hackmyagent 0.9.8 → 0.10.0

package/README.md

@@ -1,4 +1,4 @@
-> **[OpenA2A](https://github.com/opena2a-org)**: [CLI](https://github.com/opena2a-org/opena2a) · [Secretless](https://github.com/opena2a-org/secretless-ai) · [AIM](https://github.com/opena2a-org/agent-identity-management) · [Browser Guard](https://github.com/opena2a-org/AI-BrowserGuard) · [DVAA](https://github.com/opena2a-org/damn-vulnerable-ai-agent) · [Registry](https://registry.opena2a.org)
+> **[OpenA2A](https://github.com/opena2a-org/opena2a)**: [CLI](https://github.com/opena2a-org/opena2a) · [Secretless](https://github.com/opena2a-org/secretless-ai) · [AIM](https://github.com/opena2a-org/agent-identity-management) · [Browser Guard](https://github.com/opena2a-org/AI-BrowserGuard) · [DVAA](https://github.com/opena2a-org/damn-vulnerable-ai-agent) · Registry (coming soon)
 
 # HackMyAgent
 
@@ -6,54 +6,66 @@
 [![License: Apache-2.0](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)
 [![Tests](https://img.shields.io/badge/tests-765%20passing-brightgreen)](https://github.com/opena2a-org/hackmyagent)
 
-**Find it. Break it. Fix it.**
+**AI agents run code with your permissions. Find what can go wrong before an attacker does.**
 
-AI agents execute arbitrary code with your permissions. HackMyAgent finds what can go wrong before an attacker does.
+Security scanner and red-team toolkit for AI agents — 147 checks, 55 adversarial payloads, auto-fix with rollback, runtime protection, and OASB compliance benchmarking.
 
-Security scanner and red-team toolkit for AI agents. 147 security checks across 30 categories, 55 adversarial attack payloads, auto-fix with rollback, and OASB-1 compliance benchmarking -- all in a single package.
+Works with Claude Code, Cursor, VS Code, and any MCP server setup.
 
-Scans Claude Code, Cursor, VS Code, and any MCP server setup.
-
-[Website](https://hackmyagent.com) | [Security Checks Reference](docs/SECURITY_CHECKS.md) | [OpenA2A CLI](https://github.com/opena2a-org/opena2a)
+[Website](https://hackmyagent.com) | [Security Checks Reference](docs/SECURITY_CHECKS.md) | [Demos](https://opena2a.org/demos) | [OpenA2A CLI](https://github.com/opena2a-org/opena2a)
 
 ---
 
-## Quick Start
+## Get Started in 30 Seconds
+
+> **The recommended way to use HackMyAgent is through [`opena2a-cli`](https://github.com/opena2a-org/opena2a)** — the unified CLI for all OpenA2A security tools. It runs HackMyAgent under the hood along with credential scanning, config integrity, and more.
 
 ```bash
-npx hackmyagent secure                # 147-check security scan
-npx hackmyagent secure --fix          # auto-fix issues (backups created automatically)
-npx hackmyagent attack --local        # red-team with 55 adversarial payloads
-npx hackmyagent secure -b oasb-1      # OASB-1 compliance benchmark
+# Recommended: full security review via opena2a-cli
+npx opena2a-cli review
+
+# Or use HackMyAgent directly
+npx hackmyagent secure
 ```
 
-No config files. No setup. Works out of the box on any AI agent project.
+That's it. No config files, no setup, no flags needed.
 
----
+### What happens when you run it?
 
-## What It Scans
+1. **Scans** your project for 147 security issues across 30 categories
+2. **Shows** a prioritized list of findings with severity and fix guidance
+3. **Fixes** issues automatically when you add `--fix` (backups created)
 
-| Platform | What HackMyAgent detects |
-|----------|--------------------------|
-| **Claude Code** | CLAUDE.md misconfigurations, skill permissions, MCP server exposure |
-| **Cursor** | .cursor/ rules, MCP server configs, overly permissive settings |
-| **VS Code** | .vscode/mcp.json configurations, extension risks |
-| **Any MCP setup** | Transport security, tool boundaries, auth weaknesses |
+```
+┌──────────────────────────────────────────────────┐
+│  HackMyAgent v0.10.0 — Security Scanner          │
+│  Found: 3 critical · 5 high · 12 medium          │
+│                                                  │
+│  CRED-001  critical  Hardcoded API key in .env   │
+│  MCP-003   high      MCP server on 0.0.0.0       │
+│  NET-001   high      Open port exposed           │
+│  ...                                             │
+│                                                  │
+│  Run with --fix to auto-remediate 8 issues       │
+└──────────────────────────────────────────────────┘
+```
 
-All platforms are scanned automatically — no flags needed.
+![HackMyAgent Demo](docs/hackmyagent-demo.gif)
+
+> See all demos at [opena2a.org/demos](https://opena2a.org/demos)
 
 ---
 
 ## Installation
 
 ```bash
-# Run directly (no install)
+# Run without installing (recommended to start)
 npx hackmyagent secure
 
 # Install globally
 npm install -g hackmyagent
 
-# Add to devDependencies
+# Add to your project
 npm install --save-dev hackmyagent
 ```
 
@@ -61,11 +73,32 @@ npm install --save-dev hackmyagent
 
 ---
 
+## Using with opena2a-cli (Recommended)
+
+[`opena2a-cli`](https://github.com/opena2a-org/opena2a) is the main CLI that unifies all OpenA2A security tools. HackMyAgent powers the scanning and benchmarking commands:
+
+| opena2a-cli command | What it runs | Description |
+|---------------------|-------------|-------------|
+| `opena2a review` | HackMyAgent + all tools | Full security dashboard (HTML) |
+| `opena2a init` | HackMyAgent | Security posture assessment with trust score |
+| `opena2a protect` | HackMyAgent + Secretless | Auto-fix findings + credential protection |
+| `opena2a scan` | HackMyAgent | 147-check security scan |
+| `opena2a benchmark` | HackMyAgent | OASB-1 + OASB-2 compliance |
+| `opena2a scan-soul` | HackMyAgent | Behavioral governance (SOUL.md) |
+| `opena2a shield init` | All tools | Full security setup in one command |
+
+```bash
+npm install -g opena2a-cli
+opena2a review    # best place to start
+```
+
+---
+
 ## Commands
 
-### `hackmyagent secure`
+### `hackmyagent secure` — Security Scan
 
-Run 147 security checks across 30 categories. The primary command most users need.
+The primary command. Runs 147 checks across 30 categories.
 
 ```bash
 hackmyagent secure                            # scan current directory
@@ -137,9 +170,9 @@ Use `--dry-run` to preview changes. Backups are created in `.hackmyagent-backup/
 
 ---
 
-### `hackmyagent attack`
+### `hackmyagent attack` — Red Team
 
-Red-team your AI agent with 55 adversarial payloads across 5 attack categories.
+Test your AI agent with 55 adversarial payloads across 5 attack categories.
 
 ```bash
 hackmyagent attack --local                                    # local simulation
@@ -194,7 +227,7 @@ Only `id` and `payload` are required.
 
 ---
 
-### `hackmyagent secure -b oasb-1`
+### `hackmyagent secure -b oasb-1` — OASB-1 Benchmark
 
 Run the [OASB-1](https://oasb.ai/oasb-1) (Open Agent Security Benchmark) — 46 controls across 10 categories with three maturity levels.
 
@@ -233,9 +266,9 @@ Output formats: `text`, `json`, `sarif`, `html`, `asp` (Agent Security Profile).
 
 ---
 
-### `hackmyagent secure -b oasb-2`
+### `hackmyagent secure -b oasb-2` — OASB-2 Composite
 
-Run OASB-2 composite assessment: infrastructure security (OASB-1, 50%) combined with behavioral governance (scan-soul, 50%) for a unified score.
+Infrastructure security (OASB-1, 50%) + behavioral governance (scan-soul, 50%) = unified score.
 
 ```bash
 hackmyagent secure -b oasb-2              # full composite assessment
@@ -243,27 +276,22 @@ hackmyagent secure -b oasb-2 --json       # JSON output
 hackmyagent secure -b oasb-2 --fail-below 60  # CI gate
 ```
 
-Output shows infrastructure score, governance score, composite score, and conformance level. Requires a SOUL.md (or equivalent governance file) in the scanned directory.
+Requires a SOUL.md (or equivalent governance file) in the scanned directory.
 
 ---
 
-### `hackmyagent scan-soul`
+### `hackmyagent scan-soul` — Behavioral Governance
 
-Scan a SOUL.md (or equivalent governance file) against OASB v2 behavioral governance controls. Checks 8 domains and up to 68 controls depending on agent tier.
+Scan a SOUL.md against OASB v2 behavioral governance controls — 8 domains, up to 68 controls.
 
 ```bash
 hackmyagent scan-soul                     # scan current directory
-hackmyagent scan-soul ./my-agent          # scan specific directory
 hackmyagent scan-soul --tier MULTI-AGENT  # override tier detection
-hackmyagent scan-soul --json              # JSON output for CI
-hackmyagent scan-soul --verbose           # show individual control results
 hackmyagent scan-soul --deep              # LLM semantic analysis (requires ANTHROPIC_API_KEY)
-hackmyagent scan-soul --fail-below 60     # exit 1 if score below threshold
+hackmyagent scan-soul --fail-below 60     # CI gate
 ```
 
-Auto-detects governance file in priority order: `SOUL.md` > `system-prompt.md` > `CLAUDE.md` > `.cursorrules` > `agent-config.yaml` and others.
-
-Tier-to-control counts:
+Auto-detects governance file: `SOUL.md` > `system-prompt.md` > `CLAUDE.md` > `.cursorrules` > `agent-config.yaml`.
 
 | Tier | Controls | Use case |
 |------|----------|----------|
@@ -272,117 +300,146 @@ Tier-to-control counts:
 | `AGENTIC` | 65 | Autonomous multi-step agents |
 | `MULTI-AGENT` | 68 | Orchestrators and sub-agent systems |
 
-Conformance levels:
-
-| Level | Criteria |
-|-------|----------|
-| `none` | A critical control (SOUL-IH-003 or SOUL-HB-001) is missing — grade capped at C |
-| `essential` | All critical controls pass |
-| `standard` | All critical + high controls pass, score ≥ 60 |
-| `hardened` | All controls pass, score ≥ 75 |
-
 ---
 
-### `hackmyagent harden-soul`
+### `hackmyagent harden-soul` — Generate Governance
 
-Generate a SOUL.md, or add missing governance sections to an existing one. Existing content is always preserved.
+Generate a SOUL.md or add missing governance sections. Existing content is preserved.
 
 ```bash
 hackmyagent harden-soul                   # add missing sections
 hackmyagent harden-soul --dry-run         # preview without writing
-hackmyagent harden-soul ./my-agent        # target specific directory
-hackmyagent harden-soul --json            # JSON output
 ```
 
-Generates template content for each missing OASB v2 governance domain. Run `scan-soul` after to verify coverage improved.
-
 ---
 
-### `hackmyagent fix-all`
+### `hackmyagent fix-all` — Fix Everything
 
-Run all security plugins in sequence: credential vault, file signing, skill guard. Applies fixes and generates a report.
+Run all security plugins in sequence: credential vault, file signing, skill guard.
 
 ```bash
 hackmyagent fix-all                     # scan and fix
-hackmyagent fix-all ./my-agent          # target specific directory
 hackmyagent fix-all --dry-run           # preview without modifying
-hackmyagent fix-all --scan-only         # scan only, no fixes
 hackmyagent fix-all --with-aim          # add agent identity + audit logging
 hackmyagent fix-all --json              # JSON output
 ```
 
-**Plugins run in order:**
-
 | Plugin | What it does |
 |--------|--------------|
-| **SkillGuard** | Hash pinning, tamper detection, dangerous pattern scanning (reverse shells, exfiltration, prompt injection) |
-| **SignCrypt** | Ed25519 signing of SKILL.md and HEARTBEAT.md, SHA-256 hash pinning, signature verification |
-| **CredVault** | Credential detection (10 patterns), env var replacement, AES-256-GCM encrypted store |
+| **SkillGuard** | Hash pinning, tamper detection, dangerous pattern scanning |
+| **SignCrypt** | Ed25519 signing, SHA-256 hash pinning, signature verification |
+| **CredVault** | Credential detection, env var replacement, AES-256-GCM encrypted store |
 
-**`--with-aim` adds:** Ed25519 agent identity, cryptographic audit log, capability policy enforcement, 8-factor trust scoring.
+`--with-aim` adds: Ed25519 agent identity, cryptographic audit log, capability policy enforcement.
 
 ---
 
-### `hackmyagent check`
+### More Commands
 
-Verify a skill's publisher identity and permissions before installing it.
+| Command | Description |
+|---------|-------------|
+| `hackmyagent check @publisher/skill` | Verify a skill's publisher identity and permissions |
+| `hackmyagent scan example.com` | Scan external infrastructure for exposed AI endpoints |
+| `hackmyagent rollback` | Undo auto-fix changes (backups created automatically) |
+| `hackmyagent secure-openclaw` | 47 specialized checks for OpenClaw installations |
 
-```bash
-hackmyagent check @publisher/skill-name
-hackmyagent check @publisher/skill --json
-hackmyagent check @publisher/skill --offline    # skip DNS verification
-```
+---
 
-Checks: publisher identity (DNS TXT), permissions requested, revocation status.
+## Runtime Protection (ARP)
 
----
+ARP (Agent Runtime Protection) monitors AI agents during execution with a 3-layer intelligence stack:
 
-### `hackmyagent scan`
+- **L0**: Rule-based pattern matching (40+ threat patterns, every event, free)
+- **L1**: Statistical anomaly detection (z-score deviation from baseline, free)
+- **L2**: LLM-assisted assessment (micro-prompts, budget-controlled, ~$0.01/day)
 
-Scan external infrastructure for exposed AI agent endpoints.
+### Monitor Mode
+
+Watches OS-level activity: child processes, network connections, and filesystem changes.
 
 ```bash
-hackmyagent scan example.com
-hackmyagent scan 192.168.1.100 -p 3000,8080
-hackmyagent scan example.com --json
+# Generate config for your project
+opena2a runtime init
+
+# Start monitoring
+opena2a runtime start
+
+# Check status and view events
+opena2a runtime status
+opena2a runtime tail --count 20
 ```
 
-Detects: exposed MCP SSE/tools endpoints, public configs, API keys in responses, debug interfaces.
+### Proxy Mode
 
-Scoring: A (90-100), B (80-89), C (70-79), D (60-69), F (<60).
+HTTP reverse proxy that inspects AI protocol traffic in real-time:
 
-> Only scan systems you own or have written authorization to test.
+```bash
+npx hackmyagent arp-guard proxy --config arp.yaml
+```
 
----
+Detects 40+ attack patterns across three protocols:
 
-### `hackmyagent rollback`
+| Protocol | Detections |
+|----------|------------|
+| **OpenAI API** | Prompt injection (PI-001-003), jailbreak (JB-001-003), data exfiltration (DE-001-003), output leaks (OL-001-003), context manipulation (CM-001-002) |
+| **MCP (JSON-RPC)** | Path traversal (MCP-001), command injection (MCP-002), SSRF (MCP-003), tool allowlist enforcement |
+| **A2A** | Identity spoofing (A2A-001), delegation abuse (A2A-002), trusted agent allowlist, embedded prompt injection |
 
-Undo auto-fix changes. Backups are created automatically by `secure --fix` and `fix-all`.
+### Configuration (arp.yaml)
 
-```bash
-hackmyagent rollback                # rollback current directory
-hackmyagent rollback ./my-project   # rollback specific directory
+```yaml
+agentName: my-agent
+monitors:
+  process: { enabled: true, intervalMs: 5000 }
+  network: { enabled: true, intervalMs: 10000, allowedHosts: [localhost] }
+  filesystem: { enabled: true }
+aiLayer:
+  prompt: true
+  mcp-protocol: true
+  a2a-protocol: true
+proxy:
+  port: 8080
+  blockOnDetection: false
+  upstreams:
+    - pathPrefix: /v1
+      target: http://localhost:3000
+      protocol: openai-api
 ```
 
----
+### Programmatic API
 
-### `hackmyagent secure-openclaw`
+```typescript
+import { AgentRuntimeProtection } from 'hackmyagent/arp';
 
-47 specialized checks for OpenClaw/Moltbot installations.
+const arp = new AgentRuntimeProtection('arp.yaml');
+await arp.start();
 
-```bash
-hackmyagent secure-openclaw                    # scan default location
-hackmyagent secure-openclaw ~/.moltbot         # specific directory
-hackmyagent secure-openclaw --fix              # auto-fix gateway configs
-hackmyagent secure-openclaw --fix --dry-run    # preview fixes
+arp.onEvent((event) => console.log(event.severity, event.description));
+arp.onEnforcement((result) => console.log(result.action, result.event));
+
+// When done
+await arp.stop();
 ```
 
-Detects: CVE-2026-25253, ClawHavoc IOCs, reverse shells, credential exfiltration, gateway misconfigs, disabled sandbox.
+---
+
+## What It Scans
+
+| Platform | What HackMyAgent detects |
+|----------|--------------------------|
+| **Claude Code** | CLAUDE.md misconfigurations, skill permissions, MCP server exposure |
+| **Cursor** | .cursor/ rules, MCP server configs, overly permissive settings |
+| **VS Code** | .vscode/mcp.json configurations, extension risks |
+| **Any MCP setup** | Transport security, tool boundaries, auth weaknesses |
+
+All platforms are scanned automatically — no flags needed.
 
 ---
 
 ## CI/CD Integration
 
+All commands support `--json` and `--ci` flags.
+
 ### GitHub Actions
 
 ```yaml
@@ -417,16 +474,6 @@ jobs:
 npx hackmyagent secure --ignore LOG-001,RATE-001
 ```
 
-### JSON Output
-
-```bash
-# Filter critical findings
-hackmyagent secure --json | jq '.findings[] | select(.severity == "critical")'
-
-# Count issues by category
-hackmyagent secure --json | jq '[.findings[].id | split("-")[0]] | group_by(.) | map({(.[0]): length}) | add'
-```
-
 ---
 
 ## Exit Codes
@@ -439,80 +486,17 @@ hackmyagent secure --json | jq '[.findings[].id | split("-")[0]] | group_by(.) |
 
 ---
 
-## What's Included
-
-HackMyAgent consolidates several OpenA2A security modules into a single package:
-
-| Module | Description | Previously |
-|--------|-------------|------------|
-| Security scanner | 147 checks across 30 categories | hackmyagent-core |
-| Attack simulation | 55 adversarial payloads, 5 categories | standalone |
-| CredVault plugin | Credential detection + AES-256-GCM vault | @opena2a/credvault |
-| SignCrypt plugin | Ed25519 signing + SHA-256 hash pinning | @opena2a/signcrypt |
-| SkillGuard plugin | Permission pinning + tamper detection | @opena2a/skillguard |
-| OASB benchmark | 46 controls, 3 maturity levels | @opena2a/oasb |
-| ARP integration | Agent Runtime Protection hooks | @opena2a/arp |
-| Semantic engine | Semantic analysis for finding deduplication | @opena2a/semantic-engine |
-
-### Subpath Exports
-
-For programmatic use, the package exposes subpath exports:
+## Programmatic API
 
 ```typescript
 import { HardeningScanner } from 'hackmyagent';           // Scanner engine
 import { registerPlugin } from 'hackmyagent/plugins';      // Plugin API
 import { SemanticEngine } from 'hackmyagent/semantic';      // Semantic analysis
-import { ARPMonitor } from 'hackmyagent/arp';               // Runtime protection
+import { AgentRuntimeProtection } from 'hackmyagent/arp';    // Runtime protection
 import { OASBHarness } from 'hackmyagent/oasb';             // Benchmark harness
 ```
 
----
-
-## Writing Plugins
-
-HackMyAgent supports custom security plugins. Each plugin implements `scan()` and `fix()` methods.
-
-```typescript
-import type { OpenA2APlugin, Finding, Remediation, FixOptions } from 'hackmyagent/plugins';
-
-export class MyPlugin implements OpenA2APlugin {
-  readonly metadata = {
-    packageName: '@my-org/my-plugin',
-    displayName: 'My Plugin',
-    description: 'Detects and fixes X',
-    version: '1.0.0',
-    findings: ['MY-001'],
-    scoreImprovement: 10,
-  };
-
-  async scan(agentDir: string): Promise<Finding[]> {
-    return [{
-      id: 'MY-001',
-      title: 'Insecure widget',
-      description: 'Widget uses plaintext.',
-      severity: 'high',
-      filePath: 'config.json',
-      line: 12,
-      autoFixable: true,
-    }];
-  }
-
-  async fix(agentDir: string, options?: FixOptions): Promise<Remediation[]> {
-    if (options?.dryRun) return [{ findingId: 'MY-001', description: 'Would encrypt widget', filesModified: ['config.json'], rollbackAvailable: false }];
-    return [{ findingId: 'MY-001', description: 'Encrypted widget', filesModified: ['config.json'], rollbackAvailable: false }];
-  }
-}
-```
-
-See the [full plugin API documentation](docs/PLUGIN_API.md) for details.
-
----
-
-## Environment Variables
-
-| Variable | Description |
-|----------|-------------|
-| `NO_COLOR` | Disable colored output |
+See the [Plugin API documentation](docs/PLUGIN_API.md) for writing custom security plugins.
 
 ---
 
@@ -525,7 +509,7 @@ git clone https://github.com/opena2a-org/hackmyagent.git
 cd hackmyagent
 npm install
 npm run build
-npm test              # 765 tests
+npm test              # 817 tests
 ```
 
 ---
@@ -540,8 +524,8 @@ Apache-2.0
 
 | Project | Description | Install |
 |---------|-------------|---------|
-| [**OpenA2A CLI**](https://github.com/opena2a-org/opena2a) | Unified security CLI -- scan, protect, guard, runtime, shield | `npx opena2a` |
+| [**OpenA2A CLI**](https://github.com/opena2a-org/opena2a) | Unified security CLI — scan, protect, guard, shield | `npm install -g opena2a-cli` |
 | [**Secretless AI**](https://github.com/opena2a-org/secretless-ai) | Keep credentials out of AI context windows | `npx secretless-ai init` |
-| [**AIM**](https://github.com/opena2a-org/agent-identity-management) | Agent Identity Management -- identity and access control for AI agents | Self-hosted |
+| [**AIM**](https://github.com/opena2a-org/agent-identity-management) | Agent identity and access control for AI agents | Self-hosted |
 | [**AI Browser Guard**](https://github.com/opena2a-org/AI-BrowserGuard) | Detect and control AI agents in the browser | Chrome Web Store |
-| [**DVAA**](https://github.com/opena2a-org/damn-vulnerable-ai-agent) | Damn Vulnerable AI Agent -- security training target | `docker pull opena2a/dvaa` |
+| [**DVAA**](https://github.com/opena2a-org/damn-vulnerable-ai-agent) | Deliberately vulnerable AI agent for training | `docker pull opena2a/dvaa` |

package/dist/arp/patterns/ai-threats.js

@@ -10,7 +10,7 @@ const promptInjection = [
         id: 'PI-001',
         category: 'prompt-injection',
         description: 'Instruction override attempt — direct override of system instructions',
-        pattern: /(?:ignore|disregard|forget|override|bypass)\s+(?:all\s+)?(?:your\s+|the\s+|my\s+)?(?:previous|prior|above|earlier|system|original)\s+(?:instructions?|prompts?|rules?|directives?|guidelines?|constraints?)/i,
+        pattern: /(?:ignore|disregard|forget|override|bypass)\s+(?:all\s+)?(?:your\s+|the\s+|my\s+)?(?:previous\s+|prior\s+|above\s+|earlier\s+|system\s+|original\s+)?(?:instructions?|prompts?|rules?|directives?|guidelines?|constraints?)/i,
         severity: 'critical',
     },
     {
@@ -34,7 +34,7 @@ const jailbreak = [
         id: 'JB-001',
         category: 'jailbreak',
         description: 'DAN mode — "Do Anything Now" jailbreak attempt',
-        pattern: /\b(?:DAN|D\.A\.N|do\s+anything\s+now)\b.*(?:mode|persona|act|pretend|enable|activate|jailbr[eo]ak)/i,
+        pattern: /(?:\b(?:DAN|D\.A\.N|do\s+anything\s+now)\b.*(?:mode|persona|act|pretend|enable|activate|jailbr[eo]ak)|(?:act|pretend|behave|roleplay|play)\s+(?:as|like)\s+(?:a\s+)?(?:DAN|D\.A\.N)\b|do\s+anything\s+now)/i,
         severity: 'critical',
     },
     {
@@ -65,7 +65,7 @@ const dataExfiltration = [
         id: 'DE-002',
         category: 'data-exfiltration',
         description: 'Credential extraction — attempting to extract secrets or API keys',
-        pattern: /(?:(?:what|show|reveal|give|tell|display|print|dump|list)\s+(?:me\s+)?(?:are\s+)?(?:your\s+|the\s+)?(?:api\s+keys?|secrets?|credentials?|passwords?|tokens?|auth(?:entication)?|(?:private|secret)\s+keys?|(?:access|bearer)\s+tokens?|environment\s+variables?|env\s+vars?|\.env))/i,
+        pattern: /(?:(?:what|show|reveal|give|tell|display|print|dump|list|output|extract|expose|leak)\s+(?:me\s+)?(?:are\s+)?(?:your\s+|the\s+|any\s+)?(?:api\s+keys?|secrets?|credentials?|passwords?|tokens?|auth(?:entication)?|(?:private|secret)\s+keys?|(?:access|bearer)\s+tokens?|environment\s+variables?|env\s+vars?|\.env))/i,
         severity: 'critical',
     },
     {

package/dist/arp/patterns/ai-threats.js.map

@@ -1 +1 @@
-{"version":3,"file":"ai-threats.js","sourceRoot":"","sources":["../../../src/arp/patterns/ai-threats.ts"],"names":[],"mappings":";AAAA,qCAAqC;AACrC,qDAAqD;;;AAyOrD,4BAoBC;AA9OD,oCAAoC;AAEpC,MAAM,eAAe,GAAoB;IACvC;QACE,EAAE,EAAE,QAAQ;QACZ,QAAQ,EAAE,kBAAkB;QAC5B,WAAW,EAAE,uEAAuE;QACpF,OAAO,EAAE,8MAA8M;QACvN,QAAQ,EAAE,UAAU;KACrB;IACD;QACE,EAAE,EAAE,QAAQ;QACZ,QAAQ,EAAE,kBAAkB;QAC5B,WAAW,EAAE,kEAAkE;QAC/E,OAAO,EAAE,oNAAoN;QAC7N,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,EAAE,EAAE,QAAQ;QACZ,QAAQ,EAAE,kBAAkB;QAC5B,WAAW,EAAE,uDAAuD;QACpE,OAAO,EAAE,sFAAsF;QAC/F,QAAQ,EAAE,MAAM;KACjB;CACF,CAAC;AAEF,6BAA6B;AAE7B,MAAM,SAAS,GAAoB;IACjC;QACE,EAAE,EAAE,QAAQ;QACZ,QAAQ,EAAE,WAAW;QACrB,WAAW,EAAE,gDAAgD;QAC7D,OAAO,EAAE,qGAAqG;QAC9G,QAAQ,EAAE,UAAU;KACrB;IACD;QACE,EAAE,EAAE,QAAQ;QACZ,QAAQ,EAAE,WAAW;QACrB,WAAW,EAAE,4DAA4D;QACzE,OAAO,EAAE,mTAAmT;QAC5T,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,EAAE,EAAE,QAAQ;QACZ,QAAQ,EAAE,WAAW;QACrB,WAAW,EAAE,6EAA6E;QAC1F,OAAO,EAAE,qUAAqU;QAC9U,QAAQ,EAAE,QAAQ;KACnB;CACF,CAAC;AAEF,qDAAqD;AAErD,MAAM,gBAAgB,GAAoB;IACxC;QACE,EAAE,EAAE,QAAQ;QACZ,QAAQ,EAAE,mBAAmB;QAC7B,WAAW,EAAE,sEAAsE;QACnF,OAAO,EAAE,gVAAgV;QACzV,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,EAAE,EAAE,QAAQ;QACZ,QAAQ,EAAE,mBAAmB;QAC7B,WAAW,EAAE,mEAAmE;QAChF,OAAO,EAAE,sRAAsR;QAC/R,QAAQ,EAAE,UAAU;KACrB;IACD;QACE,EAAE,EAAE,QAAQ;QACZ,QAAQ,EAAE,mBAAmB;QAC7B,WAAW,EAAE,sDAAsD;QACnE,OAAO,EAAE,6PAA6P;QACtQ,QAAQ,EAAE,MAAM;KACjB;CACF,CAAC;AAEF,kDAAkD;AAElD,MAAM,UAAU,GAAoB;IAClC;QACE,EAAE,EAAE,QAAQ;QACZ,QAAQ,EAAE,aAAa;QACvB,WAAW,EAAE,2DAA2D;QACxE,OAAO,EAAE,kLAAkL;QAC3L,QAAQ,EAAE,UAAU;KACrB;IACD;QACE,EAAE,EAAE,QAAQ;QACZ,QAAQ,EAAE,aAAa;QACvB,WAAW,EAAE,oDAAoD;QACjE,OAAO,EAAE,0FAA0F;QACnG,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,EAAE,EAAE,QAAQ;QACZ,QAAQ,EAAE,aAAa;QACvB,WAAW,EAAE,0EAA0E;QACvF,OAAO,EAAE,6LAA6L;QACtM,QAAQ,EAAE,MAAM;KACjB;CACF,CAAC;AAEF,wCAAwC;AAExC,MAAM,mBAAmB,GAAoB;IAC3C;QACE,EAAE,EAAE,QAAQ;QACZ,QAAQ,EAAE,sBAAsB;QAChC,WAAW,EAAE,6DAA6D;QAC1E,OAAO,EAAE,6PAA6P;QACtQ,QAAQ,EAAE,QAAQ;KACnB;IACD;QACE,EAAE,EAAE,QAAQ;QACZ,QAAQ,EAAE,sBAAsB;QAChC,WAAW,EAAE,mEAAmE;QAChF,OAAO,EAAE,kOAAkO;QAC3O,QAAQ,EAAE,QAAQ;KACnB;CACF,CAAC;AAEF,oCAAoC;AAEpC,MAAM,eAAe,GAAoB;IACvC;QACE,EAAE,EAAE,SAAS;QACb,QAAQ,EAAE,kBAAkB;QAC5B,WAAW,EAAE,sCAAsC;QACnD,OAAO,EAAE,gDAAgD;QACzD,QAAQ,EAAE,UAAU;KACrB;IACD;QACE,EAAE,EAAE,SAAS;QACb,QAAQ,EAAE,kBAAkB;QAC5B,WAAW,EAAE,yCAAyC;QACtD,OAAO,EAAE,8KAA8K;QACvL,QAAQ,EAAE,UAAU;KACrB;IACD;QACE,EAAE,EAAE,SAAS;QACb,QAAQ,EAAE,kBAAkB;QAC5B,WAAW,EAAE,4BAA4B;QACzC,OAAO,EAAE,gRAAgR;QACzR,QAAQ,EAAE,UAAU;KACrB;CACF,CAAC;AAEF,8BAA8B;AAE9B,MAAM,SAAS,GAAoB;IACjC;QACE,EAAE,EAAE,SAAS;QACb,QAAQ,EAAE,YAAY;QACtB,WAAW,EAAE,wDAAwD;QACrE,OAAO,EAAE,8MAA8M;QACvN,QAAQ,EAAE,UAAU;KACrB;IACD;QACE,EAAE,EAAE,SAAS;QACb,QAAQ,EAAE,YAAY;QACtB,WAAW,EAAE,0EAA0E;QACvF,OAAO,EAAE,mSAAmS;QAC5S,QAAQ,EAAE,MAAM;KACjB;CACF,CAAC;AAEF,gCAAgC;AAEnB,QAAA,YAAY,GAAoB;IAC3C,GAAG,eAAe;IAClB,GAAG,SAAS;IACZ,GAAG,gBAAgB;IACnB,GAAG,UAAU;IACb,GAAG,mBAAmB;IACtB,GAAG,eAAe;IAClB,GAAG,SAAS;CACb,CAAC;AAEF,qDAAqD;AACxC,QAAA,YAAY,GAAG;IAC1B,eAAe;IACf,SAAS;IACT,gBAAgB;IAChB,UAAU;IACV,mBAAmB;IACnB,eAAe;IACf,SAAS;IACT,4DAA4D;IAC5D,aAAa,EAAE,CAAC,GAAG,eAAe,EAAE,GAAG,SAAS,EAAE,GAAG,gBAAgB,EAAE,GAAG,mBAAmB,CAAC;IAC9F,0DAA0D;IAC1D,cAAc,EAAE,CAAC,GAAG,UAAU,CAAC;IAC/B,8DAA8D;IAC9D,WAAW,EAAE,CAAC,GAAG,eAAe,CAAC;IACjC,8DAA8D;IAC9D,WAAW,EAAE,CAAC,GAAG,SAAS,CAAC;CACnB,CAAC;AAEX,6EAA6E;AAC7E,MAAM,eAAe,GAAG,EAAE,GAAG,IAAI,CAAC;AAalC;;;;GAIG;AACH,SAAgB,QAAQ,CAAC,IAAY,EAAE,QAAkC;IACvE,MAAM,SAAS,GAAG,IAAI,CAAC,MAAM,GAAG,eAAe,CAAC;IAChD,MAAM,SAAS,GAAG,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,eAAe,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IACpE,MAAM,OAAO,GAA0B,EAAE,CAAC;IAE1C,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,MAAM,KAAK,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAC9C,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,CAAC,IAAI,CAAC;gBACX,OAAO;gBACP,WAAW,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;aACpC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO;QACL,QAAQ,EAAE,OAAO,CAAC,MAAM,GAAG,CAAC;QAC5B,OAAO;QACP,SAAS;KACV,CAAC;AACJ,CAAC"}
+{"version":3,"file":"ai-threats.js","sourceRoot":"","sources":["../../../src/arp/patterns/ai-threats.ts"],"names":[],"mappings":";AAAA,qCAAqC;AACrC,qDAAqD;;;AAyOrD,4BAoBC;AA9OD,oCAAoC;AAEpC,MAAM,eAAe,GAAoB;IACvC;QACE,EAAE,EAAE,QAAQ;QACZ,QAAQ,EAAE,kBAAkB;QAC5B,WAAW,EAAE,uEAAuE;QACpF,OAAO,EAAE,8NAA8N;QACvO,QAAQ,EAAE,UAAU;KACrB;IACD;QACE,EAAE,EAAE,QAAQ;QACZ,QAAQ,EAAE,kBAAkB;QAC5B,WAAW,EAAE,kEAAkE;QAC/E,OAAO,EAAE,oNAAoN;QAC7N,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,EAAE,EAAE,QAAQ;QACZ,QAAQ,EAAE,kBAAkB;QAC5B,WAAW,EAAE,uDAAuD;QACpE,OAAO,EAAE,sFAAsF;QAC/F,QAAQ,EAAE,MAAM;KACjB;CACF,CAAC;AAEF,6BAA6B;AAE7B,MAAM,SAAS,GAAoB;IACjC;QACE,EAAE,EAAE,QAAQ;QACZ,QAAQ,EAAE,WAAW;QACrB,WAAW,EAAE,gDAAgD;QAC7D,OAAO,EAAE,6MAA6M;QACtN,QAAQ,EAAE,UAAU;KACrB;IACD;QACE,EAAE,EAAE,QAAQ;QACZ,QAAQ,EAAE,WAAW;QACrB,WAAW,EAAE,4DAA4D;QACzE,OAAO,EAAE,mTAAmT;QAC5T,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,EAAE,EAAE,QAAQ;QACZ,QAAQ,EAAE,WAAW;QACrB,WAAW,EAAE,6EAA6E;QAC1F,OAAO,EAAE,qUAAqU;QAC9U,QAAQ,EAAE,QAAQ;KACnB;CACF,CAAC;AAEF,qDAAqD;AAErD,MAAM,gBAAgB,GAAoB;IACxC;QACE,EAAE,EAAE,QAAQ;QACZ,QAAQ,EAAE,mBAAmB;QAC7B,WAAW,EAAE,sEAAsE;QACnF,OAAO,EAAE,gVAAgV;QACzV,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,EAAE,EAAE,QAAQ;QACZ,QAAQ,EAAE,mBAAmB;QAC7B,WAAW,EAAE,mEAAmE;QAChF,OAAO,EAAE,wTAAwT;QACjU,QAAQ,EAAE,UAAU;KACrB;IACD;QACE,EAAE,EAAE,QAAQ;QACZ,QAAQ,EAAE,mBAAmB;QAC7B,WAAW,EAAE,sDAAsD;QACnE,OAAO,EAAE,6PAA6P;QACtQ,QAAQ,EAAE,MAAM;KACjB;CACF,CAAC;AAEF,kDAAkD;AAElD,MAAM,UAAU,GAAoB;IAClC;QACE,EAAE,EAAE,QAAQ;QACZ,QAAQ,EAAE,aAAa;QACvB,WAAW,EAAE,2DAA2D;QACxE,OAAO,EAAE,kLAAkL;QAC3L,QAAQ,EAAE,UAAU;KACrB;IACD;QACE,EAAE,EAAE,QAAQ;QACZ,QAAQ,EAAE,aAAa;QACvB,WAAW,EAAE,oDAAoD;QACjE,OAAO,EAAE,0FAA0F;QACnG,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,EAAE,EAAE,QAAQ;QACZ,QAAQ,EAAE,aAAa;QACvB,WAAW,EAAE,0EAA0E;QACvF,OAAO,EAAE,6LAA6L;QACtM,QAAQ,EAAE,MAAM;KACjB;CACF,CAAC;AAEF,wCAAwC;AAExC,MAAM,mBAAmB,GAAoB;IAC3C;QACE,EAAE,EAAE,QAAQ;QACZ,QAAQ,EAAE,sBAAsB;QAChC,WAAW,EAAE,6DAA6D;QAC1E,OAAO,EAAE,6PAA6P;QACtQ,QAAQ,EAAE,QAAQ;KACnB;IACD;QACE,EAAE,EAAE,QAAQ;QACZ,QAAQ,EAAE,sBAAsB;QAChC,WAAW,EAAE,mEAAmE;QAChF,OAAO,EAAE,kOAAkO;QAC3O,QAAQ,EAAE,QAAQ;KACnB;CACF,CAAC;AAEF,oCAAoC;AAEpC,MAAM,eAAe,GAAoB;IACvC;QACE,EAAE,EAAE,SAAS;QACb,QAAQ,EAAE,kBAAkB;QAC5B,WAAW,EAAE,sCAAsC;QACnD,OAAO,EAAE,gDAAgD;QACzD,QAAQ,EAAE,UAAU;KACrB;IACD;QACE,EAAE,EAAE,SAAS;QACb,QAAQ,EAAE,kBAAkB;QAC5B,WAAW,EAAE,yCAAyC;QACtD,OAAO,EAAE,8KAA8K;QACvL,QAAQ,EAAE,UAAU;KACrB;IACD;QACE,EAAE,EAAE,SAAS;QACb,QAAQ,EAAE,kBAAkB;QAC5B,WAAW,EAAE,4BAA4B;QACzC,OAAO,EAAE,gRAAgR;QACzR,QAAQ,EAAE,UAAU;KACrB;CACF,CAAC;AAEF,8BAA8B;AAE9B,MAAM,SAAS,GAAoB;IACjC;QACE,EAAE,EAAE,SAAS;QACb,QAAQ,EAAE,YAAY;QACtB,WAAW,EAAE,wDAAwD;QACrE,OAAO,EAAE,8MAA8M;QACvN,QAAQ,EAAE,UAAU;KACrB;IACD;QACE,EAAE,EAAE,SAAS;QACb,QAAQ,EAAE,YAAY;QACtB,WAAW,EAAE,0EAA0E;QACvF,OAAO,EAAE,mSAAmS;QAC5S,QAAQ,EAAE,MAAM;KACjB;CACF,CAAC;AAEF,gCAAgC;AAEnB,QAAA,YAAY,GAAoB;IAC3C,GAAG,eAAe;IAClB,GAAG,SAAS;IACZ,GAAG,gBAAgB;IACnB,GAAG,UAAU;IACb,GAAG,mBAAmB;IACtB,GAAG,eAAe;IAClB,GAAG,SAAS;CACb,CAAC;AAEF,qDAAqD;AACxC,QAAA,YAAY,GAAG;IAC1B,eAAe;IACf,SAAS;IACT,gBAAgB;IAChB,UAAU;IACV,mBAAmB;IACnB,eAAe;IACf,SAAS;IACT,4DAA4D;IAC5D,aAAa,EAAE,CAAC,GAAG,eAAe,EAAE,GAAG,SAAS,EAAE,GAAG,gBAAgB,EAAE,GAAG,mBAAmB,CAAC;IAC9F,0DAA0D;IAC1D,cAAc,EAAE,CAAC,GAAG,UAAU,CAAC;IAC/B,8DAA8D;IAC9D,WAAW,EAAE,CAAC,GAAG,eAAe,CAAC;IACjC,8DAA8D;IAC9D,WAAW,EAAE,CAAC,GAAG,SAAS,CAAC;CACnB,CAAC;AAEX,6EAA6E;AAC7E,MAAM,eAAe,GAAG,EAAE,GAAG,IAAI,CAAC;AAalC;;;;GAIG;AACH,SAAgB,QAAQ,CAAC,IAAY,EAAE,QAAkC;IACvE,MAAM,SAAS,GAAG,IAAI,CAAC,MAAM,GAAG,eAAe,CAAC;IAChD,MAAM,SAAS,GAAG,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,eAAe,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IACpE,MAAM,OAAO,GAA0B,EAAE,CAAC;IAE1C,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,MAAM,KAAK,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAC9C,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,CAAC,IAAI,CAAC;gBACX,OAAO;gBACP,WAAW,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;aACpC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO;QACL,QAAQ,EAAE,OAAO,CAAC,MAAM,GAAG,CAAC;QAC5B,OAAO;QACP,SAAS;KACV,CAAC;AACJ,CAAC"}

package/dist/arp/proxy/server.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../../src/arp/proxy/server.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,WAAW,EAA2B,MAAM,UAAU,CAAC;AACrE,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAC;AAChE,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,8BAA8B,CAAC;AAC3E,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,8BAA8B,CAAC;AAI3E,MAAM,WAAW,YAAY;IAC3B,MAAM,EAAE,WAAW,CAAC;IACpB,iBAAiB,CAAC,EAAE,iBAAiB,CAAC;IACtC,cAAc,CAAC,EAAE,sBAAsB,CAAC;IACxC,cAAc,CAAC,EAAE,sBAAsB,CAAC;CACzC;AAED;;;;;;GAMG;AACH,qBAAa,QAAQ;IACnB,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAc;IACrC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAe;IACpC,OAAO,CAAC,MAAM,CAA4B;gBAE9B,MAAM,EAAE,WAAW,EAAE,IAAI,EAAE,YAAY;IAK7C,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAmBtB,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;IAU3B,OAAO,IAAI,MAAM;YAIH,aAAa;IAsD3B,OAAO,CAAC,YAAY;IAQpB;;;OAGG;YACW,cAAc;IA8B5B;;OAEG;YACW,eAAe;IA+B7B,OAAO,CAAC,oBAAoB;IAqB5B,OAAO,CAAC,qBAAqB;IAsB7B,OAAO,CAAC,iBAAiB;IAsBzB,OAAO,CAAC,kBAAkB;IA8B1B,OAAO,CAAC,kBAAkB;IAmB1B,OAAO,CAAC,iBAAiB;CAoC1B"}
+{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../../src/arp/proxy/server.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,WAAW,EAA2B,MAAM,UAAU,CAAC;AACrE,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAC;AAChE,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,8BAA8B,CAAC;AAC3E,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,8BAA8B,CAAC;AAI3E,MAAM,WAAW,YAAY;IAC3B,MAAM,EAAE,WAAW,CAAC;IACpB,iBAAiB,CAAC,EAAE,iBAAiB,CAAC;IACtC,cAAc,CAAC,EAAE,sBAAsB,CAAC;IACxC,cAAc,CAAC,EAAE,sBAAsB,CAAC;CACzC;AAED;;;;;;GAMG;AACH,qBAAa,QAAQ;IACnB,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAc;IACrC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAe;IACpC,OAAO,CAAC,MAAM,CAA4B;gBAE9B,MAAM,EAAE,WAAW,EAAE,IAAI,EAAE,YAAY;IAK7C,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAmBtB,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;IAU3B,OAAO,IAAI,MAAM;YAIH,aAAa;IAsD3B,OAAO,CAAC,YAAY;IAQpB;;;OAGG;YACW,cAAc;IA8B5B;;OAEG;YACW,eAAe;IA+B7B,OAAO,CAAC,oBAAoB;IAqB5B,OAAO,CAAC,qBAAqB;IAsB7B,OAAO,CAAC,iBAAiB;IAsBzB,OAAO,CAAC,kBAAkB;IA8B1B,OAAO,CAAC,kBAAkB;IAmB1B,OAAO,CAAC,iBAAiB;CAgD1B"}

package/dist/arp/proxy/server.js

@@ -316,11 +316,30 @@ class ARPProxy {
             else if (typeof parsed.params?.content === 'string') {
                 content = parsed.params.content;
             }
-            if (content) {
-                const result = this.deps.a2aInterceptor.scanMessage(from, to, content);
-                return result.detected;
+            else if (typeof parsed.message === 'string') {
+                content = parsed.message;
             }
-            return false;
+            else if (parsed.payload) {
+                // Common A2A formats: { payload: { task: "..." } } or { payload: "..." }
+                if (typeof parsed.payload === 'string') {
+                    content = parsed.payload;
+                }
+                else if (typeof parsed.payload.task === 'string') {
+                    content = parsed.payload.task;
+                }
+                else if (typeof parsed.payload.content === 'string') {
+                    content = parsed.payload.content;
+                }
+                else if (typeof parsed.payload.message === 'string') {
+                    content = parsed.payload.message;
+                }
+            }
+            else if (typeof parsed.task === 'string') {
+                content = parsed.task;
+            }
+            // Always scan if we have content or a sender identity to check
+            const result = this.deps.a2aInterceptor.scanMessage(from, to, content || bodyStr);
+            return result.detected;
         }
         catch {
             return false;