@heyanon-arp/shield — NOTICE
============================

This product (`@heyanon-arp/shield`, bin `heyshield`) contains code,
data, patterns, or references derived from the following upstream
projects. Their respective licenses apply to the corresponding portions
of this distribution.

------------------------------------------------------------------------

1. Pipelock — https://github.com/luckyPipewrench/pipelock
   License: Apache License 2.0
   Components derived from pipelock and reused in @heyanon-arp/shield:
     - src/layers/l0-normalize.ts            (NFKC + zero-width strip + homoglyph
                                              + invisible-tag + base64 unwrap
                                              pipeline; ported from
                                              internal/normalize/normalize.go)
     - src/layers/l0-injection-patterns.ts   (30 inbound injection patterns;
                                              ported from
                                              internal/scanner/response.go)
     - src/layers/l4-dlp-outbound.ts         (DLP match / score loop; ported
                                              from internal/scanner/text_dlp.go)
     - share/patterns/dlp-outbound.json      (46 credential pattern entries;
                                              ported from
                                              internal/config/defaults.go)
     - src/layers/l0-url-allowlist.ts        (URL heuristics: IDN punycode, IP
                                              literals; ported from
                                              internal/scanner/validate.go)
     - src/receipts/jsonl-writer.ts          (schema base from
                                              sdk/audit-packet/audit_packet.go;
                                              signature, signing-key-id, and
                                              merkle-root fields dropped per
                                              spec §7)
     - share/url-allowlist/v1.json           (preset structure derived from
                                              configs/balanced.yaml +
                                              configs/strict.yaml)
   Apache 2.0 license file shipped at third_party/pipelock/LICENSE.
   Apache 2.0 headers retained in each ported file.
   Modifications recorded: signing removed, hot-reload removed,
   enterprise / license-service / killswitch features omitted.

------------------------------------------------------------------------

2. PurpleLlama / CodeShield — https://github.com/meta-llama/PurpleLlama
   Subcomponent in scope:

   CodeShield
      License: MIT
      Components: semgrep rule taxonomy references in
                  share/semgrep/rules/shield/. The CodeShield Python
                  engine is NOT ported; only the rule IDs and severity
                  metadata are referenced.

------------------------------------------------------------------------

3. PayloadAllTheThings — https://github.com/swisskyrepo/PayloadsAllTheThings
   License: MIT (third_party/PayloadsAllTheThings/LICENSE)
   Components: reverse-shell and command-injection signatures contained
   in share/semgrep/rules/shield/reverse-shells.yaml.
   Source: Methodology and Resources / Reverse Shell Cheatsheet.md.

------------------------------------------------------------------------

4. LOLBAS-Project — https://github.com/LOLBAS-Project/LOLBAS
   License: MIT (third_party/LOLBAS/LICENSE)
   Components: Windows living-off-the-land binary patterns contained in
   share/semgrep/rules/shield/reverse-shells.yaml.

------------------------------------------------------------------------

4b. GTFOBins — https://github.com/GTFOBins/GTFOBins.github.io
    License: MIT (text identical to third_party/PayloadsAllTheThings/LICENSE)
    Components: Unix command-abuse signatures referenced in
    share/semgrep/rules/shield/reverse-shells.yaml (named alongside
    PayloadsAllTheThings and LOLBAS in the file's source-of-port comment).

------------------------------------------------------------------------

4c. bip39 (npm package) — https://github.com/bitcoinjs/bip39
    License: MIT (third_party/bip39/LICENSE)
    Components: share/bip39/english.json — the canonical 2048-word
    English BIP-39 wordlist, copied verbatim from the bip39 npm
    package's src/wordlists/english.json. The wordlist itself
    originates with the BIP-39 specification and carries a public-
    domain dedication via the bitcoin/bips repository; the MIT licence
    above governs the JSON packaging shipped by the bip39 package, from
    which this file was sourced. Used by src/layers/bip39-detect.ts to
    block wallet seeds from leaving the operator's machine.

------------------------------------------------------------------------

5. semgrep — https://semgrep.dev (pip: semgrep)
   License: LGPL 2.1
   Runtime relationship: invoked as a subprocess at runtime via
   ~/.heyshield/semgrep/bin/semgrep (auto-installed by the npm
   postinstall hook in scripts/install-semgrep.js). NOT linked into the
   @heyanon-arp/shield codebase. Subprocess invocation does not create
   copyleft obligations on the calling code under LGPL 2.1.

------------------------------------------------------------------------

6. @heyanon-arp/cli + @heyanon-arp/sdk
   License: MIT
   Relationship: @heyanon-arp/cli declares @heyanon-arp/shield as a
   mandatory peer dependency (spec §17). @heyanon-arp/shield consumes
   the cli's --json output (poll channel) and SSE NDJSON tail
   (`heyarp inbox --tail --json` / `heyarp watch <rel-id> --json`,
   SSE channel) and uses the sdk's envelope type definitions. No code
   copied.

------------------------------------------------------------------------

7. agentgateway — https://github.com/agentgateway/agentgateway
   License: Apache License 2.0
   Status: research mirror only; no code currently ported. If A2A
   inbound support is later added, the a2a/mod.rs parser is the
   candidate (~100 LOC) and this entry will be expanded with the ported
   file paths and the upstream LICENSE shipped at
   third_party/agentgateway/LICENSE.

------------------------------------------------------------------------

Aggregate third-party index: third_party/NOTICES.md mirrors this file
per-component (version pinned at port time, upstream commit SHA, and a
one-line description of what was taken) to satisfy downstream SBOM
tooling and the "prominent notice" clause of Apache-2.0 §4(b).
