JSPM

@permanentlymobile/pm-aid

1.0.2
  • ESM via JSPM
  • ES Module Entrypoint
  • Export Map
  • Keywords
  • License
  • Repository URL
  • TypeScript Types
  • README
  • Created
  • Published
  • Downloads 352
  • Score
    100M100P100Q9543F
  • License SEE LICENSE IN LICENSE

PM AID -- AI agent defense scanner. 73 JS-native modules across prompt injection, secret exposure, supply chain, OSINT, vault hardening, and the AI-agent-runtime surface. Self-hosted. Offline-verified license. One-time ownership.

Package Exports

  • @permanentlymobile/pm-aid
  • @permanentlymobile/pm-aid/engine

Readme

PM AID

AI agent defense scanner. 73 JS-native modules across prompt injection, secret exposure, supply chain, OSINT, vault hardening, and the AI-agent-runtime surface. Self-hosted. Offline-verified license. One-time ownership.

Install

npm install -g pm-aid

Requires Node 20 or newer. Compiles a native SQLite binding on first install -- expect a few seconds for the build.

Activate

After purchase you receive a license key in the form PMAID.v1.<payload>.<signature>. Bind it to your machine:

pm-aid license activate PMAID.v1.eyJ...

The license binds to the machine fingerprint on first activation. Verification is fully offline -- no network calls, no phone-home.

Confirm:

pm-aid license status

Run a scan

pm-aid scan --profile quick
pm-aid scan --profile half-deep --target /path/to/project
pm-aid scan --modules prompt-injection,secret-exposure

Available profiles:

  • quick -- 15 high-signal modules. ~60-120s. Good for CI hooks.
  • osint-light -- 10 public-API modules. Footprint-only, no auth required.
  • half-deep -- full surface, all 73 modules.

Results go to ~/.pm-aid/reports/ as markdown. Findings persist to ~/.pm-aid/findings.db for regression tracking across scans.

Exit codes

Code Meaning
0 Clean -- no findings
1 Findings present, no critical
2 Critical findings, license error, or invocation error

CLI reference

pm-aid scan --profile <name>          Run a named profile
pm-aid scan --modules m1,m2,...       Run specific modules
pm-aid scan --list                    List all 73 modules
pm-aid scan --list-profiles           List available profiles
pm-aid license activate <KEY>         Bind a license key to this machine
pm-aid license status                 Show activated license info
pm-aid license info                   Show trusted signing keys
pm-aid --version                      Print version
pm-aid --help                         Show help

Options:

--target <path>       Target directory (default: cwd)
--output <dir>        Report output dir (default: ~/.pm-aid/reports/)
--dry-run             Show plan without running
--verbose             Verbose module output
--json                Emit JSON results to stdout
--parallel            Run modules in parallel

Environment:

PM_AID_HOME                    State dir (default: ~/.pm-aid)
PM_AID_OPSEC_MODULES_ENABLED   Allow opt-in OPSEC modules under --modules=all
PM_AID_LICENSE_BYPASS          Set to "true" for dev/test (no license required)

Programmatic use

The scan engine is exported for direct use from Node:

import {
  runScan,
  loadScope,
  type ScanConfig,
  type Finding,
} from 'pm-aid';

const scope = loadScope({ target: '/path/to/project' });
const config: ScanConfig = {
  modules: ['prompt-injection', 'secret-exposure'],
  targets: scope,
  dryRun: false,
  verbose: false,
};

const { results, scanId, reportPath } = await runScan(scope, config);
const allFindings: Finding[] = results.flatMap((r) => r.findings);

The license gate lives in the CLI -- the engine itself does not gate. Embedders are expected to validate the license themselves via validateLicense(key) and activateLicense(db, key) from the same package.

Module surface

PM AID Basic ships 73 JS-native and API-only modules covering:

  • Prompt + agent runtime -- prompt-injection, context-exploit, paladin-bypass, cedar-bypass, voice-pipeline, tool-output-poisoning, tool-param-injection, prompt-injection-scanner, context-minimiser, output-pii-scanner, mcp-transport-integrity, symjack-mcp-config-guard, llm-proxy-posture
  • Secret + credential -- secret-exposure, vault-access, guardrails, breach-watchlist
  • Supply chain -- supply-chain, supply-chain-vigilance, dependency-audit, dependency-confusion, editor-extension-audit, symjack-mcp-config-guard
  • Network + transport -- http-headers, ssl-tls-check, ssrf-scanner, cors-check, weak-crypto-scanner, ssh-version-audit, ssh-cert-principal-probe, traceroute-path, icmp-posture, arp-spoof-detect
  • OSINT -- osint-footprint, osint-quarterly, dns-footprint, google-dork-scanner, metadata-leak-scanner, deepfake-detection, brand-monitor, whois-monitor, wayback-audit, mail-security, securitytrails-api, osint-chain-orchestrator
  • Cloud + auth -- firebase-supabase-audit, client-auth-bypass, payment-flow, cloud-misconfig, ai-malware-detect
  • Endpoint integrity -- browser-version-audit, decision-chain-integrity, patch-verification, linux-privesc-surface, linux-kernel-version-check, pam-integrity-monitor
  • Code-level -- xss-sink-scanner, xxe-scanner, deserialization-vuln-scanner, eval-shell-scanner, business-logic
  • Defensive observation -- pre-scan-attack-surface, defensive-sensor-stack, campaign-progress-monitor, rotation-aware-actor-correlation, email-header-forensics, git-host-integrity, mobile-apk-audit, api-abuse, finding-db
  • OPSEC (opt-in via env) -- persona-hardened-egress, egress-leak-check, self-osint-audit, wifi-pentest, bluetooth-pentest

Binary-tier modules (nmap, nuclei, ffuf, semgrep, volatility, etc.) are NOT part of PM AID Basic. They ship with the upcoming PM AID Pro / Wraith White-Hat tier.

Privacy

PM AID never phones home. No telemetry. No license-server check. The scan engine reads only what you scope it to, persists findings locally to ~/.pm-aid/, and writes markdown reports for you to review or commit.

License

One-time-ownership commercial license. See LICENSE for terms.