npm - mcp-image - Versions diffs - 0.1.0 → 0.2.0 - Mend

mcp-image 0.1.0 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (178) hide show

package/dist/infrastructure/security/apiKeyManager.js ADDED Viewed

@@ -0,0 +1,254 @@
+"use strict";
+/**
+ * API Key Manager - Secure API key management with rotation and access control
+ * Provides separation, protection, and automated management of API keys
+ * Addresses SECURITY1 test case requirements
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.APIKeyManager = exports.UnauthorizedAPIAccessError = exports.RestrictionType = exports.SuspiciousActivityType = void 0;
+/**
+ * Types of suspicious activity
+ */
+var SuspiciousActivityType;
+(function (SuspiciousActivityType) {
+    SuspiciousActivityType["UNUSUAL_ACCESS_PATTERN"] = "unusual_access_pattern";
+    SuspiciousActivityType["EXCESSIVE_USAGE"] = "excessive_usage";
+    SuspiciousActivityType["UNAUTHORIZED_LOCATION"] = "unauthorized_location";
+    SuspiciousActivityType["INVALID_PERMISSIONS"] = "invalid_permissions";
+    SuspiciousActivityType["RAPID_SUCCESSION_REQUESTS"] = "rapid_succession_requests";
+})(SuspiciousActivityType || (exports.SuspiciousActivityType = SuspiciousActivityType = {}));
+/**
+ * Types of authorization restrictions
+ */
+var RestrictionType;
+(function (RestrictionType) {
+    RestrictionType["TIME_BASED"] = "time_based";
+    RestrictionType["IP_BASED"] = "ip_based";
+    RestrictionType["RATE_LIMIT"] = "rate_limit";
+    RestrictionType["OPERATION_BASED"] = "operation_based";
+    RestrictionType["USER_BASED"] = "user_based";
+})(RestrictionType || (exports.RestrictionType = RestrictionType = {}));
+/**
+ * Unauthorized API access error
+ */
+class UnauthorizedAPIAccessError extends Error {
+    constructor(reason) {
+        super(`Unauthorized API access: ${reason}`);
+        this.name = 'UnauthorizedAPIAccessError';
+    }
+}
+exports.UnauthorizedAPIAccessError = UnauthorizedAPIAccessError;
+/**
+ * API Key Manager implementation
+ */
+class APIKeyManager {
+    constructor(keyVault, rotationScheduler, accessLogger) {
+        this.keyVault = keyVault;
+        this.rotationScheduler = rotationScheduler;
+        this.accessLogger = accessLogger;
+    }
+    /**
+     * Get secure API key with authorization validation
+     */
+    async getAPIKey(service, operation, sessionId) {
+        // Validate operation is authorized for this key
+        const authorization = await this.validateKeyAuthorization(service, operation);
+        if (!authorization.allowed) {
+            throw new UnauthorizedAPIAccessError(authorization.reason || 'Access denied');
+        }
+        // Get appropriate key for service
+        const keyInfo = await this.keyVault.retrieveKey(service);
+        // Check if key is expired
+        if (keyInfo.expiresAt < Date.now()) {
+            throw new UnauthorizedAPIAccessError('API key has expired');
+        }
+        // Log access for security monitoring
+        await this.accessLogger.logKeyAccess({
+            service,
+            operation,
+            timestamp: Date.now(),
+            keyId: keyInfo.keyId,
+            ...(sessionId && { sessionId }),
+            success: true,
+        });
+        return {
+            key: keyInfo.key,
+            expiresAt: keyInfo.expiresAt,
+            permissions: keyInfo.permissions,
+            keyId: keyInfo.keyId,
+            usageTracking: this.createUsageTracker(keyInfo.keyId),
+        };
+    }
+    /**
+     * Rotate API keys according to schedule
+     */
+    async rotateAPIKeys(schedule) {
+        const results = [];
+        for (const service of schedule.services) {
+            try {
+                const oldKey = await this.keyVault.retrieveKey(service);
+                const newKey = await this.generateNewKey(service, oldKey.permissions);
+                // Gradual rotation with fallback period
+                await this.initiateGradualRotation(oldKey, newKey);
+                results.push({
+                    service,
+                    success: true,
+                    newKeyId: newKey.keyId,
+                    rotationTimestamp: Date.now(),
+                    fallbackPeriodMs: 300000, // 5 minutes fallback
+                });
+            }
+            catch (error) {
+                const errorMessage = error instanceof Error ? error.message : 'Unknown error';
+                results.push({
+                    service,
+                    success: false,
+                    error: errorMessage,
+                });
+            }
+        }
+        return {
+            rotations: results,
+            overallSuccess: results.every((r) => r.success),
+            timestamp: Date.now(),
+            errors: results
+                .filter((r) => !r.success)
+                .map((r) => r.error)
+                .filter(Boolean),
+        };
+    }
+    /**
+     * Validate key authorization for operation
+     */
+    async validateKeyAuthorization(service, operation) {
+        try {
+            const keyInfo = await this.keyVault.retrieveKey(service);
+            // Check if operation is allowed for this key
+            if (!keyInfo.permissions.includes(operation) && !keyInfo.permissions.includes('*')) {
+                return {
+                    allowed: false,
+                    reason: `Operation '${operation}' not permitted for service '${service}'`,
+                    permissions: keyInfo.permissions,
+                    restrictions: [],
+                };
+            }
+            return {
+                allowed: true,
+                permissions: keyInfo.permissions,
+                restrictions: [],
+            };
+        }
+        catch (error) {
+            return {
+                allowed: false,
+                reason: `Key not found for service '${service}'`,
+                permissions: [],
+                restrictions: [],
+            };
+        }
+    }
+    /**
+     * Generate new key for service
+     */
+    async generateNewKey(service, permissions) {
+        // In a real implementation, this would generate a secure key
+        const newKey = this.generateSecureKey();
+        const keyId = this.generateKeyId();
+        const expiresAt = Date.now() + 90 * 24 * 60 * 60 * 1000; // 90 days
+        await this.keyVault.storeKey(service, newKey, permissions, expiresAt);
+        return {
+            keyId,
+            key: newKey,
+            permissions,
+            createdAt: Date.now(),
+            expiresAt,
+            usageCount: 0,
+        };
+    }
+    /**
+     * Initiate gradual rotation with fallback period
+     */
+    async initiateGradualRotation(oldKey, newKey) {
+        // Implementation would handle gradual transition
+        // For now, just log the rotation
+        console.log(`Rotating key ${oldKey.keyId} to ${newKey.keyId}`);
+    }
+    /**
+     * Create usage tracker for key
+     */
+    createUsageTracker(keyId) {
+        return {
+            trackUsage: (operation, _metadata) => {
+                // Implementation would track usage statistics
+                console.log(`Tracking usage for key ${keyId}, operation: ${operation}`);
+            },
+            getUsageStats: (_timeRange) => ({
+                totalRequests: 0,
+                successfulRequests: 0,
+                failedRequests: 0,
+                averageResponseTime: 0,
+                rateLimitHits: 0,
+                costEstimate: 0,
+            }),
+            resetStats: () => {
+                console.log(`Reset stats for key ${keyId}`);
+            },
+            isRateLimited: () => false,
+        };
+    }
+    /**
+     * Generate secure random key
+     */
+    generateSecureKey() {
+        // In production, use cryptographically secure random generation
+        return Array.from({ length: 32 }, () => Math.random().toString(36).charAt(2)).join('');
+    }
+    /**
+     * Generate unique key identifier
+     */
+    generateKeyId() {
+        return `key_${Date.now()}_${Math.random().toString(36).slice(2)}`;
+    }
+    /**
+     * Get key rotation status
+     */
+    async getRotationStatus(service) {
+        const schedule = await this.rotationScheduler.getRotationSchedule(service);
+        return {
+            scheduled: schedule !== null,
+            ...(schedule?.nextRotationAt && { nextRotation: schedule.nextRotationAt }),
+            // lastRotation would be tracked in real implementation
+        };
+    }
+    /**
+     * Security audit of key usage
+     */
+    async auditKeyUsage(service, timeRange) {
+        const keyInfo = await this.keyVault.retrieveKey(service);
+        const accessHistory = await this.accessLogger.getAccessHistory(keyInfo.keyId, timeRange);
+        const suspiciousActivity = await this.accessLogger.detectSuspiciousActivity(keyInfo.keyId);
+        return {
+            totalAccess: accessHistory.length,
+            suspiciousActivity,
+            accessHistory,
+        };
+    }
+    /**
+     * Emergency key revocation
+     */
+    async emergencyRevocation(service, reason) {
+        await this.keyVault.removeKey(service);
+        await this.rotationScheduler.cancelRotation(service);
+        // Log security event
+        await this.accessLogger.logKeyAccess({
+            service,
+            operation: 'EMERGENCY_REVOCATION',
+            timestamp: Date.now(),
+            keyId: `revoked_${Date.now()}`,
+            success: true,
+        });
+        console.log(`Emergency revocation completed for service ${service}: ${reason}`);
+    }
+}
+exports.APIKeyManager = APIKeyManager;
+//# sourceMappingURL=apiKeyManager.js.map

package/dist/infrastructure/security/apiKeyManager.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"apiKeyManager.js","sourceRoot":"","sources":["../../../src/infrastructure/security/apiKeyManager.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;;AA4DH;;GAEG;AACH,IAAY,sBAMX;AAND,WAAY,sBAAsB;IAChC,2EAAiD,CAAA;IACjD,6DAAmC,CAAA;IACnC,yEAA+C,CAAA;IAC/C,qEAA2C,CAAA;IAC3C,iFAAuD,CAAA;AACzD,CAAC,EANW,sBAAsB,sCAAtB,sBAAsB,QAMjC;AAoLD;;GAEG;AACH,IAAY,eAMX;AAND,WAAY,eAAe;IACzB,4CAAyB,CAAA;IACzB,wCAAqB,CAAA;IACrB,4CAAyB,CAAA;IACzB,sDAAmC,CAAA;IACnC,4CAAyB,CAAA;AAC3B,CAAC,EANW,eAAe,+BAAf,eAAe,QAM1B;AAED;;GAEG;AACH,MAAa,0BAA2B,SAAQ,KAAK;IACnD,YAAY,MAAc;QACxB,KAAK,CAAC,4BAA4B,MAAM,EAAE,CAAC,CAAA;QAC3C,IAAI,CAAC,IAAI,GAAG,4BAA4B,CAAA;IAC1C,CAAC;CACF;AALD,gEAKC;AAED;;GAEG;AACH,MAAa,aAAa;IAKxB,YACE,QAAwB,EACxB,iBAAuC,EACvC,YAAgC;QAEhC,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAA;QACxB,IAAI,CAAC,iBAAiB,GAAG,iBAAiB,CAAA;QAC1C,IAAI,CAAC,YAAY,GAAG,YAAY,CAAA;IAClC,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,SAAS,CAAC,OAAe,EAAE,SAAiB,EAAE,SAAkB;QACpE,gDAAgD;QAChD,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,wBAAwB,CAAC,OAAO,EAAE,SAAS,CAAC,CAAA;QAC7E,IAAI,CAAC,aAAa,CAAC,OAAO,EAAE,CAAC;YAC3B,MAAM,IAAI,0BAA0B,CAAC,aAAa,CAAC,MAAM,IAAI,eAAe,CAAC,CAAA;QAC/E,CAAC;QAED,kCAAkC;QAClC,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,OAAO,CAAC,CAAA;QAExD,0BAA0B;QAC1B,IAAI,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;YACnC,MAAM,IAAI,0BAA0B,CAAC,qBAAqB,CAAC,CAAA;QAC7D,CAAC;QAED,qCAAqC;QACrC,MAAM,IAAI,CAAC,YAAY,CAAC,YAAY,CAAC;YACnC,OAAO;YACP,SAAS;YACT,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;YACrB,KAAK,EAAE,OAAO,CAAC,KAAK;YACpB,GAAG,CAAC,SAAS,IAAI,EAAE,SAAS,EAAE,CAAC;YAC/B,OAAO,EAAE,IAAI;SACd,CAAC,CAAA;QAEF,OAAO;YACL,GAAG,EAAE,OAAO,CAAC,GAAG;YAChB,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,WAAW,EAAE,OAAO,CAAC,WAAW;YAChC,KAAK,EAAE,OAAO,CAAC,KAAK;YACpB,aAAa,EAAE,IAAI,CAAC,kBAAkB,CAAC,OAAO,CAAC,KAAK,CAAC;SACtD,CAAA;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,aAAa,CAAC,QAA0B;QAC5C,MAAM,OAAO,GAA4B,EAAE,CAAA;QAE3C,KAAK,MAAM,OAAO,IAAI,QAAQ,CAAC,QAAQ,EAAE,CAAC;YACxC,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,OAAO,CAAC,CAAA;gBACvD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,MAAM,CAAC,WAAW,CAAC,CAAA;gBAErE,wCAAwC;gBACxC,MAAM,IAAI,CAAC,uBAAuB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;gBAElD,OAAO,CAAC,IAAI,CAAC;oBACX,OAAO;oBACP,OAAO,EAAE,IAAI;oBACb,QAAQ,EAAE,MAAM,CAAC,KAAK;oBACtB,iBAAiB,EAAE,IAAI,CAAC,GAAG,EAAE;oBAC7B,gBAAgB,EAAE,MAAM,EAAE,qBAAqB;iBAChD,CAAC,CAAA;YACJ,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,MAAM,YAAY,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,CAAA;gBAC7E,OAAO,CAAC,IAAI,CAAC;oBACX,OAAO;oBACP,OAAO,EAAE,KAAK;oBACd,KAAK,EAAE,YAAY;iBACpB,CAAC,CAAA;YACJ,CAAC;QACH,CAAC;QAED,OAAO;YACL,SAAS,EAAE,OAAO;YAClB,cAAc,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC;YAC/C,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;YACrB,MAAM,EAAE,OAAO;iBACZ,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC;iBACzB,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC;iBACnB,MAAM,CAAC,OAAO,CAAa;SAC/B,CAAA;IACH,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,wBAAwB,CACpC,OAAe,EACf,SAAiB;QAEjB,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,OAAO,CAAC,CAAA;YAExD,6CAA6C;YAC7C,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;gBACnF,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,MAAM,EAAE,cAAc,SAAS,gCAAgC,OAAO,GAAG;oBACzE,WAAW,EAAE,OAAO,CAAC,WAAW;oBAChC,YAAY,EAAE,EAAE;iBACjB,CAAA;YACH,CAAC;YAED,OAAO;gBACL,OAAO,EAAE,IAAI;gBACb,WAAW,EAAE,OAAO,CAAC,WAAW;gBAChC,YAAY,EAAE,EAAE;aACjB,CAAA;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,MAAM,EAAE,8BAA8B,OAAO,GAAG;gBAChD,WAAW,EAAE,EAAE;gBACf,YAAY,EAAE,EAAE;aACjB,CAAA;QACH,CAAC;IACH,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,cAAc,CAAC,OAAe,EAAE,WAAqB;QACjE,6DAA6D;QAC7D,MAAM,MAAM,GAAG,IAAI,CAAC,iBAAiB,EAAE,CAAA;QACvC,MAAM,KAAK,GAAG,IAAI,CAAC,aAAa,EAAE,CAAA;QAClC,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAA,CAAC,UAAU;QAElE,MAAM,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,SAAS,CAAC,CAAA;QAErE,OAAO;YACL,KAAK;YACL,GAAG,EAAE,MAAM;YACX,WAAW;YACX,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;YACrB,SAAS;YACT,UAAU,EAAE,CAAC;SACd,CAAA;IACH,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,uBAAuB,CACnC,MAAqB,EACrB,MAAqB;QAErB,iDAAiD;QACjD,iCAAiC;QACjC,OAAO,CAAC,GAAG,CAAC,gBAAgB,MAAM,CAAC,KAAK,OAAO,MAAM,CAAC,KAAK,EAAE,CAAC,CAAA;IAChE,CAAC;IAED;;OAEG;IACK,kBAAkB,CAAC,KAAa;QACtC,OAAO;YACL,UAAU,EAAE,CAAC,SAAiB,EAAE,SAAmC,EAAE,EAAE;gBACrE,8CAA8C;gBAC9C,OAAO,CAAC,GAAG,CAAC,0BAA0B,KAAK,gBAAgB,SAAS,EAAE,CAAC,CAAA;YACzE,CAAC;YACD,aAAa,EAAE,CAAC,UAAqB,EAAE,EAAE,CAAC,CAAC;gBACzC,aAAa,EAAE,CAAC;gBAChB,kBAAkB,EAAE,CAAC;gBACrB,cAAc,EAAE,CAAC;gBACjB,mBAAmB,EAAE,CAAC;gBACtB,aAAa,EAAE,CAAC;gBAChB,YAAY,EAAE,CAAC;aAChB,CAAC;YACF,UAAU,EAAE,GAAG,EAAE;gBACf,OAAO,CAAC,GAAG,CAAC,uBAAuB,KAAK,EAAE,CAAC,CAAA;YAC7C,CAAC;YACD,aAAa,EAAE,GAAG,EAAE,CAAC,KAAK;SAC3B,CAAA;IACH,CAAC;IAED;;OAEG;IACK,iBAAiB;QACvB,gEAAgE;QAChE,OAAO,KAAK,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,EAAE,EAAE,EAAE,GAAG,EAAE,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;IACxF,CAAC;IAED;;OAEG;IACK,aAAa;QACnB,OAAO,OAAO,IAAI,CAAC,GAAG,EAAE,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAA;IACnE,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,iBAAiB,CAAC,OAAe;QAKrC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,mBAAmB,CAAC,OAAO,CAAC,CAAA;QAC1E,OAAO;YACL,SAAS,EAAE,QAAQ,KAAK,IAAI;YAC5B,GAAG,CAAC,QAAQ,EAAE,cAAc,IAAI,EAAE,YAAY,EAAE,QAAQ,CAAC,cAAc,EAAE,CAAC;YAC1E,uDAAuD;SACxD,CAAA;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,aAAa,CACjB,OAAe,EACf,SAAoB;QAMpB,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,OAAO,CAAC,CAAA;QACxD,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,gBAAgB,CAAC,OAAO,CAAC,KAAK,EAAE,SAAS,CAAC,CAAA;QACxF,MAAM,kBAAkB,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,wBAAwB,CAAC,OAAO,CAAC,KAAK,CAAC,CAAA;QAE1F,OAAO;YACL,WAAW,EAAE,aAAa,CAAC,MAAM;YACjC,kBAAkB;YAClB,aAAa;SACd,CAAA;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,mBAAmB,CAAC,OAAe,EAAE,MAAc;QACvD,MAAM,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,OAAO,CAAC,CAAA;QACtC,MAAM,IAAI,CAAC,iBAAiB,CAAC,cAAc,CAAC,OAAO,CAAC,CAAA;QAEpD,qBAAqB;QACrB,MAAM,IAAI,CAAC,YAAY,CAAC,YAAY,CAAC;YACnC,OAAO;YACP,SAAS,EAAE,sBAAsB;YACjC,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;YACrB,KAAK,EAAE,WAAW,IAAI,CAAC,GAAG,EAAE,EAAE;YAC9B,OAAO,EAAE,IAAI;SACd,CAAC,CAAA;QAEF,OAAO,CAAC,GAAG,CAAC,8CAA8C,OAAO,KAAK,MAAM,EAAE,CAAC,CAAA;IACjF,CAAC;CACF;AAjQD,sCAiQC"}

package/dist/infrastructure/security/dataSanitizer.d.ts ADDED Viewed

@@ -0,0 +1,157 @@
+/**
+ * Data Sanitizer - Comprehensive threat detection and prompt sanitization
+ * Detects and mitigates security threats in user prompts and data
+ * Addresses SECURITY2 test case requirements
+ */
+import { type SanitizedPrompt, SecurityAction, SecuritySeverity, ThreatType } from './OrchestrationSecurityMiddleware';
+/**
+ * Threat detection result
+ */
+export interface ThreatDetectionResult {
+    threatType: ThreatType;
+    threatsFound: ThreatMatch[];
+    confidence: number;
+    severity: SecuritySeverity;
+}
+/**
+ * Individual threat match
+ */
+export interface ThreatMatch {
+    pattern: string;
+    severity: SecuritySeverity;
+    location: ThreatLocation;
+    matchedText: string;
+    context: string;
+}
+/**
+ * Location of threat in content
+ */
+export interface ThreatLocation {
+    start: number;
+    end: number;
+    line?: number;
+    column?: number;
+}
+/**
+ * Threat detector interface
+ */
+export interface ThreatDetector {
+    detect(content: string): Promise<ThreatDetectionResult>;
+    getPatterns(): SecurityPattern[];
+    updatePatterns(patterns: SecurityPattern[]): void;
+}
+/**
+ * Security pattern for threat detection
+ */
+export interface SecurityPattern {
+    id: string;
+    pattern: RegExp;
+    threatType: ThreatType;
+    severity: SecuritySeverity;
+    description: string;
+    action: SecurityAction;
+    confidence: number;
+}
+/**
+ * Sanitization rule for content cleaning
+ */
+export interface SanitizationRule {
+    id: string;
+    threatType: ThreatType;
+    pattern: RegExp;
+    replacement: string | ((match: string) => string);
+    preserveContext: boolean;
+    logModification: boolean;
+}
+/**
+ * Content policy validator
+ */
+export interface ContentPolicyValidator {
+    validate(content: string): Promise<ContentPolicyResult>;
+    getViolations(content: string): Promise<PolicyViolation[]>;
+}
+/**
+ * Content policy validation result
+ */
+export interface ContentPolicyResult {
+    allowed: boolean;
+    violations: PolicyViolation[];
+    score: number;
+    recommendations: string[];
+}
+/**
+ * Individual policy violation
+ */
+export interface PolicyViolation {
+    type: string;
+    severity: SecuritySeverity;
+    description: string;
+    location: ThreatLocation;
+    suggestedFix: string;
+}
+/**
+ * Data Sanitizer - Main implementation
+ */
+export declare class DataSanitizer {
+    private threatDetectors;
+    private sanitizationRules;
+    private contentPolicyValidator;
+    constructor();
+    /**
+     * Sanitize prompt data with comprehensive threat detection
+     */
+    sanitizePromptData(prompt: string): Promise<SanitizedPrompt>;
+    /**
+     * Detect prompt injection attempts
+     */
+    private detectPromptInjection;
+    /**
+     * Detect sensitive data exposure
+     */
+    private detectSensitiveData;
+    /**
+     * Detect malicious patterns
+     */
+    private detectMaliciousPatterns;
+    /**
+     * Validate content policy
+     */
+    private validateContentPolicy;
+    /**
+     * Apply sanitization for specific threat type
+     */
+    private applySanitizationForThreatType;
+    /**
+     * Create sanitization rules
+     */
+    private createSanitizationRules;
+    /**
+     * Create content policy validator
+     */
+    private createContentPolicyValidator;
+    /**
+     * Get policy violations
+     */
+    private getViolations;
+    /**
+     * Compare security severities
+     */
+    private compareSeverity;
+    /**
+     * Quick threat check after sanitization
+     */
+    private quickThreatCheck;
+    /**
+     * Get sanitization statistics
+     */
+    getSanitizationStats(): {
+        totalRules: number;
+        detectors: string[];
+        supportedThreatTypes: ThreatType[];
+    };
+    /**
+     * Update threat detection patterns
+     */
+    updateThreatPatterns(threatType: ThreatType, patterns: SecurityPattern[]): void;
+}
+//# sourceMappingURL=dataSanitizer.d.ts.map

package/dist/infrastructure/security/dataSanitizer.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"dataSanitizer.d.ts","sourceRoot":"","sources":["../../../src/infrastructure/security/dataSanitizer.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EACL,KAAK,eAAe,EACpB,cAAc,EAEd,gBAAgB,EAEhB,UAAU,EACX,MAAM,mCAAmC,CAAA;AAE1C;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC,UAAU,EAAE,UAAU,CAAA;IACtB,YAAY,EAAE,WAAW,EAAE,CAAA;IAC3B,UAAU,EAAE,MAAM,CAAA;IAClB,QAAQ,EAAE,gBAAgB,CAAA;CAC3B;AAED;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,OAAO,EAAE,MAAM,CAAA;IACf,QAAQ,EAAE,gBAAgB,CAAA;IAC1B,QAAQ,EAAE,cAAc,CAAA;IACxB,WAAW,EAAE,MAAM,CAAA;IACnB,OAAO,EAAE,MAAM,CAAA;CAChB;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,KAAK,EAAE,MAAM,CAAA;IACb,GAAG,EAAE,MAAM,CAAA;IACX,IAAI,CAAC,EAAE,MAAM,CAAA;IACb,MAAM,CAAC,EAAE,MAAM,CAAA;CAChB;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,MAAM,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,qBAAqB,CAAC,CAAA;IACvD,WAAW,IAAI,eAAe,EAAE,CAAA;IAChC,cAAc,CAAC,QAAQ,EAAE,eAAe,EAAE,GAAG,IAAI,CAAA;CAClD;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,EAAE,EAAE,MAAM,CAAA;IACV,OAAO,EAAE,MAAM,CAAA;IACf,UAAU,EAAE,UAAU,CAAA;IACtB,QAAQ,EAAE,gBAAgB,CAAA;IAC1B,WAAW,EAAE,MAAM,CAAA;IACnB,MAAM,EAAE,cAAc,CAAA;IACtB,UAAU,EAAE,MAAM,CAAA;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,EAAE,EAAE,MAAM,CAAA;IACV,UAAU,EAAE,UAAU,CAAA;IACtB,OAAO,EAAE,MAAM,CAAA;IACf,WAAW,EAAE,MAAM,GAAG,CAAC,CAAC,KAAK,EAAE,MAAM,KAAK,MAAM,CAAC,CAAA;IACjD,eAAe,EAAE,OAAO,CAAA;IACxB,eAAe,EAAE,OAAO,CAAA;CACzB;AAED;;GAEG;AACH,MAAM,WAAW,sBAAsB;IACrC,QAAQ,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,mBAAmB,CAAC,CAAA;IACvD,aAAa,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC,CAAA;CAC3D;AAED;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,OAAO,EAAE,OAAO,CAAA;IAChB,UAAU,EAAE,eAAe,EAAE,CAAA;IAC7B,KAAK,EAAE,MAAM,CAAA;IACb,eAAe,EAAE,MAAM,EAAE,CAAA;CAC1B;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,MAAM,CAAA;IACZ,QAAQ,EAAE,gBAAgB,CAAA;IAC1B,WAAW,EAAE,MAAM,CAAA;IACnB,QAAQ,EAAE,cAAc,CAAA;IACxB,YAAY,EAAE,MAAM,CAAA;CACrB;AAuND;;GAEG;AACH,qBAAa,aAAa;IACxB,OAAO,CAAC,eAAe,CAAiC;IACxD,OAAO,CAAC,iBAAiB,CAAoB;IAC7C,OAAO,CAAC,sBAAsB,CAAwB;;IAYtD;;OAEG;IACG,kBAAkB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,CAAC;IAkElE;;OAEG;YACW,qBAAqB;IAanC;;OAEG;YACW,mBAAmB;IAajC;;OAEG;YACW,uBAAuB;IAsCrC;;OAEG;YACW,qBAAqB;IAsBnC;;OAEG;YACW,8BAA8B;IAuC5C;;OAEG;IACH,OAAO,CAAC,uBAAuB;IAqC/B;;OAEG;IACH,OAAO,CAAC,4BAA4B;IAqBpC;;OAEG;YACW,aAAa;IA+B3B;;OAEG;IACH,OAAO,CAAC,eAAe;IAUvB;;OAEG;YACW,gBAAgB;IAY9B;;OAEG;IACH,oBAAoB,IAAI;QACtB,UAAU,EAAE,MAAM,CAAA;QAClB,SAAS,EAAE,MAAM,EAAE,CAAA;QACnB,oBAAoB,EAAE,UAAU,EAAE,CAAA;KACnC;IAQD;;OAEG;IACH,oBAAoB,CAAC,UAAU,EAAE,UAAU,EAAE,QAAQ,EAAE,eAAe,EAAE,GAAG,IAAI;CAMhF"}