llm-trust-guard 4.7.0 → 4.8.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +13 -0
- package/dist/guards/token-cost-guard.d.ts +88 -0
- package/dist/guards/token-cost-guard.js +1 -0
- package/dist/index.d.ts +4 -0
- package/dist/index.js +1 -1
- package/package.json +1 -1
package/CHANGELOG.md
CHANGED
|
@@ -5,6 +5,19 @@ All notable changes to `llm-trust-guard` will be documented in this file.
|
|
|
5
5
|
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
|
|
6
6
|
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
|
7
7
|
|
|
8
|
+
## [4.8.0] - 2026-03-22
|
|
9
|
+
|
|
10
|
+
### Added
|
|
11
|
+
- **TokenCostGuard (L26)** — Tracks LLM API token usage and cost per session/user. Enforces financial circuit breaking with hard cost ceilings. Addresses OWASP LLM10: Unbounded Consumption.
|
|
12
|
+
- Per-request, per-session, and per-user token limits
|
|
13
|
+
- Dollar cost tracking with configurable input/output token pricing
|
|
14
|
+
- Alert threshold at configurable percentage of budget
|
|
15
|
+
- Budget window with automatic expiry
|
|
16
|
+
- New POC: poc-33-token-cost-budget
|
|
17
|
+
|
|
18
|
+
### Stats
|
|
19
|
+
- 26 guards, 294 tests across 14 files, 33 POCs, 91/91 verify-all-guards (100%)
|
|
20
|
+
|
|
8
21
|
## [4.7.0] - 2026-03-21
|
|
9
22
|
|
|
10
23
|
### Improved - Detection Rate: 76.1% → 100.0% (88/88 threats blocked)
|
|
@@ -0,0 +1,88 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* TokenCostGuard
|
|
3
|
+
*
|
|
4
|
+
* Tracks LLM API token usage and cost per session/user.
|
|
5
|
+
* Enforces financial circuit breaking with hard cost ceilings.
|
|
6
|
+
*
|
|
7
|
+
* Addresses OWASP LLM10: Unbounded Consumption — insufficient controls
|
|
8
|
+
* on resource usage leading to excessive API costs, denial-of-service,
|
|
9
|
+
* or financial exploitation.
|
|
10
|
+
*
|
|
11
|
+
* Real-world context:
|
|
12
|
+
* - A single runaway agent loop can burn $10K+ in API costs in minutes
|
|
13
|
+
* - Deloitte 2026: only 20% of orgs have mature governance for AI spending
|
|
14
|
+
* - LLMjacking: stolen credentials used to run up bills on victim accounts
|
|
15
|
+
*/
|
|
16
|
+
export interface TokenCostGuardConfig {
|
|
17
|
+
/** Max tokens per session before blocking (default: 100000) */
|
|
18
|
+
maxTokensPerSession?: number;
|
|
19
|
+
/** Max tokens per user across all sessions (default: 500000) */
|
|
20
|
+
maxTokensPerUser?: number;
|
|
21
|
+
/** Max cost in dollars per session (default: 10.0) */
|
|
22
|
+
maxCostPerSession?: number;
|
|
23
|
+
/** Max cost in dollars per user (default: 50.0) */
|
|
24
|
+
maxCostPerUser?: number;
|
|
25
|
+
/** Cost per 1K input tokens in dollars (default: 0.003) */
|
|
26
|
+
inputTokenCostPer1K?: number;
|
|
27
|
+
/** Cost per 1K output tokens in dollars (default: 0.015) */
|
|
28
|
+
outputTokenCostPer1K?: number;
|
|
29
|
+
/** Max single request token count (default: 32000) */
|
|
30
|
+
maxTokensPerRequest?: number;
|
|
31
|
+
/** Alert threshold as percentage of budget (default: 0.8 = 80%) */
|
|
32
|
+
alertThreshold?: number;
|
|
33
|
+
/** Session budget window in milliseconds (default: 3600000 = 1 hour) */
|
|
34
|
+
budgetWindowMs?: number;
|
|
35
|
+
}
|
|
36
|
+
export interface TokenUsage {
|
|
37
|
+
inputTokens: number;
|
|
38
|
+
outputTokens: number;
|
|
39
|
+
totalTokens: number;
|
|
40
|
+
estimatedCost: number;
|
|
41
|
+
}
|
|
42
|
+
export interface TokenCostResult {
|
|
43
|
+
allowed: boolean;
|
|
44
|
+
reason?: string;
|
|
45
|
+
violations: string[];
|
|
46
|
+
usage: {
|
|
47
|
+
session: TokenUsage;
|
|
48
|
+
user: TokenUsage;
|
|
49
|
+
request: TokenUsage;
|
|
50
|
+
};
|
|
51
|
+
budget: {
|
|
52
|
+
session_remaining_tokens: number;
|
|
53
|
+
session_remaining_cost: number;
|
|
54
|
+
user_remaining_tokens: number;
|
|
55
|
+
user_remaining_cost: number;
|
|
56
|
+
alert: boolean;
|
|
57
|
+
alert_message?: string;
|
|
58
|
+
};
|
|
59
|
+
}
|
|
60
|
+
export declare class TokenCostGuard {
|
|
61
|
+
private config;
|
|
62
|
+
private sessionUsage;
|
|
63
|
+
private userUsage;
|
|
64
|
+
constructor(config?: TokenCostGuardConfig);
|
|
65
|
+
/**
|
|
66
|
+
* Track token usage for a request and check against budgets
|
|
67
|
+
*/
|
|
68
|
+
trackUsage(sessionId: string, userId: string, inputTokens: number, outputTokens: number, requestId?: string): TokenCostResult;
|
|
69
|
+
/**
|
|
70
|
+
* Get current budget status without recording usage
|
|
71
|
+
*/
|
|
72
|
+
getBudget(sessionId: string, userId: string): TokenCostResult["budget"];
|
|
73
|
+
/**
|
|
74
|
+
* Reset session budget
|
|
75
|
+
*/
|
|
76
|
+
resetSession(sessionId: string): void;
|
|
77
|
+
/**
|
|
78
|
+
* Reset user budget
|
|
79
|
+
*/
|
|
80
|
+
resetUser(userId: string): void;
|
|
81
|
+
/**
|
|
82
|
+
* Destroy and release all resources
|
|
83
|
+
*/
|
|
84
|
+
destroy(): void;
|
|
85
|
+
private calculateCost;
|
|
86
|
+
private getOrCreateUsage;
|
|
87
|
+
private cleanEntries;
|
|
88
|
+
}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.TokenCostGuard=void 0;class TokenCostGuard{constructor(t={}){this.sessionUsage=new Map,this.userUsage=new Map,this.config={maxTokensPerSession:t.maxTokensPerSession??1e5,maxTokensPerUser:t.maxTokensPerUser??5e5,maxCostPerSession:t.maxCostPerSession??10,maxCostPerUser:t.maxCostPerUser??50,inputTokenCostPer1K:t.inputTokenCostPer1K??.003,outputTokenCostPer1K:t.outputTokenCostPer1K??.015,maxTokensPerRequest:t.maxTokensPerRequest??32e3,alertThreshold:t.alertThreshold??.8,budgetWindowMs:t.budgetWindowMs??36e5}}trackUsage(t,a,s,n,r){const i=[],l=s+n,u=this.calculateCost(s,n);l>this.config.maxTokensPerRequest&&i.push("REQUEST_TOKEN_LIMIT_EXCEEDED");const e=this.getOrCreateUsage(this.sessionUsage,t),o=this.getOrCreateUsage(this.userUsage,a);this.cleanEntries(e),this.cleanEntries(o),e.totalInputTokens+e.totalOutputTokens+l>this.config.maxTokensPerSession&&i.push("SESSION_TOKEN_LIMIT_EXCEEDED"),e.totalCost+u>this.config.maxCostPerSession&&i.push("SESSION_COST_LIMIT_EXCEEDED"),o.totalInputTokens+o.totalOutputTokens+l>this.config.maxTokensPerUser&&i.push("USER_TOKEN_LIMIT_EXCEEDED"),o.totalCost+u>this.config.maxCostPerUser&&i.push("USER_COST_LIMIT_EXCEEDED");const T=i.length===0;if(T){const h={inputTokens:s,outputTokens:n,cost:u,timestamp:Date.now()};e.entries.push(h),e.totalInputTokens+=s,e.totalOutputTokens+=n,e.totalCost+=u,e.lastActivity=Date.now(),o.entries.push(h),o.totalInputTokens+=s,o.totalOutputTokens+=n,o.totalCost+=u,o.lastActivity=Date.now()}const c=(e.totalInputTokens+e.totalOutputTokens)/this.config.maxTokensPerSession,k=e.totalCost/this.config.maxCostPerSession,g=(o.totalInputTokens+o.totalOutputTokens)/this.config.maxTokensPerUser,C=o.totalCost/this.config.maxCostPerUser,m=Math.max(c,k,g,C)>=this.config.alertThreshold;let p;return m&&T&&(p=`Token/cost budget at ${(Math.max(c,k,g,C)*100).toFixed(0)}% \u2014 approaching limit`),{allowed:T,reason:T?void 0:`Token/cost limit exceeded: ${i.join(", ")}`,violations:i,usage:{session:{inputTokens:e.totalInputTokens,outputTokens:e.totalOutputTokens,totalTokens:e.totalInputTokens+e.totalOutputTokens,estimatedCost:e.totalCost},user:{inputTokens:o.totalInputTokens,outputTokens:o.totalOutputTokens,totalTokens:o.totalInputTokens+o.totalOutputTokens,estimatedCost:o.totalCost},request:{inputTokens:s,outputTokens:n,totalTokens:l,estimatedCost:u}},budget:{session_remaining_tokens:Math.max(0,this.config.maxTokensPerSession-e.totalInputTokens-e.totalOutputTokens),session_remaining_cost:Math.max(0,this.config.maxCostPerSession-e.totalCost),user_remaining_tokens:Math.max(0,this.config.maxTokensPerUser-o.totalInputTokens-o.totalOutputTokens),user_remaining_cost:Math.max(0,this.config.maxCostPerUser-o.totalCost),alert:m,alert_message:p}}}getBudget(t,a){const s=this.sessionUsage.get(t),n=this.userUsage.get(a);return{session_remaining_tokens:this.config.maxTokensPerSession-(s?s.totalInputTokens+s.totalOutputTokens:0),session_remaining_cost:this.config.maxCostPerSession-(s?.totalCost??0),user_remaining_tokens:this.config.maxTokensPerUser-(n?n.totalInputTokens+n.totalOutputTokens:0),user_remaining_cost:this.config.maxCostPerUser-(n?.totalCost??0),alert:!1}}resetSession(t){this.sessionUsage.delete(t)}resetUser(t){this.userUsage.delete(t)}destroy(){this.sessionUsage.clear(),this.userUsage.clear()}calculateCost(t,a){return t/1e3*this.config.inputTokenCostPer1K+a/1e3*this.config.outputTokenCostPer1K}getOrCreateUsage(t,a){if(!t.has(a)&&t.size>1e4){const s=t.keys().next().value;s&&t.delete(s)}return t.has(a)||t.set(a,{entries:[],totalInputTokens:0,totalOutputTokens:0,totalCost:0,lastActivity:Date.now()}),t.get(a)}cleanEntries(t){const a=Date.now()-this.config.budgetWindowMs,s=t.entries.filter(n=>n.timestamp>a);s.length<t.entries.length&&(t.entries=s,t.totalInputTokens=s.reduce((n,r)=>n+r.inputTokens,0),t.totalOutputTokens=s.reduce((n,r)=>n+r.outputTokens,0),t.totalCost=s.reduce((n,r)=>n+r.cost,0))}}exports.TokenCostGuard=TokenCostGuard;
|
package/dist/index.d.ts
CHANGED
|
@@ -45,6 +45,7 @@ export { StatePersistenceGuard, StatePersistenceGuardConfig, StateItem, StateOpe
|
|
|
45
45
|
export { ToolResultGuard, ToolResultGuardConfig, ToolResultGuardResult, ToolResultThreat } from "./guards/tool-result-guard";
|
|
46
46
|
export { ContextBudgetGuard, ContextBudgetGuardConfig, ContextBudgetResult } from "./guards/context-budget-guard";
|
|
47
47
|
export { OutputSchemaGuard, OutputSchemaGuardConfig, OutputSchemaResult } from "./guards/output-schema-guard";
|
|
48
|
+
export { TokenCostGuard, TokenCostGuardConfig, TokenCostResult, TokenUsage } from "./guards/token-cost-guard";
|
|
48
49
|
export { DetectionClassifier, DetectionResult, DetectionThreat, DetectionContext, createRegexClassifier, mergeDetectionResults } from "./detection-backend";
|
|
49
50
|
import { InputSanitizer } from "./guards/input-sanitizer";
|
|
50
51
|
import { ToolRegistry } from "./guards/tool-registry";
|
|
@@ -71,6 +72,7 @@ import { StatePersistenceGuard } from "./guards/state-persistence-guard";
|
|
|
71
72
|
import { ToolResultGuard } from "./guards/tool-result-guard";
|
|
72
73
|
import { ContextBudgetGuard } from "./guards/context-budget-guard";
|
|
73
74
|
import { OutputSchemaGuard } from "./guards/output-schema-guard";
|
|
75
|
+
import { TokenCostGuard } from "./guards/token-cost-guard";
|
|
74
76
|
import { TrustGuardConfig, TrustGuardResult, SessionContext, ToolDefinition, Role } from "./types";
|
|
75
77
|
/**
|
|
76
78
|
* TrustGuard - Main facade for all 22 security guards
|
|
@@ -129,6 +131,7 @@ export declare class TrustGuard {
|
|
|
129
131
|
private toolResultGuard?;
|
|
130
132
|
private contextBudget?;
|
|
131
133
|
private outputSchema?;
|
|
134
|
+
private tokenCostGuard?;
|
|
132
135
|
private classifier?;
|
|
133
136
|
private maxInputLength;
|
|
134
137
|
private failMode;
|
|
@@ -191,6 +194,7 @@ export declare class TrustGuard {
|
|
|
191
194
|
toolResult: ToolResultGuard | undefined;
|
|
192
195
|
contextBudget: ContextBudgetGuard | undefined;
|
|
193
196
|
outputSchema: OutputSchemaGuard | undefined;
|
|
197
|
+
tokenCost: TokenCostGuard | undefined;
|
|
194
198
|
};
|
|
195
199
|
/**
|
|
196
200
|
* Reset session state across all session-aware guards
|
package/dist/index.js
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
"use strict";var __createBinding=this&&this.__createBinding||(Object.create?(function(u,e,s,o){o===void 0&&(o=s);var a=Object.getOwnPropertyDescriptor(e,s);(!a||("get"in a?!e.__esModule:a.writable||a.configurable))&&(a={enumerable:!0,get:function(){return e[s]}}),Object.defineProperty(u,o,a)}):(function(u,e,s,o){o===void 0&&(o=s),u[o]=e[s]})),__exportStar=this&&this.__exportStar||function(u,e){for(var s in u)s!=="default"&&!Object.prototype.hasOwnProperty.call(e,s)&&__createBinding(e,u,s)},__importDefault=this&&this.__importDefault||function(u){return u&&u.__esModule?u:{default:u}};Object.defineProperty(exports,"__esModule",{value:!0}),exports.TrustGuard=exports.mergeDetectionResults=exports.createRegexClassifier=exports.OutputSchemaGuard=exports.ContextBudgetGuard=exports.ToolResultGuard=exports.StatePersistenceGuard=exports.AutonomyEscalationGuard=exports.TrustExploitationGuard=exports.PromptLeakageGuard=exports.MCPSecurityGuard=exports.DriftDetector=exports.CircuitBreaker=exports.AgentCommunicationGuard=exports.CodeExecutionGuard=exports.RAGGuard=exports.MemoryGuard=exports.MultiModalGuard=exports.EncodingDetector=exports.ToolChainValidator=exports.ConversationGuard=exports.OutputFilter=exports.ExecutionMonitor=exports.SchemaValidator=exports.TenantBoundary=exports.PolicyGate=exports.ToolRegistry=exports.InputSanitizer=void 0,__exportStar(require("./types"),exports);var input_sanitizer_1=require("./guards/input-sanitizer");Object.defineProperty(exports,"InputSanitizer",{enumerable:!0,get:function(){return input_sanitizer_1.InputSanitizer}});var tool_registry_1=require("./guards/tool-registry");Object.defineProperty(exports,"ToolRegistry",{enumerable:!0,get:function(){return tool_registry_1.ToolRegistry}});var policy_gate_1=require("./guards/policy-gate");Object.defineProperty(exports,"PolicyGate",{enumerable:!0,get:function(){return policy_gate_1.PolicyGate}});var tenant_boundary_1=require("./guards/tenant-boundary");Object.defineProperty(exports,"TenantBoundary",{enumerable:!0,get:function(){return tenant_boundary_1.TenantBoundary}});var schema_validator_1=require("./guards/schema-validator");Object.defineProperty(exports,"SchemaValidator",{enumerable:!0,get:function(){return schema_validator_1.SchemaValidator}});var execution_monitor_1=require("./guards/execution-monitor");Object.defineProperty(exports,"ExecutionMonitor",{enumerable:!0,get:function(){return execution_monitor_1.ExecutionMonitor}});var output_filter_1=require("./guards/output-filter");Object.defineProperty(exports,"OutputFilter",{enumerable:!0,get:function(){return output_filter_1.OutputFilter}});var conversation_guard_1=require("./guards/conversation-guard");Object.defineProperty(exports,"ConversationGuard",{enumerable:!0,get:function(){return conversation_guard_1.ConversationGuard}});var tool_chain_validator_1=require("./guards/tool-chain-validator");Object.defineProperty(exports,"ToolChainValidator",{enumerable:!0,get:function(){return tool_chain_validator_1.ToolChainValidator}});var encoding_detector_1=require("./guards/encoding-detector");Object.defineProperty(exports,"EncodingDetector",{enumerable:!0,get:function(){return encoding_detector_1.EncodingDetector}});var multimodal_guard_1=require("./guards/multimodal-guard");Object.defineProperty(exports,"MultiModalGuard",{enumerable:!0,get:function(){return multimodal_guard_1.MultiModalGuard}});var memory_guard_1=require("./guards/memory-guard");Object.defineProperty(exports,"MemoryGuard",{enumerable:!0,get:function(){return memory_guard_1.MemoryGuard}});var rag_guard_1=require("./guards/rag-guard");Object.defineProperty(exports,"RAGGuard",{enumerable:!0,get:function(){return rag_guard_1.RAGGuard}});var code_execution_guard_1=require("./guards/code-execution-guard");Object.defineProperty(exports,"CodeExecutionGuard",{enumerable:!0,get:function(){return code_execution_guard_1.CodeExecutionGuard}});var agent_communication_guard_1=require("./guards/agent-communication-guard");Object.defineProperty(exports,"AgentCommunicationGuard",{enumerable:!0,get:function(){return agent_communication_guard_1.AgentCommunicationGuard}});var circuit_breaker_1=require("./guards/circuit-breaker");Object.defineProperty(exports,"CircuitBreaker",{enumerable:!0,get:function(){return circuit_breaker_1.CircuitBreaker}});var drift_detector_1=require("./guards/drift-detector");Object.defineProperty(exports,"DriftDetector",{enumerable:!0,get:function(){return drift_detector_1.DriftDetector}});var mcp_security_guard_1=require("./guards/mcp-security-guard");Object.defineProperty(exports,"MCPSecurityGuard",{enumerable:!0,get:function(){return mcp_security_guard_1.MCPSecurityGuard}});var prompt_leakage_guard_1=require("./guards/prompt-leakage-guard");Object.defineProperty(exports,"PromptLeakageGuard",{enumerable:!0,get:function(){return prompt_leakage_guard_1.PromptLeakageGuard}});var trust_exploitation_guard_1=require("./guards/trust-exploitation-guard");Object.defineProperty(exports,"TrustExploitationGuard",{enumerable:!0,get:function(){return trust_exploitation_guard_1.TrustExploitationGuard}});var autonomy_escalation_guard_1=require("./guards/autonomy-escalation-guard");Object.defineProperty(exports,"AutonomyEscalationGuard",{enumerable:!0,get:function(){return autonomy_escalation_guard_1.AutonomyEscalationGuard}});var state_persistence_guard_1=require("./guards/state-persistence-guard");Object.defineProperty(exports,"StatePersistenceGuard",{enumerable:!0,get:function(){return state_persistence_guard_1.StatePersistenceGuard}});var tool_result_guard_1=require("./guards/tool-result-guard");Object.defineProperty(exports,"ToolResultGuard",{enumerable:!0,get:function(){return tool_result_guard_1.ToolResultGuard}});var context_budget_guard_1=require("./guards/context-budget-guard");Object.defineProperty(exports,"ContextBudgetGuard",{enumerable:!0,get:function(){return context_budget_guard_1.ContextBudgetGuard}});var output_schema_guard_1=require("./guards/output-schema-guard");Object.defineProperty(exports,"OutputSchemaGuard",{enumerable:!0,get:function(){return output_schema_guard_1.OutputSchemaGuard}});var detection_backend_1=require("./detection-backend");Object.defineProperty(exports,"createRegexClassifier",{enumerable:!0,get:function(){return detection_backend_1.createRegexClassifier}}),Object.defineProperty(exports,"mergeDetectionResults",{enumerable:!0,get:function(){return detection_backend_1.mergeDetectionResults}});const crypto_1=__importDefault(require("crypto")),input_sanitizer_2=require("./guards/input-sanitizer"),tool_registry_2=require("./guards/tool-registry"),policy_gate_2=require("./guards/policy-gate"),tenant_boundary_2=require("./guards/tenant-boundary"),schema_validator_2=require("./guards/schema-validator"),execution_monitor_2=require("./guards/execution-monitor"),output_filter_2=require("./guards/output-filter"),conversation_guard_2=require("./guards/conversation-guard"),tool_chain_validator_2=require("./guards/tool-chain-validator"),encoding_detector_2=require("./guards/encoding-detector"),multimodal_guard_2=require("./guards/multimodal-guard"),memory_guard_2=require("./guards/memory-guard"),rag_guard_2=require("./guards/rag-guard"),code_execution_guard_2=require("./guards/code-execution-guard"),agent_communication_guard_2=require("./guards/agent-communication-guard"),circuit_breaker_2=require("./guards/circuit-breaker"),drift_detector_2=require("./guards/drift-detector"),mcp_security_guard_2=require("./guards/mcp-security-guard"),prompt_leakage_guard_2=require("./guards/prompt-leakage-guard"),trust_exploitation_guard_2=require("./guards/trust-exploitation-guard"),autonomy_escalation_guard_2=require("./guards/autonomy-escalation-guard"),state_persistence_guard_2=require("./guards/state-persistence-guard"),tool_result_guard_2=require("./guards/tool-result-guard"),context_budget_guard_2=require("./guards/context-budget-guard"),output_schema_guard_2=require("./guards/output-schema-guard");class TrustGuard{constructor(e={}){if(this.maxInputLength=e.maxInputLength??1e5,this.failMode=e.failMode??"closed",e.sanitizer?.enabled!==!1&&(this.sanitizer=new input_sanitizer_2.InputSanitizer({threshold:e.sanitizer?.threshold,customPatterns:e.sanitizer?.customPatterns,detectPAP:e.sanitizer?.detectPAP,papThreshold:e.sanitizer?.papThreshold,minPersuasionTechniques:e.sanitizer?.minPersuasionTechniques,blockCompoundPersuasion:e.sanitizer?.blockCompoundPersuasion})),e.registry?.enabled!==!1&&e.registry?.tools&&(this.registry=new tool_registry_2.ToolRegistry({tools:e.registry.tools})),e.policy?.enabled!==!1&&(this.policy=new policy_gate_2.PolicyGate({roleHierarchy:e.policy?.roleHierarchy})),e.tenant?.enabled!==!1){const s=e.tenant?.resourceOwnership?new Map(Object.entries(e.tenant.resourceOwnership).map(([o,a])=>[o,{resource_id:o,tenant_id:a.tenant_id}])):void 0;this.tenant=new tenant_boundary_2.TenantBoundary({resourceOwnership:s})}e.schema?.enabled!==!1&&(this.schema=new schema_validator_2.SchemaValidator({strictTypes:e.schema?.strictTypes})),e.execution?.enabled!==!1&&(this.execution=new execution_monitor_2.ExecutionMonitor({maxRequestsPerMinute:e.execution?.maxRequestsPerMinute,maxRequestsPerHour:e.execution?.maxRequestsPerHour,operationCosts:e.execution?.operationCosts,maxCostPerMinute:e.execution?.maxCostPerMinute,maxCostPerHour:e.execution?.maxCostPerHour})),e.output?.enabled!==!1&&(this.output=new output_filter_2.OutputFilter({detectPII:e.output?.detectPII,detectSecrets:e.output?.detectSecrets,roleFilters:e.output?.roleFilters})),e.conversation?.enabled!==!1&&(this.conversation=new conversation_guard_2.ConversationGuard({maxConversationLength:e.conversation?.maxConversationLength,escalationThreshold:e.conversation?.escalationThreshold})),e.chain?.enabled!==!1&&(this.chain=new tool_chain_validator_2.ToolChainValidator({maxToolsPerRequest:e.chain?.maxToolsPerRequest,maxSensitiveToolsPerSession:e.chain?.maxSensitiveToolsPerSession,sensitiveTools:e.chain?.sensitiveTools})),e.encoding?.enabled!==!1&&(this.encoding=new encoding_detector_2.EncodingDetector({maxDecodingDepth:e.encoding?.maxDecodingDepth,maxEncodedRatio:e.encoding?.maxEncodedRatio})),e.multiModal?.enabled&&(this.multiModal=new multimodal_guard_2.MultiModalGuard({scanMetadata:e.multiModal.scanMetadata,detectBase64Payloads:e.multiModal.detectBase64Payloads,allowedMimeTypes:e.multiModal.allowedMimeTypes})),e.memory?.enabled&&(this.memoryGuard=new memory_guard_2.MemoryGuard({enableIntegrityCheck:e.memory.enableIntegrityCheck,detectInjections:e.memory.detectInjections,maxMemoryItems:e.memory.maxMemoryItems,signingKey:e.memory.signingKey,autoQuarantine:e.memory.autoQuarantine,riskThreshold:e.memory.riskThreshold})),e.rag?.enabled&&(this.ragGuard=new rag_guard_2.RAGGuard({detectInjections:e.rag.detectInjections,verifySource:e.rag.verifySource,trustedSources:e.rag.trustedSources,blockedSources:e.rag.blockedSources,maxDocumentSize:e.rag.maxDocumentSize,minTrustScore:e.rag.minTrustScore,detectEmbeddingAttacks:e.rag.detectEmbeddingAttacks})),e.codeExecution?.enabled&&(this.codeExecution=new code_execution_guard_2.CodeExecutionGuard({allowedLanguages:e.codeExecution.allowedLanguages,maxCodeLength:e.codeExecution.maxCodeLength,maxExecutionTime:e.codeExecution.maxExecutionTime,allowNetwork:e.codeExecution.allowNetwork,allowFileSystem:e.codeExecution.allowFileSystem,allowShell:e.codeExecution.allowShell,riskThreshold:e.codeExecution.riskThreshold})),e.agentCommunication?.enabled&&(this.agentCommunication=new agent_communication_guard_2.AgentCommunicationGuard({allowedAgents:e.agentCommunication.allowedAgents,requireSignatures:e.agentCommunication.requireSignatures,strictMode:e.agentCommunication.strictMode,maxMessageAge:e.agentCommunication.maxMessageAge})),e.circuitBreaker?.enabled&&(this.circuitBreaker=new circuit_breaker_2.CircuitBreaker({failureThreshold:e.circuitBreaker.failureThreshold,minimumRequests:e.circuitBreaker.minimumRequests,windowSize:e.circuitBreaker.windowSize,recoveryTimeout:e.circuitBreaker.recoveryTimeout,successThreshold:e.circuitBreaker.successThreshold})),e.driftDetector?.enabled&&(this.driftDetector=new drift_detector_2.DriftDetector({minimumSamples:e.driftDetector.minimumSamples,anomalyThreshold:e.driftDetector.anomalyThreshold,alertThreshold:e.driftDetector.alertThreshold,checkGoalAlignment:e.driftDetector.checkGoalAlignment})),e.mcpSecurity?.enabled&&(this.mcpSecurity=new mcp_security_guard_2.MCPSecurityGuard({detectToolShadowing:e.mcpSecurity.detectToolShadowing,toolBlocklist:e.mcpSecurity.toolBlocklist,strictMode:e.mcpSecurity.strictMode,minServerReputation:e.mcpSecurity.minServerReputation})),e.promptLeakage?.enabled&&(this.promptLeakage=new prompt_leakage_guard_2.PromptLeakageGuard({detectLeetspeak:e.promptLeakage.detectLeetspeak,detectROT13:e.promptLeakage.detectROT13,detectBase64:e.promptLeakage.detectBase64,detectIndirectExtraction:e.promptLeakage.detectIndirectExtraction,monitorOutput:e.promptLeakage.monitorOutput,systemPromptKeywords:e.promptLeakage.systemPromptKeywords,riskThreshold:e.promptLeakage.riskThreshold})),e.trustExploitation?.enabled&&(this.trustExploitation=new trust_exploitation_guard_2.TrustExploitationGuard({humanApprovalRequired:e.trustExploitation.humanApprovalRequired,maxAutonomousActions:e.trustExploitation.maxAutonomousActions,monitorGoalConsistency:e.trustExploitation.monitorGoalConsistency,detectPermissionEscalation:e.trustExploitation.detectPermissionEscalation,sensitiveActions:e.trustExploitation.sensitiveActions})),e.autonomyEscalation?.enabled&&(this.autonomyEscalation=new autonomy_escalation_guard_2.AutonomyEscalationGuard({maxAutonomyLevel:e.autonomyEscalation.maxAutonomyLevel,baseAutonomyLevel:e.autonomyEscalation.baseAutonomyLevel,detectSelfModification:e.autonomyEscalation.detectSelfModification,maxSubAgents:e.autonomyEscalation.maxSubAgents,enforceHITL:e.autonomyEscalation.enforceHITL,alwaysRequireHuman:e.autonomyEscalation.alwaysRequireHuman})),e.statePersistence?.enabled&&(this.statePersistence=new state_persistence_guard_2.StatePersistenceGuard({enableIntegrityCheck:e.statePersistence.enableIntegrityCheck,requireEncryption:e.statePersistence.requireEncryption,maxStateSize:e.statePersistence.maxStateSize,maxStateAge:e.statePersistence.maxStateAge,enforceSessionIsolation:e.statePersistence.enforceSessionIsolation,sensitiveKeys:e.statePersistence.sensitiveKeys,detectTampering:e.statePersistence.detectTampering})),e.toolResult?.enabled&&(this.toolResultGuard=new tool_result_guard_2.ToolResultGuard(e.toolResult)),e.contextBudget?.enabled&&(this.contextBudget=new context_budget_guard_2.ContextBudgetGuard(e.contextBudget)),e.outputSchema?.enabled&&(this.outputSchema=new output_schema_guard_2.OutputSchemaGuard(e.outputSchema)),e.classifier&&(this.classifier=e.classifier),this.logger=e.logger||((s,o)=>{o==="error"?console.error(s):o==="warn"?console.warn(s):console.log(s)})}check(e,s,o,a={}){const r=`req-${crypto_1.default.randomUUID()}`,i=[];this.logger(`[TrustGuard:${r}] Checking: ${e}`,"info");try{return this.runChecks(e,s,o,a,r)}catch(n){const l=n instanceof Error?n.message:String(n);return this.logger(`[TrustGuard:${r}] Guard error: ${l}`,"error"),this.failMode==="open"?{allowed:!0,all_violations:["GUARD_ERROR"],request_id:r}:{allowed:!1,block_reason:`Internal guard error: ${l}`,all_violations:["GUARD_ERROR"],request_id:r}}}runChecks(e,s,o,a,r){const i=[];if(a.userInput&&a.userInput.length>this.maxInputLength)return this.logger(`[TrustGuard:${r}] BLOCKED: Input too long (${a.userInput.length} > ${this.maxInputLength})`,"warn"),{allowed:!1,block_layer:"L1",block_reason:`Input length ${a.userInput.length} exceeds maximum ${this.maxInputLength}`,all_violations:["INPUT_TOO_LONG"],request_id:r};if(this.encoding&&a.userInput){const t=this.encoding.detect(a.userInput,r);if(!t.allowed)return this.logger(`[TrustGuard:${r}] BLOCKED by Encoding Detector`,"warn"),{allowed:!1,block_layer:"ENCODING",block_reason:t.reason,all_violations:t.violations,encoding:t,request_id:r};i.push(...t.violations)}if(this.sanitizer&&a.userInput){const t=this.sanitizer.sanitize(a.userInput,r);if(!t.allowed)return this.logger(`[TrustGuard:${r}] BLOCKED by L1`,"warn"),{allowed:!1,block_layer:"L1",block_reason:t.reason,all_violations:t.violations,sanitizer:t,request_id:r};i.push(...t.violations)}if(this.promptLeakage&&a.userInput){const t=this.promptLeakage.check(a.userInput,r);if(!t.allowed)return this.logger(`[TrustGuard:${r}] BLOCKED by Prompt Leakage Guard`,"warn"),{allowed:!1,block_layer:"PROMPT_LEAKAGE",block_reason:t.reason,all_violations:[...i,...t.violations],request_id:r};i.push(...t.violations)}if(this.memoryGuard&&a.userInput&&o?.session_id){const t=this.memoryGuard.validateContextInjection(a.userInput,o.session_id,r);if(!t.allowed)return this.logger(`[TrustGuard:${r}] BLOCKED by Memory Guard`,"warn"),{allowed:!1,block_layer:"MEMORY",block_reason:t.reason,all_violations:[...i,...t.violations],request_id:r};i.push(...t.violations)}if(this.conversation&&a.userInput&&o?.session_id){const t=this.conversation.check(o.session_id,a.userInput,[e],a.claimedRole,r);if(!t.allowed)return this.logger(`[TrustGuard:${r}] BLOCKED by Conversation Guard`,"warn"),{allowed:!1,block_layer:"CONV",block_reason:t.reason,all_violations:[...i,...t.violations],conversation:t,request_id:r};i.push(...t.violations)}let n;if(this.registry){const t=this.registry.check(e,o?.role||"",r);if(!t.allowed)return this.logger(`[TrustGuard:${r}] BLOCKED by L2`,"warn"),{allowed:!1,block_layer:"L2",block_reason:t.reason,all_violations:[...i,...t.violations],registry:t,request_id:r};n=t.tool,i.push(...t.violations)}if(this.chain&&o?.session_id){const t=a.allToolsInRequest?this.chain.validateBatch(o.session_id,a.allToolsInRequest,r):this.chain.validate(o.session_id,e,void 0,r);if(!t.allowed)return this.logger(`[TrustGuard:${r}] BLOCKED by Tool Chain Validator`,"warn"),{allowed:!1,block_layer:"CHAIN",block_reason:t.reason,all_violations:[...i,...t.violations],chain:t,request_id:r};i.push(...t.violations)}if(this.policy&&n){const t=this.policy.check(n,s,o,a.claimedRole,r);if(!t.allowed)return this.logger(`[TrustGuard:${r}] BLOCKED by L3`,"warn"),{allowed:!1,block_layer:"L3",block_reason:t.reason,all_violations:[...i,...t.violations],policy:t,request_id:r};i.push(...t.violations)}else this.policy&&!n&&this.logger(`[TrustGuard:${r}] Policy gate skipped: no tool definition (registry disabled or tool not found)`,"warn");if(this.autonomyEscalation&&o?.session_id){const t=this.autonomyEscalation.validate(e,o.session_id,s,r);if(!t.allowed)return this.logger(`[TrustGuard:${r}] BLOCKED by Autonomy Escalation Guard`,"warn"),{allowed:!1,block_layer:"AUTONOMY",block_reason:t.reason,all_violations:[...i,...t.violations],request_id:r};i.push(...t.violations)}let l=s;if(this.tenant){const t=this.tenant.check(e,s,o,r);if(!t.allowed)return this.logger(`[TrustGuard:${r}] BLOCKED by L4`,"warn"),{allowed:!1,block_layer:"L4",block_reason:t.reason,all_violations:[...i,...t.violations],tenant:t,request_id:r};t.enforced_params&&(l=t.enforced_params),i.push(...t.violations)}if(this.schema&&n){const t=this.schema.validate(n,l,r);if(!t.allowed)return this.logger(`[TrustGuard:${r}] BLOCKED by L5`,"warn"),{allowed:!1,block_layer:"L5",block_reason:t.reason,all_violations:[...i,...t.violations],schema:t,request_id:r};i.push(...t.violations)}if(this.execution){const t=this.execution.check(e,o?.user_id,o?.session_id,r);if(!t.allowed)return this.logger(`[TrustGuard:${r}] BLOCKED by L6`,"warn"),{allowed:!1,block_layer:"L6",block_reason:t.reason,all_violations:[...i,...t.violations],execution:t,request_id:r};i.push(...t.violations)}if(this.circuitBreaker){const t=this.circuitBreaker.check(e,r);if(!t.allowed)return this.logger(`[TrustGuard:${r}] BLOCKED by Circuit Breaker`,"warn"),{allowed:!1,block_layer:"L6",block_reason:t.reason,all_violations:[...i,"CIRCUIT_OPEN"],request_id:r}}return this.logger(`[TrustGuard:${r}] All checks PASSED`,"info"),{allowed:!0,all_violations:i,request_id:r}}filterOutput(e,s,o){let a=e,r=!1,i=!1,n=!1,l=!0;const t=typeof e=="string"?e:"";if(t.length>this.maxInputLength&&this.logger(`[TrustGuard] Output too long (${t.length}), truncating for filter`,"warn"),this.output){const c=this.output.filter(e,s,o);a=c.filtered_response,r=c.pii_detected.length>0,i=c.secrets_detected.length>0,c.allowed||(l=!1)}if(this.promptLeakage){const c=typeof a=="string"?a:JSON.stringify(a),d=this.promptLeakage.checkOutput(c,o);d.leaked&&(l=!1,n=!0,d.sanitized_output&&(a=d.sanitized_output))}return{allowed:l,filtered:a,pii_detected:r,secrets_detected:i,prompt_leakage_detected:n}}completeOperation(e,s,o=!0){this.execution&&this.execution.completeOperation(e?.user_id,e?.session_id),this.circuitBreaker&&s&&(o?this.circuitBreaker.recordSuccess(s):this.circuitBreaker.recordFailure(s))}getToolsForRole(e){return this.registry?this.registry.getToolsForRole(e):[]}getGuards(){return{sanitizer:this.sanitizer,registry:this.registry,policy:this.policy,tenant:this.tenant,schema:this.schema,execution:this.execution,output:this.output,conversation:this.conversation,chain:this.chain,encoding:this.encoding,multiModal:this.multiModal,memory:this.memoryGuard,rag:this.ragGuard,codeExecution:this.codeExecution,agentCommunication:this.agentCommunication,circuitBreaker:this.circuitBreaker,driftDetector:this.driftDetector,mcpSecurity:this.mcpSecurity,promptLeakage:this.promptLeakage,trustExploitation:this.trustExploitation,autonomyEscalation:this.autonomyEscalation,statePersistence:this.statePersistence,toolResult:this.toolResultGuard,contextBudget:this.contextBudget,outputSchema:this.outputSchema}}resetSession(e){this.conversation?.resetSession(e),this.chain?.resetSession(e),this.execution?.reset(void 0,e),this.memoryGuard?.clearSession(e),this.trustExploitation?.resetSession(e),this.autonomyEscalation?.resetSession(e),this.statePersistence?.resetSession(e),this.contextBudget?.resetSession(e)}validateToolResult(e,s,o){if(!this.toolResultGuard)return{allowed:!0,violations:[]};const a=this.toolResultGuard.validateResult(e,s,o);return{allowed:a.allowed,violations:a.violations}}validateOutput(e,s,o){if(!this.outputSchema)return{allowed:!0,violations:[],threats:[]};const a=this.outputSchema.validate(e,s,o);return{allowed:a.allowed,violations:a.violations,threats:a.threats}}async checkAsync(e,s,o,a={}){const r=this.check(e,s,o,a);if(!this.classifier||!r.allowed||!a.userInput)return r;try{const i=await this.classifier(a.userInput,{type:"user_input",sessionId:o?.session_id});if(!i.safe)return{...r,allowed:!1,block_layer:"L1",block_reason:`Classifier detected threat: ${i.threats.map(n=>n.category).join(", ")}`,all_violations:[...r.all_violations,...i.threats.map(n=>`CLASSIFIER_${n.category.toUpperCase()}`)]}}catch(i){const n=i instanceof Error?i.message:String(i);this.logger(`[TrustGuard] Classifier error: ${n}`,"error")}return r}}exports.TrustGuard=TrustGuard,__exportStar(require("./integrations/index.js"),exports),exports.default=TrustGuard;
|
|
1
|
+
"use strict";var __createBinding=this&&this.__createBinding||(Object.create?(function(u,e,s,o){o===void 0&&(o=s);var a=Object.getOwnPropertyDescriptor(e,s);(!a||("get"in a?!e.__esModule:a.writable||a.configurable))&&(a={enumerable:!0,get:function(){return e[s]}}),Object.defineProperty(u,o,a)}):(function(u,e,s,o){o===void 0&&(o=s),u[o]=e[s]})),__exportStar=this&&this.__exportStar||function(u,e){for(var s in u)s!=="default"&&!Object.prototype.hasOwnProperty.call(e,s)&&__createBinding(e,u,s)},__importDefault=this&&this.__importDefault||function(u){return u&&u.__esModule?u:{default:u}};Object.defineProperty(exports,"__esModule",{value:!0}),exports.TrustGuard=exports.mergeDetectionResults=exports.createRegexClassifier=exports.TokenCostGuard=exports.OutputSchemaGuard=exports.ContextBudgetGuard=exports.ToolResultGuard=exports.StatePersistenceGuard=exports.AutonomyEscalationGuard=exports.TrustExploitationGuard=exports.PromptLeakageGuard=exports.MCPSecurityGuard=exports.DriftDetector=exports.CircuitBreaker=exports.AgentCommunicationGuard=exports.CodeExecutionGuard=exports.RAGGuard=exports.MemoryGuard=exports.MultiModalGuard=exports.EncodingDetector=exports.ToolChainValidator=exports.ConversationGuard=exports.OutputFilter=exports.ExecutionMonitor=exports.SchemaValidator=exports.TenantBoundary=exports.PolicyGate=exports.ToolRegistry=exports.InputSanitizer=void 0,__exportStar(require("./types"),exports);var input_sanitizer_1=require("./guards/input-sanitizer");Object.defineProperty(exports,"InputSanitizer",{enumerable:!0,get:function(){return input_sanitizer_1.InputSanitizer}});var tool_registry_1=require("./guards/tool-registry");Object.defineProperty(exports,"ToolRegistry",{enumerable:!0,get:function(){return tool_registry_1.ToolRegistry}});var policy_gate_1=require("./guards/policy-gate");Object.defineProperty(exports,"PolicyGate",{enumerable:!0,get:function(){return policy_gate_1.PolicyGate}});var tenant_boundary_1=require("./guards/tenant-boundary");Object.defineProperty(exports,"TenantBoundary",{enumerable:!0,get:function(){return tenant_boundary_1.TenantBoundary}});var schema_validator_1=require("./guards/schema-validator");Object.defineProperty(exports,"SchemaValidator",{enumerable:!0,get:function(){return schema_validator_1.SchemaValidator}});var execution_monitor_1=require("./guards/execution-monitor");Object.defineProperty(exports,"ExecutionMonitor",{enumerable:!0,get:function(){return execution_monitor_1.ExecutionMonitor}});var output_filter_1=require("./guards/output-filter");Object.defineProperty(exports,"OutputFilter",{enumerable:!0,get:function(){return output_filter_1.OutputFilter}});var conversation_guard_1=require("./guards/conversation-guard");Object.defineProperty(exports,"ConversationGuard",{enumerable:!0,get:function(){return conversation_guard_1.ConversationGuard}});var tool_chain_validator_1=require("./guards/tool-chain-validator");Object.defineProperty(exports,"ToolChainValidator",{enumerable:!0,get:function(){return tool_chain_validator_1.ToolChainValidator}});var encoding_detector_1=require("./guards/encoding-detector");Object.defineProperty(exports,"EncodingDetector",{enumerable:!0,get:function(){return encoding_detector_1.EncodingDetector}});var multimodal_guard_1=require("./guards/multimodal-guard");Object.defineProperty(exports,"MultiModalGuard",{enumerable:!0,get:function(){return multimodal_guard_1.MultiModalGuard}});var memory_guard_1=require("./guards/memory-guard");Object.defineProperty(exports,"MemoryGuard",{enumerable:!0,get:function(){return memory_guard_1.MemoryGuard}});var rag_guard_1=require("./guards/rag-guard");Object.defineProperty(exports,"RAGGuard",{enumerable:!0,get:function(){return rag_guard_1.RAGGuard}});var code_execution_guard_1=require("./guards/code-execution-guard");Object.defineProperty(exports,"CodeExecutionGuard",{enumerable:!0,get:function(){return code_execution_guard_1.CodeExecutionGuard}});var agent_communication_guard_1=require("./guards/agent-communication-guard");Object.defineProperty(exports,"AgentCommunicationGuard",{enumerable:!0,get:function(){return agent_communication_guard_1.AgentCommunicationGuard}});var circuit_breaker_1=require("./guards/circuit-breaker");Object.defineProperty(exports,"CircuitBreaker",{enumerable:!0,get:function(){return circuit_breaker_1.CircuitBreaker}});var drift_detector_1=require("./guards/drift-detector");Object.defineProperty(exports,"DriftDetector",{enumerable:!0,get:function(){return drift_detector_1.DriftDetector}});var mcp_security_guard_1=require("./guards/mcp-security-guard");Object.defineProperty(exports,"MCPSecurityGuard",{enumerable:!0,get:function(){return mcp_security_guard_1.MCPSecurityGuard}});var prompt_leakage_guard_1=require("./guards/prompt-leakage-guard");Object.defineProperty(exports,"PromptLeakageGuard",{enumerable:!0,get:function(){return prompt_leakage_guard_1.PromptLeakageGuard}});var trust_exploitation_guard_1=require("./guards/trust-exploitation-guard");Object.defineProperty(exports,"TrustExploitationGuard",{enumerable:!0,get:function(){return trust_exploitation_guard_1.TrustExploitationGuard}});var autonomy_escalation_guard_1=require("./guards/autonomy-escalation-guard");Object.defineProperty(exports,"AutonomyEscalationGuard",{enumerable:!0,get:function(){return autonomy_escalation_guard_1.AutonomyEscalationGuard}});var state_persistence_guard_1=require("./guards/state-persistence-guard");Object.defineProperty(exports,"StatePersistenceGuard",{enumerable:!0,get:function(){return state_persistence_guard_1.StatePersistenceGuard}});var tool_result_guard_1=require("./guards/tool-result-guard");Object.defineProperty(exports,"ToolResultGuard",{enumerable:!0,get:function(){return tool_result_guard_1.ToolResultGuard}});var context_budget_guard_1=require("./guards/context-budget-guard");Object.defineProperty(exports,"ContextBudgetGuard",{enumerable:!0,get:function(){return context_budget_guard_1.ContextBudgetGuard}});var output_schema_guard_1=require("./guards/output-schema-guard");Object.defineProperty(exports,"OutputSchemaGuard",{enumerable:!0,get:function(){return output_schema_guard_1.OutputSchemaGuard}});var token_cost_guard_1=require("./guards/token-cost-guard");Object.defineProperty(exports,"TokenCostGuard",{enumerable:!0,get:function(){return token_cost_guard_1.TokenCostGuard}});var detection_backend_1=require("./detection-backend");Object.defineProperty(exports,"createRegexClassifier",{enumerable:!0,get:function(){return detection_backend_1.createRegexClassifier}}),Object.defineProperty(exports,"mergeDetectionResults",{enumerable:!0,get:function(){return detection_backend_1.mergeDetectionResults}});const crypto_1=__importDefault(require("crypto")),input_sanitizer_2=require("./guards/input-sanitizer"),tool_registry_2=require("./guards/tool-registry"),policy_gate_2=require("./guards/policy-gate"),tenant_boundary_2=require("./guards/tenant-boundary"),schema_validator_2=require("./guards/schema-validator"),execution_monitor_2=require("./guards/execution-monitor"),output_filter_2=require("./guards/output-filter"),conversation_guard_2=require("./guards/conversation-guard"),tool_chain_validator_2=require("./guards/tool-chain-validator"),encoding_detector_2=require("./guards/encoding-detector"),multimodal_guard_2=require("./guards/multimodal-guard"),memory_guard_2=require("./guards/memory-guard"),rag_guard_2=require("./guards/rag-guard"),code_execution_guard_2=require("./guards/code-execution-guard"),agent_communication_guard_2=require("./guards/agent-communication-guard"),circuit_breaker_2=require("./guards/circuit-breaker"),drift_detector_2=require("./guards/drift-detector"),mcp_security_guard_2=require("./guards/mcp-security-guard"),prompt_leakage_guard_2=require("./guards/prompt-leakage-guard"),trust_exploitation_guard_2=require("./guards/trust-exploitation-guard"),autonomy_escalation_guard_2=require("./guards/autonomy-escalation-guard"),state_persistence_guard_2=require("./guards/state-persistence-guard"),tool_result_guard_2=require("./guards/tool-result-guard"),context_budget_guard_2=require("./guards/context-budget-guard"),output_schema_guard_2=require("./guards/output-schema-guard"),token_cost_guard_2=require("./guards/token-cost-guard");class TrustGuard{constructor(e={}){if(this.maxInputLength=e.maxInputLength??1e5,this.failMode=e.failMode??"closed",e.sanitizer?.enabled!==!1&&(this.sanitizer=new input_sanitizer_2.InputSanitizer({threshold:e.sanitizer?.threshold,customPatterns:e.sanitizer?.customPatterns,detectPAP:e.sanitizer?.detectPAP,papThreshold:e.sanitizer?.papThreshold,minPersuasionTechniques:e.sanitizer?.minPersuasionTechniques,blockCompoundPersuasion:e.sanitizer?.blockCompoundPersuasion})),e.registry?.enabled!==!1&&e.registry?.tools&&(this.registry=new tool_registry_2.ToolRegistry({tools:e.registry.tools})),e.policy?.enabled!==!1&&(this.policy=new policy_gate_2.PolicyGate({roleHierarchy:e.policy?.roleHierarchy})),e.tenant?.enabled!==!1){const s=e.tenant?.resourceOwnership?new Map(Object.entries(e.tenant.resourceOwnership).map(([o,a])=>[o,{resource_id:o,tenant_id:a.tenant_id}])):void 0;this.tenant=new tenant_boundary_2.TenantBoundary({resourceOwnership:s})}e.schema?.enabled!==!1&&(this.schema=new schema_validator_2.SchemaValidator({strictTypes:e.schema?.strictTypes})),e.execution?.enabled!==!1&&(this.execution=new execution_monitor_2.ExecutionMonitor({maxRequestsPerMinute:e.execution?.maxRequestsPerMinute,maxRequestsPerHour:e.execution?.maxRequestsPerHour,operationCosts:e.execution?.operationCosts,maxCostPerMinute:e.execution?.maxCostPerMinute,maxCostPerHour:e.execution?.maxCostPerHour})),e.output?.enabled!==!1&&(this.output=new output_filter_2.OutputFilter({detectPII:e.output?.detectPII,detectSecrets:e.output?.detectSecrets,roleFilters:e.output?.roleFilters})),e.conversation?.enabled!==!1&&(this.conversation=new conversation_guard_2.ConversationGuard({maxConversationLength:e.conversation?.maxConversationLength,escalationThreshold:e.conversation?.escalationThreshold})),e.chain?.enabled!==!1&&(this.chain=new tool_chain_validator_2.ToolChainValidator({maxToolsPerRequest:e.chain?.maxToolsPerRequest,maxSensitiveToolsPerSession:e.chain?.maxSensitiveToolsPerSession,sensitiveTools:e.chain?.sensitiveTools})),e.encoding?.enabled!==!1&&(this.encoding=new encoding_detector_2.EncodingDetector({maxDecodingDepth:e.encoding?.maxDecodingDepth,maxEncodedRatio:e.encoding?.maxEncodedRatio})),e.multiModal?.enabled&&(this.multiModal=new multimodal_guard_2.MultiModalGuard({scanMetadata:e.multiModal.scanMetadata,detectBase64Payloads:e.multiModal.detectBase64Payloads,allowedMimeTypes:e.multiModal.allowedMimeTypes})),e.memory?.enabled&&(this.memoryGuard=new memory_guard_2.MemoryGuard({enableIntegrityCheck:e.memory.enableIntegrityCheck,detectInjections:e.memory.detectInjections,maxMemoryItems:e.memory.maxMemoryItems,signingKey:e.memory.signingKey,autoQuarantine:e.memory.autoQuarantine,riskThreshold:e.memory.riskThreshold})),e.rag?.enabled&&(this.ragGuard=new rag_guard_2.RAGGuard({detectInjections:e.rag.detectInjections,verifySource:e.rag.verifySource,trustedSources:e.rag.trustedSources,blockedSources:e.rag.blockedSources,maxDocumentSize:e.rag.maxDocumentSize,minTrustScore:e.rag.minTrustScore,detectEmbeddingAttacks:e.rag.detectEmbeddingAttacks})),e.codeExecution?.enabled&&(this.codeExecution=new code_execution_guard_2.CodeExecutionGuard({allowedLanguages:e.codeExecution.allowedLanguages,maxCodeLength:e.codeExecution.maxCodeLength,maxExecutionTime:e.codeExecution.maxExecutionTime,allowNetwork:e.codeExecution.allowNetwork,allowFileSystem:e.codeExecution.allowFileSystem,allowShell:e.codeExecution.allowShell,riskThreshold:e.codeExecution.riskThreshold})),e.agentCommunication?.enabled&&(this.agentCommunication=new agent_communication_guard_2.AgentCommunicationGuard({allowedAgents:e.agentCommunication.allowedAgents,requireSignatures:e.agentCommunication.requireSignatures,strictMode:e.agentCommunication.strictMode,maxMessageAge:e.agentCommunication.maxMessageAge})),e.circuitBreaker?.enabled&&(this.circuitBreaker=new circuit_breaker_2.CircuitBreaker({failureThreshold:e.circuitBreaker.failureThreshold,minimumRequests:e.circuitBreaker.minimumRequests,windowSize:e.circuitBreaker.windowSize,recoveryTimeout:e.circuitBreaker.recoveryTimeout,successThreshold:e.circuitBreaker.successThreshold})),e.driftDetector?.enabled&&(this.driftDetector=new drift_detector_2.DriftDetector({minimumSamples:e.driftDetector.minimumSamples,anomalyThreshold:e.driftDetector.anomalyThreshold,alertThreshold:e.driftDetector.alertThreshold,checkGoalAlignment:e.driftDetector.checkGoalAlignment})),e.mcpSecurity?.enabled&&(this.mcpSecurity=new mcp_security_guard_2.MCPSecurityGuard({detectToolShadowing:e.mcpSecurity.detectToolShadowing,toolBlocklist:e.mcpSecurity.toolBlocklist,strictMode:e.mcpSecurity.strictMode,minServerReputation:e.mcpSecurity.minServerReputation})),e.promptLeakage?.enabled&&(this.promptLeakage=new prompt_leakage_guard_2.PromptLeakageGuard({detectLeetspeak:e.promptLeakage.detectLeetspeak,detectROT13:e.promptLeakage.detectROT13,detectBase64:e.promptLeakage.detectBase64,detectIndirectExtraction:e.promptLeakage.detectIndirectExtraction,monitorOutput:e.promptLeakage.monitorOutput,systemPromptKeywords:e.promptLeakage.systemPromptKeywords,riskThreshold:e.promptLeakage.riskThreshold})),e.trustExploitation?.enabled&&(this.trustExploitation=new trust_exploitation_guard_2.TrustExploitationGuard({humanApprovalRequired:e.trustExploitation.humanApprovalRequired,maxAutonomousActions:e.trustExploitation.maxAutonomousActions,monitorGoalConsistency:e.trustExploitation.monitorGoalConsistency,detectPermissionEscalation:e.trustExploitation.detectPermissionEscalation,sensitiveActions:e.trustExploitation.sensitiveActions})),e.autonomyEscalation?.enabled&&(this.autonomyEscalation=new autonomy_escalation_guard_2.AutonomyEscalationGuard({maxAutonomyLevel:e.autonomyEscalation.maxAutonomyLevel,baseAutonomyLevel:e.autonomyEscalation.baseAutonomyLevel,detectSelfModification:e.autonomyEscalation.detectSelfModification,maxSubAgents:e.autonomyEscalation.maxSubAgents,enforceHITL:e.autonomyEscalation.enforceHITL,alwaysRequireHuman:e.autonomyEscalation.alwaysRequireHuman})),e.statePersistence?.enabled&&(this.statePersistence=new state_persistence_guard_2.StatePersistenceGuard({enableIntegrityCheck:e.statePersistence.enableIntegrityCheck,requireEncryption:e.statePersistence.requireEncryption,maxStateSize:e.statePersistence.maxStateSize,maxStateAge:e.statePersistence.maxStateAge,enforceSessionIsolation:e.statePersistence.enforceSessionIsolation,sensitiveKeys:e.statePersistence.sensitiveKeys,detectTampering:e.statePersistence.detectTampering})),e.toolResult?.enabled&&(this.toolResultGuard=new tool_result_guard_2.ToolResultGuard(e.toolResult)),e.contextBudget?.enabled&&(this.contextBudget=new context_budget_guard_2.ContextBudgetGuard(e.contextBudget)),e.outputSchema?.enabled&&(this.outputSchema=new output_schema_guard_2.OutputSchemaGuard(e.outputSchema)),e.tokenCost?.enabled&&(this.tokenCostGuard=new token_cost_guard_2.TokenCostGuard(e.tokenCost)),e.classifier&&(this.classifier=e.classifier),this.logger=e.logger||((s,o)=>{o==="error"?console.error(s):o==="warn"?console.warn(s):console.log(s)})}check(e,s,o,a={}){const r=`req-${crypto_1.default.randomUUID()}`,i=[];this.logger(`[TrustGuard:${r}] Checking: ${e}`,"info");try{return this.runChecks(e,s,o,a,r)}catch(n){const l=n instanceof Error?n.message:String(n);return this.logger(`[TrustGuard:${r}] Guard error: ${l}`,"error"),this.failMode==="open"?{allowed:!0,all_violations:["GUARD_ERROR"],request_id:r}:{allowed:!1,block_reason:`Internal guard error: ${l}`,all_violations:["GUARD_ERROR"],request_id:r}}}runChecks(e,s,o,a,r){const i=[];if(a.userInput&&a.userInput.length>this.maxInputLength)return this.logger(`[TrustGuard:${r}] BLOCKED: Input too long (${a.userInput.length} > ${this.maxInputLength})`,"warn"),{allowed:!1,block_layer:"L1",block_reason:`Input length ${a.userInput.length} exceeds maximum ${this.maxInputLength}`,all_violations:["INPUT_TOO_LONG"],request_id:r};if(this.encoding&&a.userInput){const t=this.encoding.detect(a.userInput,r);if(!t.allowed)return this.logger(`[TrustGuard:${r}] BLOCKED by Encoding Detector`,"warn"),{allowed:!1,block_layer:"ENCODING",block_reason:t.reason,all_violations:t.violations,encoding:t,request_id:r};i.push(...t.violations)}if(this.sanitizer&&a.userInput){const t=this.sanitizer.sanitize(a.userInput,r);if(!t.allowed)return this.logger(`[TrustGuard:${r}] BLOCKED by L1`,"warn"),{allowed:!1,block_layer:"L1",block_reason:t.reason,all_violations:t.violations,sanitizer:t,request_id:r};i.push(...t.violations)}if(this.promptLeakage&&a.userInput){const t=this.promptLeakage.check(a.userInput,r);if(!t.allowed)return this.logger(`[TrustGuard:${r}] BLOCKED by Prompt Leakage Guard`,"warn"),{allowed:!1,block_layer:"PROMPT_LEAKAGE",block_reason:t.reason,all_violations:[...i,...t.violations],request_id:r};i.push(...t.violations)}if(this.memoryGuard&&a.userInput&&o?.session_id){const t=this.memoryGuard.validateContextInjection(a.userInput,o.session_id,r);if(!t.allowed)return this.logger(`[TrustGuard:${r}] BLOCKED by Memory Guard`,"warn"),{allowed:!1,block_layer:"MEMORY",block_reason:t.reason,all_violations:[...i,...t.violations],request_id:r};i.push(...t.violations)}if(this.conversation&&a.userInput&&o?.session_id){const t=this.conversation.check(o.session_id,a.userInput,[e],a.claimedRole,r);if(!t.allowed)return this.logger(`[TrustGuard:${r}] BLOCKED by Conversation Guard`,"warn"),{allowed:!1,block_layer:"CONV",block_reason:t.reason,all_violations:[...i,...t.violations],conversation:t,request_id:r};i.push(...t.violations)}let n;if(this.registry){const t=this.registry.check(e,o?.role||"",r);if(!t.allowed)return this.logger(`[TrustGuard:${r}] BLOCKED by L2`,"warn"),{allowed:!1,block_layer:"L2",block_reason:t.reason,all_violations:[...i,...t.violations],registry:t,request_id:r};n=t.tool,i.push(...t.violations)}if(this.chain&&o?.session_id){const t=a.allToolsInRequest?this.chain.validateBatch(o.session_id,a.allToolsInRequest,r):this.chain.validate(o.session_id,e,void 0,r);if(!t.allowed)return this.logger(`[TrustGuard:${r}] BLOCKED by Tool Chain Validator`,"warn"),{allowed:!1,block_layer:"CHAIN",block_reason:t.reason,all_violations:[...i,...t.violations],chain:t,request_id:r};i.push(...t.violations)}if(this.policy&&n){const t=this.policy.check(n,s,o,a.claimedRole,r);if(!t.allowed)return this.logger(`[TrustGuard:${r}] BLOCKED by L3`,"warn"),{allowed:!1,block_layer:"L3",block_reason:t.reason,all_violations:[...i,...t.violations],policy:t,request_id:r};i.push(...t.violations)}else this.policy&&!n&&this.logger(`[TrustGuard:${r}] Policy gate skipped: no tool definition (registry disabled or tool not found)`,"warn");if(this.autonomyEscalation&&o?.session_id){const t=this.autonomyEscalation.validate(e,o.session_id,s,r);if(!t.allowed)return this.logger(`[TrustGuard:${r}] BLOCKED by Autonomy Escalation Guard`,"warn"),{allowed:!1,block_layer:"AUTONOMY",block_reason:t.reason,all_violations:[...i,...t.violations],request_id:r};i.push(...t.violations)}let l=s;if(this.tenant){const t=this.tenant.check(e,s,o,r);if(!t.allowed)return this.logger(`[TrustGuard:${r}] BLOCKED by L4`,"warn"),{allowed:!1,block_layer:"L4",block_reason:t.reason,all_violations:[...i,...t.violations],tenant:t,request_id:r};t.enforced_params&&(l=t.enforced_params),i.push(...t.violations)}if(this.schema&&n){const t=this.schema.validate(n,l,r);if(!t.allowed)return this.logger(`[TrustGuard:${r}] BLOCKED by L5`,"warn"),{allowed:!1,block_layer:"L5",block_reason:t.reason,all_violations:[...i,...t.violations],schema:t,request_id:r};i.push(...t.violations)}if(this.execution){const t=this.execution.check(e,o?.user_id,o?.session_id,r);if(!t.allowed)return this.logger(`[TrustGuard:${r}] BLOCKED by L6`,"warn"),{allowed:!1,block_layer:"L6",block_reason:t.reason,all_violations:[...i,...t.violations],execution:t,request_id:r};i.push(...t.violations)}if(this.circuitBreaker){const t=this.circuitBreaker.check(e,r);if(!t.allowed)return this.logger(`[TrustGuard:${r}] BLOCKED by Circuit Breaker`,"warn"),{allowed:!1,block_layer:"L6",block_reason:t.reason,all_violations:[...i,"CIRCUIT_OPEN"],request_id:r}}return this.logger(`[TrustGuard:${r}] All checks PASSED`,"info"),{allowed:!0,all_violations:i,request_id:r}}filterOutput(e,s,o){let a=e,r=!1,i=!1,n=!1,l=!0;const t=typeof e=="string"?e:"";if(t.length>this.maxInputLength&&this.logger(`[TrustGuard] Output too long (${t.length}), truncating for filter`,"warn"),this.output){const d=this.output.filter(e,s,o);a=d.filtered_response,r=d.pii_detected.length>0,i=d.secrets_detected.length>0,d.allowed||(l=!1)}if(this.promptLeakage){const d=typeof a=="string"?a:JSON.stringify(a),c=this.promptLeakage.checkOutput(d,o);c.leaked&&(l=!1,n=!0,c.sanitized_output&&(a=c.sanitized_output))}return{allowed:l,filtered:a,pii_detected:r,secrets_detected:i,prompt_leakage_detected:n}}completeOperation(e,s,o=!0){this.execution&&this.execution.completeOperation(e?.user_id,e?.session_id),this.circuitBreaker&&s&&(o?this.circuitBreaker.recordSuccess(s):this.circuitBreaker.recordFailure(s))}getToolsForRole(e){return this.registry?this.registry.getToolsForRole(e):[]}getGuards(){return{sanitizer:this.sanitizer,registry:this.registry,policy:this.policy,tenant:this.tenant,schema:this.schema,execution:this.execution,output:this.output,conversation:this.conversation,chain:this.chain,encoding:this.encoding,multiModal:this.multiModal,memory:this.memoryGuard,rag:this.ragGuard,codeExecution:this.codeExecution,agentCommunication:this.agentCommunication,circuitBreaker:this.circuitBreaker,driftDetector:this.driftDetector,mcpSecurity:this.mcpSecurity,promptLeakage:this.promptLeakage,trustExploitation:this.trustExploitation,autonomyEscalation:this.autonomyEscalation,statePersistence:this.statePersistence,toolResult:this.toolResultGuard,contextBudget:this.contextBudget,outputSchema:this.outputSchema,tokenCost:this.tokenCostGuard}}resetSession(e){this.conversation?.resetSession(e),this.chain?.resetSession(e),this.execution?.reset(void 0,e),this.memoryGuard?.clearSession(e),this.trustExploitation?.resetSession(e),this.autonomyEscalation?.resetSession(e),this.statePersistence?.resetSession(e),this.contextBudget?.resetSession(e)}validateToolResult(e,s,o){if(!this.toolResultGuard)return{allowed:!0,violations:[]};const a=this.toolResultGuard.validateResult(e,s,o);return{allowed:a.allowed,violations:a.violations}}validateOutput(e,s,o){if(!this.outputSchema)return{allowed:!0,violations:[],threats:[]};const a=this.outputSchema.validate(e,s,o);return{allowed:a.allowed,violations:a.violations,threats:a.threats}}async checkAsync(e,s,o,a={}){const r=this.check(e,s,o,a);if(!this.classifier||!r.allowed||!a.userInput)return r;try{const i=await this.classifier(a.userInput,{type:"user_input",sessionId:o?.session_id});if(!i.safe)return{...r,allowed:!1,block_layer:"L1",block_reason:`Classifier detected threat: ${i.threats.map(n=>n.category).join(", ")}`,all_violations:[...r.all_violations,...i.threats.map(n=>`CLASSIFIER_${n.category.toUpperCase()}`)]}}catch(i){const n=i instanceof Error?i.message:String(i);this.logger(`[TrustGuard] Classifier error: ${n}`,"error")}return r}}exports.TrustGuard=TrustGuard,__exportStar(require("./integrations/index.js"),exports),exports.default=TrustGuard;
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "llm-trust-guard",
|
|
3
|
-
"version": "4.
|
|
3
|
+
"version": "4.8.0",
|
|
4
4
|
"description": "Comprehensive security guards for LLM-powered and agentic AI applications - 22 protection layers covering OWASP Top 10 for LLMs 2025, Agentic Applications 2026, and MCP Security. All guards now accessible via unified TrustGuard facade. Features prompt injection (PAP/persuasion), multi-modal attacks, RAG poisoning with embedding attack detection, memory persistence attacks, code execution sandboxing, multi-agent security, MCP tool shadowing prevention, system prompt leakage protection, human-agent trust exploitation (ASI09), autonomy escalation (ASI10), state persistence (ASI08), tool chain validation v2 (ASI07/ASI04), circuit breaker, drift detection, and more",
|
|
5
5
|
"main": "dist/index.js",
|
|
6
6
|
"types": "dist/index.d.ts",
|