/** * Mastra input processor for Agent Threat Rules (ATR). * * A drop-in Mastra `Processor` that evaluates incoming user input against the * ATR rule set and aborts the run when a rule at or above a configured severity * matches. ATR is an open detection standard for AI-agent attacks (like Sigma, * but for prompt injection and related input-borne threats). * * import { Agent } from "@mastra/core/agent"; * import { ATRProcessor } from "agent-threat-rules/mastra"; * * const agent = new Agent({ * name: "guarded", * model, * inputProcessors: [new ATRProcessor()], * }); * * The Mastra `Processor` contract is captured structurally (via generics), so * this module adds NO dependency on `@mastra/core` -- the package stays * decoupled from Mastra's release cadence. `@mastra/core` is an optional peer: * install it in the consuming app. Conformance is verified against the real * @mastra/core types in the test suite. * * @module agent-threat-rules/mastra */ /** Structural shape of a Mastra message -- only the text-bearing fields we read. */ interface MastraLikeMessage { content: { parts?: ReadonlyArray<{ type: string; text?: string; }>; content?: string; }; } /** Structural shape of the argument Mastra passes to a processor's processInput. */ interface MastraProcessInputArgs { messages: M[]; abort: (reason?: string) => never; } export interface ATRProcessorOptions { /** ATR match severities that abort the run. Lower severities pass through. Defaults to ["critical", "high"]. */ readonly blockSeverities?: readonly string[]; /** Directory of ATR rule YAML files. Omit to use the rules bundled with this package. */ readonly rulesDir?: string; } /** * Mastra input processor that blocks input matching Agent Threat Rules. */ export declare class ATRProcessor { readonly id: "atr"; readonly name = "Agent Threat Rules"; private readonly engine; private readonly blockSeverities; private loadPromise; constructor(options?: ATRProcessorOptions); /** Load rules exactly once, even under concurrent first calls. */ private ensureLoaded; private static extractText; processInput(args: MastraProcessInputArgs): Promise; } export {}; //# sourceMappingURL=mastra.d.ts.map