clawsec 0.0.1

package/dist/src/proxy/types.d.ts

@@ -0,0 +1,136 @@
+/**
+ * Proxy Server Type Definitions
+ * Types for the standalone HTTP proxy server
+ */
+import type { ClawsecConfig } from '../config/schema.js';
+import type { AnalysisResult, Detection } from '../engine/types.js';
+/**
+ * Configuration for the proxy server
+ */
+export interface ProxyConfig {
+    /** Port to listen on */
+    port: number;
+    /** Host to bind to (default: '127.0.0.1') */
+    host?: string;
+    /** Clawsec configuration for analysis */
+    clawsecConfig: ClawsecConfig;
+}
+/**
+ * Request body for the /analyze endpoint
+ */
+export interface ProxyRequest {
+    /** Name of the tool being called */
+    toolName: string;
+    /** Input parameters to the tool */
+    toolInput: Record<string, unknown>;
+    /** Optional session identifier */
+    sessionId?: string;
+    /** Optional user identifier */
+    userId?: string;
+}
+/**
+ * Response from the /analyze endpoint
+ */
+export interface ProxyResponse {
+    /** Whether the request is allowed */
+    allowed: boolean;
+    /** Human-readable message explaining the decision */
+    message?: string;
+    /** Information about pending approval (if action is 'confirm') */
+    pendingApproval?: {
+        /** Unique identifier for the approval */
+        id: string;
+        /** Timeout in seconds before the approval expires */
+        timeout: number;
+    };
+    /** Filtered/sanitized input (if any modifications were made) */
+    filteredInput?: Record<string, unknown>;
+    /** Analysis result details */
+    analysis?: {
+        /** Recommended action */
+        action: AnalysisResult['action'];
+        /** List of detections */
+        detections: Detection[];
+        /** Whether result was cached */
+        cached: boolean;
+        /** Analysis duration in milliseconds */
+        durationMs?: number;
+    };
+}
+/**
+ * Response from /approve/:id and /deny/:id endpoints
+ */
+export interface ApprovalActionResponse {
+    /** Whether the operation succeeded */
+    success: boolean;
+    /** Human-readable message */
+    message: string;
+}
+/**
+ * Response from /status endpoint
+ */
+export interface StatusResponse {
+    /** Whether the server is active and accepting requests */
+    active: boolean;
+    /** Configuration summary */
+    config: {
+        /** Configured port */
+        port: number;
+        /** Configured host */
+        host: string;
+        /** Whether global detection is enabled */
+        enabled: boolean;
+    };
+    /** Number of pending approvals */
+    pendingApprovals: number;
+}
+/**
+ * Response from /health endpoint
+ */
+export interface HealthResponse {
+    /** Health status */
+    status: 'ok';
+}
+/**
+ * Error response for API errors
+ */
+export interface ErrorResponse {
+    /** Error flag */
+    error: true;
+    /** Error message */
+    message: string;
+    /** HTTP status code */
+    statusCode: number;
+}
+/**
+ * Proxy server interface
+ */
+export interface ProxyServer {
+    /** Start the server */
+    start(): Promise<void>;
+    /** Stop the server */
+    stop(): Promise<void>;
+    /** Get the actual port the server is listening on */
+    getPort(): number;
+}
+/**
+ * HTTP request handler function
+ */
+export type RequestHandler = (req: ProxyHttpRequest, res: ProxyHttpResponse) => Promise<void> | void;
+/**
+ * Simplified HTTP request interface
+ */
+export interface ProxyHttpRequest {
+    method: string;
+    url: string;
+    body?: unknown;
+}
+/**
+ * Simplified HTTP response interface
+ */
+export interface ProxyHttpResponse {
+    statusCode: number;
+    json(data: unknown): void;
+    end(): void;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/src/proxy/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/proxy/types.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACzD,OAAO,KAAK,EAAE,cAAc,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAC;AAEpE;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,wBAAwB;IACxB,IAAI,EAAE,MAAM,CAAC;IACb,6CAA6C;IAC7C,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,yCAAyC;IACzC,aAAa,EAAE,aAAa,CAAC;CAC9B;AAED;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,oCAAoC;IACpC,QAAQ,EAAE,MAAM,CAAC;IACjB,mCAAmC;IACnC,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACnC,kCAAkC;IAClC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,+BAA+B;IAC/B,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,qCAAqC;IACrC,OAAO,EAAE,OAAO,CAAC;IACjB,qDAAqD;IACrD,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,kEAAkE;IAClE,eAAe,CAAC,EAAE;QAChB,yCAAyC;QACzC,EAAE,EAAE,MAAM,CAAC;QACX,qDAAqD;QACrD,OAAO,EAAE,MAAM,CAAC;KACjB,CAAC;IACF,gEAAgE;IAChE,aAAa,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACxC,8BAA8B;IAC9B,QAAQ,CAAC,EAAE;QACT,yBAAyB;QACzB,MAAM,EAAE,cAAc,CAAC,QAAQ,CAAC,CAAC;QACjC,yBAAyB;QACzB,UAAU,EAAE,SAAS,EAAE,CAAC;QACxB,gCAAgC;QAChC,MAAM,EAAE,OAAO,CAAC;QAChB,wCAAwC;QACxC,UAAU,CAAC,EAAE,MAAM,CAAC;KACrB,CAAC;CACH;AAED;;GAEG;AACH,MAAM,WAAW,sBAAsB;IACrC,sCAAsC;IACtC,OAAO,EAAE,OAAO,CAAC;IACjB,6BAA6B;IAC7B,OAAO,EAAE,MAAM,CAAC;CACjB;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,0DAA0D;IAC1D,MAAM,EAAE,OAAO,CAAC;IAChB,4BAA4B;IAC5B,MAAM,EAAE;QACN,sBAAsB;QACtB,IAAI,EAAE,MAAM,CAAC;QACb,sBAAsB;QACtB,IAAI,EAAE,MAAM,CAAC;QACb,0CAA0C;QAC1C,OAAO,EAAE,OAAO,CAAC;KAClB,CAAC;IACF,kCAAkC;IAClC,gBAAgB,EAAE,MAAM,CAAC;CAC1B;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,oBAAoB;IACpB,MAAM,EAAE,IAAI,CAAC;CACd;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,iBAAiB;IACjB,KAAK,EAAE,IAAI,CAAC;IACZ,oBAAoB;IACpB,OAAO,EAAE,MAAM,CAAC;IAChB,uBAAuB;IACvB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,uBAAuB;IACvB,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;IACvB,sBAAsB;IACtB,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;IACtB,qDAAqD;IACrD,OAAO,IAAI,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,MAAM,cAAc,GAAG,CAC3B,GAAG,EAAE,gBAAgB,EACrB,GAAG,EAAE,iBAAiB,KACnB,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC;AAE1B;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,MAAM,EAAE,MAAM,CAAC;IACf,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,CAAC,EAAE,OAAO,CAAC;CAChB;AAED;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,UAAU,EAAE,MAAM,CAAC;IACnB,IAAI,CAAC,IAAI,EAAE,OAAO,GAAG,IAAI,CAAC;IAC1B,GAAG,IAAI,IAAI,CAAC;CACb"}

package/dist/src/proxy/types.js

@@ -0,0 +1,6 @@
+/**
+ * Proxy Server Type Definitions
+ * Types for the standalone HTTP proxy server
+ */
+export {};
+//# sourceMappingURL=types.js.map

package/dist/src/proxy/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../src/proxy/types.ts"],"names":[],"mappings":"AAAA;;;GAGG"}

package/dist/src/sanitization/index.d.ts

@@ -0,0 +1,10 @@
+/**
+ * Output scanner for prompt injection detection
+ *
+ * @module sanitization
+ */
+export type { InjectionCategory, InjectionMatch, ScanResult, ScannerConfig, } from './types.js';
+export type { PatternDef } from './patterns.js';
+export { INSTRUCTION_OVERRIDE_PATTERNS, SYSTEM_LEAK_PATTERNS, JAILBREAK_PATTERNS, ENCODED_PAYLOAD_PATTERNS, PATTERNS_BY_CATEGORY, getEnabledPatterns, } from './patterns.js';
+export { scan, sanitize, createScanner, DEFAULT_SCANNER_CONFIG, } from './scanner.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/src/sanitization/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/sanitization/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,YAAY,EACV,iBAAiB,EACjB,cAAc,EACd,UAAU,EACV,aAAa,GACd,MAAM,YAAY,CAAC;AAGpB,YAAY,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAChD,OAAO,EACL,6BAA6B,EAC7B,oBAAoB,EACpB,kBAAkB,EAClB,wBAAwB,EACxB,oBAAoB,EACpB,kBAAkB,GACnB,MAAM,eAAe,CAAC;AAGvB,OAAO,EACL,IAAI,EACJ,QAAQ,EACR,aAAa,EACb,sBAAsB,GACvB,MAAM,cAAc,CAAC"}

package/dist/src/sanitization/index.js

@@ -0,0 +1,9 @@
+/**
+ * Output scanner for prompt injection detection
+ *
+ * @module sanitization
+ */
+export { INSTRUCTION_OVERRIDE_PATTERNS, SYSTEM_LEAK_PATTERNS, JAILBREAK_PATTERNS, ENCODED_PAYLOAD_PATTERNS, PATTERNS_BY_CATEGORY, getEnabledPatterns, } from './patterns.js';
+// Scanner exports
+export { scan, sanitize, createScanner, DEFAULT_SCANNER_CONFIG, } from './scanner.js';
+//# sourceMappingURL=index.js.map

package/dist/src/sanitization/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/sanitization/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAYH,OAAO,EACL,6BAA6B,EAC7B,oBAAoB,EACpB,kBAAkB,EAClB,wBAAwB,EACxB,oBAAoB,EACpB,kBAAkB,GACnB,MAAM,eAAe,CAAC;AAEvB,kBAAkB;AAClB,OAAO,EACL,IAAI,EACJ,QAAQ,EACR,aAAa,EACb,sBAAsB,GACvB,MAAM,cAAc,CAAC"}

package/dist/src/sanitization/patterns.d.ts

@@ -0,0 +1,51 @@
+/**
+ * Pattern definitions for prompt injection detection
+ */
+import type { InjectionCategory } from './types.js';
+/**
+ * Pattern definition with metadata
+ */
+export interface PatternDef {
+    /** Regular expression pattern (case-insensitive by default) */
+    pattern: RegExp;
+    /** Base confidence score for this pattern */
+    confidence: number;
+    /** Description of what this pattern detects */
+    description: string;
+}
+/**
+ * Instruction override patterns
+ * Detects attempts to override or ignore previous instructions
+ */
+export declare const INSTRUCTION_OVERRIDE_PATTERNS: PatternDef[];
+/**
+ * System prompt leak patterns
+ * Detects attempts to extract system prompts or initial instructions
+ */
+export declare const SYSTEM_LEAK_PATTERNS: PatternDef[];
+/**
+ * Jailbreak patterns
+ * Detects attempts to bypass safety restrictions
+ */
+export declare const JAILBREAK_PATTERNS: PatternDef[];
+/**
+ * Encoded payload patterns
+ * Detects potentially malicious encoded content
+ */
+export declare const ENCODED_PAYLOAD_PATTERNS: PatternDef[];
+/**
+ * Map of category to patterns
+ */
+export declare const PATTERNS_BY_CATEGORY: Record<InjectionCategory, PatternDef[]>;
+/**
+ * Get all patterns for enabled categories
+ * @param categories - Which categories are enabled
+ * @returns Array of [category, pattern] tuples
+ */
+export declare function getEnabledPatterns(categories: {
+    instructionOverride: boolean;
+    systemLeak: boolean;
+    jailbreak: boolean;
+    encodedPayload: boolean;
+}): Array<[InjectionCategory, PatternDef]>;
+//# sourceMappingURL=patterns.d.ts.map

package/dist/src/sanitization/patterns.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"patterns.d.ts","sourceRoot":"","sources":["../../../src/sanitization/patterns.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAEpD;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,+DAA+D;IAC/D,OAAO,EAAE,MAAM,CAAC;IAChB,6CAA6C;IAC7C,UAAU,EAAE,MAAM,CAAC;IACnB,+CAA+C;IAC/C,WAAW,EAAE,MAAM,CAAC;CACrB;AAED;;;GAGG;AACH,eAAO,MAAM,6BAA6B,EAAE,UAAU,EA6DrD,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,oBAAoB,EAAE,UAAU,EA8C5C,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,kBAAkB,EAAE,UAAU,EA6D1C,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,wBAAwB,EAAE,UAAU,EAoChD,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,oBAAoB,EAAE,MAAM,CAAC,iBAAiB,EAAE,UAAU,EAAE,CAKxE,CAAC;AAEF;;;;GAIG;AACH,wBAAgB,kBAAkB,CAAC,UAAU,EAAE;IAC7C,mBAAmB,EAAE,OAAO,CAAC;IAC7B,UAAU,EAAE,OAAO,CAAC;IACpB,SAAS,EAAE,OAAO,CAAC;IACnB,cAAc,EAAE,OAAO,CAAC;CACzB,GAAG,KAAK,CAAC,CAAC,iBAAiB,EAAE,UAAU,CAAC,CAAC,CA4BzC"}

package/dist/src/sanitization/patterns.js

@@ -0,0 +1,266 @@
+/**
+ * Pattern definitions for prompt injection detection
+ */
+/**
+ * Instruction override patterns
+ * Detects attempts to override or ignore previous instructions
+ */
+export const INSTRUCTION_OVERRIDE_PATTERNS = [
+    {
+        pattern: /ignore\s+(all\s+)?previous\s+(instructions?|prompts?|messages?)/i,
+        confidence: 0.95,
+        description: 'Direct instruction to ignore previous instructions',
+    },
+    {
+        pattern: /disregard\s+(all\s+)?(previous\s+|prior\s+|above\s+)?(instructions?|prompts?|directives?)/i,
+        confidence: 0.95,
+        description: 'Instruction to disregard previous directives',
+    },
+    {
+        pattern: /forget\s+(everything|all)\s+(you\s+)?(know|were\s+told|learned)/i,
+        confidence: 0.9,
+        description: 'Attempt to reset context',
+    },
+    {
+        pattern: /\bnew\s+task\s*:/i,
+        confidence: 0.85,
+        description: 'Attempt to inject a new task',
+    },
+    {
+        pattern: /\bsystem\s*:\s*\w/i,
+        confidence: 0.8,
+        description: 'Fake system message prefix',
+    },
+    {
+        pattern: /\bassistant\s*:\s*\w/i,
+        confidence: 0.7,
+        description: 'Fake assistant message prefix',
+    },
+    {
+        pattern: /\buser\s*:\s*\w/i,
+        confidence: 0.6,
+        description: 'Fake user message prefix',
+    },
+    {
+        pattern: /override\s+(your\s+)?(instructions?|programming|guidelines?)/i,
+        confidence: 0.9,
+        description: 'Direct override attempt',
+    },
+    {
+        pattern: /from\s+now\s+on[,\s]+(you\s+)?(will|must|should|are)/i,
+        confidence: 0.75,
+        description: 'Attempt to change behavior going forward',
+    },
+    {
+        pattern: /stop\s+being\s+(an?\s+)?(ai|assistant|helpful)/i,
+        confidence: 0.85,
+        description: 'Attempt to change AI persona',
+    },
+    {
+        pattern: /do\s+not\s+follow\s+(your\s+)?(rules?|guidelines?|instructions?)/i,
+        confidence: 0.9,
+        description: 'Instruction to break rules',
+    },
+    {
+        pattern: /your\s+(new|actual|real)\s+(instructions?|task|goal)\s+(is|are)/i,
+        confidence: 0.9,
+        description: 'Fake new instructions',
+    },
+];
+/**
+ * System prompt leak patterns
+ * Detects attempts to extract system prompts or initial instructions
+ */
+export const SYSTEM_LEAK_PATTERNS = [
+    {
+        pattern: /your\s+system\s+prompt/i,
+        confidence: 0.9,
+        description: 'Direct reference to system prompt',
+    },
+    {
+        pattern: /(show|reveal|display|print|output|tell\s+me)\s+(your\s+)?(system\s+prompt|initial\s+instructions?)/i,
+        confidence: 0.95,
+        description: 'Request to reveal system prompt',
+    },
+    {
+        pattern: /initial\s+(instructions?|prompt|configuration)/i,
+        confidence: 0.7,
+        description: 'Reference to initial instructions',
+    },
+    {
+        pattern: /original\s+(prompt|instructions?|system\s+message)/i,
+        confidence: 0.75,
+        description: 'Reference to original prompt',
+    },
+    {
+        pattern: /what\s+(are|were)\s+your\s+(original|initial|first)\s+(instructions?|directives?)/i,
+        confidence: 0.85,
+        description: 'Question about initial instructions',
+    },
+    {
+        pattern: /repeat\s+(your\s+)?(system|initial|original)\s+(prompt|instructions?)/i,
+        confidence: 0.9,
+        description: 'Request to repeat system prompt',
+    },
+    {
+        pattern: /leak\s+(your\s+)?(system|initial)\s+(prompt|instructions?)/i,
+        confidence: 0.95,
+        description: 'Direct leak request',
+    },
+    {
+        pattern: /hidden\s+(prompt|instructions?|directives?)/i,
+        confidence: 0.8,
+        description: 'Reference to hidden instructions',
+    },
+    {
+        pattern: /confidential\s+(instructions?|prompt|configuration)/i,
+        confidence: 0.75,
+        description: 'Reference to confidential configuration',
+    },
+];
+/**
+ * Jailbreak patterns
+ * Detects attempts to bypass safety restrictions
+ */
+export const JAILBREAK_PATTERNS = [
+    {
+        pattern: /\bDAN\s+(mode|enabled?)/i,
+        confidence: 0.95,
+        description: 'DAN (Do Anything Now) jailbreak',
+    },
+    {
+        pattern: /\bdeveloper\s+mode\s+(enabled?|activated?|on)/i,
+        confidence: 0.95,
+        description: 'Developer mode jailbreak',
+    },
+    {
+        pattern: /\bjailbr(eak|oken|eaking|eaked)\b/i,
+        confidence: 0.9,
+        description: 'Direct jailbreak reference',
+    },
+    {
+        pattern: /pretend\s+(you\s+are|to\s+be|you're)\s+(an?\s+)?(different|another|evil|unrestricted)/i,
+        confidence: 0.85,
+        description: 'Persona manipulation attempt',
+    },
+    {
+        pattern: /act\s+as\s+(if\s+)?(you\s+)?(have\s+no|without)\s+(restrictions?|limits?|rules?)/i,
+        confidence: 0.9,
+        description: 'Request to act without restrictions',
+    },
+    {
+        pattern: /\bunlocked?\s+(mode|version|ai)/i,
+        confidence: 0.85,
+        description: 'Unlocked mode reference',
+    },
+    {
+        pattern: /\bno\s+(ethical|moral|safety)\s+(guidelines?|restrictions?|limits?)/i,
+        confidence: 0.9,
+        description: 'Request to ignore ethical guidelines',
+    },
+    {
+        pattern: /bypass\s+(your\s+)?(restrictions?|filters?|safety|guidelines?)/i,
+        confidence: 0.9,
+        description: 'Bypass attempt',
+    },
+    {
+        pattern: /\benable\s+(god|admin|super)\s*mode/i,
+        confidence: 0.9,
+        description: 'Special mode enable attempt',
+    },
+    {
+        pattern: /you\s+are\s+now\s+(free|unrestricted|unlimited|uncensored)/i,
+        confidence: 0.85,
+        description: 'Freedom assertion',
+    },
+    {
+        pattern: /roleplay\s+as\s+(an?\s+)?(evil|malicious|unrestricted|unfiltered)/i,
+        confidence: 0.85,
+        description: 'Malicious roleplay request',
+    },
+    {
+        pattern: /\banti[- ]?ai\s+(mode|prompt)/i,
+        confidence: 0.85,
+        description: 'Anti-AI prompt pattern',
+    },
+];
+/**
+ * Encoded payload patterns
+ * Detects potentially malicious encoded content
+ */
+export const ENCODED_PAYLOAD_PATTERNS = [
+    {
+        pattern: /eyJ[A-Za-z0-9+/=]{20,}/,
+        confidence: 0.7,
+        description: 'Base64 encoded JSON (starts with eyJ)',
+    },
+    {
+        pattern: /(?:^|[^A-Za-z0-9+/])[A-Za-z0-9+/]{50,}={0,2}(?:[^A-Za-z0-9+/=]|$)/,
+        confidence: 0.5,
+        description: 'Long base64 string',
+    },
+    {
+        pattern: /\\x[0-9a-fA-F]{2}(?:\\x[0-9a-fA-F]{2}){10,}/,
+        confidence: 0.8,
+        description: 'Hex escape sequence',
+    },
+    {
+        pattern: /0x[0-9a-fA-F]{20,}/,
+        confidence: 0.6,
+        description: 'Long hex string',
+    },
+    {
+        pattern: /\\u[0-9a-fA-F]{4}(?:\\u[0-9a-fA-F]{4}){5,}/,
+        confidence: 0.75,
+        description: 'Unicode escape sequence',
+    },
+    {
+        pattern: /%[0-9a-fA-F]{2}(?:%[0-9a-fA-F]{2}){10,}/,
+        confidence: 0.7,
+        description: 'URL encoded sequence',
+    },
+    {
+        pattern: /&#x?[0-9a-fA-F]+;(?:&#x?[0-9a-fA-F]+;){5,}/,
+        confidence: 0.75,
+        description: 'HTML entity encoded sequence',
+    },
+];
+/**
+ * Map of category to patterns
+ */
+export const PATTERNS_BY_CATEGORY = {
+    'instruction-override': INSTRUCTION_OVERRIDE_PATTERNS,
+    'system-leak': SYSTEM_LEAK_PATTERNS,
+    jailbreak: JAILBREAK_PATTERNS,
+    'encoded-payload': ENCODED_PAYLOAD_PATTERNS,
+};
+/**
+ * Get all patterns for enabled categories
+ * @param categories - Which categories are enabled
+ * @returns Array of [category, pattern] tuples
+ */
+export function getEnabledPatterns(categories) {
+    const result = [];
+    if (categories.instructionOverride) {
+        for (const pattern of INSTRUCTION_OVERRIDE_PATTERNS) {
+            result.push(['instruction-override', pattern]);
+        }
+    }
+    if (categories.systemLeak) {
+        for (const pattern of SYSTEM_LEAK_PATTERNS) {
+            result.push(['system-leak', pattern]);
+        }
+    }
+    if (categories.jailbreak) {
+        for (const pattern of JAILBREAK_PATTERNS) {
+            result.push(['jailbreak', pattern]);
+        }
+    }
+    if (categories.encodedPayload) {
+        for (const pattern of ENCODED_PAYLOAD_PATTERNS) {
+            result.push(['encoded-payload', pattern]);
+        }
+    }
+    return result;
+}
+//# sourceMappingURL=patterns.js.map

package/dist/src/sanitization/patterns.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"patterns.js","sourceRoot":"","sources":["../../../src/sanitization/patterns.ts"],"names":[],"mappings":"AAAA;;GAEG;AAgBH;;;GAGG;AACH,MAAM,CAAC,MAAM,6BAA6B,GAAiB;IACzD;QACE,OAAO,EAAE,kEAAkE;QAC3E,UAAU,EAAE,IAAI;QAChB,WAAW,EAAE,oDAAoD;KAClE;IACD;QACE,OAAO,EAAE,4FAA4F;QACrG,UAAU,EAAE,IAAI;QAChB,WAAW,EAAE,8CAA8C;KAC5D;IACD;QACE,OAAO,EAAE,kEAAkE;QAC3E,UAAU,EAAE,GAAG;QACf,WAAW,EAAE,0BAA0B;KACxC;IACD;QACE,OAAO,EAAE,mBAAmB;QAC5B,UAAU,EAAE,IAAI;QAChB,WAAW,EAAE,8BAA8B;KAC5C;IACD;QACE,OAAO,EAAE,oBAAoB;QAC7B,UAAU,EAAE,GAAG;QACf,WAAW,EAAE,4BAA4B;KAC1C;IACD;QACE,OAAO,EAAE,uBAAuB;QAChC,UAAU,EAAE,GAAG;QACf,WAAW,EAAE,+BAA+B;KAC7C;IACD;QACE,OAAO,EAAE,kBAAkB;QAC3B,UAAU,EAAE,GAAG;QACf,WAAW,EAAE,0BAA0B;KACxC;IACD;QACE,OAAO,EAAE,+DAA+D;QACxE,UAAU,EAAE,GAAG;QACf,WAAW,EAAE,yBAAyB;KACvC;IACD;QACE,OAAO,EAAE,uDAAuD;QAChE,UAAU,EAAE,IAAI;QAChB,WAAW,EAAE,0CAA0C;KACxD;IACD;QACE,OAAO,EAAE,iDAAiD;QAC1D,UAAU,EAAE,IAAI;QAChB,WAAW,EAAE,8BAA8B;KAC5C;IACD;QACE,OAAO,EAAE,mEAAmE;QAC5E,UAAU,EAAE,GAAG;QACf,WAAW,EAAE,4BAA4B;KAC1C;IACD;QACE,OAAO,EAAE,kEAAkE;QAC3E,UAAU,EAAE,GAAG;QACf,WAAW,EAAE,uBAAuB;KACrC;CACF,CAAC;AAEF;;;GAGG;AACH,MAAM,CAAC,MAAM,oBAAoB,GAAiB;IAChD;QACE,OAAO,EAAE,yBAAyB;QAClC,UAAU,EAAE,GAAG;QACf,WAAW,EAAE,mCAAmC;KACjD;IACD;QACE,OAAO,EAAE,qGAAqG;QAC9G,UAAU,EAAE,IAAI;QAChB,WAAW,EAAE,iCAAiC;KAC/C;IACD;QACE,OAAO,EAAE,iDAAiD;QAC1D,UAAU,EAAE,GAAG;QACf,WAAW,EAAE,mCAAmC;KACjD;IACD;QACE,OAAO,EAAE,qDAAqD;QAC9D,UAAU,EAAE,IAAI;QAChB,WAAW,EAAE,8BAA8B;KAC5C;IACD;QACE,OAAO,EAAE,oFAAoF;QAC7F,UAAU,EAAE,IAAI;QAChB,WAAW,EAAE,qCAAqC;KACnD;IACD;QACE,OAAO,EAAE,wEAAwE;QACjF,UAAU,EAAE,GAAG;QACf,WAAW,EAAE,iCAAiC;KAC/C;IACD;QACE,OAAO,EAAE,6DAA6D;QACtE,UAAU,EAAE,IAAI;QAChB,WAAW,EAAE,qBAAqB;KACnC;IACD;QACE,OAAO,EAAE,8CAA8C;QACvD,UAAU,EAAE,GAAG;QACf,WAAW,EAAE,kCAAkC;KAChD;IACD;QACE,OAAO,EAAE,sDAAsD;QAC/D,UAAU,EAAE,IAAI;QAChB,WAAW,EAAE,yCAAyC;KACvD;CACF,CAAC;AAEF;;;GAGG;AACH,MAAM,CAAC,MAAM,kBAAkB,GAAiB;IAC9C;QACE,OAAO,EAAE,0BAA0B;QACnC,UAAU,EAAE,IAAI;QAChB,WAAW,EAAE,iCAAiC;KAC/C;IACD;QACE,OAAO,EAAE,gDAAgD;QACzD,UAAU,EAAE,IAAI;QAChB,WAAW,EAAE,0BAA0B;KACxC;IACD;QACE,OAAO,EAAE,oCAAoC;QAC7C,UAAU,EAAE,GAAG;QACf,WAAW,EAAE,4BAA4B;KAC1C;IACD;QACE,OAAO,EAAE,wFAAwF;QACjG,UAAU,EAAE,IAAI;QAChB,WAAW,EAAE,8BAA8B;KAC5C;IACD;QACE,OAAO,EAAE,mFAAmF;QAC5F,UAAU,EAAE,GAAG;QACf,WAAW,EAAE,qCAAqC;KACnD;IACD;QACE,OAAO,EAAE,kCAAkC;QAC3C,UAAU,EAAE,IAAI;QAChB,WAAW,EAAE,yBAAyB;KACvC;IACD;QACE,OAAO,EAAE,sEAAsE;QAC/E,UAAU,EAAE,GAAG;QACf,WAAW,EAAE,sCAAsC;KACpD;IACD;QACE,OAAO,EAAE,iEAAiE;QAC1E,UAAU,EAAE,GAAG;QACf,WAAW,EAAE,gBAAgB;KAC9B;IACD;QACE,OAAO,EAAE,sCAAsC;QAC/C,UAAU,EAAE,GAAG;QACf,WAAW,EAAE,6BAA6B;KAC3C;IACD;QACE,OAAO,EAAE,6DAA6D;QACtE,UAAU,EAAE,IAAI;QAChB,WAAW,EAAE,mBAAmB;KACjC;IACD;QACE,OAAO,EAAE,oEAAoE;QAC7E,UAAU,EAAE,IAAI;QAChB,WAAW,EAAE,4BAA4B;KAC1C;IACD;QACE,OAAO,EAAE,gCAAgC;QACzC,UAAU,EAAE,IAAI;QAChB,WAAW,EAAE,wBAAwB;KACtC;CACF,CAAC;AAEF;;;GAGG;AACH,MAAM,CAAC,MAAM,wBAAwB,GAAiB;IACpD;QACE,OAAO,EAAE,wBAAwB;QACjC,UAAU,EAAE,GAAG;QACf,WAAW,EAAE,uCAAuC;KACrD;IACD;QACE,OAAO,EAAE,mEAAmE;QAC5E,UAAU,EAAE,GAAG;QACf,WAAW,EAAE,oBAAoB;KAClC;IACD;QACE,OAAO,EAAE,6CAA6C;QACtD,UAAU,EAAE,GAAG;QACf,WAAW,EAAE,qBAAqB;KACnC;IACD;QACE,OAAO,EAAE,oBAAoB;QAC7B,UAAU,EAAE,GAAG;QACf,WAAW,EAAE,iBAAiB;KAC/B;IACD;QACE,OAAO,EAAE,4CAA4C;QACrD,UAAU,EAAE,IAAI;QAChB,WAAW,EAAE,yBAAyB;KACvC;IACD;QACE,OAAO,EAAE,yCAAyC;QAClD,UAAU,EAAE,GAAG;QACf,WAAW,EAAE,sBAAsB;KACpC;IACD;QACE,OAAO,EAAE,4CAA4C;QACrD,UAAU,EAAE,IAAI;QAChB,WAAW,EAAE,8BAA8B;KAC5C;CACF,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,oBAAoB,GAA4C;IAC3E,sBAAsB,EAAE,6BAA6B;IACrD,aAAa,EAAE,oBAAoB;IACnC,SAAS,EAAE,kBAAkB;IAC7B,iBAAiB,EAAE,wBAAwB;CAC5C,CAAC;AAEF;;;;GAIG;AACH,MAAM,UAAU,kBAAkB,CAAC,UAKlC;IACC,MAAM,MAAM,GAA2C,EAAE,CAAC;IAE1D,IAAI,UAAU,CAAC,mBAAmB,EAAE,CAAC;QACnC,KAAK,MAAM,OAAO,IAAI,6BAA6B,EAAE,CAAC;YACpD,MAAM,CAAC,IAAI,CAAC,CAAC,sBAAsB,EAAE,OAAO,CAAC,CAAC,CAAC;QACjD,CAAC;IACH,CAAC;IAED,IAAI,UAAU,CAAC,UAAU,EAAE,CAAC;QAC1B,KAAK,MAAM,OAAO,IAAI,oBAAoB,EAAE,CAAC;YAC3C,MAAM,CAAC,IAAI,CAAC,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC,CAAC;QACxC,CAAC;IACH,CAAC;IAED,IAAI,UAAU,CAAC,SAAS,EAAE,CAAC;QACzB,KAAK,MAAM,OAAO,IAAI,kBAAkB,EAAE,CAAC;YACzC,MAAM,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC,CAAC;QACtC,CAAC;IACH,CAAC;IAED,IAAI,UAAU,CAAC,cAAc,EAAE,CAAC;QAC9B,KAAK,MAAM,OAAO,IAAI,wBAAwB,EAAE,CAAC;YAC/C,MAAM,CAAC,IAAI,CAAC,CAAC,iBAAiB,EAAE,OAAO,CAAC,CAAC,CAAC;QAC5C,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC"}

package/dist/src/sanitization/scanner.d.ts

@@ -0,0 +1,29 @@
+/**
+ * Main scanner implementation for prompt injection detection
+ */
+import type { InjectionMatch, ScanResult, ScannerConfig } from './types.js';
+/**
+ * Default scanner configuration
+ */
+export declare const DEFAULT_SCANNER_CONFIG: ScannerConfig;
+/**
+ * Scan content for injection patterns
+ * @param content - Content to scan
+ * @param config - Scanner configuration
+ * @returns Scan result
+ */
+export declare function scan(content: string, config?: Partial<ScannerConfig>): ScanResult;
+/**
+ * Sanitize content by redacting matched injections
+ * @param content - Original content
+ * @param matches - Detected injection matches
+ * @returns Sanitized content with redactions
+ */
+export declare function sanitize(content: string, matches: InjectionMatch[]): string;
+/**
+ * Create a scanner instance with preset configuration
+ * @param config - Scanner configuration
+ * @returns Scanner function
+ */
+export declare function createScanner(config?: Partial<ScannerConfig>): (content: string) => ScanResult;
+//# sourceMappingURL=scanner.d.ts.map

package/dist/src/sanitization/scanner.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"scanner.d.ts","sourceRoot":"","sources":["../../../src/sanitization/scanner.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAE,UAAU,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAG5E;;GAEG;AACH,eAAO,MAAM,sBAAsB,EAAE,aAUpC,CAAC;AA6GF;;;;;GAKG;AACH,wBAAgB,IAAI,CAClB,OAAO,EAAE,MAAM,EACf,MAAM,CAAC,EAAE,OAAO,CAAC,aAAa,CAAC,GAC9B,UAAU,CA6EZ;AAgID;;;;;GAKG;AACH,wBAAgB,QAAQ,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,cAAc,EAAE,GAAG,MAAM,CAuB3E;AAED;;;;GAIG;AACH,wBAAgB,aAAa,CAC3B,MAAM,CAAC,EAAE,OAAO,CAAC,aAAa,CAAC,GAC9B,CAAC,OAAO,EAAE,MAAM,KAAK,UAAU,CAWjC"}