jsguardian 1.2.0

package/adversarial-tokens.js

@@ -0,0 +1,176 @@
+"use strict";
+// ============================================================================
+// Layer 8 — Adversarial Token Injection
+//
+// CONCEPT:
+//   Transformer-based LLMs (GPT-4, Claude, Gemini) tokenize code before
+//   processing. Certain byte sequences produce token IDs near "glitch tokens"
+//   — positions in the embedding space with degenerate or highly anisotropic
+//   properties that cause attention scores to spike/collapse, producing
+//   inconsistent or confused outputs for the surrounding context.
+//
+//   Known vectors (from Rumbelow & Watkins 2023, "SolidGoldMagikarp"):
+//     - Tokens that were in the vocabulary but almost never appeared in
+//       training data → their embeddings are under-trained → chaotic behavior
+//     - Token sequences that force the model into repetition or refusal
+//     - Identifier-legal characters that map to split/fused token boundaries
+//
+//   We rename a fraction of INTERNAL (non-exported) identifiers to sequences
+//   that exploit these properties. The identifiers remain valid JavaScript.
+//   The LLM's attention mechanism is disrupted when it tries to track data
+//   flow through these variables — it loses the thread.
+//
+// PRACTICAL IMPLEMENTATION:
+//   Since we can't know the exact tokenizer of every LLM, we use two
+//   complementary strategies:
+//
+//   Strategy A: Unicode homoglyph + combining character injection
+//     Insert zero-width joiners, right-to-left marks, or Cyrillic lookalikes
+//     into identifier names. Valid JS (ES2015+ allows Unicode in identifiers).
+//     Forces tokenizer to produce unexpected token boundaries.
+//     e.g.: _validate → _vаlidаte  (Cyrillic 'а' U+0430 replaces Latin 'a')
+//
+//   Strategy B: Token boundary confusion sequences
+//     Use patterns like _0x + alternating hex + underscore that cause
+//     common BPE tokenizers to produce 3-4 tokens instead of 1, fragmenting
+//     the "concept" of the variable across the attention window.
+//     e.g.: _k3y_v4l → _0xk3_0xv4 (forces re-tokenization at every digit)
+//
+//   Strategy C: Semantic inversion baits
+//     Rename a variable to a name that MEANS the opposite of what it holds.
+//     e.g.: a variable holding `true` (valid) is renamed `__invalid__`
+//     The LLM reads the name, not the value — it draws the wrong conclusion.
+// ============================================================================
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.applyAdversarialTokens = applyAdversarialTokens;
+// Cyrillic homoglyphs for common ASCII letters (visually identical in most fonts)
+const HOMOGLYPHS = {
+    a: "а", // Cyrillic а
+    e: "е", // Cyrillic е
+    o: "о", // Cyrillic о
+    p: "р", // Cyrillic р
+    c: "с", // Cyrillic с
+    x: "х", // Cyrillic х
+    i: "і", // Cyrillic і (Ukrainian)
+};
+// Semantic inversion names — names that mislead about what the variable holds
+const INVERSION_NAMES = [
+    "__invalid__", "__failed__", "__unauthorized__", "__rejected__",
+    "__expired__", "__denied__", "__corrupt__", "__tampered__",
+    "__bypass__", "__override__", "__nullified__", "__voided__",
+];
+// Token-boundary confusion prefixes (force BPE fragmentation)
+const CONFUSION_PREFIXES = [
+    "_0x", "_0b", "_0o", "_v0", "_k_", "_r_", "_f_",
+];
+function injectHomoglyphs(name, rng) {
+    // Replace 1–2 characters with Cyrillic homoglyphs
+    let result = name;
+    let count = 0;
+    for (let i = 0; i < result.length && count < 2; i++) {
+        const ch = result[i];
+        if (HOMOGLYPHS[ch] && rng.next() < 0.6) {
+            result = result.slice(0, i) + HOMOGLYPHS[ch] + result.slice(i + 1);
+            count++;
+        }
+    }
+    return result;
+}
+function confusionName(rng) {
+    const prefix = CONFUSION_PREFIXES[Math.floor(rng.next() * CONFUSION_PREFIXES.length)];
+    const part1 = (rng.int32() >>> 0).toString(36).slice(0, 4);
+    const part2 = (rng.int32() >>> 0).toString(36).slice(0, 3);
+    return `${prefix}${part1}_${part2}`;
+}
+/**
+ * Renames a fraction of internal (non-exported, non-param) identifiers
+ * using adversarial naming strategies.
+ *
+ * Operates on the Babel AST before jsobf runs. Only renames:
+ *   - Local `var`/`let`/`const` declarators inside functions
+ *   - Not: exported names, function params, property keys
+ *
+ * Rate: 0–1 fraction of eligible identifiers to rename.
+ */
+function applyAdversarialTokens(ast, traverse, t, rng, opts = {}) {
+    const rate = opts.adversarialTokenRate ?? 0.3;
+    traverse(ast, {
+        // Target VariableDeclarator inside function bodies
+        VariableDeclarator(path) {
+            if (path.node.__obf)
+                return;
+            if (!t.isIdentifier(path.node.id))
+                return;
+            // Skip vars inside VM-virtualized wrappers (function node marked __obf)
+            const _vmParent = path.findParent((p) => p.isFunction());
+            if (_vmParent && _vmParent.node && _vmParent.node.__obf)
+                return;
+            if (rng.next() > rate)
+                return;
+            // Don't rename if the declarator is at module scope (could be exported)
+            const fnParent = path.findParent((p) => p.isFunction());
+            if (!fnParent)
+                return;
+            // Skip const/let — renaming them can break reassignment in strict mode
+            const declKind = path.parent && path.parent.kind;
+            if (declKind === "const" || declKind === "let")
+                return;
+            const oldName = path.node.id.name;
+            if (!oldName || oldName.startsWith("__"))
+                return; // leave our own injected vars
+            // OBsmith correctness guard: skip names that appear in any StringLiteral
+            // in the same function scope (potential eval targets: eval(varName) etc.).
+            // Also skip names starting with $ (framework convention, e.g. jQuery).
+            if (oldName.startsWith("$"))
+                return;
+            try {
+                let appearsInString = false;
+                fnParent.traverse({
+                    StringLiteral(sp) {
+                        if (sp.node.value.includes(oldName)) {
+                            appearsInString = true;
+                            sp.stop();
+                        }
+                    },
+                });
+                if (appearsInString)
+                    return;
+            }
+            catch {
+                return;
+            }
+            // Pick strategy
+            let newName;
+            const strategy = rng.next();
+            if (strategy < 0.35) {
+                // Strategy A: homoglyph injection
+                newName = injectHomoglyphs(oldName, rng);
+                if (newName === oldName)
+                    newName = confusionName(rng); // fallback
+            }
+            else if (strategy < 0.65) {
+                // Strategy B: token boundary confusion
+                newName = confusionName(rng);
+            }
+            else {
+                // Strategy C: semantic inversion
+                newName = INVERSION_NAMES[Math.floor(rng.next() * INVERSION_NAMES.length)] +
+                    "_" + (rng.int32() >>> 0).toString(36).slice(0, 3);
+            }
+            // Rename all references within the containing function scope
+            try {
+                const binding = path.scope.getBinding(oldName);
+                if (binding) {
+                    binding.referencePaths.forEach((ref) => {
+                        if (t.isIdentifier(ref.node))
+                            ref.node.name = newName;
+                    });
+                    path.node.id.name = newName;
+                }
+            }
+            catch {
+                // scope rename failed — skip silently
+            }
+        },
+    });
+}

package/ai-antipattern.js

@@ -0,0 +1,235 @@
+"use strict";
+// ============================================================================
+// Layer 3g — Anti-Pattern Injection
+//
+// Three mechanisms that violate every assumption analysis tools make:
+//
+// A — Prototype Pollution Noise
+//   IIFEs that temporarily install junk properties on Object.prototype via a
+//   Symbol (guaranteed unique, non-enumerable in for..in, safe to restore).
+//   NET runtime effect: zero.  Effect on analysis tools: flag as dangerous
+//   prototype mutation; static analysers that freeze Object.prototype before
+//   analysis will error; execution-based tools that snapshot the prototype
+//   graph before running will see a different shape than after.
+//
+// B — ASI Traps
+//   Dead functions with `return\n<expr>` patterns.  ECMAScript 2015+:
+//   ASI fires after `return` when the next token is on a new line →
+//   the function returns `undefined`, not `<expr>`.
+//   A deobfuscator or formatter that "helpfully" removes the line break
+//   (or adds a semicolon after `return`) changes the observable semantics.
+//   Tools that reformat before analysis break on these.
+//
+// C — Unicode Homoglyph Decoy Pairs
+//   Adjacent var declarations whose names differ only in one character:
+//   Latin `x` (U+0078) vs Cyrillic `х` (U+0445), or
+//   Latin `a` (U+0061) vs Cyrillic `а` (U+0430), etc.
+//   Both look identical in most editors and terminals.
+//   Deobfuscators that Unicode-normalise identifiers before analysis
+//   collapse two distinct variables into one → name collision → crash.
+//   Tools that compare names visually misidentify one for the other.
+//
+// ARCHITECTURE:
+//   buildAntiPatternSource() returns a raw JS source string, injected
+//   AFTER cneObfuscate() runs.  Nothing here passes through CNE — names
+//   are chosen to already look like CNE output (_0xXXXX format or short
+//   random identifiers).  The prototype Symbol IIFEs actually execute at
+//   module load time but are provably safe: Symbol keys are unique and
+//   immediately restored.
+// ============================================================================
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.buildAntiPatternSource = buildAntiPatternSource;
+// ---------------------------------------------------------------------------
+// Helpers
+// ---------------------------------------------------------------------------
+function rname(rng) {
+    return `_0x${((rng.int32() >>> 0) & 0xffff).toString(16).padStart(4, "0")}`;
+}
+function rconst(rng) {
+    return `0x${((rng.int32() >>> 0) & 0xffff).toString(16)}`;
+}
+// ---------------------------------------------------------------------------
+// A — Prototype Pollution Noise
+//
+// Each IIFE:
+//   1. Creates a Symbol (or a random string key on platforms without Symbol)
+//   2. Saves the current Object.prototype value for that key (undefined)
+//   3. Assigns a seeded-random junk function/value to Object.prototype[sym]
+//   4. Reads it back via `{}[sym]` to confirm the mutation
+//   5. Immediately restores Object.prototype[sym] to the saved value
+//   6. Voids the result so no side-effects escape
+//
+// Runtime cost: ~1 microsecond at module load.  Side-effect: none.
+// Analysis cost: tool must prove the restoration always runs (it does,
+// unconditionally) and that the Symbol never collides (it never can).
+// ---------------------------------------------------------------------------
+function buildProtoPollutionIife(rng) {
+    const symName = rname(rng);
+    const prevName = rname(rng);
+    const chkName = rname(rng);
+    const paramA = `_${((rng.int32() >>> 0) & 0xff).toString(36)}`;
+    const junkVal = (rng.int32() >>> 0) & 0xffff;
+    const junkOp = rng.next() < 0.5
+        ? `function(${paramA}){return ${paramA}^${rconst(rng)}|0;}`
+        : `function(${paramA}){return(${paramA}+${rconst(rng)})|0;}`;
+    return `;(function(){` +
+        `var ${symName}=typeof Symbol!=='undefined'?Symbol():` +
+        `'_'+(${rconst(rng)}).toString(36);` +
+        `var ${prevName}=Object.prototype[${symName}];` +
+        `Object.prototype[${symName}]=${junkOp};` +
+        `var ${chkName}=({})[${symName}];` +
+        `Object.prototype[${symName}]=${prevName};` +
+        `void ${chkName};` +
+        `void ${junkVal};` +
+        `})();`;
+}
+// ---------------------------------------------------------------------------
+// B — ASI Traps
+//
+// ECMAScript mandates ASI after `return` when the next token is on a NEW LINE.
+// So `return\n<expr>` always means `return; <expr>` — the function returns
+// undefined and <expr> is unreachable dead code.
+//
+// A reformatter that moves `<expr>` to the same line as `return` changes the
+// return value.  A tool that adds `; // semicolon` after `return` does the same.
+// Both produce different semantics → the tool's analysis is of WRONG code.
+//
+// We generate dead functions (never called, no exports) with these patterns
+// so the traps don't affect production behaviour.
+// ---------------------------------------------------------------------------
+function buildAsiTrapFunction(rng) {
+    const fnName = rname(rng);
+    const v1 = rname(rng), v2 = rname(rng);
+    const c1 = rconst(rng), c2 = rconst(rng);
+    // Pick one of three ASI trap patterns:
+    const kind = (rng.int32() >>> 0) % 3;
+    if (kind === 0) {
+        // return\n<numeric_expr> — looks like it returns a computed value,
+        // actually returns undefined.
+        return `function ${fnName}(${v1}){` +
+            `var ${v2}=(${v1}^${c1})|0;` +
+            `return\n` + // ASI fires here → returns undefined
+            `${v2}+${c2};` + // unreachable — a formatter that joins lines breaks semantics
+            `}`;
+    }
+    if (kind === 1) {
+        // return\n{ key: expr } — looks like it returns an object literal,
+        // actually: return undefined; { key: expr } is a labeled block statement.
+        // A formatter that joins the lines produces `return {key: expr}` — returns
+        // an object instead of undefined.  Different semantics.
+        // Use ONE property only: {k1: expr} is valid as `label: expression-statement`.
+        const k1 = rname(rng);
+        return `function ${fnName}(${v1},${v2}){` +
+            `return\n` + // ASI fires — returns undefined
+            `{${k1}:(${v1}^${c1})|(${v2}|${c2})};` + // parsed as labeled block, not object literal
+            `}`;
+    }
+    // kind === 2: throw\n… — Note: ECMAScript does NOT allow ASI after throw
+    // (it's a SyntaxError), so we use a prefix-increment trap instead:
+    // `var a = b\n++c` → `var a = b; ++c` (NOT `var a = b++c`)
+    const v3 = rname(rng);
+    return `function ${fnName}(${v1}){` +
+        `var ${v2}=${c1}|0;` +
+        `var ${v3}=${v2}` + `\n` + // line break — next line starts with ++
+        `+${c2};` + // `var v3 = v2; +c2` — the + is parsed as unary, NOT concatenation
+        `return ${v3};` + // returns v2, not v2 + c2
+        `}`;
+}
+// ---------------------------------------------------------------------------
+// C — Unicode Homoglyph Decoy Pairs
+//
+// Each pair: one Latin-script var and one Cyrillic-script var whose names are
+// visually indistinguishable in proportional fonts.
+//
+// Substitution map (Latin → Cyrillic lookalike):
+//   a → а (U+0430)   e → е (U+0435)   o → о (U+043E)
+//   p → р (U+0440)   c → с (U+0441)   x → х (U+0445)
+//   s → ѕ (U+0455)   y → у (U+0443)
+//
+// Both values are different random constants.  A tool that normalises Unicode
+// before analysis collapses them to the same name → redeclaration error.
+// A tool that compares names visually mistakes one for the other.
+// ---------------------------------------------------------------------------
+// Latin-to-Cyrillic substitution map (one-way: applied to generate Cyrillic twin)
+const HOMOGLYPH_MAP = {
+    a: "а", // а
+    e: "е", // е
+    o: "о", // о
+    p: "р", // р
+    c: "с", // с
+    x: "х", // х
+    y: "у", // у
+};
+function cyrillicTwin(name) {
+    // Skip the '_0x' prefix — always contains 'x' which would be substituted first,
+    // preventing substitutions in the hex-digit section (where a, c, e live).
+    // We scan the data section (after '_0x') to get Cyrillic a/c/e twins.
+    // Then fall back to full scan so the 'x'-in-prefix path also produces twins.
+    const prefixLen = name.startsWith("_0x") ? 3 : 0;
+    // First pass: skip prefix, try hex-digit section
+    for (let i = prefixLen; i < name.length; i++) {
+        const sub = HOMOGLYPH_MAP[name[i]];
+        if (sub) {
+            return name.slice(0, i) + sub + name.slice(i + 1);
+        }
+    }
+    // Second pass: include prefix (catches names with no a/c/e in data section)
+    for (let i = 0; i < prefixLen; i++) {
+        const sub = HOMOGLYPH_MAP[name[i]];
+        if (sub) {
+            return name.slice(0, i) + sub + name.slice(i + 1);
+        }
+    }
+    return null;
+}
+function buildHomoglyphPairs(rng, count) {
+    const lines = [];
+    // Rotate through ALL HOMOGLYPH_MAP keys deterministically so every build
+    // contains every Cyrillic substitution type at least once.
+    const subKeys = Object.keys(HOMOGLYPH_MAP); // [a, e, o, p, c, x, y]
+    for (let g = 0; g < count; g++) {
+        const targetLetter = subKeys[g % subKeys.length];
+        const cyrChar = HOMOGLYPH_MAP[targetLetter];
+        // Per-build random suffix keeps names unique; format `_<lat><hex>`.
+        // Using exactly one substitutable letter in a known position guarantees
+        // that cyrillicTwin() won't pick a different letter instead.
+        const suffix = ((rng.int32() >>> 0) & 0xffff).toString(16).padStart(4, "0");
+        const baseName = `_${targetLetter}${suffix}`; // e.g. _a3f2c
+        const twin = `_${cyrChar}${suffix}`; // e.g. _а3f2c  (Cyrillic а)
+        const val1 = rconst(rng);
+        const val2 = rconst(rng);
+        lines.push(`var ${baseName}=${val1};`);
+        lines.push(`var ${twin}=${val2};`);
+    }
+    return lines;
+}
+// ---------------------------------------------------------------------------
+// Main export
+// ---------------------------------------------------------------------------
+/**
+ * Build a raw JS source block with three anti-pattern mechanisms:
+ *   A) 3–5 prototype-pollution IIFEs (Symbol-keyed, safe save/restore)
+ *   B) 4–6 ASI-trap dead functions (return+newline semantic traps)
+ *   C) 5–8 Unicode homoglyph decoy pairs (Latin vs Cyrillic twin vars)
+ *
+ * Injected AFTER cneObfuscate() — names already in _0xXXXX format,
+ * no further processing by CNE.
+ */
+function buildAntiPatternSource(rng) {
+    const parts = ["/* layer-3g */"];
+    // A: Prototype pollution IIFEs
+    const ppCount = 3 + Math.floor(rng.next() * 3); // 3..5
+    for (let i = 0; i < ppCount; i++) {
+        parts.push(buildProtoPollutionIife(rng));
+    }
+    // B: ASI trap dead functions
+    const asiCount = 4 + Math.floor(rng.next() * 3); // 4..6
+    for (let i = 0; i < asiCount; i++) {
+        parts.push(buildAsiTrapFunction(rng));
+    }
+    // C: Unicode homoglyph decoy pairs
+    const hgCount = 5 + Math.floor(rng.next() * 4); // 5..8
+    const hgLines = buildHomoglyphPairs(rng, hgCount);
+    parts.push(...hgLines);
+    return parts.join("\n");
+}