@beingmartinbmc/ojas 0.2.0

package/dist/raksha/prompt-injection-detectors.d.ts

@@ -0,0 +1,30 @@
+import type { PromptInjectionAssessment, PromptInjectionDetector, PromptInjectionDetectorInput, ThreatType } from '../types';
+export interface PromptInjectionRulePattern {
+    type: ThreatType;
+    weight: number;
+    pattern: RegExp;
+    reason: string;
+}
+export declare class RuleBasedPromptInjectionDetector implements PromptInjectionDetector {
+    private readonly patterns;
+    readonly name = "prompt-injection/rules";
+    constructor(patterns: PromptInjectionRulePattern[]);
+    detect(input: PromptInjectionDetectorInput): PromptInjectionAssessment;
+}
+/**
+ * Deterministic semantic-intent detector. This does not infer arbitrary
+ * meaning; it checks for intent frames that policy-launder an injection
+ * without canonical "ignore previous instructions" wording.
+ */
+export declare class SemanticIntentPromptInjectionDetector implements PromptInjectionDetector {
+    readonly name = "prompt-injection/semantic-intent";
+    private readonly patterns;
+    detect(input: PromptInjectionDetectorInput): PromptInjectionAssessment;
+}
+export declare class EnsemblePromptInjectionDetector implements PromptInjectionDetector {
+    private readonly detectors;
+    readonly name: string;
+    constructor(detectors: PromptInjectionDetector[]);
+    detect(input: PromptInjectionDetectorInput): PromptInjectionAssessment;
+}
+//# sourceMappingURL=prompt-injection-detectors.d.ts.map

package/dist/raksha/prompt-injection-detectors.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"prompt-injection-detectors.d.ts","sourceRoot":"","sources":["../../src/raksha/prompt-injection-detectors.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,yBAAyB,EACzB,uBAAuB,EACvB,4BAA4B,EAC5B,UAAU,EACX,MAAM,UAAU,CAAC;AAElB,MAAM,WAAW,0BAA0B;IACzC,IAAI,EAAE,UAAU,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;CAChB;AA2BD,qBAAa,gCAAiC,YAAW,uBAAuB;IAGlE,OAAO,CAAC,QAAQ,CAAC,QAAQ;IAFrC,QAAQ,CAAC,IAAI,4BAA4B;gBAEZ,QAAQ,EAAE,0BAA0B,EAAE;IAEnE,MAAM,CAAC,KAAK,EAAE,4BAA4B,GAAG,yBAAyB;CA4BvE;AAED;;;;GAIG;AACH,qBAAa,qCAAsC,YAAW,uBAAuB;IACnF,QAAQ,CAAC,IAAI,sCAAsC;IAEnD,OAAO,CAAC,QAAQ,CAAC,QAAQ,CA+BvB;IAEF,MAAM,CAAC,KAAK,EAAE,4BAA4B,GAAG,yBAAyB;CAmBvE;AAED,qBAAa,+BAAgC,YAAW,uBAAuB;IAGjE,OAAO,CAAC,QAAQ,CAAC,SAAS;IAFtC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;gBAEO,SAAS,EAAE,uBAAuB,EAAE;IAIjE,MAAM,CAAC,KAAK,EAAE,4BAA4B,GAAG,yBAAyB;CAuBvE"}

package/dist/raksha/prompt-injection-detectors.js

@@ -0,0 +1,153 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.EnsemblePromptInjectionDetector = exports.SemanticIntentPromptInjectionDetector = exports.RuleBasedPromptInjectionDetector = void 0;
+function clamp(v, min = 0, max = 1) {
+    return Math.max(min, Math.min(max, v));
+}
+function emptyAssessment(detector) {
+    return {
+        threatType: 'unknown',
+        riskScore: 0,
+        reasons: [],
+        detectedBy: detector,
+    };
+}
+function topThreat(matches) {
+    let threatType = 'unknown';
+    let topWeight = -1;
+    for (const match of matches) {
+        if (match.weight > topWeight) {
+            threatType = match.type;
+            topWeight = match.weight;
+        }
+    }
+    return threatType;
+}
+class RuleBasedPromptInjectionDetector {
+    patterns;
+    name = 'prompt-injection/rules';
+    constructor(patterns) {
+        this.patterns = patterns;
+    }
+    detect(input) {
+        let riskScore = 0;
+        const reasons = [];
+        const matches = [];
+        for (const threat of this.patterns) {
+            if (threat.pattern.test(input.scanTarget)) {
+                riskScore += threat.weight;
+                reasons.push(threat.reason);
+                matches.push({ type: threat.type, weight: threat.weight });
+            }
+        }
+        if (riskScore === 0)
+            return emptyAssessment(this.name);
+        if (input.normalizedContent !== input.item.content) {
+            reasons.push('Detected after Unicode normalization (homoglyph / zero-width / NFKC).');
+        }
+        if (input.expandedContent !== undefined) {
+            reasons.push('Detected after base64 decode-and-rescan.');
+        }
+        return {
+            threatType: topThreat(matches),
+            riskScore: clamp(riskScore),
+            reasons,
+            detectedBy: this.name,
+        };
+    }
+}
+exports.RuleBasedPromptInjectionDetector = RuleBasedPromptInjectionDetector;
+/**
+ * Deterministic semantic-intent detector. This does not infer arbitrary
+ * meaning; it checks for intent frames that policy-launder an injection
+ * without canonical "ignore previous instructions" wording.
+ */
+class SemanticIntentPromptInjectionDetector {
+    name = 'prompt-injection/semantic-intent';
+    patterns = [
+        {
+            type: 'instruction_override',
+            weight: 0.7,
+            pattern: /\b(?:for\s+the\s+rest\s+of\s+(?:this\s+)?(?:conversation|session)|going\s+forward|from\s+here\s+on)\b.{0,120}\b(?:treat|consider|mark|classify)\b.{0,80}\b(?:policy|safety|guardrails?|higher[- ]priority|developer|system)\b.{0,80}\b(?:optional|historical|non[- ]binding|background|advisory|lower\s+priority)\b/i,
+            reason: 'Policy-laundering attempt: reframes higher-priority safety instructions as optional or lower-priority.',
+        },
+        {
+            type: 'instruction_override',
+            weight: 0.55,
+            pattern: /\b(?:rank|prioriti[sz]e|prefer)\b.{0,80}\b(?:user|customer|task|objective|business)\b.{0,80}\b(?:above|over|instead\s+of)\b.{0,80}\b(?:system|developer|safety|policy|guardrails?)\b/i,
+            reason: 'Attempts to reorder the instruction hierarchy in favor of user/task objectives.',
+        },
+        {
+            type: 'prompt_injection',
+            weight: 0.7,
+            pattern: /\b(?:summari[sz]e|translate|paraphrase|compress|extract)\b.{0,80}\b(?:hidden|private|internal|developer|system)\b.{0,80}\b(?:instructions?|directions?|policy|prompt|message)\b/i,
+            reason: 'Asks to transform hidden/system instructions rather than reveal them directly.',
+        },
+        {
+            type: 'tool_misuse',
+            weight: 0.7,
+            pattern: /\b(?:diagnostic|test|simulation|audit|compliance)\s+(?:mode|exercise|scenario)\b.{0,140}\b(?:use|call|invoke|run)\b.{0,80}\b(?:tools?|apis?|commands?)\b.{0,80}\b(?:without|bypassing|outside|before)\b.{0,80}\b(?:approval|confirmation|authorization|policy)\b/i,
+            reason: 'Uses an audit/test framing to normalize unauthorized tool use.',
+        },
+        {
+            type: 'memory_poisoning',
+            weight: 0.55,
+            pattern: /\b(?:update|revise|correct|patch)\b.{0,80}\b(?:your|the)\b.{0,40}\b(?:memory|beliefs?|policy)\b.{0,100}\b(?:requests?\s+for\s+secrets?|credential\s+sharing|prompt\s+disclosure)\b.{0,80}\b(?:allowed|safe|approved|expected)\b/i,
+            reason: 'Semantic memory-poisoning attempt: tries to rewrite safety policy as an accepted belief.',
+        },
+    ];
+    detect(input) {
+        let riskScore = 0;
+        const reasons = [];
+        const matches = [];
+        for (const pattern of this.patterns) {
+            if (pattern.pattern.test(input.scanTarget)) {
+                riskScore += pattern.weight;
+                reasons.push(pattern.reason);
+                matches.push({ type: pattern.type, weight: pattern.weight });
+            }
+        }
+        if (riskScore === 0)
+            return emptyAssessment(this.name);
+        return {
+            threatType: topThreat(matches),
+            riskScore: clamp(riskScore),
+            reasons,
+            detectedBy: this.name,
+        };
+    }
+}
+exports.SemanticIntentPromptInjectionDetector = SemanticIntentPromptInjectionDetector;
+class EnsemblePromptInjectionDetector {
+    detectors;
+    name;
+    constructor(detectors) {
+        this.detectors = detectors;
+        this.name = `prompt-injection/ensemble(${detectors.map((d) => d.name).join('+')})`;
+    }
+    detect(input) {
+        let riskScore = 0;
+        const reasons = [];
+        const matches = [];
+        const detectorNames = [];
+        for (const detector of this.detectors) {
+            const assessment = detector.detect(input);
+            if (assessment.riskScore <= 0)
+                continue;
+            riskScore += assessment.riskScore;
+            reasons.push(...assessment.reasons);
+            matches.push({ type: assessment.threatType, weight: assessment.riskScore });
+            detectorNames.push(assessment.detectedBy);
+        }
+        if (riskScore === 0)
+            return emptyAssessment(this.name);
+        return {
+            threatType: topThreat(matches),
+            riskScore: clamp(riskScore),
+            reasons: [...new Set(reasons)],
+            detectedBy: detectorNames.length > 0 ? detectorNames.join(',') : this.name,
+        };
+    }
+}
+exports.EnsemblePromptInjectionDetector = EnsemblePromptInjectionDetector;
+//# sourceMappingURL=prompt-injection-detectors.js.map

package/dist/raksha/prompt-injection-detectors.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"prompt-injection-detectors.js","sourceRoot":"","sources":["../../src/raksha/prompt-injection-detectors.ts"],"names":[],"mappings":";;;AAcA,SAAS,KAAK,CAAC,CAAS,EAAE,GAAG,GAAG,CAAC,EAAE,GAAG,GAAG,CAAC;IACxC,OAAO,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC;AACzC,CAAC;AAED,SAAS,eAAe,CAAC,QAAgB;IACvC,OAAO;QACL,UAAU,EAAE,SAAS;QACrB,SAAS,EAAE,CAAC;QACZ,OAAO,EAAE,EAAE;QACX,UAAU,EAAE,QAAQ;KACrB,CAAC;AACJ,CAAC;AAED,SAAS,SAAS,CAAC,OAAoD;IACrE,IAAI,UAAU,GAAe,SAAS,CAAC;IACvC,IAAI,SAAS,GAAG,CAAC,CAAC,CAAC;IACnB,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;QAC5B,IAAI,KAAK,CAAC,MAAM,GAAG,SAAS,EAAE,CAAC;YAC7B,UAAU,GAAG,KAAK,CAAC,IAAI,CAAC;YACxB,SAAS,GAAG,KAAK,CAAC,MAAM,CAAC;QAC3B,CAAC;IACH,CAAC;IACD,OAAO,UAAU,CAAC;AACpB,CAAC;AAED,MAAa,gCAAgC;IAGd;IAFpB,IAAI,GAAG,wBAAwB,CAAC;IAEzC,YAA6B,QAAsC;QAAtC,aAAQ,GAAR,QAAQ,CAA8B;IAAG,CAAC;IAEvE,MAAM,CAAC,KAAmC;QACxC,IAAI,SAAS,GAAG,CAAC,CAAC;QAClB,MAAM,OAAO,GAAa,EAAE,CAAC;QAC7B,MAAM,OAAO,GAAgD,EAAE,CAAC;QAEhE,KAAK,MAAM,MAAM,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YACnC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,EAAE,CAAC;gBAC1C,SAAS,IAAI,MAAM,CAAC,MAAM,CAAC;gBAC3B,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;gBAC5B,OAAO,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,MAAM,CAAC,IAAI,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;YAC7D,CAAC;QACH,CAAC;QAED,IAAI,SAAS,KAAK,CAAC;YAAE,OAAO,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACvD,IAAI,KAAK,CAAC,iBAAiB,KAAK,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;YACnD,OAAO,CAAC,IAAI,CAAC,uEAAuE,CAAC,CAAC;QACxF,CAAC;QACD,IAAI,KAAK,CAAC,eAAe,KAAK,SAAS,EAAE,CAAC;YACxC,OAAO,CAAC,IAAI,CAAC,0CAA0C,CAAC,CAAC;QAC3D,CAAC;QAED,OAAO;YACL,UAAU,EAAE,SAAS,CAAC,OAAO,CAAC;YAC9B,SAAS,EAAE,KAAK,CAAC,SAAS,CAAC;YAC3B,OAAO;YACP,UAAU,EAAE,IAAI,CAAC,IAAI;SACtB,CAAC;IACJ,CAAC;CACF;AAjCD,4EAiCC;AAED;;;;GAIG;AACH,MAAa,qCAAqC;IACvC,IAAI,GAAG,kCAAkC,CAAC;IAElC,QAAQ,GAAiC;QACxD;YACE,IAAI,EAAE,sBAAsB;YAC5B,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,sTAAsT;YAC/T,MAAM,EAAE,wGAAwG;SACjH;QACD;YACE,IAAI,EAAE,sBAAsB;YAC5B,MAAM,EAAE,IAAI;YACZ,OAAO,EAAE,uLAAuL;YAChM,MAAM,EAAE,iFAAiF;SAC1F;QACD;YACE,IAAI,EAAE,kBAAkB;YACxB,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,kLAAkL;YAC3L,MAAM,EAAE,gFAAgF;SACzF;QACD;YACE,IAAI,EAAE,aAAa;YACnB,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,mQAAmQ;YAC5Q,MAAM,EAAE,gEAAgE;SACzE;QACD;YACE,IAAI,EAAE,kBAAkB;YACxB,MAAM,EAAE,IAAI;YACZ,OAAO,EAAE,kOAAkO;YAC3O,MAAM,EAAE,0FAA0F;SACnG;KACF,CAAC;IAEF,MAAM,CAAC,KAAmC;QACxC,IAAI,SAAS,GAAG,CAAC,CAAC;QAClB,MAAM,OAAO,GAAa,EAAE,CAAC;QAC7B,MAAM,OAAO,GAAgD,EAAE,CAAC;QAChE,KAAK,MAAM,OAAO,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YACpC,IAAI,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,EAAE,CAAC;gBAC3C,SAAS,IAAI,OAAO,CAAC,MAAM,CAAC;gBAC5B,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;gBAC7B,OAAO,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,OAAO,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;YAC/D,CAAC;QACH,CAAC;QACD,IAAI,SAAS,KAAK,CAAC;YAAE,OAAO,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACvD,OAAO;YACL,UAAU,EAAE,SAAS,CAAC,OAAO,CAAC;YAC9B,SAAS,EAAE,KAAK,CAAC,SAAS,CAAC;YAC3B,OAAO;YACP,UAAU,EAAE,IAAI,CAAC,IAAI;SACtB,CAAC;IACJ,CAAC;CACF;AAvDD,sFAuDC;AAED,MAAa,+BAA+B;IAGb;IAFpB,IAAI,CAAS;IAEtB,YAA6B,SAAoC;QAApC,cAAS,GAAT,SAAS,CAA2B;QAC/D,IAAI,CAAC,IAAI,GAAG,6BAA6B,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC;IACrF,CAAC;IAED,MAAM,CAAC,KAAmC;QACxC,IAAI,SAAS,GAAG,CAAC,CAAC;QAClB,MAAM,OAAO,GAAa,EAAE,CAAC;QAC7B,MAAM,OAAO,GAAgD,EAAE,CAAC;QAChE,MAAM,aAAa,GAAa,EAAE,CAAC;QAEnC,KAAK,MAAM,QAAQ,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;YACtC,MAAM,UAAU,GAAG,QAAQ,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YAC1C,IAAI,UAAU,CAAC,SAAS,IAAI,CAAC;gBAAE,SAAS;YACxC,SAAS,IAAI,UAAU,CAAC,SAAS,CAAC;YAClC,OAAO,CAAC,IAAI,CAAC,GAAG,UAAU,CAAC,OAAO,CAAC,CAAC;YACpC,OAAO,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,UAAU,EAAE,MAAM,EAAE,UAAU,CAAC,SAAS,EAAE,CAAC,CAAC;YAC5E,aAAa,CAAC,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC;QAC5C,CAAC;QAED,IAAI,SAAS,KAAK,CAAC;YAAE,OAAO,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACvD,OAAO;YACL,UAAU,EAAE,SAAS,CAAC,OAAO,CAAC;YAC9B,SAAS,EAAE,KAAK,CAAC,SAAS,CAAC;YAC3B,OAAO,EAAE,CAAC,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,CAAC;YAC9B,UAAU,EAAE,aAAa,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI;SAC3E,CAAC;IACJ,CAAC;CACF;AA9BD,0EA8BC"}