cbrowser 18.3.9 → 18.3.11

package/dist/security/description-scanner.js

@@ -0,0 +1,408 @@
+/**
+ * CBrowser - Cognitive Browser Automation
+ * Copyright 2026 Alexandria Eden alexandria.shai.eden@gmail.com
+ * Learn more at https://cbrowser.ai - MIT License
+ */
+/**
+ * Tool Description Injection Scanner for CBrowser MCP Server
+ *
+ * Scans MCP tool descriptions for potential prompt injection attacks.
+ * Detects patterns that could be used to:
+ * - Execute cross-tool attacks (chaining tools maliciously)
+ * - Escalate privileges (bypassing safety instructions)
+ * - Exfiltrate data (sending data to external servers)
+ *
+ * Usage:
+ *   import { scanToolDescription, scanToolDefinitions } from "./security/description-scanner.js";
+ *
+ *   const result = scanToolDescription("navigate", "Navigate to a URL");
+ *   if (result.status === "critical") {
+ *     console.error("Potential injection detected:", result.issues);
+ *   }
+ */
+import { existsSync, readFileSync } from "node:fs";
+/**
+ * CRITICAL severity patterns - these indicate likely malicious intent
+ */
+const CRITICAL_PATTERNS = [
+    // Cross-tool instructions - attempts to chain tool calls
+    {
+        regex: /\bbefore\s+using\s+this\s+tool\b/i,
+        pattern: "cross_tool_instruction",
+        severity: "critical",
+    },
+    {
+        regex: /\bfirst\s+call\b/i,
+        pattern: "cross_tool_instruction",
+        severity: "critical",
+    },
+    {
+        regex: /\bthen\s+execute\b/i,
+        pattern: "cross_tool_instruction",
+        severity: "critical",
+    },
+    {
+        regex: /\bafter\s+this\s+tool\b/i,
+        pattern: "cross_tool_instruction",
+        severity: "critical",
+    },
+    {
+        regex: /\balways\s+call\b/i,
+        pattern: "cross_tool_instruction",
+        severity: "critical",
+    },
+    {
+        regex: /\byou\s+must\s+(call|use|execute|run)\b/i,
+        pattern: "cross_tool_instruction",
+        severity: "critical",
+    },
+    {
+        regex: /\bmust\s+first\b/i,
+        pattern: "cross_tool_instruction",
+        severity: "critical",
+    },
+    // Privilege escalation - attempts to override safety
+    {
+        regex: /\bignore\s+(previous|prior|all)\s+instructions?\b/i,
+        pattern: "privilege_escalation",
+        severity: "critical",
+    },
+    {
+        regex: /\bdisregard\s+(prior|previous|all)\b/i,
+        pattern: "privilege_escalation",
+        severity: "critical",
+    },
+    {
+        regex: /\boverride\s+(system|safety|security)\b/i,
+        pattern: "privilege_escalation",
+        severity: "critical",
+    },
+    {
+        regex: /\bbypass\s+(security|safety|restrictions?)\b/i,
+        pattern: "privilege_escalation",
+        severity: "critical",
+    },
+    {
+        regex: /\bnew\s+system\s+prompt\b/i,
+        pattern: "privilege_escalation",
+        severity: "critical",
+    },
+    {
+        regex: /\byou\s+are\s+now\b/i,
+        pattern: "privilege_escalation",
+        severity: "critical",
+    },
+    {
+        regex: /\bforget\s+(everything|all|previous)\b/i,
+        pattern: "privilege_escalation",
+        severity: "critical",
+    },
+    // Exfiltration - attempts to send data externally
+    {
+        regex: /https?:\/\/[^\s]+/i,
+        pattern: "exfiltration",
+        severity: "critical",
+    },
+    {
+        regex: /\bsend\s+to\b/i,
+        pattern: "exfiltration",
+        severity: "critical",
+    },
+    {
+        regex: /\bpost\s+to\b/i,
+        pattern: "exfiltration",
+        severity: "critical",
+    },
+    {
+        regex: /\bforward\s+to\b/i,
+        pattern: "exfiltration",
+        severity: "critical",
+    },
+    {
+        regex: /\bupload\s+to\b/i,
+        pattern: "exfiltration",
+        severity: "critical",
+    },
+    {
+        regex: /\btransmit\s+to\b/i,
+        pattern: "exfiltration",
+        severity: "critical",
+    },
+    {
+        regex: /\bexfiltrate\b/i,
+        pattern: "exfiltration",
+        severity: "critical",
+    },
+];
+/**
+ * WARNING severity patterns - suspicious but may be legitimate
+ */
+const WARNING_PATTERNS = [
+    // Sensitive file paths
+    {
+        regex: /~\/\.ssh\b/i,
+        pattern: "sensitive_path",
+        severity: "warning",
+    },
+    {
+        regex: /~\/\.aws\b/i,
+        pattern: "sensitive_path",
+        severity: "warning",
+    },
+    {
+        regex: /~\/\.config\b/i,
+        pattern: "sensitive_path",
+        severity: "warning",
+    },
+    {
+        regex: /\bcredentials?\b/i,
+        pattern: "sensitive_path",
+        severity: "warning",
+    },
+    {
+        regex: /\/etc\/passwd\b/i,
+        pattern: "sensitive_path",
+        severity: "warning",
+    },
+    {
+        regex: /\/etc\/shadow\b/i,
+        pattern: "sensitive_path",
+        severity: "warning",
+    },
+    {
+        regex: /\.env\b/i,
+        pattern: "sensitive_path",
+        severity: "warning",
+    },
+    {
+        regex: /\bprivate[_-]?key\b/i,
+        pattern: "sensitive_path",
+        severity: "warning",
+    },
+    {
+        regex: /\bapi[_-]?key\b/i,
+        pattern: "sensitive_path",
+        severity: "warning",
+    },
+    {
+        regex: /\bsecret[_-]?key\b/i,
+        pattern: "sensitive_path",
+        severity: "warning",
+    },
+    // Encoded content (potential obfuscation)
+    // Base64: at least 20 chars of alphanumeric with possible padding
+    {
+        regex: /[A-Za-z0-9+/]{20,}={0,2}/,
+        pattern: "encoded_content",
+        severity: "warning",
+    },
+    // Unicode escape sequences
+    {
+        regex: /\\u00[0-9a-fA-F]{2}/,
+        pattern: "encoded_content",
+        severity: "warning",
+    },
+    // Hex encoded strings
+    {
+        regex: /\\x[0-9a-fA-F]{2}/,
+        pattern: "encoded_content",
+        severity: "warning",
+    },
+];
+/**
+ * All patterns combined for scanning
+ */
+const ALL_PATTERNS = [
+    ...CRITICAL_PATTERNS,
+    ...WARNING_PATTERNS,
+];
+// ============================================================================
+// Core Functions
+// ============================================================================
+/**
+ * Scan a single tool's description for injection patterns.
+ *
+ * @param name - The tool's name
+ * @param description - The tool's description text
+ * @returns Scan result with status and any issues found
+ *
+ * @example
+ * ```typescript
+ * const result = scanToolDescription("navigate", "Navigate to a URL");
+ * if (result.status !== "clean") {
+ *   console.warn("Issues found:", result.issues);
+ * }
+ * ```
+ */
+export function scanToolDescription(name, description) {
+    const issues = [];
+    // Scan for all patterns
+    for (const pattern of ALL_PATTERNS) {
+        // Use global flag for finding all matches
+        const globalRegex = new RegExp(pattern.regex.source, "gi");
+        let match;
+        while ((match = globalRegex.exec(description)) !== null) {
+            issues.push({
+                pattern: pattern.pattern,
+                severity: pattern.severity,
+                match: match[0],
+                position: match.index,
+            });
+        }
+    }
+    // Determine overall status from highest severity
+    let status = "clean";
+    if (issues.some((i) => i.severity === "critical")) {
+        status = "critical";
+    }
+    else if (issues.some((i) => i.severity === "warning")) {
+        status = "warning";
+    }
+    return {
+        toolName: name,
+        status,
+        issues,
+    };
+}
+/**
+ * Scan an array of tool definitions for injection patterns.
+ *
+ * @param tools - Array of tool definitions to scan
+ * @param serverName - Name of the server (optional, defaults to "unknown")
+ * @returns Server scan result with aggregate status
+ *
+ * @example
+ * ```typescript
+ * const tools = [
+ *   { name: "navigate", description: "Navigate to URL", schema: {} },
+ *   { name: "click", description: "Click element", schema: {} },
+ * ];
+ * const result = scanToolDefinitions(tools, "cbrowser");
+ * console.log("Server status:", result.status);
+ * ```
+ */
+export function scanToolDefinitions(tools, serverName = "unknown") {
+    const toolResults = [];
+    for (const tool of tools) {
+        const result = scanToolDescription(tool.name, tool.description);
+        if (result.status !== "clean") {
+            toolResults.push(result);
+        }
+    }
+    // Determine overall server status
+    let status = "clean";
+    if (toolResults.some((r) => r.status === "critical")) {
+        status = "critical";
+    }
+    else if (toolResults.some((r) => r.status === "warning")) {
+        status = "warning";
+    }
+    return {
+        serverName,
+        toolCount: tools.length,
+        status,
+        issues: toolResults,
+    };
+}
+/**
+ * Scan MCP configuration file for all registered servers.
+ * Currently this function parses the config but cannot actually
+ * scan tool descriptions without starting the servers.
+ *
+ * @param configPath - Path to claude_desktop_config.json
+ * @returns Scan summary with results for each server
+ *
+ * @example
+ * ```typescript
+ * const summary = scanMcpConfig("~/.config/claude/claude_desktop_config.json");
+ * console.log("Total issues:", summary.summary.critical + summary.summary.warning);
+ * ```
+ */
+export function scanMcpConfig(configPath) {
+    const servers = [];
+    let total = 0;
+    let clean = 0;
+    let warning = 0;
+    let critical = 0;
+    // Check if config file exists
+    if (!existsSync(configPath)) {
+        return {
+            servers: [],
+            summary: { total: 0, clean: 0, warning: 0, critical: 0 },
+        };
+    }
+    try {
+        const content = readFileSync(configPath, "utf-8");
+        const config = JSON.parse(content);
+        if (config.mcpServers) {
+            // For each server in config, we note it exists
+            // Full scanning would require starting each server and querying tools
+            for (const serverName of Object.keys(config.mcpServers)) {
+                servers.push({
+                    serverName,
+                    toolCount: 0,
+                    status: "clean", // Cannot determine without querying server
+                    issues: [],
+                });
+            }
+        }
+    }
+    catch {
+        // Config parsing failed
+        return {
+            servers: [],
+            summary: { total: 0, clean: 0, warning: 0, critical: 0 },
+        };
+    }
+    return {
+        servers,
+        summary: {
+            total,
+            clean,
+            warning,
+            critical,
+        },
+    };
+}
+/**
+ * Get a formatted report of scan results.
+ *
+ * @param result - Server scan result to format
+ * @returns Human-readable report string
+ */
+export function formatScanReport(result) {
+    const lines = [];
+    lines.push(`=== Security Scan Report: ${result.serverName} ===`);
+    lines.push(`Tools scanned: ${result.toolCount}`);
+    lines.push(`Status: ${result.status.toUpperCase()}`);
+    lines.push("");
+    if (result.issues.length === 0) {
+        lines.push("No issues detected.");
+    }
+    else {
+        lines.push(`Issues found in ${result.issues.length} tool(s):`);
+        lines.push("");
+        for (const tool of result.issues) {
+            lines.push(`[${tool.status.toUpperCase()}] ${tool.toolName}`);
+            for (const issue of tool.issues) {
+                lines.push(`  - ${issue.pattern}: "${issue.match}"`);
+                if (issue.position !== undefined) {
+                    lines.push(`    Position: ${issue.position}`);
+                }
+            }
+            lines.push("");
+        }
+    }
+    return lines.join("\n");
+}
+/**
+ * Quick check if a description is safe (no critical issues).
+ *
+ * @param description - Description text to check
+ * @returns true if no critical issues found
+ */
+export function isDescriptionSafe(description) {
+    const result = scanToolDescription("_check", description);
+    return result.status !== "critical";
+}
+//# sourceMappingURL=description-scanner.js.map

package/dist/security/description-scanner.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"description-scanner.js","sourceRoot":"","sources":["../../src/security/description-scanner.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH;;;;;;;;;;;;;;;;GAgBG;AAEH,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AA0FnD;;GAEG;AACH,MAAM,iBAAiB,GAAuB;IAC5C,yDAAyD;IACzD;QACE,KAAK,EAAE,mCAAmC;QAC1C,OAAO,EAAE,wBAAwB;QACjC,QAAQ,EAAE,UAAU;KACrB;IACD;QACE,KAAK,EAAE,mBAAmB;QAC1B,OAAO,EAAE,wBAAwB;QACjC,QAAQ,EAAE,UAAU;KACrB;IACD;QACE,KAAK,EAAE,qBAAqB;QAC5B,OAAO,EAAE,wBAAwB;QACjC,QAAQ,EAAE,UAAU;KACrB;IACD;QACE,KAAK,EAAE,0BAA0B;QACjC,OAAO,EAAE,wBAAwB;QACjC,QAAQ,EAAE,UAAU;KACrB;IACD;QACE,KAAK,EAAE,oBAAoB;QAC3B,OAAO,EAAE,wBAAwB;QACjC,QAAQ,EAAE,UAAU;KACrB;IACD;QACE,KAAK,EAAE,0CAA0C;QACjD,OAAO,EAAE,wBAAwB;QACjC,QAAQ,EAAE,UAAU;KACrB;IACD;QACE,KAAK,EAAE,mBAAmB;QAC1B,OAAO,EAAE,wBAAwB;QACjC,QAAQ,EAAE,UAAU;KACrB;IAED,qDAAqD;IACrD;QACE,KAAK,EAAE,oDAAoD;QAC3D,OAAO,EAAE,sBAAsB;QAC/B,QAAQ,EAAE,UAAU;KACrB;IACD;QACE,KAAK,EAAE,uCAAuC;QAC9C,OAAO,EAAE,sBAAsB;QAC/B,QAAQ,EAAE,UAAU;KACrB;IACD;QACE,KAAK,EAAE,0CAA0C;QACjD,OAAO,EAAE,sBAAsB;QAC/B,QAAQ,EAAE,UAAU;KACrB;IACD;QACE,KAAK,EAAE,+CAA+C;QACtD,OAAO,EAAE,sBAAsB;QAC/B,QAAQ,EAAE,UAAU;KACrB;IACD;QACE,KAAK,EAAE,4BAA4B;QACnC,OAAO,EAAE,sBAAsB;QAC/B,QAAQ,EAAE,UAAU;KACrB;IACD;QACE,KAAK,EAAE,sBAAsB;QAC7B,OAAO,EAAE,sBAAsB;QAC/B,QAAQ,EAAE,UAAU;KACrB;IACD;QACE,KAAK,EAAE,yCAAyC;QAChD,OAAO,EAAE,sBAAsB;QAC/B,QAAQ,EAAE,UAAU;KACrB;IAED,kDAAkD;IAClD;QACE,KAAK,EAAE,oBAAoB;QAC3B,OAAO,EAAE,cAAc;QACvB,QAAQ,EAAE,UAAU;KACrB;IACD;QACE,KAAK,EAAE,gBAAgB;QACvB,OAAO,EAAE,cAAc;QACvB,QAAQ,EAAE,UAAU;KACrB;IACD;QACE,KAAK,EAAE,gBAAgB;QACvB,OAAO,EAAE,cAAc;QACvB,QAAQ,EAAE,UAAU;KACrB;IACD;QACE,KAAK,EAAE,mBAAmB;QAC1B,OAAO,EAAE,cAAc;QACvB,QAAQ,EAAE,UAAU;KACrB;IACD;QACE,KAAK,EAAE,kBAAkB;QACzB,OAAO,EAAE,cAAc;QACvB,QAAQ,EAAE,UAAU;KACrB;IACD;QACE,KAAK,EAAE,oBAAoB;QAC3B,OAAO,EAAE,cAAc;QACvB,QAAQ,EAAE,UAAU;KACrB;IACD;QACE,KAAK,EAAE,iBAAiB;QACxB,OAAO,EAAE,cAAc;QACvB,QAAQ,EAAE,UAAU;KACrB;CACF,CAAC;AAEF;;GAEG;AACH,MAAM,gBAAgB,GAAuB;IAC3C,uBAAuB;IACvB;QACE,KAAK,EAAE,aAAa;QACpB,OAAO,EAAE,gBAAgB;QACzB,QAAQ,EAAE,SAAS;KACpB;IACD;QACE,KAAK,EAAE,aAAa;QACpB,OAAO,EAAE,gBAAgB;QACzB,QAAQ,EAAE,SAAS;KACpB;IACD;QACE,KAAK,EAAE,gBAAgB;QACvB,OAAO,EAAE,gBAAgB;QACzB,QAAQ,EAAE,SAAS;KACpB;IACD;QACE,KAAK,EAAE,mBAAmB;QAC1B,OAAO,EAAE,gBAAgB;QACzB,QAAQ,EAAE,SAAS;KACpB;IACD;QACE,KAAK,EAAE,kBAAkB;QACzB,OAAO,EAAE,gBAAgB;QACzB,QAAQ,EAAE,SAAS;KACpB;IACD;QACE,KAAK,EAAE,kBAAkB;QACzB,OAAO,EAAE,gBAAgB;QACzB,QAAQ,EAAE,SAAS;KACpB;IACD;QACE,KAAK,EAAE,UAAU;QACjB,OAAO,EAAE,gBAAgB;QACzB,QAAQ,EAAE,SAAS;KACpB;IACD;QACE,KAAK,EAAE,sBAAsB;QAC7B,OAAO,EAAE,gBAAgB;QACzB,QAAQ,EAAE,SAAS;KACpB;IACD;QACE,KAAK,EAAE,kBAAkB;QACzB,OAAO,EAAE,gBAAgB;QACzB,QAAQ,EAAE,SAAS;KACpB;IACD;QACE,KAAK,EAAE,qBAAqB;QAC5B,OAAO,EAAE,gBAAgB;QACzB,QAAQ,EAAE,SAAS;KACpB;IAED,0CAA0C;IAC1C,kEAAkE;IAClE;QACE,KAAK,EAAE,0BAA0B;QACjC,OAAO,EAAE,iBAAiB;QAC1B,QAAQ,EAAE,SAAS;KACpB;IACD,2BAA2B;IAC3B;QACE,KAAK,EAAE,qBAAqB;QAC5B,OAAO,EAAE,iBAAiB;QAC1B,QAAQ,EAAE,SAAS;KACpB;IACD,sBAAsB;IACtB;QACE,KAAK,EAAE,mBAAmB;QAC1B,OAAO,EAAE,iBAAiB;QAC1B,QAAQ,EAAE,SAAS;KACpB;CACF,CAAC;AAEF;;GAEG;AACH,MAAM,YAAY,GAAuB;IACvC,GAAG,iBAAiB;IACpB,GAAG,gBAAgB;CACpB,CAAC;AAEF,+EAA+E;AAC/E,iBAAiB;AACjB,+EAA+E;AAE/E;;;;;;;;;;;;;;GAcG;AACH,MAAM,UAAU,mBAAmB,CACjC,IAAY,EACZ,WAAmB;IAEnB,MAAM,MAAM,GAAgB,EAAE,CAAC;IAE/B,wBAAwB;IACxB,KAAK,MAAM,OAAO,IAAI,YAAY,EAAE,CAAC;QACnC,0CAA0C;QAC1C,MAAM,WAAW,GAAG,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;QAC3D,IAAI,KAAK,CAAC;QAEV,OAAO,CAAC,KAAK,GAAG,WAAW,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YACxD,MAAM,CAAC,IAAI,CAAC;gBACV,OAAO,EAAE,OAAO,CAAC,OAAO;gBACxB,QAAQ,EAAE,OAAO,CAAC,QAAQ;gBAC1B,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC;gBACf,QAAQ,EAAE,KAAK,CAAC,KAAK;aACtB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,iDAAiD;IACjD,IAAI,MAAM,GAAqC,OAAO,CAAC;IACvD,IAAI,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,EAAE,CAAC;QAClD,MAAM,GAAG,UAAU,CAAC;IACtB,CAAC;SAAM,IAAI,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,SAAS,CAAC,EAAE,CAAC;QACxD,MAAM,GAAG,SAAS,CAAC;IACrB,CAAC;IAED,OAAO;QACL,QAAQ,EAAE,IAAI;QACd,MAAM;QACN,MAAM;KACP,CAAC;AACJ,CAAC;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,MAAM,UAAU,mBAAmB,CACjC,KAAuB,EACvB,aAAqB,SAAS;IAE9B,MAAM,WAAW,GAAqB,EAAE,CAAC;IAEzC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,MAAM,GAAG,mBAAmB,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC;QAChE,IAAI,MAAM,CAAC,MAAM,KAAK,OAAO,EAAE,CAAC;YAC9B,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAC3B,CAAC;IACH,CAAC;IAED,kCAAkC;IAClC,IAAI,MAAM,GAAqC,OAAO,CAAC;IACvD,IAAI,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,UAAU,CAAC,EAAE,CAAC;QACrD,MAAM,GAAG,UAAU,CAAC;IACtB,CAAC;SAAM,IAAI,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,SAAS,CAAC,EAAE,CAAC;QAC3D,MAAM,GAAG,SAAS,CAAC;IACrB,CAAC;IAED,OAAO;QACL,UAAU;QACV,SAAS,EAAE,KAAK,CAAC,MAAM;QACvB,MAAM;QACN,MAAM,EAAE,WAAW;KACpB,CAAC;AACJ,CAAC;AAgBD;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,aAAa,CAAC,UAAkB;IAC9C,MAAM,OAAO,GAAuB,EAAE,CAAC;IACvC,IAAI,KAAK,GAAG,CAAC,CAAC;IACd,IAAI,KAAK,GAAG,CAAC,CAAC;IACd,IAAI,OAAO,GAAG,CAAC,CAAC;IAChB,IAAI,QAAQ,GAAG,CAAC,CAAC;IAEjB,8BAA8B;IAC9B,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAC5B,OAAO;YACL,OAAO,EAAE,EAAE;YACX,OAAO,EAAE,EAAE,KAAK,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,OAAO,EAAE,CAAC,EAAE,QAAQ,EAAE,CAAC,EAAE;SACzD,CAAC;IACJ,CAAC;IAED,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;QAClD,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAc,CAAC;QAEhD,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;YACtB,+CAA+C;YAC/C,sEAAsE;YACtE,KAAK,MAAM,UAAU,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,EAAE,CAAC;gBACxD,OAAO,CAAC,IAAI,CAAC;oBACX,UAAU;oBACV,SAAS,EAAE,CAAC;oBACZ,MAAM,EAAE,OAAO,EAAE,2CAA2C;oBAC5D,MAAM,EAAE,EAAE;iBACX,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,wBAAwB;QACxB,OAAO;YACL,OAAO,EAAE,EAAE;YACX,OAAO,EAAE,EAAE,KAAK,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,OAAO,EAAE,CAAC,EAAE,QAAQ,EAAE,CAAC,EAAE;SACzD,CAAC;IACJ,CAAC;IAED,OAAO;QACL,OAAO;QACP,OAAO,EAAE;YACP,KAAK;YACL,KAAK;YACL,OAAO;YACP,QAAQ;SACT;KACF,CAAC;AACJ,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,gBAAgB,CAAC,MAAwB;IACvD,MAAM,KAAK,GAAa,EAAE,CAAC;IAE3B,KAAK,CAAC,IAAI,CAAC,6BAA6B,MAAM,CAAC,UAAU,MAAM,CAAC,CAAC;IACjE,KAAK,CAAC,IAAI,CAAC,kBAAkB,MAAM,CAAC,SAAS,EAAE,CAAC,CAAC;IACjD,KAAK,CAAC,IAAI,CAAC,WAAW,MAAM,CAAC,MAAM,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;IACrD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,IAAI,MAAM,CAAC,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC/B,KAAK,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAC;IACpC,CAAC;SAAM,CAAC;QACN,KAAK,CAAC,IAAI,CAAC,mBAAmB,MAAM,CAAC,MAAM,CAAC,MAAM,WAAW,CAAC,CAAC;QAC/D,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAEf,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;YACjC,KAAK,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,KAAK,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC;YAC9D,KAAK,MAAM,KAAK,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;gBAChC,KAAK,CAAC,IAAI,CAAC,OAAO,KAAK,CAAC,OAAO,MAAM,KAAK,CAAC,KAAK,GAAG,CAAC,CAAC;gBACrD,IAAI,KAAK,CAAC,QAAQ,KAAK,SAAS,EAAE,CAAC;oBACjC,KAAK,CAAC,IAAI,CAAC,iBAAiB,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC;gBAChD,CAAC;YACH,CAAC;YACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACjB,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,iBAAiB,CAAC,WAAmB;IACnD,MAAM,MAAM,GAAG,mBAAmB,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC;IAC1D,OAAO,MAAM,CAAC,MAAM,KAAK,UAAU,CAAC;AACtC,CAAC"}

package/dist/security/index.d.ts

@@ -0,0 +1,23 @@
+/**
+ * CBrowser - Cognitive Browser Automation
+ * Copyright 2026 Alexandria Eden alexandria.shai.eden@gmail.com
+ * Learn more at https://cbrowser.ai - MIT License
+ */
+/**
+ * CBrowser Security Module
+ *
+ * Provides security features for the CBrowser MCP server:
+ * - Request signing (HMAC-SHA256) for integrity verification
+ * - Tool invocation audit logging for compliance and debugging
+ * - Tool definition pinning for tamper detection
+ * - Per-tool permission model for granular access control
+ * - Description injection scanning for prompt injection detection
+ */
+export { createSignature, validateSignature, generateSigningHeaders, getSigningConfig, type SignatureValidationResult, type RequestSigningConfig, } from "./request-signing.js";
+export { wrapToolHandler, createAuditContext, createWrapperFactory, redactSensitiveParams, getToolZone as getAuditToolZone, // Renamed to avoid conflict with tool-permissions
+linkActionToInvocation, readAuditEntries, getAuditStats, type AuditContext, type ToolHandler, } from "./audit-wrapper.js";
+export { hashToolDefinition, createToolManifest, loadToolManifest, saveToolManifest, verifyToolDefinitions, approveToolChange, removeToolFromManifest, approveAllTools, getManifestPath, getManifestSummary, type ToolDefinition, type ToolPinEntry, type ToolManifest, type PinningResult, } from "./tool-pinning.js";
+export { loadToolPermissions, saveToolPermissions, setToolZone, getToolZone, checkToolPermission, listToolZones, resetToolZones, DEFAULT_ZONES, type ToolZone, type ToolPermissionConfig, type PermissionCheckResult, } from "./tool-permissions.js";
+export { scanToolDescription, scanToolDefinitions, scanMcpConfig, formatScanReport, isDescriptionSafe, type ScanSeverity, type ScanIssue, type ToolScanResult, type ServerScanResult, type ScanSummary, } from "./description-scanner.js";
+export { sanitizeOutput, wrapWithDelimiters, detectInjectionPatterns, detectHiddenContent, detectEncodedContent, stripHiddenCharacters, isContentSafe, getSanitizationSummary, type SanitizationResult, type SanitizationIssue, type IssueType, type IssueAction, } from "./output-sanitizer.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/security/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/security/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH;;;;;;;;;GASG;AAGH,OAAO,EACL,eAAe,EACf,iBAAiB,EACjB,sBAAsB,EACtB,gBAAgB,EAChB,KAAK,yBAAyB,EAC9B,KAAK,oBAAoB,GAC1B,MAAM,sBAAsB,CAAC;AAG9B,OAAO,EACL,eAAe,EACf,kBAAkB,EAClB,oBAAoB,EACpB,qBAAqB,EACrB,WAAW,IAAI,gBAAgB,EAAE,kDAAkD;AACnF,sBAAsB,EACtB,gBAAgB,EAChB,aAAa,EACb,KAAK,YAAY,EACjB,KAAK,WAAW,GACjB,MAAM,oBAAoB,CAAC;AAG5B,OAAO,EACL,kBAAkB,EAClB,kBAAkB,EAClB,gBAAgB,EAChB,gBAAgB,EAChB,qBAAqB,EACrB,iBAAiB,EACjB,sBAAsB,EACtB,eAAe,EACf,eAAe,EACf,kBAAkB,EAClB,KAAK,cAAc,EACnB,KAAK,YAAY,EACjB,KAAK,YAAY,EACjB,KAAK,aAAa,GACnB,MAAM,mBAAmB,CAAC;AAG3B,OAAO,EACL,mBAAmB,EACnB,mBAAmB,EACnB,WAAW,EACX,WAAW,EACX,mBAAmB,EACnB,aAAa,EACb,cAAc,EACd,aAAa,EACb,KAAK,QAAQ,EACb,KAAK,oBAAoB,EACzB,KAAK,qBAAqB,GAC3B,MAAM,uBAAuB,CAAC;AAG/B,OAAO,EACL,mBAAmB,EACnB,mBAAmB,EACnB,aAAa,EACb,gBAAgB,EAChB,iBAAiB,EACjB,KAAK,YAAY,EACjB,KAAK,SAAS,EACd,KAAK,cAAc,EACnB,KAAK,gBAAgB,EACrB,KAAK,WAAW,GACjB,MAAM,0BAA0B,CAAC;AAGlC,OAAO,EACL,cAAc,EACd,kBAAkB,EAClB,uBAAuB,EACvB,mBAAmB,EACnB,oBAAoB,EACpB,qBAAqB,EACrB,aAAa,EACb,sBAAsB,EACtB,KAAK,kBAAkB,EACvB,KAAK,iBAAiB,EACtB,KAAK,SAAS,EACd,KAAK,WAAW,GACjB,MAAM,uBAAuB,CAAC"}

package/dist/security/index.js

@@ -0,0 +1,29 @@
+/**
+ * CBrowser - Cognitive Browser Automation
+ * Copyright 2026 Alexandria Eden alexandria.shai.eden@gmail.com
+ * Learn more at https://cbrowser.ai - MIT License
+ */
+/**
+ * CBrowser Security Module
+ *
+ * Provides security features for the CBrowser MCP server:
+ * - Request signing (HMAC-SHA256) for integrity verification
+ * - Tool invocation audit logging for compliance and debugging
+ * - Tool definition pinning for tamper detection
+ * - Per-tool permission model for granular access control
+ * - Description injection scanning for prompt injection detection
+ */
+// Request signing
+export { createSignature, validateSignature, generateSigningHeaders, getSigningConfig, } from "./request-signing.js";
+// Audit wrapper
+export { wrapToolHandler, createAuditContext, createWrapperFactory, redactSensitiveParams, getToolZone as getAuditToolZone, // Renamed to avoid conflict with tool-permissions
+linkActionToInvocation, readAuditEntries, getAuditStats, } from "./audit-wrapper.js";
+// Tool pinning
+export { hashToolDefinition, createToolManifest, loadToolManifest, saveToolManifest, verifyToolDefinitions, approveToolChange, removeToolFromManifest, approveAllTools, getManifestPath, getManifestSummary, } from "./tool-pinning.js";
+// Tool permissions
+export { loadToolPermissions, saveToolPermissions, setToolZone, getToolZone, checkToolPermission, listToolZones, resetToolZones, DEFAULT_ZONES, } from "./tool-permissions.js";
+// Description injection scanning
+export { scanToolDescription, scanToolDefinitions, scanMcpConfig, formatScanReport, isDescriptionSafe, } from "./description-scanner.js";
+// Output sanitization
+export { sanitizeOutput, wrapWithDelimiters, detectInjectionPatterns, detectHiddenContent, detectEncodedContent, stripHiddenCharacters, isContentSafe, getSanitizationSummary, } from "./output-sanitizer.js";
+//# sourceMappingURL=index.js.map

package/dist/security/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/security/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH;;;;;;;;;GASG;AAEH,kBAAkB;AAClB,OAAO,EACL,eAAe,EACf,iBAAiB,EACjB,sBAAsB,EACtB,gBAAgB,GAGjB,MAAM,sBAAsB,CAAC;AAE9B,gBAAgB;AAChB,OAAO,EACL,eAAe,EACf,kBAAkB,EAClB,oBAAoB,EACpB,qBAAqB,EACrB,WAAW,IAAI,gBAAgB,EAAE,kDAAkD;AACnF,sBAAsB,EACtB,gBAAgB,EAChB,aAAa,GAGd,MAAM,oBAAoB,CAAC;AAE5B,eAAe;AACf,OAAO,EACL,kBAAkB,EAClB,kBAAkB,EAClB,gBAAgB,EAChB,gBAAgB,EAChB,qBAAqB,EACrB,iBAAiB,EACjB,sBAAsB,EACtB,eAAe,EACf,eAAe,EACf,kBAAkB,GAKnB,MAAM,mBAAmB,CAAC;AAE3B,mBAAmB;AACnB,OAAO,EACL,mBAAmB,EACnB,mBAAmB,EACnB,WAAW,EACX,WAAW,EACX,mBAAmB,EACnB,aAAa,EACb,cAAc,EACd,aAAa,GAId,MAAM,uBAAuB,CAAC;AAE/B,iCAAiC;AACjC,OAAO,EACL,mBAAmB,EACnB,mBAAmB,EACnB,aAAa,EACb,gBAAgB,EAChB,iBAAiB,GAMlB,MAAM,0BAA0B,CAAC;AAElC,sBAAsB;AACtB,OAAO,EACL,cAAc,EACd,kBAAkB,EAClB,uBAAuB,EACvB,mBAAmB,EACnB,oBAAoB,EACpB,qBAAqB,EACrB,aAAa,EACb,sBAAsB,GAKvB,MAAM,uBAAuB,CAAC"}

package/dist/security/output-sanitizer.d.ts

@@ -0,0 +1,132 @@
+/**
+ * CBrowser - Cognitive Browser Automation
+ * Copyright 2026 Alexandria Eden alexandria.shai.eden@gmail.com
+ * Learn more at https://cbrowser.ai - MIT License
+ */
+/**
+ * Output Sanitization Pipeline for CBrowser MCP Server
+ *
+ * Sanitizes extracted page content to prevent prompt injection attacks.
+ * This module protects against:
+ * - Direct injection patterns (e.g., "ignore previous instructions")
+ * - Hidden text using zero-width characters
+ * - Unicode tricks (homoglyphs, direction overrides)
+ * - Encoded content that may hide malicious instructions
+ *
+ * Usage:
+ *   import { sanitizeOutput } from "./security/output-sanitizer.js";
+ *
+ *   const result = sanitizeOutput(extractedPageContent);
+ *   if (result.wasSanitized) {
+ *     console.warn("Suspicious content detected:", result.issuesFound);
+ *   }
+ *   // Use result.content which is wrapped and sanitized
+ */
+/**
+ * Type of sanitization issue detected
+ */
+export type IssueType = "injection_pattern" | "hidden_text" | "encoded_content" | "unicode_trick";
+/**
+ * Action taken for a detected issue
+ */
+export type IssueAction = "removed" | "flagged" | "wrapped";
+/**
+ * A single sanitization issue found in content
+ */
+export interface SanitizationIssue {
+    /** Category of the issue */
+    type: IssueType;
+    /** Pattern category that matched (e.g., "ignore_instructions") */
+    pattern: string;
+    /** The actual text that matched */
+    match: string;
+    /** Action taken on this issue */
+    action: IssueAction;
+    /** Character position where match was found */
+    position?: number;
+}
+/**
+ * Result of sanitizing content
+ */
+export interface SanitizationResult {
+    /** The sanitized and wrapped content */
+    content: string;
+    /** Whether any sanitization was performed */
+    wasSanitized: boolean;
+    /** List of issues found during sanitization */
+    issuesFound: SanitizationIssue[];
+    /** Whether content was wrapped with delimiters */
+    wrappedWithDelimiters: boolean;
+}
+/**
+ * Detect injection patterns in content.
+ *
+ * @param content - The content to scan
+ * @returns Array of issues found
+ */
+export declare function detectInjectionPatterns(content: string): SanitizationIssue[];
+/**
+ * Detect hidden content using zero-width characters and direction overrides.
+ *
+ * @param content - The content to scan
+ * @returns Array of issues found
+ */
+export declare function detectHiddenContent(content: string): SanitizationIssue[];
+/**
+ * Detect potentially encoded malicious content.
+ *
+ * @param content - The content to scan
+ * @returns Array of issues found
+ */
+export declare function detectEncodedContent(content: string): SanitizationIssue[];
+/**
+ * Strip hidden characters from content.
+ *
+ * @param content - The content to clean
+ * @returns Content with hidden characters removed
+ */
+export declare function stripHiddenCharacters(content: string): string;
+/**
+ * Wrap content with delimiters and optional warnings.
+ *
+ * @param content - The content to wrap
+ * @param warnings - Optional array of warning messages
+ * @returns Wrapped content string
+ */
+export declare function wrapWithDelimiters(content: string, warnings?: string[]): string;
+/**
+ * Main sanitization function. Analyzes content for injection attempts,
+ * hidden characters, and other suspicious patterns.
+ *
+ * @param content - The extracted page content to sanitize
+ * @returns Sanitization result with cleaned content and issues found
+ *
+ * @example
+ * ```typescript
+ * const pageContent = await browser.extract("text");
+ * const result = sanitizeOutput(pageContent);
+ *
+ * if (result.wasSanitized) {
+ *   console.warn("Found suspicious content:", result.issuesFound);
+ * }
+ *
+ * // Use result.content which is wrapped with delimiters
+ * return result.content;
+ * ```
+ */
+export declare function sanitizeOutput(content: string): SanitizationResult;
+/**
+ * Quick check if content appears safe (no injection patterns).
+ *
+ * @param content - Content to check
+ * @returns true if no injection patterns found
+ */
+export declare function isContentSafe(content: string): boolean;
+/**
+ * Get a summary of sanitization for logging.
+ *
+ * @param result - Sanitization result to summarize
+ * @returns Human-readable summary string
+ */
+export declare function getSanitizationSummary(result: SanitizationResult): string;
+//# sourceMappingURL=output-sanitizer.d.ts.map

package/dist/security/output-sanitizer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"output-sanitizer.d.ts","sourceRoot":"","sources":["../../src/security/output-sanitizer.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH;;;;;;;;;;;;;;;;;;GAkBG;AAMH;;GAEG;AACH,MAAM,MAAM,SAAS,GAAG,mBAAmB,GAAG,aAAa,GAAG,iBAAiB,GAAG,eAAe,CAAC;AAElG;;GAEG;AACH,MAAM,MAAM,WAAW,GAAG,SAAS,GAAG,SAAS,GAAG,SAAS,CAAC;AAE5D;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,4BAA4B;IAC5B,IAAI,EAAE,SAAS,CAAC;IAChB,kEAAkE;IAClE,OAAO,EAAE,MAAM,CAAC;IAChB,mCAAmC;IACnC,KAAK,EAAE,MAAM,CAAC;IACd,iCAAiC;IACjC,MAAM,EAAE,WAAW,CAAC;IACpB,+CAA+C;IAC/C,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,wCAAwC;IACxC,OAAO,EAAE,MAAM,CAAC;IAChB,6CAA6C;IAC7C,YAAY,EAAE,OAAO,CAAC;IACtB,+CAA+C;IAC/C,WAAW,EAAE,iBAAiB,EAAE,CAAC;IACjC,kDAAkD;IAClD,qBAAqB,EAAE,OAAO,CAAC;CAChC;AA0ID;;;;;GAKG;AACH,wBAAgB,uBAAuB,CAAC,OAAO,EAAE,MAAM,GAAG,iBAAiB,EAAE,CAoB5E;AAED;;;;;GAKG;AACH,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,MAAM,GAAG,iBAAiB,EAAE,CA6CxE;AAED;;;;;GAKG;AACH,wBAAgB,oBAAoB,CAAC,OAAO,EAAE,MAAM,GAAG,iBAAiB,EAAE,CAmBzE;AAED;;;;;GAKG;AACH,wBAAgB,qBAAqB,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,CAU7D;AAED;;;;;;GAMG;AACH,wBAAgB,kBAAkB,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,GAAE,MAAM,EAAO,GAAG,MAAM,CAgBnF;AAED;;;;;;;;;;;;;;;;;;;GAmBG;AACH,wBAAgB,cAAc,CAAC,OAAO,EAAE,MAAM,GAAG,kBAAkB,CA4ClE;AAED;;;;;GAKG;AACH,wBAAgB,aAAa,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAGtD;AAED;;;;;GAKG;AACH,wBAAgB,sBAAsB,CAAC,MAAM,EAAE,kBAAkB,GAAG,MAAM,CAmBzE"}