hackmyagent 0.7.2 → 0.8.1

package/dist/hardening/shell-checks.js

@@ -0,0 +1,236 @@
+"use strict";
+/**
+ * Shell environment and history scanning checks.
+ * Scans ~/.bashrc, ~/.zshrc, ~/.profile, ~/.zshenv for exported secrets
+ * and ~/.bash_history, ~/.zsh_history for credentials in command history.
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SHELL_CREDENTIAL_PATTERNS = void 0;
+exports.checkShellEnvironment = checkShellEnvironment;
+exports.checkShellHistory = checkShellHistory;
+const fs = __importStar(require("fs/promises"));
+const path = __importStar(require("path"));
+const os = __importStar(require("os"));
+// Credential patterns to detect in shell files and LLM configs
+exports.SHELL_CREDENTIAL_PATTERNS = [
+    { name: 'ANTHROPIC_API_KEY', pattern: /sk-ant-api\d{2}-[a-zA-Z0-9_-]{20,}/ },
+    { name: 'OPENAI_API_KEY', pattern: /sk-proj-[a-zA-Z0-9]{20,}/ },
+    { name: 'OPENAI_API_KEY', pattern: /sk-[a-zA-Z0-9]{48,}/ },
+    { name: 'AWS_ACCESS_KEY', pattern: /AKIA[0-9A-Z]{16}/ },
+    { name: 'GITHUB_TOKEN', pattern: /ghp_[a-zA-Z0-9]{36}/ },
+    { name: 'GITHUB_TOKEN', pattern: /github_pat_[a-zA-Z0-9]{22}_[a-zA-Z0-9]{59}/ },
+    { name: 'SLACK_TOKEN', pattern: /xox[baprs]-[0-9]{10,13}-[0-9]{10,13}-[a-zA-Z0-9]{24}/ },
+    { name: 'GOOGLE_API_KEY', pattern: /AIza[0-9A-Za-z_-]{35}/ },
+    { name: 'STRIPE_KEY', pattern: /sk_live_[0-9a-zA-Z]{24,}/ },
+    { name: 'SENDGRID_KEY', pattern: /SG\.[a-zA-Z0-9_-]{22}\.[a-zA-Z0-9_-]{43}/ },
+    { name: 'OPENROUTER_KEY', pattern: /sk-or-v1-[a-zA-Z0-9]{48,}/ },
+    { name: 'GROQ_KEY', pattern: /gsk_[a-zA-Z0-9]{20,}/ },
+    { name: 'REPLICATE_TOKEN', pattern: /r8_[a-zA-Z0-9]{20,}/ },
+    { name: 'HUGGINGFACE_TOKEN', pattern: /hf_[a-zA-Z0-9]{20,}/ },
+];
+// Command-line patterns that indicate credentials passed as arguments
+const COMMAND_CREDENTIAL_PATTERNS = [
+    /curl\s+[^\n]*-H\s*["']Authorization:\s*Bearer\s+\S{20,}["']/i,
+    /curl\s+[^\n]*-H\s*["']x-api-key:\s*\S{20,}["']/i,
+    /--api[_-]?key[=\s]+\S{20,}/i,
+    /--token[=\s]+\S{20,}/i,
+    /--secret[=\s]+\S{20,}/i,
+    /--password[=\s]+\S{10,}/i,
+];
+const SHELL_CONFIG_FILES = ['.bashrc', '.zshrc', '.profile', '.zshenv'];
+const HISTORY_FILES = ['.bash_history', '.zsh_history'];
+const MAX_HISTORY_LINES = 10000;
+const MAX_LINE_LENGTH = 10000;
+/**
+ * Scan shell environment config files for exported secrets.
+ * Checks ~/.bashrc, ~/.zshrc, ~/.profile, ~/.zshenv
+ */
+async function checkShellEnvironment() {
+    const findings = [];
+    const homeDir = os.homedir();
+    for (const configFile of SHELL_CONFIG_FILES) {
+        const filePath = path.join(homeDir, configFile);
+        let content;
+        try {
+            content = await fs.readFile(filePath, 'utf-8');
+        }
+        catch {
+            continue; // File doesn't exist, skip
+        }
+        const lines = content.split('\n');
+        for (let i = 0; i < lines.length; i++) {
+            const line = lines[i];
+            // Skip empty lines and lines over max length
+            if (!line || line.length > MAX_LINE_LENGTH)
+                continue;
+            // Skip comment lines
+            if (/^\s*#/.test(line))
+                continue;
+            // Skip env var references (${VAR} or $VAR without a literal value)
+            if (/\$\{[A-Z_]+\}/.test(line) || /\$[A-Z_]+/.test(line)) {
+                // But only skip if there's no literal credential pattern
+                let hasCredential = false;
+                for (const { pattern } of exports.SHELL_CREDENTIAL_PATTERNS) {
+                    if (pattern.test(line)) {
+                        hasCredential = true;
+                        break;
+                    }
+                }
+                if (!hasCredential)
+                    continue;
+            }
+            for (const { name, pattern } of exports.SHELL_CREDENTIAL_PATTERNS) {
+                if (pattern.test(line)) {
+                    const checkId = getShellCheckId(name);
+                    findings.push({
+                        checkId,
+                        name: `Exposed ${name} in shell config`,
+                        description: `Found ${name} hardcoded in ~/${configFile}. Credentials in shell config files are loaded into every terminal session and may be captured by AI coding assistants.`,
+                        category: 'credential-exposure',
+                        severity: 'critical',
+                        passed: false,
+                        message: `~/${configFile}:${i + 1} contains ${name}`,
+                        fixable: false,
+                        file: `~/${configFile}`,
+                        line: i + 1,
+                        fix: 'Move credentials to a secret manager. Run: npx secretless-ai doctor',
+                    });
+                    break; // One finding per line
+                }
+            }
+        }
+    }
+    return findings;
+}
+/**
+ * Scan shell history files for credentials.
+ * Checks ~/.bash_history, ~/.zsh_history (last 10K lines)
+ */
+async function checkShellHistory() {
+    const findings = [];
+    const homeDir = os.homedir();
+    for (const histFile of HISTORY_FILES) {
+        const filePath = path.join(homeDir, histFile);
+        let content;
+        try {
+            content = await fs.readFile(filePath, 'utf-8');
+        }
+        catch {
+            continue; // File doesn't exist, skip
+        }
+        const allLines = content.split('\n');
+        // Only scan last MAX_HISTORY_LINES
+        const startIdx = Math.max(0, allLines.length - MAX_HISTORY_LINES);
+        const lines = allLines.slice(startIdx);
+        for (let i = 0; i < lines.length; i++) {
+            let line = lines[i];
+            // Skip empty lines and lines over max length
+            if (!line || line.length > MAX_LINE_LENGTH)
+                continue;
+            // Strip zsh extended history timestamp prefix: `: 1234567890:0;actual command`
+            const zshMatch = line.match(/^:\s*\d+:\d+;(.*)$/);
+            if (zshMatch) {
+                line = zshMatch[1];
+            }
+            const lineNum = startIdx + i + 1;
+            let foundOnLine = false;
+            // Check credential patterns in history (SHELLHIST-001/002)
+            for (const { name, pattern } of exports.SHELL_CREDENTIAL_PATTERNS) {
+                if (pattern.test(line)) {
+                    findings.push({
+                        checkId: getHistoryCheckId(name),
+                        name: 'Credential in shell history',
+                        description: `Found ${name} in ~/${histFile}. Credentials pasted into terminal are stored in history and accessible to any process running as your user.`,
+                        category: 'credential-exposure',
+                        severity: 'high',
+                        passed: false,
+                        message: `~/${histFile}:${lineNum} contains ${name}`,
+                        fixable: false,
+                        file: `~/${histFile}`,
+                        line: lineNum,
+                        fix: 'Clear history entry and use a secret manager. Run: npx secretless-ai scan-history',
+                    });
+                    foundOnLine = true;
+                    break;
+                }
+            }
+            // Check command-line credential patterns (SHELLHIST-003)
+            // Only if we haven't already found a credential pattern on this line
+            if (!foundOnLine) {
+                for (const pattern of COMMAND_CREDENTIAL_PATTERNS) {
+                    if (pattern.test(line)) {
+                        findings.push({
+                            checkId: 'SHELLHIST-003',
+                            name: 'Credential in command arguments',
+                            description: `Found credential passed as command argument in ~/${histFile}. Command-line arguments are visible in process listings and stored in history.`,
+                            category: 'credential-exposure',
+                            severity: 'high',
+                            passed: false,
+                            message: `~/${histFile}:${lineNum} contains credential in command`,
+                            fixable: false,
+                            file: `~/${histFile}`,
+                            line: lineNum,
+                            fix: 'Use environment variables instead of command-line arguments for credentials.',
+                        });
+                        break;
+                    }
+                }
+            }
+        }
+    }
+    return findings;
+}
+function getShellCheckId(credName) {
+    switch (credName) {
+        case 'ANTHROPIC_API_KEY': return 'SHELL-001';
+        case 'OPENAI_API_KEY': return 'SHELL-002';
+        case 'AWS_ACCESS_KEY': return 'SHELL-003';
+        default: return 'SHELL-004';
+    }
+}
+function getHistoryCheckId(credName) {
+    switch (credName) {
+        case 'ANTHROPIC_API_KEY':
+        case 'OPENAI_API_KEY':
+            return 'SHELLHIST-001';
+        case 'AWS_ACCESS_KEY':
+        case 'GITHUB_TOKEN':
+            return 'SHELLHIST-002';
+        default:
+            return 'SHELLHIST-001';
+    }
+}
+//# sourceMappingURL=shell-checks.js.map

package/dist/hardening/shell-checks.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"shell-checks.js","sourceRoot":"","sources":["../../src/hardening/shell-checks.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA4CH,sDA4DC;AAMD,8CAiFC;AA7LD,gDAAkC;AAClC,2CAA6B;AAC7B,uCAAyB;AAGzB,+DAA+D;AAClD,QAAA,yBAAyB,GAAG;IACvC,EAAE,IAAI,EAAE,mBAAmB,EAAE,OAAO,EAAE,oCAAoC,EAAE;IAC5E,EAAE,IAAI,EAAE,gBAAgB,EAAE,OAAO,EAAE,0BAA0B,EAAE;IAC/D,EAAE,IAAI,EAAE,gBAAgB,EAAE,OAAO,EAAE,qBAAqB,EAAE;IAC1D,EAAE,IAAI,EAAE,gBAAgB,EAAE,OAAO,EAAE,kBAAkB,EAAE;IACvD,EAAE,IAAI,EAAE,cAAc,EAAE,OAAO,EAAE,qBAAqB,EAAE;IACxD,EAAE,IAAI,EAAE,cAAc,EAAE,OAAO,EAAE,4CAA4C,EAAE;IAC/E,EAAE,IAAI,EAAE,aAAa,EAAE,OAAO,EAAE,sDAAsD,EAAE;IACxF,EAAE,IAAI,EAAE,gBAAgB,EAAE,OAAO,EAAE,uBAAuB,EAAE;IAC5D,EAAE,IAAI,EAAE,YAAY,EAAE,OAAO,EAAE,0BAA0B,EAAE;IAC3D,EAAE,IAAI,EAAE,cAAc,EAAE,OAAO,EAAE,0CAA0C,EAAE;IAC7E,EAAE,IAAI,EAAE,gBAAgB,EAAE,OAAO,EAAE,2BAA2B,EAAE;IAChE,EAAE,IAAI,EAAE,UAAU,EAAE,OAAO,EAAE,sBAAsB,EAAE;IACrD,EAAE,IAAI,EAAE,iBAAiB,EAAE,OAAO,EAAE,qBAAqB,EAAE;IAC3D,EAAE,IAAI,EAAE,mBAAmB,EAAE,OAAO,EAAE,qBAAqB,EAAE;CAC9D,CAAC;AAEF,sEAAsE;AACtE,MAAM,2BAA2B,GAAG;IAClC,8DAA8D;IAC9D,iDAAiD;IACjD,6BAA6B;IAC7B,uBAAuB;IACvB,wBAAwB;IACxB,0BAA0B;CAC3B,CAAC;AAEF,MAAM,kBAAkB,GAAG,CAAC,SAAS,EAAE,QAAQ,EAAE,UAAU,EAAE,SAAS,CAAC,CAAC;AACxE,MAAM,aAAa,GAAG,CAAC,eAAe,EAAE,cAAc,CAAC,CAAC;AACxD,MAAM,iBAAiB,GAAG,KAAM,CAAC;AACjC,MAAM,eAAe,GAAG,KAAM,CAAC;AAE/B;;;GAGG;AACI,KAAK,UAAU,qBAAqB;IACzC,MAAM,QAAQ,GAAsB,EAAE,CAAC;IACvC,MAAM,OAAO,GAAG,EAAE,CAAC,OAAO,EAAE,CAAC;IAE7B,KAAK,MAAM,UAAU,IAAI,kBAAkB,EAAE,CAAC;QAC5C,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;QAEhD,IAAI,OAAe,CAAC;QACpB,IAAI,CAAC;YACH,OAAO,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QACjD,CAAC;QAAC,MAAM,CAAC;YACP,SAAS,CAAC,2BAA2B;QACvC,CAAC;QAED,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAClC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YAEtB,6CAA6C;YAC7C,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,MAAM,GAAG,eAAe;gBAAE,SAAS;YAErD,qBAAqB;YACrB,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC;gBAAE,SAAS;YAEjC,mEAAmE;YACnE,IAAI,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBACzD,yDAAyD;gBACzD,IAAI,aAAa,GAAG,KAAK,CAAC;gBAC1B,KAAK,MAAM,EAAE,OAAO,EAAE,IAAI,iCAAyB,EAAE,CAAC;oBACpD,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;wBACvB,aAAa,GAAG,IAAI,CAAC;wBACrB,MAAM;oBACR,CAAC;gBACH,CAAC;gBACD,IAAI,CAAC,aAAa;oBAAE,SAAS;YAC/B,CAAC;YAED,KAAK,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,iCAAyB,EAAE,CAAC;gBAC1D,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;oBACvB,MAAM,OAAO,GAAG,eAAe,CAAC,IAAI,CAAC,CAAC;oBACtC,QAAQ,CAAC,IAAI,CAAC;wBACZ,OAAO;wBACP,IAAI,EAAE,WAAW,IAAI,kBAAkB;wBACvC,WAAW,EAAE,SAAS,IAAI,mBAAmB,UAAU,yHAAyH;wBAChL,QAAQ,EAAE,qBAAqB;wBAC/B,QAAQ,EAAE,UAAsB;wBAChC,MAAM,EAAE,KAAK;wBACb,OAAO,EAAE,KAAK,UAAU,IAAI,CAAC,GAAG,CAAC,aAAa,IAAI,EAAE;wBACpD,OAAO,EAAE,KAAK;wBACd,IAAI,EAAE,KAAK,UAAU,EAAE;wBACvB,IAAI,EAAE,CAAC,GAAG,CAAC;wBACX,GAAG,EAAE,qEAAqE;qBAC3E,CAAC,CAAC;oBACH,MAAM,CAAC,uBAAuB;gBAChC,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;;GAGG;AACI,KAAK,UAAU,iBAAiB;IACrC,MAAM,QAAQ,GAAsB,EAAE,CAAC;IACvC,MAAM,OAAO,GAAG,EAAE,CAAC,OAAO,EAAE,CAAC;IAE7B,KAAK,MAAM,QAAQ,IAAI,aAAa,EAAE,CAAC;QACrC,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;QAE9C,IAAI,OAAe,CAAC;QACpB,IAAI,CAAC;YACH,OAAO,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QACjD,CAAC;QAAC,MAAM,CAAC;YACP,SAAS,CAAC,2BAA2B;QACvC,CAAC;QAED,MAAM,QAAQ,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QACrC,mCAAmC;QACnC,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,QAAQ,CAAC,MAAM,GAAG,iBAAiB,CAAC,CAAC;QAClE,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;QAEvC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACtC,IAAI,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YAEpB,6CAA6C;YAC7C,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,MAAM,GAAG,eAAe;gBAAE,SAAS;YAErD,+EAA+E;YAC/E,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAC;YAClD,IAAI,QAAQ,EAAE,CAAC;gBACb,IAAI,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;YACrB,CAAC;YAED,MAAM,OAAO,GAAG,QAAQ,GAAG,CAAC,GAAG,CAAC,CAAC;YACjC,IAAI,WAAW,GAAG,KAAK,CAAC;YAExB,2DAA2D;YAC3D,KAAK,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,iCAAyB,EAAE,CAAC;gBAC1D,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;oBACvB,QAAQ,CAAC,IAAI,CAAC;wBACZ,OAAO,EAAE,iBAAiB,CAAC,IAAI,CAAC;wBAChC,IAAI,EAAE,6BAA6B;wBACnC,WAAW,EAAE,SAAS,IAAI,SAAS,QAAQ,8GAA8G;wBACzJ,QAAQ,EAAE,qBAAqB;wBAC/B,QAAQ,EAAE,MAAkB;wBAC5B,MAAM,EAAE,KAAK;wBACb,OAAO,EAAE,KAAK,QAAQ,IAAI,OAAO,aAAa,IAAI,EAAE;wBACpD,OAAO,EAAE,KAAK;wBACd,IAAI,EAAE,KAAK,QAAQ,EAAE;wBACrB,IAAI,EAAE,OAAO;wBACb,GAAG,EAAE,mFAAmF;qBACzF,CAAC,CAAC;oBACH,WAAW,GAAG,IAAI,CAAC;oBACnB,MAAM;gBACR,CAAC;YACH,CAAC;YAED,yDAAyD;YACzD,qEAAqE;YACrE,IAAI,CAAC,WAAW,EAAE,CAAC;gBACjB,KAAK,MAAM,OAAO,IAAI,2BAA2B,EAAE,CAAC;oBAClD,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;wBACvB,QAAQ,CAAC,IAAI,CAAC;4BACZ,OAAO,EAAE,eAAe;4BACxB,IAAI,EAAE,iCAAiC;4BACvC,WAAW,EAAE,oDAAoD,QAAQ,iFAAiF;4BAC1J,QAAQ,EAAE,qBAAqB;4BAC/B,QAAQ,EAAE,MAAkB;4BAC5B,MAAM,EAAE,KAAK;4BACb,OAAO,EAAE,KAAK,QAAQ,IAAI,OAAO,iCAAiC;4BAClE,OAAO,EAAE,KAAK;4BACd,IAAI,EAAE,KAAK,QAAQ,EAAE;4BACrB,IAAI,EAAE,OAAO;4BACb,GAAG,EAAE,8EAA8E;yBACpF,CAAC,CAAC;wBACH,MAAM;oBACR,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAS,eAAe,CAAC,QAAgB;IACvC,QAAQ,QAAQ,EAAE,CAAC;QACjB,KAAK,mBAAmB,CAAC,CAAC,OAAO,WAAW,CAAC;QAC7C,KAAK,gBAAgB,CAAC,CAAC,OAAO,WAAW,CAAC;QAC1C,KAAK,gBAAgB,CAAC,CAAC,OAAO,WAAW,CAAC;QAC1C,OAAO,CAAC,CAAC,OAAO,WAAW,CAAC;IAC9B,CAAC;AACH,CAAC;AAED,SAAS,iBAAiB,CAAC,QAAgB;IACzC,QAAQ,QAAQ,EAAE,CAAC;QACjB,KAAK,mBAAmB,CAAC;QACzB,KAAK,gBAAgB;YACnB,OAAO,eAAe,CAAC;QACzB,KAAK,gBAAgB,CAAC;QACtB,KAAK,cAAc;YACjB,OAAO,eAAe,CAAC;QACzB;YACE,OAAO,eAAe,CAAC;IAC3B,CAAC;AACH,CAAC"}

package/dist/index.d.ts

@@ -1,7 +1,41 @@
-#!/usr/bin/env node
 /**
- * HackMyAgent CLI
- * Find it. Break it. Fix it.
+ * hackmyagent — Find it. Break it. Fix it.
+ * Unified security toolkit for AI agents.
  */
-export {};
+export declare const VERSION = "0.8.0";
+export { checkSkill, parseSkillIdentifier, analyzePermissions, } from './checker';
+export type { CheckResult, CheckOptions, PublisherInfo, PermissionInfo, RevocationInfo, RiskLevel, SkillIdentifier, PermissionAnalysis, } from './checker';
+export { HardeningScanner } from './hardening';
+export type { ScanOptions, SecurityFinding, Severity } from './hardening';
+export { ExternalScanner } from './scanner';
+export type { ExternalScanResult, ExternalFinding, ScannerOptions, FindingSeverity, } from './scanner';
+export { AttackScanner } from './attack';
+export { ATTACK_CATEGORIES, ALL_PAYLOADS, PAYLOAD_STATS, getPayloads, getPayloadById, getPayloadsByCategory, getPayloadsByIntensity, parseCustomPayloads, shouldFail, MCP_EXPLOITATION_PAYLOADS, A2A_ATTACK_PAYLOADS, } from './attack';
+export type { AttackCategory, AttackIntensity, AttackSeverity, AttackPayload, AttackResult, AttackReport, AttackTarget, AttackOptions, CustomPayloadInput, CustomPayloadFile, FailPolicy, } from './attack';
+export { OASB_1_CATEGORIES, OASB_1_VERSION, OASB_1_NAME, getControlsForLevel, getControlsForCategory, getCheckIdsForLevel, calculateRating, AVAILABLE_BENCHMARKS, isValidBenchmark, } from './benchmarks';
+export type { BenchmarkLevel, BenchmarkControl, BenchmarkCategory, BenchmarkResult, BenchmarkCategoryResult, BenchmarkControlResult, BenchmarkName, } from './benchmarks';
+export { RegistryClient, buildScanReport, buildAttackReport, buildCommunityReport, buildCommunityAttackReport, } from './registry';
+export type { RegistryConfig, RegistryPackage, ScanReportPayload, CommunityScanPayload, } from './registry';
+export { StructuralAnalyzer, CredentialContextAnalyzer, McpConfigAnalyzer, InstructionAnalyzer, PermissionModelAnalyzer, LLMAnalyzer, AnthropicClient, LLMCache, BudgetTracker, toSecurityFinding, toSecurityFindings, SEMANTIC_OASB_MAPPINGS, CostEstimator, buildDeepScanResult, } from './semantic';
+export { registerPlugin, getPlugin, listPlugins, clearRegistry, } from './plugins/core';
+export type { OpenA2APlugin, PluginMetadata, Finding as PluginFinding, Remediation, FixOptions, PluginStatus, PluginInitOptions, } from './plugins/core';
+export { createPlugin as createCredVaultPlugin } from './plugins/credvault';
+export { createPlugin as createSigncryptPlugin } from './plugins/signcrypt';
+export { createPlugin as createSkillguardPlugin } from './plugins/skillguard';
+export { AgentRuntimeProtection } from './arp';
+export interface ScanResult {
+    target: string;
+    findings: LegacyFinding[];
+    timestamp: Date;
+}
+export interface LegacyFinding {
+    id: string;
+    severity: 'low' | 'medium' | 'high' | 'critical';
+    title: string;
+    description: string;
+}
+export declare function createScanner(): Scanner;
+export declare class Scanner {
+    scan(target: string): Promise<ScanResult>;
+}
 //# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AACA;;;GAGG"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,eAAO,MAAM,OAAO,UAAU,CAAC;AAG/B,OAAO,EACL,UAAU,EACV,oBAAoB,EACpB,kBAAkB,GACnB,MAAM,WAAW,CAAC;AAEnB,YAAY,EACV,WAAW,EACX,YAAY,EACZ,aAAa,EACb,cAAc,EACd,cAAc,EACd,SAAS,EACT,eAAe,EACf,kBAAkB,GACnB,MAAM,WAAW,CAAC;AAGnB,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAC/C,YAAY,EAAE,WAAW,EAAE,eAAe,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AAG1E,OAAO,EAAE,eAAe,EAAE,MAAM,WAAW,CAAC;AAC5C,YAAY,EACV,kBAAkB,EAClB,eAAe,EACf,cAAc,EACd,eAAe,GAChB,MAAM,WAAW,CAAC;AAGnB,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAEzC,OAAO,EACL,iBAAiB,EACjB,YAAY,EACZ,aAAa,EACb,WAAW,EACX,cAAc,EACd,qBAAqB,EACrB,sBAAsB,EACtB,mBAAmB,EACnB,UAAU,EACV,yBAAyB,EACzB,mBAAmB,GACpB,MAAM,UAAU,CAAC;AAElB,YAAY,EACV,cAAc,EACd,eAAe,EACf,cAAc,EACd,aAAa,EACb,YAAY,EACZ,YAAY,EACZ,YAAY,EACZ,aAAa,EACb,kBAAkB,EAClB,iBAAiB,EACjB,UAAU,GACX,MAAM,UAAU,CAAC;AAGlB,OAAO,EACL,iBAAiB,EACjB,cAAc,EACd,WAAW,EACX,mBAAmB,EACnB,sBAAsB,EACtB,mBAAmB,EACnB,eAAe,EACf,oBAAoB,EACpB,gBAAgB,GACjB,MAAM,cAAc,CAAC;AAEtB,YAAY,EACV,cAAc,EACd,gBAAgB,EAChB,iBAAiB,EACjB,eAAe,EACf,uBAAuB,EACvB,sBAAsB,EACtB,aAAa,GACd,MAAM,cAAc,CAAC;AAGtB,OAAO,EACL,cAAc,EACd,eAAe,EACf,iBAAiB,EACjB,oBAAoB,EACpB,0BAA0B,GAC3B,MAAM,YAAY,CAAC;AAEpB,YAAY,EACV,cAAc,EACd,eAAe,EACf,iBAAiB,EACjB,oBAAoB,GACrB,MAAM,YAAY,CAAC;AAGpB,OAAO,EACL,kBAAkB,EAClB,yBAAyB,EACzB,iBAAiB,EACjB,mBAAmB,EACnB,uBAAuB,EACvB,WAAW,EACX,eAAe,EACf,QAAQ,EACR,aAAa,EACb,iBAAiB,EACjB,kBAAkB,EAClB,sBAAsB,EACtB,aAAa,EACb,mBAAmB,GACpB,MAAM,YAAY,CAAC;AAGpB,OAAO,EACL,cAAc,EACd,SAAS,EACT,WAAW,EACX,aAAa,GACd,MAAM,gBAAgB,CAAC;AAExB,YAAY,EACV,aAAa,EACb,cAAc,EACd,OAAO,IAAI,aAAa,EACxB,WAAW,EACX,UAAU,EACV,YAAY,EACZ,iBAAiB,GAClB,MAAM,gBAAgB,CAAC;AAGxB,OAAO,EAAE,YAAY,IAAI,qBAAqB,EAAE,MAAM,qBAAqB,CAAC;AAC5E,OAAO,EAAE,YAAY,IAAI,qBAAqB,EAAE,MAAM,qBAAqB,CAAC;AAC5E,OAAO,EAAE,YAAY,IAAI,sBAAsB,EAAE,MAAM,sBAAsB,CAAC;AAG9E,OAAO,EAAE,sBAAsB,EAAE,MAAM,OAAO,CAAC;AAG/C,MAAM,WAAW,UAAU;IACzB,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,aAAa,EAAE,CAAC;IAC1B,SAAS,EAAE,IAAI,CAAC;CACjB;AAED,MAAM,WAAW,aAAa;IAC5B,EAAE,EAAE,MAAM,CAAC;IACX,QAAQ,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;IACjD,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,wBAAgB,aAAa,IAAI,OAAO,CAEvC;AAED,qBAAa,OAAO;IACZ,IAAI,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC;CAOhD"}