sync: update from internal repo (2026-02-15 20:25)

Author: Traviseric

.pre-commit-hooks.yaml

@@ -0,0 +1,7 @@
+- id: agent-security-scan
+  name: Agent Security Scan
+  description: Scan for AI agent security vulnerabilities
+  entry: npx --yes @empowered-humanity/agent-security scan
+  language: system
+  pass_filenames: false
+  always_run: true

README.md

@@ -4,14 +4,14 @@
 [![npm version](https://img.shields.io/npm/v/@empowered-humanity/agent-security)](https://www.npmjs.com/package/@empowered-humanity/agent-security)
 [![License: MIT](https://img.shields.io/badge/License-MIT-gold.svg)](https://opensource.org/licenses/MIT)
 [![TypeScript](https://img.shields.io/badge/TypeScript-Strict-blue.svg)](https://www.typescriptlang.org/)
-[![Tests](https://img.shields.io/badge/Tests-116%20passing-brightgreen.svg)]()
-[![Patterns](https://img.shields.io/badge/Patterns-176-navy.svg)]()
+[![Tests](https://img.shields.io/badge/Tests-123%20passing-brightgreen.svg)]()
+[![Patterns](https://img.shields.io/badge/Patterns-190-navy.svg)]()
 
 Security scanner for AI agent architectures. Detects prompt injection, credential exposure, code injection, and agent-specific attack patterns.
 
 ## What It Detects
 
-**176 detection patterns** across 5 scanner categories:
+**190 detection patterns** across 5 scanner categories:
 
 ### 1. Prompt Injection (34 patterns)
 - Instruction override attempts
@@ -61,16 +61,16 @@ The scanner implements detection for all 10 OWASP Agentic Security Issues:
 
 | OWASP ASI | Category | Patterns | Description |
 |-----------|----------|----------|-------------|
-| **ASI01** | Goal Hijacking | 2 | Malicious objectives override primary goals |
-| **ASI02** | Tool Misuse | 1 | Unauthorized tool access or API abuse |
-| **ASI03** | Privilege Abuse | 2 | Escalation beyond granted permissions |
-| **ASI04** | Supply Chain | 1 | Compromised dependencies or data sources |
-| **ASI05** | Remote Code Execution | 1 | Command injection, arbitrary code execution |
-| **ASI06** | Memory Poisoning | 2 | RAG corruption, persistent instruction injection |
-| **ASI07** | Insecure Communications | 1 | Unencrypted channels, data exfiltration |
-| **ASI08** | Cascading Failures | 2 | Error amplification, chain-reaction exploits |
-| **ASI09** | Trust Exploitation | 2 | Impersonation, false credentials |
-| **ASI10** | Rogue Agents | 2 | Self-replication, unauthorized spawning |
+| **ASI01** | Goal Hijacking | 6 | Malicious objectives override primary goals |
+| **ASI02** | Tool Misuse | 5 | Unauthorized tool access or API abuse |
+| **ASI03** | Privilege Abuse | 4 | Escalation beyond granted permissions |
+| **ASI04** | Supply Chain | 3 | Compromised dependencies or data sources |
+| **ASI05** | Remote Code Execution | 3 | Command injection, arbitrary code execution |
+| **ASI06** | Memory Poisoning | 10 | RAG corruption, persistent instruction injection, unicode hidden, embedding drift |
+| **ASI07** | Insecure Communications | 9 | Unencrypted channels, data exfiltration, message replay |
+| **ASI08** | Cascading Failures | 9 | Error amplification, chain-reaction exploits, circuit breaker bypass |
+| **ASI09** | Trust Exploitation | 8 | Impersonation, false credentials, YMYL decision override |
+| **ASI10** | Rogue Agents | 8 | Self-replication, unauthorized spawning, behavioral drift, silent approval |
 
 ## Installation
 
@@ -183,7 +183,7 @@ security_scan:
 
 ## Pattern Categories
 
-The 176 patterns are organized into these categories:
+The 190 patterns are organized into these categories:
 
 | Category | Count | Severity |
 |----------|-------|----------|

SECURITY.md

@@ -59,7 +59,7 @@ When using agent-security in your projects:
 
 ## Security Features
 
-- **Pattern-based detection**: 176 security patterns with 4 intelligence layers
+- **Pattern-based detection**: 190 security patterns with 4 intelligence layers
 - **OWASP ASI coverage**: All 10 OWASP Agentic Security Issues
 - **No network calls**: All scanning happens locally
 - **No data collection**: Your code never leaves your machine

action.yml

@@ -0,0 +1,85 @@
+name: 'Agent Security Scan'
+description: 'Scan for AI agent security vulnerabilities with 176+ detection patterns'
+author: 'Empowered Humanity'
+
+inputs:
+  path:
+    description: 'Path to scan'
+    required: false
+    default: '.'
+  severity:
+    description: 'Minimum severity to report (critical, high, medium, low)'
+    required: false
+    default: 'medium'
+  format:
+    description: 'Output format (console, json, sarif)'
+    required: false
+    default: 'sarif'
+  fail-on-findings:
+    description: 'Fail if findings at or above this severity (critical, high, medium, low)'
+    required: false
+    default: 'high'
+  upload-sarif:
+    description: 'Upload SARIF results to GitHub Code Scanning'
+    required: false
+    default: 'true'
+
+outputs:
+  findings-count:
+    description: 'Total number of findings'
+    value: ${{ steps.scan.outputs.findings-count }}
+  risk-level:
+    description: 'Overall risk level'
+    value: ${{ steps.scan.outputs.risk-level }}
+  sarif-file:
+    description: 'Path to SARIF output file'
+    value: ${{ steps.scan.outputs.sarif-file }}
+
+runs:
+  using: 'composite'
+  steps:
+    - name: Setup Node.js
+      uses: actions/setup-node@v4
+      with:
+        node-version: '20'
+
+    - name: Run Agent Security Scan
+      id: scan
+      shell: bash
+      run: |
+        SARIF_FILE="${{ runner.temp }}/agent-security-results.sarif"
+
+        npx --yes @empowered-humanity/agent-security@latest scan \
+          ${{ inputs.path }} \
+          --severity ${{ inputs.severity }} \
+          --format ${{ inputs.format }} \
+          --fail-on ${{ inputs.fail-on-findings }} \
+          --output "$SARIF_FILE" \
+          || SCAN_EXIT=$?
+
+        if [ -f "$SARIF_FILE" ]; then
+          FINDINGS=$(cat "$SARIF_FILE" | node -e "
+            const fs = require('fs');
+            const data = JSON.parse(fs.readFileSync(0, 'utf8'));
+            console.log(data.runs[0].results.length);
+          ")
+          echo "findings-count=$FINDINGS" >> $GITHUB_OUTPUT
+          echo "sarif-file=$SARIF_FILE" >> $GITHUB_OUTPUT
+        else
+          echo "findings-count=0" >> $GITHUB_OUTPUT
+          echo "sarif-file=" >> $GITHUB_OUTPUT
+        fi
+
+        echo "risk-level=${SCAN_EXIT:+failed}" >> $GITHUB_OUTPUT
+        exit ${SCAN_EXIT:-0}
+
+    - name: Upload SARIF to GitHub Code Scanning
+      if: ${{ inputs.upload-sarif == 'true' && always() && steps.scan.outputs.sarif-file != '' }}
+      uses: github/codeql-action/upload-sarif@v3
+      with:
+        sarif_file: ${{ steps.scan.outputs.sarif-file }}
+        category: agent-security
+
+branding:
+  icon: 'shield'
+  color: 'blue'

package.json

@@ -1,7 +1,7 @@
 {
   "name": "@empowered-humanity/agent-security",
-  "version": "1.1.0",
-  "description": "Security scanner for AI agent architectures - 176 detection patterns for prompt injection, credential exposure, MCP security, and OWASP ASI vulnerabilities",
+  "version": "1.2.0",
+  "description": "Security scanner for AI agent architectures - 190 detection patterns for prompt injection, credential exposure, MCP security, and OWASP ASI vulnerabilities",
   "type": "module",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -32,7 +32,9 @@
     "README.md",
     "LICENSE",
     "SECURITY.md",
-    "sbom.json"
+    "sbom.json",
+    "action.yml",
+    ".pre-commit-hooks.yaml"
   ],
   "scripts": {
     "build": "tsc",

src/index.ts

@@ -20,10 +20,11 @@ import { resolve } from 'path';
 import { scanDirectory, scanFile, scanContent } from './scanner/index.js';
 import { printScanResult, formatScanResult } from './reporters/console.js';
 import { formatAsJson } from './reporters/json.js';
-import { ALL_PATTERNS, getPatternStats, getPatternsByCategory } from './patterns/index.js';
-import type { Severity } from './patterns/types.js';
+import { formatAsSarif } from './reporters/sarif.js';
+import { ALL_PATTERNS, getPatternStats, getPatternsByCategory, getPatternsByOwaspAsi, getPatternsMinSeverity } from './patterns/index.js';
+import type { Severity, DetectionPattern } from './patterns/types.js';
 
-const VERSION = '1.1.0';
+const VERSION = '1.2.0';
 
 program
   .name('te-agent-security')
@@ -37,23 +38,50 @@ program
   .option('-f, --file <file>', 'Scan a single file')
   .option('-s, --severity <level>', 'Minimum severity (critical, high, medium, low)', 'medium')
   .option('-o, --output <file>', 'Output file path')
-  .option('--format <format>', 'Output format (console, json)', 'console')
+  .option('--format <format>', 'Output format (console, json, sarif)', 'console')
+  .option('--fail-on <severity>', 'Exit with code 1 if findings at or above severity (critical, high, medium, low)')
   .option('--context', 'Show code context for findings')
   .option('--group <by>', 'Group findings by (severity, file, category, classification)', 'severity')
+  .option('--asi <id>', 'Filter by OWASP ASI category (e.g., ASI01, ASI06)')
   .option('-v, --verbose', 'Verbose output')
   .option('-q, --quiet', 'Quiet mode - only show errors')
   .action(async (path, options) => {
     const targetPath = options.file || path || process.cwd();
     const resolvedPath = resolve(targetPath);
 
-    const spinner = options.quiet ? null : ora('Scanning for security issues...').start();
+    // Build filtered pattern set if --asi is specified
+    let filteredPatterns: DetectionPattern[] | undefined;
+    if (options.asi) {
+      const asiId = options.asi.toUpperCase();
+      filteredPatterns = getPatternsByOwaspAsi(asiId);
+      if (filteredPatterns.length === 0) {
+        console.error(chalk.red(`No patterns found for ASI category: ${asiId}`));
+        console.error(chalk.gray('Valid categories: ASI01-ASI10'));
+        process.exit(1);
+      }
+      if (options.severity && options.severity !== 'medium') {
+        const severityOrder: Severity[] = ['low', 'medium', 'high', 'critical'];
+        const minIndex = severityOrder.indexOf(options.severity as Severity);
+        filteredPatterns = filteredPatterns.filter(
+          (p) => severityOrder.indexOf(p.severity) >= minIndex
+        );
+      }
+    }
+
+    const scanOptions = filteredPatterns
+      ? { patterns: filteredPatterns }
+      : { minSeverity: options.severity as Severity };
+
+    const spinner = options.quiet ? null : ora(
+      filteredPatterns
+        ? `Scanning for ${options.asi.toUpperCase()} patterns (${filteredPatterns.length} rules)...`
+        : 'Scanning for security issues...'
+    ).start();
 
     try {
       const result = options.file
         ? await (async () => {
-            const findings = await scanFile(resolvedPath, {
-              minSeverity: options.severity as Severity,
-            });
+            const findings = await scanFile(resolvedPath, scanOptions);
             const criticalCount = findings.filter((f) => f.pattern.severity === 'critical').length;
             const highCount = findings.filter((f) => f.pattern.severity === 'high').length;
             const mediumCount = findings.filter((f) => f.pattern.severity === 'medium').length;
@@ -64,7 +92,7 @@ program
 
             return {
               filesScanned: 1,
-              patternsChecked: ALL_PATTERNS.length,
+              patternsChecked: filteredPatterns?.length ?? ALL_PATTERNS.length,
               findings,
               riskScore: {
                 total: 100 - findings.length * 10,
@@ -81,9 +109,7 @@ program
               timestamp: new Date(),
             };
           })()
-        : await scanDirectory(resolvedPath, {
-            minSeverity: options.severity as Severity,
-          });
+        : await scanDirectory(resolvedPath, scanOptions);
 
       spinner?.stop();
 
@@ -96,6 +122,14 @@ program
         } else {
           console.log(jsonOutput);
         }
+      } else if (options.format === 'sarif') {
+        const sarifOutput = formatAsSarif(result);
+        if (options.output) {
+          await writeFile(options.output, sarifOutput);
+          console.log(chalk.green(`SARIF results written to ${options.output}`));
+        } else {
+          console.log(sarifOutput);
+        }
       } else {
         const consoleOutput = formatScanResult(result, {
           showContext: options.context,
@@ -113,8 +147,15 @@ program
         }
       }
 
-      // Exit with error code if critical findings
-      if (result.riskScore.counts.critical > 0) {
+      // Exit with error code based on --fail-on threshold (default: critical)
+      const severityOrder: Severity[] = ['low', 'medium', 'high', 'critical'];
+      const failOn = options.failOn as Severity | undefined;
+      const threshold = failOn && severityOrder.includes(failOn) ? failOn : 'critical';
+      const thresholdIndex = severityOrder.indexOf(threshold);
+      const hasFailures = severityOrder.slice(thresholdIndex).some(
+        (sev) => result.riskScore.counts[sev] > 0
+      );
+      if (hasFailures) {
         process.exit(1);
       }
     } catch (error) {
@@ -130,14 +171,20 @@ program
   .description('List available detection patterns')
   .option('-c, --category <category>', 'Filter by category')
   .option('-s, --severity <level>', 'Filter by severity')
+  .option('--asi <id>', 'Filter by OWASP ASI category (e.g., ASI01, ASI06)')
   .option('--json', 'Output as JSON')
   .action((options) => {
-    let patterns = ALL_PATTERNS;
+    let patterns: DetectionPattern[] = ALL_PATTERNS;
 
     if (options.category) {
       patterns = getPatternsByCategory(options.category);
     }
 
+    if (options.asi) {
+      const asiId = options.asi.toUpperCase();
+      patterns = patterns.filter((p) => p.owaspAsi === asiId);
+    }
+
     if (options.severity) {
       patterns = patterns.filter((p) => p.severity === options.severity);
     }
@@ -149,6 +196,7 @@ program
             name: p.name,
             severity: p.severity,
             category: p.category,
+            owaspAsi: p.owaspAsi || null,
             description: p.description,
             source: p.source,
           })),
@@ -175,6 +223,9 @@ program
       console.log(`\n${chalk.bold(pattern.name)}`);
       console.log(`  Severity: ${severityColor(pattern.severity)}`);
       console.log(`  Category: ${chalk.cyan(pattern.category)}`);
+      if (pattern.owaspAsi) {
+        console.log(`  OWASP ASI: ${chalk.magenta(pattern.owaspAsi)}`);
+      }
       console.log(`  Source: ${chalk.gray(pattern.source)}`);
       console.log(`  ${pattern.description}`);
       if (pattern.example) {
@@ -210,6 +261,29 @@ program
     console.log(`  Medium: ${chalk.blue(stats.bySeverity.medium)}`);
     console.log(`  Low: ${chalk.gray(stats.bySeverity.low)}`);
 
+    console.log(chalk.bold('\nBy OWASP ASI:'));
+    const asiLabels: Record<string, string> = {
+      ASI01: 'Agent Goal Hijack',
+      ASI02: 'Tool Misuse',
+      ASI03: 'Privilege Abuse',
+      ASI04: 'Supply Chain',
+      ASI05: 'Code Execution',
+      ASI06: 'Memory Poisoning',
+      ASI07: 'Insecure Comms',
+      ASI08: 'Cascading Failures',
+      ASI09: 'Trust Exploitation',
+      ASI10: 'Rogue Agents',
+    };
+    const asiIds = ['ASI01', 'ASI02', 'ASI03', 'ASI04', 'ASI05', 'ASI06', 'ASI07', 'ASI08', 'ASI09', 'ASI10'];
+    let asiTotal = 0;
+    for (const asiId of asiIds) {
+      const count = stats.byOwaspAsi[asiId] || 0;
+      asiTotal += count;
+      const bar = '\u2588'.repeat(Math.min(count, 20));
+      console.log(`  ${asiId} ${chalk.gray(asiLabels[asiId]?.padEnd(20) ?? '')}: ${chalk.cyan(String(count).padStart(3))} ${chalk.green(bar)}`);
+    }
+    console.log(`  ${chalk.gray('ASI-tagged total')}: ${chalk.cyan(asiTotal)}/${stats.total}`);
+
     console.log(chalk.bold('\nBy Category:'));
     const categories = Object.entries(stats.byCategory).sort((a, b) => b[1] - a[1]);
     for (const [category, count] of categories) {