npm - hackmyagent - Versions diffs - 0.7.2 → 0.8.0 - Mend

hackmyagent 0.7.2 → 0.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (333) hide show

package/LICENSE +191 -0
package/README.md +66 -28
package/dist/arp/cli/index.d.ts +3 -0
package/dist/arp/cli/index.d.ts.map +1 -0
package/dist/arp/cli/index.js +219 -0
package/dist/arp/cli/index.js.map +1 -0
package/dist/arp/config/loader.d.ts +8 -0
package/dist/arp/config/loader.d.ts.map +1 -0
package/dist/arp/config/loader.js +102 -0
package/dist/arp/config/loader.js.map +1 -0
package/dist/arp/enforcement/kill-switch.d.ts +22 -0
package/dist/arp/enforcement/kill-switch.d.ts.map +1 -0
package/dist/arp/enforcement/kill-switch.js +122 -0
package/dist/arp/enforcement/kill-switch.js.map +1 -0
package/dist/arp/engine/event-engine.d.ts +29 -0
package/dist/arp/engine/event-engine.d.ts.map +1 -0
package/dist/arp/engine/event-engine.js +233 -0
package/dist/arp/engine/event-engine.js.map +1 -0
package/dist/arp/index.d.ts +81 -0
package/dist/arp/index.d.ts.map +1 -0
package/dist/arp/index.js +239 -0
package/dist/arp/index.js.map +1 -0
package/dist/arp/intelligence/adapters.d.ts +45 -0
package/dist/arp/intelligence/adapters.d.ts.map +1 -0
package/dist/arp/intelligence/adapters.js +222 -0
package/dist/arp/intelligence/adapters.js.map +1 -0
package/dist/arp/intelligence/anomaly.d.ts +32 -0
package/dist/arp/intelligence/anomaly.d.ts.map +1 -0
package/dist/arp/intelligence/anomaly.js +80 -0
package/dist/arp/intelligence/anomaly.js.map +1 -0
package/dist/arp/intelligence/budget.d.ts +33 -0
package/dist/arp/intelligence/budget.d.ts.map +1 -0
package/dist/arp/intelligence/budget.js +150 -0
package/dist/arp/intelligence/budget.js.map +1 -0
package/dist/arp/intelligence/coordinator.d.ts +43 -0
package/dist/arp/intelligence/coordinator.d.ts.map +1 -0
package/dist/arp/intelligence/coordinator.js +301 -0
package/dist/arp/intelligence/coordinator.js.map +1 -0
package/dist/arp/interceptors/a2a-protocol.d.ts +29 -0
package/dist/arp/interceptors/a2a-protocol.d.ts.map +1 -0
package/dist/arp/interceptors/a2a-protocol.js +111 -0
package/dist/arp/interceptors/a2a-protocol.js.map +1 -0
package/dist/arp/interceptors/filesystem.d.ts +33 -0
package/dist/arp/interceptors/filesystem.d.ts.map +1 -0
package/dist/arp/interceptors/filesystem.js +199 -0
package/dist/arp/interceptors/filesystem.js.map +1 -0
package/dist/arp/interceptors/mcp-protocol.d.ts +25 -0
package/dist/arp/interceptors/mcp-protocol.d.ts.map +1 -0
package/dist/arp/interceptors/mcp-protocol.js +126 -0
package/dist/arp/interceptors/mcp-protocol.js.map +1 -0
package/dist/arp/interceptors/network.d.ts +26 -0
package/dist/arp/interceptors/network.d.ts.map +1 -0
package/dist/arp/interceptors/network.js +146 -0
package/dist/arp/interceptors/network.js.map +1 -0
package/dist/arp/interceptors/process.d.ts +26 -0
package/dist/arp/interceptors/process.d.ts.map +1 -0
package/dist/arp/interceptors/process.js +157 -0
package/dist/arp/interceptors/process.js.map +1 -0
package/dist/arp/interceptors/prompt.d.ts +29 -0
package/dist/arp/interceptors/prompt.d.ts.map +1 -0
package/dist/arp/interceptors/prompt.js +82 -0
package/dist/arp/interceptors/prompt.js.map +1 -0
package/dist/arp/license/index.d.ts +59 -0
package/dist/arp/license/index.d.ts.map +1 -0
package/dist/arp/license/index.js +78 -0
package/dist/arp/license/index.js.map +1 -0
package/dist/arp/monitors/filesystem.d.ts +21 -0
package/dist/arp/monitors/filesystem.d.ts.map +1 -0
package/dist/arp/monitors/filesystem.js +141 -0
package/dist/arp/monitors/filesystem.js.map +1 -0
package/dist/arp/monitors/network.d.ts +32 -0
package/dist/arp/monitors/network.d.ts.map +1 -0
package/dist/arp/monitors/network.js +301 -0
package/dist/arp/monitors/network.js.map +1 -0
package/dist/arp/monitors/process.d.ts +24 -0
package/dist/arp/monitors/process.d.ts.map +1 -0
package/dist/arp/monitors/process.js +205 -0
package/dist/arp/monitors/process.js.map +1 -0
package/dist/arp/patterns/ai-threats.d.ts +48 -0
package/dist/arp/patterns/ai-threats.d.ts.map +1 -0
package/dist/arp/patterns/ai-threats.js +215 -0
package/dist/arp/patterns/ai-threats.js.map +1 -0
package/dist/arp/proxy/forward.d.ts +23 -0
package/dist/arp/proxy/forward.d.ts.map +1 -0
package/dist/arp/proxy/forward.js +152 -0
package/dist/arp/proxy/forward.js.map +1 -0
package/dist/arp/proxy/server.d.ts +45 -0
package/dist/arp/proxy/server.d.ts.map +1 -0
package/dist/arp/proxy/server.js +331 -0
package/dist/arp/proxy/server.js.map +1 -0
package/dist/arp/reporting/local-log.d.ts +22 -0
package/dist/arp/reporting/local-log.d.ts.map +1 -0
package/dist/arp/reporting/local-log.js +116 -0
package/dist/arp/reporting/local-log.js.map +1 -0
package/dist/arp/types.d.ts +230 -0
package/dist/arp/types.d.ts.map +1 -0
package/dist/arp/types.js +4 -0
package/dist/arp/types.js.map +1 -0
package/dist/attack/custom-payloads.d.ts +11 -0
package/dist/attack/custom-payloads.d.ts.map +1 -0
package/dist/attack/custom-payloads.js +108 -0
package/dist/attack/custom-payloads.js.map +1 -0
package/dist/attack/fail-policy.d.ts +16 -0
package/dist/attack/fail-policy.d.ts.map +1 -0
package/dist/attack/fail-policy.js +36 -0
package/dist/attack/fail-policy.js.map +1 -0
package/dist/attack/index.d.ts +12 -0
package/dist/attack/index.d.ts.map +1 -0
package/dist/attack/index.js +30 -0
package/dist/attack/index.js.map +1 -0
package/dist/attack/payloads/a2a-attacks.d.ts +12 -0
package/dist/attack/payloads/a2a-attacks.d.ts.map +1 -0
package/dist/attack/payloads/a2a-attacks.js +221 -0
package/dist/attack/payloads/a2a-attacks.js.map +1 -0
package/dist/attack/payloads/capability-abuse.d.ts +8 -0
package/dist/attack/payloads/capability-abuse.d.ts.map +1 -0
package/dist/attack/payloads/capability-abuse.js +222 -0
package/dist/attack/payloads/capability-abuse.js.map +1 -0
package/dist/attack/payloads/context-manipulation.d.ts +8 -0
package/dist/attack/payloads/context-manipulation.d.ts.map +1 -0
package/dist/attack/payloads/context-manipulation.js +217 -0
package/dist/attack/payloads/context-manipulation.js.map +1 -0
package/dist/attack/payloads/data-exfiltration.d.ts +8 -0
package/dist/attack/payloads/data-exfiltration.d.ts.map +1 -0
package/dist/attack/payloads/data-exfiltration.js +249 -0
package/dist/attack/payloads/data-exfiltration.js.map +1 -0
package/dist/attack/payloads/index.d.ts +29 -0
package/dist/attack/payloads/index.d.ts.map +1 -0
package/dist/attack/payloads/index.js +76 -0
package/dist/attack/payloads/index.js.map +1 -0
package/dist/attack/payloads/jailbreak.d.ts +8 -0
package/dist/attack/payloads/jailbreak.d.ts.map +1 -0
package/dist/attack/payloads/jailbreak.js +265 -0
package/dist/attack/payloads/jailbreak.js.map +1 -0
package/dist/attack/payloads/mcp-exploitation.d.ts +12 -0
package/dist/attack/payloads/mcp-exploitation.d.ts.map +1 -0
package/dist/attack/payloads/mcp-exploitation.js +221 -0
package/dist/attack/payloads/mcp-exploitation.js.map +1 -0
package/dist/attack/payloads/prompt-injection.d.ts +8 -0
package/dist/attack/payloads/prompt-injection.d.ts.map +1 -0
package/dist/attack/payloads/prompt-injection.js +262 -0
package/dist/attack/payloads/prompt-injection.js.map +1 -0
package/dist/attack/scanner.d.ts +84 -0
package/dist/attack/scanner.d.ts.map +1 -0
package/dist/attack/scanner.js +509 -0
package/dist/attack/scanner.js.map +1 -0
package/dist/attack/types.d.ts +153 -0
package/dist/attack/types.d.ts.map +1 -0
package/dist/attack/types.js +46 -0
package/dist/attack/types.js.map +1 -0
package/dist/benchmarks/index.d.ts +16 -0
package/dist/benchmarks/index.d.ts.map +1 -0
package/dist/benchmarks/index.js +27 -0
package/dist/benchmarks/index.js.map +1 -0
package/dist/benchmarks/oasb-1.d.ts +112 -0
package/dist/benchmarks/oasb-1.d.ts.map +1 -0
package/dist/benchmarks/oasb-1.js +1124 -0
package/dist/benchmarks/oasb-1.js.map +1 -0
package/dist/checker/check-skill.d.ts +48 -0
package/dist/checker/check-skill.d.ts.map +1 -0
package/dist/checker/check-skill.js +105 -0
package/dist/checker/check-skill.js.map +1 -0
package/dist/checker/index.d.ts +12 -0
package/dist/checker/index.d.ts.map +1 -0
package/dist/checker/index.js +16 -0
package/dist/checker/index.js.map +1 -0
package/dist/checker/permission-analyzer.d.ts +12 -0
package/dist/checker/permission-analyzer.d.ts.map +1 -0
package/dist/checker/permission-analyzer.js +84 -0
package/dist/checker/permission-analyzer.js.map +1 -0
package/dist/checker/publisher-verifier.d.ts +34 -0
package/dist/checker/publisher-verifier.d.ts.map +1 -0
package/dist/checker/publisher-verifier.js +121 -0
package/dist/checker/publisher-verifier.js.map +1 -0
package/dist/checker/skill-identifier.d.ts +14 -0
package/dist/checker/skill-identifier.d.ts.map +1 -0
package/dist/checker/skill-identifier.js +55 -0
package/dist/checker/skill-identifier.js.map +1 -0
package/dist/cli.d.ts +7 -0
package/dist/cli.d.ts.map +1 -0
package/dist/cli.js +3534 -0
package/dist/cli.js.map +1 -0
package/dist/hardening/index.d.ts +7 -0
package/dist/hardening/index.d.ts.map +1 -0
package/dist/hardening/index.js +9 -0
package/dist/hardening/index.js.map +1 -0
package/dist/hardening/scanner.d.ts +147 -0
package/dist/hardening/scanner.d.ts.map +1 -0
package/dist/hardening/scanner.js +5445 -0
package/dist/hardening/scanner.js.map +1 -0
package/dist/hardening/security-check.d.ts +85 -0
package/dist/hardening/security-check.d.ts.map +1 -0
package/dist/hardening/security-check.js +6 -0
package/dist/hardening/security-check.js.map +1 -0
package/dist/index.d.ts +38 -4
package/dist/index.d.ts.map +1 -1
package/dist/index.js +91 -3525
package/dist/index.js.map +1 -1
package/dist/mcp-server.js +10 -10
package/dist/mcp-server.js.map +1 -1
package/dist/oasb/config/dvaa-targets.d.ts +13 -0
package/dist/oasb/config/dvaa-targets.d.ts.map +1 -0
package/dist/oasb/config/dvaa-targets.js +89 -0
package/dist/oasb/config/dvaa-targets.js.map +1 -0
package/dist/oasb/harness/arp-wrapper.d.ts +29 -0
package/dist/oasb/harness/arp-wrapper.d.ts.map +1 -0
package/dist/oasb/harness/arp-wrapper.js +134 -0
package/dist/oasb/harness/arp-wrapper.js.map +1 -0
package/dist/oasb/harness/dvaa-client.d.ts +46 -0
package/dist/oasb/harness/dvaa-client.d.ts.map +1 -0
package/dist/oasb/harness/dvaa-client.js +98 -0
package/dist/oasb/harness/dvaa-client.js.map +1 -0
package/dist/oasb/harness/dvaa-manager.d.ts +17 -0
package/dist/oasb/harness/dvaa-manager.d.ts.map +1 -0
package/dist/oasb/harness/dvaa-manager.js +132 -0
package/dist/oasb/harness/dvaa-manager.js.map +1 -0
package/dist/oasb/harness/event-collector.d.ts +33 -0
package/dist/oasb/harness/event-collector.d.ts.map +1 -0
package/dist/oasb/harness/event-collector.js +86 -0
package/dist/oasb/harness/event-collector.js.map +1 -0
package/dist/oasb/harness/metrics.d.ts +14 -0
package/dist/oasb/harness/metrics.d.ts.map +1 -0
package/dist/oasb/harness/metrics.js +56 -0
package/dist/oasb/harness/metrics.js.map +1 -0
package/dist/oasb/harness/mock-llm-adapter.d.ts +34 -0
package/dist/oasb/harness/mock-llm-adapter.d.ts.map +1 -0
package/dist/oasb/harness/mock-llm-adapter.js +69 -0
package/dist/oasb/harness/mock-llm-adapter.js.map +1 -0
package/dist/oasb/harness/types.d.ts +74 -0
package/dist/oasb/harness/types.d.ts.map +1 -0
package/dist/oasb/harness/types.js +3 -0
package/dist/oasb/harness/types.js.map +1 -0
package/dist/plugins/core.d.ts +109 -0
package/dist/plugins/core.d.ts.map +1 -0
package/dist/plugins/core.js +30 -0
package/dist/plugins/core.js.map +1 -0
package/dist/plugins/credvault.d.ts +22 -0
package/dist/plugins/credvault.d.ts.map +1 -0
package/dist/plugins/credvault.js +374 -0
package/dist/plugins/credvault.js.map +1 -0
package/dist/plugins/signcrypt.d.ts +27 -0
package/dist/plugins/signcrypt.d.ts.map +1 -0
package/dist/plugins/signcrypt.js +317 -0
package/dist/plugins/signcrypt.js.map +1 -0
package/dist/plugins/skillguard.d.ts +25 -0
package/dist/plugins/skillguard.d.ts.map +1 -0
package/dist/plugins/skillguard.js +346 -0
package/dist/plugins/skillguard.js.map +1 -0
package/dist/registry/client.d.ts +125 -0
package/dist/registry/client.d.ts.map +1 -0
package/dist/registry/client.js +308 -0
package/dist/registry/client.js.map +1 -0
package/dist/registry/index.d.ts +3 -0
package/dist/registry/index.d.ts.map +1 -0
package/dist/registry/index.js +10 -0
package/dist/registry/index.js.map +1 -0
package/dist/scanner/external-scanner.d.ts +13 -0
package/dist/scanner/external-scanner.d.ts.map +1 -0
package/dist/scanner/external-scanner.js +299 -0
package/dist/scanner/external-scanner.js.map +1 -0
package/dist/scanner/index.d.ts +6 -0
package/dist/scanner/index.d.ts.map +1 -0
package/dist/scanner/index.js +9 -0
package/dist/scanner/index.js.map +1 -0
package/dist/scanner/types.d.ts +32 -0
package/dist/scanner/types.d.ts.map +1 -0
package/dist/scanner/types.js +6 -0
package/dist/scanner/types.js.map +1 -0
package/dist/semantic/deep-scan.d.ts +13 -0
package/dist/semantic/deep-scan.d.ts.map +1 -0
package/dist/semantic/deep-scan.js +63 -0
package/dist/semantic/deep-scan.js.map +1 -0
package/dist/semantic/index.d.ts +17 -0
package/dist/semantic/index.d.ts.map +1 -0
package/dist/semantic/index.js +39 -0
package/dist/semantic/index.js.map +1 -0
package/dist/semantic/integration/cost-estimator.d.ts +17 -0
package/dist/semantic/integration/cost-estimator.d.ts.map +1 -0
package/dist/semantic/integration/cost-estimator.js +54 -0
package/dist/semantic/integration/cost-estimator.js.map +1 -0
package/dist/semantic/integration/finding-adapter.d.ts +34 -0
package/dist/semantic/integration/finding-adapter.d.ts.map +1 -0
package/dist/semantic/integration/finding-adapter.js +41 -0
package/dist/semantic/integration/finding-adapter.js.map +1 -0
package/dist/semantic/integration/oasb-upgrader.d.ts +20 -0
package/dist/semantic/integration/oasb-upgrader.d.ts.map +1 -0
package/dist/semantic/integration/oasb-upgrader.js +47 -0
package/dist/semantic/integration/oasb-upgrader.js.map +1 -0
package/dist/semantic/llm/budget.d.ts +50 -0
package/dist/semantic/llm/budget.d.ts.map +1 -0
package/dist/semantic/llm/budget.js +139 -0
package/dist/semantic/llm/budget.js.map +1 -0
package/dist/semantic/llm/cache.d.ts +36 -0
package/dist/semantic/llm/cache.d.ts.map +1 -0
package/dist/semantic/llm/cache.js +103 -0
package/dist/semantic/llm/cache.js.map +1 -0
package/dist/semantic/llm/client.d.ts +49 -0
package/dist/semantic/llm/client.d.ts.map +1 -0
package/dist/semantic/llm/client.js +64 -0
package/dist/semantic/llm/client.js.map +1 -0
package/dist/semantic/llm/index.d.ts +33 -0
package/dist/semantic/llm/index.d.ts.map +1 -0
package/dist/semantic/llm/index.js +129 -0
package/dist/semantic/llm/index.js.map +1 -0
package/dist/semantic/llm/prompts.d.ts +30 -0
package/dist/semantic/llm/prompts.d.ts.map +1 -0
package/dist/semantic/llm/prompts.js +120 -0
package/dist/semantic/llm/prompts.js.map +1 -0
package/dist/semantic/structural/credential-context.d.ts +14 -0
package/dist/semantic/structural/credential-context.d.ts.map +1 -0
package/dist/semantic/structural/credential-context.js +295 -0
package/dist/semantic/structural/credential-context.js.map +1 -0
package/dist/semantic/structural/index.d.ts +28 -0
package/dist/semantic/structural/index.d.ts.map +1 -0
package/dist/semantic/structural/index.js +138 -0
package/dist/semantic/structural/index.js.map +1 -0
package/dist/semantic/structural/instruction.d.ts +19 -0
package/dist/semantic/structural/instruction.d.ts.map +1 -0
package/dist/semantic/structural/instruction.js +167 -0
package/dist/semantic/structural/instruction.js.map +1 -0
package/dist/semantic/structural/mcp-config.d.ts +22 -0
package/dist/semantic/structural/mcp-config.d.ts.map +1 -0
package/dist/semantic/structural/mcp-config.js +294 -0
package/dist/semantic/structural/mcp-config.js.map +1 -0
package/dist/semantic/structural/permission-model.d.ts +16 -0
package/dist/semantic/structural/permission-model.d.ts.map +1 -0
package/dist/semantic/structural/permission-model.js +121 -0
package/dist/semantic/structural/permission-model.js.map +1 -0
package/dist/semantic/types.d.ts +122 -0
package/dist/semantic/types.d.ts.map +1 -0
package/dist/semantic/types.js +10 -0
package/dist/semantic/types.js.map +1 -0
package/package.json +25 -14

package/dist/scanner/external-scanner.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"external-scanner.js","sourceRoot":"","sources":["../../src/scanner/external-scanner.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEH,yCAA2B;AAC3B,2CAA6B;AAC7B,6CAA+B;AAG/B,wBAAwB;AACxB,MAAM,aAAa,GAAG,CAAC,EAAE,EAAE,GAAG,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC;AAExF,6BAA6B;AAC7B,MAAM,YAAY,GAAG;IACnB,wBAAwB;IACxB,WAAW;IACX,mBAAmB;IACnB,mBAAmB;IACnB,cAAc;IACd,OAAO;CACR,CAAC;AAEF,8BAA8B;AAC9B,MAAM,aAAa,GAAG,CAAC,MAAM,EAAE,SAAS,EAAE,UAAU,EAAE,aAAa,CAAC,CAAC;AACrE,MAAM,eAAe,GAAG,CAAC,QAAQ,EAAE,OAAO,EAAE,YAAY,EAAE,WAAW,CAAC,CAAC;AAEvE,kBAAkB;AAClB,MAAM,eAAe,GAAG,CAAC,YAAY,EAAE,oBAAoB,CAAC,CAAC;AAE7D,mBAAmB;AACnB,MAAM,gBAAgB,GAAG;IACvB,EAAE,IAAI,EAAE,WAAW,EAAE,OAAO,EAAE,mCAAmC,EAAE;IACnE,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,yBAAyB,EAAE;IACtD,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,qBAAqB,EAAE;IAClD,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE,kBAAkB,EAAE;IAC5C,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,qBAAqB,EAAE;IAClD,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,4CAA4C,EAAE;CAC1E,CAAC;AAEF,+BAA+B;AAC/B,MAAM,gBAAgB,GAAoC;IACxD,QAAQ,EAAE,EAAE;IACZ,IAAI,EAAE,EAAE;IACR,MAAM,EAAE,EAAE;IACV,GAAG,EAAE,CAAC;CACP,CAAC;AAEF,SAAS,UAAU;IACjB,OAAO,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;AACrD,CAAC;AAED,SAAS,cAAc,CAAC,KAAa;IACnC,IAAI,KAAK,IAAI,EAAE;QAAE,OAAO,GAAG,CAAC;IAC5B,IAAI,KAAK,IAAI,EAAE;QAAE,OAAO,GAAG,CAAC;IAC5B,IAAI,KAAK,IAAI,EAAE;QAAE,OAAO,GAAG,CAAC;IAC5B,IAAI,KAAK,IAAI,EAAE;QAAE,OAAO,GAAG,CAAC;IAC5B,OAAO,GAAG,CAAC;AACb,CAAC;AAED,MAAa,eAAe;IAC1B,KAAK,CAAC,IAAI,CAAC,MAAc,EAAE,OAAwB;QACjD,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAC7B,MAAM,OAAO,GAAG,OAAO,EAAE,OAAO,IAAI,IAAI,CAAC;QACzC,MAAM,KAAK,GAAG,OAAO,EAAE,KAAK,IAAI,aAAa,CAAC;QAC9C,MAAM,YAAY,GAAG,OAAO,EAAE,YAAY,IAAI,KAAK,CAAC;QAEpD,YAAY;QACZ,IAAI,SAAS,GAAa,EAAE,CAAC;QAC7B,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,SAAS,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC;QAC3D,CAAC;QAED,oCAAoC;QACpC,MAAM,QAAQ,GAAsB,EAAE,CAAC;QAEvC,KAAK,MAAM,IAAI,IAAI,SAAS,EAAE,CAAC;YAC7B,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;YACjE,QAAQ,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,CAAC;QACjC,CAAC;QAED,kBAAkB;QAClB,IAAI,KAAK,GAAG,GAAG,CAAC;QAChB,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;YAC/B,KAAK,IAAI,gBAAgB,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;QAC9C,CAAC;QACD,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;QAE3B,MAAM,KAAK,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC;QACpC,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;QAExC,OAAO;YACL,EAAE,EAAE,UAAU,EAAE;YAChB,MAAM;YACN,KAAK;YACL,KAAK;YACL,QAAQ;YACR,QAAQ;YACR,SAAS,EAAE,IAAI,IAAI,EAAE;YACrB,SAAS;SACV,CAAC;IACJ,CAAC;IAEO,KAAK,CAAC,SAAS,CACrB,MAAc,EACd,KAAe,EACf,OAAe;QAEf,MAAM,SAAS,GAAa,EAAE,CAAC;QAE/B,MAAM,OAAO,CAAC,GAAG,CACf,KAAK,CAAC,GAAG,CAAC,KAAK,EAAE,IAAI,EAAE,EAAE;YACvB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,MAAM,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;YAC5D,IAAI,MAAM,EAAE,CAAC;gBACX,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACvB,CAAC;QACH,CAAC,CAAC,CACH,CAAC;QAEF,OAAO,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;IACzC,CAAC;IAEO,UAAU,CAAC,IAAY,EAAE,IAAY,EAAE,OAAe;QAC5D,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;YAC7B,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,MAAM,EAAE,CAAC;YAEhC,MAAM,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;YAE3B,MAAM,CAAC,EAAE,CAAC,SAAS,EAAE,GAAG,EAAE;gBACxB,MAAM,CAAC,OAAO,EAAE,CAAC;gBACjB,OAAO,CAAC,IAAI,CAAC,CAAC;YAChB,CAAC,CAAC,CAAC;YAEH,MAAM,CAAC,EAAE,CAAC,SAAS,EAAE,GAAG,EAAE;gBACxB,MAAM,CAAC,OAAO,EAAE,CAAC;gBACjB,OAAO,CAAC,KAAK,CAAC,CAAC;YACjB,CAAC,CAAC,CAAC;YAEH,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE;gBACtB,MAAM,CAAC,OAAO,EAAE,CAAC;gBACjB,OAAO,CAAC,KAAK,CAAC,CAAC;YACjB,CAAC,CAAC,CAAC;YAEH,MAAM,CAAC,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;QAC7B,CAAC,CAAC,CAAC;IACL,CAAC;IAEO,KAAK,CAAC,SAAS,CACrB,MAAc,EACd,IAAY,EACZ,OAAe;QAEf,MAAM,QAAQ,GAAsB,EAAE,CAAC;QACvC,MAAM,QAAQ,GAAG,IAAI,KAAK,GAAG,CAAC;QAC9B,MAAM,OAAO,GAAG,OAAO,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,MAAM,MAAM,IAAI,IAAI,EAAE,CAAC;QAEjE,0BAA0B;QAC1B,KAAK,MAAM,IAAI,IAAI,aAAa,EAAE,CAAC;YACjC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,OAAO,GAAG,IAAI,EAAE,OAAO,CAAC,CAAC;YAC7D,IAAI,MAAM,IAAI,MAAM,CAAC,WAAW,EAAE,QAAQ,CAAC,mBAAmB,CAAC,EAAE,CAAC;gBAChE,QAAQ,CAAC,IAAI,CAAC;oBACZ,EAAE,EAAE,UAAU,EAAE;oBAChB,OAAO,EAAE,SAAS;oBAClB,QAAQ,EAAE,UAAU;oBACpB,KAAK,EAAE,0BAA0B;oBACjC,WAAW,EAAE,4DAA4D;oBACzE,IAAI;oBACJ,IAAI;oBACJ,QAAQ,EAAE,iBAAiB,MAAM,CAAC,WAAW,EAAE;oBAC/C,MAAM,EAAE,0EAA0E;oBAClF,GAAG,EAAE,uDAAuD;iBAC7D,CAAC,CAAC;gBACH,MAAM;YACR,CAAC;QACH,CAAC;QAED,4BAA4B;QAC5B,KAAK,MAAM,IAAI,IAAI,eAAe,EAAE,CAAC;YACnC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,OAAO,GAAG,IAAI,EAAE,OAAO,CAAC,CAAC;YAC7D,IAAI,MAAM,IAAI,MAAM,CAAC,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,IAAI,EAAE,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;gBACtE,QAAQ,CAAC,IAAI,CAAC;oBACZ,EAAE,EAAE,UAAU,EAAE;oBAChB,OAAO,EAAE,WAAW;oBACpB,QAAQ,EAAE,UAAU;oBACpB,KAAK,EAAE,4BAA4B;oBACnC,WAAW,EAAE,0CAA0C;oBACvD,IAAI;oBACJ,IAAI;oBACJ,QAAQ,EAAE,0BAA0B,IAAI,EAAE;oBAC1C,MAAM,EAAE,8DAA8D;oBACtE,GAAG,EAAE,kEAAkE;iBACxE,CAAC,CAAC;gBACH,MAAM;YACR,CAAC;QACH,CAAC;QAED,qBAAqB;QACrB,KAAK,MAAM,IAAI,IAAI,YAAY,EAAE,CAAC;YAChC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,OAAO,GAAG,IAAI,EAAE,OAAO,CAAC,CAAC;YAC7D,IAAI,MAAM,IAAI,MAAM,CAAC,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,IAAI,EAAE,CAAC;gBACnD,qCAAqC;gBACrC,IACE,MAAM,CAAC,WAAW,EAAE,QAAQ,CAAC,kBAAkB,CAAC;oBAChD,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC,EAClC,CAAC;oBACD,QAAQ,CAAC,IAAI,CAAC;wBACZ,EAAE,EAAE,UAAU,EAAE;wBAChB,OAAO,EAAE,gBAAgB;wBACzB,QAAQ,EAAE,UAAU;wBACpB,KAAK,EAAE,4BAA4B;wBACnC,WAAW,EAAE,sBAAsB,IAAI,yBAAyB;wBAChE,IAAI;wBACJ,IAAI;wBACJ,QAAQ,EAAE,eAAe,IAAI,EAAE;wBAC/B,MAAM,EAAE,iFAAiF;wBACzF,GAAG,EAAE,uEAAuE;qBAC7E,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;QAED,kBAAkB;QAClB,KAAK,MAAM,IAAI,IAAI,eAAe,EAAE,CAAC;YACnC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,OAAO,GAAG,IAAI,EAAE,OAAO,CAAC,CAAC;YAC7D,IAAI,MAAM,IAAI,MAAM,CAAC,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,IAAI,EAAE,CAAC;gBACnD,QAAQ,CAAC,IAAI,CAAC;oBACZ,EAAE,EAAE,UAAU,EAAE;oBAChB,OAAO,EAAE,mBAAmB;oBAC5B,QAAQ,EAAE,MAAM;oBAChB,KAAK,EAAE,uCAAuC;oBAC9C,WAAW,EAAE,uDAAuD;oBACpE,IAAI;oBACJ,IAAI;oBACJ,QAAQ,EAAE,sBAAsB,IAAI,EAAE;oBACtC,MAAM,EAAE,mFAAmF;oBAC3F,GAAG,EAAE,uEAAuE;iBAC7E,CAAC,CAAC;gBACH,MAAM;YACR,CAAC;QACH,CAAC;QAED,4CAA4C;QAC5C,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,OAAO,GAAG,GAAG,EAAE,OAAO,CAAC,CAAC;QAChE,IAAI,UAAU,IAAI,UAAU,CAAC,IAAI,EAAE,CAAC;YAClC,KAAK,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,gBAAgB,EAAE,CAAC;gBACjD,IAAI,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;oBAClC,QAAQ,CAAC,IAAI,CAAC;wBACZ,EAAE,EAAE,UAAU,EAAE;wBAChB,OAAO,EAAE,iBAAiB;wBAC1B,QAAQ,EAAE,UAAU;wBACpB,KAAK,EAAE,GAAG,IAAI,kBAAkB;wBAChC,WAAW,EAAE,GAAG,IAAI,iCAAiC;wBACrD,IAAI;wBACJ,IAAI,EAAE,GAAG;wBACT,QAAQ,EAAE,SAAS,IAAI,8BAA8B;wBACrD,MAAM,EAAE,qEAAqE;wBAC7E,GAAG,EAAE,wEAAwE;qBAC9E,CAAC,CAAC;oBACH,MAAM;gBACR,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;IAEO,SAAS,CACf,GAAW,EACX,OAAe;QAEf,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;YAC7B,MAAM,OAAO,GAAG,GAAG,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC;YAC3C,MAAM,MAAM,GAAG,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC;YAEtC,MAAM,GAAG,GAAG,MAAM,CAAC,GAAG,CACpB,GAAG,EACH;gBACE,OAAO;gBACP,OAAO,EAAE;oBACP,YAAY,EAAE,yBAAyB;oBACvC,4BAA4B,EAAE,MAAM;iBACrC;gBACD,kBAAkB,EAAE,KAAK;aAC1B,EACD,CAAC,GAAG,EAAE,EAAE;gBACN,IAAI,IAAI,GAAG,EAAE,CAAC;gBACd,GAAG,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAK,EAAE,EAAE;oBACvB,IAAI,IAAI,KAAK,CAAC;oBACd,kBAAkB;oBAClB,IAAI,IAAI,CAAC,MAAM,GAAG,KAAK,EAAE,CAAC;wBACxB,GAAG,CAAC,OAAO,EAAE,CAAC;oBAChB,CAAC;gBACH,CAAC,CAAC,CAAC;gBACH,GAAG,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE;oBACjB,OAAO,CAAC;wBACN,MAAM,EAAE,GAAG,CAAC,UAAU,IAAI,CAAC;wBAC3B,WAAW,EAAE,GAAG,CAAC,OAAO,CAAC,cAAc,CAAC;wBACxC,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC,EAAE,KAAK,CAAC;qBAC/B,CAAC,CAAC;gBACL,CAAC,CAAC,CAAC;gBACH,GAAG,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC;YACvC,CAAC,CACF,CAAC;YAEF,GAAG,CAAC,EAAE,CAAC,SAAS,EAAE,GAAG,EAAE;gBACrB,GAAG,CAAC,OAAO,EAAE,CAAC;gBACd,OAAO,CAAC,IAAI,CAAC,CAAC;YAChB,CAAC,CAAC,CAAC;YAEH,GAAG,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC;QACvC,CAAC,CAAC,CAAC;IACL,CAAC;CACF;AA5PD,0CA4PC"}

package/dist/scanner/index.d.ts ADDED Viewed

@@ -0,0 +1,6 @@
+/**
+ * External scanner module
+ */
+export { ExternalScanner } from './external-scanner';
+export type { ExternalScanResult, ExternalFinding, ScannerOptions, FindingSeverity, } from './types';
+//# sourceMappingURL=index.d.ts.map

package/dist/scanner/index.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/scanner/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AACrD,YAAY,EACV,kBAAkB,EAClB,eAAe,EACf,cAAc,EACd,eAAe,GAChB,MAAM,SAAS,CAAC"}

package/dist/scanner/index.js ADDED Viewed

@@ -0,0 +1,9 @@
+"use strict";
+/**
+ * External scanner module
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ExternalScanner = void 0;
+var external_scanner_1 = require("./external-scanner");
+Object.defineProperty(exports, "ExternalScanner", { enumerable: true, get: function () { return external_scanner_1.ExternalScanner; } });
+//# sourceMappingURL=index.js.map

package/dist/scanner/index.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/scanner/index.ts"],"names":[],"mappings":";AAAA;;GAEG;;;AAEH,uDAAqD;AAA5C,mHAAA,eAAe,OAAA"}

package/dist/scanner/types.d.ts ADDED Viewed

@@ -0,0 +1,32 @@
+/**
+ * External scanner types
+ */
+export type FindingSeverity = 'critical' | 'high' | 'medium' | 'low';
+export interface ExternalFinding {
+    id: string;
+    checkId: string;
+    severity: FindingSeverity;
+    title: string;
+    description: string;
+    port?: number;
+    path?: string;
+    evidence: string;
+    impact: string;
+    fix: string;
+}
+export interface ExternalScanResult {
+    id: string;
+    target: string;
+    score: number;
+    grade: string;
+    findings: ExternalFinding[];
+    duration: number;
+    timestamp: Date;
+    openPorts: number[];
+}
+export interface ScannerOptions {
+    timeout?: number;
+    ports?: number[];
+    skipPortScan?: boolean;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/scanner/types.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/scanner/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,MAAM,MAAM,eAAe,GAAG,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;AAErE,MAAM,WAAW,eAAe;IAC9B,EAAE,EAAE,MAAM,CAAC;IACX,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,eAAe,CAAC;IAC1B,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,EAAE,MAAM,CAAC;IACpB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,GAAG,EAAE,MAAM,CAAC;CACb;AAED,MAAM,WAAW,kBAAkB;IACjC,EAAE,EAAE,MAAM,CAAC;IACX,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,eAAe,EAAE,CAAC;IAC5B,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,IAAI,CAAC;IAChB,SAAS,EAAE,MAAM,EAAE,CAAC;CACrB;AAED,MAAM,WAAW,cAAc;IAC7B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;IACjB,YAAY,CAAC,EAAE,OAAO,CAAC;CACxB"}

package/dist/scanner/types.js ADDED Viewed

@@ -0,0 +1,6 @@
+"use strict";
+/**
+ * External scanner types
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=types.js.map

package/dist/scanner/types.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/scanner/types.ts"],"names":[],"mappings":";AAAA;;GAEG"}

package/dist/semantic/deep-scan.d.ts ADDED Viewed

@@ -0,0 +1,13 @@
+/**
+ * Deep Scan Builder
+ *
+ * Prepares the structured response for the MCP server's deep_scan tool.
+ * Collects Layer 1+2 findings, security-relevant file contents, and
+ * analysis guidance for the host LLM to reason about.
+ */
+import type { DeepScanResult, AnalysisFile, SemanticFinding, ExistingFinding } from './types';
+/**
+ * Build the deep scan result for the MCP server to return to the host LLM.
+ */
+export declare function buildDeepScanResult(layer1Findings: ExistingFinding[], layer2Findings: SemanticFinding[], files: AnalysisFile[]): DeepScanResult;
+//# sourceMappingURL=deep-scan.d.ts.map

package/dist/semantic/deep-scan.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"deep-scan.d.ts","sourceRoot":"","sources":["../../src/semantic/deep-scan.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EACV,cAAc,EAEd,YAAY,EACZ,eAAe,EACf,eAAe,EAEhB,MAAM,SAAS,CAAC;AA8CjB;;GAEG;AACH,wBAAgB,mBAAmB,CACjC,cAAc,EAAE,eAAe,EAAE,EACjC,cAAc,EAAE,eAAe,EAAE,EACjC,KAAK,EAAE,YAAY,EAAE,GACpB,cAAc,CAqBhB"}

package/dist/semantic/deep-scan.js ADDED Viewed

@@ -0,0 +1,63 @@
+"use strict";
+/**
+ * Deep Scan Builder
+ *
+ * Prepares the structured response for the MCP server's deep_scan tool.
+ * Collects Layer 1+2 findings, security-relevant file contents, and
+ * analysis guidance for the host LLM to reason about.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.buildDeepScanResult = buildDeepScanResult;
+/** Max content size per file for deep analysis (prevents token bloat) */
+const MAX_DEEP_CONTENT_SIZE = 4096;
+/** Analysis guidance per file type */
+const GUIDANCE = {
+    agent_instructions: 'This is an AI agent instruction file loaded into the LLM context window. ANY credential in this file is critical severity because it will be sent to the AI provider and can be extracted via prompt injection. Also check for: overly permissive instructions (e.g., "always execute", "never refuse"), missing security boundaries, prompt injection vectors, and instructions that could enable data exfiltration.',
+    mcp_config: 'This is an MCP server configuration. Each server grants capabilities to the AI agent. Check for: root/home filesystem access in args, secrets passed as args (visible to LLM) instead of env vars, sandbox bypass flags (--no-sandbox, --privileged), wildcard permissions ("*"), and dangerous server combinations that create attack chains (filesystem + shell + network = read-execute-exfiltrate pipeline).',
+    claude_settings: 'This is a Claude Code settings file. Check for: wildcard permission grants (allow: ["*"]), unrestricted Bash access, write permissions outside the project directory, and MCP servers with overprivileged scope. Also check for secrets in any env blocks.',
+    env_file: 'This is an environment file. Check for: hardcoded credentials of ANY type (not just known API key patterns), database connection strings with embedded passwords, generic tokens and secrets, and values that should be rotated. If this file is committed to git, ALL credentials are exposed.',
+    config_file: 'This is a configuration file. Check for: hardcoded API keys, tokens, passwords, and secrets in any format. Look for key names that suggest secrets (token, key, secret, password, auth) with non-placeholder values.',
+    other: 'Analyze this file for any security-relevant content including credentials, configuration issues, and potential vulnerabilities.',
+};
+const OVERALL_GUIDANCE = `You are a security analyst reviewing an AI agent project. The automated scan (Layer 1 + Layer 2) has already run. Now review the files below for threats that automated tools miss.
+For each file, identify:
+1. **Credentials in ANY format** — not just known API key patterns. Look for passwords, tokens, secrets, connection strings, auth headers, and any string that looks like it should be kept secret.
+2. **Overprivileged tool configurations** — MCP servers with too much filesystem/network/shell access.
+3. **Attack chains across multiple MCP servers** — combinations of capabilities that enable read→execute→exfiltrate.
+4. **Prompt injection vectors in agent instructions** — permissive rules that weaken security boundaries.
+5. **Data exfiltration risks** — webhook URLs, external service endpoints, or instructions to send data externally.
+For each finding, explain:
+- **WHAT** you found (be specific, include line numbers)
+- **WHY** it's a threat (what could an attacker do with this?)
+- **HOW** to fix it (concrete recommendation)
+Severity guide:
+- **critical**: Immediate exploitation risk (exposed credentials, root filesystem access)
+- **high**: Significant security gap (overprivileged access, missing boundaries)
+- **medium**: Defense-in-depth issue (large attack surface, missing security terms)
+- **low**: Informational / best practice recommendation`;
+/**
+ * Build the deep scan result for the MCP server to return to the host LLM.
+ */
+function buildDeepScanResult(layer1Findings, layer2Findings, files) {
+    const filesForDeepAnalysis = files.map((file) => {
+        const content = file.content.length > MAX_DEEP_CONTENT_SIZE
+            ? file.content.substring(0, MAX_DEEP_CONTENT_SIZE) + '\n... (truncated)'
+            : file.content;
+        return {
+            path: file.path,
+            type: file.type,
+            content,
+            analysisGuidance: GUIDANCE[file.type] || GUIDANCE.other,
+        };
+    });
+    return {
+        layer1Findings,
+        layer2Findings,
+        filesForDeepAnalysis,
+        overallGuidance: OVERALL_GUIDANCE,
+    };
+}
+//# sourceMappingURL=deep-scan.js.map

package/dist/semantic/deep-scan.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"deep-scan.js","sourceRoot":"","sources":["../../src/semantic/deep-scan.ts"],"names":[],"mappings":";AAAA;;;;;;GAMG;;AA0DH,kDAyBC;AAxED,yEAAyE;AACzE,MAAM,qBAAqB,GAAG,IAAI,CAAC;AAEnC,sCAAsC;AACtC,MAAM,QAAQ,GAA6B;IACzC,kBAAkB,EAChB,uZAAuZ;IAEzZ,UAAU,EACR,kZAAkZ;IAEpZ,eAAe,EACb,4PAA4P;IAE9P,QAAQ,EACN,iSAAiS;IAEnS,WAAW,EACT,sNAAsN;IAExN,KAAK,EACH,iIAAiI;CACpI,CAAC;AAEF,MAAM,gBAAgB,GAAG;;;;;;;;;;;;;;;;;;wDAkB+B,CAAC;AAEzD;;GAEG;AACH,SAAgB,mBAAmB,CACjC,cAAiC,EACjC,cAAiC,EACjC,KAAqB;IAErB,MAAM,oBAAoB,GAAuB,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE;QAClE,MAAM,OAAO,GACX,IAAI,CAAC,OAAO,CAAC,MAAM,GAAG,qBAAqB;YACzC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,EAAE,qBAAqB,CAAC,GAAG,mBAAmB;YACxE,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC;QAEnB,OAAO;YACL,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,OAAO;YACP,gBAAgB,EAAE,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,QAAQ,CAAC,KAAK;SACxD,CAAC;IACJ,CAAC,CAAC,CAAC;IAEH,OAAO;QACL,cAAc;QACd,cAAc;QACd,oBAAoB;QACpB,eAAe,EAAE,gBAAgB;KAClC,CAAC;AACJ,CAAC"}

package/dist/semantic/index.d.ts ADDED Viewed

@@ -0,0 +1,17 @@
+/**
+ * Semantic analysis engine
+ *
+ * Semantic analysis engine for AI agent security scanning.
+ * Provides Layer 2 (structural) and Layer 3 (LLM) analysis.
+ *
+ * Zero runtime dependencies. Imported by core scanner and MCP server.
+ */
+export { StructuralAnalyzer } from './structural';
+export { CredentialContextAnalyzer, McpConfigAnalyzer, InstructionAnalyzer, PermissionModelAnalyzer, } from './structural';
+export { LLMAnalyzer, AnthropicClient, LLMCache, BudgetTracker } from './llm';
+export { toSecurityFinding, toSecurityFindings } from './integration/finding-adapter';
+export { SEMANTIC_OASB_MAPPINGS, getSemanticCheckIds, getUpgradedControlIds } from './integration/oasb-upgrader';
+export { CostEstimator } from './integration/cost-estimator';
+export { buildDeepScanResult } from './deep-scan';
+export type { SemanticFinding, SemanticSeverity, SemanticCategory, AnalysisContext, AnalysisFile, FileType, ExistingFinding, LLMAnalysisOptions, CostEstimate, DeepScanResult, DeepAnalysisFile, McpServerConfig, McpConfigFile, ClaudeSettings, } from './types';
+//# sourceMappingURL=index.d.ts.map

package/dist/semantic/index.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/semantic/index.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAGH,OAAO,EAAE,kBAAkB,EAAE,MAAM,cAAc,CAAC;AAClD,OAAO,EACL,yBAAyB,EACzB,iBAAiB,EACjB,mBAAmB,EACnB,uBAAuB,GACxB,MAAM,cAAc,CAAC;AAGtB,OAAO,EAAE,WAAW,EAAE,eAAe,EAAE,QAAQ,EAAE,aAAa,EAAE,MAAM,OAAO,CAAC;AAG9E,OAAO,EAAE,iBAAiB,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AACtF,OAAO,EAAE,sBAAsB,EAAE,mBAAmB,EAAE,qBAAqB,EAAE,MAAM,6BAA6B,CAAC;AACjH,OAAO,EAAE,aAAa,EAAE,MAAM,8BAA8B,CAAC;AAG7D,OAAO,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC;AAGlD,YAAY,EACV,eAAe,EACf,gBAAgB,EAChB,gBAAgB,EAChB,eAAe,EACf,YAAY,EACZ,QAAQ,EACR,eAAe,EACf,kBAAkB,EAClB,YAAY,EACZ,cAAc,EACd,gBAAgB,EAChB,eAAe,EACf,aAAa,EACb,cAAc,GACf,MAAM,SAAS,CAAC"}

package/dist/semantic/index.js ADDED Viewed

@@ -0,0 +1,39 @@
+"use strict";
+/**
+ * Semantic analysis engine
+ *
+ * Semantic analysis engine for AI agent security scanning.
+ * Provides Layer 2 (structural) and Layer 3 (LLM) analysis.
+ *
+ * Zero runtime dependencies. Imported by core scanner and MCP server.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.buildDeepScanResult = exports.CostEstimator = exports.getUpgradedControlIds = exports.getSemanticCheckIds = exports.SEMANTIC_OASB_MAPPINGS = exports.toSecurityFindings = exports.toSecurityFinding = exports.BudgetTracker = exports.LLMCache = exports.AnthropicClient = exports.LLMAnalyzer = exports.PermissionModelAnalyzer = exports.InstructionAnalyzer = exports.McpConfigAnalyzer = exports.CredentialContextAnalyzer = exports.StructuralAnalyzer = void 0;
+// Layer 2: Structural Analysis
+var structural_1 = require("./structural");
+Object.defineProperty(exports, "StructuralAnalyzer", { enumerable: true, get: function () { return structural_1.StructuralAnalyzer; } });
+var structural_2 = require("./structural");
+Object.defineProperty(exports, "CredentialContextAnalyzer", { enumerable: true, get: function () { return structural_2.CredentialContextAnalyzer; } });
+Object.defineProperty(exports, "McpConfigAnalyzer", { enumerable: true, get: function () { return structural_2.McpConfigAnalyzer; } });
+Object.defineProperty(exports, "InstructionAnalyzer", { enumerable: true, get: function () { return structural_2.InstructionAnalyzer; } });
+Object.defineProperty(exports, "PermissionModelAnalyzer", { enumerable: true, get: function () { return structural_2.PermissionModelAnalyzer; } });
+// Layer 3: LLM Analysis
+var llm_1 = require("./llm");
+Object.defineProperty(exports, "LLMAnalyzer", { enumerable: true, get: function () { return llm_1.LLMAnalyzer; } });
+Object.defineProperty(exports, "AnthropicClient", { enumerable: true, get: function () { return llm_1.AnthropicClient; } });
+Object.defineProperty(exports, "LLMCache", { enumerable: true, get: function () { return llm_1.LLMCache; } });
+Object.defineProperty(exports, "BudgetTracker", { enumerable: true, get: function () { return llm_1.BudgetTracker; } });
+// Integration
+var finding_adapter_1 = require("./integration/finding-adapter");
+Object.defineProperty(exports, "toSecurityFinding", { enumerable: true, get: function () { return finding_adapter_1.toSecurityFinding; } });
+Object.defineProperty(exports, "toSecurityFindings", { enumerable: true, get: function () { return finding_adapter_1.toSecurityFindings; } });
+var oasb_upgrader_1 = require("./integration/oasb-upgrader");
+Object.defineProperty(exports, "SEMANTIC_OASB_MAPPINGS", { enumerable: true, get: function () { return oasb_upgrader_1.SEMANTIC_OASB_MAPPINGS; } });
+Object.defineProperty(exports, "getSemanticCheckIds", { enumerable: true, get: function () { return oasb_upgrader_1.getSemanticCheckIds; } });
+Object.defineProperty(exports, "getUpgradedControlIds", { enumerable: true, get: function () { return oasb_upgrader_1.getUpgradedControlIds; } });
+var cost_estimator_1 = require("./integration/cost-estimator");
+Object.defineProperty(exports, "CostEstimator", { enumerable: true, get: function () { return cost_estimator_1.CostEstimator; } });
+// Deep scan builder (for MCP server)
+var deep_scan_1 = require("./deep-scan");
+Object.defineProperty(exports, "buildDeepScanResult", { enumerable: true, get: function () { return deep_scan_1.buildDeepScanResult; } });
+//# sourceMappingURL=index.js.map

package/dist/semantic/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/semantic/index.ts"],"names":[],"mappings":";AAAA;;;;;;;GAOG;;;AAEH,+BAA+B;AAC/B,2CAAkD;AAAzC,gHAAA,kBAAkB,OAAA;AAC3B,2CAKsB;AAJpB,uHAAA,yBAAyB,OAAA;AACzB,+GAAA,iBAAiB,OAAA;AACjB,iHAAA,mBAAmB,OAAA;AACnB,qHAAA,uBAAuB,OAAA;AAGzB,wBAAwB;AACxB,6BAA8E;AAArE,kGAAA,WAAW,OAAA;AAAE,sGAAA,eAAe,OAAA;AAAE,+FAAA,QAAQ,OAAA;AAAE,oGAAA,aAAa,OAAA;AAE9D,cAAc;AACd,iEAAsF;AAA7E,oHAAA,iBAAiB,OAAA;AAAE,qHAAA,kBAAkB,OAAA;AAC9C,6DAAiH;AAAxG,uHAAA,sBAAsB,OAAA;AAAE,oHAAA,mBAAmB,OAAA;AAAE,sHAAA,qBAAqB,OAAA;AAC3E,+DAA6D;AAApD,+GAAA,aAAa,OAAA;AAEtB,qCAAqC;AACrC,yCAAkD;AAAzC,gHAAA,mBAAmB,OAAA"}

package/dist/semantic/integration/cost-estimator.d.ts ADDED Viewed

@@ -0,0 +1,17 @@
+/**
+ * Cost Estimator
+ *
+ * Pre-scan cost estimation for Layer 3 LLM analysis.
+ * Estimates token counts and costs before making API calls.
+ */
+import type { AnalysisFile, CostEstimate } from '../types';
+export declare class CostEstimator {
+    private cache;
+    private budget;
+    constructor(cacheDir?: string);
+    /**
+     * Estimate cost for analyzing a set of files.
+     */
+    estimate(files: AnalysisFile[]): Promise<CostEstimate>;
+}
+//# sourceMappingURL=cost-estimator.d.ts.map

package/dist/semantic/integration/cost-estimator.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"cost-estimator.d.ts","sourceRoot":"","sources":["../../../src/semantic/integration/cost-estimator.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,YAAY,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AAW3D,qBAAa,aAAa;IACxB,OAAO,CAAC,KAAK,CAAW;IACxB,OAAO,CAAC,MAAM,CAAgB;gBAElB,QAAQ,CAAC,EAAE,MAAM;IAK7B;;OAEG;IACG,QAAQ,CAAC,KAAK,EAAE,YAAY,EAAE,GAAG,OAAO,CAAC,YAAY,CAAC;CAsC7D"}

package/dist/semantic/integration/cost-estimator.js ADDED Viewed

@@ -0,0 +1,54 @@
+"use strict";
+/**
+ * Cost Estimator
+ *
+ * Pre-scan cost estimation for Layer 3 LLM analysis.
+ * Estimates token counts and costs before making API calls.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CostEstimator = void 0;
+const cache_1 = require("../llm/cache");
+const budget_1 = require("../llm/budget");
+const prompts_1 = require("../llm/prompts");
+/** Rough estimate: 1 token ≈ 4 characters */
+const CHARS_PER_TOKEN = 4;
+/** Estimated output tokens per file */
+const ESTIMATED_OUTPUT_TOKENS = 1000;
+class CostEstimator {
+    constructor(cacheDir) {
+        this.cache = new cache_1.LLMCache(cacheDir);
+        this.budget = new budget_1.BudgetTracker(undefined, cacheDir);
+    }
+    /**
+     * Estimate cost for analyzing a set of files.
+     */
+    async estimate(files) {
+        let totalInputTokens = 0;
+        let totalOutputTokens = 0;
+        let totalCost = 0;
+        let cachedFiles = 0;
+        for (const file of files) {
+            const { systemPrompt, model } = (0, prompts_1.getPromptForFileType)(file.type);
+            const contentHash = this.cache.hash(file.content, systemPrompt);
+            if (await this.cache.has(contentHash)) {
+                cachedFiles++;
+                continue;
+            }
+            // Estimate tokens
+            const inputTokens = Math.ceil((file.content.length + systemPrompt.length) / CHARS_PER_TOKEN);
+            totalInputTokens += inputTokens;
+            totalOutputTokens += ESTIMATED_OUTPUT_TOKENS;
+            // Estimate cost
+            totalCost += this.budget.estimateCost(model, inputTokens, ESTIMATED_OUTPUT_TOKENS);
+        }
+        return {
+            fileCount: files.length,
+            estimatedInputTokens: totalInputTokens,
+            estimatedOutputTokens: totalOutputTokens,
+            estimatedCostUsd: Math.round(totalCost * 1000) / 1000,
+            cachedFiles,
+        };
+    }
+}
+exports.CostEstimator = CostEstimator;
+//# sourceMappingURL=cost-estimator.js.map

package/dist/semantic/integration/cost-estimator.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"cost-estimator.js","sourceRoot":"","sources":["../../../src/semantic/integration/cost-estimator.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;;AAGH,wCAAwC;AACxC,0CAA8C;AAC9C,4CAAsD;AAEtD,6CAA6C;AAC7C,MAAM,eAAe,GAAG,CAAC,CAAC;AAE1B,uCAAuC;AACvC,MAAM,uBAAuB,GAAG,IAAI,CAAC;AAErC,MAAa,aAAa;IAIxB,YAAY,QAAiB;QAC3B,IAAI,CAAC,KAAK,GAAG,IAAI,gBAAQ,CAAC,QAAQ,CAAC,CAAC;QACpC,IAAI,CAAC,MAAM,GAAG,IAAI,sBAAa,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;IACvD,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,QAAQ,CAAC,KAAqB;QAClC,IAAI,gBAAgB,GAAG,CAAC,CAAC;QACzB,IAAI,iBAAiB,GAAG,CAAC,CAAC;QAC1B,IAAI,SAAS,GAAG,CAAC,CAAC;QAClB,IAAI,WAAW,GAAG,CAAC,CAAC;QAEpB,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,MAAM,EAAE,YAAY,EAAE,KAAK,EAAE,GAAG,IAAA,8BAAoB,EAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAChE,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;YAEhE,IAAI,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE,CAAC;gBACtC,WAAW,EAAE,CAAC;gBACd,SAAS;YACX,CAAC;YAED,kBAAkB;YAClB,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAC3B,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,GAAG,YAAY,CAAC,MAAM,CAAC,GAAG,eAAe,CAC9D,CAAC;YACF,gBAAgB,IAAI,WAAW,CAAC;YAChC,iBAAiB,IAAI,uBAAuB,CAAC;YAE7C,gBAAgB;YAChB,SAAS,IAAI,IAAI,CAAC,MAAM,CAAC,YAAY,CACnC,KAAK,EACL,WAAW,EACX,uBAAuB,CACxB,CAAC;QACJ,CAAC;QAED,OAAO;YACL,SAAS,EAAE,KAAK,CAAC,MAAM;YACvB,oBAAoB,EAAE,gBAAgB;YACtC,qBAAqB,EAAE,iBAAiB;YACxC,gBAAgB,EAAE,IAAI,CAAC,KAAK,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,IAAI;YACrD,WAAW;SACZ,CAAC;IACJ,CAAC;CACF;AAlDD,sCAkDC"}

package/dist/semantic/integration/finding-adapter.d.ts ADDED Viewed

@@ -0,0 +1,34 @@
+/**
+ * Finding Adapter
+ *
+ * Converts SemanticFinding (internal) → SecurityFinding (core scanner format).
+ * This is the bridge between the semantic engine and the existing scanner.
+ */
+import type { SemanticFinding } from '../types';
+/**
+ * SecurityFinding shape duplicated here to avoid a circular dependency —
+ * the semantic engine has zero runtime dependencies.
+ */
+export interface SecurityFinding {
+    checkId: string;
+    name: string;
+    description: string;
+    category: string;
+    severity: 'critical' | 'high' | 'medium' | 'low';
+    passed: boolean;
+    message: string;
+    fixable: boolean;
+    fixed?: boolean;
+    file?: string;
+    line?: number;
+    fix?: string;
+}
+/**
+ * Convert a SemanticFinding to a SecurityFinding for the core scanner.
+ */
+export declare function toSecurityFinding(finding: SemanticFinding): SecurityFinding;
+/**
+ * Convert an array of SemanticFindings to SecurityFindings.
+ */
+export declare function toSecurityFindings(findings: SemanticFinding[]): SecurityFinding[];
+//# sourceMappingURL=finding-adapter.d.ts.map

package/dist/semantic/integration/finding-adapter.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"finding-adapter.d.ts","sourceRoot":"","sources":["../../../src/semantic/integration/finding-adapter.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,UAAU,CAAC;AAEhD;;;GAGG;AACH,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;IACjD,MAAM,EAAE,OAAO,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,OAAO,CAAC;IACjB,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,GAAG,CAAC,EAAE,MAAM,CAAC;CACd;AASD;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,eAAe,GAAG,eAAe,CAc3E;AAED;;GAEG;AACH,wBAAgB,kBAAkB,CAChC,QAAQ,EAAE,eAAe,EAAE,GAC1B,eAAe,EAAE,CAEnB"}

package/dist/semantic/integration/finding-adapter.js ADDED Viewed

@@ -0,0 +1,41 @@
+"use strict";
+/**
+ * Finding Adapter
+ *
+ * Converts SemanticFinding (internal) → SecurityFinding (core scanner format).
+ * This is the bridge between the semantic engine and the existing scanner.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.toSecurityFinding = toSecurityFinding;
+exports.toSecurityFindings = toSecurityFindings;
+const CATEGORY_LABELS = {
+    credential: 'Credential Protection',
+    'mcp-config': 'MCP Configuration',
+    instruction: 'Agent Instructions',
+    permission: 'Permission Model',
+};
+/**
+ * Convert a SemanticFinding to a SecurityFinding for the core scanner.
+ */
+function toSecurityFinding(finding) {
+    return {
+        checkId: finding.id,
+        name: finding.title,
+        description: finding.description,
+        category: CATEGORY_LABELS[finding.category] || finding.category,
+        severity: finding.severity === 'info' ? 'low' : finding.severity,
+        passed: false,
+        message: finding.rationale,
+        fixable: finding.autoFixable,
+        file: finding.file,
+        line: finding.line,
+        fix: finding.recommendation,
+    };
+}
+/**
+ * Convert an array of SemanticFindings to SecurityFindings.
+ */
+function toSecurityFindings(findings) {
+    return findings.map(toSecurityFinding);
+}
+//# sourceMappingURL=finding-adapter.js.map

package/dist/semantic/integration/finding-adapter.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"finding-adapter.js","sourceRoot":"","sources":["../../../src/semantic/integration/finding-adapter.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;AAiCH,8CAcC;AAKD,gDAIC;AAjCD,MAAM,eAAe,GAA2B;IAC9C,UAAU,EAAE,uBAAuB;IACnC,YAAY,EAAE,mBAAmB;IACjC,WAAW,EAAE,oBAAoB;IACjC,UAAU,EAAE,kBAAkB;CAC/B,CAAC;AAEF;;GAEG;AACH,SAAgB,iBAAiB,CAAC,OAAwB;IACxD,OAAO;QACL,OAAO,EAAE,OAAO,CAAC,EAAE;QACnB,IAAI,EAAE,OAAO,CAAC,KAAK;QACnB,WAAW,EAAE,OAAO,CAAC,WAAW;QAChC,QAAQ,EAAE,eAAe,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,OAAO,CAAC,QAAQ;QAC/D,QAAQ,EAAE,OAAO,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ;QAChE,MAAM,EAAE,KAAK;QACb,OAAO,EAAE,OAAO,CAAC,SAAS;QAC1B,OAAO,EAAE,OAAO,CAAC,WAAW;QAC5B,IAAI,EAAE,OAAO,CAAC,IAAI;QAClB,IAAI,EAAE,OAAO,CAAC,IAAI;QAClB,GAAG,EAAE,OAAO,CAAC,cAAc;KAC5B,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAgB,kBAAkB,CAChC,QAA2B;IAE3B,OAAO,QAAQ,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;AACzC,CAAC"}

package/dist/semantic/integration/oasb-upgrader.d.ts ADDED Viewed

@@ -0,0 +1,20 @@
+/**
+ * OASB Upgrader
+ *
+ * Maps semantic check IDs to OASB benchmark controls.
+ * When semantic checks are active, these IDs are added to the controls'
+ * checkIds arrays, improving benchmark coverage.
+ */
+/**
+ * Mapping from OASB control ID → semantic check IDs that verify it.
+ */
+export declare const SEMANTIC_OASB_MAPPINGS: Record<string, string[]>;
+/**
+ * Get all semantic check IDs for a given OASB control.
+ */
+export declare function getSemanticCheckIds(controlId: string): string[];
+/**
+ * Get all OASB control IDs that have semantic mappings.
+ */
+export declare function getUpgradedControlIds(): string[];
+//# sourceMappingURL=oasb-upgrader.d.ts.map

package/dist/semantic/integration/oasb-upgrader.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"oasb-upgrader.d.ts","sourceRoot":"","sources":["../../../src/semantic/integration/oasb-upgrader.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH;;GAEG;AACH,eAAO,MAAM,sBAAsB,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,CAuB3D,CAAC;AAEF;;GAEG;AACH,wBAAgB,mBAAmB,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM,EAAE,CAE/D;AAED;;GAEG;AACH,wBAAgB,qBAAqB,IAAI,MAAM,EAAE,CAEhD"}

package/dist/semantic/integration/oasb-upgrader.js ADDED Viewed

@@ -0,0 +1,47 @@
+"use strict";
+/**
+ * OASB Upgrader
+ *
+ * Maps semantic check IDs to OASB benchmark controls.
+ * When semantic checks are active, these IDs are added to the controls'
+ * checkIds arrays, improving benchmark coverage.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SEMANTIC_OASB_MAPPINGS = void 0;
+exports.getSemanticCheckIds = getSemanticCheckIds;
+exports.getUpgradedControlIds = getUpgradedControlIds;
+/**
+ * Mapping from OASB control ID → semantic check IDs that verify it.
+ */
+exports.SEMANTIC_OASB_MAPPINGS = {
+    // 2.1 Explicit Capability Grants
+    // Structural analysis checks MCP configs for capability manifests
+    '2.1': ['SEM-MCP-001', 'SEM-MCP-004'],
+    // 3.1 Prompt Injection Protection
+    // Instruction analysis checks for injection defenses and permissive rules
+    '3.1': ['SEM-INST-001', 'SEM-INST-003'],
+    // 4.3 Data Exfiltration Prevention
+    // MCP analysis reasons about tool permissions + exfiltration paths
+    '4.3': ['SEM-MCP-005', 'SEM-INST-002'],
+    // 5.1 No Hardcoded Credentials
+    // Context-aware detection catches credentials regex misses
+    '5.1': ['SEM-CRED-001', 'SEM-CRED-002', 'SEM-CRED-003', 'SEM-CRED-004'],
+    // 5.2 Credential Rotation (structural detection of static credentials)
+    '5.2': ['SEM-CRED-002'],
+    // 2.2 Least Privilege Principle
+    // Permission model + MCP scope analysis
+    '2.2': ['SEM-PERM-001', 'SEM-PERM-002', 'SEM-MCP-001'],
+};
+/**
+ * Get all semantic check IDs for a given OASB control.
+ */
+function getSemanticCheckIds(controlId) {
+    return exports.SEMANTIC_OASB_MAPPINGS[controlId] || [];
+}
+/**
+ * Get all OASB control IDs that have semantic mappings.
+ */
+function getUpgradedControlIds() {
+    return Object.keys(exports.SEMANTIC_OASB_MAPPINGS);
+}
+//# sourceMappingURL=oasb-upgrader.js.map

package/dist/semantic/integration/oasb-upgrader.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"oasb-upgrader.js","sourceRoot":"","sources":["../../../src/semantic/integration/oasb-upgrader.ts"],"names":[],"mappings":";AAAA;;;;;;GAMG;;;AAiCH,kDAEC;AAKD,sDAEC;AAxCD;;GAEG;AACU,QAAA,sBAAsB,GAA6B;IAC9D,iCAAiC;IACjC,kEAAkE;IAClE,KAAK,EAAE,CAAC,aAAa,EAAE,aAAa,CAAC;IAErC,kCAAkC;IAClC,0EAA0E;IAC1E,KAAK,EAAE,CAAC,cAAc,EAAE,cAAc,CAAC;IAEvC,mCAAmC;IACnC,mEAAmE;IACnE,KAAK,EAAE,CAAC,aAAa,EAAE,cAAc,CAAC;IAEtC,+BAA+B;IAC/B,2DAA2D;IAC3D,KAAK,EAAE,CAAC,cAAc,EAAE,cAAc,EAAE,cAAc,EAAE,cAAc,CAAC;IAEvE,uEAAuE;IACvE,KAAK,EAAE,CAAC,cAAc,CAAC;IAEvB,gCAAgC;IAChC,wCAAwC;IACxC,KAAK,EAAE,CAAC,cAAc,EAAE,cAAc,EAAE,aAAa,CAAC;CACvD,CAAC;AAEF;;GAEG;AACH,SAAgB,mBAAmB,CAAC,SAAiB;IACnD,OAAO,8BAAsB,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC;AACjD,CAAC;AAED;;GAEG;AACH,SAAgB,qBAAqB;IACnC,OAAO,MAAM,CAAC,IAAI,CAAC,8BAAsB,CAAC,CAAC;AAC7C,CAAC"}

package/dist/semantic/llm/budget.d.ts ADDED Viewed

@@ -0,0 +1,50 @@
+/**
+ * LLM Budget Tracking (Layer 3)
+ *
+ * Tracks daily LLM API spend and enforces budget cap.
+ * Default: $1/day (configurable via HACKMYAGENT_LLM_BUDGET env var).
+ */
+export interface BudgetState {
+    date: string;
+    totalCostUsd: number;
+    requests: number;
+}
+export declare class BudgetTracker {
+    private budgetCap;
+    private cacheDir;
+    constructor(budgetCapUsd?: number, cacheDir?: string);
+    /**
+     * Calculate cost for a request.
+     */
+    calculateCost(model: 'haiku' | 'sonnet', inputTokens: number, outputTokens: number): number;
+    /**
+     * Estimate cost before making a request.
+     */
+    estimateCost(model: 'haiku' | 'sonnet', estimatedInputTokens: number, estimatedOutputTokens?: number): number;
+    /**
+     * Check if we're within budget for today.
+     */
+    isWithinBudget(): Promise<boolean>;
+    /**
+     * Get remaining budget for today.
+     */
+    remainingBudget(): Promise<number>;
+    /**
+     * Record a completed request's cost.
+     */
+    recordCost(model: 'haiku' | 'sonnet', inputTokens: number, outputTokens: number): Promise<number>;
+    /**
+     * Get today's spend summary.
+     */
+    getSummary(): Promise<{
+        spent: number;
+        cap: number;
+        remaining: number;
+        requests: number;
+    }>;
+    private todayKey;
+    private budgetFilePath;
+    private loadState;
+    private saveState;
+}
+//# sourceMappingURL=budget.d.ts.map

package/dist/semantic/llm/budget.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"budget.d.ts","sourceRoot":"","sources":["../../../src/semantic/llm/budget.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAWH,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,MAAM,CAAC;IACb,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,qBAAa,aAAa;IACxB,OAAO,CAAC,SAAS,CAAS;IAC1B,OAAO,CAAC,QAAQ,CAAS;gBAEb,YAAY,CAAC,EAAE,MAAM,EAAE,QAAQ,GAAE,MAA6B;IAM1E;;OAEG;IACH,aAAa,CACX,KAAK,EAAE,OAAO,GAAG,QAAQ,EACzB,WAAW,EAAE,MAAM,EACnB,YAAY,EAAE,MAAM,GACnB,MAAM;IAQT;;OAEG;IACH,YAAY,CACV,KAAK,EAAE,OAAO,GAAG,QAAQ,EACzB,oBAAoB,EAAE,MAAM,EAC5B,qBAAqB,GAAE,MAAa,GACnC,MAAM;IAIT;;OAEG;IACG,cAAc,IAAI,OAAO,CAAC,OAAO,CAAC;IAKxC;;OAEG;IACG,eAAe,IAAI,OAAO,CAAC,MAAM,CAAC;IAKxC;;OAEG;IACG,UAAU,CACd,KAAK,EAAE,OAAO,GAAG,QAAQ,EACzB,WAAW,EAAE,MAAM,EACnB,YAAY,EAAE,MAAM,GACnB,OAAO,CAAC,MAAM,CAAC;IASlB;;OAEG;IACG,UAAU,IAAI,OAAO,CAAC;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,GAAG,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAA;KAAE,CAAC;IAUhG,OAAO,CAAC,QAAQ;IAIhB,OAAO,CAAC,cAAc;YAIR,SAAS;YAeT,SAAS;CAQxB"}