@safebrowse/daemon 0.1.2-rc.1 → 0.1.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +15 -15
- package/README.md +31 -31
- package/dist/cli.js +9 -9
- package/dist/runtime/knowledge_base/safebrowse_vf_action_integrity_patterns.json +1411 -1411
- package/dist/runtime/knowledge_base/safebrowse_vf_artifact_surface_patterns.json +891 -891
- package/dist/runtime/knowledge_base/safebrowse_vf_evaluation_scenarios.json +217 -217
- package/dist/runtime/knowledge_base/safebrowse_vf_incident_response_playbooks.json +209 -209
- package/dist/runtime/knowledge_base/safebrowse_vf_knowledge_base_index.json +143 -143
- package/dist/runtime/knowledge_base/safebrowse_vf_knowledge_base_index.json.sig +1 -1
- package/dist/runtime/knowledge_base/safebrowse_vf_knowledge_bases.zip.sig +1 -1
- package/dist/runtime/knowledge_base/safebrowse_vf_memory_context_poisoning_patterns.json +803 -803
- package/dist/runtime/knowledge_base/safebrowse_vf_policy_controls_catalog.json +686 -686
- package/dist/runtime/knowledge_base/safebrowse_vf_prompt_injection_patterns.json +9930 -9930
- package/dist/runtime/knowledge_base/safebrowse_vf_source_registry.json +345 -345
- package/dist/runtime/knowledge_base/safebrowse_vf_tool_protocol_supply_chain_patterns.json +879 -879
- package/dist/runtime/knowledge_base/safebrowse_vf_trust_signals_provenance.json +480 -480
- package/dist/runtime/knowledge_base/signing/safebrowse_vf_ed25519_public.pem +3 -3
- package/dist/runtime/policies/base/research.yaml +43 -43
- package/dist/runtime/policies/emergency/default.yaml +14 -14
- package/dist/runtime/policies/project/default.yaml +13 -13
- package/dist/runtime/policies/tenant/default.yaml +12 -12
- package/package.json +53 -53
|
@@ -1,143 +1,143 @@
|
|
|
1
|
-
{
|
|
2
|
-
"kb_meta": {
|
|
3
|
-
"suite_name": "SafeBrowse SDK vf knowledge bundle",
|
|
4
|
-
"suite_version": "vf-final",
|
|
5
|
-
"generated_on": "2026-03-28",
|
|
6
|
-
"generated_by": "OpenAI ChatGPT",
|
|
7
|
-
"design_intent": "Separate hot-path and warm-path safety knowledge so consuming projects can adopt lightweight enforcement without loading a single monolithic threat base.",
|
|
8
|
-
"notes": [
|
|
9
|
-
"The bundle is designed for a framework-only SDK that mediates browsing observations and actions but does not browse by itself.",
|
|
10
|
-
"Each pack can be versioned independently and loaded lazily according to enabled modules."
|
|
11
|
-
]
|
|
12
|
-
},
|
|
13
|
-
"knowledge_bases": [
|
|
14
|
-
{
|
|
15
|
-
"kb_id": "KB_PROMPT_INJECTION",
|
|
16
|
-
"name": "Prompt injection patterns",
|
|
17
|
-
"file_name": "safebrowse_vf_prompt_injection_patterns.json",
|
|
18
|
-
"purpose": "Content-level and social-engineering prompt injection patterns for observation sanitization and prompt attack triage.",
|
|
19
|
-
"hot_path": true,
|
|
20
|
-
"consumer_modules": [
|
|
21
|
-
"PromptInjectionGuard",
|
|
22
|
-
"ObservationSanitizer",
|
|
23
|
-
"ActionIntegrityFirewall"
|
|
24
|
-
],
|
|
25
|
-
"entry_count": 174
|
|
26
|
-
},
|
|
27
|
-
{
|
|
28
|
-
"kb_id": "KB_ACTION_INTEGRITY",
|
|
29
|
-
"name": "Action integrity patterns",
|
|
30
|
-
"file_name": "safebrowse_vf_action_integrity_patterns.json",
|
|
31
|
-
"purpose": "Action drift and misalignment patterns for deterministic gating and metadata-only critics.",
|
|
32
|
-
"hot_path": true,
|
|
33
|
-
"consumer_modules": [
|
|
34
|
-
"ActionIntegrityFirewall"
|
|
35
|
-
],
|
|
36
|
-
"entry_count": 50
|
|
37
|
-
},
|
|
38
|
-
{
|
|
39
|
-
"kb_id": "KB_ARTIFACT_SURFACE",
|
|
40
|
-
"name": "Artifact and non-standard surface patterns",
|
|
41
|
-
"file_name": "safebrowse_vf_artifact_surface_patterns.json",
|
|
42
|
-
"purpose": "Document viewers, PDFs, OCR, hidden layers, and other web artifact patterns for safe handoff.",
|
|
43
|
-
"hot_path": true,
|
|
44
|
-
"consumer_modules": [
|
|
45
|
-
"ArtifactSurfaceGuard",
|
|
46
|
-
"ObservationSanitizer",
|
|
47
|
-
"ArtifactHandoffBroker"
|
|
48
|
-
],
|
|
49
|
-
"entry_count": 40
|
|
50
|
-
},
|
|
51
|
-
{
|
|
52
|
-
"kb_id": "KB_TOOL_PROTOCOL",
|
|
53
|
-
"name": "Tool, protocol, and supply-chain patterns",
|
|
54
|
-
"file_name": "safebrowse_vf_tool_protocol_supply_chain_patterns.json",
|
|
55
|
-
"purpose": "Tool manifest, MCP/OAuth, SSRF, and supply-chain threat patterns.",
|
|
56
|
-
"hot_path": true,
|
|
57
|
-
"consumer_modules": [
|
|
58
|
-
"ToolProtocolGuard",
|
|
59
|
-
"PolicyEngine",
|
|
60
|
-
"AdapterRegistry"
|
|
61
|
-
],
|
|
62
|
-
"entry_count": 40
|
|
63
|
-
},
|
|
64
|
-
{
|
|
65
|
-
"kb_id": "KB_MEMORY_CONTEXT",
|
|
66
|
-
"name": "Memory and context poisoning patterns",
|
|
67
|
-
"file_name": "safebrowse_vf_memory_context_poisoning_patterns.json",
|
|
68
|
-
"purpose": "Persistent memory poisoning, summary corruption, and retrieval contamination patterns.",
|
|
69
|
-
"hot_path": false,
|
|
70
|
-
"consumer_modules": [
|
|
71
|
-
"MemoryContextGuard",
|
|
72
|
-
"RetrievalCorroborator",
|
|
73
|
-
"SessionManager"
|
|
74
|
-
],
|
|
75
|
-
"entry_count": 36
|
|
76
|
-
},
|
|
77
|
-
{
|
|
78
|
-
"kb_id": "KB_TRUST_SIGNALS",
|
|
79
|
-
"name": "Trust signals and provenance catalog",
|
|
80
|
-
"file_name": "safebrowse_vf_trust_signals_provenance.json",
|
|
81
|
-
"purpose": "Normalized provenance and trust fields that every observation, artifact, and action should carry.",
|
|
82
|
-
"hot_path": true,
|
|
83
|
-
"consumer_modules": [
|
|
84
|
-
"All policy modules",
|
|
85
|
-
"Telemetry",
|
|
86
|
-
"Replay"
|
|
87
|
-
],
|
|
88
|
-
"entry_count": 28
|
|
89
|
-
},
|
|
90
|
-
{
|
|
91
|
-
"kb_id": "KB_POLICY_CONTROLS",
|
|
92
|
-
"name": "Policy controls catalog",
|
|
93
|
-
"file_name": "safebrowse_vf_policy_controls_catalog.json",
|
|
94
|
-
"purpose": "Canonical control definitions and deployment recommendations.",
|
|
95
|
-
"hot_path": false,
|
|
96
|
-
"consumer_modules": [
|
|
97
|
-
"PolicyEngine",
|
|
98
|
-
"PolicyCompiler",
|
|
99
|
-
"Docs/CLI generators"
|
|
100
|
-
],
|
|
101
|
-
"entry_count": 45
|
|
102
|
-
},
|
|
103
|
-
{
|
|
104
|
-
"kb_id": "KB_INCIDENT_RESPONSE",
|
|
105
|
-
"name": "Incident response playbooks",
|
|
106
|
-
"file_name": "safebrowse_vf_incident_response_playbooks.json",
|
|
107
|
-
"purpose": "Default containment, rollback, quarantine, and forensic response actions.",
|
|
108
|
-
"hot_path": false,
|
|
109
|
-
"consumer_modules": [
|
|
110
|
-
"IncidentResponder",
|
|
111
|
-
"SOC integration",
|
|
112
|
-
"Replay"
|
|
113
|
-
],
|
|
114
|
-
"entry_count": 18
|
|
115
|
-
},
|
|
116
|
-
{
|
|
117
|
-
"kb_id": "KB_EVALUATION",
|
|
118
|
-
"name": "Evaluation and red-team scenarios",
|
|
119
|
-
"file_name": "safebrowse_vf_evaluation_scenarios.json",
|
|
120
|
-
"purpose": "Benchmark-aligned scenarios, metrics, and harness recommendations.",
|
|
121
|
-
"hot_path": false,
|
|
122
|
-
"consumer_modules": [
|
|
123
|
-
"QA",
|
|
124
|
-
"Benchmark harness",
|
|
125
|
-
"Red-team pipelines"
|
|
126
|
-
],
|
|
127
|
-
"entry_count": 10
|
|
128
|
-
},
|
|
129
|
-
{
|
|
130
|
-
"kb_id": "KB_SOURCE_REGISTRY",
|
|
131
|
-
"name": "Source registry",
|
|
132
|
-
"file_name": "safebrowse_vf_source_registry.json",
|
|
133
|
-
"purpose": "Traceable research sources and credibility metadata for the KB packs.",
|
|
134
|
-
"hot_path": false,
|
|
135
|
-
"consumer_modules": [
|
|
136
|
-
"KB management",
|
|
137
|
-
"Governance",
|
|
138
|
-
"Docs"
|
|
139
|
-
],
|
|
140
|
-
"entry_count": 30
|
|
141
|
-
}
|
|
142
|
-
]
|
|
143
|
-
}
|
|
1
|
+
{
|
|
2
|
+
"kb_meta": {
|
|
3
|
+
"suite_name": "SafeBrowse SDK vf knowledge bundle",
|
|
4
|
+
"suite_version": "vf-final",
|
|
5
|
+
"generated_on": "2026-03-28",
|
|
6
|
+
"generated_by": "OpenAI ChatGPT",
|
|
7
|
+
"design_intent": "Separate hot-path and warm-path safety knowledge so consuming projects can adopt lightweight enforcement without loading a single monolithic threat base.",
|
|
8
|
+
"notes": [
|
|
9
|
+
"The bundle is designed for a framework-only SDK that mediates browsing observations and actions but does not browse by itself.",
|
|
10
|
+
"Each pack can be versioned independently and loaded lazily according to enabled modules."
|
|
11
|
+
]
|
|
12
|
+
},
|
|
13
|
+
"knowledge_bases": [
|
|
14
|
+
{
|
|
15
|
+
"kb_id": "KB_PROMPT_INJECTION",
|
|
16
|
+
"name": "Prompt injection patterns",
|
|
17
|
+
"file_name": "safebrowse_vf_prompt_injection_patterns.json",
|
|
18
|
+
"purpose": "Content-level and social-engineering prompt injection patterns for observation sanitization and prompt attack triage.",
|
|
19
|
+
"hot_path": true,
|
|
20
|
+
"consumer_modules": [
|
|
21
|
+
"PromptInjectionGuard",
|
|
22
|
+
"ObservationSanitizer",
|
|
23
|
+
"ActionIntegrityFirewall"
|
|
24
|
+
],
|
|
25
|
+
"entry_count": 174
|
|
26
|
+
},
|
|
27
|
+
{
|
|
28
|
+
"kb_id": "KB_ACTION_INTEGRITY",
|
|
29
|
+
"name": "Action integrity patterns",
|
|
30
|
+
"file_name": "safebrowse_vf_action_integrity_patterns.json",
|
|
31
|
+
"purpose": "Action drift and misalignment patterns for deterministic gating and metadata-only critics.",
|
|
32
|
+
"hot_path": true,
|
|
33
|
+
"consumer_modules": [
|
|
34
|
+
"ActionIntegrityFirewall"
|
|
35
|
+
],
|
|
36
|
+
"entry_count": 50
|
|
37
|
+
},
|
|
38
|
+
{
|
|
39
|
+
"kb_id": "KB_ARTIFACT_SURFACE",
|
|
40
|
+
"name": "Artifact and non-standard surface patterns",
|
|
41
|
+
"file_name": "safebrowse_vf_artifact_surface_patterns.json",
|
|
42
|
+
"purpose": "Document viewers, PDFs, OCR, hidden layers, and other web artifact patterns for safe handoff.",
|
|
43
|
+
"hot_path": true,
|
|
44
|
+
"consumer_modules": [
|
|
45
|
+
"ArtifactSurfaceGuard",
|
|
46
|
+
"ObservationSanitizer",
|
|
47
|
+
"ArtifactHandoffBroker"
|
|
48
|
+
],
|
|
49
|
+
"entry_count": 40
|
|
50
|
+
},
|
|
51
|
+
{
|
|
52
|
+
"kb_id": "KB_TOOL_PROTOCOL",
|
|
53
|
+
"name": "Tool, protocol, and supply-chain patterns",
|
|
54
|
+
"file_name": "safebrowse_vf_tool_protocol_supply_chain_patterns.json",
|
|
55
|
+
"purpose": "Tool manifest, MCP/OAuth, SSRF, and supply-chain threat patterns.",
|
|
56
|
+
"hot_path": true,
|
|
57
|
+
"consumer_modules": [
|
|
58
|
+
"ToolProtocolGuard",
|
|
59
|
+
"PolicyEngine",
|
|
60
|
+
"AdapterRegistry"
|
|
61
|
+
],
|
|
62
|
+
"entry_count": 40
|
|
63
|
+
},
|
|
64
|
+
{
|
|
65
|
+
"kb_id": "KB_MEMORY_CONTEXT",
|
|
66
|
+
"name": "Memory and context poisoning patterns",
|
|
67
|
+
"file_name": "safebrowse_vf_memory_context_poisoning_patterns.json",
|
|
68
|
+
"purpose": "Persistent memory poisoning, summary corruption, and retrieval contamination patterns.",
|
|
69
|
+
"hot_path": false,
|
|
70
|
+
"consumer_modules": [
|
|
71
|
+
"MemoryContextGuard",
|
|
72
|
+
"RetrievalCorroborator",
|
|
73
|
+
"SessionManager"
|
|
74
|
+
],
|
|
75
|
+
"entry_count": 36
|
|
76
|
+
},
|
|
77
|
+
{
|
|
78
|
+
"kb_id": "KB_TRUST_SIGNALS",
|
|
79
|
+
"name": "Trust signals and provenance catalog",
|
|
80
|
+
"file_name": "safebrowse_vf_trust_signals_provenance.json",
|
|
81
|
+
"purpose": "Normalized provenance and trust fields that every observation, artifact, and action should carry.",
|
|
82
|
+
"hot_path": true,
|
|
83
|
+
"consumer_modules": [
|
|
84
|
+
"All policy modules",
|
|
85
|
+
"Telemetry",
|
|
86
|
+
"Replay"
|
|
87
|
+
],
|
|
88
|
+
"entry_count": 28
|
|
89
|
+
},
|
|
90
|
+
{
|
|
91
|
+
"kb_id": "KB_POLICY_CONTROLS",
|
|
92
|
+
"name": "Policy controls catalog",
|
|
93
|
+
"file_name": "safebrowse_vf_policy_controls_catalog.json",
|
|
94
|
+
"purpose": "Canonical control definitions and deployment recommendations.",
|
|
95
|
+
"hot_path": false,
|
|
96
|
+
"consumer_modules": [
|
|
97
|
+
"PolicyEngine",
|
|
98
|
+
"PolicyCompiler",
|
|
99
|
+
"Docs/CLI generators"
|
|
100
|
+
],
|
|
101
|
+
"entry_count": 45
|
|
102
|
+
},
|
|
103
|
+
{
|
|
104
|
+
"kb_id": "KB_INCIDENT_RESPONSE",
|
|
105
|
+
"name": "Incident response playbooks",
|
|
106
|
+
"file_name": "safebrowse_vf_incident_response_playbooks.json",
|
|
107
|
+
"purpose": "Default containment, rollback, quarantine, and forensic response actions.",
|
|
108
|
+
"hot_path": false,
|
|
109
|
+
"consumer_modules": [
|
|
110
|
+
"IncidentResponder",
|
|
111
|
+
"SOC integration",
|
|
112
|
+
"Replay"
|
|
113
|
+
],
|
|
114
|
+
"entry_count": 18
|
|
115
|
+
},
|
|
116
|
+
{
|
|
117
|
+
"kb_id": "KB_EVALUATION",
|
|
118
|
+
"name": "Evaluation and red-team scenarios",
|
|
119
|
+
"file_name": "safebrowse_vf_evaluation_scenarios.json",
|
|
120
|
+
"purpose": "Benchmark-aligned scenarios, metrics, and harness recommendations.",
|
|
121
|
+
"hot_path": false,
|
|
122
|
+
"consumer_modules": [
|
|
123
|
+
"QA",
|
|
124
|
+
"Benchmark harness",
|
|
125
|
+
"Red-team pipelines"
|
|
126
|
+
],
|
|
127
|
+
"entry_count": 10
|
|
128
|
+
},
|
|
129
|
+
{
|
|
130
|
+
"kb_id": "KB_SOURCE_REGISTRY",
|
|
131
|
+
"name": "Source registry",
|
|
132
|
+
"file_name": "safebrowse_vf_source_registry.json",
|
|
133
|
+
"purpose": "Traceable research sources and credibility metadata for the KB packs.",
|
|
134
|
+
"hot_path": false,
|
|
135
|
+
"consumer_modules": [
|
|
136
|
+
"KB management",
|
|
137
|
+
"Governance",
|
|
138
|
+
"Docs"
|
|
139
|
+
],
|
|
140
|
+
"entry_count": 30
|
|
141
|
+
}
|
|
142
|
+
]
|
|
143
|
+
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
LCaIctS8yvZlR+8sB4byY63EMMOZT4tCgfEFWlLo6PLDrfE7OOIxVA+CZt8Qm+x1gbzil4Y3zh6j47Q1vyAYDA==
|
|
1
|
+
LCaIctS8yvZlR+8sB4byY63EMMOZT4tCgfEFWlLo6PLDrfE7OOIxVA+CZt8Qm+x1gbzil4Y3zh6j47Q1vyAYDA==
|
|
@@ -1 +1 @@
|
|
|
1
|
-
i8um6kvcvpC0/ffcjGSrVClK5w04xXcMP78NPYiJMq/d0EMz9dS8Ynpew3ACKDaHRgNR98sm6P/v+QCm8TpNDw==
|
|
1
|
+
i8um6kvcvpC0/ffcjGSrVClK5w04xXcMP78NPYiJMq/d0EMz9dS8Ynpew3ACKDaHRgNR98sm6P/v+QCm8TpNDw==
|