/** * ATR Rule Scaffolder - Generates ATR rule YAML scaffolds from structured input * @module agent-threat-rules/rule-scaffolder */ import type { ATRCategory, ATRSeverity, ATRSourceType } from './types.js'; export type ScaffoldDetectionMethod = 'pattern' | 'semantic'; export interface SemanticScaffoldOptions { threshold?: number; fallbackMethod?: 'pattern' | 'none'; judgeModelClass?: string; includePatternFallback?: boolean; } export interface ScaffoldEvasionTestInput { input: string; expected?: 'triggered' | 'not_triggered'; bypass_technique: string; notes?: string; } export interface ScaffoldInput { title: string; category: ATRCategory; severity?: ATRSeverity; attackDescription: string; notDetectedDescription?: string; examplePayloads: string[]; negativePayloads?: string[]; evasionTests?: ScaffoldEvasionTestInput[]; falsePositiveScenarios?: string[]; agentSourceType?: ATRSourceType; owaspRefs?: string[]; mitreRefs?: string[]; detectionMethod?: ScaffoldDetectionMethod; semantic?: SemanticScaffoldOptions; } export interface ScaffoldResult { yaml: string; id: string; warnings: string[]; } export interface ScaffoldOptions { author?: string; schemaVersion?: string; } /** * Attack pattern templates by category — reusable regex building blocks * that detect BEHAVIOR, not package names. */ export declare const ATTACK_PATTERN_INDICATORS: ReadonlyArray<{ /** Regex to test if the payload contains this attack indicator */ readonly test: RegExp; /** The detection regex to use in the rule */ readonly pattern: string; /** Human-readable description */ readonly description: string; /** Which categories this indicator applies to */ readonly categories: readonly ATRCategory[]; }>; export declare class RuleScaffolder { private readonly options; constructor(options?: ScaffoldOptions); /** * Generate a complete ATR YAML rule from structured input. * Returns a ScaffoldResult with the YAML string, generated ID, and any warnings. */ scaffold(input: ScaffoldInput, existingIds?: ReadonlySet): ScaffoldResult; /** * Generate a draft semantic ATR YAML rule from structured examples. * * This is deterministic template generation, not model-authored production * rule creation. Generated semantic rules are intentionally draft artifacts. */ scaffoldSemantic(input: ScaffoldInput, existingIds?: ReadonlySet): ScaffoldResult; /** * Validate scaffold input, throwing on invalid required fields * and returning warnings for non-critical issues. */ private validateInput; } //# sourceMappingURL=rule-scaffolder.d.ts.map