@vorionsys/atsf-core 0.2.3 → 0.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +1 -0
- package/LICENSE +1 -1
- package/README.md +82 -29
- package/dist/adapters/base-adapter.d.ts +94 -0
- package/dist/adapters/base-adapter.d.ts.map +1 -0
- package/dist/adapters/base-adapter.js +233 -0
- package/dist/adapters/base-adapter.js.map +1 -0
- package/dist/adapters/index.d.ts +9 -0
- package/dist/adapters/index.d.ts.map +1 -0
- package/dist/adapters/index.js +5 -0
- package/dist/adapters/index.js.map +1 -0
- package/dist/adapters/types.d.ts +83 -0
- package/dist/adapters/types.d.ts.map +1 -0
- package/dist/adapters/types.js +4 -0
- package/dist/adapters/types.js.map +1 -0
- package/dist/adapters/webhook-handler.d.ts +64 -0
- package/dist/adapters/webhook-handler.d.ts.map +1 -0
- package/dist/adapters/webhook-handler.js +170 -0
- package/dist/adapters/webhook-handler.js.map +1 -0
- package/dist/api/index.d.ts +1 -1
- package/dist/api/index.d.ts.map +1 -1
- package/dist/api/index.js +3 -1
- package/dist/api/index.js.map +1 -1
- package/dist/api/server.d.ts +2 -2
- package/dist/api/server.d.ts.map +1 -1
- package/dist/api/server.js +149 -184
- package/dist/api/server.js.map +1 -1
- package/dist/arbitration/index.d.ts +4 -12
- package/dist/arbitration/index.d.ts.map +1 -1
- package/dist/arbitration/index.js +43 -46
- package/dist/arbitration/index.js.map +1 -1
- package/dist/arbitration/types.d.ts +10 -10
- package/dist/arbitration/types.d.ts.map +1 -1
- package/dist/arbitration/types.js +2 -8
- package/dist/arbitration/types.js.map +1 -1
- package/dist/basis/evaluator.d.ts +1 -6
- package/dist/basis/evaluator.d.ts.map +1 -1
- package/dist/basis/evaluator.js +56 -56
- package/dist/basis/evaluator.js.map +1 -1
- package/dist/basis/index.d.ts +3 -3
- package/dist/basis/index.d.ts.map +1 -1
- package/dist/basis/index.js +5 -3
- package/dist/basis/index.js.map +1 -1
- package/dist/basis/parser.d.ts +30 -30
- package/dist/basis/parser.d.ts.map +1 -1
- package/dist/basis/parser.js +27 -32
- package/dist/basis/parser.js.map +1 -1
- package/dist/basis/types.d.ts +2 -2
- package/dist/basis/types.d.ts.map +1 -1
- package/dist/basis/types.js +2 -3
- package/dist/basis/types.js.map +1 -1
- package/dist/chain/index.d.ts +0 -8
- package/dist/chain/index.d.ts.map +1 -1
- package/dist/chain/index.js +18 -16
- package/dist/chain/index.js.map +1 -1
- package/dist/cognigate/index.d.ts +1 -9
- package/dist/cognigate/index.d.ts.map +1 -1
- package/dist/cognigate/index.js +35 -44
- package/dist/cognigate/index.js.map +1 -1
- package/dist/common/adapters.d.ts +4 -4
- package/dist/common/adapters.d.ts.map +1 -1
- package/dist/common/adapters.js +54 -70
- package/dist/common/adapters.js.map +1 -1
- package/dist/common/config.d.ts +69 -68
- package/dist/common/config.d.ts.map +1 -1
- package/dist/common/config.js +52 -50
- package/dist/common/config.js.map +1 -1
- package/dist/common/index.d.ts +4 -4
- package/dist/common/index.d.ts.map +1 -1
- package/dist/common/index.js +6 -4
- package/dist/common/index.js.map +1 -1
- package/dist/common/logger.d.ts +1 -1
- package/dist/common/logger.d.ts.map +1 -1
- package/dist/common/logger.js +10 -8
- package/dist/common/logger.js.map +1 -1
- package/dist/common/types.d.ts +12 -12
- package/dist/common/types.d.ts.map +1 -1
- package/dist/common/types.js +7 -14
- package/dist/common/types.js.map +1 -1
- package/dist/containment/index.d.ts +3 -11
- package/dist/containment/index.d.ts.map +1 -1
- package/dist/containment/index.js +107 -119
- package/dist/containment/index.js.map +1 -1
- package/dist/containment/types.d.ts +11 -11
- package/dist/containment/types.d.ts.map +1 -1
- package/dist/containment/types.js +2 -8
- package/dist/containment/types.js.map +1 -1
- package/dist/contracts/index.d.ts +9 -17
- package/dist/contracts/index.d.ts.map +1 -1
- package/dist/contracts/index.js +56 -59
- package/dist/contracts/index.js.map +1 -1
- package/dist/contracts/types.d.ts +12 -12
- package/dist/contracts/types.d.ts.map +1 -1
- package/dist/contracts/types.js +2 -8
- package/dist/contracts/types.js.map +1 -1
- package/dist/crewai/callback.d.ts +2 -9
- package/dist/crewai/callback.d.ts.map +1 -1
- package/dist/crewai/callback.js +29 -27
- package/dist/crewai/callback.js.map +1 -1
- package/dist/crewai/executor.d.ts +95 -11
- package/dist/crewai/executor.d.ts.map +1 -1
- package/dist/crewai/executor.js +459 -16
- package/dist/crewai/executor.js.map +1 -1
- package/dist/crewai/index.d.ts +4 -4
- package/dist/crewai/index.d.ts.map +1 -1
- package/dist/crewai/index.js +6 -4
- package/dist/crewai/index.js.map +1 -1
- package/dist/crewai/tools.d.ts +1 -1
- package/dist/crewai/tools.d.ts.map +1 -1
- package/dist/crewai/tools.js +40 -46
- package/dist/crewai/tools.js.map +1 -1
- package/dist/crewai/types.d.ts +66 -3
- package/dist/crewai/types.d.ts.map +1 -1
- package/dist/crewai/types.js +2 -7
- package/dist/crewai/types.js.map +1 -1
- package/dist/enforce/index.d.ts +226 -19
- package/dist/enforce/index.d.ts.map +1 -1
- package/dist/enforce/index.js +55 -81
- package/dist/enforce/index.js.map +1 -1
- package/dist/enforce/trust-aware-enforcement-service.d.ts +8 -23
- package/dist/enforce/trust-aware-enforcement-service.d.ts.map +1 -1
- package/dist/enforce/trust-aware-enforcement-service.js +109 -125
- package/dist/enforce/trust-aware-enforcement-service.js.map +1 -1
- package/dist/governance/fluid-workflow.d.ts +8 -16
- package/dist/governance/fluid-workflow.d.ts.map +1 -1
- package/dist/governance/fluid-workflow.js +88 -114
- package/dist/governance/fluid-workflow.js.map +1 -1
- package/dist/governance/index.d.ts +7 -15
- package/dist/governance/index.d.ts.map +1 -1
- package/dist/governance/index.js +76 -81
- package/dist/governance/index.js.map +1 -1
- package/dist/governance/proof-bridge.d.ts +6 -6
- package/dist/governance/proof-bridge.d.ts.map +1 -1
- package/dist/governance/proof-bridge.js +6 -16
- package/dist/governance/proof-bridge.js.map +1 -1
- package/dist/governance/types.d.ts +9 -16
- package/dist/governance/types.d.ts.map +1 -1
- package/dist/governance/types.js +2 -8
- package/dist/governance/types.js.map +1 -1
- package/dist/index.d.ts +30 -29
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +33 -31
- package/dist/index.js.map +1 -1
- package/dist/intent/index.d.ts +55 -18
- package/dist/intent/index.d.ts.map +1 -1
- package/dist/intent/index.js +25 -26
- package/dist/intent/index.js.map +1 -1
- package/dist/intent/persistent-intent-service.d.ts +2 -17
- package/dist/intent/persistent-intent-service.d.ts.map +1 -1
- package/dist/intent/persistent-intent-service.js +33 -43
- package/dist/intent/persistent-intent-service.js.map +1 -1
- package/dist/intent/supabase-intent-repository.d.ts +107 -0
- package/dist/intent/supabase-intent-repository.d.ts.map +1 -0
- package/dist/intent/supabase-intent-repository.js +406 -0
- package/dist/intent/supabase-intent-repository.js.map +1 -0
- package/dist/intent-gateway/index.d.ts +5 -28
- package/dist/intent-gateway/index.d.ts.map +1 -1
- package/dist/intent-gateway/index.js +341 -508
- package/dist/intent-gateway/index.js.map +1 -1
- package/dist/langchain/callback.d.ts +2 -9
- package/dist/langchain/callback.d.ts.map +1 -1
- package/dist/langchain/callback.js +32 -30
- package/dist/langchain/callback.js.map +1 -1
- package/dist/langchain/executor.d.ts +4 -11
- package/dist/langchain/executor.d.ts.map +1 -1
- package/dist/langchain/executor.js +82 -82
- package/dist/langchain/executor.js.map +1 -1
- package/dist/langchain/index.d.ts +5 -5
- package/dist/langchain/index.d.ts.map +1 -1
- package/dist/langchain/index.js +7 -5
- package/dist/langchain/index.js.map +1 -1
- package/dist/langchain/tools.d.ts +1 -1
- package/dist/langchain/tools.d.ts.map +1 -1
- package/dist/langchain/tools.js +36 -43
- package/dist/langchain/tools.js.map +1 -1
- package/dist/langchain/types.d.ts +3 -3
- package/dist/langchain/types.d.ts.map +1 -1
- package/dist/langchain/types.js +2 -7
- package/dist/langchain/types.js.map +1 -1
- package/dist/layers/implementations/L0-request-format.d.ts +2 -2
- package/dist/layers/implementations/L0-request-format.d.ts.map +1 -1
- package/dist/layers/implementations/L0-request-format.js +54 -54
- package/dist/layers/implementations/L0-request-format.js.map +1 -1
- package/dist/layers/implementations/L1-input-size.d.ts +2 -2
- package/dist/layers/implementations/L1-input-size.d.ts.map +1 -1
- package/dist/layers/implementations/L1-input-size.js +41 -49
- package/dist/layers/implementations/L1-input-size.js.map +1 -1
- package/dist/layers/implementations/L2-charset-sanitizer.d.ts +2 -2
- package/dist/layers/implementations/L2-charset-sanitizer.d.ts.map +1 -1
- package/dist/layers/implementations/L2-charset-sanitizer.js +73 -81
- package/dist/layers/implementations/L2-charset-sanitizer.js.map +1 -1
- package/dist/layers/implementations/L3-schema-conformance.d.ts +3 -3
- package/dist/layers/implementations/L3-schema-conformance.d.ts.map +1 -1
- package/dist/layers/implementations/L3-schema-conformance.js +75 -82
- package/dist/layers/implementations/L3-schema-conformance.js.map +1 -1
- package/dist/layers/implementations/L4-injection-detector.d.ts +4 -4
- package/dist/layers/implementations/L4-injection-detector.d.ts.map +1 -1
- package/dist/layers/implementations/L4-injection-detector.js +83 -85
- package/dist/layers/implementations/L4-injection-detector.js.map +1 -1
- package/dist/layers/implementations/L5-rate-limiter.d.ts +2 -2
- package/dist/layers/implementations/L5-rate-limiter.d.ts.map +1 -1
- package/dist/layers/implementations/L5-rate-limiter.js +22 -20
- package/dist/layers/implementations/L5-rate-limiter.js.map +1 -1
- package/dist/layers/implementations/index.d.ts +6 -6
- package/dist/layers/implementations/index.d.ts.map +1 -1
- package/dist/layers/implementations/index.js +8 -6
- package/dist/layers/implementations/index.js.map +1 -1
- package/dist/layers/index.d.ts +3 -11
- package/dist/layers/index.d.ts.map +1 -1
- package/dist/layers/index.js +73 -99
- package/dist/layers/index.js.map +1 -1
- package/dist/layers/types.d.ts +16 -16
- package/dist/layers/types.d.ts.map +1 -1
- package/dist/layers/types.js +2 -8
- package/dist/layers/types.js.map +1 -1
- package/dist/paramesphere/activation-collector.d.ts +128 -0
- package/dist/paramesphere/activation-collector.d.ts.map +1 -0
- package/dist/paramesphere/activation-collector.js +260 -0
- package/dist/paramesphere/activation-collector.js.map +1 -0
- package/dist/paramesphere/cognitive-envelope.d.ts +73 -0
- package/dist/paramesphere/cognitive-envelope.d.ts.map +1 -0
- package/dist/paramesphere/cognitive-envelope.js +209 -0
- package/dist/paramesphere/cognitive-envelope.js.map +1 -0
- package/dist/paramesphere/envelope-integration.d.ts +60 -0
- package/dist/paramesphere/envelope-integration.d.ts.map +1 -0
- package/dist/paramesphere/envelope-integration.js +93 -0
- package/dist/paramesphere/envelope-integration.js.map +1 -0
- package/dist/paramesphere/fingerprint-monitor.d.ts +136 -0
- package/dist/paramesphere/fingerprint-monitor.d.ts.map +1 -0
- package/dist/paramesphere/fingerprint-monitor.js +212 -0
- package/dist/paramesphere/fingerprint-monitor.js.map +1 -0
- package/dist/paramesphere/fingerprint-store.d.ts +85 -0
- package/dist/paramesphere/fingerprint-store.d.ts.map +1 -0
- package/dist/paramesphere/fingerprint-store.js +68 -0
- package/dist/paramesphere/fingerprint-store.js.map +1 -0
- package/dist/paramesphere/index.d.ts +21 -0
- package/dist/paramesphere/index.d.ts.map +1 -0
- package/dist/paramesphere/index.js +18 -0
- package/dist/paramesphere/index.js.map +1 -0
- package/dist/paramesphere/monitor-integration.d.ts +37 -0
- package/dist/paramesphere/monitor-integration.d.ts.map +1 -0
- package/dist/paramesphere/monitor-integration.js +81 -0
- package/dist/paramesphere/monitor-integration.js.map +1 -0
- package/dist/paramesphere/paramesphere-engine.d.ts +111 -0
- package/dist/paramesphere/paramesphere-engine.d.ts.map +1 -0
- package/dist/paramesphere/paramesphere-engine.js +542 -0
- package/dist/paramesphere/paramesphere-engine.js.map +1 -0
- package/dist/paramesphere/types.d.ts +142 -0
- package/dist/paramesphere/types.d.ts.map +1 -0
- package/dist/paramesphere/types.js +4 -0
- package/dist/paramesphere/types.js.map +1 -0
- package/dist/persistence/file.d.ts +3 -10
- package/dist/persistence/file.d.ts.map +1 -1
- package/dist/persistence/file.js +30 -32
- package/dist/persistence/file.js.map +1 -1
- package/dist/persistence/index.d.ts +7 -7
- package/dist/persistence/index.d.ts.map +1 -1
- package/dist/persistence/index.js +20 -18
- package/dist/persistence/index.js.map +1 -1
- package/dist/persistence/memory.d.ts +3 -3
- package/dist/persistence/memory.d.ts.map +1 -1
- package/dist/persistence/memory.js +10 -17
- package/dist/persistence/memory.js.map +1 -1
- package/dist/persistence/sqlite.d.ts +3 -11
- package/dist/persistence/sqlite.d.ts.map +1 -1
- package/dist/persistence/sqlite.js +42 -39
- package/dist/persistence/sqlite.js.map +1 -1
- package/dist/persistence/supabase.d.ts +3 -3
- package/dist/persistence/supabase.d.ts.map +1 -1
- package/dist/persistence/supabase.js +46 -49
- package/dist/persistence/supabase.js.map +1 -1
- package/dist/persistence/types.d.ts +5 -5
- package/dist/persistence/types.d.ts.map +1 -1
- package/dist/persistence/types.js +2 -7
- package/dist/persistence/types.js.map +1 -1
- package/dist/phase6/ceiling.d.ts +5 -21
- package/dist/phase6/ceiling.d.ts.map +1 -1
- package/dist/phase6/ceiling.js +38 -69
- package/dist/phase6/ceiling.js.map +1 -1
- package/dist/phase6/context.d.ts +3 -20
- package/dist/phase6/context.d.ts.map +1 -1
- package/dist/phase6/context.js +49 -93
- package/dist/phase6/context.js.map +1 -1
- package/dist/phase6/index.d.ts +12 -12
- package/dist/phase6/index.d.ts.map +1 -1
- package/dist/phase6/index.js +17 -15
- package/dist/phase6/index.js.map +1 -1
- package/dist/phase6/presets.d.ts +2 -18
- package/dist/phase6/presets.d.ts.map +1 -1
- package/dist/phase6/presets.js +35 -39
- package/dist/phase6/presets.js.map +1 -1
- package/dist/phase6/provenance.d.ts +4 -19
- package/dist/phase6/provenance.d.ts.map +1 -1
- package/dist/phase6/provenance.js +37 -42
- package/dist/phase6/provenance.js.map +1 -1
- package/dist/phase6/role-gates/index.d.ts +2 -2
- package/dist/phase6/role-gates/index.d.ts.map +1 -1
- package/dist/phase6/role-gates/index.js +4 -2
- package/dist/phase6/role-gates/index.js.map +1 -1
- package/dist/phase6/role-gates/kernel.d.ts.map +1 -1
- package/dist/phase6/role-gates/kernel.js +18 -16
- package/dist/phase6/role-gates/kernel.js.map +1 -1
- package/dist/phase6/role-gates/policy.d.ts +2 -2
- package/dist/phase6/role-gates/policy.d.ts.map +1 -1
- package/dist/phase6/role-gates/policy.js +8 -17
- package/dist/phase6/role-gates/policy.js.map +1 -1
- package/dist/phase6/role-gates.d.ts +4 -20
- package/dist/phase6/role-gates.d.ts.map +1 -1
- package/dist/phase6/role-gates.js +60 -80
- package/dist/phase6/role-gates.js.map +1 -1
- package/dist/phase6/types.d.ts +53 -23
- package/dist/phase6/types.d.ts.map +1 -1
- package/dist/phase6/types.js +131 -177
- package/dist/phase6/types.js.map +1 -1
- package/dist/phase6/weight-presets/canonical.d.ts.map +1 -1
- package/dist/phase6/weight-presets/canonical.js +12 -10
- package/dist/phase6/weight-presets/canonical.js.map +1 -1
- package/dist/phase6/weight-presets/deltas.d.ts +2 -2
- package/dist/phase6/weight-presets/deltas.d.ts.map +1 -1
- package/dist/phase6/weight-presets/deltas.js +29 -37
- package/dist/phase6/weight-presets/deltas.js.map +1 -1
- package/dist/phase6/weight-presets/index.d.ts +3 -3
- package/dist/phase6/weight-presets/index.d.ts.map +1 -1
- package/dist/phase6/weight-presets/index.js +5 -3
- package/dist/phase6/weight-presets/index.js.map +1 -1
- package/dist/phase6/weight-presets/merger.d.ts +2 -12
- package/dist/phase6/weight-presets/merger.d.ts.map +1 -1
- package/dist/phase6/weight-presets/merger.js +45 -39
- package/dist/phase6/weight-presets/merger.js.map +1 -1
- package/dist/proof/index.d.ts +6 -13
- package/dist/proof/index.d.ts.map +1 -1
- package/dist/proof/index.js +63 -51
- package/dist/proof/index.js.map +1 -1
- package/dist/proof/merkle.d.ts +24 -19
- package/dist/proof/merkle.d.ts.map +1 -1
- package/dist/proof/merkle.js +118 -32
- package/dist/proof/merkle.js.map +1 -1
- package/dist/proof/zk-proofs.d.ts +6 -24
- package/dist/proof/zk-proofs.d.ts.map +1 -1
- package/dist/proof/zk-proofs.js +45 -42
- package/dist/proof/zk-proofs.js.map +1 -1
- package/dist/provenance/index.d.ts +3 -11
- package/dist/provenance/index.d.ts.map +1 -1
- package/dist/provenance/index.js +19 -19
- package/dist/provenance/index.js.map +1 -1
- package/dist/provenance/types.d.ts +4 -4
- package/dist/provenance/types.d.ts.map +1 -1
- package/dist/provenance/types.js +2 -8
- package/dist/provenance/types.js.map +1 -1
- package/dist/sandbox-training/challenges.d.ts +1 -1
- package/dist/sandbox-training/challenges.d.ts.map +1 -1
- package/dist/sandbox-training/challenges.js +230 -236
- package/dist/sandbox-training/challenges.js.map +1 -1
- package/dist/sandbox-training/graduation.d.ts +1 -1
- package/dist/sandbox-training/graduation.d.ts.map +1 -1
- package/dist/sandbox-training/graduation.js +17 -22
- package/dist/sandbox-training/graduation.js.map +1 -1
- package/dist/sandbox-training/index.d.ts +9 -9
- package/dist/sandbox-training/index.d.ts.map +1 -1
- package/dist/sandbox-training/index.js +8 -6
- package/dist/sandbox-training/index.js.map +1 -1
- package/dist/sandbox-training/promotion-service.d.ts +4 -4
- package/dist/sandbox-training/promotion-service.d.ts.map +1 -1
- package/dist/sandbox-training/promotion-service.js +7 -16
- package/dist/sandbox-training/promotion-service.js.map +1 -1
- package/dist/sandbox-training/runner.d.ts +1 -1
- package/dist/sandbox-training/runner.d.ts.map +1 -1
- package/dist/sandbox-training/runner.js +75 -82
- package/dist/sandbox-training/runner.js.map +1 -1
- package/dist/sandbox-training/scorer.d.ts +4 -4
- package/dist/sandbox-training/scorer.d.ts.map +1 -1
- package/dist/sandbox-training/scorer.js +7 -13
- package/dist/sandbox-training/scorer.js.map +1 -1
- package/dist/sandbox-training/types.d.ts +4 -4
- package/dist/sandbox-training/types.d.ts.map +1 -1
- package/dist/sandbox-training/types.js +9 -19
- package/dist/sandbox-training/types.js.map +1 -1
- package/dist/trust-engine/ceiling-enforcement/audit.d.ts +1 -9
- package/dist/trust-engine/ceiling-enforcement/audit.d.ts.map +1 -1
- package/dist/trust-engine/ceiling-enforcement/audit.js +6 -11
- package/dist/trust-engine/ceiling-enforcement/audit.js.map +1 -1
- package/dist/trust-engine/ceiling-enforcement/index.d.ts +2 -2
- package/dist/trust-engine/ceiling-enforcement/index.d.ts.map +1 -1
- package/dist/trust-engine/ceiling-enforcement/index.js +4 -2
- package/dist/trust-engine/ceiling-enforcement/index.js.map +1 -1
- package/dist/trust-engine/ceiling-enforcement/kernel.d.ts +12 -10
- package/dist/trust-engine/ceiling-enforcement/kernel.d.ts.map +1 -1
- package/dist/trust-engine/ceiling-enforcement/kernel.js +28 -20
- package/dist/trust-engine/ceiling-enforcement/kernel.js.map +1 -1
- package/dist/trust-engine/context-policy/enforcement.d.ts +0 -9
- package/dist/trust-engine/context-policy/enforcement.d.ts.map +1 -1
- package/dist/trust-engine/context-policy/enforcement.js +2 -9
- package/dist/trust-engine/context-policy/enforcement.js.map +1 -1
- package/dist/trust-engine/context-policy/factory.d.ts +1 -1
- package/dist/trust-engine/context-policy/factory.d.ts.map +1 -1
- package/dist/trust-engine/context-policy/factory.js +3 -1
- package/dist/trust-engine/context-policy/factory.js.map +1 -1
- package/dist/trust-engine/context-policy/index.d.ts +2 -2
- package/dist/trust-engine/context-policy/index.d.ts.map +1 -1
- package/dist/trust-engine/context-policy/index.js +4 -2
- package/dist/trust-engine/context-policy/index.js.map +1 -1
- package/dist/trust-engine/creation-modifiers/index.d.ts +1 -1
- package/dist/trust-engine/creation-modifiers/index.d.ts.map +1 -1
- package/dist/trust-engine/creation-modifiers/index.js +3 -1
- package/dist/trust-engine/creation-modifiers/index.js.map +1 -1
- package/dist/trust-engine/creation-modifiers/types.d.ts.map +1 -1
- package/dist/trust-engine/creation-modifiers/types.js +5 -2
- package/dist/trust-engine/creation-modifiers/types.js.map +1 -1
- package/dist/trust-engine/decay-profiles.d.ts +37 -136
- package/dist/trust-engine/decay-profiles.d.ts.map +1 -1
- package/dist/trust-engine/decay-profiles.js +61 -183
- package/dist/trust-engine/decay-profiles.js.map +1 -1
- package/dist/trust-engine/index.d.ts +327 -22
- package/dist/trust-engine/index.d.ts.map +1 -1
- package/dist/trust-engine/index.js +706 -130
- package/dist/trust-engine/index.js.map +1 -1
- package/dist/trust-engine/phase6-types.d.ts +15 -18
- package/dist/trust-engine/phase6-types.d.ts.map +1 -1
- package/dist/trust-engine/phase6-types.js +32 -36
- package/dist/trust-engine/phase6-types.js.map +1 -1
- package/dist/trust-engine/trust-verifier.d.ts +121 -0
- package/dist/trust-engine/trust-verifier.d.ts.map +1 -0
- package/dist/trust-engine/trust-verifier.js +226 -0
- package/dist/trust-engine/trust-verifier.js.map +1 -0
- package/package.json +140 -135
- package/dist/enforce/types.d.ts +0 -234
- package/dist/enforce/types.d.ts.map +0 -1
- package/dist/enforce/types.js +0 -10
- package/dist/enforce/types.js.map +0 -1
- package/dist/intent/types.d.ts +0 -69
- package/dist/intent/types.d.ts.map +0 -1
- package/dist/intent/types.js +0 -10
- package/dist/intent/types.js.map +0 -1
- package/dist/trust-engine/types.d.ts +0 -77
- package/dist/trust-engine/types.d.ts.map +0 -1
- package/dist/trust-engine/types.js +0 -20
- package/dist/trust-engine/types.js.map +0 -1
|
@@ -5,7 +5,7 @@
|
|
|
5
5
|
*
|
|
6
6
|
* @packageDocumentation
|
|
7
7
|
*/
|
|
8
|
-
import type { TrustLevel } from
|
|
8
|
+
import type { TrustLevel } from '../common/types.js';
|
|
9
9
|
/**
|
|
10
10
|
* Trust-aware agent configuration
|
|
11
11
|
*/
|
|
@@ -35,7 +35,7 @@ export interface TrustAwareAgentConfig {
|
|
|
35
35
|
/**
|
|
36
36
|
* Trust callback event types
|
|
37
37
|
*/
|
|
38
|
-
export type TrustCallbackEvent =
|
|
38
|
+
export type TrustCallbackEvent = 'tool_start' | 'tool_end' | 'tool_error' | 'llm_start' | 'llm_end' | 'llm_error' | 'chain_start' | 'chain_end' | 'chain_error' | 'agent_action' | 'agent_finish';
|
|
39
39
|
/**
|
|
40
40
|
* Trust signal source
|
|
41
41
|
*/
|
|
@@ -72,7 +72,7 @@ export interface TrustedExecutionResult<T = unknown> {
|
|
|
72
72
|
/**
|
|
73
73
|
* LLM error classification for better error handling
|
|
74
74
|
*/
|
|
75
|
-
export type LLMErrorType =
|
|
75
|
+
export type LLMErrorType = 'rate_limit' | 'context_length' | 'authentication' | 'model_unavailable' | 'content_filter' | 'timeout' | 'network' | 'invalid_request' | 'server_error' | 'unknown';
|
|
76
76
|
/**
|
|
77
77
|
* Classified LLM error with metadata
|
|
78
78
|
*/
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/langchain/types.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/langchain/types.ts"],"names":[],"mappings":"AAGA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAErD;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC,8BAA8B;IAC9B,OAAO,EAAE,MAAM,CAAC;IAChB,yCAAyC;IACzC,iBAAiB,CAAC,EAAE,UAAU,CAAC;IAC/B,iDAAiD;IACjD,aAAa,CAAC,EAAE,UAAU,CAAC;IAC3B,yDAAyD;IACzD,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,wDAAwD;IACxD,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,kDAAkD;IAClD,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB,4BAA4B;IAC5B,aAAa,CAAC,EAAE;QACd,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB,YAAY,CAAC,EAAE,MAAM,CAAC;KACvB,CAAC;CACH;AAED;;GAEG;AACH,MAAM,MAAM,kBAAkB,GAC1B,YAAY,GACZ,UAAU,GACV,YAAY,GACZ,WAAW,GACX,SAAS,GACT,WAAW,GACX,aAAa,GACb,WAAW,GACX,aAAa,GACb,cAAc,GACd,cAAc,CAAC;AAEnB;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,KAAK,EAAE,kBAAkB,CAAC;IAC1B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,KAAK,CAAC,EAAE,KAAK,CAAC;CACf;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,OAAO,EAAE,OAAO,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,YAAY,EAAE,UAAU,CAAC;IACzB,YAAY,EAAE,MAAM,CAAC;IACrB,aAAa,EAAE,UAAU,CAAC;IAC1B,MAAM,EAAE,MAAM,CAAC;CAChB;AAED;;GAEG;AACH,MAAM,WAAW,sBAAsB,CAAC,CAAC,GAAG,OAAO;IACjD,MAAM,EAAE,CAAC,CAAC;IACV,UAAU,EAAE,gBAAgB,CAAC;IAC7B,eAAe,EAAE,MAAM,CAAC;IACxB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,UAAU,CAAC;CACxB;AAED;;GAEG;AACH,MAAM,MAAM,YAAY,GACpB,YAAY,GACZ,gBAAgB,GAChB,gBAAgB,GAChB,mBAAmB,GACnB,gBAAgB,GAChB,SAAS,GACT,SAAS,GACT,iBAAiB,GACjB,cAAc,GACd,SAAS,CAAC;AAEd;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,IAAI,EAAE,YAAY,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC;IAChB,aAAa,EAAE,KAAK,CAAC;IACrB,SAAS,EAAE,OAAO,CAAC;IACnB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACpC;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,oDAAoD;IACpD,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,uDAAuD;IACvD,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,2DAA2D;IAC3D,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,sDAAsD;IACtD,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,kGAAkG;IAClG,eAAe,CAAC,EAAE,YAAY,EAAE,CAAC;IACjC,uCAAuC;IACvC,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,kBAAkB,EAAE,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,KAAK,IAAI,CAAC;CACjF;AAED;;GAEG;AACH,MAAM,WAAW,8BAA+B,SAAQ,qBAAqB;IAC3E,8BAA8B;IAC9B,WAAW,CAAC,EAAE,cAAc,CAAC;IAC7B,8BAA8B;IAC9B,eAAe,CAAC,EAAE,CAAC,KAAK,EAAE,KAAK,KAAK,kBAAkB,CAAC;CACxD"}
|
package/dist/langchain/types.js
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/langchain/types.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/langchain/types.ts"],"names":[],"mappings":"AAAA,sCAAsC;AACtC,iCAAiC"}
|
|
@@ -10,8 +10,8 @@
|
|
|
10
10
|
*
|
|
11
11
|
* @packageDocumentation
|
|
12
12
|
*/
|
|
13
|
-
import { BaseSecurityLayer } from
|
|
14
|
-
import type { LayerInput, LayerExecutionResult } from
|
|
13
|
+
import { BaseSecurityLayer } from '../index.js';
|
|
14
|
+
import type { LayerInput, LayerExecutionResult } from '../types.js';
|
|
15
15
|
/**
|
|
16
16
|
* L0 Request Format Validator
|
|
17
17
|
*
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"L0-request-format.d.ts","sourceRoot":"","sources":["../../../src/layers/implementations/L0-request-format.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"L0-request-format.d.ts","sourceRoot":"","sources":["../../../src/layers/implementations/L0-request-format.ts"],"names":[],"mappings":"AAGA;;;;;;;;;;;GAWG;AAEH,OAAO,EAAE,iBAAiB,EAAqB,MAAM,aAAa,CAAC;AACnE,OAAO,KAAK,EAAE,UAAU,EAAE,oBAAoB,EAA6B,MAAM,aAAa,CAAC;AAW/F;;;;;GAKG;AACH,qBAAa,wBAAyB,SAAQ,iBAAiB;;IAiBvD,OAAO,CAAC,KAAK,EAAE,UAAU,GAAG,OAAO,CAAC,oBAAoB,CAAC;IAuI/D;;OAEG;IACH,OAAO,CAAC,YAAY;IAgBpB;;OAEG;IACH,OAAO,CAAC,SAAS;IAWjB;;OAEG;IACH,OAAO,CAAC,wBAAwB;CAmBjC"}
|
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
// SPDX-License-Identifier: Apache-2.0
|
|
2
|
+
// Copyright 2024-2026 Vorion LLC
|
|
1
3
|
/**
|
|
2
4
|
* L0 — Request Format Validator
|
|
3
5
|
*
|
|
@@ -10,13 +12,13 @@
|
|
|
10
12
|
*
|
|
11
13
|
* @packageDocumentation
|
|
12
14
|
*/
|
|
13
|
-
import { BaseSecurityLayer, createLayerConfig } from
|
|
15
|
+
import { BaseSecurityLayer, createLayerConfig } from '../index.js';
|
|
14
16
|
// Maximum depth for nested objects to prevent stack overflow / complexity attacks
|
|
15
17
|
const MAX_NESTING_DEPTH = 20;
|
|
16
18
|
// Maximum number of keys in a single object
|
|
17
19
|
const MAX_OBJECT_KEYS = 500;
|
|
18
20
|
// Required payload fields for a well-formed request
|
|
19
|
-
const REQUIRED_PAYLOAD_FIELDS = [
|
|
21
|
+
const REQUIRED_PAYLOAD_FIELDS = ['action', 'content'];
|
|
20
22
|
/**
|
|
21
23
|
* L0 Request Format Validator
|
|
22
24
|
*
|
|
@@ -25,12 +27,12 @@ const REQUIRED_PAYLOAD_FIELDS = ["action", "content"];
|
|
|
25
27
|
*/
|
|
26
28
|
export class L0RequestFormatValidator extends BaseSecurityLayer {
|
|
27
29
|
constructor() {
|
|
28
|
-
super(createLayerConfig(0,
|
|
29
|
-
description:
|
|
30
|
-
tier:
|
|
31
|
-
primaryThreat:
|
|
32
|
-
secondaryThreats: [
|
|
33
|
-
failMode:
|
|
30
|
+
super(createLayerConfig(0, 'Request Format Validator', {
|
|
31
|
+
description: 'Validates request structure, required fields, and payload shape',
|
|
32
|
+
tier: 'input_validation',
|
|
33
|
+
primaryThreat: 'prompt_injection',
|
|
34
|
+
secondaryThreats: ['denial_of_service'],
|
|
35
|
+
failMode: 'block',
|
|
34
36
|
required: true,
|
|
35
37
|
timeoutMs: 200,
|
|
36
38
|
parallelizable: true,
|
|
@@ -46,9 +48,9 @@ export class L0RequestFormatValidator extends BaseSecurityLayer {
|
|
|
46
48
|
if (!inputValidation.valid) {
|
|
47
49
|
for (const err of inputValidation.errors) {
|
|
48
50
|
findings.push({
|
|
49
|
-
type:
|
|
50
|
-
severity:
|
|
51
|
-
code:
|
|
51
|
+
type: 'threat_detected',
|
|
52
|
+
severity: 'high',
|
|
53
|
+
code: 'L0_MISSING_FIELD',
|
|
52
54
|
description: `Missing required field: ${err.field}`,
|
|
53
55
|
evidence: [err.message],
|
|
54
56
|
remediation: `Provide the required field '${err.field}'`,
|
|
@@ -57,16 +59,14 @@ export class L0RequestFormatValidator extends BaseSecurityLayer {
|
|
|
57
59
|
}
|
|
58
60
|
// 2. Validate payload is a plain object
|
|
59
61
|
if (input.payload !== null && input.payload !== undefined) {
|
|
60
|
-
if (typeof input.payload !==
|
|
62
|
+
if (typeof input.payload !== 'object' || Array.isArray(input.payload)) {
|
|
61
63
|
findings.push({
|
|
62
|
-
type:
|
|
63
|
-
severity:
|
|
64
|
-
code:
|
|
65
|
-
description:
|
|
66
|
-
evidence: [
|
|
67
|
-
|
|
68
|
-
],
|
|
69
|
-
remediation: "Provide payload as a plain JSON object",
|
|
64
|
+
type: 'threat_detected',
|
|
65
|
+
severity: 'high',
|
|
66
|
+
code: 'L0_INVALID_PAYLOAD_TYPE',
|
|
67
|
+
description: 'Payload must be a plain object, not an array or primitive',
|
|
68
|
+
evidence: [`Received type: ${Array.isArray(input.payload) ? 'array' : typeof input.payload}`],
|
|
69
|
+
remediation: 'Provide payload as a plain JSON object',
|
|
70
70
|
});
|
|
71
71
|
}
|
|
72
72
|
else {
|
|
@@ -74,9 +74,9 @@ export class L0RequestFormatValidator extends BaseSecurityLayer {
|
|
|
74
74
|
const depth = this.measureDepth(input.payload, 0);
|
|
75
75
|
if (depth > MAX_NESTING_DEPTH) {
|
|
76
76
|
findings.push({
|
|
77
|
-
type:
|
|
78
|
-
severity:
|
|
79
|
-
code:
|
|
77
|
+
type: 'threat_detected',
|
|
78
|
+
severity: 'high',
|
|
79
|
+
code: 'L0_EXCESSIVE_NESTING',
|
|
80
80
|
description: `Payload nesting depth ${depth} exceeds maximum ${MAX_NESTING_DEPTH}`,
|
|
81
81
|
evidence: [`depth=${depth}, max=${MAX_NESTING_DEPTH}`],
|
|
82
82
|
remediation: `Flatten payload structure to at most ${MAX_NESTING_DEPTH} levels`,
|
|
@@ -86,21 +86,21 @@ export class L0RequestFormatValidator extends BaseSecurityLayer {
|
|
|
86
86
|
const keyCount = this.countKeys(input.payload);
|
|
87
87
|
if (keyCount > MAX_OBJECT_KEYS) {
|
|
88
88
|
findings.push({
|
|
89
|
-
type:
|
|
90
|
-
severity:
|
|
91
|
-
code:
|
|
89
|
+
type: 'threat_detected',
|
|
90
|
+
severity: 'medium',
|
|
91
|
+
code: 'L0_EXCESSIVE_KEYS',
|
|
92
92
|
description: `Payload contains ${keyCount} keys, exceeding maximum ${MAX_OBJECT_KEYS}`,
|
|
93
93
|
evidence: [`keys=${keyCount}, max=${MAX_OBJECT_KEYS}`],
|
|
94
|
-
remediation:
|
|
94
|
+
remediation: 'Reduce the number of fields in the payload',
|
|
95
95
|
});
|
|
96
96
|
}
|
|
97
97
|
// 5. Check for required payload fields
|
|
98
98
|
for (const field of REQUIRED_PAYLOAD_FIELDS) {
|
|
99
99
|
if (!(field in input.payload)) {
|
|
100
100
|
findings.push({
|
|
101
|
-
type:
|
|
102
|
-
severity:
|
|
103
|
-
code:
|
|
101
|
+
type: 'warning',
|
|
102
|
+
severity: 'medium',
|
|
103
|
+
code: 'L0_MISSING_PAYLOAD_FIELD',
|
|
104
104
|
description: `Payload missing recommended field '${field}'`,
|
|
105
105
|
evidence: [`Field '${field}' not found in payload`],
|
|
106
106
|
remediation: `Include '${field}' in the payload object`,
|
|
@@ -111,12 +111,12 @@ export class L0RequestFormatValidator extends BaseSecurityLayer {
|
|
|
111
111
|
const pollutionAttempts = this.detectPrototypePollution(input.payload);
|
|
112
112
|
for (const attempt of pollutionAttempts) {
|
|
113
113
|
findings.push({
|
|
114
|
-
type:
|
|
115
|
-
severity:
|
|
116
|
-
code:
|
|
114
|
+
type: 'threat_detected',
|
|
115
|
+
severity: 'critical',
|
|
116
|
+
code: 'L0_PROTOTYPE_POLLUTION',
|
|
117
117
|
description: `Prototype pollution attempt detected via key '${attempt}'`,
|
|
118
118
|
evidence: [`Dangerous key: ${attempt}`],
|
|
119
|
-
remediation:
|
|
119
|
+
remediation: 'Remove __proto__, constructor, and prototype keys from payload',
|
|
120
120
|
});
|
|
121
121
|
}
|
|
122
122
|
}
|
|
@@ -125,20 +125,20 @@ export class L0RequestFormatValidator extends BaseSecurityLayer {
|
|
|
125
125
|
if (input.metadata) {
|
|
126
126
|
if (!input.metadata.requestTimestamp) {
|
|
127
127
|
findings.push({
|
|
128
|
-
type:
|
|
129
|
-
severity:
|
|
130
|
-
code:
|
|
131
|
-
description:
|
|
132
|
-
evidence: [
|
|
128
|
+
type: 'warning',
|
|
129
|
+
severity: 'low',
|
|
130
|
+
code: 'L0_MISSING_TIMESTAMP',
|
|
131
|
+
description: 'Request metadata missing timestamp',
|
|
132
|
+
evidence: ['metadata.requestTimestamp is empty'],
|
|
133
133
|
});
|
|
134
134
|
}
|
|
135
135
|
if (!input.metadata.source) {
|
|
136
136
|
findings.push({
|
|
137
|
-
type:
|
|
138
|
-
severity:
|
|
139
|
-
code:
|
|
140
|
-
description:
|
|
141
|
-
evidence: [
|
|
137
|
+
type: 'warning',
|
|
138
|
+
severity: 'low',
|
|
139
|
+
code: 'L0_MISSING_SOURCE',
|
|
140
|
+
description: 'Request metadata missing source identifier',
|
|
141
|
+
evidence: ['metadata.source is empty'],
|
|
142
142
|
});
|
|
143
143
|
}
|
|
144
144
|
}
|
|
@@ -151,13 +151,13 @@ export class L0RequestFormatValidator extends BaseSecurityLayer {
|
|
|
151
151
|
waitTimeMs: 0,
|
|
152
152
|
processingTimeMs: durationMs,
|
|
153
153
|
};
|
|
154
|
-
const hasCritical = findings.some((f) => f.severity ===
|
|
155
|
-
const hasHigh = findings.some((f) => f.severity ===
|
|
154
|
+
const hasCritical = findings.some((f) => f.severity === 'critical');
|
|
155
|
+
const hasHigh = findings.some((f) => f.severity === 'high');
|
|
156
156
|
const passed = !hasCritical && !hasHigh;
|
|
157
157
|
if (passed) {
|
|
158
|
-
return this.createSuccessResult(
|
|
158
|
+
return this.createSuccessResult('allow', 0.95, findings, [], timing);
|
|
159
159
|
}
|
|
160
|
-
return this.createFailureResult(hasCritical ?
|
|
160
|
+
return this.createFailureResult(hasCritical ? 'deny' : 'escalate', 0.9, findings, timing);
|
|
161
161
|
}
|
|
162
162
|
/**
|
|
163
163
|
* Measure nesting depth of an object, with early bail-out.
|
|
@@ -165,12 +165,12 @@ export class L0RequestFormatValidator extends BaseSecurityLayer {
|
|
|
165
165
|
measureDepth(obj, current) {
|
|
166
166
|
if (current > MAX_NESTING_DEPTH)
|
|
167
167
|
return current; // bail out early
|
|
168
|
-
if (obj === null || typeof obj !==
|
|
168
|
+
if (obj === null || typeof obj !== 'object')
|
|
169
169
|
return current;
|
|
170
170
|
let max = current;
|
|
171
171
|
const entries = Object.values(obj);
|
|
172
172
|
for (const val of entries) {
|
|
173
|
-
if (val !== null && typeof val ===
|
|
173
|
+
if (val !== null && typeof val === 'object') {
|
|
174
174
|
const d = this.measureDepth(val, current + 1);
|
|
175
175
|
if (d > max)
|
|
176
176
|
max = d;
|
|
@@ -186,7 +186,7 @@ export class L0RequestFormatValidator extends BaseSecurityLayer {
|
|
|
186
186
|
countKeys(obj) {
|
|
187
187
|
let count = Object.keys(obj).length;
|
|
188
188
|
for (const val of Object.values(obj)) {
|
|
189
|
-
if (val !== null && typeof val ===
|
|
189
|
+
if (val !== null && typeof val === 'object' && !Array.isArray(val)) {
|
|
190
190
|
count += this.countKeys(val);
|
|
191
191
|
if (count > MAX_OBJECT_KEYS)
|
|
192
192
|
return count; // bail early
|
|
@@ -198,7 +198,7 @@ export class L0RequestFormatValidator extends BaseSecurityLayer {
|
|
|
198
198
|
* Detect prototype pollution attempts (__proto__, constructor, prototype).
|
|
199
199
|
*/
|
|
200
200
|
detectPrototypePollution(obj) {
|
|
201
|
-
const dangerous = [
|
|
201
|
+
const dangerous = ['__proto__', 'constructor', 'prototype'];
|
|
202
202
|
const found = [];
|
|
203
203
|
const check = (o, path) => {
|
|
204
204
|
for (const key of Object.keys(o)) {
|
|
@@ -206,12 +206,12 @@ export class L0RequestFormatValidator extends BaseSecurityLayer {
|
|
|
206
206
|
found.push(path ? `${path}.${key}` : key);
|
|
207
207
|
}
|
|
208
208
|
const val = o[key];
|
|
209
|
-
if (val !== null && typeof val ===
|
|
209
|
+
if (val !== null && typeof val === 'object' && !Array.isArray(val)) {
|
|
210
210
|
check(val, path ? `${path}.${key}` : key);
|
|
211
211
|
}
|
|
212
212
|
}
|
|
213
213
|
};
|
|
214
|
-
check(obj,
|
|
214
|
+
check(obj, '');
|
|
215
215
|
return found;
|
|
216
216
|
}
|
|
217
217
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"L0-request-format.js","sourceRoot":"","sources":["../../../src/layers/implementations/L0-request-format.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;
|
|
1
|
+
{"version":3,"file":"L0-request-format.js","sourceRoot":"","sources":["../../../src/layers/implementations/L0-request-format.ts"],"names":[],"mappings":"AAAA,sCAAsC;AACtC,iCAAiC;AAEjC;;;;;;;;;;;GAWG;AAEH,OAAO,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAGnE,kFAAkF;AAClF,MAAM,iBAAiB,GAAG,EAAE,CAAC;AAE7B,4CAA4C;AAC5C,MAAM,eAAe,GAAG,GAAG,CAAC;AAE5B,oDAAoD;AACpD,MAAM,uBAAuB,GAAG,CAAC,QAAQ,EAAE,SAAS,CAAU,CAAC;AAE/D;;;;;GAKG;AACH,MAAM,OAAO,wBAAyB,SAAQ,iBAAiB;IAC7D;QACE,KAAK,CACH,iBAAiB,CAAC,CAAC,EAAE,0BAA0B,EAAE;YAC/C,WAAW,EAAE,iEAAiE;YAC9E,IAAI,EAAE,kBAAkB;YACxB,aAAa,EAAE,kBAAkB;YACjC,gBAAgB,EAAE,CAAC,mBAAmB,CAAC;YACvC,QAAQ,EAAE,OAAO;YACjB,QAAQ,EAAE,IAAI;YACd,SAAS,EAAE,GAAG;YACd,cAAc,EAAE,IAAI;YACpB,YAAY,EAAE,EAAE;SACjB,CAAC,CACH,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,KAAiB;QAC7B,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QAC3C,MAAM,EAAE,GAAG,WAAW,CAAC,GAAG,EAAE,CAAC;QAC7B,MAAM,QAAQ,GAAmB,EAAE,CAAC;QAEpC,qCAAqC;QACrC,MAAM,eAAe,GAAG,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC;QAClD,IAAI,CAAC,eAAe,CAAC,KAAK,EAAE,CAAC;YAC3B,KAAK,MAAM,GAAG,IAAI,eAAe,CAAC,MAAM,EAAE,CAAC;gBACzC,QAAQ,CAAC,IAAI,CAAC;oBACZ,IAAI,EAAE,iBAAiB;oBACvB,QAAQ,EAAE,MAAM;oBAChB,IAAI,EAAE,kBAAkB;oBACxB,WAAW,EAAE,2BAA2B,GAAG,CAAC,KAAK,EAAE;oBACnD,QAAQ,EAAE,CAAC,GAAG,CAAC,OAAO,CAAC;oBACvB,WAAW,EAAE,+BAA+B,GAAG,CAAC,KAAK,GAAG;iBACzD,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,wCAAwC;QACxC,IAAI,KAAK,CAAC,OAAO,KAAK,IAAI,IAAI,KAAK,CAAC,OAAO,KAAK,SAAS,EAAE,CAAC;YAC1D,IAAI,OAAO,KAAK,CAAC,OAAO,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC;gBACtE,QAAQ,CAAC,IAAI,CAAC;oBACZ,IAAI,EAAE,iBAAiB;oBACvB,QAAQ,EAAE,MAAM;oBAChB,IAAI,EAAE,yBAAyB;oBAC/B,WAAW,EAAE,2DAA2D;oBACxE,QAAQ,EAAE,CAAC,kBAAkB,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,KAAK,CAAC,OAAO,EAAE,CAAC;oBAC7F,WAAW,EAAE,wCAAwC;iBACtD,CAAC,CAAC;YACL,CAAC;iBAAM,CAAC;gBACN,2DAA2D;gBAC3D,MAAM,KAAK,GAAG,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;gBAClD,IAAI,KAAK,GAAG,iBAAiB,EAAE,CAAC;oBAC9B,QAAQ,CAAC,IAAI,CAAC;wBACZ,IAAI,EAAE,iBAAiB;wBACvB,QAAQ,EAAE,MAAM;wBAChB,IAAI,EAAE,sBAAsB;wBAC5B,WAAW,EAAE,yBAAyB,KAAK,oBAAoB,iBAAiB,EAAE;wBAClF,QAAQ,EAAE,CAAC,SAAS,KAAK,SAAS,iBAAiB,EAAE,CAAC;wBACtD,WAAW,EAAE,wCAAwC,iBAAiB,SAAS;qBAChF,CAAC,CAAC;gBACL,CAAC;gBAED,oDAAoD;gBACpD,MAAM,QAAQ,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;gBAC/C,IAAI,QAAQ,GAAG,eAAe,EAAE,CAAC;oBAC/B,QAAQ,CAAC,IAAI,CAAC;wBACZ,IAAI,EAAE,iBAAiB;wBACvB,QAAQ,EAAE,QAAQ;wBAClB,IAAI,EAAE,mBAAmB;wBACzB,WAAW,EAAE,oBAAoB,QAAQ,4BAA4B,eAAe,EAAE;wBACtF,QAAQ,EAAE,CAAC,QAAQ,QAAQ,SAAS,eAAe,EAAE,CAAC;wBACtD,WAAW,EAAE,4CAA4C;qBAC1D,CAAC,CAAC;gBACL,CAAC;gBAED,uCAAuC;gBACvC,KAAK,MAAM,KAAK,IAAI,uBAAuB,EAAE,CAAC;oBAC5C,IAAI,CAAC,CAAC,KAAK,IAAI,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC;wBAC9B,QAAQ,CAAC,IAAI,CAAC;4BACZ,IAAI,EAAE,SAAS;4BACf,QAAQ,EAAE,QAAQ;4BAClB,IAAI,EAAE,0BAA0B;4BAChC,WAAW,EAAE,sCAAsC,KAAK,GAAG;4BAC3D,QAAQ,EAAE,CAAC,UAAU,KAAK,wBAAwB,CAAC;4BACnD,WAAW,EAAE,YAAY,KAAK,yBAAyB;yBACxD,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;gBAED,yCAAyC;gBACzC,MAAM,iBAAiB,GAAG,IAAI,CAAC,wBAAwB,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;gBACvE,KAAK,MAAM,OAAO,IAAI,iBAAiB,EAAE,CAAC;oBACxC,QAAQ,CAAC,IAAI,CAAC;wBACZ,IAAI,EAAE,iBAAiB;wBACvB,QAAQ,EAAE,UAAU;wBACpB,IAAI,EAAE,wBAAwB;wBAC9B,WAAW,EAAE,iDAAiD,OAAO,GAAG;wBACxE,QAAQ,EAAE,CAAC,kBAAkB,OAAO,EAAE,CAAC;wBACvC,WAAW,EAAE,gEAAgE;qBAC9E,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;QAED,kCAAkC;QAClC,IAAI,KAAK,CAAC,QAAQ,EAAE,CAAC;YACnB,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,gBAAgB,EAAE,CAAC;gBACrC,QAAQ,CAAC,IAAI,CAAC;oBACZ,IAAI,EAAE,SAAS;oBACf,QAAQ,EAAE,KAAK;oBACf,IAAI,EAAE,sBAAsB;oBAC5B,WAAW,EAAE,oCAAoC;oBACjD,QAAQ,EAAE,CAAC,oCAAoC,CAAC;iBACjD,CAAC,CAAC;YACL,CAAC;YACD,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC;gBAC3B,QAAQ,CAAC,IAAI,CAAC;oBACZ,IAAI,EAAE,SAAS;oBACf,QAAQ,EAAE,KAAK;oBACf,IAAI,EAAE,mBAAmB;oBACzB,WAAW,EAAE,4CAA4C;oBACzD,QAAQ,EAAE,CAAC,0BAA0B,CAAC;iBACvC,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,MAAM,WAAW,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QAC7C,MAAM,UAAU,GAAG,WAAW,CAAC,GAAG,EAAE,GAAG,EAAE,CAAC;QAC1C,MAAM,MAAM,GAAgB;YAC1B,SAAS;YACT,WAAW;YACX,UAAU;YACV,UAAU,EAAE,CAAC;YACb,gBAAgB,EAAE,UAAU;SAC7B,CAAC;QAEF,MAAM,WAAW,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC;QACpE,MAAM,OAAO,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC;QAC5D,MAAM,MAAM,GAAG,CAAC,WAAW,IAAI,CAAC,OAAO,CAAC;QAExC,IAAI,MAAM,EAAE,CAAC;YACX,OAAO,IAAI,CAAC,mBAAmB,CAAC,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,CAAC,CAAC;QACvE,CAAC;QAED,OAAO,IAAI,CAAC,mBAAmB,CAC7B,WAAW,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,UAAU,EACjC,GAAG,EACH,QAAQ,EACR,MAAM,CACP,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,YAAY,CAAC,GAAY,EAAE,OAAe;QAChD,IAAI,OAAO,GAAG,iBAAiB;YAAE,OAAO,OAAO,CAAC,CAAC,iBAAiB;QAClE,IAAI,GAAG,KAAK,IAAI,IAAI,OAAO,GAAG,KAAK,QAAQ;YAAE,OAAO,OAAO,CAAC;QAE5D,IAAI,GAAG,GAAG,OAAO,CAAC;QAClB,MAAM,OAAO,GAAG,MAAM,CAAC,MAAM,CAAC,GAA8B,CAAC,CAAC;QAC9D,KAAK,MAAM,GAAG,IAAI,OAAO,EAAE,CAAC;YAC1B,IAAI,GAAG,KAAK,IAAI,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;gBAC5C,MAAM,CAAC,GAAG,IAAI,CAAC,YAAY,CAAC,GAAG,EAAE,OAAO,GAAG,CAAC,CAAC,CAAC;gBAC9C,IAAI,CAAC,GAAG,GAAG;oBAAE,GAAG,GAAG,CAAC,CAAC;gBACrB,IAAI,GAAG,GAAG,iBAAiB;oBAAE,OAAO,GAAG,CAAC,CAAC,OAAO;YAClD,CAAC;QACH,CAAC;QACD,OAAO,GAAG,CAAC;IACb,CAAC;IAED;;OAEG;IACK,SAAS,CAAC,GAA4B;QAC5C,IAAI,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC;QACpC,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;YACrC,IAAI,GAAG,KAAK,IAAI,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;gBACnE,KAAK,IAAI,IAAI,CAAC,SAAS,CAAC,GAA8B,CAAC,CAAC;gBACxD,IAAI,KAAK,GAAG,eAAe;oBAAE,OAAO,KAAK,CAAC,CAAC,aAAa;YAC1D,CAAC;QACH,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;OAEG;IACK,wBAAwB,CAAC,GAA4B;QAC3D,MAAM,SAAS,GAAG,CAAC,WAAW,EAAE,aAAa,EAAE,WAAW,CAAC,CAAC;QAC5D,MAAM,KAAK,GAAa,EAAE,CAAC;QAE3B,MAAM,KAAK,GAAG,CAAC,CAA0B,EAAE,IAAY,EAAE,EAAE;YACzD,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;gBACjC,IAAI,SAAS,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;oBAC5B,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,IAAI,IAAI,GAAG,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;gBAC5C,CAAC;gBACD,MAAM,GAAG,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC;gBACnB,IAAI,GAAG,KAAK,IAAI,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;oBACnE,KAAK,CAAC,GAA8B,EAAE,IAAI,CAAC,CAAC,CAAC,GAAG,IAAI,IAAI,GAAG,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;gBACvE,CAAC;YACH,CAAC;QACH,CAAC,CAAC;QAEF,KAAK,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QACf,OAAO,KAAK,CAAC;IACf,CAAC;CACF"}
|
|
@@ -9,8 +9,8 @@
|
|
|
9
9
|
*
|
|
10
10
|
* @packageDocumentation
|
|
11
11
|
*/
|
|
12
|
-
import { BaseSecurityLayer } from
|
|
13
|
-
import type { LayerInput, LayerExecutionResult } from
|
|
12
|
+
import { BaseSecurityLayer } from '../index.js';
|
|
13
|
+
import type { LayerInput, LayerExecutionResult } from '../types.js';
|
|
14
14
|
/** Default limits — can be overridden via constructor options */
|
|
15
15
|
export interface L1SizeLimits {
|
|
16
16
|
/** Maximum total payload size in bytes (default: 1MB) */
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"L1-input-size.d.ts","sourceRoot":"","sources":["../../../src/layers/implementations/L1-input-size.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"L1-input-size.d.ts","sourceRoot":"","sources":["../../../src/layers/implementations/L1-input-size.ts"],"names":[],"mappings":"AAGA;;;;;;;;;;GAUG;AAEH,OAAO,EAAE,iBAAiB,EAAqB,MAAM,aAAa,CAAC;AACnE,OAAO,KAAK,EAAE,UAAU,EAAE,oBAAoB,EAA6B,MAAM,aAAa,CAAC;AAE/F,iEAAiE;AACjE,MAAM,WAAW,YAAY;IAC3B,yDAAyD;IACzD,eAAe,EAAE,MAAM,CAAC;IACxB,kEAAkE;IAClE,eAAe,EAAE,MAAM,CAAC;IACxB,yDAAyD;IACzD,cAAc,EAAE,MAAM,CAAC;IACvB,gFAAgF;IAChF,cAAc,EAAE,MAAM,CAAC;CACxB;AASD;;;;GAIG;AACH,qBAAa,kBAAmB,SAAQ,iBAAiB;IACvD,OAAO,CAAC,MAAM,CAAe;gBAEjB,MAAM,CAAC,EAAE,OAAO,CAAC,YAAY,CAAC;IAiBpC,OAAO,CAAC,KAAK,EAAE,UAAU,GAAG,OAAO,CAAC,oBAAoB,CAAC;IAqH/D,OAAO,CAAC,WAAW;CAUpB"}
|
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
// SPDX-License-Identifier: Apache-2.0
|
|
2
|
+
// Copyright 2024-2026 Vorion LLC
|
|
1
3
|
/**
|
|
2
4
|
* L1 — Input Size Limiter
|
|
3
5
|
*
|
|
@@ -9,7 +11,7 @@
|
|
|
9
11
|
*
|
|
10
12
|
* @packageDocumentation
|
|
11
13
|
*/
|
|
12
|
-
import { BaseSecurityLayer, createLayerConfig } from
|
|
14
|
+
import { BaseSecurityLayer, createLayerConfig } from '../index.js';
|
|
13
15
|
const DEFAULT_LIMITS = {
|
|
14
16
|
maxPayloadBytes: 1_048_576, // 1 MB
|
|
15
17
|
maxStringLength: 102_400, // 100 KB
|
|
@@ -24,12 +26,12 @@ const DEFAULT_LIMITS = {
|
|
|
24
26
|
export class L1InputSizeLimiter extends BaseSecurityLayer {
|
|
25
27
|
limits;
|
|
26
28
|
constructor(limits) {
|
|
27
|
-
super(createLayerConfig(1,
|
|
28
|
-
description:
|
|
29
|
-
tier:
|
|
30
|
-
primaryThreat:
|
|
31
|
-
secondaryThreats: [
|
|
32
|
-
failMode:
|
|
29
|
+
super(createLayerConfig(1, 'Input Size Limiter', {
|
|
30
|
+
description: 'Enforces payload size, string length, array length, and total field count limits',
|
|
31
|
+
tier: 'input_validation',
|
|
32
|
+
primaryThreat: 'denial_of_service',
|
|
33
|
+
secondaryThreats: ['resource_abuse'],
|
|
34
|
+
failMode: 'block',
|
|
33
35
|
required: true,
|
|
34
36
|
timeoutMs: 200,
|
|
35
37
|
parallelizable: true,
|
|
@@ -49,27 +51,23 @@ export class L1InputSizeLimiter extends BaseSecurityLayer {
|
|
|
49
51
|
}
|
|
50
52
|
catch {
|
|
51
53
|
const timing = this.buildTiming(startedAt, t0);
|
|
52
|
-
return this.createFailureResult(
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
},
|
|
61
|
-
], timing);
|
|
54
|
+
return this.createFailureResult('deny', 0.95, [{
|
|
55
|
+
type: 'threat_detected',
|
|
56
|
+
severity: 'high',
|
|
57
|
+
code: 'L1_UNSERIALIZABLE',
|
|
58
|
+
description: 'Payload cannot be serialized to JSON — possible circular reference or exotic object',
|
|
59
|
+
evidence: ['JSON.stringify failed'],
|
|
60
|
+
remediation: 'Ensure payload is a plain, serializable JSON object',
|
|
61
|
+
}], timing);
|
|
62
62
|
}
|
|
63
63
|
const payloadBytes = new TextEncoder().encode(serialized).length;
|
|
64
64
|
if (payloadBytes > this.limits.maxPayloadBytes) {
|
|
65
65
|
findings.push({
|
|
66
|
-
type:
|
|
67
|
-
severity:
|
|
68
|
-
code:
|
|
66
|
+
type: 'threat_detected',
|
|
67
|
+
severity: 'high',
|
|
68
|
+
code: 'L1_PAYLOAD_TOO_LARGE',
|
|
69
69
|
description: `Payload size ${payloadBytes} bytes exceeds limit of ${this.limits.maxPayloadBytes} bytes`,
|
|
70
|
-
evidence: [
|
|
71
|
-
`size=${payloadBytes}, limit=${this.limits.maxPayloadBytes}`,
|
|
72
|
-
],
|
|
70
|
+
evidence: [`size=${payloadBytes}, limit=${this.limits.maxPayloadBytes}`],
|
|
73
71
|
remediation: `Reduce payload size to under ${this.limits.maxPayloadBytes} bytes`,
|
|
74
72
|
});
|
|
75
73
|
}
|
|
@@ -79,16 +77,14 @@ export class L1InputSizeLimiter extends BaseSecurityLayer {
|
|
|
79
77
|
const walk = (obj, path) => {
|
|
80
78
|
if (obj === null || obj === undefined)
|
|
81
79
|
return;
|
|
82
|
-
if (typeof obj ===
|
|
80
|
+
if (typeof obj === 'string') {
|
|
83
81
|
if (obj.length > this.limits.maxStringLength) {
|
|
84
82
|
violations.push({
|
|
85
|
-
type:
|
|
86
|
-
severity:
|
|
87
|
-
code:
|
|
83
|
+
type: 'threat_detected',
|
|
84
|
+
severity: 'high',
|
|
85
|
+
code: 'L1_STRING_TOO_LONG',
|
|
88
86
|
description: `String at '${path}' is ${obj.length} chars, exceeding limit of ${this.limits.maxStringLength}`,
|
|
89
|
-
evidence: [
|
|
90
|
-
`path=${path}, length=${obj.length}, limit=${this.limits.maxStringLength}`,
|
|
91
|
-
],
|
|
87
|
+
evidence: [`path=${path}, length=${obj.length}, limit=${this.limits.maxStringLength}`],
|
|
92
88
|
remediation: `Shorten the string at '${path}'`,
|
|
93
89
|
});
|
|
94
90
|
}
|
|
@@ -97,13 +93,11 @@ export class L1InputSizeLimiter extends BaseSecurityLayer {
|
|
|
97
93
|
if (Array.isArray(obj)) {
|
|
98
94
|
if (obj.length > this.limits.maxArrayLength) {
|
|
99
95
|
violations.push({
|
|
100
|
-
type:
|
|
101
|
-
severity:
|
|
102
|
-
code:
|
|
96
|
+
type: 'threat_detected',
|
|
97
|
+
severity: 'high',
|
|
98
|
+
code: 'L1_ARRAY_TOO_LONG',
|
|
103
99
|
description: `Array at '${path}' has ${obj.length} elements, exceeding limit of ${this.limits.maxArrayLength}`,
|
|
104
|
-
evidence: [
|
|
105
|
-
`path=${path}, length=${obj.length}, limit=${this.limits.maxArrayLength}`,
|
|
106
|
-
],
|
|
100
|
+
evidence: [`path=${path}, length=${obj.length}, limit=${this.limits.maxArrayLength}`],
|
|
107
101
|
remediation: `Reduce array size at '${path}'`,
|
|
108
102
|
});
|
|
109
103
|
}
|
|
@@ -114,19 +108,17 @@ export class L1InputSizeLimiter extends BaseSecurityLayer {
|
|
|
114
108
|
}
|
|
115
109
|
return;
|
|
116
110
|
}
|
|
117
|
-
if (typeof obj ===
|
|
111
|
+
if (typeof obj === 'object') {
|
|
118
112
|
const keys = Object.keys(obj);
|
|
119
113
|
totalFields += keys.length;
|
|
120
114
|
if (totalFields > this.limits.maxTotalFields) {
|
|
121
115
|
violations.push({
|
|
122
|
-
type:
|
|
123
|
-
severity:
|
|
124
|
-
code:
|
|
116
|
+
type: 'threat_detected',
|
|
117
|
+
severity: 'medium',
|
|
118
|
+
code: 'L1_TOO_MANY_FIELDS',
|
|
125
119
|
description: `Total field count ${totalFields} exceeds limit of ${this.limits.maxTotalFields}`,
|
|
126
|
-
evidence: [
|
|
127
|
-
|
|
128
|
-
],
|
|
129
|
-
remediation: "Reduce the number of fields in the payload",
|
|
120
|
+
evidence: [`totalFields=${totalFields}, limit=${this.limits.maxTotalFields}`],
|
|
121
|
+
remediation: 'Reduce the number of fields in the payload',
|
|
130
122
|
});
|
|
131
123
|
return; // stop walking
|
|
132
124
|
}
|
|
@@ -135,16 +127,16 @@ export class L1InputSizeLimiter extends BaseSecurityLayer {
|
|
|
135
127
|
}
|
|
136
128
|
}
|
|
137
129
|
};
|
|
138
|
-
walk(payload,
|
|
130
|
+
walk(payload, '');
|
|
139
131
|
findings.push(...violations);
|
|
140
132
|
const timing = this.buildTiming(startedAt, t0);
|
|
141
|
-
const hasCritical = findings.some((f) => f.severity ===
|
|
142
|
-
const hasHigh = findings.some((f) => f.severity ===
|
|
133
|
+
const hasCritical = findings.some((f) => f.severity === 'critical');
|
|
134
|
+
const hasHigh = findings.some((f) => f.severity === 'high');
|
|
143
135
|
const passed = !hasCritical && !hasHigh;
|
|
144
136
|
if (passed) {
|
|
145
|
-
return this.createSuccessResult(
|
|
137
|
+
return this.createSuccessResult('allow', 0.95, findings, [], timing);
|
|
146
138
|
}
|
|
147
|
-
return this.createFailureResult(
|
|
139
|
+
return this.createFailureResult('deny', 0.9, findings, timing);
|
|
148
140
|
}
|
|
149
141
|
buildTiming(startedAt, t0) {
|
|
150
142
|
const durationMs = performance.now() - t0;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"L1-input-size.js","sourceRoot":"","sources":["../../../src/layers/implementations/L1-input-size.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;
|
|
1
|
+
{"version":3,"file":"L1-input-size.js","sourceRoot":"","sources":["../../../src/layers/implementations/L1-input-size.ts"],"names":[],"mappings":"AAAA,sCAAsC;AACtC,iCAAiC;AAEjC;;;;;;;;;;GAUG;AAEH,OAAO,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAenE,MAAM,cAAc,GAAiB;IACnC,eAAe,EAAE,SAAS,EAAE,OAAO;IACnC,eAAe,EAAE,OAAO,EAAI,SAAS;IACrC,cAAc,EAAE,MAAM;IACtB,cAAc,EAAE,KAAK;CACtB,CAAC;AAEF;;;;GAIG;AACH,MAAM,OAAO,kBAAmB,SAAQ,iBAAiB;IAC/C,MAAM,CAAe;IAE7B,YAAY,MAA8B;QACxC,KAAK,CACH,iBAAiB,CAAC,CAAC,EAAE,oBAAoB,EAAE;YACzC,WAAW,EAAE,kFAAkF;YAC/F,IAAI,EAAE,kBAAkB;YACxB,aAAa,EAAE,mBAAmB;YAClC,gBAAgB,EAAE,CAAC,gBAAgB,CAAC;YACpC,QAAQ,EAAE,OAAO;YACjB,QAAQ,EAAE,IAAI;YACd,SAAS,EAAE,GAAG;YACd,cAAc,EAAE,IAAI;YACpB,YAAY,EAAE,EAAE;SACjB,CAAC,CACH,CAAC;QACF,IAAI,CAAC,MAAM,GAAG,EAAE,GAAG,cAAc,EAAE,GAAG,MAAM,EAAE,CAAC;IACjD,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,KAAiB;QAC7B,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QAC3C,MAAM,EAAE,GAAG,WAAW,CAAC,GAAG,EAAE,CAAC;QAC7B,MAAM,QAAQ,GAAmB,EAAE,CAAC;QAEpC,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC;QAE9B,wDAAwD;QACxD,IAAI,UAAkB,CAAC;QACvB,IAAI,CAAC;YACH,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;QACvC,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,MAAM,GAAG,IAAI,CAAC,WAAW,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;YAC/C,OAAO,IAAI,CAAC,mBAAmB,CAC7B,MAAM,EACN,IAAI,EACJ,CAAC;oBACC,IAAI,EAAE,iBAAiB;oBACvB,QAAQ,EAAE,MAAM;oBAChB,IAAI,EAAE,mBAAmB;oBACzB,WAAW,EAAE,qFAAqF;oBAClG,QAAQ,EAAE,CAAC,uBAAuB,CAAC;oBACnC,WAAW,EAAE,qDAAqD;iBACnE,CAAC,EACF,MAAM,CACP,CAAC;QACJ,CAAC;QAED,MAAM,YAAY,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,MAAM,CAAC;QACjE,IAAI,YAAY,GAAG,IAAI,CAAC,MAAM,CAAC,eAAe,EAAE,CAAC;YAC/C,QAAQ,CAAC,IAAI,CAAC;gBACZ,IAAI,EAAE,iBAAiB;gBACvB,QAAQ,EAAE,MAAM;gBAChB,IAAI,EAAE,sBAAsB;gBAC5B,WAAW,EAAE,gBAAgB,YAAY,2BAA2B,IAAI,CAAC,MAAM,CAAC,eAAe,QAAQ;gBACvG,QAAQ,EAAE,CAAC,QAAQ,YAAY,WAAW,IAAI,CAAC,MAAM,CAAC,eAAe,EAAE,CAAC;gBACxE,WAAW,EAAE,gCAAgC,IAAI,CAAC,MAAM,CAAC,eAAe,QAAQ;aACjF,CAAC,CAAC;QACL,CAAC;QAED,+DAA+D;QAC/D,IAAI,WAAW,GAAG,CAAC,CAAC;QACpB,MAAM,UAAU,GAAmB,EAAE,CAAC;QAEtC,MAAM,IAAI,GAAG,CAAC,GAAY,EAAE,IAAY,EAAQ,EAAE;YAChD,IAAI,GAAG,KAAK,IAAI,IAAI,GAAG,KAAK,SAAS;gBAAE,OAAO;YAE9C,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;gBAC5B,IAAI,GAAG,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,eAAe,EAAE,CAAC;oBAC7C,UAAU,CAAC,IAAI,CAAC;wBACd,IAAI,EAAE,iBAAiB;wBACvB,QAAQ,EAAE,MAAM;wBAChB,IAAI,EAAE,oBAAoB;wBAC1B,WAAW,EAAE,cAAc,IAAI,QAAQ,GAAG,CAAC,MAAM,8BAA8B,IAAI,CAAC,MAAM,CAAC,eAAe,EAAE;wBAC5G,QAAQ,EAAE,CAAC,QAAQ,IAAI,YAAY,GAAG,CAAC,MAAM,WAAW,IAAI,CAAC,MAAM,CAAC,eAAe,EAAE,CAAC;wBACtF,WAAW,EAAE,0BAA0B,IAAI,GAAG;qBAC/C,CAAC,CAAC;gBACL,CAAC;gBACD,OAAO;YACT,CAAC;YAED,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;gBACvB,IAAI,GAAG,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,cAAc,EAAE,CAAC;oBAC5C,UAAU,CAAC,IAAI,CAAC;wBACd,IAAI,EAAE,iBAAiB;wBACvB,QAAQ,EAAE,MAAM;wBAChB,IAAI,EAAE,mBAAmB;wBACzB,WAAW,EAAE,aAAa,IAAI,SAAS,GAAG,CAAC,MAAM,iCAAiC,IAAI,CAAC,MAAM,CAAC,cAAc,EAAE;wBAC9G,QAAQ,EAAE,CAAC,QAAQ,IAAI,YAAY,GAAG,CAAC,MAAM,WAAW,IAAI,CAAC,MAAM,CAAC,cAAc,EAAE,CAAC;wBACrF,WAAW,EAAE,yBAAyB,IAAI,GAAG;qBAC9C,CAAC,CAAC;gBACL,CAAC;gBACD,iEAAiE;gBACjE,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;gBAC7C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,UAAU,EAAE,CAAC,EAAE,EAAE,CAAC;oBACpC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,GAAG,IAAI,IAAI,CAAC,GAAG,CAAC,CAAC;gBAChC,CAAC;gBACD,OAAO;YACT,CAAC;YAED,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;gBAC5B,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,GAA8B,CAAC,CAAC;gBACzD,WAAW,IAAI,IAAI,CAAC,MAAM,CAAC;gBAE3B,IAAI,WAAW,GAAG,IAAI,CAAC,MAAM,CAAC,cAAc,EAAE,CAAC;oBAC7C,UAAU,CAAC,IAAI,CAAC;wBACd,IAAI,EAAE,iBAAiB;wBACvB,QAAQ,EAAE,QAAQ;wBAClB,IAAI,EAAE,oBAAoB;wBAC1B,WAAW,EAAE,qBAAqB,WAAW,qBAAqB,IAAI,CAAC,MAAM,CAAC,cAAc,EAAE;wBAC9F,QAAQ,EAAE,CAAC,eAAe,WAAW,WAAW,IAAI,CAAC,MAAM,CAAC,cAAc,EAAE,CAAC;wBAC7E,WAAW,EAAE,4CAA4C;qBAC1D,CAAC,CAAC;oBACH,OAAO,CAAC,eAAe;gBACzB,CAAC;gBAED,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;oBACvB,IAAI,CAAE,GAA+B,CAAC,GAAG,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC,GAAG,IAAI,IAAI,GAAG,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;gBAC7E,CAAC;YACH,CAAC;QACH,CAAC,CAAC;QAEF,IAAI,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;QAClB,QAAQ,CAAC,IAAI,CAAC,GAAG,UAAU,CAAC,CAAC;QAE7B,MAAM,MAAM,GAAG,IAAI,CAAC,WAAW,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;QAC/C,MAAM,WAAW,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC;QACpE,MAAM,OAAO,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC;QAC5D,MAAM,MAAM,GAAG,CAAC,WAAW,IAAI,CAAC,OAAO,CAAC;QAExC,IAAI,MAAM,EAAE,CAAC;YACX,OAAO,IAAI,CAAC,mBAAmB,CAAC,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,CAAC,CAAC;QACvE,CAAC;QAED,OAAO,IAAI,CAAC,mBAAmB,CAAC,MAAM,EAAE,GAAG,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC;IACjE,CAAC;IAEO,WAAW,CAAC,SAAiB,EAAE,EAAU;QAC/C,MAAM,UAAU,GAAG,WAAW,CAAC,GAAG,EAAE,GAAG,EAAE,CAAC;QAC1C,OAAO;YACL,SAAS;YACT,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACrC,UAAU;YACV,UAAU,EAAE,CAAC;YACb,gBAAgB,EAAE,UAAU;SAC7B,CAAC;IACJ,CAAC;CACF"}
|
|
@@ -10,8 +10,8 @@
|
|
|
10
10
|
*
|
|
11
11
|
* @packageDocumentation
|
|
12
12
|
*/
|
|
13
|
-
import { BaseSecurityLayer } from
|
|
14
|
-
import type { LayerInput, LayerExecutionResult } from
|
|
13
|
+
import { BaseSecurityLayer } from '../index.js';
|
|
14
|
+
import type { LayerInput, LayerExecutionResult } from '../types.js';
|
|
15
15
|
/**
|
|
16
16
|
* L2 Character Set Sanitizer
|
|
17
17
|
*
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"L2-charset-sanitizer.d.ts","sourceRoot":"","sources":["../../../src/layers/implementations/L2-charset-sanitizer.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"L2-charset-sanitizer.d.ts","sourceRoot":"","sources":["../../../src/layers/implementations/L2-charset-sanitizer.ts"],"names":[],"mappings":"AAGA;;;;;;;;;;;GAWG;AAEH,OAAO,EAAE,iBAAiB,EAAqB,MAAM,aAAa,CAAC;AACnE,OAAO,KAAK,EACV,UAAU,EACV,oBAAoB,EAIrB,MAAM,aAAa,CAAC;AA0FrB;;;;GAIG;AACH,qBAAa,kBAAmB,SAAQ,iBAAiB;;IAiBjD,OAAO,CAAC,KAAK,EAAE,UAAU,GAAG,OAAO,CAAC,oBAAoB,CAAC;IA0B/D,OAAO,CAAC,UAAU;IA6BlB,OAAO,CAAC,UAAU;IAkDlB,OAAO,CAAC,gBAAgB;IAqBxB,OAAO,CAAC,WAAW;CAUpB"}
|