@ai-pip/core 0.1.0

package/src/csl/utils.ts

@@ -0,0 +1,30 @@
+/**
+ * Utility functions for CSL - funciones puras
+ */
+
+/**
+ * Generates a unique ID for a segment
+ */
+export function generateId(): string {
+  return `seg-${Date.now()}-${Math.random().toString(36).substring(2, 9)}`
+}
+
+/**
+ * Splits content by context rules - función pura de segmentación
+ * 
+ * @remarks
+ * Segmentación básica por líneas. Sin normalización agresiva
+ * (la normalización va a ISL).
+ */
+export function splitByContextRules(content: string): string[] {
+  if (content.length === 0) {
+    return []
+  }
+  
+  // Segmentación básica por líneas
+  return content
+    .split(/\n+/)
+    .map(line => line.trim())
+    .filter(line => line.length > 0)
+}
+

package/src/csl/value-objects/ContentHash.ts

@@ -0,0 +1,48 @@
+import type { HashAlgorithm } from '../types'
+
+/**
+ * ContentHash - tipo puro
+ */
+export type ContentHash = {
+  readonly value: string
+  readonly algorithm: HashAlgorithm
+}
+
+/**
+ * Crea un ContentHash - función pura
+ */
+export function createContentHash(value: string, algorithm: HashAlgorithm = 'sha256'): ContentHash {
+  if (!value || typeof value !== 'string') {
+    throw new Error('ContentHash value must be a non-empty string')
+  }
+
+  if (!['sha256', 'sha512'].includes(algorithm)) {
+    throw new Error(`Invalid HashAlgorithm: ${algorithm}. Must be 'sha256' or 'sha512'`)
+  }
+
+  const hexPattern = /^[a-f0-9]+$/i
+  if (!hexPattern.test(value)) {
+    throw new Error('ContentHash value must be a valid hexadecimal string')
+  }
+
+  const expectedLength = algorithm === 'sha256' ? 64 : 128
+  if (value.length !== expectedLength) {
+    throw new Error(`ContentHash value length must be ${expectedLength} characters for ${algorithm}`)
+  }
+
+  return {
+    value: value.toLowerCase(),
+    algorithm
+  }
+}
+
+/**
+ * Funciones puras para ContentHash
+ */
+export function isSha256(hash: ContentHash): boolean {
+  return hash.algorithm === 'sha256'
+}
+
+export function isSha512(hash: ContentHash): boolean {
+  return hash.algorithm === 'sha512'
+}

package/src/csl/value-objects/LineageEntry.ts

@@ -0,0 +1,33 @@
+/**
+ * LineageEntry - tipo puro
+ * 
+ * @remarks
+ * El core semántico solo preserva linaje estructural.
+ * Notes libres son para observabilidad (SDK), no core.
+ */
+export type LineageEntry = {
+  readonly step: string
+  readonly timestamp: number
+}
+
+/**
+ * Crea un LineageEntry - función pura
+ * 
+ * @remarks
+ * El core solo registra step y timestamp.
+ * Notes y metadata van en el SDK para observabilidad.
+ */
+export function createLineageEntry(step: string, timestamp: number): LineageEntry {
+  if (!step || typeof step !== 'string' || step.trim().length === 0) {
+    throw new Error('LineageEntry step must be a non-empty string')
+  }
+
+  if (typeof timestamp !== 'number' || timestamp < 0 || !Number.isFinite(timestamp)) {
+    throw new Error('LineageEntry timestamp must be a valid positive number')
+  }
+
+  return {
+    step: step.trim(),
+    timestamp
+  }
+}

package/src/csl/value-objects/Origin-map.ts

@@ -0,0 +1,51 @@
+import { OriginType, TrustLevelType } from '../types'
+
+/**
+ * originMap is the deterministic mapping from OriginType to TrustLevelType.
+ * 
+ * @remarks
+ * This map defines the **deterministic classification rules** for content segments.
+ * The mapping is based solely on the origin type, not on content analysis.
+ * 
+ * **Key Principles:**
+ * - 100% deterministic: same origin → same trust level, always
+ * - No heuristics or content analysis
+ * - All OriginType values must be present in this map
+ */
+export const originMap = new Map<OriginType, TrustLevelType>([
+  // User origins - always untrusted (security by default)
+  [OriginType.USER, TrustLevelType.UC],
+  
+  // DOM origins - trust based on visibility
+  [OriginType.DOM_VISIBLE, TrustLevelType.STC],
+  [OriginType.DOM_HIDDEN, TrustLevelType.UC],
+  [OriginType.DOM_ATTRIBUTE, TrustLevelType.STC],
+  
+  // External origins - always untrusted
+  [OriginType.SCRIPT_INJECTED, TrustLevelType.UC],
+  [OriginType.NETWORK_FETCHED, TrustLevelType.UC],
+  
+  // System origins - trusted (system controls)
+  [OriginType.SYSTEM_GENERATED, TrustLevelType.TC],
+  
+  // Unknown - untrusted by default (fail-secure)
+  [OriginType.UNKNOWN, TrustLevelType.UC],
+])
+
+/**
+ * Validates that all OriginType values are mapped in originMap.
+ * 
+ * @throws {Error} If any OriginType is not present in originMap
+ */
+export function validateOriginMap(): void {
+  const allOriginTypes = Object.values(OriginType)
+  const missingTypes = allOriginTypes.filter(type => !originMap.has(type))
+  
+  if (missingTypes.length > 0) {
+    throw new Error(
+      `Missing origin mappings: ${missingTypes.join(', ')}. ` +
+      `All OriginType values must be mapped in originMap.`
+    )
+  }
+}
+

package/src/csl/value-objects/Origin.ts

@@ -0,0 +1,52 @@
+import { OriginType } from '../types'
+
+/**
+ * Origin - tipo puro
+ */
+export type Origin = {
+  readonly type: OriginType
+}
+
+/**
+ * Crea un Origin - función pura
+ */
+export function createOrigin(type: OriginType): Origin {
+  if (!Object.values(OriginType).includes(type)) {
+    throw new Error(`Invalid Origin type: ${type}`)
+  }
+  return { type }
+}
+
+/**
+ * Funciones puras para Origin
+ */
+export function isDom(origin: Origin): boolean {
+  return origin.type === OriginType.DOM_HIDDEN ||
+         origin.type === OriginType.DOM_VISIBLE ||
+         origin.type === OriginType.DOM_ATTRIBUTE
+}
+
+export function isUser(origin: Origin): boolean {
+  return origin.type === OriginType.USER
+}
+
+export function isSystem(origin: Origin): boolean {
+  return origin.type === OriginType.SYSTEM_GENERATED
+}
+
+export function isInjected(origin: Origin): boolean {
+  return origin.type === OriginType.SCRIPT_INJECTED
+}
+
+export function isUnknown(origin: Origin): boolean {
+  return origin.type === OriginType.UNKNOWN
+}
+
+export function isNetworkFetched(origin: Origin): boolean {
+  return origin.type === OriginType.NETWORK_FETCHED
+}
+
+export function isExternal(origin: Origin): boolean {
+  return origin.type === OriginType.NETWORK_FETCHED ||
+         origin.type === OriginType.SCRIPT_INJECTED
+}

package/src/csl/value-objects/TrustLevel.ts

@@ -0,0 +1,33 @@
+import { TrustLevelType } from '../types'
+
+/**
+ * TrustLevel - tipo puro
+ */
+export type TrustLevel = {
+  readonly value: TrustLevelType
+}
+
+/**
+ * Crea un TrustLevel - función pura
+ */
+export function createTrustLevel(value: TrustLevelType): TrustLevel {
+  if (!Object.values(TrustLevelType).includes(value)) {
+    throw new Error(`Invalid TrustLevel: ${value}`)
+  }
+  return { value }
+}
+
+/**
+ * Funciones puras para TrustLevel
+ */
+export function isTrusted(trust: TrustLevel): boolean {
+  return trust.value === TrustLevelType.TC
+}
+
+export function isSemiTrusted(trust: TrustLevel): boolean {
+  return trust.value === TrustLevelType.STC
+}
+
+export function isUntrusted(trust: TrustLevel): boolean {
+  return trust.value === TrustLevelType.UC
+}

package/src/csl/value-objects/index.ts

@@ -0,0 +1,14 @@
+// Tipos
+export type { TrustLevel } from './TrustLevel'
+export type { Origin } from './Origin'
+export type { LineageEntry } from './LineageEntry'
+export type { ContentHash } from './ContentHash'
+
+// Funciones de creación
+export { createTrustLevel, isTrusted, isSemiTrusted, isUntrusted } from './TrustLevel'
+export { createOrigin, isDom, isUser, isSystem, isInjected, isUnknown, isNetworkFetched, isExternal } from './Origin'
+export { createLineageEntry } from './LineageEntry'
+export { createContentHash, isSha256, isSha512 } from './ContentHash'
+
+// Origin-map
+export { originMap, validateOriginMap } from './Origin-map'

package/src/index.ts

@@ -0,0 +1,18 @@
+/**
+ * @ai-pip/core - Core implementation of the AI-PIP protocol
+ * 
+ * @remarks
+ * Main entry point that re-exports all layers (CSL, ISL, Shared)
+ * 
+ * You can also import specific layers:
+ * - import { segment } from '@ai-pip/core/csl'
+ * - import { sanitize } from '@ai-pip/core/isl'
+ * - import { addLineageEntry } from '@ai-pip/core/shared'
+ * - import { envelope } from '@ai-pip/core/cpe'
+ */
+
+// Re-export all layers
+export * from './csl'
+export * from './isl'
+export * from './shared'
+export * from './cpe'

package/src/isl/exceptions/SanitizationError.ts

@@ -0,0 +1,14 @@
+/**
+ * SanitizationError is thrown when sanitization fails.
+ */
+export class SanitizationError extends Error {
+  constructor(
+    message: string,
+    public readonly cause?: unknown
+  ) {
+    super(message)
+    this.name = 'SanitizationError'
+    Object.setPrototypeOf(this, SanitizationError.prototype)
+  }
+}
+

package/src/isl/exceptions/index.ts

@@ -0,0 +1,2 @@
+export * from './SanitizationError'
+

package/src/isl/index.ts

@@ -0,0 +1,20 @@
+/**
+ * ISL (Instruction Sanitization Layer) - Core Semántico
+ * 
+ * @remarks
+ * ISL sanitiza instrucciones maliciosas recibidas de CSL,
+ * aplicando diferentes niveles de sanitización según el nivel de confianza.
+ */
+
+// Funciones puras principales
+export { sanitize } from './sanitize'
+
+// Value objects
+export * from './value-objects'
+
+// Exceptions
+export * from './exceptions'
+
+// Types
+export * from './types'
+

package/src/isl/sanitize.ts

@@ -0,0 +1,93 @@
+import type { CSLResult } from '@/csl/types'
+import type { ISLResult, ISLSegment, RemovedInstruction } from './types'
+import { createLineageEntry } from '@/csl/value-objects'
+import { addLineageEntry } from '@/shared/lineage'
+import type { TrustLevel } from '@/csl/value-objects'
+import { TrustLevelType } from '@/csl/types'
+
+/**
+ * Sanitiza contenido según nivel de confianza - función pura
+ * 
+ * @remarks
+ * ISL aplica sanitización diferenciada según el trust level:
+ * - TC: Sanitización mínima
+ * - STC: Sanitización moderada
+ * - UC: Sanitización agresiva
+ */
+export function sanitize(cslResult: CSLResult): ISLResult {
+  const segments: ISLSegment[] = []
+  let allLineage: typeof cslResult.lineage = [...cslResult.lineage]
+  const blockedCount = 0
+  let instructionsRemovedCount = 0
+
+  for (const cslSegment of cslResult.segments) {
+    // Determinar nivel de sanitización según trust level
+    const sanitizationLevel = getSanitizationLevel(cslSegment.trust)
+
+    // Sanitizar contenido según nivel
+    const sanitized = sanitizeContent(
+      cslSegment.content,
+      sanitizationLevel
+    )
+
+    // Detectar instrucciones removidas (esto se implementará con detección de PI)
+    const removedInstructions: RemovedInstruction[] = []
+
+    // Crear segmento sanitizado
+    const islSegment: ISLSegment = {
+      id: cslSegment.id,
+      originalContent: cslSegment.content,  // ✅ Preservar original
+      sanitizedContent: sanitized.content,
+      trust: cslSegment.trust,
+      lineage: addLineageEntry(
+        cslSegment.lineage,
+        createLineageEntry('ISL', Date.now())
+      ),
+      instructionsRemoved: removedInstructions,
+      sanitizationLevel
+    }
+
+    segments.push(islSegment)
+    const lastLineageEntry = islSegment.lineage.at(-1)
+    if (lastLineageEntry) {
+      allLineage = addLineageEntry(allLineage, lastLineageEntry)
+    }
+    instructionsRemovedCount += removedInstructions.length
+  }
+
+  return {
+    segments: Object.freeze(segments),
+    lineage: Object.freeze(allLineage),
+    metadata: {
+      totalSegments: segments.length,
+      sanitizedSegments: segments.length,
+      blockedSegments: blockedCount,
+      instructionsRemoved: instructionsRemovedCount
+    }
+  }
+}
+
+/**
+ * Determina nivel de sanitización según trust level - función pura
+ */
+function getSanitizationLevel(trust: TrustLevel): 'minimal' | 'moderate' | 'aggressive' {
+  if (trust.value === TrustLevelType.TC) return 'minimal'
+  if (trust.value === TrustLevelType.STC) return 'moderate'
+  return 'aggressive'  // UC
+}
+
+/**
+ * Sanitiza contenido según nivel - función pura
+ */
+function sanitizeContent(
+  content: string,
+  _level: 'minimal' | 'moderate' | 'aggressive'
+): { content: string; removed: RemovedInstruction[] } {
+  // Por ahora retorna el contenido sin cambios
+  // La lógica de sanitización real se implementará después
+  return {
+    content,
+    removed: []
+  }
+}
+

package/src/isl/types.ts

@@ -0,0 +1,87 @@
+/**
+ * Types for ISL (Instruction Sanitization Layer) - Core Semántico
+ */
+
+// Importar tipos de CSL y value objects
+import type { LineageEntry, TrustLevel } from '@/csl/value-objects'
+import type { PiDetectionResult } from './value-objects/PiDetectionResult'
+import type { AnomalyScore } from './value-objects/AnomalyScore'
+
+/**
+ * RiskScore - Score de riesgo (0-1)
+ */
+export type RiskScore = number
+
+/**
+ * AnomalyAction - Acción recomendada basada en análisis
+ */
+export type AnomalyAction = 'ALLOW' | 'WARN' | 'BLOCK'
+
+/**
+ * Position - Posición de un patrón detectado en el contenido
+ */
+export type Position = {
+  readonly start: number
+  readonly end: number
+}
+
+/**
+ * BlockedIntent - Intent que está explícitamente bloqueado por política
+ */
+export type BlockedIntent = string
+
+/**
+ * SensitiveScope - Tema sensible que requiere validación adicional
+ */
+export type SensitiveScope = string
+
+/**
+ * ProtectedRole - Rol que no puede ser sobrescrito
+ */
+export type ProtectedRole = string
+
+/**
+ * ImmutableInstruction - Instrucción que no puede ser modificada
+ */
+export type ImmutableInstruction = string
+
+/**
+ * RemovedInstruction - Instrucción removida durante sanitización
+ */
+export interface RemovedInstruction {
+  readonly type: 'system_command' | 'role_swapping' | 'jailbreak' | 'override' | 'manipulation'
+  readonly pattern: string
+  readonly position: Position
+  readonly description: string
+}
+
+/**
+ * ISLSegment - Segmento sanitizado por ISL
+ */
+export interface ISLSegment {
+  readonly id: string
+  readonly originalContent: string        // Contenido original de CSL
+  readonly sanitizedContent: string        // Contenido sanitizado
+  readonly trust: TrustLevel               // Trust level del segmento original
+  readonly lineage: LineageEntry[]         // Linaje actualizado con ISL
+  readonly piDetection?: PiDetectionResult  // Detección de prompt injection
+  readonly anomalyScore?: AnomalyScore     // Score de anomalía
+  readonly instructionsRemoved: RemovedInstruction[]  // Instrucciones removidas
+  readonly sanitizationLevel: 'minimal' | 'moderate' | 'aggressive'
+}
+
+/**
+ * ISLResult - Resultado de la sanitización
+ */
+export interface ISLResult {
+  readonly segments: readonly ISLSegment[]
+  readonly lineage: readonly LineageEntry[]
+  readonly metadata: {
+    readonly totalSegments: number
+    readonly sanitizedSegments: number
+    readonly blockedSegments: number
+    readonly instructionsRemoved: number
+    readonly processingTimeMs?: number
+  }
+}
+

package/src/isl/value-objects/AnomalyScore.ts

@@ -0,0 +1,40 @@
+import type { AnomalyAction, RiskScore } from '../types'
+
+/**
+ * AnomalyScore - tipo puro
+ */
+export type AnomalyScore = {
+  readonly score: RiskScore
+  readonly action: AnomalyAction
+}
+
+/**
+ * Crea un AnomalyScore - función pura
+ */
+export function createAnomalyScore(score: RiskScore, action: AnomalyAction): AnomalyScore {
+  if (score < 0 || score > 1) {
+    throw new Error('Anomaly score must be a value between 0 and 1')
+  }
+
+  if (!['ALLOW', 'WARN', 'BLOCK'].includes(action)) {
+    throw new Error(`Invalid AnomalyAction: ${action}. Must be one of: ALLOW, WARN, BLOCK`)
+  }
+
+  return { score, action }
+}
+
+/**
+ * Funciones puras para AnomalyScore
+ */
+export function isHighRisk(anomaly: AnomalyScore): boolean {
+  return anomaly.action === 'BLOCK'
+}
+
+export function isWarnRisk(anomaly: AnomalyScore): boolean {
+  return anomaly.action === 'WARN'
+}
+
+export function isLowRisk(anomaly: AnomalyScore): boolean {
+  return anomaly.action === 'ALLOW'
+}
+