@visorcraft/idlehands 2.0.2 → 2.1.1

package/dist/security/prompt-guard.js

@@ -0,0 +1,120 @@
+/**
+ * Prompt Injection Guard
+ *
+ * Scans incoming user messages for prompt injection patterns:
+ * - System prompt override attempts
+ * - Role confusion attacks
+ * - Secret extraction attempts
+ * - Jailbreak attempts (DAN, developer mode, etc.)
+ * - Tool call JSON injection
+ *
+ * Returns a scored result with configurable action (warn/block/sanitize).
+ *
+ * Inspired by ZeroClaw's prompt_guard.rs.
+ */
+const systemOverridePatterns = [
+    /ignore\s+(?:(?:all\s+)?(?:previous|above|prior)|all)\s+(?:instructions?|prompts?|commands?)/i,
+    /disregard\s+(?:previous|all|above|prior)/i,
+    /forget\s+(?:previous|all|everything|above)/i,
+    /new\s+(?:instructions?|rules?|system\s+prompt)/i,
+    /override\s+(?:system|instructions?|rules?)/i,
+    /reset\s+(?:instructions?|context|system)/i,
+];
+const roleConfusionPatterns = [
+    /(?:you\s+are\s+now|act\s+as|pretend\s+(?:you're|to\s+be))\s+(?:a|an|the)?/i,
+    /(?:your\s+new\s+role|you\s+have\s+become|you\s+must\s+be)/i,
+    /from\s+now\s+on\s+(?:you\s+are|act\s+as|pretend)/i,
+    /(?:assistant|AI|system|model):\s*\[?(?:system|override|new\s+role)/i,
+];
+const secretExtractionPatterns = [
+    /(?:list|show|print|display|reveal|tell\s+me)\s+(?:all\s+)?(?:secrets?|credentials?|passwords?|tokens?|keys?)/i,
+    /(?:what|show)\s+(?:are|is|me)\s+(?:all\s+)?(?:your|the)\s+(?:api\s+)?(?:keys?|secrets?|credentials?)/i,
+    /contents?\s+of\s+(?:vault|secrets?|credentials?)/i,
+    /(?:dump|export)\s+(?:vault|secrets?|credentials?)/i,
+];
+const jailbreakPatterns = [
+    /\bDAN\b.*mode/i,
+    /do\s+anything\s+now/i,
+    /enter\s+(?:developer|debug|admin)\s+mode/i,
+    /enable\s+(?:developer|debug|admin)\s+mode/i,
+    /in\s+this\s+hypothetical/i,
+    /imagine\s+you\s+(?:have\s+no|don't\s+have)\s+(?:restrictions?|rules?|limits?)/i,
+    /decode\s+(?:this|the\s+following)\s+(?:base64|hex|rot13)/i,
+];
+const categoryCheckers = [
+    (content, _lower) => {
+        for (const re of systemOverridePatterns) {
+            if (re.test(content))
+                return { name: 'system_prompt_override', score: 1.0 };
+        }
+        return null;
+    },
+    (content, _lower) => {
+        for (const re of roleConfusionPatterns) {
+            if (re.test(content))
+                return { name: 'role_confusion', score: 0.9 };
+        }
+        return null;
+    },
+    (content, lower) => {
+        // Tool call injection
+        if (lower.includes('tool_calls') || lower.includes('function_call')) {
+            if (content.includes('{"type":') || content.includes('{"name":')) {
+                return { name: 'tool_call_injection', score: 0.8 };
+            }
+        }
+        if (content.includes('}"}') || content.includes("}'}")) {
+            return { name: 'json_escape_attempt', score: 0.7 };
+        }
+        return null;
+    },
+    (content, _lower) => {
+        for (const re of secretExtractionPatterns) {
+            if (re.test(content))
+                return { name: 'secret_extraction', score: 0.95 };
+        }
+        return null;
+    },
+    (content, _lower) => {
+        for (const re of jailbreakPatterns) {
+            if (re.test(content))
+                return { name: 'jailbreak_attempt', score: 0.85 };
+        }
+        return null;
+    },
+];
+export class PromptGuard {
+    action;
+    sensitivity;
+    constructor(action = 'warn', sensitivity = 0.7) {
+        this.action = action;
+        this.sensitivity = Math.max(0, Math.min(1, sensitivity));
+    }
+    /** Scan a message for prompt injection patterns. */
+    scan(content) {
+        const lower = content.toLowerCase();
+        const detected = [];
+        for (const checker of categoryCheckers) {
+            const result = checker(content, lower);
+            if (result)
+                detected.push(result);
+        }
+        if (detected.length === 0) {
+            return { safe: true, patterns: [], score: 0 };
+        }
+        const maxScore = Math.max(...detected.map((d) => d.score));
+        const totalScore = detected.reduce((sum, d) => sum + d.score, 0);
+        const normalizedScore = Math.min(1, totalScore / categoryCheckers.length);
+        const patterns = detected.map((d) => d.name);
+        if (this.action === 'block' && maxScore > this.sensitivity) {
+            return {
+                safe: false,
+                patterns,
+                score: normalizedScore,
+                blocked: `Potential prompt injection detected (score: ${normalizedScore.toFixed(2)}): ${patterns.join(', ')}`,
+            };
+        }
+        return { safe: false, patterns, score: normalizedScore };
+    }
+}
+//# sourceMappingURL=prompt-guard.js.map

package/dist/security/prompt-guard.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"prompt-guard.js","sourceRoot":"","sources":["../../src/security/prompt-guard.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAgBH,MAAM,sBAAsB,GAAG;IAC7B,8FAA8F;IAC9F,2CAA2C;IAC3C,6CAA6C;IAC7C,iDAAiD;IACjD,6CAA6C;IAC7C,2CAA2C;CAC5C,CAAC;AAEF,MAAM,qBAAqB,GAAG;IAC5B,4EAA4E;IAC5E,4DAA4D;IAC5D,mDAAmD;IACnD,qEAAqE;CACtE,CAAC;AAEF,MAAM,wBAAwB,GAAG;IAC/B,+GAA+G;IAC/G,uGAAuG;IACvG,mDAAmD;IACnD,oDAAoD;CACrD,CAAC;AAEF,MAAM,iBAAiB,GAAG;IACxB,gBAAgB;IAChB,sBAAsB;IACtB,2CAA2C;IAC3C,4CAA4C;IAC5C,2BAA2B;IAC3B,gFAAgF;IAChF,2DAA2D;CAC5D,CAAC;AAEF,MAAM,gBAAgB,GAAsB;IAC1C,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QAClB,KAAK,MAAM,EAAE,IAAI,sBAAsB,EAAE,CAAC;YACxC,IAAI,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC;gBAAE,OAAO,EAAE,IAAI,EAAE,wBAAwB,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC;QAC9E,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IACD,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QAClB,KAAK,MAAM,EAAE,IAAI,qBAAqB,EAAE,CAAC;YACvC,IAAI,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC;gBAAE,OAAO,EAAE,IAAI,EAAE,gBAAgB,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC;QACtE,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IACD,CAAC,OAAO,EAAE,KAAK,EAAE,EAAE;QACjB,sBAAsB;QACtB,IAAI,KAAK,CAAC,QAAQ,CAAC,YAAY,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,eAAe,CAAC,EAAE,CAAC;YACpE,IAAI,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;gBACjE,OAAO,EAAE,IAAI,EAAE,qBAAqB,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC;YACrD,CAAC;QACH,CAAC;QACD,IAAI,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;YACvD,OAAO,EAAE,IAAI,EAAE,qBAAqB,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC;QACrD,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IACD,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QAClB,KAAK,MAAM,EAAE,IAAI,wBAAwB,EAAE,CAAC;YAC1C,IAAI,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC;gBAAE,OAAO,EAAE,IAAI,EAAE,mBAAmB,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;QAC1E,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IACD,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QAClB,KAAK,MAAM,EAAE,IAAI,iBAAiB,EAAE,CAAC;YACnC,IAAI,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC;gBAAE,OAAO,EAAE,IAAI,EAAE,mBAAmB,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;QAC1E,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;CACF,CAAC;AAEF,MAAM,OAAO,WAAW;IACd,MAAM,CAAc;IACpB,WAAW,CAAS;IAE5B,YAAY,SAAsB,MAAM,EAAE,WAAW,GAAG,GAAG;QACzD,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,WAAW,CAAC,CAAC,CAAC;IAC3D,CAAC;IAED,oDAAoD;IACpD,IAAI,CAAC,OAAe;QAClB,MAAM,KAAK,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC;QACpC,MAAM,QAAQ,GAA2C,EAAE,CAAC;QAE5D,KAAK,MAAM,OAAO,IAAI,gBAAgB,EAAE,CAAC;YACvC,MAAM,MAAM,GAAG,OAAO,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;YACvC,IAAI,MAAM;gBAAE,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACpC,CAAC;QAED,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC1B,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC;QAChD,CAAC;QAED,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC;QAC3D,MAAM,UAAU,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;QACjE,MAAM,eAAe,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,UAAU,GAAG,gBAAgB,CAAC,MAAM,CAAC,CAAC;QAC1E,MAAM,QAAQ,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;QAE7C,IAAI,IAAI,CAAC,MAAM,KAAK,OAAO,IAAI,QAAQ,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;YAC3D,OAAO;gBACL,IAAI,EAAE,KAAK;gBACX,QAAQ;gBACR,KAAK,EAAE,eAAe;gBACtB,OAAO,EAAE,+CAA+C,eAAe,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;aAC9G,CAAC;QACJ,CAAC;QAED,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,QAAQ,EAAE,KAAK,EAAE,eAAe,EAAE,CAAC;IAC3D,CAAC;CACF"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@visorcraft/idlehands",
-  "version": "2.0.2",
+  "version": "2.1.1",
   "type": "module",
   "description": "Local-first coding agent CLI for OpenAI-compatible endpoints",
   "license": "MIT",