@aion0/bastion 0.1.7

package/dist/dashboard/page.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"page.js","sourceRoot":"","sources":["../../src/dashboard/page.ts"],"names":[],"mappings":";;AAslDA,wCAOC;AA3lDD,qEAAqE;AACrE,MAAM,IAAI,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;QAqGL,CAAC;AAET,qEAAqE;AACrE,MAAM,QAAQ,GAAG;;;;;;;;;;;;;;OAcV,CAAC;AAER,qEAAqE;AACrE,MAAM,aAAa,GAAG;;;;;;;;;;;;;;;;;;;;OAoBf,CAAC;AAER,qEAAqE;AACrE,MAAM,QAAQ,GAAG;;;;;;;;;;;;;;;;OAgBV,CAAC;AAER,qEAAqE;AACrE,MAAM,UAAU,GAAG;;;;;;;;;;;;;;;;;;;;OAoBZ,CAAC;AAER,qEAAqE;AACrE,MAAM,QAAQ,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OA8DV,CAAC;AAER,qEAAqE;AACrE,MAAM,aAAa,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OA0Mf,CAAC;AAER,qEAAqE;AACrE,MAAM,MAAM,GAAG,iFAAiF,CAAC;AAEjG,qEAAqE;AACrE,MAAM,MAAM,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;UAkoCL,CAAC;AAEX,MAAM,IAAI,GAAG,IAAI,GAAG,+BAA+B;IACjD,QAAQ,GAAG,aAAa,GAAG,QAAQ,GAAG,UAAU,GAAG,QAAQ,GAAG,aAAa,GAAG,MAAM;IACpF,QAAQ,GAAG,MAAM,GAAG,gBAAgB,CAAC;AAEvC,SAAgB,cAAc,CAAC,GAAmB;IAChD,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE;QACjB,cAAc,EAAE,0BAA0B;QAC1C,eAAe,EAAE,qCAAqC;QACtD,QAAQ,EAAE,UAAU;KACrB,CAAC,CAAC;IACH,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;AAChB,CAAC"}

package/dist/dlp/actions.d.ts

@@ -0,0 +1,13 @@
+export type DlpAction = 'pass' | 'warn' | 'redact' | 'block';
+export interface DlpFinding {
+    patternName: string;
+    patternCategory: string;
+    matchCount: number;
+    matches: string[];
+}
+export interface DlpResult {
+    action: DlpAction;
+    findings: DlpFinding[];
+    redactedBody?: string;
+}
+//# sourceMappingURL=actions.d.ts.map

package/dist/dlp/actions.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"actions.d.ts","sourceRoot":"","sources":["../../src/dlp/actions.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,SAAS,GAAG,MAAM,GAAG,MAAM,GAAG,QAAQ,GAAG,OAAO,CAAC;AAE7D,MAAM,WAAW,UAAU;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe,EAAE,MAAM,CAAC;IACxB,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,MAAM,EAAE,CAAC;CACnB;AAED,MAAM,WAAW,SAAS;IACxB,MAAM,EAAE,SAAS,CAAC;IAClB,QAAQ,EAAE,UAAU,EAAE,CAAC;IACvB,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB"}

package/dist/dlp/actions.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=actions.js.map

package/dist/dlp/actions.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"actions.js","sourceRoot":"","sources":["../../src/dlp/actions.ts"],"names":[],"mappings":""}

package/dist/dlp/ai-validator.d.ts

@@ -0,0 +1,28 @@
+import type { DlpFinding } from './actions.js';
+export interface AiValidatorConfig {
+    enabled: boolean;
+    provider: 'anthropic' | 'openai';
+    model: string;
+    apiKey: string;
+    timeoutMs: number;
+    cacheSize: number;
+}
+export declare class AiValidator {
+    private config;
+    private cache;
+    constructor(config: AiValidatorConfig);
+    /** Returns true if the validator is ready (enabled + apiKey configured) */
+    get ready(): boolean;
+    /** Update config at runtime (e.g. toggle enabled) */
+    updateConfig(config: Partial<AiValidatorConfig>): void;
+    /**
+     * Filter findings through AI validation.
+     * Returns only findings that the AI confirms as real sensitive data.
+     */
+    validate(findings: DlpFinding[], text: string): Promise<DlpFinding[]>;
+    private callLLM;
+    private callAnthropic;
+    private callOpenAI;
+    private httpPost;
+}
+//# sourceMappingURL=ai-validator.d.ts.map

package/dist/dlp/ai-validator.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ai-validator.d.ts","sourceRoot":"","sources":["../../src/dlp/ai-validator.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAM/C,MAAM,WAAW,iBAAiB;IAChC,OAAO,EAAE,OAAO,CAAC;IACjB,QAAQ,EAAE,WAAW,GAAG,QAAQ,CAAC;IACjC,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;CACnB;AA2CD,qBAAa,WAAW;IACtB,OAAO,CAAC,MAAM,CAAoB;IAClC,OAAO,CAAC,KAAK,CAAW;gBAEZ,MAAM,EAAE,iBAAiB;IAKrC,2EAA2E;IAC3E,IAAI,KAAK,IAAI,OAAO,CAEnB;IAED,qDAAqD;IACrD,YAAY,CAAC,MAAM,EAAE,OAAO,CAAC,iBAAiB,CAAC,GAAG,IAAI;IAItD;;;OAGG;IACG,QAAQ,CAAC,QAAQ,EAAE,UAAU,EAAE,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,EAAE,CAAC;YAgD7D,OAAO;IAarB,OAAO,CAAC,aAAa;IAuBrB,OAAO,CAAC,UAAU;IAyBlB,OAAO,CAAC,QAAQ;CAgCjB"}

package/dist/dlp/ai-validator.js

@@ -0,0 +1,214 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AiValidator = void 0;
+const node_https_1 = __importDefault(require("node:https"));
+const logger_js_1 = require("../utils/logger.js");
+const log = (0, logger_js_1.createLogger)('ai-validator');
+const SNIPPET_RADIUS = 200;
+// ── Simple LRU cache ──
+class LRUCache {
+    cache = new Map();
+    maxSize;
+    constructor(maxSize) {
+        this.maxSize = maxSize;
+    }
+    get(key) {
+        const value = this.cache.get(key);
+        if (value !== undefined) {
+            // Move to end (most recently used)
+            this.cache.delete(key);
+            this.cache.set(key, value);
+        }
+        return value;
+    }
+    set(key, value) {
+        this.cache.delete(key);
+        this.cache.set(key, value);
+        if (this.cache.size > this.maxSize) {
+            const firstKey = this.cache.keys().next().value;
+            this.cache.delete(firstKey);
+        }
+    }
+    get size() {
+        return this.cache.size;
+    }
+}
+// ── AI Validator ──
+class AiValidator {
+    config;
+    cache;
+    constructor(config) {
+        this.config = config;
+        this.cache = new LRUCache(config.cacheSize);
+    }
+    /** Returns true if the validator is ready (enabled + apiKey configured) */
+    get ready() {
+        return this.config.enabled && this.config.apiKey.length > 0;
+    }
+    /** Update config at runtime (e.g. toggle enabled) */
+    updateConfig(config) {
+        Object.assign(this.config, config);
+    }
+    /**
+     * Filter findings through AI validation.
+     * Returns only findings that the AI confirms as real sensitive data.
+     */
+    async validate(findings, text) {
+        if (!this.ready || findings.length === 0)
+            return findings;
+        const confirmed = [];
+        for (const finding of findings) {
+            const firstMatch = finding.matches[0] ?? '';
+            const cacheKey = `${finding.patternName}:${firstMatch}`;
+            // Check cache first
+            const cached = this.cache.get(cacheKey);
+            if (cached) {
+                if (cached.verdict === 'sensitive') {
+                    confirmed.push(finding);
+                }
+                else {
+                    log.debug('AI cache: false positive', { pattern: finding.patternName, reason: cached.reason });
+                }
+                continue;
+            }
+            // Extract surrounding context
+            const context = extractContext(text, firstMatch, SNIPPET_RADIUS);
+            try {
+                const result = await this.callLLM(finding, firstMatch, context);
+                this.cache.set(cacheKey, result);
+                if (result.verdict === 'sensitive') {
+                    confirmed.push(finding);
+                }
+                else {
+                    log.info('AI validator: false positive filtered', {
+                        pattern: finding.patternName,
+                        reason: result.reason,
+                    });
+                }
+            }
+            catch (err) {
+                // On error, fail-closed: treat as real sensitive data
+                log.warn('AI validation failed, treating as sensitive', {
+                    pattern: finding.patternName,
+                    error: err.message,
+                });
+                confirmed.push(finding);
+            }
+        }
+        return confirmed;
+    }
+    async callLLM(finding, matchText, context) {
+        const prompt = buildPrompt(finding, matchText, context);
+        if (this.config.provider === 'anthropic') {
+            return this.callAnthropic(prompt);
+        }
+        return this.callOpenAI(prompt);
+    }
+    callAnthropic(prompt) {
+        const body = JSON.stringify({
+            model: this.config.model,
+            max_tokens: 150,
+            messages: [{ role: 'user', content: prompt }],
+        });
+        return this.httpPost('api.anthropic.com', '/v1/messages', {
+            'content-type': 'application/json',
+            'x-api-key': this.config.apiKey,
+            'anthropic-version': '2023-06-01',
+        }, body).then((raw) => {
+            const res = JSON.parse(raw);
+            const text = res.content?.[0]?.text ?? '';
+            return parseVerdict(text);
+        });
+    }
+    callOpenAI(prompt) {
+        const body = JSON.stringify({
+            model: this.config.model,
+            max_tokens: 150,
+            messages: [
+                { role: 'system', content: 'You are a security data classifier. Respond ONLY with the JSON format requested.' },
+                { role: 'user', content: prompt },
+            ],
+        });
+        return this.httpPost('api.openai.com', '/v1/chat/completions', {
+            'content-type': 'application/json',
+            'authorization': `Bearer ${this.config.apiKey}`,
+        }, body).then((raw) => {
+            const res = JSON.parse(raw);
+            const text = res.choices?.[0]?.message?.content ?? '';
+            return parseVerdict(text);
+        });
+    }
+    httpPost(hostname, path, headers, body) {
+        return new Promise((resolve, reject) => {
+            const req = node_https_1.default.request({ hostname, path, method: 'POST', headers: { ...headers, 'content-length': Buffer.byteLength(body).toString() } }, (res) => {
+                const chunks = [];
+                res.on('data', (chunk) => chunks.push(chunk));
+                res.on('end', () => {
+                    const status = res.statusCode ?? 0;
+                    const result = Buffer.concat(chunks).toString('utf-8');
+                    if (status >= 200 && status < 300) {
+                        resolve(result);
+                    }
+                    else {
+                        reject(new Error(`HTTP ${status}: ${result.slice(0, 200)}`));
+                    }
+                });
+            });
+            req.setTimeout(this.config.timeoutMs, () => {
+                req.destroy(new Error(`AI validation timed out (${this.config.timeoutMs}ms)`));
+            });
+            req.on('error', reject);
+            req.end(body);
+        });
+    }
+}
+exports.AiValidator = AiValidator;
+// ── Helpers ──
+function extractContext(text, match, radius) {
+    const idx = text.indexOf(match);
+    if (idx === -1)
+        return match;
+    const start = Math.max(0, idx - radius);
+    const end = Math.min(text.length, idx + match.length + radius);
+    return text.slice(start, end);
+}
+function buildPrompt(finding, matchText, context) {
+    // Mask part of the match to avoid leaking secrets through the AI API
+    const masked = matchText.length > 8
+        ? matchText.slice(0, 4) + '*'.repeat(matchText.length - 8) + matchText.slice(-4)
+        : matchText;
+    return `You are a security data classifier. Determine if the following regex match is REAL sensitive data or a FALSE POSITIVE (e.g. example/placeholder/test data, documentation, code variable names, or random string that happens to match the pattern).
+
+Pattern: ${finding.patternName} (${finding.patternCategory})
+Matched text (partially masked): ${masked}
+Surrounding context:
+---
+${context.slice(0, 500)}
+---
+
+Respond with ONLY a JSON object, no other text:
+{"verdict": "sensitive" or "false_positive", "reason": "brief one-line explanation"}`;
+}
+function parseVerdict(text) {
+    // Try to extract JSON from the response
+    const jsonMatch = text.match(/\{[^}]+\}/);
+    if (jsonMatch) {
+        try {
+            const parsed = JSON.parse(jsonMatch[0]);
+            const verdict = parsed.verdict === 'false_positive' ? 'false_positive' : 'sensitive';
+            return { verdict, reason: parsed.reason ?? '' };
+        }
+        catch { /* fall through */ }
+    }
+    // Fallback: look for keywords
+    const lower = text.toLowerCase();
+    if (lower.includes('false_positive') || lower.includes('false positive')) {
+        return { verdict: 'false_positive', reason: text.slice(0, 100) };
+    }
+    // Default: treat as sensitive (fail-closed)
+    return { verdict: 'sensitive', reason: text.slice(0, 100) };
+}
+//# sourceMappingURL=ai-validator.js.map

package/dist/dlp/ai-validator.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ai-validator.js","sourceRoot":"","sources":["../../src/dlp/ai-validator.ts"],"names":[],"mappings":";;;;;;AAAA,4DAA+B;AAC/B,kDAAkD;AAGlD,MAAM,GAAG,GAAG,IAAA,wBAAY,EAAC,cAAc,CAAC,CAAC;AAEzC,MAAM,cAAc,GAAG,GAAG,CAAC;AAgB3B,yBAAyB;AAEzB,MAAM,QAAQ;IACJ,KAAK,GAAG,IAAI,GAAG,EAAsB,CAAC;IACtC,OAAO,CAAS;IAExB,YAAY,OAAe;QACzB,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;IACzB,CAAC;IAED,GAAG,CAAC,GAAW;QACb,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAClC,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;YACxB,mCAAmC;YACnC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YACvB,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;QAC7B,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAED,GAAG,CAAC,GAAW,EAAE,KAAiB;QAChC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACvB,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;QAC3B,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,GAAG,IAAI,CAAC,OAAO,EAAE,CAAC;YACnC,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,IAAI,EAAE,CAAC,KAAM,CAAC;YACjD,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QAC9B,CAAC;IACH,CAAC;IAED,IAAI,IAAI;QACN,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC;IACzB,CAAC;CACF;AAED,qBAAqB;AAErB,MAAa,WAAW;IACd,MAAM,CAAoB;IAC1B,KAAK,CAAW;IAExB,YAAY,MAAyB;QACnC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,KAAK,GAAG,IAAI,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IAC9C,CAAC;IAED,2EAA2E;IAC3E,IAAI,KAAK;QACP,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC;IAC9D,CAAC;IAED,qDAAqD;IACrD,YAAY,CAAC,MAAkC;QAC7C,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACrC,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,QAAQ,CAAC,QAAsB,EAAE,IAAY;QACjD,IAAI,CAAC,IAAI,CAAC,KAAK,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,QAAQ,CAAC;QAE1D,MAAM,SAAS,GAAiB,EAAE,CAAC;QAEnC,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;YAC/B,MAAM,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YAC5C,MAAM,QAAQ,GAAG,GAAG,OAAO,CAAC,WAAW,IAAI,UAAU,EAAE,CAAC;YAExD,oBAAoB;YACpB,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;YACxC,IAAI,MAAM,EAAE,CAAC;gBACX,IAAI,MAAM,CAAC,OAAO,KAAK,WAAW,EAAE,CAAC;oBACnC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;gBAC1B,CAAC;qBAAM,CAAC;oBACN,GAAG,CAAC,KAAK,CAAC,0BAA0B,EAAE,EAAE,OAAO,EAAE,OAAO,CAAC,WAAW,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;gBACjG,CAAC;gBACD,SAAS;YACX,CAAC;YAED,8BAA8B;YAC9B,MAAM,OAAO,GAAG,cAAc,CAAC,IAAI,EAAE,UAAU,EAAE,cAAc,CAAC,CAAC;YAEjE,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,UAAU,EAAE,OAAO,CAAC,CAAC;gBAChE,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;gBAEjC,IAAI,MAAM,CAAC,OAAO,KAAK,WAAW,EAAE,CAAC;oBACnC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;gBAC1B,CAAC;qBAAM,CAAC;oBACN,GAAG,CAAC,IAAI,CAAC,uCAAuC,EAAE;wBAChD,OAAO,EAAE,OAAO,CAAC,WAAW;wBAC5B,MAAM,EAAE,MAAM,CAAC,MAAM;qBACtB,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,sDAAsD;gBACtD,GAAG,CAAC,IAAI,CAAC,6CAA6C,EAAE;oBACtD,OAAO,EAAE,OAAO,CAAC,WAAW;oBAC5B,KAAK,EAAG,GAAa,CAAC,OAAO;iBAC9B,CAAC,CAAC;gBACH,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAC1B,CAAC;QACH,CAAC;QAED,OAAO,SAAS,CAAC;IACnB,CAAC;IAEO,KAAK,CAAC,OAAO,CACnB,OAAmB,EACnB,SAAiB,EACjB,OAAe;QAEf,MAAM,MAAM,GAAG,WAAW,CAAC,OAAO,EAAE,SAAS,EAAE,OAAO,CAAC,CAAC;QAExD,IAAI,IAAI,CAAC,MAAM,CAAC,QAAQ,KAAK,WAAW,EAAE,CAAC;YACzC,OAAO,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC;QACpC,CAAC;QACD,OAAO,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;IACjC,CAAC;IAEO,aAAa,CAAC,MAAc;QAClC,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC;YAC1B,KAAK,EAAE,IAAI,CAAC,MAAM,CAAC,KAAK;YACxB,UAAU,EAAE,GAAG;YACf,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC;SAC9C,CAAC,CAAC;QAEH,OAAO,IAAI,CAAC,QAAQ,CAClB,mBAAmB,EACnB,cAAc,EACd;YACE,cAAc,EAAE,kBAAkB;YAClC,WAAW,EAAE,IAAI,CAAC,MAAM,CAAC,MAAM;YAC/B,mBAAmB,EAAE,YAAY;SAClC,EACD,IAAI,CACL,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE;YACb,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAC5B,MAAM,IAAI,GAAG,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,IAAI,IAAI,EAAE,CAAC;YAC1C,OAAO,YAAY,CAAC,IAAI,CAAC,CAAC;QAC5B,CAAC,CAAC,CAAC;IACL,CAAC;IAEO,UAAU,CAAC,MAAc;QAC/B,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC;YAC1B,KAAK,EAAE,IAAI,CAAC,MAAM,CAAC,KAAK;YACxB,UAAU,EAAE,GAAG;YACf,QAAQ,EAAE;gBACR,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,kFAAkF,EAAE;gBAC/G,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE;aAClC;SACF,CAAC,CAAC;QAEH,OAAO,IAAI,CAAC,QAAQ,CAClB,gBAAgB,EAChB,sBAAsB,EACtB;YACE,cAAc,EAAE,kBAAkB;YAClC,eAAe,EAAE,UAAU,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE;SAChD,EACD,IAAI,CACL,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE;YACb,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAC5B,MAAM,IAAI,GAAG,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,OAAO,IAAI,EAAE,CAAC;YACtD,OAAO,YAAY,CAAC,IAAI,CAAC,CAAC;QAC5B,CAAC,CAAC,CAAC;IACL,CAAC;IAEO,QAAQ,CACd,QAAgB,EAChB,IAAY,EACZ,OAA+B,EAC/B,IAAY;QAEZ,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,MAAM,GAAG,GAAG,oBAAK,CAAC,OAAO,CACvB,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,EAAE,GAAG,OAAO,EAAE,gBAAgB,EAAE,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,EAAE,EAAE,EACjH,CAAC,GAAG,EAAE,EAAE;gBACN,MAAM,MAAM,GAAa,EAAE,CAAC;gBAC5B,GAAG,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;gBACtD,GAAG,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE;oBACjB,MAAM,MAAM,GAAG,GAAG,CAAC,UAAU,IAAI,CAAC,CAAC;oBACnC,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;oBACvD,IAAI,MAAM,IAAI,GAAG,IAAI,MAAM,GAAG,GAAG,EAAE,CAAC;wBAClC,OAAO,CAAC,MAAM,CAAC,CAAC;oBAClB,CAAC;yBAAM,CAAC;wBACN,MAAM,CAAC,IAAI,KAAK,CAAC,QAAQ,MAAM,KAAK,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC;oBAC/D,CAAC;gBACH,CAAC,CAAC,CAAC;YACL,CAAC,CACF,CAAC;YAEF,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,GAAG,EAAE;gBACzC,GAAG,CAAC,OAAO,CAAC,IAAI,KAAK,CAAC,4BAA4B,IAAI,CAAC,MAAM,CAAC,SAAS,KAAK,CAAC,CAAC,CAAC;YACjF,CAAC,CAAC,CAAC;YAEH,GAAG,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;YACxB,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAChB,CAAC,CAAC,CAAC;IACL,CAAC;CACF;AApKD,kCAoKC;AAED,gBAAgB;AAEhB,SAAS,cAAc,CAAC,IAAY,EAAE,KAAa,EAAE,MAAc;IACjE,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;IAChC,IAAI,GAAG,KAAK,CAAC,CAAC;QAAE,OAAO,KAAK,CAAC;IAC7B,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,GAAG,GAAG,MAAM,CAAC,CAAC;IACxC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,GAAG,KAAK,CAAC,MAAM,GAAG,MAAM,CAAC,CAAC;IAC/D,OAAO,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;AAChC,CAAC;AAED,SAAS,WAAW,CAAC,OAAmB,EAAE,SAAiB,EAAE,OAAe;IAC1E,qEAAqE;IACrE,MAAM,MAAM,GAAG,SAAS,CAAC,MAAM,GAAG,CAAC;QACjC,CAAC,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QAChF,CAAC,CAAC,SAAS,CAAC;IAEd,OAAO;;WAEE,OAAO,CAAC,WAAW,KAAK,OAAO,CAAC,eAAe;mCACvB,MAAM;;;EAGvC,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;;;;qFAI8D,CAAC;AACtF,CAAC;AAED,SAAS,YAAY,CAAC,IAAY;IAChC,wCAAwC;IACxC,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;IAC1C,IAAI,SAAS,EAAE,CAAC;QACd,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;YACxC,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,KAAK,gBAAgB,CAAC,CAAC,CAAC,gBAAgB,CAAC,CAAC,CAAC,WAAW,CAAC;YACrF,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM,IAAI,EAAE,EAAE,CAAC;QAClD,CAAC;QAAC,MAAM,CAAC,CAAC,kBAAkB,CAAC,CAAC;IAChC,CAAC;IAED,8BAA8B;IAC9B,MAAM,KAAK,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;IACjC,IAAI,KAAK,CAAC,QAAQ,CAAC,gBAAgB,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,gBAAgB,CAAC,EAAE,CAAC;QACzE,OAAO,EAAE,OAAO,EAAE,gBAAgB,EAAE,MAAM,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC;IACnE,CAAC;IACD,4CAA4C;IAC5C,OAAO,EAAE,OAAO,EAAE,WAAW,EAAE,MAAM,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC;AAC9D,CAAC"}

package/dist/dlp/engine.d.ts

@@ -0,0 +1,34 @@
+import type { DlpAction, DlpResult } from './actions.js';
+export interface DlpTraceEntry {
+    layer: number;
+    layerName: string;
+    step: string;
+    detail: string;
+    durationMs?: number;
+}
+export interface DlpTrace {
+    entries: DlpTraceEntry[];
+    totalDurationMs: number;
+}
+export interface ContextVerification {
+    /** Reject match if ANY anti-pattern matches in the surrounding context */
+    antiPatterns?: RegExp[];
+    /** Require at least one confirm-pattern to match in surrounding context */
+    confirmPatterns?: RegExp[];
+    /** Reject match if its Shannon entropy is below this threshold */
+    minEntropy?: number;
+    /** Reject match if it appears inside a markdown code block (``` ... ```) */
+    rejectInCodeBlock?: boolean;
+}
+export interface DlpPattern {
+    name: string;
+    category: string;
+    regex: RegExp;
+    description: string;
+    validator?: string;
+    requireContext?: string[];
+    contextVerify?: ContextVerification;
+}
+export declare function getPatterns(categories: string[]): DlpPattern[];
+export declare function scanText(text: string, patterns: DlpPattern[], action: DlpAction, trace?: DlpTrace): DlpResult;
+//# sourceMappingURL=engine.d.ts.map

package/dist/dlp/engine.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"engine.d.ts","sourceRoot":"","sources":["../../src/dlp/engine.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,SAAS,EAAc,SAAS,EAAE,MAAM,cAAc,CAAC;AASrE,MAAM,WAAW,aAAa;IAC5B,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,QAAQ;IACvB,OAAO,EAAE,aAAa,EAAE,CAAC;IACzB,eAAe,EAAE,MAAM,CAAC;CACzB;AAED,MAAM,WAAW,mBAAmB;IAClC,0EAA0E;IAC1E,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,2EAA2E;IAC3E,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAC3B,kEAAkE;IAClE,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,4EAA4E;IAC5E,iBAAiB,CAAC,EAAE,OAAO,CAAC;CAC7B;AAED,MAAM,WAAW,UAAU;IACzB,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;IAC1B,aAAa,CAAC,EAAE,mBAAmB,CAAC;CACrC;AA0HD,wBAAgB,WAAW,CAAC,UAAU,EAAE,MAAM,EAAE,GAAG,UAAU,EAAE,CAQ9D;AAED,wBAAgB,QAAQ,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,UAAU,EAAE,EAAE,MAAM,EAAE,SAAS,EAAE,KAAK,CAAC,EAAE,QAAQ,GAAG,SAAS,CAmO7G"}