npm - mcp-image - Versions diffs - 0.1.0 → 0.2.0 - Mend

mcp-image 0.1.0 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (178) hide show

package/dist/infrastructure/security/SecureMCPClient.d.ts ADDED Viewed

@@ -0,0 +1,154 @@
+/**
+ * Secure MCP Client
+ * Wraps existing MCPSamplingClient with comprehensive security features:
+ * - Rate limiting (3 requests/second with burst support)
+ * - Content filtering and sanitization
+ * - Security incident management integration
+ * - Performance monitoring and metrics
+ */
+import type { MCPSamplingClient, MCPSamplingResult } from '../../business/__tests__/mocks/mcpSamplingClient.mock';
+import { type RiskAssessmentResult } from './AdvancedContentFilter';
+import { SecurityIncidentManager } from './SecurityIncidentManager';
+/**
+ * Rate limiting configuration
+ */
+export interface RateLimitConfig {
+    /** Requests per second allowed */
+    requestsPerSecond: number;
+    /** Maximum burst requests allowed */
+    burstLimit: number;
+    /** Cooldown period after hitting rate limit (ms) */
+    cooldownPeriod: number;
+}
+/**
+ * Security configuration
+ */
+export interface SecurityConfig {
+    /** Enable content filtering */
+    enableContentFiltering: boolean;
+    /** Enable security incident reporting */
+    enableIncidentReporting: boolean;
+    /** Block high-risk content */
+    blockHighRiskContent: boolean;
+    /** Sanitize sensitive data */
+    sanitizeSensitiveData: boolean;
+}
+/**
+ * Configuration for SecureMCPClient
+ */
+export interface SecureMCPClientConfig {
+    /** Rate limiting configuration */
+    rateLimit: RateLimitConfig;
+    /** Security configuration */
+    securityConfig: SecurityConfig;
+    /** Optional incident manager instance */
+    incidentManager?: SecurityIncidentManager;
+}
+/**
+ * Enhanced MCP sampling result with security information
+ */
+export interface SecureMCPResult extends MCPSamplingResult {
+    /** Risk assessment result */
+    riskAssessment?: RiskAssessmentResult;
+    /** Sanitized prompt if sensitive data was detected */
+    sanitizedPrompt?: string;
+    /** Fallback prompt if MCP fails */
+    fallbackPrompt?: string;
+    /** Error message if request failed */
+    error?: string;
+}
+/**
+ * Performance metrics for monitoring
+ */
+export interface PerformanceMetrics {
+    /** Total requests made */
+    totalRequests: number;
+    /** Successful requests */
+    successfulRequests: number;
+    /** Rate limit hits */
+    rateLimitHits: number;
+    /** Security blocks */
+    securityBlocks: number;
+    /** Average processing time */
+    averageProcessingTime: number;
+}
+/**
+ * Secure MCP Client Implementation
+ * Wraps MCPSamplingClient with comprehensive security and rate limiting
+ */
+export declare class SecureMCPClient {
+    private readonly mcpClient;
+    private readonly config;
+    private readonly contentFilter;
+    private readonly incidentManager;
+    private readonly rateLimitState;
+    private readonly performanceMetrics;
+    constructor(mcpClient: MCPSamplingClient, config: SecureMCPClientConfig);
+    /**
+     * Initialize the secure MCP client
+     */
+    initialize(): Promise<void>;
+    /**
+     * Refine prompt with security and rate limiting
+     * @param prompt - Input prompt to refine
+     * @returns SecureMCPResult with security analysis
+     */
+    refinePrompt(prompt: string): Promise<SecureMCPResult>;
+    /**
+     * Check if request is within rate limits
+     */
+    private checkRateLimit;
+    /**
+     * Record successful request for rate limiting
+     */
+    private recordRequest;
+    /**
+     * Report security incident
+     */
+    private reportSecurityIncident;
+    /**
+     * Create error result
+     */
+    private createErrorResult;
+    /**
+     * Create blocked result due to security
+     */
+    private createBlockedResult;
+    /**
+     * Update average processing time
+     */
+    private updateAverageProcessingTime;
+    /**
+     * Build assessment prompt (mock functionality as interface doesn't include this)
+     */
+    buildAssessmentPrompt(originalPrompt: string): string;
+    /**
+     * Check if MCP client is available
+     */
+    isAvailable(): Promise<boolean>;
+    /**
+     * Disconnect from MCP client (no-op as interface doesn't include this)
+     */
+    disconnect(): Promise<void>;
+    /**
+     * Get current performance metrics
+     */
+    getPerformanceMetrics(): PerformanceMetrics;
+    /**
+     * Update configuration
+     */
+    updateConfiguration(newConfig: Partial<SecureMCPClientConfig>): void;
+    /**
+     * Reset performance metrics
+     */
+    resetMetrics(): void;
+    /**
+     * Get current rate limit status
+     */
+    getRateLimitStatus(): {
+        currentRequests: number;
+        isInCooldown: boolean;
+        timeUntilReset: number;
+    };
+}
+//# sourceMappingURL=SecureMCPClient.d.ts.map

package/dist/infrastructure/security/SecureMCPClient.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"SecureMCPClient.d.ts","sourceRoot":"","sources":["../../../src/infrastructure/security/SecureMCPClient.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EACV,iBAAiB,EACjB,iBAAiB,EAClB,MAAM,uDAAuD,CAAA;AAC9D,OAAO,EAAyB,KAAK,oBAAoB,EAAE,MAAM,yBAAyB,CAAA;AAC1F,OAAO,EAAyB,uBAAuB,EAAE,MAAM,2BAA2B,CAAA;AAE1F;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,kCAAkC;IAClC,iBAAiB,EAAE,MAAM,CAAA;IACzB,qCAAqC;IACrC,UAAU,EAAE,MAAM,CAAA;IAClB,oDAAoD;IACpD,cAAc,EAAE,MAAM,CAAA;CACvB;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,+BAA+B;IAC/B,sBAAsB,EAAE,OAAO,CAAA;IAC/B,yCAAyC;IACzC,uBAAuB,EAAE,OAAO,CAAA;IAChC,8BAA8B;IAC9B,oBAAoB,EAAE,OAAO,CAAA;IAC7B,8BAA8B;IAC9B,qBAAqB,EAAE,OAAO,CAAA;CAC/B;AAED;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC,kCAAkC;IAClC,SAAS,EAAE,eAAe,CAAA;IAC1B,6BAA6B;IAC7B,cAAc,EAAE,cAAc,CAAA;IAC9B,yCAAyC;IACzC,eAAe,CAAC,EAAE,uBAAuB,CAAA;CAC1C;AAED;;GAEG;AACH,MAAM,WAAW,eAAgB,SAAQ,iBAAiB;IACxD,6BAA6B;IAC7B,cAAc,CAAC,EAAE,oBAAoB,CAAA;IACrC,sDAAsD;IACtD,eAAe,CAAC,EAAE,MAAM,CAAA;IACxB,mCAAmC;IACnC,cAAc,CAAC,EAAE,MAAM,CAAA;IACvB,sCAAsC;IACtC,KAAK,CAAC,EAAE,MAAM,CAAA;CACf;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,0BAA0B;IAC1B,aAAa,EAAE,MAAM,CAAA;IACrB,0BAA0B;IAC1B,kBAAkB,EAAE,MAAM,CAAA;IAC1B,sBAAsB;IACtB,aAAa,EAAE,MAAM,CAAA;IACrB,sBAAsB;IACtB,cAAc,EAAE,MAAM,CAAA;IACtB,8BAA8B;IAC9B,qBAAqB,EAAE,MAAM,CAAA;CAC9B;AAcD;;;GAGG;AACH,qBAAa,eAAe;IAC1B,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAmB;IAC7C,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAuB;IAC9C,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAuB;IACrD,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAyB;IACzD,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAgB;IAC/C,OAAO,CAAC,QAAQ,CAAC,kBAAkB,CAAoB;gBAE3C,SAAS,EAAE,iBAAiB,EAAE,MAAM,EAAE,qBAAqB;IAqBvE;;OAEG;IACG,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;IAKjC;;;;OAIG;IACG,YAAY,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,CAAC;IAyF5D;;OAEG;IACH,OAAO,CAAC,cAAc;IAwCtB;;OAEG;IACH,OAAO,CAAC,aAAa;IAIrB;;OAEG;YACW,sBAAsB;IAoBpC;;OAEG;IACH,OAAO,CAAC,iBAAiB;IAmBzB;;OAEG;IACH,OAAO,CAAC,mBAAmB;IA0B3B;;OAEG;IACH,OAAO,CAAC,2BAA2B;IAOnC;;OAEG;IACH,qBAAqB,CAAC,cAAc,EAAE,MAAM,GAAG,MAAM;IAIrD;;OAEG;IACG,WAAW,IAAI,OAAO,CAAC,OAAO,CAAC;IAIrC;;OAEG;IACG,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;IAKjC;;OAEG;IACH,qBAAqB,IAAI,kBAAkB;IAI3C;;OAEG;IACH,mBAAmB,CAAC,SAAS,EAAE,OAAO,CAAC,qBAAqB,CAAC,GAAG,IAAI;IAapE;;OAEG;IACH,YAAY,IAAI,IAAI;IAQpB;;OAEG;IACH,kBAAkB,IAAI;QACpB,eAAe,EAAE,MAAM,CAAA;QACvB,YAAY,EAAE,OAAO,CAAA;QACrB,cAAc,EAAE,MAAM,CAAA;KACvB;CAqBF"}

package/dist/infrastructure/security/SecureMCPClient.js ADDED Viewed

@@ -0,0 +1,292 @@
+"use strict";
+/**
+ * Secure MCP Client
+ * Wraps existing MCPSamplingClient with comprehensive security features:
+ * - Rate limiting (3 requests/second with burst support)
+ * - Content filtering and sanitization
+ * - Security incident management integration
+ * - Performance monitoring and metrics
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SecureMCPClient = void 0;
+const AdvancedContentFilter_1 = require("./AdvancedContentFilter");
+const SecurityIncidentManager_1 = require("./SecurityIncidentManager");
+/**
+ * Secure MCP Client Implementation
+ * Wraps MCPSamplingClient with comprehensive security and rate limiting
+ */
+class SecureMCPClient {
+    constructor(mcpClient, config) {
+        this.mcpClient = mcpClient;
+        this.config = config;
+        this.contentFilter = new AdvancedContentFilter_1.AdvancedContentFilter();
+        this.incidentManager = config.incidentManager || new SecurityIncidentManager_1.SecurityIncidentManager();
+        this.rateLimitState = {
+            requestTimes: [],
+            lastRateLimitHit: 0,
+            inCooldown: false,
+        };
+        this.performanceMetrics = {
+            totalRequests: 0,
+            successfulRequests: 0,
+            rateLimitHits: 0,
+            securityBlocks: 0,
+            averageProcessingTime: 0,
+        };
+    }
+    /**
+     * Initialize the secure MCP client
+     */
+    async initialize() {
+        // Note: MCPSamplingClient interface doesn't include initialize method
+        // This is a no-op for compatibility with the expected interface
+    }
+    /**
+     * Refine prompt with security and rate limiting
+     * @param prompt - Input prompt to refine
+     * @returns SecureMCPResult with security analysis
+     */
+    async refinePrompt(prompt) {
+        const startTime = Date.now();
+        this.performanceMetrics.totalRequests++;
+        try {
+            // Check rate limiting
+            if (!this.checkRateLimit()) {
+                this.performanceMetrics.rateLimitHits++;
+                const processingTime = Date.now() - startTime;
+                this.updateAverageProcessingTime(processingTime);
+                // Determine specific rate limit message
+                const { burstLimit, requestsPerSecond } = this.config.rateLimit;
+                const currentRequests = this.rateLimitState.requestTimes.length;
+                const isBurstLimit = burstLimit !== requestsPerSecond && currentRequests >= burstLimit;
+                const errorMessage = isBurstLimit
+                    ? 'Request blocked due to burst limit exceeded'
+                    : 'Request blocked due to rate limit exceeded';
+                return this.createErrorResult(prompt, errorMessage, startTime);
+            }
+            // Security content filtering
+            if (this.config.securityConfig.enableContentFiltering) {
+                const riskAssessment = this.contentFilter.assessRisk(prompt);
+                if (this.config.securityConfig.blockHighRiskContent && riskAssessment.shouldBlock) {
+                    this.performanceMetrics.securityBlocks++;
+                    // Report security incident if enabled
+                    if (this.config.securityConfig.enableIncidentReporting) {
+                        await this.reportSecurityIncident(prompt, riskAssessment);
+                    }
+                    const sanitizedPrompt = this.config.securityConfig.sanitizeSensitiveData
+                        ? this.contentFilter.detectSensitiveData(prompt).sanitizedContent
+                        : prompt;
+                    const processingTime = Date.now() - startTime;
+                    this.updateAverageProcessingTime(processingTime);
+                    return this.createBlockedResult(prompt, riskAssessment, sanitizedPrompt, startTime);
+                }
+            }
+            // Record successful rate limit check
+            this.recordRequest();
+            // Check MCP client availability
+            if (!(await this.mcpClient.isAvailable())) {
+                const processingTime = Date.now() - startTime;
+                this.updateAverageProcessingTime(processingTime);
+                return this.createErrorResult(prompt, 'MCP client unavailable', startTime);
+            }
+            // Call underlying MCP client
+            const mcpResult = await this.mcpClient.refinePrompt(prompt);
+            // Update metrics
+            if (mcpResult.success) {
+                this.performanceMetrics.successfulRequests++;
+            }
+            const processingTime = Date.now() - startTime;
+            this.updateAverageProcessingTime(processingTime);
+            // Return enhanced result
+            const result = {
+                refinedPrompt: mcpResult.refinedPrompt,
+                success: mcpResult.success,
+                metadata: mcpResult.metadata,
+                processingTime, // Use our calculated processing time
+            };
+            if (this.config.securityConfig.enableContentFiltering) {
+                result.riskAssessment = this.contentFilter.assessRisk(prompt);
+            }
+            return result;
+        }
+        catch (error) {
+            const processingTime = Date.now() - startTime;
+            this.updateAverageProcessingTime(processingTime);
+            // Pass through the original error message from MCP client
+            const errorMessage = error instanceof Error ? error.message : 'Unknown error occurred';
+            return this.createErrorResult(prompt, errorMessage, startTime);
+        }
+    }
+    /**
+     * Check if request is within rate limits
+     */
+    checkRateLimit() {
+        const now = Date.now();
+        const { requestsPerSecond, burstLimit, cooldownPeriod } = this.config.rateLimit;
+        // Check if in cooldown period
+        if (this.rateLimitState.inCooldown) {
+            if (now - this.rateLimitState.lastRateLimitHit < cooldownPeriod) {
+                return false;
+            }
+            // Exit cooldown period
+            this.rateLimitState.inCooldown = false;
+            this.rateLimitState.requestTimes = [];
+        }
+        // Remove requests older than 1 second
+        const oneSecondAgo = now - 1000;
+        this.rateLimitState.requestTimes = this.rateLimitState.requestTimes.filter((time) => time > oneSecondAgo);
+        // For burst limit test: check exact burst limit
+        const currentRequestCount = this.rateLimitState.requestTimes.length;
+        // Check burst limit first (if configured differently than requestsPerSecond)
+        if (burstLimit !== requestsPerSecond && currentRequestCount >= burstLimit) {
+            this.rateLimitState.lastRateLimitHit = now;
+            this.rateLimitState.inCooldown = true;
+            return false;
+        }
+        // Check requests per second
+        if (currentRequestCount >= requestsPerSecond) {
+            this.rateLimitState.lastRateLimitHit = now;
+            this.rateLimitState.inCooldown = true;
+            return false;
+        }
+        return true;
+    }
+    /**
+     * Record successful request for rate limiting
+     */
+    recordRequest() {
+        this.rateLimitState.requestTimes.push(Date.now());
+    }
+    /**
+     * Report security incident
+     */
+    async reportSecurityIncident(prompt, riskAssessment) {
+        const incident = {
+            type: 'suspicious_activity',
+            riskLevel: riskAssessment.riskLevel.toLowerCase(),
+            details: {
+                detectedThreats: riskAssessment.detectedThreats,
+                confidence: riskAssessment.confidence,
+                processingRecommendation: riskAssessment.processingRecommendation,
+                promptLength: prompt.length,
+                sanitizedPrompt: this.contentFilter.detectSensitiveData(prompt).sanitizedContent,
+            },
+            source: 'SecureMCPClient',
+        };
+        this.incidentManager.reportIncident(incident);
+    }
+    /**
+     * Create error result
+     */
+    createErrorResult(originalPrompt, error, startTime) {
+        return {
+            refinedPrompt: originalPrompt,
+            success: false,
+            processingTime: Date.now() - startTime,
+            metadata: {
+                model: 'secure-mcp-client',
+                iterations: 0,
+                confidence: 0,
+            },
+            fallbackPrompt: originalPrompt,
+            error,
+        };
+    }
+    /**
+     * Create blocked result due to security
+     */
+    createBlockedResult(originalPrompt, riskAssessment, sanitizedPrompt, startTime) {
+        return {
+            refinedPrompt: originalPrompt,
+            success: false,
+            processingTime: Date.now() - startTime,
+            metadata: {
+                model: 'secure-mcp-client',
+                iterations: 0,
+                confidence: 0,
+            },
+            riskAssessment,
+            sanitizedPrompt,
+            fallbackPrompt: originalPrompt,
+            error: `Request blocked due to security risk: ${riskAssessment.riskLevel}. Detected threats: ${riskAssessment.detectedThreats.join(', ')}. ${riskAssessment.detectedThreats.includes('SENSITIVE_DATA')
+                ? 'Contains sensitive data that must be redacted.'
+                : ''}`,
+        };
+    }
+    /**
+     * Update average processing time
+     */
+    updateAverageProcessingTime(processingTime) {
+        this.performanceMetrics.averageProcessingTime =
+            (this.performanceMetrics.averageProcessingTime * (this.performanceMetrics.totalRequests - 1) +
+                processingTime) /
+                this.performanceMetrics.totalRequests;
+    }
+    /**
+     * Build assessment prompt (mock functionality as interface doesn't include this)
+     */
+    buildAssessmentPrompt(originalPrompt) {
+        return `Assessment: ${originalPrompt}`;
+    }
+    /**
+     * Check if MCP client is available
+     */
+    async isAvailable() {
+        return await this.mcpClient.isAvailable();
+    }
+    /**
+     * Disconnect from MCP client (no-op as interface doesn't include this)
+     */
+    async disconnect() {
+        // Note: MCPSamplingClient interface doesn't include disconnect method
+        // This is a no-op for compatibility with the expected interface
+    }
+    /**
+     * Get current performance metrics
+     */
+    getPerformanceMetrics() {
+        return { ...this.performanceMetrics };
+    }
+    /**
+     * Update configuration
+     */
+    updateConfiguration(newConfig) {
+        if (newConfig.rateLimit) {
+            Object.assign(this.config.rateLimit, newConfig.rateLimit);
+            // Reset rate limit state when config changes
+            this.rateLimitState.requestTimes = [];
+            this.rateLimitState.inCooldown = false;
+        }
+        if (newConfig.securityConfig) {
+            Object.assign(this.config.securityConfig, newConfig.securityConfig);
+        }
+    }
+    /**
+     * Reset performance metrics
+     */
+    resetMetrics() {
+        this.performanceMetrics.totalRequests = 0;
+        this.performanceMetrics.successfulRequests = 0;
+        this.performanceMetrics.rateLimitHits = 0;
+        this.performanceMetrics.securityBlocks = 0;
+        this.performanceMetrics.averageProcessingTime = 0;
+    }
+    /**
+     * Get current rate limit status
+     */
+    getRateLimitStatus() {
+        const now = Date.now();
+        const oneSecondAgo = now - 1000;
+        const currentRequests = this.rateLimitState.requestTimes.filter((time) => time > oneSecondAgo).length;
+        const timeUntilReset = this.rateLimitState.inCooldown
+            ? Math.max(0, this.config.rateLimit.cooldownPeriod - (now - this.rateLimitState.lastRateLimitHit))
+            : 0;
+        return {
+            currentRequests,
+            isInCooldown: this.rateLimitState.inCooldown,
+            timeUntilReset,
+        };
+    }
+}
+exports.SecureMCPClient = SecureMCPClient;
+//# sourceMappingURL=SecureMCPClient.js.map

package/dist/infrastructure/security/SecureMCPClient.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"SecureMCPClient.js","sourceRoot":"","sources":["../../../src/infrastructure/security/SecureMCPClient.ts"],"names":[],"mappings":";AAAA;;;;;;;GAOG;;;AAMH,mEAA0F;AAC1F,uEAA0F;AAkF1F;;;GAGG;AACH,MAAa,eAAe;IAQ1B,YAAY,SAA4B,EAAE,MAA6B;QACrE,IAAI,CAAC,SAAS,GAAG,SAAS,CAAA;QAC1B,IAAI,CAAC,MAAM,GAAG,MAAM,CAAA;QACpB,IAAI,CAAC,aAAa,GAAG,IAAI,6CAAqB,EAAE,CAAA;QAChD,IAAI,CAAC,eAAe,GAAG,MAAM,CAAC,eAAe,IAAI,IAAI,iDAAuB,EAAE,CAAA;QAE9E,IAAI,CAAC,cAAc,GAAG;YACpB,YAAY,EAAE,EAAE;YAChB,gBAAgB,EAAE,CAAC;YACnB,UAAU,EAAE,KAAK;SAClB,CAAA;QAED,IAAI,CAAC,kBAAkB,GAAG;YACxB,aAAa,EAAE,CAAC;YAChB,kBAAkB,EAAE,CAAC;YACrB,aAAa,EAAE,CAAC;YAChB,cAAc,EAAE,CAAC;YACjB,qBAAqB,EAAE,CAAC;SACzB,CAAA;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,UAAU;QACd,sEAAsE;QACtE,gEAAgE;IAClE,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,YAAY,CAAC,MAAc;QAC/B,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;QAC5B,IAAI,CAAC,kBAAkB,CAAC,aAAa,EAAE,CAAA;QAEvC,IAAI,CAAC;YACH,sBAAsB;YACtB,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,EAAE,CAAC;gBAC3B,IAAI,CAAC,kBAAkB,CAAC,aAAa,EAAE,CAAA;gBACvC,MAAM,cAAc,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAA;gBAC7C,IAAI,CAAC,2BAA2B,CAAC,cAAc,CAAC,CAAA;gBAEhD,wCAAwC;gBACxC,MAAM,EAAE,UAAU,EAAE,iBAAiB,EAAE,GAAG,IAAI,CAAC,MAAM,CAAC,SAAS,CAAA;gBAC/D,MAAM,eAAe,GAAG,IAAI,CAAC,cAAc,CAAC,YAAY,CAAC,MAAM,CAAA;gBAC/D,MAAM,YAAY,GAAG,UAAU,KAAK,iBAAiB,IAAI,eAAe,IAAI,UAAU,CAAA;gBAEtF,MAAM,YAAY,GAAG,YAAY;oBAC/B,CAAC,CAAC,6CAA6C;oBAC/C,CAAC,CAAC,4CAA4C,CAAA;gBAEhD,OAAO,IAAI,CAAC,iBAAiB,CAAC,MAAM,EAAE,YAAY,EAAE,SAAS,CAAC,CAAA;YAChE,CAAC;YAED,6BAA6B;YAC7B,IAAI,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,sBAAsB,EAAE,CAAC;gBACtD,MAAM,cAAc,GAAG,IAAI,CAAC,aAAa,CAAC,UAAU,CAAC,MAAM,CAAC,CAAA;gBAE5D,IAAI,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,oBAAoB,IAAI,cAAc,CAAC,WAAW,EAAE,CAAC;oBAClF,IAAI,CAAC,kBAAkB,CAAC,cAAc,EAAE,CAAA;oBAExC,sCAAsC;oBACtC,IAAI,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,uBAAuB,EAAE,CAAC;wBACvD,MAAM,IAAI,CAAC,sBAAsB,CAAC,MAAM,EAAE,cAAc,CAAC,CAAA;oBAC3D,CAAC;oBAED,MAAM,eAAe,GAAG,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,qBAAqB;wBACtE,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,mBAAmB,CAAC,MAAM,CAAC,CAAC,gBAAgB;wBACjE,CAAC,CAAC,MAAM,CAAA;oBAEV,MAAM,cAAc,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAA;oBAC7C,IAAI,CAAC,2BAA2B,CAAC,cAAc,CAAC,CAAA;oBAChD,OAAO,IAAI,CAAC,mBAAmB,CAAC,MAAM,EAAE,cAAc,EAAE,eAAe,EAAE,SAAS,CAAC,CAAA;gBACrF,CAAC;YACH,CAAC;YAED,qCAAqC;YACrC,IAAI,CAAC,aAAa,EAAE,CAAA;YAEpB,gCAAgC;YAChC,IAAI,CAAC,CAAC,MAAM,IAAI,CAAC,SAAS,CAAC,WAAW,EAAE,CAAC,EAAE,CAAC;gBAC1C,MAAM,cAAc,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAA;gBAC7C,IAAI,CAAC,2BAA2B,CAAC,cAAc,CAAC,CAAA;gBAChD,OAAO,IAAI,CAAC,iBAAiB,CAAC,MAAM,EAAE,wBAAwB,EAAE,SAAS,CAAC,CAAA;YAC5E,CAAC;YAED,6BAA6B;YAC7B,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,MAAM,CAAC,CAAA;YAE3D,iBAAiB;YACjB,IAAI,SAAS,CAAC,OAAO,EAAE,CAAC;gBACtB,IAAI,CAAC,kBAAkB,CAAC,kBAAkB,EAAE,CAAA;YAC9C,CAAC;YAED,MAAM,cAAc,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAA;YAC7C,IAAI,CAAC,2BAA2B,CAAC,cAAc,CAAC,CAAA;YAEhD,yBAAyB;YACzB,MAAM,MAAM,GAAoB;gBAC9B,aAAa,EAAE,SAAS,CAAC,aAAa;gBACtC,OAAO,EAAE,SAAS,CAAC,OAAO;gBAC1B,QAAQ,EAAE,SAAS,CAAC,QAAQ;gBAC5B,cAAc,EAAE,qCAAqC;aACtD,CAAA;YAED,IAAI,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,sBAAsB,EAAE,CAAC;gBACtD,MAAM,CAAC,cAAc,GAAG,IAAI,CAAC,aAAa,CAAC,UAAU,CAAC,MAAM,CAAC,CAAA;YAC/D,CAAC;YAED,OAAO,MAAM,CAAA;QACf,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,cAAc,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAA;YAC7C,IAAI,CAAC,2BAA2B,CAAC,cAAc,CAAC,CAAA;YAEhD,0DAA0D;YAC1D,MAAM,YAAY,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,wBAAwB,CAAA;YACtF,OAAO,IAAI,CAAC,iBAAiB,CAAC,MAAM,EAAE,YAAY,EAAE,SAAS,CAAC,CAAA;QAChE,CAAC;IACH,CAAC;IAED;;OAEG;IACK,cAAc;QACpB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;QACtB,MAAM,EAAE,iBAAiB,EAAE,UAAU,EAAE,cAAc,EAAE,GAAG,IAAI,CAAC,MAAM,CAAC,SAAS,CAAA;QAE/E,8BAA8B;QAC9B,IAAI,IAAI,CAAC,cAAc,CAAC,UAAU,EAAE,CAAC;YACnC,IAAI,GAAG,GAAG,IAAI,CAAC,cAAc,CAAC,gBAAgB,GAAG,cAAc,EAAE,CAAC;gBAChE,OAAO,KAAK,CAAA;YACd,CAAC;YACD,uBAAuB;YACvB,IAAI,CAAC,cAAc,CAAC,UAAU,GAAG,KAAK,CAAA;YACtC,IAAI,CAAC,cAAc,CAAC,YAAY,GAAG,EAAE,CAAA;QACvC,CAAC;QAED,sCAAsC;QACtC,MAAM,YAAY,GAAG,GAAG,GAAG,IAAI,CAAA;QAC/B,IAAI,CAAC,cAAc,CAAC,YAAY,GAAG,IAAI,CAAC,cAAc,CAAC,YAAY,CAAC,MAAM,CACxE,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,GAAG,YAAY,CAC9B,CAAA;QAED,gDAAgD;QAChD,MAAM,mBAAmB,GAAG,IAAI,CAAC,cAAc,CAAC,YAAY,CAAC,MAAM,CAAA;QAEnE,6EAA6E;QAC7E,IAAI,UAAU,KAAK,iBAAiB,IAAI,mBAAmB,IAAI,UAAU,EAAE,CAAC;YAC1E,IAAI,CAAC,cAAc,CAAC,gBAAgB,GAAG,GAAG,CAAA;YAC1C,IAAI,CAAC,cAAc,CAAC,UAAU,GAAG,IAAI,CAAA;YACrC,OAAO,KAAK,CAAA;QACd,CAAC;QAED,4BAA4B;QAC5B,IAAI,mBAAmB,IAAI,iBAAiB,EAAE,CAAC;YAC7C,IAAI,CAAC,cAAc,CAAC,gBAAgB,GAAG,GAAG,CAAA;YAC1C,IAAI,CAAC,cAAc,CAAC,UAAU,GAAG,IAAI,CAAA;YACrC,OAAO,KAAK,CAAA;QACd,CAAC;QAED,OAAO,IAAI,CAAA;IACb,CAAC;IAED;;OAEG;IACK,aAAa;QACnB,IAAI,CAAC,cAAc,CAAC,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAA;IACnD,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,sBAAsB,CAClC,MAAc,EACd,cAAoC;QAEpC,MAAM,QAAQ,GAA+C;YAC3D,IAAI,EAAE,qBAAqB;YAC3B,SAAS,EAAE,cAAc,CAAC,SAAS,CAAC,WAAW,EAAmC;YAClF,OAAO,EAAE;gBACP,eAAe,EAAE,cAAc,CAAC,eAAe;gBAC/C,UAAU,EAAE,cAAc,CAAC,UAAU;gBACrC,wBAAwB,EAAE,cAAc,CAAC,wBAAwB;gBACjE,YAAY,EAAE,MAAM,CAAC,MAAM;gBAC3B,eAAe,EAAE,IAAI,CAAC,aAAa,CAAC,mBAAmB,CAAC,MAAM,CAAC,CAAC,gBAAgB;aACjF;YACD,MAAM,EAAE,iBAAiB;SAC1B,CAAA;QAED,IAAI,CAAC,eAAe,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAA;IAC/C,CAAC;IAED;;OAEG;IACK,iBAAiB,CACvB,cAAsB,EACtB,KAAa,EACb,SAAiB;QAEjB,OAAO;YACL,aAAa,EAAE,cAAc;YAC7B,OAAO,EAAE,KAAK;YACd,cAAc,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;YACtC,QAAQ,EAAE;gBACR,KAAK,EAAE,mBAAmB;gBAC1B,UAAU,EAAE,CAAC;gBACb,UAAU,EAAE,CAAC;aACd;YACD,cAAc,EAAE,cAAc;YAC9B,KAAK;SACN,CAAA;IACH,CAAC;IAED;;OAEG;IACK,mBAAmB,CACzB,cAAsB,EACtB,cAAoC,EACpC,eAAuB,EACvB,SAAiB;QAEjB,OAAO;YACL,aAAa,EAAE,cAAc;YAC7B,OAAO,EAAE,KAAK;YACd,cAAc,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;YACtC,QAAQ,EAAE;gBACR,KAAK,EAAE,mBAAmB;gBAC1B,UAAU,EAAE,CAAC;gBACb,UAAU,EAAE,CAAC;aACd;YACD,cAAc;YACd,eAAe;YACf,cAAc,EAAE,cAAc;YAC9B,KAAK,EAAE,yCAAyC,cAAc,CAAC,SAAS,uBAAuB,cAAc,CAAC,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,KACtI,cAAc,CAAC,eAAe,CAAC,QAAQ,CAAC,gBAAgB,CAAC;gBACvD,CAAC,CAAC,gDAAgD;gBAClD,CAAC,CAAC,EACN,EAAE;SACH,CAAA;IACH,CAAC;IAED;;OAEG;IACK,2BAA2B,CAAC,cAAsB;QACxD,IAAI,CAAC,kBAAkB,CAAC,qBAAqB;YAC3C,CAAC,IAAI,CAAC,kBAAkB,CAAC,qBAAqB,GAAG,CAAC,IAAI,CAAC,kBAAkB,CAAC,aAAa,GAAG,CAAC,CAAC;gBAC1F,cAAc,CAAC;gBACjB,IAAI,CAAC,kBAAkB,CAAC,aAAa,CAAA;IACzC,CAAC;IAED;;OAEG;IACH,qBAAqB,CAAC,cAAsB;QAC1C,OAAO,eAAe,cAAc,EAAE,CAAA;IACxC,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,WAAW;QACf,OAAO,MAAM,IAAI,CAAC,SAAS,CAAC,WAAW,EAAE,CAAA;IAC3C,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,UAAU;QACd,sEAAsE;QACtE,gEAAgE;IAClE,CAAC;IAED;;OAEG;IACH,qBAAqB;QACnB,OAAO,EAAE,GAAG,IAAI,CAAC,kBAAkB,EAAE,CAAA;IACvC,CAAC;IAED;;OAEG;IACH,mBAAmB,CAAC,SAAyC;QAC3D,IAAI,SAAS,CAAC,SAAS,EAAE,CAAC;YACxB,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,SAAS,CAAC,SAAS,CAAC,CAAA;YACzD,6CAA6C;YAC7C,IAAI,CAAC,cAAc,CAAC,YAAY,GAAG,EAAE,CAAA;YACrC,IAAI,CAAC,cAAc,CAAC,UAAU,GAAG,KAAK,CAAA;QACxC,CAAC;QAED,IAAI,SAAS,CAAC,cAAc,EAAE,CAAC;YAC7B,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,cAAc,EAAE,SAAS,CAAC,cAAc,CAAC,CAAA;QACrE,CAAC;IACH,CAAC;IAED;;OAEG;IACH,YAAY;QACV,IAAI,CAAC,kBAAkB,CAAC,aAAa,GAAG,CAAC,CAAA;QACzC,IAAI,CAAC,kBAAkB,CAAC,kBAAkB,GAAG,CAAC,CAAA;QAC9C,IAAI,CAAC,kBAAkB,CAAC,aAAa,GAAG,CAAC,CAAA;QACzC,IAAI,CAAC,kBAAkB,CAAC,cAAc,GAAG,CAAC,CAAA;QAC1C,IAAI,CAAC,kBAAkB,CAAC,qBAAqB,GAAG,CAAC,CAAA;IACnD,CAAC;IAED;;OAEG;IACH,kBAAkB;QAKhB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;QACtB,MAAM,YAAY,GAAG,GAAG,GAAG,IAAI,CAAA;QAE/B,MAAM,eAAe,GAAG,IAAI,CAAC,cAAc,CAAC,YAAY,CAAC,MAAM,CAC7D,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,GAAG,YAAY,CAC9B,CAAC,MAAM,CAAA;QAER,MAAM,cAAc,GAAG,IAAI,CAAC,cAAc,CAAC,UAAU;YACnD,CAAC,CAAC,IAAI,CAAC,GAAG,CACN,CAAC,EACD,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,cAAc,GAAG,CAAC,GAAG,GAAG,IAAI,CAAC,cAAc,CAAC,gBAAgB,CAAC,CACpF;YACH,CAAC,CAAC,CAAC,CAAA;QAEL,OAAO;YACL,eAAe;YACf,YAAY,EAAE,IAAI,CAAC,cAAc,CAAC,UAAU;YAC5C,cAAc;SACf,CAAA;IACH,CAAC;CACF;AA7VD,0CA6VC"}

package/dist/infrastructure/security/SecurityIncidentManager.d.ts ADDED Viewed

@@ -0,0 +1,142 @@
+/**
+ * Security Incident Manager
+ * Detects, tracks, and reports security anomalies in prompt orchestration
+ * Provides automatic pattern detection and incident management
+ */
+/**
+ * Security anomaly detection result
+ */
+export interface AnomalyDetectionResult {
+    /** Whether anomalies were detected */
+    hasAnomalies: boolean;
+    /** Number of anomalies found */
+    anomalyCount: number;
+    /** Risk assessment level */
+    riskLevel: 'low' | 'medium' | 'high' | 'critical';
+    /** Description of detected anomalies */
+    description: string;
+}
+/**
+ * Error pattern tracking result
+ */
+export interface ErrorPatternResult {
+    /** Number of consecutive errors */
+    consecutiveErrors: number;
+    /** Type of error pattern detected */
+    errorPattern: string;
+    /** Whether this pattern requires incident reporting */
+    requiresIncident: boolean;
+}
+/**
+ * Security incident data structure
+ */
+export interface SecurityIncident {
+    /** Unique incident identifier */
+    id: string;
+    /** Type of security incident */
+    type: 'anomaly_detection' | 'error_pattern_anomaly' | 'suspicious_activity';
+    /** Risk level of the incident */
+    riskLevel: 'low' | 'medium' | 'high' | 'critical';
+    /** Timestamp when incident occurred */
+    timestamp: string;
+    /** Additional incident details */
+    details: Record<string, unknown>;
+    /** Source component that triggered the incident */
+    source: string;
+}
+/**
+ * Prompt processing context for anomaly detection
+ */
+export interface ProcessingContext {
+    /** The prompt being processed */
+    prompt: string;
+    /** Processing timestamp */
+    timestamp: string;
+    /** Phase where anomaly was detected */
+    phase?: string;
+    /** Additional context metadata */
+    metadata?: Record<string, unknown>;
+}
+/**
+ * Log level for automatic adjustment
+ */
+export type LogLevel = 'debug' | 'info' | 'warn' | 'error' | 'critical';
+/**
+ * SecurityIncidentManager provides comprehensive security monitoring
+ * for the prompt orchestration system
+ */
+export declare class SecurityIncidentManager {
+    private errorPatternTracker;
+    private recentIncidents;
+    private currentLogLevel;
+    private maxIncidentHistory;
+    private sensitiveDataPatterns;
+    constructor();
+    /**
+     * Initialize patterns for detecting sensitive data
+     * Used for data protection in logging and incident reporting
+     */
+    private initializeSensitiveDataPatterns;
+    /**
+     * Detect anomalies in prompt processing context
+     * Analyzes prompts and context for suspicious patterns
+     */
+    detectAnomalies(context: ProcessingContext): AnomalyDetectionResult;
+    /**
+     * Track error patterns and detect consecutive failures
+     * Helps identify systematic issues or potential attacks
+     */
+    trackErrorPattern(errorType: string): ErrorPatternResult;
+    /**
+     * Report a security incident
+     * Creates incident record and triggers appropriate responses
+     */
+    reportIncident(incident: Omit<SecurityIncident, 'id' | 'timestamp'>): SecurityIncident;
+    /**
+     * Automatically adjust log level based on incident severity
+     * Higher severity incidents increase logging verbosity
+     */
+    adjustLogLevel(riskLevel: SecurityIncident['riskLevel']): void;
+    /**
+     * Determine if log level should be upgraded
+     */
+    private shouldUpgradeLogLevel;
+    /**
+     * Log incident with structured format and data protection
+     */
+    private logIncident;
+    /**
+     * Sanitize incident data to remove sensitive information
+     */
+    private sanitizeIncidentData;
+    /**
+     * Recursively sanitize an object to remove sensitive data
+     */
+    private sanitizeObjectRecursively;
+    /**
+     * Redact sensitive data from text using pattern matching
+     */
+    private redactSensitiveData;
+    /**
+     * Generate unique incident ID
+     */
+    private generateIncidentId;
+    /**
+     * Generate hash for prompt comparison
+     */
+    private hashPrompt;
+    /**
+     * Get current security status
+     */
+    getSecurityStatus(): {
+        currentLogLevel: LogLevel;
+        recentIncidentCount: number;
+        activeErrorPatterns: Record<string, number>;
+    };
+    /**
+     * Reset security tracking state
+     * Useful for testing or system reset scenarios
+     */
+    reset(): void;
+}
+//# sourceMappingURL=SecurityIncidentManager.d.ts.map

package/dist/infrastructure/security/SecurityIncidentManager.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"SecurityIncidentManager.d.ts","sourceRoot":"","sources":["../../../src/infrastructure/security/SecurityIncidentManager.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH;;GAEG;AACH,MAAM,WAAW,sBAAsB;IACrC,sCAAsC;IACtC,YAAY,EAAE,OAAO,CAAA;IACrB,gCAAgC;IAChC,YAAY,EAAE,MAAM,CAAA;IACpB,4BAA4B;IAC5B,SAAS,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAA;IACjD,wCAAwC;IACxC,WAAW,EAAE,MAAM,CAAA;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,mCAAmC;IACnC,iBAAiB,EAAE,MAAM,CAAA;IACzB,qCAAqC;IACrC,YAAY,EAAE,MAAM,CAAA;IACpB,uDAAuD;IACvD,gBAAgB,EAAE,OAAO,CAAA;CAC1B;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,iCAAiC;IACjC,EAAE,EAAE,MAAM,CAAA;IACV,gCAAgC;IAChC,IAAI,EAAE,mBAAmB,GAAG,uBAAuB,GAAG,qBAAqB,CAAA;IAC3E,iCAAiC;IACjC,SAAS,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAA;IACjD,uCAAuC;IACvC,SAAS,EAAE,MAAM,CAAA;IACjB,kCAAkC;IAClC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;IAChC,mDAAmD;IACnD,MAAM,EAAE,MAAM,CAAA;CACf;AAED;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,iCAAiC;IACjC,MAAM,EAAE,MAAM,CAAA;IACd,2BAA2B;IAC3B,SAAS,EAAE,MAAM,CAAA;IACjB,uCAAuC;IACvC,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,kCAAkC;IAClC,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;CACnC;AAED;;GAEG;AACH,MAAM,MAAM,QAAQ,GAAG,OAAO,GAAG,MAAM,GAAG,MAAM,GAAG,OAAO,GAAG,UAAU,CAAA;AAEvE;;;GAGG;AACH,qBAAa,uBAAuB;IAClC,OAAO,CAAC,mBAAmB,CAAqB;IAChD,OAAO,CAAC,eAAe,CAAoB;IAC3C,OAAO,CAAC,eAAe,CAAU;IACjC,OAAO,CAAC,kBAAkB,CAAQ;IAClC,OAAO,CAAC,qBAAqB,CAAe;;IAU5C;;;OAGG;IACH,OAAO,CAAC,+BAA+B;IAWvC;;;OAGG;IACH,eAAe,CAAC,OAAO,EAAE,iBAAiB,GAAG,sBAAsB;IA6DnE;;;OAGG;IACH,iBAAiB,CAAC,SAAS,EAAE,MAAM,GAAG,kBAAkB;IAwBxD;;;OAGG;IACH,cAAc,CAAC,QAAQ,EAAE,IAAI,CAAC,gBAAgB,EAAE,IAAI,GAAG,WAAW,CAAC,GAAG,gBAAgB;IAwBtF;;;OAGG;IACH,cAAc,CAAC,SAAS,EAAE,gBAAgB,CAAC,WAAW,CAAC,GAAG,IAAI;IAgB9D;;OAEG;IACH,OAAO,CAAC,qBAAqB;IAY7B;;OAEG;IACH,OAAO,CAAC,WAAW;IAmBnB;;OAEG;IACH,OAAO,CAAC,oBAAoB;IAW5B;;OAEG;IACH,OAAO,CAAC,yBAAyB;IAUjC;;OAEG;IACH,OAAO,CAAC,mBAAmB;IAU3B;;OAEG;IACH,OAAO,CAAC,kBAAkB;IAI1B;;OAEG;IACH,OAAO,CAAC,UAAU;IAWlB;;OAEG;IACH,iBAAiB,IAAI;QACnB,eAAe,EAAE,QAAQ,CAAA;QACzB,mBAAmB,EAAE,MAAM,CAAA;QAC3B,mBAAmB,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;KAC5C;IAUD;;;OAGG;IACH,KAAK,IAAI,IAAI;CAKd"}