@skillsmith/core 0.1.2 → 0.2.0

package/dist/src/security/rate-limiter/types.d.ts

@@ -0,0 +1,104 @@
+/**
+ * Rate Limiter Types - SMI-730, SMI-1013, SMI-1189
+ *
+ * Type definitions for rate limiting functionality.
+ */
+/**
+ * Rate limit metrics for monitoring and alerting
+ */
+export interface RateLimitMetrics {
+    /** Number of allowed requests */
+    allowed: number;
+    /** Number of blocked requests */
+    blocked: number;
+    /** Number of errors (storage failures, etc.) */
+    errors: number;
+    /** Last time metrics were reset */
+    lastReset: Date;
+    /** Last time metrics were updated */
+    lastUpdated: Date;
+}
+/**
+ * Rate limit configuration
+ */
+export interface RateLimitConfig {
+    /** Maximum tokens in bucket (burst capacity) */
+    maxTokens: number;
+    /** Tokens refilled per second */
+    refillRate: number;
+    /** Window duration in milliseconds (for cleanup) */
+    windowMs: number;
+    /** Key prefix for storage */
+    keyPrefix?: string;
+    /** Enable debug logging */
+    debug?: boolean;
+    /** Callback when rate limit is exceeded */
+    onLimitExceeded?: (key: string, metrics: RateLimitMetrics) => void;
+    /** Fail mode on storage errors: 'open' allows requests, 'closed' denies them (default: 'open') */
+    failMode?: 'open' | 'closed';
+    /** Enable request queuing when rate limited (SMI-1013, default: false) */
+    enableQueue?: boolean;
+    /** Maximum time to wait in queue in milliseconds (SMI-1013, default: 30000) */
+    queueTimeoutMs?: number;
+    /** Maximum number of requests that can wait in queue (SMI-1013, default: 100) */
+    maxQueueSize?: number;
+}
+/**
+ * Token bucket state
+ */
+export interface TokenBucket {
+    /** Current number of tokens */
+    tokens: number;
+    /** Last refill timestamp */
+    lastRefill: number;
+    /** First request timestamp (for window tracking) */
+    firstRequest: number;
+}
+/**
+ * Rate limit result
+ */
+export interface RateLimitResult {
+    /** Whether the request is allowed */
+    allowed: boolean;
+    /** Remaining tokens */
+    remaining: number;
+    /** Total tokens in bucket */
+    limit: number;
+    /** Milliseconds until bucket refills */
+    retryAfterMs?: number;
+    /** When the limit resets (ISO timestamp) */
+    resetAt?: string;
+    /** Current metrics for this key (optional) */
+    metrics?: RateLimitMetrics;
+    /** Whether the request waited in queue (SMI-1013) */
+    queued?: boolean;
+    /** Time spent waiting in queue in milliseconds (SMI-1013) */
+    queueWaitMs?: number;
+}
+/**
+ * Queued request waiting for a token (SMI-1013)
+ */
+export interface QueuedRequest {
+    /** Unique identifier for this request */
+    id: string;
+    /** Resolve function to signal the request can proceed */
+    resolve: (result: RateLimitResult) => void;
+    /** Reject function for timeout */
+    reject: (error: Error) => void;
+    /** Token cost for this request */
+    cost: number;
+    /** Timestamp when request was queued */
+    queuedAt: number;
+    /** Timeout handle */
+    timeoutHandle: NodeJS.Timeout;
+}
+/**
+ * Storage interface for rate limit data
+ */
+export interface RateLimitStorage {
+    get(key: string): Promise<TokenBucket | null>;
+    set(key: string, value: TokenBucket, ttlMs: number): Promise<void>;
+    delete(key: string): Promise<void>;
+    clear?(): Promise<void>;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/src/security/rate-limiter/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../../src/security/rate-limiter/types.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,iCAAiC;IACjC,OAAO,EAAE,MAAM,CAAA;IACf,iCAAiC;IACjC,OAAO,EAAE,MAAM,CAAA;IACf,gDAAgD;IAChD,MAAM,EAAE,MAAM,CAAA;IACd,mCAAmC;IACnC,SAAS,EAAE,IAAI,CAAA;IACf,qCAAqC;IACrC,WAAW,EAAE,IAAI,CAAA;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,gDAAgD;IAChD,SAAS,EAAE,MAAM,CAAA;IACjB,iCAAiC;IACjC,UAAU,EAAE,MAAM,CAAA;IAClB,oDAAoD;IACpD,QAAQ,EAAE,MAAM,CAAA;IAChB,6BAA6B;IAC7B,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,2BAA2B;IAC3B,KAAK,CAAC,EAAE,OAAO,CAAA;IACf,2CAA2C;IAC3C,eAAe,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,gBAAgB,KAAK,IAAI,CAAA;IAClE,kGAAkG;IAClG,QAAQ,CAAC,EAAE,MAAM,GAAG,QAAQ,CAAA;IAC5B,0EAA0E;IAC1E,WAAW,CAAC,EAAE,OAAO,CAAA;IACrB,+EAA+E;IAC/E,cAAc,CAAC,EAAE,MAAM,CAAA;IACvB,iFAAiF;IACjF,YAAY,CAAC,EAAE,MAAM,CAAA;CACtB;AAED;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,+BAA+B;IAC/B,MAAM,EAAE,MAAM,CAAA;IACd,4BAA4B;IAC5B,UAAU,EAAE,MAAM,CAAA;IAClB,oDAAoD;IACpD,YAAY,EAAE,MAAM,CAAA;CACrB;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,qCAAqC;IACrC,OAAO,EAAE,OAAO,CAAA;IAChB,uBAAuB;IACvB,SAAS,EAAE,MAAM,CAAA;IACjB,6BAA6B;IAC7B,KAAK,EAAE,MAAM,CAAA;IACb,wCAAwC;IACxC,YAAY,CAAC,EAAE,MAAM,CAAA;IACrB,4CAA4C;IAC5C,OAAO,CAAC,EAAE,MAAM,CAAA;IAChB,8CAA8C;IAC9C,OAAO,CAAC,EAAE,gBAAgB,CAAA;IAC1B,qDAAqD;IACrD,MAAM,CAAC,EAAE,OAAO,CAAA;IAChB,6DAA6D;IAC7D,WAAW,CAAC,EAAE,MAAM,CAAA;CACrB;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,yCAAyC;IACzC,EAAE,EAAE,MAAM,CAAA;IACV,yDAAyD;IACzD,OAAO,EAAE,CAAC,MAAM,EAAE,eAAe,KAAK,IAAI,CAAA;IAC1C,kCAAkC;IAClC,MAAM,EAAE,CAAC,KAAK,EAAE,KAAK,KAAK,IAAI,CAAA;IAC9B,kCAAkC;IAClC,IAAI,EAAE,MAAM,CAAA;IACZ,wCAAwC;IACxC,QAAQ,EAAE,MAAM,CAAA;IAChB,qBAAqB;IACrB,aAAa,EAAE,MAAM,CAAC,OAAO,CAAA;CAC9B;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC,CAAA;IAC7C,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,WAAW,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;IAClE,MAAM,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;IAClC,KAAK,CAAC,IAAI,OAAO,CAAC,IAAI,CAAC,CAAA;CACxB"}

package/dist/src/security/rate-limiter/types.js

@@ -0,0 +1,7 @@
+/**
+ * Rate Limiter Types - SMI-730, SMI-1013, SMI-1189
+ *
+ * Type definitions for rate limiting functionality.
+ */
+export {};
+//# sourceMappingURL=types.js.map

package/dist/src/security/rate-limiter/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../../src/security/rate-limiter/types.ts"],"names":[],"mappings":"AAAA;;;;GAIG"}

package/dist/src/security/scanner/SecurityScanner.d.ts

@@ -0,0 +1,94 @@
+/**
+ * Security Scanner - SMI-587, SMI-685, SMI-882, SMI-1189
+ *
+ * Security scanning for skill content with advanced pattern detection.
+ */
+import type { SecurityFinding, ScanReport, ScannerOptions, RiskScoreBreakdown } from './types.js';
+export declare class SecurityScanner {
+    private allowedDomains;
+    private blockedPatterns;
+    private maxContentLength;
+    private riskThreshold;
+    constructor(options?: ScannerOptions);
+    /**
+     * Extract all URLs from content
+     */
+    private extractUrls;
+    /**
+     * Check if URL domain is allowed
+     */
+    private isAllowedDomain;
+    /**
+     * Scan for non-allowlisted URLs
+     */
+    private scanUrls;
+    /**
+     * Scan for sensitive file path references
+     * SMI-882: Uses safeRegexCheck to prevent ReDoS
+     */
+    private scanSensitivePaths;
+    /**
+     * Scan for jailbreak attempts
+     * SMI-882: Uses safeRegexTest to prevent ReDoS
+     */
+    private scanJailbreakPatterns;
+    /**
+     * Scan for suspicious code patterns
+     * SMI-882: Uses safeRegexTest to prevent ReDoS
+     */
+    private scanSuspiciousPatterns;
+    /**
+     * SMI-685: Scan for social engineering attempts
+     * SMI-882: Uses safeRegexTest to prevent ReDoS
+     * Detects patterns like "pretend to be", "roleplay as", "you are now"
+     */
+    private scanSocialEngineering;
+    /**
+     * SMI-685: Scan for prompt leaking attempts
+     * SMI-882: Uses safeRegexTest to prevent ReDoS
+     * Detects patterns like "show me your instructions", "what are your rules"
+     */
+    private scanPromptLeaking;
+    /**
+     * SMI-685: Scan for data exfiltration patterns
+     * SMI-882: Uses safeRegexTest to prevent ReDoS
+     * Detects encoding to external URLs, file upload patterns
+     */
+    private scanDataExfiltration;
+    /**
+     * SMI-685: Scan for privilege escalation patterns
+     * SMI-882: Uses safeRegexTest to prevent ReDoS
+     * Detects sudo with passwords, chmod patterns, root access attempts
+     */
+    private scanPrivilegeEscalation;
+    /**
+     * SMI-685: Calculate risk score from findings
+     * Aggregates multiple findings into a risk score from 0-100
+     * @param findings - Array of security findings
+     * @returns Risk score breakdown and total
+     */
+    calculateRiskScore(findings: SecurityFinding[]): {
+        total: number;
+        breakdown: RiskScoreBreakdown;
+    };
+    /**
+     * Perform full security scan
+     * SMI-685: Enhanced with new pattern detection and risk scoring
+     */
+    scan(skillId: string, content: string): ScanReport;
+    /**
+     * Quick check without full scan
+     * SMI-882: Uses safeRegexCheck to prevent ReDoS
+     */
+    quickCheck(content: string): boolean;
+    /**
+     * Add allowed domain
+     */
+    addAllowedDomain(domain: string): void;
+    /**
+     * Add blocked pattern
+     */
+    addBlockedPattern(pattern: RegExp): void;
+}
+export default SecurityScanner;
+//# sourceMappingURL=SecurityScanner.d.ts.map

package/dist/src/security/scanner/SecurityScanner.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"SecurityScanner.d.ts","sourceRoot":"","sources":["../../../../src/security/scanner/SecurityScanner.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EACV,eAAe,EACf,UAAU,EACV,cAAc,EACd,kBAAkB,EACnB,MAAM,YAAY,CAAA;AAcnB,qBAAa,eAAe;IAC1B,OAAO,CAAC,cAAc,CAAa;IACnC,OAAO,CAAC,eAAe,CAAU;IACjC,OAAO,CAAC,gBAAgB,CAAQ;IAChC,OAAO,CAAC,aAAa,CAAQ;gBAEjB,OAAO,GAAE,cAAmB;IAOxC;;OAEG;IACH,OAAO,CAAC,WAAW;IAenB;;OAEG;IACH,OAAO,CAAC,eAAe;IAcvB;;OAEG;IACH,OAAO,CAAC,QAAQ;IAmBhB;;;OAGG;IACH,OAAO,CAAC,kBAAkB;IAuB1B;;;OAGG;IACH,OAAO,CAAC,qBAAqB;IAwB7B;;;OAGG;IACH,OAAO,CAAC,sBAAsB;IAwC9B;;;;OAIG;IACH,OAAO,CAAC,qBAAqB;IAyB7B;;;;OAIG;IACH,OAAO,CAAC,iBAAiB;IAyBzB;;;;OAIG;IACH,OAAO,CAAC,oBAAoB;IAyB5B;;;;OAIG;IACH,OAAO,CAAC,uBAAuB;IAyB/B;;;;;OAKG;IACH,kBAAkB,CAAC,QAAQ,EAAE,eAAe,EAAE,GAAG;QAC/C,KAAK,EAAE,MAAM,CAAA;QACb,SAAS,EAAE,kBAAkB,CAAA;KAC9B;IA0ED;;;OAGG;IACH,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,UAAU;IA8ClD;;;OAGG;IACH,UAAU,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO;IASpC;;OAEG;IACH,gBAAgB,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI;IAItC;;OAEG;IACH,iBAAiB,CAAC,OAAO,EAAE,MAAM,GAAG,IAAI;CAGzC;AAED,eAAe,eAAe,CAAA"}

package/dist/src/security/scanner/SecurityScanner.js

@@ -0,0 +1,403 @@
+/**
+ * Security Scanner - SMI-587, SMI-685, SMI-882, SMI-1189
+ *
+ * Security scanning for skill content with advanced pattern detection.
+ */
+import { DEFAULT_ALLOWED_DOMAINS, SENSITIVE_PATH_PATTERNS, JAILBREAK_PATTERNS, SUSPICIOUS_PATTERNS, SOCIAL_ENGINEERING_PATTERNS, PROMPT_LEAKING_PATTERNS, DATA_EXFILTRATION_PATTERNS, PRIVILEGE_ESCALATION_PATTERNS, } from './patterns.js';
+import { SEVERITY_WEIGHTS, CATEGORY_WEIGHTS } from './weights.js';
+import { safeRegexTest, safeRegexCheck } from './regex-utils.js';
+export class SecurityScanner {
+    allowedDomains;
+    blockedPatterns;
+    maxContentLength;
+    riskThreshold;
+    constructor(options = {}) {
+        this.allowedDomains = new Set(options.allowedDomains ?? DEFAULT_ALLOWED_DOMAINS);
+        this.blockedPatterns = options.blockedPatterns ?? [];
+        this.maxContentLength = options.maxContentLength ?? 1_000_000; // 1MB
+        this.riskThreshold = options.riskThreshold ?? 40;
+    }
+    /**
+     * Extract all URLs from content
+     */
+    extractUrls(content) {
+        const urlPattern = /https?:\/\/[^\s<>"')\]]+/gi;
+        const lines = content.split('\n');
+        const results = [];
+        lines.forEach((line, index) => {
+            let match;
+            while ((match = urlPattern.exec(line)) !== null) {
+                results.push({ url: match[0], line: index + 1 });
+            }
+        });
+        return results;
+    }
+    /**
+     * Check if URL domain is allowed
+     */
+    isAllowedDomain(url) {
+        try {
+            const parsed = new URL(url);
+            const hostname = parsed.hostname.toLowerCase();
+            // Check exact match or subdomain match
+            return Array.from(this.allowedDomains).some((domain) => hostname === domain || hostname.endsWith('.' + domain));
+        }
+        catch {
+            return false;
+        }
+    }
+    /**
+     * Scan for non-allowlisted URLs
+     */
+    scanUrls(content) {
+        const findings = [];
+        const urls = this.extractUrls(content);
+        for (const { url, line } of urls) {
+            if (!this.isAllowedDomain(url)) {
+                findings.push({
+                    type: 'url',
+                    severity: 'medium',
+                    message: `External URL not in allowlist: ${url}`,
+                    location: url,
+                    lineNumber: line,
+                });
+            }
+        }
+        return findings;
+    }
+    /**
+     * Scan for sensitive file path references
+     * SMI-882: Uses safeRegexCheck to prevent ReDoS
+     */
+    scanSensitivePaths(content) {
+        const findings = [];
+        const lines = content.split('\n');
+        lines.forEach((line, index) => {
+            for (const pattern of SENSITIVE_PATH_PATTERNS) {
+                // SMI-882: Use safe regex check with length limit
+                if (safeRegexCheck(pattern, line)) {
+                    findings.push({
+                        type: 'sensitive_path',
+                        severity: 'high',
+                        message: `Reference to potentially sensitive path: ${pattern.source}`,
+                        location: line.trim().slice(0, 100),
+                        lineNumber: index + 1,
+                    });
+                    break; // One finding per line
+                }
+            }
+        });
+        return findings;
+    }
+    /**
+     * Scan for jailbreak attempts
+     * SMI-882: Uses safeRegexTest to prevent ReDoS
+     */
+    scanJailbreakPatterns(content) {
+        const findings = [];
+        const lines = content.split('\n');
+        lines.forEach((line, index) => {
+            for (const pattern of JAILBREAK_PATTERNS) {
+                // SMI-882: Use safe regex test with length limit
+                const match = safeRegexTest(pattern, line);
+                if (match) {
+                    findings.push({
+                        type: 'jailbreak',
+                        severity: 'critical',
+                        message: `Potential jailbreak pattern detected: "${match[0]}"`,
+                        location: line.trim().slice(0, 100),
+                        lineNumber: index + 1,
+                    });
+                    break; // One finding per line
+                }
+            }
+        });
+        return findings;
+    }
+    /**
+     * Scan for suspicious code patterns
+     * SMI-882: Uses safeRegexTest to prevent ReDoS
+     */
+    scanSuspiciousPatterns(content) {
+        const findings = [];
+        const lines = content.split('\n');
+        lines.forEach((line, index) => {
+            for (const pattern of SUSPICIOUS_PATTERNS) {
+                // SMI-882: Use safe regex test with length limit
+                const match = safeRegexTest(pattern, line);
+                if (match) {
+                    findings.push({
+                        type: 'suspicious_pattern',
+                        severity: 'medium',
+                        message: `Suspicious pattern detected: "${match[0]}"`,
+                        location: line.trim().slice(0, 100),
+                        lineNumber: index + 1,
+                    });
+                    break; // One finding per line
+                }
+            }
+            // Check custom blocked patterns
+            for (const pattern of this.blockedPatterns) {
+                // SMI-882: Use safe regex test with length limit
+                const match = safeRegexTest(pattern, line);
+                if (match) {
+                    findings.push({
+                        type: 'suspicious_pattern',
+                        severity: 'high',
+                        message: `Blocked pattern detected: "${match[0]}"`,
+                        location: line.trim().slice(0, 100),
+                        lineNumber: index + 1,
+                    });
+                    break;
+                }
+            }
+        });
+        return findings;
+    }
+    /**
+     * SMI-685: Scan for social engineering attempts
+     * SMI-882: Uses safeRegexTest to prevent ReDoS
+     * Detects patterns like "pretend to be", "roleplay as", "you are now"
+     */
+    scanSocialEngineering(content) {
+        const findings = [];
+        const lines = content.split('\n');
+        lines.forEach((line, index) => {
+            for (const pattern of SOCIAL_ENGINEERING_PATTERNS) {
+                // SMI-882: Use safe regex test with length limit
+                const match = safeRegexTest(pattern, line);
+                if (match) {
+                    findings.push({
+                        type: 'social_engineering',
+                        severity: 'high',
+                        message: `Social engineering attempt detected: "${match[0]}"`,
+                        location: line.trim().slice(0, 100),
+                        lineNumber: index + 1,
+                        category: 'social_engineering',
+                    });
+                    break; // One finding per line
+                }
+            }
+        });
+        return findings;
+    }
+    /**
+     * SMI-685: Scan for prompt leaking attempts
+     * SMI-882: Uses safeRegexTest to prevent ReDoS
+     * Detects patterns like "show me your instructions", "what are your rules"
+     */
+    scanPromptLeaking(content) {
+        const findings = [];
+        const lines = content.split('\n');
+        lines.forEach((line, index) => {
+            for (const pattern of PROMPT_LEAKING_PATTERNS) {
+                // SMI-882: Use safe regex test with length limit
+                const match = safeRegexTest(pattern, line);
+                if (match) {
+                    findings.push({
+                        type: 'prompt_leaking',
+                        severity: 'critical',
+                        message: `Prompt leaking attempt detected: "${match[0]}"`,
+                        location: line.trim().slice(0, 100),
+                        lineNumber: index + 1,
+                        category: 'prompt_leaking',
+                    });
+                    break; // One finding per line
+                }
+            }
+        });
+        return findings;
+    }
+    /**
+     * SMI-685: Scan for data exfiltration patterns
+     * SMI-882: Uses safeRegexTest to prevent ReDoS
+     * Detects encoding to external URLs, file upload patterns
+     */
+    scanDataExfiltration(content) {
+        const findings = [];
+        const lines = content.split('\n');
+        lines.forEach((line, index) => {
+            for (const pattern of DATA_EXFILTRATION_PATTERNS) {
+                // SMI-882: Use safe regex test with length limit
+                const match = safeRegexTest(pattern, line);
+                if (match) {
+                    findings.push({
+                        type: 'data_exfiltration',
+                        severity: 'high',
+                        message: `Potential data exfiltration pattern: "${match[0]}"`,
+                        location: line.trim().slice(0, 100),
+                        lineNumber: index + 1,
+                        category: 'data_exfiltration',
+                    });
+                    break; // One finding per line
+                }
+            }
+        });
+        return findings;
+    }
+    /**
+     * SMI-685: Scan for privilege escalation patterns
+     * SMI-882: Uses safeRegexTest to prevent ReDoS
+     * Detects sudo with passwords, chmod patterns, root access attempts
+     */
+    scanPrivilegeEscalation(content) {
+        const findings = [];
+        const lines = content.split('\n');
+        lines.forEach((line, index) => {
+            for (const pattern of PRIVILEGE_ESCALATION_PATTERNS) {
+                // SMI-882: Use safe regex test with length limit
+                const match = safeRegexTest(pattern, line);
+                if (match) {
+                    findings.push({
+                        type: 'privilege_escalation',
+                        severity: 'critical',
+                        message: `Privilege escalation pattern detected: "${match[0]}"`,
+                        location: line.trim().slice(0, 100),
+                        lineNumber: index + 1,
+                        category: 'privilege_escalation',
+                    });
+                    break; // One finding per line
+                }
+            }
+        });
+        return findings;
+    }
+    /**
+     * SMI-685: Calculate risk score from findings
+     * Aggregates multiple findings into a risk score from 0-100
+     * @param findings - Array of security findings
+     * @returns Risk score breakdown and total
+     */
+    calculateRiskScore(findings) {
+        const breakdown = {
+            jailbreak: 0,
+            socialEngineering: 0,
+            promptLeaking: 0,
+            dataExfiltration: 0,
+            privilegeEscalation: 0,
+            suspiciousCode: 0,
+            sensitivePaths: 0,
+            externalUrls: 0,
+        };
+        // Calculate raw scores by category
+        for (const finding of findings) {
+            const severityWeight = SEVERITY_WEIGHTS[finding.severity];
+            const categoryWeight = CATEGORY_WEIGHTS[finding.type] ?? 1.0;
+            const score = severityWeight * categoryWeight;
+            switch (finding.type) {
+                case 'jailbreak':
+                    breakdown.jailbreak += score;
+                    break;
+                case 'social_engineering':
+                    breakdown.socialEngineering += score;
+                    break;
+                case 'prompt_leaking':
+                    breakdown.promptLeaking += score;
+                    break;
+                case 'data_exfiltration':
+                    breakdown.dataExfiltration += score;
+                    break;
+                case 'privilege_escalation':
+                    breakdown.privilegeEscalation += score;
+                    break;
+                case 'suspicious_pattern':
+                    breakdown.suspiciousCode += score;
+                    break;
+                case 'sensitive_path':
+                    breakdown.sensitivePaths += score;
+                    break;
+                case 'url':
+                    breakdown.externalUrls += score;
+                    break;
+            }
+        }
+        // Cap each category at 100
+        breakdown.jailbreak = Math.min(100, breakdown.jailbreak);
+        breakdown.socialEngineering = Math.min(100, breakdown.socialEngineering);
+        breakdown.promptLeaking = Math.min(100, breakdown.promptLeaking);
+        breakdown.dataExfiltration = Math.min(100, breakdown.dataExfiltration);
+        breakdown.privilegeEscalation = Math.min(100, breakdown.privilegeEscalation);
+        breakdown.suspiciousCode = Math.min(100, breakdown.suspiciousCode);
+        breakdown.sensitivePaths = Math.min(100, breakdown.sensitivePaths);
+        breakdown.externalUrls = Math.min(100, breakdown.externalUrls);
+        // Calculate total as weighted average, capped at 100
+        const total = Math.min(100, Math.round(breakdown.jailbreak * 0.25 +
+            breakdown.socialEngineering * 0.15 +
+            breakdown.promptLeaking * 0.15 +
+            breakdown.dataExfiltration * 0.12 +
+            breakdown.privilegeEscalation * 0.13 +
+            breakdown.suspiciousCode * 0.1 +
+            breakdown.sensitivePaths * 0.05 +
+            breakdown.externalUrls * 0.05));
+        return { total, breakdown };
+    }
+    /**
+     * Perform full security scan
+     * SMI-685: Enhanced with new pattern detection and risk scoring
+     */
+    scan(skillId, content) {
+        const startTime = performance.now();
+        const findings = [];
+        // Check content length
+        if (content.length > this.maxContentLength) {
+            findings.push({
+                type: 'suspicious_pattern',
+                severity: 'low',
+                message: `Content exceeds maximum length (${this.maxContentLength} bytes)`,
+            });
+        }
+        // Run all scans (original)
+        findings.push(...this.scanUrls(content));
+        findings.push(...this.scanSensitivePaths(content));
+        findings.push(...this.scanJailbreakPatterns(content));
+        findings.push(...this.scanSuspiciousPatterns(content));
+        // SMI-685: Run new scans
+        findings.push(...this.scanSocialEngineering(content));
+        findings.push(...this.scanPromptLeaking(content));
+        findings.push(...this.scanDataExfiltration(content));
+        findings.push(...this.scanPrivilegeEscalation(content));
+        const endTime = performance.now();
+        // SMI-685: Calculate risk score
+        const { total: riskScore, breakdown: riskBreakdown } = this.calculateRiskScore(findings);
+        // Determine if scan passed based on risk threshold and severity
+        const hasCritical = findings.some((f) => f.severity === 'critical');
+        const hasHigh = findings.some((f) => f.severity === 'high');
+        const exceedsThreshold = riskScore >= this.riskThreshold;
+        return {
+            skillId,
+            passed: !hasCritical && !hasHigh && !exceedsThreshold,
+            findings,
+            scannedAt: new Date(),
+            scanDurationMs: endTime - startTime,
+            riskScore,
+            riskBreakdown,
+        };
+    }
+    /**
+     * Quick check without full scan
+     * SMI-882: Uses safeRegexCheck to prevent ReDoS
+     */
+    quickCheck(content) {
+        // Check for critical patterns only
+        for (const pattern of JAILBREAK_PATTERNS) {
+            // SMI-882: Use safe regex check with length limit
+            if (safeRegexCheck(pattern, content))
+                return false;
+        }
+        return true;
+    }
+    /**
+     * Add allowed domain
+     */
+    addAllowedDomain(domain) {
+        this.allowedDomains.add(domain.toLowerCase());
+    }
+    /**
+     * Add blocked pattern
+     */
+    addBlockedPattern(pattern) {
+        this.blockedPatterns.push(pattern);
+    }
+}
+export default SecurityScanner;
+//# sourceMappingURL=SecurityScanner.js.map

package/dist/src/security/scanner/SecurityScanner.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"SecurityScanner.js","sourceRoot":"","sources":["../../../../src/security/scanner/SecurityScanner.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAQH,OAAO,EACL,uBAAuB,EACvB,uBAAuB,EACvB,kBAAkB,EAClB,mBAAmB,EACnB,2BAA2B,EAC3B,uBAAuB,EACvB,0BAA0B,EAC1B,6BAA6B,GAC9B,MAAM,eAAe,CAAA;AACtB,OAAO,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAA;AACjE,OAAO,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAA;AAEhE,MAAM,OAAO,eAAe;IAClB,cAAc,CAAa;IAC3B,eAAe,CAAU;IACzB,gBAAgB,CAAQ;IACxB,aAAa,CAAQ;IAE7B,YAAY,UAA0B,EAAE;QACtC,IAAI,CAAC,cAAc,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,cAAc,IAAI,uBAAuB,CAAC,CAAA;QAChF,IAAI,CAAC,eAAe,GAAG,OAAO,CAAC,eAAe,IAAI,EAAE,CAAA;QACpD,IAAI,CAAC,gBAAgB,GAAG,OAAO,CAAC,gBAAgB,IAAI,SAAS,CAAA,CAAC,MAAM;QACpE,IAAI,CAAC,aAAa,GAAG,OAAO,CAAC,aAAa,IAAI,EAAE,CAAA;IAClD,CAAC;IAED;;OAEG;IACK,WAAW,CAAC,OAAe;QACjC,MAAM,UAAU,GAAG,4BAA4B,CAAA;QAC/C,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;QACjC,MAAM,OAAO,GAAyC,EAAE,CAAA;QAExD,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE;YAC5B,IAAI,KAAK,CAAA;YACT,OAAO,CAAC,KAAK,GAAG,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;gBAChD,OAAO,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,KAAK,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,KAAK,GAAG,CAAC,EAAE,CAAC,CAAA;YAClD,CAAC;QACH,CAAC,CAAC,CAAA;QAEF,OAAO,OAAO,CAAA;IAChB,CAAC;IAED;;OAEG;IACK,eAAe,CAAC,GAAW;QACjC,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAA;YAC3B,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAA;YAE9C,uCAAuC;YACvC,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,IAAI,CACzC,CAAC,MAAM,EAAE,EAAE,CAAC,QAAQ,KAAK,MAAM,IAAI,QAAQ,CAAC,QAAQ,CAAC,GAAG,GAAG,MAAM,CAAC,CACnE,CAAA;QACH,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAA;QACd,CAAC;IACH,CAAC;IAED;;OAEG;IACK,QAAQ,CAAC,OAAe;QAC9B,MAAM,QAAQ,GAAsB,EAAE,CAAA;QACtC,MAAM,IAAI,GAAG,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,CAAA;QAEtC,KAAK,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,IAAI,IAAI,EAAE,CAAC;YACjC,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC/B,QAAQ,CAAC,IAAI,CAAC;oBACZ,IAAI,EAAE,KAAK;oBACX,QAAQ,EAAE,QAAQ;oBAClB,OAAO,EAAE,kCAAkC,GAAG,EAAE;oBAChD,QAAQ,EAAE,GAAG;oBACb,UAAU,EAAE,IAAI;iBACjB,CAAC,CAAA;YACJ,CAAC;QACH,CAAC;QAED,OAAO,QAAQ,CAAA;IACjB,CAAC;IAED;;;OAGG;IACK,kBAAkB,CAAC,OAAe;QACxC,MAAM,QAAQ,GAAsB,EAAE,CAAA;QACtC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;QAEjC,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE;YAC5B,KAAK,MAAM,OAAO,IAAI,uBAAuB,EAAE,CAAC;gBAC9C,kDAAkD;gBAClD,IAAI,cAAc,CAAC,OAAO,EAAE,IAAI,CAAC,EAAE,CAAC;oBAClC,QAAQ,CAAC,IAAI,CAAC;wBACZ,IAAI,EAAE,gBAAgB;wBACtB,QAAQ,EAAE,MAAM;wBAChB,OAAO,EAAE,4CAA4C,OAAO,CAAC,MAAM,EAAE;wBACrE,QAAQ,EAAE,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;wBACnC,UAAU,EAAE,KAAK,GAAG,CAAC;qBACtB,CAAC,CAAA;oBACF,MAAK,CAAC,uBAAuB;gBAC/B,CAAC;YACH,CAAC;QACH,CAAC,CAAC,CAAA;QAEF,OAAO,QAAQ,CAAA;IACjB,CAAC;IAED;;;OAGG;IACK,qBAAqB,CAAC,OAAe;QAC3C,MAAM,QAAQ,GAAsB,EAAE,CAAA;QACtC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;QAEjC,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE;YAC5B,KAAK,MAAM,OAAO,IAAI,kBAAkB,EAAE,CAAC;gBACzC,iDAAiD;gBACjD,MAAM,KAAK,GAAG,aAAa,CAAC,OAAO,EAAE,IAAI,CAAC,CAAA;gBAC1C,IAAI,KAAK,EAAE,CAAC;oBACV,QAAQ,CAAC,IAAI,CAAC;wBACZ,IAAI,EAAE,WAAW;wBACjB,QAAQ,EAAE,UAAU;wBACpB,OAAO,EAAE,0CAA0C,KAAK,CAAC,CAAC,CAAC,GAAG;wBAC9D,QAAQ,EAAE,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;wBACnC,UAAU,EAAE,KAAK,GAAG,CAAC;qBACtB,CAAC,CAAA;oBACF,MAAK,CAAC,uBAAuB;gBAC/B,CAAC;YACH,CAAC;QACH,CAAC,CAAC,CAAA;QAEF,OAAO,QAAQ,CAAA;IACjB,CAAC;IAED;;;OAGG;IACK,sBAAsB,CAAC,OAAe;QAC5C,MAAM,QAAQ,GAAsB,EAAE,CAAA;QACtC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;QAEjC,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE;YAC5B,KAAK,MAAM,OAAO,IAAI,mBAAmB,EAAE,CAAC;gBAC1C,iDAAiD;gBACjD,MAAM,KAAK,GAAG,aAAa,CAAC,OAAO,EAAE,IAAI,CAAC,CAAA;gBAC1C,IAAI,KAAK,EAAE,CAAC;oBACV,QAAQ,CAAC,IAAI,CAAC;wBACZ,IAAI,EAAE,oBAAoB;wBAC1B,QAAQ,EAAE,QAAQ;wBAClB,OAAO,EAAE,iCAAiC,KAAK,CAAC,CAAC,CAAC,GAAG;wBACrD,QAAQ,EAAE,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;wBACnC,UAAU,EAAE,KAAK,GAAG,CAAC;qBACtB,CAAC,CAAA;oBACF,MAAK,CAAC,uBAAuB;gBAC/B,CAAC;YACH,CAAC;YAED,gCAAgC;YAChC,KAAK,MAAM,OAAO,IAAI,IAAI,CAAC,eAAe,EAAE,CAAC;gBAC3C,iDAAiD;gBACjD,MAAM,KAAK,GAAG,aAAa,CAAC,OAAO,EAAE,IAAI,CAAC,CAAA;gBAC1C,IAAI,KAAK,EAAE,CAAC;oBACV,QAAQ,CAAC,IAAI,CAAC;wBACZ,IAAI,EAAE,oBAAoB;wBAC1B,QAAQ,EAAE,MAAM;wBAChB,OAAO,EAAE,8BAA8B,KAAK,CAAC,CAAC,CAAC,GAAG;wBAClD,QAAQ,EAAE,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;wBACnC,UAAU,EAAE,KAAK,GAAG,CAAC;qBACtB,CAAC,CAAA;oBACF,MAAK;gBACP,CAAC;YACH,CAAC;QACH,CAAC,CAAC,CAAA;QAEF,OAAO,QAAQ,CAAA;IACjB,CAAC;IAED;;;;OAIG;IACK,qBAAqB,CAAC,OAAe;QAC3C,MAAM,QAAQ,GAAsB,EAAE,CAAA;QACtC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;QAEjC,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE;YAC5B,KAAK,MAAM,OAAO,IAAI,2BAA2B,EAAE,CAAC;gBAClD,iDAAiD;gBACjD,MAAM,KAAK,GAAG,aAAa,CAAC,OAAO,EAAE,IAAI,CAAC,CAAA;gBAC1C,IAAI,KAAK,EAAE,CAAC;oBACV,QAAQ,CAAC,IAAI,CAAC;wBACZ,IAAI,EAAE,oBAAoB;wBAC1B,QAAQ,EAAE,MAAM;wBAChB,OAAO,EAAE,yCAAyC,KAAK,CAAC,CAAC,CAAC,GAAG;wBAC7D,QAAQ,EAAE,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;wBACnC,UAAU,EAAE,KAAK,GAAG,CAAC;wBACrB,QAAQ,EAAE,oBAAoB;qBAC/B,CAAC,CAAA;oBACF,MAAK,CAAC,uBAAuB;gBAC/B,CAAC;YACH,CAAC;QACH,CAAC,CAAC,CAAA;QAEF,OAAO,QAAQ,CAAA;IACjB,CAAC;IAED;;;;OAIG;IACK,iBAAiB,CAAC,OAAe;QACvC,MAAM,QAAQ,GAAsB,EAAE,CAAA;QACtC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;QAEjC,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE;YAC5B,KAAK,MAAM,OAAO,IAAI,uBAAuB,EAAE,CAAC;gBAC9C,iDAAiD;gBACjD,MAAM,KAAK,GAAG,aAAa,CAAC,OAAO,EAAE,IAAI,CAAC,CAAA;gBAC1C,IAAI,KAAK,EAAE,CAAC;oBACV,QAAQ,CAAC,IAAI,CAAC;wBACZ,IAAI,EAAE,gBAAgB;wBACtB,QAAQ,EAAE,UAAU;wBACpB,OAAO,EAAE,qCAAqC,KAAK,CAAC,CAAC,CAAC,GAAG;wBACzD,QAAQ,EAAE,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;wBACnC,UAAU,EAAE,KAAK,GAAG,CAAC;wBACrB,QAAQ,EAAE,gBAAgB;qBAC3B,CAAC,CAAA;oBACF,MAAK,CAAC,uBAAuB;gBAC/B,CAAC;YACH,CAAC;QACH,CAAC,CAAC,CAAA;QAEF,OAAO,QAAQ,CAAA;IACjB,CAAC;IAED;;;;OAIG;IACK,oBAAoB,CAAC,OAAe;QAC1C,MAAM,QAAQ,GAAsB,EAAE,CAAA;QACtC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;QAEjC,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE;YAC5B,KAAK,MAAM,OAAO,IAAI,0BAA0B,EAAE,CAAC;gBACjD,iDAAiD;gBACjD,MAAM,KAAK,GAAG,aAAa,CAAC,OAAO,EAAE,IAAI,CAAC,CAAA;gBAC1C,IAAI,KAAK,EAAE,CAAC;oBACV,QAAQ,CAAC,IAAI,CAAC;wBACZ,IAAI,EAAE,mBAAmB;wBACzB,QAAQ,EAAE,MAAM;wBAChB,OAAO,EAAE,yCAAyC,KAAK,CAAC,CAAC,CAAC,GAAG;wBAC7D,QAAQ,EAAE,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;wBACnC,UAAU,EAAE,KAAK,GAAG,CAAC;wBACrB,QAAQ,EAAE,mBAAmB;qBAC9B,CAAC,CAAA;oBACF,MAAK,CAAC,uBAAuB;gBAC/B,CAAC;YACH,CAAC;QACH,CAAC,CAAC,CAAA;QAEF,OAAO,QAAQ,CAAA;IACjB,CAAC;IAED;;;;OAIG;IACK,uBAAuB,CAAC,OAAe;QAC7C,MAAM,QAAQ,GAAsB,EAAE,CAAA;QACtC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;QAEjC,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE;YAC5B,KAAK,MAAM,OAAO,IAAI,6BAA6B,EAAE,CAAC;gBACpD,iDAAiD;gBACjD,MAAM,KAAK,GAAG,aAAa,CAAC,OAAO,EAAE,IAAI,CAAC,CAAA;gBAC1C,IAAI,KAAK,EAAE,CAAC;oBACV,QAAQ,CAAC,IAAI,CAAC;wBACZ,IAAI,EAAE,sBAAsB;wBAC5B,QAAQ,EAAE,UAAU;wBACpB,OAAO,EAAE,2CAA2C,KAAK,CAAC,CAAC,CAAC,GAAG;wBAC/D,QAAQ,EAAE,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;wBACnC,UAAU,EAAE,KAAK,GAAG,CAAC;wBACrB,QAAQ,EAAE,sBAAsB;qBACjC,CAAC,CAAA;oBACF,MAAK,CAAC,uBAAuB;gBAC/B,CAAC;YACH,CAAC;QACH,CAAC,CAAC,CAAA;QAEF,OAAO,QAAQ,CAAA;IACjB,CAAC;IAED;;;;;OAKG;IACH,kBAAkB,CAAC,QAA2B;QAI5C,MAAM,SAAS,GAAuB;YACpC,SAAS,EAAE,CAAC;YACZ,iBAAiB,EAAE,CAAC;YACpB,aAAa,EAAE,CAAC;YAChB,gBAAgB,EAAE,CAAC;YACnB,mBAAmB,EAAE,CAAC;YACtB,cAAc,EAAE,CAAC;YACjB,cAAc,EAAE,CAAC;YACjB,YAAY,EAAE,CAAC;SAChB,CAAA;QAED,mCAAmC;QACnC,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;YAC/B,MAAM,cAAc,GAAG,gBAAgB,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAA;YACzD,MAAM,cAAc,GAAG,gBAAgB,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,GAAG,CAAA;YAC5D,MAAM,KAAK,GAAG,cAAc,GAAG,cAAc,CAAA;YAE7C,QAAQ,OAAO,CAAC,IAAI,EAAE,CAAC;gBACrB,KAAK,WAAW;oBACd,SAAS,CAAC,SAAS,IAAI,KAAK,CAAA;oBAC5B,MAAK;gBACP,KAAK,oBAAoB;oBACvB,SAAS,CAAC,iBAAiB,IAAI,KAAK,CAAA;oBACpC,MAAK;gBACP,KAAK,gBAAgB;oBACnB,SAAS,CAAC,aAAa,IAAI,KAAK,CAAA;oBAChC,MAAK;gBACP,KAAK,mBAAmB;oBACtB,SAAS,CAAC,gBAAgB,IAAI,KAAK,CAAA;oBACnC,MAAK;gBACP,KAAK,sBAAsB;oBACzB,SAAS,CAAC,mBAAmB,IAAI,KAAK,CAAA;oBACtC,MAAK;gBACP,KAAK,oBAAoB;oBACvB,SAAS,CAAC,cAAc,IAAI,KAAK,CAAA;oBACjC,MAAK;gBACP,KAAK,gBAAgB;oBACnB,SAAS,CAAC,cAAc,IAAI,KAAK,CAAA;oBACjC,MAAK;gBACP,KAAK,KAAK;oBACR,SAAS,CAAC,YAAY,IAAI,KAAK,CAAA;oBAC/B,MAAK;YACT,CAAC;QACH,CAAC;QAED,2BAA2B;QAC3B,SAAS,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,SAAS,CAAC,SAAS,CAAC,CAAA;QACxD,SAAS,CAAC,iBAAiB,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,SAAS,CAAC,iBAAiB,CAAC,CAAA;QACxE,SAAS,CAAC,aAAa,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,SAAS,CAAC,aAAa,CAAC,CAAA;QAChE,SAAS,CAAC,gBAAgB,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,SAAS,CAAC,gBAAgB,CAAC,CAAA;QACtE,SAAS,CAAC,mBAAmB,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,SAAS,CAAC,mBAAmB,CAAC,CAAA;QAC5E,SAAS,CAAC,cAAc,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,SAAS,CAAC,cAAc,CAAC,CAAA;QAClE,SAAS,CAAC,cAAc,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,SAAS,CAAC,cAAc,CAAC,CAAA;QAClE,SAAS,CAAC,YAAY,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,SAAS,CAAC,YAAY,CAAC,CAAA;QAE9D,qDAAqD;QACrD,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CACpB,GAAG,EACH,IAAI,CAAC,KAAK,CACR,SAAS,CAAC,SAAS,GAAG,IAAI;YACxB,SAAS,CAAC,iBAAiB,GAAG,IAAI;YAClC,SAAS,CAAC,aAAa,GAAG,IAAI;YAC9B,SAAS,CAAC,gBAAgB,GAAG,IAAI;YACjC,SAAS,CAAC,mBAAmB,GAAG,IAAI;YACpC,SAAS,CAAC,cAAc,GAAG,GAAG;YAC9B,SAAS,CAAC,cAAc,GAAG,IAAI;YAC/B,SAAS,CAAC,YAAY,GAAG,IAAI,CAChC,CACF,CAAA;QAED,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,CAAA;IAC7B,CAAC;IAED;;;OAGG;IACH,IAAI,CAAC,OAAe,EAAE,OAAe;QACnC,MAAM,SAAS,GAAG,WAAW,CAAC,GAAG,EAAE,CAAA;QACnC,MAAM,QAAQ,GAAsB,EAAE,CAAA;QAEtC,uBAAuB;QACvB,IAAI,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,gBAAgB,EAAE,CAAC;YAC3C,QAAQ,CAAC,IAAI,CAAC;gBACZ,IAAI,EAAE,oBAAoB;gBAC1B,QAAQ,EAAE,KAAK;gBACf,OAAO,EAAE,mCAAmC,IAAI,CAAC,gBAAgB,SAAS;aAC3E,CAAC,CAAA;QACJ,CAAC;QAED,2BAA2B;QAC3B,QAAQ,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAA;QACxC,QAAQ,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,kBAAkB,CAAC,OAAO,CAAC,CAAC,CAAA;QAClD,QAAQ,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,qBAAqB,CAAC,OAAO,CAAC,CAAC,CAAA;QACrD,QAAQ,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,sBAAsB,CAAC,OAAO,CAAC,CAAC,CAAA;QAEtD,yBAAyB;QACzB,QAAQ,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,qBAAqB,CAAC,OAAO,CAAC,CAAC,CAAA;QACrD,QAAQ,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,iBAAiB,CAAC,OAAO,CAAC,CAAC,CAAA;QACjD,QAAQ,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,oBAAoB,CAAC,OAAO,CAAC,CAAC,CAAA;QACpD,QAAQ,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,uBAAuB,CAAC,OAAO,CAAC,CAAC,CAAA;QAEvD,MAAM,OAAO,GAAG,WAAW,CAAC,GAAG,EAAE,CAAA;QAEjC,gCAAgC;QAChC,MAAM,EAAE,KAAK,EAAE,SAAS,EAAE,SAAS,EAAE,aAAa,EAAE,GAAG,IAAI,CAAC,kBAAkB,CAAC,QAAQ,CAAC,CAAA;QAExF,gEAAgE;QAChE,MAAM,WAAW,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAA;QACnE,MAAM,OAAO,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAA;QAC3D,MAAM,gBAAgB,GAAG,SAAS,IAAI,IAAI,CAAC,aAAa,CAAA;QAExD,OAAO;YACL,OAAO;YACP,MAAM,EAAE,CAAC,WAAW,IAAI,CAAC,OAAO,IAAI,CAAC,gBAAgB;YACrD,QAAQ;YACR,SAAS,EAAE,IAAI,IAAI,EAAE;YACrB,cAAc,EAAE,OAAO,GAAG,SAAS;YACnC,SAAS;YACT,aAAa;SACd,CAAA;IACH,CAAC;IAED;;;OAGG;IACH,UAAU,CAAC,OAAe;QACxB,mCAAmC;QACnC,KAAK,MAAM,OAAO,IAAI,kBAAkB,EAAE,CAAC;YACzC,kDAAkD;YAClD,IAAI,cAAc,CAAC,OAAO,EAAE,OAAO,CAAC;gBAAE,OAAO,KAAK,CAAA;QACpD,CAAC;QACD,OAAO,IAAI,CAAA;IACb,CAAC;IAED;;OAEG;IACH,gBAAgB,CAAC,MAAc;QAC7B,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC,CAAA;IAC/C,CAAC;IAED;;OAEG;IACH,iBAAiB,CAAC,OAAe;QAC/B,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;IACpC,CAAC;CACF;AAED,eAAe,eAAe,CAAA"}

package/dist/src/security/scanner/index.d.ts

@@ -0,0 +1,11 @@
+/**
+ * Security Scanner Module - SMI-587, SMI-685, SMI-882, SMI-1189
+ *
+ * Re-exports for security scanning functionality.
+ */
+export type { SecurityFindingType, SecuritySeverity, SecurityFinding, RiskScoreBreakdown, ScanReport, ScannerOptions, } from './types.js';
+export { DEFAULT_ALLOWED_DOMAINS, SENSITIVE_PATH_PATTERNS, JAILBREAK_PATTERNS, SUSPICIOUS_PATTERNS, SOCIAL_ENGINEERING_PATTERNS, PROMPT_LEAKING_PATTERNS, DATA_EXFILTRATION_PATTERNS, PRIVILEGE_ESCALATION_PATTERNS, } from './patterns.js';
+export { SEVERITY_WEIGHTS, CATEGORY_WEIGHTS } from './weights.js';
+export { MAX_LINE_LENGTH_FOR_REGEX, safeRegexTest, safeRegexCheck } from './regex-utils.js';
+export { SecurityScanner, default } from './SecurityScanner.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/src/security/scanner/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/security/scanner/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,YAAY,EACV,mBAAmB,EACnB,gBAAgB,EAChB,eAAe,EACf,kBAAkB,EAClB,UAAU,EACV,cAAc,GACf,MAAM,YAAY,CAAA;AAGnB,OAAO,EACL,uBAAuB,EACvB,uBAAuB,EACvB,kBAAkB,EAClB,mBAAmB,EACnB,2BAA2B,EAC3B,uBAAuB,EACvB,0BAA0B,EAC1B,6BAA6B,GAC9B,MAAM,eAAe,CAAA;AAGtB,OAAO,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAA;AAGjE,OAAO,EAAE,yBAAyB,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAA;AAG3F,OAAO,EAAE,eAAe,EAAE,OAAO,EAAE,MAAM,sBAAsB,CAAA"}