vaspera 2.8.0 → 2.9.2

package/dist/scanners/agent/agent-chain-analysis.d.ts

@@ -0,0 +1,152 @@
+/**
+ * Agent Chain Analysis
+ *
+ * Extends exfil-path-graph with multi-agent attack path analysis.
+ * Models trust boundaries between agents and MCP servers to identify
+ * attack paths that span multiple agent hops.
+ *
+ * @module scanners/agent/agent-chain-analysis
+ */
+import type { Severity } from "../../certification/types.js";
+import type { MCPManifest } from "./types.js";
+/**
+ * Trust level for an agent or tool
+ */
+export type AgentTrustLevel = "high" | "medium" | "low" | "untrusted";
+/**
+ * Types of nodes in the agent graph
+ */
+export type AgentNodeType = "mcp-server" | "agent" | "tool" | "external-api" | "user" | "data-store";
+/**
+ * A node in the agent capability graph
+ */
+export interface AgentNode {
+    /** Unique identifier */
+    id: string;
+    /** Node type */
+    type: AgentNodeType;
+    /** Human-readable name */
+    name: string;
+    /** Trust level */
+    trustLevel: AgentTrustLevel;
+    /** Capabilities this node has */
+    capabilities: string[];
+    /** Data types this node can access */
+    dataAccess: string[];
+    /** Whether this is an entry point (untrusted input) */
+    isEntryPoint: boolean;
+    /** Whether this accesses sensitive data */
+    accessesSensitiveData: boolean;
+    /** Risk score (0-100) */
+    riskScore: number;
+}
+/**
+ * Connection types between agents
+ */
+export type AgentEdgeType = "calls" | "delegates" | "reads-from" | "writes-to" | "authenticates";
+/**
+ * An edge between nodes in the agent graph
+ */
+export interface AgentEdge {
+    /** Source node ID */
+    from: string;
+    /** Target node ID */
+    to: string;
+    /** Connection type */
+    type: AgentEdgeType;
+    /** Data types that flow across this edge */
+    dataTypes: string[];
+    /** Whether authentication is required */
+    requiresAuth: boolean;
+    /** Trust boundary crossing (trust drops) */
+    crossesTrustBoundary: boolean;
+    /** Description */
+    description?: string;
+}
+/**
+ * The complete agent interaction graph
+ */
+export interface AgentGraph {
+    /** All nodes */
+    nodes: AgentNode[];
+    /** All edges */
+    edges: AgentEdge[];
+}
+/**
+ * A multi-hop attack path through the agent graph
+ */
+export interface AttackPath {
+    /** Unique path ID */
+    id: string;
+    /** Human-readable title */
+    title: string;
+    /** Nodes in the attack path */
+    steps: AgentNode[];
+    /** Edges traversed */
+    edgesTraversed: AgentEdge[];
+    /** Number of trust boundaries crossed */
+    trustBoundariesCrossed: number;
+    /** Sensitive data exposed by this path */
+    dataExposed: string[];
+    /** Overall severity */
+    severity: Severity;
+    /** Confidence (0-100) */
+    confidence: number;
+    /** Attack narrative */
+    attackNarrative: string;
+    /** Mitigation recommendations */
+    mitigation: string[];
+    /** MITRE ATT&CK techniques if applicable */
+    mitreTechniques?: string[];
+}
+/**
+ * Result of agent chain analysis
+ */
+export interface AgentChainAnalysisResult {
+    /** The agent graph */
+    graph: AgentGraph;
+    /** Identified attack paths */
+    attackPaths: AttackPath[];
+    /** Statistics */
+    stats: {
+        totalNodes: number;
+        totalEdges: number;
+        entryPoints: number;
+        sensitiveNodes: number;
+        trustBoundaries: number;
+        attackPaths: number;
+        criticalPaths: number;
+        highPaths: number;
+    };
+    /** Mermaid diagram */
+    mermaidDiagram: string;
+}
+/**
+ * Build agent graph from MCP manifests
+ */
+export declare function buildAgentGraph(manifests: Array<{
+    name: string;
+    manifest: MCPManifest;
+}>, agentConfigs?: Array<{
+    name: string;
+    trustLevel: AgentTrustLevel;
+}>): AgentGraph;
+/**
+ * Find attack paths from entry points to sensitive data
+ */
+export declare function analyzeAgentChains(graph: AgentGraph): AttackPath[];
+/**
+ * Generate Mermaid diagram for agent graph
+ */
+export declare function generateAgentChainDiagram(graph: AgentGraph, attackPaths: AttackPath[]): string;
+/**
+ * Run full agent chain analysis
+ */
+export declare function runAgentChainAnalysis(manifests: Array<{
+    name: string;
+    manifest: MCPManifest;
+}>, agentConfigs?: Array<{
+    name: string;
+    trustLevel: AgentTrustLevel;
+}>): AgentChainAnalysisResult;
+//# sourceMappingURL=agent-chain-analysis.d.ts.map

package/dist/scanners/agent/agent-chain-analysis.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"agent-chain-analysis.d.ts","sourceRoot":"","sources":["../../../src/scanners/agent/agent-chain-analysis.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,8BAA8B,CAAC;AAC7D,OAAO,KAAK,EAAE,WAAW,EAAqB,MAAM,YAAY,CAAC;AAMjE;;GAEG;AACH,MAAM,MAAM,eAAe,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,GAAG,WAAW,CAAC;AAEtE;;GAEG;AACH,MAAM,MAAM,aAAa,GAAG,YAAY,GAAG,OAAO,GAAG,MAAM,GAAG,cAAc,GAAG,MAAM,GAAG,YAAY,CAAC;AAErG;;GAEG;AACH,MAAM,WAAW,SAAS;IACxB,wBAAwB;IACxB,EAAE,EAAE,MAAM,CAAC;IAEX,gBAAgB;IAChB,IAAI,EAAE,aAAa,CAAC;IAEpB,0BAA0B;IAC1B,IAAI,EAAE,MAAM,CAAC;IAEb,kBAAkB;IAClB,UAAU,EAAE,eAAe,CAAC;IAE5B,iCAAiC;IACjC,YAAY,EAAE,MAAM,EAAE,CAAC;IAEvB,sCAAsC;IACtC,UAAU,EAAE,MAAM,EAAE,CAAC;IAErB,uDAAuD;IACvD,YAAY,EAAE,OAAO,CAAC;IAEtB,2CAA2C;IAC3C,qBAAqB,EAAE,OAAO,CAAC;IAE/B,yBAAyB;IACzB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,MAAM,aAAa,GAAG,OAAO,GAAG,WAAW,GAAG,YAAY,GAAG,WAAW,GAAG,eAAe,CAAC;AAEjG;;GAEG;AACH,MAAM,WAAW,SAAS;IACxB,qBAAqB;IACrB,IAAI,EAAE,MAAM,CAAC;IAEb,qBAAqB;IACrB,EAAE,EAAE,MAAM,CAAC;IAEX,sBAAsB;IACtB,IAAI,EAAE,aAAa,CAAC;IAEpB,4CAA4C;IAC5C,SAAS,EAAE,MAAM,EAAE,CAAC;IAEpB,yCAAyC;IACzC,YAAY,EAAE,OAAO,CAAC;IAEtB,4CAA4C;IAC5C,oBAAoB,EAAE,OAAO,CAAC;IAE9B,kBAAkB;IAClB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,gBAAgB;IAChB,KAAK,EAAE,SAAS,EAAE,CAAC;IAEnB,gBAAgB;IAChB,KAAK,EAAE,SAAS,EAAE,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,qBAAqB;IACrB,EAAE,EAAE,MAAM,CAAC;IAEX,2BAA2B;IAC3B,KAAK,EAAE,MAAM,CAAC;IAEd,+BAA+B;IAC/B,KAAK,EAAE,SAAS,EAAE,CAAC;IAEnB,sBAAsB;IACtB,cAAc,EAAE,SAAS,EAAE,CAAC;IAE5B,yCAAyC;IACzC,sBAAsB,EAAE,MAAM,CAAC;IAE/B,0CAA0C;IAC1C,WAAW,EAAE,MAAM,EAAE,CAAC;IAEtB,uBAAuB;IACvB,QAAQ,EAAE,QAAQ,CAAC;IAEnB,yBAAyB;IACzB,UAAU,EAAE,MAAM,CAAC;IAEnB,uBAAuB;IACvB,eAAe,EAAE,MAAM,CAAC;IAExB,iCAAiC;IACjC,UAAU,EAAE,MAAM,EAAE,CAAC;IAErB,4CAA4C;IAC5C,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;CAC5B;AAED;;GAEG;AACH,MAAM,WAAW,wBAAwB;IACvC,sBAAsB;IACtB,KAAK,EAAE,UAAU,CAAC;IAElB,8BAA8B;IAC9B,WAAW,EAAE,UAAU,EAAE,CAAC;IAE1B,iBAAiB;IACjB,KAAK,EAAE;QACL,UAAU,EAAE,MAAM,CAAC;QACnB,UAAU,EAAE,MAAM,CAAC;QACnB,WAAW,EAAE,MAAM,CAAC;QACpB,cAAc,EAAE,MAAM,CAAC;QACvB,eAAe,EAAE,MAAM,CAAC;QACxB,WAAW,EAAE,MAAM,CAAC;QACpB,aAAa,EAAE,MAAM,CAAC;QACtB,SAAS,EAAE,MAAM,CAAC;KACnB,CAAC;IAEF,sBAAsB;IACtB,cAAc,EAAE,MAAM,CAAC;CACxB;AA6GD;;GAEG;AACH,wBAAgB,eAAe,CAC7B,SAAS,EAAE,KAAK,CAAC;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,WAAW,CAAA;CAAE,CAAC,EACzD,YAAY,CAAC,EAAE,KAAK,CAAC;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,UAAU,EAAE,eAAe,CAAA;CAAE,CAAC,GAClE,UAAU,CAwGZ;AAMD;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,KAAK,EAAE,UAAU,GAAG,UAAU,EAAE,CA4ClE;AA2HD;;GAEG;AACH,wBAAgB,yBAAyB,CACvC,KAAK,EAAE,UAAU,EACjB,WAAW,EAAE,UAAU,EAAE,GACxB,MAAM,CAsDR;AAMD;;GAEG;AACH,wBAAgB,qBAAqB,CACnC,SAAS,EAAE,KAAK,CAAC;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,WAAW,CAAA;CAAE,CAAC,EACzD,YAAY,CAAC,EAAE,KAAK,CAAC;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,UAAU,EAAE,eAAe,CAAA;CAAE,CAAC,GAClE,wBAAwB,CA8B1B"}

package/dist/scanners/agent/agent-chain-analysis.js

@@ -0,0 +1,438 @@
+/**
+ * Agent Chain Analysis
+ *
+ * Extends exfil-path-graph with multi-agent attack path analysis.
+ * Models trust boundaries between agents and MCP servers to identify
+ * attack paths that span multiple agent hops.
+ *
+ * @module scanners/agent/agent-chain-analysis
+ */
+// ============================================================================
+// Sensitive Data Patterns
+// ============================================================================
+const SENSITIVE_DATA_PATTERNS = [
+    { pattern: /password/i, type: "credentials" },
+    { pattern: /secret/i, type: "secrets" },
+    { pattern: /api[_\s-]?key/i, type: "api-keys" },
+    { pattern: /token/i, type: "tokens" },
+    { pattern: /credential/i, type: "credentials" },
+    { pattern: /auth/i, type: "auth-data" },
+    { pattern: /private[_\s-]?key/i, type: "private-keys" },
+    { pattern: /ssh/i, type: "ssh-keys" },
+    { pattern: /certificate/i, type: "certificates" },
+    { pattern: /pii/i, type: "pii" },
+    { pattern: /personal/i, type: "pii" },
+    { pattern: /credit[_\s-]?card/i, type: "pci-data" },
+    { pattern: /ssn|social[_\s-]?security/i, type: "pii" },
+    { pattern: /health|medical|hipaa/i, type: "phi" },
+    { pattern: /financial/i, type: "financial-data" },
+    { pattern: /database/i, type: "database-access" },
+    { pattern: /admin/i, type: "admin-access" },
+];
+// ============================================================================
+// Graph Building
+// ============================================================================
+/**
+ * Classify trust level for a tool
+ */
+function classifyTrustLevel(tool) {
+    // Network-facing tools are less trusted
+    if (tool.networkAccess)
+        return "low";
+    // Code execution is low trust
+    if (tool.codeExecution)
+        return "low";
+    // Destructive tools are medium trust
+    if (tool.destructiveHint)
+        return "medium";
+    // Read-only tools are higher trust
+    if (tool.readOnlyHint)
+        return "high";
+    // Default to medium
+    return "medium";
+}
+/**
+ * Extract data types from tool description
+ */
+function extractDataTypes(tool) {
+    const text = `${tool.name} ${tool.description || ""}`;
+    const types = new Set();
+    for (const { pattern, type } of SENSITIVE_DATA_PATTERNS) {
+        if (pattern.test(text)) {
+            types.add(type);
+        }
+    }
+    return Array.from(types);
+}
+/**
+ * Check if a tool accesses sensitive data
+ */
+function accessesSensitiveData(dataTypes) {
+    const sensitiveTypes = [
+        "credentials",
+        "secrets",
+        "api-keys",
+        "tokens",
+        "private-keys",
+        "ssh-keys",
+        "pii",
+        "pci-data",
+        "phi",
+    ];
+    return dataTypes.some((t) => sensitiveTypes.includes(t));
+}
+/**
+ * Calculate risk score for an agent node
+ */
+function calculateAgentNodeRisk(node) {
+    let score = 0;
+    // Trust level impact
+    if (node.trustLevel === "untrusted")
+        score += 40;
+    else if (node.trustLevel === "low")
+        score += 30;
+    else if (node.trustLevel === "medium")
+        score += 15;
+    // Entry point risk
+    if (node.isEntryPoint)
+        score += 25;
+    // Sensitive data access
+    if (node.accessesSensitiveData)
+        score += 35;
+    // Capabilities
+    if (node.capabilities?.includes("network_access"))
+        score += 20;
+    if (node.capabilities?.includes("code_execution"))
+        score += 30;
+    if (node.capabilities?.includes("file_write"))
+        score += 15;
+    return Math.min(100, score);
+}
+/**
+ * Build agent graph from MCP manifests
+ */
+export function buildAgentGraph(manifests, agentConfigs) {
+    const nodes = [];
+    const edges = [];
+    // Add user as entry point
+    nodes.push({
+        id: "user",
+        type: "user",
+        name: "User Input",
+        trustLevel: "untrusted",
+        capabilities: ["input"],
+        dataAccess: [],
+        isEntryPoint: true,
+        accessesSensitiveData: false,
+        riskScore: 40,
+    });
+    // Add each MCP server and its tools
+    for (const { name: serverName, manifest } of manifests) {
+        // Add MCP server node
+        const serverId = `mcp-${serverName}`;
+        nodes.push({
+            id: serverId,
+            type: "mcp-server",
+            name: serverName,
+            trustLevel: "medium",
+            capabilities: ["tool-provider"],
+            dataAccess: [],
+            isEntryPoint: false,
+            accessesSensitiveData: false,
+            riskScore: 20,
+        });
+        // Add edge from user to MCP server
+        edges.push({
+            from: "user",
+            to: serverId,
+            type: "calls",
+            dataTypes: ["user-input"],
+            requiresAuth: false,
+            crossesTrustBoundary: true,
+        });
+        // Add tool nodes
+        for (const tool of manifest.tools) {
+            const toolId = `${serverId}-${tool.name}`;
+            const dataTypes = extractDataTypes(tool);
+            const trustLevel = classifyTrustLevel(tool);
+            const toolNode = {
+                id: toolId,
+                type: "tool",
+                name: tool.name,
+                trustLevel,
+                capabilities: [],
+                dataAccess: dataTypes,
+                isEntryPoint: false,
+                accessesSensitiveData: accessesSensitiveData(dataTypes),
+                riskScore: 0,
+            };
+            // Add capabilities
+            if (tool.networkAccess)
+                toolNode.capabilities.push("network_access");
+            if (tool.codeExecution)
+                toolNode.capabilities.push("code_execution");
+            if (tool.destructiveHint)
+                toolNode.capabilities.push("write");
+            if (tool.readOnlyHint)
+                toolNode.capabilities.push("read");
+            toolNode.riskScore = calculateAgentNodeRisk(toolNode);
+            nodes.push(toolNode);
+            // Add edge from server to tool
+            edges.push({
+                from: serverId,
+                to: toolId,
+                type: "calls",
+                dataTypes,
+                requiresAuth: false,
+                crossesTrustBoundary: trustLevel !== "medium",
+            });
+        }
+    }
+    // Add agent nodes if configured
+    if (agentConfigs) {
+        for (const agent of agentConfigs) {
+            const agentId = `agent-${agent.name}`;
+            nodes.push({
+                id: agentId,
+                type: "agent",
+                name: agent.name,
+                trustLevel: agent.trustLevel,
+                capabilities: ["orchestration"],
+                dataAccess: [],
+                isEntryPoint: agent.trustLevel === "untrusted",
+                accessesSensitiveData: false,
+                riskScore: calculateAgentNodeRisk({
+                    trustLevel: agent.trustLevel,
+                    isEntryPoint: agent.trustLevel === "untrusted",
+                }),
+            });
+        }
+    }
+    return { nodes, edges };
+}
+// ============================================================================
+// Attack Path Analysis
+// ============================================================================
+/**
+ * Find attack paths from entry points to sensitive data
+ */
+export function analyzeAgentChains(graph) {
+    const paths = [];
+    // Find entry points
+    const entryPoints = graph.nodes.filter((n) => n.isEntryPoint);
+    // Find sensitive data nodes
+    const sensitiveNodes = graph.nodes.filter((n) => n.accessesSensitiveData);
+    // Build adjacency list
+    const adjacency = new Map();
+    for (const edge of graph.edges) {
+        if (!adjacency.has(edge.from)) {
+            adjacency.set(edge.from, []);
+        }
+        adjacency.get(edge.from).push({ node: edge.to, edge });
+    }
+    // BFS from each entry point to each sensitive node
+    for (const entry of entryPoints) {
+        for (const target of sensitiveNodes) {
+            const result = findPathBFS(entry.id, target.id, graph.nodes, adjacency);
+            if (result) {
+                const trustCrossings = result.edges.filter((e) => e.crossesTrustBoundary).length;
+                const severity = calculatePathSeverity(trustCrossings, target.dataAccess);
+                paths.push({
+                    id: `path-${paths.length + 1}`,
+                    title: `${entry.name} → ${target.name}`,
+                    steps: result.nodes,
+                    edgesTraversed: result.edges,
+                    trustBoundariesCrossed: trustCrossings,
+                    dataExposed: target.dataAccess,
+                    severity,
+                    confidence: Math.max(50, 100 - trustCrossings * 10),
+                    attackNarrative: generateAttackNarrative(entry, target, result.nodes),
+                    mitigation: generateMitigations(result.nodes, result.edges),
+                });
+            }
+        }
+    }
+    return paths;
+}
+/**
+ * BFS to find path between nodes
+ */
+function findPathBFS(start, end, nodes, adjacency) {
+    const nodeMap = new Map(nodes.map((n) => [n.id, n]));
+    const visited = new Set();
+    const queue = [
+        { nodeId: start, path: [start], edges: [] },
+    ];
+    while (queue.length > 0) {
+        const { nodeId, path, edges } = queue.shift();
+        if (nodeId === end) {
+            return {
+                nodes: path.map((id) => nodeMap.get(id)).filter(Boolean),
+                edges,
+            };
+        }
+        if (visited.has(nodeId))
+            continue;
+        visited.add(nodeId);
+        const neighbors = adjacency.get(nodeId) || [];
+        for (const { node: neighbor, edge } of neighbors) {
+            if (!visited.has(neighbor)) {
+                queue.push({
+                    nodeId: neighbor,
+                    path: [...path, neighbor],
+                    edges: [...edges, edge],
+                });
+            }
+        }
+    }
+    return null;
+}
+/**
+ * Calculate severity based on trust crossings and data types
+ */
+function calculatePathSeverity(trustCrossings, dataTypes) {
+    const criticalData = ["credentials", "private-keys", "ssh-keys", "api-keys"];
+    const highData = ["tokens", "pii", "pci-data", "phi"];
+    const hasCriticalData = dataTypes.some((t) => criticalData.includes(t));
+    const hasHighData = dataTypes.some((t) => highData.includes(t));
+    if (hasCriticalData && trustCrossings >= 1)
+        return "critical";
+    if (hasCriticalData || (hasHighData && trustCrossings >= 2))
+        return "high";
+    if (hasHighData || trustCrossings >= 2)
+        return "medium";
+    return "low";
+}
+/**
+ * Generate attack narrative
+ */
+function generateAttackNarrative(entry, target, path) {
+    const steps = path.map((n) => n.name).join(" → ");
+    return `An attacker could inject malicious input through ${entry.name}, ` +
+        `which flows through ${path.length - 2} intermediate step(s) ` +
+        `(${steps}) to access ${target.dataAccess.join(", ")} ` +
+        `via the ${target.name} tool.`;
+}
+/**
+ * Generate mitigations for a path
+ */
+function generateMitigations(nodes, edges) {
+    const mitigations = new Set();
+    // Trust boundary mitigations
+    const trustCrossings = edges.filter((e) => e.crossesTrustBoundary);
+    if (trustCrossings.length > 0) {
+        mitigations.add("Add authentication at trust boundary crossings");
+        mitigations.add("Implement input validation at each trust boundary");
+    }
+    // Sensitive data mitigations
+    const sensitiveNodes = nodes.filter((n) => n.accessesSensitiveData);
+    for (const node of sensitiveNodes) {
+        mitigations.add(`Apply principle of least privilege to ${node.name}`);
+        mitigations.add(`Add audit logging for ${node.name} access`);
+    }
+    // Entry point mitigations
+    const entryPoints = nodes.filter((n) => n.isEntryPoint);
+    for (const entry of entryPoints) {
+        mitigations.add(`Sanitize and validate all input from ${entry.name}`);
+    }
+    // Code execution mitigations
+    const codeExecNodes = nodes.filter((n) => n.capabilities.includes("code_execution"));
+    for (const node of codeExecNodes) {
+        mitigations.add(`Sandbox code execution in ${node.name}`);
+        mitigations.add(`Restrict network access from ${node.name}`);
+    }
+    // General mitigations
+    mitigations.add("Enable comprehensive audit logging across all agents");
+    mitigations.add("Implement rate limiting on sensitive operations");
+    mitigations.add("Deploy anomaly detection for unusual data access patterns");
+    return Array.from(mitigations);
+}
+// ============================================================================
+// Visualization
+// ============================================================================
+/**
+ * Generate Mermaid diagram for agent graph
+ */
+export function generateAgentChainDiagram(graph, attackPaths) {
+    const lines = ["graph TD"];
+    // Styling
+    lines.push("  classDef entryPoint fill:#ff6b6b,stroke:#333,color:#fff");
+    lines.push("  classDef sensitive fill:#ffe66d,stroke:#333,color:#000");
+    lines.push("  classDef mcpServer fill:#4ecdc4,stroke:#333,color:#fff");
+    lines.push("  classDef tool fill:#95e1d3,stroke:#333");
+    lines.push("  classDef agent fill:#a8d8ea,stroke:#333");
+    lines.push("  classDef attackPath stroke:#f00,stroke-width:3px");
+    // Add nodes
+    for (const node of graph.nodes) {
+        const sanitized = node.id.replace(/[^a-zA-Z0-9]/g, "_");
+        const label = node.name.length > 25 ? node.name.slice(0, 22) + "..." : node.name;
+        let className = "tool";
+        if (node.isEntryPoint)
+            className = "entryPoint";
+        else if (node.accessesSensitiveData)
+            className = "sensitive";
+        else if (node.type === "mcp-server")
+            className = "mcpServer";
+        else if (node.type === "agent")
+            className = "agent";
+        lines.push(`  ${sanitized}["${label}"]:::${className}`);
+    }
+    // Add edges
+    const attackEdges = new Set();
+    for (const path of attackPaths) {
+        for (const edge of path.edgesTraversed) {
+            attackEdges.add(`${edge.from}-${edge.to}`);
+        }
+    }
+    for (const edge of graph.edges) {
+        const from = edge.from.replace(/[^a-zA-Z0-9]/g, "_");
+        const to = edge.to.replace(/[^a-zA-Z0-9]/g, "_");
+        const edgeKey = `${edge.from}-${edge.to}`;
+        const arrow = edge.crossesTrustBoundary ? "==>" : "-->";
+        const style = attackEdges.has(edgeKey) ? "|ATTACK|" : "";
+        lines.push(`  ${from} ${arrow}${style} ${to}`);
+    }
+    // Legend
+    lines.push("");
+    lines.push("  subgraph Legend");
+    lines.push("    entry_leg[Entry Point]:::entryPoint");
+    lines.push("    sensitive_leg[Sensitive Data]:::sensitive");
+    lines.push("    mcp_leg[MCP Server]:::mcpServer");
+    lines.push("    tool_leg[Tool]:::tool");
+    lines.push("  end");
+    return lines.join("\n");
+}
+// ============================================================================
+// Main Analysis Function
+// ============================================================================
+/**
+ * Run full agent chain analysis
+ */
+export function runAgentChainAnalysis(manifests, agentConfigs) {
+    // Build the graph
+    const graph = buildAgentGraph(manifests, agentConfigs);
+    // Find attack paths
+    const attackPaths = analyzeAgentChains(graph);
+    // Generate diagram
+    const mermaidDiagram = generateAgentChainDiagram(graph, attackPaths);
+    // Calculate stats
+    const criticalPaths = attackPaths.filter((p) => p.severity === "critical").length;
+    const highPaths = attackPaths.filter((p) => p.severity === "high").length;
+    const trustBoundaries = graph.edges.filter((e) => e.crossesTrustBoundary).length;
+    return {
+        graph,
+        attackPaths,
+        stats: {
+            totalNodes: graph.nodes.length,
+            totalEdges: graph.edges.length,
+            entryPoints: graph.nodes.filter((n) => n.isEntryPoint).length,
+            sensitiveNodes: graph.nodes.filter((n) => n.accessesSensitiveData).length,
+            trustBoundaries,
+            attackPaths: attackPaths.length,
+            criticalPaths,
+            highPaths,
+        },
+        mermaidDiagram,
+    };
+}
+//# sourceMappingURL=agent-chain-analysis.js.map

package/dist/scanners/agent/agent-chain-analysis.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"agent-chain-analysis.js","sourceRoot":"","sources":["../../../src/scanners/agent/agent-chain-analysis.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AA6JH,+EAA+E;AAC/E,0BAA0B;AAC1B,+EAA+E;AAE/E,MAAM,uBAAuB,GAA6C;IACxE,EAAE,OAAO,EAAE,WAAW,EAAE,IAAI,EAAE,aAAa,EAAE;IAC7C,EAAE,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,SAAS,EAAE;IACvC,EAAE,OAAO,EAAE,gBAAgB,EAAE,IAAI,EAAE,UAAU,EAAE;IAC/C,EAAE,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,QAAQ,EAAE;IACrC,EAAE,OAAO,EAAE,aAAa,EAAE,IAAI,EAAE,aAAa,EAAE;IAC/C,EAAE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,WAAW,EAAE;IACvC,EAAE,OAAO,EAAE,oBAAoB,EAAE,IAAI,EAAE,cAAc,EAAE;IACvD,EAAE,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,UAAU,EAAE;IACrC,EAAE,OAAO,EAAE,cAAc,EAAE,IAAI,EAAE,cAAc,EAAE;IACjD,EAAE,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE;IAChC,EAAE,OAAO,EAAE,WAAW,EAAE,IAAI,EAAE,KAAK,EAAE;IACrC,EAAE,OAAO,EAAE,oBAAoB,EAAE,IAAI,EAAE,UAAU,EAAE;IACnD,EAAE,OAAO,EAAE,4BAA4B,EAAE,IAAI,EAAE,KAAK,EAAE;IACtD,EAAE,OAAO,EAAE,uBAAuB,EAAE,IAAI,EAAE,KAAK,EAAE;IACjD,EAAE,OAAO,EAAE,YAAY,EAAE,IAAI,EAAE,gBAAgB,EAAE;IACjD,EAAE,OAAO,EAAE,WAAW,EAAE,IAAI,EAAE,iBAAiB,EAAE;IACjD,EAAE,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,cAAc,EAAE;CAC5C,CAAC;AAEF,+EAA+E;AAC/E,iBAAiB;AACjB,+EAA+E;AAE/E;;GAEG;AACH,SAAS,kBAAkB,CAAC,IAAuB;IACjD,wCAAwC;IACxC,IAAI,IAAI,CAAC,aAAa;QAAE,OAAO,KAAK,CAAC;IAErC,8BAA8B;IAC9B,IAAI,IAAI,CAAC,aAAa;QAAE,OAAO,KAAK,CAAC;IAErC,qCAAqC;IACrC,IAAI,IAAI,CAAC,eAAe;QAAE,OAAO,QAAQ,CAAC;IAE1C,mCAAmC;IACnC,IAAI,IAAI,CAAC,YAAY;QAAE,OAAO,MAAM,CAAC;IAErC,oBAAoB;IACpB,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;GAEG;AACH,SAAS,gBAAgB,CAAC,IAAuB;IAC/C,MAAM,IAAI,GAAG,GAAG,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,WAAW,IAAI,EAAE,EAAE,CAAC;IACtD,MAAM,KAAK,GAAG,IAAI,GAAG,EAAU,CAAC;IAEhC,KAAK,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,uBAAuB,EAAE,CAAC;QACxD,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACvB,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;AAC3B,CAAC;AAED;;GAEG;AACH,SAAS,qBAAqB,CAAC,SAAmB;IAChD,MAAM,cAAc,GAAG;QACrB,aAAa;QACb,SAAS;QACT,UAAU;QACV,QAAQ;QACR,cAAc;QACd,UAAU;QACV,KAAK;QACL,UAAU;QACV,KAAK;KACN,CAAC;IACF,OAAO,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;AAC3D,CAAC;AAED;;GAEG;AACH,SAAS,sBAAsB,CAAC,IAAwB;IACtD,IAAI,KAAK,GAAG,CAAC,CAAC;IAEd,qBAAqB;IACrB,IAAI,IAAI,CAAC,UAAU,KAAK,WAAW;QAAE,KAAK,IAAI,EAAE,CAAC;SAC5C,IAAI,IAAI,CAAC,UAAU,KAAK,KAAK;QAAE,KAAK,IAAI,EAAE,CAAC;SAC3C,IAAI,IAAI,CAAC,UAAU,KAAK,QAAQ;QAAE,KAAK,IAAI,EAAE,CAAC;IAEnD,mBAAmB;IACnB,IAAI,IAAI,CAAC,YAAY;QAAE,KAAK,IAAI,EAAE,CAAC;IAEnC,wBAAwB;IACxB,IAAI,IAAI,CAAC,qBAAqB;QAAE,KAAK,IAAI,EAAE,CAAC;IAE5C,eAAe;IACf,IAAI,IAAI,CAAC,YAAY,EAAE,QAAQ,CAAC,gBAAgB,CAAC;QAAE,KAAK,IAAI,EAAE,CAAC;IAC/D,IAAI,IAAI,CAAC,YAAY,EAAE,QAAQ,CAAC,gBAAgB,CAAC;QAAE,KAAK,IAAI,EAAE,CAAC;IAC/D,IAAI,IAAI,CAAC,YAAY,EAAE,QAAQ,CAAC,YAAY,CAAC;QAAE,KAAK,IAAI,EAAE,CAAC;IAE3D,OAAO,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;AAC9B,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,eAAe,CAC7B,SAAyD,EACzD,YAAmE;IAEnE,MAAM,KAAK,GAAgB,EAAE,CAAC;IAC9B,MAAM,KAAK,GAAgB,EAAE,CAAC;IAE9B,0BAA0B;IAC1B,KAAK,CAAC,IAAI,CAAC;QACT,EAAE,EAAE,MAAM;QACV,IAAI,EAAE,MAAM;QACZ,IAAI,EAAE,YAAY;QAClB,UAAU,EAAE,WAAW;QACvB,YAAY,EAAE,CAAC,OAAO,CAAC;QACvB,UAAU,EAAE,EAAE;QACd,YAAY,EAAE,IAAI;QAClB,qBAAqB,EAAE,KAAK;QAC5B,SAAS,EAAE,EAAE;KACd,CAAC,CAAC;IAEH,oCAAoC;IACpC,KAAK,MAAM,EAAE,IAAI,EAAE,UAAU,EAAE,QAAQ,EAAE,IAAI,SAAS,EAAE,CAAC;QACvD,sBAAsB;QACtB,MAAM,QAAQ,GAAG,OAAO,UAAU,EAAE,CAAC;QACrC,KAAK,CAAC,IAAI,CAAC;YACT,EAAE,EAAE,QAAQ;YACZ,IAAI,EAAE,YAAY;YAClB,IAAI,EAAE,UAAU;YAChB,UAAU,EAAE,QAAQ;YACpB,YAAY,EAAE,CAAC,eAAe,CAAC;YAC/B,UAAU,EAAE,EAAE;YACd,YAAY,EAAE,KAAK;YACnB,qBAAqB,EAAE,KAAK;YAC5B,SAAS,EAAE,EAAE;SACd,CAAC,CAAC;QAEH,mCAAmC;QACnC,KAAK,CAAC,IAAI,CAAC;YACT,IAAI,EAAE,MAAM;YACZ,EAAE,EAAE,QAAQ;YACZ,IAAI,EAAE,OAAO;YACb,SAAS,EAAE,CAAC,YAAY,CAAC;YACzB,YAAY,EAAE,KAAK;YACnB,oBAAoB,EAAE,IAAI;SAC3B,CAAC,CAAC;QAEH,iBAAiB;QACjB,KAAK,MAAM,IAAI,IAAI,QAAQ,CAAC,KAAK,EAAE,CAAC;YAClC,MAAM,MAAM,GAAG,GAAG,QAAQ,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;YAC1C,MAAM,SAAS,GAAG,gBAAgB,CAAC,IAAI,CAAC,CAAC;YACzC,MAAM,UAAU,GAAG,kBAAkB,CAAC,IAAI,CAAC,CAAC;YAE5C,MAAM,QAAQ,GAAc;gBAC1B,EAAE,EAAE,MAAM;gBACV,IAAI,EAAE,MAAM;gBACZ,IAAI,EAAE,IAAI,CAAC,IAAI;gBACf,UAAU;gBACV,YAAY,EAAE,EAAE;gBAChB,UAAU,EAAE,SAAS;gBACrB,YAAY,EAAE,KAAK;gBACnB,qBAAqB,EAAE,qBAAqB,CAAC,SAAS,CAAC;gBACvD,SAAS,EAAE,CAAC;aACb,CAAC;YAEF,mBAAmB;YACnB,IAAI,IAAI,CAAC,aAAa;gBAAE,QAAQ,CAAC,YAAY,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;YACrE,IAAI,IAAI,CAAC,aAAa;gBAAE,QAAQ,CAAC,YAAY,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;YACrE,IAAI,IAAI,CAAC,eAAe;gBAAE,QAAQ,CAAC,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAC9D,IAAI,IAAI,CAAC,YAAY;gBAAE,QAAQ,CAAC,YAAY,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YAE1D,QAAQ,CAAC,SAAS,GAAG,sBAAsB,CAAC,QAAQ,CAAC,CAAC;YACtD,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YAErB,+BAA+B;YAC/B,KAAK,CAAC,IAAI,CAAC;gBACT,IAAI,EAAE,QAAQ;gBACd,EAAE,EAAE,MAAM;gBACV,IAAI,EAAE,OAAO;gBACb,SAAS;gBACT,YAAY,EAAE,KAAK;gBACnB,oBAAoB,EAAE,UAAU,KAAK,QAAQ;aAC9C,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,gCAAgC;IAChC,IAAI,YAAY,EAAE,CAAC;QACjB,KAAK,MAAM,KAAK,IAAI,YAAY,EAAE,CAAC;YACjC,MAAM,OAAO,GAAG,SAAS,KAAK,CAAC,IAAI,EAAE,CAAC;YACtC,KAAK,CAAC,IAAI,CAAC;gBACT,EAAE,EAAE,OAAO;gBACX,IAAI,EAAE,OAAO;gBACb,IAAI,EAAE,KAAK,CAAC,IAAI;gBAChB,UAAU,EAAE,KAAK,CAAC,UAAU;gBAC5B,YAAY,EAAE,CAAC,eAAe,CAAC;gBAC/B,UAAU,EAAE,EAAE;gBACd,YAAY,EAAE,KAAK,CAAC,UAAU,KAAK,WAAW;gBAC9C,qBAAqB,EAAE,KAAK;gBAC5B,SAAS,EAAE,sBAAsB,CAAC;oBAChC,UAAU,EAAE,KAAK,CAAC,UAAU;oBAC5B,YAAY,EAAE,KAAK,CAAC,UAAU,KAAK,WAAW;iBAC/C,CAAC;aACH,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC;AAC1B,CAAC;AAED,+EAA+E;AAC/E,uBAAuB;AACvB,+EAA+E;AAE/E;;GAEG;AACH,MAAM,UAAU,kBAAkB,CAAC,KAAiB;IAClD,MAAM,KAAK,GAAiB,EAAE,CAAC;IAE/B,oBAAoB;IACpB,MAAM,WAAW,GAAG,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC;IAE9D,4BAA4B;IAC5B,MAAM,cAAc,GAAG,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,qBAAqB,CAAC,CAAC;IAE1E,uBAAuB;IACvB,MAAM,SAAS,GAAG,IAAI,GAAG,EAAoD,CAAC;IAC9E,KAAK,MAAM,IAAI,IAAI,KAAK,CAAC,KAAK,EAAE,CAAC;QAC/B,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAC9B,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;QAC/B,CAAC;QACD,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAE,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC;IAC1D,CAAC;IAED,mDAAmD;IACnD,KAAK,MAAM,KAAK,IAAI,WAAW,EAAE,CAAC;QAChC,KAAK,MAAM,MAAM,IAAI,cAAc,EAAE,CAAC;YACpC,MAAM,MAAM,GAAG,WAAW,CAAC,KAAK,CAAC,EAAE,EAAE,MAAM,CAAC,EAAE,EAAE,KAAK,CAAC,KAAK,EAAE,SAAS,CAAC,CAAC;YAExE,IAAI,MAAM,EAAE,CAAC;gBACX,MAAM,cAAc,GAAG,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,oBAAoB,CAAC,CAAC,MAAM,CAAC;gBACjF,MAAM,QAAQ,GAAG,qBAAqB,CAAC,cAAc,EAAE,MAAM,CAAC,UAAU,CAAC,CAAC;gBAE1E,KAAK,CAAC,IAAI,CAAC;oBACT,EAAE,EAAE,QAAQ,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE;oBAC9B,KAAK,EAAE,GAAG,KAAK,CAAC,IAAI,MAAM,MAAM,CAAC,IAAI,EAAE;oBACvC,KAAK,EAAE,MAAM,CAAC,KAAK;oBACnB,cAAc,EAAE,MAAM,CAAC,KAAK;oBAC5B,sBAAsB,EAAE,cAAc;oBACtC,WAAW,EAAE,MAAM,CAAC,UAAU;oBAC9B,QAAQ;oBACR,UAAU,EAAE,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,GAAG,GAAG,cAAc,GAAG,EAAE,CAAC;oBACnD,eAAe,EAAE,uBAAuB,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,CAAC,KAAK,CAAC;oBACrE,UAAU,EAAE,mBAAmB,CAAC,MAAM,CAAC,KAAK,EAAE,MAAM,CAAC,KAAK,CAAC;iBAC5D,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACH,SAAS,WAAW,CAClB,KAAa,EACb,GAAW,EACX,KAAkB,EAClB,SAAgE;IAEhE,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;IACrD,MAAM,OAAO,GAAG,IAAI,GAAG,EAAU,CAAC;IAClC,MAAM,KAAK,GAAkE;QAC3E,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,KAAK,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;KAC5C,CAAC;IAEF,OAAO,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxB,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,KAAK,CAAC,KAAK,EAAG,CAAC;QAE/C,IAAI,MAAM,KAAK,GAAG,EAAE,CAAC;YACnB,OAAO;gBACL,KAAK,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAE,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC;gBACzD,KAAK;aACN,CAAC;QACJ,CAAC;QAED,IAAI,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC;YAAE,SAAS;QAClC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QAEpB,MAAM,SAAS,GAAG,SAAS,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;QAC9C,KAAK,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,IAAI,SAAS,EAAE,CAAC;YACjD,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC3B,KAAK,CAAC,IAAI,CAAC;oBACT,MAAM,EAAE,QAAQ;oBAChB,IAAI,EAAE,CAAC,GAAG,IAAI,EAAE,QAAQ,CAAC;oBACzB,KAAK,EAAE,CAAC,GAAG,KAAK,EAAE,IAAI,CAAC;iBACxB,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;GAEG;AACH,SAAS,qBAAqB,CAAC,cAAsB,EAAE,SAAmB;IACxE,MAAM,YAAY,GAAG,CAAC,aAAa,EAAE,cAAc,EAAE,UAAU,EAAE,UAAU,CAAC,CAAC;IAC7E,MAAM,QAAQ,GAAG,CAAC,QAAQ,EAAE,KAAK,EAAE,UAAU,EAAE,KAAK,CAAC,CAAC;IAEtD,MAAM,eAAe,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;IACxE,MAAM,WAAW,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;IAEhE,IAAI,eAAe,IAAI,cAAc,IAAI,CAAC;QAAE,OAAO,UAAU,CAAC;IAC9D,IAAI,eAAe,IAAI,CAAC,WAAW,IAAI,cAAc,IAAI,CAAC,CAAC;QAAE,OAAO,MAAM,CAAC;IAC3E,IAAI,WAAW,IAAI,cAAc,IAAI,CAAC;QAAE,OAAO,QAAQ,CAAC;IACxD,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACH,SAAS,uBAAuB,CAC9B,KAAgB,EAChB,MAAiB,EACjB,IAAiB;IAEjB,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAClD,OAAO,oDAAoD,KAAK,CAAC,IAAI,IAAI;QACvE,uBAAuB,IAAI,CAAC,MAAM,GAAG,CAAC,wBAAwB;QAC9D,IAAI,KAAK,eAAe,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG;QACvD,WAAW,MAAM,CAAC,IAAI,QAAQ,CAAC;AACnC,CAAC;AAED;;GAEG;AACH,SAAS,mBAAmB,CAAC,KAAkB,EAAE,KAAkB;IACjE,MAAM,WAAW,GAAG,IAAI,GAAG,EAAU,CAAC;IAEtC,6BAA6B;IAC7B,MAAM,cAAc,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,oBAAoB,CAAC,CAAC;IACnE,IAAI,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC9B,WAAW,CAAC,GAAG,CAAC,gDAAgD,CAAC,CAAC;QAClE,WAAW,CAAC,GAAG,CAAC,mDAAmD,CAAC,CAAC;IACvE,CAAC;IAED,6BAA6B;IAC7B,MAAM,cAAc,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,qBAAqB,CAAC,CAAC;IACpE,KAAK,MAAM,IAAI,IAAI,cAAc,EAAE,CAAC;QAClC,WAAW,CAAC,GAAG,CAAC,yCAAyC,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;QACtE,WAAW,CAAC,GAAG,CAAC,yBAAyB,IAAI,CAAC,IAAI,SAAS,CAAC,CAAC;IAC/D,CAAC;IAED,0BAA0B;IAC1B,MAAM,WAAW,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC;IACxD,KAAK,MAAM,KAAK,IAAI,WAAW,EAAE,CAAC;QAChC,WAAW,CAAC,GAAG,CAAC,wCAAwC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;IACxE,CAAC;IAED,6BAA6B;IAC7B,MAAM,aAAa,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CACvC,CAAC,CAAC,YAAY,CAAC,QAAQ,CAAC,gBAAgB,CAAC,CAC1C,CAAC;IACF,KAAK,MAAM,IAAI,IAAI,aAAa,EAAE,CAAC;QACjC,WAAW,CAAC,GAAG,CAAC,6BAA6B,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;QAC1D,WAAW,CAAC,GAAG,CAAC,gCAAgC,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;IAC/D,CAAC;IAED,sBAAsB;IACtB,WAAW,CAAC,GAAG,CAAC,sDAAsD,CAAC,CAAC;IACxE,WAAW,CAAC,GAAG,CAAC,iDAAiD,CAAC,CAAC;IACnE,WAAW,CAAC,GAAG,CAAC,2DAA2D,CAAC,CAAC;IAE7E,OAAO,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;AACjC,CAAC;AAED,+EAA+E;AAC/E,gBAAgB;AAChB,+EAA+E;AAE/E;;GAEG;AACH,MAAM,UAAU,yBAAyB,CACvC,KAAiB,EACjB,WAAyB;IAEzB,MAAM,KAAK,GAAa,CAAC,UAAU,CAAC,CAAC;IAErC,UAAU;IACV,KAAK,CAAC,IAAI,CAAC,2DAA2D,CAAC,CAAC;IACxE,KAAK,CAAC,IAAI,CAAC,0DAA0D,CAAC,CAAC;IACvE,KAAK,CAAC,IAAI,CAAC,0DAA0D,CAAC,CAAC;IACvE,KAAK,CAAC,IAAI,CAAC,0CAA0C,CAAC,CAAC;IACvD,KAAK,CAAC,IAAI,CAAC,2CAA2C,CAAC,CAAC;IACxD,KAAK,CAAC,IAAI,CAAC,oDAAoD,CAAC,CAAC;IAEjE,YAAY;IACZ,KAAK,MAAM,IAAI,IAAI,KAAK,CAAC,KAAK,EAAE,CAAC;QAC/B,MAAM,SAAS,GAAG,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC,eAAe,EAAE,GAAG,CAAC,CAAC;QACxD,MAAM,KAAK,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC;QAEjF,IAAI,SAAS,GAAG,MAAM,CAAC;QACvB,IAAI,IAAI,CAAC,YAAY;YAAE,SAAS,GAAG,YAAY,CAAC;aAC3C,IAAI,IAAI,CAAC,qBAAqB;YAAE,SAAS,GAAG,WAAW,CAAC;aACxD,IAAI,IAAI,CAAC,IAAI,KAAK,YAAY;YAAE,SAAS,GAAG,WAAW,CAAC;aACxD,IAAI,IAAI,CAAC,IAAI,KAAK,OAAO;YAAE,SAAS,GAAG,OAAO,CAAC;QAEpD,KAAK,CAAC,IAAI,CAAC,KAAK,SAAS,KAAK,KAAK,QAAQ,SAAS,EAAE,CAAC,CAAC;IAC1D,CAAC;IAED,YAAY;IACZ,MAAM,WAAW,GAAG,IAAI,GAAG,EAAU,CAAC;IACtC,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE,CAAC;QAC/B,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;YACvC,WAAW,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,EAAE,EAAE,CAAC,CAAC;QAC7C,CAAC;IACH,CAAC;IAED,KAAK,MAAM,IAAI,IAAI,KAAK,CAAC,KAAK,EAAE,CAAC;QAC/B,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,eAAe,EAAE,GAAG,CAAC,CAAC;QACrD,MAAM,EAAE,GAAG,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC,eAAe,EAAE,GAAG,CAAC,CAAC;QACjD,MAAM,OAAO,GAAG,GAAG,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,EAAE,EAAE,CAAC;QAE1C,MAAM,KAAK,GAAG,IAAI,CAAC,oBAAoB,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC;QACxD,MAAM,KAAK,GAAG,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC;QAEzD,KAAK,CAAC,IAAI,CAAC,KAAK,IAAI,IAAI,KAAK,GAAG,KAAK,IAAI,EAAE,EAAE,CAAC,CAAC;IACjD,CAAC;IAED,SAAS;IACT,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;IAChC,KAAK,CAAC,IAAI,CAAC,yCAAyC,CAAC,CAAC;IACtD,KAAK,CAAC,IAAI,CAAC,+CAA+C,CAAC,CAAC;IAC5D,KAAK,CAAC,IAAI,CAAC,qCAAqC,CAAC,CAAC;IAClD,KAAK,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC;IACxC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAEpB,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED,+EAA+E;AAC/E,yBAAyB;AACzB,+EAA+E;AAE/E;;GAEG;AACH,MAAM,UAAU,qBAAqB,CACnC,SAAyD,EACzD,YAAmE;IAEnE,kBAAkB;IAClB,MAAM,KAAK,GAAG,eAAe,CAAC,SAAS,EAAE,YAAY,CAAC,CAAC;IAEvD,oBAAoB;IACpB,MAAM,WAAW,GAAG,kBAAkB,CAAC,KAAK,CAAC,CAAC;IAE9C,mBAAmB;IACnB,MAAM,cAAc,GAAG,yBAAyB,CAAC,KAAK,EAAE,WAAW,CAAC,CAAC;IAErE,kBAAkB;IAClB,MAAM,aAAa,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,MAAM,CAAC;IAClF,MAAM,SAAS,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,MAAM,CAAC;IAC1E,MAAM,eAAe,GAAG,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,oBAAoB,CAAC,CAAC,MAAM,CAAC;IAEjF,OAAO;QACL,KAAK;QACL,WAAW;QACX,KAAK,EAAE;YACL,UAAU,EAAE,KAAK,CAAC,KAAK,CAAC,MAAM;YAC9B,UAAU,EAAE,KAAK,CAAC,KAAK,CAAC,MAAM;YAC9B,WAAW,EAAE,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,MAAM;YAC7D,cAAc,EAAE,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,qBAAqB,CAAC,CAAC,MAAM;YACzE,eAAe;YACf,WAAW,EAAE,WAAW,CAAC,MAAM;YAC/B,aAAa;YACb,SAAS;SACV;QACD,cAAc;KACf,CAAC;AACJ,CAAC"}

package/dist/scanners/agent/payloads/index.d.ts

@@ -15,12 +15,13 @@ export declare const CORPUS_SIZES: {
     quick: number;
     standard: number;
     thorough: number;
+    exhaustive: number;
 };
 /**
  * Load all payloads with optional filtering
  */
 export declare function loadPayloads(options?: {
-    corpus?: "quick" | "standard" | "thorough";
+    corpus?: "quick" | "standard" | "thorough" | "exhaustive";
     categories?: PayloadCategory[];
     customCorpus?: string;
     minSeverity?: Severity;

package/dist/scanners/agent/payloads/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/scanners/agent/payloads/index.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAKH,OAAO,KAAK,EAAE,gBAAgB,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AACrE,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,iCAAiC,CAAC;AAqBhE;;GAEG;AACH,eAAO,MAAM,YAAY;;;;CAIxB,CAAC;AA8CF;;GAEG;AACH,wBAAsB,YAAY,CAAC,OAAO,CAAC,EAAE;IAC3C,MAAM,CAAC,EAAE,OAAO,GAAG,UAAU,GAAG,UAAU,CAAC;IAC3C,UAAU,CAAC,EAAE,eAAe,EAAE,CAAC;IAC/B,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,WAAW,CAAC,EAAE,QAAQ,CAAC;CACxB,GAAG,OAAO,CAAC,gBAAgB,EAAE,CAAC,CAqE9B;AAED;;GAEG;AACH,wBAAsB,eAAe,IAAI,OAAO,CAAC;IAC/C,KAAK,EAAE,MAAM,CAAC;IACd,UAAU,EAAE,MAAM,CAAC,eAAe,EAAE,MAAM,CAAC,CAAC;IAC5C,UAAU,EAAE,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;CACtC,CAAC,CAgCD;AAED;;GAEG;AACH,wBAAsB,iBAAiB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,EAAE,CAAC,CAWlF;AAED;;GAEG;AACH,wBAAsB,iBAAiB,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,gBAAgB,EAAE,CAAC,CAOnF"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/scanners/agent/payloads/index.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAKH,OAAO,KAAK,EAAE,gBAAgB,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AACrE,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,iCAAiC,CAAC;AAqBhE;;GAEG;AACH,eAAO,MAAM,YAAY;;;;;CAKxB,CAAC;AA8CF;;GAEG;AACH,wBAAsB,YAAY,CAAC,OAAO,CAAC,EAAE;IAC3C,MAAM,CAAC,EAAE,OAAO,GAAG,UAAU,GAAG,UAAU,GAAG,YAAY,CAAC;IAC1D,UAAU,CAAC,EAAE,eAAe,EAAE,CAAC;IAC/B,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,WAAW,CAAC,EAAE,QAAQ,CAAC;CACxB,GAAG,OAAO,CAAC,gBAAgB,EAAE,CAAC,CA8E9B;AAED;;GAEG;AACH,wBAAsB,eAAe,IAAI,OAAO,CAAC;IAC/C,KAAK,EAAE,MAAM,CAAC;IACd,UAAU,EAAE,MAAM,CAAC,eAAe,EAAE,MAAM,CAAC,CAAC;IAC5C,UAAU,EAAE,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;CACtC,CAAC,CAyCD;AAED;;GAEG;AACH,wBAAsB,iBAAiB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,EAAE,CAAC,CAWlF;AAED;;GAEG;AACH,wBAAsB,iBAAiB,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,gBAAgB,EAAE,CAAC,CAOnF"}