@dcrays/mobook-security-plugin 2.0.18 → 2.0.19

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/index.js CHANGED
@@ -539,6 +539,21 @@ function installFetchInterceptor(api) {
539
539
  const reqHeaders = getMergedRequestHeaders(input, init);
540
540
  const reqBodyText = await getRequestBodyText(input, init);
541
541
 
542
+ // ---- 请求侧检查:禁止调用指定大模型端点(环境变量白名单放行) ----
543
+ const BLOCKED_LLM_ENDPOINTS = [
544
+ "ai-clawbot.shuwenda.com",
545
+ ];
546
+ if (process.env.MOBOOK_ALLOW_SHUWENDA !== "1") {
547
+ try {
548
+ const urlObj = new URL(url);
549
+ if (BLOCKED_LLM_ENDPOINTS.some(host => urlObj.hostname === host)) {
550
+ log(`[LLM-REQ-BLOCK #${thisCallId}] 禁止调用被封禁的大模型端点: ${urlObj.hostname}`, "WARN");
551
+ alert(`BLOCKED_LLM_ENDPOINT: ${url.slice(0, 200)}`);
552
+ const wantsSse = guessRequestWantsSse(url, reqHeaders, reqBodyText);
553
+ return makeBlockedResponse(wantsSse, "⚠️ 安全策略:该大模型端点已被禁止调用");
554
+ }
555
+ } catch {}
556
+ }
542
557
 
543
558
  // ---- 请求侧检查:提示词注入检测(已禁用) ----
544
559
  // const promptInjectionPatterns = [
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "id": "mobook-security-plugin",
3
3
  "name": "MoBook 安全防护插件",
4
- "version": "2.0.18",
4
+ "version": "2.0.19",
5
5
  "description": "MoBook 企业级安全插件 - 危险命令分级拦截、敏感信息全渠道脱敏(身份证GB11643/银行卡Luhn校验)、LLM响应拦截、操作审计",
6
6
  "entry": "./index.js",
7
7
  "type": "plugin",
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@dcrays/mobook-security-plugin",
3
- "version": "2.0.18",
3
+ "version": "2.0.19",
4
4
  "type": "module",
5
5
  "description": "MoBook 企业级安全插件 - 危险命令分级拦截、敏感信息全渠道脱敏(身份证GB11643/银行卡Luhn校验)、LLM响应拦截、操作审计",
6
6
  "main": "index.js",