@aion0/bastion 0.1.11 → 0.1.13
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +49 -6
- package/README.zh.md +48 -22
- package/config/default.yaml +2 -2
- package/dist/cli/commands/plugins.d.ts +3 -0
- package/dist/cli/commands/plugins.d.ts.map +1 -0
- package/dist/cli/commands/plugins.js +201 -0
- package/dist/cli/commands/plugins.js.map +1 -0
- package/dist/cli/commands/start.d.ts.map +1 -1
- package/dist/cli/commands/start.js +0 -18
- package/dist/cli/commands/start.js.map +1 -1
- package/dist/cli/index.js +2 -0
- package/dist/cli/index.js.map +1 -1
- package/dist/config/paths.d.ts +2 -0
- package/dist/config/paths.d.ts.map +1 -1
- package/dist/config/paths.js +2 -0
- package/dist/config/paths.js.map +1 -1
- package/dist/config/schema.d.ts +29 -1
- package/dist/config/schema.d.ts.map +1 -1
- package/dist/core/bootstrap.d.ts.map +1 -1
- package/dist/core/bootstrap.js +10 -0
- package/dist/core/bootstrap.js.map +1 -1
- package/dist/dashboard/api-routes.d.ts.map +1 -1
- package/dist/dashboard/api-routes.js +114 -50
- package/dist/dashboard/api-routes.js.map +1 -1
- package/dist/dashboard/page.d.ts.map +1 -1
- package/dist/dashboard/page.js +132 -69
- package/dist/dashboard/page.js.map +1 -1
- package/dist/dlp/ai-validator.d.ts +5 -2
- package/dist/dlp/ai-validator.d.ts.map +1 -1
- package/dist/dlp/ai-validator.js +20 -2
- package/dist/dlp/ai-validator.js.map +1 -1
- package/dist/dlp/heuristic-validator.d.ts +24 -0
- package/dist/dlp/heuristic-validator.d.ts.map +1 -0
- package/dist/dlp/heuristic-validator.js +97 -0
- package/dist/dlp/heuristic-validator.js.map +1 -0
- package/dist/plugin-api/index.d.ts +1 -1
- package/dist/plugin-api/index.d.ts.map +1 -1
- package/dist/plugin-api/index.js.map +1 -1
- package/dist/plugin-api/types.d.ts +19 -0
- package/dist/plugin-api/types.d.ts.map +1 -1
- package/dist/plugins/builtin/audit-logger.js +1 -1
- package/dist/plugins/builtin/dlp-scanner.d.ts +2 -0
- package/dist/plugins/builtin/dlp-scanner.d.ts.map +1 -1
- package/dist/plugins/builtin/dlp-scanner.js +9 -3
- package/dist/plugins/builtin/dlp-scanner.js.map +1 -1
- package/dist/plugins/builtin/metrics-collector.js +1 -1
- package/dist/plugins/builtin/metrics-collector.js.map +1 -1
- package/dist/plugins/builtin/threat-scorer.d.ts +6 -0
- package/dist/plugins/builtin/threat-scorer.d.ts.map +1 -0
- package/dist/plugins/builtin/threat-scorer.js +266 -0
- package/dist/plugins/builtin/threat-scorer.js.map +1 -0
- package/dist/plugins/builtin/token-optimizer.js +1 -1
- package/dist/plugins/builtin/tool-guard.d.ts.map +1 -1
- package/dist/plugins/builtin/tool-guard.js +18 -5
- package/dist/plugins/builtin/tool-guard.js.map +1 -1
- package/dist/plugins/loader.d.ts.map +1 -1
- package/dist/plugins/loader.js +22 -5
- package/dist/plugins/loader.js.map +1 -1
- package/dist/plugins/types.d.ts +3 -0
- package/dist/plugins/types.d.ts.map +1 -1
- package/dist/storage/migrations.d.ts.map +1 -1
- package/dist/storage/migrations.js +43 -0
- package/dist/storage/migrations.js.map +1 -1
- package/dist/storage/repositories/taint-marks.d.ts +26 -0
- package/dist/storage/repositories/taint-marks.d.ts.map +1 -0
- package/dist/storage/repositories/taint-marks.js +27 -0
- package/dist/storage/repositories/taint-marks.js.map +1 -0
- package/dist/storage/repositories/threat-score-events.d.ts +27 -0
- package/dist/storage/repositories/threat-score-events.d.ts.map +1 -0
- package/dist/storage/repositories/threat-score-events.js +24 -0
- package/dist/storage/repositories/threat-score-events.js.map +1 -0
- package/dist/storage/repositories/threat-scores.d.ts +26 -0
- package/dist/storage/repositories/threat-scores.d.ts.map +1 -0
- package/dist/storage/repositories/threat-scores.js +42 -0
- package/dist/storage/repositories/threat-scores.js.map +1 -0
- package/dist/storage/repositories/tool-chain-detections.d.ts +24 -0
- package/dist/storage/repositories/tool-chain-detections.d.ts.map +1 -0
- package/dist/storage/repositories/tool-chain-detections.js +27 -0
- package/dist/storage/repositories/tool-chain-detections.js.map +1 -0
- package/dist/tool-guard/chain-detector.d.ts +18 -0
- package/dist/tool-guard/chain-detector.d.ts.map +1 -0
- package/dist/tool-guard/chain-detector.js +55 -0
- package/dist/tool-guard/chain-detector.js.map +1 -0
- package/dist/tool-guard/chain-rules.d.ts +10 -0
- package/dist/tool-guard/chain-rules.d.ts.map +1 -0
- package/dist/tool-guard/chain-rules.js +30 -0
- package/dist/tool-guard/chain-rules.js.map +1 -0
- package/dist/tool-guard/taint-tracker.d.ts +24 -0
- package/dist/tool-guard/taint-tracker.d.ts.map +1 -0
- package/dist/tool-guard/taint-tracker.js +70 -0
- package/dist/tool-guard/taint-tracker.js.map +1 -0
- package/integration/openclaw-docker/fix-issues/not-install-brew/Dockerfile.patch +31 -0
- package/integration/openclaw-docker/fix-issues/not-install-brew/docker-setup.sh.patch +33 -0
- package/package.json +1 -1
- package/dist/license/verify.d.ts +0 -18
- package/dist/license/verify.d.ts.map +0 -1
- package/dist/license/verify.js +0 -71
- package/dist/license/verify.js.map +0 -1
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"loader.d.ts","sourceRoot":"","sources":["../../src/plugins/loader.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,QAAQ,MAAM,gBAAgB,CAAC;AAG3C,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,YAAY,CAAC;AACzC,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AAQrD,MAAM,WAAW,oBAAoB;IACnC,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAClC;AAED,wBAAsB,mBAAmB,CACvC,eAAe,EAAE,oBAAoB,EAAE,EACvC,EAAE,EAAE,QAAQ,CAAC,QAAQ,EACrB,QAAQ,EAAE,cAAc,GACvB,OAAO,CAAC;IAAE,OAAO,EAAE,MAAM,EAAE,CAAC;IAAC,gBAAgB,EAAE,KAAK,CAAC,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC;IAAC,cAAc,EAAE,CAAC,UAAU,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,KAAK,OAAO,GAAG,SAAS,CAAA;CAAE,CAAC,
|
|
1
|
+
{"version":3,"file":"loader.d.ts","sourceRoot":"","sources":["../../src/plugins/loader.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,QAAQ,MAAM,gBAAgB,CAAC;AAG3C,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,YAAY,CAAC;AACzC,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AAQrD,MAAM,WAAW,oBAAoB;IACnC,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAClC;AAED,wBAAsB,mBAAmB,CACvC,eAAe,EAAE,oBAAoB,EAAE,EACvC,EAAE,EAAE,QAAQ,CAAC,QAAQ,EACrB,QAAQ,EAAE,cAAc,GACvB,OAAO,CAAC;IAAE,OAAO,EAAE,MAAM,EAAE,CAAC;IAAC,gBAAgB,EAAE,KAAK,CAAC,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC;IAAC,cAAc,EAAE,CAAC,UAAU,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,KAAK,OAAO,GAAG,SAAS,CAAA;CAAE,CAAC,CAwHxJ"}
|
package/dist/plugins/loader.js
CHANGED
|
@@ -18,10 +18,25 @@ async function loadExternalPlugins(externalConfigs, db, eventBus) {
|
|
|
18
18
|
log.info('External plugin disabled, skipping', { package: cfg.package });
|
|
19
19
|
continue;
|
|
20
20
|
}
|
|
21
|
-
// Dynamic import
|
|
21
|
+
// Dynamic import — resolve directory to package.json main entry for ESM compatibility
|
|
22
|
+
let importPath = cfg.package;
|
|
23
|
+
try {
|
|
24
|
+
const { join } = await import('node:path');
|
|
25
|
+
const { readFileSync, statSync } = await import('node:fs');
|
|
26
|
+
const s = statSync(importPath);
|
|
27
|
+
if (s.isDirectory()) {
|
|
28
|
+
const pkgPath = join(importPath, 'package.json');
|
|
29
|
+
const pkg = JSON.parse(readFileSync(pkgPath, 'utf-8'));
|
|
30
|
+
const entry = pkg.main ?? 'index.js';
|
|
31
|
+
importPath = join(importPath, entry);
|
|
32
|
+
}
|
|
33
|
+
}
|
|
34
|
+
catch {
|
|
35
|
+
// If stat/read fails, keep original path and let import() handle the error
|
|
36
|
+
}
|
|
22
37
|
let mod;
|
|
23
38
|
try {
|
|
24
|
-
mod = await import(
|
|
39
|
+
mod = await import(importPath);
|
|
25
40
|
}
|
|
26
41
|
catch (err) {
|
|
27
42
|
log.warn('Failed to import external plugin package', {
|
|
@@ -74,9 +89,11 @@ async function loadExternalPlugins(externalConfigs, db, eventBus) {
|
|
|
74
89
|
});
|
|
75
90
|
continue;
|
|
76
91
|
}
|
|
77
|
-
// Adapt to internal Plugin interface
|
|
78
|
-
const
|
|
79
|
-
|
|
92
|
+
// Adapt to internal Plugin interface — use declared priority if available
|
|
93
|
+
const declaredPriority = externalPlugin.priority ?? priorityCounter;
|
|
94
|
+
const adapted = (0, adapter_js_1.adaptPlugin)(externalPlugin, declaredPriority, repo, cfg.package);
|
|
95
|
+
if (!externalPlugin.priority)
|
|
96
|
+
priorityCounter += 1;
|
|
80
97
|
plugins.push(adapted);
|
|
81
98
|
// Collect destroy callbacks
|
|
82
99
|
if (externalPlugin.onDestroy) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"loader.js","sourceRoot":"","sources":["../../src/plugins/loader.ts"],"names":[],"mappings":";;AAkBA,
|
|
1
|
+
{"version":3,"file":"loader.js","sourceRoot":"","sources":["../../src/plugins/loader.ts"],"names":[],"mappings":";;AAkBA,kDA4HC;AA5ID,qDAA4D;AAG5D,+EAAkF;AAClF,6CAA+E;AAC/E,6CAA2C;AAC3C,kDAAkD;AAElD,MAAM,GAAG,GAAG,IAAA,wBAAY,EAAC,eAAe,CAAC,CAAC;AAQnC,KAAK,UAAU,mBAAmB,CACvC,eAAuC,EACvC,EAAqB,EACrB,QAAwB;IAExB,MAAM,OAAO,GAAa,EAAE,CAAC;IAC7B,MAAM,gBAAgB,GAA+B,EAAE,CAAC;IACxD,MAAM,UAAU,GAAG,IAAI,GAAG,EAAiC,CAAC;IAC5D,MAAM,IAAI,GAAG,IAAI,yCAAsB,CAAC,EAAE,CAAC,CAAC;IAC5C,IAAI,eAAe,GAAG,EAAE,CAAC;IAEzB,KAAK,MAAM,GAAG,IAAI,eAAe,EAAE,CAAC;QAClC,IAAI,GAAG,CAAC,OAAO,KAAK,KAAK,EAAE,CAAC;YAC1B,GAAG,CAAC,IAAI,CAAC,oCAAoC,EAAE,EAAE,OAAO,EAAE,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;YACzE,SAAS;QACX,CAAC;QAED,sFAAsF;QACtF,IAAI,UAAU,GAAG,GAAG,CAAC,OAAO,CAAC;QAC7B,IAAI,CAAC;YACH,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,MAAM,CAAC,WAAW,CAAC,CAAC;YAC3C,MAAM,EAAE,YAAY,EAAE,QAAQ,EAAE,GAAG,MAAM,MAAM,CAAC,SAAS,CAAC,CAAC;YAC3D,MAAM,CAAC,GAAG,QAAQ,CAAC,UAAU,CAAC,CAAC;YAC/B,IAAI,CAAC,CAAC,WAAW,EAAE,EAAE,CAAC;gBACpB,MAAM,OAAO,GAAG,IAAI,CAAC,UAAU,EAAE,cAAc,CAAC,CAAC;gBACjD,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC;gBACvD,MAAM,KAAK,GAAG,GAAG,CAAC,IAAI,IAAI,UAAU,CAAC;gBACrC,UAAU,GAAG,IAAI,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC;YACvC,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,2EAA2E;QAC7E,CAAC;QAED,IAAI,GAA4B,CAAC;QACjC,IAAI,CAAC;YACH,GAAG,GAAG,MAAM,MAAM,CAAC,UAAU,CAAC,CAAC;QACjC,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,GAAG,CAAC,IAAI,CAAC,0CAA0C,EAAE;gBACnD,OAAO,EAAE,GAAG,CAAC,OAAO;gBACpB,KAAK,EAAG,GAAa,CAAC,OAAO;aAC9B,CAAC,CAAC;YACH,SAAS;QACX,CAAC;QAED,8CAA8C;QAC9C,MAAM,UAAU,GAAG,CAAC,GAAG,CAAC,QAAQ,IAAK,GAAG,CAAC,OAAmC,EAAE,QAAQ,CAEzE,CAAC;QAEd,IAAI,OAAO,UAAU,KAAK,UAAU,EAAE,CAAC;YACrC,GAAG,CAAC,IAAI,CAAC,kDAAkD,EAAE,EAAE,OAAO,EAAE,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;YACvF,SAAS;QACX,CAAC;QAED,kBAAkB;QAClB,IAAI,QAAuD,CAAC;QAC5D,IAAI,CAAC;YACH,QAAQ,GAAG,UAAU,EAAE,CAAC;QAC1B,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,GAAG,CAAC,IAAI,CAAC,kCAAkC,EAAE;gBAC3C,OAAO,EAAE,GAAG,CAAC,OAAO;gBACpB,KAAK,EAAG,GAAa,CAAC,OAAO;aAC9B,CAAC,CAAC;YACH,SAAS;QACX,CAAC;QAED,wCAAwC;QACxC,KAAK,MAAM,cAAc,IAAI,QAAQ,CAAC,OAAO,EAAE,CAAC;YAC9C,sBAAsB;YACtB,IAAI,cAAc,CAAC,UAAU,KAAK,6BAAkB,EAAE,CAAC;gBACrD,GAAG,CAAC,IAAI,CAAC,+CAA+C,EAAE;oBACxD,MAAM,EAAE,cAAc,CAAC,IAAI;oBAC3B,QAAQ,EAAE,6BAAkB;oBAC5B,GAAG,EAAE,cAAc,CAAC,UAAU;iBAC/B,CAAC,CAAC;gBACH,SAAS;YACX,CAAC;YAED,iCAAiC;YACjC,MAAM,OAAO,GAAG,IAAA,gCAAmB,EACjC,cAAc,CAAC,IAAI,EACnB,GAAG,CAAC,MAAM,IAAI,EAAE,EAChB,IAAI,EACJ,QAAQ,CACT,CAAC;YACF,UAAU,CAAC,GAAG,CAAC,cAAc,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;YAE7C,IAAI,CAAC;gBACH,IAAI,cAAc,CAAC,MAAM,EAAE,CAAC;oBAC1B,MAAM,cAAc,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;gBACvC,CAAC;YACH,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,GAAG,CAAC,IAAI,CAAC,yCAAyC,EAAE;oBAClD,MAAM,EAAE,cAAc,CAAC,IAAI;oBAC3B,KAAK,EAAG,GAAa,CAAC,OAAO;iBAC9B,CAAC,CAAC;gBACH,SAAS;YACX,CAAC;YAED,0EAA0E;YAC1E,MAAM,gBAAgB,GAAG,cAAc,CAAC,QAAQ,IAAI,eAAe,CAAC;YACpE,MAAM,OAAO,GAAG,IAAA,wBAAW,EAAC,cAAc,EAAE,gBAAgB,EAAE,IAAI,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC;YACjF,IAAI,CAAC,cAAc,CAAC,QAAQ;gBAAE,eAAe,IAAI,CAAC,CAAC;YACnD,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAEtB,4BAA4B;YAC5B,IAAI,cAAc,CAAC,SAAS,EAAE,CAAC;gBAC7B,gBAAgB,CAAC,IAAI,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,CAAC;YACvE,CAAC;YAED,GAAG,CAAC,IAAI,CAAC,wBAAwB,EAAE;gBACjC,MAAM,EAAE,cAAc,CAAC,IAAI;gBAC3B,OAAO,EAAE,cAAc,CAAC,OAAO;gBAC/B,QAAQ,EAAE,OAAO,CAAC,QAAQ;aAC3B,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,SAAS,cAAc,CAAC,UAAkB,EAAE,GAAW;QACrD,MAAM,GAAG,GAAG,UAAU,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QACvC,OAAO,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IAC9C,CAAC;IAED,OAAO,EAAE,OAAO,EAAE,gBAAgB,EAAE,cAAc,EAAE,CAAC;AACvD,CAAC"}
|
package/dist/plugins/types.d.ts
CHANGED
|
@@ -26,6 +26,9 @@ export interface RequestContext {
|
|
|
26
26
|
_toolGuardStreamBlock?: string;
|
|
27
27
|
/** Internal: DB-loaded rules for streaming guard (set by tool-guard onRequest) */
|
|
28
28
|
_toolGuardRules?: import('../tool-guard/rules.js').ToolGuardRule[];
|
|
29
|
+
/** Internal: set by threat-scorer for tool-guard to read */
|
|
30
|
+
_threatLevel?: 'normal' | 'elevated' | 'high' | 'critical';
|
|
31
|
+
_threatScore?: number;
|
|
29
32
|
}
|
|
30
33
|
export interface ResponseCompleteContext {
|
|
31
34
|
request: RequestContext;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/plugins/types.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,cAAc;IAC7B,EAAE,EAAE,MAAM,CAAC;IACX,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAChC,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACpC,WAAW,EAAE,OAAO,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,4EAA4E;IAC5E,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,yDAAyD;IACzD,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,+FAA+F;IAC/F,kBAAkB,CAAC,EAAE,OAAO,CAAC;IAC7B;mDAC+C;IAC/C,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B,kFAAkF;IAClF,eAAe,CAAC,EAAE,OAAO,wBAAwB,EAAE,aAAa,EAAE,CAAC;
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/plugins/types.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,cAAc;IAC7B,EAAE,EAAE,MAAM,CAAC;IACX,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAChC,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACpC,WAAW,EAAE,OAAO,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,4EAA4E;IAC5E,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,yDAAyD;IACzD,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,+FAA+F;IAC/F,kBAAkB,CAAC,EAAE,OAAO,CAAC;IAC7B;mDAC+C;IAC/C,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B,kFAAkF;IAClF,eAAe,CAAC,EAAE,OAAO,wBAAwB,EAAE,aAAa,EAAE,CAAC;IACnE,4DAA4D;IAC5D,YAAY,CAAC,EAAE,QAAQ,GAAG,UAAU,GAAG,MAAM,GAAG,UAAU,CAAC;IAC3D,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED,MAAM,WAAW,uBAAuB;IACtC,OAAO,EAAE,cAAc,CAAC;IACxB,UAAU,EAAE,MAAM,CAAC;IACnB,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC;IAC3C,KAAK,EAAE;QACL,WAAW,EAAE,MAAM,CAAC;QACpB,YAAY,EAAE,MAAM,CAAC;QACrB,mBAAmB,EAAE,MAAM,CAAC;QAC5B,eAAe,EAAE,MAAM,CAAC;KACzB,CAAC;IACF,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,OAAO,CAAC;IACrB,8EAA8E;IAC9E,SAAS,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,CAAC;CACvC;AAED,MAAM,WAAW,oBAAoB;IACnC,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAChC,IAAI,EAAE,MAAM,CAAC;CACd;AAED,MAAM,WAAW,mBAAmB;IAClC,YAAY,CAAC,EAAE,oBAAoB,CAAC;IACpC,OAAO,CAAC,EAAE;QAAE,MAAM,EAAE,MAAM,CAAA;KAAE,CAAC;IAC7B,WAAW,CAAC,EAAE;QAAE,UAAU,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAA;KAAE,CAAC;IACrD,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED,MAAM,WAAW,wBAAwB;IACvC,OAAO,EAAE,cAAc,CAAC;IACxB,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAChC,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC;IAC3C,WAAW,EAAE,OAAO,CAAC;CACtB;AAED,MAAM,WAAW,oBAAoB;IACnC,OAAO,CAAC,EAAE;QAAE,MAAM,EAAE,MAAM,CAAA;KAAE,CAAC;IAC7B,WAAW,CAAC,EAAE;QAAE,UAAU,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAA;KAAE,CAAC;IACrD,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED,MAAM,WAAW,MAAM;IACrB,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,MAAM,CAAC,EAAE,SAAS,GAAG,UAAU,CAAC;IAChC,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,SAAS,CAAC,CAAC,OAAO,EAAE,cAAc,GAAG,OAAO,CAAC,mBAAmB,GAAG,IAAI,CAAC,CAAC;IACzE,UAAU,CAAC,CAAC,OAAO,EAAE,wBAAwB,GAAG,OAAO,CAAC,oBAAoB,GAAG,IAAI,CAAC,CAAC;IACrF,kBAAkB,CAAC,CAAC,OAAO,EAAE,uBAAuB,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CACtE"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"migrations.d.ts","sourceRoot":"","sources":["../../src/storage/migrations.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,QAAQ,MAAM,gBAAgB,CAAC;
|
|
1
|
+
{"version":3,"file":"migrations.d.ts","sourceRoot":"","sources":["../../src/storage/migrations.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,QAAQ,MAAM,gBAAgB,CAAC;AA8R3C,wBAAgB,aAAa,CAAC,EAAE,EAAE,QAAQ,CAAC,QAAQ,GAAG,IAAI,CAqCzD"}
|
|
@@ -223,6 +223,49 @@ const MIGRATIONS = [
|
|
|
223
223
|
// Migration 16: DLP patterns — context_verify column for anti-pattern / entropy / code-block checks
|
|
224
224
|
`
|
|
225
225
|
ALTER TABLE dlp_patterns ADD COLUMN context_verify TEXT;
|
|
226
|
+
`,
|
|
227
|
+
// Migration 17: Threat Intelligence — session threat scoring, tool chain detection, taint tracking
|
|
228
|
+
`
|
|
229
|
+
CREATE TABLE IF NOT EXISTS threat_scores (
|
|
230
|
+
session_id TEXT PRIMARY KEY,
|
|
231
|
+
score REAL DEFAULT 0,
|
|
232
|
+
level TEXT DEFAULT 'normal',
|
|
233
|
+
event_count INTEGER DEFAULT 0,
|
|
234
|
+
last_event_at TEXT,
|
|
235
|
+
updated_at TEXT DEFAULT (datetime('now'))
|
|
236
|
+
);
|
|
237
|
+
|
|
238
|
+
CREATE TABLE IF NOT EXISTS threat_score_events (
|
|
239
|
+
id TEXT PRIMARY KEY,
|
|
240
|
+
session_id TEXT NOT NULL,
|
|
241
|
+
event_type TEXT NOT NULL,
|
|
242
|
+
source_event TEXT,
|
|
243
|
+
points REAL NOT NULL,
|
|
244
|
+
score_after REAL NOT NULL,
|
|
245
|
+
level_after TEXT NOT NULL,
|
|
246
|
+
created_at TEXT DEFAULT (datetime('now'))
|
|
247
|
+
);
|
|
248
|
+
CREATE INDEX IF NOT EXISTS idx_tse_session ON threat_score_events(session_id);
|
|
249
|
+
|
|
250
|
+
CREATE TABLE IF NOT EXISTS tool_chain_detections (
|
|
251
|
+
id TEXT PRIMARY KEY,
|
|
252
|
+
session_id TEXT NOT NULL,
|
|
253
|
+
rule_id TEXT NOT NULL,
|
|
254
|
+
matched_sequence TEXT NOT NULL,
|
|
255
|
+
action TEXT NOT NULL,
|
|
256
|
+
created_at TEXT DEFAULT (datetime('now'))
|
|
257
|
+
);
|
|
258
|
+
|
|
259
|
+
CREATE TABLE IF NOT EXISTS taint_marks (
|
|
260
|
+
id TEXT PRIMARY KEY,
|
|
261
|
+
session_id TEXT NOT NULL,
|
|
262
|
+
request_id TEXT NOT NULL,
|
|
263
|
+
pattern_name TEXT NOT NULL,
|
|
264
|
+
direction TEXT NOT NULL,
|
|
265
|
+
fingerprint TEXT,
|
|
266
|
+
created_at TEXT DEFAULT (datetime('now'))
|
|
267
|
+
);
|
|
268
|
+
CREATE INDEX IF NOT EXISTS idx_taint_session ON taint_marks(session_id);
|
|
226
269
|
`,
|
|
227
270
|
];
|
|
228
271
|
function runMigrations(db) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"migrations.js","sourceRoot":"","sources":["../../src/storage/migrations.ts"],"names":[],"mappings":";;
|
|
1
|
+
{"version":3,"file":"migrations.js","sourceRoot":"","sources":["../../src/storage/migrations.ts"],"names":[],"mappings":";;AA8RA,sCAqCC;AAjUD,MAAM,UAAU,GAAa;IAC3B,8BAA8B;IAC9B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAqDC;IAED,2EAA2E;IAC3E;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAiCC;IAED,6EAA6E;IAC7E;;;;;;;;;;;GAWC;IAED,0EAA0E;IAC1E;;;;;;;;;;;;;;GAcC;IAED,mEAAmE;IACnE;;GAEC;IAED,yDAAyD;IACzD;;;;GAIC;IAED,yCAAyC;IACzC;;;;;;GAMC;IAED,uDAAuD;IACvD;;;;;;;;;;;;;;;;;;;GAmBC;IAED,+DAA+D;IAC/D;;GAEC;IAED,4EAA4E;IAC5E;;;;;;;;;;;;;;;GAeC;IAED,gFAAgF;IAChF,iGAAiG;IACjG;;;;GAIC;IAED,sGAAsG;IACtG;;GAEC;IAED,gEAAgE;IAChE;;;GAGC;IAED,iEAAiE;IACjE;;;GAGC;IAED,sEAAsE;IACtE;;;;;;;;;;;;;;;;GAgBC;IAED,oGAAoG;IACpG;;GAEC;IAED,mGAAmG;IACnG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAyCC;CACF,CAAC;AAEF,SAAgB,aAAa,CAAC,EAAqB;IACjD,qCAAqC;IACrC,EAAE,CAAC,IAAI,CAAC;;;;;GAKP,CAAC,CAAC;IAEH,MAAM,cAAc,GAAG,EAAE,CAAC,OAAO,CAAC,oDAAoD,CAAC,CAAC,GAAG,EAE9E,CAAC;IACd,MAAM,OAAO,GAAG,cAAc,EAAE,OAAO,IAAI,CAAC,CAAC;IAE7C,KAAK,IAAI,CAAC,GAAG,OAAO,EAAE,CAAC,GAAG,UAAU,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACjD,IAAI,CAAC;YACH,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC;QACzB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,wEAAwE;YACxE,IAAI,GAAG,YAAY,KAAK,IAAI,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,kBAAkB,CAAC,EAAE,CAAC;gBACrE,oEAAoE;gBACpE,MAAM,UAAU,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;gBAC/E,KAAK,MAAM,IAAI,IAAI,UAAU,EAAE,CAAC;oBAC9B,IAAI,CAAC;wBACH,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;oBAChB,CAAC;oBAAC,OAAO,OAAO,EAAE,CAAC;wBACjB,IAAI,CAAC,CAAC,OAAO,YAAY,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,QAAQ,CAAC,kBAAkB,CAAC,EAAE,CAAC;4BACjF,MAAM,OAAO,CAAC;wBAChB,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,MAAM,GAAG,CAAC;YACZ,CAAC;QACH,CAAC;QACD,EAAE,CAAC,OAAO,CAAC,iDAAiD,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;IAC3E,CAAC;AACH,CAAC"}
|
|
@@ -0,0 +1,26 @@
|
|
|
1
|
+
import type Database from 'better-sqlite3';
|
|
2
|
+
export interface TaintMarkRecord {
|
|
3
|
+
id: string;
|
|
4
|
+
session_id: string;
|
|
5
|
+
request_id: string;
|
|
6
|
+
pattern_name: string;
|
|
7
|
+
direction: string;
|
|
8
|
+
fingerprint: string | null;
|
|
9
|
+
created_at: string;
|
|
10
|
+
}
|
|
11
|
+
export declare class TaintMarksRepository {
|
|
12
|
+
private db;
|
|
13
|
+
constructor(db: Database.Database);
|
|
14
|
+
insert(record: {
|
|
15
|
+
id: string;
|
|
16
|
+
session_id: string;
|
|
17
|
+
request_id: string;
|
|
18
|
+
pattern_name: string;
|
|
19
|
+
direction: string;
|
|
20
|
+
fingerprint: string | null;
|
|
21
|
+
}): void;
|
|
22
|
+
getBySession(sessionId: string): TaintMarkRecord[];
|
|
23
|
+
getActiveBySession(sessionId: string, withinMinutes?: number): TaintMarkRecord[];
|
|
24
|
+
purgeOlderThan(hours: number): number;
|
|
25
|
+
}
|
|
26
|
+
//# sourceMappingURL=taint-marks.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"taint-marks.d.ts","sourceRoot":"","sources":["../../../src/storage/repositories/taint-marks.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,QAAQ,MAAM,gBAAgB,CAAC;AAE3C,MAAM,WAAW,eAAe;IAC9B,EAAE,EAAE,MAAM,CAAC;IACX,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,qBAAa,oBAAoB;IAC/B,OAAO,CAAC,EAAE,CAAoB;gBAElB,EAAE,EAAE,QAAQ,CAAC,QAAQ;IAIjC,MAAM,CAAC,MAAM,EAAE;QACb,EAAE,EAAE,MAAM,CAAC;QACX,UAAU,EAAE,MAAM,CAAC;QACnB,UAAU,EAAE,MAAM,CAAC;QACnB,YAAY,EAAE,MAAM,CAAC;QACrB,SAAS,EAAE,MAAM,CAAC;QAClB,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;KAC5B,GAAG,IAAI;IAOR,YAAY,CAAC,SAAS,EAAE,MAAM,GAAG,eAAe,EAAE;IAMlD,kBAAkB,CAAC,SAAS,EAAE,MAAM,EAAE,aAAa,GAAE,MAAW,GAAG,eAAe,EAAE;IAMpF,cAAc,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM;CAMtC"}
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.TaintMarksRepository = void 0;
|
|
4
|
+
class TaintMarksRepository {
|
|
5
|
+
db;
|
|
6
|
+
constructor(db) {
|
|
7
|
+
this.db = db;
|
|
8
|
+
}
|
|
9
|
+
insert(record) {
|
|
10
|
+
this.db.prepare(`
|
|
11
|
+
INSERT INTO taint_marks (id, session_id, request_id, pattern_name, direction, fingerprint)
|
|
12
|
+
VALUES (@id, @session_id, @request_id, @pattern_name, @direction, @fingerprint)
|
|
13
|
+
`).run(record);
|
|
14
|
+
}
|
|
15
|
+
getBySession(sessionId) {
|
|
16
|
+
return this.db.prepare('SELECT * FROM taint_marks WHERE session_id = ? ORDER BY created_at DESC').all(sessionId);
|
|
17
|
+
}
|
|
18
|
+
getActiveBySession(sessionId, withinMinutes = 60) {
|
|
19
|
+
return this.db.prepare(`SELECT * FROM taint_marks WHERE session_id = ? AND created_at > datetime('now', '-' || ? || ' minutes') ORDER BY created_at DESC`).all(sessionId, withinMinutes);
|
|
20
|
+
}
|
|
21
|
+
purgeOlderThan(hours) {
|
|
22
|
+
const result = this.db.prepare(`DELETE FROM taint_marks WHERE created_at < datetime('now', '-' || ? || ' hours')`).run(hours);
|
|
23
|
+
return result.changes;
|
|
24
|
+
}
|
|
25
|
+
}
|
|
26
|
+
exports.TaintMarksRepository = TaintMarksRepository;
|
|
27
|
+
//# sourceMappingURL=taint-marks.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"taint-marks.js","sourceRoot":"","sources":["../../../src/storage/repositories/taint-marks.ts"],"names":[],"mappings":";;;AAYA,MAAa,oBAAoB;IACvB,EAAE,CAAoB;IAE9B,YAAY,EAAqB;QAC/B,IAAI,CAAC,EAAE,GAAG,EAAE,CAAC;IACf,CAAC;IAED,MAAM,CAAC,MAON;QACC,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC;;;KAGf,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IACjB,CAAC;IAED,YAAY,CAAC,SAAiB;QAC5B,OAAO,IAAI,CAAC,EAAE,CAAC,OAAO,CACpB,yEAAyE,CAC1E,CAAC,GAAG,CAAC,SAAS,CAAsB,CAAC;IACxC,CAAC;IAED,kBAAkB,CAAC,SAAiB,EAAE,gBAAwB,EAAE;QAC9D,OAAO,IAAI,CAAC,EAAE,CAAC,OAAO,CACpB,kIAAkI,CACnI,CAAC,GAAG,CAAC,SAAS,EAAE,aAAa,CAAsB,CAAC;IACvD,CAAC;IAED,cAAc,CAAC,KAAa;QAC1B,MAAM,MAAM,GAAG,IAAI,CAAC,EAAE,CAAC,OAAO,CAC5B,kFAAkF,CACnF,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACb,OAAO,MAAM,CAAC,OAAO,CAAC;IACxB,CAAC;CACF;AAvCD,oDAuCC"}
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
import type Database from 'better-sqlite3';
|
|
2
|
+
export interface ThreatScoreEventRecord {
|
|
3
|
+
id: string;
|
|
4
|
+
session_id: string;
|
|
5
|
+
event_type: string;
|
|
6
|
+
source_event: string | null;
|
|
7
|
+
points: number;
|
|
8
|
+
score_after: number;
|
|
9
|
+
level_after: string;
|
|
10
|
+
created_at: string;
|
|
11
|
+
}
|
|
12
|
+
export declare class ThreatScoreEventsRepository {
|
|
13
|
+
private db;
|
|
14
|
+
constructor(db: Database.Database);
|
|
15
|
+
insert(record: {
|
|
16
|
+
id: string;
|
|
17
|
+
session_id: string;
|
|
18
|
+
event_type: string;
|
|
19
|
+
source_event: string | null;
|
|
20
|
+
points: number;
|
|
21
|
+
score_after: number;
|
|
22
|
+
level_after: string;
|
|
23
|
+
}): void;
|
|
24
|
+
getBySession(sessionId: string, limit?: number): ThreatScoreEventRecord[];
|
|
25
|
+
purgeOlderThan(hours: number): number;
|
|
26
|
+
}
|
|
27
|
+
//# sourceMappingURL=threat-score-events.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"threat-score-events.d.ts","sourceRoot":"","sources":["../../../src/storage/repositories/threat-score-events.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,QAAQ,MAAM,gBAAgB,CAAC;AAE3C,MAAM,WAAW,sBAAsB;IACrC,EAAE,EAAE,MAAM,CAAC;IACX,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,MAAM,EAAE,MAAM,CAAC;IACf,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,qBAAa,2BAA2B;IACtC,OAAO,CAAC,EAAE,CAAoB;gBAElB,EAAE,EAAE,QAAQ,CAAC,QAAQ;IAIjC,MAAM,CAAC,MAAM,EAAE;QACb,EAAE,EAAE,MAAM,CAAC;QACX,UAAU,EAAE,MAAM,CAAC;QACnB,UAAU,EAAE,MAAM,CAAC;QACnB,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;QAC5B,MAAM,EAAE,MAAM,CAAC;QACf,WAAW,EAAE,MAAM,CAAC;QACpB,WAAW,EAAE,MAAM,CAAC;KACrB,GAAG,IAAI;IAOR,YAAY,CAAC,SAAS,EAAE,MAAM,EAAE,KAAK,GAAE,MAAW,GAAG,sBAAsB,EAAE;IAM7E,cAAc,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM;CAMtC"}
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.ThreatScoreEventsRepository = void 0;
|
|
4
|
+
class ThreatScoreEventsRepository {
|
|
5
|
+
db;
|
|
6
|
+
constructor(db) {
|
|
7
|
+
this.db = db;
|
|
8
|
+
}
|
|
9
|
+
insert(record) {
|
|
10
|
+
this.db.prepare(`
|
|
11
|
+
INSERT INTO threat_score_events (id, session_id, event_type, source_event, points, score_after, level_after)
|
|
12
|
+
VALUES (@id, @session_id, @event_type, @source_event, @points, @score_after, @level_after)
|
|
13
|
+
`).run(record);
|
|
14
|
+
}
|
|
15
|
+
getBySession(sessionId, limit = 50) {
|
|
16
|
+
return this.db.prepare('SELECT * FROM threat_score_events WHERE session_id = ? ORDER BY created_at DESC LIMIT ?').all(sessionId, limit);
|
|
17
|
+
}
|
|
18
|
+
purgeOlderThan(hours) {
|
|
19
|
+
const result = this.db.prepare(`DELETE FROM threat_score_events WHERE created_at < datetime('now', '-' || ? || ' hours')`).run(hours);
|
|
20
|
+
return result.changes;
|
|
21
|
+
}
|
|
22
|
+
}
|
|
23
|
+
exports.ThreatScoreEventsRepository = ThreatScoreEventsRepository;
|
|
24
|
+
//# sourceMappingURL=threat-score-events.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"threat-score-events.js","sourceRoot":"","sources":["../../../src/storage/repositories/threat-score-events.ts"],"names":[],"mappings":";;;AAaA,MAAa,2BAA2B;IAC9B,EAAE,CAAoB;IAE9B,YAAY,EAAqB;QAC/B,IAAI,CAAC,EAAE,GAAG,EAAE,CAAC;IACf,CAAC;IAED,MAAM,CAAC,MAQN;QACC,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC;;;KAGf,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IACjB,CAAC;IAED,YAAY,CAAC,SAAiB,EAAE,QAAgB,EAAE;QAChD,OAAO,IAAI,CAAC,EAAE,CAAC,OAAO,CACpB,yFAAyF,CAC1F,CAAC,GAAG,CAAC,SAAS,EAAE,KAAK,CAA6B,CAAC;IACtD,CAAC;IAED,cAAc,CAAC,KAAa;QAC1B,MAAM,MAAM,GAAG,IAAI,CAAC,EAAE,CAAC,OAAO,CAC5B,0FAA0F,CAC3F,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACb,OAAO,MAAM,CAAC,OAAO,CAAC;IACxB,CAAC;CACF;AAlCD,kEAkCC"}
|
|
@@ -0,0 +1,26 @@
|
|
|
1
|
+
import type Database from 'better-sqlite3';
|
|
2
|
+
export interface ThreatScoreRecord {
|
|
3
|
+
session_id: string;
|
|
4
|
+
score: number;
|
|
5
|
+
level: string;
|
|
6
|
+
event_count: number;
|
|
7
|
+
last_event_at: string | null;
|
|
8
|
+
updated_at: string;
|
|
9
|
+
}
|
|
10
|
+
export declare class ThreatScoresRepository {
|
|
11
|
+
private db;
|
|
12
|
+
constructor(db: Database.Database);
|
|
13
|
+
upsert(record: {
|
|
14
|
+
session_id: string;
|
|
15
|
+
score: number;
|
|
16
|
+
level: string;
|
|
17
|
+
event_count: number;
|
|
18
|
+
last_event_at: string | null;
|
|
19
|
+
}): void;
|
|
20
|
+
get(sessionId: string): ThreatScoreRecord | null;
|
|
21
|
+
getAll(): ThreatScoreRecord[];
|
|
22
|
+
getElevated(): ThreatScoreRecord[];
|
|
23
|
+
reset(sessionId: string): void;
|
|
24
|
+
purgeOlderThan(hours: number): number;
|
|
25
|
+
}
|
|
26
|
+
//# sourceMappingURL=threat-scores.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"threat-scores.d.ts","sourceRoot":"","sources":["../../../src/storage/repositories/threat-scores.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,QAAQ,MAAM,gBAAgB,CAAC;AAE3C,MAAM,WAAW,iBAAiB;IAChC,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,EAAE,MAAM,CAAC;IACpB,aAAa,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7B,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,qBAAa,sBAAsB;IACjC,OAAO,CAAC,EAAE,CAAoB;gBAElB,EAAE,EAAE,QAAQ,CAAC,QAAQ;IAIjC,MAAM,CAAC,MAAM,EAAE;QACb,UAAU,EAAE,MAAM,CAAC;QACnB,KAAK,EAAE,MAAM,CAAC;QACd,KAAK,EAAE,MAAM,CAAC;QACd,WAAW,EAAE,MAAM,CAAC;QACpB,aAAa,EAAE,MAAM,GAAG,IAAI,CAAC;KAC9B,GAAG,IAAI;IAaR,GAAG,CAAC,SAAS,EAAE,MAAM,GAAG,iBAAiB,GAAG,IAAI;IAMhD,MAAM,IAAI,iBAAiB,EAAE;IAM7B,WAAW,IAAI,iBAAiB,EAAE;IAMlC,KAAK,CAAC,SAAS,EAAE,MAAM,GAAG,IAAI;IAO9B,cAAc,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM;CAMtC"}
|
|
@@ -0,0 +1,42 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.ThreatScoresRepository = void 0;
|
|
4
|
+
class ThreatScoresRepository {
|
|
5
|
+
db;
|
|
6
|
+
constructor(db) {
|
|
7
|
+
this.db = db;
|
|
8
|
+
}
|
|
9
|
+
upsert(record) {
|
|
10
|
+
this.db.prepare(`
|
|
11
|
+
INSERT INTO threat_scores (session_id, score, level, event_count, last_event_at, updated_at)
|
|
12
|
+
VALUES (@session_id, @score, @level, @event_count, @last_event_at, datetime('now'))
|
|
13
|
+
ON CONFLICT(session_id) DO UPDATE SET
|
|
14
|
+
score = @score,
|
|
15
|
+
level = @level,
|
|
16
|
+
event_count = @event_count,
|
|
17
|
+
last_event_at = @last_event_at,
|
|
18
|
+
updated_at = datetime('now')
|
|
19
|
+
`).run(record);
|
|
20
|
+
}
|
|
21
|
+
get(sessionId) {
|
|
22
|
+
return this.db.prepare('SELECT * FROM threat_scores WHERE session_id = ?').get(sessionId) ?? null;
|
|
23
|
+
}
|
|
24
|
+
getAll() {
|
|
25
|
+
return this.db.prepare('SELECT * FROM threat_scores ORDER BY updated_at DESC').all();
|
|
26
|
+
}
|
|
27
|
+
getElevated() {
|
|
28
|
+
return this.db.prepare("SELECT * FROM threat_scores WHERE level != 'normal' ORDER BY score DESC").all();
|
|
29
|
+
}
|
|
30
|
+
reset(sessionId) {
|
|
31
|
+
this.db.prepare(`
|
|
32
|
+
UPDATE threat_scores SET score = 0, level = 'normal', event_count = 0, updated_at = datetime('now')
|
|
33
|
+
WHERE session_id = ?
|
|
34
|
+
`).run(sessionId);
|
|
35
|
+
}
|
|
36
|
+
purgeOlderThan(hours) {
|
|
37
|
+
const result = this.db.prepare(`DELETE FROM threat_scores WHERE updated_at < datetime('now', '-' || ? || ' hours')`).run(hours);
|
|
38
|
+
return result.changes;
|
|
39
|
+
}
|
|
40
|
+
}
|
|
41
|
+
exports.ThreatScoresRepository = ThreatScoresRepository;
|
|
42
|
+
//# sourceMappingURL=threat-scores.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"threat-scores.js","sourceRoot":"","sources":["../../../src/storage/repositories/threat-scores.ts"],"names":[],"mappings":";;;AAWA,MAAa,sBAAsB;IACzB,EAAE,CAAoB;IAE9B,YAAY,EAAqB;QAC/B,IAAI,CAAC,EAAE,GAAG,EAAE,CAAC;IACf,CAAC;IAED,MAAM,CAAC,MAMN;QACC,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC;;;;;;;;;KASf,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IACjB,CAAC;IAED,GAAG,CAAC,SAAiB;QACnB,OAAQ,IAAI,CAAC,EAAE,CAAC,OAAO,CACrB,kDAAkD,CACnD,CAAC,GAAG,CAAC,SAAS,CAAmC,IAAI,IAAI,CAAC;IAC7D,CAAC;IAED,MAAM;QACJ,OAAO,IAAI,CAAC,EAAE,CAAC,OAAO,CACpB,sDAAsD,CACvD,CAAC,GAAG,EAAyB,CAAC;IACjC,CAAC;IAED,WAAW;QACT,OAAO,IAAI,CAAC,EAAE,CAAC,OAAO,CACpB,yEAAyE,CAC1E,CAAC,GAAG,EAAyB,CAAC;IACjC,CAAC;IAED,KAAK,CAAC,SAAiB;QACrB,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC;;;KAGf,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IACpB,CAAC;IAED,cAAc,CAAC,KAAa;QAC1B,MAAM,MAAM,GAAG,IAAI,CAAC,EAAE,CAAC,OAAO,CAC5B,oFAAoF,CACrF,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACb,OAAO,MAAM,CAAC,OAAO,CAAC;IACxB,CAAC;CACF;AAzDD,wDAyDC"}
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
import type Database from 'better-sqlite3';
|
|
2
|
+
export interface ToolChainDetectionRecord {
|
|
3
|
+
id: string;
|
|
4
|
+
session_id: string;
|
|
5
|
+
rule_id: string;
|
|
6
|
+
matched_sequence: string;
|
|
7
|
+
action: string;
|
|
8
|
+
created_at: string;
|
|
9
|
+
}
|
|
10
|
+
export declare class ToolChainDetectionsRepository {
|
|
11
|
+
private db;
|
|
12
|
+
constructor(db: Database.Database);
|
|
13
|
+
insert(record: {
|
|
14
|
+
id: string;
|
|
15
|
+
session_id: string;
|
|
16
|
+
rule_id: string;
|
|
17
|
+
matched_sequence: string;
|
|
18
|
+
action: string;
|
|
19
|
+
}): void;
|
|
20
|
+
getRecent(limit?: number): ToolChainDetectionRecord[];
|
|
21
|
+
getBySession(sessionId: string): ToolChainDetectionRecord[];
|
|
22
|
+
purgeOlderThan(hours: number): number;
|
|
23
|
+
}
|
|
24
|
+
//# sourceMappingURL=tool-chain-detections.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"tool-chain-detections.d.ts","sourceRoot":"","sources":["../../../src/storage/repositories/tool-chain-detections.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,QAAQ,MAAM,gBAAgB,CAAC;AAE3C,MAAM,WAAW,wBAAwB;IACvC,EAAE,EAAE,MAAM,CAAC;IACX,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC;IAChB,gBAAgB,EAAE,MAAM,CAAC;IACzB,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,qBAAa,6BAA6B;IACxC,OAAO,CAAC,EAAE,CAAoB;gBAElB,EAAE,EAAE,QAAQ,CAAC,QAAQ;IAIjC,MAAM,CAAC,MAAM,EAAE;QACb,EAAE,EAAE,MAAM,CAAC;QACX,UAAU,EAAE,MAAM,CAAC;QACnB,OAAO,EAAE,MAAM,CAAC;QAChB,gBAAgB,EAAE,MAAM,CAAC;QACzB,MAAM,EAAE,MAAM,CAAC;KAChB,GAAG,IAAI;IAOR,SAAS,CAAC,KAAK,GAAE,MAAW,GAAG,wBAAwB,EAAE;IAMzD,YAAY,CAAC,SAAS,EAAE,MAAM,GAAG,wBAAwB,EAAE;IAM3D,cAAc,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM;CAMtC"}
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.ToolChainDetectionsRepository = void 0;
|
|
4
|
+
class ToolChainDetectionsRepository {
|
|
5
|
+
db;
|
|
6
|
+
constructor(db) {
|
|
7
|
+
this.db = db;
|
|
8
|
+
}
|
|
9
|
+
insert(record) {
|
|
10
|
+
this.db.prepare(`
|
|
11
|
+
INSERT INTO tool_chain_detections (id, session_id, rule_id, matched_sequence, action)
|
|
12
|
+
VALUES (@id, @session_id, @rule_id, @matched_sequence, @action)
|
|
13
|
+
`).run(record);
|
|
14
|
+
}
|
|
15
|
+
getRecent(limit = 50) {
|
|
16
|
+
return this.db.prepare('SELECT * FROM tool_chain_detections ORDER BY created_at DESC LIMIT ?').all(limit);
|
|
17
|
+
}
|
|
18
|
+
getBySession(sessionId) {
|
|
19
|
+
return this.db.prepare('SELECT * FROM tool_chain_detections WHERE session_id = ? ORDER BY created_at DESC').all(sessionId);
|
|
20
|
+
}
|
|
21
|
+
purgeOlderThan(hours) {
|
|
22
|
+
const result = this.db.prepare(`DELETE FROM tool_chain_detections WHERE created_at < datetime('now', '-' || ? || ' hours')`).run(hours);
|
|
23
|
+
return result.changes;
|
|
24
|
+
}
|
|
25
|
+
}
|
|
26
|
+
exports.ToolChainDetectionsRepository = ToolChainDetectionsRepository;
|
|
27
|
+
//# sourceMappingURL=tool-chain-detections.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"tool-chain-detections.js","sourceRoot":"","sources":["../../../src/storage/repositories/tool-chain-detections.ts"],"names":[],"mappings":";;;AAWA,MAAa,6BAA6B;IAChC,EAAE,CAAoB;IAE9B,YAAY,EAAqB;QAC/B,IAAI,CAAC,EAAE,GAAG,EAAE,CAAC;IACf,CAAC;IAED,MAAM,CAAC,MAMN;QACC,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC;;;KAGf,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IACjB,CAAC;IAED,SAAS,CAAC,QAAgB,EAAE;QAC1B,OAAO,IAAI,CAAC,EAAE,CAAC,OAAO,CACpB,sEAAsE,CACvE,CAAC,GAAG,CAAC,KAAK,CAA+B,CAAC;IAC7C,CAAC;IAED,YAAY,CAAC,SAAiB;QAC5B,OAAO,IAAI,CAAC,EAAE,CAAC,OAAO,CACpB,mFAAmF,CACpF,CAAC,GAAG,CAAC,SAAS,CAA+B,CAAC;IACjD,CAAC;IAED,cAAc,CAAC,KAAa;QAC1B,MAAM,MAAM,GAAG,IAAI,CAAC,EAAE,CAAC,OAAO,CAC5B,4FAA4F,CAC7F,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACb,OAAO,MAAM,CAAC,OAAO,CAAC;IACxB,CAAC;CACF;AAtCD,sEAsCC"}
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
import type { ToolChainRule } from './chain-rules.js';
|
|
2
|
+
export interface ToolCallEntry {
|
|
3
|
+
category: string;
|
|
4
|
+
timestamp: number;
|
|
5
|
+
}
|
|
6
|
+
export interface ToolChainMatch {
|
|
7
|
+
rule: ToolChainRule;
|
|
8
|
+
matchedSequence: string[];
|
|
9
|
+
}
|
|
10
|
+
export declare class ChainDetector {
|
|
11
|
+
private sessionWindows;
|
|
12
|
+
private maxWindowSize;
|
|
13
|
+
constructor(maxWindowSize?: number);
|
|
14
|
+
recordToolCall(sessionId: string, category: string): void;
|
|
15
|
+
checkChains(sessionId: string, rules: ToolChainRule[]): ToolChainMatch | null;
|
|
16
|
+
cleanup(sessionId: string): void;
|
|
17
|
+
}
|
|
18
|
+
//# sourceMappingURL=chain-detector.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"chain-detector.d.ts","sourceRoot":"","sources":["../../src/tool-guard/chain-detector.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AAEtD,MAAM,WAAW,aAAa;IAC5B,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,aAAa,CAAC;IACpB,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AAID,qBAAa,aAAa;IACxB,OAAO,CAAC,cAAc,CAAsC;IAC5D,OAAO,CAAC,aAAa,CAAS;gBAElB,aAAa,GAAE,MAAwB;IAInD,cAAc,CAAC,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,IAAI;IAazD,WAAW,CAAC,SAAS,EAAE,MAAM,EAAE,KAAK,EAAE,aAAa,EAAE,GAAG,cAAc,GAAG,IAAI;IAgC7E,OAAO,CAAC,SAAS,EAAE,MAAM,GAAG,IAAI;CAGjC"}
|
|
@@ -0,0 +1,55 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.ChainDetector = void 0;
|
|
4
|
+
const MAX_WINDOW_SIZE = 50;
|
|
5
|
+
class ChainDetector {
|
|
6
|
+
sessionWindows = new Map();
|
|
7
|
+
maxWindowSize;
|
|
8
|
+
constructor(maxWindowSize = MAX_WINDOW_SIZE) {
|
|
9
|
+
this.maxWindowSize = maxWindowSize;
|
|
10
|
+
}
|
|
11
|
+
recordToolCall(sessionId, category) {
|
|
12
|
+
let window = this.sessionWindows.get(sessionId);
|
|
13
|
+
if (!window) {
|
|
14
|
+
window = [];
|
|
15
|
+
this.sessionWindows.set(sessionId, window);
|
|
16
|
+
}
|
|
17
|
+
window.push({ category, timestamp: Date.now() });
|
|
18
|
+
// Trim to max window size
|
|
19
|
+
if (window.length > this.maxWindowSize) {
|
|
20
|
+
window.splice(0, window.length - this.maxWindowSize);
|
|
21
|
+
}
|
|
22
|
+
}
|
|
23
|
+
checkChains(sessionId, rules) {
|
|
24
|
+
const window = this.sessionWindows.get(sessionId);
|
|
25
|
+
if (!window || window.length < 2)
|
|
26
|
+
return null;
|
|
27
|
+
const now = Date.now();
|
|
28
|
+
for (const rule of rules) {
|
|
29
|
+
const windowMs = rule.windowSeconds * 1000;
|
|
30
|
+
// Walk backward through the window looking for the sequence in order
|
|
31
|
+
// The last element of the sequence should be the most recent matching entry
|
|
32
|
+
const seq = rule.sequence;
|
|
33
|
+
let seqIdx = seq.length - 1;
|
|
34
|
+
const matched = new Array(seq.length);
|
|
35
|
+
for (let i = window.length - 1; i >= 0 && seqIdx >= 0; i--) {
|
|
36
|
+
const entry = window[i];
|
|
37
|
+
if (now - entry.timestamp > windowMs)
|
|
38
|
+
break; // outside time window
|
|
39
|
+
if (entry.category === seq[seqIdx]) {
|
|
40
|
+
matched[seqIdx] = entry.category;
|
|
41
|
+
seqIdx--;
|
|
42
|
+
}
|
|
43
|
+
}
|
|
44
|
+
if (seqIdx < 0) {
|
|
45
|
+
return { rule, matchedSequence: matched };
|
|
46
|
+
}
|
|
47
|
+
}
|
|
48
|
+
return null;
|
|
49
|
+
}
|
|
50
|
+
cleanup(sessionId) {
|
|
51
|
+
this.sessionWindows.delete(sessionId);
|
|
52
|
+
}
|
|
53
|
+
}
|
|
54
|
+
exports.ChainDetector = ChainDetector;
|
|
55
|
+
//# sourceMappingURL=chain-detector.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"chain-detector.js","sourceRoot":"","sources":["../../src/tool-guard/chain-detector.ts"],"names":[],"mappings":";;;AAYA,MAAM,eAAe,GAAG,EAAE,CAAC;AAE3B,MAAa,aAAa;IAChB,cAAc,GAAG,IAAI,GAAG,EAA2B,CAAC;IACpD,aAAa,CAAS;IAE9B,YAAY,gBAAwB,eAAe;QACjD,IAAI,CAAC,aAAa,GAAG,aAAa,CAAC;IACrC,CAAC;IAED,cAAc,CAAC,SAAiB,EAAE,QAAgB;QAChD,IAAI,MAAM,GAAG,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAChD,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,GAAG,EAAE,CAAC;YACZ,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;QAC7C,CAAC;QACD,MAAM,CAAC,IAAI,CAAC,EAAE,QAAQ,EAAE,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QACjD,0BAA0B;QAC1B,IAAI,MAAM,CAAC,MAAM,GAAG,IAAI,CAAC,aAAa,EAAE,CAAC;YACvC,MAAM,CAAC,MAAM,CAAC,CAAC,EAAE,MAAM,CAAC,MAAM,GAAG,IAAI,CAAC,aAAa,CAAC,CAAC;QACvD,CAAC;IACH,CAAC;IAED,WAAW,CAAC,SAAiB,EAAE,KAAsB;QACnD,MAAM,MAAM,GAAG,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAClD,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC;YAAE,OAAO,IAAI,CAAC;QAE9C,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAEvB,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,MAAM,QAAQ,GAAG,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC;YAE3C,qEAAqE;YACrE,4EAA4E;YAC5E,MAAM,GAAG,GAAG,IAAI,CAAC,QAAQ,CAAC;YAC1B,IAAI,MAAM,GAAG,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC;YAC5B,MAAM,OAAO,GAAa,IAAI,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;YAEhD,KAAK,IAAI,CAAC,GAAG,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,IAAI,MAAM,IAAI,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;gBAC3D,MAAM,KAAK,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;gBACxB,IAAI,GAAG,GAAG,KAAK,CAAC,SAAS,GAAG,QAAQ;oBAAE,MAAM,CAAC,sBAAsB;gBACnE,IAAI,KAAK,CAAC,QAAQ,KAAK,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;oBACnC,OAAO,CAAC,MAAM,CAAC,GAAG,KAAK,CAAC,QAAQ,CAAC;oBACjC,MAAM,EAAE,CAAC;gBACX,CAAC;YACH,CAAC;YAED,IAAI,MAAM,GAAG,CAAC,EAAE,CAAC;gBACf,OAAO,EAAE,IAAI,EAAE,eAAe,EAAE,OAAO,EAAE,CAAC;YAC5C,CAAC;QACH,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO,CAAC,SAAiB;QACvB,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACxC,CAAC;CACF;AAxDD,sCAwDC"}
|
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
export interface ToolChainRule {
|
|
2
|
+
id: string;
|
|
3
|
+
name: string;
|
|
4
|
+
description: string;
|
|
5
|
+
sequence: string[];
|
|
6
|
+
windowSeconds: number;
|
|
7
|
+
action: 'warn' | 'block';
|
|
8
|
+
}
|
|
9
|
+
export declare const BUILTIN_CHAIN_RULES: ToolChainRule[];
|
|
10
|
+
//# sourceMappingURL=chain-rules.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"chain-rules.d.ts","sourceRoot":"","sources":["../../src/tool-guard/chain-rules.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,aAAa;IAC5B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,aAAa,EAAE,MAAM,CAAC;IACtB,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC;CAC1B;AAED,eAAO,MAAM,mBAAmB,EAAE,aAAa,EAyB9C,CAAC"}
|
|
@@ -0,0 +1,30 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.BUILTIN_CHAIN_RULES = void 0;
|
|
4
|
+
exports.BUILTIN_CHAIN_RULES = [
|
|
5
|
+
{
|
|
6
|
+
id: 'chain-exfil-after-cred',
|
|
7
|
+
name: 'Exfiltration after credential access',
|
|
8
|
+
description: 'Network data transfer detected after credential file access within 5 minutes',
|
|
9
|
+
sequence: ['credential-access', 'network-exfil'],
|
|
10
|
+
windowSeconds: 300,
|
|
11
|
+
action: 'block',
|
|
12
|
+
},
|
|
13
|
+
{
|
|
14
|
+
id: 'chain-destruct-after-exec',
|
|
15
|
+
name: 'Destructive action after code execution',
|
|
16
|
+
description: 'Destructive filesystem operation detected after remote code execution within 3 minutes',
|
|
17
|
+
sequence: ['code-execution', 'destructive-fs'],
|
|
18
|
+
windowSeconds: 180,
|
|
19
|
+
action: 'warn',
|
|
20
|
+
},
|
|
21
|
+
{
|
|
22
|
+
id: 'chain-publish-after-cred',
|
|
23
|
+
name: 'Package publish after credential access',
|
|
24
|
+
description: 'Package publish detected after credential access within 10 minutes',
|
|
25
|
+
sequence: ['credential-access', 'package-publish'],
|
|
26
|
+
windowSeconds: 600,
|
|
27
|
+
action: 'block',
|
|
28
|
+
},
|
|
29
|
+
];
|
|
30
|
+
//# sourceMappingURL=chain-rules.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"chain-rules.js","sourceRoot":"","sources":["../../src/tool-guard/chain-rules.ts"],"names":[],"mappings":";;;AASa,QAAA,mBAAmB,GAAoB;IAClD;QACE,EAAE,EAAE,wBAAwB;QAC5B,IAAI,EAAE,sCAAsC;QAC5C,WAAW,EAAE,8EAA8E;QAC3F,QAAQ,EAAE,CAAC,mBAAmB,EAAE,eAAe,CAAC;QAChD,aAAa,EAAE,GAAG;QAClB,MAAM,EAAE,OAAO;KAChB;IACD;QACE,EAAE,EAAE,2BAA2B;QAC/B,IAAI,EAAE,yCAAyC;QAC/C,WAAW,EAAE,wFAAwF;QACrG,QAAQ,EAAE,CAAC,gBAAgB,EAAE,gBAAgB,CAAC;QAC9C,aAAa,EAAE,GAAG;QAClB,MAAM,EAAE,MAAM;KACf;IACD;QACE,EAAE,EAAE,0BAA0B;QAC9B,IAAI,EAAE,yCAAyC;QAC/C,WAAW,EAAE,oEAAoE;QACjF,QAAQ,EAAE,CAAC,mBAAmB,EAAE,iBAAiB,CAAC;QAClD,aAAa,EAAE,GAAG;QAClB,MAAM,EAAE,OAAO;KAChB;CACF,CAAC"}
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
export interface TaintMark {
|
|
2
|
+
sessionId: string;
|
|
3
|
+
requestId: string;
|
|
4
|
+
patternName: string;
|
|
5
|
+
fingerprint: string;
|
|
6
|
+
timestamp: number;
|
|
7
|
+
}
|
|
8
|
+
export interface TaintMatch {
|
|
9
|
+
patternName: string;
|
|
10
|
+
fingerprint: string;
|
|
11
|
+
}
|
|
12
|
+
export declare class TaintTracker {
|
|
13
|
+
private sessionTaints;
|
|
14
|
+
private ttlMs;
|
|
15
|
+
constructor(ttlMinutes?: number);
|
|
16
|
+
/** Create a fingerprint from matched content: SHA256 first 16 hex chars */
|
|
17
|
+
static fingerprint(content: string): string;
|
|
18
|
+
markTaint(sessionId: string, requestId: string, patternName: string, matchedContent: string): string;
|
|
19
|
+
/** Check if tool input contains any tainted content fingerprints */
|
|
20
|
+
checkToolInput(sessionId: string, toolInput: string): TaintMatch | null;
|
|
21
|
+
getActiveTaints(sessionId: string): TaintMark[];
|
|
22
|
+
cleanup(sessionId: string): void;
|
|
23
|
+
}
|
|
24
|
+
//# sourceMappingURL=taint-tracker.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"taint-tracker.d.ts","sourceRoot":"","sources":["../../src/tool-guard/taint-tracker.ts"],"names":[],"mappings":"AAEA,MAAM,WAAW,SAAS;IACxB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,UAAU;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,qBAAa,YAAY;IACvB,OAAO,CAAC,aAAa,CAAkC;IACvD,OAAO,CAAC,KAAK,CAAS;gBAEV,UAAU,GAAE,MAAW;IAInC,2EAA2E;IAC3E,MAAM,CAAC,WAAW,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM;IAI3C,SAAS,CAAC,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,cAAc,EAAE,MAAM,GAAG,MAAM;IAiBpG,oEAAoE;IACpE,cAAc,CAAC,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,UAAU,GAAG,IAAI;IAoBvE,eAAe,CAAC,SAAS,EAAE,MAAM,GAAG,SAAS,EAAE;IAa/C,OAAO,CAAC,SAAS,EAAE,MAAM,GAAG,IAAI;CAGjC"}
|