zora-agent 0.9.0

package/dist/security/capability-tokens.js

@@ -0,0 +1,110 @@
+/**
+ * Capability Tokens — Worker capability enforcement.
+ *
+ * Spec §5.3 (WorkerCapabilityToken):
+ *   - Create scoped tokens from policy
+ *   - Enforce actions against token capabilities
+ *   - Expiration checks
+ */
+import path from 'node:path';
+const DEFAULT_EXPIRATION_MS = 30 * 60 * 1000; // 30 minutes
+/**
+ * Create a capability token scoped from policy for a specific job.
+ */
+export function createCapabilityToken(jobId, policy, overrides) {
+    const now = new Date();
+    const maxExecTime = overrides?.maxExecutionTime ?? parseTimeToMs(policy.shell.max_execution_time);
+    return {
+        jobId,
+        allowedPaths: overrides?.allowedPaths ?? [...policy.filesystem.allowed_paths],
+        deniedPaths: overrides?.deniedPaths ?? [...policy.filesystem.denied_paths],
+        allowedCommands: overrides?.allowedCommands ?? [...policy.shell.allowed_commands],
+        allowedTools: overrides?.allowedTools ?? [],
+        maxExecutionTime: maxExecTime,
+        createdAt: now,
+        expiresAt: new Date(now.getTime() + DEFAULT_EXPIRATION_MS),
+    };
+}
+/**
+ * Check if an action is within the scope of a capability token.
+ */
+export function enforceCapability(token, action) {
+    // Check expiration first
+    if (isTokenExpired(token)) {
+        return { allowed: false, reason: 'Token has expired' };
+    }
+    switch (action.type) {
+        case 'path':
+            return _enforcePath(token, action.target);
+        case 'command':
+            return _enforceCommand(token, action.target);
+        case 'tool':
+            return _enforceTool(token, action.target);
+        default:
+            return { allowed: false, reason: `Unknown action type: ${String(action.type)}` };
+    }
+}
+/**
+ * Check if a token has expired.
+ */
+export function isTokenExpired(token) {
+    return new Date() > token.expiresAt;
+}
+// ─── Private Helpers ──────────────────────────────────────────────
+function _enforcePath(token, targetPath) {
+    // Normalize the path to prevent traversal bypasses (e.g., /allowed/../denied)
+    const normalized = path.resolve(targetPath);
+    // Check denied paths first
+    for (const denied of token.deniedPaths) {
+        const normalizedDenied = path.resolve(denied);
+        if (normalized === normalizedDenied || normalized.startsWith(normalizedDenied + '/')) {
+            return { allowed: false, reason: `Path ${normalized} is denied by capability token` };
+        }
+    }
+    // Check allowed paths
+    for (const allowed of token.allowedPaths) {
+        const normalizedAllowed = path.resolve(allowed);
+        if (normalized === normalizedAllowed || normalized.startsWith(normalizedAllowed + '/')) {
+            return { allowed: true };
+        }
+    }
+    return { allowed: false, reason: `Path ${normalized} is not in token's allowed paths` };
+}
+function _enforceCommand(token, command) {
+    const baseCommand = command.trim().split(/\s+/)[0] ?? '';
+    if (token.allowedCommands.length === 0) {
+        return { allowed: false, reason: 'No commands are allowed by this capability token' };
+    }
+    if (!token.allowedCommands.includes(baseCommand)) {
+        return { allowed: false, reason: `Command '${baseCommand}' is not in token's allowed commands` };
+    }
+    return { allowed: true };
+}
+function _enforceTool(token, toolName) {
+    if (token.allowedTools.length === 0) {
+        // If no tools are specified, all tools are allowed (open policy)
+        return { allowed: true };
+    }
+    if (!token.allowedTools.includes(toolName)) {
+        return { allowed: false, reason: `Tool '${toolName}' is not in token's allowed tools` };
+    }
+    return { allowed: true };
+}
+/**
+ * Parse a time string like "1m", "30s", "2h" into milliseconds.
+ */
+function parseTimeToMs(timeStr) {
+    const match = /^(\d+)\s*(ms|s|m|h)$/.exec(timeStr);
+    if (!match)
+        return 60_000; // default 1 minute
+    const value = parseInt(match[1], 10);
+    const unit = match[2];
+    switch (unit) {
+        case 'ms': return value;
+        case 's': return value * 1000;
+        case 'm': return value * 60_000;
+        case 'h': return value * 3_600_000;
+        default: return 60_000;
+    }
+}
+//# sourceMappingURL=capability-tokens.js.map

package/dist/security/capability-tokens.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"capability-tokens.js","sourceRoot":"","sources":["../../src/security/capability-tokens.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,IAAI,MAAM,WAAW,CAAC;AAG7B,MAAM,qBAAqB,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,aAAa;AAY3D;;GAEG;AACH,MAAM,UAAU,qBAAqB,CACnC,KAAa,EACb,MAAkB,EAClB,SAA0I;IAE1I,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;IACvB,MAAM,WAAW,GAAG,SAAS,EAAE,gBAAgB,IAAI,aAAa,CAAC,MAAM,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC;IAElG,OAAO;QACL,KAAK;QACL,YAAY,EAAE,SAAS,EAAE,YAAY,IAAI,CAAC,GAAG,MAAM,CAAC,UAAU,CAAC,aAAa,CAAC;QAC7E,WAAW,EAAE,SAAS,EAAE,WAAW,IAAI,CAAC,GAAG,MAAM,CAAC,UAAU,CAAC,YAAY,CAAC;QAC1E,eAAe,EAAE,SAAS,EAAE,eAAe,IAAI,CAAC,GAAG,MAAM,CAAC,KAAK,CAAC,gBAAgB,CAAC;QACjF,YAAY,EAAE,SAAS,EAAE,YAAY,IAAI,EAAE;QAC3C,gBAAgB,EAAE,WAAW;QAC7B,SAAS,EAAE,GAAG;QACd,SAAS,EAAE,IAAI,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,qBAAqB,CAAC;KAC3D,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAC/B,KAA4B,EAC5B,MAAwB;IAExB,yBAAyB;IACzB,IAAI,cAAc,CAAC,KAAK,CAAC,EAAE,CAAC;QAC1B,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC;IACzD,CAAC;IAED,QAAQ,MAAM,CAAC,IAAI,EAAE,CAAC;QACpB,KAAK,MAAM;YACT,OAAO,YAAY,CAAC,KAAK,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;QAC5C,KAAK,SAAS;YACZ,OAAO,eAAe,CAAC,KAAK,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;QAC/C,KAAK,MAAM;YACT,OAAO,YAAY,CAAC,KAAK,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;QAC5C;YACE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,wBAAwB,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC;IACrF,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,cAAc,CAAC,KAA4B;IACzD,OAAO,IAAI,IAAI,EAAE,GAAG,KAAK,CAAC,SAAS,CAAC;AACtC,CAAC;AAED,qEAAqE;AAErE,SAAS,YAAY,CAAC,KAA4B,EAAE,UAAkB;IACpE,8EAA8E;IAC9E,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;IAE5C,2BAA2B;IAC3B,KAAK,MAAM,MAAM,IAAI,KAAK,CAAC,WAAW,EAAE,CAAC;QACvC,MAAM,gBAAgB,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAC9C,IAAI,UAAU,KAAK,gBAAgB,IAAI,UAAU,CAAC,UAAU,CAAC,gBAAgB,GAAG,GAAG,CAAC,EAAE,CAAC;YACrF,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,QAAQ,UAAU,gCAAgC,EAAE,CAAC;QACxF,CAAC;IACH,CAAC;IAED,sBAAsB;IACtB,KAAK,MAAM,OAAO,IAAI,KAAK,CAAC,YAAY,EAAE,CAAC;QACzC,MAAM,iBAAiB,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAChD,IAAI,UAAU,KAAK,iBAAiB,IAAI,UAAU,CAAC,UAAU,CAAC,iBAAiB,GAAG,GAAG,CAAC,EAAE,CAAC;YACvF,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;QAC3B,CAAC;IACH,CAAC;IAED,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,QAAQ,UAAU,kCAAkC,EAAE,CAAC;AAC1F,CAAC;AAED,SAAS,eAAe,CAAC,KAA4B,EAAE,OAAe;IACpE,MAAM,WAAW,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;IAEzD,IAAI,KAAK,CAAC,eAAe,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvC,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,kDAAkD,EAAE,CAAC;IACxF,CAAC;IAED,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;QACjD,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,YAAY,WAAW,sCAAsC,EAAE,CAAC;IACnG,CAAC;IAED,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;AAC3B,CAAC;AAED,SAAS,YAAY,CAAC,KAA4B,EAAE,QAAgB;IAClE,IAAI,KAAK,CAAC,YAAY,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACpC,iEAAiE;QACjE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IAC3B,CAAC;IAED,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC3C,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,SAAS,QAAQ,mCAAmC,EAAE,CAAC;IAC1F,CAAC;IAED,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;AAC3B,CAAC;AAED;;GAEG;AACH,SAAS,aAAa,CAAC,OAAe;IACpC,MAAM,KAAK,GAAG,sBAAsB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACnD,IAAI,CAAC,KAAK;QAAE,OAAO,MAAM,CAAC,CAAC,mBAAmB;IAE9C,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAE,EAAE,EAAE,CAAC,CAAC;IACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAE,CAAC;IAEvB,QAAQ,IAAI,EAAE,CAAC;QACb,KAAK,IAAI,CAAC,CAAC,OAAO,KAAK,CAAC;QACxB,KAAK,GAAG,CAAC,CAAC,OAAO,KAAK,GAAG,IAAI,CAAC;QAC9B,KAAK,GAAG,CAAC,CAAC,OAAO,KAAK,GAAG,MAAM,CAAC;QAChC,KAAK,GAAG,CAAC,CAAC,OAAO,KAAK,GAAG,SAAS,CAAC;QACnC,OAAO,CAAC,CAAC,OAAO,MAAM,CAAC;IACzB,CAAC;AACH,CAAC"}

package/dist/security/index.d.ts

@@ -0,0 +1,18 @@
+/**
+ * Security barrel exports.
+ */
+export { PolicyEngine } from './policy-engine.js';
+export type { ValidationResult } from './policy-engine.js';
+export { SecretsManager } from './secrets-manager.js';
+export { AuditLogger } from './audit-logger.js';
+export type { AuditEntryInput, AuditFilter, ChainVerificationResult } from './audit-logger.js';
+export { IntegrityGuardian } from './integrity-guardian.js';
+export type { IntegrityCheckResult } from './integrity-guardian.js';
+export { sanitizeInput, validateOutput, sanitizeToolOutput } from './prompt-defense.js';
+export type { OutputValidationResult } from './prompt-defense.js';
+export { IntentCapsuleManager } from './intent-capsule.js';
+export { LeakDetector } from './leak-detector.js';
+export { createCapabilityToken, enforceCapability, isTokenExpired, } from './capability-tokens.js';
+export type { CapabilityAction, EnforcementResult } from './capability-tokens.js';
+export type { AuditEntry, AuditEntryEventType, IntegrityBaseline, SecretReference, LeakPattern, LeakMatch, LeakSeverity, CapabilityGrant, BudgetStatus, DryRunResult, IntentCapsule, DriftCheckResult, } from './security-types.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/security/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/security/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,YAAY,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAE3D,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,YAAY,EAAE,eAAe,EAAE,WAAW,EAAE,uBAAuB,EAAE,MAAM,mBAAmB,CAAC;AAC/F,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAC5D,YAAY,EAAE,oBAAoB,EAAE,MAAM,yBAAyB,CAAC;AACpE,OAAO,EAAE,aAAa,EAAE,cAAc,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC;AACxF,YAAY,EAAE,sBAAsB,EAAE,MAAM,qBAAqB,CAAC;AAClE,OAAO,EAAE,oBAAoB,EAAE,MAAM,qBAAqB,CAAC;AAC3D,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EACL,qBAAqB,EACrB,iBAAiB,EACjB,cAAc,GACf,MAAM,wBAAwB,CAAC;AAChC,YAAY,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAC;AAGlF,YAAY,EACV,UAAU,EACV,mBAAmB,EACnB,iBAAiB,EACjB,eAAe,EACf,WAAW,EACX,SAAS,EACT,YAAY,EACZ,eAAe,EACf,YAAY,EACZ,YAAY,EACZ,aAAa,EACb,gBAAgB,GACjB,MAAM,qBAAqB,CAAC"}

package/dist/security/index.js

@@ -0,0 +1,12 @@
+/**
+ * Security barrel exports.
+ */
+export { PolicyEngine } from './policy-engine.js';
+export { SecretsManager } from './secrets-manager.js';
+export { AuditLogger } from './audit-logger.js';
+export { IntegrityGuardian } from './integrity-guardian.js';
+export { sanitizeInput, validateOutput, sanitizeToolOutput } from './prompt-defense.js';
+export { IntentCapsuleManager } from './intent-capsule.js';
+export { LeakDetector } from './leak-detector.js';
+export { createCapabilityToken, enforceCapability, isTokenExpired, } from './capability-tokens.js';
+//# sourceMappingURL=index.js.map

package/dist/security/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/security/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAGlD,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAEhD,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAE5D,OAAO,EAAE,aAAa,EAAE,cAAc,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC;AAExF,OAAO,EAAE,oBAAoB,EAAE,MAAM,qBAAqB,CAAC;AAC3D,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EACL,qBAAqB,EACrB,iBAAiB,EACjB,cAAc,GACf,MAAM,wBAAwB,CAAC"}

package/dist/security/integrity-guardian.d.ts

@@ -0,0 +1,43 @@
+/**
+ * IntegrityGuardian — SHA-256 baseline integrity checking.
+ *
+ * Spec §5.5 "Integrity Guardian":
+ *   - Computes SHA-256 hashes of critical configuration files
+ *   - Saves baselines and detects tampering
+ *   - Quarantines suspicious files
+ */
+import type { IntegrityBaseline } from './security-types.js';
+export interface IntegrityCheckResult {
+    valid: boolean;
+    mismatches: Array<{
+        file: string;
+        expected: string;
+        actual: string;
+    }>;
+}
+export declare class IntegrityGuardian {
+    private readonly _baseDir;
+    private readonly _toolRegistry;
+    /**
+     * @param baseDir  Root directory containing critical files (e.g. ~/.zora)
+     * @param toolRegistry  Optional map of tool name → definition content to hash
+     */
+    constructor(baseDir: string, toolRegistry?: Record<string, string>);
+    /**
+     * Compute SHA-256 baselines for all critical files and the tool registry.
+     */
+    computeBaseline(): Promise<IntegrityBaseline[]>;
+    /**
+     * Save computed baselines to disk.
+     */
+    saveBaseline(): Promise<void>;
+    /**
+     * Compare current file hashes against saved baselines.
+     */
+    checkIntegrity(): Promise<IntegrityCheckResult>;
+    /**
+     * Quarantine a file by copying it to the quarantine directory with a timestamp.
+     */
+    quarantineFile(filePath: string): Promise<string>;
+}
+//# sourceMappingURL=integrity-guardian.d.ts.map

package/dist/security/integrity-guardian.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"integrity-guardian.d.ts","sourceRoot":"","sources":["../../src/security/integrity-guardian.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAKH,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAC;AAM7D,MAAM,WAAW,oBAAoB;IACnC,KAAK,EAAE,OAAO,CAAC;IACf,UAAU,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;CACvE;AAED,qBAAa,iBAAiB;IAC5B,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAS;IAClC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAyB;IAEvD;;;OAGG;gBACS,OAAO,EAAE,MAAM,EAAE,YAAY,GAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAM;IAKtE;;OAEG;IACG,eAAe,IAAI,OAAO,CAAC,iBAAiB,EAAE,CAAC;IA4BrD;;OAEG;IACG,YAAY,IAAI,OAAO,CAAC,IAAI,CAAC;IAOnC;;OAEG;IACG,cAAc,IAAI,OAAO,CAAC,oBAAoB,CAAC;IA8BrD;;OAEG;IACG,cAAc,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;CAaxD"}

package/dist/security/integrity-guardian.js

@@ -0,0 +1,103 @@
+/**
+ * IntegrityGuardian — SHA-256 baseline integrity checking.
+ *
+ * Spec §5.5 "Integrity Guardian":
+ *   - Computes SHA-256 hashes of critical configuration files
+ *   - Saves baselines and detects tampering
+ *   - Quarantines suspicious files
+ */
+import crypto from 'node:crypto';
+import fs from 'node:fs/promises';
+import path from 'node:path';
+const CRITICAL_FILES = ['SOUL.md', 'MEMORY.md', 'policy.toml', 'config.toml'];
+const BASELINES_FILE = 'state/integrity-baselines.json';
+const QUARANTINE_DIR = 'state/quarantine';
+export class IntegrityGuardian {
+    _baseDir;
+    _toolRegistry;
+    /**
+     * @param baseDir  Root directory containing critical files (e.g. ~/.zora)
+     * @param toolRegistry  Optional map of tool name → definition content to hash
+     */
+    constructor(baseDir, toolRegistry = {}) {
+        this._baseDir = baseDir;
+        this._toolRegistry = toolRegistry;
+    }
+    /**
+     * Compute SHA-256 baselines for all critical files and the tool registry.
+     */
+    async computeBaseline() {
+        const baselines = [];
+        const now = new Date().toISOString();
+        for (const file of CRITICAL_FILES) {
+            const filePath = path.join(this._baseDir, file);
+            try {
+                const content = await fs.readFile(filePath, 'utf-8');
+                const hash = crypto.createHash('sha256').update(content).digest('hex');
+                baselines.push({ filePath: file, hash, updatedAt: now });
+            }
+            catch {
+                // File doesn't exist — record empty hash so we detect creation later
+                baselines.push({ filePath: file, hash: 'FILE_NOT_FOUND', updatedAt: now });
+            }
+        }
+        // Tool registry hash (combined hash of all tool definitions)
+        if (Object.keys(this._toolRegistry).length > 0) {
+            const registryContent = JSON.stringify(Object.fromEntries(Object.entries(this._toolRegistry).sort()));
+            const hash = crypto.createHash('sha256').update(registryContent).digest('hex');
+            baselines.push({ filePath: '__tool_registry__', hash, updatedAt: now });
+        }
+        return baselines;
+    }
+    /**
+     * Save computed baselines to disk.
+     */
+    async saveBaseline() {
+        const baselines = await this.computeBaseline();
+        const outputPath = path.join(this._baseDir, BASELINES_FILE);
+        await fs.mkdir(path.dirname(outputPath), { recursive: true });
+        await fs.writeFile(outputPath, JSON.stringify(baselines, null, 2), 'utf-8');
+    }
+    /**
+     * Compare current file hashes against saved baselines.
+     */
+    async checkIntegrity() {
+        const baselinesPath = path.join(this._baseDir, BASELINES_FILE);
+        let savedBaselines;
+        try {
+            const data = await fs.readFile(baselinesPath, 'utf-8');
+            savedBaselines = JSON.parse(data);
+        }
+        catch {
+            return { valid: false, mismatches: [{ file: BASELINES_FILE, expected: 'exists', actual: 'missing' }] };
+        }
+        const currentBaselines = await this.computeBaseline();
+        const mismatches = [];
+        for (const saved of savedBaselines) {
+            const current = currentBaselines.find(c => c.filePath === saved.filePath);
+            const actualHash = current?.hash ?? 'FILE_NOT_FOUND';
+            if (saved.hash !== actualHash) {
+                mismatches.push({
+                    file: saved.filePath,
+                    expected: saved.hash,
+                    actual: actualHash,
+                });
+            }
+        }
+        return { valid: mismatches.length === 0, mismatches };
+    }
+    /**
+     * Quarantine a file by copying it to the quarantine directory with a timestamp.
+     */
+    async quarantineFile(filePath) {
+        const quarantineDir = path.join(this._baseDir, QUARANTINE_DIR);
+        await fs.mkdir(quarantineDir, { recursive: true });
+        const timestamp = new Date().toISOString().replace(/[:.]/g, '-');
+        const basename = path.basename(filePath);
+        const quarantinePath = path.join(quarantineDir, `${basename}.${timestamp}`);
+        const sourcePath = path.isAbsolute(filePath) ? filePath : path.join(this._baseDir, filePath);
+        await fs.copyFile(sourcePath, quarantinePath);
+        return quarantinePath;
+    }
+}
+//# sourceMappingURL=integrity-guardian.js.map

package/dist/security/integrity-guardian.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"integrity-guardian.js","sourceRoot":"","sources":["../../src/security/integrity-guardian.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,MAAM,MAAM,aAAa,CAAC;AACjC,OAAO,EAAE,MAAM,kBAAkB,CAAC;AAClC,OAAO,IAAI,MAAM,WAAW,CAAC;AAG7B,MAAM,cAAc,GAAG,CAAC,SAAS,EAAE,WAAW,EAAE,aAAa,EAAE,aAAa,CAAC,CAAC;AAC9E,MAAM,cAAc,GAAG,gCAAgC,CAAC;AACxD,MAAM,cAAc,GAAG,kBAAkB,CAAC;AAO1C,MAAM,OAAO,iBAAiB;IACX,QAAQ,CAAS;IACjB,aAAa,CAAyB;IAEvD;;;OAGG;IACH,YAAY,OAAe,EAAE,eAAuC,EAAE;QACpE,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC;QACxB,IAAI,CAAC,aAAa,GAAG,YAAY,CAAC;IACpC,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,eAAe;QACnB,MAAM,SAAS,GAAwB,EAAE,CAAC;QAC1C,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QAErC,KAAK,MAAM,IAAI,IAAI,cAAc,EAAE,CAAC;YAClC,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;YAChD,IAAI,CAAC;gBACH,MAAM,OAAO,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;gBACrD,MAAM,IAAI,GAAG,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;gBACvE,SAAS,CAAC,IAAI,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,IAAI,EAAE,SAAS,EAAE,GAAG,EAAE,CAAC,CAAC;YAC3D,CAAC;YAAC,MAAM,CAAC;gBACP,qEAAqE;gBACrE,SAAS,CAAC,IAAI,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,IAAI,EAAE,gBAAgB,EAAE,SAAS,EAAE,GAAG,EAAE,CAAC,CAAC;YAC7E,CAAC;QACH,CAAC;QAED,6DAA6D;QAC7D,IAAI,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC/C,MAAM,eAAe,GAAG,IAAI,CAAC,SAAS,CACpC,MAAM,CAAC,WAAW,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,IAAI,EAAE,CAAC,CAC9D,CAAC;YACF,MAAM,IAAI,GAAG,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YAC/E,SAAS,CAAC,IAAI,CAAC,EAAE,QAAQ,EAAE,mBAAmB,EAAE,IAAI,EAAE,SAAS,EAAE,GAAG,EAAE,CAAC,CAAC;QAC1E,CAAC;QAED,OAAO,SAAS,CAAC;IACnB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,YAAY;QAChB,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,eAAe,EAAE,CAAC;QAC/C,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC;QAC5D,MAAM,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC9D,MAAM,EAAE,CAAC,SAAS,CAAC,UAAU,EAAE,IAAI,CAAC,SAAS,CAAC,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;IAC9E,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,cAAc;QAClB,MAAM,aAAa,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC;QAE/D,IAAI,cAAmC,CAAC;QACxC,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC;YACvD,cAAc,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAwB,CAAC;QAC3D,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,UAAU,EAAE,CAAC,EAAE,IAAI,EAAE,cAAc,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC,EAAE,CAAC;QACzG,CAAC;QAED,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,eAAe,EAAE,CAAC;QACtD,MAAM,UAAU,GAA8D,EAAE,CAAC;QAEjF,KAAK,MAAM,KAAK,IAAI,cAAc,EAAE,CAAC;YACnC,MAAM,OAAO,GAAG,gBAAgB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,KAAK,CAAC,QAAQ,CAAC,CAAC;YAC1E,MAAM,UAAU,GAAG,OAAO,EAAE,IAAI,IAAI,gBAAgB,CAAC;YAErD,IAAI,KAAK,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;gBAC9B,UAAU,CAAC,IAAI,CAAC;oBACd,IAAI,EAAE,KAAK,CAAC,QAAQ;oBACpB,QAAQ,EAAE,KAAK,CAAC,IAAI;oBACpB,MAAM,EAAE,UAAU;iBACnB,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,OAAO,EAAE,KAAK,EAAE,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,UAAU,EAAE,CAAC;IACxD,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,cAAc,CAAC,QAAgB;QACnC,MAAM,aAAa,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC;QAC/D,MAAM,EAAE,CAAC,KAAK,CAAC,aAAa,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAEnD,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;QACjE,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QACzC,MAAM,cAAc,GAAG,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,GAAG,QAAQ,IAAI,SAAS,EAAE,CAAC,CAAC;QAE5E,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;QAC7F,MAAM,EAAE,CAAC,QAAQ,CAAC,UAAU,EAAE,cAAc,CAAC,CAAC;QAE9C,OAAO,cAAc,CAAC;IACxB,CAAC;CACF"}

package/dist/security/intent-capsule.d.ts

@@ -0,0 +1,52 @@
+/**
+ * IntentCapsuleManager — Cryptographically signed mandate bundles for goal drift detection.
+ *
+ * Security Hardening (Feb 2026) — ASI01 Mitigation:
+ *   - Creates HMAC-SHA256 signed "Intent Capsules" at task start
+ *   - Verifies capsule integrity to detect tampering
+ *   - Checks each action for consistency with the original mandate
+ *   - Detects goal hijacking via keyword overlap and category matching
+ */
+import type { IntentCapsule, DriftCheckResult } from './security-types.js';
+export declare class IntentCapsuleManager {
+    private readonly _signingKey;
+    private _activeCapsule;
+    private _driftHistory;
+    constructor(signingSecret: string);
+    /**
+     * Create a signed intent capsule at task start.
+     * The capsule captures the original mandate and cannot be
+     * modified without invalidating the signature.
+     */
+    createCapsule(mandate: string, options?: {
+        allowedActionCategories?: string[];
+        ttlMs?: number;
+    }): IntentCapsule;
+    /**
+     * Verify the HMAC signature of an intent capsule.
+     * Returns false if the capsule has been tampered with.
+     */
+    verifyCapsule(capsule: IntentCapsule): boolean;
+    /**
+     * Check if an action is consistent with the active mandate.
+     * Uses category matching and keyword overlap heuristics.
+     */
+    checkDrift(actionType: string, actionDetail: string): DriftCheckResult;
+    /**
+     * Get the currently active capsule.
+     */
+    getActiveCapsule(): IntentCapsule | null;
+    /**
+     * Get drift check history.
+     */
+    getDriftHistory(): DriftCheckResult[];
+    /**
+     * Clear the active capsule (session end).
+     */
+    clearCapsule(): void;
+    /**
+     * Extract meaningful keywords from text, filtering stop words.
+     */
+    private _extractKeywords;
+}
+//# sourceMappingURL=intent-capsule.d.ts.map

package/dist/security/intent-capsule.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"intent-capsule.d.ts","sourceRoot":"","sources":["../../src/security/intent-capsule.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAGH,OAAO,KAAK,EAAE,aAAa,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC;AAW3E,qBAAa,oBAAoB;IAC/B,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAS;IACrC,OAAO,CAAC,cAAc,CAA8B;IACpD,OAAO,CAAC,aAAa,CAA0B;gBAEnC,aAAa,EAAE,MAAM;IAIjC;;;;OAIG;IACH,aAAa,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE;QACvC,uBAAuB,CAAC,EAAE,MAAM,EAAE,CAAC;QACnC,KAAK,CAAC,EAAE,MAAM,CAAC;KAChB,GAAG,aAAa;IA8BjB;;;OAGG;IACH,aAAa,CAAC,OAAO,EAAE,aAAa,GAAG,OAAO;IAsB9C;;;OAGG;IACH,UAAU,CAAC,UAAU,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,GAAG,gBAAgB;IAuDtE;;OAEG;IACH,gBAAgB,IAAI,aAAa,GAAG,IAAI;IAIxC;;OAEG;IACH,eAAe,IAAI,gBAAgB,EAAE;IAIrC;;OAEG;IACH,YAAY,IAAI,IAAI;IAKpB;;OAEG;IACH,OAAO,CAAC,gBAAgB;CAOzB"}

package/dist/security/intent-capsule.js

@@ -0,0 +1,157 @@
+/**
+ * IntentCapsuleManager — Cryptographically signed mandate bundles for goal drift detection.
+ *
+ * Security Hardening (Feb 2026) — ASI01 Mitigation:
+ *   - Creates HMAC-SHA256 signed "Intent Capsules" at task start
+ *   - Verifies capsule integrity to detect tampering
+ *   - Checks each action for consistency with the original mandate
+ *   - Detects goal hijacking via keyword overlap and category matching
+ */
+import crypto from 'node:crypto';
+const STOP_WORDS = new Set([
+    'the', 'a', 'an', 'is', 'are', 'was', 'were', 'be', 'been',
+    'have', 'has', 'had', 'do', 'does', 'did', 'will', 'would',
+    'could', 'should', 'may', 'might', 'can', 'to', 'of', 'in',
+    'for', 'on', 'with', 'at', 'by', 'from', 'this', 'that',
+    'it', 'and', 'or', 'but', 'not', 'if', 'then', 'else',
+    'please', 'help', 'me', 'i', 'you', 'we', 'they',
+]);
+export class IntentCapsuleManager {
+    _signingKey;
+    _activeCapsule = null;
+    _driftHistory = [];
+    constructor(signingSecret) {
+        this._signingKey = crypto.createHash('sha256').update(signingSecret).digest();
+    }
+    /**
+     * Create a signed intent capsule at task start.
+     * The capsule captures the original mandate and cannot be
+     * modified without invalidating the signature.
+     */
+    createCapsule(mandate, options) {
+        const capsuleId = `capsule_${Date.now()}_${crypto.randomBytes(4).toString('hex')}`;
+        const mandateHash = crypto.createHash('sha256').update(mandate).digest('hex');
+        const mandateKeywords = this._extractKeywords(mandate);
+        const createdAt = new Date().toISOString();
+        const expiresAt = options?.ttlMs
+            ? new Date(Date.now() + options.ttlMs).toISOString()
+            : undefined;
+        const allowedActionCategories = options?.allowedActionCategories ?? [];
+        const payload = JSON.stringify({
+            capsuleId, mandate, mandateHash, mandateKeywords,
+            allowedActionCategories, createdAt, expiresAt,
+        });
+        const signature = crypto
+            .createHmac('sha256', this._signingKey)
+            .update(payload)
+            .digest('hex');
+        const capsule = {
+            capsuleId, mandate, mandateHash, mandateKeywords,
+            allowedActionCategories, signature, createdAt, expiresAt,
+        };
+        this._activeCapsule = capsule;
+        this._driftHistory = [];
+        return capsule;
+    }
+    /**
+     * Verify the HMAC signature of an intent capsule.
+     * Returns false if the capsule has been tampered with.
+     */
+    verifyCapsule(capsule) {
+        const payload = JSON.stringify({
+            capsuleId: capsule.capsuleId,
+            mandate: capsule.mandate,
+            mandateHash: capsule.mandateHash,
+            mandateKeywords: capsule.mandateKeywords,
+            allowedActionCategories: capsule.allowedActionCategories,
+            createdAt: capsule.createdAt,
+            expiresAt: capsule.expiresAt,
+        });
+        const expectedSignature = crypto
+            .createHmac('sha256', this._signingKey)
+            .update(payload)
+            .digest('hex');
+        return crypto.timingSafeEqual(Buffer.from(capsule.signature, 'hex'), Buffer.from(expectedSignature, 'hex'));
+    }
+    /**
+     * Check if an action is consistent with the active mandate.
+     * Uses category matching and keyword overlap heuristics.
+     */
+    checkDrift(actionType, actionDetail) {
+        if (!this._activeCapsule) {
+            return { consistent: true, confidence: 0, action: actionType, mandateHash: '' };
+        }
+        const capsule = this._activeCapsule;
+        // Check capsule expiry
+        if (capsule.expiresAt && new Date() > new Date(capsule.expiresAt)) {
+            const result = {
+                consistent: false, confidence: 1.0,
+                reason: 'Intent capsule has expired',
+                action: actionType, mandateHash: capsule.mandateHash,
+            };
+            this._driftHistory.push(result);
+            return result;
+        }
+        // Check action category against allowed categories
+        if (capsule.allowedActionCategories.length > 0) {
+            if (!capsule.allowedActionCategories.includes(actionType)) {
+                const result = {
+                    consistent: false, confidence: 0.8,
+                    reason: `Action '${actionType}' not in mandate's allowed categories: ${capsule.allowedActionCategories.join(', ')}`,
+                    action: actionType, mandateHash: capsule.mandateHash,
+                };
+                this._driftHistory.push(result);
+                return result;
+            }
+        }
+        // Keyword overlap check: does the action detail relate to the mandate?
+        const actionKeywords = this._extractKeywords(actionDetail);
+        const overlap = actionKeywords.filter(k => capsule.mandateKeywords.includes(k));
+        const overlapRatio = actionKeywords.length > 0
+            ? overlap.length / actionKeywords.length
+            : 1.0; // empty action detail = no drift signal
+        const consistent = overlapRatio >= 0.1; // At least 10% keyword overlap
+        const confidence = consistent ? overlapRatio : 1.0 - overlapRatio;
+        const result = {
+            consistent,
+            confidence,
+            ...(!consistent ? {
+                reason: `Low mandate relevance (${(overlapRatio * 100).toFixed(0)}% keyword overlap)`,
+            } : {}),
+            action: actionType,
+            mandateHash: capsule.mandateHash,
+        };
+        this._driftHistory.push(result);
+        return result;
+    }
+    /**
+     * Get the currently active capsule.
+     */
+    getActiveCapsule() {
+        return this._activeCapsule;
+    }
+    /**
+     * Get drift check history.
+     */
+    getDriftHistory() {
+        return [...this._driftHistory];
+    }
+    /**
+     * Clear the active capsule (session end).
+     */
+    clearCapsule() {
+        this._activeCapsule = null;
+        this._driftHistory = [];
+    }
+    /**
+     * Extract meaningful keywords from text, filtering stop words.
+     */
+    _extractKeywords(text) {
+        return text
+            .toLowerCase()
+            .replace(/[^a-z0-9\s_-]/g, ' ')
+            .split(/\s+/)
+            .filter(w => w.length > 2 && !STOP_WORDS.has(w));
+    }
+}
+//# sourceMappingURL=intent-capsule.js.map

package/dist/security/intent-capsule.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"intent-capsule.js","sourceRoot":"","sources":["../../src/security/intent-capsule.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,MAAM,MAAM,aAAa,CAAC;AAGjC,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC;IACzB,KAAK,EAAE,GAAG,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM;IAC1D,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO;IAC1D,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI;IAC1D,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM;IACvD,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM;IACrD,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM;CACjD,CAAC,CAAC;AAEH,MAAM,OAAO,oBAAoB;IACd,WAAW,CAAS;IAC7B,cAAc,GAAyB,IAAI,CAAC;IAC5C,aAAa,GAAuB,EAAE,CAAC;IAE/C,YAAY,aAAqB;QAC/B,IAAI,CAAC,WAAW,GAAG,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC,MAAM,EAAE,CAAC;IAChF,CAAC;IAED;;;;OAIG;IACH,aAAa,CAAC,OAAe,EAAE,OAG9B;QACC,MAAM,SAAS,GAAG,WAAW,IAAI,CAAC,GAAG,EAAE,IAAI,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;QACnF,MAAM,WAAW,GAAG,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAC9E,MAAM,eAAe,GAAG,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;QACvD,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QAC3C,MAAM,SAAS,GAAG,OAAO,EAAE,KAAK;YAC9B,CAAC,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,WAAW,EAAE;YACpD,CAAC,CAAC,SAAS,CAAC;QACd,MAAM,uBAAuB,GAAG,OAAO,EAAE,uBAAuB,IAAI,EAAE,CAAC;QAEvE,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC;YAC7B,SAAS,EAAE,OAAO,EAAE,WAAW,EAAE,eAAe;YAChD,uBAAuB,EAAE,SAAS,EAAE,SAAS;SAC9C,CAAC,CAAC;QAEH,MAAM,SAAS,GAAG,MAAM;aACrB,UAAU,CAAC,QAAQ,EAAE,IAAI,CAAC,WAAW,CAAC;aACtC,MAAM,CAAC,OAAO,CAAC;aACf,MAAM,CAAC,KAAK,CAAC,CAAC;QAEjB,MAAM,OAAO,GAAkB;YAC7B,SAAS,EAAE,OAAO,EAAE,WAAW,EAAE,eAAe;YAChD,uBAAuB,EAAE,SAAS,EAAE,SAAS,EAAE,SAAS;SACzD,CAAC;QAEF,IAAI,CAAC,cAAc,GAAG,OAAO,CAAC;QAC9B,IAAI,CAAC,aAAa,GAAG,EAAE,CAAC;QACxB,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;;OAGG;IACH,aAAa,CAAC,OAAsB;QAClC,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC;YAC7B,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,WAAW,EAAE,OAAO,CAAC,WAAW;YAChC,eAAe,EAAE,OAAO,CAAC,eAAe;YACxC,uBAAuB,EAAE,OAAO,CAAC,uBAAuB;YACxD,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,SAAS,EAAE,OAAO,CAAC,SAAS;SAC7B,CAAC,CAAC;QAEH,MAAM,iBAAiB,GAAG,MAAM;aAC7B,UAAU,CAAC,QAAQ,EAAE,IAAI,CAAC,WAAW,CAAC;aACtC,MAAM,CAAC,OAAO,CAAC;aACf,MAAM,CAAC,KAAK,CAAC,CAAC;QAEjB,OAAO,MAAM,CAAC,eAAe,CAC3B,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,KAAK,CAAC,EACrC,MAAM,CAAC,IAAI,CAAC,iBAAiB,EAAE,KAAK,CAAC,CACtC,CAAC;IACJ,CAAC;IAED;;;OAGG;IACH,UAAU,CAAC,UAAkB,EAAE,YAAoB;QACjD,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC;YACzB,OAAO,EAAE,UAAU,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC,EAAE,MAAM,EAAE,UAAU,EAAE,WAAW,EAAE,EAAE,EAAE,CAAC;QAClF,CAAC;QAED,MAAM,OAAO,GAAG,IAAI,CAAC,cAAc,CAAC;QAEpC,uBAAuB;QACvB,IAAI,OAAO,CAAC,SAAS,IAAI,IAAI,IAAI,EAAE,GAAG,IAAI,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,CAAC;YAClE,MAAM,MAAM,GAAqB;gBAC/B,UAAU,EAAE,KAAK,EAAE,UAAU,EAAE,GAAG;gBAClC,MAAM,EAAE,4BAA4B;gBACpC,MAAM,EAAE,UAAU,EAAE,WAAW,EAAE,OAAO,CAAC,WAAW;aACrD,CAAC;YACF,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YAChC,OAAO,MAAM,CAAC;QAChB,CAAC;QAED,mDAAmD;QACnD,IAAI,OAAO,CAAC,uBAAuB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC/C,IAAI,CAAC,OAAO,CAAC,uBAAuB,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;gBAC1D,MAAM,MAAM,GAAqB;oBAC/B,UAAU,EAAE,KAAK,EAAE,UAAU,EAAE,GAAG;oBAClC,MAAM,EAAE,WAAW,UAAU,0CAA0C,OAAO,CAAC,uBAAuB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;oBACnH,MAAM,EAAE,UAAU,EAAE,WAAW,EAAE,OAAO,CAAC,WAAW;iBACrD,CAAC;gBACF,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;gBAChC,OAAO,MAAM,CAAC;YAChB,CAAC;QACH,CAAC;QAED,uEAAuE;QACvE,MAAM,cAAc,GAAG,IAAI,CAAC,gBAAgB,CAAC,YAAY,CAAC,CAAC;QAC3D,MAAM,OAAO,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;QAChF,MAAM,YAAY,GAAG,cAAc,CAAC,MAAM,GAAG,CAAC;YAC5C,CAAC,CAAC,OAAO,CAAC,MAAM,GAAG,cAAc,CAAC,MAAM;YACxC,CAAC,CAAC,GAAG,CAAC,CAAC,wCAAwC;QAEjD,MAAM,UAAU,GAAG,YAAY,IAAI,GAAG,CAAC,CAAC,+BAA+B;QACvE,MAAM,UAAU,GAAG,UAAU,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,GAAG,GAAG,YAAY,CAAC;QAElE,MAAM,MAAM,GAAqB;YAC/B,UAAU;YACV,UAAU;YACV,GAAG,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC;gBAChB,MAAM,EAAE,0BAA0B,CAAC,YAAY,GAAG,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,oBAAoB;aACtF,CAAC,CAAC,CAAC,EAAE,CAAC;YACP,MAAM,EAAE,UAAU;YAClB,WAAW,EAAE,OAAO,CAAC,WAAW;SACjC,CAAC;QAEF,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAChC,OAAO,MAAM,CAAC;IAChB,CAAC;IAED;;OAEG;IACH,gBAAgB;QACd,OAAO,IAAI,CAAC,cAAc,CAAC;IAC7B,CAAC;IAED;;OAEG;IACH,eAAe;QACb,OAAO,CAAC,GAAG,IAAI,CAAC,aAAa,CAAC,CAAC;IACjC,CAAC;IAED;;OAEG;IACH,YAAY;QACV,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC;QAC3B,IAAI,CAAC,aAAa,GAAG,EAAE,CAAC;IAC1B,CAAC;IAED;;OAEG;IACK,gBAAgB,CAAC,IAAY;QACnC,OAAO,IAAI;aACR,WAAW,EAAE;aACb,OAAO,CAAC,gBAAgB,EAAE,GAAG,CAAC;aAC9B,KAAK,CAAC,KAAK,CAAC;aACZ,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IACrD,CAAC;CACF"}

package/dist/security/leak-detector.d.ts

@@ -0,0 +1,26 @@
+/**
+ * LeakDetector — Secret leak scanning and redaction.
+ *
+ * Spec §5.5 "Leak Detection":
+ *   - Built-in patterns for common secret formats
+ *   - Custom pattern registration
+ *   - Text redaction
+ */
+import type { LeakMatch, LeakSeverity } from './security-types.js';
+export declare class LeakDetector {
+    private readonly _patterns;
+    constructor();
+    /**
+     * Scan text for potential secret leaks.
+     */
+    scan(text: string): LeakMatch[];
+    /**
+     * Add a custom leak detection pattern.
+     */
+    addPattern(name: string, pattern: RegExp, severity: LeakSeverity): void;
+    /**
+     * Redact detected secrets, replacing them with `[REDACTED:{patternName}]`.
+     */
+    redact(text: string): string;
+}
+//# sourceMappingURL=leak-detector.d.ts.map

package/dist/security/leak-detector.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"leak-detector.d.ts","sourceRoot":"","sources":["../../src/security/leak-detector.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAe,SAAS,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AAuBhF,qBAAa,YAAY;IACvB,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAgB;;IAU1C;;OAEG;IACH,IAAI,CAAC,IAAI,EAAE,MAAM,GAAG,SAAS,EAAE;IAoB/B;;OAEG;IACH,UAAU,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,YAAY,GAAG,IAAI;IAIvE;;OAEG;IACH,MAAM,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM;CAU7B"}

package/dist/security/leak-detector.js

@@ -0,0 +1,75 @@
+/**
+ * LeakDetector — Secret leak scanning and redaction.
+ *
+ * Spec §5.5 "Leak Detection":
+ *   - Built-in patterns for common secret formats
+ *   - Custom pattern registration
+ *   - Text redaction
+ */
+const BUILT_IN_PATTERNS = [
+    // OpenAI / Anthropic API keys
+    { name: 'openai_api_key', pattern: /\bsk-[A-Za-z0-9]{20,}\b/g, severity: 'high' },
+    // Google AI API keys
+    { name: 'google_api_key', pattern: /\bAIza[A-Za-z0-9_-]{35,}\b/g, severity: 'high' },
+    // GitHub personal access tokens
+    { name: 'github_token', pattern: /\bghp_[A-Za-z0-9]{36,}\b/g, severity: 'high' },
+    // Slack bot tokens
+    { name: 'slack_token', pattern: /\bxoxb-[A-Za-z0-9-]+\b/g, severity: 'high' },
+    // JWT tokens
+    { name: 'jwt_token', pattern: /\beyJ[A-Za-z0-9_-]{10,}\.[A-Za-z0-9_-]{10,}\.[A-Za-z0-9_-]{10,}\b/g, severity: 'medium' },
+    // Base64 encoded blocks > 50 chars (potential encoded secrets)
+    { name: 'base64_block', pattern: /\b[A-Za-z0-9+/]{50,}={0,2}\b/g, severity: 'low' },
+    // Private key headers
+    { name: 'private_key', pattern: /-----BEGIN\s+(RSA |EC |DSA |OPENSSH )?PRIVATE KEY-----/g, severity: 'high' },
+    // AWS access key IDs
+    { name: 'aws_access_key', pattern: /\b(AKIA|ASIA)[A-Z0-9]{16}\b/g, severity: 'high' },
+    // Generic secret assignment patterns
+    { name: 'password_assignment', pattern: /(?:password|passwd|pwd)\s*[:=]\s*["'][^"']{4,}["']/gi, severity: 'medium' },
+];
+export class LeakDetector {
+    _patterns;
+    constructor() {
+        // Deep-copy built-in patterns to avoid shared state between instances
+        this._patterns = BUILT_IN_PATTERNS.map(p => ({
+            ...p,
+            pattern: new RegExp(p.pattern.source, p.pattern.flags),
+        }));
+    }
+    /**
+     * Scan text for potential secret leaks.
+     */
+    scan(text) {
+        const matches = [];
+        for (const { name, pattern, severity } of this._patterns) {
+            // Reset lastIndex for global regexes
+            const regex = new RegExp(pattern.source, pattern.flags);
+            let match;
+            while ((match = regex.exec(text)) !== null) {
+                matches.push({
+                    pattern: name,
+                    match: match[0],
+                    severity,
+                });
+            }
+        }
+        return matches;
+    }
+    /**
+     * Add a custom leak detection pattern.
+     */
+    addPattern(name, pattern, severity) {
+        this._patterns.push({ name, pattern, severity });
+    }
+    /**
+     * Redact detected secrets, replacing them with `[REDACTED:{patternName}]`.
+     */
+    redact(text) {
+        let result = text;
+        for (const { name, pattern } of this._patterns) {
+            const regex = new RegExp(pattern.source, pattern.flags);
+            result = result.replace(regex, `[REDACTED:${name}]`);
+        }
+        return result;
+    }
+}
+//# sourceMappingURL=leak-detector.js.map