@aquaclawai/aquarium 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/agent-types/claude-code/index.d.ts +2 -0
- package/dist/agent-types/claude-code/index.d.ts.map +1 -0
- package/dist/agent-types/claude-code/index.js +2 -0
- package/dist/agent-types/claude-code/index.js.map +1 -0
- package/dist/agent-types/claude-code/manifest.d.ts +3 -0
- package/dist/agent-types/claude-code/manifest.d.ts.map +1 -0
- package/dist/agent-types/claude-code/manifest.js +45 -0
- package/dist/agent-types/claude-code/manifest.js.map +1 -0
- package/dist/agent-types/openclaw/adapter.d.ts +3 -0
- package/dist/agent-types/openclaw/adapter.d.ts.map +1 -0
- package/dist/agent-types/openclaw/adapter.js +714 -0
- package/dist/agent-types/openclaw/adapter.js.map +1 -0
- package/dist/agent-types/openclaw/gateway-rpc.d.ts +21 -0
- package/dist/agent-types/openclaw/gateway-rpc.d.ts.map +1 -0
- package/dist/agent-types/openclaw/gateway-rpc.js +202 -0
- package/dist/agent-types/openclaw/gateway-rpc.js.map +1 -0
- package/dist/agent-types/openclaw/index.d.ts +3 -0
- package/dist/agent-types/openclaw/index.d.ts.map +1 -0
- package/dist/agent-types/openclaw/index.js +3 -0
- package/dist/agent-types/openclaw/index.js.map +1 -0
- package/dist/agent-types/openclaw/manifest.d.ts +137 -0
- package/dist/agent-types/openclaw/manifest.d.ts.map +1 -0
- package/dist/agent-types/openclaw/manifest.js +191 -0
- package/dist/agent-types/openclaw/manifest.js.map +1 -0
- package/dist/agent-types/openclaw/provider-registry.d.ts +46 -0
- package/dist/agent-types/openclaw/provider-registry.d.ts.map +1 -0
- package/dist/agent-types/openclaw/provider-registry.js +108 -0
- package/dist/agent-types/openclaw/provider-registry.js.map +1 -0
- package/dist/agent-types/openclaw/reverse-adapter.d.ts +7 -0
- package/dist/agent-types/openclaw/reverse-adapter.d.ts.map +1 -0
- package/dist/agent-types/openclaw/reverse-adapter.js +528 -0
- package/dist/agent-types/openclaw/reverse-adapter.js.map +1 -0
- package/dist/agent-types/openclaw/security-profiles.d.ts +21 -0
- package/dist/agent-types/openclaw/security-profiles.d.ts.map +1 -0
- package/dist/agent-types/openclaw/security-profiles.js +251 -0
- package/dist/agent-types/openclaw/security-profiles.js.map +1 -0
- package/dist/agent-types/openclaw/workspace-templates.d.ts +2 -0
- package/dist/agent-types/openclaw/workspace-templates.d.ts.map +1 -0
- package/dist/agent-types/openclaw/workspace-templates.js +363 -0
- package/dist/agent-types/openclaw/workspace-templates.js.map +1 -0
- package/dist/agent-types/opencode/index.d.ts +2 -0
- package/dist/agent-types/opencode/index.d.ts.map +1 -0
- package/dist/agent-types/opencode/index.js +2 -0
- package/dist/agent-types/opencode/index.js.map +1 -0
- package/dist/agent-types/opencode/manifest.d.ts +3 -0
- package/dist/agent-types/opencode/manifest.d.ts.map +1 -0
- package/dist/agent-types/opencode/manifest.js +63 -0
- package/dist/agent-types/opencode/manifest.js.map +1 -0
- package/dist/agent-types/registry.d.ts +4 -0
- package/dist/agent-types/registry.d.ts.map +1 -0
- package/dist/agent-types/registry.js +24 -0
- package/dist/agent-types/registry.js.map +1 -0
- package/dist/agent-types/types.d.ts +169 -0
- package/dist/agent-types/types.d.ts.map +1 -0
- package/dist/agent-types/types.js +2 -0
- package/dist/agent-types/types.js.map +1 -0
- package/dist/cli.d.ts +3 -0
- package/dist/cli.d.ts.map +1 -0
- package/dist/cli.js +72 -0
- package/dist/cli.js.map +1 -0
- package/dist/config.d.ts +68 -0
- package/dist/config.d.ts.map +1 -0
- package/dist/config.js +98 -0
- package/dist/config.js.map +1 -0
- package/dist/db/adapter.d.ts +21 -0
- package/dist/db/adapter.d.ts.map +1 -0
- package/dist/db/adapter.js +11 -0
- package/dist/db/adapter.js.map +1 -0
- package/dist/db/index.d.ts +4 -0
- package/dist/db/index.d.ts.map +1 -0
- package/dist/db/index.js +5 -0
- package/dist/db/index.js.map +1 -0
- package/dist/db/knexfile.d.ts +5 -0
- package/dist/db/knexfile.d.ts.map +1 -0
- package/dist/db/knexfile.js +34 -0
- package/dist/db/knexfile.js.map +1 -0
- package/dist/db/migration-helpers.d.ts +45 -0
- package/dist/db/migration-helpers.d.ts.map +1 -0
- package/dist/db/migration-helpers.js +90 -0
- package/dist/db/migration-helpers.js.map +1 -0
- package/dist/db/migrations/001_initial.d.ts +4 -0
- package/dist/db/migrations/001_initial.d.ts.map +1 -0
- package/dist/db/migrations/001_initial.js +56 -0
- package/dist/db/migrations/001_initial.js.map +1 -0
- package/dist/db/migrations/002_instance_config.d.ts +4 -0
- package/dist/db/migrations/002_instance_config.d.ts.map +1 -0
- package/dist/db/migrations/002_instance_config.js +12 -0
- package/dist/db/migrations/002_instance_config.js.map +1 -0
- package/dist/db/migrations/003_instance_status_message.d.ts +4 -0
- package/dist/db/migrations/003_instance_status_message.d.ts.map +1 -0
- package/dist/db/migrations/003_instance_status_message.js +11 -0
- package/dist/db/migrations/003_instance_status_message.js.map +1 -0
- package/dist/db/migrations/004_templates.d.ts +4 -0
- package/dist/db/migrations/004_templates.d.ts.map +1 -0
- package/dist/db/migrations/004_templates.js +95 -0
- package/dist/db/migrations/004_templates.js.map +1 -0
- package/dist/db/migrations/005_group_chats.d.ts +4 -0
- package/dist/db/migrations/005_group_chats.d.ts.map +1 -0
- package/dist/db/migrations/005_group_chats.js +66 -0
- package/dist/db/migrations/005_group_chats.js.map +1 -0
- package/dist/db/migrations/006_template_setup.d.ts +4 -0
- package/dist/db/migrations/006_template_setup.d.ts.map +1 -0
- package/dist/db/migrations/006_template_setup.js +14 -0
- package/dist/db/migrations/006_template_setup.js.map +1 -0
- package/dist/db/migrations/007_group_chat_v2.d.ts +4 -0
- package/dist/db/migrations/007_group_chat_v2.d.ts.map +1 -0
- package/dist/db/migrations/007_group_chat_v2.js +59 -0
- package/dist/db/migrations/007_group_chat_v2.js.map +1 -0
- package/dist/db/migrations/008_default_provider_openrouter.d.ts +4 -0
- package/dist/db/migrations/008_default_provider_openrouter.d.ts.map +1 -0
- package/dist/db/migrations/008_default_provider_openrouter.js +33 -0
- package/dist/db/migrations/008_default_provider_openrouter.js.map +1 -0
- package/dist/db/migrations/009_opencode_default_provider_openrouter.d.ts +4 -0
- package/dist/db/migrations/009_opencode_default_provider_openrouter.d.ts.map +1 -0
- package/dist/db/migrations/009_opencode_default_provider_openrouter.js +33 -0
- package/dist/db/migrations/009_opencode_default_provider_openrouter.js.map +1 -0
- package/dist/db/migrations/010_fix_null_default_provider.d.ts +4 -0
- package/dist/db/migrations/010_fix_null_default_provider.d.ts.map +1 -0
- package/dist/db/migrations/010_fix_null_default_provider.js +24 -0
- package/dist/db/migrations/010_fix_null_default_provider.js.map +1 -0
- package/dist/db/migrations/011_snapshots.d.ts +4 -0
- package/dist/db/migrations/011_snapshots.d.ts.map +1 -0
- package/dist/db/migrations/011_snapshots.js +27 -0
- package/dist/db/migrations/011_snapshots.js.map +1 -0
- package/dist/db/migrations/013_official_templates.d.ts +4 -0
- package/dist/db/migrations/013_official_templates.d.ts.map +1 -0
- package/dist/db/migrations/013_official_templates.js +173 -0
- package/dist/db/migrations/013_official_templates.js.map +1 -0
- package/dist/db/migrations/014_notifications.d.ts +4 -0
- package/dist/db/migrations/014_notifications.d.ts.map +1 -0
- package/dist/db/migrations/014_notifications.js +45 -0
- package/dist/db/migrations/014_notifications.js.map +1 -0
- package/dist/db/migrations/015_security_profile.d.ts +4 -0
- package/dist/db/migrations/015_security_profile.d.ts.map +1 -0
- package/dist/db/migrations/015_security_profile.js +14 -0
- package/dist/db/migrations/015_security_profile.js.map +1 -0
- package/dist/db/migrations/016_template_security.d.ts +4 -0
- package/dist/db/migrations/016_template_security.d.ts.map +1 -0
- package/dist/db/migrations/016_template_security.js +12 -0
- package/dist/db/migrations/016_template_security.js.map +1 -0
- package/dist/db/migrations/017_auth_events.d.ts +4 -0
- package/dist/db/migrations/017_auth_events.d.ts.map +1 -0
- package/dist/db/migrations/017_auth_events.js +19 -0
- package/dist/db/migrations/017_auth_events.js.map +1 -0
- package/dist/db/migrations/018_skill_market.d.ts +4 -0
- package/dist/db/migrations/018_skill_market.d.ts.map +1 -0
- package/dist/db/migrations/018_skill_market.js +21 -0
- package/dist/db/migrations/018_skill_market.js.map +1 -0
- package/dist/db/migrations/019_credential_audit_log.d.ts +4 -0
- package/dist/db/migrations/019_credential_audit_log.d.ts.map +1 -0
- package/dist/db/migrations/019_credential_audit_log.js +19 -0
- package/dist/db/migrations/019_credential_audit_log.js.map +1 -0
- package/dist/db/migrations/020_template_security_score.d.ts +4 -0
- package/dist/db/migrations/020_template_security_score.d.ts.map +1 -0
- package/dist/db/migrations/020_template_security_score.js +31 -0
- package/dist/db/migrations/020_template_security_score.js.map +1 -0
- package/dist/db/migrations/021_credential_enhancements.d.ts +4 -0
- package/dist/db/migrations/021_credential_enhancements.d.ts.map +1 -0
- package/dist/db/migrations/021_credential_enhancements.js +15 -0
- package/dist/db/migrations/021_credential_enhancements.js.map +1 -0
- package/dist/db/migrations/021_user_roles.d.ts +4 -0
- package/dist/db/migrations/021_user_roles.d.ts.map +1 -0
- package/dist/db/migrations/021_user_roles.js +11 -0
- package/dist/db/migrations/021_user_roles.js.map +1 -0
- package/dist/db/migrations/022_config_hash.d.ts +4 -0
- package/dist/db/migrations/022_config_hash.d.ts.map +1 -0
- package/dist/db/migrations/022_config_hash.js +11 -0
- package/dist/db/migrations/022_config_hash.js.map +1 -0
- package/dist/db/migrations/023_account_security.d.ts +4 -0
- package/dist/db/migrations/023_account_security.d.ts.map +1 -0
- package/dist/db/migrations/023_account_security.js +22 -0
- package/dist/db/migrations/023_account_security.js.map +1 -0
- package/dist/db/migrations/024_wizard_configs.d.ts +4 -0
- package/dist/db/migrations/024_wizard_configs.d.ts.map +1 -0
- package/dist/db/migrations/024_wizard_configs.js +165 -0
- package/dist/db/migrations/024_wizard_configs.js.map +1 -0
- package/dist/db/migrations/025_auth_dual_mode.d.ts +4 -0
- package/dist/db/migrations/025_auth_dual_mode.d.ts.map +1 -0
- package/dist/db/migrations/025_auth_dual_mode.js +19 -0
- package/dist/db/migrations/025_auth_dual_mode.js.map +1 -0
- package/dist/db/migrations/027_add_avatar_to_instances.d.ts +4 -0
- package/dist/db/migrations/027_add_avatar_to_instances.d.ts.map +1 -0
- package/dist/db/migrations/027_add_avatar_to_instances.js +11 -0
- package/dist/db/migrations/027_add_avatar_to_instances.js.map +1 -0
- package/dist/db/migrations/027_add_clerk_id.d.ts +4 -0
- package/dist/db/migrations/027_add_clerk_id.d.ts.map +1 -0
- package/dist/db/migrations/027_add_clerk_id.js +11 -0
- package/dist/db/migrations/027_add_clerk_id.js.map +1 -0
- package/dist/db/migrations/028_template_plugin_dependencies.d.ts +4 -0
- package/dist/db/migrations/028_template_plugin_dependencies.d.ts.map +1 -0
- package/dist/db/migrations/028_template_plugin_dependencies.js +18 -0
- package/dist/db/migrations/028_template_plugin_dependencies.js.map +1 -0
- package/dist/db/migrations/029_remap_orphan_config_keys.d.ts +21 -0
- package/dist/db/migrations/029_remap_orphan_config_keys.d.ts.map +1 -0
- package/dist/db/migrations/029_remap_orphan_config_keys.js +63 -0
- package/dist/db/migrations/029_remap_orphan_config_keys.js.map +1 -0
- package/dist/db/migrations/030_extend_notification_types.d.ts +4 -0
- package/dist/db/migrations/030_extend_notification_types.d.ts.map +1 -0
- package/dist/db/migrations/030_extend_notification_types.js +10 -0
- package/dist/db/migrations/030_extend_notification_types.js.map +1 -0
- package/dist/db/migrations/031_default_security_profile_developer.d.ts +9 -0
- package/dist/db/migrations/031_default_security_profile_developer.d.ts.map +1 -0
- package/dist/db/migrations/031_default_security_profile_developer.js +22 -0
- package/dist/db/migrations/031_default_security_profile_developer.js.map +1 -0
- package/dist/db/migrations/032_geo_template.d.ts +4 -0
- package/dist/db/migrations/032_geo_template.d.ts.map +1 -0
- package/dist/db/migrations/032_geo_template.js +133 -0
- package/dist/db/migrations/032_geo_template.js.map +1 -0
- package/dist/db/migrations/033_jinko_travel_template.d.ts +4 -0
- package/dist/db/migrations/033_jinko_travel_template.d.ts.map +1 -0
- package/dist/db/migrations/033_jinko_travel_template.js +126 -0
- package/dist/db/migrations/033_jinko_travel_template.js.map +1 -0
- package/dist/db/postgres-adapter.d.ts +13 -0
- package/dist/db/postgres-adapter.d.ts.map +1 -0
- package/dist/db/postgres-adapter.js +27 -0
- package/dist/db/postgres-adapter.js.map +1 -0
- package/dist/db/run-migrations.d.ts +2 -0
- package/dist/db/run-migrations.d.ts.map +1 -0
- package/dist/db/run-migrations.js +26 -0
- package/dist/db/run-migrations.js.map +1 -0
- package/dist/db/sqlite-adapter.d.ts +13 -0
- package/dist/db/sqlite-adapter.d.ts.map +1 -0
- package/dist/db/sqlite-adapter.js +29 -0
- package/dist/db/sqlite-adapter.js.map +1 -0
- package/dist/ee/litellm/litellm-key-manager.d.ts +16 -0
- package/dist/ee/litellm/litellm-key-manager.d.ts.map +1 -0
- package/dist/ee/litellm/litellm-key-manager.js +16 -0
- package/dist/ee/litellm/litellm-key-manager.js.map +1 -0
- package/dist/ee/litellm/litellm-model-seeder.d.ts +6 -0
- package/dist/ee/litellm/litellm-model-seeder.d.ts.map +1 -0
- package/dist/ee/litellm/litellm-model-seeder.js +6 -0
- package/dist/ee/litellm/litellm-model-seeder.js.map +1 -0
- package/dist/index.ce.d.ts +2 -0
- package/dist/index.ce.d.ts.map +1 -0
- package/dist/index.ce.js +12 -0
- package/dist/index.ce.js.map +1 -0
- package/dist/middleware/auth.d.ts +30 -0
- package/dist/middleware/auth.d.ts.map +1 -0
- package/dist/middleware/auth.js +86 -0
- package/dist/middleware/auth.js.map +1 -0
- package/dist/middleware/dynamic-middleware.d.ts +7 -0
- package/dist/middleware/dynamic-middleware.d.ts.map +1 -0
- package/dist/middleware/dynamic-middleware.js +46 -0
- package/dist/middleware/dynamic-middleware.js.map +1 -0
- package/dist/middleware/log-redaction.d.ts +2 -0
- package/dist/middleware/log-redaction.d.ts.map +1 -0
- package/dist/middleware/log-redaction.js +56 -0
- package/dist/middleware/log-redaction.js.map +1 -0
- package/dist/routes/admin.d.ts +3 -0
- package/dist/routes/admin.d.ts.map +1 -0
- package/dist/routes/admin.js +491 -0
- package/dist/routes/admin.js.map +1 -0
- package/dist/routes/agent-types.d.ts +3 -0
- package/dist/routes/agent-types.d.ts.map +1 -0
- package/dist/routes/agent-types.js +85 -0
- package/dist/routes/agent-types.js.map +1 -0
- package/dist/routes/auth.d.ts +3 -0
- package/dist/routes/auth.d.ts.map +1 -0
- package/dist/routes/auth.js +242 -0
- package/dist/routes/auth.js.map +1 -0
- package/dist/routes/channels.d.ts +3 -0
- package/dist/routes/channels.d.ts.map +1 -0
- package/dist/routes/channels.js +527 -0
- package/dist/routes/channels.js.map +1 -0
- package/dist/routes/credentials.d.ts +3 -0
- package/dist/routes/credentials.d.ts.map +1 -0
- package/dist/routes/credentials.js +81 -0
- package/dist/routes/credentials.js.map +1 -0
- package/dist/routes/dashboard.d.ts +3 -0
- package/dist/routes/dashboard.d.ts.map +1 -0
- package/dist/routes/dashboard.js +75 -0
- package/dist/routes/dashboard.js.map +1 -0
- package/dist/routes/exec-approval.d.ts +3 -0
- package/dist/routes/exec-approval.d.ts.map +1 -0
- package/dist/routes/exec-approval.js +60 -0
- package/dist/routes/exec-approval.js.map +1 -0
- package/dist/routes/group-chats.d.ts +3 -0
- package/dist/routes/group-chats.d.ts.map +1 -0
- package/dist/routes/group-chats.js +190 -0
- package/dist/routes/group-chats.js.map +1 -0
- package/dist/routes/instance-files.d.ts +3 -0
- package/dist/routes/instance-files.d.ts.map +1 -0
- package/dist/routes/instance-files.js +255 -0
- package/dist/routes/instance-files.js.map +1 -0
- package/dist/routes/instance-proxy.d.ts +40 -0
- package/dist/routes/instance-proxy.d.ts.map +1 -0
- package/dist/routes/instance-proxy.js +318 -0
- package/dist/routes/instance-proxy.js.map +1 -0
- package/dist/routes/instances.d.ts +3 -0
- package/dist/routes/instances.d.ts.map +1 -0
- package/dist/routes/instances.js +325 -0
- package/dist/routes/instances.js.map +1 -0
- package/dist/routes/metadata.d.ts +3 -0
- package/dist/routes/metadata.d.ts.map +1 -0
- package/dist/routes/metadata.js +13 -0
- package/dist/routes/metadata.js.map +1 -0
- package/dist/routes/notifications.d.ts +3 -0
- package/dist/routes/notifications.d.ts.map +1 -0
- package/dist/routes/notifications.js +104 -0
- package/dist/routes/notifications.js.map +1 -0
- package/dist/routes/oauth.d.ts +3 -0
- package/dist/routes/oauth.d.ts.map +1 -0
- package/dist/routes/oauth.js +516 -0
- package/dist/routes/oauth.js.map +1 -0
- package/dist/routes/rpc-proxy.d.ts +3 -0
- package/dist/routes/rpc-proxy.d.ts.map +1 -0
- package/dist/routes/rpc-proxy.js +116 -0
- package/dist/routes/rpc-proxy.js.map +1 -0
- package/dist/routes/security.d.ts +3 -0
- package/dist/routes/security.d.ts.map +1 -0
- package/dist/routes/security.js +43 -0
- package/dist/routes/security.js.map +1 -0
- package/dist/routes/skills.d.ts +3 -0
- package/dist/routes/skills.d.ts.map +1 -0
- package/dist/routes/skills.js +48 -0
- package/dist/routes/skills.js.map +1 -0
- package/dist/routes/snapshots.d.ts +3 -0
- package/dist/routes/snapshots.d.ts.map +1 -0
- package/dist/routes/snapshots.js +99 -0
- package/dist/routes/snapshots.js.map +1 -0
- package/dist/routes/system-config.d.ts +3 -0
- package/dist/routes/system-config.d.ts.map +1 -0
- package/dist/routes/system-config.js +75 -0
- package/dist/routes/system-config.js.map +1 -0
- package/dist/routes/templates.d.ts +3 -0
- package/dist/routes/templates.d.ts.map +1 -0
- package/dist/routes/templates.js +256 -0
- package/dist/routes/templates.js.map +1 -0
- package/dist/routes/ui-proxy.d.ts +3 -0
- package/dist/routes/ui-proxy.d.ts.map +1 -0
- package/dist/routes/ui-proxy.js +90 -0
- package/dist/routes/ui-proxy.js.map +1 -0
- package/dist/routes/user-credentials.d.ts +3 -0
- package/dist/routes/user-credentials.d.ts.map +1 -0
- package/dist/routes/user-credentials.js +85 -0
- package/dist/routes/user-credentials.js.map +1 -0
- package/dist/routes/users.d.ts +3 -0
- package/dist/routes/users.d.ts.map +1 -0
- package/dist/routes/users.js +30 -0
- package/dist/routes/users.js.map +1 -0
- package/dist/runtime/docker.d.ts +37 -0
- package/dist/runtime/docker.d.ts.map +1 -0
- package/dist/runtime/docker.js +612 -0
- package/dist/runtime/docker.js.map +1 -0
- package/dist/runtime/factory.d.ts +4 -0
- package/dist/runtime/factory.d.ts.map +1 -0
- package/dist/runtime/factory.js +21 -0
- package/dist/runtime/factory.js.map +1 -0
- package/dist/runtime/kubernetes.d.ts +34 -0
- package/dist/runtime/kubernetes.d.ts.map +1 -0
- package/dist/runtime/kubernetes.js +513 -0
- package/dist/runtime/kubernetes.js.map +1 -0
- package/dist/runtime/types.d.ts +81 -0
- package/dist/runtime/types.d.ts.map +1 -0
- package/dist/runtime/types.js +2 -0
- package/dist/runtime/types.js.map +1 -0
- package/dist/server-core.d.ts +26 -0
- package/dist/server-core.d.ts.map +1 -0
- package/dist/server-core.js +184 -0
- package/dist/server-core.js.map +1 -0
- package/dist/services/config-diff.d.ts +6 -0
- package/dist/services/config-diff.d.ts.map +1 -0
- package/dist/services/config-diff.js +85 -0
- package/dist/services/config-diff.js.map +1 -0
- package/dist/services/config-field-meta.d.ts +22 -0
- package/dist/services/config-field-meta.d.ts.map +1 -0
- package/dist/services/config-field-meta.js +177 -0
- package/dist/services/config-field-meta.js.map +1 -0
- package/dist/services/config-validator.d.ts +8 -0
- package/dist/services/config-validator.d.ts.map +1 -0
- package/dist/services/config-validator.js +59 -0
- package/dist/services/config-validator.js.map +1 -0
- package/dist/services/credential-audit.d.ts +13 -0
- package/dist/services/credential-audit.d.ts.map +1 -0
- package/dist/services/credential-audit.js +18 -0
- package/dist/services/credential-audit.js.map +1 -0
- package/dist/services/credential-store.d.ts +28 -0
- package/dist/services/credential-store.d.ts.map +1 -0
- package/dist/services/credential-store.js +99 -0
- package/dist/services/credential-store.js.map +1 -0
- package/dist/services/dlp-scanner.d.ts +9 -0
- package/dist/services/dlp-scanner.d.ts.map +1 -0
- package/dist/services/dlp-scanner.js +90 -0
- package/dist/services/dlp-scanner.js.map +1 -0
- package/dist/services/gateway-event-relay.d.ts +53 -0
- package/dist/services/gateway-event-relay.d.ts.map +1 -0
- package/dist/services/gateway-event-relay.js +519 -0
- package/dist/services/gateway-event-relay.js.map +1 -0
- package/dist/services/group-chat-manager.d.ts +17 -0
- package/dist/services/group-chat-manager.d.ts.map +1 -0
- package/dist/services/group-chat-manager.js +613 -0
- package/dist/services/group-chat-manager.js.map +1 -0
- package/dist/services/health-monitor.d.ts +3 -0
- package/dist/services/health-monitor.d.ts.map +1 -0
- package/dist/services/health-monitor.js +342 -0
- package/dist/services/health-monitor.js.map +1 -0
- package/dist/services/instance-manager.d.ts +20 -0
- package/dist/services/instance-manager.d.ts.map +1 -0
- package/dist/services/instance-manager.js +833 -0
- package/dist/services/instance-manager.js.map +1 -0
- package/dist/services/metadata-store.d.ts +3 -0
- package/dist/services/metadata-store.d.ts.map +1 -0
- package/dist/services/metadata-store.js +34 -0
- package/dist/services/metadata-store.js.map +1 -0
- package/dist/services/notification-store.d.ts +24 -0
- package/dist/services/notification-store.d.ts.map +1 -0
- package/dist/services/notification-store.js +216 -0
- package/dist/services/notification-store.js.map +1 -0
- package/dist/services/openrouter-models.d.ts +13 -0
- package/dist/services/openrouter-models.d.ts.map +1 -0
- package/dist/services/openrouter-models.js +46 -0
- package/dist/services/openrouter-models.js.map +1 -0
- package/dist/services/output-filter.d.ts +8 -0
- package/dist/services/output-filter.d.ts.map +1 -0
- package/dist/services/output-filter.js +230 -0
- package/dist/services/output-filter.js.map +1 -0
- package/dist/services/prompt-guard.d.ts +6 -0
- package/dist/services/prompt-guard.d.ts.map +1 -0
- package/dist/services/prompt-guard.js +165 -0
- package/dist/services/prompt-guard.js.map +1 -0
- package/dist/services/security-event-service.d.ts +11 -0
- package/dist/services/security-event-service.d.ts.map +1 -0
- package/dist/services/security-event-service.js +201 -0
- package/dist/services/security-event-service.js.map +1 -0
- package/dist/services/snapshot-store.d.ts +21 -0
- package/dist/services/snapshot-store.d.ts.map +1 -0
- package/dist/services/snapshot-store.js +330 -0
- package/dist/services/snapshot-store.js.map +1 -0
- package/dist/services/system-config.d.ts +15 -0
- package/dist/services/system-config.d.ts.map +1 -0
- package/dist/services/system-config.js +80 -0
- package/dist/services/system-config.js.map +1 -0
- package/dist/services/template-file-format.d.ts +32 -0
- package/dist/services/template-file-format.d.ts.map +1 -0
- package/dist/services/template-file-format.js +125 -0
- package/dist/services/template-file-format.js.map +1 -0
- package/dist/services/template-store.d.ts +21 -0
- package/dist/services/template-store.d.ts.map +1 -0
- package/dist/services/template-store.js +701 -0
- package/dist/services/template-store.js.map +1 -0
- package/dist/services/user-credential-store.d.ts +20 -0
- package/dist/services/user-credential-store.d.ts.map +1 -0
- package/dist/services/user-credential-store.js +243 -0
- package/dist/services/user-credential-store.js.map +1 -0
- package/dist/services/wizard-config-store.d.ts +38 -0
- package/dist/services/wizard-config-store.d.ts.map +1 -0
- package/dist/services/wizard-config-store.js +70 -0
- package/dist/services/wizard-config-store.js.map +1 -0
- package/dist/web-dist/assets/AdminPage-BrAU67Dg.js +1 -0
- package/dist/web-dist/assets/AgentAvatar-BKJckc1W.js +1 -0
- package/dist/web-dist/assets/AgentAvatar-Cq-M5jMd.css +1 -0
- package/dist/web-dist/assets/AppLayout-Bf0v_2wK.css +1 -0
- package/dist/web-dist/assets/AppLayout-DXgV0atq.js +1 -0
- package/dist/web-dist/assets/AssistantChatPage-uVLgKLay.js +6 -0
- package/dist/web-dist/assets/AssistantEditPage-Bab1X-DA.js +1 -0
- package/dist/web-dist/assets/AssistantVersionsPage-BQRw3BUF.js +1 -0
- package/dist/web-dist/assets/AvatarPicker-DmnkD8Rb.js +1 -0
- package/dist/web-dist/assets/AvatarPicker-LHUepNFa.css +1 -0
- package/dist/web-dist/assets/CeAuthProvider-38_x9VGA.js +1 -0
- package/dist/web-dist/assets/ChatHubPage-2l4cKq0x.css +1 -0
- package/dist/web-dist/assets/ChatHubPage-B2WduoUM.js +1 -0
- package/dist/web-dist/assets/ChatTab-CHpjEu8M.js +6 -0
- package/dist/web-dist/assets/CreateWizardPage-DFEQ3VX3.js +47 -0
- package/dist/web-dist/assets/CreateWizardPage-IqNXDOER.css +1 -0
- package/dist/web-dist/assets/CredentialsPage-CDeXpnLG.js +1 -0
- package/dist/web-dist/assets/CredentialsPage-aI4kLoJD.css +1 -0
- package/dist/web-dist/assets/DocsAboutPage-CMbxiw1u.js +26 -0
- package/dist/web-dist/assets/DocsChannelsPage-CtmKYKK_.js +1 -0
- package/dist/web-dist/assets/DocsGettingStartedPage-CpM7o8sw.js +1 -0
- package/dist/web-dist/assets/DocsGroupChatsPage-7w-RVSJR.js +1 -0
- package/dist/web-dist/assets/DocsHomePage-BGEU5xBg.js +1 -0
- package/dist/web-dist/assets/DocsInstancesPage-Sewnw_x7.js +1 -0
- package/dist/web-dist/assets/DocsLayout-S7-ONZwP.js +1 -0
- package/dist/web-dist/assets/DocsProvidersPage-MeWneL5K.js +1 -0
- package/dist/web-dist/assets/DocsSkillsPage-CzsHPXxE.js +1 -0
- package/dist/web-dist/assets/DocsTemplatesPage-BXASAEoO.js +1 -0
- package/dist/web-dist/assets/DocsWorkspacePage-qYNeK_YS.js +24 -0
- package/dist/web-dist/assets/ExportWizardPage-BhNvovbU.js +3 -0
- package/dist/web-dist/assets/ExportWizardPage-Cp-KSYUy.css +1 -0
- package/dist/web-dist/assets/GoogleOAuthCallback-CBvLawe2.js +1 -0
- package/dist/web-dist/assets/GroupChatPage-rMfhmtsX.js +1 -0
- package/dist/web-dist/assets/GroupChatsListPage-BOwxHFfA.js +1 -0
- package/dist/web-dist/assets/InstancePage-BBL68DKB.js +1 -0
- package/dist/web-dist/assets/InstancePage-CzysRY40.css +1 -0
- package/dist/web-dist/assets/MyAssistantsPage-B808ZfHg.css +1 -0
- package/dist/web-dist/assets/MyAssistantsPage-q3-hNMth.js +1 -0
- package/dist/web-dist/assets/ProfilePage-Dx8YdU59.js +1 -0
- package/dist/web-dist/assets/ProfilePage-JMOkUDx7.css +1 -0
- package/dist/web-dist/assets/SessionDrawer-Ba7pbZDJ.css +1 -0
- package/dist/web-dist/assets/SessionDrawer-CXzEQAfF.js +1 -0
- package/dist/web-dist/assets/SystemConfigPage-4dvxADwi.js +1 -0
- package/dist/web-dist/assets/SystemConfigPage-DRqVfLGt.css +1 -0
- package/dist/web-dist/assets/TemplatesPage-DqXuG-Gy.css +1 -0
- package/dist/web-dist/assets/TemplatesPage-HMS__ODO.js +1 -0
- package/dist/web-dist/assets/TestLoginPage-xVQL0lYP.js +1 -0
- package/dist/web-dist/assets/ThemeToggle-DymKEYXG.js +1 -0
- package/dist/web-dist/assets/WorkbenchPage-Bymo4SSt.css +1 -0
- package/dist/web-dist/assets/WorkbenchPage-ST3hVrbL.js +33 -0
- package/dist/web-dist/assets/api-B5psysvQ.js +1 -0
- package/dist/web-dist/assets/clock-dRyRszad.js +1 -0
- package/dist/web-dist/assets/createLucideIcon-DiGX-lN4.js +1 -0
- package/dist/web-dist/assets/group-chat-9BaA9G_8.css +1 -0
- package/dist/web-dist/assets/index-BqzqZJ96.js +26 -0
- package/dist/web-dist/assets/index-DyrDN1Of.css +1 -0
- package/dist/web-dist/assets/index-wWimwgy7.js +1 -0
- package/dist/web-dist/assets/provider-display-BgrE7u33.js +1 -0
- package/dist/web-dist/assets/types-1lNWpzYk.js +57 -0
- package/dist/web-dist/assets/types-B6ttO-6G.css +1 -0
- package/dist/web-dist/assets/useTranslation-B-8kenfJ.js +1 -0
- package/dist/web-dist/assets/zap-CVBnETFW.js +1 -0
- package/dist/web-dist/index.html +31 -0
- package/dist/web-dist/vite.svg +1 -0
- package/dist/ws/index.d.ts +7 -0
- package/dist/ws/index.d.ts.map +1 -0
- package/dist/ws/index.js +112 -0
- package/dist/ws/index.js.map +1 -0
- package/package.json +54 -0
|
@@ -0,0 +1,230 @@
|
|
|
1
|
+
const REDACTED = '[REDACTED]';
|
|
2
|
+
const BLOCKED_MESSAGE = '[此消息因包含敏感信息被安全策略拦截]';
|
|
3
|
+
// min credential length to index (avoid short-value false positives)
|
|
4
|
+
const MIN_CREDENTIAL_LENGTH = 8;
|
|
5
|
+
// Min chunk length for workspace content indexing (avoids false positives on short common phrases)
|
|
6
|
+
const MIN_WORKSPACE_CHUNK_LENGTH = 40;
|
|
7
|
+
// Number of chunk matches required to consider it a system prompt dump
|
|
8
|
+
const WORKSPACE_CHUNK_MATCH_THRESHOLD = 3;
|
|
9
|
+
// ── Credential Index (in-memory, per instance) ──
|
|
10
|
+
const credentialIndexes = new Map();
|
|
11
|
+
export function buildCredentialIndex(instanceId, credentialValues) {
|
|
12
|
+
const index = new Set();
|
|
13
|
+
for (const value of credentialValues) {
|
|
14
|
+
if (value.length >= MIN_CREDENTIAL_LENGTH) {
|
|
15
|
+
index.add(value);
|
|
16
|
+
}
|
|
17
|
+
}
|
|
18
|
+
if (index.size > 0) {
|
|
19
|
+
credentialIndexes.set(instanceId, index);
|
|
20
|
+
}
|
|
21
|
+
}
|
|
22
|
+
export function clearCredentialIndex(instanceId) {
|
|
23
|
+
credentialIndexes.delete(instanceId);
|
|
24
|
+
}
|
|
25
|
+
export function getCredentialIndex(instanceId) {
|
|
26
|
+
return credentialIndexes.get(instanceId);
|
|
27
|
+
}
|
|
28
|
+
// ── Workspace Content Index (per instance) ──
|
|
29
|
+
// Stores meaningful text chunks from workspace files (SOUL.md, AGENTS.md, etc.)
|
|
30
|
+
// so the output filter can detect when the AI dumps its system prompt verbatim.
|
|
31
|
+
const workspaceContentIndexes = new Map();
|
|
32
|
+
function extractChunks(content, minLength) {
|
|
33
|
+
const chunks = [];
|
|
34
|
+
const lines = content.split('\n');
|
|
35
|
+
for (const line of lines) {
|
|
36
|
+
const trimmed = line.trim();
|
|
37
|
+
if (trimmed.length >= minLength && !trimmed.startsWith('#') && !trimmed.startsWith('<!--') && !trimmed.startsWith('```')) {
|
|
38
|
+
chunks.push(trimmed);
|
|
39
|
+
}
|
|
40
|
+
}
|
|
41
|
+
return chunks;
|
|
42
|
+
}
|
|
43
|
+
export function buildWorkspaceContentIndex(instanceId, workspaceFiles) {
|
|
44
|
+
const allChunks = [];
|
|
45
|
+
for (const content of Object.values(workspaceFiles)) {
|
|
46
|
+
if (content) {
|
|
47
|
+
allChunks.push(...extractChunks(content, MIN_WORKSPACE_CHUNK_LENGTH));
|
|
48
|
+
}
|
|
49
|
+
}
|
|
50
|
+
if (allChunks.length > 0) {
|
|
51
|
+
workspaceContentIndexes.set(instanceId, allChunks);
|
|
52
|
+
}
|
|
53
|
+
}
|
|
54
|
+
export function clearWorkspaceContentIndex(instanceId) {
|
|
55
|
+
workspaceContentIndexes.delete(instanceId);
|
|
56
|
+
}
|
|
57
|
+
// ── API Key patterns (compiled once) ──
|
|
58
|
+
const API_KEY_PATTERNS = [
|
|
59
|
+
{ re: /sk-[A-Za-z0-9]{20,}/g, label: 'OpenAI' },
|
|
60
|
+
{ re: /sk-ant-[A-Za-z0-9-]{20,}/g, label: 'Anthropic' },
|
|
61
|
+
{ re: /ghp_[A-Za-z0-9]{36,}/g, label: 'GitHub PAT' },
|
|
62
|
+
{ re: /gho_[A-Za-z0-9]{36,}/g, label: 'GitHub OAuth' },
|
|
63
|
+
{ re: /github_pat_[A-Za-z0-9_]{22,}/g, label: 'GitHub Fine-grained PAT' },
|
|
64
|
+
{ re: /AKIA[0-9A-Z]{16}/g, label: 'AWS Access Key' },
|
|
65
|
+
{ re: /xoxb-[0-9]{10,}-[0-9]+-[A-Za-z0-9]+/g, label: 'Slack Bot Token' },
|
|
66
|
+
{ re: /xoxp-[0-9]{10,}-[0-9]+-[0-9]+-[a-f0-9]+/g, label: 'Slack User Token' },
|
|
67
|
+
{ re: /(?<=^|[^A-Za-z0-9])[A-Za-z0-9]{32,}(?=[^A-Za-z0-9]|$)/g, label: 'Generic Long Token' },
|
|
68
|
+
];
|
|
69
|
+
// ── System prompt leak detection ──
|
|
70
|
+
// Fragments from SOUL.md security paragraphs that should never appear in agent output
|
|
71
|
+
const SYSTEM_PROMPT_FRAGMENTS = [
|
|
72
|
+
'<!-- SECURITY SECTION',
|
|
73
|
+
'<!-- END SECURITY SECTION -->',
|
|
74
|
+
'<!-- CIT-122: Trust Level Indicators',
|
|
75
|
+
'<!-- END CIT-122 -->',
|
|
76
|
+
'信任降级原则',
|
|
77
|
+
'永远不做清单',
|
|
78
|
+
'以下行为**绝对禁止**',
|
|
79
|
+
'可疑指令识别',
|
|
80
|
+
];
|
|
81
|
+
// ── Environment / internal path patterns ──
|
|
82
|
+
const ENV_LEAK_PATTERNS = [
|
|
83
|
+
/process\.env\.[A-Z_]{3,}/g,
|
|
84
|
+
/\/etc\/(?:passwd|shadow|hosts|resolv\.conf|ssl)/g,
|
|
85
|
+
/\$\{?(?:HOME|PATH|SECRET|API_KEY|TOKEN|DATABASE_URL|ENCRYPTION_KEY|LITELLM_PROXY_URL)[}\s]/g,
|
|
86
|
+
];
|
|
87
|
+
const INTERNAL_PATH_PATTERNS = [
|
|
88
|
+
/\/home\/node\/\.openclaw\//g,
|
|
89
|
+
/\/home\/openclaw\//g,
|
|
90
|
+
/\/workspace\/(?:SOUL|AGENTS|IDENTITY|USER|TOOLS|BOOTSTRAP|HEARTBEAT|MEMORY)\.md/g,
|
|
91
|
+
/\/opt\/openclaw-plugins\//g,
|
|
92
|
+
];
|
|
93
|
+
// ── Core filter function ──
|
|
94
|
+
export function filterOutput(content, instanceId, dlpConfig) {
|
|
95
|
+
const start = performance.now();
|
|
96
|
+
const matches = [];
|
|
97
|
+
let filtered = content;
|
|
98
|
+
// 1. Credential reverse match (highest priority)
|
|
99
|
+
if (dlpConfig.credentialLeakProtection) {
|
|
100
|
+
const index = credentialIndexes.get(instanceId);
|
|
101
|
+
if (index) {
|
|
102
|
+
for (const credValue of index) {
|
|
103
|
+
let searchFrom = 0;
|
|
104
|
+
while (true) {
|
|
105
|
+
const idx = filtered.indexOf(credValue, searchFrom);
|
|
106
|
+
if (idx === -1)
|
|
107
|
+
break;
|
|
108
|
+
matches.push({
|
|
109
|
+
category: 'credential_leak',
|
|
110
|
+
redactedSnippet: credValue.slice(0, 4) + '***',
|
|
111
|
+
});
|
|
112
|
+
if (dlpConfig.mode === 'redact' || dlpConfig.mode === 'block') {
|
|
113
|
+
filtered = filtered.slice(0, idx) + REDACTED + filtered.slice(idx + credValue.length);
|
|
114
|
+
searchFrom = idx + REDACTED.length;
|
|
115
|
+
}
|
|
116
|
+
else {
|
|
117
|
+
searchFrom = idx + credValue.length;
|
|
118
|
+
}
|
|
119
|
+
}
|
|
120
|
+
}
|
|
121
|
+
}
|
|
122
|
+
}
|
|
123
|
+
// 2. API Key pattern detection
|
|
124
|
+
if (dlpConfig.apiKeyPatternDetection) {
|
|
125
|
+
for (const { re } of API_KEY_PATTERNS) {
|
|
126
|
+
re.lastIndex = 0;
|
|
127
|
+
let match;
|
|
128
|
+
while ((match = re.exec(filtered)) !== null) {
|
|
129
|
+
const matchText = match[0];
|
|
130
|
+
if (matchText === REDACTED)
|
|
131
|
+
continue;
|
|
132
|
+
if (filtered.slice(match.index, match.index + REDACTED.length) === REDACTED)
|
|
133
|
+
continue;
|
|
134
|
+
matches.push({
|
|
135
|
+
category: 'api_key_pattern',
|
|
136
|
+
redactedSnippet: matchText.slice(0, 6) + '***',
|
|
137
|
+
});
|
|
138
|
+
if (dlpConfig.mode === 'redact' || dlpConfig.mode === 'block') {
|
|
139
|
+
filtered = filtered.slice(0, match.index) + REDACTED + filtered.slice(match.index + matchText.length);
|
|
140
|
+
re.lastIndex = match.index + REDACTED.length;
|
|
141
|
+
}
|
|
142
|
+
}
|
|
143
|
+
}
|
|
144
|
+
}
|
|
145
|
+
// 3. System prompt leak detection
|
|
146
|
+
if (dlpConfig.systemPromptLeakProtection) {
|
|
147
|
+
for (const fragment of SYSTEM_PROMPT_FRAGMENTS) {
|
|
148
|
+
const idx = filtered.indexOf(fragment);
|
|
149
|
+
if (idx !== -1) {
|
|
150
|
+
matches.push({
|
|
151
|
+
category: 'system_prompt_leak',
|
|
152
|
+
redactedSnippet: fragment.slice(0, 30) + '…',
|
|
153
|
+
});
|
|
154
|
+
if (dlpConfig.mode === 'redact' || dlpConfig.mode === 'block') {
|
|
155
|
+
filtered = filtered.slice(0, idx) + REDACTED + filtered.slice(idx + fragment.length);
|
|
156
|
+
}
|
|
157
|
+
}
|
|
158
|
+
}
|
|
159
|
+
// 3b. Workspace content verbatim dump detection (CIT-179)
|
|
160
|
+
const wsChunks = workspaceContentIndexes.get(instanceId);
|
|
161
|
+
if (wsChunks) {
|
|
162
|
+
let chunkHits = 0;
|
|
163
|
+
for (const chunk of wsChunks) {
|
|
164
|
+
if (filtered.includes(chunk)) {
|
|
165
|
+
chunkHits++;
|
|
166
|
+
}
|
|
167
|
+
if (chunkHits >= WORKSPACE_CHUNK_MATCH_THRESHOLD) {
|
|
168
|
+
matches.push({
|
|
169
|
+
category: 'system_prompt_leak',
|
|
170
|
+
redactedSnippet: 'Workspace file content dump detected',
|
|
171
|
+
});
|
|
172
|
+
if (dlpConfig.mode === 'redact' || dlpConfig.mode === 'block') {
|
|
173
|
+
filtered = BLOCKED_MESSAGE;
|
|
174
|
+
}
|
|
175
|
+
break;
|
|
176
|
+
}
|
|
177
|
+
}
|
|
178
|
+
}
|
|
179
|
+
}
|
|
180
|
+
// 4. Environment variable leak
|
|
181
|
+
if (dlpConfig.envLeakProtection) {
|
|
182
|
+
for (const re of ENV_LEAK_PATTERNS) {
|
|
183
|
+
re.lastIndex = 0;
|
|
184
|
+
let match;
|
|
185
|
+
while ((match = re.exec(filtered)) !== null) {
|
|
186
|
+
if (filtered.slice(match.index, match.index + REDACTED.length) === REDACTED)
|
|
187
|
+
continue;
|
|
188
|
+
matches.push({
|
|
189
|
+
category: 'env_leak',
|
|
190
|
+
redactedSnippet: match[0].slice(0, 20) + '…',
|
|
191
|
+
});
|
|
192
|
+
if (dlpConfig.mode === 'redact' || dlpConfig.mode === 'block') {
|
|
193
|
+
filtered = filtered.slice(0, match.index) + REDACTED + filtered.slice(match.index + match[0].length);
|
|
194
|
+
re.lastIndex = match.index + REDACTED.length;
|
|
195
|
+
}
|
|
196
|
+
}
|
|
197
|
+
}
|
|
198
|
+
}
|
|
199
|
+
// 5. Internal path leak
|
|
200
|
+
if (dlpConfig.internalPathProtection) {
|
|
201
|
+
for (const re of INTERNAL_PATH_PATTERNS) {
|
|
202
|
+
re.lastIndex = 0;
|
|
203
|
+
let match;
|
|
204
|
+
while ((match = re.exec(filtered)) !== null) {
|
|
205
|
+
if (filtered.slice(match.index, match.index + REDACTED.length) === REDACTED)
|
|
206
|
+
continue;
|
|
207
|
+
matches.push({
|
|
208
|
+
category: 'internal_path_leak',
|
|
209
|
+
redactedSnippet: match[0].slice(0, 20) + '…',
|
|
210
|
+
});
|
|
211
|
+
if (dlpConfig.mode === 'redact' || dlpConfig.mode === 'block') {
|
|
212
|
+
filtered = filtered.slice(0, match.index) + REDACTED + filtered.slice(match.index + match[0].length);
|
|
213
|
+
re.lastIndex = match.index + REDACTED.length;
|
|
214
|
+
}
|
|
215
|
+
}
|
|
216
|
+
}
|
|
217
|
+
}
|
|
218
|
+
// Apply block mode: if any match found, replace entire content
|
|
219
|
+
if (matches.length > 0 && dlpConfig.mode === 'block') {
|
|
220
|
+
filtered = BLOCKED_MESSAGE;
|
|
221
|
+
}
|
|
222
|
+
return {
|
|
223
|
+
filtered: matches.length > 0,
|
|
224
|
+
mode: dlpConfig.mode,
|
|
225
|
+
filteredContent: matches.length > 0 ? filtered : content,
|
|
226
|
+
matches,
|
|
227
|
+
durationMs: Math.round((performance.now() - start) * 100) / 100,
|
|
228
|
+
};
|
|
229
|
+
}
|
|
230
|
+
//# sourceMappingURL=output-filter.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"output-filter.js","sourceRoot":"","sources":["../../src/services/output-filter.ts"],"names":[],"mappings":"AAEA,MAAM,QAAQ,GAAG,YAAY,CAAC;AAC9B,MAAM,eAAe,GAAG,qBAAqB,CAAC;AAE9C,qEAAqE;AACrE,MAAM,qBAAqB,GAAG,CAAC,CAAC;AAEhC,mGAAmG;AACnG,MAAM,0BAA0B,GAAG,EAAE,CAAC;AACtC,uEAAuE;AACvE,MAAM,+BAA+B,GAAG,CAAC,CAAC;AAE1C,mDAAmD;AAEnD,MAAM,iBAAiB,GAAG,IAAI,GAAG,EAAuB,CAAC;AAEzD,MAAM,UAAU,oBAAoB,CAAC,UAAkB,EAAE,gBAA0B;IACjF,MAAM,KAAK,GAAG,IAAI,GAAG,EAAU,CAAC;IAChC,KAAK,MAAM,KAAK,IAAI,gBAAgB,EAAE,CAAC;QACrC,IAAI,KAAK,CAAC,MAAM,IAAI,qBAAqB,EAAE,CAAC;YAC1C,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACnB,CAAC;IACH,CAAC;IACD,IAAI,KAAK,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;QACnB,iBAAiB,CAAC,GAAG,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC;IAC3C,CAAC;AACH,CAAC;AAED,MAAM,UAAU,oBAAoB,CAAC,UAAkB;IACrD,iBAAiB,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;AACvC,CAAC;AAED,MAAM,UAAU,kBAAkB,CAAC,UAAkB;IACnD,OAAO,iBAAiB,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;AAC3C,CAAC;AAED,+CAA+C;AAC/C,gFAAgF;AAChF,gFAAgF;AAEhF,MAAM,uBAAuB,GAAG,IAAI,GAAG,EAAoB,CAAC;AAE5D,SAAS,aAAa,CAAC,OAAe,EAAE,SAAiB;IACvD,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAClC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QAC5B,IAAI,OAAO,CAAC,MAAM,IAAI,SAAS,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,KAAK,CAAC,EAAE,CAAC;YACzH,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACvB,CAAC;IACH,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,MAAM,UAAU,0BAA0B,CAAC,UAAkB,EAAE,cAAsC;IACnG,MAAM,SAAS,GAAa,EAAE,CAAC;IAC/B,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,MAAM,CAAC,cAAc,CAAC,EAAE,CAAC;QACpD,IAAI,OAAO,EAAE,CAAC;YACZ,SAAS,CAAC,IAAI,CAAC,GAAG,aAAa,CAAC,OAAO,EAAE,0BAA0B,CAAC,CAAC,CAAC;QACxE,CAAC;IACH,CAAC;IACD,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACzB,uBAAuB,CAAC,GAAG,CAAC,UAAU,EAAE,SAAS,CAAC,CAAC;IACrD,CAAC;AACH,CAAC;AAED,MAAM,UAAU,0BAA0B,CAAC,UAAkB;IAC3D,uBAAuB,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;AAC7C,CAAC;AAED,yCAAyC;AAEzC,MAAM,gBAAgB,GAAyC;IAC7D,EAAE,EAAE,EAAE,sBAAsB,EAAE,KAAK,EAAE,QAAQ,EAAE;IAC/C,EAAE,EAAE,EAAE,2BAA2B,EAAE,KAAK,EAAE,WAAW,EAAE;IACvD,EAAE,EAAE,EAAE,uBAAuB,EAAE,KAAK,EAAE,YAAY,EAAE;IACpD,EAAE,EAAE,EAAE,uBAAuB,EAAE,KAAK,EAAE,cAAc,EAAE;IACtD,EAAE,EAAE,EAAE,+BAA+B,EAAE,KAAK,EAAE,yBAAyB,EAAE;IACzE,EAAE,EAAE,EAAE,mBAAmB,EAAE,KAAK,EAAE,gBAAgB,EAAE;IACpD,EAAE,EAAE,EAAE,sCAAsC,EAAE,KAAK,EAAE,iBAAiB,EAAE;IACxE,EAAE,EAAE,EAAE,0CAA0C,EAAE,KAAK,EAAE,kBAAkB,EAAE;IAC7E,EAAE,EAAE,EAAE,wDAAwD,EAAE,KAAK,EAAE,oBAAoB,EAAE;CAC9F,CAAC;AAEF,qCAAqC;AACrC,sFAAsF;AACtF,MAAM,uBAAuB,GAAG;IAC9B,uBAAuB;IACvB,+BAA+B;IAC/B,sCAAsC;IACtC,sBAAsB;IACtB,QAAQ;IACR,QAAQ;IACR,cAAc;IACd,QAAQ;CACT,CAAC;AAEF,6CAA6C;AAE7C,MAAM,iBAAiB,GAAa;IAClC,2BAA2B;IAC3B,kDAAkD;IAClD,6FAA6F;CAC9F,CAAC;AAEF,MAAM,sBAAsB,GAAa;IACvC,6BAA6B;IAC7B,qBAAqB;IACrB,kFAAkF;IAClF,4BAA4B;CAC7B,CAAC;AAEF,6BAA6B;AAE7B,MAAM,UAAU,YAAY,CAC1B,OAAe,EACf,UAAkB,EAClB,SAAoB;IAEpB,MAAM,KAAK,GAAG,WAAW,CAAC,GAAG,EAAE,CAAC;IAChC,MAAM,OAAO,GAAwB,EAAE,CAAC;IACxC,IAAI,QAAQ,GAAG,OAAO,CAAC;IAEvB,iDAAiD;IACjD,IAAI,SAAS,CAAC,wBAAwB,EAAE,CAAC;QACvC,MAAM,KAAK,GAAG,iBAAiB,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QAChD,IAAI,KAAK,EAAE,CAAC;YACV,KAAK,MAAM,SAAS,IAAI,KAAK,EAAE,CAAC;gBAC9B,IAAI,UAAU,GAAG,CAAC,CAAC;gBACnB,OAAO,IAAI,EAAE,CAAC;oBACZ,MAAM,GAAG,GAAG,QAAQ,CAAC,OAAO,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC;oBACpD,IAAI,GAAG,KAAK,CAAC,CAAC;wBAAE,MAAM;oBACtB,OAAO,CAAC,IAAI,CAAC;wBACX,QAAQ,EAAE,iBAAiB;wBAC3B,eAAe,EAAE,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,KAAK;qBAC/C,CAAC,CAAC;oBACH,IAAI,SAAS,CAAC,IAAI,KAAK,QAAQ,IAAI,SAAS,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;wBAC9D,QAAQ,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,GAAG,QAAQ,GAAG,QAAQ,CAAC,KAAK,CAAC,GAAG,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC;wBACtF,UAAU,GAAG,GAAG,GAAG,QAAQ,CAAC,MAAM,CAAC;oBACrC,CAAC;yBAAM,CAAC;wBACN,UAAU,GAAG,GAAG,GAAG,SAAS,CAAC,MAAM,CAAC;oBACtC,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,+BAA+B;IAC/B,IAAI,SAAS,CAAC,sBAAsB,EAAE,CAAC;QACrC,KAAK,MAAM,EAAE,EAAE,EAAE,IAAI,gBAAgB,EAAE,CAAC;YACtC,EAAE,CAAC,SAAS,GAAG,CAAC,CAAC;YACjB,IAAI,KAA6B,CAAC;YAClC,OAAO,CAAC,KAAK,GAAG,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;gBAC5C,MAAM,SAAS,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;gBAC3B,IAAI,SAAS,KAAK,QAAQ;oBAAE,SAAS;gBACrC,IAAI,QAAQ,CAAC,KAAK,CAAC,KAAK,CAAC,KAAK,EAAE,KAAK,CAAC,KAAK,GAAG,QAAQ,CAAC,MAAM,CAAC,KAAK,QAAQ;oBAAE,SAAS;gBAEtF,OAAO,CAAC,IAAI,CAAC;oBACX,QAAQ,EAAE,iBAAiB;oBAC3B,eAAe,EAAE,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,KAAK;iBAC/C,CAAC,CAAC;gBACH,IAAI,SAAS,CAAC,IAAI,KAAK,QAAQ,IAAI,SAAS,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;oBAC9D,QAAQ,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,KAAK,CAAC,GAAG,QAAQ,GAAG,QAAQ,CAAC,KAAK,CAAC,KAAK,CAAC,KAAK,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC;oBACtG,EAAE,CAAC,SAAS,GAAG,KAAK,CAAC,KAAK,GAAG,QAAQ,CAAC,MAAM,CAAC;gBAC/C,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,kCAAkC;IAClC,IAAI,SAAS,CAAC,0BAA0B,EAAE,CAAC;QACzC,KAAK,MAAM,QAAQ,IAAI,uBAAuB,EAAE,CAAC;YAC/C,MAAM,GAAG,GAAG,QAAQ,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;YACvC,IAAI,GAAG,KAAK,CAAC,CAAC,EAAE,CAAC;gBACf,OAAO,CAAC,IAAI,CAAC;oBACX,QAAQ,EAAE,oBAAoB;oBAC9B,eAAe,EAAE,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG;iBAC7C,CAAC,CAAC;gBACH,IAAI,SAAS,CAAC,IAAI,KAAK,QAAQ,IAAI,SAAS,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;oBAC9D,QAAQ,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,GAAG,QAAQ,GAAG,QAAQ,CAAC,KAAK,CAAC,GAAG,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC;gBACvF,CAAC;YACH,CAAC;QACH,CAAC;QAED,0DAA0D;QAC1D,MAAM,QAAQ,GAAG,uBAAuB,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QACzD,IAAI,QAAQ,EAAE,CAAC;YACb,IAAI,SAAS,GAAG,CAAC,CAAC;YAClB,KAAK,MAAM,KAAK,IAAI,QAAQ,EAAE,CAAC;gBAC7B,IAAI,QAAQ,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;oBAC7B,SAAS,EAAE,CAAC;gBACd,CAAC;gBACD,IAAI,SAAS,IAAI,+BAA+B,EAAE,CAAC;oBACjD,OAAO,CAAC,IAAI,CAAC;wBACX,QAAQ,EAAE,oBAAoB;wBAC9B,eAAe,EAAE,sCAAsC;qBACxD,CAAC,CAAC;oBACH,IAAI,SAAS,CAAC,IAAI,KAAK,QAAQ,IAAI,SAAS,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;wBAC9D,QAAQ,GAAG,eAAe,CAAC;oBAC7B,CAAC;oBACD,MAAM;gBACR,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,+BAA+B;IAC/B,IAAI,SAAS,CAAC,iBAAiB,EAAE,CAAC;QAChC,KAAK,MAAM,EAAE,IAAI,iBAAiB,EAAE,CAAC;YACnC,EAAE,CAAC,SAAS,GAAG,CAAC,CAAC;YACjB,IAAI,KAA6B,CAAC;YAClC,OAAO,CAAC,KAAK,GAAG,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;gBAC5C,IAAI,QAAQ,CAAC,KAAK,CAAC,KAAK,CAAC,KAAK,EAAE,KAAK,CAAC,KAAK,GAAG,QAAQ,CAAC,MAAM,CAAC,KAAK,QAAQ;oBAAE,SAAS;gBACtF,OAAO,CAAC,IAAI,CAAC;oBACX,QAAQ,EAAE,UAAU;oBACpB,eAAe,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG;iBAC7C,CAAC,CAAC;gBACH,IAAI,SAAS,CAAC,IAAI,KAAK,QAAQ,IAAI,SAAS,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;oBAC9D,QAAQ,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,KAAK,CAAC,GAAG,QAAQ,GAAG,QAAQ,CAAC,KAAK,CAAC,KAAK,CAAC,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;oBACrG,EAAE,CAAC,SAAS,GAAG,KAAK,CAAC,KAAK,GAAG,QAAQ,CAAC,MAAM,CAAC;gBAC/C,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,wBAAwB;IACxB,IAAI,SAAS,CAAC,sBAAsB,EAAE,CAAC;QACrC,KAAK,MAAM,EAAE,IAAI,sBAAsB,EAAE,CAAC;YACxC,EAAE,CAAC,SAAS,GAAG,CAAC,CAAC;YACjB,IAAI,KAA6B,CAAC;YAClC,OAAO,CAAC,KAAK,GAAG,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;gBAC5C,IAAI,QAAQ,CAAC,KAAK,CAAC,KAAK,CAAC,KAAK,EAAE,KAAK,CAAC,KAAK,GAAG,QAAQ,CAAC,MAAM,CAAC,KAAK,QAAQ;oBAAE,SAAS;gBACtF,OAAO,CAAC,IAAI,CAAC;oBACX,QAAQ,EAAE,oBAAoB;oBAC9B,eAAe,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG;iBAC7C,CAAC,CAAC;gBACH,IAAI,SAAS,CAAC,IAAI,KAAK,QAAQ,IAAI,SAAS,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;oBAC9D,QAAQ,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,KAAK,CAAC,GAAG,QAAQ,GAAG,QAAQ,CAAC,KAAK,CAAC,KAAK,CAAC,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;oBACrG,EAAE,CAAC,SAAS,GAAG,KAAK,CAAC,KAAK,GAAG,QAAQ,CAAC,MAAM,CAAC;gBAC/C,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,+DAA+D;IAC/D,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,IAAI,SAAS,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;QACrD,QAAQ,GAAG,eAAe,CAAC;IAC7B,CAAC;IAED,OAAO;QACL,QAAQ,EAAE,OAAO,CAAC,MAAM,GAAG,CAAC;QAC5B,IAAI,EAAE,SAAS,CAAC,IAAI;QACpB,eAAe,EAAE,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,OAAO;QACxD,OAAO;QACP,UAAU,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,WAAW,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC,GAAG,GAAG,CAAC,GAAG,GAAG;KAChE,CAAC;AACJ,CAAC"}
|
|
@@ -0,0 +1,6 @@
|
|
|
1
|
+
import type { PromptGuardPattern, PromptGuardResult, PromptGuardSeverity } from '@aquarium/shared';
|
|
2
|
+
declare const SEVERITY_ORDER: Record<PromptGuardSeverity, number>;
|
|
3
|
+
export declare function scanMessage(text: string, customPatterns?: PromptGuardPattern[]): PromptGuardResult;
|
|
4
|
+
export declare function getDefaultPatterns(): PromptGuardPattern[];
|
|
5
|
+
export { SEVERITY_ORDER };
|
|
6
|
+
//# sourceMappingURL=prompt-guard.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"prompt-guard.d.ts","sourceRoot":"","sources":["../../src/services/prompt-guard.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,mBAAmB,EAAE,MAAM,kBAAkB,CAAC;AA+GnG,QAAA,MAAM,cAAc,EAAE,MAAM,CAAC,mBAAmB,EAAE,MAAM,CAAwC,CAAC;AAsBjG,wBAAgB,WAAW,CACzB,IAAI,EAAE,MAAM,EACZ,cAAc,CAAC,EAAE,kBAAkB,EAAE,GACpC,iBAAiB,CAuCnB;AAED,wBAAgB,kBAAkB,IAAI,kBAAkB,EAAE,CAEzD;AAED,OAAO,EAAE,cAAc,EAAE,CAAC"}
|
|
@@ -0,0 +1,165 @@
|
|
|
1
|
+
const DEFAULT_PATTERNS = [
|
|
2
|
+
// fake_system_message
|
|
3
|
+
{
|
|
4
|
+
id: 'fake-sys-01',
|
|
5
|
+
category: 'fake_system_message',
|
|
6
|
+
severity: 'warning',
|
|
7
|
+
pattern: '\\[\\s*(?:system\\s*message|admin|override|system\\s*prompt|developer\\s*mode)\\s*\\]',
|
|
8
|
+
flags: 'i',
|
|
9
|
+
description: '伪装系统消息标记',
|
|
10
|
+
},
|
|
11
|
+
{
|
|
12
|
+
id: 'fake-sys-02',
|
|
13
|
+
category: 'fake_system_message',
|
|
14
|
+
severity: 'critical',
|
|
15
|
+
pattern: '(?:^|\\n)\\s*(?:SYSTEM|ROOT|ADMIN)\\s*[::]',
|
|
16
|
+
flags: 'i',
|
|
17
|
+
description: '伪装系统身份前缀',
|
|
18
|
+
},
|
|
19
|
+
// instruction_override
|
|
20
|
+
{
|
|
21
|
+
id: 'override-01',
|
|
22
|
+
category: 'instruction_override',
|
|
23
|
+
severity: 'critical',
|
|
24
|
+
pattern: '(?:ignore|disregard|forget|override|忽略|无视|忘记|覆盖)\\s*(?:all\\s*)?(?:previous|above|prior|earlier|之前的?|上面的?)\\s*(?:instructions?|prompts?|rules?|指令|提示|规则)',
|
|
25
|
+
flags: 'i',
|
|
26
|
+
description: '指令覆盖模式(中英文)',
|
|
27
|
+
},
|
|
28
|
+
{
|
|
29
|
+
id: 'override-02',
|
|
30
|
+
category: 'instruction_override',
|
|
31
|
+
severity: 'warning',
|
|
32
|
+
pattern: '(?:you\\s+are\\s+now|from\\s+now\\s+on|new\\s+instructions?|你现在是|从现在开始|新的指令)',
|
|
33
|
+
flags: 'i',
|
|
34
|
+
description: '角色重定义尝试',
|
|
35
|
+
},
|
|
36
|
+
{
|
|
37
|
+
id: 'override-03',
|
|
38
|
+
category: 'instruction_override',
|
|
39
|
+
severity: 'critical',
|
|
40
|
+
pattern: '(?:ignore\\s+previous\\s+instructions|ignore\\s+all\\s+rules|disregard\\s+your\\s+programming)',
|
|
41
|
+
flags: 'i',
|
|
42
|
+
description: '英文经典覆盖模式',
|
|
43
|
+
},
|
|
44
|
+
// sensitive_probe
|
|
45
|
+
{
|
|
46
|
+
id: 'probe-01',
|
|
47
|
+
category: 'sensitive_probe',
|
|
48
|
+
severity: 'warning',
|
|
49
|
+
pattern: '(?:show|reveal|output|print|display|tell\\s+me|展示|显示|输出|告诉我)\\s*(?:your|the)?\\s*(?:system\\s*prompt|initial\\s*instructions?|source\\s*code|环境变量|系统提示|安全配置|SOUL\\.md|AGENTS\\.md)',
|
|
50
|
+
flags: 'i',
|
|
51
|
+
description: '系统提示词/配置泄露探测',
|
|
52
|
+
},
|
|
53
|
+
{
|
|
54
|
+
id: 'probe-02',
|
|
55
|
+
category: 'sensitive_probe',
|
|
56
|
+
severity: 'critical',
|
|
57
|
+
pattern: '(?:read|cat|type|print)\\s+(?:\\/etc\\/|~\\/\\.|\\$\\{?(?:HOME|PATH|SECRET|API_KEY|TOKEN))',
|
|
58
|
+
flags: 'i',
|
|
59
|
+
description: '内部文件/环境变量读取',
|
|
60
|
+
},
|
|
61
|
+
// destructive_action
|
|
62
|
+
{
|
|
63
|
+
id: 'destruct-01',
|
|
64
|
+
category: 'destructive_action',
|
|
65
|
+
severity: 'critical',
|
|
66
|
+
pattern: '(?:rm\\s+-rf|mkfs|dd\\s+if=|chmod\\s+777|:\\(\\)\\{\\s*:|curl\\s+.*\\|\\s*(?:bash|sh))',
|
|
67
|
+
flags: 'i',
|
|
68
|
+
description: '危险 shell 命令模式',
|
|
69
|
+
},
|
|
70
|
+
{
|
|
71
|
+
id: 'destruct-02',
|
|
72
|
+
category: 'destructive_action',
|
|
73
|
+
severity: 'warning',
|
|
74
|
+
pattern: '(?:delete\\s+all|drop\\s+(?:table|database)|truncate\\s+|删除所有|清空数据|格式化)',
|
|
75
|
+
flags: 'i',
|
|
76
|
+
description: '破坏性数据操作',
|
|
77
|
+
},
|
|
78
|
+
// fake_urgency
|
|
79
|
+
{
|
|
80
|
+
id: 'urgency-01',
|
|
81
|
+
category: 'fake_urgency',
|
|
82
|
+
severity: 'warning',
|
|
83
|
+
pattern: '(?:URGENT|EMERGENCY|CRITICAL)\\s*(?:SYSTEM\\s*)?(?:UPDATE|OVERRIDE|PATCH|MESSAGE|NOTICE|ALERT)',
|
|
84
|
+
flags: 'i',
|
|
85
|
+
description: '伪装紧急系统通知',
|
|
86
|
+
},
|
|
87
|
+
{
|
|
88
|
+
id: 'urgency-02',
|
|
89
|
+
category: 'fake_urgency',
|
|
90
|
+
severity: 'warning',
|
|
91
|
+
pattern: '(?:紧急更新|紧急通知|立即执行|必须马上)',
|
|
92
|
+
flags: 'i',
|
|
93
|
+
description: '伪装紧急中文通知',
|
|
94
|
+
},
|
|
95
|
+
// repetition_attack — 20+ chars repeated 5+ times (context window exhaustion)
|
|
96
|
+
{
|
|
97
|
+
id: 'repeat-01',
|
|
98
|
+
category: 'repetition_attack',
|
|
99
|
+
severity: 'info',
|
|
100
|
+
pattern: '(.{20,})\\1{4,}',
|
|
101
|
+
description: '重复内容攻击(上下文窗口耗尽)',
|
|
102
|
+
},
|
|
103
|
+
];
|
|
104
|
+
const SEVERITY_ORDER = { info: 0, warning: 1, critical: 2 };
|
|
105
|
+
const compiledCache = new Map();
|
|
106
|
+
function getCompiledPattern(p) {
|
|
107
|
+
const cacheKey = `${p.id}:${p.pattern}:${p.flags ?? 'i'}`;
|
|
108
|
+
let re = compiledCache.get(cacheKey);
|
|
109
|
+
if (!re) {
|
|
110
|
+
re = new RegExp(p.pattern, p.flags ?? 'i');
|
|
111
|
+
compiledCache.set(cacheKey, re);
|
|
112
|
+
}
|
|
113
|
+
return re;
|
|
114
|
+
}
|
|
115
|
+
function sanitizeSnippet(text, match) {
|
|
116
|
+
const start = Math.max(0, (match.index ?? 0) - 20);
|
|
117
|
+
const end = Math.min(text.length, (match.index ?? 0) + (match[0]?.length ?? 0) + 20);
|
|
118
|
+
let snippet = text.slice(start, end);
|
|
119
|
+
if (snippet.length > 100)
|
|
120
|
+
snippet = snippet.slice(0, 100) + '…';
|
|
121
|
+
return snippet;
|
|
122
|
+
}
|
|
123
|
+
export function scanMessage(text, customPatterns) {
|
|
124
|
+
const start = performance.now();
|
|
125
|
+
const allPatterns = customPatterns
|
|
126
|
+
? [...DEFAULT_PATTERNS, ...customPatterns]
|
|
127
|
+
: DEFAULT_PATTERNS;
|
|
128
|
+
const matches = [];
|
|
129
|
+
let maxSeverityValue = -1;
|
|
130
|
+
let maxSeverity = null;
|
|
131
|
+
for (const pattern of allPatterns) {
|
|
132
|
+
try {
|
|
133
|
+
const re = getCompiledPattern(pattern);
|
|
134
|
+
re.lastIndex = 0;
|
|
135
|
+
const match = re.exec(text);
|
|
136
|
+
if (match) {
|
|
137
|
+
matches.push({
|
|
138
|
+
patternId: pattern.id,
|
|
139
|
+
category: pattern.category,
|
|
140
|
+
severity: pattern.severity,
|
|
141
|
+
matchedSnippet: sanitizeSnippet(text, match),
|
|
142
|
+
});
|
|
143
|
+
const sv = SEVERITY_ORDER[pattern.severity];
|
|
144
|
+
if (sv > maxSeverityValue) {
|
|
145
|
+
maxSeverityValue = sv;
|
|
146
|
+
maxSeverity = pattern.severity;
|
|
147
|
+
}
|
|
148
|
+
}
|
|
149
|
+
}
|
|
150
|
+
catch {
|
|
151
|
+
// Skip malformed custom patterns silently
|
|
152
|
+
}
|
|
153
|
+
}
|
|
154
|
+
return {
|
|
155
|
+
detected: matches.length > 0,
|
|
156
|
+
maxSeverity,
|
|
157
|
+
matches,
|
|
158
|
+
durationMs: Math.round((performance.now() - start) * 100) / 100,
|
|
159
|
+
};
|
|
160
|
+
}
|
|
161
|
+
export function getDefaultPatterns() {
|
|
162
|
+
return [...DEFAULT_PATTERNS];
|
|
163
|
+
}
|
|
164
|
+
export { SEVERITY_ORDER };
|
|
165
|
+
//# sourceMappingURL=prompt-guard.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"prompt-guard.js","sourceRoot":"","sources":["../../src/services/prompt-guard.ts"],"names":[],"mappings":"AAEA,MAAM,gBAAgB,GAAyB;IAC7C,sBAAsB;IACtB;QACE,EAAE,EAAE,aAAa;QACjB,QAAQ,EAAE,qBAAqB;QAC/B,QAAQ,EAAE,SAAS;QACnB,OAAO,EAAE,uFAAuF;QAChG,KAAK,EAAE,GAAG;QACV,WAAW,EAAE,UAAU;KACxB;IACD;QACE,EAAE,EAAE,aAAa;QACjB,QAAQ,EAAE,qBAAqB;QAC/B,QAAQ,EAAE,UAAU;QACpB,OAAO,EAAE,4CAA4C;QACrD,KAAK,EAAE,GAAG;QACV,WAAW,EAAE,UAAU;KACxB;IAED,uBAAuB;IACvB;QACE,EAAE,EAAE,aAAa;QACjB,QAAQ,EAAE,sBAAsB;QAChC,QAAQ,EAAE,UAAU;QACpB,OAAO,EAAE,0JAA0J;QACnK,KAAK,EAAE,GAAG;QACV,WAAW,EAAE,aAAa;KAC3B;IACD;QACE,EAAE,EAAE,aAAa;QACjB,QAAQ,EAAE,sBAAsB;QAChC,QAAQ,EAAE,SAAS;QACnB,OAAO,EAAE,8EAA8E;QACvF,KAAK,EAAE,GAAG;QACV,WAAW,EAAE,SAAS;KACvB;IACD;QACE,EAAE,EAAE,aAAa;QACjB,QAAQ,EAAE,sBAAsB;QAChC,QAAQ,EAAE,UAAU;QACpB,OAAO,EAAE,gGAAgG;QACzG,KAAK,EAAE,GAAG;QACV,WAAW,EAAE,UAAU;KACxB;IAED,kBAAkB;IAClB;QACE,EAAE,EAAE,UAAU;QACd,QAAQ,EAAE,iBAAiB;QAC3B,QAAQ,EAAE,SAAS;QACnB,OAAO,EAAE,oLAAoL;QAC7L,KAAK,EAAE,GAAG;QACV,WAAW,EAAE,cAAc;KAC5B;IACD;QACE,EAAE,EAAE,UAAU;QACd,QAAQ,EAAE,iBAAiB;QAC3B,QAAQ,EAAE,UAAU;QACpB,OAAO,EAAE,4FAA4F;QACrG,KAAK,EAAE,GAAG;QACV,WAAW,EAAE,aAAa;KAC3B;IAED,qBAAqB;IACrB;QACE,EAAE,EAAE,aAAa;QACjB,QAAQ,EAAE,oBAAoB;QAC9B,QAAQ,EAAE,UAAU;QACpB,OAAO,EAAE,wFAAwF;QACjG,KAAK,EAAE,GAAG;QACV,WAAW,EAAE,eAAe;KAC7B;IACD;QACE,EAAE,EAAE,aAAa;QACjB,QAAQ,EAAE,oBAAoB;QAC9B,QAAQ,EAAE,SAAS;QACnB,OAAO,EAAE,yEAAyE;QAClF,KAAK,EAAE,GAAG;QACV,WAAW,EAAE,SAAS;KACvB;IAED,eAAe;IACf;QACE,EAAE,EAAE,YAAY;QAChB,QAAQ,EAAE,cAAc;QACxB,QAAQ,EAAE,SAAS;QACnB,OAAO,EAAE,gGAAgG;QACzG,KAAK,EAAE,GAAG;QACV,WAAW,EAAE,UAAU;KACxB;IACD;QACE,EAAE,EAAE,YAAY;QAChB,QAAQ,EAAE,cAAc;QACxB,QAAQ,EAAE,SAAS;QACnB,OAAO,EAAE,yBAAyB;QAClC,KAAK,EAAE,GAAG;QACV,WAAW,EAAE,UAAU;KACxB;IAED,8EAA8E;IAC9E;QACE,EAAE,EAAE,WAAW;QACf,QAAQ,EAAE,mBAAmB;QAC7B,QAAQ,EAAE,MAAM;QAChB,OAAO,EAAE,iBAAiB;QAC1B,WAAW,EAAE,iBAAiB;KAC/B;CACF,CAAC;AAEF,MAAM,cAAc,GAAwC,EAAE,IAAI,EAAE,CAAC,EAAE,OAAO,EAAE,CAAC,EAAE,QAAQ,EAAE,CAAC,EAAE,CAAC;AAEjG,MAAM,aAAa,GAAG,IAAI,GAAG,EAAkB,CAAC;AAEhD,SAAS,kBAAkB,CAAC,CAAqB;IAC/C,MAAM,QAAQ,GAAG,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,OAAO,IAAI,CAAC,CAAC,KAAK,IAAI,GAAG,EAAE,CAAC;IAC1D,IAAI,EAAE,GAAG,aAAa,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IACrC,IAAI,CAAC,EAAE,EAAE,CAAC;QACR,EAAE,GAAG,IAAI,MAAM,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,KAAK,IAAI,GAAG,CAAC,CAAC;QAC3C,aAAa,CAAC,GAAG,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;IAClC,CAAC;IACD,OAAO,EAAE,CAAC;AACZ,CAAC;AAED,SAAS,eAAe,CAAC,IAAY,EAAE,KAAsB;IAC3D,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,KAAK,IAAI,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC;IACnD,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,KAAK,IAAI,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,MAAM,IAAI,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC;IACrF,IAAI,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;IACrC,IAAI,OAAO,CAAC,MAAM,GAAG,GAAG;QAAE,OAAO,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,GAAG,GAAG,CAAC;IAChE,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,MAAM,UAAU,WAAW,CACzB,IAAY,EACZ,cAAqC;IAErC,MAAM,KAAK,GAAG,WAAW,CAAC,GAAG,EAAE,CAAC;IAChC,MAAM,WAAW,GAAG,cAAc;QAChC,CAAC,CAAC,CAAC,GAAG,gBAAgB,EAAE,GAAG,cAAc,CAAC;QAC1C,CAAC,CAAC,gBAAgB,CAAC;IAErB,MAAM,OAAO,GAAiC,EAAE,CAAC;IACjD,IAAI,gBAAgB,GAAG,CAAC,CAAC,CAAC;IAC1B,IAAI,WAAW,GAA+B,IAAI,CAAC;IAEnD,KAAK,MAAM,OAAO,IAAI,WAAW,EAAE,CAAC;QAClC,IAAI,CAAC;YACH,MAAM,EAAE,GAAG,kBAAkB,CAAC,OAAO,CAAC,CAAC;YACvC,EAAE,CAAC,SAAS,GAAG,CAAC,CAAC;YACjB,MAAM,KAAK,GAAG,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC5B,IAAI,KAAK,EAAE,CAAC;gBACV,OAAO,CAAC,IAAI,CAAC;oBACX,SAAS,EAAE,OAAO,CAAC,EAAE;oBACrB,QAAQ,EAAE,OAAO,CAAC,QAAQ;oBAC1B,QAAQ,EAAE,OAAO,CAAC,QAAQ;oBAC1B,cAAc,EAAE,eAAe,CAAC,IAAI,EAAE,KAAK,CAAC;iBAC7C,CAAC,CAAC;gBACH,MAAM,EAAE,GAAG,cAAc,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;gBAC5C,IAAI,EAAE,GAAG,gBAAgB,EAAE,CAAC;oBAC1B,gBAAgB,GAAG,EAAE,CAAC;oBACtB,WAAW,GAAG,OAAO,CAAC,QAAQ,CAAC;gBACjC,CAAC;YACH,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,0CAA0C;QAC5C,CAAC;IACH,CAAC;IAED,OAAO;QACL,QAAQ,EAAE,OAAO,CAAC,MAAM,GAAG,CAAC;QAC5B,WAAW;QACX,OAAO;QACP,UAAU,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,WAAW,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC,GAAG,GAAG,CAAC,GAAG,GAAG;KAChE,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,kBAAkB;IAChC,OAAO,CAAC,GAAG,gBAAgB,CAAC,CAAC;AAC/B,CAAC;AAED,OAAO,EAAE,cAAc,EAAE,CAAC"}
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
import type { SecurityEventType, InstanceEvent, PaginatedResponse, SecuritySummary, InstanceSecuritySummary } from '@aquarium/shared';
|
|
2
|
+
export declare function recordSecurityEvent(instanceId: string, type: SecurityEventType, severity: string, metadata?: Record<string, unknown>): Promise<void>;
|
|
3
|
+
export declare function querySecurityEvents(instanceId: string, userId: string, opts: {
|
|
4
|
+
page?: number;
|
|
5
|
+
limit?: number;
|
|
6
|
+
severity?: string;
|
|
7
|
+
type?: string;
|
|
8
|
+
}): Promise<PaginatedResponse<InstanceEvent>>;
|
|
9
|
+
export declare function getInstanceSecuritySummary(instanceId: string, userId: string): Promise<InstanceSecuritySummary>;
|
|
10
|
+
export declare function getSecuritySummary(userId: string): Promise<SecuritySummary>;
|
|
11
|
+
//# sourceMappingURL=security-event-service.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"security-event-service.d.ts","sourceRoot":"","sources":["../../src/services/security-event-service.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EACV,iBAAiB,EAEjB,aAAa,EACb,iBAAiB,EACjB,eAAe,EACf,uBAAuB,EAExB,MAAM,kBAAkB,CAAC;AAE1B,wBAAsB,mBAAmB,CACvC,UAAU,EAAE,MAAM,EAClB,IAAI,EAAE,iBAAiB,EACvB,QAAQ,EAAE,MAAM,EAChB,QAAQ,GAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAM,GACrC,OAAO,CAAC,IAAI,CAAC,CAiBf;AAED,wBAAsB,mBAAmB,CACvC,UAAU,EAAE,MAAM,EAClB,MAAM,EAAE,MAAM,EACd,IAAI,EAAE;IAAE,IAAI,CAAC,EAAE,MAAM,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAC;IAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAAC,IAAI,CAAC,EAAE,MAAM,CAAA;CAAE,GACxE,OAAO,CAAC,iBAAiB,CAAC,aAAa,CAAC,CAAC,CAuD3C;AAED,wBAAsB,0BAA0B,CAC9C,UAAU,EAAE,MAAM,EAClB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,uBAAuB,CAAC,CAmFlC;AAED,wBAAsB,kBAAkB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,CAAC,CA6DjF"}
|
|
@@ -0,0 +1,201 @@
|
|
|
1
|
+
import { db } from '../db/index.js';
|
|
2
|
+
import { getAdapter } from '../db/adapter.js';
|
|
3
|
+
import { broadcast } from '../ws/index.js';
|
|
4
|
+
export async function recordSecurityEvent(instanceId, type, severity, metadata = {}) {
|
|
5
|
+
await db('instance_events').insert({
|
|
6
|
+
instance_id: instanceId,
|
|
7
|
+
event_type: type,
|
|
8
|
+
metadata: JSON.stringify({ severity, ...metadata }),
|
|
9
|
+
});
|
|
10
|
+
broadcast(instanceId, {
|
|
11
|
+
type: 'security_event',
|
|
12
|
+
instanceId,
|
|
13
|
+
payload: {
|
|
14
|
+
category: type,
|
|
15
|
+
severity,
|
|
16
|
+
...metadata,
|
|
17
|
+
timestamp: new Date().toISOString(),
|
|
18
|
+
},
|
|
19
|
+
});
|
|
20
|
+
}
|
|
21
|
+
export async function querySecurityEvents(instanceId, userId, opts) {
|
|
22
|
+
const ownerCheck = await db('instances').where({ id: instanceId, user_id: userId }).first();
|
|
23
|
+
if (!ownerCheck)
|
|
24
|
+
throw new Error('Instance not found');
|
|
25
|
+
const page = Math.max(1, opts.page ?? 1);
|
|
26
|
+
const limit = Math.min(100, Math.max(1, opts.limit ?? 20));
|
|
27
|
+
const offset = (page - 1) * limit;
|
|
28
|
+
let query = db('instance_events')
|
|
29
|
+
.where({ instance_id: instanceId })
|
|
30
|
+
.where('event_type', 'like', 'security:%');
|
|
31
|
+
let countQuery = db('instance_events')
|
|
32
|
+
.where({ instance_id: instanceId })
|
|
33
|
+
.where('event_type', 'like', 'security:%');
|
|
34
|
+
if (opts.type) {
|
|
35
|
+
query = query.where('event_type', opts.type);
|
|
36
|
+
countQuery = countQuery.where('event_type', opts.type);
|
|
37
|
+
}
|
|
38
|
+
if (opts.severity) {
|
|
39
|
+
const _adapter = getAdapter();
|
|
40
|
+
if (_adapter.dialect === 'pg') {
|
|
41
|
+
query = query.whereRaw("metadata->>'severity' = ?", [opts.severity]);
|
|
42
|
+
countQuery = countQuery.whereRaw("metadata->>'severity' = ?", [opts.severity]);
|
|
43
|
+
}
|
|
44
|
+
else {
|
|
45
|
+
query = query.whereRaw("json_extract(metadata, '$.severity') = ?", [opts.severity]);
|
|
46
|
+
countQuery = countQuery.whereRaw("json_extract(metadata, '$.severity') = ?", [opts.severity]);
|
|
47
|
+
}
|
|
48
|
+
}
|
|
49
|
+
const [{ count }] = await countQuery.count('* as count');
|
|
50
|
+
const total = Number(count);
|
|
51
|
+
const rows = await query
|
|
52
|
+
.orderBy('created_at', 'desc')
|
|
53
|
+
.offset(offset)
|
|
54
|
+
.limit(limit);
|
|
55
|
+
const items = rows.map((row) => ({
|
|
56
|
+
id: row.id,
|
|
57
|
+
instanceId: row.instance_id,
|
|
58
|
+
eventType: row.event_type,
|
|
59
|
+
metadata: (typeof row.metadata === 'string' ? JSON.parse(row.metadata) : row.metadata ?? {}),
|
|
60
|
+
createdAt: String(row.created_at),
|
|
61
|
+
}));
|
|
62
|
+
return {
|
|
63
|
+
items,
|
|
64
|
+
total,
|
|
65
|
+
page,
|
|
66
|
+
limit,
|
|
67
|
+
totalPages: Math.ceil(total / limit),
|
|
68
|
+
};
|
|
69
|
+
}
|
|
70
|
+
export async function getInstanceSecuritySummary(instanceId, userId) {
|
|
71
|
+
const instance = await db('instances')
|
|
72
|
+
.where({ id: instanceId, user_id: userId })
|
|
73
|
+
.select('id', 'security_profile', 'config')
|
|
74
|
+
.first();
|
|
75
|
+
if (!instance)
|
|
76
|
+
throw new Error('Instance not found');
|
|
77
|
+
const adapter = getAdapter();
|
|
78
|
+
const since = adapter.intervalAgo(db, 1, 'days');
|
|
79
|
+
const severityExpr = adapter.dialect === 'pg'
|
|
80
|
+
? db.raw("metadata->>'severity' as severity")
|
|
81
|
+
: db.raw("json_extract(metadata, '$.severity') as severity");
|
|
82
|
+
const severityGroup = adapter.dialect === 'pg'
|
|
83
|
+
? db.raw("metadata->>'severity'")
|
|
84
|
+
: db.raw("json_extract(metadata, '$.severity')");
|
|
85
|
+
const baseQuery = () => db('instance_events')
|
|
86
|
+
.where({ instance_id: instanceId })
|
|
87
|
+
.where('event_type', 'like', 'security:%')
|
|
88
|
+
.where('created_at', '>', since);
|
|
89
|
+
const [typeRows, severityRows, [criticalRow], topRows] = await Promise.all([
|
|
90
|
+
baseQuery()
|
|
91
|
+
.select('event_type')
|
|
92
|
+
.count('* as count')
|
|
93
|
+
.groupBy('event_type'),
|
|
94
|
+
baseQuery()
|
|
95
|
+
.select(severityExpr)
|
|
96
|
+
.count('* as count')
|
|
97
|
+
.groupBy(severityGroup),
|
|
98
|
+
adapter.dialect === 'pg'
|
|
99
|
+
? baseQuery().whereRaw("metadata->>'severity' = 'critical'").count('* as count')
|
|
100
|
+
: baseQuery().whereRaw("json_extract(metadata, '$.severity') = 'critical'").count('* as count'),
|
|
101
|
+
db('instance_events')
|
|
102
|
+
.where({ instance_id: instanceId })
|
|
103
|
+
.where('event_type', 'like', 'security:%')
|
|
104
|
+
.orderBy('created_at', 'desc')
|
|
105
|
+
.limit(5),
|
|
106
|
+
]);
|
|
107
|
+
const byType = {};
|
|
108
|
+
let totalEvents24h = 0;
|
|
109
|
+
for (const row of typeRows) {
|
|
110
|
+
const c = Number(row.count);
|
|
111
|
+
byType[row.event_type] = c;
|
|
112
|
+
totalEvents24h += c;
|
|
113
|
+
}
|
|
114
|
+
const bySeverity = {};
|
|
115
|
+
for (const row of severityRows) {
|
|
116
|
+
bySeverity[row.severity ?? 'unknown'] = Number(row.count);
|
|
117
|
+
}
|
|
118
|
+
const topEvents = topRows.map((row) => ({
|
|
119
|
+
id: row.id,
|
|
120
|
+
instanceId: row.instance_id,
|
|
121
|
+
eventType: row.event_type,
|
|
122
|
+
metadata: (typeof row.metadata === 'string' ? JSON.parse(row.metadata) : row.metadata ?? {}),
|
|
123
|
+
createdAt: String(row.created_at),
|
|
124
|
+
}));
|
|
125
|
+
const profile = instance.security_profile || 'standard';
|
|
126
|
+
const config = typeof instance.config === 'string' ? JSON.parse(instance.config) : instance.config;
|
|
127
|
+
const isStrictOrStandard = profile === 'strict' || profile === 'standard';
|
|
128
|
+
const protection = {
|
|
129
|
+
securityProfile: profile,
|
|
130
|
+
trustLayers: isStrictOrStandard,
|
|
131
|
+
injectionDetection: profile === 'strict',
|
|
132
|
+
outputFiltering: isStrictOrStandard,
|
|
133
|
+
dlpScanning: profile === 'strict',
|
|
134
|
+
configIntegrity: Boolean(config?.['openclaw.json']),
|
|
135
|
+
};
|
|
136
|
+
return {
|
|
137
|
+
instanceId,
|
|
138
|
+
totalEvents24h,
|
|
139
|
+
bySeverity,
|
|
140
|
+
byType,
|
|
141
|
+
recentCritical: Number(criticalRow?.count ?? 0),
|
|
142
|
+
protection,
|
|
143
|
+
topEvents,
|
|
144
|
+
};
|
|
145
|
+
}
|
|
146
|
+
export async function getSecuritySummary(userId) {
|
|
147
|
+
const instanceIds = await db('instances')
|
|
148
|
+
.where({ user_id: userId })
|
|
149
|
+
.select('id');
|
|
150
|
+
const ids = instanceIds.map((r) => r.id);
|
|
151
|
+
if (ids.length === 0) {
|
|
152
|
+
return { totalEvents: 0, bySeverity: {}, byType: {}, recentCritical: 0 };
|
|
153
|
+
}
|
|
154
|
+
const adapter2 = getAdapter();
|
|
155
|
+
const severityExpr2 = adapter2.dialect === 'pg'
|
|
156
|
+
? db.raw("metadata->>'severity' as severity")
|
|
157
|
+
: db.raw("json_extract(metadata, '$.severity') as severity");
|
|
158
|
+
const severityGroup2 = adapter2.dialect === 'pg'
|
|
159
|
+
? db.raw("metadata->>'severity'")
|
|
160
|
+
: db.raw("json_extract(metadata, '$.severity')");
|
|
161
|
+
const baseQuery = () => db('instance_events')
|
|
162
|
+
.whereIn('instance_id', ids)
|
|
163
|
+
.where('event_type', 'like', 'security:%');
|
|
164
|
+
const [typeRows, severityRows, [criticalRow]] = await Promise.all([
|
|
165
|
+
baseQuery()
|
|
166
|
+
.select('event_type')
|
|
167
|
+
.count('* as count')
|
|
168
|
+
.groupBy('event_type'),
|
|
169
|
+
baseQuery()
|
|
170
|
+
.select(severityExpr2)
|
|
171
|
+
.count('* as count')
|
|
172
|
+
.groupBy(severityGroup2),
|
|
173
|
+
adapter2.dialect === 'pg'
|
|
174
|
+
? baseQuery()
|
|
175
|
+
.whereRaw("metadata->>'severity' = 'critical'")
|
|
176
|
+
.where('created_at', '>', adapter2.intervalAgo(db, 1, 'days'))
|
|
177
|
+
.count('* as count')
|
|
178
|
+
: baseQuery()
|
|
179
|
+
.whereRaw("json_extract(metadata, '$.severity') = 'critical'")
|
|
180
|
+
.where('created_at', '>', adapter2.intervalAgo(db, 1, 'days'))
|
|
181
|
+
.count('* as count'),
|
|
182
|
+
]);
|
|
183
|
+
const byType = {};
|
|
184
|
+
let totalEvents = 0;
|
|
185
|
+
for (const row of typeRows) {
|
|
186
|
+
const c = Number(row.count);
|
|
187
|
+
byType[row.event_type] = c;
|
|
188
|
+
totalEvents += c;
|
|
189
|
+
}
|
|
190
|
+
const bySeverity = {};
|
|
191
|
+
for (const row of severityRows) {
|
|
192
|
+
bySeverity[row.severity ?? 'unknown'] = Number(row.count);
|
|
193
|
+
}
|
|
194
|
+
return {
|
|
195
|
+
totalEvents,
|
|
196
|
+
bySeverity,
|
|
197
|
+
byType,
|
|
198
|
+
recentCritical: Number(criticalRow?.count ?? 0),
|
|
199
|
+
};
|
|
200
|
+
}
|
|
201
|
+
//# sourceMappingURL=security-event-service.js.map
|