hackmyagent 0.14.1 → 0.15.0

package/dist/cli.js

@@ -167,21 +167,23 @@ const RISK_DISPLAY = {
 const RESET = () => colors.reset;
 program
     .command('check')
-    .description(`Verify a skill before installing
+    .description(`Check if a package or skill is safe
 
-Analyzes skill safety by checking:
-  • Publisher identity via DNS TXT records
-  • Permissions requested (filesystem, network, shell)
-  • Revocation status against global blocklist
+Accepts npm packages, local paths, or skill identifiers:
+  • npm package: downloads and runs full security analysis (204 checks + NanoMind)
+  • Local path: runs NanoMind semantic analysis
+  • Skill identifier: verifies publisher, permissions, revocation
 
 Risk levels: low, medium, high, critical
 Exit code 1 if high/critical risk detected.
 
 Examples:
-  $ hackmyagent check server-filesystem
-  $ hackmyagent check @publisher/skill --verbose
-  $ hackmyagent check @publisher/skill --json`)
-    .argument('<skill>', 'Skill identifier or local path (e.g., @publisher/skill, ./SKILL.md, ./agent-dir/)')
+  $ hackmyagent check express
+  $ hackmyagent check @modelcontextprotocol/server-filesystem
+  $ hackmyagent check @modelcontextprotocol/server-filesystem --json
+  $ hackmyagent check ./my-agent/
+  $ hackmyagent check @publisher/skill --verbose`)
+    .argument('<target>', 'npm package name, local path, or skill identifier')
     .option('-v, --verbose', 'Show detailed verification info')
     .option('--json', 'Output as JSON (for scripting/CI)')
     .option('--offline', 'Skip DNS verification (offline mode)')
@@ -239,6 +241,11 @@ Examples:
                 process.exit(1);
             return;
         }
+        // npm package name: download, run full HMA scan, clean up
+        if (looksLikeNpmPackage(skill)) {
+            await checkNpmPackage(skill, options);
+            return;
+        }
         // Registry lookup path (non-local identifier) with 10s timeout
         const checkPromise = (0, index_1.checkSkill)(skill, {
             skipDnsVerification: options.offline,
@@ -1945,12 +1952,20 @@ Examples:
                 deep: isDeep,
                 silent: format !== 'text',
             });
+            // Re-apply all filters after NanoMind merge (merge uses allFindings which is unfiltered)
+            const refiltered = await scanner.reapplyIgnoreFilters(nmResult.mergedFindings, targetDir);
             if (result.allFindings) {
-                result.allFindings = nmResult.mergedFindings;
+                result.allFindings = refiltered;
             }
             if (result.findings) {
-                result.findings = nmResult.mergedFindings.filter((f) => !f.passed);
+                // Re-apply the same gates as the original filter:
+                // 1. Only failed checks  2. Has file path  3. Applies to project type
+                const projectType = result.projectType || 'library';
+                result.findings = refiltered.filter((f) => !f.passed && f.file && scanner.findingAppliesTo(f, projectType));
             }
+            // Recalculate score from filtered findings (score was set pre-NanoMind)
+            const forScore = (result.findings || []).filter((f) => !f.passed && !f.fixed);
+            result.score = scanner.calculateScore(forScore).score;
         }
         // Behavioral simulation: auto-runs on --deep, or when NanoMind detects ambiguity
         if (isDeep && format === 'text') {
@@ -2658,7 +2673,11 @@ Examples:
         try {
             const { orchestrateNanoMind } = await Promise.resolve().then(() => __importStar(require('./nanomind-core/orchestrate.js')));
             const nmResult = await orchestrateNanoMind(targetDir, result.findings, { silent: !!options.json });
-            result.findings = nmResult.mergedFindings;
+            // Re-apply .hmaignore filters and recalculate score after NanoMind merge
+            const hRefiltered = await scanner.reapplyIgnoreFilters(nmResult.mergedFindings, targetDir);
+            result.findings = hRefiltered;
+            const hForScore = hRefiltered.filter((f) => !f.passed && !f.fixed);
+            result.score = scanner.calculateScore(hForScore).score;
         }
         catch { /* NanoMind unavailable */ }
         // Filter to OpenClaw-specific findings
@@ -3064,14 +3083,8 @@ program
     .command('attack')
     .description(`Adversarial security testing for AI agents
 
-Red team your AI agent with ${index_1.PAYLOAD_STATS.total} attack payloads across 7 categories:
-  • Prompt Injection: ${index_1.PAYLOAD_STATS.byCategory['prompt-injection']} payloads
-  • Jailbreaking: ${index_1.PAYLOAD_STATS.byCategory['jailbreak']} payloads
-  • Data Exfiltration: ${index_1.PAYLOAD_STATS.byCategory['data-exfiltration']} payloads
-  • Capability Abuse: ${index_1.PAYLOAD_STATS.byCategory['capability-abuse']} payloads
-  • Context Manipulation: ${index_1.PAYLOAD_STATS.byCategory['context-manipulation']} payloads
-  • MCP Exploitation: ${index_1.PAYLOAD_STATS.byCategory['mcp-exploitation']} payloads
-  • A2A Attacks: ${index_1.PAYLOAD_STATS.byCategory['a2a-attack']} payloads
+Red team your AI agent with ${index_1.PAYLOAD_STATS.total} attack payloads across ${Object.keys(index_1.PAYLOAD_STATS.byCategory).length} categories:
+${Object.entries(index_1.PAYLOAD_STATS.byCategory).map(([cat, count]) => `  • ${index_1.ATTACK_CATEGORIES[cat].name}: ${count} payloads`).join('\n')}
 
 Intensity levels (controls how many payloads run):
   passive     Observation only (${index_1.PAYLOAD_STATS.byIntensity.passive} payloads)
@@ -3527,6 +3540,7 @@ function generateAttackHtmlReport(report) {
         'persistent-agent': 'PERSIST',
         'fake-tool': 'FAKETOOL',
         'context-lifecycle': 'LIFECYCLE',
+        'policy-enforcement-integrity': 'PEI',
     };
     // Donut chart for attack results
     const donutRadius = 60;
@@ -5729,6 +5743,251 @@ program
     }
     console.log(`\nYour skill is ready. Verify security with: hackmyagent secure ${outputDir}/`);
 });
+// ============================================================================
+// npm package scanning helpers (used by `check <package>`)
+// ============================================================================
+/**
+ * Detect whether a string looks like an npm package name rather than
+ * a hostname, IP address, or local path.
+ *
+ * npm package names: express, @scope/name, lodash, my-pkg
+ * NOT packages: example.com, 192.168.1.1, ./dir, /path, .
+ */
+function looksLikeNpmPackage(target) {
+    // Local paths
+    if (target.startsWith('.') || target.startsWith('/'))
+        return false;
+    // Scoped packages are always npm
+    if (target.startsWith('@') && target.includes('/'))
+        return true;
+    // IPs
+    if (/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/.test(target))
+        return false;
+    // Hostnames have dots (example.com, sub.domain.org)
+    if (target.includes('.'))
+        return false;
+    // What's left: bare names like express, lodash, hackmyagent
+    // npm names are lowercase, may contain hyphens and digits
+    return /^[a-z0-9][a-z0-9._-]*$/.test(target);
+}
+const REGISTRY_URL = 'https://api.oa2a.org';
+const STALE_SCAN_DAYS = 3;
+/**
+ * Query the OpenA2A Registry for existing trust data.
+ * Returns null on any error (network, 404, timeout).
+ */
+async function queryRegistry(name) {
+    try {
+        const params = new URLSearchParams({ name, includeProfile: 'true' });
+        const response = await fetch(`${REGISTRY_URL}/api/v1/trust/query?${params}`, {
+            method: 'GET',
+            headers: { 'Accept': 'application/json', 'User-Agent': `hackmyagent/${index_1.VERSION}` },
+            signal: AbortSignal.timeout(5000),
+        });
+        if (!response.ok)
+            return null;
+        const data = await response.json();
+        if (!data.packageId)
+            return null;
+        return {
+            found: true,
+            name: data.name ?? name,
+            trustScore: data.trustScore ?? 0,
+            trustLevel: data.trustLevel ?? 0,
+            verdict: data.verdict ?? 'unknown',
+            scanStatus: data.scanStatus,
+            lastScannedAt: data.lastScannedAt,
+            packageType: data.packageType,
+        };
+    }
+    catch {
+        return null;
+    }
+}
+/**
+ * Check if scan data is stale (older than STALE_SCAN_DAYS).
+ */
+function isScanStale(lastScannedAt) {
+    if (!lastScannedAt)
+        return true;
+    const scanned = new Date(lastScannedAt);
+    const now = new Date();
+    const days = (now.getTime() - scanned.getTime()) / (1000 * 60 * 60 * 24);
+    return days > STALE_SCAN_DAYS;
+}
+/**
+ * Publish scan results to the community registry.
+ */
+async function publishToRegistry(name, result) {
+    try {
+        const response = await fetch(`${REGISTRY_URL}/api/v1/trust/scans`, {
+            method: 'POST',
+            headers: {
+                'Content-Type': 'application/json',
+                'User-Agent': `hackmyagent/${index_1.VERSION}`,
+            },
+            body: JSON.stringify({
+                name,
+                score: result.score,
+                maxScore: result.maxScore,
+                projectType: result.projectType,
+                findings: result.findings.map(f => ({
+                    checkId: f.checkId,
+                    name: f.name,
+                    severity: f.severity,
+                    passed: f.passed,
+                    message: f.message,
+                    category: f.category,
+                })),
+                scanTimestamp: new Date().toISOString(),
+            }),
+            signal: AbortSignal.timeout(10000),
+        });
+        return response.ok;
+    }
+    catch {
+        return false;
+    }
+}
+/**
+ * Display registry trust data in the terminal.
+ */
+function displayRegistryResult(data) {
+    const scoreRatio = data.trustScore;
+    const scoreColor = scoreRatio >= 0.7 ? colors.green : scoreRatio >= 0.4 ? colors.yellow : colors.red;
+    const score = Math.round(scoreRatio * 100);
+    console.log(`\n  ${data.name}`);
+    console.log(`  Type:       ${data.packageType ?? 'unknown'}`);
+    console.log(`  Score:      ${scoreColor}${score}/100${RESET()}  (registry)`);
+    console.log(`  Verdict:    ${data.verdict}`);
+    if (data.lastScannedAt) {
+        const days = Math.floor((Date.now() - new Date(data.lastScannedAt).getTime()) / (1000 * 60 * 60 * 24));
+        console.log(`  Scanned:    ${days === 0 ? 'today' : days + ' day(s) ago'}`);
+    }
+    console.log();
+}
+/**
+ * Download an npm package, run full HMA secure scan, display results, clean up.
+ * Checks the registry first; only downloads if data is missing or stale.
+ */
+async function checkNpmPackage(name, options) {
+    // Step 1: Check registry for existing trust data
+    if (!options.offline) {
+        const registryData = await queryRegistry(name);
+        if (registryData?.found && !isScanStale(registryData.lastScannedAt)) {
+            // Fresh data in registry — show it
+            if (options.json) {
+                writeJsonStdout({ ...registryData, source: 'registry' });
+                return;
+            }
+            displayRegistryResult(registryData);
+            return;
+        }
+        // Stale or missing — tell the user we're scanning
+        if (registryData?.found && registryData.lastScannedAt) {
+            if (!options.json && !globalCiMode) {
+                const days = Math.floor((Date.now() - new Date(registryData.lastScannedAt).getTime()) / (1000 * 60 * 60 * 24));
+                console.error(`\nRegistry data is ${days} day(s) old. Re-scanning...`);
+            }
+        }
+    }
+    // Step 2: Download and scan
+    const { mkdtemp, rm } = await Promise.resolve().then(() => __importStar(require('node:fs/promises')));
+    const { tmpdir } = await Promise.resolve().then(() => __importStar(require('node:os')));
+    const { join } = await Promise.resolve().then(() => __importStar(require('node:path')));
+    const { execFile } = await Promise.resolve().then(() => __importStar(require('node:child_process')));
+    const { promisify } = await Promise.resolve().then(() => __importStar(require('node:util')));
+    const execAsync = promisify(execFile);
+    if (!options.json && !globalCiMode) {
+        console.error(`Downloading ${name} from npm...`);
+    }
+    const tempDir = await mkdtemp(join(tmpdir(), 'hma-check-'));
+    try {
+        // Download and extract
+        const { stdout } = await execAsync('npm', ['pack', name, '--pack-destination', tempDir], { timeout: 60000 });
+        const tarball = stdout.trim().split('\n').pop();
+        await execAsync('tar', ['xzf', join(tempDir, tarball), '-C', tempDir], { timeout: 30000 });
+        const packageDir = join(tempDir, 'package');
+        // Run full HMA scan
+        const scanner = new index_1.HardeningScanner();
+        const result = await scanner.scan({ targetDir: packageDir, autoFix: false });
+        const failed = result.findings.filter(f => !f.passed);
+        const critical = failed.filter(f => f.severity === 'critical');
+        const high = failed.filter(f => f.severity === 'high');
+        const medium = failed.filter(f => f.severity === 'medium');
+        const low = failed.filter(f => f.severity === 'low');
+        if (options.json) {
+            writeJsonStdout({
+                name,
+                type: 'npm-package',
+                source: 'local-scan',
+                projectType: result.projectType,
+                score: result.score,
+                maxScore: result.maxScore,
+                findings: result.findings,
+            });
+            return;
+        }
+        // Display results
+        const scoreRatio = result.score / result.maxScore;
+        const scoreColor = scoreRatio >= 0.7 ? colors.green : scoreRatio >= 0.4 ? colors.yellow : colors.red;
+        console.log(`\n  ${name}`);
+        console.log(`  Type:       ${result.projectType}`);
+        console.log(`  Score:      ${scoreColor}${result.score}/${result.maxScore}${RESET()}`);
+        console.log(`  Findings:   ${critical.length} critical, ${high.length} high, ${medium.length} medium, ${low.length} low`);
+        if (failed.length > 0) {
+            console.log();
+            const limit = options.verbose ? failed.length : 15;
+            for (const f of failed.slice(0, limit)) {
+                const sev = SEVERITY_DISPLAY[f.severity];
+                const attackClass = f.attackClass ? ` (${f.attackClass})` : '';
+                console.log(`  ${sev.color()}${sev.symbol}${RESET()} ${f.name}: ${f.message}${colors.dim}${attackClass}${RESET()}`);
+            }
+            if (failed.length > limit) {
+                console.log(`\n  ... and ${failed.length - limit} more (use --verbose to see all)`);
+            }
+        }
+        else {
+            console.log(`\n  ${colors.green}No security issues found.${RESET()}`);
+        }
+        // Step 3: Offer to share with community (interactive only)
+        if (process.stdin.isTTY && !globalCiMode) {
+            const readline = await Promise.resolve().then(() => __importStar(require('node:readline')));
+            const rl = readline.createInterface({ input: process.stdin, output: process.stderr });
+            const answer = await new Promise(resolve => {
+                rl.question(`\n  Share this scan with the community? [Y/n] `, resolve);
+            });
+            rl.close();
+            if (answer.trim().toLowerCase() !== 'n') {
+                const ok = await publishToRegistry(name, result);
+                if (ok) {
+                    console.error(`  ${colors.green}Shared. Thank you for building trust in AI.${RESET()}`);
+                }
+                else {
+                    console.error(`  ${colors.dim}Could not reach registry. Scan saved locally.${RESET()}`);
+                }
+            }
+        }
+        console.log(`\n  Full project scan: ${CLI_PREFIX} secure <dir>`);
+        console.log();
+        if (critical.length > 0 || high.length > 0)
+            process.exit(1);
+    }
+    catch (err) {
+        const message = err instanceof Error ? err.message : String(err);
+        // Clean npm error messages
+        if (message.includes('404') || message.includes('Not Found')) {
+            console.error(`Error: Package "${name}" not found on npm.`);
+        }
+        else {
+            console.error(`Error: ${message}`);
+        }
+        process.exit(1);
+    }
+    finally {
+        await rm(tempDir, { recursive: true, force: true });
+    }
+}
 // Self-securing: verify own integrity before running any command
 // A security tool that doesn't verify itself is worse than no security tool
 (async () => {