@agentlensai/server 0.8.0 → 0.9.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/db/anonymous-id-manager.d.ts +44 -0
- package/dist/db/anonymous-id-manager.d.ts.map +1 -0
- package/dist/db/anonymous-id-manager.js +90 -0
- package/dist/db/anonymous-id-manager.js.map +1 -0
- package/dist/db/capability-store.d.ts +78 -0
- package/dist/db/capability-store.d.ts.map +1 -0
- package/dist/db/capability-store.js +201 -0
- package/dist/db/capability-store.js.map +1 -0
- package/dist/db/migrate.d.ts.map +1 -1
- package/dist/db/migrate.js +136 -0
- package/dist/db/migrate.js.map +1 -1
- package/dist/db/schema.sqlite.d.ts +1663 -2
- package/dist/db/schema.sqlite.d.ts.map +1 -1
- package/dist/db/schema.sqlite.js +135 -1
- package/dist/db/schema.sqlite.js.map +1 -1
- package/dist/index.d.ts +5 -0
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +32 -0
- package/dist/index.js.map +1 -1
- package/dist/lib/redaction/human-review-layer.d.ts +37 -0
- package/dist/lib/redaction/human-review-layer.d.ts.map +1 -0
- package/dist/lib/redaction/human-review-layer.js +62 -0
- package/dist/lib/redaction/human-review-layer.js.map +1 -0
- package/dist/lib/redaction/index.d.ts +12 -0
- package/dist/lib/redaction/index.d.ts.map +1 -0
- package/dist/lib/redaction/index.js +12 -0
- package/dist/lib/redaction/index.js.map +1 -0
- package/dist/lib/redaction/pii-detection-layer.d.ts +30 -0
- package/dist/lib/redaction/pii-detection-layer.d.ts.map +1 -0
- package/dist/lib/redaction/pii-detection-layer.js +183 -0
- package/dist/lib/redaction/pii-detection-layer.js.map +1 -0
- package/dist/lib/redaction/pipeline.d.ts +26 -0
- package/dist/lib/redaction/pipeline.d.ts.map +1 -0
- package/dist/lib/redaction/pipeline.js +91 -0
- package/dist/lib/redaction/pipeline.js.map +1 -0
- package/dist/lib/redaction/secret-detection-layer.d.ts +10 -0
- package/dist/lib/redaction/secret-detection-layer.d.ts.map +1 -0
- package/dist/lib/redaction/secret-detection-layer.js +79 -0
- package/dist/lib/redaction/secret-detection-layer.js.map +1 -0
- package/dist/lib/redaction/secret-patterns.d.ts +29 -0
- package/dist/lib/redaction/secret-patterns.d.ts.map +1 -0
- package/dist/lib/redaction/secret-patterns.js +133 -0
- package/dist/lib/redaction/secret-patterns.js.map +1 -0
- package/dist/lib/redaction/semantic-denylist-layer.d.ts +10 -0
- package/dist/lib/redaction/semantic-denylist-layer.d.ts.map +1 -0
- package/dist/lib/redaction/semantic-denylist-layer.js +64 -0
- package/dist/lib/redaction/semantic-denylist-layer.js.map +1 -0
- package/dist/lib/redaction/tenant-deidentification-layer.d.ts +10 -0
- package/dist/lib/redaction/tenant-deidentification-layer.d.ts.map +1 -0
- package/dist/lib/redaction/tenant-deidentification-layer.js +64 -0
- package/dist/lib/redaction/tenant-deidentification-layer.js.map +1 -0
- package/dist/lib/redaction/url-path-scrubbing-layer.d.ts +14 -0
- package/dist/lib/redaction/url-path-scrubbing-layer.d.ts.map +1 -0
- package/dist/lib/redaction/url-path-scrubbing-layer.js +156 -0
- package/dist/lib/redaction/url-path-scrubbing-layer.js.map +1 -0
- package/dist/routes/agents.d.ts.map +1 -1
- package/dist/routes/agents.js +3 -9
- package/dist/routes/agents.js.map +1 -1
- package/dist/routes/audit.d.ts +15 -0
- package/dist/routes/audit.d.ts.map +1 -0
- package/dist/routes/audit.js +177 -0
- package/dist/routes/audit.js.map +1 -0
- package/dist/routes/capabilities.d.ts +15 -0
- package/dist/routes/capabilities.d.ts.map +1 -0
- package/dist/routes/capabilities.js +86 -0
- package/dist/routes/capabilities.js.map +1 -0
- package/dist/routes/community.d.ts +24 -0
- package/dist/routes/community.d.ts.map +1 -0
- package/dist/routes/community.js +190 -0
- package/dist/routes/community.js.map +1 -0
- package/dist/routes/delegation.d.ts +20 -0
- package/dist/routes/delegation.d.ts.map +1 -0
- package/dist/routes/delegation.js +108 -0
- package/dist/routes/delegation.js.map +1 -0
- package/dist/routes/discovery.d.ts +19 -0
- package/dist/routes/discovery.d.ts.map +1 -0
- package/dist/routes/discovery.js +96 -0
- package/dist/routes/discovery.js.map +1 -0
- package/dist/routes/redaction-test.d.ts +14 -0
- package/dist/routes/redaction-test.d.ts.map +1 -0
- package/dist/routes/redaction-test.js +33 -0
- package/dist/routes/redaction-test.js.map +1 -0
- package/dist/routes/trust.d.ts +16 -0
- package/dist/routes/trust.d.ts.map +1 -0
- package/dist/routes/trust.js +23 -0
- package/dist/routes/trust.js.map +1 -0
- package/dist/services/community-service.d.ts +277 -0
- package/dist/services/community-service.d.ts.map +1 -0
- package/dist/services/community-service.js +785 -0
- package/dist/services/community-service.js.map +1 -0
- package/dist/services/delegation-service.d.ts +149 -0
- package/dist/services/delegation-service.d.ts.map +1 -0
- package/dist/services/delegation-service.js +605 -0
- package/dist/services/delegation-service.js.map +1 -0
- package/dist/services/discovery-service.d.ts +39 -0
- package/dist/services/discovery-service.d.ts.map +1 -0
- package/dist/services/discovery-service.js +186 -0
- package/dist/services/discovery-service.js.map +1 -0
- package/dist/services/trust-service.d.ts +59 -0
- package/dist/services/trust-service.d.ts.map +1 -0
- package/dist/services/trust-service.js +139 -0
- package/dist/services/trust-service.js.map +1 -0
- package/package.json +2 -2
|
@@ -0,0 +1,183 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Layer 2: PII Detection (Story 2.1)
|
|
3
|
+
*/
|
|
4
|
+
/**
|
|
5
|
+
* Luhn algorithm for credit card validation.
|
|
6
|
+
*/
|
|
7
|
+
function luhnCheck(digits) {
|
|
8
|
+
const nums = digits.replace(/\D/g, '');
|
|
9
|
+
if (nums.length < 13 || nums.length > 19)
|
|
10
|
+
return false;
|
|
11
|
+
let sum = 0;
|
|
12
|
+
let alternate = false;
|
|
13
|
+
for (let i = nums.length - 1; i >= 0; i--) {
|
|
14
|
+
let n = parseInt(nums[i], 10);
|
|
15
|
+
if (alternate) {
|
|
16
|
+
n *= 2;
|
|
17
|
+
if (n > 9)
|
|
18
|
+
n -= 9;
|
|
19
|
+
}
|
|
20
|
+
sum += n;
|
|
21
|
+
alternate = !alternate;
|
|
22
|
+
}
|
|
23
|
+
return sum % 10 === 0;
|
|
24
|
+
}
|
|
25
|
+
export const PII_PATTERNS = [
|
|
26
|
+
{
|
|
27
|
+
name: 'email',
|
|
28
|
+
category: 'email',
|
|
29
|
+
regex: /[a-zA-Z0-9._%+\-]+@[a-zA-Z0-9.\-]+\.[a-zA-Z]{2,}/g,
|
|
30
|
+
replacement: '[EMAIL]',
|
|
31
|
+
confidence: 0.95,
|
|
32
|
+
},
|
|
33
|
+
{
|
|
34
|
+
name: 'ssn_dashed',
|
|
35
|
+
category: 'ssn',
|
|
36
|
+
regex: /\b\d{3}-\d{2}-\d{4}\b/g,
|
|
37
|
+
replacement: '[SSN]',
|
|
38
|
+
confidence: 0.95,
|
|
39
|
+
},
|
|
40
|
+
{
|
|
41
|
+
name: 'ssn_plain',
|
|
42
|
+
category: 'ssn',
|
|
43
|
+
regex: /\b(?<!\d)(?!000|666|9\d\d)\d{3}(?!00)\d{2}(?!0000)\d{4}(?!\d)\b/g,
|
|
44
|
+
replacement: '[SSN]',
|
|
45
|
+
confidence: 0.70,
|
|
46
|
+
validate: (match) => {
|
|
47
|
+
const digits = match.replace(/\D/g, '');
|
|
48
|
+
// Must be exactly 9 digits, not all same, not sequential
|
|
49
|
+
return digits.length === 9 && !/^(\d)\1{8}$/.test(digits);
|
|
50
|
+
},
|
|
51
|
+
},
|
|
52
|
+
{
|
|
53
|
+
name: 'credit_card_16',
|
|
54
|
+
category: 'credit_card',
|
|
55
|
+
regex: /\b\d{4}[-\s]?\d{4}[-\s]?\d{4}[-\s]?\d{4}\b/g,
|
|
56
|
+
replacement: '[CREDIT_CARD]',
|
|
57
|
+
confidence: 0.90,
|
|
58
|
+
validate: (match) => luhnCheck(match),
|
|
59
|
+
},
|
|
60
|
+
{
|
|
61
|
+
name: 'credit_card_amex',
|
|
62
|
+
category: 'credit_card',
|
|
63
|
+
regex: /\b3[47]\d{2}[-\s]?\d{6}[-\s]?\d{5}\b/g,
|
|
64
|
+
replacement: '[CREDIT_CARD]',
|
|
65
|
+
confidence: 0.90,
|
|
66
|
+
validate: (match) => luhnCheck(match),
|
|
67
|
+
},
|
|
68
|
+
{
|
|
69
|
+
name: 'phone_us',
|
|
70
|
+
category: 'phone',
|
|
71
|
+
regex: /(?:\+?1[-.\s])?\(?\d{3}\)?[-.\s]\d{3}[-.\s]\d{4}\b/g,
|
|
72
|
+
replacement: '[PHONE]',
|
|
73
|
+
confidence: 0.85,
|
|
74
|
+
},
|
|
75
|
+
{
|
|
76
|
+
name: 'phone_international',
|
|
77
|
+
category: 'phone',
|
|
78
|
+
regex: /\+\d{1,3}[-.\s]?\d{1,4}[-.\s]?\d{2,4}[-.\s]?\d{2,4}[-.\s]?\d{0,4}\b/g,
|
|
79
|
+
replacement: '[PHONE]',
|
|
80
|
+
confidence: 0.80,
|
|
81
|
+
},
|
|
82
|
+
{
|
|
83
|
+
name: 'ip_address_v4',
|
|
84
|
+
category: 'ip_address',
|
|
85
|
+
regex: /\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b/g,
|
|
86
|
+
replacement: '[IP_ADDRESS]',
|
|
87
|
+
confidence: 0.80,
|
|
88
|
+
},
|
|
89
|
+
{
|
|
90
|
+
name: 'ip_address_v6',
|
|
91
|
+
category: 'ip_address',
|
|
92
|
+
regex: /\b(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}\b/g,
|
|
93
|
+
replacement: '[IP_ADDRESS]',
|
|
94
|
+
confidence: 0.80,
|
|
95
|
+
},
|
|
96
|
+
{
|
|
97
|
+
name: 'ip_address_v6_compressed',
|
|
98
|
+
category: 'ip_address',
|
|
99
|
+
regex: /\b(?:[0-9a-fA-F]{1,4}:){1,6}(?::[0-9a-fA-F]{1,4}){1,6}\b/g,
|
|
100
|
+
replacement: '[IP_ADDRESS]',
|
|
101
|
+
confidence: 0.75,
|
|
102
|
+
},
|
|
103
|
+
{
|
|
104
|
+
name: 'ip_address_v4_mapped_v6',
|
|
105
|
+
category: 'ip_address',
|
|
106
|
+
regex: /::ffff:\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b/g,
|
|
107
|
+
replacement: '[IP_ADDRESS]',
|
|
108
|
+
confidence: 0.80,
|
|
109
|
+
},
|
|
110
|
+
];
|
|
111
|
+
export class PIIDetectionLayer {
|
|
112
|
+
presidio;
|
|
113
|
+
name = 'pii_detection';
|
|
114
|
+
order = 200;
|
|
115
|
+
constructor(presidio) {
|
|
116
|
+
this.presidio = presidio;
|
|
117
|
+
}
|
|
118
|
+
async process(input, _context) {
|
|
119
|
+
const findings = [];
|
|
120
|
+
const allMatches = [];
|
|
121
|
+
// Regex-based detection
|
|
122
|
+
for (const pattern of PII_PATTERNS) {
|
|
123
|
+
const regex = new RegExp(pattern.regex.source, pattern.regex.flags);
|
|
124
|
+
let match;
|
|
125
|
+
while ((match = regex.exec(input)) !== null) {
|
|
126
|
+
if (pattern.validate && !pattern.validate(match[0]))
|
|
127
|
+
continue;
|
|
128
|
+
allMatches.push({
|
|
129
|
+
start: match.index,
|
|
130
|
+
end: match.index + match[0].length,
|
|
131
|
+
replacement: pattern.replacement,
|
|
132
|
+
category: pattern.category,
|
|
133
|
+
confidence: pattern.confidence,
|
|
134
|
+
});
|
|
135
|
+
}
|
|
136
|
+
}
|
|
137
|
+
// Optional Presidio NER
|
|
138
|
+
if (this.presidio) {
|
|
139
|
+
const entities = await this.presidio.analyze(input);
|
|
140
|
+
for (const entity of entities) {
|
|
141
|
+
const alreadyCovered = allMatches.some(m => m.start <= entity.start && m.end >= entity.end);
|
|
142
|
+
if (!alreadyCovered) {
|
|
143
|
+
allMatches.push({
|
|
144
|
+
start: entity.start,
|
|
145
|
+
end: entity.end,
|
|
146
|
+
replacement: `[${entity.entityType}]`,
|
|
147
|
+
category: entity.entityType.toLowerCase(),
|
|
148
|
+
confidence: entity.score,
|
|
149
|
+
});
|
|
150
|
+
}
|
|
151
|
+
}
|
|
152
|
+
}
|
|
153
|
+
// Sort descending by start for safe replacement
|
|
154
|
+
allMatches.sort((a, b) => b.start - a.start);
|
|
155
|
+
// Deduplicate overlapping
|
|
156
|
+
const deduped = [];
|
|
157
|
+
for (const m of allMatches) {
|
|
158
|
+
if (!deduped.some(d => m.start < d.end && m.end > d.start)) {
|
|
159
|
+
deduped.push(m);
|
|
160
|
+
}
|
|
161
|
+
}
|
|
162
|
+
let output = input;
|
|
163
|
+
// Record findings in ascending order
|
|
164
|
+
const ascending = [...deduped].sort((a, b) => a.start - b.start);
|
|
165
|
+
for (const m of ascending) {
|
|
166
|
+
findings.push({
|
|
167
|
+
layer: 'pii_detection',
|
|
168
|
+
category: m.category,
|
|
169
|
+
originalLength: m.end - m.start,
|
|
170
|
+
replacement: m.replacement,
|
|
171
|
+
startOffset: m.start,
|
|
172
|
+
endOffset: m.end,
|
|
173
|
+
confidence: m.confidence,
|
|
174
|
+
});
|
|
175
|
+
}
|
|
176
|
+
// Apply replacements descending
|
|
177
|
+
for (const m of deduped) {
|
|
178
|
+
output = output.slice(0, m.start) + m.replacement + output.slice(m.end);
|
|
179
|
+
}
|
|
180
|
+
return { output, findings, blocked: false };
|
|
181
|
+
}
|
|
182
|
+
}
|
|
183
|
+
//# sourceMappingURL=pii-detection-layer.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"pii-detection-layer.js","sourceRoot":"","sources":["../../../src/lib/redaction/pii-detection-layer.ts"],"names":[],"mappings":"AAAA;;GAEG;AAkBH;;GAEG;AACH,SAAS,SAAS,CAAC,MAAc;IAC/B,MAAM,IAAI,GAAG,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IACvC,IAAI,IAAI,CAAC,MAAM,GAAG,EAAE,IAAI,IAAI,CAAC,MAAM,GAAG,EAAE;QAAE,OAAO,KAAK,CAAC;IACvD,IAAI,GAAG,GAAG,CAAC,CAAC;IACZ,IAAI,SAAS,GAAG,KAAK,CAAC;IACtB,KAAK,IAAI,CAAC,GAAG,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;QAC1C,IAAI,CAAC,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAC9B,IAAI,SAAS,EAAE,CAAC;YACd,CAAC,IAAI,CAAC,CAAC;YACP,IAAI,CAAC,GAAG,CAAC;gBAAE,CAAC,IAAI,CAAC,CAAC;QACpB,CAAC;QACD,GAAG,IAAI,CAAC,CAAC;QACT,SAAS,GAAG,CAAC,SAAS,CAAC;IACzB,CAAC;IACD,OAAO,GAAG,GAAG,EAAE,KAAK,CAAC,CAAC;AACxB,CAAC;AAED,MAAM,CAAC,MAAM,YAAY,GAAiB;IACxC;QACE,IAAI,EAAE,OAAO;QACb,QAAQ,EAAE,OAAO;QACjB,KAAK,EAAE,mDAAmD;QAC1D,WAAW,EAAE,SAAS;QACtB,UAAU,EAAE,IAAI;KACjB;IACD;QACE,IAAI,EAAE,YAAY;QAClB,QAAQ,EAAE,KAAK;QACf,KAAK,EAAE,wBAAwB;QAC/B,WAAW,EAAE,OAAO;QACpB,UAAU,EAAE,IAAI;KACjB;IACD;QACE,IAAI,EAAE,WAAW;QACjB,QAAQ,EAAE,KAAK;QACf,KAAK,EAAE,kEAAkE;QACzE,WAAW,EAAE,OAAO;QACpB,UAAU,EAAE,IAAI;QAChB,QAAQ,EAAE,CAAC,KAAK,EAAE,EAAE;YAClB,MAAM,MAAM,GAAG,KAAK,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;YACxC,yDAAyD;YACzD,OAAO,MAAM,CAAC,MAAM,KAAK,CAAC,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAC5D,CAAC;KACF;IACD;QACE,IAAI,EAAE,gBAAgB;QACtB,QAAQ,EAAE,aAAa;QACvB,KAAK,EAAE,6CAA6C;QACpD,WAAW,EAAE,eAAe;QAC5B,UAAU,EAAE,IAAI;QAChB,QAAQ,EAAE,CAAC,KAAK,EAAE,EAAE,CAAC,SAAS,CAAC,KAAK,CAAC;KACtC;IACD;QACE,IAAI,EAAE,kBAAkB;QACxB,QAAQ,EAAE,aAAa;QACvB,KAAK,EAAE,uCAAuC;QAC9C,WAAW,EAAE,eAAe;QAC5B,UAAU,EAAE,IAAI;QAChB,QAAQ,EAAE,CAAC,KAAK,EAAE,EAAE,CAAC,SAAS,CAAC,KAAK,CAAC;KACtC;IACD;QACE,IAAI,EAAE,UAAU;QAChB,QAAQ,EAAE,OAAO;QACjB,KAAK,EAAE,qDAAqD;QAC5D,WAAW,EAAE,SAAS;QACtB,UAAU,EAAE,IAAI;KACjB;IACD;QACE,IAAI,EAAE,qBAAqB;QAC3B,QAAQ,EAAE,OAAO;QACjB,KAAK,EAAE,sEAAsE;QAC7E,WAAW,EAAE,SAAS;QACtB,UAAU,EAAE,IAAI;KACjB;IACD;QACE,IAAI,EAAE,eAAe;QACrB,QAAQ,EAAE,YAAY;QACtB,KAAK,EAAE,yCAAyC;QAChD,WAAW,EAAE,cAAc;QAC3B,UAAU,EAAE,IAAI;KACjB;IACD;QACE,IAAI,EAAE,eAAe;QACrB,QAAQ,EAAE,YAAY;QACtB,KAAK,EAAE,+CAA+C;QACtD,WAAW,EAAE,cAAc;QAC3B,UAAU,EAAE,IAAI;KACjB;IACD;QACE,IAAI,EAAE,0BAA0B;QAChC,QAAQ,EAAE,YAAY;QACtB,KAAK,EAAE,2DAA2D;QAClE,WAAW,EAAE,cAAc;QAC3B,UAAU,EAAE,IAAI;KACjB;IACD;QACE,IAAI,EAAE,yBAAyB;QAC/B,QAAQ,EAAE,YAAY;QACtB,KAAK,EAAE,8CAA8C;QACrD,WAAW,EAAE,cAAc;QAC3B,UAAU,EAAE,IAAI;KACjB;CACF,CAAC;AAYF,MAAM,OAAO,iBAAiB;IAIC;IAHpB,IAAI,GAAG,eAAwB,CAAC;IAChC,KAAK,GAAG,GAAG,CAAC;IAErB,YAA6B,QAA2B;QAA3B,aAAQ,GAAR,QAAQ,CAAmB;IAAG,CAAC;IAE5D,KAAK,CAAC,OAAO,CAAC,KAAa,EAAE,QAA0B;QACrD,MAAM,QAAQ,GAAuB,EAAE,CAAC;QACxC,MAAM,UAAU,GAMX,EAAE,CAAC;QAER,wBAAwB;QACxB,KAAK,MAAM,OAAO,IAAI,YAAY,EAAE,CAAC;YACnC,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;YACpE,IAAI,KAA6B,CAAC;YAClC,OAAO,CAAC,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;gBAC5C,IAAI,OAAO,CAAC,QAAQ,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;oBAAE,SAAS;gBAC9D,UAAU,CAAC,IAAI,CAAC;oBACd,KAAK,EAAE,KAAK,CAAC,KAAK;oBAClB,GAAG,EAAE,KAAK,CAAC,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM;oBAClC,WAAW,EAAE,OAAO,CAAC,WAAW;oBAChC,QAAQ,EAAE,OAAO,CAAC,QAAQ;oBAC1B,UAAU,EAAE,OAAO,CAAC,UAAU;iBAC/B,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,wBAAwB;QACxB,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAClB,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;YACpD,KAAK,MAAM,MAAM,IAAI,QAAQ,EAAE,CAAC;gBAC9B,MAAM,cAAc,GAAG,UAAU,CAAC,IAAI,CACpC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,IAAI,MAAM,CAAC,KAAK,IAAI,CAAC,CAAC,GAAG,IAAI,MAAM,CAAC,GAAG,CACpD,CAAC;gBACF,IAAI,CAAC,cAAc,EAAE,CAAC;oBACpB,UAAU,CAAC,IAAI,CAAC;wBACd,KAAK,EAAE,MAAM,CAAC,KAAK;wBACnB,GAAG,EAAE,MAAM,CAAC,GAAG;wBACf,WAAW,EAAE,IAAI,MAAM,CAAC,UAAU,GAAG;wBACrC,QAAQ,EAAE,MAAM,CAAC,UAAU,CAAC,WAAW,EAAE;wBACzC,UAAU,EAAE,MAAM,CAAC,KAAK;qBACzB,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;QAED,gDAAgD;QAChD,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC;QAE7C,0BAA0B;QAC1B,MAAM,OAAO,GAAsB,EAAE,CAAC;QACtC,KAAK,MAAM,CAAC,IAAI,UAAU,EAAE,CAAC;YAC3B,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC;gBAC3D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAClB,CAAC;QACH,CAAC;QAED,IAAI,MAAM,GAAG,KAAK,CAAC;QACnB,qCAAqC;QACrC,MAAM,SAAS,GAAG,CAAC,GAAG,OAAO,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC;QACjE,KAAK,MAAM,CAAC,IAAI,SAAS,EAAE,CAAC;YAC1B,QAAQ,CAAC,IAAI,CAAC;gBACZ,KAAK,EAAE,eAAe;gBACtB,QAAQ,EAAE,CAAC,CAAC,QAAQ;gBACpB,cAAc,EAAE,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC,KAAK;gBAC/B,WAAW,EAAE,CAAC,CAAC,WAAW;gBAC1B,WAAW,EAAE,CAAC,CAAC,KAAK;gBACpB,SAAS,EAAE,CAAC,CAAC,GAAG;gBAChB,UAAU,EAAE,CAAC,CAAC,UAAU;aACzB,CAAC,CAAC;QACL,CAAC;QAED,gCAAgC;QAChC,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;YACxB,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,WAAW,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;QAC1E,CAAC;QAED,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;IAC9C,CAAC;CACF"}
|
|
@@ -0,0 +1,26 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Redaction Pipeline Orchestrator (Story 2.3)
|
|
3
|
+
*/
|
|
4
|
+
import type { RedactionLayer, RedactionContext, RedactionResult, RawLessonContent } from '@agentlensai/core';
|
|
5
|
+
import { type PresidioProvider } from './pii-detection-layer.js';
|
|
6
|
+
import { type ReviewQueueStore } from './human-review-layer.js';
|
|
7
|
+
export interface RedactionPipelineConfig {
|
|
8
|
+
humanReviewEnabled?: boolean;
|
|
9
|
+
reviewQueueStore?: ReviewQueueStore;
|
|
10
|
+
presidioProvider?: PresidioProvider;
|
|
11
|
+
publicDomainAllowlist?: string[];
|
|
12
|
+
}
|
|
13
|
+
export declare class RedactionPipeline {
|
|
14
|
+
private layers;
|
|
15
|
+
constructor(config?: RedactionPipelineConfig, customLayers?: RedactionLayer[]);
|
|
16
|
+
getLayers(): readonly RedactionLayer[];
|
|
17
|
+
/**
|
|
18
|
+
* Register a custom redaction layer at runtime.
|
|
19
|
+
* The layer is inserted at the correct position based on its `order` field.
|
|
20
|
+
* Multiple custom layers are supported.
|
|
21
|
+
* Plugin errors trigger fail-closed behavior (same as built-in layers).
|
|
22
|
+
*/
|
|
23
|
+
registerCustomLayer(layer: RedactionLayer): void;
|
|
24
|
+
process(raw: RawLessonContent, ctx: RedactionContext): Promise<RedactionResult>;
|
|
25
|
+
}
|
|
26
|
+
//# sourceMappingURL=pipeline.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"pipeline.d.ts","sourceRoot":"","sources":["../../../src/lib/redaction/pipeline.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EACV,cAAc,EAEd,gBAAgB,EAChB,eAAe,EAEf,gBAAgB,EACjB,MAAM,mBAAmB,CAAC;AAG3B,OAAO,EAAqB,KAAK,gBAAgB,EAAE,MAAM,0BAA0B,CAAC;AAIpF,OAAO,EAAoB,KAAK,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAElF,MAAM,WAAW,uBAAuB;IACtC,kBAAkB,CAAC,EAAE,OAAO,CAAC;IAC7B,gBAAgB,CAAC,EAAE,gBAAgB,CAAC;IACpC,gBAAgB,CAAC,EAAE,gBAAgB,CAAC;IACpC,qBAAqB,CAAC,EAAE,MAAM,EAAE,CAAC;CAClC;AAED,qBAAa,iBAAiB;IAC5B,OAAO,CAAC,MAAM,CAAmB;gBAG/B,MAAM,GAAE,uBAA4B,EACpC,YAAY,CAAC,EAAE,cAAc,EAAE;IAqBjC,SAAS,IAAI,SAAS,cAAc,EAAE;IAItC;;;;;OAKG;IACH,mBAAmB,CAAC,KAAK,EAAE,cAAc,GAAG,IAAI;IAK1C,OAAO,CAAC,GAAG,EAAE,gBAAgB,EAAE,GAAG,EAAE,gBAAgB,GAAG,OAAO,CAAC,eAAe,CAAC;CAuDtF"}
|
|
@@ -0,0 +1,91 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Redaction Pipeline Orchestrator (Story 2.3)
|
|
3
|
+
*/
|
|
4
|
+
import { createRedactedLessonContent, REDACTION_PIPELINE_KEY } from '@agentlensai/core';
|
|
5
|
+
import { SecretDetectionLayer } from './secret-detection-layer.js';
|
|
6
|
+
import { PIIDetectionLayer } from './pii-detection-layer.js';
|
|
7
|
+
import { UrlPathScrubbingLayer } from './url-path-scrubbing-layer.js';
|
|
8
|
+
import { TenantDeidentificationLayer } from './tenant-deidentification-layer.js';
|
|
9
|
+
import { SemanticDenyListLayer } from './semantic-denylist-layer.js';
|
|
10
|
+
import { HumanReviewLayer } from './human-review-layer.js';
|
|
11
|
+
export class RedactionPipeline {
|
|
12
|
+
layers;
|
|
13
|
+
constructor(config = {}, customLayers) {
|
|
14
|
+
const defaultLayers = [
|
|
15
|
+
new SecretDetectionLayer(),
|
|
16
|
+
new PIIDetectionLayer(config.presidioProvider),
|
|
17
|
+
new UrlPathScrubbingLayer(config.publicDomainAllowlist),
|
|
18
|
+
new TenantDeidentificationLayer(),
|
|
19
|
+
new SemanticDenyListLayer(),
|
|
20
|
+
new HumanReviewLayer(config.humanReviewEnabled ?? false, config.reviewQueueStore),
|
|
21
|
+
];
|
|
22
|
+
if (customLayers) {
|
|
23
|
+
defaultLayers.push(...customLayers);
|
|
24
|
+
}
|
|
25
|
+
this.layers = defaultLayers.sort((a, b) => a.order - b.order);
|
|
26
|
+
}
|
|
27
|
+
getLayers() {
|
|
28
|
+
return this.layers;
|
|
29
|
+
}
|
|
30
|
+
/**
|
|
31
|
+
* Register a custom redaction layer at runtime.
|
|
32
|
+
* The layer is inserted at the correct position based on its `order` field.
|
|
33
|
+
* Multiple custom layers are supported.
|
|
34
|
+
* Plugin errors trigger fail-closed behavior (same as built-in layers).
|
|
35
|
+
*/
|
|
36
|
+
registerCustomLayer(layer) {
|
|
37
|
+
this.layers.push(layer);
|
|
38
|
+
this.layers.sort((a, b) => a.order - b.order);
|
|
39
|
+
}
|
|
40
|
+
async process(raw, ctx) {
|
|
41
|
+
// Combine title and content for processing
|
|
42
|
+
let text = `${raw.title}\n---\n${raw.content}`;
|
|
43
|
+
const allFindings = [];
|
|
44
|
+
for (const layer of this.layers) {
|
|
45
|
+
let result;
|
|
46
|
+
try {
|
|
47
|
+
result = await layer.process(text, ctx);
|
|
48
|
+
}
|
|
49
|
+
catch (error) {
|
|
50
|
+
// FAIL-CLOSED: any layer error blocks the lesson
|
|
51
|
+
return {
|
|
52
|
+
status: 'error',
|
|
53
|
+
error: error instanceof Error ? error.message : String(error),
|
|
54
|
+
layer: layer.name,
|
|
55
|
+
};
|
|
56
|
+
}
|
|
57
|
+
if (result.blocked) {
|
|
58
|
+
// Check for pending_review special case
|
|
59
|
+
if (result.blockReason?.startsWith('pending_review:')) {
|
|
60
|
+
const reviewId = result.blockReason.split(':')[1];
|
|
61
|
+
return { status: 'pending_review', reviewId };
|
|
62
|
+
}
|
|
63
|
+
return {
|
|
64
|
+
status: 'blocked',
|
|
65
|
+
reason: result.blockReason ?? 'Blocked by redaction layer',
|
|
66
|
+
layer: layer.name,
|
|
67
|
+
};
|
|
68
|
+
}
|
|
69
|
+
text = result.output;
|
|
70
|
+
allFindings.push(...result.findings);
|
|
71
|
+
}
|
|
72
|
+
// Split back into title and content
|
|
73
|
+
const separatorIndex = text.indexOf('\n---\n');
|
|
74
|
+
let title;
|
|
75
|
+
let content;
|
|
76
|
+
if (separatorIndex !== -1) {
|
|
77
|
+
title = text.slice(0, separatorIndex);
|
|
78
|
+
content = text.slice(separatorIndex + 5);
|
|
79
|
+
}
|
|
80
|
+
else {
|
|
81
|
+
title = text;
|
|
82
|
+
content = '';
|
|
83
|
+
}
|
|
84
|
+
return {
|
|
85
|
+
status: 'redacted',
|
|
86
|
+
content: createRedactedLessonContent(title, content, {}, REDACTION_PIPELINE_KEY), // context always stripped
|
|
87
|
+
findings: allFindings,
|
|
88
|
+
};
|
|
89
|
+
}
|
|
90
|
+
}
|
|
91
|
+
//# sourceMappingURL=pipeline.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"pipeline.js","sourceRoot":"","sources":["../../../src/lib/redaction/pipeline.ts"],"names":[],"mappings":"AAAA;;GAEG;AAUH,OAAO,EAAE,2BAA2B,EAAE,sBAAsB,EAAE,MAAM,mBAAmB,CAAC;AACxF,OAAO,EAAE,oBAAoB,EAAE,MAAM,6BAA6B,CAAC;AACnE,OAAO,EAAE,iBAAiB,EAAyB,MAAM,0BAA0B,CAAC;AACpF,OAAO,EAAE,qBAAqB,EAAE,MAAM,+BAA+B,CAAC;AACtE,OAAO,EAAE,2BAA2B,EAAE,MAAM,oCAAoC,CAAC;AACjF,OAAO,EAAE,qBAAqB,EAAE,MAAM,8BAA8B,CAAC;AACrE,OAAO,EAAE,gBAAgB,EAAyB,MAAM,yBAAyB,CAAC;AASlF,MAAM,OAAO,iBAAiB;IACpB,MAAM,CAAmB;IAEjC,YACE,SAAkC,EAAE,EACpC,YAA+B;QAE/B,MAAM,aAAa,GAAqB;YACtC,IAAI,oBAAoB,EAAE;YAC1B,IAAI,iBAAiB,CAAC,MAAM,CAAC,gBAAgB,CAAC;YAC9C,IAAI,qBAAqB,CAAC,MAAM,CAAC,qBAAqB,CAAC;YACvD,IAAI,2BAA2B,EAAE;YACjC,IAAI,qBAAqB,EAAE;YAC3B,IAAI,gBAAgB,CAClB,MAAM,CAAC,kBAAkB,IAAI,KAAK,EAClC,MAAM,CAAC,gBAAgB,CACxB;SACF,CAAC;QAEF,IAAI,YAAY,EAAE,CAAC;YACjB,aAAa,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,CAAC;QACtC,CAAC;QAED,IAAI,CAAC,MAAM,GAAG,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC;IAChE,CAAC;IAED,SAAS;QACP,OAAO,IAAI,CAAC,MAAM,CAAC;IACrB,CAAC;IAED;;;;;OAKG;IACH,mBAAmB,CAAC,KAAqB;QACvC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACxB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC;IAChD,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,GAAqB,EAAE,GAAqB;QACxD,2CAA2C;QAC3C,IAAI,IAAI,GAAG,GAAG,GAAG,CAAC,KAAK,UAAU,GAAG,CAAC,OAAO,EAAE,CAAC;QAC/C,MAAM,WAAW,GAAuB,EAAE,CAAC;QAE3C,KAAK,MAAM,KAAK,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;YAChC,IAAI,MAAM,CAAC;YACX,IAAI,CAAC;gBACH,MAAM,GAAG,MAAM,KAAK,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;YAC1C,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,iDAAiD;gBACjD,OAAO;oBACL,MAAM,EAAE,OAAO;oBACf,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;oBAC7D,KAAK,EAAE,KAAK,CAAC,IAA0B;iBACxC,CAAC;YACJ,CAAC;YAED,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;gBACnB,wCAAwC;gBACxC,IAAI,MAAM,CAAC,WAAW,EAAE,UAAU,CAAC,iBAAiB,CAAC,EAAE,CAAC;oBACtD,MAAM,QAAQ,GAAG,MAAM,CAAC,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;oBAClD,OAAO,EAAE,MAAM,EAAE,gBAAgB,EAAE,QAAQ,EAAE,CAAC;gBAChD,CAAC;gBAED,OAAO;oBACL,MAAM,EAAE,SAAS;oBACjB,MAAM,EAAE,MAAM,CAAC,WAAW,IAAI,4BAA4B;oBAC1D,KAAK,EAAE,KAAK,CAAC,IAA0B;iBACxC,CAAC;YACJ,CAAC;YAED,IAAI,GAAG,MAAM,CAAC,MAAM,CAAC;YACrB,WAAW,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,QAAQ,CAAC,CAAC;QACvC,CAAC;QAED,oCAAoC;QACpC,MAAM,cAAc,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QAC/C,IAAI,KAAa,CAAC;QAClB,IAAI,OAAe,CAAC;QAEpB,IAAI,cAAc,KAAK,CAAC,CAAC,EAAE,CAAC;YAC1B,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;YACtC,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,cAAc,GAAG,CAAC,CAAC,CAAC;QAC3C,CAAC;aAAM,CAAC;YACN,KAAK,GAAG,IAAI,CAAC;YACb,OAAO,GAAG,EAAE,CAAC;QACf,CAAC;QAED,OAAO;YACL,MAAM,EAAE,UAAU;YAClB,OAAO,EAAE,2BAA2B,CAAC,KAAK,EAAE,OAAO,EAAE,EAAE,EAAE,sBAAsB,CAAC,EAAE,0BAA0B;YAC5G,QAAQ,EAAE,WAAW;SACtB,CAAC;IACJ,CAAC;CACF"}
|
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Layer 1: Secret Detection (Story 2.1)
|
|
3
|
+
*/
|
|
4
|
+
import type { RedactionLayer, RedactionLayerResult, RedactionContext } from '@agentlensai/core';
|
|
5
|
+
export declare class SecretDetectionLayer implements RedactionLayer {
|
|
6
|
+
readonly name: "secret_detection";
|
|
7
|
+
readonly order = 100;
|
|
8
|
+
process(input: string, _context: RedactionContext): RedactionLayerResult;
|
|
9
|
+
}
|
|
10
|
+
//# sourceMappingURL=secret-detection-layer.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"secret-detection-layer.d.ts","sourceRoot":"","sources":["../../../src/lib/redaction/secret-detection-layer.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EACV,cAAc,EACd,oBAAoB,EACpB,gBAAgB,EAEjB,MAAM,mBAAmB,CAAC;AAG3B,qBAAa,oBAAqB,YAAW,cAAc;IACzD,QAAQ,CAAC,IAAI,EAAG,kBAAkB,CAAU;IAC5C,QAAQ,CAAC,KAAK,OAAO;IAErB,OAAO,CAAC,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,gBAAgB,GAAG,oBAAoB;CAyFzE"}
|
|
@@ -0,0 +1,79 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Layer 1: Secret Detection (Story 2.1)
|
|
3
|
+
*/
|
|
4
|
+
import { ACTIVE_SECRET_PATTERNS, detectHighEntropyStrings } from './secret-patterns.js';
|
|
5
|
+
export class SecretDetectionLayer {
|
|
6
|
+
name = 'secret_detection';
|
|
7
|
+
order = 100;
|
|
8
|
+
process(input, _context) {
|
|
9
|
+
const findings = [];
|
|
10
|
+
let output = input;
|
|
11
|
+
let secretIndex = 0;
|
|
12
|
+
// Collect all matches with their positions (work on original input for offsets)
|
|
13
|
+
const allMatches = [];
|
|
14
|
+
// Regex-based detection
|
|
15
|
+
for (const pattern of ACTIVE_SECRET_PATTERNS) {
|
|
16
|
+
const globalRegex = new RegExp(pattern.regex.source, pattern.regex.flags + (pattern.regex.flags.includes('g') ? '' : 'g'));
|
|
17
|
+
let match;
|
|
18
|
+
while ((match = globalRegex.exec(input)) !== null) {
|
|
19
|
+
allMatches.push({
|
|
20
|
+
start: match.index,
|
|
21
|
+
end: match.index + match[0].length,
|
|
22
|
+
category: pattern.category,
|
|
23
|
+
confidence: pattern.confidence,
|
|
24
|
+
patternName: pattern.name,
|
|
25
|
+
});
|
|
26
|
+
}
|
|
27
|
+
}
|
|
28
|
+
// High-entropy detection
|
|
29
|
+
const entropyMatches = detectHighEntropyStrings(input);
|
|
30
|
+
for (const em of entropyMatches) {
|
|
31
|
+
// Skip if already covered by a regex match
|
|
32
|
+
const alreadyCovered = allMatches.some(m => m.start <= em.start && m.end >= em.end);
|
|
33
|
+
if (!alreadyCovered) {
|
|
34
|
+
allMatches.push({
|
|
35
|
+
start: em.start,
|
|
36
|
+
end: em.end,
|
|
37
|
+
category: 'high_entropy_string',
|
|
38
|
+
confidence: Math.min(0.6 + (em.entropy - 4.5) * 0.1, 0.9),
|
|
39
|
+
patternName: 'entropy_detection',
|
|
40
|
+
});
|
|
41
|
+
}
|
|
42
|
+
}
|
|
43
|
+
// Sort by start position descending to replace from end (preserves offsets)
|
|
44
|
+
allMatches.sort((a, b) => b.start - a.start);
|
|
45
|
+
// Deduplicate overlapping matches (keep highest confidence)
|
|
46
|
+
const deduped = [];
|
|
47
|
+
for (const m of allMatches) {
|
|
48
|
+
const overlaps = deduped.some(d => m.start < d.end && m.end > d.start);
|
|
49
|
+
if (!overlaps) {
|
|
50
|
+
deduped.push(m);
|
|
51
|
+
}
|
|
52
|
+
}
|
|
53
|
+
// Sort ascending for findings reporting, but replace descending
|
|
54
|
+
const sortedForFindings = [...deduped].sort((a, b) => a.start - b.start);
|
|
55
|
+
const replacements = new Map();
|
|
56
|
+
for (const m of sortedForFindings) {
|
|
57
|
+
secretIndex++;
|
|
58
|
+
const replacement = `[SECRET_REDACTED_${secretIndex}]`;
|
|
59
|
+
replacements.set(m, replacement);
|
|
60
|
+
findings.push({
|
|
61
|
+
layer: 'secret_detection',
|
|
62
|
+
category: m.category,
|
|
63
|
+
originalLength: m.end - m.start,
|
|
64
|
+
replacement,
|
|
65
|
+
startOffset: m.start,
|
|
66
|
+
endOffset: m.end,
|
|
67
|
+
confidence: m.confidence,
|
|
68
|
+
});
|
|
69
|
+
}
|
|
70
|
+
// Apply replacements from end to start
|
|
71
|
+
const descending = [...deduped].sort((a, b) => b.start - a.start);
|
|
72
|
+
for (const m of descending) {
|
|
73
|
+
const replacement = replacements.get(m);
|
|
74
|
+
output = output.slice(0, m.start) + replacement + output.slice(m.end);
|
|
75
|
+
}
|
|
76
|
+
return { output, findings, blocked: false };
|
|
77
|
+
}
|
|
78
|
+
}
|
|
79
|
+
//# sourceMappingURL=secret-detection-layer.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"secret-detection-layer.js","sourceRoot":"","sources":["../../../src/lib/redaction/secret-detection-layer.ts"],"names":[],"mappings":"AAAA;;GAEG;AAQH,OAAO,EAAE,sBAAsB,EAAE,wBAAwB,EAAE,MAAM,sBAAsB,CAAC;AAExF,MAAM,OAAO,oBAAoB;IACtB,IAAI,GAAG,kBAA2B,CAAC;IACnC,KAAK,GAAG,GAAG,CAAC;IAErB,OAAO,CAAC,KAAa,EAAE,QAA0B;QAC/C,MAAM,QAAQ,GAAuB,EAAE,CAAC;QACxC,IAAI,MAAM,GAAG,KAAK,CAAC;QACnB,IAAI,WAAW,GAAG,CAAC,CAAC;QAEpB,gFAAgF;QAChF,MAAM,UAAU,GAMX,EAAE,CAAC;QAER,wBAAwB;QACxB,KAAK,MAAM,OAAO,IAAI,sBAAsB,EAAE,CAAC;YAC7C,MAAM,WAAW,GAAG,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,CAAC,KAAK,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;YAC3H,IAAI,KAA6B,CAAC;YAClC,OAAO,CAAC,KAAK,GAAG,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;gBAClD,UAAU,CAAC,IAAI,CAAC;oBACd,KAAK,EAAE,KAAK,CAAC,KAAK;oBAClB,GAAG,EAAE,KAAK,CAAC,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM;oBAClC,QAAQ,EAAE,OAAO,CAAC,QAAQ;oBAC1B,UAAU,EAAE,OAAO,CAAC,UAAU;oBAC9B,WAAW,EAAE,OAAO,CAAC,IAAI;iBAC1B,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,yBAAyB;QACzB,MAAM,cAAc,GAAG,wBAAwB,CAAC,KAAK,CAAC,CAAC;QACvD,KAAK,MAAM,EAAE,IAAI,cAAc,EAAE,CAAC;YAChC,2CAA2C;YAC3C,MAAM,cAAc,GAAG,UAAU,CAAC,IAAI,CACpC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC,KAAK,IAAI,CAAC,CAAC,GAAG,IAAI,EAAE,CAAC,GAAG,CAC5C,CAAC;YACF,IAAI,CAAC,cAAc,EAAE,CAAC;gBACpB,UAAU,CAAC,IAAI,CAAC;oBACd,KAAK,EAAE,EAAE,CAAC,KAAK;oBACf,GAAG,EAAE,EAAE,CAAC,GAAG;oBACX,QAAQ,EAAE,qBAAqB;oBAC/B,UAAU,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC,EAAE,CAAC,OAAO,GAAG,GAAG,CAAC,GAAG,GAAG,EAAE,GAAG,CAAC;oBACzD,WAAW,EAAE,mBAAmB;iBACjC,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,4EAA4E;QAC5E,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC;QAE7C,4DAA4D;QAC5D,MAAM,OAAO,GAAsB,EAAE,CAAC;QACtC,KAAK,MAAM,CAAC,IAAI,UAAU,EAAE,CAAC;YAC3B,MAAM,QAAQ,GAAG,OAAO,CAAC,IAAI,CAC3B,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC,KAAK,CACxC,CAAC;YACF,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACd,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAClB,CAAC;QACH,CAAC;QAED,gEAAgE;QAChE,MAAM,iBAAiB,GAAG,CAAC,GAAG,OAAO,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC;QACzE,MAAM,YAAY,GAAG,IAAI,GAAG,EAAgC,CAAC;QAE7D,KAAK,MAAM,CAAC,IAAI,iBAAiB,EAAE,CAAC;YAClC,WAAW,EAAE,CAAC;YACd,MAAM,WAAW,GAAG,oBAAoB,WAAW,GAAG,CAAC;YACvD,YAAY,CAAC,GAAG,CAAC,CAAC,EAAE,WAAW,CAAC,CAAC;YACjC,QAAQ,CAAC,IAAI,CAAC;gBACZ,KAAK,EAAE,kBAAkB;gBACzB,QAAQ,EAAE,CAAC,CAAC,QAAQ;gBACpB,cAAc,EAAE,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC,KAAK;gBAC/B,WAAW;gBACX,WAAW,EAAE,CAAC,CAAC,KAAK;gBACpB,SAAS,EAAE,CAAC,CAAC,GAAG;gBAChB,UAAU,EAAE,CAAC,CAAC,UAAU;aACzB,CAAC,CAAC;QACL,CAAC;QAED,uCAAuC;QACvC,MAAM,UAAU,GAAG,CAAC,GAAG,OAAO,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC;QAClE,KAAK,MAAM,CAAC,IAAI,UAAU,EAAE,CAAC;YAC3B,MAAM,WAAW,GAAG,YAAY,CAAC,GAAG,CAAC,CAAC,CAAE,CAAC;YACzC,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,WAAW,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;QACxE,CAAC;QAED,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;IAC9C,CAAC;CACF"}
|
|
@@ -0,0 +1,29 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Secret Detection Patterns & Entropy Calculator (Story 2.1, Layer 1)
|
|
3
|
+
*/
|
|
4
|
+
export interface SecretPattern {
|
|
5
|
+
name: string;
|
|
6
|
+
category: string;
|
|
7
|
+
regex: RegExp;
|
|
8
|
+
confidence: number;
|
|
9
|
+
}
|
|
10
|
+
export declare const SECRET_PATTERNS: SecretPattern[];
|
|
11
|
+
export declare const ACTIVE_SECRET_PATTERNS: SecretPattern[];
|
|
12
|
+
/**
|
|
13
|
+
* Shannon entropy of a string (bits per character).
|
|
14
|
+
*/
|
|
15
|
+
export declare function shannonEntropy(s: string): number;
|
|
16
|
+
/**
|
|
17
|
+
* Detect high-entropy strings that may be unknown secrets.
|
|
18
|
+
* Scans with a sliding window approach.
|
|
19
|
+
*/
|
|
20
|
+
export declare function detectHighEntropyStrings(text: string, options?: {
|
|
21
|
+
minLength?: number;
|
|
22
|
+
maxLength?: number;
|
|
23
|
+
entropyThreshold?: number;
|
|
24
|
+
}): Array<{
|
|
25
|
+
start: number;
|
|
26
|
+
end: number;
|
|
27
|
+
entropy: number;
|
|
28
|
+
}>;
|
|
29
|
+
//# sourceMappingURL=secret-patterns.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"secret-patterns.d.ts","sourceRoot":"","sources":["../../../src/lib/redaction/secret-patterns.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,MAAM,WAAW,aAAa;IAC5B,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,eAAO,MAAM,eAAe,EAAE,aAAa,EA0G1C,CAAC;AAGF,eAAO,MAAM,sBAAsB,iBAAmD,CAAC;AAEvF;;GAEG;AACH,wBAAgB,cAAc,CAAC,CAAC,EAAE,MAAM,GAAG,MAAM,CAYhD;AAMD;;;GAGG;AACH,wBAAgB,wBAAwB,CACtC,IAAI,EAAE,MAAM,EACZ,OAAO,GAAE;IAAE,SAAS,CAAC,EAAE,MAAM,CAAC;IAAC,SAAS,CAAC,EAAE,MAAM,CAAC;IAAC,gBAAgB,CAAC,EAAE,MAAM,CAAA;CAAO,GAClF,KAAK,CAAC;IAAE,KAAK,EAAE,MAAM,CAAC;IAAC,GAAG,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,CAAC,CA6BxD"}
|
|
@@ -0,0 +1,133 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Secret Detection Patterns & Entropy Calculator (Story 2.1, Layer 1)
|
|
3
|
+
*/
|
|
4
|
+
export const SECRET_PATTERNS = [
|
|
5
|
+
// ─── OpenAI ─────────────────────────────────────────
|
|
6
|
+
{ name: 'openai_api_key', category: 'api_key', regex: /sk-[a-zA-Z0-9]{20,}/, confidence: 0.95 },
|
|
7
|
+
{ name: 'openai_org', category: 'api_key', regex: /org-[a-zA-Z0-9]{20,}/, confidence: 0.85 },
|
|
8
|
+
// ─── Anthropic ──────────────────────────────────────
|
|
9
|
+
{ name: 'anthropic_api_key', category: 'api_key', regex: /sk-ant-[a-zA-Z0-9\-]{20,}/, confidence: 0.95 },
|
|
10
|
+
// ─── GitHub ─────────────────────────────────────────
|
|
11
|
+
{ name: 'github_pat', category: 'api_key', regex: /ghp_[a-zA-Z0-9]{36}/, confidence: 0.95 },
|
|
12
|
+
{ name: 'github_oauth', category: 'api_key', regex: /gho_[a-zA-Z0-9]{36}/, confidence: 0.95 },
|
|
13
|
+
{ name: 'github_app_token', category: 'api_key', regex: /(?:ghu|ghs|ghr)_[a-zA-Z0-9]{36}/, confidence: 0.95 },
|
|
14
|
+
// ─── AWS ────────────────────────────────────────────
|
|
15
|
+
{ name: 'aws_access_key', category: 'api_key', regex: /AKIA[0-9A-Z]{16}/, confidence: 0.95 },
|
|
16
|
+
{ name: 'aws_secret_key', category: 'api_key', regex: /(?:aws_secret_access_key|AWS_SECRET_ACCESS_KEY)\s*[=:]\s*[A-Za-z0-9/+=]{40}/, confidence: 0.95 },
|
|
17
|
+
// ─── Stripe ─────────────────────────────────────────
|
|
18
|
+
{ name: 'stripe_live_key', category: 'api_key', regex: /sk_live_[a-zA-Z0-9]{20,}/, confidence: 0.95 },
|
|
19
|
+
{ name: 'stripe_test_key', category: 'api_key', regex: /sk_test_[a-zA-Z0-9]{20,}/, confidence: 0.90 },
|
|
20
|
+
{ name: 'stripe_publishable', category: 'api_key', regex: /pk_(?:live|test)_[a-zA-Z0-9]{20,}/, confidence: 0.90 },
|
|
21
|
+
{ name: 'stripe_restricted', category: 'api_key', regex: /rk_(?:live|test)_[a-zA-Z0-9]{20,}/, confidence: 0.90 },
|
|
22
|
+
// ─── Slack ──────────────────────────────────────────
|
|
23
|
+
{ name: 'slack_token', category: 'api_key', regex: /xox[bpras]-[a-zA-Z0-9\-]+/, confidence: 0.95 },
|
|
24
|
+
{ name: 'slack_webhook', category: 'api_key', regex: /https:\/\/hooks\.slack\.com\/services\/T[a-zA-Z0-9_]+\/B[a-zA-Z0-9_]+\/[a-zA-Z0-9_]+/, confidence: 0.95 },
|
|
25
|
+
// ─── Google ─────────────────────────────────────────
|
|
26
|
+
{ name: 'google_api_key', category: 'api_key', regex: /AIza[0-9A-Za-z\-_]{35}/, confidence: 0.90 },
|
|
27
|
+
{ name: 'google_oauth_client', category: 'api_key', regex: /[0-9]+-[a-z0-9_]{32}\.apps\.googleusercontent\.com/, confidence: 0.90 },
|
|
28
|
+
// ─── Azure ──────────────────────────────────────────
|
|
29
|
+
{ name: 'azure_subscription', category: 'api_key', regex: /[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}/, confidence: 0.3 },
|
|
30
|
+
// ─── Twilio ─────────────────────────────────────────
|
|
31
|
+
{ name: 'twilio_api_key', category: 'api_key', regex: /SK[a-f0-9]{32}/, confidence: 0.85 },
|
|
32
|
+
{ name: 'twilio_account_sid', category: 'api_key', regex: /AC[a-f0-9]{32}/, confidence: 0.85 },
|
|
33
|
+
// ─── SendGrid ───────────────────────────────────────
|
|
34
|
+
{ name: 'sendgrid_api_key', category: 'api_key', regex: /SG\.[a-zA-Z0-9_\-]{22}\.[a-zA-Z0-9_\-]{43}/, confidence: 0.95 },
|
|
35
|
+
// ─── Mailgun ────────────────────────────────────────
|
|
36
|
+
{ name: 'mailgun_api_key', category: 'api_key', regex: /key-[a-zA-Z0-9]{32}/, confidence: 0.85 },
|
|
37
|
+
// ─── Heroku ─────────────────────────────────────────
|
|
38
|
+
{ name: 'heroku_api_key', category: 'api_key', regex: /[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}/, confidence: 0.3 },
|
|
39
|
+
// ─── npm ────────────────────────────────────────────
|
|
40
|
+
{ name: 'npm_token', category: 'api_key', regex: /npm_[a-zA-Z0-9]{36}/, confidence: 0.95 },
|
|
41
|
+
// ─── PyPI ───────────────────────────────────────────
|
|
42
|
+
{ name: 'pypi_token', category: 'api_key', regex: /pypi-[a-zA-Z0-9\-_]{50,}/, confidence: 0.95 },
|
|
43
|
+
// ─── Discord ────────────────────────────────────────
|
|
44
|
+
{ name: 'discord_token', category: 'api_key', regex: /[MN][A-Za-z\d]{23,}\.[\w-]{6}\.[\w-]{27,}/, confidence: 0.90 },
|
|
45
|
+
{ name: 'discord_webhook', category: 'api_key', regex: /https:\/\/discord(?:app)?\.com\/api\/webhooks\/\d+\/[\w-]+/, confidence: 0.95 },
|
|
46
|
+
// ─── Telegram ───────────────────────────────────────
|
|
47
|
+
{ name: 'telegram_bot_token', category: 'api_key', regex: /\d{8,10}:[A-Za-z0-9_-]{35}/, confidence: 0.85 },
|
|
48
|
+
// ─── Bearer / Basic Auth ────────────────────────────
|
|
49
|
+
{ name: 'bearer_token', category: 'auth_token', regex: /Bearer\s+[a-zA-Z0-9._~+\/=-]{20,}/, confidence: 0.90 },
|
|
50
|
+
{ name: 'basic_auth', category: 'auth_token', regex: /Basic\s+[a-zA-Z0-9+\/=]{10,}/, confidence: 0.90 },
|
|
51
|
+
// ─── URL with credentials ──────────────────────────
|
|
52
|
+
{ name: 'url_password', category: 'auth_token', regex: /\/\/[^:\/\s]+:[^@\/\s]+@[^\/\s]+/, confidence: 0.95 },
|
|
53
|
+
// ─── Private Keys ──────────────────────────────────
|
|
54
|
+
{ name: 'private_key', category: 'private_key', regex: /-----BEGIN\s+(?:RSA\s+|EC\s+|DSA\s+|OPENSSH\s+)?PRIVATE KEY-----/, confidence: 0.99 },
|
|
55
|
+
// ─── Connection Strings ─────────────────────────────
|
|
56
|
+
{ name: 'connection_string', category: 'connection_string', regex: /(?:mongodb(?:\+srv)?|postgres(?:ql)?|mysql|redis|amqp|mssql):\/\/[^\s]+/, confidence: 0.90 },
|
|
57
|
+
// ─── JWT ────────────────────────────────────────────
|
|
58
|
+
{ name: 'jwt', category: 'auth_token', regex: /eyJ[a-zA-Z0-9_-]{10,}\.eyJ[a-zA-Z0-9_-]{10,}\.[a-zA-Z0-9_-]{10,}/, confidence: 0.85 },
|
|
59
|
+
// ─── HashiCorp Vault ────────────────────────────────
|
|
60
|
+
{ name: 'vault_token', category: 'api_key', regex: /hvs\.[a-zA-Z0-9_-]{24,}/, confidence: 0.90 },
|
|
61
|
+
// ─── Datadog ────────────────────────────────────────
|
|
62
|
+
{ name: 'datadog_api_key', category: 'api_key', regex: /dd[a-f0-9]{40}/, confidence: 0.80 },
|
|
63
|
+
// ─── Supabase ───────────────────────────────────────
|
|
64
|
+
{ name: 'supabase_key', category: 'api_key', regex: /sbp_[a-f0-9]{40}/, confidence: 0.90 },
|
|
65
|
+
// ─── Vercel ─────────────────────────────────────────
|
|
66
|
+
{ name: 'vercel_token', category: 'api_key', regex: /vercel_[a-zA-Z0-9]{24,}/, confidence: 0.90 },
|
|
67
|
+
// ─── Linear ─────────────────────────────────────────
|
|
68
|
+
{ name: 'linear_api_key', category: 'api_key', regex: /lin_api_[a-zA-Z0-9]{40,}/, confidence: 0.90 },
|
|
69
|
+
// ─── Shopify ────────────────────────────────────────
|
|
70
|
+
{ name: 'shopify_token', category: 'api_key', regex: /shpat_[a-fA-F0-9]{32}/, confidence: 0.90 },
|
|
71
|
+
{ name: 'shopify_secret', category: 'api_key', regex: /shpss_[a-fA-F0-9]{32}/, confidence: 0.90 },
|
|
72
|
+
// ─── Cloudflare ─────────────────────────────────────
|
|
73
|
+
{ name: 'cloudflare_api_token', category: 'api_key', regex: /[a-zA-Z0-9_]{40}/, confidence: 0.2 }, // low confidence - too generic alone
|
|
74
|
+
// ─── Generic password assignment ────────────────────
|
|
75
|
+
{ name: 'password_assignment', category: 'password', regex: /(?:password|passwd|pwd|secret|token|api_key|apikey)['"]?\s*[=:]\s*['"]?[^\s'"<>]{8,}['"]?/i, confidence: 0.80 },
|
|
76
|
+
// XML-style password: <password>value</password>
|
|
77
|
+
{ name: 'xml_password', category: 'password', regex: /<(?:password|secret|token|api[_-]?key)>([^<]{8,})<\//i, confidence: 0.80 },
|
|
78
|
+
// SQL PASSWORD keyword: PASSWORD 'value'
|
|
79
|
+
{ name: 'sql_password', category: 'password', regex: /PASSWORD\s+['"]([^'"]{8,})['"]/i, confidence: 0.80 },
|
|
80
|
+
];
|
|
81
|
+
// Only use patterns with confidence >= threshold (skip very generic ones)
|
|
82
|
+
export const ACTIVE_SECRET_PATTERNS = SECRET_PATTERNS.filter(p => p.confidence >= 0.5);
|
|
83
|
+
/**
|
|
84
|
+
* Shannon entropy of a string (bits per character).
|
|
85
|
+
*/
|
|
86
|
+
export function shannonEntropy(s) {
|
|
87
|
+
if (s.length === 0)
|
|
88
|
+
return 0;
|
|
89
|
+
const freq = new Map();
|
|
90
|
+
for (const c of s) {
|
|
91
|
+
freq.set(c, (freq.get(c) ?? 0) + 1);
|
|
92
|
+
}
|
|
93
|
+
let entropy = 0;
|
|
94
|
+
for (const count of freq.values()) {
|
|
95
|
+
const p = count / s.length;
|
|
96
|
+
entropy -= p * Math.log2(p);
|
|
97
|
+
}
|
|
98
|
+
return entropy;
|
|
99
|
+
}
|
|
100
|
+
// Hex and base64 character sets for entropy detection
|
|
101
|
+
const HEX_RE = /^[a-fA-F0-9]+$/;
|
|
102
|
+
const BASE64_RE = /^[a-zA-Z0-9+\/=_-]+$/;
|
|
103
|
+
/**
|
|
104
|
+
* Detect high-entropy strings that may be unknown secrets.
|
|
105
|
+
* Scans with a sliding window approach.
|
|
106
|
+
*/
|
|
107
|
+
export function detectHighEntropyStrings(text, options = {}) {
|
|
108
|
+
const minLen = options.minLength ?? 20;
|
|
109
|
+
const maxLen = options.maxLength ?? 128;
|
|
110
|
+
const threshold = options.entropyThreshold ?? 4.5;
|
|
111
|
+
const results = [];
|
|
112
|
+
// Find candidate tokens (non-whitespace sequences)
|
|
113
|
+
const tokenRegex = /[^\s,;:(){}\[\]<>"'`]+/g;
|
|
114
|
+
let match;
|
|
115
|
+
while ((match = tokenRegex.exec(text)) !== null) {
|
|
116
|
+
const token = match[0];
|
|
117
|
+
if (token.length < minLen || token.length > maxLen)
|
|
118
|
+
continue;
|
|
119
|
+
// Only consider hex-like or base64-like strings
|
|
120
|
+
if (!HEX_RE.test(token) && !BASE64_RE.test(token))
|
|
121
|
+
continue;
|
|
122
|
+
const entropy = shannonEntropy(token);
|
|
123
|
+
if (entropy >= threshold) {
|
|
124
|
+
results.push({
|
|
125
|
+
start: match.index,
|
|
126
|
+
end: match.index + token.length,
|
|
127
|
+
entropy,
|
|
128
|
+
});
|
|
129
|
+
}
|
|
130
|
+
}
|
|
131
|
+
return results;
|
|
132
|
+
}
|
|
133
|
+
//# sourceMappingURL=secret-patterns.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"secret-patterns.js","sourceRoot":"","sources":["../../../src/lib/redaction/secret-patterns.ts"],"names":[],"mappings":"AAAA;;GAEG;AASH,MAAM,CAAC,MAAM,eAAe,GAAoB;IAC9C,uDAAuD;IACvD,EAAE,IAAI,EAAE,gBAAgB,EAAE,QAAQ,EAAE,SAAS,EAAE,KAAK,EAAE,qBAAqB,EAAE,UAAU,EAAE,IAAI,EAAE;IAC/F,EAAE,IAAI,EAAE,YAAY,EAAE,QAAQ,EAAE,SAAS,EAAE,KAAK,EAAE,sBAAsB,EAAE,UAAU,EAAE,IAAI,EAAE;IAE5F,uDAAuD;IACvD,EAAE,IAAI,EAAE,mBAAmB,EAAE,QAAQ,EAAE,SAAS,EAAE,KAAK,EAAE,2BAA2B,EAAE,UAAU,EAAE,IAAI,EAAE;IAExG,uDAAuD;IACvD,EAAE,IAAI,EAAE,YAAY,EAAE,QAAQ,EAAE,SAAS,EAAE,KAAK,EAAE,qBAAqB,EAAE,UAAU,EAAE,IAAI,EAAE;IAC3F,EAAE,IAAI,EAAE,cAAc,EAAE,QAAQ,EAAE,SAAS,EAAE,KAAK,EAAE,qBAAqB,EAAE,UAAU,EAAE,IAAI,EAAE;IAC7F,EAAE,IAAI,EAAE,kBAAkB,EAAE,QAAQ,EAAE,SAAS,EAAE,KAAK,EAAE,iCAAiC,EAAE,UAAU,EAAE,IAAI,EAAE;IAE7G,uDAAuD;IACvD,EAAE,IAAI,EAAE,gBAAgB,EAAE,QAAQ,EAAE,SAAS,EAAE,KAAK,EAAE,kBAAkB,EAAE,UAAU,EAAE,IAAI,EAAE;IAC5F,EAAE,IAAI,EAAE,gBAAgB,EAAE,QAAQ,EAAE,SAAS,EAAE,KAAK,EAAE,6EAA6E,EAAE,UAAU,EAAE,IAAI,EAAE;IAEvJ,uDAAuD;IACvD,EAAE,IAAI,EAAE,iBAAiB,EAAE,QAAQ,EAAE,SAAS,EAAE,KAAK,EAAE,0BAA0B,EAAE,UAAU,EAAE,IAAI,EAAE;IACrG,EAAE,IAAI,EAAE,iBAAiB,EAAE,QAAQ,EAAE,SAAS,EAAE,KAAK,EAAE,0BAA0B,EAAE,UAAU,EAAE,IAAI,EAAE;IACrG,EAAE,IAAI,EAAE,oBAAoB,EAAE,QAAQ,EAAE,SAAS,EAAE,KAAK,EAAE,mCAAmC,EAAE,UAAU,EAAE,IAAI,EAAE;IACjH,EAAE,IAAI,EAAE,mBAAmB,EAAE,QAAQ,EAAE,SAAS,EAAE,KAAK,EAAE,mCAAmC,EAAE,UAAU,EAAE,IAAI,EAAE;IAEhH,uDAAuD;IACvD,EAAE,IAAI,EAAE,aAAa,EAAE,QAAQ,EAAE,SAAS,EAAE,KAAK,EAAE,2BAA2B,EAAE,UAAU,EAAE,IAAI,EAAE;IAClG,EAAE,IAAI,EAAE,eAAe,EAAE,QAAQ,EAAE,SAAS,EAAE,KAAK,EAAE,sFAAsF,EAAE,UAAU,EAAE,IAAI,EAAE;IAE/J,uDAAuD;IACvD,EAAE,IAAI,EAAE,gBAAgB,EAAE,QAAQ,EAAE,SAAS,EAAE,KAAK,EAAE,wBAAwB,EAAE,UAAU,EAAE,IAAI,EAAE;IAClG,EAAE,IAAI,EAAE,qBAAqB,EAAE,QAAQ,EAAE,SAAS,EAAE,KAAK,EAAE,oDAAoD,EAAE,UAAU,EAAE,IAAI,EAAE;IAEnI,uDAAuD;IACvD,EAAE,IAAI,EAAE,oBAAoB,EAAE,QAAQ,EAAE,SAAS,EAAE,KAAK,EAAE,8DAA8D,EAAE,UAAU,EAAE,GAAG,EAAE;IAE3I,uDAAuD;IACvD,EAAE,IAAI,EAAE,gBAAgB,EAAE,QAAQ,EAAE,SAAS,EAAE,KAAK,EAAE,gBAAgB,EAAE,UAAU,EAAE,IAAI,EAAE;IAC1F,EAAE,IAAI,EAAE,oBAAoB,EAAE,QAAQ,EAAE,SAAS,EAAE,KAAK,EAAE,gBAAgB,EAAE,UAAU,EAAE,IAAI,EAAE;IAE9F,uDAAuD;IACvD,EAAE,IAAI,EAAE,kBAAkB,EAAE,QAAQ,EAAE,SAAS,EAAE,KAAK,EAAE,4CAA4C,EAAE,UAAU,EAAE,IAAI,EAAE;IAExH,uDAAuD;IACvD,EAAE,IAAI,EAAE,iBAAiB,EAAE,QAAQ,EAAE,SAAS,EAAE,KAAK,EAAE,qBAAqB,EAAE,UAAU,EAAE,IAAI,EAAE;IAEhG,uDAAuD;IACvD,EAAE,IAAI,EAAE,gBAAgB,EAAE,QAAQ,EAAE,SAAS,EAAE,KAAK,EAAE,8DAA8D,EAAE,UAAU,EAAE,GAAG,EAAE;IAEvI,uDAAuD;IACvD,EAAE,IAAI,EAAE,WAAW,EAAE,QAAQ,EAAE,SAAS,EAAE,KAAK,EAAE,qBAAqB,EAAE,UAAU,EAAE,IAAI,EAAE;IAE1F,uDAAuD;IACvD,EAAE,IAAI,EAAE,YAAY,EAAE,QAAQ,EAAE,SAAS,EAAE,KAAK,EAAE,0BAA0B,EAAE,UAAU,EAAE,IAAI,EAAE;IAEhG,uDAAuD;IACvD,EAAE,IAAI,EAAE,eAAe,EAAE,QAAQ,EAAE,SAAS,EAAE,KAAK,EAAE,2CAA2C,EAAE,UAAU,EAAE,IAAI,EAAE;IACpH,EAAE,IAAI,EAAE,iBAAiB,EAAE,QAAQ,EAAE,SAAS,EAAE,KAAK,EAAE,4DAA4D,EAAE,UAAU,EAAE,IAAI,EAAE;IAEvI,uDAAuD;IACvD,EAAE,IAAI,EAAE,oBAAoB,EAAE,QAAQ,EAAE,SAAS,EAAE,KAAK,EAAE,4BAA4B,EAAE,UAAU,EAAE,IAAI,EAAE;IAE1G,uDAAuD;IACvD,EAAE,IAAI,EAAE,cAAc,EAAE,QAAQ,EAAE,YAAY,EAAE,KAAK,EAAE,mCAAmC,EAAE,UAAU,EAAE,IAAI,EAAE;IAC9G,EAAE,IAAI,EAAE,YAAY,EAAE,QAAQ,EAAE,YAAY,EAAE,KAAK,EAAE,8BAA8B,EAAE,UAAU,EAAE,IAAI,EAAE;IAEvG,sDAAsD;IACtD,EAAE,IAAI,EAAE,cAAc,EAAE,QAAQ,EAAE,YAAY,EAAE,KAAK,EAAE,kCAAkC,EAAE,UAAU,EAAE,IAAI,EAAE;IAE7G,sDAAsD;IACtD,EAAE,IAAI,EAAE,aAAa,EAAE,QAAQ,EAAE,aAAa,EAAE,KAAK,EAAE,kEAAkE,EAAE,UAAU,EAAE,IAAI,EAAE;IAE7I,uDAAuD;IACvD,EAAE,IAAI,EAAE,mBAAmB,EAAE,QAAQ,EAAE,mBAAmB,EAAE,KAAK,EAAE,yEAAyE,EAAE,UAAU,EAAE,IAAI,EAAE;IAEhK,uDAAuD;IACvD,EAAE,IAAI,EAAE,KAAK,EAAE,QAAQ,EAAE,YAAY,EAAE,KAAK,EAAE,kEAAkE,EAAE,UAAU,EAAE,IAAI,EAAE;IAEpI,uDAAuD;IACvD,EAAE,IAAI,EAAE,aAAa,EAAE,QAAQ,EAAE,SAAS,EAAE,KAAK,EAAE,yBAAyB,EAAE,UAAU,EAAE,IAAI,EAAE;IAEhG,uDAAuD;IACvD,EAAE,IAAI,EAAE,iBAAiB,EAAE,QAAQ,EAAE,SAAS,EAAE,KAAK,EAAE,gBAAgB,EAAE,UAAU,EAAE,IAAI,EAAE;IAE3F,uDAAuD;IACvD,EAAE,IAAI,EAAE,cAAc,EAAE,QAAQ,EAAE,SAAS,EAAE,KAAK,EAAE,kBAAkB,EAAE,UAAU,EAAE,IAAI,EAAE;IAE1F,uDAAuD;IACvD,EAAE,IAAI,EAAE,cAAc,EAAE,QAAQ,EAAE,SAAS,EAAE,KAAK,EAAE,yBAAyB,EAAE,UAAU,EAAE,IAAI,EAAE;IAEjG,uDAAuD;IACvD,EAAE,IAAI,EAAE,gBAAgB,EAAE,QAAQ,EAAE,SAAS,EAAE,KAAK,EAAE,0BAA0B,EAAE,UAAU,EAAE,IAAI,EAAE;IAEpG,uDAAuD;IACvD,EAAE,IAAI,EAAE,eAAe,EAAE,QAAQ,EAAE,SAAS,EAAE,KAAK,EAAE,uBAAuB,EAAE,UAAU,EAAE,IAAI,EAAE;IAChG,EAAE,IAAI,EAAE,gBAAgB,EAAE,QAAQ,EAAE,SAAS,EAAE,KAAK,EAAE,uBAAuB,EAAE,UAAU,EAAE,IAAI,EAAE;IAEjG,uDAAuD;IACvD,EAAE,IAAI,EAAE,sBAAsB,EAAE,QAAQ,EAAE,SAAS,EAAE,KAAK,EAAE,kBAAkB,EAAE,UAAU,EAAE,GAAG,EAAE,EAAE,qCAAqC;IAExI,uDAAuD;IACvD,EAAE,IAAI,EAAE,qBAAqB,EAAE,QAAQ,EAAE,UAAU,EAAE,KAAK,EAAE,4FAA4F,EAAE,UAAU,EAAE,IAAI,EAAE;IAE5K,iDAAiD;IACjD,EAAE,IAAI,EAAE,cAAc,EAAE,QAAQ,EAAE,UAAU,EAAE,KAAK,EAAE,uDAAuD,EAAE,UAAU,EAAE,IAAI,EAAE;IAEhI,yCAAyC;IACzC,EAAE,IAAI,EAAE,cAAc,EAAE,QAAQ,EAAE,UAAU,EAAE,KAAK,EAAE,iCAAiC,EAAE,UAAU,EAAE,IAAI,EAAE;CAC3G,CAAC;AAEF,0EAA0E;AAC1E,MAAM,CAAC,MAAM,sBAAsB,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,UAAU,IAAI,GAAG,CAAC,CAAC;AAEvF;;GAEG;AACH,MAAM,UAAU,cAAc,CAAC,CAAS;IACtC,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,CAAC,CAAC;IAC7B,MAAM,IAAI,GAAG,IAAI,GAAG,EAAkB,CAAC;IACvC,KAAK,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;QAClB,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;IACtC,CAAC;IACD,IAAI,OAAO,GAAG,CAAC,CAAC;IAChB,KAAK,MAAM,KAAK,IAAI,IAAI,CAAC,MAAM,EAAE,EAAE,CAAC;QAClC,MAAM,CAAC,GAAG,KAAK,GAAG,CAAC,CAAC,MAAM,CAAC;QAC3B,OAAO,IAAI,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAC9B,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,sDAAsD;AACtD,MAAM,MAAM,GAAG,gBAAgB,CAAC;AAChC,MAAM,SAAS,GAAG,sBAAsB,CAAC;AAEzC;;;GAGG;AACH,MAAM,UAAU,wBAAwB,CACtC,IAAY,EACZ,UAAiF,EAAE;IAEnF,MAAM,MAAM,GAAG,OAAO,CAAC,SAAS,IAAI,EAAE,CAAC;IACvC,MAAM,MAAM,GAAG,OAAO,CAAC,SAAS,IAAI,GAAG,CAAC;IACxC,MAAM,SAAS,GAAG,OAAO,CAAC,gBAAgB,IAAI,GAAG,CAAC;IAElD,MAAM,OAAO,GAA2D,EAAE,CAAC;IAE3E,mDAAmD;IACnD,MAAM,UAAU,GAAG,yBAAyB,CAAC;IAC7C,IAAI,KAA6B,CAAC;IAElC,OAAO,CAAC,KAAK,GAAG,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QAChD,MAAM,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QACvB,IAAI,KAAK,CAAC,MAAM,GAAG,MAAM,IAAI,KAAK,CAAC,MAAM,GAAG,MAAM;YAAE,SAAS;QAE7D,gDAAgD;QAChD,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC;YAAE,SAAS;QAE5D,MAAM,OAAO,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC;QACtC,IAAI,OAAO,IAAI,SAAS,EAAE,CAAC;YACzB,OAAO,CAAC,IAAI,CAAC;gBACX,KAAK,EAAE,KAAK,CAAC,KAAK;gBAClB,GAAG,EAAE,KAAK,CAAC,KAAK,GAAG,KAAK,CAAC,MAAM;gBAC/B,OAAO;aACR,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC"}
|
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Layer 5: Semantic Deny List (Story 2.2)
|
|
3
|
+
*/
|
|
4
|
+
import type { RedactionLayer, RedactionLayerResult, RedactionContext } from '@agentlensai/core';
|
|
5
|
+
export declare class SemanticDenyListLayer implements RedactionLayer {
|
|
6
|
+
readonly name: "semantic_denylist";
|
|
7
|
+
readonly order = 500;
|
|
8
|
+
process(input: string, context: RedactionContext): RedactionLayerResult;
|
|
9
|
+
}
|
|
10
|
+
//# sourceMappingURL=semantic-denylist-layer.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"semantic-denylist-layer.d.ts","sourceRoot":"","sources":["../../../src/lib/redaction/semantic-denylist-layer.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EACV,cAAc,EACd,oBAAoB,EACpB,gBAAgB,EAEjB,MAAM,mBAAmB,CAAC;AAE3B,qBAAa,qBAAsB,YAAW,cAAc;IAC1D,QAAQ,CAAC,IAAI,EAAG,mBAAmB,CAAU;IAC7C,QAAQ,CAAC,KAAK,OAAO;IAErB,OAAO,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,gBAAgB,GAAG,oBAAoB;CA2DxE"}
|