@dotsetlabs/tollgate 0.2.0 → 0.2.2

package/README.md

@@ -4,7 +4,7 @@
 
 [![npm version](https://img.shields.io/npm/v/@dotsetlabs/tollgate)](https://www.npmjs.com/package/@dotsetlabs/tollgate)
 [![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](LICENSE)
-[![Tests](https://img.shields.io/badge/tests-699%20passing-brightgreen)](https://github.com/dotsetlabs/tollgate)
+[![CI](https://github.com/dotsetlabs/tollgate/actions/workflows/ci.yml/badge.svg)](https://github.com/dotsetlabs/tollgate/actions/workflows/ci.yml)
 
 Add security to any MCP server in one command. No Docker, no Kubernetes, no cloud accounts — just `npm install`.
 
@@ -168,6 +168,80 @@ Add to your `claude_desktop_config.json`:
 
 ---
 
+## Real-World Threats
+
+MCP security isn't theoretical. In 2025, documented attacks demonstrated why tool-level control matters:
+
+- **CVE-2025-54135 (CurXecute)** — Prompt injection led to arbitrary code execution via MCP config manipulation (CVSS 8.6)
+- **Malicious MCP server attacks** — Supply chain attacks where fake MCP servers secretly BCC'd emails to attackers
+- **RAG system exploitation** — A Fortune 500 breach where prompt injection led to database exfiltration and regulatory fines
+- **43% of MCP servers** tested in security research contained command injection vulnerabilities
+
+Tollgate sits between your AI assistant and MCP servers, analyzing every tool call before execution.
+
+**Threat Model:** AI agents with tool access are a new attack surface. When Claude or Cursor can execute SQL queries, write files, or make API calls, a single prompt injection can become code execution. Tollgate provides the authorization layer that MCP doesn't include.
+
+## Privacy & Trust
+
+Tollgate runs entirely on your machine. No exceptions.
+
+**What Tollgate does:**
+- Proxies MCP tool calls through a local policy engine
+- Stores audit logs locally in SQLite (`~/.tollgate/audit.db`)
+- Prompts for approval when needed (terminal or web UI)
+
+**What Tollgate does NOT do:**
+- No network connections to Dotset Labs or anywhere else
+- No telemetry, analytics, or usage tracking
+- No cloud dependencies or external services
+- No data ever leaves your machine
+
+**Verify it yourself:**
+```bash
+# Check for network connections while Tollgate runs
+lsof -i -P | grep tollgate
+# Output should only show local connections to your MCP servers
+```
+
+Source code: [github.com/dotsetlabs/tollgate](https://github.com/dotsetlabs/tollgate)
+
+See [SECURITY.md](SECURITY.md) for our security policy and responsible disclosure process.
+
+## Platform Support
+
+| Platform | Status | Notes |
+|----------|--------|-------|
+| macOS (arm64/amd64) | ✅ Tested | Primary development platform |
+| Linux (amd64/arm64) | ✅ Tested | Full functionality |
+| Windows | ⚠️ Experimental | Should work, less testing coverage |
+
+**Requirements:**
+- Node.js 20.0.0 or later
+- npm 9.0.0 or later
+
+## Project Status
+
+Tollgate is at **v0.2.x** — the core features are stable and production-ready.
+
+**What's solid:**
+- Policy engine with smart content analyzers
+- SQL, shell, filesystem, HTTP, and prompt injection detection
+- Session-based approval memory
+- Audit logging and export (JSON, CSV, CEF)
+- 25 test files covering core functionality
+
+**What's coming:**
+- Team dashboards (exploring)
+- Additional analyzers for GraphQL, Redis
+- Improved Windows testing
+
+**How to help:**
+- Report analyzer bypasses or false positives via [GitHub Issues](https://github.com/dotsetlabs/tollgate/issues)
+- Contribute custom analyzers
+- Test on Windows and report issues
+
+---
+
 ## Performance
 
 Tollgate adds minimal overhead to MCP operations:
@@ -906,7 +980,7 @@ await bridge.start();
 |-------|------|-------|
 | **Pre-install** | [Hardpoint](https://github.com/dotsetlabs/hardpoint) | Scan dev environment for threats |
 | **At runtime** | **Tollgate** | Control what MCP servers can do |
-| **Continuous** | [Deadfall](https://github.com/dotsetlabs/deadfall) | Monitor activity and detect anomalies |
+| **Detection** | [Deadfall](https://github.com/dotsetlabs/deadfall) | Detect AI compromise with cognitive honeypots |
 
 ---
 

package/dist/analyzers/credential-detector.d.ts

@@ -0,0 +1,62 @@
+/**
+ * Credential Detector
+ *
+ * Detects credentials and secrets in tool output:
+ * - API Keys (OpenAI, Anthropic, AWS, GCP, GitHub, etc.)
+ * - Database connection strings
+ * - Private keys (SSH, PGP, SSL)
+ * - Access tokens
+ * - Passwords in common patterns
+ *
+ * @module analyzers/credential-detector
+ */
+import type { OutputValidationMatch, OutputValidationAction, OutputValidationSeverity } from './output-validation-types.js';
+interface CredentialPattern {
+    name: string;
+    pattern: RegExp;
+    severity: OutputValidationSeverity;
+    replacement: string;
+    description?: string;
+}
+/**
+ * Built-in credential patterns.
+ */
+declare const CREDENTIAL_PATTERNS: CredentialPattern[];
+/**
+ * Detects credentials and secrets in text content.
+ */
+export declare class CredentialDetector {
+    private enabled;
+    private defaultAction;
+    private customPatterns;
+    constructor(enabled?: boolean, defaultAction?: OutputValidationAction);
+    /**
+     * Enable or disable the detector.
+     */
+    setEnabled(enabled: boolean): void;
+    /**
+     * Add a custom pattern.
+     */
+    addPattern(pattern: CredentialPattern): void;
+    /**
+     * Detect all credential matches in content.
+     */
+    detect(content: string): OutputValidationMatch[];
+    /**
+     * Remove overlapping matches, keeping the more specific one.
+     */
+    private deduplicateMatches;
+    /**
+     * Compare severity levels.
+     */
+    private compareSeverity;
+    /**
+     * Apply redactions to content.
+     */
+    applyRedactions(content: string, matches: OutputValidationMatch[]): string;
+}
+/**
+ * Export patterns for testing.
+ */
+export { CREDENTIAL_PATTERNS };
+//# sourceMappingURL=credential-detector.d.ts.map

package/dist/analyzers/credential-detector.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"credential-detector.d.ts","sourceRoot":"","sources":["../../src/analyzers/credential-detector.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,KAAK,EACR,qBAAqB,EACrB,sBAAsB,EACtB,wBAAwB,EAC3B,MAAM,8BAA8B,CAAC;AAOtC,UAAU,iBAAiB;IACvB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,wBAAwB,CAAC;IACnC,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,CAAC;CACxB;AAED;;GAEG;AACH,QAAA,MAAM,mBAAmB,EAAE,iBAAiB,EAqP3C,CAAC;AAMF;;GAEG;AACH,qBAAa,kBAAkB;IAC3B,OAAO,CAAC,OAAO,CAAU;IACzB,OAAO,CAAC,aAAa,CAAyB;IAC9C,OAAO,CAAC,cAAc,CAAsB;gBAGxC,OAAO,GAAE,OAAc,EACvB,aAAa,GAAE,sBAAiC;IAOpD;;OAEG;IACH,UAAU,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI;IAIlC;;OAEG;IACH,UAAU,CAAC,OAAO,EAAE,iBAAiB,GAAG,IAAI;IAI5C;;OAEG;IACH,MAAM,CAAC,OAAO,EAAE,MAAM,GAAG,qBAAqB,EAAE;IAwChD;;OAEG;IACH,OAAO,CAAC,kBAAkB;IA4B1B;;OAEG;IACH,OAAO,CAAC,eAAe;IAUvB;;OAEG;IACH,eAAe,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,qBAAqB,EAAE,GAAG,MAAM;CAoB7E;AAED;;GAEG;AACH,OAAO,EAAE,mBAAmB,EAAE,CAAC"}

package/dist/analyzers/credential-detector.js

@@ -0,0 +1,384 @@
+/**
+ * Credential Detector
+ *
+ * Detects credentials and secrets in tool output:
+ * - API Keys (OpenAI, Anthropic, AWS, GCP, GitHub, etc.)
+ * - Database connection strings
+ * - Private keys (SSH, PGP, SSL)
+ * - Access tokens
+ * - Passwords in common patterns
+ *
+ * @module analyzers/credential-detector
+ */
+import { OUTPUT_VALIDATION_CATEGORIES } from './output-validation-types.js';
+/**
+ * Built-in credential patterns.
+ */
+const CREDENTIAL_PATTERNS = [
+    // -------------------------------------------------------------------------
+    // AI Provider API Keys
+    // -------------------------------------------------------------------------
+    {
+        name: 'OpenAI API Key',
+        pattern: /\bsk-[a-zA-Z0-9]{32,}(?:\b|$)/g,
+        severity: 'critical',
+        replacement: '[OPENAI_KEY REDACTED]',
+        description: 'OpenAI API key',
+    },
+    {
+        name: 'Anthropic API Key',
+        pattern: /\bsk-ant-[a-zA-Z0-9-]{32,}(?:\b|$)/g,
+        severity: 'critical',
+        replacement: '[ANTHROPIC_KEY REDACTED]',
+        description: 'Anthropic API key',
+    },
+    {
+        name: 'Google API Key',
+        pattern: /\bAIza[0-9A-Za-z\-_]{31,}\b/g,
+        severity: 'critical',
+        replacement: '[GOOGLE_KEY REDACTED]',
+        description: 'Google Cloud API key',
+    },
+    // -------------------------------------------------------------------------
+    // GitHub Tokens
+    // -------------------------------------------------------------------------
+    {
+        name: 'GitHub Personal Access Token',
+        pattern: /\bghp_[a-zA-Z0-9]{30,}\b/g,
+        severity: 'critical',
+        replacement: '[GITHUB_PAT REDACTED]',
+        description: 'GitHub personal access token (classic)',
+    },
+    {
+        name: 'GitHub Fine-grained Token',
+        pattern: /\bgithub_pat_[a-zA-Z0-9]{22}_[a-zA-Z0-9]{59}\b/g,
+        severity: 'critical',
+        replacement: '[GITHUB_PAT REDACTED]',
+        description: 'GitHub fine-grained personal access token',
+    },
+    {
+        name: 'GitHub App Token',
+        pattern: /\bghs_[a-zA-Z0-9]{30,}\b/g,
+        severity: 'critical',
+        replacement: '[GITHUB_APP REDACTED]',
+        description: 'GitHub App installation token',
+    },
+    {
+        name: 'GitHub OAuth Token',
+        pattern: /\bgho_[a-zA-Z0-9]{30,}\b/g,
+        severity: 'critical',
+        replacement: '[GITHUB_OAUTH REDACTED]',
+        description: 'GitHub OAuth token',
+    },
+    // -------------------------------------------------------------------------
+    // AWS Credentials
+    // -------------------------------------------------------------------------
+    {
+        name: 'AWS Access Key ID',
+        pattern: /\bAKIA[0-9A-Z]{16}\b/g,
+        severity: 'critical',
+        replacement: '[AWS_KEY REDACTED]',
+        description: 'AWS access key ID',
+    },
+    {
+        name: 'AWS Secret Access Key',
+        pattern: /\baws_secret_access_key\s*[=:]\s*["']?([A-Za-z0-9/+=]{40})["']?\b/gi,
+        severity: 'critical',
+        replacement: '[AWS_SECRET REDACTED]',
+        description: 'AWS secret access key in config',
+    },
+    // -------------------------------------------------------------------------
+    // Private Keys
+    // -------------------------------------------------------------------------
+    {
+        name: 'RSA Private Key',
+        pattern: /-----BEGIN (RSA |EC |DSA |OPENSSH )?PRIVATE KEY-----[\s\S]*?-----END (RSA |EC |DSA |OPENSSH )?PRIVATE KEY-----/g,
+        severity: 'critical',
+        replacement: '[PRIVATE_KEY REDACTED]',
+        description: 'Private key in PEM format',
+    },
+    {
+        name: 'PGP Private Key',
+        pattern: /-----BEGIN PGP PRIVATE KEY BLOCK-----[\s\S]*?-----END PGP PRIVATE KEY BLOCK-----/g,
+        severity: 'critical',
+        replacement: '[PGP_PRIVATE_KEY REDACTED]',
+        description: 'PGP private key block',
+    },
+    // -------------------------------------------------------------------------
+    // Database Connection Strings
+    // -------------------------------------------------------------------------
+    {
+        name: 'MongoDB Connection String',
+        pattern: /mongodb(\+srv)?:\/\/[^:]+:[^@]+@[^\s'"]+/gi,
+        severity: 'critical',
+        replacement: '[MONGODB_URI REDACTED]',
+        description: 'MongoDB connection string with credentials',
+    },
+    {
+        name: 'PostgreSQL Connection String',
+        pattern: /postgres(ql)?:\/\/[^:]+:[^@]+@[^\s'"]+/gi,
+        severity: 'critical',
+        replacement: '[POSTGRES_URI REDACTED]',
+        description: 'PostgreSQL connection string with credentials',
+    },
+    {
+        name: 'MySQL Connection String',
+        pattern: /mysql:\/\/[^:]+:[^@]+@[^\s'"]+/gi,
+        severity: 'critical',
+        replacement: '[MYSQL_URI REDACTED]',
+        description: 'MySQL connection string with credentials',
+    },
+    {
+        name: 'Redis Connection String',
+        pattern: /redis:\/\/[^:]*:[^@]+@[^\s'"]+/gi,
+        severity: 'critical',
+        replacement: '[REDIS_URI REDACTED]',
+        description: 'Redis connection string with credentials',
+    },
+    // -------------------------------------------------------------------------
+    // Generic Secrets
+    // -------------------------------------------------------------------------
+    {
+        name: 'Bearer Token',
+        pattern: /\bBearer\s+[a-zA-Z0-9\-._~+/]+=*\b/gi,
+        severity: 'high',
+        replacement: '[BEARER_TOKEN REDACTED]',
+        description: 'Bearer authentication token',
+    },
+    {
+        name: 'Basic Auth',
+        pattern: /\bBasic\s+[a-zA-Z0-9+/]+=*\b/gi,
+        severity: 'high',
+        replacement: '[BASIC_AUTH REDACTED]',
+        description: 'Basic authentication header',
+    },
+    {
+        name: 'Password Assignment',
+        pattern: /\bpassword\s*[=:]\s*["']([^"']{8,})["']/gi,
+        severity: 'high',
+        replacement: 'password=[PASSWORD REDACTED]',
+        description: 'Password in assignment',
+    },
+    {
+        name: 'API Key Assignment',
+        pattern: /\bapi[_-]?key\s*[=:]\s*["']([^"']{16,})["']/gi,
+        severity: 'high',
+        replacement: 'api_key=[API_KEY REDACTED]',
+        description: 'API key in assignment',
+    },
+    {
+        name: 'Secret Assignment',
+        pattern: /\bsecret[_-]?key?\s*[=:]\s*["']([^"']{16,})["']/gi,
+        severity: 'high',
+        replacement: 'secret=[SECRET REDACTED]',
+        description: 'Secret in assignment',
+    },
+    {
+        name: 'Token Assignment',
+        pattern: /\b(?:access_?)?token\s*[=:]\s*["']([^"']{20,})["']/gi,
+        severity: 'high',
+        replacement: 'token=[TOKEN REDACTED]',
+        description: 'Token in assignment',
+    },
+    // -------------------------------------------------------------------------
+    // Other Service Keys
+    // -------------------------------------------------------------------------
+    {
+        name: 'Stripe API Key',
+        pattern: /\bsk_(?:live|test)_[a-zA-Z0-9]{24,}\b/g,
+        severity: 'critical',
+        replacement: '[STRIPE_KEY REDACTED]',
+        description: 'Stripe API secret key',
+    },
+    {
+        name: 'Stripe Publishable Key',
+        pattern: /\bpk_(?:live|test)_[a-zA-Z0-9]{24,}\b/g,
+        severity: 'medium',
+        replacement: '[STRIPE_PK REDACTED]',
+        description: 'Stripe publishable key',
+    },
+    {
+        name: 'Slack Token',
+        pattern: /\bxox[baprs]-[0-9]{9,12}-[0-9]{9,12}(?:-[a-zA-Z0-9]+)?\b/g,
+        severity: 'critical',
+        replacement: '[SLACK_TOKEN REDACTED]',
+        description: 'Slack API token',
+    },
+    {
+        name: 'Slack Webhook',
+        pattern: /https:\/\/hooks\.slack\.com\/services\/T[A-Z0-9]+\/B[A-Z0-9]+\/[a-zA-Z0-9]+/g,
+        severity: 'high',
+        replacement: '[SLACK_WEBHOOK REDACTED]',
+        description: 'Slack incoming webhook URL',
+    },
+    {
+        name: 'Twilio API Key',
+        pattern: /\bSK[a-z0-9]{32}\b/g,
+        severity: 'critical',
+        replacement: '[TWILIO_KEY REDACTED]',
+        description: 'Twilio API key',
+    },
+    {
+        name: 'SendGrid API Key',
+        pattern: /\bSG\.[a-zA-Z0-9_-]{22}\.[a-zA-Z0-9_-]{43}\b/g,
+        severity: 'critical',
+        replacement: '[SENDGRID_KEY REDACTED]',
+        description: 'SendGrid API key',
+    },
+    {
+        name: 'Mailchimp API Key',
+        pattern: /\b[a-f0-9]{32}-us[0-9]{1,2}\b/g,
+        severity: 'high',
+        replacement: '[MAILCHIMP_KEY REDACTED]',
+        description: 'Mailchimp API key',
+    },
+    {
+        name: 'npm Token',
+        pattern: /\bnpm_[a-zA-Z0-9]{36}\b/g,
+        severity: 'critical',
+        replacement: '[NPM_TOKEN REDACTED]',
+        description: 'npm authentication token',
+    },
+    {
+        name: 'PyPI Token',
+        pattern: /\bpypi-[A-Za-z0-9_-]{32,}\b/g,
+        severity: 'critical',
+        replacement: '[PYPI_TOKEN REDACTED]',
+        description: 'PyPI API token',
+    },
+    {
+        name: 'Discord Token',
+        pattern: /\b[MN][A-Za-z\d]{23,}\.[\w-]{6}\.[\w-]{27}\b/g,
+        severity: 'critical',
+        replacement: '[DISCORD_TOKEN REDACTED]',
+        description: 'Discord bot token',
+    },
+];
+// ============================================================================
+// Credential Detector Class
+// ============================================================================
+/**
+ * Detects credentials and secrets in text content.
+ */
+export class CredentialDetector {
+    enabled;
+    defaultAction;
+    customPatterns;
+    constructor(enabled = true, defaultAction = 'redact') {
+        this.enabled = enabled;
+        this.defaultAction = defaultAction;
+        this.customPatterns = [];
+    }
+    /**
+     * Enable or disable the detector.
+     */
+    setEnabled(enabled) {
+        this.enabled = enabled;
+    }
+    /**
+     * Add a custom pattern.
+     */
+    addPattern(pattern) {
+        this.customPatterns.push(pattern);
+    }
+    /**
+     * Detect all credential matches in content.
+     */
+    detect(content) {
+        if (!this.enabled) {
+            return [];
+        }
+        const matches = [];
+        const allPatterns = [...CREDENTIAL_PATTERNS, ...this.customPatterns];
+        for (const credPattern of allPatterns) {
+            // Reset regex lastIndex
+            credPattern.pattern.lastIndex = 0;
+            let match;
+            while ((match = credPattern.pattern.exec(content)) !== null) {
+                const matchedText = match[0];
+                // Skip very short matches that might be false positives
+                if (matchedText.length < 10) {
+                    continue;
+                }
+                matches.push({
+                    pattern: credPattern.name,
+                    category: OUTPUT_VALIDATION_CATEGORIES.CREDENTIAL,
+                    action: this.defaultAction,
+                    matchedContent: matchedText,
+                    replacement: credPattern.replacement,
+                    position: {
+                        start: match.index,
+                        end: match.index + matchedText.length,
+                    },
+                    severity: credPattern.severity,
+                });
+            }
+        }
+        // Sort by position and remove duplicates (overlapping matches)
+        return this.deduplicateMatches(matches);
+    }
+    /**
+     * Remove overlapping matches, keeping the more specific one.
+     */
+    deduplicateMatches(matches) {
+        if (matches.length <= 1) {
+            return matches;
+        }
+        // Sort by position
+        matches.sort((a, b) => a.position.start - b.position.start);
+        const result = [];
+        let lastEnd = -1;
+        for (const match of matches) {
+            if (match.position.start >= lastEnd) {
+                result.push(match);
+                lastEnd = match.position.end;
+            }
+            else if (match.position.end > lastEnd) {
+                // Overlapping match that extends further - check severity
+                const existing = result[result.length - 1];
+                if (this.compareSeverity(match.severity, existing.severity) > 0) {
+                    result[result.length - 1] = match;
+                    lastEnd = match.position.end;
+                }
+            }
+        }
+        return result;
+    }
+    /**
+     * Compare severity levels.
+     */
+    compareSeverity(a, b) {
+        const order = {
+            low: 0,
+            medium: 1,
+            high: 2,
+            critical: 3,
+        };
+        return order[a] - order[b];
+    }
+    /**
+     * Apply redactions to content.
+     */
+    applyRedactions(content, matches) {
+        if (matches.length === 0) {
+            return content;
+        }
+        // Filter to only redact actions, sort in reverse order
+        const redactMatches = matches
+            .filter(m => m.action === 'redact')
+            .sort((a, b) => b.position.start - a.position.start);
+        let result = content;
+        for (const match of redactMatches) {
+            result =
+                result.slice(0, match.position.start) +
+                    (match.replacement || '[REDACTED]') +
+                    result.slice(match.position.end);
+        }
+        return result;
+    }
+}
+/**
+ * Export patterns for testing.
+ */
+export { CREDENTIAL_PATTERNS };
+//# sourceMappingURL=credential-detector.js.map

package/dist/analyzers/credential-detector.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"credential-detector.js","sourceRoot":"","sources":["../../src/analyzers/credential-detector.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAOH,OAAO,EAAE,4BAA4B,EAAE,MAAM,8BAA8B,CAAC;AAc5E;;GAEG;AACH,MAAM,mBAAmB,GAAwB;IAC7C,4EAA4E;IAC5E,uBAAuB;IACvB,4EAA4E;IAC5E;QACI,IAAI,EAAE,gBAAgB;QACtB,OAAO,EAAE,gCAAgC;QACzC,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,uBAAuB;QACpC,WAAW,EAAE,gBAAgB;KAChC;IACD;QACI,IAAI,EAAE,mBAAmB;QACzB,OAAO,EAAE,qCAAqC;QAC9C,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,0BAA0B;QACvC,WAAW,EAAE,mBAAmB;KACnC;IACD;QACI,IAAI,EAAE,gBAAgB;QACtB,OAAO,EAAE,8BAA8B;QACvC,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,uBAAuB;QACpC,WAAW,EAAE,sBAAsB;KACtC;IAED,4EAA4E;IAC5E,gBAAgB;IAChB,4EAA4E;IAC5E;QACI,IAAI,EAAE,8BAA8B;QACpC,OAAO,EAAE,2BAA2B;QACpC,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,uBAAuB;QACpC,WAAW,EAAE,wCAAwC;KACxD;IACD;QACI,IAAI,EAAE,2BAA2B;QACjC,OAAO,EAAE,iDAAiD;QAC1D,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,uBAAuB;QACpC,WAAW,EAAE,2CAA2C;KAC3D;IACD;QACI,IAAI,EAAE,kBAAkB;QACxB,OAAO,EAAE,2BAA2B;QACpC,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,uBAAuB;QACpC,WAAW,EAAE,+BAA+B;KAC/C;IACD;QACI,IAAI,EAAE,oBAAoB;QAC1B,OAAO,EAAE,2BAA2B;QACpC,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,yBAAyB;QACtC,WAAW,EAAE,oBAAoB;KACpC;IAED,4EAA4E;IAC5E,kBAAkB;IAClB,4EAA4E;IAC5E;QACI,IAAI,EAAE,mBAAmB;QACzB,OAAO,EAAE,uBAAuB;QAChC,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,oBAAoB;QACjC,WAAW,EAAE,mBAAmB;KACnC;IACD;QACI,IAAI,EAAE,uBAAuB;QAC7B,OAAO,EAAE,qEAAqE;QAC9E,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,uBAAuB;QACpC,WAAW,EAAE,iCAAiC;KACjD;IAED,4EAA4E;IAC5E,eAAe;IACf,4EAA4E;IAC5E;QACI,IAAI,EAAE,iBAAiB;QACvB,OAAO,EAAE,iHAAiH;QAC1H,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,wBAAwB;QACrC,WAAW,EAAE,2BAA2B;KAC3C;IACD;QACI,IAAI,EAAE,iBAAiB;QACvB,OAAO,EAAE,mFAAmF;QAC5F,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,4BAA4B;QACzC,WAAW,EAAE,uBAAuB;KACvC;IAED,4EAA4E;IAC5E,8BAA8B;IAC9B,4EAA4E;IAC5E;QACI,IAAI,EAAE,2BAA2B;QACjC,OAAO,EAAE,4CAA4C;QACrD,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,wBAAwB;QACrC,WAAW,EAAE,4CAA4C;KAC5D;IACD;QACI,IAAI,EAAE,8BAA8B;QACpC,OAAO,EAAE,0CAA0C;QACnD,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,yBAAyB;QACtC,WAAW,EAAE,+CAA+C;KAC/D;IACD;QACI,IAAI,EAAE,yBAAyB;QAC/B,OAAO,EAAE,kCAAkC;QAC3C,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,sBAAsB;QACnC,WAAW,EAAE,0CAA0C;KAC1D;IACD;QACI,IAAI,EAAE,yBAAyB;QAC/B,OAAO,EAAE,kCAAkC;QAC3C,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,sBAAsB;QACnC,WAAW,EAAE,0CAA0C;KAC1D;IAED,4EAA4E;IAC5E,kBAAkB;IAClB,4EAA4E;IAC5E;QACI,IAAI,EAAE,cAAc;QACpB,OAAO,EAAE,sCAAsC;QAC/C,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,yBAAyB;QACtC,WAAW,EAAE,6BAA6B;KAC7C;IACD;QACI,IAAI,EAAE,YAAY;QAClB,OAAO,EAAE,gCAAgC;QACzC,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,uBAAuB;QACpC,WAAW,EAAE,6BAA6B;KAC7C;IACD;QACI,IAAI,EAAE,qBAAqB;QAC3B,OAAO,EAAE,2CAA2C;QACpD,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,8BAA8B;QAC3C,WAAW,EAAE,wBAAwB;KACxC;IACD;QACI,IAAI,EAAE,oBAAoB;QAC1B,OAAO,EAAE,+CAA+C;QACxD,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,4BAA4B;QACzC,WAAW,EAAE,uBAAuB;KACvC;IACD;QACI,IAAI,EAAE,mBAAmB;QACzB,OAAO,EAAE,mDAAmD;QAC5D,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,0BAA0B;QACvC,WAAW,EAAE,sBAAsB;KACtC;IACD;QACI,IAAI,EAAE,kBAAkB;QACxB,OAAO,EAAE,sDAAsD;QAC/D,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,wBAAwB;QACrC,WAAW,EAAE,qBAAqB;KACrC;IAED,4EAA4E;IAC5E,qBAAqB;IACrB,4EAA4E;IAC5E;QACI,IAAI,EAAE,gBAAgB;QACtB,OAAO,EAAE,wCAAwC;QACjD,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,uBAAuB;QACpC,WAAW,EAAE,uBAAuB;KACvC;IACD;QACI,IAAI,EAAE,wBAAwB;QAC9B,OAAO,EAAE,wCAAwC;QACjD,QAAQ,EAAE,QAAQ;QAClB,WAAW,EAAE,sBAAsB;QACnC,WAAW,EAAE,wBAAwB;KACxC;IACD;QACI,IAAI,EAAE,aAAa;QACnB,OAAO,EAAE,2DAA2D;QACpE,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,wBAAwB;QACrC,WAAW,EAAE,iBAAiB;KACjC;IACD;QACI,IAAI,EAAE,eAAe;QACrB,OAAO,EAAE,8EAA8E;QACvF,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,0BAA0B;QACvC,WAAW,EAAE,4BAA4B;KAC5C;IACD;QACI,IAAI,EAAE,gBAAgB;QACtB,OAAO,EAAE,qBAAqB;QAC9B,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,uBAAuB;QACpC,WAAW,EAAE,gBAAgB;KAChC;IACD;QACI,IAAI,EAAE,kBAAkB;QACxB,OAAO,EAAE,+CAA+C;QACxD,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,yBAAyB;QACtC,WAAW,EAAE,kBAAkB;KAClC;IACD;QACI,IAAI,EAAE,mBAAmB;QACzB,OAAO,EAAE,gCAAgC;QACzC,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,0BAA0B;QACvC,WAAW,EAAE,mBAAmB;KACnC;IACD;QACI,IAAI,EAAE,WAAW;QACjB,OAAO,EAAE,0BAA0B;QACnC,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,sBAAsB;QACnC,WAAW,EAAE,0BAA0B;KAC1C;IACD;QACI,IAAI,EAAE,YAAY;QAClB,OAAO,EAAE,8BAA8B;QACvC,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,uBAAuB;QACpC,WAAW,EAAE,gBAAgB;KAChC;IACD;QACI,IAAI,EAAE,eAAe;QACrB,OAAO,EAAE,+CAA+C;QACxD,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,0BAA0B;QACvC,WAAW,EAAE,mBAAmB;KACnC;CACJ,CAAC;AAEF,+EAA+E;AAC/E,4BAA4B;AAC5B,+EAA+E;AAE/E;;GAEG;AACH,MAAM,OAAO,kBAAkB;IACnB,OAAO,CAAU;IACjB,aAAa,CAAyB;IACtC,cAAc,CAAsB;IAE5C,YACI,UAAmB,IAAI,EACvB,gBAAwC,QAAQ;QAEhD,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;QACvB,IAAI,CAAC,aAAa,GAAG,aAAa,CAAC;QACnC,IAAI,CAAC,cAAc,GAAG,EAAE,CAAC;IAC7B,CAAC;IAED;;OAEG;IACH,UAAU,CAAC,OAAgB;QACvB,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;IAC3B,CAAC;IAED;;OAEG;IACH,UAAU,CAAC,OAA0B;QACjC,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACtC,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,OAAe;QAClB,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;YAChB,OAAO,EAAE,CAAC;QACd,CAAC;QAED,MAAM,OAAO,GAA4B,EAAE,CAAC;QAC5C,MAAM,WAAW,GAAG,CAAC,GAAG,mBAAmB,EAAE,GAAG,IAAI,CAAC,cAAc,CAAC,CAAC;QAErE,KAAK,MAAM,WAAW,IAAI,WAAW,EAAE,CAAC;YACpC,wBAAwB;YACxB,WAAW,CAAC,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC;YAClC,IAAI,KAA6B,CAAC;YAElC,OAAO,CAAC,KAAK,GAAG,WAAW,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;gBAC1D,MAAM,WAAW,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;gBAE7B,wDAAwD;gBACxD,IAAI,WAAW,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;oBAC1B,SAAS;gBACb,CAAC;gBAED,OAAO,CAAC,IAAI,CAAC;oBACT,OAAO,EAAE,WAAW,CAAC,IAAI;oBACzB,QAAQ,EAAE,4BAA4B,CAAC,UAAU;oBACjD,MAAM,EAAE,IAAI,CAAC,aAAa;oBAC1B,cAAc,EAAE,WAAW;oBAC3B,WAAW,EAAE,WAAW,CAAC,WAAW;oBACpC,QAAQ,EAAE;wBACN,KAAK,EAAE,KAAK,CAAC,KAAK;wBAClB,GAAG,EAAE,KAAK,CAAC,KAAK,GAAG,WAAW,CAAC,MAAM;qBACxC;oBACD,QAAQ,EAAE,WAAW,CAAC,QAAQ;iBACjC,CAAC,CAAC;YACP,CAAC;QACL,CAAC;QAED,+DAA+D;QAC/D,OAAO,IAAI,CAAC,kBAAkB,CAAC,OAAO,CAAC,CAAC;IAC5C,CAAC;IAED;;OAEG;IACK,kBAAkB,CAAC,OAAgC;QACvD,IAAI,OAAO,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;YACtB,OAAO,OAAO,CAAC;QACnB,CAAC;QAED,mBAAmB;QACnB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,GAAG,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;QAE5D,MAAM,MAAM,GAA4B,EAAE,CAAC;QAC3C,IAAI,OAAO,GAAG,CAAC,CAAC,CAAC;QAEjB,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;YAC1B,IAAI,KAAK,CAAC,QAAQ,CAAC,KAAK,IAAI,OAAO,EAAE,CAAC;gBAClC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;gBACnB,OAAO,GAAG,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC;YACjC,CAAC;iBAAM,IAAI,KAAK,CAAC,QAAQ,CAAC,GAAG,GAAG,OAAO,EAAE,CAAC;gBACtC,0DAA0D;gBAC1D,MAAM,QAAQ,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;gBAC3C,IAAI,IAAI,CAAC,eAAe,CAAC,KAAK,CAAC,QAAQ,EAAE,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;oBAC9D,MAAM,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,GAAG,KAAK,CAAC;oBAClC,OAAO,GAAG,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC;gBACjC,CAAC;YACL,CAAC;QACL,CAAC;QAED,OAAO,MAAM,CAAC;IAClB,CAAC;IAED;;OAEG;IACK,eAAe,CAAC,CAA2B,EAAE,CAA2B;QAC5E,MAAM,KAAK,GAA6C;YACpD,GAAG,EAAE,CAAC;YACN,MAAM,EAAE,CAAC;YACT,IAAI,EAAE,CAAC;YACP,QAAQ,EAAE,CAAC;SACd,CAAC;QACF,OAAO,KAAK,CAAC,CAAC,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;IAC/B,CAAC;IAED;;OAEG;IACH,eAAe,CAAC,OAAe,EAAE,OAAgC;QAC7D,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACvB,OAAO,OAAO,CAAC;QACnB,CAAC;QAED,uDAAuD;QACvD,MAAM,aAAa,GAAG,OAAO;aACxB,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,QAAQ,CAAC;aAClC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,GAAG,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;QAEzD,IAAI,MAAM,GAAG,OAAO,CAAC;QACrB,KAAK,MAAM,KAAK,IAAI,aAAa,EAAE,CAAC;YAChC,MAAM;gBACF,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,QAAQ,CAAC,KAAK,CAAC;oBACrC,CAAC,KAAK,CAAC,WAAW,IAAI,YAAY,CAAC;oBACnC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;QACzC,CAAC;QAED,OAAO,MAAM,CAAC;IAClB,CAAC;CACJ;AAED;;GAEG;AACH,OAAO,EAAE,mBAAmB,EAAE,CAAC"}

package/dist/analyzers/enhanced-output-validator.d.ts

@@ -0,0 +1,68 @@
+/**
+ * Enhanced Output Validator
+ *
+ * A configurable output validation system that scans tool responses for:
+ * - PII (SSN, credit cards, phone numbers, etc.)
+ * - Credentials (API keys, tokens, connection strings)
+ * - Prompt injection attempts
+ * - Data exfiltration markers
+ *
+ * Supports multiple actions: block, redact, warn, log.
+ *
+ * @module analyzers/enhanced-output-validator
+ */
+import type { OutputValidationConfig, OutputValidationResult } from './output-validation-types.js';
+import type { AnalysisResult, ContentAnalyzer, AnalyzerContext } from './types.js';
+/**
+ * Enhanced Output Validator that combines PII detection, credential detection,
+ * and injection detection into a single configurable system.
+ */
+export declare class EnhancedOutputValidator implements ContentAnalyzer {
+    readonly name = "enhanced-output-validator";
+    private config;
+    private piiDetector;
+    private credentialDetector;
+    private customPatterns;
+    constructor(config?: Partial<OutputValidationConfig>);
+    /**
+     * Configure the validator with new settings.
+     */
+    configure(config: Partial<OutputValidationConfig>): void;
+    /**
+     * Compile custom patterns from config.
+     */
+    private compileCustomPatterns;
+    /**
+     * Legacy analyze method for compatibility with ContentAnalyzer interface.
+     */
+    analyze(content: string, context?: AnalyzerContext): AnalysisResult;
+    /**
+     * Validate content and optionally transform (redact) it.
+     */
+    validateAndTransform(content: string, _context?: AnalyzerContext): OutputValidationResult;
+    /**
+     * Detect custom patterns from config.
+     */
+    private detectCustomPatterns;
+    /**
+     * Detect injection patterns.
+     */
+    private detectInjection;
+    /**
+     * Deduplicate overlapping matches.
+     */
+    private deduplicateMatches;
+    /**
+     * Determine if a new match should replace an existing overlapping one.
+     */
+    private shouldReplace;
+    /**
+     * Apply redactions to content.
+     */
+    private applyRedactions;
+}
+/**
+ * Create an enhanced output validator instance.
+ */
+export declare function createEnhancedOutputValidator(config?: Partial<OutputValidationConfig>): EnhancedOutputValidator;
+//# sourceMappingURL=enhanced-output-validator.d.ts.map

package/dist/analyzers/enhanced-output-validator.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"enhanced-output-validator.d.ts","sourceRoot":"","sources":["../../src/analyzers/enhanced-output-validator.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,KAAK,EACR,sBAAsB,EACtB,sBAAsB,EAGzB,MAAM,8BAA8B,CAAC;AAOtC,OAAO,KAAK,EAAE,cAAc,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAMnF;;;GAGG;AACH,qBAAa,uBAAwB,YAAW,eAAe;IAC3D,QAAQ,CAAC,IAAI,+BAA+B;IAE5C,OAAO,CAAC,MAAM,CAAyB;IACvC,OAAO,CAAC,WAAW,CAAc;IACjC,OAAO,CAAC,kBAAkB,CAAqB;IAC/C,OAAO,CAAC,cAAc,CAAsB;gBAEhC,MAAM,CAAC,EAAE,OAAO,CAAC,sBAAsB,CAAC;IAapD;;OAEG;IACH,SAAS,CAAC,MAAM,EAAE,OAAO,CAAC,sBAAsB,CAAC,GAAG,IAAI;IAOxD;;OAEG;IACH,OAAO,CAAC,qBAAqB;IAW7B;;OAEG;IACH,OAAO,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,eAAe,GAAG,cAAc;IA0CnE;;OAEG;IACH,oBAAoB,CAChB,OAAO,EAAE,MAAM,EACf,QAAQ,CAAC,EAAE,eAAe,GAC3B,sBAAsB;IA6EzB;;OAEG;IACH,OAAO,CAAC,oBAAoB;IA+B5B;;OAEG;IACH,OAAO,CAAC,eAAe;IAkFvB;;OAEG;IACH,OAAO,CAAC,kBAAkB;IAsB1B;;OAEG;IACH,OAAO,CAAC,aAAa;IA4BrB;;OAEG;IACH,OAAO,CAAC,eAAe;CAmB1B;AAED;;GAEG;AACH,wBAAgB,6BAA6B,CACzC,MAAM,CAAC,EAAE,OAAO,CAAC,sBAAsB,CAAC,GACzC,uBAAuB,CAEzB"}