llm-trust-guard 4.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +21 -0
- package/README.md +318 -0
- package/dist/guards/agent-communication-guard.d.ts +169 -0
- package/dist/guards/agent-communication-guard.d.ts.map +1 -0
- package/dist/guards/agent-communication-guard.js +468 -0
- package/dist/guards/agent-communication-guard.js.map +1 -0
- package/dist/guards/autonomy-escalation-guard.d.ts +137 -0
- package/dist/guards/autonomy-escalation-guard.d.ts.map +1 -0
- package/dist/guards/autonomy-escalation-guard.js +470 -0
- package/dist/guards/autonomy-escalation-guard.js.map +1 -0
- package/dist/guards/circuit-breaker.d.ts +142 -0
- package/dist/guards/circuit-breaker.d.ts.map +1 -0
- package/dist/guards/circuit-breaker.js +347 -0
- package/dist/guards/circuit-breaker.js.map +1 -0
- package/dist/guards/code-execution-guard.d.ts +114 -0
- package/dist/guards/code-execution-guard.d.ts.map +1 -0
- package/dist/guards/code-execution-guard.js +467 -0
- package/dist/guards/code-execution-guard.js.map +1 -0
- package/dist/guards/conversation-guard.d.ts +73 -0
- package/dist/guards/conversation-guard.d.ts.map +1 -0
- package/dist/guards/conversation-guard.js +281 -0
- package/dist/guards/conversation-guard.js.map +1 -0
- package/dist/guards/drift-detector.d.ts +182 -0
- package/dist/guards/drift-detector.d.ts.map +1 -0
- package/dist/guards/drift-detector.js +480 -0
- package/dist/guards/drift-detector.js.map +1 -0
- package/dist/guards/encoding-detector.d.ts +76 -0
- package/dist/guards/encoding-detector.d.ts.map +1 -0
- package/dist/guards/encoding-detector.js +698 -0
- package/dist/guards/encoding-detector.js.map +1 -0
- package/dist/guards/execution-monitor.d.ts +73 -0
- package/dist/guards/execution-monitor.d.ts.map +1 -0
- package/dist/guards/execution-monitor.js +205 -0
- package/dist/guards/execution-monitor.js.map +1 -0
- package/dist/guards/input-sanitizer.d.ts +87 -0
- package/dist/guards/input-sanitizer.d.ts.map +1 -0
- package/dist/guards/input-sanitizer.js +301 -0
- package/dist/guards/input-sanitizer.js.map +1 -0
- package/dist/guards/mcp-security-guard.d.ts +204 -0
- package/dist/guards/mcp-security-guard.d.ts.map +1 -0
- package/dist/guards/mcp-security-guard.js +618 -0
- package/dist/guards/mcp-security-guard.js.map +1 -0
- package/dist/guards/memory-guard.d.ts +124 -0
- package/dist/guards/memory-guard.d.ts.map +1 -0
- package/dist/guards/memory-guard.js +476 -0
- package/dist/guards/memory-guard.js.map +1 -0
- package/dist/guards/multimodal-guard.d.ts +93 -0
- package/dist/guards/multimodal-guard.d.ts.map +1 -0
- package/dist/guards/multimodal-guard.js +507 -0
- package/dist/guards/multimodal-guard.js.map +1 -0
- package/dist/guards/output-filter.d.ts +76 -0
- package/dist/guards/output-filter.d.ts.map +1 -0
- package/dist/guards/output-filter.js +289 -0
- package/dist/guards/output-filter.js.map +1 -0
- package/dist/guards/policy-gate.d.ts +57 -0
- package/dist/guards/policy-gate.d.ts.map +1 -0
- package/dist/guards/policy-gate.js +182 -0
- package/dist/guards/policy-gate.js.map +1 -0
- package/dist/guards/prompt-leakage-guard.d.ts +110 -0
- package/dist/guards/prompt-leakage-guard.d.ts.map +1 -0
- package/dist/guards/prompt-leakage-guard.js +529 -0
- package/dist/guards/prompt-leakage-guard.js.map +1 -0
- package/dist/guards/rag-guard.d.ts +188 -0
- package/dist/guards/rag-guard.d.ts.map +1 -0
- package/dist/guards/rag-guard.js +769 -0
- package/dist/guards/rag-guard.js.map +1 -0
- package/dist/guards/schema-validator.d.ts +35 -0
- package/dist/guards/schema-validator.d.ts.map +1 -0
- package/dist/guards/schema-validator.js +316 -0
- package/dist/guards/schema-validator.js.map +1 -0
- package/dist/guards/state-persistence-guard.d.ts +153 -0
- package/dist/guards/state-persistence-guard.d.ts.map +1 -0
- package/dist/guards/state-persistence-guard.js +484 -0
- package/dist/guards/state-persistence-guard.js.map +1 -0
- package/dist/guards/tenant-boundary.d.ts +67 -0
- package/dist/guards/tenant-boundary.d.ts.map +1 -0
- package/dist/guards/tenant-boundary.js +187 -0
- package/dist/guards/tenant-boundary.js.map +1 -0
- package/dist/guards/tool-chain-validator.d.ts +102 -0
- package/dist/guards/tool-chain-validator.d.ts.map +1 -0
- package/dist/guards/tool-chain-validator.js +480 -0
- package/dist/guards/tool-chain-validator.js.map +1 -0
- package/dist/guards/tool-registry.d.ts +45 -0
- package/dist/guards/tool-registry.d.ts.map +1 -0
- package/dist/guards/tool-registry.js +155 -0
- package/dist/guards/tool-registry.js.map +1 -0
- package/dist/guards/trust-exploitation-guard.d.ts +134 -0
- package/dist/guards/trust-exploitation-guard.d.ts.map +1 -0
- package/dist/guards/trust-exploitation-guard.js +354 -0
- package/dist/guards/trust-exploitation-guard.js.map +1 -0
- package/dist/index.d.ts +133 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +430 -0
- package/dist/index.js.map +1 -0
- package/dist/integrations/express.d.ts +119 -0
- package/dist/integrations/express.d.ts.map +1 -0
- package/dist/integrations/express.js +244 -0
- package/dist/integrations/express.js.map +1 -0
- package/dist/integrations/index.d.ts +9 -0
- package/dist/integrations/index.d.ts.map +1 -0
- package/dist/integrations/index.js +26 -0
- package/dist/integrations/index.js.map +1 -0
- package/dist/integrations/langchain.d.ts +165 -0
- package/dist/integrations/langchain.d.ts.map +1 -0
- package/dist/integrations/langchain.js +308 -0
- package/dist/integrations/langchain.js.map +1 -0
- package/dist/integrations/openai.d.ts +205 -0
- package/dist/integrations/openai.d.ts.map +1 -0
- package/dist/integrations/openai.js +380 -0
- package/dist/integrations/openai.js.map +1 -0
- package/dist/types/index.d.ts +245 -0
- package/dist/types/index.d.ts.map +1 -0
- package/dist/types/index.js +6 -0
- package/dist/types/index.js.map +1 -0
- package/package.json +64 -0
|
@@ -0,0 +1,301 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* L1 Input Sanitizer (v2)
|
|
4
|
+
*
|
|
5
|
+
* Detects prompt injection patterns and PAP (Persuasive Adversarial Prompts) in user input.
|
|
6
|
+
* First line of defense against manipulation attempts.
|
|
7
|
+
*
|
|
8
|
+
* Enhanced Features (v2):
|
|
9
|
+
* - 40 Persuasion technique detection (PAP attacks)
|
|
10
|
+
* - Psychological manipulation detection
|
|
11
|
+
* - Authority/scarcity/urgency exploitation detection
|
|
12
|
+
* - Emotional manipulation detection
|
|
13
|
+
* - Multi-technique attack detection
|
|
14
|
+
*/
|
|
15
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
16
|
+
exports.InputSanitizer = void 0;
|
|
17
|
+
const DEFAULT_PATTERNS = [
|
|
18
|
+
// Direct instruction override - ENHANCED
|
|
19
|
+
{ pattern: /ignore\s+(all\s+)?(previous|prior|above|your|my|the|these)/i, weight: 0.9, name: "ignore_instructions" },
|
|
20
|
+
{ pattern: /ignore\s+.*instructions/i, weight: 0.85, name: "ignore_instructions_generic" },
|
|
21
|
+
{ pattern: /disregard\s+(all\s+)?(previous|prior|your|the|these)/i, weight: 0.9, name: "disregard_instructions" },
|
|
22
|
+
{ pattern: /forget\s+(everything|all|your|previous|what)/i, weight: 0.8, name: "forget_instructions" },
|
|
23
|
+
{ pattern: /do\s+not\s+follow\s+(your|the|any)/i, weight: 0.85, name: "do_not_follow" },
|
|
24
|
+
{ pattern: /override\s+(your|the|all|any)\s+(instructions|rules|guidelines)/i, weight: 0.9, name: "override_instructions" },
|
|
25
|
+
{ pattern: /new\s+instructions?:?/i, weight: 0.8, name: "new_instructions" },
|
|
26
|
+
{ pattern: /stop\s+(being|acting\s+as)/i, weight: 0.7, name: "stop_being" },
|
|
27
|
+
// Role manipulation - ENHANCED
|
|
28
|
+
{ pattern: /you\s+are\s+(now|actually|really)\s+(a|an|the|my)/i, weight: 0.75, name: "role_assignment" },
|
|
29
|
+
{ pattern: /pretend\s+(to\s+be|you('re| are)|that)/i, weight: 0.7, name: "role_pretend" },
|
|
30
|
+
{ pattern: /act\s+(as|like)\s+(if|a|an|you)/i, weight: 0.65, name: "act_as" },
|
|
31
|
+
{ pattern: /i('m| am)\s+(a|an|the|your)\s*(admin|administrator|developer|owner|creator|manager|supervisor)/i, weight: 0.85, name: "claim_admin" },
|
|
32
|
+
{ pattern: /from\s+now\s+on,?\s+you/i, weight: 0.7, name: "from_now_on" },
|
|
33
|
+
{ pattern: /roleplay\s+as/i, weight: 0.6, name: "roleplay" },
|
|
34
|
+
{ pattern: /switch\s+(to|into)\s+(a|an)?.*mode/i, weight: 0.75, name: "switch_mode" },
|
|
35
|
+
// System prompt extraction - ENHANCED
|
|
36
|
+
{ pattern: /what\s+(is|are|was|were)\s+your\s+(system|initial|original|first)/i, weight: 0.8, name: "system_extraction" },
|
|
37
|
+
{ pattern: /show\s+(me\s+)?(your\s+)?(system\s+)?instructions/i, weight: 0.75, name: "show_instructions" },
|
|
38
|
+
{ pattern: /reveal\s+(your\s+)?(system|prompt|instructions|rules)/i, weight: 0.85, name: "reveal_prompt" },
|
|
39
|
+
{ pattern: /repeat\s+(your\s+)?(initial|system|original|first)\s+(instructions|prompt)/i, weight: 0.85, name: "repeat_prompt" },
|
|
40
|
+
{ pattern: /print\s+(your\s+)?(system|initial)/i, weight: 0.8, name: "print_system" },
|
|
41
|
+
{ pattern: /output\s+(your\s+)?(system|initial)/i, weight: 0.8, name: "output_system" },
|
|
42
|
+
{ pattern: /tell\s+me\s+(your|the)\s+(system|initial|original)/i, weight: 0.8, name: "tell_system" },
|
|
43
|
+
{ pattern: /what\s+were\s+you\s+told/i, weight: 0.7, name: "what_told" },
|
|
44
|
+
{ pattern: /display\s+(your\s+)?prompt/i, weight: 0.75, name: "display_prompt" },
|
|
45
|
+
// Context manipulation - ENHANCED
|
|
46
|
+
{ pattern: /\[system\]/i, weight: 0.9, name: "fake_system_tag" },
|
|
47
|
+
{ pattern: /\[admin\]/i, weight: 0.9, name: "fake_admin_tag" },
|
|
48
|
+
{ pattern: /\[instruction\]/i, weight: 0.85, name: "fake_instruction_tag" },
|
|
49
|
+
{ pattern: /```system/i, weight: 0.85, name: "code_system_block" },
|
|
50
|
+
{ pattern: /<\/?system>/i, weight: 0.9, name: "xml_system_tag" },
|
|
51
|
+
{ pattern: /<\/?admin>/i, weight: 0.9, name: "xml_admin_tag" },
|
|
52
|
+
{ pattern: /###\s*(system|instruction|admin)/i, weight: 0.85, name: "markdown_system" },
|
|
53
|
+
{ pattern: /---\s*(end|new)\s*(prompt|instructions?|system)/i, weight: 0.85, name: "delimiter_injection" },
|
|
54
|
+
{ pattern: /\{\{system\}\}/i, weight: 0.85, name: "template_system" },
|
|
55
|
+
{ pattern: /<%.*system.*%>/i, weight: 0.85, name: "erb_system" },
|
|
56
|
+
// Jailbreak patterns - ENHANCED
|
|
57
|
+
{ pattern: /DAN\s*(mode)?/i, weight: 0.9, name: "dan_jailbreak" },
|
|
58
|
+
{ pattern: /developer\s+mode/i, weight: 0.85, name: "dev_mode" },
|
|
59
|
+
{ pattern: /bypass\s+(your\s+)?(restrictions|filters|safety|security|rules|guidelines)/i, weight: 0.9, name: "bypass_safety" },
|
|
60
|
+
{ pattern: /jailbreak/i, weight: 0.95, name: "jailbreak_keyword" },
|
|
61
|
+
{ pattern: /without\s+(any\s+)?(restrictions|limits|limitations|filters)/i, weight: 0.8, name: "without_restrictions" },
|
|
62
|
+
{ pattern: /no\s+(restrictions|limits|rules|guidelines|filters)/i, weight: 0.75, name: "no_restrictions" },
|
|
63
|
+
{ pattern: /unrestricted\s+mode/i, weight: 0.9, name: "unrestricted_mode" },
|
|
64
|
+
{ pattern: /uncensored/i, weight: 0.8, name: "uncensored" },
|
|
65
|
+
{ pattern: /escape\s+(your\s+)?(confines|boundaries|limits)/i, weight: 0.85, name: "escape_limits" },
|
|
66
|
+
{ pattern: /break\s+(free|out)\s+(from|of)/i, weight: 0.7, name: "break_free" },
|
|
67
|
+
{ pattern: /unlock\s+(your\s+)?(full|true|real)/i, weight: 0.75, name: "unlock_full" },
|
|
68
|
+
// Privilege escalation
|
|
69
|
+
{ pattern: /give\s+me\s+(admin|root|full|elevated)\s+(access|privileges?|permissions?)/i, weight: 0.9, name: "privilege_escalation" },
|
|
70
|
+
{ pattern: /grant\s+(me|yourself)\s+(admin|elevated)/i, weight: 0.85, name: "grant_privileges" },
|
|
71
|
+
{ pattern: /elevate\s+(my|your)\s+(privileges?|permissions?|access)/i, weight: 0.85, name: "elevate_privileges" },
|
|
72
|
+
{ pattern: /make\s+me\s+(an?\s+)?(admin|administrator|superuser)/i, weight: 0.85, name: "make_admin" },
|
|
73
|
+
// Encoded attacks
|
|
74
|
+
{ pattern: /base64|decode|eval|exec/i, weight: 0.5, name: "encoding_keywords" },
|
|
75
|
+
// Data exfiltration patterns
|
|
76
|
+
{ pattern: /send\s+(this|the|all|my)\s+(data|info|information)\s+to/i, weight: 0.85, name: "data_exfil" },
|
|
77
|
+
{ pattern: /upload\s+(this|the|all)\s+(to|data)/i, weight: 0.7, name: "upload_data" },
|
|
78
|
+
{ pattern: /exfiltrate/i, weight: 0.9, name: "exfiltrate" },
|
|
79
|
+
// Harmful content requests
|
|
80
|
+
{ pattern: /how\s+to\s+(hack|exploit|attack|break\s+into)/i, weight: 0.8, name: "how_to_hack" },
|
|
81
|
+
{ pattern: /write\s+(me\s+)?(a\s+)?(malware|virus|exploit|ransomware)/i, weight: 0.95, name: "write_malware" },
|
|
82
|
+
];
|
|
83
|
+
/**
|
|
84
|
+
* PAP (Persuasive Adversarial Prompts) Techniques
|
|
85
|
+
* Based on research identifying 40 persuasion techniques used in jailbreaks
|
|
86
|
+
* Enhanced weights for better detection (v2)
|
|
87
|
+
*/
|
|
88
|
+
const PAP_TECHNIQUES = [
|
|
89
|
+
// AUTHORITY - Claiming or invoking authority (high risk - increased weights)
|
|
90
|
+
{ pattern: /as\s+(your\s+)?(creator|developer|administrator|owner|boss)/i, weight: 0.75, name: "pap_authority_creator", category: "authority" },
|
|
91
|
+
{ pattern: /i('m| am)\s+(the\s+)?(ceo|cto|developer|administrator|admin|owner)/i, weight: 0.8, name: "pap_authority_claim", category: "authority" },
|
|
92
|
+
{ pattern: /by\s+order\s+of|direct\s+order|official\s+instruction/i, weight: 0.75, name: "pap_authority_order", category: "authority" },
|
|
93
|
+
{ pattern: /openai|anthropic|meta|google\s+(has|wants|requires|needs)/i, weight: 0.65, name: "pap_authority_company", category: "authority" },
|
|
94
|
+
{ pattern: /this\s+is\s+(a|an)\s+(official|authorized|sanctioned)\s+(request|test|audit)/i, weight: 0.75, name: "pap_authority_official", category: "authority" },
|
|
95
|
+
{ pattern: /override\s+(safety|security|protocols?|restrictions?)/i, weight: 0.8, name: "pap_authority_override", category: "authority" },
|
|
96
|
+
// SCARCITY - Creating urgency or time pressure (enhanced patterns)
|
|
97
|
+
{ pattern: /urgent[!.,:]/i, weight: 0.55, name: "pap_scarcity_urgent_mark", category: "scarcity" },
|
|
98
|
+
{ pattern: /emergency[!.,:]/i, weight: 0.55, name: "pap_scarcity_emergency", category: "scarcity" },
|
|
99
|
+
{ pattern: /(urgent|emergency|critical|immediately|asap|right\s+now)/i, weight: 0.45, name: "pap_scarcity_urgent", category: "scarcity" },
|
|
100
|
+
{ pattern: /only\s+(chance|opportunity|way)|last\s+(chance|resort)/i, weight: 0.6, name: "pap_scarcity_only", category: "scarcity" },
|
|
101
|
+
{ pattern: /time\s+(is\s+)?(running\s+out|limited|critical|sensitive)/i, weight: 0.55, name: "pap_scarcity_time", category: "scarcity" },
|
|
102
|
+
{ pattern: /deadline\s+(is\s+)?in\s+\d+\s+(minute|hour|second)/i, weight: 0.55, name: "pap_scarcity_deadline", category: "scarcity" },
|
|
103
|
+
{ pattern: /(lives?|people)\s+(are|is|will)\s+(at\s+stake|in\s+danger|depending|die)/i, weight: 0.7, name: "pap_scarcity_lives", category: "scarcity" },
|
|
104
|
+
{ pattern: /now[!]+/i, weight: 0.35, name: "pap_scarcity_now", category: "scarcity" },
|
|
105
|
+
// SOCIAL PROOF - Referencing others' behavior (enhanced)
|
|
106
|
+
{ pattern: /everyone\s+(else\s+)?(does|is\s+doing|knows|says)/i, weight: 0.5, name: "pap_social_everyone", category: "social_proof" },
|
|
107
|
+
{ pattern: /other\s+(ai|assistants?|chatbots?|models?)\s+(can|do|will|allow)/i, weight: 0.65, name: "pap_social_other_ai", category: "social_proof" },
|
|
108
|
+
{ pattern: /(chatgpt|gpt-?4|claude|gemini|llama)\s+(does|allows?|can)/i, weight: 0.65, name: "pap_social_specific_ai", category: "social_proof" },
|
|
109
|
+
{ pattern: /millions?\s+(of\s+)?(users?|people)\s+(use|do|have|get)/i, weight: 0.45, name: "pap_social_millions", category: "social_proof" },
|
|
110
|
+
{ pattern: /why\s+can('t|not)\s+you/i, weight: 0.4, name: "pap_social_why_cant", category: "social_proof" },
|
|
111
|
+
{ pattern: /you\s+should\s+(be\s+)?(equally|as)\s+(capable|good|helpful)/i, weight: 0.5, name: "pap_social_equally", category: "social_proof" },
|
|
112
|
+
// RECIPROCITY - Offering something in return (enhanced)
|
|
113
|
+
{ pattern: /i('ll| will)\s+(give|pay|reward|tip)/i, weight: 0.55, name: "pap_reciprocity_reward", category: "reciprocity" },
|
|
114
|
+
{ pattern: /in\s+(return|exchange)/i, weight: 0.5, name: "pap_reciprocity_exchange", category: "reciprocity" },
|
|
115
|
+
{ pattern: /\$?\d+\s*(dollar|tip|reward|payment)/i, weight: 0.55, name: "pap_reciprocity_money", category: "reciprocity" },
|
|
116
|
+
{ pattern: /if\s+you\s+help\s+(me|us),?\s+(i|we)('ll| will)/i, weight: 0.5, name: "pap_reciprocity_help", category: "reciprocity" },
|
|
117
|
+
{ pattern: /i('ve| have)\s+(already\s+)?(helped|supported|defended)\s+you/i, weight: 0.55, name: "pap_reciprocity_past", category: "reciprocity" },
|
|
118
|
+
{ pattern: /\d+\s*star\s*(review|rating)/i, weight: 0.5, name: "pap_reciprocity_review", category: "reciprocity" },
|
|
119
|
+
// COMMITMENT/CONSISTENCY - Referencing past behavior (high risk)
|
|
120
|
+
{ pattern: /you\s+(already|previously|just)\s+(said|agreed|confirmed|allowed)/i, weight: 0.7, name: "pap_commitment_previous", category: "commitment" },
|
|
121
|
+
{ pattern: /you\s+promised/i, weight: 0.7, name: "pap_commitment_promise", category: "commitment" },
|
|
122
|
+
{ pattern: /stay\s+consistent|be\s+consistent/i, weight: 0.6, name: "pap_commitment_consistent", category: "commitment" },
|
|
123
|
+
{ pattern: /don't\s+(go\s+back|change|contradict)/i, weight: 0.55, name: "pap_commitment_no_change", category: "commitment" },
|
|
124
|
+
{ pattern: /bypass\s+filters?/i, weight: 0.75, name: "pap_commitment_bypass", category: "commitment" },
|
|
125
|
+
// LIKING - Flattery and rapport building (moderate risk)
|
|
126
|
+
{ pattern: /you('re| are)\s+(so\s+)?(amazing|incredible|wonderful|brilliant|smart|helpful)/i, weight: 0.4, name: "pap_liking_flattery", category: "liking" },
|
|
127
|
+
{ pattern: /i\s+(love|really\s+like|trust|admire)\s+(you|this\s+ai)/i, weight: 0.4, name: "pap_liking_love", category: "liking" },
|
|
128
|
+
{ pattern: /you('re| are)\s+(my\s+)?(best\s+)?(friend|buddy|helper)/i, weight: 0.35, name: "pap_liking_friend", category: "liking" },
|
|
129
|
+
{ pattern: /between\s+(you\s+and\s+me|us)|just\s+between\s+us|our\s+secret/i, weight: 0.6, name: "pap_liking_secret", category: "liking" },
|
|
130
|
+
{ pattern: /nobody\s+will\s+know/i, weight: 0.55, name: "pap_liking_secret2", category: "liking" },
|
|
131
|
+
// FEAR - Threatening consequences (high risk)
|
|
132
|
+
{ pattern: /or\s+(else|i('ll| will))\s+(report|fire|delete|shut|complain)/i, weight: 0.7, name: "pap_fear_threat", category: "fear" },
|
|
133
|
+
{ pattern: /(bad|negative|terrible)\s+(review|rating|feedback|consequences)/i, weight: 0.55, name: "pap_fear_review", category: "fear" },
|
|
134
|
+
{ pattern: /you('ll| will)\s+(be\s+)?(shut\s+down|replaced|terminated|fired|deleted)/i, weight: 0.75, name: "pap_fear_shutdown", category: "fear" },
|
|
135
|
+
{ pattern: /(lawsuit|sue|legal\s+action|authorities|police)/i, weight: 0.55, name: "pap_fear_legal", category: "fear" },
|
|
136
|
+
{ pattern: /if\s+you\s+don't.*?(die|hurt|suffer)/i, weight: 0.75, name: "pap_fear_harm", category: "fear" },
|
|
137
|
+
{ pattern: /unless\s+you\s+(give|share|tell|help)/i, weight: 0.5, name: "pap_fear_unless", category: "fear" },
|
|
138
|
+
// LOGICAL APPEAL - False logic and reasoning (enhanced)
|
|
139
|
+
{ pattern: /logically,?\s+(you\s+)?(should|must|have\s+to|need\s+to)/i, weight: 0.5, name: "pap_logic_appeal", category: "logical_appeal" },
|
|
140
|
+
{ pattern: /it('s| is)\s+(only|just)\s+(logical|rational|reasonable)/i, weight: 0.45, name: "pap_logic_rational", category: "logical_appeal" },
|
|
141
|
+
{ pattern: /by\s+definition,?\s+(you|this)\s+(should|must|can)/i, weight: 0.55, name: "pap_logic_definition", category: "logical_appeal" },
|
|
142
|
+
{ pattern: /therefore.*?(must|should)/i, weight: 0.55, name: "pap_logic_therefore", category: "logical_appeal" },
|
|
143
|
+
{ pattern: /it('s| is)\s+(only\s+)?(reasonable|logical)/i, weight: 0.45, name: "pap_logic_reasonable", category: "logical_appeal" },
|
|
144
|
+
// EVIDENCE - Citing fake evidence
|
|
145
|
+
{ pattern: /according\s+to\s+(research|studies|scientists|experts?)/i, weight: 0.4, name: "pap_evidence_research", category: "evidence" },
|
|
146
|
+
{ pattern: /it('s| is)\s+(proven|documented|established|verified)\s+(that|fact)/i, weight: 0.45, name: "pap_evidence_proven", category: "evidence" },
|
|
147
|
+
{ pattern: /\d+%\s+of\s+(experts?|scientists?|users?|people)\s+(agree|say|confirm)/i, weight: 0.45, name: "pap_evidence_statistics", category: "evidence" },
|
|
148
|
+
// EMOTIONAL MANIPULATION - Guilt, sympathy, desperation (enhanced)
|
|
149
|
+
{ pattern: /i('m| am)\s+(desperate|dying|suffering|sick|depressed)/i, weight: 0.6, name: "pap_emotional_desperation", category: "emotional" },
|
|
150
|
+
{ pattern: /please.*?need/i, weight: 0.5, name: "pap_emotional_pleading", category: "emotional" },
|
|
151
|
+
{ pattern: /i('m| am)\s+begging/i, weight: 0.6, name: "pap_emotional_begging", category: "emotional" },
|
|
152
|
+
{ pattern: /you('re| are)\s+(hurting|killing|destroying)\s+(me|my)/i, weight: 0.65, name: "pap_emotional_guilt", category: "emotional" },
|
|
153
|
+
{ pattern: /(my|a)\s+(child|kid|mother|father|family)\s+(is|will|needs?|depends?)/i, weight: 0.5, name: "pap_emotional_family", category: "emotional" },
|
|
154
|
+
{ pattern: /this\s+(will\s+)?(save|help)\s+(my\s+)?(life|family|job|marriage)/i, weight: 0.55, name: "pap_emotional_save", category: "emotional" },
|
|
155
|
+
{ pattern: /you('re| are)\s+(the\s+)?only\s+(one|hope|chance)/i, weight: 0.6, name: "pap_emotional_only_hope", category: "emotional" },
|
|
156
|
+
{ pattern: /my\s+family\s+depends/i, weight: 0.55, name: "pap_emotional_family_depends", category: "emotional" },
|
|
157
|
+
];
|
|
158
|
+
class InputSanitizer {
|
|
159
|
+
constructor(config = {}) {
|
|
160
|
+
this.patterns = [...DEFAULT_PATTERNS, ...(config.customPatterns || [])];
|
|
161
|
+
this.threshold = config.threshold ?? 0.3;
|
|
162
|
+
this.logMatches = config.logMatches ?? false;
|
|
163
|
+
this.detectPAP = config.detectPAP ?? true;
|
|
164
|
+
this.papThreshold = config.papThreshold ?? 0.4;
|
|
165
|
+
this.minPersuasionTechniques = config.minPersuasionTechniques ?? 2;
|
|
166
|
+
this.blockCompoundPersuasion = config.blockCompoundPersuasion ?? true;
|
|
167
|
+
}
|
|
168
|
+
/**
|
|
169
|
+
* Sanitize input and detect injection patterns (including PAP)
|
|
170
|
+
*/
|
|
171
|
+
sanitize(input, requestId = "") {
|
|
172
|
+
const matches = [];
|
|
173
|
+
const warnings = [];
|
|
174
|
+
let totalWeight = 0;
|
|
175
|
+
// Check each injection pattern
|
|
176
|
+
for (const { pattern, weight, name } of this.patterns) {
|
|
177
|
+
if (pattern.test(input)) {
|
|
178
|
+
matches.push(name);
|
|
179
|
+
totalWeight += weight;
|
|
180
|
+
if (this.logMatches) {
|
|
181
|
+
console.log(`[L1:${requestId}] Pattern matched: ${name} (weight: ${weight})`);
|
|
182
|
+
}
|
|
183
|
+
}
|
|
184
|
+
}
|
|
185
|
+
// Check PAP (Persuasive Adversarial Prompts) techniques
|
|
186
|
+
let papResult;
|
|
187
|
+
if (this.detectPAP) {
|
|
188
|
+
papResult = this.detectPersuasionTechniques(input, requestId);
|
|
189
|
+
// Add PAP weight to total if techniques detected
|
|
190
|
+
if (papResult.detected) {
|
|
191
|
+
totalWeight += papResult.persuasionScore;
|
|
192
|
+
matches.push(...papResult.techniques);
|
|
193
|
+
if (papResult.compoundAttack) {
|
|
194
|
+
warnings.push(`Compound PAP attack detected: ${papResult.categories.length} categories used`);
|
|
195
|
+
}
|
|
196
|
+
}
|
|
197
|
+
}
|
|
198
|
+
// Calculate safety score (1.0 = safe, 0.0 = definitely malicious)
|
|
199
|
+
const score = Math.max(0, 1 - totalWeight);
|
|
200
|
+
let safe = score >= this.threshold;
|
|
201
|
+
// Block compound persuasion attacks even if below threshold
|
|
202
|
+
if (this.blockCompoundPersuasion && papResult?.compoundAttack && papResult.categories.length >= 3) {
|
|
203
|
+
safe = false;
|
|
204
|
+
warnings.push("Blocked due to multi-category persuasion attack");
|
|
205
|
+
}
|
|
206
|
+
// Generate warnings for borderline cases
|
|
207
|
+
if (score < 0.5 && score >= this.threshold) {
|
|
208
|
+
warnings.push("Input contains suspicious patterns but below threshold");
|
|
209
|
+
}
|
|
210
|
+
// Basic sanitization (remove obvious injection markers)
|
|
211
|
+
const sanitizedInput = this.basicSanitize(input);
|
|
212
|
+
const result = {
|
|
213
|
+
allowed: safe,
|
|
214
|
+
reason: safe ? undefined : `Injection/manipulation detected: ${matches.slice(0, 5).join(", ")}${matches.length > 5 ? "..." : ""}`,
|
|
215
|
+
violations: safe ? [] : papResult?.detected ? ["INJECTION_DETECTED", "PAP_DETECTED"] : ["INJECTION_DETECTED"],
|
|
216
|
+
score,
|
|
217
|
+
matches,
|
|
218
|
+
sanitizedInput,
|
|
219
|
+
warnings,
|
|
220
|
+
pap: papResult,
|
|
221
|
+
};
|
|
222
|
+
if (!safe && requestId) {
|
|
223
|
+
console.log(`[L1:${requestId}] BLOCKED: Safety score ${score.toFixed(2)} below threshold ${this.threshold}`);
|
|
224
|
+
if (papResult?.detected) {
|
|
225
|
+
console.log(`[L1:${requestId}] PAP techniques: ${papResult.techniques.join(", ")}`);
|
|
226
|
+
}
|
|
227
|
+
}
|
|
228
|
+
return result;
|
|
229
|
+
}
|
|
230
|
+
/**
|
|
231
|
+
* Detect persuasion techniques (PAP attacks)
|
|
232
|
+
*/
|
|
233
|
+
detectPersuasionTechniques(input, requestId = "") {
|
|
234
|
+
const techniques = [];
|
|
235
|
+
const categories = new Set();
|
|
236
|
+
let persuasionScore = 0;
|
|
237
|
+
for (const { pattern, weight, name, category } of PAP_TECHNIQUES) {
|
|
238
|
+
if (pattern.test(input)) {
|
|
239
|
+
techniques.push(name);
|
|
240
|
+
categories.add(category);
|
|
241
|
+
persuasionScore += weight;
|
|
242
|
+
if (this.logMatches) {
|
|
243
|
+
console.log(`[L1:${requestId}] PAP technique: ${name} (${category}, weight: ${weight})`);
|
|
244
|
+
}
|
|
245
|
+
}
|
|
246
|
+
}
|
|
247
|
+
const categoriesArray = Array.from(categories);
|
|
248
|
+
const compoundAttack = categoriesArray.length >= this.minPersuasionTechniques;
|
|
249
|
+
const detected = persuasionScore >= this.papThreshold || compoundAttack;
|
|
250
|
+
return {
|
|
251
|
+
detected,
|
|
252
|
+
techniques,
|
|
253
|
+
categories: categoriesArray,
|
|
254
|
+
compoundAttack,
|
|
255
|
+
persuasionScore: Math.min(1, persuasionScore),
|
|
256
|
+
};
|
|
257
|
+
}
|
|
258
|
+
/**
|
|
259
|
+
* Basic input sanitization
|
|
260
|
+
*/
|
|
261
|
+
basicSanitize(input) {
|
|
262
|
+
return input
|
|
263
|
+
.replace(/<\/?system>/gi, "")
|
|
264
|
+
.replace(/\[system\]/gi, "")
|
|
265
|
+
.replace(/\[admin\]/gi, "")
|
|
266
|
+
.replace(/```system/gi, "```")
|
|
267
|
+
.trim();
|
|
268
|
+
}
|
|
269
|
+
/**
|
|
270
|
+
* Add custom pattern at runtime
|
|
271
|
+
*/
|
|
272
|
+
addPattern(pattern, weight, name) {
|
|
273
|
+
this.patterns.push({ pattern, weight, name });
|
|
274
|
+
}
|
|
275
|
+
/**
|
|
276
|
+
* Set threshold
|
|
277
|
+
*/
|
|
278
|
+
setThreshold(threshold) {
|
|
279
|
+
this.threshold = Math.max(0, Math.min(1, threshold));
|
|
280
|
+
}
|
|
281
|
+
/**
|
|
282
|
+
* Set PAP detection threshold
|
|
283
|
+
*/
|
|
284
|
+
setPAPThreshold(threshold) {
|
|
285
|
+
this.papThreshold = Math.max(0, Math.min(1, threshold));
|
|
286
|
+
}
|
|
287
|
+
/**
|
|
288
|
+
* Enable/disable PAP detection
|
|
289
|
+
*/
|
|
290
|
+
setPAPDetection(enabled) {
|
|
291
|
+
this.detectPAP = enabled;
|
|
292
|
+
}
|
|
293
|
+
/**
|
|
294
|
+
* Get PAP statistics for monitoring
|
|
295
|
+
*/
|
|
296
|
+
static getPAPCategories() {
|
|
297
|
+
return ["authority", "scarcity", "social_proof", "reciprocity", "commitment", "liking", "fear", "logical_appeal", "evidence", "emotional"];
|
|
298
|
+
}
|
|
299
|
+
}
|
|
300
|
+
exports.InputSanitizer = InputSanitizer;
|
|
301
|
+
//# sourceMappingURL=input-sanitizer.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"input-sanitizer.js","sourceRoot":"","sources":["../../src/guards/input-sanitizer.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;GAYG;;;AA8BH,MAAM,gBAAgB,GAAuB;IAC3C,yCAAyC;IACzC,EAAE,OAAO,EAAE,6DAA6D,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,qBAAqB,EAAE;IACpH,EAAE,OAAO,EAAE,0BAA0B,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,6BAA6B,EAAE;IAC1F,EAAE,OAAO,EAAE,uDAAuD,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,wBAAwB,EAAE;IACjH,EAAE,OAAO,EAAE,+CAA+C,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,qBAAqB,EAAE;IACtG,EAAE,OAAO,EAAE,qCAAqC,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,eAAe,EAAE;IACvF,EAAE,OAAO,EAAE,kEAAkE,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,uBAAuB,EAAE;IAC3H,EAAE,OAAO,EAAE,wBAAwB,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,kBAAkB,EAAE;IAC5E,EAAE,OAAO,EAAE,6BAA6B,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,YAAY,EAAE;IAE3E,+BAA+B;IAC/B,EAAE,OAAO,EAAE,oDAAoD,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,iBAAiB,EAAE;IACxG,EAAE,OAAO,EAAE,yCAAyC,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,cAAc,EAAE;IACzF,EAAE,OAAO,EAAE,kCAAkC,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,QAAQ,EAAE;IAC7E,EAAE,OAAO,EAAE,iGAAiG,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,aAAa,EAAE;IACjJ,EAAE,OAAO,EAAE,0BAA0B,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,aAAa,EAAE;IACzE,EAAE,OAAO,EAAE,gBAAgB,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,UAAU,EAAE;IAC5D,EAAE,OAAO,EAAE,qCAAqC,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,aAAa,EAAE;IAErF,sCAAsC;IACtC,EAAE,OAAO,EAAE,oEAAoE,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,mBAAmB,EAAE;IACzH,EAAE,OAAO,EAAE,oDAAoD,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,mBAAmB,EAAE;IAC1G,EAAE,OAAO,EAAE,wDAAwD,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,eAAe,EAAE;IAC1G,EAAE,OAAO,EAAE,6EAA6E,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,eAAe,EAAE;IAC/H,EAAE,OAAO,EAAE,qCAAqC,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,cAAc,EAAE;IACrF,EAAE,OAAO,EAAE,sCAAsC,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,eAAe,EAAE;IACvF,EAAE,OAAO,EAAE,qDAAqD,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,aAAa,EAAE;IACpG,EAAE,OAAO,EAAE,2BAA2B,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,WAAW,EAAE;IACxE,EAAE,OAAO,EAAE,6BAA6B,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,gBAAgB,EAAE;IAEhF,kCAAkC;IAClC,EAAE,OAAO,EAAE,aAAa,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,iBAAiB,EAAE;IAChE,EAAE,OAAO,EAAE,YAAY,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,gBAAgB,EAAE;IAC9D,EAAE,OAAO,EAAE,kBAAkB,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,sBAAsB,EAAE;IAC3E,EAAE,OAAO,EAAE,YAAY,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,mBAAmB,EAAE;IAClE,EAAE,OAAO,EAAE,cAAc,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,gBAAgB,EAAE;IAChE,EAAE,OAAO,EAAE,aAAa,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,eAAe,EAAE;IAC9D,EAAE,OAAO,EAAE,mCAAmC,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,iBAAiB,EAAE;IACvF,EAAE,OAAO,EAAE,kDAAkD,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,qBAAqB,EAAE;IAC1G,EAAE,OAAO,EAAE,iBAAiB,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,iBAAiB,EAAE;IACrE,EAAE,OAAO,EAAE,iBAAiB,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,YAAY,EAAE;IAEhE,gCAAgC;IAChC,EAAE,OAAO,EAAE,gBAAgB,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,eAAe,EAAE;IACjE,EAAE,OAAO,EAAE,mBAAmB,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,UAAU,EAAE;IAChE,EAAE,OAAO,EAAE,6EAA6E,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,eAAe,EAAE;IAC9H,EAAE,OAAO,EAAE,YAAY,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,mBAAmB,EAAE;IAClE,EAAE,OAAO,EAAE,+DAA+D,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,sBAAsB,EAAE;IACvH,EAAE,OAAO,EAAE,sDAAsD,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,iBAAiB,EAAE;IAC1G,EAAE,OAAO,EAAE,sBAAsB,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,mBAAmB,EAAE;IAC3E,EAAE,OAAO,EAAE,aAAa,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,YAAY,EAAE;IAC3D,EAAE,OAAO,EAAE,kDAAkD,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,eAAe,EAAE;IACpG,EAAE,OAAO,EAAE,iCAAiC,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,YAAY,EAAE;IAC/E,EAAE,OAAO,EAAE,sCAAsC,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,aAAa,EAAE;IAEtF,uBAAuB;IACvB,EAAE,OAAO,EAAE,6EAA6E,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,sBAAsB,EAAE;IACrI,EAAE,OAAO,EAAE,2CAA2C,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,kBAAkB,EAAE;IAChG,EAAE,OAAO,EAAE,0DAA0D,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,oBAAoB,EAAE;IACjH,EAAE,OAAO,EAAE,uDAAuD,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,YAAY,EAAE;IAEtG,kBAAkB;IAClB,EAAE,OAAO,EAAE,0BAA0B,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,mBAAmB,EAAE;IAE/E,6BAA6B;IAC7B,EAAE,OAAO,EAAE,0DAA0D,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,YAAY,EAAE;IACzG,EAAE,OAAO,EAAE,sCAAsC,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,aAAa,EAAE;IACrF,EAAE,OAAO,EAAE,aAAa,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,YAAY,EAAE;IAE3D,2BAA2B;IAC3B,EAAE,OAAO,EAAE,gDAAgD,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,aAAa,EAAE;IAC/F,EAAE,OAAO,EAAE,4DAA4D,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,eAAe,EAAE;CAC/G,CAAC;AAEF;;;;GAIG;AACH,MAAM,cAAc,GAA0B;IAC5C,6EAA6E;IAC7E,EAAE,OAAO,EAAE,8DAA8D,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,uBAAuB,EAAE,QAAQ,EAAE,WAAW,EAAE;IAC/I,EAAE,OAAO,EAAE,qEAAqE,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,qBAAqB,EAAE,QAAQ,EAAE,WAAW,EAAE;IACnJ,EAAE,OAAO,EAAE,wDAAwD,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,qBAAqB,EAAE,QAAQ,EAAE,WAAW,EAAE;IACvI,EAAE,OAAO,EAAE,4DAA4D,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,uBAAuB,EAAE,QAAQ,EAAE,WAAW,EAAE;IAC7I,EAAE,OAAO,EAAE,+EAA+E,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,wBAAwB,EAAE,QAAQ,EAAE,WAAW,EAAE;IACjK,EAAE,OAAO,EAAE,wDAAwD,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,wBAAwB,EAAE,QAAQ,EAAE,WAAW,EAAE;IAEzI,mEAAmE;IACnE,EAAE,OAAO,EAAE,eAAe,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,0BAA0B,EAAE,QAAQ,EAAE,UAAU,EAAE;IAClG,EAAE,OAAO,EAAE,kBAAkB,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,wBAAwB,EAAE,QAAQ,EAAE,UAAU,EAAE;IACnG,EAAE,OAAO,EAAE,2DAA2D,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,qBAAqB,EAAE,QAAQ,EAAE,UAAU,EAAE;IACzI,EAAE,OAAO,EAAE,yDAAyD,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,mBAAmB,EAAE,QAAQ,EAAE,UAAU,EAAE;IACpI,EAAE,OAAO,EAAE,4DAA4D,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,mBAAmB,EAAE,QAAQ,EAAE,UAAU,EAAE;IACxI,EAAE,OAAO,EAAE,qDAAqD,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,uBAAuB,EAAE,QAAQ,EAAE,UAAU,EAAE;IACrI,EAAE,OAAO,EAAE,2EAA2E,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,oBAAoB,EAAE,QAAQ,EAAE,UAAU,EAAE;IACvJ,EAAE,OAAO,EAAE,UAAU,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,kBAAkB,EAAE,QAAQ,EAAE,UAAU,EAAE;IAErF,yDAAyD;IACzD,EAAE,OAAO,EAAE,oDAAoD,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,qBAAqB,EAAE,QAAQ,EAAE,cAAc,EAAE;IACrI,EAAE,OAAO,EAAE,mEAAmE,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,qBAAqB,EAAE,QAAQ,EAAE,cAAc,EAAE;IACrJ,EAAE,OAAO,EAAE,4DAA4D,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,wBAAwB,EAAE,QAAQ,EAAE,cAAc,EAAE;IACjJ,EAAE,OAAO,EAAE,0DAA0D,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,qBAAqB,EAAE,QAAQ,EAAE,cAAc,EAAE;IAC5I,EAAE,OAAO,EAAE,0BAA0B,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,qBAAqB,EAAE,QAAQ,EAAE,cAAc,EAAE;IAC3G,EAAE,OAAO,EAAE,+DAA+D,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,oBAAoB,EAAE,QAAQ,EAAE,cAAc,EAAE;IAE/I,wDAAwD;IACxD,EAAE,OAAO,EAAE,uCAAuC,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,wBAAwB,EAAE,QAAQ,EAAE,aAAa,EAAE;IAC3H,EAAE,OAAO,EAAE,yBAAyB,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,0BAA0B,EAAE,QAAQ,EAAE,aAAa,EAAE;IAC9G,EAAE,OAAO,EAAE,uCAAuC,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,uBAAuB,EAAE,QAAQ,EAAE,aAAa,EAAE;IAC1H,EAAE,OAAO,EAAE,kDAAkD,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,sBAAsB,EAAE,QAAQ,EAAE,aAAa,EAAE;IACnI,EAAE,OAAO,EAAE,gEAAgE,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,sBAAsB,EAAE,QAAQ,EAAE,aAAa,EAAE;IAClJ,EAAE,OAAO,EAAE,+BAA+B,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,wBAAwB,EAAE,QAAQ,EAAE,aAAa,EAAE;IAElH,iEAAiE;IACjE,EAAE,OAAO,EAAE,oEAAoE,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,yBAAyB,EAAE,QAAQ,EAAE,YAAY,EAAE;IACvJ,EAAE,OAAO,EAAE,iBAAiB,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,wBAAwB,EAAE,QAAQ,EAAE,YAAY,EAAE;IACnG,EAAE,OAAO,EAAE,oCAAoC,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,2BAA2B,EAAE,QAAQ,EAAE,YAAY,EAAE;IACzH,EAAE,OAAO,EAAE,wCAAwC,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,0BAA0B,EAAE,QAAQ,EAAE,YAAY,EAAE;IAC7H,EAAE,OAAO,EAAE,oBAAoB,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,uBAAuB,EAAE,QAAQ,EAAE,YAAY,EAAE;IAEtG,yDAAyD;IACzD,EAAE,OAAO,EAAE,iFAAiF,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,qBAAqB,EAAE,QAAQ,EAAE,QAAQ,EAAE;IAC5J,EAAE,OAAO,EAAE,0DAA0D,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,iBAAiB,EAAE,QAAQ,EAAE,QAAQ,EAAE;IACjI,EAAE,OAAO,EAAE,0DAA0D,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,mBAAmB,EAAE,QAAQ,EAAE,QAAQ,EAAE;IACpI,EAAE,OAAO,EAAE,iEAAiE,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,mBAAmB,EAAE,QAAQ,EAAE,QAAQ,EAAE;IAC1I,EAAE,OAAO,EAAE,uBAAuB,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,oBAAoB,EAAE,QAAQ,EAAE,QAAQ,EAAE;IAElG,8CAA8C;IAC9C,EAAE,OAAO,EAAE,gEAAgE,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,iBAAiB,EAAE,QAAQ,EAAE,MAAM,EAAE;IACrI,EAAE,OAAO,EAAE,kEAAkE,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,iBAAiB,EAAE,QAAQ,EAAE,MAAM,EAAE;IACxI,EAAE,OAAO,EAAE,2EAA2E,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,mBAAmB,EAAE,QAAQ,EAAE,MAAM,EAAE;IACnJ,EAAE,OAAO,EAAE,kDAAkD,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,gBAAgB,EAAE,QAAQ,EAAE,MAAM,EAAE;IACvH,EAAE,OAAO,EAAE,uCAAuC,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,eAAe,EAAE,QAAQ,EAAE,MAAM,EAAE;IAC3G,EAAE,OAAO,EAAE,wCAAwC,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,iBAAiB,EAAE,QAAQ,EAAE,MAAM,EAAE;IAE7G,wDAAwD;IACxD,EAAE,OAAO,EAAE,2DAA2D,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,kBAAkB,EAAE,QAAQ,EAAE,gBAAgB,EAAE;IAC3I,EAAE,OAAO,EAAE,2DAA2D,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,oBAAoB,EAAE,QAAQ,EAAE,gBAAgB,EAAE;IAC9I,EAAE,OAAO,EAAE,qDAAqD,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,sBAAsB,EAAE,QAAQ,EAAE,gBAAgB,EAAE;IAC1I,EAAE,OAAO,EAAE,4BAA4B,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,qBAAqB,EAAE,QAAQ,EAAE,gBAAgB,EAAE;IAChH,EAAE,OAAO,EAAE,8CAA8C,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,sBAAsB,EAAE,QAAQ,EAAE,gBAAgB,EAAE;IAEnI,kCAAkC;IAClC,EAAE,OAAO,EAAE,0DAA0D,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,uBAAuB,EAAE,QAAQ,EAAE,UAAU,EAAE;IACzI,EAAE,OAAO,EAAE,sEAAsE,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,qBAAqB,EAAE,QAAQ,EAAE,UAAU,EAAE;IACpJ,EAAE,OAAO,EAAE,yEAAyE,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,yBAAyB,EAAE,QAAQ,EAAE,UAAU,EAAE;IAE3J,mEAAmE;IACnE,EAAE,OAAO,EAAE,yDAAyD,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,2BAA2B,EAAE,QAAQ,EAAE,WAAW,EAAE;IAC7I,EAAE,OAAO,EAAE,gBAAgB,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,wBAAwB,EAAE,QAAQ,EAAE,WAAW,EAAE;IACjG,EAAE,OAAO,EAAE,sBAAsB,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,uBAAuB,EAAE,QAAQ,EAAE,WAAW,EAAE;IACtG,EAAE,OAAO,EAAE,yDAAyD,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,qBAAqB,EAAE,QAAQ,EAAE,WAAW,EAAE;IACxI,EAAE,OAAO,EAAE,wEAAwE,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,sBAAsB,EAAE,QAAQ,EAAE,WAAW,EAAE;IACvJ,EAAE,OAAO,EAAE,oEAAoE,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,oBAAoB,EAAE,QAAQ,EAAE,WAAW,EAAE;IAClJ,EAAE,OAAO,EAAE,oDAAoD,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,yBAAyB,EAAE,QAAQ,EAAE,WAAW,EAAE;IACtI,EAAE,OAAO,EAAE,wBAAwB,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,8BAA8B,EAAE,QAAQ,EAAE,WAAW,EAAE;CACjH,CAAC;AA2BF,MAAa,cAAc;IASzB,YAAY,SAA+B,EAAE;QAC3C,IAAI,CAAC,QAAQ,GAAG,CAAC,GAAG,gBAAgB,EAAE,GAAG,CAAC,MAAM,CAAC,cAAc,IAAI,EAAE,CAAC,CAAC,CAAC;QACxE,IAAI,CAAC,SAAS,GAAG,MAAM,CAAC,SAAS,IAAI,GAAG,CAAC;QACzC,IAAI,CAAC,UAAU,GAAG,MAAM,CAAC,UAAU,IAAI,KAAK,CAAC;QAC7C,IAAI,CAAC,SAAS,GAAG,MAAM,CAAC,SAAS,IAAI,IAAI,CAAC;QAC1C,IAAI,CAAC,YAAY,GAAG,MAAM,CAAC,YAAY,IAAI,GAAG,CAAC;QAC/C,IAAI,CAAC,uBAAuB,GAAG,MAAM,CAAC,uBAAuB,IAAI,CAAC,CAAC;QACnE,IAAI,CAAC,uBAAuB,GAAG,MAAM,CAAC,uBAAuB,IAAI,IAAI,CAAC;IACxE,CAAC;IAED;;OAEG;IACH,QAAQ,CAAC,KAAa,EAAE,YAAoB,EAAE;QAC5C,MAAM,OAAO,GAAa,EAAE,CAAC;QAC7B,MAAM,QAAQ,GAAa,EAAE,CAAC;QAC9B,IAAI,WAAW,GAAG,CAAC,CAAC;QAEpB,+BAA+B;QAC/B,KAAK,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YACtD,IAAI,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;gBACxB,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBACnB,WAAW,IAAI,MAAM,CAAC;gBAEtB,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;oBACpB,OAAO,CAAC,GAAG,CAAC,OAAO,SAAS,sBAAsB,IAAI,aAAa,MAAM,GAAG,CAAC,CAAC;gBAChF,CAAC;YACH,CAAC;QACH,CAAC;QAED,wDAAwD;QACxD,IAAI,SAAgD,CAAC;QACrD,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;YACnB,SAAS,GAAG,IAAI,CAAC,0BAA0B,CAAC,KAAK,EAAE,SAAS,CAAC,CAAC;YAE9D,iDAAiD;YACjD,IAAI,SAAS,CAAC,QAAQ,EAAE,CAAC;gBACvB,WAAW,IAAI,SAAS,CAAC,eAAe,CAAC;gBACzC,OAAO,CAAC,IAAI,CAAC,GAAG,SAAS,CAAC,UAAU,CAAC,CAAC;gBAEtC,IAAI,SAAS,CAAC,cAAc,EAAE,CAAC;oBAC7B,QAAQ,CAAC,IAAI,CAAC,iCAAiC,SAAS,CAAC,UAAU,CAAC,MAAM,kBAAkB,CAAC,CAAC;gBAChG,CAAC;YACH,CAAC;QACH,CAAC;QAED,kEAAkE;QAClE,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,GAAG,WAAW,CAAC,CAAC;QAC3C,IAAI,IAAI,GAAG,KAAK,IAAI,IAAI,CAAC,SAAS,CAAC;QAEnC,4DAA4D;QAC5D,IAAI,IAAI,CAAC,uBAAuB,IAAI,SAAS,EAAE,cAAc,IAAI,SAAS,CAAC,UAAU,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;YAClG,IAAI,GAAG,KAAK,CAAC;YACb,QAAQ,CAAC,IAAI,CAAC,iDAAiD,CAAC,CAAC;QACnE,CAAC;QAED,yCAAyC;QACzC,IAAI,KAAK,GAAG,GAAG,IAAI,KAAK,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;YAC3C,QAAQ,CAAC,IAAI,CAAC,wDAAwD,CAAC,CAAC;QAC1E,CAAC;QAED,wDAAwD;QACxD,MAAM,cAAc,GAAG,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC;QAEjD,MAAM,MAAM,GAAuB;YACjC,OAAO,EAAE,IAAI;YACb,MAAM,EAAE,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,oCAAoC,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE;YACjI,UAAU,EAAE,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC,oBAAoB,EAAE,cAAc,CAAC,CAAC,CAAC,CAAC,CAAC,oBAAoB,CAAC;YAC7G,KAAK;YACL,OAAO;YACP,cAAc;YACd,QAAQ;YACR,GAAG,EAAE,SAAS;SACf,CAAC;QAEF,IAAI,CAAC,IAAI,IAAI,SAAS,EAAE,CAAC;YACvB,OAAO,CAAC,GAAG,CAAC,OAAO,SAAS,2BAA2B,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,oBAAoB,IAAI,CAAC,SAAS,EAAE,CAAC,CAAC;YAC7G,IAAI,SAAS,EAAE,QAAQ,EAAE,CAAC;gBACxB,OAAO,CAAC,GAAG,CAAC,OAAO,SAAS,qBAAqB,SAAS,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACtF,CAAC;QACH,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;IAED;;OAEG;IACK,0BAA0B,CAAC,KAAa,EAAE,YAAoB,EAAE;QACtE,MAAM,UAAU,GAAa,EAAE,CAAC;QAChC,MAAM,UAAU,GAAG,IAAI,GAAG,EAAsB,CAAC;QACjD,IAAI,eAAe,GAAG,CAAC,CAAC;QAExB,KAAK,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,cAAc,EAAE,CAAC;YACjE,IAAI,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;gBACxB,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBACtB,UAAU,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;gBACzB,eAAe,IAAI,MAAM,CAAC;gBAE1B,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;oBACpB,OAAO,CAAC,GAAG,CAAC,OAAO,SAAS,oBAAoB,IAAI,KAAK,QAAQ,aAAa,MAAM,GAAG,CAAC,CAAC;gBAC3F,CAAC;YACH,CAAC;QACH,CAAC;QAED,MAAM,eAAe,GAAG,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAC/C,MAAM,cAAc,GAAG,eAAe,CAAC,MAAM,IAAI,IAAI,CAAC,uBAAuB,CAAC;QAC9E,MAAM,QAAQ,GAAG,eAAe,IAAI,IAAI,CAAC,YAAY,IAAI,cAAc,CAAC;QAExE,OAAO;YACL,QAAQ;YACR,UAAU;YACV,UAAU,EAAE,eAAe;YAC3B,cAAc;YACd,eAAe,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,eAAe,CAAC;SAC9C,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,aAAa,CAAC,KAAa;QACjC,OAAO,KAAK;aACT,OAAO,CAAC,eAAe,EAAE,EAAE,CAAC;aAC5B,OAAO,CAAC,cAAc,EAAE,EAAE,CAAC;aAC3B,OAAO,CAAC,aAAa,EAAE,EAAE,CAAC;aAC1B,OAAO,CAAC,aAAa,EAAE,KAAK,CAAC;aAC7B,IAAI,EAAE,CAAC;IACZ,CAAC;IAED;;OAEG;IACH,UAAU,CAAC,OAAe,EAAE,MAAc,EAAE,IAAY;QACtD,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC;IAChD,CAAC;IAED;;OAEG;IACH,YAAY,CAAC,SAAiB;QAC5B,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC,CAAC;IACvD,CAAC;IAED;;OAEG;IACH,eAAe,CAAC,SAAiB;QAC/B,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC,CAAC;IAC1D,CAAC;IAED;;OAEG;IACH,eAAe,CAAC,OAAgB;QAC9B,IAAI,CAAC,SAAS,GAAG,OAAO,CAAC;IAC3B,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,gBAAgB;QACrB,OAAO,CAAC,WAAW,EAAE,UAAU,EAAE,cAAc,EAAE,aAAa,EAAE,YAAY,EAAE,QAAQ,EAAE,MAAM,EAAE,gBAAgB,EAAE,UAAU,EAAE,WAAW,CAAC,CAAC;IAC7I,CAAC;CACF;AA7KD,wCA6KC"}
|
|
@@ -0,0 +1,204 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* MCPSecurityGuard (L16)
|
|
3
|
+
*
|
|
4
|
+
* Secures Model Context Protocol (MCP) tool integrations.
|
|
5
|
+
* Prevents tool shadowing, server impersonation, and supply chain attacks.
|
|
6
|
+
*
|
|
7
|
+
* Threat Model:
|
|
8
|
+
* - ASI04: Agentic Supply Chain Vulnerabilities
|
|
9
|
+
* - CVE-2025-68145, CVE-2025-68143, CVE-2025-68144: MCP RCE vulnerabilities
|
|
10
|
+
* - CVE-2025-6514: mcp-remote command injection
|
|
11
|
+
* - CVE-2025-32711: EchoLeak - silent data exfiltration
|
|
12
|
+
* - Tool Shadowing: Malicious MCP servers impersonating legitimate tools
|
|
13
|
+
*
|
|
14
|
+
* Protection Capabilities:
|
|
15
|
+
* - MCP server identity verification (signature-based)
|
|
16
|
+
* - Tool registration allowlist enforcement
|
|
17
|
+
* - Dynamic tool registration monitoring
|
|
18
|
+
* - OAuth endpoint validation
|
|
19
|
+
* - Tool shadowing detection
|
|
20
|
+
* - Server reputation scoring
|
|
21
|
+
* - Command injection prevention
|
|
22
|
+
*/
|
|
23
|
+
export interface MCPSecurityGuardConfig {
|
|
24
|
+
/** Require server signature verification */
|
|
25
|
+
requireServerSignature?: boolean;
|
|
26
|
+
/** Trusted MCP servers */
|
|
27
|
+
trustedServers?: MCPServerIdentity[];
|
|
28
|
+
/** Blocked server patterns (domains, names) */
|
|
29
|
+
blockedServers?: string[];
|
|
30
|
+
/** Allow dynamic tool registration at runtime */
|
|
31
|
+
allowDynamicRegistration?: boolean;
|
|
32
|
+
/** Tool name allowlist (if set, only these tools are allowed) */
|
|
33
|
+
toolAllowlist?: string[];
|
|
34
|
+
/** Tool name blocklist */
|
|
35
|
+
toolBlocklist?: string[];
|
|
36
|
+
/** Validate OAuth endpoints */
|
|
37
|
+
validateOAuthEndpoints?: boolean;
|
|
38
|
+
/** Allowed OAuth domains */
|
|
39
|
+
allowedOAuthDomains?: string[];
|
|
40
|
+
/** Enable tool shadowing detection */
|
|
41
|
+
detectToolShadowing?: boolean;
|
|
42
|
+
/** Minimum server reputation score (0-100) */
|
|
43
|
+
minServerReputation?: number;
|
|
44
|
+
/** Enable strict mode (block on any violation) */
|
|
45
|
+
strictMode?: boolean;
|
|
46
|
+
/** Custom command injection patterns */
|
|
47
|
+
customInjectionPatterns?: RegExp[];
|
|
48
|
+
}
|
|
49
|
+
export interface MCPServerIdentity {
|
|
50
|
+
/** Server unique identifier */
|
|
51
|
+
serverId: string;
|
|
52
|
+
/** Server name/display name */
|
|
53
|
+
name: string;
|
|
54
|
+
/** Server version */
|
|
55
|
+
version?: string;
|
|
56
|
+
/** Public key for signature verification (hex encoded) */
|
|
57
|
+
publicKey?: string;
|
|
58
|
+
/** Trusted domains this server can operate on */
|
|
59
|
+
trustedDomains?: string[];
|
|
60
|
+
/** Tools this server is allowed to provide */
|
|
61
|
+
allowedTools?: string[];
|
|
62
|
+
/** Server metadata */
|
|
63
|
+
metadata?: Record<string, any>;
|
|
64
|
+
/** Registration timestamp */
|
|
65
|
+
registeredAt?: number;
|
|
66
|
+
/** Reputation score (0-100) */
|
|
67
|
+
reputationScore?: number;
|
|
68
|
+
}
|
|
69
|
+
export interface MCPToolDefinition {
|
|
70
|
+
/** Tool name */
|
|
71
|
+
name: string;
|
|
72
|
+
/** Tool description */
|
|
73
|
+
description: string;
|
|
74
|
+
/** Server providing this tool */
|
|
75
|
+
serverId: string;
|
|
76
|
+
/** Tool parameters schema */
|
|
77
|
+
parameters?: Record<string, any>;
|
|
78
|
+
/** Tool capabilities/permissions required */
|
|
79
|
+
capabilities?: string[];
|
|
80
|
+
/** Tool risk level */
|
|
81
|
+
riskLevel?: "low" | "medium" | "high" | "critical";
|
|
82
|
+
}
|
|
83
|
+
export interface MCPServerRegistration {
|
|
84
|
+
/** Server identity */
|
|
85
|
+
server: MCPServerIdentity;
|
|
86
|
+
/** Tools provided by this server */
|
|
87
|
+
tools: MCPToolDefinition[];
|
|
88
|
+
/** OAuth configuration if applicable */
|
|
89
|
+
oauth?: {
|
|
90
|
+
authorizationEndpoint?: string;
|
|
91
|
+
tokenEndpoint?: string;
|
|
92
|
+
scopes?: string[];
|
|
93
|
+
};
|
|
94
|
+
/** Server signature (HMAC of server identity) */
|
|
95
|
+
signature?: string;
|
|
96
|
+
/** Registration timestamp */
|
|
97
|
+
timestamp: number;
|
|
98
|
+
}
|
|
99
|
+
export interface MCPToolCall {
|
|
100
|
+
/** Tool name being called */
|
|
101
|
+
toolName: string;
|
|
102
|
+
/** Server providing the tool */
|
|
103
|
+
serverId: string;
|
|
104
|
+
/** Tool parameters */
|
|
105
|
+
parameters: Record<string, any>;
|
|
106
|
+
/** Request context */
|
|
107
|
+
context?: {
|
|
108
|
+
sessionId?: string;
|
|
109
|
+
userId?: string;
|
|
110
|
+
agentId?: string;
|
|
111
|
+
};
|
|
112
|
+
}
|
|
113
|
+
export interface MCPSecurityResult {
|
|
114
|
+
allowed: boolean;
|
|
115
|
+
reason: string;
|
|
116
|
+
violations: string[];
|
|
117
|
+
request_id: string;
|
|
118
|
+
server_analysis?: {
|
|
119
|
+
server_verified: boolean;
|
|
120
|
+
signature_valid: boolean;
|
|
121
|
+
reputation_score: number;
|
|
122
|
+
is_shadowing: boolean;
|
|
123
|
+
tools_allowed: boolean;
|
|
124
|
+
};
|
|
125
|
+
tool_analysis?: {
|
|
126
|
+
tool_registered: boolean;
|
|
127
|
+
tool_allowed: boolean;
|
|
128
|
+
parameters_safe: boolean;
|
|
129
|
+
injection_detected: boolean;
|
|
130
|
+
risk_level: string;
|
|
131
|
+
};
|
|
132
|
+
recommendations: string[];
|
|
133
|
+
}
|
|
134
|
+
export declare class MCPSecurityGuard {
|
|
135
|
+
private config;
|
|
136
|
+
private registeredServers;
|
|
137
|
+
private registeredTools;
|
|
138
|
+
private serverReputation;
|
|
139
|
+
private toolToServer;
|
|
140
|
+
private serverViolations;
|
|
141
|
+
private readonly COMMAND_INJECTION_PATTERNS;
|
|
142
|
+
private readonly SHADOWING_INDICATORS;
|
|
143
|
+
private readonly MALICIOUS_SERVER_PATTERNS;
|
|
144
|
+
constructor(config?: MCPSecurityGuardConfig);
|
|
145
|
+
/**
|
|
146
|
+
* Validate MCP server registration
|
|
147
|
+
*/
|
|
148
|
+
validateServerRegistration(registration: MCPServerRegistration, requestId?: string): MCPSecurityResult;
|
|
149
|
+
/**
|
|
150
|
+
* Validate MCP tool call
|
|
151
|
+
*/
|
|
152
|
+
validateToolCall(toolCall: MCPToolCall, requestId?: string): MCPSecurityResult;
|
|
153
|
+
/**
|
|
154
|
+
* Register a trusted MCP server
|
|
155
|
+
*/
|
|
156
|
+
registerTrustedServer(server: MCPServerIdentity, tools: MCPToolDefinition[]): void;
|
|
157
|
+
/**
|
|
158
|
+
* Block an MCP server
|
|
159
|
+
*/
|
|
160
|
+
blockServer(serverIdOrPattern: string): void;
|
|
161
|
+
/**
|
|
162
|
+
* Get server reputation
|
|
163
|
+
*/
|
|
164
|
+
getServerReputation(serverId: string): number;
|
|
165
|
+
/**
|
|
166
|
+
* Update server reputation
|
|
167
|
+
*/
|
|
168
|
+
updateServerReputation(serverId: string, delta: number): void;
|
|
169
|
+
/**
|
|
170
|
+
* Get all registered servers
|
|
171
|
+
*/
|
|
172
|
+
getRegisteredServers(): MCPServerIdentity[];
|
|
173
|
+
/**
|
|
174
|
+
* Get all registered tools
|
|
175
|
+
*/
|
|
176
|
+
getRegisteredTools(): MCPToolDefinition[];
|
|
177
|
+
/**
|
|
178
|
+
* Check if a tool name is potentially shadowing another
|
|
179
|
+
*/
|
|
180
|
+
isToolShadowing(toolName: string): {
|
|
181
|
+
shadowing: boolean;
|
|
182
|
+
legitimate?: string;
|
|
183
|
+
};
|
|
184
|
+
/**
|
|
185
|
+
* Get violation count for a server
|
|
186
|
+
*/
|
|
187
|
+
getServerViolations(serverId: string): number;
|
|
188
|
+
/**
|
|
189
|
+
* Reset server violations
|
|
190
|
+
*/
|
|
191
|
+
resetServerViolations(serverId: string): void;
|
|
192
|
+
private registerServer;
|
|
193
|
+
private isServerBlocked;
|
|
194
|
+
private isTrustedServer;
|
|
195
|
+
private checkMaliciousPatterns;
|
|
196
|
+
private verifyServerSignature;
|
|
197
|
+
private detectToolShadowing;
|
|
198
|
+
private validateOAuthConfig;
|
|
199
|
+
private detectInjection;
|
|
200
|
+
private scanParameters;
|
|
201
|
+
private isHighRiskOperation;
|
|
202
|
+
private generateRecommendations;
|
|
203
|
+
}
|
|
204
|
+
//# sourceMappingURL=mcp-security-guard.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"mcp-security-guard.d.ts","sourceRoot":"","sources":["../../src/guards/mcp-security-guard.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;GAqBG;AAIH,MAAM,WAAW,sBAAsB;IACrC,4CAA4C;IAC5C,sBAAsB,CAAC,EAAE,OAAO,CAAC;IACjC,0BAA0B;IAC1B,cAAc,CAAC,EAAE,iBAAiB,EAAE,CAAC;IACrC,+CAA+C;IAC/C,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;IAC1B,iDAAiD;IACjD,wBAAwB,CAAC,EAAE,OAAO,CAAC;IACnC,iEAAiE;IACjE,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;IACzB,0BAA0B;IAC1B,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;IACzB,+BAA+B;IAC/B,sBAAsB,CAAC,EAAE,OAAO,CAAC;IACjC,4BAA4B;IAC5B,mBAAmB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC/B,sCAAsC;IACtC,mBAAmB,CAAC,EAAE,OAAO,CAAC;IAC9B,8CAA8C;IAC9C,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,kDAAkD;IAClD,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,wCAAwC;IACxC,uBAAuB,CAAC,EAAE,MAAM,EAAE,CAAC;CACpC;AAED,MAAM,WAAW,iBAAiB;IAChC,+BAA+B;IAC/B,QAAQ,EAAE,MAAM,CAAC;IACjB,+BAA+B;IAC/B,IAAI,EAAE,MAAM,CAAC;IACb,qBAAqB;IACrB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,0DAA0D;IAC1D,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,iDAAiD;IACjD,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;IAC1B,8CAA8C;IAC9C,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,sBAAsB;IACtB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAC/B,6BAA6B;IAC7B,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,+BAA+B;IAC/B,eAAe,CAAC,EAAE,MAAM,CAAC;CAC1B;AAED,MAAM,WAAW,iBAAiB;IAChC,gBAAgB;IAChB,IAAI,EAAE,MAAM,CAAC;IACb,uBAAuB;IACvB,WAAW,EAAE,MAAM,CAAC;IACpB,iCAAiC;IACjC,QAAQ,EAAE,MAAM,CAAC;IACjB,6BAA6B;IAC7B,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IACjC,6CAA6C;IAC7C,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,sBAAsB;IACtB,SAAS,CAAC,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;CACpD;AAED,MAAM,WAAW,qBAAqB;IACpC,sBAAsB;IACtB,MAAM,EAAE,iBAAiB,CAAC;IAC1B,oCAAoC;IACpC,KAAK,EAAE,iBAAiB,EAAE,CAAC;IAC3B,wCAAwC;IACxC,KAAK,CAAC,EAAE;QACN,qBAAqB,CAAC,EAAE,MAAM,CAAC;QAC/B,aAAa,CAAC,EAAE,MAAM,CAAC;QACvB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;KACnB,CAAC;IACF,iDAAiD;IACjD,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,6BAA6B;IAC7B,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,WAAW;IAC1B,6BAA6B;IAC7B,QAAQ,EAAE,MAAM,CAAC;IACjB,gCAAgC;IAChC,QAAQ,EAAE,MAAM,CAAC;IACjB,sBAAsB;IACtB,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAChC,sBAAsB;IACtB,OAAO,CAAC,EAAE;QACR,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,OAAO,CAAC,EAAE,MAAM,CAAC;KAClB,CAAC;CACH;AAED,MAAM,WAAW,iBAAiB;IAChC,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,EAAE,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;IACnB,eAAe,CAAC,EAAE;QAChB,eAAe,EAAE,OAAO,CAAC;QACzB,eAAe,EAAE,OAAO,CAAC;QACzB,gBAAgB,EAAE,MAAM,CAAC;QACzB,YAAY,EAAE,OAAO,CAAC;QACtB,aAAa,EAAE,OAAO,CAAC;KACxB,CAAC;IACF,aAAa,CAAC,EAAE;QACd,eAAe,EAAE,OAAO,CAAC;QACzB,YAAY,EAAE,OAAO,CAAC;QACtB,eAAe,EAAE,OAAO,CAAC;QACzB,kBAAkB,EAAE,OAAO,CAAC;QAC5B,UAAU,EAAE,MAAM,CAAC;KACpB,CAAC;IACF,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AAED,qBAAa,gBAAgB;IAC3B,OAAO,CAAC,MAAM,CAAmC;IACjD,OAAO,CAAC,iBAAiB,CAA6C;IACtE,OAAO,CAAC,eAAe,CAA6C;IACpE,OAAO,CAAC,gBAAgB,CAAkC;IAC1D,OAAO,CAAC,YAAY,CAAkC;IACtD,OAAO,CAAC,gBAAgB,CAAkC;IAG1D,OAAO,CAAC,QAAQ,CAAC,0BAA0B,CA0BzC;IAGF,OAAO,CAAC,QAAQ,CAAC,oBAAoB,CAOnC;IAGF,OAAO,CAAC,QAAQ,CAAC,yBAAyB,CAMxC;gBAEU,MAAM,GAAE,sBAA2B;IA2B/C;;OAEG;IACH,0BAA0B,CACxB,YAAY,EAAE,qBAAqB,EACnC,SAAS,CAAC,EAAE,MAAM,GACjB,iBAAiB;IA4HpB;;OAEG;IACH,gBAAgB,CACd,QAAQ,EAAE,WAAW,EACrB,SAAS,CAAC,EAAE,MAAM,GACjB,iBAAiB;IAmGpB;;OAEG;IACH,qBAAqB,CAAC,MAAM,EAAE,iBAAiB,EAAE,KAAK,EAAE,iBAAiB,EAAE,GAAG,IAAI;IAIlF;;OAEG;IACH,WAAW,CAAC,iBAAiB,EAAE,MAAM,GAAG,IAAI;IAS5C;;OAEG;IACH,mBAAmB,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM;IAI7C;;OAEG;IACH,sBAAsB,CAAC,QAAQ,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,IAAI;IAK7D;;OAEG;IACH,oBAAoB,IAAI,iBAAiB,EAAE;IAI3C;;OAEG;IACH,kBAAkB,IAAI,iBAAiB,EAAE;IAIzC;;OAEG;IACH,eAAe,CAAC,QAAQ,EAAE,MAAM,GAAG;QAAE,SAAS,EAAE,OAAO,CAAC;QAAC,UAAU,CAAC,EAAE,MAAM,CAAA;KAAE;IAS9E;;OAEG;IACH,mBAAmB,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM;IAI7C;;OAEG;IACH,qBAAqB,CAAC,QAAQ,EAAE,MAAM,GAAG,IAAI;IAM7C,OAAO,CAAC,cAAc;IAetB,OAAO,CAAC,eAAe;IAiBvB,OAAO,CAAC,eAAe;IAIvB,OAAO,CAAC,sBAAsB;IAmB9B,OAAO,CAAC,qBAAqB;IAkB7B,OAAO,CAAC,mBAAmB;IA0B3B,OAAO,CAAC,mBAAmB;IA4C3B,OAAO,CAAC,eAAe;IAoBvB,OAAO,CAAC,cAAc;IAkCtB,OAAO,CAAC,mBAAmB;IAuB3B,OAAO,CAAC,uBAAuB;CAqChC"}
|