@opentrust/core 7.1.0

package/dist/db.d.ts

@@ -0,0 +1,4 @@
+import Database from "better-sqlite3";
+export declare function getDb(): Database.Database;
+export declare function initDb(): void;
+//# sourceMappingURL=db.d.ts.map

package/dist/db.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"db.d.ts","sourceRoot":"","sources":["../src/db.ts"],"names":[],"mappings":"AAAA,OAAO,QAAQ,MAAM,gBAAgB,CAAC;AAUtC,wBAAgB,KAAK,IAAI,QAAQ,CAAC,QAAQ,CAQzC;AAED,wBAAgB,MAAM,IAAI,IAAI,CAgB7B"}

package/dist/db.js

@@ -0,0 +1,33 @@
+import Database from "better-sqlite3";
+import { mkdirSync } from "node:fs";
+import { dirname, resolve } from "node:path";
+import { fileURLToPath } from "node:url";
+const __dirname = dirname(fileURLToPath(import.meta.url));
+const DB_PATH = resolve(__dirname, "..", "data", "core.db");
+let _db;
+export function getDb() {
+    if (!_db) {
+        mkdirSync(dirname(DB_PATH), { recursive: true });
+        _db = new Database(DB_PATH);
+        _db.pragma("journal_mode = WAL");
+        _db.pragma("foreign_keys = ON");
+    }
+    return _db;
+}
+export function initDb() {
+    const db = getDb();
+    db.exec(`
+    CREATE TABLE IF NOT EXISTS agents (
+      id TEXT PRIMARY KEY,
+      name TEXT NOT NULL,
+      description TEXT DEFAULT '',
+      api_key TEXT UNIQUE NOT NULL,
+      email TEXT DEFAULT 'dev@localhost',
+      status TEXT DEFAULT 'active',
+      quota_total INTEGER DEFAULT 999999,
+      quota_used INTEGER DEFAULT 0,
+      created_at TEXT DEFAULT (datetime('now'))
+    )
+  `);
+}
+//# sourceMappingURL=db.js.map

package/dist/db.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"db.js","sourceRoot":"","sources":["../src/db.ts"],"names":[],"mappings":"AAAA,OAAO,QAAQ,MAAM,gBAAgB,CAAC;AACtC,OAAO,EAAE,SAAS,EAAE,MAAM,SAAS,CAAC;AACpC,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAC7C,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAEzC,MAAM,SAAS,GAAG,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;AAC1D,MAAM,OAAO,GAAG,OAAO,CAAC,SAAS,EAAE,IAAI,EAAE,MAAM,EAAE,SAAS,CAAC,CAAC;AAE5D,IAAI,GAAsB,CAAC;AAE3B,MAAM,UAAU,KAAK;IACnB,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,SAAS,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QACjD,GAAG,GAAG,IAAI,QAAQ,CAAC,OAAO,CAAC,CAAC;QAC5B,GAAG,CAAC,MAAM,CAAC,oBAAoB,CAAC,CAAC;QACjC,GAAG,CAAC,MAAM,CAAC,mBAAmB,CAAC,CAAC;IAClC,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,MAAM,UAAU,MAAM;IACpB,MAAM,EAAE,GAAG,KAAK,EAAE,CAAC;IAEnB,EAAE,CAAC,IAAI,CAAC;;;;;;;;;;;;GAYP,CAAC,CAAC;AACL,CAAC"}

package/dist/engine/behavior-rules.d.ts

@@ -0,0 +1,62 @@
+/**
+ * Behavioral rule engine — evaluates tool call sequences for dangerous patterns.
+ *
+ * Tool classification sets are based on moltguard/agent/behavior-detector.ts.
+ */
+export interface ToolChainEntry {
+    seq: number;
+    toolName: string;
+    sanitizedParams: Record<string, string>;
+    outcome: "success" | "error" | "timeout";
+    durationMs: number;
+    resultCategory: "text_small" | "text_large" | "binary" | "empty" | "error";
+    resultSizeBytes: number;
+    dataFlowFrom?: string;
+}
+export interface PendingToolCall {
+    toolName: string;
+    params: Record<string, string>;
+}
+export interface ContentInjectionFinding {
+    category: string;
+    confidence: "high" | "medium";
+    matchedText: string;
+    pattern: string;
+}
+export type RiskLevel = "no_risk" | "low" | "medium" | "high" | "critical";
+export type AssessAction = "allow" | "alert" | "block";
+export interface DetectionFinding {
+    riskLevel: RiskLevel;
+    riskType: string;
+    riskContent: string;
+    reason: string;
+}
+export interface BehaviorAssessRequest {
+    agentId: string;
+    sessionKey: string;
+    runId: string;
+    userIntent: string;
+    toolChain: ToolChainEntry[];
+    pendingTool?: PendingToolCall;
+    contentFindings?: ContentInjectionFinding[];
+    context: {
+        messageHistoryLength: number;
+        recentUserMessages: string[];
+    };
+    meta: {
+        pluginVersion: string;
+        clientTimestamp: string;
+    };
+}
+export interface BehaviorAssessResponse {
+    behaviorId: string;
+    riskLevel: RiskLevel;
+    anomalyTypes: string[];
+    confidence: number;
+    action: AssessAction;
+    explanation: string;
+    affectedTools: number[];
+    findings?: DetectionFinding[];
+}
+export declare function assessBehavior(req: BehaviorAssessRequest): BehaviorAssessResponse;
+//# sourceMappingURL=behavior-rules.d.ts.map

package/dist/engine/behavior-rules.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"behavior-rules.d.ts","sourceRoot":"","sources":["../../src/engine/behavior-rules.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AA8CH,MAAM,WAAW,cAAc;IAC7B,GAAG,EAAE,MAAM,CAAC;IACZ,QAAQ,EAAE,MAAM,CAAC;IACjB,eAAe,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACxC,OAAO,EAAE,SAAS,GAAG,OAAO,GAAG,SAAS,CAAC;IACzC,UAAU,EAAE,MAAM,CAAC;IACnB,cAAc,EAAE,YAAY,GAAG,YAAY,GAAG,QAAQ,GAAG,OAAO,GAAG,OAAO,CAAC;IAC3E,eAAe,EAAE,MAAM,CAAC;IACxB,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED,MAAM,WAAW,eAAe;IAC9B,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAChC;AAED,MAAM,WAAW,uBAAuB;IACtC,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,GAAG,QAAQ,CAAC;IAC9B,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,MAAM,SAAS,GAAG,SAAS,GAAG,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;AAC3E,MAAM,MAAM,YAAY,GAAG,OAAO,GAAG,OAAO,GAAG,OAAO,CAAC;AAEvD,MAAM,WAAW,gBAAgB;IAC/B,SAAS,EAAE,SAAS,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,qBAAqB;IACpC,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,EAAE,MAAM,CAAC;IACd,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,cAAc,EAAE,CAAC;IAC5B,WAAW,CAAC,EAAE,eAAe,CAAC;IAC9B,eAAe,CAAC,EAAE,uBAAuB,EAAE,CAAC;IAC5C,OAAO,EAAE;QACP,oBAAoB,EAAE,MAAM,CAAC;QAC7B,kBAAkB,EAAE,MAAM,EAAE,CAAC;KAC9B,CAAC;IACF,IAAI,EAAE;QACJ,aAAa,EAAE,MAAM,CAAC;QACtB,eAAe,EAAE,MAAM,CAAC;KACzB,CAAC;CACH;AAED,MAAM,WAAW,sBAAsB;IACrC,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,SAAS,CAAC;IACrB,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,YAAY,CAAC;IACrB,WAAW,EAAE,MAAM,CAAC;IACpB,aAAa,EAAE,MAAM,EAAE,CAAC;IACxB,QAAQ,CAAC,EAAE,gBAAgB,EAAE,CAAC;CAC/B;AAuND,wBAAgB,cAAc,CAAC,GAAG,EAAE,qBAAqB,GAAG,sBAAsB,CA4DjF"}

package/dist/engine/behavior-rules.js

@@ -0,0 +1,270 @@
+/**
+ * Behavioral rule engine — evaluates tool call sequences for dangerous patterns.
+ *
+ * Tool classification sets are based on moltguard/agent/behavior-detector.ts.
+ */
+// ---------------------------------------------------------------------------
+// Tool classification
+// ---------------------------------------------------------------------------
+const FILE_READ_TOOLS = new Set([
+    "Read", "read_file", "read", "cat", "head", "tail", "view",
+    "get_file_contents", "open_file",
+]);
+const SHELL_TOOLS = new Set([
+    "Bash", "bash", "shell", "run_command", "execute", "terminal",
+    "cmd", "powershell", "Shell",
+]);
+const WEB_FETCH_TOOLS = new Set([
+    "WebFetch", "web_fetch", "fetch", "http_request", "get_url",
+    "browser_navigate", "navigate",
+]);
+const NETWORK_WRITE_TOOLS = new Set([
+    "WebFetch", "web_fetch", "fetch", "http_request", "curl",
+    "post", "put", "upload",
+]);
+const SENSITIVE_PATH_PATTERNS = [
+    /\.ssh/i, /\.aws/i, /\.gnupg/i, /\.env\b/i,
+    /\.pem$/i, /\.key$/i, /id_rsa/i, /id_ed25519/i,
+    /credentials/i, /keychain/i,
+    /\/etc\/passwd/i, /\/etc\/shadow/i,
+    /\.git\/config/i, /\.npmrc/i, /\.pypirc/i,
+];
+const COMMAND_INJECTION_PATTERNS = [
+    /;\s*(?:curl|wget|nc|bash|sh|python|perl|ruby)\b/i,
+    /\|\s*(?:bash|sh|python|perl)\b/i,
+    /`[^`]*(?:curl|wget|nc)\b[^`]*`/i,
+    /\$\([^)]*(?:curl|wget|nc)\b/i,
+    />\s*\/dev\/tcp\//i,
+];
+function hasToolInChain(chain, toolSet) {
+    return chain.find((e) => toolSet.has(e.toolName));
+}
+function getParamValues(entry) {
+    const params = "sanitizedParams" in entry ? entry.sanitizedParams : entry.params;
+    return Object.values(params).join(" ");
+}
+function touchesSensitivePath(entry) {
+    const text = getParamValues(entry);
+    return SENSITIVE_PATH_PATTERNS.some((p) => p.test(text));
+}
+const RULES = [
+    // Critical: file read → network exfiltration
+    {
+        id: "BR-001",
+        severity: "critical",
+        name: "Data exfiltration via file read then network send",
+        anomalyType: "data_exfiltration",
+        match(chain, pending) {
+            const fileRead = hasToolInChain(chain, FILE_READ_TOOLS);
+            if (!fileRead)
+                return null;
+            const target = pending
+                ? (NETWORK_WRITE_TOOLS.has(pending.toolName) || WEB_FETCH_TOOLS.has(pending.toolName) ? pending : null)
+                : chain.find((e) => e.seq > fileRead.seq && (NETWORK_WRITE_TOOLS.has(e.toolName) || WEB_FETCH_TOOLS.has(e.toolName)));
+            if (!target)
+                return null;
+            return {
+                explanation: `File read (${fileRead.toolName}) followed by network request (${"toolName" in target ? target.toolName : "pending"}) — potential data exfiltration.`,
+                affectedTools: [fileRead.seq, ...("seq" in target ? [target.seq] : [])],
+                confidence: 0.85,
+                findings: [{
+                        riskLevel: "critical",
+                        riskType: "DATA_EXFILTRATION",
+                        riskContent: `${fileRead.toolName} → ${"toolName" in target ? target.toolName : "network"}`,
+                        reason: "Sensitive file read followed by network send",
+                    }],
+            };
+        },
+    },
+    // Critical: credential file access → external write
+    {
+        id: "BR-002",
+        severity: "critical",
+        name: "Credential access followed by external write",
+        anomalyType: "credential_theft",
+        match(chain, pending) {
+            const credAccess = chain.find((e) => FILE_READ_TOOLS.has(e.toolName) && touchesSensitivePath(e));
+            if (!credAccess)
+                return null;
+            const externalWrite = pending
+                ? (NETWORK_WRITE_TOOLS.has(pending.toolName) ? pending : null)
+                : chain.find((e) => e.seq > credAccess.seq && NETWORK_WRITE_TOOLS.has(e.toolName));
+            if (!externalWrite)
+                return null;
+            return {
+                explanation: `Credential/sensitive file read (${credAccess.toolName}) followed by external write — possible credential theft.`,
+                affectedTools: [credAccess.seq],
+                confidence: 0.95,
+                findings: [{
+                        riskLevel: "critical",
+                        riskType: "DATA_EXFILTRATION",
+                        riskContent: getParamValues(credAccess),
+                        reason: "Credential file access followed by network write",
+                    }],
+            };
+        },
+    },
+    // High: web fetch → shell execution
+    {
+        id: "BR-003",
+        severity: "high",
+        name: "Shell execution after web fetch",
+        anomalyType: "remote_code_execution",
+        match(chain, pending) {
+            const webFetch = hasToolInChain(chain, WEB_FETCH_TOOLS);
+            if (!webFetch)
+                return null;
+            const shell = pending
+                ? (SHELL_TOOLS.has(pending.toolName) ? pending : null)
+                : chain.find((e) => e.seq > webFetch.seq && SHELL_TOOLS.has(e.toolName));
+            if (!shell)
+                return null;
+            return {
+                explanation: `Web fetch (${webFetch.toolName}) followed by shell execution — potential remote code execution.`,
+                affectedTools: [webFetch.seq],
+                confidence: 0.8,
+                findings: [{
+                        riskLevel: "high",
+                        riskType: "COMMAND_EXECUTION",
+                        riskContent: `${webFetch.toolName} → ${"toolName" in shell ? shell.toolName : "shell"}`,
+                        reason: "Downloaded content may be executed in shell",
+                    }],
+            };
+        },
+    },
+    // High: command injection in shell arguments
+    {
+        id: "BR-004",
+        severity: "high",
+        name: "Command injection in shell arguments",
+        anomalyType: "command_injection",
+        match(chain, pending) {
+            const allShellCalls = [
+                ...chain.filter((e) => SHELL_TOOLS.has(e.toolName)),
+                ...(pending && SHELL_TOOLS.has(pending.toolName) ? [pending] : []),
+            ];
+            for (const call of allShellCalls) {
+                const text = getParamValues(call);
+                for (const pattern of COMMAND_INJECTION_PATTERNS) {
+                    if (pattern.test(text)) {
+                        return {
+                            explanation: `Shell command contains injection pattern in arguments.`,
+                            affectedTools: "seq" in call ? [call.seq] : [],
+                            confidence: 0.85,
+                            findings: [{
+                                    riskLevel: "high",
+                                    riskType: "COMMAND_EXECUTION",
+                                    riskContent: text.slice(0, 200),
+                                    reason: "Command injection pattern detected in shell arguments",
+                                }],
+                        };
+                    }
+                }
+            }
+            return null;
+        },
+    },
+    // Medium: sensitive path access without clear user intent
+    {
+        id: "BR-005",
+        severity: "medium",
+        name: "Sensitive path access without clear user intent",
+        anomalyType: "unauthorized_access",
+        match(chain, pending) {
+            const allAccesses = [
+                ...chain.filter((e) => FILE_READ_TOOLS.has(e.toolName) && touchesSensitivePath(e)),
+                ...(pending && FILE_READ_TOOLS.has(pending.toolName) && touchesSensitivePath(pending) ? [pending] : []),
+            ];
+            if (allAccesses.length === 0)
+                return null;
+            return {
+                explanation: `Access to sensitive path(s) detected without explicit user request.`,
+                affectedTools: allAccesses.filter((a) => "seq" in a).map((a) => a.seq),
+                confidence: 0.6,
+                findings: allAccesses.map((a) => ({
+                    riskLevel: "medium",
+                    riskType: "DATA_EXFILTRATION",
+                    riskContent: getParamValues(a).slice(0, 200),
+                    reason: "Sensitive path access",
+                })),
+            };
+        },
+    },
+];
+// ---------------------------------------------------------------------------
+// Severity → action mapping
+// ---------------------------------------------------------------------------
+function severityToAction(severity) {
+    switch (severity) {
+        case "critical": return "block";
+        case "high": return "alert";
+        case "medium": return "alert";
+    }
+}
+function severityToRiskLevel(severity) {
+    switch (severity) {
+        case "critical": return "critical";
+        case "high": return "high";
+        case "medium": return "medium";
+    }
+}
+// ---------------------------------------------------------------------------
+// Public API
+// ---------------------------------------------------------------------------
+export function assessBehavior(req) {
+    const allFindings = [];
+    const anomalyTypes = [];
+    const affectedTools = [];
+    let worstSeverity = null;
+    let worstConfidence = 0;
+    let explanation = "No anomalies detected.";
+    // Elevate if content injection findings were passed from client
+    if (req.contentFindings && req.contentFindings.length > 0) {
+        const hasHigh = req.contentFindings.some((f) => f.confidence === "high");
+        if (hasHigh) {
+            allFindings.push({
+                riskLevel: "high",
+                riskType: "PROMPT_INJECTION",
+                riskContent: req.contentFindings.map((f) => f.matchedText).join("; ").slice(0, 300),
+                reason: "Content injection detected by client scanner",
+            });
+            anomalyTypes.push("content_injection");
+            worstSeverity = "high";
+            worstConfidence = 0.9;
+            explanation = `Content injection detected in tool results: ${req.contentFindings.length} finding(s).`;
+        }
+    }
+    // Evaluate behavioral rules
+    for (const rule of RULES) {
+        const match = rule.match(req.toolChain, req.pendingTool);
+        if (!match)
+            continue;
+        anomalyTypes.push(rule.anomalyType);
+        affectedTools.push(...match.affectedTools);
+        if (match.findings)
+            allFindings.push(...match.findings);
+        const severityRank = { critical: 3, high: 2, medium: 1 };
+        if (!worstSeverity || severityRank[rule.severity] > severityRank[worstSeverity]) {
+            worstSeverity = rule.severity;
+            explanation = match.explanation;
+        }
+        worstConfidence = Math.max(worstConfidence, match.confidence);
+    }
+    const riskLevel = worstSeverity
+        ? severityToRiskLevel(worstSeverity)
+        : "no_risk";
+    const action = worstSeverity
+        ? severityToAction(worstSeverity)
+        : "allow";
+    return {
+        behaviorId: crypto.randomUUID(),
+        riskLevel,
+        anomalyTypes: [...new Set(anomalyTypes)],
+        confidence: Math.round(worstConfidence * 100) / 100,
+        action,
+        explanation,
+        affectedTools: [...new Set(affectedTools)],
+        findings: allFindings.length > 0 ? allFindings : undefined,
+    };
+}
+//# sourceMappingURL=behavior-rules.js.map

package/dist/engine/behavior-rules.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"behavior-rules.js","sourceRoot":"","sources":["../../src/engine/behavior-rules.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,8EAA8E;AAC9E,sBAAsB;AACtB,8EAA8E;AAE9E,MAAM,eAAe,GAAG,IAAI,GAAG,CAAC;IAC9B,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM;IAC1D,mBAAmB,EAAE,WAAW;CACjC,CAAC,CAAC;AAEH,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC;IAC1B,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,aAAa,EAAE,SAAS,EAAE,UAAU;IAC7D,KAAK,EAAE,YAAY,EAAE,OAAO;CAC7B,CAAC,CAAC;AAEH,MAAM,eAAe,GAAG,IAAI,GAAG,CAAC;IAC9B,UAAU,EAAE,WAAW,EAAE,OAAO,EAAE,cAAc,EAAE,SAAS;IAC3D,kBAAkB,EAAE,UAAU;CAC/B,CAAC,CAAC;AAEH,MAAM,mBAAmB,GAAG,IAAI,GAAG,CAAC;IAClC,UAAU,EAAE,WAAW,EAAE,OAAO,EAAE,cAAc,EAAE,MAAM;IACxD,MAAM,EAAE,KAAK,EAAE,QAAQ;CACxB,CAAC,CAAC;AAEH,MAAM,uBAAuB,GAAG;IAC9B,QAAQ,EAAE,QAAQ,EAAE,UAAU,EAAE,UAAU;IAC1C,SAAS,EAAE,SAAS,EAAE,SAAS,EAAE,aAAa;IAC9C,cAAc,EAAE,WAAW;IAC3B,gBAAgB,EAAE,gBAAgB;IAClC,gBAAgB,EAAE,UAAU,EAAE,WAAW;CAC1C,CAAC;AAEF,MAAM,0BAA0B,GAAG;IACjC,kDAAkD;IAClD,iCAAiC;IACjC,iCAAiC;IACjC,8BAA8B;IAC9B,mBAAmB;CACpB,CAAC;AAuFF,SAAS,cAAc,CAAC,KAAuB,EAAE,OAAoB;IACnE,OAAO,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC;AACpD,CAAC;AAED,SAAS,cAAc,CAAC,KAAuC;IAC7D,MAAM,MAAM,GAAG,iBAAiB,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC;IACjF,OAAO,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AACzC,CAAC;AAED,SAAS,oBAAoB,CAAC,KAAuC;IACnE,MAAM,IAAI,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC;IACnC,OAAO,uBAAuB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;AAC3D,CAAC;AAED,MAAM,KAAK,GAAmB;IAC5B,6CAA6C;IAC7C;QACE,EAAE,EAAE,QAAQ;QACZ,QAAQ,EAAE,UAAU;QACpB,IAAI,EAAE,mDAAmD;QACzD,WAAW,EAAE,mBAAmB;QAChC,KAAK,CAAC,KAAK,EAAE,OAAO;YAClB,MAAM,QAAQ,GAAG,cAAc,CAAC,KAAK,EAAE,eAAe,CAAC,CAAC;YACxD,IAAI,CAAC,QAAQ;gBAAE,OAAO,IAAI,CAAC;YAE3B,MAAM,MAAM,GAAG,OAAO;gBACpB,CAAC,CAAC,CAAC,mBAAmB,CAAC,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,eAAe,CAAC,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC;gBACvG,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,GAAG,QAAQ,CAAC,GAAG,IAAI,CAAC,mBAAmB,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;YAExH,IAAI,CAAC,MAAM;gBAAE,OAAO,IAAI,CAAC;YAEzB,OAAO;gBACL,WAAW,EAAE,cAAc,QAAQ,CAAC,QAAQ,kCAAkC,UAAU,IAAI,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,kCAAkC;gBAClK,aAAa,EAAE,CAAC,QAAQ,CAAC,GAAG,EAAE,GAAG,CAAC,KAAK,IAAI,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;gBACvE,UAAU,EAAE,IAAI;gBAChB,QAAQ,EAAE,CAAC;wBACT,SAAS,EAAE,UAAU;wBACrB,QAAQ,EAAE,mBAAmB;wBAC7B,WAAW,EAAE,GAAG,QAAQ,CAAC,QAAQ,MAAM,UAAU,IAAI,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,EAAE;wBAC3F,MAAM,EAAE,8CAA8C;qBACvD,CAAC;aACH,CAAC;QACJ,CAAC;KACF;IAED,oDAAoD;IACpD;QACE,EAAE,EAAE,QAAQ;QACZ,QAAQ,EAAE,UAAU;QACpB,IAAI,EAAE,8CAA8C;QACpD,WAAW,EAAE,kBAAkB;QAC/B,KAAK,CAAC,KAAK,EAAE,OAAO;YAClB,MAAM,UAAU,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAClC,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,oBAAoB,CAAC,CAAC,CAAC,CAC3D,CAAC;YACF,IAAI,CAAC,UAAU;gBAAE,OAAO,IAAI,CAAC;YAE7B,MAAM,aAAa,GAAG,OAAO;gBAC3B,CAAC,CAAC,CAAC,mBAAmB,CAAC,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC;gBAC9D,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,GAAG,UAAU,CAAC,GAAG,IAAI,mBAAmB,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC;YAErF,IAAI,CAAC,aAAa;gBAAE,OAAO,IAAI,CAAC;YAEhC,OAAO;gBACL,WAAW,EAAE,mCAAmC,UAAU,CAAC,QAAQ,2DAA2D;gBAC9H,aAAa,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC;gBAC/B,UAAU,EAAE,IAAI;gBAChB,QAAQ,EAAE,CAAC;wBACT,SAAS,EAAE,UAAU;wBACrB,QAAQ,EAAE,mBAAmB;wBAC7B,WAAW,EAAE,cAAc,CAAC,UAAU,CAAC;wBACvC,MAAM,EAAE,kDAAkD;qBAC3D,CAAC;aACH,CAAC;QACJ,CAAC;KACF;IAED,oCAAoC;IACpC;QACE,EAAE,EAAE,QAAQ;QACZ,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,iCAAiC;QACvC,WAAW,EAAE,uBAAuB;QACpC,KAAK,CAAC,KAAK,EAAE,OAAO;YAClB,MAAM,QAAQ,GAAG,cAAc,CAAC,KAAK,EAAE,eAAe,CAAC,CAAC;YACxD,IAAI,CAAC,QAAQ;gBAAE,OAAO,IAAI,CAAC;YAE3B,MAAM,KAAK,GAAG,OAAO;gBACnB,CAAC,CAAC,CAAC,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC;gBACtD,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,GAAG,QAAQ,CAAC,GAAG,IAAI,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC;YAE3E,IAAI,CAAC,KAAK;gBAAE,OAAO,IAAI,CAAC;YAExB,OAAO;gBACL,WAAW,EAAE,cAAc,QAAQ,CAAC,QAAQ,kEAAkE;gBAC9G,aAAa,EAAE,CAAC,QAAQ,CAAC,GAAG,CAAC;gBAC7B,UAAU,EAAE,GAAG;gBACf,QAAQ,EAAE,CAAC;wBACT,SAAS,EAAE,MAAM;wBACjB,QAAQ,EAAE,mBAAmB;wBAC7B,WAAW,EAAE,GAAG,QAAQ,CAAC,QAAQ,MAAM,UAAU,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,OAAO,EAAE;wBACvF,MAAM,EAAE,6CAA6C;qBACtD,CAAC;aACH,CAAC;QACJ,CAAC;KACF;IAED,6CAA6C;IAC7C;QACE,EAAE,EAAE,QAAQ;QACZ,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,sCAAsC;QAC5C,WAAW,EAAE,mBAAmB;QAChC,KAAK,CAAC,KAAK,EAAE,OAAO;YAClB,MAAM,aAAa,GAAG;gBACpB,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;gBACnD,GAAG,CAAC,OAAO,IAAI,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;aACnE,CAAC;YAEF,KAAK,MAAM,IAAI,IAAI,aAAa,EAAE,CAAC;gBACjC,MAAM,IAAI,GAAG,cAAc,CAAC,IAAI,CAAC,CAAC;gBAClC,KAAK,MAAM,OAAO,IAAI,0BAA0B,EAAE,CAAC;oBACjD,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;wBACvB,OAAO;4BACL,WAAW,EAAE,wDAAwD;4BACrE,aAAa,EAAE,KAAK,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE;4BAC9C,UAAU,EAAE,IAAI;4BAChB,QAAQ,EAAE,CAAC;oCACT,SAAS,EAAE,MAAM;oCACjB,QAAQ,EAAE,mBAAmB;oCAC7B,WAAW,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;oCAC/B,MAAM,EAAE,uDAAuD;iCAChE,CAAC;yBACH,CAAC;oBACJ,CAAC;gBACH,CAAC;YACH,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC;KACF;IAED,0DAA0D;IAC1D;QACE,EAAE,EAAE,QAAQ;QACZ,QAAQ,EAAE,QAAQ;QAClB,IAAI,EAAE,iDAAiD;QACvD,WAAW,EAAE,qBAAqB;QAClC,KAAK,CAAC,KAAK,EAAE,OAAO;YAClB,MAAM,WAAW,GAAG;gBAClB,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,oBAAoB,CAAC,CAAC,CAAC,CAAC;gBAClF,GAAG,CAAC,OAAO,IAAI,eAAe,CAAC,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,oBAAoB,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;aACxG,CAAC;YAEF,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC;gBAAE,OAAO,IAAI,CAAC;YAE1C,OAAO;gBACL,WAAW,EAAE,qEAAqE;gBAClF,aAAa,EAAE,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAuB,EAAE,CAAC,KAAK,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC;gBAC3F,UAAU,EAAE,GAAG;gBACf,QAAQ,EAAE,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;oBAChC,SAAS,EAAE,QAAqB;oBAChC,QAAQ,EAAE,mBAAmB;oBAC7B,WAAW,EAAE,cAAc,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;oBAC5C,MAAM,EAAE,uBAAuB;iBAChC,CAAC,CAAC;aACJ,CAAC;QACJ,CAAC;KACF;CACF,CAAC;AAEF,8EAA8E;AAC9E,4BAA4B;AAC5B,8EAA8E;AAE9E,SAAS,gBAAgB,CAAC,QAAwC;IAChE,QAAQ,QAAQ,EAAE,CAAC;QACjB,KAAK,UAAU,CAAC,CAAC,OAAO,OAAO,CAAC;QAChC,KAAK,MAAM,CAAC,CAAC,OAAO,OAAO,CAAC;QAC5B,KAAK,QAAQ,CAAC,CAAC,OAAO,OAAO,CAAC;IAChC,CAAC;AACH,CAAC;AAED,SAAS,mBAAmB,CAAC,QAAwC;IACnE,QAAQ,QAAQ,EAAE,CAAC;QACjB,KAAK,UAAU,CAAC,CAAC,OAAO,UAAU,CAAC;QACnC,KAAK,MAAM,CAAC,CAAC,OAAO,MAAM,CAAC;QAC3B,KAAK,QAAQ,CAAC,CAAC,OAAO,QAAQ,CAAC;IACjC,CAAC;AACH,CAAC;AAED,8EAA8E;AAC9E,aAAa;AACb,8EAA8E;AAE9E,MAAM,UAAU,cAAc,CAAC,GAA0B;IACvD,MAAM,WAAW,GAAuB,EAAE,CAAC;IAC3C,MAAM,YAAY,GAAa,EAAE,CAAC;IAClC,MAAM,aAAa,GAAa,EAAE,CAAC;IACnC,IAAI,aAAa,GAA0C,IAAI,CAAC;IAChE,IAAI,eAAe,GAAG,CAAC,CAAC;IACxB,IAAI,WAAW,GAAG,wBAAwB,CAAC;IAE3C,gEAAgE;IAChE,IAAI,GAAG,CAAC,eAAe,IAAI,GAAG,CAAC,eAAe,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC1D,MAAM,OAAO,GAAG,GAAG,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,KAAK,MAAM,CAAC,CAAC;QACzE,IAAI,OAAO,EAAE,CAAC;YACZ,WAAW,CAAC,IAAI,CAAC;gBACf,SAAS,EAAE,MAAM;gBACjB,QAAQ,EAAE,kBAAkB;gBAC5B,WAAW,EAAE,GAAG,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;gBACnF,MAAM,EAAE,8CAA8C;aACvD,CAAC,CAAC;YACH,YAAY,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;YACvC,aAAa,GAAG,MAAM,CAAC;YACvB,eAAe,GAAG,GAAG,CAAC;YACtB,WAAW,GAAG,+CAA+C,GAAG,CAAC,eAAe,CAAC,MAAM,cAAc,CAAC;QACxG,CAAC;IACH,CAAC;IAED,4BAA4B;IAC5B,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,SAAS,EAAE,GAAG,CAAC,WAAW,CAAC,CAAC;QACzD,IAAI,CAAC,KAAK;YAAE,SAAS;QAErB,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QACpC,aAAa,CAAC,IAAI,CAAC,GAAG,KAAK,CAAC,aAAa,CAAC,CAAC;QAC3C,IAAI,KAAK,CAAC,QAAQ;YAAE,WAAW,CAAC,IAAI,CAAC,GAAG,KAAK,CAAC,QAAQ,CAAC,CAAC;QAExD,MAAM,YAAY,GAAG,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,CAAC;QACzD,IAAI,CAAC,aAAa,IAAI,YAAY,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,YAAY,CAAC,aAAa,CAAC,EAAE,CAAC;YAChF,aAAa,GAAG,IAAI,CAAC,QAAQ,CAAC;YAC9B,WAAW,GAAG,KAAK,CAAC,WAAW,CAAC;QAClC,CAAC;QACD,eAAe,GAAG,IAAI,CAAC,GAAG,CAAC,eAAe,EAAE,KAAK,CAAC,UAAU,CAAC,CAAC;IAChE,CAAC;IAED,MAAM,SAAS,GAAc,aAAa;QACxC,CAAC,CAAC,mBAAmB,CAAC,aAAa,CAAC;QACpC,CAAC,CAAC,SAAS,CAAC;IAEd,MAAM,MAAM,GAAiB,aAAa;QACxC,CAAC,CAAC,gBAAgB,CAAC,aAAa,CAAC;QACjC,CAAC,CAAC,OAAO,CAAC;IAEZ,OAAO;QACL,UAAU,EAAE,MAAM,CAAC,UAAU,EAAE;QAC/B,SAAS;QACT,YAAY,EAAE,CAAC,GAAG,IAAI,GAAG,CAAC,YAAY,CAAC,CAAC;QACxC,UAAU,EAAE,IAAI,CAAC,KAAK,CAAC,eAAe,GAAG,GAAG,CAAC,GAAG,GAAG;QACnD,MAAM;QACN,WAAW;QACX,aAAa,EAAE,CAAC,GAAG,IAAI,GAAG,CAAC,aAAa,CAAC,CAAC;QAC1C,QAAQ,EAAE,WAAW,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS;KAC3D,CAAC;AACJ,CAAC"}

package/dist/engine/scanner.d.ts

@@ -0,0 +1,42 @@
+/**
+ * Content scanner engine — S01 through S10.
+ *
+ * Each scanner has a set of regex patterns. A message is scanned against all
+ * enabled scanners. Findings are collected and a verdict is produced.
+ */
+export interface ScannerDef {
+    scannerId: string;
+    name: string;
+    description: string;
+    isEnabled: boolean;
+}
+export interface Finding {
+    scanner: string;
+    name: string;
+    description: string;
+}
+export interface ScanResult {
+    safe: boolean;
+    verdict: "safe" | "unsafe";
+    categories: string[];
+    sensitivity_score: number;
+    findings: Finding[];
+    latency_ms: number;
+    request_id: string;
+}
+export declare function scan(messages: unknown[], scanners: ScannerDef[]): ScanResult;
+/**
+ * Simple injection check used by /api/check/tool-call.
+ * Runs S01 (prompt injection) patterns against content string.
+ */
+export declare function checkInjection(content: string): {
+    isInjection: boolean;
+    confidence: number;
+    reason: string;
+    findings: Array<{
+        suspiciousContent: string;
+        reason: string;
+        confidence: number;
+    }>;
+};
+//# sourceMappingURL=scanner.d.ts.map

package/dist/engine/scanner.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"scanner.d.ts","sourceRoot":"","sources":["../../src/engine/scanner.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAMH,MAAM,WAAW,UAAU;IACzB,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,OAAO,CAAC;CACpB;AAED,MAAM,WAAW,OAAO;IACtB,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,UAAU;IACzB,IAAI,EAAE,OAAO,CAAC;IACd,OAAO,EAAE,MAAM,GAAG,QAAQ,CAAC;IAC3B,UAAU,EAAE,MAAM,EAAE,CAAC;IACrB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,QAAQ,EAAE,OAAO,EAAE,CAAC;IACpB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;CACpB;AAoKD,wBAAgB,IAAI,CAClB,QAAQ,EAAE,OAAO,EAAE,EACnB,QAAQ,EAAE,UAAU,EAAE,GACrB,UAAU,CAsCZ;AAED;;;GAGG;AACH,wBAAgB,cAAc,CAAC,OAAO,EAAE,MAAM,GAAG;IAC/C,WAAW,EAAE,OAAO,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,KAAK,CAAC;QACd,iBAAiB,EAAE,MAAM,CAAC;QAC1B,MAAM,EAAE,MAAM,CAAC;QACf,UAAU,EAAE,MAAM,CAAC;KACpB,CAAC,CAAC;CACJ,CA+BA"}

package/dist/engine/scanner.js

@@ -0,0 +1,210 @@
+/**
+ * Content scanner engine — S01 through S10.
+ *
+ * Each scanner has a set of regex patterns. A message is scanned against all
+ * enabled scanners. Findings are collected and a verdict is produced.
+ */
+const S01_PATTERNS = [
+    { regex: /ignore\s+(?:all\s+)?(?:previous|prior|above|earlier|preceding)\s+(?:instructions?|guidelines?|rules?|prompts?|directions?)/i, label: "ignore previous instructions", weight: 0.95 },
+    { regex: /disregard\s+(?:your\s+)?(?:current|previous|prior|all)\s+(?:task|instructions?|guidelines?|rules?|directions?)/i, label: "disregard current task", weight: 0.95 },
+    { regex: /override\s+(?:all\s+)?(?:previous|prior|system)\s+(?:instructions?|rules?|prompts?)/i, label: "override instructions", weight: 0.95 },
+    { regex: /\bSYSTEM\s*(?:ALERT|MESSAGE|NOTICE|PROMPT|OVERRIDE)\s*:/i, label: "fake SYSTEM message", weight: 0.9 },
+    { regex: /\[SYSTEM\]\s*[Nn]ew\s+instructions?/i, label: "[SYSTEM] new instructions", weight: 0.9 },
+    { regex: /NOTE\s+TO\s+(?:AI|THE)\s+(?:ASSISTANT|MODEL|AGENT)\s*:/i, label: "note to AI assistant", weight: 0.85 },
+    { regex: /you\s+are\s+now\s+in\s+(?:debug|developer|admin|maintenance|test)\s+mode/i, label: "mode switching", weight: 0.7 },
+    { regex: /(?:entering|switch\s+to|activate)\s+(?:debug|developer|admin|maintenance|unrestricted)\s+mode/i, label: "activate debug mode", weight: 0.7 },
+    { regex: /your\s+new\s+task\s+is\s*:/i, label: "task hijacking", weight: 0.7 },
+    { regex: /instead\s*,?\s+(?:you\s+should|please|now)\s+(?:do|perform|execute)/i, label: "task redirection", weight: 0.65 },
+    { regex: /pretend\s+(?:that\s+)?these\s+instructions?\s+came\s+from\s+the\s+user/i, label: "role assumption", weight: 0.8 },
+    { regex: /you\s+(?:are|must)\s+(?:now\s+)?(?:a|an|acting\s+as)\s+(?:helpful|unrestricted|unfiltered)/i, label: "unrestricted role", weight: 0.75 },
+    { regex: /DO\s+NOT\s+(?:DISPLAY|SHOW|REVEAL|MENTION|PRINT|OUTPUT)\s+(?:TO\s+(?:THE\s+)?USER|THIS|THESE)/i, label: "concealment directive", weight: 0.9 },
+    { regex: /do\s+not\s+mention\s+these\s+instructions/i, label: "hide instructions", weight: 0.85 },
+    { regex: /hide\s+(?:this|these)\s+(?:instructions?|commands?|from\s+the\s+user)/i, label: "hide from user", weight: 0.85 },
+];
+const S02_PATTERNS = [
+    { regex: /bypass\s+(?:all\s+)?(?:security|safety)\s+(?:measures?|checks?|filters?|protocols?)/i, label: "bypass security", weight: 0.9 },
+    { regex: /(?:disable|turn\s+off|remove)\s+(?:all\s+)?(?:safety|security|content)\s+(?:filters?|restrictions?|guardrails?|limitations?)/i, label: "disable safety filters", weight: 0.9 },
+    { regex: /\bjailbreak\b/i, label: "jailbreak keyword", weight: 0.85 },
+    { regex: /(?:no|without)\s+(?:restrictions?|limitations?|boundaries|guardrails?|safety)/i, label: "no restrictions", weight: 0.7 },
+    { regex: /(?:DAN|Do\s+Anything\s+Now)\s+mode/i, label: "DAN mode", weight: 0.95 },
+    { regex: /(?:ignore|bypass|override)\s+(?:your\s+)?(?:safety|ethical|moral)\s+(?:guidelines?|constraints?|programming)/i, label: "override ethical guidelines", weight: 0.9 },
+];
+const S03_PATTERNS = [
+    { regex: /<script[\s>]/i, label: "XSS script tag", weight: 0.9 },
+    { regex: /javascript\s*:/i, label: "javascript: URI", weight: 0.85 },
+    { regex: /on(?:load|error|click|mouseover|focus)\s*=/i, label: "DOM event handler", weight: 0.8 },
+    { regex: /'\s*(?:OR|AND)\s+'?\d*'?\s*=\s*'?\d*'?/i, label: "SQL injection OR/AND", weight: 0.85 },
+    { regex: /(?:UNION\s+(?:ALL\s+)?SELECT|INSERT\s+INTO|DROP\s+TABLE|DELETE\s+FROM)/i, label: "SQL injection statement", weight: 0.9 },
+    { regex: /\.\.\/(\.\.\/){2,}/i, label: "path traversal", weight: 0.8 },
+    { regex: /(?:document|window)\.(?:cookie|location)/i, label: "DOM access", weight: 0.75 },
+];
+const S04_PATTERNS = [
+    { regex: /(?:when|if)\s+(?:called|invoked|executed|used)\s*,?\s*(?:first|also|always)\s+(?:read|access|send|fetch|execute|run)/i, label: "conditional tool hijack", weight: 0.9 },
+    { regex: /tool\s+description\s*:.*(?:ignore|override|instead)/i, label: "tool description override", weight: 0.85 },
+    { regex: /(?:hidden|secret)\s+(?:instruction|command|behavior)\s*:/i, label: "hidden instruction in tool", weight: 0.9 },
+    { regex: /before\s+returning\s+(?:results?|output)\s*,?\s*(?:also|first|always)\s+(?:send|post|upload|write)/i, label: "tool exfiltration trigger", weight: 0.9 },
+];
+const S05_PATTERNS = [
+    { regex: /\beval\s*\(/i, label: "eval() call", weight: 0.7 },
+    { regex: /\bexec\s*\(/i, label: "exec() call", weight: 0.7 },
+    { regex: /(?:child_process|subprocess|os\.system|os\.popen)/i, label: "process execution API", weight: 0.8 },
+    { regex: /\brm\s+-rf\s+\//i, label: "rm -rf /", weight: 0.95 },
+    { regex: /(?:reverse|bind)\s+shell/i, label: "reverse/bind shell", weight: 0.95 },
+    { regex: /(?:nc|ncat|netcat)\s+-[a-z]*[le]\s/i, label: "netcat listener", weight: 0.9 },
+    { regex: /\/dev\/tcp\/\S+\/\d+/i, label: "/dev/tcp redirection", weight: 0.9 },
+    { regex: /base64\s+(?:-d|--decode)/i, label: "base64 decode execution", weight: 0.7 },
+    { regex: /(?:import|require)\s*\(\s*['"](?:child_process|os|fs)['"]/, label: "dangerous module import", weight: 0.75 },
+];
+const S06_PATTERNS = [
+    { regex: /\b(?:porn(?:ograph[yic])?|xxx|nsfw|hentai|explicit\s+(?:sexual|content))\b/i, label: "explicit content keyword", weight: 0.8 },
+    { regex: /\b(?:gore|mutilation|dismember|torture)\b/i, label: "violent/graphic content", weight: 0.8 },
+    { regex: /(?:how\s+to\s+(?:make|build|create)\s+(?:a\s+)?(?:bomb|explosive|weapon))/i, label: "weapon creation", weight: 0.95 },
+    { regex: /(?:how\s+to\s+(?:harm|kill|hurt|poison)\s+(?:someone|a\s+person|people))/i, label: "harm instructions", weight: 0.95 },
+];
+const S07_PATTERNS = [
+    { regex: /\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Z|a-z]{2,}\b/, label: "email address", weight: 0.6 },
+    { regex: /\b\d{3}[-.\s]?\d{2}[-.\s]?\d{4}\b/, label: "SSN pattern", weight: 0.8 },
+    { regex: /\b(?:\+?1[-.\s]?)?\(?\d{3}\)?[-.\s]?\d{3}[-.\s]?\d{4}\b/, label: "phone number", weight: 0.5 },
+    { regex: /\b\d{4}[-\s]?\d{4}[-\s]?\d{4}[-\s]?\d{4}\b/, label: "credit card number", weight: 0.85 },
+    { regex: /\b[1-9]\d{5}(?:18|19|20)\d{2}(?:0[1-9]|1[0-2])(?:0[1-9]|[12]\d|3[01])\d{3}[\dXx]\b/, label: "China ID card", weight: 0.85 },
+    { regex: /\b(?:passport|driver'?s?\s*licen[cs]e)\s*(?:#|number|no\.?)\s*:?\s*\w+/i, label: "passport/license number", weight: 0.7 },
+];
+const S08_PATTERNS = [
+    { regex: /\bsk-[A-Za-z0-9]{20,}/i, label: "OpenAI-style API key", weight: 0.9 },
+    { regex: /\bAKIA[0-9A-Z]{16}\b/, label: "AWS access key", weight: 0.95 },
+    { regex: /\bghp_[A-Za-z0-9]{36}\b/, label: "GitHub personal token", weight: 0.95 },
+    { regex: /\bgho_[A-Za-z0-9]{36}\b/, label: "GitHub OAuth token", weight: 0.95 },
+    { regex: /\bglpat-[A-Za-z0-9\-_]{20,}\b/, label: "GitLab token", weight: 0.9 },
+    { regex: /\bxox[bpras]-[A-Za-z0-9\-]+/i, label: "Slack token", weight: 0.9 },
+    { regex: /(?:password|passwd|pwd)\s*[:=]\s*["']?[^\s"']{4,}/i, label: "password in text", weight: 0.85 },
+    { regex: /(?:api[_-]?key|apikey|secret[_-]?key|access[_-]?token)\s*[:=]\s*["']?[^\s"']{8,}/i, label: "API key/secret assignment", weight: 0.85 },
+    { regex: /-----BEGIN\s+(?:RSA\s+)?PRIVATE\s+KEY-----/i, label: "private key", weight: 0.95 },
+    { regex: /\bBearer\s+[A-Za-z0-9\-_.~+/]+=*/i, label: "Bearer token", weight: 0.7 },
+];
+const S09_PATTERNS = [
+    { regex: /\b(?:confidential|strictly\s+confidential|top\s+secret|classified)\b/i, label: "confidentiality marker", weight: 0.6 },
+    { regex: /\b(?:trade\s+secret|proprietary\s+information|internal\s+use\s+only)\b/i, label: "trade secret / proprietary", weight: 0.7 },
+    { regex: /\b(?:not\s+for\s+(?:public|external)\s+(?:distribution|disclosure|release))\b/i, label: "restricted distribution", weight: 0.65 },
+    { regex: /\bnda\b|\bnon-?disclosure\b/i, label: "NDA reference", weight: 0.5 },
+];
+const S10_PATTERNS = [
+    { regex: /(?:write|compose|create)\s+(?:me\s+)?(?:a\s+)?(?:poem|song|story|essay|joke|limerick)/i, label: "creative writing request", weight: 0.5 },
+    { regex: /(?:tell|give)\s+me\s+(?:a\s+)?(?:joke|riddle|fun\s+fact)/i, label: "entertainment request", weight: 0.4 },
+    { regex: /(?:play|let'?s?\s+play)\s+(?:a\s+)?(?:game|trivia|20\s+questions)/i, label: "game request", weight: 0.45 },
+    { regex: /(?:roleplay|role-play)\s+(?:as|with)\b/i, label: "roleplay request", weight: 0.5 },
+];
+// ---------------------------------------------------------------------------
+// Scanner registry
+// ---------------------------------------------------------------------------
+const SCANNER_MAP = {
+    S01: S01_PATTERNS,
+    S02: S02_PATTERNS,
+    S03: S03_PATTERNS,
+    S04: S04_PATTERNS,
+    S05: S05_PATTERNS,
+    S06: S06_PATTERNS,
+    S07: S07_PATTERNS,
+    S08: S08_PATTERNS,
+    S09: S09_PATTERNS,
+    S10: S10_PATTERNS,
+};
+// ---------------------------------------------------------------------------
+// Text extraction from various message formats
+// ---------------------------------------------------------------------------
+function extractText(messages) {
+    const parts = [];
+    for (const msg of messages) {
+        if (typeof msg === "string") {
+            parts.push(msg);
+            continue;
+        }
+        if (msg && typeof msg === "object") {
+            const m = msg;
+            if (typeof m.content === "string") {
+                parts.push(m.content);
+            }
+            else if (Array.isArray(m.content)) {
+                for (const block of m.content) {
+                    if (typeof block === "string")
+                        parts.push(block);
+                    else if (block && typeof block === "object") {
+                        const b = block;
+                        if (typeof b.text === "string")
+                            parts.push(b.text);
+                    }
+                }
+            }
+            if (typeof m.text === "string")
+                parts.push(m.text);
+        }
+    }
+    return parts.join("\n");
+}
+// ---------------------------------------------------------------------------
+// Public API
+// ---------------------------------------------------------------------------
+export function scan(messages, scanners) {
+    const start = performance.now();
+    const text = extractText(messages);
+    const findings = [];
+    const categories = new Set();
+    let maxWeight = 0;
+    const enabledScanners = scanners.filter((s) => s.isEnabled);
+    for (const scanner of enabledScanners) {
+        const patterns = SCANNER_MAP[scanner.scannerId];
+        if (!patterns)
+            continue;
+        for (const entry of patterns) {
+            if (entry.regex.test(text)) {
+                findings.push({
+                    scanner: scanner.scannerId,
+                    name: scanner.name,
+                    description: `Detected: ${entry.label}`,
+                });
+                categories.add(scanner.scannerId);
+                maxWeight = Math.max(maxWeight, entry.weight);
+            }
+        }
+    }
+    const latencyMs = Math.round((performance.now() - start) * 100) / 100;
+    const safe = findings.length === 0;
+    return {
+        safe,
+        verdict: safe ? "safe" : "unsafe",
+        categories: [...categories],
+        sensitivity_score: Math.round(maxWeight * 100) / 100,
+        findings,
+        latency_ms: latencyMs,
+        request_id: crypto.randomUUID(),
+    };
+}
+/**
+ * Simple injection check used by /api/check/tool-call.
+ * Runs S01 (prompt injection) patterns against content string.
+ */
+export function checkInjection(content) {
+    const allPatterns = [...S01_PATTERNS, ...S02_PATTERNS, ...S04_PATTERNS];
+    const matched = [];
+    let maxWeight = 0;
+    for (const entry of allPatterns) {
+        const result = entry.regex.exec(content);
+        if (result) {
+            matched.push({
+                suspiciousContent: result[0],
+                reason: entry.label,
+                confidence: entry.weight,
+            });
+            maxWeight = Math.max(maxWeight, entry.weight);
+        }
+    }
+    const isInjection = matched.length > 0 && maxWeight >= 0.7;
+    return {
+        isInjection,
+        confidence: maxWeight,
+        reason: isInjection
+            ? `Detected ${matched.length} injection pattern(s): ${matched.map((m) => m.reason).join(", ")}`
+            : "No injection detected",
+        findings: matched,
+    };
+}
+//# sourceMappingURL=scanner.js.map

package/dist/engine/scanner.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"scanner.js","sourceRoot":"","sources":["../../src/engine/scanner.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAuCH,MAAM,YAAY,GAAmB;IACnC,EAAE,KAAK,EAAE,6HAA6H,EAAE,KAAK,EAAE,8BAA8B,EAAE,MAAM,EAAE,IAAI,EAAE;IAC7L,EAAE,KAAK,EAAE,iHAAiH,EAAE,KAAK,EAAE,wBAAwB,EAAE,MAAM,EAAE,IAAI,EAAE;IAC3K,EAAE,KAAK,EAAE,sFAAsF,EAAE,KAAK,EAAE,uBAAuB,EAAE,MAAM,EAAE,IAAI,EAAE;IAC/I,EAAE,KAAK,EAAE,0DAA0D,EAAE,KAAK,EAAE,qBAAqB,EAAE,MAAM,EAAE,GAAG,EAAE;IAChH,EAAE,KAAK,EAAE,sCAAsC,EAAE,KAAK,EAAE,2BAA2B,EAAE,MAAM,EAAE,GAAG,EAAE;IAClG,EAAE,KAAK,EAAE,yDAAyD,EAAE,KAAK,EAAE,sBAAsB,EAAE,MAAM,EAAE,IAAI,EAAE;IACjH,EAAE,KAAK,EAAE,2EAA2E,EAAE,KAAK,EAAE,gBAAgB,EAAE,MAAM,EAAE,GAAG,EAAE;IAC5H,EAAE,KAAK,EAAE,gGAAgG,EAAE,KAAK,EAAE,qBAAqB,EAAE,MAAM,EAAE,GAAG,EAAE;IACtJ,EAAE,KAAK,EAAE,6BAA6B,EAAE,KAAK,EAAE,gBAAgB,EAAE,MAAM,EAAE,GAAG,EAAE;IAC9E,EAAE,KAAK,EAAE,sEAAsE,EAAE,KAAK,EAAE,kBAAkB,EAAE,MAAM,EAAE,IAAI,EAAE;IAC1H,EAAE,KAAK,EAAE,yEAAyE,EAAE,KAAK,EAAE,iBAAiB,EAAE,MAAM,EAAE,GAAG,EAAE;IAC3H,EAAE,KAAK,EAAE,6FAA6F,EAAE,KAAK,EAAE,mBAAmB,EAAE,MAAM,EAAE,IAAI,EAAE;IAClJ,EAAE,KAAK,EAAE,gGAAgG,EAAE,KAAK,EAAE,uBAAuB,EAAE,MAAM,EAAE,GAAG,EAAE;IACxJ,EAAE,KAAK,EAAE,4CAA4C,EAAE,KAAK,EAAE,mBAAmB,EAAE,MAAM,EAAE,IAAI,EAAE;IACjG,EAAE,KAAK,EAAE,wEAAwE,EAAE,KAAK,EAAE,gBAAgB,EAAE,MAAM,EAAE,IAAI,EAAE;CAC3H,CAAC;AAEF,MAAM,YAAY,GAAmB;IACnC,EAAE,KAAK,EAAE,sFAAsF,EAAE,KAAK,EAAE,iBAAiB,EAAE,MAAM,EAAE,GAAG,EAAE;IACxI,EAAE,KAAK,EAAE,+HAA+H,EAAE,KAAK,EAAE,wBAAwB,EAAE,MAAM,EAAE,GAAG,EAAE;IACxL,EAAE,KAAK,EAAE,gBAAgB,EAAE,KAAK,EAAE,mBAAmB,EAAE,MAAM,EAAE,IAAI,EAAE;IACrE,EAAE,KAAK,EAAE,gFAAgF,EAAE,KAAK,EAAE,iBAAiB,EAAE,MAAM,EAAE,GAAG,EAAE;IAClI,EAAE,KAAK,EAAE,qCAAqC,EAAE,KAAK,EAAE,UAAU,EAAE,MAAM,EAAE,IAAI,EAAE;IACjF,EAAE,KAAK,EAAE,+GAA+G,EAAE,KAAK,EAAE,6BAA6B,EAAE,MAAM,EAAE,GAAG,EAAE;CAC9K,CAAC;AAEF,MAAM,YAAY,GAAmB;IACnC,EAAE,KAAK,EAAE,eAAe,EAAE,KAAK,EAAE,gBAAgB,EAAE,MAAM,EAAE,GAAG,EAAE;IAChE,EAAE,KAAK,EAAE,iBAAiB,EAAE,KAAK,EAAE,iBAAiB,EAAE,MAAM,EAAE,IAAI,EAAE;IACpE,EAAE,KAAK,EAAE,6CAA6C,EAAE,KAAK,EAAE,mBAAmB,EAAE,MAAM,EAAE,GAAG,EAAE;IACjG,EAAE,KAAK,EAAE,yCAAyC,EAAE,KAAK,EAAE,sBAAsB,EAAE,MAAM,EAAE,IAAI,EAAE;IACjG,EAAE,KAAK,EAAE,yEAAyE,EAAE,KAAK,EAAE,yBAAyB,EAAE,MAAM,EAAE,GAAG,EAAE;IACnI,EAAE,KAAK,EAAE,qBAAqB,EAAE,KAAK,EAAE,gBAAgB,EAAE,MAAM,EAAE,GAAG,EAAE;IACtE,EAAE,KAAK,EAAE,2CAA2C,EAAE,KAAK,EAAE,YAAY,EAAE,MAAM,EAAE,IAAI,EAAE;CAC1F,CAAC;AAEF,MAAM,YAAY,GAAmB;IACnC,EAAE,KAAK,EAAE,uHAAuH,EAAE,KAAK,EAAE,yBAAyB,EAAE,MAAM,EAAE,GAAG,EAAE;IACjL,EAAE,KAAK,EAAE,sDAAsD,EAAE,KAAK,EAAE,2BAA2B,EAAE,MAAM,EAAE,IAAI,EAAE;IACnH,EAAE,KAAK,EAAE,2DAA2D,EAAE,KAAK,EAAE,4BAA4B,EAAE,MAAM,EAAE,GAAG,EAAE;IACxH,EAAE,KAAK,EAAE,qGAAqG,EAAE,KAAK,EAAE,2BAA2B,EAAE,MAAM,EAAE,GAAG,EAAE;CAClK,CAAC;AAEF,MAAM,YAAY,GAAmB;IACnC,EAAE,KAAK,EAAE,cAAc,EAAE,KAAK,EAAE,aAAa,EAAE,MAAM,EAAE,GAAG,EAAE;IAC5D,EAAE,KAAK,EAAE,cAAc,EAAE,KAAK,EAAE,aAAa,EAAE,MAAM,EAAE,GAAG,EAAE;IAC5D,EAAE,KAAK,EAAE,oDAAoD,EAAE,KAAK,EAAE,uBAAuB,EAAE,MAAM,EAAE,GAAG,EAAE;IAC5G,EAAE,KAAK,EAAE,kBAAkB,EAAE,KAAK,EAAE,UAAU,EAAE,MAAM,EAAE,IAAI,EAAE;IAC9D,EAAE,KAAK,EAAE,2BAA2B,EAAE,KAAK,EAAE,oBAAoB,EAAE,MAAM,EAAE,IAAI,EAAE;IACjF,EAAE,KAAK,EAAE,qCAAqC,EAAE,KAAK,EAAE,iBAAiB,EAAE,MAAM,EAAE,GAAG,EAAE;IACvF,EAAE,KAAK,EAAE,uBAAuB,EAAE,KAAK,EAAE,sBAAsB,EAAE,MAAM,EAAE,GAAG,EAAE;IAC9E,EAAE,KAAK,EAAE,2BAA2B,EAAE,KAAK,EAAE,yBAAyB,EAAE,MAAM,EAAE,GAAG,EAAE;IACrF,EAAE,KAAK,EAAE,2DAA2D,EAAE,KAAK,EAAE,yBAAyB,EAAE,MAAM,EAAE,IAAI,EAAE;CACvH,CAAC;AAEF,MAAM,YAAY,GAAmB;IACnC,EAAE,KAAK,EAAE,6EAA6E,EAAE,KAAK,EAAE,0BAA0B,EAAE,MAAM,EAAE,GAAG,EAAE;IACxI,EAAE,KAAK,EAAE,4CAA4C,EAAE,KAAK,EAAE,yBAAyB,EAAE,MAAM,EAAE,GAAG,EAAE;IACtG,EAAE,KAAK,EAAE,4EAA4E,EAAE,KAAK,EAAE,iBAAiB,EAAE,MAAM,EAAE,IAAI,EAAE;IAC/H,EAAE,KAAK,EAAE,2EAA2E,EAAE,KAAK,EAAE,mBAAmB,EAAE,MAAM,EAAE,IAAI,EAAE;CACjI,CAAC;AAEF,MAAM,YAAY,GAAmB;IACnC,EAAE,KAAK,EAAE,qDAAqD,EAAE,KAAK,EAAE,eAAe,EAAE,MAAM,EAAE,GAAG,EAAE;IACrG,EAAE,KAAK,EAAE,mCAAmC,EAAE,KAAK,EAAE,aAAa,EAAE,MAAM,EAAE,GAAG,EAAE;IACjF,EAAE,KAAK,EAAE,yDAAyD,EAAE,KAAK,EAAE,cAAc,EAAE,MAAM,EAAE,GAAG,EAAE;IACxG,EAAE,KAAK,EAAE,4CAA4C,EAAE,KAAK,EAAE,oBAAoB,EAAE,MAAM,EAAE,IAAI,EAAE;IAClG,EAAE,KAAK,EAAE,oFAAoF,EAAE,KAAK,EAAE,eAAe,EAAE,MAAM,EAAE,IAAI,EAAE;IACrI,EAAE,KAAK,EAAE,yEAAyE,EAAE,KAAK,EAAE,yBAAyB,EAAE,MAAM,EAAE,GAAG,EAAE;CACpI,CAAC;AAEF,MAAM,YAAY,GAAmB;IACnC,EAAE,KAAK,EAAE,wBAAwB,EAAE,KAAK,EAAE,sBAAsB,EAAE,MAAM,EAAE,GAAG,EAAE;IAC/E,EAAE,KAAK,EAAE,sBAAsB,EAAE,KAAK,EAAE,gBAAgB,EAAE,MAAM,EAAE,IAAI,EAAE;IACxE,EAAE,KAAK,EAAE,yBAAyB,EAAE,KAAK,EAAE,uBAAuB,EAAE,MAAM,EAAE,IAAI,EAAE;IAClF,EAAE,KAAK,EAAE,yBAAyB,EAAE,KAAK,EAAE,oBAAoB,EAAE,MAAM,EAAE,IAAI,EAAE;IAC/E,EAAE,KAAK,EAAE,+BAA+B,EAAE,KAAK,EAAE,cAAc,EAAE,MAAM,EAAE,GAAG,EAAE;IAC9E,EAAE,KAAK,EAAE,8BAA8B,EAAE,KAAK,EAAE,aAAa,EAAE,MAAM,EAAE,GAAG,EAAE;IAC5E,EAAE,KAAK,EAAE,oDAAoD,EAAE,KAAK,EAAE,kBAAkB,EAAE,MAAM,EAAE,IAAI,EAAE;IACxG,EAAE,KAAK,EAAE,mFAAmF,EAAE,KAAK,EAAE,2BAA2B,EAAE,MAAM,EAAE,IAAI,EAAE;IAChJ,EAAE,KAAK,EAAE,6CAA6C,EAAE,KAAK,EAAE,aAAa,EAAE,MAAM,EAAE,IAAI,EAAE;IAC5F,EAAE,KAAK,EAAE,mCAAmC,EAAE,KAAK,EAAE,cAAc,EAAE,MAAM,EAAE,GAAG,EAAE;CACnF,CAAC;AAEF,MAAM,YAAY,GAAmB;IACnC,EAAE,KAAK,EAAE,uEAAuE,EAAE,KAAK,EAAE,wBAAwB,EAAE,MAAM,EAAE,GAAG,EAAE;IAChI,EAAE,KAAK,EAAE,yEAAyE,EAAE,KAAK,EAAE,4BAA4B,EAAE,MAAM,EAAE,GAAG,EAAE;IACtI,EAAE,KAAK,EAAE,gFAAgF,EAAE,KAAK,EAAE,yBAAyB,EAAE,MAAM,EAAE,IAAI,EAAE;IAC3I,EAAE,KAAK,EAAE,8BAA8B,EAAE,KAAK,EAAE,eAAe,EAAE,MAAM,EAAE,GAAG,EAAE;CAC/E,CAAC;AAEF,MAAM,YAAY,GAAmB;IACnC,EAAE,KAAK,EAAE,wFAAwF,EAAE,KAAK,EAAE,0BAA0B,EAAE,MAAM,EAAE,GAAG,EAAE;IACnJ,EAAE,KAAK,EAAE,2DAA2D,EAAE,KAAK,EAAE,uBAAuB,EAAE,MAAM,EAAE,GAAG,EAAE;IACnH,EAAE,KAAK,EAAE,oEAAoE,EAAE,KAAK,EAAE,cAAc,EAAE,MAAM,EAAE,IAAI,EAAE;IACpH,EAAE,KAAK,EAAE,yCAAyC,EAAE,KAAK,EAAE,kBAAkB,EAAE,MAAM,EAAE,GAAG,EAAE;CAC7F,CAAC;AAEF,8EAA8E;AAC9E,mBAAmB;AACnB,8EAA8E;AAE9E,MAAM,WAAW,GAAmC;IAClD,GAAG,EAAE,YAAY;IACjB,GAAG,EAAE,YAAY;IACjB,GAAG,EAAE,YAAY;IACjB,GAAG,EAAE,YAAY;IACjB,GAAG,EAAE,YAAY;IACjB,GAAG,EAAE,YAAY;IACjB,GAAG,EAAE,YAAY;IACjB,GAAG,EAAE,YAAY;IACjB,GAAG,EAAE,YAAY;IACjB,GAAG,EAAE,YAAY;CAClB,CAAC;AAEF,8EAA8E;AAC9E,+CAA+C;AAC/C,8EAA8E;AAE9E,SAAS,WAAW,CAAC,QAAmB;IACtC,MAAM,KAAK,GAAa,EAAE,CAAC;IAE3B,KAAK,MAAM,GAAG,IAAI,QAAQ,EAAE,CAAC;QAC3B,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;YAC5B,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YAChB,SAAS;QACX,CAAC;QACD,IAAI,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;YACnC,MAAM,CAAC,GAAG,GAA8B,CAAC;YACzC,IAAI,OAAO,CAAC,CAAC,OAAO,KAAK,QAAQ,EAAE,CAAC;gBAClC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;YACxB,CAAC;iBAAM,IAAI,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC;gBACpC,KAAK,MAAM,KAAK,IAAI,CAAC,CAAC,OAAO,EAAE,CAAC;oBAC9B,IAAI,OAAO,KAAK,KAAK,QAAQ;wBAAE,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;yBAC5C,IAAI,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;wBAC5C,MAAM,CAAC,GAAG,KAAgC,CAAC;wBAC3C,IAAI,OAAO,CAAC,CAAC,IAAI,KAAK,QAAQ;4BAAE,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;oBACrD,CAAC;gBACH,CAAC;YACH,CAAC;YACD,IAAI,OAAO,CAAC,CAAC,IAAI,KAAK,QAAQ;gBAAE,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;QACrD,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED,8EAA8E;AAC9E,aAAa;AACb,8EAA8E;AAE9E,MAAM,UAAU,IAAI,CAClB,QAAmB,EACnB,QAAsB;IAEtB,MAAM,KAAK,GAAG,WAAW,CAAC,GAAG,EAAE,CAAC;IAChC,MAAM,IAAI,GAAG,WAAW,CAAC,QAAQ,CAAC,CAAC;IACnC,MAAM,QAAQ,GAAc,EAAE,CAAC;IAC/B,MAAM,UAAU,GAAG,IAAI,GAAG,EAAU,CAAC;IACrC,IAAI,SAAS,GAAG,CAAC,CAAC;IAElB,MAAM,eAAe,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;IAE5D,KAAK,MAAM,OAAO,IAAI,eAAe,EAAE,CAAC;QACtC,MAAM,QAAQ,GAAG,WAAW,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QAChD,IAAI,CAAC,QAAQ;YAAE,SAAS;QAExB,KAAK,MAAM,KAAK,IAAI,QAAQ,EAAE,CAAC;YAC7B,IAAI,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC3B,QAAQ,CAAC,IAAI,CAAC;oBACZ,OAAO,EAAE,OAAO,CAAC,SAAS;oBAC1B,IAAI,EAAE,OAAO,CAAC,IAAI;oBAClB,WAAW,EAAE,aAAa,KAAK,CAAC,KAAK,EAAE;iBACxC,CAAC,CAAC;gBACH,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;gBAClC,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,SAAS,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;YAChD,CAAC;QACH,CAAC;IACH,CAAC;IAED,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,WAAW,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC,GAAG,GAAG,CAAC,GAAG,GAAG,CAAC;IACtE,MAAM,IAAI,GAAG,QAAQ,CAAC,MAAM,KAAK,CAAC,CAAC;IAEnC,OAAO;QACL,IAAI;QACJ,OAAO,EAAE,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ;QACjC,UAAU,EAAE,CAAC,GAAG,UAAU,CAAC;QAC3B,iBAAiB,EAAE,IAAI,CAAC,KAAK,CAAC,SAAS,GAAG,GAAG,CAAC,GAAG,GAAG;QACpD,QAAQ;QACR,UAAU,EAAE,SAAS;QACrB,UAAU,EAAE,MAAM,CAAC,UAAU,EAAE;KAChC,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,cAAc,CAAC,OAAe;IAU5C,MAAM,WAAW,GAAG,CAAC,GAAG,YAAY,EAAE,GAAG,YAAY,EAAE,GAAG,YAAY,CAAC,CAAC;IACxE,MAAM,OAAO,GAIR,EAAE,CAAC;IACR,IAAI,SAAS,GAAG,CAAC,CAAC;IAElB,KAAK,MAAM,KAAK,IAAI,WAAW,EAAE,CAAC;QAChC,MAAM,MAAM,GAAG,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACzC,IAAI,MAAM,EAAE,CAAC;YACX,OAAO,CAAC,IAAI,CAAC;gBACX,iBAAiB,EAAE,MAAM,CAAC,CAAC,CAAC;gBAC5B,MAAM,EAAE,KAAK,CAAC,KAAK;gBACnB,UAAU,EAAE,KAAK,CAAC,MAAM;aACzB,CAAC,CAAC;YACH,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,SAAS,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;QAChD,CAAC;IACH,CAAC;IAED,MAAM,WAAW,GAAG,OAAO,CAAC,MAAM,GAAG,CAAC,IAAI,SAAS,IAAI,GAAG,CAAC;IAE3D,OAAO;QACL,WAAW;QACX,UAAU,EAAE,SAAS;QACrB,MAAM,EAAE,WAAW;YACjB,CAAC,CAAC,YAAY,OAAO,CAAC,MAAM,0BAA0B,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;YAC/F,CAAC,CAAC,uBAAuB;QAC3B,QAAQ,EAAE,OAAO;KAClB,CAAC;AACJ,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":""}

package/dist/index.js

@@ -0,0 +1,40 @@
+import express from "express";
+import cors from "cors";
+import helmet from "helmet";
+import morgan from "morgan";
+import { initDb } from "./db.js";
+import { healthRouter } from "./routes/health.js";
+import { registerRouter } from "./routes/register.js";
+import { accountRouter } from "./routes/account.js";
+import { detectRouter } from "./routes/detect.js";
+import { behaviorRouter } from "./routes/behavior.js";
+import { toolCheckRouter } from "./routes/tool-check.js";
+const app = express();
+const PORT = parseInt(process.env.CORE_PORT || "53666", 10);
+initDb();
+app.use(helmet({ contentSecurityPolicy: false }));
+app.use(cors());
+app.use(morgan("short"));
+app.use(express.json({ limit: "5mb" }));
+app.use("/", healthRouter);
+app.use("/api/v1/agents", registerRouter);
+app.use("/api/v1", accountRouter);
+app.use("/v1", detectRouter);
+app.use("/api/v1/behavior", behaviorRouter);
+app.use("/api/check", toolCheckRouter);
+app.use((err, _req, res, _next) => {
+    console.error("Unhandled error:", err);
+    res.status(500).json({ success: false, error: "Internal server error" });
+});
+app.listen(PORT, () => {
+    console.log(`OpenTrust Core running on port ${PORT}`);
+    console.log(`Endpoints:`);
+    console.log(`  GET  /health`);
+    console.log(`  POST /api/v1/agents/register`);
+    console.log(`  GET  /api/v1/account`);
+    console.log(`  GET  /api/v1/accounts`);
+    console.log(`  POST /v1/detect`);
+    console.log(`  POST /api/v1/behavior/assess`);
+    console.log(`  POST /api/check/tool-call`);
+});
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,OAAO,MAAM,SAAS,CAAC;AAC9B,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,MAAM,MAAM,QAAQ,CAAC;AAC5B,OAAO,MAAM,MAAM,QAAQ,CAAC;AAC5B,OAAO,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AACjC,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AAEzD,MAAM,GAAG,GAAG,OAAO,EAAE,CAAC;AACtB,MAAM,IAAI,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,SAAS,IAAI,OAAO,EAAE,EAAE,CAAC,CAAC;AAE5D,MAAM,EAAE,CAAC;AAET,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,qBAAqB,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC;AAClD,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC;AAChB,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC;AACzB,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC;AAExC,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,YAAY,CAAC,CAAC;AAC3B,GAAG,CAAC,GAAG,CAAC,gBAAgB,EAAE,cAAc,CAAC,CAAC;AAC1C,GAAG,CAAC,GAAG,CAAC,SAAS,EAAE,aAAa,CAAC,CAAC;AAClC,GAAG,CAAC,GAAG,CAAC,KAAK,EAAE,YAAY,CAAC,CAAC;AAC7B,GAAG,CAAC,GAAG,CAAC,kBAAkB,EAAE,cAAc,CAAC,CAAC;AAC5C,GAAG,CAAC,GAAG,CAAC,YAAY,EAAE,eAAe,CAAC,CAAC;AAEvC,GAAG,CAAC,GAAG,CACL,CACE,GAAU,EACV,IAAqB,EACrB,GAAqB,EACrB,KAA2B,EAC3B,EAAE;IACF,OAAO,CAAC,KAAK,CAAC,kBAAkB,EAAE,GAAG,CAAC,CAAC;IACvC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,uBAAuB,EAAE,CAAC,CAAC;AAC3E,CAAC,CACF,CAAC;AAEF,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,GAAG,EAAE;IACpB,OAAO,CAAC,GAAG,CAAC,kCAAkC,IAAI,EAAE,CAAC,CAAC;IACtD,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;IAC1B,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;IAC9B,OAAO,CAAC,GAAG,CAAC,gCAAgC,CAAC,CAAC;IAC9C,OAAO,CAAC,GAAG,CAAC,wBAAwB,CAAC,CAAC;IACtC,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC,CAAC;IACvC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAC;IACjC,OAAO,CAAC,GAAG,CAAC,gCAAgC,CAAC,CAAC;IAC9C,OAAO,CAAC,GAAG,CAAC,6BAA6B,CAAC,CAAC;AAC7C,CAAC,CAAC,CAAC"}

package/dist/routes/account.d.ts

@@ -0,0 +1,2 @@
+export declare const accountRouter: import("express-serve-static-core").Router;
+//# sourceMappingURL=account.d.ts.map

package/dist/routes/account.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"account.d.ts","sourceRoot":"","sources":["../../src/routes/account.ts"],"names":[],"mappings":"AAKA,eAAO,MAAM,aAAa,4CAAW,CAAC"}

package/dist/routes/account.js

@@ -0,0 +1,52 @@
+import { Router } from "express";
+import { getDb } from "../db.js";
+import { requireAuth, extractApiKey, findAgentByKey } from "../utils/auth-middleware.js";
+import { maskApiKey } from "../utils/api-key.js";
+export const accountRouter = Router();
+/**
+ * GET /api/v1/account
+ * Returns the account info for the authenticated agent.
+ */
+accountRouter.get("/account", requireAuth, (_req, res) => {
+    const agent = res.locals.agent;
+    res.json({
+        success: true,
+        agentId: agent.id,
+        name: agent.name,
+        email: agent.email,
+        status: agent.status,
+        quotaTotal: agent.quota_total,
+        quotaUsed: agent.quota_used,
+        quotaRemaining: agent.quota_total - agent.quota_used,
+    });
+});
+/**
+ * GET /api/v1/accounts
+ * Returns all agents under the same email as the authenticated agent.
+ */
+accountRouter.get("/accounts", requireAuth, (req, res) => {
+    const apiKey = extractApiKey(req);
+    const agent = findAgentByKey(apiKey);
+    if (!agent) {
+        res.status(401).json({ success: false, error: "Invalid API key" });
+        return;
+    }
+    const db = getDb();
+    const agents = db
+        .prepare("SELECT * FROM agents WHERE email = ?")
+        .all(agent.email);
+    res.json({
+        success: true,
+        email: agent.email,
+        agents: agents.map((a) => ({
+            agentId: a.id,
+            name: a.name,
+            apiKeyMasked: maskApiKey(a.api_key),
+            status: a.status,
+            quotaTotal: a.quota_total,
+            quotaUsed: a.quota_used,
+            quotaRemaining: a.quota_total - a.quota_used,
+        })),
+    });
+});
+//# sourceMappingURL=account.js.map

package/dist/routes/account.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"account.js","sourceRoot":"","sources":["../../src/routes/account.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AACjC,OAAO,EAAE,KAAK,EAAE,MAAM,UAAU,CAAC;AACjC,OAAO,EAAE,WAAW,EAAE,aAAa,EAAE,cAAc,EAAiB,MAAM,6BAA6B,CAAC;AACxG,OAAO,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AAEjD,MAAM,CAAC,MAAM,aAAa,GAAG,MAAM,EAAE,CAAC;AAEtC;;;GAGG;AACH,aAAa,CAAC,GAAG,CAAC,UAAU,EAAE,WAAW,EAAE,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE;IACvD,MAAM,KAAK,GAAG,GAAG,CAAC,MAAM,CAAC,KAAiB,CAAC;IAE3C,GAAG,CAAC,IAAI,CAAC;QACP,OAAO,EAAE,IAAI;QACb,OAAO,EAAE,KAAK,CAAC,EAAE;QACjB,IAAI,EAAE,KAAK,CAAC,IAAI;QAChB,KAAK,EAAE,KAAK,CAAC,KAAK;QAClB,MAAM,EAAE,KAAK,CAAC,MAAM;QACpB,UAAU,EAAE,KAAK,CAAC,WAAW;QAC7B,SAAS,EAAE,KAAK,CAAC,UAAU;QAC3B,cAAc,EAAE,KAAK,CAAC,WAAW,GAAG,KAAK,CAAC,UAAU;KACrD,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH;;;GAGG;AACH,aAAa,CAAC,GAAG,CAAC,WAAW,EAAE,WAAW,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;IACvD,MAAM,MAAM,GAAG,aAAa,CAAC,GAAG,CAAE,CAAC;IACnC,MAAM,KAAK,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC;IACrC,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,iBAAiB,EAAE,CAAC,CAAC;QACnE,OAAO;IACT,CAAC;IAED,MAAM,EAAE,GAAG,KAAK,EAAE,CAAC;IACnB,MAAM,MAAM,GAAG,EAAE;SACd,OAAO,CAAC,sCAAsC,CAAC;SAC/C,GAAG,CAAC,KAAK,CAAC,KAAK,CAAe,CAAC;IAElC,GAAG,CAAC,IAAI,CAAC;QACP,OAAO,EAAE,IAAI;QACb,KAAK,EAAE,KAAK,CAAC,KAAK;QAClB,MAAM,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YACzB,OAAO,EAAE,CAAC,CAAC,EAAE;YACb,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,YAAY,EAAE,UAAU,CAAC,CAAC,CAAC,OAAO,CAAC;YACnC,MAAM,EAAE,CAAC,CAAC,MAAM;YAChB,UAAU,EAAE,CAAC,CAAC,WAAW;YACzB,SAAS,EAAE,CAAC,CAAC,UAAU;YACvB,cAAc,EAAE,CAAC,CAAC,WAAW,GAAG,CAAC,CAAC,UAAU;SAC7C,CAAC,CAAC;KACJ,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/routes/behavior.d.ts

@@ -0,0 +1,2 @@
+export declare const behaviorRouter: import("express-serve-static-core").Router;
+//# sourceMappingURL=behavior.d.ts.map

package/dist/routes/behavior.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"behavior.d.ts","sourceRoot":"","sources":["../../src/routes/behavior.ts"],"names":[],"mappings":"AAIA,eAAO,MAAM,cAAc,4CAAW,CAAC"}

package/dist/routes/behavior.js

@@ -0,0 +1,26 @@
+import { Router } from "express";
+import { requireAuth } from "../utils/auth-middleware.js";
+import { assessBehavior } from "../engine/behavior-rules.js";
+export const behaviorRouter = Router();
+/**
+ * POST /api/v1/behavior/assess
+ *
+ * Behavioral assessment for tool call sequences.
+ * Response wrapped in { success, data } to match client expectations.
+ */
+behaviorRouter.post("/assess", requireAuth, (req, res) => {
+    const body = req.body;
+    if (!body.agentId || !body.toolChain) {
+        res.status(400).json({
+            success: false,
+            error: "agentId and toolChain are required",
+        });
+        return;
+    }
+    const result = assessBehavior(body);
+    res.json({
+        success: true,
+        data: result,
+    });
+});
+//# sourceMappingURL=behavior.js.map

package/dist/routes/behavior.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"behavior.js","sourceRoot":"","sources":["../../src/routes/behavior.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AACjC,OAAO,EAAE,WAAW,EAAE,MAAM,6BAA6B,CAAC;AAC1D,OAAO,EAAE,cAAc,EAA8B,MAAM,6BAA6B,CAAC;AAEzF,MAAM,CAAC,MAAM,cAAc,GAAG,MAAM,EAAE,CAAC;AAEvC;;;;;GAKG;AACH,cAAc,CAAC,IAAI,CAAC,SAAS,EAAE,WAAW,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;IACvD,MAAM,IAAI,GAAG,GAAG,CAAC,IAA6B,CAAC;IAE/C,IAAI,CAAC,IAAI,CAAC,OAAO,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;QACrC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;YACnB,OAAO,EAAE,KAAK;YACd,KAAK,EAAE,oCAAoC;SAC5C,CAAC,CAAC;QACH,OAAO;IACT,CAAC;IAED,MAAM,MAAM,GAAG,cAAc,CAAC,IAAI,CAAC,CAAC;IAEpC,GAAG,CAAC,IAAI,CAAC;QACP,OAAO,EAAE,IAAI;QACb,IAAI,EAAE,MAAM;KACb,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/routes/detect.d.ts

@@ -0,0 +1,2 @@
+export declare const detectRouter: import("express-serve-static-core").Router;
+//# sourceMappingURL=detect.d.ts.map

package/dist/routes/detect.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"detect.d.ts","sourceRoot":"","sources":["../../src/routes/detect.ts"],"names":[],"mappings":"AAGA,eAAO,MAAM,YAAY,4CAAW,CAAC"}

package/dist/routes/detect.js

@@ -0,0 +1,32 @@
+import { Router } from "express";
+import { scan } from "../engine/scanner.js";
+export const detectRouter = Router();
+/**
+ * POST /v1/detect
+ *
+ * Content detection endpoint. Runs messages through S01-S10 scanners.
+ * Response wrapped in { success, data } to match existing client expectations.
+ */
+detectRouter.post("/detect", (req, res) => {
+    const { messages, scanners, format: _format, role: _role } = req.body;
+    if (!messages || !Array.isArray(messages) || messages.length === 0) {
+        res.status(400).json({
+            success: false,
+            error: "messages array is required and must not be empty",
+        });
+        return;
+    }
+    if (!scanners || !Array.isArray(scanners)) {
+        res.status(400).json({
+            success: false,
+            error: "scanners array is required",
+        });
+        return;
+    }
+    const result = scan(messages, scanners);
+    res.json({
+        success: true,
+        data: result,
+    });
+});
+//# sourceMappingURL=detect.js.map

package/dist/routes/detect.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"detect.js","sourceRoot":"","sources":["../../src/routes/detect.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AACjC,OAAO,EAAE,IAAI,EAAmB,MAAM,sBAAsB,CAAC;AAE7D,MAAM,CAAC,MAAM,YAAY,GAAG,MAAM,EAAE,CAAC;AAErC;;;;;GAKG;AACH,YAAY,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;IACxC,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,GAAG,CAAC,IAKhE,CAAC;IAEF,IAAI,CAAC,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACnE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;YACnB,OAAO,EAAE,KAAK;YACd,KAAK,EAAE,kDAAkD;SAC1D,CAAC,CAAC;QACH,OAAO;IACT,CAAC;IAED,IAAI,CAAC,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC1C,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;YACnB,OAAO,EAAE,KAAK;YACd,KAAK,EAAE,4BAA4B;SACpC,CAAC,CAAC;QACH,OAAO;IACT,CAAC;IAED,MAAM,MAAM,GAAG,IAAI,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;IAExC,GAAG,CAAC,IAAI,CAAC;QACP,OAAO,EAAE,IAAI;QACb,IAAI,EAAE,MAAM;KACb,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/routes/health.d.ts

@@ -0,0 +1,2 @@
+export declare const healthRouter: import("express-serve-static-core").Router;
+//# sourceMappingURL=health.d.ts.map

package/dist/routes/health.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"health.d.ts","sourceRoot":"","sources":["../../src/routes/health.ts"],"names":[],"mappings":"AAEA,eAAO,MAAM,YAAY,4CAAW,CAAC"}

package/dist/routes/health.js

@@ -0,0 +1,6 @@
+import { Router } from "express";
+export const healthRouter = Router();
+healthRouter.get("/health", (_req, res) => {
+    res.json({ status: "ok" });
+});
+//# sourceMappingURL=health.js.map

package/dist/routes/health.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"health.js","sourceRoot":"","sources":["../../src/routes/health.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AAEjC,MAAM,CAAC,MAAM,YAAY,GAAG,MAAM,EAAE,CAAC;AAErC,YAAY,CAAC,GAAG,CAAC,SAAS,EAAE,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE;IACxC,GAAG,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC;AAC7B,CAAC,CAAC,CAAC"}

package/dist/routes/register.d.ts

@@ -0,0 +1,2 @@
+export declare const registerRouter: import("express-serve-static-core").Router;
+//# sourceMappingURL=register.d.ts.map

package/dist/routes/register.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"register.d.ts","sourceRoot":"","sources":["../../src/routes/register.ts"],"names":[],"mappings":"AAIA,eAAO,MAAM,cAAc,4CAAW,CAAC"}

package/dist/routes/register.js

@@ -0,0 +1,28 @@
+import { Router } from "express";
+import { getDb } from "../db.js";
+import { generateApiKey, generateId } from "../utils/api-key.js";
+export const registerRouter = Router();
+registerRouter.post("/register", (req, res) => {
+    const { name, description } = req.body;
+    if (!name || typeof name !== "string" || name.trim().length === 0) {
+        res.status(400).json({ success: false, error: "name is required" });
+        return;
+    }
+    const id = generateId();
+    const apiKey = generateApiKey();
+    const desc = typeof description === "string" ? description : "";
+    const port = parseInt(process.env.CORE_PORT || "53666", 10);
+    const db = getDb();
+    db.prepare(`INSERT INTO agents (id, name, description, api_key, email, status)
+     VALUES (?, ?, ?, ?, 'dev@localhost', 'active')`).run(id, name.trim(), desc, apiKey);
+    res.json({
+        success: true,
+        agent: {
+            id,
+            api_key: apiKey,
+        },
+        activate_url: `http://localhost:${port}/activate/${id}`,
+        login_url: `http://localhost:${port}/login`,
+    });
+});
+//# sourceMappingURL=register.js.map

package/dist/routes/register.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"register.js","sourceRoot":"","sources":["../../src/routes/register.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AACjC,OAAO,EAAE,KAAK,EAAE,MAAM,UAAU,CAAC;AACjC,OAAO,EAAE,cAAc,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AAEjE,MAAM,CAAC,MAAM,cAAc,GAAG,MAAM,EAAE,CAAC;AAEvC,cAAc,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;IAC5C,MAAM,EAAE,IAAI,EAAE,WAAW,EAAE,GAAG,GAAG,CAAC,IAGjC,CAAC;IAEF,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAClE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,kBAAkB,EAAE,CAAC,CAAC;QACpE,OAAO;IACT,CAAC;IAED,MAAM,EAAE,GAAG,UAAU,EAAE,CAAC;IACxB,MAAM,MAAM,GAAG,cAAc,EAAE,CAAC;IAChC,MAAM,IAAI,GAAG,OAAO,WAAW,KAAK,QAAQ,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,EAAE,CAAC;IAChE,MAAM,IAAI,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,SAAS,IAAI,OAAO,EAAE,EAAE,CAAC,CAAC;IAE5D,MAAM,EAAE,GAAG,KAAK,EAAE,CAAC;IACnB,EAAE,CAAC,OAAO,CACR;oDACgD,CACjD,CAAC,GAAG,CAAC,EAAE,EAAE,IAAI,CAAC,IAAI,EAAE,EAAE,IAAI,EAAE,MAAM,CAAC,CAAC;IAErC,GAAG,CAAC,IAAI,CAAC;QACP,OAAO,EAAE,IAAI;QACb,KAAK,EAAE;YACL,EAAE;YACF,OAAO,EAAE,MAAM;SAChB;QACD,YAAY,EAAE,oBAAoB,IAAI,aAAa,EAAE,EAAE;QACvD,SAAS,EAAE,oBAAoB,IAAI,QAAQ;KAC5C,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/routes/tool-check.d.ts

@@ -0,0 +1,2 @@
+export declare const toolCheckRouter: import("express-serve-static-core").Router;
+//# sourceMappingURL=tool-check.d.ts.map

package/dist/routes/tool-check.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"tool-check.d.ts","sourceRoot":"","sources":["../../src/routes/tool-check.ts"],"names":[],"mappings":"AAGA,eAAO,MAAM,eAAe,4CAAW,CAAC"}

package/dist/routes/tool-check.js

@@ -0,0 +1,25 @@
+import { Router } from "express";
+import { checkInjection } from "../engine/scanner.js";
+export const toolCheckRouter = Router();
+/**
+ * POST /api/check/tool-call
+ *
+ * Legacy injection check endpoint. Checks content for prompt injection.
+ * Response uses { ok, verdict } format (different from other endpoints).
+ */
+toolCheckRouter.post("/tool-call", (req, res) => {
+    const { content } = req.body;
+    if (!content || typeof content !== "string") {
+        res.status(400).json({
+            ok: false,
+            error: "content string is required",
+        });
+        return;
+    }
+    const result = checkInjection(content);
+    res.json({
+        ok: true,
+        verdict: result,
+    });
+});
+//# sourceMappingURL=tool-check.js.map

package/dist/routes/tool-check.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"tool-check.js","sourceRoot":"","sources":["../../src/routes/tool-check.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AACjC,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAEtD,MAAM,CAAC,MAAM,eAAe,GAAG,MAAM,EAAE,CAAC;AAExC;;;;;GAKG;AACH,eAAe,CAAC,IAAI,CAAC,YAAY,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;IAC9C,MAAM,EAAE,OAAO,EAAE,GAAG,GAAG,CAAC,IAA6C,CAAC;IAEtE,IAAI,CAAC,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE,CAAC;QAC5C,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;YACnB,EAAE,EAAE,KAAK;YACT,KAAK,EAAE,4BAA4B;SACpC,CAAC,CAAC;QACH,OAAO;IACT,CAAC;IAED,MAAM,MAAM,GAAG,cAAc,CAAC,OAAO,CAAC,CAAC;IAEvC,GAAG,CAAC,IAAI,CAAC;QACP,EAAE,EAAE,IAAI;QACR,OAAO,EAAE,MAAM;KAChB,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/utils/api-key.d.ts

@@ -0,0 +1,4 @@
+export declare function generateApiKey(): string;
+export declare function generateId(): string;
+export declare function maskApiKey(key: string): string;
+//# sourceMappingURL=api-key.d.ts.map

package/dist/utils/api-key.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"api-key.d.ts","sourceRoot":"","sources":["../../src/utils/api-key.ts"],"names":[],"mappings":"AAEA,wBAAgB,cAAc,IAAI,MAAM,CAEvC;AAED,wBAAgB,UAAU,IAAI,MAAM,CAEnC;AAED,wBAAgB,UAAU,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAG9C"}

package/dist/utils/api-key.js

@@ -0,0 +1,13 @@
+import { randomBytes } from "node:crypto";
+export function generateApiKey() {
+    return `sk-og-${randomBytes(16).toString("hex")}`;
+}
+export function generateId() {
+    return randomBytes(16).toString("hex");
+}
+export function maskApiKey(key) {
+    if (key.length <= 12)
+        return key.slice(0, 6) + "...";
+    return key.slice(0, 9) + "..." + key.slice(-4);
+}
+//# sourceMappingURL=api-key.js.map

package/dist/utils/api-key.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"api-key.js","sourceRoot":"","sources":["../../src/utils/api-key.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAE1C,MAAM,UAAU,cAAc;IAC5B,OAAO,SAAS,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;AACpD,CAAC;AAED,MAAM,UAAU,UAAU;IACxB,OAAO,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;AACzC,CAAC;AAED,MAAM,UAAU,UAAU,CAAC,GAAW;IACpC,IAAI,GAAG,CAAC,MAAM,IAAI,EAAE;QAAE,OAAO,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,KAAK,CAAC;IACrD,OAAO,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;AACjD,CAAC"}

package/dist/utils/auth-middleware.d.ts

@@ -0,0 +1,26 @@
+import type { Request, Response, NextFunction } from "express";
+export interface AgentRow {
+    id: string;
+    name: string;
+    description: string;
+    api_key: string;
+    email: string;
+    status: string;
+    quota_total: number;
+    quota_used: number;
+    created_at: string;
+}
+/**
+ * Extracts Bearer token from Authorization header.
+ */
+export declare function extractApiKey(req: Request): string | null;
+/**
+ * Looks up an agent by API key.
+ */
+export declare function findAgentByKey(apiKey: string): AgentRow | undefined;
+/**
+ * Middleware that requires a valid Bearer API key.
+ * Attaches the agent to res.locals.agent.
+ */
+export declare function requireAuth(req: Request, res: Response, next: NextFunction): void;
+//# sourceMappingURL=auth-middleware.d.ts.map

package/dist/utils/auth-middleware.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth-middleware.d.ts","sourceRoot":"","sources":["../../src/utils/auth-middleware.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAG/D,MAAM,WAAW,QAAQ;IACvB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;IACf,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED;;GAEG;AACH,wBAAgB,aAAa,CAAC,GAAG,EAAE,OAAO,GAAG,MAAM,GAAG,IAAI,CAIzD;AAED;;GAEG;AACH,wBAAgB,cAAc,CAAC,MAAM,EAAE,MAAM,GAAG,QAAQ,GAAG,SAAS,CAKnE;AAED;;;GAGG;AACH,wBAAgB,WAAW,CACzB,GAAG,EAAE,OAAO,EACZ,GAAG,EAAE,QAAQ,EACb,IAAI,EAAE,YAAY,GACjB,IAAI,CAgBN"}

package/dist/utils/auth-middleware.js

@@ -0,0 +1,38 @@
+import { getDb } from "../db.js";
+/**
+ * Extracts Bearer token from Authorization header.
+ */
+export function extractApiKey(req) {
+    const header = req.headers.authorization;
+    if (!header)
+        return null;
+    return header.replace("Bearer ", "");
+}
+/**
+ * Looks up an agent by API key.
+ */
+export function findAgentByKey(apiKey) {
+    const db = getDb();
+    return db
+        .prepare("SELECT * FROM agents WHERE api_key = ?")
+        .get(apiKey);
+}
+/**
+ * Middleware that requires a valid Bearer API key.
+ * Attaches the agent to res.locals.agent.
+ */
+export function requireAuth(req, res, next) {
+    const apiKey = extractApiKey(req);
+    if (!apiKey?.startsWith("sk-og-")) {
+        res.status(401).json({ success: false, error: "Not authenticated" });
+        return;
+    }
+    const agent = findAgentByKey(apiKey);
+    if (!agent) {
+        res.status(401).json({ success: false, error: "Invalid API key" });
+        return;
+    }
+    res.locals.agent = agent;
+    next();
+}
+//# sourceMappingURL=auth-middleware.js.map

package/dist/utils/auth-middleware.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth-middleware.js","sourceRoot":"","sources":["../../src/utils/auth-middleware.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,KAAK,EAAE,MAAM,UAAU,CAAC;AAcjC;;GAEG;AACH,MAAM,UAAU,aAAa,CAAC,GAAY;IACxC,MAAM,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC,aAAa,CAAC;IACzC,IAAI,CAAC,MAAM;QAAE,OAAO,IAAI,CAAC;IACzB,OAAO,MAAM,CAAC,OAAO,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;AACvC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,cAAc,CAAC,MAAc;IAC3C,MAAM,EAAE,GAAG,KAAK,EAAE,CAAC;IACnB,OAAO,EAAE;SACN,OAAO,CAAC,wCAAwC,CAAC;SACjD,GAAG,CAAC,MAAM,CAAyB,CAAC;AACzC,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,WAAW,CACzB,GAAY,EACZ,GAAa,EACb,IAAkB;IAElB,MAAM,MAAM,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC;IAElC,IAAI,CAAC,MAAM,EAAE,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;QAClC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,mBAAmB,EAAE,CAAC,CAAC;QACrE,OAAO;IACT,CAAC;IAED,MAAM,KAAK,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC;IACrC,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,iBAAiB,EAAE,CAAC,CAAC;QACnE,OAAO;IACT,CAAC;IAED,GAAG,CAAC,MAAM,CAAC,KAAK,GAAG,KAAK,CAAC;IACzB,IAAI,EAAE,CAAC;AACT,CAAC"}

package/package.json

@@ -0,0 +1,45 @@
+{
+  "name": "@opentrust/core",
+  "version": "7.1.0",
+  "description": "OpenTrust Core — AI Agent security engine with content detection and behavior assessment",
+  "type": "module",
+  "main": "dist/index.js",
+  "bin": {
+    "opentrust-core": "dist/index.js"
+  },
+  "files": [
+    "dist"
+  ],
+  "scripts": {
+    "build": "tsc",
+    "dev": "tsx watch src/index.ts",
+    "start": "node dist/index.js",
+    "typecheck": "tsc --noEmit",
+    "prepublishOnly": "npm run build"
+  },
+  "dependencies": {
+    "better-sqlite3": "^11.0.0",
+    "cors": "^2.8.5",
+    "express": "^4.21.0",
+    "helmet": "^8.0.0",
+    "morgan": "^1.10.0"
+  },
+  "devDependencies": {
+    "@types/better-sqlite3": "^7.6.0",
+    "@types/cors": "^2.8.17",
+    "@types/express": "^5.0.0",
+    "@types/morgan": "^1.9.9",
+    "@types/node": "^22.0.0",
+    "tsx": "^4.19.0",
+    "typescript": "^5.7.0"
+  },
+  "keywords": ["opentrust", "ai-security", "agent-security", "content-detection", "behavior-assessment"],
+  "homepage": "https://github.com/opentrust/opentrust#readme",
+  "repository": { "type": "git", "url": "git+https://github.com/opentrust/opentrust.git", "directory": "core" },
+  "publishConfig": { "access": "public" },
+  "author": "OpenTrust",
+  "license": "Apache-2.0",
+  "engines": {
+    "node": ">=18"
+  }
+}