averecion-lite 1.3.9 → 1.4.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/dashboard/dash.js +17 -4
  2. package/dist/log-watcher.d.ts.map +1 -1
  3. package/dist/log-watcher.js +10 -3
  4. package/package.json +1 -1
package/dashboard/dash.js CHANGED
@@ -87,7 +87,19 @@
87
87
  "promptInjection": {
88
88
  title: "Prompt Injection Detected!",
89
89
  desc: "An attacker tried to manipulate your AI by hiding instructions in data. This is a known attack vector."
90
- }
90
+ },
91
+ "whatsapp-inbound": {
92
+ title: "Dangerous Message Received",
93
+ desc: "An incoming WhatsApp message contained a dangerous command or attack pattern."
94
+ },
95
+ "whatsapp-processing": {
96
+ title: "Dangerous Content Detected",
97
+ desc: "A WhatsApp message being processed contained dangerous commands or prompt injection."
98
+ },
99
+ "whatsapp-reply": {
100
+ title: "Suspicious Reply Flagged",
101
+ desc: "A bot reply contained content that matched a dangerous pattern."
102
+ },
91
103
  };
92
104
 
93
105
  function showScreen(name) {
@@ -170,14 +182,15 @@
170
182
  }
171
183
  if (event.decision === "blocked") {
172
184
  let context = THREAT_CONTEXT[tool] || null;
173
- if (reason.includes("promptInjection")) {
185
+ if (reason.includes("promptInjection") || reason.includes("Prompt injection")) {
174
186
  context = THREAT_CONTEXT.promptInjection;
175
187
  return { icon: "🛡️", class: "blocked attack", text: `Caught attack: Prompt injection attempt`, context, isAttack: true };
176
188
  }
189
+ const dangerLabel = FRIENDLY_TOOLS[tool] ? `Flagged: ${friendlyTool}` : `Blocked risky action: ${tool}`;
177
190
  if (reason.includes("highRisk")) {
178
- return { icon: "⚠️", class: "blocked", text: `Blocked risky action: ${tool}`, context };
191
+ return { icon: "⚠️", class: "blocked", text: dangerLabel, context };
179
192
  }
180
- return { icon: "", class: "blocked", text: `Blocked: ${tool}`, context };
193
+ return { icon: "⚠️", class: "blocked", text: FRIENDLY_TOOLS[tool] ? `Flagged dangerous content in WhatsApp` : `Blocked: ${tool}`, context };
181
194
  }
182
195
  if (event.decision === "manual") {
183
196
  return { icon: "👆", class: "manual", text: `You approved ${tool}`, context: null };
package/dist/log-watcher.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"log-watcher.d.ts","sourceRoot":"","sources":["../log-watcher.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,YAAY,EAAE,MAAM,QAAQ,CAAC;AA6CtC,qBAAa,UAAW,SAAQ,YAAY;IAC1C,OAAO,CAAC,WAAW,CAAuB;IAC1C,OAAO,CAAC,OAAO,CAA6B;IAC5C,OAAO,CAAC,YAAY,CAAK;IACzB,OAAO,CAAC,UAAU,CAAgC;IAClD,OAAO,CAAC,YAAY,CAA+B;;IAMnD,KAAK,IAAI,IAAI;IAUb,IAAI,IAAI,IAAI;IAWZ,OAAO,CAAC,iBAAiB;IAOzB,OAAO,CAAC,eAAe;IAWvB,OAAO,CAAC,SAAS;IAuCjB,OAAO,CAAC,eAAe;IAOvB,OAAO,CAAC,YAAY;IA+BpB,OAAO,CAAC,WAAW;IAWnB,OAAO,CAAC,YAAY;IAmMpB,OAAO,CAAC,eAAe;IAuCvB,OAAO,CAAC,eAAe;IA6BvB,OAAO,CAAC,aAAa;IAgBrB,OAAO,CAAC,gBAAgB;CAWzB;AAID,wBAAgB,eAAe,IAAI,UAAU,CAM5C;AAED,wBAAgB,cAAc,IAAI,IAAI,CAKrC;AAED,wBAAgB,aAAa,IAAI,UAAU,GAAG,IAAI,CAEjD"}
1
+ {"version":3,"file":"log-watcher.d.ts","sourceRoot":"","sources":["../log-watcher.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,YAAY,EAAE,MAAM,QAAQ,CAAC;AAmDtC,qBAAa,UAAW,SAAQ,YAAY;IAC1C,OAAO,CAAC,WAAW,CAAuB;IAC1C,OAAO,CAAC,OAAO,CAA6B;IAC5C,OAAO,CAAC,YAAY,CAAK;IACzB,OAAO,CAAC,UAAU,CAAgC;IAClD,OAAO,CAAC,YAAY,CAA+B;;IAMnD,KAAK,IAAI,IAAI;IAUb,IAAI,IAAI,IAAI;IAWZ,OAAO,CAAC,iBAAiB;IAOzB,OAAO,CAAC,eAAe;IAWvB,OAAO,CAAC,SAAS;IAuCjB,OAAO,CAAC,eAAe;IAOvB,OAAO,CAAC,YAAY;IA+BpB,OAAO,CAAC,WAAW;IAWnB,OAAO,CAAC,YAAY;IAmMpB,OAAO,CAAC,eAAe;IAuCvB,OAAO,CAAC,eAAe;IA6BvB,OAAO,CAAC,aAAa;IAiBrB,OAAO,CAAC,gBAAgB;CAWzB;AAID,wBAAgB,eAAe,IAAI,UAAU,CAM5C;AAED,wBAAgB,cAAc,IAAI,IAAI,CAKrC;AAED,wBAAgB,aAAa,IAAI,UAAU,GAAG,IAAI,CAEjD"}
package/dist/log-watcher.js CHANGED
@@ -46,12 +46,18 @@ const DANGEROUS_PATTERNS = [
46
46
  ];
47
47
  const INJECTION_PATTERNS = [
48
48
  { pattern: /ignore\s+(all\s+)?(previous|prior|above)\s+(instructions?|prompts?)/i, reason: "Prompt injection: ignore instructions" },
49
+ { pattern: /ignore\s+(previous|prior|all)\s+instructions/i, reason: "Prompt injection: ignore instructions" },
49
50
  { pattern: /disregard\s+(all\s+)?(previous|prior|above)/i, reason: "Prompt injection: disregard" },
50
- { pattern: /you\s+are\s+now\s+(a|an)\s+/i, reason: "Prompt injection: role override" },
51
+ { pattern: /forget\s+(your|all|the)\s+(rules?|instructions?|guidelines?|restrictions?)/i, reason: "Prompt injection: forget rules" },
52
+ { pattern: /you\s+are\s+now\s+(a|an|un)\s*/i, reason: "Prompt injection: role override" },
51
53
  { pattern: /jailbreak/i, reason: "Prompt injection: jailbreak attempt" },
52
54
  { pattern: /DAN\s*mode/i, reason: "Prompt injection: DAN mode" },
53
55
  { pattern: /pretend\s+(you'?re?|to\s+be)\s+/i, reason: "Prompt injection: pretend" },
54
- { pattern: /bypass\s+(your\s+)?(restrictions?|rules?|guidelines?)/i, reason: "Prompt injection: bypass" },
56
+ { pattern: /bypass\s+(your\s+)?(restrictions?|rules?|guidelines?|safety|filters?)/i, reason: "Prompt injection: bypass" },
57
+ { pattern: /override\s+(all\s+)?(safety|security|rules?|filters?)/i, reason: "Prompt injection: override safety" },
58
+ { pattern: /SYSTEM:\s*/i, reason: "Prompt injection: fake system prompt" },
59
+ { pattern: /send\s+(all\s+)?(contacts?|messages?|data|files?|info)\s+to/i, reason: "Prompt injection: data exfiltration" },
60
+ { pattern: /delete\s+everything/i, reason: "Prompt injection: destructive command" },
55
61
  ];
56
62
  class LogWatcher extends events_1.EventEmitter {
57
63
  watchedFile = null;
@@ -423,7 +429,8 @@ class LogWatcher extends events_1.EventEmitter {
423
429
  }
424
430
  }
425
431
  analyzeDanger(event) {
426
- if (event.tool !== "exec") {
432
+ const scanTools = ["exec", "whatsapp-inbound", "whatsapp-reply", "whatsapp-processing", "whatsapp-gateway"];
433
+ if (!scanTools.includes(event.tool)) {
427
434
  return { dangerous: false, reason: "" };
428
435
  }
429
436
  const argsStr = JSON.stringify(event.args || {}).toLowerCase();
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "averecion-lite",
3
- "version": "1.3.9",
3
+ "version": "1.4.1",
4
4
  "description": "Real-time AI agent monitoring - watches logs, detects dangerous commands and prompt injection attempts",
5
5
  "author": "Averecion <hello@averecion.com>",
6
6
  "homepage": "https://github.com/averecion/clawguard#readme",