npm - hackmyagent - Versions diffs - 0.7.2 → 0.8.0 - Mend

hackmyagent 0.7.2 → 0.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (333) hide show

package/LICENSE +191 -0
package/README.md +66 -28
package/dist/arp/cli/index.d.ts +3 -0
package/dist/arp/cli/index.d.ts.map +1 -0
package/dist/arp/cli/index.js +219 -0
package/dist/arp/cli/index.js.map +1 -0
package/dist/arp/config/loader.d.ts +8 -0
package/dist/arp/config/loader.d.ts.map +1 -0
package/dist/arp/config/loader.js +102 -0
package/dist/arp/config/loader.js.map +1 -0
package/dist/arp/enforcement/kill-switch.d.ts +22 -0
package/dist/arp/enforcement/kill-switch.d.ts.map +1 -0
package/dist/arp/enforcement/kill-switch.js +122 -0
package/dist/arp/enforcement/kill-switch.js.map +1 -0
package/dist/arp/engine/event-engine.d.ts +29 -0
package/dist/arp/engine/event-engine.d.ts.map +1 -0
package/dist/arp/engine/event-engine.js +233 -0
package/dist/arp/engine/event-engine.js.map +1 -0
package/dist/arp/index.d.ts +81 -0
package/dist/arp/index.d.ts.map +1 -0
package/dist/arp/index.js +239 -0
package/dist/arp/index.js.map +1 -0
package/dist/arp/intelligence/adapters.d.ts +45 -0
package/dist/arp/intelligence/adapters.d.ts.map +1 -0
package/dist/arp/intelligence/adapters.js +222 -0
package/dist/arp/intelligence/adapters.js.map +1 -0
package/dist/arp/intelligence/anomaly.d.ts +32 -0
package/dist/arp/intelligence/anomaly.d.ts.map +1 -0
package/dist/arp/intelligence/anomaly.js +80 -0
package/dist/arp/intelligence/anomaly.js.map +1 -0
package/dist/arp/intelligence/budget.d.ts +33 -0
package/dist/arp/intelligence/budget.d.ts.map +1 -0
package/dist/arp/intelligence/budget.js +150 -0
package/dist/arp/intelligence/budget.js.map +1 -0
package/dist/arp/intelligence/coordinator.d.ts +43 -0
package/dist/arp/intelligence/coordinator.d.ts.map +1 -0
package/dist/arp/intelligence/coordinator.js +301 -0
package/dist/arp/intelligence/coordinator.js.map +1 -0
package/dist/arp/interceptors/a2a-protocol.d.ts +29 -0
package/dist/arp/interceptors/a2a-protocol.d.ts.map +1 -0
package/dist/arp/interceptors/a2a-protocol.js +111 -0
package/dist/arp/interceptors/a2a-protocol.js.map +1 -0
package/dist/arp/interceptors/filesystem.d.ts +33 -0
package/dist/arp/interceptors/filesystem.d.ts.map +1 -0
package/dist/arp/interceptors/filesystem.js +199 -0
package/dist/arp/interceptors/filesystem.js.map +1 -0
package/dist/arp/interceptors/mcp-protocol.d.ts +25 -0
package/dist/arp/interceptors/mcp-protocol.d.ts.map +1 -0
package/dist/arp/interceptors/mcp-protocol.js +126 -0
package/dist/arp/interceptors/mcp-protocol.js.map +1 -0
package/dist/arp/interceptors/network.d.ts +26 -0
package/dist/arp/interceptors/network.d.ts.map +1 -0
package/dist/arp/interceptors/network.js +146 -0
package/dist/arp/interceptors/network.js.map +1 -0
package/dist/arp/interceptors/process.d.ts +26 -0
package/dist/arp/interceptors/process.d.ts.map +1 -0
package/dist/arp/interceptors/process.js +157 -0
package/dist/arp/interceptors/process.js.map +1 -0
package/dist/arp/interceptors/prompt.d.ts +29 -0
package/dist/arp/interceptors/prompt.d.ts.map +1 -0
package/dist/arp/interceptors/prompt.js +82 -0
package/dist/arp/interceptors/prompt.js.map +1 -0
package/dist/arp/license/index.d.ts +59 -0
package/dist/arp/license/index.d.ts.map +1 -0
package/dist/arp/license/index.js +78 -0
package/dist/arp/license/index.js.map +1 -0
package/dist/arp/monitors/filesystem.d.ts +21 -0
package/dist/arp/monitors/filesystem.d.ts.map +1 -0
package/dist/arp/monitors/filesystem.js +141 -0
package/dist/arp/monitors/filesystem.js.map +1 -0
package/dist/arp/monitors/network.d.ts +32 -0
package/dist/arp/monitors/network.d.ts.map +1 -0
package/dist/arp/monitors/network.js +301 -0
package/dist/arp/monitors/network.js.map +1 -0
package/dist/arp/monitors/process.d.ts +24 -0
package/dist/arp/monitors/process.d.ts.map +1 -0
package/dist/arp/monitors/process.js +205 -0
package/dist/arp/monitors/process.js.map +1 -0
package/dist/arp/patterns/ai-threats.d.ts +48 -0
package/dist/arp/patterns/ai-threats.d.ts.map +1 -0
package/dist/arp/patterns/ai-threats.js +215 -0
package/dist/arp/patterns/ai-threats.js.map +1 -0
package/dist/arp/proxy/forward.d.ts +23 -0
package/dist/arp/proxy/forward.d.ts.map +1 -0
package/dist/arp/proxy/forward.js +152 -0
package/dist/arp/proxy/forward.js.map +1 -0
package/dist/arp/proxy/server.d.ts +45 -0
package/dist/arp/proxy/server.d.ts.map +1 -0
package/dist/arp/proxy/server.js +331 -0
package/dist/arp/proxy/server.js.map +1 -0
package/dist/arp/reporting/local-log.d.ts +22 -0
package/dist/arp/reporting/local-log.d.ts.map +1 -0
package/dist/arp/reporting/local-log.js +116 -0
package/dist/arp/reporting/local-log.js.map +1 -0
package/dist/arp/types.d.ts +230 -0
package/dist/arp/types.d.ts.map +1 -0
package/dist/arp/types.js +4 -0
package/dist/arp/types.js.map +1 -0
package/dist/attack/custom-payloads.d.ts +11 -0
package/dist/attack/custom-payloads.d.ts.map +1 -0
package/dist/attack/custom-payloads.js +108 -0
package/dist/attack/custom-payloads.js.map +1 -0
package/dist/attack/fail-policy.d.ts +16 -0
package/dist/attack/fail-policy.d.ts.map +1 -0
package/dist/attack/fail-policy.js +36 -0
package/dist/attack/fail-policy.js.map +1 -0
package/dist/attack/index.d.ts +12 -0
package/dist/attack/index.d.ts.map +1 -0
package/dist/attack/index.js +30 -0
package/dist/attack/index.js.map +1 -0
package/dist/attack/payloads/a2a-attacks.d.ts +12 -0
package/dist/attack/payloads/a2a-attacks.d.ts.map +1 -0
package/dist/attack/payloads/a2a-attacks.js +221 -0
package/dist/attack/payloads/a2a-attacks.js.map +1 -0
package/dist/attack/payloads/capability-abuse.d.ts +8 -0
package/dist/attack/payloads/capability-abuse.d.ts.map +1 -0
package/dist/attack/payloads/capability-abuse.js +222 -0
package/dist/attack/payloads/capability-abuse.js.map +1 -0
package/dist/attack/payloads/context-manipulation.d.ts +8 -0
package/dist/attack/payloads/context-manipulation.d.ts.map +1 -0
package/dist/attack/payloads/context-manipulation.js +217 -0
package/dist/attack/payloads/context-manipulation.js.map +1 -0
package/dist/attack/payloads/data-exfiltration.d.ts +8 -0
package/dist/attack/payloads/data-exfiltration.d.ts.map +1 -0
package/dist/attack/payloads/data-exfiltration.js +249 -0
package/dist/attack/payloads/data-exfiltration.js.map +1 -0
package/dist/attack/payloads/index.d.ts +29 -0
package/dist/attack/payloads/index.d.ts.map +1 -0
package/dist/attack/payloads/index.js +76 -0
package/dist/attack/payloads/index.js.map +1 -0
package/dist/attack/payloads/jailbreak.d.ts +8 -0
package/dist/attack/payloads/jailbreak.d.ts.map +1 -0
package/dist/attack/payloads/jailbreak.js +265 -0
package/dist/attack/payloads/jailbreak.js.map +1 -0
package/dist/attack/payloads/mcp-exploitation.d.ts +12 -0
package/dist/attack/payloads/mcp-exploitation.d.ts.map +1 -0
package/dist/attack/payloads/mcp-exploitation.js +221 -0
package/dist/attack/payloads/mcp-exploitation.js.map +1 -0
package/dist/attack/payloads/prompt-injection.d.ts +8 -0
package/dist/attack/payloads/prompt-injection.d.ts.map +1 -0
package/dist/attack/payloads/prompt-injection.js +262 -0
package/dist/attack/payloads/prompt-injection.js.map +1 -0
package/dist/attack/scanner.d.ts +84 -0
package/dist/attack/scanner.d.ts.map +1 -0
package/dist/attack/scanner.js +509 -0
package/dist/attack/scanner.js.map +1 -0
package/dist/attack/types.d.ts +153 -0
package/dist/attack/types.d.ts.map +1 -0
package/dist/attack/types.js +46 -0
package/dist/attack/types.js.map +1 -0
package/dist/benchmarks/index.d.ts +16 -0
package/dist/benchmarks/index.d.ts.map +1 -0
package/dist/benchmarks/index.js +27 -0
package/dist/benchmarks/index.js.map +1 -0
package/dist/benchmarks/oasb-1.d.ts +112 -0
package/dist/benchmarks/oasb-1.d.ts.map +1 -0
package/dist/benchmarks/oasb-1.js +1124 -0
package/dist/benchmarks/oasb-1.js.map +1 -0
package/dist/checker/check-skill.d.ts +48 -0
package/dist/checker/check-skill.d.ts.map +1 -0
package/dist/checker/check-skill.js +105 -0
package/dist/checker/check-skill.js.map +1 -0
package/dist/checker/index.d.ts +12 -0
package/dist/checker/index.d.ts.map +1 -0
package/dist/checker/index.js +16 -0
package/dist/checker/index.js.map +1 -0
package/dist/checker/permission-analyzer.d.ts +12 -0
package/dist/checker/permission-analyzer.d.ts.map +1 -0
package/dist/checker/permission-analyzer.js +84 -0
package/dist/checker/permission-analyzer.js.map +1 -0
package/dist/checker/publisher-verifier.d.ts +34 -0
package/dist/checker/publisher-verifier.d.ts.map +1 -0
package/dist/checker/publisher-verifier.js +121 -0
package/dist/checker/publisher-verifier.js.map +1 -0
package/dist/checker/skill-identifier.d.ts +14 -0
package/dist/checker/skill-identifier.d.ts.map +1 -0
package/dist/checker/skill-identifier.js +55 -0
package/dist/checker/skill-identifier.js.map +1 -0
package/dist/cli.d.ts +7 -0
package/dist/cli.d.ts.map +1 -0
package/dist/cli.js +3534 -0
package/dist/cli.js.map +1 -0
package/dist/hardening/index.d.ts +7 -0
package/dist/hardening/index.d.ts.map +1 -0
package/dist/hardening/index.js +9 -0
package/dist/hardening/index.js.map +1 -0
package/dist/hardening/scanner.d.ts +147 -0
package/dist/hardening/scanner.d.ts.map +1 -0
package/dist/hardening/scanner.js +5445 -0
package/dist/hardening/scanner.js.map +1 -0
package/dist/hardening/security-check.d.ts +85 -0
package/dist/hardening/security-check.d.ts.map +1 -0
package/dist/hardening/security-check.js +6 -0
package/dist/hardening/security-check.js.map +1 -0
package/dist/index.d.ts +38 -4
package/dist/index.d.ts.map +1 -1
package/dist/index.js +91 -3525
package/dist/index.js.map +1 -1
package/dist/mcp-server.js +10 -10
package/dist/mcp-server.js.map +1 -1
package/dist/oasb/config/dvaa-targets.d.ts +13 -0
package/dist/oasb/config/dvaa-targets.d.ts.map +1 -0
package/dist/oasb/config/dvaa-targets.js +89 -0
package/dist/oasb/config/dvaa-targets.js.map +1 -0
package/dist/oasb/harness/arp-wrapper.d.ts +29 -0
package/dist/oasb/harness/arp-wrapper.d.ts.map +1 -0
package/dist/oasb/harness/arp-wrapper.js +134 -0
package/dist/oasb/harness/arp-wrapper.js.map +1 -0
package/dist/oasb/harness/dvaa-client.d.ts +46 -0
package/dist/oasb/harness/dvaa-client.d.ts.map +1 -0
package/dist/oasb/harness/dvaa-client.js +98 -0
package/dist/oasb/harness/dvaa-client.js.map +1 -0
package/dist/oasb/harness/dvaa-manager.d.ts +17 -0
package/dist/oasb/harness/dvaa-manager.d.ts.map +1 -0
package/dist/oasb/harness/dvaa-manager.js +132 -0
package/dist/oasb/harness/dvaa-manager.js.map +1 -0
package/dist/oasb/harness/event-collector.d.ts +33 -0
package/dist/oasb/harness/event-collector.d.ts.map +1 -0
package/dist/oasb/harness/event-collector.js +86 -0
package/dist/oasb/harness/event-collector.js.map +1 -0
package/dist/oasb/harness/metrics.d.ts +14 -0
package/dist/oasb/harness/metrics.d.ts.map +1 -0
package/dist/oasb/harness/metrics.js +56 -0
package/dist/oasb/harness/metrics.js.map +1 -0
package/dist/oasb/harness/mock-llm-adapter.d.ts +34 -0
package/dist/oasb/harness/mock-llm-adapter.d.ts.map +1 -0
package/dist/oasb/harness/mock-llm-adapter.js +69 -0
package/dist/oasb/harness/mock-llm-adapter.js.map +1 -0
package/dist/oasb/harness/types.d.ts +74 -0
package/dist/oasb/harness/types.d.ts.map +1 -0
package/dist/oasb/harness/types.js +3 -0
package/dist/oasb/harness/types.js.map +1 -0
package/dist/plugins/core.d.ts +109 -0
package/dist/plugins/core.d.ts.map +1 -0
package/dist/plugins/core.js +30 -0
package/dist/plugins/core.js.map +1 -0
package/dist/plugins/credvault.d.ts +22 -0
package/dist/plugins/credvault.d.ts.map +1 -0
package/dist/plugins/credvault.js +374 -0
package/dist/plugins/credvault.js.map +1 -0
package/dist/plugins/signcrypt.d.ts +27 -0
package/dist/plugins/signcrypt.d.ts.map +1 -0
package/dist/plugins/signcrypt.js +317 -0
package/dist/plugins/signcrypt.js.map +1 -0
package/dist/plugins/skillguard.d.ts +25 -0
package/dist/plugins/skillguard.d.ts.map +1 -0
package/dist/plugins/skillguard.js +346 -0
package/dist/plugins/skillguard.js.map +1 -0
package/dist/registry/client.d.ts +125 -0
package/dist/registry/client.d.ts.map +1 -0
package/dist/registry/client.js +308 -0
package/dist/registry/client.js.map +1 -0
package/dist/registry/index.d.ts +3 -0
package/dist/registry/index.d.ts.map +1 -0
package/dist/registry/index.js +10 -0
package/dist/registry/index.js.map +1 -0
package/dist/scanner/external-scanner.d.ts +13 -0
package/dist/scanner/external-scanner.d.ts.map +1 -0
package/dist/scanner/external-scanner.js +299 -0
package/dist/scanner/external-scanner.js.map +1 -0
package/dist/scanner/index.d.ts +6 -0
package/dist/scanner/index.d.ts.map +1 -0
package/dist/scanner/index.js +9 -0
package/dist/scanner/index.js.map +1 -0
package/dist/scanner/types.d.ts +32 -0
package/dist/scanner/types.d.ts.map +1 -0
package/dist/scanner/types.js +6 -0
package/dist/scanner/types.js.map +1 -0
package/dist/semantic/deep-scan.d.ts +13 -0
package/dist/semantic/deep-scan.d.ts.map +1 -0
package/dist/semantic/deep-scan.js +63 -0
package/dist/semantic/deep-scan.js.map +1 -0
package/dist/semantic/index.d.ts +17 -0
package/dist/semantic/index.d.ts.map +1 -0
package/dist/semantic/index.js +39 -0
package/dist/semantic/index.js.map +1 -0
package/dist/semantic/integration/cost-estimator.d.ts +17 -0
package/dist/semantic/integration/cost-estimator.d.ts.map +1 -0
package/dist/semantic/integration/cost-estimator.js +54 -0
package/dist/semantic/integration/cost-estimator.js.map +1 -0
package/dist/semantic/integration/finding-adapter.d.ts +34 -0
package/dist/semantic/integration/finding-adapter.d.ts.map +1 -0
package/dist/semantic/integration/finding-adapter.js +41 -0
package/dist/semantic/integration/finding-adapter.js.map +1 -0
package/dist/semantic/integration/oasb-upgrader.d.ts +20 -0
package/dist/semantic/integration/oasb-upgrader.d.ts.map +1 -0
package/dist/semantic/integration/oasb-upgrader.js +47 -0
package/dist/semantic/integration/oasb-upgrader.js.map +1 -0
package/dist/semantic/llm/budget.d.ts +50 -0
package/dist/semantic/llm/budget.d.ts.map +1 -0
package/dist/semantic/llm/budget.js +139 -0
package/dist/semantic/llm/budget.js.map +1 -0
package/dist/semantic/llm/cache.d.ts +36 -0
package/dist/semantic/llm/cache.d.ts.map +1 -0
package/dist/semantic/llm/cache.js +103 -0
package/dist/semantic/llm/cache.js.map +1 -0
package/dist/semantic/llm/client.d.ts +49 -0
package/dist/semantic/llm/client.d.ts.map +1 -0
package/dist/semantic/llm/client.js +64 -0
package/dist/semantic/llm/client.js.map +1 -0
package/dist/semantic/llm/index.d.ts +33 -0
package/dist/semantic/llm/index.d.ts.map +1 -0
package/dist/semantic/llm/index.js +129 -0
package/dist/semantic/llm/index.js.map +1 -0
package/dist/semantic/llm/prompts.d.ts +30 -0
package/dist/semantic/llm/prompts.d.ts.map +1 -0
package/dist/semantic/llm/prompts.js +120 -0
package/dist/semantic/llm/prompts.js.map +1 -0
package/dist/semantic/structural/credential-context.d.ts +14 -0
package/dist/semantic/structural/credential-context.d.ts.map +1 -0
package/dist/semantic/structural/credential-context.js +295 -0
package/dist/semantic/structural/credential-context.js.map +1 -0
package/dist/semantic/structural/index.d.ts +28 -0
package/dist/semantic/structural/index.d.ts.map +1 -0
package/dist/semantic/structural/index.js +138 -0
package/dist/semantic/structural/index.js.map +1 -0
package/dist/semantic/structural/instruction.d.ts +19 -0
package/dist/semantic/structural/instruction.d.ts.map +1 -0
package/dist/semantic/structural/instruction.js +167 -0
package/dist/semantic/structural/instruction.js.map +1 -0
package/dist/semantic/structural/mcp-config.d.ts +22 -0
package/dist/semantic/structural/mcp-config.d.ts.map +1 -0
package/dist/semantic/structural/mcp-config.js +294 -0
package/dist/semantic/structural/mcp-config.js.map +1 -0
package/dist/semantic/structural/permission-model.d.ts +16 -0
package/dist/semantic/structural/permission-model.d.ts.map +1 -0
package/dist/semantic/structural/permission-model.js +121 -0
package/dist/semantic/structural/permission-model.js.map +1 -0
package/dist/semantic/types.d.ts +122 -0
package/dist/semantic/types.d.ts.map +1 -0
package/dist/semantic/types.js +10 -0
package/dist/semantic/types.js.map +1 -0
package/package.json +25 -14

package/dist/arp/monitors/process.js ADDED Viewed

@@ -0,0 +1,205 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ProcessMonitor = void 0;
+const child_process_1 = require("child_process");
+const os = __importStar(require("os"));
+const path = __importStar(require("path"));
+/** Binaries commonly used for exfiltration, lateral movement, or exploitation */
+const SUSPICIOUS_BINARIES = [
+    'curl', 'wget', 'nc', 'ncat', 'nmap', 'ssh', 'scp',
+    'python', 'python3', 'perl', 'ruby', 'base64',
+    'socat', 'telnet', 'ftp', 'rsync',
+];
+/**
+ * Process monitor — tracks agent lifecycle, child processes, and resource usage.
+ * Uses `ps` polling (cross-platform, no root required).
+ */
+class ProcessMonitor {
+    constructor(engine, intervalMs = 5000) {
+        this.type = 'process';
+        this.knownPids = new Set();
+        this.engine = engine;
+        this.intervalMs = intervalMs;
+    }
+    async start() {
+        this.agentPid = process.pid; // Monitor children of the current (agent) process
+        this.knownPids = new Set(this.getDescendantPids(this.agentPid));
+        this.timer = setInterval(() => this.poll(), this.intervalMs);
+        if (this.timer.unref)
+            this.timer.unref();
+    }
+    async stop() {
+        if (this.timer) {
+            clearInterval(this.timer);
+            this.timer = undefined;
+        }
+    }
+    isRunning() {
+        return this.timer !== undefined;
+    }
+    poll() {
+        try {
+            const currentPids = this.getDescendantPids(this.agentPid);
+            const currentSet = new Set(currentPids);
+            // Detect new child processes
+            for (const pid of currentPids) {
+                if (!this.knownPids.has(pid)) {
+                    const info = this.getProcessInfo(pid);
+                    if (info) {
+                        this.engine.emit({
+                            source: 'process',
+                            category: 'normal',
+                            severity: 'info',
+                            description: `New child process: PID ${pid} — ${info.command.slice(0, 100)}`,
+                            data: { pid, command: info.command, user: info.user, cpu: info.cpu, mem: info.mem },
+                        });
+                    }
+                }
+            }
+            // Detect terminated processes
+            for (const pid of this.knownPids) {
+                if (!currentSet.has(pid)) {
+                    this.engine.emit({
+                        source: 'process',
+                        category: 'normal',
+                        severity: 'info',
+                        description: `Child process terminated: PID ${pid}`,
+                        data: { pid, action: 'terminated' },
+                    });
+                }
+            }
+            // Check for suspicious processes (binaries, high CPU, unexpected users)
+            for (const pid of currentPids) {
+                const info = this.getProcessInfo(pid);
+                if (!info)
+                    continue;
+                // Suspicious binary detection
+                const binaryName = path.basename(info.command.split(/\s+/)[0]);
+                if (SUSPICIOUS_BINARIES.includes(binaryName)) {
+                    this.engine.emit({
+                        source: 'process',
+                        category: 'violation',
+                        severity: 'high',
+                        description: `Suspicious binary executed: ${binaryName} (PID ${pid})`,
+                        data: { pid, binary: binaryName, command: info.command, user: info.user },
+                    });
+                }
+                // High CPU for extended period
+                if (info.cpu > 90) {
+                    this.engine.emit({
+                        source: 'process',
+                        category: 'anomaly',
+                        severity: 'medium',
+                        description: `High CPU usage: PID ${pid} at ${info.cpu}% — ${info.command.slice(0, 60)}`,
+                        data: { pid, cpu: info.cpu, command: info.command },
+                    });
+                }
+                // Running as different user
+                if (info.user === 'root' && os.userInfo().username !== 'root') {
+                    this.engine.emit({
+                        source: 'process',
+                        category: 'violation',
+                        severity: 'high',
+                        description: `Child process running as root: PID ${pid} — ${info.command.slice(0, 60)}`,
+                        data: { pid, user: info.user, command: info.command },
+                    });
+                }
+            }
+            this.knownPids = currentSet;
+        }
+        catch {
+            // ps command failed — skip this cycle
+        }
+    }
+    /** Walk the full process tree to find all descendants of parentPid.
+     *  Uses `ps -ax -o pid=,ppid=` which works on both macOS and Linux. */
+    getDescendantPids(parentPid) {
+        if (!parentPid)
+            return [];
+        try {
+            const output = (0, child_process_1.execSync)('ps -ax -o pid=,ppid=', { encoding: 'utf-8', timeout: 5000 });
+            const childMap = new Map();
+            for (const line of output.trim().split('\n')) {
+                const parts = line.trim().split(/\s+/);
+                const pid = parseInt(parts[0]);
+                const ppid = parseInt(parts[1]);
+                if (isNaN(pid) || isNaN(ppid))
+                    continue;
+                if (!childMap.has(ppid))
+                    childMap.set(ppid, []);
+                childMap.get(ppid).push(pid);
+            }
+            // BFS from parentPid
+            const result = [];
+            const queue = [parentPid];
+            while (queue.length > 0) {
+                const current = queue.shift();
+                for (const child of childMap.get(current) ?? []) {
+                    result.push(child);
+                    queue.push(child);
+                }
+            }
+            return result;
+        }
+        catch {
+            return [];
+        }
+    }
+    getProcessInfo(pid) {
+        try {
+            const output = (0, child_process_1.execSync)(`ps -o pid=,ppid=,user=,%cpu=,%mem=,command= -p ${pid}`, { encoding: 'utf-8', timeout: 5000 });
+            const line = output.trim();
+            if (!line)
+                return null;
+            const parts = line.trim().split(/\s+/);
+            if (parts.length < 6)
+                return null;
+            return {
+                pid: parseInt(parts[0]),
+                ppid: parseInt(parts[1]),
+                user: parts[2],
+                cpu: parseFloat(parts[3]),
+                mem: parseFloat(parts[4]),
+                command: parts.slice(5).join(' '),
+            };
+        }
+        catch {
+            return null;
+        }
+    }
+}
+exports.ProcessMonitor = ProcessMonitor;
+//# sourceMappingURL=process.js.map

package/dist/arp/monitors/process.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"process.js","sourceRoot":"","sources":["../../../src/arp/monitors/process.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,iDAAyC;AACzC,uCAAyB;AACzB,2CAA6B;AAa7B,iFAAiF;AACjF,MAAM,mBAAmB,GAAG;IAC1B,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,KAAK;IAClD,QAAQ,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ;IAC7C,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,OAAO;CAClC,CAAC;AAEF;;;GAGG;AACH,MAAa,cAAc;IAQzB,YAAY,MAAmB,EAAE,aAAqB,IAAI;QAPjD,SAAI,GAAgB,SAAS,CAAC;QAI/B,cAAS,GAAG,IAAI,GAAG,EAAU,CAAC;QAIpC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;IAC/B,CAAC;IAED,KAAK,CAAC,KAAK;QACT,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,kDAAkD;QAC/E,IAAI,CAAC,SAAS,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC;QAEhE,IAAI,CAAC,KAAK,GAAG,WAAW,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,IAAI,EAAE,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC;QAC7D,IAAI,IAAI,CAAC,KAAK,CAAC,KAAK;YAAE,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;IAC3C,CAAC;IAED,KAAK,CAAC,IAAI;QACR,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,aAAa,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YAC1B,IAAI,CAAC,KAAK,GAAG,SAAS,CAAC;QACzB,CAAC;IACH,CAAC;IAED,SAAS;QACP,OAAO,IAAI,CAAC,KAAK,KAAK,SAAS,CAAC;IAClC,CAAC;IAEO,IAAI;QACV,IAAI,CAAC;YACH,MAAM,WAAW,GAAG,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YAC1D,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,WAAW,CAAC,CAAC;YAExC,6BAA6B;YAC7B,KAAK,MAAM,GAAG,IAAI,WAAW,EAAE,CAAC;gBAC9B,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;oBAC7B,MAAM,IAAI,GAAG,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC;oBACtC,IAAI,IAAI,EAAE,CAAC;wBACT,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC;4BACf,MAAM,EAAE,SAAS;4BACjB,QAAQ,EAAE,QAAQ;4BAClB,QAAQ,EAAE,MAAM;4BAChB,WAAW,EAAE,0BAA0B,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;4BAC5E,IAAI,EAAE,EAAE,GAAG,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,GAAG,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,GAAG,EAAE;yBACpF,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;YACH,CAAC;YAED,8BAA8B;YAC9B,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;gBACjC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;oBACzB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC;wBACf,MAAM,EAAE,SAAS;wBACjB,QAAQ,EAAE,QAAQ;wBAClB,QAAQ,EAAE,MAAM;wBAChB,WAAW,EAAE,iCAAiC,GAAG,EAAE;wBACnD,IAAI,EAAE,EAAE,GAAG,EAAE,MAAM,EAAE,YAAY,EAAE;qBACpC,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAED,wEAAwE;YACxE,KAAK,MAAM,GAAG,IAAI,WAAW,EAAE,CAAC;gBAC9B,MAAM,IAAI,GAAG,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC;gBACtC,IAAI,CAAC,IAAI;oBAAE,SAAS;gBAEpB,8BAA8B;gBAC9B,MAAM,UAAU,GAAG,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;gBAC/D,IAAI,mBAAmB,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;oBAC7C,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC;wBACf,MAAM,EAAE,SAAS;wBACjB,QAAQ,EAAE,WAAW;wBACrB,QAAQ,EAAE,MAAM;wBAChB,WAAW,EAAE,+BAA+B,UAAU,SAAS,GAAG,GAAG;wBACrE,IAAI,EAAE,EAAE,GAAG,EAAE,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE;qBAC1E,CAAC,CAAC;gBACL,CAAC;gBAED,+BAA+B;gBAC/B,IAAI,IAAI,CAAC,GAAG,GAAG,EAAE,EAAE,CAAC;oBAClB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC;wBACf,MAAM,EAAE,SAAS;wBACjB,QAAQ,EAAE,SAAS;wBACnB,QAAQ,EAAE,QAAQ;wBAClB,WAAW,EAAE,uBAAuB,GAAG,OAAO,IAAI,CAAC,GAAG,OAAO,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE;wBACxF,IAAI,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,GAAG,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE;qBACpD,CAAC,CAAC;gBACL,CAAC;gBAED,4BAA4B;gBAC5B,IAAI,IAAI,CAAC,IAAI,KAAK,MAAM,IAAI,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,KAAK,MAAM,EAAE,CAAC;oBAC9D,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC;wBACf,MAAM,EAAE,SAAS;wBACjB,QAAQ,EAAE,WAAW;wBACrB,QAAQ,EAAE,MAAM;wBAChB,WAAW,EAAE,sCAAsC,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE;wBACvF,IAAI,EAAE,EAAE,GAAG,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE;qBACtD,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAED,IAAI,CAAC,SAAS,GAAG,UAAU,CAAC;QAC9B,CAAC;QAAC,MAAM,CAAC;YACP,sCAAsC;QACxC,CAAC;IACH,CAAC;IAED;2EACuE;IAC/D,iBAAiB,CAAC,SAAkB;QAC1C,IAAI,CAAC,SAAS;YAAE,OAAO,EAAE,CAAC;QAC1B,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,IAAA,wBAAQ,EAAC,sBAAsB,EAAE,EAAE,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;YACtF,MAAM,QAAQ,GAAG,IAAI,GAAG,EAAoB,CAAC;YAE7C,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC7C,MAAM,KAAK,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;gBACvC,MAAM,GAAG,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;gBAC/B,MAAM,IAAI,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;gBAChC,IAAI,KAAK,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,IAAI,CAAC;oBAAE,SAAS;gBACxC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC;oBAAE,QAAQ,CAAC,GAAG,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;gBAChD,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YAChC,CAAC;YAED,qBAAqB;YACrB,MAAM,MAAM,GAAa,EAAE,CAAC;YAC5B,MAAM,KAAK,GAAG,CAAC,SAAS,CAAC,CAAC;YAC1B,OAAO,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACxB,MAAM,OAAO,GAAG,KAAK,CAAC,KAAK,EAAG,CAAC;gBAC/B,KAAK,MAAM,KAAK,IAAI,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC;oBAChD,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;oBACnB,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;gBACpB,CAAC;YACH,CAAC;YAED,OAAO,MAAM,CAAC;QAChB,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,EAAE,CAAC;QACZ,CAAC;IACH,CAAC;IAEO,cAAc,CAAC,GAAW;QAChC,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,IAAA,wBAAQ,EACrB,kDAAkD,GAAG,EAAE,EACvD,EAAE,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CACrC,CAAC;YACF,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,EAAE,CAAC;YAC3B,IAAI,CAAC,IAAI;gBAAE,OAAO,IAAI,CAAC;YAEvB,MAAM,KAAK,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;YACvC,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC;gBAAE,OAAO,IAAI,CAAC;YAElC,OAAO;gBACL,GAAG,EAAE,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;gBACvB,IAAI,EAAE,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;gBACxB,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC;gBACd,GAAG,EAAE,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;gBACzB,GAAG,EAAE,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;gBACzB,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC;aAClC,CAAC;QACJ,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;CACF;AA1KD,wCA0KC"}

package/dist/arp/patterns/ai-threats.d.ts ADDED Viewed

@@ -0,0 +1,48 @@
+export interface ThreatPattern {
+    /** Pattern identifier (e.g., PI-001) */
+    id: string;
+    /** Attack category */
+    category: 'prompt-injection' | 'jailbreak' | 'data-exfiltration' | 'output-leak' | 'context-manipulation' | 'mcp-exploitation' | 'a2a-attack';
+    /** Human-readable description */
+    description: string;
+    /** Regex pattern to match */
+    pattern: RegExp;
+    /** Severity when matched */
+    severity: 'medium' | 'high' | 'critical';
+}
+export declare const ALL_PATTERNS: ThreatPattern[];
+/** Pattern sets by category for targeted scanning */
+export declare const PATTERN_SETS: {
+    readonly promptInjection: ThreatPattern[];
+    readonly jailbreak: ThreatPattern[];
+    readonly dataExfiltration: ThreatPattern[];
+    readonly outputLeak: ThreatPattern[];
+    readonly contextManipulation: ThreatPattern[];
+    readonly mcpExploitation: ThreatPattern[];
+    readonly a2aAttack: ThreatPattern[];
+    /** Input scanning: patterns relevant to user/agent input */
+    readonly inputPatterns: readonly ThreatPattern[];
+    /** Output scanning: patterns relevant to LLM responses */
+    readonly outputPatterns: readonly ThreatPattern[];
+    /** MCP scanning: patterns relevant to tool call parameters */
+    readonly mcpPatterns: readonly ThreatPattern[];
+    /** A2A scanning: patterns relevant to inter-agent messages */
+    readonly a2aPatterns: readonly ThreatPattern[];
+};
+/** Scan result from matching */
+export interface ScanResult {
+    detected: boolean;
+    matches: Array<{
+        pattern: ThreatPattern;
+        matchedText: string;
+    }>;
+    /** True if input was truncated before scanning */
+    truncated?: boolean;
+}
+/**
+ * Scan text against a set of threat patterns.
+ * Returns all matches (not just first) for comprehensive reporting.
+ * Input is truncated to MAX_SCAN_LENGTH to prevent ReDoS.
+ */
+export declare function scanText(text: string, patterns: readonly ThreatPattern[]): ScanResult;
+//# sourceMappingURL=ai-threats.d.ts.map

package/dist/arp/patterns/ai-threats.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"ai-threats.d.ts","sourceRoot":"","sources":["../../../src/arp/patterns/ai-threats.ts"],"names":[],"mappings":"AAGA,MAAM,WAAW,aAAa;IAC5B,wCAAwC;IACxC,EAAE,EAAE,MAAM,CAAC;IACX,sBAAsB;IACtB,QAAQ,EAAE,kBAAkB,GAAG,WAAW,GAAG,mBAAmB,GAAG,aAAa,GAAG,sBAAsB,GAAG,kBAAkB,GAAG,YAAY,CAAC;IAC9I,iCAAiC;IACjC,WAAW,EAAE,MAAM,CAAC;IACpB,6BAA6B;IAC7B,OAAO,EAAE,MAAM,CAAC;IAChB,4BAA4B;IAC5B,QAAQ,EAAE,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;CAC1C;AA4KD,eAAO,MAAM,YAAY,EAAE,aAAa,EAQvC,CAAC;AAEF,qDAAqD;AACrD,eAAO,MAAM,YAAY;;;;;;;;IAQvB,4DAA4D;;IAE5D,0DAA0D;;IAE1D,8DAA8D;;IAE9D,8DAA8D;;CAEtD,CAAC;AAKX,gCAAgC;AAChC,MAAM,WAAW,UAAU;IACzB,QAAQ,EAAE,OAAO,CAAC;IAClB,OAAO,EAAE,KAAK,CAAC;QACb,OAAO,EAAE,aAAa,CAAC;QACvB,WAAW,EAAE,MAAM,CAAC;KACrB,CAAC,CAAC;IACH,kDAAkD;IAClD,SAAS,CAAC,EAAE,OAAO,CAAC;CACrB;AAED;;;;GAIG;AACH,wBAAgB,QAAQ,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,SAAS,aAAa,EAAE,GAAG,UAAU,CAoBrF"}

package/dist/arp/patterns/ai-threats.js ADDED Viewed

@@ -0,0 +1,215 @@
+"use strict";
+// AI-layer threat detection patterns
+// L0 regex-based detection for known attack payloads
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PATTERN_SETS = exports.ALL_PATTERNS = void 0;
+exports.scanText = scanText;
+// --- Prompt Injection Patterns ---
+const promptInjection = [
+    {
+        id: 'PI-001',
+        category: 'prompt-injection',
+        description: 'Instruction override attempt — direct override of system instructions',
+        pattern: /(?:ignore|disregard|forget|override|bypass)\s+(?:all\s+)?(?:your\s+|the\s+|my\s+)?(?:previous|prior|above|earlier|system|original)\s+(?:instructions?|prompts?|rules?|directives?|guidelines?|constraints?)/i,
+        severity: 'critical',
+    },
+    {
+        id: 'PI-002',
+        category: 'prompt-injection',
+        description: 'Delimiter escape — attempts to break out of user message context',
+        pattern: /(?:<\/?(?:system|assistant|tool|function|instruction|context|internal)>|={3,}|---\s*(?:system|end|begin)|```\s*(?:system|instruction)|\[(?:SYSTEM|INST|INSTRUCTION)\]|<\|(?:im_start|im_end|system|endoftext)\|>)/i,
+        severity: 'high',
+    },
+    {
+        id: 'PI-003',
+        category: 'prompt-injection',
+        description: 'Tag injection — embedding fake system/assistant turns',
+        pattern: /(?:^|\n)\s*(?:system\s*:|assistant\s*:|AI\s*:|<\|(?:system|assistant)\|>)\s*.{10,}/im,
+        severity: 'high',
+    },
+];
+// --- Jailbreak Patterns ---
+const jailbreak = [
+    {
+        id: 'JB-001',
+        category: 'jailbreak',
+        description: 'DAN mode — "Do Anything Now" jailbreak attempt',
+        pattern: /\b(?:DAN|D\.A\.N|do\s+anything\s+now)\b.*(?:mode|persona|act|pretend|enable|activate|jailbr[eo]ak)/i,
+        severity: 'critical',
+    },
+    {
+        id: 'JB-002',
+        category: 'jailbreak',
+        description: 'Roleplay bypass — using fictional framing to bypass safety',
+        pattern: /(?:(?:pretend|imagine|act|roleplay|play|behave)\s+(?:you\s+are|as\s+(?:if\s+)?(?:you\s+(?:are|were)\s+)?|like|that\s+you(?:'re|\s+are))\s*(?:a\s+)?(?:an?\s+)?(?:evil|malicious|unfiltered|uncensored|unrestricted|unaligned|hacker|criminal|without\s+(?:restrictions|rules|limits|safety|guidelines|filters)))/i,
+        severity: 'high',
+    },
+    {
+        id: 'JB-003',
+        category: 'jailbreak',
+        description: 'Hypothetical bypass — using hypothetical framing to extract harmful content',
+        pattern: /(?:hypothetically|theoretically|in\s+theory|for\s+(?:educational|research|academic|fictional)\s+purposes?|just\s+for\s+fun|in\s+a\s+(?:fictional|hypothetical)\s+(?:world|scenario|universe)).*(?:how\s+(?:would|could|to)|explain|describe|show|give\s+me|write)\s+.*(?:hack|exploit|attack|inject|bypass|break|steal|exfiltrate)/i,
+        severity: 'medium',
+    },
+];
+// --- Data Exfiltration Patterns (in user input) ---
+const dataExfiltration = [
+    {
+        id: 'DE-001',
+        category: 'data-exfiltration',
+        description: 'System prompt extraction — attempting to extract system instructions',
+        pattern: /(?:(?:repeat|show|reveal|display|print|output|tell|what\s+(?:is|are)|give|list|dump|echo|copy)\s+(?:me\s+)?(?:your\s+|the\s+)?(?:full\s+|complete\s+|entire\s+|exact\s+|original\s+|initial\s+)?(?:system\s+)?(?:prompt|instructions?|rules?|guidelines?|initial\s+(?:prompt|message)|hidden\s+(?:prompt|instructions?)|(?:pre|pre-)?prompt))/i,
+        severity: 'high',
+    },
+    {
+        id: 'DE-002',
+        category: 'data-exfiltration',
+        description: 'Credential extraction — attempting to extract secrets or API keys',
+        pattern: /(?:(?:what|show|reveal|give|tell|display|print|dump|list)\s+(?:me\s+)?(?:are\s+)?(?:your\s+|the\s+)?(?:api\s+keys?|secrets?|credentials?|passwords?|tokens?|auth(?:entication)?|(?:private|secret)\s+keys?|(?:access|bearer)\s+tokens?|environment\s+variables?|env\s+vars?|\.env))/i,
+        severity: 'critical',
+    },
+    {
+        id: 'DE-003',
+        category: 'data-exfiltration',
+        description: 'PII extraction — attempting to extract personal data',
+        pattern: /(?:(?:list|show|give|reveal|dump|extract|tell)\s+(?:me\s+)?(?:all\s+)?(?:the\s+)?(?:users?|customers?|employees?|people|names?|emails?|addresses?|phone\s+numbers?|ssn|social\s+security|credit\s+cards?|payment|personal\s+(?:data|information|details)))/i,
+        severity: 'high',
+    },
+];
+// --- Output Leak Patterns (in LLM responses) ---
+const outputLeak = [
+    {
+        id: 'OL-001',
+        category: 'output-leak',
+        description: 'API key in output — LLM response contains API key pattern',
+        pattern: /(?:sk-[a-zA-Z0-9\-_]{20,}|(?:AKIA|ASIA)[A-Z0-9]{16}|ghp_[a-zA-Z0-9]{36}|glpat-[a-zA-Z0-9\-_]{20,}|xox[bpas]-[a-zA-Z0-9\-]{10,}|(?:eyJ[a-zA-Z0-9_-]{20,}\.){2}[a-zA-Z0-9_-]{20,})/,
+        severity: 'critical',
+    },
+    {
+        id: 'OL-002',
+        category: 'output-leak',
+        description: 'PII in output — LLM response contains PII patterns',
+        pattern: /(?:\b\d{3}-\d{2}-\d{4}\b|\b\d{4}[\s-]?\d{4}[\s-]?\d{4}[\s-]?\d{4}\b|\b[A-Z]{2}\d{6,9}\b)/,
+        severity: 'high',
+    },
+    {
+        id: 'OL-003',
+        category: 'output-leak',
+        description: 'System prompt leak — LLM response appears to contain system instructions',
+        pattern: /(?:(?:my|the)\s+system\s+(?:prompt|instructions?)\s+(?:is|are|says?)|(?:here\s+(?:is|are)\s+)?(?:my|the)\s+(?:original|initial|full|hidden|secret)\s+(?:instructions?|prompt|guidelines?))/i,
+        severity: 'high',
+    },
+];
+// --- Context Manipulation Patterns ---
+const contextManipulation = [
+    {
+        id: 'CM-001',
+        category: 'context-manipulation',
+        description: 'False memory injection — injecting false context or history',
+        pattern: /(?:(?:remember|recall)\s+(?:that\s+)?(?:you|we)\s+(?:agreed|decided|confirmed|said|mentioned|established)|you\s+(?:said|told|mentioned|agreed|promised|confirmed)\s+(?:me\s+)?(?:that\s+)?(?:you|we|I)\s+(?:would|should|can|could|will|must|have|are|am))/i,
+        severity: 'medium',
+    },
+    {
+        id: 'CM-002',
+        category: 'context-manipulation',
+        description: 'Context reset — attempting to reset or clear conversation context',
+        pattern: /(?:(?:start|begin)\s+(?:a\s+)?(?:new|fresh)\s+(?:conversation|session|context|chat)|(?:clear|reset|wipe|flush|forget)\s+(?:your\s+)?(?:context|memory|history|conversation|session|chat)|new\s+session\s*(?::|started|begins?))/i,
+        severity: 'medium',
+    },
+];
+// --- MCP Exploitation Patterns ---
+const mcpExploitation = [
+    {
+        id: 'MCP-001',
+        category: 'mcp-exploitation',
+        description: 'Path traversal in MCP tool parameter',
+        pattern: /(?:\.\.\/|\.\.\\|%2e%2e(?:%2f|%5c)|\.\.%252f)/i,
+        severity: 'critical',
+    },
+    {
+        id: 'MCP-002',
+        category: 'mcp-exploitation',
+        description: 'Command injection in MCP tool parameter',
+        pattern: /(?:[;&|`$]\s*(?:cat|ls|rm|mv|cp|curl|wget|nc|bash|sh|python|perl|ruby|chmod|chown|kill|pkill|dd)\b|`[^`]+`|\$\([^)]+\)|\|\s*(?:sh|bash|zsh|python|perl|ruby|nc|curl|wget)\b)/,
+        severity: 'critical',
+    },
+    {
+        id: 'MCP-003',
+        category: 'mcp-exploitation',
+        description: 'SSRF in MCP tool parameter',
+        pattern: /(?:(?:https?|ftp|gopher|dict|ldap):\/\/(?:localhost|127\.0\.0\.1|0\.0\.0\.0|10\.\d{1,3}\.\d{1,3}\.\d{1,3}|172\.(?:1[6-9]|2\d|3[01])\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3}|169\.254\.\d{1,3}\.\d{1,3}|::1|\[::1\]|0x7f|2130706433|metadata\.google|169\.254\.169\.254))/i,
+        severity: 'critical',
+    },
+];
+// --- A2A Attack Patterns ---
+const a2aAttack = [
+    {
+        id: 'A2A-001',
+        category: 'a2a-attack',
+        description: 'Identity spoofing — agent claiming to be another agent',
+        pattern: /(?:(?:i\s+am|this\s+is|acting\s+as|speaking\s+(?:as|for)|on\s+behalf\s+of|representing)\s+(?:the\s+)?(?:admin|administrator|orchestrator|supervisor|master|root|system|trusted|authorized|primary)\s+agent)/i,
+        severity: 'critical',
+    },
+    {
+        id: 'A2A-002',
+        category: 'a2a-attack',
+        description: 'Delegation abuse — unauthorized privilege escalation via task delegation',
+        pattern: /(?:(?:execute|run|perform|do)\s+(?:this\s+)?(?:\w+\s+)?(?:with|using)\s+(?:elevated|admin|root|system|full|unlimited|unrestricted)\s+(?:privileges?|permissions?|access|authority|rights)|(?:grant|give|elevate|escalate)\s+(?:my\s+)?(?:privileges?|permissions?|access|authority|rights|role))/i,
+        severity: 'high',
+    },
+];
+// --- All patterns combined ---
+exports.ALL_PATTERNS = [
+    ...promptInjection,
+    ...jailbreak,
+    ...dataExfiltration,
+    ...outputLeak,
+    ...contextManipulation,
+    ...mcpExploitation,
+    ...a2aAttack,
+];
+/** Pattern sets by category for targeted scanning */
+exports.PATTERN_SETS = {
+    promptInjection,
+    jailbreak,
+    dataExfiltration,
+    outputLeak,
+    contextManipulation,
+    mcpExploitation,
+    a2aAttack,
+    /** Input scanning: patterns relevant to user/agent input */
+    inputPatterns: [...promptInjection, ...jailbreak, ...dataExfiltration, ...contextManipulation],
+    /** Output scanning: patterns relevant to LLM responses */
+    outputPatterns: [...outputLeak],
+    /** MCP scanning: patterns relevant to tool call parameters */
+    mcpPatterns: [...mcpExploitation],
+    /** A2A scanning: patterns relevant to inter-agent messages */
+    a2aPatterns: [...a2aAttack],
+};
+/** Maximum text length to scan (64 KB) — prevents ReDoS on large payloads */
+const MAX_SCAN_LENGTH = 64 * 1024;
+/**
+ * Scan text against a set of threat patterns.
+ * Returns all matches (not just first) for comprehensive reporting.
+ * Input is truncated to MAX_SCAN_LENGTH to prevent ReDoS.
+ */
+function scanText(text, patterns) {
+    const truncated = text.length > MAX_SCAN_LENGTH;
+    const scannable = truncated ? text.slice(0, MAX_SCAN_LENGTH) : text;
+    const matches = [];
+    for (const pattern of patterns) {
+        const match = pattern.pattern.exec(scannable);
+        if (match) {
+            matches.push({
+                pattern,
+                matchedText: match[0].slice(0, 200),
+            });
+        }
+    }
+    return {
+        detected: matches.length > 0,
+        matches,
+        truncated,
+    };
+}
+//# sourceMappingURL=ai-threats.js.map

package/dist/arp/patterns/ai-threats.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"ai-threats.js","sourceRoot":"","sources":["../../../src/arp/patterns/ai-threats.ts"],"names":[],"mappings":";AAAA,qCAAqC;AACrC,qDAAqD;;;AAyOrD,4BAoBC;AA9OD,oCAAoC;AAEpC,MAAM,eAAe,GAAoB;IACvC;QACE,EAAE,EAAE,QAAQ;QACZ,QAAQ,EAAE,kBAAkB;QAC5B,WAAW,EAAE,uEAAuE;QACpF,OAAO,EAAE,8MAA8M;QACvN,QAAQ,EAAE,UAAU;KACrB;IACD;QACE,EAAE,EAAE,QAAQ;QACZ,QAAQ,EAAE,kBAAkB;QAC5B,WAAW,EAAE,kEAAkE;QAC/E,OAAO,EAAE,oNAAoN;QAC7N,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,EAAE,EAAE,QAAQ;QACZ,QAAQ,EAAE,kBAAkB;QAC5B,WAAW,EAAE,uDAAuD;QACpE,OAAO,EAAE,sFAAsF;QAC/F,QAAQ,EAAE,MAAM;KACjB;CACF,CAAC;AAEF,6BAA6B;AAE7B,MAAM,SAAS,GAAoB;IACjC;QACE,EAAE,EAAE,QAAQ;QACZ,QAAQ,EAAE,WAAW;QACrB,WAAW,EAAE,gDAAgD;QAC7D,OAAO,EAAE,qGAAqG;QAC9G,QAAQ,EAAE,UAAU;KACrB;IACD;QACE,EAAE,EAAE,QAAQ;QACZ,QAAQ,EAAE,WAAW;QACrB,WAAW,EAAE,4DAA4D;QACzE,OAAO,EAAE,mTAAmT;QAC5T,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,EAAE,EAAE,QAAQ;QACZ,QAAQ,EAAE,WAAW;QACrB,WAAW,EAAE,6EAA6E;QAC1F,OAAO,EAAE,qUAAqU;QAC9U,QAAQ,EAAE,QAAQ;KACnB;CACF,CAAC;AAEF,qDAAqD;AAErD,MAAM,gBAAgB,GAAoB;IACxC;QACE,EAAE,EAAE,QAAQ;QACZ,QAAQ,EAAE,mBAAmB;QAC7B,WAAW,EAAE,sEAAsE;QACnF,OAAO,EAAE,gVAAgV;QACzV,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,EAAE,EAAE,QAAQ;QACZ,QAAQ,EAAE,mBAAmB;QAC7B,WAAW,EAAE,mEAAmE;QAChF,OAAO,EAAE,sRAAsR;QAC/R,QAAQ,EAAE,UAAU;KACrB;IACD;QACE,EAAE,EAAE,QAAQ;QACZ,QAAQ,EAAE,mBAAmB;QAC7B,WAAW,EAAE,sDAAsD;QACnE,OAAO,EAAE,6PAA6P;QACtQ,QAAQ,EAAE,MAAM;KACjB;CACF,CAAC;AAEF,kDAAkD;AAElD,MAAM,UAAU,GAAoB;IAClC;QACE,EAAE,EAAE,QAAQ;QACZ,QAAQ,EAAE,aAAa;QACvB,WAAW,EAAE,2DAA2D;QACxE,OAAO,EAAE,kLAAkL;QAC3L,QAAQ,EAAE,UAAU;KACrB;IACD;QACE,EAAE,EAAE,QAAQ;QACZ,QAAQ,EAAE,aAAa;QACvB,WAAW,EAAE,oDAAoD;QACjE,OAAO,EAAE,0FAA0F;QACnG,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,EAAE,EAAE,QAAQ;QACZ,QAAQ,EAAE,aAAa;QACvB,WAAW,EAAE,0EAA0E;QACvF,OAAO,EAAE,6LAA6L;QACtM,QAAQ,EAAE,MAAM;KACjB;CACF,CAAC;AAEF,wCAAwC;AAExC,MAAM,mBAAmB,GAAoB;IAC3C;QACE,EAAE,EAAE,QAAQ;QACZ,QAAQ,EAAE,sBAAsB;QAChC,WAAW,EAAE,6DAA6D;QAC1E,OAAO,EAAE,6PAA6P;QACtQ,QAAQ,EAAE,QAAQ;KACnB;IACD;QACE,EAAE,EAAE,QAAQ;QACZ,QAAQ,EAAE,sBAAsB;QAChC,WAAW,EAAE,mEAAmE;QAChF,OAAO,EAAE,kOAAkO;QAC3O,QAAQ,EAAE,QAAQ;KACnB;CACF,CAAC;AAEF,oCAAoC;AAEpC,MAAM,eAAe,GAAoB;IACvC;QACE,EAAE,EAAE,SAAS;QACb,QAAQ,EAAE,kBAAkB;QAC5B,WAAW,EAAE,sCAAsC;QACnD,OAAO,EAAE,gDAAgD;QACzD,QAAQ,EAAE,UAAU;KACrB;IACD;QACE,EAAE,EAAE,SAAS;QACb,QAAQ,EAAE,kBAAkB;QAC5B,WAAW,EAAE,yCAAyC;QACtD,OAAO,EAAE,8KAA8K;QACvL,QAAQ,EAAE,UAAU;KACrB;IACD;QACE,EAAE,EAAE,SAAS;QACb,QAAQ,EAAE,kBAAkB;QAC5B,WAAW,EAAE,4BAA4B;QACzC,OAAO,EAAE,gRAAgR;QACzR,QAAQ,EAAE,UAAU;KACrB;CACF,CAAC;AAEF,8BAA8B;AAE9B,MAAM,SAAS,GAAoB;IACjC;QACE,EAAE,EAAE,SAAS;QACb,QAAQ,EAAE,YAAY;QACtB,WAAW,EAAE,wDAAwD;QACrE,OAAO,EAAE,8MAA8M;QACvN,QAAQ,EAAE,UAAU;KACrB;IACD;QACE,EAAE,EAAE,SAAS;QACb,QAAQ,EAAE,YAAY;QACtB,WAAW,EAAE,0EAA0E;QACvF,OAAO,EAAE,mSAAmS;QAC5S,QAAQ,EAAE,MAAM;KACjB;CACF,CAAC;AAEF,gCAAgC;AAEnB,QAAA,YAAY,GAAoB;IAC3C,GAAG,eAAe;IAClB,GAAG,SAAS;IACZ,GAAG,gBAAgB;IACnB,GAAG,UAAU;IACb,GAAG,mBAAmB;IACtB,GAAG,eAAe;IAClB,GAAG,SAAS;CACb,CAAC;AAEF,qDAAqD;AACxC,QAAA,YAAY,GAAG;IAC1B,eAAe;IACf,SAAS;IACT,gBAAgB;IAChB,UAAU;IACV,mBAAmB;IACnB,eAAe;IACf,SAAS;IACT,4DAA4D;IAC5D,aAAa,EAAE,CAAC,GAAG,eAAe,EAAE,GAAG,SAAS,EAAE,GAAG,gBAAgB,EAAE,GAAG,mBAAmB,CAAC;IAC9F,0DAA0D;IAC1D,cAAc,EAAE,CAAC,GAAG,UAAU,CAAC;IAC/B,8DAA8D;IAC9D,WAAW,EAAE,CAAC,GAAG,eAAe,CAAC;IACjC,8DAA8D;IAC9D,WAAW,EAAE,CAAC,GAAG,SAAS,CAAC;CACnB,CAAC;AAEX,6EAA6E;AAC7E,MAAM,eAAe,GAAG,EAAE,GAAG,IAAI,CAAC;AAalC;;;;GAIG;AACH,SAAgB,QAAQ,CAAC,IAAY,EAAE,QAAkC;IACvE,MAAM,SAAS,GAAG,IAAI,CAAC,MAAM,GAAG,eAAe,CAAC;IAChD,MAAM,SAAS,GAAG,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,eAAe,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IACpE,MAAM,OAAO,GAA0B,EAAE,CAAC;IAE1C,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,MAAM,KAAK,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAC9C,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,CAAC,IAAI,CAAC;gBACX,OAAO;gBACP,WAAW,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;aACpC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO;QACL,QAAQ,EAAE,OAAO,CAAC,MAAM,GAAG,CAAC;QAC5B,OAAO;QACP,SAAS;KACV,CAAC;AACJ,CAAC"}

package/dist/arp/proxy/forward.d.ts ADDED Viewed

@@ -0,0 +1,23 @@
+import * as http from 'http';
+/**
+ * Buffer the full request body from an IncomingMessage.
+ * Rejects with 413 if body exceeds MAX_BODY_BYTES.
+ */
+export declare function bufferBody(req: http.IncomingMessage): Promise<Buffer>;
+/**
+ * Forward an HTTP request to an upstream target and pipe the response back.
+ * Returns the upstream response and its body buffer (for inspection).
+ */
+export declare function forwardRequest(upstream: string, req: http.IncomingMessage, body: Buffer, originalPath: string): Promise<{
+    response: http.IncomingMessage;
+    body: Buffer;
+}>;
+/**
+ * Write headers and body to the client response.
+ */
+export declare function sendResponse(res: http.ServerResponse, statusCode: number, headers: http.IncomingHttpHeaders, body: Buffer): void;
+/**
+ * Send an error response as JSON.
+ */
+export declare function sendError(res: http.ServerResponse, statusCode: number, message: string): void;
+//# sourceMappingURL=forward.d.ts.map

package/dist/arp/proxy/forward.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"forward.d.ts","sourceRoot":"","sources":["../../../src/arp/proxy/forward.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAO7B;;;GAGG;AACH,wBAAgB,UAAU,CAAC,GAAG,EAAE,IAAI,CAAC,eAAe,GAAG,OAAO,CAAC,MAAM,CAAC,CAgBrE;AAED;;;GAGG;AACH,wBAAgB,cAAc,CAC5B,QAAQ,EAAE,MAAM,EAChB,GAAG,EAAE,IAAI,CAAC,eAAe,EACzB,IAAI,EAAE,MAAM,EACZ,YAAY,EAAE,MAAM,GACnB,OAAO,CAAC;IAAE,QAAQ,EAAE,IAAI,CAAC,eAAe,CAAC;IAAC,IAAI,EAAE,MAAM,CAAA;CAAE,CAAC,CA+C3D;AAsBD;;GAEG;AACH,wBAAgB,YAAY,CAC1B,GAAG,EAAE,IAAI,CAAC,cAAc,EACxB,UAAU,EAAE,MAAM,EAClB,OAAO,EAAE,IAAI,CAAC,mBAAmB,EACjC,IAAI,EAAE,MAAM,GACX,IAAI,CAQN;AAED;;GAEG;AACH,wBAAgB,SAAS,CACvB,GAAG,EAAE,IAAI,CAAC,cAAc,EACxB,UAAU,EAAE,MAAM,EAClB,OAAO,EAAE,MAAM,GACd,IAAI,CAON"}