hackmyagent 0.16.0 → 0.16.2

package/dist/telemetry/nanomind-telemetry.js

@@ -0,0 +1,123 @@
+"use strict";
+/**
+ * NanoMind Classification Telemetry
+ *
+ * Posts anonymous classification stats to the Registry's NanoMind
+ * telemetry endpoint. This feeds the intelligence loop: aggregated
+ * stats show which content types and classifications are most common,
+ * enabling targeted model improvements.
+ *
+ * Endpoint:  POST api.oa2a.org/api/v1/nanomind/telemetry
+ *
+ * PRIVACY: Only content type, content hash (SHA-256), classification,
+ * confidence, verdict, and model version are sent. No file paths,
+ * no source code, no raw content, no PII.
+ *
+ * Respects the same contribute.enabled opt-in as scan contributions.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.hashContent = hashContent;
+exports.queueClassificationStat = queueClassificationStat;
+exports.flushNanoMindTelemetry = flushNanoMindTelemetry;
+exports.getTelemetryQueueSize = getTelemetryQueueSize;
+exports.clearTelemetryQueue = clearTelemetryQueue;
+const node_crypto_1 = require("node:crypto");
+const index_js_1 = require("../index.js");
+const opt_in_js_1 = require("./opt-in.js");
+const REGISTRY_URL = 'https://api.oa2a.org';
+const TELEMETRY_ENDPOINT = '/api/v1/nanomind/telemetry';
+const SUBMIT_TIMEOUT_MS = 5000;
+const MAX_BATCH_SIZE = 100;
+// In-memory queue to batch telemetry submissions
+let queue = [];
+/**
+ * Hash content for telemetry (privacy-preserving identifier).
+ * Only the hash is sent, never the content itself.
+ */
+function hashContent(content) {
+    return (0, node_crypto_1.createHash)('sha256').update(content).digest('hex');
+}
+/**
+ * Derive verdict from classification + confidence.
+ */
+function deriveVerdict(classification, confidence) {
+    if (classification === 'malicious' && confidence > 0.7)
+        return 'fail';
+    if (classification === 'suspicious' || (classification === 'malicious' && confidence <= 0.7))
+        return 'warn';
+    return 'pass';
+}
+/**
+ * Queue a classification result for telemetry submission.
+ * Call this after every NanoMind classification during a scan.
+ */
+function queueClassificationStat(contentType, content, classification, confidence, modelVersion) {
+    if (!(0, opt_in_js_1.isContributeEnabled)())
+        return;
+    queue.push({
+        contentType,
+        contentHash: hashContent(content),
+        classification,
+        confidence,
+        verdict: deriveVerdict(classification, confidence),
+        modelVersion,
+    });
+}
+/**
+ * Submit queued telemetry to the Registry.
+ * Call after scan completes. Non-blocking, best-effort.
+ */
+async function flushNanoMindTelemetry(registryUrl, verbose) {
+    if (queue.length === 0)
+        return true;
+    if (!(0, opt_in_js_1.isContributeEnabled)()) {
+        queue = [];
+        return true;
+    }
+    const batch = queue.splice(0, MAX_BATCH_SIZE);
+    const url = (registryUrl || REGISTRY_URL) + TELEMETRY_ENDPOINT;
+    try {
+        const resp = await fetch(url, {
+            method: 'POST',
+            headers: { 'Content-Type': 'application/json' },
+            body: JSON.stringify({
+                toolId: `hackmyagent@${index_js_1.VERSION}`,
+                stats: batch.map(s => ({
+                    contentType: s.contentType,
+                    contentHash: s.contentHash,
+                    classification: s.classification,
+                    confidence: s.confidence,
+                    verdict: s.verdict,
+                    modelVersion: s.modelVersion,
+                    timestamp: new Date().toISOString(),
+                })),
+            }),
+            signal: AbortSignal.timeout(SUBMIT_TIMEOUT_MS),
+        });
+        if (verbose) {
+            const body = await resp.json().catch(() => ({}));
+            process.stderr.write(`NanoMind telemetry: ${resp.status} (${body.accepted ?? 0}/${batch.length} accepted)\n`);
+        }
+        return resp.ok;
+    }
+    catch {
+        // Non-fatal: telemetry failure should never affect scan results
+        if (verbose) {
+            process.stderr.write('NanoMind telemetry: submission failed (network error)\n');
+        }
+        return false;
+    }
+}
+/**
+ * Get the current queue size (for testing/debugging).
+ */
+function getTelemetryQueueSize() {
+    return queue.length;
+}
+/**
+ * Clear the queue without submitting (for testing).
+ */
+function clearTelemetryQueue() {
+    queue = [];
+}
+//# sourceMappingURL=nanomind-telemetry.js.map

package/dist/telemetry/nanomind-telemetry.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"nanomind-telemetry.js","sourceRoot":"","sources":["../../src/telemetry/nanomind-telemetry.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;GAeG;;AA2BH,kCAEC;AAeD,0DAiBC;AAMD,wDA+CC;AAKD,sDAEC;AAKD,kDAEC;AA9HD,6CAAyC;AACzC,0CAAsC;AACtC,2CAAkD;AAElD,MAAM,YAAY,GAAG,sBAAsB,CAAC;AAC5C,MAAM,kBAAkB,GAAG,4BAA4B,CAAC;AACxD,MAAM,iBAAiB,GAAG,IAAI,CAAC;AAC/B,MAAM,cAAc,GAAG,GAAG,CAAC;AAW3B,iDAAiD;AACjD,IAAI,KAAK,GAAyB,EAAE,CAAC;AAErC;;;GAGG;AACH,SAAgB,WAAW,CAAC,OAAe;IACzC,OAAO,IAAA,wBAAU,EAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AAC5D,CAAC;AAED;;GAEG;AACH,SAAS,aAAa,CAAC,cAAsB,EAAE,UAAkB;IAC/D,IAAI,cAAc,KAAK,WAAW,IAAI,UAAU,GAAG,GAAG;QAAE,OAAO,MAAM,CAAC;IACtE,IAAI,cAAc,KAAK,YAAY,IAAI,CAAC,cAAc,KAAK,WAAW,IAAI,UAAU,IAAI,GAAG,CAAC;QAAE,OAAO,MAAM,CAAC;IAC5G,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;GAGG;AACH,SAAgB,uBAAuB,CACrC,WAAmB,EACnB,OAAe,EACf,cAAsB,EACtB,UAAkB,EAClB,YAAoB;IAEpB,IAAI,CAAC,IAAA,+BAAmB,GAAE;QAAE,OAAO;IAEnC,KAAK,CAAC,IAAI,CAAC;QACT,WAAW;QACX,WAAW,EAAE,WAAW,CAAC,OAAO,CAAC;QACjC,cAAc;QACd,UAAU;QACV,OAAO,EAAE,aAAa,CAAC,cAAc,EAAE,UAAU,CAAC;QAClD,YAAY;KACb,CAAC,CAAC;AACL,CAAC;AAED;;;GAGG;AACI,KAAK,UAAU,sBAAsB,CAC1C,WAAoB,EACpB,OAAiB;IAEjB,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IACpC,IAAI,CAAC,IAAA,+BAAmB,GAAE,EAAE,CAAC;QAC3B,KAAK,GAAG,EAAE,CAAC;QACX,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,KAAK,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;IAC9C,MAAM,GAAG,GAAG,CAAC,WAAW,IAAI,YAAY,CAAC,GAAG,kBAAkB,CAAC;IAE/D,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;YAC5B,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;YAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gBACnB,MAAM,EAAE,eAAe,kBAAO,EAAE;gBAChC,KAAK,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;oBACrB,WAAW,EAAE,CAAC,CAAC,WAAW;oBAC1B,WAAW,EAAE,CAAC,CAAC,WAAW;oBAC1B,cAAc,EAAE,CAAC,CAAC,cAAc;oBAChC,UAAU,EAAE,CAAC,CAAC,UAAU;oBACxB,OAAO,EAAE,CAAC,CAAC,OAAO;oBAClB,YAAY,EAAE,CAAC,CAAC,YAAY;oBAC5B,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;iBACpC,CAAC,CAAC;aACJ,CAAC;YACF,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,iBAAiB,CAAC;SAC/C,CAAC,CAAC;QAEH,IAAI,OAAO,EAAE,CAAC;YACZ,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;YACjD,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,uBAAuB,IAAI,CAAC,MAAM,KAAM,IAAgC,CAAC,QAAQ,IAAI,CAAC,IAAI,KAAK,CAAC,MAAM,cAAc,CACrH,CAAC;QACJ,CAAC;QAED,OAAO,IAAI,CAAC,EAAE,CAAC;IACjB,CAAC;IAAC,MAAM,CAAC;QACP,gEAAgE;QAChE,IAAI,OAAO,EAAE,CAAC;YACZ,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,yDAAyD,CAAC,CAAC;QAClF,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAgB,qBAAqB;IACnC,OAAO,KAAK,CAAC,MAAM,CAAC;AACtB,CAAC;AAED;;GAEG;AACH,SAAgB,mBAAmB;IACjC,KAAK,GAAG,EAAE,CAAC;AACb,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "hackmyagent",
-  "version": "0.16.0",
+  "version": "0.16.2",
   "description": "Find it. Break it. Fix it. The hacker's toolkit for AI agents.",
   "bin": {
     "hackmyagent": "dist/cli.js"