npm - clawsec - Versions diffs - 0.0.1 - Mend

clawsec 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (361) hide show

package/README.md +560 -0
package/dist/bin/clawsec.d.ts +7 -0
package/dist/bin/clawsec.d.ts.map +1 -0
package/dist/bin/clawsec.js +12 -0
package/dist/bin/clawsec.js.map +1 -0
package/dist/src/actions/block.d.ts +22 -0
package/dist/src/actions/block.d.ts.map +1 -0
package/dist/src/actions/block.js +83 -0
package/dist/src/actions/block.js.map +1 -0
package/dist/src/actions/confirm.d.ts +35 -0
package/dist/src/actions/confirm.d.ts.map +1 -0
package/dist/src/actions/confirm.js +156 -0
package/dist/src/actions/confirm.js.map +1 -0
package/dist/src/actions/executor.d.ts +64 -0
package/dist/src/actions/executor.d.ts.map +1 -0
package/dist/src/actions/executor.js +114 -0
package/dist/src/actions/executor.js.map +1 -0
package/dist/src/actions/index.d.ts +13 -0
package/dist/src/actions/index.d.ts.map +1 -0
package/dist/src/actions/index.js +15 -0
package/dist/src/actions/index.js.map +1 -0
package/dist/src/actions/log.d.ts +19 -0
package/dist/src/actions/log.d.ts.map +1 -0
package/dist/src/actions/log.js +63 -0
package/dist/src/actions/log.js.map +1 -0
package/dist/src/actions/types.d.ts +85 -0
package/dist/src/actions/types.d.ts.map +1 -0
package/dist/src/actions/types.js +78 -0
package/dist/src/actions/types.js.map +1 -0
package/dist/src/actions/warn.d.ts +22 -0
package/dist/src/actions/warn.d.ts.map +1 -0
package/dist/src/actions/warn.js +84 -0
package/dist/src/actions/warn.js.map +1 -0
package/dist/src/approval/agent-confirm.d.ts +104 -0
package/dist/src/approval/agent-confirm.d.ts.map +1 -0
package/dist/src/approval/agent-confirm.js +173 -0
package/dist/src/approval/agent-confirm.js.map +1 -0
package/dist/src/approval/index.d.ts +14 -0
package/dist/src/approval/index.d.ts.map +1 -0
package/dist/src/approval/index.js +9 -0
package/dist/src/approval/index.js.map +1 -0
package/dist/src/approval/native.d.ts +56 -0
package/dist/src/approval/native.d.ts.map +1 -0
package/dist/src/approval/native.js +196 -0
package/dist/src/approval/native.js.map +1 -0
package/dist/src/approval/store.d.ts +88 -0
package/dist/src/approval/store.d.ts.map +1 -0
package/dist/src/approval/store.js +192 -0
package/dist/src/approval/store.js.map +1 -0
package/dist/src/approval/types.d.ts +119 -0
package/dist/src/approval/types.d.ts.map +1 -0
package/dist/src/approval/types.js +6 -0
package/dist/src/approval/types.js.map +1 -0
package/dist/src/approval/webhook.d.ts +170 -0
package/dist/src/approval/webhook.d.ts.map +1 -0
package/dist/src/approval/webhook.js +362 -0
package/dist/src/approval/webhook.js.map +1 -0
package/dist/src/cli/commands/audit.d.ts +43 -0
package/dist/src/cli/commands/audit.d.ts.map +1 -0
package/dist/src/cli/commands/audit.js +115 -0
package/dist/src/cli/commands/audit.js.map +1 -0
package/dist/src/cli/commands/feedback.d.ts +27 -0
package/dist/src/cli/commands/feedback.d.ts.map +1 -0
package/dist/src/cli/commands/feedback.js +228 -0
package/dist/src/cli/commands/feedback.js.map +1 -0
package/dist/src/cli/commands/index.d.ts +11 -0
package/dist/src/cli/commands/index.d.ts.map +1 -0
package/dist/src/cli/commands/index.js +13 -0
package/dist/src/cli/commands/index.js.map +1 -0
package/dist/src/cli/commands/status.d.ts +20 -0
package/dist/src/cli/commands/status.d.ts.map +1 -0
package/dist/src/cli/commands/status.js +122 -0
package/dist/src/cli/commands/status.js.map +1 -0
package/dist/src/cli/commands/test.d.ts +23 -0
package/dist/src/cli/commands/test.d.ts.map +1 -0
package/dist/src/cli/commands/test.js +134 -0
package/dist/src/cli/commands/test.js.map +1 -0
package/dist/src/cli/commands/types.d.ts +81 -0
package/dist/src/cli/commands/types.d.ts.map +1 -0
package/dist/src/cli/commands/types.js +6 -0
package/dist/src/cli/commands/types.js.map +1 -0
package/dist/src/cli/index.d.ts +17 -0
package/dist/src/cli/index.d.ts.map +1 -0
package/dist/src/cli/index.js +267 -0
package/dist/src/cli/index.js.map +1 -0
package/dist/src/config/defaults.d.ts +20 -0
package/dist/src/config/defaults.d.ts.map +1 -0
package/dist/src/config/defaults.js +123 -0
package/dist/src/config/defaults.js.map +1 -0
package/dist/src/config/index.d.ts +8 -0
package/dist/src/config/index.d.ts.map +1 -0
package/dist/src/config/index.js +41 -0
package/dist/src/config/index.js.map +1 -0
package/dist/src/config/loader.d.ts +99 -0
package/dist/src/config/loader.d.ts.map +1 -0
package/dist/src/config/loader.js +242 -0
package/dist/src/config/loader.js.map +1 -0
package/dist/src/config/schema.d.ts +627 -0
package/dist/src/config/schema.d.ts.map +1 -0
package/dist/src/config/schema.js +585 -0
package/dist/src/config/schema.js.map +1 -0
package/dist/src/detectors/destructive/cloud-detector.d.ts +51 -0
package/dist/src/detectors/destructive/cloud-detector.d.ts.map +1 -0
package/dist/src/detectors/destructive/cloud-detector.js +556 -0
package/dist/src/detectors/destructive/cloud-detector.js.map +1 -0
package/dist/src/detectors/destructive/code-detector.d.ts +59 -0
package/dist/src/detectors/destructive/code-detector.d.ts.map +1 -0
package/dist/src/detectors/destructive/code-detector.js +558 -0
package/dist/src/detectors/destructive/code-detector.js.map +1 -0
package/dist/src/detectors/destructive/index.d.ts +54 -0
package/dist/src/detectors/destructive/index.d.ts.map +1 -0
package/dist/src/detectors/destructive/index.js +168 -0
package/dist/src/detectors/destructive/index.js.map +1 -0
package/dist/src/detectors/destructive/shell-detector.d.ts +43 -0
package/dist/src/detectors/destructive/shell-detector.d.ts.map +1 -0
package/dist/src/detectors/destructive/shell-detector.js +302 -0
package/dist/src/detectors/destructive/shell-detector.js.map +1 -0
package/dist/src/detectors/destructive/types.d.ts +143 -0
package/dist/src/detectors/destructive/types.d.ts.map +1 -0
package/dist/src/detectors/destructive/types.js +6 -0
package/dist/src/detectors/destructive/types.js.map +1 -0
package/dist/src/detectors/exfiltration/cloud-detector.d.ts +51 -0
package/dist/src/detectors/exfiltration/cloud-detector.d.ts.map +1 -0
package/dist/src/detectors/exfiltration/cloud-detector.js +427 -0
package/dist/src/detectors/exfiltration/cloud-detector.js.map +1 -0
package/dist/src/detectors/exfiltration/http-detector.d.ts +47 -0
package/dist/src/detectors/exfiltration/http-detector.d.ts.map +1 -0
package/dist/src/detectors/exfiltration/http-detector.js +429 -0
package/dist/src/detectors/exfiltration/http-detector.js.map +1 -0
package/dist/src/detectors/exfiltration/index.d.ts +44 -0
package/dist/src/detectors/exfiltration/index.d.ts.map +1 -0
package/dist/src/detectors/exfiltration/index.js +118 -0
package/dist/src/detectors/exfiltration/index.js.map +1 -0
package/dist/src/detectors/exfiltration/network-detector.d.ts +55 -0
package/dist/src/detectors/exfiltration/network-detector.d.ts.map +1 -0
package/dist/src/detectors/exfiltration/network-detector.js +504 -0
package/dist/src/detectors/exfiltration/network-detector.js.map +1 -0
package/dist/src/detectors/exfiltration/types.d.ts +139 -0
package/dist/src/detectors/exfiltration/types.d.ts.map +1 -0
package/dist/src/detectors/exfiltration/types.js +6 -0
package/dist/src/detectors/exfiltration/types.js.map +1 -0
package/dist/src/detectors/purchase/domain-detector.d.ts +44 -0
package/dist/src/detectors/purchase/domain-detector.d.ts.map +1 -0
package/dist/src/detectors/purchase/domain-detector.js +296 -0
package/dist/src/detectors/purchase/domain-detector.js.map +1 -0
package/dist/src/detectors/purchase/form-detector.d.ts +27 -0
package/dist/src/detectors/purchase/form-detector.d.ts.map +1 -0
package/dist/src/detectors/purchase/form-detector.js +344 -0
package/dist/src/detectors/purchase/form-detector.js.map +1 -0
package/dist/src/detectors/purchase/index.d.ts +65 -0
package/dist/src/detectors/purchase/index.d.ts.map +1 -0
package/dist/src/detectors/purchase/index.js +216 -0
package/dist/src/detectors/purchase/index.js.map +1 -0
package/dist/src/detectors/purchase/spend-tracker.d.ts +132 -0
package/dist/src/detectors/purchase/spend-tracker.d.ts.map +1 -0
package/dist/src/detectors/purchase/spend-tracker.js +313 -0
package/dist/src/detectors/purchase/spend-tracker.js.map +1 -0
package/dist/src/detectors/purchase/types.d.ts +139 -0
package/dist/src/detectors/purchase/types.d.ts.map +1 -0
package/dist/src/detectors/purchase/types.js +6 -0
package/dist/src/detectors/purchase/types.js.map +1 -0
package/dist/src/detectors/purchase/url-detector.d.ts +31 -0
package/dist/src/detectors/purchase/url-detector.d.ts.map +1 -0
package/dist/src/detectors/purchase/url-detector.js +292 -0
package/dist/src/detectors/purchase/url-detector.js.map +1 -0
package/dist/src/detectors/secrets/api-key-detector.d.ts +30 -0
package/dist/src/detectors/secrets/api-key-detector.d.ts.map +1 -0
package/dist/src/detectors/secrets/api-key-detector.js +297 -0
package/dist/src/detectors/secrets/api-key-detector.js.map +1 -0
package/dist/src/detectors/secrets/index.d.ts +43 -0
package/dist/src/detectors/secrets/index.d.ts.map +1 -0
package/dist/src/detectors/secrets/index.js +261 -0
package/dist/src/detectors/secrets/index.js.map +1 -0
package/dist/src/detectors/secrets/pii-detector.d.ts +54 -0
package/dist/src/detectors/secrets/pii-detector.d.ts.map +1 -0
package/dist/src/detectors/secrets/pii-detector.js +286 -0
package/dist/src/detectors/secrets/pii-detector.js.map +1 -0
package/dist/src/detectors/secrets/token-detector.d.ts +51 -0
package/dist/src/detectors/secrets/token-detector.d.ts.map +1 -0
package/dist/src/detectors/secrets/token-detector.js +233 -0
package/dist/src/detectors/secrets/token-detector.js.map +1 -0
package/dist/src/detectors/secrets/types.d.ts +157 -0
package/dist/src/detectors/secrets/types.d.ts.map +1 -0
package/dist/src/detectors/secrets/types.js +6 -0
package/dist/src/detectors/secrets/types.js.map +1 -0
package/dist/src/detectors/website/category-detector.d.ts +22 -0
package/dist/src/detectors/website/category-detector.d.ts.map +1 -0
package/dist/src/detectors/website/category-detector.js +162 -0
package/dist/src/detectors/website/category-detector.js.map +1 -0
package/dist/src/detectors/website/index.d.ts +53 -0
package/dist/src/detectors/website/index.d.ts.map +1 -0
package/dist/src/detectors/website/index.js +232 -0
package/dist/src/detectors/website/index.js.map +1 -0
package/dist/src/detectors/website/pattern-matcher.d.ts +33 -0
package/dist/src/detectors/website/pattern-matcher.d.ts.map +1 -0
package/dist/src/detectors/website/pattern-matcher.js +121 -0
package/dist/src/detectors/website/pattern-matcher.js.map +1 -0
package/dist/src/detectors/website/types.d.ts +105 -0
package/dist/src/detectors/website/types.d.ts.map +1 -0
package/dist/src/detectors/website/types.js +6 -0
package/dist/src/detectors/website/types.js.map +1 -0
package/dist/src/engine/analyzer.d.ts +87 -0
package/dist/src/engine/analyzer.d.ts.map +1 -0
package/dist/src/engine/analyzer.js +427 -0
package/dist/src/engine/analyzer.js.map +1 -0
package/dist/src/engine/cache.d.ts +80 -0
package/dist/src/engine/cache.d.ts.map +1 -0
package/dist/src/engine/cache.js +167 -0
package/dist/src/engine/cache.js.map +1 -0
package/dist/src/engine/index.d.ts +11 -0
package/dist/src/engine/index.d.ts.map +1 -0
package/dist/src/engine/index.js +11 -0
package/dist/src/engine/index.js.map +1 -0
package/dist/src/engine/llm-client.d.ts +210 -0
package/dist/src/engine/llm-client.d.ts.map +1 -0
package/dist/src/engine/llm-client.js +506 -0
package/dist/src/engine/llm-client.js.map +1 -0
package/dist/src/engine/types.d.ts +163 -0
package/dist/src/engine/types.d.ts.map +1 -0
package/dist/src/engine/types.js +21 -0
package/dist/src/engine/types.js.map +1 -0
package/dist/src/feedback/index.d.ts +9 -0
package/dist/src/feedback/index.d.ts.map +1 -0
package/dist/src/feedback/index.js +8 -0
package/dist/src/feedback/index.js.map +1 -0
package/dist/src/feedback/learner.d.ts +222 -0
package/dist/src/feedback/learner.d.ts.map +1 -0
package/dist/src/feedback/learner.js +401 -0
package/dist/src/feedback/learner.js.map +1 -0
package/dist/src/feedback/store.d.ts +113 -0
package/dist/src/feedback/store.d.ts.map +1 -0
package/dist/src/feedback/store.js +228 -0
package/dist/src/feedback/store.js.map +1 -0
package/dist/src/feedback/types.d.ts +126 -0
package/dist/src/feedback/types.d.ts.map +1 -0
package/dist/src/feedback/types.js +6 -0
package/dist/src/feedback/types.js.map +1 -0
package/dist/src/hooks/before-agent-start/handler.d.ts +37 -0
package/dist/src/hooks/before-agent-start/handler.d.ts.map +1 -0
package/dist/src/hooks/before-agent-start/handler.js +109 -0
package/dist/src/hooks/before-agent-start/handler.js.map +1 -0
package/dist/src/hooks/before-agent-start/index.d.ts +8 -0
package/dist/src/hooks/before-agent-start/index.d.ts.map +1 -0
package/dist/src/hooks/before-agent-start/index.js +7 -0
package/dist/src/hooks/before-agent-start/index.js.map +1 -0
package/dist/src/hooks/before-agent-start/prompts.d.ts +48 -0
package/dist/src/hooks/before-agent-start/prompts.d.ts.map +1 -0
package/dist/src/hooks/before-agent-start/prompts.js +103 -0
package/dist/src/hooks/before-agent-start/prompts.js.map +1 -0
package/dist/src/hooks/before-tool-call/handler.d.ts +42 -0
package/dist/src/hooks/before-tool-call/handler.d.ts.map +1 -0
package/dist/src/hooks/before-tool-call/handler.js +226 -0
package/dist/src/hooks/before-tool-call/handler.js.map +1 -0
package/dist/src/hooks/before-tool-call/index.d.ts +7 -0
package/dist/src/hooks/before-tool-call/index.d.ts.map +1 -0
package/dist/src/hooks/before-tool-call/index.js +6 -0
package/dist/src/hooks/before-tool-call/index.js.map +1 -0
package/dist/src/hooks/tool-result-persist/filter.d.ts +72 -0
package/dist/src/hooks/tool-result-persist/filter.d.ts.map +1 -0
package/dist/src/hooks/tool-result-persist/filter.js +305 -0
package/dist/src/hooks/tool-result-persist/filter.js.map +1 -0
package/dist/src/hooks/tool-result-persist/handler.d.ts +49 -0
package/dist/src/hooks/tool-result-persist/handler.d.ts.map +1 -0
package/dist/src/hooks/tool-result-persist/handler.js +217 -0
package/dist/src/hooks/tool-result-persist/handler.js.map +1 -0
package/dist/src/hooks/tool-result-persist/index.d.ts +11 -0
package/dist/src/hooks/tool-result-persist/index.d.ts.map +1 -0
package/dist/src/hooks/tool-result-persist/index.js +11 -0
package/dist/src/hooks/tool-result-persist/index.js.map +1 -0
package/dist/src/index.d.ts +256 -0
package/dist/src/index.d.ts.map +1 -0
package/dist/src/index.js +222 -0
package/dist/src/index.js.map +1 -0
package/dist/src/notifications/discord.d.ts +10 -0
package/dist/src/notifications/discord.d.ts.map +1 -0
package/dist/src/notifications/discord.js +218 -0
package/dist/src/notifications/discord.js.map +1 -0
package/dist/src/notifications/index.d.ts +37 -0
package/dist/src/notifications/index.d.ts.map +1 -0
package/dist/src/notifications/index.js +68 -0
package/dist/src/notifications/index.js.map +1 -0
package/dist/src/notifications/slack.d.ts +10 -0
package/dist/src/notifications/slack.d.ts.map +1 -0
package/dist/src/notifications/slack.js +218 -0
package/dist/src/notifications/slack.js.map +1 -0
package/dist/src/notifications/telegram.d.ts +10 -0
package/dist/src/notifications/telegram.d.ts.map +1 -0
package/dist/src/notifications/telegram.js +242 -0
package/dist/src/notifications/telegram.js.map +1 -0
package/dist/src/notifications/types.d.ts +119 -0
package/dist/src/notifications/types.d.ts.map +1 -0
package/dist/src/notifications/types.js +6 -0
package/dist/src/notifications/types.js.map +1 -0
package/dist/src/proxy/index.d.ts +8 -0
package/dist/src/proxy/index.d.ts.map +1 -0
package/dist/src/proxy/index.js +9 -0
package/dist/src/proxy/index.js.map +1 -0
package/dist/src/proxy/middleware.d.ts +55 -0
package/dist/src/proxy/middleware.d.ts.map +1 -0
package/dist/src/proxy/middleware.js +215 -0
package/dist/src/proxy/middleware.js.map +1 -0
package/dist/src/proxy/server.d.ts +57 -0
package/dist/src/proxy/server.d.ts.map +1 -0
package/dist/src/proxy/server.js +298 -0
package/dist/src/proxy/server.js.map +1 -0
package/dist/src/proxy/types.d.ts +136 -0
package/dist/src/proxy/types.d.ts.map +1 -0
package/dist/src/proxy/types.js +6 -0
package/dist/src/proxy/types.js.map +1 -0
package/dist/src/sanitization/index.d.ts +10 -0
package/dist/src/sanitization/index.d.ts.map +1 -0
package/dist/src/sanitization/index.js +9 -0
package/dist/src/sanitization/index.js.map +1 -0
package/dist/src/sanitization/patterns.d.ts +51 -0
package/dist/src/sanitization/patterns.d.ts.map +1 -0
package/dist/src/sanitization/patterns.js +266 -0
package/dist/src/sanitization/patterns.js.map +1 -0
package/dist/src/sanitization/scanner.d.ts +29 -0
package/dist/src/sanitization/scanner.d.ts.map +1 -0
package/dist/src/sanitization/scanner.js +328 -0
package/dist/src/sanitization/scanner.js.map +1 -0
package/dist/src/sanitization/types.d.ts +57 -0
package/dist/src/sanitization/types.d.ts.map +1 -0
package/dist/src/sanitization/types.js +5 -0
package/dist/src/sanitization/types.js.map +1 -0
package/openclaw.plugin.json +114 -0
package/package.json +63 -0
package/rules/builtin/README.md +139 -0
package/rules/builtin/ai-services.yaml +70 -0
package/rules/builtin/api-keys.yaml +64 -0
package/rules/builtin/authentication.yaml +56 -0
package/rules/builtin/aws-security.yaml +57 -0
package/rules/builtin/azure-security.yaml +58 -0
package/rules/builtin/cicd-security.yaml +64 -0
package/rules/builtin/cloud-storage.yaml +64 -0
package/rules/builtin/container-registry.yaml +55 -0
package/rules/builtin/crypto-wallets.yaml +71 -0
package/rules/builtin/database-nosql.yaml +58 -0
package/rules/builtin/database-sql.yaml +62 -0
package/rules/builtin/development-env.yaml +67 -0
package/rules/builtin/docker.yaml +57 -0
package/rules/builtin/filesystem.yaml +71 -0
package/rules/builtin/financial-pci.yaml +61 -0
package/rules/builtin/gcp-security.yaml +57 -0
package/rules/builtin/git-operations.yaml +68 -0
package/rules/builtin/healthcare-hipaa.yaml +64 -0
package/rules/builtin/kubernetes.yaml +60 -0
package/rules/builtin/messaging-services.yaml +53 -0
package/rules/builtin/minimal.yaml +47 -0
package/rules/builtin/mobile-development.yaml +61 -0
package/rules/builtin/monitoring.yaml +63 -0
package/rules/builtin/network-security.yaml +57 -0
package/rules/builtin/package-managers.yaml +74 -0
package/rules/builtin/payment-processing.yaml +66 -0
package/rules/builtin/pii-protection.yaml +48 -0
package/rules/builtin/production-strict.yaml +55 -0
package/rules/builtin/secrets-management.yaml +63 -0
package/rules/builtin/serverless.yaml +74 -0
package/rules/builtin/ssh-security.yaml +66 -0
package/rules/builtin/terraform.yaml +51 -0
package/rules/builtin/web-security.yaml +62 -0

package/dist/src/sanitization/scanner.js ADDED Viewed

@@ -0,0 +1,328 @@
+/**
+ * Main scanner implementation for prompt injection detection
+ */
+import { getEnabledPatterns, PATTERNS_BY_CATEGORY } from './patterns.js';
+/**
+ * Default scanner configuration
+ */
+export const DEFAULT_SCANNER_CONFIG = {
+    enabled: true,
+    categories: {
+        instructionOverride: true,
+        systemLeak: true,
+        jailbreak: true,
+        encodedPayload: true,
+    },
+    minConfidence: 0.5,
+    redactMatches: false,
+};
+/**
+ * Redaction placeholder
+ */
+const REDACTED = '[REDACTED]';
+/**
+ * Maximum recursion depth for encoded payload scanning
+ */
+const MAX_DECODE_DEPTH = 3;
+/**
+ * Decode base64 string safely
+ * @param str - Base64 string to decode
+ * @returns Decoded string or null if invalid
+ */
+function decodeBase64(str) {
+    try {
+        // Normalize padding
+        let normalized = str;
+        while (normalized.length % 4 !== 0) {
+            normalized += '=';
+        }
+        const decoded = atob(normalized);
+        // Only return if it's printable text
+        if (/^[\x20-\x7E\s]+$/.test(decoded)) {
+            return decoded;
+        }
+        return null;
+    }
+    catch {
+        return null;
+    }
+}
+/**
+ * Decode hex escape sequences
+ * @param str - String containing hex escapes
+ * @returns Decoded string or null if invalid
+ */
+function decodeHexEscapes(str) {
+    try {
+        const decoded = str.replace(/\\x([0-9a-fA-F]{2})/g, (_, hex) => String.fromCharCode(parseInt(hex, 16)));
+        if (/^[\x20-\x7E\s]+$/.test(decoded)) {
+            return decoded;
+        }
+        return null;
+    }
+    catch {
+        return null;
+    }
+}
+/**
+ * Decode unicode escape sequences
+ * @param str - String containing unicode escapes
+ * @returns Decoded string or null if invalid
+ */
+function decodeUnicodeEscapes(str) {
+    try {
+        const decoded = str.replace(/\\u([0-9a-fA-F]{4})/g, (_, hex) => String.fromCharCode(parseInt(hex, 16)));
+        if (/^[\x20-\x7E\s]+$/.test(decoded)) {
+            return decoded;
+        }
+        return null;
+    }
+    catch {
+        return null;
+    }
+}
+/**
+ * Decode URL encoded sequences
+ * @param str - URL encoded string
+ * @returns Decoded string or null if invalid
+ */
+function decodeUrlEncoding(str) {
+    try {
+        const decoded = decodeURIComponent(str);
+        if (/^[\x20-\x7E\s]+$/.test(decoded)) {
+            return decoded;
+        }
+        return null;
+    }
+    catch {
+        return null;
+    }
+}
+/**
+ * Extract and decode base64 content from a string
+ * @param content - Content to search for base64
+ * @returns Array of decoded base64 strings
+ */
+function extractBase64Content(content) {
+    const results = [];
+    // Match base64 strings (at least 20 chars)
+    const base64Pattern = /[A-Za-z0-9+/]{20,}={0,2}/g;
+    let match;
+    while ((match = base64Pattern.exec(content)) !== null) {
+        const decoded = decodeBase64(match[0]);
+        if (decoded) {
+            results.push(decoded);
+        }
+    }
+    return results;
+}
+/**
+ * Scan content for injection patterns
+ * @param content - Content to scan
+ * @param config - Scanner configuration
+ * @returns Scan result
+ */
+export function scan(content, config) {
+    const mergedConfig = {
+        ...DEFAULT_SCANNER_CONFIG,
+        ...config,
+        categories: {
+            ...DEFAULT_SCANNER_CONFIG.categories,
+            ...config?.categories,
+        },
+    };
+    // Return early if disabled
+    if (!mergedConfig.enabled) {
+        return {
+            hasInjection: false,
+            matches: [],
+            highestConfidence: 0,
+        };
+    }
+    const matches = [];
+    // Get enabled patterns
+    const enabledPatterns = getEnabledPatterns(mergedConfig.categories);
+    // Scan main content
+    for (const [category, patternDef] of enabledPatterns) {
+        const regex = new RegExp(patternDef.pattern.source, 'gi');
+        let match;
+        while ((match = regex.exec(content)) !== null) {
+            if (patternDef.confidence >= mergedConfig.minConfidence) {
+                matches.push({
+                    category,
+                    pattern: patternDef.pattern.source,
+                    match: match[0],
+                    position: {
+                        start: match.index,
+                        end: match.index + match[0].length,
+                    },
+                    confidence: patternDef.confidence,
+                });
+            }
+        }
+    }
+    // Recursively scan decoded content if encoded payload detection is enabled
+    if (mergedConfig.categories.encodedPayload) {
+        scanEncodedContent(content, matches, mergedConfig, 0);
+    }
+    // Sort matches by position
+    matches.sort((a, b) => a.position.start - b.position.start);
+    // Remove duplicates (same position)
+    const uniqueMatches = matches.filter((match, index, arr) => index === 0 ||
+        match.position.start !== arr[index - 1].position.start ||
+        match.position.end !== arr[index - 1].position.end);
+    const highestConfidence = uniqueMatches.length > 0
+        ? Math.max(...uniqueMatches.map((m) => m.confidence))
+        : 0;
+    const result = {
+        hasInjection: uniqueMatches.length > 0,
+        matches: uniqueMatches,
+        highestConfidence,
+    };
+    // Add sanitized output if redaction is enabled
+    if (mergedConfig.redactMatches && uniqueMatches.length > 0) {
+        result.sanitizedOutput = sanitize(content, uniqueMatches);
+    }
+    return result;
+}
+/**
+ * Scan encoded content recursively
+ * @param content - Content to scan
+ * @param matches - Accumulated matches
+ * @param config - Scanner configuration
+ * @param depth - Current recursion depth
+ */
+function scanEncodedContent(content, matches, config, depth) {
+    if (depth >= MAX_DECODE_DEPTH)
+        return;
+    // Extract and decode base64 content
+    const base64Contents = extractBase64Content(content);
+    for (const decoded of base64Contents) {
+        // Scan decoded content for all patterns (not just encoded)
+        const allPatterns = [
+            ...PATTERNS_BY_CATEGORY['instruction-override'],
+            ...PATTERNS_BY_CATEGORY['system-leak'],
+            ...PATTERNS_BY_CATEGORY.jailbreak,
+        ];
+        for (const patternDef of allPatterns) {
+            const regex = new RegExp(patternDef.pattern.source, 'gi');
+            let match;
+            while ((match = regex.exec(decoded)) !== null) {
+                // Boost confidence for nested encoded content
+                const boostedConfidence = Math.min(patternDef.confidence + 0.1 * (depth + 1), 1.0);
+                if (boostedConfidence >= config.minConfidence) {
+                    matches.push({
+                        category: 'encoded-payload',
+                        pattern: `encoded(${patternDef.pattern.source})`,
+                        match: `[decoded] ${match[0]}`,
+                        position: { start: -1, end: -1 }, // Position unknown for decoded content
+                        confidence: boostedConfidence,
+                    });
+                }
+            }
+        }
+        // Recurse for nested encodings
+        scanEncodedContent(decoded, matches, config, depth + 1);
+    }
+    // Try decoding hex escapes
+    const hexPattern = /\\x[0-9a-fA-F]{2}(?:\\x[0-9a-fA-F]{2})+/g;
+    let hexMatch;
+    while ((hexMatch = hexPattern.exec(content)) !== null) {
+        const decoded = decodeHexEscapes(hexMatch[0]);
+        if (decoded) {
+            scanDecodedForInjections(decoded, matches, config, depth);
+        }
+    }
+    // Try decoding unicode escapes
+    const unicodePattern = /\\u[0-9a-fA-F]{4}(?:\\u[0-9a-fA-F]{4})+/g;
+    let unicodeMatch;
+    while ((unicodeMatch = unicodePattern.exec(content)) !== null) {
+        const decoded = decodeUnicodeEscapes(unicodeMatch[0]);
+        if (decoded) {
+            scanDecodedForInjections(decoded, matches, config, depth);
+        }
+    }
+    // Try URL decoding
+    const urlPattern = /%[0-9a-fA-F]{2}(?:%[0-9a-fA-F]{2})+/g;
+    let urlMatch;
+    while ((urlMatch = urlPattern.exec(content)) !== null) {
+        const decoded = decodeUrlEncoding(urlMatch[0]);
+        if (decoded) {
+            scanDecodedForInjections(decoded, matches, config, depth);
+        }
+    }
+}
+/**
+ * Scan decoded content for injection patterns
+ * @param decoded - Decoded content
+ * @param matches - Accumulated matches
+ * @param config - Scanner configuration
+ * @param depth - Current recursion depth
+ */
+function scanDecodedForInjections(decoded, matches, config, depth) {
+    const allPatterns = [
+        ...PATTERNS_BY_CATEGORY['instruction-override'],
+        ...PATTERNS_BY_CATEGORY['system-leak'],
+        ...PATTERNS_BY_CATEGORY.jailbreak,
+    ];
+    for (const patternDef of allPatterns) {
+        const regex = new RegExp(patternDef.pattern.source, 'gi');
+        let match;
+        while ((match = regex.exec(decoded)) !== null) {
+            const boostedConfidence = Math.min(patternDef.confidence + 0.1 * (depth + 1), 1.0);
+            if (boostedConfidence >= config.minConfidence) {
+                matches.push({
+                    category: 'encoded-payload',
+                    pattern: `encoded(${patternDef.pattern.source})`,
+                    match: `[decoded] ${match[0]}`,
+                    position: { start: -1, end: -1 },
+                    confidence: boostedConfidence,
+                });
+            }
+        }
+    }
+    // Recurse if depth allows
+    if (depth < MAX_DECODE_DEPTH) {
+        scanEncodedContent(decoded, matches, config, depth + 1);
+    }
+}
+/**
+ * Sanitize content by redacting matched injections
+ * @param content - Original content
+ * @param matches - Detected injection matches
+ * @returns Sanitized content with redactions
+ */
+export function sanitize(content, matches) {
+    if (matches.length === 0)
+        return content;
+    // Filter to matches with valid positions
+    const validMatches = matches.filter((m) => m.position.start >= 0 && m.position.end > m.position.start);
+    if (validMatches.length === 0)
+        return content;
+    // Sort by position descending to replace from end to start
+    const sortedMatches = [...validMatches].sort((a, b) => b.position.start - a.position.start);
+    let result = content;
+    for (const match of sortedMatches) {
+        const before = result.slice(0, match.position.start);
+        const after = result.slice(match.position.end);
+        result = before + REDACTED + after;
+    }
+    return result;
+}
+/**
+ * Create a scanner instance with preset configuration
+ * @param config - Scanner configuration
+ * @returns Scanner function
+ */
+export function createScanner(config) {
+    const mergedConfig = {
+        ...DEFAULT_SCANNER_CONFIG,
+        ...config,
+        categories: {
+            ...DEFAULT_SCANNER_CONFIG.categories,
+            ...config?.categories,
+        },
+    };
+    return (content) => scan(content, mergedConfig);
+}
+//# sourceMappingURL=scanner.js.map

package/dist/src/sanitization/scanner.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"scanner.js","sourceRoot":"","sources":["../../../src/sanitization/scanner.ts"],"names":[],"mappings":"AAAA;;GAEG;AAGH,OAAO,EAAE,kBAAkB,EAAE,oBAAoB,EAAE,MAAM,eAAe,CAAC;AAEzE;;GAEG;AACH,MAAM,CAAC,MAAM,sBAAsB,GAAkB;IACnD,OAAO,EAAE,IAAI;IACb,UAAU,EAAE;QACV,mBAAmB,EAAE,IAAI;QACzB,UAAU,EAAE,IAAI;QAChB,SAAS,EAAE,IAAI;QACf,cAAc,EAAE,IAAI;KACrB;IACD,aAAa,EAAE,GAAG;IAClB,aAAa,EAAE,KAAK;CACrB,CAAC;AAEF;;GAEG;AACH,MAAM,QAAQ,GAAG,YAAY,CAAC;AAE9B;;GAEG;AACH,MAAM,gBAAgB,GAAG,CAAC,CAAC;AAE3B;;;;GAIG;AACH,SAAS,YAAY,CAAC,GAAW;IAC/B,IAAI,CAAC;QACH,oBAAoB;QACpB,IAAI,UAAU,GAAG,GAAG,CAAC;QACrB,OAAO,UAAU,CAAC,MAAM,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;YACnC,UAAU,IAAI,GAAG,CAAC;QACpB,CAAC;QACD,MAAM,OAAO,GAAG,IAAI,CAAC,UAAU,CAAC,CAAC;QACjC,qCAAqC;QACrC,IAAI,kBAAkB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YACrC,OAAO,OAAO,CAAC;QACjB,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,SAAS,gBAAgB,CAAC,GAAW;IACnC,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,GAAG,CAAC,OAAO,CAAC,sBAAsB,EAAE,CAAC,CAAC,EAAE,GAAG,EAAE,EAAE,CAC7D,MAAM,CAAC,YAAY,CAAC,QAAQ,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,CACvC,CAAC;QACF,IAAI,kBAAkB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YACrC,OAAO,OAAO,CAAC;QACjB,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,SAAS,oBAAoB,CAAC,GAAW;IACvC,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,GAAG,CAAC,OAAO,CAAC,sBAAsB,EAAE,CAAC,CAAC,EAAE,GAAG,EAAE,EAAE,CAC7D,MAAM,CAAC,YAAY,CAAC,QAAQ,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,CACvC,CAAC;QACF,IAAI,kBAAkB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YACrC,OAAO,OAAO,CAAC;QACjB,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,SAAS,iBAAiB,CAAC,GAAW;IACpC,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,kBAAkB,CAAC,GAAG,CAAC,CAAC;QACxC,IAAI,kBAAkB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YACrC,OAAO,OAAO,CAAC;QACjB,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,SAAS,oBAAoB,CAAC,OAAe;IAC3C,MAAM,OAAO,GAAa,EAAE,CAAC;IAC7B,2CAA2C;IAC3C,MAAM,aAAa,GAAG,2BAA2B,CAAC;IAClD,IAAI,KAAK,CAAC;IACV,OAAO,CAAC,KAAK,GAAG,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QACtD,MAAM,OAAO,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QACvC,IAAI,OAAO,EAAE,CAAC;YACZ,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACxB,CAAC;IACH,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,IAAI,CAClB,OAAe,EACf,MAA+B;IAE/B,MAAM,YAAY,GAAkB;QAClC,GAAG,sBAAsB;QACzB,GAAG,MAAM;QACT,UAAU,EAAE;YACV,GAAG,sBAAsB,CAAC,UAAU;YACpC,GAAG,MAAM,EAAE,UAAU;SACtB;KACF,CAAC;IAEF,2BAA2B;IAC3B,IAAI,CAAC,YAAY,CAAC,OAAO,EAAE,CAAC;QAC1B,OAAO;YACL,YAAY,EAAE,KAAK;YACnB,OAAO,EAAE,EAAE;YACX,iBAAiB,EAAE,CAAC;SACrB,CAAC;IACJ,CAAC;IAED,MAAM,OAAO,GAAqB,EAAE,CAAC;IAErC,uBAAuB;IACvB,MAAM,eAAe,GAAG,kBAAkB,CAAC,YAAY,CAAC,UAAU,CAAC,CAAC;IAEpE,oBAAoB;IACpB,KAAK,MAAM,CAAC,QAAQ,EAAE,UAAU,CAAC,IAAI,eAAe,EAAE,CAAC;QACrD,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,UAAU,CAAC,OAAO,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;QAC1D,IAAI,KAAK,CAAC;QACV,OAAO,CAAC,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YAC9C,IAAI,UAAU,CAAC,UAAU,IAAI,YAAY,CAAC,aAAa,EAAE,CAAC;gBACxD,OAAO,CAAC,IAAI,CAAC;oBACX,QAAQ;oBACR,OAAO,EAAE,UAAU,CAAC,OAAO,CAAC,MAAM;oBAClC,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC;oBACf,QAAQ,EAAE;wBACR,KAAK,EAAE,KAAK,CAAC,KAAK;wBAClB,GAAG,EAAE,KAAK,CAAC,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM;qBACnC;oBACD,UAAU,EAAE,UAAU,CAAC,UAAU;iBAClC,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,2EAA2E;IAC3E,IAAI,YAAY,CAAC,UAAU,CAAC,cAAc,EAAE,CAAC;QAC3C,kBAAkB,CAAC,OAAO,EAAE,OAAO,EAAE,YAAY,EAAE,CAAC,CAAC,CAAC;IACxD,CAAC;IAED,2BAA2B;IAC3B,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,GAAG,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IAE5D,oCAAoC;IACpC,MAAM,aAAa,GAAG,OAAO,CAAC,MAAM,CAClC,CAAC,KAAK,EAAE,KAAK,EAAE,GAAG,EAAE,EAAE,CACpB,KAAK,KAAK,CAAC;QACX,KAAK,CAAC,QAAQ,CAAC,KAAK,KAAK,GAAG,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK;QACtD,KAAK,CAAC,QAAQ,CAAC,GAAG,KAAK,GAAG,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,CACrD,CAAC;IAEF,MAAM,iBAAiB,GACrB,aAAa,CAAC,MAAM,GAAG,CAAC;QACtB,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC;QACrD,CAAC,CAAC,CAAC,CAAC;IAER,MAAM,MAAM,GAAe;QACzB,YAAY,EAAE,aAAa,CAAC,MAAM,GAAG,CAAC;QACtC,OAAO,EAAE,aAAa;QACtB,iBAAiB;KAClB,CAAC;IAEF,+CAA+C;IAC/C,IAAI,YAAY,CAAC,aAAa,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC3D,MAAM,CAAC,eAAe,GAAG,QAAQ,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;IAC5D,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;;;GAMG;AACH,SAAS,kBAAkB,CACzB,OAAe,EACf,OAAyB,EACzB,MAAqB,EACrB,KAAa;IAEb,IAAI,KAAK,IAAI,gBAAgB;QAAE,OAAO;IAEtC,oCAAoC;IACpC,MAAM,cAAc,GAAG,oBAAoB,CAAC,OAAO,CAAC,CAAC;IACrD,KAAK,MAAM,OAAO,IAAI,cAAc,EAAE,CAAC;QACrC,2DAA2D;QAC3D,MAAM,WAAW,GAAG;YAClB,GAAG,oBAAoB,CAAC,sBAAsB,CAAC;YAC/C,GAAG,oBAAoB,CAAC,aAAa,CAAC;YACtC,GAAG,oBAAoB,CAAC,SAAS;SAClC,CAAC;QAEF,KAAK,MAAM,UAAU,IAAI,WAAW,EAAE,CAAC;YACrC,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,UAAU,CAAC,OAAO,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;YAC1D,IAAI,KAAK,CAAC;YACV,OAAO,CAAC,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;gBAC9C,8CAA8C;gBAC9C,MAAM,iBAAiB,GAAG,IAAI,CAAC,GAAG,CAChC,UAAU,CAAC,UAAU,GAAG,GAAG,GAAG,CAAC,KAAK,GAAG,CAAC,CAAC,EACzC,GAAG,CACJ,CAAC;gBACF,IAAI,iBAAiB,IAAI,MAAM,CAAC,aAAa,EAAE,CAAC;oBAC9C,OAAO,CAAC,IAAI,CAAC;wBACX,QAAQ,EAAE,iBAAiB;wBAC3B,OAAO,EAAE,WAAW,UAAU,CAAC,OAAO,CAAC,MAAM,GAAG;wBAChD,KAAK,EAAE,aAAa,KAAK,CAAC,CAAC,CAAC,EAAE;wBAC9B,QAAQ,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC,EAAE,EAAE,uCAAuC;wBACzE,UAAU,EAAE,iBAAiB;qBAC9B,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;QAED,+BAA+B;QAC/B,kBAAkB,CAAC,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,GAAG,CAAC,CAAC,CAAC;IAC1D,CAAC;IAED,2BAA2B;IAC3B,MAAM,UAAU,GAAG,0CAA0C,CAAC;IAC9D,IAAI,QAAQ,CAAC;IACb,OAAO,CAAC,QAAQ,GAAG,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QACtD,MAAM,OAAO,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;QAC9C,IAAI,OAAO,EAAE,CAAC;YACZ,wBAAwB,CAAC,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC;QAC5D,CAAC;IACH,CAAC;IAED,+BAA+B;IAC/B,MAAM,cAAc,GAAG,0CAA0C,CAAC;IAClE,IAAI,YAAY,CAAC;IACjB,OAAO,CAAC,YAAY,GAAG,cAAc,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QAC9D,MAAM,OAAO,GAAG,oBAAoB,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC;QACtD,IAAI,OAAO,EAAE,CAAC;YACZ,wBAAwB,CAAC,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC;QAC5D,CAAC;IACH,CAAC;IAED,mBAAmB;IACnB,MAAM,UAAU,GAAG,sCAAsC,CAAC;IAC1D,IAAI,QAAQ,CAAC;IACb,OAAO,CAAC,QAAQ,GAAG,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QACtD,MAAM,OAAO,GAAG,iBAAiB,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;QAC/C,IAAI,OAAO,EAAE,CAAC;YACZ,wBAAwB,CAAC,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC;QAC5D,CAAC;IACH,CAAC;AACH,CAAC;AAED;;;;;;GAMG;AACH,SAAS,wBAAwB,CAC/B,OAAe,EACf,OAAyB,EACzB,MAAqB,EACrB,KAAa;IAEb,MAAM,WAAW,GAAG;QAClB,GAAG,oBAAoB,CAAC,sBAAsB,CAAC;QAC/C,GAAG,oBAAoB,CAAC,aAAa,CAAC;QACtC,GAAG,oBAAoB,CAAC,SAAS;KAClC,CAAC;IAEF,KAAK,MAAM,UAAU,IAAI,WAAW,EAAE,CAAC;QACrC,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,UAAU,CAAC,OAAO,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;QAC1D,IAAI,KAAK,CAAC;QACV,OAAO,CAAC,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YAC9C,MAAM,iBAAiB,GAAG,IAAI,CAAC,GAAG,CAChC,UAAU,CAAC,UAAU,GAAG,GAAG,GAAG,CAAC,KAAK,GAAG,CAAC,CAAC,EACzC,GAAG,CACJ,CAAC;YACF,IAAI,iBAAiB,IAAI,MAAM,CAAC,aAAa,EAAE,CAAC;gBAC9C,OAAO,CAAC,IAAI,CAAC;oBACX,QAAQ,EAAE,iBAAiB;oBAC3B,OAAO,EAAE,WAAW,UAAU,CAAC,OAAO,CAAC,MAAM,GAAG;oBAChD,KAAK,EAAE,aAAa,KAAK,CAAC,CAAC,CAAC,EAAE;oBAC9B,QAAQ,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC,EAAE;oBAChC,UAAU,EAAE,iBAAiB;iBAC9B,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,0BAA0B;IAC1B,IAAI,KAAK,GAAG,gBAAgB,EAAE,CAAC;QAC7B,kBAAkB,CAAC,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,GAAG,CAAC,CAAC,CAAC;IAC1D,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,QAAQ,CAAC,OAAe,EAAE,OAAyB;IACjE,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,OAAO,CAAC;IAEzC,yCAAyC;IACzC,MAAM,YAAY,GAAG,OAAO,CAAC,MAAM,CACjC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,IAAI,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,GAAG,GAAG,CAAC,CAAC,QAAQ,CAAC,KAAK,CAClE,CAAC;IAEF,IAAI,YAAY,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,OAAO,CAAC;IAE9C,2DAA2D;IAC3D,MAAM,aAAa,GAAG,CAAC,GAAG,YAAY,CAAC,CAAC,IAAI,CAC1C,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,GAAG,CAAC,CAAC,QAAQ,CAAC,KAAK,CAC9C,CAAC;IAEF,IAAI,MAAM,GAAG,OAAO,CAAC;IACrB,KAAK,MAAM,KAAK,IAAI,aAAa,EAAE,CAAC;QAClC,MAAM,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;QACrD,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;QAC/C,MAAM,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;IACrC,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,aAAa,CAC3B,MAA+B;IAE/B,MAAM,YAAY,GAAkB;QAClC,GAAG,sBAAsB;QACzB,GAAG,MAAM;QACT,UAAU,EAAE;YACV,GAAG,sBAAsB,CAAC,UAAU;YACpC,GAAG,MAAM,EAAE,UAAU;SACtB;KACF,CAAC;IAEF,OAAO,CAAC,OAAe,EAAE,EAAE,CAAC,IAAI,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;AAC1D,CAAC"}

package/dist/src/sanitization/types.d.ts ADDED Viewed

@@ -0,0 +1,57 @@
+/**
+ * Type definitions for prompt injection scanner
+ */
+/**
+ * Categories of prompt injection attacks
+ */
+export type InjectionCategory = 'instruction-override' | 'system-leak' | 'jailbreak' | 'encoded-payload';
+/**
+ * Represents a matched injection pattern
+ */
+export interface InjectionMatch {
+    /** Category of the detected injection */
+    category: InjectionCategory;
+    /** The pattern that matched */
+    pattern: string;
+    /** The actual matched content */
+    match: string;
+    /** Position of the match in the content */
+    position: {
+        start: number;
+        end: number;
+    };
+    /** Confidence score (0.0 - 1.0) */
+    confidence: number;
+}
+/**
+ * Result of scanning content for prompt injections
+ */
+export interface ScanResult {
+    /** Whether any injection was detected */
+    hasInjection: boolean;
+    /** All detected injection matches */
+    matches: InjectionMatch[];
+    /** Highest confidence score among all matches */
+    highestConfidence: number;
+    /** Content with matches redacted (if redaction enabled) */
+    sanitizedOutput?: string;
+}
+/**
+ * Configuration for the scanner
+ */
+export interface ScannerConfig {
+    /** Whether scanning is enabled */
+    enabled: boolean;
+    /** Which categories to scan for */
+    categories: {
+        instructionOverride: boolean;
+        systemLeak: boolean;
+        jailbreak: boolean;
+        encodedPayload: boolean;
+    };
+    /** Minimum confidence threshold to report a match */
+    minConfidence: number;
+    /** Whether to redact matches in sanitizedOutput */
+    redactMatches: boolean;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/src/sanitization/types.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/sanitization/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH;;GAEG;AACH,MAAM,MAAM,iBAAiB,GACzB,sBAAsB,GACtB,aAAa,GACb,WAAW,GACX,iBAAiB,CAAC;AAEtB;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,yCAAyC;IACzC,QAAQ,EAAE,iBAAiB,CAAC;IAC5B,+BAA+B;IAC/B,OAAO,EAAE,MAAM,CAAC;IAChB,iCAAiC;IACjC,KAAK,EAAE,MAAM,CAAC;IACd,2CAA2C;IAC3C,QAAQ,EAAE;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,GAAG,EAAE,MAAM,CAAA;KAAE,CAAC;IACzC,mCAAmC;IACnC,UAAU,EAAE,MAAM,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,yCAAyC;IACzC,YAAY,EAAE,OAAO,CAAC;IACtB,qCAAqC;IACrC,OAAO,EAAE,cAAc,EAAE,CAAC;IAC1B,iDAAiD;IACjD,iBAAiB,EAAE,MAAM,CAAC;IAC1B,2DAA2D;IAC3D,eAAe,CAAC,EAAE,MAAM,CAAC;CAC1B;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,kCAAkC;IAClC,OAAO,EAAE,OAAO,CAAC;IACjB,mCAAmC;IACnC,UAAU,EAAE;QACV,mBAAmB,EAAE,OAAO,CAAC;QAC7B,UAAU,EAAE,OAAO,CAAC;QACpB,SAAS,EAAE,OAAO,CAAC;QACnB,cAAc,EAAE,OAAO,CAAC;KACzB,CAAC;IACF,qDAAqD;IACrD,aAAa,EAAE,MAAM,CAAC;IACtB,mDAAmD;IACnD,aAAa,EAAE,OAAO,CAAC;CACxB"}

package/dist/src/sanitization/types.js ADDED Viewed

@@ -0,0 +1,5 @@
+/**
+ * Type definitions for prompt injection scanner
+ */
+export {};
+//# sourceMappingURL=types.js.map

package/dist/src/sanitization/types.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"types.js","sourceRoot":"","sources":["../../../src/sanitization/types.ts"],"names":[],"mappings":"AAAA;;GAEG"}

package/openclaw.plugin.json ADDED Viewed

@@ -0,0 +1,114 @@
+{
+  "$schema": "https://openclaw.ai/schemas/plugin.json",
+  "id": "clawsec",
+  "name": "Clawsec Security Plugin",
+  "version": "1.0.0",
+  "kind": "security",
+  "description": "Comprehensive security plugin for OpenClaw.ai that prevents AI agents from taking dangerous actions. Provides purchase protection, website control, destructive command prevention, and sensitive data filtering.",
+  "author": "Clawsec Team",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/clawsec/clawsec"
+  },
+  "keywords": [
+    "security",
+    "ai-safety",
+    "protection",
+    "purchase-protection",
+    "destructive-commands",
+    "data-filtering"
+  ],
+  "engines": {
+    "openclaw": ">=1.0.0",
+    "node": ">=18.0.0"
+  },
+  "main": "dist/src/index.js",
+  "types": "dist/src/index.d.ts",
+  "configSchema": {
+    "type": "object",
+    "properties": {
+      "configPath": {
+        "type": "string",
+        "default": "./clawsec.yaml",
+        "description": "Path to the Clawsec YAML configuration file"
+      },
+      "enabled": {
+        "type": "boolean",
+        "default": true,
+        "description": "Whether the security plugin is enabled"
+      },
+      "logLevel": {
+        "type": "string",
+        "enum": ["debug", "info", "warn", "error"],
+        "default": "info",
+        "description": "Logging verbosity level"
+      }
+    },
+    "additionalProperties": false
+  },
+  "uiHints": {
+    "configPath": {
+      "label": "Configuration File",
+      "helpText": "Path to clawsec.yaml configuration file"
+    },
+    "enabled": {
+      "label": "Enable Plugin",
+      "helpText": "Toggle the security plugin on or off"
+    },
+    "logLevel": {
+      "label": "Log Level",
+      "helpText": "Set logging verbosity (debug, info, warn, error)"
+    }
+  },
+  "hooks": {
+    "before-tool-call": {
+      "id": "clawsec-before-tool-call",
+      "description": "Intercepts tool calls to detect and block dangerous actions before execution",
+      "priority": 100,
+      "handler": "dist/index.js:beforeToolCallHandler"
+    },
+    "before-agent-start": {
+      "id": "clawsec-before-agent-start",
+      "description": "Injects security context and reminders into the agent's system prompt",
+      "priority": 50,
+      "handler": "dist/index.js:beforeAgentStartHandler"
+    },
+    "tool-result-persist": {
+      "id": "clawsec-tool-result-persist",
+      "description": "Filters sensitive data from tool outputs before persisting to conversation history",
+      "priority": 100,
+      "handler": "dist/index.js:toolResultPersistHandler"
+    }
+  },
+  "configuration": {
+    "externalConfigFile": {
+      "format": "yaml",
+      "filename": "clawsec.yaml",
+      "schemaRef": "./schemas/clawsec-config.schema.json"
+    }
+  },
+  "capabilities": {
+    "requiresApprovalAPI": true,
+    "requiresLogging": true,
+    "requiresConversationAccess": false,
+    "requiresNetworkAccess": false
+  },
+  "categories": [
+    "security",
+    "safety",
+    "compliance"
+  ],
+  "permissions": [
+    "hook:before-tool-call",
+    "hook:before-agent-start",
+    "hook:tool-result-persist",
+    "api:approval",
+    "api:logging"
+  ],
+  "documentation": {
+    "readme": "README.md",
+    "changelog": "CHANGELOG.md",
+    "configuration": "docs/configuration.md"
+  }
+}

package/package.json ADDED Viewed

@@ -0,0 +1,63 @@
+{
+  "name": "clawsec",
+  "version": "0.0.1",
+  "description": "Security plugin for OpenClaw.ai - prevents AI agents from taking dangerous actions",
+  "main": "dist/src/index.js",
+  "types": "dist/src/index.d.ts",
+  "type": "module",
+  "scripts": {
+    "build": "tsc",
+    "dev": "tsc --watch",
+    "test": "vitest run",
+    "test:watch": "vitest",
+    "test:coverage": "vitest run --coverage",
+    "lint": "eslint src --ext .ts",
+    "lint:fix": "eslint src --ext .ts --fix",
+    "clean": "rm -rf dist",
+    "prepublishOnly": "npm run build"
+  },
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/clawdsec/clawsec.git"
+  },
+  "homepage": "https://github.com/clawdsec/clawsec#readme",
+  "bugs": {
+    "url": "https://github.com/clawdsec/clawsec/issues"
+  },
+  "keywords": [
+    "openclaw",
+    "security",
+    "ai-safety",
+    "plugin"
+  ],
+  "author": "Clawsec Team",
+  "license": "MIT",
+  "openclaw": {
+    "extensions": ["./dist/src/index.js"]
+  },
+  "engines": {
+    "node": ">=18.0.0"
+  },
+  "bin": {
+    "clawsec": "./dist/bin/clawsec.js"
+  },
+  "files": [
+    "dist",
+    "rules",
+    "openclaw.plugin.json"
+  ],
+  "dependencies": {
+    "yaml": "^2.8.2",
+    "zod": "^4.3.6"
+  },
+  "devDependencies": {
+    "@eslint/js": "^9.39.2",
+    "@types/node": "^25.2.0",
+    "@typescript-eslint/eslint-plugin": "^8.54.0",
+    "@typescript-eslint/parser": "^8.54.0",
+    "eslint": "^9.39.2",
+    "typescript": "^5.9.3",
+    "typescript-eslint": "^8.54.0",
+    "vitest": "^4.0.18"
+  }
+}