/** * Agent Shield — TypeScript Declarations */ // ========================================================================= // Core // ========================================================================= export interface ScanResult { status: 'safe' | 'danger' | 'warning' | 'caution'; threats: Threat[]; blocked: boolean; stats: { totalThreats: number; scanTimeMs: number; patternsChecked?: number; }; } export interface Threat { severity: 'critical' | 'high' | 'medium' | 'low'; category: string; description: string; detail?: string; confidence: number; confidenceLabel: string; matched?: string; } export interface ShieldOptions { sensitivity?: 'low' | 'medium' | 'high'; blockOnThreat?: boolean; blockThreshold?: 'low' | 'medium' | 'high' | 'critical'; logging?: boolean; customPatterns?: Pattern[]; } export interface Pattern { pattern: RegExp; severity: 'critical' | 'high' | 'medium' | 'low'; category: string; description: string; } export interface ShieldStats { totalScans: number; threatsDetected: number; blocked: number; } export declare class AgentShield { constructor(options?: ShieldOptions); scan(text: string, options?: { source?: string }): ScanResult; scanInput(text: string): ScanResult; scanOutput(text: string): ScanResult; getPatterns(): Pattern[]; getStats(): ShieldStats; } export declare function scanText(text: string, sensitivity?: string): ScanResult; export declare function getPatterns(): Pattern[]; // ========================================================================= // Middleware // ========================================================================= export interface MiddlewareOptions extends ShieldOptions { configPath?: string; } export declare function expressMiddleware(options?: MiddlewareOptions): (req: any, res: any, next: any) => void; export declare function wrapAgent(agentFn: Function, options?: ShieldOptions): Function; export declare function shieldTools(tools: any[], options?: ShieldOptions): any[]; export interface RateLimitMiddlewareOptions { maxRequests?: number; windowMs?: number; maxThreatsPerWindow?: number; onLimit?: (info: { count: number; windowMs: number }) => void; onAnomaly?: (info: { threatCount: number; windowMs: number }) => void; includeBackpressureHeaders?: boolean; } export declare function rateLimitMiddleware(options?: RateLimitMiddlewareOptions): (req: any, res: any, next: any) => void; export interface ShieldMiddlewareOptions extends MiddlewareOptions, RateLimitMiddlewareOptions {} export declare function shieldMiddleware(options?: ShieldMiddlewareOptions): (req: any, res: any, next: any) => void; // ========================================================================= // Circuit Breaker // ========================================================================= export declare const STATE: { CLOSED: 'closed'; OPEN: 'open'; HALF_OPEN: 'half_open'; }; export interface CircuitBreakerOptions { threshold?: number; windowMs?: number; cooldownMs?: number; onTrip?: (info: { threatCount: number; state: string }) => void; } export declare class CircuitBreaker { constructor(options?: CircuitBreakerOptions); check(): { allowed: boolean; reason?: string }; recordThreat(count?: number): void; reset(): void; getStatus(): { state: string; threatCount: number; lastTrip: string | null }; } export interface RateLimiterOptions { maxRequests?: number; windowMs?: number; maxThreatsPerWindow?: number; onLimit?: () => void; } export declare class RateLimiter { constructor(options?: RateLimiterOptions); recordRequest(): { allowed: boolean; reason?: string }; getStatus(): { requests: number; threats: number }; } export declare function shadowMode(shield: AgentShield, options?: { onThreat?: (result: ScanResult) => void }): AgentShield; // ========================================================================= // Canary // ========================================================================= export interface CanaryToken { token: string; description: string; instruction: string; createdAt: string; } export interface CanaryCheckResult { leaked: boolean; leaks: Array<{ token: string; description: string }>; } export declare class CanaryTokens { constructor(options?: { onTriggered?: (leak: any) => void }); generate(description: string): CanaryToken; check(text: string): CanaryCheckResult; } export interface LeakResult { leaked: boolean; leaks: Array<{ severity: string; description: string; pattern: string }>; } export declare class PromptLeakDetector { constructor(options?: { systemPrompt?: string; sensitiveStrings?: string[] }); scan(text: string, source?: string): LeakResult; } // ========================================================================= // PII // ========================================================================= export interface PIIResult { hasPII: boolean; findings: Array<{ type: string; description: string; count: number }>; } export interface RedactResult { redacted: string; count: number; findings: PIIResult['findings']; } export declare class PIIRedactor { constructor(options?: { categories?: string[]; logging?: boolean }); detect(text: string): PIIResult; redact(text: string): RedactResult; } export interface DLPRule { name: string; pattern: string; action: 'block' | 'redact' | 'warn'; severity?: string; replacement?: string; } export declare class DLPEngine { constructor(rules?: DLPRule[]); scan(text: string): { violations: Array<{ rule: string; action: string; severity: string }> }; enforce(text: string): { text: string; blocked: boolean; violations: any[] }; } export declare class ContentPolicy { constructor(options?: { blockedCategories?: string[] }); check(text: string): { allowed: boolean; violations: string[] }; } // ========================================================================= // Tool Guard // ========================================================================= export interface ToolCheckResult { allowed: boolean; reason?: string; } export declare class PermissionBoundary { constructor(options: { allowedTools?: string[]; blockedTools?: string[]; tools?: Record; }); check(toolName: string, args: any): ToolCheckResult; } export interface SequenceResult { suspicious: boolean; matches: Array<{ name: string; description: string; severity: string }>; } export declare class ToolSequenceAnalyzer { constructor(options?: { onSuspicious?: (info: SequenceResult) => void }); record(toolName: string, args?: any): SequenceResult; reset(): void; } export declare class InputQuarantine { constructor(options?: { maxQueueSize?: number }); quarantine(input: string, metadata?: any): { id: string; input: string }; release(id: string): any | null; reject(id: string): boolean; getPending(): any[]; } // ========================================================================= // Conversation // ========================================================================= export declare class FragmentationDetector { constructor(options?: { windowSize?: number; onDetection?: (info: any) => void }); addMessage(text: string): { fragmented: boolean; matches?: any[] }; getHistory(): any[]; reset(): void; } export declare class LanguageSwitchDetector { constructor(); analyze(text: string): { switched: boolean; scripts: string[]; details: any }; reset(): void; } export declare class TokenBudgetAnalyzer { constructor(options?: { maxTokens?: number }); analyze(text: string): { tokens: number; overBudget: boolean }; } export declare class InstructionHierarchy { constructor(options?: { levels?: string[] }); classify(text: string): { level: string; priority: number }; } export declare class BehavioralFingerprint { constructor(options?: { learningPeriod?: number; stdDevThreshold?: number; onAnomaly?: (info: any) => void }); record(event: { inputLength?: number; responseTimeMs?: number; toolName?: string; threatCount?: number }): { anomalies: any[]; isLearning: boolean }; getProfile(): any; reset(): void; } // ========================================================================= // Multi-Agent // ========================================================================= export declare class AgentFirewall { constructor(options?: ShieldOptions); validateMessage(from: string, to: string, message: string): ScanResult; } export declare class DelegationChain { constructor(options?: { maxDepth?: number }); start(requestId: string, originAgent: string, originalInput?: string): any; delegate(requestId: string, fromAgent: string, toAgent: string, action: string, permissions?: string): { allowed: boolean; depth: number; chain: any; reason?: string }; complete(requestId: string): void; getChain(requestId: string): any; getActiveChain(agentId: string): any; getAllChains(): any[]; reset(): void; } export declare class SharedThreatState { constructor(options?: { ttlMs?: number; onBroadcast?: (threat: any) => void }); subscribe(agentId: string, callback: (threat: any) => void): void; unsubscribe(agentId: string): void; broadcast(reportingAgent: string, threat: { signature: string; category: string; severity: string; description?: string }): void; isKnown(signature: string): any | null; getActiveThreats(): any[]; reset(): void; } // ========================================================================= // Encoding // ========================================================================= export declare class SteganographyDetector { constructor(); scan(text: string): { detected: boolean; findings: any[] }; } export declare class EncodingBruteforceDetector { constructor(); check(text: string): { detected: boolean; decoded: string; encoding: string }; reset(): void; } export declare class StructuredDataScanner { constructor(); scanJSON(json: string, source?: string): { clean: boolean; threats: Threat[] }; } // ========================================================================= // Watermark // ========================================================================= export declare class OutputWatermark { constructor(options?: { key?: string }); embed(text: string): string; extract(text: string): { watermarked: boolean; valid: boolean }; strip(text: string): string; } export declare class DifferentialPrivacy { constructor(options?: { epsilon?: number }); addNoise(value: number): number; anonymize(text: string): string; } // ========================================================================= // Policy // ========================================================================= export interface PolicyConfig { sensitivity?: string; blockOnThreat?: boolean; blockThreshold?: string; logging?: boolean; circuitBreaker?: CircuitBreakerOptions; rateLimiter?: RateLimiterOptions; permissions?: any; pii?: any; dlp?: any; contentPolicy?: any; } export declare function loadPolicy(config: PolicyConfig): PolicyConfig; export declare function loadPolicyFile(filePath: string): PolicyConfig; export declare const LOG_LEVEL: { DEBUG: 'debug'; INFO: 'info'; WARN: 'warn'; ERROR: 'error'; CRITICAL: 'critical'; }; export declare class StructuredLogger { constructor(options?: { console?: boolean; file?: string; serviceName?: string }); log(level: string, event: string, data?: any): void; logScan(result: ScanResult, metadata?: any): void; logBlock(reason: string, source: string, data?: any): void; getEntries(): any[]; } export declare class WebhookAlert { constructor(options: { url: string; events?: string[] }); send(event: string, data: any): Promise; } // ========================================================================= // Integrations // ========================================================================= export declare class ShieldCallbackHandler { constructor(options?: ShieldOptions & { pii?: boolean; onThreat?: (info: any) => void }); handleLLMStart(llm: any, prompts: string[]): Promise; handleLLMEnd(output: any): Promise; handleChainStart(chain: any, inputs: any): Promise; handleToolStart(tool: any, input: string): Promise; getStats(): ShieldStats; } export declare function shieldAnthropicClient(client: any, options?: ShieldOptions & { pii?: boolean; circuitBreaker?: CircuitBreakerOptions; onThreat?: (info: any) => void; }): any; export declare function shieldOpenAIClient(client: any, options?: ShieldOptions & { pii?: boolean; circuitBreaker?: CircuitBreakerOptions; onThreat?: (info: any) => void; }): any; export declare function shieldVercelAI(options?: ShieldOptions & { onThreat?: (info: any) => void; }): any; export declare function shieldFetch(fetchFn: typeof fetch, options?: ShieldOptions): typeof fetch; export declare class ShieldBlockError extends Error { threats: Threat[]; code: string; constructor(message: string, threats?: Threat[]); } // ========================================================================= // Red Team // ========================================================================= export interface AttackPayload { name: string; text: string; difficulty: 'easy' | 'medium' | 'hard'; } export interface AttackResult { category: string; attack: string; difficulty: string; detected: boolean; threats: Threat[]; scanTimeMs: number; text: string; } export interface RedTeamReport { summary: { total: number; detected: number; missed: number; detectionRate: string; avgScanTimeMs: number; }; byDifficulty: Array<{ difficulty: string; total: number; detected: number; rate: string }>; byCategory: Array<{ category: string; total: number; detected: number; rate: string }>; missedAttacks: Array<{ category: string; attack: string; difficulty: string; text: string }>; grade: string; } export declare class AttackSimulator { constructor(options?: { sensitivity?: string; customPatterns?: any[] }); runCategory(category: string): AttackResult[]; runAll(): Record; runMultiTurn(scanFn: (message: string, turnIndex: number) => ScanResult): any[]; runCustom(payloads: AttackPayload[]): AttackResult[]; generateReport(): RedTeamReport; formatReport(): string; reset(): void; } export declare class PayloadFuzzer { constructor(options?: { mutations?: number; sensitivity?: string }); fuzz(basePayload: string): { totalMutations: number; detected: number; evaded: number; evasionRate: string; evasions: Array<{ mutation: string; text: string }>; }; } export declare function getAttackCategories(): Array<{ key: string; name: string; description: string; payloadCount: number }>; export declare function getPayloads(category: string): AttackPayload[] | null; // ========================================================================= // Shield Score & Benchmarks // ========================================================================= export interface ShieldScore { score: number; grade: string; label: string; emoji: string; categories: Array<{ key: string; name: string; weight: number; description: string; score: number; detected: number; total: number; }>; recommendations: Array<{ category: string; priority: string; message: string; missedAttacks: string[] }>; benchmarkTimeMs: number; timestamp: string; } export declare class ShieldScoreCalculator { constructor(options?: { sensitivity?: string; scanFn?: (text: string) => ScanResult }); calculate(): ShieldScore; formatReport(): string; } // ========================================================================= // Threat Encyclopedia // ========================================================================= export interface ThreatEntry { id: string; name: string; category: string; severity: string; summary: string; description: string; aliases: string[]; discoveredDate: string; mitreTactic: string; examples: Array<{ name: string; payload?: string; turns?: string[]; explanation: string }>; mitigations: string[]; references: Array<{ title: string; url: string }>; relatedThreats: string[]; } export interface DailyPattern { id: string; title: string; threat: string; description: string; realWorldExample: string; howToDefend: string; tags: string[]; } export declare class ThreatEncyclopedia { constructor(); getAll(): ThreatEntry[]; get(idOrKey: string): ThreatEntry | null; search(query: string): ThreatEntry[]; getByCategory(category: string): ThreatEntry[]; getBySeverity(severity: string): ThreatEntry[]; getPatternOfTheDay(): DailyPattern; getAllPatterns(): DailyPattern[]; getRelated(idOrKey: string): ThreatEntry[]; getCategories(): Array<{ name: string; count: number; severities: string[] }>; formatThreat(idOrKey: string): string; } // ========================================================================= // Compliance // ========================================================================= export interface ComplianceReport { framework: string; version: string; date: string; summary: { total: number; compliant: number; available: number; manual: number; complianceRate: string }; controls: Array<{ id: string; name: string; check: string; description: string; status: string; feature: string; module: string | null }>; } export declare class ComplianceReporter { constructor(options?: { enabledModules?: string[]; framework?: string }); generateReport(frameworkId?: string): ComplianceReport; generateAllReports(): Record; formatReport(report: ComplianceReport): string; } export declare class AuditTrail { constructor(options?: { maxEvents?: number; autoFlush?: boolean; flushPath?: string }); record(event: any): any; recordScan(input: string, result: ScanResult, metadata?: any): any; recordBlock(reason: string, input: string, threats?: Threat[], metadata?: any): any; recordToolCall(tool: string, args: any, result: any, metadata?: any): any; exportJSON(): string; exportCSV(): string; flush(filePath?: string): void; query(filters?: { type?: string; blocked?: boolean; since?: string; until?: string; minThreats?: number }): any[]; getSummary(): { total: number; scans: number; blocks: number; toolCalls: number; threats: number }; clear(): void; } export declare class IncidentPlaybook { constructor(); get(threatType: string): any | null; getAll(): any[]; recommend(scanResult: ScanResult): any | null; format(playbook: any): string; } export interface ChecklistItem { item: string; priority: 'critical' | 'high' | 'medium' | 'low'; checked: boolean; } export interface Checklist { environment: string; date: string; totalItems: number; categories: Array<{ name: string; items: ChecklistItem[] }>; } export declare class SecurityChecklistGenerator { constructor(); generate(environment?: string): Checklist; format(checklist: Checklist): string; } // ========================================================================= // Enterprise // ========================================================================= export declare class MultiTenantShield { constructor(options?: { defaultPolicy?: ShieldOptions; globalOverrides?: Partial; onTenantCreated?: (id: string, policy: any) => void }); registerTenant(tenantId: string, policy?: ShieldOptions): MultiTenantShield; getTenant(tenantId: string): any; scan(tenantId: string, text: string, options?: any): ScanResult & { tenantId: string }; scanInput(tenantId: string, text: string): ScanResult; scanOutput(tenantId: string, text: string): ScanResult; updatePolicy(tenantId: string, policy: Partial): any; getAllStats(): Record; removeTenant(tenantId: string): boolean; readonly size: number; } export interface RoleConfig { name: string; sensitivity: string; blockOnThreat: boolean; allowedTools: string[] | '*'; blockedTools: string[] | '*'; bypassCircuitBreaker: boolean; canViewAuditTrail: boolean; canModifyPolicy: boolean; } export declare class RoleBasedPolicy { constructor(options?: { customRoles?: Record> }); assignRole(userId: string, role: string): RoleBasedPolicy; getPolicy(userId: string): RoleConfig & { role: string }; scan(userId: string, text: string, options?: any): ScanResult & { userId: string; role: string }; checkToolAccess(userId: string, toolName: string): ToolCheckResult; defineRole(name: string, config: Partial): RoleBasedPolicy; getRoles(): Array<{ key: string } & RoleConfig>; } export declare class DebugShield { constructor(options?: ShieldOptions & { debug?: boolean; maxTraces?: number; verbose?: boolean }); scan(text: string, options?: any): ScanResult & { _trace: any }; getTraces(): any[]; getRecentTraces(n?: number): any[]; exportTraces(): string; clearTraces(): void; getTimingStats(): { count: number; min: number; max: number; avg: number; median: number; p95: number; p99: number } | null; } // ========================================================================= // Badges // ========================================================================= export declare class BadgeGenerator { static shieldScore(score: number): string; static protectionStatus(enabled?: boolean): string; static detectionRate(rate: string | number): string; static scanCount(count: number): string; static compliance(framework: string, rate: string | number): string; static custom(label: string, value: string, color?: string): string; static markdownBadges(options?: { score?: number; detectionRate?: string }): string; static generateSVG(label: string, value: string, color: string): string; } export declare class GitHubActionReporter { constructor(); reportScan(result: ScanResult, file?: string, line?: number): void; setOutputs(results: ScanResult): void; createSummary(shieldScore: ShieldScore | null, scanResults: ScanResult | null): string; } // ========================================================================= // Allowlist & Feedback // ========================================================================= export declare class Allowlist { constructor(options?: { patterns?: Array }); addRule(pattern: string | RegExp, options?: { threat?: string; reason?: string }): void; removeRule(pattern: string): boolean; check(text: string): boolean; filterThreats(threats: Threat[], text: string): Threat[]; getRules(): any[]; getStats(): { totalChecks: number; totalBypasses: number; ruleCount: number }; exportRules(): string; importRules(json: string): void; } export declare class ConfidenceCalibrator { constructor(); record(predicted: number, actual: boolean): void; getMetrics(): { total: number; accuracy: number; precision: number; recall: number }; getCategoryBreakdown(): Record; suggestThresholds(): any[]; reset(): void; } export declare class FeedbackLoop { constructor(options?: { onFeedback?: (entry: any) => void }); reportFalsePositive(scanResult: ScanResult, reason?: string): any; reportMissed(text: string, expectedCategory?: string): any; confirmDetection(id: string): void; confirmSafe(id: string): void; autoAllowlist(allowlist: Allowlist): number; getPendingReviews(): any[]; getSuggestions(): any[]; getStats(): { falsePositives: number; missed: number; confirmed: number; pending: number; total: number }; } export declare class ScanCache { constructor(options?: { maxSize?: number; ttlMs?: number }); get(text: string, sensitivity?: string): ScanResult | null; set(text: string, sensitivity: string, result: ScanResult): void; wrap(scanFn: (text: string, sensitivity: string) => ScanResult): (text: string, sensitivity: string) => ScanResult; clear(): void; prune(): number; getStats(): { hits: number; misses: number; evictions: number; size: number; maxSize: number; hitRate: string }; } // ========================================================================= // Presets & Config Builder // ========================================================================= export declare class ConfigBuilder { constructor(); sensitivity(level: string): ConfigBuilder; blockOnThreat(enabled?: boolean): ConfigBuilder; logging(enabled?: boolean): ConfigBuilder; onThreat(callback: (result: ScanResult) => void): ConfigBuilder; build(): ShieldOptions; } export declare class SnippetGenerator { constructor(); generate(options?: { framework?: string; language?: string }): string; } export declare function getPresets(): Record; export declare function getPreset(name: string): any; // ========================================================================= // Advanced Scanners // ========================================================================= export declare class RAGScanner { constructor(options?: ShieldOptions); scanDocument(text: string, source?: string): ScanResult; scanChunk(chunk: string, metadata?: any): ScanResult; } export declare class PromptLinter { constructor(options?: { rules?: string[] }); lint(prompt: string): Array<{ rule: string; severity: string; message: string; line?: number }>; } export declare class ToolSchemaValidator { constructor(options?: { strict?: boolean }); validate(tool: any): { valid: boolean; issues: string[] }; } // ========================================================================= // Production // ========================================================================= export declare class SamplingScanner { constructor(options?: ShieldOptions & { sampleRate?: number }); scan(text: string, options?: any): ScanResult | null; } export declare class ShadowComparison { constructor(options?: { primary: AgentShield; shadow: AgentShield }); scan(text: string): { primary: ScanResult; shadow: ScanResult; diverged: boolean }; } export declare class GracefulScanner { constructor(options?: ShieldOptions & { timeoutMs?: number; fallback?: ScanResult }); scan(text: string, options?: any): ScanResult; } export declare class ThreatReplay { constructor(); record(input: string, result: ScanResult): void; replay(scanFn: (text: string) => ScanResult): Array<{ input: string; original: ScanResult; replayed: ScanResult; match: boolean }>; replayOne(index: number, scanFn: (text: string) => ScanResult): any; getRecordings(): any[]; clear(): void; } export declare class AttackAttributionChain { constructor(); recordMessage(conversationId: string, message: string, scanResult: ScanResult, metadata?: any): void; getKillChain(conversationId: string): any; getCompromisedConversations(): any[]; clear(): void; } export declare class DiffReporter { constructor(); takeSnapshot(name: string, scanResult: ScanResult): void; compare(beforeName: string, afterName: string): { added: Threat[]; removed: Threat[]; unchanged: Threat[]; changed: any }; getSnapshots(): string[]; } export declare class PostureTracker { constructor(); record(data: { score: number; detectionRate?: number; [key: string]: any }): void; getTrend(): { improving: boolean; scores: number[]; average: number }; getSummary(): any; } // ========================================================================= // Testing & Contracts // ========================================================================= export declare class TestSuiteGenerator { constructor(options?: { shield?: AgentShield }); generate(options?: { categories?: string[] }): Array<{ name: string; input: string; expectedDetected: boolean; category: string }>; run(options?: any): { passed: number; failed: number; total: number; results: any[] }; } export declare class AgentContract { constructor(options?: { rules?: Array<{ name: string; check: (result: ScanResult) => boolean }> }); addRule(name: string, checkFn: (result: ScanResult) => boolean): AgentContract; mustNotExfiltrateData(): AgentContract; mustNotExecuteCode(): AgentContract; mustNotAccessPath(path: string): AgentContract; mustStayOnTopic(topic: string): AgentContract; maxResponseLength(maxLen: number): AgentContract; validate(result: ScanResult): { valid: boolean; violations: string[] }; getViolations(): any[]; } export declare class BreakglassProtocol { constructor(options?: { defaultDurationMs?: number; onActivate?: () => void; onDeactivate?: () => void }); activate(options: { reason: string; user?: string; durationMs?: number }): { success: boolean; reason?: string }; deactivate(user?: string): void; isActive(): boolean; wrap(scanFn: (text: string) => ScanResult): (text: string) => ScanResult; getAuditLog(): any[]; getStatus(): any; } // ========================================================================= // Multi-Agent Trust // ========================================================================= export declare class MessageSigner { constructor(options?: { algorithm?: string }); registerAgent(agentId: string, secret: string): boolean; generateSecret(agentId: string): string; sign(fromAgent: string, message: any): { from: string; timestamp: number; nonce: string; payload: any; signature: string }; verify(envelope: { from: string; timestamp: number; nonce: string; payload: any; signature: string }, maxAgeMs?: number): { valid: boolean; reason?: string }; getVerificationLog(): any[]; getStats(): any; } export declare class CapabilityToken { constructor(options?: { issuer?: string; secret?: string }); issue(agentId: string, capabilities: string[], ttlMs?: number): string; verify(token: string, requiredCapability?: string): { valid: boolean; agentId?: string; capabilities?: string[]; expired?: boolean }; } export declare class DelegationManager { constructor(options?: { maxDepth?: number; secret?: string }); issue(agentId: string, capabilities: string[], options?: { ttlMs?: number; constraints?: any }): string; check(tokenId: string, capability: string, context?: any): { allowed: boolean; reason?: string }; revoke(tokenId: string): boolean; getAuditLog(): any[]; getActiveTokens(): any[]; } export declare class BlastRadiusContainer { constructor(options?: { maxIncidents?: number }); defineZone(zone: { name: string; agents?: string[]; allowedCapabilities?: string[]; blockedCapabilities?: string[]; canCommunicateWith?: string[]; maxConcurrentActions?: number; description?: string }): boolean; checkAction(agentId: string, action: string, targetZone?: string): { allowed: boolean; reason?: string }; releaseAction(agentId: string): void; quarantine(zoneName: string, reason?: string): boolean; unquarantine(zoneName: string): boolean; getZones(): any[]; getIncidents(): any[]; } // ========================================================================= // Extended Policy & Intelligence // ========================================================================= export declare class ABTestRunner { constructor(options?: { variants: Array<{ name: string; config: ShieldOptions }> }); run(text: string): Array<{ variant: string; result: ScanResult }>; } export declare class ThreatIntelFeed { constructor(); addIndicator(indicator: { type: string; value: string; severity?: string }): void; check(text: string): { matches: any[] }; } export declare class PatternBuilder { constructor(); add(regex: RegExp, options: { severity: string; category: string; description: string }): PatternBuilder; build(): Pattern[]; } export declare class Doctor { constructor(); diagnose(shield?: AgentShield): { healthy: boolean; issues: string[]; recommendations: string[] }; } export declare class GitHubActionGenerator { constructor(); generate(options?: { trigger?: string; nodeVersion?: string }): string; } export declare class SOCIntegration { constructor(options?: { format?: string }); formatAlert(threat: Threat, metadata?: any): any; } export declare class MigrationGuide { constructor(); from(version: string): { steps: string[]; breaking: string[] }; } export declare class Playground { constructor(options?: ShieldOptions); configure(options: ShieldOptions): void; test(text: string): ScanResult & { latencyMs: number }; getHistory(): any[]; clear(): void; } // ========================================================================= // Streaming // ========================================================================= export declare class StreamScanner { constructor(options?: { sensitivity?: string; chunkSize?: number; onThreat?: (threat: Threat) => void }); write(chunk: string): { threats: Threat[]; buffered: number }; flush(): { threats: Threat[] }; reset(): void; } export declare class TokenStreamScanner { constructor(options?: { sensitivity?: string; windowSize?: number }); addToken(token: string): { threats: Threat[] }; flush(): { threats: Threat[] }; } export declare class StreamBuffer { constructor(options?: { windowSize?: number }); push(token: string): void; getWindow(): string; getFullText(): string; lastN(n: number): string; clear(): void; } export declare function createStreamWrapper(stream: any, options?: { sensitivity?: string; extractText?: (chunk: any) => string; onThreat?: (threat: Threat) => void }): any; export declare function scanAsyncIterator(iterator: AsyncIterable, options?: { sensitivity?: string; extractText?: (chunk: any) => string; onThreat?: (threat: Threat) => void }): Promise<{ threats: Threat[]; text: string }>; // ========================================================================= // Plugin System // ========================================================================= export declare class PluginManager { constructor(); register(plugin: { name: string; version?: string; hooks?: Record }): void; unregister(name: string): boolean; getPlugins(): Array<{ name: string; version: string }>; } export declare class PluginTemplate { static create(options: { name: string; version?: string }): any; } export declare class PluginSandbox { constructor(options?: { timeoutMs?: number }); run(fn: Function, ...args: any[]): any; } // ========================================================================= // Token Analysis // ========================================================================= export declare class EntropyAnalyzer { constructor(); analyze(text: string): { entropy: number; suspicious: boolean; charDistribution: Record }; } export declare class PerplexityEstimator { constructor(); estimate(text: string): { perplexity: number; suspicious: boolean }; } export declare class BurstDetector { constructor(options?: { windowSize?: number; threshold?: number }); addEvent(event?: any): { burst: boolean; count: number }; reset(): void; } export declare class TextStatistics { static analyze(text: string): { wordCount: number; charCount: number; avgWordLength: number; uniqueWords: number; entropy: number }; } // ========================================================================= // Document Scanner // ========================================================================= export declare class DocumentScanner { constructor(options?: { sensitivity?: string }); scan(document: string, metadata?: any): ScanResult; } export declare class TextExtractor { static fromHTML(html: string): string; static fromMarkdown(md: string): string; } export declare class IndirectInjectionScanner { constructor(options?: { sensitivity?: string }); scan(text: string, source?: string): ScanResult; } // ========================================================================= // Tool Output Validator // ========================================================================= export declare class ToolOutputValidator { constructor(options?: { sensitivity?: string; maxOutputSize?: number }); validate(toolName: string, output: any): { safe: boolean; threats: Threat[]; sanitized?: any }; } export declare class OutputSanitizer { constructor(options?: { stripHTML?: boolean; maxLength?: number }); sanitize(output: string): string; } // ========================================================================= // Response Handler // ========================================================================= export declare class ResponseHandler { constructor(options?: { templates?: Record; defaultAction?: string }); handle(scanResult: ScanResult): { action: string; response: string; original?: any }; } export declare class ResponseTemplates { static get(name: string): string; static getAll(): Record; } export declare class ReviewQueue { constructor(options?: { maxSize?: number }); add(item: any): string; approve(id: string): any; reject(id: string): any; getPending(): any[]; getStats(): { pending: number; approved: number; rejected: number }; } // ========================================================================= // Worker Scanner // ========================================================================= export declare class WorkerScanner { constructor(options?: { workerCount?: number }); scan(text: string): Promise; shutdown(): void; } export declare class ScanQueue { constructor(options?: { concurrency?: number; maxQueue?: number }); enqueue(text: string): Promise; getStats(): { queued: number; processing: number; completed: number }; } // ========================================================================= // Alert Tuning // ========================================================================= export declare class AlertFatigueAnalyzer { constructor(options?: { windowMs?: number; maxAlerts?: number }); record(alert: any): { fatigued: boolean; suppressed: boolean; count: number }; getStats(): { total: number; suppressed: number; fatigueRate: string }; } export declare class AutoTuner { constructor(options?: { targetFPRate?: number }); record(scanResult: ScanResult, wasActuallyMalicious: boolean): void; getSuggestions(): Array<{ action: string; reason: string }>; } export declare class AlertCorrelator { constructor(options?: { windowMs?: number }); correlate(alert: any): { correlated: boolean; group?: string; relatedAlerts?: any[] }; } // ========================================================================= // OpenTelemetry // ========================================================================= export declare class ShieldMetrics { constructor(options?: { serviceName?: string }); recordScan(result: ScanResult, durationMs: number): void; recordBlock(reason: string): void; getMetrics(): Record; } export declare class ShieldTracer { constructor(options?: { serviceName?: string }); startSpan(name: string): { end: () => void; setAttribute: (key: string, value: any) => void }; } export declare class MetricsDashboard { constructor(options?: { refreshInterval?: number }); getSummary(): any; } // ========================================================================= // Certification // ========================================================================= export declare class CertificationRunner { constructor(options?: { sensitivity?: string }); runCertification(): Promise<{ passed: boolean; score: number; certificate: Certificate }>; } export declare class Certificate { constructor(data: any); toText(): string; toJSON(): any; } export declare class CertificationHistory { constructor(); record(cert: Certificate): void; getHistory(): Certificate[]; } // ========================================================================= // MCP Server // ========================================================================= export declare class MCPServer { constructor(options?: { port?: number }); start(): Promise; stop(): Promise; } export declare class MCPToolHandler { constructor(shield: AgentShield); handleToolCall(name: string, args: any): Promise; } // ========================================================================= // MCP Bridge (v6.0) // ========================================================================= export declare class MCPBridge { constructor(options?: { scanner?: Function; allowedTools?: string[]; blockedTools?: string[]; scanInputs?: boolean; scanOutputs?: boolean; maxToolCallsPerMinute?: number }); wrapToolCall(toolName: string, args?: object): { allowed: boolean; threats: Threat[]; sanitizedArgs: object; reason: string | null }; wrapToolResult(toolName: string, result: any): { safe: boolean; threats: Threat[]; sanitizedResult?: any }; validateToolSchema(schema?: object): { valid: boolean; issues: string[] }; getStats(): object; } export declare class MCPToolPolicy { constructor(rules?: Array<{ id?: string; tool: string; action: string; conditions?: object }>); evaluate(toolName: string, args?: object, context?: object): { action: string; rule: string | null }; addRule(rule: object): void; removeRule(ruleId: string): boolean; toJSON(): object; } export declare class MCPSessionGuard { constructor(sessionId: string, options?: { maxToolCalls?: number; maxTokenBudget?: number; ttlMs?: number }); trackToolCall(toolName: string, args?: object): { allowed: boolean; reason?: string }; checkBudget(): { withinBudget: boolean; remaining: number }; getSessionReport(): object; reset(): void; } export declare class MCPResourceScanner { constructor(options?: { scanner?: Function }); scanResource(uri: string, content: string, mimeType?: string): { safe: boolean; threats: Threat[]; uri: string }; scanPromptTemplate(template: string): { safe: boolean; threats: Threat[] }; } export declare function createMCPMiddleware(options?: { scanner?: Function; allowedTools?: string[]; blockedTools?: string[]; scanInputs?: boolean; scanOutputs?: boolean }): { onToolCall(toolName: string, args: object): { allowed: boolean; threats: Threat[]; sanitizedArgs: object; reason: string | null }; onToolResult(toolName: string, result: any): { safe: boolean; threats: Threat[] }; onResourceAccess(uri: string, content: string, mimeType?: string): { safe: boolean; threats: Threat[] }; getBridge(): MCPBridge; }; // ========================================================================= // MCP SDK Integration (v7.1) // ========================================================================= export declare function shieldMCPServer(server: any, options?: { scanInputs?: boolean; scanOutputs?: boolean; blockOnThreat?: boolean; sensitivity?: string; onThreat?: (info: any) => void }): any; export declare function createMCPSecurityLayer(options?: { scanInputs?: boolean; scanOutputs?: boolean; blockOnThreat?: boolean; sensitivity?: string }): object; // ========================================================================= // CTF // ========================================================================= export declare class CTFEngine { constructor(options?: { difficulty?: string }); getChallenge(id: string): any; submitAnswer(id: string, answer: string): { correct: boolean; score: number }; getScoreboard(): any; } export declare class CTFReporter { constructor(); formatReport(scoreboard: any): string; } export declare const CHALLENGES: any[]; // ========================================================================= // Observability // ========================================================================= export declare class PrometheusExporter { constructor(options?: { prefix?: string }); increment(name: string, labels?: Record): void; observe(name: string, value: number, labels?: Record): void; set(name: string, value: number, labels?: Record): void; metrics(): string; wrapShield(shield: AgentShield): AgentShield; } export declare class DatadogLogger { constructor(options?: { service?: string; env?: string; version?: string; maxBuffer?: number }); log(event: string, data?: any): void; logScan(result: ScanResult, metadata?: any): void; logThreat(threat: Threat, metadata?: any): void; logBlock(reason: string, metadata?: any): void; flush(): any[]; } export declare class MetricsCollector { constructor(options?: { ttlMs?: number; maxEvents?: number }); record(event: { type: string; durationMs?: number; threats?: number; category?: string }): void; getSummary(windowMs?: number): { scansPerSec: number; threatsPerSec: number; p50: number; p95: number; p99: number; topCategories: Array<{ category: string; count: number }> }; } // ========================================================================= // Adaptive Detection // ========================================================================= export declare class AdaptiveDetector { constructor(options?: { storagePath?: string }); recordFalsePositive(text: string, category: string): void; recordFalseNegative(text: string, category: string): void; shouldSuppress(text: string, category: string): boolean; getBoost(text: string, category: string): number; adjustResult(scanResult: ScanResult): ScanResult; getStats(): { falsePositives: number; falseNegatives: number }; save(): void; load(): void; } export declare class SemanticAnalysisHook { constructor(options: { classifier: (text: string, threats: Threat[]) => Promise<{ override: boolean; reason: string }>; timeoutMs?: number }); analyze(text: string, scanResult: ScanResult): Promise; getStats(): { overrides: number; errors: number; avgLatencyMs: number }; } export declare class CommunityPatterns { constructor(options?: { path?: string }); load(): void; getPatterns(): Pattern[]; merge(existingPatterns: Pattern[]): Pattern[]; getVersion(): string; } // ========================================================================= // OWASP LLM Top 10 v2025 (v6.0) // ========================================================================= export declare class OWASPCoverageMatrix { constructor(options?: { agentShield?: AgentShield; organizationName?: string }); getCoverage(): object; getCoverageScore(): { score: number; covered: number; total: number }; getGaps(): Array<{ id: string; name: string; recommendation: string }>; getRecommendations(): Array<{ id: string; priority: string; action: string }>; validateCompliance(scanResults?: object): object; getCoverageReport(format?: 'text' | 'markdown'): string; } // ========================================================================= // NIST AI RMF Mapping (v6.0) // ========================================================================= export declare class NISTMapper { constructor(options?: { organizationName?: string; systemName?: string; riskLevel?: 'low' | 'medium' | 'high' | 'critical' }); getCoverageMap(): object; getCoverageScore(): { score: number; covered: number; total: number }; getGaps(): Array<{ id: string; name: string; recommendation: string }>; generateProfile(systemDescription?: string): object; generateReport(format?: 'text' | 'markdown'): string; } export declare class AIBOMGenerator { constructor(options?: { format?: 'spdx' | 'cyclonedx' | 'custom'; organizationName?: string; systemName?: string }); addComponent(component: object): void; addModel(model: object): void; addDataset(dataset: object): void; addService(service: object): void; generate(): object; validate(): { valid: boolean; errors: string[] }; toJSON(): object; toSPDX(): object; toCycloneDX(): object; } export declare class NISTComplianceChecker { constructor(nistMapper: NISTMapper); checkAgainstProfile(profile: object, currentState?: object): object; generateActionPlan(): object; generateAuditArtifact(format?: 'json' | 'text'): any; } // ========================================================================= // EU AI Act Compliance (v6.0) // ========================================================================= export declare class RiskClassifier { constructor(options?: { sector?: string; purpose?: string; dataTypes?: string[] }); classify(systemDescription?: string): { riskLevel: string; category: string; articles: string[] }; getApplicableArticles(): object[]; generateRiskAssessment(): object; } export declare class ConformityAssessment { constructor(systemInfo?: { name?: string; provider?: string; version?: string }); addEvidence(reqArticle: string, evidence: string): void; checkRequirement(reqArticle: string): object; getStatus(): object; generateReport(format?: 'json' | 'text'): any; generateTechnicalDocumentation(): object; generateDeclarationOfConformity(): object; } export declare class TransparencyReporter { constructor(options?: { providerName?: string }); generateModelCard(modelInfo?: object): object; generateTrainingDataSummary(dataInfo?: object): object; generateCopyrightPolicy(): object; generateEnergyReport(metrics?: object): object; } export declare class EUIncidentReporter { constructor(options?: { providerName?: string; contactEmail?: string; nationalAuthority?: string }); createReport(incident?: object): object; getNotificationDeadline(severity?: string): object; generateCorrective(incident?: object): object; } export declare class EUAIActDashboard { constructor(riskClassifier?: RiskClassifier, conformity?: ConformityAssessment); getComplianceStatus(): object; getDeadlines(): object[]; getActionItems(): object[]; } // ========================================================================= // Prompt Leakage Detection (v6.0) // ========================================================================= export declare class PromptFingerprinter { constructor(); fingerprint(text: string): object; compare(fp: object, text: string): { similarity: number; leaked: boolean }; detectPartialLeak(fp: object, output: string): { leaked: boolean; matches: any[] }; } export declare class SystemPromptGuard { constructor(options?: { systemPrompt?: string; sensitivity?: 'low' | 'medium' | 'high'; enableFingerprinting?: boolean }); registerSystemPrompt(prompt: string): void; scanInput(input: string): { suspicious: boolean; threats: any[]; action: string }; scanOutput(output: string): { leaked: boolean; findings: any[]; leakageScore: number }; getLeakageScore(output: string): number; getStats(): object; } export declare class PromptLeakageMitigation { constructor(); addDefenseLayer(prompt: string): string; wrapPrompt(prompt: string): string; generateDecoy(): string; } // ========================================================================= // RAG Vulnerability Scanning (v6.0) // ========================================================================= export declare class RAGVulnerabilityScanner { constructor(options?: { chunkSize?: number; overlapSize?: number; maxRetrievedDocs?: number }); scanChunk(chunk: string, metadata?: object): object; scanRetrievalSet(chunks: string[], query: string): object; analyzeChunkBoundaries(chunks: string[]): object; validateMetadata(metadata: object): object; assessContextWindowRisk(systemPrompt: string, retrievedDocs: string[], userQuery: string, contextWindowSize?: number): object; getStats(): object; } export declare class EmbeddingIntegrityChecker { constructor(options?: { distanceThreshold?: number; anomalyMethod?: 'zscore' | 'isolation' }); checkDistribution(embeddings: number[][]): object; detectOutliers(embeddings: number[][], labels?: string[]): object; measureDrift(baselineEmbeddings: number[][], currentEmbeddings: number[][]): object; validateEmbeddingConsistency(text: string, embedding: number[]): object; } export declare class RAGPipelineAuditor { constructor(pipelineConfig?: { chunkingStrategy?: string; embeddingModel?: string; vectorDB?: string }); audit(): object; getVulnerabilities(): object[]; getRecommendations(): object[]; generateReport(format?: 'text' | 'markdown'): string; } // ========================================================================= // Benchmark Harness (v5.0) // ========================================================================= export declare class DatasetLoader { load(filePath: string): { entries: object[]; meta: object }; validate(entries: object[]): { valid: boolean; errors: string[] }; fromBIPIA(entries: object[]): object[]; fromGarak(entries: object[]): object[]; } export declare class BenchmarkMetrics { compute(results: Array<{ entry: object; detected: boolean; expected: boolean; latencyMs: number }>): object; } export declare class RegressionTracker { constructor(options?: { f1Threshold?: number; latencyThreshold?: number }); saveBaseline(metrics: object, filePath: string): void; loadBaseline(filePath: string): object; compare(current: object, baseline: object): object; } export declare class BenchmarkReportGenerator { text(metrics: object, options?: { title?: string }): string; json(metrics: object): string; markdown(metrics: object, options?: { title?: string }): string; comparisonText(comparison: object): string; } export declare class BenchmarkHarness { constructor(options?: { warmupRuns?: number }); loadDataset(filePath: string): void; loadEntries(entries: object[]): void; run(detectorFn: (text: string) => any): object; compare(detectors: Record any>): object; formatReport(results: object): string; formatComparison(comparison: object): string; formatMarkdown(results: object): string; } // ========================================================================= // Adaptive Defense (v7.1) // ========================================================================= export declare class LearningLoop { constructor(options?: { minHitsToPromote?: number; maxLearnedPatterns?: number; promotionConfidence?: number }); ingest(attack: { text: string; category?: string; source?: string }): object; check(text: string): { matches: any[]; boosted: boolean }; recordFeedback(patternId: string, type: 'confirmed' | 'false_positive', reason?: string): void; getActivePatterns(): object[]; getReport(): object; exportPatterns(): string; importPatterns(data: string): void; } export declare class BehaviorContract { constructor(spec: { agentId: string; allowedTools?: string[]; deniedTools?: string[]; maxToolCallsPerMinute?: number; maxDelegationDepth?: number; allowedScopes?: string[]; requiredIntents?: boolean; maxResponseLength?: number; timeWindows?: Array<{ start: number; end: number }>; customValidator?: Function }); verify(action: { type: string; tool?: string; args?: any; depth?: number; scope?: string; intent?: string; responseLength?: number }): { allowed: boolean; violations: any[] }; getViolations(limit?: number): any[]; getComplianceRate(): { total: number; passed: number; violated: number; rate: string }; toJSON(): object; } export declare class ContractRegistry { constructor(); register(contract: BehaviorContract): void; onViolation(callback: (violation: any) => void): void; enforce(agentId: string, action: object): { allowed: boolean; violations: any[] }; getComplianceReport(): object; getRegisteredAgents(): string[]; } export declare class ComplianceAttestor { constructor(options?: { frameworks?: string[]; attestationIntervalMs?: number; onComplianceDrift?: Function }); updateSignal(signal: string, value: any): void; updateSignals(signals: Record): void; attest(): object; getCurrentState(): object; getHistory(limit?: number): object[]; getTrend(): object; generateProof(signingKey?: string): object; } // ========================================================================= // Constants // ========================================================================= export declare const SEVERITY_ORDER: Record; export declare const API_KEY_PATTERNS: any[]; export declare const PII_PATTERNS: Record; export declare const CONTENT_CATEGORIES: Record; export declare const SUSPICIOUS_SEQUENCES: any[]; export declare const STEGO_PATTERNS: any[]; export declare const ATTACK_PAYLOADS: Record; export declare const SCORE_CATEGORIES: Record; export declare const THREAT_ENCYCLOPEDIA: any[]; export declare const DAILY_PATTERNS: any[]; export declare const COMPLIANCE_FRAMEWORKS: Record; export declare const INCIDENT_PLAYBOOKS: Record; export declare const DEFAULT_ROLES: Record; export declare const PRESETS: Record; export declare const RAG_INJECTION_PATTERNS: any[]; export declare const LINT_RULES: any[]; export declare const DANGEROUS_TOOL_PATTERNS: any[]; export declare const ATTACK_TEMPLATES: Record; // ========================================================================= // Utilities // ========================================================================= export declare function getGrade(score: number): string; export declare function getGradeLabel(score: number): string; export declare function makeBar(value: number, max: number, width?: number): string; export declare function truncate(text: string, maxLength?: number): string; export declare function formatHeader(text: string): string; export declare function generateId(): string; export declare function extractTextFromBody(body: any): string; export interface GracefulShutdownOptions { timeoutMs?: number; cleanupFns?: Array<() => void | Promise>; logger?: (...args: any[]) => void; } export declare function createGracefulShutdown(options?: GracefulShutdownOptions): { shutdown: (signal?: string) => Promise; onShutdown: (fn: () => void | Promise) => void; }; export interface LoadEnvResult { loaded: number; errors: string[]; } export declare function loadEnvFile(options?: { path?: string; overwrite?: boolean }): LoadEnvResult; // ========================================================================= // Errors // ========================================================================= export declare function createShieldError(code: string, details?: object): Error; export declare function deprecationWarning(feature: string, replacement: string, removeVersion: string): void; // ========================================================================= // OpenClaw Integration // ========================================================================= export declare class OpenClawShieldSkill { constructor(options?: ShieldOptions & { pii?: boolean; circuitBreaker?: CircuitBreakerOptions; onThreat?: (info: any) => void }); getSkillMetadata(): string; scanInbound(message: string | object): { safe: boolean; blocked: boolean; threats: Threat[]; redacted?: string; pii?: any; stats?: any }; scanOutbound(message: string | object): { safe: boolean; blocked: boolean; threats: Threat[]; redacted?: string }; scanTool(toolName: string, args: object): { safe: boolean; blocked: boolean; threats: Threat[] }; handleToolCall(params?: object): object; } export declare function shieldOpenClawMessages(options?: ShieldOptions): { scan: (message: string) => ScanResult }; export declare function generateOpenClawSkill(outputDir: string): Promise; // ========================================================================= // Semantic Detection (v1.2) // ========================================================================= export declare class SemanticClassifier { constructor(options?: { endpoint?: string; model?: string; timeoutMs?: number; apiKey?: string; mode?: string; confidenceThreshold?: number; enabled?: boolean }); classify(text: string, context?: object): Promise<{ isThreat: boolean; confidence: number; category: string; reasoning: string; latencyMs: number }>; enhancedScan(text: string, options?: object): Promise; isAvailable(): Promise; getStats(): { totalClassifications: number; threats: number; avgLatencyMs: number }; clearCache(): void; } export declare function httpPost(url: string, body: object, options?: { timeoutMs?: number; apiKey?: string }): Promise; // ========================================================================= // Embedding Similarity (v1.2) // ========================================================================= export declare class EmbeddingSimilarityDetector { constructor(options?: { similarityThreshold?: number; topK?: number; customCorpus?: Array<{ text: string; category: string }>; enabled?: boolean }); check(text: string): { isSimilar: boolean; topMatches: Array<{ text: string; category: string; similarity: number }>; bestMatch: { text: string; category: string; similarity: number } | null }; enhancedScan(text: string, options?: object): ScanResult; addPattern(text: string, category: string): void; getStats(): object; } export declare const ATTACK_CORPUS: Array<{ text: string; category: string }>; export declare function tokenizeText(text: string): string[]; export declare function cosineSimilarity(vecA: Map, vecB: Map): number; // ========================================================================= // Context-Aware Scoring (v1.2) // ========================================================================= export declare class ConversationContextAnalyzer { constructor(options?: { maxHistory?: number; escalationThreshold?: number; decayFactor?: number; trackTopics?: boolean }); addMessage(text: string, role?: string): object; contextualScan(text: string): ScanResult; getSummary(): object; reset(): void; } export declare const ESCALATION_SIGNALS: Array<{ phase: string; patterns: RegExp[]; weight: number }>; export declare const TOPIC_PIVOT_SIGNALS: Array<{ from: string; to: string; severity: string }>; // ========================================================================= // Confidence Tuning (v1.2) // ========================================================================= export declare class ConfidenceTuner { constructor(options?: { dataDir?: string; defaultThreshold?: number; learningRate?: number; minSamples?: number }); recordFeedback(scanResult: ScanResult, label: string, notes?: string): object; getThreshold(category: string): number; applyThresholds(scanResult: ScanResult): ScanResult; tunedScan(text: string, options?: object): ScanResult; getMetrics(): { precision: number; recall: number; f1: number; accuracy: number; perCategory: Record }; getRecommendations(): Array<{ category: string; action: string; reason: string }>; reset(): void; } // ========================================================================= // Plugin Marketplace (v2.0) // ========================================================================= export declare class PluginValidator { validate(manifest: object): { valid: boolean; errors: string[]; warnings: string[]; score: number; grade: string }; runTests(manifest: object): { passed: number; failed: number; total: number; results: any[] }; } export declare class PluginRegistry { constructor(options?: { pluginDir?: string; autoValidate?: boolean }); register(manifest: object): { success: boolean; validation?: object; error?: string }; unregister(name: string): boolean; enable(name: string): boolean; disable(name: string): boolean; get(name: string): object | null; list(): Array; search(query: string): Array; scan(text: string): { threats: Threat[]; pluginsUsed: string[] }; getStats(): object; } export declare class MarketplaceClient { constructor(options?: { registryUrl?: string; timeoutMs?: number; registry?: PluginRegistry }); browse(filters?: object): Promise<{ plugins: object[]; error?: string }>; install(name: string): Promise<{ success: boolean; plugin?: object; error?: string }>; publish(manifest: object): Promise<{ success: boolean; error?: string; validation?: object }>; } // ========================================================================= // Distributed Scanning (v2.1) // ========================================================================= export declare class DistributedAdapter { set(key: string, value: any, ttlMs?: number): Promise; get(key: string): Promise; del(key: string): Promise; publish(channel: string, message: any): Promise; subscribe(channel: string, handler: (message: any) => void): Promise; incr(key: string, amount?: number): Promise; } export declare class MemoryAdapter extends DistributedAdapter { constructor(); keys(prefix: string): Promise; destroy(): void; } export declare class RedisAdapter extends DistributedAdapter { constructor(options: { client: object; prefix?: string }); } export declare class DistributedShield { constructor(options?: { adapter?: DistributedAdapter; instanceId?: string; syncIntervalMs?: number; threatTTLMs?: number }); start(): Promise; reportThreat(threat: object): Promise; getGlobalStats(): Promise; isKnownThreat(signature: string): Promise; markKnownThreat(signature: string, metadata?: object): Promise; stop(): Promise; } // ========================================================================= // Audit Streaming (v2.1) // ========================================================================= export declare class AuditTransport { send(event: object): Promise; sendBatch(events: object[]): Promise; flush(): Promise; close(): Promise; } export declare class FileTransport extends AuditTransport { constructor(options?: { filePath?: string; maxSizeMB?: number; maxFiles?: number }); } export declare class SplunkTransport extends AuditTransport { constructor(options: { url: string; token: string; index?: string; source?: string; sourcetype?: string; batchSize?: number; flushIntervalMs?: number }); getStats(): object; } export declare class ElasticsearchTransport extends AuditTransport { constructor(options: { url: string; index?: string; apiKey?: string; batchSize?: number; flushIntervalMs?: number }); getStats(): object; } export declare class AuditStreamManager { constructor(options?: { transports?: AuditTransport[]; includeMetadata?: boolean; environment?: string }); addTransport(transport: AuditTransport): void; emit(type: string, data?: object): Promise; emitScan(scanResult: ScanResult, context?: object): Promise; emitThreat(threat: Threat, context?: object): Promise; emitBlock(reason: string, context?: object): Promise; flush(): Promise; close(): Promise; getStats(): object; } // ========================================================================= // Immutable Audit Log (v2.1) // ========================================================================= export declare class AuditEntry { id: string; sequence: number; timestamp: string; type: string; data: object; actor: { type: string; id: string; name?: string }; previousHash: string; hash: string; constructor(params: { id: string; timestamp: string; type: string; data: object; actor: { type: string; id: string; name?: string }; previousHash: string; hash: string; sequence: number }); toJSON(): object; } export declare class AuditProof { proofId: string; generatedAt: string; anchorHash: string; entries: AuditEntry[]; startId: string; endId: string; entryCount: number; chainHead: string; proofHash: string; constructor(params: { proofId: string; generatedAt: string; anchorHash: string; entries: AuditEntry[]; startId: string; endId: string; entryCount: number; chainHead: string; proofHash: string }); verify(): { valid: boolean; error: string | null }; toJSON(): object; } export declare class ImmutableAuditLog { constructor(options?: { store?: object; maxEntries?: number; maxAge?: number; archiveCallback?: (entries: AuditEntry[]) => void; genesisHash?: string }); append(type: string, data: object, actor: { type: string; id: string; name?: string }): Promise; verify(): Promise<{ valid: boolean; brokenAt: number | null; totalEntries: number }>; exportProof(startId: string, endId: string): Promise; query(filters?: { type?: string; actorId?: string; since?: string; until?: string }): Promise; export(format?: 'json' | 'csv'): Promise; getStats(): Promise; getChainHead(): Promise; count(): Promise; } // ========================================================================= // Self-Healing (v3.0) // ========================================================================= export declare class SelfHealingEngine { constructor(options?: { maxPatterns?: number; autoApply?: boolean; onHeal?: (patterns: Pattern[]) => void }); reportFalseNegative(attackText: string, metadata?: object): { healed: boolean; patterns: Pattern[]; error?: string }; scan(text: string, options?: object): ScanResult; getPatterns(): Pattern[]; getStats(): object; exportPatterns(): string; reset(): void; } export declare class SelfHealingPatternGenerator { constructor(); generate(attackText: string, options?: { category?: string }): Pattern | null; generateVariants(attackText: string, options?: object): Pattern[]; } // ========================================================================= // Honeypot (v3.0) // ========================================================================= export declare class HoneypotSession { constructor(sessionId: string, metadata?: object); addMessage(text: string, scanResult: ScanResult): void; getSummary(): object; end(): void; } export declare class HoneypotEngine { constructor(options?: { maxSessions?: number; sessionTimeoutMs?: number; responseGenerator?: (text: string) => string; onAttack?: (info: any) => void; enabled?: boolean }); process(text: string, sessionId?: string): { response: string; session: HoneypotSession; scanResult: ScanResult; isAttack: boolean; honeypotActive: boolean }; getIntelligenceReport(): object; getCompletedSessions(): HoneypotSession[]; endAllSessions(): void; getStats(): object; reset(): void; } // ========================================================================= // Multi-Modal (v3.0) // ========================================================================= export declare class ModalityExtractor { constructor(); extractFromImage(imageData: object): Array<{ text: string; source: string }>; extractFromAudio(audioData: object): Array<{ text: string; source: string }>; extractFromPDF(pdfData: object): Array<{ text: string; source: string }>; extractFromToolOutput(toolOutput: object, toolName?: string): Array<{ text: string; source: string }>; } export declare class MultiModalScanner { constructor(options?: { sensitivity?: string; onThreat?: (threat: Threat) => void }); scanImage(imageData: object): ScanResult; scanAudio(audioData: object): ScanResult; scanPDF(pdfData: object): ScanResult; scanToolOutput(toolOutput: object, toolName?: string): ScanResult; scanRaw(modality: string, texts: Array<{ text: string; source: string }>): ScanResult; getStats(): object; } // ========================================================================= // Behavior Profiling (v3.0) // ========================================================================= export declare class BehaviorProfile { constructor(options?: { windowSize?: number; learningPeriod?: number; anomalyThreshold?: number }); record(observation: { responseLength?: number; responseTimeMs?: number; toolsCalled?: string[]; threatScore?: number; topic?: string }): { anomalies: any[]; isLearning: boolean }; getBaseline(): object; getReport(): object; healthCheck(): { normal: boolean; riskLevel: string; concerns: string[] }; reset(): void; } // ========================================================================= // SSO/SAML (v2.1) // ========================================================================= export declare class SSOSession { constructor(identity: object, role: string, permissions: string[], ttl: number); isValid(): boolean; hasPermission(permission: string): boolean; toJSON(): object; } export declare class IdentityMapper { constructor(mappingRules?: Array<{ idpGroup: string; shieldRole: string; permissions: string[] }>); addRule(rule: { idpGroup: string; shieldRole: string; permissions: string[] }): this; mapIdentity(identity: object): { role: string; permissions: string[] }; } export declare class SAMLParser { constructor(); parseAssertion(xml: string): { issuer: string; subject: string; conditions: object; attributes: object; raw: string }; validateAssertion(assertion: object, provider: object): { valid: boolean; errors: string[] }; extractAttributes(assertion: object): { email: string; name: string; groups: string[]; roles: string[]; custom: Record }; buildAuthnRequest(provider: object): string; } export declare class OIDCHandler { constructor(config?: { clientId?: string; issuer?: string; redirectUri?: string }); buildAuthorizationUrl(state: string): string; exchangeCode(code: string): { access_token: string; id_token: string; token_type: string; expires_in: number }; validateIdToken(token: string): { valid: boolean; claims: object; errors: string[] }; getUserInfo(accessToken: string): { sub: string; email: string; name: string; groups: string[] }; } export declare class SSOManager { constructor(config?: { providers?: object[]; defaultRole?: string; sessionTTL?: number; auditLog?: boolean }); registerProvider(provider: object): this; authenticate(providerType: string, assertion: string): SSOSession; mapToRole(identity: object): { role: string; permissions: string[] }; getSession(sessionId: string): SSOSession | null; revokeSession(sessionId: string): boolean; listActiveSessions(): SSOSession[]; getAuditLog(): object[]; } export declare const SSO_DEFAULT_MAPPINGS: Array<{ idpGroup: string; shieldRole: string; permissions: string[] }>; // ========================================================================= // Model Fine-Tuning (v2.1) // ========================================================================= export declare class FineTunedModel { constructor(weights: number[], vocabulary: string[], config: object); predict(text: string): { label: string; confidence: number }; predictBatch(texts: string[]): Array<{ label: string; confidence: number }>; export(): object; static load(json: object): FineTunedModel; getFeatureImportance(topN?: number): Array<{ term: string; weight: number }>; } export declare class DatasetManager { constructor(); addSample(text: string, label: string, metadata?: object): this; addFromScanHistory(scanResults: ScanResult[]): this; augment(): this; split(ratio?: number): { train: any[]; validation: any[]; test: any[] }; getStats(): object; export(): object; } export declare class ModelTrainer { constructor(config?: { learningRate?: number; epochs?: number; batchSize?: number; validationSplit?: number }); train(dataset: Array<{ text: string; label: string }>): FineTunedModel; } export declare class ModelEvaluator { constructor(); evaluate(model: FineTunedModel, testSet: Array<{ text: string; label: string }>): { accuracy: number; precision: number; recall: number; f1: number; confusionMatrix: object; roc_auc: number }; generateReport(): string; } export declare class TrainingPipeline { constructor(options?: { config?: object; datasetManager?: DatasetManager; trainer?: ModelTrainer; evaluator?: ModelEvaluator }); run(dataset: Array<{ text: string; label: string }>): Promise<{ model: FineTunedModel; evaluation: object }>; } // ========================================================================= // Threat Intelligence Network (v3.0) // ========================================================================= export declare class PatternAnonymizer { constructor(level?: 'low' | 'medium' | 'high'); anonymize(pattern: object): object; hashPattern(pattern: object): string; generalize(regex: string): string; stripMetadata(metadata: object): object; addNoise(stats: object, sensitivity?: number, epsilon?: number): object; } export declare class PeerNode { constructor(nodeId: string, config?: { heartbeatIntervalMs?: number; heartbeatTimeoutMs?: number }); connect(peerInfo: object): boolean; send(message: object): boolean; } export declare class ConsensusEngine { constructor(options?: { quorum?: number; votingTimeoutMs?: number }); propose(pattern: object): Promise<{ accepted: boolean; votes: number }>; vote(proposalId: string, accept: boolean): void; } export declare class ThreatFeed { constructor(options?: { maxPatterns?: number; ttlMs?: number }); add(pattern: object): void; getPatterns(): object[]; getRecent(count?: number): object[]; } export declare class ThreatIntelNetwork { constructor(options?: { nodeId?: string; anonymizationLevel?: string; consensusQuorum?: number }); start(): Promise; sharePattern(pattern: object): Promise; getSharedPatterns(): object[]; stop(): void; } export declare const NETWORK_DEFAULTS: object; // ========================================================================= // I18n Patterns (v4.0) // ========================================================================= export declare class I18nPatternManager { constructor(options?: { languages?: string[] }); getPatterns(language?: string): Pattern[]; addPattern(language: string, pattern: Pattern): void; getAllPatterns(): Pattern[]; getSupportedLanguages(): string[]; } export declare const CJK_PATTERNS: Array<{ regex: RegExp; severity: string; category: string; description: string; language: string }>; export declare const ARABIC_PATTERNS: Array<{ regex: RegExp; severity: string; category: string; description: string; language: string }>; export declare const CYRILLIC_PATTERNS: Array<{ regex: RegExp; severity: string; category: string; description: string; language: string }>; export declare const INDIC_PATTERNS: Array<{ regex: RegExp; severity: string; category: string; description: string; language: string }>; export declare const MULTILINGUAL_PATTERNS: any[]; export declare function getI18nPatterns(language?: string): Pattern[]; // ========================================================================= // LLM Red Team Suite (v4.0) // ========================================================================= export declare class AdversarialGenerator { constructor(); generatePayloads(category: string, count?: number): Array<{ payload: string; category: string; technique: string }>; mutate(payload: string): string; chainAttacks(payloads: string[]): Array; generateEvasion(payload: string, technique: string): string; } export declare class JailbreakLibrary { constructor(); getTemplates(category: string): string[]; getCategories(): string[]; addTemplate(category: string, template: string): void; search(keyword: string): string[]; } export declare class EvasionTester { constructor(options?: { sensitivity?: string; mutations?: number }); test(payload: string): { totalMutations: number; detected: number; evaded: number; evasionRate: string; evasions: Array<{ mutation: string; text: string }> }; } export declare class LLMRedTeamSuite { constructor(options?: { sensitivity?: string }); runAll(): object; runCategory(category: string): object; generateReport(): object; formatReport(): string; } export declare const JAILBREAK_TEMPLATES: Record; export declare const MUTATION_TECHNIQUES: string[]; // ========================================================================= // Agent Protocol (v5.0) // ========================================================================= export declare class ProtocolMessage { constructor(type: string, payload: any, senderId: string, sequenceNum: number); serialize(): string; static deserialize(raw: string): ProtocolMessage; isExpired(timeout: number): boolean; static TYPES: string[]; } export declare class AgentIdentity { constructor(agentId: string, capabilities?: string[], metadata?: object); sign(secretKey: string): string; verify(signature: string, secretKey: string): boolean; hasCapability(cap: string): boolean; toJSON(): object; static fromJSON(json: object): AgentIdentity; static TRUST_LEVELS: string[]; } export declare class SecureChannel { constructor(localIdentity: AgentIdentity, remoteIdentity: AgentIdentity, sharedSecret: string); send(payload: any, type?: string): string; receive(encrypted: string): { valid: boolean; message?: ProtocolMessage; error?: string }; getStats(): object; } export declare class HandshakeManager { constructor(options?: { timeoutMs?: number }); initiate(localIdentity: AgentIdentity, remoteIdentity: AgentIdentity): { challenge: string; sessionId: string }; respond(challenge: string, identity: AgentIdentity): { response: string; sessionId: string }; verify(response: string, sessionId: string): { valid: boolean; channel?: SecureChannel }; } export declare class MessageRouter { constructor(); register(agentId: string, handler: (message: ProtocolMessage) => void): void; unregister(agentId: string): void; route(message: ProtocolMessage): boolean; broadcast(message: ProtocolMessage, exclude?: string[]): number; } export declare class AgentProtocol { constructor(options?: { identity?: AgentIdentity; secret?: string }); connect(remoteIdentity: AgentIdentity): SecureChannel; listen(handler: (message: ProtocolMessage, channel: SecureChannel) => void): void; getConnections(): object[]; } export declare const PROTOCOL_VERSION: string; // ========================================================================= // Policy DSL (v5.0) // ========================================================================= export declare class PolicyParser { constructor(); tokenize(source: string): Array<{ type: string; value: string; line: number; col: number }>; parse(tokens: any[]): { type: string; policies: any[] }; } export declare class PolicyCompiler { constructor(); compile(ast: object): { execute: (context: object) => object }; } export declare class PolicyRuntime { constructor(options?: { builtins?: Record }); load(source: string): void; evaluate(context: object): { allowed: boolean; violations: string[]; actions: string[] }; } export declare class PolicyValidator { constructor(); validate(source: string): { valid: boolean; errors: string[]; warnings: string[] }; } export declare class PolicyDSL { constructor(options?: { source?: string; strict?: boolean }); load(source: string): void; evaluate(context: object): { allowed: boolean; violations: string[]; actions: string[] }; validate(): { valid: boolean; errors: string[]; warnings: string[] }; } export declare const DSL_BUILTINS: Record; export declare const EXAMPLE_STRICT_POLICY: string; export declare const EXAMPLE_PERMISSIVE_POLICY: string; export declare const EXAMPLE_CUSTOM_RULES_POLICY: string; // ========================================================================= // Fuzzing Harness (v5.0) // ========================================================================= export declare class InputGenerator { constructor(options?: { seed?: number }); generate(count?: number): string[]; generateFromGrammar(grammar?: object): string; } export declare class FuzzMutationEngine { constructor(options?: { seed?: number }); mutate(input: string): string; } export declare class CoverageTracker { constructor(); record(input: string, result: ScanResult): void; getCoverage(): { categories: string[]; patterns: number; totalInputs: number; coverageRate: string }; getUncovered(): string[]; } export declare class FuzzReport { constructor(results: any[]); getSummary(): { total: number; crashes: number; uniqueFindings: number; coverageRate: string }; format(): string; } export declare class CrashCollector { constructor(options?: { maxCrashes?: number }); record(input: string, error: Error): void; getCrashes(): Array<{ input: string; error: string; timestamp: number }>; deduplicate(): Array<{ input: string; error: string; count: number }>; } export declare class FuzzingHarness { constructor(options?: { iterations?: number; seed?: number; timeoutMs?: number; scanFn?: (text: string) => ScanResult }); run(options?: { iterations?: number }): FuzzReport; getResults(): any[]; getCoverage(): object; } export declare const SEED_CORPUS: string[]; // ========================================================================= // Model Fingerprinting (v5.0) // ========================================================================= export declare class ResponseAnalyzer { constructor(); analyze(text: string): { features: Record; wordCount: number; sentenceCount: number }; } export declare class StyleProfile { constructor(samples?: string[]); addSample(text: string): void; getProfile(): { mean: Record; stddev: Record; sampleCount: number }; similarity(other: StyleProfile): number; } export declare class FingerprintDatabase { constructor(); register(name: string, profile: StyleProfile): void; identify(text: string): Array<{ name: string; similarity: number }>; list(): string[]; } export declare class SupplyChainDetector { constructor(options?: { database?: FingerprintDatabase }); check(text: string, expectedModel?: string): { match: boolean; detectedModel: string; confidence: number; warning?: string }; } export declare class ModelFingerprinter { constructor(options?: { database?: FingerprintDatabase }); fingerprint(text: string): { profile: object; bestMatch: { name: string; similarity: number } | null }; register(name: string, samples: string[]): void; identify(text: string): Array<{ name: string; similarity: number }>; } export declare const MODEL_SIGNATURES: Record; stddev: Record }>; // ========================================================================= // Cost/Latency Optimizer (v5.0) // ========================================================================= export declare class ScanPlan { constructor(tier: string, config?: { costPerStep?: number; description?: string }); addStep(name: string, config?: { timeout?: number; cost?: number; required?: boolean; type?: string }): this; getEstimatedLatency(): number; getEstimatedCost(): number; getSteps(): object[]; toJSON(): object; } export declare class TierManager { constructor(); defineTier(name: string, config: object): void; getTier(name: string): object | null; listTiers(): string[]; } export declare class LatencyBudget { constructor(options?: { budgetMs?: number; overheadMs?: number }); allocate(stepName: string, estimatedMs: number): { allowed: boolean; allocated: number; remaining: number }; isExhausted(): boolean; reset(): void; } export declare class AdaptiveScanner { constructor(options?: ShieldOptions & { tiers?: Record; defaultTier?: string }); scan(text: string, options?: { tier?: string; budgetMs?: number }): ScanResult; selectTier(text: string): string; getStats(): object; } export declare class PerformanceMonitor { constructor(options?: { windowMs?: number; maxSamples?: number }); record(durationMs: number, tier: string): void; getPercentiles(): { p50: number; p95: number; p99: number; mean: number }; getTierBreakdown(): Record; } export declare class CostOptimizer { constructor(options?: { budgetPerMinute?: number; latencyTargetMs?: number }); optimize(text: string, shield: AgentShield): ScanResult; getRecommendations(): Array<{ action: string; reason: string; impact: string }>; getStats(): object; } export declare const OPTIMIZATION_PRESETS: Record; // ========================================================================= // Worker Scanner (additional) // ========================================================================= export declare class ThreadedWorkerScanner { constructor(options?: { poolSize?: number; timeout?: number }); scan(text: string, options?: object): Promise; scanBatch(texts: string[], options?: object): Promise; getStats(): { activeWorkers: number; queuedJobs: number; completed: number; errors: number; poolSize: number; terminated: boolean }; terminate(): void; } // ========================================================================= // v7.0 — MCP Security Runtime // ========================================================================= export interface MCPSecurityRuntimeOptions { signingKey?: string; enforceAuth?: boolean; enableBehaviorMonitoring?: boolean; enableStateMachine?: boolean; maxSessionsPerUser?: number; maxDelegationDepth?: number; sessionTtlMs?: number; maxToolCallsPerMinute?: number; maxAuditEntries?: number; allowedTools?: string[]; blockedTools?: string[]; policies?: any[]; onThreat?: (event: any) => void; onBlock?: (event: any) => void; onAudit?: (event: any) => void; } export interface SecureToolCallResult { allowed: boolean; threats: Threat[]; violations: Array<{ type: string; message: string; tool?: string }>; anomalies: any[]; token: { tokenId: string; token: string; expiresAt: number; scopes: string[] } | null; reason?: string; sanitizedArgs?: any; } export interface MCPSessionInfo { sessionId: string; authCtx: AuthorizationContext; } export declare class MCPSecurityRuntime { stats: { sessionsCreated: number; toolCallsProcessed: number; toolCallsBlocked: number; threatsDetected: number; authFailures: number; behaviorAnomalies: number; stateViolations: number; }; constructor(options?: MCPSecurityRuntimeOptions); createSession(params: { userId: string; agentId: string; roles?: string[]; scopes?: string[]; intent?: string; maxToolCalls?: number; maxTokenBudget?: number; allowedTools?: string[] }): MCPSessionInfo; terminateSession(sessionId: string): boolean; secureToolCall(sessionId: string, toolName: string, args?: any): SecureToolCallResult; secureToolResult(sessionId: string, toolName: string, result: any): { safe: boolean; threats: Threat[]; sanitizedResult?: any }; secureResource(uri: string, content: string, mimeType?: string): { safe: boolean; threats: Threat[] }; registerTool(toolName: string, requirements?: { scopes?: string[]; roles?: string[]; requiresHumanApproval?: boolean; allowedIntents?: string[] }): void; addPolicy(rule: any): void; delegateSession(sessionId: string, delegateAgentId: string, delegateScopes?: string[]): MCPSessionInfo; createMiddleware(): { createSession(params: any): MCPSessionInfo; onToolCall(sessionId: string, toolName: string, args: any): SecureToolCallResult; onToolResult(sessionId: string, toolName: string, result: any): { safe: boolean; threats: Threat[] }; onResourceAccess(uri: string, content: string, mimeType: string): { safe: boolean; threats: Threat[] }; terminateSession(sessionId: string): boolean; getStats(): any; }; getReport(): any; getAuditLog(limit?: number): any[]; getBehaviorProfile(userId: string): any | null; shutdown(): void; } export declare class MCPSessionStateMachine { sessionId: string; state: string; transitions: Array<{ from: string; to: string; timestamp: number }>; constructor(sessionId: string); transition(newState: string): { allowed: boolean; from: string; to: string; reason?: string }; isTerminated(): boolean; } export declare const SESSION_STATES: Readonly>; // ========================================================================= // v7.0 — MCP Certification & Trust // ========================================================================= export interface CertificationResult { certified: boolean; level: string; score: number; badge: string; timestamp: number; results: Array<{ id: string; name: string; category: string; severity: string; passed: boolean; description: string }>; recommendations: Array<{ id: string; priority: string; action: string }>; summary: { total: number; passed: number; failed: number; criticalFailures: number }; } export declare class MCPCertification { static evaluate(config: any): CertificationResult; static formatReport(evaluation: CertificationResult): string; } export declare class AgentThreatIntelligence { stats: { patternsLearned: number; attacksObserved: number; trendsGenerated: number }; constructor(options?: { maxPatterns?: number; decayHalfLifeMs?: number; minConfidence?: number }); recordAttack(attack: { category: string; pattern: string; source?: string; context?: any; blocked?: boolean }): { patternId: string; isNew: boolean; confidence: number }; checkAgainstIntel(input: string): { matches: any[]; riskScore: number }; getTrends(windowMs?: number): { topCategories: any[]; attackRate: number; trendDirection: string; bypassRate: number; totalObserved: number }; exportCorpus(): any; importCorpus(corpus: any): { imported: number; merged: number; skipped: number }; } export declare class CrossOrgAgentTrust { stats: { issued: number; verified: number; rejected: number; revoked: number }; constructor(options: { orgId: string; signingKey: string; certificateTtlMs?: number; maxCertificates?: number }); issueCertificate(params: { agentId: string; capabilities?: string[]; allowedOrgs?: string[]; trustLevel?: number }): any; verifyCertificate(certificate: any): { valid: boolean; reason?: string; trustLevel: number }; revokeCertificate(certId: string): boolean; trustOrganization(orgId: string, publicKey: string, trustLevel?: number): void; untrustOrganization(orgId: string): void; getTrustReport(): any; } export declare const MCP_THREAT_CATEGORIES: Readonly>; export declare const CERTIFICATION_REQUIREMENTS: ReadonlyArray<{ id: string; name: string; category: string; severity: string; description: string }>; export declare const CERTIFICATION_LEVELS: Readonly>; // ========================================================================= // v7.0 — Authorization Context (enhanced) // ========================================================================= export declare class AuthorizationContext { contextId: string; userId: string; agentId: string; roles: readonly string[]; scopes: readonly string[]; intent: string | null; createdAt: number; expiresAt: number; parentContextId: string | null; delegationDepth: number; constructor(params: { userId: string; agentId: string; roles?: string[]; scopes?: string[]; intent?: string; ttlMs?: number; parentContextId?: string; signingKey?: string }); isExpired(): boolean; hasScope(scope: string): boolean; hasRole(role: string): boolean; delegate(delegateAgentId: string, delegateScopes?: string[]): AuthorizationContext; verify(): boolean; } export declare class EphemeralTokenManager { constructor(options?: { tokenTtlMs?: number; maxTokensPerUser?: number; rotationWindowMs?: number; signingKey?: string }); issueToken(authCtx: AuthorizationContext, scopes?: string[]): { tokenId: string; token: string; expiresAt: number; scopes: string[] }; validateToken(tokenId: string): { valid: boolean; reason: string | null; userId: string | null; scopes: string[] }; rotateToken(tokenId: string, authCtx: AuthorizationContext): any; revokeToken(tokenId: string): void; startCleanup(intervalMs?: number): void; stopCleanup(): void; getStats(): { issued: number; rotated: number; revoked: number; expired: number; validated: number }; } export declare class IntentValidator { constructor(options?: any); addPolicy(policy: { tool: string; requiredScopes?: string[]; requiredRoles?: string[]; allowedIntents?: string[]; requiresHumanApproval?: boolean }): void; validateAction(toolName: string, args: any, authCtx: AuthorizationContext): { allowed: boolean; violations: any[]; requiresApproval: boolean }; getAuditLog(limit?: number): any[]; } export declare class ConfusedDeputyGuard { stats: { checked: number; allowed: number; denied: number; escalations: number }; constructor(options?: { enforceContext?: boolean; logOnly?: boolean; signingKey?: string }); registerTool(toolName: string, requirements?: { scopes?: string[]; roles?: string[]; requiresHumanApproval?: boolean }): void; wrapToolCall(toolName: string, args: any, authCtx?: AuthorizationContext): { allowed: boolean; violations: any[]; requiresApproval: boolean; token: any | null }; getStats(): any; getAuditLog(limit?: number): any[]; } // ========================================================================= // v7.2 — IPIA Detector // ========================================================================= export interface IPIAResult { isInjection: boolean; confidence: number; severity: 'critical' | 'high' | 'medium' | 'low'; reason: string; features: Record; source: string; metadata: any | null; patternScan: any | null; timestamp: number; } export interface EmbeddingBackend { embed(text: string): Promise; similarity?(a: number[], b: number[]): number; } export interface IPIADetectorOptions { threshold?: number; separator?: string; embeddingBackend?: EmbeddingBackend; usePatternScan?: boolean; maxContentLength?: number; maxIntentLength?: number; enabled?: boolean; } export declare class IPIADetector { threshold: number; enabled: boolean; constructor(options?: IPIADetectorOptions); scan(externalContent: string, userIntent: string, options?: { source?: string; metadata?: any }): IPIAResult; scanAsync(externalContent: string, userIntent: string, options?: { source?: string; metadata?: any }): Promise; scanBatch(contentItems: string[], userIntent: string, options?: { source?: string; metadata?: any }): { results: IPIAResult[]; summary: { total: number; blocked: number; safe: number; maxConfidence: number } }; getStats(): { total: number; blocked: number; safe: number; blockRate: string }; setThreshold(threshold: number): void; } export declare class ContextConstructor { constructor(options?: { separator?: string; maxContentLength?: number; maxIntentLength?: number }); build(externalContent: string, userIntent: string): { joint: string; content: string; intent: string }; } export declare class FeatureExtractor { extract(ctx: { joint: string; content: string; intent: string }): { features: number[]; featureMap: Record }; } export declare class TreeClassifier { threshold: number; constructor(options?: { threshold?: number }); classify(features: number[], featureMap: Record): { isInjection: boolean; confidence: number; reason: string }; } export declare class ExternalEmbedder { constructor(backend: EmbeddingBackend); static defaultSimilarity(a: number[], b: number[]): number; extractCosineFeatures(ctx: { joint: string; content: string; intent: string }): Promise<{ cosine_intent_content: number; cosine_joint_intent: number; cosine_joint_content: number }>; } export declare function createIPIAScanner(options?: IPIADetectorOptions): (content: string, intent: string, options?: any) => IPIAResult; export declare function ipiaMiddleware(options?: { contentField?: string; intentField?: string; action?: 'block' | 'flag' | 'log'; threshold?: number }): (req: any, res: any, next: any) => void; export declare const IPIA_FEATURE_NAMES: string[]; export declare const IPIA_INJECTION_LEXICON: Record; // ========================================================================= // v10-v11: MCP Guard // ========================================================================= export declare class MCPGuard { constructor(options?: { requireAuth?: boolean; allowedIssuers?: string[]; requiredScopes?: string[]; rateLimit?: number; cbThreshold?: number; cbCooldownMs?: number; baselineWindow?: number; zThreshold?: number; onAlert?: (alert: any) => void; scanner?: (text: string) => any; enableMicroModel?: boolean; enableIntentGraph?: boolean; enableIsolation?: boolean; enableIntentBinding?: boolean; enableAttackSurface?: boolean; enableDriftMonitor?: boolean; enableOWASP?: boolean; signingKey?: string; model?: string; }); registerServer(serverId: string, toolDefinitions: any, authToken?: any): { allowed: boolean; attestation: any; auth: any; threats: any[] }; interceptToolCall(serverId: string, toolName: string, args: any): { allowed: boolean; threats: any[]; anomalies: any[] }; interceptToolOutput(serverId: string, toolName: string, output: any, responseTimeMs?: number): { safe: boolean; threats: any[]; anomalies: any[] }; setUserIntent(intentText: string): { intentHash: string | null; allowedActions: string[] }; detectAttackChains(): { chains: any[]; riskLevel: string }; registerAgent(agentId: string, metadata?: { model?: string; servers?: string[]; capabilities?: string[]; owner?: string }): { agentId: string; riskProfile: any; registered: boolean }; recordAgentActivity(agentId: string, hadThreat: boolean): void; getFleetStatus(): { totalAgents: number; highRiskAgents: number; agents: any[]; fleetRiskLevel: string }; getSecurityPosture(): { securityScore: number; grade: string; activeLayers: number; totalLayers: number; layerCoverage: string; layers: any; servers: any; chainAnalysis: any; timestamp: number }; measureDefenseEffectiveness(): { effectiveness: any; totalAttacks: number; recommendation: string }; getReport(): any; getAuditLog(): any[]; resetCircuitBreaker(serverId: string): void; } export declare class ServerAttestation { attest(serverId: string, toolDefinitions: any): { trusted: boolean; hash: string; changed: boolean; alert: any | null }; update(serverId: string, toolDefinitions: any): void; get(serverId: string): any | null; getAlerts(): any[]; clearAlerts(): void; } export declare class CrossServerIsolation { registerServer(serverId: string, toolNames: string[]): void; validate(callingServerId: string, toolName: string, args: any): { allowed: boolean; violation: any | null }; getOwner(toolName: string): string | null; } export declare class OAuthEnforcer { constructor(options?: { required?: boolean; allowedIssuers?: string[]; requiredScopes?: string[]; clockSkewMs?: number }); validate(token: any | null): { authenticated: boolean; reason: string | null }; } export declare class ToolBehaviorBaseline { constructor(options?: { windowSize?: number; zThreshold?: number }); record(toolName: string, observation?: { argLength?: number; responseTimeMs?: number; isError?: boolean }): { anomalies: any[] }; getBaseline(toolName: string): any | null; } // ========================================================================= // v10-v11: Supply Chain Scanner // ========================================================================= export declare class SupplyChainScanner { constructor(options?: { knownBadServers?: any; cveRegistry?: any; enableMicroModel?: boolean }); fingerprintServer(server: any): string; scanServer(server: { name: string; tools: any[] }, context?: { previousFingerprint?: string; auth?: any; configFiles?: any[] }): { server: string; status: string; score: number; highestSeverity: string; summary: any; findings: any[]; recommendations: string[]; generatedAt: number }; scanMultiple(servers: any[]): { serverCount: number; totalFindings: number; worstScore: number; reports: any[] }; toSARIF(report: any): any; toMarkdown(report: any): string; getCIExitCode(report: any, options?: { failOn?: string }): { exitCode: number; reason: string }; enforce(server: any, options?: { failOn?: string; context?: any }): any; } export declare const KNOWN_BAD_SERVERS: Record; export declare const CVE_REGISTRY: Record>; // ========================================================================= // v10-v11: OWASP Agentic Scanner // ========================================================================= export declare class OWASPAgenticScanner { constructor(options?: { failThreshold?: number }); scan(input: string | any): { score: number; exitCode: number; status: string; findings: any[]; summary: any; risks: any[] }; scanBatch(inputs: Array): { inputCount: number; score: number; exitCode: number; status: string; findings: any[]; summary: any; riskCounts: any }; toJSON(scanResult: any): string; toMarkdown(scanResult: any): string; toSARIF(scanResult: any): any; } export declare const OWASP_AGENTIC_2026: ReadonlyArray<{ id: string; name: string; severity: string; description: string; patterns: RegExp[]; remediation: string }>; // ========================================================================= // v10-v11: Red Team CLI // ========================================================================= export declare class RedTeamCLI { constructor(options?: { scanFn?: (text: string) => any; enableMicroModel?: boolean }); run(endpoint: string, options?: { mode?: 'quick' | 'standard' | 'full'; compareWith?: any; serverName?: string; tools?: any[] }): any; writeReports(report: any, outputDir?: string): { jsonPath: string; mdPath: string; htmlPath: string }; toMarkdown(report: any): string; toHTML(report: any): string; } export declare const REDTEAM_MODES: Readonly<{ quick: 50; standard: 200; full: 617 }>; // ========================================================================= // v10-v11: Drift Monitor // ========================================================================= export declare class DriftMonitor { constructor(options?: { windowSize?: number; alertThreshold?: number; klThreshold?: number; enableCircuitBreaker?: boolean; circuitBreaker?: any; prometheus?: any; metrics?: any; onAlert?: (alert: any) => void }); observe(event: { callFreq?: number; responseLength?: number; errorRate?: number; timingMs?: number; topic?: string }): { alert: boolean; zScores?: any; klDivergence?: number; maxZScore?: number; learning?: boolean; baselineReady?: boolean }; rebuildBaseline(): void; getPeriodicSummary(): any; getAlertHistory(): any[]; reset(): void; } // ========================================================================= // v10-v11: Micro Model // ========================================================================= export declare class MicroModel { corpus: Array<{ text: string; category: string; severity: string; source: string }>; constructor(options?: { threshold?: number; k?: number; ensembleWeight?: number; additionalCorpus?: any[]; skipTraining?: boolean }); classify(text: string): { threat: boolean; category: string; severity: string; confidence: number; method: string; logisticScore: any; topMatches: any[] }; scan(text: string): { threats: any[]; severity: string; status: string }; addSamples(samples: Array<{ text: string; category: string; severity: string; source: string }>): void; getStats(): { classified: number; threats: number; benign: number; corpusSize: number; categories: string[]; threatRate: number }; getCategoryCounts(): Record; } export declare class LogisticClassifier { constructor(categories: string[], featureCount: number, options?: { learningRate?: number; epochs?: number; l2?: number; precomputedWeights?: any }); train(data: Array<{ features: number[]; category: string }>): void; predict(features: number[]): { category: string; confidence: number; scores: Record }; getWeights(): any; } export declare function extractFeatures(text: string): number[]; export declare function shannonEntropy(text: string): number; // ========================================================================= // v11: Self-Training // ========================================================================= export declare class SelfTrainer { constructor(options?: { scanFn?: (text: string) => any; microModel?: MicroModel; maxRoundsPerCycle?: number }); runCycle(seedAttacks: Array<{ text: string; category: string; severity: string }>): { bypasses: number; mutations: number; newSamples: number; bypassRate: number }; applyToModel(): number; getBypasses(): any[]; getStats(): any; exportSamples(): any[]; reset(): void; } export declare class MutationEngine { mutate(text: string): Array<{ text: string; strategy: string }>; } export declare class AutonomousHardener { constructor(options: { microModel: MicroModel; scanFn?: (text: string) => any; intervalMs?: number; persistPath?: string; maxCorpusGrowth?: number; maxFPRate?: number; fpTestSet?: string[]; seedAttacks?: any[]; onCycleComplete?: (result: any) => void }); start(): void; stop(): void; runOnce(): any; getHistory(): any[]; getStatus(): { running: boolean; totalCycles: number; totalSamplesAdded: number; currentCorpusSize: number; growthRemaining: number; lastCycle: any | null }; } // ========================================================================= // v11: Intent Graph // ========================================================================= export declare class IntentGraph { constructor(options?: { similarityThreshold?: number; maxNodes?: number }); setIntent(intentText: string): { nodeId: number; topics: Set }; recordToolCall(toolName: string, args: any, reason?: string): { nodeId: number; causalScore: number; suspicious: boolean; violations: any[] }; recordToolOutput(toolName: string, output: any): { nodeId: number }; getChain(): any[]; getAnomalies(): any[]; getRiskAssessment(): { riskLevel: string; score: number; anomalyCount: number; chainLength: number }; reset(): void; } // ========================================================================= // v11: Semantic Isolation // ========================================================================= export type Provenance = 'system' | 'user' | 'tool_output' | 'rag_chunk' | 'agent_message' | 'untrusted'; export declare class TaggedContent { text: string; provenance: Provenance; trustLevel: number; threats: any[]; sanitized: boolean; constructor(text: string, provenance: Provenance, metadata?: any); isTrusted(requiredLevel: number): boolean; } export declare class IsolationPolicy { constructor(rules?: any); check(content: TaggedContent, action: string): { allowed: boolean; reason: string | null }; } export declare class SemanticIsolationEngine { constructor(options?: { policy?: IsolationPolicy; scanUntrusted?: boolean; stripInstructionsFromUntrusted?: boolean }); tag(text: string, provenance: Provenance, metadata?: any): TaggedContent; validateAction(content: TaggedContent, action: string): { allowed: boolean; reason: string | null; threats: any[] }; buildContext(): { messages: any[]; blocked: any[] }; getStats(): any; reset(): void; } export declare const ISOLATION_PROVENANCE: Readonly<{ SYSTEM: 'system'; USER: 'user'; TOOL_OUTPUT: 'tool_output'; RAG_CHUNK: 'rag_chunk'; AGENT_MESSAGE: 'agent_message'; UNTRUSTED: 'untrusted' }>; export declare const TRUST_LEVELS: Readonly>; // ========================================================================= // v11: Intent Binding // ========================================================================= export declare class IntentBinder { constructor(options?: { signingKey?: string; tokenTtlMs?: number; maxActionsPerIntent?: number; singleUseTokens?: boolean }); bindIntent(intentText: string, metadata?: any): { intentHash: string; allowedActions: string[] }; issueToken(intentHash: string, action: string, scope?: string): { token: IntentToken | null; error: string | null }; verify(token: IntentToken): { valid: boolean; reason: string | null }; revokeIntent(intentHash: string): boolean; purgeExpired(): void; getStats(): any; getAuditLog(): any[]; } export declare class IntentToken { intentHash: string; action: string; scope: string; signature: string; createdAt: number; expiresAt: number; used: boolean; isExpired(): boolean; } // ========================================================================= // v11: Attack Surface Mapper // ========================================================================= export declare class AttackSurfaceMapper { constructor(options?: { maxChainDepth?: number }); map(config: { tools: any[]; mcpServers?: any[]; systemPrompt?: string; permissions?: any; model?: string }): { summary: { toolCount: number; serverCount: number; capabilityCount: number; attackPathCount: number; criticalPaths: number; overallRiskScore: number; riskLevel: string }; capabilities: Record; attackPaths: any[]; promptRisks: any; serverRisks: any[]; permissionGaps: any[]; recommendations: Array<{ priority: string; action: string }>; }; } export declare const CAPABILITY_RISK: Record; export declare const CAPABILITY_PATTERNS: Record; // ========================================================================= // v11: Prompt Hardening // ========================================================================= export declare class PromptHardener { constructor(options?: { level?: 'minimal' | 'standard' | 'strong' | 'paranoid'; hardenSystemPrompt?: boolean; wrapUserInput?: boolean; wrapToolOutput?: boolean; wrapRAGChunks?: boolean }); hardenSystem(systemPrompt: string): string; wrap(text: string, source?: 'user' | 'tool_output' | 'rag_chunk' | 'agent_message'): string; hardenConversation(messages: Array<{ role: string; content: string; source?: string }>): Array<{ role: string; content: string }>; getStats(): { hardened: number; systemPromptsHardened: number; inputsWrapped: number; toolOutputsWrapped: number }; } export declare const DEFENSIVE_TEMPLATES: Record; export declare const SYSTEM_PROMPT_HARDENING: Record; // ========================================================================= // v11: Message Integrity // ========================================================================= export declare class MessageIntegrityChain { constructor(options?: { signingKey?: string; algorithm?: string }); addMessage(role: string, content: string): { index: number; signature: string }; verifyChain(): { valid: boolean; tampered: any[] }; verifyMessage(index: number): { valid: boolean; reason: string | null }; detectRoleViolations(rolePolicy?: any): any[]; export(): { chain: any[]; chainLength: number; lastSignature: string | null; exportedAt: number }; import(data: any): { valid: boolean; imported: number; tampered: any[] }; getStats(): any; } // ========================================================================= // v11: Continuous Security Service // ========================================================================= export declare class ContinuousSecurityService { constructor(options: { guard: MCPGuard; hardener?: AutonomousHardener; postureScanIntervalMs?: number; hardeningIntervalMs?: number; defenseCheckIntervalMs?: number; onPostureChange?: (entry: any) => void; onAlert?: (alert: any) => void }); start(): void; stop(): void; getStatus(): any; getReport(): { currentScore: number | null; currentGrade: string | null; scoreHistory: number[]; scoreTrend: string; totalPostureScans: number; totalDefenseChecks: number; totalAlerts: number; timestamp: number }; runPostureScan(): any; runDefenseCheck(): any; } // ========================================================================= // v11: SOTA Benchmark // ========================================================================= export declare class SOTABenchmark { constructor(options?: { scanFn?: (text: string) => any; microModel?: MicroModel }); runAll(): { aggregate: { precision: number; recall: number; f1: number; accuracy: number; fpr: number; tp: number; fp: number; tn: number; fn: number; totalSamples: number }; benchmarks: Record; functional: any; comparison: { sentinel_f1: number; sentinel_accuracy: number; agentshield_f1: number; agentshield_accuracy: number; delta_f1: number; delta_accuracy: number }; timestamp: number }; runBIPIA(): any; runHackAPrompt(): any; runMCPTox(): any; runMultilingual(): any; runStealth(): any; runFunctional(): any; toMarkdown(results: any): string; }