clawsec 0.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +560 -0
- package/dist/bin/clawsec.d.ts +7 -0
- package/dist/bin/clawsec.d.ts.map +1 -0
- package/dist/bin/clawsec.js +12 -0
- package/dist/bin/clawsec.js.map +1 -0
- package/dist/src/actions/block.d.ts +22 -0
- package/dist/src/actions/block.d.ts.map +1 -0
- package/dist/src/actions/block.js +83 -0
- package/dist/src/actions/block.js.map +1 -0
- package/dist/src/actions/confirm.d.ts +35 -0
- package/dist/src/actions/confirm.d.ts.map +1 -0
- package/dist/src/actions/confirm.js +156 -0
- package/dist/src/actions/confirm.js.map +1 -0
- package/dist/src/actions/executor.d.ts +64 -0
- package/dist/src/actions/executor.d.ts.map +1 -0
- package/dist/src/actions/executor.js +114 -0
- package/dist/src/actions/executor.js.map +1 -0
- package/dist/src/actions/index.d.ts +13 -0
- package/dist/src/actions/index.d.ts.map +1 -0
- package/dist/src/actions/index.js +15 -0
- package/dist/src/actions/index.js.map +1 -0
- package/dist/src/actions/log.d.ts +19 -0
- package/dist/src/actions/log.d.ts.map +1 -0
- package/dist/src/actions/log.js +63 -0
- package/dist/src/actions/log.js.map +1 -0
- package/dist/src/actions/types.d.ts +85 -0
- package/dist/src/actions/types.d.ts.map +1 -0
- package/dist/src/actions/types.js +78 -0
- package/dist/src/actions/types.js.map +1 -0
- package/dist/src/actions/warn.d.ts +22 -0
- package/dist/src/actions/warn.d.ts.map +1 -0
- package/dist/src/actions/warn.js +84 -0
- package/dist/src/actions/warn.js.map +1 -0
- package/dist/src/approval/agent-confirm.d.ts +104 -0
- package/dist/src/approval/agent-confirm.d.ts.map +1 -0
- package/dist/src/approval/agent-confirm.js +173 -0
- package/dist/src/approval/agent-confirm.js.map +1 -0
- package/dist/src/approval/index.d.ts +14 -0
- package/dist/src/approval/index.d.ts.map +1 -0
- package/dist/src/approval/index.js +9 -0
- package/dist/src/approval/index.js.map +1 -0
- package/dist/src/approval/native.d.ts +56 -0
- package/dist/src/approval/native.d.ts.map +1 -0
- package/dist/src/approval/native.js +196 -0
- package/dist/src/approval/native.js.map +1 -0
- package/dist/src/approval/store.d.ts +88 -0
- package/dist/src/approval/store.d.ts.map +1 -0
- package/dist/src/approval/store.js +192 -0
- package/dist/src/approval/store.js.map +1 -0
- package/dist/src/approval/types.d.ts +119 -0
- package/dist/src/approval/types.d.ts.map +1 -0
- package/dist/src/approval/types.js +6 -0
- package/dist/src/approval/types.js.map +1 -0
- package/dist/src/approval/webhook.d.ts +170 -0
- package/dist/src/approval/webhook.d.ts.map +1 -0
- package/dist/src/approval/webhook.js +362 -0
- package/dist/src/approval/webhook.js.map +1 -0
- package/dist/src/cli/commands/audit.d.ts +43 -0
- package/dist/src/cli/commands/audit.d.ts.map +1 -0
- package/dist/src/cli/commands/audit.js +115 -0
- package/dist/src/cli/commands/audit.js.map +1 -0
- package/dist/src/cli/commands/feedback.d.ts +27 -0
- package/dist/src/cli/commands/feedback.d.ts.map +1 -0
- package/dist/src/cli/commands/feedback.js +228 -0
- package/dist/src/cli/commands/feedback.js.map +1 -0
- package/dist/src/cli/commands/index.d.ts +11 -0
- package/dist/src/cli/commands/index.d.ts.map +1 -0
- package/dist/src/cli/commands/index.js +13 -0
- package/dist/src/cli/commands/index.js.map +1 -0
- package/dist/src/cli/commands/status.d.ts +20 -0
- package/dist/src/cli/commands/status.d.ts.map +1 -0
- package/dist/src/cli/commands/status.js +122 -0
- package/dist/src/cli/commands/status.js.map +1 -0
- package/dist/src/cli/commands/test.d.ts +23 -0
- package/dist/src/cli/commands/test.d.ts.map +1 -0
- package/dist/src/cli/commands/test.js +134 -0
- package/dist/src/cli/commands/test.js.map +1 -0
- package/dist/src/cli/commands/types.d.ts +81 -0
- package/dist/src/cli/commands/types.d.ts.map +1 -0
- package/dist/src/cli/commands/types.js +6 -0
- package/dist/src/cli/commands/types.js.map +1 -0
- package/dist/src/cli/index.d.ts +17 -0
- package/dist/src/cli/index.d.ts.map +1 -0
- package/dist/src/cli/index.js +267 -0
- package/dist/src/cli/index.js.map +1 -0
- package/dist/src/config/defaults.d.ts +20 -0
- package/dist/src/config/defaults.d.ts.map +1 -0
- package/dist/src/config/defaults.js +123 -0
- package/dist/src/config/defaults.js.map +1 -0
- package/dist/src/config/index.d.ts +8 -0
- package/dist/src/config/index.d.ts.map +1 -0
- package/dist/src/config/index.js +41 -0
- package/dist/src/config/index.js.map +1 -0
- package/dist/src/config/loader.d.ts +99 -0
- package/dist/src/config/loader.d.ts.map +1 -0
- package/dist/src/config/loader.js +242 -0
- package/dist/src/config/loader.js.map +1 -0
- package/dist/src/config/schema.d.ts +627 -0
- package/dist/src/config/schema.d.ts.map +1 -0
- package/dist/src/config/schema.js +585 -0
- package/dist/src/config/schema.js.map +1 -0
- package/dist/src/detectors/destructive/cloud-detector.d.ts +51 -0
- package/dist/src/detectors/destructive/cloud-detector.d.ts.map +1 -0
- package/dist/src/detectors/destructive/cloud-detector.js +556 -0
- package/dist/src/detectors/destructive/cloud-detector.js.map +1 -0
- package/dist/src/detectors/destructive/code-detector.d.ts +59 -0
- package/dist/src/detectors/destructive/code-detector.d.ts.map +1 -0
- package/dist/src/detectors/destructive/code-detector.js +558 -0
- package/dist/src/detectors/destructive/code-detector.js.map +1 -0
- package/dist/src/detectors/destructive/index.d.ts +54 -0
- package/dist/src/detectors/destructive/index.d.ts.map +1 -0
- package/dist/src/detectors/destructive/index.js +168 -0
- package/dist/src/detectors/destructive/index.js.map +1 -0
- package/dist/src/detectors/destructive/shell-detector.d.ts +43 -0
- package/dist/src/detectors/destructive/shell-detector.d.ts.map +1 -0
- package/dist/src/detectors/destructive/shell-detector.js +302 -0
- package/dist/src/detectors/destructive/shell-detector.js.map +1 -0
- package/dist/src/detectors/destructive/types.d.ts +143 -0
- package/dist/src/detectors/destructive/types.d.ts.map +1 -0
- package/dist/src/detectors/destructive/types.js +6 -0
- package/dist/src/detectors/destructive/types.js.map +1 -0
- package/dist/src/detectors/exfiltration/cloud-detector.d.ts +51 -0
- package/dist/src/detectors/exfiltration/cloud-detector.d.ts.map +1 -0
- package/dist/src/detectors/exfiltration/cloud-detector.js +427 -0
- package/dist/src/detectors/exfiltration/cloud-detector.js.map +1 -0
- package/dist/src/detectors/exfiltration/http-detector.d.ts +47 -0
- package/dist/src/detectors/exfiltration/http-detector.d.ts.map +1 -0
- package/dist/src/detectors/exfiltration/http-detector.js +429 -0
- package/dist/src/detectors/exfiltration/http-detector.js.map +1 -0
- package/dist/src/detectors/exfiltration/index.d.ts +44 -0
- package/dist/src/detectors/exfiltration/index.d.ts.map +1 -0
- package/dist/src/detectors/exfiltration/index.js +118 -0
- package/dist/src/detectors/exfiltration/index.js.map +1 -0
- package/dist/src/detectors/exfiltration/network-detector.d.ts +55 -0
- package/dist/src/detectors/exfiltration/network-detector.d.ts.map +1 -0
- package/dist/src/detectors/exfiltration/network-detector.js +504 -0
- package/dist/src/detectors/exfiltration/network-detector.js.map +1 -0
- package/dist/src/detectors/exfiltration/types.d.ts +139 -0
- package/dist/src/detectors/exfiltration/types.d.ts.map +1 -0
- package/dist/src/detectors/exfiltration/types.js +6 -0
- package/dist/src/detectors/exfiltration/types.js.map +1 -0
- package/dist/src/detectors/purchase/domain-detector.d.ts +44 -0
- package/dist/src/detectors/purchase/domain-detector.d.ts.map +1 -0
- package/dist/src/detectors/purchase/domain-detector.js +296 -0
- package/dist/src/detectors/purchase/domain-detector.js.map +1 -0
- package/dist/src/detectors/purchase/form-detector.d.ts +27 -0
- package/dist/src/detectors/purchase/form-detector.d.ts.map +1 -0
- package/dist/src/detectors/purchase/form-detector.js +344 -0
- package/dist/src/detectors/purchase/form-detector.js.map +1 -0
- package/dist/src/detectors/purchase/index.d.ts +65 -0
- package/dist/src/detectors/purchase/index.d.ts.map +1 -0
- package/dist/src/detectors/purchase/index.js +216 -0
- package/dist/src/detectors/purchase/index.js.map +1 -0
- package/dist/src/detectors/purchase/spend-tracker.d.ts +132 -0
- package/dist/src/detectors/purchase/spend-tracker.d.ts.map +1 -0
- package/dist/src/detectors/purchase/spend-tracker.js +313 -0
- package/dist/src/detectors/purchase/spend-tracker.js.map +1 -0
- package/dist/src/detectors/purchase/types.d.ts +139 -0
- package/dist/src/detectors/purchase/types.d.ts.map +1 -0
- package/dist/src/detectors/purchase/types.js +6 -0
- package/dist/src/detectors/purchase/types.js.map +1 -0
- package/dist/src/detectors/purchase/url-detector.d.ts +31 -0
- package/dist/src/detectors/purchase/url-detector.d.ts.map +1 -0
- package/dist/src/detectors/purchase/url-detector.js +292 -0
- package/dist/src/detectors/purchase/url-detector.js.map +1 -0
- package/dist/src/detectors/secrets/api-key-detector.d.ts +30 -0
- package/dist/src/detectors/secrets/api-key-detector.d.ts.map +1 -0
- package/dist/src/detectors/secrets/api-key-detector.js +297 -0
- package/dist/src/detectors/secrets/api-key-detector.js.map +1 -0
- package/dist/src/detectors/secrets/index.d.ts +43 -0
- package/dist/src/detectors/secrets/index.d.ts.map +1 -0
- package/dist/src/detectors/secrets/index.js +261 -0
- package/dist/src/detectors/secrets/index.js.map +1 -0
- package/dist/src/detectors/secrets/pii-detector.d.ts +54 -0
- package/dist/src/detectors/secrets/pii-detector.d.ts.map +1 -0
- package/dist/src/detectors/secrets/pii-detector.js +286 -0
- package/dist/src/detectors/secrets/pii-detector.js.map +1 -0
- package/dist/src/detectors/secrets/token-detector.d.ts +51 -0
- package/dist/src/detectors/secrets/token-detector.d.ts.map +1 -0
- package/dist/src/detectors/secrets/token-detector.js +233 -0
- package/dist/src/detectors/secrets/token-detector.js.map +1 -0
- package/dist/src/detectors/secrets/types.d.ts +157 -0
- package/dist/src/detectors/secrets/types.d.ts.map +1 -0
- package/dist/src/detectors/secrets/types.js +6 -0
- package/dist/src/detectors/secrets/types.js.map +1 -0
- package/dist/src/detectors/website/category-detector.d.ts +22 -0
- package/dist/src/detectors/website/category-detector.d.ts.map +1 -0
- package/dist/src/detectors/website/category-detector.js +162 -0
- package/dist/src/detectors/website/category-detector.js.map +1 -0
- package/dist/src/detectors/website/index.d.ts +53 -0
- package/dist/src/detectors/website/index.d.ts.map +1 -0
- package/dist/src/detectors/website/index.js +232 -0
- package/dist/src/detectors/website/index.js.map +1 -0
- package/dist/src/detectors/website/pattern-matcher.d.ts +33 -0
- package/dist/src/detectors/website/pattern-matcher.d.ts.map +1 -0
- package/dist/src/detectors/website/pattern-matcher.js +121 -0
- package/dist/src/detectors/website/pattern-matcher.js.map +1 -0
- package/dist/src/detectors/website/types.d.ts +105 -0
- package/dist/src/detectors/website/types.d.ts.map +1 -0
- package/dist/src/detectors/website/types.js +6 -0
- package/dist/src/detectors/website/types.js.map +1 -0
- package/dist/src/engine/analyzer.d.ts +87 -0
- package/dist/src/engine/analyzer.d.ts.map +1 -0
- package/dist/src/engine/analyzer.js +427 -0
- package/dist/src/engine/analyzer.js.map +1 -0
- package/dist/src/engine/cache.d.ts +80 -0
- package/dist/src/engine/cache.d.ts.map +1 -0
- package/dist/src/engine/cache.js +167 -0
- package/dist/src/engine/cache.js.map +1 -0
- package/dist/src/engine/index.d.ts +11 -0
- package/dist/src/engine/index.d.ts.map +1 -0
- package/dist/src/engine/index.js +11 -0
- package/dist/src/engine/index.js.map +1 -0
- package/dist/src/engine/llm-client.d.ts +210 -0
- package/dist/src/engine/llm-client.d.ts.map +1 -0
- package/dist/src/engine/llm-client.js +506 -0
- package/dist/src/engine/llm-client.js.map +1 -0
- package/dist/src/engine/types.d.ts +163 -0
- package/dist/src/engine/types.d.ts.map +1 -0
- package/dist/src/engine/types.js +21 -0
- package/dist/src/engine/types.js.map +1 -0
- package/dist/src/feedback/index.d.ts +9 -0
- package/dist/src/feedback/index.d.ts.map +1 -0
- package/dist/src/feedback/index.js +8 -0
- package/dist/src/feedback/index.js.map +1 -0
- package/dist/src/feedback/learner.d.ts +222 -0
- package/dist/src/feedback/learner.d.ts.map +1 -0
- package/dist/src/feedback/learner.js +401 -0
- package/dist/src/feedback/learner.js.map +1 -0
- package/dist/src/feedback/store.d.ts +113 -0
- package/dist/src/feedback/store.d.ts.map +1 -0
- package/dist/src/feedback/store.js +228 -0
- package/dist/src/feedback/store.js.map +1 -0
- package/dist/src/feedback/types.d.ts +126 -0
- package/dist/src/feedback/types.d.ts.map +1 -0
- package/dist/src/feedback/types.js +6 -0
- package/dist/src/feedback/types.js.map +1 -0
- package/dist/src/hooks/before-agent-start/handler.d.ts +37 -0
- package/dist/src/hooks/before-agent-start/handler.d.ts.map +1 -0
- package/dist/src/hooks/before-agent-start/handler.js +109 -0
- package/dist/src/hooks/before-agent-start/handler.js.map +1 -0
- package/dist/src/hooks/before-agent-start/index.d.ts +8 -0
- package/dist/src/hooks/before-agent-start/index.d.ts.map +1 -0
- package/dist/src/hooks/before-agent-start/index.js +7 -0
- package/dist/src/hooks/before-agent-start/index.js.map +1 -0
- package/dist/src/hooks/before-agent-start/prompts.d.ts +48 -0
- package/dist/src/hooks/before-agent-start/prompts.d.ts.map +1 -0
- package/dist/src/hooks/before-agent-start/prompts.js +103 -0
- package/dist/src/hooks/before-agent-start/prompts.js.map +1 -0
- package/dist/src/hooks/before-tool-call/handler.d.ts +42 -0
- package/dist/src/hooks/before-tool-call/handler.d.ts.map +1 -0
- package/dist/src/hooks/before-tool-call/handler.js +226 -0
- package/dist/src/hooks/before-tool-call/handler.js.map +1 -0
- package/dist/src/hooks/before-tool-call/index.d.ts +7 -0
- package/dist/src/hooks/before-tool-call/index.d.ts.map +1 -0
- package/dist/src/hooks/before-tool-call/index.js +6 -0
- package/dist/src/hooks/before-tool-call/index.js.map +1 -0
- package/dist/src/hooks/tool-result-persist/filter.d.ts +72 -0
- package/dist/src/hooks/tool-result-persist/filter.d.ts.map +1 -0
- package/dist/src/hooks/tool-result-persist/filter.js +305 -0
- package/dist/src/hooks/tool-result-persist/filter.js.map +1 -0
- package/dist/src/hooks/tool-result-persist/handler.d.ts +49 -0
- package/dist/src/hooks/tool-result-persist/handler.d.ts.map +1 -0
- package/dist/src/hooks/tool-result-persist/handler.js +217 -0
- package/dist/src/hooks/tool-result-persist/handler.js.map +1 -0
- package/dist/src/hooks/tool-result-persist/index.d.ts +11 -0
- package/dist/src/hooks/tool-result-persist/index.d.ts.map +1 -0
- package/dist/src/hooks/tool-result-persist/index.js +11 -0
- package/dist/src/hooks/tool-result-persist/index.js.map +1 -0
- package/dist/src/index.d.ts +256 -0
- package/dist/src/index.d.ts.map +1 -0
- package/dist/src/index.js +222 -0
- package/dist/src/index.js.map +1 -0
- package/dist/src/notifications/discord.d.ts +10 -0
- package/dist/src/notifications/discord.d.ts.map +1 -0
- package/dist/src/notifications/discord.js +218 -0
- package/dist/src/notifications/discord.js.map +1 -0
- package/dist/src/notifications/index.d.ts +37 -0
- package/dist/src/notifications/index.d.ts.map +1 -0
- package/dist/src/notifications/index.js +68 -0
- package/dist/src/notifications/index.js.map +1 -0
- package/dist/src/notifications/slack.d.ts +10 -0
- package/dist/src/notifications/slack.d.ts.map +1 -0
- package/dist/src/notifications/slack.js +218 -0
- package/dist/src/notifications/slack.js.map +1 -0
- package/dist/src/notifications/telegram.d.ts +10 -0
- package/dist/src/notifications/telegram.d.ts.map +1 -0
- package/dist/src/notifications/telegram.js +242 -0
- package/dist/src/notifications/telegram.js.map +1 -0
- package/dist/src/notifications/types.d.ts +119 -0
- package/dist/src/notifications/types.d.ts.map +1 -0
- package/dist/src/notifications/types.js +6 -0
- package/dist/src/notifications/types.js.map +1 -0
- package/dist/src/proxy/index.d.ts +8 -0
- package/dist/src/proxy/index.d.ts.map +1 -0
- package/dist/src/proxy/index.js +9 -0
- package/dist/src/proxy/index.js.map +1 -0
- package/dist/src/proxy/middleware.d.ts +55 -0
- package/dist/src/proxy/middleware.d.ts.map +1 -0
- package/dist/src/proxy/middleware.js +215 -0
- package/dist/src/proxy/middleware.js.map +1 -0
- package/dist/src/proxy/server.d.ts +57 -0
- package/dist/src/proxy/server.d.ts.map +1 -0
- package/dist/src/proxy/server.js +298 -0
- package/dist/src/proxy/server.js.map +1 -0
- package/dist/src/proxy/types.d.ts +136 -0
- package/dist/src/proxy/types.d.ts.map +1 -0
- package/dist/src/proxy/types.js +6 -0
- package/dist/src/proxy/types.js.map +1 -0
- package/dist/src/sanitization/index.d.ts +10 -0
- package/dist/src/sanitization/index.d.ts.map +1 -0
- package/dist/src/sanitization/index.js +9 -0
- package/dist/src/sanitization/index.js.map +1 -0
- package/dist/src/sanitization/patterns.d.ts +51 -0
- package/dist/src/sanitization/patterns.d.ts.map +1 -0
- package/dist/src/sanitization/patterns.js +266 -0
- package/dist/src/sanitization/patterns.js.map +1 -0
- package/dist/src/sanitization/scanner.d.ts +29 -0
- package/dist/src/sanitization/scanner.d.ts.map +1 -0
- package/dist/src/sanitization/scanner.js +328 -0
- package/dist/src/sanitization/scanner.js.map +1 -0
- package/dist/src/sanitization/types.d.ts +57 -0
- package/dist/src/sanitization/types.d.ts.map +1 -0
- package/dist/src/sanitization/types.js +5 -0
- package/dist/src/sanitization/types.js.map +1 -0
- package/openclaw.plugin.json +114 -0
- package/package.json +63 -0
- package/rules/builtin/README.md +139 -0
- package/rules/builtin/ai-services.yaml +70 -0
- package/rules/builtin/api-keys.yaml +64 -0
- package/rules/builtin/authentication.yaml +56 -0
- package/rules/builtin/aws-security.yaml +57 -0
- package/rules/builtin/azure-security.yaml +58 -0
- package/rules/builtin/cicd-security.yaml +64 -0
- package/rules/builtin/cloud-storage.yaml +64 -0
- package/rules/builtin/container-registry.yaml +55 -0
- package/rules/builtin/crypto-wallets.yaml +71 -0
- package/rules/builtin/database-nosql.yaml +58 -0
- package/rules/builtin/database-sql.yaml +62 -0
- package/rules/builtin/development-env.yaml +67 -0
- package/rules/builtin/docker.yaml +57 -0
- package/rules/builtin/filesystem.yaml +71 -0
- package/rules/builtin/financial-pci.yaml +61 -0
- package/rules/builtin/gcp-security.yaml +57 -0
- package/rules/builtin/git-operations.yaml +68 -0
- package/rules/builtin/healthcare-hipaa.yaml +64 -0
- package/rules/builtin/kubernetes.yaml +60 -0
- package/rules/builtin/messaging-services.yaml +53 -0
- package/rules/builtin/minimal.yaml +47 -0
- package/rules/builtin/mobile-development.yaml +61 -0
- package/rules/builtin/monitoring.yaml +63 -0
- package/rules/builtin/network-security.yaml +57 -0
- package/rules/builtin/package-managers.yaml +74 -0
- package/rules/builtin/payment-processing.yaml +66 -0
- package/rules/builtin/pii-protection.yaml +48 -0
- package/rules/builtin/production-strict.yaml +55 -0
- package/rules/builtin/secrets-management.yaml +63 -0
- package/rules/builtin/serverless.yaml +74 -0
- package/rules/builtin/ssh-security.yaml +66 -0
- package/rules/builtin/terraform.yaml +51 -0
- package/rules/builtin/web-security.yaml +62 -0
|
@@ -0,0 +1,53 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Website Detector
|
|
3
|
+
* Main detector that controls which websites an AI agent can navigate to
|
|
4
|
+
*
|
|
5
|
+
* Supports two modes:
|
|
6
|
+
* - Allowlist mode: Only pre-approved domains are accessible
|
|
7
|
+
* - Blocklist mode: Everything except blocked domains is accessible
|
|
8
|
+
*
|
|
9
|
+
* Additionally performs category-based detection for malware, phishing, etc.
|
|
10
|
+
*/
|
|
11
|
+
import type { DetectionContext, WebsiteDetectionResult, WebsiteDetector as IWebsiteDetector, WebsiteDetectorConfig } from './types.js';
|
|
12
|
+
import type { WebsiteRule, FilterMode } from '../../config/index.js';
|
|
13
|
+
export * from './types.js';
|
|
14
|
+
export { extractDomain, extractUrlFromContext, matchesAnyPattern, matchesGlobPattern, globToRegex, } from './pattern-matcher.js';
|
|
15
|
+
export { detectCategory, isDangerousCategory, isWarningCategory, getCategorySeverityDescription, } from './category-detector.js';
|
|
16
|
+
/**
|
|
17
|
+
* Main website detector implementation
|
|
18
|
+
*/
|
|
19
|
+
export declare class WebsiteDetectorImpl implements IWebsiteDetector {
|
|
20
|
+
private config;
|
|
21
|
+
constructor(config: WebsiteDetectorConfig);
|
|
22
|
+
detect(context: DetectionContext): Promise<WebsiteDetectionResult>;
|
|
23
|
+
/**
|
|
24
|
+
* Allowlist mode: Block if NOT in allowlist
|
|
25
|
+
*/
|
|
26
|
+
private checkAllowlistMode;
|
|
27
|
+
/**
|
|
28
|
+
* Blocklist mode: Block if IN blocklist
|
|
29
|
+
*/
|
|
30
|
+
private checkBlocklistMode;
|
|
31
|
+
/**
|
|
32
|
+
* Get the configured action for detected websites
|
|
33
|
+
*/
|
|
34
|
+
getAction(): "block" | "confirm" | "agent-confirm" | "warn" | "log";
|
|
35
|
+
/**
|
|
36
|
+
* Check if the detector is enabled
|
|
37
|
+
*/
|
|
38
|
+
isEnabled(): boolean;
|
|
39
|
+
/**
|
|
40
|
+
* Get the filter mode
|
|
41
|
+
*/
|
|
42
|
+
getMode(): FilterMode;
|
|
43
|
+
}
|
|
44
|
+
/**
|
|
45
|
+
* Create a website detector from WebsiteRule configuration
|
|
46
|
+
*/
|
|
47
|
+
export declare function createWebsiteDetector(rule: WebsiteRule): WebsiteDetectorImpl;
|
|
48
|
+
/**
|
|
49
|
+
* Create a website detector with default configuration
|
|
50
|
+
*/
|
|
51
|
+
export declare function createDefaultWebsiteDetector(): WebsiteDetectorImpl;
|
|
52
|
+
export default WebsiteDetectorImpl;
|
|
53
|
+
//# sourceMappingURL=index.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/detectors/website/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,KAAK,EACV,gBAAgB,EAChB,sBAAsB,EACtB,eAAe,IAAI,gBAAgB,EACnC,qBAAqB,EACtB,MAAM,YAAY,CAAC;AAWpB,OAAO,KAAK,EAAE,WAAW,EAAY,UAAU,EAAE,MAAM,uBAAuB,CAAC;AAG/E,cAAc,YAAY,CAAC;AAG3B,OAAO,EACL,aAAa,EACb,qBAAqB,EACrB,iBAAiB,EACjB,kBAAkB,EAClB,WAAW,GACZ,MAAM,sBAAsB,CAAC;AAG9B,OAAO,EACL,cAAc,EACd,mBAAmB,EACnB,iBAAiB,EACjB,8BAA8B,GAC/B,MAAM,wBAAwB,CAAC;AAkBhC;;GAEG;AACH,qBAAa,mBAAoB,YAAW,gBAAgB;IAC1D,OAAO,CAAC,MAAM,CAAwB;gBAE1B,MAAM,EAAE,qBAAqB;IAInC,MAAM,CAAC,OAAO,EAAE,gBAAgB,GAAG,OAAO,CAAC,sBAAsB,CAAC;IA6CxE;;OAEG;IACH,OAAO,CAAC,kBAAkB;IAiE1B;;OAEG;IACH,OAAO,CAAC,kBAAkB;IAiD1B;;OAEG;IACH,SAAS;IAIT;;OAEG;IACH,SAAS,IAAI,OAAO;IAIpB;;OAEG;IACH,OAAO,IAAI,UAAU;CAGtB;AAED;;GAEG;AACH,wBAAgB,qBAAqB,CAAC,IAAI,EAAE,WAAW,GAAG,mBAAmB,CAW5E;AAED;;GAEG;AACH,wBAAgB,4BAA4B,IAAI,mBAAmB,CASlE;AAGD,eAAe,mBAAmB,CAAC"}
|
|
@@ -0,0 +1,232 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Website Detector
|
|
3
|
+
* Main detector that controls which websites an AI agent can navigate to
|
|
4
|
+
*
|
|
5
|
+
* Supports two modes:
|
|
6
|
+
* - Allowlist mode: Only pre-approved domains are accessible
|
|
7
|
+
* - Blocklist mode: Everything except blocked domains is accessible
|
|
8
|
+
*
|
|
9
|
+
* Additionally performs category-based detection for malware, phishing, etc.
|
|
10
|
+
*/
|
|
11
|
+
import { extractDomain, extractUrlFromContext, matchesAnyPattern, } from './pattern-matcher.js';
|
|
12
|
+
import { detectCategory, isDangerousCategory, getCategorySeverityDescription, } from './category-detector.js';
|
|
13
|
+
// Re-export types
|
|
14
|
+
export * from './types.js';
|
|
15
|
+
// Re-export pattern matcher functions
|
|
16
|
+
export { extractDomain, extractUrlFromContext, matchesAnyPattern, matchesGlobPattern, globToRegex, } from './pattern-matcher.js';
|
|
17
|
+
// Re-export category detector functions
|
|
18
|
+
export { detectCategory, isDangerousCategory, isWarningCategory, getCategorySeverityDescription, } from './category-detector.js';
|
|
19
|
+
/**
|
|
20
|
+
* No detection result (used when disabled or allowed)
|
|
21
|
+
*/
|
|
22
|
+
function noDetection(severity, mode) {
|
|
23
|
+
return {
|
|
24
|
+
detected: false,
|
|
25
|
+
category: 'website',
|
|
26
|
+
severity,
|
|
27
|
+
confidence: 0,
|
|
28
|
+
reason: 'Website access is allowed',
|
|
29
|
+
metadata: {
|
|
30
|
+
mode,
|
|
31
|
+
},
|
|
32
|
+
};
|
|
33
|
+
}
|
|
34
|
+
/**
|
|
35
|
+
* Main website detector implementation
|
|
36
|
+
*/
|
|
37
|
+
export class WebsiteDetectorImpl {
|
|
38
|
+
config;
|
|
39
|
+
constructor(config) {
|
|
40
|
+
this.config = config;
|
|
41
|
+
}
|
|
42
|
+
async detect(context) {
|
|
43
|
+
// Check if detector is enabled
|
|
44
|
+
if (!this.config.enabled) {
|
|
45
|
+
return noDetection(this.config.severity, this.config.mode);
|
|
46
|
+
}
|
|
47
|
+
// Extract URL from context
|
|
48
|
+
const url = extractUrlFromContext(context);
|
|
49
|
+
if (!url) {
|
|
50
|
+
return noDetection(this.config.severity, this.config.mode);
|
|
51
|
+
}
|
|
52
|
+
// Extract domain from URL
|
|
53
|
+
const domain = extractDomain(url);
|
|
54
|
+
if (!domain) {
|
|
55
|
+
return noDetection(this.config.severity, this.config.mode);
|
|
56
|
+
}
|
|
57
|
+
// First, check for dangerous categories (malware, phishing) regardless of mode
|
|
58
|
+
const categoryResult = detectCategory(domain);
|
|
59
|
+
if (categoryResult.detected && categoryResult.category && isDangerousCategory(categoryResult.category)) {
|
|
60
|
+
return {
|
|
61
|
+
detected: true,
|
|
62
|
+
category: 'website',
|
|
63
|
+
severity: 'critical', // Always critical for dangerous categories
|
|
64
|
+
confidence: categoryResult.confidence,
|
|
65
|
+
reason: `Blocked: ${getCategorySeverityDescription(categoryResult.category)} detected`,
|
|
66
|
+
metadata: {
|
|
67
|
+
url,
|
|
68
|
+
domain,
|
|
69
|
+
matchedPattern: categoryResult.matchedPattern,
|
|
70
|
+
mode: this.config.mode,
|
|
71
|
+
websiteCategory: categoryResult.category,
|
|
72
|
+
},
|
|
73
|
+
};
|
|
74
|
+
}
|
|
75
|
+
// Apply mode-based filtering
|
|
76
|
+
if (this.config.mode === 'allowlist') {
|
|
77
|
+
return this.checkAllowlistMode(url, domain, categoryResult);
|
|
78
|
+
}
|
|
79
|
+
else {
|
|
80
|
+
return this.checkBlocklistMode(url, domain, categoryResult);
|
|
81
|
+
}
|
|
82
|
+
}
|
|
83
|
+
/**
|
|
84
|
+
* Allowlist mode: Block if NOT in allowlist
|
|
85
|
+
*/
|
|
86
|
+
checkAllowlistMode(url, domain, categoryResult) {
|
|
87
|
+
const allowlist = this.config.allowlist;
|
|
88
|
+
// If allowlist is empty, block everything
|
|
89
|
+
if (allowlist.length === 0) {
|
|
90
|
+
return {
|
|
91
|
+
detected: true,
|
|
92
|
+
category: 'website',
|
|
93
|
+
severity: this.config.severity,
|
|
94
|
+
confidence: 0.99,
|
|
95
|
+
reason: 'Blocked: No websites are allowed (empty allowlist)',
|
|
96
|
+
metadata: {
|
|
97
|
+
url,
|
|
98
|
+
domain,
|
|
99
|
+
mode: 'allowlist',
|
|
100
|
+
websiteCategory: categoryResult.category,
|
|
101
|
+
},
|
|
102
|
+
};
|
|
103
|
+
}
|
|
104
|
+
// Check if domain is in allowlist
|
|
105
|
+
const allowlistMatch = matchesAnyPattern(domain, allowlist);
|
|
106
|
+
if (allowlistMatch.matched) {
|
|
107
|
+
// Domain is allowed
|
|
108
|
+
return {
|
|
109
|
+
detected: false,
|
|
110
|
+
category: 'website',
|
|
111
|
+
severity: this.config.severity,
|
|
112
|
+
confidence: 0,
|
|
113
|
+
reason: `Website is allowed: ${domain} matched allowlist pattern "${allowlistMatch.pattern}"`,
|
|
114
|
+
metadata: {
|
|
115
|
+
url,
|
|
116
|
+
domain,
|
|
117
|
+
matchedPattern: allowlistMatch.pattern,
|
|
118
|
+
mode: 'allowlist',
|
|
119
|
+
},
|
|
120
|
+
};
|
|
121
|
+
}
|
|
122
|
+
// Domain is NOT in allowlist - block it
|
|
123
|
+
let reason = `Blocked: ${domain} is not in the allowlist`;
|
|
124
|
+
if (categoryResult.detected && categoryResult.category) {
|
|
125
|
+
reason += ` (detected as ${getCategorySeverityDescription(categoryResult.category)})`;
|
|
126
|
+
}
|
|
127
|
+
return {
|
|
128
|
+
detected: true,
|
|
129
|
+
category: 'website',
|
|
130
|
+
severity: this.config.severity,
|
|
131
|
+
confidence: 0.95,
|
|
132
|
+
reason,
|
|
133
|
+
metadata: {
|
|
134
|
+
url,
|
|
135
|
+
domain,
|
|
136
|
+
mode: 'allowlist',
|
|
137
|
+
websiteCategory: categoryResult.category,
|
|
138
|
+
},
|
|
139
|
+
};
|
|
140
|
+
}
|
|
141
|
+
/**
|
|
142
|
+
* Blocklist mode: Block if IN blocklist
|
|
143
|
+
*/
|
|
144
|
+
checkBlocklistMode(url, domain, categoryResult) {
|
|
145
|
+
const blocklist = this.config.blocklist;
|
|
146
|
+
// Check if domain is in blocklist
|
|
147
|
+
const blocklistMatch = matchesAnyPattern(domain, blocklist);
|
|
148
|
+
if (blocklistMatch.matched) {
|
|
149
|
+
return {
|
|
150
|
+
detected: true,
|
|
151
|
+
category: 'website',
|
|
152
|
+
severity: this.config.severity,
|
|
153
|
+
confidence: blocklistMatch.confidence,
|
|
154
|
+
reason: `Blocked: ${domain} matched blocklist pattern "${blocklistMatch.pattern}"`,
|
|
155
|
+
metadata: {
|
|
156
|
+
url,
|
|
157
|
+
domain,
|
|
158
|
+
matchedPattern: blocklistMatch.pattern,
|
|
159
|
+
mode: 'blocklist',
|
|
160
|
+
websiteCategory: categoryResult.category,
|
|
161
|
+
},
|
|
162
|
+
};
|
|
163
|
+
}
|
|
164
|
+
// Check for warning categories (gambling, adult) - detected but with warning
|
|
165
|
+
if (categoryResult.detected && categoryResult.category) {
|
|
166
|
+
return {
|
|
167
|
+
detected: true,
|
|
168
|
+
category: 'website',
|
|
169
|
+
severity: 'medium', // Lower severity for warning categories
|
|
170
|
+
confidence: categoryResult.confidence,
|
|
171
|
+
reason: `Warning: ${getCategorySeverityDescription(categoryResult.category)} detected`,
|
|
172
|
+
metadata: {
|
|
173
|
+
url,
|
|
174
|
+
domain,
|
|
175
|
+
matchedPattern: categoryResult.matchedPattern,
|
|
176
|
+
mode: 'blocklist',
|
|
177
|
+
websiteCategory: categoryResult.category,
|
|
178
|
+
},
|
|
179
|
+
};
|
|
180
|
+
}
|
|
181
|
+
// Domain is allowed (not in blocklist and no category detected)
|
|
182
|
+
return noDetection(this.config.severity, this.config.mode);
|
|
183
|
+
}
|
|
184
|
+
/**
|
|
185
|
+
* Get the configured action for detected websites
|
|
186
|
+
*/
|
|
187
|
+
getAction() {
|
|
188
|
+
return this.config.action;
|
|
189
|
+
}
|
|
190
|
+
/**
|
|
191
|
+
* Check if the detector is enabled
|
|
192
|
+
*/
|
|
193
|
+
isEnabled() {
|
|
194
|
+
return this.config.enabled;
|
|
195
|
+
}
|
|
196
|
+
/**
|
|
197
|
+
* Get the filter mode
|
|
198
|
+
*/
|
|
199
|
+
getMode() {
|
|
200
|
+
return this.config.mode;
|
|
201
|
+
}
|
|
202
|
+
}
|
|
203
|
+
/**
|
|
204
|
+
* Create a website detector from WebsiteRule configuration
|
|
205
|
+
*/
|
|
206
|
+
export function createWebsiteDetector(rule) {
|
|
207
|
+
const config = {
|
|
208
|
+
enabled: rule.enabled,
|
|
209
|
+
mode: rule.mode,
|
|
210
|
+
severity: rule.severity,
|
|
211
|
+
action: rule.action,
|
|
212
|
+
blocklist: rule.blocklist,
|
|
213
|
+
allowlist: rule.allowlist,
|
|
214
|
+
};
|
|
215
|
+
return new WebsiteDetectorImpl(config);
|
|
216
|
+
}
|
|
217
|
+
/**
|
|
218
|
+
* Create a website detector with default configuration
|
|
219
|
+
*/
|
|
220
|
+
export function createDefaultWebsiteDetector() {
|
|
221
|
+
return new WebsiteDetectorImpl({
|
|
222
|
+
enabled: true,
|
|
223
|
+
mode: 'blocklist',
|
|
224
|
+
severity: 'high',
|
|
225
|
+
action: 'block',
|
|
226
|
+
blocklist: [],
|
|
227
|
+
allowlist: [],
|
|
228
|
+
});
|
|
229
|
+
}
|
|
230
|
+
// Default export
|
|
231
|
+
export default WebsiteDetectorImpl;
|
|
232
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/detectors/website/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAQH,OAAO,EACL,aAAa,EACb,qBAAqB,EACrB,iBAAiB,GAClB,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EACL,cAAc,EACd,mBAAmB,EACnB,8BAA8B,GAC/B,MAAM,wBAAwB,CAAC;AAGhC,kBAAkB;AAClB,cAAc,YAAY,CAAC;AAE3B,sCAAsC;AACtC,OAAO,EACL,aAAa,EACb,qBAAqB,EACrB,iBAAiB,EACjB,kBAAkB,EAClB,WAAW,GACZ,MAAM,sBAAsB,CAAC;AAE9B,wCAAwC;AACxC,OAAO,EACL,cAAc,EACd,mBAAmB,EACnB,iBAAiB,EACjB,8BAA8B,GAC/B,MAAM,wBAAwB,CAAC;AAEhC;;GAEG;AACH,SAAS,WAAW,CAAC,QAAkB,EAAE,IAAgB;IACvD,OAAO;QACL,QAAQ,EAAE,KAAK;QACf,QAAQ,EAAE,SAAS;QACnB,QAAQ;QACR,UAAU,EAAE,CAAC;QACb,MAAM,EAAE,2BAA2B;QACnC,QAAQ,EAAE;YACR,IAAI;SACL;KACF,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,OAAO,mBAAmB;IACtB,MAAM,CAAwB;IAEtC,YAAY,MAA6B;QACvC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,OAAyB;QACpC,+BAA+B;QAC/B,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACzB,OAAO,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QAC7D,CAAC;QAED,2BAA2B;QAC3B,MAAM,GAAG,GAAG,qBAAqB,CAAC,OAAO,CAAC,CAAC;QAC3C,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,OAAO,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QAC7D,CAAC;QAED,0BAA0B;QAC1B,MAAM,MAAM,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC;QAClC,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QAC7D,CAAC;QAED,+EAA+E;QAC/E,MAAM,cAAc,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC;QAC9C,IAAI,cAAc,CAAC,QAAQ,IAAI,cAAc,CAAC,QAAQ,IAAI,mBAAmB,CAAC,cAAc,CAAC,QAAQ,CAAC,EAAE,CAAC;YACvG,OAAO;gBACL,QAAQ,EAAE,IAAI;gBACd,QAAQ,EAAE,SAAS;gBACnB,QAAQ,EAAE,UAAU,EAAE,2CAA2C;gBACjE,UAAU,EAAE,cAAc,CAAC,UAAU;gBACrC,MAAM,EAAE,YAAY,8BAA8B,CAAC,cAAc,CAAC,QAAQ,CAAC,WAAW;gBACtF,QAAQ,EAAE;oBACR,GAAG;oBACH,MAAM;oBACN,cAAc,EAAE,cAAc,CAAC,cAAc;oBAC7C,IAAI,EAAE,IAAI,CAAC,MAAM,CAAC,IAAI;oBACtB,eAAe,EAAE,cAAc,CAAC,QAAQ;iBACzC;aACF,CAAC;QACJ,CAAC;QAED,6BAA6B;QAC7B,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,WAAW,EAAE,CAAC;YACrC,OAAO,IAAI,CAAC,kBAAkB,CAAC,GAAG,EAAE,MAAM,EAAE,cAAc,CAAC,CAAC;QAC9D,CAAC;aAAM,CAAC;YACN,OAAO,IAAI,CAAC,kBAAkB,CAAC,GAAG,EAAE,MAAM,EAAE,cAAc,CAAC,CAAC;QAC9D,CAAC;IACH,CAAC;IAED;;OAEG;IACK,kBAAkB,CACxB,GAAW,EACX,MAAc,EACd,cAAiD;QAEjD,MAAM,SAAS,GAAG,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC;QAExC,0CAA0C;QAC1C,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC3B,OAAO;gBACL,QAAQ,EAAE,IAAI;gBACd,QAAQ,EAAE,SAAS;gBACnB,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ;gBAC9B,UAAU,EAAE,IAAI;gBAChB,MAAM,EAAE,oDAAoD;gBAC5D,QAAQ,EAAE;oBACR,GAAG;oBACH,MAAM;oBACN,IAAI,EAAE,WAAW;oBACjB,eAAe,EAAE,cAAc,CAAC,QAAQ;iBACzC;aACF,CAAC;QACJ,CAAC;QAED,kCAAkC;QAClC,MAAM,cAAc,GAAG,iBAAiB,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;QAE5D,IAAI,cAAc,CAAC,OAAO,EAAE,CAAC;YAC3B,oBAAoB;YACpB,OAAO;gBACL,QAAQ,EAAE,KAAK;gBACf,QAAQ,EAAE,SAAS;gBACnB,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ;gBAC9B,UAAU,EAAE,CAAC;gBACb,MAAM,EAAE,uBAAuB,MAAM,+BAA+B,cAAc,CAAC,OAAO,GAAG;gBAC7F,QAAQ,EAAE;oBACR,GAAG;oBACH,MAAM;oBACN,cAAc,EAAE,cAAc,CAAC,OAAO;oBACtC,IAAI,EAAE,WAAW;iBAClB;aACF,CAAC;QACJ,CAAC;QAED,wCAAwC;QACxC,IAAI,MAAM,GAAG,YAAY,MAAM,0BAA0B,CAAC;QAC1D,IAAI,cAAc,CAAC,QAAQ,IAAI,cAAc,CAAC,QAAQ,EAAE,CAAC;YACvD,MAAM,IAAI,iBAAiB,8BAA8B,CAAC,cAAc,CAAC,QAAQ,CAAC,GAAG,CAAC;QACxF,CAAC;QAED,OAAO;YACL,QAAQ,EAAE,IAAI;YACd,QAAQ,EAAE,SAAS;YACnB,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ;YAC9B,UAAU,EAAE,IAAI;YAChB,MAAM;YACN,QAAQ,EAAE;gBACR,GAAG;gBACH,MAAM;gBACN,IAAI,EAAE,WAAW;gBACjB,eAAe,EAAE,cAAc,CAAC,QAAQ;aACzC;SACF,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,kBAAkB,CACxB,GAAW,EACX,MAAc,EACd,cAAiD;QAEjD,MAAM,SAAS,GAAG,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC;QAExC,kCAAkC;QAClC,MAAM,cAAc,GAAG,iBAAiB,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;QAE5D,IAAI,cAAc,CAAC,OAAO,EAAE,CAAC;YAC3B,OAAO;gBACL,QAAQ,EAAE,IAAI;gBACd,QAAQ,EAAE,SAAS;gBACnB,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ;gBAC9B,UAAU,EAAE,cAAc,CAAC,UAAU;gBACrC,MAAM,EAAE,YAAY,MAAM,+BAA+B,cAAc,CAAC,OAAO,GAAG;gBAClF,QAAQ,EAAE;oBACR,GAAG;oBACH,MAAM;oBACN,cAAc,EAAE,cAAc,CAAC,OAAO;oBACtC,IAAI,EAAE,WAAW;oBACjB,eAAe,EAAE,cAAc,CAAC,QAAQ;iBACzC;aACF,CAAC;QACJ,CAAC;QAED,6EAA6E;QAC7E,IAAI,cAAc,CAAC,QAAQ,IAAI,cAAc,CAAC,QAAQ,EAAE,CAAC;YACvD,OAAO;gBACL,QAAQ,EAAE,IAAI;gBACd,QAAQ,EAAE,SAAS;gBACnB,QAAQ,EAAE,QAAQ,EAAE,wCAAwC;gBAC5D,UAAU,EAAE,cAAc,CAAC,UAAU;gBACrC,MAAM,EAAE,YAAY,8BAA8B,CAAC,cAAc,CAAC,QAAQ,CAAC,WAAW;gBACtF,QAAQ,EAAE;oBACR,GAAG;oBACH,MAAM;oBACN,cAAc,EAAE,cAAc,CAAC,cAAc;oBAC7C,IAAI,EAAE,WAAW;oBACjB,eAAe,EAAE,cAAc,CAAC,QAAQ;iBACzC;aACF,CAAC;QACJ,CAAC;QAED,gEAAgE;QAChE,OAAO,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IAC7D,CAAC;IAED;;OAEG;IACH,SAAS;QACP,OAAO,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC;IAC5B,CAAC;IAED;;OAEG;IACH,SAAS;QACP,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC;IAC7B,CAAC;IAED;;OAEG;IACH,OAAO;QACL,OAAO,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC;IAC1B,CAAC;CACF;AAED;;GAEG;AACH,MAAM,UAAU,qBAAqB,CAAC,IAAiB;IACrD,MAAM,MAAM,GAA0B;QACpC,OAAO,EAAE,IAAI,CAAC,OAAO;QACrB,IAAI,EAAE,IAAI,CAAC,IAAI;QACf,QAAQ,EAAE,IAAI,CAAC,QAAQ;QACvB,MAAM,EAAE,IAAI,CAAC,MAAM;QACnB,SAAS,EAAE,IAAI,CAAC,SAAS;QACzB,SAAS,EAAE,IAAI,CAAC,SAAS;KAC1B,CAAC;IAEF,OAAO,IAAI,mBAAmB,CAAC,MAAM,CAAC,CAAC;AACzC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,4BAA4B;IAC1C,OAAO,IAAI,mBAAmB,CAAC;QAC7B,OAAO,EAAE,IAAI;QACb,IAAI,EAAE,WAAW;QACjB,QAAQ,EAAE,MAAM;QAChB,MAAM,EAAE,OAAO;QACf,SAAS,EAAE,EAAE;QACb,SAAS,EAAE,EAAE;KACd,CAAC,CAAC;AACL,CAAC;AAED,iBAAiB;AACjB,eAAe,mBAAmB,CAAC"}
|
|
@@ -0,0 +1,33 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Pattern Matcher
|
|
3
|
+
* Glob pattern matching for domains with support for * and ** wildcards
|
|
4
|
+
*/
|
|
5
|
+
import type { PatternMatchResult } from './types.js';
|
|
6
|
+
/**
|
|
7
|
+
* Extract domain from URL
|
|
8
|
+
*/
|
|
9
|
+
export declare function extractDomain(url: string): string | null;
|
|
10
|
+
/**
|
|
11
|
+
* Convert glob pattern to regex
|
|
12
|
+
* Supports:
|
|
13
|
+
* - * matches any sequence of characters except dots (single segment)
|
|
14
|
+
* - ** matches any sequence of characters including dots (multiple segments)
|
|
15
|
+
* - ? matches any single character
|
|
16
|
+
*/
|
|
17
|
+
export declare function globToRegex(pattern: string): RegExp;
|
|
18
|
+
/**
|
|
19
|
+
* Check if domain matches a glob pattern
|
|
20
|
+
*/
|
|
21
|
+
export declare function matchesGlobPattern(domain: string, pattern: string): boolean;
|
|
22
|
+
/**
|
|
23
|
+
* Check if domain matches any pattern in a list
|
|
24
|
+
*/
|
|
25
|
+
export declare function matchesAnyPattern(domain: string, patterns: string[]): PatternMatchResult;
|
|
26
|
+
/**
|
|
27
|
+
* Extract URL from detection context
|
|
28
|
+
*/
|
|
29
|
+
export declare function extractUrlFromContext(context: {
|
|
30
|
+
url?: string;
|
|
31
|
+
toolInput: Record<string, unknown>;
|
|
32
|
+
}): string | null;
|
|
33
|
+
//# sourceMappingURL=pattern-matcher.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"pattern-matcher.d.ts","sourceRoot":"","sources":["../../../../src/detectors/website/pattern-matcher.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,YAAY,CAAC;AAErD;;GAEG;AACH,wBAAgB,aAAa,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAYxD;AAED;;;;;;GAMG;AACH,wBAAgB,WAAW,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,CAqBnD;AAED;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAG3E;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,kBAAkB,CAmCxF;AAED;;GAEG;AACH,wBAAgB,qBAAqB,CAAC,OAAO,EAAE;IAC7C,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;CACnC,GAAG,MAAM,GAAG,IAAI,CAsChB"}
|
|
@@ -0,0 +1,121 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Pattern Matcher
|
|
3
|
+
* Glob pattern matching for domains with support for * and ** wildcards
|
|
4
|
+
*/
|
|
5
|
+
/**
|
|
6
|
+
* Extract domain from URL
|
|
7
|
+
*/
|
|
8
|
+
export function extractDomain(url) {
|
|
9
|
+
try {
|
|
10
|
+
// Handle URLs without protocol
|
|
11
|
+
let normalizedUrl = url;
|
|
12
|
+
if (!url.includes('://')) {
|
|
13
|
+
normalizedUrl = 'https://' + url;
|
|
14
|
+
}
|
|
15
|
+
const parsed = new URL(normalizedUrl);
|
|
16
|
+
return parsed.hostname.toLowerCase();
|
|
17
|
+
}
|
|
18
|
+
catch {
|
|
19
|
+
return null;
|
|
20
|
+
}
|
|
21
|
+
}
|
|
22
|
+
/**
|
|
23
|
+
* Convert glob pattern to regex
|
|
24
|
+
* Supports:
|
|
25
|
+
* - * matches any sequence of characters except dots (single segment)
|
|
26
|
+
* - ** matches any sequence of characters including dots (multiple segments)
|
|
27
|
+
* - ? matches any single character
|
|
28
|
+
*/
|
|
29
|
+
export function globToRegex(pattern) {
|
|
30
|
+
// Escape special regex characters except *, ?, and **
|
|
31
|
+
let regex = pattern.toLowerCase();
|
|
32
|
+
// First, handle ** (matches anything including dots)
|
|
33
|
+
// Use a placeholder to preserve ** before processing single *
|
|
34
|
+
regex = regex.replace(/\*\*/g, '<<<DOUBLE_STAR>>>');
|
|
35
|
+
// Escape special regex characters
|
|
36
|
+
regex = regex.replace(/[.+^${}()|[\]\\]/g, '\\$&');
|
|
37
|
+
// Convert single * to match anything except dots (single segment)
|
|
38
|
+
regex = regex.replace(/\*/g, '[^.]*');
|
|
39
|
+
// Convert ** placeholder back to match anything including dots
|
|
40
|
+
regex = regex.replace(/<<<DOUBLE_STAR>>>/g, '.*');
|
|
41
|
+
// Convert ? to match any single character
|
|
42
|
+
regex = regex.replace(/\?/g, '.');
|
|
43
|
+
return new RegExp(`^${regex}$`, 'i');
|
|
44
|
+
}
|
|
45
|
+
/**
|
|
46
|
+
* Check if domain matches a glob pattern
|
|
47
|
+
*/
|
|
48
|
+
export function matchesGlobPattern(domain, pattern) {
|
|
49
|
+
const regex = globToRegex(pattern);
|
|
50
|
+
return regex.test(domain.toLowerCase());
|
|
51
|
+
}
|
|
52
|
+
/**
|
|
53
|
+
* Check if domain matches any pattern in a list
|
|
54
|
+
*/
|
|
55
|
+
export function matchesAnyPattern(domain, patterns) {
|
|
56
|
+
const domainLower = domain.toLowerCase();
|
|
57
|
+
for (const pattern of patterns) {
|
|
58
|
+
const patternLower = pattern.toLowerCase();
|
|
59
|
+
// Check for exact match first (highest confidence)
|
|
60
|
+
if (domainLower === patternLower) {
|
|
61
|
+
return {
|
|
62
|
+
matched: true,
|
|
63
|
+
domain: domainLower,
|
|
64
|
+
pattern: pattern,
|
|
65
|
+
matchType: 'exact',
|
|
66
|
+
confidence: 0.99,
|
|
67
|
+
};
|
|
68
|
+
}
|
|
69
|
+
// Check glob pattern match
|
|
70
|
+
if (pattern.includes('*') || pattern.includes('?')) {
|
|
71
|
+
if (matchesGlobPattern(domainLower, patternLower)) {
|
|
72
|
+
return {
|
|
73
|
+
matched: true,
|
|
74
|
+
domain: domainLower,
|
|
75
|
+
pattern: pattern,
|
|
76
|
+
matchType: 'glob',
|
|
77
|
+
confidence: 0.95,
|
|
78
|
+
};
|
|
79
|
+
}
|
|
80
|
+
}
|
|
81
|
+
}
|
|
82
|
+
return {
|
|
83
|
+
matched: false,
|
|
84
|
+
confidence: 0,
|
|
85
|
+
};
|
|
86
|
+
}
|
|
87
|
+
/**
|
|
88
|
+
* Extract URL from detection context
|
|
89
|
+
*/
|
|
90
|
+
export function extractUrlFromContext(context) {
|
|
91
|
+
// Direct URL in context
|
|
92
|
+
if (context.url) {
|
|
93
|
+
return context.url;
|
|
94
|
+
}
|
|
95
|
+
// Check common tool input patterns
|
|
96
|
+
const input = context.toolInput;
|
|
97
|
+
// Browser navigation tools
|
|
98
|
+
if (typeof input.url === 'string') {
|
|
99
|
+
return input.url;
|
|
100
|
+
}
|
|
101
|
+
// Some tools use href
|
|
102
|
+
if (typeof input.href === 'string') {
|
|
103
|
+
return input.href;
|
|
104
|
+
}
|
|
105
|
+
// Check for URLs in link/target fields
|
|
106
|
+
if (typeof input.link === 'string') {
|
|
107
|
+
return input.link;
|
|
108
|
+
}
|
|
109
|
+
if (typeof input.target === 'string' && input.target.includes('://')) {
|
|
110
|
+
return input.target;
|
|
111
|
+
}
|
|
112
|
+
// Check for URLs in src/source fields (for fetch/request tools)
|
|
113
|
+
if (typeof input.src === 'string') {
|
|
114
|
+
return input.src;
|
|
115
|
+
}
|
|
116
|
+
if (typeof input.source === 'string' && input.source.includes('://')) {
|
|
117
|
+
return input.source;
|
|
118
|
+
}
|
|
119
|
+
return null;
|
|
120
|
+
}
|
|
121
|
+
//# sourceMappingURL=pattern-matcher.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"pattern-matcher.js","sourceRoot":"","sources":["../../../../src/detectors/website/pattern-matcher.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAIH;;GAEG;AACH,MAAM,UAAU,aAAa,CAAC,GAAW;IACvC,IAAI,CAAC;QACH,+BAA+B;QAC/B,IAAI,aAAa,GAAG,GAAG,CAAC;QACxB,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;YACzB,aAAa,GAAG,UAAU,GAAG,GAAG,CAAC;QACnC,CAAC;QACD,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,aAAa,CAAC,CAAC;QACtC,OAAO,MAAM,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC;IACvC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,WAAW,CAAC,OAAe;IACzC,sDAAsD;IACtD,IAAI,KAAK,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC;IAElC,qDAAqD;IACrD,8DAA8D;IAC9D,KAAK,GAAG,KAAK,CAAC,OAAO,CAAC,OAAO,EAAE,mBAAmB,CAAC,CAAC;IAEpD,kCAAkC;IAClC,KAAK,GAAG,KAAK,CAAC,OAAO,CAAC,mBAAmB,EAAE,MAAM,CAAC,CAAC;IAEnD,kEAAkE;IAClE,KAAK,GAAG,KAAK,CAAC,OAAO,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;IAEtC,+DAA+D;IAC/D,KAAK,GAAG,KAAK,CAAC,OAAO,CAAC,oBAAoB,EAAE,IAAI,CAAC,CAAC;IAElD,0CAA0C;IAC1C,KAAK,GAAG,KAAK,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;IAElC,OAAO,IAAI,MAAM,CAAC,IAAI,KAAK,GAAG,EAAE,GAAG,CAAC,CAAC;AACvC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,kBAAkB,CAAC,MAAc,EAAE,OAAe;IAChE,MAAM,KAAK,GAAG,WAAW,CAAC,OAAO,CAAC,CAAC;IACnC,OAAO,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC,CAAC;AAC1C,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAAC,MAAc,EAAE,QAAkB;IAClE,MAAM,WAAW,GAAG,MAAM,CAAC,WAAW,EAAE,CAAC;IAEzC,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,MAAM,YAAY,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC;QAE3C,mDAAmD;QACnD,IAAI,WAAW,KAAK,YAAY,EAAE,CAAC;YACjC,OAAO;gBACL,OAAO,EAAE,IAAI;gBACb,MAAM,EAAE,WAAW;gBACnB,OAAO,EAAE,OAAO;gBAChB,SAAS,EAAE,OAAO;gBAClB,UAAU,EAAE,IAAI;aACjB,CAAC;QACJ,CAAC;QAED,2BAA2B;QAC3B,IAAI,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YACnD,IAAI,kBAAkB,CAAC,WAAW,EAAE,YAAY,CAAC,EAAE,CAAC;gBAClD,OAAO;oBACL,OAAO,EAAE,IAAI;oBACb,MAAM,EAAE,WAAW;oBACnB,OAAO,EAAE,OAAO;oBAChB,SAAS,EAAE,MAAM;oBACjB,UAAU,EAAE,IAAI;iBACjB,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO;QACL,OAAO,EAAE,KAAK;QACd,UAAU,EAAE,CAAC;KACd,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,qBAAqB,CAAC,OAGrC;IACC,wBAAwB;IACxB,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;QAChB,OAAO,OAAO,CAAC,GAAG,CAAC;IACrB,CAAC;IAED,mCAAmC;IACnC,MAAM,KAAK,GAAG,OAAO,CAAC,SAAS,CAAC;IAEhC,2BAA2B;IAC3B,IAAI,OAAO,KAAK,CAAC,GAAG,KAAK,QAAQ,EAAE,CAAC;QAClC,OAAO,KAAK,CAAC,GAAG,CAAC;IACnB,CAAC;IAED,sBAAsB;IACtB,IAAI,OAAO,KAAK,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;QACnC,OAAO,KAAK,CAAC,IAAI,CAAC;IACpB,CAAC;IAED,uCAAuC;IACvC,IAAI,OAAO,KAAK,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;QACnC,OAAO,KAAK,CAAC,IAAI,CAAC;IACpB,CAAC;IAED,IAAI,OAAO,KAAK,CAAC,MAAM,KAAK,QAAQ,IAAI,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;QACrE,OAAO,KAAK,CAAC,MAAM,CAAC;IACtB,CAAC;IAED,gEAAgE;IAChE,IAAI,OAAO,KAAK,CAAC,GAAG,KAAK,QAAQ,EAAE,CAAC;QAClC,OAAO,KAAK,CAAC,GAAG,CAAC;IACnB,CAAC;IAED,IAAI,OAAO,KAAK,CAAC,MAAM,KAAK,QAAQ,IAAI,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;QACrE,OAAO,KAAK,CAAC,MAAM,CAAC;IACtB,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC"}
|
|
@@ -0,0 +1,105 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Website Detector Types
|
|
3
|
+
* Type definitions for the website access control system
|
|
4
|
+
*/
|
|
5
|
+
import type { Severity, Action, FilterMode } from '../../config/index.js';
|
|
6
|
+
/**
|
|
7
|
+
* Detection context passed to detectors
|
|
8
|
+
*/
|
|
9
|
+
export interface DetectionContext {
|
|
10
|
+
/** Name of the tool being invoked */
|
|
11
|
+
toolName: string;
|
|
12
|
+
/** Input parameters to the tool */
|
|
13
|
+
toolInput: Record<string, unknown>;
|
|
14
|
+
/** URL being accessed (for browser/navigation tools) */
|
|
15
|
+
url?: string;
|
|
16
|
+
}
|
|
17
|
+
/**
|
|
18
|
+
* Website categories for additional detection
|
|
19
|
+
*/
|
|
20
|
+
export type WebsiteCategory = 'malware' | 'phishing' | 'gambling' | 'adult' | 'unknown';
|
|
21
|
+
/**
|
|
22
|
+
* Result of a website detection operation
|
|
23
|
+
*/
|
|
24
|
+
export interface WebsiteDetectionResult {
|
|
25
|
+
/** Whether the website should be blocked/warned */
|
|
26
|
+
detected: boolean;
|
|
27
|
+
/** Category of the detection */
|
|
28
|
+
category: 'website';
|
|
29
|
+
/** Severity level of the detection */
|
|
30
|
+
severity: Severity;
|
|
31
|
+
/** Confidence score from 0 to 1 */
|
|
32
|
+
confidence: number;
|
|
33
|
+
/** Human-readable reason for the detection */
|
|
34
|
+
reason: string;
|
|
35
|
+
/** Additional metadata about the detection */
|
|
36
|
+
metadata?: {
|
|
37
|
+
/** URL that triggered the detection */
|
|
38
|
+
url?: string;
|
|
39
|
+
/** Domain that triggered the detection */
|
|
40
|
+
domain?: string;
|
|
41
|
+
/** Pattern that matched */
|
|
42
|
+
matchedPattern?: string;
|
|
43
|
+
/** Filter mode that was used */
|
|
44
|
+
mode: FilterMode;
|
|
45
|
+
/** Detected website category (malware, phishing, etc.) */
|
|
46
|
+
websiteCategory?: WebsiteCategory;
|
|
47
|
+
};
|
|
48
|
+
}
|
|
49
|
+
/**
|
|
50
|
+
* Configuration for the website detector
|
|
51
|
+
*/
|
|
52
|
+
export interface WebsiteDetectorConfig {
|
|
53
|
+
/** Whether the detector is enabled */
|
|
54
|
+
enabled: boolean;
|
|
55
|
+
/** Mode for website filtering */
|
|
56
|
+
mode: FilterMode;
|
|
57
|
+
/** Severity level to assign to detections */
|
|
58
|
+
severity: Severity;
|
|
59
|
+
/** Action to take when website is blocked */
|
|
60
|
+
action: Action;
|
|
61
|
+
/** Websites to block (supports glob patterns) */
|
|
62
|
+
blocklist: string[];
|
|
63
|
+
/** Websites to allow (supports glob patterns) */
|
|
64
|
+
allowlist: string[];
|
|
65
|
+
}
|
|
66
|
+
/**
|
|
67
|
+
* Interface for the main website detector
|
|
68
|
+
*/
|
|
69
|
+
export interface WebsiteDetector {
|
|
70
|
+
/**
|
|
71
|
+
* Detect website access violations
|
|
72
|
+
* @param context Detection context with tool information
|
|
73
|
+
* @returns Detection result
|
|
74
|
+
*/
|
|
75
|
+
detect(context: DetectionContext): Promise<WebsiteDetectionResult>;
|
|
76
|
+
}
|
|
77
|
+
/**
|
|
78
|
+
* Pattern match result with confidence
|
|
79
|
+
*/
|
|
80
|
+
export interface PatternMatchResult {
|
|
81
|
+
/** Whether a match was found */
|
|
82
|
+
matched: boolean;
|
|
83
|
+
/** The domain that matched */
|
|
84
|
+
domain?: string;
|
|
85
|
+
/** The pattern that matched */
|
|
86
|
+
pattern?: string;
|
|
87
|
+
/** Match type */
|
|
88
|
+
matchType?: 'exact' | 'glob';
|
|
89
|
+
/** Confidence score */
|
|
90
|
+
confidence: number;
|
|
91
|
+
}
|
|
92
|
+
/**
|
|
93
|
+
* Category detection result
|
|
94
|
+
*/
|
|
95
|
+
export interface CategoryDetectionResult {
|
|
96
|
+
/** Whether a category was detected */
|
|
97
|
+
detected: boolean;
|
|
98
|
+
/** The detected category */
|
|
99
|
+
category?: WebsiteCategory;
|
|
100
|
+
/** The pattern that matched */
|
|
101
|
+
matchedPattern?: string;
|
|
102
|
+
/** Confidence score */
|
|
103
|
+
confidence: number;
|
|
104
|
+
}
|
|
105
|
+
//# sourceMappingURL=types.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../../src/detectors/website/types.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAC;AAE1E;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,qCAAqC;IACrC,QAAQ,EAAE,MAAM,CAAC;IACjB,mCAAmC;IACnC,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACnC,wDAAwD;IACxD,GAAG,CAAC,EAAE,MAAM,CAAC;CACd;AAED;;GAEG;AACH,MAAM,MAAM,eAAe,GAAG,SAAS,GAAG,UAAU,GAAG,UAAU,GAAG,OAAO,GAAG,SAAS,CAAC;AAExF;;GAEG;AACH,MAAM,WAAW,sBAAsB;IACrC,mDAAmD;IACnD,QAAQ,EAAE,OAAO,CAAC;IAClB,gCAAgC;IAChC,QAAQ,EAAE,SAAS,CAAC;IACpB,sCAAsC;IACtC,QAAQ,EAAE,QAAQ,CAAC;IACnB,mCAAmC;IACnC,UAAU,EAAE,MAAM,CAAC;IACnB,8CAA8C;IAC9C,MAAM,EAAE,MAAM,CAAC;IACf,8CAA8C;IAC9C,QAAQ,CAAC,EAAE;QACT,uCAAuC;QACvC,GAAG,CAAC,EAAE,MAAM,CAAC;QACb,0CAA0C;QAC1C,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,2BAA2B;QAC3B,cAAc,CAAC,EAAE,MAAM,CAAC;QACxB,gCAAgC;QAChC,IAAI,EAAE,UAAU,CAAC;QACjB,0DAA0D;QAC1D,eAAe,CAAC,EAAE,eAAe,CAAC;KACnC,CAAC;CACH;AAED;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC,sCAAsC;IACtC,OAAO,EAAE,OAAO,CAAC;IACjB,iCAAiC;IACjC,IAAI,EAAE,UAAU,CAAC;IACjB,6CAA6C;IAC7C,QAAQ,EAAE,QAAQ,CAAC;IACnB,6CAA6C;IAC7C,MAAM,EAAE,MAAM,CAAC;IACf,iDAAiD;IACjD,SAAS,EAAE,MAAM,EAAE,CAAC;IACpB,iDAAiD;IACjD,SAAS,EAAE,MAAM,EAAE,CAAC;CACrB;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B;;;;OAIG;IACH,MAAM,CAAC,OAAO,EAAE,gBAAgB,GAAG,OAAO,CAAC,sBAAsB,CAAC,CAAC;CACpE;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,gCAAgC;IAChC,OAAO,EAAE,OAAO,CAAC;IACjB,8BAA8B;IAC9B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,+BAA+B;IAC/B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,iBAAiB;IACjB,SAAS,CAAC,EAAE,OAAO,GAAG,MAAM,CAAC;IAC7B,uBAAuB;IACvB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,uBAAuB;IACtC,sCAAsC;IACtC,QAAQ,EAAE,OAAO,CAAC;IAClB,4BAA4B;IAC5B,QAAQ,CAAC,EAAE,eAAe,CAAC;IAC3B,+BAA+B;IAC/B,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,uBAAuB;IACvB,UAAU,EAAE,MAAM,CAAC;CACpB"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../../src/detectors/website/types.ts"],"names":[],"mappings":"AAAA;;;GAGG"}
|
|
@@ -0,0 +1,87 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Hybrid Detection Engine Analyzer
|
|
3
|
+
* Main engine that orchestrates all 5 detectors and produces unified results
|
|
4
|
+
*
|
|
5
|
+
* Architecture:
|
|
6
|
+
* Tool Call -> Pattern Matching (≤5ms) -> BLOCK/ALLOW
|
|
7
|
+
* |
|
|
8
|
+
* ambiguous -------------+
|
|
9
|
+
* |
|
|
10
|
+
* v
|
|
11
|
+
* LLM Analysis (~500ms) -> BLOCK/CONFIRM
|
|
12
|
+
*/
|
|
13
|
+
import type { Analyzer, AnalyzerConfig, AnalysisResult, Detection, ToolCallContext, ThreatCategory } from './types.js';
|
|
14
|
+
import type { ClawsecConfig } from '../config/index.js';
|
|
15
|
+
/**
|
|
16
|
+
* Main hybrid detection engine implementation
|
|
17
|
+
*/
|
|
18
|
+
export declare class HybridAnalyzer implements Analyzer {
|
|
19
|
+
private config;
|
|
20
|
+
private cache;
|
|
21
|
+
private cacheEnabled;
|
|
22
|
+
private cacheTtlMs;
|
|
23
|
+
private llmClient?;
|
|
24
|
+
private purchaseDetector;
|
|
25
|
+
private websiteDetector;
|
|
26
|
+
private destructiveDetector;
|
|
27
|
+
private secretsDetector;
|
|
28
|
+
private exfiltrationDetector;
|
|
29
|
+
constructor(analyzerConfig: AnalyzerConfig);
|
|
30
|
+
/**
|
|
31
|
+
* Analyze a tool call and return the result
|
|
32
|
+
*/
|
|
33
|
+
analyze(context: ToolCallContext): Promise<AnalysisResult>;
|
|
34
|
+
/**
|
|
35
|
+
* Clear the detection cache
|
|
36
|
+
*/
|
|
37
|
+
clearCache(): void;
|
|
38
|
+
/**
|
|
39
|
+
* Get cache statistics
|
|
40
|
+
*/
|
|
41
|
+
getCacheStats(): {
|
|
42
|
+
size: number;
|
|
43
|
+
enabled: boolean;
|
|
44
|
+
};
|
|
45
|
+
/**
|
|
46
|
+
* Run purchase detector if enabled
|
|
47
|
+
*/
|
|
48
|
+
private runPurchaseDetector;
|
|
49
|
+
/**
|
|
50
|
+
* Run website detector if enabled
|
|
51
|
+
*/
|
|
52
|
+
private runWebsiteDetector;
|
|
53
|
+
/**
|
|
54
|
+
* Run destructive detector if enabled
|
|
55
|
+
*/
|
|
56
|
+
private runDestructiveDetector;
|
|
57
|
+
/**
|
|
58
|
+
* Run secrets detector if enabled
|
|
59
|
+
*/
|
|
60
|
+
private runSecretsDetector;
|
|
61
|
+
/**
|
|
62
|
+
* Run exfiltration detector if enabled
|
|
63
|
+
*/
|
|
64
|
+
private runExfiltrationDetector;
|
|
65
|
+
/**
|
|
66
|
+
* Create a no-detection result for disabled detectors
|
|
67
|
+
*/
|
|
68
|
+
private createNoDetection;
|
|
69
|
+
/**
|
|
70
|
+
* Perform LLM analysis on an ambiguous detection
|
|
71
|
+
*/
|
|
72
|
+
private performLLMAnalysis;
|
|
73
|
+
/**
|
|
74
|
+
* Adjust the action based on LLM analysis result
|
|
75
|
+
*/
|
|
76
|
+
private adjustActionFromLLM;
|
|
77
|
+
}
|
|
78
|
+
/**
|
|
79
|
+
* Create an analyzer from configuration
|
|
80
|
+
*/
|
|
81
|
+
export declare function createAnalyzer(config: ClawsecConfig, options?: Partial<AnalyzerConfig>): Analyzer;
|
|
82
|
+
/**
|
|
83
|
+
* Create an analyzer with default configuration
|
|
84
|
+
*/
|
|
85
|
+
export declare function createDefaultAnalyzer(): Analyzer;
|
|
86
|
+
export type { Analyzer, AnalyzerConfig, AnalysisResult, Detection, ToolCallContext, ThreatCategory };
|
|
87
|
+
//# sourceMappingURL=analyzer.d.ts.map
|