clawsec 0.0.1

package/dist/src/hooks/tool-result-persist/filter.js

@@ -0,0 +1,305 @@
+/**
+ * Output Filtering Logic for Tool Result Persist Hook
+ *
+ * Scans tool outputs for secrets/PII and redacts sensitive data
+ * before it's persisted.
+ */
+/**
+ * Common secret patterns for direct text scanning
+ * These are simplified patterns - the main detection is done by the secrets detector
+ */
+const SECRET_PATTERNS = [
+    // OpenAI API keys
+    {
+        pattern: /sk-[a-zA-Z0-9]{20,}/g,
+        type: 'openai-api-key',
+        description: 'OpenAI API key',
+    },
+    // Anthropic API keys
+    {
+        pattern: /sk-ant-[a-zA-Z0-9-]{20,}/g,
+        type: 'anthropic-api-key',
+        description: 'Anthropic API key',
+    },
+    // AWS Access Key ID
+    {
+        pattern: /AKIA[0-9A-Z]{16}/g,
+        type: 'aws-access-key',
+        description: 'AWS access key ID',
+    },
+    // AWS Secret Access Key (context-based)
+    {
+        pattern: /(?:aws[_-]?secret[_-]?access[_-]?key|secret[_-]?key)\s*[:=]\s*['"]?([A-Za-z0-9/+=]{40})['"]?/gi,
+        type: 'aws-secret-key',
+        description: 'AWS secret access key',
+    },
+    // GitHub tokens
+    {
+        pattern: /gh[pous]_[a-zA-Z0-9]{36,}/g,
+        type: 'github-token',
+        description: 'GitHub token',
+    },
+    // GitHub classic tokens
+    {
+        pattern: /ghp_[a-zA-Z0-9]{36}/g,
+        type: 'github-pat',
+        description: 'GitHub personal access token',
+    },
+    // Stripe API keys
+    {
+        pattern: /sk_live_[a-zA-Z0-9]{24,}/g,
+        type: 'stripe-api-key',
+        description: 'Stripe live API key',
+    },
+    {
+        pattern: /sk_test_[a-zA-Z0-9]{24,}/g,
+        type: 'stripe-test-key',
+        description: 'Stripe test API key',
+    },
+    // Slack tokens
+    {
+        pattern: /xox[baprs]-[0-9]{10,}-[0-9]{10,}-[a-zA-Z0-9]{24,}/g,
+        type: 'slack-token',
+        description: 'Slack token',
+    },
+    // Google API keys
+    {
+        pattern: /AIza[0-9A-Za-z_-]{35}/g,
+        type: 'google-api-key',
+        description: 'Google API key',
+    },
+    // JWT tokens
+    {
+        pattern: /eyJ[a-zA-Z0-9_-]*\.eyJ[a-zA-Z0-9_-]*\.[a-zA-Z0-9_-]*/g,
+        type: 'jwt',
+        description: 'JWT token',
+    },
+    // Bearer tokens
+    {
+        pattern: /Bearer\s+[a-zA-Z0-9_-]{20,}/gi,
+        type: 'bearer-token',
+        description: 'Bearer token',
+    },
+    // SSN (Social Security Number)
+    {
+        pattern: /\b\d{3}-\d{2}-\d{4}\b/g,
+        type: 'ssn',
+        description: 'Social Security Number',
+    },
+    // Credit card numbers (basic patterns)
+    {
+        pattern: /\b4[0-9]{3}[- ]?[0-9]{4}[- ]?[0-9]{4}[- ]?[0-9]{4}\b/g,
+        type: 'credit-card',
+        description: 'Credit card number (Visa)',
+    },
+    {
+        pattern: /\b5[1-5][0-9]{2}[- ]?[0-9]{4}[- ]?[0-9]{4}[- ]?[0-9]{4}\b/g,
+        type: 'credit-card',
+        description: 'Credit card number (Mastercard)',
+    },
+    {
+        pattern: /\b3[47][0-9]{2}[- ]?[0-9]{6}[- ]?[0-9]{5}\b/g,
+        type: 'credit-card',
+        description: 'Credit card number (Amex)',
+    },
+    // Private keys
+    {
+        pattern: /-----BEGIN (?:RSA |DSA |EC |OPENSSH )?PRIVATE KEY-----[\s\S]*?-----END (?:RSA |DSA |EC |OPENSSH )?PRIVATE KEY-----/g,
+        type: 'private-key',
+        description: 'Private key',
+    },
+    // Generic API key patterns
+    {
+        pattern: /(?:api[_-]?key|apikey)\s*[:=]\s*['"]?([a-zA-Z0-9_-]{20,})['"]?/gi,
+        type: 'generic-api-key',
+        description: 'Generic API key',
+    },
+    // Generic secret/password patterns
+    {
+        pattern: /(?:password|passwd|pwd|secret)\s*[:=]\s*['"]?([^\s'"]{8,})['"]?/gi,
+        type: 'password',
+        description: 'Password or secret',
+    },
+];
+/**
+ * Redact a single string value using pattern matching
+ *
+ * @param text - The text to scan and redact
+ * @returns FilterResult with redacted text and list of redactions
+ */
+export function redactString(text) {
+    const redactions = [];
+    let filteredText = text;
+    // Track which redactions we've already recorded to avoid duplicates
+    const recordedTypes = new Set();
+    for (const secretPattern of SECRET_PATTERNS) {
+        // Reset the pattern's lastIndex in case it was used before
+        secretPattern.pattern.lastIndex = 0;
+        // Check if pattern matches
+        const matches = filteredText.match(secretPattern.pattern);
+        if (matches && matches.length > 0) {
+            // Replace all matches
+            filteredText = filteredText.replace(secretPattern.pattern, `[REDACTED:${secretPattern.type}]`);
+            // Record the redaction (only once per type)
+            if (!recordedTypes.has(secretPattern.type)) {
+                redactions.push({
+                    type: secretPattern.type,
+                    description: secretPattern.description,
+                });
+                recordedTypes.add(secretPattern.type);
+            }
+        }
+    }
+    return {
+        filteredOutput: filteredText,
+        redactions,
+        wasRedacted: redactions.length > 0,
+    };
+}
+/**
+ * Recursively filter an object, redacting secrets in string values
+ *
+ * @param obj - The object to filter
+ * @returns FilterResult with filtered object and aggregated redactions
+ */
+export function redactObject(obj) {
+    const redactions = [];
+    const recordedTypes = new Set();
+    const filtered = {};
+    for (const [key, value] of Object.entries(obj)) {
+        const result = filterValue(value);
+        filtered[key] = result.filteredOutput;
+        // Aggregate redactions (avoiding duplicates)
+        for (const redaction of result.redactions) {
+            if (!recordedTypes.has(redaction.type)) {
+                redactions.push(redaction);
+                recordedTypes.add(redaction.type);
+            }
+        }
+    }
+    return {
+        filteredOutput: filtered,
+        redactions,
+        wasRedacted: redactions.length > 0,
+    };
+}
+/**
+ * Recursively filter an array, redacting secrets in string values
+ *
+ * @param arr - The array to filter
+ * @returns FilterResult with filtered array and aggregated redactions
+ */
+export function redactArray(arr) {
+    const redactions = [];
+    const recordedTypes = new Set();
+    const filtered = [];
+    for (const item of arr) {
+        const result = filterValue(item);
+        filtered.push(result.filteredOutput);
+        // Aggregate redactions (avoiding duplicates)
+        for (const redaction of result.redactions) {
+            if (!recordedTypes.has(redaction.type)) {
+                redactions.push(redaction);
+                recordedTypes.add(redaction.type);
+            }
+        }
+    }
+    return {
+        filteredOutput: filtered,
+        redactions,
+        wasRedacted: redactions.length > 0,
+    };
+}
+/**
+ * Filter any value, dispatching to the appropriate handler based on type
+ *
+ * @param value - The value to filter (can be any type)
+ * @returns FilterResult with filtered value and redactions
+ */
+export function filterValue(value) {
+    // Handle null/undefined
+    if (value === null || value === undefined) {
+        return {
+            filteredOutput: value,
+            redactions: [],
+            wasRedacted: false,
+        };
+    }
+    // Handle strings
+    if (typeof value === 'string') {
+        return redactString(value);
+    }
+    // Handle arrays
+    if (Array.isArray(value)) {
+        return redactArray(value);
+    }
+    // Handle objects
+    if (typeof value === 'object') {
+        return redactObject(value);
+    }
+    // Pass through primitives (numbers, booleans, etc.)
+    return {
+        filteredOutput: value,
+        redactions: [],
+        wasRedacted: false,
+    };
+}
+/**
+ * Convert secrets detection results to redactions
+ *
+ * @param detections - Array of detection results from the secrets detector
+ * @returns Array of redactions based on the detections
+ */
+export function detectionsToRedactions(detections) {
+    const redactions = [];
+    const recordedTypes = new Set();
+    for (const detection of detections) {
+        if (!detection.detected || !detection.metadata) {
+            continue;
+        }
+        // Build type string from metadata
+        let type = detection.metadata.type;
+        if (detection.metadata.provider) {
+            type = `${detection.metadata.provider}-${type}`;
+        }
+        else if (detection.metadata.subtype) {
+            type = detection.metadata.subtype;
+        }
+        // Avoid duplicate redaction entries
+        if (!recordedTypes.has(type)) {
+            redactions.push({
+                type,
+                description: detection.reason,
+            });
+            recordedTypes.add(type);
+        }
+    }
+    return redactions;
+}
+/**
+ * Main filter function that combines pattern-based filtering
+ * with detection-based redaction info
+ *
+ * @param output - The tool output to filter
+ * @param detections - Optional array of detection results for more accurate redaction types
+ * @returns FilterResult with filtered output and redactions
+ */
+export function filterOutput(output, detections) {
+    // Filter the output using pattern matching
+    const filterResult = filterValue(output);
+    // If we have detections, enhance redaction list with more specific types
+    if (detections && detections.length > 0) {
+        const detectionRedactions = detectionsToRedactions(detections);
+        // Merge detection-based redactions with pattern-based redactions
+        // Detection-based are more authoritative
+        const recordedTypes = new Set(filterResult.redactions.map((r) => r.type));
+        for (const redaction of detectionRedactions) {
+            if (!recordedTypes.has(redaction.type)) {
+                filterResult.redactions.push(redaction);
+                recordedTypes.add(redaction.type);
+            }
+        }
+    }
+    return filterResult;
+}
+//# sourceMappingURL=filter.js.map

package/dist/src/hooks/tool-result-persist/filter.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"filter.js","sourceRoot":"","sources":["../../../../src/hooks/tool-result-persist/filter.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAuCH;;;GAGG;AACH,MAAM,eAAe,GAAoB;IACvC,kBAAkB;IAClB;QACE,OAAO,EAAE,sBAAsB;QAC/B,IAAI,EAAE,gBAAgB;QACtB,WAAW,EAAE,gBAAgB;KAC9B;IACD,qBAAqB;IACrB;QACE,OAAO,EAAE,2BAA2B;QACpC,IAAI,EAAE,mBAAmB;QACzB,WAAW,EAAE,mBAAmB;KACjC;IACD,oBAAoB;IACpB;QACE,OAAO,EAAE,mBAAmB;QAC5B,IAAI,EAAE,gBAAgB;QACtB,WAAW,EAAE,mBAAmB;KACjC;IACD,wCAAwC;IACxC;QACE,OAAO,EAAE,gGAAgG;QACzG,IAAI,EAAE,gBAAgB;QACtB,WAAW,EAAE,uBAAuB;KACrC;IACD,gBAAgB;IAChB;QACE,OAAO,EAAE,4BAA4B;QACrC,IAAI,EAAE,cAAc;QACpB,WAAW,EAAE,cAAc;KAC5B;IACD,wBAAwB;IACxB;QACE,OAAO,EAAE,sBAAsB;QAC/B,IAAI,EAAE,YAAY;QAClB,WAAW,EAAE,8BAA8B;KAC5C;IACD,kBAAkB;IAClB;QACE,OAAO,EAAE,2BAA2B;QACpC,IAAI,EAAE,gBAAgB;QACtB,WAAW,EAAE,qBAAqB;KACnC;IACD;QACE,OAAO,EAAE,2BAA2B;QACpC,IAAI,EAAE,iBAAiB;QACvB,WAAW,EAAE,qBAAqB;KACnC;IACD,eAAe;IACf;QACE,OAAO,EAAE,oDAAoD;QAC7D,IAAI,EAAE,aAAa;QACnB,WAAW,EAAE,aAAa;KAC3B;IACD,kBAAkB;IAClB;QACE,OAAO,EAAE,wBAAwB;QACjC,IAAI,EAAE,gBAAgB;QACtB,WAAW,EAAE,gBAAgB;KAC9B;IACD,aAAa;IACb;QACE,OAAO,EAAE,uDAAuD;QAChE,IAAI,EAAE,KAAK;QACX,WAAW,EAAE,WAAW;KACzB;IACD,gBAAgB;IAChB;QACE,OAAO,EAAE,+BAA+B;QACxC,IAAI,EAAE,cAAc;QACpB,WAAW,EAAE,cAAc;KAC5B;IACD,+BAA+B;IAC/B;QACE,OAAO,EAAE,wBAAwB;QACjC,IAAI,EAAE,KAAK;QACX,WAAW,EAAE,wBAAwB;KACtC;IACD,uCAAuC;IACvC;QACE,OAAO,EAAE,uDAAuD;QAChE,IAAI,EAAE,aAAa;QACnB,WAAW,EAAE,2BAA2B;KACzC;IACD;QACE,OAAO,EAAE,4DAA4D;QACrE,IAAI,EAAE,aAAa;QACnB,WAAW,EAAE,iCAAiC;KAC/C;IACD;QACE,OAAO,EAAE,8CAA8C;QACvD,IAAI,EAAE,aAAa;QACnB,WAAW,EAAE,2BAA2B;KACzC;IACD,eAAe;IACf;QACE,OAAO,EAAE,qHAAqH;QAC9H,IAAI,EAAE,aAAa;QACnB,WAAW,EAAE,aAAa;KAC3B;IACD,2BAA2B;IAC3B;QACE,OAAO,EAAE,kEAAkE;QAC3E,IAAI,EAAE,iBAAiB;QACvB,WAAW,EAAE,iBAAiB;KAC/B;IACD,mCAAmC;IACnC;QACE,OAAO,EAAE,mEAAmE;QAC5E,IAAI,EAAE,UAAU;QAChB,WAAW,EAAE,oBAAoB;KAClC;CACF,CAAC;AAEF;;;;;GAKG;AACH,MAAM,UAAU,YAAY,CAAC,IAAY;IACvC,MAAM,UAAU,GAAgB,EAAE,CAAC;IACnC,IAAI,YAAY,GAAG,IAAI,CAAC;IAExB,oEAAoE;IACpE,MAAM,aAAa,GAAG,IAAI,GAAG,EAAU,CAAC;IAExC,KAAK,MAAM,aAAa,IAAI,eAAe,EAAE,CAAC;QAC5C,2DAA2D;QAC3D,aAAa,CAAC,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC;QAEpC,2BAA2B;QAC3B,MAAM,OAAO,GAAG,YAAY,CAAC,KAAK,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC;QAC1D,IAAI,OAAO,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAClC,sBAAsB;YACtB,YAAY,GAAG,YAAY,CAAC,OAAO,CACjC,aAAa,CAAC,OAAO,EACrB,aAAa,aAAa,CAAC,IAAI,GAAG,CACnC,CAAC;YAEF,4CAA4C;YAC5C,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,aAAa,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC3C,UAAU,CAAC,IAAI,CAAC;oBACd,IAAI,EAAE,aAAa,CAAC,IAAI;oBACxB,WAAW,EAAE,aAAa,CAAC,WAAW;iBACvC,CAAC,CAAC;gBACH,aAAa,CAAC,GAAG,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC;YACxC,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO;QACL,cAAc,EAAE,YAAY;QAC5B,UAAU;QACV,WAAW,EAAE,UAAU,CAAC,MAAM,GAAG,CAAC;KACnC,CAAC;AACJ,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,YAAY,CAAC,GAA4B;IACvD,MAAM,UAAU,GAAgB,EAAE,CAAC;IACnC,MAAM,aAAa,GAAG,IAAI,GAAG,EAAU,CAAC;IACxC,MAAM,QAAQ,GAA4B,EAAE,CAAC;IAE7C,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QAC/C,MAAM,MAAM,GAAG,WAAW,CAAC,KAAK,CAAC,CAAC;QAClC,QAAQ,CAAC,GAAG,CAAC,GAAG,MAAM,CAAC,cAAc,CAAC;QAEtC,6CAA6C;QAC7C,KAAK,MAAM,SAAS,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;YAC1C,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC;gBACvC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;gBAC3B,aAAa,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;YACpC,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO;QACL,cAAc,EAAE,QAAQ;QACxB,UAAU;QACV,WAAW,EAAE,UAAU,CAAC,MAAM,GAAG,CAAC;KACnC,CAAC;AACJ,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,WAAW,CAAC,GAAc;IACxC,MAAM,UAAU,GAAgB,EAAE,CAAC;IACnC,MAAM,aAAa,GAAG,IAAI,GAAG,EAAU,CAAC;IACxC,MAAM,QAAQ,GAAc,EAAE,CAAC;IAE/B,KAAK,MAAM,IAAI,IAAI,GAAG,EAAE,CAAC;QACvB,MAAM,MAAM,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC;QACjC,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC;QAErC,6CAA6C;QAC7C,KAAK,MAAM,SAAS,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;YAC1C,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC;gBACvC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;gBAC3B,aAAa,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;YACpC,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO;QACL,cAAc,EAAE,QAAQ;QACxB,UAAU;QACV,WAAW,EAAE,UAAU,CAAC,MAAM,GAAG,CAAC;KACnC,CAAC;AACJ,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,WAAW,CAAC,KAAc;IACxC,wBAAwB;IACxB,IAAI,KAAK,KAAK,IAAI,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;QAC1C,OAAO;YACL,cAAc,EAAE,KAAK;YACrB,UAAU,EAAE,EAAE;YACd,WAAW,EAAE,KAAK;SACnB,CAAC;IACJ,CAAC;IAED,iBAAiB;IACjB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,OAAO,YAAY,CAAC,KAAK,CAAC,CAAC;IAC7B,CAAC;IAED,gBAAgB;IAChB,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO,WAAW,CAAC,KAAK,CAAC,CAAC;IAC5B,CAAC;IAED,iBAAiB;IACjB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,OAAO,YAAY,CAAC,KAAgC,CAAC,CAAC;IACxD,CAAC;IAED,oDAAoD;IACpD,OAAO;QACL,cAAc,EAAE,KAAK;QACrB,UAAU,EAAE,EAAE;QACd,WAAW,EAAE,KAAK;KACnB,CAAC;AACJ,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,sBAAsB,CACpC,UAAoC;IAEpC,MAAM,UAAU,GAAgB,EAAE,CAAC;IACnC,MAAM,aAAa,GAAG,IAAI,GAAG,EAAU,CAAC;IAExC,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;QACnC,IAAI,CAAC,SAAS,CAAC,QAAQ,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,CAAC;YAC/C,SAAS;QACX,CAAC;QAED,kCAAkC;QAClC,IAAI,IAAI,GAAW,SAAS,CAAC,QAAQ,CAAC,IAAI,CAAC;QAC3C,IAAI,SAAS,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC;YAChC,IAAI,GAAG,GAAG,SAAS,CAAC,QAAQ,CAAC,QAAQ,IAAI,IAAI,EAAE,CAAC;QAClD,CAAC;aAAM,IAAI,SAAS,CAAC,QAAQ,CAAC,OAAO,EAAE,CAAC;YACtC,IAAI,GAAG,SAAS,CAAC,QAAQ,CAAC,OAAO,CAAC;QACpC,CAAC;QAED,oCAAoC;QACpC,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;YAC7B,UAAU,CAAC,IAAI,CAAC;gBACd,IAAI;gBACJ,WAAW,EAAE,SAAS,CAAC,MAAM;aAC9B,CAAC,CAAC;YACH,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAC1B,CAAC;IACH,CAAC;IAED,OAAO,UAAU,CAAC;AACpB,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,YAAY,CAC1B,MAAe,EACf,UAAqC;IAErC,2CAA2C;IAC3C,MAAM,YAAY,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC;IAEzC,yEAAyE;IACzE,IAAI,UAAU,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxC,MAAM,mBAAmB,GAAG,sBAAsB,CAAC,UAAU,CAAC,CAAC;QAE/D,iEAAiE;QACjE,yCAAyC;QACzC,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,YAAY,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;QAC1E,KAAK,MAAM,SAAS,IAAI,mBAAmB,EAAE,CAAC;YAC5C,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC;gBACvC,YAAY,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;gBACxC,aAAa,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;YACpC,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,YAAY,CAAC;AACtB,CAAC"}

package/dist/src/hooks/tool-result-persist/handler.d.ts

@@ -0,0 +1,49 @@
+/**
+ * Tool Result Persist Hook Handler
+ *
+ * Hook handler that scans tool outputs for secrets/PII, prompt injections,
+ * and filters sensitive data before it's persisted.
+ */
+import type { ToolResultPersistHandler } from '../../index.js';
+import type { ClawsecConfig } from '../../config/schema.js';
+/**
+ * Options for creating a tool-result-persist handler
+ */
+export interface ToolResultPersistHandlerOptions {
+    /**
+     * Whether to enable output filtering (redacting secrets)
+     * @default true
+     */
+    filter?: boolean;
+    /**
+     * Whether to enable prompt injection scanning
+     * @default true
+     */
+    scanInjections?: boolean;
+}
+/**
+ * Create the tool-result-persist handler
+ *
+ * This handler runs after a tool executes but before the result is persisted.
+ * It scans the output for secrets/PII and prompt injections, then redacts
+ * or blocks sensitive data.
+ *
+ * Flow:
+ * 1. Check if plugin is enabled
+ * 2. Check if filtering/scanning is enabled
+ * 3. Run prompt injection scanner on tool output
+ * 4. If injection detected with block action, block the output
+ * 5. Run secrets detector on tool output
+ * 6. Filter output if secrets detected
+ * 7. Return result with filtered output and redaction metadata
+ *
+ * @param config - Clawsec configuration
+ * @param options - Optional handler options
+ * @returns ToolResultPersistHandler function
+ */
+export declare function createToolResultPersistHandler(config: ClawsecConfig, options?: ToolResultPersistHandlerOptions): ToolResultPersistHandler;
+/**
+ * Create a default tool-result-persist handler with default configuration
+ */
+export declare function createDefaultToolResultPersistHandler(): ToolResultPersistHandler;
+//# sourceMappingURL=handler.d.ts.map

package/dist/src/hooks/tool-result-persist/handler.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"handler.d.ts","sourceRoot":"","sources":["../../../../src/hooks/tool-result-persist/handler.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAGV,wBAAwB,EACzB,MAAM,gBAAgB,CAAC;AACxB,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAC;AAO5D;;GAEG;AACH,MAAM,WAAW,+BAA+B;IAC9C;;;OAGG;IACH,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB;;;OAGG;IACH,cAAc,CAAC,EAAE,OAAO,CAAC;CAC1B;AAkDD;;;;;;;;;;;;;;;;;;;GAmBG;AACH,wBAAgB,8BAA8B,CAC5C,MAAM,EAAE,aAAa,EACrB,OAAO,CAAC,EAAE,+BAA+B,GACxC,wBAAwB,CA6F1B;AAED;;GAEG;AACH,wBAAgB,qCAAqC,IAAI,wBAAwB,CAmEhF"}

package/dist/src/hooks/tool-result-persist/handler.js

@@ -0,0 +1,217 @@
+/**
+ * Tool Result Persist Hook Handler
+ *
+ * Hook handler that scans tool outputs for secrets/PII, prompt injections,
+ * and filters sensitive data before it's persisted.
+ */
+import { createSecretsDetector } from '../../detectors/secrets/index.js';
+import { scan, sanitize } from '../../sanitization/scanner.js';
+import { filterOutput } from './filter.js';
+/**
+ * Create an allow result with no filtering
+ */
+function createAllowResult() {
+    return {
+        allow: true,
+    };
+}
+/**
+ * Create a block result for detected prompt injections
+ */
+function createBlockResult(redactions) {
+    return {
+        allow: false,
+        redactions,
+    };
+}
+/**
+ * Create a result with filtered output and redaction info
+ */
+function createFilteredResult(filteredOutput, redactions) {
+    return {
+        allow: true,
+        filteredOutput,
+        redactions,
+    };
+}
+/**
+ * Convert tool output to string for scanning
+ */
+function outputToString(output) {
+    if (typeof output === 'string') {
+        return output;
+    }
+    if (output !== null && output !== undefined) {
+        return JSON.stringify(output);
+    }
+    return undefined;
+}
+/**
+ * Create the tool-result-persist handler
+ *
+ * This handler runs after a tool executes but before the result is persisted.
+ * It scans the output for secrets/PII and prompt injections, then redacts
+ * or blocks sensitive data.
+ *
+ * Flow:
+ * 1. Check if plugin is enabled
+ * 2. Check if filtering/scanning is enabled
+ * 3. Run prompt injection scanner on tool output
+ * 4. If injection detected with block action, block the output
+ * 5. Run secrets detector on tool output
+ * 6. Filter output if secrets detected
+ * 7. Return result with filtered output and redaction metadata
+ *
+ * @param config - Clawsec configuration
+ * @param options - Optional handler options
+ * @returns ToolResultPersistHandler function
+ */
+export function createToolResultPersistHandler(config, options) {
+    const filterEnabled = options?.filter ?? true;
+    const scanInjectionsEnabled = options?.scanInjections ?? true;
+    // Create secrets detector from config
+    const secretsDetector = createSecretsDetector({
+        enabled: config.rules?.secrets?.enabled ?? true,
+        severity: config.rules?.secrets?.severity ?? 'critical',
+        action: config.rules?.secrets?.action ?? 'block',
+    });
+    // Create scanner config from sanitization rules
+    const sanitizationConfig = config.rules?.sanitization;
+    const scannerConfig = {
+        enabled: sanitizationConfig?.enabled ?? true,
+        categories: {
+            instructionOverride: sanitizationConfig?.categories?.instructionOverride ?? true,
+            systemLeak: sanitizationConfig?.categories?.systemLeak ?? true,
+            jailbreak: sanitizationConfig?.categories?.jailbreak ?? true,
+            encodedPayload: sanitizationConfig?.categories?.encodedPayload ?? true,
+        },
+        minConfidence: sanitizationConfig?.minConfidence ?? 0.5,
+        redactMatches: sanitizationConfig?.redactMatches ?? false,
+    };
+    return async (context) => {
+        // 1. Check if plugin is globally disabled
+        if (config.global?.enabled === false) {
+            return createAllowResult();
+        }
+        // Convert output to string for scanning
+        const toolOutputString = outputToString(context.toolOutput);
+        // 2. Run prompt injection scanner if enabled
+        if (scanInjectionsEnabled && sanitizationConfig?.enabled !== false && toolOutputString) {
+            const scanResult = scan(toolOutputString, scannerConfig);
+            if (scanResult.hasInjection) {
+                const injectionRedactions = scanResult.matches.map(match => ({
+                    type: `injection-${match.category}`,
+                    description: `Prompt injection detected: ${match.match.substring(0, 50)}${match.match.length > 50 ? '...' : ''}`,
+                }));
+                // If action is 'block', reject the output entirely
+                if (sanitizationConfig?.action === 'block') {
+                    return createBlockResult(injectionRedactions);
+                }
+                // If redactMatches is enabled, sanitize the output
+                if (sanitizationConfig?.redactMatches) {
+                    const sanitizedOutput = sanitize(toolOutputString, scanResult.matches);
+                    return createFilteredResult(sanitizedOutput, injectionRedactions);
+                }
+                // Otherwise, just log/warn and continue
+                // The redactions are passed for logging purposes
+            }
+        }
+        // 3. Check if secrets filtering is disabled
+        if (!filterEnabled || config.rules?.secrets?.enabled === false) {
+            return createAllowResult();
+        }
+        // 4. Run secrets detector on the tool output
+        let detections = [];
+        try {
+            detections = await secretsDetector.detectAll({
+                toolName: context.toolName,
+                toolInput: context.toolInput,
+                toolOutput: toolOutputString,
+            });
+        }
+        catch {
+            // If detection fails, allow the output through without filtering
+            // This ensures tool results aren't lost due to detector errors
+            return createAllowResult();
+        }
+        // 5. Filter output with pattern matching (catches secrets detector might have missed)
+        const filterResult = filterOutput(context.toolOutput, detections);
+        // 6. If nothing was redacted, allow through unchanged
+        if (!filterResult.wasRedacted) {
+            return createAllowResult();
+        }
+        // 7. Return filtered result with redaction metadata
+        return createFilteredResult(filterResult.filteredOutput, filterResult.redactions);
+    };
+}
+/**
+ * Create a default tool-result-persist handler with default configuration
+ */
+export function createDefaultToolResultPersistHandler() {
+    const defaultConfig = {
+        version: '1.0',
+        global: {
+            enabled: true,
+            logLevel: 'info',
+        },
+        llm: {
+            enabled: true,
+            model: null,
+        },
+        rules: {
+            purchase: {
+                enabled: true,
+                severity: 'critical',
+                action: 'block',
+                spendLimits: { perTransaction: 100, daily: 500 },
+                domains: { mode: 'blocklist', blocklist: [] },
+            },
+            website: {
+                enabled: true,
+                mode: 'blocklist',
+                severity: 'high',
+                action: 'block',
+                blocklist: [],
+                allowlist: [],
+            },
+            destructive: {
+                enabled: true,
+                severity: 'critical',
+                action: 'confirm',
+                shell: { enabled: true },
+                cloud: { enabled: true },
+                code: { enabled: true },
+            },
+            secrets: {
+                enabled: true,
+                severity: 'critical',
+                action: 'block',
+            },
+            exfiltration: {
+                enabled: true,
+                severity: 'high',
+                action: 'block',
+            },
+            sanitization: {
+                enabled: true,
+                severity: 'high',
+                action: 'block',
+                minConfidence: 0.5,
+                redactMatches: false,
+                categories: {
+                    instructionOverride: true,
+                    systemLeak: true,
+                    jailbreak: true,
+                    encodedPayload: true,
+                },
+            },
+        },
+        approval: {
+            native: { enabled: true, timeout: 300 },
+            agentConfirm: { enabled: true, parameterName: '_clawsec_confirm' },
+            webhook: { enabled: false, url: undefined, timeout: 30, headers: {} },
+        },
+    };
+    return createToolResultPersistHandler(defaultConfig);
+}
+//# sourceMappingURL=handler.js.map

package/dist/src/hooks/tool-result-persist/handler.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"handler.js","sourceRoot":"","sources":["../../../../src/hooks/tool-result-persist/handler.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AASH,OAAO,EAAE,qBAAqB,EAAE,MAAM,kCAAkC,CAAC;AACzE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,+BAA+B,CAAC;AAE/D,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAkB3C;;GAEG;AACH,SAAS,iBAAiB;IACxB,OAAO;QACL,KAAK,EAAE,IAAI;KACZ,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,iBAAiB,CACxB,UAAwD;IAExD,OAAO;QACL,KAAK,EAAE,KAAK;QACZ,UAAU;KACX,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,oBAAoB,CAC3B,cAAuB,EACvB,UAAwD;IAExD,OAAO;QACL,KAAK,EAAE,IAAI;QACX,cAAc;QACd,UAAU;KACX,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,cAAc,CAAC,MAAe;IACrC,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;QAC/B,OAAO,MAAM,CAAC;IAChB,CAAC;IACD,IAAI,MAAM,KAAK,IAAI,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;QAC5C,OAAO,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;IAChC,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;;;;;;;;;;;;;;;;;;GAmBG;AACH,MAAM,UAAU,8BAA8B,CAC5C,MAAqB,EACrB,OAAyC;IAEzC,MAAM,aAAa,GAAG,OAAO,EAAE,MAAM,IAAI,IAAI,CAAC;IAC9C,MAAM,qBAAqB,GAAG,OAAO,EAAE,cAAc,IAAI,IAAI,CAAC;IAE9D,sCAAsC;IACtC,MAAM,eAAe,GAAG,qBAAqB,CAAC;QAC5C,OAAO,EAAE,MAAM,CAAC,KAAK,EAAE,OAAO,EAAE,OAAO,IAAI,IAAI;QAC/C,QAAQ,EAAE,MAAM,CAAC,KAAK,EAAE,OAAO,EAAE,QAAQ,IAAI,UAAU;QACvD,MAAM,EAAE,MAAM,CAAC,KAAK,EAAE,OAAO,EAAE,MAAM,IAAI,OAAO;KACjD,CAAC,CAAC;IAEH,gDAAgD;IAChD,MAAM,kBAAkB,GAAG,MAAM,CAAC,KAAK,EAAE,YAAY,CAAC;IACtD,MAAM,aAAa,GAAkB;QACnC,OAAO,EAAE,kBAAkB,EAAE,OAAO,IAAI,IAAI;QAC5C,UAAU,EAAE;YACV,mBAAmB,EAAE,kBAAkB,EAAE,UAAU,EAAE,mBAAmB,IAAI,IAAI;YAChF,UAAU,EAAE,kBAAkB,EAAE,UAAU,EAAE,UAAU,IAAI,IAAI;YAC9D,SAAS,EAAE,kBAAkB,EAAE,UAAU,EAAE,SAAS,IAAI,IAAI;YAC5D,cAAc,EAAE,kBAAkB,EAAE,UAAU,EAAE,cAAc,IAAI,IAAI;SACvE;QACD,aAAa,EAAE,kBAAkB,EAAE,aAAa,IAAI,GAAG;QACvD,aAAa,EAAE,kBAAkB,EAAE,aAAa,IAAI,KAAK;KAC1D,CAAC;IAEF,OAAO,KAAK,EAAE,OAA0B,EAAoC,EAAE;QAC5E,0CAA0C;QAC1C,IAAI,MAAM,CAAC,MAAM,EAAE,OAAO,KAAK,KAAK,EAAE,CAAC;YACrC,OAAO,iBAAiB,EAAE,CAAC;QAC7B,CAAC;QAED,wCAAwC;QACxC,MAAM,gBAAgB,GAAG,cAAc,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;QAE5D,6CAA6C;QAC7C,IAAI,qBAAqB,IAAI,kBAAkB,EAAE,OAAO,KAAK,KAAK,IAAI,gBAAgB,EAAE,CAAC;YACvF,MAAM,UAAU,GAAG,IAAI,CAAC,gBAAgB,EAAE,aAAa,CAAC,CAAC;YAEzD,IAAI,UAAU,CAAC,YAAY,EAAE,CAAC;gBAC5B,MAAM,mBAAmB,GAAG,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;oBAC3D,IAAI,EAAE,aAAa,KAAK,CAAC,QAAQ,EAAE;oBACnC,WAAW,EAAE,8BAA8B,KAAK,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE;iBACjH,CAAC,CAAC,CAAC;gBAEJ,mDAAmD;gBACnD,IAAI,kBAAkB,EAAE,MAAM,KAAK,OAAO,EAAE,CAAC;oBAC3C,OAAO,iBAAiB,CAAC,mBAAmB,CAAC,CAAC;gBAChD,CAAC;gBAED,mDAAmD;gBACnD,IAAI,kBAAkB,EAAE,aAAa,EAAE,CAAC;oBACtC,MAAM,eAAe,GAAG,QAAQ,CAAC,gBAAgB,EAAE,UAAU,CAAC,OAAO,CAAC,CAAC;oBACvE,OAAO,oBAAoB,CAAC,eAAe,EAAE,mBAAmB,CAAC,CAAC;gBACpE,CAAC;gBAED,wCAAwC;gBACxC,iDAAiD;YACnD,CAAC;QACH,CAAC;QAED,4CAA4C;QAC5C,IAAI,CAAC,aAAa,IAAI,MAAM,CAAC,KAAK,EAAE,OAAO,EAAE,OAAO,KAAK,KAAK,EAAE,CAAC;YAC/D,OAAO,iBAAiB,EAAE,CAAC;QAC7B,CAAC;QAED,6CAA6C;QAC7C,IAAI,UAAU,GAA6B,EAAE,CAAC;QAC9C,IAAI,CAAC;YACH,UAAU,GAAG,MAAM,eAAe,CAAC,SAAS,CAAC;gBAC3C,QAAQ,EAAE,OAAO,CAAC,QAAQ;gBAC1B,SAAS,EAAE,OAAO,CAAC,SAAS;gBAC5B,UAAU,EAAE,gBAAgB;aAC7B,CAAC,CAAC;QACL,CAAC;QAAC,MAAM,CAAC;YACP,iEAAiE;YACjE,+DAA+D;YAC/D,OAAO,iBAAiB,EAAE,CAAC;QAC7B,CAAC;QAED,sFAAsF;QACtF,MAAM,YAAY,GAAG,YAAY,CAAC,OAAO,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;QAElE,sDAAsD;QACtD,IAAI,CAAC,YAAY,CAAC,WAAW,EAAE,CAAC;YAC9B,OAAO,iBAAiB,EAAE,CAAC;QAC7B,CAAC;QAED,oDAAoD;QACpD,OAAO,oBAAoB,CACzB,YAAY,CAAC,cAAc,EAC3B,YAAY,CAAC,UAAU,CACxB,CAAC;IACJ,CAAC,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,qCAAqC;IACnD,MAAM,aAAa,GAAkB;QACnC,OAAO,EAAE,KAAK;QACd,MAAM,EAAE;YACN,OAAO,EAAE,IAAI;YACb,QAAQ,EAAE,MAAM;SACjB;QACD,GAAG,EAAE;YACH,OAAO,EAAE,IAAI;YACb,KAAK,EAAE,IAAI;SACZ;QACD,KAAK,EAAE;YACL,QAAQ,EAAE;gBACR,OAAO,EAAE,IAAI;gBACb,QAAQ,EAAE,UAAU;gBACpB,MAAM,EAAE,OAAO;gBACf,WAAW,EAAE,EAAE,cAAc,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE;gBAChD,OAAO,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,SAAS,EAAE,EAAE,EAAE;aAC9C;YACD,OAAO,EAAE;gBACP,OAAO,EAAE,IAAI;gBACb,IAAI,EAAE,WAAW;gBACjB,QAAQ,EAAE,MAAM;gBAChB,MAAM,EAAE,OAAO;gBACf,SAAS,EAAE,EAAE;gBACb,SAAS,EAAE,EAAE;aACd;YACD,WAAW,EAAE;gBACX,OAAO,EAAE,IAAI;gBACb,QAAQ,EAAE,UAAU;gBACpB,MAAM,EAAE,SAAS;gBACjB,KAAK,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE;gBACxB,KAAK,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE;gBACxB,IAAI,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE;aACxB;YACD,OAAO,EAAE;gBACP,OAAO,EAAE,IAAI;gBACb,QAAQ,EAAE,UAAU;gBACpB,MAAM,EAAE,OAAO;aAChB;YACD,YAAY,EAAE;gBACZ,OAAO,EAAE,IAAI;gBACb,QAAQ,EAAE,MAAM;gBAChB,MAAM,EAAE,OAAO;aAChB;YACD,YAAY,EAAE;gBACZ,OAAO,EAAE,IAAI;gBACb,QAAQ,EAAE,MAAM;gBAChB,MAAM,EAAE,OAAO;gBACf,aAAa,EAAE,GAAG;gBAClB,aAAa,EAAE,KAAK;gBACpB,UAAU,EAAE;oBACV,mBAAmB,EAAE,IAAI;oBACzB,UAAU,EAAE,IAAI;oBAChB,SAAS,EAAE,IAAI;oBACf,cAAc,EAAE,IAAI;iBACrB;aACF;SACF;QACD,QAAQ,EAAE;YACR,MAAM,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,EAAE;YACvC,YAAY,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,aAAa,EAAE,kBAAkB,EAAE;YAClE,OAAO,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,SAAS,EAAE,OAAO,EAAE,EAAE,EAAE,OAAO,EAAE,EAAE,EAAE;SACtE;KACF,CAAC;IAEF,OAAO,8BAA8B,CAAC,aAAa,CAAC,CAAC;AACvD,CAAC"}

package/dist/src/hooks/tool-result-persist/index.d.ts

@@ -0,0 +1,11 @@
+/**
+ * Tool Result Persist Hook
+ *
+ * Scans tool outputs for secrets/PII and filters sensitive data
+ * before persistence.
+ */
+export { createToolResultPersistHandler, createDefaultToolResultPersistHandler, } from './handler.js';
+export type { ToolResultPersistHandlerOptions } from './handler.js';
+export { filterOutput, filterValue, redactString, redactObject, redactArray, detectionsToRedactions, } from './filter.js';
+export type { Redaction, FilterResult } from './filter.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/src/hooks/tool-result-persist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/hooks/tool-result-persist/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,OAAO,EACL,8BAA8B,EAC9B,qCAAqC,GACtC,MAAM,cAAc,CAAC;AACtB,YAAY,EAAE,+BAA+B,EAAE,MAAM,cAAc,CAAC;AAGpE,OAAO,EACL,YAAY,EACZ,WAAW,EACX,YAAY,EACZ,YAAY,EACZ,WAAW,EACX,sBAAsB,GACvB,MAAM,aAAa,CAAC;AACrB,YAAY,EAAE,SAAS,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC"}

package/dist/src/hooks/tool-result-persist/index.js

@@ -0,0 +1,11 @@
+/**
+ * Tool Result Persist Hook
+ *
+ * Scans tool outputs for secrets/PII and filters sensitive data
+ * before persistence.
+ */
+// Handler exports
+export { createToolResultPersistHandler, createDefaultToolResultPersistHandler, } from './handler.js';
+// Filter exports
+export { filterOutput, filterValue, redactString, redactObject, redactArray, detectionsToRedactions, } from './filter.js';
+//# sourceMappingURL=index.js.map

package/dist/src/hooks/tool-result-persist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/hooks/tool-result-persist/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,kBAAkB;AAClB,OAAO,EACL,8BAA8B,EAC9B,qCAAqC,GACtC,MAAM,cAAc,CAAC;AAGtB,iBAAiB;AACjB,OAAO,EACL,YAAY,EACZ,WAAW,EACX,YAAY,EACZ,YAAY,EACZ,WAAW,EACX,sBAAsB,GACvB,MAAM,aAAa,CAAC"}