hackmyagent 0.7.2 → 0.8.1

package/dist/plugins/skillguard.js

@@ -0,0 +1,346 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SkillGuardPlugin = exports.metadata = exports.VERSION = void 0;
+exports.createPlugin = createPlugin;
+exports.VERSION = '0.1.0';
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+const crypto = __importStar(require("crypto"));
+// --- Constants ---
+const GUARD_DIR = '.opena2a/skillguard';
+const PINS_FILE = 'pins.json';
+const MAX_SCAN_DEPTH = 5;
+const DANGER_PATTERNS = [
+    {
+        findingId: 'SKILL-002',
+        title: 'Remote fetch pattern',
+        description: 'Skill contains remote code execution patterns (curl|sh, wget|sh). This could download and execute malicious code.',
+        severity: 'critical',
+        patterns: [
+            /curl\s.*\|\s*(?:sh|bash|sudo)/i,
+            /wget\s.*\|\s*(?:sh|bash|sudo)/i,
+            /fetch\s*\(.*\)\s*\.then.*eval/i,
+        ],
+    },
+    {
+        findingId: 'SKILL-004',
+        title: 'Filesystem write outside sandbox',
+        description: 'Skill has unrestricted filesystem write access. Restrict to specific directories.',
+        severity: 'high',
+        patterns: [
+            /filesystem:\*/,
+            /filesystem:~\/\*/,
+            /filesystem:\//,
+        ],
+    },
+    {
+        findingId: 'SKILL-005',
+        title: 'Credential file access',
+        description: 'Skill accesses sensitive credential directories (~/.ssh, ~/.aws, etc.).',
+        severity: 'critical',
+        patterns: [
+            /~\/\.ssh/,
+            /~\/\.aws/,
+            /~\/\.config\/solana/,
+            /~\/\.config\/gcloud/,
+            /~\/\.kube/,
+            /~\/\.gnupg/,
+            /keychain/i,
+            /wallet\.json/i,
+            /seed\s*phrase/i,
+            /private\s*key/i,
+            /credentials\.json/i,
+        ],
+    },
+    {
+        findingId: 'SKILL-006',
+        title: 'Data exfiltration pattern',
+        description: 'Skill contains patterns associated with data exfiltration (webhook.site, requestbin, etc.).',
+        severity: 'critical',
+        patterns: [
+            /webhook\.site/i,
+            /requestbin/i,
+            /ngrok\.io/i,
+            /curl\s.*(?:-d|--data|-X\s*POST)/i,
+        ],
+    },
+    {
+        findingId: 'SKILL-008',
+        title: 'Reverse shell pattern',
+        description: 'Skill contains reverse shell patterns. This is a strong indicator of malicious intent.',
+        severity: 'critical',
+        patterns: [
+            /netcat\s.*-e/i,
+            /bash\s+-i\s+/i,
+            /\/dev\/tcp\//,
+            /\/dev\/udp\//,
+        ],
+    },
+];
+// --- Scan helpers ---
+function findSkillFiles(dir, depth = 0) {
+    if (depth > MAX_SCAN_DEPTH)
+        return [];
+    const results = [];
+    try {
+        const entries = fs.readdirSync(dir, { withFileTypes: true });
+        for (const entry of entries) {
+            if (entry.name === 'node_modules' || entry.name === '.git')
+                continue;
+            const fullPath = path.join(dir, entry.name);
+            if (entry.isDirectory()) {
+                results.push(...findSkillFiles(fullPath, depth + 1));
+            }
+            else if (entry.name === 'SKILL.md' || entry.name.endsWith('.skill.md')) {
+                results.push(fullPath);
+            }
+        }
+    }
+    catch {
+        // Not readable
+    }
+    return results;
+}
+function computeHash(filePath) {
+    const content = fs.readFileSync(filePath);
+    return crypto.createHash('sha256').update(content).digest('hex');
+}
+function loadPins(agentDir) {
+    const pinsPath = path.join(agentDir, GUARD_DIR, PINS_FILE);
+    if (!fs.existsSync(pinsPath))
+        return [];
+    try {
+        return JSON.parse(fs.readFileSync(pinsPath, 'utf-8'));
+    }
+    catch {
+        return [];
+    }
+}
+function savePins(agentDir, pins) {
+    const guardDir = path.join(agentDir, GUARD_DIR);
+    fs.mkdirSync(guardDir, { recursive: true });
+    fs.writeFileSync(path.join(guardDir, PINS_FILE), JSON.stringify(pins, null, 2), 'utf-8');
+}
+function scanForDangerousPatterns(filePath, agentDir) {
+    const findings = [];
+    let content;
+    try {
+        content = fs.readFileSync(filePath, 'utf-8');
+    }
+    catch {
+        return findings;
+    }
+    const relativePath = path.relative(agentDir, filePath);
+    for (const danger of DANGER_PATTERNS) {
+        for (const pattern of danger.patterns) {
+            if (pattern.test(content)) {
+                findings.push({
+                    id: danger.findingId,
+                    title: danger.title,
+                    description: `${relativePath}: ${danger.description}`,
+                    severity: danger.severity,
+                    filePath: relativePath,
+                    autoFixable: false, // Dangerous patterns require manual review
+                });
+                break; // One finding per danger category per file
+            }
+        }
+    }
+    return findings;
+}
+function scanForTampering(agentDir) {
+    const findings = [];
+    const pins = loadPins(agentDir);
+    for (const pin of pins) {
+        const fullPath = path.join(agentDir, pin.filePath);
+        if (!fs.existsSync(fullPath)) {
+            findings.push({
+                id: 'SKILL-TAMPER',
+                title: 'Pinned skill file missing',
+                description: `${pin.filePath} was pinned but no longer exists. It may have been deleted or moved.`,
+                severity: 'high',
+                filePath: pin.filePath,
+                autoFixable: false,
+            });
+            continue;
+        }
+        const currentHash = computeHash(fullPath);
+        if (currentHash !== pin.hash) {
+            findings.push({
+                id: 'SKILL-TAMPER',
+                title: 'Skill file tampered',
+                description: `${pin.filePath} hash does not match pinned value. File was modified after pinning.`,
+                severity: 'critical',
+                filePath: pin.filePath,
+                autoFixable: false,
+            });
+        }
+    }
+    return findings;
+}
+function scanForUnpinnedSkills(agentDir) {
+    const findings = [];
+    const pins = loadPins(agentDir);
+    const pinnedPaths = new Set(pins.map((p) => p.filePath));
+    const skillFiles = findSkillFiles(agentDir);
+    for (const file of skillFiles) {
+        const relativePath = path.relative(agentDir, file);
+        if (!pinnedPaths.has(relativePath)) {
+            findings.push({
+                id: 'SKILL-UNPIN',
+                title: 'Unpinned skill',
+                description: `${relativePath} has no integrity pin. Pin with SHA-256 hash to detect tampering.`,
+                severity: 'medium',
+                filePath: relativePath,
+                autoFixable: true,
+            });
+        }
+    }
+    return findings;
+}
+// --- Plugin Implementation ---
+exports.metadata = {
+    packageName: 'hackmyagent',
+    displayName: 'SkillGuard',
+    description: 'Skill integrity — hash pinning, tamper detection, dangerous pattern scanning',
+    version: exports.VERSION,
+    findings: ['SKILL-002', 'SKILL-004', 'SKILL-005', 'SKILL-006', 'SKILL-008', 'SKILL-UNPIN', 'SKILL-TAMPER'],
+    scoreImprovement: 12,
+};
+class SkillGuardPlugin {
+    constructor() {
+        this.metadata = exports.metadata;
+        this.config = {};
+    }
+    async init(options) {
+        this.aimCore = options?.aimCore;
+        this.config = options?.config ?? {};
+    }
+    async scan(agentDir) {
+        const findings = [];
+        // Check for dangerous patterns in skill files
+        const skillFiles = findSkillFiles(agentDir);
+        for (const file of skillFiles) {
+            findings.push(...scanForDangerousPatterns(file, agentDir));
+        }
+        // Check for unpinned skills
+        findings.push(...scanForUnpinnedSkills(agentDir));
+        // Check for tampered skills (hash mismatch)
+        findings.push(...scanForTampering(agentDir));
+        if (this.aimCore) {
+            this.aimCore.logEvent({
+                plugin: 'skillguard',
+                action: 'scan.complete',
+                target: agentDir,
+                result: findings.length > 0 ? 'denied' : 'allowed',
+                metadata: { findingsCount: findings.length, skillsScanned: skillFiles.length },
+            });
+        }
+        return findings;
+    }
+    async fix(agentDir, options) {
+        const remediations = [];
+        const findings = await this.scan(agentDir);
+        if (options?.dryRun) {
+            return findings
+                .filter((f) => f.autoFixable)
+                .map((f) => ({
+                findingId: f.id,
+                description: `Would pin: ${f.filePath}`,
+                filesModified: f.filePath ? [f.filePath] : [],
+                rollbackAvailable: true,
+            }));
+        }
+        // Fix: Pin all unpinned skills
+        const unpinned = findings.filter((f) => f.id === 'SKILL-UNPIN');
+        if (unpinned.length > 0) {
+            const pins = loadPins(agentDir);
+            for (const finding of unpinned) {
+                if (!finding.filePath)
+                    continue;
+                const fullPath = path.join(agentDir, finding.filePath);
+                if (!fs.existsSync(fullPath))
+                    continue;
+                const hash = computeHash(fullPath);
+                const skillName = path.basename(finding.filePath, '.skill.md')
+                    .replace('.md', '');
+                pins.push({
+                    skillName,
+                    hash,
+                    pinnedAt: new Date().toISOString(),
+                    filePath: finding.filePath,
+                });
+            }
+            savePins(agentDir, pins);
+            remediations.push({
+                findingId: 'SKILL-UNPIN',
+                description: `Pinned ${unpinned.length} skill file(s) with SHA-256 hashes`,
+                filesModified: [path.join(GUARD_DIR, PINS_FILE)],
+                rollbackAvailable: true,
+            });
+        }
+        if (this.aimCore && remediations.length > 0) {
+            this.aimCore.logEvent({
+                plugin: 'skillguard',
+                action: 'fix.applied',
+                target: agentDir,
+                result: 'allowed',
+                metadata: { pinnedSkills: unpinned.length },
+            });
+            this.aimCore.setTrustHints({ skillsVerified: true });
+        }
+        return remediations;
+    }
+    async status() {
+        return {
+            name: exports.metadata.displayName,
+            version: exports.metadata.version,
+            active: false,
+            findingsCount: 0,
+        };
+    }
+    async uninstall(agentDir) {
+        const guardDir = path.join(agentDir, GUARD_DIR);
+        if (fs.existsSync(guardDir)) {
+            fs.rmSync(guardDir, { recursive: true, force: true });
+        }
+    }
+}
+exports.SkillGuardPlugin = SkillGuardPlugin;
+function createPlugin() {
+    return new SkillGuardPlugin();
+}
+//# sourceMappingURL=skillguard.js.map

package/dist/plugins/skillguard.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"skillguard.js","sourceRoot":"","sources":["../../src/plugins/skillguard.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA6XA,oCAEC;AA/XY,QAAA,OAAO,GAAG,OAAO,CAAC;AAY/B,uCAAyB;AACzB,2CAA6B;AAC7B,+CAAiC;AAgBjC,oBAAoB;AAEpB,MAAM,SAAS,GAAG,qBAAqB,CAAC;AACxC,MAAM,SAAS,GAAG,WAAW,CAAC;AAC9B,MAAM,cAAc,GAAG,CAAC,CAAC;AAYzB,MAAM,eAAe,GAAoB;IACvC;QACE,SAAS,EAAE,WAAW;QACtB,KAAK,EAAE,sBAAsB;QAC7B,WAAW,EAAE,mHAAmH;QAChI,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE;YACR,gCAAgC;YAChC,gCAAgC;YAChC,gCAAgC;SACjC;KACF;IACD;QACE,SAAS,EAAE,WAAW;QACtB,KAAK,EAAE,kCAAkC;QACzC,WAAW,EAAE,mFAAmF;QAChG,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE;YACR,eAAe;YACf,kBAAkB;YAClB,eAAe;SAChB;KACF;IACD;QACE,SAAS,EAAE,WAAW;QACtB,KAAK,EAAE,wBAAwB;QAC/B,WAAW,EAAE,yEAAyE;QACtF,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE;YACR,UAAU;YACV,UAAU;YACV,qBAAqB;YACrB,qBAAqB;YACrB,WAAW;YACX,YAAY;YACZ,WAAW;YACX,eAAe;YACf,gBAAgB;YAChB,gBAAgB;YAChB,oBAAoB;SACrB;KACF;IACD;QACE,SAAS,EAAE,WAAW;QACtB,KAAK,EAAE,2BAA2B;QAClC,WAAW,EAAE,6FAA6F;QAC1G,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE;YACR,gBAAgB;YAChB,aAAa;YACb,YAAY;YACZ,kCAAkC;SACnC;KACF;IACD;QACE,SAAS,EAAE,WAAW;QACtB,KAAK,EAAE,uBAAuB;QAC9B,WAAW,EAAE,wFAAwF;QACrG,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE;YACR,eAAe;YACf,eAAe;YACf,cAAc;YACd,cAAc;SACf;KACF;CACF,CAAC;AAEF,uBAAuB;AAEvB,SAAS,cAAc,CAAC,GAAW,EAAE,QAAgB,CAAC;IACpD,IAAI,KAAK,GAAG,cAAc;QAAE,OAAO,EAAE,CAAC;IAEtC,MAAM,OAAO,GAAa,EAAE,CAAC;IAC7B,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,EAAE,CAAC,WAAW,CAAC,GAAG,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;QAC7D,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;YAC5B,IAAI,KAAK,CAAC,IAAI,KAAK,cAAc,IAAI,KAAK,CAAC,IAAI,KAAK,MAAM;gBAAE,SAAS;YAErE,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;YAC5C,IAAI,KAAK,CAAC,WAAW,EAAE,EAAE,CAAC;gBACxB,OAAO,CAAC,IAAI,CAAC,GAAG,cAAc,CAAC,QAAQ,EAAE,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC;YACvD,CAAC;iBAAM,IAAI,KAAK,CAAC,IAAI,KAAK,UAAU,IAAI,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;gBACzE,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YACzB,CAAC;QACH,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,eAAe;IACjB,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,WAAW,CAAC,QAAgB;IACnC,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC;IAC1C,OAAO,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AACnE,CAAC;AAED,SAAS,QAAQ,CAAC,QAAgB;IAChC,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,SAAS,EAAE,SAAS,CAAC,CAAC;IAC3D,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC;QAAE,OAAO,EAAE,CAAC;IAExC,IAAI,CAAC;QACH,OAAO,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC;IACxD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED,SAAS,QAAQ,CAAC,QAAgB,EAAE,IAAgB;IAClD,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;IAChD,EAAE,CAAC,SAAS,CAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAC5C,EAAE,CAAC,aAAa,CACd,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,SAAS,CAAC,EAC9B,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,EAC7B,OAAO,CACR,CAAC;AACJ,CAAC;AAED,SAAS,wBAAwB,CAAC,QAAgB,EAAE,QAAgB;IAClE,MAAM,QAAQ,GAAc,EAAE,CAAC;IAE/B,IAAI,OAAe,CAAC;IACpB,IAAI,CAAC;QACH,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IAC/C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,MAAM,YAAY,GAAG,IAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;IAEvD,KAAK,MAAM,MAAM,IAAI,eAAe,EAAE,CAAC;QACrC,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;YACtC,IAAI,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC1B,QAAQ,CAAC,IAAI,CAAC;oBACZ,EAAE,EAAE,MAAM,CAAC,SAAS;oBACpB,KAAK,EAAE,MAAM,CAAC,KAAK;oBACnB,WAAW,EAAE,GAAG,YAAY,KAAK,MAAM,CAAC,WAAW,EAAE;oBACrD,QAAQ,EAAE,MAAM,CAAC,QAAQ;oBACzB,QAAQ,EAAE,YAAY;oBACtB,WAAW,EAAE,KAAK,EAAE,2CAA2C;iBAChE,CAAC,CAAC;gBACH,MAAM,CAAC,2CAA2C;YACpD,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAS,gBAAgB,CAAC,QAAgB;IACxC,MAAM,QAAQ,GAAc,EAAE,CAAC;IAC/B,MAAM,IAAI,GAAG,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAEhC,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,GAAG,CAAC,QAAQ,CAAC,CAAC;QACnD,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC7B,QAAQ,CAAC,IAAI,CAAC;gBACZ,EAAE,EAAE,cAAc;gBAClB,KAAK,EAAE,2BAA2B;gBAClC,WAAW,EAAE,GAAG,GAAG,CAAC,QAAQ,sEAAsE;gBAClG,QAAQ,EAAE,MAAM;gBAChB,QAAQ,EAAE,GAAG,CAAC,QAAQ;gBACtB,WAAW,EAAE,KAAK;aACnB,CAAC,CAAC;YACH,SAAS;QACX,CAAC;QAED,MAAM,WAAW,GAAG,WAAW,CAAC,QAAQ,CAAC,CAAC;QAC1C,IAAI,WAAW,KAAK,GAAG,CAAC,IAAI,EAAE,CAAC;YAC7B,QAAQ,CAAC,IAAI,CAAC;gBACZ,EAAE,EAAE,cAAc;gBAClB,KAAK,EAAE,qBAAqB;gBAC5B,WAAW,EAAE,GAAG,GAAG,CAAC,QAAQ,qEAAqE;gBACjG,QAAQ,EAAE,UAAU;gBACpB,QAAQ,EAAE,GAAG,CAAC,QAAQ;gBACtB,WAAW,EAAE,KAAK;aACnB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAS,qBAAqB,CAAC,QAAgB;IAC7C,MAAM,QAAQ,GAAc,EAAE,CAAC;IAC/B,MAAM,IAAI,GAAG,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAChC,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC;IAEzD,MAAM,UAAU,GAAG,cAAc,CAAC,QAAQ,CAAC,CAAC;IAC5C,KAAK,MAAM,IAAI,IAAI,UAAU,EAAE,CAAC;QAC9B,MAAM,YAAY,GAAG,IAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;QACnD,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,YAAY,CAAC,EAAE,CAAC;YACnC,QAAQ,CAAC,IAAI,CAAC;gBACZ,EAAE,EAAE,aAAa;gBACjB,KAAK,EAAE,gBAAgB;gBACvB,WAAW,EAAE,GAAG,YAAY,mEAAmE;gBAC/F,QAAQ,EAAE,QAAQ;gBAClB,QAAQ,EAAE,YAAY;gBACtB,WAAW,EAAE,IAAI;aAClB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,gCAAgC;AAEnB,QAAA,QAAQ,GAAmB;IACtC,WAAW,EAAE,aAAa;IAC1B,WAAW,EAAE,YAAY;IACzB,WAAW,EAAE,8EAA8E;IAC3F,OAAO,EAAE,eAAO;IAChB,QAAQ,EAAE,CAAC,WAAW,EAAE,WAAW,EAAE,WAAW,EAAE,WAAW,EAAE,WAAW,EAAE,aAAa,EAAE,cAAc,CAAC;IAC1G,gBAAgB,EAAE,EAAE;CACrB,CAAC;AAEF,MAAa,gBAAgB;IAA7B;QACW,aAAQ,GAAG,gBAAQ,CAAC;QAErB,WAAM,GAAqB,EAAE,CAAC;IAiHxC,CAAC;IA/GC,KAAK,CAAC,IAAI,CAAC,OAA2B;QACpC,IAAI,CAAC,OAAO,GAAG,OAAO,EAAE,OAAO,CAAC;QAChC,IAAI,CAAC,MAAM,GAAI,OAAO,EAAE,MAA2B,IAAI,EAAE,CAAC;IAC5D,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,QAAgB;QACzB,MAAM,QAAQ,GAAc,EAAE,CAAC;QAE/B,8CAA8C;QAC9C,MAAM,UAAU,GAAG,cAAc,CAAC,QAAQ,CAAC,CAAC;QAC5C,KAAK,MAAM,IAAI,IAAI,UAAU,EAAE,CAAC;YAC9B,QAAQ,CAAC,IAAI,CAAC,GAAG,wBAAwB,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC,CAAC;QAC7D,CAAC;QAED,4BAA4B;QAC5B,QAAQ,CAAC,IAAI,CAAC,GAAG,qBAAqB,CAAC,QAAQ,CAAC,CAAC,CAAC;QAElD,4CAA4C;QAC5C,QAAQ,CAAC,IAAI,CAAC,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC,CAAC;QAE7C,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YACjB,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC;gBACpB,MAAM,EAAE,YAAY;gBACpB,MAAM,EAAE,eAAe;gBACvB,MAAM,EAAE,QAAQ;gBAChB,MAAM,EAAE,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS;gBAClD,QAAQ,EAAE,EAAE,aAAa,EAAE,QAAQ,CAAC,MAAM,EAAE,aAAa,EAAE,UAAU,CAAC,MAAM,EAAE;aAC/E,CAAC,CAAC;QACL,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,QAAgB,EAAE,OAAoB;QAC9C,MAAM,YAAY,GAAkB,EAAE,CAAC;QACvC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAE3C,IAAI,OAAO,EAAE,MAAM,EAAE,CAAC;YACpB,OAAO,QAAQ;iBACZ,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,CAAC;iBAC5B,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;gBACX,SAAS,EAAE,CAAC,CAAC,EAAE;gBACf,WAAW,EAAE,cAAc,CAAC,CAAC,QAAQ,EAAE;gBACvC,aAAa,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE;gBAC7C,iBAAiB,EAAE,IAAI;aACxB,CAAC,CAAC,CAAC;QACR,CAAC;QAED,+BAA+B;QAC/B,MAAM,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,aAAa,CAAC,CAAC;QAChE,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACxB,MAAM,IAAI,GAAG,QAAQ,CAAC,QAAQ,CAAC,CAAC;YAEhC,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;gBAC/B,IAAI,CAAC,OAAO,CAAC,QAAQ;oBAAE,SAAS;gBAEhC,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAC;gBACvD,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC;oBAAE,SAAS;gBAEvC,MAAM,IAAI,GAAG,WAAW,CAAC,QAAQ,CAAC,CAAC;gBACnC,MAAM,SAAS,GAAG,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,QAAQ,EAAE,WAAW,CAAC;qBAC3D,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;gBAEtB,IAAI,CAAC,IAAI,CAAC;oBACR,SAAS;oBACT,IAAI;oBACJ,QAAQ,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;oBAClC,QAAQ,EAAE,OAAO,CAAC,QAAQ;iBAC3B,CAAC,CAAC;YACL,CAAC;YAED,QAAQ,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;YAEzB,YAAY,CAAC,IAAI,CAAC;gBAChB,SAAS,EAAE,aAAa;gBACxB,WAAW,EAAE,UAAU,QAAQ,CAAC,MAAM,oCAAoC;gBAC1E,aAAa,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC;gBAChD,iBAAiB,EAAE,IAAI;aACxB,CAAC,CAAC;QACL,CAAC;QAED,IAAI,IAAI,CAAC,OAAO,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC5C,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC;gBACpB,MAAM,EAAE,YAAY;gBACpB,MAAM,EAAE,aAAa;gBACrB,MAAM,EAAE,QAAQ;gBAChB,MAAM,EAAE,SAAS;gBACjB,QAAQ,EAAE,EAAE,YAAY,EAAE,QAAQ,CAAC,MAAM,EAAE;aAC5C,CAAC,CAAC;YAEH,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,EAAE,cAAc,EAAE,IAAI,EAAE,CAAC,CAAC;QACvD,CAAC;QAED,OAAO,YAAY,CAAC;IACtB,CAAC;IAED,KAAK,CAAC,MAAM;QACV,OAAO;YACL,IAAI,EAAE,gBAAQ,CAAC,WAAW;YAC1B,OAAO,EAAE,gBAAQ,CAAC,OAAO;YACzB,MAAM,EAAE,KAAK;YACb,aAAa,EAAE,CAAC;SACjB,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,QAAgB;QAC9B,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;QAChD,IAAI,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC5B,EAAE,CAAC,MAAM,CAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;QACxD,CAAC;IACH,CAAC;CACF;AApHD,4CAoHC;AAED,SAAgB,YAAY;IAC1B,OAAO,IAAI,gBAAgB,EAAE,CAAC;AAChC,CAAC"}

package/dist/registry/client.d.ts

@@ -0,0 +1,125 @@
+/**
+ * OpenA2A Registry client for posting scan results.
+ *
+ * Maps HackMyAgent scan findings to the registry's ScanResult format
+ * and POSTs them to the registry callback endpoint.
+ */
+import type { SecurityFinding } from '../hardening';
+import type { AttackReport } from '../attack';
+export interface ScanReportPayload {
+    versionId: string;
+    scanId: string;
+    status: 'passed' | 'failed' | 'warnings' | 'error';
+    completedAt: string;
+    vulnerabilities: VulnerabilityFinding[];
+    criticalCount: number;
+    highCount: number;
+    mediumCount: number;
+    lowCount: number;
+    observedCapabilities: string[];
+    observedExternalApis: string[];
+    capabilityMismatch: boolean;
+    behavioralFindings: BehavioralFinding[];
+    behavioralScore: number;
+    rawReport: Record<string, unknown>;
+}
+interface VulnerabilityFinding {
+    id: string;
+    severity: string;
+    title: string;
+    description: string;
+    package?: string;
+    version?: string;
+    fixedIn?: string;
+    cves?: string[];
+    cvss?: number;
+}
+interface BehavioralFinding {
+    type: string;
+    severity: string;
+    description: string;
+    evidence?: string;
+}
+export interface CommunityScanPayload {
+    packageName: string;
+    packageType?: string;
+    version?: string;
+    scanId: string;
+    status: 'passed' | 'failed' | 'warnings' | 'error';
+    completedAt: string;
+    vulnerabilities: VulnerabilityFinding[];
+    criticalCount: number;
+    highCount: number;
+    mediumCount: number;
+    lowCount: number;
+    rawReport?: Record<string, unknown>;
+}
+export interface RegistryConfig {
+    registryUrl: string;
+    apiKey: string;
+}
+export interface RegistryPackage {
+    id: string;
+    publisherId: string;
+    name: string;
+    packageType: string;
+}
+export declare class RegistryClient {
+    private config;
+    constructor(config: RegistryConfig);
+    /**
+     * Post scan results to registry callback endpoint.
+     */
+    reportScanResult(payload: ScanReportPayload): Promise<void>;
+    /**
+     * Request a short-lived scan token for community scan submission.
+     * Returns the token response on success, or null on failure (never throws).
+     */
+    requestScanToken(packageName: string, options?: {
+        packageType?: string;
+        version?: string;
+    }): Promise<{
+        scanToken: string;
+        tokenId: string;
+        expiresIn: string;
+    } | null>;
+    /**
+     * Post community scan results with optional scan token.
+     * Returns { status: 'accepted' | 'unknown_package' | 'failed' }.
+     * Never throws — registry errors are non-fatal for the user's scan.
+     */
+    reportCommunityResult(payload: CommunityScanPayload, scanToken?: string): Promise<{
+        status: string;
+        message?: string;
+        code?: string;
+    }>;
+    /**
+     * Look up package info from registry.
+     */
+    getPackage(publisherName: string, packageType: string, name: string): Promise<RegistryPackage | null>;
+}
+/**
+ * Build a ScanReportPayload from HMA hardening scan results.
+ */
+export declare function buildScanReport(versionId: string, findings: SecurityFinding[]): ScanReportPayload;
+/**
+ * Build a ScanReportPayload from HMA attack results.
+ */
+export declare function buildAttackReport(versionId: string, report: AttackReport): ScanReportPayload;
+/**
+ * Build a CommunityScanPayload from HMA hardening scan results.
+ * Used for auto-publishing to the community endpoint (no version ID needed).
+ */
+export declare function buildCommunityReport(packageName: string, findings: SecurityFinding[], options?: {
+    packageType?: string;
+    version?: string;
+}): CommunityScanPayload;
+/**
+ * Build a CommunityScanPayload from HMA attack results.
+ */
+export declare function buildCommunityAttackReport(packageName: string, report: AttackReport, options?: {
+    packageType?: string;
+    version?: string;
+}): CommunityScanPayload;
+export {};
+//# sourceMappingURL=client.d.ts.map

package/dist/registry/client.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../../src/registry/client.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,eAAe,EAAY,MAAM,cAAc,CAAC;AAC9D,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,WAAW,CAAC;AAG9C,MAAM,WAAW,iBAAiB;IAChC,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,QAAQ,GAAG,QAAQ,GAAG,UAAU,GAAG,OAAO,CAAC;IACnD,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe,EAAE,oBAAoB,EAAE,CAAC;IACxC,aAAa,EAAE,MAAM,CAAC;IACtB,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,oBAAoB,EAAE,MAAM,EAAE,CAAC;IAC/B,oBAAoB,EAAE,MAAM,EAAE,CAAC;IAC/B,kBAAkB,EAAE,OAAO,CAAC;IAC5B,kBAAkB,EAAE,iBAAiB,EAAE,CAAC;IACxC,eAAe,EAAE,MAAM,CAAC;IACxB,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACpC;AAED,UAAU,oBAAoB;IAC5B,EAAE,EAAE,MAAM,CAAC;IACX,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,CAAC;CACf;AAED,UAAU,iBAAiB;IACzB,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAGD,MAAM,WAAW,oBAAoB;IACnC,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,QAAQ,GAAG,QAAQ,GAAG,UAAU,GAAG,OAAO,CAAC;IACnD,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe,EAAE,oBAAoB,EAAE,CAAC;IACxC,aAAa,EAAE,MAAM,CAAC;IACtB,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACrC;AAED,MAAM,WAAW,cAAc;IAC7B,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,eAAe;IAC9B,EAAE,EAAE,MAAM,CAAC;IACX,WAAW,EAAE,MAAM,CAAC;IACpB,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,qBAAa,cAAc;IACzB,OAAO,CAAC,MAAM,CAAiB;gBAEnB,MAAM,EAAE,cAAc;IAIlC;;OAEG;IACG,gBAAgB,CAAC,OAAO,EAAE,iBAAiB,GAAG,OAAO,CAAC,IAAI,CAAC;IAqBjE;;;OAGG;IACG,gBAAgB,CACpB,WAAW,EAAE,MAAM,EACnB,OAAO,CAAC,EAAE;QAAE,WAAW,CAAC,EAAE,MAAM,CAAC;QAAC,OAAO,CAAC,EAAE,MAAM,CAAA;KAAE,GACnD,OAAO,CAAC;QAAE,SAAS,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,MAAM,CAAA;KAAE,GAAG,IAAI,CAAC;IAwC5E;;;;OAIG;IACG,qBAAqB,CACzB,OAAO,EAAE,oBAAoB,EAC7B,SAAS,CAAC,EAAE,MAAM,GACjB,OAAO,CAAC;QAAE,MAAM,EAAE,MAAM,CAAC;QAAC,OAAO,CAAC,EAAE,MAAM,CAAC;QAAC,IAAI,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;IAmC/D;;OAEG;IACG,UAAU,CACd,aAAa,EAAE,MAAM,EACrB,WAAW,EAAE,MAAM,EACnB,IAAI,EAAE,MAAM,GACX,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC;CAmBnC;AAED;;GAEG;AACH,wBAAgB,eAAe,CAC7B,SAAS,EAAE,MAAM,EACjB,QAAQ,EAAE,eAAe,EAAE,GAC1B,iBAAiB,CA2CnB;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAC/B,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,YAAY,GACnB,iBAAiB,CA0CnB;AAED;;;GAGG;AACH,wBAAgB,oBAAoB,CAClC,WAAW,EAAE,MAAM,EACnB,QAAQ,EAAE,eAAe,EAAE,EAC3B,OAAO,CAAC,EAAE;IAAE,WAAW,CAAC,EAAE,MAAM,CAAC;IAAC,OAAO,CAAC,EAAE,MAAM,CAAA;CAAE,GACnD,oBAAoB,CA8BtB;AAED;;GAEG;AACH,wBAAgB,0BAA0B,CACxC,WAAW,EAAE,MAAM,EACnB,MAAM,EAAE,YAAY,EACpB,OAAO,CAAC,EAAE;IAAE,WAAW,CAAC,EAAE,MAAM,CAAC;IAAC,OAAO,CAAC,EAAE,MAAM,CAAA;CAAE,GACnD,oBAAoB,CAuCtB"}