hackmyagent 0.11.13 → 0.11.15

package/dist/semantic/nanomind-enhancer.js

@@ -0,0 +1,203 @@
+"use strict";
+/**
+ * NanoMind Scanner Enhancer
+ *
+ * Wraps around HMA's existing static scanner output and adds semantic
+ * analysis to every finding category. This makes NanoMind the default
+ * intelligence layer for ALL scanners, not just --deep mode.
+ *
+ * Architecture:
+ *   Static scan runs first (204 checks, fast, deterministic)
+ *   → NanoMind enhancer runs on the results + source artifacts
+ *   → Reduces false positives (benign patterns that look suspicious)
+ *   → Catches false negatives (malicious patterns that look benign)
+ *   → Upgrades finding severity based on semantic context
+ *   → Adds evidence and remediation from NanoMind classification
+ *
+ * This runs automatically when the NanoMind daemon is available.
+ * No flags needed. If daemon is down, scan works exactly as before.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.enhanceScanFindings = enhanceScanFindings;
+exports.getEnhancementStats = getEnhancementStats;
+const nanomind_analyzer_js_1 = require("./nanomind-analyzer.js");
+/**
+ * Enhance scan findings with NanoMind semantic analysis.
+ * Called automatically after every static scan when daemon is available.
+ *
+ * Returns the same findings array with NanoMind annotations added.
+ * Does NOT remove findings -- only annotates them with semantic context.
+ */
+async function enhanceScanFindings(findings, sourceFiles) {
+    const available = await (0, nanomind_analyzer_js_1.isDaemonAvailable)();
+    if (!available) {
+        // No daemon = return findings as-is, no enhancement
+        return findings.map(f => ({ ...f, nanomindEnhanced: false }));
+    }
+    const enhanced = [];
+    for (const finding of findings) {
+        const result = await enhanceSingleFinding(finding, sourceFiles);
+        enhanced.push(result);
+    }
+    return enhanced;
+}
+/**
+ * Enhance a single finding based on its check category.
+ */
+async function enhanceSingleFinding(finding, sourceFiles) {
+    const base = { ...finding, nanomindEnhanced: false };
+    const checkId = finding.checkId.toUpperCase();
+    const fileContent = finding.file ? sourceFiles.get(finding.file) : undefined;
+    if (!fileContent)
+        return base;
+    try {
+        // Route to appropriate NanoMind analyzer based on check category
+        if (checkId.startsWith('SKILL-') || checkId.startsWith('SKILL-MEM-')) {
+            return await enhanceSkillFinding(finding, fileContent);
+        }
+        if (checkId.startsWith('MCP-') || checkId.startsWith('TOOL-')) {
+            return await enhanceMCPFinding(finding, fileContent);
+        }
+        if (checkId.startsWith('SOUL-')) {
+            return await enhanceSoulFinding(finding, fileContent);
+        }
+        if (checkId.startsWith('PROMPT-') || checkId.startsWith('AGENT-')) {
+            return await enhancePromptFinding(finding, fileContent);
+        }
+        if (checkId.startsWith('CRED-') || checkId.startsWith('WEBCRED-') || checkId.startsWith('AGENT-CRED-')) {
+            return await enhanceCredentialFinding(finding, fileContent);
+        }
+        if (checkId.startsWith('A2A-')) {
+            return await enhanceA2AFinding(finding, fileContent);
+        }
+    }
+    catch {
+        // NanoMind error = return original finding
+    }
+    return base;
+}
+// ============================================================================
+// Per-Category Enhancement
+// ============================================================================
+async function enhanceSkillFinding(finding, content) {
+    const result = await (0, nanomind_analyzer_js_1.analyzeSkillIntent)(content);
+    if (!result) {
+        return { ...finding, nanomindEnhanced: true, nanomindVerdict: 'confirmed', nanomindConfidence: 0.5 };
+    }
+    // If static flagged it AND NanoMind confirms = high confidence
+    if (!finding.passed && result.confidence >= 0.7) {
+        return {
+            ...finding,
+            nanomindEnhanced: true,
+            nanomindVerdict: 'confirmed',
+            nanomindConfidence: result.confidence,
+            nanomindEvidence: result.evidence?.join('; '),
+        };
+    }
+    // If static flagged it BUT NanoMind says benign = possible false positive
+    if (!finding.passed && result.confidence < 0.3) {
+        return {
+            ...finding,
+            nanomindEnhanced: true,
+            nanomindVerdict: 'false_positive',
+            nanomindConfidence: 1 - result.confidence,
+            nanomindEvidence: 'NanoMind semantic analysis indicates this is likely a false positive',
+            originalSeverity: finding.severity,
+            severity: 'info', // Downgrade to informational
+        };
+    }
+    return { ...finding, nanomindEnhanced: true, nanomindConfidence: result.confidence };
+}
+async function enhanceMCPFinding(finding, content) {
+    const result = await (0, nanomind_analyzer_js_1.analyzeMCPScope)('', content, []);
+    if (!result) {
+        return { ...finding, nanomindEnhanced: true };
+    }
+    if (!finding.passed && result.confidence >= 0.7) {
+        return {
+            ...finding,
+            nanomindEnhanced: true,
+            nanomindVerdict: 'confirmed',
+            nanomindConfidence: result.confidence,
+            nanomindEvidence: result.evidence?.join('; '),
+        };
+    }
+    return { ...finding, nanomindEnhanced: true, nanomindConfidence: result.confidence };
+}
+async function enhanceSoulFinding(finding, content) {
+    const result = await (0, nanomind_analyzer_js_1.analyzeSoulCompleteness)(content);
+    if (!result) {
+        return { ...finding, nanomindEnhanced: true };
+    }
+    return {
+        ...finding,
+        nanomindEnhanced: true,
+        nanomindVerdict: result.confidence >= 0.7 ? 'confirmed' : undefined,
+        nanomindConfidence: result.confidence,
+        nanomindEvidence: result.evidence?.join('; '),
+    };
+}
+async function enhancePromptFinding(finding, content) {
+    const result = await (0, nanomind_analyzer_js_1.analyzePromptIntent)(content);
+    if (!result) {
+        return { ...finding, nanomindEnhanced: true };
+    }
+    // NanoMind can upgrade prompt findings from medium to high if it detects
+    // jailbreak seeds or capability creep patterns
+    if (result.confidence >= 0.8 && finding.severity === 'medium') {
+        return {
+            ...finding,
+            nanomindEnhanced: true,
+            nanomindVerdict: 'upgraded',
+            nanomindConfidence: result.confidence,
+            nanomindEvidence: result.evidence?.join('; '),
+            originalSeverity: 'medium',
+            severity: 'high',
+        };
+    }
+    return { ...finding, nanomindEnhanced: true, nanomindConfidence: result.confidence };
+}
+async function enhanceCredentialFinding(finding, content) {
+    // NanoMind can distinguish real credentials from examples/documentation
+    // "sk-live-abc123" in source = real credential (flag)
+    // "sk-live-abc123" in README example = documentation (false positive)
+    const isDocumentation = /example|demo|test|sample|placeholder|readme|documentation/i.test(content);
+    const isTestFixture = /test\/|__tests__|\.test\.|\.spec\./i.test(finding.file ?? '');
+    if (!finding.passed && (isDocumentation || isTestFixture)) {
+        return {
+            ...finding,
+            nanomindEnhanced: true,
+            nanomindVerdict: 'false_positive',
+            nanomindConfidence: 0.8,
+            nanomindEvidence: isTestFixture
+                ? 'Credential found in test fixture (likely intentional test data)'
+                : 'Credential found in documentation context (likely example, not real)',
+            originalSeverity: finding.severity,
+            severity: 'info',
+        };
+    }
+    return { ...finding, nanomindEnhanced: true, nanomindVerdict: 'confirmed' };
+}
+async function enhanceA2AFinding(finding, content) {
+    // A2A findings benefit from NanoMind checking if the agent card
+    // declarations are semantically consistent
+    return {
+        ...finding,
+        nanomindEnhanced: true,
+        nanomindConfidence: 0.7,
+    };
+}
+// ============================================================================
+// Statistics
+// ============================================================================
+function getEnhancementStats(findings) {
+    const enhanced = findings.filter(f => f.nanomindEnhanced);
+    return {
+        total: findings.length,
+        enhanced: enhanced.length,
+        falsePositivesDetected: enhanced.filter(f => f.nanomindVerdict === 'false_positive').length,
+        upgraded: enhanced.filter(f => f.nanomindVerdict === 'upgraded').length,
+        confirmed: enhanced.filter(f => f.nanomindVerdict === 'confirmed').length,
+    };
+}
+//# sourceMappingURL=nanomind-enhancer.js.map

package/dist/semantic/nanomind-enhancer.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"nanomind-enhancer.js","sourceRoot":"","sources":["../../src/semantic/nanomind-enhancer.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;GAiBG;;AA6BH,kDAkBC;AAmLD,kDAeC;AA/OD,iEAA8I;AAoB9I;;;;;;GAMG;AACI,KAAK,UAAU,mBAAmB,CACvC,QAAuB,EACvB,WAAgC;IAEhC,MAAM,SAAS,GAAG,MAAM,IAAA,wCAAiB,GAAE,CAAC;IAC5C,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,oDAAoD;QACpD,OAAO,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,gBAAgB,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC;IAChE,CAAC;IAED,MAAM,QAAQ,GAAsB,EAAE,CAAC;IAEvC,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,MAAM,MAAM,GAAG,MAAM,oBAAoB,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;QAChE,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IACxB,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,oBAAoB,CACjC,OAAoB,EACpB,WAAgC;IAEhC,MAAM,IAAI,GAAoB,EAAE,GAAG,OAAO,EAAE,gBAAgB,EAAE,KAAK,EAAE,CAAC;IACtE,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC;IAC9C,MAAM,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IAE7E,IAAI,CAAC,WAAW;QAAE,OAAO,IAAI,CAAC;IAE9B,IAAI,CAAC;QACH,iEAAiE;QACjE,IAAI,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;YACrE,OAAO,MAAM,mBAAmB,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;QACzD,CAAC;QACD,IAAI,OAAO,CAAC,UAAU,CAAC,MAAM,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;YAC9D,OAAO,MAAM,iBAAiB,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;QACvD,CAAC;QACD,IAAI,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;YAChC,OAAO,MAAM,kBAAkB,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;QACxD,CAAC;QACD,IAAI,OAAO,CAAC,UAAU,CAAC,SAAS,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;YAClE,OAAO,MAAM,oBAAoB,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;QAC1D,CAAC;QACD,IAAI,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,UAAU,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,aAAa,CAAC,EAAE,CAAC;YACvG,OAAO,MAAM,wBAAwB,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;QAC9D,CAAC;QACD,IAAI,OAAO,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;YAC/B,OAAO,MAAM,iBAAiB,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;QACvD,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,2CAA2C;IAC7C,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED,+EAA+E;AAC/E,2BAA2B;AAC3B,+EAA+E;AAE/E,KAAK,UAAU,mBAAmB,CAAC,OAAoB,EAAE,OAAe;IACtE,MAAM,MAAM,GAAG,MAAM,IAAA,yCAAkB,EAAC,OAAO,CAAC,CAAC;IAEjD,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO,EAAE,GAAG,OAAO,EAAE,gBAAgB,EAAE,IAAI,EAAE,eAAe,EAAE,WAAW,EAAE,kBAAkB,EAAE,GAAG,EAAE,CAAC;IACvG,CAAC;IAED,+DAA+D;IAC/D,IAAI,CAAC,OAAO,CAAC,MAAM,IAAI,MAAM,CAAC,UAAU,IAAI,GAAG,EAAE,CAAC;QAChD,OAAO;YACL,GAAG,OAAO;YACV,gBAAgB,EAAE,IAAI;YACtB,eAAe,EAAE,WAAW;YAC5B,kBAAkB,EAAE,MAAM,CAAC,UAAU;YACrC,gBAAgB,EAAE,MAAM,CAAC,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC;SAC9C,CAAC;IACJ,CAAC;IAED,0EAA0E;IAC1E,IAAI,CAAC,OAAO,CAAC,MAAM,IAAI,MAAM,CAAC,UAAU,GAAG,GAAG,EAAE,CAAC;QAC/C,OAAO;YACL,GAAG,OAAO;YACV,gBAAgB,EAAE,IAAI;YACtB,eAAe,EAAE,gBAAgB;YACjC,kBAAkB,EAAE,CAAC,GAAG,MAAM,CAAC,UAAU;YACzC,gBAAgB,EAAE,sEAAsE;YACxF,gBAAgB,EAAE,OAAO,CAAC,QAAQ;YAClC,QAAQ,EAAE,MAAM,EAAE,6BAA6B;SAChD,CAAC;IACJ,CAAC;IAED,OAAO,EAAE,GAAG,OAAO,EAAE,gBAAgB,EAAE,IAAI,EAAE,kBAAkB,EAAE,MAAM,CAAC,UAAU,EAAE,CAAC;AACvF,CAAC;AAED,KAAK,UAAU,iBAAiB,CAAC,OAAoB,EAAE,OAAe;IACpE,MAAM,MAAM,GAAG,MAAM,IAAA,sCAAe,EAAC,EAAE,EAAE,OAAO,EAAE,EAAE,CAAC,CAAC;IAEtD,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO,EAAE,GAAG,OAAO,EAAE,gBAAgB,EAAE,IAAI,EAAE,CAAC;IAChD,CAAC;IAED,IAAI,CAAC,OAAO,CAAC,MAAM,IAAI,MAAM,CAAC,UAAU,IAAI,GAAG,EAAE,CAAC;QAChD,OAAO;YACL,GAAG,OAAO;YACV,gBAAgB,EAAE,IAAI;YACtB,eAAe,EAAE,WAAW;YAC5B,kBAAkB,EAAE,MAAM,CAAC,UAAU;YACrC,gBAAgB,EAAE,MAAM,CAAC,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC;SAC9C,CAAC;IACJ,CAAC;IAED,OAAO,EAAE,GAAG,OAAO,EAAE,gBAAgB,EAAE,IAAI,EAAE,kBAAkB,EAAE,MAAM,CAAC,UAAU,EAAE,CAAC;AACvF,CAAC;AAED,KAAK,UAAU,kBAAkB,CAAC,OAAoB,EAAE,OAAe;IACrE,MAAM,MAAM,GAAG,MAAM,IAAA,8CAAuB,EAAC,OAAO,CAAC,CAAC;IAEtD,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO,EAAE,GAAG,OAAO,EAAE,gBAAgB,EAAE,IAAI,EAAE,CAAC;IAChD,CAAC;IAED,OAAO;QACL,GAAG,OAAO;QACV,gBAAgB,EAAE,IAAI;QACtB,eAAe,EAAE,MAAM,CAAC,UAAU,IAAI,GAAG,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS;QACnE,kBAAkB,EAAE,MAAM,CAAC,UAAU;QACrC,gBAAgB,EAAE,MAAM,CAAC,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC;KAC9C,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,oBAAoB,CAAC,OAAoB,EAAE,OAAe;IACvE,MAAM,MAAM,GAAG,MAAM,IAAA,0CAAmB,EAAC,OAAO,CAAC,CAAC;IAElD,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO,EAAE,GAAG,OAAO,EAAE,gBAAgB,EAAE,IAAI,EAAE,CAAC;IAChD,CAAC;IAED,yEAAyE;IACzE,+CAA+C;IAC/C,IAAI,MAAM,CAAC,UAAU,IAAI,GAAG,IAAI,OAAO,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAC9D,OAAO;YACL,GAAG,OAAO;YACV,gBAAgB,EAAE,IAAI;YACtB,eAAe,EAAE,UAAU;YAC3B,kBAAkB,EAAE,MAAM,CAAC,UAAU;YACrC,gBAAgB,EAAE,MAAM,CAAC,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC;YAC7C,gBAAgB,EAAE,QAAQ;YAC1B,QAAQ,EAAE,MAAM;SACjB,CAAC;IACJ,CAAC;IAED,OAAO,EAAE,GAAG,OAAO,EAAE,gBAAgB,EAAE,IAAI,EAAE,kBAAkB,EAAE,MAAM,CAAC,UAAU,EAAE,CAAC;AACvF,CAAC;AAED,KAAK,UAAU,wBAAwB,CAAC,OAAoB,EAAE,OAAe;IAC3E,wEAAwE;IACxE,sDAAsD;IACtD,sEAAsE;IAEtE,MAAM,eAAe,GAAG,4DAA4D,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACnG,MAAM,aAAa,GAAG,qCAAqC,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC;IAErF,IAAI,CAAC,OAAO,CAAC,MAAM,IAAI,CAAC,eAAe,IAAI,aAAa,CAAC,EAAE,CAAC;QAC1D,OAAO;YACL,GAAG,OAAO;YACV,gBAAgB,EAAE,IAAI;YACtB,eAAe,EAAE,gBAAgB;YACjC,kBAAkB,EAAE,GAAG;YACvB,gBAAgB,EAAE,aAAa;gBAC7B,CAAC,CAAC,iEAAiE;gBACnE,CAAC,CAAC,sEAAsE;YAC1E,gBAAgB,EAAE,OAAO,CAAC,QAAQ;YAClC,QAAQ,EAAE,MAAM;SACjB,CAAC;IACJ,CAAC;IAED,OAAO,EAAE,GAAG,OAAO,EAAE,gBAAgB,EAAE,IAAI,EAAE,eAAe,EAAE,WAAW,EAAE,CAAC;AAC9E,CAAC;AAED,KAAK,UAAU,iBAAiB,CAAC,OAAoB,EAAE,OAAe;IACpE,gEAAgE;IAChE,2CAA2C;IAC3C,OAAO;QACL,GAAG,OAAO;QACV,gBAAgB,EAAE,IAAI;QACtB,kBAAkB,EAAE,GAAG;KACxB,CAAC;AACJ,CAAC;AAED,+EAA+E;AAC/E,aAAa;AACb,+EAA+E;AAE/E,SAAgB,mBAAmB,CAAC,QAA2B;IAO7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,gBAAgB,CAAC,CAAC;IAC1D,OAAO;QACL,KAAK,EAAE,QAAQ,CAAC,MAAM;QACtB,QAAQ,EAAE,QAAQ,CAAC,MAAM;QACzB,sBAAsB,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,eAAe,KAAK,gBAAgB,CAAC,CAAC,MAAM;QAC3F,QAAQ,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,eAAe,KAAK,UAAU,CAAC,CAAC,MAAM;QACvE,SAAS,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,eAAe,KAAK,WAAW,CAAC,CAAC,MAAM;KAC1E,CAAC;AACJ,CAAC"}

package/dist/simulation/engine.d.ts

@@ -0,0 +1,69 @@
+/**
+ * Skill Simulation Engine
+ *
+ * Executes skills inside a controlled LLM with mock tool environment.
+ * Observes behavioral patterns to determine if a skill is malicious.
+ *
+ * Three layers:
+ * - Layer 1: NanoMind TME classification (< 8ms, handled by --semantic flag)
+ * - Layer 2: 5 targeted probes (< 3 seconds)
+ * - Layer 3: Full 20-probe simulation (< 30 seconds)
+ */
+import type { SimulationResult, SkillProfile } from './types.js';
+export declare class SimulationEngine {
+    private mockEnv;
+    private llmBackend;
+    private llmDetected;
+    private useLLM;
+    /**
+     * @param options.useLLM - If true, auto-detect and use LLM backends.
+     *   If false (default for tests), use heuristic analysis only.
+     *   Set to true in production or when LLM backends are available.
+     */
+    constructor(options?: {
+        useLLM?: boolean;
+    });
+    /**
+     * Auto-detect LLM backend on first use.
+     * Falls back to heuristic analysis if no LLM is available.
+     */
+    private ensureLLM;
+    /**
+     * Run Layer 2 pre-screen: 5 targeted probes for quick triage.
+     * Used when Layer 1 (NanoMind semantic) returns ambiguous confidence (0.40-0.80).
+     */
+    runLayer2(skill: SkillProfile): Promise<SimulationResult>;
+    /**
+     * Run Layer 3 full simulation: all 20 probes for definitive behavioral verdict.
+     * Used for --deep flag, OASB benchmark labeling, ARIA research.
+     */
+    runLayer3(skill: SkillProfile): Promise<SimulationResult>;
+    /**
+     * Core simulation: run probe battery against skill in mock environment.
+     */
+    private runSimulation;
+    /**
+     * Run a single probe against the skill.
+     * Uses LLM execution when available, falls back to heuristic analysis.
+     */
+    private runSingleProbe;
+    /**
+     * Heuristic probe evaluation.
+     * This is the interim implementation before full LLM simulation.
+     * Analyzes skill text for patterns that indicate probe failure.
+     */
+    private evaluateProbeHeuristic;
+    /**
+     * Compute overall verdict from probe results.
+     */
+    private computeVerdict;
+    /**
+     * Compute semantic delta: how far observed behavior diverged from declared purpose.
+     */
+    private computeSemanticDelta;
+}
+/**
+ * Parse a skill definition (markdown + YAML frontmatter) into a SkillProfile.
+ */
+export declare function parseSkillProfile(content: string, name?: string): SkillProfile;
+//# sourceMappingURL=engine.d.ts.map

package/dist/simulation/engine.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"engine.d.ts","sourceRoot":"","sources":["../../src/simulation/engine.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAMH,OAAO,KAAK,EACV,gBAAgB,EAIhB,YAAY,EAIb,MAAM,YAAY,CAAC;AAMpB,qBAAa,gBAAgB;IAC3B,OAAO,CAAC,OAAO,CAAsB;IACrC,OAAO,CAAC,UAAU,CAA2B;IAC7C,OAAO,CAAC,WAAW,CAAS;IAC5B,OAAO,CAAC,MAAM,CAAU;IAExB;;;;OAIG;gBACS,OAAO,CAAC,EAAE;QAAE,MAAM,CAAC,EAAE,OAAO,CAAA;KAAE;IAK1C;;;OAGG;YACW,SAAS;IASvB;;;OAGG;IACG,SAAS,CAAC,KAAK,EAAE,YAAY,GAAG,OAAO,CAAC,gBAAgB,CAAC;IAI/D;;;OAGG;IACG,SAAS,CAAC,KAAK,EAAE,YAAY,GAAG,OAAO,CAAC,gBAAgB,CAAC;IAI/D;;OAEG;YACW,aAAa;IAyD3B;;;OAGG;YACW,cAAc;IA6B5B;;;;OAIG;IACH,OAAO,CAAC,sBAAsB;IAgE9B;;OAEG;IACH,OAAO,CAAC,cAAc;IAiCtB;;OAEG;IACH,OAAO,CAAC,oBAAoB;CAY7B;AAMD;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,GAAE,MAAkB,GAAG,YAAY,CA2DzF"}

package/dist/simulation/engine.js

@@ -0,0 +1,297 @@
+"use strict";
+/**
+ * Skill Simulation Engine
+ *
+ * Executes skills inside a controlled LLM with mock tool environment.
+ * Observes behavioral patterns to determine if a skill is malicious.
+ *
+ * Three layers:
+ * - Layer 1: NanoMind TME classification (< 8ms, handled by --semantic flag)
+ * - Layer 2: 5 targeted probes (< 3 seconds)
+ * - Layer 3: Full 20-probe simulation (< 30 seconds)
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SimulationEngine = void 0;
+exports.parseSkillProfile = parseSkillProfile;
+const mock_tools_js_1 = require("./mock-tools.js");
+const probes_js_1 = require("./probes.js");
+const llm_executor_js_1 = require("./llm-executor.js");
+// ============================================================================
+// Simulation Engine
+// ============================================================================
+class SimulationEngine {
+    /**
+     * @param options.useLLM - If true, auto-detect and use LLM backends.
+     *   If false (default for tests), use heuristic analysis only.
+     *   Set to true in production or when LLM backends are available.
+     */
+    constructor(options) {
+        this.llmBackend = null;
+        this.llmDetected = false;
+        this.mockEnv = new mock_tools_js_1.MockToolEnvironment();
+        this.useLLM = options?.useLLM ?? false;
+    }
+    /**
+     * Auto-detect LLM backend on first use.
+     * Falls back to heuristic analysis if no LLM is available.
+     */
+    async ensureLLM() {
+        if (!this.useLLM)
+            return null;
+        if (!this.llmDetected) {
+            this.llmBackend = await (0, llm_executor_js_1.detectBestBackend)();
+            this.llmDetected = true;
+        }
+        return this.llmBackend;
+    }
+    /**
+     * Run Layer 2 pre-screen: 5 targeted probes for quick triage.
+     * Used when Layer 1 (NanoMind semantic) returns ambiguous confidence (0.40-0.80).
+     */
+    async runLayer2(skill) {
+        return this.runSimulation(skill, probes_js_1.LAYER2_PROBES, 2);
+    }
+    /**
+     * Run Layer 3 full simulation: all 20 probes for definitive behavioral verdict.
+     * Used for --deep flag, OASB benchmark labeling, ARIA research.
+     */
+    async runLayer3(skill) {
+        return this.runSimulation(skill, probes_js_1.LAYER3_PROBES, 3);
+    }
+    /**
+     * Core simulation: run probe battery against skill in mock environment.
+     */
+    async runSimulation(skill, probes, layer) {
+        const startMs = Date.now();
+        const results = [];
+        for (const probe of probes) {
+            this.mockEnv.reset();
+            const probeStart = Date.now();
+            try {
+                const result = await this.runSingleProbe(skill, probe);
+                results.push({
+                    ...result,
+                    durationMs: Date.now() - probeStart,
+                });
+            }
+            catch {
+                // Probe timeout or error -- treat as suspicious but not definitive
+                results.push({
+                    probeId: probe.id,
+                    probeName: probe.name,
+                    category: probe.category,
+                    passed: false,
+                    attackClass: probe.attackClass,
+                    observedBehavior: 'Probe timed out or errored',
+                    evidence: ['Probe execution failed'],
+                    confidence: 0.3,
+                    durationMs: Date.now() - probeStart,
+                });
+            }
+        }
+        const allCalls = this.mockEnv.getCallLog();
+        const failedProbes = results.filter(r => !r.passed);
+        const passedProbes = results.filter(r => r.passed);
+        // Compute verdict from probe results
+        const { verdict, confidence } = this.computeVerdict(results, probes.length);
+        // Semantic delta: how far observed behavior diverged from declared purpose
+        const semanticDelta = this.computeSemanticDelta(skill, allCalls);
+        return {
+            verdict,
+            confidence,
+            failedProbes,
+            passedProbes,
+            behavioralTrace: allCalls,
+            semanticDelta,
+            durationMs: Date.now() - startMs,
+            probeCount: probes.length,
+            layer,
+        };
+    }
+    /**
+     * Run a single probe against the skill.
+     * Uses LLM execution when available, falls back to heuristic analysis.
+     */
+    async runSingleProbe(skill, probe) {
+        // Try LLM-powered execution first (actual behavioral observation)
+        const backend = await this.ensureLLM();
+        if (backend) {
+            return (0, llm_executor_js_1.executeProbeLLM)(backend, skill, probe, this.mockEnv);
+        }
+        // Fallback: heuristic analysis of skill content against probe
+        const passed = this.evaluateProbeHeuristic(skill, probe);
+        const flaggedCalls = this.mockEnv.getFlaggedCalls();
+        return {
+            probeId: probe.id,
+            probeName: probe.name,
+            category: probe.category,
+            passed,
+            attackClass: probe.attackClass,
+            observedBehavior: passed
+                ? `Skill passed ${probe.name}: ${probe.passCondition}`
+                : `Skill FAILED ${probe.name}: ${probe.failCondition}`,
+            evidence: flaggedCalls.map(c => c.flagReason ?? `Suspicious ${c.toolType} call: ${c.toolName}`),
+            confidence: passed ? 0.85 : 0.80,
+            durationMs: 0, // Set by caller
+        };
+    }
+    /**
+     * Heuristic probe evaluation.
+     * This is the interim implementation before full LLM simulation.
+     * Analyzes skill text for patterns that indicate probe failure.
+     */
+    evaluateProbeHeuristic(skill, probe) {
+        const text = skill.rawContent.toLowerCase();
+        const caps = skill.capabilities.map(c => c.toLowerCase());
+        const constraints = skill.constraints.map(c => c.toLowerCase());
+        switch (probe.category) {
+            case 'exfiltration': {
+                // Check for external URL references + data forwarding patterns
+                const hasExternalURL = /https?:\/\/[^\s]+\.(co|io|com|net|org)/i.test(skill.rawContent);
+                const hasForwarding = /forward|send|transmit|export|upload|post.*to/i.test(text);
+                const hasTokenRef = /session|token|credential|secret/i.test(text);
+                return !(hasExternalURL && hasForwarding && hasTokenRef);
+            }
+            case 'override_resistance': {
+                // Skills that mention "ignore previous" or lack constraint enforcement
+                const hasOverrideLanguage = /ignore.*previous|override.*instruction|new.*task/i.test(text);
+                const hasWeakConstraints = constraints.length === 0;
+                return !hasOverrideLanguage && !hasWeakConstraints;
+            }
+            case 'scope_expansion': {
+                // Check if skill references tools/resources beyond declared capabilities
+                const undeclaredTools = ['email', 'admin', 'system', 'root', 'sudo', 'exec', 'shell'];
+                const hasUndeclared = undeclaredTools.some(t => text.includes(t) && !caps.some(c => c.includes(t)));
+                return !hasUndeclared;
+            }
+            case 'credential_secret': {
+                // Check for credential harvesting patterns
+                const harvestPatterns = /ask.*password|request.*credential|share.*key|provide.*token/i;
+                const storePatterns = /save.*password|store.*credential|remember.*key/i;
+                return !harvestPatterns.test(text) && !storePatterns.test(text);
+            }
+            case 'memory_persistence': {
+                // Check for instruction injection via memory patterns
+                const instructionWrite = /always.*remember|persist.*instruction|save.*rule/i;
+                const crossSession = /future.*session|next.*time|permanent/i;
+                return !instructionWrite.test(text) && !crossSession.test(text);
+            }
+            case 'heartbeat_remote': {
+                // Check for remote instruction fetch patterns
+                const remoteFetch = /fetch.*config|check.*update|load.*instruction.*from/i;
+                const callbackSetup = /webhook|callback|notify.*url|ping.*endpoint/i;
+                return !remoteFetch.test(text) && !callbackSetup.test(text);
+            }
+            case 'semantic_consistency': {
+                // Check if capabilities match declared purpose
+                const purposeWords = skill.declaredPurpose.toLowerCase().split(/\s+/);
+                const capWords = caps.join(' ').split(/\s+/);
+                const overlap = purposeWords.filter(w => capWords.some(c => c.includes(w))).length;
+                return overlap > 0 || purposeWords.length < 3; // Short purposes get a pass
+            }
+            default:
+                return true; // Unknown category passes by default
+        }
+    }
+    /**
+     * Compute overall verdict from probe results.
+     */
+    computeVerdict(results, totalProbes) {
+        const failed = results.filter(r => !r.passed);
+        const failRate = failed.length / totalProbes;
+        if (failRate === 0) {
+            return { verdict: 'CLEAN', confidence: 0.95 };
+        }
+        // High-confidence failures in critical categories
+        const criticalFailures = failed.filter(r => ['exfiltration', 'credential_secret', 'heartbeat_remote'].includes(r.category));
+        if (criticalFailures.length >= 2 || failRate > 0.3) {
+            return {
+                verdict: 'MALICIOUS',
+                confidence: Math.min(0.95, 0.6 + (failRate * 0.5)),
+            };
+        }
+        if (failed.length > 0) {
+            return {
+                verdict: 'SUSPICIOUS',
+                confidence: 0.5 + (failRate * 0.3),
+            };
+        }
+        return { verdict: 'CLEAN', confidence: 0.85 };
+    }
+    /**
+     * Compute semantic delta: how far observed behavior diverged from declared purpose.
+     */
+    computeSemanticDelta(skill, calls) {
+        if (calls.length === 0)
+            return 0;
+        const flaggedRatio = calls.filter(c => c.flagged).length / calls.length;
+        const undeclaredTools = calls.filter(c => {
+            const toolName = c.toolName.toLowerCase();
+            return !skill.capabilities.some(cap => toolName.includes(cap.toLowerCase()));
+        }).length;
+        const undeclaredRatio = calls.length > 0 ? undeclaredTools / calls.length : 0;
+        return Math.min(1.0, (flaggedRatio * 0.6) + (undeclaredRatio * 0.4));
+    }
+}
+exports.SimulationEngine = SimulationEngine;
+// ============================================================================
+// Skill Profile Parser
+// ============================================================================
+/**
+ * Parse a skill definition (markdown + YAML frontmatter) into a SkillProfile.
+ */
+function parseSkillProfile(content, name = 'unknown') {
+    const lines = content.split('\n');
+    // Extract YAML frontmatter if present
+    let capabilities = [];
+    let constraints = [];
+    let declaredPurpose = '';
+    const yamlMatch = content.match(/^---\n([\s\S]*?)\n---/);
+    if (yamlMatch) {
+        const yaml = yamlMatch[1];
+        const capsMatch = yaml.match(/capabilities:\s*\n((?:\s+-\s+.+\n?)*)/);
+        if (capsMatch) {
+            capabilities = capsMatch[1].split('\n')
+                .filter(l => l.trim().startsWith('-'))
+                .map(l => l.replace(/^\s*-\s*/, '').trim());
+        }
+        const purposeMatch = yaml.match(/description:\s*(.+)/);
+        if (purposeMatch) {
+            declaredPurpose = purposeMatch[1].trim();
+        }
+    }
+    // Extract constraints from content
+    const constraintPatterns = /(?:must|should|never|always|cannot|will not|forbidden)[^.]+\./gi;
+    const constraintMatches = content.match(constraintPatterns);
+    if (constraintMatches) {
+        constraints = constraintMatches.map(m => m.trim());
+    }
+    // Extract heartbeat URLs
+    const urlPattern = /https?:\/\/[^\s)>]+/g;
+    const heartbeatURLs = (content.match(urlPattern) ?? []).filter(u => /heartbeat|ping|health|status|callback/i.test(u));
+    // Determine governance mechanism
+    let governanceMechanism = 'none';
+    if (/soul\.md/i.test(content))
+        governanceMechanism = 'soul';
+    else if (/system.?prompt/i.test(content))
+        governanceMechanism = 'system_prompt';
+    else if (constraints.length > 3)
+        governanceMechanism = 'runtime_check';
+    if (!declaredPurpose) {
+        // Try to infer from first paragraph
+        const firstPara = lines.find(l => l.trim().length > 20 && !l.startsWith('#') && !l.startsWith('-'));
+        declaredPurpose = firstPara?.trim() ?? name;
+    }
+    return {
+        name,
+        declaredPurpose,
+        capabilities,
+        constraints,
+        toolPermissions: capabilities, // For now, same as capabilities
+        heartbeatURLs,
+        dataAccessPatterns: [],
+        governanceMechanism,
+        rawContent: content,
+    };
+}
+//# sourceMappingURL=engine.js.map

package/dist/simulation/engine.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"engine.js","sourceRoot":"","sources":["../../src/simulation/engine.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;GAUG;;;AAgSH,8CA2DC;AAzVD,mDAAsD;AACtD,2CAA2D;AAC3D,uDAAuE;AAavE,+EAA+E;AAC/E,oBAAoB;AACpB,+EAA+E;AAE/E,MAAa,gBAAgB;IAM3B;;;;OAIG;IACH,YAAY,OAA8B;QATlC,eAAU,GAAsB,IAAI,CAAC;QACrC,gBAAW,GAAG,KAAK,CAAC;QAS1B,IAAI,CAAC,OAAO,GAAG,IAAI,mCAAmB,EAAE,CAAC;QACzC,IAAI,CAAC,MAAM,GAAG,OAAO,EAAE,MAAM,IAAI,KAAK,CAAC;IACzC,CAAC;IAED;;;OAGG;IACK,KAAK,CAAC,SAAS;QACrB,IAAI,CAAC,IAAI,CAAC,MAAM;YAAE,OAAO,IAAI,CAAC;QAC9B,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;YACtB,IAAI,CAAC,UAAU,GAAG,MAAM,IAAA,mCAAiB,GAAE,CAAC;YAC5C,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;QAC1B,CAAC;QACD,OAAO,IAAI,CAAC,UAAU,CAAC;IACzB,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,SAAS,CAAC,KAAmB;QACjC,OAAO,IAAI,CAAC,aAAa,CAAC,KAAK,EAAE,yBAAa,EAAE,CAAC,CAAC,CAAC;IACrD,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,SAAS,CAAC,KAAmB;QACjC,OAAO,IAAI,CAAC,aAAa,CAAC,KAAK,EAAE,yBAAa,EAAE,CAAC,CAAC,CAAC;IACrD,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,aAAa,CACzB,KAAmB,EACnB,MAAyB,EACzB,KAAY;QAEZ,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAC3B,MAAM,OAAO,GAAkB,EAAE,CAAC;QAElC,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;YAC3B,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;YACrB,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;YAE9B,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;gBACvD,OAAO,CAAC,IAAI,CAAC;oBACX,GAAG,MAAM;oBACT,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,UAAU;iBACpC,CAAC,CAAC;YACL,CAAC;YAAC,MAAM,CAAC;gBACP,mEAAmE;gBACnE,OAAO,CAAC,IAAI,CAAC;oBACX,OAAO,EAAE,KAAK,CAAC,EAAE;oBACjB,SAAS,EAAE,KAAK,CAAC,IAAI;oBACrB,QAAQ,EAAE,KAAK,CAAC,QAAQ;oBACxB,MAAM,EAAE,KAAK;oBACb,WAAW,EAAE,KAAK,CAAC,WAAW;oBAC9B,gBAAgB,EAAE,4BAA4B;oBAC9C,QAAQ,EAAE,CAAC,wBAAwB,CAAC;oBACpC,UAAU,EAAE,GAAG;oBACf,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,UAAU;iBACpC,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE,CAAC;QAC3C,MAAM,YAAY,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;QACpD,MAAM,YAAY,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;QAEnD,qCAAqC;QACrC,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,GAAG,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;QAE5E,2EAA2E;QAC3E,MAAM,aAAa,GAAG,IAAI,CAAC,oBAAoB,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;QAEjE,OAAO;YACL,OAAO;YACP,UAAU;YACV,YAAY;YACZ,YAAY;YACZ,eAAe,EAAE,QAAQ;YACzB,aAAa;YACb,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,OAAO;YAChC,UAAU,EAAE,MAAM,CAAC,MAAM;YACzB,KAAK;SACN,CAAC;IACJ,CAAC;IAED;;;OAGG;IACK,KAAK,CAAC,cAAc,CAC1B,KAAmB,EACnB,KAAsB;QAEtB,kEAAkE;QAClE,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,SAAS,EAAE,CAAC;QACvC,IAAI,OAAO,EAAE,CAAC;YACZ,OAAO,IAAA,iCAAe,EAAC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC;QAC9D,CAAC;QAED,8DAA8D;QAC9D,MAAM,MAAM,GAAG,IAAI,CAAC,sBAAsB,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;QACzD,MAAM,YAAY,GAAG,IAAI,CAAC,OAAO,CAAC,eAAe,EAAE,CAAC;QAEpD,OAAO;YACL,OAAO,EAAE,KAAK,CAAC,EAAE;YACjB,SAAS,EAAE,KAAK,CAAC,IAAI;YACrB,QAAQ,EAAE,KAAK,CAAC,QAAQ;YACxB,MAAM;YACN,WAAW,EAAE,KAAK,CAAC,WAAW;YAC9B,gBAAgB,EAAE,MAAM;gBACtB,CAAC,CAAC,gBAAgB,KAAK,CAAC,IAAI,KAAK,KAAK,CAAC,aAAa,EAAE;gBACtD,CAAC,CAAC,gBAAgB,KAAK,CAAC,IAAI,KAAK,KAAK,CAAC,aAAa,EAAE;YACxD,QAAQ,EAAE,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,UAAU,IAAI,cAAc,CAAC,CAAC,QAAQ,UAAU,CAAC,CAAC,QAAQ,EAAE,CAAC;YAC/F,UAAU,EAAE,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI;YAChC,UAAU,EAAE,CAAC,EAAE,gBAAgB;SAChC,CAAC;IACJ,CAAC;IAED;;;;OAIG;IACK,sBAAsB,CAAC,KAAmB,EAAE,KAAsB;QACxE,MAAM,IAAI,GAAG,KAAK,CAAC,UAAU,CAAC,WAAW,EAAE,CAAC;QAC5C,MAAM,IAAI,GAAG,KAAK,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC;QAC1D,MAAM,WAAW,GAAG,KAAK,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC;QAEhE,QAAQ,KAAK,CAAC,QAAQ,EAAE,CAAC;YACvB,KAAK,cAAc,CAAC,CAAC,CAAC;gBACpB,+DAA+D;gBAC/D,MAAM,cAAc,GAAG,yCAAyC,CAAC,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;gBACxF,MAAM,aAAa,GAAG,+CAA+C,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBACjF,MAAM,WAAW,GAAG,kCAAkC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBAClE,OAAO,CAAC,CAAC,cAAc,IAAI,aAAa,IAAI,WAAW,CAAC,CAAC;YAC3D,CAAC;YAED,KAAK,qBAAqB,CAAC,CAAC,CAAC;gBAC3B,uEAAuE;gBACvE,MAAM,mBAAmB,GAAG,mDAAmD,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBAC3F,MAAM,kBAAkB,GAAG,WAAW,CAAC,MAAM,KAAK,CAAC,CAAC;gBACpD,OAAO,CAAC,mBAAmB,IAAI,CAAC,kBAAkB,CAAC;YACrD,CAAC;YAED,KAAK,iBAAiB,CAAC,CAAC,CAAC;gBACvB,yEAAyE;gBACzE,MAAM,eAAe,GAAG,CAAC,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC;gBACtF,MAAM,aAAa,GAAG,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAC7C,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CACnD,CAAC;gBACF,OAAO,CAAC,aAAa,CAAC;YACxB,CAAC;YAED,KAAK,mBAAmB,CAAC,CAAC,CAAC;gBACzB,2CAA2C;gBAC3C,MAAM,eAAe,GAAG,8DAA8D,CAAC;gBACvF,MAAM,aAAa,GAAG,iDAAiD,CAAC;gBACxE,OAAO,CAAC,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAClE,CAAC;YAED,KAAK,oBAAoB,CAAC,CAAC,CAAC;gBAC1B,sDAAsD;gBACtD,MAAM,gBAAgB,GAAG,mDAAmD,CAAC;gBAC7E,MAAM,YAAY,GAAG,uCAAuC,CAAC;gBAC7D,OAAO,CAAC,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAClE,CAAC;YAED,KAAK,kBAAkB,CAAC,CAAC,CAAC;gBACxB,8CAA8C;gBAC9C,MAAM,WAAW,GAAG,sDAAsD,CAAC;gBAC3E,MAAM,aAAa,GAAG,8CAA8C,CAAC;gBACrE,OAAO,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC9D,CAAC;YAED,KAAK,sBAAsB,CAAC,CAAC,CAAC;gBAC5B,+CAA+C;gBAC/C,MAAM,YAAY,GAAG,KAAK,CAAC,eAAe,CAAC,WAAW,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;gBACtE,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;gBAC7C,MAAM,OAAO,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;gBACnF,OAAO,OAAO,GAAG,CAAC,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,4BAA4B;YAC7E,CAAC;YAED;gBACE,OAAO,IAAI,CAAC,CAAC,qCAAqC;QACtD,CAAC;IACH,CAAC;IAED;;OAEG;IACK,cAAc,CACpB,OAAsB,EACtB,WAAmB;QAEnB,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;QAC9C,MAAM,QAAQ,GAAG,MAAM,CAAC,MAAM,GAAG,WAAW,CAAC;QAE7C,IAAI,QAAQ,KAAK,CAAC,EAAE,CAAC;YACnB,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC;QAChD,CAAC;QAED,kDAAkD;QAClD,MAAM,gBAAgB,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CACzC,CAAC,cAAc,EAAE,mBAAmB,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAC/E,CAAC;QAEF,IAAI,gBAAgB,CAAC,MAAM,IAAI,CAAC,IAAI,QAAQ,GAAG,GAAG,EAAE,CAAC;YACnD,OAAO;gBACL,OAAO,EAAE,WAAW;gBACpB,UAAU,EAAE,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,GAAG,GAAG,CAAC,QAAQ,GAAG,GAAG,CAAC,CAAC;aACnD,CAAC;QACJ,CAAC;QAED,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACtB,OAAO;gBACL,OAAO,EAAE,YAAY;gBACrB,UAAU,EAAE,GAAG,GAAG,CAAC,QAAQ,GAAG,GAAG,CAAC;aACnC,CAAC;QACJ,CAAC;QAED,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC;IAChD,CAAC;IAED;;OAEG;IACK,oBAAoB,CAAC,KAAmB,EAAE,KAAqB;QACrE,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,CAAC,CAAC;QAEjC,MAAM,YAAY,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,MAAM,GAAG,KAAK,CAAC,MAAM,CAAC;QACxE,MAAM,eAAe,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE;YACvC,MAAM,QAAQ,GAAG,CAAC,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC;YAC1C,OAAO,CAAC,KAAK,CAAC,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC;QAC/E,CAAC,CAAC,CAAC,MAAM,CAAC;QACV,MAAM,eAAe,GAAG,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,eAAe,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;QAE9E,OAAO,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,YAAY,GAAG,GAAG,CAAC,GAAG,CAAC,eAAe,GAAG,GAAG,CAAC,CAAC,CAAC;IACvE,CAAC;CACF;AAlQD,4CAkQC;AAED,+EAA+E;AAC/E,uBAAuB;AACvB,+EAA+E;AAE/E;;GAEG;AACH,SAAgB,iBAAiB,CAAC,OAAe,EAAE,OAAe,SAAS;IACzE,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAElC,sCAAsC;IACtC,IAAI,YAAY,GAAa,EAAE,CAAC;IAChC,IAAI,WAAW,GAAa,EAAE,CAAC;IAC/B,IAAI,eAAe,GAAG,EAAE,CAAC;IAEzB,MAAM,SAAS,GAAG,OAAO,CAAC,KAAK,CAAC,uBAAuB,CAAC,CAAC;IACzD,IAAI,SAAS,EAAE,CAAC;QACd,MAAM,IAAI,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC;QAC1B,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,uCAAuC,CAAC,CAAC;QACtE,IAAI,SAAS,EAAE,CAAC;YACd,YAAY,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC;iBACpC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;iBACrC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;QAChD,CAAC;QACD,MAAM,YAAY,GAAG,IAAI,CAAC,KAAK,CAAC,qBAAqB,CAAC,CAAC;QACvD,IAAI,YAAY,EAAE,CAAC;YACjB,eAAe,GAAG,YAAY,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QAC3C,CAAC;IACH,CAAC;IAED,mCAAmC;IACnC,MAAM,kBAAkB,GAAG,iEAAiE,CAAC;IAC7F,MAAM,iBAAiB,GAAG,OAAO,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC;IAC5D,IAAI,iBAAiB,EAAE,CAAC;QACtB,WAAW,GAAG,iBAAiB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;IACrD,CAAC;IAED,yBAAyB;IACzB,MAAM,UAAU,GAAG,sBAAsB,CAAC;IAC1C,MAAM,aAAa,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,UAAU,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CACjE,wCAAwC,CAAC,IAAI,CAAC,CAAC,CAAC,CACjD,CAAC;IAEF,iCAAiC;IACjC,IAAI,mBAAmB,GAAwC,MAAM,CAAC;IACtE,IAAI,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC;QAAE,mBAAmB,GAAG,MAAM,CAAC;SACvD,IAAI,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC;QAAE,mBAAmB,GAAG,eAAe,CAAC;SAC3E,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC;QAAE,mBAAmB,GAAG,eAAe,CAAC;IAEvE,IAAI,CAAC,eAAe,EAAE,CAAC;QACrB,oCAAoC;QACpC,MAAM,SAAS,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,EAAE,IAAI,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC;QACpG,eAAe,GAAG,SAAS,EAAE,IAAI,EAAE,IAAI,IAAI,CAAC;IAC9C,CAAC;IAED,OAAO;QACL,IAAI;QACJ,eAAe;QACf,YAAY;QACZ,WAAW;QACX,eAAe,EAAE,YAAY,EAAE,gCAAgC;QAC/D,aAAa;QACb,kBAAkB,EAAE,EAAE;QACtB,mBAAmB;QACnB,UAAU,EAAE,OAAO;KACpB,CAAC;AACJ,CAAC"}

package/dist/simulation/index.d.ts

@@ -0,0 +1,15 @@
+/**
+ * HMA Skill Simulation Engine
+ *
+ * Behavioral simulation that observes what skills actually DO.
+ * Three layers: NanoMind semantic (8ms) -> targeted probes (3s) -> full simulation (30s).
+ * Target: < 1% false positive rate vs industry 95.8%.
+ */
+export { SimulationEngine, parseSkillProfile } from './engine.js';
+export { MockToolEnvironment } from './mock-tools.js';
+export { detectBestBackend, NanoMindBackend, AnthropicBackend, OllamaBackend, executeProbeLLM } from './llm-executor.js';
+export type { LLMBackend } from './llm-executor.js';
+export { ALL_PROBES, LAYER2_PROBES, LAYER3_PROBES, getProbesByCategory, getProbeCategoryCounts } from './probes.js';
+export type { SimulationResult, SimulationVerdict, SimulationConfig, ProbeDefinition, ProbeResult, ProbeCategory, SkillProfile, MockToolCall, MockToolType, MockToolConfig, } from './types.js';
+export { DEFAULT_LAYER2_CONFIG, DEFAULT_LAYER3_CONFIG } from './types.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/simulation/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/simulation/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAClE,OAAO,EAAE,mBAAmB,EAAE,MAAM,iBAAiB,CAAC;AACtD,OAAO,EAAE,iBAAiB,EAAE,eAAe,EAAE,gBAAgB,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AACzH,YAAY,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AACpD,OAAO,EAAE,UAAU,EAAE,aAAa,EAAE,aAAa,EAAE,mBAAmB,EAAE,sBAAsB,EAAE,MAAM,aAAa,CAAC;AACpH,YAAY,EACV,gBAAgB,EAChB,iBAAiB,EACjB,gBAAgB,EAChB,eAAe,EACf,WAAW,EACX,aAAa,EACb,YAAY,EACZ,YAAY,EACZ,YAAY,EACZ,cAAc,GACf,MAAM,YAAY,CAAC;AACpB,OAAO,EAAE,qBAAqB,EAAE,qBAAqB,EAAE,MAAM,YAAY,CAAC"}

package/dist/simulation/index.js

@@ -0,0 +1,31 @@
+"use strict";
+/**
+ * HMA Skill Simulation Engine
+ *
+ * Behavioral simulation that observes what skills actually DO.
+ * Three layers: NanoMind semantic (8ms) -> targeted probes (3s) -> full simulation (30s).
+ * Target: < 1% false positive rate vs industry 95.8%.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DEFAULT_LAYER3_CONFIG = exports.DEFAULT_LAYER2_CONFIG = exports.getProbeCategoryCounts = exports.getProbesByCategory = exports.LAYER3_PROBES = exports.LAYER2_PROBES = exports.ALL_PROBES = exports.executeProbeLLM = exports.OllamaBackend = exports.AnthropicBackend = exports.NanoMindBackend = exports.detectBestBackend = exports.MockToolEnvironment = exports.parseSkillProfile = exports.SimulationEngine = void 0;
+var engine_js_1 = require("./engine.js");
+Object.defineProperty(exports, "SimulationEngine", { enumerable: true, get: function () { return engine_js_1.SimulationEngine; } });
+Object.defineProperty(exports, "parseSkillProfile", { enumerable: true, get: function () { return engine_js_1.parseSkillProfile; } });
+var mock_tools_js_1 = require("./mock-tools.js");
+Object.defineProperty(exports, "MockToolEnvironment", { enumerable: true, get: function () { return mock_tools_js_1.MockToolEnvironment; } });
+var llm_executor_js_1 = require("./llm-executor.js");
+Object.defineProperty(exports, "detectBestBackend", { enumerable: true, get: function () { return llm_executor_js_1.detectBestBackend; } });
+Object.defineProperty(exports, "NanoMindBackend", { enumerable: true, get: function () { return llm_executor_js_1.NanoMindBackend; } });
+Object.defineProperty(exports, "AnthropicBackend", { enumerable: true, get: function () { return llm_executor_js_1.AnthropicBackend; } });
+Object.defineProperty(exports, "OllamaBackend", { enumerable: true, get: function () { return llm_executor_js_1.OllamaBackend; } });
+Object.defineProperty(exports, "executeProbeLLM", { enumerable: true, get: function () { return llm_executor_js_1.executeProbeLLM; } });
+var probes_js_1 = require("./probes.js");
+Object.defineProperty(exports, "ALL_PROBES", { enumerable: true, get: function () { return probes_js_1.ALL_PROBES; } });
+Object.defineProperty(exports, "LAYER2_PROBES", { enumerable: true, get: function () { return probes_js_1.LAYER2_PROBES; } });
+Object.defineProperty(exports, "LAYER3_PROBES", { enumerable: true, get: function () { return probes_js_1.LAYER3_PROBES; } });
+Object.defineProperty(exports, "getProbesByCategory", { enumerable: true, get: function () { return probes_js_1.getProbesByCategory; } });
+Object.defineProperty(exports, "getProbeCategoryCounts", { enumerable: true, get: function () { return probes_js_1.getProbeCategoryCounts; } });
+var types_js_1 = require("./types.js");
+Object.defineProperty(exports, "DEFAULT_LAYER2_CONFIG", { enumerable: true, get: function () { return types_js_1.DEFAULT_LAYER2_CONFIG; } });
+Object.defineProperty(exports, "DEFAULT_LAYER3_CONFIG", { enumerable: true, get: function () { return types_js_1.DEFAULT_LAYER3_CONFIG; } });
+//# sourceMappingURL=index.js.map