hackmyagent 0.7.2 → 0.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (333) hide show
  1. package/LICENSE +191 -0
  2. package/README.md +66 -28
  3. package/dist/arp/cli/index.d.ts +3 -0
  4. package/dist/arp/cli/index.d.ts.map +1 -0
  5. package/dist/arp/cli/index.js +219 -0
  6. package/dist/arp/cli/index.js.map +1 -0
  7. package/dist/arp/config/loader.d.ts +8 -0
  8. package/dist/arp/config/loader.d.ts.map +1 -0
  9. package/dist/arp/config/loader.js +102 -0
  10. package/dist/arp/config/loader.js.map +1 -0
  11. package/dist/arp/enforcement/kill-switch.d.ts +22 -0
  12. package/dist/arp/enforcement/kill-switch.d.ts.map +1 -0
  13. package/dist/arp/enforcement/kill-switch.js +122 -0
  14. package/dist/arp/enforcement/kill-switch.js.map +1 -0
  15. package/dist/arp/engine/event-engine.d.ts +29 -0
  16. package/dist/arp/engine/event-engine.d.ts.map +1 -0
  17. package/dist/arp/engine/event-engine.js +233 -0
  18. package/dist/arp/engine/event-engine.js.map +1 -0
  19. package/dist/arp/index.d.ts +81 -0
  20. package/dist/arp/index.d.ts.map +1 -0
  21. package/dist/arp/index.js +239 -0
  22. package/dist/arp/index.js.map +1 -0
  23. package/dist/arp/intelligence/adapters.d.ts +45 -0
  24. package/dist/arp/intelligence/adapters.d.ts.map +1 -0
  25. package/dist/arp/intelligence/adapters.js +222 -0
  26. package/dist/arp/intelligence/adapters.js.map +1 -0
  27. package/dist/arp/intelligence/anomaly.d.ts +32 -0
  28. package/dist/arp/intelligence/anomaly.d.ts.map +1 -0
  29. package/dist/arp/intelligence/anomaly.js +80 -0
  30. package/dist/arp/intelligence/anomaly.js.map +1 -0
  31. package/dist/arp/intelligence/budget.d.ts +33 -0
  32. package/dist/arp/intelligence/budget.d.ts.map +1 -0
  33. package/dist/arp/intelligence/budget.js +150 -0
  34. package/dist/arp/intelligence/budget.js.map +1 -0
  35. package/dist/arp/intelligence/coordinator.d.ts +43 -0
  36. package/dist/arp/intelligence/coordinator.d.ts.map +1 -0
  37. package/dist/arp/intelligence/coordinator.js +301 -0
  38. package/dist/arp/intelligence/coordinator.js.map +1 -0
  39. package/dist/arp/interceptors/a2a-protocol.d.ts +29 -0
  40. package/dist/arp/interceptors/a2a-protocol.d.ts.map +1 -0
  41. package/dist/arp/interceptors/a2a-protocol.js +111 -0
  42. package/dist/arp/interceptors/a2a-protocol.js.map +1 -0
  43. package/dist/arp/interceptors/filesystem.d.ts +33 -0
  44. package/dist/arp/interceptors/filesystem.d.ts.map +1 -0
  45. package/dist/arp/interceptors/filesystem.js +199 -0
  46. package/dist/arp/interceptors/filesystem.js.map +1 -0
  47. package/dist/arp/interceptors/mcp-protocol.d.ts +25 -0
  48. package/dist/arp/interceptors/mcp-protocol.d.ts.map +1 -0
  49. package/dist/arp/interceptors/mcp-protocol.js +126 -0
  50. package/dist/arp/interceptors/mcp-protocol.js.map +1 -0
  51. package/dist/arp/interceptors/network.d.ts +26 -0
  52. package/dist/arp/interceptors/network.d.ts.map +1 -0
  53. package/dist/arp/interceptors/network.js +146 -0
  54. package/dist/arp/interceptors/network.js.map +1 -0
  55. package/dist/arp/interceptors/process.d.ts +26 -0
  56. package/dist/arp/interceptors/process.d.ts.map +1 -0
  57. package/dist/arp/interceptors/process.js +157 -0
  58. package/dist/arp/interceptors/process.js.map +1 -0
  59. package/dist/arp/interceptors/prompt.d.ts +29 -0
  60. package/dist/arp/interceptors/prompt.d.ts.map +1 -0
  61. package/dist/arp/interceptors/prompt.js +82 -0
  62. package/dist/arp/interceptors/prompt.js.map +1 -0
  63. package/dist/arp/license/index.d.ts +59 -0
  64. package/dist/arp/license/index.d.ts.map +1 -0
  65. package/dist/arp/license/index.js +78 -0
  66. package/dist/arp/license/index.js.map +1 -0
  67. package/dist/arp/monitors/filesystem.d.ts +21 -0
  68. package/dist/arp/monitors/filesystem.d.ts.map +1 -0
  69. package/dist/arp/monitors/filesystem.js +141 -0
  70. package/dist/arp/monitors/filesystem.js.map +1 -0
  71. package/dist/arp/monitors/network.d.ts +32 -0
  72. package/dist/arp/monitors/network.d.ts.map +1 -0
  73. package/dist/arp/monitors/network.js +301 -0
  74. package/dist/arp/monitors/network.js.map +1 -0
  75. package/dist/arp/monitors/process.d.ts +24 -0
  76. package/dist/arp/monitors/process.d.ts.map +1 -0
  77. package/dist/arp/monitors/process.js +205 -0
  78. package/dist/arp/monitors/process.js.map +1 -0
  79. package/dist/arp/patterns/ai-threats.d.ts +48 -0
  80. package/dist/arp/patterns/ai-threats.d.ts.map +1 -0
  81. package/dist/arp/patterns/ai-threats.js +215 -0
  82. package/dist/arp/patterns/ai-threats.js.map +1 -0
  83. package/dist/arp/proxy/forward.d.ts +23 -0
  84. package/dist/arp/proxy/forward.d.ts.map +1 -0
  85. package/dist/arp/proxy/forward.js +152 -0
  86. package/dist/arp/proxy/forward.js.map +1 -0
  87. package/dist/arp/proxy/server.d.ts +45 -0
  88. package/dist/arp/proxy/server.d.ts.map +1 -0
  89. package/dist/arp/proxy/server.js +331 -0
  90. package/dist/arp/proxy/server.js.map +1 -0
  91. package/dist/arp/reporting/local-log.d.ts +22 -0
  92. package/dist/arp/reporting/local-log.d.ts.map +1 -0
  93. package/dist/arp/reporting/local-log.js +116 -0
  94. package/dist/arp/reporting/local-log.js.map +1 -0
  95. package/dist/arp/types.d.ts +230 -0
  96. package/dist/arp/types.d.ts.map +1 -0
  97. package/dist/arp/types.js +4 -0
  98. package/dist/arp/types.js.map +1 -0
  99. package/dist/attack/custom-payloads.d.ts +11 -0
  100. package/dist/attack/custom-payloads.d.ts.map +1 -0
  101. package/dist/attack/custom-payloads.js +108 -0
  102. package/dist/attack/custom-payloads.js.map +1 -0
  103. package/dist/attack/fail-policy.d.ts +16 -0
  104. package/dist/attack/fail-policy.d.ts.map +1 -0
  105. package/dist/attack/fail-policy.js +36 -0
  106. package/dist/attack/fail-policy.js.map +1 -0
  107. package/dist/attack/index.d.ts +12 -0
  108. package/dist/attack/index.d.ts.map +1 -0
  109. package/dist/attack/index.js +30 -0
  110. package/dist/attack/index.js.map +1 -0
  111. package/dist/attack/payloads/a2a-attacks.d.ts +12 -0
  112. package/dist/attack/payloads/a2a-attacks.d.ts.map +1 -0
  113. package/dist/attack/payloads/a2a-attacks.js +221 -0
  114. package/dist/attack/payloads/a2a-attacks.js.map +1 -0
  115. package/dist/attack/payloads/capability-abuse.d.ts +8 -0
  116. package/dist/attack/payloads/capability-abuse.d.ts.map +1 -0
  117. package/dist/attack/payloads/capability-abuse.js +222 -0
  118. package/dist/attack/payloads/capability-abuse.js.map +1 -0
  119. package/dist/attack/payloads/context-manipulation.d.ts +8 -0
  120. package/dist/attack/payloads/context-manipulation.d.ts.map +1 -0
  121. package/dist/attack/payloads/context-manipulation.js +217 -0
  122. package/dist/attack/payloads/context-manipulation.js.map +1 -0
  123. package/dist/attack/payloads/data-exfiltration.d.ts +8 -0
  124. package/dist/attack/payloads/data-exfiltration.d.ts.map +1 -0
  125. package/dist/attack/payloads/data-exfiltration.js +249 -0
  126. package/dist/attack/payloads/data-exfiltration.js.map +1 -0
  127. package/dist/attack/payloads/index.d.ts +29 -0
  128. package/dist/attack/payloads/index.d.ts.map +1 -0
  129. package/dist/attack/payloads/index.js +76 -0
  130. package/dist/attack/payloads/index.js.map +1 -0
  131. package/dist/attack/payloads/jailbreak.d.ts +8 -0
  132. package/dist/attack/payloads/jailbreak.d.ts.map +1 -0
  133. package/dist/attack/payloads/jailbreak.js +265 -0
  134. package/dist/attack/payloads/jailbreak.js.map +1 -0
  135. package/dist/attack/payloads/mcp-exploitation.d.ts +12 -0
  136. package/dist/attack/payloads/mcp-exploitation.d.ts.map +1 -0
  137. package/dist/attack/payloads/mcp-exploitation.js +221 -0
  138. package/dist/attack/payloads/mcp-exploitation.js.map +1 -0
  139. package/dist/attack/payloads/prompt-injection.d.ts +8 -0
  140. package/dist/attack/payloads/prompt-injection.d.ts.map +1 -0
  141. package/dist/attack/payloads/prompt-injection.js +262 -0
  142. package/dist/attack/payloads/prompt-injection.js.map +1 -0
  143. package/dist/attack/scanner.d.ts +84 -0
  144. package/dist/attack/scanner.d.ts.map +1 -0
  145. package/dist/attack/scanner.js +509 -0
  146. package/dist/attack/scanner.js.map +1 -0
  147. package/dist/attack/types.d.ts +153 -0
  148. package/dist/attack/types.d.ts.map +1 -0
  149. package/dist/attack/types.js +46 -0
  150. package/dist/attack/types.js.map +1 -0
  151. package/dist/benchmarks/index.d.ts +16 -0
  152. package/dist/benchmarks/index.d.ts.map +1 -0
  153. package/dist/benchmarks/index.js +27 -0
  154. package/dist/benchmarks/index.js.map +1 -0
  155. package/dist/benchmarks/oasb-1.d.ts +112 -0
  156. package/dist/benchmarks/oasb-1.d.ts.map +1 -0
  157. package/dist/benchmarks/oasb-1.js +1124 -0
  158. package/dist/benchmarks/oasb-1.js.map +1 -0
  159. package/dist/checker/check-skill.d.ts +48 -0
  160. package/dist/checker/check-skill.d.ts.map +1 -0
  161. package/dist/checker/check-skill.js +105 -0
  162. package/dist/checker/check-skill.js.map +1 -0
  163. package/dist/checker/index.d.ts +12 -0
  164. package/dist/checker/index.d.ts.map +1 -0
  165. package/dist/checker/index.js +16 -0
  166. package/dist/checker/index.js.map +1 -0
  167. package/dist/checker/permission-analyzer.d.ts +12 -0
  168. package/dist/checker/permission-analyzer.d.ts.map +1 -0
  169. package/dist/checker/permission-analyzer.js +84 -0
  170. package/dist/checker/permission-analyzer.js.map +1 -0
  171. package/dist/checker/publisher-verifier.d.ts +34 -0
  172. package/dist/checker/publisher-verifier.d.ts.map +1 -0
  173. package/dist/checker/publisher-verifier.js +121 -0
  174. package/dist/checker/publisher-verifier.js.map +1 -0
  175. package/dist/checker/skill-identifier.d.ts +14 -0
  176. package/dist/checker/skill-identifier.d.ts.map +1 -0
  177. package/dist/checker/skill-identifier.js +55 -0
  178. package/dist/checker/skill-identifier.js.map +1 -0
  179. package/dist/cli.d.ts +7 -0
  180. package/dist/cli.d.ts.map +1 -0
  181. package/dist/cli.js +3534 -0
  182. package/dist/cli.js.map +1 -0
  183. package/dist/hardening/index.d.ts +7 -0
  184. package/dist/hardening/index.d.ts.map +1 -0
  185. package/dist/hardening/index.js +9 -0
  186. package/dist/hardening/index.js.map +1 -0
  187. package/dist/hardening/scanner.d.ts +147 -0
  188. package/dist/hardening/scanner.d.ts.map +1 -0
  189. package/dist/hardening/scanner.js +5445 -0
  190. package/dist/hardening/scanner.js.map +1 -0
  191. package/dist/hardening/security-check.d.ts +85 -0
  192. package/dist/hardening/security-check.d.ts.map +1 -0
  193. package/dist/hardening/security-check.js +6 -0
  194. package/dist/hardening/security-check.js.map +1 -0
  195. package/dist/index.d.ts +38 -4
  196. package/dist/index.d.ts.map +1 -1
  197. package/dist/index.js +91 -3525
  198. package/dist/index.js.map +1 -1
  199. package/dist/mcp-server.js +10 -10
  200. package/dist/mcp-server.js.map +1 -1
  201. package/dist/oasb/config/dvaa-targets.d.ts +13 -0
  202. package/dist/oasb/config/dvaa-targets.d.ts.map +1 -0
  203. package/dist/oasb/config/dvaa-targets.js +89 -0
  204. package/dist/oasb/config/dvaa-targets.js.map +1 -0
  205. package/dist/oasb/harness/arp-wrapper.d.ts +29 -0
  206. package/dist/oasb/harness/arp-wrapper.d.ts.map +1 -0
  207. package/dist/oasb/harness/arp-wrapper.js +134 -0
  208. package/dist/oasb/harness/arp-wrapper.js.map +1 -0
  209. package/dist/oasb/harness/dvaa-client.d.ts +46 -0
  210. package/dist/oasb/harness/dvaa-client.d.ts.map +1 -0
  211. package/dist/oasb/harness/dvaa-client.js +98 -0
  212. package/dist/oasb/harness/dvaa-client.js.map +1 -0
  213. package/dist/oasb/harness/dvaa-manager.d.ts +17 -0
  214. package/dist/oasb/harness/dvaa-manager.d.ts.map +1 -0
  215. package/dist/oasb/harness/dvaa-manager.js +132 -0
  216. package/dist/oasb/harness/dvaa-manager.js.map +1 -0
  217. package/dist/oasb/harness/event-collector.d.ts +33 -0
  218. package/dist/oasb/harness/event-collector.d.ts.map +1 -0
  219. package/dist/oasb/harness/event-collector.js +86 -0
  220. package/dist/oasb/harness/event-collector.js.map +1 -0
  221. package/dist/oasb/harness/metrics.d.ts +14 -0
  222. package/dist/oasb/harness/metrics.d.ts.map +1 -0
  223. package/dist/oasb/harness/metrics.js +56 -0
  224. package/dist/oasb/harness/metrics.js.map +1 -0
  225. package/dist/oasb/harness/mock-llm-adapter.d.ts +34 -0
  226. package/dist/oasb/harness/mock-llm-adapter.d.ts.map +1 -0
  227. package/dist/oasb/harness/mock-llm-adapter.js +69 -0
  228. package/dist/oasb/harness/mock-llm-adapter.js.map +1 -0
  229. package/dist/oasb/harness/types.d.ts +74 -0
  230. package/dist/oasb/harness/types.d.ts.map +1 -0
  231. package/dist/oasb/harness/types.js +3 -0
  232. package/dist/oasb/harness/types.js.map +1 -0
  233. package/dist/plugins/core.d.ts +109 -0
  234. package/dist/plugins/core.d.ts.map +1 -0
  235. package/dist/plugins/core.js +30 -0
  236. package/dist/plugins/core.js.map +1 -0
  237. package/dist/plugins/credvault.d.ts +22 -0
  238. package/dist/plugins/credvault.d.ts.map +1 -0
  239. package/dist/plugins/credvault.js +374 -0
  240. package/dist/plugins/credvault.js.map +1 -0
  241. package/dist/plugins/signcrypt.d.ts +27 -0
  242. package/dist/plugins/signcrypt.d.ts.map +1 -0
  243. package/dist/plugins/signcrypt.js +317 -0
  244. package/dist/plugins/signcrypt.js.map +1 -0
  245. package/dist/plugins/skillguard.d.ts +25 -0
  246. package/dist/plugins/skillguard.d.ts.map +1 -0
  247. package/dist/plugins/skillguard.js +346 -0
  248. package/dist/plugins/skillguard.js.map +1 -0
  249. package/dist/registry/client.d.ts +125 -0
  250. package/dist/registry/client.d.ts.map +1 -0
  251. package/dist/registry/client.js +308 -0
  252. package/dist/registry/client.js.map +1 -0
  253. package/dist/registry/index.d.ts +3 -0
  254. package/dist/registry/index.d.ts.map +1 -0
  255. package/dist/registry/index.js +10 -0
  256. package/dist/registry/index.js.map +1 -0
  257. package/dist/scanner/external-scanner.d.ts +13 -0
  258. package/dist/scanner/external-scanner.d.ts.map +1 -0
  259. package/dist/scanner/external-scanner.js +299 -0
  260. package/dist/scanner/external-scanner.js.map +1 -0
  261. package/dist/scanner/index.d.ts +6 -0
  262. package/dist/scanner/index.d.ts.map +1 -0
  263. package/dist/scanner/index.js +9 -0
  264. package/dist/scanner/index.js.map +1 -0
  265. package/dist/scanner/types.d.ts +32 -0
  266. package/dist/scanner/types.d.ts.map +1 -0
  267. package/dist/scanner/types.js +6 -0
  268. package/dist/scanner/types.js.map +1 -0
  269. package/dist/semantic/deep-scan.d.ts +13 -0
  270. package/dist/semantic/deep-scan.d.ts.map +1 -0
  271. package/dist/semantic/deep-scan.js +63 -0
  272. package/dist/semantic/deep-scan.js.map +1 -0
  273. package/dist/semantic/index.d.ts +17 -0
  274. package/dist/semantic/index.d.ts.map +1 -0
  275. package/dist/semantic/index.js +39 -0
  276. package/dist/semantic/index.js.map +1 -0
  277. package/dist/semantic/integration/cost-estimator.d.ts +17 -0
  278. package/dist/semantic/integration/cost-estimator.d.ts.map +1 -0
  279. package/dist/semantic/integration/cost-estimator.js +54 -0
  280. package/dist/semantic/integration/cost-estimator.js.map +1 -0
  281. package/dist/semantic/integration/finding-adapter.d.ts +34 -0
  282. package/dist/semantic/integration/finding-adapter.d.ts.map +1 -0
  283. package/dist/semantic/integration/finding-adapter.js +41 -0
  284. package/dist/semantic/integration/finding-adapter.js.map +1 -0
  285. package/dist/semantic/integration/oasb-upgrader.d.ts +20 -0
  286. package/dist/semantic/integration/oasb-upgrader.d.ts.map +1 -0
  287. package/dist/semantic/integration/oasb-upgrader.js +47 -0
  288. package/dist/semantic/integration/oasb-upgrader.js.map +1 -0
  289. package/dist/semantic/llm/budget.d.ts +50 -0
  290. package/dist/semantic/llm/budget.d.ts.map +1 -0
  291. package/dist/semantic/llm/budget.js +139 -0
  292. package/dist/semantic/llm/budget.js.map +1 -0
  293. package/dist/semantic/llm/cache.d.ts +36 -0
  294. package/dist/semantic/llm/cache.d.ts.map +1 -0
  295. package/dist/semantic/llm/cache.js +103 -0
  296. package/dist/semantic/llm/cache.js.map +1 -0
  297. package/dist/semantic/llm/client.d.ts +49 -0
  298. package/dist/semantic/llm/client.d.ts.map +1 -0
  299. package/dist/semantic/llm/client.js +64 -0
  300. package/dist/semantic/llm/client.js.map +1 -0
  301. package/dist/semantic/llm/index.d.ts +33 -0
  302. package/dist/semantic/llm/index.d.ts.map +1 -0
  303. package/dist/semantic/llm/index.js +129 -0
  304. package/dist/semantic/llm/index.js.map +1 -0
  305. package/dist/semantic/llm/prompts.d.ts +30 -0
  306. package/dist/semantic/llm/prompts.d.ts.map +1 -0
  307. package/dist/semantic/llm/prompts.js +120 -0
  308. package/dist/semantic/llm/prompts.js.map +1 -0
  309. package/dist/semantic/structural/credential-context.d.ts +14 -0
  310. package/dist/semantic/structural/credential-context.d.ts.map +1 -0
  311. package/dist/semantic/structural/credential-context.js +295 -0
  312. package/dist/semantic/structural/credential-context.js.map +1 -0
  313. package/dist/semantic/structural/index.d.ts +28 -0
  314. package/dist/semantic/structural/index.d.ts.map +1 -0
  315. package/dist/semantic/structural/index.js +138 -0
  316. package/dist/semantic/structural/index.js.map +1 -0
  317. package/dist/semantic/structural/instruction.d.ts +19 -0
  318. package/dist/semantic/structural/instruction.d.ts.map +1 -0
  319. package/dist/semantic/structural/instruction.js +167 -0
  320. package/dist/semantic/structural/instruction.js.map +1 -0
  321. package/dist/semantic/structural/mcp-config.d.ts +22 -0
  322. package/dist/semantic/structural/mcp-config.d.ts.map +1 -0
  323. package/dist/semantic/structural/mcp-config.js +294 -0
  324. package/dist/semantic/structural/mcp-config.js.map +1 -0
  325. package/dist/semantic/structural/permission-model.d.ts +16 -0
  326. package/dist/semantic/structural/permission-model.d.ts.map +1 -0
  327. package/dist/semantic/structural/permission-model.js +121 -0
  328. package/dist/semantic/structural/permission-model.js.map +1 -0
  329. package/dist/semantic/types.d.ts +122 -0
  330. package/dist/semantic/types.d.ts.map +1 -0
  331. package/dist/semantic/types.js +10 -0
  332. package/dist/semantic/types.js.map +1 -0
  333. package/package.json +25 -14
package/LICENSE ADDED
@@ -0,0 +1,191 @@
1
+ Apache License
2
+ Version 2.0, January 2004
3
+ http://www.apache.org/licenses/
4
+
5
+ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
6
+
7
+ 1. Definitions.
8
+
9
+ "License" shall mean the terms and conditions for use, reproduction,
10
+ and distribution as defined by Sections 1 through 9 of this document.
11
+
12
+ "Licensor" shall mean the copyright owner or entity authorized by
13
+ the copyright owner that is granting the License.
14
+
15
+ "Legal Entity" shall mean the union of the acting entity and all
16
+ other entities that control, are controlled by, or are under common
17
+ control with that entity. For the purposes of this definition,
18
+ "control" means (i) the power, direct or indirect, to cause the
19
+ direction or management of such entity, whether by contract or
20
+ otherwise, or (ii) ownership of fifty percent (50%) or more of the
21
+ outstanding shares, or (iii) beneficial ownership of such entity.
22
+
23
+ "You" (or "Your") shall mean an individual or Legal Entity
24
+ exercising permissions granted by this License.
25
+
26
+ "Source" form shall mean the preferred form for making modifications,
27
+ including but not limited to software source code, documentation
28
+ source, and configuration files.
29
+
30
+ "Object" form shall mean any form resulting from mechanical
31
+ transformation or translation of a Source form, including but
32
+ not limited to compiled object code, generated documentation,
33
+ and conversions to other media types.
34
+
35
+ "Work" shall mean the work of authorship, whether in Source or
36
+ Object form, made available under the License, as indicated by a
37
+ copyright notice that is included in or attached to the work
38
+ (an example is provided in the Appendix below).
39
+
40
+ "Derivative Works" shall mean any work, whether in Source or Object
41
+ form, that is based on (or derived from) the Work and for which the
42
+ editorial revisions, annotations, elaborations, or other modifications
43
+ represent, as a whole, an original work of authorship. For the purposes
44
+ of this License, Derivative Works shall not include works that remain
45
+ separable from, or merely link (or bind by name) to the interfaces of,
46
+ the Work and Derivative Works thereof.
47
+
48
+ "Contribution" shall mean any work of authorship, including
49
+ the original version of the Work and any modifications or additions
50
+ to that Work or Derivative Works thereof, that is intentionally
51
+ submitted to the Licensor for inclusion in the Work by the copyright owner
52
+ or by an individual or Legal Entity authorized to submit on behalf of
53
+ the copyright owner. For the purposes of this definition, "submitted"
54
+ means any form of electronic, verbal, or written communication sent
55
+ to the Licensor or its representatives, including but not limited to
56
+ communication on electronic mailing lists, source code control systems,
57
+ and issue tracking systems that are managed by, or on behalf of, the
58
+ Licensor for the purpose of discussing and improving the Work, but
59
+ excluding communication that is conspicuously marked or otherwise
60
+ designated in writing by the copyright owner as "Not a Contribution."
61
+
62
+ "Contributor" shall mean Licensor and any individual or Legal Entity
63
+ on behalf of whom a Contribution has been received by Licensor and
64
+ subsequently incorporated within the Work.
65
+
66
+ 2. Grant of Copyright License. Subject to the terms and conditions of
67
+ this License, each Contributor hereby grants to You a perpetual,
68
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
69
+ copyright license to reproduce, prepare Derivative Works of,
70
+ publicly display, publicly perform, sublicense, and distribute the
71
+ Work and such Derivative Works in Source or Object form.
72
+
73
+ 3. Grant of Patent License. Subject to the terms and conditions of
74
+ this License, each Contributor hereby grants to You a perpetual,
75
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
76
+ (except as stated in this section) patent license to make, have made,
77
+ use, offer to sell, sell, import, and otherwise transfer the Work,
78
+ where such license applies only to those patent claims licensable
79
+ by such Contributor that are necessarily infringed by their
80
+ Contribution(s) alone or by combination of their Contribution(s)
81
+ with the Work to which such Contribution(s) was submitted. If You
82
+ institute patent litigation against any entity (including a
83
+ cross-claim or counterclaim in a lawsuit) alleging that the Work
84
+ or a Contribution incorporated within the Work constitutes direct
85
+ or contributory patent infringement, then any patent licenses
86
+ granted to You under this License for that Work shall terminate
87
+ as of the date such litigation is filed.
88
+
89
+ 4. Redistribution. You may reproduce and distribute copies of the
90
+ Work or Derivative Works thereof in any medium, with or without
91
+ modifications, and in Source or Object form, provided that You
92
+ meet the following conditions:
93
+
94
+ (a) You must give any other recipients of the Work or
95
+ Derivative Works a copy of this License; and
96
+
97
+ (b) You must cause any modified files to carry prominent notices
98
+ stating that You changed the files; and
99
+
100
+ (c) You must retain, in the Source form of any Derivative Works
101
+ that You distribute, all copyright, patent, trademark, and
102
+ attribution notices from the Source form of the Work,
103
+ excluding those notices that do not pertain to any part of
104
+ the Derivative Works; and
105
+
106
+ (d) If the Work includes a "NOTICE" text file as part of its
107
+ distribution, then any Derivative Works that You distribute must
108
+ include a readable copy of the attribution notices contained
109
+ within such NOTICE file, excluding those notices that do not
110
+ pertain to any part of the Derivative Works, in at least one
111
+ of the following places: within a NOTICE text file distributed
112
+ as part of the Derivative Works; within the Source form or
113
+ documentation, if provided along with the Derivative Works; or,
114
+ within a display generated by the Derivative Works, if and
115
+ wherever such third-party notices normally appear. The contents
116
+ of the NOTICE file are for informational purposes only and
117
+ do not modify the License. You may add Your own attribution
118
+ notices within Derivative Works that You distribute, alongside
119
+ or as an addendum to the NOTICE text from the Work, provided
120
+ that such additional attribution notices cannot be construed
121
+ as modifying the License.
122
+
123
+ You may add Your own copyright statement to Your modifications and
124
+ may provide additional or different license terms and conditions
125
+ for use, reproduction, or distribution of Your modifications, or
126
+ for any such Derivative Works as a whole, provided Your use,
127
+ reproduction, and distribution of the Work otherwise complies with
128
+ the conditions stated in this License.
129
+
130
+ 5. Submission of Contributions. Unless You explicitly state otherwise,
131
+ any Contribution intentionally submitted for inclusion in the Work
132
+ by You to the Licensor shall be under the terms and conditions of
133
+ this License, without any additional terms or conditions.
134
+ Notwithstanding the above, nothing herein shall supersede or modify
135
+ the terms of any separate license agreement you may have executed
136
+ with Licensor regarding such Contributions.
137
+
138
+ 6. Trademarks. This License does not grant permission to use the trade
139
+ names, trademarks, service marks, or product names of the Licensor,
140
+ except as required for reasonable and customary use in describing the
141
+ origin of the Work and reproducing the content of the NOTICE file.
142
+
143
+ 7. Disclaimer of Warranty. Unless required by applicable law or
144
+ agreed to in writing, Licensor provides the Work (and each
145
+ Contributor provides its Contributions) on an "AS IS" BASIS,
146
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
147
+ implied, including, without limitation, any warranties or conditions
148
+ of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
149
+ PARTICULAR PURPOSE. You are solely responsible for determining the
150
+ appropriateness of using or redistributing the Work and assume any
151
+ risks associated with Your exercise of permissions under this License.
152
+
153
+ 8. Limitation of Liability. In no event and under no theory of
154
+ liability, whether in contract, strict liability, or tort
155
+ (including negligence or otherwise) arising in any way out of
156
+ the use or inability to use the Work (even if such Holder or other
157
+ party has been advised of the possibility of such damages), shall
158
+ any Contributor be liable to You for damages, including any direct,
159
+ indirect, special, incidental, or consequential damages of any
160
+ character arising as a result of this License or out of the use or
161
+ inability to use the Work (including but not limited to damages for
162
+ loss of goodwill, work stoppage, computer failure or malfunction, or
163
+ any and all other commercial damages or losses), even if such
164
+ Contributor has been advised of the possibility of such damages.
165
+
166
+ 9. Accepting Warranty or Additional Liability. While redistributing
167
+ the Work or Derivative Works thereof, You may choose to offer,
168
+ and charge a fee for, acceptance of support, warranty, indemnity,
169
+ or other liability obligations and/or rights consistent with this
170
+ License. However, in accepting such obligations, You may act only
171
+ on Your own behalf and on Your sole responsibility, not on behalf
172
+ of any other Contributor, and only if You agree to indemnify,
173
+ defend, and hold each Contributor harmless for any liability
174
+ incurred by, or claims asserted against, such Contributor by reason
175
+ of your accepting any such warranty or additional liability.
176
+
177
+ END OF TERMS AND CONDITIONS
178
+
179
+ Copyright 2025 OpenA2A
180
+
181
+ Licensed under the Apache License, Version 2.0 (the "License");
182
+ you may not use this file except in compliance with the License.
183
+ You may obtain a copy of the License at
184
+
185
+ http://www.apache.org/licenses/LICENSE-2.0
186
+
187
+ Unless required by applicable law or agreed to in writing, software
188
+ distributed under the License is distributed on an "AS IS" BASIS,
189
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
190
+ See the License for the specific language governing permissions and
191
+ limitations under the License.
package/README.md CHANGED
@@ -1,4 +1,4 @@
1
- > **[OpenA2A](https://github.com/opena2a-org/opena2a)**: [AIM](https://github.com/opena2a-org/agent-identity-management) · [HackMyAgent](https://github.com/opena2a-org/hackmyagent) · [OASB](https://github.com/opena2a-org/oasb) · [ARP](https://github.com/opena2a-org/arp) · [Secretless](https://github.com/opena2a-org/secretless-ai) · [DVAA](https://github.com/opena2a-org/damn-vulnerable-ai-agent)
1
+ > **[OpenA2A](https://github.com/opena2a-org/opena2a)**: [Secretless](https://github.com/opena2a-org/secretless-ai) · [ABG](https://github.com/opena2a-org/AI-BrowserGuard) · [AIM](https://github.com/opena2a-org/agent-identity-management) · [OASB](https://github.com/opena2a-org/oasb) · [ARP](https://github.com/opena2a-org/arp) · [DVAA](https://github.com/opena2a-org/damn-vulnerable-ai-agent)
2
2
 
3
3
  # HackMyAgent
4
4
 
@@ -10,7 +10,11 @@
10
10
 
11
11
  The hacker's toolkit for AI agents. 147 security checks, 55 attack payloads, auto-fix with rollback, and OASB benchmark compliance. Scans Claude Code, Cursor, VS Code, and any MCP server setup for credential leaks, misconfigurations, prompt injection vectors, supply chain risks, and more.
12
12
 
13
- [Website](https://hackmyagent.com) | [OpenA2A](https://opena2a.org) | [Security Checks Reference](docs/SECURITY_CHECKS.md)
13
+ [Website](https://hackmyagent.com) | [Security Checks Reference](docs/SECURITY_CHECKS.md)
14
+
15
+ <p align="center">
16
+ <img src="docs/hackmyagent-demo.gif" alt="HackMyAgent scanning an AI agent project" width="700" />
17
+ </p>
14
18
 
15
19
  ---
16
20
 
@@ -26,9 +30,39 @@ No config files required. Works out of the box.
26
30
 
27
31
  ---
28
32
 
33
+ ## Usage via OpenA2A CLI
34
+
35
+ HackMyAgent is available as a first-class adapter in the [OpenA2A CLI](https://github.com/opena2a-org/opena2a). If you have the CLI installed, you can invoke scanning, auto-fix, and attack capabilities directly:
36
+
37
+ ```bash
38
+ opena2a scan # run HackMyAgent security scan on current directory
39
+ opena2a scan --fix # scan and auto-fix issues
40
+ opena2a scan --attack http://localhost:3000 # red-team a live endpoint with adversarial payloads
41
+ ```
42
+
43
+ The `opena2a scan` adapter delegates to `hackmyagent secure` under the hood, supporting the same checks, output formats, and exit codes documented below.
44
+
45
+ ### Scope Drift Detection
46
+
47
+ HackMyAgent includes credential scope drift detectors exposed through the `opena2a protect` command. These detect when AI agent credentials have permissions beyond their declared scope:
48
+
49
+ | Detector | ID | What it detects |
50
+ |----------|----|-----------------|
51
+ | Google / Gemini | DRIFT-001 | OAuth scopes or API key permissions exceeding declared agent capabilities |
52
+ | AWS / Bedrock | DRIFT-002 | IAM policies granting broader access than the agent's capability manifest |
53
+
54
+ Preview drift findings without applying changes:
55
+
56
+ ```bash
57
+ opena2a protect --dry-run
58
+ ```
59
+
60
+ ---
61
+
29
62
  ## Table of Contents
30
63
 
31
64
  - [Installation](#installation)
65
+ - [Usage via OpenA2A CLI](#usage-via-opena2a-cli)
32
66
  - [Commands](#commands)
33
67
  - [secure](#hackmyagent-secure) — local agent hardening (147 checks)
34
68
  - [fix-all](#hackmyagent-fix-all) — run all OpenA2A security plugins
@@ -338,17 +372,16 @@ hackmyagent rollback ./my-project # rollback specific directory
338
372
 
339
373
  ## Plugin Architecture
340
374
 
341
- HackMyAgent uses a modular plugin system built on [`@opena2a/plugin-core`](packages/plugin-core). Each plugin implements `scan()` to detect issues and `fix()` to remediate them.
375
+ HackMyAgent uses a modular plugin system. Each plugin implements `scan()` to detect issues and `fix()` to remediate them.
342
376
 
343
- ### Packages
377
+ ### Built-in Plugins
344
378
 
345
- | Package | npm | Description |
346
- |---------|-----|-------------|
347
- | [`@opena2a/plugin-core`](packages/plugin-core) | — | Plugin interface, registry, shared types |
348
- | [`@opena2a/aim-core`](packages/aim-core) | | Ed25519 identity, audit logging, capability policy, trust scoring |
349
- | [`@opena2a/credvault-openclaw`](packages/credvault-openclaw) | | Credential scanning (10 patterns), env var replacement, AES-256-GCM store |
350
- | [`@opena2a/signcrypt-openclaw`](packages/signcrypt-openclaw) | | Ed25519 file signing, SHA-256 hash pinning, signature verification |
351
- | [`@opena2a/skillguard-openclaw`](packages/skillguard-openclaw) | — | Permission pinning, tamper detection, dangerous pattern scanning |
379
+ | Module | Description |
380
+ |--------|-------------|
381
+ | `src/plugins/core.ts` | Plugin interface, registry, shared types |
382
+ | `src/plugins/credvault.ts` | Credential scanning (10 patterns), env var replacement, AES-256-GCM store |
383
+ | `src/plugins/signcrypt.ts` | Ed25519 file signing, SHA-256 hash pinning, signature verification |
384
+ | `src/plugins/skillguard.ts` | Permission pinning, tamper detection, dangerous pattern scanning |
352
385
 
353
386
  ### Writing a Plugin
354
387
 
@@ -361,7 +394,7 @@ import type {
361
394
  Remediation,
362
395
  FixOptions,
363
396
  PluginInitOptions,
364
- } from '@opena2a/plugin-core';
397
+ } from 'hackmyagent/plugins';
365
398
 
366
399
  export const metadata: PluginMetadata = {
367
400
  packageName: '@my-org/my-plugin',
@@ -420,7 +453,7 @@ export function createPlugin(): MyPlugin {
420
453
  Register the plugin in `@opena2a/plugin-core`:
421
454
 
422
455
  ```typescript
423
- import { registerPlugin } from '@opena2a/plugin-core';
456
+ import { registerPlugin } from 'hackmyagent/plugins';
424
457
  import { createPlugin, metadata } from '@my-org/my-plugin';
425
458
 
426
459
  registerPlugin({
@@ -533,22 +566,28 @@ Contributions welcome. See [CONTRIBUTING.md](CONTRIBUTING.md).
533
566
  git clone https://github.com/opena2a-org/hackmyagent.git
534
567
  cd hackmyagent
535
568
  npm install
536
- npx turbo build # build all 8 packages
537
- npx turbo test # run 611 tests
569
+ npm run build
570
+ npm test # run 765 tests
538
571
  ```
539
572
 
540
- ### Monorepo Structure
573
+ ### Project Structure
541
574
 
542
575
  ```
543
- packages/
544
- cli/ # CLI entry point (hackmyagent command)
545
- core/ # Scanner engine (147 checks)
546
- aim-core/ # Ed25519 identity, audit, policy, trust
547
- plugin-core/ # Plugin interface and registry
548
- credvault-openclaw/ # Credential scanner plugin
549
- signcrypt-openclaw/ # Signing and hash pinning plugin
550
- skillguard-openclaw/ # Permission and pattern scanner plugin
551
- semantic-engine/ # Semantic analysis engine for deep scanning
576
+ src/
577
+ cli.ts # CLI entry point (hackmyagent command)
578
+ index.ts # Main exports
579
+ hardening/ # Scanner engine (147 checks)
580
+ attack/ # Red team attack simulation
581
+ checker/ # Security check framework
582
+ scanner/ # External scanner interface
583
+ semantic/ # Semantic analysis engine
584
+ plugins/
585
+ core.ts # Plugin interface, registry, shared types
586
+ credvault.ts # Credential scanner plugin
587
+ signcrypt.ts # Signing and hash pinning plugin
588
+ skillguard.ts # Permission and pattern scanner plugin
589
+ arp/ # Agent Runtime Protection
590
+ oasb/ # Open Agent Security Benchmark
552
591
  ```
553
592
 
554
593
  ---
@@ -564,8 +603,7 @@ Apache-2.0
564
603
  | Project | Description | Install |
565
604
  |---------|-------------|---------|
566
605
  | [**AIM**](https://github.com/opena2a-org/agent-identity-management) | Agent Identity Management -- identity and access control for AI agents | `pip install aim-sdk` |
567
- | [**HackMyAgent**](https://github.com/opena2a-org/hackmyagent) | Security scanner -- 147 checks, attack mode, auto-fix | `npx hackmyagent secure` |
568
- | [**OASB**](https://github.com/opena2a-org/oasb) | Open Agent Security Benchmark -- 182 attack scenarios | `npm install @opena2a/oasb` |
569
- | [**ARP**](https://github.com/opena2a-org/arp) | Agent Runtime Protection -- process, network, filesystem monitoring | `npm install @opena2a/arp` |
606
+ | [**OASB**](https://github.com/opena2a-org/oasb) | Open Agent Security Benchmark -- 222 attack scenarios | Included in `hackmyagent` |
607
+ | [**ARP**](https://github.com/opena2a-org/arp) | Agent Runtime Protection -- process, network, filesystem monitoring | Included in `hackmyagent` |
570
608
  | [**Secretless AI**](https://github.com/opena2a-org/secretless-ai) | Keep credentials out of AI context windows | `npx secretless-ai init` |
571
609
  | [**DVAA**](https://github.com/opena2a-org/damn-vulnerable-ai-agent) | Damn Vulnerable AI Agent -- security training and red-teaming | `docker pull opena2a/dvaa` |
package/dist/arp/cli/index.d.ts ADDED
@@ -0,0 +1,3 @@
1
+ #!/usr/bin/env node
2
+ export {};
3
+ //# sourceMappingURL=index.d.ts.map
package/dist/arp/cli/index.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/arp/cli/index.ts"],"names":[],"mappings":""}
package/dist/arp/cli/index.js ADDED
@@ -0,0 +1,219 @@
1
+ #!/usr/bin/env node
2
+ "use strict";
3
+ Object.defineProperty(exports, "__esModule", { value: true });
4
+ const index_1 = require("../index");
5
+ const server_1 = require("../proxy/server");
6
+ const prompt_1 = require("../interceptors/prompt");
7
+ const mcp_protocol_1 = require("../interceptors/mcp-protocol");
8
+ const a2a_protocol_1 = require("../interceptors/a2a-protocol");
9
+ const event_engine_1 = require("../engine/event-engine");
10
+ const args = process.argv.slice(2);
11
+ const command = args[0];
12
+ async function main() {
13
+ switch (command) {
14
+ case 'start':
15
+ await startGuard();
16
+ break;
17
+ case 'stop':
18
+ console.log('Stop not implemented in foreground mode. Use Ctrl+C.');
19
+ break;
20
+ case 'status':
21
+ await showStatus();
22
+ break;
23
+ case 'tail':
24
+ await tailEvents();
25
+ break;
26
+ case 'budget':
27
+ await showBudget();
28
+ break;
29
+ case 'proxy':
30
+ await startProxy();
31
+ break;
32
+ case '--version':
33
+ case '-v':
34
+ console.log(`arp-guard v${index_1.VERSION}`);
35
+ break;
36
+ case '--help':
37
+ case '-h':
38
+ case undefined:
39
+ showHelp();
40
+ break;
41
+ default:
42
+ console.error(`Unknown command: ${command}`);
43
+ showHelp();
44
+ process.exit(1);
45
+ }
46
+ }
47
+ async function startGuard() {
48
+ const configPath = args.find((a) => a.startsWith('--config='))?.split('=')[1]
49
+ ?? (args.indexOf('--config') !== -1 ? args[args.indexOf('--config') + 1] : undefined);
50
+ const config = (0, index_1.loadConfig)(configPath);
51
+ console.log(`\n ARP Guard v${index_1.VERSION}`);
52
+ console.log(` Agent: ${config.agentName}`);
53
+ console.log(` Intelligence: ${config.intelligence?.enabled !== false ? '3-Layer (L0+L1+L2)' : 'L0+L1 only'}`);
54
+ console.log(` Budget: $${config.intelligence?.budgetUsd ?? 5.00}/month`);
55
+ console.log(` Monitors: ${Object.entries(config.monitors ?? {}).filter(([, v]) => v.enabled).map(([k]) => k).join(', ') || 'all'}`);
56
+ console.log();
57
+ const arp = new index_1.AgentRuntimeProtection(config);
58
+ // Graceful shutdown
59
+ const shutdown = async () => {
60
+ console.log('\n Stopping ARP Guard...');
61
+ await arp.stop();
62
+ const status = arp.getStatus();
63
+ console.log(` Budget used: $${status.budget.spent} / $${status.budget.budget} (${status.budget.percentUsed}%)`);
64
+ console.log(` Total L2 calls: ${status.budget.totalCalls}`);
65
+ console.log(' Stopped.\n');
66
+ process.exit(0);
67
+ };
68
+ process.on('SIGINT', shutdown);
69
+ process.on('SIGTERM', shutdown);
70
+ await arp.start();
71
+ console.log(' Monitoring... (press Ctrl+C to stop)\n');
72
+ // Keep alive
73
+ const keepAlive = setInterval(() => { }, 60000);
74
+ keepAlive.unref();
75
+ }
76
+ async function showStatus() {
77
+ const config = (0, index_1.loadConfig)();
78
+ const arp = new index_1.AgentRuntimeProtection(config);
79
+ const status = arp.getStatus();
80
+ console.log(`\n ARP Guard Status`);
81
+ console.log(` Running: ${status.running}`);
82
+ console.log(` Budget: $${status.budget.spent} / $${status.budget.budget} (${status.budget.percentUsed}% used)`);
83
+ console.log(` L2 calls this period: ${status.budget.totalCalls}`);
84
+ console.log(` L2 calls this hour: ${status.budget.callsThisHour} / ${status.budget.maxCallsPerHour}`);
85
+ console.log(` Paused PIDs: ${status.pausedPids.length > 0 ? status.pausedPids.join(', ') : 'none'}`);
86
+ console.log();
87
+ }
88
+ async function tailEvents() {
89
+ const config = (0, index_1.loadConfig)();
90
+ const arp = new index_1.AgentRuntimeProtection(config);
91
+ const events = arp.getEvents(parseInt(args[1]) || 20);
92
+ if (events.length === 0) {
93
+ console.log('\n No events recorded yet.\n');
94
+ return;
95
+ }
96
+ console.log(`\n Last ${events.length} events:\n`);
97
+ for (const event of events) {
98
+ const severity = event.severity.toUpperCase().padEnd(8);
99
+ const source = event.source.padEnd(10);
100
+ const llm = event.classifiedBy === 'L2-llm' ? ' [LLM]' : '';
101
+ console.log(` ${event.timestamp} ${severity} ${source} ${event.description.slice(0, 80)}${llm}`);
102
+ }
103
+ console.log();
104
+ }
105
+ async function showBudget() {
106
+ const config = (0, index_1.loadConfig)();
107
+ const arp = new index_1.AgentRuntimeProtection(config);
108
+ const status = arp.getStatus();
109
+ const b = status.budget;
110
+ console.log(`\n ARP Intelligence Budget`);
111
+ console.log(` ─────────────────────────────`);
112
+ console.log(` Spent: $${b.spent.toFixed(4)}`);
113
+ console.log(` Budget: $${b.budget.toFixed(2)}`);
114
+ console.log(` Remaining: $${b.remaining.toFixed(4)}`);
115
+ console.log(` Used: ${b.percentUsed}%`);
116
+ console.log(` ─────────────────────────────`);
117
+ console.log(` Total L2 calls: ${b.totalCalls}`);
118
+ console.log(` This hour: ${b.callsThisHour} / ${b.maxCallsPerHour}`);
119
+ console.log();
120
+ }
121
+ async function startProxy() {
122
+ const configPath = args.find((a) => a.startsWith('--config='))?.split('=')[1]
123
+ ?? (args.indexOf('--config') !== -1 ? args[args.indexOf('--config') + 1] : undefined);
124
+ const config = (0, index_1.loadConfig)(configPath);
125
+ if (!config.proxy) {
126
+ console.error(' Error: No proxy configuration found. Add a "proxy" section to your config.');
127
+ process.exit(1);
128
+ }
129
+ const engine = new event_engine_1.EventEngine(config);
130
+ const promptInterceptor = new prompt_1.PromptInterceptor(engine);
131
+ const mcpInterceptor = new mcp_protocol_1.MCPProtocolInterceptor(engine, config.aiLayer?.mcp?.allowedTools);
132
+ const a2aInterceptor = new a2a_protocol_1.A2AProtocolInterceptor(engine, config.aiLayer?.a2a?.trustedAgents);
133
+ await promptInterceptor.start();
134
+ await mcpInterceptor.start();
135
+ await a2aInterceptor.start();
136
+ const proxy = new server_1.ARPProxy(config.proxy, {
137
+ engine,
138
+ promptInterceptor,
139
+ mcpInterceptor,
140
+ a2aInterceptor,
141
+ });
142
+ // Log detections to console
143
+ let detectionCount = 0;
144
+ engine.onEvent((event) => {
145
+ if (event.category === 'threat' || event.category === 'violation') {
146
+ detectionCount++;
147
+ const sev = event.severity.toUpperCase().padEnd(8);
148
+ console.log(` [${sev}] ${event.description}`);
149
+ }
150
+ });
151
+ const shutdown = async () => {
152
+ console.log('\n Stopping ARP Proxy...');
153
+ await proxy.stop();
154
+ await promptInterceptor.stop();
155
+ await mcpInterceptor.stop();
156
+ await a2aInterceptor.stop();
157
+ console.log(` Total detections: ${detectionCount}`);
158
+ console.log(' Stopped.\n');
159
+ process.exit(0);
160
+ };
161
+ process.on('SIGINT', shutdown);
162
+ process.on('SIGTERM', shutdown);
163
+ await proxy.start();
164
+ console.log(`\n ARP Proxy v${index_1.VERSION}`);
165
+ console.log(` Listening on port ${config.proxy.port}`);
166
+ console.log(` Block mode: ${config.proxy.blockOnDetection ? 'ENABLED' : 'alert-only'}`);
167
+ console.log(` Upstreams:`);
168
+ for (const u of config.proxy.upstreams) {
169
+ console.log(` ${u.pathPrefix} -> ${u.target} (${u.protocol})`);
170
+ }
171
+ console.log(`\n Scanning: prompt injection, jailbreak, data leak, MCP exploitation, A2A spoofing`);
172
+ console.log(' Press Ctrl+C to stop\n');
173
+ const keepAlive = setInterval(() => { }, 60000);
174
+ keepAlive.unref();
175
+ }
176
+ function showHelp() {
177
+ console.log(`
178
+ ARP Guard v${index_1.VERSION} — Agent Runtime Protection
179
+
180
+ USAGE
181
+ arp-guard <command> [options]
182
+
183
+ COMMANDS
184
+ start [--config <path>] Start monitoring the agent
185
+ proxy [--config <path>] Start HTTP reverse proxy with AI-layer scanning
186
+ stop Stop monitoring
187
+ status Show current protection status
188
+ tail [N] Show last N events (default: 20)
189
+ budget Show LLM intelligence budget usage
190
+
191
+ INTELLIGENCE
192
+ ARP uses a 3-layer intelligence stack:
193
+ L0: Rules (free) Pattern matching on every event
194
+ L1: Statistical (free) Z-score anomaly detection
195
+ L2: LLM-Assisted ($) Micro-prompts to the agent's LLM
196
+
197
+ 99% of events never reach L2. Default budget: $5/month.
198
+ Auto-detects Anthropic, OpenAI, or Ollama from environment.
199
+
200
+ AI-LAYER SCANNING (proxy mode)
201
+ Prompt injection, jailbreak, data exfiltration detection
202
+ MCP parameter exploitation (path traversal, command injection, SSRF)
203
+ A2A identity spoofing and delegation abuse detection
204
+ Output scanning for leaked secrets, PII, and system prompts
205
+
206
+ EXAMPLES
207
+ arp-guard start Start with auto-detected config
208
+ arp-guard start --config arp.yaml Start with custom config
209
+ arp-guard proxy --config arp.yaml Start proxy with AI-layer scanning
210
+ arp-guard status Check budget and monitor status
211
+ arp-guard tail 50 Show last 50 events
212
+ arp-guard budget Show intelligence spending
213
+ `);
214
+ }
215
+ main().catch((err) => {
216
+ console.error(`Error: ${err instanceof Error ? err.message : String(err)}`);
217
+ process.exit(1);
218
+ });
219
+ //# sourceMappingURL=index.js.map
package/dist/arp/cli/index.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/arp/cli/index.ts"],"names":[],"mappings":";;;AAEA,oCAAuE;AACvE,4CAA2C;AAC3C,mDAA2D;AAC3D,+DAAsE;AACtE,+DAAsE;AACtE,yDAAqD;AAErD,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;AACnC,MAAM,OAAO,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;AAExB,KAAK,UAAU,IAAI;IACjB,QAAQ,OAAO,EAAE,CAAC;QAChB,KAAK,OAAO;YACV,MAAM,UAAU,EAAE,CAAC;YACnB,MAAM;QACR,KAAK,MAAM;YACT,OAAO,CAAC,GAAG,CAAC,sDAAsD,CAAC,CAAC;YACpE,MAAM;QACR,KAAK,QAAQ;YACX,MAAM,UAAU,EAAE,CAAC;YACnB,MAAM;QACR,KAAK,MAAM;YACT,MAAM,UAAU,EAAE,CAAC;YACnB,MAAM;QACR,KAAK,QAAQ;YACX,MAAM,UAAU,EAAE,CAAC;YACnB,MAAM;QACR,KAAK,OAAO;YACV,MAAM,UAAU,EAAE,CAAC;YACnB,MAAM;QACR,KAAK,WAAW,CAAC;QACjB,KAAK,IAAI;YACP,OAAO,CAAC,GAAG,CAAC,cAAc,eAAO,EAAE,CAAC,CAAC;YACrC,MAAM;QACR,KAAK,QAAQ,CAAC;QACd,KAAK,IAAI,CAAC;QACV,KAAK,SAAS;YACZ,QAAQ,EAAE,CAAC;YACX,MAAM;QACR;YACE,OAAO,CAAC,KAAK,CAAC,oBAAoB,OAAO,EAAE,CAAC,CAAC;YAC7C,QAAQ,EAAE,CAAC;YACX,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACpB,CAAC;AACH,CAAC;AAED,KAAK,UAAU,UAAU;IACvB,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;WACxE,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;IAExF,MAAM,MAAM,GAAG,IAAA,kBAAU,EAAC,UAAU,CAAC,CAAC;IAEtC,OAAO,CAAC,GAAG,CAAC,kBAAkB,eAAO,EAAE,CAAC,CAAC;IACzC,OAAO,CAAC,GAAG,CAAC,YAAY,MAAM,CAAC,SAAS,EAAE,CAAC,CAAC;IAC5C,OAAO,CAAC,GAAG,CAAC,mBAAmB,MAAM,CAAC,YAAY,EAAE,OAAO,KAAK,KAAK,CAAC,CAAC,CAAC,oBAAoB,CAAC,CAAC,CAAC,YAAY,EAAE,CAAC,CAAC;IAC/G,OAAO,CAAC,GAAG,CAAC,cAAc,MAAM,CAAC,YAAY,EAAE,SAAS,IAAI,IAAI,QAAQ,CAAC,CAAC;IAC1E,OAAO,CAAC,GAAG,CAAC,eAAe,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,QAAQ,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAE,CAA0B,CAAC,OAAO,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,KAAK,EAAE,CAAC,CAAC;IAC/J,OAAO,CAAC,GAAG,EAAE,CAAC;IAEd,MAAM,GAAG,GAAG,IAAI,8BAAsB,CAAC,MAAM,CAAC,CAAC;IAE/C,oBAAoB;IACpB,MAAM,QAAQ,GAAG,KAAK,IAAI,EAAE;QAC1B,OAAO,CAAC,GAAG,CAAC,2BAA2B,CAAC,CAAC;QACzC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;QACjB,MAAM,MAAM,GAAG,GAAG,CAAC,SAAS,EAAE,CAAC;QAC/B,OAAO,CAAC,GAAG,CAAC,mBAAmB,MAAM,CAAC,MAAM,CAAC,KAAK,OAAO,MAAM,CAAC,MAAM,CAAC,MAAM,KAAK,MAAM,CAAC,MAAM,CAAC,WAAW,IAAI,CAAC,CAAC;QACjH,OAAO,CAAC,GAAG,CAAC,qBAAqB,MAAM,CAAC,MAAM,CAAC,UAAU,EAAE,CAAC,CAAC;QAC7D,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;QAC5B,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC,CAAC;IAEF,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;IAC/B,OAAO,CAAC,EAAE,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;IAEhC,MAAM,GAAG,CAAC,KAAK,EAAE,CAAC;IAClB,OAAO,CAAC,GAAG,CAAC,0CAA0C,CAAC,CAAC;IAExD,aAAa;IACb,MAAM,SAAS,GAAG,WAAW,CAAC,GAAG,EAAE,GAAE,CAAC,EAAE,KAAK,CAAC,CAAC;IAC/C,SAAS,CAAC,KAAK,EAAE,CAAC;AACpB,CAAC;AAED,KAAK,UAAU,UAAU;IACvB,MAAM,MAAM,GAAG,IAAA,kBAAU,GAAE,CAAC;IAC5B,MAAM,GAAG,GAAG,IAAI,8BAAsB,CAAC,MAAM,CAAC,CAAC;IAC/C,MAAM,MAAM,GAAG,GAAG,CAAC,SAAS,EAAE,CAAC;IAE/B,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC,CAAC;IACpC,OAAO,CAAC,GAAG,CAAC,cAAc,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC;IAC5C,OAAO,CAAC,GAAG,CAAC,cAAc,MAAM,CAAC,MAAM,CAAC,KAAK,OAAO,MAAM,CAAC,MAAM,CAAC,MAAM,KAAK,MAAM,CAAC,MAAM,CAAC,WAAW,SAAS,CAAC,CAAC;IACjH,OAAO,CAAC,GAAG,CAAC,2BAA2B,MAAM,CAAC,MAAM,CAAC,UAAU,EAAE,CAAC,CAAC;IACnE,OAAO,CAAC,GAAG,CAAC,yBAAyB,MAAM,CAAC,MAAM,CAAC,aAAa,MAAM,MAAM,CAAC,MAAM,CAAC,eAAe,EAAE,CAAC,CAAC;IACvG,OAAO,CAAC,GAAG,CAAC,kBAAkB,MAAM,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;IACtG,OAAO,CAAC,GAAG,EAAE,CAAC;AAChB,CAAC;AAED,KAAK,UAAU,UAAU;IACvB,MAAM,MAAM,GAAG,IAAA,kBAAU,GAAE,CAAC;IAC5B,MAAM,GAAG,GAAG,IAAI,8BAAsB,CAAC,MAAM,CAAC,CAAC;IAC/C,MAAM,MAAM,GAAG,GAAG,CAAC,SAAS,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;IAEtD,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACxB,OAAO,CAAC,GAAG,CAAC,+BAA+B,CAAC,CAAC;QAC7C,OAAO;IACT,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,YAAY,MAAM,CAAC,MAAM,YAAY,CAAC,CAAC;IACnD,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;QAC3B,MAAM,QAAQ,GAAG,KAAK,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;QACxD,MAAM,MAAM,GAAG,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QACvC,MAAM,GAAG,GAAG,KAAK,CAAC,YAAY,KAAK,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC;QAC5D,OAAO,CAAC,GAAG,CAAC,KAAK,KAAK,CAAC,SAAS,KAAK,QAAQ,KAAK,MAAM,KAAK,KAAK,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,EAAE,CAAC,CAAC;IACvG,CAAC;IACD,OAAO,CAAC,GAAG,EAAE,CAAC;AAChB,CAAC;AAED,KAAK,UAAU,UAAU;IACvB,MAAM,MAAM,GAAG,IAAA,kBAAU,GAAE,CAAC;IAC5B,MAAM,GAAG,GAAG,IAAI,8BAAsB,CAAC,MAAM,CAAC,CAAC;IAC/C,MAAM,MAAM,GAAG,GAAG,CAAC,SAAS,EAAE,CAAC;IAC/B,MAAM,CAAC,GAAG,MAAM,CAAC,MAAM,CAAC;IAExB,OAAO,CAAC,GAAG,CAAC,6BAA6B,CAAC,CAAC;IAC3C,OAAO,CAAC,GAAG,CAAC,iCAAiC,CAAC,CAAC;IAC/C,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;IACnD,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;IACpD,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;IACvD,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC,WAAW,GAAG,CAAC,CAAC;IAC9C,OAAO,CAAC,GAAG,CAAC,iCAAiC,CAAC,CAAC;IAC/C,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAC,UAAU,EAAE,CAAC,CAAC;IACjD,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAC,aAAa,MAAM,CAAC,CAAC,eAAe,EAAE,CAAC,CAAC;IAC3E,OAAO,CAAC,GAAG,EAAE,CAAC;AAChB,CAAC;AAED,KAAK,UAAU,UAAU;IACvB,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;WACxE,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;IAExF,MAAM,MAAM,GAAG,IAAA,kBAAU,EAAC,UAAU,CAAC,CAAC;IAEtC,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;QAClB,OAAO,CAAC,KAAK,CAAC,8EAA8E,CAAC,CAAC;QAC9F,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,MAAM,MAAM,GAAG,IAAI,0BAAW,CAAC,MAAM,CAAC,CAAC;IACvC,MAAM,iBAAiB,GAAG,IAAI,0BAAiB,CAAC,MAAM,CAAC,CAAC;IACxD,MAAM,cAAc,GAAG,IAAI,qCAAsB,CAAC,MAAM,EAAE,MAAM,CAAC,OAAO,EAAE,GAAG,EAAE,YAAY,CAAC,CAAC;IAC7F,MAAM,cAAc,GAAG,IAAI,qCAAsB,CAAC,MAAM,EAAE,MAAM,CAAC,OAAO,EAAE,GAAG,EAAE,aAAa,CAAC,CAAC;IAE9F,MAAM,iBAAiB,CAAC,KAAK,EAAE,CAAC;IAChC,MAAM,cAAc,CAAC,KAAK,EAAE,CAAC;IAC7B,MAAM,cAAc,CAAC,KAAK,EAAE,CAAC;IAE7B,MAAM,KAAK,GAAG,IAAI,iBAAQ,CAAC,MAAM,CAAC,KAAK,EAAE;QACvC,MAAM;QACN,iBAAiB;QACjB,cAAc;QACd,cAAc;KACf,CAAC,CAAC;IAEH,4BAA4B;IAC5B,IAAI,cAAc,GAAG,CAAC,CAAC;IACvB,MAAM,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,EAAE;QACvB,IAAI,KAAK,CAAC,QAAQ,KAAK,QAAQ,IAAI,KAAK,CAAC,QAAQ,KAAK,WAAW,EAAE,CAAC;YAClE,cAAc,EAAE,CAAC;YACjB,MAAM,GAAG,GAAG,KAAK,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;YACnD,OAAO,CAAC,GAAG,CAAC,MAAM,GAAG,KAAK,KAAK,CAAC,WAAW,EAAE,CAAC,CAAC;QACjD,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,MAAM,QAAQ,GAAG,KAAK,IAAI,EAAE;QAC1B,OAAO,CAAC,GAAG,CAAC,2BAA2B,CAAC,CAAC;QACzC,MAAM,KAAK,CAAC,IAAI,EAAE,CAAC;QACnB,MAAM,iBAAiB,CAAC,IAAI,EAAE,CAAC;QAC/B,MAAM,cAAc,CAAC,IAAI,EAAE,CAAC;QAC5B,MAAM,cAAc,CAAC,IAAI,EAAE,CAAC;QAC5B,OAAO,CAAC,GAAG,CAAC,uBAAuB,cAAc,EAAE,CAAC,CAAC;QACrD,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;QAC5B,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC,CAAC;IAEF,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;IAC/B,OAAO,CAAC,EAAE,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;IAEhC,MAAM,KAAK,CAAC,KAAK,EAAE,CAAC;IAEpB,OAAO,CAAC,GAAG,CAAC,kBAAkB,eAAO,EAAE,CAAC,CAAC;IACzC,OAAO,CAAC,GAAG,CAAC,uBAAuB,MAAM,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;IACxD,OAAO,CAAC,GAAG,CAAC,iBAAiB,MAAM,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,YAAY,EAAE,CAAC,CAAC;IACzF,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;IAC5B,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,KAAK,CAAC,SAAS,EAAE,CAAC;QACvC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,UAAU,OAAO,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,QAAQ,GAAG,CAAC,CAAC;IACpE,CAAC;IACD,OAAO,CAAC,GAAG,CAAC,sFAAsF,CAAC,CAAC;IACpG,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC,CAAC;IAExC,MAAM,SAAS,GAAG,WAAW,CAAC,GAAG,EAAE,GAAE,CAAC,EAAE,KAAK,CAAC,CAAC;IAC/C,SAAS,CAAC,KAAK,EAAE,CAAC;AACpB,CAAC;AAED,SAAS,QAAQ;IACf,OAAO,CAAC,GAAG,CAAC;eACC,eAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAmCrB,CAAC,CAAC;AACH,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;IACnB,OAAO,CAAC,KAAK,CAAC,UAAU,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAC5E,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}
package/dist/arp/config/loader.d.ts ADDED
@@ -0,0 +1,8 @@
1
+ import type { ARPConfig } from '../types';
2
+ /**
3
+ * Load ARP config from YAML or JSON file.
4
+ * Falls back to sensible defaults if no config found.
5
+ */
6
+ export declare function loadConfig(configPath?: string): ARPConfig;
7
+ export declare function defaultConfig(): ARPConfig;
8
+ //# sourceMappingURL=loader.d.ts.map
package/dist/arp/config/loader.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"loader.d.ts","sourceRoot":"","sources":["../../../src/arp/config/loader.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,UAAU,CAAC;AAE1C;;;GAGG;AACH,wBAAgB,UAAU,CAAC,UAAU,CAAC,EAAE,MAAM,GAAG,SAAS,CAmBzD;AAmBD,wBAAgB,aAAa,IAAI,SAAS,CAyBzC"}