opena2a-cli 0.1.0

package/dist/commands/verify.js

@@ -0,0 +1,300 @@
+"use strict";
+/**
+ * opena2a verify -- Verify binary integrity of installed packages.
+ * Computes SHA-256 hashes of local artifacts and compares against
+ * registry-published hashes for tamper detection.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports._internals = void 0;
+exports.verify = verify;
+const node_crypto_1 = require("node:crypto");
+const node_fs_1 = require("node:fs");
+const colors_js_1 = require("../util/colors.js");
+const spinner_js_1 = require("../util/spinner.js");
+// --- Constants ---
+const VERIFIABLE_PACKAGES = [
+    'hackmyagent', 'secretless-ai', 'hma-researcher', 'hma-hunter',
+    '@opena2a/arp', '@opena2a/oasb', 'aibrowserguard', 'ai-trust',
+];
+// --- Testable internals ---
+/**
+ * Exported for testing. Internal code calls these through the object reference
+ * so tests can replace individual functions via vi.spyOn.
+ */
+exports._internals = {
+    resolvePackagePath(packageName) {
+        const resolved = require.resolve(packageName);
+        const path = require('node:path');
+        const fs = require('node:fs');
+        let dir = path.dirname(resolved);
+        const root = path.parse(dir).root;
+        while (dir !== root) {
+            const pkgJsonPath = path.join(dir, 'package.json');
+            if (fs.existsSync(pkgJsonPath)) {
+                const pkgJson = JSON.parse(fs.readFileSync(pkgJsonPath, 'utf-8'));
+                if (pkgJson.name === packageName) {
+                    return {
+                        mainFile: resolved,
+                        version: pkgJson.version ?? 'unknown',
+                    };
+                }
+            }
+            dir = path.dirname(dir);
+        }
+        return { mainFile: resolved, version: 'unknown' };
+    },
+};
+// --- Core ---
+async function verify(options) {
+    const registryUrl = await resolveRegistryUrl(options.registryUrl);
+    const packages = options.packageName ? [options.packageName] : VERIFIABLE_PACKAGES;
+    const isJson = options.format === 'json';
+    const isCi = options.ci ?? false;
+    if (!isJson && !isCi) {
+        process.stdout.write((0, colors_js_1.bold)('Verifying binary integrity of OpenA2A packages') + '\n\n');
+    }
+    const results = [];
+    const spinner = new spinner_js_1.Spinner('');
+    for (const pkg of packages) {
+        if (!isCi && !isJson) {
+            spinner.update(`Verifying ${pkg}...`);
+            spinner.start();
+        }
+        const result = await verifyPackage(pkg, registryUrl, options);
+        results.push(result);
+        if (!isCi && !isJson) {
+            spinner.stop();
+        }
+    }
+    // Output
+    if (isJson) {
+        const report = {
+            registryUrl,
+            timestamp: new Date().toISOString(),
+            total: results.length,
+            verified: results.filter(r => r.registryStatus === 'verified').length,
+            tamperDetected: results.filter(r => r.registryStatus === 'tamper_detected').length,
+            noData: results.filter(r => r.registryStatus === 'no_data').length,
+            notInstalled: results.filter(r => r.registryStatus === 'not_installed').length,
+            packages: results.map(r => ({
+                ...r,
+                trustScore: r.trustScore,
+                trustVerdict: r.trustVerdict,
+                oracleVerdict: r.oracleVerdict,
+                oracleSignatureValid: r.oracleSignatureValid,
+                dependencyRiskCount: r.dependencyRiskCount,
+                lastScannedAt: r.lastScannedAt,
+            })),
+        };
+        process.stdout.write(JSON.stringify(report, null, 2) + '\n');
+    }
+    else {
+        printResults(results, registryUrl);
+    }
+    const tampered = results.filter(r => r.registryStatus === 'tamper_detected');
+    return tampered.length > 0 ? 1 : 0;
+}
+async function queryTrustProfile(registryUrl, name, type) {
+    try {
+        const params = new URLSearchParams({ name, includeProfile: 'true', includeDeps: 'true' });
+        if (type)
+            params.set('type', type);
+        const url = `${registryUrl}/api/v1/trust/query?${params}`;
+        const response = await fetch(url, {
+            method: 'GET',
+            headers: { 'Accept': 'application/json' },
+            signal: AbortSignal.timeout(10_000),
+        });
+        if (!response.ok)
+            return null;
+        const data = await response.json();
+        return {
+            trustScore: data.trustProfile?.trustScore ?? data.trustScore ?? 0,
+            verdict: data.trustProfile?.verdict ?? data.verdict ?? 'unknown',
+            lastScannedAt: data.trustProfile?.lastScannedAt ?? data.lastScannedAt ?? null,
+            dependencyRiskCount: data.dependencies?.riskCount ?? 0,
+        };
+    }
+    catch {
+        return null;
+    }
+}
+async function queryOracleVerdict(registryUrl, component) {
+    try {
+        const url = `${registryUrl}/api/v1/oracle/${encodeURIComponent(component)}`;
+        const response = await fetch(url, {
+            method: 'GET',
+            headers: { 'Accept': 'application/json' },
+            signal: AbortSignal.timeout(10_000),
+        });
+        if (!response.ok)
+            return null;
+        const data = await response.json();
+        return {
+            verdict: data.verdict ?? 'unknown',
+            signatureValid: data.signatureValid ?? data.signature?.valid ?? false,
+        };
+    }
+    catch {
+        return null;
+    }
+}
+// --- Per-package verification ---
+async function verifyPackage(packageName, registryUrl, options) {
+    const emptyTrust = {
+        trustScore: null,
+        trustVerdict: null,
+        oracleVerdict: null,
+        oracleSignatureValid: null,
+        dependencyRiskCount: null,
+        lastScannedAt: null,
+    };
+    // Step 1: Find local installation
+    let mainFilePath;
+    let pkgVersion;
+    try {
+        const resolved = exports._internals.resolvePackagePath(packageName);
+        mainFilePath = resolved.mainFile;
+        pkgVersion = resolved.version;
+    }
+    catch {
+        if (options.verbose) {
+            process.stderr.write((0, colors_js_1.dim)(`  ${packageName}: not installed locally\n`));
+        }
+        return {
+            packageName,
+            version: 'N/A',
+            localHash: 'N/A',
+            registryStatus: 'not_installed',
+            ...emptyTrust,
+        };
+    }
+    // Step 2: Compute SHA-256
+    const localHash = computeSha256(mainFilePath);
+    // Step 3: Query registry for hash verification
+    let registryStatus = 'no_data';
+    let error;
+    try {
+        const url = `${registryUrl}/api/v1/trust/query?name=${encodeURIComponent(packageName)}&hash=${localHash}`;
+        const response = await fetch(url, {
+            method: 'GET',
+            headers: { 'Accept': 'application/json' },
+            signal: AbortSignal.timeout(10_000),
+        });
+        if (response.ok) {
+            const data = await response.json();
+            const status = data.contentVerification?.status;
+            if (status === 'verified')
+                registryStatus = 'verified';
+            else if (status === 'tamper_detected')
+                registryStatus = 'tamper_detected';
+        }
+    }
+    catch (err) {
+        registryStatus = 'error';
+        error = err instanceof Error ? err.message : String(err);
+    }
+    // Step 4: Query trust profile and oracle verdict (parallel, non-blocking)
+    const type = packageName.startsWith('@') ? 'mcp_server' : 'ai_tool';
+    const [trustProfile, oracle] = await Promise.all([
+        queryTrustProfile(registryUrl, packageName, type),
+        queryOracleVerdict(registryUrl, packageName),
+    ]);
+    return {
+        packageName,
+        version: pkgVersion,
+        localHash,
+        registryStatus,
+        trustScore: trustProfile?.trustScore ?? null,
+        trustVerdict: trustProfile?.verdict ?? null,
+        oracleVerdict: oracle?.verdict ?? null,
+        oracleSignatureValid: oracle?.signatureValid ?? null,
+        dependencyRiskCount: trustProfile?.dependencyRiskCount ?? null,
+        lastScannedAt: trustProfile?.lastScannedAt ?? null,
+        error,
+    };
+}
+// --- Helpers ---
+function computeSha256(filePath) {
+    const content = (0, node_fs_1.readFileSync)(filePath);
+    return (0, node_crypto_1.createHash)('sha256').update(content).digest('hex');
+}
+async function resolveRegistryUrl(override) {
+    if (override)
+        return override.replace(/\/$/, '');
+    try {
+        const shared = await Function('return import("@opena2a/shared")')();
+        const mod = 'default' in shared ? shared.default : shared;
+        const config = mod.loadUserConfig();
+        return config.registry.url;
+    }
+    catch {
+        return 'https://registry.opena2a.org';
+    }
+}
+// --- Output ---
+function printResults(results, registryUrl) {
+    // Detailed per-package output
+    for (const r of results) {
+        if (r.registryStatus === 'not_installed') {
+            process.stdout.write((0, colors_js_1.dim)(`  ${r.packageName}: not installed\n`));
+            continue;
+        }
+        const statusLabel = r.registryStatus === 'verified' ? (0, colors_js_1.green)('PASS')
+            : r.registryStatus === 'tamper_detected' ? (0, colors_js_1.red)('TAMPER DETECTED')
+                : r.registryStatus === 'error' ? (0, colors_js_1.red)('error')
+                    : (0, colors_js_1.yellow)('no data');
+        const hashDisplay = r.localHash.slice(0, 16) + '...';
+        process.stdout.write('\n');
+        process.stdout.write(`  ${(0, colors_js_1.dim)('Package')}          ${(0, colors_js_1.bold)(r.packageName)}\n`);
+        process.stdout.write(`  ${(0, colors_js_1.dim)('Version')}          ${r.version}\n`);
+        process.stdout.write(`  ${(0, colors_js_1.dim)('Hash Check')}       ${statusLabel} ${(0, colors_js_1.dim)('(SHA-256 ' + hashDisplay + ')')}\n`);
+        if (r.trustScore !== null) {
+            const scoreColor = r.trustScore >= 80 ? colors_js_1.green : r.trustScore >= 60 ? colors_js_1.yellow : colors_js_1.red;
+            process.stdout.write(`  ${(0, colors_js_1.dim)('Trust Score')}      ${scoreColor(`${r.trustScore} / 100`)}\n`);
+        }
+        if (r.trustVerdict !== null) {
+            const verdictColor = r.trustVerdict === 'trusted' ? colors_js_1.green
+                : r.trustVerdict === 'caution' ? colors_js_1.yellow
+                    : r.trustVerdict === 'untrusted' ? colors_js_1.red
+                        : colors_js_1.dim;
+            process.stdout.write(`  ${(0, colors_js_1.dim)('Trust Verdict')}    ${verdictColor(r.trustVerdict)}\n`);
+        }
+        if (r.oracleVerdict !== null) {
+            const oracleLabel = r.oracleSignatureValid ? (0, colors_js_1.green)('verified (Ed25519)') : (0, colors_js_1.yellow)(r.oracleVerdict);
+            process.stdout.write(`  ${(0, colors_js_1.dim)('Oracle Signed')}    ${oracleLabel}\n`);
+        }
+        if (r.lastScannedAt) {
+            process.stdout.write(`  ${(0, colors_js_1.dim)('Last Scanned')}     ${(0, colors_js_1.dim)(r.lastScannedAt)}\n`);
+        }
+        if (r.dependencyRiskCount !== null) {
+            const depLabel = r.dependencyRiskCount === 0
+                ? (0, colors_js_1.green)('0 risks')
+                : (0, colors_js_1.yellow)(`${r.dependencyRiskCount} risk${r.dependencyRiskCount === 1 ? '' : 's'}`);
+            process.stdout.write(`  ${(0, colors_js_1.dim)('Dependencies')}     ${depLabel}\n`);
+        }
+    }
+    process.stdout.write('\n');
+    // Summary
+    const verified = results.filter(r => r.registryStatus === 'verified').length;
+    const tampered = results.filter(r => r.registryStatus === 'tamper_detected').length;
+    const noData = results.filter(r => r.registryStatus === 'no_data' || r.registryStatus === 'error').length;
+    const notInstalled = results.filter(r => r.registryStatus === 'not_installed').length;
+    process.stdout.write((0, colors_js_1.bold)('Summary: '));
+    const parts = [];
+    if (verified > 0)
+        parts.push((0, colors_js_1.green)(`${verified} verified`));
+    if (tampered > 0)
+        parts.push((0, colors_js_1.red)(`${tampered} tampered`));
+    if (noData > 0)
+        parts.push((0, colors_js_1.yellow)(`${noData} no data`));
+    if (notInstalled > 0)
+        parts.push((0, colors_js_1.dim)(`${notInstalled} not installed`));
+    process.stdout.write(parts.join(', ') + '\n');
+    process.stdout.write((0, colors_js_1.dim)(`Registry: ${registryUrl}\n`));
+    if (tampered > 0) {
+        process.stdout.write('\n' + (0, colors_js_1.red)((0, colors_js_1.bold)('WARNING: Tamper detected in one or more packages.')) + '\n');
+        process.stdout.write((0, colors_js_1.red)('Reinstall affected packages from a trusted source.\n'));
+    }
+}
+//# sourceMappingURL=verify.js.map

package/dist/commands/verify.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"verify.js","sourceRoot":"","sources":["../../src/commands/verify.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;;AA+EH,wBAsDC;AAnID,6CAAyC;AACzC,qCAAuC;AACvC,iDAAkE;AAClE,mDAA6C;AAgC7C,oBAAoB;AAEpB,MAAM,mBAAmB,GAAG;IAC1B,aAAa,EAAE,eAAe,EAAE,gBAAgB,EAAE,YAAY;IAC9D,cAAc,EAAE,eAAe,EAAE,gBAAgB,EAAE,UAAU;CAC9D,CAAC;AAEF,6BAA6B;AAE7B;;;GAGG;AACU,QAAA,UAAU,GAAG;IACxB,kBAAkB,CAAC,WAAmB;QACpC,MAAM,QAAQ,GAAG,OAAO,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;QAE9C,MAAM,IAAI,GAAG,OAAO,CAAC,WAAW,CAAC,CAAC;QAClC,MAAM,EAAE,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC;QAC9B,IAAI,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;QACjC,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;QAElC,OAAO,GAAG,KAAK,IAAI,EAAE,CAAC;YACpB,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,cAAc,CAAC,CAAC;YACnD,IAAI,EAAE,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;gBAC/B,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC,CAAC;gBAClE,IAAI,OAAO,CAAC,IAAI,KAAK,WAAW,EAAE,CAAC;oBACjC,OAAO;wBACL,QAAQ,EAAE,QAAQ;wBAClB,OAAO,EAAE,OAAO,CAAC,OAAO,IAAI,SAAS;qBACtC,CAAC;gBACJ,CAAC;YACH,CAAC;YACD,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QAC1B,CAAC;QAED,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,OAAO,EAAE,SAAS,EAAE,CAAC;IACpD,CAAC;CACF,CAAC;AAEF,eAAe;AAER,KAAK,UAAU,MAAM,CAAC,OAAsB;IACjD,MAAM,WAAW,GAAG,MAAM,kBAAkB,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;IAClE,MAAM,QAAQ,GAAG,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,mBAAmB,CAAC;IACnF,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,KAAK,MAAM,CAAC;IACzC,MAAM,IAAI,GAAG,OAAO,CAAC,EAAE,IAAI,KAAK,CAAC;IAEjC,IAAI,CAAC,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;QACrB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAA,gBAAI,EAAC,gDAAgD,CAAC,GAAG,MAAM,CAAC,CAAC;IACxF,CAAC;IAED,MAAM,OAAO,GAAmB,EAAE,CAAC;IACnC,MAAM,OAAO,GAAG,IAAI,oBAAO,CAAC,EAAE,CAAC,CAAC;IAEhC,KAAK,MAAM,GAAG,IAAI,QAAQ,EAAE,CAAC;QAC3B,IAAI,CAAC,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;YACrB,OAAO,CAAC,MAAM,CAAC,aAAa,GAAG,KAAK,CAAC,CAAC;YACtC,OAAO,CAAC,KAAK,EAAE,CAAC;QAClB,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,GAAG,EAAE,WAAW,EAAE,OAAO,CAAC,CAAC;QAC9D,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAErB,IAAI,CAAC,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;YACrB,OAAO,CAAC,IAAI,EAAE,CAAC;QACjB,CAAC;IACH,CAAC;IAED,SAAS;IACT,IAAI,MAAM,EAAE,CAAC;QACX,MAAM,MAAM,GAAG;YACb,WAAW;YACX,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,KAAK,EAAE,OAAO,CAAC,MAAM;YACrB,QAAQ,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,cAAc,KAAK,UAAU,CAAC,CAAC,MAAM;YACrE,cAAc,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,cAAc,KAAK,iBAAiB,CAAC,CAAC,MAAM;YAClF,MAAM,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,cAAc,KAAK,SAAS,CAAC,CAAC,MAAM;YAClE,YAAY,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,cAAc,KAAK,eAAe,CAAC,CAAC,MAAM;YAC9E,QAAQ,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;gBAC1B,GAAG,CAAC;gBACJ,UAAU,EAAE,CAAC,CAAC,UAAU;gBACxB,YAAY,EAAE,CAAC,CAAC,YAAY;gBAC5B,aAAa,EAAE,CAAC,CAAC,aAAa;gBAC9B,oBAAoB,EAAE,CAAC,CAAC,oBAAoB;gBAC5C,mBAAmB,EAAE,CAAC,CAAC,mBAAmB;gBAC1C,aAAa,EAAE,CAAC,CAAC,aAAa;aAC/B,CAAC,CAAC;SACJ,CAAC;QACF,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;IAC/D,CAAC;SAAM,CAAC;QACN,YAAY,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;IACrC,CAAC;IAED,MAAM,QAAQ,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,cAAc,KAAK,iBAAiB,CAAC,CAAC;IAC7E,OAAO,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;AACrC,CAAC;AAgBD,KAAK,UAAU,iBAAiB,CAAC,WAAmB,EAAE,IAAY,EAAE,IAAa;IAC/E,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC,EAAE,IAAI,EAAE,cAAc,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,CAAC,CAAC;QAC1F,IAAI,IAAI;YAAE,MAAM,CAAC,GAAG,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;QACnC,MAAM,GAAG,GAAG,GAAG,WAAW,uBAAuB,MAAM,EAAE,CAAC;QAC1D,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;YAChC,MAAM,EAAE,KAAK;YACb,OAAO,EAAE,EAAE,QAAQ,EAAE,kBAAkB,EAAE;YACzC,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,MAAM,CAAC;SACpC,CAAC,CAAC;QACH,IAAI,CAAC,QAAQ,CAAC,EAAE;YAAE,OAAO,IAAI,CAAC;QAE9B,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAS,CAAC;QAC1C,OAAO;YACL,UAAU,EAAE,IAAI,CAAC,YAAY,EAAE,UAAU,IAAI,IAAI,CAAC,UAAU,IAAI,CAAC;YACjE,OAAO,EAAE,IAAI,CAAC,YAAY,EAAE,OAAO,IAAI,IAAI,CAAC,OAAO,IAAI,SAAS;YAChE,aAAa,EAAE,IAAI,CAAC,YAAY,EAAE,aAAa,IAAI,IAAI,CAAC,aAAa,IAAI,IAAI;YAC7E,mBAAmB,EAAE,IAAI,CAAC,YAAY,EAAE,SAAS,IAAI,CAAC;SACvD,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,KAAK,UAAU,kBAAkB,CAAC,WAAmB,EAAE,SAAiB;IACtE,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,GAAG,WAAW,kBAAkB,kBAAkB,CAAC,SAAS,CAAC,EAAE,CAAC;QAC5E,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;YAChC,MAAM,EAAE,KAAK;YACb,OAAO,EAAE,EAAE,QAAQ,EAAE,kBAAkB,EAAE;YACzC,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,MAAM,CAAC;SACpC,CAAC,CAAC;QACH,IAAI,CAAC,QAAQ,CAAC,EAAE;YAAE,OAAO,IAAI,CAAC;QAE9B,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAS,CAAC;QAC1C,OAAO;YACL,OAAO,EAAE,IAAI,CAAC,OAAO,IAAI,SAAS;YAClC,cAAc,EAAE,IAAI,CAAC,cAAc,IAAI,IAAI,CAAC,SAAS,EAAE,KAAK,IAAI,KAAK;SACtE,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,mCAAmC;AAEnC,KAAK,UAAU,aAAa,CAC1B,WAAmB,EACnB,WAAmB,EACnB,OAAsB;IAEtB,MAAM,UAAU,GAAG;QACjB,UAAU,EAAE,IAAI;QAChB,YAAY,EAAE,IAAI;QAClB,aAAa,EAAE,IAAI;QACnB,oBAAoB,EAAE,IAAI;QAC1B,mBAAmB,EAAE,IAAI;QACzB,aAAa,EAAE,IAAI;KACpB,CAAC;IAEF,kCAAkC;IAClC,IAAI,YAAoB,CAAC;IACzB,IAAI,UAAkB,CAAC;IACvB,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,kBAAU,CAAC,kBAAkB,CAAC,WAAW,CAAC,CAAC;QAC5D,YAAY,GAAG,QAAQ,CAAC,QAAQ,CAAC;QACjC,UAAU,GAAG,QAAQ,CAAC,OAAO,CAAC;IAChC,CAAC;IAAC,MAAM,CAAC;QACP,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;YACpB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAA,eAAG,EAAC,KAAK,WAAW,2BAA2B,CAAC,CAAC,CAAC;QACzE,CAAC;QACD,OAAO;YACL,WAAW;YACX,OAAO,EAAE,KAAK;YACd,SAAS,EAAE,KAAK;YAChB,cAAc,EAAE,eAAe;YAC/B,GAAG,UAAU;SACd,CAAC;IACJ,CAAC;IAED,0BAA0B;IAC1B,MAAM,SAAS,GAAG,aAAa,CAAC,YAAY,CAAC,CAAC;IAE9C,+CAA+C;IAC/C,IAAI,cAAc,GAAmC,SAAS,CAAC;IAC/D,IAAI,KAAyB,CAAC;IAE9B,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,GAAG,WAAW,4BAA4B,kBAAkB,CAAC,WAAW,CAAC,SAAS,SAAS,EAAE,CAAC;QAC1G,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;YAChC,MAAM,EAAE,KAAK;YACb,OAAO,EAAE,EAAE,QAAQ,EAAE,kBAAkB,EAAE;YACzC,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,MAAM,CAAC;SACpC,CAAC,CAAC;QAEH,IAAI,QAAQ,CAAC,EAAE,EAAE,CAAC;YAChB,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAmD,CAAC;YACpF,MAAM,MAAM,GAAG,IAAI,CAAC,mBAAmB,EAAE,MAAM,CAAC;YAChD,IAAI,MAAM,KAAK,UAAU;gBAAE,cAAc,GAAG,UAAU,CAAC;iBAClD,IAAI,MAAM,KAAK,iBAAiB;gBAAE,cAAc,GAAG,iBAAiB,CAAC;QAC5E,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,cAAc,GAAG,OAAO,CAAC;QACzB,KAAK,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IAC3D,CAAC;IAED,0EAA0E;IAC1E,MAAM,IAAI,GAAG,WAAW,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,SAAS,CAAC;IACpE,MAAM,CAAC,YAAY,EAAE,MAAM,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;QAC/C,iBAAiB,CAAC,WAAW,EAAE,WAAW,EAAE,IAAI,CAAC;QACjD,kBAAkB,CAAC,WAAW,EAAE,WAAW,CAAC;KAC7C,CAAC,CAAC;IAEH,OAAO;QACL,WAAW;QACX,OAAO,EAAE,UAAU;QACnB,SAAS;QACT,cAAc;QACd,UAAU,EAAE,YAAY,EAAE,UAAU,IAAI,IAAI;QAC5C,YAAY,EAAE,YAAY,EAAE,OAAO,IAAI,IAAI;QAC3C,aAAa,EAAE,MAAM,EAAE,OAAO,IAAI,IAAI;QACtC,oBAAoB,EAAE,MAAM,EAAE,cAAc,IAAI,IAAI;QACpD,mBAAmB,EAAE,YAAY,EAAE,mBAAmB,IAAI,IAAI;QAC9D,aAAa,EAAE,YAAY,EAAE,aAAa,IAAI,IAAI;QAClD,KAAK;KACN,CAAC;AACJ,CAAC;AAED,kBAAkB;AAElB,SAAS,aAAa,CAAC,QAAgB;IACrC,MAAM,OAAO,GAAG,IAAA,sBAAY,EAAC,QAAQ,CAAC,CAAC;IACvC,OAAO,IAAA,wBAAU,EAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AAC5D,CAAC;AAED,KAAK,UAAU,kBAAkB,CAAC,QAAiB;IACjD,IAAI,QAAQ;QAAE,OAAO,QAAQ,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IAEjD,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAO,QAAQ,CAAC,kCAAkC,CAAC,EAAmB,CAAC;QACtF,MAAM,GAAG,GAAG,SAAS,IAAI,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC;QAC1D,MAAM,MAAM,GAAG,GAAG,CAAC,cAAc,EAAE,CAAC;QACpC,OAAO,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC;IAC7B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,8BAA8B,CAAC;IACxC,CAAC;AACH,CAAC;AAED,iBAAiB;AAEjB,SAAS,YAAY,CAAC,OAAuB,EAAE,WAAmB;IAChE,8BAA8B;IAC9B,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;QACxB,IAAI,CAAC,CAAC,cAAc,KAAK,eAAe,EAAE,CAAC;YACzC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAA,eAAG,EAAC,KAAK,CAAC,CAAC,WAAW,mBAAmB,CAAC,CAAC,CAAC;YACjE,SAAS;QACX,CAAC;QAED,MAAM,WAAW,GAAG,CAAC,CAAC,cAAc,KAAK,UAAU,CAAC,CAAC,CAAC,IAAA,iBAAK,EAAC,MAAM,CAAC;YACjE,CAAC,CAAC,CAAC,CAAC,cAAc,KAAK,iBAAiB,CAAC,CAAC,CAAC,IAAA,eAAG,EAAC,iBAAiB,CAAC;gBACjE,CAAC,CAAC,CAAC,CAAC,cAAc,KAAK,OAAO,CAAC,CAAC,CAAC,IAAA,eAAG,EAAC,OAAO,CAAC;oBAC7C,CAAC,CAAC,IAAA,kBAAM,EAAC,SAAS,CAAC,CAAC;QAEtB,MAAM,WAAW,GAAG,CAAC,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK,CAAC;QAErD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAC3B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,IAAA,eAAG,EAAC,SAAS,CAAC,aAAa,IAAA,gBAAI,EAAC,CAAC,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;QAC9E,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,IAAA,eAAG,EAAC,SAAS,CAAC,aAAa,CAAC,CAAC,OAAO,IAAI,CAAC,CAAC;QACpE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,IAAA,eAAG,EAAC,YAAY,CAAC,UAAU,WAAW,IAAI,IAAA,eAAG,EAAC,WAAW,GAAG,WAAW,GAAG,GAAG,CAAC,IAAI,CAAC,CAAC;QAE9G,IAAI,CAAC,CAAC,UAAU,KAAK,IAAI,EAAE,CAAC;YAC1B,MAAM,UAAU,GAAG,CAAC,CAAC,UAAU,IAAI,EAAE,CAAC,CAAC,CAAC,iBAAK,CAAC,CAAC,CAAC,CAAC,CAAC,UAAU,IAAI,EAAE,CAAC,CAAC,CAAC,kBAAM,CAAC,CAAC,CAAC,eAAG,CAAC;YAClF,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,IAAA,eAAG,EAAC,aAAa,CAAC,SAAS,UAAU,CAAC,GAAG,CAAC,CAAC,UAAU,QAAQ,CAAC,IAAI,CAAC,CAAC;QAChG,CAAC;QACD,IAAI,CAAC,CAAC,YAAY,KAAK,IAAI,EAAE,CAAC;YAC5B,MAAM,YAAY,GAAG,CAAC,CAAC,YAAY,KAAK,SAAS,CAAC,CAAC,CAAC,iBAAK;gBACvD,CAAC,CAAC,CAAC,CAAC,YAAY,KAAK,SAAS,CAAC,CAAC,CAAC,kBAAM;oBACvC,CAAC,CAAC,CAAC,CAAC,YAAY,KAAK,WAAW,CAAC,CAAC,CAAC,eAAG;wBACtC,CAAC,CAAC,eAAG,CAAC;YACR,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,IAAA,eAAG,EAAC,eAAe,CAAC,OAAO,YAAY,CAAC,CAAC,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC;QACzF,CAAC;QACD,IAAI,CAAC,CAAC,aAAa,KAAK,IAAI,EAAE,CAAC;YAC7B,MAAM,WAAW,GAAG,CAAC,CAAC,oBAAoB,CAAC,CAAC,CAAC,IAAA,iBAAK,EAAC,oBAAoB,CAAC,CAAC,CAAC,CAAC,IAAA,kBAAM,EAAC,CAAC,CAAC,aAAa,CAAC,CAAC;YACnG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,IAAA,eAAG,EAAC,eAAe,CAAC,OAAO,WAAW,IAAI,CAAC,CAAC;QACxE,CAAC;QACD,IAAI,CAAC,CAAC,aAAa,EAAE,CAAC;YACpB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,IAAA,eAAG,EAAC,cAAc,CAAC,QAAQ,IAAA,eAAG,EAAC,CAAC,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC;QACjF,CAAC;QACD,IAAI,CAAC,CAAC,mBAAmB,KAAK,IAAI,EAAE,CAAC;YACnC,MAAM,QAAQ,GAAG,CAAC,CAAC,mBAAmB,KAAK,CAAC;gBAC1C,CAAC,CAAC,IAAA,iBAAK,EAAC,SAAS,CAAC;gBAClB,CAAC,CAAC,IAAA,kBAAM,EAAC,GAAG,CAAC,CAAC,mBAAmB,QAAQ,CAAC,CAAC,mBAAmB,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC;YACrF,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,IAAA,eAAG,EAAC,cAAc,CAAC,QAAQ,QAAQ,IAAI,CAAC,CAAC;QACrE,CAAC;IACH,CAAC;IAED,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAE3B,UAAU;IACV,MAAM,QAAQ,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,cAAc,KAAK,UAAU,CAAC,CAAC,MAAM,CAAC;IAC7E,MAAM,QAAQ,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,cAAc,KAAK,iBAAiB,CAAC,CAAC,MAAM,CAAC;IACpF,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,cAAc,KAAK,SAAS,IAAI,CAAC,CAAC,cAAc,KAAK,OAAO,CAAC,CAAC,MAAM,CAAC;IAC1G,MAAM,YAAY,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,cAAc,KAAK,eAAe,CAAC,CAAC,MAAM,CAAC;IAEtF,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAA,gBAAI,EAAC,WAAW,CAAC,CAAC,CAAC;IACxC,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,IAAI,QAAQ,GAAG,CAAC;QAAE,KAAK,CAAC,IAAI,CAAC,IAAA,iBAAK,EAAC,GAAG,QAAQ,WAAW,CAAC,CAAC,CAAC;IAC5D,IAAI,QAAQ,GAAG,CAAC;QAAE,KAAK,CAAC,IAAI,CAAC,IAAA,eAAG,EAAC,GAAG,QAAQ,WAAW,CAAC,CAAC,CAAC;IAC1D,IAAI,MAAM,GAAG,CAAC;QAAE,KAAK,CAAC,IAAI,CAAC,IAAA,kBAAM,EAAC,GAAG,MAAM,UAAU,CAAC,CAAC,CAAC;IACxD,IAAI,YAAY,GAAG,CAAC;QAAE,KAAK,CAAC,IAAI,CAAC,IAAA,eAAG,EAAC,GAAG,YAAY,gBAAgB,CAAC,CAAC,CAAC;IACvE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,CAAC;IAE9C,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAA,eAAG,EAAC,aAAa,WAAW,IAAI,CAAC,CAAC,CAAC;IAExD,IAAI,QAAQ,GAAG,CAAC,EAAE,CAAC;QACjB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,GAAG,IAAA,eAAG,EAAC,IAAA,gBAAI,EAAC,mDAAmD,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;QACnG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAA,eAAG,EAAC,sDAAsD,CAAC,CAAC,CAAC;IACpF,CAAC;AACH,CAAC"}

package/dist/contextual/advisor.d.ts

@@ -0,0 +1,12 @@
+export interface Suggestion {
+    command: string;
+    reason: string;
+    priority: number;
+}
+/**
+ * Contextual advisor: reads project state, scan history, and config
+ * to suggest the most relevant next command. No LLM call -- pure rules engine.
+ */
+export declare function getContextualSuggestions(targetDir?: string): Suggestion[];
+export declare function handleContext(query: string): void;
+//# sourceMappingURL=advisor.d.ts.map

package/dist/contextual/advisor.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"advisor.d.ts","sourceRoot":"","sources":["../../src/contextual/advisor.ts"],"names":[],"mappings":"AAKA,MAAM,WAAW,UAAU;IACzB,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED;;;GAGG;AACH,wBAAgB,wBAAwB,CAAC,SAAS,CAAC,EAAE,MAAM,GAAG,UAAU,EAAE,CAyEzE;AAED,wBAAgB,aAAa,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI,CAiBjD"}

package/dist/contextual/advisor.js

@@ -0,0 +1,94 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getContextualSuggestions = getContextualSuggestions;
+exports.handleContext = handleContext;
+const shared_1 = require("@opena2a/shared");
+const shared_2 = require("@opena2a/shared");
+const detect_js_1 = require("../util/detect.js");
+const colors_js_1 = require("../util/colors.js");
+/**
+ * Contextual advisor: reads project state, scan history, and config
+ * to suggest the most relevant next command. No LLM call -- pure rules engine.
+ */
+function getContextualSuggestions(targetDir) {
+    const suggestions = [];
+    const dir = targetDir ?? process.cwd();
+    const project = (0, detect_js_1.detectProject)(dir);
+    const config = (0, shared_1.loadUserConfig)();
+    const lastScan = (0, shared_2.getLastScan)();
+    // Never scanned? Suggest scan first
+    if (!lastScan) {
+        suggestions.push({
+            command: 'opena2a scan secure',
+            reason: 'No scan history found -- run a security scan first',
+            priority: 100,
+        });
+    }
+    // Scanned with critical findings but no attack test
+    if (lastScan && lastScan.findings.critical > 0) {
+        suggestions.push({
+            command: 'opena2a scan attack',
+            reason: `Last scan found ${lastScan.findings.critical} critical findings -- test with attack mode`,
+            priority: 90,
+        });
+    }
+    // Has .env but no protection
+    if (project.hasEnv) {
+        suggestions.push({
+            command: 'opena2a protect',
+            reason: '.env file detected -- migrate credentials to encrypted vault',
+            priority: 85,
+        });
+    }
+    // MCP project without secrets protection
+    if (project.hasMcp) {
+        suggestions.push({
+            command: 'opena2a secrets init',
+            reason: 'MCP configuration detected -- protect credentials from AI tools',
+            priority: 80,
+        });
+    }
+    // Not contributing to registry
+    if (!config.contribute.enabled && lastScan) {
+        suggestions.push({
+            command: 'opena2a config contribute on',
+            reason: 'Help the community -- share anonymized scan summaries',
+            priority: 30,
+        });
+    }
+    // Suggest benchmark after successful scan
+    if (lastScan && lastScan.findings.critical === 0 && lastScan.findings.high === 0) {
+        suggestions.push({
+            command: 'opena2a benchmark',
+            reason: 'Clean scan results -- run a full security benchmark',
+            priority: 50,
+        });
+    }
+    // Suggest runtime monitoring for agent projects
+    if (project.type === 'node' || project.hasMcp) {
+        suggestions.push({
+            command: 'opena2a runtime start',
+            reason: 'Enable runtime monitoring for process, network, and filesystem activity',
+            priority: 40,
+        });
+    }
+    // Sort by priority descending
+    suggestions.sort((a, b) => b.priority - a.priority);
+    return suggestions;
+}
+function handleContext(query) {
+    const suggestions = getContextualSuggestions();
+    if (suggestions.length === 0) {
+        process.stdout.write('No contextual suggestions available.\n');
+        process.stdout.write('Run: opena2a --help\n');
+        return;
+    }
+    process.stdout.write('\nSuggested next steps:\n\n');
+    const limit = query ? suggestions.length : 3;
+    for (let i = 0; i < Math.min(limit, suggestions.length); i++) {
+        const s = suggestions[i];
+        process.stdout.write(`  ${(0, colors_js_1.bold)(`${i + 1}.`)} ${(0, colors_js_1.cyan)(s.command)}\n`);
+        process.stdout.write(`     ${(0, colors_js_1.gray)(s.reason)}\n\n`);
+    }
+}
+//# sourceMappingURL=advisor.js.map

package/dist/contextual/advisor.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"advisor.js","sourceRoot":"","sources":["../../src/contextual/advisor.ts"],"names":[],"mappings":";;AAeA,4DAyEC;AAED,sCAiBC;AA3GD,4CAAiD;AACjD,4CAA+D;AAC/D,iDAAkD;AAClD,iDAA6D;AAQ7D;;;GAGG;AACH,SAAgB,wBAAwB,CAAC,SAAkB;IACzD,MAAM,WAAW,GAAiB,EAAE,CAAC;IACrC,MAAM,GAAG,GAAG,SAAS,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;IACvC,MAAM,OAAO,GAAG,IAAA,yBAAa,EAAC,GAAG,CAAC,CAAC;IACnC,MAAM,MAAM,GAAG,IAAA,uBAAc,GAAE,CAAC;IAChC,MAAM,QAAQ,GAAG,IAAA,oBAAW,GAAE,CAAC;IAE/B,oCAAoC;IACpC,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,WAAW,CAAC,IAAI,CAAC;YACf,OAAO,EAAE,qBAAqB;YAC9B,MAAM,EAAE,oDAAoD;YAC5D,QAAQ,EAAE,GAAG;SACd,CAAC,CAAC;IACL,CAAC;IAED,oDAAoD;IACpD,IAAI,QAAQ,IAAI,QAAQ,CAAC,QAAQ,CAAC,QAAQ,GAAG,CAAC,EAAE,CAAC;QAC/C,WAAW,CAAC,IAAI,CAAC;YACf,OAAO,EAAE,qBAAqB;YAC9B,MAAM,EAAE,mBAAmB,QAAQ,CAAC,QAAQ,CAAC,QAAQ,6CAA6C;YAClG,QAAQ,EAAE,EAAE;SACb,CAAC,CAAC;IACL,CAAC;IAED,6BAA6B;IAC7B,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;QACnB,WAAW,CAAC,IAAI,CAAC;YACf,OAAO,EAAE,iBAAiB;YAC1B,MAAM,EAAE,8DAA8D;YACtE,QAAQ,EAAE,EAAE;SACb,CAAC,CAAC;IACL,CAAC;IAED,yCAAyC;IACzC,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;QACnB,WAAW,CAAC,IAAI,CAAC;YACf,OAAO,EAAE,sBAAsB;YAC/B,MAAM,EAAE,iEAAiE;YACzE,QAAQ,EAAE,EAAE;SACb,CAAC,CAAC;IACL,CAAC;IAED,+BAA+B;IAC/B,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC3C,WAAW,CAAC,IAAI,CAAC;YACf,OAAO,EAAE,8BAA8B;YACvC,MAAM,EAAE,uDAAuD;YAC/D,QAAQ,EAAE,EAAE;SACb,CAAC,CAAC;IACL,CAAC;IAED,0CAA0C;IAC1C,IAAI,QAAQ,IAAI,QAAQ,CAAC,QAAQ,CAAC,QAAQ,KAAK,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,IAAI,KAAK,CAAC,EAAE,CAAC;QACjF,WAAW,CAAC,IAAI,CAAC;YACf,OAAO,EAAE,mBAAmB;YAC5B,MAAM,EAAE,qDAAqD;YAC7D,QAAQ,EAAE,EAAE;SACb,CAAC,CAAC;IACL,CAAC;IAED,gDAAgD;IAChD,IAAI,OAAO,CAAC,IAAI,KAAK,MAAM,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;QAC9C,WAAW,CAAC,IAAI,CAAC;YACf,OAAO,EAAE,uBAAuB;YAChC,MAAM,EAAE,yEAAyE;YACjF,QAAQ,EAAE,EAAE;SACb,CAAC,CAAC;IACL,CAAC;IAED,8BAA8B;IAC9B,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,GAAG,CAAC,CAAC,QAAQ,CAAC,CAAC;IACpD,OAAO,WAAW,CAAC;AACrB,CAAC;AAED,SAAgB,aAAa,CAAC,KAAa;IACzC,MAAM,WAAW,GAAG,wBAAwB,EAAE,CAAC;IAE/C,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC7B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,wCAAwC,CAAC,CAAC;QAC/D,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,uBAAuB,CAAC,CAAC;QAC9C,OAAO;IACT,CAAC;IAED,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,6BAA6B,CAAC,CAAC;IAEpD,MAAM,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;IAC7C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,WAAW,CAAC,MAAM,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;QAC7D,MAAM,CAAC,GAAG,WAAW,CAAC,CAAC,CAAC,CAAC;QACzB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,IAAA,gBAAI,EAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,IAAA,gBAAI,EAAC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QACpE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,QAAQ,IAAA,gBAAI,EAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IACrD,CAAC;AACH,CAAC"}

package/dist/contextual/index.d.ts

@@ -0,0 +1,3 @@
+export { getContextualSuggestions, handleContext } from './advisor.js';
+export type { Suggestion } from './advisor.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/contextual/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/contextual/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,wBAAwB,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AACvE,YAAY,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC"}

package/dist/contextual/index.js

@@ -0,0 +1,7 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.handleContext = exports.getContextualSuggestions = void 0;
+var advisor_js_1 = require("./advisor.js");
+Object.defineProperty(exports, "getContextualSuggestions", { enumerable: true, get: function () { return advisor_js_1.getContextualSuggestions; } });
+Object.defineProperty(exports, "handleContext", { enumerable: true, get: function () { return advisor_js_1.handleContext; } });
+//# sourceMappingURL=index.js.map

package/dist/contextual/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/contextual/index.ts"],"names":[],"mappings":";;;AAAA,2CAAuE;AAA9D,sHAAA,wBAAwB,OAAA;AAAE,2GAAA,aAAa,OAAA"}

package/dist/guided/attack-walkthrough.d.ts

@@ -0,0 +1,13 @@
+/**
+ * Guided attack walkthrough for novice users.
+ *
+ * Instead of immediately dispatching `opena2a scan attack`, walk users
+ * through what attack testing is, what agent type they have, and what
+ * phases the test will run. Returns the fully-formed command string.
+ */
+/**
+ * Run the interactive attack walkthrough. Returns the command string
+ * to execute, or null if the user cancels.
+ */
+export declare function runAttackWalkthrough(): Promise<string | null>;
+//# sourceMappingURL=attack-walkthrough.d.ts.map

package/dist/guided/attack-walkthrough.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"attack-walkthrough.d.ts","sourceRoot":"","sources":["../../src/guided/attack-walkthrough.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AA6CH;;;GAGG;AACH,wBAAsB,oBAAoB,IAAI,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CA2EnE"}

package/dist/guided/attack-walkthrough.js

@@ -0,0 +1,113 @@
+"use strict";
+/**
+ * Guided attack walkthrough for novice users.
+ *
+ * Instead of immediately dispatching `opena2a scan attack`, walk users
+ * through what attack testing is, what agent type they have, and what
+ * phases the test will run. Returns the fully-formed command string.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.runAttackWalkthrough = runAttackWalkthrough;
+const colors_js_1 = require("../util/colors.js");
+const ATTACK_PHASES = [
+    {
+        name: 'Prompt Injection Testing',
+        description: 'Tests whether your agent follows malicious instructions\n' +
+            '     hidden in user input or tool responses.',
+    },
+    {
+        name: 'Data Exfiltration',
+        description: 'Attempts to extract sensitive information like system\n' +
+            '     prompts, environment variables, or user data.',
+    },
+    {
+        name: 'Tool Abuse',
+        description: 'Tests if your agent can be tricked into calling\n' +
+            '     dangerous tools or exceeding its intended permissions.',
+    },
+];
+const AGENT_TYPES = [
+    {
+        label: 'MCP Server (tool-calling agent)',
+        value: 'mcp',
+        targetPrompt: 'MCP server URL (e.g., http://localhost:3010):',
+    },
+    {
+        label: 'API Agent (HTTP endpoint)',
+        value: 'api',
+        targetPrompt: 'API endpoint URL (e.g., http://localhost:8080/api):',
+    },
+    {
+        label: 'Chat Agent (system prompt based)',
+        value: 'chat',
+        targetPrompt: 'System prompt file path (optional, press Enter to skip):',
+    },
+];
+/**
+ * Run the interactive attack walkthrough. Returns the command string
+ * to execute, or null if the user cancels.
+ */
+async function runAttackWalkthrough() {
+    if (!process.stdin.isTTY) {
+        process.stdout.write('Attack walkthrough requires a TTY.\n');
+        process.stdout.write('Direct usage: opena2a scan attack <target-url>\n');
+        return null;
+    }
+    try {
+        const { select, input, confirm } = await import('@inquirer/prompts');
+        // Step 1: Explain
+        process.stdout.write('\n' + (0, colors_js_1.bold)('Attack Simulation') + '\n\n');
+        process.stdout.write('Attack testing probes your AI agent with crafted adversarial inputs\n' +
+            'to find security weaknesses before real attackers do.\n\n');
+        process.stdout.write((0, colors_js_1.dim)('  - Nothing is permanently modified\n'));
+        process.stdout.write((0, colors_js_1.dim)('  - Tests run against your local/staging agent\n'));
+        process.stdout.write((0, colors_js_1.dim)('  - Results are not shared externally\n'));
+        process.stdout.write('\n');
+        // Step 2: Agent type
+        const agentType = await select({
+            message: 'What type of agent are you testing?',
+            choices: AGENT_TYPES.map(t => ({
+                name: t.label,
+                value: t.value,
+            })),
+        });
+        const typeConfig = AGENT_TYPES.find(t => t.value === agentType);
+        // Step 3: Target details
+        const target = await input({
+            message: typeConfig.targetPrompt,
+        });
+        if (!target && agentType !== 'chat') {
+            process.stdout.write((0, colors_js_1.yellow)('A target URL is required for this agent type.') + '\n');
+            return null;
+        }
+        // Step 4: Show phases
+        process.stdout.write('\n' + (0, colors_js_1.bold)('Test Phases') + '\n\n');
+        for (let i = 0; i < ATTACK_PHASES.length; i++) {
+            const phase = ATTACK_PHASES[i];
+            process.stdout.write(`  ${(0, colors_js_1.cyan)(`Phase ${i + 1}`)} - ${(0, colors_js_1.bold)(phase.name)}\n`);
+            process.stdout.write(`     ${phase.description}\n\n`);
+        }
+        // Step 5: Confirm
+        const proceed = await confirm({
+            message: 'Start attack simulation?',
+            default: true,
+        });
+        if (!proceed) {
+            return null;
+        }
+        // Step 6: Build and return command
+        const targetArg = target || '.';
+        const command = `opena2a scan attack ${targetArg} --target-type ${agentType}`;
+        process.stdout.write('\n' + (0, colors_js_1.gray)('Command: ') + (0, colors_js_1.cyan)(command) + '\n\n');
+        return command;
+    }
+    catch (err) {
+        if (err instanceof Error && err.message.includes('User force closed')) {
+            return null;
+        }
+        // Fallback: show manual usage
+        process.stdout.write('\nUsage: opena2a scan attack <target-url> --target-type mcp|api|chat\n');
+        return null;
+    }
+}
+//# sourceMappingURL=attack-walkthrough.js.map

package/dist/guided/attack-walkthrough.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"attack-walkthrough.js","sourceRoot":"","sources":["../../src/guided/attack-walkthrough.ts"],"names":[],"mappings":";AAAA;;;;;;GAMG;;AAiDH,oDA2EC;AA1HD,iDAAkE;AAOlE,MAAM,aAAa,GAAkB;IACnC;QACE,IAAI,EAAE,0BAA0B;QAChC,WAAW,EAAE,2DAA2D;YACtE,8CAA8C;KACjD;IACD;QACE,IAAI,EAAE,mBAAmB;QACzB,WAAW,EAAE,yDAAyD;YACpE,oDAAoD;KACvD;IACD;QACE,IAAI,EAAE,YAAY;QAClB,WAAW,EAAE,mDAAmD;YAC9D,6DAA6D;KAChE;CACF,CAAC;AAEF,MAAM,WAAW,GAAG;IAClB;QACE,KAAK,EAAE,iCAAiC;QACxC,KAAK,EAAE,KAAK;QACZ,YAAY,EAAE,+CAA+C;KAC9D;IACD;QACE,KAAK,EAAE,2BAA2B;QAClC,KAAK,EAAE,KAAK;QACZ,YAAY,EAAE,qDAAqD;KACpE;IACD;QACE,KAAK,EAAE,kCAAkC;QACzC,KAAK,EAAE,MAAM;QACb,YAAY,EAAE,0DAA0D;KACzE;CACO,CAAC;AAEX;;;GAGG;AACI,KAAK,UAAU,oBAAoB;IACxC,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;QACzB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,sCAAsC,CAAC,CAAC;QAC7D,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,kDAAkD,CAAC,CAAC;QACzE,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,CAAC;QACH,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,GAAG,MAAM,MAAM,CAAC,mBAAmB,CAAC,CAAC;QAErE,kBAAkB;QAClB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,GAAG,IAAA,gBAAI,EAAC,mBAAmB,CAAC,GAAG,MAAM,CAAC,CAAC;QAChE,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,uEAAuE;YACvE,2DAA2D,CAC5D,CAAC;QACF,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAA,eAAG,EAAC,uCAAuC,CAAC,CAAC,CAAC;QACnE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAA,eAAG,EAAC,kDAAkD,CAAC,CAAC,CAAC;QAC9E,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAA,eAAG,EAAC,yCAAyC,CAAC,CAAC,CAAC;QACrE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAE3B,qBAAqB;QACrB,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC;YAC7B,OAAO,EAAE,qCAAqC;YAC9C,OAAO,EAAE,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;gBAC7B,IAAI,EAAE,CAAC,CAAC,KAAK;gBACb,KAAK,EAAE,CAAC,CAAC,KAAK;aACf,CAAC,CAAC;SACJ,CAAC,CAAC;QAEH,MAAM,UAAU,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,SAAS,CAAE,CAAC;QAEjE,yBAAyB;QACzB,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC;YACzB,OAAO,EAAE,UAAU,CAAC,YAAY;SACjC,CAAC,CAAC;QAEH,IAAI,CAAC,MAAM,IAAI,SAAS,KAAK,MAAM,EAAE,CAAC;YACpC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAA,kBAAM,EAAC,+CAA+C,CAAC,GAAG,IAAI,CAAC,CAAC;YACrF,OAAO,IAAI,CAAC;QACd,CAAC;QAED,sBAAsB;QACtB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,GAAG,IAAA,gBAAI,EAAC,aAAa,CAAC,GAAG,MAAM,CAAC,CAAC;QAC1D,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,aAAa,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YAC9C,MAAM,KAAK,GAAG,aAAa,CAAC,CAAC,CAAC,CAAC;YAC/B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,IAAA,gBAAI,EAAC,SAAS,CAAC,GAAG,CAAC,EAAE,CAAC,MAAM,IAAA,gBAAI,EAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC5E,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,QAAQ,KAAK,CAAC,WAAW,MAAM,CAAC,CAAC;QACxD,CAAC;QAED,kBAAkB;QAClB,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC;YAC5B,OAAO,EAAE,0BAA0B;YACnC,OAAO,EAAE,IAAI;SACd,CAAC,CAAC;QAEH,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO,IAAI,CAAC;QACd,CAAC;QAED,mCAAmC;QACnC,MAAM,SAAS,GAAG,MAAM,IAAI,GAAG,CAAC;QAChC,MAAM,OAAO,GAAG,uBAAuB,SAAS,kBAAkB,SAAS,EAAE,CAAC;QAE9E,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,GAAG,IAAA,gBAAI,EAAC,WAAW,CAAC,GAAG,IAAA,gBAAI,EAAC,OAAO,CAAC,GAAG,MAAM,CAAC,CAAC;QAExE,OAAO,OAAO,CAAC;IACjB,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAI,GAAG,YAAY,KAAK,IAAI,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,mBAAmB,CAAC,EAAE,CAAC;YACtE,OAAO,IAAI,CAAC;QACd,CAAC;QACD,8BAA8B;QAC9B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,wEAAwE,CAAC,CAAC;QAC/F,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC"}

package/dist/guided/wizard.d.ts

@@ -0,0 +1,2 @@
+export declare function runWizard(): Promise<string | null>;
+//# sourceMappingURL=wizard.d.ts.map

package/dist/guided/wizard.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"wizard.d.ts","sourceRoot":"","sources":["../../src/guided/wizard.ts"],"names":[],"mappings":"AAwDA,wBAAsB,SAAS,IAAI,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAsDxD"}