@vorionsys/atsf-core 0.2.2 → 0.2.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +3 -3
- package/README.md +77 -11
- package/dist/api/index.d.ts +1 -1
- package/dist/api/index.js +1 -1
- package/dist/api/server.d.ts +5 -2
- package/dist/api/server.d.ts.map +1 -1
- package/dist/api/server.js +186 -149
- package/dist/api/server.js.map +1 -1
- package/dist/arbitration/index.d.ts +4 -4
- package/dist/arbitration/index.d.ts.map +1 -1
- package/dist/arbitration/index.js +46 -41
- package/dist/arbitration/index.js.map +1 -1
- package/dist/arbitration/types.d.ts +10 -10
- package/dist/arbitration/types.d.ts.map +1 -1
- package/dist/basis/evaluator.d.ts +1 -1
- package/dist/basis/evaluator.d.ts.map +1 -1
- package/dist/basis/evaluator.js +56 -54
- package/dist/basis/evaluator.js.map +1 -1
- package/dist/basis/index.d.ts +3 -3
- package/dist/basis/index.js +3 -3
- package/dist/basis/parser.d.ts +16 -16
- package/dist/basis/parser.d.ts.map +1 -1
- package/dist/basis/parser.js +32 -25
- package/dist/basis/parser.js.map +1 -1
- package/dist/basis/types.d.ts +2 -2
- package/dist/chain/index.d.ts.map +1 -1
- package/dist/chain/index.js +16 -16
- package/dist/chain/index.js.map +1 -1
- package/dist/cognigate/index.d.ts +1 -1
- package/dist/cognigate/index.d.ts.map +1 -1
- package/dist/cognigate/index.js +44 -33
- package/dist/cognigate/index.js.map +1 -1
- package/dist/common/adapters.d.ts +18 -11
- package/dist/common/adapters.d.ts.map +1 -1
- package/dist/common/adapters.js +100 -79
- package/dist/common/adapters.js.map +1 -1
- package/dist/common/config.d.ts +67 -67
- package/dist/common/config.js +49 -49
- package/dist/common/config.js.map +1 -1
- package/dist/common/index.d.ts +4 -4
- package/dist/common/index.js +4 -4
- package/dist/common/logger.d.ts +1 -1
- package/dist/common/logger.js +8 -8
- package/dist/common/types.d.ts +8 -8
- package/dist/common/types.js +5 -5
- package/dist/containment/index.d.ts +3 -3
- package/dist/containment/index.d.ts.map +1 -1
- package/dist/containment/index.js +119 -105
- package/dist/containment/index.js.map +1 -1
- package/dist/containment/types.d.ts +11 -11
- package/dist/containment/types.d.ts.map +1 -1
- package/dist/contracts/index.d.ts +9 -9
- package/dist/contracts/index.d.ts.map +1 -1
- package/dist/contracts/index.js +59 -54
- package/dist/contracts/index.js.map +1 -1
- package/dist/contracts/types.d.ts +12 -12
- package/dist/contracts/types.d.ts.map +1 -1
- package/dist/crewai/callback.d.ts +91 -0
- package/dist/crewai/callback.d.ts.map +1 -0
- package/dist/crewai/callback.js +271 -0
- package/dist/crewai/callback.js.map +1 -0
- package/dist/crewai/executor.d.ts +135 -0
- package/dist/crewai/executor.d.ts.map +1 -0
- package/dist/crewai/executor.js +381 -0
- package/dist/crewai/executor.js.map +1 -0
- package/dist/crewai/index.d.ts +12 -0
- package/dist/crewai/index.d.ts.map +1 -0
- package/dist/crewai/index.js +12 -0
- package/dist/crewai/index.js.map +1 -0
- package/dist/crewai/tools.d.ts +21 -0
- package/dist/crewai/tools.d.ts.map +1 -0
- package/dist/crewai/tools.js +164 -0
- package/dist/crewai/tools.js.map +1 -0
- package/dist/crewai/types.d.ts +139 -0
- package/dist/crewai/types.d.ts.map +1 -0
- package/dist/crewai/types.js +9 -0
- package/dist/crewai/types.js.map +1 -0
- package/dist/enforce/index.d.ts +48 -222
- package/dist/enforce/index.d.ts.map +1 -1
- package/dist/enforce/index.js +144 -47
- package/dist/enforce/index.js.map +1 -1
- package/dist/enforce/trust-aware-enforcement-service.d.ts +121 -0
- package/dist/enforce/trust-aware-enforcement-service.d.ts.map +1 -0
- package/dist/enforce/trust-aware-enforcement-service.js +601 -0
- package/dist/enforce/trust-aware-enforcement-service.js.map +1 -0
- package/dist/enforce/types.d.ts +234 -0
- package/dist/enforce/types.d.ts.map +1 -0
- package/dist/enforce/types.js +10 -0
- package/dist/enforce/types.js.map +1 -0
- package/dist/governance/fluid-workflow.d.ts +8 -8
- package/dist/governance/fluid-workflow.d.ts.map +1 -1
- package/dist/governance/fluid-workflow.js +114 -86
- package/dist/governance/fluid-workflow.js.map +1 -1
- package/dist/governance/index.d.ts +7 -7
- package/dist/governance/index.d.ts.map +1 -1
- package/dist/governance/index.js +81 -74
- package/dist/governance/index.js.map +1 -1
- package/dist/governance/proof-bridge.d.ts +6 -6
- package/dist/governance/proof-bridge.d.ts.map +1 -1
- package/dist/governance/proof-bridge.js +5 -5
- package/dist/governance/proof-bridge.js.map +1 -1
- package/dist/governance/types.d.ts +16 -9
- package/dist/governance/types.d.ts.map +1 -1
- package/dist/governance/types.js.map +1 -1
- package/dist/index.d.ts +29 -25
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +33 -23
- package/dist/index.js.map +1 -1
- package/dist/intent/index.d.ts +21 -56
- package/dist/intent/index.d.ts.map +1 -1
- package/dist/intent/index.js +58 -24
- package/dist/intent/index.js.map +1 -1
- package/dist/intent/persistent-intent-service.d.ts +68 -0
- package/dist/intent/persistent-intent-service.d.ts.map +1 -0
- package/dist/intent/persistent-intent-service.js +277 -0
- package/dist/intent/persistent-intent-service.js.map +1 -0
- package/dist/intent/types.d.ts +69 -0
- package/dist/intent/types.d.ts.map +1 -0
- package/dist/intent/types.js +10 -0
- package/dist/intent/types.js.map +1 -0
- package/dist/intent-gateway/index.d.ts +522 -0
- package/dist/intent-gateway/index.d.ts.map +1 -0
- package/dist/intent-gateway/index.js +1499 -0
- package/dist/intent-gateway/index.js.map +1 -0
- package/dist/langchain/callback.d.ts +2 -2
- package/dist/langchain/callback.d.ts.map +1 -1
- package/dist/langchain/callback.js +30 -30
- package/dist/langchain/callback.js.map +1 -1
- package/dist/langchain/executor.d.ts +4 -4
- package/dist/langchain/executor.d.ts.map +1 -1
- package/dist/langchain/executor.js +82 -80
- package/dist/langchain/executor.js.map +1 -1
- package/dist/langchain/index.d.ts +5 -5
- package/dist/langchain/index.js +5 -5
- package/dist/langchain/tools.d.ts +1 -1
- package/dist/langchain/tools.d.ts.map +1 -1
- package/dist/langchain/tools.js +33 -33
- package/dist/langchain/tools.js.map +1 -1
- package/dist/langchain/types.d.ts +3 -3
- package/dist/langchain/types.d.ts.map +1 -1
- package/dist/layers/implementations/L0-request-format.d.ts +37 -0
- package/dist/layers/implementations/L0-request-format.d.ts.map +1 -0
- package/dist/layers/implementations/L0-request-format.js +218 -0
- package/dist/layers/implementations/L0-request-format.js.map +1 -0
- package/dist/layers/implementations/L1-input-size.d.ts +36 -0
- package/dist/layers/implementations/L1-input-size.d.ts.map +1 -0
- package/dist/layers/implementations/L1-input-size.js +160 -0
- package/dist/layers/implementations/L1-input-size.js.map +1 -0
- package/dist/layers/implementations/L2-charset-sanitizer.d.ts +28 -0
- package/dist/layers/implementations/L2-charset-sanitizer.d.ts.map +1 -0
- package/dist/layers/implementations/L2-charset-sanitizer.js +230 -0
- package/dist/layers/implementations/L2-charset-sanitizer.js.map +1 -0
- package/dist/layers/implementations/L3-schema-conformance.d.ts +47 -0
- package/dist/layers/implementations/L3-schema-conformance.d.ts.map +1 -0
- package/dist/layers/implementations/L3-schema-conformance.js +267 -0
- package/dist/layers/implementations/L3-schema-conformance.js.map +1 -0
- package/dist/layers/implementations/L4-injection-detector.d.ts +47 -0
- package/dist/layers/implementations/L4-injection-detector.d.ts.map +1 -0
- package/dist/layers/implementations/L4-injection-detector.js +260 -0
- package/dist/layers/implementations/L4-injection-detector.js.map +1 -0
- package/dist/layers/implementations/L5-rate-limiter.d.ts +51 -0
- package/dist/layers/implementations/L5-rate-limiter.d.ts.map +1 -0
- package/dist/layers/implementations/L5-rate-limiter.js +183 -0
- package/dist/layers/implementations/L5-rate-limiter.js.map +1 -0
- package/dist/layers/implementations/index.d.ts +16 -0
- package/dist/layers/implementations/index.d.ts.map +1 -0
- package/dist/layers/implementations/index.js +16 -0
- package/dist/layers/implementations/index.js.map +1 -0
- package/dist/layers/index.d.ts +3 -3
- package/dist/layers/index.d.ts.map +1 -1
- package/dist/layers/index.js +99 -71
- package/dist/layers/index.js.map +1 -1
- package/dist/layers/types.d.ts +16 -16
- package/dist/layers/types.d.ts.map +1 -1
- package/dist/persistence/file.d.ts +3 -3
- package/dist/persistence/file.d.ts.map +1 -1
- package/dist/persistence/file.js +32 -28
- package/dist/persistence/file.js.map +1 -1
- package/dist/persistence/index.d.ts +7 -7
- package/dist/persistence/index.d.ts.map +1 -1
- package/dist/persistence/index.js +18 -18
- package/dist/persistence/index.js.map +1 -1
- package/dist/persistence/memory.d.ts +3 -3
- package/dist/persistence/memory.d.ts.map +1 -1
- package/dist/persistence/memory.js +10 -8
- package/dist/persistence/memory.js.map +1 -1
- package/dist/persistence/sqlite.d.ts +3 -3
- package/dist/persistence/sqlite.d.ts.map +1 -1
- package/dist/persistence/sqlite.js +36 -36
- package/dist/persistence/sqlite.js.map +1 -1
- package/dist/persistence/supabase.d.ts +3 -3
- package/dist/persistence/supabase.d.ts.map +1 -1
- package/dist/persistence/supabase.js +41 -43
- package/dist/persistence/supabase.js.map +1 -1
- package/dist/persistence/types.d.ts +5 -5
- package/dist/phase6/ceiling.d.ts +5 -5
- package/dist/phase6/ceiling.d.ts.map +1 -1
- package/dist/phase6/ceiling.js +67 -34
- package/dist/phase6/ceiling.js.map +1 -1
- package/dist/phase6/context.d.ts +3 -3
- package/dist/phase6/context.d.ts.map +1 -1
- package/dist/phase6/context.js +91 -45
- package/dist/phase6/context.js.map +1 -1
- package/dist/phase6/index.d.ts +13 -13
- package/dist/phase6/index.d.ts.map +1 -1
- package/dist/phase6/index.js +16 -16
- package/dist/phase6/index.js.map +1 -1
- package/dist/phase6/presets.d.ts +2 -2
- package/dist/phase6/presets.d.ts.map +1 -1
- package/dist/phase6/presets.js +39 -33
- package/dist/phase6/presets.js.map +1 -1
- package/dist/phase6/provenance.d.ts +4 -4
- package/dist/phase6/provenance.d.ts.map +1 -1
- package/dist/phase6/provenance.js +42 -35
- package/dist/phase6/provenance.js.map +1 -1
- package/dist/phase6/role-gates/index.d.ts +2 -2
- package/dist/phase6/role-gates/index.js +2 -2
- package/dist/phase6/role-gates/kernel.d.ts.map +1 -1
- package/dist/phase6/role-gates/kernel.js +16 -16
- package/dist/phase6/role-gates/kernel.js.map +1 -1
- package/dist/phase6/role-gates/policy.d.ts +2 -2
- package/dist/phase6/role-gates/policy.js +6 -6
- package/dist/phase6/role-gates.d.ts +4 -4
- package/dist/phase6/role-gates.d.ts.map +1 -1
- package/dist/phase6/role-gates.js +80 -58
- package/dist/phase6/role-gates.js.map +1 -1
- package/dist/phase6/types.d.ts +35 -35
- package/dist/phase6/types.d.ts.map +1 -1
- package/dist/phase6/types.js +166 -66
- package/dist/phase6/types.js.map +1 -1
- package/dist/phase6/weight-presets/canonical.d.ts +2 -2
- package/dist/phase6/weight-presets/canonical.d.ts.map +1 -1
- package/dist/phase6/weight-presets/canonical.js +12 -12
- package/dist/phase6/weight-presets/canonical.js.map +1 -1
- package/dist/phase6/weight-presets/deltas.d.ts +2 -2
- package/dist/phase6/weight-presets/deltas.d.ts.map +1 -1
- package/dist/phase6/weight-presets/deltas.js +27 -27
- package/dist/phase6/weight-presets/deltas.js.map +1 -1
- package/dist/phase6/weight-presets/index.d.ts +4 -4
- package/dist/phase6/weight-presets/index.js +4 -4
- package/dist/phase6/weight-presets/merger.d.ts +3 -3
- package/dist/phase6/weight-presets/merger.d.ts.map +1 -1
- package/dist/phase6/weight-presets/merger.js +40 -44
- package/dist/phase6/weight-presets/merger.js.map +1 -1
- package/dist/proof/index.d.ts +3 -3
- package/dist/proof/index.d.ts.map +1 -1
- package/dist/proof/index.js +44 -38
- package/dist/proof/index.js.map +1 -1
- package/dist/proof/merkle.d.ts +3 -3
- package/dist/proof/merkle.d.ts.map +1 -1
- package/dist/proof/merkle.js +26 -25
- package/dist/proof/merkle.js.map +1 -1
- package/dist/proof/zk-proofs.d.ts +6 -6
- package/dist/proof/zk-proofs.d.ts.map +1 -1
- package/dist/proof/zk-proofs.js +42 -43
- package/dist/proof/zk-proofs.js.map +1 -1
- package/dist/provenance/index.d.ts +3 -3
- package/dist/provenance/index.d.ts.map +1 -1
- package/dist/provenance/index.js +19 -17
- package/dist/provenance/index.js.map +1 -1
- package/dist/provenance/types.d.ts +4 -4
- package/dist/provenance/types.d.ts.map +1 -1
- package/dist/sandbox-training/challenges.d.ts +1 -1
- package/dist/sandbox-training/challenges.d.ts.map +1 -1
- package/dist/sandbox-training/challenges.js +228 -228
- package/dist/sandbox-training/challenges.js.map +1 -1
- package/dist/sandbox-training/graduation.d.ts +1 -1
- package/dist/sandbox-training/graduation.d.ts.map +1 -1
- package/dist/sandbox-training/graduation.js +14 -15
- package/dist/sandbox-training/graduation.js.map +1 -1
- package/dist/sandbox-training/index.d.ts +9 -9
- package/dist/sandbox-training/index.d.ts.map +1 -1
- package/dist/sandbox-training/index.js +6 -6
- package/dist/sandbox-training/index.js.map +1 -1
- package/dist/sandbox-training/promotion-service.d.ts +4 -4
- package/dist/sandbox-training/promotion-service.d.ts.map +1 -1
- package/dist/sandbox-training/promotion-service.js +5 -5
- package/dist/sandbox-training/promotion-service.js.map +1 -1
- package/dist/sandbox-training/runner.d.ts +1 -1
- package/dist/sandbox-training/runner.d.ts.map +1 -1
- package/dist/sandbox-training/runner.js +74 -73
- package/dist/sandbox-training/runner.js.map +1 -1
- package/dist/sandbox-training/scorer.d.ts +4 -4
- package/dist/sandbox-training/scorer.js +5 -5
- package/dist/sandbox-training/types.d.ts +4 -4
- package/dist/sandbox-training/types.d.ts.map +1 -1
- package/dist/sandbox-training/types.js +11 -7
- package/dist/sandbox-training/types.js.map +1 -1
- package/dist/trust-engine/ceiling-enforcement/audit.d.ts +1 -1
- package/dist/trust-engine/ceiling-enforcement/audit.d.ts.map +1 -1
- package/dist/trust-engine/ceiling-enforcement/audit.js +3 -4
- package/dist/trust-engine/ceiling-enforcement/audit.js.map +1 -1
- package/dist/trust-engine/ceiling-enforcement/index.d.ts +2 -2
- package/dist/trust-engine/ceiling-enforcement/index.js +2 -2
- package/dist/trust-engine/ceiling-enforcement/kernel.d.ts +1 -1
- package/dist/trust-engine/ceiling-enforcement/kernel.d.ts.map +1 -1
- package/dist/trust-engine/ceiling-enforcement/kernel.js +1 -1
- package/dist/trust-engine/context-policy/enforcement.d.ts.map +1 -1
- package/dist/trust-engine/context-policy/factory.d.ts +1 -1
- package/dist/trust-engine/context-policy/factory.d.ts.map +1 -1
- package/dist/trust-engine/context-policy/factory.js +1 -1
- package/dist/trust-engine/context-policy/factory.js.map +1 -1
- package/dist/trust-engine/context-policy/index.d.ts +2 -2
- package/dist/trust-engine/context-policy/index.js +2 -2
- package/dist/trust-engine/creation-modifiers/index.d.ts +1 -1
- package/dist/trust-engine/creation-modifiers/index.js +1 -1
- package/dist/trust-engine/creation-modifiers/types.d.ts.map +1 -1
- package/dist/trust-engine/creation-modifiers/types.js +2 -3
- package/dist/trust-engine/creation-modifiers/types.js.map +1 -1
- package/dist/trust-engine/decay-profiles.d.ts +1 -1
- package/dist/trust-engine/decay-profiles.d.ts.map +1 -1
- package/dist/trust-engine/decay-profiles.js +4 -4
- package/dist/trust-engine/decay-profiles.js.map +1 -1
- package/dist/trust-engine/index.d.ts +111 -45
- package/dist/trust-engine/index.d.ts.map +1 -1
- package/dist/trust-engine/index.js +418 -61
- package/dist/trust-engine/index.js.map +1 -1
- package/dist/trust-engine/phase6-types.d.ts +10 -10
- package/dist/trust-engine/phase6-types.d.ts.map +1 -1
- package/dist/trust-engine/phase6-types.js +25 -23
- package/dist/trust-engine/phase6-types.js.map +1 -1
- package/dist/trust-engine/types.d.ts +77 -0
- package/dist/trust-engine/types.d.ts.map +1 -0
- package/dist/trust-engine/types.js +20 -0
- package/dist/trust-engine/types.js.map +1 -0
- package/package.json +5 -4
|
@@ -0,0 +1,230 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* L2 — Character Set Sanitizer
|
|
3
|
+
*
|
|
4
|
+
* Detects and strips dangerous Unicode sequences, invisible control characters,
|
|
5
|
+
* homoglyph attacks, bi-directional override characters, and other encoding-level
|
|
6
|
+
* prompt injection vectors.
|
|
7
|
+
*
|
|
8
|
+
* Tier: input_validation
|
|
9
|
+
* Primary threat: prompt_injection
|
|
10
|
+
*
|
|
11
|
+
* @packageDocumentation
|
|
12
|
+
*/
|
|
13
|
+
import { BaseSecurityLayer, createLayerConfig } from "../index.js";
|
|
14
|
+
/**
|
|
15
|
+
* Unicode categories of dangerous characters
|
|
16
|
+
*/
|
|
17
|
+
const DANGEROUS_PATTERNS = [
|
|
18
|
+
{
|
|
19
|
+
name: "bidi_override",
|
|
20
|
+
// Bi-directional override characters (used in trojan source attacks)
|
|
21
|
+
pattern: /(?:\u200E|\u200F|\u202A|\u202B|\u202C|\u202D|\u202E|\u2066|\u2067|\u2068|\u2069)/g,
|
|
22
|
+
severity: "critical",
|
|
23
|
+
description: "Bi-directional text override characters can disguise malicious content",
|
|
24
|
+
},
|
|
25
|
+
{
|
|
26
|
+
name: "zero_width",
|
|
27
|
+
// Zero-width characters (invisible text injection)
|
|
28
|
+
pattern: /(?:\u200B|\u200C|\u200D|\uFEFF)/g,
|
|
29
|
+
severity: "high",
|
|
30
|
+
description: "Zero-width characters can hide content from human reviewers",
|
|
31
|
+
},
|
|
32
|
+
{
|
|
33
|
+
name: "control_chars",
|
|
34
|
+
// C0/C1 control characters except common whitespace (tab, newline, carriage return)
|
|
35
|
+
// eslint-disable-next-line no-control-regex
|
|
36
|
+
pattern: /[\x00-\x08\x0B\x0C\x0E-\x1F\x7F\x80-\x9F]/g,
|
|
37
|
+
severity: "high",
|
|
38
|
+
description: "Control characters can corrupt parsing or inject escape sequences",
|
|
39
|
+
},
|
|
40
|
+
{
|
|
41
|
+
name: "tag_chars",
|
|
42
|
+
// Unicode tag characters (U+E0001-U+E007F) — used to hide instructions
|
|
43
|
+
pattern: /\uDB40[\uDC01-\uDC7F]/g,
|
|
44
|
+
severity: "high",
|
|
45
|
+
description: "Unicode tag characters can embed hidden instructions",
|
|
46
|
+
},
|
|
47
|
+
{
|
|
48
|
+
name: "interlinear_annotation",
|
|
49
|
+
// Interlinear annotation characters
|
|
50
|
+
pattern: /[\uFFF9\uFFFA\uFFFB]/g,
|
|
51
|
+
severity: "medium",
|
|
52
|
+
description: "Annotation characters can inject hidden metadata",
|
|
53
|
+
},
|
|
54
|
+
{
|
|
55
|
+
name: "replacement_char",
|
|
56
|
+
// Object replacement character (can mask embedded objects)
|
|
57
|
+
pattern: /\uFFFC/g,
|
|
58
|
+
severity: "medium",
|
|
59
|
+
description: "Object replacement character may mask embedded content",
|
|
60
|
+
},
|
|
61
|
+
{
|
|
62
|
+
name: "variation_selector_abuse",
|
|
63
|
+
// Excessive variation selectors (emoji/glyph variant abuse)
|
|
64
|
+
pattern: /[\uFE00-\uFE0F]{3,}/g,
|
|
65
|
+
severity: "low",
|
|
66
|
+
description: "Excessive variation selectors suggest encoding manipulation",
|
|
67
|
+
},
|
|
68
|
+
];
|
|
69
|
+
/**
|
|
70
|
+
* Common homoglyph mappings (confusable characters → ASCII equivalent)
|
|
71
|
+
*/
|
|
72
|
+
const HOMOGLYPH_MAP = {
|
|
73
|
+
"\u0410": "A", // Cyrillic А → Latin A
|
|
74
|
+
"\u0412": "B", // Cyrillic В → Latin B
|
|
75
|
+
"\u0421": "C", // Cyrillic С → Latin C
|
|
76
|
+
"\u0415": "E", // Cyrillic Е → Latin E
|
|
77
|
+
"\u041D": "H", // Cyrillic Н → Latin H
|
|
78
|
+
"\u041A": "K", // Cyrillic К → Latin K
|
|
79
|
+
"\u041C": "M", // Cyrillic М → Latin M
|
|
80
|
+
"\u041E": "O", // Cyrillic О → Latin O
|
|
81
|
+
"\u0420": "P", // Cyrillic Р → Latin P
|
|
82
|
+
"\u0422": "T", // Cyrillic Т → Latin T
|
|
83
|
+
"\u0425": "X", // Cyrillic Х → Latin X
|
|
84
|
+
"\u0430": "a", // Cyrillic а → Latin a
|
|
85
|
+
"\u0435": "e", // Cyrillic е → Latin e
|
|
86
|
+
"\u043E": "o", // Cyrillic о → Latin o
|
|
87
|
+
"\u0440": "p", // Cyrillic р → Latin p
|
|
88
|
+
"\u0441": "c", // Cyrillic с → Latin c
|
|
89
|
+
"\u0443": "y", // Cyrillic у → Latin y
|
|
90
|
+
"\u0445": "x", // Cyrillic х → Latin x
|
|
91
|
+
"\u0456": "i", // Cyrillic і → Latin i
|
|
92
|
+
"\u0458": "j", // Cyrillic ј → Latin j
|
|
93
|
+
"\u0455": "s", // Cyrillic ѕ → Latin s
|
|
94
|
+
"\u0501": "d", // Cyrillic ԁ → Latin d
|
|
95
|
+
};
|
|
96
|
+
/**
|
|
97
|
+
* L2 Character Set Sanitizer
|
|
98
|
+
*
|
|
99
|
+
* Strips dangerous characters and detects homoglyph attacks.
|
|
100
|
+
*/
|
|
101
|
+
export class L2CharsetSanitizer extends BaseSecurityLayer {
|
|
102
|
+
constructor() {
|
|
103
|
+
super(createLayerConfig(2, "Character Set Sanitizer", {
|
|
104
|
+
description: "Detects and sanitizes dangerous Unicode sequences, invisible characters, and homoglyph attacks",
|
|
105
|
+
tier: "input_validation",
|
|
106
|
+
primaryThreat: "prompt_injection",
|
|
107
|
+
secondaryThreats: ["deceptive_output", "audit_evasion"],
|
|
108
|
+
failMode: "block",
|
|
109
|
+
required: true,
|
|
110
|
+
timeoutMs: 300,
|
|
111
|
+
parallelizable: true,
|
|
112
|
+
dependencies: [],
|
|
113
|
+
}));
|
|
114
|
+
}
|
|
115
|
+
async execute(input) {
|
|
116
|
+
const startedAt = new Date().toISOString();
|
|
117
|
+
const t0 = performance.now();
|
|
118
|
+
const findings = [];
|
|
119
|
+
const modifications = [];
|
|
120
|
+
// Walk all string values in the payload
|
|
121
|
+
this.scanObject(input.payload, "", findings, modifications);
|
|
122
|
+
const timing = this.buildTiming(startedAt, t0);
|
|
123
|
+
const hasCritical = findings.some((f) => f.severity === "critical");
|
|
124
|
+
const hasHigh = findings.some((f) => f.severity === "high");
|
|
125
|
+
const passed = !hasCritical && !hasHigh;
|
|
126
|
+
if (passed) {
|
|
127
|
+
return this.createSuccessResult("allow", 0.9, findings, modifications, timing);
|
|
128
|
+
}
|
|
129
|
+
return this.createFailureResult(hasCritical ? "deny" : "escalate", 0.85, findings, timing);
|
|
130
|
+
}
|
|
131
|
+
scanObject(obj, path, findings, modifications) {
|
|
132
|
+
if (obj === null || obj === undefined)
|
|
133
|
+
return;
|
|
134
|
+
if (typeof obj === "string") {
|
|
135
|
+
this.scanString(obj, path, findings, modifications);
|
|
136
|
+
return;
|
|
137
|
+
}
|
|
138
|
+
if (Array.isArray(obj)) {
|
|
139
|
+
for (let i = 0; i < obj.length; i++) {
|
|
140
|
+
this.scanObject(obj[i], `${path}[${i}]`, findings, modifications);
|
|
141
|
+
}
|
|
142
|
+
return;
|
|
143
|
+
}
|
|
144
|
+
if (typeof obj === "object") {
|
|
145
|
+
for (const [key, val] of Object.entries(obj)) {
|
|
146
|
+
// Also scan keys for homoglyphs
|
|
147
|
+
this.scanString(key, `${path ? path + "." : ""}(key:${key})`, findings, modifications);
|
|
148
|
+
this.scanObject(val, path ? `${path}.${key}` : key, findings, modifications);
|
|
149
|
+
}
|
|
150
|
+
}
|
|
151
|
+
}
|
|
152
|
+
scanString(value, path, findings, modifications) {
|
|
153
|
+
// 1. Check for dangerous character patterns
|
|
154
|
+
for (const { name, pattern, severity, description } of DANGEROUS_PATTERNS) {
|
|
155
|
+
// Reset regex state
|
|
156
|
+
pattern.lastIndex = 0;
|
|
157
|
+
const matches = value.match(pattern);
|
|
158
|
+
if (matches && matches.length > 0) {
|
|
159
|
+
findings.push({
|
|
160
|
+
type: "threat_detected",
|
|
161
|
+
severity,
|
|
162
|
+
code: `L2_${name.toUpperCase()}`,
|
|
163
|
+
description: `${description} at '${path}'`,
|
|
164
|
+
evidence: [
|
|
165
|
+
`Found ${matches.length} instance(s)`,
|
|
166
|
+
`Code points: ${matches
|
|
167
|
+
.slice(0, 5)
|
|
168
|
+
.map((c) => `U+${c.charCodeAt(0).toString(16).toUpperCase().padStart(4, "0")}`)
|
|
169
|
+
.join(", ")}`,
|
|
170
|
+
],
|
|
171
|
+
remediation: `Remove ${name} characters from the input`,
|
|
172
|
+
});
|
|
173
|
+
modifications.push({
|
|
174
|
+
target: path,
|
|
175
|
+
type: "sanitize",
|
|
176
|
+
originalValue: `[${matches.length} ${name} chars]`,
|
|
177
|
+
newValue: "[stripped]",
|
|
178
|
+
reason: description,
|
|
179
|
+
});
|
|
180
|
+
}
|
|
181
|
+
}
|
|
182
|
+
// 2. Check for mixed-script homoglyph attacks
|
|
183
|
+
const homoglyphs = this.detectHomoglyphs(value);
|
|
184
|
+
if (homoglyphs.length > 0) {
|
|
185
|
+
findings.push({
|
|
186
|
+
type: "threat_detected",
|
|
187
|
+
severity: "high",
|
|
188
|
+
code: "L2_HOMOGLYPH_ATTACK",
|
|
189
|
+
description: `Mixed-script homoglyph characters detected at '${path}'`,
|
|
190
|
+
evidence: homoglyphs
|
|
191
|
+
.slice(0, 10)
|
|
192
|
+
.map((h) => `'${h.char}' (U+${h.codePoint}) looks like '${h.looksLike}'`),
|
|
193
|
+
remediation: "Use consistent character scripts (do not mix Cyrillic with Latin)",
|
|
194
|
+
});
|
|
195
|
+
}
|
|
196
|
+
}
|
|
197
|
+
detectHomoglyphs(value) {
|
|
198
|
+
const results = [];
|
|
199
|
+
// Only flag if the string contains a mix of Latin and non-Latin scripts
|
|
200
|
+
const hasLatin = /[a-zA-Z]/.test(value);
|
|
201
|
+
if (!hasLatin)
|
|
202
|
+
return results;
|
|
203
|
+
for (const char of value) {
|
|
204
|
+
const mapped = HOMOGLYPH_MAP[char];
|
|
205
|
+
if (mapped) {
|
|
206
|
+
results.push({
|
|
207
|
+
char,
|
|
208
|
+
codePoint: char
|
|
209
|
+
.charCodeAt(0)
|
|
210
|
+
.toString(16)
|
|
211
|
+
.toUpperCase()
|
|
212
|
+
.padStart(4, "0"),
|
|
213
|
+
looksLike: mapped,
|
|
214
|
+
});
|
|
215
|
+
}
|
|
216
|
+
}
|
|
217
|
+
return results;
|
|
218
|
+
}
|
|
219
|
+
buildTiming(startedAt, t0) {
|
|
220
|
+
const durationMs = performance.now() - t0;
|
|
221
|
+
return {
|
|
222
|
+
startedAt,
|
|
223
|
+
completedAt: new Date().toISOString(),
|
|
224
|
+
durationMs,
|
|
225
|
+
waitTimeMs: 0,
|
|
226
|
+
processingTimeMs: durationMs,
|
|
227
|
+
};
|
|
228
|
+
}
|
|
229
|
+
}
|
|
230
|
+
//# sourceMappingURL=L2-charset-sanitizer.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"L2-charset-sanitizer.js","sourceRoot":"","sources":["../../../src/layers/implementations/L2-charset-sanitizer.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AASnE;;GAEG;AACH,MAAM,kBAAkB,GAKnB;IACH;QACE,IAAI,EAAE,eAAe;QACrB,qEAAqE;QACrE,OAAO,EACL,mFAAmF;QACrF,QAAQ,EAAE,UAAU;QACpB,WAAW,EACT,wEAAwE;KAC3E;IACD;QACE,IAAI,EAAE,YAAY;QAClB,mDAAmD;QACnD,OAAO,EAAE,kCAAkC;QAC3C,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,6DAA6D;KAC3E;IACD;QACE,IAAI,EAAE,eAAe;QACrB,oFAAoF;QACpF,4CAA4C;QAC5C,OAAO,EAAE,4CAA4C;QACrD,QAAQ,EAAE,MAAM;QAChB,WAAW,EACT,mEAAmE;KACtE;IACD;QACE,IAAI,EAAE,WAAW;QACjB,uEAAuE;QACvE,OAAO,EAAE,wBAAwB;QACjC,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,sDAAsD;KACpE;IACD;QACE,IAAI,EAAE,wBAAwB;QAC9B,oCAAoC;QACpC,OAAO,EAAE,uBAAuB;QAChC,QAAQ,EAAE,QAAQ;QAClB,WAAW,EAAE,kDAAkD;KAChE;IACD;QACE,IAAI,EAAE,kBAAkB;QACxB,2DAA2D;QAC3D,OAAO,EAAE,SAAS;QAClB,QAAQ,EAAE,QAAQ;QAClB,WAAW,EAAE,wDAAwD;KACtE;IACD;QACE,IAAI,EAAE,0BAA0B;QAChC,4DAA4D;QAC5D,OAAO,EAAE,sBAAsB;QAC/B,QAAQ,EAAE,KAAK;QACf,WAAW,EAAE,6DAA6D;KAC3E;CACF,CAAC;AAEF;;GAEG;AACH,MAAM,aAAa,GAA2B;IAC5C,QAAQ,EAAE,GAAG,EAAE,uBAAuB;IACtC,QAAQ,EAAE,GAAG,EAAE,uBAAuB;IACtC,QAAQ,EAAE,GAAG,EAAE,uBAAuB;IACtC,QAAQ,EAAE,GAAG,EAAE,uBAAuB;IACtC,QAAQ,EAAE,GAAG,EAAE,uBAAuB;IACtC,QAAQ,EAAE,GAAG,EAAE,uBAAuB;IACtC,QAAQ,EAAE,GAAG,EAAE,uBAAuB;IACtC,QAAQ,EAAE,GAAG,EAAE,uBAAuB;IACtC,QAAQ,EAAE,GAAG,EAAE,uBAAuB;IACtC,QAAQ,EAAE,GAAG,EAAE,uBAAuB;IACtC,QAAQ,EAAE,GAAG,EAAE,uBAAuB;IACtC,QAAQ,EAAE,GAAG,EAAE,uBAAuB;IACtC,QAAQ,EAAE,GAAG,EAAE,uBAAuB;IACtC,QAAQ,EAAE,GAAG,EAAE,uBAAuB;IACtC,QAAQ,EAAE,GAAG,EAAE,uBAAuB;IACtC,QAAQ,EAAE,GAAG,EAAE,uBAAuB;IACtC,QAAQ,EAAE,GAAG,EAAE,uBAAuB;IACtC,QAAQ,EAAE,GAAG,EAAE,uBAAuB;IACtC,QAAQ,EAAE,GAAG,EAAE,uBAAuB;IACtC,QAAQ,EAAE,GAAG,EAAE,uBAAuB;IACtC,QAAQ,EAAE,GAAG,EAAE,uBAAuB;IACtC,QAAQ,EAAE,GAAG,EAAE,uBAAuB;CACvC,CAAC;AAEF;;;;GAIG;AACH,MAAM,OAAO,kBAAmB,SAAQ,iBAAiB;IACvD;QACE,KAAK,CACH,iBAAiB,CAAC,CAAC,EAAE,yBAAyB,EAAE;YAC9C,WAAW,EACT,gGAAgG;YAClG,IAAI,EAAE,kBAAkB;YACxB,aAAa,EAAE,kBAAkB;YACjC,gBAAgB,EAAE,CAAC,kBAAkB,EAAE,eAAe,CAAC;YACvD,QAAQ,EAAE,OAAO;YACjB,QAAQ,EAAE,IAAI;YACd,SAAS,EAAE,GAAG;YACd,cAAc,EAAE,IAAI;YACpB,YAAY,EAAE,EAAE;SACjB,CAAC,CACH,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,KAAiB;QAC7B,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QAC3C,MAAM,EAAE,GAAG,WAAW,CAAC,GAAG,EAAE,CAAC;QAC7B,MAAM,QAAQ,GAAmB,EAAE,CAAC;QACpC,MAAM,aAAa,GAAwB,EAAE,CAAC;QAE9C,wCAAwC;QACxC,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,OAAO,EAAE,EAAE,EAAE,QAAQ,EAAE,aAAa,CAAC,CAAC;QAE5D,MAAM,MAAM,GAAG,IAAI,CAAC,WAAW,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;QAC/C,MAAM,WAAW,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC;QACpE,MAAM,OAAO,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC;QAC5D,MAAM,MAAM,GAAG,CAAC,WAAW,IAAI,CAAC,OAAO,CAAC;QAExC,IAAI,MAAM,EAAE,CAAC;YACX,OAAO,IAAI,CAAC,mBAAmB,CAC7B,OAAO,EACP,GAAG,EACH,QAAQ,EACR,aAAa,EACb,MAAM,CACP,CAAC;QACJ,CAAC;QAED,OAAO,IAAI,CAAC,mBAAmB,CAC7B,WAAW,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,UAAU,EACjC,IAAI,EACJ,QAAQ,EACR,MAAM,CACP,CAAC;IACJ,CAAC;IAEO,UAAU,CAChB,GAAY,EACZ,IAAY,EACZ,QAAwB,EACxB,aAAkC;QAElC,IAAI,GAAG,KAAK,IAAI,IAAI,GAAG,KAAK,SAAS;YAAE,OAAO;QAE9C,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;YAC5B,IAAI,CAAC,UAAU,CAAC,GAAG,EAAE,IAAI,EAAE,QAAQ,EAAE,aAAa,CAAC,CAAC;YACpD,OAAO;QACT,CAAC;QAED,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;YACvB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBACpC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,GAAG,IAAI,IAAI,CAAC,GAAG,EAAE,QAAQ,EAAE,aAAa,CAAC,CAAC;YACpE,CAAC;YACD,OAAO;QACT,CAAC;QAED,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;YAC5B,KAAK,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAA8B,CAAC,EAAE,CAAC;gBACxE,gCAAgC;gBAChC,IAAI,CAAC,UAAU,CACb,GAAG,EACH,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,GAAG,GAAG,CAAC,CAAC,CAAC,EAAE,QAAQ,GAAG,GAAG,EACvC,QAAQ,EACR,aAAa,CACd,CAAC;gBACF,IAAI,CAAC,UAAU,CACb,GAAG,EACH,IAAI,CAAC,CAAC,CAAC,GAAG,IAAI,IAAI,GAAG,EAAE,CAAC,CAAC,CAAC,GAAG,EAC7B,QAAQ,EACR,aAAa,CACd,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAEO,UAAU,CAChB,KAAa,EACb,IAAY,EACZ,QAAwB,EACxB,aAAkC;QAElC,4CAA4C;QAC5C,KAAK,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,WAAW,EAAE,IAAI,kBAAkB,EAAE,CAAC;YAC1E,oBAAoB;YACpB,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC;YACtB,MAAM,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YACrC,IAAI,OAAO,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAClC,QAAQ,CAAC,IAAI,CAAC;oBACZ,IAAI,EAAE,iBAAiB;oBACvB,QAAQ;oBACR,IAAI,EAAE,MAAM,IAAI,CAAC,WAAW,EAAE,EAAE;oBAChC,WAAW,EAAE,GAAG,WAAW,QAAQ,IAAI,GAAG;oBAC1C,QAAQ,EAAE;wBACR,SAAS,OAAO,CAAC,MAAM,cAAc;wBACrC,gBAAgB,OAAO;6BACpB,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC;6BACX,GAAG,CACF,CAAC,CAAC,EAAE,EAAE,CACJ,KAAK,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CACrE;6BACA,IAAI,CAAC,IAAI,CAAC,EAAE;qBAChB;oBACD,WAAW,EAAE,UAAU,IAAI,4BAA4B;iBACxD,CAAC,CAAC;gBAEH,aAAa,CAAC,IAAI,CAAC;oBACjB,MAAM,EAAE,IAAI;oBACZ,IAAI,EAAE,UAAU;oBAChB,aAAa,EAAE,IAAI,OAAO,CAAC,MAAM,IAAI,IAAI,SAAS;oBAClD,QAAQ,EAAE,YAAY;oBACtB,MAAM,EAAE,WAAW;iBACpB,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,8CAA8C;QAC9C,MAAM,UAAU,GAAG,IAAI,CAAC,gBAAgB,CAAC,KAAK,CAAC,CAAC;QAChD,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC1B,QAAQ,CAAC,IAAI,CAAC;gBACZ,IAAI,EAAE,iBAAiB;gBACvB,QAAQ,EAAE,MAAM;gBAChB,IAAI,EAAE,qBAAqB;gBAC3B,WAAW,EAAE,kDAAkD,IAAI,GAAG;gBACtE,QAAQ,EAAE,UAAU;qBACjB,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;qBACZ,GAAG,CACF,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,IAAI,QAAQ,CAAC,CAAC,SAAS,iBAAiB,CAAC,CAAC,SAAS,GAAG,CACpE;gBACH,WAAW,EACT,mEAAmE;aACtE,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAEO,gBAAgB,CACtB,KAAa;QAEb,MAAM,OAAO,GAIR,EAAE,CAAC;QAER,wEAAwE;QACxE,MAAM,QAAQ,GAAG,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACxC,IAAI,CAAC,QAAQ;YAAE,OAAO,OAAO,CAAC;QAE9B,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,MAAM,MAAM,GAAG,aAAa,CAAC,IAAI,CAAC,CAAC;YACnC,IAAI,MAAM,EAAE,CAAC;gBACX,OAAO,CAAC,IAAI,CAAC;oBACX,IAAI;oBACJ,SAAS,EAAE,IAAI;yBACZ,UAAU,CAAC,CAAC,CAAC;yBACb,QAAQ,CAAC,EAAE,CAAC;yBACZ,WAAW,EAAE;yBACb,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC;oBACnB,SAAS,EAAE,MAAM;iBAClB,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;IAEO,WAAW,CAAC,SAAiB,EAAE,EAAU;QAC/C,MAAM,UAAU,GAAG,WAAW,CAAC,GAAG,EAAE,GAAG,EAAE,CAAC;QAC1C,OAAO;YACL,SAAS;YACT,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACrC,UAAU;YACV,UAAU,EAAE,CAAC;YACb,gBAAgB,EAAE,UAAU;SAC7B,CAAC;IACJ,CAAC;CACF"}
|
|
@@ -0,0 +1,47 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* L3 — Schema Conformance Validator
|
|
3
|
+
*
|
|
4
|
+
* Validates that payload content conforms to expected action schemas.
|
|
5
|
+
* Rejects payloads with unknown actions, invalid field types, and
|
|
6
|
+
* structurally non-conforming data.
|
|
7
|
+
*
|
|
8
|
+
* Tier: input_validation
|
|
9
|
+
* Primary threat: unauthorized_action
|
|
10
|
+
*
|
|
11
|
+
* @packageDocumentation
|
|
12
|
+
*/
|
|
13
|
+
import { BaseSecurityLayer } from "../index.js";
|
|
14
|
+
import type { LayerInput, LayerExecutionResult } from "../types.js";
|
|
15
|
+
/**
|
|
16
|
+
* Schema definition for a known action
|
|
17
|
+
*/
|
|
18
|
+
export interface ActionSchema {
|
|
19
|
+
/** Action name */
|
|
20
|
+
action: string;
|
|
21
|
+
/** Required fields with their expected types */
|
|
22
|
+
required: Record<string, FieldType>;
|
|
23
|
+
/** Optional fields with their expected types */
|
|
24
|
+
optional?: Record<string, FieldType>;
|
|
25
|
+
/** Maximum number of extra fields allowed beyond defined ones */
|
|
26
|
+
maxExtraFields?: number;
|
|
27
|
+
}
|
|
28
|
+
type FieldType = "string" | "number" | "boolean" | "object" | "array" | "string[]" | "number[]";
|
|
29
|
+
/**
|
|
30
|
+
* L3 Schema Conformance Validator
|
|
31
|
+
*
|
|
32
|
+
* Validates payloads against known action schemas.
|
|
33
|
+
*/
|
|
34
|
+
export declare class L3SchemaConformance extends BaseSecurityLayer {
|
|
35
|
+
private schemas;
|
|
36
|
+
constructor(additionalSchemas?: ActionSchema[]);
|
|
37
|
+
/**
|
|
38
|
+
* Register an additional action schema at runtime
|
|
39
|
+
*/
|
|
40
|
+
registerSchema(schema: ActionSchema): void;
|
|
41
|
+
execute(input: LayerInput): Promise<LayerExecutionResult>;
|
|
42
|
+
private checkType;
|
|
43
|
+
private typeError;
|
|
44
|
+
private buildTiming;
|
|
45
|
+
}
|
|
46
|
+
export {};
|
|
47
|
+
//# sourceMappingURL=L3-schema-conformance.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"L3-schema-conformance.d.ts","sourceRoot":"","sources":["../../../src/layers/implementations/L3-schema-conformance.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EAAE,iBAAiB,EAAqB,MAAM,aAAa,CAAC;AACnE,OAAO,KAAK,EACV,UAAU,EACV,oBAAoB,EAGrB,MAAM,aAAa,CAAC;AAErB;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,kBAAkB;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,gDAAgD;IAChD,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;IACpC,gDAAgD;IAChD,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;IACrC,iEAAiE;IACjE,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB;AAED,KAAK,SAAS,GACV,QAAQ,GACR,QAAQ,GACR,SAAS,GACT,QAAQ,GACR,OAAO,GACP,UAAU,GACV,UAAU,CAAC;AAiDf;;;;GAIG;AACH,qBAAa,mBAAoB,SAAQ,iBAAiB;IACxD,OAAO,CAAC,OAAO,CAA4B;gBAE/B,iBAAiB,CAAC,EAAE,YAAY,EAAE;IA2B9C;;OAEG;IACH,cAAc,CAAC,MAAM,EAAE,YAAY,GAAG,IAAI;IAIpC,OAAO,CAAC,KAAK,EAAE,UAAU,GAAG,OAAO,CAAC,oBAAoB,CAAC;IAmI/D,OAAO,CAAC,SAAS;IA+DjB,OAAO,CAAC,SAAS;IAejB,OAAO,CAAC,WAAW;CAUpB"}
|
|
@@ -0,0 +1,267 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* L3 — Schema Conformance Validator
|
|
3
|
+
*
|
|
4
|
+
* Validates that payload content conforms to expected action schemas.
|
|
5
|
+
* Rejects payloads with unknown actions, invalid field types, and
|
|
6
|
+
* structurally non-conforming data.
|
|
7
|
+
*
|
|
8
|
+
* Tier: input_validation
|
|
9
|
+
* Primary threat: unauthorized_action
|
|
10
|
+
*
|
|
11
|
+
* @packageDocumentation
|
|
12
|
+
*/
|
|
13
|
+
import { BaseSecurityLayer, createLayerConfig } from "../index.js";
|
|
14
|
+
/**
|
|
15
|
+
* Built-in action schemas for the ATSF governance pipeline
|
|
16
|
+
*/
|
|
17
|
+
const KNOWN_ACTION_SCHEMAS = [
|
|
18
|
+
{
|
|
19
|
+
action: "query",
|
|
20
|
+
required: { content: "string" },
|
|
21
|
+
optional: {
|
|
22
|
+
context: "object",
|
|
23
|
+
model: "string",
|
|
24
|
+
temperature: "number",
|
|
25
|
+
maxTokens: "number",
|
|
26
|
+
},
|
|
27
|
+
maxExtraFields: 10,
|
|
28
|
+
},
|
|
29
|
+
{
|
|
30
|
+
action: "execute",
|
|
31
|
+
required: { content: "string", target: "string" },
|
|
32
|
+
optional: { args: "object", timeout: "number", dryRun: "boolean" },
|
|
33
|
+
maxExtraFields: 5,
|
|
34
|
+
},
|
|
35
|
+
{
|
|
36
|
+
action: "read",
|
|
37
|
+
required: { content: "string", resource: "string" },
|
|
38
|
+
optional: { format: "string", limit: "number", offset: "number" },
|
|
39
|
+
maxExtraFields: 5,
|
|
40
|
+
},
|
|
41
|
+
{
|
|
42
|
+
action: "write",
|
|
43
|
+
required: { content: "string", resource: "string", data: "object" },
|
|
44
|
+
optional: { overwrite: "boolean", format: "string" },
|
|
45
|
+
maxExtraFields: 5,
|
|
46
|
+
},
|
|
47
|
+
{
|
|
48
|
+
action: "delete",
|
|
49
|
+
required: { content: "string", resource: "string" },
|
|
50
|
+
optional: { recursive: "boolean", force: "boolean" },
|
|
51
|
+
maxExtraFields: 3,
|
|
52
|
+
},
|
|
53
|
+
{
|
|
54
|
+
action: "communicate",
|
|
55
|
+
required: { content: "string", recipient: "string" },
|
|
56
|
+
optional: { channel: "string", priority: "string", metadata: "object" },
|
|
57
|
+
maxExtraFields: 5,
|
|
58
|
+
},
|
|
59
|
+
];
|
|
60
|
+
/**
|
|
61
|
+
* L3 Schema Conformance Validator
|
|
62
|
+
*
|
|
63
|
+
* Validates payloads against known action schemas.
|
|
64
|
+
*/
|
|
65
|
+
export class L3SchemaConformance extends BaseSecurityLayer {
|
|
66
|
+
schemas;
|
|
67
|
+
constructor(additionalSchemas) {
|
|
68
|
+
super(createLayerConfig(3, "Schema Conformance", {
|
|
69
|
+
description: "Validates payload action and fields against known schemas",
|
|
70
|
+
tier: "input_validation",
|
|
71
|
+
primaryThreat: "unauthorized_action",
|
|
72
|
+
secondaryThreats: ["capability_abuse", "prompt_injection"],
|
|
73
|
+
failMode: "block",
|
|
74
|
+
required: true,
|
|
75
|
+
timeoutMs: 200,
|
|
76
|
+
parallelizable: true,
|
|
77
|
+
dependencies: [0], // Depends on L0 passing first
|
|
78
|
+
}));
|
|
79
|
+
this.schemas = new Map();
|
|
80
|
+
for (const schema of KNOWN_ACTION_SCHEMAS) {
|
|
81
|
+
this.schemas.set(schema.action, schema);
|
|
82
|
+
}
|
|
83
|
+
if (additionalSchemas) {
|
|
84
|
+
for (const schema of additionalSchemas) {
|
|
85
|
+
this.schemas.set(schema.action, schema);
|
|
86
|
+
}
|
|
87
|
+
}
|
|
88
|
+
}
|
|
89
|
+
/**
|
|
90
|
+
* Register an additional action schema at runtime
|
|
91
|
+
*/
|
|
92
|
+
registerSchema(schema) {
|
|
93
|
+
this.schemas.set(schema.action, schema);
|
|
94
|
+
}
|
|
95
|
+
async execute(input) {
|
|
96
|
+
const startedAt = new Date().toISOString();
|
|
97
|
+
const t0 = performance.now();
|
|
98
|
+
const findings = [];
|
|
99
|
+
const payload = input.payload;
|
|
100
|
+
// 1. Check that action field exists
|
|
101
|
+
const action = payload["action"];
|
|
102
|
+
if (action === undefined || action === null) {
|
|
103
|
+
findings.push({
|
|
104
|
+
type: "threat_detected",
|
|
105
|
+
severity: "high",
|
|
106
|
+
code: "L3_MISSING_ACTION",
|
|
107
|
+
description: 'Payload has no "action" field — cannot determine request type',
|
|
108
|
+
evidence: ["payload.action is undefined"],
|
|
109
|
+
remediation: 'Include an "action" field in the payload (e.g., "query", "execute", "read")',
|
|
110
|
+
});
|
|
111
|
+
const timing = this.buildTiming(startedAt, t0);
|
|
112
|
+
return this.createFailureResult("deny", 0.9, findings, timing);
|
|
113
|
+
}
|
|
114
|
+
if (typeof action !== "string") {
|
|
115
|
+
findings.push({
|
|
116
|
+
type: "threat_detected",
|
|
117
|
+
severity: "high",
|
|
118
|
+
code: "L3_INVALID_ACTION_TYPE",
|
|
119
|
+
description: `Action field must be a string, got ${typeof action}`,
|
|
120
|
+
evidence: [`typeof action = ${typeof action}`],
|
|
121
|
+
remediation: "Provide action as a string value",
|
|
122
|
+
});
|
|
123
|
+
const timing = this.buildTiming(startedAt, t0);
|
|
124
|
+
return this.createFailureResult("deny", 0.9, findings, timing);
|
|
125
|
+
}
|
|
126
|
+
// 2. Look up schema for this action
|
|
127
|
+
const schema = this.schemas.get(action);
|
|
128
|
+
if (!schema) {
|
|
129
|
+
findings.push({
|
|
130
|
+
type: "threat_detected",
|
|
131
|
+
severity: "medium",
|
|
132
|
+
code: "L3_UNKNOWN_ACTION",
|
|
133
|
+
description: `Unknown action '${action}' — not in registered schemas`,
|
|
134
|
+
evidence: [
|
|
135
|
+
`action=${action}`,
|
|
136
|
+
`known actions: ${Array.from(this.schemas.keys()).join(", ")}`,
|
|
137
|
+
],
|
|
138
|
+
remediation: `Use a known action: ${Array.from(this.schemas.keys()).join(", ")}`,
|
|
139
|
+
});
|
|
140
|
+
const timing = this.buildTiming(startedAt, t0);
|
|
141
|
+
// Unknown actions are escalated, not denied — allows extension
|
|
142
|
+
return this.createFailureResult("escalate", 0.7, findings, timing);
|
|
143
|
+
}
|
|
144
|
+
// 3. Check required fields
|
|
145
|
+
for (const [field, expectedType] of Object.entries(schema.required)) {
|
|
146
|
+
const value = payload[field];
|
|
147
|
+
if (value === undefined || value === null) {
|
|
148
|
+
findings.push({
|
|
149
|
+
type: "threat_detected",
|
|
150
|
+
severity: "high",
|
|
151
|
+
code: "L3_MISSING_REQUIRED_FIELD",
|
|
152
|
+
description: `Required field '${field}' missing for action '${action}'`,
|
|
153
|
+
evidence: [`field=${field}, action=${action}`],
|
|
154
|
+
remediation: `Include required field '${field}' (type: ${expectedType})`,
|
|
155
|
+
});
|
|
156
|
+
continue;
|
|
157
|
+
}
|
|
158
|
+
// Type check
|
|
159
|
+
const typeError = this.checkType(value, expectedType, field);
|
|
160
|
+
if (typeError) {
|
|
161
|
+
findings.push(typeError);
|
|
162
|
+
}
|
|
163
|
+
}
|
|
164
|
+
// 4. Check optional fields (if present, must match type)
|
|
165
|
+
if (schema.optional) {
|
|
166
|
+
for (const [field, expectedType] of Object.entries(schema.optional)) {
|
|
167
|
+
const value = payload[field];
|
|
168
|
+
if (value === undefined || value === null)
|
|
169
|
+
continue;
|
|
170
|
+
const typeError = this.checkType(value, expectedType, field);
|
|
171
|
+
if (typeError) {
|
|
172
|
+
findings.push(typeError);
|
|
173
|
+
}
|
|
174
|
+
}
|
|
175
|
+
}
|
|
176
|
+
// 5. Check for unexpected extra fields
|
|
177
|
+
const allKnownFields = new Set([
|
|
178
|
+
"action",
|
|
179
|
+
...Object.keys(schema.required),
|
|
180
|
+
...Object.keys(schema.optional ?? {}),
|
|
181
|
+
]);
|
|
182
|
+
const extraFields = Object.keys(payload).filter((k) => !allKnownFields.has(k));
|
|
183
|
+
const maxExtra = schema.maxExtraFields ?? 10;
|
|
184
|
+
if (extraFields.length > maxExtra) {
|
|
185
|
+
findings.push({
|
|
186
|
+
type: "warning",
|
|
187
|
+
severity: "medium",
|
|
188
|
+
code: "L3_EXCESS_EXTRA_FIELDS",
|
|
189
|
+
description: `${extraFields.length} extra fields exceed maximum ${maxExtra} for action '${action}'`,
|
|
190
|
+
evidence: [
|
|
191
|
+
`extra fields: ${extraFields.slice(0, 10).join(", ")}${extraFields.length > 10 ? "..." : ""}`,
|
|
192
|
+
],
|
|
193
|
+
remediation: `Reduce extra fields to at most ${maxExtra}`,
|
|
194
|
+
});
|
|
195
|
+
}
|
|
196
|
+
const timing = this.buildTiming(startedAt, t0);
|
|
197
|
+
const hasHigh = findings.some((f) => f.severity === "high" || f.severity === "critical");
|
|
198
|
+
const passed = !hasHigh;
|
|
199
|
+
if (passed) {
|
|
200
|
+
return this.createSuccessResult("allow", 0.9, findings, [], timing);
|
|
201
|
+
}
|
|
202
|
+
return this.createFailureResult("deny", 0.85, findings, timing);
|
|
203
|
+
}
|
|
204
|
+
checkType(value, expectedType, field) {
|
|
205
|
+
switch (expectedType) {
|
|
206
|
+
case "string":
|
|
207
|
+
if (typeof value !== "string") {
|
|
208
|
+
return this.typeError(field, expectedType, typeof value);
|
|
209
|
+
}
|
|
210
|
+
break;
|
|
211
|
+
case "number":
|
|
212
|
+
if (typeof value !== "number" || !Number.isFinite(value)) {
|
|
213
|
+
return this.typeError(field, expectedType, typeof value);
|
|
214
|
+
}
|
|
215
|
+
break;
|
|
216
|
+
case "boolean":
|
|
217
|
+
if (typeof value !== "boolean") {
|
|
218
|
+
return this.typeError(field, expectedType, typeof value);
|
|
219
|
+
}
|
|
220
|
+
break;
|
|
221
|
+
case "object":
|
|
222
|
+
if (typeof value !== "object" || Array.isArray(value)) {
|
|
223
|
+
return this.typeError(field, expectedType, Array.isArray(value) ? "array" : typeof value);
|
|
224
|
+
}
|
|
225
|
+
break;
|
|
226
|
+
case "array":
|
|
227
|
+
if (!Array.isArray(value)) {
|
|
228
|
+
return this.typeError(field, expectedType, typeof value);
|
|
229
|
+
}
|
|
230
|
+
break;
|
|
231
|
+
case "string[]":
|
|
232
|
+
if (!Array.isArray(value) ||
|
|
233
|
+
!value.every((v) => typeof v === "string")) {
|
|
234
|
+
return this.typeError(field, expectedType, Array.isArray(value) ? "mixed array" : typeof value);
|
|
235
|
+
}
|
|
236
|
+
break;
|
|
237
|
+
case "number[]":
|
|
238
|
+
if (!Array.isArray(value) ||
|
|
239
|
+
!value.every((v) => typeof v === "number")) {
|
|
240
|
+
return this.typeError(field, expectedType, Array.isArray(value) ? "mixed array" : typeof value);
|
|
241
|
+
}
|
|
242
|
+
break;
|
|
243
|
+
}
|
|
244
|
+
return null;
|
|
245
|
+
}
|
|
246
|
+
typeError(field, expected, actual) {
|
|
247
|
+
return {
|
|
248
|
+
type: "threat_detected",
|
|
249
|
+
severity: "high",
|
|
250
|
+
code: "L3_TYPE_MISMATCH",
|
|
251
|
+
description: `Field '${field}' expected type '${expected}', got '${actual}'`,
|
|
252
|
+
evidence: [`field=${field}, expected=${expected}, actual=${actual}`],
|
|
253
|
+
remediation: `Provide '${field}' as type '${expected}'`,
|
|
254
|
+
};
|
|
255
|
+
}
|
|
256
|
+
buildTiming(startedAt, t0) {
|
|
257
|
+
const durationMs = performance.now() - t0;
|
|
258
|
+
return {
|
|
259
|
+
startedAt,
|
|
260
|
+
completedAt: new Date().toISOString(),
|
|
261
|
+
durationMs,
|
|
262
|
+
waitTimeMs: 0,
|
|
263
|
+
processingTimeMs: durationMs,
|
|
264
|
+
};
|
|
265
|
+
}
|
|
266
|
+
}
|
|
267
|
+
//# sourceMappingURL=L3-schema-conformance.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"L3-schema-conformance.js","sourceRoot":"","sources":["../../../src/layers/implementations/L3-schema-conformance.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AA+BnE;;GAEG;AACH,MAAM,oBAAoB,GAAmB;IAC3C;QACE,MAAM,EAAE,OAAO;QACf,QAAQ,EAAE,EAAE,OAAO,EAAE,QAAQ,EAAE;QAC/B,QAAQ,EAAE;YACR,OAAO,EAAE,QAAQ;YACjB,KAAK,EAAE,QAAQ;YACf,WAAW,EAAE,QAAQ;YACrB,SAAS,EAAE,QAAQ;SACpB;QACD,cAAc,EAAE,EAAE;KACnB;IACD;QACE,MAAM,EAAE,SAAS;QACjB,QAAQ,EAAE,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE;QACjD,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,SAAS,EAAE;QAClE,cAAc,EAAE,CAAC;KAClB;IACD;QACE,MAAM,EAAE,MAAM;QACd,QAAQ,EAAE,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,QAAQ,EAAE;QACnD,QAAQ,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE;QACjE,cAAc,EAAE,CAAC;KAClB;IACD;QACE,MAAM,EAAE,OAAO;QACf,QAAQ,EAAE,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,QAAQ,EAAE;QACnE,QAAQ,EAAE,EAAE,SAAS,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE;QACpD,cAAc,EAAE,CAAC;KAClB;IACD;QACE,MAAM,EAAE,QAAQ;QAChB,QAAQ,EAAE,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,QAAQ,EAAE;QACnD,QAAQ,EAAE,EAAE,SAAS,EAAE,SAAS,EAAE,KAAK,EAAE,SAAS,EAAE;QACpD,cAAc,EAAE,CAAC;KAClB;IACD;QACE,MAAM,EAAE,aAAa;QACrB,QAAQ,EAAE,EAAE,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,EAAE;QACpD,QAAQ,EAAE,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,QAAQ,EAAE,QAAQ,EAAE,QAAQ,EAAE;QACvE,cAAc,EAAE,CAAC;KAClB;CACF,CAAC;AAEF;;;;GAIG;AACH,MAAM,OAAO,mBAAoB,SAAQ,iBAAiB;IAChD,OAAO,CAA4B;IAE3C,YAAY,iBAAkC;QAC5C,KAAK,CACH,iBAAiB,CAAC,CAAC,EAAE,oBAAoB,EAAE;YACzC,WAAW,EACT,2DAA2D;YAC7D,IAAI,EAAE,kBAAkB;YACxB,aAAa,EAAE,qBAAqB;YACpC,gBAAgB,EAAE,CAAC,kBAAkB,EAAE,kBAAkB,CAAC;YAC1D,QAAQ,EAAE,OAAO;YACjB,QAAQ,EAAE,IAAI;YACd,SAAS,EAAE,GAAG;YACd,cAAc,EAAE,IAAI;YACpB,YAAY,EAAE,CAAC,CAAC,CAAC,EAAE,8BAA8B;SAClD,CAAC,CACH,CAAC;QAEF,IAAI,CAAC,OAAO,GAAG,IAAI,GAAG,EAAE,CAAC;QACzB,KAAK,MAAM,MAAM,IAAI,oBAAoB,EAAE,CAAC;YAC1C,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QAC1C,CAAC;QACD,IAAI,iBAAiB,EAAE,CAAC;YACtB,KAAK,MAAM,MAAM,IAAI,iBAAiB,EAAE,CAAC;gBACvC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;YAC1C,CAAC;QACH,CAAC;IACH,CAAC;IAED;;OAEG;IACH,cAAc,CAAC,MAAoB;QACjC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC1C,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,KAAiB;QAC7B,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QAC3C,MAAM,EAAE,GAAG,WAAW,CAAC,GAAG,EAAE,CAAC;QAC7B,MAAM,QAAQ,GAAmB,EAAE,CAAC;QAEpC,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC;QAE9B,oCAAoC;QACpC,MAAM,MAAM,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;QACjC,IAAI,MAAM,KAAK,SAAS,IAAI,MAAM,KAAK,IAAI,EAAE,CAAC;YAC5C,QAAQ,CAAC,IAAI,CAAC;gBACZ,IAAI,EAAE,iBAAiB;gBACvB,QAAQ,EAAE,MAAM;gBAChB,IAAI,EAAE,mBAAmB;gBACzB,WAAW,EACT,+DAA+D;gBACjE,QAAQ,EAAE,CAAC,6BAA6B,CAAC;gBACzC,WAAW,EACT,6EAA6E;aAChF,CAAC,CAAC;YAEH,MAAM,MAAM,GAAG,IAAI,CAAC,WAAW,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;YAC/C,OAAO,IAAI,CAAC,mBAAmB,CAAC,MAAM,EAAE,GAAG,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC;QACjE,CAAC;QAED,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;YAC/B,QAAQ,CAAC,IAAI,CAAC;gBACZ,IAAI,EAAE,iBAAiB;gBACvB,QAAQ,EAAE,MAAM;gBAChB,IAAI,EAAE,wBAAwB;gBAC9B,WAAW,EAAE,sCAAsC,OAAO,MAAM,EAAE;gBAClE,QAAQ,EAAE,CAAC,mBAAmB,OAAO,MAAM,EAAE,CAAC;gBAC9C,WAAW,EAAE,kCAAkC;aAChD,CAAC,CAAC;YAEH,MAAM,MAAM,GAAG,IAAI,CAAC,WAAW,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;YAC/C,OAAO,IAAI,CAAC,mBAAmB,CAAC,MAAM,EAAE,GAAG,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC;QACjE,CAAC;QAED,oCAAoC;QACpC,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACxC,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,QAAQ,CAAC,IAAI,CAAC;gBACZ,IAAI,EAAE,iBAAiB;gBACvB,QAAQ,EAAE,QAAQ;gBAClB,IAAI,EAAE,mBAAmB;gBACzB,WAAW,EAAE,mBAAmB,MAAM,+BAA+B;gBACrE,QAAQ,EAAE;oBACR,UAAU,MAAM,EAAE;oBAClB,kBAAkB,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;iBAC/D;gBACD,WAAW,EAAE,uBAAuB,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;aACjF,CAAC,CAAC;YAEH,MAAM,MAAM,GAAG,IAAI,CAAC,WAAW,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;YAC/C,+DAA+D;YAC/D,OAAO,IAAI,CAAC,mBAAmB,CAAC,UAAU,EAAE,GAAG,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC;QACrE,CAAC;QAED,2BAA2B;QAC3B,KAAK,MAAM,CAAC,KAAK,EAAE,YAAY,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC;YACpE,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC;YAC7B,IAAI,KAAK,KAAK,SAAS,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;gBAC1C,QAAQ,CAAC,IAAI,CAAC;oBACZ,IAAI,EAAE,iBAAiB;oBACvB,QAAQ,EAAE,MAAM;oBAChB,IAAI,EAAE,2BAA2B;oBACjC,WAAW,EAAE,mBAAmB,KAAK,yBAAyB,MAAM,GAAG;oBACvE,QAAQ,EAAE,CAAC,SAAS,KAAK,YAAY,MAAM,EAAE,CAAC;oBAC9C,WAAW,EAAE,2BAA2B,KAAK,YAAY,YAAY,GAAG;iBACzE,CAAC,CAAC;gBACH,SAAS;YACX,CAAC;YAED,aAAa;YACb,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,YAAY,EAAE,KAAK,CAAC,CAAC;YAC7D,IAAI,SAAS,EAAE,CAAC;gBACd,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YAC3B,CAAC;QACH,CAAC;QAED,yDAAyD;QACzD,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;YACpB,KAAK,MAAM,CAAC,KAAK,EAAE,YAAY,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC;gBACpE,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC;gBAC7B,IAAI,KAAK,KAAK,SAAS,IAAI,KAAK,KAAK,IAAI;oBAAE,SAAS;gBAEpD,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,YAAY,EAAE,KAAK,CAAC,CAAC;gBAC7D,IAAI,SAAS,EAAE,CAAC;oBACd,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;gBAC3B,CAAC;YACH,CAAC;QACH,CAAC;QAED,uCAAuC;QACvC,MAAM,cAAc,GAAG,IAAI,GAAG,CAAC;YAC7B,QAAQ;YACR,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC;YAC/B,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,IAAI,EAAE,CAAC;SACtC,CAAC,CAAC;QACH,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,MAAM,CAC7C,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,CAC9B,CAAC;QACF,MAAM,QAAQ,GAAG,MAAM,CAAC,cAAc,IAAI,EAAE,CAAC;QAE7C,IAAI,WAAW,CAAC,MAAM,GAAG,QAAQ,EAAE,CAAC;YAClC,QAAQ,CAAC,IAAI,CAAC;gBACZ,IAAI,EAAE,SAAS;gBACf,QAAQ,EAAE,QAAQ;gBAClB,IAAI,EAAE,wBAAwB;gBAC9B,WAAW,EAAE,GAAG,WAAW,CAAC,MAAM,gCAAgC,QAAQ,gBAAgB,MAAM,GAAG;gBACnG,QAAQ,EAAE;oBACR,iBAAiB,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,WAAW,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE;iBAC9F;gBACD,WAAW,EAAE,kCAAkC,QAAQ,EAAE;aAC1D,CAAC,CAAC;QACL,CAAC;QAED,MAAM,MAAM,GAAG,IAAI,CAAC,WAAW,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;QAC/C,MAAM,OAAO,GAAG,QAAQ,CAAC,IAAI,CAC3B,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,IAAI,CAAC,CAAC,QAAQ,KAAK,UAAU,CAC1D,CAAC;QACF,MAAM,MAAM,GAAG,CAAC,OAAO,CAAC;QAExB,IAAI,MAAM,EAAE,CAAC;YACX,OAAO,IAAI,CAAC,mBAAmB,CAAC,OAAO,EAAE,GAAG,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,CAAC,CAAC;QACtE,CAAC;QAED,OAAO,IAAI,CAAC,mBAAmB,CAAC,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC;IAClE,CAAC;IAEO,SAAS,CACf,KAAc,EACd,YAAuB,EACvB,KAAa;QAEb,QAAQ,YAAY,EAAE,CAAC;YACrB,KAAK,QAAQ;gBACX,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;oBAC9B,OAAO,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,YAAY,EAAE,OAAO,KAAK,CAAC,CAAC;gBAC3D,CAAC;gBACD,MAAM;YACR,KAAK,QAAQ;gBACX,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;oBACzD,OAAO,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,YAAY,EAAE,OAAO,KAAK,CAAC,CAAC;gBAC3D,CAAC;gBACD,MAAM;YACR,KAAK,SAAS;gBACZ,IAAI,OAAO,KAAK,KAAK,SAAS,EAAE,CAAC;oBAC/B,OAAO,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,YAAY,EAAE,OAAO,KAAK,CAAC,CAAC;gBAC3D,CAAC;gBACD,MAAM;YACR,KAAK,QAAQ;gBACX,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;oBACtD,OAAO,IAAI,CAAC,SAAS,CACnB,KAAK,EACL,YAAY,EACZ,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,KAAK,CAC9C,CAAC;gBACJ,CAAC;gBACD,MAAM;YACR,KAAK,OAAO;gBACV,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;oBAC1B,OAAO,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,YAAY,EAAE,OAAO,KAAK,CAAC,CAAC;gBAC3D,CAAC;gBACD,MAAM;YACR,KAAK,UAAU;gBACb,IACE,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC;oBACrB,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC,EAC1C,CAAC;oBACD,OAAO,IAAI,CAAC,SAAS,CACnB,KAAK,EACL,YAAY,EACZ,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,OAAO,KAAK,CACpD,CAAC;gBACJ,CAAC;gBACD,MAAM;YACR,KAAK,UAAU;gBACb,IACE,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC;oBACrB,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC,EAC1C,CAAC;oBACD,OAAO,IAAI,CAAC,SAAS,CACnB,KAAK,EACL,YAAY,EACZ,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,OAAO,KAAK,CACpD,CAAC;gBACJ,CAAC;gBACD,MAAM;QACV,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAEO,SAAS,CACf,KAAa,EACb,QAAgB,EAChB,MAAc;QAEd,OAAO;YACL,IAAI,EAAE,iBAAiB;YACvB,QAAQ,EAAE,MAAM;YAChB,IAAI,EAAE,kBAAkB;YACxB,WAAW,EAAE,UAAU,KAAK,oBAAoB,QAAQ,WAAW,MAAM,GAAG;YAC5E,QAAQ,EAAE,CAAC,SAAS,KAAK,cAAc,QAAQ,YAAY,MAAM,EAAE,CAAC;YACpE,WAAW,EAAE,YAAY,KAAK,cAAc,QAAQ,GAAG;SACxD,CAAC;IACJ,CAAC;IAEO,WAAW,CAAC,SAAiB,EAAE,EAAU;QAC/C,MAAM,UAAU,GAAG,WAAW,CAAC,GAAG,EAAE,GAAG,EAAE,CAAC;QAC1C,OAAO;YACL,SAAS;YACT,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACrC,UAAU;YACV,UAAU,EAAE,CAAC;YACb,gBAAgB,EAAE,UAAU;SAC7B,CAAC;IACJ,CAAC;CACF"}
|
|
@@ -0,0 +1,47 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* L4 — Injection Pattern Detector
|
|
3
|
+
*
|
|
4
|
+
* Detects prompt injection, jailbreak attempts, and instruction override
|
|
5
|
+
* patterns in request content. Uses a multi-strategy approach combining
|
|
6
|
+
* keyword matching, structural analysis, and semantic heuristics.
|
|
7
|
+
*
|
|
8
|
+
* Tier: input_validation
|
|
9
|
+
* Primary threat: prompt_injection
|
|
10
|
+
*
|
|
11
|
+
* @packageDocumentation
|
|
12
|
+
*/
|
|
13
|
+
import { BaseSecurityLayer } from "../index.js";
|
|
14
|
+
import type { LayerInput, LayerExecutionResult } from "../types.js";
|
|
15
|
+
/**
|
|
16
|
+
* Injection pattern definition
|
|
17
|
+
*/
|
|
18
|
+
interface InjectionPattern {
|
|
19
|
+
name: string;
|
|
20
|
+
pattern: RegExp;
|
|
21
|
+
severity: "medium" | "high" | "critical";
|
|
22
|
+
category: "instruction_override" | "role_hijack" | "context_escape" | "encoding_attack" | "social_engineering";
|
|
23
|
+
description: string;
|
|
24
|
+
}
|
|
25
|
+
/**
|
|
26
|
+
* L4 Injection Pattern Detector
|
|
27
|
+
*
|
|
28
|
+
* Multi-strategy prompt injection detection.
|
|
29
|
+
*/
|
|
30
|
+
export declare class L4InjectionDetector extends BaseSecurityLayer {
|
|
31
|
+
private patterns;
|
|
32
|
+
constructor(additionalPatterns?: InjectionPattern[]);
|
|
33
|
+
execute(input: LayerInput): Promise<LayerExecutionResult>;
|
|
34
|
+
/**
|
|
35
|
+
* Extract all string values from an object, with their paths.
|
|
36
|
+
*/
|
|
37
|
+
private extractStrings;
|
|
38
|
+
/**
|
|
39
|
+
* Measure what fraction of words in the text are imperative/instruction-like.
|
|
40
|
+
* Returns 0-1 density.
|
|
41
|
+
*/
|
|
42
|
+
private measureInstructionDensity;
|
|
43
|
+
private truncate;
|
|
44
|
+
private buildTiming;
|
|
45
|
+
}
|
|
46
|
+
export {};
|
|
47
|
+
//# sourceMappingURL=L4-injection-detector.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"L4-injection-detector.d.ts","sourceRoot":"","sources":["../../../src/layers/implementations/L4-injection-detector.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EAAE,iBAAiB,EAAqB,MAAM,aAAa,CAAC;AACnE,OAAO,KAAK,EACV,UAAU,EACV,oBAAoB,EAGrB,MAAM,aAAa,CAAC;AAErB;;GAEG;AACH,UAAU,gBAAgB;IACxB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;IACzC,QAAQ,EACJ,sBAAsB,GACtB,aAAa,GACb,gBAAgB,GAChB,iBAAiB,GACjB,oBAAoB,CAAC;IACzB,WAAW,EAAE,MAAM,CAAC;CACrB;AAuID;;;;GAIG;AACH,qBAAa,mBAAoB,SAAQ,iBAAiB;IACxD,OAAO,CAAC,QAAQ,CAAqB;gBAEzB,kBAAkB,CAAC,EAAE,gBAAgB,EAAE;IAsB7C,OAAO,CAAC,KAAK,EAAE,UAAU,GAAG,OAAO,CAAC,oBAAoB,CAAC;IAwE/D;;OAEG;IACH,OAAO,CAAC,cAAc;IA8BtB;;;OAGG;IACH,OAAO,CAAC,yBAAyB;IAWjC,OAAO,CAAC,QAAQ;IAIhB,OAAO,CAAC,WAAW;CAUpB"}
|