@aion0/bastion 0.1.12 → 0.1.14

package/dist/plugins/builtin/threat-scorer.js

@@ -0,0 +1,266 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createThreatScorerPlugin = createThreatScorerPlugin;
+const threat_scores_js_1 = require("../../storage/repositories/threat-scores.js");
+const threat_score_events_js_1 = require("../../storage/repositories/threat-score-events.js");
+const tool_chain_detections_js_1 = require("../../storage/repositories/tool-chain-detections.js");
+const taint_marks_js_1 = require("../../storage/repositories/taint-marks.js");
+const chain_detector_js_1 = require("../../tool-guard/chain-detector.js");
+const taint_tracker_js_1 = require("../../tool-guard/taint-tracker.js");
+const chain_rules_js_1 = require("../../tool-guard/chain-rules.js");
+const logger_js_1 = require("../../utils/logger.js");
+const log = (0, logger_js_1.createLogger)('threat-scorer');
+function getDefaults() {
+    return {
+        enabled: true,
+        scoring: {
+            piWeight: 30,
+            dlpWeight: 10,
+            toolGuardWeights: { critical: 25, high: 15, medium: 5, low: 2 },
+            toolChainWeight: 40,
+            decayPerMinute: 0.5,
+        },
+        thresholds: { elevated: 20, high: 50, critical: 80 },
+        toolChain: { enabled: true, maxWindowSize: 20 },
+        taintTracking: { enabled: true, ttlMinutes: 60 },
+    };
+}
+function mergeConfig(config) {
+    const defaults = getDefaults();
+    const ti = config.plugins?.threatIntelligence;
+    if (!ti)
+        return defaults;
+    return {
+        enabled: ti.enabled ?? defaults.enabled,
+        scoring: {
+            piWeight: ti.scoring?.piWeight ?? defaults.scoring.piWeight,
+            dlpWeight: ti.scoring?.dlpWeight ?? defaults.scoring.dlpWeight,
+            toolGuardWeights: {
+                critical: ti.scoring?.toolGuardWeights?.critical ?? defaults.scoring.toolGuardWeights.critical,
+                high: ti.scoring?.toolGuardWeights?.high ?? defaults.scoring.toolGuardWeights.high,
+                medium: ti.scoring?.toolGuardWeights?.medium ?? defaults.scoring.toolGuardWeights.medium,
+                low: ti.scoring?.toolGuardWeights?.low ?? defaults.scoring.toolGuardWeights.low,
+            },
+            toolChainWeight: ti.scoring?.toolChainWeight ?? defaults.scoring.toolChainWeight,
+            decayPerMinute: ti.scoring?.decayPerMinute ?? defaults.scoring.decayPerMinute,
+        },
+        thresholds: {
+            elevated: ti.thresholds?.elevated ?? defaults.thresholds.elevated,
+            high: ti.thresholds?.high ?? defaults.thresholds.high,
+            critical: ti.thresholds?.critical ?? defaults.thresholds.critical,
+        },
+        toolChain: {
+            enabled: ti.toolChain?.enabled ?? defaults.toolChain.enabled,
+            maxWindowSize: ti.toolChain?.maxWindowSize ?? defaults.toolChain.maxWindowSize,
+        },
+        taintTracking: {
+            enabled: ti.taintTracking?.enabled ?? defaults.taintTracking.enabled,
+            ttlMinutes: ti.taintTracking?.ttlMinutes ?? defaults.taintTracking.ttlMinutes,
+        },
+    };
+}
+function computeLevel(score, thresholds) {
+    if (score >= thresholds.critical)
+        return 'critical';
+    if (score >= thresholds.high)
+        return 'high';
+    if (score >= thresholds.elevated)
+        return 'elevated';
+    return 'normal';
+}
+function createThreatScorerPlugin(config, db, eventBus) {
+    const tiConfig = mergeConfig(config);
+    const scoresRepo = new threat_scores_js_1.ThreatScoresRepository(db);
+    const eventsRepo = new threat_score_events_js_1.ThreatScoreEventsRepository(db);
+    const chainDetectionsRepo = new tool_chain_detections_js_1.ToolChainDetectionsRepository(db);
+    const taintMarksRepo = new taint_marks_js_1.TaintMarksRepository(db);
+    const chainDetector = new chain_detector_js_1.ChainDetector(tiConfig.toolChain.maxWindowSize);
+    const taintTracker = new taint_tracker_js_1.TaintTracker(tiConfig.taintTracking.ttlMinutes);
+    // In-memory threat state per session
+    const sessions = new Map();
+    const chainRules = [...chain_rules_js_1.BUILTIN_CHAIN_RULES];
+    function getOrCreateState(sessionId) {
+        let state = sessions.get(sessionId);
+        if (!state) {
+            // Try loading from DB
+            const record = scoresRepo.get(sessionId);
+            if (record) {
+                state = {
+                    score: record.score,
+                    level: record.level,
+                    eventCount: record.event_count,
+                    lastEventAt: record.last_event_at ? new Date(record.last_event_at).getTime() : 0,
+                };
+            }
+            else {
+                state = { score: 0, level: 'normal', eventCount: 0, lastEventAt: 0 };
+            }
+            sessions.set(sessionId, state);
+        }
+        return state;
+    }
+    function applyDecay(state) {
+        if (state.score <= 0 || state.lastEventAt === 0)
+            return;
+        const elapsedMinutes = (Date.now() - state.lastEventAt) / 60000;
+        if (elapsedMinutes <= 0)
+            return;
+        // Exponential decay: score *= exp(-decayRate * elapsed)
+        state.score *= Math.exp(-tiConfig.scoring.decayPerMinute * elapsedMinutes);
+        if (state.score < 0.1)
+            state.score = 0;
+    }
+    function addPoints(sessionId, points, eventType, sourceEvent) {
+        const state = getOrCreateState(sessionId);
+        applyDecay(state);
+        state.score += points;
+        state.eventCount++;
+        state.lastEventAt = Date.now();
+        state.level = computeLevel(state.score, tiConfig.thresholds);
+        sessions.set(sessionId, state);
+        // Persist to DB
+        try {
+            scoresRepo.upsert({
+                session_id: sessionId,
+                score: state.score,
+                level: state.level,
+                event_count: state.eventCount,
+                last_event_at: new Date(state.lastEventAt).toISOString(),
+            });
+            eventsRepo.insert({
+                id: crypto.randomUUID(),
+                session_id: sessionId,
+                event_type: eventType,
+                source_event: sourceEvent,
+                points,
+                score_after: state.score,
+                level_after: state.level,
+            });
+        }
+        catch (err) {
+            log.warn('Failed to persist threat score', { error: err.message });
+        }
+        if (state.level !== 'normal') {
+            log.warn('Session threat level changed', {
+                sessionId,
+                level: state.level,
+                score: Math.round(state.score * 100) / 100,
+                eventType,
+            });
+            eventBus.emit('threat:level-change', {
+                sessionId,
+                level: state.level,
+                score: state.score,
+                eventType,
+            });
+        }
+    }
+    // ── Event listeners ──
+    eventBus.on('pi:detected', (data) => {
+        const event = data;
+        if (!event?.sessionId)
+            return;
+        addPoints(event.sessionId, tiConfig.scoring.piWeight, 'pi', `pi:detected severity=${event.severity ?? 'unknown'}`);
+    });
+    eventBus.on('dlp:finding', (data) => {
+        const event = data;
+        if (!event?.sessionId)
+            return;
+        addPoints(event.sessionId, tiConfig.scoring.dlpWeight, 'dlp', `dlp:finding pattern=${event.patternName ?? 'unknown'}`);
+        // Taint tracking: mark DLP findings for later tool input checks
+        if (tiConfig.taintTracking.enabled && event.patternName && event.requestId) {
+            const fingerprint = taintTracker.markTaint(event.sessionId, event.requestId, event.patternName, `${event.patternName}:${event.requestId}`);
+            try {
+                taintMarksRepo.insert({
+                    id: crypto.randomUUID(),
+                    session_id: event.sessionId,
+                    request_id: event.requestId,
+                    pattern_name: event.patternName,
+                    direction: event.direction ?? 'request',
+                    fingerprint,
+                });
+            }
+            catch (err) {
+                log.warn('Failed to persist taint mark', { error: err.message });
+            }
+        }
+    });
+    eventBus.on('toolguard:alert', (data) => {
+        const event = data;
+        if (!event?.sessionId)
+            return;
+        const severity = event.severity ?? 'medium';
+        const weights = tiConfig.scoring.toolGuardWeights;
+        const points = weights[severity] ?? weights.medium;
+        addPoints(event.sessionId, points, 'toolguard', `toolguard:alert rule=${event.ruleName ?? 'unknown'} severity=${severity}`);
+        // Tool chain detection: record the category and check chains
+        if (tiConfig.toolChain.enabled && event.category) {
+            chainDetector.recordToolCall(event.sessionId, event.category);
+            const match = chainDetector.checkChains(event.sessionId, chainRules);
+            if (match) {
+                addPoints(event.sessionId, tiConfig.scoring.toolChainWeight, 'toolchain', `chain:${match.rule.id} sequence=${match.matchedSequence.join('→')}`);
+                try {
+                    chainDetectionsRepo.insert({
+                        id: crypto.randomUUID(),
+                        session_id: event.sessionId,
+                        rule_id: match.rule.id,
+                        matched_sequence: JSON.stringify(match.matchedSequence),
+                        action: match.rule.action,
+                    });
+                }
+                catch (err) {
+                    log.warn('Failed to persist chain detection', { error: err.message });
+                }
+                eventBus.emit('toolchain:detected', {
+                    sessionId: event.sessionId,
+                    ruleId: match.rule.id,
+                    ruleName: match.rule.name,
+                    sequence: match.matchedSequence,
+                    action: match.rule.action,
+                });
+            }
+        }
+    });
+    return {
+        name: 'threat-scorer',
+        priority: 4, // Runs before tool-guard (5) to set context._threatLevel
+        version: '1.0.0',
+        apiVersion: 2,
+        source: 'builtin',
+        async onRequest(context) {
+            if (!context.sessionId)
+                return;
+            const state = getOrCreateState(context.sessionId);
+            applyDecay(state);
+            // Update level after decay
+            state.level = computeLevel(state.score, tiConfig.thresholds);
+            sessions.set(context.sessionId, state);
+            // Set threat level on context for downstream plugins (tool-guard reads this)
+            context._threatLevel = state.level;
+            context._threatScore = state.score;
+            if (state.level !== 'normal') {
+                log.debug('Request threat context', {
+                    sessionId: context.sessionId,
+                    level: state.level,
+                    score: Math.round(state.score * 100) / 100,
+                });
+            }
+            // Taint check: scan tool inputs in request body for tainted content
+            if (tiConfig.taintTracking.enabled) {
+                const taints = taintTracker.getActiveTaints(context.sessionId);
+                if (taints.length > 0 && context.body) {
+                    const match = taintTracker.checkToolInput(context.sessionId, context.body);
+                    if (match) {
+                        addPoints(context.sessionId, tiConfig.scoring.dlpWeight, 'taint', `taint:detected pattern=${match.patternName} fingerprint=${match.fingerprint}`);
+                        log.warn('Tainted data detected in tool input', {
+                            sessionId: context.sessionId,
+                            requestId: context.id,
+                            patternName: match.patternName,
+                        });
+                    }
+                }
+            }
+        },
+    };
+}
+//# sourceMappingURL=threat-scorer.js.map

package/dist/plugins/builtin/threat-scorer.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"threat-scorer.js","sourceRoot":"","sources":["../../../src/plugins/builtin/threat-scorer.ts"],"names":[],"mappings":";;AAuGA,4DAgOC;AApUD,kFAAqF;AACrF,8FAAgG;AAChG,kGAAoG;AACpG,8EAAiF;AACjF,0EAAmE;AACnE,wEAAiE;AACjE,oEAA0F;AAC1F,qDAAqD;AAGrD,MAAM,GAAG,GAAG,IAAA,wBAAY,EAAC,eAAe,CAAC,CAAC;AAiC1C,SAAS,WAAW;IAClB,OAAO;QACL,OAAO,EAAE,IAAI;QACb,OAAO,EAAE;YACP,QAAQ,EAAE,EAAE;YACZ,SAAS,EAAE,EAAE;YACb,gBAAgB,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE;YAC/D,eAAe,EAAE,EAAE;YACnB,cAAc,EAAE,GAAG;SACpB;QACD,UAAU,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE;QACpD,SAAS,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,aAAa,EAAE,EAAE,EAAE;QAC/C,aAAa,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,UAAU,EAAE,EAAE,EAAE;KACjD,CAAC;AACJ,CAAC;AAED,SAAS,WAAW,CAAC,MAAqB;IACxC,MAAM,QAAQ,GAAG,WAAW,EAAE,CAAC;IAC/B,MAAM,EAAE,GAAG,MAAM,CAAC,OAAO,EAAE,kBAAkB,CAAC;IAC9C,IAAI,CAAC,EAAE;QAAE,OAAO,QAAQ,CAAC;IACzB,OAAO;QACL,OAAO,EAAE,EAAE,CAAC,OAAO,IAAI,QAAQ,CAAC,OAAO;QACvC,OAAO,EAAE;YACP,QAAQ,EAAE,EAAE,CAAC,OAAO,EAAE,QAAQ,IAAI,QAAQ,CAAC,OAAO,CAAC,QAAQ;YAC3D,SAAS,EAAE,EAAE,CAAC,OAAO,EAAE,SAAS,IAAI,QAAQ,CAAC,OAAO,CAAC,SAAS;YAC9D,gBAAgB,EAAE;gBAChB,QAAQ,EAAE,EAAE,CAAC,OAAO,EAAE,gBAAgB,EAAE,QAAQ,IAAI,QAAQ,CAAC,OAAO,CAAC,gBAAgB,CAAC,QAAQ;gBAC9F,IAAI,EAAE,EAAE,CAAC,OAAO,EAAE,gBAAgB,EAAE,IAAI,IAAI,QAAQ,CAAC,OAAO,CAAC,gBAAgB,CAAC,IAAI;gBAClF,MAAM,EAAE,EAAE,CAAC,OAAO,EAAE,gBAAgB,EAAE,MAAM,IAAI,QAAQ,CAAC,OAAO,CAAC,gBAAgB,CAAC,MAAM;gBACxF,GAAG,EAAE,EAAE,CAAC,OAAO,EAAE,gBAAgB,EAAE,GAAG,IAAI,QAAQ,CAAC,OAAO,CAAC,gBAAgB,CAAC,GAAG;aAChF;YACD,eAAe,EAAE,EAAE,CAAC,OAAO,EAAE,eAAe,IAAI,QAAQ,CAAC,OAAO,CAAC,eAAe;YAChF,cAAc,EAAE,EAAE,CAAC,OAAO,EAAE,cAAc,IAAI,QAAQ,CAAC,OAAO,CAAC,cAAc;SAC9E;QACD,UAAU,EAAE;YACV,QAAQ,EAAE,EAAE,CAAC,UAAU,EAAE,QAAQ,IAAI,QAAQ,CAAC,UAAU,CAAC,QAAQ;YACjE,IAAI,EAAE,EAAE,CAAC,UAAU,EAAE,IAAI,IAAI,QAAQ,CAAC,UAAU,CAAC,IAAI;YACrD,QAAQ,EAAE,EAAE,CAAC,UAAU,EAAE,QAAQ,IAAI,QAAQ,CAAC,UAAU,CAAC,QAAQ;SAClE;QACD,SAAS,EAAE;YACT,OAAO,EAAE,EAAE,CAAC,SAAS,EAAE,OAAO,IAAI,QAAQ,CAAC,SAAS,CAAC,OAAO;YAC5D,aAAa,EAAE,EAAE,CAAC,SAAS,EAAE,aAAa,IAAI,QAAQ,CAAC,SAAS,CAAC,aAAa;SAC/E;QACD,aAAa,EAAE;YACb,OAAO,EAAE,EAAE,CAAC,aAAa,EAAE,OAAO,IAAI,QAAQ,CAAC,aAAa,CAAC,OAAO;YACpE,UAAU,EAAE,EAAE,CAAC,aAAa,EAAE,UAAU,IAAI,QAAQ,CAAC,aAAa,CAAC,UAAU;SAC9E;KACF,CAAC;AACJ,CAAC;AAED,SAAS,YAAY,CAAC,KAAa,EAAE,UAA2B;IAC9D,IAAI,KAAK,IAAI,UAAU,CAAC,QAAQ;QAAE,OAAO,UAAU,CAAC;IACpD,IAAI,KAAK,IAAI,UAAU,CAAC,IAAI;QAAE,OAAO,MAAM,CAAC;IAC5C,IAAI,KAAK,IAAI,UAAU,CAAC,QAAQ;QAAE,OAAO,UAAU,CAAC;IACpD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAgB,wBAAwB,CACtC,MAAqB,EACrB,EAAqB,EACrB,QAAwB;IAExB,MAAM,QAAQ,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC;IACrC,MAAM,UAAU,GAAG,IAAI,yCAAsB,CAAC,EAAE,CAAC,CAAC;IAClD,MAAM,UAAU,GAAG,IAAI,oDAA2B,CAAC,EAAE,CAAC,CAAC;IACvD,MAAM,mBAAmB,GAAG,IAAI,wDAA6B,CAAC,EAAE,CAAC,CAAC;IAClE,MAAM,cAAc,GAAG,IAAI,qCAAoB,CAAC,EAAE,CAAC,CAAC;IAEpD,MAAM,aAAa,GAAG,IAAI,iCAAa,CAAC,QAAQ,CAAC,SAAS,CAAC,aAAa,CAAC,CAAC;IAC1E,MAAM,YAAY,GAAG,IAAI,+BAAY,CAAC,QAAQ,CAAC,aAAa,CAAC,UAAU,CAAC,CAAC;IAEzE,qCAAqC;IACrC,MAAM,QAAQ,GAAG,IAAI,GAAG,EAAuB,CAAC;IAEhD,MAAM,UAAU,GAAoB,CAAC,GAAG,oCAAmB,CAAC,CAAC;IAE7D,SAAS,gBAAgB,CAAC,SAAiB;QACzC,IAAI,KAAK,GAAG,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QACpC,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,sBAAsB;YACtB,MAAM,MAAM,GAAG,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;YACzC,IAAI,MAAM,EAAE,CAAC;gBACX,KAAK,GAAG;oBACN,KAAK,EAAE,MAAM,CAAC,KAAK;oBACnB,KAAK,EAAE,MAAM,CAAC,KAAoB;oBAClC,UAAU,EAAE,MAAM,CAAC,WAAW;oBAC9B,WAAW,EAAE,MAAM,CAAC,aAAa,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,CAAC;iBACjF,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,KAAK,GAAG,EAAE,KAAK,EAAE,CAAC,EAAE,KAAK,EAAE,QAAQ,EAAE,UAAU,EAAE,CAAC,EAAE,WAAW,EAAE,CAAC,EAAE,CAAC;YACvE,CAAC;YACD,QAAQ,CAAC,GAAG,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;QACjC,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAED,SAAS,UAAU,CAAC,KAAkB;QACpC,IAAI,KAAK,CAAC,KAAK,IAAI,CAAC,IAAI,KAAK,CAAC,WAAW,KAAK,CAAC;YAAE,OAAO;QACxD,MAAM,cAAc,GAAG,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC,WAAW,CAAC,GAAG,KAAK,CAAC;QAChE,IAAI,cAAc,IAAI,CAAC;YAAE,OAAO;QAChC,wDAAwD;QACxD,KAAK,CAAC,KAAK,IAAI,IAAI,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,cAAc,GAAG,cAAc,CAAC,CAAC;QAC3E,IAAI,KAAK,CAAC,KAAK,GAAG,GAAG;YAAE,KAAK,CAAC,KAAK,GAAG,CAAC,CAAC;IACzC,CAAC;IAED,SAAS,SAAS,CAAC,SAAiB,EAAE,MAAc,EAAE,SAAiB,EAAE,WAAmB;QAC1F,MAAM,KAAK,GAAG,gBAAgB,CAAC,SAAS,CAAC,CAAC;QAC1C,UAAU,CAAC,KAAK,CAAC,CAAC;QAElB,KAAK,CAAC,KAAK,IAAI,MAAM,CAAC;QACtB,KAAK,CAAC,UAAU,EAAE,CAAC;QACnB,KAAK,CAAC,WAAW,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAC/B,KAAK,CAAC,KAAK,GAAG,YAAY,CAAC,KAAK,CAAC,KAAK,EAAE,QAAQ,CAAC,UAAU,CAAC,CAAC;QAE7D,QAAQ,CAAC,GAAG,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;QAE/B,gBAAgB;QAChB,IAAI,CAAC;YACH,UAAU,CAAC,MAAM,CAAC;gBAChB,UAAU,EAAE,SAAS;gBACrB,KAAK,EAAE,KAAK,CAAC,KAAK;gBAClB,KAAK,EAAE,KAAK,CAAC,KAAK;gBAClB,WAAW,EAAE,KAAK,CAAC,UAAU;gBAC7B,aAAa,EAAE,IAAI,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,WAAW,EAAE;aACzD,CAAC,CAAC;YAEH,UAAU,CAAC,MAAM,CAAC;gBAChB,EAAE,EAAE,MAAM,CAAC,UAAU,EAAE;gBACvB,UAAU,EAAE,SAAS;gBACrB,UAAU,EAAE,SAAS;gBACrB,YAAY,EAAE,WAAW;gBACzB,MAAM;gBACN,WAAW,EAAE,KAAK,CAAC,KAAK;gBACxB,WAAW,EAAE,KAAK,CAAC,KAAK;aACzB,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,GAAG,CAAC,IAAI,CAAC,gCAAgC,EAAE,EAAE,KAAK,EAAG,GAAa,CAAC,OAAO,EAAE,CAAC,CAAC;QAChF,CAAC;QAED,IAAI,KAAK,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC7B,GAAG,CAAC,IAAI,CAAC,8BAA8B,EAAE;gBACvC,SAAS;gBACT,KAAK,EAAE,KAAK,CAAC,KAAK;gBAClB,KAAK,EAAE,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,KAAK,GAAG,GAAG,CAAC,GAAG,GAAG;gBAC1C,SAAS;aACV,CAAC,CAAC;YAEH,QAAQ,CAAC,IAAI,CAAC,qBAAqB,EAAE;gBACnC,SAAS;gBACT,KAAK,EAAE,KAAK,CAAC,KAAK;gBAClB,KAAK,EAAE,KAAK,CAAC,KAAK;gBAClB,SAAS;aACV,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,wBAAwB;IAExB,QAAQ,CAAC,EAAE,CAAC,aAAa,EAAE,CAAC,IAAa,EAAE,EAAE;QAC3C,MAAM,KAAK,GAAG,IAA6D,CAAC;QAC5E,IAAI,CAAC,KAAK,EAAE,SAAS;YAAE,OAAO;QAC9B,SAAS,CAAC,KAAK,CAAC,SAAS,EAAE,QAAQ,CAAC,OAAO,CAAC,QAAQ,EAAE,IAAI,EAAE,wBAAwB,KAAK,CAAC,QAAQ,IAAI,SAAS,EAAE,CAAC,CAAC;IACrH,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,EAAE,CAAC,aAAa,EAAE,CAAC,IAAa,EAAE,EAAE;QAC3C,MAAM,KAAK,GAAG,IAA6H,CAAC;QAC5I,IAAI,CAAC,KAAK,EAAE,SAAS;YAAE,OAAO;QAC9B,SAAS,CAAC,KAAK,CAAC,SAAS,EAAE,QAAQ,CAAC,OAAO,CAAC,SAAS,EAAE,KAAK,EAAE,uBAAuB,KAAK,CAAC,WAAW,IAAI,SAAS,EAAE,CAAC,CAAC;QAEvH,gEAAgE;QAChE,IAAI,QAAQ,CAAC,aAAa,CAAC,OAAO,IAAI,KAAK,CAAC,WAAW,IAAI,KAAK,CAAC,SAAS,EAAE,CAAC;YAC3E,MAAM,WAAW,GAAG,YAAY,CAAC,SAAS,CACxC,KAAK,CAAC,SAAS,EAAE,KAAK,CAAC,SAAS,EAAE,KAAK,CAAC,WAAW,EACnD,GAAG,KAAK,CAAC,WAAW,IAAI,KAAK,CAAC,SAAS,EAAE,CAC1C,CAAC;YACF,IAAI,CAAC;gBACH,cAAc,CAAC,MAAM,CAAC;oBACpB,EAAE,EAAE,MAAM,CAAC,UAAU,EAAE;oBACvB,UAAU,EAAE,KAAK,CAAC,SAAS;oBAC3B,UAAU,EAAE,KAAK,CAAC,SAAS;oBAC3B,YAAY,EAAE,KAAK,CAAC,WAAW;oBAC/B,SAAS,EAAE,KAAK,CAAC,SAAS,IAAI,SAAS;oBACvC,WAAW;iBACZ,CAAC,CAAC;YACL,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,GAAG,CAAC,IAAI,CAAC,8BAA8B,EAAE,EAAE,KAAK,EAAG,GAAa,CAAC,OAAO,EAAE,CAAC,CAAC;YAC9E,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,EAAE,CAAC,iBAAiB,EAAE,CAAC,IAAa,EAAE,EAAE;QAC/C,MAAM,KAAK,GAAG,IAID,CAAC;QACd,IAAI,CAAC,KAAK,EAAE,SAAS;YAAE,OAAO;QAE9B,MAAM,QAAQ,GAAG,KAAK,CAAC,QAAQ,IAAI,QAAQ,CAAC;QAC5C,MAAM,OAAO,GAAG,QAAQ,CAAC,OAAO,CAAC,gBAAgB,CAAC;QAClD,MAAM,MAAM,GAAI,OAAkC,CAAC,QAAQ,CAAC,IAAI,OAAO,CAAC,MAAM,CAAC;QAC/E,SAAS,CAAC,KAAK,CAAC,SAAS,EAAE,MAAM,EAAE,WAAW,EAAE,wBAAwB,KAAK,CAAC,QAAQ,IAAI,SAAS,aAAa,QAAQ,EAAE,CAAC,CAAC;QAE5H,6DAA6D;QAC7D,IAAI,QAAQ,CAAC,SAAS,CAAC,OAAO,IAAI,KAAK,CAAC,QAAQ,EAAE,CAAC;YACjD,aAAa,CAAC,cAAc,CAAC,KAAK,CAAC,SAAS,EAAE,KAAK,CAAC,QAAQ,CAAC,CAAC;YAC9D,MAAM,KAAK,GAAG,aAAa,CAAC,WAAW,CAAC,KAAK,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC;YACrE,IAAI,KAAK,EAAE,CAAC;gBACV,SAAS,CAAC,KAAK,CAAC,SAAS,EAAE,QAAQ,CAAC,OAAO,CAAC,eAAe,EAAE,WAAW,EACtE,SAAS,KAAK,CAAC,IAAI,CAAC,EAAE,aAAa,KAAK,CAAC,eAAe,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;gBAExE,IAAI,CAAC;oBACH,mBAAmB,CAAC,MAAM,CAAC;wBACzB,EAAE,EAAE,MAAM,CAAC,UAAU,EAAE;wBACvB,UAAU,EAAE,KAAK,CAAC,SAAS;wBAC3B,OAAO,EAAE,KAAK,CAAC,IAAI,CAAC,EAAE;wBACtB,gBAAgB,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,eAAe,CAAC;wBACvD,MAAM,EAAE,KAAK,CAAC,IAAI,CAAC,MAAM;qBAC1B,CAAC,CAAC;gBACL,CAAC;gBAAC,OAAO,GAAG,EAAE,CAAC;oBACb,GAAG,CAAC,IAAI,CAAC,mCAAmC,EAAE,EAAE,KAAK,EAAG,GAAa,CAAC,OAAO,EAAE,CAAC,CAAC;gBACnF,CAAC;gBAED,QAAQ,CAAC,IAAI,CAAC,oBAAoB,EAAE;oBAClC,SAAS,EAAE,KAAK,CAAC,SAAS;oBAC1B,MAAM,EAAE,KAAK,CAAC,IAAI,CAAC,EAAE;oBACrB,QAAQ,EAAE,KAAK,CAAC,IAAI,CAAC,IAAI;oBACzB,QAAQ,EAAE,KAAK,CAAC,eAAe;oBAC/B,MAAM,EAAE,KAAK,CAAC,IAAI,CAAC,MAAM;iBAC1B,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,OAAO;QACL,IAAI,EAAE,eAAe;QACrB,QAAQ,EAAE,CAAC,EAAE,yDAAyD;QACtE,OAAO,EAAE,OAAO;QAChB,UAAU,EAAE,CAAC;QACb,MAAM,EAAE,SAAS;QAEjB,KAAK,CAAC,SAAS,CAAC,OAAuB;YACrC,IAAI,CAAC,OAAO,CAAC,SAAS;gBAAE,OAAO;YAE/B,MAAM,KAAK,GAAG,gBAAgB,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;YAClD,UAAU,CAAC,KAAK,CAAC,CAAC;YAElB,2BAA2B;YAC3B,KAAK,CAAC,KAAK,GAAG,YAAY,CAAC,KAAK,CAAC,KAAK,EAAE,QAAQ,CAAC,UAAU,CAAC,CAAC;YAC7D,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;YAEvC,6EAA6E;YAC7E,OAAO,CAAC,YAAY,GAAG,KAAK,CAAC,KAAK,CAAC;YACnC,OAAO,CAAC,YAAY,GAAG,KAAK,CAAC,KAAK,CAAC;YAEnC,IAAI,KAAK,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;gBAC7B,GAAG,CAAC,KAAK,CAAC,wBAAwB,EAAE;oBAClC,SAAS,EAAE,OAAO,CAAC,SAAS;oBAC5B,KAAK,EAAE,KAAK,CAAC,KAAK;oBAClB,KAAK,EAAE,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,KAAK,GAAG,GAAG,CAAC,GAAG,GAAG;iBAC3C,CAAC,CAAC;YACL,CAAC;YAED,oEAAoE;YACpE,IAAI,QAAQ,CAAC,aAAa,CAAC,OAAO,EAAE,CAAC;gBACnC,MAAM,MAAM,GAAG,YAAY,CAAC,eAAe,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;gBAC/D,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;oBACtC,MAAM,KAAK,GAAG,YAAY,CAAC,cAAc,CAAC,OAAO,CAAC,SAAS,EAAE,OAAO,CAAC,IAAI,CAAC,CAAC;oBAC3E,IAAI,KAAK,EAAE,CAAC;wBACV,SAAS,CAAC,OAAO,CAAC,SAAS,EAAE,QAAQ,CAAC,OAAO,CAAC,SAAS,EAAE,OAAO,EAC9D,0BAA0B,KAAK,CAAC,WAAW,gBAAgB,KAAK,CAAC,WAAW,EAAE,CAAC,CAAC;wBAClF,GAAG,CAAC,IAAI,CAAC,qCAAqC,EAAE;4BAC9C,SAAS,EAAE,OAAO,CAAC,SAAS;4BAC5B,SAAS,EAAE,OAAO,CAAC,EAAE;4BACrB,WAAW,EAAE,KAAK,CAAC,WAAW;yBAC/B,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;KACF,CAAC;AACJ,CAAC"}

package/dist/plugins/builtin/tool-guard.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"tool-guard.d.ts","sourceRoot":"","sources":["../../../src/plugins/builtin/tool-guard.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,MAAM,EAMP,MAAM,aAAa,CAAC;AAQrB,OAAO,KAAK,QAAQ,MAAM,gBAAgB,CAAC;AAI3C,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,EAAE,OAAO,GAAG,OAAO,CAAC;IAC1B,SAAS,EAAE,OAAO,CAAC;IACnB,gBAAgB,EAAE,MAAM,CAAC;IACzB,gBAAgB,EAAE,MAAM,CAAC;IACzB,YAAY,EAAE,OAAO,CAAC;IACtB,eAAe,EAAE,MAAM,CAAC;IACxB,0EAA0E;IAC1E,aAAa,CAAC,EAAE,MAAM;QAAE,MAAM,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,OAAO,CAAC;QAAC,gBAAgB,EAAE,MAAM,CAAC;QAAC,gBAAgB,EAAE,MAAM,CAAA;KAAE,CAAC;CAClH;AAqFD,wBAAgB,qBAAqB,CAAC,EAAE,EAAE,QAAQ,CAAC,QAAQ,EAAE,MAAM,EAAE,eAAe,EAAE,QAAQ,CAAC,EAAE,OAAO,iBAAiB,EAAE,cAAc,GAAG,MAAM,CAmQjJ"}
+{"version":3,"file":"tool-guard.d.ts","sourceRoot":"","sources":["../../../src/plugins/builtin/tool-guard.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,MAAM,EAMP,MAAM,aAAa,CAAC;AAQrB,OAAO,KAAK,QAAQ,MAAM,gBAAgB,CAAC;AAI3C,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,EAAE,OAAO,GAAG,OAAO,CAAC;IAC1B,SAAS,EAAE,OAAO,CAAC;IACnB,gBAAgB,EAAE,MAAM,CAAC;IACzB,gBAAgB,EAAE,MAAM,CAAC;IACzB,YAAY,EAAE,OAAO,CAAC;IACtB,eAAe,EAAE,MAAM,CAAC;IACxB,0EAA0E;IAC1E,aAAa,CAAC,EAAE,MAAM;QAAE,MAAM,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,OAAO,CAAC;QAAC,gBAAgB,EAAE,MAAM,CAAC;QAAC,gBAAgB,EAAE,MAAM,CAAA;KAAE,CAAC;CAClH;AAqFD,wBAAgB,qBAAqB,CAAC,EAAE,EAAE,QAAQ,CAAC,QAAQ,EAAE,MAAM,EAAE,eAAe,EAAE,QAAQ,CAAC,EAAE,OAAO,iBAAiB,EAAE,cAAc,GAAG,MAAM,CAiOjJ"}

package/dist/plugins/builtin/tool-guard.js

@@ -82,49 +82,20 @@ function createToolGuardPlugin(db, config, eventBus) {
     const auditRepo = new audit_log_js_1.AuditLogRepository(db);
     // Seed built-in rules on first init (INSERT OR IGNORE preserves user toggles)
     rulesRepo.seedBuiltins(rules_js_1.BUILTIN_RULES);
-    // ── PI escalation: track sessions flagged by pi-classifier ──
-    const escalatedSessions = new Map();
-    const ESCALATION_TTL_MS = 60 * 60 * 1000; // 1 hour
-    // Listen for pi:detected events from pi-classifier plugin
-    if (eventBus) {
-        eventBus.on('pi:detected', (data) => {
-            const event = data;
-            if (!event?.sessionId)
-                return;
-            // Escalate session: lower the blockMinSeverity to 'medium' (stricter)
-            escalatedSessions.set(event.sessionId, {
-                blockMinSeverity: 'medium',
-                expiresAt: Date.now() + ESCALATION_TTL_MS,
-            });
-            log.warn('Session escalated due to prompt injection detection', {
-                sessionId: event.sessionId,
-                escalatedBlockMinSeverity: 'medium',
-            });
-        });
-    }
-    /** Clean up expired escalations */
-    function cleanExpiredEscalations() {
-        const now = Date.now();
-        for (const [sessionId, entry] of escalatedSessions) {
-            if (entry.expiresAt <= now) {
-                escalatedSessions.delete(sessionId);
-                log.debug('Escalation expired', { sessionId });
-            }
-        }
-    }
     // Live config readers — support hot-reload from Dashboard
     const getAction = () => config.getLiveConfig ? config.getLiveConfig().action : config.action;
     const getRecordAll = () => config.getLiveConfig ? config.getLiveConfig().recordAll : config.recordAll;
     const getBlockMinSeverity = () => config.getLiveConfig ? config.getLiveConfig().blockMinSeverity : config.blockMinSeverity;
     const getAlertMinSeverity = () => config.getLiveConfig ? config.getLiveConfig().alertMinSeverity : config.alertMinSeverity;
-    /** Get effective blockMinSeverity for a session (may be escalated) */
-    function getEffectiveBlockMinSeverity(sessionId) {
-        if (sessionId) {
-            const escalation = escalatedSessions.get(sessionId);
-            if (escalation && escalation.expiresAt > Date.now()) {
-                return escalation.blockMinSeverity;
-            }
-        }
+    /** Get effective blockMinSeverity for a request context (uses threat-scorer's _threatLevel) */
+    function getEffectiveBlockMinSeverity(context) {
+        const threatLevel = context._threatLevel;
+        if (threatLevel === 'critical')
+            return 'low'; // Block all severities
+        if (threatLevel === 'high')
+            return 'medium'; // Block medium+
+        if (threatLevel === 'elevated')
+            return 'high'; // Block high+
         return getBlockMinSeverity();
     }
     function getAlertConfig() {
@@ -185,6 +156,7 @@ function createToolGuardPlugin(db, config, eventBus) {
                 (0, alert_js_1.dispatchAlert)(getAlertConfig(), tc.toolName, ruleMatch, requestId, sessionId);
                 eventBus?.emit('toolguard:alert', {
                     requestId,
+                    sessionId,
                     toolName: tc.toolName,
                     ruleId: ruleMatch.rule.id,
                     ruleName: ruleMatch.rule.name,
@@ -204,11 +176,10 @@ function createToolGuardPlugin(db, config, eventBus) {
         apiVersion: 2,
         // ── Load rules from DB and set streaming block flag ──
         async onRequest(context) {
-            cleanExpiredEscalations();
             const rules = rulesRepo.getEnabled();
             context._toolGuardRules = rules;
-            const effectiveBlockMin = getEffectiveBlockMinSeverity(context.sessionId);
-            log.debug('onRequest', { action: getAction(), recordAll: getRecordAll(), isStreaming: context.isStreaming, effectiveBlockMin });
+            const effectiveBlockMin = getEffectiveBlockMinSeverity(context);
+            log.debug('onRequest', { action: getAction(), recordAll: getRecordAll(), isStreaming: context.isStreaming, effectiveBlockMin, threatLevel: context._threatLevel });
             if (getAction() === 'block' && context.isStreaming) {
                 context._toolGuardStreamBlock = effectiveBlockMin;
             }
@@ -230,8 +201,8 @@ function createToolGuardPlugin(db, config, eventBus) {
             });
             if (matches.length === 0)
                 return;
-            // Check if any flagged call meets the block severity threshold (may be escalated)
-            const currentBlockMin = getEffectiveBlockMinSeverity(context.request.sessionId);
+            // Check if any flagged call meets the block severity threshold (may be escalated by threat level)
+            const currentBlockMin = getEffectiveBlockMinSeverity(context.request);
             const blockable = matches.filter(m => m.ruleMatch && (0, alert_js_1.shouldAlert)(m.ruleMatch.rule.severity, currentBlockMin));
             // Record all tool calls and dispatch alerts
             const flagged = recordAndAlert(matches, context.request.id, context.request.sessionId);

package/dist/plugins/builtin/tool-guard.js.map

@@ -1 +1 @@
-{"version":3,"file":"tool-guard.js","sourceRoot":"","sources":["../../../src/plugins/builtin/tool-guard.ts"],"names":[],"mappings":";;AAkHA,sDAmQC;AA7WD,4EAA+E;AAC/E,wFAA0F;AAC1F,0EAA6E;AAC7E,gEAA2H;AAC3H,wDAA0G;AAC1G,wDAAyF;AACzF,qDAAqD;AAGrD,MAAM,GAAG,GAAG,IAAA,wBAAY,EAAC,YAAY,CAAC,CAAC;AAmBvC,SAAS,gBAAgB,CAAC,IAAY,EAAE,WAAoB,EAAE,KAAsB;IAClF,MAAM,SAAS,GAAG,IAAA,+BAAgB,EAAC,IAAI,EAAE,WAAW,CAAC,CAAC;IACtD,OAAO,SAAS,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC;QAC1B,EAAE;QACF,SAAS,EAAE,IAAA,qBAAU,EAAC,EAAE,CAAC,QAAQ,EAAE,EAAE,CAAC,SAAS,EAAE,KAAK,CAAC;KACxD,CAAC,CAAC,CAAC;AACN,CAAC;AAED;;;GAGG;AACH,SAAS,uBAAuB,CAC9B,UAA0C,EAC1C,SAA4B;IAE5B,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC;IAEhE,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,wCAAwC;QACxC,MAAM,QAAQ,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CACjC,yCAAyC,CAAC,CAAC,EAAE,CAAC,QAAQ,kBAAkB,CAAC,CAAC,SAAU,CAAC,IAAI,CAAC,IAAI,KAAK,CAAC,CAAC,SAAU,CAAC,IAAI,CAAC,QAAQ,GAAG,CACjI,CAAC;QACF,OAAO,IAAI,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,oBAAoB,EAAE,OAAO,EAAE,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC,CAAC;IAChH,CAAC;IAED,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,aAAa;IAElE,8DAA8D;IAC9D,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;QAChC,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,KAA8B,EAAE,EAAE;YACjE,IAAI,KAAK,CAAC,IAAI,KAAK,UAAU,IAAI,YAAY,CAAC,GAAG,CAAC,KAAK,CAAC,IAAc,CAAC,EAAE,CAAC;gBACxE,MAAM,KAAK,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,QAAQ,KAAK,KAAK,CAAC,IAAI,CAAC,CAAC;gBAChE,MAAM,OAAO,GAAG,yCAAyC,KAAK,CAAC,IAAI,kBAAkB,KAAK,EAAE,SAAS,EAAE,IAAI,CAAC,IAAI,IAAI,cAAc,KAAK,KAAK,EAAE,SAAS,EAAE,IAAI,CAAC,QAAQ,IAAI,SAAS,GAAG,CAAC;gBACvL,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;YACzC,CAAC;YACD,OAAO,KAAK,CAAC;QACf,CAAC,CAAC,CAAC;QACH,wEAAwE;QACxE,IAAI,IAAI,CAAC,WAAW,KAAK,UAAU,EAAE,CAAC;YACpC,IAAI,CAAC,WAAW,GAAG,UAAU,CAAC;QAChC,CAAC;QACD,OAAO,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;IAC9B,CAAC;IAED,8CAA8C;IAC9C,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;QAChC,MAAM,QAAQ,GAAa,EAAE,CAAC;QAC9B,KAAK,MAAM,MAAM,IAAI,IAAI,CAAC,OAAoC,EAAE,CAAC;YAC/D,MAAM,GAAG,GAAG,MAAM,CAAC,OAA8C,CAAC;YAClE,IAAI,CAAC,GAAG,EAAE,UAAU,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC;gBAAE,SAAS;YAEjE,MAAM,IAAI,GAAc,EAAE,CAAC;YAC3B,KAAK,MAAM,EAAE,IAAI,GAAG,CAAC,UAAuC,EAAE,CAAC;gBAC7D,MAAM,EAAE,GAAG,EAAE,CAAC,QAA+C,CAAC;gBAC9D,MAAM,IAAI,GAAG,EAAE,EAAE,IAA0B,CAAC;gBAC5C,IAAI,IAAI,IAAI,YAAY,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;oBACnC,MAAM,KAAK,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,QAAQ,KAAK,IAAI,CAAC,CAAC;oBAC1D,QAAQ,CAAC,IAAI,CAAC,yCAAyC,IAAI,kBAAkB,KAAK,EAAE,SAAS,EAAE,IAAI,CAAC,IAAI,IAAI,cAAc,KAAK,KAAK,EAAE,SAAS,EAAE,IAAI,CAAC,QAAQ,IAAI,SAAS,GAAG,CAAC,CAAC;gBAClL,CAAC;qBAAM,CAAC;oBACN,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;gBAChB,CAAC;YACH,CAAC;YACD,GAAG,CAAC,UAAU,GAAG,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YACpD,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACxB,GAAG,CAAC,OAAO,GAAG,CAAE,GAAG,CAAC,OAAkB,IAAI,EAAE,CAAC,GAAG,IAAI,GAAG,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC7E,CAAC;YACD,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBACtB,MAAM,CAAC,aAAa,GAAG,MAAM,CAAC;YAChC,CAAC;QACH,CAAC;QACD,OAAO,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;IAC9B,CAAC;IAED,sDAAsD;IACtD,OAAO,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;AAC9B,CAAC;AAED,SAAgB,qBAAqB,CAAC,EAAqB,EAAE,MAAuB,EAAE,QAAmD;IACvI,MAAM,IAAI,GAAG,IAAI,mCAAmB,CAAC,EAAE,CAAC,CAAC;IACzC,MAAM,SAAS,GAAG,IAAI,8CAAwB,CAAC,EAAE,CAAC,CAAC;IACnD,MAAM,SAAS,GAAG,IAAI,iCAAkB,CAAC,EAAE,CAAC,CAAC;IAE7C,8EAA8E;IAC9E,SAAS,CAAC,YAAY,CAAC,wBAAa,CAAC,CAAC;IAEtC,+DAA+D;IAC/D,MAAM,iBAAiB,GAAG,IAAI,GAAG,EAA2D,CAAC;IAC7F,MAAM,iBAAiB,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,SAAS;IAEnD,0DAA0D;IAC1D,IAAI,QAAQ,EAAE,CAAC;QACb,QAAQ,CAAC,EAAE,CAAC,aAAa,EAAE,CAAC,IAAa,EAAE,EAAE;YAC3C,MAAM,KAAK,GAAG,IAA6D,CAAC;YAC5E,IAAI,CAAC,KAAK,EAAE,SAAS;gBAAE,OAAO;YAC9B,sEAAsE;YACtE,iBAAiB,CAAC,GAAG,CAAC,KAAK,CAAC,SAAS,EAAE;gBACrC,gBAAgB,EAAE,QAAQ;gBAC1B,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,iBAAiB;aAC1C,CAAC,CAAC;YACH,GAAG,CAAC,IAAI,CAAC,qDAAqD,EAAE;gBAC9D,SAAS,EAAE,KAAK,CAAC,SAAS;gBAC1B,yBAAyB,EAAE,QAAQ;aACpC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC;IAED,mCAAmC;IACnC,SAAS,uBAAuB;QAC9B,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,KAAK,MAAM,CAAC,SAAS,EAAE,KAAK,CAAC,IAAI,iBAAiB,EAAE,CAAC;YACnD,IAAI,KAAK,CAAC,SAAS,IAAI,GAAG,EAAE,CAAC;gBAC3B,iBAAiB,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;gBACpC,GAAG,CAAC,KAAK,CAAC,oBAAoB,EAAE,EAAE,SAAS,EAAE,CAAC,CAAC;YACjD,CAAC;QACH,CAAC;IACH,CAAC;IAED,0DAA0D;IAC1D,MAAM,SAAS,GAAG,GAAG,EAAE,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC,CAAC,MAAM,CAAC,aAAa,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC;IAC7F,MAAM,YAAY,GAAG,GAAG,EAAE,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC,CAAC,MAAM,CAAC,aAAa,EAAE,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC;IACtG,MAAM,mBAAmB,GAAG,GAAG,EAAE,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC,CAAC,MAAM,CAAC,aAAa,EAAE,CAAC,gBAAgB,CAAC,CAAC,CAAC,MAAM,CAAC,gBAAgB,CAAC;IAC3H,MAAM,mBAAmB,GAAG,GAAG,EAAE,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC,CAAC,MAAM,CAAC,aAAa,EAAE,CAAC,gBAAgB,CAAC,CAAC,CAAC,MAAM,CAAC,gBAAgB,CAAC;IAE3H,sEAAsE;IACtE,SAAS,4BAA4B,CAAC,SAAkB;QACtD,IAAI,SAAS,EAAE,CAAC;YACd,MAAM,UAAU,GAAG,iBAAiB,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;YACpD,IAAI,UAAU,IAAI,UAAU,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;gBACpD,OAAO,UAAU,CAAC,gBAAgB,CAAC;YACrC,CAAC;QACH,CAAC;QACD,OAAO,mBAAmB,EAAE,CAAC;IAC/B,CAAC;IAED,SAAS,cAAc;QACrB,OAAO;YACL,WAAW,EAAE,mBAAmB,EAAE,IAAI,MAAM;YAC5C,OAAO,EAAE,MAAM,CAAC,YAAY,IAAI,IAAI;YACpC,UAAU,EAAE,MAAM,CAAC,eAAe,IAAI,EAAE;SACzC,CAAC;IACJ,CAAC;IAED;;;;;OAKG;IACH,SAAS,aAAa,CAAC,SAA2B;QAChD,IAAI,CAAC,SAAS;YAAE,OAAO,MAAM,CAAC;QAC9B,IAAI,SAAS,EAAE,KAAK,OAAO,IAAI,IAAA,sBAAW,EAAC,SAAS,CAAC,IAAI,CAAC,QAAQ,EAAE,mBAAmB,EAAE,CAAC,EAAE,CAAC;YAC3F,OAAO,OAAO,CAAC;QACjB,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,mFAAmF;IACnF,SAAS,cAAc,CACrB,OAA0B,EAC1B,SAAiB,EACjB,SAAkB;QAElB,MAAM,SAAS,GAAG,YAAY,EAAE,KAAK,KAAK,CAAC;QAC3C,IAAI,YAAY,GAAG,CAAC,CAAC;QACrB,KAAK,MAAM,EAAE,EAAE,EAAE,SAAS,EAAE,IAAI,OAAO,EAAE,CAAC;YACxC,IAAI,CAAC,SAAS,IAAI,CAAC,SAAS;gBAAE,SAAS;YAEvC,MAAM,QAAQ,GAAG,OAAO,EAAE,CAAC,SAAS,KAAK,QAAQ;gBAC/C,CAAC,CAAC,EAAE,CAAC,SAAS;gBACd,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC,SAAS,CAAC,CAAC;YAEjC,MAAM,YAAY,GAAG,aAAa,CAAC,SAAS,CAAC,CAAC;YAE9C,IAAI,CAAC,MAAM,CAAC;gBACV,EAAE,EAAE,MAAM,CAAC,UAAU,EAAE;gBACvB,UAAU,EAAE,SAAS;gBACrB,SAAS,EAAE,EAAE,CAAC,QAAQ;gBACtB,UAAU,EAAE,QAAQ;gBACpB,OAAO,EAAE,SAAS,EAAE,IAAI,CAAC,EAAE,IAAI,IAAI;gBACnC,SAAS,EAAE,SAAS,EAAE,IAAI,CAAC,IAAI,IAAI,IAAI;gBACvC,QAAQ,EAAE,SAAS,EAAE,IAAI,CAAC,QAAQ,IAAI,MAAM;gBAC5C,QAAQ,EAAE,SAAS,EAAE,IAAI,CAAC,QAAQ,IAAI,IAAI;gBAC1C,MAAM,EAAE,YAAY;gBACpB,QAAQ,EAAE,EAAE,CAAC,QAAQ;gBACrB,UAAU,EAAE,SAAS,IAAI,IAAI;aAC9B,CAAC,CAAC;YAEH,IAAI,SAAS,EAAE,CAAC;gBACd,YAAY,EAAE,CAAC;gBACf,GAAG,CAAC,IAAI,CAAC,8BAA8B,EAAE;oBACvC,SAAS;oBACT,QAAQ,EAAE,EAAE,CAAC,QAAQ;oBACrB,MAAM,EAAE,SAAS,CAAC,IAAI,CAAC,EAAE;oBACzB,QAAQ,EAAE,SAAS,CAAC,IAAI,CAAC,QAAQ;oBACjC,OAAO,EAAE,SAAS,CAAC,WAAW;oBAC9B,MAAM,EAAE,YAAY;iBACrB,CAAC,CAAC;gBAEH,IAAA,wBAAa,EAAC,cAAc,EAAE,EAAE,EAAE,CAAC,QAAQ,EAAE,SAAS,EAAE,SAAS,EAAE,SAAS,CAAC,CAAC;gBAE9E,QAAQ,EAAE,IAAI,CAAC,iBAAiB,EAAE;oBAChC,SAAS;oBACT,QAAQ,EAAE,EAAE,CAAC,QAAQ;oBACrB,MAAM,EAAE,SAAS,CAAC,IAAI,CAAC,EAAE;oBACzB,QAAQ,EAAE,SAAS,CAAC,IAAI,CAAC,IAAI;oBAC7B,QAAQ,EAAE,SAAS,CAAC,IAAI,CAAC,QAAQ;oBACjC,QAAQ,EAAE,SAAS,CAAC,IAAI,CAAC,QAAQ;oBACjC,MAAM,EAAE,YAAY;oBACpB,WAAW,EAAE,SAAS,CAAC,WAAW;iBACnC,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QACD,OAAO,YAAY,CAAC;IACtB,CAAC;IAED,OAAO;QACL,IAAI,EAAE,YAAY;QAClB,QAAQ,EAAE,CAAC;QACX,OAAO,EAAE,OAAO;QAChB,UAAU,EAAE,CAAC;QAEb,wDAAwD;QACxD,KAAK,CAAC,SAAS,CAAC,OAAuB;YACrC,uBAAuB,EAAE,CAAC;YAC1B,MAAM,KAAK,GAAG,SAAS,CAAC,UAAU,EAAE,CAAC;YACrC,OAAO,CAAC,eAAe,GAAG,KAAK,CAAC;YAChC,MAAM,iBAAiB,GAAG,4BAA4B,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;YAC1E,GAAG,CAAC,KAAK,CAAC,WAAW,EAAE,EAAE,MAAM,EAAE,SAAS,EAAE,EAAE,SAAS,EAAE,YAAY,EAAE,EAAE,WAAW,EAAE,OAAO,CAAC,WAAW,EAAE,iBAAiB,EAAE,CAAC,CAAC;YAChI,IAAI,SAAS,EAAE,KAAK,OAAO,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;gBACnD,OAAO,CAAC,qBAAqB,GAAG,iBAAiB,CAAC;YACpD,CAAC;QACH,CAAC;QAED,wEAAwE;QACxE,KAAK,CAAC,UAAU,CAAC,OAAiC;YAChD,MAAM,aAAa,GAAG,SAAS,EAAE,CAAC;YAClC,GAAG,CAAC,KAAK,CAAC,YAAY,EAAE,EAAE,MAAM,EAAE,aAAa,EAAE,WAAW,EAAE,OAAO,CAAC,WAAW,EAAE,CAAC,CAAC;YACrF,IAAI,aAAa,KAAK,OAAO;gBAAE,OAAO;YACtC,IAAI,OAAO,CAAC,WAAW;gBAAE,OAAO,CAAC,iEAAiE;YAElG,MAAM,KAAK,GAAG,OAAO,CAAC,OAAO,CAAC,eAAe,IAAI,SAAS,CAAC,UAAU,EAAE,CAAC;YACxE,MAAM,OAAO,GAAG,gBAAgB,CAAC,OAAO,CAAC,IAAI,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC;YAC7D,GAAG,CAAC,KAAK,CAAC,qBAAqB,EAAE;gBAC/B,SAAS,EAAE,OAAO,CAAC,OAAO,CAAC,EAAE;gBAC7B,SAAS,EAAE,OAAO,CAAC,MAAM;gBACzB,OAAO,EAAE,OAAO,CAAC,IAAI,CAAC,MAAM;aAC7B,CAAC,CAAC;YACH,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;gBAAE,OAAO;YAEjC,kFAAkF;YAClF,MAAM,eAAe,GAAG,4BAA4B,CAAC,OAAO,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;YAChF,MAAM,SAAS,GAAG,OAAO,CAAC,MAAM,CAC9B,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,IAAI,IAAA,sBAAW,EAAC,CAAC,CAAC,SAAS,CAAC,IAAI,CAAC,QAAQ,EAAE,eAAe,CAAC,CAC5E,CAAC;YAEF,4CAA4C;YAC5C,MAAM,OAAO,GAAG,cAAc,CAAC,OAAO,EAAE,OAAO,CAAC,OAAO,CAAC,EAAE,EAAE,OAAO,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;YACvF,IAAI,OAAO,GAAG,CAAC,EAAE,CAAC;gBAChB,OAAO,CAAC,OAAO,CAAC,YAAY,GAAG,IAAI,CAAC;gBACpC,OAAO,CAAC,OAAO,CAAC,iBAAiB,GAAG,OAAO,CAAC;YAC9C,CAAC;YAED,+EAA+E;YAC/E,OAAO,CAAC,OAAO,CAAC,kBAAkB,GAAG,IAAI,CAAC;YAE1C,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACzB,MAAM,OAAO,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAChC,GAAG,CAAC,CAAC,EAAE,CAAC,QAAQ,KAAK,CAAC,CAAC,SAAU,CAAC,IAAI,CAAC,IAAI,KAAK,CAAC,CAAC,SAAU,CAAC,IAAI,CAAC,QAAQ,GAAG,CAC9E,CAAC;gBACF,GAAG,CAAC,IAAI,CAAC,mBAAmB,EAAE,EAAE,SAAS,EAAE,OAAO,CAAC,OAAO,CAAC,EAAE,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC,CAAC;gBAEnF,+DAA+D;gBAC/D,IAAI,CAAC;oBACH,SAAS,CAAC,MAAM,CAAC;wBACf,EAAE,EAAE,MAAM,CAAC,UAAU,EAAE;wBACvB,UAAU,EAAE,OAAO,CAAC,OAAO,CAAC,EAAE;wBAC9B,WAAW,EAAE,OAAO,CAAC,OAAO,CAAC,IAAI;wBACjC,YAAY,EAAE,OAAO,CAAC,IAAI;wBAC1B,YAAY,EAAE,IAAI;qBACnB,CAAC,CAAC;gBACL,CAAC;gBAAC,OAAO,GAAG,EAAE,CAAC;oBACb,GAAG,CAAC,IAAI,CAAC,uCAAuC,EAAE,EAAE,KAAK,EAAG,GAAa,CAAC,OAAO,EAAE,CAAC,CAAC;gBACvF,CAAC;gBAED,4EAA4E;gBAC5E,4EAA4E;gBAC5E,MAAM,QAAQ,GAAG,uBAAuB,CAAC,OAAO,CAAC,UAAU,EAAE,SAAS,CAAC,CAAC;gBACxE,OAAO,EAAE,YAAY,EAAE,QAAQ,EAAE,CAAC;YACpC,CAAC;QACH,CAAC;QAED,6EAA6E;QAC7E,KAAK,CAAC,kBAAkB,CAAC,OAAgC;YACvD,qEAAqE;YACrE,IAAI,OAAO,CAAC,OAAO,CAAC,kBAAkB;gBAAE,OAAO;YAE/C,IAAI,CAAC;gBACH,MAAM,KAAK,GAAG,OAAO,CAAC,OAAO,CAAC,eAAe,IAAI,SAAS,CAAC,UAAU,EAAE,CAAC;gBAExE,8EAA8E;gBAC9E,IAAI,OAA0B,CAAC;gBAC/B,IAAI,OAAO,CAAC,SAAS,IAAI,OAAO,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBACtD,MAAM,SAAS,GAAG,IAAA,+CAAgC,EAAC,OAAO,CAAC,SAAS,CAAC,CAAC;oBACtE,OAAO,GAAG,SAAS,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC;wBAC7B,EAAE;wBACF,SAAS,EAAE,IAAA,qBAAU,EAAC,EAAE,CAAC,QAAQ,EAAE,EAAE,CAAC,SAAS,EAAE,KAAK,CAAC;qBACxD,CAAC,CAAC,CAAC;gBACN,CAAC;qBAAM,CAAC;oBACN,OAAO,GAAG,gBAAgB,CAAC,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC;gBACvE,CAAC;gBAED,GAAG,CAAC,KAAK,CAAC,oBAAoB,EAAE;oBAC9B,SAAS,EAAE,OAAO,CAAC,OAAO,CAAC,EAAE;oBAC7B,WAAW,EAAE,OAAO,CAAC,WAAW;oBAChC,SAAS,EAAE,OAAO,CAAC,MAAM;oBACzB,OAAO,EAAE,OAAO,CAAC,IAAI,CAAC,MAAM;oBAC5B,aAAa,EAAE,OAAO,CAAC,OAAO,CAAC,SAAS,EAAE,MAAM,CAAC;iBAClD,CAAC,CAAC;gBACH,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;oBAAE,OAAO;gBAEjC,MAAM,OAAO,GAAG,cAAc,CAAC,OAAO,EAAE,OAAO,CAAC,OAAO,CAAC,EAAE,EAAE,OAAO,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;gBACvF,IAAI,OAAO,GAAG,CAAC,EAAE,CAAC;oBAChB,OAAO,CAAC,OAAO,CAAC,YAAY,GAAG,IAAI,CAAC;oBACpC,OAAO,CAAC,OAAO,CAAC,iBAAiB,GAAG,OAAO,CAAC;gBAC9C,CAAC;gBAED,GAAG,CAAC,KAAK,CAAC,qBAAqB,EAAE;oBAC/B,SAAS,EAAE,OAAO,CAAC,OAAO,CAAC,EAAE;oBAC7B,KAAK,EAAE,OAAO,CAAC,MAAM;oBACrB,OAAO;iBACR,CAAC,CAAC;YACL,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,GAAG,CAAC,IAAI,CAAC,8BAA8B,EAAE,EAAE,KAAK,EAAG,GAAa,CAAC,OAAO,EAAE,CAAC,CAAC;YAC9E,CAAC;QACH,CAAC;KACF,CAAC;AACJ,CAAC"}
+{"version":3,"file":"tool-guard.js","sourceRoot":"","sources":["../../../src/plugins/builtin/tool-guard.ts"],"names":[],"mappings":";;AAkHA,sDAiOC;AA3UD,4EAA+E;AAC/E,wFAA0F;AAC1F,0EAA6E;AAC7E,gEAA2H;AAC3H,wDAA0G;AAC1G,wDAAyF;AACzF,qDAAqD;AAGrD,MAAM,GAAG,GAAG,IAAA,wBAAY,EAAC,YAAY,CAAC,CAAC;AAmBvC,SAAS,gBAAgB,CAAC,IAAY,EAAE,WAAoB,EAAE,KAAsB;IAClF,MAAM,SAAS,GAAG,IAAA,+BAAgB,EAAC,IAAI,EAAE,WAAW,CAAC,CAAC;IACtD,OAAO,SAAS,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC;QAC1B,EAAE;QACF,SAAS,EAAE,IAAA,qBAAU,EAAC,EAAE,CAAC,QAAQ,EAAE,EAAE,CAAC,SAAS,EAAE,KAAK,CAAC;KACxD,CAAC,CAAC,CAAC;AACN,CAAC;AAED;;;GAGG;AACH,SAAS,uBAAuB,CAC9B,UAA0C,EAC1C,SAA4B;IAE5B,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC;IAEhE,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,wCAAwC;QACxC,MAAM,QAAQ,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CACjC,yCAAyC,CAAC,CAAC,EAAE,CAAC,QAAQ,kBAAkB,CAAC,CAAC,SAAU,CAAC,IAAI,CAAC,IAAI,KAAK,CAAC,CAAC,SAAU,CAAC,IAAI,CAAC,QAAQ,GAAG,CACjI,CAAC;QACF,OAAO,IAAI,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,oBAAoB,EAAE,OAAO,EAAE,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC,CAAC;IAChH,CAAC;IAED,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,aAAa;IAElE,8DAA8D;IAC9D,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;QAChC,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,KAA8B,EAAE,EAAE;YACjE,IAAI,KAAK,CAAC,IAAI,KAAK,UAAU,IAAI,YAAY,CAAC,GAAG,CAAC,KAAK,CAAC,IAAc,CAAC,EAAE,CAAC;gBACxE,MAAM,KAAK,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,QAAQ,KAAK,KAAK,CAAC,IAAI,CAAC,CAAC;gBAChE,MAAM,OAAO,GAAG,yCAAyC,KAAK,CAAC,IAAI,kBAAkB,KAAK,EAAE,SAAS,EAAE,IAAI,CAAC,IAAI,IAAI,cAAc,KAAK,KAAK,EAAE,SAAS,EAAE,IAAI,CAAC,QAAQ,IAAI,SAAS,GAAG,CAAC;gBACvL,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;YACzC,CAAC;YACD,OAAO,KAAK,CAAC;QACf,CAAC,CAAC,CAAC;QACH,wEAAwE;QACxE,IAAI,IAAI,CAAC,WAAW,KAAK,UAAU,EAAE,CAAC;YACpC,IAAI,CAAC,WAAW,GAAG,UAAU,CAAC;QAChC,CAAC;QACD,OAAO,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;IAC9B,CAAC;IAED,8CAA8C;IAC9C,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;QAChC,MAAM,QAAQ,GAAa,EAAE,CAAC;QAC9B,KAAK,MAAM,MAAM,IAAI,IAAI,CAAC,OAAoC,EAAE,CAAC;YAC/D,MAAM,GAAG,GAAG,MAAM,CAAC,OAA8C,CAAC;YAClE,IAAI,CAAC,GAAG,EAAE,UAAU,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC;gBAAE,SAAS;YAEjE,MAAM,IAAI,GAAc,EAAE,CAAC;YAC3B,KAAK,MAAM,EAAE,IAAI,GAAG,CAAC,UAAuC,EAAE,CAAC;gBAC7D,MAAM,EAAE,GAAG,EAAE,CAAC,QAA+C,CAAC;gBAC9D,MAAM,IAAI,GAAG,EAAE,EAAE,IAA0B,CAAC;gBAC5C,IAAI,IAAI,IAAI,YAAY,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;oBACnC,MAAM,KAAK,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,QAAQ,KAAK,IAAI,CAAC,CAAC;oBAC1D,QAAQ,CAAC,IAAI,CAAC,yCAAyC,IAAI,kBAAkB,KAAK,EAAE,SAAS,EAAE,IAAI,CAAC,IAAI,IAAI,cAAc,KAAK,KAAK,EAAE,SAAS,EAAE,IAAI,CAAC,QAAQ,IAAI,SAAS,GAAG,CAAC,CAAC;gBAClL,CAAC;qBAAM,CAAC;oBACN,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;gBAChB,CAAC;YACH,CAAC;YACD,GAAG,CAAC,UAAU,GAAG,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YACpD,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACxB,GAAG,CAAC,OAAO,GAAG,CAAE,GAAG,CAAC,OAAkB,IAAI,EAAE,CAAC,GAAG,IAAI,GAAG,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC7E,CAAC;YACD,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBACtB,MAAM,CAAC,aAAa,GAAG,MAAM,CAAC;YAChC,CAAC;QACH,CAAC;QACD,OAAO,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;IAC9B,CAAC;IAED,sDAAsD;IACtD,OAAO,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;AAC9B,CAAC;AAED,SAAgB,qBAAqB,CAAC,EAAqB,EAAE,MAAuB,EAAE,QAAmD;IACvI,MAAM,IAAI,GAAG,IAAI,mCAAmB,CAAC,EAAE,CAAC,CAAC;IACzC,MAAM,SAAS,GAAG,IAAI,8CAAwB,CAAC,EAAE,CAAC,CAAC;IACnD,MAAM,SAAS,GAAG,IAAI,iCAAkB,CAAC,EAAE,CAAC,CAAC;IAE7C,8EAA8E;IAC9E,SAAS,CAAC,YAAY,CAAC,wBAAa,CAAC,CAAC;IAEtC,0DAA0D;IAC1D,MAAM,SAAS,GAAG,GAAG,EAAE,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC,CAAC,MAAM,CAAC,aAAa,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC;IAC7F,MAAM,YAAY,GAAG,GAAG,EAAE,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC,CAAC,MAAM,CAAC,aAAa,EAAE,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC;IACtG,MAAM,mBAAmB,GAAG,GAAG,EAAE,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC,CAAC,MAAM,CAAC,aAAa,EAAE,CAAC,gBAAgB,CAAC,CAAC,CAAC,MAAM,CAAC,gBAAgB,CAAC;IAC3H,MAAM,mBAAmB,GAAG,GAAG,EAAE,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC,CAAC,MAAM,CAAC,aAAa,EAAE,CAAC,gBAAgB,CAAC,CAAC,CAAC,MAAM,CAAC,gBAAgB,CAAC;IAE3H,+FAA+F;IAC/F,SAAS,4BAA4B,CAAC,OAAuB;QAC3D,MAAM,WAAW,GAAG,OAAO,CAAC,YAAY,CAAC;QACzC,IAAI,WAAW,KAAK,UAAU;YAAE,OAAO,KAAK,CAAC,CAAO,uBAAuB;QAC3E,IAAI,WAAW,KAAK,MAAM;YAAE,OAAO,QAAQ,CAAC,CAAQ,gBAAgB;QACpE,IAAI,WAAW,KAAK,UAAU;YAAE,OAAO,MAAM,CAAC,CAAM,cAAc;QAClE,OAAO,mBAAmB,EAAE,CAAC;IAC/B,CAAC;IAED,SAAS,cAAc;QACrB,OAAO;YACL,WAAW,EAAE,mBAAmB,EAAE,IAAI,MAAM;YAC5C,OAAO,EAAE,MAAM,CAAC,YAAY,IAAI,IAAI;YACpC,UAAU,EAAE,MAAM,CAAC,eAAe,IAAI,EAAE;SACzC,CAAC;IACJ,CAAC;IAED;;;;;OAKG;IACH,SAAS,aAAa,CAAC,SAA2B;QAChD,IAAI,CAAC,SAAS;YAAE,OAAO,MAAM,CAAC;QAC9B,IAAI,SAAS,EAAE,KAAK,OAAO,IAAI,IAAA,sBAAW,EAAC,SAAS,CAAC,IAAI,CAAC,QAAQ,EAAE,mBAAmB,EAAE,CAAC,EAAE,CAAC;YAC3F,OAAO,OAAO,CAAC;QACjB,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,mFAAmF;IACnF,SAAS,cAAc,CACrB,OAA0B,EAC1B,SAAiB,EACjB,SAAkB;QAElB,MAAM,SAAS,GAAG,YAAY,EAAE,KAAK,KAAK,CAAC;QAC3C,IAAI,YAAY,GAAG,CAAC,CAAC;QACrB,KAAK,MAAM,EAAE,EAAE,EAAE,SAAS,EAAE,IAAI,OAAO,EAAE,CAAC;YACxC,IAAI,CAAC,SAAS,IAAI,CAAC,SAAS;gBAAE,SAAS;YAEvC,MAAM,QAAQ,GAAG,OAAO,EAAE,CAAC,SAAS,KAAK,QAAQ;gBAC/C,CAAC,CAAC,EAAE,CAAC,SAAS;gBACd,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC,SAAS,CAAC,CAAC;YAEjC,MAAM,YAAY,GAAG,aAAa,CAAC,SAAS,CAAC,CAAC;YAE9C,IAAI,CAAC,MAAM,CAAC;gBACV,EAAE,EAAE,MAAM,CAAC,UAAU,EAAE;gBACvB,UAAU,EAAE,SAAS;gBACrB,SAAS,EAAE,EAAE,CAAC,QAAQ;gBACtB,UAAU,EAAE,QAAQ;gBACpB,OAAO,EAAE,SAAS,EAAE,IAAI,CAAC,EAAE,IAAI,IAAI;gBACnC,SAAS,EAAE,SAAS,EAAE,IAAI,CAAC,IAAI,IAAI,IAAI;gBACvC,QAAQ,EAAE,SAAS,EAAE,IAAI,CAAC,QAAQ,IAAI,MAAM;gBAC5C,QAAQ,EAAE,SAAS,EAAE,IAAI,CAAC,QAAQ,IAAI,IAAI;gBAC1C,MAAM,EAAE,YAAY;gBACpB,QAAQ,EAAE,EAAE,CAAC,QAAQ;gBACrB,UAAU,EAAE,SAAS,IAAI,IAAI;aAC9B,CAAC,CAAC;YAEH,IAAI,SAAS,EAAE,CAAC;gBACd,YAAY,EAAE,CAAC;gBACf,GAAG,CAAC,IAAI,CAAC,8BAA8B,EAAE;oBACvC,SAAS;oBACT,QAAQ,EAAE,EAAE,CAAC,QAAQ;oBACrB,MAAM,EAAE,SAAS,CAAC,IAAI,CAAC,EAAE;oBACzB,QAAQ,EAAE,SAAS,CAAC,IAAI,CAAC,QAAQ;oBACjC,OAAO,EAAE,SAAS,CAAC,WAAW;oBAC9B,MAAM,EAAE,YAAY;iBACrB,CAAC,CAAC;gBAEH,IAAA,wBAAa,EAAC,cAAc,EAAE,EAAE,EAAE,CAAC,QAAQ,EAAE,SAAS,EAAE,SAAS,EAAE,SAAS,CAAC,CAAC;gBAE9E,QAAQ,EAAE,IAAI,CAAC,iBAAiB,EAAE;oBAChC,SAAS;oBACT,SAAS;oBACT,QAAQ,EAAE,EAAE,CAAC,QAAQ;oBACrB,MAAM,EAAE,SAAS,CAAC,IAAI,CAAC,EAAE;oBACzB,QAAQ,EAAE,SAAS,CAAC,IAAI,CAAC,IAAI;oBAC7B,QAAQ,EAAE,SAAS,CAAC,IAAI,CAAC,QAAQ;oBACjC,QAAQ,EAAE,SAAS,CAAC,IAAI,CAAC,QAAQ;oBACjC,MAAM,EAAE,YAAY;oBACpB,WAAW,EAAE,SAAS,CAAC,WAAW;iBACnC,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QACD,OAAO,YAAY,CAAC;IACtB,CAAC;IAED,OAAO;QACL,IAAI,EAAE,YAAY;QAClB,QAAQ,EAAE,CAAC;QACX,OAAO,EAAE,OAAO;QAChB,UAAU,EAAE,CAAC;QAEb,wDAAwD;QACxD,KAAK,CAAC,SAAS,CAAC,OAAuB;YACrC,MAAM,KAAK,GAAG,SAAS,CAAC,UAAU,EAAE,CAAC;YACrC,OAAO,CAAC,eAAe,GAAG,KAAK,CAAC;YAChC,MAAM,iBAAiB,GAAG,4BAA4B,CAAC,OAAO,CAAC,CAAC;YAChE,GAAG,CAAC,KAAK,CAAC,WAAW,EAAE,EAAE,MAAM,EAAE,SAAS,EAAE,EAAE,SAAS,EAAE,YAAY,EAAE,EAAE,WAAW,EAAE,OAAO,CAAC,WAAW,EAAE,iBAAiB,EAAE,WAAW,EAAE,OAAO,CAAC,YAAY,EAAE,CAAC,CAAC;YACnK,IAAI,SAAS,EAAE,KAAK,OAAO,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;gBACnD,OAAO,CAAC,qBAAqB,GAAG,iBAAiB,CAAC;YACpD,CAAC;QACH,CAAC;QAED,wEAAwE;QACxE,KAAK,CAAC,UAAU,CAAC,OAAiC;YAChD,MAAM,aAAa,GAAG,SAAS,EAAE,CAAC;YAClC,GAAG,CAAC,KAAK,CAAC,YAAY,EAAE,EAAE,MAAM,EAAE,aAAa,EAAE,WAAW,EAAE,OAAO,CAAC,WAAW,EAAE,CAAC,CAAC;YACrF,IAAI,aAAa,KAAK,OAAO;gBAAE,OAAO;YACtC,IAAI,OAAO,CAAC,WAAW;gBAAE,OAAO,CAAC,iEAAiE;YAElG,MAAM,KAAK,GAAG,OAAO,CAAC,OAAO,CAAC,eAAe,IAAI,SAAS,CAAC,UAAU,EAAE,CAAC;YACxE,MAAM,OAAO,GAAG,gBAAgB,CAAC,OAAO,CAAC,IAAI,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC;YAC7D,GAAG,CAAC,KAAK,CAAC,qBAAqB,EAAE;gBAC/B,SAAS,EAAE,OAAO,CAAC,OAAO,CAAC,EAAE;gBAC7B,SAAS,EAAE,OAAO,CAAC,MAAM;gBACzB,OAAO,EAAE,OAAO,CAAC,IAAI,CAAC,MAAM;aAC7B,CAAC,CAAC;YACH,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;gBAAE,OAAO;YAEjC,kGAAkG;YAClG,MAAM,eAAe,GAAG,4BAA4B,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;YACtE,MAAM,SAAS,GAAG,OAAO,CAAC,MAAM,CAC9B,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,IAAI,IAAA,sBAAW,EAAC,CAAC,CAAC,SAAS,CAAC,IAAI,CAAC,QAAQ,EAAE,eAAe,CAAC,CAC5E,CAAC;YAEF,4CAA4C;YAC5C,MAAM,OAAO,GAAG,cAAc,CAAC,OAAO,EAAE,OAAO,CAAC,OAAO,CAAC,EAAE,EAAE,OAAO,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;YACvF,IAAI,OAAO,GAAG,CAAC,EAAE,CAAC;gBAChB,OAAO,CAAC,OAAO,CAAC,YAAY,GAAG,IAAI,CAAC;gBACpC,OAAO,CAAC,OAAO,CAAC,iBAAiB,GAAG,OAAO,CAAC;YAC9C,CAAC;YAED,+EAA+E;YAC/E,OAAO,CAAC,OAAO,CAAC,kBAAkB,GAAG,IAAI,CAAC;YAE1C,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACzB,MAAM,OAAO,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAChC,GAAG,CAAC,CAAC,EAAE,CAAC,QAAQ,KAAK,CAAC,CAAC,SAAU,CAAC,IAAI,CAAC,IAAI,KAAK,CAAC,CAAC,SAAU,CAAC,IAAI,CAAC,QAAQ,GAAG,CAC9E,CAAC;gBACF,GAAG,CAAC,IAAI,CAAC,mBAAmB,EAAE,EAAE,SAAS,EAAE,OAAO,CAAC,OAAO,CAAC,EAAE,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC,CAAC;gBAEnF,+DAA+D;gBAC/D,IAAI,CAAC;oBACH,SAAS,CAAC,MAAM,CAAC;wBACf,EAAE,EAAE,MAAM,CAAC,UAAU,EAAE;wBACvB,UAAU,EAAE,OAAO,CAAC,OAAO,CAAC,EAAE;wBAC9B,WAAW,EAAE,OAAO,CAAC,OAAO,CAAC,IAAI;wBACjC,YAAY,EAAE,OAAO,CAAC,IAAI;wBAC1B,YAAY,EAAE,IAAI;qBACnB,CAAC,CAAC;gBACL,CAAC;gBAAC,OAAO,GAAG,EAAE,CAAC;oBACb,GAAG,CAAC,IAAI,CAAC,uCAAuC,EAAE,EAAE,KAAK,EAAG,GAAa,CAAC,OAAO,EAAE,CAAC,CAAC;gBACvF,CAAC;gBAED,4EAA4E;gBAC5E,4EAA4E;gBAC5E,MAAM,QAAQ,GAAG,uBAAuB,CAAC,OAAO,CAAC,UAAU,EAAE,SAAS,CAAC,CAAC;gBACxE,OAAO,EAAE,YAAY,EAAE,QAAQ,EAAE,CAAC;YACpC,CAAC;QACH,CAAC;QAED,6EAA6E;QAC7E,KAAK,CAAC,kBAAkB,CAAC,OAAgC;YACvD,qEAAqE;YACrE,IAAI,OAAO,CAAC,OAAO,CAAC,kBAAkB;gBAAE,OAAO;YAE/C,IAAI,CAAC;gBACH,MAAM,KAAK,GAAG,OAAO,CAAC,OAAO,CAAC,eAAe,IAAI,SAAS,CAAC,UAAU,EAAE,CAAC;gBAExE,8EAA8E;gBAC9E,IAAI,OAA0B,CAAC;gBAC/B,IAAI,OAAO,CAAC,SAAS,IAAI,OAAO,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBACtD,MAAM,SAAS,GAAG,IAAA,+CAAgC,EAAC,OAAO,CAAC,SAAS,CAAC,CAAC;oBACtE,OAAO,GAAG,SAAS,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC;wBAC7B,EAAE;wBACF,SAAS,EAAE,IAAA,qBAAU,EAAC,EAAE,CAAC,QAAQ,EAAE,EAAE,CAAC,SAAS,EAAE,KAAK,CAAC;qBACxD,CAAC,CAAC,CAAC;gBACN,CAAC;qBAAM,CAAC;oBACN,OAAO,GAAG,gBAAgB,CAAC,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC;gBACvE,CAAC;gBAED,GAAG,CAAC,KAAK,CAAC,oBAAoB,EAAE;oBAC9B,SAAS,EAAE,OAAO,CAAC,OAAO,CAAC,EAAE;oBAC7B,WAAW,EAAE,OAAO,CAAC,WAAW;oBAChC,SAAS,EAAE,OAAO,CAAC,MAAM;oBACzB,OAAO,EAAE,OAAO,CAAC,IAAI,CAAC,MAAM;oBAC5B,aAAa,EAAE,OAAO,CAAC,OAAO,CAAC,SAAS,EAAE,MAAM,CAAC;iBAClD,CAAC,CAAC;gBACH,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;oBAAE,OAAO;gBAEjC,MAAM,OAAO,GAAG,cAAc,CAAC,OAAO,EAAE,OAAO,CAAC,OAAO,CAAC,EAAE,EAAE,OAAO,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;gBACvF,IAAI,OAAO,GAAG,CAAC,EAAE,CAAC;oBAChB,OAAO,CAAC,OAAO,CAAC,YAAY,GAAG,IAAI,CAAC;oBACpC,OAAO,CAAC,OAAO,CAAC,iBAAiB,GAAG,OAAO,CAAC;gBAC9C,CAAC;gBAED,GAAG,CAAC,KAAK,CAAC,qBAAqB,EAAE;oBAC/B,SAAS,EAAE,OAAO,CAAC,OAAO,CAAC,EAAE;oBAC7B,KAAK,EAAE,OAAO,CAAC,MAAM;oBACrB,OAAO;iBACR,CAAC,CAAC;YACL,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,GAAG,CAAC,IAAI,CAAC,8BAA8B,EAAE,EAAE,KAAK,EAAG,GAAa,CAAC,OAAO,EAAE,CAAC,CAAC;YAC9E,CAAC;QACH,CAAC;KACF,CAAC;AACJ,CAAC"}

package/dist/plugins/types.d.ts

@@ -26,6 +26,9 @@ export interface RequestContext {
     _toolGuardStreamBlock?: string;
     /** Internal: DB-loaded rules for streaming guard (set by tool-guard onRequest) */
     _toolGuardRules?: import('../tool-guard/rules.js').ToolGuardRule[];
+    /** Internal: set by threat-scorer for tool-guard to read */
+    _threatLevel?: 'normal' | 'elevated' | 'high' | 'critical';
+    _threatScore?: number;
 }
 export interface ResponseCompleteContext {
     request: RequestContext;

package/dist/plugins/types.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/plugins/types.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,cAAc;IAC7B,EAAE,EAAE,MAAM,CAAC;IACX,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAChC,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACpC,WAAW,EAAE,OAAO,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,4EAA4E;IAC5E,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,yDAAyD;IACzD,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,+FAA+F;IAC/F,kBAAkB,CAAC,EAAE,OAAO,CAAC;IAC7B;mDAC+C;IAC/C,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B,kFAAkF;IAClF,eAAe,CAAC,EAAE,OAAO,wBAAwB,EAAE,aAAa,EAAE,CAAC;CACpE;AAED,MAAM,WAAW,uBAAuB;IACtC,OAAO,EAAE,cAAc,CAAC;IACxB,UAAU,EAAE,MAAM,CAAC;IACnB,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC;IAC3C,KAAK,EAAE;QACL,WAAW,EAAE,MAAM,CAAC;QACpB,YAAY,EAAE,MAAM,CAAC;QACrB,mBAAmB,EAAE,MAAM,CAAC;QAC5B,eAAe,EAAE,MAAM,CAAC;KACzB,CAAC;IACF,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,OAAO,CAAC;IACrB,8EAA8E;IAC9E,SAAS,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,CAAC;CACvC;AAED,MAAM,WAAW,oBAAoB;IACnC,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAChC,IAAI,EAAE,MAAM,CAAC;CACd;AAED,MAAM,WAAW,mBAAmB;IAClC,YAAY,CAAC,EAAE,oBAAoB,CAAC;IACpC,OAAO,CAAC,EAAE;QAAE,MAAM,EAAE,MAAM,CAAA;KAAE,CAAC;IAC7B,WAAW,CAAC,EAAE;QAAE,UAAU,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAA;KAAE,CAAC;IACrD,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED,MAAM,WAAW,wBAAwB;IACvC,OAAO,EAAE,cAAc,CAAC;IACxB,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAChC,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC;IAC3C,WAAW,EAAE,OAAO,CAAC;CACtB;AAED,MAAM,WAAW,oBAAoB;IACnC,OAAO,CAAC,EAAE;QAAE,MAAM,EAAE,MAAM,CAAA;KAAE,CAAC;IAC7B,WAAW,CAAC,EAAE;QAAE,UAAU,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAA;KAAE,CAAC;IACrD,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED,MAAM,WAAW,MAAM;IACrB,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,MAAM,CAAC,EAAE,SAAS,GAAG,UAAU,CAAC;IAChC,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,SAAS,CAAC,CAAC,OAAO,EAAE,cAAc,GAAG,OAAO,CAAC,mBAAmB,GAAG,IAAI,CAAC,CAAC;IACzE,UAAU,CAAC,CAAC,OAAO,EAAE,wBAAwB,GAAG,OAAO,CAAC,oBAAoB,GAAG,IAAI,CAAC,CAAC;IACrF,kBAAkB,CAAC,CAAC,OAAO,EAAE,uBAAuB,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CACtE"}
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/plugins/types.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,cAAc;IAC7B,EAAE,EAAE,MAAM,CAAC;IACX,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAChC,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACpC,WAAW,EAAE,OAAO,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,4EAA4E;IAC5E,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,yDAAyD;IACzD,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,+FAA+F;IAC/F,kBAAkB,CAAC,EAAE,OAAO,CAAC;IAC7B;mDAC+C;IAC/C,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B,kFAAkF;IAClF,eAAe,CAAC,EAAE,OAAO,wBAAwB,EAAE,aAAa,EAAE,CAAC;IACnE,4DAA4D;IAC5D,YAAY,CAAC,EAAE,QAAQ,GAAG,UAAU,GAAG,MAAM,GAAG,UAAU,CAAC;IAC3D,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED,MAAM,WAAW,uBAAuB;IACtC,OAAO,EAAE,cAAc,CAAC;IACxB,UAAU,EAAE,MAAM,CAAC;IACnB,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC;IAC3C,KAAK,EAAE;QACL,WAAW,EAAE,MAAM,CAAC;QACpB,YAAY,EAAE,MAAM,CAAC;QACrB,mBAAmB,EAAE,MAAM,CAAC;QAC5B,eAAe,EAAE,MAAM,CAAC;KACzB,CAAC;IACF,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,OAAO,CAAC;IACrB,8EAA8E;IAC9E,SAAS,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,CAAC;CACvC;AAED,MAAM,WAAW,oBAAoB;IACnC,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAChC,IAAI,EAAE,MAAM,CAAC;CACd;AAED,MAAM,WAAW,mBAAmB;IAClC,YAAY,CAAC,EAAE,oBAAoB,CAAC;IACpC,OAAO,CAAC,EAAE;QAAE,MAAM,EAAE,MAAM,CAAA;KAAE,CAAC;IAC7B,WAAW,CAAC,EAAE;QAAE,UAAU,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAA;KAAE,CAAC;IACrD,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED,MAAM,WAAW,wBAAwB;IACvC,OAAO,EAAE,cAAc,CAAC;IACxB,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAChC,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC;IAC3C,WAAW,EAAE,OAAO,CAAC;CACtB;AAED,MAAM,WAAW,oBAAoB;IACnC,OAAO,CAAC,EAAE;QAAE,MAAM,EAAE,MAAM,CAAA;KAAE,CAAC;IAC7B,WAAW,CAAC,EAAE;QAAE,UAAU,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAA;KAAE,CAAC;IACrD,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED,MAAM,WAAW,MAAM;IACrB,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,MAAM,CAAC,EAAE,SAAS,GAAG,UAAU,CAAC;IAChC,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,SAAS,CAAC,CAAC,OAAO,EAAE,cAAc,GAAG,OAAO,CAAC,mBAAmB,GAAG,IAAI,CAAC,CAAC;IACzE,UAAU,CAAC,CAAC,OAAO,EAAE,wBAAwB,GAAG,OAAO,CAAC,oBAAoB,GAAG,IAAI,CAAC,CAAC;IACrF,kBAAkB,CAAC,CAAC,OAAO,EAAE,uBAAuB,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CACtE"}

package/dist/storage/migrations.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"migrations.d.ts","sourceRoot":"","sources":["../../src/storage/migrations.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,QAAQ,MAAM,gBAAgB,CAAC;AAkP3C,wBAAgB,aAAa,CAAC,EAAE,EAAE,QAAQ,CAAC,QAAQ,GAAG,IAAI,CAqCzD"}
+{"version":3,"file":"migrations.d.ts","sourceRoot":"","sources":["../../src/storage/migrations.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,QAAQ,MAAM,gBAAgB,CAAC;AA8R3C,wBAAgB,aAAa,CAAC,EAAE,EAAE,QAAQ,CAAC,QAAQ,GAAG,IAAI,CAqCzD"}

package/dist/storage/migrations.js

@@ -223,6 +223,49 @@ const MIGRATIONS = [
     // Migration 16: DLP patterns — context_verify column for anti-pattern / entropy / code-block checks
     `
   ALTER TABLE dlp_patterns ADD COLUMN context_verify TEXT;
+  `,
+    // Migration 17: Threat Intelligence — session threat scoring, tool chain detection, taint tracking
+    `
+  CREATE TABLE IF NOT EXISTS threat_scores (
+    session_id TEXT PRIMARY KEY,
+    score REAL DEFAULT 0,
+    level TEXT DEFAULT 'normal',
+    event_count INTEGER DEFAULT 0,
+    last_event_at TEXT,
+    updated_at TEXT DEFAULT (datetime('now'))
+  );
+
+  CREATE TABLE IF NOT EXISTS threat_score_events (
+    id TEXT PRIMARY KEY,
+    session_id TEXT NOT NULL,
+    event_type TEXT NOT NULL,
+    source_event TEXT,
+    points REAL NOT NULL,
+    score_after REAL NOT NULL,
+    level_after TEXT NOT NULL,
+    created_at TEXT DEFAULT (datetime('now'))
+  );
+  CREATE INDEX IF NOT EXISTS idx_tse_session ON threat_score_events(session_id);
+
+  CREATE TABLE IF NOT EXISTS tool_chain_detections (
+    id TEXT PRIMARY KEY,
+    session_id TEXT NOT NULL,
+    rule_id TEXT NOT NULL,
+    matched_sequence TEXT NOT NULL,
+    action TEXT NOT NULL,
+    created_at TEXT DEFAULT (datetime('now'))
+  );
+
+  CREATE TABLE IF NOT EXISTS taint_marks (
+    id TEXT PRIMARY KEY,
+    session_id TEXT NOT NULL,
+    request_id TEXT NOT NULL,
+    pattern_name TEXT NOT NULL,
+    direction TEXT NOT NULL,
+    fingerprint TEXT,
+    created_at TEXT DEFAULT (datetime('now'))
+  );
+  CREATE INDEX IF NOT EXISTS idx_taint_session ON taint_marks(session_id);
   `,
 ];
 function runMigrations(db) {

package/dist/storage/migrations.js.map

@@ -1 +1 @@
-{"version":3,"file":"migrations.js","sourceRoot":"","sources":["../../src/storage/migrations.ts"],"names":[],"mappings":";;AAkPA,sCAqCC;AArRD,MAAM,UAAU,GAAa;IAC3B,8BAA8B;IAC9B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAqDC;IAED,2EAA2E;IAC3E;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAiCC;IAED,6EAA6E;IAC7E;;;;;;;;;;;GAWC;IAED,0EAA0E;IAC1E;;;;;;;;;;;;;;GAcC;IAED,mEAAmE;IACnE;;GAEC;IAED,yDAAyD;IACzD;;;;GAIC;IAED,yCAAyC;IACzC;;;;;;GAMC;IAED,uDAAuD;IACvD;;;;;;;;;;;;;;;;;;;GAmBC;IAED,+DAA+D;IAC/D;;GAEC;IAED,4EAA4E;IAC5E;;;;;;;;;;;;;;;GAeC;IAED,gFAAgF;IAChF,iGAAiG;IACjG;;;;GAIC;IAED,sGAAsG;IACtG;;GAEC;IAED,gEAAgE;IAChE;;;GAGC;IAED,iEAAiE;IACjE;;;GAGC;IAED,sEAAsE;IACtE;;;;;;;;;;;;;;;;GAgBC;IAED,oGAAoG;IACpG;;GAEC;CACF,CAAC;AAEF,SAAgB,aAAa,CAAC,EAAqB;IACjD,qCAAqC;IACrC,EAAE,CAAC,IAAI,CAAC;;;;;GAKP,CAAC,CAAC;IAEH,MAAM,cAAc,GAAG,EAAE,CAAC,OAAO,CAAC,oDAAoD,CAAC,CAAC,GAAG,EAE9E,CAAC;IACd,MAAM,OAAO,GAAG,cAAc,EAAE,OAAO,IAAI,CAAC,CAAC;IAE7C,KAAK,IAAI,CAAC,GAAG,OAAO,EAAE,CAAC,GAAG,UAAU,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACjD,IAAI,CAAC;YACH,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC;QACzB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,wEAAwE;YACxE,IAAI,GAAG,YAAY,KAAK,IAAI,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,kBAAkB,CAAC,EAAE,CAAC;gBACrE,oEAAoE;gBACpE,MAAM,UAAU,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;gBAC/E,KAAK,MAAM,IAAI,IAAI,UAAU,EAAE,CAAC;oBAC9B,IAAI,CAAC;wBACH,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;oBAChB,CAAC;oBAAC,OAAO,OAAO,EAAE,CAAC;wBACjB,IAAI,CAAC,CAAC,OAAO,YAAY,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,QAAQ,CAAC,kBAAkB,CAAC,EAAE,CAAC;4BACjF,MAAM,OAAO,CAAC;wBAChB,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,MAAM,GAAG,CAAC;YACZ,CAAC;QACH,CAAC;QACD,EAAE,CAAC,OAAO,CAAC,iDAAiD,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;IAC3E,CAAC;AACH,CAAC"}
+{"version":3,"file":"migrations.js","sourceRoot":"","sources":["../../src/storage/migrations.ts"],"names":[],"mappings":";;AA8RA,sCAqCC;AAjUD,MAAM,UAAU,GAAa;IAC3B,8BAA8B;IAC9B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAqDC;IAED,2EAA2E;IAC3E;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAiCC;IAED,6EAA6E;IAC7E;;;;;;;;;;;GAWC;IAED,0EAA0E;IAC1E;;;;;;;;;;;;;;GAcC;IAED,mEAAmE;IACnE;;GAEC;IAED,yDAAyD;IACzD;;;;GAIC;IAED,yCAAyC;IACzC;;;;;;GAMC;IAED,uDAAuD;IACvD;;;;;;;;;;;;;;;;;;;GAmBC;IAED,+DAA+D;IAC/D;;GAEC;IAED,4EAA4E;IAC5E;;;;;;;;;;;;;;;GAeC;IAED,gFAAgF;IAChF,iGAAiG;IACjG;;;;GAIC;IAED,sGAAsG;IACtG;;GAEC;IAED,gEAAgE;IAChE;;;GAGC;IAED,iEAAiE;IACjE;;;GAGC;IAED,sEAAsE;IACtE;;;;;;;;;;;;;;;;GAgBC;IAED,oGAAoG;IACpG;;GAEC;IAED,mGAAmG;IACnG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAyCC;CACF,CAAC;AAEF,SAAgB,aAAa,CAAC,EAAqB;IACjD,qCAAqC;IACrC,EAAE,CAAC,IAAI,CAAC;;;;;GAKP,CAAC,CAAC;IAEH,MAAM,cAAc,GAAG,EAAE,CAAC,OAAO,CAAC,oDAAoD,CAAC,CAAC,GAAG,EAE9E,CAAC;IACd,MAAM,OAAO,GAAG,cAAc,EAAE,OAAO,IAAI,CAAC,CAAC;IAE7C,KAAK,IAAI,CAAC,GAAG,OAAO,EAAE,CAAC,GAAG,UAAU,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACjD,IAAI,CAAC;YACH,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC;QACzB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,wEAAwE;YACxE,IAAI,GAAG,YAAY,KAAK,IAAI,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,kBAAkB,CAAC,EAAE,CAAC;gBACrE,oEAAoE;gBACpE,MAAM,UAAU,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;gBAC/E,KAAK,MAAM,IAAI,IAAI,UAAU,EAAE,CAAC;oBAC9B,IAAI,CAAC;wBACH,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;oBAChB,CAAC;oBAAC,OAAO,OAAO,EAAE,CAAC;wBACjB,IAAI,CAAC,CAAC,OAAO,YAAY,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,QAAQ,CAAC,kBAAkB,CAAC,EAAE,CAAC;4BACjF,MAAM,OAAO,CAAC;wBAChB,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,MAAM,GAAG,CAAC;YACZ,CAAC;QACH,CAAC;QACD,EAAE,CAAC,OAAO,CAAC,iDAAiD,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;IAC3E,CAAC;AACH,CAAC"}

package/dist/storage/repositories/taint-marks.d.ts

@@ -0,0 +1,26 @@
+import type Database from 'better-sqlite3';
+export interface TaintMarkRecord {
+    id: string;
+    session_id: string;
+    request_id: string;
+    pattern_name: string;
+    direction: string;
+    fingerprint: string | null;
+    created_at: string;
+}
+export declare class TaintMarksRepository {
+    private db;
+    constructor(db: Database.Database);
+    insert(record: {
+        id: string;
+        session_id: string;
+        request_id: string;
+        pattern_name: string;
+        direction: string;
+        fingerprint: string | null;
+    }): void;
+    getBySession(sessionId: string): TaintMarkRecord[];
+    getActiveBySession(sessionId: string, withinMinutes?: number): TaintMarkRecord[];
+    purgeOlderThan(hours: number): number;
+}
+//# sourceMappingURL=taint-marks.d.ts.map

package/dist/storage/repositories/taint-marks.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"taint-marks.d.ts","sourceRoot":"","sources":["../../../src/storage/repositories/taint-marks.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,QAAQ,MAAM,gBAAgB,CAAC;AAE3C,MAAM,WAAW,eAAe;IAC9B,EAAE,EAAE,MAAM,CAAC;IACX,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,qBAAa,oBAAoB;IAC/B,OAAO,CAAC,EAAE,CAAoB;gBAElB,EAAE,EAAE,QAAQ,CAAC,QAAQ;IAIjC,MAAM,CAAC,MAAM,EAAE;QACb,EAAE,EAAE,MAAM,CAAC;QACX,UAAU,EAAE,MAAM,CAAC;QACnB,UAAU,EAAE,MAAM,CAAC;QACnB,YAAY,EAAE,MAAM,CAAC;QACrB,SAAS,EAAE,MAAM,CAAC;QAClB,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;KAC5B,GAAG,IAAI;IAOR,YAAY,CAAC,SAAS,EAAE,MAAM,GAAG,eAAe,EAAE;IAMlD,kBAAkB,CAAC,SAAS,EAAE,MAAM,EAAE,aAAa,GAAE,MAAW,GAAG,eAAe,EAAE;IAMpF,cAAc,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM;CAMtC"}

package/dist/storage/repositories/taint-marks.js

@@ -0,0 +1,27 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.TaintMarksRepository = void 0;
+class TaintMarksRepository {
+    db;
+    constructor(db) {
+        this.db = db;
+    }
+    insert(record) {
+        this.db.prepare(`
+      INSERT INTO taint_marks (id, session_id, request_id, pattern_name, direction, fingerprint)
+      VALUES (@id, @session_id, @request_id, @pattern_name, @direction, @fingerprint)
+    `).run(record);
+    }
+    getBySession(sessionId) {
+        return this.db.prepare('SELECT * FROM taint_marks WHERE session_id = ? ORDER BY created_at DESC').all(sessionId);
+    }
+    getActiveBySession(sessionId, withinMinutes = 60) {
+        return this.db.prepare(`SELECT * FROM taint_marks WHERE session_id = ? AND created_at > datetime('now', '-' || ? || ' minutes') ORDER BY created_at DESC`).all(sessionId, withinMinutes);
+    }
+    purgeOlderThan(hours) {
+        const result = this.db.prepare(`DELETE FROM taint_marks WHERE created_at < datetime('now', '-' || ? || ' hours')`).run(hours);
+        return result.changes;
+    }
+}
+exports.TaintMarksRepository = TaintMarksRepository;
+//# sourceMappingURL=taint-marks.js.map

package/dist/storage/repositories/taint-marks.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"taint-marks.js","sourceRoot":"","sources":["../../../src/storage/repositories/taint-marks.ts"],"names":[],"mappings":";;;AAYA,MAAa,oBAAoB;IACvB,EAAE,CAAoB;IAE9B,YAAY,EAAqB;QAC/B,IAAI,CAAC,EAAE,GAAG,EAAE,CAAC;IACf,CAAC;IAED,MAAM,CAAC,MAON;QACC,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC;;;KAGf,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IACjB,CAAC;IAED,YAAY,CAAC,SAAiB;QAC5B,OAAO,IAAI,CAAC,EAAE,CAAC,OAAO,CACpB,yEAAyE,CAC1E,CAAC,GAAG,CAAC,SAAS,CAAsB,CAAC;IACxC,CAAC;IAED,kBAAkB,CAAC,SAAiB,EAAE,gBAAwB,EAAE;QAC9D,OAAO,IAAI,CAAC,EAAE,CAAC,OAAO,CACpB,kIAAkI,CACnI,CAAC,GAAG,CAAC,SAAS,EAAE,aAAa,CAAsB,CAAC;IACvD,CAAC;IAED,cAAc,CAAC,KAAa;QAC1B,MAAM,MAAM,GAAG,IAAI,CAAC,EAAE,CAAC,OAAO,CAC5B,kFAAkF,CACnF,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACb,OAAO,MAAM,CAAC,OAAO,CAAC;IACxB,CAAC;CACF;AAvCD,oDAuCC"}

package/dist/storage/repositories/threat-score-events.d.ts

@@ -0,0 +1,27 @@
+import type Database from 'better-sqlite3';
+export interface ThreatScoreEventRecord {
+    id: string;
+    session_id: string;
+    event_type: string;
+    source_event: string | null;
+    points: number;
+    score_after: number;
+    level_after: string;
+    created_at: string;
+}
+export declare class ThreatScoreEventsRepository {
+    private db;
+    constructor(db: Database.Database);
+    insert(record: {
+        id: string;
+        session_id: string;
+        event_type: string;
+        source_event: string | null;
+        points: number;
+        score_after: number;
+        level_after: string;
+    }): void;
+    getBySession(sessionId: string, limit?: number): ThreatScoreEventRecord[];
+    purgeOlderThan(hours: number): number;
+}
+//# sourceMappingURL=threat-score-events.d.ts.map

package/dist/storage/repositories/threat-score-events.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"threat-score-events.d.ts","sourceRoot":"","sources":["../../../src/storage/repositories/threat-score-events.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,QAAQ,MAAM,gBAAgB,CAAC;AAE3C,MAAM,WAAW,sBAAsB;IACrC,EAAE,EAAE,MAAM,CAAC;IACX,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,MAAM,EAAE,MAAM,CAAC;IACf,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,qBAAa,2BAA2B;IACtC,OAAO,CAAC,EAAE,CAAoB;gBAElB,EAAE,EAAE,QAAQ,CAAC,QAAQ;IAIjC,MAAM,CAAC,MAAM,EAAE;QACb,EAAE,EAAE,MAAM,CAAC;QACX,UAAU,EAAE,MAAM,CAAC;QACnB,UAAU,EAAE,MAAM,CAAC;QACnB,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;QAC5B,MAAM,EAAE,MAAM,CAAC;QACf,WAAW,EAAE,MAAM,CAAC;QACpB,WAAW,EAAE,MAAM,CAAC;KACrB,GAAG,IAAI;IAOR,YAAY,CAAC,SAAS,EAAE,MAAM,EAAE,KAAK,GAAE,MAAW,GAAG,sBAAsB,EAAE;IAM7E,cAAc,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM;CAMtC"}