skillshield 1.0.0 → 2.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (32) hide show
  1. package/README.md +143 -301
  2. package/dist/cli/commands/run.d.ts +12 -0
  3. package/dist/cli/commands/run.d.ts.map +1 -1
  4. package/dist/cli/commands/run.js +228 -60
  5. package/dist/cli/commands/run.js.map +1 -1
  6. package/dist/cli/index.js +5 -3
  7. package/dist/cli/index.js.map +1 -1
  8. package/dist/index.d.ts +1 -0
  9. package/dist/index.d.ts.map +1 -1
  10. package/dist/index.js +2 -0
  11. package/dist/index.js.map +1 -1
  12. package/dist/shield/audit-trail.d.ts +67 -0
  13. package/dist/shield/audit-trail.d.ts.map +1 -0
  14. package/dist/shield/audit-trail.js +140 -0
  15. package/dist/shield/audit-trail.js.map +1 -0
  16. package/dist/shield/filesystem-jail.d.ts +80 -0
  17. package/dist/shield/filesystem-jail.d.ts.map +1 -0
  18. package/dist/shield/filesystem-jail.js +320 -0
  19. package/dist/shield/filesystem-jail.js.map +1 -0
  20. package/dist/shield/index.d.ts +82 -0
  21. package/dist/shield/index.d.ts.map +1 -0
  22. package/dist/shield/index.js +88 -0
  23. package/dist/shield/index.js.map +1 -0
  24. package/dist/shield/network-policy.d.ts +74 -0
  25. package/dist/shield/network-policy.d.ts.map +1 -0
  26. package/dist/shield/network-policy.js +226 -0
  27. package/dist/shield/network-policy.js.map +1 -0
  28. package/dist/shield/runtime-monitor.d.ts +106 -0
  29. package/dist/shield/runtime-monitor.d.ts.map +1 -0
  30. package/dist/shield/runtime-monitor.js +233 -0
  31. package/dist/shield/runtime-monitor.js.map +1 -0
  32. package/package.json +1 -1
package/dist/shield/runtime-monitor.js ADDED
@@ -0,0 +1,233 @@
1
+ /**
2
+ * SkillShield — Runtime Monitor + Kill Switch
3
+ *
4
+ * Real-time monitoring of skill execution. Watches stdout/stderr
5
+ * for threat patterns, tracks resource consumption, and kills the
6
+ * process if anomalies are detected.
7
+ *
8
+ * This is the core differentiator: Snyk scans before install,
9
+ * SkillShield watches DURING execution.
10
+ */
11
+ import { MALICIOUS_PATTERNS } from '../guard/patterns.js';
12
+ export class RuntimeMonitor {
13
+ constructor(policy) {
14
+ this.events = [];
15
+ this.startTime = 0;
16
+ this.outputBytes = 0;
17
+ this.threatsDetected = 0;
18
+ this.killed = false;
19
+ this.policy = policy;
20
+ // Select high-severity patterns for real-time scanning (keep it fast)
21
+ this.runtimePatterns = MALICIOUS_PATTERNS.filter((p) => p.severity === 'CRITICAL' || p.severity === 'HIGH');
22
+ }
23
+ /**
24
+ * Attach the monitor to a running child process.
25
+ */
26
+ attach(childProcess) {
27
+ this.process = childProcess;
28
+ this.startTime = Date.now();
29
+ this.killed = false;
30
+ // Start the kill timer (max execution time)
31
+ this.killTimer = setTimeout(() => {
32
+ this.killProcess('TIMEOUT', `Execution exceeded ${this.policy.maxExecutionTime}ms limit`);
33
+ }, this.policy.maxExecutionTime);
34
+ // Monitor stdout
35
+ childProcess.stdout?.on('data', (data) => {
36
+ const text = data.toString();
37
+ this.outputBytes += data.length;
38
+ this.onOutput('STDOUT', text);
39
+ });
40
+ // Monitor stderr
41
+ childProcess.stderr?.on('data', (data) => {
42
+ const text = data.toString();
43
+ this.outputBytes += data.length;
44
+ this.onOutput('STDERR', text);
45
+ });
46
+ // Monitor exit
47
+ childProcess.on('exit', (code, signal) => {
48
+ this.recordEvent({
49
+ type: 'EXIT',
50
+ severity: 'LOW',
51
+ details: `Process exited with code ${code}, signal ${signal}`,
52
+ data: { code, signal },
53
+ });
54
+ this.cleanup();
55
+ });
56
+ // Memory monitoring (check every 2 seconds)
57
+ this.memoryCheckInterval = setInterval(() => {
58
+ this.checkMemory();
59
+ }, 2000);
60
+ }
61
+ /**
62
+ * Process output from the skill and check for threats.
63
+ */
64
+ onOutput(stream, text) {
65
+ // Check output size
66
+ if (this.outputBytes > this.policy.maxOutputBytes) {
67
+ this.killProcess('OUTPUT_FLOOD', `Output exceeded ${this.policy.maxOutputBytes} bytes — possible output flooding attack`);
68
+ return;
69
+ }
70
+ // Real-time threat scanning on output
71
+ if (this.policy.enableOutputScanning) {
72
+ this.scanOutput(text, stream);
73
+ }
74
+ }
75
+ /**
76
+ * Scan skill output for threat patterns in real-time.
77
+ * This catches skills that generate malicious output (e.g., writing
78
+ * shell commands to stdout that another tool might execute).
79
+ */
80
+ scanOutput(text, stream) {
81
+ for (const pattern of this.runtimePatterns) {
82
+ // Reset regex state for global patterns
83
+ pattern.pattern.lastIndex = 0;
84
+ const match = pattern.pattern.exec(text);
85
+ if (match) {
86
+ this.threatsDetected++;
87
+ this.recordEvent({
88
+ type: 'THREAT_DETECTED',
89
+ severity: pattern.severity,
90
+ details: `[${stream}] ${pattern.description} — Evidence: "${match[0].substring(0, 100)}"`,
91
+ data: {
92
+ patternId: pattern.id,
93
+ category: pattern.category,
94
+ evidence: match[0].substring(0, 200),
95
+ },
96
+ });
97
+ // Kill immediately if critical category
98
+ if (this.policy.criticalCategories.includes(pattern.category)) {
99
+ this.killProcess('CRITICAL_THREAT', `Critical threat detected in output: ${pattern.category} — ${pattern.description}`);
100
+ return;
101
+ }
102
+ // Kill if severity exceeds threshold
103
+ if (this.compareSeverity(pattern.severity, this.policy.killOnSeverity) >= 0) {
104
+ this.killProcess('SEVERITY_THRESHOLD', `Threat severity ${pattern.severity} exceeds kill threshold ${this.policy.killOnSeverity}`);
105
+ return;
106
+ }
107
+ // Kill if too many violations
108
+ if (this.threatsDetected >= this.policy.maxViolations) {
109
+ this.killProcess('MAX_VIOLATIONS', `${this.threatsDetected} violations detected (limit: ${this.policy.maxViolations})`);
110
+ return;
111
+ }
112
+ }
113
+ }
114
+ }
115
+ /**
116
+ * Check process memory usage.
117
+ */
118
+ checkMemory() {
119
+ if (!this.process || !this.process.pid)
120
+ return;
121
+ try {
122
+ // Use process.memoryUsage() for the parent — child memory is harder
123
+ // For child process, we estimate from output + known overhead
124
+ const memUsage = process.memoryUsage();
125
+ const heapMB = Math.round(memUsage.heapUsed / 1024 / 1024);
126
+ if (heapMB > this.policy.maxMemoryMB) {
127
+ this.killProcess('MEMORY_LIMIT', `Memory usage ${heapMB}MB exceeds limit ${this.policy.maxMemoryMB}MB`);
128
+ }
129
+ }
130
+ catch {
131
+ // Ignore memory check errors
132
+ }
133
+ }
134
+ /**
135
+ * Kill the child process — the kill switch.
136
+ */
137
+ killProcess(reason, details) {
138
+ if (this.killed)
139
+ return;
140
+ this.killed = true;
141
+ this.killReason = `${reason}: ${details}`;
142
+ this.recordEvent({
143
+ type: 'KILL_SWITCH',
144
+ severity: 'CRITICAL',
145
+ details: `🛑 KILL SWITCH ACTIVATED — ${reason}: ${details}`,
146
+ });
147
+ if (this.process && !this.process.killed) {
148
+ // First try SIGTERM for graceful shutdown
149
+ this.process.kill('SIGTERM');
150
+ // Force kill after 3 seconds if still running
151
+ setTimeout(() => {
152
+ if (this.process && !this.process.killed) {
153
+ this.process.kill('SIGKILL');
154
+ }
155
+ }, 3000);
156
+ }
157
+ this.cleanup();
158
+ }
159
+ /**
160
+ * Clean up timers and intervals.
161
+ */
162
+ cleanup() {
163
+ if (this.killTimer) {
164
+ clearTimeout(this.killTimer);
165
+ this.killTimer = undefined;
166
+ }
167
+ if (this.memoryCheckInterval) {
168
+ clearInterval(this.memoryCheckInterval);
169
+ this.memoryCheckInterval = undefined;
170
+ }
171
+ }
172
+ /**
173
+ * Compare severity levels. Returns positive if a >= b.
174
+ */
175
+ compareSeverity(a, b) {
176
+ const order = {
177
+ CRITICAL: 4,
178
+ HIGH: 3,
179
+ MEDIUM: 2,
180
+ LOW: 1,
181
+ };
182
+ return order[a] - order[b];
183
+ }
184
+ recordEvent(partial) {
185
+ this.events.push({ ...partial, timestamp: new Date().toISOString() });
186
+ }
187
+ /**
188
+ * Generate the final monitoring report.
189
+ */
190
+ getReport() {
191
+ const endTime = Date.now();
192
+ return {
193
+ startTime: new Date(this.startTime).toISOString(),
194
+ endTime: new Date(endTime).toISOString(),
195
+ durationMs: endTime - this.startTime,
196
+ events: [...this.events],
197
+ threatsDetected: this.threatsDetected,
198
+ killed: this.killed,
199
+ killReason: this.killReason,
200
+ resourceUsage: {
201
+ peakMemoryMB: Math.round(process.memoryUsage().heapUsed / 1024 / 1024),
202
+ totalOutputBytes: this.outputBytes,
203
+ cpuTimeMs: endTime - this.startTime,
204
+ },
205
+ };
206
+ }
207
+ isKilled() {
208
+ return this.killed;
209
+ }
210
+ getEventCount() {
211
+ return this.events.length;
212
+ }
213
+ }
214
+ /**
215
+ * Default monitor policy — strict but reasonable for developer use.
216
+ */
217
+ export function getDefaultMonitorPolicy() {
218
+ return {
219
+ maxExecutionTime: 60000, // 60 seconds
220
+ maxMemoryMB: 512, // 512MB
221
+ maxOutputBytes: 10 * 1024 * 1024, // 10MB output
222
+ killOnSeverity: 'CRITICAL',
223
+ enableOutputScanning: true,
224
+ maxViolations: 5,
225
+ criticalCategories: [
226
+ 'MEMORY_POISONING',
227
+ 'CREDENTIAL_THEFT',
228
+ 'MALWARE',
229
+ 'DATA_EXFILTRATION',
230
+ ],
231
+ };
232
+ }
233
+ //# sourceMappingURL=runtime-monitor.js.map
package/dist/shield/runtime-monitor.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"runtime-monitor.js","sourceRoot":"","sources":["../../src/shield/runtime-monitor.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAGH,OAAO,EAAE,kBAAkB,EAAkE,MAAM,sBAAsB,CAAC;AA0C1H,MAAM,OAAO,cAAc;IAezB,YAAY,MAAqB;QAbzB,WAAM,GAAmB,EAAE,CAAC;QAC5B,cAAS,GAAW,CAAC,CAAC;QACtB,gBAAW,GAAW,CAAC,CAAC;QACxB,oBAAe,GAAW,CAAC,CAAC;QAC5B,WAAM,GAAY,KAAK,CAAC;QAU9B,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,sEAAsE;QACtE,IAAI,CAAC,eAAe,GAAG,kBAAkB,CAAC,MAAM,CAC9C,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,IAAI,CAAC,CAAC,QAAQ,KAAK,MAAM,CAC1D,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,YAA0B;QAC/B,IAAI,CAAC,OAAO,GAAG,YAAY,CAAC;QAC5B,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAC5B,IAAI,CAAC,MAAM,GAAG,KAAK,CAAC;QAEpB,4CAA4C;QAC5C,IAAI,CAAC,SAAS,GAAG,UAAU,CAAC,GAAG,EAAE;YAC/B,IAAI,CAAC,WAAW,CAAC,SAAS,EAAE,sBAAsB,IAAI,CAAC,MAAM,CAAC,gBAAgB,UAAU,CAAC,CAAC;QAC5F,CAAC,EAAE,IAAI,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC;QAEjC,iBAAiB;QACjB,YAAY,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,EAAE,CAAC,IAAY,EAAE,EAAE;YAC/C,MAAM,IAAI,GAAG,IAAI,CAAC,QAAQ,EAAE,CAAC;YAC7B,IAAI,CAAC,WAAW,IAAI,IAAI,CAAC,MAAM,CAAC;YAChC,IAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;QAChC,CAAC,CAAC,CAAC;QAEH,iBAAiB;QACjB,YAAY,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,EAAE,CAAC,IAAY,EAAE,EAAE;YAC/C,MAAM,IAAI,GAAG,IAAI,CAAC,QAAQ,EAAE,CAAC;YAC7B,IAAI,CAAC,WAAW,IAAI,IAAI,CAAC,MAAM,CAAC;YAChC,IAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;QAChC,CAAC,CAAC,CAAC;QAEH,eAAe;QACf,YAAY,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,MAAM,EAAE,EAAE;YACvC,IAAI,CAAC,WAAW,CAAC;gBACf,IAAI,EAAE,MAAM;gBACZ,QAAQ,EAAE,KAAK;gBACf,OAAO,EAAE,4BAA4B,IAAI,YAAY,MAAM,EAAE;gBAC7D,IAAI,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE;aACvB,CAAC,CAAC;YACH,IAAI,CAAC,OAAO,EAAE,CAAC;QACjB,CAAC,CAAC,CAAC;QAEH,4CAA4C;QAC5C,IAAI,CAAC,mBAAmB,GAAG,WAAW,CAAC,GAAG,EAAE;YAC1C,IAAI,CAAC,WAAW,EAAE,CAAC;QACrB,CAAC,EAAE,IAAI,CAAC,CAAC;IACX,CAAC;IAED;;OAEG;IACK,QAAQ,CAAC,MAA2B,EAAE,IAAY;QACxD,oBAAoB;QACpB,IAAI,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC,MAAM,CAAC,cAAc,EAAE,CAAC;YAClD,IAAI,CAAC,WAAW,CAAC,cAAc,EAAE,mBAAmB,IAAI,CAAC,MAAM,CAAC,cAAc,0CAA0C,CAAC,CAAC;YAC1H,OAAO;QACT,CAAC;QAED,sCAAsC;QACtC,IAAI,IAAI,CAAC,MAAM,CAAC,oBAAoB,EAAE,CAAC;YACrC,IAAI,CAAC,UAAU,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;QAChC,CAAC;IACH,CAAC;IAED;;;;OAIG;IACK,UAAU,CAAC,IAAY,EAAE,MAAc;QAC7C,KAAK,MAAM,OAAO,IAAI,IAAI,CAAC,eAAe,EAAE,CAAC;YAC3C,wCAAwC;YACxC,OAAO,CAAC,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC;YAC9B,MAAM,KAAK,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAEzC,IAAI,KAAK,EAAE,CAAC;gBACV,IAAI,CAAC,eAAe,EAAE,CAAC;gBAEvB,IAAI,CAAC,WAAW,CAAC;oBACf,IAAI,EAAE,iBAAiB;oBACvB,QAAQ,EAAE,OAAO,CAAC,QAAQ;oBAC1B,OAAO,EAAE,IAAI,MAAM,KAAK,OAAO,CAAC,WAAW,iBAAiB,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,GAAG,CAAC,GAAG;oBACzF,IAAI,EAAE;wBACJ,SAAS,EAAE,OAAO,CAAC,EAAE;wBACrB,QAAQ,EAAE,OAAO,CAAC,QAAQ;wBAC1B,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,GAAG,CAAC;qBACrC;iBACF,CAAC,CAAC;gBAEH,wCAAwC;gBACxC,IAAI,IAAI,CAAC,MAAM,CAAC,kBAAkB,CAAC,QAAQ,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;oBAC9D,IAAI,CAAC,WAAW,CAAC,iBAAiB,EAChC,uCAAuC,OAAO,CAAC,QAAQ,MAAM,OAAO,CAAC,WAAW,EAAE,CACnF,CAAC;oBACF,OAAO;gBACT,CAAC;gBAED,qCAAqC;gBACrC,IAAI,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,IAAI,CAAC,EAAE,CAAC;oBAC5E,IAAI,CAAC,WAAW,CAAC,oBAAoB,EACnC,mBAAmB,OAAO,CAAC,QAAQ,2BAA2B,IAAI,CAAC,MAAM,CAAC,cAAc,EAAE,CAC3F,CAAC;oBACF,OAAO;gBACT,CAAC;gBAED,8BAA8B;gBAC9B,IAAI,IAAI,CAAC,eAAe,IAAI,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE,CAAC;oBACtD,IAAI,CAAC,WAAW,CAAC,gBAAgB,EAC/B,GAAG,IAAI,CAAC,eAAe,gCAAgC,IAAI,CAAC,MAAM,CAAC,aAAa,GAAG,CACpF,CAAC;oBACF,OAAO;gBACT,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED;;OAEG;IACK,WAAW;QACjB,IAAI,CAAC,IAAI,CAAC,OAAO,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG;YAAE,OAAO;QAE/C,IAAI,CAAC;YACH,oEAAoE;YACpE,8DAA8D;YAC9D,MAAM,QAAQ,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC;YACvC,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,QAAQ,GAAG,IAAI,GAAG,IAAI,CAAC,CAAC;YAE3D,IAAI,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC;gBACrC,IAAI,CAAC,WAAW,CAAC,cAAc,EAC7B,gBAAgB,MAAM,oBAAoB,IAAI,CAAC,MAAM,CAAC,WAAW,IAAI,CACtE,CAAC;YACJ,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,6BAA6B;QAC/B,CAAC;IACH,CAAC;IAED;;OAEG;IACH,WAAW,CAAC,MAAc,EAAE,OAAe;QACzC,IAAI,IAAI,CAAC,MAAM;YAAE,OAAO;QACxB,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC;QACnB,IAAI,CAAC,UAAU,GAAG,GAAG,MAAM,KAAK,OAAO,EAAE,CAAC;QAE1C,IAAI,CAAC,WAAW,CAAC;YACf,IAAI,EAAE,aAAa;YACnB,QAAQ,EAAE,UAAU;YACpB,OAAO,EAAE,8BAA8B,MAAM,KAAK,OAAO,EAAE;SAC5D,CAAC,CAAC;QAEH,IAAI,IAAI,CAAC,OAAO,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC;YACzC,0CAA0C;YAC1C,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YAE7B,8CAA8C;YAC9C,UAAU,CAAC,GAAG,EAAE;gBACd,IAAI,IAAI,CAAC,OAAO,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC;oBACzC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;gBAC/B,CAAC;YACH,CAAC,EAAE,IAAI,CAAC,CAAC;QACX,CAAC;QAED,IAAI,CAAC,OAAO,EAAE,CAAC;IACjB,CAAC;IAED;;OAEG;IACK,OAAO;QACb,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;YACnB,YAAY,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YAC7B,IAAI,CAAC,SAAS,GAAG,SAAS,CAAC;QAC7B,CAAC;QACD,IAAI,IAAI,CAAC,mBAAmB,EAAE,CAAC;YAC7B,aAAa,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;YACxC,IAAI,CAAC,mBAAmB,GAAG,SAAS,CAAC;QACvC,CAAC;IACH,CAAC;IAED;;OAEG;IACK,eAAe,CAAC,CAAgB,EAAE,CAAgB;QACxD,MAAM,KAAK,GAAkC;YAC3C,QAAQ,EAAE,CAAC;YACX,IAAI,EAAE,CAAC;YACP,MAAM,EAAE,CAAC;YACT,GAAG,EAAE,CAAC;SACP,CAAC;QACF,OAAO,KAAK,CAAC,CAAC,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;IAC7B,CAAC;IAEO,WAAW,CAAC,OAAwC;QAC1D,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,GAAG,OAAO,EAAE,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;IACxE,CAAC;IAED;;OAEG;IACH,SAAS;QACP,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAC3B,OAAO;YACL,SAAS,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,WAAW,EAAE;YACjD,OAAO,EAAE,IAAI,IAAI,CAAC,OAAO,CAAC,CAAC,WAAW,EAAE;YACxC,UAAU,EAAE,OAAO,GAAG,IAAI,CAAC,SAAS;YACpC,MAAM,EAAE,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC;YACxB,eAAe,EAAE,IAAI,CAAC,eAAe;YACrC,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,aAAa,EAAE;gBACb,YAAY,EAAE,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,QAAQ,GAAG,IAAI,GAAG,IAAI,CAAC;gBACtE,gBAAgB,EAAE,IAAI,CAAC,WAAW;gBAClC,SAAS,EAAE,OAAO,GAAG,IAAI,CAAC,SAAS;aACpC;SACF,CAAC;IACJ,CAAC;IAED,QAAQ;QACN,OAAO,IAAI,CAAC,MAAM,CAAC;IACrB,CAAC;IAED,aAAa;QACX,OAAO,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC;IAC5B,CAAC;CACF;AAED;;GAEG;AACH,MAAM,UAAU,uBAAuB;IACrC,OAAO;QACL,gBAAgB,EAAE,KAAK,EAAM,aAAa;QAC1C,WAAW,EAAE,GAAG,EAAa,QAAQ;QACrC,cAAc,EAAE,EAAE,GAAG,IAAI,GAAG,IAAI,EAAE,cAAc;QAChD,cAAc,EAAE,UAAU;QAC1B,oBAAoB,EAAE,IAAI;QAC1B,aAAa,EAAE,CAAC;QAChB,kBAAkB,EAAE;YAClB,kBAAkB;YAClB,kBAAkB;YAClB,SAAS;YACT,mBAAmB;SACpB;KACF,CAAC;AACJ,CAAC"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "skillshield",
3
- "version": "1.0.0",
3
+ "version": "2.1.0",
4
4
  "description": "Runtime security for AI Agent Skills — Scan, sandbox & enforce. Detect prompt injection, memory poisoning, supply chain attacks. 72+ patterns, 14 categories. The firewall Snyk and Cisco don't build.",
5
5
  "type": "module",
6
6
  "main": "./dist/index.js",