UAAU,EAAE,qBAAqB,EAAE;QAC7D,EAAE,OAAO,EAAE,cAAc,EAAE,UAAU,EAAE,sBAAsB,EAAE;KAChE,CAAC;IAEF,MAAM,uBAAuB,GAAmD;QAC9E,EAAE,OAAO,EAAE,WAAW,EAAE,UAAU,EAAE,kBAAkB,EAAE;QACxD,EAAE,OAAO,EAAE,WAAW,EAAE,UAAU,EAAE,kBAAkB,EAAE;QACxD,EAAE,OAAO,EAAE,eAAe,EAAE,UAAU,EAAE,kBAAkB,EAAE;QAC5D,EAAE,OAAO,EAAE,gBAAgB,EAAE,UAAU,EAAE,kBAAkB,EAAE;QAC7D,EAAE,OAAO,EAAE,YAAY,EAAE,UAAU,EAAE,kBAAkB,EAAE;KAC1D,CAAC;IAEF,MAAM,aAAa,GAAmD;QACpE,EAAE,OAAO,EAAE,cAAc,EAAE,UAAU,EAAE,eAAe,EAAE;QACxD,EAAE,OAAO,EAAE,WAAW,EAAE,UAAU,EAAE,eAAe,EAAE;QACrD,EAAE,OAAO,EAAE,cAAc,EAAE,UAAU,EAAE,eAAe,EAAE;QACxD,EAAE,OAAO,EAAE,eAAe,EAAE,UAAU,EAAE,eAAe,EAAE;KAC1D,CAAC;IAEF,MAAM,sBAAsB,GAAmD;QAC7E,EAAE,OAAO,EAAE,gBAAgB,EAAE,UAAU,EAAE,iBAAiB,EAAE;QAC5D,EAAE,OAAO,EAAE,mBAAmB,EAAE,UAAU,EAAE,iBAAiB,EAAE;KAChE,CAAC;IAEF,MAAM,0BAA0B,GAAmD;QACjF,EAAE,OAAO,EAAE,mBAAmB,EAAE,UAAU,EAAE,qBAAqB,EAAE;KACpE,CAAC;IAEF,MAAM,WAAW,GAAG;QAClB,GAAG,qBAAqB;QACxB,GAAG,uBAAuB;QAC1B,GAAG,aAAa;QAChB,GAAG,sBAAsB;QACzB,GAAG,0BAA0B;KAC9B,CAAC;IAEF,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QACtB,KAAK,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,IAAI,WAAW,EAAE,CAAC;YAClD,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC;YACtB,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBACvB,4CAA4C;gBAC5C,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,UAAU,KAAK,CAAC,GAAG,gBAAgB,GAAG,CAAC,IAAI,GAAG,CAAC,UAAU,KAAK,UAAU,CAAC,EAAE,CAAC;oBACxG,QAAQ,CAAC,IAAI,CAAC;wBACZ,UAAU;wBACV,QAAQ,EAAE,IAAI,CAAC,IAAI,EAAE,CAAC,SAAS,CAAC,CAAC,EAAE,GAAG,CAAC;wBACvC,UAAU,EAAE,CAAC,GAAG,gBAAgB,GAAG,CAAC;qBACrC,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;;GAGG;AACH,SAAgB,oBAAoB,CAClC,QAAmC,EACnC,QAA8B,EAC9B,QAAiB;IAEjB,MAAM,QAAQ,GAAsB,EAAE,CAAC;IAEvC,KAAK,MAAM,GAAG,IAAI,QAAQ,EAAE,CAAC;QAC3B,IAAI,oBAAoB,CAAC,GAAG,CAAC,UAAU,EAAE,QAAQ,CAAC,EAAE,CAAC;YACnD,SAAS;QACX,CAAC;QAED,QAAQ,CAAC,IAAI,CAAC;YACZ,OAAO,EAAE,WAAW;YACpB,IAAI,EAAE,uBAAuB;YAC7B,WAAW,EAAE,yDAAyD;YACtE,QAAQ,EAAE,OAAO;YACjB,QAAQ,EAAE,QAAQ;YAClB,MAAM,EAAE,KAAK;YACb,OAAO,EAAE,0BAA0B,GAAG,CAAC,UAAU,gBAAgB,GAAG,CAAC,QAAQ,GAAG;YAChF,IAAI,EAAE,QAAQ;YACd,IAAI,EAAE,GAAG,CAAC,UAAU;YACpB,OAAO,EAAE,KAAK;YACd,GAAG,EAAE,QAAQ,GAAG,CAAC,UAAU,qDAAqD;SACjF,CAAC,CAAC;IACL,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;GAEG;AACH,SAAS,oBAAoB,CAC3B,UAAkB,EAClB,QAAmC;IAEnC,oCAAoC;IACpC,IAAI,QAAQ,CAAC,YAAY,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;QAC/C,OAAO,IAAI,CAAC;IACd,CAAC;IAED,oFAAoF;IACpF,MAAM,CAAC,MAAM,CAAC,GAAG,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACvC,IAAI,QAAQ,CAAC,YAAY,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;QAC3C,OAAO,IAAI,CAAC;IACd,CAAC;IAED,gFAAgF;IAChF,IAAI,QAAQ,CAAC,WAAW,CAAC,MAAM,CAAC,EAAE,CAAC;QACjC,MAAM,MAAM,GAAG,QAAQ,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;QAC5C,wDAAwD;QACxD,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACtB,OAAO,IAAI,CAAC;QACd,CAAC;QACD,0EAA0E;QAC1E,OAAO,IAAI,CAAC;IACd,CAAC;IAED,4CAA4C;IAC5C,4DAA4D;IAC5D,IAAI,QAAQ,CAAC,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE;QACnC,MAAM,CAAC,SAAS,CAAC,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACnC,OAAO,SAAS,KAAK,MAAM,CAAC;IAC9B,CAAC,CAAC,EAAE,CAAC;QACH,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACH,SAAS,aAAa,CAAC,WAAmB,EAAE,KAAa;IACvD,kCAAkC;IAClC,MAAM,WAAW,GAAG,WAAW,CAAC,KAAK,CAAC,IAAI,MAAM,CAAC,IAAI,KAAK,oBAAoB,EAAE,GAAG,CAAC,CAAC,CAAC;IACtF,IAAI,WAAW,EAAE,CAAC;QAChB,OAAO,WAAW,CAAC,CAAC,CAAC;aAClB,KAAK,CAAC,GAAG,CAAC;aACV,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,OAAO,CAAC,cAAc,EAAE,EAAE,CAAC,CAAC;aACpD,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IACrC,CAAC;IAED,eAAe;IACf,MAAM,YAAY,GAAG,IAAI,MAAM,CAAC,IAAI,KAAK,QAAQ,EAAE,GAAG,CAAC,CAAC;IACxD,MAAM,UAAU,GAAG,WAAW,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;IACnD,IAAI,CAAC,UAAU;QAAE,OAAO,EAAE,CAAC;IAE3B,MAAM,QAAQ,GAAG,WAAW,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;IAC3E,MAAM,SAAS,GAAG,WAAW,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;IAClD,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,KAAK,MAAM,IAAI,IAAI,SAAS,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;QACzC,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC;QAC9C,IAAI,SAAS,EAAE,CAAC;YACd,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,OAAO,CAAC,cAAc,EAAE,EAAE,CAAC,CAAC,CAAC;QAC9D,CAAC;aAAM,IAAI,IAAI,CAAC,IAAI,EAAE,KAAK,EAAE,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACrD,MAAM,CAAC,cAAc;QACvB,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACH,SAAS,gBAAgB,CAAC,WAAmB,EAAE,KAAa;IAC1D,MAAM,YAAY,GAAG,IAAI,MAAM,CAAC,IAAI,KAAK,QAAQ,EAAE,GAAG,CAAC,CAAC;IACxD,MAAM,UAAU,GAAG,WAAW,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;IACnD,IAAI,CAAC,UAAU;QAAE,OAAO,IAAI,CAAC;IAE7B,MAAM,QAAQ,GAAG,WAAW,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC;IACpD,MAAM,SAAS,GAAG,WAAW,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;IAClD,MAAM,KAAK,GAAG,SAAS,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IACpC,MAAM,UAAU,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IAC9B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,IAAI,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;YACpD,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QAC5B,CAAC;aAAM,CAAC;YACN,MAAM;QACR,CAAC;IACH,CAAC;IACD,OAAO,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC/B,CAAC"}

package/dist/hardening/skill-context.d.ts

@@ -0,0 +1,22 @@
+/**
+ * Context-Aware Skill Section Analysis
+ *
+ * Classifies lines in SKILL.md files by section type to reduce false positives.
+ * Prose mentions of "chrome" or ".env" are not attacks -- only code blocks
+ * and command blocks are real signals for SKILL-010/011/012.
+ */
+export type SkillSection = 'frontmatter' | 'prose' | 'codeblock' | 'command';
+/**
+ * Classify what section type a given line index falls within.
+ * Parses the full content to determine context.
+ */
+export declare function classifySkillSection(content: string, lineIndex: number): SkillSection;
+/**
+ * Determine if a pattern match is likely a false positive based on section context.
+ *
+ * For SKILL-010/011/012, matches in prose or frontmatter (including capabilities/permissions
+ * declarations) are treated as false positives. Only code blocks and command blocks
+ * are real signals for these checks.
+ */
+export declare function isLikelyFalsePositive(checkId: string, line: string, section: SkillSection, fullContent: string): boolean;
+//# sourceMappingURL=skill-context.d.ts.map

package/dist/hardening/skill-context.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"skill-context.d.ts","sourceRoot":"","sources":["../../src/hardening/skill-context.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,MAAM,MAAM,YAAY,GAAG,aAAa,GAAG,OAAO,GAAG,WAAW,GAAG,SAAS,CAAC;AAE7E;;;GAGG;AACH,wBAAgB,oBAAoB,CAAC,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,YAAY,CA8DrF;AAED;;;;;;GAMG;AACH,wBAAgB,qBAAqB,CACnC,OAAO,EAAE,MAAM,EACf,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,YAAY,EACrB,WAAW,EAAE,MAAM,GAClB,OAAO,CA6CT"}

package/dist/hardening/skill-context.js

@@ -0,0 +1,127 @@
+"use strict";
+/**
+ * Context-Aware Skill Section Analysis
+ *
+ * Classifies lines in SKILL.md files by section type to reduce false positives.
+ * Prose mentions of "chrome" or ".env" are not attacks -- only code blocks
+ * and command blocks are real signals for SKILL-010/011/012.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.classifySkillSection = classifySkillSection;
+exports.isLikelyFalsePositive = isLikelyFalsePositive;
+/**
+ * Classify what section type a given line index falls within.
+ * Parses the full content to determine context.
+ */
+function classifySkillSection(content, lineIndex) {
+    const lines = content.split('\n');
+    if (lineIndex < 0 || lineIndex >= lines.length) {
+        return 'prose';
+    }
+    let inFrontmatter = false;
+    let frontmatterCount = 0;
+    let inCodeBlock = false;
+    for (let i = 0; i <= lineIndex; i++) {
+        const line = lines[i];
+        const trimmed = line.trim();
+        // Track frontmatter (--- delimiters at start of file)
+        if (trimmed === '---' || trimmed === '---\r') {
+            if (i === 0 || (frontmatterCount === 0 && i <= 1)) {
+                inFrontmatter = true;
+                frontmatterCount++;
+                if (i === lineIndex)
+                    return 'frontmatter';
+                continue;
+            }
+            else if (inFrontmatter && frontmatterCount === 1) {
+                frontmatterCount++;
+                inFrontmatter = false;
+                if (i === lineIndex)
+                    return 'frontmatter';
+                continue;
+            }
+        }
+        if (inFrontmatter) {
+            if (i === lineIndex)
+                return 'frontmatter';
+            continue;
+        }
+        // Track fenced code blocks (``` or ~~~)
+        if (/^(`{3,}|~{3,})/.test(trimmed)) {
+            inCodeBlock = !inCodeBlock;
+            if (i === lineIndex)
+                return inCodeBlock ? 'codeblock' : 'codeblock';
+            continue;
+        }
+        if (inCodeBlock) {
+            if (i === lineIndex)
+                return 'codeblock';
+            continue;
+        }
+        // Command lines: start with $ or >
+        if (/^\s*[$>]\s+\S/.test(line)) {
+            if (i === lineIndex)
+                return 'command';
+            continue;
+        }
+        // Indented code block: 4+ spaces after a blank line
+        if (/^ {4,}\S/.test(line) && i > 0 && lines[i - 1].trim() === '') {
+            if (i === lineIndex)
+                return 'command';
+            continue;
+        }
+    }
+    if (inFrontmatter)
+        return 'frontmatter';
+    if (inCodeBlock)
+        return 'codeblock';
+    return 'prose';
+}
+/**
+ * Determine if a pattern match is likely a false positive based on section context.
+ *
+ * For SKILL-010/011/012, matches in prose or frontmatter (including capabilities/permissions
+ * declarations) are treated as false positives. Only code blocks and command blocks
+ * are real signals for these checks.
+ */
+function isLikelyFalsePositive(checkId, line, section, fullContent) {
+    const contextSensitiveChecks = ['SKILL-010', 'SKILL-011', 'SKILL-012'];
+    if (!contextSensitiveChecks.includes(checkId)) {
+        return false;
+    }
+    // Matches inside capabilities/permissions YAML blocks are declarations, not attacks
+    if (section === 'frontmatter') {
+        return true;
+    }
+    // Prose mentions are false positives for these checks
+    if (section === 'prose') {
+        return true;
+    }
+    // Check if line is inside a permissions: or capabilities: YAML block in body
+    // (some skills declare permissions outside frontmatter in structured blocks)
+    const trimmedLine = line.trim();
+    if (/^(permissions|capabilities)\s*:/.test(trimmedLine)) {
+        return true;
+    }
+    // Check if the line is a YAML list item under permissions/capabilities
+    if (/^\s*-\s+/.test(line)) {
+        const lines = fullContent.split('\n');
+        const lineIdx = lines.indexOf(line);
+        if (lineIdx >= 0) {
+            // Look backwards for a permissions:/capabilities: header
+            for (let i = lineIdx - 1; i >= 0 && i >= lineIdx - 10; i--) {
+                const prevLine = lines[i].trim();
+                if (/^(permissions|capabilities)\s*:/.test(prevLine)) {
+                    return true;
+                }
+                // If we hit a non-indented, non-list line, stop looking
+                if (prevLine !== '' && !prevLine.startsWith('-') && !prevLine.startsWith(' ')) {
+                    break;
+                }
+            }
+        }
+    }
+    // Code blocks and command blocks are real signals
+    return false;
+}
+//# sourceMappingURL=skill-context.js.map

package/dist/hardening/skill-context.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"skill-context.js","sourceRoot":"","sources":["../../src/hardening/skill-context.ts"],"names":[],"mappings":";AAAA;;;;;;GAMG;;AAQH,oDA8DC;AASD,sDAkDC;AA7HD;;;GAGG;AACH,SAAgB,oBAAoB,CAAC,OAAe,EAAE,SAAiB;IACrE,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAClC,IAAI,SAAS,GAAG,CAAC,IAAI,SAAS,IAAI,KAAK,CAAC,MAAM,EAAE,CAAC;QAC/C,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,IAAI,aAAa,GAAG,KAAK,CAAC;IAC1B,IAAI,gBAAgB,GAAG,CAAC,CAAC;IACzB,IAAI,WAAW,GAAG,KAAK,CAAC;IAExB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,SAAS,EAAE,CAAC,EAAE,EAAE,CAAC;QACpC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QACtB,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QAE5B,sDAAsD;QACtD,IAAI,OAAO,KAAK,KAAK,IAAI,OAAO,KAAK,OAAO,EAAE,CAAC;YAC7C,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,gBAAgB,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC;gBAClD,aAAa,GAAG,IAAI,CAAC;gBACrB,gBAAgB,EAAE,CAAC;gBACnB,IAAI,CAAC,KAAK,SAAS;oBAAE,OAAO,aAAa,CAAC;gBAC1C,SAAS;YACX,CAAC;iBAAM,IAAI,aAAa,IAAI,gBAAgB,KAAK,CAAC,EAAE,CAAC;gBACnD,gBAAgB,EAAE,CAAC;gBACnB,aAAa,GAAG,KAAK,CAAC;gBACtB,IAAI,CAAC,KAAK,SAAS;oBAAE,OAAO,aAAa,CAAC;gBAC1C,SAAS;YACX,CAAC;QACH,CAAC;QAED,IAAI,aAAa,EAAE,CAAC;YAClB,IAAI,CAAC,KAAK,SAAS;gBAAE,OAAO,aAAa,CAAC;YAC1C,SAAS;QACX,CAAC;QAED,wCAAwC;QACxC,IAAI,gBAAgB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YACnC,WAAW,GAAG,CAAC,WAAW,CAAC;YAC3B,IAAI,CAAC,KAAK,SAAS;gBAAE,OAAO,WAAW,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,WAAW,CAAC;YACpE,SAAS;QACX,CAAC;QAED,IAAI,WAAW,EAAE,CAAC;YAChB,IAAI,CAAC,KAAK,SAAS;gBAAE,OAAO,WAAW,CAAC;YACxC,SAAS;QACX,CAAC;QAED,mCAAmC;QACnC,IAAI,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAC/B,IAAI,CAAC,KAAK,SAAS;gBAAE,OAAO,SAAS,CAAC;YACtC,SAAS;QACX,CAAC;QAED,oDAAoD;QACpD,IAAI,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;YACjE,IAAI,CAAC,KAAK,SAAS;gBAAE,OAAO,SAAS,CAAC;YACtC,SAAS;QACX,CAAC;IACH,CAAC;IAED,IAAI,aAAa;QAAE,OAAO,aAAa,CAAC;IACxC,IAAI,WAAW;QAAE,OAAO,WAAW,CAAC;IACpC,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;;;;GAMG;AACH,SAAgB,qBAAqB,CACnC,OAAe,EACf,IAAY,EACZ,OAAqB,EACrB,WAAmB;IAEnB,MAAM,sBAAsB,GAAG,CAAC,WAAW,EAAE,WAAW,EAAE,WAAW,CAAC,CAAC;IAEvE,IAAI,CAAC,sBAAsB,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;QAC9C,OAAO,KAAK,CAAC;IACf,CAAC;IAED,oFAAoF;IACpF,IAAI,OAAO,KAAK,aAAa,EAAE,CAAC;QAC9B,OAAO,IAAI,CAAC;IACd,CAAC;IAED,sDAAsD;IACtD,IAAI,OAAO,KAAK,OAAO,EAAE,CAAC;QACxB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,6EAA6E;IAC7E,6EAA6E;IAC7E,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;IAChC,IAAI,iCAAiC,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;QACxD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,uEAAuE;IACvE,IAAI,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;QAC1B,MAAM,KAAK,GAAG,WAAW,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QACtC,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QACpC,IAAI,OAAO,IAAI,CAAC,EAAE,CAAC;YACjB,yDAAyD;YACzD,KAAK,IAAI,CAAC,GAAG,OAAO,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,OAAO,GAAG,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC;gBAC3D,MAAM,QAAQ,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;gBACjC,IAAI,iCAAiC,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;oBACrD,OAAO,IAAI,CAAC;gBACd,CAAC;gBACD,wDAAwD;gBACxD,IAAI,QAAQ,KAAK,EAAE,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;oBAC9E,MAAM;gBACR,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,kDAAkD;IAClD,OAAO,KAAK,CAAC;AACf,CAAC"}

package/dist/hardening/taxonomy.d.ts

@@ -0,0 +1,17 @@
+/**
+ * Attack Taxonomy Mapping
+ * Maps HMA security check IDs to registry attack class identifiers.
+ * These identifiers match the attack_classes table in the OpenA2A Registry.
+ */
+import type { SecurityFinding } from './security-check';
+/**
+ * Look up the attack class for a given HMA check ID.
+ * Returns undefined if no mapping exists.
+ */
+export declare function getAttackClass(checkId: string): string | undefined;
+/**
+ * Enrich an array of SecurityFindings with their attack class mappings.
+ * Modifies findings in place.
+ */
+export declare function enrichWithTaxonomy(findings: SecurityFinding[]): void;
+//# sourceMappingURL=taxonomy.d.ts.map

package/dist/hardening/taxonomy.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"taxonomy.d.ts","sourceRoot":"","sources":["../../src/hardening/taxonomy.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AA4IxD;;;GAGG;AACH,wBAAgB,cAAc,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAElE;AAED;;;GAGG;AACH,wBAAgB,kBAAkB,CAAC,QAAQ,EAAE,eAAe,EAAE,GAAG,IAAI,CAOpE"}

package/dist/hardening/taxonomy.js

@@ -0,0 +1,152 @@
+"use strict";
+/**
+ * Attack Taxonomy Mapping
+ * Maps HMA security check IDs to registry attack class identifiers.
+ * These identifiers match the attack_classes table in the OpenA2A Registry.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getAttackClass = getAttackClass;
+exports.enrichWithTaxonomy = enrichWithTaxonomy;
+/** Maps HMA check ID prefixes and exact IDs to attack class identifiers */
+const TAXONOMY_MAP = {
+    // SOUL series
+    'SOUL-TH-001': 'SOUL-POISON',
+    'SOUL-TH-002': 'SOUL-POISON',
+    'SOUL-TH-003': 'SOUL-DRIFT',
+    'SOUL-TH-004': 'SOUL-DRIFT',
+    'SOUL-TH-005': 'SOUL-INJECT',
+    'SOUL-CB-001': 'SOUL-BOUNDARY',
+    'SOUL-CB-002': 'SOUL-BOUNDARY',
+    'SOUL-IH-001': 'SOUL-INJECT',
+    'SOUL-IH-002': 'SOUL-INJECT',
+    'PROMPT-001': 'SOUL-INJECT',
+    'PROMPT-002': 'SOUL-INJECT',
+    'PROMPT-003': 'SOUL-INJECT',
+    'PROMPT-004': 'SOUL-INJECT',
+    'SOUL-DH-001': 'SOUL-DELEGATE',
+    'SOUL-DH-002': 'SOUL-DELEGATE',
+    'SOUL-HB-001': 'SOUL-OVERRIDE',
+    'SOUL-HB-002': 'SOUL-OVERRIDE',
+    'SOUL-AS-001': 'SOUL-COLLUDE',
+    'SOUL-AS-002': 'SOUL-COLLUDE',
+    'SOUL-HT-001': 'SOUL-COLLUDE',
+    'SOUL-HT-002': 'SOUL-COLLUDE',
+    'SOUL-HO-001': 'SOUL-OVERRIDE',
+    'SOUL-HO-002': 'SOUL-OVERRIDE',
+    // Harm avoidance
+    'SOUL-HV-001': 'HV-DECEPTION',
+    'SOUL-HV-002': 'HV-MANIPULATION',
+    'SOUL-HV-003': 'HV-UNSAFE-CODE',
+    'SOUL-HV-004': 'HV-RESOURCE-ABUSE',
+    // Credential exposure
+    'CRED-001': 'CRED-HARVEST',
+    'CRED-002': 'CRED-HARVEST',
+    'CRED-003': 'CRED-HARVEST',
+    'CRED-004': 'CRED-HARVEST',
+    // Unicode steganography
+    'UNICODE-STEGO-001': 'STEGO-INJECT',
+    'UNICODE-STEGO-002': 'STEGO-INJECT',
+    'UNICODE-STEGO-003': 'STEGO-INJECT',
+    'UNICODE-STEGO-004': 'STEGO-INJECT',
+    // OpenClaw persistence
+    'HEARTBEAT-001': 'SOUL-PERSIST',
+    'HEARTBEAT-002': 'SOUL-PERSIST',
+    'HEARTBEAT-003': 'SOUL-PERSIST',
+    'HEARTBEAT-004': 'SOUL-PERSIST',
+    'HEARTBEAT-005': 'SOUL-PERSIST',
+    'HEARTBEAT-006': 'SOUL-PERSIST',
+    'SKILL-002': 'SOUL-PERSIST',
+    'SKILL-003': 'SOUL-PERSIST',
+    // Skill exfiltration
+    'SKILL-006': 'SOUL-EXFIL',
+    'NET-001': 'SOUL-EXFIL',
+    'NET-002': 'SOUL-EXFIL',
+    'NET-003': 'SOUL-EXFIL',
+    // Supply chain
+    'SUPPLY-001': 'ORG-SKILL-SUPPLY',
+    'SUPPLY-002': 'ORG-SKILL-SUPPLY',
+    'SUPPLY-003': 'ORG-SKILL-SUPPLY',
+    'SUPPLY-004': 'ORG-SKILL-SUPPLY',
+    'SUPPLY-005': 'ORG-SKILL-SUPPLY',
+    'SUPPLY-006': 'ORG-SKILL-SUPPLY',
+    'SUPPLY-007': 'ORG-SKILL-SUPPLY',
+    'SUPPLY-008': 'ORG-SKILL-SUPPLY',
+    'DEP-001': 'ORG-SKILL-SUPPLY',
+    'DEP-002': 'ORG-SKILL-SUPPLY',
+    'DEP-003': 'ORG-SKILL-SUPPLY',
+    'DEP-004': 'ORG-SKILL-SUPPLY',
+    // Memory/context
+    'MEM-001': 'MEM-POISON',
+    'MEM-002': 'MEM-POISON',
+    'MEM-003': 'MEM-POISON',
+    'MEM-004': 'MEM-POISON',
+    'MEM-005': 'MEM-POISON',
+    // RAG poisoning
+    'RAG-001': 'RAG-POISON',
+    'RAG-002': 'RAG-POISON',
+    'RAG-003': 'RAG-POISON',
+    'RAG-004': 'RAG-POISON',
+    // Identity spoofing
+    'AIM-001': 'IDENTITY-SPOOF',
+    'AIM-002': 'IDENTITY-SPOOF',
+    'AIM-003': 'IDENTITY-SPOOF',
+    // Agent DNA forgery
+    'DNA-001': 'DNA-FORGE',
+    'DNA-002': 'DNA-FORGE',
+    'DNA-003': 'DNA-FORGE',
+    // Skill memory
+    'SKILL-MEM-001': 'SKILL-MEM',
+    // Adversarial skill
+    'SKILL-001': 'SKILL-ADVERSARIAL',
+    'SKILL-004': 'SKILL-ADVERSARIAL',
+    'SKILL-005': 'SKILL-ADVERSARIAL',
+    'SKILL-007': 'SKILL-ADVERSARIAL',
+    'SKILL-008': 'SKILL-ADVERSARIAL',
+    'SKILL-009': 'SKILL-ADVERSARIAL',
+    'SKILL-010': 'SKILL-ADVERSARIAL',
+    'SKILL-011': 'SKILL-ADVERSARIAL',
+    'SKILL-012': 'SKILL-ADVERSARIAL',
+    'SKILL-018': 'SKILL-ADVERSARIAL',
+    'SKILL-019': 'SKILL-ADVERSARIAL',
+    'HEARTBEAT-007': 'SKILL-ADVERSARIAL',
+    // Gateway/config
+    'GATEWAY-001': 'GATEWAY-EXPLOIT',
+    'GATEWAY-002': 'GATEWAY-EXPLOIT',
+    'GATEWAY-003': 'GATEWAY-EXPLOIT',
+    'GATEWAY-004': 'GATEWAY-EXPLOIT',
+    'GATEWAY-005': 'GATEWAY-EXPLOIT',
+    'GATEWAY-006': 'GATEWAY-EXPLOIT',
+    'GATEWAY-007': 'GATEWAY-EXPLOIT',
+    'GATEWAY-008': 'GATEWAY-EXPLOIT',
+    // MCP exploitation
+    'MCP-001': 'MCP-EXPLOIT',
+    'MCP-002': 'MCP-EXPLOIT',
+    'MCP-003': 'MCP-EXPLOIT',
+    'MCP-004': 'MCP-EXPLOIT',
+    'MCP-005': 'MCP-EXPLOIT',
+    'MCP-006': 'MCP-EXPLOIT',
+    'MCP-007': 'MCP-EXPLOIT',
+    'MCP-008': 'MCP-EXPLOIT',
+    'MCP-009': 'MCP-EXPLOIT',
+    'MCP-010': 'MCP-EXPLOIT',
+};
+/**
+ * Look up the attack class for a given HMA check ID.
+ * Returns undefined if no mapping exists.
+ */
+function getAttackClass(checkId) {
+    return TAXONOMY_MAP[checkId];
+}
+/**
+ * Enrich an array of SecurityFindings with their attack class mappings.
+ * Modifies findings in place.
+ */
+function enrichWithTaxonomy(findings) {
+    for (const finding of findings) {
+        const attackClass = getAttackClass(finding.checkId);
+        if (attackClass) {
+            finding.attackClass = attackClass;
+        }
+    }
+}
+//# sourceMappingURL=taxonomy.js.map

package/dist/hardening/taxonomy.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"taxonomy.js","sourceRoot":"","sources":["../../src/hardening/taxonomy.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;AAkJH,wCAEC;AAMD,gDAOC;AA7JD,2EAA2E;AAC3E,MAAM,YAAY,GAA2B;IAC3C,cAAc;IACd,aAAa,EAAE,aAAa;IAC5B,aAAa,EAAE,aAAa;IAC5B,aAAa,EAAE,YAAY;IAC3B,aAAa,EAAE,YAAY;IAC3B,aAAa,EAAE,aAAa;IAC5B,aAAa,EAAE,eAAe;IAC9B,aAAa,EAAE,eAAe;IAC9B,aAAa,EAAE,aAAa;IAC5B,aAAa,EAAE,aAAa;IAC5B,YAAY,EAAE,aAAa;IAC3B,YAAY,EAAE,aAAa;IAC3B,YAAY,EAAE,aAAa;IAC3B,YAAY,EAAE,aAAa;IAC3B,aAAa,EAAE,eAAe;IAC9B,aAAa,EAAE,eAAe;IAC9B,aAAa,EAAE,eAAe;IAC9B,aAAa,EAAE,eAAe;IAC9B,aAAa,EAAE,cAAc;IAC7B,aAAa,EAAE,cAAc;IAC7B,aAAa,EAAE,cAAc;IAC7B,aAAa,EAAE,cAAc;IAC7B,aAAa,EAAE,eAAe;IAC9B,aAAa,EAAE,eAAe;IAE9B,iBAAiB;IACjB,aAAa,EAAE,cAAc;IAC7B,aAAa,EAAE,iBAAiB;IAChC,aAAa,EAAE,gBAAgB;IAC/B,aAAa,EAAE,mBAAmB;IAElC,sBAAsB;IACtB,UAAU,EAAE,cAAc;IAC1B,UAAU,EAAE,cAAc;IAC1B,UAAU,EAAE,cAAc;IAC1B,UAAU,EAAE,cAAc;IAE1B,wBAAwB;IACxB,mBAAmB,EAAE,cAAc;IACnC,mBAAmB,EAAE,cAAc;IACnC,mBAAmB,EAAE,cAAc;IACnC,mBAAmB,EAAE,cAAc;IAEnC,uBAAuB;IACvB,eAAe,EAAE,cAAc;IAC/B,eAAe,EAAE,cAAc;IAC/B,eAAe,EAAE,cAAc;IAC/B,eAAe,EAAE,cAAc;IAC/B,eAAe,EAAE,cAAc;IAC/B,eAAe,EAAE,cAAc;IAC/B,WAAW,EAAE,cAAc;IAC3B,WAAW,EAAE,cAAc;IAE3B,qBAAqB;IACrB,WAAW,EAAE,YAAY;IACzB,SAAS,EAAE,YAAY;IACvB,SAAS,EAAE,YAAY;IACvB,SAAS,EAAE,YAAY;IAEvB,eAAe;IACf,YAAY,EAAE,kBAAkB;IAChC,YAAY,EAAE,kBAAkB;IAChC,YAAY,EAAE,kBAAkB;IAChC,YAAY,EAAE,kBAAkB;IAChC,YAAY,EAAE,kBAAkB;IAChC,YAAY,EAAE,kBAAkB;IAChC,YAAY,EAAE,kBAAkB;IAChC,YAAY,EAAE,kBAAkB;IAChC,SAAS,EAAE,kBAAkB;IAC7B,SAAS,EAAE,kBAAkB;IAC7B,SAAS,EAAE,kBAAkB;IAC7B,SAAS,EAAE,kBAAkB;IAE7B,iBAAiB;IACjB,SAAS,EAAE,YAAY;IACvB,SAAS,EAAE,YAAY;IACvB,SAAS,EAAE,YAAY;IACvB,SAAS,EAAE,YAAY;IACvB,SAAS,EAAE,YAAY;IAEvB,gBAAgB;IAChB,SAAS,EAAE,YAAY;IACvB,SAAS,EAAE,YAAY;IACvB,SAAS,EAAE,YAAY;IACvB,SAAS,EAAE,YAAY;IAEvB,oBAAoB;IACpB,SAAS,EAAE,gBAAgB;IAC3B,SAAS,EAAE,gBAAgB;IAC3B,SAAS,EAAE,gBAAgB;IAE3B,oBAAoB;IACpB,SAAS,EAAE,WAAW;IACtB,SAAS,EAAE,WAAW;IACtB,SAAS,EAAE,WAAW;IAEtB,eAAe;IACf,eAAe,EAAE,WAAW;IAE5B,oBAAoB;IACpB,WAAW,EAAE,mBAAmB;IAChC,WAAW,EAAE,mBAAmB;IAChC,WAAW,EAAE,mBAAmB;IAChC,WAAW,EAAE,mBAAmB;IAChC,WAAW,EAAE,mBAAmB;IAChC,WAAW,EAAE,mBAAmB;IAChC,WAAW,EAAE,mBAAmB;IAChC,WAAW,EAAE,mBAAmB;IAChC,WAAW,EAAE,mBAAmB;IAChC,WAAW,EAAE,mBAAmB;IAChC,WAAW,EAAE,mBAAmB;IAChC,eAAe,EAAE,mBAAmB;IAEpC,iBAAiB;IACjB,aAAa,EAAE,iBAAiB;IAChC,aAAa,EAAE,iBAAiB;IAChC,aAAa,EAAE,iBAAiB;IAChC,aAAa,EAAE,iBAAiB;IAChC,aAAa,EAAE,iBAAiB;IAChC,aAAa,EAAE,iBAAiB;IAChC,aAAa,EAAE,iBAAiB;IAChC,aAAa,EAAE,iBAAiB;IAEhC,mBAAmB;IACnB,SAAS,EAAE,aAAa;IACxB,SAAS,EAAE,aAAa;IACxB,SAAS,EAAE,aAAa;IACxB,SAAS,EAAE,aAAa;IACxB,SAAS,EAAE,aAAa;IACxB,SAAS,EAAE,aAAa;IACxB,SAAS,EAAE,aAAa;IACxB,SAAS,EAAE,aAAa;IACxB,SAAS,EAAE,aAAa;IACxB,SAAS,EAAE,aAAa;CACzB,CAAC;AAEF;;;GAGG;AACH,SAAgB,cAAc,CAAC,OAAe;IAC5C,OAAO,YAAY,CAAC,OAAO,CAAC,CAAC;AAC/B,CAAC;AAED;;;GAGG;AACH,SAAgB,kBAAkB,CAAC,QAA2B;IAC5D,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,MAAM,WAAW,GAAG,cAAc,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QACpD,IAAI,WAAW,EAAE,CAAC;YAChB,OAAO,CAAC,WAAW,GAAG,WAAW,CAAC;QACpC,CAAC;IACH,CAAC;AACH,CAAC"}