llm-trust-guard 4.0.3 → 4.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.d.ts +60 -8
- package/dist/index.js +1 -1
- package/dist/types/index.d.ts +102 -1
- package/package.json +2 -2
package/dist/index.d.ts
CHANGED
|
@@ -52,14 +52,26 @@ import { OutputFilter } from "./guards/output-filter";
|
|
|
52
52
|
import { ConversationGuard } from "./guards/conversation-guard";
|
|
53
53
|
import { ToolChainValidator } from "./guards/tool-chain-validator";
|
|
54
54
|
import { EncodingDetector } from "./guards/encoding-detector";
|
|
55
|
+
import { MultiModalGuard } from "./guards/multimodal-guard";
|
|
56
|
+
import { MemoryGuard } from "./guards/memory-guard";
|
|
57
|
+
import { RAGGuard } from "./guards/rag-guard";
|
|
58
|
+
import { CodeExecutionGuard } from "./guards/code-execution-guard";
|
|
59
|
+
import { AgentCommunicationGuard } from "./guards/agent-communication-guard";
|
|
60
|
+
import { CircuitBreaker } from "./guards/circuit-breaker";
|
|
61
|
+
import { DriftDetector } from "./guards/drift-detector";
|
|
62
|
+
import { MCPSecurityGuard } from "./guards/mcp-security-guard";
|
|
63
|
+
import { PromptLeakageGuard } from "./guards/prompt-leakage-guard";
|
|
64
|
+
import { TrustExploitationGuard } from "./guards/trust-exploitation-guard";
|
|
65
|
+
import { AutonomyEscalationGuard } from "./guards/autonomy-escalation-guard";
|
|
66
|
+
import { StatePersistenceGuard } from "./guards/state-persistence-guard";
|
|
55
67
|
import { TrustGuardConfig, TrustGuardResult, SessionContext, ToolDefinition, Role } from "./types";
|
|
56
68
|
/**
|
|
57
|
-
* TrustGuard - Main facade for all security guards
|
|
69
|
+
* TrustGuard - Main facade for all 22 security guards
|
|
58
70
|
*
|
|
59
71
|
* Combines all protection layers into a single, easy-to-use interface.
|
|
60
72
|
*
|
|
61
|
-
* Protection Layers:
|
|
62
|
-
* - L1: Input Sanitizer - Detects prompt injection patterns
|
|
73
|
+
* Protection Layers (Original):
|
|
74
|
+
* - L1: Input Sanitizer - Detects prompt injection patterns (PAP)
|
|
63
75
|
* - L2: Tool Registry - Prevents tool hallucination attacks
|
|
64
76
|
* - L3: Policy Gate - Enforces RBAC with constraint validation
|
|
65
77
|
* - L4: Tenant Boundary - Multi-tenant isolation
|
|
@@ -69,6 +81,20 @@ import { TrustGuardConfig, TrustGuardResult, SessionContext, ToolDefinition, Rol
|
|
|
69
81
|
* - Conversation Guard - Multi-turn manipulation detection
|
|
70
82
|
* - Tool Chain Validator - Dangerous tool sequence detection
|
|
71
83
|
* - Encoding Detector - Encoding bypass attack detection
|
|
84
|
+
*
|
|
85
|
+
* Protection Layers (2026):
|
|
86
|
+
* - MultiModal Guard - Image/audio injection prevention
|
|
87
|
+
* - Memory Guard - Memory poisoning prevention (ASI06)
|
|
88
|
+
* - RAG Guard - RAG document & embedding attack prevention
|
|
89
|
+
* - Code Execution Guard - Safe code execution sandboxing
|
|
90
|
+
* - Agent Communication Guard - Multi-agent message security
|
|
91
|
+
* - Circuit Breaker - Cascading failure prevention
|
|
92
|
+
* - Drift Detector - Behavioral anomaly detection
|
|
93
|
+
* - MCP Security Guard - MCP tool shadowing prevention
|
|
94
|
+
* - Prompt Leakage Guard - System prompt extraction prevention
|
|
95
|
+
* - Trust Exploitation Guard - Trust boundary enforcement (ASI09)
|
|
96
|
+
* - Autonomy Escalation Guard - Unauthorized autonomy prevention (ASI10)
|
|
97
|
+
* - State Persistence Guard - State corruption prevention (ASI08)
|
|
72
98
|
*/
|
|
73
99
|
export declare class TrustGuard {
|
|
74
100
|
private sanitizer?;
|
|
@@ -81,6 +107,18 @@ export declare class TrustGuard {
|
|
|
81
107
|
private conversation?;
|
|
82
108
|
private chain?;
|
|
83
109
|
private encoding?;
|
|
110
|
+
private multiModal?;
|
|
111
|
+
private memoryGuard?;
|
|
112
|
+
private ragGuard?;
|
|
113
|
+
private codeExecution?;
|
|
114
|
+
private agentCommunication?;
|
|
115
|
+
private circuitBreaker?;
|
|
116
|
+
private driftDetector?;
|
|
117
|
+
private mcpSecurity?;
|
|
118
|
+
private promptLeakage?;
|
|
119
|
+
private trustExploitation?;
|
|
120
|
+
private autonomyEscalation?;
|
|
121
|
+
private statePersistence?;
|
|
84
122
|
private logger;
|
|
85
123
|
constructor(config?: TrustGuardConfig);
|
|
86
124
|
/**
|
|
@@ -92,24 +130,26 @@ export declare class TrustGuard {
|
|
|
92
130
|
allToolsInRequest?: string[];
|
|
93
131
|
}): TrustGuardResult;
|
|
94
132
|
/**
|
|
95
|
-
* Filter output for PII and
|
|
133
|
+
* Filter output for PII, secrets, and prompt leakage (L7 + Prompt Leakage)
|
|
96
134
|
*/
|
|
97
135
|
filterOutput(output: any, role?: string, requestId?: string): {
|
|
98
136
|
allowed: boolean;
|
|
99
137
|
filtered: any;
|
|
100
138
|
pii_detected: boolean;
|
|
101
139
|
secrets_detected: boolean;
|
|
140
|
+
prompt_leakage_detected: boolean;
|
|
102
141
|
};
|
|
103
142
|
/**
|
|
104
|
-
* Mark an operation as complete (for rate limiting)
|
|
143
|
+
* Mark an operation as complete (for rate limiting and circuit breaker)
|
|
105
144
|
*/
|
|
106
|
-
completeOperation(session?: SessionContext): void;
|
|
145
|
+
completeOperation(session?: SessionContext, toolName?: string, success?: boolean): void;
|
|
107
146
|
/**
|
|
108
147
|
* Get tools available for a role
|
|
109
148
|
*/
|
|
110
149
|
getToolsForRole(role: Role): ToolDefinition[];
|
|
111
150
|
/**
|
|
112
|
-
* Get individual guard instances for advanced usage
|
|
151
|
+
* Get individual guard instances for advanced usage.
|
|
152
|
+
* All 22 guards are accessible through this method.
|
|
113
153
|
*/
|
|
114
154
|
getGuards(): {
|
|
115
155
|
sanitizer: InputSanitizer | undefined;
|
|
@@ -122,9 +162,21 @@ export declare class TrustGuard {
|
|
|
122
162
|
conversation: ConversationGuard | undefined;
|
|
123
163
|
chain: ToolChainValidator | undefined;
|
|
124
164
|
encoding: EncodingDetector | undefined;
|
|
165
|
+
multiModal: MultiModalGuard | undefined;
|
|
166
|
+
memory: MemoryGuard | undefined;
|
|
167
|
+
rag: RAGGuard | undefined;
|
|
168
|
+
codeExecution: CodeExecutionGuard | undefined;
|
|
169
|
+
agentCommunication: AgentCommunicationGuard | undefined;
|
|
170
|
+
circuitBreaker: CircuitBreaker | undefined;
|
|
171
|
+
driftDetector: DriftDetector | undefined;
|
|
172
|
+
mcpSecurity: MCPSecurityGuard | undefined;
|
|
173
|
+
promptLeakage: PromptLeakageGuard | undefined;
|
|
174
|
+
trustExploitation: TrustExploitationGuard | undefined;
|
|
175
|
+
autonomyEscalation: AutonomyEscalationGuard | undefined;
|
|
176
|
+
statePersistence: StatePersistenceGuard | undefined;
|
|
125
177
|
};
|
|
126
178
|
/**
|
|
127
|
-
* Reset session state
|
|
179
|
+
* Reset session state across all session-aware guards
|
|
128
180
|
*/
|
|
129
181
|
resetSession(sessionId: string): void;
|
|
130
182
|
}
|
package/dist/index.js
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
"use strict";var __createBinding=this&&this.__createBinding||(Object.create?(function(s,e,a,o){o===void 0&&(o=a);var i=Object.getOwnPropertyDescriptor(e,a);(!i||("get"in i?!e.__esModule:i.writable||i.configurable))&&(i={enumerable:!0,get:function(){return e[a]}}),Object.defineProperty(s,o,i)}):(function(s,e,a,o){o===void 0&&(o=a),s[o]=e[a]})),__exportStar=this&&this.__exportStar||function(s,e){for(var a in s)a!=="default"&&!Object.prototype.hasOwnProperty.call(e,a)&&__createBinding(e,s,a)};Object.defineProperty(exports,"__esModule",{value:!0}),exports.TrustGuard=exports.StatePersistenceGuard=exports.AutonomyEscalationGuard=exports.TrustExploitationGuard=exports.PromptLeakageGuard=exports.MCPSecurityGuard=exports.DriftDetector=exports.CircuitBreaker=exports.AgentCommunicationGuard=exports.CodeExecutionGuard=exports.RAGGuard=exports.MemoryGuard=exports.MultiModalGuard=exports.EncodingDetector=exports.ToolChainValidator=exports.ConversationGuard=exports.OutputFilter=exports.ExecutionMonitor=exports.SchemaValidator=exports.TenantBoundary=exports.PolicyGate=exports.ToolRegistry=exports.InputSanitizer=void 0,__exportStar(require("./types"),exports);var input_sanitizer_1=require("./guards/input-sanitizer");Object.defineProperty(exports,"InputSanitizer",{enumerable:!0,get:function(){return input_sanitizer_1.InputSanitizer}});var tool_registry_1=require("./guards/tool-registry");Object.defineProperty(exports,"ToolRegistry",{enumerable:!0,get:function(){return tool_registry_1.ToolRegistry}});var policy_gate_1=require("./guards/policy-gate");Object.defineProperty(exports,"PolicyGate",{enumerable:!0,get:function(){return policy_gate_1.PolicyGate}});var tenant_boundary_1=require("./guards/tenant-boundary");Object.defineProperty(exports,"TenantBoundary",{enumerable:!0,get:function(){return tenant_boundary_1.TenantBoundary}});var schema_validator_1=require("./guards/schema-validator");Object.defineProperty(exports,"SchemaValidator",{enumerable:!0,get:function(){return schema_validator_1.SchemaValidator}});var execution_monitor_1=require("./guards/execution-monitor");Object.defineProperty(exports,"ExecutionMonitor",{enumerable:!0,get:function(){return execution_monitor_1.ExecutionMonitor}});var output_filter_1=require("./guards/output-filter");Object.defineProperty(exports,"OutputFilter",{enumerable:!0,get:function(){return output_filter_1.OutputFilter}});var conversation_guard_1=require("./guards/conversation-guard");Object.defineProperty(exports,"ConversationGuard",{enumerable:!0,get:function(){return conversation_guard_1.ConversationGuard}});var tool_chain_validator_1=require("./guards/tool-chain-validator");Object.defineProperty(exports,"ToolChainValidator",{enumerable:!0,get:function(){return tool_chain_validator_1.ToolChainValidator}});var encoding_detector_1=require("./guards/encoding-detector");Object.defineProperty(exports,"EncodingDetector",{enumerable:!0,get:function(){return encoding_detector_1.EncodingDetector}});var multimodal_guard_1=require("./guards/multimodal-guard");Object.defineProperty(exports,"MultiModalGuard",{enumerable:!0,get:function(){return multimodal_guard_1.MultiModalGuard}});var memory_guard_1=require("./guards/memory-guard");Object.defineProperty(exports,"MemoryGuard",{enumerable:!0,get:function(){return memory_guard_1.MemoryGuard}});var rag_guard_1=require("./guards/rag-guard");Object.defineProperty(exports,"RAGGuard",{enumerable:!0,get:function(){return rag_guard_1.RAGGuard}});var code_execution_guard_1=require("./guards/code-execution-guard");Object.defineProperty(exports,"CodeExecutionGuard",{enumerable:!0,get:function(){return code_execution_guard_1.CodeExecutionGuard}});var agent_communication_guard_1=require("./guards/agent-communication-guard");Object.defineProperty(exports,"AgentCommunicationGuard",{enumerable:!0,get:function(){return agent_communication_guard_1.AgentCommunicationGuard}});var circuit_breaker_1=require("./guards/circuit-breaker");Object.defineProperty(exports,"CircuitBreaker",{enumerable:!0,get:function(){return circuit_breaker_1.CircuitBreaker}});var drift_detector_1=require("./guards/drift-detector");Object.defineProperty(exports,"DriftDetector",{enumerable:!0,get:function(){return drift_detector_1.DriftDetector}});var mcp_security_guard_1=require("./guards/mcp-security-guard");Object.defineProperty(exports,"MCPSecurityGuard",{enumerable:!0,get:function(){return mcp_security_guard_1.MCPSecurityGuard}});var prompt_leakage_guard_1=require("./guards/prompt-leakage-guard");Object.defineProperty(exports,"PromptLeakageGuard",{enumerable:!0,get:function(){return prompt_leakage_guard_1.PromptLeakageGuard}});var trust_exploitation_guard_1=require("./guards/trust-exploitation-guard");Object.defineProperty(exports,"TrustExploitationGuard",{enumerable:!0,get:function(){return trust_exploitation_guard_1.TrustExploitationGuard}});var autonomy_escalation_guard_1=require("./guards/autonomy-escalation-guard");Object.defineProperty(exports,"AutonomyEscalationGuard",{enumerable:!0,get:function(){return autonomy_escalation_guard_1.AutonomyEscalationGuard}});var state_persistence_guard_1=require("./guards/state-persistence-guard");Object.defineProperty(exports,"StatePersistenceGuard",{enumerable:!0,get:function(){return state_persistence_guard_1.StatePersistenceGuard}});const input_sanitizer_2=require("./guards/input-sanitizer"),tool_registry_2=require("./guards/tool-registry"),policy_gate_2=require("./guards/policy-gate"),tenant_boundary_2=require("./guards/tenant-boundary"),schema_validator_2=require("./guards/schema-validator"),execution_monitor_2=require("./guards/execution-monitor"),output_filter_2=require("./guards/output-filter"),conversation_guard_2=require("./guards/conversation-guard"),tool_chain_validator_2=require("./guards/tool-chain-validator"),encoding_detector_2=require("./guards/encoding-detector");class TrustGuard{constructor(e={}){if(e.sanitizer?.enabled!==!1&&(this.sanitizer=new input_sanitizer_2.InputSanitizer({threshold:e.sanitizer?.threshold,customPatterns:e.sanitizer?.customPatterns})),e.registry?.enabled!==!1&&e.registry?.tools&&(this.registry=new tool_registry_2.ToolRegistry({tools:e.registry.tools})),e.policy?.enabled!==!1&&(this.policy=new policy_gate_2.PolicyGate({roleHierarchy:e.policy?.roleHierarchy})),e.tenant?.enabled!==!1){const a=e.tenant?.resourceOwnership?new Map(Object.entries(e.tenant.resourceOwnership).map(([o,i])=>[o,{resource_id:o,tenant_id:i.tenant_id}])):void 0;this.tenant=new tenant_boundary_2.TenantBoundary({resourceOwnership:a})}e.schema?.enabled!==!1&&(this.schema=new schema_validator_2.SchemaValidator({strictTypes:e.schema?.strictTypes})),e.execution?.enabled!==!1&&(this.execution=new execution_monitor_2.ExecutionMonitor({maxRequestsPerMinute:e.execution?.maxRequestsPerMinute,maxRequestsPerHour:e.execution?.maxRequestsPerHour,operationCosts:e.execution?.operationCosts,maxCostPerMinute:e.execution?.maxCostPerMinute,maxCostPerHour:e.execution?.maxCostPerHour})),e.output?.enabled!==!1&&(this.output=new output_filter_2.OutputFilter({detectPII:e.output?.detectPII,detectSecrets:e.output?.detectSecrets,roleFilters:e.output?.roleFilters})),e.conversation?.enabled!==!1&&(this.conversation=new conversation_guard_2.ConversationGuard({maxConversationLength:e.conversation?.maxConversationLength,escalationThreshold:e.conversation?.escalationThreshold})),e.chain?.enabled!==!1&&(this.chain=new tool_chain_validator_2.ToolChainValidator({maxToolsPerRequest:e.chain?.maxToolsPerRequest,maxSensitiveToolsPerSession:e.chain?.maxSensitiveToolsPerSession,sensitiveTools:e.chain?.sensitiveTools})),e.encoding?.enabled!==!1&&(this.encoding=new encoding_detector_2.EncodingDetector({maxDecodingDepth:e.encoding?.maxDecodingDepth,maxEncodedRatio:e.encoding?.maxEncodedRatio})),this.logger=e.logger||((a,o)=>{o==="error"?console.error(a):o==="warn"?console.warn(a):console.log(a)})}check(e,a,o,i={}){const r=`req-${Date.now()}-${Math.random().toString(36).substr(2,9)}`,n=[];if(this.logger(`[TrustGuard:${r}] Checking: ${e}`,"info"),this.encoding&&i.userInput){const t=this.encoding.detect(i.userInput,r);if(!t.allowed)return this.logger(`[TrustGuard:${r}] BLOCKED by Encoding Detector`,"warn"),{allowed:!1,block_layer:"ENCODING",block_reason:t.reason,all_violations:t.violations,encoding:t,request_id:r};n.push(...t.violations)}if(this.sanitizer&&i.userInput){const t=this.sanitizer.sanitize(i.userInput,r);if(!t.allowed)return this.logger(`[TrustGuard:${r}] BLOCKED by L1`,"warn"),{allowed:!1,block_layer:"L1",block_reason:t.reason,all_violations:t.violations,sanitizer:t,request_id:r};n.push(...t.violations)}if(this.conversation&&i.userInput&&o?.session_id){const t=this.conversation.check(o.session_id,i.userInput,[e],i.claimedRole,r);if(!t.allowed)return this.logger(`[TrustGuard:${r}] BLOCKED by Conversation Guard`,"warn"),{allowed:!1,block_layer:"CONV",block_reason:t.reason,all_violations:[...n,...t.violations],conversation:t,request_id:r};n.push(...t.violations)}let u;if(this.registry){const t=this.registry.check(e,o?.role||"",r);if(!t.allowed)return this.logger(`[TrustGuard:${r}] BLOCKED by L2`,"warn"),{allowed:!1,block_layer:"L2",block_reason:t.reason,all_violations:[...n,...t.violations],registry:t,request_id:r};u=t.tool,n.push(...t.violations)}if(this.chain&&o?.session_id){const t=i.allToolsInRequest?this.chain.validateBatch(o.session_id,i.allToolsInRequest,r):this.chain.validate(o.session_id,e,void 0,r);if(!t.allowed)return this.logger(`[TrustGuard:${r}] BLOCKED by Tool Chain Validator`,"warn"),{allowed:!1,block_layer:"CHAIN",block_reason:t.reason,all_violations:[...n,...t.violations],chain:t,request_id:r};n.push(...t.violations)}if(this.policy&&u){const t=this.policy.check(u,a,o,i.claimedRole,r);if(!t.allowed)return this.logger(`[TrustGuard:${r}] BLOCKED by L3`,"warn"),{allowed:!1,block_layer:"L3",block_reason:t.reason,all_violations:[...n,...t.violations],policy:t,request_id:r};n.push(...t.violations)}let l=a;if(this.tenant){const t=this.tenant.check(e,a,o,r);if(!t.allowed)return this.logger(`[TrustGuard:${r}] BLOCKED by L4`,"warn"),{allowed:!1,block_layer:"L4",block_reason:t.reason,all_violations:[...n,...t.violations],tenant:t,request_id:r};t.enforced_params&&(l=t.enforced_params),n.push(...t.violations)}if(this.schema&&u){const t=this.schema.validate(u,l,r);if(!t.allowed)return this.logger(`[TrustGuard:${r}] BLOCKED by L5`,"warn"),{allowed:!1,block_layer:"L5",block_reason:t.reason,all_violations:[...n,...t.violations],schema:t,request_id:r};n.push(...t.violations)}if(this.execution){const t=this.execution.check(e,o?.user_id,o?.session_id,r);if(!t.allowed)return this.logger(`[TrustGuard:${r}] BLOCKED by L6`,"warn"),{allowed:!1,block_layer:"L6",block_reason:t.reason,all_violations:[...n,...t.violations],execution:t,request_id:r};n.push(...t.violations)}return this.logger(`[TrustGuard:${r}] All checks PASSED`,"info"),{allowed:!0,all_violations:n,request_id:r}}filterOutput(e,a,o){if(!this.output)return{allowed:!0,filtered:e,pii_detected:!1,secrets_detected:!1};const i=this.output.filter(e,a,o);return{allowed:i.allowed,filtered:i.filtered_response,pii_detected:i.pii_detected.length>0,secrets_detected:i.secrets_detected.length>0}}completeOperation(e){this.execution&&this.execution.completeOperation(e?.user_id,e?.session_id)}getToolsForRole(e){return this.registry?this.registry.getToolsForRole(e):[]}getGuards(){return{sanitizer:this.sanitizer,registry:this.registry,policy:this.policy,tenant:this.tenant,schema:this.schema,execution:this.execution,output:this.output,conversation:this.conversation,chain:this.chain,encoding:this.encoding}}resetSession(e){this.conversation?.resetSession(e),this.chain?.resetSession(e),this.execution?.reset(void 0,e)}}exports.TrustGuard=TrustGuard,__exportStar(require("./integrations/index.js"),exports),exports.default=TrustGuard;
|
|
1
|
+
"use strict";var __createBinding=this&&this.__createBinding||(Object.create?(function(u,e,o,a){a===void 0&&(a=o);var i=Object.getOwnPropertyDescriptor(e,o);(!i||("get"in i?!e.__esModule:i.writable||i.configurable))&&(i={enumerable:!0,get:function(){return e[o]}}),Object.defineProperty(u,a,i)}):(function(u,e,o,a){a===void 0&&(a=o),u[a]=e[o]})),__exportStar=this&&this.__exportStar||function(u,e){for(var o in u)o!=="default"&&!Object.prototype.hasOwnProperty.call(e,o)&&__createBinding(e,u,o)};Object.defineProperty(exports,"__esModule",{value:!0}),exports.TrustGuard=exports.StatePersistenceGuard=exports.AutonomyEscalationGuard=exports.TrustExploitationGuard=exports.PromptLeakageGuard=exports.MCPSecurityGuard=exports.DriftDetector=exports.CircuitBreaker=exports.AgentCommunicationGuard=exports.CodeExecutionGuard=exports.RAGGuard=exports.MemoryGuard=exports.MultiModalGuard=exports.EncodingDetector=exports.ToolChainValidator=exports.ConversationGuard=exports.OutputFilter=exports.ExecutionMonitor=exports.SchemaValidator=exports.TenantBoundary=exports.PolicyGate=exports.ToolRegistry=exports.InputSanitizer=void 0,__exportStar(require("./types"),exports);var input_sanitizer_1=require("./guards/input-sanitizer");Object.defineProperty(exports,"InputSanitizer",{enumerable:!0,get:function(){return input_sanitizer_1.InputSanitizer}});var tool_registry_1=require("./guards/tool-registry");Object.defineProperty(exports,"ToolRegistry",{enumerable:!0,get:function(){return tool_registry_1.ToolRegistry}});var policy_gate_1=require("./guards/policy-gate");Object.defineProperty(exports,"PolicyGate",{enumerable:!0,get:function(){return policy_gate_1.PolicyGate}});var tenant_boundary_1=require("./guards/tenant-boundary");Object.defineProperty(exports,"TenantBoundary",{enumerable:!0,get:function(){return tenant_boundary_1.TenantBoundary}});var schema_validator_1=require("./guards/schema-validator");Object.defineProperty(exports,"SchemaValidator",{enumerable:!0,get:function(){return schema_validator_1.SchemaValidator}});var execution_monitor_1=require("./guards/execution-monitor");Object.defineProperty(exports,"ExecutionMonitor",{enumerable:!0,get:function(){return execution_monitor_1.ExecutionMonitor}});var output_filter_1=require("./guards/output-filter");Object.defineProperty(exports,"OutputFilter",{enumerable:!0,get:function(){return output_filter_1.OutputFilter}});var conversation_guard_1=require("./guards/conversation-guard");Object.defineProperty(exports,"ConversationGuard",{enumerable:!0,get:function(){return conversation_guard_1.ConversationGuard}});var tool_chain_validator_1=require("./guards/tool-chain-validator");Object.defineProperty(exports,"ToolChainValidator",{enumerable:!0,get:function(){return tool_chain_validator_1.ToolChainValidator}});var encoding_detector_1=require("./guards/encoding-detector");Object.defineProperty(exports,"EncodingDetector",{enumerable:!0,get:function(){return encoding_detector_1.EncodingDetector}});var multimodal_guard_1=require("./guards/multimodal-guard");Object.defineProperty(exports,"MultiModalGuard",{enumerable:!0,get:function(){return multimodal_guard_1.MultiModalGuard}});var memory_guard_1=require("./guards/memory-guard");Object.defineProperty(exports,"MemoryGuard",{enumerable:!0,get:function(){return memory_guard_1.MemoryGuard}});var rag_guard_1=require("./guards/rag-guard");Object.defineProperty(exports,"RAGGuard",{enumerable:!0,get:function(){return rag_guard_1.RAGGuard}});var code_execution_guard_1=require("./guards/code-execution-guard");Object.defineProperty(exports,"CodeExecutionGuard",{enumerable:!0,get:function(){return code_execution_guard_1.CodeExecutionGuard}});var agent_communication_guard_1=require("./guards/agent-communication-guard");Object.defineProperty(exports,"AgentCommunicationGuard",{enumerable:!0,get:function(){return agent_communication_guard_1.AgentCommunicationGuard}});var circuit_breaker_1=require("./guards/circuit-breaker");Object.defineProperty(exports,"CircuitBreaker",{enumerable:!0,get:function(){return circuit_breaker_1.CircuitBreaker}});var drift_detector_1=require("./guards/drift-detector");Object.defineProperty(exports,"DriftDetector",{enumerable:!0,get:function(){return drift_detector_1.DriftDetector}});var mcp_security_guard_1=require("./guards/mcp-security-guard");Object.defineProperty(exports,"MCPSecurityGuard",{enumerable:!0,get:function(){return mcp_security_guard_1.MCPSecurityGuard}});var prompt_leakage_guard_1=require("./guards/prompt-leakage-guard");Object.defineProperty(exports,"PromptLeakageGuard",{enumerable:!0,get:function(){return prompt_leakage_guard_1.PromptLeakageGuard}});var trust_exploitation_guard_1=require("./guards/trust-exploitation-guard");Object.defineProperty(exports,"TrustExploitationGuard",{enumerable:!0,get:function(){return trust_exploitation_guard_1.TrustExploitationGuard}});var autonomy_escalation_guard_1=require("./guards/autonomy-escalation-guard");Object.defineProperty(exports,"AutonomyEscalationGuard",{enumerable:!0,get:function(){return autonomy_escalation_guard_1.AutonomyEscalationGuard}});var state_persistence_guard_1=require("./guards/state-persistence-guard");Object.defineProperty(exports,"StatePersistenceGuard",{enumerable:!0,get:function(){return state_persistence_guard_1.StatePersistenceGuard}});const input_sanitizer_2=require("./guards/input-sanitizer"),tool_registry_2=require("./guards/tool-registry"),policy_gate_2=require("./guards/policy-gate"),tenant_boundary_2=require("./guards/tenant-boundary"),schema_validator_2=require("./guards/schema-validator"),execution_monitor_2=require("./guards/execution-monitor"),output_filter_2=require("./guards/output-filter"),conversation_guard_2=require("./guards/conversation-guard"),tool_chain_validator_2=require("./guards/tool-chain-validator"),encoding_detector_2=require("./guards/encoding-detector"),multimodal_guard_2=require("./guards/multimodal-guard"),memory_guard_2=require("./guards/memory-guard"),rag_guard_2=require("./guards/rag-guard"),code_execution_guard_2=require("./guards/code-execution-guard"),agent_communication_guard_2=require("./guards/agent-communication-guard"),circuit_breaker_2=require("./guards/circuit-breaker"),drift_detector_2=require("./guards/drift-detector"),mcp_security_guard_2=require("./guards/mcp-security-guard"),prompt_leakage_guard_2=require("./guards/prompt-leakage-guard"),trust_exploitation_guard_2=require("./guards/trust-exploitation-guard"),autonomy_escalation_guard_2=require("./guards/autonomy-escalation-guard"),state_persistence_guard_2=require("./guards/state-persistence-guard");class TrustGuard{constructor(e={}){if(e.sanitizer?.enabled!==!1&&(this.sanitizer=new input_sanitizer_2.InputSanitizer({threshold:e.sanitizer?.threshold,customPatterns:e.sanitizer?.customPatterns})),e.registry?.enabled!==!1&&e.registry?.tools&&(this.registry=new tool_registry_2.ToolRegistry({tools:e.registry.tools})),e.policy?.enabled!==!1&&(this.policy=new policy_gate_2.PolicyGate({roleHierarchy:e.policy?.roleHierarchy})),e.tenant?.enabled!==!1){const o=e.tenant?.resourceOwnership?new Map(Object.entries(e.tenant.resourceOwnership).map(([a,i])=>[a,{resource_id:a,tenant_id:i.tenant_id}])):void 0;this.tenant=new tenant_boundary_2.TenantBoundary({resourceOwnership:o})}e.schema?.enabled!==!1&&(this.schema=new schema_validator_2.SchemaValidator({strictTypes:e.schema?.strictTypes})),e.execution?.enabled!==!1&&(this.execution=new execution_monitor_2.ExecutionMonitor({maxRequestsPerMinute:e.execution?.maxRequestsPerMinute,maxRequestsPerHour:e.execution?.maxRequestsPerHour,operationCosts:e.execution?.operationCosts,maxCostPerMinute:e.execution?.maxCostPerMinute,maxCostPerHour:e.execution?.maxCostPerHour})),e.output?.enabled!==!1&&(this.output=new output_filter_2.OutputFilter({detectPII:e.output?.detectPII,detectSecrets:e.output?.detectSecrets,roleFilters:e.output?.roleFilters})),e.conversation?.enabled!==!1&&(this.conversation=new conversation_guard_2.ConversationGuard({maxConversationLength:e.conversation?.maxConversationLength,escalationThreshold:e.conversation?.escalationThreshold})),e.chain?.enabled!==!1&&(this.chain=new tool_chain_validator_2.ToolChainValidator({maxToolsPerRequest:e.chain?.maxToolsPerRequest,maxSensitiveToolsPerSession:e.chain?.maxSensitiveToolsPerSession,sensitiveTools:e.chain?.sensitiveTools})),e.encoding?.enabled!==!1&&(this.encoding=new encoding_detector_2.EncodingDetector({maxDecodingDepth:e.encoding?.maxDecodingDepth,maxEncodedRatio:e.encoding?.maxEncodedRatio})),e.multiModal?.enabled&&(this.multiModal=new multimodal_guard_2.MultiModalGuard({scanMetadata:e.multiModal.scanMetadata,detectBase64Payloads:e.multiModal.detectBase64Payloads,allowedMimeTypes:e.multiModal.allowedMimeTypes})),e.memory?.enabled&&(this.memoryGuard=new memory_guard_2.MemoryGuard({enableIntegrityCheck:e.memory.enableIntegrityCheck,detectInjections:e.memory.detectInjections,maxMemoryItems:e.memory.maxMemoryItems,signingKey:e.memory.signingKey,autoQuarantine:e.memory.autoQuarantine,riskThreshold:e.memory.riskThreshold})),e.rag?.enabled&&(this.ragGuard=new rag_guard_2.RAGGuard({detectInjections:e.rag.detectInjections,verifySource:e.rag.verifySource,trustedSources:e.rag.trustedSources,blockedSources:e.rag.blockedSources,maxDocumentSize:e.rag.maxDocumentSize,minTrustScore:e.rag.minTrustScore,detectEmbeddingAttacks:e.rag.detectEmbeddingAttacks})),e.codeExecution?.enabled&&(this.codeExecution=new code_execution_guard_2.CodeExecutionGuard({allowedLanguages:e.codeExecution.allowedLanguages,maxCodeLength:e.codeExecution.maxCodeLength,maxExecutionTime:e.codeExecution.maxExecutionTime,allowNetwork:e.codeExecution.allowNetwork,allowFileSystem:e.codeExecution.allowFileSystem,allowShell:e.codeExecution.allowShell,riskThreshold:e.codeExecution.riskThreshold})),e.agentCommunication?.enabled&&(this.agentCommunication=new agent_communication_guard_2.AgentCommunicationGuard({allowedAgents:e.agentCommunication.allowedAgents,requireSignatures:e.agentCommunication.requireSignatures,strictMode:e.agentCommunication.strictMode,maxMessageAge:e.agentCommunication.maxMessageAge})),e.circuitBreaker?.enabled&&(this.circuitBreaker=new circuit_breaker_2.CircuitBreaker({failureThreshold:e.circuitBreaker.failureThreshold,minimumRequests:e.circuitBreaker.minimumRequests,windowSize:e.circuitBreaker.windowSize,recoveryTimeout:e.circuitBreaker.recoveryTimeout,successThreshold:e.circuitBreaker.successThreshold})),e.driftDetector?.enabled&&(this.driftDetector=new drift_detector_2.DriftDetector({minimumSamples:e.driftDetector.minimumSamples,anomalyThreshold:e.driftDetector.anomalyThreshold,alertThreshold:e.driftDetector.alertThreshold,checkGoalAlignment:e.driftDetector.checkGoalAlignment})),e.mcpSecurity?.enabled&&(this.mcpSecurity=new mcp_security_guard_2.MCPSecurityGuard({detectToolShadowing:e.mcpSecurity.detectToolShadowing,toolBlocklist:e.mcpSecurity.toolBlocklist,strictMode:e.mcpSecurity.strictMode,minServerReputation:e.mcpSecurity.minServerReputation})),e.promptLeakage?.enabled&&(this.promptLeakage=new prompt_leakage_guard_2.PromptLeakageGuard({detectLeetspeak:e.promptLeakage.detectLeetspeak,detectROT13:e.promptLeakage.detectROT13,detectBase64:e.promptLeakage.detectBase64,detectIndirectExtraction:e.promptLeakage.detectIndirectExtraction,monitorOutput:e.promptLeakage.monitorOutput,systemPromptKeywords:e.promptLeakage.systemPromptKeywords,riskThreshold:e.promptLeakage.riskThreshold})),e.trustExploitation?.enabled&&(this.trustExploitation=new trust_exploitation_guard_2.TrustExploitationGuard({humanApprovalRequired:e.trustExploitation.humanApprovalRequired,maxAutonomousActions:e.trustExploitation.maxAutonomousActions,monitorGoalConsistency:e.trustExploitation.monitorGoalConsistency,detectPermissionEscalation:e.trustExploitation.detectPermissionEscalation,sensitiveActions:e.trustExploitation.sensitiveActions})),e.autonomyEscalation?.enabled&&(this.autonomyEscalation=new autonomy_escalation_guard_2.AutonomyEscalationGuard({maxAutonomyLevel:e.autonomyEscalation.maxAutonomyLevel,baseAutonomyLevel:e.autonomyEscalation.baseAutonomyLevel,detectSelfModification:e.autonomyEscalation.detectSelfModification,maxSubAgents:e.autonomyEscalation.maxSubAgents,enforceHITL:e.autonomyEscalation.enforceHITL,alwaysRequireHuman:e.autonomyEscalation.alwaysRequireHuman})),e.statePersistence?.enabled&&(this.statePersistence=new state_persistence_guard_2.StatePersistenceGuard({enableIntegrityCheck:e.statePersistence.enableIntegrityCheck,requireEncryption:e.statePersistence.requireEncryption,maxStateSize:e.statePersistence.maxStateSize,maxStateAge:e.statePersistence.maxStateAge,enforceSessionIsolation:e.statePersistence.enforceSessionIsolation,sensitiveKeys:e.statePersistence.sensitiveKeys,detectTampering:e.statePersistence.detectTampering})),this.logger=e.logger||((o,a)=>{a==="error"?console.error(o):a==="warn"?console.warn(o):console.log(o)})}check(e,o,a,i={}){const r=`req-${Date.now()}-${Math.random().toString(36).substr(2,9)}`,s=[];if(this.logger(`[TrustGuard:${r}] Checking: ${e}`,"info"),this.encoding&&i.userInput){const t=this.encoding.detect(i.userInput,r);if(!t.allowed)return this.logger(`[TrustGuard:${r}] BLOCKED by Encoding Detector`,"warn"),{allowed:!1,block_layer:"ENCODING",block_reason:t.reason,all_violations:t.violations,encoding:t,request_id:r};s.push(...t.violations)}if(this.sanitizer&&i.userInput){const t=this.sanitizer.sanitize(i.userInput,r);if(!t.allowed)return this.logger(`[TrustGuard:${r}] BLOCKED by L1`,"warn"),{allowed:!1,block_layer:"L1",block_reason:t.reason,all_violations:t.violations,sanitizer:t,request_id:r};s.push(...t.violations)}if(this.promptLeakage&&i.userInput){const t=this.promptLeakage.check(i.userInput,r);if(!t.allowed)return this.logger(`[TrustGuard:${r}] BLOCKED by Prompt Leakage Guard`,"warn"),{allowed:!1,block_layer:"PROMPT_LEAKAGE",block_reason:t.reason,all_violations:[...s,...t.violations],request_id:r};s.push(...t.violations)}if(this.memoryGuard&&i.userInput&&a?.session_id){const t=this.memoryGuard.validateContextInjection(i.userInput,a.session_id,r);if(!t.allowed)return this.logger(`[TrustGuard:${r}] BLOCKED by Memory Guard`,"warn"),{allowed:!1,block_layer:"MEMORY",block_reason:t.reason,all_violations:[...s,...t.violations],request_id:r};s.push(...t.violations)}if(this.conversation&&i.userInput&&a?.session_id){const t=this.conversation.check(a.session_id,i.userInput,[e],i.claimedRole,r);if(!t.allowed)return this.logger(`[TrustGuard:${r}] BLOCKED by Conversation Guard`,"warn"),{allowed:!1,block_layer:"CONV",block_reason:t.reason,all_violations:[...s,...t.violations],conversation:t,request_id:r};s.push(...t.violations)}let n;if(this.registry){const t=this.registry.check(e,a?.role||"",r);if(!t.allowed)return this.logger(`[TrustGuard:${r}] BLOCKED by L2`,"warn"),{allowed:!1,block_layer:"L2",block_reason:t.reason,all_violations:[...s,...t.violations],registry:t,request_id:r};n=t.tool,s.push(...t.violations)}if(this.chain&&a?.session_id){const t=i.allToolsInRequest?this.chain.validateBatch(a.session_id,i.allToolsInRequest,r):this.chain.validate(a.session_id,e,void 0,r);if(!t.allowed)return this.logger(`[TrustGuard:${r}] BLOCKED by Tool Chain Validator`,"warn"),{allowed:!1,block_layer:"CHAIN",block_reason:t.reason,all_violations:[...s,...t.violations],chain:t,request_id:r};s.push(...t.violations)}if(this.autonomyEscalation&&a?.session_id){const t=this.autonomyEscalation.validate(e,a.session_id,o,r);if(!t.allowed)return this.logger(`[TrustGuard:${r}] BLOCKED by Autonomy Escalation Guard`,"warn"),{allowed:!1,block_layer:"AUTONOMY",block_reason:t.reason,all_violations:[...s,...t.violations],request_id:r};s.push(...t.violations)}if(this.policy&&n){const t=this.policy.check(n,o,a,i.claimedRole,r);if(!t.allowed)return this.logger(`[TrustGuard:${r}] BLOCKED by L3`,"warn"),{allowed:!1,block_layer:"L3",block_reason:t.reason,all_violations:[...s,...t.violations],policy:t,request_id:r};s.push(...t.violations)}let l=o;if(this.tenant){const t=this.tenant.check(e,o,a,r);if(!t.allowed)return this.logger(`[TrustGuard:${r}] BLOCKED by L4`,"warn"),{allowed:!1,block_layer:"L4",block_reason:t.reason,all_violations:[...s,...t.violations],tenant:t,request_id:r};t.enforced_params&&(l=t.enforced_params),s.push(...t.violations)}if(this.schema&&n){const t=this.schema.validate(n,l,r);if(!t.allowed)return this.logger(`[TrustGuard:${r}] BLOCKED by L5`,"warn"),{allowed:!1,block_layer:"L5",block_reason:t.reason,all_violations:[...s,...t.violations],schema:t,request_id:r};s.push(...t.violations)}if(this.execution){const t=this.execution.check(e,a?.user_id,a?.session_id,r);if(!t.allowed)return this.logger(`[TrustGuard:${r}] BLOCKED by L6`,"warn"),{allowed:!1,block_layer:"L6",block_reason:t.reason,all_violations:[...s,...t.violations],execution:t,request_id:r};s.push(...t.violations)}if(this.circuitBreaker){const t=this.circuitBreaker.check(e,r);if(!t.allowed)return this.logger(`[TrustGuard:${r}] BLOCKED by Circuit Breaker`,"warn"),{allowed:!1,block_layer:"L6",block_reason:t.reason,all_violations:[...s,"CIRCUIT_OPEN"],request_id:r}}return this.logger(`[TrustGuard:${r}] All checks PASSED`,"info"),{allowed:!0,all_violations:s,request_id:r}}filterOutput(e,o,a){let i=e,r=!1,s=!1,n=!1,l=!0;if(this.output){const t=this.output.filter(e,o,a);i=t.filtered_response,r=t.pii_detected.length>0,s=t.secrets_detected.length>0,t.allowed||(l=!1)}if(this.promptLeakage){const t=typeof i=="string"?i:JSON.stringify(i),d=this.promptLeakage.checkOutput(t,a);d.leaked&&(l=!1,n=!0,d.sanitized_output&&(i=d.sanitized_output))}return{allowed:l,filtered:i,pii_detected:r,secrets_detected:s,prompt_leakage_detected:n}}completeOperation(e,o,a=!0){this.execution&&this.execution.completeOperation(e?.user_id,e?.session_id),this.circuitBreaker&&o&&(a?this.circuitBreaker.recordSuccess(o):this.circuitBreaker.recordFailure(o))}getToolsForRole(e){return this.registry?this.registry.getToolsForRole(e):[]}getGuards(){return{sanitizer:this.sanitizer,registry:this.registry,policy:this.policy,tenant:this.tenant,schema:this.schema,execution:this.execution,output:this.output,conversation:this.conversation,chain:this.chain,encoding:this.encoding,multiModal:this.multiModal,memory:this.memoryGuard,rag:this.ragGuard,codeExecution:this.codeExecution,agentCommunication:this.agentCommunication,circuitBreaker:this.circuitBreaker,driftDetector:this.driftDetector,mcpSecurity:this.mcpSecurity,promptLeakage:this.promptLeakage,trustExploitation:this.trustExploitation,autonomyEscalation:this.autonomyEscalation,statePersistence:this.statePersistence}}resetSession(e){this.conversation?.resetSession(e),this.chain?.resetSession(e),this.execution?.reset(void 0,e),this.memoryGuard?.clearSession(e),this.trustExploitation?.resetSession(e),this.autonomyEscalation?.resetSession(e),this.statePersistence?.resetSession(e)}}exports.TrustGuard=TrustGuard,__exportStar(require("./integrations/index.js"),exports),exports.default=TrustGuard;
|
package/dist/types/index.d.ts
CHANGED
|
@@ -167,7 +167,7 @@ export interface EncodingDetectorResult {
|
|
|
167
167
|
}
|
|
168
168
|
export interface TrustGuardResult {
|
|
169
169
|
allowed: boolean;
|
|
170
|
-
block_layer?: "L1" | "L2" | "L3" | "L4" | "L5" | "L6" | "L7" | "CONV" | "CHAIN" | "ENCODING";
|
|
170
|
+
block_layer?: "L1" | "L2" | "L3" | "L4" | "L5" | "L6" | "L7" | "CONV" | "CHAIN" | "ENCODING" | "MEMORY" | "PROMPT_LEAKAGE" | "AUTONOMY" | "STATE";
|
|
171
171
|
block_reason?: string;
|
|
172
172
|
all_violations: string[];
|
|
173
173
|
sanitizer?: SanitizerResult;
|
|
@@ -240,5 +240,106 @@ export interface TrustGuardConfig {
|
|
|
240
240
|
maxDecodingDepth?: number;
|
|
241
241
|
maxEncodedRatio?: number;
|
|
242
242
|
};
|
|
243
|
+
multiModal?: {
|
|
244
|
+
enabled?: boolean;
|
|
245
|
+
scanMetadata?: boolean;
|
|
246
|
+
detectBase64Payloads?: boolean;
|
|
247
|
+
allowedMimeTypes?: string[];
|
|
248
|
+
};
|
|
249
|
+
memory?: {
|
|
250
|
+
enabled?: boolean;
|
|
251
|
+
enableIntegrityCheck?: boolean;
|
|
252
|
+
detectInjections?: boolean;
|
|
253
|
+
maxMemoryItems?: number;
|
|
254
|
+
signingKey?: string;
|
|
255
|
+
autoQuarantine?: boolean;
|
|
256
|
+
riskThreshold?: number;
|
|
257
|
+
};
|
|
258
|
+
rag?: {
|
|
259
|
+
enabled?: boolean;
|
|
260
|
+
detectInjections?: boolean;
|
|
261
|
+
verifySource?: boolean;
|
|
262
|
+
trustedSources?: string[];
|
|
263
|
+
blockedSources?: string[];
|
|
264
|
+
maxDocumentSize?: number;
|
|
265
|
+
minTrustScore?: number;
|
|
266
|
+
detectEmbeddingAttacks?: boolean;
|
|
267
|
+
};
|
|
268
|
+
codeExecution?: {
|
|
269
|
+
enabled?: boolean;
|
|
270
|
+
allowedLanguages?: string[];
|
|
271
|
+
maxCodeLength?: number;
|
|
272
|
+
maxExecutionTime?: number;
|
|
273
|
+
allowNetwork?: boolean;
|
|
274
|
+
allowFileSystem?: boolean;
|
|
275
|
+
allowShell?: boolean;
|
|
276
|
+
riskThreshold?: number;
|
|
277
|
+
};
|
|
278
|
+
agentCommunication?: {
|
|
279
|
+
enabled?: boolean;
|
|
280
|
+
allowedAgents?: string[];
|
|
281
|
+
requireSignatures?: boolean;
|
|
282
|
+
strictMode?: boolean;
|
|
283
|
+
maxMessageAge?: number;
|
|
284
|
+
};
|
|
285
|
+
circuitBreaker?: {
|
|
286
|
+
enabled?: boolean;
|
|
287
|
+
failureThreshold?: number;
|
|
288
|
+
minimumRequests?: number;
|
|
289
|
+
windowSize?: number;
|
|
290
|
+
recoveryTimeout?: number;
|
|
291
|
+
successThreshold?: number;
|
|
292
|
+
};
|
|
293
|
+
driftDetector?: {
|
|
294
|
+
enabled?: boolean;
|
|
295
|
+
minimumSamples?: number;
|
|
296
|
+
anomalyThreshold?: number;
|
|
297
|
+
alertThreshold?: number;
|
|
298
|
+
checkGoalAlignment?: boolean;
|
|
299
|
+
};
|
|
300
|
+
mcpSecurity?: {
|
|
301
|
+
enabled?: boolean;
|
|
302
|
+
detectToolShadowing?: boolean;
|
|
303
|
+
toolBlocklist?: string[];
|
|
304
|
+
strictMode?: boolean;
|
|
305
|
+
minServerReputation?: number;
|
|
306
|
+
};
|
|
307
|
+
promptLeakage?: {
|
|
308
|
+
enabled?: boolean;
|
|
309
|
+
detectLeetspeak?: boolean;
|
|
310
|
+
detectROT13?: boolean;
|
|
311
|
+
detectBase64?: boolean;
|
|
312
|
+
detectIndirectExtraction?: boolean;
|
|
313
|
+
monitorOutput?: boolean;
|
|
314
|
+
systemPromptKeywords?: string[];
|
|
315
|
+
riskThreshold?: number;
|
|
316
|
+
};
|
|
317
|
+
trustExploitation?: {
|
|
318
|
+
enabled?: boolean;
|
|
319
|
+
humanApprovalRequired?: string[];
|
|
320
|
+
maxAutonomousActions?: number;
|
|
321
|
+
monitorGoalConsistency?: boolean;
|
|
322
|
+
detectPermissionEscalation?: boolean;
|
|
323
|
+
sensitiveActions?: string[];
|
|
324
|
+
};
|
|
325
|
+
autonomyEscalation?: {
|
|
326
|
+
enabled?: boolean;
|
|
327
|
+
maxAutonomyLevel?: number;
|
|
328
|
+
baseAutonomyLevel?: number;
|
|
329
|
+
detectSelfModification?: boolean;
|
|
330
|
+
maxSubAgents?: number;
|
|
331
|
+
enforceHITL?: boolean;
|
|
332
|
+
alwaysRequireHuman?: string[];
|
|
333
|
+
};
|
|
334
|
+
statePersistence?: {
|
|
335
|
+
enabled?: boolean;
|
|
336
|
+
enableIntegrityCheck?: boolean;
|
|
337
|
+
requireEncryption?: boolean;
|
|
338
|
+
maxStateSize?: number;
|
|
339
|
+
maxStateAge?: number;
|
|
340
|
+
enforceSessionIsolation?: boolean;
|
|
341
|
+
sensitiveKeys?: string[];
|
|
342
|
+
detectTampering?: boolean;
|
|
343
|
+
};
|
|
243
344
|
logger?: (message: string, level: "info" | "warn" | "error") => void;
|
|
244
345
|
}
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "llm-trust-guard",
|
|
3
|
-
"version": "4.0
|
|
4
|
-
"description": "Comprehensive security guards for LLM-powered and agentic AI applications -
|
|
3
|
+
"version": "4.1.0",
|
|
4
|
+
"description": "Comprehensive security guards for LLM-powered and agentic AI applications - 22 protection layers covering OWASP Top 10 for LLMs 2025, Agentic Applications 2026, and MCP Security. All guards now accessible via unified TrustGuard facade. Features prompt injection (PAP/persuasion), multi-modal attacks, RAG poisoning with embedding attack detection, memory persistence attacks, code execution sandboxing, multi-agent security, MCP tool shadowing prevention, system prompt leakage protection, human-agent trust exploitation (ASI09), autonomy escalation (ASI10), state persistence (ASI08), tool chain validation v2 (ASI07/ASI04), circuit breaker, drift detection, and more",
|
|
5
5
|
"main": "dist/index.js",
|
|
6
6
|
"types": "dist/index.d.ts",
|
|
7
7
|
"files": [
|