@guardcore/core 1.0.0

package/dist/chunk-I634N6VV.js

@@ -0,0 +1,1099 @@
+import {
+  __require
+} from "./chunk-DGUM43GV.js";
+
+// src/detection-engine/preprocessor.ts
+var ATTACK_INDICATORS = [
+  /<script/i,
+  /javascript:/i,
+  /on\w+=/i,
+  /SELECT\s+.{0,50}?\s+FROM/i,
+  /UNION\s+SELECT/i,
+  /\.\.\//,
+  /eval\s*\(/i,
+  /exec\s*\(/i,
+  /system\s*\(/i,
+  /<\?php/i,
+  /<%%/,
+  /\{\{/,
+  /\{%/,
+  /<iframe/i,
+  /<object/i,
+  /<embed/i,
+  /onerror\s*=/i,
+  /onload\s*=/i,
+  /\$\{/,
+  /\\x[0-9a-fA-F]{2}/,
+  /%[0-9a-fA-F]{2}/
+];
+var LOOKALIKES = {
+  "\u2044": "/",
+  "\uFF0F": "/",
+  "\u29F8": "/",
+  "\u0130": "I",
+  "\u0131": "i",
+  "\u200B": "",
+  "\u200C": "",
+  "\u200D": "",
+  "\uFEFF": "",
+  "\xAD": "",
+  "\u034F": "",
+  "\u180E": "",
+  "\u2028": "\n",
+  "\u2029": "\n",
+  "\uE000": "",
+  "\uFFF0": "",
+  "\u01C0": "|",
+  "\u037E": ";",
+  "\u2215": "/",
+  "\u2216": "\\",
+  "\uFF1C": "<",
+  "\uFF1E": ">"
+};
+var CONTROL_CHARS_RE = /[\x00-\x08\x0b\x0c\x0e-\x1f]/g;
+var ContentPreprocessor = class {
+  maxContentLength;
+  preserveAttackPatterns;
+  constructor(maxContentLength = 1e4, preserveAttackPatterns = true) {
+    this.maxContentLength = maxContentLength;
+    this.preserveAttackPatterns = preserveAttackPatterns;
+  }
+  normalizeUnicode(content) {
+    let normalized = content.normalize("NFKC");
+    for (const [char, replacement] of Object.entries(LOOKALIKES)) {
+      normalized = normalized.replaceAll(char, replacement);
+    }
+    return normalized;
+  }
+  removeNullBytes(content) {
+    return content.replace(/\x00/g, "").replace(CONTROL_CHARS_RE, "");
+  }
+  removeExcessiveWhitespace(content) {
+    return content.replace(/\s+/g, " ").trim();
+  }
+  decodeCommonEncodings(content) {
+    const maxIterations = 3;
+    let current = content;
+    for (let i = 0; i < maxIterations; i++) {
+      const original = current;
+      try {
+        const decoded = decodeURIComponent(current);
+        if (decoded !== current) current = decoded;
+      } catch {
+      }
+      try {
+        current = this.decodeHtmlEntities(current);
+      } catch {
+      }
+      if (current === original) break;
+    }
+    return current;
+  }
+  decodeHtmlEntities(content) {
+    const entityMap = {
+      "&amp;": "&",
+      "&lt;": "<",
+      "&gt;": ">",
+      "&quot;": '"',
+      "&#39;": "'",
+      "&apos;": "'",
+      "&#x27;": "'",
+      "&#x2F;": "/",
+      "&#47;": "/",
+      "&nbsp;": " "
+    };
+    let result = content;
+    for (const [entity, char] of Object.entries(entityMap)) {
+      result = result.replaceAll(entity, char);
+    }
+    result = result.replace(
+      /&#x([0-9a-fA-F]+);/g,
+      (_, hex) => String.fromCharCode(parseInt(hex, 16))
+    );
+    result = result.replace(
+      /&#(\d+);/g,
+      (_, dec) => String.fromCharCode(parseInt(dec, 10))
+    );
+    return result;
+  }
+  extractAttackRegions(content) {
+    const maxRegions = Math.min(100, Math.floor(this.maxContentLength / 100));
+    const regions = [];
+    for (const indicator of ATTACK_INDICATORS) {
+      const regex = new RegExp(indicator.source, indicator.flags + "g");
+      let match;
+      while ((match = regex.exec(content)) !== null) {
+        if (regions.length >= maxRegions) break;
+        const start = Math.max(0, match.index - 100);
+        const end = Math.min(content.length, match.index + match[0].length + 100);
+        regions.push([start, end]);
+      }
+      if (regions.length >= maxRegions) break;
+    }
+    if (regions.length === 0) return [];
+    regions.sort((a, b) => a[0] - b[0]);
+    const merged = [regions[0]];
+    for (let i = 1; i < regions.length; i++) {
+      const [start, end] = regions[i];
+      const last = merged[merged.length - 1];
+      if (start <= last[1]) {
+        last[1] = Math.max(last[1], end);
+      } else {
+        merged.push([start, end]);
+      }
+    }
+    return merged.slice(0, maxRegions);
+  }
+  truncateSafely(content) {
+    if (content.length <= this.maxContentLength) return content;
+    if (!this.preserveAttackPatterns) return content.slice(0, this.maxContentLength);
+    const attackRegions = this.extractAttackRegions(content);
+    if (attackRegions.length === 0) return content.slice(0, this.maxContentLength);
+    const attackLength = attackRegions.reduce((sum, [s, e]) => sum + (e - s), 0);
+    if (attackLength >= this.maxContentLength) {
+      let result = "";
+      let remaining2 = this.maxContentLength;
+      for (const [start, end] of attackRegions) {
+        const chunkLen = Math.min(end - start, remaining2);
+        result += content.slice(start, start + chunkLen);
+        remaining2 -= chunkLen;
+        if (remaining2 <= 0) break;
+      }
+      return result;
+    }
+    const parts = [];
+    for (const [start, end] of attackRegions) {
+      parts.push(content.slice(start, end));
+    }
+    let remaining = this.maxContentLength - attackLength;
+    let lastEnd = 0;
+    const contextParts = [];
+    for (const [start, end] of attackRegions) {
+      if (lastEnd < start && remaining > 0) {
+        const chunkLen = Math.min(start - lastEnd, remaining);
+        contextParts.push(content.slice(lastEnd, lastEnd + chunkLen));
+        remaining -= chunkLen;
+      }
+      lastEnd = end;
+    }
+    return [...contextParts, ...parts].join("");
+  }
+  async preprocess(content) {
+    if (!content) return "";
+    let result = this.normalizeUnicode(content);
+    result = this.decodeCommonEncodings(result);
+    result = this.removeNullBytes(result);
+    result = this.removeExcessiveWhitespace(result);
+    result = this.truncateSafely(result);
+    return result;
+  }
+  async preprocessBatch(contents) {
+    return Promise.all(contents.map((c) => this.preprocess(c)));
+  }
+};
+
+// src/detection-engine/compiler.ts
+var DANGEROUS_PATTERNS = [
+  /\(\.\*\)\+/,
+  /\(\.\+\)\+/,
+  /\([^)]*\*\)\+/,
+  /\([^)]*\+\)\+/,
+  /(?:\.\*){2,}/,
+  /(?:\.\+){2,}/
+];
+var DEFAULT_TEST_STRINGS = [
+  "a".repeat(10),
+  "a".repeat(100),
+  "a".repeat(1e3),
+  "x".repeat(50) + "y".repeat(50),
+  "<".repeat(100) + ">".repeat(100)
+];
+var RE2Ctor = null;
+async function loadRE2() {
+  if (RE2Ctor) return RE2Ctor;
+  try {
+    const mod = await import("re2-wasm");
+    RE2Ctor = mod.RE2 ?? mod.default?.RE2 ?? mod.default;
+    return RE2Ctor;
+  } catch {
+    return null;
+  }
+}
+var PatternCompiler = class {
+  constructor(defaultTimeoutMs = 2e3, maxCacheSize = 1e3) {
+    this.defaultTimeoutMs = defaultTimeoutMs;
+    this.maxCacheSize = maxCacheSize;
+    this.maxCacheSize = Math.min(maxCacheSize, 5e3);
+  }
+  cache = /* @__PURE__ */ new Map();
+  cacheOrder = [];
+  re2Available = null;
+  async ensureRE2() {
+    if (this.re2Available !== null) return this.re2Available;
+    const ctor = await loadRE2();
+    this.re2Available = ctor !== null;
+    return this.re2Available;
+  }
+  async compile(pattern, flags = "gi") {
+    const key = `${pattern}:${flags}`;
+    if (this.cache.has(key)) {
+      const idx = this.cacheOrder.indexOf(key);
+      if (idx !== -1) {
+        this.cacheOrder.splice(idx, 1);
+        this.cacheOrder.push(key);
+      }
+      return this.cache.get(key);
+    }
+    if (this.cache.size >= this.maxCacheSize) {
+      const oldest = this.cacheOrder.shift();
+      if (oldest) this.cache.delete(oldest);
+    }
+    let compiled;
+    if (await this.ensureRE2()) {
+      try {
+        compiled = new RE2Ctor(pattern, flags);
+      } catch {
+        compiled = new RegExp(pattern, flags);
+      }
+    } else {
+      compiled = new RegExp(pattern, flags);
+    }
+    this.cache.set(key, compiled);
+    this.cacheOrder.push(key);
+    return compiled;
+  }
+  compileSync(pattern, flags = "gi") {
+    return new RegExp(pattern, flags);
+  }
+  async safeMatch(pattern, content, timeoutMs) {
+    try {
+      const compiled = await this.compile(pattern);
+      return compiled.exec(content);
+    } catch {
+      return this.fallbackMatch(pattern, content, timeoutMs ?? this.defaultTimeoutMs);
+    }
+  }
+  async fallbackMatch(pattern, content, timeoutMs) {
+    try {
+      const { Worker } = await import("worker_threads");
+      return new Promise((resolve) => {
+        const workerCode = `
+          const { parentPort, workerData } = require('node:worker_threads');
+          try {
+            const re = new RegExp(workerData.pattern, workerData.flags);
+            const result = re.exec(workerData.content);
+            parentPort.postMessage({ result });
+          } catch (e) {
+            parentPort.postMessage({ result: null });
+          }
+        `;
+        const worker = new Worker(workerCode, {
+          eval: true,
+          workerData: { pattern, content, flags: "gi" }
+        });
+        const timer = setTimeout(() => {
+          worker.terminate();
+          resolve(null);
+        }, timeoutMs);
+        worker.on("message", (msg) => {
+          clearTimeout(timer);
+          worker.terminate();
+          resolve(msg.result);
+        });
+        worker.on("error", () => {
+          clearTimeout(timer);
+          worker.terminate();
+          resolve(null);
+        });
+      });
+    } catch {
+      try {
+        const re = new RegExp(pattern, "gi");
+        return re.exec(content);
+      } catch {
+        return null;
+      }
+    }
+  }
+  validatePatternSafety(pattern, testStrings) {
+    for (const dangerous of DANGEROUS_PATTERNS) {
+      if (dangerous.test(pattern)) {
+        return [false, `Pattern contains dangerous construct: ${dangerous.source}`];
+      }
+    }
+    const strings = testStrings ?? DEFAULT_TEST_STRINGS;
+    try {
+      const compiled = this.compileSync(pattern);
+      for (const testStr of strings) {
+        const start = performance.now();
+        compiled.exec(testStr);
+        const elapsed = performance.now() - start;
+        if (elapsed > 50) {
+          return [false, `Pattern timed out on test string of length ${testStr.length}`];
+        }
+      }
+    } catch (e) {
+      return [false, `Pattern validation failed: ${String(e)}`];
+    }
+    return [true, "Pattern appears safe"];
+  }
+  async batchCompile(patterns, validate = true) {
+    const compiled = /* @__PURE__ */ new Map();
+    for (const pattern of patterns) {
+      if (validate) {
+        const [isSafe] = this.validatePatternSafety(pattern);
+        if (!isSafe) continue;
+      }
+      try {
+        compiled.set(pattern, await this.compile(pattern));
+      } catch {
+        continue;
+      }
+    }
+    return compiled;
+  }
+  async clearCache() {
+    this.cache.clear();
+    this.cacheOrder = [];
+  }
+};
+
+// src/detection-engine/monitor.ts
+var MAX_RECENT_TIMES = 100;
+var MAX_PATTERN_LENGTH = 100;
+var MIN_SAMPLES_FOR_STATS = 10;
+function mean(values) {
+  if (values.length === 0) return 0;
+  return values.reduce((a, b) => a + b, 0) / values.length;
+}
+function stdev(values) {
+  if (values.length <= 1) return 0;
+  const avg = mean(values);
+  const squareDiffs = values.map((v) => (v - avg) ** 2);
+  return Math.sqrt(squareDiffs.reduce((a, b) => a + b, 0) / (values.length - 1));
+}
+function truncatePattern(pattern) {
+  return pattern.length > 50 ? pattern.slice(0, 50) + "..." : pattern;
+}
+function patternHash(pattern) {
+  let hash = 0;
+  for (let i = 0; i < pattern.length; i++) {
+    hash = (hash << 5) - hash + pattern.charCodeAt(i);
+    hash |= 0;
+  }
+  return String(hash).slice(0, 8);
+}
+var PerformanceMonitor = class {
+  anomalyThreshold;
+  slowPatternThreshold;
+  historySize;
+  maxTrackedPatterns;
+  patternStats = /* @__PURE__ */ new Map();
+  recentMetrics = [];
+  anomalyCallbacks = [];
+  constructor(anomalyThreshold = 3, slowPatternThreshold = 0.1, historySize = 1e3, maxTrackedPatterns = 1e3) {
+    this.anomalyThreshold = Math.max(1, Math.min(10, anomalyThreshold));
+    this.slowPatternThreshold = Math.max(0.01, Math.min(10, slowPatternThreshold));
+    this.historySize = Math.max(100, Math.min(1e4, historySize));
+    this.maxTrackedPatterns = Math.max(100, Math.min(5e3, maxTrackedPatterns));
+  }
+  async recordMetric(pattern, executionTime, contentLength, matched, timeout = false, agentHandler = null, correlationId = null) {
+    let truncatedPattern = pattern;
+    if (pattern.length > MAX_PATTERN_LENGTH) {
+      truncatedPattern = pattern.slice(0, MAX_PATTERN_LENGTH) + "...[truncated]";
+    }
+    executionTime = Math.max(0, executionTime);
+    contentLength = Math.max(0, contentLength);
+    const metric = {
+      pattern: truncatedPattern,
+      executionTime,
+      contentLength,
+      timestamp: /* @__PURE__ */ new Date(),
+      matched,
+      timeout
+    };
+    this.recentMetrics.push(metric);
+    if (this.recentMetrics.length > this.historySize) {
+      this.recentMetrics.shift();
+    }
+    if (!this.patternStats.has(truncatedPattern)) {
+      if (this.patternStats.size >= this.maxTrackedPatterns) {
+        const oldestKey = this.patternStats.keys().next().value;
+        this.patternStats.delete(oldestKey);
+      }
+      this.patternStats.set(truncatedPattern, {
+        pattern: truncatedPattern,
+        totalExecutions: 0,
+        totalMatches: 0,
+        totalTimeouts: 0,
+        avgExecutionTime: 0,
+        maxExecutionTime: 0,
+        minExecutionTime: Infinity,
+        recentTimes: []
+      });
+    }
+    const stats = this.patternStats.get(truncatedPattern);
+    stats.totalExecutions++;
+    if (matched) stats.totalMatches++;
+    if (timeout) stats.totalTimeouts++;
+    if (!timeout) {
+      stats.recentTimes.push(executionTime);
+      if (stats.recentTimes.length > MAX_RECENT_TIMES) {
+        stats.recentTimes.shift();
+      }
+      stats.maxExecutionTime = Math.max(stats.maxExecutionTime, executionTime);
+      stats.minExecutionTime = Math.min(stats.minExecutionTime, executionTime);
+      if (stats.recentTimes.length > 0) {
+        stats.avgExecutionTime = mean(stats.recentTimes);
+      }
+    }
+    await this.checkAnomalies(metric, agentHandler, correlationId);
+  }
+  async checkAnomalies(metric, agentHandler, correlationId) {
+    const anomalies = [];
+    if (metric.timeout) {
+      anomalies.push({
+        type: "timeout",
+        pattern: metric.pattern,
+        contentLength: metric.contentLength
+      });
+    } else if (metric.executionTime > this.slowPatternThreshold) {
+      anomalies.push({
+        type: "slow_execution",
+        pattern: metric.pattern,
+        executionTime: metric.executionTime,
+        contentLength: metric.contentLength
+      });
+    }
+    const stats = this.patternStats.get(metric.pattern);
+    if (stats && stats.recentTimes.length >= MIN_SAMPLES_FOR_STATS) {
+      const avgTime = mean(stats.recentTimes);
+      const stdTime = stdev(stats.recentTimes);
+      if (stdTime > 0) {
+        const zScore = (metric.executionTime - avgTime) / stdTime;
+        if (Math.abs(zScore) > this.anomalyThreshold) {
+          anomalies.push({
+            type: "statistical_anomaly",
+            pattern: metric.pattern,
+            executionTime: metric.executionTime,
+            zScore,
+            avgTime,
+            stdTime
+          });
+        }
+      }
+    }
+    if (agentHandler) {
+      for (const anomaly of anomalies) {
+        try {
+          await agentHandler.sendEvent({
+            timestamp: /* @__PURE__ */ new Date(),
+            eventType: `pattern_anomaly_${anomaly["type"]}`,
+            ipAddress: "system",
+            actionTaken: "anomaly_detected",
+            reason: `Pattern performance anomaly: ${anomaly["type"]}`,
+            metadata: { component: "PerformanceMonitor", correlationId, ...anomaly }
+          });
+        } catch {
+        }
+      }
+    }
+    for (const anomaly of anomalies) {
+      const safe = { ...anomaly };
+      if (typeof safe["pattern"] === "string") {
+        safe["pattern"] = truncatePattern(safe["pattern"]);
+        safe["patternHash"] = patternHash(anomaly["pattern"]);
+      }
+      for (const callback of this.anomalyCallbacks) {
+        try {
+          callback(safe);
+        } catch {
+        }
+      }
+    }
+  }
+  getPatternReport(pattern) {
+    let key = pattern;
+    if (key.length > MAX_PATTERN_LENGTH) {
+      key = key.slice(0, MAX_PATTERN_LENGTH) + "...[truncated]";
+    }
+    const stats = this.patternStats.get(key);
+    if (!stats) return null;
+    return {
+      pattern: truncatePattern(key),
+      patternHash: patternHash(key),
+      totalExecutions: stats.totalExecutions,
+      totalMatches: stats.totalMatches,
+      totalTimeouts: stats.totalTimeouts,
+      matchRate: stats.totalMatches / Math.max(stats.totalExecutions, 1),
+      timeoutRate: stats.totalTimeouts / Math.max(stats.totalExecutions, 1),
+      avgExecutionTime: Math.round(stats.avgExecutionTime * 1e4) / 1e4,
+      maxExecutionTime: Math.round(stats.maxExecutionTime * 1e4) / 1e4,
+      minExecutionTime: Math.round(
+        (stats.minExecutionTime === Infinity ? 0 : stats.minExecutionTime) * 1e4
+      ) / 1e4
+    };
+  }
+  getSlowPatterns(limit = 10) {
+    const entries = [...this.patternStats.entries()].filter(([, s]) => s.recentTimes.length > 0).sort(([, a], [, b]) => b.avgExecutionTime - a.avgExecutionTime).slice(0, limit);
+    const reports = [];
+    for (const [pattern] of entries) {
+      const report = this.getPatternReport(pattern);
+      if (report) reports.push(report);
+    }
+    return reports;
+  }
+  getProblematicPatterns() {
+    const problematic = [];
+    for (const [pattern, stats] of this.patternStats) {
+      if (stats.totalExecutions === 0) continue;
+      const timeoutRate = stats.totalTimeouts / stats.totalExecutions;
+      if (timeoutRate > 0.1) {
+        const report = this.getPatternReport(pattern);
+        if (report) {
+          report.issue = "high_timeout_rate";
+          problematic.push(report);
+        }
+      } else if (stats.avgExecutionTime > this.slowPatternThreshold) {
+        const report = this.getPatternReport(pattern);
+        if (report) {
+          report.issue = "consistently_slow";
+          problematic.push(report);
+        }
+      }
+    }
+    return problematic;
+  }
+  getSummaryStats() {
+    if (this.recentMetrics.length === 0) {
+      return { totalExecutions: 0, avgExecutionTime: 0, timeoutRate: 0, matchRate: 0 };
+    }
+    const recentTimes = this.recentMetrics.filter((m) => !m.timeout).map((m) => m.executionTime);
+    const timeouts = this.recentMetrics.filter((m) => m.timeout).length;
+    const matches = this.recentMetrics.filter((m) => m.matched).length;
+    const total = this.recentMetrics.length;
+    return {
+      totalExecutions: total,
+      avgExecutionTime: recentTimes.length > 0 ? mean(recentTimes) : 0,
+      maxExecutionTime: recentTimes.length > 0 ? Math.max(...recentTimes) : 0,
+      minExecutionTime: recentTimes.length > 0 ? Math.min(...recentTimes) : 0,
+      timeoutRate: timeouts / total,
+      matchRate: matches / total,
+      totalPatterns: this.patternStats.size
+    };
+  }
+  registerAnomalyCallback(callback) {
+    this.anomalyCallbacks.push(callback);
+  }
+  async clearStats() {
+    this.patternStats.clear();
+    this.recentMetrics = [];
+  }
+  async removePatternStats(pattern) {
+    this.patternStats.delete(pattern);
+  }
+};
+
+// src/detection-engine/semantic.ts
+var ATTACK_KEYWORDS = {
+  xss: /* @__PURE__ */ new Set([
+    "script",
+    "javascript",
+    "onerror",
+    "onload",
+    "onclick",
+    "onmouseover",
+    "alert",
+    "eval",
+    "document",
+    "cookie",
+    "window",
+    "location"
+  ]),
+  sql: /* @__PURE__ */ new Set([
+    "select",
+    "union",
+    "insert",
+    "update",
+    "delete",
+    "drop",
+    "from",
+    "where",
+    "order",
+    "group",
+    "having",
+    "concat",
+    "substring",
+    "database",
+    "table",
+    "column"
+  ]),
+  command: /* @__PURE__ */ new Set([
+    "exec",
+    "system",
+    "shell",
+    "cmd",
+    "bash",
+    "powershell",
+    "wget",
+    "curl",
+    "nc",
+    "netcat",
+    "chmod",
+    "chown",
+    "sudo",
+    "passwd"
+  ]),
+  path: /* @__PURE__ */ new Set(["etc", "passwd", "shadow", "hosts", "proc", "boot", "win", "ini"]),
+  template: /* @__PURE__ */ new Set([
+    "render",
+    "template",
+    "jinja",
+    "mustache",
+    "handlebars",
+    "ejs",
+    "pug",
+    "twig"
+  ])
+};
+var ATTACK_STRUCTURES = {
+  tag_like: /<[^>]+>/gi,
+  function_call: /\w+\s*\([^)]*\)/gi,
+  command_chain: /[;&|]{1,2}/g,
+  path_traversal: /\.{2,}[/\\]/g,
+  url_pattern: /[a-z]+:\/\//gi
+};
+var PATTERN_CHECKS = {
+  xss: [/<[^>]+>/g, ""],
+  sql: [/\b(?:union|select|from|where)\b/gi, ""],
+  command: [/[;&|]/g, ""],
+  path: [/\.{2,}[/\\]/g, ""]
+};
+var INJECTION_KEYWORDS = ["eval", "exec", "compile", "__import__", "globals", "locals"];
+var MAX_CONTENT_LENGTH = 5e4;
+var MAX_TOKENS = 1e3;
+var MAX_ENTROPY_LENGTH = 1e4;
+var MAX_SCAN_LENGTH = 1e4;
+var MAX_AST_LENGTH = 1e3;
+var SemanticAnalyzer = class {
+  extractTokens(content) {
+    let truncated = content;
+    if (truncated.length > MAX_CONTENT_LENGTH) {
+      truncated = truncated.slice(0, MAX_CONTENT_LENGTH);
+    }
+    truncated = truncated.replace(/\s+/g, " ");
+    const wordTokens = (truncated.toLowerCase().match(/\b\w+\b/g) ?? []).slice(0, MAX_TOKENS);
+    const specialPatterns = [];
+    for (const [, regex] of Object.entries(ATTACK_STRUCTURES)) {
+      const re = new RegExp(regex.source, regex.flags);
+      let match;
+      while ((match = re.exec(truncated)) !== null && specialPatterns.length < 50) {
+        specialPatterns.push(match[0]);
+      }
+      if (specialPatterns.length >= 50) break;
+    }
+    return [...wordTokens, ...specialPatterns].slice(0, MAX_TOKENS);
+  }
+  calculateEntropy(content) {
+    if (!content) return 0;
+    const truncated = content.length > MAX_ENTROPY_LENGTH ? content.slice(0, MAX_ENTROPY_LENGTH) : content;
+    const counts = /* @__PURE__ */ new Map();
+    for (const char of truncated) {
+      counts.set(char, (counts.get(char) ?? 0) + 1);
+    }
+    const length = truncated.length;
+    let entropy = 0;
+    for (const count of counts.values()) {
+      const probability = count / length;
+      if (probability > 0) {
+        entropy -= probability * Math.log2(probability);
+      }
+    }
+    return entropy;
+  }
+  detectEncodingLayers(content) {
+    const truncated = content.length > MAX_SCAN_LENGTH ? content.slice(0, MAX_SCAN_LENGTH) : content;
+    let layers = 0;
+    if (/%[0-9a-fA-F]{2}/.test(truncated)) layers++;
+    if (/[A-Za-z0-9+/]{4,}={0,2}/.test(truncated)) layers++;
+    if (/(?:0x)?[0-9a-fA-F]{4,}/.test(truncated)) layers++;
+    if (/\\u[0-9a-fA-F]{4}/.test(truncated)) layers++;
+    if (/&[#\w]+;/.test(truncated)) layers++;
+    return layers;
+  }
+  analyzeAttackProbability(content) {
+    const tokens = this.extractTokens(content);
+    const tokenSet = new Set(tokens);
+    const probabilities = {};
+    for (const [attackType, keywords] of Object.entries(ATTACK_KEYWORDS)) {
+      let matches = 0;
+      for (const token of tokenSet) {
+        if (keywords.has(token)) matches++;
+      }
+      const baseScore = keywords.size > 0 ? matches / keywords.size : 0;
+      let patternBoost = 0;
+      const check = PATTERN_CHECKS[attackType];
+      if (check) {
+        const [re] = check;
+        if (new RegExp(re.source, re.flags).test(content)) {
+          patternBoost = 0.3;
+        }
+      }
+      probabilities[attackType] = Math.min(baseScore + patternBoost, 1);
+    }
+    return probabilities;
+  }
+  detectObfuscation(content) {
+    if (this.calculateEntropy(content) > 4.5) return true;
+    if (this.detectEncodingLayers(content) > 2) return true;
+    const specialChars = (content.match(/[^a-zA-Z0-9\s]/g) ?? []).length;
+    if (specialChars / Math.max(content.length, 1) > 0.4) return true;
+    if (/\S{100,}/.test(content)) return true;
+    return false;
+  }
+  extractSuspiciousPatterns(content) {
+    const patterns = [];
+    for (const [name, regex] of Object.entries(ATTACK_STRUCTURES)) {
+      const re = new RegExp(regex.source, regex.flags);
+      let match;
+      while ((match = re.exec(content)) !== null) {
+        const contextStart = Math.max(0, match.index - 20);
+        const contextEnd = Math.min(content.length, match.index + match[0].length + 20);
+        patterns.push({
+          type: name,
+          pattern: match[0],
+          position: match.index,
+          context: content.slice(contextStart, contextEnd)
+        });
+      }
+    }
+    return patterns;
+  }
+  analyzeCodeInjectionRisk(content) {
+    let riskScore = 0;
+    if (/[{}].*[{}]/.test(content)) riskScore += 0.2;
+    if (/\w+\s*\([^)]*\)/.test(content)) riskScore += 0.2;
+    if (/[$@]\w+/.test(content)) riskScore += 0.1;
+    if (/[=+\-*/]{2,}/.test(content)) riskScore += 0.1;
+    if (content.length <= MAX_AST_LENGTH) {
+      try {
+        const acorn = __require("acorn");
+        acorn.parse(content, { ecmaVersion: "latest", sourceType: "module" });
+        riskScore += 0.3;
+      } catch {
+      }
+    }
+    for (const keyword of INJECTION_KEYWORDS) {
+      if (new RegExp(`\\b${keyword}\\b`, "i").test(content)) {
+        riskScore += 0.2;
+        break;
+      }
+    }
+    return Math.min(riskScore, 1);
+  }
+  analyze(content) {
+    return {
+      attackProbabilities: this.analyzeAttackProbability(content),
+      entropy: this.calculateEntropy(content),
+      encodingLayers: this.detectEncodingLayers(content),
+      isObfuscated: this.detectObfuscation(content),
+      suspiciousPatterns: this.extractSuspiciousPatterns(content),
+      codeInjectionRisk: this.analyzeCodeInjectionRisk(content),
+      tokenCount: this.extractTokens(content).length
+    };
+  }
+  getThreatScore(analysis) {
+    let score = 0;
+    const probs = analysis.attackProbabilities;
+    const maxProb = Object.values(probs).length > 0 ? Math.max(...Object.values(probs)) : 0;
+    score += maxProb * 0.3;
+    if (analysis.isObfuscated) score += 0.2;
+    if (analysis.encodingLayers > 0) {
+      score += Math.min(analysis.encodingLayers * 0.1, 0.2);
+    }
+    score += analysis.codeInjectionRisk * 0.2;
+    if (analysis.suspiciousPatterns.length > 0) {
+      score += Math.min(analysis.suspiciousPatterns.length * 0.05, 0.1);
+    }
+    return Math.min(score, 1);
+  }
+};
+
+// src/handlers/sus-patterns.ts
+var CTX_XSS = /* @__PURE__ */ new Set(["query_param", "header", "request_body", "unknown"]);
+var CTX_SQLI = /* @__PURE__ */ new Set(["query_param", "request_body", "unknown"]);
+var CTX_DIR_TRAVERSAL = /* @__PURE__ */ new Set(["url_path", "query_param", "request_body", "unknown"]);
+var CTX_CMD_INJECTION = /* @__PURE__ */ new Set(["query_param", "request_body", "unknown"]);
+var CTX_FILE_INCLUSION = /* @__PURE__ */ new Set(["url_path", "query_param", "request_body", "unknown"]);
+var CTX_LDAP = /* @__PURE__ */ new Set(["query_param", "request_body", "unknown"]);
+var CTX_XML = /* @__PURE__ */ new Set(["header", "request_body", "unknown"]);
+var CTX_SSRF = /* @__PURE__ */ new Set(["query_param", "request_body", "unknown"]);
+var CTX_NOSQL = /* @__PURE__ */ new Set(["query_param", "request_body", "unknown"]);
+var CTX_FILE_UPLOAD = /* @__PURE__ */ new Set(["header", "request_body", "unknown"]);
+var CTX_PATH_TRAVERSAL = /* @__PURE__ */ new Set(["url_path", "query_param", "request_body", "unknown"]);
+var CTX_TEMPLATE = /* @__PURE__ */ new Set(["query_param", "request_body", "unknown"]);
+var CTX_HTTP_SPLIT = /* @__PURE__ */ new Set(["header", "query_param", "request_body", "unknown"]);
+var CTX_SENSITIVE_FILE = /* @__PURE__ */ new Set(["url_path", "request_body", "unknown"]);
+var CTX_CMS_PROBING = /* @__PURE__ */ new Set(["url_path", "request_body", "unknown"]);
+var CTX_RECON = /* @__PURE__ */ new Set(["url_path", "unknown"]);
+var CTX_ALL = /* @__PURE__ */ new Set(["query_param", "header", "url_path", "request_body", "unknown"]);
+var KNOWN_CONTEXTS = /* @__PURE__ */ new Set(["query_param", "header", "url_path", "request_body", "unknown"]);
+var PATTERN_DEFINITIONS = [
+  [String.raw`<script[^>]*>[^<]*<\/script\s*>`, CTX_XSS],
+  [String.raw`javascript:\s*[^\s]+`, CTX_XSS],
+  [String.raw`(?:on(?:error|load|click|mouseover|submit|mouse|unload|change|focus|blur|drag))=(?:["'][^"']*["']|[^\s>]+)`, CTX_XSS],
+  [String.raw`(?:<[^>]+\s+(?:href|src|data|action)\s*=[\s"']*(?:javascript|vbscript|data):)`, CTX_XSS],
+  [String.raw`(?:<[^>]+style\s*=[\s"']*[^>"']*(?:expression|behavior|url)\s*\([^)]*\))`, CTX_XSS],
+  [String.raw`(?:<object[^>]*>[\s\S]*<\/object\s*>)`, CTX_XSS],
+  [String.raw`(?:<embed[^>]*>[\s\S]*<\/embed\s*>)`, CTX_XSS],
+  [String.raw`(?:<applet[^>]*>[\s\S]*<\/applet\s*>)`, CTX_XSS],
+  [String.raw`SELECT\s+[\w\s,*]+\s+FROM\s+[\w\s._]+`, CTX_SQLI],
+  [String.raw`UNION\s+(?:ALL\s+)?SELECT`, CTX_SQLI],
+  [String.raw`('\s*(?:OR|AND)\s*[(\s]*'?[\d\w]+\s*(?:=|LIKE|<|>|<=|>=)\s*[(\s]*'?[\d\w]+)`, CTX_SQLI],
+  [String.raw`(UNION\s+(?:ALL\s+)?SELECT\s+(?:NULL[,\s]*)+|\(\s*SELECT\s+(?:@@|VERSION))`, CTX_SQLI],
+  [String.raw`(?:INTO\s+(?:OUTFILE|DUMPFILE)\s+'[^']+')`, CTX_SQLI],
+  [String.raw`(?:LOAD_FILE\s*\([^)]+\))`, CTX_SQLI],
+  [String.raw`(?:BENCHMARK\s*\(\s*\d+\s*,)`, CTX_SQLI],
+  [String.raw`(?:SLEEP\s*\(\s*\d+\s*\))`, CTX_SQLI],
+  [String.raw`(?:\/\*![0-9]*\s*(?:OR|AND|UNION|SELECT|INSERT|DELETE|DROP|CONCAT|CHAR|UPDATE)\b)`, CTX_SQLI],
+  [String.raw`(?:\.\.\/|\.\.\\)(?:\.\.\/|\.\.\\)+`, CTX_DIR_TRAVERSAL],
+  [String.raw`(?:/etc/(?:passwd|shadow|group|hosts|motd|issue|mysql/my.cnf|ssh/ssh_config)$)`, CTX_DIR_TRAVERSAL],
+  [String.raw`(?:boot\.ini|win\.ini|system\.ini|config\.sys)\s*$`, CTX_DIR_TRAVERSAL],
+  [String.raw`(?:\/proc\/self\/environ$)`, CTX_DIR_TRAVERSAL],
+  [String.raw`(?:\/var\/log\/[^/]+$)`, CTX_DIR_TRAVERSAL],
+  [String.raw`;\s*(?:ls|cat|rm|chmod|chown|wget|curl|nc|netcat|ping|telnet)\s+-[a-zA-Z]+\s+`, CTX_CMD_INJECTION],
+  [String.raw`\|\s*(?:wget|curl|fetch|lwp-download|lynx|links|GET)\s+`, CTX_CMD_INJECTION],
+  [String.raw`(?:[;&|` + "`" + String.raw`]\s*(?:\$\([^)]+\)|\$\{[^}]+\}))`, CTX_CMD_INJECTION],
+  [String.raw`(?:^|;)\s*(?:bash|sh|ksh|csh|tsch|zsh|ash)\s+-[a-zA-Z]+`, CTX_CMD_INJECTION],
+  [String.raw`\b(?:eval|system|exec|shell_exec|passthru|popen|proc_open)\s*\(`, CTX_CMD_INJECTION],
+  [String.raw`(?:php|data|zip|rar|file|glob|expect|input|phpinfo|zlib|phar|ssh2|rar|ogg|expect)://[^\s]+`, CTX_FILE_INCLUSION],
+  [String.raw`(?:\/\/[0-9a-zA-Z]([-.\w]*[0-9a-zA-Z])*(:[0-9]+)?(?:\/?)?(?:[a-zA-Z0-9\-.,?'/\\+&amp;%$#_]*)?)`, CTX_FILE_INCLUSION],
+  [String.raw`\(\s*[|&]\s*\(\s*[^)]+=[*]`, CTX_LDAP],
+  [String.raw`(?:\*(?:[\s\d\w]+\s*=|=\s*[\d\w\s]+))`, CTX_LDAP],
+  [String.raw`(?:\(\s*[&|]\s*)`, CTX_LDAP],
+  [String.raw`<!(?:ENTITY|DOCTYPE)[^>]+SYSTEM[^>]+>`, CTX_XML],
+  [String.raw`(?:<!\[CDATA\[.*?\]\]>)`, CTX_XML],
+  [String.raw`(?:<\?xml.*?\?>)`, CTX_XML],
+  [String.raw`(?:^|\s|/)(?:localhost|127\.0\.0\.1|0\.0\.0\.0|\[::(?:\d*)\]|(?:169\.254|192\.168|10\.|172\.(?:1[6-9]|2[0-9]|3[01]))\.\d+)(?:\s|$|/)`, CTX_SSRF],
+  [String.raw`(?:file|dict|gopher|jar|tftp)://[^\s]+`, CTX_SSRF],
+  [String.raw`\{\s*\$(?:where|gt|lt|ne|eq|regex|in|nin|all|size|exists|type|mod|options):`, CTX_NOSQL],
+  [String.raw`(?:\{\s*\$[a-zA-Z]+\s*:\s*(?:\{|\[))`, CTX_NOSQL],
+  [String.raw`filename=["'].*?\.(?:php\d*|phar|phtml|exe|jsp|asp|aspx|sh|bash|rb|py|pl|cgi|com|bat|cmd|vbs|vbe|js|ws|wsf|msi|hta)["']`, CTX_FILE_UPLOAD],
+  [String.raw`(?:%2e%2e|%252e%252e|%uff0e%uff0e|%c0%ae%c0%ae|%e0%40%ae|%c0%ae%e0%80%ae|%25c0%25ae)/`, CTX_PATH_TRAVERSAL],
+  [String.raw`\{\{\s*[^}]+(?:system|exec|popen|eval|require|include)\s*\}\}`, CTX_TEMPLATE],
+  [String.raw`\{%\s*[^%]+(?:system|exec|popen|eval|require|include)\s*%\}`, CTX_TEMPLATE],
+  [String.raw`[\r\n]\s*(?:HTTP\/[0-9.]+|Location:|Set-Cookie:)`, CTX_HTTP_SPLIT],
+  [String.raw`(?:^|/)\.env(?:\.\w+)?(?:\?|$|/)`, CTX_SENSITIVE_FILE],
+  [String.raw`(?:^|/)[\w-]*config[\w-]*\.(?:env|yml|yaml|json|toml|ini|xml|conf)(?:\?|$)`, CTX_SENSITIVE_FILE],
+  [String.raw`(?:^|/)[\w./-]*\.map(?:\?|$)`, CTX_SENSITIVE_FILE],
+  [String.raw`(?:^|/)[\w./-]*\.(?:ts|tsx|jsx|py|rb|java|go|rs|php|pl|sh|sql)(?:\?|$)`, CTX_SENSITIVE_FILE],
+  [String.raw`(?:^|/)\.(?:git|svn|hg|bzr)(?:/|$)`, CTX_SENSITIVE_FILE],
+  [String.raw`(?:^|/)(?:wp-(?:admin|login|content|includes|config)|administrator|xmlrpc)\.?(?:php)?(?:/|$|\?)`, CTX_CMS_PROBING],
+  [String.raw`(?:^|/)(?:phpinfo|info|test|php_info)\.php(?:\?|$)`, CTX_CMS_PROBING],
+  [String.raw`(?:^|/)[\w./-]*\.(?:bak|backup|old|orig|save|swp|swo|tmp|temp)(?:\?|$)`, CTX_CMS_PROBING],
+  [String.raw`(?:^|/)(?:\.htaccess|\.htpasswd|\.DS_Store|Thumbs\.db|\.npmrc|\.dockerenv|web\.config)(?:\?|$)`, CTX_CMS_PROBING],
+  [String.raw`(?:^|/)[\w./-]*\.(?:asp|aspx|jsp|jsa|jhtml|shtml|cfm|cgi|do|action|lua|inc|woa|nsf|esp|html?|js|css|properties|png|gif|jpg|jpeg|svg|webp|bmp|pl)(?:\?|$)`, CTX_RECON],
+  [String.raw`^/(?:api|rest|v\d+|management|system|version|status|config|config_dump|credentials)(?:/|$|\?)`, CTX_RECON],
+  [String.raw`^/admin(?:istrator)?(?:[./?\-]|$)`, CTX_RECON],
+  [String.raw`^/(?:login|logon|signin)(?:[./?\-]|$|/)`, CTX_RECON],
+  [String.raw`(?:^|/)account/login(?:\?|$|/)`, CTX_RECON],
+  [String.raw`(?:^|/)(?:actuator|server-status|telescope)(?:/|$|\?)`, CTX_RECON],
+  [String.raw`(?:CSCOE|dana-(?:na|cached)|sslvpn|RDWeb|/owa/|/ecp/|global-protect|ssl-vpn/|svpn/|sonicui|/remote/login|myvpn|vpntunnel|versa/login)`, CTX_RECON],
+  [String.raw`(?:^|/)(?:geoserver|confluence|nifi|ScadaBR|pandora_console|centreon|kylin|decisioncenter|evox|MagicInfo|metasys|officescan|helpdesk|ignite)(?:/|$|\?|\.|\-)`, CTX_RECON],
+  [String.raw`(?:^|/)cgi-(?:bin|mod)/`, CTX_RECON],
+  [String.raw`(?:^|/)(?:HNAP1|IPCamDesc\.xml|SDK/webLanguage)(?:\?|$|/)`, CTX_RECON],
+  [String.raw`^/(?:scripts|language|languages|images|css|img)/`, CTX_RECON],
+  [String.raw`(?:^|/)(?:robots\.txt|sitemap\.xml|security\.txt|readme\.txt|README\.md|CHANGELOG|pom\.xml|build\.gradle|appsettings\.json|crossdomain\.xml)(?:\?|$|\.)`, CTX_RECON],
+  [String.raw`(?:^|/)(?:sap|ise|nidp|cslu|rustfs|developmentserver|fog/management|lms/db|json/login_session|sms_mp|plugin/webs_model|wsman|am_bin)(?:/|$|\?)`, CTX_RECON],
+  [String.raw`(?:nmaplowercheck|nice\s+ports|Trinity\.txt)`, CTX_RECON],
+  [String.raw`(?:^|/)\.(?:openclaw|clawdbot)(?:/|$)`, CTX_RECON],
+  [String.raw`^/(?:default|inicio|indice|localstart)(?:\.|/|$|\?)`, CTX_RECON],
+  [String.raw`(?:^|/)(?:\.streamlit|\.gpt-pilot|\.aider|\.cursor|\.windsurf|\.copilot|\.devcontainer)(?:/|$)`, CTX_RECON],
+  [String.raw`(?:^|/)(?:docker-compose|Dockerfile|Makefile|Vagrantfile|Jenkinsfile|Procfile)(?:\.ya?ml)?(?:\?|$)`, CTX_RECON],
+  [String.raw`(?:^|/)[\w./-]*(?:secrets?|credentials?)\.(?:py|json|yml|yaml|toml|txt|env|xml|conf|cfg)(?:\?|$)`, CTX_RECON],
+  [String.raw`(?:^|/)autodiscover/`, CTX_RECON],
+  [String.raw`^/dns-query(?:\?|$)`, CTX_RECON],
+  [String.raw`(?:^|/)\.git/(?:refs|index|HEAD|objects|logs)(?:/|$)`, CTX_RECON]
+];
+var SusPatternsManager = class {
+  constructor(config, logger) {
+    this.logger = logger;
+    this.compiler = new PatternCompiler(config.detectionCompilerTimeout * 1e3, config.detectionMaxTrackedPatterns);
+    this.preprocessor = new ContentPreprocessor(config.detectionMaxContentLength, config.detectionPreserveAttackPatterns);
+    this.semantic = new SemanticAnalyzer();
+    this.monitor = new PerformanceMonitor(
+      config.detectionAnomalyThreshold,
+      config.detectionSlowPatternThreshold,
+      config.detectionMonitorHistorySize,
+      config.detectionMaxTrackedPatterns
+    );
+    this.semanticThreshold = config.detectionSemanticThreshold;
+  }
+  compiler;
+  preprocessor;
+  semantic;
+  monitor;
+  customPatterns = /* @__PURE__ */ new Set();
+  compiledCustomContexts = /* @__PURE__ */ new Map();
+  redisHandler = null;
+  agentHandler = null;
+  semanticThreshold;
+  async initializeRedis(redisHandler) {
+    this.redisHandler = redisHandler;
+    const cached = await redisHandler.getKey("patterns", "custom");
+    if (typeof cached === "string" && cached.length > 0) {
+      for (const p of cached.split(",")) {
+        if (p.trim()) {
+          this.customPatterns.add(p.trim());
+          this.compiledCustomContexts.set(p.trim(), CTX_ALL);
+        }
+      }
+    }
+  }
+  async initializeAgent(agentHandler) {
+    this.agentHandler = agentHandler;
+  }
+  normalizeContext(context) {
+    const parts = context.split(":");
+    const normalized = parts[0].toLowerCase();
+    return KNOWN_CONTEXTS.has(normalized) ? normalized : "unknown";
+  }
+  async detect(content, ipAddress, context = "unknown", correlationId = null) {
+    const startTime = performance.now();
+    const originalLength = content.length;
+    const processed = await this.preprocessor.preprocess(content);
+    const normalizedCtx = this.normalizeContext(context);
+    const threats = [];
+    const timeouts = [];
+    for (const [pattern, contexts] of PATTERN_DEFINITIONS) {
+      if (!contexts.has(normalizedCtx)) continue;
+      const patternStart = performance.now();
+      try {
+        const match = await this.compiler.safeMatch(pattern, processed);
+        const elapsed = (performance.now() - patternStart) / 1e3;
+        await this.monitor.recordMetric(pattern, elapsed, processed.length, match !== null, false, this.agentHandler, correlationId);
+        if (match) {
+          threats.push({
+            pattern,
+            context: normalizedCtx,
+            matchedContent: String(match[0] ?? "").slice(0, 200),
+            detectionMethod: "regex"
+          });
+        }
+      } catch {
+        timeouts.push(pattern);
+        const elapsed = (performance.now() - patternStart) / 1e3;
+        await this.monitor.recordMetric(pattern, elapsed, processed.length, false, true, this.agentHandler, correlationId);
+      }
+    }
+    for (const customPattern of this.customPatterns) {
+      const ctxSet = this.compiledCustomContexts.get(customPattern) ?? CTX_ALL;
+      if (!ctxSet.has(normalizedCtx)) continue;
+      try {
+        const match = await this.compiler.safeMatch(customPattern, processed);
+        if (match) {
+          threats.push({
+            pattern: customPattern,
+            context: normalizedCtx,
+            matchedContent: String(match[0] ?? "").slice(0, 200),
+            detectionMethod: "regex_custom"
+          });
+        }
+      } catch {
+        timeouts.push(customPattern);
+      }
+    }
+    const analysis = this.semantic.analyze(processed);
+    const semanticScore = this.semantic.getThreatScore(analysis);
+    if (semanticScore >= this.semanticThreshold) {
+      const topAttack = Object.entries(analysis.attackProbabilities).sort(([, a], [, b]) => b - a)[0];
+      if (topAttack) {
+        threats.push({
+          pattern: `semantic:${topAttack[0]}`,
+          context: normalizedCtx,
+          matchedContent: `score=${semanticScore.toFixed(3)}`,
+          detectionMethod: "semantic"
+        });
+      }
+    }
+    const regexScore = threats.some((t) => t.detectionMethod.startsWith("regex")) ? 1 : 0;
+    const threatScore = Math.max(regexScore, semanticScore);
+    const executionTime = (performance.now() - startTime) / 1e3;
+    return {
+      isThreat: threats.length > 0,
+      threatScore,
+      threats,
+      executionTime,
+      timeouts,
+      correlationId,
+      originalLength,
+      processedLength: processed.length
+    };
+  }
+  async detectPatternMatch(content, ipAddress, context = "unknown", correlationId = null) {
+    const result = await this.detect(content, ipAddress, context, correlationId);
+    if (result.isThreat && result.threats.length > 0) {
+      return [true, result.threats[0].pattern];
+    }
+    return [false, null];
+  }
+  async addPattern(pattern, custom = true) {
+    this.customPatterns.add(pattern);
+    this.compiledCustomContexts.set(pattern, CTX_ALL);
+    if (custom && this.redisHandler) {
+      await this.redisHandler.setKey("patterns", "custom", [...this.customPatterns].join(","));
+    }
+  }
+  async removePattern(pattern) {
+    this.customPatterns.delete(pattern);
+    this.compiledCustomContexts.delete(pattern);
+    if (this.redisHandler) {
+      await this.redisHandler.setKey("patterns", "custom", [...this.customPatterns].join(","));
+    }
+    await this.compiler.clearCache();
+    await this.monitor.removePatternStats(pattern);
+  }
+  getDefaultPatterns() {
+    return PATTERN_DEFINITIONS.map(([p]) => p);
+  }
+  getCustomPatterns() {
+    return [...this.customPatterns];
+  }
+  getAllPatterns() {
+    return [...this.getDefaultPatterns(), ...this.getCustomPatterns()];
+  }
+  async getPerformanceStats() {
+    return {
+      summary: this.monitor.getSummaryStats(),
+      slowPatterns: this.monitor.getSlowPatterns(),
+      problematicPatterns: this.monitor.getProblematicPatterns()
+    };
+  }
+  getComponentStatus() {
+    return {
+      compiler: true,
+      preprocessor: true,
+      semanticAnalyzer: true,
+      performanceMonitor: true
+    };
+  }
+  async configureSemanticThreshold(threshold) {
+    this.semanticThreshold = Math.max(0, Math.min(1, threshold));
+  }
+  async reset() {
+    this.customPatterns.clear();
+    this.compiledCustomContexts.clear();
+    this.agentHandler = null;
+    await this.compiler.clearCache();
+    await this.monitor.clearStats();
+  }
+};
+
+export {
+  PatternCompiler,
+  ContentPreprocessor,
+  PerformanceMonitor,
+  SemanticAnalyzer,
+  SusPatternsManager
+};
+//# sourceMappingURL=chunk-I634N6VV.js.map