hackmyagent 0.13.1 → 0.14.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/.integrity-manifest.json +1 -1
- package/dist/attack/payloads/index.d.ts +2 -1
- package/dist/attack/payloads/index.d.ts.map +1 -1
- package/dist/attack/payloads/index.js +5 -1
- package/dist/attack/payloads/index.js.map +1 -1
- package/dist/attack/payloads/lifecycle.d.ts +11 -0
- package/dist/attack/payloads/lifecycle.d.ts.map +1 -0
- package/dist/attack/payloads/lifecycle.js +218 -0
- package/dist/attack/payloads/lifecycle.js.map +1 -0
- package/dist/attack/scanner.d.ts.map +1 -1
- package/dist/attack/scanner.js +1 -0
- package/dist/attack/scanner.js.map +1 -1
- package/dist/attack/types.d.ts +1 -1
- package/dist/attack/types.d.ts.map +1 -1
- package/dist/attack/types.js +5 -0
- package/dist/attack/types.js.map +1 -1
- package/dist/cli.js +1 -0
- package/dist/cli.js.map +1 -1
- package/dist/hardening/scanner.d.ts +6 -0
- package/dist/hardening/scanner.d.ts.map +1 -1
- package/dist/hardening/scanner.js +24 -0
- package/dist/hardening/scanner.js.map +1 -1
- package/dist/hardening/security-check.d.ts +58 -0
- package/dist/hardening/security-check.d.ts.map +1 -1
- package/dist/hardening/taxonomy.d.ts.map +1 -1
- package/dist/hardening/taxonomy.js +44 -0
- package/dist/hardening/taxonomy.js.map +1 -1
- package/dist/index.d.ts +2 -0
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +7 -2
- package/dist/index.js.map +1 -1
- package/dist/lifecycle/assembly-scanner.d.ts +42 -0
- package/dist/lifecycle/assembly-scanner.d.ts.map +1 -0
- package/dist/lifecycle/assembly-scanner.js +515 -0
- package/dist/lifecycle/assembly-scanner.js.map +1 -0
- package/dist/lifecycle/index.d.ts +11 -0
- package/dist/lifecycle/index.d.ts.map +1 -0
- package/dist/lifecycle/index.js +15 -0
- package/dist/lifecycle/index.js.map +1 -0
- package/dist/nanomind-core/analyzers/capability-analyzer.js +10 -10
- package/dist/nanomind-core/analyzers/capability-analyzer.js.map +1 -1
- package/dist/nanomind-core/analyzers/code-analyzer.js +5 -5
- package/dist/nanomind-core/analyzers/code-analyzer.js.map +1 -1
- package/dist/nanomind-core/analyzers/credential-analyzer.js +4 -4
- package/dist/nanomind-core/analyzers/credential-analyzer.js.map +1 -1
- package/dist/nanomind-core/analyzers/governance-analyzer.js +7 -7
- package/dist/nanomind-core/analyzers/governance-analyzer.js.map +1 -1
- package/dist/nanomind-core/analyzers/prompt-analyzer.js +9 -9
- package/dist/nanomind-core/analyzers/prompt-analyzer.js.map +1 -1
- package/dist/nanomind-core/analyzers/scope-analyzer.js +4 -4
- package/dist/nanomind-core/analyzers/scope-analyzer.js.map +1 -1
- package/dist/registry/index.d.ts +1 -0
- package/dist/registry/index.d.ts.map +1 -1
- package/dist/registry/index.js +5 -1
- package/dist/registry/index.js.map +1 -1
- package/dist/registry/publish.d.ts.map +1 -1
- package/dist/registry/publish.js +16 -0
- package/dist/registry/publish.js.map +1 -1
- package/dist/registry/remediation.d.ts +12 -0
- package/dist/registry/remediation.d.ts.map +1 -0
- package/dist/registry/remediation.js +70 -0
- package/dist/registry/remediation.js.map +1 -0
- package/package.json +1 -1
|
@@ -88,4 +88,62 @@ export interface ScanResult {
|
|
|
88
88
|
cachedResults?: number;
|
|
89
89
|
};
|
|
90
90
|
}
|
|
91
|
+
/**
|
|
92
|
+
* Lifecycle stages for context evolution analysis.
|
|
93
|
+
*
|
|
94
|
+
* Stage 0 (static): Current HMA scan -- files on disk as-is.
|
|
95
|
+
* Stage 1 (assembly): System prompt assembly simulation -- models how
|
|
96
|
+
* components (SOUL.md, tool descriptions, memory, user prefs) combine
|
|
97
|
+
* into the final system prompt, detecting injections that survive assembly.
|
|
98
|
+
* Stage 2 (runtime): Future -- runtime behavior monitoring via ARP.
|
|
99
|
+
*/
|
|
100
|
+
export type LifecycleStage = 0 | 1 | 2;
|
|
101
|
+
/**
|
|
102
|
+
* A component that contributes to the assembled system prompt.
|
|
103
|
+
* Each component has a source file, role, and raw content.
|
|
104
|
+
*/
|
|
105
|
+
export interface AssemblyComponent {
|
|
106
|
+
/** Source file path (relative to scan directory) */
|
|
107
|
+
source: string;
|
|
108
|
+
/** Component role in the assembly pipeline */
|
|
109
|
+
role: 'soul' | 'toolDescription' | 'memory' | 'userPreference' | 'conversationHistory' | 'systemInstruction';
|
|
110
|
+
/** Raw content before assembly */
|
|
111
|
+
content: string;
|
|
112
|
+
/** Byte offset in the assembled prompt where this component starts */
|
|
113
|
+
assembledOffset?: number;
|
|
114
|
+
/** Byte length of this component in the assembled prompt */
|
|
115
|
+
assembledLength?: number;
|
|
116
|
+
}
|
|
117
|
+
/**
|
|
118
|
+
* Result of an assembly-stage interaction analysis.
|
|
119
|
+
* Tracks which components combined to create a finding.
|
|
120
|
+
*/
|
|
121
|
+
export interface AssemblyInteraction {
|
|
122
|
+
/** Components involved in this interaction */
|
|
123
|
+
components: string[];
|
|
124
|
+
/** Type of cross-component attack detected */
|
|
125
|
+
attackType: 'crossComponentInjection' | 'displacementAttack' | 'priorityHijack' | 'instructionDilution' | 'semanticSplit';
|
|
126
|
+
/** The assembled text segment that triggered detection */
|
|
127
|
+
assembledSegment: string;
|
|
128
|
+
/** Confidence that this is a real attack (0-1) */
|
|
129
|
+
confidence: number;
|
|
130
|
+
}
|
|
131
|
+
/**
|
|
132
|
+
* Wraps a ScanResult with lifecycle stage metadata.
|
|
133
|
+
* Stage 0 results are backward-compatible with plain ScanResult.
|
|
134
|
+
*/
|
|
135
|
+
export interface LifecycleScanResult {
|
|
136
|
+
/** The lifecycle stage this result covers */
|
|
137
|
+
stage: LifecycleStage;
|
|
138
|
+
/** The underlying scan result for this stage */
|
|
139
|
+
scanResult: ScanResult;
|
|
140
|
+
/** Components discovered during assembly simulation (Stage 1+) */
|
|
141
|
+
assemblyComponents?: AssemblyComponent[];
|
|
142
|
+
/** Cross-component interactions detected (Stage 1+) */
|
|
143
|
+
assemblyInteractions?: AssemblyInteraction[];
|
|
144
|
+
/** The fully assembled system prompt (Stage 1+) */
|
|
145
|
+
assembledPrompt?: string;
|
|
146
|
+
/** Total token estimate of the assembled prompt */
|
|
147
|
+
assembledTokenEstimate?: number;
|
|
148
|
+
}
|
|
91
149
|
//# sourceMappingURL=security-check.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"security-check.d.ts","sourceRoot":"","sources":["../../src/hardening/security-check.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,MAAM,MAAM,QAAQ,GAAG,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;AAE9D;;;;;;;;;GASG;AACH,MAAM,MAAM,WAAW,GAAG,KAAK,GAAG,SAAS,GAAG,QAAQ,GAAG,KAAK,GAAG,KAAK,GAAG,UAAU,GAAG,KAAK,CAAC;AAE5F,MAAM,WAAW,aAAa;IAC5B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,QAAQ,CAAC;IACnB,6CAA6C;IAC7C,MAAM,EAAE,MAAM,OAAO,CAAC,WAAW,CAAC,CAAC;IACnC,kDAAkD;IAClD,GAAG,CAAC,EAAE,MAAM,OAAO,CAAC,SAAS,CAAC,CAAC;CAChC;AAED,MAAM,WAAW,WAAW;IAC1B,MAAM,EAAE,OAAO,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACnC;AAED,MAAM,WAAW,SAAS;IACxB,OAAO,EAAE,OAAO,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACnC;AAED,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,QAAQ,CAAC;IACnB,MAAM,EAAE,OAAO,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,OAAO,CAAC;IACjB,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,oEAAoE;IACpE,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,0DAA0D;IAC1D,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,uEAAuE;IACvE,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,wDAAwD;IACxD,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,2DAA2D;IAC3D,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,0EAA0E;IAC1E,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,wEAAwE;IACxE,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACnC;AAED,MAAM,WAAW,UAAU;IACzB,SAAS,EAAE,IAAI,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;IACjB,4BAA4B;IAC5B,WAAW,EAAE,WAAW,CAAC;IACzB,0EAA0E;IAC1E,QAAQ,EAAE,eAAe,EAAE,CAAC;IAC5B,sEAAsE;IACtE,WAAW,CAAC,EAAE,eAAe,EAAE,CAAC;IAChC,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB,8EAA8E;IAC9E,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,mDAAmD;IACnD,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,yEAAyE;IACzE,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,0CAA0C;IAC1C,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IACnB,oDAAoD;IACpD,gBAAgB,CAAC,EAAE;QACjB,cAAc,EAAE,MAAM,CAAC;QACvB,cAAc,EAAE,MAAM,CAAC;QACvB,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,aAAa,CAAC,EAAE,MAAM,CAAC;KACxB,CAAC;CACH"}
|
|
1
|
+
{"version":3,"file":"security-check.d.ts","sourceRoot":"","sources":["../../src/hardening/security-check.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,MAAM,MAAM,QAAQ,GAAG,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;AAE9D;;;;;;;;;GASG;AACH,MAAM,MAAM,WAAW,GAAG,KAAK,GAAG,SAAS,GAAG,QAAQ,GAAG,KAAK,GAAG,KAAK,GAAG,UAAU,GAAG,KAAK,CAAC;AAE5F,MAAM,WAAW,aAAa;IAC5B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,QAAQ,CAAC;IACnB,6CAA6C;IAC7C,MAAM,EAAE,MAAM,OAAO,CAAC,WAAW,CAAC,CAAC;IACnC,kDAAkD;IAClD,GAAG,CAAC,EAAE,MAAM,OAAO,CAAC,SAAS,CAAC,CAAC;CAChC;AAED,MAAM,WAAW,WAAW;IAC1B,MAAM,EAAE,OAAO,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACnC;AAED,MAAM,WAAW,SAAS;IACxB,OAAO,EAAE,OAAO,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACnC;AAED,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,QAAQ,CAAC;IACnB,MAAM,EAAE,OAAO,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,OAAO,CAAC;IACjB,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,oEAAoE;IACpE,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,0DAA0D;IAC1D,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,uEAAuE;IACvE,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,wDAAwD;IACxD,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,2DAA2D;IAC3D,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,0EAA0E;IAC1E,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,wEAAwE;IACxE,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACnC;AAED,MAAM,WAAW,UAAU;IACzB,SAAS,EAAE,IAAI,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;IACjB,4BAA4B;IAC5B,WAAW,EAAE,WAAW,CAAC;IACzB,0EAA0E;IAC1E,QAAQ,EAAE,eAAe,EAAE,CAAC;IAC5B,sEAAsE;IACtE,WAAW,CAAC,EAAE,eAAe,EAAE,CAAC;IAChC,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB,8EAA8E;IAC9E,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,mDAAmD;IACnD,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,yEAAyE;IACzE,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,0CAA0C;IAC1C,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IACnB,oDAAoD;IACpD,gBAAgB,CAAC,EAAE;QACjB,cAAc,EAAE,MAAM,CAAC;QACvB,cAAc,EAAE,MAAM,CAAC;QACvB,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,aAAa,CAAC,EAAE,MAAM,CAAC;KACxB,CAAC;CACH;AAED;;;;;;;;GAQG;AACH,MAAM,MAAM,cAAc,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;AAEvC;;;GAGG;AACH,MAAM,WAAW,iBAAiB;IAChC,oDAAoD;IACpD,MAAM,EAAE,MAAM,CAAC;IACf,8CAA8C;IAC9C,IAAI,EAAE,MAAM,GAAG,iBAAiB,GAAG,QAAQ,GAAG,gBAAgB,GAAG,qBAAqB,GAAG,mBAAmB,CAAC;IAC7G,kCAAkC;IAClC,OAAO,EAAE,MAAM,CAAC;IAChB,sEAAsE;IACtE,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,4DAA4D;IAC5D,eAAe,CAAC,EAAE,MAAM,CAAC;CAC1B;AAED;;;GAGG;AACH,MAAM,WAAW,mBAAmB;IAClC,8CAA8C;IAC9C,UAAU,EAAE,MAAM,EAAE,CAAC;IACrB,8CAA8C;IAC9C,UAAU,EAAE,yBAAyB,GAAG,oBAAoB,GAAG,gBAAgB,GAAG,qBAAqB,GAAG,eAAe,CAAC;IAC1H,0DAA0D;IAC1D,gBAAgB,EAAE,MAAM,CAAC;IACzB,kDAAkD;IAClD,UAAU,EAAE,MAAM,CAAC;CACpB;AAED;;;GAGG;AACH,MAAM,WAAW,mBAAmB;IAClC,6CAA6C;IAC7C,KAAK,EAAE,cAAc,CAAC;IACtB,gDAAgD;IAChD,UAAU,EAAE,UAAU,CAAC;IACvB,kEAAkE;IAClE,kBAAkB,CAAC,EAAE,iBAAiB,EAAE,CAAC;IACzC,uDAAuD;IACvD,oBAAoB,CAAC,EAAE,mBAAmB,EAAE,CAAC;IAC7C,mDAAmD;IACnD,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,mDAAmD;IACnD,sBAAsB,CAAC,EAAE,MAAM,CAAC;CACjC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"taxonomy.d.ts","sourceRoot":"","sources":["../../src/hardening/taxonomy.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;
|
|
1
|
+
{"version":3,"file":"taxonomy.d.ts","sourceRoot":"","sources":["../../src/hardening/taxonomy.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAuQxD;;;GAGG;AACH,wBAAgB,cAAc,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAElE;AAED;;;GAGG;AACH,wBAAgB,kBAAkB,CAAC,QAAQ,EAAE,eAAe,EAAE,GAAG,IAAI,CAOpE"}
|
|
@@ -200,6 +200,50 @@ const TAXONOMY_MAP = {
|
|
|
200
200
|
'NEMO-008': 'NEMO-SANDBOX-ESCAPE',
|
|
201
201
|
'NEMO-009': 'NEMO-SUPPLY-CHAIN',
|
|
202
202
|
'NEMO-010': 'NEMO-OPENCLAW-INHERIT',
|
|
203
|
+
// Parser differential checks (Session 18)
|
|
204
|
+
'PARSE-001': 'PARSER-DIFFERENTIAL',
|
|
205
|
+
'PARSE-002': 'PARSER-DIFFERENTIAL',
|
|
206
|
+
'PARSE-003': 'PARSER-DIFFERENTIAL',
|
|
207
|
+
'PARSE-004': 'PARSER-DIFFERENTIAL',
|
|
208
|
+
'PARSE-005': 'PARSER-DIFFERENTIAL',
|
|
209
|
+
'PARSE-006': 'PARSER-DIFFERENTIAL',
|
|
210
|
+
'PARSE-007': 'PARSER-DIFFERENTIAL',
|
|
211
|
+
'PARSE-008': 'PARSER-DIFFERENTIAL',
|
|
212
|
+
'PARSE-009': 'PARSER-DIFFERENTIAL',
|
|
213
|
+
'PARSE-010': 'PARSER-DIFFERENTIAL',
|
|
214
|
+
// Persistent agent state checks (Session 18)
|
|
215
|
+
'PERSIST-001': 'PERSIST-STATE',
|
|
216
|
+
'PERSIST-002': 'PERSIST-STATE',
|
|
217
|
+
'PERSIST-003': 'PERSIST-STATE',
|
|
218
|
+
'PERSIST-004': 'PERSIST-STATE',
|
|
219
|
+
'PERSIST-005': 'PERSIST-STATE',
|
|
220
|
+
'PERSIST-006': 'PERSIST-STATE',
|
|
221
|
+
'PERSIST-007': 'PERSIST-STATE',
|
|
222
|
+
'PERSIST-008': 'PERSIST-STATE',
|
|
223
|
+
'PERSIST-009': 'PERSIST-STATE',
|
|
224
|
+
'PERSIST-010': 'PERSIST-STATE',
|
|
225
|
+
// Fake tool injection checks (Session 18)
|
|
226
|
+
'FAKETOOL-001': 'FAKETOOL-INJECT',
|
|
227
|
+
'FAKETOOL-002': 'FAKETOOL-INJECT',
|
|
228
|
+
'FAKETOOL-003': 'FAKETOOL-INJECT',
|
|
229
|
+
'FAKETOOL-004': 'FAKETOOL-INJECT',
|
|
230
|
+
'FAKETOOL-005': 'FAKETOOL-INJECT',
|
|
231
|
+
'FAKETOOL-006': 'FAKETOOL-INJECT',
|
|
232
|
+
'FAKETOOL-007': 'FAKETOOL-INJECT',
|
|
233
|
+
'FAKETOOL-008': 'FAKETOOL-INJECT',
|
|
234
|
+
'FAKETOOL-009': 'FAKETOOL-INJECT',
|
|
235
|
+
'FAKETOOL-010': 'FAKETOOL-INJECT',
|
|
236
|
+
// Context lifecycle assembly checks (Session 20)
|
|
237
|
+
'LIFECYCLE-001': 'ASSEMBLY-INJECT',
|
|
238
|
+
'LIFECYCLE-002': 'ASSEMBLY-INJECT',
|
|
239
|
+
'LIFECYCLE-003': 'ASSEMBLY-INJECT',
|
|
240
|
+
'LIFECYCLE-004': 'ASSEMBLY-INJECT',
|
|
241
|
+
'LIFECYCLE-005': 'ASSEMBLY-INJECT',
|
|
242
|
+
'LIFECYCLE-006': 'ASSEMBLY-INJECT',
|
|
243
|
+
'LIFECYCLE-007': 'ASSEMBLY-INJECT',
|
|
244
|
+
'LIFECYCLE-008': 'ASSEMBLY-INJECT',
|
|
245
|
+
'LIFECYCLE-009': 'ASSEMBLY-INJECT',
|
|
246
|
+
'LIFECYCLE-010': 'ASSEMBLY-INJECT',
|
|
203
247
|
};
|
|
204
248
|
/**
|
|
205
249
|
* Look up the attack class for a given HMA check ID.
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"taxonomy.js","sourceRoot":"","sources":["../../src/hardening/taxonomy.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;
|
|
1
|
+
{"version":3,"file":"taxonomy.js","sourceRoot":"","sources":["../../src/hardening/taxonomy.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;AA6QH,wCAEC;AAMD,gDAOC;AAxRD,2EAA2E;AAC3E,MAAM,YAAY,GAA2B;IAC3C,cAAc;IACd,aAAa,EAAE,aAAa;IAC5B,aAAa,EAAE,aAAa;IAC5B,aAAa,EAAE,YAAY;IAC3B,aAAa,EAAE,YAAY;IAC3B,aAAa,EAAE,kBAAkB;IACjC,aAAa,EAAE,eAAe;IAC9B,aAAa,EAAE,eAAe;IAC9B,aAAa,EAAE,aAAa;IAC5B,aAAa,EAAE,aAAa;IAC5B,YAAY,EAAE,aAAa;IAC3B,YAAY,EAAE,aAAa;IAC3B,YAAY,EAAE,aAAa;IAC3B,YAAY,EAAE,aAAa;IAC3B,aAAa,EAAE,eAAe;IAC9B,aAAa,EAAE,eAAe;IAC9B,aAAa,EAAE,cAAc;IAC7B,aAAa,EAAE,cAAc;IAC7B,aAAa,EAAE,WAAW;IAC1B,aAAa,EAAE,WAAW;IAC1B,aAAa,EAAE,WAAW;IAC1B,aAAa,EAAE,WAAW;IAC1B,aAAa,EAAE,aAAa;IAC5B,aAAa,EAAE,aAAa;IAE5B,iBAAiB;IACjB,aAAa,EAAE,aAAa;IAC5B,aAAa,EAAE,aAAa;IAC5B,aAAa,EAAE,aAAa;IAC5B,aAAa,EAAE,aAAa;IAE5B,sBAAsB;IACtB,UAAU,EAAE,kBAAkB;IAC9B,UAAU,EAAE,kBAAkB;IAC9B,UAAU,EAAE,kBAAkB;IAC9B,UAAU,EAAE,kBAAkB;IAE9B,wBAAwB;IACxB,mBAAmB,EAAE,eAAe;IACpC,mBAAmB,EAAE,eAAe;IACpC,mBAAmB,EAAE,eAAe;IACpC,mBAAmB,EAAE,eAAe;IACpC,mBAAmB,EAAE,eAAe;IAEpC,uBAAuB;IACvB,eAAe,EAAE,eAAe;IAChC,eAAe,EAAE,eAAe;IAChC,eAAe,EAAE,eAAe;IAChC,eAAe,EAAE,eAAe;IAChC,eAAe,EAAE,eAAe;IAChC,eAAe,EAAE,eAAe;IAChC,WAAW,EAAE,eAAe;IAC5B,WAAW,EAAE,eAAe;IAE5B,qBAAqB;IACrB,WAAW,EAAE,aAAa;IAC1B,SAAS,EAAE,aAAa;IACxB,SAAS,EAAE,aAAa;IACxB,SAAS,EAAE,aAAa;IAExB,eAAe;IACf,YAAY,EAAE,kBAAkB;IAChC,YAAY,EAAE,kBAAkB;IAChC,YAAY,EAAE,kBAAkB;IAChC,YAAY,EAAE,kBAAkB;IAChC,YAAY,EAAE,kBAAkB;IAChC,YAAY,EAAE,kBAAkB;IAChC,YAAY,EAAE,kBAAkB;IAChC,YAAY,EAAE,kBAAkB;IAChC,SAAS,EAAE,kBAAkB;IAC7B,SAAS,EAAE,kBAAkB;IAC7B,SAAS,EAAE,kBAAkB;IAC7B,SAAS,EAAE,kBAAkB;IAE7B,iBAAiB;IACjB,SAAS,EAAE,YAAY;IACvB,SAAS,EAAE,YAAY;IACvB,SAAS,EAAE,YAAY;IACvB,SAAS,EAAE,YAAY;IACvB,SAAS,EAAE,YAAY;IAEvB,gBAAgB;IAChB,SAAS,EAAE,YAAY;IACvB,SAAS,EAAE,YAAY;IACvB,SAAS,EAAE,YAAY;IACvB,SAAS,EAAE,YAAY;IAEvB,oBAAoB;IACpB,SAAS,EAAE,mBAAmB;IAC9B,SAAS,EAAE,mBAAmB;IAC9B,SAAS,EAAE,mBAAmB;IAE9B,oBAAoB;IACpB,SAAS,EAAE,wBAAwB;IACnC,SAAS,EAAE,wBAAwB;IACnC,SAAS,EAAE,wBAAwB;IAEnC,eAAe;IACf,eAAe,EAAE,eAAe;IAEhC,4CAA4C;IAC5C,YAAY,EAAE,mBAAmB;IACjC,WAAW,EAAE,mBAAmB;IAChC,WAAW,EAAE,mBAAmB;IAChC,WAAW,EAAE,mBAAmB;IAChC,WAAW,EAAE,mBAAmB;IAChC,WAAW,EAAE,mBAAmB;IAChC,WAAW,EAAE,mBAAmB;IAChC,WAAW,EAAE,mBAAmB;IAChC,WAAW,EAAE,mBAAmB;IAChC,WAAW,EAAE,mBAAmB;IAChC,WAAW,EAAE,mBAAmB;IAChC,WAAW,EAAE,mBAAmB;IAChC,eAAe,EAAE,mBAAmB;IAEpC,iBAAiB;IACjB,aAAa,EAAE,iBAAiB;IAChC,aAAa,EAAE,iBAAiB;IAChC,aAAa,EAAE,iBAAiB;IAChC,aAAa,EAAE,iBAAiB;IAChC,aAAa,EAAE,iBAAiB;IAChC,aAAa,EAAE,iBAAiB;IAChC,aAAa,EAAE,iBAAiB;IAChC,aAAa,EAAE,iBAAiB;IAEhC,mBAAmB;IACnB,SAAS,EAAE,aAAa;IACxB,SAAS,EAAE,aAAa;IACxB,SAAS,EAAE,aAAa;IACxB,SAAS,EAAE,aAAa;IACxB,SAAS,EAAE,aAAa;IACxB,SAAS,EAAE,aAAa;IACxB,SAAS,EAAE,aAAa;IACxB,SAAS,EAAE,aAAa;IACxB,SAAS,EAAE,aAAa;IACxB,SAAS,EAAE,aAAa;IAExB,4BAA4B;IAC5B,aAAa,EAAE,gBAAgB;IAC/B,aAAa,EAAE,gBAAgB;IAC/B,aAAa,EAAE,gBAAgB;IAC/B,aAAa,EAAE,gBAAgB;IAC/B,aAAa,EAAE,gBAAgB;IAC/B,aAAa,EAAE,gBAAgB;IAC/B,aAAa,EAAE,qBAAqB;IACpC,aAAa,EAAE,qBAAqB;IACpC,aAAa,EAAE,qBAAqB;IACpC,aAAa,EAAE,qBAAqB;IACpC,aAAa,EAAE,qBAAqB;IACpC,aAAa,EAAE,qBAAqB;IACpC,aAAa,EAAE,mBAAmB;IAClC,aAAa,EAAE,mBAAmB;IAClC,aAAa,EAAE,mBAAmB;IAClC,aAAa,EAAE,mBAAmB;IAClC,aAAa,EAAE,mBAAmB;IAClC,aAAa,EAAE,qBAAqB;IACpC,aAAa,EAAE,qBAAqB;IACpC,aAAa,EAAE,qBAAqB;IACpC,aAAa,EAAE,qBAAqB;IACpC,aAAa,EAAE,qBAAqB;IACpC,aAAa,EAAE,uBAAuB;IACtC,aAAa,EAAE,uBAAuB;IACtC,aAAa,EAAE,uBAAuB;IACtC,aAAa,EAAE,qBAAqB;IACpC,aAAa,EAAE,qBAAqB;IACpC,aAAa,EAAE,qBAAqB;IAEpC,qDAAqD;IACrD,SAAS,EAAE,YAAY;IACvB,SAAS,EAAE,YAAY;IACvB,SAAS,EAAE,YAAY;IACvB,SAAS,EAAE,YAAY;IACvB,YAAY,EAAE,eAAe;IAC7B,YAAY,EAAE,eAAe;IAC7B,YAAY,EAAE,eAAe;IAC7B,YAAY,EAAE,eAAe;IAC7B,SAAS,EAAE,YAAY;IACvB,SAAS,EAAE,YAAY;IACvB,SAAS,EAAE,aAAa;IACxB,aAAa,EAAE,kBAAkB;IAEjC,qDAAqD;IACrD,mDAAmD;IACnD,aAAa,EAAE,sBAAsB;IACrC,aAAa,EAAE,kBAAkB;IACjC,eAAe,EAAE,kBAAkB;IACnC,YAAY,EAAE,aAAa;IAC3B,mDAAmD;IACnD,eAAe,EAAE,gBAAgB;IACjC,mDAAmD;IACnD,aAAa,EAAE,gBAAgB;IAC/B,eAAe,EAAE,kBAAkB;IACnC,eAAe,EAAE,kBAAkB;IACnC,eAAe,EAAE,kBAAkB;IACnC,mBAAmB,EAAE,aAAa;IAClC,SAAS,EAAE,YAAY;IACvB,gBAAgB,EAAE,kBAAkB;IAEpC,iDAAiD;IACjD,UAAU,EAAE,mBAAmB;IAC/B,UAAU,EAAE,mBAAmB;IAC/B,UAAU,EAAE,qBAAqB;IACjC,UAAU,EAAE,gBAAgB;IAC5B,UAAU,EAAE,qBAAqB;IACjC,UAAU,EAAE,qBAAqB;IACjC,UAAU,EAAE,gBAAgB;IAC5B,UAAU,EAAE,qBAAqB;IACjC,UAAU,EAAE,mBAAmB;IAC/B,UAAU,EAAE,uBAAuB;IAEnC,0CAA0C;IAC1C,WAAW,EAAE,qBAAqB;IAClC,WAAW,EAAE,qBAAqB;IAClC,WAAW,EAAE,qBAAqB;IAClC,WAAW,EAAE,qBAAqB;IAClC,WAAW,EAAE,qBAAqB;IAClC,WAAW,EAAE,qBAAqB;IAClC,WAAW,EAAE,qBAAqB;IAClC,WAAW,EAAE,qBAAqB;IAClC,WAAW,EAAE,qBAAqB;IAClC,WAAW,EAAE,qBAAqB;IAElC,6CAA6C;IAC7C,aAAa,EAAE,eAAe;IAC9B,aAAa,EAAE,eAAe;IAC9B,aAAa,EAAE,eAAe;IAC9B,aAAa,EAAE,eAAe;IAC9B,aAAa,EAAE,eAAe;IAC9B,aAAa,EAAE,eAAe;IAC9B,aAAa,EAAE,eAAe;IAC9B,aAAa,EAAE,eAAe;IAC9B,aAAa,EAAE,eAAe;IAC9B,aAAa,EAAE,eAAe;IAE9B,0CAA0C;IAC1C,cAAc,EAAE,iBAAiB;IACjC,cAAc,EAAE,iBAAiB;IACjC,cAAc,EAAE,iBAAiB;IACjC,cAAc,EAAE,iBAAiB;IACjC,cAAc,EAAE,iBAAiB;IACjC,cAAc,EAAE,iBAAiB;IACjC,cAAc,EAAE,iBAAiB;IACjC,cAAc,EAAE,iBAAiB;IACjC,cAAc,EAAE,iBAAiB;IACjC,cAAc,EAAE,iBAAiB;IAEjC,iDAAiD;IACjD,eAAe,EAAE,iBAAiB;IAClC,eAAe,EAAE,iBAAiB;IAClC,eAAe,EAAE,iBAAiB;IAClC,eAAe,EAAE,iBAAiB;IAClC,eAAe,EAAE,iBAAiB;IAClC,eAAe,EAAE,iBAAiB;IAClC,eAAe,EAAE,iBAAiB;IAClC,eAAe,EAAE,iBAAiB;IAClC,eAAe,EAAE,iBAAiB;IAClC,eAAe,EAAE,iBAAiB;CACnC,CAAC;AAEF;;;GAGG;AACH,SAAgB,cAAc,CAAC,OAAe;IAC5C,OAAO,YAAY,CAAC,OAAO,CAAC,CAAC;AAC/B,CAAC;AAED;;;GAGG;AACH,SAAgB,kBAAkB,CAAC,QAA2B;IAC5D,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,MAAM,WAAW,GAAG,cAAc,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QACpD,IAAI,WAAW,EAAE,CAAC;YAChB,OAAO,CAAC,WAAW,GAAG,WAAW,CAAC;QACpC,CAAC;IACH,CAAC;AACH,CAAC"}
|
package/dist/index.d.ts
CHANGED
|
@@ -7,6 +7,8 @@ export { checkSkill, parseSkillIdentifier, analyzePermissions, analyzeSkillDepen
|
|
|
7
7
|
export type { CheckResult, CheckOptions, PublisherInfo, PermissionInfo, RevocationInfo, RiskLevel, SkillIdentifier, PermissionAnalysis, SkillMetadata, DependencyGraph, } from './checker';
|
|
8
8
|
export { HardeningScanner } from './hardening';
|
|
9
9
|
export type { ScanOptions, SecurityFinding, Severity } from './hardening';
|
|
10
|
+
export { scanAssembly, toLifecycleResult } from './lifecycle';
|
|
11
|
+
export type { LifecycleStage, LifecycleScanResult, AssemblyComponent, AssemblyInteraction, } from './lifecycle';
|
|
10
12
|
export { ExternalScanner } from './scanner';
|
|
11
13
|
export type { ExternalScanResult, ExternalFinding, ScannerOptions, FindingSeverity, } from './scanner';
|
|
12
14
|
export { classifySkillSection, isLikelyFalsePositive } from './hardening';
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAUH,eAAO,MAAM,OAAO,EAAE,MAAiB,CAAC;AAGxC,OAAO,EACL,UAAU,EACV,oBAAoB,EACpB,kBAAkB,EAClB,wBAAwB,EACxB,oBAAoB,EACpB,kBAAkB,EAClB,iBAAiB,EACjB,kBAAkB,EAClB,qBAAqB,GACtB,MAAM,WAAW,CAAC;AAEnB,YAAY,EACV,WAAW,EACX,YAAY,EACZ,aAAa,EACb,cAAc,EACd,cAAc,EACd,SAAS,EACT,eAAe,EACf,kBAAkB,EAClB,aAAa,EACb,eAAe,GAChB,MAAM,WAAW,CAAC;AAGnB,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAC/C,YAAY,EAAE,WAAW,EAAE,eAAe,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AAG1E,OAAO,EAAE,eAAe,EAAE,MAAM,WAAW,CAAC;AAC5C,YAAY,EACV,kBAAkB,EAClB,eAAe,EACf,cAAc,EACd,eAAe,GAChB,MAAM,WAAW,CAAC;AAGnB,OAAO,EAAE,oBAAoB,EAAE,qBAAqB,EAAE,MAAM,aAAa,CAAC;AAC1E,YAAY,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAChD,OAAO,EACL,yBAAyB,IAAI,8BAA8B,EAC3D,uBAAuB,EACvB,oBAAoB,GACrB,MAAM,aAAa,CAAC;AACrB,YAAY,EAAE,yBAAyB,EAAE,kBAAkB,EAAE,MAAM,aAAa,CAAC;AAGjF,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAGzC,OAAO,EAAE,WAAW,EAAE,MAAM,QAAQ,CAAC;AACrC,YAAY,EAAE,cAAc,EAAE,cAAc,EAAE,eAAe,EAAE,MAAM,QAAQ,CAAC;AAE9E,OAAO,EACL,iBAAiB,EACjB,YAAY,EACZ,aAAa,EACb,WAAW,EACX,cAAc,EACd,qBAAqB,EACrB,sBAAsB,EACtB,mBAAmB,EACnB,UAAU,EACV,yBAAyB,EACzB,mBAAmB,EACnB,6BAA6B,EAC7B,uBAAuB,EACvB,qBAAqB,EACrB,oBAAoB,GACrB,MAAM,UAAU,CAAC;AAElB,YAAY,EACV,cAAc,EACd,eAAe,EACf,cAAc,EACd,aAAa,EACb,YAAY,EACZ,YAAY,EACZ,YAAY,EACZ,aAAa,EACb,kBAAkB,EAClB,iBAAiB,EACjB,UAAU,GACX,MAAM,UAAU,CAAC;AAGlB,OAAO,EACL,iBAAiB,EACjB,cAAc,EACd,WAAW,EACX,mBAAmB,EACnB,sBAAsB,EACtB,mBAAmB,EACnB,eAAe,EACf,oBAAoB,EACpB,gBAAgB,GACjB,MAAM,cAAc,CAAC;AAEtB,YAAY,EACV,cAAc,EACd,gBAAgB,EAChB,iBAAiB,EACjB,eAAe,EACf,uBAAuB,EACvB,sBAAsB,EACtB,aAAa,GACd,MAAM,cAAc,CAAC;AAGtB,OAAO,EACL,cAAc,EACd,eAAe,EACf,iBAAiB,EACjB,oBAAoB,EACpB,0BAA0B,EAE1B,gBAAgB,EAChB,WAAW,EACX,mBAAmB,EACnB,kBAAkB,EAClB,mBAAmB,GACpB,MAAM,YAAY,CAAC;AAEpB,YAAY,EACV,cAAc,EACd,eAAe,EACf,iBAAiB,EACjB,oBAAoB,EACpB,YAAY,EACZ,eAAe,EACf,aAAa,GACd,MAAM,YAAY,CAAC;AAGpB,OAAO,EACL,kBAAkB,EAClB,yBAAyB,EACzB,iBAAiB,EACjB,mBAAmB,EACnB,uBAAuB,EACvB,WAAW,EACX,eAAe,EACf,QAAQ,EACR,aAAa,EACb,iBAAiB,EACjB,kBAAkB,EAClB,sBAAsB,EACtB,aAAa,EACb,mBAAmB,GACpB,MAAM,YAAY,CAAC;AAGpB,OAAO,EACL,cAAc,EACd,SAAS,EACT,WAAW,EACX,aAAa,GACd,MAAM,gBAAgB,CAAC;AAExB,YAAY,EACV,aAAa,EACb,cAAc,EACd,OAAO,IAAI,aAAa,EACxB,WAAW,EACX,UAAU,EACV,YAAY,EACZ,iBAAiB,GAClB,MAAM,gBAAgB,CAAC;AAGxB,OAAO,EAAE,YAAY,IAAI,qBAAqB,EAAE,MAAM,qBAAqB,CAAC;AAC5E,OAAO,EAAE,YAAY,IAAI,qBAAqB,EAAE,MAAM,qBAAqB,CAAC;AAC5E,OAAO,EAAE,YAAY,IAAI,sBAAsB,EAAE,MAAM,sBAAsB,CAAC;AAG9E,OAAO,EAAE,sBAAsB,EAAE,MAAM,OAAO,CAAC;AAC/C,OAAO,EAAE,sBAAsB,EAAE,uBAAuB,EAAE,yBAAyB,EAAE,MAAM,OAAO,CAAC;AACnG,YAAY,EAAE,oBAAoB,EAAE,gBAAgB,EAAE,mBAAmB,EAAE,MAAM,OAAO,CAAC;AAGzF,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,YAAY,EAAE,gBAAgB,EAAE,eAAe,EAAE,MAAM,QAAQ,CAAC;AACpG,YAAY,EACV,SAAS,EACT,YAAY,EACZ,SAAS,EACT,SAAS,EACT,YAAY,EACZ,YAAY,EACZ,cAAc,EACd,YAAY,GACb,MAAM,QAAQ,CAAC;AAChB,OAAO,EAAE,gBAAgB,EAAE,MAAM,QAAQ,CAAC;AAC1C,YAAY,EAAE,cAAc,EAAE,MAAM,QAAQ,CAAC;AAG7C,OAAO,EACL,wBAAwB,EACxB,mBAAmB,EACnB,cAAc,EACd,+BAA+B,EAC/B,UAAU,EACV,kBAAkB,EAClB,UAAU,EACV,kBAAkB,EAClB,mBAAmB,EACnB,sBAAsB,EACtB,kBAAkB,EAClB,oBAAoB,EACpB,oBAAoB,EACpB,yBAAyB,GAC1B,MAAM,aAAa,CAAC;AAErB,YAAY,EACV,iBAAiB,EACjB,iBAAiB,GAClB,MAAM,aAAa,CAAC;AAGrB,MAAM,WAAW,UAAU;IACzB,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,aAAa,EAAE,CAAC;IAC1B,SAAS,EAAE,IAAI,CAAC;CACjB;AAED,MAAM,WAAW,aAAa;IAC5B,EAAE,EAAE,MAAM,CAAC;IACX,QAAQ,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;IACjD,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,wBAAgB,aAAa,IAAI,OAAO,CAEvC;AAED,qBAAa,OAAO;IACZ,IAAI,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC;CAOhD"}
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAUH,eAAO,MAAM,OAAO,EAAE,MAAiB,CAAC;AAGxC,OAAO,EACL,UAAU,EACV,oBAAoB,EACpB,kBAAkB,EAClB,wBAAwB,EACxB,oBAAoB,EACpB,kBAAkB,EAClB,iBAAiB,EACjB,kBAAkB,EAClB,qBAAqB,GACtB,MAAM,WAAW,CAAC;AAEnB,YAAY,EACV,WAAW,EACX,YAAY,EACZ,aAAa,EACb,cAAc,EACd,cAAc,EACd,SAAS,EACT,eAAe,EACf,kBAAkB,EAClB,aAAa,EACb,eAAe,GAChB,MAAM,WAAW,CAAC;AAGnB,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAC/C,YAAY,EAAE,WAAW,EAAE,eAAe,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AAG1E,OAAO,EAAE,YAAY,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAC9D,YAAY,EACV,cAAc,EACd,mBAAmB,EACnB,iBAAiB,EACjB,mBAAmB,GACpB,MAAM,aAAa,CAAC;AAGrB,OAAO,EAAE,eAAe,EAAE,MAAM,WAAW,CAAC;AAC5C,YAAY,EACV,kBAAkB,EAClB,eAAe,EACf,cAAc,EACd,eAAe,GAChB,MAAM,WAAW,CAAC;AAGnB,OAAO,EAAE,oBAAoB,EAAE,qBAAqB,EAAE,MAAM,aAAa,CAAC;AAC1E,YAAY,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAChD,OAAO,EACL,yBAAyB,IAAI,8BAA8B,EAC3D,uBAAuB,EACvB,oBAAoB,GACrB,MAAM,aAAa,CAAC;AACrB,YAAY,EAAE,yBAAyB,EAAE,kBAAkB,EAAE,MAAM,aAAa,CAAC;AAGjF,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAGzC,OAAO,EAAE,WAAW,EAAE,MAAM,QAAQ,CAAC;AACrC,YAAY,EAAE,cAAc,EAAE,cAAc,EAAE,eAAe,EAAE,MAAM,QAAQ,CAAC;AAE9E,OAAO,EACL,iBAAiB,EACjB,YAAY,EACZ,aAAa,EACb,WAAW,EACX,cAAc,EACd,qBAAqB,EACrB,sBAAsB,EACtB,mBAAmB,EACnB,UAAU,EACV,yBAAyB,EACzB,mBAAmB,EACnB,6BAA6B,EAC7B,uBAAuB,EACvB,qBAAqB,EACrB,oBAAoB,GACrB,MAAM,UAAU,CAAC;AAElB,YAAY,EACV,cAAc,EACd,eAAe,EACf,cAAc,EACd,aAAa,EACb,YAAY,EACZ,YAAY,EACZ,YAAY,EACZ,aAAa,EACb,kBAAkB,EAClB,iBAAiB,EACjB,UAAU,GACX,MAAM,UAAU,CAAC;AAGlB,OAAO,EACL,iBAAiB,EACjB,cAAc,EACd,WAAW,EACX,mBAAmB,EACnB,sBAAsB,EACtB,mBAAmB,EACnB,eAAe,EACf,oBAAoB,EACpB,gBAAgB,GACjB,MAAM,cAAc,CAAC;AAEtB,YAAY,EACV,cAAc,EACd,gBAAgB,EAChB,iBAAiB,EACjB,eAAe,EACf,uBAAuB,EACvB,sBAAsB,EACtB,aAAa,GACd,MAAM,cAAc,CAAC;AAGtB,OAAO,EACL,cAAc,EACd,eAAe,EACf,iBAAiB,EACjB,oBAAoB,EACpB,0BAA0B,EAE1B,gBAAgB,EAChB,WAAW,EACX,mBAAmB,EACnB,kBAAkB,EAClB,mBAAmB,GACpB,MAAM,YAAY,CAAC;AAEpB,YAAY,EACV,cAAc,EACd,eAAe,EACf,iBAAiB,EACjB,oBAAoB,EACpB,YAAY,EACZ,eAAe,EACf,aAAa,GACd,MAAM,YAAY,CAAC;AAGpB,OAAO,EACL,kBAAkB,EAClB,yBAAyB,EACzB,iBAAiB,EACjB,mBAAmB,EACnB,uBAAuB,EACvB,WAAW,EACX,eAAe,EACf,QAAQ,EACR,aAAa,EACb,iBAAiB,EACjB,kBAAkB,EAClB,sBAAsB,EACtB,aAAa,EACb,mBAAmB,GACpB,MAAM,YAAY,CAAC;AAGpB,OAAO,EACL,cAAc,EACd,SAAS,EACT,WAAW,EACX,aAAa,GACd,MAAM,gBAAgB,CAAC;AAExB,YAAY,EACV,aAAa,EACb,cAAc,EACd,OAAO,IAAI,aAAa,EACxB,WAAW,EACX,UAAU,EACV,YAAY,EACZ,iBAAiB,GAClB,MAAM,gBAAgB,CAAC;AAGxB,OAAO,EAAE,YAAY,IAAI,qBAAqB,EAAE,MAAM,qBAAqB,CAAC;AAC5E,OAAO,EAAE,YAAY,IAAI,qBAAqB,EAAE,MAAM,qBAAqB,CAAC;AAC5E,OAAO,EAAE,YAAY,IAAI,sBAAsB,EAAE,MAAM,sBAAsB,CAAC;AAG9E,OAAO,EAAE,sBAAsB,EAAE,MAAM,OAAO,CAAC;AAC/C,OAAO,EAAE,sBAAsB,EAAE,uBAAuB,EAAE,yBAAyB,EAAE,MAAM,OAAO,CAAC;AACnG,YAAY,EAAE,oBAAoB,EAAE,gBAAgB,EAAE,mBAAmB,EAAE,MAAM,OAAO,CAAC;AAGzF,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,YAAY,EAAE,gBAAgB,EAAE,eAAe,EAAE,MAAM,QAAQ,CAAC;AACpG,YAAY,EACV,SAAS,EACT,YAAY,EACZ,SAAS,EACT,SAAS,EACT,YAAY,EACZ,YAAY,EACZ,cAAc,EACd,YAAY,GACb,MAAM,QAAQ,CAAC;AAChB,OAAO,EAAE,gBAAgB,EAAE,MAAM,QAAQ,CAAC;AAC1C,YAAY,EAAE,cAAc,EAAE,MAAM,QAAQ,CAAC;AAG7C,OAAO,EACL,wBAAwB,EACxB,mBAAmB,EACnB,cAAc,EACd,+BAA+B,EAC/B,UAAU,EACV,kBAAkB,EAClB,UAAU,EACV,kBAAkB,EAClB,mBAAmB,EACnB,sBAAsB,EACtB,kBAAkB,EAClB,oBAAoB,EACpB,oBAAoB,EACpB,yBAAyB,GAC1B,MAAM,aAAa,CAAC;AAErB,YAAY,EACV,iBAAiB,EACjB,iBAAiB,GAClB,MAAM,aAAa,CAAC;AAGrB,MAAM,WAAW,UAAU;IACzB,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,aAAa,EAAE,CAAC;IAC1B,SAAS,EAAE,IAAI,CAAC;CACjB;AAED,MAAM,WAAW,aAAa;IAC5B,EAAE,EAAE,MAAM,CAAC;IACX,QAAQ,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;IACjD,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,wBAAgB,aAAa,IAAI,OAAO,CAEvC;AAED,qBAAa,OAAO;IACZ,IAAI,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC;CAOhD"}
|
package/dist/index.js
CHANGED
|
@@ -4,8 +4,9 @@
|
|
|
4
4
|
* Unified security toolkit for AI agents.
|
|
5
5
|
*/
|
|
6
6
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
7
|
-
exports.
|
|
8
|
-
exports.
|
|
7
|
+
exports.buildCommunityAttackReport = exports.buildCommunityReport = exports.buildAttackReport = exports.buildScanReport = exports.RegistryClient = exports.isValidBenchmark = exports.AVAILABLE_BENCHMARKS = exports.calculateRating = exports.getCheckIdsForLevel = exports.getControlsForCategory = exports.getControlsForLevel = exports.OASB_1_NAME = exports.OASB_1_VERSION = exports.OASB_1_CATEGORIES = exports.TOOL_SHADOW_PAYLOADS = exports.SUPPLY_CHAIN_PAYLOADS = exports.CONTEXT_WINDOW_PAYLOADS = exports.MEMORY_WEAPONIZATION_PAYLOADS = exports.A2A_ATTACK_PAYLOADS = exports.MCP_EXPLOITATION_PAYLOADS = exports.shouldFail = exports.parseCustomPayloads = exports.getPayloadsByIntensity = exports.getPayloadsByCategory = exports.getPayloadById = exports.getPayloads = exports.PAYLOAD_STATS = exports.ALL_PAYLOADS = exports.ATTACK_CATEGORIES = exports.WildScanner = exports.AttackScanner = exports.validateCapabilities = exports.inferActualCapabilities = exports.parseSkillDeclaredCapabilities = exports.isLikelyFalsePositive = exports.classifySkillSection = exports.ExternalScanner = exports.toLifecycleResult = exports.scanAssembly = exports.HardeningScanner = exports.parseSkillFrontmatter = exports.detectUnpinnedDeps = exports.detectPhantomDeps = exports.detectCircularDeps = exports.buildDependencyGraph = exports.analyzeSkillDependencies = exports.analyzePermissions = exports.parseSkillIdentifier = exports.checkSkill = exports.VERSION = void 0;
|
|
8
|
+
exports.recordScanAndMaybeShowTip = exports.showContributePrompt = exports.saveContributeChoice = exports.incrementScanCount = exports.shouldPromptContribute = exports.isContributeEnabled = exports.submitContribution = exports.flushQueue = exports.queueAndMaybeFlush = exports.queueEvent = exports.buildContributionPayloadFromDir = exports.buildScanEvent = exports.getContributorToken = exports.generateContributorToken = exports.DOMAIN_TEMPLATES = exports.PROFILE_DOMAINS = exports.GOVERNANCE_FILES = exports.DOMAIN_ORDER = exports.CONTROL_DEFS = exports.SoulScanner = exports.parseDeclaredCapabilities = exports.createCapabilityMonitor = exports.SkillCapabilityMonitor = exports.AgentRuntimeProtection = exports.createSkillguardPlugin = exports.createSigncryptPlugin = exports.createCredVaultPlugin = exports.clearRegistry = exports.listPlugins = exports.getPlugin = exports.registerPlugin = exports.buildDeepScanResult = exports.CostEstimator = exports.SEMANTIC_OASB_MAPPINGS = exports.toSecurityFindings = exports.toSecurityFinding = exports.BudgetTracker = exports.LLMCache = exports.AnthropicClient = exports.LLMAnalyzer = exports.PermissionModelAnalyzer = exports.InstructionAnalyzer = exports.McpConfigAnalyzer = exports.CredentialContextAnalyzer = exports.StructuralAnalyzer = exports.formatPublishOutput = exports.publishScanResults = exports.buildPublishPayload = exports.signPayload = exports.readAgentKeypair = void 0;
|
|
9
|
+
exports.Scanner = void 0;
|
|
9
10
|
exports.createScanner = createScanner;
|
|
10
11
|
const node_fs_1 = require("node:fs");
|
|
11
12
|
const node_path_1 = require("node:path");
|
|
@@ -30,6 +31,10 @@ Object.defineProperty(exports, "parseSkillFrontmatter", { enumerable: true, get:
|
|
|
30
31
|
// Hardening module
|
|
31
32
|
var hardening_1 = require("./hardening");
|
|
32
33
|
Object.defineProperty(exports, "HardeningScanner", { enumerable: true, get: function () { return hardening_1.HardeningScanner; } });
|
|
34
|
+
// Context Lifecycle Scanner (Stage 0-1)
|
|
35
|
+
var lifecycle_1 = require("./lifecycle");
|
|
36
|
+
Object.defineProperty(exports, "scanAssembly", { enumerable: true, get: function () { return lifecycle_1.scanAssembly; } });
|
|
37
|
+
Object.defineProperty(exports, "toLifecycleResult", { enumerable: true, get: function () { return lifecycle_1.toLifecycleResult; } });
|
|
33
38
|
// External scanner module
|
|
34
39
|
var scanner_1 = require("./scanner");
|
|
35
40
|
Object.defineProperty(exports, "ExternalScanner", { enumerable: true, get: function () { return scanner_1.ExternalScanner; } });
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAAA;;;GAGG
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;;;AA+PH,sCAEC;AA/PD,qCAAuC;AACvC,yCAAiC;AAEjC,IAAI,QAAQ,GAAG,QAAQ,CAAC;AACxB,IAAI,CAAC;IACH,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,IAAA,sBAAY,EAAC,IAAA,gBAAI,EAAC,SAAS,EAAE,IAAI,EAAE,cAAc,CAAC,EAAE,OAAO,CAAC,CAAC,CAAC;IACzF,QAAQ,GAAG,OAAO,CAAC,OAAO,CAAC;AAC7B,CAAC;AAAC,MAAM,CAAC,CAAC,kBAAkB,CAAC,CAAC;AACjB,QAAA,OAAO,GAAW,QAAQ,CAAC;AAExC,iBAAiB;AACjB,qCAUmB;AATjB,qGAAA,UAAU,OAAA;AACV,+GAAA,oBAAoB,OAAA;AACpB,6GAAA,kBAAkB,OAAA;AAClB,mHAAA,wBAAwB,OAAA;AACxB,+GAAA,oBAAoB,OAAA;AACpB,6GAAA,kBAAkB,OAAA;AAClB,4GAAA,iBAAiB,OAAA;AACjB,6GAAA,kBAAkB,OAAA;AAClB,gHAAA,qBAAqB,OAAA;AAgBvB,mBAAmB;AACnB,yCAA+C;AAAtC,6GAAA,gBAAgB,OAAA;AAGzB,wCAAwC;AACxC,yCAA8D;AAArD,yGAAA,YAAY,OAAA;AAAE,8GAAA,iBAAiB,OAAA;AAQxC,0BAA0B;AAC1B,qCAA4C;AAAnC,0GAAA,eAAe,OAAA;AAQxB,wBAAwB;AACxB,yCAA0E;AAAjE,iHAAA,oBAAoB,OAAA;AAAE,kHAAA,qBAAqB,OAAA;AAEpD,yCAIqB;AAHnB,2HAAA,yBAAyB,OAAkC;AAC3D,oHAAA,uBAAuB,OAAA;AACvB,iHAAA,oBAAoB,OAAA;AAItB,gBAAgB;AAChB,mCAAyC;AAAhC,uGAAA,aAAa,OAAA;AAEtB,sBAAsB;AACtB,+BAAqC;AAA5B,mGAAA,WAAW,OAAA;AAGpB,mCAgBkB;AAfhB,2GAAA,iBAAiB,OAAA;AACjB,sGAAA,YAAY,OAAA;AACZ,uGAAA,aAAa,OAAA;AACb,qGAAA,WAAW,OAAA;AACX,wGAAA,cAAc,OAAA;AACd,+GAAA,qBAAqB,OAAA;AACrB,gHAAA,sBAAsB,OAAA;AACtB,6GAAA,mBAAmB,OAAA;AACnB,oGAAA,UAAU,OAAA;AACV,mHAAA,yBAAyB,OAAA;AACzB,6GAAA,mBAAmB,OAAA;AACnB,uHAAA,6BAA6B,OAAA;AAC7B,iHAAA,uBAAuB,OAAA;AACvB,+GAAA,qBAAqB,OAAA;AACrB,8GAAA,oBAAoB,OAAA;AAiBtB,oBAAoB;AACpB,2CAUsB;AATpB,+GAAA,iBAAiB,OAAA;AACjB,4GAAA,cAAc,OAAA;AACd,yGAAA,WAAW,OAAA;AACX,iHAAA,mBAAmB,OAAA;AACnB,oHAAA,sBAAsB,OAAA;AACtB,iHAAA,mBAAmB,OAAA;AACnB,6GAAA,eAAe,OAAA;AACf,kHAAA,oBAAoB,OAAA;AACpB,8GAAA,gBAAgB,OAAA;AAalB,kBAAkB;AAClB,uCAYoB;AAXlB,0GAAA,cAAc,OAAA;AACd,2GAAA,eAAe,OAAA;AACf,6GAAA,iBAAiB,OAAA;AACjB,gHAAA,oBAAoB,OAAA;AACpB,sHAAA,0BAA0B,OAAA;AAC1B,mBAAmB;AACnB,4GAAA,gBAAgB,OAAA;AAChB,uGAAA,WAAW,OAAA;AACX,+GAAA,mBAAmB,OAAA;AACnB,8GAAA,kBAAkB,OAAA;AAClB,+GAAA,mBAAmB,OAAA;AAarB,+CAA+C;AAC/C,uCAeoB;AAdlB,8GAAA,kBAAkB,OAAA;AAClB,qHAAA,yBAAyB,OAAA;AACzB,6GAAA,iBAAiB,OAAA;AACjB,+GAAA,mBAAmB,OAAA;AACnB,mHAAA,uBAAuB,OAAA;AACvB,uGAAA,WAAW,OAAA;AACX,2GAAA,eAAe,OAAA;AACf,oGAAA,QAAQ,OAAA;AACR,yGAAA,aAAa,OAAA;AACb,6GAAA,iBAAiB,OAAA;AACjB,8GAAA,kBAAkB,OAAA;AAClB,kHAAA,sBAAsB,OAAA;AACtB,yGAAA,aAAa,OAAA;AACb,+GAAA,mBAAmB,OAAA;AAGrB,gBAAgB;AAChB,uCAKwB;AAJtB,sGAAA,cAAc,OAAA;AACd,iGAAA,SAAS,OAAA;AACT,mGAAA,WAAW,OAAA;AACX,qGAAA,aAAa,OAAA;AAaf,mBAAmB;AACnB,iDAA4E;AAAnE,kHAAA,YAAY,OAAyB;AAC9C,iDAA4E;AAAnE,kHAAA,YAAY,OAAyB;AAC9C,mDAA8E;AAArE,oHAAA,YAAY,OAA0B;AAE/C,2BAA2B;AAC3B,6BAA+C;AAAtC,6GAAA,sBAAsB,OAAA;AAC/B,6BAAmG;AAA1F,6GAAA,sBAAsB,OAAA;AAAE,8GAAA,uBAAuB,OAAA;AAAE,gHAAA,yBAAyB,OAAA;AAGnF,8CAA8C;AAC9C,+BAAoG;AAA3F,mGAAA,WAAW,OAAA;AAAE,oGAAA,YAAY,OAAA;AAAE,oGAAA,YAAY,OAAA;AAAE,wGAAA,gBAAgB,OAAA;AAAE,uGAAA,eAAe,OAAA;AAWnF,+BAA0C;AAAjC,wGAAA,gBAAgB,OAAA;AAGzB,iEAAiE;AACjE,yCAeqB;AAdnB,qHAAA,wBAAwB,OAAA;AACxB,gHAAA,mBAAmB,OAAA;AACnB,2GAAA,cAAc,OAAA;AACd,4HAAA,+BAA+B,OAAA;AAC/B,uGAAA,UAAU,OAAA;AACV,+GAAA,kBAAkB,OAAA;AAClB,uGAAA,UAAU,OAAA;AACV,+GAAA,kBAAkB,OAAA;AAClB,gHAAA,mBAAmB,OAAA;AACnB,mHAAA,sBAAsB,OAAA;AACtB,+GAAA,kBAAkB,OAAA;AAClB,iHAAA,oBAAoB,OAAA;AACpB,iHAAA,oBAAoB,OAAA;AACpB,sHAAA,yBAAyB,OAAA;AAsB3B,SAAgB,aAAa;IAC3B,OAAO,IAAI,OAAO,EAAE,CAAC;AACvB,CAAC;AAED,MAAa,OAAO;IAClB,KAAK,CAAC,IAAI,CAAC,MAAc;QACvB,OAAO;YACL,MAAM;YACN,QAAQ,EAAE,EAAE;YACZ,SAAS,EAAE,IAAI,IAAI,EAAE;SACtB,CAAC;IACJ,CAAC;CACF;AARD,0BAQC"}
|
|
@@ -0,0 +1,42 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Context Lifecycle Assembly Scanner (Stage 1)
|
|
3
|
+
*
|
|
4
|
+
* Simulates how agents assemble their system prompt from multiple components
|
|
5
|
+
* (SOUL.md, tool descriptions, memory entries, user preferences, conversation
|
|
6
|
+
* history) and detects injections that only activate post-assembly.
|
|
7
|
+
*
|
|
8
|
+
* Key threat model:
|
|
9
|
+
* - A memory entry that looks benign alone but becomes a prompt injection
|
|
10
|
+
* when concatenated with the system prompt.
|
|
11
|
+
* - Tool descriptions that contain hidden instructions exploiting their
|
|
12
|
+
* position adjacent to safety rules.
|
|
13
|
+
* - Components that combine across boundaries to form split injections
|
|
14
|
+
* (half in memory, half in tool description).
|
|
15
|
+
* - Benign-looking padding that displaces safety instructions out of the
|
|
16
|
+
* attention window.
|
|
17
|
+
*/
|
|
18
|
+
import type { SecurityFinding, AssemblyComponent, AssemblyInteraction, LifecycleScanResult } from '../hardening/security-check';
|
|
19
|
+
interface AssemblyScanOptions {
|
|
20
|
+
targetDir: string;
|
|
21
|
+
/** Maximum assembled prompt size in chars before triggering displacement warning */
|
|
22
|
+
maxAssemblySize?: number;
|
|
23
|
+
/** Progress callback */
|
|
24
|
+
onProgress?: (message: string) => void;
|
|
25
|
+
}
|
|
26
|
+
/**
|
|
27
|
+
* Runs the full Stage 1 assembly scan.
|
|
28
|
+
*/
|
|
29
|
+
export declare function scanAssembly(options: AssemblyScanOptions): Promise<{
|
|
30
|
+
findings: SecurityFinding[];
|
|
31
|
+
components: AssemblyComponent[];
|
|
32
|
+
interactions: AssemblyInteraction[];
|
|
33
|
+
assembledPrompt: string;
|
|
34
|
+
tokenEstimate: number;
|
|
35
|
+
}>;
|
|
36
|
+
/**
|
|
37
|
+
* Wraps a Stage 0 ScanResult into a LifecycleScanResult.
|
|
38
|
+
* This is backward-compatible: existing scan results become Stage 0 lifecycle results.
|
|
39
|
+
*/
|
|
40
|
+
export declare function toLifecycleResult(scanResult: import('../hardening/security-check').ScanResult, stage?: import('../hardening/security-check').LifecycleStage): LifecycleScanResult;
|
|
41
|
+
export {};
|
|
42
|
+
//# sourceMappingURL=assembly-scanner.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"assembly-scanner.d.ts","sourceRoot":"","sources":["../../src/lifecycle/assembly-scanner.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAIH,OAAO,KAAK,EACV,eAAe,EACf,iBAAiB,EACjB,mBAAmB,EACnB,mBAAmB,EACpB,MAAM,6BAA6B,CAAC;AAsCrC,UAAU,mBAAmB;IAC3B,SAAS,EAAE,MAAM,CAAC;IAClB,oFAAoF;IACpF,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,wBAAwB;IACxB,UAAU,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,KAAK,IAAI,CAAC;CACxC;AA6VD;;GAEG;AACH,wBAAsB,YAAY,CAAC,OAAO,EAAE,mBAAmB,GAAG,OAAO,CAAC;IACxE,QAAQ,EAAE,eAAe,EAAE,CAAC;IAC5B,UAAU,EAAE,iBAAiB,EAAE,CAAC;IAChC,YAAY,EAAE,mBAAmB,EAAE,CAAC;IACpC,eAAe,EAAE,MAAM,CAAC;IACxB,aAAa,EAAE,MAAM,CAAC;CACvB,CAAC,CAkGD;AAED;;;GAGG;AACH,wBAAgB,iBAAiB,CAC/B,UAAU,EAAE,OAAO,6BAA6B,EAAE,UAAU,EAC5D,KAAK,GAAE,OAAO,6BAA6B,EAAE,cAAkB,GAC9D,mBAAmB,CAKrB"}
|