vaspera 2.7.0 → 2.9.0

package/dist/agents/adversary/config.js

@@ -0,0 +1,391 @@
+/**
+ * Adversary Agent - Configuration
+ *
+ * Default configurations and model settings for the adversary agent.
+ *
+ * @module agents/adversary/config
+ */
+// ============================================================================
+// Default Configurations
+// ============================================================================
+/**
+ * Default configuration for passive analysis
+ */
+export const PASSIVE_CONFIG = {
+    aggressiveness: "passive",
+    generatePoC: false,
+    maxAnalysisTime: 60000, // 1 minute
+    maxFiles: 50,
+    enableChaining: true,
+};
+/**
+ * Default configuration for active analysis
+ */
+export const ACTIVE_CONFIG = {
+    aggressiveness: "active",
+    generatePoC: true,
+    maxAnalysisTime: 300000, // 5 minutes
+    maxFiles: 100,
+    enableChaining: true,
+};
+/**
+ * Default configuration for aggressive analysis
+ */
+export const AGGRESSIVE_CONFIG = {
+    aggressiveness: "aggressive",
+    generatePoC: true,
+    maxAnalysisTime: 600000, // 10 minutes
+    maxFiles: 200,
+    enableChaining: true,
+};
+/**
+ * All attack focus areas
+ */
+export const ALL_FOCUS_AREAS = [
+    "web-app",
+    "api",
+    "auth",
+    "injection",
+    "llm",
+    "infra",
+    "crypto",
+    "data-flow",
+    "supply-chain",
+];
+/**
+ * Web-focused attack areas
+ */
+export const WEB_FOCUS_AREAS = [
+    "web-app",
+    "api",
+    "auth",
+    "injection",
+];
+/**
+ * LLM/AI-focused attack areas
+ */
+export const LLM_FOCUS_AREAS = [
+    "llm",
+    "data-flow",
+    "supply-chain",
+];
+/**
+ * Infrastructure-focused attack areas
+ */
+export const INFRA_FOCUS_AREAS = [
+    "infra",
+    "crypto",
+    "supply-chain",
+];
+// ============================================================================
+// Model Configuration
+// ============================================================================
+/**
+ * Default model versions - can be overridden via environment variables:
+ *   ADVERSARY_SONNET_MODEL - Pro tier model (default: claude-sonnet-4-20250514)
+ *   ADVERSARY_OPUS_MODEL   - Enterprise tier model (default: claude-opus-4-20250514)
+ *
+ * When Anthropic releases new versions, update these or set env vars.
+ */
+export const DEFAULT_SONNET_MODEL = process.env.ADVERSARY_SONNET_MODEL || "claude-sonnet-4-20250514";
+export const DEFAULT_OPUS_MODEL = process.env.ADVERSARY_OPUS_MODEL || "claude-opus-4-20250514";
+/**
+ * Model pricing per million tokens (as of 2026)
+ */
+export const MODEL_PRICING = {
+    // Sonnet 4 variants
+    "claude-sonnet-4-20250514": { input: 3.0, output: 15.0 },
+    // Opus 4 variants
+    "claude-opus-4-20250514": { input: 15.0, output: 75.0 },
+    // Default pricing for unknown models (use Sonnet pricing)
+    default: { input: 3.0, output: 15.0 },
+};
+/**
+ * Model capabilities (applies to model families, not specific versions)
+ */
+export const MODEL_CAPABILITIES = {
+    sonnet: {
+        contextWindow: 200000,
+        maxOutputTokens: 64000,
+        bestFor: ["Fast analysis", "Pattern detection", "Code review"],
+    },
+    opus: {
+        contextWindow: 200000,
+        maxOutputTokens: 64000,
+        bestFor: ["Deep reasoning", "Novel vulnerability discovery", "Complex chains"],
+    },
+};
+/**
+ * Get model family from model ID
+ */
+export function getModelFamily(model) {
+    if (model.includes("sonnet"))
+        return "sonnet";
+    if (model.includes("opus"))
+        return "opus";
+    return "unknown";
+}
+/**
+ * Get model for plan tier
+ * Uses environment variables if set, otherwise defaults
+ */
+export function getModelForTier(tier) {
+    switch (tier) {
+        case "free":
+            return null; // Adversary not available on free
+        case "pro":
+            return DEFAULT_SONNET_MODEL;
+        case "enterprise":
+            return DEFAULT_OPUS_MODEL;
+    }
+}
+/**
+ * Get pricing for a model (falls back to default if unknown)
+ */
+export function getModelPricing(model) {
+    return MODEL_PRICING[model] || MODEL_PRICING.default;
+}
+// ============================================================================
+// File Patterns
+// ============================================================================
+/**
+ * Default include patterns for analysis
+ */
+export const DEFAULT_INCLUDE_PATTERNS = [
+    "**/*.ts",
+    "**/*.tsx",
+    "**/*.js",
+    "**/*.jsx",
+    "**/*.py",
+    "**/*.go",
+    "**/*.rs",
+    "**/*.java",
+    "**/*.rb",
+    "**/*.php",
+    "**/*.cs",
+];
+/**
+ * Default exclude patterns
+ */
+export const DEFAULT_EXCLUDE_PATTERNS = [
+    "**/node_modules/**",
+    "**/dist/**",
+    "**/build/**",
+    "**/.git/**",
+    "**/vendor/**",
+    "**/venv/**",
+    "**/__pycache__/**",
+    "**/coverage/**",
+    "**/*.test.*",
+    "**/*.spec.*",
+    "**/test/**",
+    "**/tests/**",
+    "**/__tests__/**",
+    "**/fixtures/**",
+];
+/**
+ * Security-relevant file patterns (prioritized)
+ */
+export const SECURITY_RELEVANT_PATTERNS = [
+    "**/auth/**",
+    "**/authentication/**",
+    "**/authorization/**",
+    "**/login/**",
+    "**/session/**",
+    "**/jwt/**",
+    "**/oauth/**",
+    "**/api/**",
+    "**/routes/**",
+    "**/handlers/**",
+    "**/controllers/**",
+    "**/middleware/**",
+    "**/crypto/**",
+    "**/encryption/**",
+    "**/db/**",
+    "**/database/**",
+    "**/sql/**",
+    "**/graphql/**",
+    "**/upload/**",
+    "**/download/**",
+    "**/file/**",
+    "**/admin/**",
+    "**/config/**",
+    "**/secrets/**",
+    "**/*password*",
+    "**/*credential*",
+    "**/*token*",
+    "**/*key*",
+];
+// ============================================================================
+// MITRE ATT&CK Mappings
+// ============================================================================
+/**
+ * MITRE ATT&CK technique mappings for focus areas
+ */
+export const FOCUS_AREA_MITRE_MAPPING = {
+    "web-app": [
+        "T1189", // Drive-by Compromise
+        "T1190", // Exploit Public-Facing Application
+        "T1059", // Command and Scripting Interpreter
+    ],
+    "api": [
+        "T1190", // Exploit Public-Facing Application
+        "T1106", // Native API
+        "T1071", // Application Layer Protocol
+    ],
+    "auth": [
+        "T1078", // Valid Accounts
+        "T1110", // Brute Force
+        "T1539", // Steal Web Session Cookie
+        "T1556", // Modify Authentication Process
+    ],
+    "injection": [
+        "T1059", // Command and Scripting Interpreter
+        "T1203", // Exploitation for Client Execution
+        "T1505", // Server Software Component
+    ],
+    "llm": [
+        "AML.T0043", // Craft Adversarial Data (ATLAS)
+        "AML.T0048", // LLM Prompt Injection (ATLAS)
+        "AML.T0051", // LLM Jailbreak (ATLAS)
+    ],
+    "infra": [
+        "T1610", // Deploy Container
+        "T1525", // Implant Internal Image
+        "T1611", // Escape to Host
+    ],
+    "crypto": [
+        "T1552", // Unsecured Credentials
+        "T1557", // Adversary-in-the-Middle
+        "T1600", // Weaken Encryption
+    ],
+    "data-flow": [
+        "T1020", // Automated Exfiltration
+        "T1041", // Exfiltration Over C2 Channel
+        "T1567", // Exfiltration Over Web Service
+    ],
+    "supply-chain": [
+        "T1195", // Supply Chain Compromise
+        "T1199", // Trusted Relationship
+        "T1505", // Server Software Component
+    ],
+};
+// ============================================================================
+// CWE Mappings
+// ============================================================================
+/**
+ * Common CWE mappings for focus areas
+ */
+export const FOCUS_AREA_CWE_MAPPING = {
+    "web-app": [
+        "CWE-79", // XSS
+        "CWE-352", // CSRF
+        "CWE-1021", // Clickjacking
+        "CWE-942", // CORS Misconfiguration
+    ],
+    "api": [
+        "CWE-284", // Improper Access Control
+        "CWE-770", // Resource Allocation Without Limits
+        "CWE-200", // Exposure of Sensitive Information
+        "CWE-639", // IDOR
+    ],
+    "auth": [
+        "CWE-287", // Improper Authentication
+        "CWE-384", // Session Fixation
+        "CWE-798", // Hard-coded Credentials
+        "CWE-307", // Brute Force
+    ],
+    "injection": [
+        "CWE-89", // SQL Injection
+        "CWE-78", // OS Command Injection
+        "CWE-611", // XXE
+        "CWE-94", // Code Injection
+        "CWE-1336", // SSTI
+    ],
+    "llm": [
+        "CWE-1421", // Prompt Injection (proposed)
+        "CWE-200", // Sensitive Information Exposure
+        "CWE-284", // Improper Access Control
+    ],
+    "infra": [
+        "CWE-250", // Execution with Unnecessary Privileges
+        "CWE-269", // Improper Privilege Management
+        "CWE-668", // Exposure of Resource to Wrong Sphere
+    ],
+    "crypto": [
+        "CWE-327", // Use of Broken Crypto Algorithm
+        "CWE-326", // Inadequate Encryption Strength
+        "CWE-320", // Key Management Errors
+        "CWE-338", // Use of Weak PRNG
+    ],
+    "data-flow": [
+        "CWE-200", // Exposure of Sensitive Information
+        "CWE-532", // Log Injection
+        "CWE-209", // Generation of Error Message Containing Sensitive Info
+    ],
+    "supply-chain": [
+        "CWE-1104", // Use of Unmaintained Third-Party Components
+        "CWE-494", // Download of Code Without Integrity Check
+        "CWE-829", // Inclusion of Functionality from Untrusted Control Sphere
+    ],
+};
+// ============================================================================
+// Factory Functions
+// ============================================================================
+/**
+ * Create default adversary configuration
+ */
+export function createDefaultConfig(model, aggressiveness = "active") {
+    const baseConfig = aggressiveness === "passive"
+        ? PASSIVE_CONFIG
+        : aggressiveness === "active"
+            ? ACTIVE_CONFIG
+            : AGGRESSIVE_CONFIG;
+    return {
+        model,
+        aggressiveness,
+        focusAreas: ALL_FOCUS_AREAS,
+        maxAnalysisTime: baseConfig.maxAnalysisTime,
+        generatePoC: baseConfig.generatePoC,
+        maxFiles: baseConfig.maxFiles,
+        enableChaining: baseConfig.enableChaining,
+        includePatterns: DEFAULT_INCLUDE_PATTERNS,
+        excludePatterns: DEFAULT_EXCLUDE_PATTERNS,
+    };
+}
+/**
+ * Create focused adversary configuration
+ */
+export function createFocusedConfig(model, focusAreas, aggressiveness = "active") {
+    const config = createDefaultConfig(model, aggressiveness);
+    config.focusAreas = focusAreas;
+    return config;
+}
+/**
+ * Estimate token usage for analysis
+ */
+export function estimateTokenUsage(filesCount, avgFileSize, config) {
+    // Rough estimates based on typical analysis
+    const tokensPerKB = 250;
+    const avgFileSizeKB = avgFileSize / 1024;
+    // Input: code context + prompts
+    const codeTokens = filesCount * avgFileSizeKB * tokensPerKB;
+    const promptOverhead = filesCount * 500; // ~500 tokens per file for prompts
+    const estimatedInputTokens = Math.round(codeTokens + promptOverhead);
+    // Output: findings, reasoning, PoCs
+    const findingsPerFile = config.aggressiveness === "aggressive" ? 3 :
+        config.aggressiveness === "active" ? 2 : 1;
+    const tokensPerFinding = config.generatePoC ? 1000 : 500;
+    const estimatedOutputTokens = Math.round(filesCount * findingsPerFile * tokensPerFinding);
+    // Calculate cost
+    const pricing = getModelPricing(config.model);
+    const inputCost = (estimatedInputTokens / 1_000_000) * pricing.input;
+    const outputCost = (estimatedOutputTokens / 1_000_000) * pricing.output;
+    const estimatedCost = inputCost + outputCost;
+    return {
+        estimatedInputTokens,
+        estimatedOutputTokens,
+        estimatedCost: Math.round(estimatedCost * 100) / 100,
+    };
+}
+//# sourceMappingURL=config.js.map

package/dist/agents/adversary/config.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.js","sourceRoot":"","sources":["../../../src/agents/adversary/config.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AASH,+EAA+E;AAC/E,yBAAyB;AACzB,+EAA+E;AAE/E;;GAEG;AACH,MAAM,CAAC,MAAM,cAAc,GAA6B;IACtD,cAAc,EAAE,SAAS;IACzB,WAAW,EAAE,KAAK;IAClB,eAAe,EAAE,KAAK,EAAE,WAAW;IACnC,QAAQ,EAAE,EAAE;IACZ,cAAc,EAAE,IAAI;CACrB,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,aAAa,GAA6B;IACrD,cAAc,EAAE,QAAQ;IACxB,WAAW,EAAE,IAAI;IACjB,eAAe,EAAE,MAAM,EAAE,YAAY;IACrC,QAAQ,EAAE,GAAG;IACb,cAAc,EAAE,IAAI;CACrB,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,iBAAiB,GAA6B;IACzD,cAAc,EAAE,YAAY;IAC5B,WAAW,EAAE,IAAI;IACjB,eAAe,EAAE,MAAM,EAAE,aAAa;IACtC,QAAQ,EAAE,GAAG;IACb,cAAc,EAAE,IAAI;CACrB,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,eAAe,GAAsB;IAChD,SAAS;IACT,KAAK;IACL,MAAM;IACN,WAAW;IACX,KAAK;IACL,OAAO;IACP,QAAQ;IACR,WAAW;IACX,cAAc;CACf,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,eAAe,GAAsB;IAChD,SAAS;IACT,KAAK;IACL,MAAM;IACN,WAAW;CACZ,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,eAAe,GAAsB;IAChD,KAAK;IACL,WAAW;IACX,cAAc;CACf,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,iBAAiB,GAAsB;IAClD,OAAO;IACP,QAAQ;IACR,cAAc;CACf,CAAC;AAEF,+EAA+E;AAC/E,sBAAsB;AACtB,+EAA+E;AAE/E;;;;;;GAMG;AACH,MAAM,CAAC,MAAM,oBAAoB,GAAG,OAAO,CAAC,GAAG,CAAC,sBAAsB,IAAI,0BAA0B,CAAC;AACrG,MAAM,CAAC,MAAM,kBAAkB,GAAG,OAAO,CAAC,GAAG,CAAC,oBAAoB,IAAI,wBAAwB,CAAC;AAE/F;;GAEG;AACH,MAAM,CAAC,MAAM,aAAa,GAAsD;IAC9E,oBAAoB;IACpB,0BAA0B,EAAE,EAAE,KAAK,EAAE,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE;IACxD,kBAAkB;IAClB,wBAAwB,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE;IACvD,0DAA0D;IAC1D,OAAO,EAAE,EAAE,KAAK,EAAE,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE;CACtC,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,kBAAkB,GAI1B;IACH,MAAM,EAAE;QACN,aAAa,EAAE,MAAM;QACrB,eAAe,EAAE,KAAK;QACtB,OAAO,EAAE,CAAC,eAAe,EAAE,mBAAmB,EAAE,aAAa,CAAC;KAC/D;IACD,IAAI,EAAE;QACJ,aAAa,EAAE,MAAM;QACrB,eAAe,EAAE,KAAK;QACtB,OAAO,EAAE,CAAC,gBAAgB,EAAE,+BAA+B,EAAE,gBAAgB,CAAC;KAC/E;CACF,CAAC;AAEF;;GAEG;AACH,MAAM,UAAU,cAAc,CAAC,KAAa;IAC1C,IAAI,KAAK,CAAC,QAAQ,CAAC,QAAQ,CAAC;QAAE,OAAO,QAAQ,CAAC;IAC9C,IAAI,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC;QAAE,OAAO,MAAM,CAAC;IAC1C,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,eAAe,CAAC,IAAmC;IACjE,QAAQ,IAAI,EAAE,CAAC;QACb,KAAK,MAAM;YACT,OAAO,IAAI,CAAC,CAAC,kCAAkC;QACjD,KAAK,KAAK;YACR,OAAO,oBAAoB,CAAC;QAC9B,KAAK,YAAY;YACf,OAAO,kBAAkB,CAAC;IAC9B,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,eAAe,CAAC,KAAa;IAC3C,OAAO,aAAa,CAAC,KAAK,CAAC,IAAI,aAAa,CAAC,OAAO,CAAC;AACvD,CAAC;AAED,+EAA+E;AAC/E,gBAAgB;AAChB,+EAA+E;AAE/E;;GAEG;AACH,MAAM,CAAC,MAAM,wBAAwB,GAAa;IAChD,SAAS;IACT,UAAU;IACV,SAAS;IACT,UAAU;IACV,SAAS;IACT,SAAS;IACT,SAAS;IACT,WAAW;IACX,SAAS;IACT,UAAU;IACV,SAAS;CACV,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,wBAAwB,GAAa;IAChD,oBAAoB;IACpB,YAAY;IACZ,aAAa;IACb,YAAY;IACZ,cAAc;IACd,YAAY;IACZ,mBAAmB;IACnB,gBAAgB;IAChB,aAAa;IACb,aAAa;IACb,YAAY;IACZ,aAAa;IACb,iBAAiB;IACjB,gBAAgB;CACjB,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,0BAA0B,GAAa;IAClD,YAAY;IACZ,sBAAsB;IACtB,qBAAqB;IACrB,aAAa;IACb,eAAe;IACf,WAAW;IACX,aAAa;IACb,WAAW;IACX,cAAc;IACd,gBAAgB;IAChB,mBAAmB;IACnB,kBAAkB;IAClB,cAAc;IACd,kBAAkB;IAClB,UAAU;IACV,gBAAgB;IAChB,WAAW;IACX,eAAe;IACf,cAAc;IACd,gBAAgB;IAChB,YAAY;IACZ,aAAa;IACb,cAAc;IACd,eAAe;IACf,eAAe;IACf,iBAAiB;IACjB,YAAY;IACZ,UAAU;CACX,CAAC;AAEF,+EAA+E;AAC/E,wBAAwB;AACxB,+EAA+E;AAE/E;;GAEG;AACH,MAAM,CAAC,MAAM,wBAAwB,GAAsC;IACzE,SAAS,EAAE;QACT,OAAO,EAAE,sBAAsB;QAC/B,OAAO,EAAE,oCAAoC;QAC7C,OAAO,EAAE,oCAAoC;KAC9C;IACD,KAAK,EAAE;QACL,OAAO,EAAE,oCAAoC;QAC7C,OAAO,EAAE,aAAa;QACtB,OAAO,EAAE,6BAA6B;KACvC;IACD,MAAM,EAAE;QACN,OAAO,EAAE,iBAAiB;QAC1B,OAAO,EAAE,cAAc;QACvB,OAAO,EAAE,2BAA2B;QACpC,OAAO,EAAE,gCAAgC;KAC1C;IACD,WAAW,EAAE;QACX,OAAO,EAAE,oCAAoC;QAC7C,OAAO,EAAE,oCAAoC;QAC7C,OAAO,EAAE,4BAA4B;KACtC;IACD,KAAK,EAAE;QACL,WAAW,EAAE,iCAAiC;QAC9C,WAAW,EAAE,+BAA+B;QAC5C,WAAW,EAAE,wBAAwB;KACtC;IACD,OAAO,EAAE;QACP,OAAO,EAAE,mBAAmB;QAC5B,OAAO,EAAE,yBAAyB;QAClC,OAAO,EAAE,iBAAiB;KAC3B;IACD,QAAQ,EAAE;QACR,OAAO,EAAE,wBAAwB;QACjC,OAAO,EAAE,0BAA0B;QACnC,OAAO,EAAE,oBAAoB;KAC9B;IACD,WAAW,EAAE;QACX,OAAO,EAAE,yBAAyB;QAClC,OAAO,EAAE,+BAA+B;QACxC,OAAO,EAAE,gCAAgC;KAC1C;IACD,cAAc,EAAE;QACd,OAAO,EAAE,0BAA0B;QACnC,OAAO,EAAE,uBAAuB;QAChC,OAAO,EAAE,4BAA4B;KACtC;CACF,CAAC;AAEF,+EAA+E;AAC/E,eAAe;AACf,+EAA+E;AAE/E;;GAEG;AACH,MAAM,CAAC,MAAM,sBAAsB,GAAsC;IACvE,SAAS,EAAE;QACT,QAAQ,EAAG,MAAM;QACjB,SAAS,EAAE,OAAO;QAClB,UAAU,EAAE,eAAe;QAC3B,SAAS,EAAE,wBAAwB;KACpC;IACD,KAAK,EAAE;QACL,SAAS,EAAE,0BAA0B;QACrC,SAAS,EAAE,qCAAqC;QAChD,SAAS,EAAE,oCAAoC;QAC/C,SAAS,EAAE,OAAO;KACnB;IACD,MAAM,EAAE;QACN,SAAS,EAAE,0BAA0B;QACrC,SAAS,EAAE,mBAAmB;QAC9B,SAAS,EAAE,yBAAyB;QACpC,SAAS,EAAE,cAAc;KAC1B;IACD,WAAW,EAAE;QACX,QAAQ,EAAG,gBAAgB;QAC3B,QAAQ,EAAG,uBAAuB;QAClC,SAAS,EAAE,MAAM;QACjB,QAAQ,EAAG,iBAAiB;QAC5B,UAAU,EAAE,OAAO;KACpB;IACD,KAAK,EAAE;QACL,UAAU,EAAE,8BAA8B;QAC1C,SAAS,EAAE,iCAAiC;QAC5C,SAAS,EAAE,0BAA0B;KACtC;IACD,OAAO,EAAE;QACP,SAAS,EAAE,wCAAwC;QACnD,SAAS,EAAE,gCAAgC;QAC3C,SAAS,EAAE,uCAAuC;KACnD;IACD,QAAQ,EAAE;QACR,SAAS,EAAE,iCAAiC;QAC5C,SAAS,EAAE,iCAAiC;QAC5C,SAAS,EAAE,wBAAwB;QACnC,SAAS,EAAE,mBAAmB;KAC/B;IACD,WAAW,EAAE;QACX,SAAS,EAAE,oCAAoC;QAC/C,SAAS,EAAE,gBAAgB;QAC3B,SAAS,EAAE,wDAAwD;KACpE;IACD,cAAc,EAAE;QACd,UAAU,EAAE,6CAA6C;QACzD,SAAS,EAAE,2CAA2C;QACtD,SAAS,EAAE,2DAA2D;KACvE;CACF,CAAC;AAEF,+EAA+E;AAC/E,oBAAoB;AACpB,+EAA+E;AAE/E;;GAEG;AACH,MAAM,UAAU,mBAAmB,CACjC,KAAqB,EACrB,iBAAsC,QAAQ;IAE9C,MAAM,UAAU,GAAG,cAAc,KAAK,SAAS;QAC7C,CAAC,CAAC,cAAc;QAChB,CAAC,CAAC,cAAc,KAAK,QAAQ;YAC3B,CAAC,CAAC,aAAa;YACf,CAAC,CAAC,iBAAiB,CAAC;IAExB,OAAO;QACL,KAAK;QACL,cAAc;QACd,UAAU,EAAE,eAAe;QAC3B,eAAe,EAAE,UAAU,CAAC,eAAgB;QAC5C,WAAW,EAAE,UAAU,CAAC,WAAY;QACpC,QAAQ,EAAE,UAAU,CAAC,QAAQ;QAC7B,cAAc,EAAE,UAAU,CAAC,cAAc;QACzC,eAAe,EAAE,wBAAwB;QACzC,eAAe,EAAE,wBAAwB;KAC1C,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,mBAAmB,CACjC,KAAqB,EACrB,UAA6B,EAC7B,iBAAsC,QAAQ;IAE9C,MAAM,MAAM,GAAG,mBAAmB,CAAC,KAAK,EAAE,cAAc,CAAC,CAAC;IAC1D,MAAM,CAAC,UAAU,GAAG,UAAU,CAAC;IAC/B,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,kBAAkB,CAChC,UAAkB,EAClB,WAAmB,EACnB,MAAuB;IAMvB,4CAA4C;IAC5C,MAAM,WAAW,GAAG,GAAG,CAAC;IACxB,MAAM,aAAa,GAAG,WAAW,GAAG,IAAI,CAAC;IAEzC,gCAAgC;IAChC,MAAM,UAAU,GAAG,UAAU,GAAG,aAAa,GAAG,WAAW,CAAC;IAC5D,MAAM,cAAc,GAAG,UAAU,GAAG,GAAG,CAAC,CAAC,mCAAmC;IAC5E,MAAM,oBAAoB,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,GAAG,cAAc,CAAC,CAAC;IAErE,oCAAoC;IACpC,MAAM,eAAe,GAAG,MAAM,CAAC,cAAc,KAAK,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAC5C,MAAM,CAAC,cAAc,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IACnE,MAAM,gBAAgB,GAAG,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC;IACzD,MAAM,qBAAqB,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,GAAG,eAAe,GAAG,gBAAgB,CAAC,CAAC;IAE1F,iBAAiB;IACjB,MAAM,OAAO,GAAG,eAAe,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAC9C,MAAM,SAAS,GAAG,CAAC,oBAAoB,GAAG,SAAS,CAAC,GAAG,OAAO,CAAC,KAAK,CAAC;IACrE,MAAM,UAAU,GAAG,CAAC,qBAAqB,GAAG,SAAS,CAAC,GAAG,OAAO,CAAC,MAAM,CAAC;IACxE,MAAM,aAAa,GAAG,SAAS,GAAG,UAAU,CAAC;IAE7C,OAAO;QACL,oBAAoB;QACpB,qBAAqB;QACrB,aAAa,EAAE,IAAI,CAAC,KAAK,CAAC,aAAa,GAAG,GAAG,CAAC,GAAG,GAAG;KACrD,CAAC;AACJ,CAAC"}

package/dist/agents/adversary/index.d.ts

@@ -0,0 +1,41 @@
+/**
+ * Adversary Agent - Main Orchestrator
+ *
+ * The Adversary agent is a mythos-class ethical hacker that uses real
+ * Claude API reasoning to find vulnerabilities that pattern-based scanners
+ * miss. It coordinates four analysis phases:
+ *
+ * 1. Reconnaissance - Technology stack detection, framework identification
+ * 2. Attack Surface - Entry points, trust boundaries, data flows
+ * 3. Exploitation - LLM-powered vulnerability discovery with PoCs
+ * 4. Chaining - Multi-vulnerability attack path discovery
+ *
+ * @module agents/adversary
+ */
+import type { Finding } from "../../certification/types.js";
+import type { AdversaryConfig, AdversaryResult } from "./types.js";
+import "./tactics/injection.js";
+import "./tactics/auth.js";
+import "./tactics/llm.js";
+import "./tactics/api.js";
+import "./tactics/web-app.js";
+import "./tactics/infra.js";
+export * from "./types.js";
+export * from "./config.js";
+export * from "./reporting/index.js";
+/**
+ * Run full adversary analysis
+ */
+export declare function runAdversaryAnalysis(projectPath: string, config: AdversaryConfig): Promise<AdversaryResult>;
+/**
+ * Convert adversary findings to certification findings
+ */
+export declare function adversaryToFindings(result: AdversaryResult): Finding[];
+/**
+ * Estimate cost for adversary analysis
+ */
+export declare function estimateAdversaryCost(filesCount: number, config: AdversaryConfig): {
+    estimatedCost: number;
+    estimatedTokens: number;
+};
+//# sourceMappingURL=index.d.ts.map

package/dist/agents/adversary/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/agents/adversary/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAQH,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,8BAA8B,CAAC;AAC5D,OAAO,KAAK,EACV,eAAe,EACf,eAAe,EAWhB,MAAM,YAAY,CAAC;AAqBpB,OAAO,wBAAwB,CAAC;AAChC,OAAO,mBAAmB,CAAC;AAC3B,OAAO,kBAAkB,CAAC;AAC1B,OAAO,kBAAkB,CAAC;AAC1B,OAAO,sBAAsB,CAAC;AAC9B,OAAO,oBAAoB,CAAC;AAO5B,cAAc,YAAY,CAAC;AAC3B,cAAc,aAAa,CAAC;AAG5B,cAAc,sBAAsB,CAAC;AA8vBrC;;GAEG;AACH,wBAAsB,oBAAoB,CACxC,WAAW,EAAE,MAAM,EACnB,MAAM,EAAE,eAAe,GACtB,OAAO,CAAC,eAAe,CAAC,CA+F1B;AAED;;GAEG;AACH,wBAAgB,mBAAmB,CAAC,MAAM,EAAE,eAAe,GAAG,OAAO,EAAE,CAsBtE;AAED;;GAEG;AACH,wBAAgB,qBAAqB,CACnC,UAAU,EAAE,MAAM,EAClB,MAAM,EAAE,eAAe,GACtB;IAAE,aAAa,EAAE,MAAM,CAAC;IAAC,eAAe,EAAE,MAAM,CAAA;CAAE,CAmBpD"}