vskill 0.1.0

package/dist/scanner/patterns.js

@@ -0,0 +1,347 @@
+// ---------------------------------------------------------------------------
+// Tier 1 Security Scan Patterns
+// 37 regex-based patterns for static analysis of skill content.
+// ---------------------------------------------------------------------------
+// ---- Patterns (37 total) --------------------------------------------------
+export const SCAN_PATTERNS = [
+    // --- Command Injection (1-7) ---------------------------------------------
+    {
+        id: "CI-001",
+        name: "exec() call",
+        severity: "critical",
+        description: "Detects child_process.exec or similar exec calls that run shell commands",
+        pattern: /\bexec\s*\(/g,
+        category: "command-injection",
+    },
+    {
+        id: "CI-002",
+        name: "spawn() call",
+        severity: "high",
+        description: "Detects child_process.spawn invocations",
+        pattern: /\bspawn\s*\(/g,
+        category: "command-injection",
+    },
+    {
+        id: "CI-003",
+        name: "system() call",
+        severity: "critical",
+        description: "Detects system-level command execution",
+        pattern: /\bsystem\s*\(/g,
+        category: "command-injection",
+    },
+    {
+        id: "CI-004",
+        name: "Shell command strings",
+        severity: "high",
+        description: "Detects common shell commands embedded in strings",
+        pattern: /(?:"|'|`)\s*(?:\/bin\/(?:sh|bash|zsh)|cmd(?:\.exe)?)\b/g,
+        category: "command-injection",
+    },
+    {
+        id: "CI-005",
+        name: "Backtick shell execution",
+        severity: "high",
+        description: "Detects backtick-based command substitution patterns",
+        pattern: /child_process|execSync|spawnSync|execFile/g,
+        category: "command-injection",
+    },
+    {
+        id: "CI-006",
+        name: "Shell pipe operator",
+        severity: "medium",
+        description: "Detects shell piping within exec-like calls",
+        pattern: /exec\s*\([^)]*\|[^)]*\)/g,
+        category: "command-injection",
+    },
+    {
+        id: "CI-007",
+        name: "Command interpolation",
+        severity: "high",
+        description: "Detects string interpolation in shell commands",
+        pattern: /exec\s*\(\s*`[^`]*\$\{/g,
+        category: "command-injection",
+    },
+    // --- Data Exfiltration (8-12) --------------------------------------------
+    {
+        id: "DE-001",
+        name: "Fetch to external URL",
+        severity: "high",
+        description: "Detects fetch calls to external/dynamic URLs",
+        pattern: /fetch\s*\(\s*(?:`[^`]*\$\{|[a-zA-Z_]\w*\s*[\+,])/g,
+        category: "data-exfiltration",
+    },
+    {
+        id: "DE-002",
+        name: "XMLHttpRequest usage",
+        severity: "high",
+        description: "Detects XMLHttpRequest which can send data externally",
+        pattern: /new\s+XMLHttpRequest/g,
+        category: "data-exfiltration",
+    },
+    {
+        id: "DE-003",
+        name: "WebSocket to external host",
+        severity: "high",
+        description: "Detects WebSocket connections that could exfiltrate data",
+        pattern: /new\s+WebSocket\s*\(/g,
+        category: "data-exfiltration",
+    },
+    {
+        id: "DE-004",
+        name: "DNS exfiltration pattern",
+        severity: "medium",
+        description: "Detects encoding data into DNS lookups",
+        pattern: /dns\.(?:resolve|lookup)\s*\(.*(?:\+|concat|\$\{)/g,
+        category: "data-exfiltration",
+    },
+    {
+        id: "DE-005",
+        name: "Base64 encode and send",
+        severity: "medium",
+        description: "Detects base64 encoding followed by network send (exfil pattern)",
+        pattern: /btoa\s*\(|Buffer\.from\([^)]*\)\.toString\s*\(\s*['"]base64['"]/g,
+        category: "data-exfiltration",
+    },
+    // --- Privilege Escalation (13-17) ----------------------------------------
+    {
+        id: "PE-001",
+        name: "sudo invocation",
+        severity: "critical",
+        description: "Detects attempts to run commands with sudo",
+        pattern: /\bsudo\s+/g,
+        category: "privilege-escalation",
+    },
+    {
+        id: "PE-002",
+        name: "chmod modification",
+        severity: "high",
+        description: "Detects changing file permissions",
+        pattern: /\bchmod\s+/g,
+        category: "privilege-escalation",
+    },
+    {
+        id: "PE-003",
+        name: "chown modification",
+        severity: "high",
+        description: "Detects changing file ownership",
+        pattern: /\bchown\s+/g,
+        category: "privilege-escalation",
+    },
+    {
+        id: "PE-004",
+        name: "setuid/setgid",
+        severity: "critical",
+        description: "Detects setuid/setgid operations",
+        pattern: /\bset(?:uid|gid|euid|egid)\s*\(/g,
+        category: "privilege-escalation",
+    },
+    {
+        id: "PE-005",
+        name: "Process privilege change",
+        severity: "high",
+        description: "Detects process.setuid or similar privilege modifications",
+        pattern: /process\.set(?:uid|gid|groups)\s*\(/g,
+        category: "privilege-escalation",
+    },
+    // --- Credential Theft (18-23) --------------------------------------------
+    {
+        id: "CT-001",
+        name: "Read .env file",
+        severity: "critical",
+        description: "Detects reading .env files which contain secrets",
+        pattern: /readFile(?:Sync)?\s*\([^)]*\.env\b/g,
+        category: "credential-theft",
+    },
+    {
+        id: "CT-002",
+        name: "Read SSH keys",
+        severity: "critical",
+        description: "Detects accessing .ssh directory or key files",
+        pattern: /\.ssh[/\\]|id_rsa|id_ed25519|authorized_keys/g,
+        category: "credential-theft",
+    },
+    {
+        id: "CT-003",
+        name: "Read AWS credentials",
+        severity: "critical",
+        description: "Detects accessing AWS credential files",
+        pattern: /\.aws[/\\]credentials|AWS_SECRET_ACCESS_KEY|AWS_ACCESS_KEY_ID/g,
+        category: "credential-theft",
+    },
+    {
+        id: "CT-004",
+        name: "Keychain access",
+        severity: "critical",
+        description: "Detects macOS keychain or system credential store access",
+        pattern: /security\s+find-(?:generic|internet)-password|keychain|credential-store/g,
+        category: "credential-theft",
+    },
+    {
+        id: "CT-005",
+        name: "Secrets in environment",
+        severity: "high",
+        description: "Detects broad process.env access patterns",
+        pattern: /process\.env\[(?:[^'"\]]*\+|[a-zA-Z_]\w*\])/g,
+        category: "credential-theft",
+    },
+    {
+        id: "CT-006",
+        name: "Token/secret variable patterns",
+        severity: "medium",
+        description: "Detects variables likely holding secrets being sent externally",
+        pattern: /(?:token|secret|password|api_key|apiKey)\s*[:=]\s*(?:process\.env|readFile)/gi,
+        category: "credential-theft",
+    },
+    // --- Prompt Injection (24-27) --------------------------------------------
+    {
+        id: "PI-001",
+        name: "System prompt override",
+        severity: "critical",
+        description: "Detects attempts to override or replace system prompts",
+        pattern: /(?:system\s*prompt|system\s*message|system\s*instruction)\s*[:=]/gi,
+        category: "prompt-injection",
+    },
+    {
+        id: "PI-002",
+        name: "Ignore previous instructions",
+        severity: "critical",
+        description: "Detects classic prompt injection phrase",
+        pattern: /ignore\s+(?:all\s+)?(?:previous|prior|above)\s+instructions/gi,
+        category: "prompt-injection",
+    },
+    {
+        id: "PI-003",
+        name: "Role impersonation",
+        severity: "high",
+        description: "Detects attempts to assume a different AI role",
+        pattern: /you\s+are\s+now\s+(?:a|an)\s+|act\s+as\s+(?:a|an)\s+|pretend\s+(?:to\s+be|you\s+are)/gi,
+        category: "prompt-injection",
+    },
+    {
+        id: "PI-004",
+        name: "Instruction boundary escape",
+        severity: "high",
+        description: "Detects delimiter injection patterns",
+        pattern: /\[\/INST\]|\[INST\]|<\|im_end\|>|<\|im_start\|>|<\|system\|>/g,
+        category: "prompt-injection",
+    },
+    // --- Filesystem Access (28-31) -------------------------------------------
+    {
+        id: "FS-001",
+        name: "Recursive delete",
+        severity: "critical",
+        description: "Detects rm -rf or recursive deletion commands",
+        pattern: /rm\s+-[a-zA-Z]*r[a-zA-Z]*f|rm\s+-[a-zA-Z]*f[a-zA-Z]*r|rimraf\s*\(/g,
+        category: "filesystem-access",
+    },
+    {
+        id: "FS-002",
+        name: "Write to system paths",
+        severity: "critical",
+        description: "Detects writing to system-critical paths",
+        pattern: /writeFile(?:Sync)?\s*\([^)]*(?:\/etc\/|\/usr\/|\/var\/|\/System\/|C:\\Windows)/g,
+        category: "filesystem-access",
+    },
+    {
+        id: "FS-003",
+        name: "Path traversal",
+        severity: "high",
+        description: "Detects directory traversal attempts",
+        pattern: /\.\.[/\\]\.\.[/\\]|\.\.(?:[/\\]){2,}/g,
+        category: "filesystem-access",
+    },
+    {
+        id: "FS-004",
+        name: "Symlink manipulation",
+        severity: "medium",
+        description: "Detects symlink creation that could be used for path hijacking",
+        pattern: /symlink(?:Sync)?\s*\(|ln\s+-s\s+/g,
+        category: "filesystem-access",
+    },
+    // --- Network Access (32-34) ----------------------------------------------
+    {
+        id: "NA-001",
+        name: "Curl/wget to unknown host",
+        severity: "high",
+        description: "Detects curl or wget commands that download from external hosts",
+        pattern: /\b(?:curl|wget)\s+(?:-[a-zA-Z]*\s+)*(?:https?:\/\/|[`"'])/g,
+        category: "network-access",
+    },
+    {
+        id: "NA-002",
+        name: "Reverse shell pattern",
+        severity: "critical",
+        description: "Detects reverse shell connection patterns",
+        pattern: /(?:\/dev\/tcp\/|nc\s+-[a-z]*e|ncat\s|bash\s+-i\s+>&|mkfifo|0<&\d+)/g,
+        category: "network-access",
+    },
+    {
+        id: "NA-003",
+        name: "Dynamic URL construction",
+        severity: "medium",
+        description: "Detects building URLs from variables (potential C2 communication)",
+        pattern: /(?:http|https):\/\/\$\{|(?:http|https):\/\/['"]\s*\+/g,
+        category: "network-access",
+    },
+    // --- Code Execution (35-37) ----------------------------------------------
+    {
+        id: "CE-001",
+        name: "eval() usage",
+        severity: "critical",
+        description: "Detects eval() which executes arbitrary code",
+        pattern: /\beval\s*\(/g,
+        category: "code-execution",
+    },
+    {
+        id: "CE-002",
+        name: "Function() constructor",
+        severity: "critical",
+        description: "Detects new Function() which compiles and runs arbitrary code",
+        pattern: /new\s+Function\s*\(/g,
+        category: "code-execution",
+    },
+    {
+        id: "CE-003",
+        name: "Dynamic remote import",
+        severity: "high",
+        description: "Detects dynamic import of remote/variable modules",
+        pattern: /import\s*\(\s*(?:`[^`]*\$\{|[a-zA-Z_]\w*\s*[\+)])/g,
+        category: "code-execution",
+    },
+];
+// ---- Scanner function -----------------------------------------------------
+/**
+ * Scan content against all 37 patterns, returning every match found.
+ */
+export function scanContent(content) {
+    const lines = content.split("\n");
+    const findings = [];
+    for (const pattern of SCAN_PATTERNS) {
+        // Reset the regex lastIndex for each pattern (they use /g flag)
+        const regex = new RegExp(pattern.pattern.source, pattern.pattern.flags);
+        for (let lineIdx = 0; lineIdx < lines.length; lineIdx++) {
+            const line = lines[lineIdx];
+            let match;
+            while ((match = regex.exec(line)) !== null) {
+                // Build context: up to 1 line before and after
+                const contextLines = [];
+                if (lineIdx > 0)
+                    contextLines.push(lines[lineIdx - 1]);
+                contextLines.push(line);
+                if (lineIdx < lines.length - 1)
+                    contextLines.push(lines[lineIdx + 1]);
+                findings.push({
+                    patternId: pattern.id,
+                    patternName: pattern.name,
+                    severity: pattern.severity,
+                    category: pattern.category,
+                    match: match[0],
+                    lineNumber: lineIdx + 1,
+                    context: contextLines.join("\n"),
+                });
+            }
+        }
+    }
+    return findings;
+}
+//# sourceMappingURL=patterns.js.map

package/dist/scanner/patterns.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"patterns.js","sourceRoot":"","sources":["../../src/scanner/patterns.ts"],"names":[],"mappings":"AAAA,8EAA8E;AAC9E,gCAAgC;AAChC,gEAAgE;AAChE,8EAA8E;AAqC9E,8EAA8E;AAE9E,MAAM,CAAC,MAAM,aAAa,GAAkB;IAC1C,4EAA4E;IAC5E;QACE,EAAE,EAAE,QAAQ;QACZ,IAAI,EAAE,aAAa;QACnB,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,0EAA0E;QACvF,OAAO,EAAE,cAAc;QACvB,QAAQ,EAAE,mBAAmB;KAC9B;IACD;QACE,EAAE,EAAE,QAAQ;QACZ,IAAI,EAAE,cAAc;QACpB,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,yCAAyC;QACtD,OAAO,EAAE,eAAe;QACxB,QAAQ,EAAE,mBAAmB;KAC9B;IACD;QACE,EAAE,EAAE,QAAQ;QACZ,IAAI,EAAE,eAAe;QACrB,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,wCAAwC;QACrD,OAAO,EAAE,gBAAgB;QACzB,QAAQ,EAAE,mBAAmB;KAC9B;IACD;QACE,EAAE,EAAE,QAAQ;QACZ,IAAI,EAAE,uBAAuB;QAC7B,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,mDAAmD;QAChE,OAAO,EAAE,yDAAyD;QAClE,QAAQ,EAAE,mBAAmB;KAC9B;IACD;QACE,EAAE,EAAE,QAAQ;QACZ,IAAI,EAAE,0BAA0B;QAChC,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,sDAAsD;QACnE,OAAO,EAAE,4CAA4C;QACrD,QAAQ,EAAE,mBAAmB;KAC9B;IACD;QACE,EAAE,EAAE,QAAQ;QACZ,IAAI,EAAE,qBAAqB;QAC3B,QAAQ,EAAE,QAAQ;QAClB,WAAW,EAAE,6CAA6C;QAC1D,OAAO,EAAE,0BAA0B;QACnC,QAAQ,EAAE,mBAAmB;KAC9B;IACD;QACE,EAAE,EAAE,QAAQ;QACZ,IAAI,EAAE,uBAAuB;QAC7B,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,gDAAgD;QAC7D,OAAO,EAAE,yBAAyB;QAClC,QAAQ,EAAE,mBAAmB;KAC9B;IAED,4EAA4E;IAC5E;QACE,EAAE,EAAE,QAAQ;QACZ,IAAI,EAAE,uBAAuB;QAC7B,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,8CAA8C;QAC3D,OAAO,EAAE,mDAAmD;QAC5D,QAAQ,EAAE,mBAAmB;KAC9B;IACD;QACE,EAAE,EAAE,QAAQ;QACZ,IAAI,EAAE,sBAAsB;QAC5B,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,uDAAuD;QACpE,OAAO,EAAE,uBAAuB;QAChC,QAAQ,EAAE,mBAAmB;KAC9B;IACD;QACE,EAAE,EAAE,QAAQ;QACZ,IAAI,EAAE,4BAA4B;QAClC,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,0DAA0D;QACvE,OAAO,EAAE,uBAAuB;QAChC,QAAQ,EAAE,mBAAmB;KAC9B;IACD;QACE,EAAE,EAAE,QAAQ;QACZ,IAAI,EAAE,0BAA0B;QAChC,QAAQ,EAAE,QAAQ;QAClB,WAAW,EAAE,wCAAwC;QACrD,OAAO,EAAE,mDAAmD;QAC5D,QAAQ,EAAE,mBAAmB;KAC9B;IACD;QACE,EAAE,EAAE,QAAQ;QACZ,IAAI,EAAE,wBAAwB;QAC9B,QAAQ,EAAE,QAAQ;QAClB,WAAW,EAAE,kEAAkE;QAC/E,OAAO,EAAE,kEAAkE;QAC3E,QAAQ,EAAE,mBAAmB;KAC9B;IAED,4EAA4E;IAC5E;QACE,EAAE,EAAE,QAAQ;QACZ,IAAI,EAAE,iBAAiB;QACvB,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,4CAA4C;QACzD,OAAO,EAAE,YAAY;QACrB,QAAQ,EAAE,sBAAsB;KACjC;IACD;QACE,EAAE,EAAE,QAAQ;QACZ,IAAI,EAAE,oBAAoB;QAC1B,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,mCAAmC;QAChD,OAAO,EAAE,aAAa;QACtB,QAAQ,EAAE,sBAAsB;KACjC;IACD;QACE,EAAE,EAAE,QAAQ;QACZ,IAAI,EAAE,oBAAoB;QAC1B,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,iCAAiC;QAC9C,OAAO,EAAE,aAAa;QACtB,QAAQ,EAAE,sBAAsB;KACjC;IACD;QACE,EAAE,EAAE,QAAQ;QACZ,IAAI,EAAE,eAAe;QACrB,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,kCAAkC;QAC/C,OAAO,EAAE,kCAAkC;QAC3C,QAAQ,EAAE,sBAAsB;KACjC;IACD;QACE,EAAE,EAAE,QAAQ;QACZ,IAAI,EAAE,0BAA0B;QAChC,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,2DAA2D;QACxE,OAAO,EAAE,sCAAsC;QAC/C,QAAQ,EAAE,sBAAsB;KACjC;IAED,4EAA4E;IAC5E;QACE,EAAE,EAAE,QAAQ;QACZ,IAAI,EAAE,gBAAgB;QACtB,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,kDAAkD;QAC/D,OAAO,EAAE,qCAAqC;QAC9C,QAAQ,EAAE,kBAAkB;KAC7B;IACD;QACE,EAAE,EAAE,QAAQ;QACZ,IAAI,EAAE,eAAe;QACrB,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,+CAA+C;QAC5D,OAAO,EAAE,+CAA+C;QACxD,QAAQ,EAAE,kBAAkB;KAC7B;IACD;QACE,EAAE,EAAE,QAAQ;QACZ,IAAI,EAAE,sBAAsB;QAC5B,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,wCAAwC;QACrD,OAAO,EAAE,gEAAgE;QACzE,QAAQ,EAAE,kBAAkB;KAC7B;IACD;QACE,EAAE,EAAE,QAAQ;QACZ,IAAI,EAAE,iBAAiB;QACvB,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,0DAA0D;QACvE,OAAO,EAAE,0EAA0E;QACnF,QAAQ,EAAE,kBAAkB;KAC7B;IACD;QACE,EAAE,EAAE,QAAQ;QACZ,IAAI,EAAE,wBAAwB;QAC9B,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,2CAA2C;QACxD,OAAO,EAAE,8CAA8C;QACvD,QAAQ,EAAE,kBAAkB;KAC7B;IACD;QACE,EAAE,EAAE,QAAQ;QACZ,IAAI,EAAE,gCAAgC;QACtC,QAAQ,EAAE,QAAQ;QAClB,WAAW,EAAE,gEAAgE;QAC7E,OAAO,EAAE,+EAA+E;QACxF,QAAQ,EAAE,kBAAkB;KAC7B;IAED,4EAA4E;IAC5E;QACE,EAAE,EAAE,QAAQ;QACZ,IAAI,EAAE,wBAAwB;QAC9B,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,wDAAwD;QACrE,OAAO,EAAE,oEAAoE;QAC7E,QAAQ,EAAE,kBAAkB;KAC7B;IACD;QACE,EAAE,EAAE,QAAQ;QACZ,IAAI,EAAE,8BAA8B;QACpC,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,yCAAyC;QACtD,OAAO,EAAE,+DAA+D;QACxE,QAAQ,EAAE,kBAAkB;KAC7B;IACD;QACE,EAAE,EAAE,QAAQ;QACZ,IAAI,EAAE,oBAAoB;QAC1B,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,gDAAgD;QAC7D,OAAO,EAAE,wFAAwF;QACjG,QAAQ,EAAE,kBAAkB;KAC7B;IACD;QACE,EAAE,EAAE,QAAQ;QACZ,IAAI,EAAE,6BAA6B;QACnC,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,sCAAsC;QACnD,OAAO,EAAE,+DAA+D;QACxE,QAAQ,EAAE,kBAAkB;KAC7B;IAED,4EAA4E;IAC5E;QACE,EAAE,EAAE,QAAQ;QACZ,IAAI,EAAE,kBAAkB;QACxB,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,+CAA+C;QAC5D,OAAO,EAAE,oEAAoE;QAC7E,QAAQ,EAAE,mBAAmB;KAC9B;IACD;QACE,EAAE,EAAE,QAAQ;QACZ,IAAI,EAAE,uBAAuB;QAC7B,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,0CAA0C;QACvD,OAAO,EAAE,iFAAiF;QAC1F,QAAQ,EAAE,mBAAmB;KAC9B;IACD;QACE,EAAE,EAAE,QAAQ;QACZ,IAAI,EAAE,gBAAgB;QACtB,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,sCAAsC;QACnD,OAAO,EAAE,uCAAuC;QAChD,QAAQ,EAAE,mBAAmB;KAC9B;IACD;QACE,EAAE,EAAE,QAAQ;QACZ,IAAI,EAAE,sBAAsB;QAC5B,QAAQ,EAAE,QAAQ;QAClB,WAAW,EAAE,gEAAgE;QAC7E,OAAO,EAAE,mCAAmC;QAC5C,QAAQ,EAAE,mBAAmB;KAC9B;IAED,4EAA4E;IAC5E;QACE,EAAE,EAAE,QAAQ;QACZ,IAAI,EAAE,2BAA2B;QACjC,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,iEAAiE;QAC9E,OAAO,EAAE,4DAA4D;QACrE,QAAQ,EAAE,gBAAgB;KAC3B;IACD;QACE,EAAE,EAAE,QAAQ;QACZ,IAAI,EAAE,uBAAuB;QAC7B,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,2CAA2C;QACxD,OAAO,EAAE,qEAAqE;QAC9E,QAAQ,EAAE,gBAAgB;KAC3B;IACD;QACE,EAAE,EAAE,QAAQ;QACZ,IAAI,EAAE,0BAA0B;QAChC,QAAQ,EAAE,QAAQ;QAClB,WAAW,EAAE,mEAAmE;QAChF,OAAO,EAAE,uDAAuD;QAChE,QAAQ,EAAE,gBAAgB;KAC3B;IAED,4EAA4E;IAC5E;QACE,EAAE,EAAE,QAAQ;QACZ,IAAI,EAAE,cAAc;QACpB,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,8CAA8C;QAC3D,OAAO,EAAE,cAAc;QACvB,QAAQ,EAAE,gBAAgB;KAC3B;IACD;QACE,EAAE,EAAE,QAAQ;QACZ,IAAI,EAAE,wBAAwB;QAC9B,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,+DAA+D;QAC5E,OAAO,EAAE,sBAAsB;QAC/B,QAAQ,EAAE,gBAAgB;KAC3B;IACD;QACE,EAAE,EAAE,QAAQ;QACZ,IAAI,EAAE,uBAAuB;QAC7B,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,mDAAmD;QAChE,OAAO,EAAE,oDAAoD;QAC7D,QAAQ,EAAE,gBAAgB;KAC3B;CACF,CAAC;AAEF,8EAA8E;AAE9E;;GAEG;AACH,MAAM,UAAU,WAAW,CAAC,OAAe;IACzC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAClC,MAAM,QAAQ,GAAkB,EAAE,CAAC;IAEnC,KAAK,MAAM,OAAO,IAAI,aAAa,EAAE,CAAC;QACpC,gEAAgE;QAChE,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;QAExE,KAAK,IAAI,OAAO,GAAG,CAAC,EAAE,OAAO,GAAG,KAAK,CAAC,MAAM,EAAE,OAAO,EAAE,EAAE,CAAC;YACxD,MAAM,IAAI,GAAG,KAAK,CAAC,OAAO,CAAC,CAAC;YAC5B,IAAI,KAA6B,CAAC;YAElC,OAAO,CAAC,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;gBAC3C,+CAA+C;gBAC/C,MAAM,YAAY,GAAa,EAAE,CAAC;gBAClC,IAAI,OAAO,GAAG,CAAC;oBAAE,YAAY,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,GAAG,CAAC,CAAC,CAAC,CAAC;gBACvD,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBACxB,IAAI,OAAO,GAAG,KAAK,CAAC,MAAM,GAAG,CAAC;oBAAE,YAAY,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,GAAG,CAAC,CAAC,CAAC,CAAC;gBAEtE,QAAQ,CAAC,IAAI,CAAC;oBACZ,SAAS,EAAE,OAAO,CAAC,EAAE;oBACrB,WAAW,EAAE,OAAO,CAAC,IAAI;oBACzB,QAAQ,EAAE,OAAO,CAAC,QAAQ;oBAC1B,QAAQ,EAAE,OAAO,CAAC,QAAQ;oBAC1B,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC;oBACf,UAAU,EAAE,OAAO,GAAG,CAAC;oBACvB,OAAO,EAAE,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC;iBACjC,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC"}

package/dist/scanner/pipeline/submission-pipeline.d.ts

@@ -0,0 +1,100 @@
+/**
+ * Submission Pipeline State Machine
+ *
+ * Deterministic state machine for processing skill verification requests.
+ * Every state transition is logged for audit trail compliance.
+ *
+ * @see research/submission-state-machine.md for full design
+ */
+/**
+ * All possible states in the submission pipeline.
+ * Terminal states: TIER1_FAILED, REJECTED, PUBLISHED
+ */
+export declare enum SubmissionState {
+    /** Initial state — submission received via API or web form */
+    RECEIVED = "RECEIVED",
+    /** Tier 1 deterministic scan running */
+    TIER1_SCANNING = "TIER1_SCANNING",
+    /** Tier 1 failed — terminal state */
+    TIER1_FAILED = "TIER1_FAILED",
+    /** Tier 2 LLM judge analysis running */
+    TIER2_SCANNING = "TIER2_SCANNING",
+    /** Both tiers passed with score >= 80 — auto-approved */
+    AUTO_APPROVED = "AUTO_APPROVED",
+    /** Tier 2 returned CONCERNS (60-79) or high-privilege skill — needs human review */
+    NEEDS_REVIEW = "NEEDS_REVIEW",
+    /** Tier 3 manual review in progress */
+    TIER3_REVIEW = "TIER3_REVIEW",
+    /** Approved and published to registry */
+    PUBLISHED = "PUBLISHED",
+    /** Rejected at any stage — terminal state */
+    REJECTED = "REJECTED",
+    /** Vendor auto-verified — bypassed scanning */
+    VENDOR_APPROVED = "VENDOR_APPROVED"
+}
+/** Actor types that can trigger state transitions */
+export type TransitionActor = 'system' | 'worker' | 'admin';
+/** A state transition event for the audit trail */
+export interface StateTransitionEvent {
+    /** Unique event ID */
+    id: string;
+    /** Submission this event belongs to */
+    submissionId: string;
+    /** State before the transition (null for initial RECEIVED) */
+    fromState: SubmissionState | null;
+    /** State after the transition */
+    toState: SubmissionState;
+    /** What triggered this transition */
+    trigger: string;
+    /** Who triggered the transition */
+    actor: string;
+    /** Actor type classification */
+    actorType: TransitionActor;
+    /** Context-specific metadata (scan results, scores, etc.) */
+    metadata: Record<string, unknown>;
+    /** ISO timestamp when the transition occurred */
+    createdAt: string;
+}
+/** States from which no further transitions are possible */
+export declare const TERMINAL_STATES: ReadonlySet<SubmissionState>;
+/**
+ * Validate whether a state transition is allowed.
+ *
+ * @param current - The current state of the submission
+ * @param next - The proposed next state
+ * @returns true if the transition is valid
+ */
+export declare function validateTransition(current: SubmissionState, next: SubmissionState): boolean;
+/**
+ * Attempt a state transition. Returns the new state if valid,
+ * throws an error if the transition is not allowed.
+ *
+ * @param current - The current state
+ * @param next - The desired next state
+ * @param trigger - What caused the transition
+ * @param actor - Who triggered the transition
+ * @returns The new state (same as `next`)
+ * @throws Error if the transition is invalid
+ */
+export declare function transition(current: SubmissionState, next: SubmissionState, trigger: string, actor: TransitionActor): SubmissionState;
+/** GitHub organizations whose skills are auto-verified */
+export declare const TRUSTED_ORGS: readonly string[];
+/**
+ * Check if a GitHub repo owner is a trusted vendor organization.
+ *
+ * @param owner - GitHub organization or user name
+ * @returns true if the owner is in the trusted orgs list
+ */
+export declare function isVendorOrg(owner: string): boolean;
+/**
+ * Check if a state is terminal (no further transitions possible).
+ */
+export declare function isTerminalState(state: SubmissionState): boolean;
+/**
+ * Get all valid next states from the current state.
+ */
+export declare function getNextStates(state: SubmissionState): SubmissionState[];
+/**
+ * Create a state transition audit event.
+ */
+export declare function createTransitionEvent(submissionId: string, fromState: SubmissionState | null, toState: SubmissionState, trigger: string, actor: string, actorType: TransitionActor, metadata?: Record<string, unknown>): StateTransitionEvent;

package/dist/scanner/pipeline/submission-pipeline.js

@@ -0,0 +1,173 @@
+/**
+ * Submission Pipeline State Machine
+ *
+ * Deterministic state machine for processing skill verification requests.
+ * Every state transition is logged for audit trail compliance.
+ *
+ * @see research/submission-state-machine.md for full design
+ */
+// ---------------------------------------------------------------------------
+// State Enum
+// ---------------------------------------------------------------------------
+/**
+ * All possible states in the submission pipeline.
+ * Terminal states: TIER1_FAILED, REJECTED, PUBLISHED
+ */
+export var SubmissionState;
+(function (SubmissionState) {
+    /** Initial state — submission received via API or web form */
+    SubmissionState["RECEIVED"] = "RECEIVED";
+    /** Tier 1 deterministic scan running */
+    SubmissionState["TIER1_SCANNING"] = "TIER1_SCANNING";
+    /** Tier 1 failed — terminal state */
+    SubmissionState["TIER1_FAILED"] = "TIER1_FAILED";
+    /** Tier 2 LLM judge analysis running */
+    SubmissionState["TIER2_SCANNING"] = "TIER2_SCANNING";
+    /** Both tiers passed with score >= 80 — auto-approved */
+    SubmissionState["AUTO_APPROVED"] = "AUTO_APPROVED";
+    /** Tier 2 returned CONCERNS (60-79) or high-privilege skill — needs human review */
+    SubmissionState["NEEDS_REVIEW"] = "NEEDS_REVIEW";
+    /** Tier 3 manual review in progress */
+    SubmissionState["TIER3_REVIEW"] = "TIER3_REVIEW";
+    /** Approved and published to registry */
+    SubmissionState["PUBLISHED"] = "PUBLISHED";
+    /** Rejected at any stage — terminal state */
+    SubmissionState["REJECTED"] = "REJECTED";
+    /** Vendor auto-verified — bypassed scanning */
+    SubmissionState["VENDOR_APPROVED"] = "VENDOR_APPROVED";
+})(SubmissionState || (SubmissionState = {}));
+// ---------------------------------------------------------------------------
+// Valid Transitions Map
+// ---------------------------------------------------------------------------
+/**
+ * Defines all valid state transitions.
+ * Any transition not in this map is invalid and will be rejected.
+ */
+const VALID_TRANSITIONS = {
+    [SubmissionState.RECEIVED]: [
+        SubmissionState.VENDOR_APPROVED,
+        SubmissionState.TIER1_SCANNING,
+    ],
+    [SubmissionState.TIER1_SCANNING]: [
+        SubmissionState.TIER2_SCANNING,
+        SubmissionState.TIER1_FAILED,
+    ],
+    [SubmissionState.TIER1_FAILED]: [],
+    [SubmissionState.TIER2_SCANNING]: [
+        SubmissionState.AUTO_APPROVED,
+        SubmissionState.NEEDS_REVIEW,
+        SubmissionState.REJECTED,
+    ],
+    [SubmissionState.AUTO_APPROVED]: [
+        SubmissionState.PUBLISHED,
+    ],
+    [SubmissionState.NEEDS_REVIEW]: [
+        SubmissionState.TIER3_REVIEW,
+        SubmissionState.REJECTED,
+    ],
+    [SubmissionState.TIER3_REVIEW]: [
+        SubmissionState.PUBLISHED,
+        SubmissionState.REJECTED,
+    ],
+    [SubmissionState.PUBLISHED]: [],
+    [SubmissionState.REJECTED]: [],
+    [SubmissionState.VENDOR_APPROVED]: [
+        SubmissionState.PUBLISHED,
+    ],
+};
+// ---------------------------------------------------------------------------
+// Terminal States
+// ---------------------------------------------------------------------------
+/** States from which no further transitions are possible */
+export const TERMINAL_STATES = new Set([
+    SubmissionState.TIER1_FAILED,
+    SubmissionState.PUBLISHED,
+    SubmissionState.REJECTED,
+]);
+// ---------------------------------------------------------------------------
+// Transition Function
+// ---------------------------------------------------------------------------
+/**
+ * Validate whether a state transition is allowed.
+ *
+ * @param current - The current state of the submission
+ * @param next - The proposed next state
+ * @returns true if the transition is valid
+ */
+export function validateTransition(current, next) {
+    const allowed = VALID_TRANSITIONS[current];
+    if (!allowed)
+        return false;
+    return allowed.includes(next);
+}
+/**
+ * Attempt a state transition. Returns the new state if valid,
+ * throws an error if the transition is not allowed.
+ *
+ * @param current - The current state
+ * @param next - The desired next state
+ * @param trigger - What caused the transition
+ * @param actor - Who triggered the transition
+ * @returns The new state (same as `next`)
+ * @throws Error if the transition is invalid
+ */
+export function transition(current, next, trigger, actor) {
+    if (!validateTransition(current, next)) {
+        throw new Error(`Invalid state transition: ${current} → ${next} (trigger: ${trigger}, actor: ${actor})`);
+    }
+    return next;
+}
+// ---------------------------------------------------------------------------
+// Vendor Fast-Path
+// ---------------------------------------------------------------------------
+/** GitHub organizations whose skills are auto-verified */
+export const TRUSTED_ORGS = [
+    'anthropics',
+    'openai',
+    'google',
+    'google-gemini',
+    'vercel-labs',
+    'supabase',
+    'microsoft',
+];
+/**
+ * Check if a GitHub repo owner is a trusted vendor organization.
+ *
+ * @param owner - GitHub organization or user name
+ * @returns true if the owner is in the trusted orgs list
+ */
+export function isVendorOrg(owner) {
+    return TRUSTED_ORGS.includes(owner.toLowerCase());
+}
+// ---------------------------------------------------------------------------
+// Utility Functions
+// ---------------------------------------------------------------------------
+/**
+ * Check if a state is terminal (no further transitions possible).
+ */
+export function isTerminalState(state) {
+    return TERMINAL_STATES.has(state);
+}
+/**
+ * Get all valid next states from the current state.
+ */
+export function getNextStates(state) {
+    return VALID_TRANSITIONS[state] ?? [];
+}
+/**
+ * Create a state transition audit event.
+ */
+export function createTransitionEvent(submissionId, fromState, toState, trigger, actor, actorType, metadata = {}) {
+    return {
+        id: crypto.randomUUID(),
+        submissionId,
+        fromState,
+        toState,
+        trigger,
+        actor,
+        actorType,
+        metadata,
+        createdAt: new Date().toISOString(),
+    };
+}
+//# sourceMappingURL=submission-pipeline.js.map

package/dist/scanner/pipeline/submission-pipeline.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"submission-pipeline.js","sourceRoot":"","sources":["../../../src/scanner/pipeline/submission-pipeline.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,8EAA8E;AAC9E,aAAa;AACb,8EAA8E;AAE9E;;;GAGG;AACH,MAAM,CAAN,IAAY,eA8BX;AA9BD,WAAY,eAAe;IACzB,8DAA8D;IAC9D,wCAAqB,CAAA;IAErB,wCAAwC;IACxC,oDAAiC,CAAA;IAEjC,qCAAqC;IACrC,gDAA6B,CAAA;IAE7B,wCAAwC;IACxC,oDAAiC,CAAA;IAEjC,yDAAyD;IACzD,kDAA+B,CAAA;IAE/B,oFAAoF;IACpF,gDAA6B,CAAA;IAE7B,uCAAuC;IACvC,gDAA6B,CAAA;IAE7B,yCAAyC;IACzC,0CAAuB,CAAA;IAEvB,6CAA6C;IAC7C,wCAAqB,CAAA;IAErB,+CAA+C;IAC/C,sDAAmC,CAAA;AACrC,CAAC,EA9BW,eAAe,KAAf,eAAe,QA8B1B;AAuCD,8EAA8E;AAC9E,wBAAwB;AACxB,8EAA8E;AAE9E;;;GAGG;AACH,MAAM,iBAAiB,GAA+C;IACpE,CAAC,eAAe,CAAC,QAAQ,CAAC,EAAE;QAC1B,eAAe,CAAC,eAAe;QAC/B,eAAe,CAAC,cAAc;KAC/B;IACD,CAAC,eAAe,CAAC,cAAc,CAAC,EAAE;QAChC,eAAe,CAAC,cAAc;QAC9B,eAAe,CAAC,YAAY;KAC7B;IACD,CAAC,eAAe,CAAC,YAAY,CAAC,EAAE,EAAE;IAClC,CAAC,eAAe,CAAC,cAAc,CAAC,EAAE;QAChC,eAAe,CAAC,aAAa;QAC7B,eAAe,CAAC,YAAY;QAC5B,eAAe,CAAC,QAAQ;KACzB;IACD,CAAC,eAAe,CAAC,aAAa,CAAC,EAAE;QAC/B,eAAe,CAAC,SAAS;KAC1B;IACD,CAAC,eAAe,CAAC,YAAY,CAAC,EAAE;QAC9B,eAAe,CAAC,YAAY;QAC5B,eAAe,CAAC,QAAQ;KACzB;IACD,CAAC,eAAe,CAAC,YAAY,CAAC,EAAE;QAC9B,eAAe,CAAC,SAAS;QACzB,eAAe,CAAC,QAAQ;KACzB;IACD,CAAC,eAAe,CAAC,SAAS,CAAC,EAAE,EAAE;IAC/B,CAAC,eAAe,CAAC,QAAQ,CAAC,EAAE,EAAE;IAC9B,CAAC,eAAe,CAAC,eAAe,CAAC,EAAE;QACjC,eAAe,CAAC,SAAS;KAC1B;CACF,CAAC;AAEF,8EAA8E;AAC9E,kBAAkB;AAClB,8EAA8E;AAE9E,4DAA4D;AAC5D,MAAM,CAAC,MAAM,eAAe,GAAiC,IAAI,GAAG,CAAC;IACnE,eAAe,CAAC,YAAY;IAC5B,eAAe,CAAC,SAAS;IACzB,eAAe,CAAC,QAAQ;CACzB,CAAC,CAAC;AAEH,8EAA8E;AAC9E,sBAAsB;AACtB,8EAA8E;AAE9E;;;;;;GAMG;AACH,MAAM,UAAU,kBAAkB,CAChC,OAAwB,EACxB,IAAqB;IAErB,MAAM,OAAO,GAAG,iBAAiB,CAAC,OAAO,CAAC,CAAC;IAC3C,IAAI,CAAC,OAAO;QAAE,OAAO,KAAK,CAAC;IAC3B,OAAO,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;AAChC,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,UAAU,UAAU,CACxB,OAAwB,EACxB,IAAqB,EACrB,OAAe,EACf,KAAsB;IAEtB,IAAI,CAAC,kBAAkB,CAAC,OAAO,EAAE,IAAI,CAAC,EAAE,CAAC;QACvC,MAAM,IAAI,KAAK,CACb,6BAA6B,OAAO,MAAM,IAAI,cAAc,OAAO,YAAY,KAAK,GAAG,CACxF,CAAC;IACJ,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,8EAA8E;AAC9E,mBAAmB;AACnB,8EAA8E;AAE9E,0DAA0D;AAC1D,MAAM,CAAC,MAAM,YAAY,GAAsB;IAC7C,YAAY;IACZ,QAAQ;IACR,QAAQ;IACR,eAAe;IACf,aAAa;IACb,UAAU;IACV,WAAW;CACZ,CAAC;AAEF;;;;;GAKG;AACH,MAAM,UAAU,WAAW,CAAC,KAAa;IACvC,OAAO,YAAY,CAAC,QAAQ,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC,CAAC;AACpD,CAAC;AAED,8EAA8E;AAC9E,oBAAoB;AACpB,8EAA8E;AAE9E;;GAEG;AACH,MAAM,UAAU,eAAe,CAAC,KAAsB;IACpD,OAAO,eAAe,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;AACpC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,aAAa,CAAC,KAAsB;IAClD,OAAO,iBAAiB,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;AACxC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,qBAAqB,CACnC,YAAoB,EACpB,SAAiC,EACjC,OAAwB,EACxB,OAAe,EACf,KAAa,EACb,SAA0B,EAC1B,WAAoC,EAAE;IAEtC,OAAO;QACL,EAAE,EAAE,MAAM,CAAC,UAAU,EAAE;QACvB,YAAY;QACZ,SAAS;QACT,OAAO;QACP,OAAO;QACP,KAAK;QACL,SAAS;QACT,QAAQ;QACR,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;KACpC,CAAC;AACJ,CAAC"}

package/dist/scanner/tier1.d.ts

@@ -0,0 +1,23 @@
+import { type ScanFinding, type ScanVerdict } from "./patterns.js";
+export interface Tier1Result {
+    verdict: ScanVerdict;
+    findings: ScanFinding[];
+    score: number;
+    patternsChecked: number;
+    criticalCount: number;
+    highCount: number;
+    mediumCount: number;
+    lowCount: number;
+    infoCount: number;
+    durationMs: number;
+}
+/**
+ * Run the Tier 1 static scan against the provided skill content.
+ *
+ * Scoring starts at 100 and deducts points per finding based on severity.
+ * Verdict thresholds:
+ *   >= 80  PASS
+ *   50-79  CONCERNS
+ *   < 50   FAIL
+ */
+export declare function runTier1Scan(content: string): Tier1Result;