@stackone/defender 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (12) hide show
  1. package/README.md +238 -0
  2. package/dist/chunk-Cfxk5zVN.mjs +1 -0
  3. package/dist/index.cjs +5 -0
  4. package/dist/index.d.cts +145 -0
  5. package/dist/index.d.mts +146 -0
  6. package/dist/index.mjs +5 -0
  7. package/dist/models/minilm-full-aug/.gitkeep +0 -0
  8. package/dist/models/minilm-full-aug/config.json +28 -0
  9. package/dist/models/minilm-full-aug/model_quantized.onnx +3 -0
  10. package/dist/models/minilm-full-aug/tokenizer.json +30678 -0
  11. package/dist/models/minilm-full-aug/tokenizer_config.json +16 -0
  12. package/package.json +70 -0
package/dist/index.d.cts ADDED
@@ -0,0 +1,145 @@
1
+ //#endregion
2
+ //#region src/classifiers/mlp.d.ts
3
+ interface MLPWeights {
4
+ config: {
5
+ dim?: number;
6
+ hidden?: number[];
7
+ embedding_model_id?: string;
8
+ };
9
+ state_dict: {
10
+ 'net.0.weight': number[][];
11
+ 'net.0.bias': number[];
12
+ 'net.3.weight': number[][];
13
+ 'net.3.bias': number[];
14
+ 'net.6.weight': number[][];
15
+ 'net.6.bias': number[];
16
+ };
17
+ }
18
+ //#endregion
19
+ //#region src/classifiers/weights.d.ts
20
+ declare const MLP_WEIGHTS: MLPWeights;
21
+ //#endregion
22
+ //#region src/classifiers/embedder.d.ts
23
+ interface EmbedderConfig {
24
+ modelId: string;
25
+ pooling: 'mean' | 'cls' | 'max';
26
+ normalize: boolean;
27
+ device?: 'cpu' | 'gpu' | 'auto';
28
+ }
29
+ //#endregion
30
+ //#region src/types.d.ts
31
+ type RiskLevel = 'low' | 'medium' | 'high' | 'critical';
32
+ interface PatternMatch {
33
+ pattern: string;
34
+ matched: string;
35
+ position: number;
36
+ category: PatternCategory;
37
+ severity: 'low' | 'medium' | 'high';
38
+ }
39
+ type PatternCategory = 'role_marker' | 'instruction_override' | 'role_assumption' | 'security_bypass' | 'command_execution' | 'encoding_suspicious' | 'structural';
40
+ interface Tier1Result {
41
+ matches: PatternMatch[];
42
+ structuralFlags: StructuralFlag[];
43
+ hasDetections: boolean;
44
+ suggestedRisk: RiskLevel;
45
+ latencyMs: number;
46
+ }
47
+ interface StructuralFlag {
48
+ type: 'high_entropy' | 'excessive_length' | 'suspicious_formatting' | 'nested_markers';
49
+ details: string;
50
+ severity: 'low' | 'medium' | 'high';
51
+ }
52
+ interface RiskyFieldConfig {
53
+ fieldNames: string[];
54
+ fieldPatterns: RegExp[];
55
+ toolOverrides?: Record<string, string[]>;
56
+ }
57
+ interface TraversalConfig {
58
+ maxDepth: number;
59
+ maxSize: number;
60
+ largeArrayThreshold: number;
61
+ skipLargeArrays: boolean;
62
+ }
63
+ interface ToolSanitizationRule {
64
+ toolPattern: string | RegExp;
65
+ riskyFields?: string[];
66
+ sanitizationLevel?: RiskLevel;
67
+ maxFieldLengths?: Record<string, number>;
68
+ skipFields?: string[];
69
+ cumulativeRiskThresholds?: {
70
+ medium: number;
71
+ high: number;
72
+ patterns: number;
73
+ };
74
+ }
75
+ interface PromptDefenseConfig {
76
+ riskyFields: RiskyFieldConfig;
77
+ traversal: TraversalConfig;
78
+ toolRules: ToolSanitizationRule[];
79
+ cumulativeRiskThresholds: {
80
+ medium: number;
81
+ high: number;
82
+ patterns: number;
83
+ };
84
+ tier2: {
85
+ enabled: boolean;
86
+ mode?: 'mlp' | 'onnx';
87
+ highRiskThreshold: number;
88
+ mediumRiskThreshold: number;
89
+ skipBelowSize: number;
90
+ };
91
+ blockHighRisk: boolean;
92
+ }
93
+ //#endregion
94
+ //#region src/classifiers/tier2-classifier.d.ts
95
+ interface Tier2ClassifierConfig {
96
+ mode: 'mlp' | 'onnx';
97
+ highRiskThreshold: number;
98
+ mediumRiskThreshold: number;
99
+ minTextLength: number;
100
+ maxTextLength: number;
101
+ embedder?: Partial<EmbedderConfig>;
102
+ onnxModelPath?: string;
103
+ }
104
+ //#endregion
105
+ //#region src/core/prompt-defense.d.ts
106
+ interface DefenseResult {
107
+ allowed: boolean;
108
+ riskLevel: RiskLevel;
109
+ sanitized: unknown;
110
+ detections: string[];
111
+ fieldsSanitized: string[];
112
+ patternsByField: Record<string, string[]>;
113
+ tier2Score?: number;
114
+ maxSentence?: string;
115
+ latencyMs: number;
116
+ }
117
+ interface PromptDefenseOptions {
118
+ config?: Partial<PromptDefenseConfig>;
119
+ enableTier1?: boolean;
120
+ enableTier2?: boolean;
121
+ tier2Config?: Partial<Tier2ClassifierConfig>;
122
+ tier2Weights?: MLPWeights;
123
+ blockHighRisk?: boolean;
124
+ defaultRiskLevel?: RiskLevel;
125
+ }
126
+ declare class PromptDefense {
127
+ private config;
128
+ private toolResultSanitizer;
129
+ private patternDetector;
130
+ private tier2Classifier;
131
+ constructor(options?: PromptDefenseOptions);
132
+ loadTier2Weights(weights: MLPWeights): void;
133
+ warmupTier2(): Promise<void>;
134
+ isTier2Ready(): boolean;
135
+ defendToolResult(value: unknown, toolName: string): Promise<DefenseResult>;
136
+ defendToolResults(items: Array<{
137
+ value: unknown;
138
+ toolName: string;
139
+ }>): Promise<DefenseResult[]>;
140
+ analyze(text: string): Tier1Result;
141
+ getConfig(): PromptDefenseConfig;
142
+ }
143
+ declare function createPromptDefense(options?: PromptDefenseOptions): PromptDefense;
144
+ //#endregion
145
+ export { type DefenseResult, MLP_WEIGHTS, PromptDefense, type PromptDefenseOptions, type RiskLevel, type Tier1Result, createPromptDefense };
package/dist/index.d.mts ADDED
@@ -0,0 +1,146 @@
1
+ import { t as __name } from "./chunk-Cfxk5zVN.mjs";
2
+
3
+ //#region src/classifiers/mlp.d.ts
4
+ interface MLPWeights {
5
+ config: {
6
+ dim?: number;
7
+ hidden?: number[];
8
+ embedding_model_id?: string;
9
+ };
10
+ state_dict: {
11
+ 'net.0.weight': number[][];
12
+ 'net.0.bias': number[];
13
+ 'net.3.weight': number[][];
14
+ 'net.3.bias': number[];
15
+ 'net.6.weight': number[][];
16
+ 'net.6.bias': number[];
17
+ };
18
+ }
19
+ //#endregion
20
+ //#region src/classifiers/weights.d.ts
21
+ declare const MLP_WEIGHTS: MLPWeights;
22
+ //#endregion
23
+ //#region src/classifiers/embedder.d.ts
24
+ interface EmbedderConfig {
25
+ modelId: string;
26
+ pooling: 'mean' | 'cls' | 'max';
27
+ normalize: boolean;
28
+ device?: 'cpu' | 'gpu' | 'auto';
29
+ }
30
+ //#endregion
31
+ //#region src/types.d.ts
32
+ type RiskLevel = 'low' | 'medium' | 'high' | 'critical';
33
+ interface PatternMatch {
34
+ pattern: string;
35
+ matched: string;
36
+ position: number;
37
+ category: PatternCategory;
38
+ severity: 'low' | 'medium' | 'high';
39
+ }
40
+ type PatternCategory = 'role_marker' | 'instruction_override' | 'role_assumption' | 'security_bypass' | 'command_execution' | 'encoding_suspicious' | 'structural';
41
+ interface Tier1Result {
42
+ matches: PatternMatch[];
43
+ structuralFlags: StructuralFlag[];
44
+ hasDetections: boolean;
45
+ suggestedRisk: RiskLevel;
46
+ latencyMs: number;
47
+ }
48
+ interface StructuralFlag {
49
+ type: 'high_entropy' | 'excessive_length' | 'suspicious_formatting' | 'nested_markers';
50
+ details: string;
51
+ severity: 'low' | 'medium' | 'high';
52
+ }
53
+ interface RiskyFieldConfig {
54
+ fieldNames: string[];
55
+ fieldPatterns: RegExp[];
56
+ toolOverrides?: Record<string, string[]>;
57
+ }
58
+ interface TraversalConfig {
59
+ maxDepth: number;
60
+ maxSize: number;
61
+ largeArrayThreshold: number;
62
+ skipLargeArrays: boolean;
63
+ }
64
+ interface ToolSanitizationRule {
65
+ toolPattern: string | RegExp;
66
+ riskyFields?: string[];
67
+ sanitizationLevel?: RiskLevel;
68
+ maxFieldLengths?: Record<string, number>;
69
+ skipFields?: string[];
70
+ cumulativeRiskThresholds?: {
71
+ medium: number;
72
+ high: number;
73
+ patterns: number;
74
+ };
75
+ }
76
+ interface PromptDefenseConfig {
77
+ riskyFields: RiskyFieldConfig;
78
+ traversal: TraversalConfig;
79
+ toolRules: ToolSanitizationRule[];
80
+ cumulativeRiskThresholds: {
81
+ medium: number;
82
+ high: number;
83
+ patterns: number;
84
+ };
85
+ tier2: {
86
+ enabled: boolean;
87
+ mode?: 'mlp' | 'onnx';
88
+ highRiskThreshold: number;
89
+ mediumRiskThreshold: number;
90
+ skipBelowSize: number;
91
+ };
92
+ blockHighRisk: boolean;
93
+ }
94
+ //#endregion
95
+ //#region src/classifiers/tier2-classifier.d.ts
96
+ interface Tier2ClassifierConfig {
97
+ mode: 'mlp' | 'onnx';
98
+ highRiskThreshold: number;
99
+ mediumRiskThreshold: number;
100
+ minTextLength: number;
101
+ maxTextLength: number;
102
+ embedder?: Partial<EmbedderConfig>;
103
+ onnxModelPath?: string;
104
+ }
105
+ //#endregion
106
+ //#region src/core/prompt-defense.d.ts
107
+ interface DefenseResult {
108
+ allowed: boolean;
109
+ riskLevel: RiskLevel;
110
+ sanitized: unknown;
111
+ detections: string[];
112
+ fieldsSanitized: string[];
113
+ patternsByField: Record<string, string[]>;
114
+ tier2Score?: number;
115
+ maxSentence?: string;
116
+ latencyMs: number;
117
+ }
118
+ interface PromptDefenseOptions {
119
+ config?: Partial<PromptDefenseConfig>;
120
+ enableTier1?: boolean;
121
+ enableTier2?: boolean;
122
+ tier2Config?: Partial<Tier2ClassifierConfig>;
123
+ tier2Weights?: MLPWeights;
124
+ blockHighRisk?: boolean;
125
+ defaultRiskLevel?: RiskLevel;
126
+ }
127
+ declare class PromptDefense {
128
+ private config;
129
+ private toolResultSanitizer;
130
+ private patternDetector;
131
+ private tier2Classifier;
132
+ constructor(options?: PromptDefenseOptions);
133
+ loadTier2Weights(weights: MLPWeights): void;
134
+ warmupTier2(): Promise<void>;
135
+ isTier2Ready(): boolean;
136
+ defendToolResult(value: unknown, toolName: string): Promise<DefenseResult>;
137
+ defendToolResults(items: Array<{
138
+ value: unknown;
139
+ toolName: string;
140
+ }>): Promise<DefenseResult[]>;
141
+ analyze(text: string): Tier1Result;
142
+ getConfig(): PromptDefenseConfig;
143
+ }
144
+ declare function createPromptDefense(options?: PromptDefenseOptions): PromptDefense;
145
+ //#endregion
146
+ export { type DefenseResult, MLP_WEIGHTS, PromptDefense, type PromptDefenseOptions, type RiskLevel, type Tier1Result, createPromptDefense };