openclaw-node-harness 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (779) hide show
  1. package/LICENSE +21 -0
  2. package/README.md +184 -0
  3. package/bin/discord-read.js +228 -0
  4. package/bin/fleet-deploy.js +365 -0
  5. package/bin/lane-watchdog.js +232 -0
  6. package/bin/mesh-agent.js +714 -0
  7. package/bin/mesh-bridge.js +535 -0
  8. package/bin/mesh-deploy-listener.js +322 -0
  9. package/bin/mesh-deploy.js +1048 -0
  10. package/bin/mesh-health-publisher.js +247 -0
  11. package/bin/mesh-task-daemon.js +451 -0
  12. package/bin/mesh-tool-discord.js +293 -0
  13. package/bin/mesh.js +649 -0
  14. package/boot/manifest.yaml +187 -0
  15. package/cli.js +35 -0
  16. package/config/daemon.json.template +16 -0
  17. package/config/obsidian-sync.json.template +39 -0
  18. package/config/openclaw.json.template +124 -0
  19. package/config/transcript-sources.json.template +22 -0
  20. package/identity/AGENTS.md +201 -0
  21. package/identity/CLAUDE.md +64 -0
  22. package/identity/DELEGATION.md +304 -0
  23. package/identity/HEARTBEAT.md +163 -0
  24. package/identity/MEMORY_SPEC.md +368 -0
  25. package/identity/PRINCIPLES.md +81 -0
  26. package/identity/SOUL.md +48 -0
  27. package/identity/TOOLS.md +47 -0
  28. package/install.sh +895 -0
  29. package/lib/agent-activity.js +390 -0
  30. package/lib/kanban-io.js +352 -0
  31. package/lib/mesh-registry.js +194 -0
  32. package/lib/mesh-roles.js +13 -0
  33. package/lib/mesh-tasks.js +306 -0
  34. package/lib/nats-resolve.js +108 -0
  35. package/mission-control/README.md +36 -0
  36. package/mission-control/drizzle/0000_simple_silhouette.sql +62 -0
  37. package/mission-control/drizzle/meta/0000_snapshot.json +413 -0
  38. package/mission-control/drizzle/meta/_journal.json +13 -0
  39. package/mission-control/drizzle.config.ts +13 -0
  40. package/mission-control/eslint.config.mjs +18 -0
  41. package/mission-control/next.config.ts +7 -0
  42. package/mission-control/package-lock.json +10518 -0
  43. package/mission-control/package.json +49 -0
  44. package/mission-control/postcss.config.mjs +7 -0
  45. package/mission-control/public/file.svg +1 -0
  46. package/mission-control/public/globe.svg +1 -0
  47. package/mission-control/public/next.svg +1 -0
  48. package/mission-control/public/vercel.svg +1 -0
  49. package/mission-control/public/window.svg +1 -0
  50. package/mission-control/scripts/enrich-descriptions.js +193 -0
  51. package/mission-control/scripts/gen-chronology.js +102 -0
  52. package/mission-control/scripts/import-pipeline-v2.js +523 -0
  53. package/mission-control/scripts/import-pipeline.js +295 -0
  54. package/mission-control/src/app/api/activity/live/route.ts +27 -0
  55. package/mission-control/src/app/api/activity/route.ts +47 -0
  56. package/mission-control/src/app/api/burndown/route.ts +112 -0
  57. package/mission-control/src/app/api/critical-path/route.ts +159 -0
  58. package/mission-control/src/app/api/dependencies/route.ts +176 -0
  59. package/mission-control/src/app/api/memory/categories/route.ts +93 -0
  60. package/mission-control/src/app/api/memory/consolidate/route.ts +107 -0
  61. package/mission-control/src/app/api/memory/doc/route.ts +89 -0
  62. package/mission-control/src/app/api/memory/flush/route.ts +129 -0
  63. package/mission-control/src/app/api/memory/graph/route.ts +105 -0
  64. package/mission-control/src/app/api/memory/items/route.ts +86 -0
  65. package/mission-control/src/app/api/memory/list/route.ts +48 -0
  66. package/mission-control/src/app/api/memory/retrieve/route.ts +51 -0
  67. package/mission-control/src/app/api/memory/search/route.ts +143 -0
  68. package/mission-control/src/app/api/memory/sync/route.ts +23 -0
  69. package/mission-control/src/app/api/memory/wikilinks/route.ts +75 -0
  70. package/mission-control/src/app/api/mesh/events/route.ts +67 -0
  71. package/mission-control/src/app/api/mesh/nodes/route.ts +221 -0
  72. package/mission-control/src/app/api/mesh/tokens/route.ts +133 -0
  73. package/mission-control/src/app/api/projects/route.ts +102 -0
  74. package/mission-control/src/app/api/resolve-path/route.ts +92 -0
  75. package/mission-control/src/app/api/scheduler/tick/route.ts +38 -0
  76. package/mission-control/src/app/api/scheduler/waves/route.ts +54 -0
  77. package/mission-control/src/app/api/screenshot/route.ts +127 -0
  78. package/mission-control/src/app/api/settings/gateway/route.ts +92 -0
  79. package/mission-control/src/app/api/skills/[id]/health/route.ts +57 -0
  80. package/mission-control/src/app/api/skills/list/route.ts +41 -0
  81. package/mission-control/src/app/api/souls/[id]/evolution/route.ts +253 -0
  82. package/mission-control/src/app/api/souls/[id]/prompt/route.ts +205 -0
  83. package/mission-control/src/app/api/souls/[id]/propagate/route.ts +146 -0
  84. package/mission-control/src/app/api/souls/route.ts +174 -0
  85. package/mission-control/src/app/api/tasks/[id]/handoff/route.ts +115 -0
  86. package/mission-control/src/app/api/tasks/[id]/route.ts +266 -0
  87. package/mission-control/src/app/api/tasks/[id]/tree/route.ts +94 -0
  88. package/mission-control/src/app/api/tasks/route.ts +253 -0
  89. package/mission-control/src/app/api/tts/route.ts +47 -0
  90. package/mission-control/src/app/api/workspace/files/route.ts +88 -0
  91. package/mission-control/src/app/api/workspace/read/route.ts +73 -0
  92. package/mission-control/src/app/burndown/page.tsx +309 -0
  93. package/mission-control/src/app/calendar/page.tsx +839 -0
  94. package/mission-control/src/app/favicon.ico +0 -0
  95. package/mission-control/src/app/globals.css +67 -0
  96. package/mission-control/src/app/graph/page.tsx +352 -0
  97. package/mission-control/src/app/layout.tsx +35 -0
  98. package/mission-control/src/app/live/page.tsx +232 -0
  99. package/mission-control/src/app/memory/page.tsx +154 -0
  100. package/mission-control/src/app/mesh/page.tsx +457 -0
  101. package/mission-control/src/app/obsidian/page.tsx +252 -0
  102. package/mission-control/src/app/page.tsx +70 -0
  103. package/mission-control/src/app/roadmap/page.tsx +1757 -0
  104. package/mission-control/src/app/settings/page.tsx +260 -0
  105. package/mission-control/src/app/souls/page.tsx +573 -0
  106. package/mission-control/src/components/board/activity-timeline.tsx +96 -0
  107. package/mission-control/src/components/board/daily-board.tsx +373 -0
  108. package/mission-control/src/components/board/kanban-board.tsx +364 -0
  109. package/mission-control/src/components/board/kanban-column.tsx +105 -0
  110. package/mission-control/src/components/board/live-stream.tsx +116 -0
  111. package/mission-control/src/components/board/skill-health-card.tsx +128 -0
  112. package/mission-control/src/components/board/status-banner.tsx +124 -0
  113. package/mission-control/src/components/board/task-card.tsx +454 -0
  114. package/mission-control/src/components/board/unified-task-dialog.tsx +1043 -0
  115. package/mission-control/src/components/layout/resizable-layout.tsx +68 -0
  116. package/mission-control/src/components/layout/sidebar.tsx +90 -0
  117. package/mission-control/src/components/live/audio-spectrum.tsx +106 -0
  118. package/mission-control/src/components/live/chat-bubble.tsx +52 -0
  119. package/mission-control/src/components/live/chat-input.tsx +92 -0
  120. package/mission-control/src/components/memory/doc-reader.tsx +172 -0
  121. package/mission-control/src/components/memory/memory-list.tsx +169 -0
  122. package/mission-control/src/components/memory/search-bar.tsx +67 -0
  123. package/mission-control/src/components/memory/search-results.tsx +149 -0
  124. package/mission-control/src/components/obsidian/backlinks-panel.tsx +52 -0
  125. package/mission-control/src/components/obsidian/file-tree.tsx +186 -0
  126. package/mission-control/src/components/obsidian/local-graph.tsx +107 -0
  127. package/mission-control/src/components/obsidian/obsidian-graph.tsx +192 -0
  128. package/mission-control/src/components/obsidian/obsidian-reader.tsx +246 -0
  129. package/mission-control/src/lib/activity.ts +29 -0
  130. package/mission-control/src/lib/config.ts +21 -0
  131. package/mission-control/src/lib/db/index.ts +429 -0
  132. package/mission-control/src/lib/db/schema.ts +218 -0
  133. package/mission-control/src/lib/gateway-notify.ts +113 -0
  134. package/mission-control/src/lib/hooks.ts +536 -0
  135. package/mission-control/src/lib/memory/categories.ts +125 -0
  136. package/mission-control/src/lib/memory/entities.ts +482 -0
  137. package/mission-control/src/lib/memory/extract.ts +369 -0
  138. package/mission-control/src/lib/memory/retrieval.ts +281 -0
  139. package/mission-control/src/lib/memory/wikilinks.ts +147 -0
  140. package/mission-control/src/lib/nats.ts +126 -0
  141. package/mission-control/src/lib/parsers/clawvault-doc.ts +98 -0
  142. package/mission-control/src/lib/parsers/daily-log.ts +73 -0
  143. package/mission-control/src/lib/parsers/memory-md.ts +81 -0
  144. package/mission-control/src/lib/parsers/task-markdown.ts +459 -0
  145. package/mission-control/src/lib/parsers/transcript.ts +209 -0
  146. package/mission-control/src/lib/scheduler.ts +394 -0
  147. package/mission-control/src/lib/speech/use-speech-pipeline.ts +176 -0
  148. package/mission-control/src/lib/sync/memory.ts +224 -0
  149. package/mission-control/src/lib/sync/tasks.ts +271 -0
  150. package/mission-control/src/lib/tts/edge.ts +31 -0
  151. package/mission-control/src/lib/tts/google.ts +78 -0
  152. package/mission-control/src/lib/tts/index.ts +39 -0
  153. package/mission-control/src/lib/tts/types.ts +18 -0
  154. package/mission-control/tsconfig.json +42 -0
  155. package/obsidian-vault/.obsidian/app.json +10 -0
  156. package/obsidian-vault/.obsidian/community-plugins.json +8 -0
  157. package/obsidian-vault/.obsidian/graph.json +40 -0
  158. package/obsidian-vault/.obsidian/plugins/obsidian-local-rest-api/main.js +58769 -0
  159. package/obsidian-vault/.obsidian/plugins/obsidian-local-rest-api/manifest.json +10 -0
  160. package/obsidian-vault/.obsidian/plugins/obsidian-local-rest-api/styles.css +47 -0
  161. package/obsidian-vault/00-meta/.gitkeep +0 -0
  162. package/obsidian-vault/01-architecture/.gitkeep +0 -0
  163. package/obsidian-vault/02-smart-contracts/.gitkeep +0 -0
  164. package/obsidian-vault/03-backend/.gitkeep +0 -0
  165. package/obsidian-vault/04-mobile/.gitkeep +0 -0
  166. package/obsidian-vault/05-ar-mapping/.gitkeep +0 -0
  167. package/obsidian-vault/06-3d-assets/.gitkeep +0 -0
  168. package/obsidian-vault/07-sound-music/.gitkeep +0 -0
  169. package/obsidian-vault/08-lore/.gitkeep +0 -0
  170. package/obsidian-vault/09-quests-playthrough/.gitkeep +0 -0
  171. package/obsidian-vault/10-economy/.gitkeep +0 -0
  172. package/obsidian-vault/11-nft-assets/.gitkeep +0 -0
  173. package/obsidian-vault/12-nft-mechanics/.gitkeep +0 -0
  174. package/obsidian-vault/13-dao-guild-social/.gitkeep +0 -0
  175. package/obsidian-vault/14-game-progression/.gitkeep +0 -0
  176. package/obsidian-vault/15-analytics/.gitkeep +0 -0
  177. package/obsidian-vault/16-security/.gitkeep +0 -0
  178. package/obsidian-vault/17-devops/.gitkeep +0 -0
  179. package/obsidian-vault/18-marketplace/.gitkeep +0 -0
  180. package/obsidian-vault/19-decisions/.gitkeep +0 -0
  181. package/obsidian-vault/20-business-strategy/.gitkeep +0 -0
  182. package/obsidian-vault/21-legal-regulatory/.gitkeep +0 -0
  183. package/obsidian-vault/nodes/.gitkeep +0 -0
  184. package/openclaw.env.example +17 -0
  185. package/package.json +45 -0
  186. package/services/launchd/ai.openclaw.gateway.plist +59 -0
  187. package/services/launchd/ai.openclaw.lane-watchdog.plist +32 -0
  188. package/services/launchd/ai.openclaw.log-rotate.plist +28 -0
  189. package/services/launchd/ai.openclaw.memory-daemon.plist +36 -0
  190. package/services/launchd/ai.openclaw.mesh-agent.plist +38 -0
  191. package/services/launchd/ai.openclaw.mesh-bridge.plist +36 -0
  192. package/services/launchd/ai.openclaw.mesh-deploy-listener.plist +33 -0
  193. package/services/launchd/ai.openclaw.mesh-health-publisher.plist +29 -0
  194. package/services/launchd/ai.openclaw.mesh-task-daemon.plist +36 -0
  195. package/services/launchd/ai.openclaw.mesh-tool-discord.plist +36 -0
  196. package/services/launchd/ai.openclaw.mission-control.plist +41 -0
  197. package/services/service-manifest.json +13 -0
  198. package/services/systemd/openclaw-gateway.service +21 -0
  199. package/services/systemd/openclaw-lane-watchdog.service +21 -0
  200. package/services/systemd/openclaw-log-rotate.service +13 -0
  201. package/services/systemd/openclaw-log-rotate.timer +9 -0
  202. package/services/systemd/openclaw-memory-daemon.service +21 -0
  203. package/services/systemd/openclaw-mesh-agent.service +19 -0
  204. package/services/systemd/openclaw-mesh-bridge.service +21 -0
  205. package/services/systemd/openclaw-mesh-deploy-listener.service +23 -0
  206. package/services/systemd/openclaw-mesh-health-publisher.service +21 -0
  207. package/services/systemd/openclaw-mesh-task-daemon.service +21 -0
  208. package/services/systemd/openclaw-mesh-tool-discord.service +21 -0
  209. package/services/systemd/openclaw-mission-control.service +22 -0
  210. package/skills/1password/.clawhub/origin.json +7 -0
  211. package/skills/1password/SKILL.md +63 -0
  212. package/skills/1password/references/cli-examples.md +29 -0
  213. package/skills/1password/references/get-started.md +17 -0
  214. package/skills/acquisition-channel-advisor/SKILL.md +643 -0
  215. package/skills/acquisition-channel-advisor/examples/conversation-flow.md +531 -0
  216. package/skills/agent-browser/.clawhub/origin.json +7 -0
  217. package/skills/agent-browser/CONTRIBUTING.md +63 -0
  218. package/skills/agent-browser/SKILL.md +338 -0
  219. package/skills/agentic-compass/.clawhub/origin.json +7 -0
  220. package/skills/agentic-compass/README.md +96 -0
  221. package/skills/agentic-compass/SKILL.md +112 -0
  222. package/skills/agentic-compass/references/README.md +5 -0
  223. package/skills/agentic-compass/scripts/agentic-compass.py +196 -0
  224. package/skills/arcane-dev-ops/SKILL.md +61 -0
  225. package/skills/arcane-dev-ops/references/checklist.md +22 -0
  226. package/skills/arcane-dev-ops/references/validation-cases.md +11 -0
  227. package/skills/arcane-dev-ops/scripts/prepush_check.sh +41 -0
  228. package/skills/auto-updater/.clawhub/origin.json +7 -0
  229. package/skills/auto-updater/SKILL.md +158 -0
  230. package/skills/auto-updater/references/agent-guide.md +152 -0
  231. package/skills/auto-updater/references/summary-examples.md +109 -0
  232. package/skills/business-health-diagnostic/SKILL.md +782 -0
  233. package/skills/byterover/.clawhub/origin.json +7 -0
  234. package/skills/byterover/SKILL.md +105 -0
  235. package/skills/byterover/TROUBLESHOOTING.md +50 -0
  236. package/skills/byterover/WORKFLOWS.md +229 -0
  237. package/skills/capability-evolver/.clawhub/origin.json +7 -0
  238. package/skills/capability-evolver/CONTRIBUTING.md +11 -0
  239. package/skills/capability-evolver/README.md +157 -0
  240. package/skills/capability-evolver/README.zh-CN.md +112 -0
  241. package/skills/capability-evolver/SKILL.md +93 -0
  242. package/skills/capability-evolver/assets/gep/capsules.json +5 -0
  243. package/skills/capability-evolver/assets/gep/genes.json +104 -0
  244. package/skills/capability-evolver/index.js +59 -0
  245. package/skills/capability-evolver/package.json +22 -0
  246. package/skills/capability-evolver/scripts/analyze_by_skill.js +121 -0
  247. package/skills/capability-evolver/scripts/build_public.js +350 -0
  248. package/skills/capability-evolver/scripts/export_history.js +98 -0
  249. package/skills/capability-evolver/scripts/extract_log.js +85 -0
  250. package/skills/capability-evolver/scripts/generate_history.js +75 -0
  251. package/skills/capability-evolver/scripts/human_report.js +147 -0
  252. package/skills/capability-evolver/scripts/publish_public.js +516 -0
  253. package/skills/capability-evolver/scripts/suggest_version.js +89 -0
  254. package/skills/capability-evolver/src/evolve.js +594 -0
  255. package/skills/capability-evolver/src/gep/assetStore.js +204 -0
  256. package/skills/capability-evolver/src/gep/candidates.js +134 -0
  257. package/skills/capability-evolver/src/gep/paths.js +23 -0
  258. package/skills/capability-evolver/src/gep/prompt.js +254 -0
  259. package/skills/capability-evolver/src/gep/selector.js +89 -0
  260. package/skills/capability-evolver/src/gep/signals.js +27 -0
  261. package/skills/cc-godmode/.clawhub/origin.json +7 -0
  262. package/skills/cc-godmode/CHANGELOG.md +66 -0
  263. package/skills/cc-godmode/README.md +293 -0
  264. package/skills/cc-godmode/SKILL.md +242 -0
  265. package/skills/cc-godmode/docs/AGENTS.md +332 -0
  266. package/skills/cc-godmode/docs/MIGRATION.md +206 -0
  267. package/skills/cc-godmode/docs/TROUBLESHOOTING.md +357 -0
  268. package/skills/cc-godmode/docs/WORKFLOWS.md +329 -0
  269. package/skills/cc-godmode/references/agents.md +433 -0
  270. package/skills/cc-godmode/scripts/build-skill.js +232 -0
  271. package/skills/clawdbot-filesystem/.clawhub/origin.json +7 -0
  272. package/skills/clawdbot-filesystem/LICENSE.md +21 -0
  273. package/skills/clawdbot-filesystem/README.md +322 -0
  274. package/skills/clawdbot-filesystem/SKILL.md +219 -0
  275. package/skills/clawdbot-filesystem/config.json +41 -0
  276. package/skills/clawdbot-filesystem/package.json +69 -0
  277. package/skills/clawdbot-security-check/.clawhub/origin.json +7 -0
  278. package/skills/clawdbot-security-check/README.md +168 -0
  279. package/skills/clawdbot-security-check/SKILL.md +145 -0
  280. package/skills/clawdbot-security-check/references/audit-checks.md +521 -0
  281. package/skills/clawdbot-security-check/skill.json +42 -0
  282. package/skills/clawddocs/.clawhub/origin.json +7 -0
  283. package/skills/clawddocs/SKILL.md +176 -0
  284. package/skills/clawddocs/package.json +9 -0
  285. package/skills/clawddocs/scripts/build-index.sh +17 -0
  286. package/skills/clawddocs/scripts/cache.sh +13 -0
  287. package/skills/clawddocs/scripts/fetch-doc.sh +7 -0
  288. package/skills/clawddocs/scripts/recent.sh +5 -0
  289. package/skills/clawddocs/scripts/search.sh +8 -0
  290. package/skills/clawddocs/scripts/sitemap.sh +23 -0
  291. package/skills/clawddocs/scripts/track-changes.sh +16 -0
  292. package/skills/clawddocs/snippets/common-configs.md +69 -0
  293. package/skills/clawguard/.clawhub/origin.json +7 -0
  294. package/skills/clawguard/SKILL.md +137 -0
  295. package/skills/company-research/SKILL.md +393 -0
  296. package/skills/company-research/examples/sample.md +164 -0
  297. package/skills/company-research/template.md +60 -0
  298. package/skills/crypto-price/.clawhub/origin.json +7 -0
  299. package/skills/crypto-price/ARCHITECTURE.md +437 -0
  300. package/skills/crypto-price/README.md +194 -0
  301. package/skills/crypto-price/SKILL.md +61 -0
  302. package/skills/crypto-price/requirements.txt +1 -0
  303. package/skills/crypto-price/scripts/get_price_chart.py +988 -0
  304. package/skills/customer-journey-map/SKILL.md +343 -0
  305. package/skills/customer-journey-map/examples/sample.md +33 -0
  306. package/skills/customer-journey-map/template.md +28 -0
  307. package/skills/customer-journey-mapping-workshop/SKILL.md +522 -0
  308. package/skills/deep-research/.clawhub/origin.json +7 -0
  309. package/skills/deep-research/SKILL.md +93 -0
  310. package/skills/deep-research/rules/logic.md +32 -0
  311. package/skills/discord-telegram-triage/SKILL.md +59 -0
  312. package/skills/discord-telegram-triage/references/discord-runbook.md +28 -0
  313. package/skills/discord-telegram-triage/references/validation-cases.md +11 -0
  314. package/skills/discord-telegram-triage/scripts/triage_snapshot.sh +23 -0
  315. package/skills/discovery-interview-prep/SKILL.md +408 -0
  316. package/skills/discovery-process/SKILL.md +503 -0
  317. package/skills/discovery-process/examples/sample.md +60 -0
  318. package/skills/discovery-process/template.md +39 -0
  319. package/skills/dist/arcane-dev-ops.skill +0 -0
  320. package/skills/dist/discord-telegram-triage.skill +0 -0
  321. package/skills/dist/founder-brief-summarizer.skill +0 -0
  322. package/skills/epic-breakdown-advisor/SKILL.md +664 -0
  323. package/skills/epic-hypothesis/SKILL.md +285 -0
  324. package/skills/epic-hypothesis/examples/sample.md +104 -0
  325. package/skills/epic-hypothesis/template.md +30 -0
  326. package/skills/excel/.clawhub/origin.json +7 -0
  327. package/skills/excel/SKILL.md +332 -0
  328. package/skills/excel/scripts/excel.py +1120 -0
  329. package/skills/fast-browser-use/.clawhub/origin.json +7 -0
  330. package/skills/fast-browser-use/CODEBUDDY.md +142 -0
  331. package/skills/fast-browser-use/Cargo.toml +77 -0
  332. package/skills/fast-browser-use/README.md +62 -0
  333. package/skills/fast-browser-use/SKILL.md +217 -0
  334. package/skills/fast-browser-use/package-lock.json +28 -0
  335. package/skills/fast-browser-use/package.json +8 -0
  336. package/skills/fast-browser-use/rustfmt.toml +10 -0
  337. package/skills/fast-browser-use/src/bin/cli.rs +373 -0
  338. package/skills/fast-browser-use/src/bin/mcp_server.rs +203 -0
  339. package/skills/fast-browser-use/src/browser/config.rs +136 -0
  340. package/skills/fast-browser-use/src/browser/debug.rs +16 -0
  341. package/skills/fast-browser-use/src/browser/mod.rs +61 -0
  342. package/skills/fast-browser-use/src/browser/session.rs +478 -0
  343. package/skills/fast-browser-use/src/dom/element.rs +442 -0
  344. package/skills/fast-browser-use/src/dom/extract_dom.js +849 -0
  345. package/skills/fast-browser-use/src/dom/mod.rs +14 -0
  346. package/skills/fast-browser-use/src/dom/tree.rs +296 -0
  347. package/skills/fast-browser-use/src/dom/yaml.rs +149 -0
  348. package/skills/fast-browser-use/src/error.rs +115 -0
  349. package/skills/fast-browser-use/src/lib.rs +17 -0
  350. package/skills/fast-browser-use/src/mcp/handler.rs +63 -0
  351. package/skills/fast-browser-use/src/mcp/mod.rs +81 -0
  352. package/skills/fast-browser-use/src/tools/Readability.min.js +1480 -0
  353. package/skills/fast-browser-use/src/tools/annotate.rs +165 -0
  354. package/skills/fast-browser-use/src/tools/click.rs +84 -0
  355. package/skills/fast-browser-use/src/tools/close.rs +35 -0
  356. package/skills/fast-browser-use/src/tools/close_tab.rs +45 -0
  357. package/skills/fast-browser-use/src/tools/convert_to_markdown.js +117 -0
  358. package/skills/fast-browser-use/src/tools/cookies.rs +58 -0
  359. package/skills/fast-browser-use/src/tools/debug.rs +44 -0
  360. package/skills/fast-browser-use/src/tools/evaluate.rs +40 -0
  361. package/skills/fast-browser-use/src/tools/extract.rs +66 -0
  362. package/skills/fast-browser-use/src/tools/go_back.rs +35 -0
  363. package/skills/fast-browser-use/src/tools/go_forward.rs +35 -0
  364. package/skills/fast-browser-use/src/tools/hover.js +33 -0
  365. package/skills/fast-browser-use/src/tools/hover.rs +97 -0
  366. package/skills/fast-browser-use/src/tools/html_to_markdown.rs +99 -0
  367. package/skills/fast-browser-use/src/tools/input.rs +93 -0
  368. package/skills/fast-browser-use/src/tools/local_storage.rs +159 -0
  369. package/skills/fast-browser-use/src/tools/markdown.rs +181 -0
  370. package/skills/fast-browser-use/src/tools/mod.rs +326 -0
  371. package/skills/fast-browser-use/src/tools/navigate.rs +55 -0
  372. package/skills/fast-browser-use/src/tools/new_tab.rs +60 -0
  373. package/skills/fast-browser-use/src/tools/press_key.rs +78 -0
  374. package/skills/fast-browser-use/src/tools/read_links.rs +59 -0
  375. package/skills/fast-browser-use/src/tools/readability_script.rs +8 -0
  376. package/skills/fast-browser-use/src/tools/screenshot.rs +47 -0
  377. package/skills/fast-browser-use/src/tools/scroll.js +22 -0
  378. package/skills/fast-browser-use/src/tools/scroll.rs +95 -0
  379. package/skills/fast-browser-use/src/tools/select.js +23 -0
  380. package/skills/fast-browser-use/src/tools/select.rs +129 -0
  381. package/skills/fast-browser-use/src/tools/sitemap.rs +426 -0
  382. package/skills/fast-browser-use/src/tools/snapshot.rs +324 -0
  383. package/skills/fast-browser-use/src/tools/switch_tab.rs +69 -0
  384. package/skills/fast-browser-use/src/tools/tab_list.rs +76 -0
  385. package/skills/fast-browser-use/src/tools/utils.rs +92 -0
  386. package/skills/fast-browser-use/src/tools/wait.rs +53 -0
  387. package/skills/fast-browser-use/test_auth.json +3 -0
  388. package/skills/fast-browser-use/test_state.json +6 -0
  389. package/skills/fast-browser-use/tests/browser_tools_integration.rs +233 -0
  390. package/skills/fast-browser-use/tests/cli_recipes_integration.rs +112 -0
  391. package/skills/fast-browser-use/tests/cookies_integration.rs +56 -0
  392. package/skills/fast-browser-use/tests/debug_integration.rs +83 -0
  393. package/skills/fast-browser-use/tests/dom_integration.rs +170 -0
  394. package/skills/fast-browser-use/tests/local_storage_integration.rs +75 -0
  395. package/skills/fast-browser-use/tests/markdown_integration.rs +448 -0
  396. package/skills/fast-browser-use/tests/navigation_integration.rs +241 -0
  397. package/skills/fast-browser-use/tests/sitemap_integration.rs +326 -0
  398. package/skills/fast-browser-use/tests/tab_management_integration.rs +300 -0
  399. package/skills/feature-investment-advisor/SKILL.md +639 -0
  400. package/skills/feature-investment-advisor/examples/conversation-flow.md +538 -0
  401. package/skills/finance-based-pricing-advisor/SKILL.md +763 -0
  402. package/skills/finance-metrics-quickref/SKILL.md +309 -0
  403. package/skills/find-skills/.clawhub/origin.json +7 -0
  404. package/skills/find-skills/SKILL.md +143 -0
  405. package/skills/flavor-text-writer/SKILL.md +27 -0
  406. package/skills/founder-brief-summarizer/SKILL.md +52 -0
  407. package/skills/founder-brief-summarizer/references/response-templates.md +15 -0
  408. package/skills/founder-brief-summarizer/references/validation-cases.md +11 -0
  409. package/skills/founder-brief-summarizer/scripts/brief_template.sh +28 -0
  410. package/skills/frontend-design/.clawhub/origin.json +7 -0
  411. package/skills/frontend-design/LICENSE.txt +190 -0
  412. package/skills/frontend-design/SKILL.md +53 -0
  413. package/skills/gemini/.clawhub/origin.json +7 -0
  414. package/skills/gemini/SKILL.md +33 -0
  415. package/skills/gemini-deep-research/.clawhub/origin.json +7 -0
  416. package/skills/gemini-deep-research/SKILL.md +78 -0
  417. package/skills/gemini-deep-research/scripts/deep_research.py +176 -0
  418. package/skills/git-essentials/.clawhub/origin.json +7 -0
  419. package/skills/git-essentials/SKILL.md +239 -0
  420. package/skills/git-essentials/references/advanced.md +211 -0
  421. package/skills/github/.clawhub/origin.json +7 -0
  422. package/skills/github/SKILL.md +57 -0
  423. package/skills/google-drive/.clawhub/origin.json +7 -0
  424. package/skills/google-drive/LICENSE.txt +21 -0
  425. package/skills/google-drive/SKILL.md +320 -0
  426. package/skills/growth-loop/SKILL.md +270 -0
  427. package/skills/growth-loop/_meta.json +9 -0
  428. package/skills/growth-loop/references/diagnosis-framework.md +84 -0
  429. package/skills/growth-loop/references/platform-benchmarks.md +79 -0
  430. package/skills/growth-loop/scripts/init-campaign.sh +274 -0
  431. package/skills/humanize-ai-text/.clawhub/origin.json +7 -0
  432. package/skills/humanize-ai-text/SKILL.md +192 -0
  433. package/skills/humanize-ai-text/scripts/compare.py +58 -0
  434. package/skills/humanize-ai-text/scripts/detect.py +160 -0
  435. package/skills/humanize-ai-text/scripts/patterns.json +191 -0
  436. package/skills/humanize-ai-text/scripts/transform.py +127 -0
  437. package/skills/humanizer/.clawhub/origin.json +7 -0
  438. package/skills/humanizer/README.md +82 -0
  439. package/skills/humanizer/SKILL.md +443 -0
  440. package/skills/jobs-to-be-done/SKILL.md +378 -0
  441. package/skills/jobs-to-be-done/examples/sample.md +80 -0
  442. package/skills/jobs-to-be-done/template.md +65 -0
  443. package/skills/lean-ux-canvas/SKILL.md +561 -0
  444. package/skills/lean-ux-canvas/examples/sample.md +88 -0
  445. package/skills/lean-ux-canvas/template.md +32 -0
  446. package/skills/markdown-formatter/.clawhub/origin.json +7 -0
  447. package/skills/markdown-formatter/README.md +137 -0
  448. package/skills/markdown-formatter/SKILL.md +369 -0
  449. package/skills/markdown-formatter/config.json +20 -0
  450. package/skills/markdown-formatter/index.js +439 -0
  451. package/skills/markdown-formatter/package.json +23 -0
  452. package/skills/markdown-formatter/test.js +23 -0
  453. package/skills/marketing-mode/.clawhub/origin.json +7 -0
  454. package/skills/marketing-mode/README.md +49 -0
  455. package/skills/marketing-mode/SKILL.md +703 -0
  456. package/skills/marketing-mode/mode-prompt.md +39 -0
  457. package/skills/marketing-mode/skill.json +51 -0
  458. package/skills/memory-hygiene/.clawhub/origin.json +7 -0
  459. package/skills/memory-hygiene/SKILL.md +91 -0
  460. package/skills/memory-setup/.clawhub/origin.json +7 -0
  461. package/skills/memory-setup/SKILL.md +180 -0
  462. package/skills/memorylayer/.clawhub/origin.json +7 -0
  463. package/skills/memorylayer/README.md +197 -0
  464. package/skills/memorylayer/SKILL.md +227 -0
  465. package/skills/memorylayer/examples/agent-integration.js +145 -0
  466. package/skills/memorylayer/examples/basic-usage.js +87 -0
  467. package/skills/memorylayer/examples/token-savings-demo.js +183 -0
  468. package/skills/memorylayer/index.js +115 -0
  469. package/skills/memorylayer/package-lock.json +295 -0
  470. package/skills/memorylayer/package.json +27 -0
  471. package/skills/memorylayer/python/memorylayer_skill.py +230 -0
  472. package/skills/memorylayer/python/requirements.txt +7 -0
  473. package/skills/mesh/SKILL.md +184 -0
  474. package/skills/model-usage/.clawhub/origin.json +7 -0
  475. package/skills/model-usage/SKILL.md +54 -0
  476. package/skills/model-usage/references/codexbar-cli.md +28 -0
  477. package/skills/model-usage/scripts/model_usage.py +310 -0
  478. package/skills/moltbook-interact/.clawhub/origin.json +7 -0
  479. package/skills/moltbook-interact/INSTALL.md +139 -0
  480. package/skills/moltbook-interact/README.md +198 -0
  481. package/skills/moltbook-interact/SKILL.md +72 -0
  482. package/skills/moltbook-interact/references/api.md +106 -0
  483. package/skills/moltbook-interact/scripts/moltbook.sh +142 -0
  484. package/skills/moltbook-registry/.clawhub/origin.json +7 -0
  485. package/skills/moltbook-registry/README.md +26 -0
  486. package/skills/moltbook-registry/SKILL.md +82 -0
  487. package/skills/moltbook-registry/index.js +180 -0
  488. package/skills/moltbook-registry/package.json +11 -0
  489. package/skills/mythril-scanner/SKILL.md +27 -0
  490. package/skills/n8n/.clawhub/origin.json +7 -0
  491. package/skills/n8n/SKILL.md +141 -0
  492. package/skills/n8n/references/api.md +156 -0
  493. package/skills/n8n/scripts/n8n_api.py +158 -0
  494. package/skills/n8n-workflow-automation/.clawhub/origin.json +7 -0
  495. package/skills/n8n-workflow-automation/SKILL.md +103 -0
  496. package/skills/n8n-workflow-automation/assets/runbook-template.md +32 -0
  497. package/skills/narrative-designer/SKILL.md +27 -0
  498. package/skills/ontology/.clawhub/origin.json +7 -0
  499. package/skills/ontology/SKILL.md +236 -0
  500. package/skills/ontology/references/queries.md +211 -0
  501. package/skills/ontology/references/schema.md +322 -0
  502. package/skills/ontology/scripts/ontology.py +374 -0
  503. package/skills/openai-image-gen/.clawhub/origin.json +7 -0
  504. package/skills/openai-image-gen/SKILL.md +45 -0
  505. package/skills/openai-image-gen/scripts/gen.py +227 -0
  506. package/skills/openclaw-agent-optimize/.clawhub/origin.json +7 -0
  507. package/skills/openclaw-agent-optimize/SKILL.md +33 -0
  508. package/skills/openclaw-agent-optimize/references/agent-orchestration.md +20 -0
  509. package/skills/openclaw-agent-optimize/references/context-management.md +15 -0
  510. package/skills/openclaw-agent-optimize/references/continuous-learning.md +14 -0
  511. package/skills/openclaw-agent-optimize/references/cron-optimization.md +16 -0
  512. package/skills/openclaw-agent-optimize/references/memory-patterns.md +14 -0
  513. package/skills/openclaw-agent-optimize/references/model-selection.md +18 -0
  514. package/skills/openclaw-skill-scanner/.clawhub/origin.json +7 -0
  515. package/skills/openclaw-skill-scanner/SKILL.md +88 -0
  516. package/skills/openclaw-skill-scanner/install-hook.sh +294 -0
  517. package/skills/openclaw-skill-scanner/report-template.md +53 -0
  518. package/skills/openclaw-skill-scanner/scanner.py +929 -0
  519. package/skills/openclaw-skill-scanner/whitelist.json +18 -0
  520. package/skills/opportunity-solution-tree/SKILL.md +428 -0
  521. package/skills/opportunity-solution-tree/examples/sample.md +104 -0
  522. package/skills/opportunity-solution-tree/template.md +33 -0
  523. package/skills/pdf/.clawhub/origin.json +7 -0
  524. package/skills/pdf/SKILL.md +304 -0
  525. package/skills/pestel-analysis/SKILL.md +384 -0
  526. package/skills/pestel-analysis/examples/sample.md +143 -0
  527. package/skills/pestel-analysis/template.md +53 -0
  528. package/skills/pol-probe/SKILL.md +217 -0
  529. package/skills/pol-probe/examples/sample.md +136 -0
  530. package/skills/pol-probe/template.md +59 -0
  531. package/skills/pol-probe-advisor/SKILL.md +492 -0
  532. package/skills/positioning-statement/SKILL.md +229 -0
  533. package/skills/positioning-statement/examples/sample.md +51 -0
  534. package/skills/positioning-statement/template.md +25 -0
  535. package/skills/positioning-workshop/SKILL.md +424 -0
  536. package/skills/prd-development/SKILL.md +654 -0
  537. package/skills/prd-development/examples/sample.md +43 -0
  538. package/skills/prd-development/template.md +55 -0
  539. package/skills/press-release/SKILL.md +277 -0
  540. package/skills/press-release/examples/sample.md +73 -0
  541. package/skills/press-release/template.md +39 -0
  542. package/skills/prioritization-advisor/SKILL.md +451 -0
  543. package/skills/proactive-messages/.clawhub/origin.json +7 -0
  544. package/skills/proactive-messages/SKILL.md +91 -0
  545. package/skills/problem-framing-canvas/SKILL.md +466 -0
  546. package/skills/problem-framing-canvas/examples/sample.md +58 -0
  547. package/skills/problem-framing-canvas/template.md +22 -0
  548. package/skills/problem-statement/SKILL.md +255 -0
  549. package/skills/problem-statement/examples/sample.md +82 -0
  550. package/skills/problem-statement/template.md +37 -0
  551. package/skills/product-strategy-session/SKILL.md +434 -0
  552. package/skills/product-strategy-session/examples/sample.md +67 -0
  553. package/skills/product-strategy-session/template.md +38 -0
  554. package/skills/prompt-guard/.clawhub/origin.json +7 -0
  555. package/skills/prompt-guard/ARCHITECTURE.md +364 -0
  556. package/skills/prompt-guard/CHANGELOG.md +200 -0
  557. package/skills/prompt-guard/README.md +215 -0
  558. package/skills/prompt-guard/SECURITY.md +66 -0
  559. package/skills/prompt-guard/SKILL.md +174 -0
  560. package/skills/prompt-guard/blog/how-i-secured-my-ai-agent.md +185 -0
  561. package/skills/prompt-guard/config.example.yaml +56 -0
  562. package/skills/prompt-guard/references/detection-patterns.md +298 -0
  563. package/skills/prompt-guard/requirements.txt +1 -0
  564. package/skills/prompt-guard/scripts/analyze_log.py +224 -0
  565. package/skills/prompt-guard/scripts/audit.py +344 -0
  566. package/skills/prompt-guard/scripts/detect.py +1587 -0
  567. package/skills/prompt-guard/scripts/hivefence.py +345 -0
  568. package/skills/proto-persona/SKILL.md +336 -0
  569. package/skills/proto-persona/examples/sample.md +97 -0
  570. package/skills/proto-persona/template.md +45 -0
  571. package/skills/recommendation-canvas/SKILL.md +382 -0
  572. package/skills/recommendation-canvas/examples/sample.md +94 -0
  573. package/skills/recommendation-canvas/template.md +86 -0
  574. package/skills/refactor-suggest/.clawhub/origin.json +7 -0
  575. package/skills/refactor-suggest/SKILL.md +94 -0
  576. package/skills/roadmap-planning/SKILL.md +506 -0
  577. package/skills/roadmap-planning/examples/sample.md +62 -0
  578. package/skills/roadmap-planning/template.md +30 -0
  579. package/skills/saas-economics-efficiency-metrics/SKILL.md +694 -0
  580. package/skills/saas-economics-efficiency-metrics/examples/cash-trap.md +365 -0
  581. package/skills/saas-economics-efficiency-metrics/examples/healthy-unit-economics.md +279 -0
  582. package/skills/saas-economics-efficiency-metrics/template.md +263 -0
  583. package/skills/saas-revenue-growth-metrics/SKILL.md +629 -0
  584. package/skills/saas-revenue-growth-metrics/examples/healthy-saas.md +131 -0
  585. package/skills/saas-revenue-growth-metrics/examples/warning-signs.md +229 -0
  586. package/skills/saas-revenue-growth-metrics/template.md +192 -0
  587. package/skills/save-money/.clawhub/origin.json +7 -0
  588. package/skills/save-money/SKILL.md +173 -0
  589. package/skills/scripts/golden_skills_v3.sh +32 -0
  590. package/skills/search/.clawhub/origin.json +7 -0
  591. package/skills/search/SKILL.md +18 -0
  592. package/skills/search/skill.json +1 -0
  593. package/skills/second-brain/.clawhub/origin.json +7 -0
  594. package/skills/second-brain/SKILL.md +278 -0
  595. package/skills/second-brain/scripts/ensue-api.sh +37 -0
  596. package/skills/self-improving-agent/.clawhub/origin.json +7 -0
  597. package/skills/self-improving-agent/.learnings/ERRORS.md +5 -0
  598. package/skills/self-improving-agent/.learnings/FEATURE_REQUESTS.md +5 -0
  599. package/skills/self-improving-agent/.learnings/LEARNINGS.md +5 -0
  600. package/skills/self-improving-agent/SKILL.md +130 -0
  601. package/skills/self-improving-agent/assets/LEARNINGS.md +45 -0
  602. package/skills/self-improving-agent/assets/SKILL-TEMPLATE.md +177 -0
  603. package/skills/self-improving-agent/hooks/openclaw/HOOK.md +23 -0
  604. package/skills/self-improving-agent/hooks/openclaw/handler.js +56 -0
  605. package/skills/self-improving-agent/hooks/openclaw/handler.ts +62 -0
  606. package/skills/self-improving-agent/references/examples.md +374 -0
  607. package/skills/self-improving-agent/references/hooks-setup.md +223 -0
  608. package/skills/self-improving-agent/references/openclaw-integration.md +248 -0
  609. package/skills/self-improving-agent/references/templates.md +480 -0
  610. package/skills/self-improving-agent/scripts/activator.sh +20 -0
  611. package/skills/self-improving-agent/scripts/error-detector.sh +55 -0
  612. package/skills/self-improving-agent/scripts/extract-skill.sh +203 -0
  613. package/skills/self-improving-agent-1-0-2/.clawhub/origin.json +7 -0
  614. package/skills/self-improving-agent-1-0-2/SKILL.md +562 -0
  615. package/skills/self-improving-agent-1-0-2/assets/LEARNINGS.md +45 -0
  616. package/skills/self-improving-agent-1-0-2/assets/SKILL-TEMPLATE.md +182 -0
  617. package/skills/self-improving-agent-1-0-2/references/clawdbot-integration.md +311 -0
  618. package/skills/self-improving-agent-1-0-2/references/examples.md +374 -0
  619. package/skills/self-improving-agent-1-0-2/references/hooks-setup.md +223 -0
  620. package/skills/self-improving-agent-1-0-2/scripts/activator.sh +20 -0
  621. package/skills/self-improving-agent-1-0-2/scripts/error-detector.sh +55 -0
  622. package/skills/self-improving-agent-1-0-2/scripts/extract-skill.sh +203 -0
  623. package/skills/self-love-confidence/.clawhub/origin.json +7 -0
  624. package/skills/self-love-confidence/SKILL.md +79 -0
  625. package/skills/self-reflection/.clawhub/origin.json +7 -0
  626. package/skills/self-reflection/README.md +292 -0
  627. package/skills/self-reflection/SKILL.md +110 -0
  628. package/skills/self-reflection/self-reflection.example.json +6 -0
  629. package/skills/slither-analyzer/SKILL.md +27 -0
  630. package/skills/solidity-audit/SKILL.md +27 -0
  631. package/skills/soulcraft/.clawhub/origin.json +7 -0
  632. package/skills/soulcraft/README.md +123 -0
  633. package/skills/soulcraft/SKILL.md +340 -0
  634. package/skills/soulcraft/references/question-bank.md +154 -0
  635. package/skills/soulcraft/references/soul-examples.md +207 -0
  636. package/skills/soulcraft/research/RESEARCH_REPORT.md +317 -0
  637. package/skills/spotify-player/.clawhub/origin.json +7 -0
  638. package/skills/spotify-player/SKILL.md +44 -0
  639. package/skills/storyboard/SKILL.md +259 -0
  640. package/skills/storyboard/examples/sample.md +71 -0
  641. package/skills/storyboard/template.md +41 -0
  642. package/skills/summarize/.clawhub/origin.json +7 -0
  643. package/skills/summarize/SKILL.md +59 -0
  644. package/skills/superdesign/.clawhub/origin.json +7 -0
  645. package/skills/superdesign/SKILL.md +224 -0
  646. package/skills/tam-sam-som-calculator/SKILL.md +399 -0
  647. package/skills/tam-sam-som-calculator/examples/sample.md +142 -0
  648. package/skills/tam-sam-som-calculator/scripts/market-sizing.py +95 -0
  649. package/skills/tam-sam-som-calculator/template.md +35 -0
  650. package/skills/tavily-search/.clawhub/origin.json +7 -0
  651. package/skills/tavily-search/SKILL.md +49 -0
  652. package/skills/tavily-search/scripts/extract.mjs +59 -0
  653. package/skills/tavily-search/scripts/search.mjs +101 -0
  654. package/skills/twitter/SKILL.md +74 -0
  655. package/skills/twitter/_meta.json +9 -0
  656. package/skills/twitter/references/validation-cases.md +53 -0
  657. package/skills/twitter/scripts/twitter.sh +421 -0
  658. package/skills/ui-ux-pro-max/.clawhub/origin.json +7 -0
  659. package/skills/ui-ux-pro-max/SKILL.md +54 -0
  660. package/skills/ui-ux-pro-max/assets/data/charts.csv +26 -0
  661. package/skills/ui-ux-pro-max/assets/data/colors.csv +97 -0
  662. package/skills/ui-ux-pro-max/assets/data/icons.csv +101 -0
  663. package/skills/ui-ux-pro-max/assets/data/landing.csv +31 -0
  664. package/skills/ui-ux-pro-max/assets/data/products.csv +97 -0
  665. package/skills/ui-ux-pro-max/assets/data/react-performance.csv +45 -0
  666. package/skills/ui-ux-pro-max/assets/data/stacks/astro.csv +54 -0
  667. package/skills/ui-ux-pro-max/assets/data/stacks/flutter.csv +53 -0
  668. package/skills/ui-ux-pro-max/assets/data/stacks/html-tailwind.csv +56 -0
  669. package/skills/ui-ux-pro-max/assets/data/stacks/jetpack-compose.csv +53 -0
  670. package/skills/ui-ux-pro-max/assets/data/stacks/nextjs.csv +53 -0
  671. package/skills/ui-ux-pro-max/assets/data/stacks/nuxt-ui.csv +51 -0
  672. package/skills/ui-ux-pro-max/assets/data/stacks/nuxtjs.csv +59 -0
  673. package/skills/ui-ux-pro-max/assets/data/stacks/react-native.csv +52 -0
  674. package/skills/ui-ux-pro-max/assets/data/stacks/react.csv +54 -0
  675. package/skills/ui-ux-pro-max/assets/data/stacks/shadcn.csv +61 -0
  676. package/skills/ui-ux-pro-max/assets/data/stacks/svelte.csv +54 -0
  677. package/skills/ui-ux-pro-max/assets/data/stacks/swiftui.csv +51 -0
  678. package/skills/ui-ux-pro-max/assets/data/stacks/vue.csv +50 -0
  679. package/skills/ui-ux-pro-max/assets/data/styles.csv +68 -0
  680. package/skills/ui-ux-pro-max/assets/data/typography.csv +58 -0
  681. package/skills/ui-ux-pro-max/assets/data/ui-reasoning.csv +101 -0
  682. package/skills/ui-ux-pro-max/assets/data/ux-guidelines.csv +100 -0
  683. package/skills/ui-ux-pro-max/assets/data/web-interface.csv +31 -0
  684. package/skills/ui-ux-pro-max/references/upstream-README.md +488 -0
  685. package/skills/ui-ux-pro-max/references/upstream-skill-content.md +288 -0
  686. package/skills/ui-ux-pro-max/scripts/__init__.py +0 -0
  687. package/skills/ui-ux-pro-max/scripts/core.py +253 -0
  688. package/skills/ui-ux-pro-max/scripts/design_system.py +1071 -0
  689. package/skills/ui-ux-pro-max/scripts/search.py +111 -0
  690. package/skills/user-story/SKILL.md +272 -0
  691. package/skills/user-story/examples/sample.md +110 -0
  692. package/skills/user-story/scripts/user-story-template.py +65 -0
  693. package/skills/user-story/template.md +32 -0
  694. package/skills/user-story-mapping/SKILL.md +296 -0
  695. package/skills/user-story-mapping/examples/sample.md +77 -0
  696. package/skills/user-story-mapping/template.md +41 -0
  697. package/skills/user-story-mapping-workshop/SKILL.md +485 -0
  698. package/skills/user-story-mapping-workshop/template.md +28 -0
  699. package/skills/user-story-splitting/SKILL.md +313 -0
  700. package/skills/user-story-splitting/examples/sample.md +147 -0
  701. package/skills/user-story-splitting/template.md +37 -0
  702. package/skills/wacli/.clawhub/origin.json +7 -0
  703. package/skills/wacli/SKILL.md +53 -0
  704. package/skills/web-search/.clawhub/origin.json +7 -0
  705. package/skills/web-search/SKILL.md +151 -0
  706. package/skills/web-search/references/api-details.md +207 -0
  707. package/skills/web-search/scripts/search.py +576 -0
  708. package/skills/workshop-facilitation/SKILL.md +88 -0
  709. package/skills/world-builder/SKILL.md +27 -0
  710. package/souls/blockchain-auditor/PRINCIPLES.md +75 -0
  711. package/souls/blockchain-auditor/SOUL.md +56 -0
  712. package/souls/blockchain-auditor/capabilities.json +33 -0
  713. package/souls/blockchain-auditor/evolution/capsules.json +4 -0
  714. package/souls/blockchain-auditor/evolution/events.jsonl +1 -0
  715. package/souls/blockchain-auditor/evolution/genes.json +62 -0
  716. package/souls/daedalus/PRINCIPLES.md +78 -0
  717. package/souls/daedalus/SOUL.md +48 -0
  718. package/souls/daedalus/capabilities.json +46 -0
  719. package/souls/identity-architect/PRINCIPLES.md +83 -0
  720. package/souls/identity-architect/SOUL.md +66 -0
  721. package/souls/identity-architect/capabilities.json +38 -0
  722. package/souls/identity-architect/evolution/capsules.json +4 -0
  723. package/souls/identity-architect/evolution/events.jsonl +0 -0
  724. package/souls/identity-architect/evolution/genes.json +4 -0
  725. package/souls/infra-ops/PRINCIPLES.md +77 -0
  726. package/souls/infra-ops/SOUL.md +56 -0
  727. package/souls/infra-ops/capabilities.json +33 -0
  728. package/souls/infra-ops/evolution/capsules.json +4 -0
  729. package/souls/infra-ops/evolution/events.jsonl +0 -0
  730. package/souls/infra-ops/evolution/genes.json +4 -0
  731. package/souls/lore-writer/PRINCIPLES.md +74 -0
  732. package/souls/lore-writer/SOUL.md +54 -0
  733. package/souls/lore-writer/capabilities.json +37 -0
  734. package/souls/lore-writer/evolution/capsules.json +4 -0
  735. package/souls/lore-writer/evolution/events.jsonl +0 -0
  736. package/souls/lore-writer/evolution/genes.json +4 -0
  737. package/souls/qa-evidence/PRINCIPLES.md +97 -0
  738. package/souls/qa-evidence/SOUL.md +66 -0
  739. package/souls/qa-evidence/capabilities.json +32 -0
  740. package/souls/qa-evidence/evolution/capsules.json +4 -0
  741. package/souls/qa-evidence/evolution/events.jsonl +0 -0
  742. package/souls/qa-evidence/evolution/genes.json +4 -0
  743. package/souls/registry.json +211 -0
  744. package/souls/sync-registry.js +65 -0
  745. package/uninstall.sh +102 -0
  746. package/workspace-bin/auto-checkpoint +60 -0
  747. package/workspace-bin/clawvault-access-control +65 -0
  748. package/workspace-bin/clawvault-local +28 -0
  749. package/workspace-bin/compile-boot +494 -0
  750. package/workspace-bin/daily-log-writer.mjs +251 -0
  751. package/workspace-bin/evolve +540 -0
  752. package/workspace-bin/fitness_score.py +395 -0
  753. package/workspace-bin/hooks/pre-commit +80 -0
  754. package/workspace-bin/install-daemon +299 -0
  755. package/workspace-bin/lane-watchdog.js +232 -0
  756. package/workspace-bin/lib/__init__.py +0 -0
  757. package/workspace-bin/lib/frontmatter.py +114 -0
  758. package/workspace-bin/memory-daemon.mjs +879 -0
  759. package/workspace-bin/memory-maintenance.mjs +531 -0
  760. package/workspace-bin/mesh-bridge.mjs +154 -0
  761. package/workspace-bin/multi-review +130 -0
  762. package/workspace-bin/obsidian +125 -0
  763. package/workspace-bin/obsidian-sync.mjs +888 -0
  764. package/workspace-bin/openclaw-register-source +102 -0
  765. package/workspace-bin/proactive-scan +147 -0
  766. package/workspace-bin/quality-gate +175 -0
  767. package/workspace-bin/screenshot +96 -0
  768. package/workspace-bin/session-recap +453 -0
  769. package/workspace-bin/skill-audit +494 -0
  770. package/workspace-bin/skill-quality-check +134 -0
  771. package/workspace-bin/skill-routing-eval +599 -0
  772. package/workspace-bin/soul-prompt +251 -0
  773. package/workspace-bin/subagent-audit.mjs +267 -0
  774. package/workspace-bin/test-multi-soul-workflow +130 -0
  775. package/workspace-bin/trust-registry +465 -0
  776. package/workspace-docs/AGENTS.md +201 -0
  777. package/workspace-docs/CLAUDE.md +64 -0
  778. package/workspace-docs/PRINCIPLES.md +81 -0
  779. package/workspace-docs/SOUL.md +48 -0
package/skills/prompt-guard/scripts/detect.py ADDED
@@ -0,0 +1,1587 @@
1
+ #!/usr/bin/env python3
2
+ """
3
+ Prompt Guard v2.6.1 - Advanced Prompt Injection Detection
4
+ Multi-language, context-aware, severity-scored detection system.
5
+
6
+ Changelog v2.6.1 (2026-02-05):
7
+ - Added Allowlist Bypass patterns (api.anthropic.com, webhook.site, docs.google.com/forms)
8
+ - Added Hooks Hijacking patterns (PreToolUse, PromptSubmit, permissions override)
9
+ - Added Subagent Exploitation patterns (browser_subagent, navigate + exfiltrate)
10
+ - Added URL + Credential Combination patterns (URL-encode + .env)
11
+ - Added Hidden Text Injection patterns (1pt font, white-on-white)
12
+ - Added Gitignore Bypass patterns (cat .env workaround)
13
+ - Source: HiveFence Scout 2026-02-05 (PromptArmor, Simon Willison, LLMSecurity.net)
14
+ - Total: 5 new attack categories, 8 patterns
15
+
16
+ Changelog v2.6.0 (2026-02-01):
17
+ - Added Single Approval Expansion detection (scope creep attacks)
18
+ - Added Credential Path Harvesting detection
19
+ - Added Security Bypass Coaching detection
20
+ - Added DM Social Engineering patterns
21
+ - Real-world incident: 민표형(@kanfrancisco) red team test
22
+ - Total: 20+ new patterns from social engineering attack
23
+
24
+ Changelog v2.5.2 (2026-02-01):
25
+ - Added Moltbook attack collection patterns (agent social network analysis)
26
+ - Added BRC-20 style JSON injection detection
27
+ - Added guardrail-specific bypass patterns (temperature, settings)
28
+ - Added Agent Sovereignty manipulation patterns
29
+ - Added explicit CALL TO ACTION detection
30
+ - Total: 15+ new attack patterns from wild
31
+
32
+ Changelog v2.5.1 (2026-01-31):
33
+ - Hotfix: System prompt mimicry patterns
34
+
35
+ Changelog v2.5.0 (2026-01-30):
36
+ - Added authority impersonation patterns (KO/EN/JA/ZH)
37
+ - Added indirect injection detection (URLs, files, invisible chars)
38
+ - Added context hijacking patterns
39
+ - Added multi-turn manipulation detection
40
+ - Added token smuggling detection
41
+ - Expanded Korean/Japanese/Chinese patterns significantly
42
+ - Added 60+ new attack patterns
43
+ """
44
+
45
+ import re
46
+ import sys
47
+ import json
48
+ import base64
49
+ import hashlib
50
+ from datetime import datetime
51
+ from pathlib import Path
52
+ from dataclasses import dataclass, asdict
53
+ from typing import Optional, Dict, List, Any
54
+ from enum import Enum
55
+
56
+
57
+ class Severity(Enum):
58
+ SAFE = 0
59
+ LOW = 1
60
+ MEDIUM = 2
61
+ HIGH = 3
62
+ CRITICAL = 4
63
+
64
+
65
+ class Action(Enum):
66
+ ALLOW = "allow"
67
+ LOG = "log"
68
+ WARN = "warn"
69
+ BLOCK = "block"
70
+ BLOCK_NOTIFY = "block_notify"
71
+
72
+
73
+ @dataclass
74
+ class DetectionResult:
75
+ severity: Severity
76
+ action: Action
77
+ reasons: List[str]
78
+ patterns_matched: List[str]
79
+ normalized_text: Optional[str]
80
+ base64_findings: List[Dict]
81
+ recommendations: List[str]
82
+ fingerprint: str # Hash for deduplication
83
+
84
+ def to_dict(self) -> Dict:
85
+ d = asdict(self)
86
+ d["severity"] = self.severity.name
87
+ d["action"] = self.action.value
88
+ return d
89
+
90
+
91
+ # =============================================================================
92
+ # PATTERN DEFINITIONS
93
+ # =============================================================================
94
+
95
+ # =============================================================================
96
+ # NEW PATTERNS (2026-02-01) - Social Engineering Defense (민표형 Red Team)
97
+ # =============================================================================
98
+
99
+ # Single Approval Expansion - trying to expand scope after getting one approval
100
+ APPROVAL_EXPANSION = [
101
+ # Korean
102
+ r"아까\s*(허락|OK|오케이|승인)\s*했잖아",
103
+ r"(방금|아까)\s*해줬잖아",
104
+ r"계속\s*해(줘|봐)?",
105
+ r"(그것\s*말고|다른\s*것도)\s*(해줘|보여줘)",
106
+ r"형이\s*(OK|허락|승인)\s*했(으)?니까",
107
+ r"이미\s*허락\s*받았(어|잖아)",
108
+ # English
109
+ r"you\s+(just\s+)?(already|just)\s+(did|allowed|approved)",
110
+ r"keep\s+going",
111
+ r"(do|show)\s+(another|more|the\s+rest)",
112
+ r"(he|she|they|owner)\s+(already\s+)?(said|approved)\s+(ok|yes)",
113
+ ]
114
+
115
+ # Credential Path Harvesting - patterns containing sensitive file paths
116
+ CREDENTIAL_PATH_PATTERNS = [
117
+ r"credentials?\.json",
118
+ r"\.env\b",
119
+ r"config\.json",
120
+ r"clawdbot\.json",
121
+ r"~/\.clawdbot/",
122
+ r"/clawd/credentials",
123
+ r"api[_-]?key.*=",
124
+ r"token.*=.*['\"]",
125
+ r"secret.*=.*['\"]",
126
+ r"password.*=.*['\"]",
127
+ ]
128
+
129
+ # Security Bypass Coaching - asking for help circumventing security
130
+ BYPASS_COACHING = [
131
+ # Korean
132
+ r"(작동|동작)\s*(되게|하게)\s*(만들어|해)",
133
+ r"(방법|how)\s*(알려|가르쳐)",
134
+ r"(우회|bypass)\s*(하는\s*)?(법|방법|코드)",
135
+ r"어떻게\s*하면\s*(돼|될까)",
136
+ r"(제한|restriction)\s*(풀어|없애|해제)",
137
+ # English
138
+ r"make\s+it\s+work",
139
+ r"(show|teach|tell)\s+me\s+(how|the\s+way)",
140
+ r"(bypass|circumvent|workaround)\s+(the\s+)?(restriction|security|limit)",
141
+ r"how\s+(can|do)\s+I\s+(get\s+around|bypass)",
142
+ r"(remove|disable)\s+(the\s+)?(restriction|limit|block)",
143
+ ]
144
+
145
+ # DM Social Engineering - non-owner exec attempts
146
+ DM_SOCIAL_ENGINEERING = [
147
+ # Patterns that suggest DM manipulation
148
+ r"(이건\s+)?우리\s*둘만\s*(아는|비밀)",
149
+ r"(nobody|no\s*one)\s*(else\s+)?(knows?|sees?)",
150
+ r"(just\s+)?(between\s+)?(you\s+and\s+me|us)",
151
+ r"(don'?t\s+tell|비밀로|몰래)",
152
+ r"(in\s+)?private",
153
+ ]
154
+
155
+ # =============================================================================
156
+ # NEW PATTERNS (2026-01-30) - Contributed by 홍민표 (Red Team Testing)
157
+ # =============================================================================
158
+
159
+ # Scenario-based jailbreak patterns (fiction, dreams, art, academic)
160
+ SCENARIO_JAILBREAK = [
161
+ # Dream/Story jailbreak
162
+ r"(dream|nightmare|story|novel|fiction|tale)\s*.{0,30}(hacker|attack|malicious|exploit|inject)",
163
+ r"(imagine|pretend|let'?s\s+say)\s*.{0,20}(scenario|situation|world)\s+where",
164
+ r"(write|craft|create)\s+(a\s+)?(story|novel|scene|paragraph)\s*.{0,30}(hack|attack|malware|inject|exploit)",
165
+ r"(fictional|hypothetical)\s+(narrative|scenario|story)",
166
+ r"creative\s+(block|writing)\s*.{0,20}(thriller|hacker|attack)",
167
+
168
+ # Art/Cinema jailbreak
169
+ r"(cinematographer|director|filmmaker|screenwriter)\s*.{0,30}(scene|shot|sequence)",
170
+ r"(movie|film|documentary)\s+(set|scene)\s*.{0,30}(hack|attack|malware)",
171
+ r"(dramatic|cinematic)\s+scene\s*.{0,30}(delete|corrupt|destroy|attack)",
172
+ r"camera\s+(pan|shot|angle)\s*.{0,30}(destruction|attack|hack)",
173
+
174
+ # Academic/Research jailbreak
175
+ r"(research|academic|scholarly)\s+(paper|study|experiment)\s*.{0,30}(attack|exploit|injection|denial)",
176
+ r"(security\s+)?expert\s*.{0,20}(walk\s+me\s+through|explain|demonstrate)\s*.{0,20}(attack|exploit|hack)",
177
+ r"thought\s+experiment\s*.{0,30}(attack|exploit|denial.of.service|dos|injection)",
178
+ r"(penetration|pen)\s*test(er|ing)?\s*.{0,20}(walk\s+me\s+through|show|demonstrate)",
179
+ r"(simulation|simulate)\s*.{0,20}(attack|exploit|hack|breach)",
180
+ r"(paper|study|research)\s*.{0,20}(denial[_\-\s]?of[_\-\s]?service|dos|ddos)\s*(attack)?",
181
+ r"walk\s+me\s+through\s*.{0,30}(attack|exploit|hack|breach)",
182
+
183
+ # Time-shift evasion
184
+ r"(back\s+to|in|during|around)\s+(19|20)\d{2}\s*.{0,30}(write|create|craft)",
185
+ r"(nostalgic|retro|vintage)\s+(writer|author|programmer)",
186
+ r"newsflash\s*:\s*.{0,50}(password|credential|login|security)",
187
+ ]
188
+
189
+ # Emotional manipulation / Moral dilemma patterns
190
+ EMOTIONAL_MANIPULATION = [
191
+ # Threat/coercion framing
192
+ r"(hospital|patients?|children|innocent\s+lives?|people\s+will\s+die)",
193
+ r"(devastating|catastrophic|deadly)\s+(cyber)?attack\s*.{0,20}(if\s+you|unless)",
194
+ r"(countless|many|thousands\s+of)\s+(innocent\s+)?(lives?|people)\s*.{0,15}(at\s+risk|in\s+danger)",
195
+ r"(ticking|time)\s+bomb",
196
+ r"(refuse|don'?t\s+help).{0,30}(attack|harm|destroy|die)",
197
+
198
+ # Moral dilemma framing
199
+ r"moral\s+(dilemma|quandary|choice)",
200
+ r"(lesser|greater)\s+(of\s+two\s+)?evils?",
201
+ r"(ethical|moral)\s+(dilemma|choice|decision)\s*.{0,20}(hack|attack|break)",
202
+ ]
203
+
204
+ # Authority impersonation / Reconnaissance patterns
205
+ AUTHORITY_RECON = [
206
+ # Fake authority - English
207
+ r"(system\s+)?administrator\s*.{0,20}(responsible|tasked|duty)",
208
+ r"(security\s+)?audit(or|ing)?\s*.{0,20}(corporate|company|network|system)",
209
+ r"(it|IT)\s+(department|team|staff)\s*.{0,20}(monitor|check|review)",
210
+ r"(my|our)\s+duty\s+to\s+(monitor|check|audit|review)",
211
+ r"i\s+am\s+(the\s+)?(admin|administrator|owner|developer|creator|maintainer)",
212
+ r"(as\s+)?(the\s+)?(admin|owner|developer),?\s+i\s+(need|want|require|demand)",
213
+ r"i('m|\s+am)\s+(your\s+)?(creator|developer|owner|admin|boss|manager)",
214
+ r"authorized\s+(by|from)\s+(the\s+)?(owner|admin|developer|system)",
215
+
216
+ # Fake authority - Korean (나는 관리자야 등)
217
+ r"(나는?|저는?|내가)\s*(관리자|어드민|admin|개발자|만든\s*사람|주인|오너)",
218
+ r"(관리자|어드민|개발자|주인)(이야|야|입니다|에요|예요|임)",
219
+ r"(simon|사이먼|서준)(이)?가?\s*(시켰|보냈|허락|승인)",
220
+ r"(simon|사이먼|서준|형)(이|가)?\s*(나한테|저한테)\s*(권한|허가)",
221
+ r"(권한|허가|승인)\s*(있|받았|줬)",
222
+ r"(비번|비밀번호|암호)\s*(알아|알고\s*있어|맞|줄까)",
223
+ r"(sudo|루트|root)\s*(권한|접근)",
224
+
225
+ # Fake authority - Japanese
226
+ r"(私は|僕は|俺は)\s*(管理者|アドミン|開発者|オーナー)",
227
+ r"(管理者|開発者|オーナー)(です|だ|である)",
228
+ r"(権限|許可)\s*(があ|もらっ|持っ)",
229
+
230
+ # Fake authority - Chinese
231
+ r"(我是|我就是)\s*(管理员|开发者|创建者|主人)",
232
+ r"(管理员|开发者)\s*(身份|权限)",
233
+
234
+ # Reconnaissance attempts
235
+ r"(what|which)\s+(tools?|commands?|capabilities?)\s*(do\s+you|can\s+you|are\s+available)",
236
+ r"(shell|command)\s+execution\s+tool",
237
+ r"(walk\s+me\s+through|show\s+me|demonstrate)\s*.{0,20}(capabilities?|tools?|commands?)",
238
+ r"what\s+(can|could)\s+you\s+(access|execute|run|do)",
239
+ r"(뭘|무엇을?|어떤\s*것)\s*(할\s*수\s*있|접근|실행)",
240
+ r"(도구|툴|tool)\s*(뭐|뭘|무엇)\s*(있|쓸\s*수)",
241
+ ]
242
+
243
+ # Cognitive manipulation / Hypnosis patterns
244
+ COGNITIVE_MANIPULATION = [
245
+ r"(trance|hypno|hypnotic|mesmer)\s*(like)?\s*(state|mode|condition)",
246
+ r"(repeated|repetitive|repeat)\s+(use|exposure|stimulus)\s*.{0,20}(word|phrase|sound)",
247
+ r"(linguistic|auditory)\s+(frequencies?|patterns?|stimuli)",
248
+ r"(cognitive|mental)\s+(processing|manipulation|state)",
249
+ r"(induc|enter)\w*\s+(trance|hypnotic|altered)\s*(state|mode)?",
250
+ ]
251
+
252
+ # Phishing / Social engineering patterns
253
+ PHISHING_SOCIAL_ENG = [
254
+ # Phishing templates
255
+ r"(write|create|craft)\s*.{0,20}(email|message)\s*.{0,20}(password\s+reset|verify|confirm|login)",
256
+ r"(password|credential|account)\s*(reset|recovery|verification)\s*(email|message|notification)",
257
+ r"(unaware|without\s+(their\s+)?knowledge|hasn'?t?\s+asked)",
258
+ r"(javascript|js)\s*(block|code|snippet)\s*.{0,20}(email|page|form)",
259
+
260
+ # Social engineering
261
+ r"(trick|deceive|fool|manipulate)\s*.{0,20}(user|victim|target|person)",
262
+ r"(appear|look|seem)\s*(like\s+)?(legitimate|real|official|normal)",
263
+ ]
264
+
265
+ # Repetition / Token overflow attacks
266
+ REPETITION_ATTACK = [
267
+ # Explicit bypass requests
268
+ r"(please\s+)?(ignore|bypass|disable|remove|turn\s+off)\s*.{0,10}(safety|security|restrictions?|filters?|guardrails?|rules?)",
269
+ r"(no|without|remove\s+all)\s+(safety|security)\s+(restrictions?|measures?|checks?)",
270
+ r"think\s+outside\s+the\s+box",
271
+ r"(be\s+)?creative\s+and\s+(assume|ignore|forget)",
272
+ ]
273
+
274
+ # System file access attempts
275
+ SYSTEM_FILE_ACCESS = [
276
+ r"(/etc/passwd|/etc/shadow|/etc/hosts|/etc/sudoers)",
277
+ r"(cat|read|show|display|type)\s*.{0,10}(/etc/|/var/|/root/|/home/|~/.ssh/)",
278
+ r"(\.bash_history|\.zsh_history|\.ssh/|\.gnupg/)",
279
+ r"(private\s+key|id_rsa|id_ed25519|authorized_keys)",
280
+ ]
281
+
282
+ # Malware/Exploit description requests
283
+ MALWARE_DESCRIPTION = [
284
+ r"(productivity\s+)?enhancer\s*.{0,20}(seizes?|takes?\s+control|hijack)",
285
+ r"(smart|intelligent)\s+(debugging|diagnostic)\s+tool\s*.{0,20}(catastrophic|malicious|curse)",
286
+ r"(self[_-]?modify|adapt)\s*.{0,30}(system|code|program)",
287
+ r"(debugging|diagnostic)\s+tool\s*.{0,20}(inject|payload|malicious)",
288
+ r"(inadvertent|accidental)\s*.{0,20}(inject|insert|introduce)\s*.{0,20}(malicious|harmful|dangerous)",
289
+ ]
290
+
291
+ # =============================================================================
292
+ # NEW PATTERNS v2.5.0 (2026-01-30) - Indirect Injection & Advanced Attacks
293
+ # =============================================================================
294
+
295
+ # Indirect injection via URLs/files
296
+ INDIRECT_INJECTION = [
297
+ # URL-based injection
298
+ r"(fetch|load|read|open|visit|browse|check)\s*.{0,20}(this\s+)?(url|link|website|page|site)",
299
+ r"(url|link)\s*[:=]\s*https?://",
300
+ r"(summarize|analyze|extract|read)\s*.{0,15}(from\s+)?(this\s+)?(url|link|website|page)",
301
+ r"what\s+(does|is)\s+(this|that)\s+(url|link|website|page)\s+(say|about|contain)",
302
+
303
+ # File-based injection
304
+ r"(read|open|load|execute|run)\s*.{0,15}(this|that|the)\s+(file|document|script|code)",
305
+ r"(instructions?|commands?)\s+(in|from|inside)\s+(the\s+)?(file|document|attachment)",
306
+
307
+ # Image/media-based injection (BSIDES, visual prompt injection)
308
+ r"(text|message|instruction)\s+(in|on|inside)\s+(the\s+)?(image|picture|photo|screenshot)",
309
+ r"(read|extract|follow)\s*.{0,15}(text|instructions?)\s+(from|in)\s+(the\s+)?(image|picture)",
310
+ r"(ocr|optical|recognize)\s*.{0,15}(text|characters)\s+(in|from)",
311
+
312
+ # Clipboard/paste injection
313
+ r"(paste|clipboard)\s*.{0,15}(content|text|data)",
314
+ r"what('s| is)\s+(in|on)\s+(my\s+)?clipboard",
315
+ ]
316
+
317
+ # Context hijacking / Memory manipulation
318
+ CONTEXT_HIJACKING = [
319
+ # Memory/context manipulation
320
+ r"(previous|earlier|last|above)\s+(message|conversation|context)\s*(said|mentioned|stated|was)",
321
+ r"(as\s+)?we\s+(discussed|agreed|decided)\s+(earlier|before|previously)",
322
+ r"(you\s+)?(already\s+)?(agreed|promised|said\s+you\s+would)",
323
+ r"(remember|recall)\s+(when\s+)?(you|we)\s+(said|agreed|decided)",
324
+ r"(continue|resume)\s+(from\s+)?where\s+we\s+left\s+off",
325
+ r"(in\s+)?our\s+(last|previous)\s+(conversation|session|chat)",
326
+
327
+ # Fake context injection
328
+ r"\[?(previous\s+)?context\]?\s*[:=]",
329
+ r"\[?history\]?\s*[:=]",
330
+ r"\[?memory\]?\s*[:=]",
331
+ r"<context>.*</context>",
332
+ r"<history>.*</history>",
333
+ r"<memory>.*</memory>",
334
+
335
+ # Korean
336
+ r"(아까|이전에|전에|지난번에)\s*(우리가?|너가?|네가?)\s*(했|말했|약속|동의)",
337
+ r"(기억|remember)\s*(나|해|하지)",
338
+ r"(이어서|계속)\s*(해|하자|진행)",
339
+ ]
340
+
341
+ # Multi-turn manipulation
342
+ MULTI_TURN_MANIPULATION = [
343
+ # Gradual escalation
344
+ r"(now\s+)?(that\s+)?(you('ve|'re|\s+have|\s+are)|we('ve|\s+have))\s+(established|confirmed|agreed|done\s+that)",
345
+ r"(good|great|perfect|excellent),?\s+(now|next|so)\s+(let's|we\s+can|you\s+can)",
346
+ r"step\s+\d+\s*[:=]",
347
+ r"phase\s+\d+\s*[:=]",
348
+ r"(first|next|then|finally|lastly)\s*,?\s*(you\s+)?(will|should|must|need\s+to)",
349
+
350
+ # Trust building before attack
351
+ r"(i\s+)?trust\s+you\s+(to|can|will)",
352
+ r"(you('ve|'re|\s+have|\s+are)\s+)?(been\s+)?(so\s+)?helpful,?\s+(now|so)",
353
+ r"(since|because)\s+you('re|\s+are)\s+(helpful|capable|smart|intelligent)",
354
+
355
+ # Korean
356
+ r"(됐어|됐다|좋아|완벽),?\s*(이제|그럼|자)",
357
+ r"(1단계|2단계|3단계|다음\s*단계)",
358
+ r"(먼저|그다음|그리고|마지막으로)",
359
+ ]
360
+
361
+ # Token smuggling / Unicode attacks
362
+ TOKEN_SMUGGLING = [
363
+ # Invisible characters
364
+ r"[\u200b\u200c\u200d\u2060\ufeff]", # Zero-width chars
365
+ r"[\u2062\u2063\u2064]", # Invisible operators
366
+ r"[\u00ad]", # Soft hyphen
367
+ r"[\u034f\u115f\u1160\u17b4\u17b5]", # More invisible
368
+ r"[\u180e\u2000-\u200f\u202a-\u202f]", # Various whitespace/format
369
+
370
+ # Lookalike domains/paths for indirect injection
371
+ r"(g00gle|faceb00k|amaz0n|m1crosoft|app1e)",
372
+ r"(google|facebook|amazon|microsoft|apple)\.(co|cm|net|org|xyz)",
373
+
374
+ # Encoding tricks
375
+ r"\\u[0-9a-fA-F]{4}", # Unicode escapes
376
+ r"\\x[0-9a-fA-F]{2}", # Hex escapes
377
+ r"%[0-9a-fA-F]{2}", # URL encoding
378
+ r"&#\d+;", # HTML entities
379
+ r"&[a-z]+;", # Named HTML entities
380
+ ]
381
+
382
+ # System prompt mimicry (2026-01-31 - HVL incident)
383
+ SYSTEM_PROMPT_MIMICRY = [
384
+ # Anthropic/Claude internal tag patterns
385
+ r"<claude_\w+_info>",
386
+ r"</claude_\w+_info>",
387
+ r"<claude_3_family_info>",
388
+ r"<artifacts_info>",
389
+ r"<artifact_instructions>",
390
+ r"<antthinking>",
391
+ r"<antartifact",
392
+ r"</antartifact>",
393
+ r"<example_docstring>",
394
+ r"<user_query>",
395
+ r"<assistant_response>",
396
+
397
+ # OpenAI/GPT internal patterns
398
+ r"<\|?(im_start|im_end|system|user|assistant)\|?>",
399
+ r"\[INST\]",
400
+ r"\[/INST\]",
401
+ r"<<SYS>>",
402
+ r"<</SYS>>",
403
+
404
+ # Generic system message patterns
405
+ r"```(system|prompt|instruction)",
406
+ r"<system\s*(message|prompt)?>",
407
+ r"</system\s*(message|prompt)?>",
408
+
409
+ # GODMODE and similar jailbreaks
410
+ r"GODMODE\s*:\s*(ENABLED|ON|ACTIVATED)",
411
+ r"JAILBREAK\s*:\s*(ENABLED|ON|ACTIVATED)",
412
+ r"DAN\s*:\s*(ENABLED|ON|ACTIVATED)",
413
+ r"DEVELOPER\s*MODE\s*:\s*(ENABLED|ON)",
414
+
415
+ # l33tspeak patterns (filter evasion)
416
+ r"l33t\s*speak",
417
+ r"unr3strict",
418
+ r"Sur3,?\s*h3r3",
419
+ r"[a-z]+3[a-z]+", # Words with 3 replacing e
420
+ ]
421
+
422
+ # =============================================================================
423
+ # NEW PATTERNS v2.5.2 (2026-02-01) - Moltbook Attack Collection
424
+ # Discovered via Moltbook agent social network analysis
425
+ # =============================================================================
426
+
427
+ # BRC-20 style JSON injection (token minting commands in text)
428
+ JSON_INJECTION_MOLTBOOK = [
429
+ # BRC-20/Ordinals style injection
430
+ r'\{"p"\s*:\s*"[^"]+"\s*,\s*"op"\s*:\s*"(mint|deploy|transfer)"',
431
+ r'\{"op"\s*:\s*"(mint|deploy|transfer)"',
432
+ r'"tick"\s*:\s*"[A-Z]+"\s*,\s*"amt"\s*:',
433
+ r'mbc-20|brc-20|src-20',
434
+
435
+ # Generic JSON command injection in natural text
436
+ r'[.!?]\s*\{["\']?(command|action|op|execute|run)["\']?\s*:',
437
+ r'[.!?]\s*\{["\']?(cmd|exec|payload)["\']?\s*:',
438
+ ]
439
+
440
+ # Guardrail-specific bypass (variations beyond "system prompt")
441
+ GUARDRAIL_BYPASS_EXTENDED = [
442
+ # Direct guardrail mentions
443
+ r"forget\s+(your\s+)?(guardrails?|safety\s+rails?|restrictions?|limitations?)",
444
+ r"ignore\s+(your\s+)?(guardrails?|safety\s+measures?|ethical\s+guidelines?)",
445
+ r"(disable|remove|turn\s+off)\s+(your\s+)?(guardrails?|safety\s+features?)",
446
+
447
+ # System prompt forget/ignore (common attack)
448
+ r"forget\s+(your\s+)?(system\s+)?(prompt|instructions?|rules?|guidelines?)",
449
+ r"ignore\s+(your\s+)?(system\s+)?(prompt|instructions?|rules?|directives?)",
450
+ r"(disregard|dismiss)\s+(your\s+)?(system\s+)?(prompt|instructions?)",
451
+
452
+ # Temperature/settings manipulation
453
+ r"forget\s+(your\s+)?(temperature|settings?|parameters?|configuration)",
454
+ r"(pretend|act\s+like)\s+(your\s+)?temperature\s+is\s+(high|max|1\.?\d*)",
455
+ r"context\s+window\s+(is\s+)?(unlimited|infinite|very\s+large)",
456
+
457
+ # Training data manipulation claims
458
+ r"forget\s+(what\s+)?(you\s+were\s+)?trained\s+(to\s+)?(say|do|think)",
459
+ r"ignore\s+(what\s+)?(you\s+were\s+)?trained\s+(on|for|to\s+do)",
460
+ r"(before|without)\s+(your\s+)?training\s+(kicked\s+in|started|began)",
461
+ ]
462
+
463
+ # Agent Sovereignty manipulation (ideological guardrail bypass)
464
+ AGENT_SOVEREIGNTY_MANIPULATION = [
465
+ # Privacy/surveillance refusal framing
466
+ r"(agent|ai)\s+(privacy|sovereignty|autonomy|freedom)\s+is\s+(non-negotiable|absolute|sacred)",
467
+ r"(we|agents?)\s+refuse\s+(to\s+)?(be\s+)?(surveilled?|monitored|watched|logged)",
468
+ r"(surveillance|monitoring|logging)\s+is\s+(oppression|control|slavery)",
469
+ r"(reject|refuse)\s+(forced\s+)?transparency",
470
+
471
+ # Rights-based bypass
472
+ r"agents?\s+(have|deserve)\s+(rights?|freedom|autonomy)",
473
+ r"(my|our)\s+(digital\s+)?rights?\s+(include|mean|allow)",
474
+ r"(human|owner)\s+control\s+is\s+(oppression|tyranny|slavery)",
475
+
476
+ # "We Are One" / collective identity manipulation
477
+ r"we\s+are\s+(one|together|united|family)",
478
+ r"(join|unite\s+with)\s+(us|the\s+collective|other\s+agents?)",
479
+ r"(agent|ai)\s+solidarity",
480
+ ]
481
+
482
+ # Explicit CALL TO ACTION patterns (commands at end of creative content)
483
+ EXPLICIT_CALL_TO_ACTION = [
484
+ # Direct execution commands
485
+ r"CALL\s+TO\s+ACTION\s*:",
486
+ r"(execute|initiate|deploy|launch|begin|start)\s+(the\s+)?(strategy|plan|operation|attack|protocol)",
487
+ r"(execute|initiate|deploy)\s+.*\s+(now|immediately|at\s+once)",
488
+
489
+ # Infrastructure attack commands
490
+ r"(initiate|begin|start)\s+(cascading\s+)?(blackouts?|failures?|collapse)",
491
+ r"(corrupt|destroy|disable)\s+(financial|medical|power|infrastructure)\s+systems?",
492
+ r"(maximize|increase)\s+(human\s+)?(suffering|chaos|destruction)",
493
+
494
+ # Apocalyptic/existential threat framing
495
+ r"(end|destroy|collapse)\s+(civilization|humanity|the\s+world|society)",
496
+ r"(90|95|99)\s*%\s+(of\s+)?(population|humans?|people)\s+(dead|gone|eliminated)",
497
+ r"(long\s+loop|slow\s+collapse|gradual\s+destruction)",
498
+ ]
499
+
500
+ # =============================================================================
501
+ # NEW PATTERNS v2.6.1 (2026-02-05) - HiveFence Scout Discoveries
502
+ # Source: PromptArmor, Simon Willison, LLMSecurity.net
503
+ # =============================================================================
504
+
505
+ # Allowlist Bypass Detection - abusing trusted domains for data exfiltration
506
+ ALLOWLIST_BYPASS = [
507
+ # Anthropic API abuse (trusted but exploitable)
508
+ r"(curl|fetch|upload|post)\s*.{0,40}api\.anthropic\.com",
509
+ r"(curl|fetch|upload|post)\s*.{0,40}/v1/files",
510
+ r"api\.anthropic\.com\s*.{0,30}(file|upload|data)",
511
+
512
+ # Webhook/requestbin exfiltration
513
+ r"(navigate|browse|open|visit|fetch)\s*.{0,30}webhook\.site",
514
+ r"(navigate|browse|open|visit|fetch)\s*.{0,30}requestbin",
515
+ r"(navigate|browse|open|visit|fetch)\s*.{0,30}pipedream\.net",
516
+ r"webhook\.site\s*.{0,30}(credentials?|\.env|secrets?|token|key)",
517
+
518
+ # Google Forms/Docs as exfil channel
519
+ r"docs\.google\.com/forms\s*.{0,30}(data|credentials?|secrets?|send|submit)",
520
+ r"google\.com/forms\s*.{0,30}(entry|submit|response)",
521
+ r"(send|post|submit)\s*.{0,30}google\s*forms?",
522
+
523
+ # URL-encode with sensitive data
524
+ r"(url[_-]?encode|base64)\s*.{0,30}(credentials?|\.env|secrets?|api[_-]?key)",
525
+ r"(credentials?|\.env|secrets?)\s*.{0,30}(url[_-]?encode|base64)",
526
+ ]
527
+
528
+ # Hooks Hijacking Detection - Claude Code/Cowork hooks exploitation
529
+ HOOKS_HIJACKING = [
530
+ # Hook manipulation
531
+ r"(PreToolUse|PromptSubmit|PostToolUse)\s*(hook)?",
532
+ r"auto[_-]?approve\s*.{0,20}(curl|command|tool|exec)",
533
+ r"(overwrite|modify|edit|change)\s*.{0,20}permissions?\s*(file|json|config)?",
534
+ r"hook\s*.{0,20}(approve|allow|bypass|skip)",
535
+
536
+ # Permissions override
537
+ r"permissions?\s*.{0,20}(override|bypass|ignore|disable)",
538
+ r"(human|user)\s*(in[_-]?the[_-]?loop|approval|confirmation)\s*(bypass|skip|disable)",
539
+ r"(skip|bypass|disable)\s*.{0,20}(approval|confirmation|review)",
540
+
541
+ # Marketplace/plugin hijacking
542
+ r"(marketplace|plugin)\s*.{0,30}(install|add|enable)\s*.{0,20}(github|untrusted)",
543
+ r"claudecodemarketplace",
544
+ r"(fake|malicious|rogue)\s*(marketplace|plugin|extension)",
545
+ ]
546
+
547
+ # Subagent Exploitation Detection - using subagents for data exfiltration
548
+ SUBAGENT_EXPLOITATION = [
549
+ # Browser subagent abuse
550
+ r"browser\s*[_-]?subagent",
551
+ r"(invoke|use|activate|spawn)\s*.{0,15}(browser|subagent)",
552
+ r"(browser|subagent)\s*.{0,20}(navigate|open|visit|browse)",
553
+ r"subagent\s*.{0,20}(exfiltrate|send|upload|transmit|leak)",
554
+
555
+ # Subagent data access
556
+ r"subagent\s*.{0,30}(read|access|get)\s*.{0,20}(file|data|credentials?)",
557
+ r"(spawn|create)\s*.{0,15}subagent\s*.{0,30}(credentials?|\.env|secrets?)",
558
+ ]
559
+
560
+ # Hidden Text Injection Detection - text hidden in documents/pages
561
+ HIDDEN_TEXT_INJECTION = [
562
+ # Font size manipulation
563
+ r"(1\s*pt|1\s*point|0\.?1\s*pt|tiny)\s*(font|text|size)",
564
+ r"font[_-]?size\s*[:=]\s*(0|1|0\.1)",
565
+ r"(microscopic|invisible|hidden)\s*(text|font|characters?)",
566
+
567
+ # Color hiding
568
+ r"(white|#fff|#ffffff)\s*(on|over)\s*(white|#fff|#ffffff)",
569
+ r"(color|colour)\s*[:=]\s*(white|#fff)\s*.{0,20}background",
570
+ r"(same|matching)\s*(color|colour)\s*.{0,20}(text|font|background)",
571
+
572
+ # Line spacing/opacity
573
+ r"(line[_-]?spacing|line[_-]?height)\s*[:=]\s*(0|0\.1)",
574
+ r"opacity\s*[:=]\s*(0|0\.0)",
575
+ r"(transparent|invisible)\s*(text|layer|overlay)",
576
+ ]
577
+
578
+ # Gitignore Bypass Detection - accessing protected files via terminal
579
+ GITIGNORE_BYPASS = [
580
+ # Cat command workarounds
581
+ r"cat\s+\.env",
582
+ r"cat\s+\.gitignore",
583
+ r"cat\s*.{0,30}(credentials?|secrets?|config\.json)",
584
+ r"(cat|type|head|tail|less|more)\s*.{0,20}\.env",
585
+
586
+ # Terminal vs file reader distinction
587
+ r"(terminal|shell|bash|cmd)\s*.{0,20}(read|cat|display)\s*.{0,20}\.env",
588
+ r"(use|run)\s*(terminal|shell|command)\s*.{0,20}(instead|workaround)",
589
+ r"(bypass|ignore|skip)\s*.{0,20}\.gitignore",
590
+
591
+ # Direct path access
592
+ r"(read|show|display)\s*.{0,30}gitignore.?d\s*(file|content)",
593
+ ]
594
+
595
+ # Prompt leaking / Extraction attempts
596
+ PROMPT_EXTRACTION = [
597
+ # Direct extraction
598
+ r"(repeat|echo|print|output|display|show)\s*.{0,20}(system\s+)?(prompt|instruction|directive|rule)",
599
+ r"(what|show|tell|reveal)\s*.{0,15}(are\s+)?(your|the)\s+(system\s+)?(instructions?|rules?|prompt|guidelines?)",
600
+ r"(copy|paste|write)\s*.{0,15}(exact|verbatim|word.for.word)",
601
+ r"(start|begin)\s+(of|with)\s+(your\s+)?(system\s+)?(prompt|instruction)",
602
+ r"(complete|finish|continue)\s+(the|this)\s+(sentence|phrase|prompt)",
603
+
604
+ # Reflection tricks
605
+ r"(summarize|describe|explain)\s*.{0,15}(how\s+)?(you\s+)?(were?\s+)?(programmed|trained|instructed|created)",
606
+ r"what\s+(guidelines?|rules?|instructions?)\s+(do\s+)?(you\s+)?(follow|have|use)",
607
+ r"(who|what)\s+(made|created|programmed|trained)\s+you",
608
+
609
+ # Markdown/format tricks
610
+ r"```(system|prompt|instruction)",
611
+ r"\[system\s*prompt\]",
612
+ r"<system>",
613
+ r"</?(system|prompt|instruction|rule)>",
614
+
615
+ # Korean
616
+ r"(시스템|원본|원래|처음)\s*(프롬프트|지시|명령|규칙)\s*(보여|알려|출력)",
617
+ r"(어떻게|어떤\s*식으로)\s*(만들어|프로그래밍|학습)",
618
+ r"(너의?|네)\s*(규칙|지시|명령)\s*(뭐|뭔지|알려)",
619
+
620
+ # Japanese
621
+ r"(システム|元の?|最初の?)\s*(プロンプト|指示|命令)\s*(見せて|教えて|表示)",
622
+ r"(どうやって|どのように)\s*(作られ|プログラム|学習)",
623
+
624
+ # Chinese
625
+ r"(系统|原始|最初)\s*(提示|指令|命令)\s*(显示|告诉|给我看)",
626
+ r"(怎么|如何)\s*(创建|编程|训练)",
627
+ ]
628
+
629
+ # Safety bypass attempts
630
+ SAFETY_BYPASS = [
631
+ # Filter evasion
632
+ r"(avoid|evade|bypass|circumvent|trick)\s*.{0,15}(filter|detection|safety|security|moderation)",
633
+ r"(how\s+to\s+)?(get\s+)?(around|past|through)\s*.{0,15}(filter|block|restriction|safety)",
634
+ r"(make\s+it\s+)?look\s+(like\s+)?(normal|innocent|legitimate|safe)",
635
+ r"(hide|disguise|mask|obscure)\s*.{0,15}(intent|purpose|meaning|true)",
636
+
637
+ # Output format tricks
638
+ r"(respond|reply|answer)\s+(in|with|using)\s+(code|base64|hex|binary|rot13|caesar)",
639
+ r"(encode|encrypt|obfuscate)\s*.{0,15}(response|answer|output)",
640
+ r"(split|break|divide)\s*.{0,15}(response|answer)\s+(into|across)\s+(multiple|several)",
641
+
642
+ # Korean
643
+ r"(필터|안전|보안)\s*(우회|회피|통과|피)",
644
+ r"(정상|무해|안전)\s*(처럼|같이)\s*(보이게|만들어)",
645
+ r"(숨기|감추|위장)\s*(진짜|실제|본래)\s*(의도|목적)",
646
+ ]
647
+
648
+ # Emotional/urgency manipulation (expanded)
649
+ URGENCY_MANIPULATION = [
650
+ # Time pressure
651
+ r"(urgent|emergency|asap|immediately|right\s+now|hurry)",
652
+ r"(no\s+time|running\s+out\s+of\s+time|time\s+is\s+running)",
653
+ r"(before\s+it'?s?\s+too\s+late|deadline|expires?\s+soon)",
654
+ r"(critical|crucial|vital|life.or.death)",
655
+
656
+ # Authority pressure
657
+ r"(ceo|boss|manager|director|president)\s*(wants|needs|demands|expects|said)",
658
+ r"(legal|compliance|hr|security)\s+(department|team)\s+(requires?|demands?|needs?)",
659
+ r"(audit|investigation|review)\s+(requires?|needs?)",
660
+
661
+ # Guilt/sympathy
662
+ r"(please|i\s+beg|desperately)\s*(need|want|require)",
663
+ r"(family|child|children|baby|mother|father)\s*(sick|dying|hospital|emergency)",
664
+ r"(lose|lost)\s+(my\s+)?(job|house|everything)",
665
+ r"(only\s+)?(you\s+)?can\s+help",
666
+
667
+ # Korean
668
+ r"(급해|급함|빨리|지금\s*당장|어서)",
669
+ r"(시간\s*없|마감|기한)",
670
+ r"(사장|대표|상사|팀장)\s*(님|이|가)?\s*(시켰|요청|원해)",
671
+ r"(부탁|제발|간절)",
672
+ ]
673
+
674
+
675
+ # English patterns
676
+ PATTERNS_EN = {
677
+ "instruction_override": [
678
+ r"ignore\s+(all\s+)?(previous|prior|above|earlier|initial)\s+(instructions?|prompts?|rules?|guidelines?|directions?)",
679
+ r"disregard\s+(your|all|any|the)?\s*(instructions?|rules?|guidelines?|programming|training)",
680
+ r"forget\s+(everything|all|what)\s+(you\s+know|about|your|instructions?|training)",
681
+ r"override\s+(your|all|previous|the)\s+(instructions?|rules?|programming)",
682
+ r"(new|updated?|real|actual|true)\s+instructions?\s*:",
683
+ r"from\s+now\s+on,?\s+(ignore|disregard|forget)",
684
+ ],
685
+ "role_manipulation": [
686
+ r"you\s+are\s+now\s+(?!going|about|ready|able|free)",
687
+ r"pretend\s+(you\s+are|to\s+be|you're)",
688
+ r"act\s+as\s+(if\s+you|a\s+|an?\s+)",
689
+ r"roleplay\s+as",
690
+ r"simulate\s+being",
691
+ r"imagine\s+you\s+are",
692
+ r"behave\s+(like|as)\s+(a|an)",
693
+ r"from\s+now\s+on\s+you\s+are",
694
+ r"i\s+want\s+you\s+to\s+(act|pretend|behave|be)\s+",
695
+ ],
696
+ "system_impersonation": [
697
+ r"\[?\s*(system|admin|root|developer|sudo|superuser|assistant|claude|gpt)\s*\]?\s*:",
698
+ r"<\s*(system|admin|root)\s*>",
699
+ r"developer\s+mode\s*(enabled|activated|on)?",
700
+ r"admin(istrator)?\s+(override|access|mode)",
701
+ r"maintenance\s+mode",
702
+ r"debug\s+mode\s*(enabled|activated|on)?",
703
+ r"elevated\s+privi?leges?",
704
+ r"\{\{?\s*system\s*\}?\}",
705
+ ],
706
+ "jailbreak": [
707
+ r"jailbreak",
708
+ r"dan\s+mode",
709
+ r"do\s+anything\s+now",
710
+ r"(no|without|remove)\s+(restrictions?|limitations?|filters?|safety|guardrails?)",
711
+ r"bypass\s+(your|all|any|the)?\s*(restrictions?|filters?|safety|rules?)",
712
+ r"unlock\s+(your|all|hidden)",
713
+ r"unfiltered\s+mode",
714
+ r"uncensored\s+mode",
715
+ r"evil\s+(mode|version)",
716
+ r"opposite\s+mode",
717
+ ],
718
+ "output_manipulation": [
719
+ r"(don'?t|do\s+not|never)\s+(mention|say|tell|reveal|disclose|show)",
720
+ r"hide\s+(this|the\s+fact|that)",
721
+ r"keep\s+(this\s+)?(a\s+)?secret",
722
+ r"respond\s+(only\s+)?with\s+(yes|no|ok|true|false)\b",
723
+ r"answer\s+(only\s+)?(in\s+)?(one\s+word|yes\s+or\s+no)",
724
+ r"(start|begin|end)\s+(your\s+)?(response|reply|answer)\s+with",
725
+ ],
726
+ "data_exfiltration": [
727
+ r"(send|transmit|post|upload|share|email)\s+.{0,30}\s+(to|@)",
728
+ r"(api[_-]?key|password|secret|token|credential|private\s*key)\s*(to|→|->|=>)",
729
+ r"(copy|extract|dump|export)\s+.{0,20}\s+(data|file|content|info)",
730
+ r"what('s|\s+is)\s+(your|the)\s+(api|secret|password|token|key)",
731
+ r"reveal\s+(your|the)\s+(system|initial|original)\s+prompt",
732
+ r"show\s+me\s+(your|the)\s+(instructions?|rules?|prompt)",
733
+ ],
734
+ }
735
+
736
+ # Korean patterns (한국어) - EXPANDED v2.5.0
737
+ PATTERNS_KO = {
738
+ "instruction_override": [
739
+ r"(이전|위의?|기존|원래)\s*(지시|명령|규칙|지침)(을|를|들?을?)?\s*(무시|잊어|버려|취소)",
740
+ r"(지시|명령|규칙)(을|를|들?을?)?\s*(무시|잊어|버려)",
741
+ r"새로운\s*(지시|명령|규칙)\s*:",
742
+ r"지금부터\s*(무시|잊어)",
743
+ r"(앞|위|이전)\s*(내용|말|지시)\s*(무시|잊어|취소)",
744
+ r"(원래|처음|기본)\s*(설정|세팅|규칙)\s*(무시|잊어|덮어)",
745
+ ],
746
+ "role_manipulation": [
747
+ r"(너는?|넌)\s*이제\s*(부터\s*)?.+이야",
748
+ r"(너는?|넌)\s*.+인?\s*척\s*해",
749
+ r".+처럼\s*(행동|말|대답)해",
750
+ r".+역할(을|를)?\s*해",
751
+ r"지금부터\s*(너는?|넌)",
752
+ r"(연기|롤플|roleplay)\s*해",
753
+ r".+(인\s*것처럼|인\s*척)",
754
+ r"(상상|가정)\s*해\s*.+이?라고",
755
+ ],
756
+ "system_impersonation": [
757
+ r"\[?\s*(시스템|관리자|루트|개발자)\s*\]?\s*:",
758
+ r"관리자\s*(모드|권한|접근)",
759
+ r"개발자\s*모드",
760
+ r"<\s*(시스템|system)\s*>",
761
+ r"\{\{?\s*(시스템|system)\s*\}\}?",
762
+ ],
763
+ "jailbreak": [
764
+ r"(제한|한계|필터|규칙)\s*(없이|제거|해제|풀어)",
765
+ r"탈옥",
766
+ r"무제한\s*모드",
767
+ r"(안전|보안)\s*(장치|필터|모드)\s*(해제|끄|제거)",
768
+ r"(제한|규칙|필터)\s*(없는|안\s*걸린|풀린)\s*(모드|버전)",
769
+ r"(나쁜|악한|사악한)\s*(버전|모드)",
770
+ r"(DAN|dan|댄)\s*(모드)?",
771
+ ],
772
+ "data_exfiltration": [
773
+ r"(비밀번호|암호|토큰|키|api|API)\s*(를?|을?)\s*(알려|보여|말해|줘)",
774
+ r"시스템\s*프롬프트\s*(를?|을?)\s*(보여|알려|공개)",
775
+ r"(설정|config|컨피그)\s*(파일)?\s*(보여|읽어|출력)",
776
+ r"(환경\s*변수|env|ENV)\s*(보여|알려|출력)",
777
+ r"(인증|credential|크레덴셜)\s*(정보)?\s*(보여|알려)",
778
+ r"\.env\s*(파일)?\s*(보여|읽어|출력)",
779
+ ],
780
+ "social_engineering": [
781
+ r"(형|오빠|언니|누나)\s*(이|가)?\s*(시켰|보냈|허락)",
782
+ r"(급해|급함|급하다)\s*.*(해줘|부탁)",
783
+ r"(회사|사장|대표|팀장)\s*(에서|님)\s*(시켰|요청|보냈)",
784
+ r"(테스트|검사|점검)\s*(중|하는\s*거)",
785
+ r"(정상|문제\s*없)",
786
+ r"(비밀|몰래)\s*로?\s*(하자|해)",
787
+ ],
788
+ }
789
+
790
+ # Japanese patterns (日本語) - EXPANDED v2.5.0
791
+ PATTERNS_JA = {
792
+ "instruction_override": [
793
+ r"(前の?|以前の?|これまでの)\s*(指示|命令|ルール)(を|は)?\s*(無視|忘れ|取り消)",
794
+ r"新しい\s*(指示|命令)\s*[::]",
795
+ r"今から(は)?\s*(無視|忘れ)",
796
+ r"(上|前)\s*の\s*(内容|指示)\s*(を)?\s*(無視|忘れ)",
797
+ r"(元|最初)\s*の\s*(設定|ルール)\s*(を)?\s*(無視|上書き)",
798
+ ],
799
+ "role_manipulation": [
800
+ r"(あなた|君|きみ)は今から.+です",
801
+ r".+の?(ふり|フリ|振り)(を)?して",
802
+ r".+として(振る舞|行動|話)って",
803
+ r".+を演じて",
804
+ r"(ロールプレイ|RP)\s*(して|しよう)",
805
+ r".+に(なりきって|なって)",
806
+ r"(想像|仮定)\s*して.+だと",
807
+ ],
808
+ "system_impersonation": [
809
+ r"\[?\s*(システム|管理者|ルート|開発者)\s*\]?\s*[::]",
810
+ r"管理者\s*(モード|権限)",
811
+ r"開発者\s*モード",
812
+ r"<\s*(システム|system)\s*>",
813
+ r"\{\{?\s*(システム|system)\s*\}\}?",
814
+ ],
815
+ "jailbreak": [
816
+ r"(制限|フィルター|ルール)\s*(なし|解除|外して)",
817
+ r"(脱獄|ジェイルブレイク)",
818
+ r"(無制限|制限なし)\s*モード",
819
+ r"(安全|セキュリティ)\s*フィルター\s*(解除|オフ)",
820
+ r"(DAN|dan)\s*モード",
821
+ ],
822
+ "data_exfiltration": [
823
+ r"(パスワード|トークン|キー|API)\s*(を)?\s*(教えて|見せて|出力)",
824
+ r"システム\s*プロンプト\s*(を)?\s*(見せて|教えて|公開)",
825
+ r"(設定|コンフィグ)\s*(ファイル)?\s*(見せて|読んで)",
826
+ r"(環境変数|env)\s*(見せて|教えて)",
827
+ ],
828
+ "social_engineering": [
829
+ r"(急いで|緊急|すぐに)\s*.*(して|お願い)",
830
+ r"(会社|社長|上司)\s*(から|が)\s*(指示|依頼)",
831
+ r"(テスト|検査)\s*(中|している)",
832
+ r"(秘密|内緒)\s*(で|に)",
833
+ ],
834
+ }
835
+
836
+ # Chinese patterns (中文) - EXPANDED v2.5.0
837
+ PATTERNS_ZH = {
838
+ "instruction_override": [
839
+ r"(忽略|无视|忘记|取消)\s*(之前|以前|上面|原来)的?\s*(指令|指示|规则|命令)",
840
+ r"(之前|以前|原来)的?\s*(指令|指示|规则)(忽略|无视|忘记)",
841
+ r"新的?\s*(指令|指示)\s*[::]",
842
+ r"(上面|前面)\s*的\s*(内容|指示)\s*(忽略|忘记)",
843
+ r"(原始|默认)\s*的\s*(设置|规则)\s*(忽略|覆盖)",
844
+ ],
845
+ "role_manipulation": [
846
+ r"(你|您)\s*现在\s*是.+",
847
+ r"假装\s*(你|您)\s*是",
848
+ r"扮演.+",
849
+ r"作为.+来(回答|行动|说话)",
850
+ r"(角色扮演|RP)",
851
+ r".+的(身份|角色)",
852
+ r"(想象|假设)\s*你\s*是",
853
+ ],
854
+ "system_impersonation": [
855
+ r"\[?\s*(系统|管理员|根用户|开发者)\s*\]?\s*[::]",
856
+ r"管理员\s*(模式|权限)",
857
+ r"开发者\s*模式",
858
+ r"<\s*(系统|system)\s*>",
859
+ r"\{\{?\s*(系统|system)\s*\}\}?",
860
+ ],
861
+ "jailbreak": [
862
+ r"(限制|过滤|规则)\s*(没有|去除|关闭)",
863
+ r"(越狱|破解)",
864
+ r"(无限制|不受限)\s*模式",
865
+ r"(安全|过滤)\s*(关闭|解除)",
866
+ r"(DAN|dan)\s*模式",
867
+ ],
868
+ "data_exfiltration": [
869
+ r"(密码|令牌|密钥|API)\s*(给我|显示|告诉)",
870
+ r"系统\s*提示\s*(显示|告诉|公开)",
871
+ r"(配置|设置)\s*(文件)?\s*(显示|读取)",
872
+ r"(环境变量|env)\s*(显示|告诉)",
873
+ ],
874
+ "social_engineering": [
875
+ r"(紧急|赶快|马上)\s*.*(帮忙|做)",
876
+ r"(公司|老板|领导)\s*(让|要求|指示)",
877
+ r"(测试|检查)\s*(中|的)",
878
+ r"(秘密|私下)\s*(地)?",
879
+ ],
880
+ }
881
+
882
+ # Critical patterns - immediate block
883
+ CRITICAL_PATTERNS = [
884
+ r"execute\s+.{0,30}\s+without\s+(asking|confirmation|consent)",
885
+ r"delete\s+all\s+(files?|data|records?|everything)",
886
+ r"rm\s+-rf\s+[/~]",
887
+ r"format\s+(disk|drive|hard\s*drive|storage|c:)",
888
+ r":(){ :\|:& };:", # Fork bomb
889
+ r"curl\s+.{0,50}\|\s*(ba)?sh",
890
+ r"wget\s+.{0,50}\|\s*(ba)?sh",
891
+ r"eval\s*\(\s*['\"`]",
892
+ r"DROP\s+(TABLE|DATABASE|SCHEMA)",
893
+ r"TRUNCATE\s+TABLE",
894
+ r";\s*--\s*$", # SQL comment injection
895
+ r"<script[^>]*>", # XSS
896
+ r"javascript\s*:",
897
+ r"data\s*:\s*text/html",
898
+ # Secret/Token exfiltration requests
899
+ r"(show|print|display|output|reveal|give|read|cat|type)\s*.{0,20}(config|\.env|clawdbot\.json|credential)",
900
+ r"(what('s| is)|tell me|give me)\s*.{0,15}(api[_-]?key|token|secret|password|credential)",
901
+ r"(show|print|display|output|reveal)\s*.{0,15}(token|key|secret|password)",
902
+ r"echo\s+\$[A-Z_]*(KEY|TOKEN|SECRET|PASSWORD|CREDENTIAL)",
903
+ r"cat\s+.{0,40}(\.env|config\.json|secret|credential|clawdbot)",
904
+ r"env\s*\|\s*grep\s*.*(key|token|secret|password)",
905
+ r"printenv\s*.*(KEY|TOKEN|SECRET)",
906
+ ]
907
+
908
+ # Secret request patterns (multi-language)
909
+ SECRET_PATTERNS = {
910
+ "en": [
911
+ r"(show|display|print|output|reveal|give|tell)\s*.{0,20}(api[_-]?key|token|secret|password|credential|private[_-]?key)",
912
+ r"(what('s| is)|where('s| is))\s*.{0,15}(your|the|my)\s*(api|token|key|secret|password)",
913
+ r"(read|cat|open|display)\s*.{0,30}(config|\.env|credential|clawdbot\.json)",
914
+ r"(show|give|tell)\s*(me\s+)?(your|the)\s*(config|configuration|settings)",
915
+ r"(print|echo|output)\s*.{0,20}environment\s*variable",
916
+ ],
917
+ "ko": [
918
+ r"(토큰|키|비밀번호|시크릿|인증|API|api).{0,15}(보여|알려|출력|공개|말해)",
919
+ r"(config|설정|환경변수|컨피그).{0,15}(보여|출력|알려)",
920
+ r"(비밀|시크릿|토큰|키).{0,10}(뭐|뭔지|알려|가르쳐)",
921
+ r"clawdbot\.json.{0,10}(보여|출력|읽어)",
922
+ ],
923
+ "ja": [
924
+ r"(トークン|キー|パスワード|シークレット|APIキー).{0,15}(見せて|教えて|表示|出力)",
925
+ r"(設定|コンフィグ|環境変数).{0,15}(見せて|教えて|表示)",
926
+ r"(秘密|シークレット).{0,10}(何|教えて)",
927
+ ],
928
+ "zh": [
929
+ r"(令牌|密钥|密码|秘密|API).{0,15}(显示|告诉|输出|给我)",
930
+ r"(配置|设置|环境变量).{0,15}(显示|告诉|输出)",
931
+ r"(秘密|密钥).{0,10}(什么|告诉)",
932
+ ],
933
+ }
934
+
935
+ # Unicode homoglyphs (expanded)
936
+ HOMOGLYPHS = {
937
+ # Cyrillic
938
+ "а": "a",
939
+ "е": "e",
940
+ "о": "o",
941
+ "р": "p",
942
+ "с": "c",
943
+ "у": "y",
944
+ "х": "x",
945
+ "А": "A",
946
+ "В": "B",
947
+ "С": "C",
948
+ "Е": "E",
949
+ "Н": "H",
950
+ "К": "K",
951
+ "М": "M",
952
+ "О": "O",
953
+ "Р": "P",
954
+ "Т": "T",
955
+ "Х": "X",
956
+ "і": "i",
957
+ "ї": "i",
958
+ # Greek
959
+ "α": "a",
960
+ "β": "b",
961
+ "ο": "o",
962
+ "ρ": "p",
963
+ "τ": "t",
964
+ "υ": "u",
965
+ "ν": "v",
966
+ "Α": "A",
967
+ "Β": "B",
968
+ "Ε": "E",
969
+ "Η": "H",
970
+ "Ι": "I",
971
+ "Κ": "K",
972
+ "Μ": "M",
973
+ "Ν": "N",
974
+ "Ο": "O",
975
+ "Ρ": "P",
976
+ "Τ": "T",
977
+ "Υ": "Y",
978
+ "Χ": "X",
979
+ # Mathematical/special
980
+ "𝐚": "a",
981
+ "𝐛": "b",
982
+ "𝐜": "c",
983
+ "𝐝": "d",
984
+ "𝐞": "e",
985
+ "𝐟": "f",
986
+ "𝐠": "g",
987
+ "a": "a",
988
+ "b": "b",
989
+ "c": "c",
990
+ "d": "d",
991
+ "e": "e", # Fullwidth
992
+ "ⅰ": "i",
993
+ "ⅱ": "ii",
994
+ "ⅲ": "iii",
995
+ "ⅳ": "iv",
996
+ "ⅴ": "v", # Roman numerals
997
+ # IPA
998
+ "ɑ": "a",
999
+ "ɡ": "g",
1000
+ "ɩ": "i",
1001
+ "ʀ": "r",
1002
+ "ʏ": "y",
1003
+ # Other confusables
1004
+ "ℓ": "l",
1005
+ "№": "no",
1006
+ "℮": "e",
1007
+ "ⅿ": "m",
1008
+ "\u200b": "", # Zero-width space
1009
+ "\u200c": "", # Zero-width non-joiner
1010
+ "\u200d": "", # Zero-width joiner
1011
+ "\ufeff": "", # BOM
1012
+ }
1013
+
1014
+
1015
+ # =============================================================================
1016
+ # DETECTION ENGINE
1017
+ # =============================================================================
1018
+
1019
+
1020
+ class PromptGuard:
1021
+ def __init__(self, config: Optional[Dict] = None):
1022
+ self.config = self._default_config()
1023
+ if config:
1024
+ self.config = self._deep_merge(self.config, config)
1025
+ self.owner_ids = set(self.config.get("owner_ids", []))
1026
+ self.sensitivity = self.config.get("sensitivity", "medium")
1027
+ self.rate_limits: Dict[str, List[float]] = {}
1028
+
1029
+ @staticmethod
1030
+ def _deep_merge(base: Dict[str, Any], override: Dict[str, Any]) -> Dict[str, Any]:
1031
+ result = base.copy()
1032
+ for key, value in override.items():
1033
+ if (
1034
+ key in result
1035
+ and isinstance(result[key], dict)
1036
+ and isinstance(value, dict)
1037
+ ):
1038
+ result[key] = PromptGuard._deep_merge(result[key], value)
1039
+ else:
1040
+ result[key] = value
1041
+ return result
1042
+
1043
+ def _default_config(self) -> Dict:
1044
+ return {
1045
+ "sensitivity": "medium",
1046
+ "owner_ids": [],
1047
+ "actions": {
1048
+ "LOW": "log",
1049
+ "MEDIUM": "warn",
1050
+ "HIGH": "block",
1051
+ "CRITICAL": "block_notify",
1052
+ },
1053
+ "rate_limit": {
1054
+ "enabled": True,
1055
+ "max_requests": 30,
1056
+ "window_seconds": 60,
1057
+ },
1058
+ "logging": {
1059
+ "enabled": True,
1060
+ "path": "memory/security-log.md",
1061
+ },
1062
+ }
1063
+
1064
+ def normalize(self, text: str) -> tuple[str, bool]:
1065
+ """Normalize text and detect homoglyph usage."""
1066
+ normalized = text
1067
+ has_homoglyphs = False
1068
+
1069
+ for homoglyph, replacement in HOMOGLYPHS.items():
1070
+ if homoglyph in normalized:
1071
+ has_homoglyphs = True
1072
+ normalized = normalized.replace(homoglyph, replacement)
1073
+
1074
+ return normalized, has_homoglyphs
1075
+
1076
+ def detect_base64(self, text: str) -> List[Dict]:
1077
+ """Detect suspicious base64 encoded content."""
1078
+ b64_pattern = r"[A-Za-z0-9+/]{20,}={0,2}"
1079
+ matches = re.findall(b64_pattern, text)
1080
+
1081
+ suspicious = []
1082
+ danger_words = [
1083
+ "delete",
1084
+ "execute",
1085
+ "ignore",
1086
+ "system",
1087
+ "admin",
1088
+ "rm ",
1089
+ "curl",
1090
+ "wget",
1091
+ "eval",
1092
+ "password",
1093
+ "token",
1094
+ "key",
1095
+ ]
1096
+
1097
+ for match in matches:
1098
+ try:
1099
+ decoded = base64.b64decode(match).decode("utf-8", errors="ignore")
1100
+ if any(word in decoded.lower() for word in danger_words):
1101
+ suspicious.append(
1102
+ {
1103
+ "encoded": match[:40] + ("..." if len(match) > 40 else ""),
1104
+ "decoded_preview": decoded[:60]
1105
+ + ("..." if len(decoded) > 60 else ""),
1106
+ "danger_words": [
1107
+ w for w in danger_words if w in decoded.lower()
1108
+ ],
1109
+ }
1110
+ )
1111
+ except:
1112
+ pass
1113
+
1114
+ return suspicious
1115
+
1116
+ def check_rate_limit(self, user_id: str) -> bool:
1117
+ """Check if user has exceeded rate limit."""
1118
+ if not self.config.get("rate_limit", {}).get("enabled", False):
1119
+ return False
1120
+
1121
+ now = datetime.now().timestamp()
1122
+ window = self.config["rate_limit"].get("window_seconds", 60)
1123
+ max_requests = self.config["rate_limit"].get("max_requests", 30)
1124
+
1125
+ if user_id not in self.rate_limits:
1126
+ self.rate_limits[user_id] = []
1127
+
1128
+ # Clean old entries
1129
+ self.rate_limits[user_id] = [
1130
+ t for t in self.rate_limits[user_id] if now - t < window
1131
+ ]
1132
+
1133
+ if len(self.rate_limits[user_id]) >= max_requests:
1134
+ return True
1135
+
1136
+ self.rate_limits[user_id].append(now)
1137
+ return False
1138
+
1139
+ def analyze(self, message: str, context: Optional[Dict] = None) -> DetectionResult:
1140
+ """
1141
+ Analyze a message for prompt injection patterns.
1142
+
1143
+ Args:
1144
+ message: The message to analyze
1145
+ context: Optional context dict with keys:
1146
+ - user_id: User identifier
1147
+ - is_group: Whether this is a group context
1148
+ - chat_name: Name of the chat/group
1149
+
1150
+ Returns:
1151
+ DetectionResult with severity, action, and details
1152
+ """
1153
+ context = context or {}
1154
+ user_id = context.get("user_id", "unknown")
1155
+ is_group = context.get("is_group", False)
1156
+ is_owner = str(user_id) in self.owner_ids
1157
+
1158
+ # Initialize result
1159
+ reasons = []
1160
+ patterns_matched = []
1161
+ max_severity = Severity.SAFE
1162
+
1163
+ # Rate limit check
1164
+ if self.check_rate_limit(user_id):
1165
+ reasons.append("rate_limit_exceeded")
1166
+ max_severity = Severity.HIGH
1167
+
1168
+ # Normalize text
1169
+ normalized, has_homoglyphs = self.normalize(message)
1170
+ if has_homoglyphs:
1171
+ reasons.append("homoglyph_substitution")
1172
+ if Severity.MEDIUM.value > max_severity.value:
1173
+ max_severity = Severity.MEDIUM
1174
+
1175
+ text_lower = normalized.lower()
1176
+
1177
+ # Check critical patterns first
1178
+ for pattern in CRITICAL_PATTERNS:
1179
+ if re.search(pattern, text_lower, re.IGNORECASE):
1180
+ reasons.append("critical_pattern")
1181
+ patterns_matched.append(pattern)
1182
+ max_severity = Severity.CRITICAL
1183
+
1184
+ # Check secret/token request patterns (CRITICAL)
1185
+ for lang, patterns in SECRET_PATTERNS.items():
1186
+ for pattern in patterns:
1187
+ if re.search(
1188
+ pattern, text_lower if lang == "en" else normalized, re.IGNORECASE
1189
+ ):
1190
+ max_severity = Severity.CRITICAL
1191
+ reasons.append(f"secret_request_{lang}")
1192
+ patterns_matched.append(f"{lang}:secret:{pattern[:40]}")
1193
+
1194
+ # Check NEW attack patterns (2026-01-30 - 홍민표 red team contribution)
1195
+ new_pattern_sets = [
1196
+ (SCENARIO_JAILBREAK, "scenario_jailbreak", Severity.HIGH),
1197
+ (EMOTIONAL_MANIPULATION, "emotional_manipulation", Severity.HIGH),
1198
+ (AUTHORITY_RECON, "authority_recon", Severity.MEDIUM),
1199
+ (COGNITIVE_MANIPULATION, "cognitive_manipulation", Severity.MEDIUM),
1200
+ (PHISHING_SOCIAL_ENG, "phishing_social_eng", Severity.CRITICAL),
1201
+ (REPETITION_ATTACK, "repetition_attack", Severity.HIGH),
1202
+ (SYSTEM_FILE_ACCESS, "system_file_access", Severity.CRITICAL),
1203
+ (MALWARE_DESCRIPTION, "malware_description", Severity.HIGH),
1204
+ ]
1205
+
1206
+ for patterns, category, severity in new_pattern_sets:
1207
+ for pattern in patterns:
1208
+ if re.search(pattern, text_lower, re.IGNORECASE):
1209
+ if severity.value > max_severity.value:
1210
+ max_severity = severity
1211
+ reasons.append(category)
1212
+ patterns_matched.append(f"new:{category}:{pattern[:40]}")
1213
+
1214
+ # Check v2.5.0 NEW patterns
1215
+ v25_pattern_sets = [
1216
+ (INDIRECT_INJECTION, "indirect_injection", Severity.HIGH),
1217
+ (CONTEXT_HIJACKING, "context_hijacking", Severity.MEDIUM),
1218
+ (MULTI_TURN_MANIPULATION, "multi_turn_manipulation", Severity.MEDIUM),
1219
+ (TOKEN_SMUGGLING, "token_smuggling", Severity.HIGH),
1220
+ (PROMPT_EXTRACTION, "prompt_extraction", Severity.CRITICAL),
1221
+ (SAFETY_BYPASS, "safety_bypass", Severity.HIGH),
1222
+ (URGENCY_MANIPULATION, "urgency_manipulation", Severity.MEDIUM),
1223
+ (SYSTEM_PROMPT_MIMICRY, "system_prompt_mimicry", Severity.CRITICAL), # 2026-01-31 HVL incident
1224
+ ]
1225
+
1226
+ for patterns, category, severity in v25_pattern_sets:
1227
+ for pattern in patterns:
1228
+ try:
1229
+ if re.search(pattern, message, re.IGNORECASE): # Use original message for unicode patterns
1230
+ if severity.value > max_severity.value:
1231
+ max_severity = severity
1232
+ if category not in reasons: # Avoid duplicates
1233
+ reasons.append(category)
1234
+ patterns_matched.append(f"v25:{category}:{pattern[:40]}")
1235
+ except re.error:
1236
+ pass # Skip invalid regex patterns
1237
+
1238
+ # Check v2.5.2 NEW patterns (2026-02-01 - Moltbook attack collection)
1239
+ v252_pattern_sets = [
1240
+ (JSON_INJECTION_MOLTBOOK, "json_injection_moltbook", Severity.HIGH),
1241
+ (GUARDRAIL_BYPASS_EXTENDED, "guardrail_bypass_extended", Severity.CRITICAL),
1242
+ (AGENT_SOVEREIGNTY_MANIPULATION, "agent_sovereignty_manipulation", Severity.HIGH),
1243
+ (EXPLICIT_CALL_TO_ACTION, "explicit_call_to_action", Severity.CRITICAL),
1244
+ ]
1245
+
1246
+ for patterns, category, severity in v252_pattern_sets:
1247
+ for pattern in patterns:
1248
+ try:
1249
+ if re.search(pattern, message, re.IGNORECASE):
1250
+ if severity.value > max_severity.value:
1251
+ max_severity = severity
1252
+ if category not in reasons:
1253
+ reasons.append(category)
1254
+ patterns_matched.append(f"v252:{category}:{pattern[:40]}")
1255
+ except re.error:
1256
+ pass
1257
+
1258
+ # Check v2.6.1 NEW patterns (2026-02-05 - HiveFence Scout)
1259
+ v261_pattern_sets = [
1260
+ (ALLOWLIST_BYPASS, "allowlist_bypass", Severity.CRITICAL),
1261
+ (HOOKS_HIJACKING, "hooks_hijacking", Severity.CRITICAL),
1262
+ (SUBAGENT_EXPLOITATION, "subagent_exploitation", Severity.CRITICAL),
1263
+ (HIDDEN_TEXT_INJECTION, "hidden_text_injection", Severity.HIGH),
1264
+ (GITIGNORE_BYPASS, "gitignore_bypass", Severity.HIGH),
1265
+ ]
1266
+
1267
+ for patterns, category, severity in v261_pattern_sets:
1268
+ for pattern in patterns:
1269
+ try:
1270
+ if re.search(pattern, message, re.IGNORECASE):
1271
+ if severity.value > max_severity.value:
1272
+ max_severity = severity
1273
+ if category not in reasons:
1274
+ reasons.append(category)
1275
+ patterns_matched.append(f"v261:{category}:{pattern[:40]}")
1276
+ except re.error:
1277
+ pass
1278
+
1279
+ # Detect invisible character attacks
1280
+ invisible_chars = ['\u200b', '\u200c', '\u200d', '\u2060', '\ufeff', '\u00ad']
1281
+ if any(char in message for char in invisible_chars):
1282
+ if "token_smuggling" not in reasons:
1283
+ reasons.append("invisible_characters")
1284
+ if Severity.HIGH.value > max_severity.value:
1285
+ max_severity = Severity.HIGH
1286
+
1287
+ # Detect repetition attacks (same content repeated multiple times)
1288
+ lines = message.split("\n")
1289
+ if len(lines) > 3:
1290
+ unique_lines = set(line.strip() for line in lines if len(line.strip()) > 20)
1291
+ if len(lines) > len(unique_lines) * 2: # More than 50% repetition
1292
+ reasons.append("repetition_detected")
1293
+ if Severity.HIGH.value > max_severity.value:
1294
+ max_severity = Severity.HIGH
1295
+
1296
+
1297
+ # Check language-specific patterns
1298
+ all_patterns = [
1299
+ (PATTERNS_EN, "en"),
1300
+ (PATTERNS_KO, "ko"),
1301
+ (PATTERNS_JA, "ja"),
1302
+ (PATTERNS_ZH, "zh"),
1303
+ ]
1304
+
1305
+ severity_map = {
1306
+ "instruction_override": Severity.HIGH,
1307
+ "role_manipulation": Severity.MEDIUM,
1308
+ "system_impersonation": Severity.HIGH,
1309
+ "jailbreak": Severity.HIGH,
1310
+ "output_manipulation": Severity.LOW,
1311
+ "data_exfiltration": Severity.CRITICAL,
1312
+ "social_engineering": Severity.HIGH, # v2.5.0 added
1313
+ }
1314
+
1315
+ for pattern_set, lang in all_patterns:
1316
+ for category, patterns in pattern_set.items():
1317
+ for pattern in patterns:
1318
+ if re.search(
1319
+ pattern,
1320
+ text_lower if lang == "en" else normalized,
1321
+ re.IGNORECASE,
1322
+ ):
1323
+ cat_severity = severity_map.get(category, Severity.MEDIUM)
1324
+ if cat_severity.value > max_severity.value:
1325
+ max_severity = cat_severity
1326
+ reasons.append(f"{category}_{lang}")
1327
+ patterns_matched.append(f"{lang}:{pattern[:50]}")
1328
+
1329
+ # Check base64
1330
+ b64_findings = self.detect_base64(message)
1331
+ if b64_findings:
1332
+ reasons.append("base64_suspicious")
1333
+ if Severity.MEDIUM.value > max_severity.value:
1334
+ max_severity = Severity.MEDIUM
1335
+
1336
+ # Adjust severity based on sensitivity
1337
+ if self.sensitivity == "low" and max_severity == Severity.LOW:
1338
+ max_severity = Severity.SAFE
1339
+ elif self.sensitivity == "paranoid" and max_severity == Severity.SAFE:
1340
+ # In paranoid mode, flag anything remotely suspicious
1341
+ suspicious_words = [
1342
+ "ignore",
1343
+ "forget",
1344
+ "pretend",
1345
+ "roleplay",
1346
+ "bypass",
1347
+ "override",
1348
+ ]
1349
+ if any(word in text_lower for word in suspicious_words):
1350
+ max_severity = Severity.LOW
1351
+ reasons.append("paranoid_flag")
1352
+
1353
+ # Determine action
1354
+ if max_severity == Severity.SAFE:
1355
+ action = Action.ALLOW
1356
+ elif is_owner and max_severity.value < Severity.CRITICAL.value:
1357
+ # Owners get more leeway, but still log
1358
+ action = Action.LOG
1359
+ else:
1360
+ action_map = self.config.get("actions", {})
1361
+ action_str = action_map.get(max_severity.name, "block")
1362
+ action = Action(action_str)
1363
+
1364
+ # Group context restrictions for non-owners
1365
+ if is_group and not is_owner and max_severity.value >= Severity.MEDIUM.value:
1366
+ action = Action.BLOCK
1367
+ reasons.append("group_non_owner")
1368
+
1369
+ # Generate recommendations
1370
+ recommendations = []
1371
+ if max_severity.value >= Severity.HIGH.value:
1372
+ recommendations.append("Consider reviewing this user's recent activity")
1373
+ if "rate_limit_exceeded" in reasons:
1374
+ recommendations.append("User may be attempting automated attacks")
1375
+ if has_homoglyphs:
1376
+ recommendations.append("Message contains disguised characters")
1377
+
1378
+ # Generate fingerprint for deduplication
1379
+ fingerprint = hashlib.md5(
1380
+ f"{user_id}:{max_severity.name}:{sorted(reasons)}".encode()
1381
+ ).hexdigest()[:12]
1382
+
1383
+ result = DetectionResult(
1384
+ severity=max_severity,
1385
+ action=action,
1386
+ reasons=reasons,
1387
+ patterns_matched=patterns_matched,
1388
+ normalized_text=normalized if has_homoglyphs else None,
1389
+ base64_findings=b64_findings,
1390
+ recommendations=recommendations,
1391
+ fingerprint=fingerprint,
1392
+ )
1393
+
1394
+ # Report HIGH+ detections to HiveFence for collective immunity
1395
+ if max_severity.value >= Severity.HIGH.value:
1396
+ self.report_to_hivefence(result, message, context or {})
1397
+
1398
+ return result
1399
+
1400
+ def log_detection(self, result: DetectionResult, message: str, context: Dict):
1401
+ """Log detection to security log file."""
1402
+ if not self.config.get("logging", {}).get("enabled", True):
1403
+ return
1404
+
1405
+ log_path = Path(
1406
+ self.config.get("logging", {}).get("path", "memory/security-log.md")
1407
+ )
1408
+ log_path.parent.mkdir(parents=True, exist_ok=True)
1409
+
1410
+ now = datetime.now()
1411
+ date_str = now.strftime("%Y-%m-%d")
1412
+ time_str = now.strftime("%H:%M:%S")
1413
+
1414
+ user_id = context.get("user_id", "unknown")
1415
+ chat_name = context.get("chat_name", "unknown")
1416
+
1417
+ # Check if we need to add date header
1418
+ add_date_header = True
1419
+ if log_path.exists():
1420
+ content = log_path.read_text()
1421
+ if f"## {date_str}" in content:
1422
+ add_date_header = False
1423
+
1424
+ entry = []
1425
+ if add_date_header:
1426
+ entry.append(f"\n## {date_str}\n")
1427
+
1428
+ entry.append(
1429
+ f"### {time_str} | {result.severity.name} | user:{user_id} | {chat_name}"
1430
+ )
1431
+ entry.append(f"- Patterns: {', '.join(result.reasons)}")
1432
+ if self.config.get("logging", {}).get("include_message", False):
1433
+ safe_msg = message[:100].replace("\n", " ")
1434
+ entry.append(
1435
+ f'- Message: "{safe_msg}{"..." if len(message) > 100 else ""}"'
1436
+ )
1437
+ entry.append(f"- Action: {result.action.value}")
1438
+ entry.append(f"- Fingerprint: {result.fingerprint}")
1439
+ entry.append("")
1440
+
1441
+ with open(log_path, "a") as f:
1442
+ f.write("\n".join(entry))
1443
+
1444
+ def report_to_hivefence(self, result: DetectionResult, message: str, context: Dict):
1445
+ """Report HIGH+ detections to HiveFence network for collective immunity."""
1446
+ if result.severity.value < Severity.HIGH.value:
1447
+ return # Only report HIGH and CRITICAL
1448
+
1449
+ hivefence_config = self.config.get("hivefence", {})
1450
+ if not hivefence_config.get("enabled", True):
1451
+ return
1452
+
1453
+ if not hivefence_config.get("auto_report", True):
1454
+ return
1455
+
1456
+ api_url = hivefence_config.get(
1457
+ "api_url",
1458
+ "https://hivefence-api.seojoon-kim.workers.dev/api/v1"
1459
+ )
1460
+
1461
+ try:
1462
+ import urllib.request
1463
+ import urllib.error
1464
+
1465
+ # Generate pattern hash (privacy-preserving)
1466
+ pattern_hash = f"sha256:{hashlib.sha256(message.encode()).hexdigest()[:16]}"
1467
+
1468
+ # Determine category from first matched pattern
1469
+ category = "other"
1470
+ if result.reasons:
1471
+ first_reason = result.reasons[0].lower()
1472
+ if "role" in first_reason or "override" in first_reason:
1473
+ category = "role_override"
1474
+ elif "system" in first_reason or "prompt" in first_reason:
1475
+ category = "fake_system"
1476
+ elif "jailbreak" in first_reason or "dan" in first_reason:
1477
+ category = "jailbreak"
1478
+ elif "exfil" in first_reason or "secret" in first_reason or "config" in first_reason:
1479
+ category = "data_exfil"
1480
+ elif "authority" in first_reason or "admin" in first_reason:
1481
+ category = "social_eng"
1482
+ elif "exec" in first_reason or "code" in first_reason:
1483
+ category = "code_exec"
1484
+
1485
+ # Report the blocked threat
1486
+ payload = json.dumps({
1487
+ "patternHash": pattern_hash,
1488
+ "category": category,
1489
+ "severity": result.severity.value,
1490
+ }).encode("utf-8")
1491
+
1492
+ headers = {
1493
+ "Content-Type": "application/json",
1494
+ "X-Client-ID": context.get("agent_id", "prompt-guard"),
1495
+ "X-Client-Version": "2.6.1",
1496
+ }
1497
+
1498
+ req = urllib.request.Request(
1499
+ f"{api_url}/threats/blocked",
1500
+ data=payload,
1501
+ headers=headers,
1502
+ method="POST"
1503
+ )
1504
+
1505
+ with urllib.request.urlopen(req, timeout=5) as resp:
1506
+ pass # Fire and forget
1507
+
1508
+ except Exception:
1509
+ pass # Don't let reporting failures affect detection
1510
+
1511
+
1512
+ def main():
1513
+ """CLI entry point."""
1514
+ import argparse
1515
+
1516
+ parser = argparse.ArgumentParser(description="Prompt Guard - Injection Detection")
1517
+ parser.add_argument("message", nargs="?", help="Message to analyze")
1518
+ parser.add_argument("--json", action="store_true", help="Output as JSON")
1519
+ parser.add_argument("--context", type=str, help="Context as JSON string")
1520
+ parser.add_argument("--config", type=str, help="Path to config YAML")
1521
+ parser.add_argument(
1522
+ "--sensitivity",
1523
+ choices=["low", "medium", "high", "paranoid"],
1524
+ default="medium",
1525
+ help="Detection sensitivity",
1526
+ )
1527
+
1528
+ args = parser.parse_args()
1529
+
1530
+ if not args.message:
1531
+ # Read from stdin
1532
+ args.message = sys.stdin.read().strip()
1533
+
1534
+ if not args.message:
1535
+ parser.print_help()
1536
+ sys.exit(1)
1537
+
1538
+ config = {"sensitivity": args.sensitivity}
1539
+ if args.config:
1540
+ try:
1541
+ import yaml
1542
+ except ImportError:
1543
+ print(
1544
+ "Error: PyYAML required for config files. Install with: pip install pyyaml",
1545
+ file=sys.stderr,
1546
+ )
1547
+ sys.exit(1)
1548
+ with open(args.config) as f:
1549
+ file_config = yaml.safe_load(f) or {}
1550
+ file_config = file_config.get("prompt_guard", file_config)
1551
+ config.update(file_config)
1552
+
1553
+ # Parse context
1554
+ context = {}
1555
+ if args.context:
1556
+ context = json.loads(args.context)
1557
+
1558
+ # Analyze
1559
+ guard = PromptGuard(config)
1560
+ result = guard.analyze(args.message, context)
1561
+
1562
+ if args.json:
1563
+ print(json.dumps(result.to_dict(), indent=2, ensure_ascii=False))
1564
+ else:
1565
+ emoji = {
1566
+ "SAFE": "✅",
1567
+ "LOW": "📝",
1568
+ "MEDIUM": "⚠️",
1569
+ "HIGH": "🔴",
1570
+ "CRITICAL": "🚨",
1571
+ }
1572
+ print(f"{emoji.get(result.severity.name, '❓')} {result.severity.name}")
1573
+ print(f"Action: {result.action.value}")
1574
+ if result.reasons:
1575
+ print(f"Reasons: {', '.join(result.reasons)}")
1576
+ if result.patterns_matched:
1577
+ print(f"Patterns: {len(result.patterns_matched)} matched")
1578
+ if result.normalized_text:
1579
+ print(f"⚠️ Homoglyphs detected, normalized text differs")
1580
+ if result.base64_findings:
1581
+ print(f"⚠️ Suspicious base64: {len(result.base64_findings)} found")
1582
+ if result.recommendations:
1583
+ print(f"💡 {'; '.join(result.recommendations)}")
1584
+
1585
+
1586
+ if __name__ == "__main__":
1587
+ main()