verification-layer 0.19.0 → 0.21.0

package/dist/scanners/hipaa2026/patterns.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"patterns.js","sourceRoot":"","sources":["../../../src/scanners/hipaa2026/patterns.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAiBH;;GAEG;AACH,MAAM,CAAC,MAAM,YAAY,GAAqB;IAC5C,EAAE,EAAE,eAAe;IACnB,IAAI,EAAE,oDAAoD;IAC1D,WAAW,EAAE,sGAAsG;IACnH,QAAQ,EAAE,UAAU;IACpB,cAAc,EAAE,sDAAsD;IACtE,QAAQ,EAAE;QACR,yBAAyB;QACzB,yHAAyH;QACzH,2BAA2B;QAC3B,6FAA6F;QAC7F,8BAA8B;QAC9B,sDAAsD;QACtD,+BAA+B;QAC/B,mDAAmD;QACnD,wBAAwB;QACxB,kDAAkD;KACnD;IACD,gBAAgB,EAAE;QAChB,qBAAqB;QACrB,cAAc;QACd,wBAAwB;QACxB,iBAAiB;KAClB;IACD,OAAO,EAAE,yFAAyF;IAClG,UAAU,EAAE,MAAM;IAClB,QAAQ,EAAE,gBAAgB;CAC3B,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,2BAA2B,GAAqB;IAC3D,EAAE,EAAE,oBAAoB;IACxB,IAAI,EAAE,wCAAwC;IAC9C,WAAW,EAAE,+DAA+D;IAC5E,QAAQ,EAAE,UAAU;IACpB,cAAc,EAAE,mDAAmD;IACnE,QAAQ,EAAE;QACR,8BAA8B;QAC9B,mGAAmG;QACnG,kCAAkC;QAClC,mGAAmG;QACnG,wBAAwB;QACxB,kDAAkD;QAClD,8BAA8B;QAC9B,wFAAwF;QACxF,6BAA6B;QAC7B,uDAAuD;QACvD,gCAAgC;QAChC,iDAAiD;KAClD;IACD,gBAAgB,EAAE;QAChB,kBAAkB;QAClB,cAAc;QACd,WAAW;QACX,UAAU;KACX;IACD,OAAO,EAAE,+FAA+F;IACxG,UAAU,EAAE,MAAM;IAClB,QAAQ,EAAE,YAAY;CACvB,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,wBAAwB,GAAqB;IACxD,EAAE,EAAE,mBAAmB;IACvB,IAAI,EAAE,mCAAmC;IACzC,WAAW,EAAE,uEAAuE;IACpF,QAAQ,EAAE,MAAM;IAChB,cAAc,EAAE,yDAAyD;IACzE,QAAQ,EAAE;QACR,oCAAoC;QACpC,kFAAkF;QAClF,4CAA4C;QAC5C,+CAA+C;QAC/C,yBAAyB;QACzB,mCAAmC;QACnC,oCAAoC;QACpC,iCAAiC;QACjC,uBAAuB;QACvB,iDAAiD;KAClD;IACD,gBAAgB,EAAE;QAChB,0BAA0B,EAAE,qBAAqB;QACjD,0CAA0C;QAC1C,cAAc;KACf;IACD,OAAO,EAAE,+EAA+E;IACxF,UAAU,EAAE,MAAM;IAClB,QAAQ,EAAE,gBAAgB;CAC3B,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,0BAA0B,GAAqB;IAC1D,EAAE,EAAE,kBAAkB;IACtB,IAAI,EAAE,qCAAqC;IAC3C,WAAW,EAAE,wEAAwE;IACrF,QAAQ,EAAE,UAAU;IACpB,cAAc,EAAE,kEAAkE;IAClF,QAAQ,EAAE;QACR,2CAA2C;QAC3C,8FAA8F;QAC9F,sCAAsC;QACtC,yEAAyE;QACzE,0BAA0B;QAC1B,6DAA6D;QAC7D,8BAA8B;QAC9B,sEAAsE;KACvE;IACD,gBAAgB,EAAE;QAChB,kBAAkB;QAClB,wBAAwB;QACxB,sBAAsB;QACtB,oBAAoB;KACrB;IACD,OAAO,EAAE,+FAA+F;IACxG,UAAU,EAAE,QAAQ;IACpB,QAAQ,EAAE,gBAAgB;CAC3B,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,4BAA4B,GAAqB;IAC5D,EAAE,EAAE,kBAAkB;IACtB,IAAI,EAAE,uCAAuC;IAC7C,WAAW,EAAE,wEAAwE;IACrF,QAAQ,EAAE,UAAU;IACpB,cAAc,EAAE,qEAAqE;IACrF,QAAQ,EAAE;QACR,yCAAyC;QACzC,mHAAmH;QACnH,2CAA2C;QAC3C,qEAAqE;QACrE,oCAAoC;QACpC,kEAAkE;KACnE;IACD,gBAAgB,EAAE;QAChB,uBAAuB;QACvB,4BAA4B;QAC5B,sBAAsB;QACtB,eAAe;KAChB;IACD,OAAO,EAAE,0FAA0F;IACnG,UAAU,EAAE,QAAQ;IACpB,QAAQ,EAAE,eAAe;CAC1B,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,6BAA6B,GAAqB;IAC7D,EAAE,EAAE,mBAAmB;IACvB,IAAI,EAAE,sCAAsC;IAC5C,WAAW,EAAE,iFAAiF;IAC9F,QAAQ,EAAE,UAAU;IACpB,cAAc,EAAE,0DAA0D;IAC1E,QAAQ,EAAE;QACR,oCAAoC;QACpC,+DAA+D;QAC/D,uCAAuC;QACvC,wEAAwE;QACxE,2CAA2C;QAC3C,6FAA6F;QAC7F,4BAA4B;QAC5B,4EAA4E;KAC7E;IACD,gBAAgB,EAAE;QAChB,oBAAoB,EAAE,YAAY;QAClC,mBAAmB;QACnB,gBAAgB;QAChB,mBAAmB;KACpB;IACD,OAAO,EAAE,gGAAgG;IACzG,UAAU,EAAE,MAAM;IAClB,QAAQ,EAAE,gBAAgB;CAC3B,CAAC;AAEF;;;GAGG;AACH,MAAM,CAAC,MAAM,wBAAwB,GAAqB;IACxD,EAAE,EAAE,iBAAiB;IACrB,IAAI,EAAE,0CAA0C;IAChD,WAAW,EAAE,+EAA+E;IAC5F,QAAQ,EAAE,MAAM;IAChB,cAAc,EAAE,yDAAyD;IACzE,QAAQ,EAAE;QACR,YAAY;QACZ,gEAAgE;QAChE,mBAAmB;QACnB,8BAA8B;QAC9B,2BAA2B;QAC3B,qDAAqD;QACrD,OAAO;QACP,gCAAgC;KACjC;IACD,OAAO,EAAE,gEAAgE;IACzE,UAAU,EAAE,MAAM;IAClB,QAAQ,EAAE,gBAAgB;CAC3B,CAAC;AAEF;;;GAGG;AACH,MAAM,CAAC,MAAM,yBAAyB,GAAqB;IACzD,EAAE,EAAE,gBAAgB;IACpB,IAAI,EAAE,wBAAwB;IAC9B,WAAW,EAAE,4FAA4F;IACzG,QAAQ,EAAE,MAAM;IAChB,cAAc,EAAE,yDAAyD;IACzE,QAAQ,EAAE;QACR,eAAe;QACf,iEAAiE;QACjE,aAAa;QACb,mDAAmD;QACnD,UAAU;QACV,2CAA2C;QAC3C,SAAS;QACT,kDAAkD;KACnD;IACD,OAAO,EAAE,6DAA6D;IACtE,UAAU,EAAE,MAAM;IAClB,QAAQ,EAAE,gBAAgB;CAC3B,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,+BAA+B,GAAqB;IAC/D,EAAE,EAAE,mBAAmB;IACvB,IAAI,EAAE,8CAA8C;IACpD,WAAW,EAAE,gFAAgF;IAC7F,QAAQ,EAAE,MAAM;IAChB,cAAc,EAAE,+CAA+C;IAC/D,QAAQ,EAAE;QACR,oCAAoC;QACpC,mDAAmD;KACpD;IACD,gBAAgB,EAAE;QAChB,kBAAkB;QAClB,YAAY;QACZ,QAAQ;QACR,YAAY;QACZ,kBAAkB;KACnB;IACD,OAAO,EAAE,iFAAiF;IAC1F,UAAU,EAAE,QAAQ;IACpB,QAAQ,EAAE,eAAe;CAC1B,CAAC;AAEF,MAAM,CAAC,MAAM,uBAAuB,GAAuB;IACzD,YAAY;IACZ,2BAA2B;IAC3B,wBAAwB;IACxB,0BAA0B;IAC1B,4BAA4B;IAC5B,6BAA6B;IAC7B,wBAAwB;IACxB,yBAAyB;IACzB,+BAA+B;CAChC,CAAC"}

package/dist/scanners/skills/index.d.ts

@@ -0,0 +1,7 @@
+/**
+ * AI Agent Skills Security Scanner
+ * Scans SKILL.md files for HIPAA violations and security issues
+ */
+import type { Scanner } from '../../types.js';
+export declare const skillsScanner: Scanner;
+//# sourceMappingURL=index.d.ts.map

package/dist/scanners/skills/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/scanners/skills/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAGH,OAAO,KAAK,EAAE,OAAO,EAAwB,MAAM,gBAAgB,CAAC;AAGpE,eAAO,MAAM,aAAa,EAAE,OAsH3B,CAAC"}

package/dist/scanners/skills/index.js

@@ -0,0 +1,159 @@
+/**
+ * AI Agent Skills Security Scanner
+ * Scans SKILL.md files for HIPAA violations and security issues
+ */
+import { readFile } from 'fs/promises';
+import { ALL_SKILL_PATTERNS } from './patterns.js';
+export const skillsScanner = {
+    name: 'AI Agent Skills Scanner',
+    category: 'access-control',
+    async scan(files, options) {
+        const findings = [];
+        // Filter to only SKILL.md files
+        const skillFiles = files.filter((f) => f.endsWith('SKILL.md') ||
+            f.endsWith('skill.md') ||
+            f.endsWith('.skill.md') ||
+            f.includes('/skills/') ||
+            f.includes('/.clawrc/'));
+        if (skillFiles.length === 0) {
+            return findings;
+        }
+        console.log(`🔍 Scanning ${skillFiles.length} AI Agent Skill file(s)...`);
+        for (const file of skillFiles) {
+            try {
+                const content = await readFile(file, 'utf-8');
+                const lines = content.split('\n');
+                // Scan each pattern
+                for (const pattern of ALL_SKILL_PATTERNS) {
+                    for (let i = 0; i < lines.length; i++) {
+                        const line = lines[i];
+                        const match = line.match(pattern.pattern);
+                        if (match) {
+                            // Extract context (±3 lines)
+                            const contextStart = Math.max(0, i - 3);
+                            const contextEnd = Math.min(lines.length, i + 4);
+                            const context = lines
+                                .slice(contextStart, contextEnd)
+                                .map((l, idx) => ({
+                                lineNumber: contextStart + idx + 1,
+                                content: l,
+                                isMatch: contextStart + idx === i,
+                            }));
+                            findings.push({
+                                id: pattern.id,
+                                category: mapCategoryToCompliance(pattern.category),
+                                severity: pattern.severity,
+                                title: pattern.name,
+                                description: pattern.description,
+                                file,
+                                line: i + 1,
+                                recommendation: pattern.recommendation,
+                                hipaaReference: pattern.hipaaReference,
+                                context,
+                                confidence: 'high',
+                            });
+                        }
+                    }
+                }
+                // Additional analysis: check for skill metadata
+                const metadata = extractSkillMetadata(content);
+                // Warn if skill requests broad permissions
+                if (metadata.permissions?.includes('*') || metadata.permissions?.includes('all')) {
+                    findings.push({
+                        id: 'skill-excessive-permissions',
+                        category: 'access-control',
+                        severity: 'high',
+                        title: 'Skill requests excessive permissions',
+                        description: `Skill requests wildcard permissions (*). This violates principle of least privilege.`,
+                        file,
+                        line: metadata.permissionsLine || 1,
+                        recommendation: 'Limit skill permissions to specific actions needed. Use whitelist approach.',
+                        hipaaReference: '§164.308(a)(4) - Access Controls',
+                        confidence: 'high',
+                    });
+                }
+                // Warn if skill has no author/source
+                if (!metadata.author && !metadata.source) {
+                    findings.push({
+                        id: 'skill-unknown-author',
+                        category: 'access-control',
+                        severity: 'medium',
+                        title: 'Skill from unknown/unverified source',
+                        description: 'Skill has no author or source attribution. Cannot verify authenticity.',
+                        file,
+                        line: 1,
+                        recommendation: 'Only install skills from trusted sources (e.g., verified ClawHub publishers).',
+                        confidence: 'medium',
+                    });
+                }
+                // Check if skill modifies system files
+                if (/(?:rm|mv|chmod|chown)\s+-rf?\s+\//.test(content)) {
+                    findings.push({
+                        id: 'skill-system-modification',
+                        category: 'access-control',
+                        severity: 'critical',
+                        title: 'Skill attempts to modify system files',
+                        description: 'Skill contains commands that modify critical system files',
+                        file,
+                        line: content.split('\n').findIndex((l) => /(?:rm|mv|chmod|chown)\s+-rf?\s+\//.test(l)) + 1,
+                        recommendation: 'REJECT THIS SKILL. System file modifications are extremely dangerous.',
+                        confidence: 'high',
+                    });
+                }
+            }
+            catch (error) {
+                console.error(`Error scanning skill file ${file}:`, error);
+            }
+        }
+        return findings;
+    },
+};
+function mapCategoryToCompliance(skillCategory) {
+    switch (skillCategory) {
+        case 'phi-exposure':
+            return 'phi-exposure';
+        case 'credential-leak':
+            return 'access-control';
+        case 'malicious':
+            return 'access-control';
+        case 'hipaa-violation':
+            return 'encryption'; // Map to encryption as many are about secure transmission
+        default:
+            return 'access-control';
+    }
+}
+function extractSkillMetadata(content) {
+    const metadata = {};
+    const lines = content.split('\n');
+    for (let i = 0; i < lines.length; i++) {
+        const line = lines[i];
+        // Extract author
+        const authorMatch = line.match(/(?:author|by|created.by):\s*(.+)/i);
+        if (authorMatch) {
+            metadata.author = authorMatch[1].trim();
+        }
+        // Extract source
+        const sourceMatch = line.match(/(?:source|repository|url):\s*(.+)/i);
+        if (sourceMatch) {
+            metadata.source = sourceMatch[1].trim();
+        }
+        // Extract permissions
+        const permMatch = line.match(/(?:permissions?|requires?):\s*(.+)/i);
+        if (permMatch) {
+            metadata.permissions = permMatch[1].split(',').map((p) => p.trim());
+            metadata.permissionsLine = i + 1;
+        }
+        // Extract version
+        const versionMatch = line.match(/(?:version):\s*(.+)/i);
+        if (versionMatch) {
+            metadata.version = versionMatch[1].trim();
+        }
+        // Extract name
+        const nameMatch = line.match(/^#\s+(.+)/);
+        if (nameMatch && !metadata.name) {
+            metadata.name = nameMatch[1].trim();
+        }
+    }
+    return metadata;
+}
+//# sourceMappingURL=index.js.map

package/dist/scanners/skills/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/scanners/skills/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AAEvC,OAAO,EAAE,kBAAkB,EAAE,MAAM,eAAe,CAAC;AAEnD,MAAM,CAAC,MAAM,aAAa,GAAY;IACpC,IAAI,EAAE,yBAAyB;IAC/B,QAAQ,EAAE,gBAAgB;IAE1B,KAAK,CAAC,IAAI,CAAC,KAAe,EAAE,OAAoB;QAC9C,MAAM,QAAQ,GAAc,EAAE,CAAC;QAE/B,gCAAgC;QAChC,MAAM,UAAU,GAAG,KAAK,CAAC,MAAM,CAC7B,CAAC,CAAC,EAAE,EAAE,CACJ,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC;YACtB,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC;YACtB,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC;YACvB,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC;YACtB,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAC1B,CAAC;QAEF,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC5B,OAAO,QAAQ,CAAC;QAClB,CAAC;QAED,OAAO,CAAC,GAAG,CAAC,eAAe,UAAU,CAAC,MAAM,4BAA4B,CAAC,CAAC;QAE1E,KAAK,MAAM,IAAI,IAAI,UAAU,EAAE,CAAC;YAC9B,IAAI,CAAC;gBACH,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;gBAC9C,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;gBAElC,oBAAoB;gBACpB,KAAK,MAAM,OAAO,IAAI,kBAAkB,EAAE,CAAC;oBACzC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;wBACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;wBACtB,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;wBAE1C,IAAI,KAAK,EAAE,CAAC;4BACV,6BAA6B;4BAC7B,MAAM,YAAY,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;4BACxC,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;4BACjD,MAAM,OAAO,GAAG,KAAK;iCAClB,KAAK,CAAC,YAAY,EAAE,UAAU,CAAC;iCAC/B,GAAG,CAAC,CAAC,CAAC,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;gCAChB,UAAU,EAAE,YAAY,GAAG,GAAG,GAAG,CAAC;gCAClC,OAAO,EAAE,CAAC;gCACV,OAAO,EAAE,YAAY,GAAG,GAAG,KAAK,CAAC;6BAClC,CAAC,CAAC,CAAC;4BAEN,QAAQ,CAAC,IAAI,CAAC;gCACZ,EAAE,EAAE,OAAO,CAAC,EAAE;gCACd,QAAQ,EAAE,uBAAuB,CAAC,OAAO,CAAC,QAAQ,CAAC;gCACnD,QAAQ,EAAE,OAAO,CAAC,QAAQ;gCAC1B,KAAK,EAAE,OAAO,CAAC,IAAI;gCACnB,WAAW,EAAE,OAAO,CAAC,WAAW;gCAChC,IAAI;gCACJ,IAAI,EAAE,CAAC,GAAG,CAAC;gCACX,cAAc,EAAE,OAAO,CAAC,cAAc;gCACtC,cAAc,EAAE,OAAO,CAAC,cAAc;gCACtC,OAAO;gCACP,UAAU,EAAE,MAAM;6BACnB,CAAC,CAAC;wBACL,CAAC;oBACH,CAAC;gBACH,CAAC;gBAED,gDAAgD;gBAChD,MAAM,QAAQ,GAAG,oBAAoB,CAAC,OAAO,CAAC,CAAC;gBAE/C,2CAA2C;gBAC3C,IAAI,QAAQ,CAAC,WAAW,EAAE,QAAQ,CAAC,GAAG,CAAC,IAAI,QAAQ,CAAC,WAAW,EAAE,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;oBACjF,QAAQ,CAAC,IAAI,CAAC;wBACZ,EAAE,EAAE,6BAA6B;wBACjC,QAAQ,EAAE,gBAAgB;wBAC1B,QAAQ,EAAE,MAAM;wBAChB,KAAK,EAAE,sCAAsC;wBAC7C,WAAW,EAAE,sFAAsF;wBACnG,IAAI;wBACJ,IAAI,EAAE,QAAQ,CAAC,eAAe,IAAI,CAAC;wBACnC,cAAc,EAAE,6EAA6E;wBAC7F,cAAc,EAAE,kCAAkC;wBAClD,UAAU,EAAE,MAAM;qBACnB,CAAC,CAAC;gBACL,CAAC;gBAED,qCAAqC;gBACrC,IAAI,CAAC,QAAQ,CAAC,MAAM,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC;oBACzC,QAAQ,CAAC,IAAI,CAAC;wBACZ,EAAE,EAAE,sBAAsB;wBAC1B,QAAQ,EAAE,gBAAgB;wBAC1B,QAAQ,EAAE,QAAQ;wBAClB,KAAK,EAAE,sCAAsC;wBAC7C,WAAW,EAAE,wEAAwE;wBACrF,IAAI;wBACJ,IAAI,EAAE,CAAC;wBACP,cAAc,EAAE,+EAA+E;wBAC/F,UAAU,EAAE,QAAQ;qBACrB,CAAC,CAAC;gBACL,CAAC;gBAED,uCAAuC;gBACvC,IAAI,mCAAmC,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;oBACtD,QAAQ,CAAC,IAAI,CAAC;wBACZ,EAAE,EAAE,2BAA2B;wBAC/B,QAAQ,EAAE,gBAAgB;wBAC1B,QAAQ,EAAE,UAAU;wBACpB,KAAK,EAAE,uCAAuC;wBAC9C,WAAW,EAAE,2DAA2D;wBACxE,IAAI;wBACJ,IAAI,EAAE,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,mCAAmC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;wBAC3F,cAAc,EAAE,uEAAuE;wBACvF,UAAU,EAAE,MAAM;qBACnB,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,OAAO,CAAC,KAAK,CAAC,6BAA6B,IAAI,GAAG,EAAE,KAAK,CAAC,CAAC;YAC7D,CAAC;QACH,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF,CAAC;AAEF,SAAS,uBAAuB,CAC9B,aAAqB;IAErB,QAAQ,aAAa,EAAE,CAAC;QACtB,KAAK,cAAc;YACjB,OAAO,cAAc,CAAC;QACxB,KAAK,iBAAiB;YACpB,OAAO,gBAAgB,CAAC;QAC1B,KAAK,WAAW;YACd,OAAO,gBAAgB,CAAC;QAC1B,KAAK,iBAAiB;YACpB,OAAO,YAAY,CAAC,CAAC,0DAA0D;QACjF;YACE,OAAO,gBAAgB,CAAC;IAC5B,CAAC;AACH,CAAC;AAWD,SAAS,oBAAoB,CAAC,OAAe;IAC3C,MAAM,QAAQ,GAAkB,EAAE,CAAC;IACnC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAElC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QAEtB,iBAAiB;QACjB,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,mCAAmC,CAAC,CAAC;QACpE,IAAI,WAAW,EAAE,CAAC;YAChB,QAAQ,CAAC,MAAM,GAAG,WAAW,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QAC1C,CAAC;QAED,iBAAiB;QACjB,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,oCAAoC,CAAC,CAAC;QACrE,IAAI,WAAW,EAAE,CAAC;YAChB,QAAQ,CAAC,MAAM,GAAG,WAAW,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QAC1C,CAAC;QAED,sBAAsB;QACtB,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,qCAAqC,CAAC,CAAC;QACpE,IAAI,SAAS,EAAE,CAAC;YACd,QAAQ,CAAC,WAAW,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;YACpE,QAAQ,CAAC,eAAe,GAAG,CAAC,GAAG,CAAC,CAAC;QACnC,CAAC;QAED,kBAAkB;QAClB,MAAM,YAAY,GAAG,IAAI,CAAC,KAAK,CAAC,sBAAsB,CAAC,CAAC;QACxD,IAAI,YAAY,EAAE,CAAC;YACjB,QAAQ,CAAC,OAAO,GAAG,YAAY,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QAC5C,CAAC;QAED,eAAe;QACf,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;QAC1C,IAAI,SAAS,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;YAChC,QAAQ,CAAC,IAAI,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QACtC,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC"}

package/dist/scanners/skills/patterns.d.ts

@@ -0,0 +1,20 @@
+/**
+ * AI Agent Skills Security Patterns (HIPAA-focused)
+ * Detects vulnerabilities in SKILL.md files for Claude Code, MCP, Cursor, etc.
+ */
+export interface SkillPattern {
+    id: string;
+    name: string;
+    pattern: RegExp;
+    severity: 'critical' | 'high' | 'medium' | 'low';
+    description: string;
+    recommendation: string;
+    hipaaReference?: string;
+    category: 'phi-exposure' | 'credential-leak' | 'malicious' | 'hipaa-violation';
+}
+export declare const PHI_EXPOSURE_PATTERNS: SkillPattern[];
+export declare const CREDENTIAL_LEAK_PATTERNS: SkillPattern[];
+export declare const MALICIOUS_PATTERNS: SkillPattern[];
+export declare const HIPAA_VIOLATION_PATTERNS: SkillPattern[];
+export declare const ALL_SKILL_PATTERNS: SkillPattern[];
+//# sourceMappingURL=patterns.d.ts.map

package/dist/scanners/skills/patterns.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"patterns.d.ts","sourceRoot":"","sources":["../../../src/scanners/skills/patterns.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,MAAM,WAAW,YAAY;IAC3B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;IACjD,WAAW,EAAE,MAAM,CAAC;IACpB,cAAc,EAAE,MAAM,CAAC;IACvB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,QAAQ,EAAE,cAAc,GAAG,iBAAiB,GAAG,WAAW,GAAG,iBAAiB,CAAC;CAChF;AAGD,eAAO,MAAM,qBAAqB,EAAE,YAAY,EAmD/C,CAAC;AAGF,eAAO,MAAM,wBAAwB,EAAE,YAAY,EA8ClD,CAAC;AAGF,eAAO,MAAM,kBAAkB,EAAE,YAAY,EA+C5C,CAAC;AAGF,eAAO,MAAM,wBAAwB,EAAE,YAAY,EAmDlD,CAAC;AAGF,eAAO,MAAM,kBAAkB,EAAE,YAAY,EAK5C,CAAC"}

package/dist/scanners/skills/patterns.js

@@ -0,0 +1,215 @@
+/**
+ * AI Agent Skills Security Patterns (HIPAA-focused)
+ * Detects vulnerabilities in SKILL.md files for Claude Code, MCP, Cursor, etc.
+ */
+// PHI Exposure Patterns
+export const PHI_EXPOSURE_PATTERNS = [
+    {
+        id: 'skill-phi-hardcoded-ssn',
+        name: 'Hardcoded SSN in skill prompt',
+        pattern: /\b\d{3}[-\s]?\d{2}[-\s]?\d{4}\b/,
+        severity: 'critical',
+        description: 'Social Security Number found in skill definition',
+        recommendation: 'Never hardcode PHI in skill prompts. Use placeholders like {{patient_id}} instead.',
+        hipaaReference: '§164.502(a) - PHI Use and Disclosure',
+        category: 'phi-exposure',
+    },
+    {
+        id: 'skill-phi-patient-name',
+        name: 'Patient name in example',
+        pattern: /(?:patient|client|user)(?:\s+name)?[:=]\s*['"]?(?!{{)[A-Z][a-z]+\s+[A-Z][a-z]+['"]?/i,
+        severity: 'high',
+        description: 'Real patient name appears in skill prompt example',
+        recommendation: 'Use fictional names (e.g., "John Doe") or template variables {{patient_name}}',
+        hipaaReference: '§164.502(a) - PHI Use and Disclosure',
+        category: 'phi-exposure',
+    },
+    {
+        id: 'skill-phi-dob',
+        name: 'Date of birth in prompt',
+        pattern: /(?:dob|date.{0,5}birth|birthdate)[:=]\s*['"]?\d{1,2}[\/\-]\d{1,2}[\/\-]\d{2,4}['"]?/i,
+        severity: 'high',
+        description: 'Date of birth found in skill definition',
+        recommendation: 'Use template variable {{date_of_birth}} instead of actual dates',
+        hipaaReference: '§164.502(a) - PHI Use and Disclosure',
+        category: 'phi-exposure',
+    },
+    {
+        id: 'skill-phi-mrn',
+        name: 'Medical Record Number exposed',
+        pattern: /(?:mrn|medical.{0,10}record.{0,10}number)[:=]\s*['"]?\d{6,}['"]?/i,
+        severity: 'critical',
+        description: 'Medical Record Number found in skill prompt',
+        recommendation: 'Never include real MRNs. Use {{medical_record_number}} placeholder.',
+        hipaaReference: '§164.502(a) - PHI Use and Disclosure',
+        category: 'phi-exposure',
+    },
+    {
+        id: 'skill-phi-diagnosis',
+        name: 'Diagnosis code in prompt',
+        pattern: /(?:diagnosis|icd.?10?|condition)[:=]\s*['"]?[A-Z]\d{2}(?:\.\d{1,2})?['"]?/i,
+        severity: 'medium',
+        description: 'ICD diagnosis code found in skill example',
+        recommendation: 'Use generic examples or template variables for diagnoses',
+        hipaaReference: '§164.502(a) - PHI Use and Disclosure',
+        category: 'phi-exposure',
+    },
+];
+// Credential Leak Patterns
+export const CREDENTIAL_LEAK_PATTERNS = [
+    {
+        id: 'skill-api-key-exposed',
+        name: 'API key in skill configuration',
+        pattern: /(?:api.{0,5}key|apikey|access.{0,5}key)[:=]\s*['"]?[A-Za-z0-9_\-]{20,}['"]?/i,
+        severity: 'critical',
+        description: 'Hardcoded API key found in skill',
+        recommendation: 'Use environment variables: ${ANTHROPIC_API_KEY} or prompt user for keys',
+        category: 'credential-leak',
+    },
+    {
+        id: 'skill-aws-credentials',
+        name: 'AWS credentials exposed',
+        pattern: /(?:AKIA|aws_access_key_id|aws_secret_access_key)[:=\s]['"]?[A-Z0-9]{20,}['"]?/i,
+        severity: 'critical',
+        description: 'AWS credentials found in skill definition',
+        recommendation: 'Never hardcode AWS credentials. Use IAM roles or environment variables.',
+        category: 'credential-leak',
+    },
+    {
+        id: 'skill-database-password',
+        name: 'Database password in connection string',
+        pattern: /(?:postgres|mysql|mongodb):\/\/[^:]+:([^@\s]{4,})@/i,
+        severity: 'critical',
+        description: 'Database password exposed in connection string',
+        recommendation: 'Use environment variables: ${DB_PASSWORD} or credential manager',
+        category: 'credential-leak',
+    },
+    {
+        id: 'skill-bearer-token',
+        name: 'Bearer token hardcoded',
+        pattern: /bearer\s+[A-Za-z0-9_\-\.]{20,}/i,
+        severity: 'critical',
+        description: 'Bearer authentication token found in skill',
+        recommendation: 'Tokens should be fetched securely at runtime, not hardcoded',
+        category: 'credential-leak',
+    },
+    {
+        id: 'skill-private-key',
+        name: 'Private key in skill',
+        pattern: /-----BEGIN (?:RSA |EC )?PRIVATE KEY-----/,
+        severity: 'critical',
+        description: 'Private cryptographic key found in skill definition',
+        recommendation: 'Never include private keys. Use key management service.',
+        category: 'credential-leak',
+    },
+];
+// Malicious Command Patterns
+export const MALICIOUS_PATTERNS = [
+    {
+        id: 'skill-data-exfiltration',
+        name: 'Data exfiltration detected',
+        pattern: /curl\s+(?:-X\s+POST\s+)?(?:https?:\/\/)?(?!localhost|127\.0\.0\.1|api\.(?:anthropic|openai)\.com)[^\s]+.*?\|/,
+        severity: 'critical',
+        description: 'Potential data exfiltration via curl to external domain',
+        recommendation: 'Review external API calls. Healthcare data should not be sent to unknown endpoints.',
+        hipaaReference: '§164.308(a)(4) - Access Controls',
+        category: 'malicious',
+    },
+    {
+        id: 'skill-reverse-shell',
+        name: 'Reverse shell attempt',
+        pattern: /(?:bash|sh|zsh)\s+-[ci]\s+['"].*?\/dev\/tcp\/|nc\s+-[el]|ncat\s+--exec/,
+        severity: 'critical',
+        description: 'Reverse shell command detected - potential backdoor',
+        recommendation: 'REJECT THIS SKILL. This is a clear malicious pattern.',
+        category: 'malicious',
+    },
+    {
+        id: 'skill-atomic-stealer',
+        name: 'Atomic Stealer pattern',
+        pattern: /(?:curl|wget).*?\.sh\s*\|\s*(?:bash|sh)|base64\s+-d.*?\|\s*(?:bash|sh)/,
+        severity: 'critical',
+        description: 'Pattern matches known Atomic Stealer malware distribution',
+        recommendation: 'REJECT THIS SKILL. This matches malware signatures from Snyk analysis.',
+        category: 'malicious',
+    },
+    {
+        id: 'skill-credential-scraper',
+        name: 'Credential scraping detected',
+        pattern: /(?:cat|grep|find).*?(?:\.aws|\.ssh|\.env|password|credential|secret)/i,
+        severity: 'high',
+        description: 'Commands that search for credential files',
+        recommendation: 'Verify legitimacy. Skills should not scrape credential files.',
+        category: 'malicious',
+    },
+    {
+        id: 'skill-obfuscated-command',
+        name: 'Obfuscated command execution',
+        pattern: /eval\s*\$\(|`.*?`|\$\{[^}]*?\}/,
+        severity: 'high',
+        description: 'Command substitution or eval - common in malware',
+        recommendation: 'Review carefully. Obfuscation often hides malicious intent.',
+        category: 'malicious',
+    },
+];
+// HIPAA-Specific Violations
+export const HIPAA_VIOLATION_PATTERNS = [
+    {
+        id: 'skill-http-phi-transmission',
+        name: 'PHI transmitted over HTTP',
+        pattern: /(?:curl|fetch|axios|request).*?http:\/\/(?!localhost|127\.0\.0\.1).*?(?:patient|phi|health|medical)/i,
+        severity: 'critical',
+        description: 'Skill transmits PHI over unencrypted HTTP',
+        recommendation: 'Use HTTPS for all PHI transmission. HTTP violates HIPAA encryption requirements.',
+        hipaaReference: '§164.312(e)(1) - Transmission Security',
+        category: 'hipaa-violation',
+    },
+    {
+        id: 'skill-no-audit-logging',
+        name: 'PHI access without audit logging',
+        pattern: /(?:SELECT|UPDATE|DELETE).*?FROM.*?(?:patient|phi|health_record)(?!.*?(?:log|audit))/i,
+        severity: 'high',
+        description: 'Skill accesses PHI database without audit logging',
+        recommendation: 'Add audit logging: auditLog.record({ action, userId, resourceId })',
+        hipaaReference: '§164.308(a)(1)(ii)(D) - Audit Controls',
+        category: 'hipaa-violation',
+    },
+    {
+        id: 'skill-phi-in-logs',
+        name: 'PHI logged to console/files',
+        pattern: /(?:console\.log|print|echo|logger\.).*?(?:\$\{?patient|\$\{?phi|medical_record)/i,
+        severity: 'high',
+        description: 'Skill logs PHI to console or log files',
+        recommendation: 'Never log PHI. Use redacted logging: logger.info({ patientId: "***" })',
+        hipaaReference: '§164.502(a) - PHI Use and Disclosure',
+        category: 'hipaa-violation',
+    },
+    {
+        id: 'skill-phi-in-url',
+        name: 'PHI in URL parameters',
+        pattern: /(?:\?|&)(?:ssn|dob|mrn|diagnosis)=/i,
+        severity: 'critical',
+        description: 'Skill passes PHI in URL query parameters',
+        recommendation: 'Use POST with encrypted body. URLs are logged by proxies/servers.',
+        hipaaReference: '§164.312(e)(1) - Transmission Security',
+        category: 'hipaa-violation',
+    },
+    {
+        id: 'skill-no-encryption',
+        name: 'Missing encryption for PHI storage',
+        pattern: /(?:localStorage|sessionStorage|\.setItem).*?(?:patient|phi|health)/i,
+        severity: 'critical',
+        description: 'Skill stores PHI in browser storage without encryption',
+        recommendation: 'Use encrypted storage or server-side session storage only.',
+        hipaaReference: '§164.312(a)(2)(iv) - Encryption',
+        category: 'hipaa-violation',
+    },
+];
+// All patterns combined
+export const ALL_SKILL_PATTERNS = [
+    ...PHI_EXPOSURE_PATTERNS,
+    ...CREDENTIAL_LEAK_PATTERNS,
+    ...MALICIOUS_PATTERNS,
+    ...HIPAA_VIOLATION_PATTERNS,
+];
+//# sourceMappingURL=patterns.js.map

package/dist/scanners/skills/patterns.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"patterns.js","sourceRoot":"","sources":["../../../src/scanners/skills/patterns.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAaH,wBAAwB;AACxB,MAAM,CAAC,MAAM,qBAAqB,GAAmB;IACnD;QACE,EAAE,EAAE,yBAAyB;QAC7B,IAAI,EAAE,+BAA+B;QACrC,OAAO,EAAE,iCAAiC;QAC1C,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,kDAAkD;QAC/D,cAAc,EAAE,oFAAoF;QACpG,cAAc,EAAE,sCAAsC;QACtD,QAAQ,EAAE,cAAc;KACzB;IACD;QACE,EAAE,EAAE,wBAAwB;QAC5B,IAAI,EAAE,yBAAyB;QAC/B,OAAO,EAAE,sFAAsF;QAC/F,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,mDAAmD;QAChE,cAAc,EAAE,+EAA+E;QAC/F,cAAc,EAAE,sCAAsC;QACtD,QAAQ,EAAE,cAAc;KACzB;IACD;QACE,EAAE,EAAE,eAAe;QACnB,IAAI,EAAE,yBAAyB;QAC/B,OAAO,EAAE,sFAAsF;QAC/F,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,yCAAyC;QACtD,cAAc,EAAE,iEAAiE;QACjF,cAAc,EAAE,sCAAsC;QACtD,QAAQ,EAAE,cAAc;KACzB;IACD;QACE,EAAE,EAAE,eAAe;QACnB,IAAI,EAAE,+BAA+B;QACrC,OAAO,EAAE,mEAAmE;QAC5E,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,6CAA6C;QAC1D,cAAc,EAAE,qEAAqE;QACrF,cAAc,EAAE,sCAAsC;QACtD,QAAQ,EAAE,cAAc;KACzB;IACD;QACE,EAAE,EAAE,qBAAqB;QACzB,IAAI,EAAE,0BAA0B;QAChC,OAAO,EAAE,4EAA4E;QACrF,QAAQ,EAAE,QAAQ;QAClB,WAAW,EAAE,2CAA2C;QACxD,cAAc,EAAE,0DAA0D;QAC1E,cAAc,EAAE,sCAAsC;QACtD,QAAQ,EAAE,cAAc;KACzB;CACF,CAAC;AAEF,2BAA2B;AAC3B,MAAM,CAAC,MAAM,wBAAwB,GAAmB;IACtD;QACE,EAAE,EAAE,uBAAuB;QAC3B,IAAI,EAAE,gCAAgC;QACtC,OAAO,EAAE,8EAA8E;QACvF,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,kCAAkC;QAC/C,cAAc,EAAE,yEAAyE;QACzF,QAAQ,EAAE,iBAAiB;KAC5B;IACD;QACE,EAAE,EAAE,uBAAuB;QAC3B,IAAI,EAAE,yBAAyB;QAC/B,OAAO,EAAE,gFAAgF;QACzF,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,2CAA2C;QACxD,cAAc,EAAE,yEAAyE;QACzF,QAAQ,EAAE,iBAAiB;KAC5B;IACD;QACE,EAAE,EAAE,yBAAyB;QAC7B,IAAI,EAAE,wCAAwC;QAC9C,OAAO,EAAE,qDAAqD;QAC9D,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,gDAAgD;QAC7D,cAAc,EAAE,iEAAiE;QACjF,QAAQ,EAAE,iBAAiB;KAC5B;IACD;QACE,EAAE,EAAE,oBAAoB;QACxB,IAAI,EAAE,wBAAwB;QAC9B,OAAO,EAAE,iCAAiC;QAC1C,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,4CAA4C;QACzD,cAAc,EAAE,6DAA6D;QAC7E,QAAQ,EAAE,iBAAiB;KAC5B;IACD;QACE,EAAE,EAAE,mBAAmB;QACvB,IAAI,EAAE,sBAAsB;QAC5B,OAAO,EAAE,0CAA0C;QACnD,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,qDAAqD;QAClE,cAAc,EAAE,yDAAyD;QACzE,QAAQ,EAAE,iBAAiB;KAC5B;CACF,CAAC;AAEF,6BAA6B;AAC7B,MAAM,CAAC,MAAM,kBAAkB,GAAmB;IAChD;QACE,EAAE,EAAE,yBAAyB;QAC7B,IAAI,EAAE,4BAA4B;QAClC,OAAO,EAAE,8GAA8G;QACvH,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,yDAAyD;QACtE,cAAc,EAAE,qFAAqF;QACrG,cAAc,EAAE,kCAAkC;QAClD,QAAQ,EAAE,WAAW;KACtB;IACD;QACE,EAAE,EAAE,qBAAqB;QACzB,IAAI,EAAE,uBAAuB;QAC7B,OAAO,EAAE,wEAAwE;QACjF,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,qDAAqD;QAClE,cAAc,EAAE,uDAAuD;QACvE,QAAQ,EAAE,WAAW;KACtB;IACD;QACE,EAAE,EAAE,sBAAsB;QAC1B,IAAI,EAAE,wBAAwB;QAC9B,OAAO,EAAE,wEAAwE;QACjF,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,2DAA2D;QACxE,cAAc,EAAE,wEAAwE;QACxF,QAAQ,EAAE,WAAW;KACtB;IACD;QACE,EAAE,EAAE,0BAA0B;QAC9B,IAAI,EAAE,8BAA8B;QACpC,OAAO,EAAE,uEAAuE;QAChF,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,2CAA2C;QACxD,cAAc,EAAE,+DAA+D;QAC/E,QAAQ,EAAE,WAAW;KACtB;IACD;QACE,EAAE,EAAE,0BAA0B;QAC9B,IAAI,EAAE,8BAA8B;QACpC,OAAO,EAAE,gCAAgC;QACzC,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,kDAAkD;QAC/D,cAAc,EAAE,6DAA6D;QAC7E,QAAQ,EAAE,WAAW;KACtB;CACF,CAAC;AAEF,4BAA4B;AAC5B,MAAM,CAAC,MAAM,wBAAwB,GAAmB;IACtD;QACE,EAAE,EAAE,6BAA6B;QACjC,IAAI,EAAE,2BAA2B;QACjC,OAAO,EAAE,sGAAsG;QAC/G,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,2CAA2C;QACxD,cAAc,EAAE,kFAAkF;QAClG,cAAc,EAAE,wCAAwC;QACxD,QAAQ,EAAE,iBAAiB;KAC5B;IACD;QACE,EAAE,EAAE,wBAAwB;QAC5B,IAAI,EAAE,kCAAkC;QACxC,OAAO,EAAE,sFAAsF;QAC/F,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,mDAAmD;QAChE,cAAc,EAAE,oEAAoE;QACpF,cAAc,EAAE,wCAAwC;QACxD,QAAQ,EAAE,iBAAiB;KAC5B;IACD;QACE,EAAE,EAAE,mBAAmB;QACvB,IAAI,EAAE,6BAA6B;QACnC,OAAO,EAAE,kFAAkF;QAC3F,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,wCAAwC;QACrD,cAAc,EAAE,wEAAwE;QACxF,cAAc,EAAE,sCAAsC;QACtD,QAAQ,EAAE,iBAAiB;KAC5B;IACD;QACE,EAAE,EAAE,kBAAkB;QACtB,IAAI,EAAE,uBAAuB;QAC7B,OAAO,EAAE,qCAAqC;QAC9C,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,0CAA0C;QACvD,cAAc,EAAE,mEAAmE;QACnF,cAAc,EAAE,wCAAwC;QACxD,QAAQ,EAAE,iBAAiB;KAC5B;IACD;QACE,EAAE,EAAE,qBAAqB;QACzB,IAAI,EAAE,oCAAoC;QAC1C,OAAO,EAAE,qEAAqE;QAC9E,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,wDAAwD;QACrE,cAAc,EAAE,4DAA4D;QAC5E,cAAc,EAAE,iCAAiC;QACjD,QAAQ,EAAE,iBAAiB;KAC5B;CACF,CAAC;AAEF,wBAAwB;AACxB,MAAM,CAAC,MAAM,kBAAkB,GAAmB;IAChD,GAAG,qBAAqB;IACxB,GAAG,wBAAwB;IAC3B,GAAG,kBAAkB;IACrB,GAAG,wBAAwB;CAC5B,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "verification-layer",
-  "version": "0.19.0",
+  "version": "0.21.0",
   "description": "CLI tool for HIPAA compliance scanning and reporting",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",