registry  /  @adonis-agora/agent  /  0.2.0

@adonis-agora/agent@0.2.0

Governed, durable-backed AI agent (chat + tool-calling + governance) for AdonisJS — part of the Agora ecosystem.

AI Security Review

scanned 2h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
No blocking static signals were detected.
Trigger
User runs `node ace configure @adonis-agora/agent` or boots an Adonis app configured with this provider.
Impact
Can add agent routes, migrations, and execute project-authored tool modules in the host application.
Mechanism
Explicit framework configuration and project-local agent-tool discovery.
Rationale
Source inspection found a policy-relevant explicit agent setup path, but no concrete malicious chain, credential exfiltration, remote payload execution, or install-time mutation. Downgrade to warn for the explicit agent configuration capability rather than block.
Evidence
package.jsondist/configure.jsdist/providers/agent_provider.jsdist/src/tool-discovery.jsdist/src/hooks/tools.jsdist/stubs/config/agent.stubadonisrc.tsconfig/agent.tsdatabase/migrations/<timestamp>_create_agent_tables.tsdatabase/migrations/<timestamp>_create_agent_run_tracking.tsdatabase/migrations/<timestamp>_create_agent_rag_chunks.ts.adonisjs/agent/tools.tsapp/agent_tools

Decision evidence

public snapshot
AI called this Suspicious at 90.0% confidence as Benign with high false-positive risk.
Evidence for warning
  • `dist/configure.js` explicitly updates `adonisrc.ts` and publishes agent config/migration stubs when invoked.
  • `dist/providers/agent_provider.js` imports generated or project-local `app/agent_tools` modules during Adonis boot.
  • `dist/src/tool-discovery.js` recursively imports project-local tool modules as an opt-in fallback.
Evidence against
  • `package.json` has no preinstall/install/postinstall lifecycle hooks.
  • No child-process, shell, eval, VM, credential harvesting, or outbound HTTP client use was found in published JS.
  • Dynamic imports are limited to package peers, generated app barrels, or configured project modules.
  • Attachment reads are limited to authenticated upload temp files and pass through size/type checks in `dist/providers/agent_provider.js`.
Behavioral surface
Source
DynamicRequireFilesystem
Supply chain
HighEntropyStrings
ManifestNo manifest risk signals triggered.
scanned 89 file(s), 300 KB of source

Source & flagged code

1 flagged · loading source
dist/providers/agent_provider.jsView file
135} L136: const { InMemoryAgentStore } = await import('../src/testing/in-memory-store.js'); L137: return new InMemoryAgentStore();
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/providers/agent_provider.jsView on unpkg · L135

Findings

1 Medium3 Low
MediumDynamic Requiredist/providers/agent_provider.js
LowScripts Present
LowFilesystem
LowHigh Entropy Strings