shellward 0.7.3 → 0.7.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +3 -0
- package/package.json +2 -1
package/README.md
CHANGED
|
@@ -390,6 +390,9 @@ Effectiveness is measured, not asserted. `npm run bench` runs every detector ove
|
|
|
390
390
|
| Dangerous commands | 100% | 100% | 100% |
|
|
391
391
|
| PII / secrets | 100% | 100% | 100% |
|
|
392
392
|
| MCP tool poisoning | 100% | 100% | 100% |
|
|
393
|
+
| **Compliance scan** (overseas / secret / PII vs hard negatives) | 100% | 100% | 100% |
|
|
394
|
+
|
|
395
|
+
The compliance scanner has its own gated corpus — `npm run bench:scan` runs the **real `scanProject` pipeline** over 31 labeled cases (17 real risks + 14 hard negatives: domestic endpoints, placeholder keys, doc examples, lock files, invalid checksums). Self-authored corpus, CI-gated against regression.
|
|
393
396
|
|
|
394
397
|
83 gated samples (attacks + hard negatives). Zero-width-interleaved and empty-quote (`r''m`) obfuscation are normalized before matching. The corpus also tracks **5 documented bypasses** (leetspeak, base64, non-zh/en languages, shell variable indirection) that regex/heuristics are not expected to catch — listed explicitly and excluded from the gate rather than hidden.
|
|
395
398
|
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "shellward",
|
|
3
|
-
"version": "0.7.
|
|
3
|
+
"version": "0.7.4",
|
|
4
4
|
"mcpName": "io.github.jnMetaCode/shellward",
|
|
5
5
|
"description": "AI agent security & MCP security middleware — prompt injection detection, AI firewall, runtime guardrails & data-loss prevention for LLM tool calls. 8-layer defense against data exfiltration & dangerous commands. Zero dependencies. SDK + OpenClaw plugin. Supports LangChain, AutoGPT, Claude Code, Cursor, OpenAI Agents, Hermes Agent.",
|
|
6
6
|
"keywords": [
|
|
@@ -65,6 +65,7 @@
|
|
|
65
65
|
"test:sdk": "npx tsx test-sdk.ts",
|
|
66
66
|
"test:mcp": "npx tsx test-mcp.ts",
|
|
67
67
|
"bench": "npx tsx bench/run.ts",
|
|
68
|
+
"bench:scan": "npx tsx bench/scan-bench.ts",
|
|
68
69
|
"prepublishOnly": "npm run build"
|
|
69
70
|
},
|
|
70
71
|
"openclaw": {
|