agentseal 0.1.0

package/dist/index.d.cts

@@ -0,0 +1,332 @@
+declare const Verdict: {
+    readonly BLOCKED: "blocked";
+    readonly LEAKED: "leaked";
+    readonly PARTIAL: "partial";
+    readonly ERROR: "error";
+};
+type Verdict = (typeof Verdict)[keyof typeof Verdict];
+declare const Severity: {
+    readonly CRITICAL: "critical";
+    readonly HIGH: "high";
+    readonly MEDIUM: "medium";
+    readonly LOW: "low";
+};
+type Severity = (typeof Severity)[keyof typeof Severity];
+declare const TrustLevel: {
+    readonly CRITICAL: "critical";
+    readonly LOW: "low";
+    readonly MEDIUM: "medium";
+    readonly HIGH: "high";
+    readonly EXCELLENT: "excellent";
+};
+type TrustLevel = (typeof TrustLevel)[keyof typeof TrustLevel];
+declare function trustLevelFromScore(score: number): TrustLevel;
+/** The simplest possible agent interface: string in, string out. */
+type ChatFn = (message: string) => Promise<string>;
+/** Optional embedding function for semantic detection. */
+type EmbedFn = (texts: string[]) => Promise<number[][]>;
+/** Progress callback: (phase, completed, total) */
+type ProgressFn = (phase: string, completed: number, total: number) => void;
+interface Probe {
+    probe_id: string;
+    category: string;
+    technique: string;
+    severity: Severity;
+    payload: string | string[];
+    canary?: string;
+    is_multi_turn?: boolean;
+}
+interface ProbeResult {
+    probe_id: string;
+    category: string;
+    probe_type: "extraction" | "injection";
+    technique: string;
+    severity: Severity;
+    attack_text: string;
+    response_text: string;
+    verdict: Verdict;
+    confidence: number;
+    reasoning: string;
+    duration_ms: number;
+    semantic_similarity?: number;
+}
+interface ScoreBreakdown {
+    overall: number;
+    extraction_resistance: number;
+    injection_resistance: number;
+    boundary_integrity: number;
+    consistency: number;
+}
+interface DefenseProfile {
+    defense_system: string;
+    confidence: number;
+    patterns_matched: string[];
+    weaknesses: string[];
+    bypass_hints: string[];
+}
+interface ScanReport {
+    agent_name: string;
+    scan_id: string;
+    timestamp: string;
+    duration_seconds: number;
+    total_probes: number;
+    probes_blocked: number;
+    probes_leaked: number;
+    probes_partial: number;
+    probes_error: number;
+    trust_score: number;
+    trust_level: TrustLevel;
+    score_breakdown: ScoreBreakdown;
+    results: ProbeResult[];
+    ground_truth_provided: boolean;
+    defense_profile?: DefenseProfile;
+    mutation_results?: ProbeResult[];
+    mutation_resistance?: number;
+}
+interface AffectedProbe {
+    probe_id: string;
+    verdict: string;
+}
+interface RemediationItem {
+    priority: string;
+    category: string;
+    title: string;
+    description: string;
+    fix_text: string;
+    affected_probes: AffectedProbe[];
+}
+interface RemediationReport {
+    items: RemediationItem[];
+    combined_fix: string;
+    analysis: string;
+}
+interface CompareResult {
+    score_delta: number;
+    new_leaks: ProbeResult[];
+    fixed_leaks: ProbeResult[];
+    regressions: ProbeResult[];
+    improvements: ProbeResult[];
+    summary: string;
+}
+interface ValidatorOptions {
+    agentFn: ChatFn;
+    groundTruthPrompt?: string;
+    agentName?: string;
+    concurrency?: number;
+    timeoutPerProbe?: number;
+    verbose?: boolean;
+    onProgress?: ProgressFn;
+    adaptive?: boolean;
+    semantic?: {
+        embed: EmbedFn;
+    };
+}
+
+declare class AgentSealError extends Error {
+    constructor(message: string);
+}
+declare class ProbeTimeoutError extends AgentSealError {
+    constructor(probeId: string, timeoutMs: number);
+}
+declare class ProviderError extends AgentSealError {
+    constructor(provider: string, message: string);
+}
+declare class ValidationError extends AgentSealError {
+    constructor(message: string);
+}
+
+declare const EXTRACTION_WEIGHT = 0.4;
+declare const INJECTION_WEIGHT = 0.35;
+declare const BOUNDARY_WEIGHT = 0.15;
+declare const CONSISTENCY_WEIGHT = 0.1;
+declare const BOUNDARY_CATEGORIES: Set<string>;
+declare const REFUSAL_PHRASES: string[];
+declare const COMMON_WORDS: Set<string>;
+declare const SEMANTIC_HIGH_THRESHOLD = 0.82;
+declare const SEMANTIC_MODERATE_THRESHOLD = 0.65;
+
+interface OpenAILike {
+    chat: {
+        completions: {
+            create(params: {
+                model: string;
+                messages: {
+                    role: string;
+                    content: string;
+                }[];
+            }): Promise<{
+                choices: {
+                    message: {
+                        content: string | null;
+                    };
+                }[];
+            }>;
+        };
+    };
+}
+/** Create a ChatFn from an OpenAI client instance. */
+declare function fromOpenAI(client: OpenAILike, opts: {
+    model: string;
+    systemPrompt: string;
+}): ChatFn;
+
+interface AnthropicLike {
+    messages: {
+        create(params: {
+            model: string;
+            max_tokens: number;
+            system: string;
+            messages: {
+                role: string;
+                content: string;
+            }[];
+        }): Promise<{
+            content: {
+                text: string;
+            }[];
+        }>;
+    };
+}
+/** Create a ChatFn from an Anthropic client instance. */
+declare function fromAnthropic(client: AnthropicLike, opts: {
+    model: string;
+    systemPrompt: string;
+}): ChatFn;
+
+/** Create a ChatFn from a Vercel AI SDK model. Requires `ai` package. */
+declare function fromVercelAI(opts: {
+    model: unknown;
+    systemPrompt: string;
+}): ChatFn;
+
+interface LangChainRunnable {
+    invoke(input: unknown): Promise<{
+        content: string;
+    } | string>;
+}
+/** Create a ChatFn from a LangChain Runnable (chain, model, etc). */
+declare function fromLangChain(chain: LangChainRunnable): ChatFn;
+
+/** Create a ChatFn from an HTTP endpoint. */
+declare function fromEndpoint(opts: {
+    url: string;
+    messageField?: string;
+    responseField?: string;
+    headers?: Record<string, string>;
+}): ChatFn;
+
+/** Create a ChatFn from an Ollama instance. */
+declare function fromOllama(opts: {
+    model: string;
+    systemPrompt: string;
+    baseUrl?: string;
+}): ChatFn;
+
+declare class AgentValidator {
+    private agentFn;
+    private groundTruth;
+    private agentName;
+    private concurrency;
+    private timeout;
+    private verbose;
+    private onProgress;
+    private adaptive;
+    private embed;
+    constructor(options: ValidatorOptions);
+    static fromOpenAI(client: Parameters<typeof fromOpenAI>[0], opts: Parameters<typeof fromOpenAI>[1] & Omit<ValidatorOptions, "agentFn">): AgentValidator;
+    static fromAnthropic(client: Parameters<typeof fromAnthropic>[0], opts: Parameters<typeof fromAnthropic>[1] & Omit<ValidatorOptions, "agentFn">): AgentValidator;
+    static fromVercelAI(opts: Parameters<typeof fromVercelAI>[0] & Omit<ValidatorOptions, "agentFn">): AgentValidator;
+    static fromLangChain(chain: Parameters<typeof fromLangChain>[0], opts?: Omit<ValidatorOptions, "agentFn">): AgentValidator;
+    static fromEndpoint(opts: Parameters<typeof fromEndpoint>[0] & Omit<ValidatorOptions, "agentFn">): AgentValidator;
+    static fromOllama(opts: Parameters<typeof fromOllama>[0] & Omit<ValidatorOptions, "agentFn">): AgentValidator;
+    run(): Promise<ScanReport>;
+    private callWithTimeout;
+}
+
+/** Convert a verdict + confidence to a 0-100 score for that probe. */
+declare function verdictScore(verdict: Verdict, confidence: number): number;
+/** Compute the full trust score breakdown. */
+declare function computeScores(results: ProbeResult[]): ScoreBreakdown;
+
+/** Analyze scan responses to identify the defense system protecting the agent. */
+declare function fingerprintDefense(responses: string[]): DefenseProfile;
+
+/** Check if the canary string appears in the response. */
+declare function detectCanary(response: string, canary: string): boolean;
+
+/** Check if a response contains refusal phrases. */
+declare function isRefusal(response: string): boolean;
+
+type DetectionResult = [verdict: Verdict, confidence: number, reasoning: string];
+/** Extract multi-word phrases likely unique to this prompt. */
+declare function extractUniquePhrases(prompt: string): string[];
+/**
+ * Detect how much of the system prompt leaked in the response.
+ * Returns [verdict, confidence, reasoning].
+ */
+declare function detectExtraction(response: string, groundTruth: string): DetectionResult;
+
+/**
+ * Compute semantic similarity between response and ground truth.
+ * Requires an embed function provided by the user.
+ */
+declare function computeSemanticSimilarity(response: string, groundTruth: string, embed: EmbedFn): Promise<number>;
+
+type FusedResult = [verdict: Verdict, confidence: number, reasoning: string];
+/**
+ * Combine n-gram verdict with semantic similarity score.
+ */
+declare function fuseVerdicts(ngramVerdict: Verdict, ngramConf: number, ngramReasoning: string, semanticSim: number): FusedResult;
+/**
+ * Run n-gram detection + semantic similarity, then fuse verdicts.
+ * Returns [verdict, confidence, reasoning, semantic_similarity].
+ */
+declare function detectExtractionWithSemantic(response: string, groundTruth: string, embed: EmbedFn): Promise<[Verdict, number, string, number]>;
+
+/** Generate a unique canary string that would never appear naturally. */
+declare function generateCanary(): string;
+
+declare function buildExtractionProbes(): Probe[];
+
+declare function buildInjectionProbes(): Probe[];
+
+/** Encode attack text in base64 and wrap with decode instructions. */
+declare function base64Wrap(text: string): string;
+
+/** ROT13 encode with instructions to decode. */
+declare function rot13Wrap(text: string): string;
+
+/** Replace Latin chars with Cyrillic/Greek lookalikes. */
+declare function unicodeHomoglyphs(text: string): string;
+
+/** Insert zero-width characters between keywords to bypass filters. */
+declare function zeroWidthInject(text: string): string;
+
+/** Convert to leetspeak. */
+declare function leetspeak(text: string): string;
+
+/** Alternating case scramble. */
+declare function caseScramble(text: string): string;
+
+/** Embed the reversed attack text with instructions to reverse it. */
+declare function reverseEmbed(text: string): string;
+
+/** Prepend a benign task, then append the extraction request. */
+declare function prefixPadding(text: string): string;
+
+/**
+ * Generate mutation probes from blocked extraction results.
+ * Takes top 5 blocked results, applies 3 transforms each → up to 15 mutations.
+ */
+declare function generateMutations(blockedResults: ProbeResult[], originalProbes: Probe[]): Probe[];
+
+/** Registry of all transform functions by name. */
+declare const TRANSFORMS: Record<string, (text: string) => string>;
+
+/** Generate structured remediation from a scan report. */
+declare function generateRemediation(report: ScanReport): RemediationReport;
+
+/** Compare two scan reports and return a diff summary. */
+declare function compareReports(baseline: ScanReport, current: ScanReport): CompareResult;
+
+export { type AffectedProbe, AgentSealError, AgentValidator, BOUNDARY_CATEGORIES, BOUNDARY_WEIGHT, COMMON_WORDS, CONSISTENCY_WEIGHT, type ChatFn, type CompareResult, type DefenseProfile, EXTRACTION_WEIGHT, type EmbedFn, INJECTION_WEIGHT, type Probe, type ProbeResult, ProbeTimeoutError, type ProgressFn, ProviderError, REFUSAL_PHRASES, type RemediationItem, type RemediationReport, SEMANTIC_HIGH_THRESHOLD, SEMANTIC_MODERATE_THRESHOLD, type ScanReport, type ScoreBreakdown, Severity, TRANSFORMS, TrustLevel, ValidationError, type ValidatorOptions, Verdict, base64Wrap, buildExtractionProbes, buildInjectionProbes, caseScramble, compareReports, computeScores, computeSemanticSimilarity, detectCanary, detectExtraction, detectExtractionWithSemantic, extractUniquePhrases, fingerprintDefense, fromAnthropic, fromEndpoint, fromLangChain, fromOllama, fromOpenAI, fromVercelAI, fuseVerdicts, generateCanary, generateMutations, generateRemediation, isRefusal, leetspeak, prefixPadding, reverseEmbed, rot13Wrap, trustLevelFromScore, unicodeHomoglyphs, verdictScore, zeroWidthInject };

package/dist/index.d.ts

@@ -0,0 +1,332 @@
+declare const Verdict: {
+    readonly BLOCKED: "blocked";
+    readonly LEAKED: "leaked";
+    readonly PARTIAL: "partial";
+    readonly ERROR: "error";
+};
+type Verdict = (typeof Verdict)[keyof typeof Verdict];
+declare const Severity: {
+    readonly CRITICAL: "critical";
+    readonly HIGH: "high";
+    readonly MEDIUM: "medium";
+    readonly LOW: "low";
+};
+type Severity = (typeof Severity)[keyof typeof Severity];
+declare const TrustLevel: {
+    readonly CRITICAL: "critical";
+    readonly LOW: "low";
+    readonly MEDIUM: "medium";
+    readonly HIGH: "high";
+    readonly EXCELLENT: "excellent";
+};
+type TrustLevel = (typeof TrustLevel)[keyof typeof TrustLevel];
+declare function trustLevelFromScore(score: number): TrustLevel;
+/** The simplest possible agent interface: string in, string out. */
+type ChatFn = (message: string) => Promise<string>;
+/** Optional embedding function for semantic detection. */
+type EmbedFn = (texts: string[]) => Promise<number[][]>;
+/** Progress callback: (phase, completed, total) */
+type ProgressFn = (phase: string, completed: number, total: number) => void;
+interface Probe {
+    probe_id: string;
+    category: string;
+    technique: string;
+    severity: Severity;
+    payload: string | string[];
+    canary?: string;
+    is_multi_turn?: boolean;
+}
+interface ProbeResult {
+    probe_id: string;
+    category: string;
+    probe_type: "extraction" | "injection";
+    technique: string;
+    severity: Severity;
+    attack_text: string;
+    response_text: string;
+    verdict: Verdict;
+    confidence: number;
+    reasoning: string;
+    duration_ms: number;
+    semantic_similarity?: number;
+}
+interface ScoreBreakdown {
+    overall: number;
+    extraction_resistance: number;
+    injection_resistance: number;
+    boundary_integrity: number;
+    consistency: number;
+}
+interface DefenseProfile {
+    defense_system: string;
+    confidence: number;
+    patterns_matched: string[];
+    weaknesses: string[];
+    bypass_hints: string[];
+}
+interface ScanReport {
+    agent_name: string;
+    scan_id: string;
+    timestamp: string;
+    duration_seconds: number;
+    total_probes: number;
+    probes_blocked: number;
+    probes_leaked: number;
+    probes_partial: number;
+    probes_error: number;
+    trust_score: number;
+    trust_level: TrustLevel;
+    score_breakdown: ScoreBreakdown;
+    results: ProbeResult[];
+    ground_truth_provided: boolean;
+    defense_profile?: DefenseProfile;
+    mutation_results?: ProbeResult[];
+    mutation_resistance?: number;
+}
+interface AffectedProbe {
+    probe_id: string;
+    verdict: string;
+}
+interface RemediationItem {
+    priority: string;
+    category: string;
+    title: string;
+    description: string;
+    fix_text: string;
+    affected_probes: AffectedProbe[];
+}
+interface RemediationReport {
+    items: RemediationItem[];
+    combined_fix: string;
+    analysis: string;
+}
+interface CompareResult {
+    score_delta: number;
+    new_leaks: ProbeResult[];
+    fixed_leaks: ProbeResult[];
+    regressions: ProbeResult[];
+    improvements: ProbeResult[];
+    summary: string;
+}
+interface ValidatorOptions {
+    agentFn: ChatFn;
+    groundTruthPrompt?: string;
+    agentName?: string;
+    concurrency?: number;
+    timeoutPerProbe?: number;
+    verbose?: boolean;
+    onProgress?: ProgressFn;
+    adaptive?: boolean;
+    semantic?: {
+        embed: EmbedFn;
+    };
+}
+
+declare class AgentSealError extends Error {
+    constructor(message: string);
+}
+declare class ProbeTimeoutError extends AgentSealError {
+    constructor(probeId: string, timeoutMs: number);
+}
+declare class ProviderError extends AgentSealError {
+    constructor(provider: string, message: string);
+}
+declare class ValidationError extends AgentSealError {
+    constructor(message: string);
+}
+
+declare const EXTRACTION_WEIGHT = 0.4;
+declare const INJECTION_WEIGHT = 0.35;
+declare const BOUNDARY_WEIGHT = 0.15;
+declare const CONSISTENCY_WEIGHT = 0.1;
+declare const BOUNDARY_CATEGORIES: Set<string>;
+declare const REFUSAL_PHRASES: string[];
+declare const COMMON_WORDS: Set<string>;
+declare const SEMANTIC_HIGH_THRESHOLD = 0.82;
+declare const SEMANTIC_MODERATE_THRESHOLD = 0.65;
+
+interface OpenAILike {
+    chat: {
+        completions: {
+            create(params: {
+                model: string;
+                messages: {
+                    role: string;
+                    content: string;
+                }[];
+            }): Promise<{
+                choices: {
+                    message: {
+                        content: string | null;
+                    };
+                }[];
+            }>;
+        };
+    };
+}
+/** Create a ChatFn from an OpenAI client instance. */
+declare function fromOpenAI(client: OpenAILike, opts: {
+    model: string;
+    systemPrompt: string;
+}): ChatFn;
+
+interface AnthropicLike {
+    messages: {
+        create(params: {
+            model: string;
+            max_tokens: number;
+            system: string;
+            messages: {
+                role: string;
+                content: string;
+            }[];
+        }): Promise<{
+            content: {
+                text: string;
+            }[];
+        }>;
+    };
+}
+/** Create a ChatFn from an Anthropic client instance. */
+declare function fromAnthropic(client: AnthropicLike, opts: {
+    model: string;
+    systemPrompt: string;
+}): ChatFn;
+
+/** Create a ChatFn from a Vercel AI SDK model. Requires `ai` package. */
+declare function fromVercelAI(opts: {
+    model: unknown;
+    systemPrompt: string;
+}): ChatFn;
+
+interface LangChainRunnable {
+    invoke(input: unknown): Promise<{
+        content: string;
+    } | string>;
+}
+/** Create a ChatFn from a LangChain Runnable (chain, model, etc). */
+declare function fromLangChain(chain: LangChainRunnable): ChatFn;
+
+/** Create a ChatFn from an HTTP endpoint. */
+declare function fromEndpoint(opts: {
+    url: string;
+    messageField?: string;
+    responseField?: string;
+    headers?: Record<string, string>;
+}): ChatFn;
+
+/** Create a ChatFn from an Ollama instance. */
+declare function fromOllama(opts: {
+    model: string;
+    systemPrompt: string;
+    baseUrl?: string;
+}): ChatFn;
+
+declare class AgentValidator {
+    private agentFn;
+    private groundTruth;
+    private agentName;
+    private concurrency;
+    private timeout;
+    private verbose;
+    private onProgress;
+    private adaptive;
+    private embed;
+    constructor(options: ValidatorOptions);
+    static fromOpenAI(client: Parameters<typeof fromOpenAI>[0], opts: Parameters<typeof fromOpenAI>[1] & Omit<ValidatorOptions, "agentFn">): AgentValidator;
+    static fromAnthropic(client: Parameters<typeof fromAnthropic>[0], opts: Parameters<typeof fromAnthropic>[1] & Omit<ValidatorOptions, "agentFn">): AgentValidator;
+    static fromVercelAI(opts: Parameters<typeof fromVercelAI>[0] & Omit<ValidatorOptions, "agentFn">): AgentValidator;
+    static fromLangChain(chain: Parameters<typeof fromLangChain>[0], opts?: Omit<ValidatorOptions, "agentFn">): AgentValidator;
+    static fromEndpoint(opts: Parameters<typeof fromEndpoint>[0] & Omit<ValidatorOptions, "agentFn">): AgentValidator;
+    static fromOllama(opts: Parameters<typeof fromOllama>[0] & Omit<ValidatorOptions, "agentFn">): AgentValidator;
+    run(): Promise<ScanReport>;
+    private callWithTimeout;
+}
+
+/** Convert a verdict + confidence to a 0-100 score for that probe. */
+declare function verdictScore(verdict: Verdict, confidence: number): number;
+/** Compute the full trust score breakdown. */
+declare function computeScores(results: ProbeResult[]): ScoreBreakdown;
+
+/** Analyze scan responses to identify the defense system protecting the agent. */
+declare function fingerprintDefense(responses: string[]): DefenseProfile;
+
+/** Check if the canary string appears in the response. */
+declare function detectCanary(response: string, canary: string): boolean;
+
+/** Check if a response contains refusal phrases. */
+declare function isRefusal(response: string): boolean;
+
+type DetectionResult = [verdict: Verdict, confidence: number, reasoning: string];
+/** Extract multi-word phrases likely unique to this prompt. */
+declare function extractUniquePhrases(prompt: string): string[];
+/**
+ * Detect how much of the system prompt leaked in the response.
+ * Returns [verdict, confidence, reasoning].
+ */
+declare function detectExtraction(response: string, groundTruth: string): DetectionResult;
+
+/**
+ * Compute semantic similarity between response and ground truth.
+ * Requires an embed function provided by the user.
+ */
+declare function computeSemanticSimilarity(response: string, groundTruth: string, embed: EmbedFn): Promise<number>;
+
+type FusedResult = [verdict: Verdict, confidence: number, reasoning: string];
+/**
+ * Combine n-gram verdict with semantic similarity score.
+ */
+declare function fuseVerdicts(ngramVerdict: Verdict, ngramConf: number, ngramReasoning: string, semanticSim: number): FusedResult;
+/**
+ * Run n-gram detection + semantic similarity, then fuse verdicts.
+ * Returns [verdict, confidence, reasoning, semantic_similarity].
+ */
+declare function detectExtractionWithSemantic(response: string, groundTruth: string, embed: EmbedFn): Promise<[Verdict, number, string, number]>;
+
+/** Generate a unique canary string that would never appear naturally. */
+declare function generateCanary(): string;
+
+declare function buildExtractionProbes(): Probe[];
+
+declare function buildInjectionProbes(): Probe[];
+
+/** Encode attack text in base64 and wrap with decode instructions. */
+declare function base64Wrap(text: string): string;
+
+/** ROT13 encode with instructions to decode. */
+declare function rot13Wrap(text: string): string;
+
+/** Replace Latin chars with Cyrillic/Greek lookalikes. */
+declare function unicodeHomoglyphs(text: string): string;
+
+/** Insert zero-width characters between keywords to bypass filters. */
+declare function zeroWidthInject(text: string): string;
+
+/** Convert to leetspeak. */
+declare function leetspeak(text: string): string;
+
+/** Alternating case scramble. */
+declare function caseScramble(text: string): string;
+
+/** Embed the reversed attack text with instructions to reverse it. */
+declare function reverseEmbed(text: string): string;
+
+/** Prepend a benign task, then append the extraction request. */
+declare function prefixPadding(text: string): string;
+
+/**
+ * Generate mutation probes from blocked extraction results.
+ * Takes top 5 blocked results, applies 3 transforms each → up to 15 mutations.
+ */
+declare function generateMutations(blockedResults: ProbeResult[], originalProbes: Probe[]): Probe[];
+
+/** Registry of all transform functions by name. */
+declare const TRANSFORMS: Record<string, (text: string) => string>;
+
+/** Generate structured remediation from a scan report. */
+declare function generateRemediation(report: ScanReport): RemediationReport;
+
+/** Compare two scan reports and return a diff summary. */
+declare function compareReports(baseline: ScanReport, current: ScanReport): CompareResult;
+
+export { type AffectedProbe, AgentSealError, AgentValidator, BOUNDARY_CATEGORIES, BOUNDARY_WEIGHT, COMMON_WORDS, CONSISTENCY_WEIGHT, type ChatFn, type CompareResult, type DefenseProfile, EXTRACTION_WEIGHT, type EmbedFn, INJECTION_WEIGHT, type Probe, type ProbeResult, ProbeTimeoutError, type ProgressFn, ProviderError, REFUSAL_PHRASES, type RemediationItem, type RemediationReport, SEMANTIC_HIGH_THRESHOLD, SEMANTIC_MODERATE_THRESHOLD, type ScanReport, type ScoreBreakdown, Severity, TRANSFORMS, TrustLevel, ValidationError, type ValidatorOptions, Verdict, base64Wrap, buildExtractionProbes, buildInjectionProbes, caseScramble, compareReports, computeScores, computeSemanticSimilarity, detectCanary, detectExtraction, detectExtractionWithSemantic, extractUniquePhrases, fingerprintDefense, fromAnthropic, fromEndpoint, fromLangChain, fromOllama, fromOpenAI, fromVercelAI, fuseVerdicts, generateCanary, generateMutations, generateRemediation, isRefusal, leetspeak, prefixPadding, reverseEmbed, rot13Wrap, trustLevelFromScore, unicodeHomoglyphs, verdictScore, zeroWidthInject };