@stackone/defender 0.3.1 → 0.4.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (12) hide show
  1. package/LICENSE +190 -560
  2. package/README.md +8 -7
  3. package/dist/index.cjs +3 -3
  4. package/dist/index.d.cts +22 -21
  5. package/dist/index.d.mts +23 -22
  6. package/dist/index.mjs +2 -2
  7. package/dist/models/minilm-full-aug/config.json +26 -26
  8. package/dist/models/minilm-full-aug/model_quantized.onnx +0 -0
  9. package/dist/models/minilm-full-aug/tokenizer.json +30676 -30676
  10. package/dist/models/minilm-full-aug/tokenizer_config.json +14 -14
  11. package/package.json +10 -4
  12. /package/dist/{chunk-Cfxk5zVN.mjs → chunk-UvegZiLi.mjs} +0 -0
package/README.md CHANGED
@@ -1,5 +1,6 @@
1
1
  # @stackone/defender
2
2
 
3
+ ---
3
4
  Prompt injection defense framework for AI tool-calling. Detects and neutralizes prompt injection attacks hidden in tool results (emails, documents, PRs, etc.) before they reach your LLM.
4
5
 
5
6
  ## Installation
@@ -73,8 +74,8 @@ Use `allowed` for blocking decisions:
73
74
  | Tool Pattern | Base Risk | Why |
74
75
  |--------------|-----------|-----|
75
76
  | `gmail_*`, `email_*` | `high` | Emails are the #1 injection vector |
76
- | `unified_documents_*` | `medium` | User-generated content |
77
- | `unified_hris_*` | `medium` | Employee data with free-text fields |
77
+ | `documents_*` | `medium` | User-generated content |
78
+ | `hris_*` | `medium` | Employee data with free-text fields |
78
79
  | `github_*` | `medium` | PRs/issues with user-generated content |
79
80
  | All other tools | `medium` | Default cautious level |
80
81
 
@@ -129,7 +130,7 @@ Batch method — defends multiple tool results concurrently.
129
130
  ```typescript
130
131
  const results = await defense.defendToolResults([
131
132
  { value: emailData, toolName: 'gmail_get_message' },
132
- { value: docData, toolName: 'unified_documents_get' },
133
+ { value: docData, toolName: 'documents_get' },
133
134
  { value: prData, toolName: 'github_get_pull_request' },
134
135
  ]);
135
136
 
@@ -208,10 +209,10 @@ Built-in rules define which fields to sanitize and what base risk level to use f
208
209
  | Tool Pattern | Risky Fields | Notes |
209
210
  |---|---|---|
210
211
  | `gmail_*`, `email_*` | subject, body, snippet, content | Base risk `high` — primary injection vector |
211
- | `unified_documents_*` | name, description, content, title | User-generated content |
212
+ | `documents_*` | name, description, content, title | User-generated content |
212
213
  | `github_*` | name, title, body, description | PRs, issues, comments |
213
- | `unified_hris_*` | name, notes, bio, description | Employee free-text fields |
214
- | `unified_ats_*`, `unified_crm_*` | _(default risky fields)_ | Uses global defaults |
214
+ | `hris_*` | name, notes, bio, description | Employee free-text fields |
215
+ | `ats_*`, `crm_*` | _(default risky fields)_ | Uses global defaults |
215
216
 
216
217
  Tools not matching any pattern use `medium` base risk with default risky field detection.
217
218
 
@@ -235,4 +236,4 @@ npm test
235
236
 
236
237
  ## License
237
238
 
238
- SSPL-1.0 — See [LICENSE](./LICENSE) for details.
239
+ Apache-2.0 — See [LICENSE](./LICENSE) for details.