hackmyagent 0.11.6 → 0.11.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +6 -7
- package/dist/cli.js +39 -19
- package/dist/cli.js.map +1 -1
- package/dist/hardening/scanner.d.ts +39 -0
- package/dist/hardening/scanner.d.ts.map +1 -1
- package/dist/hardening/scanner.js +583 -0
- package/dist/hardening/scanner.js.map +1 -1
- package/dist/hardening/security-check.d.ts +2 -0
- package/dist/hardening/security-check.d.ts.map +1 -1
- package/dist/hardening/taxonomy.d.ts.map +1 -1
- package/dist/hardening/taxonomy.js +13 -0
- package/dist/hardening/taxonomy.js.map +1 -1
- package/dist/index.d.ts +1 -1
- package/dist/index.js +1 -1
- package/dist/mcp-server.js +1 -1
- package/dist/mcp-server.js.map +1 -1
- package/package.json +1 -1
|
@@ -26,6 +26,14 @@ export declare class HardeningScanner {
|
|
|
26
26
|
* Validate that a file path is within the target directory (no path traversal)
|
|
27
27
|
*/
|
|
28
28
|
private isPathWithinDirectory;
|
|
29
|
+
/**
|
|
30
|
+
* Load .hmaignore file from target directory. Returns list of path prefixes to exclude.
|
|
31
|
+
*/
|
|
32
|
+
private loadHmaIgnore;
|
|
33
|
+
/**
|
|
34
|
+
* Check if a file path matches any .hmaignore pattern.
|
|
35
|
+
*/
|
|
36
|
+
private isPathIgnored;
|
|
29
37
|
scan(options: ScanOptions): Promise<ScanResult>;
|
|
30
38
|
private detectPlatform;
|
|
31
39
|
/**
|
|
@@ -193,5 +201,36 @@ export declare class HardeningScanner {
|
|
|
193
201
|
* egress policy gaps.
|
|
194
202
|
*/
|
|
195
203
|
private checkNemoClawPatterns;
|
|
204
|
+
/**
|
|
205
|
+
* LLM-001 to LLM-004: Exposed LLM inference endpoints
|
|
206
|
+
* Detects Ollama, vLLM, LocalAI, text-generation-webui configs bound
|
|
207
|
+
* to public interfaces or missing authentication.
|
|
208
|
+
*/
|
|
209
|
+
private checkLLMExposure;
|
|
210
|
+
/**
|
|
211
|
+
* AITOOL-001 to AITOOL-004: Exposed AI development tooling
|
|
212
|
+
* Detects Jupyter, Gradio, Streamlit, MLflow, LangServe configs
|
|
213
|
+
* that are publicly accessible.
|
|
214
|
+
*/
|
|
215
|
+
private checkAIToolExposure;
|
|
216
|
+
/**
|
|
217
|
+
* A2A-001 to A2A-002: A2A protocol exposure
|
|
218
|
+
* Detects .well-known/agent.json and task submission endpoints
|
|
219
|
+
* that are publicly accessible without authentication.
|
|
220
|
+
*/
|
|
221
|
+
private checkA2AExposure;
|
|
222
|
+
/**
|
|
223
|
+
* MCP-011: MCP discovery endpoint exposure
|
|
224
|
+
* Detects .well-known/mcp files that make MCP servers discoverable.
|
|
225
|
+
*/
|
|
226
|
+
private checkMCPDiscovery;
|
|
227
|
+
/**
|
|
228
|
+
* WEBCRED-001 to WEBCRED-002: Credentials in web-served files
|
|
229
|
+
* Detects API keys in HTML, JS, and other files typically served
|
|
230
|
+
* by web servers. Distinct from CRED-001 which checks config files.
|
|
231
|
+
*/
|
|
232
|
+
private checkWebServedCredentials;
|
|
233
|
+
/** Helper: recursively find files in web-served directories */
|
|
234
|
+
private findWebFiles;
|
|
196
235
|
}
|
|
197
236
|
//# sourceMappingURL=scanner.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"scanner.d.ts","sourceRoot":"","sources":["../../src/hardening/scanner.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAKH,OAAO,KAAK,EAAE,UAAU,EAA0C,MAAM,kBAAkB,CAAC;
|
|
1
|
+
{"version":3,"file":"scanner.d.ts","sourceRoot":"","sources":["../../src/hardening/scanner.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAKH,OAAO,KAAK,EAAE,UAAU,EAA0C,MAAM,kBAAkB,CAAC;AA0F3F,MAAM,WAAW,WAAW;IAC1B,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,0CAA0C;IAC1C,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,0DAA0D;IAC1D,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,wEAAwE;IACxE,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB,2EAA2E;IAC3E,IAAI,CAAC,EAAE,OAAO,CAAC;IACf,oDAAoD;IACpD,UAAU,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,KAAK,IAAI,CAAC;IACvC,mEAAmE;IACnE,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAoID,qBAAa,gBAAgB;IAC3B,OAAO,CAAC,OAAO,CAAiB;IAEhC,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,YAAY,CA2BlC;IAEF;;OAEG;IACH,OAAO,CAAC,qBAAqB;IAM7B;;OAEG;YACW,aAAa;IAa3B;;OAEG;IACH,OAAO,CAAC,aAAa;IASf,IAAI,CAAC,OAAO,EAAE,WAAW,GAAG,OAAO,CAAC,UAAU,CAAC;YAmWvC,cAAc;IAwE5B;;OAEG;YACW,iBAAiB;IA+F/B;;OAEG;IACH,OAAO,CAAC,gBAAgB;YAeV,uBAAuB;YAmGvB,aAAa;YAgDb,cAAc;YA+Fd,oBAAoB;YAwDpB,gBAAgB;YA0IhB,oBAAoB;YAgFpB,gBAAgB;YA2IhB,mBAAmB;YA4EnB,iBAAiB;YAyCjB,iBAAiB;YA+DjB,wBAAwB;YA0FxB,wBAAwB;YAmExB,wBAAwB;YAqHxB,oBAAoB;YA+GpB,uBAAuB;YAwIvB,iBAAiB;YA8GjB,oBAAoB;YAsHpB,mBAAmB;YAiGnB,gBAAgB;YAmIhB,oBAAoB;YAoIpB,gBAAgB;YAyHhB,qBAAqB;YA+GrB,eAAe;IAiI7B;;OAEG;YACW,mBAAmB;IA8GjC;;OAEG;YACW,oBAAoB;IAiKlC;;OAEG;YACW,iBAAiB;IA4I/B;;OAEG;YACW,oBAAoB;IAwIlC;;OAEG;YACW,eAAe;IAqJ7B;;OAEG;YACW,eAAe;IAuI7B;;OAEG;YACW,eAAe;IAyG7B;;OAEG;YACW,mBAAmB;IAmHjC,OAAO,CAAC,cAAc;IAsBtB;;OAEG;YACW,YAAY;IAkD1B;;OAEG;IACG,QAAQ,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IA6DhD;;;OAGG;YACW,cAAc;IAgD5B;;OAEG;YACW,mBAAmB;IAycjC;;;OAGG;YACW,kBAAkB;IAgDhC;;OAEG;YACW,sBAAsB;IA2LpC;;OAEG;YACW,sBAAsB;IA+BpC;;OAEG;YACW,oBAAoB;IAqVlC;;OAEG;IACH,OAAO,CAAC,mBAAmB;IA4B3B;;OAEG;YACW,iBAAiB;IA8D/B;;OAEG;YACW,mBAAmB;IA6VjC;;OAEG;YACW,wBAAwB;IA4OtC;;OAEG;YACW,gBAAgB;IA6J9B;;;OAGG;YACW,eAAe;IAoD7B;;;OAGG;YACW,aAAa;IAwC3B;;;OAGG;YACW,oBAAoB;IA+JlC;;;OAGG;YACW,iBAAiB;IA6H/B;;;OAGG;YACW,kBAAkB;IA+EhC;;;OAGG;YACW,aAAa;IAuF3B;;OAEG;YACW,gBAAgB;IA+D9B;;;;OAIG;YACW,yBAAyB;IAqWvC;;;;;OAKG;YACW,qBAAqB;IA2lBnC;;;;OAIG;YACW,gBAAgB;IAqG9B;;;;OAIG;YACW,mBAAmB;IA8JjC;;;;OAIG;YACW,gBAAgB;IAgF9B;;;OAGG;YACW,iBAAiB;IA8C/B;;;;OAIG;YACW,yBAAyB;IA4FvC,+DAA+D;YACjD,YAAY;CA+B3B"}
|