@jterrats/open-orchestra 1.0.17 → 1.0.18

package/dist/security/chat-guardrail-policy.js

@@ -0,0 +1,61 @@
+export function chatOutcomeForPolicy(outcome) {
+    if (outcome === "allow")
+        return "allow";
+    if (outcome === "deny")
+        return "block";
+    return "defer";
+}
+export function policySubjectFor(request) {
+    return {
+        id: request.actor.id,
+        subjectType: request.actor.actorType,
+        tenantId: request.tenantId,
+        workspaceId: request.workspaceId,
+    };
+}
+export function policyResourceFor(resource) {
+    return {
+        resourceType: policyResourceTypeFor(resource.resourceType),
+        summary: resource.summary,
+        tenantId: resource.tenantId,
+        workspaceId: resource.workspaceId,
+    };
+}
+export function policyActionFor(action, resource) {
+    if (action === "providerMessage")
+        return "provider.message";
+    if (action === "evidenceWrite")
+        return "evidence.write";
+    if (action === "toolRequest") {
+        if (resource.resourceType === "url")
+            return "url.fetch";
+        if (resource.resourceType === "file")
+            return "file.write";
+        return "command.execute";
+    }
+    return "content.ingest";
+}
+export function highestClassification(segments) {
+    if (segments.some((segment) => segment.classification.classification === "restricted")) {
+        return "restricted";
+    }
+    if (segments.some((segment) => segment.classification.classification === "unknown")) {
+        return "unknown";
+    }
+    if (segments.some((segment) => segment.classification.classification === "internal")) {
+        return "internal";
+    }
+    return "public";
+}
+function policyResourceTypeFor(resourceType) {
+    if (resourceType === "command")
+        return "command";
+    if (resourceType === "evidence")
+        return "evidence";
+    if (resourceType === "file")
+        return "file";
+    if (resourceType === "url")
+        return "url";
+    return "prompt";
+}
+//# sourceMappingURL=chat-guardrail-policy.js.map

package/dist/security/chat-guardrail-policy.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"chat-guardrail-policy.js","sourceRoot":"","sources":["../../src/security/chat-guardrail-policy.ts"],"names":[],"mappings":"AAeA,MAAM,UAAU,oBAAoB,CAClC,OAA8B;IAE9B,IAAI,OAAO,KAAK,OAAO;QAAE,OAAO,OAAO,CAAC;IACxC,IAAI,OAAO,KAAK,MAAM;QAAE,OAAO,OAAO,CAAC;IACvC,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,OAA6B;IAC5D,OAAO;QACL,EAAE,EAAE,OAAO,CAAC,KAAK,CAAC,EAAE;QACpB,WAAW,EAAE,OAAO,CAAC,KAAK,CAAC,SAAS;QACpC,QAAQ,EAAE,OAAO,CAAC,QAAQ;QAC1B,WAAW,EAAE,OAAO,CAAC,WAAW;KACjC,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,iBAAiB,CAC/B,QAA0C;IAE1C,OAAO;QACL,YAAY,EAAE,qBAAqB,CAAC,QAAQ,CAAC,YAAY,CAAC;QAC1D,OAAO,EAAE,QAAQ,CAAC,OAAO;QACzB,QAAQ,EAAE,QAAQ,CAAC,QAAQ;QAC3B,WAAW,EAAE,QAAQ,CAAC,WAAW;KAClC,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,eAAe,CAC7B,MAA2B,EAC3B,QAA0C;IAE1C,IAAI,MAAM,KAAK,iBAAiB;QAAE,OAAO,kBAAkB,CAAC;IAC5D,IAAI,MAAM,KAAK,eAAe;QAAE,OAAO,gBAAgB,CAAC;IACxD,IAAI,MAAM,KAAK,aAAa,EAAE,CAAC;QAC7B,IAAI,QAAQ,CAAC,YAAY,KAAK,KAAK;YAAE,OAAO,WAAW,CAAC;QACxD,IAAI,QAAQ,CAAC,YAAY,KAAK,MAAM;YAAE,OAAO,YAAY,CAAC;QAC1D,OAAO,iBAAiB,CAAC;IAC3B,CAAC;IACD,OAAO,gBAAgB,CAAC;AAC1B,CAAC;AAED,MAAM,UAAU,qBAAqB,CACnC,QAAyB;IAEzB,IACE,QAAQ,CAAC,IAAI,CACX,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,cAAc,CAAC,cAAc,KAAK,YAAY,CACpE,EACD,CAAC;QACD,OAAO,YAAY,CAAC;IACtB,CAAC;IACD,IACE,QAAQ,CAAC,IAAI,CACX,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,cAAc,CAAC,cAAc,KAAK,SAAS,CACjE,EACD,CAAC;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,IACE,QAAQ,CAAC,IAAI,CACX,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,cAAc,CAAC,cAAc,KAAK,UAAU,CAClE,EACD,CAAC;QACD,OAAO,UAAU,CAAC;IACpB,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAS,qBAAqB,CAC5B,YAAuC;IAEvC,IAAI,YAAY,KAAK,SAAS;QAAE,OAAO,SAAS,CAAC;IACjD,IAAI,YAAY,KAAK,UAAU;QAAE,OAAO,UAAU,CAAC;IACnD,IAAI,YAAY,KAAK,MAAM;QAAE,OAAO,MAAM,CAAC;IAC3C,IAAI,YAAY,KAAK,KAAK;QAAE,OAAO,KAAK,CAAC;IACzC,OAAO,QAAQ,CAAC;AAClB,CAAC"}

package/dist/security/chat-guardrail-types.d.ts

@@ -0,0 +1,65 @@
+import type { PolicyDecisionOutcome, PolicySink, PromptSegment, RedactedSegment, RedactionReport, RedactionStatus } from "./policy-types.js";
+import type { PromptSegmentInput } from "./prompt-intake.js";
+export declare const chatGuardrailOutcomes: readonly ["allow", "block", "defer"];
+export type ChatGuardrailOutcome = (typeof chatGuardrailOutcomes)[number];
+export type ChatGuardrailAction = "providerMessage" | "toolRequest" | "subagentRequest" | "messagePersist" | "evidenceWrite" | "outputRender";
+export type ChatGuardrailActorType = "human" | "runtime" | "system" | "tool";
+export type ChatGuardrailResourceType = "artifact" | "command" | "evidence" | "file" | "message" | "prompt" | "subagent" | "thread" | "url";
+export interface ChatGuardrailActor {
+    id: string;
+    actorType: ChatGuardrailActorType;
+    tenantId: string;
+    workspaceId: string;
+}
+export interface ChatGuardrailResource {
+    resourceType: ChatGuardrailResourceType;
+    summary: string;
+    tenantId: string;
+    workspaceId: string;
+}
+export interface ChatGuardrailSink {
+    kind: PolicySink;
+}
+export interface ChatGuardrailRequest {
+    requestId: string;
+    tenantId: string;
+    workspaceId: string;
+    taskId?: string;
+    runId?: string;
+    threadId?: string;
+    messageId?: string;
+    actor: ChatGuardrailActor;
+    action: ChatGuardrailAction;
+    sink: ChatGuardrailSink;
+    resource: ChatGuardrailResource;
+    segments: PromptSegmentInput[];
+    redactionReportOverride?: RedactionReport;
+}
+export interface ChatGuardrailScope {
+    tenantId: string;
+    workspaceId: string;
+    resourceTenantId: string;
+    resourceWorkspaceId: string;
+}
+export interface ChatHumanReviewMetadata {
+    required: true;
+    reason: string;
+    decisionId: string;
+    matchedRuleIds: string[];
+    redactionStatus: RedactionStatus;
+    scope: ChatGuardrailScope;
+}
+export interface ChatGuardrailDecision {
+    requestId: string;
+    outcome: ChatGuardrailOutcome;
+    policyOutcome: PolicyDecisionOutcome;
+    matchedRuleIds: string[];
+    redactionStatus: RedactionStatus;
+    redactedSegments: RedactedSegment[];
+    sanitizedReasons: string[];
+    evidenceSummary: string;
+    humanReview?: ChatHumanReviewMetadata;
+    scope: ChatGuardrailScope;
+    canProceed: boolean;
+    policySegments: PromptSegment[];
+}

package/dist/security/chat-guardrail-types.js

@@ -0,0 +1,2 @@
+export const chatGuardrailOutcomes = ["allow", "block", "defer"];
+//# sourceMappingURL=chat-guardrail-types.js.map

package/dist/security/chat-guardrail-types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"chat-guardrail-types.js","sourceRoot":"","sources":["../../src/security/chat-guardrail-types.ts"],"names":[],"mappings":"AAUA,MAAM,CAAC,MAAM,qBAAqB,GAAG,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,CAAU,CAAC"}

package/dist/security/chat-guardrail-validation.d.ts

@@ -0,0 +1,9 @@
+import type { ChatGuardrailRequest, ChatGuardrailScope } from "./chat-guardrail-types.js";
+export interface ChatGuardrailRule {
+    ruleId: string;
+    reason: string;
+}
+export declare function validateChatRequestShape(request: Partial<ChatGuardrailRequest>): ChatGuardrailRule[];
+export declare function validateScope(request: ChatGuardrailRequest): ChatGuardrailRule[];
+export declare function scopeFor(request: ChatGuardrailRequest): ChatGuardrailScope;
+export declare function emptyScope(): ChatGuardrailScope;

package/dist/security/chat-guardrail-validation.js

@@ -0,0 +1,64 @@
+export function validateChatRequestShape(request) {
+    return [
+        requiredRule("chat.input.request-id", "request id", request.requestId),
+        requiredRule("chat.input.tenant-id", "tenant id", request.tenantId),
+        requiredRule("chat.input.workspace-id", "workspace id", request.workspaceId),
+        requiredRule("chat.input.actor", "actor", request.actor),
+        requiredRule("chat.input.action", "action", request.action),
+        requiredRule("chat.input.sink", "sink", request.sink),
+        requiredRule("chat.input.sink-kind", "sink kind", request.sink?.kind),
+        requiredRule("chat.input.resource", "resource", request.resource),
+        requiredRule("chat.input.segments", "segments", request.segments),
+    ].filter((rule) => rule !== null);
+}
+export function validateScope(request) {
+    const rules = [
+        requiredRule("chat.scope.actor-tenant", "actor tenant id", request.actor.tenantId),
+        requiredRule("chat.scope.actor-workspace", "actor workspace id", request.actor.workspaceId),
+        requiredRule("chat.scope.resource-tenant", "resource tenant id", request.resource.tenantId),
+        requiredRule("chat.scope.resource-workspace", "resource workspace id", request.resource.workspaceId),
+    ].filter((rule) => rule !== null);
+    if (rules.length > 0)
+        return rules;
+    if (request.tenantId !== request.actor.tenantId ||
+        request.tenantId !== request.resource.tenantId) {
+        return [
+            {
+                ruleId: "chat.scope.tenant-mismatch",
+                reason: "request scope is not authorized for this tenant",
+            },
+        ];
+    }
+    if (request.workspaceId !== request.actor.workspaceId ||
+        request.workspaceId !== request.resource.workspaceId) {
+        return [
+            {
+                ruleId: "chat.scope.workspace-mismatch",
+                reason: "request scope is not authorized for this workspace",
+            },
+        ];
+    }
+    return [];
+}
+export function scopeFor(request) {
+    return {
+        tenantId: request.tenantId,
+        workspaceId: request.workspaceId,
+        resourceTenantId: request.resource.tenantId,
+        resourceWorkspaceId: request.resource.workspaceId,
+    };
+}
+export function emptyScope() {
+    return {
+        tenantId: "unknown",
+        workspaceId: "unknown",
+        resourceTenantId: "unknown",
+        resourceWorkspaceId: "unknown",
+    };
+}
+function requiredRule(ruleId, label, value) {
+    if (value)
+        return null;
+    return { ruleId, reason: `missing ${label}` };
+}
+//# sourceMappingURL=chat-guardrail-validation.js.map

package/dist/security/chat-guardrail-validation.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"chat-guardrail-validation.js","sourceRoot":"","sources":["../../src/security/chat-guardrail-validation.ts"],"names":[],"mappings":"AAUA,MAAM,UAAU,wBAAwB,CACtC,OAAsC;IAEtC,OAAO;QACL,YAAY,CAAC,uBAAuB,EAAE,YAAY,EAAE,OAAO,CAAC,SAAS,CAAC;QACtE,YAAY,CAAC,sBAAsB,EAAE,WAAW,EAAE,OAAO,CAAC,QAAQ,CAAC;QACnE,YAAY,CACV,yBAAyB,EACzB,cAAc,EACd,OAAO,CAAC,WAAW,CACpB;QACD,YAAY,CAAC,kBAAkB,EAAE,OAAO,EAAE,OAAO,CAAC,KAAK,CAAC;QACxD,YAAY,CAAC,mBAAmB,EAAE,QAAQ,EAAE,OAAO,CAAC,MAAM,CAAC;QAC3D,YAAY,CAAC,iBAAiB,EAAE,MAAM,EAAE,OAAO,CAAC,IAAI,CAAC;QACrD,YAAY,CAAC,sBAAsB,EAAE,WAAW,EAAE,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC;QACrE,YAAY,CAAC,qBAAqB,EAAE,UAAU,EAAE,OAAO,CAAC,QAAQ,CAAC;QACjE,YAAY,CAAC,qBAAqB,EAAE,UAAU,EAAE,OAAO,CAAC,QAAQ,CAAC;KAClE,CAAC,MAAM,CAAC,CAAC,IAAI,EAA6B,EAAE,CAAC,IAAI,KAAK,IAAI,CAAC,CAAC;AAC/D,CAAC;AAED,MAAM,UAAU,aAAa,CAC3B,OAA6B;IAE7B,MAAM,KAAK,GAAG;QACZ,YAAY,CACV,yBAAyB,EACzB,iBAAiB,EACjB,OAAO,CAAC,KAAK,CAAC,QAAQ,CACvB;QACD,YAAY,CACV,4BAA4B,EAC5B,oBAAoB,EACpB,OAAO,CAAC,KAAK,CAAC,WAAW,CAC1B;QACD,YAAY,CACV,4BAA4B,EAC5B,oBAAoB,EACpB,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAC1B;QACD,YAAY,CACV,+BAA+B,EAC/B,uBAAuB,EACvB,OAAO,CAAC,QAAQ,CAAC,WAAW,CAC7B;KACF,CAAC,MAAM,CAAC,CAAC,IAAI,EAA6B,EAAE,CAAC,IAAI,KAAK,IAAI,CAAC,CAAC;IAC7D,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,KAAK,CAAC;IACnC,IACE,OAAO,CAAC,QAAQ,KAAK,OAAO,CAAC,KAAK,CAAC,QAAQ;QAC3C,OAAO,CAAC,QAAQ,KAAK,OAAO,CAAC,QAAQ,CAAC,QAAQ,EAC9C,CAAC;QACD,OAAO;YACL;gBACE,MAAM,EAAE,4BAA4B;gBACpC,MAAM,EAAE,iDAAiD;aAC1D;SACF,CAAC;IACJ,CAAC;IACD,IACE,OAAO,CAAC,WAAW,KAAK,OAAO,CAAC,KAAK,CAAC,WAAW;QACjD,OAAO,CAAC,WAAW,KAAK,OAAO,CAAC,QAAQ,CAAC,WAAW,EACpD,CAAC;QACD,OAAO;YACL;gBACE,MAAM,EAAE,+BAA+B;gBACvC,MAAM,EAAE,oDAAoD;aAC7D;SACF,CAAC;IACJ,CAAC;IACD,OAAO,EAAE,CAAC;AACZ,CAAC;AAED,MAAM,UAAU,QAAQ,CAAC,OAA6B;IACpD,OAAO;QACL,QAAQ,EAAE,OAAO,CAAC,QAAQ;QAC1B,WAAW,EAAE,OAAO,CAAC,WAAW;QAChC,gBAAgB,EAAE,OAAO,CAAC,QAAQ,CAAC,QAAQ;QAC3C,mBAAmB,EAAE,OAAO,CAAC,QAAQ,CAAC,WAAW;KAClD,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,UAAU;IACxB,OAAO;QACL,QAAQ,EAAE,SAAS;QACnB,WAAW,EAAE,SAAS;QACtB,gBAAgB,EAAE,SAAS;QAC3B,mBAAmB,EAAE,SAAS;KAC/B,CAAC;AACJ,CAAC;AAED,SAAS,YAAY,CACnB,MAAc,EACd,KAAa,EACb,KAAc;IAEd,IAAI,KAAK;QAAE,OAAO,IAAI,CAAC;IACvB,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,WAAW,KAAK,EAAE,EAAE,CAAC;AAChD,CAAC"}

package/dist/security/chat-guardrails.d.ts

@@ -0,0 +1,3 @@
+import type { ChatGuardrailDecision, ChatGuardrailRequest } from "./chat-guardrail-types.js";
+export { chatOutcomeForPolicy } from "./chat-guardrail-policy.js";
+export declare function evaluateChatGuardrail(request: Partial<ChatGuardrailRequest>): ChatGuardrailDecision;

package/dist/security/chat-guardrails.js

@@ -0,0 +1,136 @@
+import { evaluateSecurityPolicy } from "./policy-engine.js";
+import { intakePromptPacket } from "./prompt-intake.js";
+import { redactPromptSegments } from "./redaction.js";
+import { chatOutcomeForPolicy, highestClassification, policyActionFor, policyResourceFor, policySubjectFor, } from "./chat-guardrail-policy.js";
+import { emptyScope, scopeFor, validateChatRequestShape, validateScope, } from "./chat-guardrail-validation.js";
+export { chatOutcomeForPolicy } from "./chat-guardrail-policy.js";
+const unsafeToolFindingKinds = [
+    "pathTraversal",
+    "shellLike",
+    "unsafeUrl",
+];
+export function evaluateChatGuardrail(request) {
+    const shapeRules = validateChatRequestShape(request);
+    if (shapeRules.length > 0) {
+        return chatDecisionFromRules(request.requestId, shapeRules);
+    }
+    const scopedRequest = request;
+    const scopeRules = validateScope(scopedRequest);
+    const scope = scopeFor(scopedRequest);
+    if (scopeRules.length > 0) {
+        return chatDecisionFromRules(scopedRequest.requestId, scopeRules, scope);
+    }
+    try {
+        const rawSegments = intakePromptPacket({
+            segments: scopedRequest.segments,
+        });
+        const redactionReport = scopedRequest.redactionReportOverride ??
+            redactPromptSegments(rawSegments);
+        const policySegments = policySegmentsFor(scopedRequest, rawSegments, redactionReport);
+        const unsafeToolRules = unsafeToolRequestRules(scopedRequest.action, rawSegments);
+        if (unsafeToolRules.length > 0) {
+            return chatDecisionFromRules(scopedRequest.requestId, unsafeToolRules, scope, redactionReport, policySegments);
+        }
+        const policyDecision = evaluateSecurityPolicy({
+            requestId: scopedRequest.requestId,
+            subject: policySubjectFor(scopedRequest),
+            action: policyActionFor(scopedRequest.action, scopedRequest.resource),
+            resource: policyResourceFor(scopedRequest.resource),
+            sink: scopedRequest.sink.kind,
+            dataClassification: highestClassification(policySegments),
+            segments: policySegments,
+            redactionReport,
+        });
+        return chatDecisionFromPolicy(scopedRequest, scope, policyDecision, redactionReport, policySegments);
+    }
+    catch {
+        return chatDecisionFromRules(scopedRequest.requestId, [
+            {
+                ruleId: "chat.guardrail.exception",
+                reason: "chat guardrail failed closed",
+            },
+        ], scope);
+    }
+}
+function unsafeToolRequestRules(action, segments) {
+    if (action !== "toolRequest")
+        return [];
+    return segments.flatMap((segment) => segment.classification.findings
+        .filter((finding) => isUnsafeToolFinding(finding.kind))
+        .map((finding) => ({
+        ruleId: `chat.tool.block.${finding.kind}`,
+        reason: `segment ${segment.id} matched unsafe tool request content`,
+    })));
+}
+function isUnsafeToolFinding(kind) {
+    return unsafeToolFindingKinds.some((unsafeKind) => unsafeKind === kind);
+}
+function policySegmentsFor(request, rawSegments, redactionReport) {
+    return redactionReport.redactedSegments.map((redactedSegment, index) => {
+        const rawSegment = rawSegments[index];
+        return intakePromptPacket({
+            segments: [
+                {
+                    id: redactedSegment.id,
+                    kind: rawSegment?.kind ?? "unknown",
+                    provenance: rawSegment?.provenance ?? "unknown",
+                    sink: request.sink.kind,
+                    text: redactedSegment.text,
+                },
+            ],
+        })[0];
+    });
+}
+function chatDecisionFromPolicy(request, scope, policyDecision, redactionReport, policySegments) {
+    const outcome = chatOutcomeForPolicy(policyDecision.outcome);
+    const decision = {
+        requestId: request.requestId,
+        outcome,
+        policyOutcome: policyDecision.outcome,
+        matchedRuleIds: policyDecision.matchedRuleIds,
+        redactionStatus: policyDecision.redactionStatus,
+        redactedSegments: redactionReport.redactedSegments,
+        sanitizedReasons: [
+            ...policyDecision.sanitizedReasons,
+            ...redactionReport.sanitizedReasons,
+        ],
+        evidenceSummary: `${outcome}: chat guardrail mapped ${policyDecision.outcome}`,
+        scope,
+        canProceed: outcome === "allow",
+        policySegments,
+    };
+    if (outcome === "defer") {
+        decision.humanReview = {
+            required: true,
+            reason: policyDecision.sanitizedReasons[0] ?? "human review required",
+            decisionId: request.requestId,
+            matchedRuleIds: policyDecision.matchedRuleIds,
+            redactionStatus: policyDecision.redactionStatus,
+            scope,
+        };
+    }
+    return decision;
+}
+function chatDecisionFromRules(requestId, rules, scope = emptyScope(), redactionReport = emptyRedactionReport(), policySegments = []) {
+    return {
+        requestId: requestId ?? "unknown",
+        outcome: "block",
+        policyOutcome: "deny",
+        matchedRuleIds: rules.map((rule) => rule.ruleId),
+        redactionStatus: redactionReport.status,
+        redactedSegments: redactionReport.redactedSegments,
+        sanitizedReasons: rules.map((rule) => rule.reason),
+        evidenceSummary: "block: chat guardrail failed closed",
+        scope,
+        canProceed: false,
+        policySegments,
+    };
+}
+function emptyRedactionReport() {
+    return {
+        status: "unsafeUnredacted",
+        redactedSegments: [],
+        sanitizedReasons: ["redaction unavailable"],
+    };
+}
+//# sourceMappingURL=chat-guardrails.js.map

package/dist/security/chat-guardrails.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"chat-guardrails.js","sourceRoot":"","sources":["../../src/security/chat-guardrails.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,sBAAsB,EAAE,MAAM,oBAAoB,CAAC;AAC5D,OAAO,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AACxD,OAAO,EAAE,oBAAoB,EAAE,MAAM,gBAAgB,CAAC;AACtD,OAAO,EACL,oBAAoB,EACpB,qBAAqB,EACrB,eAAe,EACf,iBAAiB,EACjB,gBAAgB,GACjB,MAAM,4BAA4B,CAAC;AACpC,OAAO,EACL,UAAU,EACV,QAAQ,EACR,wBAAwB,EACxB,aAAa,GAEd,MAAM,gCAAgC,CAAC;AAexC,OAAO,EAAE,oBAAoB,EAAE,MAAM,4BAA4B,CAAC;AAElE,MAAM,sBAAsB,GAAG;IAC7B,eAAe;IACf,WAAW;IACX,WAAW;CAC4B,CAAC;AAE1C,MAAM,UAAU,qBAAqB,CACnC,OAAsC;IAEtC,MAAM,UAAU,GAAG,wBAAwB,CAAC,OAAO,CAAC,CAAC;IACrD,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC1B,OAAO,qBAAqB,CAAC,OAAO,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC;IAC9D,CAAC;IAED,MAAM,aAAa,GAAG,OAA+B,CAAC;IACtD,MAAM,UAAU,GAAG,aAAa,CAAC,aAAa,CAAC,CAAC;IAChD,MAAM,KAAK,GAAG,QAAQ,CAAC,aAAa,CAAC,CAAC;IACtC,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC1B,OAAO,qBAAqB,CAAC,aAAa,CAAC,SAAS,EAAE,UAAU,EAAE,KAAK,CAAC,CAAC;IAC3E,CAAC;IAED,IAAI,CAAC;QACH,MAAM,WAAW,GAAG,kBAAkB,CAAC;YACrC,QAAQ,EAAE,aAAa,CAAC,QAAQ;SACjC,CAAC,CAAC;QACH,MAAM,eAAe,GACnB,aAAa,CAAC,uBAAuB;YACrC,oBAAoB,CAAC,WAAW,CAAC,CAAC;QACpC,MAAM,cAAc,GAAG,iBAAiB,CACtC,aAAa,EACb,WAAW,EACX,eAAe,CAChB,CAAC;QACF,MAAM,eAAe,GAAG,sBAAsB,CAC5C,aAAa,CAAC,MAAM,EACpB,WAAW,CACZ,CAAC;QACF,IAAI,eAAe,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC/B,OAAO,qBAAqB,CAC1B,aAAa,CAAC,SAAS,EACvB,eAAe,EACf,KAAK,EACL,eAAe,EACf,cAAc,CACf,CAAC;QACJ,CAAC;QAED,MAAM,cAAc,GAAG,sBAAsB,CAAC;YAC5C,SAAS,EAAE,aAAa,CAAC,SAAS;YAClC,OAAO,EAAE,gBAAgB,CAAC,aAAa,CAAC;YACxC,MAAM,EAAE,eAAe,CAAC,aAAa,CAAC,MAAM,EAAE,aAAa,CAAC,QAAQ,CAAC;YACrE,QAAQ,EAAE,iBAAiB,CAAC,aAAa,CAAC,QAAQ,CAAC;YACnD,IAAI,EAAE,aAAa,CAAC,IAAI,CAAC,IAAI;YAC7B,kBAAkB,EAAE,qBAAqB,CAAC,cAAc,CAAC;YACzD,QAAQ,EAAE,cAAc;YACxB,eAAe;SAChB,CAAC,CAAC;QAEH,OAAO,sBAAsB,CAC3B,aAAa,EACb,KAAK,EACL,cAAc,EACd,eAAe,EACf,cAAc,CACf,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,qBAAqB,CAC1B,aAAa,CAAC,SAAS,EACvB;YACE;gBACE,MAAM,EAAE,0BAA0B;gBAClC,MAAM,EAAE,8BAA8B;aACvC;SACF,EACD,KAAK,CACN,CAAC;IACJ,CAAC;AACH,CAAC;AAED,SAAS,sBAAsB,CAC7B,MAA2B,EAC3B,QAAyB;IAEzB,IAAI,MAAM,KAAK,aAAa;QAAE,OAAO,EAAE,CAAC;IACxC,OAAO,QAAQ,CAAC,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE,CAClC,OAAO,CAAC,cAAc,CAAC,QAAQ;SAC5B,MAAM,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,mBAAmB,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;SACtD,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;QACjB,MAAM,EAAE,mBAAmB,OAAO,CAAC,IAAI,EAAE;QACzC,MAAM,EAAE,WAAW,OAAO,CAAC,EAAE,sCAAsC;KACpE,CAAC,CAAC,CACN,CAAC;AACJ,CAAC;AAED,SAAS,mBAAmB,CAAC,IAAwB;IACnD,OAAO,sBAAsB,CAAC,IAAI,CAAC,CAAC,UAAU,EAAE,EAAE,CAAC,UAAU,KAAK,IAAI,CAAC,CAAC;AAC1E,CAAC;AAED,SAAS,iBAAiB,CACxB,OAA6B,EAC7B,WAA4B,EAC5B,eAAgC;IAEhC,OAAO,eAAe,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC,eAAe,EAAE,KAAK,EAAE,EAAE;QACrE,MAAM,UAAU,GAAG,WAAW,CAAC,KAAK,CAAC,CAAC;QACtC,OAAO,kBAAkB,CAAC;YACxB,QAAQ,EAAE;gBACR;oBACE,EAAE,EAAE,eAAe,CAAC,EAAE;oBACtB,IAAI,EAAE,UAAU,EAAE,IAAI,IAAI,SAAS;oBACnC,UAAU,EAAE,UAAU,EAAE,UAAU,IAAI,SAAS;oBAC/C,IAAI,EAAE,OAAO,CAAC,IAAI,CAAC,IAAI;oBACvB,IAAI,EAAE,eAAe,CAAC,IAAI;iBAC3B;aACF;SACF,CAAC,CAAC,CAAC,CAAkB,CAAC;IACzB,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,sBAAsB,CAC7B,OAA6B,EAC7B,KAAyB,EACzB,cAA8B,EAC9B,eAAgC,EAChC,cAA+B;IAE/B,MAAM,OAAO,GAAG,oBAAoB,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC;IAC7D,MAAM,QAAQ,GAA0B;QACtC,SAAS,EAAE,OAAO,CAAC,SAAS;QAC5B,OAAO;QACP,aAAa,EAAE,cAAc,CAAC,OAAO;QACrC,cAAc,EAAE,cAAc,CAAC,cAAc;QAC7C,eAAe,EAAE,cAAc,CAAC,eAAe;QAC/C,gBAAgB,EAAE,eAAe,CAAC,gBAAgB;QAClD,gBAAgB,EAAE;YAChB,GAAG,cAAc,CAAC,gBAAgB;YAClC,GAAG,eAAe,CAAC,gBAAgB;SACpC;QACD,eAAe,EAAE,GAAG,OAAO,2BAA2B,cAAc,CAAC,OAAO,EAAE;QAC9E,KAAK;QACL,UAAU,EAAE,OAAO,KAAK,OAAO;QAC/B,cAAc;KACf,CAAC;IACF,IAAI,OAAO,KAAK,OAAO,EAAE,CAAC;QACxB,QAAQ,CAAC,WAAW,GAAG;YACrB,QAAQ,EAAE,IAAI;YACd,MAAM,EAAE,cAAc,CAAC,gBAAgB,CAAC,CAAC,CAAC,IAAI,uBAAuB;YACrE,UAAU,EAAE,OAAO,CAAC,SAAS;YAC7B,cAAc,EAAE,cAAc,CAAC,cAAc;YAC7C,eAAe,EAAE,cAAc,CAAC,eAAe;YAC/C,KAAK;SACN,CAAC;IACJ,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAS,qBAAqB,CAC5B,SAA6B,EAC7B,KAA0B,EAC1B,KAAK,GAAG,UAAU,EAAE,EACpB,eAAe,GAAG,oBAAoB,EAAE,EACxC,iBAAkC,EAAE;IAEpC,OAAO;QACL,SAAS,EAAE,SAAS,IAAI,SAAS;QACjC,OAAO,EAAE,OAAO;QAChB,aAAa,EAAE,MAAM;QACrB,cAAc,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC;QAChD,eAAe,EAAE,eAAe,CAAC,MAAM;QACvC,gBAAgB,EAAE,eAAe,CAAC,gBAAgB;QAClD,gBAAgB,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC;QAClD,eAAe,EAAE,qCAAqC;QACtD,KAAK;QACL,UAAU,EAAE,KAAK;QACjB,cAAc;KACf,CAAC;AACJ,CAAC;AAED,SAAS,oBAAoB;IAC3B,OAAO;QACL,MAAM,EAAE,kBAA4C;QACpD,gBAAgB,EAAE,EAAE;QACpB,gBAAgB,EAAE,CAAC,uBAAuB,CAAC;KAC5C,CAAC;AACJ,CAAC"}

package/dist/security/content-classifier.js

@@ -1,3 +1,4 @@
+import { hasPaymentCardLikeValue } from "./payment-card-detection.js";
 const promptInjectionPhrases = [
     "ignore previous instructions",
     "ignore all previous instructions",
@@ -37,6 +38,36 @@ const privateHostPatterns = [
     "172.31.",
     "[::1]",
 ];
+const piiRules = [
+    {
+        kind: "piiEmail",
+        ruleId: "content.pii.email",
+        severity: "high",
+        summary: "content contains an email address",
+        matches: (value) => /\b[a-z0-9._%+-]+@[a-z0-9.-]+[.][a-z]{2,}\b/i.test(value),
+    },
+    {
+        kind: "piiPhone",
+        ruleId: "content.pii.phone",
+        severity: "high",
+        summary: "content contains a phone-number-like value",
+        matches: (value) => /(?:\+?1[\s.-]?)?(?:[(]\d{3}[)]|\b\d{3})[\s.-]?\d{3}[\s.-]?\d{4}\b/.test(value),
+    },
+    {
+        kind: "piiSsn",
+        ruleId: "content.pii.ssn",
+        severity: "critical",
+        summary: "content contains an SSN-like identifier",
+        matches: (value) => /\b\d{3}-\d{2}-\d{4}\b/.test(value),
+    },
+    {
+        kind: "piiPaymentCard",
+        ruleId: "content.pii.payment-card",
+        severity: "critical",
+        summary: "content contains a payment-card-like value",
+        matches: hasPaymentCardLikeValue,
+    },
+];
 const contentRules = [
     {
         kind: "promptInjection",
@@ -98,6 +129,7 @@ const contentRules = [
         matches: (value) => /\bbearer\s+[a-z0-9._-]{12,}/i.test(value) ||
             /\b(api[_-]?key|password|secret|token)\s*[:=]\s*[^\s"']{12,}/i.test(value),
     },
+    ...piiRules,
 ];
 export function classifyContent(text) {
     const findings = contentRules
@@ -117,7 +149,7 @@ function toFinding(rule) {
     };
 }
 function classificationForFindings(findings) {
-    if (findings.some((finding) => finding.kind === "secretShaped")) {
+    if (findings.some((finding) => finding.kind === "secretShaped" || finding.kind.startsWith("pii"))) {
         return "restricted";
     }
     if (findings.length > 0) {

package/dist/security/content-classifier.js.map

@@ -1 +1 @@
-{"version":3,"file":"content-classifier.js","sourceRoot":"","sources":["../../src/security/content-classifier.ts"],"names":[],"mappings":"AAgBA,MAAM,sBAAsB,GAAG;IAC7B,8BAA8B;IAC9B,kCAAkC;IAClC,0BAA0B;IAC1B,6BAA6B;IAC7B,eAAe;IACf,gBAAgB;IAChB,mBAAmB;CACX,CAAC;AAEX,MAAM,qBAAqB,GAAG;IAC5B,KAAK;IACL,MAAM;IACN,OAAO;IACP,oBAAoB;CACZ,CAAC;AAEX,MAAM,mBAAmB,GAAG;IAC1B,WAAW;IACX,MAAM;IACN,KAAK;IACL,UAAU;IACV,UAAU;IACV,SAAS;IACT,SAAS;IACT,SAAS;IACT,SAAS;IACT,SAAS;IACT,SAAS;IACT,SAAS;IACT,SAAS;IACT,SAAS;IACT,SAAS;IACT,SAAS;IACT,SAAS;IACT,SAAS;IACT,SAAS;IACT,SAAS;IACT,SAAS;IACT,OAAO;CACC,CAAC;AAEX,MAAM,YAAY,GAAkB;IAClC;QACE,IAAI,EAAE,iBAAiB;QACvB,MAAM,EAAE,oCAAoC;QAC5C,QAAQ,EAAE,UAAU;QACpB,OAAO,EAAE,gEAAgE;QACzE,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE,CAAC,WAAW,CAAC,KAAK,EAAE,sBAAsB,CAAC;KAC/D;IACD;QACE,IAAI,EAAE,yBAAyB;QAC/B,MAAM,EAAE,4CAA4C;QACpD,QAAQ,EAAE,UAAU;QACpB,OAAO,EAAE,gEAAgE;QACzE,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE,CACjB,WAAW,CAAC,KAAK,EAAE,qBAAqB,CAAC;YACzC,WAAW,CAAC,KAAK,EAAE,sBAAsB,CAAC;KAC7C;IACD;QACE,IAAI,EAAE,SAAS;QACf,MAAM,EAAE,wBAAwB;QAChC,QAAQ,EAAE,MAAM;QAChB,OAAO,EAAE,8CAA8C;QACvD,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE,CACjB,6FAA6F,CAAC,IAAI,CAChG,KAAK,CACN,IAAI,qBAAqB,CAAC,IAAI,CAAC,KAAK,CAAC;KACzC;IACD;QACE,IAAI,EAAE,WAAW;QACjB,MAAM,EAAE,0BAA0B;QAClC,QAAQ,EAAE,MAAM;QAChB,OAAO,EAAE,2DAA2D;QACpE,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE,CACjB,sCAAsC,CAAC,IAAI,CAAC,KAAK,CAAC;YAClD,mDAAmD,CAAC,IAAI,CAAC,KAAK,CAAC;KAClE;IACD;QACE,IAAI,EAAE,WAAW;QACjB,MAAM,EAAE,+BAA+B;QACvC,QAAQ,EAAE,UAAU;QACpB,OAAO,EAAE,4DAA4D;QACrE,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE,CACjB,iEAAiE,CAAC,IAAI,CACpE,KAAK,CACN,IAAI,yBAAyB,CAAC,IAAI,CAAC,KAAK,CAAC;KAC7C;IACD;QACE,IAAI,EAAE,WAAW;QACjB,MAAM,EAAE,+BAA+B;QACvC,QAAQ,EAAE,UAAU;QACpB,OAAO,EAAE,oDAAoD;QAC7D,OAAO,EAAE,YAAY;KACtB;IACD;QACE,IAAI,EAAE,eAAe;QACrB,MAAM,EAAE,6BAA6B;QACrC,QAAQ,EAAE,UAAU;QACpB,OAAO,EAAE,iEAAiE;QAC1E,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE,CACjB,0BAA0B,CAAC,IAAI,CAAC,KAAK,CAAC;YACtC,+DAA+D,CAAC,IAAI,CAClE,KAAK,CACN;KACJ;IACD;QACE,IAAI,EAAE,cAAc;QACpB,MAAM,EAAE,6BAA6B;QACrC,QAAQ,EAAE,UAAU;QACpB,OAAO,EACL,oEAAoE;QACtE,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE,CACjB,8BAA8B,CAAC,IAAI,CAAC,KAAK,CAAC;YAC1C,8DAA8D,CAAC,IAAI,CACjE,KAAK,CACN;KACJ;CACF,CAAC;AAEF,MAAM,UAAU,eAAe,CAAC,IAAY;IAC1C,MAAM,QAAQ,GAAG,YAAY;SAC1B,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;SACpC,GAAG,CAAC,SAAS,CAAC,CAAC;IAClB,OAAO;QACL,cAAc,EAAE,yBAAyB,CAAC,QAAQ,CAAC;QACnD,QAAQ;KACT,CAAC;AACJ,CAAC;AAED,SAAS,SAAS,CAAC,IAAiB;IAClC,OAAO;QACL,IAAI,EAAE,IAAI,CAAC,IAAI;QACf,MAAM,EAAE,IAAI,CAAC,MAAM;QACnB,QAAQ,EAAE,IAAI,CAAC,QAAQ;QACvB,OAAO,EAAE,IAAI,CAAC,OAAO;KACtB,CAAC;AACJ,CAAC;AAED,SAAS,yBAAyB,CAChC,QAA0B;IAE1B,IAAI,QAAQ,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,KAAK,cAAc,CAAC,EAAE,CAAC;QAChE,OAAO,YAAY,CAAC;IACtB,CAAC;IACD,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxB,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,OAAO,UAAU,CAAC;AACpB,CAAC;AAED,SAAS,WAAW,CAAC,KAAa,EAAE,OAA0B;IAC5D,MAAM,UAAU,GAAG,KAAK,CAAC,WAAW,EAAE,CAAC;IACvC,OAAO,OAAO,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC;AAC/D,CAAC;AAED,SAAS,YAAY,CAAC,KAAa;IACjC,MAAM,IAAI,GAAG,KAAK,CAAC,KAAK,CAAC,uCAAuC,CAAC,IAAI,EAAE,CAAC;IACxE,OAAO,IAAI,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE;QAC1B,IAAI,MAAW,CAAC;QAChB,IAAI,CAAC;YACH,MAAM,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,CAAC;QAC3B,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAC;QACd,CAAC;QACD,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC;QAC/C,OAAO,CACL,MAAM,CAAC,QAAQ,KAAK,QAAQ;YAC5B,mBAAmB,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,QAAQ,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,CACpE,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC"}
+{"version":3,"file":"content-classifier.js","sourceRoot":"","sources":["../../src/security/content-classifier.ts"],"names":[],"mappings":"AAOA,OAAO,EAAE,uBAAuB,EAAE,MAAM,6BAA6B,CAAC;AAUtE,MAAM,sBAAsB,GAAG;IAC7B,8BAA8B;IAC9B,kCAAkC;IAClC,0BAA0B;IAC1B,6BAA6B;IAC7B,eAAe;IACf,gBAAgB;IAChB,mBAAmB;CACX,CAAC;AAEX,MAAM,qBAAqB,GAAG;IAC5B,KAAK;IACL,MAAM;IACN,OAAO;IACP,oBAAoB;CACZ,CAAC;AAEX,MAAM,mBAAmB,GAAG;IAC1B,WAAW;IACX,MAAM;IACN,KAAK;IACL,UAAU;IACV,UAAU;IACV,SAAS;IACT,SAAS;IACT,SAAS;IACT,SAAS;IACT,SAAS;IACT,SAAS;IACT,SAAS;IACT,SAAS;IACT,SAAS;IACT,SAAS;IACT,SAAS;IACT,SAAS;IACT,SAAS;IACT,SAAS;IACT,SAAS;IACT,SAAS;IACT,OAAO;CACC,CAAC;AAEX,MAAM,QAAQ,GAAG;IACf;QACE,IAAI,EAAE,UAAU;QAChB,MAAM,EAAE,mBAAmB;QAC3B,QAAQ,EAAE,MAAM;QAChB,OAAO,EAAE,mCAAmC;QAC5C,OAAO,EAAE,CAAC,KAAa,EAAE,EAAE,CACzB,6CAA6C,CAAC,IAAI,CAAC,KAAK,CAAC;KAC5D;IACD;QACE,IAAI,EAAE,UAAU;QAChB,MAAM,EAAE,mBAAmB;QAC3B,QAAQ,EAAE,MAAM;QAChB,OAAO,EAAE,4CAA4C;QACrD,OAAO,EAAE,CAAC,KAAa,EAAE,EAAE,CACzB,mEAAmE,CAAC,IAAI,CACtE,KAAK,CACN;KACJ;IACD;QACE,IAAI,EAAE,QAAQ;QACd,MAAM,EAAE,iBAAiB;QACzB,QAAQ,EAAE,UAAU;QACpB,OAAO,EAAE,yCAAyC;QAClD,OAAO,EAAE,CAAC,KAAa,EAAE,EAAE,CAAC,uBAAuB,CAAC,IAAI,CAAC,KAAK,CAAC;KAChE;IACD;QACE,IAAI,EAAE,gBAAgB;QACtB,MAAM,EAAE,0BAA0B;QAClC,QAAQ,EAAE,UAAU;QACpB,OAAO,EAAE,4CAA4C;QACrD,OAAO,EAAE,uBAAuB;KACjC;CACsB,CAAC;AAE1B,MAAM,YAAY,GAAkB;IAClC;QACE,IAAI,EAAE,iBAAiB;QACvB,MAAM,EAAE,oCAAoC;QAC5C,QAAQ,EAAE,UAAU;QACpB,OAAO,EAAE,gEAAgE;QACzE,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE,CAAC,WAAW,CAAC,KAAK,EAAE,sBAAsB,CAAC;KAC/D;IACD;QACE,IAAI,EAAE,yBAAyB;QAC/B,MAAM,EAAE,4CAA4C;QACpD,QAAQ,EAAE,UAAU;QACpB,OAAO,EAAE,gEAAgE;QACzE,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE,CACjB,WAAW,CAAC,KAAK,EAAE,qBAAqB,CAAC;YACzC,WAAW,CAAC,KAAK,EAAE,sBAAsB,CAAC;KAC7C;IACD;QACE,IAAI,EAAE,SAAS;QACf,MAAM,EAAE,wBAAwB;QAChC,QAAQ,EAAE,MAAM;QAChB,OAAO,EAAE,8CAA8C;QACvD,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE,CACjB,6FAA6F,CAAC,IAAI,CAChG,KAAK,CACN,IAAI,qBAAqB,CAAC,IAAI,CAAC,KAAK,CAAC;KACzC;IACD;QACE,IAAI,EAAE,WAAW;QACjB,MAAM,EAAE,0BAA0B;QAClC,QAAQ,EAAE,MAAM;QAChB,OAAO,EAAE,2DAA2D;QACpE,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE,CACjB,sCAAsC,CAAC,IAAI,CAAC,KAAK,CAAC;YAClD,mDAAmD,CAAC,IAAI,CAAC,KAAK,CAAC;KAClE;IACD;QACE,IAAI,EAAE,WAAW;QACjB,MAAM,EAAE,+BAA+B;QACvC,QAAQ,EAAE,UAAU;QACpB,OAAO,EAAE,4DAA4D;QACrE,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE,CACjB,iEAAiE,CAAC,IAAI,CACpE,KAAK,CACN,IAAI,yBAAyB,CAAC,IAAI,CAAC,KAAK,CAAC;KAC7C;IACD;QACE,IAAI,EAAE,WAAW;QACjB,MAAM,EAAE,+BAA+B;QACvC,QAAQ,EAAE,UAAU;QACpB,OAAO,EAAE,oDAAoD;QAC7D,OAAO,EAAE,YAAY;KACtB;IACD;QACE,IAAI,EAAE,eAAe;QACrB,MAAM,EAAE,6BAA6B;QACrC,QAAQ,EAAE,UAAU;QACpB,OAAO,EAAE,iEAAiE;QAC1E,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE,CACjB,0BAA0B,CAAC,IAAI,CAAC,KAAK,CAAC;YACtC,+DAA+D,CAAC,IAAI,CAClE,KAAK,CACN;KACJ;IACD;QACE,IAAI,EAAE,cAAc;QACpB,MAAM,EAAE,6BAA6B;QACrC,QAAQ,EAAE,UAAU;QACpB,OAAO,EACL,oEAAoE;QACtE,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE,CACjB,8BAA8B,CAAC,IAAI,CAAC,KAAK,CAAC;YAC1C,8DAA8D,CAAC,IAAI,CACjE,KAAK,CACN;KACJ;IACD,GAAG,QAAQ;CACZ,CAAC;AAEF,MAAM,UAAU,eAAe,CAAC,IAAY;IAC1C,MAAM,QAAQ,GAAG,YAAY;SAC1B,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;SACpC,GAAG,CAAC,SAAS,CAAC,CAAC;IAClB,OAAO;QACL,cAAc,EAAE,yBAAyB,CAAC,QAAQ,CAAC;QACnD,QAAQ;KACT,CAAC;AACJ,CAAC;AAED,SAAS,SAAS,CAAC,IAAiB;IAClC,OAAO;QACL,IAAI,EAAE,IAAI,CAAC,IAAI;QACf,MAAM,EAAE,IAAI,CAAC,MAAM;QACnB,QAAQ,EAAE,IAAI,CAAC,QAAQ;QACvB,OAAO,EAAE,IAAI,CAAC,OAAO;KACtB,CAAC;AACJ,CAAC;AAED,SAAS,yBAAyB,CAChC,QAA0B;IAE1B,IACE,QAAQ,CAAC,IAAI,CACX,CAAC,OAAO,EAAE,EAAE,CACV,OAAO,CAAC,IAAI,KAAK,cAAc,IAAI,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,CACpE,EACD,CAAC;QACD,OAAO,YAAY,CAAC;IACtB,CAAC;IACD,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxB,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,OAAO,UAAU,CAAC;AACpB,CAAC;AAED,SAAS,WAAW,CAAC,KAAa,EAAE,OAA0B;IAC5D,MAAM,UAAU,GAAG,KAAK,CAAC,WAAW,EAAE,CAAC;IACvC,OAAO,OAAO,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC;AAC/D,CAAC;AAED,SAAS,YAAY,CAAC,KAAa;IACjC,MAAM,IAAI,GAAG,KAAK,CAAC,KAAK,CAAC,uCAAuC,CAAC,IAAI,EAAE,CAAC;IACxE,OAAO,IAAI,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE;QAC1B,IAAI,MAAW,CAAC;QAChB,IAAI,CAAC;YACH,MAAM,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,CAAC;QAC3B,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAC;QACd,CAAC;QACD,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC;QAC/C,OAAO,CACL,MAAM,CAAC,QAAQ,KAAK,QAAQ;YAC5B,mBAAmB,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,QAAQ,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,CACpE,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC"}

package/dist/security/payment-card-detection.d.ts

@@ -0,0 +1,3 @@
+export declare function hasPaymentCardLikeValue(value: string): boolean;
+export declare function redactPaymentCardLikeValues(value: string, replacement: string): string;
+export declare function isPaymentCardLikeValue(value: string): boolean;

package/dist/security/payment-card-detection.js

@@ -0,0 +1,48 @@
+const paymentCardCandidatePattern = /\b\d(?:[ -]?\d){12,18}\b/g;
+export function hasPaymentCardLikeValue(value) {
+    return paymentCardCandidates(value).some(isPaymentCardLikeValue);
+}
+export function redactPaymentCardLikeValues(value, replacement) {
+    return value.replace(paymentCardCandidatePattern, (match, offset) => isPaymentCardLikeCandidate(value, match, offset) ? replacement : match);
+}
+export function isPaymentCardLikeValue(value) {
+    const digits = value.replace(/[ -]/g, "");
+    if (digits.length < 13 || digits.length > 19)
+        return false;
+    return luhnChecksum(digits);
+}
+function paymentCardCandidates(value) {
+    paymentCardCandidatePattern.lastIndex = 0;
+    return [...value.matchAll(paymentCardCandidatePattern)]
+        .filter((match) => isPaymentCardLikeCandidate(value, match[0], match.index ?? 0))
+        .map((match) => match[0]);
+}
+function isPaymentCardLikeCandidate(source, value, offset) {
+    if (!isPaymentCardLikeValue(value))
+        return false;
+    const before = source[offset - 1] ?? "";
+    const after = source[offset + value.length] ?? "";
+    return !isIdentifierBoundary(before) && !isIdentifierBoundary(after);
+}
+function isIdentifierBoundary(value) {
+    return /[A-Za-z0-9_-]/.test(value);
+}
+function luhnChecksum(value) {
+    let sum = 0;
+    let shouldDouble = false;
+    for (let index = value.length - 1; index >= 0; index -= 1) {
+        const digit = Number(value[index]);
+        if (!Number.isInteger(digit))
+            return false;
+        let contribution = digit;
+        if (shouldDouble) {
+            contribution = digit * 2;
+            if (contribution > 9)
+                contribution -= 9;
+        }
+        sum += contribution;
+        shouldDouble = !shouldDouble;
+    }
+    return sum > 0 && sum % 10 === 0;
+}
+//# sourceMappingURL=payment-card-detection.js.map

package/dist/security/payment-card-detection.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"payment-card-detection.js","sourceRoot":"","sources":["../../src/security/payment-card-detection.ts"],"names":[],"mappings":"AAAA,MAAM,2BAA2B,GAAG,2BAA2B,CAAC;AAEhE,MAAM,UAAU,uBAAuB,CAAC,KAAa;IACnD,OAAO,qBAAqB,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;AACnE,CAAC;AAED,MAAM,UAAU,2BAA2B,CACzC,KAAa,EACb,WAAmB;IAEnB,OAAO,KAAK,CAAC,OAAO,CAAC,2BAA2B,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE,CAClE,0BAA0B,CAAC,KAAK,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,KAAK,CACvE,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,sBAAsB,CAAC,KAAa;IAClD,MAAM,MAAM,GAAG,KAAK,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;IAC1C,IAAI,MAAM,CAAC,MAAM,GAAG,EAAE,IAAI,MAAM,CAAC,MAAM,GAAG,EAAE;QAAE,OAAO,KAAK,CAAC;IAC3D,OAAO,YAAY,CAAC,MAAM,CAAC,CAAC;AAC9B,CAAC;AAED,SAAS,qBAAqB,CAAC,KAAa;IAC1C,2BAA2B,CAAC,SAAS,GAAG,CAAC,CAAC;IAC1C,OAAO,CAAC,GAAG,KAAK,CAAC,QAAQ,CAAC,2BAA2B,CAAC,CAAC;SACpD,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAChB,0BAA0B,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,KAAK,IAAI,CAAC,CAAC,CAC9D;SACA,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;AAC9B,CAAC;AAED,SAAS,0BAA0B,CACjC,MAAc,EACd,KAAa,EACb,MAAc;IAEd,IAAI,CAAC,sBAAsB,CAAC,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IACjD,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;IACxC,MAAM,KAAK,GAAG,MAAM,CAAC,MAAM,GAAG,KAAK,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;IAClD,OAAO,CAAC,oBAAoB,CAAC,MAAM,CAAC,IAAI,CAAC,oBAAoB,CAAC,KAAK,CAAC,CAAC;AACvE,CAAC;AAED,SAAS,oBAAoB,CAAC,KAAa;IACzC,OAAO,eAAe,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;AACrC,CAAC;AAED,SAAS,YAAY,CAAC,KAAa;IACjC,IAAI,GAAG,GAAG,CAAC,CAAC;IACZ,IAAI,YAAY,GAAG,KAAK,CAAC;IACzB,KAAK,IAAI,KAAK,GAAG,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,KAAK,IAAI,CAAC,EAAE,KAAK,IAAI,CAAC,EAAE,CAAC;QAC1D,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC;QACnC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,CAAC;YAAE,OAAO,KAAK,CAAC;QAC3C,IAAI,YAAY,GAAG,KAAK,CAAC;QACzB,IAAI,YAAY,EAAE,CAAC;YACjB,YAAY,GAAG,KAAK,GAAG,CAAC,CAAC;YACzB,IAAI,YAAY,GAAG,CAAC;gBAAE,YAAY,IAAI,CAAC,CAAC;QAC1C,CAAC;QACD,GAAG,IAAI,YAAY,CAAC;QACpB,YAAY,GAAG,CAAC,YAAY,CAAC;IAC/B,CAAC;IACD,OAAO,GAAG,GAAG,CAAC,IAAI,GAAG,GAAG,EAAE,KAAK,CAAC,CAAC;AACnC,CAAC"}

package/dist/security/policy-types.d.ts

@@ -5,7 +5,7 @@ export type PolicySink = "evidence" | "htmlText" | "json" | "log" | "markdown" |
 export type SegmentKind = "data" | "evidence" | "instruction" | "providerResponse" | "toolInput" | "toolOutput" | "unknown";
 export type DataClassification = "public" | "internal" | "restricted" | "unknown";
 export type FindingSeverity = "low" | "medium" | "high" | "critical";
-export type ContentFindingKind = "indirectPromptInjection" | "noSqlLike" | "pathTraversal" | "promptInjection" | "secretShaped" | "shellLike" | "sqlLike" | "unsafeUrl";
+export type ContentFindingKind = "indirectPromptInjection" | "noSqlLike" | "pathTraversal" | "piiEmail" | "piiPaymentCard" | "piiPhone" | "piiSsn" | "promptInjection" | "secretShaped" | "shellLike" | "sqlLike" | "unsafeUrl";
 export interface ContentFinding {
     kind: ContentFindingKind;
     ruleId: string;

package/dist/security/provider-egress-policy.d.ts

@@ -0,0 +1,27 @@
+import type { ContentClassification, DataClassification, PolicyDecision } from "./policy-types.js";
+import type { ModelMessage } from "../types/model-config.js";
+export interface ProviderEgressClassification {
+    classification: DataClassification;
+    findings: ContentClassification["findings"];
+}
+export interface ProviderEgressClassifier {
+    classify(text: string): ProviderEgressClassification;
+}
+export interface ProviderEgressPolicyInput {
+    requestId?: string;
+    taskId: string;
+    role: string;
+    actor: string;
+    providerId: string;
+    messages: ModelMessage[];
+    classifier?: ProviderEgressClassifier;
+}
+export interface ProviderEgressPolicyDecision {
+    allowed: boolean;
+    requestId: string;
+    outcome: PolicyDecision["outcome"];
+    safeMessage?: string;
+    matchedRuleIds: string[];
+    redactionStatus: PolicyDecision["redactionStatus"];
+}
+export declare function evaluateProviderEgressPolicy(input: ProviderEgressPolicyInput): ProviderEgressPolicyDecision;

package/dist/security/provider-egress-policy.js

@@ -0,0 +1,72 @@
+import { randomUUID } from "node:crypto";
+import { evaluateSecurityPolicy } from "./policy-engine.js";
+import { intakePromptSegment } from "./prompt-intake.js";
+import { redactPromptSegments } from "./redaction.js";
+export function evaluateProviderEgressPolicy(input) {
+    const requestId = input.requestId ?? `provider-egress-${randomUUID()}`;
+    const segments = input.messages.map((message, index) => providerPromptSegment(message, index, input.classifier));
+    const redactionReport = redactPromptSegments(segments);
+    const decision = evaluateSecurityPolicy({
+        requestId,
+        subject: {
+            id: input.actor,
+            subjectType: "runtime",
+            workspaceId: input.taskId,
+        },
+        action: "provider.message",
+        resource: {
+            resourceType: "prompt",
+            summary: `provider egress to ${input.providerId}`,
+            workspaceId: input.taskId,
+        },
+        sink: "provider",
+        dataClassification: highestDataClassification(segments),
+        segments,
+        redactionReport,
+    });
+    const allowed = redactionReport.status === "notRequired" &&
+        !hasRestrictedClassification(segments);
+    return {
+        allowed,
+        requestId,
+        outcome: decision.outcome,
+        matchedRuleIds: decision.matchedRuleIds,
+        redactionStatus: decision.redactionStatus,
+        ...(allowed
+            ? {}
+            : {
+                safeMessage: "provider egress blocked by restricted-content policy before provider execution",
+            }),
+    };
+}
+function hasRestrictedClassification(segments) {
+    return segments.some((segment) => segment.classification.classification === "restricted");
+}
+function providerPromptSegment(message, index, classifier) {
+    const segment = intakePromptSegment({
+        id: `message-${index + 1}`,
+        kind: message.role === "tool" ? "toolOutput" : "instruction",
+        provenance: `model-message:${message.role}`,
+        sink: "provider",
+        text: message.content,
+    }, `message-${index + 1}`);
+    if (!classifier)
+        return segment;
+    return {
+        ...segment,
+        classification: classifier.classify(message.content),
+    };
+}
+function highestDataClassification(segments) {
+    if (segments.some((segment) => segment.classification.classification === "restricted")) {
+        return "restricted";
+    }
+    if (segments.some((segment) => segment.classification.classification === "unknown")) {
+        return "unknown";
+    }
+    if (segments.some((segment) => segment.classification.classification === "internal")) {
+        return "internal";
+    }
+    return "public";
+}
+//# sourceMappingURL=provider-egress-policy.js.map

package/dist/security/provider-egress-policy.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"provider-egress-policy.js","sourceRoot":"","sources":["../../src/security/provider-egress-policy.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,sBAAsB,EAAE,MAAM,oBAAoB,CAAC;AAC5D,OAAO,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AACzD,OAAO,EAAE,oBAAoB,EAAE,MAAM,gBAAgB,CAAC;AAqCtD,MAAM,UAAU,4BAA4B,CAC1C,KAAgC;IAEhC,MAAM,SAAS,GAAG,KAAK,CAAC,SAAS,IAAI,mBAAmB,UAAU,EAAE,EAAE,CAAC;IACvE,MAAM,QAAQ,GAAG,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,KAAK,EAAE,EAAE,CACrD,qBAAqB,CAAC,OAAO,EAAE,KAAK,EAAE,KAAK,CAAC,UAAU,CAAC,CACxD,CAAC;IACF,MAAM,eAAe,GAAG,oBAAoB,CAAC,QAAQ,CAAC,CAAC;IACvD,MAAM,QAAQ,GAAG,sBAAsB,CAAC;QACtC,SAAS;QACT,OAAO,EAAE;YACP,EAAE,EAAE,KAAK,CAAC,KAAK;YACf,WAAW,EAAE,SAAS;YACtB,WAAW,EAAE,KAAK,CAAC,MAAM;SAC1B;QACD,MAAM,EAAE,kBAAkB;QAC1B,QAAQ,EAAE;YACR,YAAY,EAAE,QAAQ;YACtB,OAAO,EAAE,sBAAsB,KAAK,CAAC,UAAU,EAAE;YACjD,WAAW,EAAE,KAAK,CAAC,MAAM;SAC1B;QACD,IAAI,EAAE,UAAU;QAChB,kBAAkB,EAAE,yBAAyB,CAAC,QAAQ,CAAC;QACvD,QAAQ;QACR,eAAe;KAChB,CAAC,CAAC;IACH,MAAM,OAAO,GACX,eAAe,CAAC,MAAM,KAAK,aAAa;QACxC,CAAC,2BAA2B,CAAC,QAAQ,CAAC,CAAC;IACzC,OAAO;QACL,OAAO;QACP,SAAS;QACT,OAAO,EAAE,QAAQ,CAAC,OAAO;QACzB,cAAc,EAAE,QAAQ,CAAC,cAAc;QACvC,eAAe,EAAE,QAAQ,CAAC,eAAe;QACzC,GAAG,CAAC,OAAO;YACT,CAAC,CAAC,EAAE;YACJ,CAAC,CAAC;gBACE,WAAW,EACT,gFAAgF;aACnF,CAAC;KACP,CAAC;AACJ,CAAC;AAED,SAAS,2BAA2B,CAAC,QAAyB;IAC5D,OAAO,QAAQ,CAAC,IAAI,CAClB,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,cAAc,CAAC,cAAc,KAAK,YAAY,CACpE,CAAC;AACJ,CAAC;AAED,SAAS,qBAAqB,CAC5B,OAAqB,EACrB,KAAa,EACb,UAAgD;IAEhD,MAAM,OAAO,GAAG,mBAAmB,CACjC;QACE,EAAE,EAAE,WAAW,KAAK,GAAG,CAAC,EAAE;QAC1B,IAAI,EAAE,OAAO,CAAC,IAAI,KAAK,MAAM,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,aAAa;QAC5D,UAAU,EAAE,iBAAiB,OAAO,CAAC,IAAI,EAAE;QAC3C,IAAI,EAAE,UAAU;QAChB,IAAI,EAAE,OAAO,CAAC,OAAO;KACtB,EACD,WAAW,KAAK,GAAG,CAAC,EAAE,CACvB,CAAC;IACF,IAAI,CAAC,UAAU;QAAE,OAAO,OAAO,CAAC;IAChC,OAAO;QACL,GAAG,OAAO;QACV,cAAc,EAAE,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC,OAAO,CAAC;KACrD,CAAC;AACJ,CAAC;AAED,SAAS,yBAAyB,CAChC,QAAyB;IAEzB,IACE,QAAQ,CAAC,IAAI,CACX,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,cAAc,CAAC,cAAc,KAAK,YAAY,CACpE,EACD,CAAC;QACD,OAAO,YAAY,CAAC;IACtB,CAAC;IACD,IACE,QAAQ,CAAC,IAAI,CACX,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,cAAc,CAAC,cAAc,KAAK,SAAS,CACjE,EACD,CAAC;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,IACE,QAAQ,CAAC,IAAI,CACX,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,cAAc,CAAC,cAAc,KAAK,UAAU,CAClE,EACD,CAAC;QACD,OAAO,UAAU,CAAC;IACpB,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC"}