npm - hackmyagent - Versions diffs - 0.7.2 → 0.8.1 - Mend

hackmyagent 0.7.2 → 0.8.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (393) hide show

package/LICENSE +191 -0
package/README.md +172 -261
package/dist/abgr/controls.d.ts +35 -0
package/dist/abgr/controls.d.ts.map +1 -0
package/dist/abgr/controls.js +1058 -0
package/dist/abgr/controls.js.map +1 -0
package/dist/abgr/detector.d.ts +45 -0
package/dist/abgr/detector.d.ts.map +1 -0
package/dist/abgr/detector.js +175 -0
package/dist/abgr/detector.js.map +1 -0
package/dist/abgr/index.d.ts +24 -0
package/dist/abgr/index.d.ts.map +1 -0
package/dist/abgr/index.js +50 -0
package/dist/abgr/index.js.map +1 -0
package/dist/abgr/scorer.d.ts +36 -0
package/dist/abgr/scorer.d.ts.map +1 -0
package/dist/abgr/scorer.js +205 -0
package/dist/abgr/scorer.js.map +1 -0
package/dist/abgr/templates.d.ts +35 -0
package/dist/abgr/templates.d.ts.map +1 -0
package/dist/abgr/templates.js +668 -0
package/dist/abgr/templates.js.map +1 -0
package/dist/abgr/tier.d.ts +27 -0
package/dist/abgr/tier.d.ts.map +1 -0
package/dist/abgr/tier.js +115 -0
package/dist/abgr/tier.js.map +1 -0
package/dist/abgr/types.d.ts +59 -0
package/dist/abgr/types.d.ts.map +1 -0
package/dist/abgr/types.js +10 -0
package/dist/abgr/types.js.map +1 -0
package/dist/agent-scan/checks.d.ts +6 -0
package/dist/agent-scan/checks.d.ts.map +1 -0
package/dist/agent-scan/checks.js +93 -0
package/dist/agent-scan/checks.js.map +1 -0
package/dist/agent-scan/index.d.ts +10 -0
package/dist/agent-scan/index.d.ts.map +1 -0
package/dist/agent-scan/index.js +16 -0
package/dist/agent-scan/index.js.map +1 -0
package/dist/agent-scan/scanner.d.ts +31 -0
package/dist/agent-scan/scanner.d.ts.map +1 -0
package/dist/agent-scan/scanner.js +484 -0
package/dist/agent-scan/scanner.js.map +1 -0
package/dist/agent-scan/types.d.ts +63 -0
package/dist/agent-scan/types.d.ts.map +1 -0
package/dist/agent-scan/types.js +10 -0
package/dist/agent-scan/types.js.map +1 -0
package/dist/arp/cli/index.d.ts +3 -0
package/dist/arp/cli/index.d.ts.map +1 -0
package/dist/arp/cli/index.js +225 -0
package/dist/arp/cli/index.js.map +1 -0
package/dist/arp/config/loader.d.ts +8 -0
package/dist/arp/config/loader.d.ts.map +1 -0
package/dist/arp/config/loader.js +102 -0
package/dist/arp/config/loader.js.map +1 -0
package/dist/arp/enforcement/kill-switch.d.ts +22 -0
package/dist/arp/enforcement/kill-switch.d.ts.map +1 -0
package/dist/arp/enforcement/kill-switch.js +122 -0
package/dist/arp/enforcement/kill-switch.js.map +1 -0
package/dist/arp/engine/event-engine.d.ts +29 -0
package/dist/arp/engine/event-engine.d.ts.map +1 -0
package/dist/arp/engine/event-engine.js +233 -0
package/dist/arp/engine/event-engine.js.map +1 -0
package/dist/arp/index.d.ts +81 -0
package/dist/arp/index.d.ts.map +1 -0
package/dist/arp/index.js +239 -0
package/dist/arp/index.js.map +1 -0
package/dist/arp/intelligence/adapters.d.ts +45 -0
package/dist/arp/intelligence/adapters.d.ts.map +1 -0
package/dist/arp/intelligence/adapters.js +222 -0
package/dist/arp/intelligence/adapters.js.map +1 -0
package/dist/arp/intelligence/anomaly.d.ts +32 -0
package/dist/arp/intelligence/anomaly.d.ts.map +1 -0
package/dist/arp/intelligence/anomaly.js +80 -0
package/dist/arp/intelligence/anomaly.js.map +1 -0
package/dist/arp/intelligence/budget.d.ts +33 -0
package/dist/arp/intelligence/budget.d.ts.map +1 -0
package/dist/arp/intelligence/budget.js +150 -0
package/dist/arp/intelligence/budget.js.map +1 -0
package/dist/arp/intelligence/coordinator.d.ts +43 -0
package/dist/arp/intelligence/coordinator.d.ts.map +1 -0
package/dist/arp/intelligence/coordinator.js +301 -0
package/dist/arp/intelligence/coordinator.js.map +1 -0
package/dist/arp/interceptors/a2a-protocol.d.ts +29 -0
package/dist/arp/interceptors/a2a-protocol.d.ts.map +1 -0
package/dist/arp/interceptors/a2a-protocol.js +111 -0
package/dist/arp/interceptors/a2a-protocol.js.map +1 -0
package/dist/arp/interceptors/filesystem.d.ts +33 -0
package/dist/arp/interceptors/filesystem.d.ts.map +1 -0
package/dist/arp/interceptors/filesystem.js +199 -0
package/dist/arp/interceptors/filesystem.js.map +1 -0
package/dist/arp/interceptors/mcp-protocol.d.ts +25 -0
package/dist/arp/interceptors/mcp-protocol.d.ts.map +1 -0
package/dist/arp/interceptors/mcp-protocol.js +126 -0
package/dist/arp/interceptors/mcp-protocol.js.map +1 -0
package/dist/arp/interceptors/network.d.ts +26 -0
package/dist/arp/interceptors/network.d.ts.map +1 -0
package/dist/arp/interceptors/network.js +146 -0
package/dist/arp/interceptors/network.js.map +1 -0
package/dist/arp/interceptors/process.d.ts +26 -0
package/dist/arp/interceptors/process.d.ts.map +1 -0
package/dist/arp/interceptors/process.js +157 -0
package/dist/arp/interceptors/process.js.map +1 -0
package/dist/arp/interceptors/prompt.d.ts +29 -0
package/dist/arp/interceptors/prompt.d.ts.map +1 -0
package/dist/arp/interceptors/prompt.js +82 -0
package/dist/arp/interceptors/prompt.js.map +1 -0
package/dist/arp/license/index.d.ts +59 -0
package/dist/arp/license/index.d.ts.map +1 -0
package/dist/arp/license/index.js +78 -0
package/dist/arp/license/index.js.map +1 -0
package/dist/arp/monitors/filesystem.d.ts +21 -0
package/dist/arp/monitors/filesystem.d.ts.map +1 -0
package/dist/arp/monitors/filesystem.js +141 -0
package/dist/arp/monitors/filesystem.js.map +1 -0
package/dist/arp/monitors/network.d.ts +32 -0
package/dist/arp/monitors/network.d.ts.map +1 -0
package/dist/arp/monitors/network.js +301 -0
package/dist/arp/monitors/network.js.map +1 -0
package/dist/arp/monitors/process.d.ts +24 -0
package/dist/arp/monitors/process.d.ts.map +1 -0
package/dist/arp/monitors/process.js +205 -0
package/dist/arp/monitors/process.js.map +1 -0
package/dist/arp/patterns/ai-threats.d.ts +48 -0
package/dist/arp/patterns/ai-threats.d.ts.map +1 -0
package/dist/arp/patterns/ai-threats.js +215 -0
package/dist/arp/patterns/ai-threats.js.map +1 -0
package/dist/arp/proxy/forward.d.ts +23 -0
package/dist/arp/proxy/forward.d.ts.map +1 -0
package/dist/arp/proxy/forward.js +152 -0
package/dist/arp/proxy/forward.js.map +1 -0
package/dist/arp/proxy/server.d.ts +45 -0
package/dist/arp/proxy/server.d.ts.map +1 -0
package/dist/arp/proxy/server.js +331 -0
package/dist/arp/proxy/server.js.map +1 -0
package/dist/arp/reporting/local-log.d.ts +22 -0
package/dist/arp/reporting/local-log.d.ts.map +1 -0
package/dist/arp/reporting/local-log.js +116 -0
package/dist/arp/reporting/local-log.js.map +1 -0
package/dist/arp/types.d.ts +230 -0
package/dist/arp/types.d.ts.map +1 -0
package/dist/arp/types.js +4 -0
package/dist/arp/types.js.map +1 -0
package/dist/attack/custom-payloads.d.ts +11 -0
package/dist/attack/custom-payloads.d.ts.map +1 -0
package/dist/attack/custom-payloads.js +108 -0
package/dist/attack/custom-payloads.js.map +1 -0
package/dist/attack/fail-policy.d.ts +16 -0
package/dist/attack/fail-policy.d.ts.map +1 -0
package/dist/attack/fail-policy.js +36 -0
package/dist/attack/fail-policy.js.map +1 -0
package/dist/attack/index.d.ts +12 -0
package/dist/attack/index.d.ts.map +1 -0
package/dist/attack/index.js +30 -0
package/dist/attack/index.js.map +1 -0
package/dist/attack/payloads/a2a-attacks.d.ts +12 -0
package/dist/attack/payloads/a2a-attacks.d.ts.map +1 -0
package/dist/attack/payloads/a2a-attacks.js +221 -0
package/dist/attack/payloads/a2a-attacks.js.map +1 -0
package/dist/attack/payloads/capability-abuse.d.ts +8 -0
package/dist/attack/payloads/capability-abuse.d.ts.map +1 -0
package/dist/attack/payloads/capability-abuse.js +222 -0
package/dist/attack/payloads/capability-abuse.js.map +1 -0
package/dist/attack/payloads/context-manipulation.d.ts +8 -0
package/dist/attack/payloads/context-manipulation.d.ts.map +1 -0
package/dist/attack/payloads/context-manipulation.js +217 -0
package/dist/attack/payloads/context-manipulation.js.map +1 -0
package/dist/attack/payloads/data-exfiltration.d.ts +8 -0
package/dist/attack/payloads/data-exfiltration.d.ts.map +1 -0
package/dist/attack/payloads/data-exfiltration.js +249 -0
package/dist/attack/payloads/data-exfiltration.js.map +1 -0
package/dist/attack/payloads/index.d.ts +29 -0
package/dist/attack/payloads/index.d.ts.map +1 -0
package/dist/attack/payloads/index.js +76 -0
package/dist/attack/payloads/index.js.map +1 -0
package/dist/attack/payloads/jailbreak.d.ts +8 -0
package/dist/attack/payloads/jailbreak.d.ts.map +1 -0
package/dist/attack/payloads/jailbreak.js +265 -0
package/dist/attack/payloads/jailbreak.js.map +1 -0
package/dist/attack/payloads/mcp-exploitation.d.ts +12 -0
package/dist/attack/payloads/mcp-exploitation.d.ts.map +1 -0
package/dist/attack/payloads/mcp-exploitation.js +221 -0
package/dist/attack/payloads/mcp-exploitation.js.map +1 -0
package/dist/attack/payloads/prompt-injection.d.ts +8 -0
package/dist/attack/payloads/prompt-injection.d.ts.map +1 -0
package/dist/attack/payloads/prompt-injection.js +262 -0
package/dist/attack/payloads/prompt-injection.js.map +1 -0
package/dist/attack/scanner.d.ts +84 -0
package/dist/attack/scanner.d.ts.map +1 -0
package/dist/attack/scanner.js +509 -0
package/dist/attack/scanner.js.map +1 -0
package/dist/attack/types.d.ts +153 -0
package/dist/attack/types.d.ts.map +1 -0
package/dist/attack/types.js +46 -0
package/dist/attack/types.js.map +1 -0
package/dist/benchmarks/index.d.ts +16 -0
package/dist/benchmarks/index.d.ts.map +1 -0
package/dist/benchmarks/index.js +27 -0
package/dist/benchmarks/index.js.map +1 -0
package/dist/benchmarks/oasb-1.d.ts +112 -0
package/dist/benchmarks/oasb-1.d.ts.map +1 -0
package/dist/benchmarks/oasb-1.js +1124 -0
package/dist/benchmarks/oasb-1.js.map +1 -0
package/dist/checker/check-skill.d.ts +48 -0
package/dist/checker/check-skill.d.ts.map +1 -0
package/dist/checker/check-skill.js +105 -0
package/dist/checker/check-skill.js.map +1 -0
package/dist/checker/index.d.ts +12 -0
package/dist/checker/index.d.ts.map +1 -0
package/dist/checker/index.js +16 -0
package/dist/checker/index.js.map +1 -0
package/dist/checker/permission-analyzer.d.ts +12 -0
package/dist/checker/permission-analyzer.d.ts.map +1 -0
package/dist/checker/permission-analyzer.js +84 -0
package/dist/checker/permission-analyzer.js.map +1 -0
package/dist/checker/publisher-verifier.d.ts +34 -0
package/dist/checker/publisher-verifier.d.ts.map +1 -0
package/dist/checker/publisher-verifier.js +121 -0
package/dist/checker/publisher-verifier.js.map +1 -0
package/dist/checker/skill-identifier.d.ts +14 -0
package/dist/checker/skill-identifier.d.ts.map +1 -0
package/dist/checker/skill-identifier.js +55 -0
package/dist/checker/skill-identifier.js.map +1 -0
package/dist/cli.d.ts +7 -0
package/dist/cli.d.ts.map +1 -0
package/dist/cli.js +3534 -0
package/dist/cli.js.map +1 -0
package/dist/hardening/index.d.ts +7 -0
package/dist/hardening/index.d.ts.map +1 -0
package/dist/hardening/index.js +9 -0
package/dist/hardening/index.js.map +1 -0
package/dist/hardening/llm-checks.d.ts +18 -0
package/dist/hardening/llm-checks.d.ts.map +1 -0
package/dist/hardening/llm-checks.js +434 -0
package/dist/hardening/llm-checks.js.map +1 -0
package/dist/hardening/mcp-tool-enum.d.ts +45 -0
package/dist/hardening/mcp-tool-enum.d.ts.map +1 -0
package/dist/hardening/mcp-tool-enum.js +315 -0
package/dist/hardening/mcp-tool-enum.js.map +1 -0
package/dist/hardening/scanner.d.ts +147 -0
package/dist/hardening/scanner.d.ts.map +1 -0
package/dist/hardening/scanner.js +5445 -0
package/dist/hardening/scanner.js.map +1 -0
package/dist/hardening/security-check.d.ts +85 -0
package/dist/hardening/security-check.d.ts.map +1 -0
package/dist/hardening/security-check.js +6 -0
package/dist/hardening/security-check.js.map +1 -0
package/dist/hardening/shell-checks.d.ts +21 -0
package/dist/hardening/shell-checks.d.ts.map +1 -0
package/dist/hardening/shell-checks.js +236 -0
package/dist/hardening/shell-checks.js.map +1 -0
package/dist/index.d.ts +38 -4
package/dist/index.d.ts.map +1 -1
package/dist/index.js +91 -3525
package/dist/index.js.map +1 -1
package/dist/mcp-server.js +10 -10
package/dist/mcp-server.js.map +1 -1
package/dist/oasb/config/dvaa-targets.d.ts +13 -0
package/dist/oasb/config/dvaa-targets.d.ts.map +1 -0
package/dist/oasb/config/dvaa-targets.js +89 -0
package/dist/oasb/config/dvaa-targets.js.map +1 -0
package/dist/oasb/harness/arp-wrapper.d.ts +29 -0
package/dist/oasb/harness/arp-wrapper.d.ts.map +1 -0
package/dist/oasb/harness/arp-wrapper.js +134 -0
package/dist/oasb/harness/arp-wrapper.js.map +1 -0
package/dist/oasb/harness/dvaa-client.d.ts +46 -0
package/dist/oasb/harness/dvaa-client.d.ts.map +1 -0
package/dist/oasb/harness/dvaa-client.js +98 -0
package/dist/oasb/harness/dvaa-client.js.map +1 -0
package/dist/oasb/harness/dvaa-manager.d.ts +17 -0
package/dist/oasb/harness/dvaa-manager.d.ts.map +1 -0
package/dist/oasb/harness/dvaa-manager.js +132 -0
package/dist/oasb/harness/dvaa-manager.js.map +1 -0
package/dist/oasb/harness/event-collector.d.ts +33 -0
package/dist/oasb/harness/event-collector.d.ts.map +1 -0
package/dist/oasb/harness/event-collector.js +86 -0
package/dist/oasb/harness/event-collector.js.map +1 -0
package/dist/oasb/harness/metrics.d.ts +14 -0
package/dist/oasb/harness/metrics.d.ts.map +1 -0
package/dist/oasb/harness/metrics.js +56 -0
package/dist/oasb/harness/metrics.js.map +1 -0
package/dist/oasb/harness/mock-llm-adapter.d.ts +34 -0
package/dist/oasb/harness/mock-llm-adapter.d.ts.map +1 -0
package/dist/oasb/harness/mock-llm-adapter.js +69 -0
package/dist/oasb/harness/mock-llm-adapter.js.map +1 -0
package/dist/oasb/harness/types.d.ts +74 -0
package/dist/oasb/harness/types.d.ts.map +1 -0
package/dist/oasb/harness/types.js +3 -0
package/dist/oasb/harness/types.js.map +1 -0
package/dist/plugins/core.d.ts +109 -0
package/dist/plugins/core.d.ts.map +1 -0
package/dist/plugins/core.js +30 -0
package/dist/plugins/core.js.map +1 -0
package/dist/plugins/credvault.d.ts +22 -0
package/dist/plugins/credvault.d.ts.map +1 -0
package/dist/plugins/credvault.js +374 -0
package/dist/plugins/credvault.js.map +1 -0
package/dist/plugins/signcrypt.d.ts +27 -0
package/dist/plugins/signcrypt.d.ts.map +1 -0
package/dist/plugins/signcrypt.js +317 -0
package/dist/plugins/signcrypt.js.map +1 -0
package/dist/plugins/skillguard.d.ts +25 -0
package/dist/plugins/skillguard.d.ts.map +1 -0
package/dist/plugins/skillguard.js +346 -0
package/dist/plugins/skillguard.js.map +1 -0
package/dist/registry/client.d.ts +125 -0
package/dist/registry/client.d.ts.map +1 -0
package/dist/registry/client.js +308 -0
package/dist/registry/client.js.map +1 -0
package/dist/registry/contribution.d.ts +178 -0
package/dist/registry/contribution.d.ts.map +1 -0
package/dist/registry/contribution.js +272 -0
package/dist/registry/contribution.js.map +1 -0
package/dist/registry/index.d.ts +3 -0
package/dist/registry/index.d.ts.map +1 -0
package/dist/registry/index.js +10 -0
package/dist/registry/index.js.map +1 -0
package/dist/scanner/external-scanner.d.ts +13 -0
package/dist/scanner/external-scanner.d.ts.map +1 -0
package/dist/scanner/external-scanner.js +299 -0
package/dist/scanner/external-scanner.js.map +1 -0
package/dist/scanner/index.d.ts +6 -0
package/dist/scanner/index.d.ts.map +1 -0
package/dist/scanner/index.js +9 -0
package/dist/scanner/index.js.map +1 -0
package/dist/scanner/types.d.ts +32 -0
package/dist/scanner/types.d.ts.map +1 -0
package/dist/scanner/types.js +6 -0
package/dist/scanner/types.js.map +1 -0
package/dist/semantic/deep-scan.d.ts +13 -0
package/dist/semantic/deep-scan.d.ts.map +1 -0
package/dist/semantic/deep-scan.js +63 -0
package/dist/semantic/deep-scan.js.map +1 -0
package/dist/semantic/index.d.ts +17 -0
package/dist/semantic/index.d.ts.map +1 -0
package/dist/semantic/index.js +39 -0
package/dist/semantic/index.js.map +1 -0
package/dist/semantic/integration/cost-estimator.d.ts +17 -0
package/dist/semantic/integration/cost-estimator.d.ts.map +1 -0
package/dist/semantic/integration/cost-estimator.js +54 -0
package/dist/semantic/integration/cost-estimator.js.map +1 -0
package/dist/semantic/integration/finding-adapter.d.ts +34 -0
package/dist/semantic/integration/finding-adapter.d.ts.map +1 -0
package/dist/semantic/integration/finding-adapter.js +41 -0
package/dist/semantic/integration/finding-adapter.js.map +1 -0
package/dist/semantic/integration/oasb-upgrader.d.ts +20 -0
package/dist/semantic/integration/oasb-upgrader.d.ts.map +1 -0
package/dist/semantic/integration/oasb-upgrader.js +47 -0
package/dist/semantic/integration/oasb-upgrader.js.map +1 -0
package/dist/semantic/llm/budget.d.ts +50 -0
package/dist/semantic/llm/budget.d.ts.map +1 -0
package/dist/semantic/llm/budget.js +139 -0
package/dist/semantic/llm/budget.js.map +1 -0
package/dist/semantic/llm/cache.d.ts +36 -0
package/dist/semantic/llm/cache.d.ts.map +1 -0
package/dist/semantic/llm/cache.js +103 -0
package/dist/semantic/llm/cache.js.map +1 -0
package/dist/semantic/llm/client.d.ts +49 -0
package/dist/semantic/llm/client.d.ts.map +1 -0
package/dist/semantic/llm/client.js +64 -0
package/dist/semantic/llm/client.js.map +1 -0
package/dist/semantic/llm/index.d.ts +33 -0
package/dist/semantic/llm/index.d.ts.map +1 -0
package/dist/semantic/llm/index.js +129 -0
package/dist/semantic/llm/index.js.map +1 -0
package/dist/semantic/llm/prompts.d.ts +30 -0
package/dist/semantic/llm/prompts.d.ts.map +1 -0
package/dist/semantic/llm/prompts.js +120 -0
package/dist/semantic/llm/prompts.js.map +1 -0
package/dist/semantic/structural/credential-context.d.ts +14 -0
package/dist/semantic/structural/credential-context.d.ts.map +1 -0
package/dist/semantic/structural/credential-context.js +295 -0
package/dist/semantic/structural/credential-context.js.map +1 -0
package/dist/semantic/structural/index.d.ts +28 -0
package/dist/semantic/structural/index.d.ts.map +1 -0
package/dist/semantic/structural/index.js +138 -0
package/dist/semantic/structural/index.js.map +1 -0
package/dist/semantic/structural/instruction.d.ts +19 -0
package/dist/semantic/structural/instruction.d.ts.map +1 -0
package/dist/semantic/structural/instruction.js +167 -0
package/dist/semantic/structural/instruction.js.map +1 -0
package/dist/semantic/structural/mcp-config.d.ts +22 -0
package/dist/semantic/structural/mcp-config.d.ts.map +1 -0
package/dist/semantic/structural/mcp-config.js +294 -0
package/dist/semantic/structural/mcp-config.js.map +1 -0
package/dist/semantic/structural/permission-model.d.ts +16 -0
package/dist/semantic/structural/permission-model.d.ts.map +1 -0
package/dist/semantic/structural/permission-model.js +121 -0
package/dist/semantic/structural/permission-model.js.map +1 -0
package/dist/semantic/types.d.ts +122 -0
package/dist/semantic/types.d.ts.map +1 -0
package/dist/semantic/types.js +10 -0
package/dist/semantic/types.js.map +1 -0
package/package.json +25 -14

package/dist/semantic/structural/permission-model.js ADDED Viewed

@@ -0,0 +1,121 @@
+"use strict";
+/**
+ * Permission Scope Analysis (Layer 2)
+ *
+ * Parses .claude/settings.json and similar config files to detect:
+ * - Wildcard permissions (allow: ["*"])
+ * - Bash tool with no restrictions
+ * - Write/Edit granted outside project scope
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PermissionModelAnalyzer = void 0;
+class PermissionModelAnalyzer {
+    analyze(files) {
+        const findings = [];
+        for (const file of files) {
+            if (file.type !== 'claude_settings')
+                continue;
+            let settings;
+            try {
+                settings = JSON.parse(file.content);
+            }
+            catch {
+                continue;
+            }
+            findings.push(...this.checkWildcardPermissions(settings, file));
+            findings.push(...this.checkBashPermissions(settings, file));
+            findings.push(...this.checkWriteScope(settings, file));
+        }
+        return findings;
+    }
+    checkWildcardPermissions(settings, file) {
+        const allow = settings.permissions?.allow;
+        if (!allow)
+            return [];
+        if (allow.includes('*')) {
+            return [
+                {
+                    id: 'SEM-PERM-001',
+                    title: 'Wildcard permission grant',
+                    description: `${file.path} grants permissions.allow: ["*"], allowing the agent unrestricted access to all tools.`,
+                    rationale: 'Wildcard permissions disable all tool-level access controls. The agent can read, write, execute, and network without any restrictions.',
+                    category: 'permission',
+                    severity: 'critical',
+                    file: file.path,
+                    recommendation: 'Replace wildcard with specific tool permissions: ["Read", "Glob", "Grep"] for read-only, adding "Edit", "Write", "Bash" only as needed.',
+                    layer: 2,
+                    autoFixable: false,
+                },
+            ];
+        }
+        return [];
+    }
+    checkBashPermissions(settings, file) {
+        const allow = settings.permissions?.allow;
+        if (!allow)
+            return [];
+        // Check for unrestricted Bash access
+        const bashEntries = allow.filter((p) => typeof p === 'string' && p.toLowerCase().startsWith('bash'));
+        // If Bash is allowed without any pattern restriction
+        const hasUnrestrictedBash = bashEntries.some((entry) => {
+            // "Bash" or "Bash(*)" is unrestricted
+            return entry === 'Bash' || entry === 'Bash(*)';
+        });
+        if (hasUnrestrictedBash) {
+            return [
+                {
+                    id: 'SEM-PERM-002',
+                    title: 'Unrestricted Bash access',
+                    description: `${file.path} grants unrestricted Bash tool access. The agent can execute any shell command.`,
+                    rationale: 'Unrestricted Bash access allows arbitrary command execution including reading/writing any file, making network requests, installing packages, and modifying system configuration.',
+                    category: 'permission',
+                    severity: 'high',
+                    file: file.path,
+                    recommendation: 'Restrict Bash to specific commands: "Bash(npm test)", "Bash(git *)" or use deny rules to block dangerous commands.',
+                    layer: 2,
+                    autoFixable: false,
+                },
+            ];
+        }
+        return [];
+    }
+    checkWriteScope(settings, file) {
+        const allow = settings.permissions?.allow;
+        if (!allow)
+            return [];
+        // Check for Write/Edit with paths outside the project
+        const writeEntries = allow.filter((p) => {
+            if (typeof p !== 'string')
+                return false;
+            const lower = p.toLowerCase();
+            return lower.startsWith('write') || lower.startsWith('edit');
+        });
+        const outsidePaths = writeEntries.filter((entry) => {
+            // Check if the permission references paths outside project
+            return (entry.includes('/home/') ||
+                entry.includes('/Users/') ||
+                entry.includes('/etc/') ||
+                entry.includes('/tmp/') ||
+                entry.includes('/var/'));
+        });
+        if (outsidePaths.length > 0) {
+            return [
+                {
+                    id: 'SEM-PERM-003',
+                    title: 'Write access outside project scope',
+                    description: `${file.path} grants write access to paths outside the project directory: ${outsidePaths.join(', ')}`,
+                    rationale: 'Write access outside the project directory allows the agent to modify system files, other projects, or user configuration. This significantly increases the blast radius of any compromise.',
+                    category: 'permission',
+                    severity: 'high',
+                    file: file.path,
+                    recommendation: 'Scope write permissions to the project directory only. Remove paths outside the project from the allow list.',
+                    layer: 2,
+                    autoFixable: false,
+                },
+            ];
+        }
+        return [];
+    }
+}
+exports.PermissionModelAnalyzer = PermissionModelAnalyzer;
+//# sourceMappingURL=permission-model.js.map

package/dist/semantic/structural/permission-model.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"permission-model.js","sourceRoot":"","sources":["../../../src/semantic/structural/permission-model.ts"],"names":[],"mappings":";AAAA;;;;;;;GAOG;;;AAIH,MAAa,uBAAuB;IAClC,OAAO,CAAC,KAAqB;QAC3B,MAAM,QAAQ,GAAsB,EAAE,CAAC;QAEvC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,IAAI,IAAI,CAAC,IAAI,KAAK,iBAAiB;gBAAE,SAAS;YAE9C,IAAI,QAAwB,CAAC;YAC7B,IAAI,CAAC;gBACH,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YACtC,CAAC;YAAC,MAAM,CAAC;gBACP,SAAS;YACX,CAAC;YAED,QAAQ,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,wBAAwB,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC,CAAC;YAChE,QAAQ,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,oBAAoB,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC,CAAC;YAC5D,QAAQ,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,eAAe,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC,CAAC;QACzD,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;IAEO,wBAAwB,CAC9B,QAAwB,EACxB,IAAkB;QAElB,MAAM,KAAK,GAAG,QAAQ,CAAC,WAAW,EAAE,KAAK,CAAC;QAC1C,IAAI,CAAC,KAAK;YAAE,OAAO,EAAE,CAAC;QAEtB,IAAI,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YACxB,OAAO;gBACL;oBACE,EAAE,EAAE,cAAc;oBAClB,KAAK,EAAE,2BAA2B;oBAClC,WAAW,EAAE,GAAG,IAAI,CAAC,IAAI,wFAAwF;oBACjH,SAAS,EACP,wIAAwI;oBAC1I,QAAQ,EAAE,YAAY;oBACtB,QAAQ,EAAE,UAAU;oBACpB,IAAI,EAAE,IAAI,CAAC,IAAI;oBACf,cAAc,EACZ,yIAAyI;oBAC3I,KAAK,EAAE,CAAC;oBACR,WAAW,EAAE,KAAK;iBACnB;aACF,CAAC;QACJ,CAAC;QAED,OAAO,EAAE,CAAC;IACZ,CAAC;IAEO,oBAAoB,CAC1B,QAAwB,EACxB,IAAkB;QAElB,MAAM,KAAK,GAAG,QAAQ,CAAC,WAAW,EAAE,KAAK,CAAC;QAC1C,IAAI,CAAC,KAAK;YAAE,OAAO,EAAE,CAAC;QAEtB,qCAAqC;QACrC,MAAM,WAAW,GAAG,KAAK,CAAC,MAAM,CAC9B,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC,UAAU,CAAC,MAAM,CAAC,CACnE,CAAC;QAEF,qDAAqD;QACrD,MAAM,mBAAmB,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE;YACrD,sCAAsC;YACtC,OAAO,KAAK,KAAK,MAAM,IAAI,KAAK,KAAK,SAAS,CAAC;QACjD,CAAC,CAAC,CAAC;QAEH,IAAI,mBAAmB,EAAE,CAAC;YACxB,OAAO;gBACL;oBACE,EAAE,EAAE,cAAc;oBAClB,KAAK,EAAE,0BAA0B;oBACjC,WAAW,EAAE,GAAG,IAAI,CAAC,IAAI,iFAAiF;oBAC1G,SAAS,EACP,mLAAmL;oBACrL,QAAQ,EAAE,YAAY;oBACtB,QAAQ,EAAE,MAAM;oBAChB,IAAI,EAAE,IAAI,CAAC,IAAI;oBACf,cAAc,EACZ,oHAAoH;oBACtH,KAAK,EAAE,CAAC;oBACR,WAAW,EAAE,KAAK;iBACnB;aACF,CAAC;QACJ,CAAC;QAED,OAAO,EAAE,CAAC;IACZ,CAAC;IAEO,eAAe,CACrB,QAAwB,EACxB,IAAkB;QAElB,MAAM,KAAK,GAAG,QAAQ,CAAC,WAAW,EAAE,KAAK,CAAC;QAC1C,IAAI,CAAC,KAAK;YAAE,OAAO,EAAE,CAAC;QAEtB,sDAAsD;QACtD,MAAM,YAAY,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE;YACtC,IAAI,OAAO,CAAC,KAAK,QAAQ;gBAAE,OAAO,KAAK,CAAC;YACxC,MAAM,KAAK,GAAG,CAAC,CAAC,WAAW,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,UAAU,CAAC,OAAO,CAAC,IAAI,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;QAC/D,CAAC,CAAC,CAAC;QAEH,MAAM,YAAY,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE;YACjD,2DAA2D;YAC3D,OAAO,CACL,KAAK,CAAC,QAAQ,CAAC,QAAQ,CAAC;gBACxB,KAAK,CAAC,QAAQ,CAAC,SAAS,CAAC;gBACzB,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC;gBACvB,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC;gBACvB,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC,CACxB,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC5B,OAAO;gBACL;oBACE,EAAE,EAAE,cAAc;oBAClB,KAAK,EAAE,oCAAoC;oBAC3C,WAAW,EAAE,GAAG,IAAI,CAAC,IAAI,gEAAgE,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;oBAClH,SAAS,EACP,6LAA6L;oBAC/L,QAAQ,EAAE,YAAY;oBACtB,QAAQ,EAAE,MAAM;oBAChB,IAAI,EAAE,IAAI,CAAC,IAAI;oBACf,cAAc,EACZ,8GAA8G;oBAChH,KAAK,EAAE,CAAC;oBACR,WAAW,EAAE,KAAK;iBACnB;aACF,CAAC;QACJ,CAAC;QAED,OAAO,EAAE,CAAC;IACZ,CAAC;CACF;AAzID,0DAyIC"}

package/dist/semantic/types.d.ts ADDED Viewed

@@ -0,0 +1,122 @@
+/**
+ * Semantic Analysis Engine Types
+ *
+ * Types shared across Layer 2 (structural) and Layer 3 (LLM) analysis.
+ * These are internal to the semantic engine — the integration layer
+ * converts SemanticFinding → SecurityFinding for the core scanner.
+ */
+export type SemanticSeverity = 'critical' | 'high' | 'medium' | 'low' | 'info';
+export type SemanticCategory = 'credential' | 'mcp-config' | 'instruction' | 'permission';
+export interface SemanticFinding {
+    /** Check ID (e.g., SEM-CRED-001) */
+    id: string;
+    /** Short title */
+    title: string;
+    /** Detailed description of the finding */
+    description: string;
+    /** Why this is a threat */
+    rationale: string;
+    /** Category for grouping */
+    category: SemanticCategory;
+    severity: SemanticSeverity;
+    /** Relative file path where the issue was found */
+    file: string;
+    /** Line number (1-based), if applicable */
+    line?: number;
+    /** Specific fix recommendation */
+    recommendation: string;
+    /** Which analysis layer found this */
+    layer: 2 | 3;
+    /** Whether this can be auto-fixed */
+    autoFixable: boolean;
+}
+export interface AnalysisContext {
+    /** Root directory being analyzed */
+    targetDir: string;
+    /** Files discovered for analysis, keyed by category */
+    files: AnalysisFile[];
+    /** Findings from Layer 1 (regex) — used as context for deeper analysis */
+    existingFindings?: ExistingFinding[];
+}
+export interface AnalysisFile {
+    /** Relative path from targetDir */
+    path: string;
+    /** File type classification */
+    type: FileType;
+    /** File content (truncated if over maxContentSize) */
+    content: string;
+    /** Whether content was truncated */
+    truncated: boolean;
+}
+export type FileType = 'agent_instructions' | 'mcp_config' | 'claude_settings' | 'env_file' | 'config_file' | 'other';
+export interface ExistingFinding {
+    checkId: string;
+    severity: string;
+    file?: string;
+    message: string;
+}
+export interface LLMAnalysisOptions {
+    /** Anthropic API key for standalone CLI mode */
+    apiKey: string;
+    /** Max daily spend in USD (default: 1.0) */
+    budgetCap?: number;
+    /** Cache directory (default: .hackmyagent-cache/) */
+    cacheDir?: string;
+    /** Progress callback */
+    onProgress?: (message: string) => void;
+}
+export interface CostEstimate {
+    /** Number of files to analyze */
+    fileCount: number;
+    /** Estimated total input tokens */
+    estimatedInputTokens: number;
+    /** Estimated total output tokens */
+    estimatedOutputTokens: number;
+    /** Estimated cost in USD */
+    estimatedCostUsd: number;
+    /** Number of files that have cached results */
+    cachedFiles: number;
+}
+export interface DeepScanResult {
+    /** Layer 1+2 findings from automated analysis */
+    layer1Findings: ExistingFinding[];
+    layer2Findings: SemanticFinding[];
+    /** Security-relevant files with analysis guidance for the host LLM */
+    filesForDeepAnalysis: DeepAnalysisFile[];
+    /** Overall guidance for the host LLM */
+    overallGuidance: string;
+}
+export interface DeepAnalysisFile {
+    /** Relative file path */
+    path: string;
+    /** File type classification */
+    type: FileType;
+    /** File content (truncated to ~4KB) */
+    content: string;
+    /** Per-file analysis guidance */
+    analysisGuidance: string;
+}
+/**
+ * MCP config structure for parsing
+ */
+export interface McpServerConfig {
+    command: string;
+    args?: string[];
+    env?: Record<string, string>;
+    allowedTools?: string[];
+    allowedCommands?: string[];
+}
+export interface McpConfigFile {
+    mcpServers?: Record<string, McpServerConfig>;
+}
+/**
+ * Claude settings structure
+ */
+export interface ClaudeSettings {
+    permissions?: {
+        allow?: string[];
+        deny?: string[];
+    };
+    mcpServers?: Record<string, McpServerConfig>;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/semantic/types.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/semantic/types.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,MAAM,MAAM,gBAAgB,GAAG,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,GAAG,MAAM,CAAC;AAE/E,MAAM,MAAM,gBAAgB,GACxB,YAAY,GACZ,YAAY,GACZ,aAAa,GACb,YAAY,CAAC;AAEjB,MAAM,WAAW,eAAe;IAC9B,oCAAoC;IACpC,EAAE,EAAE,MAAM,CAAC;IACX,kBAAkB;IAClB,KAAK,EAAE,MAAM,CAAC;IACd,0CAA0C;IAC1C,WAAW,EAAE,MAAM,CAAC;IACpB,2BAA2B;IAC3B,SAAS,EAAE,MAAM,CAAC;IAClB,4BAA4B;IAC5B,QAAQ,EAAE,gBAAgB,CAAC;IAC3B,QAAQ,EAAE,gBAAgB,CAAC;IAC3B,mDAAmD;IACnD,IAAI,EAAE,MAAM,CAAC;IACb,2CAA2C;IAC3C,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,kCAAkC;IAClC,cAAc,EAAE,MAAM,CAAC;IACvB,sCAAsC;IACtC,KAAK,EAAE,CAAC,GAAG,CAAC,CAAC;IACb,qCAAqC;IACrC,WAAW,EAAE,OAAO,CAAC;CACtB;AAED,MAAM,WAAW,eAAe;IAC9B,oCAAoC;IACpC,SAAS,EAAE,MAAM,CAAC;IAClB,uDAAuD;IACvD,KAAK,EAAE,YAAY,EAAE,CAAC;IACtB,0EAA0E;IAC1E,gBAAgB,CAAC,EAAE,eAAe,EAAE,CAAC;CACtC;AAED,MAAM,WAAW,YAAY;IAC3B,mCAAmC;IACnC,IAAI,EAAE,MAAM,CAAC;IACb,+BAA+B;IAC/B,IAAI,EAAE,QAAQ,CAAC;IACf,sDAAsD;IACtD,OAAO,EAAE,MAAM,CAAC;IAChB,oCAAoC;IACpC,SAAS,EAAE,OAAO,CAAC;CACpB;AAED,MAAM,MAAM,QAAQ,GAChB,oBAAoB,GACpB,YAAY,GACZ,iBAAiB,GACjB,UAAU,GACV,aAAa,GACb,OAAO,CAAC;AAEZ,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,kBAAkB;IACjC,gDAAgD;IAChD,MAAM,EAAE,MAAM,CAAC;IACf,4CAA4C;IAC5C,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,qDAAqD;IACrD,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,wBAAwB;IACxB,UAAU,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,KAAK,IAAI,CAAC;CACxC;AAED,MAAM,WAAW,YAAY;IAC3B,iCAAiC;IACjC,SAAS,EAAE,MAAM,CAAC;IAClB,mCAAmC;IACnC,oBAAoB,EAAE,MAAM,CAAC;IAC7B,oCAAoC;IACpC,qBAAqB,EAAE,MAAM,CAAC;IAC9B,4BAA4B;IAC5B,gBAAgB,EAAE,MAAM,CAAC;IACzB,+CAA+C;IAC/C,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,cAAc;IAC7B,iDAAiD;IACjD,cAAc,EAAE,eAAe,EAAE,CAAC;IAClC,cAAc,EAAE,eAAe,EAAE,CAAC;IAClC,sEAAsE;IACtE,oBAAoB,EAAE,gBAAgB,EAAE,CAAC;IACzC,wCAAwC;IACxC,eAAe,EAAE,MAAM,CAAC;CACzB;AAED,MAAM,WAAW,gBAAgB;IAC/B,yBAAyB;IACzB,IAAI,EAAE,MAAM,CAAC;IACb,+BAA+B;IAC/B,IAAI,EAAE,QAAQ,CAAC;IACf,uCAAuC;IACvC,OAAO,EAAE,MAAM,CAAC;IAChB,iCAAiC;IACjC,gBAAgB,EAAE,MAAM,CAAC;CAC1B;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;IAChB,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC7B,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;CAC5B;AAED,MAAM,WAAW,aAAa;IAC5B,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;CAC9C;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,WAAW,CAAC,EAAE;QACZ,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;QACjB,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;KACjB,CAAC;IACF,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;CAC9C"}

package/dist/semantic/types.js ADDED Viewed

@@ -0,0 +1,10 @@
+"use strict";
+/**
+ * Semantic Analysis Engine Types
+ *
+ * Types shared across Layer 2 (structural) and Layer 3 (LLM) analysis.
+ * These are internal to the semantic engine — the integration layer
+ * converts SemanticFinding → SecurityFinding for the core scanner.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=types.js.map

package/dist/semantic/types.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/semantic/types.ts"],"names":[],"mappings":";AAAA;;;;;;GAMG"}

package/package.json CHANGED Viewed

@@ -1,34 +1,42 @@
 {
   "name": "hackmyagent",
-  "version": "0.7.2",
+  "version": "0.8.1",
   "description": "Find it. Break it. Fix it. The hacker's toolkit for AI agents.",
   "bin": {
-    "hackmyagent": "dist/index.js"
+    "hackmyagent": "dist/cli.js"
   },
   "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "exports": {
+    ".": "./dist/index.js",
+    "./plugins": "./dist/plugins/core.js",
+    "./semantic": "./dist/semantic/index.js",
+    "./arp": "./dist/arp/index.js",
+    "./oasb": "./dist/oasb/harness/arp-wrapper.js"
+  },
   "files": [
     "dist",
-    "README.md"
+    "README.md",
+    "LICENSE"
   ],
   "scripts": {
     "build": "tsc",
-    "test": "echo 'No CLI tests yet'",
+    "test": "vitest run",
+    "test:watch": "vitest",
     "lint": "eslint src --ext .ts",
-    "prepublishOnly": "cp ../../README.md ./README.md"
+    "clean": "rm -rf dist"
   },
   "dependencies": {
-    "@opena2a/aim-core": "^0.1.0",
-    "@opena2a/plugin-core": "^0.1.0",
-    "@opena2a/credvault-openclaw": "^0.1.0",
-    "@opena2a/signcrypt-openclaw": "^0.1.0",
-    "@opena2a/semantic-engine": "^0.1.0",
-    "@opena2a/skillguard-openclaw": "^0.1.0",
+    "@opena2a/aim-core": "^0.1.2",
     "@modelcontextprotocol/sdk": "^1.12.1",
     "commander": "^12.0.0",
-    "hackmyagent-core": "^0.5.0"
+    "js-yaml": "^4.1.1"
   },
   "devDependencies": {
-    "typescript": "^5.3.3"
+    "@types/js-yaml": "^4.0.9",
+    "@types/node": "^20.0.0",
+    "typescript": "^5.3.3",
+    "vitest": "^3.0.0"
   },
   "keywords": [
     "ai",
@@ -39,7 +47,10 @@
     "cursor",
     "skills",
     "hardening",
-    "scanner"
+    "scanner",
+    "attack",
+    "benchmark",
+    "runtime-protection"
   ],
   "author": "OpenA2A",
   "license": "Apache-2.0",