@aion0/bastion 0.1.11 → 0.1.13
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +49 -6
- package/README.zh.md +48 -22
- package/config/default.yaml +2 -2
- package/dist/cli/commands/plugins.d.ts +3 -0
- package/dist/cli/commands/plugins.d.ts.map +1 -0
- package/dist/cli/commands/plugins.js +201 -0
- package/dist/cli/commands/plugins.js.map +1 -0
- package/dist/cli/commands/start.d.ts.map +1 -1
- package/dist/cli/commands/start.js +0 -18
- package/dist/cli/commands/start.js.map +1 -1
- package/dist/cli/index.js +2 -0
- package/dist/cli/index.js.map +1 -1
- package/dist/config/paths.d.ts +2 -0
- package/dist/config/paths.d.ts.map +1 -1
- package/dist/config/paths.js +2 -0
- package/dist/config/paths.js.map +1 -1
- package/dist/config/schema.d.ts +29 -1
- package/dist/config/schema.d.ts.map +1 -1
- package/dist/core/bootstrap.d.ts.map +1 -1
- package/dist/core/bootstrap.js +10 -0
- package/dist/core/bootstrap.js.map +1 -1
- package/dist/dashboard/api-routes.d.ts.map +1 -1
- package/dist/dashboard/api-routes.js +114 -50
- package/dist/dashboard/api-routes.js.map +1 -1
- package/dist/dashboard/page.d.ts.map +1 -1
- package/dist/dashboard/page.js +132 -69
- package/dist/dashboard/page.js.map +1 -1
- package/dist/dlp/ai-validator.d.ts +5 -2
- package/dist/dlp/ai-validator.d.ts.map +1 -1
- package/dist/dlp/ai-validator.js +20 -2
- package/dist/dlp/ai-validator.js.map +1 -1
- package/dist/dlp/heuristic-validator.d.ts +24 -0
- package/dist/dlp/heuristic-validator.d.ts.map +1 -0
- package/dist/dlp/heuristic-validator.js +97 -0
- package/dist/dlp/heuristic-validator.js.map +1 -0
- package/dist/plugin-api/index.d.ts +1 -1
- package/dist/plugin-api/index.d.ts.map +1 -1
- package/dist/plugin-api/index.js.map +1 -1
- package/dist/plugin-api/types.d.ts +19 -0
- package/dist/plugin-api/types.d.ts.map +1 -1
- package/dist/plugins/builtin/audit-logger.js +1 -1
- package/dist/plugins/builtin/dlp-scanner.d.ts +2 -0
- package/dist/plugins/builtin/dlp-scanner.d.ts.map +1 -1
- package/dist/plugins/builtin/dlp-scanner.js +9 -3
- package/dist/plugins/builtin/dlp-scanner.js.map +1 -1
- package/dist/plugins/builtin/metrics-collector.js +1 -1
- package/dist/plugins/builtin/metrics-collector.js.map +1 -1
- package/dist/plugins/builtin/threat-scorer.d.ts +6 -0
- package/dist/plugins/builtin/threat-scorer.d.ts.map +1 -0
- package/dist/plugins/builtin/threat-scorer.js +266 -0
- package/dist/plugins/builtin/threat-scorer.js.map +1 -0
- package/dist/plugins/builtin/token-optimizer.js +1 -1
- package/dist/plugins/builtin/tool-guard.d.ts.map +1 -1
- package/dist/plugins/builtin/tool-guard.js +18 -5
- package/dist/plugins/builtin/tool-guard.js.map +1 -1
- package/dist/plugins/loader.d.ts.map +1 -1
- package/dist/plugins/loader.js +22 -5
- package/dist/plugins/loader.js.map +1 -1
- package/dist/plugins/types.d.ts +3 -0
- package/dist/plugins/types.d.ts.map +1 -1
- package/dist/storage/migrations.d.ts.map +1 -1
- package/dist/storage/migrations.js +43 -0
- package/dist/storage/migrations.js.map +1 -1
- package/dist/storage/repositories/taint-marks.d.ts +26 -0
- package/dist/storage/repositories/taint-marks.d.ts.map +1 -0
- package/dist/storage/repositories/taint-marks.js +27 -0
- package/dist/storage/repositories/taint-marks.js.map +1 -0
- package/dist/storage/repositories/threat-score-events.d.ts +27 -0
- package/dist/storage/repositories/threat-score-events.d.ts.map +1 -0
- package/dist/storage/repositories/threat-score-events.js +24 -0
- package/dist/storage/repositories/threat-score-events.js.map +1 -0
- package/dist/storage/repositories/threat-scores.d.ts +26 -0
- package/dist/storage/repositories/threat-scores.d.ts.map +1 -0
- package/dist/storage/repositories/threat-scores.js +42 -0
- package/dist/storage/repositories/threat-scores.js.map +1 -0
- package/dist/storage/repositories/tool-chain-detections.d.ts +24 -0
- package/dist/storage/repositories/tool-chain-detections.d.ts.map +1 -0
- package/dist/storage/repositories/tool-chain-detections.js +27 -0
- package/dist/storage/repositories/tool-chain-detections.js.map +1 -0
- package/dist/tool-guard/chain-detector.d.ts +18 -0
- package/dist/tool-guard/chain-detector.d.ts.map +1 -0
- package/dist/tool-guard/chain-detector.js +55 -0
- package/dist/tool-guard/chain-detector.js.map +1 -0
- package/dist/tool-guard/chain-rules.d.ts +10 -0
- package/dist/tool-guard/chain-rules.d.ts.map +1 -0
- package/dist/tool-guard/chain-rules.js +30 -0
- package/dist/tool-guard/chain-rules.js.map +1 -0
- package/dist/tool-guard/taint-tracker.d.ts +24 -0
- package/dist/tool-guard/taint-tracker.d.ts.map +1 -0
- package/dist/tool-guard/taint-tracker.js +70 -0
- package/dist/tool-guard/taint-tracker.js.map +1 -0
- package/integration/openclaw-docker/fix-issues/not-install-brew/Dockerfile.patch +31 -0
- package/integration/openclaw-docker/fix-issues/not-install-brew/docker-setup.sh.patch +33 -0
- package/package.json +1 -1
- package/dist/license/verify.d.ts +0 -18
- package/dist/license/verify.d.ts.map +0 -1
- package/dist/license/verify.js +0 -71
- package/dist/license/verify.js.map +0 -1
package/dist/dashboard/page.js
CHANGED
|
@@ -97,11 +97,13 @@ tr:hover td{background:var(--border)}
|
|
|
97
97
|
.audit-kv .v{color:var(--bright)}
|
|
98
98
|
.timeline-card{margin-bottom:4px;cursor:pointer;transition:border-color .15s;padding:10px 12px}
|
|
99
99
|
.timeline-card:hover{border-color:var(--cyan)}
|
|
100
|
-
.pro-feature-row{cursor:pointer;transition:border-color .15s}
|
|
101
|
-
.pro-feature-row:hover{border-color:var(--cyan)}
|
|
102
|
-
.pro-feature-row.unlocked .toggle-label{color:var(--green)}
|
|
103
100
|
.filter-input{background:var(--bg);border:1px solid var(--border);color:var(--bright);padding:4px 10px;font-family:inherit;font-size:11px;width:280px}
|
|
104
101
|
@keyframes pulse{0%,100%{opacity:1}50%{opacity:.5}}
|
|
102
|
+
.row-tag.elevated{background:#1a1a00;color:var(--yellow)}
|
|
103
|
+
.row-tag.high-threat{background:#1a0a00;color:#ff6600}
|
|
104
|
+
.row-tag.critical-threat{background:#330000;color:var(--red)}
|
|
105
|
+
.ti-reset-btn{padding:2px 8px;font-size:10px;cursor:pointer;font-family:inherit;color:var(--red);background:none;border:1px solid #330000;border-radius:2px}
|
|
106
|
+
.ti-reset-btn:hover{background:#1a0000}
|
|
105
107
|
</style>
|
|
106
108
|
</head>`;
|
|
107
109
|
// ── TITLEBAR ──────────────────────────────────────────────────────
|
|
@@ -181,6 +183,20 @@ const PAGE_GUARD = `
|
|
|
181
183
|
<div class="section-body" id="gd-rules"><div class="empty">No rules</div></div>
|
|
182
184
|
</div>
|
|
183
185
|
</div>
|
|
186
|
+
<div class="section" style="margin-top:8px">
|
|
187
|
+
<div class="section-head"><span class="section-title">Threat Sessions</span><span style="color:var(--muted);font-size:10px;margin-left:4px">(elevated+)</span></div>
|
|
188
|
+
<div class="section-body">
|
|
189
|
+
<table><thead><tr><th>Session</th><th>Score</th><th>Level</th><th>Events</th><th>Last Event</th><th></th></tr></thead><tbody id="ti-sessions-list"></tbody></table>
|
|
190
|
+
<p class="empty" id="ti-no-sessions">No elevated sessions</p>
|
|
191
|
+
</div>
|
|
192
|
+
</div>
|
|
193
|
+
<div class="section" style="margin-top:2px">
|
|
194
|
+
<div class="section-head"><span class="section-title">Chain Detections</span></div>
|
|
195
|
+
<div class="section-body">
|
|
196
|
+
<table><thead><tr><th>Time</th><th>Session</th><th>Rule</th><th>Sequence</th><th>Action</th></tr></thead><tbody id="ti-chains-list"></tbody></table>
|
|
197
|
+
<p class="empty" id="ti-no-chains">No chain detections</p>
|
|
198
|
+
</div>
|
|
199
|
+
</div>
|
|
184
200
|
</div>`;
|
|
185
201
|
// ── PAGE: LOG ─────────────────────────────────────────────────────
|
|
186
202
|
const PAGE_LOG = `
|
|
@@ -254,25 +270,20 @@ const PAGE_SETTINGS = `
|
|
|
254
270
|
<div class="section"><div class="section-head setting-toggle" data-target="set-plugins"><span class="section-title"><span class="sect-arrow">▾</span> PLUGINS</span></div>
|
|
255
271
|
<div class="section-body" id="set-plugins" style="padding:12px"><div id="plugin-toggles"></div></div></div>
|
|
256
272
|
|
|
257
|
-
<!-- 2.
|
|
258
|
-
<div class="section"
|
|
259
|
-
<div class="section-body" id="set-
|
|
260
|
-
<div id="
|
|
261
|
-
<div class="toggle-row
|
|
262
|
-
<div class="toggle-row
|
|
263
|
-
<div class="toggle-row pro-feature-row" data-pro-feature="ratelimit"><div><div class="toggle-label">Rate Limiting</div><div class="toggle-desc">Configurable rate limiting by API key, session, or global</div></div><span class="row-tag" style="background:#1a1a1a;color:var(--dim)">PRO</span></div>
|
|
273
|
+
<!-- 2. Optional Features -->
|
|
274
|
+
<div class="section"><div class="section-head setting-toggle" data-target="set-optional"><span class="section-title"><span class="sect-arrow">▸</span> OPTIONAL FEATURES</span></div>
|
|
275
|
+
<div class="section-body" id="set-optional" style="display:none;padding:12px">
|
|
276
|
+
<div id="optional-features">
|
|
277
|
+
<div class="toggle-row" data-opt="pi-classifier"><div><div class="toggle-label">AI Injection Detection</div><div class="toggle-desc">ML-based prompt injection detection (ONNX Runtime)</div></div><span class="row-tag" id="opt-tag-pi-classifier" style="background:#1a1a1a;color:var(--dim)">NOT INSTALLED</span></div>
|
|
278
|
+
<div class="toggle-row" data-opt="content-extractor"><div><div class="toggle-label">Content Extractor</div><div class="toggle-desc">PDF text extraction and image OCR for DLP scanning</div></div><span class="row-tag" id="opt-tag-content-extractor" style="background:#1a1a1a;color:var(--dim)">NOT INSTALLED</span></div>
|
|
264
279
|
</div>
|
|
265
|
-
<div id="
|
|
266
|
-
<div
|
|
267
|
-
<
|
|
268
|
-
<div
|
|
269
|
-
|
|
270
|
-
|
|
271
|
-
|
|
272
|
-
<input type="text" class="cfg-input" style="width:240px;display:inline-block" placeholder="License key" id="pro-license-key">
|
|
273
|
-
<button class="cfg-btn primary" onclick="activateLicense('pro-license-key')">Activate</button>
|
|
274
|
-
</div>
|
|
275
|
-
</div>
|
|
280
|
+
<div id="opt-install-hint" style="margin-top:12px;padding:12px;background:var(--bg);border:1px solid var(--border);font-size:11px;color:var(--dim)">
|
|
281
|
+
<div style="margin-bottom:4px;color:var(--bright)">Install optional plugins:</div>
|
|
282
|
+
<code style="color:var(--green);font-size:12px">bastion plugins install</code> or <code style="color:var(--green);font-size:12px">./install.sh -local -plugins</code>
|
|
283
|
+
<div style="margin-top:4px">Adds ML-based detection, PDF/OCR content extraction, and more.</div>
|
|
284
|
+
</div>
|
|
285
|
+
<div id="opt-uninstall-row" style="display:none;margin-top:12px;text-align:right">
|
|
286
|
+
<button id="opt-uninstall-btn" class="cfg-btn secondary" style="color:var(--red);border-color:#330000">Uninstall Optional Plugins</button>
|
|
276
287
|
</div>
|
|
277
288
|
</div></div>
|
|
278
289
|
|
|
@@ -547,37 +558,53 @@ function actionTag(a){
|
|
|
547
558
|
if(a==='flag')return '<span class="row-tag warn">flag</span>';
|
|
548
559
|
return '<span class="row-tag">'+esc(a)+'</span>';
|
|
549
560
|
}
|
|
561
|
+
function threatLevelTag(level){
|
|
562
|
+
if(level==='critical')return '<span class="row-tag critical-threat">critical</span>';
|
|
563
|
+
if(level==='high')return '<span class="row-tag high-threat">high</span>';
|
|
564
|
+
if(level==='elevated')return '<span class="row-tag elevated">elevated</span>';
|
|
565
|
+
return '<span class="row-tag">'+esc(level||'normal')+'</span>';
|
|
566
|
+
}
|
|
550
567
|
|
|
551
568
|
// ══ 4. PAGE: OVERVIEW ═════════════════════════════════════════════
|
|
552
569
|
async function refreshOverview(){
|
|
553
570
|
try{
|
|
554
571
|
var sp=sinceParam();
|
|
555
572
|
var qp=sp?'?'+sp:'';
|
|
556
|
-
var [statsR,alertsR,dlpRecentR]=await Promise.all([
|
|
573
|
+
var [statsR,alertsR,dlpRecentR,piRecentR,threatOvR]=await Promise.all([
|
|
557
574
|
apiFetch('/api/stats'+qp),
|
|
558
575
|
apiFetch('/api/tool-guard/alerts'),
|
|
559
|
-
apiFetch('/api/dlp/recent?limit=5'+(sp?'&'+sp:''))
|
|
576
|
+
apiFetch('/api/dlp/recent?limit=5'+(sp?'&'+sp:'')),
|
|
577
|
+
apiFetch('/api/plugin-events/recent?limit=5&plugin=pi-classifier'+(sp?'&'+sp:'')),
|
|
578
|
+
apiFetch('/api/threat/sessions').catch(function(){return{json:function(){return[]}}})
|
|
560
579
|
]);
|
|
561
580
|
var statsData=await statsR.json();
|
|
562
581
|
var alertsData=await alertsR.json();
|
|
563
582
|
var dlpRecent=await dlpRecentR.json();
|
|
583
|
+
var piRecent=await piRecentR.json();
|
|
584
|
+
var threatOvData=await threatOvR.json();
|
|
585
|
+
var threatSessions=Array.isArray(threatOvData)?threatOvData:threatOvData.sessions||[];
|
|
586
|
+
var threatCount=threatSessions.length;
|
|
564
587
|
var s=statsData.stats;
|
|
565
588
|
var dlp=statsData.dlp||{};
|
|
566
589
|
var ba=dlp.by_action||{};
|
|
590
|
+
var piStats=statsData.pluginEvents||{};
|
|
567
591
|
|
|
568
592
|
// Gauges
|
|
569
|
-
if(!skipIfSame('ov-gauges',{s:s,dlp:dlp})){
|
|
593
|
+
if(!skipIfSame('ov-gauges',{s:s,dlp:dlp,pi:piStats,tc:threatCount})){
|
|
570
594
|
var dlpTotal=dlp.total_events||0;
|
|
595
|
+
var piTotal=piStats.total_events||0;
|
|
571
596
|
var latAvg=s.avg_latency_ms||0;
|
|
572
597
|
document.getElementById('ov-gauges').innerHTML=
|
|
573
598
|
gauge('Requests',fmt(s.total_requests),'','')+
|
|
574
599
|
gauge('Cost',cost(s.total_cost_usd),'','green')+
|
|
575
600
|
gauge('Tokens',fmt(s.total_input_tokens+s.total_output_tokens),fmt(s.total_input_tokens)+' in / '+fmt(s.total_output_tokens)+' out','')+
|
|
576
601
|
gauge('DLP Hits',fmt(dlpTotal),(ba.redact||0)+' redact, '+(ba.block||0)+' block',dlpTotal>0?'red':'')+
|
|
602
|
+
gauge('PI Detections',fmt(piTotal),'ML injection','red')+
|
|
603
|
+
gauge('Threats',fmt(threatCount),'elevated+ sessions',threatCount>0?'red':'green')+
|
|
577
604
|
gauge('Avg Latency',Math.round(latAvg)+'ms','','cyan');
|
|
578
605
|
}
|
|
579
606
|
|
|
580
|
-
// Alerts pane (combine DLP + Guard)
|
|
607
|
+
// Alerts pane (combine DLP + Guard + PI)
|
|
581
608
|
var combined=[];
|
|
582
609
|
(dlpRecent||[]).forEach(function(d){
|
|
583
610
|
combined.push({type:'dlp',time:d.created_at,text:'<b>'+esc(d.pattern_name)+'</b> \\u2192 '+esc(d.action),tag:'dlp'});
|
|
@@ -585,8 +612,11 @@ async function refreshOverview(){
|
|
|
585
612
|
(alertsData.alerts||[]).filter(function(a){return !a.acknowledged}).slice(0,5).forEach(function(a){
|
|
586
613
|
combined.push({type:'guard',time:a.timestamp,text:'<b>'+esc(a.toolName)+'</b> \\u2192 '+esc(a.ruleName),tag:'guard'});
|
|
587
614
|
});
|
|
615
|
+
(piRecent||[]).forEach(function(p){
|
|
616
|
+
combined.push({type:'pi',time:p.created_at,text:'<b>'+esc(p.rule)+'</b> '+esc(p.detail),tag:'block'});
|
|
617
|
+
});
|
|
588
618
|
combined.sort(function(a,b){return new Date(b.time)-new Date(a.time)});
|
|
589
|
-
var alertCount=(alertsData.unacknowledged||0)+(dlpRecent||[]).length;
|
|
619
|
+
var alertCount=(alertsData.unacknowledged||0)+(dlpRecent||[]).length+(piRecent||[]).length;
|
|
590
620
|
document.getElementById('ov-alert-count').textContent=alertCount||'';
|
|
591
621
|
if(!skipIfSame('ov-alerts',combined)){
|
|
592
622
|
document.getElementById('ov-alerts').innerHTML=combined.length?combined.slice(0,8).map(function(c){
|
|
@@ -775,12 +805,58 @@ async function refreshGuard(){
|
|
|
775
805
|
'<span class="row-tag '+(r.enabled?'audit':'')+'">'+((r.enabled?'ON':'OFF'))+'</span></div>';
|
|
776
806
|
}).join(''):'<div class="empty">No rules</div>';
|
|
777
807
|
}
|
|
808
|
+
|
|
809
|
+
// Threat Intelligence sections
|
|
810
|
+
try{
|
|
811
|
+
var [threatR,chainR]=await Promise.all([
|
|
812
|
+
apiFetch('/api/threat/sessions'),
|
|
813
|
+
apiFetch('/api/threat/chain-detections?limit=20')
|
|
814
|
+
]);
|
|
815
|
+
var sessions=await threatR.json();
|
|
816
|
+
var chains=await chainR.json();
|
|
817
|
+
|
|
818
|
+
// Threat sessions table
|
|
819
|
+
if(!skipIfSame('ti-sessions',sessions)){
|
|
820
|
+
var tsList=Array.isArray(sessions)?sessions:sessions.sessions||[];
|
|
821
|
+
document.getElementById('ti-no-sessions').style.display=tsList.length?'none':'';
|
|
822
|
+
document.getElementById('ti-sessions-list').innerHTML=tsList.map(function(s){
|
|
823
|
+
return '<tr><td class="mono" style="font-size:11px;color:#555">'+esc((s.session_id||s.sessionId||'').slice(0,12))+'</td>'+
|
|
824
|
+
'<td style="font-weight:700;color:var(--bright)">'+Math.round(s.score||0)+'</td>'+
|
|
825
|
+
'<td>'+threatLevelTag(s.level||s.threatLevel)+'</td>'+
|
|
826
|
+
'<td>'+fmt(s.events||s.eventCount||0)+'</td>'+
|
|
827
|
+
'<td>'+ago(s.last_event||s.lastEvent||s.updated_at||'')+'</td>'+
|
|
828
|
+
'<td><button class="ti-reset-btn" data-sid="'+esc(s.session_id||s.sessionId||'')+'">Reset</button></td></tr>';
|
|
829
|
+
}).join('');
|
|
830
|
+
}
|
|
831
|
+
|
|
832
|
+
// Chain detections table
|
|
833
|
+
if(!skipIfSame('ti-chains',chains)){
|
|
834
|
+
var chList=Array.isArray(chains)?chains:chains.detections||[];
|
|
835
|
+
document.getElementById('ti-no-chains').style.display=chList.length?'none':'';
|
|
836
|
+
document.getElementById('ti-chains-list').innerHTML=chList.map(function(c){
|
|
837
|
+
var seq=(c.sequence||c.tools||[]).map(function(t){return esc(t)}).join(' \\u2192 ');
|
|
838
|
+
var actionCls=(c.action==='block')?'block':'warn';
|
|
839
|
+
return '<tr><td>'+ago(c.created_at||c.timestamp||'')+'</td>'+
|
|
840
|
+
'<td class="mono" style="font-size:11px;color:#555">'+esc((c.session_id||c.sessionId||'').slice(0,12))+'</td>'+
|
|
841
|
+
'<td class="mono">'+esc(c.rule||c.ruleName||'')+'</td>'+
|
|
842
|
+
'<td style="font-size:11px">'+seq+'</td>'+
|
|
843
|
+
'<td><span class="row-tag '+actionCls+'">'+esc((c.action||'warn').toUpperCase())+'</span></td></tr>';
|
|
844
|
+
}).join('');
|
|
845
|
+
}
|
|
846
|
+
}catch(te){/* threat API may not be available */}
|
|
778
847
|
}catch(e){console.error('Guard refresh error',e)}
|
|
779
848
|
}
|
|
780
849
|
document.getElementById('gd-ack-btn').addEventListener('click',async function(){
|
|
781
850
|
await apiFetch('/api/tool-guard/alerts/ack',{method:'POST'});
|
|
782
851
|
refreshGuard();pollAlerts();
|
|
783
852
|
});
|
|
853
|
+
document.getElementById('ti-sessions-list').addEventListener('click',async function(e){
|
|
854
|
+
var btn=e.target.closest('.ti-reset-btn');if(!btn)return;
|
|
855
|
+
var sid=btn.dataset.sid;if(!sid)return;
|
|
856
|
+
btn.textContent='...';btn.disabled=true;
|
|
857
|
+
try{await apiFetch('/api/threat/sessions/'+encodeURIComponent(sid)+'/reset',{method:'POST'});_lastJson={};refreshGuard()}
|
|
858
|
+
catch(ex){btn.textContent='Reset';btn.disabled=false}
|
|
859
|
+
});
|
|
784
860
|
// Click guard event → go to Log detail
|
|
785
861
|
document.getElementById('gd-events').addEventListener('click',function(e){
|
|
786
862
|
var row=e.target.closest('.row[data-rid]');
|
|
@@ -1138,19 +1214,10 @@ document.querySelectorAll('.setting-toggle[data-target]').forEach(function(h){
|
|
|
1138
1214
|
});
|
|
1139
1215
|
});
|
|
1140
1216
|
|
|
1141
|
-
var _devMode=false;var _proLicense={pro:false};
|
|
1142
|
-
var _proFeatures={
|
|
1143
|
-
'ai-injection':{title:'AI Injection Detection',desc:'Multi-layer AI-driven prompt injection detection with semantic analysis.'},
|
|
1144
|
-
'budget':{title:'Budget Control',desc:'Per-session/user/project cost budgets with auto-blocking.'},
|
|
1145
|
-
'ratelimit':{title:'Rate Limiting',desc:'Configurable rate limiting by API key, session, or global scope.'}
|
|
1146
|
-
};
|
|
1147
|
-
|
|
1148
1217
|
async function refreshSettings(){
|
|
1149
1218
|
try{
|
|
1150
|
-
var
|
|
1151
|
-
var cfgData=await cfgR.json();
|
|
1152
|
-
_devMode=!!devData.dev;
|
|
1153
|
-
document.getElementById('sec-pro').style.display=_devMode?'':'none';
|
|
1219
|
+
var cfgR=await apiFetch('/api/config');
|
|
1220
|
+
var cfgData=await cfgR.json();
|
|
1154
1221
|
|
|
1155
1222
|
// 1. Plugins
|
|
1156
1223
|
var info=cfgData.pluginInfo||[];
|
|
@@ -1176,8 +1243,25 @@ async function refreshSettings(){
|
|
|
1176
1243
|
});
|
|
1177
1244
|
});
|
|
1178
1245
|
|
|
1179
|
-
// 2.
|
|
1180
|
-
|
|
1246
|
+
// 2. Optional Features
|
|
1247
|
+
var extNames=external.map(function(p){return p.name});
|
|
1248
|
+
var optMap={'pi-classifier':'pi-classifier','content-extractor':'content-extractor'};
|
|
1249
|
+
var hasAnyOpt=false;
|
|
1250
|
+
Object.keys(optMap).forEach(function(key){
|
|
1251
|
+
var tag=document.getElementById('opt-tag-'+key);if(!tag)return;
|
|
1252
|
+
var installed=extNames.indexOf(optMap[key])>=0;
|
|
1253
|
+
if(installed){
|
|
1254
|
+
hasAnyOpt=true;
|
|
1255
|
+
var p=external.find(function(x){return x.name===optMap[key]});
|
|
1256
|
+
tag.style.background=p&&p.enabled?'#0a1a0a':'#1a1a00';
|
|
1257
|
+
tag.style.color=p&&p.enabled?'#00ff88':'var(--yellow)';
|
|
1258
|
+
tag.textContent=p&&p.enabled?'ACTIVE':'DISABLED';
|
|
1259
|
+
}else{
|
|
1260
|
+
tag.style.background='#1a1a1a';tag.style.color='var(--dim)';tag.textContent='NOT INSTALLED';
|
|
1261
|
+
}
|
|
1262
|
+
});
|
|
1263
|
+
document.getElementById('opt-install-hint').style.display=hasAnyOpt?'none':'';
|
|
1264
|
+
document.getElementById('opt-uninstall-row').style.display=hasAnyOpt?'':'none';
|
|
1181
1265
|
|
|
1182
1266
|
// 3. DLP Config
|
|
1183
1267
|
await loadDlpConfig(cfgData);
|
|
@@ -1208,37 +1292,16 @@ async function refreshSettings(){
|
|
|
1208
1292
|
}catch(e){console.error('Settings refresh error',e)}
|
|
1209
1293
|
}
|
|
1210
1294
|
|
|
1211
|
-
//
|
|
1212
|
-
function
|
|
1213
|
-
|
|
1214
|
-
|
|
1215
|
-
|
|
1216
|
-
|
|
1217
|
-
|
|
1218
|
-
}
|
|
1219
|
-
})
|
|
1220
|
-
}
|
|
1221
|
-
function showProDetail(feature){
|
|
1222
|
-
var info=_proFeatures[feature];if(!info)return;
|
|
1223
|
-
document.getElementById('pro-detail-title').textContent=info.title;
|
|
1224
|
-
document.getElementById('pro-detail-desc').textContent=info.desc;
|
|
1225
|
-
document.getElementById('pro-detail').style.display='block';
|
|
1226
|
-
if(_proLicense.pro){document.getElementById('pro-detail-unlocked').style.display='block';document.getElementById('pro-detail-locked').style.display='none'}
|
|
1227
|
-
else{document.getElementById('pro-detail-unlocked').style.display='none';document.getElementById('pro-detail-locked').style.display='block';
|
|
1228
|
-
document.getElementById('pro-detail-license').style.display=(_devMode||_proLicense.installed)?'block':'none'}
|
|
1229
|
-
}
|
|
1230
|
-
document.querySelectorAll('.pro-feature-row').forEach(function(row){
|
|
1231
|
-
row.addEventListener('click',function(){showProDetail(row.dataset.proFeature)});
|
|
1295
|
+
// Optional plugins uninstall
|
|
1296
|
+
document.getElementById('opt-uninstall-btn').addEventListener('click',async function(){
|
|
1297
|
+
if(!confirm('Uninstall optional plugins (bastion-pro)?'))return;
|
|
1298
|
+
var removeModels=confirm('Also remove downloaded models? This frees disk space but models will need to be re-downloaded on next install.');
|
|
1299
|
+
try{
|
|
1300
|
+
var r=await apiFetch('/api/plugins/uninstall',{method:'POST',headers:{'content-type':'application/json'},body:JSON.stringify({name:'bastion-pro',removeModels:removeModels})});
|
|
1301
|
+
var d=await r.json();
|
|
1302
|
+
if(d.ok){refreshSettings()}else{alert(d.error||'Uninstall failed')}
|
|
1303
|
+
}catch(e){alert('Uninstall failed: '+e.message)}
|
|
1232
1304
|
});
|
|
1233
|
-
async function activateLicense(inputId){
|
|
1234
|
-
var key=document.getElementById(inputId).value.trim();if(!key)return;
|
|
1235
|
-
if(_devMode){
|
|
1236
|
-
try{var r=await apiFetch('/api/dev/activate',{method:'POST',headers:{'content-type':'application/json'},body:JSON.stringify({token:key})});
|
|
1237
|
-
var d=await r.json();if(d.ok){refreshSettings();return}alert(d.error||'Invalid token');
|
|
1238
|
-
}catch(e){alert('Activation failed')}
|
|
1239
|
-
}else{alert('License activation requires the Bastion Pro plugin.')}
|
|
1240
|
-
}
|
|
1241
|
-
window.activateLicense=activateLicense;
|
|
1242
1305
|
|
|
1243
1306
|
// DLP Config
|
|
1244
1307
|
var dlpServerState=null;var dlpBuiltinsLoaded=false;var dlpCleanSnapshot='';
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"page.js","sourceRoot":"","sources":["../../src/dashboard/page.ts"],"names":[],"mappings":";;
|
|
1
|
+
{"version":3,"file":"page.js","sourceRoot":"","sources":["../../src/dashboard/page.ts"],"names":[],"mappings":";;AAqpDA,wCAOC;AA1pDD,qEAAqE;AACrE,MAAM,IAAI,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;QAuGL,CAAC;AAET,qEAAqE;AACrE,MAAM,QAAQ,GAAG;;;;;;;;;;;;;;OAcV,CAAC;AAER,qEAAqE;AACrE,MAAM,aAAa,GAAG;;;;;;;;;;;;;;;;;;;;OAoBf,CAAC;AAER,qEAAqE;AACrE,MAAM,QAAQ,GAAG;;;;;;;;;;;;;;;;OAgBV,CAAC;AAER,qEAAqE;AACrE,MAAM,UAAU,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAkCZ,CAAC;AAER,qEAAqE;AACrE,MAAM,QAAQ,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OA8DV,CAAC;AAER,qEAAqE;AACrE,MAAM,aAAa,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAqMf,CAAC;AAER,qEAAqE;AACrE,MAAM,MAAM,GAAG,iFAAiF,CAAC;AAEjG,qEAAqE;AACrE,MAAM,MAAM,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;UAsrCL,CAAC;AAEX,MAAM,IAAI,GAAG,IAAI,GAAG,+BAA+B;IACjD,QAAQ,GAAG,aAAa,GAAG,QAAQ,GAAG,UAAU,GAAG,QAAQ,GAAG,aAAa,GAAG,MAAM;IACpF,QAAQ,GAAG,MAAM,GAAG,gBAAgB,CAAC;AAEvC,SAAgB,cAAc,CAAC,GAAmB;IAChD,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE;QACjB,cAAc,EAAE,0BAA0B;QAC1C,eAAe,EAAE,qCAAqC;QACtD,QAAQ,EAAE,UAAU;KACrB,CAAC,CAAC;IACH,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;AAChB,CAAC"}
|
|
@@ -1,17 +1,19 @@
|
|
|
1
1
|
import type { DlpFinding } from './actions.js';
|
|
2
2
|
export interface AiValidatorConfig {
|
|
3
3
|
enabled: boolean;
|
|
4
|
-
provider: 'anthropic' | 'openai';
|
|
4
|
+
provider: 'anthropic' | 'openai' | 'local';
|
|
5
5
|
model: string;
|
|
6
6
|
apiKey: string;
|
|
7
7
|
timeoutMs: number;
|
|
8
8
|
cacheSize: number;
|
|
9
|
+
/** Lazy getter for local ClassifierProvider (set by bootstrap when pi-classifier is available) */
|
|
10
|
+
getLocalProvider?: () => import('../plugin-api/types.js').ClassifierProvider | undefined;
|
|
9
11
|
}
|
|
10
12
|
export declare class AiValidator {
|
|
11
13
|
private config;
|
|
12
14
|
private cache;
|
|
13
15
|
constructor(config: AiValidatorConfig);
|
|
14
|
-
/** Returns true if the validator is ready (enabled +
|
|
16
|
+
/** Returns true if the validator is ready (enabled + provider configured) */
|
|
15
17
|
get ready(): boolean;
|
|
16
18
|
/** Update config at runtime (e.g. toggle enabled) */
|
|
17
19
|
updateConfig(config: Partial<AiValidatorConfig>): void;
|
|
@@ -21,6 +23,7 @@ export declare class AiValidator {
|
|
|
21
23
|
*/
|
|
22
24
|
validate(findings: DlpFinding[], text: string): Promise<DlpFinding[]>;
|
|
23
25
|
private callLLM;
|
|
26
|
+
private callLocal;
|
|
24
27
|
private callAnthropic;
|
|
25
28
|
private callOpenAI;
|
|
26
29
|
private httpPost;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ai-validator.d.ts","sourceRoot":"","sources":["../../src/dlp/ai-validator.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;
|
|
1
|
+
{"version":3,"file":"ai-validator.d.ts","sourceRoot":"","sources":["../../src/dlp/ai-validator.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAO/C,MAAM,WAAW,iBAAiB;IAChC,OAAO,EAAE,OAAO,CAAC;IACjB,QAAQ,EAAE,WAAW,GAAG,QAAQ,GAAG,OAAO,CAAC;IAC3C,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,kGAAkG;IAClG,gBAAgB,CAAC,EAAE,MAAM,OAAO,wBAAwB,EAAE,kBAAkB,GAAG,SAAS,CAAC;CAC1F;AA2CD,qBAAa,WAAW;IACtB,OAAO,CAAC,MAAM,CAAoB;IAClC,OAAO,CAAC,KAAK,CAAW;gBAEZ,MAAM,EAAE,iBAAiB;IAKrC,6EAA6E;IAC7E,IAAI,KAAK,IAAI,OAAO,CAMnB;IAED,qDAAqD;IACrD,YAAY,CAAC,MAAM,EAAE,OAAO,CAAC,iBAAiB,CAAC,GAAG,IAAI;IAItD;;;OAGG;IACG,QAAQ,CAAC,QAAQ,EAAE,UAAU,EAAE,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,EAAE,CAAC;YAgD7D,OAAO;YAiBP,SAAS;IAUvB,OAAO,CAAC,aAAa;IAuBrB,OAAO,CAAC,UAAU;IAyBlB,OAAO,CAAC,QAAQ;CAgCjB"}
|
package/dist/dlp/ai-validator.js
CHANGED
|
@@ -6,6 +6,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
6
6
|
exports.AiValidator = void 0;
|
|
7
7
|
const node_https_1 = __importDefault(require("node:https"));
|
|
8
8
|
const logger_js_1 = require("../utils/logger.js");
|
|
9
|
+
const heuristic_validator_js_1 = require("./heuristic-validator.js");
|
|
9
10
|
const log = (0, logger_js_1.createLogger)('ai-validator');
|
|
10
11
|
const SNIPPET_RADIUS = 200;
|
|
11
12
|
// ── Simple LRU cache ──
|
|
@@ -44,9 +45,14 @@ class AiValidator {
|
|
|
44
45
|
this.config = config;
|
|
45
46
|
this.cache = new LRUCache(config.cacheSize);
|
|
46
47
|
}
|
|
47
|
-
/** Returns true if the validator is ready (enabled +
|
|
48
|
+
/** Returns true if the validator is ready (enabled + provider configured) */
|
|
48
49
|
get ready() {
|
|
49
|
-
|
|
50
|
+
if (!this.config.enabled)
|
|
51
|
+
return false;
|
|
52
|
+
if (this.config.provider === 'local') {
|
|
53
|
+
return true; // heuristic validator is always available
|
|
54
|
+
}
|
|
55
|
+
return this.config.apiKey.length > 0;
|
|
50
56
|
}
|
|
51
57
|
/** Update config at runtime (e.g. toggle enabled) */
|
|
52
58
|
updateConfig(config) {
|
|
@@ -101,12 +107,24 @@ class AiValidator {
|
|
|
101
107
|
return confirmed;
|
|
102
108
|
}
|
|
103
109
|
async callLLM(finding, matchText, context) {
|
|
110
|
+
if (this.config.provider === 'local') {
|
|
111
|
+
return this.callLocal(finding, matchText, context);
|
|
112
|
+
}
|
|
104
113
|
const prompt = buildPrompt(finding, matchText, context);
|
|
105
114
|
if (this.config.provider === 'anthropic') {
|
|
106
115
|
return this.callAnthropic(prompt);
|
|
107
116
|
}
|
|
108
117
|
return this.callOpenAI(prompt);
|
|
109
118
|
}
|
|
119
|
+
async callLocal(finding, matchText, context) {
|
|
120
|
+
const verdict = (0, heuristic_validator_js_1.heuristicValidate)({
|
|
121
|
+
matchText,
|
|
122
|
+
surrounding: context,
|
|
123
|
+
patternName: finding.patternName,
|
|
124
|
+
patternCategory: finding.patternCategory,
|
|
125
|
+
});
|
|
126
|
+
return { verdict: verdict.verdict, reason: verdict.reason };
|
|
127
|
+
}
|
|
110
128
|
callAnthropic(prompt) {
|
|
111
129
|
const body = JSON.stringify({
|
|
112
130
|
model: this.config.model,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ai-validator.js","sourceRoot":"","sources":["../../src/dlp/ai-validator.ts"],"names":[],"mappings":";;;;;;AAAA,4DAA+B;AAC/B,kDAAkD;
|
|
1
|
+
{"version":3,"file":"ai-validator.js","sourceRoot":"","sources":["../../src/dlp/ai-validator.ts"],"names":[],"mappings":";;;;;;AAAA,4DAA+B;AAC/B,kDAAkD;AAElD,qEAA6D;AAE7D,MAAM,GAAG,GAAG,IAAA,wBAAY,EAAC,cAAc,CAAC,CAAC;AAEzC,MAAM,cAAc,GAAG,GAAG,CAAC;AAkB3B,yBAAyB;AAEzB,MAAM,QAAQ;IACJ,KAAK,GAAG,IAAI,GAAG,EAAsB,CAAC;IACtC,OAAO,CAAS;IAExB,YAAY,OAAe;QACzB,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;IACzB,CAAC;IAED,GAAG,CAAC,GAAW;QACb,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAClC,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;YACxB,mCAAmC;YACnC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YACvB,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;QAC7B,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAED,GAAG,CAAC,GAAW,EAAE,KAAiB;QAChC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACvB,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;QAC3B,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,GAAG,IAAI,CAAC,OAAO,EAAE,CAAC;YACnC,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,IAAI,EAAE,CAAC,KAAM,CAAC;YACjD,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QAC9B,CAAC;IACH,CAAC;IAED,IAAI,IAAI;QACN,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC;IACzB,CAAC;CACF;AAED,qBAAqB;AAErB,MAAa,WAAW;IACd,MAAM,CAAoB;IAC1B,KAAK,CAAW;IAExB,YAAY,MAAyB;QACnC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,KAAK,GAAG,IAAI,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IAC9C,CAAC;IAED,6EAA6E;IAC7E,IAAI,KAAK;QACP,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO;YAAE,OAAO,KAAK,CAAC;QACvC,IAAI,IAAI,CAAC,MAAM,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;YACrC,OAAO,IAAI,CAAC,CAAC,0CAA0C;QACzD,CAAC;QACD,OAAO,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC;IACvC,CAAC;IAED,qDAAqD;IACrD,YAAY,CAAC,MAAkC;QAC7C,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACrC,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,QAAQ,CAAC,QAAsB,EAAE,IAAY;QACjD,IAAI,CAAC,IAAI,CAAC,KAAK,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,QAAQ,CAAC;QAE1D,MAAM,SAAS,GAAiB,EAAE,CAAC;QAEnC,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;YAC/B,MAAM,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YAC5C,MAAM,QAAQ,GAAG,GAAG,OAAO,CAAC,WAAW,IAAI,UAAU,EAAE,CAAC;YAExD,oBAAoB;YACpB,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;YACxC,IAAI,MAAM,EAAE,CAAC;gBACX,IAAI,MAAM,CAAC,OAAO,KAAK,WAAW,EAAE,CAAC;oBACnC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;gBAC1B,CAAC;qBAAM,CAAC;oBACN,GAAG,CAAC,KAAK,CAAC,0BAA0B,EAAE,EAAE,OAAO,EAAE,OAAO,CAAC,WAAW,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;gBACjG,CAAC;gBACD,SAAS;YACX,CAAC;YAED,8BAA8B;YAC9B,MAAM,OAAO,GAAG,cAAc,CAAC,IAAI,EAAE,UAAU,EAAE,cAAc,CAAC,CAAC;YAEjE,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,UAAU,EAAE,OAAO,CAAC,CAAC;gBAChE,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;gBAEjC,IAAI,MAAM,CAAC,OAAO,KAAK,WAAW,EAAE,CAAC;oBACnC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;gBAC1B,CAAC;qBAAM,CAAC;oBACN,GAAG,CAAC,IAAI,CAAC,uCAAuC,EAAE;wBAChD,OAAO,EAAE,OAAO,CAAC,WAAW;wBAC5B,MAAM,EAAE,MAAM,CAAC,MAAM;qBACtB,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,sDAAsD;gBACtD,GAAG,CAAC,IAAI,CAAC,6CAA6C,EAAE;oBACtD,OAAO,EAAE,OAAO,CAAC,WAAW;oBAC5B,KAAK,EAAG,GAAa,CAAC,OAAO;iBAC9B,CAAC,CAAC;gBACH,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAC1B,CAAC;QACH,CAAC;QAED,OAAO,SAAS,CAAC;IACnB,CAAC;IAEO,KAAK,CAAC,OAAO,CACnB,OAAmB,EACnB,SAAiB,EACjB,OAAe;QAEf,IAAI,IAAI,CAAC,MAAM,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;YACrC,OAAO,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,SAAS,EAAE,OAAO,CAAC,CAAC;QACrD,CAAC;QAED,MAAM,MAAM,GAAG,WAAW,CAAC,OAAO,EAAE,SAAS,EAAE,OAAO,CAAC,CAAC;QAExD,IAAI,IAAI,CAAC,MAAM,CAAC,QAAQ,KAAK,WAAW,EAAE,CAAC;YACzC,OAAO,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC;QACpC,CAAC;QACD,OAAO,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;IACjC,CAAC;IAEO,KAAK,CAAC,SAAS,CAAC,OAAmB,EAAE,SAAiB,EAAE,OAAe;QAC7E,MAAM,OAAO,GAAG,IAAA,0CAAiB,EAAC;YAChC,SAAS;YACT,WAAW,EAAE,OAAO;YACpB,WAAW,EAAE,OAAO,CAAC,WAAW;YAChC,eAAe,EAAE,OAAO,CAAC,eAAe;SACzC,CAAC,CAAC;QACH,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,CAAC;IAC9D,CAAC;IAEO,aAAa,CAAC,MAAc;QAClC,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC;YAC1B,KAAK,EAAE,IAAI,CAAC,MAAM,CAAC,KAAK;YACxB,UAAU,EAAE,GAAG;YACf,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC;SAC9C,CAAC,CAAC;QAEH,OAAO,IAAI,CAAC,QAAQ,CAClB,mBAAmB,EACnB,cAAc,EACd;YACE,cAAc,EAAE,kBAAkB;YAClC,WAAW,EAAE,IAAI,CAAC,MAAM,CAAC,MAAM;YAC/B,mBAAmB,EAAE,YAAY;SAClC,EACD,IAAI,CACL,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE;YACb,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAC5B,MAAM,IAAI,GAAG,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,IAAI,IAAI,EAAE,CAAC;YAC1C,OAAO,YAAY,CAAC,IAAI,CAAC,CAAC;QAC5B,CAAC,CAAC,CAAC;IACL,CAAC;IAEO,UAAU,CAAC,MAAc;QAC/B,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC;YAC1B,KAAK,EAAE,IAAI,CAAC,MAAM,CAAC,KAAK;YACxB,UAAU,EAAE,GAAG;YACf,QAAQ,EAAE;gBACR,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,kFAAkF,EAAE;gBAC/G,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE;aAClC;SACF,CAAC,CAAC;QAEH,OAAO,IAAI,CAAC,QAAQ,CAClB,gBAAgB,EAChB,sBAAsB,EACtB;YACE,cAAc,EAAE,kBAAkB;YAClC,eAAe,EAAE,UAAU,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE;SAChD,EACD,IAAI,CACL,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE;YACb,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAC5B,MAAM,IAAI,GAAG,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,OAAO,IAAI,EAAE,CAAC;YACtD,OAAO,YAAY,CAAC,IAAI,CAAC,CAAC;QAC5B,CAAC,CAAC,CAAC;IACL,CAAC;IAEO,QAAQ,CACd,QAAgB,EAChB,IAAY,EACZ,OAA+B,EAC/B,IAAY;QAEZ,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,MAAM,GAAG,GAAG,oBAAK,CAAC,OAAO,CACvB,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,EAAE,GAAG,OAAO,EAAE,gBAAgB,EAAE,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,EAAE,EAAE,EACjH,CAAC,GAAG,EAAE,EAAE;gBACN,MAAM,MAAM,GAAa,EAAE,CAAC;gBAC5B,GAAG,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;gBACtD,GAAG,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE;oBACjB,MAAM,MAAM,GAAG,GAAG,CAAC,UAAU,IAAI,CAAC,CAAC;oBACnC,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;oBACvD,IAAI,MAAM,IAAI,GAAG,IAAI,MAAM,GAAG,GAAG,EAAE,CAAC;wBAClC,OAAO,CAAC,MAAM,CAAC,CAAC;oBAClB,CAAC;yBAAM,CAAC;wBACN,MAAM,CAAC,IAAI,KAAK,CAAC,QAAQ,MAAM,KAAK,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC;oBAC/D,CAAC;gBACH,CAAC,CAAC,CAAC;YACL,CAAC,CACF,CAAC;YAEF,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,GAAG,EAAE;gBACzC,GAAG,CAAC,OAAO,CAAC,IAAI,KAAK,CAAC,4BAA4B,IAAI,CAAC,MAAM,CAAC,SAAS,KAAK,CAAC,CAAC,CAAC;YACjF,CAAC,CAAC,CAAC;YAEH,GAAG,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;YACxB,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAChB,CAAC,CAAC,CAAC;IACL,CAAC;CACF;AAtLD,kCAsLC;AAED,gBAAgB;AAEhB,SAAS,cAAc,CAAC,IAAY,EAAE,KAAa,EAAE,MAAc;IACjE,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;IAChC,IAAI,GAAG,KAAK,CAAC,CAAC;QAAE,OAAO,KAAK,CAAC;IAC7B,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,GAAG,GAAG,MAAM,CAAC,CAAC;IACxC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,GAAG,KAAK,CAAC,MAAM,GAAG,MAAM,CAAC,CAAC;IAC/D,OAAO,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;AAChC,CAAC;AAED,SAAS,WAAW,CAAC,OAAmB,EAAE,SAAiB,EAAE,OAAe;IAC1E,qEAAqE;IACrE,MAAM,MAAM,GAAG,SAAS,CAAC,MAAM,GAAG,CAAC;QACjC,CAAC,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QAChF,CAAC,CAAC,SAAS,CAAC;IAEd,OAAO;;WAEE,OAAO,CAAC,WAAW,KAAK,OAAO,CAAC,eAAe;mCACvB,MAAM;;;EAGvC,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;;;;qFAI8D,CAAC;AACtF,CAAC;AAED,SAAS,YAAY,CAAC,IAAY;IAChC,wCAAwC;IACxC,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;IAC1C,IAAI,SAAS,EAAE,CAAC;QACd,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;YACxC,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,KAAK,gBAAgB,CAAC,CAAC,CAAC,gBAAgB,CAAC,CAAC,CAAC,WAAW,CAAC;YACrF,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM,IAAI,EAAE,EAAE,CAAC;QAClD,CAAC;QAAC,MAAM,CAAC,CAAC,kBAAkB,CAAC,CAAC;IAChC,CAAC;IAED,8BAA8B;IAC9B,MAAM,KAAK,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;IACjC,IAAI,KAAK,CAAC,QAAQ,CAAC,gBAAgB,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,gBAAgB,CAAC,EAAE,CAAC;QACzE,OAAO,EAAE,OAAO,EAAE,gBAAgB,EAAE,MAAM,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC;IACnE,CAAC;IACD,4CAA4C;IAC5C,OAAO,EAAE,OAAO,EAAE,WAAW,EAAE,MAAM,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC;AAC9D,CAAC"}
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Heuristic DLP Validator
|
|
3
|
+
*
|
|
4
|
+
* Local false-positive filter for DLP regex matches.
|
|
5
|
+
* Detects placeholder values, test keys, low-entropy strings, and documentation patterns.
|
|
6
|
+
* Zero external dependencies — replaces the incorrect PI-classifier-based local validation.
|
|
7
|
+
*/
|
|
8
|
+
export interface HeuristicContext {
|
|
9
|
+
/** The text matched by the DLP regex */
|
|
10
|
+
matchText: string;
|
|
11
|
+
/** Surrounding context around the match */
|
|
12
|
+
surrounding: string;
|
|
13
|
+
/** DLP pattern name (e.g. 'aws-access-key') */
|
|
14
|
+
patternName: string;
|
|
15
|
+
/** DLP pattern category (e.g. 'high-confidence') */
|
|
16
|
+
patternCategory: string;
|
|
17
|
+
}
|
|
18
|
+
export interface HeuristicVerdict {
|
|
19
|
+
verdict: 'sensitive' | 'false_positive';
|
|
20
|
+
reason: string;
|
|
21
|
+
confidence: number;
|
|
22
|
+
}
|
|
23
|
+
export declare function heuristicValidate(ctx: HeuristicContext): HeuristicVerdict;
|
|
24
|
+
//# sourceMappingURL=heuristic-validator.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"heuristic-validator.d.ts","sourceRoot":"","sources":["../../src/dlp/heuristic-validator.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAIH,MAAM,WAAW,gBAAgB;IAC/B,wCAAwC;IACxC,SAAS,EAAE,MAAM,CAAC;IAClB,2CAA2C;IAC3C,WAAW,EAAE,MAAM,CAAC;IACpB,+CAA+C;IAC/C,WAAW,EAAE,MAAM,CAAC;IACpB,oDAAoD;IACpD,eAAe,EAAE,MAAM,CAAC;CACzB;AAED,MAAM,WAAW,gBAAgB;IAC/B,OAAO,EAAE,WAAW,GAAG,gBAAgB,CAAC;IACxC,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,CAAC;CACpB;AA2BD,wBAAgB,iBAAiB,CAAC,GAAG,EAAE,gBAAgB,GAAG,gBAAgB,CAyDzE"}
|
|
@@ -0,0 +1,97 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* Heuristic DLP Validator
|
|
4
|
+
*
|
|
5
|
+
* Local false-positive filter for DLP regex matches.
|
|
6
|
+
* Detects placeholder values, test keys, low-entropy strings, and documentation patterns.
|
|
7
|
+
* Zero external dependencies — replaces the incorrect PI-classifier-based local validation.
|
|
8
|
+
*/
|
|
9
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
10
|
+
exports.heuristicValidate = heuristicValidate;
|
|
11
|
+
const entropy_js_1 = require("./entropy.js");
|
|
12
|
+
// ── Known test values (per provider) ──
|
|
13
|
+
const KNOWN_TEST_VALUES = new Set([
|
|
14
|
+
'AKIAIOSFODNN7EXAMPLE',
|
|
15
|
+
'wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY',
|
|
16
|
+
]);
|
|
17
|
+
const KNOWN_TEST_PREFIXES = [
|
|
18
|
+
'sk_test_',
|
|
19
|
+
'pk_test_',
|
|
20
|
+
'rk_test_',
|
|
21
|
+
];
|
|
22
|
+
// ── Placeholder patterns ──
|
|
23
|
+
const PLACEHOLDER_KEYWORDS_RE = /\b(example|test|sample|demo|dummy|placeholder|mock|fake|todo|fixme)\b/i;
|
|
24
|
+
const PLACEHOLDER_TEMPLATE_RE = /YOUR_|your_|<YOUR|<your|\[YOUR|\[your|xxx{3,}|XXX{3,}|changeme|change_me|CHANGE_ME|insert.?here|replace.?this/i;
|
|
25
|
+
// ── Documentation markers ──
|
|
26
|
+
const DOC_MARKER_RE = /\b(e\.g\.|for example|such as|like this|format is|looks like|example:|sample:|returns?:)/i;
|
|
27
|
+
// ── Core heuristic function ──
|
|
28
|
+
function heuristicValidate(ctx) {
|
|
29
|
+
const { matchText, surrounding } = ctx;
|
|
30
|
+
// Rule 1: Known test values (exact match)
|
|
31
|
+
if (KNOWN_TEST_VALUES.has(matchText)) {
|
|
32
|
+
return fp('Known test/example value', 0.99);
|
|
33
|
+
}
|
|
34
|
+
// Rule 2: Known test prefixes
|
|
35
|
+
for (const prefix of KNOWN_TEST_PREFIXES) {
|
|
36
|
+
if (matchText.startsWith(prefix)) {
|
|
37
|
+
return fp(`Known test prefix: ${prefix}*`, 0.95);
|
|
38
|
+
}
|
|
39
|
+
}
|
|
40
|
+
// Rule 3: Placeholder template in match text
|
|
41
|
+
if (PLACEHOLDER_TEMPLATE_RE.test(matchText)) {
|
|
42
|
+
return fp('Placeholder template in match value', 0.95);
|
|
43
|
+
}
|
|
44
|
+
// Rule 4: Repeated characters (>80% same char)
|
|
45
|
+
if (matchText.length >= 8 && isRepeatedChars(matchText, 0.8)) {
|
|
46
|
+
return fp('Repeated characters', 0.9);
|
|
47
|
+
}
|
|
48
|
+
// Rule 5: Sequential characters (abcdef..., 123456...)
|
|
49
|
+
if (matchText.length >= 8 && isSequentialChars(matchText)) {
|
|
50
|
+
return fp('Sequential characters', 0.9);
|
|
51
|
+
}
|
|
52
|
+
// Rule 6: Placeholder keywords in surrounding context
|
|
53
|
+
if (PLACEHOLDER_KEYWORDS_RE.test(surrounding)) {
|
|
54
|
+
return fp('Placeholder keyword in context', 0.8);
|
|
55
|
+
}
|
|
56
|
+
// Rule 7: Documentation markers in surrounding context
|
|
57
|
+
if (DOC_MARKER_RE.test(surrounding)) {
|
|
58
|
+
return fp('Documentation marker in context', 0.75);
|
|
59
|
+
}
|
|
60
|
+
// Rule 8: Entropy-based checks (only for values long enough)
|
|
61
|
+
if (matchText.length >= 8) {
|
|
62
|
+
const entropy = (0, entropy_js_1.shannonEntropy)(matchText);
|
|
63
|
+
// Low entropy → likely not a real secret
|
|
64
|
+
if (entropy < 2.0) {
|
|
65
|
+
return fp(`Low entropy (${entropy.toFixed(2)})`, 0.85);
|
|
66
|
+
}
|
|
67
|
+
// High entropy + no false-positive indicators → likely real
|
|
68
|
+
if (entropy > 4.0) {
|
|
69
|
+
return { verdict: 'sensitive', reason: `High entropy (${entropy.toFixed(2)}), no false-positive indicators`, confidence: 0.8 };
|
|
70
|
+
}
|
|
71
|
+
}
|
|
72
|
+
// Default: treat as sensitive (fail-closed)
|
|
73
|
+
return { verdict: 'sensitive', reason: 'No false-positive indicators detected', confidence: 0.6 };
|
|
74
|
+
}
|
|
75
|
+
// ── Helpers ──
|
|
76
|
+
function fp(reason, confidence) {
|
|
77
|
+
return { verdict: 'false_positive', reason, confidence };
|
|
78
|
+
}
|
|
79
|
+
function isRepeatedChars(s, threshold) {
|
|
80
|
+
const freq = new Map();
|
|
81
|
+
for (const ch of s) {
|
|
82
|
+
freq.set(ch, (freq.get(ch) ?? 0) + 1);
|
|
83
|
+
}
|
|
84
|
+
const maxFreq = Math.max(...freq.values());
|
|
85
|
+
return maxFreq / s.length > threshold;
|
|
86
|
+
}
|
|
87
|
+
function isSequentialChars(s) {
|
|
88
|
+
// Check if >=60% of adjacent chars are sequential (code point diff = +-1)
|
|
89
|
+
let sequential = 0;
|
|
90
|
+
for (let i = 1; i < s.length; i++) {
|
|
91
|
+
const diff = s.charCodeAt(i) - s.charCodeAt(i - 1);
|
|
92
|
+
if (diff === 1 || diff === -1)
|
|
93
|
+
sequential++;
|
|
94
|
+
}
|
|
95
|
+
return sequential / (s.length - 1) >= 0.6;
|
|
96
|
+
}
|
|
97
|
+
//# sourceMappingURL=heuristic-validator.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"heuristic-validator.js","sourceRoot":"","sources":["../../src/dlp/heuristic-validator.ts"],"names":[],"mappings":";AAAA;;;;;;GAMG;;AA8CH,8CAyDC;AArGD,6CAA8C;AAmB9C,yCAAyC;AAEzC,MAAM,iBAAiB,GAAG,IAAI,GAAG,CAAC;IAChC,sBAAsB;IACtB,0CAA0C;CAC3C,CAAC,CAAC;AAEH,MAAM,mBAAmB,GAAG;IAC1B,UAAU;IACV,UAAU;IACV,UAAU;CACX,CAAC;AAEF,6BAA6B;AAE7B,MAAM,uBAAuB,GAAG,wEAAwE,CAAC;AAEzG,MAAM,uBAAuB,GAAG,gHAAgH,CAAC;AAEjJ,8BAA8B;AAE9B,MAAM,aAAa,GAAG,2FAA2F,CAAC;AAElH,gCAAgC;AAEhC,SAAgB,iBAAiB,CAAC,GAAqB;IACrD,MAAM,EAAE,SAAS,EAAE,WAAW,EAAE,GAAG,GAAG,CAAC;IAEvC,0CAA0C;IAC1C,IAAI,iBAAiB,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC;QACrC,OAAO,EAAE,CAAC,0BAA0B,EAAE,IAAI,CAAC,CAAC;IAC9C,CAAC;IAED,8BAA8B;IAC9B,KAAK,MAAM,MAAM,IAAI,mBAAmB,EAAE,CAAC;QACzC,IAAI,SAAS,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;YACjC,OAAO,EAAE,CAAC,sBAAsB,MAAM,GAAG,EAAE,IAAI,CAAC,CAAC;QACnD,CAAC;IACH,CAAC;IAED,6CAA6C;IAC7C,IAAI,uBAAuB,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;QAC5C,OAAO,EAAE,CAAC,qCAAqC,EAAE,IAAI,CAAC,CAAC;IACzD,CAAC;IAED,+CAA+C;IAC/C,IAAI,SAAS,CAAC,MAAM,IAAI,CAAC,IAAI,eAAe,CAAC,SAAS,EAAE,GAAG,CAAC,EAAE,CAAC;QAC7D,OAAO,EAAE,CAAC,qBAAqB,EAAE,GAAG,CAAC,CAAC;IACxC,CAAC;IAED,uDAAuD;IACvD,IAAI,SAAS,CAAC,MAAM,IAAI,CAAC,IAAI,iBAAiB,CAAC,SAAS,CAAC,EAAE,CAAC;QAC1D,OAAO,EAAE,CAAC,uBAAuB,EAAE,GAAG,CAAC,CAAC;IAC1C,CAAC;IAED,sDAAsD;IACtD,IAAI,uBAAuB,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;QAC9C,OAAO,EAAE,CAAC,gCAAgC,EAAE,GAAG,CAAC,CAAC;IACnD,CAAC;IAED,uDAAuD;IACvD,IAAI,aAAa,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;QACpC,OAAO,EAAE,CAAC,iCAAiC,EAAE,IAAI,CAAC,CAAC;IACrD,CAAC;IAED,6DAA6D;IAC7D,IAAI,SAAS,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;QAC1B,MAAM,OAAO,GAAG,IAAA,2BAAc,EAAC,SAAS,CAAC,CAAC;QAE1C,yCAAyC;QACzC,IAAI,OAAO,GAAG,GAAG,EAAE,CAAC;YAClB,OAAO,EAAE,CAAC,gBAAgB,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;QACzD,CAAC;QAED,4DAA4D;QAC5D,IAAI,OAAO,GAAG,GAAG,EAAE,CAAC;YAClB,OAAO,EAAE,OAAO,EAAE,WAAW,EAAE,MAAM,EAAE,iBAAiB,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,iCAAiC,EAAE,UAAU,EAAE,GAAG,EAAE,CAAC;QACjI,CAAC;IACH,CAAC;IAED,4CAA4C;IAC5C,OAAO,EAAE,OAAO,EAAE,WAAW,EAAE,MAAM,EAAE,uCAAuC,EAAE,UAAU,EAAE,GAAG,EAAE,CAAC;AACpG,CAAC;AAED,gBAAgB;AAEhB,SAAS,EAAE,CAAC,MAAc,EAAE,UAAkB;IAC5C,OAAO,EAAE,OAAO,EAAE,gBAAgB,EAAE,MAAM,EAAE,UAAU,EAAE,CAAC;AAC3D,CAAC;AAED,SAAS,eAAe,CAAC,CAAS,EAAE,SAAiB;IACnD,MAAM,IAAI,GAAG,IAAI,GAAG,EAAkB,CAAC;IACvC,KAAK,MAAM,EAAE,IAAI,CAAC,EAAE,CAAC;QACnB,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;IACxC,CAAC;IACD,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;IAC3C,OAAO,OAAO,GAAG,CAAC,CAAC,MAAM,GAAG,SAAS,CAAC;AACxC,CAAC;AAED,SAAS,iBAAiB,CAAC,CAAS;IAClC,0EAA0E;IAC1E,IAAI,UAAU,GAAG,CAAC,CAAC;IACnB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAClC,MAAM,IAAI,GAAG,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,UAAU,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QACnD,IAAI,IAAI,KAAK,CAAC,IAAI,IAAI,KAAK,CAAC,CAAC;YAAE,UAAU,EAAE,CAAC;IAC9C,CAAC;IACD,OAAO,UAAU,GAAG,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,IAAI,GAAG,CAAC;AAC5C,CAAC"}
|
|
@@ -1,3 +1,3 @@
|
|
|
1
|
-
export type { BastionPlugin, PluginContext, ProxyRequest, ProxyResponse, PluginResult, PluginEvent, PluginManifest, Logger, DatabaseAccess, } from './types.js';
|
|
1
|
+
export type { BastionPlugin, PluginContext, ProxyRequest, ProxyResponse, PluginResult, PluginEvent, PluginManifest, Logger, DatabaseAccess, ClassificationResult, ClassifierProvider, } from './types.js';
|
|
2
2
|
export { PLUGIN_API_VERSION } from './types.js';
|
|
3
3
|
//# sourceMappingURL=index.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/plugin-api/index.ts"],"names":[],"mappings":"AAAA,YAAY,EACV,aAAa,EACb,aAAa,EACb,YAAY,EACZ,aAAa,EACb,YAAY,EACZ,WAAW,EACX,cAAc,EACd,MAAM,EACN,cAAc,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/plugin-api/index.ts"],"names":[],"mappings":"AAAA,YAAY,EACV,aAAa,EACb,aAAa,EACb,YAAY,EACZ,aAAa,EACb,YAAY,EACZ,WAAW,EACX,cAAc,EACd,MAAM,EACN,cAAc,EACd,oBAAoB,EACpB,kBAAkB,GACnB,MAAM,YAAY,CAAC;AACpB,OAAO,EAAE,kBAAkB,EAAE,MAAM,YAAY,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/plugin-api/index.ts"],"names":[],"mappings":";;;
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/plugin-api/index.ts"],"names":[],"mappings":";;;AAaA,uCAAgD;AAAvC,8GAAA,kBAAkB,OAAA"}
|