/** * Grader Agent - SLOP Native * * Intelligent scoring and attack chain analysis. * Takes findings from Scanner, calculates risk scores, maps attack chains. * * Tools: * - grade-finding: Score a single finding * - grade-batch: Score multiple findings * - map-chain: Map attack chains between findings * - calculate-risk: Calculate overall repository risk score * - get-exploitability: Get exploitability score for a finding */ import { SLOPAgent } from './base.js'; import { SLOPAgentConfig, SLOPToolCall, SLOPToolResult, Finding } from './types.js'; export interface GradedFinding { finding: Finding; score: number; exploitability: ExploitabilityScore; impact: ImpactScore; chainPotential: number; priority: number; reasoning: string; recommendations: string[]; } export interface ExploitabilityScore { attackVector: 'network' | 'adjacent' | 'local' | 'physical'; attackComplexity: 'low' | 'high'; privilegesRequired: 'none' | 'low' | 'high'; userInteraction: 'none' | 'required'; score: number; } export interface ImpactScore { confidentiality: 'none' | 'low' | 'high'; integrity: 'none' | 'low' | 'high'; availability: 'none' | 'low' | 'high'; scope: 'unchanged' | 'changed'; score: number; } export interface AttackChain { id: string; name: string; description: string; findings: string[]; totalScore: number; likelihood: number; impact: 'critical' | 'high' | 'medium' | 'low'; steps: AttackStep[]; } export interface AttackStep { order: number; findingId: string; action: string; outcome: string; requiresPrevious: boolean; } export interface RiskReport { overallScore: number; grade: 'A' | 'B' | 'C' | 'D' | 'F'; findings: { total: number; critical: number; high: number; medium: number; low: number; }; topRisks: GradedFinding[]; attackChains: AttackChain[]; recommendations: string[]; summary: string; } export declare class GraderAgent extends SLOPAgent { private gradingCache; constructor(config: SLOPAgentConfig); handleToolCall(call: SLOPToolCall): Promise; /** * Grade a single finding */ private gradeFinding; /** * Grade multiple findings */ private gradeBatch; /** * Map attack chains between findings */ private mapChains; /** * Calculate overall repository risk */ private calculateRisk; /** * Get exploitability score for a finding */ private getExploitability; /** * Prioritize findings for fixing */ private prioritize; private calculateExploitability; private calculateImpact; private calculateChainPotential; private calculatePriority; private severityToScore; private scoreToGrade; private generateReasoning; private generateRecommendations; private calculateChainScore; private getActionForFinding; private getOutcomeForFinding; private findFileProximityChains; private estimateEffort; private generateOverallRecommendations; private generateSummary; } export declare function createGraderAgent(port?: number, coordinatorUrl?: string): GraderAgent;