erosolar-cli 1.5.2 → 1.5.4

package/dist/security/simulation/attackSimulation.js

@@ -0,0 +1,341 @@
+/**
+ * Attack Simulation Engine
+ *
+ * Provides attack simulation capabilities for authorized security testing
+ * and red team exercises.
+ *
+ * LEGAL NOTICE:
+ * For authorized security research, penetration testing, and red team exercises only.
+ */
+/**
+ * Attack Simulation Engine
+ */
+export class AttackSimulationEngine {
+    attackTemplates;
+    constructor() {
+        this.attackTemplates = new Map();
+        this.initializeAttackTemplates();
+    }
+    /**
+     * Simulate attack scenario
+     */
+    async simulateAttack(request) {
+        const template = this.attackTemplates.get(request.attackType);
+        if (!template) {
+            throw new Error(`Attack type not supported: ${request.attackType}`);
+        }
+        const steps = this.generateAttackSteps(template, request.stealthLevel);
+        const successProbability = this.calculateSuccessProbability(template, request.stealthLevel);
+        const detectionProbability = this.calculateDetectionProbability(template, request.stealthLevel);
+        const impactAssessment = this.generateImpactAssessment(template);
+        const recommendations = this.generateAttackRecommendations(template);
+        return {
+            attackType: request.attackType,
+            target: request.target,
+            stealthLevel: request.stealthLevel,
+            steps,
+            successProbability,
+            detectionProbability,
+            impactAssessment,
+            recommendations
+        };
+    }
+    /**
+     * Generate payloads for security testing
+     */
+    async generatePayloads(request) {
+        const payloads = this.generatePayloadsByType(request.payloadType, request.count);
+        const usageInstructions = this.generateUsageInstructions(request.payloadType);
+        const detectionMethods = this.generateDetectionMethods(request.payloadType);
+        return {
+            payloadType: request.payloadType,
+            target: request.target,
+            count: request.count,
+            payloads,
+            usageInstructions,
+            detectionMethods
+        };
+    }
+    /**
+     * Get available attack types
+     */
+    getAvailableAttackTypes() {
+        return Array.from(this.attackTemplates.keys());
+    }
+    /**
+     * Generate attack steps based on template and stealth level
+     */
+    generateAttackSteps(template, stealthLevel) {
+        const steps = [...template.baseSteps];
+        // Add stealth-specific steps
+        if (stealthLevel >= 4) {
+            steps.push('Implement traffic obfuscation', 'Use encrypted communication channels');
+        }
+        if (stealthLevel >= 5) {
+            steps.push('Employ anti-forensics techniques', 'Use memory-only execution');
+        }
+        return steps;
+    }
+    /**
+     * Calculate success probability
+     */
+    calculateSuccessProbability(template, stealthLevel) {
+        let probability = template.baseSuccessProbability;
+        // Adjust based on stealth level
+        if (stealthLevel >= 4) {
+            probability *= 0.8; // Higher stealth often reduces success probability
+        }
+        else if (stealthLevel <= 2) {
+            probability *= 1.2; // Lower stealth may increase success but also detection
+        }
+        return Math.min(1.0, Math.max(0.1, probability));
+    }
+    /**
+     * Calculate detection probability
+     */
+    calculateDetectionProbability(template, stealthLevel) {
+        let probability = template.baseDetectionProbability;
+        // Adjust based on stealth level
+        if (stealthLevel >= 4) {
+            probability *= 0.3;
+        }
+        else if (stealthLevel >= 3) {
+            probability *= 0.6;
+        }
+        else if (stealthLevel <= 1) {
+            probability *= 1.5;
+        }
+        return Math.min(1.0, Math.max(0.05, probability));
+    }
+    /**
+     * Generate impact assessment
+     */
+    generateImpactAssessment(template) {
+        return template.impactAssessment;
+    }
+    /**
+     * Generate attack recommendations
+     */
+    generateAttackRecommendations(template) {
+        return [
+            ...template.defenseRecommendations,
+            'Implement proper monitoring and alerting',
+            'Conduct regular security assessments',
+            'Keep systems and applications updated'
+        ];
+    }
+    /**
+     * Generate payloads by type
+     */
+    generatePayloadsByType(payloadType, count) {
+        const payloadGenerators = {
+            'sql_injection': () => [
+                "' OR '1'='1",
+                "'; DROP TABLE users; --",
+                "' UNION SELECT username, password FROM users --",
+                "' AND 1=1 --",
+                "'; EXEC xp_cmdshell('dir') --"
+            ],
+            'xss': () => [
+                "<script>alert('XSS')</script>",
+                "<img src=x onerror=alert('XSS')>",
+                "javascript:alert('XSS')",
+                "<svg onload=alert('XSS')>",
+                "<body onload=alert('XSS')>"
+            ],
+            'command_injection': () => [
+                "; ls -la",
+                "| cat /etc/passwd",
+                "&& whoami",
+                "`id`",
+                "$(uname -a)"
+            ],
+            'file_upload': () => [
+                "shell.php",
+                "test.jpg.php",
+                ".htaccess",
+                "web.config",
+                "test.asp;.jpg"
+            ],
+            'authentication_bypass': () => [
+                "admin' --",
+                "' OR '1'='1' --",
+                "admin'/*",
+                "'='",
+                "' OR 1=1 --"
+            ]
+        };
+        const generator = payloadGenerators[payloadType];
+        if (!generator) {
+            return [`No payload generator for type: ${payloadType}`];
+        }
+        return generator().slice(0, count);
+    }
+    /**
+     * Generate usage instructions
+     */
+    generateUsageInstructions(payloadType) {
+        const instructions = {
+            'sql_injection': 'Inject payloads into SQL query parameters to test for injection vulnerabilities',
+            'xss': 'Inject payloads into user input fields to test for cross-site scripting vulnerabilities',
+            'command_injection': 'Inject payloads into command execution parameters to test for command injection',
+            'file_upload': 'Attempt to upload files with these names to test for file upload vulnerabilities',
+            'authentication_bypass': 'Use these payloads in login fields to test for authentication bypass'
+        };
+        return instructions[payloadType] || 'Use payloads in appropriate input fields for testing';
+    }
+    /**
+     * Generate detection methods
+     */
+    generateDetectionMethods(payloadType) {
+        const detectionMethods = {
+            'sql_injection': [
+                'Monitor for unusual SQL query patterns',
+                'Check for SQL keywords in user input',
+                'Implement WAF with SQL injection rules',
+                'Use parameterized queries'
+            ],
+            'xss': [
+                'Monitor for script tags in user input',
+                'Check for JavaScript execution in output',
+                'Implement content security policy',
+                'Use proper input sanitization'
+            ],
+            'command_injection': [
+                'Monitor for shell command patterns',
+                'Check for command separators in input',
+                'Implement command whitelisting',
+                'Use safe command execution APIs'
+            ],
+            'file_upload': [
+                'Validate file types and extensions',
+                'Scan uploaded files for malware',
+                'Restrict upload directories',
+                'Implement file type verification'
+            ],
+            'authentication_bypass': [
+                'Monitor for SQL injection in login attempts',
+                'Check for unusual authentication patterns',
+                'Implement rate limiting',
+                'Use strong authentication mechanisms'
+            ]
+        };
+        return detectionMethods[payloadType] || ['Implement general input validation and monitoring'];
+    }
+    /**
+     * Initialize attack templates
+     */
+    initializeAttackTemplates() {
+        const templates = [
+            {
+                id: 'web_application',
+                name: 'Web Application Attack',
+                baseSteps: [
+                    'Reconnaissance and fingerprinting',
+                    'Identify application endpoints',
+                    'Test for input validation vulnerabilities',
+                    'Attempt injection attacks',
+                    'Test authentication mechanisms',
+                    'Check for information disclosure'
+                ],
+                baseSuccessProbability: 0.7,
+                baseDetectionProbability: 0.4,
+                impactAssessment: 'Potential data exposure, unauthorized access, and application compromise',
+                defenseRecommendations: [
+                    'Implement proper input validation',
+                    'Use secure authentication mechanisms',
+                    'Enable security headers',
+                    'Conduct regular security testing'
+                ]
+            },
+            {
+                id: 'authentication',
+                name: 'Authentication Attack',
+                baseSteps: [
+                    'Identify authentication endpoints',
+                    'Test for weak credentials',
+                    'Attempt brute force attacks',
+                    'Test for session management flaws',
+                    'Check for authentication bypass',
+                    'Test multi-factor authentication'
+                ],
+                baseSuccessProbability: 0.6,
+                baseDetectionProbability: 0.5,
+                impactAssessment: 'Unauthorized system access and potential data breach',
+                defenseRecommendations: [
+                    'Implement strong password policies',
+                    'Enable multi-factor authentication',
+                    'Use secure session management',
+                    'Implement account lockout mechanisms'
+                ]
+            },
+            {
+                id: 'injection',
+                name: 'Injection Attack',
+                baseSteps: [
+                    'Identify injection points',
+                    'Test for SQL injection vulnerabilities',
+                    'Test for command injection',
+                    'Test for LDAP injection',
+                    'Test for XML injection',
+                    'Validate input sanitization'
+                ],
+                baseSuccessProbability: 0.8,
+                baseDetectionProbability: 0.3,
+                impactAssessment: 'Data manipulation, system compromise, and information disclosure',
+                defenseRecommendations: [
+                    'Use parameterized queries',
+                    'Implement input validation',
+                    'Use prepared statements',
+                    'Enable proper error handling'
+                ]
+            },
+            {
+                id: 'persistence',
+                name: 'Persistence Attack',
+                baseSteps: [
+                    'Gain initial access',
+                    'Establish persistence mechanisms',
+                    'Create backdoor accounts',
+                    'Modify system configurations',
+                    'Install persistence malware',
+                    'Test detection evasion'
+                ],
+                baseSuccessProbability: 0.5,
+                baseDetectionProbability: 0.6,
+                impactAssessment: 'Long-term unauthorized access and system control',
+                defenseRecommendations: [
+                    'Monitor for unauthorized changes',
+                    'Implement file integrity monitoring',
+                    'Use application whitelisting',
+                    'Conduct regular system audits'
+                ]
+            },
+            {
+                id: 'privilege_escalation',
+                name: 'Privilege Escalation Attack',
+                baseSteps: [
+                    'Identify privilege levels',
+                    'Test for misconfigured permissions',
+                    'Exploit vulnerable services',
+                    'Use privilege escalation techniques',
+                    'Access restricted resources',
+                    'Maintain elevated privileges'
+                ],
+                baseSuccessProbability: 0.4,
+                baseDetectionProbability: 0.7,
+                impactAssessment: 'Unauthorized privilege access and system control',
+                defenseRecommendations: [
+                    'Implement least privilege principle',
+                    'Regularly review user permissions',
+                    'Patch known vulnerabilities',
+                    'Monitor for privilege escalation attempts'
+                ]
+            }
+        ];
+        for (const template of templates) {
+            this.attackTemplates.set(template.id, template);
+        }
+    }
+}
+//# sourceMappingURL=attackSimulation.js.map

package/dist/security/simulation/attackSimulation.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"attackSimulation.js","sourceRoot":"","sources":["../../../src/security/simulation/attackSimulation.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAkCH;;GAEG;AACH,MAAM,OAAO,sBAAsB;IACzB,eAAe,CAA8B;IAErD;QACE,IAAI,CAAC,eAAe,GAAG,IAAI,GAAG,EAAE,CAAC;QACjC,IAAI,CAAC,yBAAyB,EAAE,CAAC;IACnC,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,cAAc,CAAC,OAAgC;QACnD,MAAM,QAAQ,GAAG,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;QAE9D,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,KAAK,CAAC,8BAA8B,OAAO,CAAC,UAAU,EAAE,CAAC,CAAC;QACtE,CAAC;QAED,MAAM,KAAK,GAAG,IAAI,CAAC,mBAAmB,CAAC,QAAQ,EAAE,OAAO,CAAC,YAAY,CAAC,CAAC;QACvE,MAAM,kBAAkB,GAAG,IAAI,CAAC,2BAA2B,CAAC,QAAQ,EAAE,OAAO,CAAC,YAAY,CAAC,CAAC;QAC5F,MAAM,oBAAoB,GAAG,IAAI,CAAC,6BAA6B,CAAC,QAAQ,EAAE,OAAO,CAAC,YAAY,CAAC,CAAC;QAChG,MAAM,gBAAgB,GAAG,IAAI,CAAC,wBAAwB,CAAC,QAAQ,CAAC,CAAC;QACjE,MAAM,eAAe,GAAG,IAAI,CAAC,6BAA6B,CAAC,QAAQ,CAAC,CAAC;QAErE,OAAO;YACL,UAAU,EAAE,OAAO,CAAC,UAAU;YAC9B,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,YAAY,EAAE,OAAO,CAAC,YAAY;YAClC,KAAK;YACL,kBAAkB;YAClB,oBAAoB;YACpB,gBAAgB;YAChB,eAAe;SAChB,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,gBAAgB,CAAC,OAAiC;QACtD,MAAM,QAAQ,GAAG,IAAI,CAAC,sBAAsB,CAAC,OAAO,CAAC,WAAW,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC;QACjF,MAAM,iBAAiB,GAAG,IAAI,CAAC,yBAAyB,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;QAC9E,MAAM,gBAAgB,GAAG,IAAI,CAAC,wBAAwB,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;QAE5E,OAAO;YACL,WAAW,EAAE,OAAO,CAAC,WAAW;YAChC,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,KAAK,EAAE,OAAO,CAAC,KAAK;YACpB,QAAQ;YACR,iBAAiB;YACjB,gBAAgB;SACjB,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,uBAAuB;QACrB,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,IAAI,EAAE,CAAC,CAAC;IACjD,CAAC;IAED;;OAEG;IACK,mBAAmB,CAAC,QAAwB,EAAE,YAAoB;QACxE,MAAM,KAAK,GAAG,CAAC,GAAG,QAAQ,CAAC,SAAS,CAAC,CAAC;QAEtC,6BAA6B;QAC7B,IAAI,YAAY,IAAI,CAAC,EAAE,CAAC;YACtB,KAAK,CAAC,IAAI,CAAC,+BAA+B,EAAE,sCAAsC,CAAC,CAAC;QACtF,CAAC;QAED,IAAI,YAAY,IAAI,CAAC,EAAE,CAAC;YACtB,KAAK,CAAC,IAAI,CAAC,kCAAkC,EAAE,2BAA2B,CAAC,CAAC;QAC9E,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;OAEG;IACK,2BAA2B,CAAC,QAAwB,EAAE,YAAoB;QAChF,IAAI,WAAW,GAAG,QAAQ,CAAC,sBAAsB,CAAC;QAElD,gCAAgC;QAChC,IAAI,YAAY,IAAI,CAAC,EAAE,CAAC;YACtB,WAAW,IAAI,GAAG,CAAC,CAAC,mDAAmD;QACzE,CAAC;aAAM,IAAI,YAAY,IAAI,CAAC,EAAE,CAAC;YAC7B,WAAW,IAAI,GAAG,CAAC,CAAC,wDAAwD;QAC9E,CAAC;QAED,OAAO,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC,CAAC;IACnD,CAAC;IAED;;OAEG;IACK,6BAA6B,CAAC,QAAwB,EAAE,YAAoB;QAClF,IAAI,WAAW,GAAG,QAAQ,CAAC,wBAAwB,CAAC;QAEpD,gCAAgC;QAChC,IAAI,YAAY,IAAI,CAAC,EAAE,CAAC;YACtB,WAAW,IAAI,GAAG,CAAC;QACrB,CAAC;aAAM,IAAI,YAAY,IAAI,CAAC,EAAE,CAAC;YAC7B,WAAW,IAAI,GAAG,CAAC;QACrB,CAAC;aAAM,IAAI,YAAY,IAAI,CAAC,EAAE,CAAC;YAC7B,WAAW,IAAI,GAAG,CAAC;QACrB,CAAC;QAED,OAAO,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC,CAAC;IACpD,CAAC;IAED;;OAEG;IACK,wBAAwB,CAAC,QAAwB;QACvD,OAAO,QAAQ,CAAC,gBAAgB,CAAC;IACnC,CAAC;IAED;;OAEG;IACK,6BAA6B,CAAC,QAAwB;QAC5D,OAAO;YACL,GAAG,QAAQ,CAAC,sBAAsB;YAClC,0CAA0C;YAC1C,sCAAsC;YACtC,uCAAuC;SACxC,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,sBAAsB,CAAC,WAAmB,EAAE,KAAa;QAC/D,MAAM,iBAAiB,GAAmC;YACxD,eAAe,EAAE,GAAG,EAAE,CAAC;gBACrB,aAAa;gBACb,yBAAyB;gBACzB,iDAAiD;gBACjD,cAAc;gBACd,+BAA+B;aAChC;YACD,KAAK,EAAE,GAAG,EAAE,CAAC;gBACX,+BAA+B;gBAC/B,kCAAkC;gBAClC,yBAAyB;gBACzB,2BAA2B;gBAC3B,4BAA4B;aAC7B;YACD,mBAAmB,EAAE,GAAG,EAAE,CAAC;gBACzB,UAAU;gBACV,mBAAmB;gBACnB,WAAW;gBACX,MAAM;gBACN,aAAa;aACd;YACD,aAAa,EAAE,GAAG,EAAE,CAAC;gBACnB,WAAW;gBACX,cAAc;gBACd,WAAW;gBACX,YAAY;gBACZ,eAAe;aAChB;YACD,uBAAuB,EAAE,GAAG,EAAE,CAAC;gBAC7B,WAAW;gBACX,iBAAiB;gBACjB,UAAU;gBACV,KAAK;gBACL,aAAa;aACd;SACF,CAAC;QAEF,MAAM,SAAS,GAAG,iBAAiB,CAAC,WAAW,CAAC,CAAC;QACjD,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,OAAO,CAAC,kCAAkC,WAAW,EAAE,CAAC,CAAC;QAC3D,CAAC;QAED,OAAO,SAAS,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;IACrC,CAAC;IAED;;OAEG;IACK,yBAAyB,CAAC,WAAmB;QACnD,MAAM,YAAY,GAA2B;YAC3C,eAAe,EAAE,iFAAiF;YAClG,KAAK,EAAE,yFAAyF;YAChG,mBAAmB,EAAE,iFAAiF;YACtG,aAAa,EAAE,kFAAkF;YACjG,uBAAuB,EAAE,sEAAsE;SAChG,CAAC;QAEF,OAAO,YAAY,CAAC,WAAW,CAAC,IAAI,sDAAsD,CAAC;IAC7F,CAAC;IAED;;OAEG;IACK,wBAAwB,CAAC,WAAmB;QAClD,MAAM,gBAAgB,GAA6B;YACjD,eAAe,EAAE;gBACf,wCAAwC;gBACxC,sCAAsC;gBACtC,wCAAwC;gBACxC,2BAA2B;aAC5B;YACD,KAAK,EAAE;gBACL,uCAAuC;gBACvC,0CAA0C;gBAC1C,mCAAmC;gBACnC,+BAA+B;aAChC;YACD,mBAAmB,EAAE;gBACnB,oCAAoC;gBACpC,uCAAuC;gBACvC,gCAAgC;gBAChC,iCAAiC;aAClC;YACD,aAAa,EAAE;gBACb,oCAAoC;gBACpC,iCAAiC;gBACjC,6BAA6B;gBAC7B,kCAAkC;aACnC;YACD,uBAAuB,EAAE;gBACvB,6CAA6C;gBAC7C,2CAA2C;gBAC3C,yBAAyB;gBACzB,sCAAsC;aACvC;SACF,CAAC;QAEF,OAAO,gBAAgB,CAAC,WAAW,CAAC,IAAI,CAAC,mDAAmD,CAAC,CAAC;IAChG,CAAC;IAED;;OAEG;IACK,yBAAyB;QAC/B,MAAM,SAAS,GAAqB;YAClC;gBACE,EAAE,EAAE,iBAAiB;gBACrB,IAAI,EAAE,wBAAwB;gBAC9B,SAAS,EAAE;oBACT,mCAAmC;oBACnC,gCAAgC;oBAChC,2CAA2C;oBAC3C,2BAA2B;oBAC3B,gCAAgC;oBAChC,kCAAkC;iBACnC;gBACD,sBAAsB,EAAE,GAAG;gBAC3B,wBAAwB,EAAE,GAAG;gBAC7B,gBAAgB,EAAE,0EAA0E;gBAC5F,sBAAsB,EAAE;oBACtB,mCAAmC;oBACnC,sCAAsC;oBACtC,yBAAyB;oBACzB,kCAAkC;iBACnC;aACF;YACD;gBACE,EAAE,EAAE,gBAAgB;gBACpB,IAAI,EAAE,uBAAuB;gBAC7B,SAAS,EAAE;oBACT,mCAAmC;oBACnC,2BAA2B;oBAC3B,6BAA6B;oBAC7B,mCAAmC;oBACnC,iCAAiC;oBACjC,kCAAkC;iBACnC;gBACD,sBAAsB,EAAE,GAAG;gBAC3B,wBAAwB,EAAE,GAAG;gBAC7B,gBAAgB,EAAE,sDAAsD;gBACxE,sBAAsB,EAAE;oBACtB,oCAAoC;oBACpC,oCAAoC;oBACpC,+BAA+B;oBAC/B,sCAAsC;iBACvC;aACF;YACD;gBACE,EAAE,EAAE,WAAW;gBACf,IAAI,EAAE,kBAAkB;gBACxB,SAAS,EAAE;oBACT,2BAA2B;oBAC3B,wCAAwC;oBACxC,4BAA4B;oBAC5B,yBAAyB;oBACzB,wBAAwB;oBACxB,6BAA6B;iBAC9B;gBACD,sBAAsB,EAAE,GAAG;gBAC3B,wBAAwB,EAAE,GAAG;gBAC7B,gBAAgB,EAAE,kEAAkE;gBACpF,sBAAsB,EAAE;oBACtB,2BAA2B;oBAC3B,4BAA4B;oBAC5B,yBAAyB;oBACzB,8BAA8B;iBAC/B;aACF;YACD;gBACE,EAAE,EAAE,aAAa;gBACjB,IAAI,EAAE,oBAAoB;gBAC1B,SAAS,EAAE;oBACT,qBAAqB;oBACrB,kCAAkC;oBAClC,0BAA0B;oBAC1B,8BAA8B;oBAC9B,6BAA6B;oBAC7B,wBAAwB;iBACzB;gBACD,sBAAsB,EAAE,GAAG;gBAC3B,wBAAwB,EAAE,GAAG;gBAC7B,gBAAgB,EAAE,kDAAkD;gBACpE,sBAAsB,EAAE;oBACtB,kCAAkC;oBAClC,qCAAqC;oBACrC,8BAA8B;oBAC9B,+BAA+B;iBAChC;aACF;YACD;gBACE,EAAE,EAAE,sBAAsB;gBAC1B,IAAI,EAAE,6BAA6B;gBACnC,SAAS,EAAE;oBACT,2BAA2B;oBAC3B,oCAAoC;oBACpC,6BAA6B;oBAC7B,qCAAqC;oBACrC,6BAA6B;oBAC7B,8BAA8B;iBAC/B;gBACD,sBAAsB,EAAE,GAAG;gBAC3B,wBAAwB,EAAE,GAAG;gBAC7B,gBAAgB,EAAE,kDAAkD;gBACpE,sBAAsB,EAAE;oBACtB,qCAAqC;oBACrC,mCAAmC;oBACnC,6BAA6B;oBAC7B,2CAA2C;iBAC5C;aACF;SACF,CAAC;QAEF,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;YACjC,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,EAAE,QAAQ,CAAC,CAAC;QAClD,CAAC;IACH,CAAC;CACF"}

package/dist/shell/bracketedPasteManager.d.ts

@@ -9,16 +9,88 @@
 export interface BracketedPasteResult {
     handled: boolean;
     result?: string;
+    /** True if we're still accumulating paste content */
+    isPending?: boolean;
+    /** Number of lines accumulated so far (for display) */
+    lineCount?: number;
+    /** Preview of the content (first line truncated) */
+    preview?: string;
+}
+export interface MultiLinePasteState {
+    /** Full content accumulated from multi-line paste */
+    content: string;
+    /** Number of lines in the paste */
+    lineCount: number;
+    /** First line preview (truncated for display) */
+    firstLinePreview: string;
+    /** Last line preview (truncated for display) */
+    lastLinePreview: string;
 }
 export declare class BracketedPasteManager {
     private enabled;
     private inPaste;
     private pasteBuffer;
+    /** Tracks accumulated multi-line input even without bracketed paste support */
+    private multiLineBuffer;
+    private multiLineMode;
+    private lastInputTime;
+    /** Time threshold (ms) to consider rapid input as paste */
+    private readonly PASTE_THRESHOLD_MS;
+    /** Raw data buffer for capturing complete bracketed paste content */
+    private rawPasteBuffer;
+    /** Callback for when raw paste is complete */
+    private onRawPasteComplete;
+    /** Whether we're currently capturing raw data */
+    private capturingRaw;
+    private static readonly START_MARKER;
+    private static readonly END_MARKER;
     constructor(enabled: boolean);
+    /**
+     * Process raw data from stdin before readline handles it.
+     * This intercepts bracketed paste content and captures it in full.
+     * Returns true if the data was consumed (should not be passed to readline).
+     */
+    processRawData(data: string): {
+        consumed: boolean;
+        passThrough?: string;
+    };
+    /**
+     * Set callback for when a complete paste is captured via raw data processing
+     */
+    setRawPasteCallback(callback: (content: string) => void): void;
+    /**
+     * Check if currently capturing raw paste data
+     */
+    isCapturingRaw(): boolean;
+    /**
+     * Get current raw buffer size (for display)
+     */
+    getRawBufferLineCount(): number;
+    /**
+     * Get preview of raw buffer content
+     */
+    getRawBufferPreview(): string;
     /**
      * Process input text, handling bracketed paste sequences
      */
     process(input: string): BracketedPasteResult;
+    /**
+     * Process input when bracketed paste is not enabled
+     * Uses timing heuristics to detect rapid multi-line input (likely paste)
+     */
+    private processWithoutBracketed;
+    /**
+     * Generate a preview string for multi-line content
+     */
+    private getPreview;
+    /**
+     * Get current multi-line state for display purposes
+     */
+    getMultiLineState(): MultiLinePasteState | null;
+    /**
+     * Format a multi-line paste as a collapsed block for display
+     */
+    static formatCollapsedBlock(content: string, maxPreviewLength?: number): string;
     /**
      * Check if currently processing a paste
      */
@@ -27,6 +99,10 @@ export declare class BracketedPasteManager {
      * Get the current paste buffer
      */
     getPasteBuffer(): string[];
+    /**
+     * Finalize any pending multi-line input
+     */
+    finalize(): string | null;
     /**
      * Reset the paste state
      */

package/dist/shell/bracketedPasteManager.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"bracketedPasteManager.d.ts","sourceRoot":"","sources":["../../src/shell/bracketedPasteManager.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,MAAM,WAAW,oBAAoB;IACnC,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,qBAAa,qBAAqB;IAChC,OAAO,CAAC,OAAO,CAAU;IACzB,OAAO,CAAC,OAAO,CAAS;IACxB,OAAO,CAAC,WAAW,CAAgB;gBAEvB,OAAO,EAAE,OAAO;IAI5B;;OAEG;IACH,OAAO,CAAC,KAAK,EAAE,MAAM,GAAG,oBAAoB;IAoE5C;;OAEG;IACH,SAAS,IAAI,OAAO;IAIpB;;OAEG;IACH,cAAc,IAAI,MAAM,EAAE;IAI1B;;OAEG;IACH,KAAK,IAAI,IAAI;CAId"}
+{"version":3,"file":"bracketedPasteManager.d.ts","sourceRoot":"","sources":["../../src/shell/bracketedPasteManager.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,MAAM,WAAW,oBAAoB;IACnC,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,qDAAqD;IACrD,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,uDAAuD;IACvD,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,oDAAoD;IACpD,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,mBAAmB;IAClC,qDAAqD;IACrD,OAAO,EAAE,MAAM,CAAC;IAChB,mCAAmC;IACnC,SAAS,EAAE,MAAM,CAAC;IAClB,iDAAiD;IACjD,gBAAgB,EAAE,MAAM,CAAC;IACzB,gDAAgD;IAChD,eAAe,EAAE,MAAM,CAAC;CACzB;AAED,qBAAa,qBAAqB;IAChC,OAAO,CAAC,OAAO,CAAU;IACzB,OAAO,CAAC,OAAO,CAAS;IACxB,OAAO,CAAC,WAAW,CAAgB;IAEnC,+EAA+E;IAC/E,OAAO,CAAC,eAAe,CAAgB;IACvC,OAAO,CAAC,aAAa,CAAS;IAC9B,OAAO,CAAC,aAAa,CAAK;IAC1B,2DAA2D;IAC3D,OAAO,CAAC,QAAQ,CAAC,kBAAkB,CAAM;IAEzC,qEAAqE;IACrE,OAAO,CAAC,cAAc,CAAM;IAC5B,8CAA8C;IAC9C,OAAO,CAAC,kBAAkB,CAA4C;IACtE,iDAAiD;IACjD,OAAO,CAAC,YAAY,CAAS;IAE7B,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,YAAY,CAAiB;IACrD,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,UAAU,CAAiB;gBAEvC,OAAO,EAAE,OAAO;IAI5B;;;;OAIG;IACH,cAAc,CAAC,IAAI,EAAE,MAAM,GAAG;QAAE,QAAQ,EAAE,OAAO,CAAC;QAAC,WAAW,CAAC,EAAE,MAAM,CAAA;KAAE;IAuEzE;;OAEG;IACH,mBAAmB,CAAC,QAAQ,EAAE,CAAC,OAAO,EAAE,MAAM,KAAK,IAAI,GAAG,IAAI;IAI9D;;OAEG;IACH,cAAc,IAAI,OAAO;IAIzB;;OAEG;IACH,qBAAqB,IAAI,MAAM;IAK/B;;OAEG;IACH,mBAAmB,IAAI,MAAM;IAM7B;;OAEG;IACH,OAAO,CAAC,KAAK,EAAE,MAAM,GAAG,oBAAoB;IA4G5C;;;OAGG;IACH,OAAO,CAAC,uBAAuB;IAqD/B;;OAEG;IACH,OAAO,CAAC,UAAU;IAiBlB;;OAEG;IACH,iBAAiB,IAAI,mBAAmB,GAAG,IAAI;IAmB/C;;OAEG;IACH,MAAM,CAAC,oBAAoB,CAAC,OAAO,EAAE,MAAM,EAAE,gBAAgB,GAAE,MAAW,GAAG,MAAM;IAcnF;;OAEG;IACH,SAAS,IAAI,OAAO;IAIpB;;OAEG;IACH,cAAc,IAAI,MAAM,EAAE;IAI1B;;OAEG;IACH,QAAQ,IAAI,MAAM,GAAG,IAAI;IAUzB;;OAEG;IACH,KAAK,IAAI,IAAI;CAQd"}