/** * Sage → ATR Converter (reverse direction) * * Converts a Sage threat rule (from gendigitalinc/sage `threats/*.yaml`) into * an ATR YAML rule suitable for contribution back to the ATR corpus. * * This is the smaller half of the bidirectional bridge. The forward * direction (atrToSage) sees the heavy traffic; this reverse direction * exists so that Sage maintainers who write rules in Sage's format can * contribute them upstream to ATR without manual schema rewriting. * * Lossy spots: * - Sage has no description field; we emit a placeholder description that * humans must fill in before merging into ATR. * - Sage has no test_cases; we emit a TODO block instructing humans to add * true_positives + true_negatives (required for ATR PR acceptance). * - Sage has no compliance metadata (eu_ai_act, nist_ai_rmf, etc.); humans * must add these if the rule maps to a regulatory framework. * - Sage has no references (mitre_atlas, owasp_llm, etc.); humans must add. * - Sage `match_on: command|url|file_path|content|domain` → ATR field name. * The translation is heuristic since Sage's "command" channel doesn't have * a perfect ATR equivalent (closest is tool_args at invocation time). * * @module agent-threat-rules/converters/sage-reverse */ import type { ATRRule } from '../types.js'; import type { SageRule } from './sage.js'; export interface ReverseConvertResult { readonly rule: ATRRule; readonly warnings: readonly ReverseWarning[]; } export interface ReverseWarning { readonly sageId: string; readonly kind: 'missing_description' | 'missing_test_cases' | 'missing_compliance' | 'missing_references' | 'category_unknown' | 'match_on_ambiguous'; readonly detail: string; } /** * Convert a single Sage rule to an ATR rule. * * The output rule has TODO markers in description and test_cases fields * that humans must fill in before merging. See module docstring for lossy * spots that require human enrichment. */ export declare function sageToAtr(sage: SageRule): ReverseConvertResult; /** * Reverse-convert many Sage rules. */ export declare function sageToAtrBatch(sageRules: readonly SageRule[]): { readonly rules: readonly ATRRule[]; readonly warnings: readonly ReverseWarning[]; }; //# sourceMappingURL=sage-reverse.d.ts.map