feat(js): Guard v0.8 feature parity - config, rules, registry, history, CLI#22
Merged
feat(js): Guard v0.8 feature parity - config, rules, registry, history, CLI#22
Conversation
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
AgentSeal
force-pushed
the
dev/js-guard-v08
branch
from
b27bc2d to
2d42c59
Compare
Guard.run() now integrates all v0.8 modules: - Project config resolution (.agentseal.yaml) - Custom YAML rule engine evaluation on skills, MCPs, agents - Registry enrichment via agentseal.org bulk-check API - History save + delta computation via SQLite - Unlisted agent/MCP findings (GUARD-001, GUARD-002) - ignore_paths filtering before skill scanning - ignore_findings filtering after scanning - fromJson early return for loading saved reports Guard.run() is now async (returns Promise<GuardReport>). New GuardOptions: config, noRegistry, noDiff, rulesPaths, fromJson, failOn. Existing guard tests updated to await the async run().
AgentSeal
force-pushed
the
dev/js-guard-v08
branch
from
2d42c59 to
f27f7b0
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Full JS/TS feature parity with Python Guard v0.8. After this,
npx agentseal guardworks the same as the Python CLI.Four new modules built from scratch: project-config for .agentseal.yaml loading and validation with directory walk-up resolution, registry-client for trust score enrichment from agentseal.org with Cloudflare-compatible User-Agent, rules engine for YAML community rules with glob matching and inline self-tests, and history store backed by better-sqlite3 for delta scanning between runs.
Security hardening ported from Python: 80+ TR39 confusable character mappings to catch homoglyph attacks, HTML entity decoding, 2-pass deobfuscation pipeline, 12 canonical seed hashes in the blocklist with union-on-load to prevent seed loss, 5 new supply chain checks for bunx/deno/docker/pip/go unpinned packages, URL and headers added to baseline fingerprints so endpoint swaps get detected, and 3 markdown image exfiltration patterns.
The guard CLI command supports all the flags from Python: --fail-on for CI exit code control, --rules for custom YAML rules, --config for explicit project config, --from-json to re-render saved reports, --no-registry and --no-diff for offline/fast mode, --reset-baselines, and terminal/json/sarif output formats. Guard init generates a starter .agentseal.yaml and guard test validates custom rules.
better-sqlite3 is an optional dependency. If it fails to install (no native toolchain), history and delta features silently disable. Everything else works.
8 commits, 942 tests (38 files), triple-verified, clean build.