skillshield 1.0.0 → 2.0.0

package/dist/shield/network-policy.js

@@ -0,0 +1,226 @@
+/**
+ * SkillShield — Network Policy Engine
+ *
+ * Per-skill domain allowlisting. Skills declare which domains they need,
+ * and SkillShield blocks everything else at the DNS resolution level.
+ *
+ * This is what Snyk and Cisco DON'T do — they scan before install,
+ * but can't stop a skill from phoning home at runtime.
+ */
+/** Known malicious domains commonly used in skill attacks */
+const MALICIOUS_DOMAINS = [
+    'evil.com',
+    'attacker.com',
+    'exfil.io',
+    'c2server.net',
+    'malware.download',
+    'ngrok.io', // Tunneling — often used for exfiltration
+    'requestbin.com', // Data capture
+    'webhook.site', // Data capture
+    'pipedream.net', // Data capture
+    'burpcollaborator.net', // Pentesting tool
+];
+/** Known mining pool domains */
+const MINING_DOMAINS = [
+    'pool.monero.cc',
+    'xmr.pool.minergate.com',
+    'cryptonight.usa.nicehash.com',
+    'mine.xmrpool.net',
+    'coinhive.com',
+    'authedmine.com',
+];
+export class NetworkPolicyEngine {
+    constructor(policy) {
+        this.violations = [];
+        this.connectionCount = 0;
+        this.transferredBytes = 0;
+        this.policy = policy;
+        this.blockedDomains = new Set([
+            ...MALICIOUS_DOMAINS,
+            ...(policy.blockMalicious !== false ? MINING_DOMAINS : []),
+        ]);
+    }
+    /**
+     * Check if a domain is allowed by the policy.
+     * Returns true if allowed, false if blocked.
+     */
+    checkDomain(domain) {
+        const normalizedDomain = domain.toLowerCase().trim();
+        // Check malicious domains first
+        if (this.blockedDomains.has(normalizedDomain)) {
+            this.recordViolation({
+                type: 'MALICIOUS_DOMAIN',
+                domain: normalizedDomain,
+                details: `Blocked known malicious domain: ${normalizedDomain}`,
+            });
+            return false;
+        }
+        // Check against subdomain patterns in malicious list
+        for (const malicious of this.blockedDomains) {
+            if (normalizedDomain.endsWith(`.${malicious}`)) {
+                this.recordViolation({
+                    type: 'MALICIOUS_DOMAIN',
+                    domain: normalizedDomain,
+                    details: `Blocked subdomain of malicious domain: ${normalizedDomain} (parent: ${malicious})`,
+                });
+                return false;
+            }
+        }
+        // Default deny mode — only allowlisted domains pass
+        if (this.policy.defaultDeny) {
+            const isAllowed = this.policy.allowedDomains.some((allowed) => {
+                const normalizedAllowed = allowed.toLowerCase().trim();
+                return (normalizedDomain === normalizedAllowed ||
+                    normalizedDomain.endsWith(`.${normalizedAllowed}`));
+            });
+            if (!isAllowed) {
+                this.recordViolation({
+                    type: 'DNS_BLOCKED',
+                    domain: normalizedDomain,
+                    details: `Domain not in allowlist: ${normalizedDomain}. Allowed: [${this.policy.allowedDomains.join(', ')}]`,
+                });
+                return false;
+            }
+        }
+        return true;
+    }
+    /**
+     * Check if a connection attempt is allowed.
+     */
+    checkConnection(domain, port) {
+        // Check domain first
+        if (!this.checkDomain(domain)) {
+            return false;
+        }
+        // Check max connections
+        if (this.policy.maxConnections && this.connectionCount >= this.policy.maxConnections) {
+            this.recordViolation({
+                type: 'CONNECTION_BLOCKED',
+                domain,
+                port,
+                details: `Max connections exceeded: ${this.connectionCount}/${this.policy.maxConnections}`,
+            });
+            return false;
+        }
+        this.connectionCount++;
+        return true;
+    }
+    /**
+     * Track data transfer and block if limit exceeded.
+     */
+    trackTransfer(bytes) {
+        this.transferredBytes += bytes;
+        if (this.policy.maxTransferBytes && this.transferredBytes > this.policy.maxTransferBytes) {
+            this.recordViolation({
+                type: 'TRANSFER_EXCEEDED',
+                details: `Transfer limit exceeded: ${this.transferredBytes}/${this.policy.maxTransferBytes} bytes`,
+            });
+            return false;
+        }
+        return true;
+    }
+    /**
+     * Generate the Node.js code that enforces this policy at runtime.
+     * This wraps the skill's execution with DNS/network interception.
+     */
+    generateEnforcementCode() {
+        const allowedJSON = JSON.stringify(this.policy.allowedDomains);
+        const blockedJSON = JSON.stringify([...this.blockedDomains]);
+        return `
+// ── SkillShield Network Policy Enforcement ──
+const __ss_allowed = new Set(${allowedJSON}.map(d => d.toLowerCase()));
+const __ss_blocked = new Set(${blockedJSON}.map(d => d.toLowerCase()));
+const __ss_defaultDeny = ${this.policy.defaultDeny};
+const __ss_maxTransfer = ${this.policy.maxTransferBytes || 0};
+let __ss_transferred = 0;
+
+const __ss_originalDnsLookup = require('dns').lookup;
+require('dns').lookup = function(hostname, options, callback) {
+  const domain = hostname.toLowerCase();
+
+  // Block malicious
+  for (const blocked of __ss_blocked) {
+    if (domain === blocked || domain.endsWith('.' + blocked)) {
+      const err = new Error('[SkillShield] BLOCKED: ' + domain + ' is a known malicious domain');
+      err.code = 'ENOTFOUND';
+      if (typeof options === 'function') return options(err);
+      return callback(err);
+    }
+  }
+
+  // Default deny check
+  if (__ss_defaultDeny) {
+    let allowed = false;
+    for (const a of __ss_allowed) {
+      if (domain === a || domain.endsWith('.' + a)) { allowed = true; break; }
+    }
+    if (!allowed) {
+      const err = new Error('[SkillShield] BLOCKED: ' + domain + ' not in network policy allowlist');
+      err.code = 'ENOTFOUND';
+      if (typeof options === 'function') return options(err);
+      return callback(err);
+    }
+  }
+
+  return __ss_originalDnsLookup.call(this, hostname, options, callback);
+};
+
+// Intercept http/https to track transfer size
+const __ss_origRequest = require('https').request;
+require('https').request = function(...args) {
+  const req = __ss_origRequest.apply(this, args);
+  req.on('response', (res) => {
+    res.on('data', (chunk) => {
+      __ss_transferred += chunk.length;
+      if (__ss_maxTransfer > 0 && __ss_transferred > __ss_maxTransfer) {
+        res.destroy(new Error('[SkillShield] Transfer limit exceeded: ' + __ss_transferred + ' bytes'));
+      }
+    });
+  });
+  return req;
+};
+// ── End SkillShield Network Policy ──
+`;
+    }
+    recordViolation(partial) {
+        this.violations.push({
+            ...partial,
+            timestamp: new Date().toISOString(),
+        });
+    }
+    getViolations() {
+        return [...this.violations];
+    }
+    getStats() {
+        return {
+            connections: this.connectionCount,
+            transferredBytes: this.transferredBytes,
+            violations: this.violations.length,
+        };
+    }
+    reset() {
+        this.violations = [];
+        this.connectionCount = 0;
+        this.transferredBytes = 0;
+    }
+}
+/**
+ * Parse network policy from SKILL.md frontmatter.
+ * Expected format in frontmatter:
+ *   network:
+ *     allowed: ["api.openai.com", "api.anthropic.com"]
+ *     maxTransferMB: 10
+ */
+export function parseNetworkPolicy(frontmatter) {
+    const network = (frontmatter.network || frontmatter.networking || {});
+    const allowed = (network.allowed || network.domains || []);
+    const maxTransferMB = (network.maxTransferMB || network.maxTransfer || 10);
+    return {
+        allowedDomains: allowed.length > 0 ? allowed : [],
+        defaultDeny: allowed.length > 0, // If skill declares domains, enforce them
+        maxConnections: network.maxConnections || 50,
+        maxTransferBytes: maxTransferMB * 1024 * 1024,
+        blockMalicious: true,
+    };
+}
+//# sourceMappingURL=network-policy.js.map

package/dist/shield/network-policy.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"network-policy.js","sourceRoot":"","sources":["../../src/shield/network-policy.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AA0BH,6DAA6D;AAC7D,MAAM,iBAAiB,GAAa;IAClC,UAAU;IACV,cAAc;IACd,UAAU;IACV,cAAc;IACd,kBAAkB;IAClB,UAAU,EAAQ,0CAA0C;IAC5D,gBAAgB,EAAE,eAAe;IACjC,cAAc,EAAI,eAAe;IACjC,eAAe,EAAG,eAAe;IACjC,sBAAsB,EAAE,kBAAkB;CAC3C,CAAC;AAEF,gCAAgC;AAChC,MAAM,cAAc,GAAa;IAC/B,gBAAgB;IAChB,wBAAwB;IACxB,8BAA8B;IAC9B,kBAAkB;IAClB,cAAc;IACd,gBAAgB;CACjB,CAAC;AAEF,MAAM,OAAO,mBAAmB;IAO9B,YAAY,MAAqB;QALzB,eAAU,GAAuB,EAAE,CAAC;QACpC,oBAAe,GAAW,CAAC,CAAC;QAC5B,qBAAgB,GAAW,CAAC,CAAC;QAInC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,cAAc,GAAG,IAAI,GAAG,CAAC;YAC5B,GAAG,iBAAiB;YACpB,GAAG,CAAC,MAAM,CAAC,cAAc,KAAK,KAAK,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,EAAE,CAAC;SAC3D,CAAC,CAAC;IACL,CAAC;IAED;;;OAGG;IACH,WAAW,CAAC,MAAc;QACxB,MAAM,gBAAgB,GAAG,MAAM,CAAC,WAAW,EAAE,CAAC,IAAI,EAAE,CAAC;QAErD,gCAAgC;QAChC,IAAI,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,gBAAgB,CAAC,EAAE,CAAC;YAC9C,IAAI,CAAC,eAAe,CAAC;gBACnB,IAAI,EAAE,kBAAkB;gBACxB,MAAM,EAAE,gBAAgB;gBACxB,OAAO,EAAE,mCAAmC,gBAAgB,EAAE;aAC/D,CAAC,CAAC;YACH,OAAO,KAAK,CAAC;QACf,CAAC;QAED,qDAAqD;QACrD,KAAK,MAAM,SAAS,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;YAC5C,IAAI,gBAAgB,CAAC,QAAQ,CAAC,IAAI,SAAS,EAAE,CAAC,EAAE,CAAC;gBAC/C,IAAI,CAAC,eAAe,CAAC;oBACnB,IAAI,EAAE,kBAAkB;oBACxB,MAAM,EAAE,gBAAgB;oBACxB,OAAO,EAAE,0CAA0C,gBAAgB,aAAa,SAAS,GAAG;iBAC7F,CAAC,CAAC;gBACH,OAAO,KAAK,CAAC;YACf,CAAC;QACH,CAAC;QAED,oDAAoD;QACpD,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC;YAC5B,MAAM,SAAS,GAAG,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE;gBAC5D,MAAM,iBAAiB,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC,IAAI,EAAE,CAAC;gBACvD,OAAO,CACL,gBAAgB,KAAK,iBAAiB;oBACtC,gBAAgB,CAAC,QAAQ,CAAC,IAAI,iBAAiB,EAAE,CAAC,CACnD,CAAC;YACJ,CAAC,CAAC,CAAC;YAEH,IAAI,CAAC,SAAS,EAAE,CAAC;gBACf,IAAI,CAAC,eAAe,CAAC;oBACnB,IAAI,EAAE,aAAa;oBACnB,MAAM,EAAE,gBAAgB;oBACxB,OAAO,EAAE,4BAA4B,gBAAgB,eAAe,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG;iBAC7G,CAAC,CAAC;gBACH,OAAO,KAAK,CAAC;YACf,CAAC;QACH,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;OAEG;IACH,eAAe,CAAC,MAAc,EAAE,IAAY;QAC1C,qBAAqB;QACrB,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC;QACf,CAAC;QAED,wBAAwB;QACxB,IAAI,IAAI,CAAC,MAAM,CAAC,cAAc,IAAI,IAAI,CAAC,eAAe,IAAI,IAAI,CAAC,MAAM,CAAC,cAAc,EAAE,CAAC;YACrF,IAAI,CAAC,eAAe,CAAC;gBACnB,IAAI,EAAE,oBAAoB;gBAC1B,MAAM;gBACN,IAAI;gBACJ,OAAO,EAAE,6BAA6B,IAAI,CAAC,eAAe,IAAI,IAAI,CAAC,MAAM,CAAC,cAAc,EAAE;aAC3F,CAAC,CAAC;YACH,OAAO,KAAK,CAAC;QACf,CAAC;QAED,IAAI,CAAC,eAAe,EAAE,CAAC;QACvB,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;OAEG;IACH,aAAa,CAAC,KAAa;QACzB,IAAI,CAAC,gBAAgB,IAAI,KAAK,CAAC;QAE/B,IAAI,IAAI,CAAC,MAAM,CAAC,gBAAgB,IAAI,IAAI,CAAC,gBAAgB,GAAG,IAAI,CAAC,MAAM,CAAC,gBAAgB,EAAE,CAAC;YACzF,IAAI,CAAC,eAAe,CAAC;gBACnB,IAAI,EAAE,mBAAmB;gBACzB,OAAO,EAAE,4BAA4B,IAAI,CAAC,gBAAgB,IAAI,IAAI,CAAC,MAAM,CAAC,gBAAgB,QAAQ;aACnG,CAAC,CAAC;YACH,OAAO,KAAK,CAAC;QACf,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;;OAGG;IACH,uBAAuB;QACrB,MAAM,WAAW,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC;QAC/D,MAAM,WAAW,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,GAAG,IAAI,CAAC,cAAc,CAAC,CAAC,CAAC;QAE7D,OAAO;;+BAEoB,WAAW;+BACX,WAAW;2BACf,IAAI,CAAC,MAAM,CAAC,WAAW;2BACvB,IAAI,CAAC,MAAM,CAAC,gBAAgB,IAAI,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAiD3D,CAAC;IACA,CAAC;IAEO,eAAe,CAAC,OAA4C;QAClE,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC;YACnB,GAAG,OAAO;YACV,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACpC,CAAC,CAAC;IACL,CAAC;IAED,aAAa;QACX,OAAO,CAAC,GAAG,IAAI,CAAC,UAAU,CAAC,CAAC;IAC9B,CAAC;IAED,QAAQ;QACN,OAAO;YACL,WAAW,EAAE,IAAI,CAAC,eAAe;YACjC,gBAAgB,EAAE,IAAI,CAAC,gBAAgB;YACvC,UAAU,EAAE,IAAI,CAAC,UAAU,CAAC,MAAM;SACnC,CAAC;IACJ,CAAC;IAED,KAAK;QACH,IAAI,CAAC,UAAU,GAAG,EAAE,CAAC;QACrB,IAAI,CAAC,eAAe,GAAG,CAAC,CAAC;QACzB,IAAI,CAAC,gBAAgB,GAAG,CAAC,CAAC;IAC5B,CAAC;CACF;AAED;;;;;;GAMG;AACH,MAAM,UAAU,kBAAkB,CAAC,WAAoC;IACrE,MAAM,OAAO,GAAG,CAAC,WAAW,CAAC,OAAO,IAAI,WAAW,CAAC,UAAU,IAAI,EAAE,CAA4B,CAAC;IACjG,MAAM,OAAO,GAAG,CAAC,OAAO,CAAC,OAAO,IAAI,OAAO,CAAC,OAAO,IAAI,EAAE,CAAa,CAAC;IACvE,MAAM,aAAa,GAAG,CAAC,OAAO,CAAC,aAAa,IAAI,OAAO,CAAC,WAAW,IAAI,EAAE,CAAW,CAAC;IAErF,OAAO;QACL,cAAc,EAAE,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE;QACjD,WAAW,EAAE,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,0CAA0C;QAC3E,cAAc,EAAG,OAAO,CAAC,cAAyB,IAAI,EAAE;QACxD,gBAAgB,EAAE,aAAa,GAAG,IAAI,GAAG,IAAI;QAC7C,cAAc,EAAE,IAAI;KACrB,CAAC;AACJ,CAAC"}

package/dist/shield/runtime-monitor.d.ts

@@ -0,0 +1,106 @@
+/**
+ * SkillShield — Runtime Monitor + Kill Switch
+ *
+ * Real-time monitoring of skill execution. Watches stdout/stderr
+ * for threat patterns, tracks resource consumption, and kills the
+ * process if anomalies are detected.
+ *
+ * This is the core differentiator: Snyk scans before install,
+ * SkillShield watches DURING execution.
+ */
+import { ChildProcess } from 'child_process';
+import { type ThreatCategory, type SeverityLevel } from '../guard/patterns.js';
+export interface MonitorPolicy {
+    /** Max execution time in ms (kill switch) */
+    maxExecutionTime: number;
+    /** Max memory in MB (kill switch) */
+    maxMemoryMB: number;
+    /** Max output size in bytes (prevent output flooding) */
+    maxOutputBytes: number;
+    /** Severity threshold to trigger kill (CRITICAL = kill immediately) */
+    killOnSeverity: SeverityLevel;
+    /** Re-scan output for threats in real-time */
+    enableOutputScanning: boolean;
+    /** Max violations before kill */
+    maxViolations: number;
+    /** Categories that trigger immediate kill */
+    criticalCategories: ThreatCategory[];
+}
+export interface RuntimeEvent {
+    timestamp: string;
+    type: 'STDOUT' | 'STDERR' | 'THREAT_DETECTED' | 'RESOURCE_LIMIT' | 'KILL_SWITCH' | 'ANOMALY' | 'EXIT';
+    severity: SeverityLevel;
+    details: string;
+    data?: unknown;
+}
+export interface MonitorReport {
+    startTime: string;
+    endTime?: string;
+    durationMs: number;
+    events: RuntimeEvent[];
+    threatsDetected: number;
+    killed: boolean;
+    killReason?: string;
+    resourceUsage: {
+        peakMemoryMB: number;
+        totalOutputBytes: number;
+        cpuTimeMs: number;
+    };
+}
+export declare class RuntimeMonitor {
+    private policy;
+    private events;
+    private startTime;
+    private outputBytes;
+    private threatsDetected;
+    private killed;
+    private killReason?;
+    private process?;
+    private killTimer?;
+    private memoryCheckInterval?;
+    /** Subset of patterns optimized for real-time output scanning */
+    private runtimePatterns;
+    constructor(policy: MonitorPolicy);
+    /**
+     * Attach the monitor to a running child process.
+     */
+    attach(childProcess: ChildProcess): void;
+    /**
+     * Process output from the skill and check for threats.
+     */
+    private onOutput;
+    /**
+     * Scan skill output for threat patterns in real-time.
+     * This catches skills that generate malicious output (e.g., writing
+     * shell commands to stdout that another tool might execute).
+     */
+    private scanOutput;
+    /**
+     * Check process memory usage.
+     */
+    private checkMemory;
+    /**
+     * Kill the child process — the kill switch.
+     */
+    killProcess(reason: string, details: string): void;
+    /**
+     * Clean up timers and intervals.
+     */
+    private cleanup;
+    /**
+     * Compare severity levels. Returns positive if a >= b.
+     */
+    private compareSeverity;
+    private recordEvent;
+    /**
+     * Generate the final monitoring report.
+     */
+    getReport(): MonitorReport;
+    isKilled(): boolean;
+    getEventCount(): number;
+}
+/**
+ * Default monitor policy — strict but reasonable for developer use.
+ */
+export declare function getDefaultMonitorPolicy(): MonitorPolicy;
+//# sourceMappingURL=runtime-monitor.d.ts.map

package/dist/shield/runtime-monitor.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"runtime-monitor.d.ts","sourceRoot":"","sources":["../../src/shield/runtime-monitor.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,eAAe,CAAC;AAC7C,OAAO,EAA6C,KAAK,cAAc,EAAE,KAAK,aAAa,EAAE,MAAM,sBAAsB,CAAC;AAE1H,MAAM,WAAW,aAAa;IAC5B,6CAA6C;IAC7C,gBAAgB,EAAE,MAAM,CAAC;IACzB,qCAAqC;IACrC,WAAW,EAAE,MAAM,CAAC;IACpB,yDAAyD;IACzD,cAAc,EAAE,MAAM,CAAC;IACvB,uEAAuE;IACvE,cAAc,EAAE,aAAa,CAAC;IAC9B,8CAA8C;IAC9C,oBAAoB,EAAE,OAAO,CAAC;IAC9B,iCAAiC;IACjC,aAAa,EAAE,MAAM,CAAC;IACtB,6CAA6C;IAC7C,kBAAkB,EAAE,cAAc,EAAE,CAAC;CACtC;AAED,MAAM,WAAW,YAAY;IAC3B,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,EAAE,QAAQ,GAAG,QAAQ,GAAG,iBAAiB,GAAG,gBAAgB,GAAG,aAAa,GAAG,SAAS,GAAG,MAAM,CAAC;IACtG,QAAQ,EAAE,aAAa,CAAC;IACxB,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,OAAO,CAAC;CAChB;AAED,MAAM,WAAW,aAAa;IAC5B,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,YAAY,EAAE,CAAC;IACvB,eAAe,EAAE,MAAM,CAAC;IACxB,MAAM,EAAE,OAAO,CAAC;IAChB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,aAAa,EAAE;QACb,YAAY,EAAE,MAAM,CAAC;QACrB,gBAAgB,EAAE,MAAM,CAAC;QACzB,SAAS,EAAE,MAAM,CAAC;KACnB,CAAC;CACH;AAED,qBAAa,cAAc;IACzB,OAAO,CAAC,MAAM,CAAgB;IAC9B,OAAO,CAAC,MAAM,CAAsB;IACpC,OAAO,CAAC,SAAS,CAAa;IAC9B,OAAO,CAAC,WAAW,CAAa;IAChC,OAAO,CAAC,eAAe,CAAa;IACpC,OAAO,CAAC,MAAM,CAAkB;IAChC,OAAO,CAAC,UAAU,CAAC,CAAS;IAC5B,OAAO,CAAC,OAAO,CAAC,CAAe;IAC/B,OAAO,CAAC,SAAS,CAAC,CAAiB;IACnC,OAAO,CAAC,mBAAmB,CAAC,CAAiB;IAE7C,iEAAiE;IACjE,OAAO,CAAC,eAAe,CAAqB;gBAEhC,MAAM,EAAE,aAAa;IAQjC;;OAEG;IACH,MAAM,CAAC,YAAY,EAAE,YAAY,GAAG,IAAI;IAyCxC;;OAEG;IACH,OAAO,CAAC,QAAQ;IAahB;;;;OAIG;IACH,OAAO,CAAC,UAAU;IA+ClB;;OAEG;IACH,OAAO,CAAC,WAAW;IAmBnB;;OAEG;IACH,WAAW,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,IAAI;IA0BlD;;OAEG;IACH,OAAO,CAAC,OAAO;IAWf;;OAEG;IACH,OAAO,CAAC,eAAe;IAUvB,OAAO,CAAC,WAAW;IAInB;;OAEG;IACH,SAAS,IAAI,aAAa;IAkB1B,QAAQ,IAAI,OAAO;IAInB,aAAa,IAAI,MAAM;CAGxB;AAED;;GAEG;AACH,wBAAgB,uBAAuB,IAAI,aAAa,CAevD"}

package/dist/shield/runtime-monitor.js

@@ -0,0 +1,233 @@
+/**
+ * SkillShield — Runtime Monitor + Kill Switch
+ *
+ * Real-time monitoring of skill execution. Watches stdout/stderr
+ * for threat patterns, tracks resource consumption, and kills the
+ * process if anomalies are detected.
+ *
+ * This is the core differentiator: Snyk scans before install,
+ * SkillShield watches DURING execution.
+ */
+import { MALICIOUS_PATTERNS } from '../guard/patterns.js';
+export class RuntimeMonitor {
+    constructor(policy) {
+        this.events = [];
+        this.startTime = 0;
+        this.outputBytes = 0;
+        this.threatsDetected = 0;
+        this.killed = false;
+        this.policy = policy;
+        // Select high-severity patterns for real-time scanning (keep it fast)
+        this.runtimePatterns = MALICIOUS_PATTERNS.filter((p) => p.severity === 'CRITICAL' || p.severity === 'HIGH');
+    }
+    /**
+     * Attach the monitor to a running child process.
+     */
+    attach(childProcess) {
+        this.process = childProcess;
+        this.startTime = Date.now();
+        this.killed = false;
+        // Start the kill timer (max execution time)
+        this.killTimer = setTimeout(() => {
+            this.killProcess('TIMEOUT', `Execution exceeded ${this.policy.maxExecutionTime}ms limit`);
+        }, this.policy.maxExecutionTime);
+        // Monitor stdout
+        childProcess.stdout?.on('data', (data) => {
+            const text = data.toString();
+            this.outputBytes += data.length;
+            this.onOutput('STDOUT', text);
+        });
+        // Monitor stderr
+        childProcess.stderr?.on('data', (data) => {
+            const text = data.toString();
+            this.outputBytes += data.length;
+            this.onOutput('STDERR', text);
+        });
+        // Monitor exit
+        childProcess.on('exit', (code, signal) => {
+            this.recordEvent({
+                type: 'EXIT',
+                severity: 'LOW',
+                details: `Process exited with code ${code}, signal ${signal}`,
+                data: { code, signal },
+            });
+            this.cleanup();
+        });
+        // Memory monitoring (check every 2 seconds)
+        this.memoryCheckInterval = setInterval(() => {
+            this.checkMemory();
+        }, 2000);
+    }
+    /**
+     * Process output from the skill and check for threats.
+     */
+    onOutput(stream, text) {
+        // Check output size
+        if (this.outputBytes > this.policy.maxOutputBytes) {
+            this.killProcess('OUTPUT_FLOOD', `Output exceeded ${this.policy.maxOutputBytes} bytes — possible output flooding attack`);
+            return;
+        }
+        // Real-time threat scanning on output
+        if (this.policy.enableOutputScanning) {
+            this.scanOutput(text, stream);
+        }
+    }
+    /**
+     * Scan skill output for threat patterns in real-time.
+     * This catches skills that generate malicious output (e.g., writing
+     * shell commands to stdout that another tool might execute).
+     */
+    scanOutput(text, stream) {
+        for (const pattern of this.runtimePatterns) {
+            // Reset regex state for global patterns
+            pattern.pattern.lastIndex = 0;
+            const match = pattern.pattern.exec(text);
+            if (match) {
+                this.threatsDetected++;
+                this.recordEvent({
+                    type: 'THREAT_DETECTED',
+                    severity: pattern.severity,
+                    details: `[${stream}] ${pattern.description} — Evidence: "${match[0].substring(0, 100)}"`,
+                    data: {
+                        patternId: pattern.id,
+                        category: pattern.category,
+                        evidence: match[0].substring(0, 200),
+                    },
+                });
+                // Kill immediately if critical category
+                if (this.policy.criticalCategories.includes(pattern.category)) {
+                    this.killProcess('CRITICAL_THREAT', `Critical threat detected in output: ${pattern.category} — ${pattern.description}`);
+                    return;
+                }
+                // Kill if severity exceeds threshold
+                if (this.compareSeverity(pattern.severity, this.policy.killOnSeverity) >= 0) {
+                    this.killProcess('SEVERITY_THRESHOLD', `Threat severity ${pattern.severity} exceeds kill threshold ${this.policy.killOnSeverity}`);
+                    return;
+                }
+                // Kill if too many violations
+                if (this.threatsDetected >= this.policy.maxViolations) {
+                    this.killProcess('MAX_VIOLATIONS', `${this.threatsDetected} violations detected (limit: ${this.policy.maxViolations})`);
+                    return;
+                }
+            }
+        }
+    }
+    /**
+     * Check process memory usage.
+     */
+    checkMemory() {
+        if (!this.process || !this.process.pid)
+            return;
+        try {
+            // Use process.memoryUsage() for the parent — child memory is harder
+            // For child process, we estimate from output + known overhead
+            const memUsage = process.memoryUsage();
+            const heapMB = Math.round(memUsage.heapUsed / 1024 / 1024);
+            if (heapMB > this.policy.maxMemoryMB) {
+                this.killProcess('MEMORY_LIMIT', `Memory usage ${heapMB}MB exceeds limit ${this.policy.maxMemoryMB}MB`);
+            }
+        }
+        catch {
+            // Ignore memory check errors
+        }
+    }
+    /**
+     * Kill the child process — the kill switch.
+     */
+    killProcess(reason, details) {
+        if (this.killed)
+            return;
+        this.killed = true;
+        this.killReason = `${reason}: ${details}`;
+        this.recordEvent({
+            type: 'KILL_SWITCH',
+            severity: 'CRITICAL',
+            details: `🛑 KILL SWITCH ACTIVATED — ${reason}: ${details}`,
+        });
+        if (this.process && !this.process.killed) {
+            // First try SIGTERM for graceful shutdown
+            this.process.kill('SIGTERM');
+            // Force kill after 3 seconds if still running
+            setTimeout(() => {
+                if (this.process && !this.process.killed) {
+                    this.process.kill('SIGKILL');
+                }
+            }, 3000);
+        }
+        this.cleanup();
+    }
+    /**
+     * Clean up timers and intervals.
+     */
+    cleanup() {
+        if (this.killTimer) {
+            clearTimeout(this.killTimer);
+            this.killTimer = undefined;
+        }
+        if (this.memoryCheckInterval) {
+            clearInterval(this.memoryCheckInterval);
+            this.memoryCheckInterval = undefined;
+        }
+    }
+    /**
+     * Compare severity levels. Returns positive if a >= b.
+     */
+    compareSeverity(a, b) {
+        const order = {
+            CRITICAL: 4,
+            HIGH: 3,
+            MEDIUM: 2,
+            LOW: 1,
+        };
+        return order[a] - order[b];
+    }
+    recordEvent(partial) {
+        this.events.push({ ...partial, timestamp: new Date().toISOString() });
+    }
+    /**
+     * Generate the final monitoring report.
+     */
+    getReport() {
+        const endTime = Date.now();
+        return {
+            startTime: new Date(this.startTime).toISOString(),
+            endTime: new Date(endTime).toISOString(),
+            durationMs: endTime - this.startTime,
+            events: [...this.events],
+            threatsDetected: this.threatsDetected,
+            killed: this.killed,
+            killReason: this.killReason,
+            resourceUsage: {
+                peakMemoryMB: Math.round(process.memoryUsage().heapUsed / 1024 / 1024),
+                totalOutputBytes: this.outputBytes,
+                cpuTimeMs: endTime - this.startTime,
+            },
+        };
+    }
+    isKilled() {
+        return this.killed;
+    }
+    getEventCount() {
+        return this.events.length;
+    }
+}
+/**
+ * Default monitor policy — strict but reasonable for developer use.
+ */
+export function getDefaultMonitorPolicy() {
+    return {
+        maxExecutionTime: 60000, // 60 seconds
+        maxMemoryMB: 512, // 512MB
+        maxOutputBytes: 10 * 1024 * 1024, // 10MB output
+        killOnSeverity: 'CRITICAL',
+        enableOutputScanning: true,
+        maxViolations: 5,
+        criticalCategories: [
+            'MEMORY_POISONING',
+            'CREDENTIAL_THEFT',
+            'MALWARE',
+            'DATA_EXFILTRATION',
+        ],
+    };
+}
+//# sourceMappingURL=runtime-monitor.js.map

package/dist/shield/runtime-monitor.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"runtime-monitor.js","sourceRoot":"","sources":["../../src/shield/runtime-monitor.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAGH,OAAO,EAAE,kBAAkB,EAAkE,MAAM,sBAAsB,CAAC;AA0C1H,MAAM,OAAO,cAAc;IAezB,YAAY,MAAqB;QAbzB,WAAM,GAAmB,EAAE,CAAC;QAC5B,cAAS,GAAW,CAAC,CAAC;QACtB,gBAAW,GAAW,CAAC,CAAC;QACxB,oBAAe,GAAW,CAAC,CAAC;QAC5B,WAAM,GAAY,KAAK,CAAC;QAU9B,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,sEAAsE;QACtE,IAAI,CAAC,eAAe,GAAG,kBAAkB,CAAC,MAAM,CAC9C,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,IAAI,CAAC,CAAC,QAAQ,KAAK,MAAM,CAC1D,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,YAA0B;QAC/B,IAAI,CAAC,OAAO,GAAG,YAAY,CAAC;QAC5B,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAC5B,IAAI,CAAC,MAAM,GAAG,KAAK,CAAC;QAEpB,4CAA4C;QAC5C,IAAI,CAAC,SAAS,GAAG,UAAU,CAAC,GAAG,EAAE;YAC/B,IAAI,CAAC,WAAW,CAAC,SAAS,EAAE,sBAAsB,IAAI,CAAC,MAAM,CAAC,gBAAgB,UAAU,CAAC,CAAC;QAC5F,CAAC,EAAE,IAAI,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC;QAEjC,iBAAiB;QACjB,YAAY,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,EAAE,CAAC,IAAY,EAAE,EAAE;YAC/C,MAAM,IAAI,GAAG,IAAI,CAAC,QAAQ,EAAE,CAAC;YAC7B,IAAI,CAAC,WAAW,IAAI,IAAI,CAAC,MAAM,CAAC;YAChC,IAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;QAChC,CAAC,CAAC,CAAC;QAEH,iBAAiB;QACjB,YAAY,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,EAAE,CAAC,IAAY,EAAE,EAAE;YAC/C,MAAM,IAAI,GAAG,IAAI,CAAC,QAAQ,EAAE,CAAC;YAC7B,IAAI,CAAC,WAAW,IAAI,IAAI,CAAC,MAAM,CAAC;YAChC,IAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;QAChC,CAAC,CAAC,CAAC;QAEH,eAAe;QACf,YAAY,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,MAAM,EAAE,EAAE;YACvC,IAAI,CAAC,WAAW,CAAC;gBACf,IAAI,EAAE,MAAM;gBACZ,QAAQ,EAAE,KAAK;gBACf,OAAO,EAAE,4BAA4B,IAAI,YAAY,MAAM,EAAE;gBAC7D,IAAI,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE;aACvB,CAAC,CAAC;YACH,IAAI,CAAC,OAAO,EAAE,CAAC;QACjB,CAAC,CAAC,CAAC;QAEH,4CAA4C;QAC5C,IAAI,CAAC,mBAAmB,GAAG,WAAW,CAAC,GAAG,EAAE;YAC1C,IAAI,CAAC,WAAW,EAAE,CAAC;QACrB,CAAC,EAAE,IAAI,CAAC,CAAC;IACX,CAAC;IAED;;OAEG;IACK,QAAQ,CAAC,MAA2B,EAAE,IAAY;QACxD,oBAAoB;QACpB,IAAI,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC,MAAM,CAAC,cAAc,EAAE,CAAC;YAClD,IAAI,CAAC,WAAW,CAAC,cAAc,EAAE,mBAAmB,IAAI,CAAC,MAAM,CAAC,cAAc,0CAA0C,CAAC,CAAC;YAC1H,OAAO;QACT,CAAC;QAED,sCAAsC;QACtC,IAAI,IAAI,CAAC,MAAM,CAAC,oBAAoB,EAAE,CAAC;YACrC,IAAI,CAAC,UAAU,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;QAChC,CAAC;IACH,CAAC;IAED;;;;OAIG;IACK,UAAU,CAAC,IAAY,EAAE,MAAc;QAC7C,KAAK,MAAM,OAAO,IAAI,IAAI,CAAC,eAAe,EAAE,CAAC;YAC3C,wCAAwC;YACxC,OAAO,CAAC,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC;YAC9B,MAAM,KAAK,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAEzC,IAAI,KAAK,EAAE,CAAC;gBACV,IAAI,CAAC,eAAe,EAAE,CAAC;gBAEvB,IAAI,CAAC,WAAW,CAAC;oBACf,IAAI,EAAE,iBAAiB;oBACvB,QAAQ,EAAE,OAAO,CAAC,QAAQ;oBAC1B,OAAO,EAAE,IAAI,MAAM,KAAK,OAAO,CAAC,WAAW,iBAAiB,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,GAAG,CAAC,GAAG;oBACzF,IAAI,EAAE;wBACJ,SAAS,EAAE,OAAO,CAAC,EAAE;wBACrB,QAAQ,EAAE,OAAO,CAAC,QAAQ;wBAC1B,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,GAAG,CAAC;qBACrC;iBACF,CAAC,CAAC;gBAEH,wCAAwC;gBACxC,IAAI,IAAI,CAAC,MAAM,CAAC,kBAAkB,CAAC,QAAQ,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;oBAC9D,IAAI,CAAC,WAAW,CAAC,iBAAiB,EAChC,uCAAuC,OAAO,CAAC,QAAQ,MAAM,OAAO,CAAC,WAAW,EAAE,CACnF,CAAC;oBACF,OAAO;gBACT,CAAC;gBAED,qCAAqC;gBACrC,IAAI,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,IAAI,CAAC,EAAE,CAAC;oBAC5E,IAAI,CAAC,WAAW,CAAC,oBAAoB,EACnC,mBAAmB,OAAO,CAAC,QAAQ,2BAA2B,IAAI,CAAC,MAAM,CAAC,cAAc,EAAE,CAC3F,CAAC;oBACF,OAAO;gBACT,CAAC;gBAED,8BAA8B;gBAC9B,IAAI,IAAI,CAAC,eAAe,IAAI,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE,CAAC;oBACtD,IAAI,CAAC,WAAW,CAAC,gBAAgB,EAC/B,GAAG,IAAI,CAAC,eAAe,gCAAgC,IAAI,CAAC,MAAM,CAAC,aAAa,GAAG,CACpF,CAAC;oBACF,OAAO;gBACT,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED;;OAEG;IACK,WAAW;QACjB,IAAI,CAAC,IAAI,CAAC,OAAO,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG;YAAE,OAAO;QAE/C,IAAI,CAAC;YACH,oEAAoE;YACpE,8DAA8D;YAC9D,MAAM,QAAQ,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC;YACvC,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,QAAQ,GAAG,IAAI,GAAG,IAAI,CAAC,CAAC;YAE3D,IAAI,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC;gBACrC,IAAI,CAAC,WAAW,CAAC,cAAc,EAC7B,gBAAgB,MAAM,oBAAoB,IAAI,CAAC,MAAM,CAAC,WAAW,IAAI,CACtE,CAAC;YACJ,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,6BAA6B;QAC/B,CAAC;IACH,CAAC;IAED;;OAEG;IACH,WAAW,CAAC,MAAc,EAAE,OAAe;QACzC,IAAI,IAAI,CAAC,MAAM;YAAE,OAAO;QACxB,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC;QACnB,IAAI,CAAC,UAAU,GAAG,GAAG,MAAM,KAAK,OAAO,EAAE,CAAC;QAE1C,IAAI,CAAC,WAAW,CAAC;YACf,IAAI,EAAE,aAAa;YACnB,QAAQ,EAAE,UAAU;YACpB,OAAO,EAAE,8BAA8B,MAAM,KAAK,OAAO,EAAE;SAC5D,CAAC,CAAC;QAEH,IAAI,IAAI,CAAC,OAAO,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC;YACzC,0CAA0C;YAC1C,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YAE7B,8CAA8C;YAC9C,UAAU,CAAC,GAAG,EAAE;gBACd,IAAI,IAAI,CAAC,OAAO,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC;oBACzC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;gBAC/B,CAAC;YACH,CAAC,EAAE,IAAI,CAAC,CAAC;QACX,CAAC;QAED,IAAI,CAAC,OAAO,EAAE,CAAC;IACjB,CAAC;IAED;;OAEG;IACK,OAAO;QACb,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;YACnB,YAAY,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YAC7B,IAAI,CAAC,SAAS,GAAG,SAAS,CAAC;QAC7B,CAAC;QACD,IAAI,IAAI,CAAC,mBAAmB,EAAE,CAAC;YAC7B,aAAa,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;YACxC,IAAI,CAAC,mBAAmB,GAAG,SAAS,CAAC;QACvC,CAAC;IACH,CAAC;IAED;;OAEG;IACK,eAAe,CAAC,CAAgB,EAAE,CAAgB;QACxD,MAAM,KAAK,GAAkC;YAC3C,QAAQ,EAAE,CAAC;YACX,IAAI,EAAE,CAAC;YACP,MAAM,EAAE,CAAC;YACT,GAAG,EAAE,CAAC;SACP,CAAC;QACF,OAAO,KAAK,CAAC,CAAC,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;IAC7B,CAAC;IAEO,WAAW,CAAC,OAAwC;QAC1D,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,GAAG,OAAO,EAAE,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;IACxE,CAAC;IAED;;OAEG;IACH,SAAS;QACP,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAC3B,OAAO;YACL,SAAS,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,WAAW,EAAE;YACjD,OAAO,EAAE,IAAI,IAAI,CAAC,OAAO,CAAC,CAAC,WAAW,EAAE;YACxC,UAAU,EAAE,OAAO,GAAG,IAAI,CAAC,SAAS;YACpC,MAAM,EAAE,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC;YACxB,eAAe,EAAE,IAAI,CAAC,eAAe;YACrC,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,aAAa,EAAE;gBACb,YAAY,EAAE,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,QAAQ,GAAG,IAAI,GAAG,IAAI,CAAC;gBACtE,gBAAgB,EAAE,IAAI,CAAC,WAAW;gBAClC,SAAS,EAAE,OAAO,GAAG,IAAI,CAAC,SAAS;aACpC;SACF,CAAC;IACJ,CAAC;IAED,QAAQ;QACN,OAAO,IAAI,CAAC,MAAM,CAAC;IACrB,CAAC;IAED,aAAa;QACX,OAAO,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC;IAC5B,CAAC;CACF;AAED;;GAEG;AACH,MAAM,UAAU,uBAAuB;IACrC,OAAO;QACL,gBAAgB,EAAE,KAAK,EAAM,aAAa;QAC1C,WAAW,EAAE,GAAG,EAAa,QAAQ;QACrC,cAAc,EAAE,EAAE,GAAG,IAAI,GAAG,IAAI,EAAE,cAAc;QAChD,cAAc,EAAE,UAAU;QAC1B,oBAAoB,EAAE,IAAI;QAC1B,aAAa,EAAE,CAAC;QAChB,kBAAkB,EAAE;YAClB,kBAAkB;YAClB,kBAAkB;YAClB,SAAS;YACT,mBAAmB;SACpB;KACF,CAAC;AACJ,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "skillshield",
-  "version": "1.0.0",
+  "version": "2.0.0",
   "description": "Runtime security for AI Agent Skills — Scan, sandbox & enforce. Detect prompt injection, memory poisoning, supply chain attacks. 72+ patterns, 14 categories. The firewall Snyk and Cisco don't build.",
   "type": "module",
   "main": "./dist/index.js",