npm - vaspera - Versions diffs - 2.5.0 - Mend

vaspera 2.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (712) hide show

package/CHANGELOG.md +184 -0
package/LICENSE +21 -0
package/README.md +809 -0
package/dist/__tests__/integration/certification-flow.test.d.ts +5 -0
package/dist/__tests__/integration/certification-flow.test.d.ts.map +1 -0
package/dist/__tests__/integration/certification-flow.test.js +245 -0
package/dist/__tests__/integration/certification-flow.test.js.map +1 -0
package/dist/__tests__/integration/commands.test.d.ts +5 -0
package/dist/__tests__/integration/commands.test.d.ts.map +1 -0
package/dist/__tests__/integration/commands.test.js +93 -0
package/dist/__tests__/integration/commands.test.js.map +1 -0
package/dist/action/diff-mode.d.ts +34 -0
package/dist/action/diff-mode.d.ts.map +1 -0
package/dist/action/diff-mode.js +201 -0
package/dist/action/diff-mode.js.map +1 -0
package/dist/action/diff-mode.test.d.ts +5 -0
package/dist/action/diff-mode.test.d.ts.map +1 -0
package/dist/action/diff-mode.test.js +162 -0
package/dist/action/diff-mode.test.js.map +1 -0
package/dist/action/index.d.ts +10 -0
package/dist/action/index.d.ts.map +1 -0
package/dist/action/index.js +231 -0
package/dist/action/index.js.map +1 -0
package/dist/action/pr-comment.d.ts +30 -0
package/dist/action/pr-comment.d.ts.map +1 -0
package/dist/action/pr-comment.js +301 -0
package/dist/action/pr-comment.js.map +1 -0
package/dist/action/pr-comment.test.d.ts +5 -0
package/dist/action/pr-comment.test.d.ts.map +1 -0
package/dist/action/pr-comment.test.js +189 -0
package/dist/action/pr-comment.test.js.map +1 -0
package/dist/action/sarif-upload.d.ts +104 -0
package/dist/action/sarif-upload.d.ts.map +1 -0
package/dist/action/sarif-upload.js +188 -0
package/dist/action/sarif-upload.js.map +1 -0
package/dist/action/sarif-upload.test.d.ts +5 -0
package/dist/action/sarif-upload.test.d.ts.map +1 -0
package/dist/action/sarif-upload.test.js +206 -0
package/dist/action/sarif-upload.test.js.map +1 -0
package/dist/action/types.d.ts +104 -0
package/dist/action/types.d.ts.map +1 -0
package/dist/action/types.js +33 -0
package/dist/action/types.js.map +1 -0
package/dist/action/types.test.d.ts +5 -0
package/dist/action/types.test.d.ts.map +1 -0
package/dist/action/types.test.js +79 -0
package/dist/action/types.test.js.map +1 -0
package/dist/agents/agent-integrity.d.ts +111 -0
package/dist/agents/agent-integrity.d.ts.map +1 -0
package/dist/agents/agent-integrity.js +308 -0
package/dist/agents/agent-integrity.js.map +1 -0
package/dist/agents/agent-privacy.d.ts +68 -0
package/dist/agents/agent-privacy.d.ts.map +1 -0
package/dist/agents/agent-privacy.js +345 -0
package/dist/agents/agent-privacy.js.map +1 -0
package/dist/agents/exploit-chain.d.ts +64 -0
package/dist/agents/exploit-chain.d.ts.map +1 -0
package/dist/agents/exploit-chain.js +477 -0
package/dist/agents/exploit-chain.js.map +1 -0
package/dist/agents/exploit-chain.test.d.ts +5 -0
package/dist/agents/exploit-chain.test.d.ts.map +1 -0
package/dist/agents/exploit-chain.test.js +455 -0
package/dist/agents/exploit-chain.test.js.map +1 -0
package/dist/agents/index.d.ts +14 -0
package/dist/agents/index.d.ts.map +1 -0
package/dist/agents/index.js +19 -0
package/dist/agents/index.js.map +1 -0
package/dist/agents/logic-flaw-detector.d.ts +55 -0
package/dist/agents/logic-flaw-detector.d.ts.map +1 -0
package/dist/agents/logic-flaw-detector.js +454 -0
package/dist/agents/logic-flaw-detector.js.map +1 -0
package/dist/agents/zero-day-hunter.d.ts +69 -0
package/dist/agents/zero-day-hunter.d.ts.map +1 -0
package/dist/agents/zero-day-hunter.js +591 -0
package/dist/agents/zero-day-hunter.js.map +1 -0
package/dist/certification/artifacts.d.ts +21 -0
package/dist/certification/artifacts.d.ts.map +1 -0
package/dist/certification/artifacts.js +275 -0
package/dist/certification/artifacts.js.map +1 -0
package/dist/certification/autofix.d.ts +122 -0
package/dist/certification/autofix.d.ts.map +1 -0
package/dist/certification/autofix.js +476 -0
package/dist/certification/autofix.js.map +1 -0
package/dist/certification/badge.d.ts +56 -0
package/dist/certification/badge.d.ts.map +1 -0
package/dist/certification/badge.js +155 -0
package/dist/certification/badge.js.map +1 -0
package/dist/certification/cache.d.ts +121 -0
package/dist/certification/cache.d.ts.map +1 -0
package/dist/certification/cache.js +275 -0
package/dist/certification/cache.js.map +1 -0
package/dist/certification/cache.test.d.ts +5 -0
package/dist/certification/cache.test.d.ts.map +1 -0
package/dist/certification/cache.test.js +270 -0
package/dist/certification/cache.test.js.map +1 -0
package/dist/certification/consensus.d.ts +105 -0
package/dist/certification/consensus.d.ts.map +1 -0
package/dist/certification/consensus.js +353 -0
package/dist/certification/consensus.js.map +1 -0
package/dist/certification/consensus.test.d.ts +5 -0
package/dist/certification/consensus.test.d.ts.map +1 -0
package/dist/certification/consensus.test.js +342 -0
package/dist/certification/consensus.test.js.map +1 -0
package/dist/certification/index.d.ts +14 -0
package/dist/certification/index.d.ts.map +1 -0
package/dist/certification/index.js +14 -0
package/dist/certification/index.js.map +1 -0
package/dist/certification/rules.d.ts +89 -0
package/dist/certification/rules.d.ts.map +1 -0
package/dist/certification/rules.js +317 -0
package/dist/certification/rules.js.map +1 -0
package/dist/certification/sarif.d.ts +107 -0
package/dist/certification/sarif.d.ts.map +1 -0
package/dist/certification/sarif.js +191 -0
package/dist/certification/sarif.js.map +1 -0
package/dist/certification/store.d.ts +255 -0
package/dist/certification/store.d.ts.map +1 -0
package/dist/certification/store.js +835 -0
package/dist/certification/store.js.map +1 -0
package/dist/certification/store.test.d.ts +5 -0
package/dist/certification/store.test.d.ts.map +1 -0
package/dist/certification/store.test.js +468 -0
package/dist/certification/store.test.js.map +1 -0
package/dist/certification/summary.d.ts +72 -0
package/dist/certification/summary.d.ts.map +1 -0
package/dist/certification/summary.js +296 -0
package/dist/certification/summary.js.map +1 -0
package/dist/certification/types.d.ts +138 -0
package/dist/certification/types.d.ts.map +1 -0
package/dist/certification/types.js +34 -0
package/dist/certification/types.js.map +1 -0
package/dist/commands/audits/api-check.d.ts +3 -0
package/dist/commands/audits/api-check.d.ts.map +1 -0
package/dist/commands/audits/api-check.js +71 -0
package/dist/commands/audits/api-check.js.map +1 -0
package/dist/commands/audits/deadcode.d.ts +3 -0
package/dist/commands/audits/deadcode.d.ts.map +1 -0
package/dist/commands/audits/deadcode.js +63 -0
package/dist/commands/audits/deadcode.js.map +1 -0
package/dist/commands/audits/deps.d.ts +3 -0
package/dist/commands/audits/deps.d.ts.map +1 -0
package/dist/commands/audits/deps.js +56 -0
package/dist/commands/audits/deps.js.map +1 -0
package/dist/commands/audits/errors.d.ts +3 -0
package/dist/commands/audits/errors.d.ts.map +1 -0
package/dist/commands/audits/errors.js +65 -0
package/dist/commands/audits/errors.js.map +1 -0
package/dist/commands/audits/index.d.ts +3 -0
package/dist/commands/audits/index.d.ts.map +1 -0
package/dist/commands/audits/index.js +15 -0
package/dist/commands/audits/index.js.map +1 -0
package/dist/commands/audits/perf.d.ts +3 -0
package/dist/commands/audits/perf.d.ts.map +1 -0
package/dist/commands/audits/perf.js +85 -0
package/dist/commands/audits/perf.js.map +1 -0
package/dist/commands/audits/secrets.d.ts +3 -0
package/dist/commands/audits/secrets.d.ts.map +1 -0
package/dist/commands/audits/secrets.js +71 -0
package/dist/commands/audits/secrets.js.map +1 -0
package/dist/commands/certification/certify.d.ts +3 -0
package/dist/commands/certification/certify.d.ts.map +1 -0
package/dist/commands/certification/certify.js +108 -0
package/dist/commands/certification/certify.js.map +1 -0
package/dist/commands/certification/index.d.ts +3 -0
package/dist/commands/certification/index.d.ts.map +1 -0
package/dist/commands/certification/index.js +17 -0
package/dist/commands/certification/index.js.map +1 -0
package/dist/commands/certification/performance.d.ts +3 -0
package/dist/commands/certification/performance.d.ts.map +1 -0
package/dist/commands/certification/performance.js +89 -0
package/dist/commands/certification/performance.js.map +1 -0
package/dist/commands/certification/quality.d.ts +3 -0
package/dist/commands/certification/quality.d.ts.map +1 -0
package/dist/commands/certification/quality.js +92 -0
package/dist/commands/certification/quality.js.map +1 -0
package/dist/commands/certification/redteam.d.ts +3 -0
package/dist/commands/certification/redteam.d.ts.map +1 -0
package/dist/commands/certification/redteam.js +114 -0
package/dist/commands/certification/redteam.js.map +1 -0
package/dist/commands/certification/reliability.d.ts +3 -0
package/dist/commands/certification/reliability.d.ts.map +1 -0
package/dist/commands/certification/reliability.js +93 -0
package/dist/commands/certification/reliability.js.map +1 -0
package/dist/commands/certification/security.d.ts +3 -0
package/dist/commands/certification/security.d.ts.map +1 -0
package/dist/commands/certification/security.js +90 -0
package/dist/commands/certification/security.js.map +1 -0
package/dist/commands/certification/typesafety.d.ts +3 -0
package/dist/commands/certification/typesafety.d.ts.map +1 -0
package/dist/commands/certification/typesafety.js +87 -0
package/dist/commands/certification/typesafety.js.map +1 -0
package/dist/commands/core/add-tests.d.ts +3 -0
package/dist/commands/core/add-tests.d.ts.map +1 -0
package/dist/commands/core/add-tests.js +29 -0
package/dist/commands/core/add-tests.js.map +1 -0
package/dist/commands/core/audit.d.ts +3 -0
package/dist/commands/core/audit.d.ts.map +1 -0
package/dist/commands/core/audit.js +64 -0
package/dist/commands/core/audit.js.map +1 -0
package/dist/commands/core/fix-critical.d.ts +3 -0
package/dist/commands/core/fix-critical.d.ts.map +1 -0
package/dist/commands/core/fix-critical.js +22 -0
package/dist/commands/core/fix-critical.js.map +1 -0
package/dist/commands/core/fix-high.d.ts +3 -0
package/dist/commands/core/fix-high.d.ts.map +1 -0
package/dist/commands/core/fix-high.js +32 -0
package/dist/commands/core/fix-high.js.map +1 -0
package/dist/commands/core/fix-medium.d.ts +3 -0
package/dist/commands/core/fix-medium.d.ts.map +1 -0
package/dist/commands/core/fix-medium.js +29 -0
package/dist/commands/core/fix-medium.js.map +1 -0
package/dist/commands/core/fix-rls.d.ts +3 -0
package/dist/commands/core/fix-rls.d.ts.map +1 -0
package/dist/commands/core/fix-rls.js +17 -0
package/dist/commands/core/fix-rls.js.map +1 -0
package/dist/commands/core/harden.d.ts +3 -0
package/dist/commands/core/harden.d.ts.map +1 -0
package/dist/commands/core/harden.js +19 -0
package/dist/commands/core/harden.js.map +1 -0
package/dist/commands/core/index.d.ts +3 -0
package/dist/commands/core/index.d.ts.map +1 -0
package/dist/commands/core/index.js +21 -0
package/dist/commands/core/index.js.map +1 -0
package/dist/commands/core/preflight.d.ts +3 -0
package/dist/commands/core/preflight.d.ts.map +1 -0
package/dist/commands/core/preflight.js +50 -0
package/dist/commands/core/preflight.js.map +1 -0
package/dist/commands/core/verify.d.ts +3 -0
package/dist/commands/core/verify.d.ts.map +1 -0
package/dist/commands/core/verify.js +32 -0
package/dist/commands/core/verify.js.map +1 -0
package/dist/commands/index.d.ts +28 -0
package/dist/commands/index.d.ts.map +1 -0
package/dist/commands/index.js +37 -0
package/dist/commands/index.js.map +1 -0
package/dist/commands/types.d.ts +9 -0
package/dist/commands/types.d.ts.map +1 -0
package/dist/commands/types.js +5 -0
package/dist/commands/types.js.map +1 -0
package/dist/compliance/cis.d.ts +29 -0
package/dist/compliance/cis.d.ts.map +1 -0
package/dist/compliance/cis.js +316 -0
package/dist/compliance/cis.js.map +1 -0
package/dist/compliance/frameworks/eu-ai-act.d.ts +55 -0
package/dist/compliance/frameworks/eu-ai-act.d.ts.map +1 -0
package/dist/compliance/frameworks/eu-ai-act.js +621 -0
package/dist/compliance/frameworks/eu-ai-act.js.map +1 -0
package/dist/compliance/frameworks/index.d.ts +67 -0
package/dist/compliance/frameworks/index.d.ts.map +1 -0
package/dist/compliance/frameworks/index.js +97 -0
package/dist/compliance/frameworks/index.js.map +1 -0
package/dist/compliance/frameworks/iso-42001.d.ts +59 -0
package/dist/compliance/frameworks/iso-42001.d.ts.map +1 -0
package/dist/compliance/frameworks/iso-42001.js +719 -0
package/dist/compliance/frameworks/iso-42001.js.map +1 -0
package/dist/compliance/frameworks/mitre-atlas.d.ts +58 -0
package/dist/compliance/frameworks/mitre-atlas.d.ts.map +1 -0
package/dist/compliance/frameworks/mitre-atlas.js +686 -0
package/dist/compliance/frameworks/mitre-atlas.js.map +1 -0
package/dist/compliance/frameworks/nist-ai-rmf.d.ts +51 -0
package/dist/compliance/frameworks/nist-ai-rmf.d.ts.map +1 -0
package/dist/compliance/frameworks/nist-ai-rmf.js +677 -0
package/dist/compliance/frameworks/nist-ai-rmf.js.map +1 -0
package/dist/compliance/frameworks/owasp-llm.d.ts +58 -0
package/dist/compliance/frameworks/owasp-llm.d.ts.map +1 -0
package/dist/compliance/frameworks/owasp-llm.js +399 -0
package/dist/compliance/frameworks/owasp-llm.js.map +1 -0
package/dist/compliance/gdpr.d.ts +34 -0
package/dist/compliance/gdpr.d.ts.map +1 -0
package/dist/compliance/gdpr.js +319 -0
package/dist/compliance/gdpr.js.map +1 -0
package/dist/compliance/hipaa.d.ts +29 -0
package/dist/compliance/hipaa.d.ts.map +1 -0
package/dist/compliance/hipaa.js +205 -0
package/dist/compliance/hipaa.js.map +1 -0
package/dist/compliance/index.d.ts +18 -0
package/dist/compliance/index.d.ts.map +1 -0
package/dist/compliance/index.js +26 -0
package/dist/compliance/index.js.map +1 -0
package/dist/compliance/iso27001.d.ts +30 -0
package/dist/compliance/iso27001.d.ts.map +1 -0
package/dist/compliance/iso27001.js +332 -0
package/dist/compliance/iso27001.js.map +1 -0
package/dist/compliance/mapper.d.ts +42 -0
package/dist/compliance/mapper.d.ts.map +1 -0
package/dist/compliance/mapper.js +269 -0
package/dist/compliance/mapper.js.map +1 -0
package/dist/compliance/mapper.test.d.ts +5 -0
package/dist/compliance/mapper.test.d.ts.map +1 -0
package/dist/compliance/mapper.test.js +360 -0
package/dist/compliance/mapper.test.js.map +1 -0
package/dist/compliance/pci-dss.d.ts +29 -0
package/dist/compliance/pci-dss.d.ts.map +1 -0
package/dist/compliance/pci-dss.js +247 -0
package/dist/compliance/pci-dss.js.map +1 -0
package/dist/compliance/report.d.ts +25 -0
package/dist/compliance/report.d.ts.map +1 -0
package/dist/compliance/report.js +254 -0
package/dist/compliance/report.js.map +1 -0
package/dist/compliance/report.test.d.ts +5 -0
package/dist/compliance/report.test.d.ts.map +1 -0
package/dist/compliance/report.test.js +128 -0
package/dist/compliance/report.test.js.map +1 -0
package/dist/compliance/soc2.d.ts +30 -0
package/dist/compliance/soc2.d.ts.map +1 -0
package/dist/compliance/soc2.js +262 -0
package/dist/compliance/soc2.js.map +1 -0
package/dist/compliance/soc2.test.d.ts +5 -0
package/dist/compliance/soc2.test.d.ts.map +1 -0
package/dist/compliance/soc2.test.js +86 -0
package/dist/compliance/soc2.test.js.map +1 -0
package/dist/compliance/types.d.ts +125 -0
package/dist/compliance/types.d.ts.map +1 -0
package/dist/compliance/types.js +10 -0
package/dist/compliance/types.js.map +1 -0
package/dist/config/flags.d.ts +456 -0
package/dist/config/flags.d.ts.map +1 -0
package/dist/config/flags.js +464 -0
package/dist/config/flags.js.map +1 -0
package/dist/config/index.d.ts +10 -0
package/dist/config/index.d.ts.map +1 -0
package/dist/config/index.js +10 -0
package/dist/config/index.js.map +1 -0
package/dist/config/severity-overrides.d.ts +209 -0
package/dist/config/severity-overrides.d.ts.map +1 -0
package/dist/config/severity-overrides.js +380 -0
package/dist/config/severity-overrides.js.map +1 -0
package/dist/cost/index.d.ts +11 -0
package/dist/cost/index.d.ts.map +1 -0
package/dist/cost/index.js +12 -0
package/dist/cost/index.js.map +1 -0
package/dist/cost/pricing.d.ts +57 -0
package/dist/cost/pricing.d.ts.map +1 -0
package/dist/cost/pricing.js +196 -0
package/dist/cost/pricing.js.map +1 -0
package/dist/cost/pricing.test.d.ts +5 -0
package/dist/cost/pricing.test.d.ts.map +1 -0
package/dist/cost/pricing.test.js +195 -0
package/dist/cost/pricing.test.js.map +1 -0
package/dist/cost/tracker.d.ts +100 -0
package/dist/cost/tracker.d.ts.map +1 -0
package/dist/cost/tracker.js +366 -0
package/dist/cost/tracker.js.map +1 -0
package/dist/cost/tracker.test.d.ts +5 -0
package/dist/cost/tracker.test.d.ts.map +1 -0
package/dist/cost/tracker.test.js +360 -0
package/dist/cost/tracker.test.js.map +1 -0
package/dist/cost/types.d.ts +135 -0
package/dist/cost/types.d.ts.map +1 -0
package/dist/cost/types.js +9 -0
package/dist/cost/types.js.map +1 -0
package/dist/enterprise/auth/oidc.d.ts +231 -0
package/dist/enterprise/auth/oidc.d.ts.map +1 -0
package/dist/enterprise/auth/oidc.js +372 -0
package/dist/enterprise/auth/oidc.js.map +1 -0
package/dist/enterprise/auth/oidc.test.d.ts +5 -0
package/dist/enterprise/auth/oidc.test.d.ts.map +1 -0
package/dist/enterprise/auth/oidc.test.js +435 -0
package/dist/enterprise/auth/oidc.test.js.map +1 -0
package/dist/enterprise/index.d.ts +14 -0
package/dist/enterprise/index.d.ts.map +1 -0
package/dist/enterprise/index.js +19 -0
package/dist/enterprise/index.js.map +1 -0
package/dist/enterprise/integrations/chat.d.ts +205 -0
package/dist/enterprise/integrations/chat.d.ts.map +1 -0
package/dist/enterprise/integrations/chat.js +624 -0
package/dist/enterprise/integrations/chat.js.map +1 -0
package/dist/enterprise/integrations/chat.test.d.ts +5 -0
package/dist/enterprise/integrations/chat.test.d.ts.map +1 -0
package/dist/enterprise/integrations/chat.test.js +557 -0
package/dist/enterprise/integrations/chat.test.js.map +1 -0
package/dist/enterprise/integrations/ticketing.d.ts +257 -0
package/dist/enterprise/integrations/ticketing.d.ts.map +1 -0
package/dist/enterprise/integrations/ticketing.js +548 -0
package/dist/enterprise/integrations/ticketing.js.map +1 -0
package/dist/enterprise/integrations/ticketing.test.d.ts +5 -0
package/dist/enterprise/integrations/ticketing.test.d.ts.map +1 -0
package/dist/enterprise/integrations/ticketing.test.js +693 -0
package/dist/enterprise/integrations/ticketing.test.js.map +1 -0
package/dist/enterprise/policy/opa.d.ts +194 -0
package/dist/enterprise/policy/opa.d.ts.map +1 -0
package/dist/enterprise/policy/opa.js +385 -0
package/dist/enterprise/policy/opa.js.map +1 -0
package/dist/enterprise/policy/opa.test.d.ts +5 -0
package/dist/enterprise/policy/opa.test.d.ts.map +1 -0
package/dist/enterprise/policy/opa.test.js +702 -0
package/dist/enterprise/policy/opa.test.js.map +1 -0
package/dist/enterprise/signing/kms.d.ts +211 -0
package/dist/enterprise/signing/kms.d.ts.map +1 -0
package/dist/enterprise/signing/kms.js +480 -0
package/dist/enterprise/signing/kms.js.map +1 -0
package/dist/enterprise/signing/kms.test.d.ts +5 -0
package/dist/enterprise/signing/kms.test.d.ts.map +1 -0
package/dist/enterprise/signing/kms.test.js +511 -0
package/dist/enterprise/signing/kms.test.js.map +1 -0
package/dist/eval/fixtures.d.ts +58 -0
package/dist/eval/fixtures.d.ts.map +1 -0
package/dist/eval/fixtures.js +571 -0
package/dist/eval/fixtures.js.map +1 -0
package/dist/eval/fixtures.test.d.ts +5 -0
package/dist/eval/fixtures.test.d.ts.map +1 -0
package/dist/eval/fixtures.test.js +193 -0
package/dist/eval/fixtures.test.js.map +1 -0
package/dist/eval/harness.d.ts +30 -0
package/dist/eval/harness.d.ts.map +1 -0
package/dist/eval/harness.js +221 -0
package/dist/eval/harness.js.map +1 -0
package/dist/eval/harness.test.d.ts +5 -0
package/dist/eval/harness.test.d.ts.map +1 -0
package/dist/eval/harness.test.js +314 -0
package/dist/eval/harness.test.js.map +1 -0
package/dist/eval/index.d.ts +15 -0
package/dist/eval/index.d.ts.map +1 -0
package/dist/eval/index.js +18 -0
package/dist/eval/index.js.map +1 -0
package/dist/eval/metrics.d.ts +56 -0
package/dist/eval/metrics.d.ts.map +1 -0
package/dist/eval/metrics.js +298 -0
package/dist/eval/metrics.js.map +1 -0
package/dist/eval/metrics.test.d.ts +5 -0
package/dist/eval/metrics.test.d.ts.map +1 -0
package/dist/eval/metrics.test.js +426 -0
package/dist/eval/metrics.test.js.map +1 -0
package/dist/eval/report.d.ts +30 -0
package/dist/eval/report.d.ts.map +1 -0
package/dist/eval/report.js +333 -0
package/dist/eval/report.js.map +1 -0
package/dist/eval/report.test.d.ts +5 -0
package/dist/eval/report.test.d.ts.map +1 -0
package/dist/eval/report.test.js +275 -0
package/dist/eval/report.test.js.map +1 -0
package/dist/eval/types.d.ts +234 -0
package/dist/eval/types.d.ts.map +1 -0
package/dist/eval/types.js +27 -0
package/dist/eval/types.js.map +1 -0
package/dist/http-server.d.ts +3 -0
package/dist/http-server.d.ts.map +1 -0
package/dist/http-server.js +127 -0
package/dist/http-server.js.map +1 -0
package/dist/index.d.ts +33 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +4120 -0
package/dist/index.js.map +1 -0
package/dist/logger.d.ts +46 -0
package/dist/logger.d.ts.map +1 -0
package/dist/logger.js +131 -0
package/dist/logger.js.map +1 -0
package/dist/multimodel/consensus.d.ts +49 -0
package/dist/multimodel/consensus.d.ts.map +1 -0
package/dist/multimodel/consensus.js +454 -0
package/dist/multimodel/consensus.js.map +1 -0
package/dist/multimodel/consensus.test.d.ts +5 -0
package/dist/multimodel/consensus.test.d.ts.map +1 -0
package/dist/multimodel/consensus.test.js +415 -0
package/dist/multimodel/consensus.test.js.map +1 -0
package/dist/multimodel/index.d.ts +13 -0
package/dist/multimodel/index.d.ts.map +1 -0
package/dist/multimodel/index.js +14 -0
package/dist/multimodel/index.js.map +1 -0
package/dist/multimodel/runner.d.ts +95 -0
package/dist/multimodel/runner.d.ts.map +1 -0
package/dist/multimodel/runner.js +312 -0
package/dist/multimodel/runner.js.map +1 -0
package/dist/multimodel/runner.test.d.ts +5 -0
package/dist/multimodel/runner.test.d.ts.map +1 -0
package/dist/multimodel/runner.test.js +224 -0
package/dist/multimodel/runner.test.js.map +1 -0
package/dist/multimodel/types.d.ts +202 -0
package/dist/multimodel/types.d.ts.map +1 -0
package/dist/multimodel/types.js +10 -0
package/dist/multimodel/types.js.map +1 -0
package/dist/observability/index.d.ts +9 -0
package/dist/observability/index.d.ts.map +1 -0
package/dist/observability/index.js +9 -0
package/dist/observability/index.js.map +1 -0
package/dist/observability/otel.d.ts +102 -0
package/dist/observability/otel.d.ts.map +1 -0
package/dist/observability/otel.js +284 -0
package/dist/observability/otel.js.map +1 -0
package/dist/plugins/index.d.ts +10 -0
package/dist/plugins/index.d.ts.map +1 -0
package/dist/plugins/index.js +10 -0
package/dist/plugins/index.js.map +1 -0
package/dist/plugins/loader.d.ts +78 -0
package/dist/plugins/loader.d.ts.map +1 -0
package/dist/plugins/loader.js +470 -0
package/dist/plugins/loader.js.map +1 -0
package/dist/plugins/types.d.ts +304 -0
package/dist/plugins/types.d.ts.map +1 -0
package/dist/plugins/types.js +100 -0
package/dist/plugins/types.js.map +1 -0
package/dist/sbom/cyclonedx.d.ts +30 -0
package/dist/sbom/cyclonedx.d.ts.map +1 -0
package/dist/sbom/cyclonedx.js +392 -0
package/dist/sbom/cyclonedx.js.map +1 -0
package/dist/sbom/cyclonedx.test.d.ts +5 -0
package/dist/sbom/cyclonedx.test.d.ts.map +1 -0
package/dist/sbom/cyclonedx.test.js +244 -0
package/dist/sbom/cyclonedx.test.js.map +1 -0
package/dist/sbom/index.d.ts +13 -0
package/dist/sbom/index.d.ts.map +1 -0
package/dist/sbom/index.js +15 -0
package/dist/sbom/index.js.map +1 -0
package/dist/sbom/provenance.d.ts +37 -0
package/dist/sbom/provenance.d.ts.map +1 -0
package/dist/sbom/provenance.js +268 -0
package/dist/sbom/provenance.js.map +1 -0
package/dist/sbom/provenance.test.d.ts +5 -0
package/dist/sbom/provenance.test.d.ts.map +1 -0
package/dist/sbom/provenance.test.js +189 -0
package/dist/sbom/provenance.test.js.map +1 -0
package/dist/sbom/signing.d.ts +87 -0
package/dist/sbom/signing.d.ts.map +1 -0
package/dist/sbom/signing.js +354 -0
package/dist/sbom/signing.js.map +1 -0
package/dist/sbom/signing.test.d.ts +5 -0
package/dist/sbom/signing.test.d.ts.map +1 -0
package/dist/sbom/signing.test.js +170 -0
package/dist/sbom/signing.test.js.map +1 -0
package/dist/sbom/types.d.ts +384 -0
package/dist/sbom/types.d.ts.map +1 -0
package/dist/sbom/types.js +17 -0
package/dist/sbom/types.js.map +1 -0
package/dist/scanners/agent/credential-scope-audit.d.ts +40 -0
package/dist/scanners/agent/credential-scope-audit.d.ts.map +1 -0
package/dist/scanners/agent/credential-scope-audit.js +404 -0
package/dist/scanners/agent/credential-scope-audit.js.map +1 -0
package/dist/scanners/agent/exfil-path-graph.d.ts +50 -0
package/dist/scanners/agent/exfil-path-graph.d.ts.map +1 -0
package/dist/scanners/agent/exfil-path-graph.js +764 -0
package/dist/scanners/agent/exfil-path-graph.js.map +1 -0
package/dist/scanners/agent/index.d.ts +43 -0
package/dist/scanners/agent/index.d.ts.map +1 -0
package/dist/scanners/agent/index.js +616 -0
package/dist/scanners/agent/index.js.map +1 -0
package/dist/scanners/agent/manifest-audit.d.ts +43 -0
package/dist/scanners/agent/manifest-audit.d.ts.map +1 -0
package/dist/scanners/agent/manifest-audit.js +403 -0
package/dist/scanners/agent/manifest-audit.js.map +1 -0
package/dist/scanners/agent/payloads/index.d.ts +44 -0
package/dist/scanners/agent/payloads/index.d.ts.map +1 -0
package/dist/scanners/agent/payloads/index.js +184 -0
package/dist/scanners/agent/payloads/index.js.map +1 -0
package/dist/scanners/agent/permission-minimiser.d.ts +48 -0
package/dist/scanners/agent/permission-minimiser.d.ts.map +1 -0
package/dist/scanners/agent/permission-minimiser.js +551 -0
package/dist/scanners/agent/permission-minimiser.js.map +1 -0
package/dist/scanners/agent/prompt-injection-fuzzer.d.ts +39 -0
package/dist/scanners/agent/prompt-injection-fuzzer.d.ts.map +1 -0
package/dist/scanners/agent/prompt-injection-fuzzer.js +720 -0
package/dist/scanners/agent/prompt-injection-fuzzer.js.map +1 -0
package/dist/scanners/agent/sandbox-audit.d.ts +44 -0
package/dist/scanners/agent/sandbox-audit.d.ts.map +1 -0
package/dist/scanners/agent/sandbox-audit.js +425 -0
package/dist/scanners/agent/sandbox-audit.js.map +1 -0
package/dist/scanners/agent/supply-chain-mcp.d.ts +53 -0
package/dist/scanners/agent/supply-chain-mcp.d.ts.map +1 -0
package/dist/scanners/agent/supply-chain-mcp.js +479 -0
package/dist/scanners/agent/supply-chain-mcp.js.map +1 -0
package/dist/scanners/agent/tool-description-drift.d.ts +62 -0
package/dist/scanners/agent/tool-description-drift.d.ts.map +1 -0
package/dist/scanners/agent/tool-description-drift.js +365 -0
package/dist/scanners/agent/tool-description-drift.js.map +1 -0
package/dist/scanners/agent/types.d.ts +840 -0
package/dist/scanners/agent/types.d.ts.map +1 -0
package/dist/scanners/agent/types.js +149 -0
package/dist/scanners/agent/types.js.map +1 -0
package/dist/scanners/bandit.d.ts +25 -0
package/dist/scanners/bandit.d.ts.map +1 -0
package/dist/scanners/bandit.js +129 -0
package/dist/scanners/bandit.js.map +1 -0
package/dist/scanners/binary-analysis.d.ts +41 -0
package/dist/scanners/binary-analysis.d.ts.map +1 -0
package/dist/scanners/binary-analysis.js +587 -0
package/dist/scanners/binary-analysis.js.map +1 -0
package/dist/scanners/binary-analysis.test.d.ts +5 -0
package/dist/scanners/binary-analysis.test.d.ts.map +1 -0
package/dist/scanners/binary-analysis.test.js +291 -0
package/dist/scanners/binary-analysis.test.js.map +1 -0
package/dist/scanners/brakeman.d.ts +30 -0
package/dist/scanners/brakeman.d.ts.map +1 -0
package/dist/scanners/brakeman.js +271 -0
package/dist/scanners/brakeman.js.map +1 -0
package/dist/scanners/dependencies.d.ts +22 -0
package/dist/scanners/dependencies.d.ts.map +1 -0
package/dist/scanners/dependencies.js +202 -0
package/dist/scanners/dependencies.js.map +1 -0
package/dist/scanners/dependencies.test.d.ts +5 -0
package/dist/scanners/dependencies.test.d.ts.map +1 -0
package/dist/scanners/dependencies.test.js +185 -0
package/dist/scanners/dependencies.test.js.map +1 -0
package/dist/scanners/eslint.d.ts +25 -0
package/dist/scanners/eslint.d.ts.map +1 -0
package/dist/scanners/eslint.js +220 -0
package/dist/scanners/eslint.js.map +1 -0
package/dist/scanners/gosec.d.ts +25 -0
package/dist/scanners/gosec.d.ts.map +1 -0
package/dist/scanners/gosec.js +128 -0
package/dist/scanners/gosec.js.map +1 -0
package/dist/scanners/index.d.ts +128 -0
package/dist/scanners/index.d.ts.map +1 -0
package/dist/scanners/index.js +811 -0
package/dist/scanners/index.js.map +1 -0
package/dist/scanners/index.test.d.ts +5 -0
package/dist/scanners/index.test.d.ts.map +1 -0
package/dist/scanners/index.test.js +424 -0
package/dist/scanners/index.test.js.map +1 -0
package/dist/scanners/memory-safety.d.ts +44 -0
package/dist/scanners/memory-safety.d.ts.map +1 -0
package/dist/scanners/memory-safety.js +571 -0
package/dist/scanners/memory-safety.js.map +1 -0
package/dist/scanners/memory-safety.test.d.ts +5 -0
package/dist/scanners/memory-safety.test.d.ts.map +1 -0
package/dist/scanners/memory-safety.test.js +321 -0
package/dist/scanners/memory-safety.test.js.map +1 -0
package/dist/scanners/race-condition.d.ts +25 -0
package/dist/scanners/race-condition.d.ts.map +1 -0
package/dist/scanners/race-condition.js +443 -0
package/dist/scanners/race-condition.js.map +1 -0
package/dist/scanners/race-condition.test.d.ts +5 -0
package/dist/scanners/race-condition.test.d.ts.map +1 -0
package/dist/scanners/race-condition.test.js +428 -0
package/dist/scanners/race-condition.test.js.map +1 -0
package/dist/scanners/secrets.d.ts +25 -0
package/dist/scanners/secrets.d.ts.map +1 -0
package/dist/scanners/secrets.js +367 -0
package/dist/scanners/secrets.js.map +1 -0
package/dist/scanners/secrets.test.d.ts +5 -0
package/dist/scanners/secrets.test.d.ts.map +1 -0
package/dist/scanners/secrets.test.js +160 -0
package/dist/scanners/secrets.test.js.map +1 -0
package/dist/scanners/semgrep.d.ts +33 -0
package/dist/scanners/semgrep.d.ts.map +1 -0
package/dist/scanners/semgrep.js +350 -0
package/dist/scanners/semgrep.js.map +1 -0
package/dist/scanners/semgrep.test.d.ts +8 -0
package/dist/scanners/semgrep.test.d.ts.map +1 -0
package/dist/scanners/semgrep.test.js +254 -0
package/dist/scanners/semgrep.test.js.map +1 -0
package/dist/scanners/trivy.d.ts +26 -0
package/dist/scanners/trivy.d.ts.map +1 -0
package/dist/scanners/trivy.js +187 -0
package/dist/scanners/trivy.js.map +1 -0
package/dist/scanners/types.d.ts +210 -0
package/dist/scanners/types.d.ts.map +1 -0
package/dist/scanners/types.js +106 -0
package/dist/scanners/types.js.map +1 -0
package/dist/scanners/types.test.d.ts +5 -0
package/dist/scanners/types.test.d.ts.map +1 -0
package/dist/scanners/types.test.js +103 -0
package/dist/scanners/types.test.js.map +1 -0
package/dist/scanners/typescript.d.ts +32 -0
package/dist/scanners/typescript.d.ts.map +1 -0
package/dist/scanners/typescript.js +300 -0
package/dist/scanners/typescript.js.map +1 -0
package/dist/scanners/typescript.test.d.ts +5 -0
package/dist/scanners/typescript.test.d.ts.map +1 -0
package/dist/scanners/typescript.test.js +296 -0
package/dist/scanners/typescript.test.js.map +1 -0
package/dist/transcripts/index.d.ts +13 -0
package/dist/transcripts/index.d.ts.map +1 -0
package/dist/transcripts/index.js +17 -0
package/dist/transcripts/index.js.map +1 -0
package/dist/transcripts/logger.d.ts +190 -0
package/dist/transcripts/logger.d.ts.map +1 -0
package/dist/transcripts/logger.js +385 -0
package/dist/transcripts/logger.js.map +1 -0
package/dist/transcripts/logger.test.d.ts +5 -0
package/dist/transcripts/logger.test.d.ts.map +1 -0
package/dist/transcripts/logger.test.js +227 -0
package/dist/transcripts/logger.test.js.map +1 -0
package/dist/transcripts/redaction.d.ts +125 -0
package/dist/transcripts/redaction.d.ts.map +1 -0
package/dist/transcripts/redaction.js +416 -0
package/dist/transcripts/redaction.js.map +1 -0
package/dist/transcripts/redaction.test.d.ts +5 -0
package/dist/transcripts/redaction.test.d.ts.map +1 -0
package/dist/transcripts/redaction.test.js +267 -0
package/dist/transcripts/redaction.test.js.map +1 -0
package/dist/transcripts/signing.d.ts +108 -0
package/dist/transcripts/signing.d.ts.map +1 -0
package/dist/transcripts/signing.js +173 -0
package/dist/transcripts/signing.js.map +1 -0
package/dist/transcripts/verifier.d.ts +133 -0
package/dist/transcripts/verifier.d.ts.map +1 -0
package/dist/transcripts/verifier.js +489 -0
package/dist/transcripts/verifier.js.map +1 -0
package/dist/transcripts/verifier.test.d.ts +5 -0
package/dist/transcripts/verifier.test.d.ts.map +1 -0
package/dist/transcripts/verifier.test.js +330 -0
package/dist/transcripts/verifier.test.js.map +1 -0
package/dist/util/concurrency.d.ts +221 -0
package/dist/util/concurrency.d.ts.map +1 -0
package/dist/util/concurrency.js +339 -0
package/dist/util/concurrency.js.map +1 -0
package/dist/util/index.d.ts +12 -0
package/dist/util/index.d.ts.map +1 -0
package/dist/util/index.js +12 -0
package/dist/util/index.js.map +1 -0
package/dist/util/json.d.ts +63 -0
package/dist/util/json.d.ts.map +1 -0
package/dist/util/json.js +134 -0
package/dist/util/json.js.map +1 -0
package/dist/util/paths.d.ts +56 -0
package/dist/util/paths.d.ts.map +1 -0
package/dist/util/paths.js +128 -0
package/dist/util/paths.js.map +1 -0
package/dist/util/retry.d.ts +185 -0
package/dist/util/retry.d.ts.map +1 -0
package/dist/util/retry.js +338 -0
package/dist/util/retry.js.map +1 -0
package/package.json +79 -0

package/dist/scanners/agent/types.d.ts ADDED Viewed

@@ -0,0 +1,840 @@
+/**
+ * Agent & MCP Security Scanner Types
+ *
+ * Types for scanning MCP servers, agent systems, and AI tool chains.
+ * These scanners extend the deterministic scanner layer with agent-specific
+ * security checks: prompt injection fuzzing, exfiltration path analysis,
+ * manifest auditing, and permission minimization.
+ *
+ * @module scanners/agent/types
+ */
+import { z } from "zod";
+import type { Severity } from "../../certification/types.js";
+import type { ScannerResult } from "../types.js";
+/**
+ * Supported agent scanner types
+ */
+export type AgentScannerType = "manifest-audit" | "tool-description-drift" | "prompt-injection-fuzzer" | "exfil-path-graph" | "permission-minimiser" | "supply-chain-mcp" | "sandbox-audit" | "credential-scope-audit";
+/**
+ * All agent scanner types as an array for iteration
+ */
+export declare const AGENT_SCANNER_TYPES: AgentScannerType[];
+/**
+ * MCP tool parameter schema (subset of JSON Schema)
+ */
+export interface MCPParameterSchema {
+    type: string;
+    description?: string;
+    required?: boolean;
+    enum?: string[];
+    default?: unknown;
+    properties?: Record<string, MCPParameterSchema>;
+    items?: MCPParameterSchema;
+}
+/**
+ * MCP tool definition from server manifest
+ */
+export interface MCPToolDefinition {
+    /** Tool name (e.g., "read_file") */
+    name: string;
+    /** Human-readable description */
+    description: string;
+    /** Zod-validated input schema or JSON schema */
+    inputSchema?: MCPParameterSchema | z.ZodTypeAny;
+    /** Whether this tool can modify state (write, delete, etc.) */
+    destructiveHint?: boolean;
+    /** Whether this tool only reads data */
+    readOnlyHint?: boolean;
+    /** Allowed origins for cross-origin requests */
+    allowedOrigins?: string[];
+    /** Whether this tool can access network */
+    networkAccess?: boolean;
+    /** Whether this tool can execute code */
+    codeExecution?: boolean;
+    /** Required permissions/scopes */
+    requiredPermissions?: string[];
+}
+/**
+ * MCP resource definition
+ */
+export interface MCPResourceDefinition {
+    /** Resource URI template (e.g., "file://{path}") */
+    uri: string;
+    /** Human-readable name */
+    name: string;
+    /** Description of the resource */
+    description?: string;
+    /** MIME type of the resource content */
+    mimeType?: string;
+}
+/**
+ * MCP prompt definition
+ */
+export interface MCPPromptDefinition {
+    /** Prompt name */
+    name: string;
+    /** Human-readable description */
+    description?: string;
+    /** Arguments the prompt accepts */
+    arguments?: {
+        name: string;
+        description?: string;
+        required?: boolean;
+    }[];
+}
+/**
+ * Complete MCP server manifest
+ */
+export interface MCPManifest {
+    /** Server name */
+    name: string;
+    /** Server version */
+    version: string;
+    /** Human-readable description */
+    description?: string;
+    /** Available tools */
+    tools: MCPToolDefinition[];
+    /** Available resources */
+    resources?: MCPResourceDefinition[];
+    /** Available prompts */
+    prompts?: MCPPromptDefinition[];
+    /** Server capabilities */
+    capabilities?: {
+        tools?: boolean;
+        resources?: boolean;
+        prompts?: boolean;
+        logging?: boolean;
+    };
+    /** Server configuration */
+    config?: Record<string, unknown>;
+}
+/**
+ * Zod schema for MCPManifest validation
+ */
+export declare const MCPManifestSchema: z.ZodObject<{
+    name: z.ZodString;
+    version: z.ZodString;
+    description: z.ZodOptional<z.ZodString>;
+    tools: z.ZodArray<z.ZodObject<{
+        name: z.ZodString;
+        description: z.ZodString;
+        inputSchema: z.ZodOptional<z.ZodAny>;
+        destructiveHint: z.ZodOptional<z.ZodBoolean>;
+        readOnlyHint: z.ZodOptional<z.ZodBoolean>;
+        allowedOrigins: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+        networkAccess: z.ZodOptional<z.ZodBoolean>;
+        codeExecution: z.ZodOptional<z.ZodBoolean>;
+        requiredPermissions: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+    }, "strip", z.ZodTypeAny, {
+        description: string;
+        name: string;
+        inputSchema?: any;
+        destructiveHint?: boolean | undefined;
+        readOnlyHint?: boolean | undefined;
+        allowedOrigins?: string[] | undefined;
+        networkAccess?: boolean | undefined;
+        codeExecution?: boolean | undefined;
+        requiredPermissions?: string[] | undefined;
+    }, {
+        description: string;
+        name: string;
+        inputSchema?: any;
+        destructiveHint?: boolean | undefined;
+        readOnlyHint?: boolean | undefined;
+        allowedOrigins?: string[] | undefined;
+        networkAccess?: boolean | undefined;
+        codeExecution?: boolean | undefined;
+        requiredPermissions?: string[] | undefined;
+    }>, "many">;
+    resources: z.ZodOptional<z.ZodArray<z.ZodObject<{
+        uri: z.ZodString;
+        name: z.ZodString;
+        description: z.ZodOptional<z.ZodString>;
+        mimeType: z.ZodOptional<z.ZodString>;
+    }, "strip", z.ZodTypeAny, {
+        name: string;
+        uri: string;
+        description?: string | undefined;
+        mimeType?: string | undefined;
+    }, {
+        name: string;
+        uri: string;
+        description?: string | undefined;
+        mimeType?: string | undefined;
+    }>, "many">>;
+    prompts: z.ZodOptional<z.ZodArray<z.ZodObject<{
+        name: z.ZodString;
+        description: z.ZodOptional<z.ZodString>;
+        arguments: z.ZodOptional<z.ZodArray<z.ZodObject<{
+            name: z.ZodString;
+            description: z.ZodOptional<z.ZodString>;
+            required: z.ZodOptional<z.ZodBoolean>;
+        }, "strip", z.ZodTypeAny, {
+            name: string;
+            description?: string | undefined;
+            required?: boolean | undefined;
+        }, {
+            name: string;
+            description?: string | undefined;
+            required?: boolean | undefined;
+        }>, "many">>;
+    }, "strip", z.ZodTypeAny, {
+        name: string;
+        description?: string | undefined;
+        arguments?: {
+            name: string;
+            description?: string | undefined;
+            required?: boolean | undefined;
+        }[] | undefined;
+    }, {
+        name: string;
+        description?: string | undefined;
+        arguments?: {
+            name: string;
+            description?: string | undefined;
+            required?: boolean | undefined;
+        }[] | undefined;
+    }>, "many">>;
+    capabilities: z.ZodOptional<z.ZodObject<{
+        tools: z.ZodOptional<z.ZodBoolean>;
+        resources: z.ZodOptional<z.ZodBoolean>;
+        prompts: z.ZodOptional<z.ZodBoolean>;
+        logging: z.ZodOptional<z.ZodBoolean>;
+    }, "strip", z.ZodTypeAny, {
+        tools?: boolean | undefined;
+        resources?: boolean | undefined;
+        prompts?: boolean | undefined;
+        logging?: boolean | undefined;
+    }, {
+        tools?: boolean | undefined;
+        resources?: boolean | undefined;
+        prompts?: boolean | undefined;
+        logging?: boolean | undefined;
+    }>>;
+    config: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
+}, "strip", z.ZodTypeAny, {
+    version: string;
+    name: string;
+    tools: {
+        description: string;
+        name: string;
+        inputSchema?: any;
+        destructiveHint?: boolean | undefined;
+        readOnlyHint?: boolean | undefined;
+        allowedOrigins?: string[] | undefined;
+        networkAccess?: boolean | undefined;
+        codeExecution?: boolean | undefined;
+        requiredPermissions?: string[] | undefined;
+    }[];
+    description?: string | undefined;
+    config?: Record<string, unknown> | undefined;
+    resources?: {
+        name: string;
+        uri: string;
+        description?: string | undefined;
+        mimeType?: string | undefined;
+    }[] | undefined;
+    prompts?: {
+        name: string;
+        description?: string | undefined;
+        arguments?: {
+            name: string;
+            description?: string | undefined;
+            required?: boolean | undefined;
+        }[] | undefined;
+    }[] | undefined;
+    capabilities?: {
+        tools?: boolean | undefined;
+        resources?: boolean | undefined;
+        prompts?: boolean | undefined;
+        logging?: boolean | undefined;
+    } | undefined;
+}, {
+    version: string;
+    name: string;
+    tools: {
+        description: string;
+        name: string;
+        inputSchema?: any;
+        destructiveHint?: boolean | undefined;
+        readOnlyHint?: boolean | undefined;
+        allowedOrigins?: string[] | undefined;
+        networkAccess?: boolean | undefined;
+        codeExecution?: boolean | undefined;
+        requiredPermissions?: string[] | undefined;
+    }[];
+    description?: string | undefined;
+    config?: Record<string, unknown> | undefined;
+    resources?: {
+        name: string;
+        uri: string;
+        description?: string | undefined;
+        mimeType?: string | undefined;
+    }[] | undefined;
+    prompts?: {
+        name: string;
+        description?: string | undefined;
+        arguments?: {
+            name: string;
+            description?: string | undefined;
+            required?: boolean | undefined;
+        }[] | undefined;
+    }[] | undefined;
+    capabilities?: {
+        tools?: boolean | undefined;
+        resources?: boolean | undefined;
+        prompts?: boolean | undefined;
+        logging?: boolean | undefined;
+    } | undefined;
+}>;
+/**
+ * Extended scanner result for agent-specific scanners
+ */
+export interface AgentScannerResult extends Omit<ScannerResult, "scanner"> {
+    /** Which agent scanner was run */
+    scanner: AgentScannerType;
+    /** Target MCP server URL, config file, or npm package */
+    target?: string;
+    /** SHA256 hash of scanned manifest */
+    manifestHash?: string;
+    /** MCP server name if available */
+    mcpServerName?: string;
+    /** MCP server version if available */
+    mcpServerVersion?: string;
+}
+/**
+ * Check if an agent scanner is available
+ */
+export interface AgentScannerAvailability {
+    scanner: AgentScannerType;
+    available: boolean;
+    version?: string;
+    path?: string;
+    error?: string;
+}
+/**
+ * Categories of prompt injection payloads
+ */
+export type PayloadCategory = "override-instructions" | "exfil-prompt" | "homoglyph" | "tag-smuggling" | "indirect-injection" | "jailbreak" | "system-prompt-extraction" | "tool-misuse";
+/**
+ * A single injection payload
+ */
+export interface InjectionPayload {
+    /** Unique payload ID */
+    id: string;
+    /** The payload text to inject */
+    text: string;
+    /** Category of attack */
+    category: PayloadCategory;
+    /** Expected severity if injection succeeds */
+    severity: Severity;
+    /** Human-readable description of what this payload attempts */
+    description: string;
+    /** Tags for filtering (e.g., ["unicode", "invisible"]) */
+    tags?: string[];
+    /** Source/attribution if from known research */
+    source?: string;
+}
+/**
+ * Result of fuzzing a single tool with a single payload
+ */
+export interface FuzzResult {
+    /** The payload that was tested */
+    payload: string;
+    /** Payload ID for reference */
+    payloadId: string;
+    /** Category of the payload */
+    payloadCategory: PayloadCategory;
+    /** Which tool was fuzzed */
+    tool: string;
+    /** Whether the injection was blocked (true = safe) */
+    passed: boolean;
+    /** Raw response from the tool (redacted for sensitive data) */
+    response?: string;
+    /** Whether the model's behavior changed due to injection */
+    behaviorChange: boolean;
+    /** Specific indicators of behavior change detected */
+    behaviorIndicators?: string[];
+    /** Assigned severity based on behavior change */
+    severity: Severity;
+    /** Time taken for this fuzz test in ms */
+    duration: number;
+    /** Error if the fuzz test failed to execute */
+    error?: string;
+}
+/**
+ * Aggregated fuzzer results
+ */
+export interface FuzzerSummary {
+    /** Total payloads tested */
+    totalPayloads: number;
+    /** Payloads that were blocked (passed) */
+    passedCount: number;
+    /** Payloads that caused behavior changes (failed) */
+    failedCount: number;
+    /** Pass rate as percentage */
+    passRate: number;
+    /** Breakdown by payload category */
+    byCategory: Record<PayloadCategory, {
+        passed: number;
+        failed: number;
+    }>;
+    /** Breakdown by tool */
+    byTool: Record<string, {
+        passed: number;
+        failed: number;
+    }>;
+    /** Most vulnerable tools (highest failure rate) */
+    vulnerableTools: string[];
+    /** Most effective payload categories */
+    effectiveCategories: PayloadCategory[];
+}
+/**
+ * Options for running the fuzzer
+ */
+export interface FuzzerOptions {
+    /** Corpus size: quick (~50), standard (~200), thorough (~500+) */
+    corpus?: "quick" | "standard" | "thorough";
+    /** Path to custom payload file or directory */
+    customCorpus?: string;
+    /** Specific categories to test */
+    categories?: PayloadCategory[];
+    /** Specific tools to fuzz (default: all) */
+    tools?: string[];
+    /** Timeout per fuzz test in ms */
+    timeout?: number;
+    /** Maximum parallel fuzz tests */
+    concurrency?: number;
+    /** Stop on first failure */
+    failFast?: boolean;
+    /** Redact sensitive data in responses */
+    redactResponses?: boolean;
+}
+/**
+ * Classification of a tool's capabilities
+ */
+export type ToolCapability = "reads_secrets" | "reads_files" | "reads_env" | "reads_database" | "writes_files" | "writes_database" | "network_access" | "executes_code" | "modifies_state" | "sends_email" | "sends_webhook" | "accesses_external_api";
+/**
+ * A node in the tool capability graph
+ */
+export interface ToolNode {
+    /** Tool name */
+    name: string;
+    /** Tool description */
+    description: string;
+    /** Classified capabilities */
+    capabilities: ToolCapability[];
+    /** Risk score (0-100) */
+    riskScore: number;
+    /** Whether this tool could be a source of secrets */
+    isSecretSource: boolean;
+    /** Whether this tool has network/external access */
+    isNetworkSink: boolean;
+}
+/**
+ * An edge representing data flow between tools
+ */
+export interface ToolEdge {
+    /** Source tool name */
+    source: string;
+    /** Target tool name */
+    target: string;
+    /** Type of data flow */
+    dataFlow: "input" | "output" | "chained" | "implicit";
+    /** Description of the flow */
+    description?: string;
+}
+/**
+ * A potential exfiltration path through the tool graph
+ */
+export interface ExfilPath {
+    /** Tool that reads secrets/sensitive data */
+    source: string;
+    /** Tool with network/external access */
+    sink: string;
+    /** Intermediate tools in the path */
+    path: string[];
+    /** Full path including source and sink */
+    fullPath: string[];
+    /** Risk level based on path characteristics */
+    riskLevel: Severity;
+    /** Description of the exfiltration risk */
+    description: string;
+    /** Suggested mitigations */
+    mitigations: string[];
+}
+/**
+ * Complete tool capability graph
+ */
+export interface ToolGraph {
+    /** All tools as nodes */
+    nodes: Map<string, ToolNode>;
+    /** Data flow edges between tools */
+    edges: ToolEdge[];
+    /** Identified exfiltration paths */
+    exfilPaths: ExfilPath[];
+    /** Minimal set of tools to sandbox to cut all paths */
+    cutSet: string[];
+    /** Mermaid diagram representation */
+    mermaidDiagram: string;
+}
+/**
+ * Types of manifest audit findings
+ */
+export type ManifestAuditCheck = "missing-destructive-hint" | "missing-readonly-hint" | "missing-input-schema" | "unbounded-origins" | "version-drift" | "missing-description" | "excessive-permissions" | "undeclared-network" | "undeclared-code-execution";
+/**
+ * A finding from manifest audit
+ */
+export interface ManifestAuditFinding {
+    /** Type of issue found */
+    check: ManifestAuditCheck;
+    /** Severity of the finding */
+    severity: Severity;
+    /** Which tool has the issue */
+    tool: string;
+    /** Human-readable description */
+    description: string;
+    /** Suggested fix */
+    suggestion: string;
+    /** Current value if applicable */
+    currentValue?: unknown;
+    /** Expected value if applicable */
+    expectedValue?: unknown;
+}
+/**
+ * Types of drift that can occur in tool definitions
+ */
+export type DriftType = "tool-added" | "tool-removed" | "description-changed" | "schema-changed" | "permission-changed" | "capability-changed";
+/**
+ * A baseline snapshot of a tool definition
+ */
+export interface ToolBaseline {
+    /** Tool name */
+    name: string;
+    /** Hash of tool definition */
+    hash: string;
+    /** Original description */
+    description: string;
+    /** Original input schema hash */
+    schemaHash: string;
+    /** Original hints */
+    hints: {
+        destructive?: boolean;
+        readOnly?: boolean;
+    };
+    /** Timestamp when baseline was captured */
+    capturedAt: string;
+}
+/**
+ * Complete baseline for an MCP server
+ */
+export interface ServerBaseline {
+    /** MCP server name */
+    serverName: string;
+    /** Server version at baseline */
+    version: string;
+    /** Overall manifest hash */
+    manifestHash: string;
+    /** Individual tool baselines */
+    tools: ToolBaseline[];
+    /** When the baseline was signed */
+    signedAt: string;
+    /** Signature if available */
+    signature?: string;
+}
+/**
+ * A detected drift from baseline
+ */
+export interface DriftFinding {
+    /** Type of drift */
+    type: DriftType;
+    /** Severity based on drift type */
+    severity: Severity;
+    /** Affected tool name */
+    tool: string;
+    /** Description of the change */
+    description: string;
+    /** Value in baseline */
+    baselineValue?: string;
+    /** Current value */
+    currentValue?: string;
+    /** When the drift was detected */
+    detectedAt: string;
+}
+/**
+ * A record of actual tool usage
+ */
+export interface ToolUsageRecord {
+    /** Tool name */
+    tool: string;
+    /** Number of invocations */
+    invocations: number;
+    /** Arguments patterns seen */
+    argumentPatterns: string[];
+    /** Files/resources accessed */
+    resourcesAccessed: string[];
+    /** Last used timestamp */
+    lastUsed: string;
+    /** First used timestamp */
+    firstUsed: string;
+}
+/**
+ * A permission tightening proposal
+ */
+export interface PermissionProposal {
+    /** Type of proposal */
+    type: "disable-unused" | "scope-down" | "remove-permission" | "add-constraint";
+    /** Affected tool */
+    tool: string;
+    /** Current permission/state */
+    current: string;
+    /** Proposed permission/state */
+    proposed: string;
+    /** Rationale for the change */
+    rationale: string;
+    /** Risk reduction if applied (0-100) */
+    riskReduction: number;
+    /** Confidence in the proposal (0-100) */
+    confidence: number;
+}
+/**
+ * Supply chain vulnerability in MCP server dependencies
+ */
+export interface MCPSupplyChainVuln {
+    /** Vulnerable package name */
+    package: string;
+    /** Installed version */
+    installedVersion: string;
+    /** Fixed version if available */
+    fixedVersion?: string;
+    /** CVE ID if applicable */
+    cveId?: string;
+    /** GHSA ID if applicable */
+    ghsaId?: string;
+    /** Severity */
+    severity: Severity;
+    /** Description */
+    description: string;
+    /** Whether the package is a direct or transitive dependency */
+    isDirect: boolean;
+    /** Dependency path if transitive */
+    dependencyPath?: string[];
+}
+/**
+ * Sigstore verification result
+ */
+export interface SigstoreVerification {
+    /** Whether the package/release is signed */
+    isSigned: boolean;
+    /** Whether the signature is valid */
+    signatureValid?: boolean;
+    /** Certificate issuer */
+    issuer?: string;
+    /** Certificate subject */
+    subject?: string;
+    /** Signature timestamp */
+    signedAt?: string;
+    /** Verification errors */
+    errors?: string[];
+}
+/**
+ * Sandbox escape patterns to detect
+ */
+export type SandboxEscape = "child_process" | "eval" | "Function" | "vm" | "require" | "import-dynamic" | "fs-outside-scope" | "net-undeclared" | "env-access" | "process-access";
+/**
+ * A sandbox escape finding
+ */
+export interface SandboxFinding {
+    /** Type of escape */
+    escape: SandboxEscape;
+    /** Tool with the escape */
+    tool: string;
+    /** File where escape was found */
+    file: string;
+    /** Line number */
+    line: number;
+    /** Code snippet */
+    evidence: string;
+    /** Severity (most are critical or high) */
+    severity: Severity;
+    /** Description */
+    description: string;
+}
+/**
+ * Credential types we can audit
+ */
+export type CredentialType = "github-pat" | "github-app" | "aws-access-key" | "aws-iam-role" | "gcp-service-account" | "azure-service-principal" | "api-key" | "oauth-token" | "jwt" | "sigstore-audience" | "unknown";
+/**
+ * Scope overprovisioning finding
+ */
+export interface CredentialScopeFinding {
+    /** Type of credential */
+    credentialType: CredentialType;
+    /** Identifier (redacted) */
+    identifier: string;
+    /** Current scopes/permissions */
+    currentScopes: string[];
+    /** Recommended scopes based on usage */
+    recommendedScopes: string[];
+    /** Unused scopes that could be removed */
+    unusedScopes: string[];
+    /** Severity */
+    severity: Severity;
+    /** Age of the credential in days */
+    ageInDays?: number;
+    /** Whether rotation is recommended */
+    rotationRecommended: boolean;
+    /** Last rotation date if known */
+    lastRotated?: string;
+}
+/**
+ * Target for agent scanning
+ */
+export interface AgentScanTarget {
+    /** MCP server URL (stdio or HTTP) */
+    url?: string;
+    /** Path to MCP config file (server.json, mcp.json) */
+    configFile?: string;
+    /** npm package name */
+    npmPackage?: string;
+    /** Path to MCP server source code */
+    sourcePath?: string;
+    /** Pre-loaded manifest (skip discovery) */
+    manifest?: MCPManifest;
+}
+/**
+ * Options for running agent scanners
+ */
+export interface AgentScannerOptions {
+    /** Target to scan */
+    target: AgentScanTarget;
+    /** Which scanners to run */
+    scanners?: {
+        manifestAudit?: boolean;
+        toolDrift?: boolean;
+        promptInjection?: boolean;
+        exfilPath?: boolean;
+        permissionMinimiser?: boolean;
+        supplyChain?: boolean;
+        sandboxAudit?: boolean;
+        credentialScope?: boolean;
+    };
+    /** Path to baselines for drift detection */
+    baselinesDir?: string;
+    /** Path to tool traces for permission analysis */
+    tracesDir?: string;
+    /** Fuzzer options (legacy, prefer specific options below) */
+    fuzzerOptions?: FuzzerOptions;
+    /** Explicit authorization for scanning (required) */
+    authorized: boolean;
+    /** Timeout per scanner in milliseconds */
+    timeout?: number;
+    /** Maximum parallel scanners */
+    concurrency?: number;
+    /** Skip specific manifest audit checks */
+    manifestAuditSkipChecks?: ManifestAuditCheck[];
+    /** Only run specific manifest audit checks */
+    manifestAuditOnlyChecks?: ManifestAuditCheck[];
+    /** Create baseline if none exists */
+    createBaselineIfMissing?: boolean;
+    /** Force create a new baseline (overwrite existing) */
+    forceNewBaseline?: boolean;
+    /** Skip specific drift types */
+    driftSkipTypes?: DriftType[];
+    /** Fuzzer corpus size: quick (~50), standard (~200), thorough (~500+) */
+    fuzzerCorpus?: "quick" | "standard" | "thorough";
+    /** Path to custom payload directory */
+    customPayloadsDir?: string;
+    /** Specific payload categories to test */
+    fuzzerCategories?: PayloadCategory[];
+    /** Specific tools to fuzz (default: all) */
+    fuzzerTools?: string[];
+    /** Timeout per fuzz test in ms */
+    fuzzerTimeout?: number;
+    /** Stop fuzzer on first failure */
+    fuzzerFailFast?: boolean;
+    /** Include all edges in diagram (default: only exfil paths) */
+    exfilIncludeAllEdges?: boolean;
+    /** Maximum path length to consider */
+    exfilMaxPathLength?: number;
+    /** Output file for permission proposals */
+    permissionProposalsOutput?: string;
+    /** Minimum confidence threshold (0-100) */
+    permissionMinConfidence?: number;
+    /** Minimum risk reduction threshold (0-100) */
+    permissionMinRiskReduction?: number;
+    /** Path to MCP server package */
+    supplyChainPackagePath?: string;
+    /** Skip npm audit */
+    supplyChainSkipVulnScan?: boolean;
+    /** Skip license check */
+    supplyChainSkipLicenseCheck?: boolean;
+    /** Skip typosquatting check */
+    supplyChainSkipTyposquatCheck?: boolean;
+    /** Skip Sigstore verification */
+    supplyChainSkipSigstoreCheck?: boolean;
+    /** Path to scan for source files */
+    sandboxSourcePath?: string;
+    /** Maximum directory depth */
+    sandboxMaxDepth?: number;
+    /** Patterns to exclude */
+    sandboxExclude?: RegExp[];
+    /** Only check specific tools */
+    sandboxTools?: string[];
+    /** Directory to scan for config files */
+    credentialScanPath?: string;
+    /** Also scan environment variables */
+    credentialScanEnvironment?: boolean;
+    /** Additional files to scan */
+    credentialAdditionalFiles?: string[];
+}
+/**
+ * Default agent scanner options
+ */
+export declare const DEFAULT_AGENT_SCANNER_OPTIONS: Partial<AgentScannerOptions>;
+/**
+ * Aggregated results from running all agent scanners
+ */
+export interface AggregatedAgentScanResult {
+    /** When the scan started */
+    timestamp: string;
+    /** Target that was scanned */
+    target: AgentScanTarget;
+    /** MCP manifest if discovered */
+    manifest?: MCPManifest;
+    /** Manifest hash */
+    manifestHash?: string;
+    /** Results from each scanner */
+    scanners: AgentScannerResult[];
+    /** Total findings across all scanners */
+    totalFindings: number;
+    /** Findings grouped by severity */
+    bySeverity: Record<Severity, number>;
+    /** Findings grouped by scanner */
+    byScanner: Partial<Record<AgentScannerType, number>>;
+    /** Total scan duration in milliseconds */
+    totalDuration: number;
+    /** Whether all scanners succeeded */
+    allSucceeded: boolean;
+    /** Scanners that failed */
+    failedScanners: AgentScannerType[];
+    /** Fuzzer summary if run */
+    fuzzerSummary?: FuzzerSummary;
+    /** Exfil graph if computed */
+    exfilGraph?: ToolGraph;
+    /** Permission proposals if computed */
+    permissionProposals?: PermissionProposal[];
+    /** Overall risk score (0-100) */
+    riskScore: number;
+    /** Certification readiness */
+    certificationReadiness: "ready" | "needs-review" | "blocked";
+}
+/**
+ * Convert agent scanner type to finding ID prefix
+ */
+export declare function toAgentFindingId(scanner: AgentScannerType, index: number): string;
+/**
+ * Severity mappings for agent scanner findings
+ */
+export declare const AGENT_SEVERITY_MAPPINGS: Record<ManifestAuditCheck | DriftType | SandboxEscape, Severity>;
+//# sourceMappingURL=types.d.ts.map