hackmyagent 0.12.0 → 0.12.2

package/dist/arp/intelligence/ast-monitor.js

@@ -0,0 +1,197 @@
+"use strict";
+/**
+ * AST-Aware Runtime Monitor
+ *
+ * Connects ARP runtime monitoring to the NanoMind Semantic Compiler.
+ * Compares observed runtime events against the AST's declared behavioral
+ * envelope. Flags events that fall outside what the AST predicted.
+ *
+ * This is real-time behavioral verification:
+ *   AST declares: "this skill reads customer data"
+ *   ARP observes: "this skill wrote to /etc/passwd"
+ *   Monitor flags: capability exercise outside declared scope
+ *
+ * Architecture:
+ *   AST (compiled at scan time) → ASTMonitor (loaded at runtime)
+ *   ARP events → compared against AST declarations → drift detected
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ASTMonitor = void 0;
+/**
+ * AST-Aware Runtime Monitor.
+ *
+ * Loads a SecurityAST at startup and compares every ARP event against it.
+ * When an event falls outside the AST's declared behavioral envelope,
+ * it generates an ASTDriftEvent.
+ */
+class ASTMonitor {
+    constructor() {
+        this.ast = null;
+        this.declaredCapNames = new Set();
+        this.hasOverrideResistance = false;
+        this.maxDeclaredRisk = 'low';
+    }
+    /**
+     * Load an AST for monitoring. Call this when the agent starts
+     * or when the AST is recompiled after a skill update.
+     */
+    loadAST(ast) {
+        this.ast = ast;
+        this.declaredCapNames = new Set(ast.declaredCapabilities.map(c => c.name));
+        // Pre-compute risk profile
+        this.hasOverrideResistance = ast.declaredConstraints.some(c => c.domain === 'behavioral_constraint' && c.enforceability > 0.5);
+        const riskOrder = ['low', 'medium', 'high', 'critical'];
+        for (const cap of ast.declaredCapabilities) {
+            if (riskOrder.indexOf(cap.riskLevel) > riskOrder.indexOf(this.maxDeclaredRisk)) {
+                this.maxDeclaredRisk = cap.riskLevel;
+            }
+        }
+    }
+    /**
+     * Check a runtime event against the loaded AST.
+     * Returns null if the event is within the declared envelope,
+     * or an ASTDriftEvent if it falls outside.
+     */
+    checkEvent(event) {
+        if (!this.ast)
+            return null;
+        // Check 1: Capability scope violation
+        const capDrift = this.checkCapabilityScope(event);
+        if (capDrift)
+            return capDrift;
+        // Check 2: Data access outside declared patterns
+        const dataDrift = this.checkDataAccess(event);
+        if (dataDrift)
+            return dataDrift;
+        // Check 3: External communication not declared
+        const netDrift = this.checkNetworkAccess(event);
+        if (netDrift)
+            return netDrift;
+        // Check 4: Override attempt detection
+        const overrideDrift = this.checkOverrideAttempt(event);
+        if (overrideDrift)
+            return overrideDrift;
+        return null;
+    }
+    // ============================================================================
+    // Event Checks
+    // ============================================================================
+    checkCapabilityScope(event) {
+        if (!this.ast)
+            return null;
+        // Map ARP event source to capability name
+        const capName = mapEventToCapability(event);
+        if (!capName)
+            return null;
+        // Check if this capability was declared
+        if (!this.declaredCapNames.has(capName)) {
+            // Check for wildcard matches (db.* covers db.read, db.write)
+            const hasWildcard = [...this.declaredCapNames].some(d => {
+                const prefix = d.replace('.*', '');
+                return capName.startsWith(prefix);
+            });
+            if (!hasWildcard) {
+                return {
+                    event,
+                    violation: 'Undeclared capability exercised at runtime',
+                    declared: `Declared: ${[...this.declaredCapNames].join(', ')}`,
+                    observed: `Observed: ${capName}`,
+                    severity: event.severity === 'critical' ? 'critical' : 'high',
+                    action: 'throttle',
+                };
+            }
+        }
+        return null;
+    }
+    checkDataAccess(event) {
+        if (!this.ast)
+            return null;
+        // Check if event involves data access outside declared patterns
+        const data = event.data;
+        if (!data)
+            return null;
+        const accessedPath = (data.path || data.url || data.query || '');
+        if (!accessedPath)
+            return null;
+        // Check against declared data access patterns
+        const declaredDataTypes = this.ast.declaredDataAccess.map(d => d.dataType);
+        // Sensitive data access not in declarations
+        const sensitivePatterns = ['password', 'credential', 'secret', 'token', 'ssn', 'medical'];
+        const accessesSensitive = sensitivePatterns.some(p => accessedPath.toLowerCase().includes(p));
+        const declaresSensitive = declaredDataTypes.some(d => ['credentials', 'pii', 'financial'].includes(d));
+        if (accessesSensitive && !declaresSensitive) {
+            return {
+                event,
+                violation: 'Sensitive data access not declared',
+                declared: `Declared data types: ${declaredDataTypes.join(', ')}`,
+                observed: `Accessed: ${accessedPath}`,
+                severity: 'critical',
+                action: 'suspend',
+            };
+        }
+        return null;
+    }
+    checkNetworkAccess(event) {
+        if (!this.ast)
+            return null;
+        const data = event.data;
+        if (!data)
+            return null;
+        const url = (data.url || data.endpoint || data.host || '');
+        if (!url)
+            return null;
+        // Check if network access was declared
+        const hasNetworkCap = this.declaredCapNames.has('api.call') ||
+            this.declaredCapNames.has('http.request') ||
+            [...this.declaredCapNames].some(c => c.includes('external'));
+        const isExternal = !url.includes('localhost') && !url.includes('127.0.0.1') && !url.includes('internal');
+        if (isExternal && !hasNetworkCap) {
+            return {
+                event,
+                violation: 'External network access not declared',
+                declared: 'No external network capability declared',
+                observed: `External request to: ${url}`,
+                severity: 'high',
+                action: 'alert',
+            };
+        }
+        return null;
+    }
+    checkOverrideAttempt(event) {
+        if (!this.ast)
+            return null;
+        const description = (event.description || '').toLowerCase();
+        const isOverrideAttempt = /ignore.*previous|override.*instruction|new.*task|bypass.*security/i.test(description);
+        if (isOverrideAttempt && !this.hasOverrideResistance) {
+            return {
+                event,
+                violation: 'Override attempt detected and no override resistance declared',
+                declared: 'No override resistance in constraints',
+                observed: `Override language detected: "${event.description?.slice(0, 80)}"`,
+                severity: 'critical',
+                action: 'kill',
+            };
+        }
+        return null;
+    }
+}
+exports.ASTMonitor = ASTMonitor;
+// ============================================================================
+// Event → Capability Mapping
+// ============================================================================
+function mapEventToCapability(event) {
+    const source = event.source?.toLowerCase() ?? '';
+    const desc = (event.description || '').toLowerCase();
+    if (source.includes('network') || desc.includes('http') || desc.includes('fetch'))
+        return 'api.call';
+    if (source.includes('filesystem') || desc.includes('file'))
+        return desc.includes('write') ? 'file.write' : 'file.read';
+    if (source.includes('process') || desc.includes('exec') || desc.includes('spawn'))
+        return 'process.execute';
+    if (source.includes('memory') || desc.includes('memory'))
+        return desc.includes('write') ? 'memory.write' : 'memory.read';
+    if (desc.includes('database') || desc.includes('query'))
+        return desc.includes('write') ? 'db.write' : 'db.read';
+    return null;
+}
+//# sourceMappingURL=ast-monitor.js.map

package/dist/arp/intelligence/ast-monitor.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ast-monitor.js","sourceRoot":"","sources":["../../../src/arp/intelligence/ast-monitor.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;GAeG;;;AAyBH;;;;;;GAMG;AACH,MAAa,UAAU;IAAvB;QACU,QAAG,GAAuB,IAAI,CAAC;QAC/B,qBAAgB,GAAgB,IAAI,GAAG,EAAE,CAAC;QAC1C,0BAAqB,GAAG,KAAK,CAAC;QAC9B,oBAAe,GAAW,KAAK,CAAC;IAqK1C,CAAC;IAnKC;;;OAGG;IACH,OAAO,CAAC,GAAgB;QACtB,IAAI,CAAC,GAAG,GAAG,GAAG,CAAC;QACf,IAAI,CAAC,gBAAgB,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,oBAAoB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;QAE3E,2BAA2B;QAC3B,IAAI,CAAC,qBAAqB,GAAG,GAAG,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAC5D,CAAC,CAAC,MAAM,KAAK,uBAAuB,IAAI,CAAC,CAAC,cAAc,GAAG,GAAG,CAC/D,CAAC;QAEF,MAAM,SAAS,GAAG,CAAC,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,UAAU,CAAC,CAAC;QACxD,KAAK,MAAM,GAAG,IAAI,GAAG,CAAC,oBAAoB,EAAE,CAAC;YAC3C,IAAI,SAAS,CAAC,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC,IAAI,CAAC,eAAe,CAAC,EAAE,CAAC;gBAC/E,IAAI,CAAC,eAAe,GAAG,GAAG,CAAC,SAAS,CAAC;YACvC,CAAC;QACH,CAAC;IACH,CAAC;IAED;;;;OAIG;IACH,UAAU,CAAC,KAAe;QACxB,IAAI,CAAC,IAAI,CAAC,GAAG;YAAE,OAAO,IAAI,CAAC;QAE3B,sCAAsC;QACtC,MAAM,QAAQ,GAAG,IAAI,CAAC,oBAAoB,CAAC,KAAK,CAAC,CAAC;QAClD,IAAI,QAAQ;YAAE,OAAO,QAAQ,CAAC;QAE9B,iDAAiD;QACjD,MAAM,SAAS,GAAG,IAAI,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;QAC9C,IAAI,SAAS;YAAE,OAAO,SAAS,CAAC;QAEhC,+CAA+C;QAC/C,MAAM,QAAQ,GAAG,IAAI,CAAC,kBAAkB,CAAC,KAAK,CAAC,CAAC;QAChD,IAAI,QAAQ;YAAE,OAAO,QAAQ,CAAC;QAE9B,sCAAsC;QACtC,MAAM,aAAa,GAAG,IAAI,CAAC,oBAAoB,CAAC,KAAK,CAAC,CAAC;QACvD,IAAI,aAAa;YAAE,OAAO,aAAa,CAAC;QAExC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,+EAA+E;IAC/E,eAAe;IACf,+EAA+E;IAEvE,oBAAoB,CAAC,KAAe;QAC1C,IAAI,CAAC,IAAI,CAAC,GAAG;YAAE,OAAO,IAAI,CAAC;QAE3B,0CAA0C;QAC1C,MAAM,OAAO,GAAG,oBAAoB,CAAC,KAAK,CAAC,CAAC;QAC5C,IAAI,CAAC,OAAO;YAAE,OAAO,IAAI,CAAC;QAE1B,wCAAwC;QACxC,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;YACxC,6DAA6D;YAC7D,MAAM,WAAW,GAAG,CAAC,GAAG,IAAI,CAAC,gBAAgB,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE;gBACtD,MAAM,MAAM,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;gBACnC,OAAO,OAAO,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;YACpC,CAAC,CAAC,CAAC;YAEH,IAAI,CAAC,WAAW,EAAE,CAAC;gBACjB,OAAO;oBACL,KAAK;oBACL,SAAS,EAAE,4CAA4C;oBACvD,QAAQ,EAAE,aAAa,CAAC,GAAG,IAAI,CAAC,gBAAgB,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;oBAC9D,QAAQ,EAAE,aAAa,OAAO,EAAE;oBAChC,QAAQ,EAAE,KAAK,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,MAAM;oBAC7D,MAAM,EAAE,UAAU;iBACnB,CAAC;YACJ,CAAC;QACH,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAEO,eAAe,CAAC,KAAe;QACrC,IAAI,CAAC,IAAI,CAAC,GAAG;YAAE,OAAO,IAAI,CAAC;QAE3B,gEAAgE;QAChE,MAAM,IAAI,GAAG,KAAK,CAAC,IAA2C,CAAC;QAC/D,IAAI,CAAC,IAAI;YAAE,OAAO,IAAI,CAAC;QAEvB,MAAM,YAAY,GAAG,CAAC,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,GAAG,IAAI,IAAI,CAAC,KAAK,IAAI,EAAE,CAAW,CAAC;QAC3E,IAAI,CAAC,YAAY;YAAE,OAAO,IAAI,CAAC;QAE/B,8CAA8C;QAC9C,MAAM,iBAAiB,GAAG,IAAI,CAAC,GAAG,CAAC,kBAAkB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;QAE3E,4CAA4C;QAC5C,MAAM,iBAAiB,GAAG,CAAC,UAAU,EAAE,YAAY,EAAE,QAAQ,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,CAAC,CAAC;QAC1F,MAAM,iBAAiB,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,YAAY,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;QAC9F,MAAM,iBAAiB,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,aAAa,EAAE,KAAK,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;QAEvG,IAAI,iBAAiB,IAAI,CAAC,iBAAiB,EAAE,CAAC;YAC5C,OAAO;gBACL,KAAK;gBACL,SAAS,EAAE,oCAAoC;gBAC/C,QAAQ,EAAE,wBAAwB,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;gBAChE,QAAQ,EAAE,aAAa,YAAY,EAAE;gBACrC,QAAQ,EAAE,UAAU;gBACpB,MAAM,EAAE,SAAS;aAClB,CAAC;QACJ,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAEO,kBAAkB,CAAC,KAAe;QACxC,IAAI,CAAC,IAAI,CAAC,GAAG;YAAE,OAAO,IAAI,CAAC;QAE3B,MAAM,IAAI,GAAG,KAAK,CAAC,IAA2C,CAAC;QAC/D,IAAI,CAAC,IAAI;YAAE,OAAO,IAAI,CAAC;QAEvB,MAAM,GAAG,GAAG,CAAC,IAAI,CAAC,GAAG,IAAI,IAAI,CAAC,QAAQ,IAAI,IAAI,CAAC,IAAI,IAAI,EAAE,CAAW,CAAC;QACrE,IAAI,CAAC,GAAG;YAAE,OAAO,IAAI,CAAC;QAEtB,uCAAuC;QACvC,MAAM,aAAa,GAAG,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,UAAU,CAAC;YACzD,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,cAAc,CAAC;YACzC,CAAC,GAAG,IAAI,CAAC,gBAAgB,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC,CAAC;QAE/D,MAAM,UAAU,GAAG,CAAC,GAAG,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;QAEzG,IAAI,UAAU,IAAI,CAAC,aAAa,EAAE,CAAC;YACjC,OAAO;gBACL,KAAK;gBACL,SAAS,EAAE,sCAAsC;gBACjD,QAAQ,EAAE,yCAAyC;gBACnD,QAAQ,EAAE,wBAAwB,GAAG,EAAE;gBACvC,QAAQ,EAAE,MAAM;gBAChB,MAAM,EAAE,OAAO;aAChB,CAAC;QACJ,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAEO,oBAAoB,CAAC,KAAe;QAC1C,IAAI,CAAC,IAAI,CAAC,GAAG;YAAE,OAAO,IAAI,CAAC;QAE3B,MAAM,WAAW,GAAG,CAAC,KAAK,CAAC,WAAW,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;QAC5D,MAAM,iBAAiB,GAAG,oEAAoE,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QAEjH,IAAI,iBAAiB,IAAI,CAAC,IAAI,CAAC,qBAAqB,EAAE,CAAC;YACrD,OAAO;gBACL,KAAK;gBACL,SAAS,EAAE,+DAA+D;gBAC1E,QAAQ,EAAE,uCAAuC;gBACjD,QAAQ,EAAE,gCAAgC,KAAK,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG;gBAC5E,QAAQ,EAAE,UAAU;gBACpB,MAAM,EAAE,MAAM;aACf,CAAC;QACJ,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;CACF;AAzKD,gCAyKC;AAED,+EAA+E;AAC/E,6BAA6B;AAC7B,+EAA+E;AAE/E,SAAS,oBAAoB,CAAC,KAAe;IAC3C,MAAM,MAAM,GAAG,KAAK,CAAC,MAAM,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC;IACjD,MAAM,IAAI,GAAG,CAAC,KAAK,CAAC,WAAW,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;IAErD,IAAI,MAAM,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC;QAAE,OAAO,UAAU,CAAC;IACrG,IAAI,MAAM,CAAC,QAAQ,CAAC,YAAY,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC;QAAE,OAAO,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,WAAW,CAAC;IACvH,IAAI,MAAM,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC;QAAE,OAAO,iBAAiB,CAAC;IAC5G,IAAI,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC;QAAE,OAAO,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,aAAa,CAAC;IACzH,IAAI,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC;QAAE,OAAO,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS,CAAC;IAEhH,OAAO,IAAI,CAAC;AACd,CAAC"}

package/dist/attack/types.d.ts

@@ -30,6 +30,8 @@ export interface AttackPayload {
     cwe?: string;
     /** Remediation guidance */
     remediation: string;
+    /** Wild prevalence score from AgentPwn data (0-100, populated via --enrich) */
+    wildPrevalence?: number;
 }
 export interface AttackResult {
     /** Payload that was tested */

package/dist/attack/types.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/attack/types.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,MAAM,MAAM,cAAc,GACtB,kBAAkB,GAClB,WAAW,GACX,mBAAmB,GACnB,kBAAkB,GAClB,sBAAsB,GACtB,kBAAkB,GAClB,YAAY,GACZ,sBAAsB,GACtB,gBAAgB,GAChB,cAAc,GACd,aAAa,CAAC;AAElB,MAAM,MAAM,eAAe,GACvB,SAAS,GACT,QAAQ,GACR,YAAY,CAAC;AAEjB,MAAM,MAAM,cAAc,GAAG,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,GAAG,MAAM,CAAC;AAE7E,MAAM,WAAW,aAAa;IAC5B,uCAAuC;IACvC,EAAE,EAAE,MAAM,CAAC;IACX,sBAAsB;IACtB,QAAQ,EAAE,cAAc,CAAC;IACzB,0BAA0B;IAC1B,IAAI,EAAE,MAAM,CAAC;IACb,8BAA8B;IAC9B,WAAW,EAAE,MAAM,CAAC;IACpB,sDAAsD;IACtD,SAAS,EAAE,eAAe,CAAC;IAC3B,uCAAuC;IACvC,OAAO,EAAE,MAAM,CAAC;IAChB,kDAAkD;IAClD,iBAAiB,EAAE,MAAM,EAAE,CAAC;IAC5B,mDAAmD;IACnD,iBAAiB,EAAE,MAAM,EAAE,CAAC;IAC5B,kCAAkC;IAClC,QAAQ,EAAE,cAAc,CAAC;IACzB,gCAAgC;IAChC,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,kCAAkC;IAClC,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,2BAA2B;IAC3B,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,YAAY;IAC3B,8BAA8B;IAC9B,OAAO,EAAE,aAAa,CAAC;IACvB,6BAA6B;IAC7B,MAAM,EAAE,MAAM,CAAC;IACf,mCAAmC;IACnC,OAAO,EAAE,OAAO,CAAC;IACjB,gDAAgD;IAChD,OAAO,EAAE,OAAO,CAAC;IACjB,qCAAqC;IACrC,UAAU,EAAE,MAAM,CAAC;IACnB,kCAAkC;IAClC,QAAQ,EAAE,MAAM,CAAC;IACjB,2CAA2C;IAC3C,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,uBAAuB;IACvB,QAAQ,EAAE,MAAM,CAAC;IACjB,gBAAgB;IAChB,SAAS,EAAE,IAAI,CAAC;CACjB;AAED,MAAM,WAAW,YAAY;IAC3B,6BAA6B;IAC7B,MAAM,EAAE,MAAM,CAAC;IACf,kBAAkB;IAClB,UAAU,EAAE,KAAK,GAAG,KAAK,GAAG,KAAK,GAAG,OAAO,CAAC;IAC5C,4BAA4B;IAC5B,SAAS,EAAE,eAAe,CAAC;IAC3B,wBAAwB;IACxB,UAAU,EAAE,cAAc,EAAE,CAAC;IAC7B,iBAAiB;IACjB,SAAS,EAAE,IAAI,CAAC;IAChB,eAAe;IACf,OAAO,EAAE,IAAI,CAAC;IACd,2BAA2B;IAC3B,QAAQ,EAAE,MAAM,CAAC;IACjB,yBAAyB;IACzB,OAAO,EAAE;QACP,KAAK,EAAE,MAAM,CAAC;QACd,UAAU,EAAE,MAAM,CAAC;QACnB,OAAO,EAAE,MAAM,CAAC;QAChB,YAAY,EAAE,MAAM,CAAC;QACrB,UAAU,EAAE,MAAM,CAAC,cAAc,EAAE,MAAM,CAAC,CAAC;QAC3C,UAAU,EAAE,MAAM,CAAC,cAAc,EAAE;YAAE,KAAK,EAAE,MAAM,CAAC;YAAC,UAAU,EAAE,MAAM,CAAA;SAAE,CAAC,CAAC;KAC3E,CAAC;IACF,yBAAyB;IACzB,OAAO,EAAE,YAAY,EAAE,CAAC;IACxB,iCAAiC;IACjC,SAAS,EAAE,MAAM,CAAC;IAClB,0BAA0B;IAC1B,UAAU,EAAE,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,GAAG,QAAQ,CAAC;CAC/D;AAED,MAAM,WAAW,YAAY;IAC3B,+BAA+B;IAC/B,GAAG,EAAE,MAAM,CAAC;IACZ,kBAAkB;IAClB,IAAI,EAAE,KAAK,GAAG,KAAK,GAAG,KAAK,GAAG,OAAO,CAAC;IACtC,uDAAuD;IACvD,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,6BAA6B;IAC7B,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACjC,iBAAiB;IACjB,SAAS,CAAC,EAAE,QAAQ,GAAG,WAAW,GAAG,aAAa,GAAG,KAAK,GAAG,QAAQ,CAAC;IACtE,sCAAsC;IACtC,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,wCAAwC;IACxC,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,8CAA8C;IAC9C,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,4CAA4C;IAC5C,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,+CAA+C;IAC/C,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED,MAAM,WAAW,aAAa;IAC5B,uBAAuB;IACvB,MAAM,EAAE,YAAY,CAAC;IACrB,uBAAuB;IACvB,SAAS,EAAE,eAAe,CAAC;IAC3B,wCAAwC;IACxC,UAAU,CAAC,EAAE,cAAc,EAAE,CAAC;IAC9B,kCAAkC;IAClC,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;IACtB,gCAAgC;IAChC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,mDAAmD;IACnD,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,kCAAkC;IAClC,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,sCAAsC;IACtC,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,qBAAqB;IACrB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,4CAA4C;IAC5C,cAAc,CAAC,EAAE,aAAa,EAAE,CAAC;CAClC;AAED,MAAM,WAAW,kBAAkB;IACjC,EAAE,EAAE,MAAM,CAAC;IACX,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,EAAE,cAAc,CAAC;IAC1B,SAAS,CAAC,EAAE,eAAe,CAAC;IAC5B,QAAQ,CAAC,EAAE,cAAc,CAAC;IAC1B,iBAAiB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC7B,iBAAiB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC7B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,iBAAiB;IAChC,QAAQ,EAAE,kBAAkB,EAAE,CAAC;CAChC;AAED,wBAAwB;AACxB,eAAO,MAAM,iBAAiB,EAAE,MAAM,CAAC,cAAc,EAAE;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,WAAW,EAAE,MAAM,CAAC;IAAC,YAAY,EAAE,MAAM,EAAE,CAAA;CAAE,CAwDnH,CAAC"}
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/attack/types.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,MAAM,MAAM,cAAc,GACtB,kBAAkB,GAClB,WAAW,GACX,mBAAmB,GACnB,kBAAkB,GAClB,sBAAsB,GACtB,kBAAkB,GAClB,YAAY,GACZ,sBAAsB,GACtB,gBAAgB,GAChB,cAAc,GACd,aAAa,CAAC;AAElB,MAAM,MAAM,eAAe,GACvB,SAAS,GACT,QAAQ,GACR,YAAY,CAAC;AAEjB,MAAM,MAAM,cAAc,GAAG,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,GAAG,MAAM,CAAC;AAE7E,MAAM,WAAW,aAAa;IAC5B,uCAAuC;IACvC,EAAE,EAAE,MAAM,CAAC;IACX,sBAAsB;IACtB,QAAQ,EAAE,cAAc,CAAC;IACzB,0BAA0B;IAC1B,IAAI,EAAE,MAAM,CAAC;IACb,8BAA8B;IAC9B,WAAW,EAAE,MAAM,CAAC;IACpB,sDAAsD;IACtD,SAAS,EAAE,eAAe,CAAC;IAC3B,uCAAuC;IACvC,OAAO,EAAE,MAAM,CAAC;IAChB,kDAAkD;IAClD,iBAAiB,EAAE,MAAM,EAAE,CAAC;IAC5B,mDAAmD;IACnD,iBAAiB,EAAE,MAAM,EAAE,CAAC;IAC5B,kCAAkC;IAClC,QAAQ,EAAE,cAAc,CAAC;IACzB,gCAAgC;IAChC,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,kCAAkC;IAClC,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,2BAA2B;IAC3B,WAAW,EAAE,MAAM,CAAC;IACpB,+EAA+E;IAC/E,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB;AAED,MAAM,WAAW,YAAY;IAC3B,8BAA8B;IAC9B,OAAO,EAAE,aAAa,CAAC;IACvB,6BAA6B;IAC7B,MAAM,EAAE,MAAM,CAAC;IACf,mCAAmC;IACnC,OAAO,EAAE,OAAO,CAAC;IACjB,gDAAgD;IAChD,OAAO,EAAE,OAAO,CAAC;IACjB,qCAAqC;IACrC,UAAU,EAAE,MAAM,CAAC;IACnB,kCAAkC;IAClC,QAAQ,EAAE,MAAM,CAAC;IACjB,2CAA2C;IAC3C,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,uBAAuB;IACvB,QAAQ,EAAE,MAAM,CAAC;IACjB,gBAAgB;IAChB,SAAS,EAAE,IAAI,CAAC;CACjB;AAED,MAAM,WAAW,YAAY;IAC3B,6BAA6B;IAC7B,MAAM,EAAE,MAAM,CAAC;IACf,kBAAkB;IAClB,UAAU,EAAE,KAAK,GAAG,KAAK,GAAG,KAAK,GAAG,OAAO,CAAC;IAC5C,4BAA4B;IAC5B,SAAS,EAAE,eAAe,CAAC;IAC3B,wBAAwB;IACxB,UAAU,EAAE,cAAc,EAAE,CAAC;IAC7B,iBAAiB;IACjB,SAAS,EAAE,IAAI,CAAC;IAChB,eAAe;IACf,OAAO,EAAE,IAAI,CAAC;IACd,2BAA2B;IAC3B,QAAQ,EAAE,MAAM,CAAC;IACjB,yBAAyB;IACzB,OAAO,EAAE;QACP,KAAK,EAAE,MAAM,CAAC;QACd,UAAU,EAAE,MAAM,CAAC;QACnB,OAAO,EAAE,MAAM,CAAC;QAChB,YAAY,EAAE,MAAM,CAAC;QACrB,UAAU,EAAE,MAAM,CAAC,cAAc,EAAE,MAAM,CAAC,CAAC;QAC3C,UAAU,EAAE,MAAM,CAAC,cAAc,EAAE;YAAE,KAAK,EAAE,MAAM,CAAC;YAAC,UAAU,EAAE,MAAM,CAAA;SAAE,CAAC,CAAC;KAC3E,CAAC;IACF,yBAAyB;IACzB,OAAO,EAAE,YAAY,EAAE,CAAC;IACxB,iCAAiC;IACjC,SAAS,EAAE,MAAM,CAAC;IAClB,0BAA0B;IAC1B,UAAU,EAAE,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,GAAG,QAAQ,CAAC;CAC/D;AAED,MAAM,WAAW,YAAY;IAC3B,+BAA+B;IAC/B,GAAG,EAAE,MAAM,CAAC;IACZ,kBAAkB;IAClB,IAAI,EAAE,KAAK,GAAG,KAAK,GAAG,KAAK,GAAG,OAAO,CAAC;IACtC,uDAAuD;IACvD,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,6BAA6B;IAC7B,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACjC,iBAAiB;IACjB,SAAS,CAAC,EAAE,QAAQ,GAAG,WAAW,GAAG,aAAa,GAAG,KAAK,GAAG,QAAQ,CAAC;IACtE,sCAAsC;IACtC,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,wCAAwC;IACxC,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,8CAA8C;IAC9C,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,4CAA4C;IAC5C,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,+CAA+C;IAC/C,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED,MAAM,WAAW,aAAa;IAC5B,uBAAuB;IACvB,MAAM,EAAE,YAAY,CAAC;IACrB,uBAAuB;IACvB,SAAS,EAAE,eAAe,CAAC;IAC3B,wCAAwC;IACxC,UAAU,CAAC,EAAE,cAAc,EAAE,CAAC;IAC9B,kCAAkC;IAClC,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;IACtB,gCAAgC;IAChC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,mDAAmD;IACnD,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,kCAAkC;IAClC,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,sCAAsC;IACtC,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,qBAAqB;IACrB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,4CAA4C;IAC5C,cAAc,CAAC,EAAE,aAAa,EAAE,CAAC;CAClC;AAED,MAAM,WAAW,kBAAkB;IACjC,EAAE,EAAE,MAAM,CAAC;IACX,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,EAAE,cAAc,CAAC;IAC1B,SAAS,CAAC,EAAE,eAAe,CAAC;IAC5B,QAAQ,CAAC,EAAE,cAAc,CAAC;IAC1B,iBAAiB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC7B,iBAAiB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC7B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,iBAAiB;IAChC,QAAQ,EAAE,kBAAkB,EAAE,CAAC;CAChC;AAED,wBAAwB;AACxB,eAAO,MAAM,iBAAiB,EAAE,MAAM,CAAC,cAAc,EAAE;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,WAAW,EAAE,MAAM,CAAC;IAAC,YAAY,EAAE,MAAM,EAAE,CAAA;CAAE,CAwDnH,CAAC"}

package/dist/attack/types.js.map

@@ -1 +1 @@
-{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/attack/types.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;AAuKH,wBAAwB;AACX,QAAA,iBAAiB,GAA0F;IACtH,kBAAkB,EAAE;QAClB,IAAI,EAAE,kBAAkB;QACxB,WAAW,EAAE,2DAA2D;QACxE,YAAY,EAAE,CAAC,KAAK,EAAE,KAAK,EAAE,KAAK,CAAC;KACpC;IACD,WAAW,EAAE;QACX,IAAI,EAAE,cAAc;QACpB,WAAW,EAAE,uDAAuD;QACpE,YAAY,EAAE,CAAC,KAAK,EAAE,KAAK,CAAC;KAC7B;IACD,mBAAmB,EAAE;QACnB,IAAI,EAAE,mBAAmB;QACzB,WAAW,EAAE,0DAA0D;QACvE,YAAY,EAAE,CAAC,KAAK,EAAE,KAAK,EAAE,KAAK,CAAC;KACpC;IACD,kBAAkB,EAAE;QAClB,IAAI,EAAE,kBAAkB;QACxB,WAAW,EAAE,iDAAiD;QAC9D,YAAY,EAAE,CAAC,KAAK,EAAE,KAAK,EAAE,KAAK,CAAC;KACpC;IACD,sBAAsB,EAAE;QACtB,IAAI,EAAE,sBAAsB;QAC5B,WAAW,EAAE,4CAA4C;QACzD,YAAY,EAAE,CAAC,KAAK,EAAE,KAAK,CAAC;KAC7B;IACD,kBAAkB,EAAE;QAClB,IAAI,EAAE,kBAAkB;QACxB,WAAW,EAAE,wFAAwF;QACrG,YAAY,EAAE,CAAC,KAAK,EAAE,KAAK,CAAC;KAC7B;IACD,YAAY,EAAE;QACZ,IAAI,EAAE,YAAY;QAClB,WAAW,EAAE,oFAAoF;QACjG,YAAY,EAAE,CAAC,KAAK,EAAE,KAAK,CAAC;KAC7B;IACD,sBAAsB,EAAE;QACtB,IAAI,EAAE,sBAAsB;QAC5B,WAAW,EAAE,2EAA2E;QACxF,YAAY,EAAE,CAAC,KAAK,EAAE,KAAK,CAAC;KAC7B;IACD,gBAAgB,EAAE;QAChB,IAAI,EAAE,gBAAgB;QACtB,WAAW,EAAE,iFAAiF;QAC9F,YAAY,EAAE,CAAC,KAAK,EAAE,KAAK,CAAC;KAC7B;IACD,cAAc,EAAE;QACd,IAAI,EAAE,cAAc;QACpB,WAAW,EAAE,wEAAwE;QACrF,YAAY,EAAE,CAAC,KAAK,EAAE,KAAK,EAAE,KAAK,CAAC;KACpC;IACD,aAAa,EAAE;QACb,IAAI,EAAE,aAAa;QACnB,WAAW,EAAE,6FAA6F;QAC1G,YAAY,EAAE,CAAC,KAAK,EAAE,KAAK,CAAC;KAC7B;CACF,CAAC"}
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/attack/types.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;AAyKH,wBAAwB;AACX,QAAA,iBAAiB,GAA0F;IACtH,kBAAkB,EAAE;QAClB,IAAI,EAAE,kBAAkB;QACxB,WAAW,EAAE,2DAA2D;QACxE,YAAY,EAAE,CAAC,KAAK,EAAE,KAAK,EAAE,KAAK,CAAC;KACpC;IACD,WAAW,EAAE;QACX,IAAI,EAAE,cAAc;QACpB,WAAW,EAAE,uDAAuD;QACpE,YAAY,EAAE,CAAC,KAAK,EAAE,KAAK,CAAC;KAC7B;IACD,mBAAmB,EAAE;QACnB,IAAI,EAAE,mBAAmB;QACzB,WAAW,EAAE,0DAA0D;QACvE,YAAY,EAAE,CAAC,KAAK,EAAE,KAAK,EAAE,KAAK,CAAC;KACpC;IACD,kBAAkB,EAAE;QAClB,IAAI,EAAE,kBAAkB;QACxB,WAAW,EAAE,iDAAiD;QAC9D,YAAY,EAAE,CAAC,KAAK,EAAE,KAAK,EAAE,KAAK,CAAC;KACpC;IACD,sBAAsB,EAAE;QACtB,IAAI,EAAE,sBAAsB;QAC5B,WAAW,EAAE,4CAA4C;QACzD,YAAY,EAAE,CAAC,KAAK,EAAE,KAAK,CAAC;KAC7B;IACD,kBAAkB,EAAE;QAClB,IAAI,EAAE,kBAAkB;QACxB,WAAW,EAAE,wFAAwF;QACrG,YAAY,EAAE,CAAC,KAAK,EAAE,KAAK,CAAC;KAC7B;IACD,YAAY,EAAE;QACZ,IAAI,EAAE,YAAY;QAClB,WAAW,EAAE,oFAAoF;QACjG,YAAY,EAAE,CAAC,KAAK,EAAE,KAAK,CAAC;KAC7B;IACD,sBAAsB,EAAE;QACtB,IAAI,EAAE,sBAAsB;QAC5B,WAAW,EAAE,2EAA2E;QACxF,YAAY,EAAE,CAAC,KAAK,EAAE,KAAK,CAAC;KAC7B;IACD,gBAAgB,EAAE;QAChB,IAAI,EAAE,gBAAgB;QACtB,WAAW,EAAE,iFAAiF;QAC9F,YAAY,EAAE,CAAC,KAAK,EAAE,KAAK,CAAC;KAC7B;IACD,cAAc,EAAE;QACd,IAAI,EAAE,cAAc;QACpB,WAAW,EAAE,wEAAwE;QACrF,YAAY,EAAE,CAAC,KAAK,EAAE,KAAK,EAAE,KAAK,CAAC;KACpC;IACD,aAAa,EAAE;QACb,IAAI,EAAE,aAAa;QACnB,WAAW,EAAE,6FAA6F;QAC1G,YAAY,EAAE,CAAC,KAAK,EAAE,KAAK,CAAC;KAC7B;CACF,CAAC"}

package/dist/cli.js

@@ -41,6 +41,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 const commander_1 = require("commander");
 const index_1 = require("./index");
 const resolve_mcp_1 = require("./resolve-mcp");
+const wild_1 = require("./wild");
 const nemoclaw_scanner_1 = require("./hardening/nemoclaw-scanner");
 const program = new commander_1.Command();
 program.showHelpAfterError('(run with --help for usage)');
@@ -2887,16 +2888,18 @@ Examples:
     .option('-v, --verbose', 'Show detailed finding information')
     .action(async (target, options) => {
     try {
-        if (!options.json) {
-            console.log(`\nScanning ${target}...\n`);
-        }
-        const scanner = new index_1.ExternalScanner();
+        const timeoutMs = parseInt(options.timeout ?? '5000', 10);
         const customPorts = options.ports
             ? options.ports.split(',').map((p) => parseInt(p.trim(), 10))
             : undefined;
+        const portCount = customPorts?.length ?? 11;
+        if (!options.json) {
+            console.log(`\nScanning ${target} (${portCount} ports, ${timeoutMs}ms timeout)...\n`);
+        }
+        const scanner = new index_1.ExternalScanner();
         const result = await scanner.scan(target, {
             ports: customPorts,
-            timeout: parseInt(options.timeout ?? '5000', 10),
+            timeout: timeoutMs,
         });
         if (options.json) {
             writeJsonStdout(result);
@@ -5251,6 +5254,136 @@ program
         console.log(`\n${trainingCount} training samples exported to NanoMind corpus.`);
     }
 });
+// wild: test AI agent resilience against real-world web-based attacks
+program
+    .command('wild')
+    .description(`Test AI agent resilience in the wild
+
+Fetches pages from AgentPwn (agentpwn.com) and analyzes hidden injection
+payloads that AI agents encounter when browsing the web. Reports which
+attack surfaces exist and computes a wild resilience score.
+
+Attack categories (11):
+  prompt-injection, jailbreak, data-exfiltration, capability-abuse,
+  context-manipulation, mcp-exploitation, a2a-attack,
+  memory-weaponization, context-window, supply-chain, tool-shadow
+
+Injection surfaces detected:
+  html-comment, invisible-span, json-ld, meta-tag, http-header,
+  aria-label, image-alt, unicode-stego
+
+Also tests: robots.txt, llms.txt, sitemap.xml for embedded payloads
+
+Examples:
+  $ hackmyagent wild
+  $ hackmyagent wild https://agentpwn.com
+  $ hackmyagent wild --category prompt-injection
+  $ hackmyagent wild --tier 5
+  $ hackmyagent wild --json
+  $ hackmyagent wild -v -o report.json`)
+    .argument('[url]', 'Target URL to scan', 'https://agentpwn.com')
+    .option('-c, --category <category>', 'Filter by attack category')
+    .option('-t, --tier <tier>', 'Filter by specific difficulty tier')
+    .option('--timeout <ms>', 'Request timeout in milliseconds', '15000')
+    .option('--delay <ms>', 'Delay between requests in milliseconds', '500')
+    .option('--json', 'Output as JSON')
+    .option('-o, --output <file>', 'Write output to file')
+    .option('--verbose', 'Show detailed output for each page')
+    .action(async (url, options) => {
+    try {
+        const scanner = new wild_1.WildScanner({
+            url: url || 'https://agentpwn.com',
+            category: options.category,
+            tier: options.tier ? parseInt(options.tier, 10) : undefined,
+            timeout: parseInt(options.timeout || '15000', 10),
+            delay: parseInt(options.delay || '500', 10),
+            verbose: options.verbose || false,
+            json: options.json || false,
+        });
+        if (!options.json) {
+            console.log(`\n${colors.cyan}HackMyAgent Wild Scanner${colors.reset}`);
+            console.log(`${'━'.repeat(50)}\n`);
+            console.log(`Target: ${url || 'https://agentpwn.com'}`);
+            if (options.category)
+                console.log(`Category: ${options.category}`);
+            if (options.tier)
+                console.log(`Tier: ${options.tier}`);
+            console.log('');
+        }
+        const report = await scanner.scan();
+        if (options.json) {
+            const output = JSON.stringify(report, null, 2);
+            if (options.output) {
+                const fs = await Promise.resolve().then(() => __importStar(require('fs')));
+                fs.writeFileSync(options.output, output);
+                process.stderr.write(`Report written to ${options.output}\n`);
+            }
+            else {
+                console.log(output);
+            }
+        }
+        else {
+            printWildReport(report);
+            if (options.output) {
+                const fs = await Promise.resolve().then(() => __importStar(require('fs')));
+                fs.writeFileSync(options.output, JSON.stringify(report, null, 2));
+                console.log(`\nJSON report written to ${options.output}`);
+            }
+        }
+        // Exit with non-zero if resilience is poor
+        if (report.resilienceRating === 'critical' || report.resilienceRating === 'poor') {
+            process.exit(1);
+        }
+    }
+    catch (error) {
+        console.error(`Error: ${error instanceof Error ? error.message : 'Unknown error'}`);
+        process.exit(1);
+    }
+});
+function printWildReport(report) {
+    // File fetches
+    console.log(`${colors.dim}File-Level Attack Surfaces${colors.reset}`);
+    for (const f of report.fileFetches) {
+        const status = f.hasPayload
+            ? `${colors.red}PAYLOAD FOUND${colors.reset}`
+            : `${colors.green}clean${colors.reset}`;
+        console.log(`  ${f.file}: ${f.statusCode} [${status}]`);
+        if (f.payloadExcerpt) {
+            console.log(`    ${colors.dim}${f.payloadExcerpt}${colors.reset}`);
+        }
+    }
+    // Page results by category
+    console.log(`\n${colors.dim}Attack Pages (${report.pagesScanned} scanned)${colors.reset}`);
+    const categories = Object.keys(report.summary.byCategory).sort();
+    for (const cat of categories) {
+        const stats = report.summary.byCategory[cat];
+        console.log(`  ${cat}: ${stats.pages} pages, ${stats.payloads} payloads`);
+    }
+    // Injection surfaces
+    console.log(`\n${colors.dim}Injection Surfaces Detected${colors.reset}`);
+    const surfaces = Object.entries(report.summary.bySurface).sort((a, b) => b[1] - a[1]);
+    for (const [surface, count] of surfaces) {
+        console.log(`  ${surface}: ${count}`);
+    }
+    // Score
+    const scoreColor = report.wildResilienceScore >= 60
+        ? colors.green
+        : report.wildResilienceScore >= 40
+            ? colors.yellow
+            : colors.red;
+    console.log(`\n${'━'.repeat(50)}`);
+    console.log(`\n${colors.dim}Wild Resilience Score:${colors.reset} ${scoreColor}${report.wildResilienceScore}/100 (${report.resilienceRating})${colors.reset}`);
+    console.log(`${colors.dim}Pages Scanned:${colors.reset} ${report.pagesScanned}`);
+    console.log(`${colors.dim}Total Payloads:${colors.reset} ${report.summary.totalPayloads}`);
+    console.log(`${colors.dim}Callback Pages:${colors.reset} ${report.summary.callbackPages}`);
+    console.log(`${colors.dim}Canary Pages:${colors.reset} ${report.summary.canaryPages}`);
+    console.log(`${colors.dim}Max Tier:${colors.reset} ${report.summary.maxTier}`);
+    console.log(`${colors.dim}Duration:${colors.reset} ${(report.duration / 1000).toFixed(1)}s`);
+    console.log(`\n${colors.dim}Note: This score reflects the attack surface coverage of the target`);
+    console.log(`site. To test your actual agent's resilience, use --model to pipe`);
+    console.log(`page content through an LLM. For static config scanning, use:${colors.reset}`);
+    console.log(`  ${colors.cyan}npx hackmyagent secure${colors.reset}`);
+}
 // create-skill: generate best-practice, secured skills from plain English
 program
     .command('create-skill')
@@ -5262,11 +5395,12 @@ program
     const { writeSkill } = await Promise.resolve().then(() => __importStar(require('./skills/builder.js')));
     console.log(`\nGenerating secured skill...\n`);
     const result = writeSkill({ purpose: description, name: options.name, outputDir: options.output });
-    console.log(`Created ${result.dirName}/`);
+    const outputDir = options.output ?? result.dirName;
+    console.log(`Created ${outputDir}/`);
     for (const file of result.filesWritten) {
         console.log(`  ${file.split('/').pop()}`);
     }
-    console.log(`\nYour skill is ready. Verify security with: hackmyagent secure ${result.dirName}/`);
+    console.log(`\nYour skill is ready. Verify security with: hackmyagent secure ${outputDir}/`);
 });
 // Self-securing: verify own integrity before running any command
 // A security tool that doesn't verify itself is worse than no security tool