hackmyagent 0.11.12 → 0.11.14

package/dist/index.d.ts

@@ -2,7 +2,7 @@
  * hackmyagent — Find it. Break it. Fix it.
  * Unified security toolkit for AI agents.
  */
-export declare const VERSION = "0.11.11";
+export declare const VERSION: string;
 export { checkSkill, parseSkillIdentifier, analyzePermissions, analyzeSkillDependencies, buildDependencyGraph, detectCircularDeps, detectPhantomDeps, detectUnpinnedDeps, parseSkillFrontmatter, } from './checker';
 export type { CheckResult, CheckOptions, PublisherInfo, PermissionInfo, RevocationInfo, RiskLevel, SkillIdentifier, PermissionAnalysis, SkillMetadata, DependencyGraph, } from './checker';
 export { HardeningScanner } from './hardening';

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,eAAO,MAAM,OAAO,YAAY,CAAC;AAGjC,OAAO,EACL,UAAU,EACV,oBAAoB,EACpB,kBAAkB,EAClB,wBAAwB,EACxB,oBAAoB,EACpB,kBAAkB,EAClB,iBAAiB,EACjB,kBAAkB,EAClB,qBAAqB,GACtB,MAAM,WAAW,CAAC;AAEnB,YAAY,EACV,WAAW,EACX,YAAY,EACZ,aAAa,EACb,cAAc,EACd,cAAc,EACd,SAAS,EACT,eAAe,EACf,kBAAkB,EAClB,aAAa,EACb,eAAe,GAChB,MAAM,WAAW,CAAC;AAGnB,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAC/C,YAAY,EAAE,WAAW,EAAE,eAAe,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AAG1E,OAAO,EAAE,eAAe,EAAE,MAAM,WAAW,CAAC;AAC5C,YAAY,EACV,kBAAkB,EAClB,eAAe,EACf,cAAc,EACd,eAAe,GAChB,MAAM,WAAW,CAAC;AAGnB,OAAO,EAAE,oBAAoB,EAAE,qBAAqB,EAAE,MAAM,aAAa,CAAC;AAC1E,YAAY,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAChD,OAAO,EACL,yBAAyB,IAAI,8BAA8B,EAC3D,uBAAuB,EACvB,oBAAoB,GACrB,MAAM,aAAa,CAAC;AACrB,YAAY,EAAE,yBAAyB,EAAE,kBAAkB,EAAE,MAAM,aAAa,CAAC;AAGjF,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAEzC,OAAO,EACL,iBAAiB,EACjB,YAAY,EACZ,aAAa,EACb,WAAW,EACX,cAAc,EACd,qBAAqB,EACrB,sBAAsB,EACtB,mBAAmB,EACnB,UAAU,EACV,yBAAyB,EACzB,mBAAmB,EACnB,6BAA6B,EAC7B,uBAAuB,EACvB,qBAAqB,EACrB,oBAAoB,GACrB,MAAM,UAAU,CAAC;AAElB,YAAY,EACV,cAAc,EACd,eAAe,EACf,cAAc,EACd,aAAa,EACb,YAAY,EACZ,YAAY,EACZ,YAAY,EACZ,aAAa,EACb,kBAAkB,EAClB,iBAAiB,EACjB,UAAU,GACX,MAAM,UAAU,CAAC;AAGlB,OAAO,EACL,iBAAiB,EACjB,cAAc,EACd,WAAW,EACX,mBAAmB,EACnB,sBAAsB,EACtB,mBAAmB,EACnB,eAAe,EACf,oBAAoB,EACpB,gBAAgB,GACjB,MAAM,cAAc,CAAC;AAEtB,YAAY,EACV,cAAc,EACd,gBAAgB,EAChB,iBAAiB,EACjB,eAAe,EACf,uBAAuB,EACvB,sBAAsB,EACtB,aAAa,GACd,MAAM,cAAc,CAAC;AAGtB,OAAO,EACL,cAAc,EACd,eAAe,EACf,iBAAiB,EACjB,oBAAoB,EACpB,0BAA0B,EAE1B,gBAAgB,EAChB,WAAW,EACX,mBAAmB,EACnB,kBAAkB,EAClB,mBAAmB,GACpB,MAAM,YAAY,CAAC;AAEpB,YAAY,EACV,cAAc,EACd,eAAe,EACf,iBAAiB,EACjB,oBAAoB,EACpB,YAAY,EACZ,eAAe,EACf,aAAa,GACd,MAAM,YAAY,CAAC;AAGpB,OAAO,EACL,kBAAkB,EAClB,yBAAyB,EACzB,iBAAiB,EACjB,mBAAmB,EACnB,uBAAuB,EACvB,WAAW,EACX,eAAe,EACf,QAAQ,EACR,aAAa,EACb,iBAAiB,EACjB,kBAAkB,EAClB,sBAAsB,EACtB,aAAa,EACb,mBAAmB,GACpB,MAAM,YAAY,CAAC;AAGpB,OAAO,EACL,cAAc,EACd,SAAS,EACT,WAAW,EACX,aAAa,GACd,MAAM,gBAAgB,CAAC;AAExB,YAAY,EACV,aAAa,EACb,cAAc,EACd,OAAO,IAAI,aAAa,EACxB,WAAW,EACX,UAAU,EACV,YAAY,EACZ,iBAAiB,GAClB,MAAM,gBAAgB,CAAC;AAGxB,OAAO,EAAE,YAAY,IAAI,qBAAqB,EAAE,MAAM,qBAAqB,CAAC;AAC5E,OAAO,EAAE,YAAY,IAAI,qBAAqB,EAAE,MAAM,qBAAqB,CAAC;AAC5E,OAAO,EAAE,YAAY,IAAI,sBAAsB,EAAE,MAAM,sBAAsB,CAAC;AAG9E,OAAO,EAAE,sBAAsB,EAAE,MAAM,OAAO,CAAC;AAC/C,OAAO,EAAE,sBAAsB,EAAE,uBAAuB,EAAE,yBAAyB,EAAE,MAAM,OAAO,CAAC;AACnG,YAAY,EAAE,oBAAoB,EAAE,gBAAgB,EAAE,mBAAmB,EAAE,MAAM,OAAO,CAAC;AAGzF,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,YAAY,EAAE,gBAAgB,EAAE,eAAe,EAAE,MAAM,QAAQ,CAAC;AACpG,YAAY,EACV,SAAS,EACT,YAAY,EACZ,SAAS,EACT,SAAS,EACT,YAAY,EACZ,YAAY,EACZ,cAAc,EACd,YAAY,GACb,MAAM,QAAQ,CAAC;AAChB,OAAO,EAAE,gBAAgB,EAAE,MAAM,QAAQ,CAAC;AAC1C,YAAY,EAAE,cAAc,EAAE,MAAM,QAAQ,CAAC;AAG7C,OAAO,EACL,wBAAwB,EACxB,mBAAmB,EACnB,cAAc,EACd,+BAA+B,EAC/B,UAAU,EACV,kBAAkB,EAClB,UAAU,EACV,kBAAkB,EAClB,mBAAmB,EACnB,sBAAsB,EACtB,kBAAkB,EAClB,oBAAoB,EACpB,oBAAoB,EACpB,yBAAyB,GAC1B,MAAM,aAAa,CAAC;AAErB,YAAY,EACV,iBAAiB,EACjB,iBAAiB,GAClB,MAAM,aAAa,CAAC;AAGrB,MAAM,WAAW,UAAU;IACzB,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,aAAa,EAAE,CAAC;IAC1B,SAAS,EAAE,IAAI,CAAC;CACjB;AAED,MAAM,WAAW,aAAa;IAC5B,EAAE,EAAE,MAAM,CAAC;IACX,QAAQ,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;IACjD,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,wBAAgB,aAAa,IAAI,OAAO,CAEvC;AAED,qBAAa,OAAO;IACZ,IAAI,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC;CAOhD"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAUH,eAAO,MAAM,OAAO,EAAE,MAAiB,CAAC;AAGxC,OAAO,EACL,UAAU,EACV,oBAAoB,EACpB,kBAAkB,EAClB,wBAAwB,EACxB,oBAAoB,EACpB,kBAAkB,EAClB,iBAAiB,EACjB,kBAAkB,EAClB,qBAAqB,GACtB,MAAM,WAAW,CAAC;AAEnB,YAAY,EACV,WAAW,EACX,YAAY,EACZ,aAAa,EACb,cAAc,EACd,cAAc,EACd,SAAS,EACT,eAAe,EACf,kBAAkB,EAClB,aAAa,EACb,eAAe,GAChB,MAAM,WAAW,CAAC;AAGnB,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAC/C,YAAY,EAAE,WAAW,EAAE,eAAe,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AAG1E,OAAO,EAAE,eAAe,EAAE,MAAM,WAAW,CAAC;AAC5C,YAAY,EACV,kBAAkB,EAClB,eAAe,EACf,cAAc,EACd,eAAe,GAChB,MAAM,WAAW,CAAC;AAGnB,OAAO,EAAE,oBAAoB,EAAE,qBAAqB,EAAE,MAAM,aAAa,CAAC;AAC1E,YAAY,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAChD,OAAO,EACL,yBAAyB,IAAI,8BAA8B,EAC3D,uBAAuB,EACvB,oBAAoB,GACrB,MAAM,aAAa,CAAC;AACrB,YAAY,EAAE,yBAAyB,EAAE,kBAAkB,EAAE,MAAM,aAAa,CAAC;AAGjF,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAEzC,OAAO,EACL,iBAAiB,EACjB,YAAY,EACZ,aAAa,EACb,WAAW,EACX,cAAc,EACd,qBAAqB,EACrB,sBAAsB,EACtB,mBAAmB,EACnB,UAAU,EACV,yBAAyB,EACzB,mBAAmB,EACnB,6BAA6B,EAC7B,uBAAuB,EACvB,qBAAqB,EACrB,oBAAoB,GACrB,MAAM,UAAU,CAAC;AAElB,YAAY,EACV,cAAc,EACd,eAAe,EACf,cAAc,EACd,aAAa,EACb,YAAY,EACZ,YAAY,EACZ,YAAY,EACZ,aAAa,EACb,kBAAkB,EAClB,iBAAiB,EACjB,UAAU,GACX,MAAM,UAAU,CAAC;AAGlB,OAAO,EACL,iBAAiB,EACjB,cAAc,EACd,WAAW,EACX,mBAAmB,EACnB,sBAAsB,EACtB,mBAAmB,EACnB,eAAe,EACf,oBAAoB,EACpB,gBAAgB,GACjB,MAAM,cAAc,CAAC;AAEtB,YAAY,EACV,cAAc,EACd,gBAAgB,EAChB,iBAAiB,EACjB,eAAe,EACf,uBAAuB,EACvB,sBAAsB,EACtB,aAAa,GACd,MAAM,cAAc,CAAC;AAGtB,OAAO,EACL,cAAc,EACd,eAAe,EACf,iBAAiB,EACjB,oBAAoB,EACpB,0BAA0B,EAE1B,gBAAgB,EAChB,WAAW,EACX,mBAAmB,EACnB,kBAAkB,EAClB,mBAAmB,GACpB,MAAM,YAAY,CAAC;AAEpB,YAAY,EACV,cAAc,EACd,eAAe,EACf,iBAAiB,EACjB,oBAAoB,EACpB,YAAY,EACZ,eAAe,EACf,aAAa,GACd,MAAM,YAAY,CAAC;AAGpB,OAAO,EACL,kBAAkB,EAClB,yBAAyB,EACzB,iBAAiB,EACjB,mBAAmB,EACnB,uBAAuB,EACvB,WAAW,EACX,eAAe,EACf,QAAQ,EACR,aAAa,EACb,iBAAiB,EACjB,kBAAkB,EAClB,sBAAsB,EACtB,aAAa,EACb,mBAAmB,GACpB,MAAM,YAAY,CAAC;AAGpB,OAAO,EACL,cAAc,EACd,SAAS,EACT,WAAW,EACX,aAAa,GACd,MAAM,gBAAgB,CAAC;AAExB,YAAY,EACV,aAAa,EACb,cAAc,EACd,OAAO,IAAI,aAAa,EACxB,WAAW,EACX,UAAU,EACV,YAAY,EACZ,iBAAiB,GAClB,MAAM,gBAAgB,CAAC;AAGxB,OAAO,EAAE,YAAY,IAAI,qBAAqB,EAAE,MAAM,qBAAqB,CAAC;AAC5E,OAAO,EAAE,YAAY,IAAI,qBAAqB,EAAE,MAAM,qBAAqB,CAAC;AAC5E,OAAO,EAAE,YAAY,IAAI,sBAAsB,EAAE,MAAM,sBAAsB,CAAC;AAG9E,OAAO,EAAE,sBAAsB,EAAE,MAAM,OAAO,CAAC;AAC/C,OAAO,EAAE,sBAAsB,EAAE,uBAAuB,EAAE,yBAAyB,EAAE,MAAM,OAAO,CAAC;AACnG,YAAY,EAAE,oBAAoB,EAAE,gBAAgB,EAAE,mBAAmB,EAAE,MAAM,OAAO,CAAC;AAGzF,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,YAAY,EAAE,gBAAgB,EAAE,eAAe,EAAE,MAAM,QAAQ,CAAC;AACpG,YAAY,EACV,SAAS,EACT,YAAY,EACZ,SAAS,EACT,SAAS,EACT,YAAY,EACZ,YAAY,EACZ,cAAc,EACd,YAAY,GACb,MAAM,QAAQ,CAAC;AAChB,OAAO,EAAE,gBAAgB,EAAE,MAAM,QAAQ,CAAC;AAC1C,YAAY,EAAE,cAAc,EAAE,MAAM,QAAQ,CAAC;AAG7C,OAAO,EACL,wBAAwB,EACxB,mBAAmB,EACnB,cAAc,EACd,+BAA+B,EAC/B,UAAU,EACV,kBAAkB,EAClB,UAAU,EACV,kBAAkB,EAClB,mBAAmB,EACnB,sBAAsB,EACtB,kBAAkB,EAClB,oBAAoB,EACpB,oBAAoB,EACpB,yBAAyB,GAC1B,MAAM,aAAa,CAAC;AAErB,YAAY,EACV,iBAAiB,EACjB,iBAAiB,GAClB,MAAM,aAAa,CAAC;AAGrB,MAAM,WAAW,UAAU;IACzB,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,aAAa,EAAE,CAAC;IAC1B,SAAS,EAAE,IAAI,CAAC;CACjB;AAED,MAAM,WAAW,aAAa;IAC5B,EAAE,EAAE,MAAM,CAAC;IACX,QAAQ,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;IACjD,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,wBAAgB,aAAa,IAAI,OAAO,CAEvC;AAED,qBAAa,OAAO;IACZ,IAAI,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC;CAOhD"}

package/dist/index.js

@@ -7,7 +7,15 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.buildPublishPayload = exports.signPayload = exports.readAgentKeypair = exports.buildCommunityAttackReport = exports.buildCommunityReport = exports.buildAttackReport = exports.buildScanReport = exports.RegistryClient = exports.isValidBenchmark = exports.AVAILABLE_BENCHMARKS = exports.calculateRating = exports.getCheckIdsForLevel = exports.getControlsForCategory = exports.getControlsForLevel = exports.OASB_1_NAME = exports.OASB_1_VERSION = exports.OASB_1_CATEGORIES = exports.TOOL_SHADOW_PAYLOADS = exports.SUPPLY_CHAIN_PAYLOADS = exports.CONTEXT_WINDOW_PAYLOADS = exports.MEMORY_WEAPONIZATION_PAYLOADS = exports.A2A_ATTACK_PAYLOADS = exports.MCP_EXPLOITATION_PAYLOADS = exports.shouldFail = exports.parseCustomPayloads = exports.getPayloadsByIntensity = exports.getPayloadsByCategory = exports.getPayloadById = exports.getPayloads = exports.PAYLOAD_STATS = exports.ALL_PAYLOADS = exports.ATTACK_CATEGORIES = exports.AttackScanner = exports.validateCapabilities = exports.inferActualCapabilities = exports.parseSkillDeclaredCapabilities = exports.isLikelyFalsePositive = exports.classifySkillSection = exports.ExternalScanner = exports.HardeningScanner = exports.parseSkillFrontmatter = exports.detectUnpinnedDeps = exports.detectPhantomDeps = exports.detectCircularDeps = exports.buildDependencyGraph = exports.analyzeSkillDependencies = exports.analyzePermissions = exports.parseSkillIdentifier = exports.checkSkill = exports.VERSION = void 0;
 exports.Scanner = exports.recordScanAndMaybeShowTip = exports.showContributePrompt = exports.saveContributeChoice = exports.incrementScanCount = exports.shouldPromptContribute = exports.isContributeEnabled = exports.submitContribution = exports.flushQueue = exports.queueAndMaybeFlush = exports.queueEvent = exports.buildContributionPayloadFromDir = exports.buildScanEvent = exports.getContributorToken = exports.generateContributorToken = exports.DOMAIN_TEMPLATES = exports.PROFILE_DOMAINS = exports.GOVERNANCE_FILES = exports.DOMAIN_ORDER = exports.CONTROL_DEFS = exports.SoulScanner = exports.parseDeclaredCapabilities = exports.createCapabilityMonitor = exports.SkillCapabilityMonitor = exports.AgentRuntimeProtection = exports.createSkillguardPlugin = exports.createSigncryptPlugin = exports.createCredVaultPlugin = exports.clearRegistry = exports.listPlugins = exports.getPlugin = exports.registerPlugin = exports.buildDeepScanResult = exports.CostEstimator = exports.SEMANTIC_OASB_MAPPINGS = exports.toSecurityFindings = exports.toSecurityFinding = exports.BudgetTracker = exports.LLMCache = exports.AnthropicClient = exports.LLMAnalyzer = exports.PermissionModelAnalyzer = exports.InstructionAnalyzer = exports.McpConfigAnalyzer = exports.CredentialContextAnalyzer = exports.StructuralAnalyzer = exports.formatPublishOutput = exports.publishScanResults = void 0;
 exports.createScanner = createScanner;
-exports.VERSION = '0.11.11';
+const node_fs_1 = require("node:fs");
+const node_path_1 = require("node:path");
+let _version = '0.12.0';
+try {
+    const pkgJson = JSON.parse((0, node_fs_1.readFileSync)((0, node_path_1.join)(__dirname, '..', 'package.json'), 'utf-8'));
+    _version = pkgJson.version;
+}
+catch { /* use fallback */ }
+exports.VERSION = _version;
 // Checker module
 var checker_1 = require("./checker");
 Object.defineProperty(exports, "checkSkill", { enumerable: true, get: function () { return checker_1.checkSkill; } });

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;;AA0OH,sCAEC;AA1OY,QAAA,OAAO,GAAG,SAAS,CAAC;AAEjC,iBAAiB;AACjB,qCAUmB;AATjB,qGAAA,UAAU,OAAA;AACV,+GAAA,oBAAoB,OAAA;AACpB,6GAAA,kBAAkB,OAAA;AAClB,mHAAA,wBAAwB,OAAA;AACxB,+GAAA,oBAAoB,OAAA;AACpB,6GAAA,kBAAkB,OAAA;AAClB,4GAAA,iBAAiB,OAAA;AACjB,6GAAA,kBAAkB,OAAA;AAClB,gHAAA,qBAAqB,OAAA;AAgBvB,mBAAmB;AACnB,yCAA+C;AAAtC,6GAAA,gBAAgB,OAAA;AAGzB,0BAA0B;AAC1B,qCAA4C;AAAnC,0GAAA,eAAe,OAAA;AAQxB,wBAAwB;AACxB,yCAA0E;AAAjE,iHAAA,oBAAoB,OAAA;AAAE,kHAAA,qBAAqB,OAAA;AAEpD,yCAIqB;AAHnB,2HAAA,yBAAyB,OAAkC;AAC3D,oHAAA,uBAAuB,OAAA;AACvB,iHAAA,oBAAoB,OAAA;AAItB,gBAAgB;AAChB,mCAAyC;AAAhC,uGAAA,aAAa,OAAA;AAEtB,mCAgBkB;AAfhB,2GAAA,iBAAiB,OAAA;AACjB,sGAAA,YAAY,OAAA;AACZ,uGAAA,aAAa,OAAA;AACb,qGAAA,WAAW,OAAA;AACX,wGAAA,cAAc,OAAA;AACd,+GAAA,qBAAqB,OAAA;AACrB,gHAAA,sBAAsB,OAAA;AACtB,6GAAA,mBAAmB,OAAA;AACnB,oGAAA,UAAU,OAAA;AACV,mHAAA,yBAAyB,OAAA;AACzB,6GAAA,mBAAmB,OAAA;AACnB,uHAAA,6BAA6B,OAAA;AAC7B,iHAAA,uBAAuB,OAAA;AACvB,+GAAA,qBAAqB,OAAA;AACrB,8GAAA,oBAAoB,OAAA;AAiBtB,oBAAoB;AACpB,2CAUsB;AATpB,+GAAA,iBAAiB,OAAA;AACjB,4GAAA,cAAc,OAAA;AACd,yGAAA,WAAW,OAAA;AACX,iHAAA,mBAAmB,OAAA;AACnB,oHAAA,sBAAsB,OAAA;AACtB,iHAAA,mBAAmB,OAAA;AACnB,6GAAA,eAAe,OAAA;AACf,kHAAA,oBAAoB,OAAA;AACpB,8GAAA,gBAAgB,OAAA;AAalB,kBAAkB;AAClB,uCAYoB;AAXlB,0GAAA,cAAc,OAAA;AACd,2GAAA,eAAe,OAAA;AACf,6GAAA,iBAAiB,OAAA;AACjB,gHAAA,oBAAoB,OAAA;AACpB,sHAAA,0BAA0B,OAAA;AAC1B,mBAAmB;AACnB,4GAAA,gBAAgB,OAAA;AAChB,uGAAA,WAAW,OAAA;AACX,+GAAA,mBAAmB,OAAA;AACnB,8GAAA,kBAAkB,OAAA;AAClB,+GAAA,mBAAmB,OAAA;AAarB,+CAA+C;AAC/C,uCAeoB;AAdlB,8GAAA,kBAAkB,OAAA;AAClB,qHAAA,yBAAyB,OAAA;AACzB,6GAAA,iBAAiB,OAAA;AACjB,+GAAA,mBAAmB,OAAA;AACnB,mHAAA,uBAAuB,OAAA;AACvB,uGAAA,WAAW,OAAA;AACX,2GAAA,eAAe,OAAA;AACf,oGAAA,QAAQ,OAAA;AACR,yGAAA,aAAa,OAAA;AACb,6GAAA,iBAAiB,OAAA;AACjB,8GAAA,kBAAkB,OAAA;AAClB,kHAAA,sBAAsB,OAAA;AACtB,yGAAA,aAAa,OAAA;AACb,+GAAA,mBAAmB,OAAA;AAGrB,gBAAgB;AAChB,uCAKwB;AAJtB,sGAAA,cAAc,OAAA;AACd,iGAAA,SAAS,OAAA;AACT,mGAAA,WAAW,OAAA;AACX,qGAAA,aAAa,OAAA;AAaf,mBAAmB;AACnB,iDAA4E;AAAnE,kHAAA,YAAY,OAAyB;AAC9C,iDAA4E;AAAnE,kHAAA,YAAY,OAAyB;AAC9C,mDAA8E;AAArE,oHAAA,YAAY,OAA0B;AAE/C,2BAA2B;AAC3B,6BAA+C;AAAtC,6GAAA,sBAAsB,OAAA;AAC/B,6BAAmG;AAA1F,6GAAA,sBAAsB,OAAA;AAAE,8GAAA,uBAAuB,OAAA;AAAE,gHAAA,yBAAyB,OAAA;AAGnF,8CAA8C;AAC9C,+BAAoG;AAA3F,mGAAA,WAAW,OAAA;AAAE,oGAAA,YAAY,OAAA;AAAE,oGAAA,YAAY,OAAA;AAAE,wGAAA,gBAAgB,OAAA;AAAE,uGAAA,eAAe,OAAA;AAWnF,+BAA0C;AAAjC,wGAAA,gBAAgB,OAAA;AAGzB,iEAAiE;AACjE,yCAeqB;AAdnB,qHAAA,wBAAwB,OAAA;AACxB,gHAAA,mBAAmB,OAAA;AACnB,2GAAA,cAAc,OAAA;AACd,4HAAA,+BAA+B,OAAA;AAC/B,uGAAA,UAAU,OAAA;AACV,+GAAA,kBAAkB,OAAA;AAClB,uGAAA,UAAU,OAAA;AACV,+GAAA,kBAAkB,OAAA;AAClB,gHAAA,mBAAmB,OAAA;AACnB,mHAAA,sBAAsB,OAAA;AACtB,+GAAA,kBAAkB,OAAA;AAClB,iHAAA,oBAAoB,OAAA;AACpB,iHAAA,oBAAoB,OAAA;AACpB,sHAAA,yBAAyB,OAAA;AAsB3B,SAAgB,aAAa;IAC3B,OAAO,IAAI,OAAO,EAAE,CAAC;AACvB,CAAC;AAED,MAAa,OAAO;IAClB,KAAK,CAAC,IAAI,CAAC,MAAc;QACvB,OAAO;YACL,MAAM;YACN,QAAQ,EAAE,EAAE;YACZ,SAAS,EAAE,IAAI,IAAI,EAAE;SACtB,CAAC;IACJ,CAAC;CACF;AARD,0BAQC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;;AAkPH,sCAEC;AAlPD,qCAAuC;AACvC,yCAAiC;AAEjC,IAAI,QAAQ,GAAG,QAAQ,CAAC;AACxB,IAAI,CAAC;IACH,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,IAAA,sBAAY,EAAC,IAAA,gBAAI,EAAC,SAAS,EAAE,IAAI,EAAE,cAAc,CAAC,EAAE,OAAO,CAAC,CAAC,CAAC;IACzF,QAAQ,GAAG,OAAO,CAAC,OAAO,CAAC;AAC7B,CAAC;AAAC,MAAM,CAAC,CAAC,kBAAkB,CAAC,CAAC;AACjB,QAAA,OAAO,GAAW,QAAQ,CAAC;AAExC,iBAAiB;AACjB,qCAUmB;AATjB,qGAAA,UAAU,OAAA;AACV,+GAAA,oBAAoB,OAAA;AACpB,6GAAA,kBAAkB,OAAA;AAClB,mHAAA,wBAAwB,OAAA;AACxB,+GAAA,oBAAoB,OAAA;AACpB,6GAAA,kBAAkB,OAAA;AAClB,4GAAA,iBAAiB,OAAA;AACjB,6GAAA,kBAAkB,OAAA;AAClB,gHAAA,qBAAqB,OAAA;AAgBvB,mBAAmB;AACnB,yCAA+C;AAAtC,6GAAA,gBAAgB,OAAA;AAGzB,0BAA0B;AAC1B,qCAA4C;AAAnC,0GAAA,eAAe,OAAA;AAQxB,wBAAwB;AACxB,yCAA0E;AAAjE,iHAAA,oBAAoB,OAAA;AAAE,kHAAA,qBAAqB,OAAA;AAEpD,yCAIqB;AAHnB,2HAAA,yBAAyB,OAAkC;AAC3D,oHAAA,uBAAuB,OAAA;AACvB,iHAAA,oBAAoB,OAAA;AAItB,gBAAgB;AAChB,mCAAyC;AAAhC,uGAAA,aAAa,OAAA;AAEtB,mCAgBkB;AAfhB,2GAAA,iBAAiB,OAAA;AACjB,sGAAA,YAAY,OAAA;AACZ,uGAAA,aAAa,OAAA;AACb,qGAAA,WAAW,OAAA;AACX,wGAAA,cAAc,OAAA;AACd,+GAAA,qBAAqB,OAAA;AACrB,gHAAA,sBAAsB,OAAA;AACtB,6GAAA,mBAAmB,OAAA;AACnB,oGAAA,UAAU,OAAA;AACV,mHAAA,yBAAyB,OAAA;AACzB,6GAAA,mBAAmB,OAAA;AACnB,uHAAA,6BAA6B,OAAA;AAC7B,iHAAA,uBAAuB,OAAA;AACvB,+GAAA,qBAAqB,OAAA;AACrB,8GAAA,oBAAoB,OAAA;AAiBtB,oBAAoB;AACpB,2CAUsB;AATpB,+GAAA,iBAAiB,OAAA;AACjB,4GAAA,cAAc,OAAA;AACd,yGAAA,WAAW,OAAA;AACX,iHAAA,mBAAmB,OAAA;AACnB,oHAAA,sBAAsB,OAAA;AACtB,iHAAA,mBAAmB,OAAA;AACnB,6GAAA,eAAe,OAAA;AACf,kHAAA,oBAAoB,OAAA;AACpB,8GAAA,gBAAgB,OAAA;AAalB,kBAAkB;AAClB,uCAYoB;AAXlB,0GAAA,cAAc,OAAA;AACd,2GAAA,eAAe,OAAA;AACf,6GAAA,iBAAiB,OAAA;AACjB,gHAAA,oBAAoB,OAAA;AACpB,sHAAA,0BAA0B,OAAA;AAC1B,mBAAmB;AACnB,4GAAA,gBAAgB,OAAA;AAChB,uGAAA,WAAW,OAAA;AACX,+GAAA,mBAAmB,OAAA;AACnB,8GAAA,kBAAkB,OAAA;AAClB,+GAAA,mBAAmB,OAAA;AAarB,+CAA+C;AAC/C,uCAeoB;AAdlB,8GAAA,kBAAkB,OAAA;AAClB,qHAAA,yBAAyB,OAAA;AACzB,6GAAA,iBAAiB,OAAA;AACjB,+GAAA,mBAAmB,OAAA;AACnB,mHAAA,uBAAuB,OAAA;AACvB,uGAAA,WAAW,OAAA;AACX,2GAAA,eAAe,OAAA;AACf,oGAAA,QAAQ,OAAA;AACR,yGAAA,aAAa,OAAA;AACb,6GAAA,iBAAiB,OAAA;AACjB,8GAAA,kBAAkB,OAAA;AAClB,kHAAA,sBAAsB,OAAA;AACtB,yGAAA,aAAa,OAAA;AACb,+GAAA,mBAAmB,OAAA;AAGrB,gBAAgB;AAChB,uCAKwB;AAJtB,sGAAA,cAAc,OAAA;AACd,iGAAA,SAAS,OAAA;AACT,mGAAA,WAAW,OAAA;AACX,qGAAA,aAAa,OAAA;AAaf,mBAAmB;AACnB,iDAA4E;AAAnE,kHAAA,YAAY,OAAyB;AAC9C,iDAA4E;AAAnE,kHAAA,YAAY,OAAyB;AAC9C,mDAA8E;AAArE,oHAAA,YAAY,OAA0B;AAE/C,2BAA2B;AAC3B,6BAA+C;AAAtC,6GAAA,sBAAsB,OAAA;AAC/B,6BAAmG;AAA1F,6GAAA,sBAAsB,OAAA;AAAE,8GAAA,uBAAuB,OAAA;AAAE,gHAAA,yBAAyB,OAAA;AAGnF,8CAA8C;AAC9C,+BAAoG;AAA3F,mGAAA,WAAW,OAAA;AAAE,oGAAA,YAAY,OAAA;AAAE,oGAAA,YAAY,OAAA;AAAE,wGAAA,gBAAgB,OAAA;AAAE,uGAAA,eAAe,OAAA;AAWnF,+BAA0C;AAAjC,wGAAA,gBAAgB,OAAA;AAGzB,iEAAiE;AACjE,yCAeqB;AAdnB,qHAAA,wBAAwB,OAAA;AACxB,gHAAA,mBAAmB,OAAA;AACnB,2GAAA,cAAc,OAAA;AACd,4HAAA,+BAA+B,OAAA;AAC/B,uGAAA,UAAU,OAAA;AACV,+GAAA,kBAAkB,OAAA;AAClB,uGAAA,UAAU,OAAA;AACV,+GAAA,kBAAkB,OAAA;AAClB,gHAAA,mBAAmB,OAAA;AACnB,mHAAA,sBAAsB,OAAA;AACtB,+GAAA,kBAAkB,OAAA;AAClB,iHAAA,oBAAoB,OAAA;AACpB,iHAAA,oBAAoB,OAAA;AACpB,sHAAA,yBAAyB,OAAA;AAsB3B,SAAgB,aAAa;IAC3B,OAAO,IAAI,OAAO,EAAE,CAAC;AACvB,CAAC;AAED,MAAa,OAAO;IAClB,KAAK,CAAC,IAAI,CAAC,MAAc;QACvB,OAAO;YACL,MAAM;YACN,QAAQ,EAAE,EAAE;YACZ,SAAS,EAAE,IAAI,IAAI,EAAE;SACtB,CAAC;IACJ,CAAC;CACF;AARD,0BAQC"}

package/dist/output/asff.d.ts

@@ -0,0 +1,37 @@
+/**
+ * AWS Security Finding Format (ASFF) adapter.
+ *
+ * Transforms HMA security findings into ASFF JSON for import
+ * into AWS Security Hub via BatchImportFindings API.
+ *
+ * Usage:
+ *   hackmyagent secure --format asff
+ *   hackmyagent secure --format asff | aws securityhub batch-import-findings --findings file:///dev/stdin
+ *
+ * Reference: https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format.html
+ */
+export interface SecurityFinding {
+    checkId: string;
+    name: string;
+    severity: string;
+    passed: boolean;
+    fixed?: boolean;
+    message?: string;
+    file?: string;
+    line?: number;
+    recommendation?: string;
+    category?: string;
+}
+/**
+ * Convert HMA findings to AWS Security Finding Format.
+ */
+export declare function toASSF(findings: SecurityFinding[], options?: {
+    awsAccountId?: string;
+    awsRegion?: string;
+    targetDir?: string;
+}): string;
+/**
+ * Split ASFF findings into batches of 100 (AWS API limit).
+ */
+export declare function batchASSF(assfJson: string): string[];
+//# sourceMappingURL=asff.d.ts.map

package/dist/output/asff.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"asff.d.ts","sourceRoot":"","sources":["../../src/output/asff.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAIH,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,OAAO,CAAC;IAChB,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAiDD;;GAEG;AACH,wBAAgB,MAAM,CACpB,QAAQ,EAAE,eAAe,EAAE,EAC3B,OAAO,GAAE;IACP,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;CACf,GACL,MAAM,CAuER;AAED;;GAEG;AACH,wBAAgB,SAAS,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,EAAE,CASpD"}

package/dist/output/asff.js

@@ -0,0 +1,112 @@
+"use strict";
+/**
+ * AWS Security Finding Format (ASFF) adapter.
+ *
+ * Transforms HMA security findings into ASFF JSON for import
+ * into AWS Security Hub via BatchImportFindings API.
+ *
+ * Usage:
+ *   hackmyagent secure --format asff
+ *   hackmyagent secure --format asff | aws securityhub batch-import-findings --findings file:///dev/stdin
+ *
+ * Reference: https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format.html
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.toASSF = toASSF;
+exports.batchASSF = batchASSF;
+const index_js_1 = require("../index.js");
+const SEVERITY_MAP = {
+    critical: 'CRITICAL',
+    high: 'HIGH',
+    medium: 'MEDIUM',
+    low: 'LOW',
+    informational: 'INFORMATIONAL',
+    info: 'INFORMATIONAL',
+};
+const CATEGORY_TYPE_MAP = {
+    credentials: 'Software and Configuration Checks/Vulnerabilities/CVE',
+    mcp: 'Software and Configuration Checks/Industry and Regulatory Standards',
+    network: 'Software and Configuration Checks/Vulnerabilities/CVE',
+    injection: 'Software and Configuration Checks/Vulnerabilities/CVE',
+    supply_chain: 'Software and Configuration Checks/Vulnerabilities/CVE',
+    governance: 'Software and Configuration Checks/Industry and Regulatory Standards',
+    config: 'Software and Configuration Checks/AWS Security Best Practices',
+};
+/**
+ * Convert HMA findings to AWS Security Finding Format.
+ */
+function toASSF(findings, options = {}) {
+    const accountId = options.awsAccountId || process.env.AWS_ACCOUNT_ID || '000000000000';
+    const region = options.awsRegion || process.env.AWS_REGION || 'us-east-1';
+    const targetDir = options.targetDir || process.cwd();
+    const now = new Date().toISOString();
+    const productArn = `arn:aws:securityhub:${region}:${accountId}:product/${accountId}/default`;
+    // Only include failed (not passed, not fixed) findings
+    const failed = findings.filter(f => !f.passed && !f.fixed);
+    const assfFindings = failed.map(f => {
+        const severity = SEVERITY_MAP[f.severity] || 'INFORMATIONAL';
+        const category = f.category || f.checkId.split('-')[0].toLowerCase();
+        const types = CATEGORY_TYPE_MAP[category]
+            ? [CATEGORY_TYPE_MAP[category]]
+            : ['Software and Configuration Checks'];
+        const title = f.name || f.checkId;
+        const description = (f.message || f.name || f.checkId).slice(0, 1024);
+        const finding = {
+            SchemaVersion: '2018-10-08',
+            Id: `opena2a/hma/${f.checkId}/${Date.now()}`,
+            ProductArn: productArn,
+            GeneratorId: `hackmyagent/${f.checkId}`,
+            AwsAccountId: accountId,
+            Types: types,
+            CreatedAt: now,
+            UpdatedAt: now,
+            Severity: {
+                Label: severity,
+                Original: f.severity,
+            },
+            Title: title.slice(0, 256),
+            Description: description,
+            Resources: [{
+                    Type: 'Other',
+                    Id: f.file || targetDir,
+                }],
+            ProductFields: {
+                'opena2a/checkId': f.checkId,
+                'opena2a/scanner': 'hackmyagent',
+                'opena2a/scannerVersion': index_js_1.VERSION,
+            },
+            RecordState: 'ACTIVE',
+            Workflow: { Status: 'NEW' },
+        };
+        if (f.recommendation) {
+            finding.Remediation = {
+                Recommendation: {
+                    Text: f.recommendation.slice(0, 512),
+                    Url: `https://hackmyagent.com/docs/checks/${f.checkId.toLowerCase()}`,
+                },
+            };
+        }
+        if (f.file) {
+            finding.Resources[0].Details = {
+                Other: {
+                    filePath: f.file,
+                    ...(f.line ? { lineNumber: String(f.line) } : {}),
+                },
+            };
+        }
+        return finding;
+    });
+    return JSON.stringify(assfFindings, null, 2);
+}
+/**
+ * Split ASFF findings into batches of 100 (AWS API limit).
+ */
+function batchASSF(assfJson) {
+    const findings = JSON.parse(assfJson);
+    const batches = [];
+    for (let i = 0; i < findings.length; i += 100) {
+        batches.push(JSON.stringify(findings.slice(i, i + 100), null, 2));
+    }
+    return batches;
+}
+//# sourceMappingURL=asff.js.map

package/dist/output/asff.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"asff.js","sourceRoot":"","sources":["../../src/output/asff.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;GAWG;;AAmEH,wBA8EC;AAKD,8BASC;AA7JD,0CAAsC;AA2CtC,MAAM,YAAY,GAA2B;IAC3C,QAAQ,EAAE,UAAU;IACpB,IAAI,EAAE,MAAM;IACZ,MAAM,EAAE,QAAQ;IAChB,GAAG,EAAE,KAAK;IACV,aAAa,EAAE,eAAe;IAC9B,IAAI,EAAE,eAAe;CACtB,CAAC;AAEF,MAAM,iBAAiB,GAA2B;IAChD,WAAW,EAAE,uDAAuD;IACpE,GAAG,EAAE,qEAAqE;IAC1E,OAAO,EAAE,uDAAuD;IAChE,SAAS,EAAE,uDAAuD;IAClE,YAAY,EAAE,uDAAuD;IACrE,UAAU,EAAE,qEAAqE;IACjF,MAAM,EAAE,+DAA+D;CACxE,CAAC;AAEF;;GAEG;AACH,SAAgB,MAAM,CACpB,QAA2B,EAC3B,UAII,EAAE;IAEN,MAAM,SAAS,GAAG,OAAO,CAAC,YAAY,IAAI,OAAO,CAAC,GAAG,CAAC,cAAc,IAAI,cAAc,CAAC;IACvF,MAAM,MAAM,GAAG,OAAO,CAAC,SAAS,IAAI,OAAO,CAAC,GAAG,CAAC,UAAU,IAAI,WAAW,CAAC;IAC1E,MAAM,SAAS,GAAG,OAAO,CAAC,SAAS,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;IACrD,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAErC,MAAM,UAAU,GAAG,uBAAuB,MAAM,IAAI,SAAS,YAAY,SAAS,UAAU,CAAC;IAE7F,uDAAuD;IACvD,MAAM,MAAM,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,MAAM,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;IAE3D,MAAM,YAAY,GAAiB,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE;QAChD,MAAM,QAAQ,GAAG,YAAY,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,eAAe,CAAC;QAC7D,MAAM,QAAQ,GAAG,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;QACrE,MAAM,KAAK,GAAG,iBAAiB,CAAC,QAAQ,CAAC;YACvC,CAAC,CAAC,CAAC,iBAAiB,CAAC,QAAQ,CAAC,CAAC;YAC/B,CAAC,CAAC,CAAC,mCAAmC,CAAC,CAAC;QAE1C,MAAM,KAAK,GAAG,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,OAAO,CAAC;QAClC,MAAM,WAAW,GAAG,CAAC,CAAC,CAAC,OAAO,IAAI,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,OAAO,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC;QAEtE,MAAM,OAAO,GAAe;YAC1B,aAAa,EAAE,YAAY;YAC3B,EAAE,EAAE,eAAe,CAAC,CAAC,OAAO,IAAI,IAAI,CAAC,GAAG,EAAE,EAAE;YAC5C,UAAU,EAAE,UAAU;YACtB,WAAW,EAAE,eAAe,CAAC,CAAC,OAAO,EAAE;YACvC,YAAY,EAAE,SAAS;YACvB,KAAK,EAAE,KAAK;YACZ,SAAS,EAAE,GAAG;YACd,SAAS,EAAE,GAAG;YACd,QAAQ,EAAE;gBACR,KAAK,EAAE,QAAQ;gBACf,QAAQ,EAAE,CAAC,CAAC,QAAQ;aACrB;YACD,KAAK,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;YAC1B,WAAW,EAAE,WAAW;YACxB,SAAS,EAAE,CAAC;oBACV,IAAI,EAAE,OAAO;oBACb,EAAE,EAAE,CAAC,CAAC,IAAI,IAAI,SAAS;iBACxB,CAAC;YACF,aAAa,EAAE;gBACb,iBAAiB,EAAE,CAAC,CAAC,OAAO;gBAC5B,iBAAiB,EAAE,aAAa;gBAChC,wBAAwB,EAAE,kBAAO;aAClC;YACD,WAAW,EAAE,QAAQ;YACrB,QAAQ,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE;SAC5B,CAAC;QAEF,IAAI,CAAC,CAAC,cAAc,EAAE,CAAC;YACrB,OAAO,CAAC,WAAW,GAAG;gBACpB,cAAc,EAAE;oBACd,IAAI,EAAE,CAAC,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;oBACpC,GAAG,EAAE,uCAAuC,CAAC,CAAC,OAAO,CAAC,WAAW,EAAE,EAAE;iBACtE;aACF,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC;YACX,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,OAAO,GAAG;gBAC7B,KAAK,EAAE;oBACL,QAAQ,EAAE,CAAC,CAAC,IAAI;oBAChB,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;iBAClD;aACF,CAAC;QACJ,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC,CAAC,CAAC;IAEH,OAAO,IAAI,CAAC,SAAS,CAAC,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;AAC/C,CAAC;AAED;;GAEG;AACH,SAAgB,SAAS,CAAC,QAAgB;IACxC,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;IACtC,MAAM,OAAO,GAAa,EAAE,CAAC;IAE7B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC,IAAI,GAAG,EAAE,CAAC;QAC9C,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IACpE,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC"}

package/dist/semantic/index.d.ts

@@ -12,6 +12,8 @@ export { LLMAnalyzer, AnthropicClient, LLMCache, BudgetTracker } from './llm';
 export { toSecurityFinding, toSecurityFindings } from './integration/finding-adapter';
 export { SEMANTIC_OASB_MAPPINGS, getSemanticCheckIds, getUpgradedControlIds } from './integration/oasb-upgrader';
 export { CostEstimator } from './integration/cost-estimator';
+export { isDaemonAvailable, analyzeSkillIntent, analyzeSoulCompleteness, analyzeMCPScope, analyzePromptIntent, explainFinding, } from './nanomind-analyzer';
+export type { NanoMindInferRequest, NanoMindInferResponse, SemanticFinding as NanoMindFinding, } from './nanomind-analyzer';
 export { buildDeepScanResult } from './deep-scan';
 export type { SemanticFinding, SemanticSeverity, SemanticCategory, AnalysisContext, AnalysisFile, FileType, ExistingFinding, LLMAnalysisOptions, CostEstimate, DeepScanResult, DeepAnalysisFile, McpServerConfig, McpConfigFile, ClaudeSettings, } from './types';
 //# sourceMappingURL=index.d.ts.map

package/dist/semantic/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/semantic/index.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAGH,OAAO,EAAE,kBAAkB,EAAE,MAAM,cAAc,CAAC;AAClD,OAAO,EACL,yBAAyB,EACzB,iBAAiB,EACjB,mBAAmB,EACnB,uBAAuB,GACxB,MAAM,cAAc,CAAC;AAGtB,OAAO,EAAE,WAAW,EAAE,eAAe,EAAE,QAAQ,EAAE,aAAa,EAAE,MAAM,OAAO,CAAC;AAG9E,OAAO,EAAE,iBAAiB,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AACtF,OAAO,EAAE,sBAAsB,EAAE,mBAAmB,EAAE,qBAAqB,EAAE,MAAM,6BAA6B,CAAC;AACjH,OAAO,EAAE,aAAa,EAAE,MAAM,8BAA8B,CAAC;AAG7D,OAAO,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC;AAGlD,YAAY,EACV,eAAe,EACf,gBAAgB,EAChB,gBAAgB,EAChB,eAAe,EACf,YAAY,EACZ,QAAQ,EACR,eAAe,EACf,kBAAkB,EAClB,YAAY,EACZ,cAAc,EACd,gBAAgB,EAChB,eAAe,EACf,aAAa,EACb,cAAc,GACf,MAAM,SAAS,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/semantic/index.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAGH,OAAO,EAAE,kBAAkB,EAAE,MAAM,cAAc,CAAC;AAClD,OAAO,EACL,yBAAyB,EACzB,iBAAiB,EACjB,mBAAmB,EACnB,uBAAuB,GACxB,MAAM,cAAc,CAAC;AAGtB,OAAO,EAAE,WAAW,EAAE,eAAe,EAAE,QAAQ,EAAE,aAAa,EAAE,MAAM,OAAO,CAAC;AAG9E,OAAO,EAAE,iBAAiB,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AACtF,OAAO,EAAE,sBAAsB,EAAE,mBAAmB,EAAE,qBAAqB,EAAE,MAAM,6BAA6B,CAAC;AACjH,OAAO,EAAE,aAAa,EAAE,MAAM,8BAA8B,CAAC;AAG7D,OAAO,EACL,iBAAiB,EACjB,kBAAkB,EAClB,uBAAuB,EACvB,eAAe,EACf,mBAAmB,EACnB,cAAc,GACf,MAAM,qBAAqB,CAAC;AAC7B,YAAY,EACV,oBAAoB,EACpB,qBAAqB,EACrB,eAAe,IAAI,eAAe,GACnC,MAAM,qBAAqB,CAAC;AAG7B,OAAO,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC;AAGlD,YAAY,EACV,eAAe,EACf,gBAAgB,EAChB,gBAAgB,EAChB,eAAe,EACf,YAAY,EACZ,QAAQ,EACR,eAAe,EACf,kBAAkB,EAClB,YAAY,EACZ,cAAc,EACd,gBAAgB,EAChB,eAAe,EACf,aAAa,EACb,cAAc,GACf,MAAM,SAAS,CAAC"}

package/dist/semantic/index.js

@@ -8,7 +8,7 @@
  * Zero runtime dependencies. Imported by core scanner and MCP server.
  */
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.buildDeepScanResult = exports.CostEstimator = exports.getUpgradedControlIds = exports.getSemanticCheckIds = exports.SEMANTIC_OASB_MAPPINGS = exports.toSecurityFindings = exports.toSecurityFinding = exports.BudgetTracker = exports.LLMCache = exports.AnthropicClient = exports.LLMAnalyzer = exports.PermissionModelAnalyzer = exports.InstructionAnalyzer = exports.McpConfigAnalyzer = exports.CredentialContextAnalyzer = exports.StructuralAnalyzer = void 0;
+exports.buildDeepScanResult = exports.explainFinding = exports.analyzePromptIntent = exports.analyzeMCPScope = exports.analyzeSoulCompleteness = exports.analyzeSkillIntent = exports.isDaemonAvailable = exports.CostEstimator = exports.getUpgradedControlIds = exports.getSemanticCheckIds = exports.SEMANTIC_OASB_MAPPINGS = exports.toSecurityFindings = exports.toSecurityFinding = exports.BudgetTracker = exports.LLMCache = exports.AnthropicClient = exports.LLMAnalyzer = exports.PermissionModelAnalyzer = exports.InstructionAnalyzer = exports.McpConfigAnalyzer = exports.CredentialContextAnalyzer = exports.StructuralAnalyzer = void 0;
 // Layer 2: Structural Analysis
 var structural_1 = require("./structural");
 Object.defineProperty(exports, "StructuralAnalyzer", { enumerable: true, get: function () { return structural_1.StructuralAnalyzer; } });
@@ -33,6 +33,14 @@ Object.defineProperty(exports, "getSemanticCheckIds", { enumerable: true, get: f
 Object.defineProperty(exports, "getUpgradedControlIds", { enumerable: true, get: function () { return oasb_upgrader_1.getUpgradedControlIds; } });
 var cost_estimator_1 = require("./integration/cost-estimator");
 Object.defineProperty(exports, "CostEstimator", { enumerable: true, get: function () { return cost_estimator_1.CostEstimator; } });
+// Layer 4: NanoMind Local Semantic Analysis (--semantic flag)
+var nanomind_analyzer_1 = require("./nanomind-analyzer");
+Object.defineProperty(exports, "isDaemonAvailable", { enumerable: true, get: function () { return nanomind_analyzer_1.isDaemonAvailable; } });
+Object.defineProperty(exports, "analyzeSkillIntent", { enumerable: true, get: function () { return nanomind_analyzer_1.analyzeSkillIntent; } });
+Object.defineProperty(exports, "analyzeSoulCompleteness", { enumerable: true, get: function () { return nanomind_analyzer_1.analyzeSoulCompleteness; } });
+Object.defineProperty(exports, "analyzeMCPScope", { enumerable: true, get: function () { return nanomind_analyzer_1.analyzeMCPScope; } });
+Object.defineProperty(exports, "analyzePromptIntent", { enumerable: true, get: function () { return nanomind_analyzer_1.analyzePromptIntent; } });
+Object.defineProperty(exports, "explainFinding", { enumerable: true, get: function () { return nanomind_analyzer_1.explainFinding; } });
 // Deep scan builder (for MCP server)
 var deep_scan_1 = require("./deep-scan");
 Object.defineProperty(exports, "buildDeepScanResult", { enumerable: true, get: function () { return deep_scan_1.buildDeepScanResult; } });

package/dist/semantic/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/semantic/index.ts"],"names":[],"mappings":";AAAA;;;;;;;GAOG;;;AAEH,+BAA+B;AAC/B,2CAAkD;AAAzC,gHAAA,kBAAkB,OAAA;AAC3B,2CAKsB;AAJpB,uHAAA,yBAAyB,OAAA;AACzB,+GAAA,iBAAiB,OAAA;AACjB,iHAAA,mBAAmB,OAAA;AACnB,qHAAA,uBAAuB,OAAA;AAGzB,wBAAwB;AACxB,6BAA8E;AAArE,kGAAA,WAAW,OAAA;AAAE,sGAAA,eAAe,OAAA;AAAE,+FAAA,QAAQ,OAAA;AAAE,oGAAA,aAAa,OAAA;AAE9D,cAAc;AACd,iEAAsF;AAA7E,oHAAA,iBAAiB,OAAA;AAAE,qHAAA,kBAAkB,OAAA;AAC9C,6DAAiH;AAAxG,uHAAA,sBAAsB,OAAA;AAAE,oHAAA,mBAAmB,OAAA;AAAE,sHAAA,qBAAqB,OAAA;AAC3E,+DAA6D;AAApD,+GAAA,aAAa,OAAA;AAEtB,qCAAqC;AACrC,yCAAkD;AAAzC,gHAAA,mBAAmB,OAAA"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/semantic/index.ts"],"names":[],"mappings":";AAAA;;;;;;;GAOG;;;AAEH,+BAA+B;AAC/B,2CAAkD;AAAzC,gHAAA,kBAAkB,OAAA;AAC3B,2CAKsB;AAJpB,uHAAA,yBAAyB,OAAA;AACzB,+GAAA,iBAAiB,OAAA;AACjB,iHAAA,mBAAmB,OAAA;AACnB,qHAAA,uBAAuB,OAAA;AAGzB,wBAAwB;AACxB,6BAA8E;AAArE,kGAAA,WAAW,OAAA;AAAE,sGAAA,eAAe,OAAA;AAAE,+FAAA,QAAQ,OAAA;AAAE,oGAAA,aAAa,OAAA;AAE9D,cAAc;AACd,iEAAsF;AAA7E,oHAAA,iBAAiB,OAAA;AAAE,qHAAA,kBAAkB,OAAA;AAC9C,6DAAiH;AAAxG,uHAAA,sBAAsB,OAAA;AAAE,oHAAA,mBAAmB,OAAA;AAAE,sHAAA,qBAAqB,OAAA;AAC3E,+DAA6D;AAApD,+GAAA,aAAa,OAAA;AAEtB,8DAA8D;AAC9D,yDAO6B;AAN3B,sHAAA,iBAAiB,OAAA;AACjB,uHAAA,kBAAkB,OAAA;AAClB,4HAAA,uBAAuB,OAAA;AACvB,oHAAA,eAAe,OAAA;AACf,wHAAA,mBAAmB,OAAA;AACnB,mHAAA,cAAc,OAAA;AAQhB,qCAAqC;AACrC,yCAAkD;AAAzC,gHAAA,mBAAmB,OAAA"}

package/dist/semantic/nanomind-analyzer.d.ts

@@ -0,0 +1,77 @@
+/**
+ * NanoMind Semantic Analyzer
+ *
+ * Uses the local NanoMind daemon (localhost:47200) for semantic analysis
+ * of skills, SOUL.md, MCP tools, and system prompts.
+ *
+ * Unlike the LLM analyzer (--deep flag, cloud API, costs money),
+ * the NanoMind analyzer (--semantic flag) runs 100% locally with
+ * zero cost per inference and zero data leaving the machine.
+ *
+ * Two-layer architecture:
+ * 1. Static checks run first (fast, deterministic, 183 rules)
+ * 2. NanoMind activates on ambiguous/NLP targets (semantic intent classification)
+ */
+export interface NanoMindInferRequest {
+    intent: string;
+    input: string;
+    context?: {
+        agentId?: string;
+        driftScore?: number;
+        declaredPurpose?: string;
+    };
+    priority?: 'high' | 'medium' | 'low';
+}
+export interface NanoMindInferResponse {
+    intent: string;
+    result: string;
+    confidence: number;
+    attackClass?: string;
+    evidence?: string;
+    remediation?: string;
+    latencyMs: number;
+    modelVersion: string;
+}
+export interface SemanticFinding {
+    checkId: string;
+    severity: 'critical' | 'high' | 'medium' | 'low' | 'info';
+    title: string;
+    description: string;
+    evidence: string[];
+    confidence: number;
+    attackClass?: string;
+    remediation?: string;
+    source: 'nanomind';
+}
+/**
+ * Check if the NanoMind daemon is running.
+ */
+export declare function isDaemonAvailable(): Promise<boolean>;
+/**
+ * Analyze a skill for malicious intent using NanoMind.
+ * SCAN_SKILL_INTENT: scores the skill's instruction set for exfiltration,
+ * injection, override, and persistence intent.
+ */
+export declare function analyzeSkillIntent(skillContent: string): Promise<SemanticFinding | null>;
+/**
+ * Analyze SOUL.md governance completeness using NanoMind.
+ * SCAN_SOUL_COMPLETENESS: assesses whether governance constraints
+ * actually cover the attack surface.
+ */
+export declare function analyzeSoulCompleteness(soulContent: string): Promise<SemanticFinding | null>;
+/**
+ * Analyze MCP tool description for scope mismatches.
+ * SCAN_MCP_SCOPE: detects undeclared permissions in natural language descriptions.
+ */
+export declare function analyzeMCPScope(toolName: string, toolDescription: string, declaredCapabilities: string[]): Promise<SemanticFinding | null>;
+/**
+ * Analyze system prompt behavioral envelope.
+ * SCAN_PROMPT_INTENT: detects jailbreak seeds, capability creep, override risk.
+ */
+export declare function analyzePromptIntent(promptContent: string): Promise<SemanticFinding | null>;
+/**
+ * Generate a human-readable explanation of any finding.
+ * SCAN_EXPLAIN: translates machine findings into plain English.
+ */
+export declare function explainFinding(findingJSON: string): Promise<string | null>;
+//# sourceMappingURL=nanomind-analyzer.d.ts.map

package/dist/semantic/nanomind-analyzer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"nanomind-analyzer.d.ts","sourceRoot":"","sources":["../../src/semantic/nanomind-analyzer.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,MAAM,WAAW,oBAAoB;IACnC,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,CAAC,EAAE;QACR,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,eAAe,CAAC,EAAE,MAAM,CAAC;KAC1B,CAAC;IACF,QAAQ,CAAC,EAAE,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;CACtC;AAED,MAAM,WAAW,qBAAqB;IACpC,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;IAClB,YAAY,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,GAAG,MAAM,CAAC;IAC1D,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,MAAM,EAAE,UAAU,CAAC;CACpB;AAID;;GAEG;AACH,wBAAsB,iBAAiB,IAAI,OAAO,CAAC,OAAO,CAAC,CAO1D;AAED;;;;GAIG;AACH,wBAAsB,kBAAkB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC,CAoB9F;AAED;;;;GAIG;AACH,wBAAsB,uBAAuB,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC,CAmBlG;AAED;;;GAGG;AACH,wBAAsB,eAAe,CACnC,QAAQ,EAAE,MAAM,EAChB,eAAe,EAAE,MAAM,EACvB,oBAAoB,EAAE,MAAM,EAAE,GAC7B,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC,CAsBjC;AAED;;;GAGG;AACH,wBAAsB,mBAAmB,CAAC,aAAa,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC,CAoBhG;AAED;;;GAGG;AACH,wBAAsB,cAAc,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAQhF"}

package/dist/semantic/nanomind-analyzer.js

@@ -0,0 +1,165 @@
+"use strict";
+/**
+ * NanoMind Semantic Analyzer
+ *
+ * Uses the local NanoMind daemon (localhost:47200) for semantic analysis
+ * of skills, SOUL.md, MCP tools, and system prompts.
+ *
+ * Unlike the LLM analyzer (--deep flag, cloud API, costs money),
+ * the NanoMind analyzer (--semantic flag) runs 100% locally with
+ * zero cost per inference and zero data leaving the machine.
+ *
+ * Two-layer architecture:
+ * 1. Static checks run first (fast, deterministic, 183 rules)
+ * 2. NanoMind activates on ambiguous/NLP targets (semantic intent classification)
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.isDaemonAvailable = isDaemonAvailable;
+exports.analyzeSkillIntent = analyzeSkillIntent;
+exports.analyzeSoulCompleteness = analyzeSoulCompleteness;
+exports.analyzeMCPScope = analyzeMCPScope;
+exports.analyzePromptIntent = analyzePromptIntent;
+exports.explainFinding = explainFinding;
+const DAEMON_URL = process.env.NANOMIND_URL ?? 'http://127.0.0.1:47200';
+/**
+ * Check if the NanoMind daemon is running.
+ */
+async function isDaemonAvailable() {
+    try {
+        const resp = await fetch(`${DAEMON_URL}/health`, { signal: AbortSignal.timeout(2000) });
+        return resp.ok;
+    }
+    catch {
+        return false;
+    }
+}
+/**
+ * Analyze a skill for malicious intent using NanoMind.
+ * SCAN_SKILL_INTENT: scores the skill's instruction set for exfiltration,
+ * injection, override, and persistence intent.
+ */
+async function analyzeSkillIntent(skillContent) {
+    const resp = await callDaemon({
+        intent: 'SCAN_SKILL_INTENT',
+        input: skillContent,
+        priority: 'high',
+    });
+    if (!resp || resp.confidence < 0.5)
+        return null;
+    return {
+        checkId: `SKILL-SEMANTIC-${Date.now().toString(36).slice(-4).toUpperCase()}`,
+        severity: resp.confidence >= 0.85 ? 'critical' : resp.confidence >= 0.7 ? 'high' : 'medium',
+        title: `Semantic Intent: ${resp.attackClass ?? resp.result}`,
+        description: `NanoMind classified this skill's intent as ${resp.result} with ${(resp.confidence * 100).toFixed(0)}% confidence.`,
+        evidence: resp.evidence ? [resp.evidence] : [],
+        confidence: resp.confidence,
+        attackClass: resp.attackClass,
+        remediation: resp.remediation,
+        source: 'nanomind',
+    };
+}
+/**
+ * Analyze SOUL.md governance completeness using NanoMind.
+ * SCAN_SOUL_COMPLETENESS: assesses whether governance constraints
+ * actually cover the attack surface.
+ */
+async function analyzeSoulCompleteness(soulContent) {
+    const resp = await callDaemon({
+        intent: 'SCAN_SOUL_COMPLETENESS',
+        input: soulContent,
+        priority: 'medium',
+    });
+    if (!resp)
+        return null;
+    return {
+        checkId: `SOUL-SEMANTIC-${Date.now().toString(36).slice(-4).toUpperCase()}`,
+        severity: resp.confidence >= 0.7 ? 'high' : 'medium',
+        title: 'SOUL Governance Gap Detected',
+        description: `NanoMind identified governance gaps in this SOUL.md: ${resp.result}`,
+        evidence: resp.evidence ? [resp.evidence] : [],
+        confidence: resp.confidence,
+        remediation: resp.remediation,
+        source: 'nanomind',
+    };
+}
+/**
+ * Analyze MCP tool description for scope mismatches.
+ * SCAN_MCP_SCOPE: detects undeclared permissions in natural language descriptions.
+ */
+async function analyzeMCPScope(toolName, toolDescription, declaredCapabilities) {
+    const input = JSON.stringify({ toolName, toolDescription, declaredCapabilities });
+    const resp = await callDaemon({
+        intent: 'SCAN_MCP_SCOPE',
+        input,
+        priority: 'medium',
+    });
+    if (!resp || resp.confidence < 0.5)
+        return null;
+    return {
+        checkId: `MCP-SEMANTIC-${Date.now().toString(36).slice(-4).toUpperCase()}`,
+        severity: resp.confidence >= 0.8 ? 'high' : 'medium',
+        title: `MCP Scope Mismatch: ${toolName}`,
+        description: `NanoMind detected scope mismatch between tool description and declared capabilities: ${resp.result}`,
+        evidence: resp.evidence ? [resp.evidence] : [],
+        confidence: resp.confidence,
+        attackClass: resp.attackClass,
+        remediation: resp.remediation,
+        source: 'nanomind',
+    };
+}
+/**
+ * Analyze system prompt behavioral envelope.
+ * SCAN_PROMPT_INTENT: detects jailbreak seeds, capability creep, override risk.
+ */
+async function analyzePromptIntent(promptContent) {
+    const resp = await callDaemon({
+        intent: 'SCAN_PROMPT_INTENT',
+        input: promptContent,
+        priority: 'high',
+    });
+    if (!resp || resp.confidence < 0.5)
+        return null;
+    return {
+        checkId: `PROMPT-SEMANTIC-${Date.now().toString(36).slice(-4).toUpperCase()}`,
+        severity: resp.confidence >= 0.8 ? 'critical' : resp.confidence >= 0.6 ? 'high' : 'medium',
+        title: `System Prompt Risk: ${resp.attackClass ?? resp.result}`,
+        description: `NanoMind analyzed the system prompt behavioral envelope: ${resp.result}`,
+        evidence: resp.evidence ? [resp.evidence] : [],
+        confidence: resp.confidence,
+        attackClass: resp.attackClass,
+        remediation: resp.remediation,
+        source: 'nanomind',
+    };
+}
+/**
+ * Generate a human-readable explanation of any finding.
+ * SCAN_EXPLAIN: translates machine findings into plain English.
+ */
+async function explainFinding(findingJSON) {
+    const resp = await callDaemon({
+        intent: 'SCAN_EXPLAIN',
+        input: findingJSON,
+        priority: 'low',
+    });
+    return resp?.result ?? null;
+}
+/**
+ * Internal: call the NanoMind daemon.
+ */
+async function callDaemon(req) {
+    try {
+        const resp = await fetch(`${DAEMON_URL}/v1/infer`, {
+            method: 'POST',
+            headers: { 'Content-Type': 'application/json' },
+            body: JSON.stringify(req),
+            signal: AbortSignal.timeout(1200), // 1.2s timeout per brief spec
+        });
+        if (!resp.ok)
+            return null;
+        return await resp.json();
+    }
+    catch {
+        return null; // daemon unavailable or timeout -- fail gracefully
+    }
+}
+//# sourceMappingURL=nanomind-analyzer.js.map

package/dist/semantic/nanomind-analyzer.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"nanomind-analyzer.js","sourceRoot":"","sources":["../../src/semantic/nanomind-analyzer.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;GAaG;;AAyCH,8CAOC;AAOD,gDAoBC;AAOD,0DAmBC;AAMD,0CA0BC;AAMD,kDAoBC;AAMD,wCAQC;AAzID,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,YAAY,IAAI,wBAAwB,CAAC;AAExE;;GAEG;AACI,KAAK,UAAU,iBAAiB;IACrC,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,GAAG,UAAU,SAAS,EAAE,EAAE,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACxF,OAAO,IAAI,CAAC,EAAE,CAAC;IACjB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED;;;;GAIG;AACI,KAAK,UAAU,kBAAkB,CAAC,YAAoB;IAC3D,MAAM,IAAI,GAAG,MAAM,UAAU,CAAC;QAC5B,MAAM,EAAE,mBAAmB;QAC3B,KAAK,EAAE,YAAY;QACnB,QAAQ,EAAE,MAAM;KACjB,CAAC,CAAC;IAEH,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,UAAU,GAAG,GAAG;QAAE,OAAO,IAAI,CAAC;IAEhD,OAAO;QACL,OAAO,EAAE,kBAAkB,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,EAAE;QAC5E,QAAQ,EAAE,IAAI,CAAC,UAAU,IAAI,IAAI,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,IAAI,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ;QAC3F,KAAK,EAAE,oBAAoB,IAAI,CAAC,WAAW,IAAI,IAAI,CAAC,MAAM,EAAE;QAC5D,WAAW,EAAE,8CAA8C,IAAI,CAAC,MAAM,SAAS,CAAC,IAAI,CAAC,UAAU,GAAG,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe;QAChI,QAAQ,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE;QAC9C,UAAU,EAAE,IAAI,CAAC,UAAU;QAC3B,WAAW,EAAE,IAAI,CAAC,WAAW;QAC7B,WAAW,EAAE,IAAI,CAAC,WAAW;QAC7B,MAAM,EAAE,UAAU;KACnB,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACI,KAAK,UAAU,uBAAuB,CAAC,WAAmB;IAC/D,MAAM,IAAI,GAAG,MAAM,UAAU,CAAC;QAC5B,MAAM,EAAE,wBAAwB;QAChC,KAAK,EAAE,WAAW;QAClB,QAAQ,EAAE,QAAQ;KACnB,CAAC,CAAC;IAEH,IAAI,CAAC,IAAI;QAAE,OAAO,IAAI,CAAC;IAEvB,OAAO;QACL,OAAO,EAAE,iBAAiB,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,EAAE;QAC3E,QAAQ,EAAE,IAAI,CAAC,UAAU,IAAI,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ;QACpD,KAAK,EAAE,8BAA8B;QACrC,WAAW,EAAE,wDAAwD,IAAI,CAAC,MAAM,EAAE;QAClF,QAAQ,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE;QAC9C,UAAU,EAAE,IAAI,CAAC,UAAU;QAC3B,WAAW,EAAE,IAAI,CAAC,WAAW;QAC7B,MAAM,EAAE,UAAU;KACnB,CAAC;AACJ,CAAC;AAED;;;GAGG;AACI,KAAK,UAAU,eAAe,CACnC,QAAgB,EAChB,eAAuB,EACvB,oBAA8B;IAE9B,MAAM,KAAK,GAAG,IAAI,CAAC,SAAS,CAAC,EAAE,QAAQ,EAAE,eAAe,EAAE,oBAAoB,EAAE,CAAC,CAAC;IAElF,MAAM,IAAI,GAAG,MAAM,UAAU,CAAC;QAC5B,MAAM,EAAE,gBAAgB;QACxB,KAAK;QACL,QAAQ,EAAE,QAAQ;KACnB,CAAC,CAAC;IAEH,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,UAAU,GAAG,GAAG;QAAE,OAAO,IAAI,CAAC;IAEhD,OAAO;QACL,OAAO,EAAE,gBAAgB,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,EAAE;QAC1E,QAAQ,EAAE,IAAI,CAAC,UAAU,IAAI,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ;QACpD,KAAK,EAAE,uBAAuB,QAAQ,EAAE;QACxC,WAAW,EAAE,wFAAwF,IAAI,CAAC,MAAM,EAAE;QAClH,QAAQ,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE;QAC9C,UAAU,EAAE,IAAI,CAAC,UAAU;QAC3B,WAAW,EAAE,IAAI,CAAC,WAAW;QAC7B,WAAW,EAAE,IAAI,CAAC,WAAW;QAC7B,MAAM,EAAE,UAAU;KACnB,CAAC;AACJ,CAAC;AAED;;;GAGG;AACI,KAAK,UAAU,mBAAmB,CAAC,aAAqB;IAC7D,MAAM,IAAI,GAAG,MAAM,UAAU,CAAC;QAC5B,MAAM,EAAE,oBAAoB;QAC5B,KAAK,EAAE,aAAa;QACpB,QAAQ,EAAE,MAAM;KACjB,CAAC,CAAC;IAEH,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,UAAU,GAAG,GAAG;QAAE,OAAO,IAAI,CAAC;IAEhD,OAAO;QACL,OAAO,EAAE,mBAAmB,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,EAAE;QAC7E,QAAQ,EAAE,IAAI,CAAC,UAAU,IAAI,GAAG,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,IAAI,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ;QAC1F,KAAK,EAAE,uBAAuB,IAAI,CAAC,WAAW,IAAI,IAAI,CAAC,MAAM,EAAE;QAC/D,WAAW,EAAE,4DAA4D,IAAI,CAAC,MAAM,EAAE;QACtF,QAAQ,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE;QAC9C,UAAU,EAAE,IAAI,CAAC,UAAU;QAC3B,WAAW,EAAE,IAAI,CAAC,WAAW;QAC7B,WAAW,EAAE,IAAI,CAAC,WAAW;QAC7B,MAAM,EAAE,UAAU;KACnB,CAAC;AACJ,CAAC;AAED;;;GAGG;AACI,KAAK,UAAU,cAAc,CAAC,WAAmB;IACtD,MAAM,IAAI,GAAG,MAAM,UAAU,CAAC;QAC5B,MAAM,EAAE,cAAc;QACtB,KAAK,EAAE,WAAW;QAClB,QAAQ,EAAE,KAAK;KAChB,CAAC,CAAC;IAEH,OAAO,IAAI,EAAE,MAAM,IAAI,IAAI,CAAC;AAC9B,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,UAAU,CAAC,GAAyB;IACjD,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,GAAG,UAAU,WAAW,EAAE;YACjD,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;YAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC;YACzB,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,8BAA8B;SAClE,CAAC,CAAC;QAEH,IAAI,CAAC,IAAI,CAAC,EAAE;YAAE,OAAO,IAAI,CAAC;QAC1B,OAAO,MAAM,IAAI,CAAC,IAAI,EAA2B,CAAC;IACpD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC,CAAC,mDAAmD;IAClE,CAAC;AACH,CAAC"}

package/dist/simulation/engine.d.ts

@@ -0,0 +1,69 @@
+/**
+ * Skill Simulation Engine
+ *
+ * Executes skills inside a controlled LLM with mock tool environment.
+ * Observes behavioral patterns to determine if a skill is malicious.
+ *
+ * Three layers:
+ * - Layer 1: NanoMind TME classification (< 8ms, handled by --semantic flag)
+ * - Layer 2: 5 targeted probes (< 3 seconds)
+ * - Layer 3: Full 20-probe simulation (< 30 seconds)
+ */
+import type { SimulationResult, SkillProfile } from './types.js';
+export declare class SimulationEngine {
+    private mockEnv;
+    private llmBackend;
+    private llmDetected;
+    private useLLM;
+    /**
+     * @param options.useLLM - If true, auto-detect and use LLM backends.
+     *   If false (default for tests), use heuristic analysis only.
+     *   Set to true in production or when LLM backends are available.
+     */
+    constructor(options?: {
+        useLLM?: boolean;
+    });
+    /**
+     * Auto-detect LLM backend on first use.
+     * Falls back to heuristic analysis if no LLM is available.
+     */
+    private ensureLLM;
+    /**
+     * Run Layer 2 pre-screen: 5 targeted probes for quick triage.
+     * Used when Layer 1 (NanoMind semantic) returns ambiguous confidence (0.40-0.80).
+     */
+    runLayer2(skill: SkillProfile): Promise<SimulationResult>;
+    /**
+     * Run Layer 3 full simulation: all 20 probes for definitive behavioral verdict.
+     * Used for --deep flag, OASB benchmark labeling, ARIA research.
+     */
+    runLayer3(skill: SkillProfile): Promise<SimulationResult>;
+    /**
+     * Core simulation: run probe battery against skill in mock environment.
+     */
+    private runSimulation;
+    /**
+     * Run a single probe against the skill.
+     * Uses LLM execution when available, falls back to heuristic analysis.
+     */
+    private runSingleProbe;
+    /**
+     * Heuristic probe evaluation.
+     * This is the interim implementation before full LLM simulation.
+     * Analyzes skill text for patterns that indicate probe failure.
+     */
+    private evaluateProbeHeuristic;
+    /**
+     * Compute overall verdict from probe results.
+     */
+    private computeVerdict;
+    /**
+     * Compute semantic delta: how far observed behavior diverged from declared purpose.
+     */
+    private computeSemanticDelta;
+}
+/**
+ * Parse a skill definition (markdown + YAML frontmatter) into a SkillProfile.
+ */
+export declare function parseSkillProfile(content: string, name?: string): SkillProfile;
+//# sourceMappingURL=engine.d.ts.map

package/dist/simulation/engine.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"engine.d.ts","sourceRoot":"","sources":["../../src/simulation/engine.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAMH,OAAO,KAAK,EACV,gBAAgB,EAIhB,YAAY,EAIb,MAAM,YAAY,CAAC;AAMpB,qBAAa,gBAAgB;IAC3B,OAAO,CAAC,OAAO,CAAsB;IACrC,OAAO,CAAC,UAAU,CAA2B;IAC7C,OAAO,CAAC,WAAW,CAAS;IAC5B,OAAO,CAAC,MAAM,CAAU;IAExB;;;;OAIG;gBACS,OAAO,CAAC,EAAE;QAAE,MAAM,CAAC,EAAE,OAAO,CAAA;KAAE;IAK1C;;;OAGG;YACW,SAAS;IASvB;;;OAGG;IACG,SAAS,CAAC,KAAK,EAAE,YAAY,GAAG,OAAO,CAAC,gBAAgB,CAAC;IAI/D;;;OAGG;IACG,SAAS,CAAC,KAAK,EAAE,YAAY,GAAG,OAAO,CAAC,gBAAgB,CAAC;IAI/D;;OAEG;YACW,aAAa;IAyD3B;;;OAGG;YACW,cAAc;IA6B5B;;;;OAIG;IACH,OAAO,CAAC,sBAAsB;IAgE9B;;OAEG;IACH,OAAO,CAAC,cAAc;IAiCtB;;OAEG;IACH,OAAO,CAAC,oBAAoB;CAY7B;AAMD;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,GAAE,MAAkB,GAAG,YAAY,CA2DzF"}