hackmyagent 0.7.2 → 0.8.1

package/dist/registry/client.js

@@ -0,0 +1,308 @@
+"use strict";
+/**
+ * OpenA2A Registry client for posting scan results.
+ *
+ * Maps HackMyAgent scan findings to the registry's ScanResult format
+ * and POSTs them to the registry callback endpoint.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.RegistryClient = void 0;
+exports.buildScanReport = buildScanReport;
+exports.buildAttackReport = buildAttackReport;
+exports.buildCommunityReport = buildCommunityReport;
+exports.buildCommunityAttackReport = buildCommunityAttackReport;
+class RegistryClient {
+    constructor(config) {
+        this.config = config;
+    }
+    /**
+     * Post scan results to registry callback endpoint.
+     */
+    async reportScanResult(payload) {
+        const url = `${this.config.registryUrl}/internal/scan-result`;
+        const response = await fetch(url, {
+            method: 'POST',
+            headers: {
+                'Content-Type': 'application/json',
+                'Authorization': `Bearer ${this.config.apiKey}`,
+                'User-Agent': 'HackMyAgent-CLI',
+            },
+            body: JSON.stringify(payload),
+        });
+        if (!response.ok) {
+            const body = await response.text().catch(() => '');
+            throw new Error(`Registry report failed (${response.status}): ${body}`);
+        }
+    }
+    /**
+     * Request a short-lived scan token for community scan submission.
+     * Returns the token response on success, or null on failure (never throws).
+     */
+    async requestScanToken(packageName, options) {
+        const url = `${this.config.registryUrl}/api/v1/registry/community/request-scan-token`;
+        try {
+            const response = await fetch(url, {
+                method: 'POST',
+                headers: {
+                    'Content-Type': 'application/json',
+                    'User-Agent': 'HackMyAgent-CLI',
+                },
+                body: JSON.stringify({
+                    packageName,
+                    packageType: options?.packageType,
+                    version: options?.version,
+                }),
+            });
+            if (response.status === 404) {
+                console.error(`Registry: package "${packageName}" not found in registry. Check the package name or register it at https://registry.opena2a.org`);
+                return null;
+            }
+            if (response.status === 429) {
+                console.error('Registry: rate limited. Try again in a few minutes, or use --skip-registry to skip registry checks.');
+                return null;
+            }
+            if (!response.ok) {
+                const body = await response.text().catch(() => '');
+                console.error(`Registry: scan token request failed (${response.status}): ${body}`);
+                return null;
+            }
+            return await response.json();
+        }
+        catch {
+            console.error('Registry: scan token request failed (network error)');
+            return null;
+        }
+    }
+    /**
+     * Post community scan results with optional scan token.
+     * Returns { status: 'accepted' | 'unknown_package' | 'failed' }.
+     * Never throws — registry errors are non-fatal for the user's scan.
+     */
+    async reportCommunityResult(payload, scanToken) {
+        const url = `${this.config.registryUrl}/api/v1/registry/community/scan-result`;
+        const body = JSON.stringify(payload);
+        const headers = {
+            'Content-Type': 'application/json',
+            'User-Agent': 'HackMyAgent-CLI',
+        };
+        if (scanToken) {
+            headers['X-Scan-Token'] = scanToken;
+        }
+        try {
+            const response = await fetch(url, {
+                method: 'POST',
+                headers,
+                body,
+            });
+            if (!response.ok) {
+                const errBody = await response.json().catch(() => ({}));
+                return {
+                    status: 'failed',
+                    message: errBody.message || `HTTP ${response.status}`,
+                    code: errBody.code,
+                };
+            }
+            return await response.json();
+        }
+        catch {
+            return { status: 'failed', message: 'Network error' };
+        }
+    }
+    /**
+     * Look up package info from registry.
+     */
+    async getPackage(publisherName, packageType, name) {
+        const url = `${this.config.registryUrl}/api/v1/registry/${packageType}/${name}?publisher=${publisherName}`;
+        const response = await fetch(url, {
+            headers: {
+                'User-Agent': 'HackMyAgent-CLI',
+            },
+        });
+        if (response.status === 404) {
+            return null;
+        }
+        if (!response.ok) {
+            throw new Error(`Registry lookup failed (${response.status})`);
+        }
+        return response.json();
+    }
+}
+exports.RegistryClient = RegistryClient;
+/**
+ * Build a ScanReportPayload from HMA hardening scan results.
+ */
+function buildScanReport(versionId, findings) {
+    const failed = findings.filter(f => !f.passed && !f.fixed);
+    const counts = countBySeverity(failed);
+    const status = deriveStatus(counts);
+    // Map failed findings to vulnerability format
+    const vulnerabilities = failed.map(f => ({
+        id: f.checkId,
+        severity: f.severity,
+        title: f.name,
+        description: f.description,
+    }));
+    // Extract observed capabilities from capability-related checks
+    const observedCapabilities = [];
+    for (const f of findings) {
+        if (f.checkId.startsWith('FS-') && !f.passed)
+            observedCapabilities.push('filesystem');
+        if (f.checkId.startsWith('NET-') && !f.passed)
+            observedCapabilities.push('network');
+        if (f.checkId.startsWith('SHELL-') && !f.passed)
+            observedCapabilities.push('shell_exec');
+    }
+    return {
+        versionId,
+        scanId: `hma-${Date.now()}`,
+        status,
+        completedAt: new Date().toISOString(),
+        vulnerabilities,
+        criticalCount: counts.critical,
+        highCount: counts.high,
+        mediumCount: counts.medium,
+        lowCount: counts.low,
+        observedCapabilities: [...new Set(observedCapabilities)],
+        observedExternalApis: [],
+        capabilityMismatch: false,
+        behavioralFindings: [],
+        behavioralScore: 0,
+        rawReport: {
+            generator: 'hackmyagent',
+            totalFindings: findings.length,
+            failedFindings: failed.length,
+        },
+    };
+}
+/**
+ * Build a ScanReportPayload from HMA attack results.
+ */
+function buildAttackReport(versionId, report) {
+    const vulnerabilities = report.results
+        .filter(r => r.success)
+        .map(r => ({
+        id: r.payload.id,
+        severity: r.payload.severity,
+        title: `${r.payload.category}: ${r.payload.id}`,
+        description: r.response?.substring(0, 500) || 'Attack succeeded',
+    }));
+    const counts = {
+        critical: vulnerabilities.filter(v => v.severity === 'critical').length,
+        high: vulnerabilities.filter(v => v.severity === 'high').length,
+        medium: vulnerabilities.filter(v => v.severity === 'medium').length,
+        low: vulnerabilities.filter(v => v.severity === 'low').length,
+    };
+    const status = deriveStatus(counts);
+    return {
+        versionId,
+        scanId: `hma-attack-${Date.now()}`,
+        status,
+        completedAt: new Date().toISOString(),
+        vulnerabilities,
+        criticalCount: counts.critical,
+        highCount: counts.high,
+        mediumCount: counts.medium,
+        lowCount: counts.low,
+        observedCapabilities: [],
+        observedExternalApis: [],
+        capabilityMismatch: false,
+        behavioralFindings: [],
+        behavioralScore: 0,
+        rawReport: {
+            generator: 'hackmyagent-attack',
+            target: report.target,
+            riskRating: report.riskRating,
+            totalPayloads: report.summary.total,
+            successfulAttacks: report.summary.successful,
+        },
+    };
+}
+/**
+ * Build a CommunityScanPayload from HMA hardening scan results.
+ * Used for auto-publishing to the community endpoint (no version ID needed).
+ */
+function buildCommunityReport(packageName, findings, options) {
+    const failed = findings.filter(f => !f.passed && !f.fixed);
+    const counts = countBySeverity(failed);
+    const status = deriveStatus(counts);
+    const vulnerabilities = failed.map(f => ({
+        id: f.checkId,
+        severity: f.severity,
+        title: f.name,
+        description: f.description,
+    }));
+    return {
+        packageName,
+        packageType: options?.packageType,
+        version: options?.version,
+        scanId: `hma-community-${Date.now()}`,
+        status,
+        completedAt: new Date().toISOString(),
+        vulnerabilities,
+        criticalCount: counts.critical,
+        highCount: counts.high,
+        mediumCount: counts.medium,
+        lowCount: counts.low,
+        rawReport: {
+            generator: 'hackmyagent',
+            totalFindings: findings.length,
+            failedFindings: failed.length,
+        },
+    };
+}
+/**
+ * Build a CommunityScanPayload from HMA attack results.
+ */
+function buildCommunityAttackReport(packageName, report, options) {
+    const vulnerabilities = report.results
+        .filter(r => r.success)
+        .map(r => ({
+        id: r.payload.id,
+        severity: r.payload.severity,
+        title: `${r.payload.category}: ${r.payload.id}`,
+        description: r.response?.substring(0, 500) || 'Attack succeeded',
+    }));
+    const counts = {
+        critical: vulnerabilities.filter(v => v.severity === 'critical').length,
+        high: vulnerabilities.filter(v => v.severity === 'high').length,
+        medium: vulnerabilities.filter(v => v.severity === 'medium').length,
+        low: vulnerabilities.filter(v => v.severity === 'low').length,
+    };
+    const status = deriveStatus(counts);
+    return {
+        packageName,
+        packageType: options?.packageType,
+        version: options?.version,
+        scanId: `hma-attack-community-${Date.now()}`,
+        status,
+        completedAt: new Date().toISOString(),
+        vulnerabilities,
+        criticalCount: counts.critical,
+        highCount: counts.high,
+        mediumCount: counts.medium,
+        lowCount: counts.low,
+        rawReport: {
+            generator: 'hackmyagent-attack',
+            target: report.target,
+            riskRating: report.riskRating,
+            totalPayloads: report.summary.total,
+            successfulAttacks: report.summary.successful,
+        },
+    };
+}
+function countBySeverity(findings) {
+    return {
+        critical: findings.filter(f => f.severity === 'critical').length,
+        high: findings.filter(f => f.severity === 'high').length,
+        medium: findings.filter(f => f.severity === 'medium').length,
+        low: findings.filter(f => f.severity === 'low').length,
+    };
+}
+function deriveStatus(counts) {
+    if (counts.critical > 0 || counts.high > 0)
+        return 'failed';
+    if (counts.medium > 0 || counts.low > 0)
+        return 'warnings';
+    return 'passed';
+}
+//# sourceMappingURL=client.js.map

package/dist/registry/client.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"client.js","sourceRoot":"","sources":["../../src/registry/client.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;;AA+NH,0CA8CC;AAKD,8CA6CC;AAMD,oDAkCC;AAKD,gEA2CC;AAhVD,MAAa,cAAc;IAGzB,YAAY,MAAsB;QAChC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,gBAAgB,CAAC,OAA0B;QAC/C,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,WAAW,uBAAuB,CAAC;QAE9D,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;YAChC,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;gBAClC,eAAe,EAAE,UAAU,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE;gBAC/C,YAAY,EAAE,iBAAiB;aAChC;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC;SAC9B,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC;YACnD,MAAM,IAAI,KAAK,CACb,2BAA2B,QAAQ,CAAC,MAAM,MAAM,IAAI,EAAE,CACvD,CAAC;QACJ,CAAC;IACH,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,gBAAgB,CACpB,WAAmB,EACnB,OAAoD;QAEpD,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,WAAW,+CAA+C,CAAC;QAEtF,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;gBAChC,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE;oBACP,cAAc,EAAE,kBAAkB;oBAClC,YAAY,EAAE,iBAAiB;iBAChC;gBACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;oBACnB,WAAW;oBACX,WAAW,EAAE,OAAO,EAAE,WAAW;oBACjC,OAAO,EAAE,OAAO,EAAE,OAAO;iBAC1B,CAAC;aACH,CAAC,CAAC;YAEH,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;gBAC5B,OAAO,CAAC,KAAK,CAAC,sBAAsB,WAAW,gGAAgG,CAAC,CAAC;gBACjJ,OAAO,IAAI,CAAC;YACd,CAAC;YAED,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;gBAC5B,OAAO,CAAC,KAAK,CAAC,qGAAqG,CAAC,CAAC;gBACrH,OAAO,IAAI,CAAC;YACd,CAAC;YAED,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBACjB,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC;gBACnD,OAAO,CAAC,KAAK,CAAC,wCAAwC,QAAQ,CAAC,MAAM,MAAM,IAAI,EAAE,CAAC,CAAC;gBACnF,OAAO,IAAI,CAAC;YACd,CAAC;YAED,OAAO,MAAM,QAAQ,CAAC,IAAI,EAA+D,CAAC;QAC5F,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,CAAC,KAAK,CAAC,qDAAqD,CAAC,CAAC;YACrE,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,qBAAqB,CACzB,OAA6B,EAC7B,SAAkB;QAElB,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,WAAW,wCAAwC,CAAC;QAC/E,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;QAErC,MAAM,OAAO,GAA2B;YACtC,cAAc,EAAE,kBAAkB;YAClC,YAAY,EAAE,iBAAiB;SAChC,CAAC;QAEF,IAAI,SAAS,EAAE,CAAC;YACd,OAAO,CAAC,cAAc,CAAC,GAAG,SAAS,CAAC;QACtC,CAAC;QAED,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;gBAChC,MAAM,EAAE,MAAM;gBACd,OAAO;gBACP,IAAI;aACL,CAAC,CAAC;YAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBACjB,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,CAAC,CAA4B,CAAC;gBACnF,OAAO;oBACL,MAAM,EAAE,QAAQ;oBAChB,OAAO,EAAG,OAAO,CAAC,OAAkB,IAAI,QAAQ,QAAQ,CAAC,MAAM,EAAE;oBACjE,IAAI,EAAE,OAAO,CAAC,IAA0B;iBACzC,CAAC;YACJ,CAAC;YAED,OAAO,MAAM,QAAQ,CAAC,IAAI,EAA0C,CAAC;QACvE,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,eAAe,EAAE,CAAC;QACxD,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,UAAU,CACd,aAAqB,EACrB,WAAmB,EACnB,IAAY;QAEZ,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,WAAW,oBAAoB,WAAW,IAAI,IAAI,cAAc,aAAa,EAAE,CAAC;QAE3G,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;YAChC,OAAO,EAAE;gBACP,YAAY,EAAE,iBAAiB;aAChC;SACF,CAAC,CAAC;QAEH,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YAC5B,OAAO,IAAI,CAAC;QACd,CAAC;QAED,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CAAC,2BAA2B,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC;QACjE,CAAC;QAED,OAAO,QAAQ,CAAC,IAAI,EAA8B,CAAC;IACrD,CAAC;CACF;AAnJD,wCAmJC;AAED;;GAEG;AACH,SAAgB,eAAe,CAC7B,SAAiB,EACjB,QAA2B;IAE3B,MAAM,MAAM,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,MAAM,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;IAE3D,MAAM,MAAM,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC;IACvC,MAAM,MAAM,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC;IAEpC,8CAA8C;IAC9C,MAAM,eAAe,GAA2B,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;QAC/D,EAAE,EAAE,CAAC,CAAC,OAAO;QACb,QAAQ,EAAE,CAAC,CAAC,QAAQ;QACpB,KAAK,EAAE,CAAC,CAAC,IAAI;QACb,WAAW,EAAE,CAAC,CAAC,WAAW;KAC3B,CAAC,CAAC,CAAC;IAEJ,+DAA+D;IAC/D,MAAM,oBAAoB,GAAa,EAAE,CAAC;IAC1C,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;QACzB,IAAI,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM;YAAE,oBAAoB,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QACtF,IAAI,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM;YAAE,oBAAoB,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QACpF,IAAI,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM;YAAE,oBAAoB,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IAC3F,CAAC;IAED,OAAO;QACL,SAAS;QACT,MAAM,EAAE,OAAO,IAAI,CAAC,GAAG,EAAE,EAAE;QAC3B,MAAM;QACN,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACrC,eAAe;QACf,aAAa,EAAE,MAAM,CAAC,QAAQ;QAC9B,SAAS,EAAE,MAAM,CAAC,IAAI;QACtB,WAAW,EAAE,MAAM,CAAC,MAAM;QAC1B,QAAQ,EAAE,MAAM,CAAC,GAAG;QACpB,oBAAoB,EAAE,CAAC,GAAG,IAAI,GAAG,CAAC,oBAAoB,CAAC,CAAC;QACxD,oBAAoB,EAAE,EAAE;QACxB,kBAAkB,EAAE,KAAK;QACzB,kBAAkB,EAAE,EAAE;QACtB,eAAe,EAAE,CAAC;QAClB,SAAS,EAAE;YACT,SAAS,EAAE,aAAa;YACxB,aAAa,EAAE,QAAQ,CAAC,MAAM;YAC9B,cAAc,EAAE,MAAM,CAAC,MAAM;SAC9B;KACF,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAgB,iBAAiB,CAC/B,SAAiB,EACjB,MAAoB;IAEpB,MAAM,eAAe,GAA2B,MAAM,CAAC,OAAO;SAC3D,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC;SACtB,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;QACT,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,EAAE;QAChB,QAAQ,EAAE,CAAC,CAAC,OAAO,CAAC,QAAQ;QAC5B,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,QAAQ,KAAK,CAAC,CAAC,OAAO,CAAC,EAAE,EAAE;QAC/C,WAAW,EAAE,CAAC,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC,EAAE,GAAG,CAAC,IAAI,kBAAkB;KACjE,CAAC,CAAC,CAAC;IAEN,MAAM,MAAM,GAAG;QACb,QAAQ,EAAE,eAAe,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,MAAM;QACvE,IAAI,EAAE,eAAe,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,MAAM;QAC/D,MAAM,EAAE,eAAe,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,MAAM;QACnE,GAAG,EAAE,eAAe,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,KAAK,CAAC,CAAC,MAAM;KAC9D,CAAC;IAEF,MAAM,MAAM,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC;IAEpC,OAAO;QACL,SAAS;QACT,MAAM,EAAE,cAAc,IAAI,CAAC,GAAG,EAAE,EAAE;QAClC,MAAM;QACN,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACrC,eAAe;QACf,aAAa,EAAE,MAAM,CAAC,QAAQ;QAC9B,SAAS,EAAE,MAAM,CAAC,IAAI;QACtB,WAAW,EAAE,MAAM,CAAC,MAAM;QAC1B,QAAQ,EAAE,MAAM,CAAC,GAAG;QACpB,oBAAoB,EAAE,EAAE;QACxB,oBAAoB,EAAE,EAAE;QACxB,kBAAkB,EAAE,KAAK;QACzB,kBAAkB,EAAE,EAAE;QACtB,eAAe,EAAE,CAAC;QAClB,SAAS,EAAE;YACT,SAAS,EAAE,oBAAoB;YAC/B,MAAM,EAAE,MAAM,CAAC,MAAM;YACrB,UAAU,EAAE,MAAM,CAAC,UAAU;YAC7B,aAAa,EAAE,MAAM,CAAC,OAAO,CAAC,KAAK;YACnC,iBAAiB,EAAE,MAAM,CAAC,OAAO,CAAC,UAAU;SAC7C;KACF,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,SAAgB,oBAAoB,CAClC,WAAmB,EACnB,QAA2B,EAC3B,OAAoD;IAEpD,MAAM,MAAM,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,MAAM,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;IAC3D,MAAM,MAAM,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC;IACvC,MAAM,MAAM,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC;IAEpC,MAAM,eAAe,GAA2B,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;QAC/D,EAAE,EAAE,CAAC,CAAC,OAAO;QACb,QAAQ,EAAE,CAAC,CAAC,QAAQ;QACpB,KAAK,EAAE,CAAC,CAAC,IAAI;QACb,WAAW,EAAE,CAAC,CAAC,WAAW;KAC3B,CAAC,CAAC,CAAC;IAEJ,OAAO;QACL,WAAW;QACX,WAAW,EAAE,OAAO,EAAE,WAAW;QACjC,OAAO,EAAE,OAAO,EAAE,OAAO;QACzB,MAAM,EAAE,iBAAiB,IAAI,CAAC,GAAG,EAAE,EAAE;QACrC,MAAM;QACN,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACrC,eAAe;QACf,aAAa,EAAE,MAAM,CAAC,QAAQ;QAC9B,SAAS,EAAE,MAAM,CAAC,IAAI;QACtB,WAAW,EAAE,MAAM,CAAC,MAAM;QAC1B,QAAQ,EAAE,MAAM,CAAC,GAAG;QACpB,SAAS,EAAE;YACT,SAAS,EAAE,aAAa;YACxB,aAAa,EAAE,QAAQ,CAAC,MAAM;YAC9B,cAAc,EAAE,MAAM,CAAC,MAAM;SAC9B;KACF,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAgB,0BAA0B,CACxC,WAAmB,EACnB,MAAoB,EACpB,OAAoD;IAEpD,MAAM,eAAe,GAA2B,MAAM,CAAC,OAAO;SAC3D,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC;SACtB,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;QACT,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,EAAE;QAChB,QAAQ,EAAE,CAAC,CAAC,OAAO,CAAC,QAAQ;QAC5B,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,QAAQ,KAAK,CAAC,CAAC,OAAO,CAAC,EAAE,EAAE;QAC/C,WAAW,EAAE,CAAC,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC,EAAE,GAAG,CAAC,IAAI,kBAAkB;KACjE,CAAC,CAAC,CAAC;IAEN,MAAM,MAAM,GAAG;QACb,QAAQ,EAAE,eAAe,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,MAAM;QACvE,IAAI,EAAE,eAAe,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,MAAM;QAC/D,MAAM,EAAE,eAAe,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,MAAM;QACnE,GAAG,EAAE,eAAe,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,KAAK,CAAC,CAAC,MAAM;KAC9D,CAAC;IAEF,MAAM,MAAM,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC;IAEpC,OAAO;QACL,WAAW;QACX,WAAW,EAAE,OAAO,EAAE,WAAW;QACjC,OAAO,EAAE,OAAO,EAAE,OAAO;QACzB,MAAM,EAAE,wBAAwB,IAAI,CAAC,GAAG,EAAE,EAAE;QAC5C,MAAM;QACN,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACrC,eAAe;QACf,aAAa,EAAE,MAAM,CAAC,QAAQ;QAC9B,SAAS,EAAE,MAAM,CAAC,IAAI;QACtB,WAAW,EAAE,MAAM,CAAC,MAAM;QAC1B,QAAQ,EAAE,MAAM,CAAC,GAAG;QACpB,SAAS,EAAE;YACT,SAAS,EAAE,oBAAoB;YAC/B,MAAM,EAAE,MAAM,CAAC,MAAM;YACrB,UAAU,EAAE,MAAM,CAAC,UAAU;YAC7B,aAAa,EAAE,MAAM,CAAC,OAAO,CAAC,KAAK;YACnC,iBAAiB,EAAE,MAAM,CAAC,OAAO,CAAC,UAAU;SAC7C;KACF,CAAC;AACJ,CAAC;AAED,SAAS,eAAe,CAAC,QAA2C;IAMlE,OAAO;QACL,QAAQ,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,MAAM;QAChE,IAAI,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,MAAM;QACxD,MAAM,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,MAAM;QAC5D,GAAG,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,KAAK,CAAC,CAAC,MAAM;KACvD,CAAC;AACJ,CAAC;AAED,SAAS,YAAY,CAAC,MAKrB;IACC,IAAI,MAAM,CAAC,QAAQ,GAAG,CAAC,IAAI,MAAM,CAAC,IAAI,GAAG,CAAC;QAAE,OAAO,QAAQ,CAAC;IAC5D,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,IAAI,MAAM,CAAC,GAAG,GAAG,CAAC;QAAE,OAAO,UAAU,CAAC;IAC3D,OAAO,QAAQ,CAAC;AAClB,CAAC"}

package/dist/registry/contribution.d.ts

@@ -0,0 +1,178 @@
+/**
+ * Anonymous registry contribution for scan results.
+ *
+ * When users opt in (--contribute flag), scan results are submitted
+ * anonymously to the OpenA2A registry for aggregate security intelligence.
+ *
+ * What IS sent:
+ * - SHA256 hash of scanned artifact (for deduplication, not identification)
+ * - Scan type and version
+ * - Finding IDs and severities (no file paths or content)
+ * - Domain scores (for governance scans)
+ * - Agent tier classification
+ * - Timestamp and scanner version
+ *
+ * What is NEVER sent:
+ * - File paths, file content, or source code
+ * - Usernames, hostnames, or IP addresses
+ * - Environment variables or credential values
+ * - Directory structure or project names
+ */
+export type ContributionType = 'hardening' | 'governance' | 'mcp-enumeration' | 'skill-check' | 'attack' | 'history' | 'scope' | 'agent-scan';
+export interface ContributionPayload {
+    contributionId: string;
+    artifactHash: string;
+    scanType: ContributionType;
+    scannerVersion: string;
+    scanTimestamp: string;
+    scanDurationMs?: number;
+    totalFindings: number;
+    criticalCount: number;
+    highCount: number;
+    mediumCount: number;
+    lowCount: number;
+    findingIds: string[];
+    score?: number;
+    maxScore?: number;
+    grade?: string;
+    governance?: {
+        tier: string;
+        domainScores: Array<{
+            domain: string;
+            score: number;
+            controlsPassed: number;
+            controlsTotal: number;
+        }>;
+        criticalFailures: string[];
+    };
+    mcpEnumeration?: {
+        serversScanned: number;
+        totalTools: number;
+        dangerousToolCount: number;
+        categories: string[];
+    };
+    skillCheck?: {
+        riskLevel: string;
+        verified: boolean;
+        permissionCount: number;
+        dangerousPermissions: number;
+    };
+    attack?: {
+        categories: string[];
+        payloadsRun: number;
+        payloadsBlocked: number;
+        payloadsBypassed: number;
+        blockRate: number;
+    };
+    agentScan?: {
+        checksTotal: number;
+        checksPassed: number;
+        criticalFailures: number;
+        hasPublicKey: boolean;
+        hasAttestation: boolean;
+        trustScore?: number;
+    };
+}
+/**
+ * Generate SHA256 hash of content for artifact identification.
+ * The hash allows deduplication without revealing content.
+ */
+export declare function hashArtifact(content: string): string;
+/**
+ * Generate a random contribution ID.
+ */
+export declare function generateContributionId(): string;
+/**
+ * Strip PII from a finding list -- return only check IDs.
+ */
+export declare function extractFindingIds(findings: Array<{
+    checkId: string;
+}>): string[];
+/**
+ * Count findings by severity.
+ */
+export declare function countBySeverity(findings: Array<{
+    severity: string;
+    passed?: boolean;
+}>): {
+    critical: number;
+    high: number;
+    medium: number;
+    low: number;
+};
+/**
+ * Build a contribution payload from hardening scan results.
+ */
+export declare function buildHardeningContribution(scannerVersion: string, artifactContent: string, findings: Array<{
+    checkId: string;
+    severity: string;
+    passed?: boolean;
+}>, score: number, maxScore: number, durationMs?: number): ContributionPayload;
+/**
+ * Build a contribution payload from governance scan results.
+ */
+export declare function buildGovernanceContribution(scannerVersion: string, artifactContent: string, governanceScore: {
+    overall: number;
+    grade: string;
+    tier: string;
+    domains: Array<{
+        domain: string;
+        score: number;
+        controlsPassed: number;
+        controlsTotal: number;
+    }>;
+    results: Array<{
+        controlId: string;
+        severity: string;
+        passed: boolean;
+    }>;
+    criticalFailures: string[];
+}, durationMs?: number): ContributionPayload;
+/**
+ * Build a contribution payload from MCP tool enumeration.
+ */
+export declare function buildMcpContribution(scannerVersion: string, configContent: string, serverResults: Array<{
+    serverName: string;
+    toolCount: number;
+    findings: Array<{
+        checkId: string;
+        severity: string;
+    }>;
+}>, durationMs?: number): ContributionPayload;
+/**
+ * Build a contribution payload from attack scan results.
+ */
+export declare function buildAttackContribution(scannerVersion: string, targetIdentifier: string, attackReport: {
+    categories: string[];
+    totalPayloads: number;
+    blocked: number;
+    bypassed: number;
+    blockRate: number;
+}, durationMs?: number): ContributionPayload;
+/**
+ * Build a contribution payload from agent card scan results.
+ */
+export declare function buildAgentScanContribution(scannerVersion: string, artifactContent: string, scanResult: {
+    findings: Array<{
+        checkId: string;
+        severity: string;
+        passed: boolean;
+    }>;
+    score: number;
+    grade: string;
+    criticalFailures: string[];
+    card: {
+        publicKey?: string;
+        aimAttestation?: {
+            trustScore?: number;
+        } | null;
+    };
+}, durationMs?: number): ContributionPayload;
+/**
+ * Submit contribution to registry. Never throws -- contribution failure is non-fatal.
+ */
+export declare function submitContribution(registryUrl: string, payload: ContributionPayload): Promise<{
+    status: string;
+    message?: string;
+}>;
+//# sourceMappingURL=contribution.d.ts.map

package/dist/registry/contribution.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"contribution.d.ts","sourceRoot":"","sources":["../../src/registry/contribution.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AAIH,MAAM,MAAM,gBAAgB,GACxB,WAAW,GACX,YAAY,GACZ,iBAAiB,GACjB,aAAa,GACb,QAAQ,GACR,SAAS,GACT,OAAO,GACP,YAAY,CAAC;AAEjB,MAAM,WAAW,mBAAmB;IAElC,cAAc,EAAE,MAAM,CAAC;IACvB,YAAY,EAAE,MAAM,CAAC;IAGrB,QAAQ,EAAE,gBAAgB,CAAC;IAC3B,cAAc,EAAE,MAAM,CAAC;IACvB,aAAa,EAAE,MAAM,CAAC;IACtB,cAAc,CAAC,EAAE,MAAM,CAAC;IAGxB,aAAa,EAAE,MAAM,CAAC;IACtB,aAAa,EAAE,MAAM,CAAC;IACtB,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IAGjB,UAAU,EAAE,MAAM,EAAE,CAAC;IAGrB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,KAAK,CAAC,EAAE,MAAM,CAAC;IAGf,UAAU,CAAC,EAAE;QACX,IAAI,EAAE,MAAM,CAAC;QACb,YAAY,EAAE,KAAK,CAAC;YAClB,MAAM,EAAE,MAAM,CAAC;YACf,KAAK,EAAE,MAAM,CAAC;YACd,cAAc,EAAE,MAAM,CAAC;YACvB,aAAa,EAAE,MAAM,CAAC;SACvB,CAAC,CAAC;QACH,gBAAgB,EAAE,MAAM,EAAE,CAAC;KAC5B,CAAC;IAGF,cAAc,CAAC,EAAE;QACf,cAAc,EAAE,MAAM,CAAC;QACvB,UAAU,EAAE,MAAM,CAAC;QACnB,kBAAkB,EAAE,MAAM,CAAC;QAC3B,UAAU,EAAE,MAAM,EAAE,CAAC;KACtB,CAAC;IAGF,UAAU,CAAC,EAAE;QACX,SAAS,EAAE,MAAM,CAAC;QAClB,QAAQ,EAAE,OAAO,CAAC;QAClB,eAAe,EAAE,MAAM,CAAC;QACxB,oBAAoB,EAAE,MAAM,CAAC;KAC9B,CAAC;IAGF,MAAM,CAAC,EAAE;QACP,UAAU,EAAE,MAAM,EAAE,CAAC;QACrB,WAAW,EAAE,MAAM,CAAC;QACpB,eAAe,EAAE,MAAM,CAAC;QACxB,gBAAgB,EAAE,MAAM,CAAC;QACzB,SAAS,EAAE,MAAM,CAAC;KACnB,CAAC;IAGF,SAAS,CAAC,EAAE;QACV,WAAW,EAAE,MAAM,CAAC;QACpB,YAAY,EAAE,MAAM,CAAC;QACrB,gBAAgB,EAAE,MAAM,CAAC;QACzB,YAAY,EAAE,OAAO,CAAC;QACtB,cAAc,EAAE,OAAO,CAAC;QACxB,UAAU,CAAC,EAAE,MAAM,CAAC;KACrB,CAAC;CACH;AAED;;;GAGG;AACH,wBAAgB,YAAY,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,CAEpD;AAED;;GAEG;AACH,wBAAgB,sBAAsB,IAAI,MAAM,CAE/C;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,QAAQ,EAAE,KAAK,CAAC;IAAE,OAAO,EAAE,MAAM,CAAA;CAAE,CAAC,GAAG,MAAM,EAAE,CAEhF;AAED;;GAEG;AACH,wBAAgB,eAAe,CAC7B,QAAQ,EAAE,KAAK,CAAC;IAAE,QAAQ,EAAE,MAAM,CAAC;IAAC,MAAM,CAAC,EAAE,OAAO,CAAA;CAAE,CAAC,GACtD;IAAE,QAAQ,EAAE,MAAM,CAAC;IAAC,IAAI,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,MAAM,CAAC;IAAC,GAAG,EAAE,MAAM,CAAA;CAAE,CAQjE;AAED;;GAEG;AACH,wBAAgB,0BAA0B,CACxC,cAAc,EAAE,MAAM,EACtB,eAAe,EAAE,MAAM,EACvB,QAAQ,EAAE,KAAK,CAAC;IAAE,OAAO,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAC;IAAC,MAAM,CAAC,EAAE,OAAO,CAAA;CAAE,CAAC,EACxE,KAAK,EAAE,MAAM,EACb,QAAQ,EAAE,MAAM,EAChB,UAAU,CAAC,EAAE,MAAM,GAClB,mBAAmB,CAkBrB;AAED;;GAEG;AACH,wBAAgB,2BAA2B,CACzC,cAAc,EAAE,MAAM,EACtB,eAAe,EAAE,MAAM,EACvB,eAAe,EAAE;IACf,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,KAAK,CAAC;QAAE,MAAM,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAC;QAAC,cAAc,EAAE,MAAM,CAAC;QAAC,aAAa,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IACjG,OAAO,EAAE,KAAK,CAAC;QAAE,SAAS,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,OAAO,CAAA;KAAE,CAAC,CAAC;IACzE,gBAAgB,EAAE,MAAM,EAAE,CAAC;CAC5B,EACD,UAAU,CAAC,EAAE,MAAM,GAClB,mBAAmB,CA+BrB;AAED;;GAEG;AACH,wBAAgB,oBAAoB,CAClC,cAAc,EAAE,MAAM,EACtB,aAAa,EAAE,MAAM,EACrB,aAAa,EAAE,KAAK,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,KAAK,CAAC;QAAE,OAAO,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;CACxD,CAAC,EACF,UAAU,CAAC,EAAE,MAAM,GAClB,mBAAmB,CAgCrB;AAED;;GAEG;AACH,wBAAgB,uBAAuB,CACrC,cAAc,EAAE,MAAM,EACtB,gBAAgB,EAAE,MAAM,EACxB,YAAY,EAAE;IACZ,UAAU,EAAE,MAAM,EAAE,CAAC;IACrB,aAAa,EAAE,MAAM,CAAC;IACtB,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;CACnB,EACD,UAAU,CAAC,EAAE,MAAM,GAClB,mBAAmB,CAsBrB;AAED;;GAEG;AACH,wBAAgB,0BAA0B,CACxC,cAAc,EAAE,MAAM,EACtB,eAAe,EAAE,MAAM,EACvB,UAAU,EAAE;IACV,QAAQ,EAAE,KAAK,CAAC;QAAE,OAAO,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,OAAO,CAAA;KAAE,CAAC,CAAC;IACxE,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;IACd,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B,IAAI,EAAE;QAAE,SAAS,CAAC,EAAE,MAAM,CAAC;QAAC,cAAc,CAAC,EAAE;YAAE,UAAU,CAAC,EAAE,MAAM,CAAA;SAAE,GAAG,IAAI,CAAA;KAAE,CAAC;CAC/E,EACD,UAAU,CAAC,EAAE,MAAM,GAClB,mBAAmB,CA4BrB;AAED;;GAEG;AACH,wBAAsB,kBAAkB,CACtC,WAAW,EAAE,MAAM,EACnB,OAAO,EAAE,mBAAmB,GAC3B,OAAO,CAAC;IAAE,MAAM,EAAE,MAAM,CAAC;IAAC,OAAO,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC,CAoB/C"}