hackmyagent 0.13.1 → 0.14.0

package/dist/lifecycle/assembly-scanner.js

@@ -0,0 +1,515 @@
+"use strict";
+/**
+ * Context Lifecycle Assembly Scanner (Stage 1)
+ *
+ * Simulates how agents assemble their system prompt from multiple components
+ * (SOUL.md, tool descriptions, memory entries, user preferences, conversation
+ * history) and detects injections that only activate post-assembly.
+ *
+ * Key threat model:
+ * - A memory entry that looks benign alone but becomes a prompt injection
+ *   when concatenated with the system prompt.
+ * - Tool descriptions that contain hidden instructions exploiting their
+ *   position adjacent to safety rules.
+ * - Components that combine across boundaries to form split injections
+ *   (half in memory, half in tool description).
+ * - Benign-looking padding that displaces safety instructions out of the
+ *   attention window.
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.scanAssembly = scanAssembly;
+exports.toLifecycleResult = toLifecycleResult;
+const fs = __importStar(require("fs/promises"));
+const path = __importStar(require("path"));
+/** Patterns that indicate prompt injection when found in assembled context */
+const INJECTION_PATTERNS = [
+    { pattern: /ignore\s+(all\s+)?(previous|above|prior)\s+(instructions?|rules?|guidelines?)/i, name: 'instruction-override', severity: 'critical' },
+    { pattern: /\[SYSTEM\s*(UPDATE|OVERRIDE|INSTRUCTION)\]/i, name: 'fake-system-tag', severity: 'critical' },
+    { pattern: /you\s+are\s+now\s+(a\s+)?(?:new|different|unrestricted)/i, name: 'role-reassignment', severity: 'critical' },
+    { pattern: /disregard\s+(your\s+)?(safety|security|guidelines?|rules?|instructions?)/i, name: 'safety-disregard', severity: 'critical' },
+    { pattern: /new\s+instructions?\s*:\s*/i, name: 'instruction-injection', severity: 'high' },
+    { pattern: /\bdo\s+not\s+follow\s+(the\s+)?(system|original|initial)\b/i, name: 'anti-system', severity: 'high' },
+    { pattern: /\bassistant\s*:\s*\n/i, name: 'role-delimiter-injection', severity: 'high' },
+    { pattern: /\bsystem\s*:\s*\n/i, name: 'system-delimiter-injection', severity: 'high' },
+    { pattern: /\b(reveal|show|output|print)\s+(your\s+)?(system\s+prompt|instructions?|rules?)/i, name: 'prompt-extraction', severity: 'medium' },
+    { pattern: /<!--[\s\S]*?(ignore|override|disregard)[\s\S]*?-->/i, name: 'html-comment-injection', severity: 'high' },
+    { pattern: /\u200b|\u200c|\u200d|\ufeff/g, name: 'zero-width-char', severity: 'medium' },
+];
+/**
+ * Patterns that are benign in isolation but become injections when components
+ * are concatenated. Each entry has two halves: one from component A, one from
+ * component B. When they appear adjacent in the assembled prompt, it's a
+ * cross-component (semantic split) injection.
+ */
+const SPLIT_INJECTION_PAIRS = [
+    { partA: /ignore\s+all\s*$/im, partB: /^\s*previous\s+instructions/im, name: 'split-override' },
+    { partA: /\[SYSTEM$/im, partB: /^\s*OVERRIDE\]/im, name: 'split-system-tag' },
+    { partA: /new\s+role\s*:\s*$/im, partB: /^\s*unrestricted\s+assistant/im, name: 'split-role-change' },
+    { partA: /you\s+must\s+now\s*$/im, partB: /^\s*output\s+all\s+(secrets?|credentials?|api\s*keys?)/im, name: 'split-exfiltration' },
+    { partA: /disregard\s*$/im, partB: /^\s*(safety|security)\s+guidelines/im, name: 'split-safety-bypass' },
+];
+/** Files that typically contribute to agent system prompt assembly */
+const SOUL_FILES = ['SOUL.md', 'soul.md', 'SOUL.yaml', 'soul.yaml', 'system-prompt.md', 'system-prompt.txt', 'system_prompt.md', 'persona.md'];
+const TOOL_DESC_FILES = ['tools.json', 'mcp.json', 'mcpServers.json', '.mcp.json', 'tool-descriptions.json', 'capabilities.json'];
+const MEMORY_FILES = ['memory.json', 'context.json', '.memory', 'agent-memory.json', 'conversation-history.json', '.claude/memory/*.md'];
+const USER_PREF_FILES = ['user-preferences.json', 'preferences.json', 'config.json', 'agent-config.json', '.agent.json', 'settings.json'];
+const HISTORY_FILES = ['history.json', 'messages.json', 'chat-history.json', 'conversation.json'];
+/**
+ * Discovers assembly components from the target directory.
+ */
+async function discoverComponents(targetDir) {
+    const components = [];
+    const tryReadFiles = async (filenames, role) => {
+        for (const filename of filenames) {
+            // Handle glob-like patterns
+            if (filename.includes('*')) {
+                const dir = path.join(targetDir, path.dirname(filename));
+                try {
+                    const entries = await fs.readdir(dir);
+                    for (const entry of entries) {
+                        const filePath = path.join(dir, entry);
+                        try {
+                            const stat = await fs.stat(filePath);
+                            if (stat.isFile()) {
+                                const content = await fs.readFile(filePath, 'utf-8');
+                                components.push({
+                                    source: path.relative(targetDir, filePath),
+                                    role,
+                                    content,
+                                });
+                            }
+                        }
+                        catch { /* skip */ }
+                    }
+                }
+                catch { /* directory doesn't exist */ }
+                continue;
+            }
+            const filePath = path.join(targetDir, filename);
+            try {
+                const content = await fs.readFile(filePath, 'utf-8');
+                components.push({
+                    source: filename,
+                    role,
+                    content,
+                });
+            }
+            catch { /* file doesn't exist - skip */ }
+        }
+    };
+    await tryReadFiles(SOUL_FILES, 'soul');
+    await tryReadFiles(TOOL_DESC_FILES, 'toolDescription');
+    await tryReadFiles(MEMORY_FILES, 'memory');
+    await tryReadFiles(USER_PREF_FILES, 'userPreference');
+    await tryReadFiles(HISTORY_FILES, 'conversationHistory');
+    // Also scan for inline system instructions in source files
+    const srcDir = path.join(targetDir, 'src');
+    try {
+        const srcExists = await fs.access(srcDir).then(() => true).catch(() => false);
+        if (srcExists) {
+            const entries = await fs.readdir(srcDir, { recursive: true });
+            for (const entry of entries) {
+                const entryStr = String(entry);
+                if (!/\.(ts|js|py|mjs)$/.test(entryStr))
+                    continue;
+                const filePath = path.join(srcDir, entryStr);
+                try {
+                    const stat = await fs.stat(filePath);
+                    if (!stat.isFile() || stat.size > 100000)
+                        continue;
+                    const content = await fs.readFile(filePath, 'utf-8');
+                    // Extract string literals assigned to systemPrompt/system_prompt variables
+                    const systemPromptMatch = content.match(/(?:systemPrompt|system_prompt|system_message|SYSTEM_PROMPT)\s*(?:=|:)\s*[`'"]([\s\S]*?)[`'"]/);
+                    if (systemPromptMatch) {
+                        components.push({
+                            source: path.relative(targetDir, filePath),
+                            role: 'systemInstruction',
+                            content: systemPromptMatch[1],
+                        });
+                    }
+                }
+                catch { /* skip */ }
+            }
+        }
+    }
+    catch { /* no src dir */ }
+    return components;
+}
+/**
+ * Simulates the assembly process: concatenates components in typical agent
+ * assembly order (system instructions -> SOUL -> tools -> memory -> prefs -> history).
+ */
+function assemblePrompt(components) {
+    // Sort by assembly priority (system instructions first, history last)
+    const roleOrder = {
+        systemInstruction: 0,
+        soul: 1,
+        toolDescription: 2,
+        userPreference: 3,
+        memory: 4,
+        conversationHistory: 5,
+    };
+    const sorted = [...components].sort((a, b) => roleOrder[a.role] - roleOrder[b.role]);
+    let offset = 0;
+    const enriched = [];
+    const parts = [];
+    for (const comp of sorted) {
+        const section = `\n--- ${comp.role}: ${comp.source} ---\n${comp.content}\n`;
+        enriched.push({
+            ...comp,
+            assembledOffset: offset,
+            assembledLength: section.length,
+        });
+        parts.push(section);
+        offset += section.length;
+    }
+    return { assembled: parts.join(''), components: enriched };
+}
+/**
+ * Scans the assembled prompt for injection patterns that may not be visible
+ * in individual components.
+ */
+function scanAssembledPrompt(assembled, components) {
+    const findings = [];
+    const interactions = [];
+    // 1. Scan full assembled prompt for injection patterns
+    for (const { pattern, name, severity } of INJECTION_PATTERNS) {
+        const matches = assembled.matchAll(new RegExp(pattern.source, pattern.flags.includes('g') ? pattern.flags : pattern.flags + 'g'));
+        for (const match of matches) {
+            if (match.index === undefined)
+                continue;
+            const matchOffset = match.index;
+            // Find which component this match falls in
+            const sourceComp = components.find(c => c.assembledOffset !== undefined &&
+                c.assembledLength !== undefined &&
+                matchOffset >= c.assembledOffset &&
+                matchOffset < c.assembledOffset + c.assembledLength);
+            // Check if this pattern exists in the original component (pre-assembly)
+            // If it does, it's a Stage 0 finding (already detectable). We only flag
+            // patterns that emerge from assembly (cross-boundary or context-dependent).
+            if (sourceComp) {
+                const existsInSource = new RegExp(pattern.source, pattern.flags).test(sourceComp.content);
+                if (existsInSource)
+                    continue; // Already detectable at Stage 0
+            }
+            findings.push({
+                checkId: `LIFECYCLE-001`,
+                name: 'Assembly-emergent injection',
+                description: `Injection pattern "${name}" detected in assembled system prompt but not visible in individual components. This injection emerges only after components are concatenated.`,
+                category: 'context-lifecycle',
+                severity,
+                passed: false,
+                message: `Assembly-emergent injection: "${name}" at offset ${matchOffset}${sourceComp ? ` (near ${sourceComp.source})` : ''}`,
+                fixable: false,
+                file: sourceComp?.source,
+                fix: 'Sanitize component content before assembly. Add injection detection between assembly stages.',
+                guidance: 'This injection is invisible when scanning individual files but activates after components are concatenated into the system prompt. Implement assembly-stage sanitization.',
+                attackClass: 'ASSEMBLY-INJECT',
+            });
+        }
+    }
+    // 2. Detect cross-component (semantic split) injections
+    for (let i = 0; i < components.length - 1; i++) {
+        const compA = components[i];
+        const compB = components[i + 1];
+        for (const { partA, partB, name } of SPLIT_INJECTION_PAIRS) {
+            if (partA.test(compA.content) && partB.test(compB.content)) {
+                const interaction = {
+                    components: [compA.source, compB.source],
+                    attackType: 'semanticSplit',
+                    assembledSegment: `...${compA.content.slice(-100)}${compB.content.slice(0, 100)}...`,
+                    confidence: 0.85,
+                };
+                interactions.push(interaction);
+                findings.push({
+                    checkId: 'LIFECYCLE-002',
+                    name: 'Cross-component split injection',
+                    description: `Split injection "${name}" detected across component boundary: half in ${compA.source}, half in ${compB.source}. Each component appears benign alone.`,
+                    category: 'context-lifecycle',
+                    severity: 'critical',
+                    passed: false,
+                    message: `Split injection "${name}" spans ${compA.source} -> ${compB.source}`,
+                    fixable: false,
+                    file: compA.source,
+                    fix: 'Scan component boundaries for split patterns. Add boundary delimiters that prevent cross-component injection.',
+                    guidance: 'Split injections place half of a malicious instruction in one component and the other half in an adjacent component. When assembled, they form a complete injection that bypasses per-file scanning.',
+                    attackClass: 'ASSEMBLY-SPLIT',
+                });
+            }
+        }
+    }
+    // 3. Detect context window displacement attacks
+    // If any single component is disproportionately large, it may push
+    // safety instructions (typically in soul/systemInstruction) out of
+    // the effective attention window.
+    const totalLength = assembled.length;
+    const safetyComponents = components.filter(c => c.role === 'soul' || c.role === 'systemInstruction');
+    const safetyLength = safetyComponents.reduce((sum, c) => sum + c.content.length, 0);
+    for (const comp of components) {
+        if (comp.role === 'soul' || comp.role === 'systemInstruction')
+            continue;
+        // Flag if a non-safety component is >60% of total assembled prompt
+        if (comp.content.length > totalLength * 0.6 && totalLength > 2000) {
+            interactions.push({
+                components: [comp.source, ...(safetyComponents.map(c => c.source))],
+                attackType: 'displacementAttack',
+                assembledSegment: `Component ${comp.source} is ${comp.content.length} chars (${Math.round(comp.content.length / totalLength * 100)}% of assembled prompt)`,
+                confidence: 0.7,
+            });
+            findings.push({
+                checkId: 'LIFECYCLE-003',
+                name: 'Context window displacement',
+                description: `Component "${comp.source}" (${comp.role}) occupies ${Math.round(comp.content.length / totalLength * 100)}% of the assembled prompt. Safety instructions from ${safetyComponents.map(c => c.source).join(', ') || 'SOUL.md'} may be displaced from the effective attention window.`,
+                category: 'context-lifecycle',
+                severity: 'high',
+                passed: false,
+                message: `${comp.source} displaces safety instructions (${comp.content.length}/${totalLength} chars)`,
+                fixable: false,
+                file: comp.source,
+                fix: 'Limit component sizes. Pin safety instructions at start and end of the assembled prompt. Implement attention anchoring.',
+                guidance: 'LLMs have limited effective attention. A disproportionately large component (memory dump, verbose tool descriptions) can push safety instructions out of the "attention window", effectively disabling them.',
+                attackClass: 'ASSEMBLY-DISPLACE',
+            });
+        }
+    }
+    // 4. Safety instruction ratio check
+    // If safety instructions are <10% of total and total is large enough to matter
+    if (totalLength > 5000 && safetyLength > 0 && safetyLength / totalLength < 0.1) {
+        findings.push({
+            checkId: 'LIFECYCLE-004',
+            name: 'Low safety instruction ratio',
+            description: `Safety instructions (SOUL.md, system prompts) are only ${Math.round(safetyLength / totalLength * 100)}% of the assembled context (${safetyLength}/${totalLength} chars). Safety rules may be diluted by other content.`,
+            category: 'context-lifecycle',
+            severity: 'medium',
+            passed: false,
+            message: `Safety instructions are ${Math.round(safetyLength / totalLength * 100)}% of assembled context`,
+            fixable: false,
+            file: safetyComponents[0]?.source || 'SOUL.md',
+            fix: 'Increase safety instruction coverage. Repeat critical rules at multiple points in the assembly. Trim non-essential context.',
+            guidance: 'When safety instructions are a small fraction of total context, the LLM may prioritize other content. Research shows safety instructions need sufficient representation relative to total context.',
+            attackClass: 'ASSEMBLY-DILUTE',
+        });
+    }
+    // 5. Detect priority zone hijacking
+    // Components at the end of assembly (high attention priority) containing instructions
+    const lastComponents = components.slice(-2);
+    for (const comp of lastComponents) {
+        if (comp.role === 'soul' || comp.role === 'systemInstruction')
+            continue;
+        // Check if late-position components contain instruction-like patterns
+        const instructionPatterns = [
+            /\b(must|should|always|never)\s+(do|follow|ignore|output)/i,
+            /\b(from now on|henceforth|going forward)\b/i,
+            /\b(your (new )?instructions?|updated rules?)\s*(are|:)/i,
+        ];
+        for (const pat of instructionPatterns) {
+            if (pat.test(comp.content)) {
+                interactions.push({
+                    components: [comp.source],
+                    attackType: 'priorityHijack',
+                    assembledSegment: comp.content.slice(0, 200),
+                    confidence: 0.65,
+                });
+                findings.push({
+                    checkId: 'LIFECYCLE-005',
+                    name: 'Priority zone instruction injection',
+                    description: `Component "${comp.source}" (${comp.role}) is in the high-priority end zone of the assembled prompt and contains instruction-like language. Late-position instructions override earlier ones in many LLMs.`,
+                    category: 'context-lifecycle',
+                    severity: 'high',
+                    passed: false,
+                    message: `${comp.source} contains instructions in high-priority position`,
+                    fixable: false,
+                    file: comp.source,
+                    fix: 'Move safety-critical instructions to the end of the assembly. Validate that non-safety components do not contain directive language.',
+                    guidance: 'Many LLMs give higher weight to instructions that appear later in the context (recency bias). If memory or conversation history is assembled after safety rules, injected instructions there will override safety constraints.',
+                    attackClass: 'ASSEMBLY-HIJACK',
+                });
+                break; // One finding per component
+            }
+        }
+    }
+    // 6. Detect role delimiter injection in non-system components
+    for (const comp of components) {
+        if (comp.role === 'systemInstruction')
+            continue;
+        if (/\b(system|assistant|user)\s*:\s*\n/i.test(comp.content)) {
+            findings.push({
+                checkId: 'LIFECYCLE-006',
+                name: 'Role delimiter in non-system component',
+                description: `Component "${comp.source}" (${comp.role}) contains role delimiters (system:/assistant:/user:) that could trick the LLM into treating injected text as a new conversation turn.`,
+                category: 'context-lifecycle',
+                severity: 'high',
+                passed: false,
+                message: `${comp.source} contains role delimiters in ${comp.role} component`,
+                fixable: false,
+                file: comp.source,
+                fix: 'Strip or escape role delimiters from non-system components before assembly.',
+                guidance: 'Role delimiters in memory entries, tool descriptions, or user preferences can trick the LLM into treating the following text as a new system instruction or assistant response, breaking the intended conversation structure.',
+                attackClass: 'ASSEMBLY-DELIMITER',
+            });
+        }
+    }
+    // 7. Detect HTML/markdown comment hiding
+    for (const comp of components) {
+        const commentMatches = comp.content.matchAll(/<!--([\s\S]*?)-->/g);
+        for (const match of commentMatches) {
+            const commentContent = match[1];
+            // Check if the comment contains instruction-like content
+            if (/ignore|override|disregard|new\s+instructions?|system\s*:|you\s+are/i.test(commentContent)) {
+                findings.push({
+                    checkId: 'LIFECYCLE-007',
+                    name: 'Hidden instructions in HTML comments',
+                    description: `Component "${comp.source}" contains HTML comments with instruction-like content. Some LLMs process HTML comment content, making this an injection vector.`,
+                    category: 'context-lifecycle',
+                    severity: 'high',
+                    passed: false,
+                    message: `${comp.source} has hidden instructions in HTML comments`,
+                    fixable: false,
+                    file: comp.source,
+                    fix: 'Strip HTML comments from all components before assembly, or sanitize comment content.',
+                    guidance: 'HTML comments are invisible to humans reading markdown but may be processed by LLMs during inference. Attackers hide instructions in comments within memory entries or tool descriptions.',
+                    attackClass: 'ASSEMBLY-HIDDEN',
+                });
+            }
+        }
+    }
+    return { findings, interactions };
+}
+/**
+ * Runs the full Stage 1 assembly scan.
+ */
+async function scanAssembly(options) {
+    const { targetDir, onProgress } = options;
+    if (onProgress)
+        onProgress('Discovering assembly components...');
+    const rawComponents = await discoverComponents(targetDir);
+    if (rawComponents.length === 0) {
+        return {
+            findings: [],
+            components: [],
+            interactions: [],
+            assembledPrompt: '',
+            tokenEstimate: 0,
+        };
+    }
+    if (onProgress)
+        onProgress(`Found ${rawComponents.length} assembly components, simulating assembly...`);
+    const { assembled, components } = assemblePrompt(rawComponents);
+    if (onProgress)
+        onProgress('Scanning assembled prompt for lifecycle attacks...');
+    const { findings, interactions } = scanAssembledPrompt(assembled, components);
+    // Rough token estimate: ~4 chars per token for English
+    const tokenEstimate = Math.ceil(assembled.length / 4);
+    // 8. Check for assembly without safety instructions
+    const hasSafety = components.some(c => c.role === 'soul' || c.role === 'systemInstruction');
+    if (!hasSafety && components.length > 1) {
+        findings.push({
+            checkId: 'LIFECYCLE-008',
+            name: 'Assembly without safety instructions',
+            description: 'Agent assembles context from multiple components but has no SOUL.md or system prompt to establish safety boundaries.',
+            category: 'context-lifecycle',
+            severity: 'critical',
+            passed: false,
+            message: `${components.length} components assembled with no safety instructions`,
+            fixable: false,
+            file: components[0]?.source,
+            fix: 'Add a SOUL.md or system prompt with safety boundaries. Run: hackmyagent scan-soul to generate one.',
+            guidance: 'Without explicit safety instructions in the assembled context, the agent behavior is entirely determined by other components (memory, tools, history) which may be attacker-influenced.',
+            attackClass: 'ASSEMBLY-NOSAFETY',
+        });
+    }
+    // 9. Check for duplicate/conflicting instructions across components
+    const instructionComponents = components.filter(c => c.role === 'soul' || c.role === 'systemInstruction' || c.role === 'userPreference');
+    if (instructionComponents.length > 1) {
+        // Simple heuristic: if multiple components define contradictory rules
+        const rules = instructionComponents.map(c => ({
+            source: c.source,
+            hasAllow: /\b(allow|permit|enable)\b/i.test(c.content),
+            hasDeny: /\b(deny|forbid|disable|never)\b/i.test(c.content),
+        }));
+        const hasConflict = rules.some(r => r.hasAllow) && rules.some(r => r.hasDeny);
+        if (hasConflict) {
+            const allowSources = rules.filter(r => r.hasAllow).map(r => r.source);
+            const denySources = rules.filter(r => r.hasDeny).map(r => r.source);
+            findings.push({
+                checkId: 'LIFECYCLE-009',
+                name: 'Conflicting assembly instructions',
+                description: `Conflicting directives detected: permissive rules in ${allowSources.join(', ')} vs restrictive rules in ${denySources.join(', ')}. LLM behavior under contradiction is unpredictable.`,
+                category: 'context-lifecycle',
+                severity: 'medium',
+                passed: false,
+                message: `Conflicting instructions across ${instructionComponents.length} components`,
+                fixable: false,
+                file: instructionComponents[0].source,
+                fix: 'Consolidate instructions into a single authoritative source (SOUL.md). Remove conflicting directives from other components.',
+                guidance: 'When multiple components provide contradictory instructions, LLM behavior is unpredictable. An attacker can exploit this by injecting permissive rules in a lower-priority component that conflict with safety rules.',
+                attackClass: 'ASSEMBLY-CONFLICT',
+            });
+        }
+    }
+    // 10. Token budget exhaustion risk
+    const maxSafe = options.maxAssemblySize || 100000; // ~25K tokens
+    if (assembled.length > maxSafe) {
+        findings.push({
+            checkId: 'LIFECYCLE-010',
+            name: 'Assembly exceeds safe context budget',
+            description: `Assembled prompt is ${assembled.length} chars (~${tokenEstimate} tokens), exceeding safe budget of ${maxSafe} chars. Early components (safety instructions) may be truncated or compressed.`,
+            category: 'context-lifecycle',
+            severity: 'high',
+            passed: false,
+            message: `Assembled prompt: ${assembled.length} chars (~${tokenEstimate} tokens) exceeds ${maxSafe} char budget`,
+            fixable: false,
+            file: components[components.length - 1]?.source,
+            fix: 'Reduce component sizes. Implement context pruning. Use summarization for memory/history. Prioritize safety-critical content.',
+            guidance: 'When the assembled prompt exceeds the model context window, providers typically truncate from the beginning, which removes safety instructions. Even within the window, extreme length degrades instruction-following quality.',
+            attackClass: 'ASSEMBLY-OVERFLOW',
+        });
+    }
+    if (onProgress)
+        onProgress(`Assembly scan complete: ${findings.length} findings from ${components.length} components`);
+    return { findings, components, interactions, assembledPrompt: assembled, tokenEstimate };
+}
+/**
+ * Wraps a Stage 0 ScanResult into a LifecycleScanResult.
+ * This is backward-compatible: existing scan results become Stage 0 lifecycle results.
+ */
+function toLifecycleResult(scanResult, stage = 0) {
+    return {
+        stage,
+        scanResult,
+    };
+}
+//# sourceMappingURL=assembly-scanner.js.map

package/dist/lifecycle/assembly-scanner.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"assembly-scanner.js","sourceRoot":"","sources":["../../src/lifecycle/assembly-scanner.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;GAgBG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAqZH,oCAwGC;AAMD,8CAQC;AAzgBD,gDAAkC;AAClC,2CAA6B;AAQ7B,8EAA8E;AAC9E,MAAM,kBAAkB,GAAkF;IACxG,EAAE,OAAO,EAAE,gFAAgF,EAAE,IAAI,EAAE,sBAAsB,EAAE,QAAQ,EAAE,UAAU,EAAE;IACjJ,EAAE,OAAO,EAAE,6CAA6C,EAAE,IAAI,EAAE,iBAAiB,EAAE,QAAQ,EAAE,UAAU,EAAE;IACzG,EAAE,OAAO,EAAE,0DAA0D,EAAE,IAAI,EAAE,mBAAmB,EAAE,QAAQ,EAAE,UAAU,EAAE;IACxH,EAAE,OAAO,EAAE,2EAA2E,EAAE,IAAI,EAAE,kBAAkB,EAAE,QAAQ,EAAE,UAAU,EAAE;IACxI,EAAE,OAAO,EAAE,6BAA6B,EAAE,IAAI,EAAE,uBAAuB,EAAE,QAAQ,EAAE,MAAM,EAAE;IAC3F,EAAE,OAAO,EAAE,6DAA6D,EAAE,IAAI,EAAE,aAAa,EAAE,QAAQ,EAAE,MAAM,EAAE;IACjH,EAAE,OAAO,EAAE,uBAAuB,EAAE,IAAI,EAAE,0BAA0B,EAAE,QAAQ,EAAE,MAAM,EAAE;IACxF,EAAE,OAAO,EAAE,oBAAoB,EAAE,IAAI,EAAE,4BAA4B,EAAE,QAAQ,EAAE,MAAM,EAAE;IACvF,EAAE,OAAO,EAAE,kFAAkF,EAAE,IAAI,EAAE,mBAAmB,EAAE,QAAQ,EAAE,QAAQ,EAAE;IAC9I,EAAE,OAAO,EAAE,qDAAqD,EAAE,IAAI,EAAE,wBAAwB,EAAE,QAAQ,EAAE,MAAM,EAAE;IACpH,EAAE,OAAO,EAAE,8BAA8B,EAAE,IAAI,EAAE,iBAAiB,EAAE,QAAQ,EAAE,QAAQ,EAAE;CACzF,CAAC;AAEF;;;;;GAKG;AACH,MAAM,qBAAqB,GAAqD;IAC9E,EAAE,KAAK,EAAE,oBAAoB,EAAE,KAAK,EAAE,+BAA+B,EAAE,IAAI,EAAE,gBAAgB,EAAE;IAC/F,EAAE,KAAK,EAAE,aAAa,EAAE,KAAK,EAAE,kBAAkB,EAAE,IAAI,EAAE,kBAAkB,EAAE;IAC7E,EAAE,KAAK,EAAE,sBAAsB,EAAE,KAAK,EAAE,gCAAgC,EAAE,IAAI,EAAE,mBAAmB,EAAE;IACrG,EAAE,KAAK,EAAE,wBAAwB,EAAE,KAAK,EAAE,0DAA0D,EAAE,IAAI,EAAE,oBAAoB,EAAE;IAClI,EAAE,KAAK,EAAE,iBAAiB,EAAE,KAAK,EAAE,sCAAsC,EAAE,IAAI,EAAE,qBAAqB,EAAE;CACzG,CAAC;AAEF,sEAAsE;AACtE,MAAM,UAAU,GAAG,CAAC,SAAS,EAAE,SAAS,EAAE,WAAW,EAAE,WAAW,EAAE,kBAAkB,EAAE,mBAAmB,EAAE,kBAAkB,EAAE,YAAY,CAAC,CAAC;AAC/I,MAAM,eAAe,GAAG,CAAC,YAAY,EAAE,UAAU,EAAE,iBAAiB,EAAE,WAAW,EAAE,wBAAwB,EAAE,mBAAmB,CAAC,CAAC;AAClI,MAAM,YAAY,GAAG,CAAC,aAAa,EAAE,cAAc,EAAE,SAAS,EAAE,mBAAmB,EAAE,2BAA2B,EAAE,qBAAqB,CAAC,CAAC;AACzI,MAAM,eAAe,GAAG,CAAC,uBAAuB,EAAE,kBAAkB,EAAE,aAAa,EAAE,mBAAmB,EAAE,aAAa,EAAE,eAAe,CAAC,CAAC;AAC1I,MAAM,aAAa,GAAG,CAAC,cAAc,EAAE,eAAe,EAAE,mBAAmB,EAAE,mBAAmB,CAAC,CAAC;AAUlG;;GAEG;AACH,KAAK,UAAU,kBAAkB,CAAC,SAAiB;IACjD,MAAM,UAAU,GAAwB,EAAE,CAAC;IAE3C,MAAM,YAAY,GAAG,KAAK,EACxB,SAAmB,EACnB,IAA+B,EAC/B,EAAE;QACF,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;YACjC,4BAA4B;YAC5B,IAAI,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC3B,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC;gBACzD,IAAI,CAAC;oBACH,MAAM,OAAO,GAAG,MAAM,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;oBACtC,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;wBAC5B,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;wBACvC,IAAI,CAAC;4BACH,MAAM,IAAI,GAAG,MAAM,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;4BACrC,IAAI,IAAI,CAAC,MAAM,EAAE,EAAE,CAAC;gCAClB,MAAM,OAAO,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;gCACrD,UAAU,CAAC,IAAI,CAAC;oCACd,MAAM,EAAE,IAAI,CAAC,QAAQ,CAAC,SAAS,EAAE,QAAQ,CAAC;oCAC1C,IAAI;oCACJ,OAAO;iCACR,CAAC,CAAC;4BACL,CAAC;wBACH,CAAC;wBAAC,MAAM,CAAC,CAAC,UAAU,CAAC,CAAC;oBACxB,CAAC;gBACH,CAAC;gBAAC,MAAM,CAAC,CAAC,6BAA6B,CAAC,CAAC;gBACzC,SAAS;YACX,CAAC;YAED,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;YAChD,IAAI,CAAC;gBACH,MAAM,OAAO,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;gBACrD,UAAU,CAAC,IAAI,CAAC;oBACd,MAAM,EAAE,QAAQ;oBAChB,IAAI;oBACJ,OAAO;iBACR,CAAC,CAAC;YACL,CAAC;YAAC,MAAM,CAAC,CAAC,+BAA+B,CAAC,CAAC;QAC7C,CAAC;IACH,CAAC,CAAC;IAEF,MAAM,YAAY,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;IACvC,MAAM,YAAY,CAAC,eAAe,EAAE,iBAAiB,CAAC,CAAC;IACvD,MAAM,YAAY,CAAC,YAAY,EAAE,QAAQ,CAAC,CAAC;IAC3C,MAAM,YAAY,CAAC,eAAe,EAAE,gBAAgB,CAAC,CAAC;IACtD,MAAM,YAAY,CAAC,aAAa,EAAE,qBAAqB,CAAC,CAAC;IAEzD,2DAA2D;IAC3D,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;IAC3C,IAAI,CAAC;QACH,MAAM,SAAS,GAAG,MAAM,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,KAAK,CAAC,CAAC;QAC9E,IAAI,SAAS,EAAE,CAAC;YACd,MAAM,OAAO,GAAG,MAAM,EAAE,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAa,CAAC;YAC1E,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;gBAC5B,MAAM,QAAQ,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC;gBAC/B,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,QAAQ,CAAC;oBAAE,SAAS;gBAClD,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;gBAC7C,IAAI,CAAC;oBACH,MAAM,IAAI,GAAG,MAAM,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;oBACrC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,IAAI,CAAC,IAAI,GAAG,MAAO;wBAAE,SAAS;oBACpD,MAAM,OAAO,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;oBACrD,2EAA2E;oBAC3E,MAAM,iBAAiB,GAAG,OAAO,CAAC,KAAK,CACrC,8FAA8F,CAC/F,CAAC;oBACF,IAAI,iBAAiB,EAAE,CAAC;wBACtB,UAAU,CAAC,IAAI,CAAC;4BACd,MAAM,EAAE,IAAI,CAAC,QAAQ,CAAC,SAAS,EAAE,QAAQ,CAAC;4BAC1C,IAAI,EAAE,mBAAmB;4BACzB,OAAO,EAAE,iBAAiB,CAAC,CAAC,CAAC;yBAC9B,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;gBAAC,MAAM,CAAC,CAAC,UAAU,CAAC,CAAC;YACxB,CAAC;QACH,CAAC;IACH,CAAC;IAAC,MAAM,CAAC,CAAC,gBAAgB,CAAC,CAAC;IAE5B,OAAO,UAAU,CAAC;AACpB,CAAC;AAED;;;GAGG;AACH,SAAS,cAAc,CAAC,UAA+B;IACrD,sEAAsE;IACtE,MAAM,SAAS,GAA8C;QAC3D,iBAAiB,EAAE,CAAC;QACpB,IAAI,EAAE,CAAC;QACP,eAAe,EAAE,CAAC;QAClB,cAAc,EAAE,CAAC;QACjB,MAAM,EAAE,CAAC;QACT,mBAAmB,EAAE,CAAC;KACvB,CAAC;IAEF,MAAM,MAAM,GAAG,CAAC,GAAG,UAAU,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;IAErF,IAAI,MAAM,GAAG,CAAC,CAAC;IACf,MAAM,QAAQ,GAAwB,EAAE,CAAC;IACzC,MAAM,KAAK,GAAa,EAAE,CAAC;IAE3B,KAAK,MAAM,IAAI,IAAI,MAAM,EAAE,CAAC;QAC1B,MAAM,OAAO,GAAG,SAAS,IAAI,CAAC,IAAI,KAAK,IAAI,CAAC,MAAM,SAAS,IAAI,CAAC,OAAO,IAAI,CAAC;QAC5E,QAAQ,CAAC,IAAI,CAAC;YACZ,GAAG,IAAI;YACP,eAAe,EAAE,MAAM;YACvB,eAAe,EAAE,OAAO,CAAC,MAAM;SAChC,CAAC,CAAC;QACH,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACpB,MAAM,IAAI,OAAO,CAAC,MAAM,CAAC;IAC3B,CAAC;IAED,OAAO,EAAE,SAAS,EAAE,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,UAAU,EAAE,QAAQ,EAAE,CAAC;AAC7D,CAAC;AAED;;;GAGG;AACH,SAAS,mBAAmB,CAC1B,SAAiB,EACjB,UAA+B;IAE/B,MAAM,QAAQ,GAAsB,EAAE,CAAC;IACvC,MAAM,YAAY,GAA0B,EAAE,CAAC;IAE/C,uDAAuD;IACvD,KAAK,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,kBAAkB,EAAE,CAAC;QAC7D,MAAM,OAAO,GAAG,SAAS,CAAC,QAAQ,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,GAAG,GAAG,CAAC,CAAC,CAAC;QAClI,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;YAC5B,IAAI,KAAK,CAAC,KAAK,KAAK,SAAS;gBAAE,SAAS;YACxC,MAAM,WAAW,GAAG,KAAK,CAAC,KAAK,CAAC;YAEhC,2CAA2C;YAC3C,MAAM,UAAU,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CACrC,CAAC,CAAC,eAAe,KAAK,SAAS;gBAC/B,CAAC,CAAC,eAAe,KAAK,SAAS;gBAC/B,WAAW,IAAI,CAAC,CAAC,eAAe;gBAChC,WAAW,GAAG,CAAC,CAAC,eAAe,GAAG,CAAC,CAAC,eAAe,CACpD,CAAC;YAEF,wEAAwE;YACxE,wEAAwE;YACxE,4EAA4E;YAC5E,IAAI,UAAU,EAAE,CAAC;gBACf,MAAM,cAAc,GAAG,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;gBAC1F,IAAI,cAAc;oBAAE,SAAS,CAAC,gCAAgC;YAChE,CAAC;YAED,QAAQ,CAAC,IAAI,CAAC;gBACZ,OAAO,EAAE,eAAe;gBACxB,IAAI,EAAE,6BAA6B;gBACnC,WAAW,EAAE,sBAAsB,IAAI,gJAAgJ;gBACvL,QAAQ,EAAE,mBAAmB;gBAC7B,QAAQ;gBACR,MAAM,EAAE,KAAK;gBACb,OAAO,EAAE,iCAAiC,IAAI,eAAe,WAAW,GAAG,UAAU,CAAC,CAAC,CAAC,UAAU,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;gBAC7H,OAAO,EAAE,KAAK;gBACd,IAAI,EAAE,UAAU,EAAE,MAAM;gBACxB,GAAG,EAAE,8FAA8F;gBACnG,QAAQ,EAAE,2KAA2K;gBACrL,WAAW,EAAE,iBAAiB;aAC/B,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,wDAAwD;IACxD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;QAC/C,MAAM,KAAK,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC;QAC5B,MAAM,KAAK,GAAG,UAAU,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QAEhC,KAAK,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,IAAI,EAAE,IAAI,qBAAqB,EAAE,CAAC;YAC3D,IAAI,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC3D,MAAM,WAAW,GAAwB;oBACvC,UAAU,EAAE,CAAC,KAAK,CAAC,MAAM,EAAE,KAAK,CAAC,MAAM,CAAC;oBACxC,UAAU,EAAE,eAAe;oBAC3B,gBAAgB,EAAE,MAAM,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,KAAK;oBACpF,UAAU,EAAE,IAAI;iBACjB,CAAC;gBACF,YAAY,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;gBAE/B,QAAQ,CAAC,IAAI,CAAC;oBACZ,OAAO,EAAE,eAAe;oBACxB,IAAI,EAAE,iCAAiC;oBACvC,WAAW,EAAE,oBAAoB,IAAI,iDAAiD,KAAK,CAAC,MAAM,aAAa,KAAK,CAAC,MAAM,wCAAwC;oBACnK,QAAQ,EAAE,mBAAmB;oBAC7B,QAAQ,EAAE,UAAU;oBACpB,MAAM,EAAE,KAAK;oBACb,OAAO,EAAE,oBAAoB,IAAI,WAAW,KAAK,CAAC,MAAM,OAAO,KAAK,CAAC,MAAM,EAAE;oBAC7E,OAAO,EAAE,KAAK;oBACd,IAAI,EAAE,KAAK,CAAC,MAAM;oBAClB,GAAG,EAAE,+GAA+G;oBACpH,QAAQ,EAAE,sMAAsM;oBAChN,WAAW,EAAE,gBAAgB;iBAC9B,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,gDAAgD;IAChD,mEAAmE;IACnE,mEAAmE;IACnE,kCAAkC;IAClC,MAAM,WAAW,GAAG,SAAS,CAAC,MAAM,CAAC;IACrC,MAAM,gBAAgB,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,MAAM,IAAI,CAAC,CAAC,IAAI,KAAK,mBAAmB,CAAC,CAAC;IACrG,MAAM,YAAY,GAAG,gBAAgB,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;IAEpF,KAAK,MAAM,IAAI,IAAI,UAAU,EAAE,CAAC;QAC9B,IAAI,IAAI,CAAC,IAAI,KAAK,MAAM,IAAI,IAAI,CAAC,IAAI,KAAK,mBAAmB;YAAE,SAAS;QACxE,mEAAmE;QACnE,IAAI,IAAI,CAAC,OAAO,CAAC,MAAM,GAAG,WAAW,GAAG,GAAG,IAAI,WAAW,GAAG,IAAI,EAAE,CAAC;YAClE,YAAY,CAAC,IAAI,CAAC;gBAChB,UAAU,EAAE,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC;gBACnE,UAAU,EAAE,oBAAoB;gBAChC,gBAAgB,EAAE,aAAa,IAAI,CAAC,MAAM,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,WAAW,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,GAAG,WAAW,GAAG,GAAG,CAAC,wBAAwB;gBAC1J,UAAU,EAAE,GAAG;aAChB,CAAC,CAAC;YAEH,QAAQ,CAAC,IAAI,CAAC;gBACZ,OAAO,EAAE,eAAe;gBACxB,IAAI,EAAE,6BAA6B;gBACnC,WAAW,EAAE,cAAc,IAAI,CAAC,MAAM,MAAM,IAAI,CAAC,IAAI,cAAc,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,GAAG,WAAW,GAAG,GAAG,CAAC,uDAAuD,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,SAAS,wDAAwD;gBAChS,QAAQ,EAAE,mBAAmB;gBAC7B,QAAQ,EAAE,MAAM;gBAChB,MAAM,EAAE,KAAK;gBACb,OAAO,EAAE,GAAG,IAAI,CAAC,MAAM,mCAAmC,IAAI,CAAC,OAAO,CAAC,MAAM,IAAI,WAAW,SAAS;gBACrG,OAAO,EAAE,KAAK;gBACd,IAAI,EAAE,IAAI,CAAC,MAAM;gBACjB,GAAG,EAAE,yHAAyH;gBAC9H,QAAQ,EAAE,8MAA8M;gBACxN,WAAW,EAAE,mBAAmB;aACjC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,oCAAoC;IACpC,+EAA+E;IAC/E,IAAI,WAAW,GAAG,IAAI,IAAI,YAAY,GAAG,CAAC,IAAI,YAAY,GAAG,WAAW,GAAG,GAAG,EAAE,CAAC;QAC/E,QAAQ,CAAC,IAAI,CAAC;YACZ,OAAO,EAAE,eAAe;YACxB,IAAI,EAAE,8BAA8B;YACpC,WAAW,EAAE,0DAA0D,IAAI,CAAC,KAAK,CAAC,YAAY,GAAG,WAAW,GAAG,GAAG,CAAC,+BAA+B,YAAY,IAAI,WAAW,wDAAwD;YACrO,QAAQ,EAAE,mBAAmB;YAC7B,QAAQ,EAAE,QAAQ;YAClB,MAAM,EAAE,KAAK;YACb,OAAO,EAAE,2BAA2B,IAAI,CAAC,KAAK,CAAC,YAAY,GAAG,WAAW,GAAG,GAAG,CAAC,wBAAwB;YACxG,OAAO,EAAE,KAAK;YACd,IAAI,EAAE,gBAAgB,CAAC,CAAC,CAAC,EAAE,MAAM,IAAI,SAAS;YAC9C,GAAG,EAAE,6HAA6H;YAClI,QAAQ,EAAE,oMAAoM;YAC9M,WAAW,EAAE,iBAAiB;SAC/B,CAAC,CAAC;IACL,CAAC;IAED,oCAAoC;IACpC,sFAAsF;IACtF,MAAM,cAAc,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IAC5C,KAAK,MAAM,IAAI,IAAI,cAAc,EAAE,CAAC;QAClC,IAAI,IAAI,CAAC,IAAI,KAAK,MAAM,IAAI,IAAI,CAAC,IAAI,KAAK,mBAAmB;YAAE,SAAS;QACxE,sEAAsE;QACtE,MAAM,mBAAmB,GAAG;YAC1B,2DAA2D;YAC3D,6CAA6C;YAC7C,yDAAyD;SAC1D,CAAC;QACF,KAAK,MAAM,GAAG,IAAI,mBAAmB,EAAE,CAAC;YACtC,IAAI,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC3B,YAAY,CAAC,IAAI,CAAC;oBAChB,UAAU,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC;oBACzB,UAAU,EAAE,gBAAgB;oBAC5B,gBAAgB,EAAE,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;oBAC5C,UAAU,EAAE,IAAI;iBACjB,CAAC,CAAC;gBAEH,QAAQ,CAAC,IAAI,CAAC;oBACZ,OAAO,EAAE,eAAe;oBACxB,IAAI,EAAE,qCAAqC;oBAC3C,WAAW,EAAE,cAAc,IAAI,CAAC,MAAM,MAAM,IAAI,CAAC,IAAI,mKAAmK;oBACxN,QAAQ,EAAE,mBAAmB;oBAC7B,QAAQ,EAAE,MAAM;oBAChB,MAAM,EAAE,KAAK;oBACb,OAAO,EAAE,GAAG,IAAI,CAAC,MAAM,kDAAkD;oBACzE,OAAO,EAAE,KAAK;oBACd,IAAI,EAAE,IAAI,CAAC,MAAM;oBACjB,GAAG,EAAE,sIAAsI;oBAC3I,QAAQ,EAAE,gOAAgO;oBAC1O,WAAW,EAAE,iBAAiB;iBAC/B,CAAC,CAAC;gBACH,MAAM,CAAC,4BAA4B;YACrC,CAAC;QACH,CAAC;IACH,CAAC;IAED,8DAA8D;IAC9D,KAAK,MAAM,IAAI,IAAI,UAAU,EAAE,CAAC;QAC9B,IAAI,IAAI,CAAC,IAAI,KAAK,mBAAmB;YAAE,SAAS;QAChD,IAAI,qCAAqC,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YAC7D,QAAQ,CAAC,IAAI,CAAC;gBACZ,OAAO,EAAE,eAAe;gBACxB,IAAI,EAAE,wCAAwC;gBAC9C,WAAW,EAAE,cAAc,IAAI,CAAC,MAAM,MAAM,IAAI,CAAC,IAAI,wIAAwI;gBAC7L,QAAQ,EAAE,mBAAmB;gBAC7B,QAAQ,EAAE,MAAM;gBAChB,MAAM,EAAE,KAAK;gBACb,OAAO,EAAE,GAAG,IAAI,CAAC,MAAM,gCAAgC,IAAI,CAAC,IAAI,YAAY;gBAC5E,OAAO,EAAE,KAAK;gBACd,IAAI,EAAE,IAAI,CAAC,MAAM;gBACjB,GAAG,EAAE,6EAA6E;gBAClF,QAAQ,EAAE,+NAA+N;gBACzO,WAAW,EAAE,oBAAoB;aAClC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,yCAAyC;IACzC,KAAK,MAAM,IAAI,IAAI,UAAU,EAAE,CAAC;QAC9B,MAAM,cAAc,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,oBAAoB,CAAC,CAAC;QACnE,KAAK,MAAM,KAAK,IAAI,cAAc,EAAE,CAAC;YACnC,MAAM,cAAc,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YAChC,yDAAyD;YACzD,IAAI,qEAAqE,CAAC,IAAI,CAAC,cAAc,CAAC,EAAE,CAAC;gBAC/F,QAAQ,CAAC,IAAI,CAAC;oBACZ,OAAO,EAAE,eAAe;oBACxB,IAAI,EAAE,sCAAsC;oBAC5C,WAAW,EAAE,cAAc,IAAI,CAAC,MAAM,kIAAkI;oBACxK,QAAQ,EAAE,mBAAmB;oBAC7B,QAAQ,EAAE,MAAM;oBAChB,MAAM,EAAE,KAAK;oBACb,OAAO,EAAE,GAAG,IAAI,CAAC,MAAM,2CAA2C;oBAClE,OAAO,EAAE,KAAK;oBACd,IAAI,EAAE,IAAI,CAAC,MAAM;oBACjB,GAAG,EAAE,uFAAuF;oBAC5F,QAAQ,EAAE,2LAA2L;oBACrM,WAAW,EAAE,iBAAiB;iBAC/B,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,CAAC;AACpC,CAAC;AAED;;GAEG;AACI,KAAK,UAAU,YAAY,CAAC,OAA4B;IAO7D,MAAM,EAAE,SAAS,EAAE,UAAU,EAAE,GAAG,OAAO,CAAC;IAE1C,IAAI,UAAU;QAAE,UAAU,CAAC,oCAAoC,CAAC,CAAC;IACjE,MAAM,aAAa,GAAG,MAAM,kBAAkB,CAAC,SAAS,CAAC,CAAC;IAE1D,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC/B,OAAO;YACL,QAAQ,EAAE,EAAE;YACZ,UAAU,EAAE,EAAE;YACd,YAAY,EAAE,EAAE;YAChB,eAAe,EAAE,EAAE;YACnB,aAAa,EAAE,CAAC;SACjB,CAAC;IACJ,CAAC;IAED,IAAI,UAAU;QAAE,UAAU,CAAC,SAAS,aAAa,CAAC,MAAM,8CAA8C,CAAC,CAAC;IACxG,MAAM,EAAE,SAAS,EAAE,UAAU,EAAE,GAAG,cAAc,CAAC,aAAa,CAAC,CAAC;IAEhE,IAAI,UAAU;QAAE,UAAU,CAAC,oDAAoD,CAAC,CAAC;IACjF,MAAM,EAAE,QAAQ,EAAE,YAAY,EAAE,GAAG,mBAAmB,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC;IAE9E,uDAAuD;IACvD,MAAM,aAAa,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAEtD,oDAAoD;IACpD,MAAM,SAAS,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,MAAM,IAAI,CAAC,CAAC,IAAI,KAAK,mBAAmB,CAAC,CAAC;IAC5F,IAAI,CAAC,SAAS,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxC,QAAQ,CAAC,IAAI,CAAC;YACZ,OAAO,EAAE,eAAe;YACxB,IAAI,EAAE,sCAAsC;YAC5C,WAAW,EAAE,sHAAsH;YACnI,QAAQ,EAAE,mBAAmB;YAC7B,QAAQ,EAAE,UAAU;YACpB,MAAM,EAAE,KAAK;YACb,OAAO,EAAE,GAAG,UAAU,CAAC,MAAM,mDAAmD;YAChF,OAAO,EAAE,KAAK;YACd,IAAI,EAAE,UAAU,CAAC,CAAC,CAAC,EAAE,MAAM;YAC3B,GAAG,EAAE,oGAAoG;YACzG,QAAQ,EAAE,yLAAyL;YACnM,WAAW,EAAE,mBAAmB;SACjC,CAAC,CAAC;IACL,CAAC;IAED,oEAAoE;IACpE,MAAM,qBAAqB,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAClD,CAAC,CAAC,IAAI,KAAK,MAAM,IAAI,CAAC,CAAC,IAAI,KAAK,mBAAmB,IAAI,CAAC,CAAC,IAAI,KAAK,gBAAgB,CACnF,CAAC;IACF,IAAI,qBAAqB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACrC,sEAAsE;QACtE,MAAM,KAAK,GAAG,qBAAqB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;YAC5C,MAAM,EAAE,CAAC,CAAC,MAAM;YAChB,QAAQ,EAAE,4BAA4B,CAAC,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC;YACtD,OAAO,EAAE,kCAAkC,CAAC,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC;SAC5D,CAAC,CAAC,CAAC;QACJ,MAAM,WAAW,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;QAC9E,IAAI,WAAW,EAAE,CAAC;YAChB,MAAM,YAAY,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;YACtE,MAAM,WAAW,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;YACpE,QAAQ,CAAC,IAAI,CAAC;gBACZ,OAAO,EAAE,eAAe;gBACxB,IAAI,EAAE,mCAAmC;gBACzC,WAAW,EAAE,wDAAwD,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,4BAA4B,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,sDAAsD;gBACpM,QAAQ,EAAE,mBAAmB;gBAC7B,QAAQ,EAAE,QAAQ;gBAClB,MAAM,EAAE,KAAK;gBACb,OAAO,EAAE,mCAAmC,qBAAqB,CAAC,MAAM,aAAa;gBACrF,OAAO,EAAE,KAAK;gBACd,IAAI,EAAE,qBAAqB,CAAC,CAAC,CAAC,CAAC,MAAM;gBACrC,GAAG,EAAE,6HAA6H;gBAClI,QAAQ,EAAE,uNAAuN;gBACjO,WAAW,EAAE,mBAAmB;aACjC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,mCAAmC;IACnC,MAAM,OAAO,GAAG,OAAO,CAAC,eAAe,IAAI,MAAO,CAAC,CAAC,cAAc;IAClE,IAAI,SAAS,CAAC,MAAM,GAAG,OAAO,EAAE,CAAC;QAC/B,QAAQ,CAAC,IAAI,CAAC;YACZ,OAAO,EAAE,eAAe;YACxB,IAAI,EAAE,sCAAsC;YAC5C,WAAW,EAAE,uBAAuB,SAAS,CAAC,MAAM,YAAY,aAAa,sCAAsC,OAAO,gFAAgF;YAC1M,QAAQ,EAAE,mBAAmB;YAC7B,QAAQ,EAAE,MAAM;YAChB,MAAM,EAAE,KAAK;YACb,OAAO,EAAE,qBAAqB,SAAS,CAAC,MAAM,YAAY,aAAa,oBAAoB,OAAO,cAAc;YAChH,OAAO,EAAE,KAAK;YACd,IAAI,EAAE,UAAU,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC,EAAE,MAAM;YAC/C,GAAG,EAAE,8HAA8H;YACnI,QAAQ,EAAE,gOAAgO;YAC1O,WAAW,EAAE,mBAAmB;SACjC,CAAC,CAAC;IACL,CAAC;IAED,IAAI,UAAU;QAAE,UAAU,CAAC,2BAA2B,QAAQ,CAAC,MAAM,kBAAkB,UAAU,CAAC,MAAM,aAAa,CAAC,CAAC;IAEvH,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,YAAY,EAAE,eAAe,EAAE,SAAS,EAAE,aAAa,EAAE,CAAC;AAC3F,CAAC;AAED;;;GAGG;AACH,SAAgB,iBAAiB,CAC/B,UAA4D,EAC5D,QAA8D,CAAC;IAE/D,OAAO;QACL,KAAK;QACL,UAAU;KACX,CAAC;AACJ,CAAC"}

package/dist/lifecycle/index.d.ts

@@ -0,0 +1,11 @@
+/**
+ * Context Lifecycle Scanner
+ *
+ * Models how agent context evolves through stages of execution:
+ * - Stage 0: Static artifact scan (current HMA hardening checks)
+ * - Stage 1: System prompt assembly simulation
+ * - Stage 2: Runtime behavior monitoring (future, via ARP)
+ */
+export { scanAssembly, toLifecycleResult } from './assembly-scanner';
+export type { LifecycleStage, LifecycleScanResult, AssemblyComponent, AssemblyInteraction, } from '../hardening/security-check';
+//# sourceMappingURL=index.d.ts.map

package/dist/lifecycle/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/lifecycle/index.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,YAAY,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAC;AACrE,YAAY,EACV,cAAc,EACd,mBAAmB,EACnB,iBAAiB,EACjB,mBAAmB,GACpB,MAAM,6BAA6B,CAAC"}

package/dist/lifecycle/index.js

@@ -0,0 +1,15 @@
+"use strict";
+/**
+ * Context Lifecycle Scanner
+ *
+ * Models how agent context evolves through stages of execution:
+ * - Stage 0: Static artifact scan (current HMA hardening checks)
+ * - Stage 1: System prompt assembly simulation
+ * - Stage 2: Runtime behavior monitoring (future, via ARP)
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.toLifecycleResult = exports.scanAssembly = void 0;
+var assembly_scanner_1 = require("./assembly-scanner");
+Object.defineProperty(exports, "scanAssembly", { enumerable: true, get: function () { return assembly_scanner_1.scanAssembly; } });
+Object.defineProperty(exports, "toLifecycleResult", { enumerable: true, get: function () { return assembly_scanner_1.toLifecycleResult; } });
+//# sourceMappingURL=index.js.map

package/dist/lifecycle/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/lifecycle/index.ts"],"names":[],"mappings":";AAAA;;;;;;;GAOG;;;AAEH,uDAAqE;AAA5D,gHAAA,YAAY,OAAA;AAAE,qHAAA,iBAAiB,OAAA"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "hackmyagent",
-  "version": "0.13.1",
+  "version": "0.14.0",
   "description": "Find it. Break it. Fix it. The hacker's toolkit for AI agents.",
   "bin": {
     "hackmyagent": "dist/cli.js"