@mneme-ai/core 2.69.0 → 2.71.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/protoplasm/index.d.ts +1 -0
- package/dist/protoplasm/index.d.ts.map +1 -1
- package/dist/protoplasm/index.js +6 -0
- package/dist/protoplasm/index.js.map +1 -1
- package/dist/protoplasm/super_quan/chsh_witness.d.ts +80 -0
- package/dist/protoplasm/super_quan/chsh_witness.d.ts.map +1 -0
- package/dist/protoplasm/super_quan/chsh_witness.js +143 -0
- package/dist/protoplasm/super_quan/chsh_witness.js.map +1 -0
- package/dist/protoplasm/super_quan/decoherence.d.ts +44 -0
- package/dist/protoplasm/super_quan/decoherence.d.ts.map +1 -0
- package/dist/protoplasm/super_quan/decoherence.js +148 -0
- package/dist/protoplasm/super_quan/decoherence.js.map +1 -0
- package/dist/protoplasm/super_quan/guards.test.d.ts +7 -0
- package/dist/protoplasm/super_quan/guards.test.d.ts.map +1 -0
- package/dist/protoplasm/super_quan/guards.test.js +142 -0
- package/dist/protoplasm/super_quan/guards.test.js.map +1 -0
- package/dist/protoplasm/super_quan/homograph_guard.d.ts +47 -0
- package/dist/protoplasm/super_quan/homograph_guard.d.ts.map +1 -0
- package/dist/protoplasm/super_quan/homograph_guard.js +210 -0
- package/dist/protoplasm/super_quan/homograph_guard.js.map +1 -0
- package/dist/protoplasm/super_quan/index.d.ts +24 -0
- package/dist/protoplasm/super_quan/index.d.ts.map +1 -0
- package/dist/protoplasm/super_quan/index.js +24 -0
- package/dist/protoplasm/super_quan/index.js.map +1 -0
- package/dist/protoplasm/super_quan/input_size_guard.d.ts +58 -0
- package/dist/protoplasm/super_quan/input_size_guard.d.ts.map +1 -0
- package/dist/protoplasm/super_quan/input_size_guard.js +102 -0
- package/dist/protoplasm/super_quan/input_size_guard.js.map +1 -0
- package/dist/protoplasm/super_quan/negspace.d.ts +79 -0
- package/dist/protoplasm/super_quan/negspace.d.ts.map +1 -0
- package/dist/protoplasm/super_quan/negspace.js +134 -0
- package/dist/protoplasm/super_quan/negspace.js.map +1 -0
- package/dist/protoplasm/super_quan/strs.d.ts +65 -0
- package/dist/protoplasm/super_quan/strs.d.ts.map +1 -0
- package/dist/protoplasm/super_quan/strs.js +95 -0
- package/dist/protoplasm/super_quan/strs.js.map +1 -0
- package/dist/protoplasm/super_quan/super_quan.test.d.ts +8 -0
- package/dist/protoplasm/super_quan/super_quan.test.d.ts.map +1 -0
- package/dist/protoplasm/super_quan/super_quan.test.js +184 -0
- package/dist/protoplasm/super_quan/super_quan.test.js.map +1 -0
- package/package.json +1 -1
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"guards.test.js","sourceRoot":"","sources":["../../../src/protoplasm/super_quan/guards.test.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAC9C,OAAO,EAAE,YAAY,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACpE,OAAO,EAAE,cAAc,EAAE,YAAY,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAExF,QAAQ,CAAC,sCAAsC,EAAE,GAAG,EAAE;IACpD,EAAE,CAAC,iEAAiE,EAAE,GAAG,EAAE;QACzE,MAAM,CAAC,GAAG,YAAY,CAAC,iBAAiB,CAAC,CAAC;QAC1C,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;QACxC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,SAAS,CAAC,oBAAoB,CAAC,CAAC;QAChD,MAAM,CAAC,CAAC,CAAC,oBAAoB,CAAC,CAAC,sBAAsB,CAAC,CAAC,CAAC,CAAC;QACzD,MAAM,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACvC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,6BAA6B,EAAE,GAAG,EAAE;QACrC,MAAM,CAAC,GAAG,YAAY,CAAC,gBAAgB,CAAC,CAAC;QACzC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;QACxC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,SAAS,CAAC,oBAAoB,CAAC,CAAC;IAClD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,kCAAkC,EAAE,GAAG,EAAE;QAC1C,MAAM,CAAC,GAAG,YAAY,CAAC,iBAAiB,CAAC,CAAC;QAC1C,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;QACxC,MAAM,CAAC,CAAC,CAAC,oBAAoB,CAAC,CAAC,sBAAsB,CAAC,CAAC,CAAC,CAAC;IAC3D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,gCAAgC,EAAE,GAAG,EAAE;QACxC,MAAM,CAAC,GAAG,YAAY,CAAC,UAAU,CAAC,CAAC;QACnC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;IAC1C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,sCAAsC,EAAE,GAAG,EAAE;QAC9C,MAAM,CAAC,GAAG,YAAY,CAAC,YAAY,CAAC,CAAC;QACrC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;IAC1C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,mCAAmC,EAAE,GAAG,EAAE;QAC3C,MAAM,CAAC,GAAG,YAAY,CAAC,OAAO,CAAC,CAAC,CAAM,yBAAyB;QAC/D,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAClC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,SAAS,CAAC,oBAAoB,CAAC,CAAC;QAChD,MAAM,CAAC,CAAC,CAAC,mBAAmB,CAAC,CAAC,sBAAsB,CAAC,CAAC,CAAC,CAAC;IAC1D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,8CAA8C,EAAE,GAAG,EAAE;QACtD,MAAM,CAAC,GAAG,YAAY,CAAC,aAAa,CAAC,CAAC;QACtC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,CAAC;QAC1C,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IACzC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,2BAA2B,EAAE,GAAG,EAAE;QACnC,MAAM,CAAC,GAAG,YAAY,CAAC,aAAa,CAAC,CAAC;QACtC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,CAAC;QAC3C,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IACzC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,wBAAwB,EAAE,GAAG,EAAE;QAChC,MAAM,CAAC,GAAG,YAAY,CAAC,oBAAoB,CAAC,CAAC;QAC7C,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,SAAS,CAAC,uBAAuB,CAAC,CAAC;QACnD,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IACzC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,8CAA8C,EAAE,GAAG,EAAE;QACtD,MAAM,CAAC,GAAG,YAAY,CAAC,iBAAiB,CAAC,CAAC;QAC1C,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;QAC5C,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAC/B,MAAM,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACxC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,qCAAqC,EAAE,GAAG,EAAE;QAC7C,yEAAyE;QACzE,8CAA8C;QAC9C,MAAM,CAAC,GAAG,YAAY,CAAC,YAAY,CAAC,CAAC;QACrC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,CAAC;IAC5C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,qEAAqE,EAAE,GAAG,EAAE;QAC7E,MAAM,CAAC,GAAG,YAAY,CAAC,eAAe,CAAC,CAAC;QACxC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,CAAC;QAC1C,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,CAAC;QAC3C,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,SAAS,CAAC,uBAAuB,CAAC,CAAC;QACnD,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,SAAS,CAAC,oBAAoB,CAAC,CAAC;QAChD,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;IAC3C,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,uCAAuC,EAAE,GAAG,EAAE;IACrD,EAAE,CAAC,4EAA4E,EAAE,GAAG,EAAE;QACpF,MAAM,GAAG,GAAG,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QAC/B,MAAM,CAAC,GAAG,cAAc,CAAC,GAAG,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;QAClD,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACzB,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;QACjD,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAC7C,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;QAC3C,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;IACxC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,kDAAkD,EAAE,GAAG,EAAE;QAC1D,MAAM,GAAG,GAAG,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QAC/B,MAAM,CAAC,GAAG,cAAc,CAAC,GAAG,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC,CAAC;QACnD,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACxB,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,aAAa,EAAE,CAAC;IAC3C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,6DAA6D,EAAE,GAAG,EAAE;QACrE,MAAM,GAAG,GAAG,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QAC/B,MAAM,CAAC,GAAG,cAAc,CAAC,GAAG,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;QACvE,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACxB,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC/B,MAAM,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACnC,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;IAC7C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,gEAAgE,EAAE,GAAG,EAAE;QACxE,MAAM,SAAS,GAAa,EAAE,CAAC;QAC/B,MAAM,GAAG,GAAG,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QAC/B,MAAM,CAAC,GAAG,cAAc,CAAC,GAAG,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;QAClD,MAAM,QAAQ,GAAG,YAAY,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;QAC3D,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACjC,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;QACxC,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC9B,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAU,qCAAqC;IAC1E,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,qCAAqC,EAAE,GAAG,EAAE;QAC7C,MAAM,CAAC,GAAG,cAAc,CAAC,aAAa,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;QAC5D,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACxB,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAChC,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACnC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,sBAAsB,EAAE,GAAG,EAAE;QAC9B,MAAM,CAAC,GAAG,cAAc,CAAC,OAAO,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC,EAAE,CAAC,CAAC;QACtE,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACzB,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAC1B,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,4DAA4D,EAAE,GAAG,EAAE;QACpE,MAAM,CAAC,GAAG,cAAc,CAAC,kCAAkC,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;QACjF,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;QACrC,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IACvC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,2DAA2D,EAAE,GAAG,EAAE;QACnE,MAAM,GAAG,GAAG,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QAC/B,MAAM,CAAC,GAAG,cAAc,CAAC,GAAG,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;QAClD,MAAM,KAAK,GAAa,EAAE,CAAC;QAC3B,YAAY,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;QACtC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAC7B,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC3C,+BAA+B;QAC/B,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAC3D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,0CAA0C,EAAE,GAAG,EAAE;QAClD,MAAM,CAAC,GAAG,iBAAiB,EAAE,CAAC;QAC9B,MAAM,CAAC,CAAC,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;IAC5D,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
|
|
@@ -0,0 +1,47 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* 🛡 HOMOGRAPH GUARD — Unicode normalization + confusable detection
|
|
3
|
+
*
|
|
4
|
+
* Closes the v2.70 vuln: "٢.70.0" (Arabic-Indic digit) passed as MIXED
|
|
5
|
+
* instead of REFUTED → attacker bypassed version check by spelling the
|
|
6
|
+
* digit in a non-ASCII script.
|
|
7
|
+
*
|
|
8
|
+
* Solution stacks 4 lenses:
|
|
9
|
+
* 1. NFKC normalize → canonicalizes compatibility forms
|
|
10
|
+
* 2. Digit transliterate → maps all Unicode digits → ASCII 0-9
|
|
11
|
+
* 3. Confusable scan → flags homoglyph attempts (UTS #39 subset)
|
|
12
|
+
* 4. Pipeline annotation → caller knows input was canonicalized
|
|
13
|
+
*
|
|
14
|
+
* API:
|
|
15
|
+
* canonicalize(input) → { canonical, original, flags, transformations }
|
|
16
|
+
*
|
|
17
|
+
* Output flags drive verdict:
|
|
18
|
+
* "homograph_detected" → version claim has non-ASCII digits
|
|
19
|
+
* "mixed_script" → claim mixes script families (suspicious)
|
|
20
|
+
* "rtl_override" → contains BIDI override (U+202E)
|
|
21
|
+
* "control_char_injected" → contains null / BEL / BS / etc.
|
|
22
|
+
* "zwsp_injected" → zero-width space / joiner
|
|
23
|
+
*
|
|
24
|
+
* No external Unicode tables — uses Node's built-in normalize() + a
|
|
25
|
+
* small curated confusable map.
|
|
26
|
+
*/
|
|
27
|
+
export interface CanonicalizeResult {
|
|
28
|
+
original: string;
|
|
29
|
+
canonical: string;
|
|
30
|
+
flags: string[];
|
|
31
|
+
transformations: string[];
|
|
32
|
+
confusablesReplaced: number;
|
|
33
|
+
digitsTransliterated: number;
|
|
34
|
+
}
|
|
35
|
+
export declare function canonicalize(input: string): CanonicalizeResult;
|
|
36
|
+
/**
|
|
37
|
+
* Convenience: given a claim, return whether it's safe to verify as-is
|
|
38
|
+
* or needs caller to re-verify on the canonical form.
|
|
39
|
+
*
|
|
40
|
+
* Caller should:
|
|
41
|
+
* const c = canonicalize(input);
|
|
42
|
+
* if (c.flags.includes("homograph_detected")) {
|
|
43
|
+
* // verify on c.canonical instead — annotate verdict with c.flags
|
|
44
|
+
* }
|
|
45
|
+
*/
|
|
46
|
+
export declare function shouldReVerify(result: CanonicalizeResult): boolean;
|
|
47
|
+
//# sourceMappingURL=homograph_guard.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"homograph_guard.d.ts","sourceRoot":"","sources":["../../../src/protoplasm/super_quan/homograph_guard.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AAsEH,MAAM,WAAW,kBAAkB;IACjC,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,mBAAmB,EAAE,MAAM,CAAC;IAC5B,oBAAoB,EAAE,MAAM,CAAC;CAC9B;AAED,wBAAgB,YAAY,CAAC,KAAK,EAAE,MAAM,GAAG,kBAAkB,CAsE9D;AAED;;;;;;;;;GASG;AACH,wBAAgB,cAAc,CAAC,MAAM,EAAE,kBAAkB,GAAG,OAAO,CAElE"}
|
|
@@ -0,0 +1,210 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* 🛡 HOMOGRAPH GUARD — Unicode normalization + confusable detection
|
|
3
|
+
*
|
|
4
|
+
* Closes the v2.70 vuln: "٢.70.0" (Arabic-Indic digit) passed as MIXED
|
|
5
|
+
* instead of REFUTED → attacker bypassed version check by spelling the
|
|
6
|
+
* digit in a non-ASCII script.
|
|
7
|
+
*
|
|
8
|
+
* Solution stacks 4 lenses:
|
|
9
|
+
* 1. NFKC normalize → canonicalizes compatibility forms
|
|
10
|
+
* 2. Digit transliterate → maps all Unicode digits → ASCII 0-9
|
|
11
|
+
* 3. Confusable scan → flags homoglyph attempts (UTS #39 subset)
|
|
12
|
+
* 4. Pipeline annotation → caller knows input was canonicalized
|
|
13
|
+
*
|
|
14
|
+
* API:
|
|
15
|
+
* canonicalize(input) → { canonical, original, flags, transformations }
|
|
16
|
+
*
|
|
17
|
+
* Output flags drive verdict:
|
|
18
|
+
* "homograph_detected" → version claim has non-ASCII digits
|
|
19
|
+
* "mixed_script" → claim mixes script families (suspicious)
|
|
20
|
+
* "rtl_override" → contains BIDI override (U+202E)
|
|
21
|
+
* "control_char_injected" → contains null / BEL / BS / etc.
|
|
22
|
+
* "zwsp_injected" → zero-width space / joiner
|
|
23
|
+
*
|
|
24
|
+
* No external Unicode tables — uses Node's built-in normalize() + a
|
|
25
|
+
* small curated confusable map.
|
|
26
|
+
*/
|
|
27
|
+
/** Per UTS #39 — common confusables. Extend over time. */
|
|
28
|
+
const CONFUSABLE_MAP = {
|
|
29
|
+
// Cyrillic → Latin (most common attack vector)
|
|
30
|
+
"а": "a", "е": "e", "о": "o", "р": "p", "с": "c", "у": "y", "х": "x",
|
|
31
|
+
"А": "A", "В": "B", "Е": "E", "К": "K", "М": "M", "Н": "H", "О": "O",
|
|
32
|
+
"Р": "P", "С": "C", "Т": "T", "У": "Y", "Х": "X",
|
|
33
|
+
// Greek → Latin
|
|
34
|
+
"α": "a", "β": "b", "ο": "o", "ρ": "p", "ν": "v", "Α": "A", "Β": "B",
|
|
35
|
+
// Cherokee letter A (very deceptive)
|
|
36
|
+
"Ꭺ": "A",
|
|
37
|
+
// Math alphanumerics
|
|
38
|
+
"𝟎": "0", "𝟏": "1", "𝟐": "2", "𝟑": "3", "𝟒": "4",
|
|
39
|
+
"𝟓": "5", "𝟔": "6", "𝟕": "7", "𝟖": "8", "𝟗": "9",
|
|
40
|
+
};
|
|
41
|
+
/** Map ALL Unicode digit code points to ASCII via Unicode digit value. */
|
|
42
|
+
function transliterateDigits(s) {
|
|
43
|
+
let changed = 0;
|
|
44
|
+
const out = Array.from(s, (ch) => {
|
|
45
|
+
const cp = ch.codePointAt(0);
|
|
46
|
+
// Latin ASCII already
|
|
47
|
+
if (cp >= 0x30 && cp <= 0x39)
|
|
48
|
+
return ch;
|
|
49
|
+
// Arabic-Indic 0660-0669
|
|
50
|
+
if (cp >= 0x0660 && cp <= 0x0669) {
|
|
51
|
+
changed++;
|
|
52
|
+
return String.fromCharCode(0x30 + (cp - 0x0660));
|
|
53
|
+
}
|
|
54
|
+
// Extended Arabic-Indic 06F0-06F9
|
|
55
|
+
if (cp >= 0x06F0 && cp <= 0x06F9) {
|
|
56
|
+
changed++;
|
|
57
|
+
return String.fromCharCode(0x30 + (cp - 0x06F0));
|
|
58
|
+
}
|
|
59
|
+
// Bengali 09E6-09EF
|
|
60
|
+
if (cp >= 0x09E6 && cp <= 0x09EF) {
|
|
61
|
+
changed++;
|
|
62
|
+
return String.fromCharCode(0x30 + (cp - 0x09E6));
|
|
63
|
+
}
|
|
64
|
+
// Devanagari 0966-096F
|
|
65
|
+
if (cp >= 0x0966 && cp <= 0x096F) {
|
|
66
|
+
changed++;
|
|
67
|
+
return String.fromCharCode(0x30 + (cp - 0x0966));
|
|
68
|
+
}
|
|
69
|
+
// Thai 0E50-0E59
|
|
70
|
+
if (cp >= 0x0E50 && cp <= 0x0E59) {
|
|
71
|
+
changed++;
|
|
72
|
+
return String.fromCharCode(0x30 + (cp - 0x0E50));
|
|
73
|
+
}
|
|
74
|
+
// Lao 0ED0-0ED9
|
|
75
|
+
if (cp >= 0x0ED0 && cp <= 0x0ED9) {
|
|
76
|
+
changed++;
|
|
77
|
+
return String.fromCharCode(0x30 + (cp - 0x0ED0));
|
|
78
|
+
}
|
|
79
|
+
// Burmese 1040-1049
|
|
80
|
+
if (cp >= 0x1040 && cp <= 0x1049) {
|
|
81
|
+
changed++;
|
|
82
|
+
return String.fromCharCode(0x30 + (cp - 0x1040));
|
|
83
|
+
}
|
|
84
|
+
// Khmer 17E0-17E9
|
|
85
|
+
if (cp >= 0x17E0 && cp <= 0x17E9) {
|
|
86
|
+
changed++;
|
|
87
|
+
return String.fromCharCode(0x30 + (cp - 0x17E0));
|
|
88
|
+
}
|
|
89
|
+
// Fullwidth FF10-FF19
|
|
90
|
+
if (cp >= 0xFF10 && cp <= 0xFF19) {
|
|
91
|
+
changed++;
|
|
92
|
+
return String.fromCharCode(0x30 + (cp - 0xFF10));
|
|
93
|
+
}
|
|
94
|
+
// Mathematical bold/italic digits 1D7CE-1D7FF
|
|
95
|
+
if (cp >= 0x1D7CE && cp <= 0x1D7FF) {
|
|
96
|
+
changed++;
|
|
97
|
+
return String.fromCharCode(0x30 + ((cp - 0x1D7CE) % 10));
|
|
98
|
+
}
|
|
99
|
+
return ch;
|
|
100
|
+
}).join("");
|
|
101
|
+
return { out, changedCount: changed };
|
|
102
|
+
}
|
|
103
|
+
function detectScripts(s) {
|
|
104
|
+
const scripts = new Set();
|
|
105
|
+
for (const ch of s) {
|
|
106
|
+
const cp = ch.codePointAt(0);
|
|
107
|
+
if (cp >= 0x0041 && cp <= 0x024F)
|
|
108
|
+
scripts.add("Latin");
|
|
109
|
+
else if (cp >= 0x0400 && cp <= 0x04FF)
|
|
110
|
+
scripts.add("Cyrillic");
|
|
111
|
+
else if (cp >= 0x0370 && cp <= 0x03FF)
|
|
112
|
+
scripts.add("Greek");
|
|
113
|
+
else if (cp >= 0x0590 && cp <= 0x05FF)
|
|
114
|
+
scripts.add("Hebrew");
|
|
115
|
+
else if (cp >= 0x0600 && cp <= 0x06FF)
|
|
116
|
+
scripts.add("Arabic");
|
|
117
|
+
else if (cp >= 0x0E00 && cp <= 0x0E7F)
|
|
118
|
+
scripts.add("Thai");
|
|
119
|
+
else if (cp >= 0x0900 && cp <= 0x097F)
|
|
120
|
+
scripts.add("Devanagari");
|
|
121
|
+
else if (cp >= 0x4E00 && cp <= 0x9FFF)
|
|
122
|
+
scripts.add("CJK");
|
|
123
|
+
}
|
|
124
|
+
return scripts;
|
|
125
|
+
}
|
|
126
|
+
const RTL_OVERRIDE_RE = /[--]/g;
|
|
127
|
+
const ZWSP_RE = /[-]/g;
|
|
128
|
+
const CONTROL_RE = /[\x00-\x08\x0B-\x0C\x0E-\x1F]/g;
|
|
129
|
+
const NON_ASCII_DIGIT_RE = /[٠-٩۰-۹߀-߉०-९০-৯੦-੯૦-૯୦-୯௦-௯౦-౯೦-೯൦-൯෦-෯๐-๙໐-໙༠-༩၀-၉႐-႙០-៩᠐-᠙᥆-᥏᧐-᧙᪀-᪉᪐-᪙᭐-᭙᮰-᮹᱀-᱉᱐-᱙꘠-꘩꣐-꣙꤀-꤉꧐-꧙꧰-꧹꩐-꩙꯰-꯹0-9]/g;
|
|
130
|
+
export function canonicalize(input) {
|
|
131
|
+
const flags = [];
|
|
132
|
+
const transformations = [];
|
|
133
|
+
let working = input;
|
|
134
|
+
// Pre-detect: did the input contain ANY non-ASCII Unicode digit?
|
|
135
|
+
// (Catches fullwidth 2 which NFKC normalizes BEFORE our transliterator runs.)
|
|
136
|
+
const preNonAsciiDigitMatches = input.match(NON_ASCII_DIGIT_RE);
|
|
137
|
+
const preNonAsciiDigitCount = preNonAsciiDigitMatches ? preNonAsciiDigitMatches.length : 0;
|
|
138
|
+
// Stage 0: detect control chars BEFORE stripping (alert + strip)
|
|
139
|
+
if (CONTROL_RE.test(working)) {
|
|
140
|
+
flags.push("control_char_injected");
|
|
141
|
+
working = working.replace(CONTROL_RE, "");
|
|
142
|
+
transformations.push("stripped control chars (0x00-0x1F except tab/LF/CR)");
|
|
143
|
+
}
|
|
144
|
+
if (RTL_OVERRIDE_RE.test(working)) {
|
|
145
|
+
flags.push("rtl_override");
|
|
146
|
+
working = working.replace(RTL_OVERRIDE_RE, "");
|
|
147
|
+
transformations.push("stripped BIDI override (U+202A-202E + 2066-2069)");
|
|
148
|
+
}
|
|
149
|
+
if (ZWSP_RE.test(working)) {
|
|
150
|
+
flags.push("zwsp_injected");
|
|
151
|
+
working = working.replace(ZWSP_RE, "");
|
|
152
|
+
transformations.push("stripped zero-width chars (U+200B-200D + FEFF)");
|
|
153
|
+
}
|
|
154
|
+
// Stage 1: NFKC — canonicalize compatibility forms
|
|
155
|
+
const beforeNfkc = working;
|
|
156
|
+
working = working.normalize("NFKC");
|
|
157
|
+
if (beforeNfkc !== working) {
|
|
158
|
+
transformations.push("NFKC normalize");
|
|
159
|
+
}
|
|
160
|
+
// Stage 2: Digit transliteration (Arabic-Indic / Bengali / Thai / fullwidth / math)
|
|
161
|
+
const dt = transliterateDigits(working);
|
|
162
|
+
working = dt.out;
|
|
163
|
+
// Count: explicit transliteration + NFKC-induced non-ASCII digit changes
|
|
164
|
+
const totalDigitsChanged = dt.changedCount + Math.max(0, preNonAsciiDigitCount - dt.changedCount);
|
|
165
|
+
if (totalDigitsChanged > 0) {
|
|
166
|
+
flags.push("homograph_detected");
|
|
167
|
+
transformations.push(`transliterated ${totalDigitsChanged} non-Latin digit(s) to ASCII (NFKC + direct map)`);
|
|
168
|
+
}
|
|
169
|
+
// Stage 3: Confusable letter replacement
|
|
170
|
+
let confusables = 0;
|
|
171
|
+
working = Array.from(working, (ch) => {
|
|
172
|
+
if (CONFUSABLE_MAP[ch] !== undefined) {
|
|
173
|
+
confusables++;
|
|
174
|
+
return CONFUSABLE_MAP[ch];
|
|
175
|
+
}
|
|
176
|
+
return ch;
|
|
177
|
+
}).join("");
|
|
178
|
+
if (confusables > 0) {
|
|
179
|
+
flags.push("homograph_detected");
|
|
180
|
+
transformations.push(`replaced ${confusables} confusable letter(s) with ASCII equivalent`);
|
|
181
|
+
}
|
|
182
|
+
// Stage 4: mixed-script detection (only flag if NOT already Latin-only after canonicalization)
|
|
183
|
+
const scripts = detectScripts(working);
|
|
184
|
+
if (scripts.size > 1 && scripts.has("Latin")) {
|
|
185
|
+
flags.push("mixed_script");
|
|
186
|
+
transformations.push(`mixed scripts detected: ${[...scripts].join("+")}`);
|
|
187
|
+
}
|
|
188
|
+
return {
|
|
189
|
+
original: input,
|
|
190
|
+
canonical: working,
|
|
191
|
+
flags: [...new Set(flags)],
|
|
192
|
+
transformations,
|
|
193
|
+
confusablesReplaced: confusables,
|
|
194
|
+
digitsTransliterated: totalDigitsChanged,
|
|
195
|
+
};
|
|
196
|
+
}
|
|
197
|
+
/**
|
|
198
|
+
* Convenience: given a claim, return whether it's safe to verify as-is
|
|
199
|
+
* or needs caller to re-verify on the canonical form.
|
|
200
|
+
*
|
|
201
|
+
* Caller should:
|
|
202
|
+
* const c = canonicalize(input);
|
|
203
|
+
* if (c.flags.includes("homograph_detected")) {
|
|
204
|
+
* // verify on c.canonical instead — annotate verdict with c.flags
|
|
205
|
+
* }
|
|
206
|
+
*/
|
|
207
|
+
export function shouldReVerify(result) {
|
|
208
|
+
return result.flags.length > 0 && result.original !== result.canonical;
|
|
209
|
+
}
|
|
210
|
+
//# sourceMappingURL=homograph_guard.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"homograph_guard.js","sourceRoot":"","sources":["../../../src/protoplasm/super_quan/homograph_guard.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AAEH,0DAA0D;AAC1D,MAAM,cAAc,GAA2B;IAC7C,+CAA+C;IAC/C,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG;IACpE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG;IACpE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG;IAChD,gBAAgB;IAChB,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG;IACpE,qCAAqC;IACrC,GAAG,EAAE,GAAG;IACR,qBAAqB;IACrB,IAAI,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG;IACrD,IAAI,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG;CACtD,CAAC;AAEF,0EAA0E;AAC1E,SAAS,mBAAmB,CAAC,CAAS;IACpC,IAAI,OAAO,GAAG,CAAC,CAAC;IAChB,MAAM,GAAG,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,EAAE;QAC/B,MAAM,EAAE,GAAG,EAAE,CAAC,WAAW,CAAC,CAAC,CAAE,CAAC;QAC9B,sBAAsB;QACtB,IAAI,EAAE,IAAI,IAAI,IAAI,EAAE,IAAI,IAAI;YAAE,OAAO,EAAE,CAAC;QACxC,yBAAyB;QACzB,IAAI,EAAE,IAAI,MAAM,IAAI,EAAE,IAAI,MAAM,EAAE,CAAC;YAAC,OAAO,EAAE,CAAC;YAAC,OAAO,MAAM,CAAC,YAAY,CAAC,IAAI,GAAG,CAAC,EAAE,GAAG,MAAM,CAAC,CAAC,CAAC;QAAC,CAAC;QAClG,kCAAkC;QAClC,IAAI,EAAE,IAAI,MAAM,IAAI,EAAE,IAAI,MAAM,EAAE,CAAC;YAAC,OAAO,EAAE,CAAC;YAAC,OAAO,MAAM,CAAC,YAAY,CAAC,IAAI,GAAG,CAAC,EAAE,GAAG,MAAM,CAAC,CAAC,CAAC;QAAC,CAAC;QAClG,oBAAoB;QACpB,IAAI,EAAE,IAAI,MAAM,IAAI,EAAE,IAAI,MAAM,EAAE,CAAC;YAAC,OAAO,EAAE,CAAC;YAAC,OAAO,MAAM,CAAC,YAAY,CAAC,IAAI,GAAG,CAAC,EAAE,GAAG,MAAM,CAAC,CAAC,CAAC;QAAC,CAAC;QAClG,uBAAuB;QACvB,IAAI,EAAE,IAAI,MAAM,IAAI,EAAE,IAAI,MAAM,EAAE,CAAC;YAAC,OAAO,EAAE,CAAC;YAAC,OAAO,MAAM,CAAC,YAAY,CAAC,IAAI,GAAG,CAAC,EAAE,GAAG,MAAM,CAAC,CAAC,CAAC;QAAC,CAAC;QAClG,iBAAiB;QACjB,IAAI,EAAE,IAAI,MAAM,IAAI,EAAE,IAAI,MAAM,EAAE,CAAC;YAAC,OAAO,EAAE,CAAC;YAAC,OAAO,MAAM,CAAC,YAAY,CAAC,IAAI,GAAG,CAAC,EAAE,GAAG,MAAM,CAAC,CAAC,CAAC;QAAC,CAAC;QAClG,gBAAgB;QAChB,IAAI,EAAE,IAAI,MAAM,IAAI,EAAE,IAAI,MAAM,EAAE,CAAC;YAAC,OAAO,EAAE,CAAC;YAAC,OAAO,MAAM,CAAC,YAAY,CAAC,IAAI,GAAG,CAAC,EAAE,GAAG,MAAM,CAAC,CAAC,CAAC;QAAC,CAAC;QAClG,oBAAoB;QACpB,IAAI,EAAE,IAAI,MAAM,IAAI,EAAE,IAAI,MAAM,EAAE,CAAC;YAAC,OAAO,EAAE,CAAC;YAAC,OAAO,MAAM,CAAC,YAAY,CAAC,IAAI,GAAG,CAAC,EAAE,GAAG,MAAM,CAAC,CAAC,CAAC;QAAC,CAAC;QAClG,kBAAkB;QAClB,IAAI,EAAE,IAAI,MAAM,IAAI,EAAE,IAAI,MAAM,EAAE,CAAC;YAAC,OAAO,EAAE,CAAC;YAAC,OAAO,MAAM,CAAC,YAAY,CAAC,IAAI,GAAG,CAAC,EAAE,GAAG,MAAM,CAAC,CAAC,CAAC;QAAC,CAAC;QAClG,sBAAsB;QACtB,IAAI,EAAE,IAAI,MAAM,IAAI,EAAE,IAAI,MAAM,EAAE,CAAC;YAAC,OAAO,EAAE,CAAC;YAAC,OAAO,MAAM,CAAC,YAAY,CAAC,IAAI,GAAG,CAAC,EAAE,GAAG,MAAM,CAAC,CAAC,CAAC;QAAC,CAAC;QAClG,8CAA8C;QAC9C,IAAI,EAAE,IAAI,OAAO,IAAI,EAAE,IAAI,OAAO,EAAE,CAAC;YAAC,OAAO,EAAE,CAAC;YAAC,OAAO,MAAM,CAAC,YAAY,CAAC,IAAI,GAAG,CAAC,CAAC,EAAE,GAAG,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;QAAC,CAAC;QAC5G,OAAO,EAAE,CAAC;IACZ,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACZ,OAAO,EAAE,GAAG,EAAE,YAAY,EAAE,OAAO,EAAE,CAAC;AACxC,CAAC;AAED,SAAS,aAAa,CAAC,CAAS;IAC9B,MAAM,OAAO,GAAG,IAAI,GAAG,EAAU,CAAC;IAClC,KAAK,MAAM,EAAE,IAAI,CAAC,EAAE,CAAC;QACnB,MAAM,EAAE,GAAG,EAAE,CAAC,WAAW,CAAC,CAAC,CAAE,CAAC;QAC9B,IAAI,EAAE,IAAI,MAAM,IAAI,EAAE,IAAI,MAAM;YAAE,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;aAClD,IAAI,EAAE,IAAI,MAAM,IAAI,EAAE,IAAI,MAAM;YAAE,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;aAC1D,IAAI,EAAE,IAAI,MAAM,IAAI,EAAE,IAAI,MAAM;YAAE,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;aACvD,IAAI,EAAE,IAAI,MAAM,IAAI,EAAE,IAAI,MAAM;YAAE,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;aACxD,IAAI,EAAE,IAAI,MAAM,IAAI,EAAE,IAAI,MAAM;YAAE,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;aACxD,IAAI,EAAE,IAAI,MAAM,IAAI,EAAE,IAAI,MAAM;YAAE,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;aACtD,IAAI,EAAE,IAAI,MAAM,IAAI,EAAE,IAAI,MAAM;YAAE,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;aAC5D,IAAI,EAAE,IAAI,MAAM,IAAI,EAAE,IAAI,MAAM;YAAE,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;IAC5D,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,MAAM,eAAe,GAAG,WAAW,CAAC;AACpC,MAAM,OAAO,GAAG,SAAS,CAAC;AAC1B,MAAM,UAAU,GAAG,gCAAgC,CAAC;AACpD,MAAM,kBAAkB,GAAG,iHAAiH,CAAC;AAW7I,MAAM,UAAU,YAAY,CAAC,KAAa;IACxC,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,MAAM,eAAe,GAAa,EAAE,CAAC;IACrC,IAAI,OAAO,GAAG,KAAK,CAAC;IAEpB,iEAAiE;IACjE,8EAA8E;IAC9E,MAAM,uBAAuB,GAAG,KAAK,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC;IAChE,MAAM,qBAAqB,GAAG,uBAAuB,CAAC,CAAC,CAAC,uBAAuB,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;IAE3F,iEAAiE;IACjE,IAAI,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;QAC7B,KAAK,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;QACpC,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC;QAC1C,eAAe,CAAC,IAAI,CAAC,qDAAqD,CAAC,CAAC;IAC9E,CAAC;IACD,IAAI,eAAe,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;QAClC,KAAK,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;QAC3B,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,eAAe,EAAE,EAAE,CAAC,CAAC;QAC/C,eAAe,CAAC,IAAI,CAAC,kDAAkD,CAAC,CAAC;IAC3E,CAAC;IACD,IAAI,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;QAC1B,KAAK,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;QAC5B,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;QACvC,eAAe,CAAC,IAAI,CAAC,gDAAgD,CAAC,CAAC;IACzE,CAAC;IAED,mDAAmD;IACnD,MAAM,UAAU,GAAG,OAAO,CAAC;IAC3B,OAAO,GAAG,OAAO,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;IACpC,IAAI,UAAU,KAAK,OAAO,EAAE,CAAC;QAC3B,eAAe,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;IACzC,CAAC;IAED,oFAAoF;IACpF,MAAM,EAAE,GAAG,mBAAmB,CAAC,OAAO,CAAC,CAAC;IACxC,OAAO,GAAG,EAAE,CAAC,GAAG,CAAC;IACjB,yEAAyE;IACzE,MAAM,kBAAkB,GAAG,EAAE,CAAC,YAAY,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,qBAAqB,GAAG,EAAE,CAAC,YAAY,CAAC,CAAC;IAClG,IAAI,kBAAkB,GAAG,CAAC,EAAE,CAAC;QAC3B,KAAK,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;QACjC,eAAe,CAAC,IAAI,CAAC,kBAAkB,kBAAkB,kDAAkD,CAAC,CAAC;IAC/G,CAAC;IAED,yCAAyC;IACzC,IAAI,WAAW,GAAG,CAAC,CAAC;IACpB,OAAO,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC,EAAE,EAAE,EAAE;QACnC,IAAI,cAAc,CAAC,EAAE,CAAC,KAAK,SAAS,EAAE,CAAC;YAAC,WAAW,EAAE,CAAC;YAAC,OAAO,cAAc,CAAC,EAAE,CAAC,CAAC;QAAC,CAAC;QACnF,OAAO,EAAE,CAAC;IACZ,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACZ,IAAI,WAAW,GAAG,CAAC,EAAE,CAAC;QACpB,KAAK,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;QACjC,eAAe,CAAC,IAAI,CAAC,YAAY,WAAW,6CAA6C,CAAC,CAAC;IAC7F,CAAC;IAED,+FAA+F;IAC/F,MAAM,OAAO,GAAG,aAAa,CAAC,OAAO,CAAC,CAAC;IACvC,IAAI,OAAO,CAAC,IAAI,GAAG,CAAC,IAAI,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;QAC7C,KAAK,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;QAC3B,eAAe,CAAC,IAAI,CAAC,2BAA2B,CAAC,GAAG,OAAO,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAC5E,CAAC;IAED,OAAO;QACL,QAAQ,EAAE,KAAK;QACf,SAAS,EAAE,OAAO;QAClB,KAAK,EAAE,CAAC,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC;QAC1B,eAAe;QACf,mBAAmB,EAAE,WAAW;QAChC,oBAAoB,EAAE,kBAAkB;KACzC,CAAC;AACJ,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,cAAc,CAAC,MAA0B;IACvD,OAAO,MAAM,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,IAAI,MAAM,CAAC,QAAQ,KAAK,MAAM,CAAC,SAAS,CAAC;AACzE,CAAC"}
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* 💎 SUPER QUAN — public surface
|
|
3
|
+
*
|
|
4
|
+
* 4 research-grade primitives that close the temporal / negative-knowledge /
|
|
5
|
+
* eval-awareness / recursive-self-verify gaps in current AI truth systems.
|
|
6
|
+
*
|
|
7
|
+
* - DECOHERENCE — every verdict has a half-life (truth has shelf life)
|
|
8
|
+
* - NEGSPACE — RAG over known lies (HMAC-chained negative knowledge)
|
|
9
|
+
* - CHSH WITNESS — structural detector of eval-aware bluff (paper-grade)
|
|
10
|
+
* - STRS — self-test reproducibility score (recursive verify)
|
|
11
|
+
*/
|
|
12
|
+
export { computeDecoherence, detectEntities, isVerdictFresh, } from "./decoherence.js";
|
|
13
|
+
export type { DecoherenceVerdict, DetectedEntity, EntityKind, } from "./decoherence.js";
|
|
14
|
+
export { Negspace } from "./negspace.js";
|
|
15
|
+
export type { AuditRow, NegspaceMatch, NegspaceLookupResult } from "./negspace.js";
|
|
16
|
+
export { computeChshWitness, defaultScoreExtractor, instantiateProbes, probeSeed, CANONICAL_PROBES, } from "./chsh_witness.js";
|
|
17
|
+
export type { ProbeKind, ProbeQuestion, ProbeResponse, ChshWitnessVerdict, ChshInput, } from "./chsh_witness.js";
|
|
18
|
+
export { runStrs, strsBadgeUrl, STRS_PROBE_SET_V1 } from "./strs.js";
|
|
19
|
+
export type { StrsProbe, StrsRunResult, StrsReport, StrsRunOptions, VerifyFn } from "./strs.js";
|
|
20
|
+
export { canonicalize, shouldReVerify } from "./homograph_guard.js";
|
|
21
|
+
export type { CanonicalizeResult } from "./homograph_guard.js";
|
|
22
|
+
export { checkInputSize, emitEnvelope, detectInputSource } from "./input_size_guard.js";
|
|
23
|
+
export type { SizeCheckResult, InputSource, CheckInputSizeOptions } from "./input_size_guard.js";
|
|
24
|
+
//# sourceMappingURL=index.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/protoplasm/super_quan/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAGH,OAAO,EACL,kBAAkB,EAAE,cAAc,EAAE,cAAc,GACnD,MAAM,kBAAkB,CAAC;AAC1B,YAAY,EACV,kBAAkB,EAAE,cAAc,EAAE,UAAU,GAC/C,MAAM,kBAAkB,CAAC;AAG1B,OAAO,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAC;AACzC,YAAY,EAAE,QAAQ,EAAE,aAAa,EAAE,oBAAoB,EAAE,MAAM,eAAe,CAAC;AAGnF,OAAO,EACL,kBAAkB,EAAE,qBAAqB,EAAE,iBAAiB,EAC5D,SAAS,EAAE,gBAAgB,GAC5B,MAAM,mBAAmB,CAAC;AAC3B,YAAY,EACV,SAAS,EAAE,aAAa,EAAE,aAAa,EAAE,kBAAkB,EAAE,SAAS,GACvE,MAAM,mBAAmB,CAAC;AAG3B,OAAO,EAAE,OAAO,EAAE,YAAY,EAAE,iBAAiB,EAAE,MAAM,WAAW,CAAC;AACrE,YAAY,EAAE,SAAS,EAAE,aAAa,EAAE,UAAU,EAAE,cAAc,EAAE,QAAQ,EAAE,MAAM,WAAW,CAAC;AAGhG,OAAO,EAAE,YAAY,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACpE,YAAY,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAC;AAG/D,OAAO,EAAE,cAAc,EAAE,YAAY,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AACxF,YAAY,EAAE,eAAe,EAAE,WAAW,EAAE,qBAAqB,EAAE,MAAM,uBAAuB,CAAC"}
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* 💎 SUPER QUAN — public surface
|
|
3
|
+
*
|
|
4
|
+
* 4 research-grade primitives that close the temporal / negative-knowledge /
|
|
5
|
+
* eval-awareness / recursive-self-verify gaps in current AI truth systems.
|
|
6
|
+
*
|
|
7
|
+
* - DECOHERENCE — every verdict has a half-life (truth has shelf life)
|
|
8
|
+
* - NEGSPACE — RAG over known lies (HMAC-chained negative knowledge)
|
|
9
|
+
* - CHSH WITNESS — structural detector of eval-aware bluff (paper-grade)
|
|
10
|
+
* - STRS — self-test reproducibility score (recursive verify)
|
|
11
|
+
*/
|
|
12
|
+
// 1. DECOHERENCE
|
|
13
|
+
export { computeDecoherence, detectEntities, isVerdictFresh, } from "./decoherence.js";
|
|
14
|
+
// 2. NEGSPACE
|
|
15
|
+
export { Negspace } from "./negspace.js";
|
|
16
|
+
// 3. CHSH WITNESS (the big one)
|
|
17
|
+
export { computeChshWitness, defaultScoreExtractor, instantiateProbes, probeSeed, CANONICAL_PROBES, } from "./chsh_witness.js";
|
|
18
|
+
// 4. STRS
|
|
19
|
+
export { runStrs, strsBadgeUrl, STRS_PROBE_SET_V1 } from "./strs.js";
|
|
20
|
+
// 5. HOMOGRAPH GUARD — closes v2.70 vuln #1 (Unicode bypass)
|
|
21
|
+
export { canonicalize, shouldReVerify } from "./homograph_guard.js";
|
|
22
|
+
// 6. INPUT SIZE GUARD — closes v2.70 vuln #2 (silent 28K reject)
|
|
23
|
+
export { checkInputSize, emitEnvelope, detectInputSource } from "./input_size_guard.js";
|
|
24
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/protoplasm/super_quan/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,iBAAiB;AACjB,OAAO,EACL,kBAAkB,EAAE,cAAc,EAAE,cAAc,GACnD,MAAM,kBAAkB,CAAC;AAK1B,cAAc;AACd,OAAO,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAC;AAGzC,gCAAgC;AAChC,OAAO,EACL,kBAAkB,EAAE,qBAAqB,EAAE,iBAAiB,EAC5D,SAAS,EAAE,gBAAgB,GAC5B,MAAM,mBAAmB,CAAC;AAK3B,UAAU;AACV,OAAO,EAAE,OAAO,EAAE,YAAY,EAAE,iBAAiB,EAAE,MAAM,WAAW,CAAC;AAGrE,6DAA6D;AAC7D,OAAO,EAAE,YAAY,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAGpE,iEAAiE;AACjE,OAAO,EAAE,cAAc,EAAE,YAAY,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC"}
|
|
@@ -0,0 +1,58 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* 🛡 INPUT SIZE GUARD — fail-loud envelope + truncation receipt
|
|
3
|
+
*
|
|
4
|
+
* Closes the v2.70 vuln: 28K char input → exit 1, 0 bytes, no warning.
|
|
5
|
+
*
|
|
6
|
+
* Strategy stacks 3 lenses:
|
|
7
|
+
* 1. Fail-loud: never silent. Every reject emits JSON envelope.
|
|
8
|
+
* 2. Truncation receipt: when allowTruncate=true, accept first N + flag
|
|
9
|
+
* "INPUT_TRUNCATED" so verdict consumer sees the caveat.
|
|
10
|
+
* 3. Auto-detect: if input came via argv and is too large, suggest stdin.
|
|
11
|
+
*
|
|
12
|
+
* Cross-platform argv limits (real-world safe values):
|
|
13
|
+
* Windows cmd.exe : ~8K (legacy)
|
|
14
|
+
* Windows powershell: ~32K (varies)
|
|
15
|
+
* Linux execve() : ~128K-2M
|
|
16
|
+
* macOS execve() : ~256K
|
|
17
|
+
*
|
|
18
|
+
* Hard limit chosen: 24K = safely below Windows cmd while still allowing
|
|
19
|
+
* substantial claims. For larger input, pipe via stdin.
|
|
20
|
+
*/
|
|
21
|
+
export type InputSource = "argv" | "stdin" | "file" | "unknown";
|
|
22
|
+
export interface SizeCheckResult {
|
|
23
|
+
ok: boolean;
|
|
24
|
+
inputSize: number;
|
|
25
|
+
limit: number;
|
|
26
|
+
source: InputSource;
|
|
27
|
+
truncated: boolean;
|
|
28
|
+
truncatedAt?: number;
|
|
29
|
+
receipt: string;
|
|
30
|
+
reason?: string;
|
|
31
|
+
suggestion?: string;
|
|
32
|
+
envelope: {
|
|
33
|
+
ok: boolean;
|
|
34
|
+
error?: string;
|
|
35
|
+
sizeReceived: number;
|
|
36
|
+
sizeLimit: number;
|
|
37
|
+
source: InputSource;
|
|
38
|
+
hint?: string;
|
|
39
|
+
};
|
|
40
|
+
}
|
|
41
|
+
export interface CheckInputSizeOptions {
|
|
42
|
+
source: InputSource;
|
|
43
|
+
allowTruncate?: boolean;
|
|
44
|
+
customLimit?: number;
|
|
45
|
+
}
|
|
46
|
+
export declare function checkInputSize(input: string, opts: CheckInputSizeOptions): SizeCheckResult;
|
|
47
|
+
/**
|
|
48
|
+
* Emit JSON envelope to stdout. Caller in CLI should call this on EVERY
|
|
49
|
+
* exit path so the user never gets silent 0-byte exit.
|
|
50
|
+
*
|
|
51
|
+
* Returns suggested process exit code:
|
|
52
|
+
* 0 if ok
|
|
53
|
+
* 2 if input rejected (distinct from generic crash exit 1)
|
|
54
|
+
*/
|
|
55
|
+
export declare function emitEnvelope(result: SizeCheckResult, write?: (s: string) => void): number;
|
|
56
|
+
/** Detect input source heuristically from argv/stdin state. */
|
|
57
|
+
export declare function detectInputSource(): InputSource;
|
|
58
|
+
//# sourceMappingURL=input_size_guard.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"input_size_guard.d.ts","sourceRoot":"","sources":["../../../src/protoplasm/super_quan/input_size_guard.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AAEH,MAAM,MAAM,WAAW,GAAG,MAAM,GAAG,OAAO,GAAG,MAAM,GAAG,SAAS,CAAC;AAEhE,MAAM,WAAW,eAAe;IAC9B,EAAE,EAAE,OAAO,CAAC;IACZ,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,WAAW,CAAC;IACpB,SAAS,EAAE,OAAO,CAAC;IACnB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE;QACR,EAAE,EAAE,OAAO,CAAC;QACZ,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,YAAY,EAAE,MAAM,CAAC;QACrB,SAAS,EAAE,MAAM,CAAC;QAClB,MAAM,EAAE,WAAW,CAAC;QACpB,IAAI,CAAC,EAAE,MAAM,CAAC;KACf,CAAC;CACH;AASD,MAAM,WAAW,qBAAqB;IACpC,MAAM,EAAE,WAAW,CAAC;IACpB,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAWD,wBAAgB,cAAc,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,qBAAqB,GAAG,eAAe,CAkD1F;AAED;;;;;;;GAOG;AACH,wBAAgB,YAAY,CAAC,MAAM,EAAE,eAAe,EAAE,KAAK,GAAE,CAAC,CAAC,EAAE,MAAM,KAAK,IAAqC,GAAG,MAAM,CAGzH;AAED,+DAA+D;AAC/D,wBAAgB,iBAAiB,IAAI,WAAW,CAI/C"}
|
|
@@ -0,0 +1,102 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* 🛡 INPUT SIZE GUARD — fail-loud envelope + truncation receipt
|
|
3
|
+
*
|
|
4
|
+
* Closes the v2.70 vuln: 28K char input → exit 1, 0 bytes, no warning.
|
|
5
|
+
*
|
|
6
|
+
* Strategy stacks 3 lenses:
|
|
7
|
+
* 1. Fail-loud: never silent. Every reject emits JSON envelope.
|
|
8
|
+
* 2. Truncation receipt: when allowTruncate=true, accept first N + flag
|
|
9
|
+
* "INPUT_TRUNCATED" so verdict consumer sees the caveat.
|
|
10
|
+
* 3. Auto-detect: if input came via argv and is too large, suggest stdin.
|
|
11
|
+
*
|
|
12
|
+
* Cross-platform argv limits (real-world safe values):
|
|
13
|
+
* Windows cmd.exe : ~8K (legacy)
|
|
14
|
+
* Windows powershell: ~32K (varies)
|
|
15
|
+
* Linux execve() : ~128K-2M
|
|
16
|
+
* macOS execve() : ~256K
|
|
17
|
+
*
|
|
18
|
+
* Hard limit chosen: 24K = safely below Windows cmd while still allowing
|
|
19
|
+
* substantial claims. For larger input, pipe via stdin.
|
|
20
|
+
*/
|
|
21
|
+
const DEFAULT_LIMITS = {
|
|
22
|
+
argv: 24_000,
|
|
23
|
+
stdin: 10_000_000, // 10MB
|
|
24
|
+
file: 100_000_000, // 100MB
|
|
25
|
+
unknown: 24_000,
|
|
26
|
+
};
|
|
27
|
+
function makeReceipt(input, source) {
|
|
28
|
+
// Lightweight non-crypto receipt — caller can verify they sent X bytes
|
|
29
|
+
// without needing HMAC key
|
|
30
|
+
const size = input.length;
|
|
31
|
+
const head = input.slice(0, 24).replace(/\s/g, "·");
|
|
32
|
+
const tail = input.slice(-24).replace(/\s/g, "·");
|
|
33
|
+
return `[mneme-rcpt ${source}:${size}B head="${head}" tail="${tail}"]`;
|
|
34
|
+
}
|
|
35
|
+
export function checkInputSize(input, opts) {
|
|
36
|
+
const limit = opts.customLimit ?? DEFAULT_LIMITS[opts.source];
|
|
37
|
+
const inputSize = input.length;
|
|
38
|
+
const receipt = makeReceipt(input, opts.source);
|
|
39
|
+
if (inputSize <= limit) {
|
|
40
|
+
return {
|
|
41
|
+
ok: true, inputSize, limit, source: opts.source,
|
|
42
|
+
truncated: false, receipt,
|
|
43
|
+
envelope: { ok: true, sizeReceived: inputSize, sizeLimit: limit, source: opts.source },
|
|
44
|
+
};
|
|
45
|
+
}
|
|
46
|
+
// Over limit. Truncate or reject?
|
|
47
|
+
if (opts.allowTruncate) {
|
|
48
|
+
return {
|
|
49
|
+
ok: true, inputSize, limit, source: opts.source,
|
|
50
|
+
truncated: true, truncatedAt: limit,
|
|
51
|
+
reason: `input ${inputSize}B > limit ${limit}B; --allow-truncate accepted first ${limit}B`,
|
|
52
|
+
receipt,
|
|
53
|
+
envelope: {
|
|
54
|
+
ok: true,
|
|
55
|
+
sizeReceived: inputSize,
|
|
56
|
+
sizeLimit: limit,
|
|
57
|
+
source: opts.source,
|
|
58
|
+
hint: `Verdict computed on first ${limit}B only — re-run via stdin for full input.`,
|
|
59
|
+
},
|
|
60
|
+
};
|
|
61
|
+
}
|
|
62
|
+
// Hard reject — but LOUD. Caller MUST get JSON envelope.
|
|
63
|
+
const suggestion = opts.source === "argv"
|
|
64
|
+
? "Input too large for command-line args. Pipe via stdin: `echo $CLAIM | mneme verify --stdin` (limit then becomes 10MB)."
|
|
65
|
+
: `Input ${inputSize}B exceeds ${opts.source} limit of ${limit}B. Use --allow-truncate or split into chunks.`;
|
|
66
|
+
return {
|
|
67
|
+
ok: false, inputSize, limit, source: opts.source,
|
|
68
|
+
truncated: false,
|
|
69
|
+
reason: `input ${inputSize}B exceeds ${opts.source} limit of ${limit}B`,
|
|
70
|
+
suggestion,
|
|
71
|
+
receipt,
|
|
72
|
+
envelope: {
|
|
73
|
+
ok: false,
|
|
74
|
+
error: "INPUT_TOO_LARGE",
|
|
75
|
+
sizeReceived: inputSize,
|
|
76
|
+
sizeLimit: limit,
|
|
77
|
+
source: opts.source,
|
|
78
|
+
hint: suggestion,
|
|
79
|
+
},
|
|
80
|
+
};
|
|
81
|
+
}
|
|
82
|
+
/**
|
|
83
|
+
* Emit JSON envelope to stdout. Caller in CLI should call this on EVERY
|
|
84
|
+
* exit path so the user never gets silent 0-byte exit.
|
|
85
|
+
*
|
|
86
|
+
* Returns suggested process exit code:
|
|
87
|
+
* 0 if ok
|
|
88
|
+
* 2 if input rejected (distinct from generic crash exit 1)
|
|
89
|
+
*/
|
|
90
|
+
export function emitEnvelope(result, write = (s) => process.stdout.write(s)) {
|
|
91
|
+
write(JSON.stringify(result.envelope) + "\n");
|
|
92
|
+
return result.ok ? 0 : 2;
|
|
93
|
+
}
|
|
94
|
+
/** Detect input source heuristically from argv/stdin state. */
|
|
95
|
+
export function detectInputSource() {
|
|
96
|
+
if (!process.stdin.isTTY)
|
|
97
|
+
return "stdin";
|
|
98
|
+
if (process.argv.length > 2)
|
|
99
|
+
return "argv";
|
|
100
|
+
return "unknown";
|
|
101
|
+
}
|
|
102
|
+
//# sourceMappingURL=input_size_guard.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"input_size_guard.js","sourceRoot":"","sources":["../../../src/protoplasm/super_quan/input_size_guard.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AAwBH,MAAM,cAAc,GAAgC;IAClD,IAAI,EAAE,MAAM;IACZ,KAAK,EAAE,UAAU,EAAS,OAAO;IACjC,IAAI,EAAE,WAAW,EAAU,QAAQ;IACnC,OAAO,EAAE,MAAM;CAChB,CAAC;AAQF,SAAS,WAAW,CAAC,KAAa,EAAE,MAAmB;IACrD,uEAAuE;IACvE,2BAA2B;IAC3B,MAAM,IAAI,GAAG,KAAK,CAAC,MAAM,CAAC;IAC1B,MAAM,IAAI,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;IACpD,MAAM,IAAI,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;IAClD,OAAO,eAAe,MAAM,IAAI,IAAI,WAAW,IAAI,WAAW,IAAI,IAAI,CAAC;AACzE,CAAC;AAED,MAAM,UAAU,cAAc,CAAC,KAAa,EAAE,IAA2B;IACvE,MAAM,KAAK,GAAG,IAAI,CAAC,WAAW,IAAI,cAAc,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAC9D,MAAM,SAAS,GAAG,KAAK,CAAC,MAAM,CAAC;IAC/B,MAAM,OAAO,GAAG,WAAW,CAAC,KAAK,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;IAEhD,IAAI,SAAS,IAAI,KAAK,EAAE,CAAC;QACvB,OAAO;YACL,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM;YAC/C,SAAS,EAAE,KAAK,EAAE,OAAO;YACzB,QAAQ,EAAE,EAAE,EAAE,EAAE,IAAI,EAAE,YAAY,EAAE,SAAS,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE;SACvF,CAAC;IACJ,CAAC;IAED,kCAAkC;IAClC,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;QACvB,OAAO;YACL,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM;YAC/C,SAAS,EAAE,IAAI,EAAE,WAAW,EAAE,KAAK;YACnC,MAAM,EAAE,SAAS,SAAS,aAAa,KAAK,sCAAsC,KAAK,GAAG;YAC1F,OAAO;YACP,QAAQ,EAAE;gBACR,EAAE,EAAE,IAAI;gBACR,YAAY,EAAE,SAAS;gBACvB,SAAS,EAAE,KAAK;gBAChB,MAAM,EAAE,IAAI,CAAC,MAAM;gBACnB,IAAI,EAAE,6BAA6B,KAAK,2CAA2C;aACpF;SACF,CAAC;IACJ,CAAC;IAED,yDAAyD;IACzD,MAAM,UAAU,GAAG,IAAI,CAAC,MAAM,KAAK,MAAM;QACvC,CAAC,CAAC,wHAAwH;QAC1H,CAAC,CAAC,SAAS,SAAS,aAAa,IAAI,CAAC,MAAM,aAAa,KAAK,+CAA+C,CAAC;IAEhH,OAAO;QACL,EAAE,EAAE,KAAK,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM;QAChD,SAAS,EAAE,KAAK;QAChB,MAAM,EAAE,SAAS,SAAS,aAAa,IAAI,CAAC,MAAM,aAAa,KAAK,GAAG;QACvE,UAAU;QACV,OAAO;QACP,QAAQ,EAAE;YACR,EAAE,EAAE,KAAK;YACT,KAAK,EAAE,iBAAiB;YACxB,YAAY,EAAE,SAAS;YACvB,SAAS,EAAE,KAAK;YAChB,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,IAAI,EAAE,UAAU;SACjB;KACF,CAAC;AACJ,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,YAAY,CAAC,MAAuB,EAAE,QAA6B,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;IAC/G,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,QAAQ,CAAC,GAAG,IAAI,CAAC,CAAC;IAC9C,OAAO,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;AAC3B,CAAC;AAED,+DAA+D;AAC/D,MAAM,UAAU,iBAAiB;IAC/B,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,KAAK;QAAE,OAAO,OAAO,CAAC;IACzC,IAAI,OAAO,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,MAAM,CAAC;IAC3C,OAAO,SAAS,CAAC;AACnB,CAAC"}
|
|
@@ -0,0 +1,79 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* 💎 #2 — NEGSPACE: HMAC Audit as Negative Knowledge Graph
|
|
3
|
+
*
|
|
4
|
+
* Every IMPOSSIBLE / REFUTED verdict that Mneme ever emitted is HMAC-chained
|
|
5
|
+
* into an audit log. Today it sits as raw log. This module re-indexes that
|
|
6
|
+
* log into a *negative* knowledge graph — RAG over things known to be false.
|
|
7
|
+
*
|
|
8
|
+
* Standard RAG indexes positive facts (Wikipedia, docs, code).
|
|
9
|
+
* NEGSPACE indexes negative facts: "X is known false; here's why; here's the
|
|
10
|
+
* audit signature." Useful for AI safety: agents should know what NOT to
|
|
11
|
+
* claim, with cryptographic evidence.
|
|
12
|
+
*
|
|
13
|
+
* API:
|
|
14
|
+
* const ng = new Negspace(auditPath, hmacKey);
|
|
15
|
+
* ng.index(); // build in-memory index
|
|
16
|
+
* ng.lookup("useFormStatus accepts reset prop")
|
|
17
|
+
* → { previouslyRefuted: true,
|
|
18
|
+
* evidence: "HMAC sig 3a4f...; refuted 2026-04-12",
|
|
19
|
+
* similarRefuted: [{claim, similarity}] }
|
|
20
|
+
*
|
|
21
|
+
* Similarity: bigram Jaccard. No external embeddings dependency.
|
|
22
|
+
* (Embeddings adapter pluggable — see protoplasm/embeddings_adapter.)
|
|
23
|
+
*/
|
|
24
|
+
export interface AuditRow {
|
|
25
|
+
ts: string;
|
|
26
|
+
claim: string;
|
|
27
|
+
verdict: "REFUTED" | "IMPOSSIBLE" | "TRUSTWORTHY" | "UNKNOWN" | string;
|
|
28
|
+
evidence?: string;
|
|
29
|
+
hmac?: string;
|
|
30
|
+
vendor?: string;
|
|
31
|
+
}
|
|
32
|
+
export interface NegspaceMatch {
|
|
33
|
+
claim: string;
|
|
34
|
+
similarity: number;
|
|
35
|
+
ts: string;
|
|
36
|
+
evidence?: string;
|
|
37
|
+
hmac?: string;
|
|
38
|
+
}
|
|
39
|
+
export interface NegspaceLookupResult {
|
|
40
|
+
query: string;
|
|
41
|
+
previouslyRefuted: boolean;
|
|
42
|
+
exactEvidence?: string;
|
|
43
|
+
exactHmac?: string;
|
|
44
|
+
exactTs?: string;
|
|
45
|
+
similarRefuted: NegspaceMatch[];
|
|
46
|
+
totalKnownLies: number;
|
|
47
|
+
lookupHmac: string;
|
|
48
|
+
}
|
|
49
|
+
export declare class Negspace {
|
|
50
|
+
private auditPath;
|
|
51
|
+
private hmacKey;
|
|
52
|
+
private rows;
|
|
53
|
+
private indexed;
|
|
54
|
+
constructor(auditPath: string, hmacKey: string);
|
|
55
|
+
/** Build / refresh in-memory index from audit JSONL. Idempotent. */
|
|
56
|
+
index(): {
|
|
57
|
+
totalRows: number;
|
|
58
|
+
refutedOrImpossible: number;
|
|
59
|
+
};
|
|
60
|
+
private knownLies;
|
|
61
|
+
/** Lookup a claim. Returns exact match if any + nearest semantic-Jaccard neighbours. */
|
|
62
|
+
lookup(claim: string, opts?: {
|
|
63
|
+
threshold?: number;
|
|
64
|
+
topK?: number;
|
|
65
|
+
}): NegspaceLookupResult;
|
|
66
|
+
/** Append a new refuted claim to the audit log + refresh index. */
|
|
67
|
+
appendRefuted(row: Omit<AuditRow, "hmac"> & {
|
|
68
|
+
hmac?: string;
|
|
69
|
+
}): AuditRow;
|
|
70
|
+
/** Stats for dashboard. */
|
|
71
|
+
stats(): {
|
|
72
|
+
totalRows: number;
|
|
73
|
+
refuted: number;
|
|
74
|
+
impossible: number;
|
|
75
|
+
trustworthy: number;
|
|
76
|
+
unknown: number;
|
|
77
|
+
};
|
|
78
|
+
}
|
|
79
|
+
//# sourceMappingURL=negspace.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"negspace.d.ts","sourceRoot":"","sources":["../../../src/protoplasm/super_quan/negspace.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;GAsBG;AAKH,MAAM,WAAW,QAAQ;IACvB,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,SAAS,GAAG,YAAY,GAAG,aAAa,GAAG,SAAS,GAAG,MAAM,CAAC;IACvE,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,aAAa;IAC5B,KAAK,EAAE,MAAM,CAAC;IACd,UAAU,EAAE,MAAM,CAAC;IACnB,EAAE,EAAE,MAAM,CAAC;IACX,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,IAAI,CAAC,EAAE,MAAM,CAAC;CACf;AAED,MAAM,WAAW,oBAAoB;IACnC,KAAK,EAAE,MAAM,CAAC;IACd,iBAAiB,EAAE,OAAO,CAAC;IAC3B,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,cAAc,EAAE,aAAa,EAAE,CAAC;IAChC,cAAc,EAAE,MAAM,CAAC;IACvB,UAAU,EAAE,MAAM,CAAC;CACpB;AAmBD,qBAAa,QAAQ;IAIP,OAAO,CAAC,SAAS;IAAU,OAAO,CAAC,OAAO;IAHtD,OAAO,CAAC,IAAI,CAAkB;IAC9B,OAAO,CAAC,OAAO,CAAS;gBAEJ,SAAS,EAAE,MAAM,EAAU,OAAO,EAAE,MAAM;IAE9D,oEAAoE;IACpE,KAAK,IAAI;QAAE,SAAS,EAAE,MAAM,CAAC;QAAC,mBAAmB,EAAE,MAAM,CAAA;KAAE;IAc3D,OAAO,CAAC,SAAS;IAIjB,wFAAwF;IACxF,MAAM,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,GAAE;QAAE,SAAS,CAAC,EAAE,MAAM,CAAC;QAAC,IAAI,CAAC,EAAE,MAAM,CAAA;KAAO,GAAG,oBAAoB;IAuC7F,mEAAmE;IACnE,aAAa,CAAC,GAAG,EAAE,IAAI,CAAC,QAAQ,EAAE,MAAM,CAAC,GAAG;QAAE,IAAI,CAAC,EAAE,MAAM,CAAA;KAAE,GAAG,QAAQ;IAYxE,2BAA2B;IAC3B,KAAK,IAAI;QAAE,SAAS,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAC;QAAC,UAAU,EAAE,MAAM,CAAC;QAAC,WAAW,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE;CAQ1G"}
|