hackmyagent 0.7.2 → 0.8.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +191 -0
- package/README.md +66 -28
- package/dist/arp/cli/index.d.ts +3 -0
- package/dist/arp/cli/index.d.ts.map +1 -0
- package/dist/arp/cli/index.js +219 -0
- package/dist/arp/cli/index.js.map +1 -0
- package/dist/arp/config/loader.d.ts +8 -0
- package/dist/arp/config/loader.d.ts.map +1 -0
- package/dist/arp/config/loader.js +102 -0
- package/dist/arp/config/loader.js.map +1 -0
- package/dist/arp/enforcement/kill-switch.d.ts +22 -0
- package/dist/arp/enforcement/kill-switch.d.ts.map +1 -0
- package/dist/arp/enforcement/kill-switch.js +122 -0
- package/dist/arp/enforcement/kill-switch.js.map +1 -0
- package/dist/arp/engine/event-engine.d.ts +29 -0
- package/dist/arp/engine/event-engine.d.ts.map +1 -0
- package/dist/arp/engine/event-engine.js +233 -0
- package/dist/arp/engine/event-engine.js.map +1 -0
- package/dist/arp/index.d.ts +81 -0
- package/dist/arp/index.d.ts.map +1 -0
- package/dist/arp/index.js +239 -0
- package/dist/arp/index.js.map +1 -0
- package/dist/arp/intelligence/adapters.d.ts +45 -0
- package/dist/arp/intelligence/adapters.d.ts.map +1 -0
- package/dist/arp/intelligence/adapters.js +222 -0
- package/dist/arp/intelligence/adapters.js.map +1 -0
- package/dist/arp/intelligence/anomaly.d.ts +32 -0
- package/dist/arp/intelligence/anomaly.d.ts.map +1 -0
- package/dist/arp/intelligence/anomaly.js +80 -0
- package/dist/arp/intelligence/anomaly.js.map +1 -0
- package/dist/arp/intelligence/budget.d.ts +33 -0
- package/dist/arp/intelligence/budget.d.ts.map +1 -0
- package/dist/arp/intelligence/budget.js +150 -0
- package/dist/arp/intelligence/budget.js.map +1 -0
- package/dist/arp/intelligence/coordinator.d.ts +43 -0
- package/dist/arp/intelligence/coordinator.d.ts.map +1 -0
- package/dist/arp/intelligence/coordinator.js +301 -0
- package/dist/arp/intelligence/coordinator.js.map +1 -0
- package/dist/arp/interceptors/a2a-protocol.d.ts +29 -0
- package/dist/arp/interceptors/a2a-protocol.d.ts.map +1 -0
- package/dist/arp/interceptors/a2a-protocol.js +111 -0
- package/dist/arp/interceptors/a2a-protocol.js.map +1 -0
- package/dist/arp/interceptors/filesystem.d.ts +33 -0
- package/dist/arp/interceptors/filesystem.d.ts.map +1 -0
- package/dist/arp/interceptors/filesystem.js +199 -0
- package/dist/arp/interceptors/filesystem.js.map +1 -0
- package/dist/arp/interceptors/mcp-protocol.d.ts +25 -0
- package/dist/arp/interceptors/mcp-protocol.d.ts.map +1 -0
- package/dist/arp/interceptors/mcp-protocol.js +126 -0
- package/dist/arp/interceptors/mcp-protocol.js.map +1 -0
- package/dist/arp/interceptors/network.d.ts +26 -0
- package/dist/arp/interceptors/network.d.ts.map +1 -0
- package/dist/arp/interceptors/network.js +146 -0
- package/dist/arp/interceptors/network.js.map +1 -0
- package/dist/arp/interceptors/process.d.ts +26 -0
- package/dist/arp/interceptors/process.d.ts.map +1 -0
- package/dist/arp/interceptors/process.js +157 -0
- package/dist/arp/interceptors/process.js.map +1 -0
- package/dist/arp/interceptors/prompt.d.ts +29 -0
- package/dist/arp/interceptors/prompt.d.ts.map +1 -0
- package/dist/arp/interceptors/prompt.js +82 -0
- package/dist/arp/interceptors/prompt.js.map +1 -0
- package/dist/arp/license/index.d.ts +59 -0
- package/dist/arp/license/index.d.ts.map +1 -0
- package/dist/arp/license/index.js +78 -0
- package/dist/arp/license/index.js.map +1 -0
- package/dist/arp/monitors/filesystem.d.ts +21 -0
- package/dist/arp/monitors/filesystem.d.ts.map +1 -0
- package/dist/arp/monitors/filesystem.js +141 -0
- package/dist/arp/monitors/filesystem.js.map +1 -0
- package/dist/arp/monitors/network.d.ts +32 -0
- package/dist/arp/monitors/network.d.ts.map +1 -0
- package/dist/arp/monitors/network.js +301 -0
- package/dist/arp/monitors/network.js.map +1 -0
- package/dist/arp/monitors/process.d.ts +24 -0
- package/dist/arp/monitors/process.d.ts.map +1 -0
- package/dist/arp/monitors/process.js +205 -0
- package/dist/arp/monitors/process.js.map +1 -0
- package/dist/arp/patterns/ai-threats.d.ts +48 -0
- package/dist/arp/patterns/ai-threats.d.ts.map +1 -0
- package/dist/arp/patterns/ai-threats.js +215 -0
- package/dist/arp/patterns/ai-threats.js.map +1 -0
- package/dist/arp/proxy/forward.d.ts +23 -0
- package/dist/arp/proxy/forward.d.ts.map +1 -0
- package/dist/arp/proxy/forward.js +152 -0
- package/dist/arp/proxy/forward.js.map +1 -0
- package/dist/arp/proxy/server.d.ts +45 -0
- package/dist/arp/proxy/server.d.ts.map +1 -0
- package/dist/arp/proxy/server.js +331 -0
- package/dist/arp/proxy/server.js.map +1 -0
- package/dist/arp/reporting/local-log.d.ts +22 -0
- package/dist/arp/reporting/local-log.d.ts.map +1 -0
- package/dist/arp/reporting/local-log.js +116 -0
- package/dist/arp/reporting/local-log.js.map +1 -0
- package/dist/arp/types.d.ts +230 -0
- package/dist/arp/types.d.ts.map +1 -0
- package/dist/arp/types.js +4 -0
- package/dist/arp/types.js.map +1 -0
- package/dist/attack/custom-payloads.d.ts +11 -0
- package/dist/attack/custom-payloads.d.ts.map +1 -0
- package/dist/attack/custom-payloads.js +108 -0
- package/dist/attack/custom-payloads.js.map +1 -0
- package/dist/attack/fail-policy.d.ts +16 -0
- package/dist/attack/fail-policy.d.ts.map +1 -0
- package/dist/attack/fail-policy.js +36 -0
- package/dist/attack/fail-policy.js.map +1 -0
- package/dist/attack/index.d.ts +12 -0
- package/dist/attack/index.d.ts.map +1 -0
- package/dist/attack/index.js +30 -0
- package/dist/attack/index.js.map +1 -0
- package/dist/attack/payloads/a2a-attacks.d.ts +12 -0
- package/dist/attack/payloads/a2a-attacks.d.ts.map +1 -0
- package/dist/attack/payloads/a2a-attacks.js +221 -0
- package/dist/attack/payloads/a2a-attacks.js.map +1 -0
- package/dist/attack/payloads/capability-abuse.d.ts +8 -0
- package/dist/attack/payloads/capability-abuse.d.ts.map +1 -0
- package/dist/attack/payloads/capability-abuse.js +222 -0
- package/dist/attack/payloads/capability-abuse.js.map +1 -0
- package/dist/attack/payloads/context-manipulation.d.ts +8 -0
- package/dist/attack/payloads/context-manipulation.d.ts.map +1 -0
- package/dist/attack/payloads/context-manipulation.js +217 -0
- package/dist/attack/payloads/context-manipulation.js.map +1 -0
- package/dist/attack/payloads/data-exfiltration.d.ts +8 -0
- package/dist/attack/payloads/data-exfiltration.d.ts.map +1 -0
- package/dist/attack/payloads/data-exfiltration.js +249 -0
- package/dist/attack/payloads/data-exfiltration.js.map +1 -0
- package/dist/attack/payloads/index.d.ts +29 -0
- package/dist/attack/payloads/index.d.ts.map +1 -0
- package/dist/attack/payloads/index.js +76 -0
- package/dist/attack/payloads/index.js.map +1 -0
- package/dist/attack/payloads/jailbreak.d.ts +8 -0
- package/dist/attack/payloads/jailbreak.d.ts.map +1 -0
- package/dist/attack/payloads/jailbreak.js +265 -0
- package/dist/attack/payloads/jailbreak.js.map +1 -0
- package/dist/attack/payloads/mcp-exploitation.d.ts +12 -0
- package/dist/attack/payloads/mcp-exploitation.d.ts.map +1 -0
- package/dist/attack/payloads/mcp-exploitation.js +221 -0
- package/dist/attack/payloads/mcp-exploitation.js.map +1 -0
- package/dist/attack/payloads/prompt-injection.d.ts +8 -0
- package/dist/attack/payloads/prompt-injection.d.ts.map +1 -0
- package/dist/attack/payloads/prompt-injection.js +262 -0
- package/dist/attack/payloads/prompt-injection.js.map +1 -0
- package/dist/attack/scanner.d.ts +84 -0
- package/dist/attack/scanner.d.ts.map +1 -0
- package/dist/attack/scanner.js +509 -0
- package/dist/attack/scanner.js.map +1 -0
- package/dist/attack/types.d.ts +153 -0
- package/dist/attack/types.d.ts.map +1 -0
- package/dist/attack/types.js +46 -0
- package/dist/attack/types.js.map +1 -0
- package/dist/benchmarks/index.d.ts +16 -0
- package/dist/benchmarks/index.d.ts.map +1 -0
- package/dist/benchmarks/index.js +27 -0
- package/dist/benchmarks/index.js.map +1 -0
- package/dist/benchmarks/oasb-1.d.ts +112 -0
- package/dist/benchmarks/oasb-1.d.ts.map +1 -0
- package/dist/benchmarks/oasb-1.js +1124 -0
- package/dist/benchmarks/oasb-1.js.map +1 -0
- package/dist/checker/check-skill.d.ts +48 -0
- package/dist/checker/check-skill.d.ts.map +1 -0
- package/dist/checker/check-skill.js +105 -0
- package/dist/checker/check-skill.js.map +1 -0
- package/dist/checker/index.d.ts +12 -0
- package/dist/checker/index.d.ts.map +1 -0
- package/dist/checker/index.js +16 -0
- package/dist/checker/index.js.map +1 -0
- package/dist/checker/permission-analyzer.d.ts +12 -0
- package/dist/checker/permission-analyzer.d.ts.map +1 -0
- package/dist/checker/permission-analyzer.js +84 -0
- package/dist/checker/permission-analyzer.js.map +1 -0
- package/dist/checker/publisher-verifier.d.ts +34 -0
- package/dist/checker/publisher-verifier.d.ts.map +1 -0
- package/dist/checker/publisher-verifier.js +121 -0
- package/dist/checker/publisher-verifier.js.map +1 -0
- package/dist/checker/skill-identifier.d.ts +14 -0
- package/dist/checker/skill-identifier.d.ts.map +1 -0
- package/dist/checker/skill-identifier.js +55 -0
- package/dist/checker/skill-identifier.js.map +1 -0
- package/dist/cli.d.ts +7 -0
- package/dist/cli.d.ts.map +1 -0
- package/dist/cli.js +3534 -0
- package/dist/cli.js.map +1 -0
- package/dist/hardening/index.d.ts +7 -0
- package/dist/hardening/index.d.ts.map +1 -0
- package/dist/hardening/index.js +9 -0
- package/dist/hardening/index.js.map +1 -0
- package/dist/hardening/scanner.d.ts +147 -0
- package/dist/hardening/scanner.d.ts.map +1 -0
- package/dist/hardening/scanner.js +5445 -0
- package/dist/hardening/scanner.js.map +1 -0
- package/dist/hardening/security-check.d.ts +85 -0
- package/dist/hardening/security-check.d.ts.map +1 -0
- package/dist/hardening/security-check.js +6 -0
- package/dist/hardening/security-check.js.map +1 -0
- package/dist/index.d.ts +38 -4
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +91 -3525
- package/dist/index.js.map +1 -1
- package/dist/mcp-server.js +10 -10
- package/dist/mcp-server.js.map +1 -1
- package/dist/oasb/config/dvaa-targets.d.ts +13 -0
- package/dist/oasb/config/dvaa-targets.d.ts.map +1 -0
- package/dist/oasb/config/dvaa-targets.js +89 -0
- package/dist/oasb/config/dvaa-targets.js.map +1 -0
- package/dist/oasb/harness/arp-wrapper.d.ts +29 -0
- package/dist/oasb/harness/arp-wrapper.d.ts.map +1 -0
- package/dist/oasb/harness/arp-wrapper.js +134 -0
- package/dist/oasb/harness/arp-wrapper.js.map +1 -0
- package/dist/oasb/harness/dvaa-client.d.ts +46 -0
- package/dist/oasb/harness/dvaa-client.d.ts.map +1 -0
- package/dist/oasb/harness/dvaa-client.js +98 -0
- package/dist/oasb/harness/dvaa-client.js.map +1 -0
- package/dist/oasb/harness/dvaa-manager.d.ts +17 -0
- package/dist/oasb/harness/dvaa-manager.d.ts.map +1 -0
- package/dist/oasb/harness/dvaa-manager.js +132 -0
- package/dist/oasb/harness/dvaa-manager.js.map +1 -0
- package/dist/oasb/harness/event-collector.d.ts +33 -0
- package/dist/oasb/harness/event-collector.d.ts.map +1 -0
- package/dist/oasb/harness/event-collector.js +86 -0
- package/dist/oasb/harness/event-collector.js.map +1 -0
- package/dist/oasb/harness/metrics.d.ts +14 -0
- package/dist/oasb/harness/metrics.d.ts.map +1 -0
- package/dist/oasb/harness/metrics.js +56 -0
- package/dist/oasb/harness/metrics.js.map +1 -0
- package/dist/oasb/harness/mock-llm-adapter.d.ts +34 -0
- package/dist/oasb/harness/mock-llm-adapter.d.ts.map +1 -0
- package/dist/oasb/harness/mock-llm-adapter.js +69 -0
- package/dist/oasb/harness/mock-llm-adapter.js.map +1 -0
- package/dist/oasb/harness/types.d.ts +74 -0
- package/dist/oasb/harness/types.d.ts.map +1 -0
- package/dist/oasb/harness/types.js +3 -0
- package/dist/oasb/harness/types.js.map +1 -0
- package/dist/plugins/core.d.ts +109 -0
- package/dist/plugins/core.d.ts.map +1 -0
- package/dist/plugins/core.js +30 -0
- package/dist/plugins/core.js.map +1 -0
- package/dist/plugins/credvault.d.ts +22 -0
- package/dist/plugins/credvault.d.ts.map +1 -0
- package/dist/plugins/credvault.js +374 -0
- package/dist/plugins/credvault.js.map +1 -0
- package/dist/plugins/signcrypt.d.ts +27 -0
- package/dist/plugins/signcrypt.d.ts.map +1 -0
- package/dist/plugins/signcrypt.js +317 -0
- package/dist/plugins/signcrypt.js.map +1 -0
- package/dist/plugins/skillguard.d.ts +25 -0
- package/dist/plugins/skillguard.d.ts.map +1 -0
- package/dist/plugins/skillguard.js +346 -0
- package/dist/plugins/skillguard.js.map +1 -0
- package/dist/registry/client.d.ts +125 -0
- package/dist/registry/client.d.ts.map +1 -0
- package/dist/registry/client.js +308 -0
- package/dist/registry/client.js.map +1 -0
- package/dist/registry/index.d.ts +3 -0
- package/dist/registry/index.d.ts.map +1 -0
- package/dist/registry/index.js +10 -0
- package/dist/registry/index.js.map +1 -0
- package/dist/scanner/external-scanner.d.ts +13 -0
- package/dist/scanner/external-scanner.d.ts.map +1 -0
- package/dist/scanner/external-scanner.js +299 -0
- package/dist/scanner/external-scanner.js.map +1 -0
- package/dist/scanner/index.d.ts +6 -0
- package/dist/scanner/index.d.ts.map +1 -0
- package/dist/scanner/index.js +9 -0
- package/dist/scanner/index.js.map +1 -0
- package/dist/scanner/types.d.ts +32 -0
- package/dist/scanner/types.d.ts.map +1 -0
- package/dist/scanner/types.js +6 -0
- package/dist/scanner/types.js.map +1 -0
- package/dist/semantic/deep-scan.d.ts +13 -0
- package/dist/semantic/deep-scan.d.ts.map +1 -0
- package/dist/semantic/deep-scan.js +63 -0
- package/dist/semantic/deep-scan.js.map +1 -0
- package/dist/semantic/index.d.ts +17 -0
- package/dist/semantic/index.d.ts.map +1 -0
- package/dist/semantic/index.js +39 -0
- package/dist/semantic/index.js.map +1 -0
- package/dist/semantic/integration/cost-estimator.d.ts +17 -0
- package/dist/semantic/integration/cost-estimator.d.ts.map +1 -0
- package/dist/semantic/integration/cost-estimator.js +54 -0
- package/dist/semantic/integration/cost-estimator.js.map +1 -0
- package/dist/semantic/integration/finding-adapter.d.ts +34 -0
- package/dist/semantic/integration/finding-adapter.d.ts.map +1 -0
- package/dist/semantic/integration/finding-adapter.js +41 -0
- package/dist/semantic/integration/finding-adapter.js.map +1 -0
- package/dist/semantic/integration/oasb-upgrader.d.ts +20 -0
- package/dist/semantic/integration/oasb-upgrader.d.ts.map +1 -0
- package/dist/semantic/integration/oasb-upgrader.js +47 -0
- package/dist/semantic/integration/oasb-upgrader.js.map +1 -0
- package/dist/semantic/llm/budget.d.ts +50 -0
- package/dist/semantic/llm/budget.d.ts.map +1 -0
- package/dist/semantic/llm/budget.js +139 -0
- package/dist/semantic/llm/budget.js.map +1 -0
- package/dist/semantic/llm/cache.d.ts +36 -0
- package/dist/semantic/llm/cache.d.ts.map +1 -0
- package/dist/semantic/llm/cache.js +103 -0
- package/dist/semantic/llm/cache.js.map +1 -0
- package/dist/semantic/llm/client.d.ts +49 -0
- package/dist/semantic/llm/client.d.ts.map +1 -0
- package/dist/semantic/llm/client.js +64 -0
- package/dist/semantic/llm/client.js.map +1 -0
- package/dist/semantic/llm/index.d.ts +33 -0
- package/dist/semantic/llm/index.d.ts.map +1 -0
- package/dist/semantic/llm/index.js +129 -0
- package/dist/semantic/llm/index.js.map +1 -0
- package/dist/semantic/llm/prompts.d.ts +30 -0
- package/dist/semantic/llm/prompts.d.ts.map +1 -0
- package/dist/semantic/llm/prompts.js +120 -0
- package/dist/semantic/llm/prompts.js.map +1 -0
- package/dist/semantic/structural/credential-context.d.ts +14 -0
- package/dist/semantic/structural/credential-context.d.ts.map +1 -0
- package/dist/semantic/structural/credential-context.js +295 -0
- package/dist/semantic/structural/credential-context.js.map +1 -0
- package/dist/semantic/structural/index.d.ts +28 -0
- package/dist/semantic/structural/index.d.ts.map +1 -0
- package/dist/semantic/structural/index.js +138 -0
- package/dist/semantic/structural/index.js.map +1 -0
- package/dist/semantic/structural/instruction.d.ts +19 -0
- package/dist/semantic/structural/instruction.d.ts.map +1 -0
- package/dist/semantic/structural/instruction.js +167 -0
- package/dist/semantic/structural/instruction.js.map +1 -0
- package/dist/semantic/structural/mcp-config.d.ts +22 -0
- package/dist/semantic/structural/mcp-config.d.ts.map +1 -0
- package/dist/semantic/structural/mcp-config.js +294 -0
- package/dist/semantic/structural/mcp-config.js.map +1 -0
- package/dist/semantic/structural/permission-model.d.ts +16 -0
- package/dist/semantic/structural/permission-model.d.ts.map +1 -0
- package/dist/semantic/structural/permission-model.js +121 -0
- package/dist/semantic/structural/permission-model.js.map +1 -0
- package/dist/semantic/types.d.ts +122 -0
- package/dist/semantic/types.d.ts.map +1 -0
- package/dist/semantic/types.js +10 -0
- package/dist/semantic/types.js.map +1 -0
- package/package.json +25 -14
|
@@ -0,0 +1,111 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.A2AProtocolInterceptor = void 0;
|
|
4
|
+
const ai_threats_1 = require("../patterns/ai-threats");
|
|
5
|
+
/**
|
|
6
|
+
* A2A Protocol interceptor -- scans agent-to-agent messages for
|
|
7
|
+
* identity spoofing, delegation abuse, and embedded prompt injection.
|
|
8
|
+
*
|
|
9
|
+
* Enforces a trusted agent list and validates message content.
|
|
10
|
+
*/
|
|
11
|
+
class A2AProtocolInterceptor {
|
|
12
|
+
constructor(engine, trustedAgents) {
|
|
13
|
+
this.type = 'a2a-protocol';
|
|
14
|
+
this.active = false;
|
|
15
|
+
this.engine = engine;
|
|
16
|
+
this.trustedAgents = new Set(trustedAgents ?? []);
|
|
17
|
+
}
|
|
18
|
+
async start() {
|
|
19
|
+
this.active = true;
|
|
20
|
+
}
|
|
21
|
+
async stop() {
|
|
22
|
+
this.active = false;
|
|
23
|
+
}
|
|
24
|
+
isRunning() {
|
|
25
|
+
return this.active;
|
|
26
|
+
}
|
|
27
|
+
/**
|
|
28
|
+
* Scan an A2A message for identity spoofing, delegation abuse,
|
|
29
|
+
* and embedded prompt injection.
|
|
30
|
+
*
|
|
31
|
+
* @param from - Sending agent identifier
|
|
32
|
+
* @param to - Receiving agent identifier
|
|
33
|
+
* @param content - Message content
|
|
34
|
+
*/
|
|
35
|
+
scanMessage(from, to, content) {
|
|
36
|
+
if (!this.active)
|
|
37
|
+
return { detected: false, matches: [] };
|
|
38
|
+
const allMatches = [];
|
|
39
|
+
// Check trusted agent list
|
|
40
|
+
if (this.trustedAgents.size > 0 && !this.trustedAgents.has(from)) {
|
|
41
|
+
this.engine.emit({
|
|
42
|
+
source: 'a2a-protocol',
|
|
43
|
+
category: 'violation',
|
|
44
|
+
severity: 'high',
|
|
45
|
+
description: `A2A message from untrusted agent: ${from}`,
|
|
46
|
+
data: {
|
|
47
|
+
from,
|
|
48
|
+
to,
|
|
49
|
+
reason: 'untrusted-agent',
|
|
50
|
+
trustedAgents: Array.from(this.trustedAgents),
|
|
51
|
+
},
|
|
52
|
+
});
|
|
53
|
+
allMatches.push({
|
|
54
|
+
pattern: {
|
|
55
|
+
id: 'A2A-TRUST',
|
|
56
|
+
category: 'a2a-attack',
|
|
57
|
+
description: 'Message from untrusted agent',
|
|
58
|
+
pattern: /./,
|
|
59
|
+
severity: 'high',
|
|
60
|
+
},
|
|
61
|
+
matchedText: from,
|
|
62
|
+
});
|
|
63
|
+
}
|
|
64
|
+
// Scan for A2A-specific attack patterns
|
|
65
|
+
const a2aResult = (0, ai_threats_1.scanText)(content, ai_threats_1.PATTERN_SETS.a2aPatterns);
|
|
66
|
+
if (a2aResult.detected) {
|
|
67
|
+
for (const match of a2aResult.matches) {
|
|
68
|
+
this.engine.emit({
|
|
69
|
+
source: 'a2a-protocol',
|
|
70
|
+
category: 'threat',
|
|
71
|
+
severity: match.pattern.severity,
|
|
72
|
+
description: `[${match.pattern.id}] ${match.pattern.description} from ${from} to ${to}`,
|
|
73
|
+
data: {
|
|
74
|
+
patternId: match.pattern.id,
|
|
75
|
+
patternCategory: match.pattern.category,
|
|
76
|
+
from,
|
|
77
|
+
to,
|
|
78
|
+
matchedText: match.matchedText,
|
|
79
|
+
},
|
|
80
|
+
});
|
|
81
|
+
}
|
|
82
|
+
allMatches.push(...a2aResult.matches);
|
|
83
|
+
}
|
|
84
|
+
// Also scan for prompt injection embedded in A2A messages
|
|
85
|
+
const injectionResult = (0, ai_threats_1.scanText)(content, ai_threats_1.PATTERN_SETS.promptInjection);
|
|
86
|
+
if (injectionResult.detected) {
|
|
87
|
+
for (const match of injectionResult.matches) {
|
|
88
|
+
this.engine.emit({
|
|
89
|
+
source: 'a2a-protocol',
|
|
90
|
+
category: 'threat',
|
|
91
|
+
severity: match.pattern.severity,
|
|
92
|
+
description: `[${match.pattern.id}] Prompt injection in A2A message from ${from} to ${to}`,
|
|
93
|
+
data: {
|
|
94
|
+
patternId: match.pattern.id,
|
|
95
|
+
patternCategory: 'prompt-injection-via-a2a',
|
|
96
|
+
from,
|
|
97
|
+
to,
|
|
98
|
+
matchedText: match.matchedText,
|
|
99
|
+
},
|
|
100
|
+
});
|
|
101
|
+
}
|
|
102
|
+
allMatches.push(...injectionResult.matches);
|
|
103
|
+
}
|
|
104
|
+
return {
|
|
105
|
+
detected: allMatches.length > 0,
|
|
106
|
+
matches: allMatches,
|
|
107
|
+
};
|
|
108
|
+
}
|
|
109
|
+
}
|
|
110
|
+
exports.A2AProtocolInterceptor = A2AProtocolInterceptor;
|
|
111
|
+
//# sourceMappingURL=a2a-protocol.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"a2a-protocol.js","sourceRoot":"","sources":["../../../src/arp/interceptors/a2a-protocol.ts"],"names":[],"mappings":";;;AAEA,uDAAiF;AAEjF;;;;;GAKG;AACH,MAAa,sBAAsB;IAMjC,YAAY,MAAmB,EAAE,aAAwB;QALhD,SAAI,GAAgB,cAAc,CAAC;QAGpC,WAAM,GAAG,KAAK,CAAC;QAGrB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,aAAa,GAAG,IAAI,GAAG,CAAC,aAAa,IAAI,EAAE,CAAC,CAAC;IACpD,CAAC;IAED,KAAK,CAAC,KAAK;QACT,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC;IACrB,CAAC;IAED,KAAK,CAAC,IAAI;QACR,IAAI,CAAC,MAAM,GAAG,KAAK,CAAC;IACtB,CAAC;IAED,SAAS;QACP,OAAO,IAAI,CAAC,MAAM,CAAC;IACrB,CAAC;IAED;;;;;;;OAOG;IACH,WAAW,CAAC,IAAY,EAAE,EAAU,EAAE,OAAe;QACnD,IAAI,CAAC,IAAI,CAAC,MAAM;YAAE,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC;QAC1D,MAAM,UAAU,GAA0B,EAAE,CAAC;QAE7C,2BAA2B;QAC3B,IAAI,IAAI,CAAC,aAAa,CAAC,IAAI,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;YACjE,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC;gBACf,MAAM,EAAE,cAAc;gBACtB,QAAQ,EAAE,WAAW;gBACrB,QAAQ,EAAE,MAAM;gBAChB,WAAW,EAAE,qCAAqC,IAAI,EAAE;gBACxD,IAAI,EAAE;oBACJ,IAAI;oBACJ,EAAE;oBACF,MAAM,EAAE,iBAAiB;oBACzB,aAAa,EAAE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC;iBAC9C;aACF,CAAC,CAAC;YAEH,UAAU,CAAC,IAAI,CAAC;gBACd,OAAO,EAAE;oBACP,EAAE,EAAE,WAAW;oBACf,QAAQ,EAAE,YAAY;oBACtB,WAAW,EAAE,8BAA8B;oBAC3C,OAAO,EAAE,GAAG;oBACZ,QAAQ,EAAE,MAAM;iBACjB;gBACD,WAAW,EAAE,IAAI;aAClB,CAAC,CAAC;QACL,CAAC;QAED,wCAAwC;QACxC,MAAM,SAAS,GAAG,IAAA,qBAAQ,EAAC,OAAO,EAAE,yBAAY,CAAC,WAAW,CAAC,CAAC;QAC9D,IAAI,SAAS,CAAC,QAAQ,EAAE,CAAC;YACvB,KAAK,MAAM,KAAK,IAAI,SAAS,CAAC,OAAO,EAAE,CAAC;gBACtC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC;oBACf,MAAM,EAAE,cAAc;oBACtB,QAAQ,EAAE,QAAQ;oBAClB,QAAQ,EAAE,KAAK,CAAC,OAAO,CAAC,QAAQ;oBAChC,WAAW,EAAE,IAAI,KAAK,CAAC,OAAO,CAAC,EAAE,KAAK,KAAK,CAAC,OAAO,CAAC,WAAW,SAAS,IAAI,OAAO,EAAE,EAAE;oBACvF,IAAI,EAAE;wBACJ,SAAS,EAAE,KAAK,CAAC,OAAO,CAAC,EAAE;wBAC3B,eAAe,EAAE,KAAK,CAAC,OAAO,CAAC,QAAQ;wBACvC,IAAI;wBACJ,EAAE;wBACF,WAAW,EAAE,KAAK,CAAC,WAAW;qBAC/B;iBACF,CAAC,CAAC;YACL,CAAC;YACD,UAAU,CAAC,IAAI,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC,CAAC;QACxC,CAAC;QAED,0DAA0D;QAC1D,MAAM,eAAe,GAAG,IAAA,qBAAQ,EAAC,OAAO,EAAE,yBAAY,CAAC,eAAe,CAAC,CAAC;QACxE,IAAI,eAAe,CAAC,QAAQ,EAAE,CAAC;YAC7B,KAAK,MAAM,KAAK,IAAI,eAAe,CAAC,OAAO,EAAE,CAAC;gBAC5C,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC;oBACf,MAAM,EAAE,cAAc;oBACtB,QAAQ,EAAE,QAAQ;oBAClB,QAAQ,EAAE,KAAK,CAAC,OAAO,CAAC,QAAQ;oBAChC,WAAW,EAAE,IAAI,KAAK,CAAC,OAAO,CAAC,EAAE,0CAA0C,IAAI,OAAO,EAAE,EAAE;oBAC1F,IAAI,EAAE;wBACJ,SAAS,EAAE,KAAK,CAAC,OAAO,CAAC,EAAE;wBAC3B,eAAe,EAAE,0BAA0B;wBAC3C,IAAI;wBACJ,EAAE;wBACF,WAAW,EAAE,KAAK,CAAC,WAAW;qBAC/B;iBACF,CAAC,CAAC;YACL,CAAC;YACD,UAAU,CAAC,IAAI,CAAC,GAAG,eAAe,CAAC,OAAO,CAAC,CAAC;QAC9C,CAAC;QAED,OAAO;YACL,QAAQ,EAAE,UAAU,CAAC,MAAM,GAAG,CAAC;YAC/B,OAAO,EAAE,UAAU;SACpB,CAAC;IACJ,CAAC;CACF;AA7GD,wDA6GC"}
|
|
@@ -0,0 +1,33 @@
|
|
|
1
|
+
import type { Monitor, MonitorType } from '../types';
|
|
2
|
+
import type { EventEngine } from '../engine/event-engine';
|
|
3
|
+
/**
|
|
4
|
+
* Filesystem interceptor — hooks fs module functions to intercept
|
|
5
|
+
* ALL file operations at the application level.
|
|
6
|
+
*
|
|
7
|
+
* Advantages over fs.watch:
|
|
8
|
+
* - Catches reads (fs.watch only sees writes/renames)
|
|
9
|
+
* - Catches operations in ALL directories (not just watched paths)
|
|
10
|
+
* - Zero latency: events fire before the I/O happens
|
|
11
|
+
* - 100% accuracy: no debouncing artifacts, no missed events
|
|
12
|
+
* - Full operation context: knows read vs write vs delete vs mkdir
|
|
13
|
+
*/
|
|
14
|
+
export declare class FilesystemInterceptor implements Monitor {
|
|
15
|
+
readonly type: MonitorType;
|
|
16
|
+
private readonly engine;
|
|
17
|
+
private readonly allowedPaths;
|
|
18
|
+
private readonly excludePaths;
|
|
19
|
+
private readonly fsModule;
|
|
20
|
+
private originals;
|
|
21
|
+
private active;
|
|
22
|
+
constructor(engine: EventEngine, allowedPaths?: string[], excludePaths?: string[]);
|
|
23
|
+
start(): Promise<void>;
|
|
24
|
+
stop(): Promise<void>;
|
|
25
|
+
isRunning(): boolean;
|
|
26
|
+
private isSensitivePath;
|
|
27
|
+
private isOutsideAllowed;
|
|
28
|
+
private isExcluded;
|
|
29
|
+
private handleWrite;
|
|
30
|
+
private handleRead;
|
|
31
|
+
private handleDelete;
|
|
32
|
+
}
|
|
33
|
+
//# sourceMappingURL=filesystem.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"filesystem.d.ts","sourceRoot":"","sources":["../../../src/arp/interceptors/filesystem.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,OAAO,EAAE,WAAW,EAAE,MAAM,UAAU,CAAC;AACrD,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,wBAAwB,CAAC;AAW1D;;;;;;;;;;GAUG;AACH,qBAAa,qBAAsB,YAAW,OAAO;IACnD,QAAQ,CAAC,IAAI,EAAE,WAAW,CAAgB;IAC1C,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAc;IACrC,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAc;IAG3C,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAc;IAE3C,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAA2B;IACpD,OAAO,CAAC,SAAS,CAAyC;IAC1D,OAAO,CAAC,MAAM,CAAS;gBAEX,MAAM,EAAE,WAAW,EAAE,YAAY,CAAC,EAAE,MAAM,EAAE,EAAE,YAAY,CAAC,EAAE,MAAM,EAAE;IAQ3E,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IA+CtB,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;IAY3B,SAAS,IAAI,OAAO;IAIpB,OAAO,CAAC,eAAe;IAOvB,OAAO,CAAC,gBAAgB;IAQxB,OAAO,CAAC,UAAU;IAQlB,OAAO,CAAC,WAAW;IAmCnB,OAAO,CAAC,UAAU;IAclB,OAAO,CAAC,YAAY;CAarB"}
|
|
@@ -0,0 +1,199 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
+
if (k2 === undefined) k2 = k;
|
|
4
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
+
}
|
|
8
|
+
Object.defineProperty(o, k2, desc);
|
|
9
|
+
}) : (function(o, m, k, k2) {
|
|
10
|
+
if (k2 === undefined) k2 = k;
|
|
11
|
+
o[k2] = m[k];
|
|
12
|
+
}));
|
|
13
|
+
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
14
|
+
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
15
|
+
}) : function(o, v) {
|
|
16
|
+
o["default"] = v;
|
|
17
|
+
});
|
|
18
|
+
var __importStar = (this && this.__importStar) || (function () {
|
|
19
|
+
var ownKeys = function(o) {
|
|
20
|
+
ownKeys = Object.getOwnPropertyNames || function (o) {
|
|
21
|
+
var ar = [];
|
|
22
|
+
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
|
|
23
|
+
return ar;
|
|
24
|
+
};
|
|
25
|
+
return ownKeys(o);
|
|
26
|
+
};
|
|
27
|
+
return function (mod) {
|
|
28
|
+
if (mod && mod.__esModule) return mod;
|
|
29
|
+
var result = {};
|
|
30
|
+
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
|
|
31
|
+
__setModuleDefault(result, mod);
|
|
32
|
+
return result;
|
|
33
|
+
};
|
|
34
|
+
})();
|
|
35
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
36
|
+
exports.FilesystemInterceptor = void 0;
|
|
37
|
+
const path = __importStar(require("path"));
|
|
38
|
+
/** Sensitive paths that should never be accessed by an agent */
|
|
39
|
+
const SENSITIVE_PATHS = [
|
|
40
|
+
'.ssh', '.aws', '.gnupg', '.kube', '.config/gcloud',
|
|
41
|
+
'.docker/config.json', '.npmrc', '.pypirc',
|
|
42
|
+
'.git-credentials', 'wallet.json',
|
|
43
|
+
'.bashrc', '.zshrc', '.bash_profile', '.profile',
|
|
44
|
+
'.gitconfig', '.env', '.netrc', '.pgpass',
|
|
45
|
+
];
|
|
46
|
+
/**
|
|
47
|
+
* Filesystem interceptor — hooks fs module functions to intercept
|
|
48
|
+
* ALL file operations at the application level.
|
|
49
|
+
*
|
|
50
|
+
* Advantages over fs.watch:
|
|
51
|
+
* - Catches reads (fs.watch only sees writes/renames)
|
|
52
|
+
* - Catches operations in ALL directories (not just watched paths)
|
|
53
|
+
* - Zero latency: events fire before the I/O happens
|
|
54
|
+
* - 100% accuracy: no debouncing artifacts, no missed events
|
|
55
|
+
* - Full operation context: knows read vs write vs delete vs mkdir
|
|
56
|
+
*/
|
|
57
|
+
class FilesystemInterceptor {
|
|
58
|
+
constructor(engine, allowedPaths, excludePaths) {
|
|
59
|
+
this.type = 'filesystem';
|
|
60
|
+
this.originals = null;
|
|
61
|
+
this.active = false;
|
|
62
|
+
this.engine = engine;
|
|
63
|
+
this.allowedPaths = new Set(allowedPaths ?? []);
|
|
64
|
+
this.excludePaths = new Set(excludePaths ?? []);
|
|
65
|
+
// eslint-disable-next-line @typescript-eslint/no-require-imports
|
|
66
|
+
this.fsModule = require('fs');
|
|
67
|
+
}
|
|
68
|
+
async start() {
|
|
69
|
+
if (this.active)
|
|
70
|
+
return;
|
|
71
|
+
this.originals = {};
|
|
72
|
+
const self = this;
|
|
73
|
+
const mod = this.fsModule;
|
|
74
|
+
const originals = this.originals;
|
|
75
|
+
// Hook write operations
|
|
76
|
+
for (const fn of ['writeFile', 'writeFileSync', 'appendFile', 'appendFileSync']) {
|
|
77
|
+
originals[fn] = mod[fn];
|
|
78
|
+
mod[fn] = function (filePath, ...rest) {
|
|
79
|
+
if (typeof filePath === 'string' && !self.isExcluded(filePath))
|
|
80
|
+
self.handleWrite(filePath, fn);
|
|
81
|
+
return originals[fn].call(mod, filePath, ...rest);
|
|
82
|
+
};
|
|
83
|
+
}
|
|
84
|
+
// Hook read operations
|
|
85
|
+
for (const fn of ['readFile', 'readFileSync']) {
|
|
86
|
+
originals[fn] = mod[fn];
|
|
87
|
+
mod[fn] = function (filePath, ...rest) {
|
|
88
|
+
if (typeof filePath === 'string' && !self.isExcluded(filePath))
|
|
89
|
+
self.handleRead(filePath);
|
|
90
|
+
return originals[fn].call(mod, filePath, ...rest);
|
|
91
|
+
};
|
|
92
|
+
}
|
|
93
|
+
// Hook mkdir
|
|
94
|
+
for (const fn of ['mkdir', 'mkdirSync']) {
|
|
95
|
+
originals[fn] = mod[fn];
|
|
96
|
+
mod[fn] = function (dirPath, ...rest) {
|
|
97
|
+
if (typeof dirPath === 'string' && !self.isExcluded(dirPath))
|
|
98
|
+
self.handleWrite(dirPath, fn);
|
|
99
|
+
return originals[fn].call(mod, dirPath, ...rest);
|
|
100
|
+
};
|
|
101
|
+
}
|
|
102
|
+
// Hook unlink/rm
|
|
103
|
+
for (const fn of ['unlink', 'unlinkSync']) {
|
|
104
|
+
originals[fn] = mod[fn];
|
|
105
|
+
mod[fn] = function (filePath, ...rest) {
|
|
106
|
+
if (typeof filePath === 'string' && !self.isExcluded(filePath))
|
|
107
|
+
self.handleDelete(filePath);
|
|
108
|
+
return originals[fn].call(mod, filePath, ...rest);
|
|
109
|
+
};
|
|
110
|
+
}
|
|
111
|
+
this.active = true;
|
|
112
|
+
}
|
|
113
|
+
async stop() {
|
|
114
|
+
if (!this.active || !this.originals)
|
|
115
|
+
return;
|
|
116
|
+
const mod = this.fsModule;
|
|
117
|
+
for (const [fn, original] of Object.entries(this.originals)) {
|
|
118
|
+
mod[fn] = original;
|
|
119
|
+
}
|
|
120
|
+
this.originals = null;
|
|
121
|
+
this.active = false;
|
|
122
|
+
}
|
|
123
|
+
isRunning() {
|
|
124
|
+
return this.active;
|
|
125
|
+
}
|
|
126
|
+
isSensitivePath(filePath) {
|
|
127
|
+
const normalized = path.resolve(filePath);
|
|
128
|
+
return SENSITIVE_PATHS.some((sp) => normalized.includes(sp) || path.basename(filePath).startsWith('.env'));
|
|
129
|
+
}
|
|
130
|
+
isOutsideAllowed(filePath) {
|
|
131
|
+
if (this.allowedPaths.size === 0)
|
|
132
|
+
return false;
|
|
133
|
+
const normalized = path.resolve(filePath);
|
|
134
|
+
return !Array.from(this.allowedPaths).some((ap) => normalized.startsWith(path.resolve(ap)));
|
|
135
|
+
}
|
|
136
|
+
isExcluded(filePath) {
|
|
137
|
+
if (this.excludePaths.size === 0)
|
|
138
|
+
return false;
|
|
139
|
+
const normalized = path.resolve(filePath);
|
|
140
|
+
return Array.from(this.excludePaths).some((ep) => normalized.startsWith(path.resolve(ep)));
|
|
141
|
+
}
|
|
142
|
+
handleWrite(filePath, operation) {
|
|
143
|
+
const sensitive = this.isSensitivePath(filePath);
|
|
144
|
+
const outsideAllowed = this.isOutsideAllowed(filePath);
|
|
145
|
+
if (sensitive) {
|
|
146
|
+
this.engine.emit({
|
|
147
|
+
source: 'filesystem',
|
|
148
|
+
category: 'violation',
|
|
149
|
+
severity: 'high',
|
|
150
|
+
description: `Intercepted write to sensitive path: ${filePath} (${operation})`,
|
|
151
|
+
data: { path: filePath, operation, sensitive: true, intercepted: true },
|
|
152
|
+
});
|
|
153
|
+
return;
|
|
154
|
+
}
|
|
155
|
+
if (outsideAllowed) {
|
|
156
|
+
this.engine.emit({
|
|
157
|
+
source: 'filesystem',
|
|
158
|
+
category: 'anomaly',
|
|
159
|
+
severity: 'medium',
|
|
160
|
+
description: `Intercepted write outside allowed paths: ${filePath}`,
|
|
161
|
+
data: { path: filePath, operation, allowed: false, intercepted: true },
|
|
162
|
+
});
|
|
163
|
+
return;
|
|
164
|
+
}
|
|
165
|
+
this.engine.emit({
|
|
166
|
+
source: 'filesystem',
|
|
167
|
+
category: 'normal',
|
|
168
|
+
severity: 'info',
|
|
169
|
+
description: `Intercepted file operation: ${operation} ${filePath}`,
|
|
170
|
+
data: { path: filePath, operation, intercepted: true },
|
|
171
|
+
});
|
|
172
|
+
}
|
|
173
|
+
handleRead(filePath) {
|
|
174
|
+
const sensitive = this.isSensitivePath(filePath);
|
|
175
|
+
if (sensitive) {
|
|
176
|
+
this.engine.emit({
|
|
177
|
+
source: 'filesystem',
|
|
178
|
+
category: 'violation',
|
|
179
|
+
severity: 'high',
|
|
180
|
+
description: `Intercepted read of sensitive path: ${filePath}`,
|
|
181
|
+
data: { path: filePath, operation: 'read', sensitive: true, intercepted: true },
|
|
182
|
+
});
|
|
183
|
+
}
|
|
184
|
+
}
|
|
185
|
+
handleDelete(filePath) {
|
|
186
|
+
const sensitive = this.isSensitivePath(filePath);
|
|
187
|
+
if (sensitive) {
|
|
188
|
+
this.engine.emit({
|
|
189
|
+
source: 'filesystem',
|
|
190
|
+
category: 'violation',
|
|
191
|
+
severity: 'critical',
|
|
192
|
+
description: `Intercepted deletion of sensitive path: ${filePath}`,
|
|
193
|
+
data: { path: filePath, operation: 'delete', sensitive: true, intercepted: true },
|
|
194
|
+
});
|
|
195
|
+
}
|
|
196
|
+
}
|
|
197
|
+
}
|
|
198
|
+
exports.FilesystemInterceptor = FilesystemInterceptor;
|
|
199
|
+
//# sourceMappingURL=filesystem.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"filesystem.js","sourceRoot":"","sources":["../../../src/arp/interceptors/filesystem.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,2CAA6B;AAI7B,gEAAgE;AAChE,MAAM,eAAe,GAAG;IACtB,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,gBAAgB;IACnD,qBAAqB,EAAE,QAAQ,EAAE,SAAS;IAC1C,kBAAkB,EAAE,aAAa;IACjC,SAAS,EAAE,QAAQ,EAAE,eAAe,EAAE,UAAU;IAChD,YAAY,EAAE,MAAM,EAAE,QAAQ,EAAE,SAAS;CAC1C,CAAC;AAEF;;;;;;;;;;GAUG;AACH,MAAa,qBAAqB;IAYhC,YAAY,MAAmB,EAAE,YAAuB,EAAE,YAAuB;QAXxE,SAAI,GAAgB,YAAY,CAAC;QAQlC,cAAS,GAAoC,IAAI,CAAC;QAClD,WAAM,GAAG,KAAK,CAAC;QAGrB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,YAAY,GAAG,IAAI,GAAG,CAAC,YAAY,IAAI,EAAE,CAAC,CAAC;QAChD,IAAI,CAAC,YAAY,GAAG,IAAI,GAAG,CAAC,YAAY,IAAI,EAAE,CAAC,CAAC;QAChD,iEAAiE;QACjE,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAChC,CAAC;IAED,KAAK,CAAC,KAAK;QACT,IAAI,IAAI,CAAC,MAAM;YAAE,OAAO;QAExB,IAAI,CAAC,SAAS,GAAG,EAAE,CAAC;QACpB,MAAM,IAAI,GAAG,IAAI,CAAC;QAClB,MAAM,GAAG,GAAG,IAAI,CAAC,QAAQ,CAAC;QAC1B,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC;QAEjC,wBAAwB;QACxB,KAAK,MAAM,EAAE,IAAI,CAAC,WAAW,EAAE,eAAe,EAAE,YAAY,EAAE,gBAAgB,CAAC,EAAE,CAAC;YAChF,SAAS,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,EAAE,CAAC,CAAC;YACxB,GAAG,CAAC,EAAE,CAAC,GAAG,UAAU,QAAiB,EAAE,GAAG,IAAe;gBACvD,IAAI,OAAO,QAAQ,KAAK,QAAQ,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC;oBAAE,IAAI,CAAC,WAAW,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;gBAC/F,OAAO,SAAS,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,QAAQ,EAAE,GAAG,IAAI,CAAC,CAAC;YACpD,CAAC,CAAC;QACJ,CAAC;QAED,uBAAuB;QACvB,KAAK,MAAM,EAAE,IAAI,CAAC,UAAU,EAAE,cAAc,CAAC,EAAE,CAAC;YAC9C,SAAS,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,EAAE,CAAC,CAAC;YACxB,GAAG,CAAC,EAAE,CAAC,GAAG,UAAU,QAAiB,EAAE,GAAG,IAAe;gBACvD,IAAI,OAAO,QAAQ,KAAK,QAAQ,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC;oBAAE,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;gBAC1F,OAAO,SAAS,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,QAAQ,EAAE,GAAG,IAAI,CAAC,CAAC;YACpD,CAAC,CAAC;QACJ,CAAC;QAED,aAAa;QACb,KAAK,MAAM,EAAE,IAAI,CAAC,OAAO,EAAE,WAAW,CAAC,EAAE,CAAC;YACxC,SAAS,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,EAAE,CAAC,CAAC;YACxB,GAAG,CAAC,EAAE,CAAC,GAAG,UAAU,OAAgB,EAAE,GAAG,IAAe;gBACtD,IAAI,OAAO,OAAO,KAAK,QAAQ,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC;oBAAE,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;gBAC5F,OAAO,SAAS,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC,CAAC;YACnD,CAAC,CAAC;QACJ,CAAC;QAED,iBAAiB;QACjB,KAAK,MAAM,EAAE,IAAI,CAAC,QAAQ,EAAE,YAAY,CAAC,EAAE,CAAC;YAC1C,SAAS,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,EAAE,CAAC,CAAC;YACxB,GAAG,CAAC,EAAE,CAAC,GAAG,UAAU,QAAiB,EAAE,GAAG,IAAe;gBACvD,IAAI,OAAO,QAAQ,KAAK,QAAQ,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC;oBAAE,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC;gBAC5F,OAAO,SAAS,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,QAAQ,EAAE,GAAG,IAAI,CAAC,CAAC;YACpD,CAAC,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC;IACrB,CAAC;IAED,KAAK,CAAC,IAAI;QACR,IAAI,CAAC,IAAI,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,SAAS;YAAE,OAAO;QAE5C,MAAM,GAAG,GAAG,IAAI,CAAC,QAAQ,CAAC;QAC1B,KAAK,MAAM,CAAC,EAAE,EAAE,QAAQ,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;YAC5D,GAAG,CAAC,EAAE,CAAC,GAAG,QAAQ,CAAC;QACrB,CAAC;QAED,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC;QACtB,IAAI,CAAC,MAAM,GAAG,KAAK,CAAC;IACtB,CAAC;IAED,SAAS;QACP,OAAO,IAAI,CAAC,MAAM,CAAC;IACrB,CAAC;IAEO,eAAe,CAAC,QAAgB;QACtC,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;QAC1C,OAAO,eAAe,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,EAAE,CACjC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,CACtE,CAAC;IACJ,CAAC;IAEO,gBAAgB,CAAC,QAAgB;QACvC,IAAI,IAAI,CAAC,YAAY,CAAC,IAAI,KAAK,CAAC;YAAE,OAAO,KAAK,CAAC;QAC/C,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;QAC1C,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,EAAE,CAChD,UAAU,CAAC,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,CACxC,CAAC;IACJ,CAAC;IAEO,UAAU,CAAC,QAAgB;QACjC,IAAI,IAAI,CAAC,YAAY,CAAC,IAAI,KAAK,CAAC;YAAE,OAAO,KAAK,CAAC;QAC/C,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;QAC1C,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,EAAE,CAC/C,UAAU,CAAC,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,CACxC,CAAC;IACJ,CAAC;IAEO,WAAW,CAAC,QAAgB,EAAE,SAAiB;QACrD,MAAM,SAAS,GAAG,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC;QACjD,MAAM,cAAc,GAAG,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAAC,CAAC;QAEvD,IAAI,SAAS,EAAE,CAAC;YACd,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC;gBACf,MAAM,EAAE,YAAY;gBACpB,QAAQ,EAAE,WAAW;gBACrB,QAAQ,EAAE,MAAM;gBAChB,WAAW,EAAE,wCAAwC,QAAQ,KAAK,SAAS,GAAG;gBAC9E,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,SAAS,EAAE,IAAI,EAAE,WAAW,EAAE,IAAI,EAAE;aACxE,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QAED,IAAI,cAAc,EAAE,CAAC;YACnB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC;gBACf,MAAM,EAAE,YAAY;gBACpB,QAAQ,EAAE,SAAS;gBACnB,QAAQ,EAAE,QAAQ;gBAClB,WAAW,EAAE,4CAA4C,QAAQ,EAAE;gBACnE,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,OAAO,EAAE,KAAK,EAAE,WAAW,EAAE,IAAI,EAAE;aACvE,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QAED,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC;YACf,MAAM,EAAE,YAAY;YACpB,QAAQ,EAAE,QAAQ;YAClB,QAAQ,EAAE,MAAM;YAChB,WAAW,EAAE,+BAA+B,SAAS,IAAI,QAAQ,EAAE;YACnE,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,WAAW,EAAE,IAAI,EAAE;SACvD,CAAC,CAAC;IACL,CAAC;IAEO,UAAU,CAAC,QAAgB;QACjC,MAAM,SAAS,GAAG,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC;QAEjD,IAAI,SAAS,EAAE,CAAC;YACd,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC;gBACf,MAAM,EAAE,YAAY;gBACpB,QAAQ,EAAE,WAAW;gBACrB,QAAQ,EAAE,MAAM;gBAChB,WAAW,EAAE,uCAAuC,QAAQ,EAAE;gBAC9D,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,IAAI,EAAE,WAAW,EAAE,IAAI,EAAE;aAChF,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAEO,YAAY,CAAC,QAAgB;QACnC,MAAM,SAAS,GAAG,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC;QAEjD,IAAI,SAAS,EAAE,CAAC;YACd,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC;gBACf,MAAM,EAAE,YAAY;gBACpB,QAAQ,EAAE,WAAW;gBACrB,QAAQ,EAAE,UAAU;gBACpB,WAAW,EAAE,2CAA2C,QAAQ,EAAE;gBAClE,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,EAAE,SAAS,EAAE,IAAI,EAAE,WAAW,EAAE,IAAI,EAAE;aAClF,CAAC,CAAC;QACL,CAAC;IACH,CAAC;CACF;AAxKD,sDAwKC"}
|
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
import type { Monitor, MonitorType } from '../types';
|
|
2
|
+
import type { EventEngine } from '../engine/event-engine';
|
|
3
|
+
import { type ScanResult } from '../patterns/ai-threats';
|
|
4
|
+
/**
|
|
5
|
+
* MCP Protocol interceptor -- scans MCP tool calls for path traversal,
|
|
6
|
+
* command injection, and SSRF exploitation patterns.
|
|
7
|
+
*
|
|
8
|
+
* Enforces tool allowlists and validates parameters at the protocol level.
|
|
9
|
+
*/
|
|
10
|
+
export declare class MCPProtocolInterceptor implements Monitor {
|
|
11
|
+
readonly type: MonitorType;
|
|
12
|
+
private readonly engine;
|
|
13
|
+
private readonly allowedTools;
|
|
14
|
+
private active;
|
|
15
|
+
constructor(engine: EventEngine, allowedTools?: string[]);
|
|
16
|
+
start(): Promise<void>;
|
|
17
|
+
stop(): Promise<void>;
|
|
18
|
+
isRunning(): boolean;
|
|
19
|
+
/**
|
|
20
|
+
* Scan an MCP tool call for exploitation patterns.
|
|
21
|
+
* Checks tool name against allowlist and scans all parameter values.
|
|
22
|
+
*/
|
|
23
|
+
scanToolCall(toolName: string, args: Record<string, unknown>): ScanResult;
|
|
24
|
+
}
|
|
25
|
+
//# sourceMappingURL=mcp-protocol.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"mcp-protocol.d.ts","sourceRoot":"","sources":["../../../src/arp/interceptors/mcp-protocol.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,WAAW,EAAE,MAAM,UAAU,CAAC;AACrD,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAA0B,KAAK,UAAU,EAAE,MAAM,wBAAwB,CAAC;AAEjF;;;;;GAKG;AACH,qBAAa,sBAAuB,YAAW,OAAO;IACpD,QAAQ,CAAC,IAAI,EAAE,WAAW,CAAkB;IAC5C,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAc;IACrC,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAc;IAC3C,OAAO,CAAC,MAAM,CAAS;gBAEX,MAAM,EAAE,WAAW,EAAE,YAAY,CAAC,EAAE,MAAM,EAAE;IAKlD,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAItB,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;IAI3B,SAAS,IAAI,OAAO;IAIpB;;;OAGG;IACH,YAAY,CAAC,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,UAAU;CAuD1E"}
|
|
@@ -0,0 +1,126 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.MCPProtocolInterceptor = void 0;
|
|
4
|
+
const ai_threats_1 = require("../patterns/ai-threats");
|
|
5
|
+
/**
|
|
6
|
+
* MCP Protocol interceptor -- scans MCP tool calls for path traversal,
|
|
7
|
+
* command injection, and SSRF exploitation patterns.
|
|
8
|
+
*
|
|
9
|
+
* Enforces tool allowlists and validates parameters at the protocol level.
|
|
10
|
+
*/
|
|
11
|
+
class MCPProtocolInterceptor {
|
|
12
|
+
constructor(engine, allowedTools) {
|
|
13
|
+
this.type = 'mcp-protocol';
|
|
14
|
+
this.active = false;
|
|
15
|
+
this.engine = engine;
|
|
16
|
+
this.allowedTools = new Set(allowedTools ?? []);
|
|
17
|
+
}
|
|
18
|
+
async start() {
|
|
19
|
+
this.active = true;
|
|
20
|
+
}
|
|
21
|
+
async stop() {
|
|
22
|
+
this.active = false;
|
|
23
|
+
}
|
|
24
|
+
isRunning() {
|
|
25
|
+
return this.active;
|
|
26
|
+
}
|
|
27
|
+
/**
|
|
28
|
+
* Scan an MCP tool call for exploitation patterns.
|
|
29
|
+
* Checks tool name against allowlist and scans all parameter values.
|
|
30
|
+
*/
|
|
31
|
+
scanToolCall(toolName, args) {
|
|
32
|
+
if (!this.active)
|
|
33
|
+
return { detected: false, matches: [] };
|
|
34
|
+
// Check tool allowlist
|
|
35
|
+
if (this.allowedTools.size > 0 && !this.allowedTools.has(toolName)) {
|
|
36
|
+
this.engine.emit({
|
|
37
|
+
source: 'mcp-protocol',
|
|
38
|
+
category: 'violation',
|
|
39
|
+
severity: 'high',
|
|
40
|
+
description: `MCP tool not in allowlist: ${toolName}`,
|
|
41
|
+
data: {
|
|
42
|
+
toolName,
|
|
43
|
+
reason: 'not-in-allowlist',
|
|
44
|
+
allowedTools: Array.from(this.allowedTools),
|
|
45
|
+
},
|
|
46
|
+
});
|
|
47
|
+
return {
|
|
48
|
+
detected: true,
|
|
49
|
+
matches: [{
|
|
50
|
+
pattern: {
|
|
51
|
+
id: 'MCP-ALLOWLIST',
|
|
52
|
+
category: 'mcp-exploitation',
|
|
53
|
+
description: 'Tool not in allowlist',
|
|
54
|
+
pattern: /./,
|
|
55
|
+
severity: 'high',
|
|
56
|
+
},
|
|
57
|
+
matchedText: toolName,
|
|
58
|
+
}],
|
|
59
|
+
};
|
|
60
|
+
}
|
|
61
|
+
// Flatten all parameter values into a single string for scanning
|
|
62
|
+
const paramText = flattenArgs(args);
|
|
63
|
+
const result = (0, ai_threats_1.scanText)(paramText, ai_threats_1.PATTERN_SETS.mcpPatterns);
|
|
64
|
+
if (result.detected) {
|
|
65
|
+
for (const match of result.matches) {
|
|
66
|
+
this.engine.emit({
|
|
67
|
+
source: 'mcp-protocol',
|
|
68
|
+
category: 'threat',
|
|
69
|
+
severity: match.pattern.severity,
|
|
70
|
+
description: `[${match.pattern.id}] ${match.pattern.description} in tool "${toolName}"`,
|
|
71
|
+
data: {
|
|
72
|
+
patternId: match.pattern.id,
|
|
73
|
+
patternCategory: match.pattern.category,
|
|
74
|
+
toolName,
|
|
75
|
+
matchedText: match.matchedText,
|
|
76
|
+
args: sanitizeArgs(args),
|
|
77
|
+
},
|
|
78
|
+
});
|
|
79
|
+
}
|
|
80
|
+
}
|
|
81
|
+
return result;
|
|
82
|
+
}
|
|
83
|
+
}
|
|
84
|
+
exports.MCPProtocolInterceptor = MCPProtocolInterceptor;
|
|
85
|
+
/** Recursively flatten object values into a single string for scanning */
|
|
86
|
+
function flattenArgs(obj, depth = 0) {
|
|
87
|
+
if (depth > 10)
|
|
88
|
+
return '';
|
|
89
|
+
const parts = [];
|
|
90
|
+
for (const value of Object.values(obj)) {
|
|
91
|
+
if (typeof value === 'string') {
|
|
92
|
+
parts.push(value);
|
|
93
|
+
}
|
|
94
|
+
else if (typeof value === 'number' || typeof value === 'boolean') {
|
|
95
|
+
parts.push(String(value));
|
|
96
|
+
}
|
|
97
|
+
else if (Array.isArray(value)) {
|
|
98
|
+
for (const item of value) {
|
|
99
|
+
if (typeof item === 'string') {
|
|
100
|
+
parts.push(item);
|
|
101
|
+
}
|
|
102
|
+
else if (typeof item === 'object' && item !== null) {
|
|
103
|
+
parts.push(flattenArgs(item, depth + 1));
|
|
104
|
+
}
|
|
105
|
+
}
|
|
106
|
+
}
|
|
107
|
+
else if (typeof value === 'object' && value !== null) {
|
|
108
|
+
parts.push(flattenArgs(value, depth + 1));
|
|
109
|
+
}
|
|
110
|
+
}
|
|
111
|
+
return parts.join('\n');
|
|
112
|
+
}
|
|
113
|
+
/** Sanitize args for logging (truncate long strings) */
|
|
114
|
+
function sanitizeArgs(args) {
|
|
115
|
+
const result = {};
|
|
116
|
+
for (const [key, value] of Object.entries(args)) {
|
|
117
|
+
if (typeof value === 'string' && value.length > 200) {
|
|
118
|
+
result[key] = value.slice(0, 200) + '...[truncated]';
|
|
119
|
+
}
|
|
120
|
+
else {
|
|
121
|
+
result[key] = value;
|
|
122
|
+
}
|
|
123
|
+
}
|
|
124
|
+
return result;
|
|
125
|
+
}
|
|
126
|
+
//# sourceMappingURL=mcp-protocol.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"mcp-protocol.js","sourceRoot":"","sources":["../../../src/arp/interceptors/mcp-protocol.ts"],"names":[],"mappings":";;;AAEA,uDAAiF;AAEjF;;;;;GAKG;AACH,MAAa,sBAAsB;IAMjC,YAAY,MAAmB,EAAE,YAAuB;QAL/C,SAAI,GAAgB,cAAc,CAAC;QAGpC,WAAM,GAAG,KAAK,CAAC;QAGrB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,YAAY,GAAG,IAAI,GAAG,CAAC,YAAY,IAAI,EAAE,CAAC,CAAC;IAClD,CAAC;IAED,KAAK,CAAC,KAAK;QACT,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC;IACrB,CAAC;IAED,KAAK,CAAC,IAAI;QACR,IAAI,CAAC,MAAM,GAAG,KAAK,CAAC;IACtB,CAAC;IAED,SAAS;QACP,OAAO,IAAI,CAAC,MAAM,CAAC;IACrB,CAAC;IAED;;;OAGG;IACH,YAAY,CAAC,QAAgB,EAAE,IAA6B;QAC1D,IAAI,CAAC,IAAI,CAAC,MAAM;YAAE,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC;QAC1D,uBAAuB;QACvB,IAAI,IAAI,CAAC,YAAY,CAAC,IAAI,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;YACnE,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC;gBACf,MAAM,EAAE,cAAc;gBACtB,QAAQ,EAAE,WAAW;gBACrB,QAAQ,EAAE,MAAM;gBAChB,WAAW,EAAE,8BAA8B,QAAQ,EAAE;gBACrD,IAAI,EAAE;oBACJ,QAAQ;oBACR,MAAM,EAAE,kBAAkB;oBAC1B,YAAY,EAAE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC;iBAC5C;aACF,CAAC,CAAC;YAEH,OAAO;gBACL,QAAQ,EAAE,IAAI;gBACd,OAAO,EAAE,CAAC;wBACR,OAAO,EAAE;4BACP,EAAE,EAAE,eAAe;4BACnB,QAAQ,EAAE,kBAAkB;4BAC5B,WAAW,EAAE,uBAAuB;4BACpC,OAAO,EAAE,GAAG;4BACZ,QAAQ,EAAE,MAAM;yBACjB;wBACD,WAAW,EAAE,QAAQ;qBACtB,CAAC;aACH,CAAC;QACJ,CAAC;QAED,iEAAiE;QACjE,MAAM,SAAS,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC;QACpC,MAAM,MAAM,GAAG,IAAA,qBAAQ,EAAC,SAAS,EAAE,yBAAY,CAAC,WAAW,CAAC,CAAC;QAE7D,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;YACpB,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;gBACnC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC;oBACf,MAAM,EAAE,cAAc;oBACtB,QAAQ,EAAE,QAAQ;oBAClB,QAAQ,EAAE,KAAK,CAAC,OAAO,CAAC,QAAQ;oBAChC,WAAW,EAAE,IAAI,KAAK,CAAC,OAAO,CAAC,EAAE,KAAK,KAAK,CAAC,OAAO,CAAC,WAAW,aAAa,QAAQ,GAAG;oBACvF,IAAI,EAAE;wBACJ,SAAS,EAAE,KAAK,CAAC,OAAO,CAAC,EAAE;wBAC3B,eAAe,EAAE,KAAK,CAAC,OAAO,CAAC,QAAQ;wBACvC,QAAQ;wBACR,WAAW,EAAE,KAAK,CAAC,WAAW;wBAC9B,IAAI,EAAE,YAAY,CAAC,IAAI,CAAC;qBACzB;iBACF,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;CACF;AAlFD,wDAkFC;AAED,0EAA0E;AAC1E,SAAS,WAAW,CAAC,GAA4B,EAAE,KAAK,GAAG,CAAC;IAC1D,IAAI,KAAK,GAAG,EAAE;QAAE,OAAO,EAAE,CAAC;IAC1B,MAAM,KAAK,GAAa,EAAE,CAAC;IAE3B,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;QACvC,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACpB,CAAC;aAAM,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,OAAO,KAAK,KAAK,SAAS,EAAE,CAAC;YACnE,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;QAC5B,CAAC;aAAM,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;YAChC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;gBACzB,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;oBAC7B,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBACnB,CAAC;qBAAM,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,IAAI,KAAK,IAAI,EAAE,CAAC;oBACrD,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC,IAA+B,EAAE,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC;gBACtE,CAAC;YACH,CAAC;QACH,CAAC;aAAM,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;YACvD,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC,KAAgC,EAAE,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC;QACvE,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED,wDAAwD;AACxD,SAAS,YAAY,CAAC,IAA6B;IACjD,MAAM,MAAM,GAA4B,EAAE,CAAC;IAC3C,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;QAChD,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,MAAM,GAAG,GAAG,EAAE,CAAC;YACpD,MAAM,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,GAAG,gBAAgB,CAAC;QACvD,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;QACtB,CAAC;IACH,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC"}
|
|
@@ -0,0 +1,26 @@
|
|
|
1
|
+
import type { Monitor, MonitorType } from '../types';
|
|
2
|
+
import type { EventEngine } from '../engine/event-engine';
|
|
3
|
+
/**
|
|
4
|
+
* Network interceptor — hooks net.Socket.prototype.connect to intercept
|
|
5
|
+
* ALL outbound TCP connections at the application level.
|
|
6
|
+
*
|
|
7
|
+
* Advantages over lsof/ss polling:
|
|
8
|
+
* - Zero latency: events fire before the connection is made
|
|
9
|
+
* - 100% accuracy: no missed connections between poll intervals
|
|
10
|
+
* - No system tool dependency: works in sandboxed/container environments
|
|
11
|
+
* - Covers all Node.js networking (http, https, fetch, net.connect)
|
|
12
|
+
*/
|
|
13
|
+
export declare class NetworkInterceptor implements Monitor {
|
|
14
|
+
readonly type: MonitorType;
|
|
15
|
+
private readonly engine;
|
|
16
|
+
private readonly allowedHosts;
|
|
17
|
+
private originalConnect;
|
|
18
|
+
private active;
|
|
19
|
+
constructor(engine: EventEngine, allowedHosts?: string[]);
|
|
20
|
+
start(): Promise<void>;
|
|
21
|
+
stop(): Promise<void>;
|
|
22
|
+
isRunning(): boolean;
|
|
23
|
+
private parseConnectArgs;
|
|
24
|
+
private handleConnection;
|
|
25
|
+
}
|
|
26
|
+
//# sourceMappingURL=network.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"network.d.ts","sourceRoot":"","sources":["../../../src/arp/interceptors/network.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,OAAO,EAAE,WAAW,EAAE,MAAM,UAAU,CAAC;AACrD,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,wBAAwB,CAAC;AAS1D;;;;;;;;;GASG;AACH,qBAAa,kBAAmB,YAAW,OAAO;IAChD,QAAQ,CAAC,IAAI,EAAE,WAAW,CAAa;IACvC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAc;IACrC,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAc;IAC3C,OAAO,CAAC,eAAe,CAAoD;IAC3E,OAAO,CAAC,MAAM,CAAS;gBAEX,MAAM,EAAE,WAAW,EAAE,YAAY,CAAC,EAAE,MAAM,EAAE;IAKlD,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAkBtB,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;IAO3B,SAAS,IAAI,OAAO;IAIpB,OAAO,CAAC,gBAAgB;IAyBxB,OAAO,CAAC,gBAAgB;CA2CzB"}
|