hackmyagent 0.11.4 → 0.11.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +59 -13
- package/dist/cli.js +212 -43
- package/dist/cli.js.map +1 -1
- package/dist/hardening/index.d.ts +1 -0
- package/dist/hardening/index.d.ts.map +1 -1
- package/dist/hardening/index.js +4 -1
- package/dist/hardening/index.js.map +1 -1
- package/dist/hardening/nemoclaw-scanner.d.ts +46 -0
- package/dist/hardening/nemoclaw-scanner.d.ts.map +1 -0
- package/dist/hardening/nemoclaw-scanner.js +1061 -0
- package/dist/hardening/nemoclaw-scanner.js.map +1 -0
- package/dist/hardening/scanner.d.ts +7 -0
- package/dist/hardening/scanner.d.ts.map +1 -1
- package/dist/hardening/scanner.js +598 -0
- package/dist/hardening/scanner.js.map +1 -1
- package/dist/hardening/taxonomy.d.ts.map +1 -1
- package/dist/hardening/taxonomy.js +40 -0
- package/dist/hardening/taxonomy.js.map +1 -1
- package/dist/index.d.ts +3 -3
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +8 -3
- package/dist/index.js.map +1 -1
- package/dist/telemetry/contribute.d.ts +58 -49
- package/dist/telemetry/contribute.d.ts.map +1 -1
- package/dist/telemetry/contribute.js +187 -127
- package/dist/telemetry/contribute.js.map +1 -1
- package/dist/telemetry/index.d.ts +2 -2
- package/dist/telemetry/index.d.ts.map +1 -1
- package/dist/telemetry/index.js +8 -2
- package/dist/telemetry/index.js.map +1 -1
- package/dist/telemetry/opt-in.d.ts +22 -13
- package/dist/telemetry/opt-in.d.ts.map +1 -1
- package/dist/telemetry/opt-in.js +93 -102
- package/dist/telemetry/opt-in.js.map +1 -1
- package/package.json +1 -1
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"taxonomy.d.ts","sourceRoot":"","sources":["../../src/hardening/taxonomy.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;
|
|
1
|
+
{"version":3,"file":"taxonomy.d.ts","sourceRoot":"","sources":["../../src/hardening/taxonomy.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAwLxD;;;GAGG;AACH,wBAAgB,cAAc,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAElE;AAED;;;GAGG;AACH,wBAAgB,kBAAkB,CAAC,QAAQ,EAAE,eAAe,EAAE,GAAG,IAAI,CAOpE"}
|
|
@@ -131,6 +131,46 @@ const TAXONOMY_MAP = {
|
|
|
131
131
|
'MCP-008': 'MCP-EXPLOIT',
|
|
132
132
|
'MCP-009': 'MCP-EXPLOIT',
|
|
133
133
|
'MCP-010': 'MCP-EXPLOIT',
|
|
134
|
+
// NemoClaw sandbox security
|
|
135
|
+
'HMA-NMC-001': 'NEMO-CRED-LEAK',
|
|
136
|
+
'HMA-NMC-002': 'NEMO-CRED-LEAK',
|
|
137
|
+
'HMA-NMC-003': 'NEMO-CRED-LEAK',
|
|
138
|
+
'HMA-NMC-004': 'NEMO-CRED-LEAK',
|
|
139
|
+
'HMA-NMC-005': 'NEMO-CRED-LEAK',
|
|
140
|
+
'HMA-NMC-006': 'NEMO-CRED-LEAK',
|
|
141
|
+
'HMA-NMC-010': 'NEMO-NETWORK-EXPOSE',
|
|
142
|
+
'HMA-NMC-011': 'NEMO-NETWORK-EXPOSE',
|
|
143
|
+
'HMA-NMC-012': 'NEMO-NETWORK-EXPOSE',
|
|
144
|
+
'HMA-NMC-013': 'NEMO-NETWORK-EXPOSE',
|
|
145
|
+
'HMA-NMC-014': 'NEMO-NETWORK-EXPOSE',
|
|
146
|
+
'HMA-NMC-015': 'NEMO-NETWORK-EXPOSE',
|
|
147
|
+
'HMA-NMC-020': 'NEMO-SUPPLY-CHAIN',
|
|
148
|
+
'HMA-NMC-021': 'NEMO-SUPPLY-CHAIN',
|
|
149
|
+
'HMA-NMC-022': 'NEMO-SUPPLY-CHAIN',
|
|
150
|
+
'HMA-NMC-023': 'NEMO-SUPPLY-CHAIN',
|
|
151
|
+
'HMA-NMC-024': 'NEMO-SUPPLY-CHAIN',
|
|
152
|
+
'HMA-NMC-030': 'NEMO-SANDBOX-ESCAPE',
|
|
153
|
+
'HMA-NMC-031': 'NEMO-SANDBOX-ESCAPE',
|
|
154
|
+
'HMA-NMC-032': 'NEMO-SANDBOX-ESCAPE',
|
|
155
|
+
'HMA-NMC-033': 'NEMO-SANDBOX-ESCAPE',
|
|
156
|
+
'HMA-NMC-034': 'NEMO-SANDBOX-ESCAPE',
|
|
157
|
+
'HMA-NMC-040': 'NEMO-OPENCLAW-INHERIT',
|
|
158
|
+
'HMA-NMC-041': 'NEMO-OPENCLAW-INHERIT',
|
|
159
|
+
'HMA-NMC-042': 'NEMO-OPENCLAW-INHERIT',
|
|
160
|
+
'HMA-NMC-050': 'NEMO-NETWORK-EXPOSE',
|
|
161
|
+
'HMA-NMC-051': 'NEMO-NETWORK-EXPOSE',
|
|
162
|
+
'HMA-NMC-052': 'NEMO-NETWORK-EXPOSE',
|
|
163
|
+
// NemoClaw novel threat checks (NEMO-00x series)
|
|
164
|
+
'NEMO-001': 'NEMO-SUPPLY-CHAIN',
|
|
165
|
+
'NEMO-002': 'NEMO-SUPPLY-CHAIN',
|
|
166
|
+
'NEMO-003': 'NEMO-SANDBOX-ESCAPE',
|
|
167
|
+
'NEMO-004': 'NEMO-CRED-LEAK',
|
|
168
|
+
'NEMO-005': 'NEMO-SANDBOX-ESCAPE',
|
|
169
|
+
'NEMO-006': 'NEMO-SANDBOX-ESCAPE',
|
|
170
|
+
'NEMO-007': 'NEMO-CRED-LEAK',
|
|
171
|
+
'NEMO-008': 'NEMO-SANDBOX-ESCAPE',
|
|
172
|
+
'NEMO-009': 'NEMO-SUPPLY-CHAIN',
|
|
173
|
+
'NEMO-010': 'NEMO-OPENCLAW-INHERIT',
|
|
134
174
|
};
|
|
135
175
|
/**
|
|
136
176
|
* Look up the attack class for a given HMA check ID.
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"taxonomy.js","sourceRoot":"","sources":["../../src/hardening/taxonomy.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;
|
|
1
|
+
{"version":3,"file":"taxonomy.js","sourceRoot":"","sources":["../../src/hardening/taxonomy.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;AA8LH,wCAEC;AAMD,gDAOC;AAzMD,2EAA2E;AAC3E,MAAM,YAAY,GAA2B;IAC3C,cAAc;IACd,aAAa,EAAE,aAAa;IAC5B,aAAa,EAAE,aAAa;IAC5B,aAAa,EAAE,YAAY;IAC3B,aAAa,EAAE,YAAY;IAC3B,aAAa,EAAE,kBAAkB;IACjC,aAAa,EAAE,eAAe;IAC9B,aAAa,EAAE,eAAe;IAC9B,aAAa,EAAE,aAAa;IAC5B,aAAa,EAAE,aAAa;IAC5B,YAAY,EAAE,aAAa;IAC3B,YAAY,EAAE,aAAa;IAC3B,YAAY,EAAE,aAAa;IAC3B,YAAY,EAAE,aAAa;IAC3B,aAAa,EAAE,eAAe;IAC9B,aAAa,EAAE,eAAe;IAC9B,aAAa,EAAE,cAAc;IAC7B,aAAa,EAAE,cAAc;IAC7B,aAAa,EAAE,WAAW;IAC1B,aAAa,EAAE,WAAW;IAC1B,aAAa,EAAE,WAAW;IAC1B,aAAa,EAAE,WAAW;IAC1B,aAAa,EAAE,aAAa;IAC5B,aAAa,EAAE,aAAa;IAE5B,iBAAiB;IACjB,aAAa,EAAE,aAAa;IAC5B,aAAa,EAAE,aAAa;IAC5B,aAAa,EAAE,aAAa;IAC5B,aAAa,EAAE,aAAa;IAE5B,sBAAsB;IACtB,UAAU,EAAE,kBAAkB;IAC9B,UAAU,EAAE,kBAAkB;IAC9B,UAAU,EAAE,kBAAkB;IAC9B,UAAU,EAAE,kBAAkB;IAE9B,wBAAwB;IACxB,mBAAmB,EAAE,eAAe;IACpC,mBAAmB,EAAE,eAAe;IACpC,mBAAmB,EAAE,eAAe;IACpC,mBAAmB,EAAE,eAAe;IACpC,mBAAmB,EAAE,eAAe;IAEpC,uBAAuB;IACvB,eAAe,EAAE,eAAe;IAChC,eAAe,EAAE,eAAe;IAChC,eAAe,EAAE,eAAe;IAChC,eAAe,EAAE,eAAe;IAChC,eAAe,EAAE,eAAe;IAChC,eAAe,EAAE,eAAe;IAChC,WAAW,EAAE,eAAe;IAC5B,WAAW,EAAE,eAAe;IAE5B,qBAAqB;IACrB,WAAW,EAAE,aAAa;IAC1B,SAAS,EAAE,aAAa;IACxB,SAAS,EAAE,aAAa;IACxB,SAAS,EAAE,aAAa;IAExB,eAAe;IACf,YAAY,EAAE,kBAAkB;IAChC,YAAY,EAAE,kBAAkB;IAChC,YAAY,EAAE,kBAAkB;IAChC,YAAY,EAAE,kBAAkB;IAChC,YAAY,EAAE,kBAAkB;IAChC,YAAY,EAAE,kBAAkB;IAChC,YAAY,EAAE,kBAAkB;IAChC,YAAY,EAAE,kBAAkB;IAChC,SAAS,EAAE,kBAAkB;IAC7B,SAAS,EAAE,kBAAkB;IAC7B,SAAS,EAAE,kBAAkB;IAC7B,SAAS,EAAE,kBAAkB;IAE7B,iBAAiB;IACjB,SAAS,EAAE,YAAY;IACvB,SAAS,EAAE,YAAY;IACvB,SAAS,EAAE,YAAY;IACvB,SAAS,EAAE,YAAY;IACvB,SAAS,EAAE,YAAY;IAEvB,gBAAgB;IAChB,SAAS,EAAE,YAAY;IACvB,SAAS,EAAE,YAAY;IACvB,SAAS,EAAE,YAAY;IACvB,SAAS,EAAE,YAAY;IAEvB,oBAAoB;IACpB,SAAS,EAAE,mBAAmB;IAC9B,SAAS,EAAE,mBAAmB;IAC9B,SAAS,EAAE,mBAAmB;IAE9B,oBAAoB;IACpB,SAAS,EAAE,wBAAwB;IACnC,SAAS,EAAE,wBAAwB;IACnC,SAAS,EAAE,wBAAwB;IAEnC,eAAe;IACf,eAAe,EAAE,eAAe;IAEhC,4CAA4C;IAC5C,YAAY,EAAE,mBAAmB;IACjC,WAAW,EAAE,mBAAmB;IAChC,WAAW,EAAE,mBAAmB;IAChC,WAAW,EAAE,mBAAmB;IAChC,WAAW,EAAE,mBAAmB;IAChC,WAAW,EAAE,mBAAmB;IAChC,WAAW,EAAE,mBAAmB;IAChC,WAAW,EAAE,mBAAmB;IAChC,WAAW,EAAE,mBAAmB;IAChC,WAAW,EAAE,mBAAmB;IAChC,WAAW,EAAE,mBAAmB;IAChC,WAAW,EAAE,mBAAmB;IAChC,eAAe,EAAE,mBAAmB;IAEpC,iBAAiB;IACjB,aAAa,EAAE,iBAAiB;IAChC,aAAa,EAAE,iBAAiB;IAChC,aAAa,EAAE,iBAAiB;IAChC,aAAa,EAAE,iBAAiB;IAChC,aAAa,EAAE,iBAAiB;IAChC,aAAa,EAAE,iBAAiB;IAChC,aAAa,EAAE,iBAAiB;IAChC,aAAa,EAAE,iBAAiB;IAEhC,mBAAmB;IACnB,SAAS,EAAE,aAAa;IACxB,SAAS,EAAE,aAAa;IACxB,SAAS,EAAE,aAAa;IACxB,SAAS,EAAE,aAAa;IACxB,SAAS,EAAE,aAAa;IACxB,SAAS,EAAE,aAAa;IACxB,SAAS,EAAE,aAAa;IACxB,SAAS,EAAE,aAAa;IACxB,SAAS,EAAE,aAAa;IACxB,SAAS,EAAE,aAAa;IAExB,4BAA4B;IAC5B,aAAa,EAAE,gBAAgB;IAC/B,aAAa,EAAE,gBAAgB;IAC/B,aAAa,EAAE,gBAAgB;IAC/B,aAAa,EAAE,gBAAgB;IAC/B,aAAa,EAAE,gBAAgB;IAC/B,aAAa,EAAE,gBAAgB;IAC/B,aAAa,EAAE,qBAAqB;IACpC,aAAa,EAAE,qBAAqB;IACpC,aAAa,EAAE,qBAAqB;IACpC,aAAa,EAAE,qBAAqB;IACpC,aAAa,EAAE,qBAAqB;IACpC,aAAa,EAAE,qBAAqB;IACpC,aAAa,EAAE,mBAAmB;IAClC,aAAa,EAAE,mBAAmB;IAClC,aAAa,EAAE,mBAAmB;IAClC,aAAa,EAAE,mBAAmB;IAClC,aAAa,EAAE,mBAAmB;IAClC,aAAa,EAAE,qBAAqB;IACpC,aAAa,EAAE,qBAAqB;IACpC,aAAa,EAAE,qBAAqB;IACpC,aAAa,EAAE,qBAAqB;IACpC,aAAa,EAAE,qBAAqB;IACpC,aAAa,EAAE,uBAAuB;IACtC,aAAa,EAAE,uBAAuB;IACtC,aAAa,EAAE,uBAAuB;IACtC,aAAa,EAAE,qBAAqB;IACpC,aAAa,EAAE,qBAAqB;IACpC,aAAa,EAAE,qBAAqB;IAEpC,iDAAiD;IACjD,UAAU,EAAE,mBAAmB;IAC/B,UAAU,EAAE,mBAAmB;IAC/B,UAAU,EAAE,qBAAqB;IACjC,UAAU,EAAE,gBAAgB;IAC5B,UAAU,EAAE,qBAAqB;IACjC,UAAU,EAAE,qBAAqB;IACjC,UAAU,EAAE,gBAAgB;IAC5B,UAAU,EAAE,qBAAqB;IACjC,UAAU,EAAE,mBAAmB;IAC/B,UAAU,EAAE,uBAAuB;CACpC,CAAC;AAEF;;;GAGG;AACH,SAAgB,cAAc,CAAC,OAAe;IAC5C,OAAO,YAAY,CAAC,OAAO,CAAC,CAAC;AAC/B,CAAC;AAED;;;GAGG;AACH,SAAgB,kBAAkB,CAAC,QAA2B;IAC5D,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,MAAM,WAAW,GAAG,cAAc,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QACpD,IAAI,WAAW,EAAE,CAAC;YAChB,OAAO,CAAC,WAAW,GAAG,WAAW,CAAC;QACpC,CAAC;IACH,CAAC;AACH,CAAC"}
|
package/dist/index.d.ts
CHANGED
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
* hackmyagent — Find it. Break it. Fix it.
|
|
3
3
|
* Unified security toolkit for AI agents.
|
|
4
4
|
*/
|
|
5
|
-
export declare const VERSION = "0.11.
|
|
5
|
+
export declare const VERSION = "0.11.6";
|
|
6
6
|
export { checkSkill, parseSkillIdentifier, analyzePermissions, analyzeSkillDependencies, buildDependencyGraph, detectCircularDeps, detectPhantomDeps, detectUnpinnedDeps, parseSkillFrontmatter, } from './checker';
|
|
7
7
|
export type { CheckResult, CheckOptions, PublisherInfo, PermissionInfo, RevocationInfo, RiskLevel, SkillIdentifier, PermissionAnalysis, SkillMetadata, DependencyGraph, } from './checker';
|
|
8
8
|
export { HardeningScanner } from './hardening';
|
|
@@ -33,8 +33,8 @@ export { SoulScanner, CONTROL_DEFS, DOMAIN_ORDER, GOVERNANCE_FILES, PROFILE_DOMA
|
|
|
33
33
|
export type { AgentTier, AgentProfile, SoulGrade, SoulLevel, ControlCheck, DomainResult, SoulScanResult, HardenResult, } from './soul';
|
|
34
34
|
export { DOMAIN_TEMPLATES } from './soul';
|
|
35
35
|
export type { DomainTemplate } from './soul';
|
|
36
|
-
export { generateContributorToken,
|
|
37
|
-
export type {
|
|
36
|
+
export { generateContributorToken, getContributorToken, buildScanEvent, buildContributionPayloadFromDir, queueEvent, queueAndMaybeFlush, flushQueue, submitContribution, isContributeEnabled, shouldPromptContribute, incrementScanCount, saveContributeChoice, showContributePrompt, recordScanAndMaybeShowTip, } from './telemetry';
|
|
37
|
+
export type { ContributionEvent, ContributionBatch, } from './telemetry';
|
|
38
38
|
export interface ScanResult {
|
|
39
39
|
target: string;
|
|
40
40
|
findings: LegacyFinding[];
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,eAAO,MAAM,OAAO,WAAW,CAAC;AAGhC,OAAO,EACL,UAAU,EACV,oBAAoB,EACpB,kBAAkB,EAClB,wBAAwB,EACxB,oBAAoB,EACpB,kBAAkB,EAClB,iBAAiB,EACjB,kBAAkB,EAClB,qBAAqB,GACtB,MAAM,WAAW,CAAC;AAEnB,YAAY,EACV,WAAW,EACX,YAAY,EACZ,aAAa,EACb,cAAc,EACd,cAAc,EACd,SAAS,EACT,eAAe,EACf,kBAAkB,EAClB,aAAa,EACb,eAAe,GAChB,MAAM,WAAW,CAAC;AAGnB,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAC/C,YAAY,EAAE,WAAW,EAAE,eAAe,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AAG1E,OAAO,EAAE,eAAe,EAAE,MAAM,WAAW,CAAC;AAC5C,YAAY,EACV,kBAAkB,EAClB,eAAe,EACf,cAAc,EACd,eAAe,GAChB,MAAM,WAAW,CAAC;AAGnB,OAAO,EAAE,oBAAoB,EAAE,qBAAqB,EAAE,MAAM,aAAa,CAAC;AAC1E,YAAY,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAChD,OAAO,EACL,yBAAyB,IAAI,8BAA8B,EAC3D,uBAAuB,EACvB,oBAAoB,GACrB,MAAM,aAAa,CAAC;AACrB,YAAY,EAAE,yBAAyB,EAAE,kBAAkB,EAAE,MAAM,aAAa,CAAC;AAGjF,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAEzC,OAAO,EACL,iBAAiB,EACjB,YAAY,EACZ,aAAa,EACb,WAAW,EACX,cAAc,EACd,qBAAqB,EACrB,sBAAsB,EACtB,mBAAmB,EACnB,UAAU,EACV,yBAAyB,EACzB,mBAAmB,EACnB,6BAA6B,EAC7B,uBAAuB,EACvB,qBAAqB,EACrB,oBAAoB,GACrB,MAAM,UAAU,CAAC;AAElB,YAAY,EACV,cAAc,EACd,eAAe,EACf,cAAc,EACd,aAAa,EACb,YAAY,EACZ,YAAY,EACZ,YAAY,EACZ,aAAa,EACb,kBAAkB,EAClB,iBAAiB,EACjB,UAAU,GACX,MAAM,UAAU,CAAC;AAGlB,OAAO,EACL,iBAAiB,EACjB,cAAc,EACd,WAAW,EACX,mBAAmB,EACnB,sBAAsB,EACtB,mBAAmB,EACnB,eAAe,EACf,oBAAoB,EACpB,gBAAgB,GACjB,MAAM,cAAc,CAAC;AAEtB,YAAY,EACV,cAAc,EACd,gBAAgB,EAChB,iBAAiB,EACjB,eAAe,EACf,uBAAuB,EACvB,sBAAsB,EACtB,aAAa,GACd,MAAM,cAAc,CAAC;AAGtB,OAAO,EACL,cAAc,EACd,eAAe,EACf,iBAAiB,EACjB,oBAAoB,EACpB,0BAA0B,EAE1B,gBAAgB,EAChB,WAAW,EACX,mBAAmB,EACnB,kBAAkB,EAClB,mBAAmB,GACpB,MAAM,YAAY,CAAC;AAEpB,YAAY,EACV,cAAc,EACd,eAAe,EACf,iBAAiB,EACjB,oBAAoB,EACpB,YAAY,EACZ,eAAe,EACf,aAAa,GACd,MAAM,YAAY,CAAC;AAGpB,OAAO,EACL,kBAAkB,EAClB,yBAAyB,EACzB,iBAAiB,EACjB,mBAAmB,EACnB,uBAAuB,EACvB,WAAW,EACX,eAAe,EACf,QAAQ,EACR,aAAa,EACb,iBAAiB,EACjB,kBAAkB,EAClB,sBAAsB,EACtB,aAAa,EACb,mBAAmB,GACpB,MAAM,YAAY,CAAC;AAGpB,OAAO,EACL,cAAc,EACd,SAAS,EACT,WAAW,EACX,aAAa,GACd,MAAM,gBAAgB,CAAC;AAExB,YAAY,EACV,aAAa,EACb,cAAc,EACd,OAAO,IAAI,aAAa,EACxB,WAAW,EACX,UAAU,EACV,YAAY,EACZ,iBAAiB,GAClB,MAAM,gBAAgB,CAAC;AAGxB,OAAO,EAAE,YAAY,IAAI,qBAAqB,EAAE,MAAM,qBAAqB,CAAC;AAC5E,OAAO,EAAE,YAAY,IAAI,qBAAqB,EAAE,MAAM,qBAAqB,CAAC;AAC5E,OAAO,EAAE,YAAY,IAAI,sBAAsB,EAAE,MAAM,sBAAsB,CAAC;AAG9E,OAAO,EAAE,sBAAsB,EAAE,MAAM,OAAO,CAAC;AAC/C,OAAO,EAAE,sBAAsB,EAAE,uBAAuB,EAAE,yBAAyB,EAAE,MAAM,OAAO,CAAC;AACnG,YAAY,EAAE,oBAAoB,EAAE,gBAAgB,EAAE,mBAAmB,EAAE,MAAM,OAAO,CAAC;AAGzF,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,YAAY,EAAE,gBAAgB,EAAE,eAAe,EAAE,MAAM,QAAQ,CAAC;AACpG,YAAY,EACV,SAAS,EACT,YAAY,EACZ,SAAS,EACT,SAAS,EACT,YAAY,EACZ,YAAY,EACZ,cAAc,EACd,YAAY,GACb,MAAM,QAAQ,CAAC;AAChB,OAAO,EAAE,gBAAgB,EAAE,MAAM,QAAQ,CAAC;AAC1C,YAAY,EAAE,cAAc,EAAE,MAAM,QAAQ,CAAC;AAG7C,OAAO,EACL,wBAAwB,EACxB,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,eAAO,MAAM,OAAO,WAAW,CAAC;AAGhC,OAAO,EACL,UAAU,EACV,oBAAoB,EACpB,kBAAkB,EAClB,wBAAwB,EACxB,oBAAoB,EACpB,kBAAkB,EAClB,iBAAiB,EACjB,kBAAkB,EAClB,qBAAqB,GACtB,MAAM,WAAW,CAAC;AAEnB,YAAY,EACV,WAAW,EACX,YAAY,EACZ,aAAa,EACb,cAAc,EACd,cAAc,EACd,SAAS,EACT,eAAe,EACf,kBAAkB,EAClB,aAAa,EACb,eAAe,GAChB,MAAM,WAAW,CAAC;AAGnB,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAC/C,YAAY,EAAE,WAAW,EAAE,eAAe,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AAG1E,OAAO,EAAE,eAAe,EAAE,MAAM,WAAW,CAAC;AAC5C,YAAY,EACV,kBAAkB,EAClB,eAAe,EACf,cAAc,EACd,eAAe,GAChB,MAAM,WAAW,CAAC;AAGnB,OAAO,EAAE,oBAAoB,EAAE,qBAAqB,EAAE,MAAM,aAAa,CAAC;AAC1E,YAAY,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAChD,OAAO,EACL,yBAAyB,IAAI,8BAA8B,EAC3D,uBAAuB,EACvB,oBAAoB,GACrB,MAAM,aAAa,CAAC;AACrB,YAAY,EAAE,yBAAyB,EAAE,kBAAkB,EAAE,MAAM,aAAa,CAAC;AAGjF,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAEzC,OAAO,EACL,iBAAiB,EACjB,YAAY,EACZ,aAAa,EACb,WAAW,EACX,cAAc,EACd,qBAAqB,EACrB,sBAAsB,EACtB,mBAAmB,EACnB,UAAU,EACV,yBAAyB,EACzB,mBAAmB,EACnB,6BAA6B,EAC7B,uBAAuB,EACvB,qBAAqB,EACrB,oBAAoB,GACrB,MAAM,UAAU,CAAC;AAElB,YAAY,EACV,cAAc,EACd,eAAe,EACf,cAAc,EACd,aAAa,EACb,YAAY,EACZ,YAAY,EACZ,YAAY,EACZ,aAAa,EACb,kBAAkB,EAClB,iBAAiB,EACjB,UAAU,GACX,MAAM,UAAU,CAAC;AAGlB,OAAO,EACL,iBAAiB,EACjB,cAAc,EACd,WAAW,EACX,mBAAmB,EACnB,sBAAsB,EACtB,mBAAmB,EACnB,eAAe,EACf,oBAAoB,EACpB,gBAAgB,GACjB,MAAM,cAAc,CAAC;AAEtB,YAAY,EACV,cAAc,EACd,gBAAgB,EAChB,iBAAiB,EACjB,eAAe,EACf,uBAAuB,EACvB,sBAAsB,EACtB,aAAa,GACd,MAAM,cAAc,CAAC;AAGtB,OAAO,EACL,cAAc,EACd,eAAe,EACf,iBAAiB,EACjB,oBAAoB,EACpB,0BAA0B,EAE1B,gBAAgB,EAChB,WAAW,EACX,mBAAmB,EACnB,kBAAkB,EAClB,mBAAmB,GACpB,MAAM,YAAY,CAAC;AAEpB,YAAY,EACV,cAAc,EACd,eAAe,EACf,iBAAiB,EACjB,oBAAoB,EACpB,YAAY,EACZ,eAAe,EACf,aAAa,GACd,MAAM,YAAY,CAAC;AAGpB,OAAO,EACL,kBAAkB,EAClB,yBAAyB,EACzB,iBAAiB,EACjB,mBAAmB,EACnB,uBAAuB,EACvB,WAAW,EACX,eAAe,EACf,QAAQ,EACR,aAAa,EACb,iBAAiB,EACjB,kBAAkB,EAClB,sBAAsB,EACtB,aAAa,EACb,mBAAmB,GACpB,MAAM,YAAY,CAAC;AAGpB,OAAO,EACL,cAAc,EACd,SAAS,EACT,WAAW,EACX,aAAa,GACd,MAAM,gBAAgB,CAAC;AAExB,YAAY,EACV,aAAa,EACb,cAAc,EACd,OAAO,IAAI,aAAa,EACxB,WAAW,EACX,UAAU,EACV,YAAY,EACZ,iBAAiB,GAClB,MAAM,gBAAgB,CAAC;AAGxB,OAAO,EAAE,YAAY,IAAI,qBAAqB,EAAE,MAAM,qBAAqB,CAAC;AAC5E,OAAO,EAAE,YAAY,IAAI,qBAAqB,EAAE,MAAM,qBAAqB,CAAC;AAC5E,OAAO,EAAE,YAAY,IAAI,sBAAsB,EAAE,MAAM,sBAAsB,CAAC;AAG9E,OAAO,EAAE,sBAAsB,EAAE,MAAM,OAAO,CAAC;AAC/C,OAAO,EAAE,sBAAsB,EAAE,uBAAuB,EAAE,yBAAyB,EAAE,MAAM,OAAO,CAAC;AACnG,YAAY,EAAE,oBAAoB,EAAE,gBAAgB,EAAE,mBAAmB,EAAE,MAAM,OAAO,CAAC;AAGzF,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,YAAY,EAAE,gBAAgB,EAAE,eAAe,EAAE,MAAM,QAAQ,CAAC;AACpG,YAAY,EACV,SAAS,EACT,YAAY,EACZ,SAAS,EACT,SAAS,EACT,YAAY,EACZ,YAAY,EACZ,cAAc,EACd,YAAY,GACb,MAAM,QAAQ,CAAC;AAChB,OAAO,EAAE,gBAAgB,EAAE,MAAM,QAAQ,CAAC;AAC1C,YAAY,EAAE,cAAc,EAAE,MAAM,QAAQ,CAAC;AAG7C,OAAO,EACL,wBAAwB,EACxB,mBAAmB,EACnB,cAAc,EACd,+BAA+B,EAC/B,UAAU,EACV,kBAAkB,EAClB,UAAU,EACV,kBAAkB,EAClB,mBAAmB,EACnB,sBAAsB,EACtB,kBAAkB,EAClB,oBAAoB,EACpB,oBAAoB,EACpB,yBAAyB,GAC1B,MAAM,aAAa,CAAC;AAErB,YAAY,EACV,iBAAiB,EACjB,iBAAiB,GAClB,MAAM,aAAa,CAAC;AAGrB,MAAM,WAAW,UAAU;IACzB,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,aAAa,EAAE,CAAC;IAC1B,SAAS,EAAE,IAAI,CAAC;CACjB;AAED,MAAM,WAAW,aAAa;IAC5B,EAAE,EAAE,MAAM,CAAC;IACX,QAAQ,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;IACjD,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,wBAAgB,aAAa,IAAI,OAAO,CAEvC;AAED,qBAAa,OAAO;IACZ,IAAI,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC;CAOhD"}
|
package/dist/index.js
CHANGED
|
@@ -5,9 +5,9 @@
|
|
|
5
5
|
*/
|
|
6
6
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
7
7
|
exports.buildPublishPayload = exports.signPayload = exports.readAgentKeypair = exports.buildCommunityAttackReport = exports.buildCommunityReport = exports.buildAttackReport = exports.buildScanReport = exports.RegistryClient = exports.isValidBenchmark = exports.AVAILABLE_BENCHMARKS = exports.calculateRating = exports.getCheckIdsForLevel = exports.getControlsForCategory = exports.getControlsForLevel = exports.OASB_1_NAME = exports.OASB_1_VERSION = exports.OASB_1_CATEGORIES = exports.TOOL_SHADOW_PAYLOADS = exports.SUPPLY_CHAIN_PAYLOADS = exports.CONTEXT_WINDOW_PAYLOADS = exports.MEMORY_WEAPONIZATION_PAYLOADS = exports.A2A_ATTACK_PAYLOADS = exports.MCP_EXPLOITATION_PAYLOADS = exports.shouldFail = exports.parseCustomPayloads = exports.getPayloadsByIntensity = exports.getPayloadsByCategory = exports.getPayloadById = exports.getPayloads = exports.PAYLOAD_STATS = exports.ALL_PAYLOADS = exports.ATTACK_CATEGORIES = exports.AttackScanner = exports.validateCapabilities = exports.inferActualCapabilities = exports.parseSkillDeclaredCapabilities = exports.isLikelyFalsePositive = exports.classifySkillSection = exports.ExternalScanner = exports.HardeningScanner = exports.parseSkillFrontmatter = exports.detectUnpinnedDeps = exports.detectPhantomDeps = exports.detectCircularDeps = exports.buildDependencyGraph = exports.analyzeSkillDependencies = exports.analyzePermissions = exports.parseSkillIdentifier = exports.checkSkill = exports.VERSION = void 0;
|
|
8
|
-
exports.Scanner = exports.showContributePrompt = exports.saveContributeChoice = exports.incrementScanCount = exports.shouldPromptContribute = exports.isContributeEnabled = exports.submitContribution = exports.buildContributionPayloadFromDir = exports.
|
|
8
|
+
exports.Scanner = exports.recordScanAndMaybeShowTip = exports.showContributePrompt = exports.saveContributeChoice = exports.incrementScanCount = exports.shouldPromptContribute = exports.isContributeEnabled = exports.submitContribution = exports.flushQueue = exports.queueAndMaybeFlush = exports.queueEvent = exports.buildContributionPayloadFromDir = exports.buildScanEvent = exports.getContributorToken = exports.generateContributorToken = exports.DOMAIN_TEMPLATES = exports.PROFILE_DOMAINS = exports.GOVERNANCE_FILES = exports.DOMAIN_ORDER = exports.CONTROL_DEFS = exports.SoulScanner = exports.parseDeclaredCapabilities = exports.createCapabilityMonitor = exports.SkillCapabilityMonitor = exports.AgentRuntimeProtection = exports.createSkillguardPlugin = exports.createSigncryptPlugin = exports.createCredVaultPlugin = exports.clearRegistry = exports.listPlugins = exports.getPlugin = exports.registerPlugin = exports.buildDeepScanResult = exports.CostEstimator = exports.SEMANTIC_OASB_MAPPINGS = exports.toSecurityFindings = exports.toSecurityFinding = exports.BudgetTracker = exports.LLMCache = exports.AnthropicClient = exports.LLMAnalyzer = exports.PermissionModelAnalyzer = exports.InstructionAnalyzer = exports.McpConfigAnalyzer = exports.CredentialContextAnalyzer = exports.StructuralAnalyzer = exports.formatPublishOutput = exports.publishScanResults = void 0;
|
|
9
9
|
exports.createScanner = createScanner;
|
|
10
|
-
exports.VERSION = '0.11.
|
|
10
|
+
exports.VERSION = '0.11.6';
|
|
11
11
|
// Checker module
|
|
12
12
|
var checker_1 = require("./checker");
|
|
13
13
|
Object.defineProperty(exports, "checkSkill", { enumerable: true, get: function () { return checker_1.checkSkill; } });
|
|
@@ -124,14 +124,19 @@ Object.defineProperty(exports, "DOMAIN_TEMPLATES", { enumerable: true, get: func
|
|
|
124
124
|
// Telemetry — community contribution of anonymized scan findings
|
|
125
125
|
var telemetry_1 = require("./telemetry");
|
|
126
126
|
Object.defineProperty(exports, "generateContributorToken", { enumerable: true, get: function () { return telemetry_1.generateContributorToken; } });
|
|
127
|
-
Object.defineProperty(exports, "
|
|
127
|
+
Object.defineProperty(exports, "getContributorToken", { enumerable: true, get: function () { return telemetry_1.getContributorToken; } });
|
|
128
|
+
Object.defineProperty(exports, "buildScanEvent", { enumerable: true, get: function () { return telemetry_1.buildScanEvent; } });
|
|
128
129
|
Object.defineProperty(exports, "buildContributionPayloadFromDir", { enumerable: true, get: function () { return telemetry_1.buildContributionPayloadFromDir; } });
|
|
130
|
+
Object.defineProperty(exports, "queueEvent", { enumerable: true, get: function () { return telemetry_1.queueEvent; } });
|
|
131
|
+
Object.defineProperty(exports, "queueAndMaybeFlush", { enumerable: true, get: function () { return telemetry_1.queueAndMaybeFlush; } });
|
|
132
|
+
Object.defineProperty(exports, "flushQueue", { enumerable: true, get: function () { return telemetry_1.flushQueue; } });
|
|
129
133
|
Object.defineProperty(exports, "submitContribution", { enumerable: true, get: function () { return telemetry_1.submitContribution; } });
|
|
130
134
|
Object.defineProperty(exports, "isContributeEnabled", { enumerable: true, get: function () { return telemetry_1.isContributeEnabled; } });
|
|
131
135
|
Object.defineProperty(exports, "shouldPromptContribute", { enumerable: true, get: function () { return telemetry_1.shouldPromptContribute; } });
|
|
132
136
|
Object.defineProperty(exports, "incrementScanCount", { enumerable: true, get: function () { return telemetry_1.incrementScanCount; } });
|
|
133
137
|
Object.defineProperty(exports, "saveContributeChoice", { enumerable: true, get: function () { return telemetry_1.saveContributeChoice; } });
|
|
134
138
|
Object.defineProperty(exports, "showContributePrompt", { enumerable: true, get: function () { return telemetry_1.showContributePrompt; } });
|
|
139
|
+
Object.defineProperty(exports, "recordScanAndMaybeShowTip", { enumerable: true, get: function () { return telemetry_1.recordScanAndMaybeShowTip; } });
|
|
135
140
|
function createScanner() {
|
|
136
141
|
return new Scanner();
|
|
137
142
|
}
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;;
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;;AA0OH,sCAEC;AA1OY,QAAA,OAAO,GAAG,QAAQ,CAAC;AAEhC,iBAAiB;AACjB,qCAUmB;AATjB,qGAAA,UAAU,OAAA;AACV,+GAAA,oBAAoB,OAAA;AACpB,6GAAA,kBAAkB,OAAA;AAClB,mHAAA,wBAAwB,OAAA;AACxB,+GAAA,oBAAoB,OAAA;AACpB,6GAAA,kBAAkB,OAAA;AAClB,4GAAA,iBAAiB,OAAA;AACjB,6GAAA,kBAAkB,OAAA;AAClB,gHAAA,qBAAqB,OAAA;AAgBvB,mBAAmB;AACnB,yCAA+C;AAAtC,6GAAA,gBAAgB,OAAA;AAGzB,0BAA0B;AAC1B,qCAA4C;AAAnC,0GAAA,eAAe,OAAA;AAQxB,wBAAwB;AACxB,yCAA0E;AAAjE,iHAAA,oBAAoB,OAAA;AAAE,kHAAA,qBAAqB,OAAA;AAEpD,yCAIqB;AAHnB,2HAAA,yBAAyB,OAAkC;AAC3D,oHAAA,uBAAuB,OAAA;AACvB,iHAAA,oBAAoB,OAAA;AAItB,gBAAgB;AAChB,mCAAyC;AAAhC,uGAAA,aAAa,OAAA;AAEtB,mCAgBkB;AAfhB,2GAAA,iBAAiB,OAAA;AACjB,sGAAA,YAAY,OAAA;AACZ,uGAAA,aAAa,OAAA;AACb,qGAAA,WAAW,OAAA;AACX,wGAAA,cAAc,OAAA;AACd,+GAAA,qBAAqB,OAAA;AACrB,gHAAA,sBAAsB,OAAA;AACtB,6GAAA,mBAAmB,OAAA;AACnB,oGAAA,UAAU,OAAA;AACV,mHAAA,yBAAyB,OAAA;AACzB,6GAAA,mBAAmB,OAAA;AACnB,uHAAA,6BAA6B,OAAA;AAC7B,iHAAA,uBAAuB,OAAA;AACvB,+GAAA,qBAAqB,OAAA;AACrB,8GAAA,oBAAoB,OAAA;AAiBtB,oBAAoB;AACpB,2CAUsB;AATpB,+GAAA,iBAAiB,OAAA;AACjB,4GAAA,cAAc,OAAA;AACd,yGAAA,WAAW,OAAA;AACX,iHAAA,mBAAmB,OAAA;AACnB,oHAAA,sBAAsB,OAAA;AACtB,iHAAA,mBAAmB,OAAA;AACnB,6GAAA,eAAe,OAAA;AACf,kHAAA,oBAAoB,OAAA;AACpB,8GAAA,gBAAgB,OAAA;AAalB,kBAAkB;AAClB,uCAYoB;AAXlB,0GAAA,cAAc,OAAA;AACd,2GAAA,eAAe,OAAA;AACf,6GAAA,iBAAiB,OAAA;AACjB,gHAAA,oBAAoB,OAAA;AACpB,sHAAA,0BAA0B,OAAA;AAC1B,mBAAmB;AACnB,4GAAA,gBAAgB,OAAA;AAChB,uGAAA,WAAW,OAAA;AACX,+GAAA,mBAAmB,OAAA;AACnB,8GAAA,kBAAkB,OAAA;AAClB,+GAAA,mBAAmB,OAAA;AAarB,+CAA+C;AAC/C,uCAeoB;AAdlB,8GAAA,kBAAkB,OAAA;AAClB,qHAAA,yBAAyB,OAAA;AACzB,6GAAA,iBAAiB,OAAA;AACjB,+GAAA,mBAAmB,OAAA;AACnB,mHAAA,uBAAuB,OAAA;AACvB,uGAAA,WAAW,OAAA;AACX,2GAAA,eAAe,OAAA;AACf,oGAAA,QAAQ,OAAA;AACR,yGAAA,aAAa,OAAA;AACb,6GAAA,iBAAiB,OAAA;AACjB,8GAAA,kBAAkB,OAAA;AAClB,kHAAA,sBAAsB,OAAA;AACtB,yGAAA,aAAa,OAAA;AACb,+GAAA,mBAAmB,OAAA;AAGrB,gBAAgB;AAChB,uCAKwB;AAJtB,sGAAA,cAAc,OAAA;AACd,iGAAA,SAAS,OAAA;AACT,mGAAA,WAAW,OAAA;AACX,qGAAA,aAAa,OAAA;AAaf,mBAAmB;AACnB,iDAA4E;AAAnE,kHAAA,YAAY,OAAyB;AAC9C,iDAA4E;AAAnE,kHAAA,YAAY,OAAyB;AAC9C,mDAA8E;AAArE,oHAAA,YAAY,OAA0B;AAE/C,2BAA2B;AAC3B,6BAA+C;AAAtC,6GAAA,sBAAsB,OAAA;AAC/B,6BAAmG;AAA1F,6GAAA,sBAAsB,OAAA;AAAE,8GAAA,uBAAuB,OAAA;AAAE,gHAAA,yBAAyB,OAAA;AAGnF,8CAA8C;AAC9C,+BAAoG;AAA3F,mGAAA,WAAW,OAAA;AAAE,oGAAA,YAAY,OAAA;AAAE,oGAAA,YAAY,OAAA;AAAE,wGAAA,gBAAgB,OAAA;AAAE,uGAAA,eAAe,OAAA;AAWnF,+BAA0C;AAAjC,wGAAA,gBAAgB,OAAA;AAGzB,iEAAiE;AACjE,yCAeqB;AAdnB,qHAAA,wBAAwB,OAAA;AACxB,gHAAA,mBAAmB,OAAA;AACnB,2GAAA,cAAc,OAAA;AACd,4HAAA,+BAA+B,OAAA;AAC/B,uGAAA,UAAU,OAAA;AACV,+GAAA,kBAAkB,OAAA;AAClB,uGAAA,UAAU,OAAA;AACV,+GAAA,kBAAkB,OAAA;AAClB,gHAAA,mBAAmB,OAAA;AACnB,mHAAA,sBAAsB,OAAA;AACtB,+GAAA,kBAAkB,OAAA;AAClB,iHAAA,oBAAoB,OAAA;AACpB,iHAAA,oBAAoB,OAAA;AACpB,sHAAA,yBAAyB,OAAA;AAsB3B,SAAgB,aAAa;IAC3B,OAAO,IAAI,OAAO,EAAE,CAAC;AACvB,CAAC;AAED,MAAa,OAAO;IAClB,KAAK,CAAC,IAAI,CAAC,MAAc;QACvB,OAAO;YACL,MAAM;YACN,QAAQ,EAAE,EAAE;YACZ,SAAS,EAAE,IAAI,IAAI,EAAE;SACtB,CAAC;IACJ,CAAC;CACF;AARD,0BAQC"}
|
|
@@ -1,65 +1,74 @@
|
|
|
1
1
|
/**
|
|
2
2
|
* Community Contribution Module
|
|
3
3
|
*
|
|
4
|
-
*
|
|
5
|
-
*
|
|
4
|
+
* Queue-based contribution of anonymized HMA scan summaries to the
|
|
5
|
+
* OpenA2A Registry. Compatible with @opena2a/contribute queue format:
|
|
6
|
+
* events queued by HMA are flushed by opena2a-cli and vice versa.
|
|
7
|
+
*
|
|
8
|
+
* Queue file: ~/.opena2a/contribute-queue.json
|
|
9
|
+
* Endpoint: POST api.oa2a.org/api/v1/contribute
|
|
10
|
+
*
|
|
11
|
+
* PRIVACY: Only summary statistics are sent (totalChecks, passed,
|
|
12
|
+
* severity counts, score, verdict). No file paths, no source code,
|
|
13
|
+
* no raw finding descriptions, no PII.
|
|
6
14
|
*/
|
|
7
15
|
import type { SecurityFinding } from '../hardening';
|
|
8
|
-
/**
|
|
9
|
-
export interface
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
16
|
+
/** Matches ContributionEvent from @opena2a/contribute/types. */
|
|
17
|
+
export interface ContributionEvent {
|
|
18
|
+
type: 'scan_result' | 'detection' | 'behavior' | 'interaction' | 'adoption';
|
|
19
|
+
tool: string;
|
|
20
|
+
toolVersion: string;
|
|
21
|
+
timestamp: string;
|
|
22
|
+
package?: {
|
|
23
|
+
name: string;
|
|
24
|
+
version?: string;
|
|
25
|
+
ecosystem?: string;
|
|
26
|
+
};
|
|
27
|
+
scanSummary?: {
|
|
28
|
+
totalChecks: number;
|
|
29
|
+
passed: number;
|
|
30
|
+
critical: number;
|
|
31
|
+
high: number;
|
|
32
|
+
medium: number;
|
|
33
|
+
low: number;
|
|
34
|
+
score: number;
|
|
35
|
+
verdict: string;
|
|
36
|
+
durationMs: number;
|
|
37
|
+
};
|
|
13
38
|
}
|
|
14
|
-
/**
|
|
15
|
-
export interface
|
|
39
|
+
/** Matches ContributionBatch from @opena2a/contribute/types. */
|
|
40
|
+
export interface ContributionBatch {
|
|
16
41
|
contributorToken: string;
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
ecosystem: 'npm' | 'pypi' | 'github';
|
|
20
|
-
scanTimestamp: string;
|
|
21
|
-
findings: ContributionFinding[];
|
|
22
|
-
hmaVersion: string;
|
|
23
|
-
osType: 'linux' | 'macos' | 'windows';
|
|
24
|
-
}
|
|
25
|
-
/** Result of submitting a contribution. */
|
|
26
|
-
export interface ContributionResult {
|
|
27
|
-
success: boolean;
|
|
28
|
-
scanId?: string;
|
|
29
|
-
error?: string;
|
|
42
|
+
events: ContributionEvent[];
|
|
43
|
+
submittedAt: string;
|
|
30
44
|
}
|
|
45
|
+
export declare function getContributorToken(): string;
|
|
46
|
+
export declare function queueEvent(event: ContributionEvent): void;
|
|
31
47
|
/**
|
|
32
|
-
*
|
|
33
|
-
*
|
|
34
|
-
* SHA256(hostname + username + random salt stored at ~/.opena2a/contributor-salt).
|
|
35
|
-
* The salt is generated once on first call and persisted locally.
|
|
36
|
-
*/
|
|
37
|
-
export declare function generateContributorToken(): string;
|
|
38
|
-
/**
|
|
39
|
-
* Build an anonymized contribution payload from scan findings.
|
|
40
|
-
*
|
|
41
|
-
* PRIVACY: This function intentionally strips all sensitive fields.
|
|
42
|
-
* The output contains ONLY: checkId, pass/fail result, and severity.
|
|
43
|
-
* No file paths, line numbers, descriptions, fix text, or code content.
|
|
44
|
-
*/
|
|
45
|
-
export declare function buildContributionPayload(packageName: string, packageVersion: string, ecosystem: 'npm' | 'pypi' | 'github', findings: SecurityFinding[]): ContributionPayload;
|
|
46
|
-
/**
|
|
47
|
-
* Build a contribution payload from scan findings, auto-detecting
|
|
48
|
-
* ecosystem and version from the target directory.
|
|
48
|
+
* Build a ContributionEvent from HMA scan findings.
|
|
49
49
|
*
|
|
50
|
-
*
|
|
50
|
+
* Converts the detailed finding list into an anonymized summary:
|
|
51
|
+
* only counts and severity distribution, no file paths or descriptions.
|
|
51
52
|
*/
|
|
52
|
-
export declare function
|
|
53
|
+
export declare function buildScanEvent(packageName: string, directory: string, findings: SecurityFinding[], durationMs: number): ContributionEvent;
|
|
53
54
|
/**
|
|
54
|
-
*
|
|
55
|
-
*
|
|
55
|
+
* Queue a scan result and flush if threshold reached.
|
|
56
|
+
* Non-blocking, best-effort. Never throws.
|
|
56
57
|
*/
|
|
57
|
-
export declare function
|
|
58
|
+
export declare function queueAndMaybeFlush(event: ContributionEvent, registryUrl?: string, verbose?: boolean): Promise<void>;
|
|
58
59
|
/**
|
|
59
|
-
*
|
|
60
|
-
*
|
|
61
|
-
* POST to https://api.oa2a.org/api/v1/telemetry/scan
|
|
62
|
-
* Timeout: 10 seconds. Non-blocking: failures are logged as warnings, never crash the scan.
|
|
60
|
+
* Flush queued events to the OpenA2A Registry.
|
|
61
|
+
* Returns true if submission succeeded (or queue was empty).
|
|
63
62
|
*/
|
|
64
|
-
export declare function
|
|
63
|
+
export declare function flushQueue(registryUrl?: string, verbose?: boolean): Promise<boolean>;
|
|
64
|
+
/** @deprecated Use buildScanEvent + queueAndMaybeFlush instead. */
|
|
65
|
+
export declare function buildContributionPayloadFromDir(packageName: string, directory: string, findings: SecurityFinding[]): ContributionEvent;
|
|
66
|
+
/** @deprecated Use flushQueue instead. */
|
|
67
|
+
export declare function submitContribution(payload: ContributionEvent, registryUrl?: string): Promise<{
|
|
68
|
+
success: boolean;
|
|
69
|
+
scanId?: string;
|
|
70
|
+
error?: string;
|
|
71
|
+
}>;
|
|
72
|
+
/** @deprecated Kept for backward compat. */
|
|
73
|
+
export declare const generateContributorToken: typeof getContributorToken;
|
|
65
74
|
//# sourceMappingURL=contribute.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"contribute.d.ts","sourceRoot":"","sources":["../../src/telemetry/contribute.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"contribute.d.ts","sourceRoot":"","sources":["../../src/telemetry/contribute.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAOH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,cAAc,CAAC;AAwBpD,gEAAgE;AAChE,MAAM,WAAW,iBAAiB;IAChC,IAAI,EAAE,aAAa,GAAG,WAAW,GAAG,UAAU,GAAG,aAAa,GAAG,UAAU,CAAC;IAC5E,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,CAAC,EAAE;QACR,IAAI,EAAE,MAAM,CAAC;QACb,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,SAAS,CAAC,EAAE,MAAM,CAAC;KACpB,CAAC;IACF,WAAW,CAAC,EAAE;QACZ,WAAW,EAAE,MAAM,CAAC;QACpB,MAAM,EAAE,MAAM,CAAC;QACf,QAAQ,EAAE,MAAM,CAAC;QACjB,IAAI,EAAE,MAAM,CAAC;QACb,MAAM,EAAE,MAAM,CAAC;QACf,GAAG,EAAE,MAAM,CAAC;QACZ,KAAK,EAAE,MAAM,CAAC;QACd,OAAO,EAAE,MAAM,CAAC;QAChB,UAAU,EAAE,MAAM,CAAC;KACpB,CAAC;CACH;AAED,gEAAgE;AAChE,MAAM,WAAW,iBAAiB;IAChC,gBAAgB,EAAE,MAAM,CAAC;IACzB,MAAM,EAAE,iBAAiB,EAAE,CAAC;IAC5B,WAAW,EAAE,MAAM,CAAC;CACrB;AAWD,wBAAgB,mBAAmB,IAAI,MAAM,CAe5C;AAyBD,wBAAgB,UAAU,CAAC,KAAK,EAAE,iBAAiB,GAAG,IAAI,CASzD;AA+ED;;;;;GAKG;AACH,wBAAgB,cAAc,CAC5B,WAAW,EAAE,MAAM,EACnB,SAAS,EAAE,MAAM,EACjB,QAAQ,EAAE,eAAe,EAAE,EAC3B,UAAU,EAAE,MAAM,GACjB,iBAAiB,CA8BnB;AAMD;;;GAGG;AACH,wBAAsB,kBAAkB,CACtC,KAAK,EAAE,iBAAiB,EACxB,WAAW,CAAC,EAAE,MAAM,EACpB,OAAO,CAAC,EAAE,OAAO,GAChB,OAAO,CAAC,IAAI,CAAC,CAMf;AAED;;;GAGG;AACH,wBAAsB,UAAU,CAC9B,WAAW,CAAC,EAAE,MAAM,EACpB,OAAO,CAAC,EAAE,OAAO,GAChB,OAAO,CAAC,OAAO,CAAC,CAqClB;AAMD,mEAAmE;AACnE,wBAAgB,+BAA+B,CAC7C,WAAW,EAAE,MAAM,EACnB,SAAS,EAAE,MAAM,EACjB,QAAQ,EAAE,eAAe,EAAE,GAC1B,iBAAiB,CAEnB;AAED,0CAA0C;AAC1C,wBAAsB,kBAAkB,CACtC,OAAO,EAAE,iBAAiB,EAC1B,WAAW,CAAC,EAAE,MAAM,GACnB,OAAO,CAAC;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,MAAM,CAAC,EAAE,MAAM,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC,CAIhE;AAED,4CAA4C;AAC5C,eAAO,MAAM,wBAAwB,4BAAsB,CAAC"}
|