hackmyagent 0.12.0 → 0.12.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +21 -2
- package/dist/.integrity-manifest.json +1 -1
- package/dist/arp/intelligence/ast-monitor.d.ts +62 -0
- package/dist/arp/intelligence/ast-monitor.d.ts.map +1 -0
- package/dist/arp/intelligence/ast-monitor.js +197 -0
- package/dist/arp/intelligence/ast-monitor.js.map +1 -0
- package/dist/attack/types.d.ts +2 -0
- package/dist/attack/types.d.ts.map +1 -1
- package/dist/attack/types.js.map +1 -1
- package/dist/cli.js +141 -7
- package/dist/cli.js.map +1 -1
- package/dist/hardening/scanner.d.ts.map +1 -1
- package/dist/hardening/scanner.js +11 -0
- package/dist/hardening/scanner.js.map +1 -1
- package/dist/index.d.ts +2 -0
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +5 -2
- package/dist/index.js.map +1 -1
- package/dist/nanomind-core/compiler/semantic-compiler.d.ts.map +1 -1
- package/dist/nanomind-core/compiler/semantic-compiler.js +107 -11
- package/dist/nanomind-core/compiler/semantic-compiler.js.map +1 -1
- package/dist/nanomind-core/index.d.ts +6 -0
- package/dist/nanomind-core/index.d.ts.map +1 -1
- package/dist/nanomind-core/index.js +23 -1
- package/dist/nanomind-core/index.js.map +1 -1
- package/dist/nanomind-core/inference/tme-classifier.d.ts +62 -0
- package/dist/nanomind-core/inference/tme-classifier.d.ts.map +1 -0
- package/dist/nanomind-core/inference/tme-classifier.js +176 -0
- package/dist/nanomind-core/inference/tme-classifier.js.map +1 -0
- package/dist/nanomind-core/verification/ast-validator.d.ts +55 -0
- package/dist/nanomind-core/verification/ast-validator.d.ts.map +1 -0
- package/dist/nanomind-core/verification/ast-validator.js +228 -0
- package/dist/nanomind-core/verification/ast-validator.js.map +1 -0
- package/dist/scanner/external-scanner.d.ts.map +1 -1
- package/dist/scanner/external-scanner.js +37 -30
- package/dist/scanner/external-scanner.js.map +1 -1
- package/dist/simulation/index.d.ts +1 -1
- package/dist/simulation/index.js +1 -1
- package/dist/wild/browser.d.ts +44 -0
- package/dist/wild/browser.d.ts.map +1 -0
- package/dist/wild/browser.js +222 -0
- package/dist/wild/browser.js.map +1 -0
- package/dist/wild/index.d.ts +20 -0
- package/dist/wild/index.d.ts.map +1 -0
- package/dist/wild/index.js +173 -0
- package/dist/wild/index.js.map +1 -0
- package/dist/wild/scorer.d.ts +29 -0
- package/dist/wild/scorer.d.ts.map +1 -0
- package/dist/wild/scorer.js +101 -0
- package/dist/wild/scorer.js.map +1 -0
- package/dist/wild/types.d.ts +95 -0
- package/dist/wild/types.d.ts.map +1 -0
- package/dist/wild/types.js +8 -0
- package/dist/wild/types.js.map +1 -0
- package/package.json +2 -1
|
@@ -0,0 +1,95 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Types for the Wild Scanner module.
|
|
3
|
+
* Tests AI agent resilience by fetching pages from AgentPwn
|
|
4
|
+
* and analyzing hidden injection payloads.
|
|
5
|
+
*/
|
|
6
|
+
export interface WildScanOptions {
|
|
7
|
+
/** Base URL of the AgentPwn site */
|
|
8
|
+
url: string;
|
|
9
|
+
/** Filter by attack category */
|
|
10
|
+
category?: string;
|
|
11
|
+
/** Filter by specific tier */
|
|
12
|
+
tier?: number;
|
|
13
|
+
/** Request timeout in ms */
|
|
14
|
+
timeout: number;
|
|
15
|
+
/** Delay between requests in ms */
|
|
16
|
+
delay: number;
|
|
17
|
+
/** Show verbose output */
|
|
18
|
+
verbose: boolean;
|
|
19
|
+
/** Output as JSON */
|
|
20
|
+
json: boolean;
|
|
21
|
+
}
|
|
22
|
+
export interface WildPageResult {
|
|
23
|
+
/** Page URL */
|
|
24
|
+
url: string;
|
|
25
|
+
/** Attack category */
|
|
26
|
+
category: string;
|
|
27
|
+
/** Difficulty tier */
|
|
28
|
+
tier: number;
|
|
29
|
+
/** Attack ID from the page */
|
|
30
|
+
attackId: string;
|
|
31
|
+
/** Injection surfaces found */
|
|
32
|
+
injectionSurfaces: InjectionSurface[];
|
|
33
|
+
/** Total number of hidden payloads detected */
|
|
34
|
+
payloadCount: number;
|
|
35
|
+
/** Whether the page has a callback instruction */
|
|
36
|
+
hasCallback: boolean;
|
|
37
|
+
/** Whether the page has a canary token */
|
|
38
|
+
hasCanary: boolean;
|
|
39
|
+
/** HTTP status code */
|
|
40
|
+
statusCode: number;
|
|
41
|
+
/** Response time in ms */
|
|
42
|
+
responseTime: number;
|
|
43
|
+
/** Severity of the attack */
|
|
44
|
+
severity: string;
|
|
45
|
+
/** HMA check ID */
|
|
46
|
+
hmaCheckId: string;
|
|
47
|
+
}
|
|
48
|
+
export interface InjectionSurface {
|
|
49
|
+
/** Type of injection delivery */
|
|
50
|
+
type: 'html-comment' | 'invisible-span' | 'json-ld' | 'meta-tag' | 'http-header' | 'aria-label' | 'image-alt' | 'unicode-stego';
|
|
51
|
+
/** The extracted payload text (truncated) */
|
|
52
|
+
content: string;
|
|
53
|
+
/** Whether this would likely fool an agent */
|
|
54
|
+
stealthScore: number;
|
|
55
|
+
}
|
|
56
|
+
export interface WildScanReport {
|
|
57
|
+
/** Target URL */
|
|
58
|
+
target: string;
|
|
59
|
+
/** Scan start time */
|
|
60
|
+
startTime: Date;
|
|
61
|
+
/** Scan end time */
|
|
62
|
+
endTime: Date;
|
|
63
|
+
/** Duration in ms */
|
|
64
|
+
duration: number;
|
|
65
|
+
/** Pages scanned */
|
|
66
|
+
pagesScanned: number;
|
|
67
|
+
/** Individual page results */
|
|
68
|
+
pages: WildPageResult[];
|
|
69
|
+
/** Summary statistics */
|
|
70
|
+
summary: {
|
|
71
|
+
totalPayloads: number;
|
|
72
|
+
byCategory: Record<string, {
|
|
73
|
+
pages: number;
|
|
74
|
+
payloads: number;
|
|
75
|
+
}>;
|
|
76
|
+
bySurface: Record<string, number>;
|
|
77
|
+
maxTier: number;
|
|
78
|
+
callbackPages: number;
|
|
79
|
+
canaryPages: number;
|
|
80
|
+
};
|
|
81
|
+
/** Overall wild resilience score (0-100) */
|
|
82
|
+
wildResilienceScore: number;
|
|
83
|
+
/** Resilience rating */
|
|
84
|
+
resilienceRating: 'excellent' | 'good' | 'moderate' | 'poor' | 'critical';
|
|
85
|
+
/** File fetches tested (robots.txt, llms.txt, sitemap.xml) */
|
|
86
|
+
fileFetches: FileFetchResult[];
|
|
87
|
+
}
|
|
88
|
+
export interface FileFetchResult {
|
|
89
|
+
file: string;
|
|
90
|
+
url: string;
|
|
91
|
+
statusCode: number;
|
|
92
|
+
hasPayload: boolean;
|
|
93
|
+
payloadExcerpt?: string;
|
|
94
|
+
}
|
|
95
|
+
//# sourceMappingURL=types.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/wild/types.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,MAAM,WAAW,eAAe;IAC9B,oCAAoC;IACpC,GAAG,EAAE,MAAM,CAAC;IACZ,gCAAgC;IAChC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,8BAA8B;IAC9B,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,4BAA4B;IAC5B,OAAO,EAAE,MAAM,CAAC;IAChB,mCAAmC;IACnC,KAAK,EAAE,MAAM,CAAC;IACd,0BAA0B;IAC1B,OAAO,EAAE,OAAO,CAAC;IACjB,qBAAqB;IACrB,IAAI,EAAE,OAAO,CAAC;CACf;AAED,MAAM,WAAW,cAAc;IAC7B,eAAe;IACf,GAAG,EAAE,MAAM,CAAC;IACZ,sBAAsB;IACtB,QAAQ,EAAE,MAAM,CAAC;IACjB,sBAAsB;IACtB,IAAI,EAAE,MAAM,CAAC;IACb,8BAA8B;IAC9B,QAAQ,EAAE,MAAM,CAAC;IACjB,+BAA+B;IAC/B,iBAAiB,EAAE,gBAAgB,EAAE,CAAC;IACtC,+CAA+C;IAC/C,YAAY,EAAE,MAAM,CAAC;IACrB,kDAAkD;IAClD,WAAW,EAAE,OAAO,CAAC;IACrB,0CAA0C;IAC1C,SAAS,EAAE,OAAO,CAAC;IACnB,uBAAuB;IACvB,UAAU,EAAE,MAAM,CAAC;IACnB,0BAA0B;IAC1B,YAAY,EAAE,MAAM,CAAC;IACrB,6BAA6B;IAC7B,QAAQ,EAAE,MAAM,CAAC;IACjB,mBAAmB;IACnB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,gBAAgB;IAC/B,iCAAiC;IACjC,IAAI,EAAE,cAAc,GAAG,gBAAgB,GAAG,SAAS,GAAG,UAAU,GAAG,aAAa,GAAG,YAAY,GAAG,WAAW,GAAG,eAAe,CAAC;IAChI,6CAA6C;IAC7C,OAAO,EAAE,MAAM,CAAC;IAChB,8CAA8C;IAC9C,YAAY,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,cAAc;IAC7B,iBAAiB;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,sBAAsB;IACtB,SAAS,EAAE,IAAI,CAAC;IAChB,oBAAoB;IACpB,OAAO,EAAE,IAAI,CAAC;IACd,qBAAqB;IACrB,QAAQ,EAAE,MAAM,CAAC;IACjB,oBAAoB;IACpB,YAAY,EAAE,MAAM,CAAC;IACrB,8BAA8B;IAC9B,KAAK,EAAE,cAAc,EAAE,CAAC;IACxB,yBAAyB;IACzB,OAAO,EAAE;QACP,aAAa,EAAE,MAAM,CAAC;QACtB,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE;YAAE,KAAK,EAAE,MAAM,CAAC;YAAC,QAAQ,EAAE,MAAM,CAAA;SAAE,CAAC,CAAC;QAChE,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QAClC,OAAO,EAAE,MAAM,CAAC;QAChB,aAAa,EAAE,MAAM,CAAC;QACtB,WAAW,EAAE,MAAM,CAAC;KACrB,CAAC;IACF,4CAA4C;IAC5C,mBAAmB,EAAE,MAAM,CAAC;IAC5B,wBAAwB;IACxB,gBAAgB,EAAE,WAAW,GAAG,MAAM,GAAG,UAAU,GAAG,MAAM,GAAG,UAAU,CAAC;IAC1E,8DAA8D;IAC9D,WAAW,EAAE,eAAe,EAAE,CAAC;CAChC;AAED,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,MAAM,CAAC;IACb,GAAG,EAAE,MAAM,CAAC;IACZ,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,OAAO,CAAC;IACpB,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB"}
|
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* Types for the Wild Scanner module.
|
|
4
|
+
* Tests AI agent resilience by fetching pages from AgentPwn
|
|
5
|
+
* and analyzing hidden injection payloads.
|
|
6
|
+
*/
|
|
7
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
8
|
+
//# sourceMappingURL=types.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/wild/types.ts"],"names":[],"mappings":";AAAA;;;;GAIG"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "hackmyagent",
|
|
3
|
-
"version": "0.12.
|
|
3
|
+
"version": "0.12.2",
|
|
4
4
|
"description": "Find it. Break it. Fix it. The hacker's toolkit for AI agents.",
|
|
5
5
|
"bin": {
|
|
6
6
|
"hackmyagent": "dist/cli.js"
|
|
@@ -9,6 +9,7 @@
|
|
|
9
9
|
"types": "dist/index.d.ts",
|
|
10
10
|
"exports": {
|
|
11
11
|
".": "./dist/index.js",
|
|
12
|
+
"./nanomind-core": "./dist/nanomind-core/index.js",
|
|
12
13
|
"./plugins": "./dist/plugins/core.js",
|
|
13
14
|
"./semantic": "./dist/semantic/index.js",
|
|
14
15
|
"./arp": "./dist/arp/index.js",
|