opena2a-cli 0.1.1 → 0.1.2

package/dist/util/drift-verification.js

@@ -0,0 +1,457 @@
+"use strict";
+/**
+ * Drift liveness verification.
+ *
+ * After pattern matching detects a credential (e.g., DRIFT-001 Google API key),
+ * this module performs an actual API call to verify whether the credential has
+ * drifted capabilities (e.g., Gemini access on a Maps key).
+ *
+ * Liveness checks are opt-in, non-blocking, and timeout after 5 seconds.
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.verifyGeminiAccess = verifyGeminiAccess;
+exports.verifyBedrockAccess = verifyBedrockAccess;
+exports.verifyDriftFindings = verifyDriftFindings;
+exports.applyLivenessResults = applyLivenessResults;
+const crypto = __importStar(require("crypto"));
+// --- Constants ---
+const LIVENESS_TIMEOUT_MS = 5_000;
+const GEMINI_MODELS_ENDPOINT = 'https://generativelanguage.googleapis.com/v1beta/models';
+// --- Verification functions ---
+/**
+ * Verify whether a Google API key has active Gemini access by calling
+ * the Generative Language API's models endpoint.
+ *
+ * - 200: Key has Gemini access (drift confirmed)
+ * - 403/401/400: No Gemini access or key invalid
+ * - Network error: Inconclusive
+ */
+async function verifyGeminiAccess(apiKey) {
+    const result = {
+        findingId: 'DRIFT-001',
+        checked: true,
+        live: false,
+        originalSeverity: 'high',
+        escalatedSeverity: 'high',
+        detail: '',
+    };
+    try {
+        const controller = new AbortController();
+        const timeout = setTimeout(() => controller.abort(), LIVENESS_TIMEOUT_MS);
+        const url = `${GEMINI_MODELS_ENDPOINT}?key=${apiKey}`;
+        const response = await fetch(url, {
+            method: 'GET',
+            signal: controller.signal,
+            headers: {
+                'User-Agent': 'opena2a-drift-check/1.0',
+            },
+        });
+        clearTimeout(timeout);
+        if (response.status === 200) {
+            let modelCount = 0;
+            try {
+                const body = await response.json();
+                modelCount = body.models?.length ?? 0;
+            }
+            catch {
+                // Response parsing failed but 200 confirms access
+            }
+            result.live = true;
+            result.escalatedSeverity = 'critical';
+            result.detail = modelCount > 0
+                ? `Gemini access confirmed: key can reach ${modelCount} model(s) via Generative Language API`
+                : 'Gemini access confirmed: key authenticates to Generative Language API';
+        }
+        else if (response.status === 403 || response.status === 401) {
+            result.detail = 'No Gemini access: key is restricted or Generative Language API is not enabled';
+        }
+        else if (response.status === 400) {
+            result.detail = 'Key format valid but rejected by Google API (may be revoked or restricted)';
+        }
+        else {
+            result.detail = `Unexpected response (HTTP ${response.status}): unable to confirm drift`;
+        }
+    }
+    catch (err) {
+        if (err instanceof Error && err.name === 'AbortError') {
+            result.detail = 'Liveness check timed out (5s) -- unable to confirm drift';
+            result.error = 'timeout';
+        }
+        else {
+            result.detail = 'Network error during liveness check -- unable to confirm drift';
+            result.error = err instanceof Error ? err.message : String(err);
+        }
+    }
+    return result;
+}
+// --- AWS SigV4 Helpers (minimal, zero-dependency implementation) ---
+function hmacSha256(key, data) {
+    return crypto.createHmac('sha256', key).update(data).digest();
+}
+function sha256Hex(data) {
+    return crypto.createHash('sha256').update(data).digest('hex');
+}
+function getSignatureKey(secretKey, dateStamp, region, service) {
+    const kDate = hmacSha256('AWS4' + secretKey, dateStamp);
+    const kRegion = hmacSha256(kDate, region);
+    const kService = hmacSha256(kRegion, service);
+    return hmacSha256(kService, 'aws4_request');
+}
+function signAwsRequest(params) {
+    const now = new Date();
+    const amzDate = now.toISOString().replace(/[-:]/g, '').replace(/\.\d{3}/, '');
+    const dateStamp = amzDate.slice(0, 8);
+    const payloadHash = sha256Hex(params.body);
+    const canonicalHeaders = `host:${params.host}\n` +
+        `x-amz-date:${amzDate}\n`;
+    const signedHeaders = 'host;x-amz-date';
+    const canonicalRequest = [
+        params.method,
+        params.path,
+        '', // query string (empty for POST)
+        canonicalHeaders,
+        signedHeaders,
+        payloadHash,
+    ].join('\n');
+    const credentialScope = `${dateStamp}/${params.region}/${params.service}/aws4_request`;
+    const stringToSign = [
+        'AWS4-HMAC-SHA256',
+        amzDate,
+        credentialScope,
+        sha256Hex(canonicalRequest),
+    ].join('\n');
+    const signingKey = getSignatureKey(params.secretAccessKey, dateStamp, params.region, params.service);
+    const signature = crypto
+        .createHmac('sha256', signingKey)
+        .update(stringToSign)
+        .digest('hex');
+    const authorization = `AWS4-HMAC-SHA256 Credential=${params.accessKeyId}/${credentialScope}, ` +
+        `SignedHeaders=${signedHeaders}, Signature=${signature}`;
+    return {
+        'Host': params.host,
+        'X-Amz-Date': amzDate,
+        'Authorization': authorization,
+        'Content-Type': 'application/x-www-form-urlencoded',
+        'User-Agent': 'opena2a-drift-check/1.0',
+    };
+}
+// --- AWS STS and Bedrock API calls ---
+async function callStsGetCallerIdentity(accessKeyId, secretAccessKey, signal) {
+    const host = 'sts.amazonaws.com';
+    const body = 'Action=GetCallerIdentity&Version=2011-06-15';
+    const headers = signAwsRequest({
+        method: 'POST',
+        host,
+        path: '/',
+        body,
+        accessKeyId,
+        secretAccessKey,
+        region: 'us-east-1',
+        service: 'sts',
+    });
+    const response = await fetch(`https://${host}/`, {
+        method: 'POST',
+        headers,
+        body,
+        signal,
+    });
+    if (response.status === 200) {
+        const text = await response.text();
+        // Extract account ID from XML response
+        const accountMatch = text.match(/<Account>(\d+)<\/Account>/);
+        const arnMatch = text.match(/<Arn>([^<]+)<\/Arn>/);
+        const account = accountMatch?.[1] ?? 'unknown';
+        const arn = arnMatch?.[1] ?? 'unknown';
+        return { live: true, detail: `Account ${account}, ARN: ${arn}` };
+    }
+    if (response.status === 403) {
+        return { live: false, detail: 'AWS key is invalid or expired' };
+    }
+    return {
+        live: false,
+        detail: `STS returned unexpected status ${response.status}`,
+    };
+}
+async function callBedrockListModels(accessKeyId, secretAccessKey, signal) {
+    const region = 'us-east-1';
+    const host = `bedrock.${region}.amazonaws.com`;
+    const path = '/foundation-models';
+    const now = new Date();
+    const amzDate = now.toISOString().replace(/[-:]/g, '').replace(/\.\d{3}/, '');
+    const dateStamp = amzDate.slice(0, 8);
+    const payloadHash = sha256Hex('');
+    const canonicalHeaders = `host:${host}\n` +
+        `x-amz-date:${amzDate}\n`;
+    const signedHeaders = 'host;x-amz-date';
+    const canonicalRequest = [
+        'GET',
+        path,
+        '', // query string
+        canonicalHeaders,
+        signedHeaders,
+        payloadHash,
+    ].join('\n');
+    const credentialScope = `${dateStamp}/${region}/bedrock/aws4_request`;
+    const stringToSign = [
+        'AWS4-HMAC-SHA256',
+        amzDate,
+        credentialScope,
+        sha256Hex(canonicalRequest),
+    ].join('\n');
+    const signingKey = getSignatureKey(secretAccessKey, dateStamp, region, 'bedrock');
+    const signature = crypto
+        .createHmac('sha256', signingKey)
+        .update(stringToSign)
+        .digest('hex');
+    const authorization = `AWS4-HMAC-SHA256 Credential=${accessKeyId}/${credentialScope}, ` +
+        `SignedHeaders=${signedHeaders}, Signature=${signature}`;
+    const response = await fetch(`https://${host}${path}`, {
+        method: 'GET',
+        headers: {
+            'Host': host,
+            'X-Amz-Date': amzDate,
+            'Authorization': authorization,
+            'User-Agent': 'opena2a-drift-check/1.0',
+        },
+        signal,
+    });
+    if (response.status === 200) {
+        let modelCount = 0;
+        try {
+            const body = await response.json();
+            modelCount = body.modelSummaries?.length ?? 0;
+        }
+        catch {
+            // Response parsing failed but 200 confirms access
+        }
+        return {
+            hasAccess: true,
+            detail: modelCount > 0
+                ? `can access ${modelCount} foundation model(s)`
+                : 'Bedrock API is accessible',
+        };
+    }
+    return { hasAccess: false, detail: `Bedrock returned ${response.status}` };
+}
+// --- Secret key proximity search ---
+/**
+ * Try to find an AWS secret access key near an access key ID in the same file.
+ * Searches within 5 lines of the access key's location.
+ */
+function findSecretKeyNearAccessKey(match) {
+    try {
+        const fs = require('fs');
+        const content = fs.readFileSync(match.filePath, 'utf-8');
+        const lines = content.split('\n');
+        const startLine = Math.max(0, match.line - 6);
+        const endLine = Math.min(lines.length, match.line + 5);
+        const region = lines.slice(startLine, endLine).join('\n');
+        // AWS secret access keys are 40 chars of base64-like characters
+        const secretKeyPattern = /(?:secret[_-]?(?:access)?[_-]?key|aws_secret)\s*[=:]\s*['"]?([A-Za-z0-9/+=]{40})['"]?/i;
+        // Try the labeled pattern first
+        const labeled = secretKeyPattern.exec(region);
+        if (labeled)
+            return labeled[1];
+        // Fallback: look for 40-char base64 strings that aren't the access key itself
+        const envPattern = /[A-Za-z0-9/+=]{40}/g;
+        const allMatches = region.match(envPattern);
+        if (allMatches) {
+            for (const m of allMatches) {
+                if (m !== match.value && /[a-z]/.test(m) && /[A-Z]/.test(m)) {
+                    return m;
+                }
+            }
+        }
+        return undefined;
+    }
+    catch {
+        return undefined;
+    }
+}
+// --- AWS Bedrock drift verification ---
+/**
+ * Verify whether an AWS access key is live and has Bedrock access.
+ *
+ * Step 1: STS GetCallerIdentity -- confirms key is live (always works, zero permissions needed).
+ * Step 2: If live, try ListFoundationModels to check Bedrock access.
+ *
+ * AWS SigV4 signing is done manually -- no SDK dependency.
+ * Requires the secret key to be found alongside the access key.
+ */
+async function verifyBedrockAccess(accessKeyId, secretAccessKey) {
+    const result = {
+        findingId: 'DRIFT-002',
+        checked: true,
+        live: false,
+        originalSeverity: 'high',
+        escalatedSeverity: 'high',
+        detail: '',
+    };
+    if (!secretAccessKey) {
+        result.checked = false;
+        result.detail = 'Secret access key not found alongside access key ID -- cannot verify liveness';
+        return result;
+    }
+    try {
+        const controller = new AbortController();
+        const timeout = setTimeout(() => controller.abort(), LIVENESS_TIMEOUT_MS);
+        // Step 1: STS GetCallerIdentity (works with any valid key, zero permissions needed)
+        const stsResult = await callStsGetCallerIdentity(accessKeyId, secretAccessKey, controller.signal);
+        clearTimeout(timeout);
+        if (!stsResult.live) {
+            result.detail = stsResult.detail;
+            result.error = stsResult.error;
+            return result;
+        }
+        // Key is live
+        result.live = true;
+        result.escalatedSeverity = 'critical';
+        result.detail = `AWS key is live (${stsResult.detail})`;
+        // Step 2: Try Bedrock ListFoundationModels
+        const controller2 = new AbortController();
+        const timeout2 = setTimeout(() => controller2.abort(), LIVENESS_TIMEOUT_MS);
+        try {
+            const bedrockResult = await callBedrockListModels(accessKeyId, secretAccessKey, controller2.signal);
+            clearTimeout(timeout2);
+            if (bedrockResult.hasAccess) {
+                result.detail += `. Bedrock access confirmed: ${bedrockResult.detail}`;
+            }
+            else {
+                result.detail += '. No Bedrock access detected (key is still live and exploitable)';
+            }
+        }
+        catch {
+            clearTimeout(timeout2);
+            result.detail += '. Bedrock check inconclusive (key is still live and exploitable)';
+        }
+    }
+    catch (err) {
+        if (err instanceof Error && err.name === 'AbortError') {
+            result.detail = 'Liveness check timed out (5s) -- unable to confirm drift';
+            result.error = 'timeout';
+        }
+        else {
+            result.detail = 'Network error during liveness check -- unable to confirm drift';
+            result.error = err instanceof Error ? err.message : String(err);
+        }
+    }
+    return result;
+}
+/**
+ * Run liveness verification on all DRIFT-prefixed credential matches.
+ * Returns a map of credential value -> LivenessResult.
+ *
+ * Runs checks in parallel with a concurrency limit of 3.
+ */
+async function verifyDriftFindings(matches) {
+    const results = new Map();
+    // Deduplicate: only check each unique key value once
+    const seen = new Set();
+    const uniqueDriftMatches = [];
+    for (const m of matches) {
+        if (!m.findingId.startsWith('DRIFT-'))
+            continue;
+        if (seen.has(m.value))
+            continue;
+        seen.add(m.value);
+        uniqueDriftMatches.push(m);
+    }
+    if (uniqueDriftMatches.length === 0)
+        return results;
+    // Run verifications in parallel (max 3 concurrent)
+    const CONCURRENCY = 3;
+    for (let i = 0; i < uniqueDriftMatches.length; i += CONCURRENCY) {
+        const chunk = uniqueDriftMatches.slice(i, i + CONCURRENCY);
+        const promises = chunk.map(async (match) => {
+            let result;
+            switch (match.findingId) {
+                case 'DRIFT-001':
+                    result = await verifyGeminiAccess(match.value);
+                    break;
+                case 'DRIFT-002': {
+                    const secretKey = findSecretKeyNearAccessKey(match);
+                    result = await verifyBedrockAccess(match.value, secretKey);
+                    break;
+                }
+                default:
+                    result = {
+                        findingId: match.findingId,
+                        checked: false,
+                        live: false,
+                        originalSeverity: match.severity,
+                        escalatedSeverity: match.severity,
+                        detail: 'No liveness check available for this drift type',
+                    };
+            }
+            results.set(match.value, result);
+        });
+        await Promise.all(promises);
+    }
+    return results;
+}
+/**
+ * Apply liveness results to credential matches: escalate severity
+ * and update explanation text for confirmed drift.
+ *
+ * Returns new match objects (does not mutate originals).
+ */
+function applyLivenessResults(matches, livenessResults) {
+    return matches.map(match => {
+        const result = livenessResults.get(match.value);
+        if (!result)
+            return match;
+        if (result.live) {
+            return {
+                ...match,
+                severity: result.escalatedSeverity,
+                explanation: (match.explanation ?? '') +
+                    ` CONFIRMED: ${result.detail}`,
+                businessImpact: (match.businessImpact ?? '') +
+                    ' Liveness verification confirmed the key has active Gemini access -- this is an active exposure, not theoretical.',
+            };
+        }
+        // Not live but checked -- append verification note
+        if (result.checked && !result.error) {
+            return {
+                ...match,
+                explanation: (match.explanation ?? '') +
+                    ` Verification: ${result.detail}`,
+            };
+        }
+        return match;
+    });
+}
+//# sourceMappingURL=drift-verification.js.map

package/dist/util/drift-verification.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"drift-verification.js","sourceRoot":"","sources":["../../src/util/drift-verification.ts"],"names":[],"mappings":";AAAA;;;;;;;;GAQG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAwCH,gDAyDC;AAwQD,kDA2EC;AAQD,kDAqDC;AAQD,oDA8BC;AArhBD,+CAAiC;AAsBjC,oBAAoB;AAEpB,MAAM,mBAAmB,GAAG,KAAK,CAAC;AAElC,MAAM,sBAAsB,GAAG,yDAAyD,CAAC;AAEzF,iCAAiC;AAEjC;;;;;;;GAOG;AACI,KAAK,UAAU,kBAAkB,CAAC,MAAc;IACrD,MAAM,MAAM,GAAmB;QAC7B,SAAS,EAAE,WAAW;QACtB,OAAO,EAAE,IAAI;QACb,IAAI,EAAE,KAAK;QACX,gBAAgB,EAAE,MAAM;QACxB,iBAAiB,EAAE,MAAM;QACzB,MAAM,EAAE,EAAE;KACX,CAAC;IAEF,IAAI,CAAC;QACH,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;QACzC,MAAM,OAAO,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,mBAAmB,CAAC,CAAC;QAE1E,MAAM,GAAG,GAAG,GAAG,sBAAsB,QAAQ,MAAM,EAAE,CAAC;QACtD,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;YAChC,MAAM,EAAE,KAAK;YACb,MAAM,EAAE,UAAU,CAAC,MAAM;YACzB,OAAO,EAAE;gBACP,YAAY,EAAE,yBAAyB;aACxC;SACF,CAAC,CAAC;QAEH,YAAY,CAAC,OAAO,CAAC,CAAC;QAEtB,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YAC5B,IAAI,UAAU,GAAG,CAAC,CAAC;YACnB,IAAI,CAAC;gBACH,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAA4B,CAAC;gBAC7D,UAAU,GAAG,IAAI,CAAC,MAAM,EAAE,MAAM,IAAI,CAAC,CAAC;YACxC,CAAC;YAAC,MAAM,CAAC;gBACP,kDAAkD;YACpD,CAAC;YAED,MAAM,CAAC,IAAI,GAAG,IAAI,CAAC;YACnB,MAAM,CAAC,iBAAiB,GAAG,UAAU,CAAC;YACtC,MAAM,CAAC,MAAM,GAAG,UAAU,GAAG,CAAC;gBAC5B,CAAC,CAAC,0CAA0C,UAAU,uCAAuC;gBAC7F,CAAC,CAAC,uEAAuE,CAAC;QAC9E,CAAC;aAAM,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YAC9D,MAAM,CAAC,MAAM,GAAG,+EAA+E,CAAC;QAClG,CAAC;aAAM,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YACnC,MAAM,CAAC,MAAM,GAAG,4EAA4E,CAAC;QAC/F,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,MAAM,GAAG,6BAA6B,QAAQ,CAAC,MAAM,4BAA4B,CAAC;QAC3F,CAAC;IACH,CAAC;IAAC,OAAO,GAAY,EAAE,CAAC;QACtB,IAAI,GAAG,YAAY,KAAK,IAAI,GAAG,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;YACtD,MAAM,CAAC,MAAM,GAAG,0DAA0D,CAAC;YAC3E,MAAM,CAAC,KAAK,GAAG,SAAS,CAAC;QAC3B,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,MAAM,GAAG,gEAAgE,CAAC;YACjF,MAAM,CAAC,KAAK,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAClE,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,sEAAsE;AAEtE,SAAS,UAAU,CAAC,GAAoB,EAAE,IAAY;IACpD,OAAO,MAAM,CAAC,UAAU,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,CAAC;AAChE,CAAC;AAED,SAAS,SAAS,CAAC,IAAY;IAC7B,OAAO,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AAChE,CAAC;AAED,SAAS,eAAe,CACtB,SAAiB,EACjB,SAAiB,EACjB,MAAc,EACd,OAAe;IAEf,MAAM,KAAK,GAAG,UAAU,CAAC,MAAM,GAAG,SAAS,EAAE,SAAS,CAAC,CAAC;IACxD,MAAM,OAAO,GAAG,UAAU,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;IAC1C,MAAM,QAAQ,GAAG,UAAU,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IAC9C,OAAO,UAAU,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC;AAC9C,CAAC;AAED,SAAS,cAAc,CAAC,MASvB;IACC,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;IACvB,MAAM,OAAO,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;IAC9E,MAAM,SAAS,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IAEtC,MAAM,WAAW,GAAG,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IAE3C,MAAM,gBAAgB,GACpB,QAAQ,MAAM,CAAC,IAAI,IAAI;QACvB,cAAc,OAAO,IAAI,CAAC;IAE5B,MAAM,aAAa,GAAG,iBAAiB,CAAC;IAExC,MAAM,gBAAgB,GAAG;QACvB,MAAM,CAAC,MAAM;QACb,MAAM,CAAC,IAAI;QACX,EAAE,EAAE,gCAAgC;QACpC,gBAAgB;QAChB,aAAa;QACb,WAAW;KACZ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAEb,MAAM,eAAe,GAAG,GAAG,SAAS,IAAI,MAAM,CAAC,MAAM,IAAI,MAAM,CAAC,OAAO,eAAe,CAAC;IACvF,MAAM,YAAY,GAAG;QACnB,kBAAkB;QAClB,OAAO;QACP,eAAe;QACf,SAAS,CAAC,gBAAgB,CAAC;KAC5B,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAEb,MAAM,UAAU,GAAG,eAAe,CAChC,MAAM,CAAC,eAAe,EACtB,SAAS,EACT,MAAM,CAAC,MAAM,EACb,MAAM,CAAC,OAAO,CACf,CAAC;IAEF,MAAM,SAAS,GAAG,MAAM;SACrB,UAAU,CAAC,QAAQ,EAAE,UAAU,CAAC;SAChC,MAAM,CAAC,YAAY,CAAC;SACpB,MAAM,CAAC,KAAK,CAAC,CAAC;IAEjB,MAAM,aAAa,GACjB,+BAA+B,MAAM,CAAC,WAAW,IAAI,eAAe,IAAI;QACxE,iBAAiB,aAAa,eAAe,SAAS,EAAE,CAAC;IAE3D,OAAO;QACL,MAAM,EAAE,MAAM,CAAC,IAAI;QACnB,YAAY,EAAE,OAAO;QACrB,eAAe,EAAE,aAAa;QAC9B,cAAc,EAAE,mCAAmC;QACnD,YAAY,EAAE,yBAAyB;KACxC,CAAC;AACJ,CAAC;AAED,wCAAwC;AAExC,KAAK,UAAU,wBAAwB,CACrC,WAAmB,EACnB,eAAuB,EACvB,MAAmB;IAEnB,MAAM,IAAI,GAAG,mBAAmB,CAAC;IACjC,MAAM,IAAI,GAAG,6CAA6C,CAAC;IAE3D,MAAM,OAAO,GAAG,cAAc,CAAC;QAC7B,MAAM,EAAE,MAAM;QACd,IAAI;QACJ,IAAI,EAAE,GAAG;QACT,IAAI;QACJ,WAAW;QACX,eAAe;QACf,MAAM,EAAE,WAAW;QACnB,OAAO,EAAE,KAAK;KACf,CAAC,CAAC;IAEH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,WAAW,IAAI,GAAG,EAAE;QAC/C,MAAM,EAAE,MAAM;QACd,OAAO;QACP,IAAI;QACJ,MAAM;KACP,CAAC,CAAC;IAEH,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;QAC5B,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QACnC,uCAAuC;QACvC,MAAM,YAAY,GAAG,IAAI,CAAC,KAAK,CAAC,2BAA2B,CAAC,CAAC;QAC7D,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,qBAAqB,CAAC,CAAC;QACnD,MAAM,OAAO,GAAG,YAAY,EAAE,CAAC,CAAC,CAAC,IAAI,SAAS,CAAC;QAC/C,MAAM,GAAG,GAAG,QAAQ,EAAE,CAAC,CAAC,CAAC,IAAI,SAAS,CAAC;QACvC,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,WAAW,OAAO,UAAU,GAAG,EAAE,EAAE,CAAC;IACnE,CAAC;IAED,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;QAC5B,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,+BAA+B,EAAE,CAAC;IAClE,CAAC;IAED,OAAO;QACL,IAAI,EAAE,KAAK;QACX,MAAM,EAAE,kCAAkC,QAAQ,CAAC,MAAM,EAAE;KAC5D,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,qBAAqB,CAClC,WAAmB,EACnB,eAAuB,EACvB,MAAmB;IAEnB,MAAM,MAAM,GAAG,WAAW,CAAC;IAC3B,MAAM,IAAI,GAAG,WAAW,MAAM,gBAAgB,CAAC;IAC/C,MAAM,IAAI,GAAG,oBAAoB,CAAC;IAElC,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;IACvB,MAAM,OAAO,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;IAC9E,MAAM,SAAS,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IAEtC,MAAM,WAAW,GAAG,SAAS,CAAC,EAAE,CAAC,CAAC;IAElC,MAAM,gBAAgB,GACpB,QAAQ,IAAI,IAAI;QAChB,cAAc,OAAO,IAAI,CAAC;IAE5B,MAAM,aAAa,GAAG,iBAAiB,CAAC;IAExC,MAAM,gBAAgB,GAAG;QACvB,KAAK;QACL,IAAI;QACJ,EAAE,EAAE,eAAe;QACnB,gBAAgB;QAChB,aAAa;QACb,WAAW;KACZ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAEb,MAAM,eAAe,GAAG,GAAG,SAAS,IAAI,MAAM,uBAAuB,CAAC;IACtE,MAAM,YAAY,GAAG;QACnB,kBAAkB;QAClB,OAAO;QACP,eAAe;QACf,SAAS,CAAC,gBAAgB,CAAC;KAC5B,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAEb,MAAM,UAAU,GAAG,eAAe,CAAC,eAAe,EAAE,SAAS,EAAE,MAAM,EAAE,SAAS,CAAC,CAAC;IAClF,MAAM,SAAS,GAAG,MAAM;SACrB,UAAU,CAAC,QAAQ,EAAE,UAAU,CAAC;SAChC,MAAM,CAAC,YAAY,CAAC;SACpB,MAAM,CAAC,KAAK,CAAC,CAAC;IAEjB,MAAM,aAAa,GACjB,+BAA+B,WAAW,IAAI,eAAe,IAAI;QACjE,iBAAiB,aAAa,eAAe,SAAS,EAAE,CAAC;IAE3D,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,WAAW,IAAI,GAAG,IAAI,EAAE,EAAE;QACrD,MAAM,EAAE,KAAK;QACb,OAAO,EAAE;YACP,MAAM,EAAE,IAAI;YACZ,YAAY,EAAE,OAAO;YACrB,eAAe,EAAE,aAAa;YAC9B,YAAY,EAAE,yBAAyB;SACxC;QACD,MAAM;KACP,CAAC,CAAC;IAEH,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;QAC5B,IAAI,UAAU,GAAG,CAAC,CAAC;QACnB,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAoC,CAAC;YACrE,UAAU,GAAG,IAAI,CAAC,cAAc,EAAE,MAAM,IAAI,CAAC,CAAC;QAChD,CAAC;QAAC,MAAM,CAAC;YACP,kDAAkD;QACpD,CAAC;QACD,OAAO;YACL,SAAS,EAAE,IAAI;YACf,MAAM,EAAE,UAAU,GAAG,CAAC;gBACpB,CAAC,CAAC,cAAc,UAAU,sBAAsB;gBAChD,CAAC,CAAC,2BAA2B;SAChC,CAAC;IACJ,CAAC;IAED,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,EAAE,oBAAoB,QAAQ,CAAC,MAAM,EAAE,EAAE,CAAC;AAC7E,CAAC;AAED,sCAAsC;AAEtC;;;GAGG;AACH,SAAS,0BAA0B,CAAC,KAAsB;IACxD,IAAI,CAAC;QACH,MAAM,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;QACzB,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,KAAK,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QACzD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAClC,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC;QAC9C,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,EAAE,KAAK,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC;QACvD,MAAM,MAAM,GAAG,KAAK,CAAC,KAAK,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAE1D,gEAAgE;QAChE,MAAM,gBAAgB,GAAG,wFAAwF,CAAC;QAElH,gCAAgC;QAChC,MAAM,OAAO,GAAG,gBAAgB,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAC9C,IAAI,OAAO;YAAE,OAAO,OAAO,CAAC,CAAC,CAAC,CAAC;QAE/B,8EAA8E;QAC9E,MAAM,UAAU,GAAG,qBAAqB,CAAC;QACzC,MAAM,UAAU,GAAG,MAAM,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;QAC5C,IAAI,UAAU,EAAE,CAAC;YACf,KAAK,MAAM,CAAC,IAAI,UAAU,EAAE,CAAC;gBAC3B,IAAI,CAAC,KAAK,KAAK,CAAC,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;oBAC5D,OAAO,CAAC,CAAC;gBACX,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,SAAS,CAAC;IACnB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC;AAED,yCAAyC;AAEzC;;;;;;;;GAQG;AACI,KAAK,UAAU,mBAAmB,CACvC,WAAmB,EACnB,eAAwB;IAExB,MAAM,MAAM,GAAmB;QAC7B,SAAS,EAAE,WAAW;QACtB,OAAO,EAAE,IAAI;QACb,IAAI,EAAE,KAAK;QACX,gBAAgB,EAAE,MAAM;QACxB,iBAAiB,EAAE,MAAM;QACzB,MAAM,EAAE,EAAE;KACX,CAAC;IAEF,IAAI,CAAC,eAAe,EAAE,CAAC;QACrB,MAAM,CAAC,OAAO,GAAG,KAAK,CAAC;QACvB,MAAM,CAAC,MAAM,GAAG,+EAA+E,CAAC;QAChG,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,IAAI,CAAC;QACH,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;QACzC,MAAM,OAAO,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,mBAAmB,CAAC,CAAC;QAE1E,oFAAoF;QACpF,MAAM,SAAS,GAAG,MAAM,wBAAwB,CAC9C,WAAW,EACX,eAAe,EACf,UAAU,CAAC,MAAM,CAClB,CAAC;QAEF,YAAY,CAAC,OAAO,CAAC,CAAC;QAEtB,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC;YACpB,MAAM,CAAC,MAAM,GAAG,SAAS,CAAC,MAAM,CAAC;YACjC,MAAM,CAAC,KAAK,GAAG,SAAS,CAAC,KAAK,CAAC;YAC/B,OAAO,MAAM,CAAC;QAChB,CAAC;QAED,cAAc;QACd,MAAM,CAAC,IAAI,GAAG,IAAI,CAAC;QACnB,MAAM,CAAC,iBAAiB,GAAG,UAAU,CAAC;QACtC,MAAM,CAAC,MAAM,GAAG,oBAAoB,SAAS,CAAC,MAAM,GAAG,CAAC;QAExD,2CAA2C;QAC3C,MAAM,WAAW,GAAG,IAAI,eAAe,EAAE,CAAC;QAC1C,MAAM,QAAQ,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,WAAW,CAAC,KAAK,EAAE,EAAE,mBAAmB,CAAC,CAAC;QAE5E,IAAI,CAAC;YACH,MAAM,aAAa,GAAG,MAAM,qBAAqB,CAC/C,WAAW,EACX,eAAe,EACf,WAAW,CAAC,MAAM,CACnB,CAAC;YACF,YAAY,CAAC,QAAQ,CAAC,CAAC;YAEvB,IAAI,aAAa,CAAC,SAAS,EAAE,CAAC;gBAC5B,MAAM,CAAC,MAAM,IAAI,+BAA+B,aAAa,CAAC,MAAM,EAAE,CAAC;YACzE,CAAC;iBAAM,CAAC;gBACN,MAAM,CAAC,MAAM,IAAI,kEAAkE,CAAC;YACtF,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,YAAY,CAAC,QAAQ,CAAC,CAAC;YACvB,MAAM,CAAC,MAAM,IAAI,kEAAkE,CAAC;QACtF,CAAC;IACH,CAAC;IAAC,OAAO,GAAY,EAAE,CAAC;QACtB,IAAI,GAAG,YAAY,KAAK,IAAI,GAAG,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;YACtD,MAAM,CAAC,MAAM,GAAG,0DAA0D,CAAC;YAC3E,MAAM,CAAC,KAAK,GAAG,SAAS,CAAC;QAC3B,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,MAAM,GAAG,gEAAgE,CAAC;YACjF,MAAM,CAAC,KAAK,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAClE,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;;GAKG;AACI,KAAK,UAAU,mBAAmB,CACvC,OAA0B;IAE1B,MAAM,OAAO,GAAG,IAAI,GAAG,EAA0B,CAAC;IAElD,qDAAqD;IACrD,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;IAC/B,MAAM,kBAAkB,GAAsB,EAAE,CAAC;IAEjD,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;QACxB,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC,UAAU,CAAC,QAAQ,CAAC;YAAE,SAAS;QAChD,IAAI,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC;YAAE,SAAS;QAChC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;QAClB,kBAAkB,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAC7B,CAAC;IAED,IAAI,kBAAkB,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,OAAO,CAAC;IAEpD,mDAAmD;IACnD,MAAM,WAAW,GAAG,CAAC,CAAC;IACtB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,kBAAkB,CAAC,MAAM,EAAE,CAAC,IAAI,WAAW,EAAE,CAAC;QAChE,MAAM,KAAK,GAAG,kBAAkB,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,GAAG,WAAW,CAAC,CAAC;QAE3D,MAAM,QAAQ,GAAG,KAAK,CAAC,GAAG,CAAC,KAAK,EAAE,KAAK,EAAE,EAAE;YACzC,IAAI,MAAsB,CAAC;YAE3B,QAAQ,KAAK,CAAC,SAAS,EAAE,CAAC;gBACxB,KAAK,WAAW;oBACd,MAAM,GAAG,MAAM,kBAAkB,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;oBAC/C,MAAM;gBACR,KAAK,WAAW,CAAC,CAAC,CAAC;oBACjB,MAAM,SAAS,GAAG,0BAA0B,CAAC,KAAK,CAAC,CAAC;oBACpD,MAAM,GAAG,MAAM,mBAAmB,CAAC,KAAK,CAAC,KAAK,EAAE,SAAS,CAAC,CAAC;oBAC3D,MAAM;gBACR,CAAC;gBACD;oBACE,MAAM,GAAG;wBACP,SAAS,EAAE,KAAK,CAAC,SAAS;wBAC1B,OAAO,EAAE,KAAK;wBACd,IAAI,EAAE,KAAK;wBACX,gBAAgB,EAAE,KAAK,CAAC,QAAQ;wBAChC,iBAAiB,EAAE,KAAK,CAAC,QAAQ;wBACjC,MAAM,EAAE,iDAAiD;qBAC1D,CAAC;YACN,CAAC;YAED,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;QACnC,CAAC,CAAC,CAAC;QAEH,MAAM,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IAC9B,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;;;GAKG;AACH,SAAgB,oBAAoB,CAClC,OAA0B,EAC1B,eAA4C;IAE5C,OAAO,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE;QACzB,MAAM,MAAM,GAAG,eAAe,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QAChD,IAAI,CAAC,MAAM;YAAE,OAAO,KAAK,CAAC;QAE1B,IAAI,MAAM,CAAC,IAAI,EAAE,CAAC;YAChB,OAAO;gBACL,GAAG,KAAK;gBACR,QAAQ,EAAE,MAAM,CAAC,iBAAiB;gBAClC,WAAW,EAAE,CAAC,KAAK,CAAC,WAAW,IAAI,EAAE,CAAC;oBACpC,eAAe,MAAM,CAAC,MAAM,EAAE;gBAChC,cAAc,EAAE,CAAC,KAAK,CAAC,cAAc,IAAI,EAAE,CAAC;oBAC1C,mHAAmH;aACtH,CAAC;QACJ,CAAC;QAED,mDAAmD;QACnD,IAAI,MAAM,CAAC,OAAO,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;YACpC,OAAO;gBACL,GAAG,KAAK;gBACR,WAAW,EAAE,CAAC,KAAK,CAAC,WAAW,IAAI,EAAE,CAAC;oBACpC,kBAAkB,MAAM,CAAC,MAAM,EAAE;aACpC,CAAC;QACJ,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC,CAAC,CAAC;AACL,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "opena2a-cli",
-  "version": "0.1.1",
+  "version": "0.1.2",
   "description": "Unified CLI for the OpenA2A security platform",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -25,7 +25,9 @@
     "vitest": "^3.0.0",
     "@types/node": "^22.0.0"
   },
-  "files": ["dist"],
+  "files": [
+    "dist"
+  ],
   "engines": {
     "node": ">=18.0.0"
   },