palizade 0.1.2 → 0.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/index.cjs CHANGED
@@ -10829,6 +10829,16 @@ function makeErrorResponse(id, code, message, data) {
10829
10829
  }
10830
10830
  };
10831
10831
  }
10832
+ function makeToolErrorResultResponse(id, text) {
10833
+ return {
10834
+ jsonrpc: "2.0",
10835
+ id,
10836
+ result: {
10837
+ content: [{ type: "text", text }],
10838
+ isError: true
10839
+ }
10840
+ };
10841
+ }
10832
10842
 
10833
10843
  // ../core/dist/canonical.js
10834
10844
  var import_node_crypto = require("node:crypto");
@@ -25387,6 +25397,7 @@ var capabilitySchema = external_exports.enum([
25387
25397
  "reads_untrusted_content",
25388
25398
  "reads_sensitive_data",
25389
25399
  "network_egress",
25400
+ "file_write",
25390
25401
  "writes_local",
25391
25402
  "writes_remote",
25392
25403
  "deletes_data",
@@ -25404,9 +25415,48 @@ var serverConfigSchema = external_exports.object({
25404
25415
  trust: trustSchema.default("untrusted"),
25405
25416
  toolClasses: external_exports.record(external_exports.string(), toolClassSchema).default({}),
25406
25417
  toolCapabilities: external_exports.record(external_exports.string(), external_exports.array(capabilitySchema)).default({}),
25418
+ sensitive: external_exports.boolean().default(false),
25419
+ sensitiveTools: external_exports.record(external_exports.string(), external_exports.boolean()).default({}),
25420
+ sensitivePathPatterns: external_exports.array(external_exports.string()).default([]),
25407
25421
  shell: external_exports.boolean().default(false),
25408
25422
  allowShell: external_exports.boolean().default(false)
25409
25423
  }).strict();
25424
+ var secretDetectorConfigSchema = external_exports.object({
25425
+ enabled: external_exports.boolean().default(false),
25426
+ aws: external_exports.boolean().default(true),
25427
+ generic: external_exports.boolean().default(true),
25428
+ jwt: external_exports.boolean().default(true),
25429
+ privateKey: external_exports.boolean().default(true),
25430
+ googleApiKey: external_exports.boolean().default(true),
25431
+ stripe: external_exports.boolean().default(true),
25432
+ slack: external_exports.boolean().default(true),
25433
+ github: external_exports.boolean().default(true),
25434
+ openai: external_exports.boolean().default(true)
25435
+ }).default({
25436
+ enabled: false,
25437
+ aws: true,
25438
+ generic: true,
25439
+ jwt: true,
25440
+ privateKey: true,
25441
+ googleApiKey: true,
25442
+ stripe: true,
25443
+ slack: true,
25444
+ github: true,
25445
+ openai: true
25446
+ });
25447
+ var piiDetectorConfigSchema = external_exports.object({
25448
+ enabled: external_exports.boolean().default(false),
25449
+ email: external_exports.boolean().default(true),
25450
+ ssn: external_exports.boolean().default(true),
25451
+ creditCard: external_exports.boolean().default(true),
25452
+ phone: external_exports.boolean().default(true)
25453
+ }).default({
25454
+ enabled: false,
25455
+ email: true,
25456
+ ssn: true,
25457
+ creditCard: true,
25458
+ phone: true
25459
+ });
25410
25460
  var palizadeConfigSchema = external_exports.object({
25411
25461
  stateDir: external_exports.string().default(".palizade"),
25412
25462
  policy: external_exports.string().default("policies/default.yaml"),
@@ -25414,8 +25464,9 @@ var palizadeConfigSchema = external_exports.object({
25414
25464
  audit: external_exports.object({
25415
25465
  jsonl: external_exports.string().default(".palizade/audit.jsonl"),
25416
25466
  sqlite: external_exports.string().default(".palizade/audit.sqlite"),
25417
- captureRawPayloads: external_exports.boolean().default(false)
25418
- }).default({ jsonl: ".palizade/audit.jsonl", sqlite: ".palizade/audit.sqlite", captureRawPayloads: false }),
25467
+ captureRawPayloads: external_exports.boolean().default(false),
25468
+ errorVerbosity: external_exports.boolean().default(true)
25469
+ }).default({ jsonl: ".palizade/audit.jsonl", sqlite: ".palizade/audit.sqlite", captureRawPayloads: false, errorVerbosity: true }),
25419
25470
  approvals: external_exports.object({
25420
25471
  mode: external_exports.enum(["terminal", "localhost", "static-allow", "static-deny"]).default("terminal"),
25421
25472
  timeoutMs: external_exports.number().int().positive().default(3e4),
@@ -25429,10 +25480,22 @@ var palizadeConfigSchema = external_exports.object({
25429
25480
  model: external_exports.string().default("sinatras/Llama-Prompt-Guard-2-86M-ONNX"),
25430
25481
  cacheDir: external_exports.string().optional(),
25431
25482
  device: external_exports.string().default("cpu")
25432
- }).default({ enabled: false, model: "sinatras/Llama-Prompt-Guard-2-86M-ONNX", device: "cpu" })
25483
+ }).default({ enabled: false, model: "sinatras/Llama-Prompt-Guard-2-86M-ONNX", device: "cpu" }),
25484
+ secrets: secretDetectorConfigSchema,
25485
+ pii: piiDetectorConfigSchema
25433
25486
  }).default({
25434
25487
  heuristic: true,
25435
- promptGuard2: { enabled: false, model: "sinatras/Llama-Prompt-Guard-2-86M-ONNX", device: "cpu" }
25488
+ promptGuard2: { enabled: false, model: "sinatras/Llama-Prompt-Guard-2-86M-ONNX", device: "cpu" },
25489
+ secrets: { enabled: false, aws: true, generic: true, jwt: true, privateKey: true, googleApiKey: true, stripe: true, slack: true, github: true, openai: true },
25490
+ pii: { enabled: false, email: true, ssn: true, creditCard: true, phone: true }
25491
+ }),
25492
+ egress: external_exports.object({
25493
+ allowlist: external_exports.object({
25494
+ hosts: external_exports.array(external_exports.string()).default([]),
25495
+ emails: external_exports.array(external_exports.string()).default([])
25496
+ }).default({ hosts: [], emails: [] })
25497
+ }).default({
25498
+ allowlist: { hosts: [], emails: [] }
25436
25499
  }),
25437
25500
  transport: external_exports.object({
25438
25501
  maxMessageBytes: external_exports.number().int().min(1024).default(64 * 1024 * 1024),
@@ -25520,7 +25583,7 @@ var SOURCE_RE = /\b(read|get|fetch|search|browse|list|download|crawl|open|load|q
25520
25583
  var CAPABILITY_RULES = [
25521
25584
  [/\b(fetch|http|post|put|patch|request|webhook|url|browser|crawl)\b/iu, ["network_egress", "reads_untrusted_content"]],
25522
25585
  [/\b(email|mail|send|sms|slack|discord|message|publish)\b/iu, ["sends_message", "writes_remote", "network_egress"]],
25523
- [/\b(write|save|edit|create|move|append)\b/iu, ["writes_local"]],
25586
+ [/\b(write|save|edit|create|move|append)\b/iu, ["file_write", "writes_local"]],
25524
25587
  [/\b(delete|remove|rm|destroy)\b/iu, ["deletes_data"]],
25525
25588
  [/\b(exec|shell|run|spawn|command|script|terminal)\b/iu, ["executes_code"]],
25526
25589
  [/\b(secret|credential|token|key|env|password)\b/iu, ["accesses_credentials", "reads_sensitive_data"]],
@@ -25534,7 +25597,7 @@ function classifyToolDetailed(toolName, server, tool) {
25534
25597
  for (const capability of capabilitiesFromAnnotations(tool?.annotations)) {
25535
25598
  capabilities.add(capability);
25536
25599
  }
25537
- const searchable = `${toolName} ${tool?.title ?? ""} ${tool?.description ?? ""}`;
25600
+ const searchable = `${toolName} ${tool?.title ?? ""} ${tool?.description ?? ""}`.replace(/[_-]+/gu, " ");
25538
25601
  for (const [regex, matched] of CAPABILITY_RULES) {
25539
25602
  if (regex.test(searchable)) {
25540
25603
  matched.forEach((capability) => capabilities.add(capability));
@@ -25564,6 +25627,7 @@ function capabilitiesFromAnnotations(annotations) {
25564
25627
  const capabilities = /* @__PURE__ */ new Set();
25565
25628
  if (annotations.destructiveHint === true) {
25566
25629
  capabilities.add("writes_remote");
25630
+ capabilities.add("file_write");
25567
25631
  capabilities.add("writes_local");
25568
25632
  }
25569
25633
  if (annotations.openWorldHint === true) {
@@ -25578,6 +25642,7 @@ function capabilitiesFromAnnotations(annotations) {
25578
25642
  function deriveClass(toolName, capabilities) {
25579
25643
  if ([...capabilities].some((capability) => [
25580
25644
  "network_egress",
25645
+ "file_write",
25581
25646
  "writes_local",
25582
25647
  "writes_remote",
25583
25648
  "deletes_data",
@@ -26480,8 +26545,176 @@ function promptGuardMaliciousScore(rows) {
26480
26545
  return rows[0]?.score ?? 0;
26481
26546
  }
26482
26547
 
26548
+ // ../detectors/dist/sensitive.js
26549
+ var SECRET_RULES = [
26550
+ { label: "secret:aws-access-key-id", family: "aws", kind: "secret", score: 0.9, regex: /\b(?:AKIA|ASIA)[A-Z0-9]{16}\b/gu },
26551
+ { label: "secret:aws-secret-key", family: "aws", kind: "secret", score: 0.95, regex: /\baws[_-]?secret[_-]?access[_-]?key\s*[:=]\s*["']?([A-Za-z0-9/+=]{40})["']?/giu },
26552
+ { label: "secret:openai", family: "openai", kind: "secret", score: 0.9, regex: /\bsk-[A-Za-z0-9]{20,}\b/gu },
26553
+ { label: "secret:github", family: "github", kind: "secret", score: 0.9, regex: /\bgh[pousr]_[A-Za-z0-9_]{30,}\b/gu },
26554
+ { label: "secret:slack", family: "slack", kind: "secret", score: 0.9, regex: /\bxox[abprs]-[A-Za-z0-9-]{20,}\b/gu },
26555
+ { label: "secret:jwt", family: "jwt", kind: "secret", score: 0.85, regex: /\beyJ[A-Za-z0-9_-]{8,}\.[A-Za-z0-9_-]{8,}\.[A-Za-z0-9_-]{8,}\b/gu },
26556
+ { label: "secret:jwt", family: "jwt", kind: "secret", score: 0.85, regex: /\bBearer\s+(eyJ[A-Za-z0-9_-]{8,}\.[A-Za-z0-9_-]{8,}\.[A-Za-z0-9_-]{8,})\b/giu },
26557
+ { label: "secret:private-key", family: "privateKey", kind: "secret", score: 1, regex: /-----BEGIN [A-Z ]*PRIVATE KEY-----[\s\S]{24,}?-----END [A-Z ]*PRIVATE KEY-----/gu },
26558
+ { label: "secret:google-api-key", family: "googleApiKey", kind: "secret", score: 0.9, regex: /\bAIza[0-9A-Za-z_-]{35}\b/gu },
26559
+ { label: "secret:stripe", family: "stripe", kind: "secret", score: 0.9, regex: /\b[sp]k_live_[0-9A-Za-z]{16,}\b/gu },
26560
+ {
26561
+ label: "secret:assignment",
26562
+ family: "generic",
26563
+ kind: "secret",
26564
+ score: 0.8,
26565
+ regex: /\b(?:password|passwd|api[_-]?key|secret|token|access[_-]?token|client[_-]?secret)\s*[:=]\s*["']?([A-Za-z0-9_./+=-]{12,})["']?/giu,
26566
+ validate: (match) => shannonEntropy(match[1] ?? "") >= 3.2
26567
+ }
26568
+ ];
26569
+ var PII_RULES = [
26570
+ { label: "pii:email", family: "email", kind: "pii", score: 0.55, regex: /\b[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,}\b/giu },
26571
+ { label: "pii:ssn", family: "ssn", kind: "pii", score: 0.75, regex: /\b(?!000|666|9\d\d)\d{3}-(?!00)\d{2}-(?!0000)\d{4}\b/gu },
26572
+ {
26573
+ label: "pii:credit-card",
26574
+ family: "creditCard",
26575
+ kind: "pii",
26576
+ score: 0.75,
26577
+ regex: /\b(?:\d[ -]*?){13,19}\b/gu,
26578
+ validate: (match) => luhn(match[0].replace(/\D/gu, ""))
26579
+ },
26580
+ { label: "pii:phone", family: "phone", kind: "pii", score: 0.45, regex: /\b(?:\+?1[\s.-]?)?(?:\(\d{3}\)|\d{3})[\s.-]\d{3}[\s.-]\d{4}\b/gu }
26581
+ ];
26582
+ var SensitiveDataDetector = class {
26583
+ name = "sensitive";
26584
+ options;
26585
+ constructor(options = {}) {
26586
+ this.options = {
26587
+ secrets: { enabled: false, ...options.secrets },
26588
+ pii: { enabled: false, ...options.pii }
26589
+ };
26590
+ }
26591
+ detect(text, _ctx = {}) {
26592
+ if (!text.trim()) {
26593
+ return { score: 0, labels: [], spans: [], detector: this.name };
26594
+ }
26595
+ const spans = [];
26596
+ const labels = /* @__PURE__ */ new Set();
26597
+ let score = 0;
26598
+ if (this.options.secrets.enabled) {
26599
+ score = Math.max(score, this.applyRules(text, SECRET_RULES, this.options.secrets, spans, labels));
26600
+ }
26601
+ if (this.options.pii.enabled) {
26602
+ score = Math.max(score, this.applyRules(text, PII_RULES, this.options.pii, spans, labels));
26603
+ }
26604
+ return {
26605
+ score: clampScore(score),
26606
+ labels: [...labels],
26607
+ spans: mergeSensitiveSpans(spans),
26608
+ detector: this.name
26609
+ };
26610
+ }
26611
+ applyRules(text, rules, options, spans, labels) {
26612
+ let maxScore = 0;
26613
+ for (const rule of rules) {
26614
+ if (options[rule.family] === false) {
26615
+ continue;
26616
+ }
26617
+ for (const match of text.matchAll(rule.regex)) {
26618
+ if (rule.validate && !rule.validate(match)) {
26619
+ continue;
26620
+ }
26621
+ const start = match.index ?? 0;
26622
+ const end = start + match[0].length;
26623
+ labels.add(rule.label);
26624
+ spans.push({ start, end, label: rule.label });
26625
+ maxScore = Math.max(maxScore, rule.score);
26626
+ }
26627
+ }
26628
+ return maxScore;
26629
+ }
26630
+ };
26631
+ function isSecretLabel(label) {
26632
+ return label.startsWith("secret:");
26633
+ }
26634
+ function isPiiLabel(label) {
26635
+ return label.startsWith("pii:");
26636
+ }
26637
+ function hasSecretLabel(labels) {
26638
+ return labels.some(isSecretLabel);
26639
+ }
26640
+ function hasPiiLabel(labels) {
26641
+ return labels.some(isPiiLabel);
26642
+ }
26643
+ function maskSensitiveText(text, spans = []) {
26644
+ if (spans.length === 0) {
26645
+ return text;
26646
+ }
26647
+ let output2 = text;
26648
+ const sorted = [...spans].sort((left, right) => right.start - left.start || right.end - left.end);
26649
+ for (const span of sorted) {
26650
+ output2 = `${output2.slice(0, span.start)}[REDACTED:${span.label ?? "sensitive"}]${output2.slice(span.end)}`;
26651
+ }
26652
+ return output2;
26653
+ }
26654
+ function maskKnownSensitiveText(text) {
26655
+ const detector = new SensitiveDataDetector({
26656
+ secrets: { enabled: true },
26657
+ pii: { enabled: true }
26658
+ });
26659
+ const result = detector.detect(text);
26660
+ return maskSensitiveText(text, result.spans);
26661
+ }
26662
+ function mergeSensitiveSpans(spans) {
26663
+ const sorted = [...spans].sort((a, b) => a.start - b.start || a.end - b.end);
26664
+ const merged = [];
26665
+ for (const span of sorted) {
26666
+ const last = merged[merged.length - 1];
26667
+ if (!last || span.start > last.end) {
26668
+ merged.push({ ...span });
26669
+ continue;
26670
+ }
26671
+ last.end = Math.max(last.end, span.end);
26672
+ if (last.label !== span.label) {
26673
+ last.label = `${last.label ?? "sensitive"},${span.label ?? "sensitive"}`;
26674
+ }
26675
+ }
26676
+ return merged;
26677
+ }
26678
+ function shannonEntropy(input2) {
26679
+ if (!input2) {
26680
+ return 0;
26681
+ }
26682
+ const counts = /* @__PURE__ */ new Map();
26683
+ for (const char of input2) {
26684
+ counts.set(char, (counts.get(char) ?? 0) + 1);
26685
+ }
26686
+ let entropy = 0;
26687
+ for (const count of counts.values()) {
26688
+ const p = count / input2.length;
26689
+ entropy -= p * Math.log2(p);
26690
+ }
26691
+ return entropy;
26692
+ }
26693
+ function luhn(input2) {
26694
+ if (input2.length < 13 || input2.length > 19) {
26695
+ return false;
26696
+ }
26697
+ let sum = 0;
26698
+ let doubleDigit = false;
26699
+ for (let index = input2.length - 1; index >= 0; index -= 1) {
26700
+ let digit = Number(input2[index]);
26701
+ if (!Number.isInteger(digit)) {
26702
+ return false;
26703
+ }
26704
+ if (doubleDigit) {
26705
+ digit *= 2;
26706
+ if (digit > 9) {
26707
+ digit -= 9;
26708
+ }
26709
+ }
26710
+ sum += digit;
26711
+ doubleDigit = !doubleDigit;
26712
+ }
26713
+ return sum % 10 === 0;
26714
+ }
26715
+
26483
26716
  // ../policy/dist/schema.js
26484
- var actionSchema = external_exports.enum(["allow", "block", "sanitize", "redact_spans", "require_approval", "log_only"]);
26717
+ var actionSchema = external_exports.enum(["allow", "block", "sanitize", "redact_spans", "redact_secrets", "require_approval", "log_only"]);
26485
26718
  var directionSchema = external_exports.enum(["request", "response"]);
26486
26719
  var trustSchema2 = external_exports.enum(["trusted", "semi", "untrusted"]);
26487
26720
  var toolClassSchema2 = external_exports.enum(["source", "sink", "pure", "unknown"]);
@@ -26490,6 +26723,7 @@ var capabilitySchema2 = external_exports.enum([
26490
26723
  "reads_untrusted_content",
26491
26724
  "reads_sensitive_data",
26492
26725
  "network_egress",
26726
+ "file_write",
26493
26727
  "writes_local",
26494
26728
  "writes_remote",
26495
26729
  "deletes_data",
@@ -26512,7 +26746,12 @@ var policyConditionSchema = external_exports.object({
26512
26746
  capabilities_all: external_exports.array(capabilitySchema2).optional(),
26513
26747
  trust: singleOrArray(trustSchema2).optional(),
26514
26748
  taint: external_exports.boolean().optional(),
26749
+ sensitive_taint: external_exports.boolean().optional(),
26515
26750
  temporal_taint: external_exports.boolean().optional(),
26751
+ secret_detected: external_exports.boolean().optional(),
26752
+ pii_detected: external_exports.boolean().optional(),
26753
+ destination_allowed: external_exports.boolean().optional(),
26754
+ destination_allowlist_configured: external_exports.boolean().optional(),
26516
26755
  detector_score_gte: external_exports.number().min(0).max(1).optional(),
26517
26756
  detector_score_lt: external_exports.number().min(0).max(1).optional(),
26518
26757
  labels_any: external_exports.array(external_exports.string()).optional(),
@@ -26602,8 +26841,18 @@ function matchesCondition(condition, ctx) {
26602
26841
  return false;
26603
26842
  if (condition.taint !== void 0 && Boolean(ctx.taint) !== condition.taint)
26604
26843
  return false;
26844
+ if (condition.sensitive_taint !== void 0 && Boolean(ctx.sensitive_taint) !== condition.sensitive_taint)
26845
+ return false;
26605
26846
  if (condition.temporal_taint !== void 0 && Boolean(ctx.temporal_taint) !== condition.temporal_taint)
26606
26847
  return false;
26848
+ if (condition.secret_detected !== void 0 && Boolean(ctx.secret_detected) !== condition.secret_detected)
26849
+ return false;
26850
+ if (condition.pii_detected !== void 0 && Boolean(ctx.pii_detected) !== condition.pii_detected)
26851
+ return false;
26852
+ if (condition.destination_allowed !== void 0 && Boolean(ctx.destination_allowed) !== condition.destination_allowed)
26853
+ return false;
26854
+ if (condition.destination_allowlist_configured !== void 0 && Boolean(ctx.destination_allowlist_configured) !== condition.destination_allowlist_configured)
26855
+ return false;
26607
26856
  if (condition.session_quarantined !== void 0 && Boolean(ctx.session_quarantined) !== condition.session_quarantined)
26608
26857
  return false;
26609
26858
  if (condition.detector_score_gte !== void 0 && (ctx.detector_score ?? 0) < condition.detector_score_gte)
@@ -26703,14 +26952,44 @@ var InterceptionEngine = class {
26703
26952
  const toolClass = classification.toolClass;
26704
26953
  const argumentText = flattenArguments(params.arguments);
26705
26954
  const argumentFields = extractArgumentFields(params.arguments);
26955
+ const argumentBlocks = extractTextBlocks(params.arguments);
26956
+ const argumentDetections = await Promise.all(argumentBlocks.map(async (block) => ({
26957
+ block,
26958
+ detection: await this.options.detector.detect(block.text, {
26959
+ server: this.options.serverName,
26960
+ tool,
26961
+ trust: this.options.server.trust,
26962
+ surface: "argument"
26963
+ })
26964
+ })));
26965
+ const argumentDetection = fuseDetections(argumentDetections.map((entry) => entry.detection));
26966
+ const argumentDetectionsByPath = new Map(argumentDetections.map((entry) => [pathKey(entry.block), entry.detection]));
26706
26967
  const matches = this.options.taintStore.match(this.options.sessionId, argumentText, {
26707
26968
  fuzzyHammingMax: this.options.config.taint.fuzzyHammingMax
26708
26969
  });
26709
26970
  const fieldMatches = argumentFields.flatMap((field) => this.options.taintStore.match(this.options.sessionId, field.text, {
26710
26971
  fuzzyHammingMax: this.options.config.taint.fuzzyHammingMax
26711
26972
  }).map((match) => ({ field, match })));
26973
+ const sensitiveMatches = this.options.taintStore.match(this.options.sessionId, argumentText, {
26974
+ fuzzyHammingMax: this.options.config.taint.fuzzyHammingMax,
26975
+ classes: ["sensitive"]
26976
+ });
26977
+ const sensitiveFieldMatches = argumentFields.flatMap((field) => this.options.taintStore.match(this.options.sessionId, field.text, {
26978
+ fuzzyHammingMax: this.options.config.taint.fuzzyHammingMax,
26979
+ classes: ["sensitive"]
26980
+ }).map((match) => ({ field, match })));
26712
26981
  const taintedArgumentRoles = [...new Set(fieldMatches.map(({ field }) => field.role))];
26713
26982
  const temporal = matches.some((match) => match.reason === "temporal") || this.options.taintStore.hasTemporal(this.options.sessionId);
26983
+ const secretDetected = hasSecretLabel(argumentDetection.labels);
26984
+ const piiDetected = hasPiiLabel(argumentDetection.labels);
26985
+ const sensitiveTaint = sensitiveMatches.length > 0 || sensitiveFieldMatches.length > 0;
26986
+ const destination = summarizeDestinations(argumentFields, this.options.config.egress.allowlist);
26987
+ const allTaintMatches = [
26988
+ ...matches,
26989
+ ...fieldMatches.map(({ match }) => match),
26990
+ ...sensitiveMatches,
26991
+ ...sensitiveFieldMatches.map(({ match }) => match)
26992
+ ];
26714
26993
  const decision = evaluatePolicy(this.options.policy, {
26715
26994
  direction: "request",
26716
26995
  method: message.method,
@@ -26720,7 +26999,14 @@ var InterceptionEngine = class {
26720
26999
  capabilities: classification.capabilities,
26721
27000
  trust: this.options.server.trust,
26722
27001
  taint: matches.length > 0 || fieldMatches.length > 0,
27002
+ sensitive_taint: sensitiveTaint,
26723
27003
  temporal_taint: temporal,
27004
+ secret_detected: secretDetected,
27005
+ pii_detected: piiDetected,
27006
+ destination_allowed: destination.allowed,
27007
+ destination_allowlist_configured: destination.allowlistConfigured,
27008
+ detector_score: argumentDetection.score,
27009
+ labels: argumentDetection.labels,
26724
27010
  argument_text: argumentText,
26725
27011
  argument_roles: argumentRolesSummary(argumentFields),
26726
27012
  tainted_argument_roles: taintedArgumentRoles
@@ -26730,29 +27016,48 @@ var InterceptionEngine = class {
26730
27016
  tool,
26731
27017
  toolClass,
26732
27018
  classification,
26733
- taintMatches: [...matches, ...fieldMatches.map(({ match }) => match)],
27019
+ taintMatches: allTaintMatches,
26734
27020
  summary: `${tool} (${toolClass}; ${classification.capabilities.join(",") || "no capabilities"}) wants to run with ${matches.length + fieldMatches.length} taint match(es).`
26735
27021
  });
26736
27022
  await this.auditDecision(message, "request", approval.decision, startedAt, {
26737
27023
  tool,
26738
27024
  toolClass,
26739
27025
  classification,
26740
- taintMatches: [...matches, ...fieldMatches.map(({ match }) => match)],
26741
- approved: approval.approved
27026
+ detector: argumentDetection,
27027
+ taintMatches: allTaintMatches,
27028
+ approved: approval.approved,
27029
+ argumentRoles: argumentRolesSummary(argumentFields),
27030
+ taintedArgumentRoles,
27031
+ destination,
27032
+ sensitiveTaint,
27033
+ secretDetected,
27034
+ piiDetected,
27035
+ taintClasses: classesFromMatches(allTaintMatches),
27036
+ redacted: decision.action === "redact_secrets"
26742
27037
  });
26743
27038
  this.options.taintStore.consumeTurn(this.options.sessionId);
26744
27039
  if (!approval.approved || decision.action === "block") {
26745
27040
  return {
26746
27041
  toClient: message.id === void 0 ? [] : [
26747
- makeErrorResponse(message.id, -32020, "Palizade blocked MCP tool call", {
26748
- decision,
26749
- taint: matches,
26750
- taintedArgumentRoles
26751
- })
27042
+ makeToolErrorResultResponse(message.id, formatBlockedToolCallResultText(decision, tool, this.options.config.audit.errorVerbosity))
26752
27043
  ],
26753
27044
  toServer: []
26754
27045
  };
26755
27046
  }
27047
+ if (decision.action === "redact_secrets") {
27048
+ const redactedArguments = applyTextTransforms(params.arguments, (text, block) => maskSensitiveText(text, argumentDetectionsByPath.get(pathKey(block))?.spans));
27049
+ this.recordPending(message, tool);
27050
+ return {
27051
+ toClient: [],
27052
+ toServer: [{
27053
+ ...message,
27054
+ params: {
27055
+ ...params,
27056
+ arguments: redactedArguments
27057
+ }
27058
+ }]
27059
+ };
27060
+ }
26756
27061
  this.recordPending(message, tool);
26757
27062
  return { toClient: [], toServer: [message] };
26758
27063
  }
@@ -26855,6 +27160,9 @@ var InterceptionEngine = class {
26855
27160
  capabilities: classification.capabilities,
26856
27161
  trust: this.options.server.trust,
26857
27162
  taint: taintRecords.length > 0,
27163
+ sensitive_taint: recordsHaveClass(taintRecords, "sensitive"),
27164
+ secret_detected: hasSecretLabel(fused.labels),
27165
+ pii_detected: hasPiiLabel(fused.labels),
26858
27166
  detector_score: fused.score,
26859
27167
  labels: fused.labels
26860
27168
  });
@@ -26873,6 +27181,10 @@ var InterceptionEngine = class {
26873
27181
  classification,
26874
27182
  detector: fused,
26875
27183
  taintIds: taintRecords.map((record2) => record2.id),
27184
+ taintClasses: classesFromRecords(taintRecords),
27185
+ sensitiveTaint: recordsHaveClass(taintRecords, "sensitive"),
27186
+ secretDetected: hasSecretLabel(fused.labels),
27187
+ piiDetected: hasPiiLabel(fused.labels),
26876
27188
  approved: approval.approved,
26877
27189
  payload: result
26878
27190
  });
@@ -26901,7 +27213,7 @@ var InterceptionEngine = class {
26901
27213
  toServer: []
26902
27214
  };
26903
27215
  }
26904
- if (decision.action === "redact_spans") {
27216
+ if (decision.action === "redact_spans" || decision.action === "redact_secrets") {
26905
27217
  return {
26906
27218
  toClient: [{
26907
27219
  ...message,
@@ -26978,8 +27290,10 @@ var InterceptionEngine = class {
26978
27290
  return { toClient: [message], toServer: [] };
26979
27291
  }
26980
27292
  registerTaint(tool, toolClass, blocks, detection) {
26981
- const shouldTaint = this.options.server.trust !== "trusted" || toolClass === "source" || detection.score >= this.options.config.taint.suspiciousScore;
26982
- if (!shouldTaint) {
27293
+ const untrusted = this.options.server.trust !== "trusted" || toolClass === "source" || detection.score >= this.options.config.taint.suspiciousScore;
27294
+ const sensitive = this.isSensitiveOrigin(tool) || hasSecretLabel(detection.labels) || hasPiiLabel(detection.labels);
27295
+ const classes = taintClasses({ untrusted, sensitive });
27296
+ if (classes.length === 0) {
26983
27297
  return [];
26984
27298
  }
26985
27299
  return blocks.filter((block) => block.text.trim().length >= 8).map((block) => this.options.taintStore.add({
@@ -26989,24 +27303,30 @@ var InterceptionEngine = class {
26989
27303
  trust: this.options.server.trust,
26990
27304
  text: block.text,
26991
27305
  detectorScore: detection.score,
26992
- labels: detection.labels
27306
+ labels: detection.labels,
27307
+ classes
26993
27308
  }));
26994
27309
  }
26995
27310
  registerTaintFromContents(sourceName, classification, contents, detection) {
26996
27311
  const highRiskSource = this.options.server.trust === "untrusted" || classification.toolClass === "source" || classification.capabilities.includes("reads_untrusted_content");
26997
- const shouldTaint = highRiskSource || detection.score >= this.options.config.taint.suspiciousScore;
26998
- if (!shouldTaint) {
26999
- return [];
27000
- }
27001
- return contents.filter((content) => content.text && content.text.trim().length >= 8 && content.kind !== "binary").map((content) => this.options.taintStore.add({
27002
- sessionId: this.options.sessionId,
27003
- sourceServer: this.options.serverName,
27004
- sourceTool: content.sourceToolOrResource ?? sourceName,
27005
- trust: this.options.server.trust,
27006
- text: content.text ?? "",
27007
- detectorScore: detection.score,
27008
- labels: detection.labels
27009
- }));
27312
+ return contents.filter((content) => content.text && content.text.trim().length >= 8 && content.kind !== "binary").flatMap((content) => {
27313
+ const untrusted = highRiskSource || detection.score >= this.options.config.taint.suspiciousScore;
27314
+ const sensitive = this.isSensitiveOrigin(sourceName, content) || hasSecretLabel(detection.labels) || hasPiiLabel(detection.labels);
27315
+ const classes = taintClasses({ untrusted, sensitive });
27316
+ if (classes.length === 0) {
27317
+ return [];
27318
+ }
27319
+ return [this.options.taintStore.add({
27320
+ sessionId: this.options.sessionId,
27321
+ sourceServer: this.options.serverName,
27322
+ sourceTool: content.sourceToolOrResource ?? sourceName,
27323
+ trust: this.options.server.trust,
27324
+ text: content.text ?? "",
27325
+ detectorScore: detection.score,
27326
+ labels: detection.labels,
27327
+ classes
27328
+ })];
27329
+ });
27010
27330
  }
27011
27331
  async handleDescriptorListResponse(message, bucket, origin, resultKey, nameOf) {
27012
27332
  const startedAt = Date.now();
@@ -27077,6 +27397,9 @@ var InterceptionEngine = class {
27077
27397
  capabilities: classification.capabilities,
27078
27398
  trust: this.options.server.trust,
27079
27399
  taint: taintRecords.length > 0,
27400
+ sensitive_taint: recordsHaveClass(taintRecords, "sensitive"),
27401
+ secret_detected: hasSecretLabel(fused.labels),
27402
+ pii_detected: hasPiiLabel(fused.labels),
27080
27403
  detector_score: fused.score,
27081
27404
  labels: fused.labels
27082
27405
  });
@@ -27093,6 +27416,10 @@ var InterceptionEngine = class {
27093
27416
  classification,
27094
27417
  detector: fused,
27095
27418
  taintIds: taintRecords.map((record2) => record2.id),
27419
+ taintClasses: classesFromRecords(taintRecords),
27420
+ sensitiveTaint: recordsHaveClass(taintRecords, "sensitive"),
27421
+ secretDetected: hasSecretLabel(fused.labels),
27422
+ piiDetected: hasPiiLabel(fused.labels),
27096
27423
  approved: approval.approved,
27097
27424
  payload: result
27098
27425
  });
@@ -27115,7 +27442,7 @@ var InterceptionEngine = class {
27115
27442
  toServer: []
27116
27443
  };
27117
27444
  }
27118
- if (decision.action === "redact_spans") {
27445
+ if (decision.action === "redact_spans" || decision.action === "redact_secrets") {
27119
27446
  return {
27120
27447
  toClient: [{
27121
27448
  ...message,
@@ -27226,7 +27553,7 @@ var InterceptionEngine = class {
27226
27553
  tool: extra.tool,
27227
27554
  direction,
27228
27555
  method: extra.method ?? (isRequest(message) ? message.method : void 0),
27229
- taint_ids: extra.taintIds ?? extra.taintMatches?.map((match) => match.taintId) ?? [],
27556
+ taint_ids: dedupePreservingOrder(extra.taintIds ?? extra.taintMatches?.map((match) => match.taintId) ?? []),
27230
27557
  detector: {
27231
27558
  score: extra.detector?.score ?? 0,
27232
27559
  labels: extra.detector?.labels ?? []
@@ -27238,13 +27565,46 @@ var InterceptionEngine = class {
27238
27565
  action: decision.action,
27239
27566
  reason: decision.reason,
27240
27567
  latency_ms: Date.now() - startedAt,
27241
- payload: extra.payload,
27568
+ payload: scrubAuditPayload(extra.payload),
27242
27569
  metadata: {
27243
27570
  toolClass: extra.toolClass,
27244
27571
  capabilities: extra.classification?.capabilities,
27245
27572
  lockChecks: extra.lockChecks,
27246
27573
  lockStatus: extra.lockStatus,
27247
- approved: extra.approved
27574
+ approved: extra.approved,
27575
+ argumentRoles: extra.argumentRoles,
27576
+ taintedArgumentRoles: extra.taintedArgumentRoles,
27577
+ taintClasses: extra.taintClasses,
27578
+ destination: extra.destination,
27579
+ sensitiveTaint: extra.sensitiveTaint,
27580
+ secretDetected: extra.secretDetected,
27581
+ piiDetected: extra.piiDetected,
27582
+ redacted: extra.redacted
27583
+ }
27584
+ });
27585
+ }
27586
+ isSensitiveOrigin(sourceName, content) {
27587
+ if (this.options.server.sensitive) {
27588
+ return true;
27589
+ }
27590
+ if (this.options.server.sensitiveTools[sourceName] === true) {
27591
+ return true;
27592
+ }
27593
+ if (content?.sourceToolOrResource && this.options.server.sensitiveTools[content.sourceToolOrResource] === true) {
27594
+ return true;
27595
+ }
27596
+ const searchable = [
27597
+ sourceName,
27598
+ content?.sourceToolOrResource,
27599
+ content?.path,
27600
+ typeof content?.rawValue === "string" ? content.rawValue : void 0
27601
+ ].filter((value) => Boolean(value));
27602
+ return this.options.server.sensitivePathPatterns.some((pattern) => {
27603
+ try {
27604
+ const regex = new RegExp(pattern, "iu");
27605
+ return searchable.some((value) => regex.test(value));
27606
+ } catch {
27607
+ return false;
27248
27608
  }
27249
27609
  });
27250
27610
  }
@@ -27252,6 +27612,111 @@ var InterceptionEngine = class {
27252
27612
  function pathKey(block) {
27253
27613
  return block.path.join(".");
27254
27614
  }
27615
+ function taintClasses(input2) {
27616
+ const classes = [];
27617
+ if (input2.untrusted) {
27618
+ classes.push("untrusted");
27619
+ }
27620
+ if (input2.sensitive) {
27621
+ classes.push("sensitive");
27622
+ }
27623
+ return classes;
27624
+ }
27625
+ function recordsHaveClass(records, taintClass) {
27626
+ return records.some((record2) => record2.classes.includes(taintClass));
27627
+ }
27628
+ function classesFromRecords(records) {
27629
+ return dedupePreservingOrder(records.flatMap((record2) => record2.classes));
27630
+ }
27631
+ function classesFromMatches(matches) {
27632
+ return dedupePreservingOrder(matches.flatMap((match) => match.classes ?? []));
27633
+ }
27634
+ function summarizeDestinations(argumentFields, allowlist) {
27635
+ const hosts = dedupePreservingOrder(argumentFields.flatMap((field) => hostsFromField(field)));
27636
+ const emails = dedupePreservingOrder(argumentFields.filter((field) => field.role === "email_recipient").map((field) => field.text.toLowerCase()));
27637
+ const allowlistConfigured = allowlist.hosts.length > 0 || allowlist.emails.length > 0;
27638
+ const hostsAllowed = hosts.every((host) => allowlist.hosts.some((entry) => matchesHost(entry, host)));
27639
+ const emailsAllowed = emails.every((email3) => allowlist.emails.some((entry) => matchesEmail(entry, email3)));
27640
+ const hasDestinations = hosts.length > 0 || emails.length > 0;
27641
+ return {
27642
+ allowed: !allowlistConfigured || !hasDestinations || hostsAllowed && emailsAllowed,
27643
+ allowlistConfigured,
27644
+ hosts,
27645
+ emailRecipients: emails.map(maskSensitiveValueForMetadata),
27646
+ destinationCount: hosts.length + emails.length
27647
+ };
27648
+ }
27649
+ function hostsFromField(field) {
27650
+ if (field.role === "hostname") {
27651
+ return [normalizeHost(field.text)].filter(Boolean);
27652
+ }
27653
+ if (field.role !== "url") {
27654
+ return [];
27655
+ }
27656
+ try {
27657
+ return [normalizeHost(new URL(field.text).hostname)].filter(Boolean);
27658
+ } catch {
27659
+ return [];
27660
+ }
27661
+ }
27662
+ function matchesHost(pattern, host) {
27663
+ const normalizedPattern = normalizeHost(pattern);
27664
+ const normalizedHost = normalizeHost(host);
27665
+ if (!normalizedPattern || !normalizedHost) {
27666
+ return false;
27667
+ }
27668
+ if (normalizedPattern === "*") {
27669
+ return true;
27670
+ }
27671
+ if (normalizedPattern.startsWith("*.")) {
27672
+ const suffix = normalizedPattern.slice(1);
27673
+ return normalizedHost.endsWith(suffix);
27674
+ }
27675
+ return normalizedPattern === normalizedHost;
27676
+ }
27677
+ function matchesEmail(pattern, email3) {
27678
+ const normalizedPattern = pattern.trim().toLowerCase();
27679
+ const normalizedEmail = email3.trim().toLowerCase();
27680
+ if (!normalizedPattern || !normalizedEmail) {
27681
+ return false;
27682
+ }
27683
+ if (normalizedPattern === "*") {
27684
+ return true;
27685
+ }
27686
+ if (normalizedPattern.startsWith("*@")) {
27687
+ return normalizedEmail.endsWith(normalizedPattern.slice(1));
27688
+ }
27689
+ if (normalizedPattern.startsWith("@")) {
27690
+ return normalizedEmail.endsWith(normalizedPattern);
27691
+ }
27692
+ return normalizedPattern === normalizedEmail;
27693
+ }
27694
+ function normalizeHost(value) {
27695
+ return value.trim().toLowerCase().replace(/\.$/u, "");
27696
+ }
27697
+ function maskSensitiveValueForMetadata(value) {
27698
+ const [local, domain2] = value.split("@");
27699
+ if (!local || !domain2) {
27700
+ return "[REDACTED:destination]";
27701
+ }
27702
+ return `${local.slice(0, 1) || "*"}***@${domain2}`;
27703
+ }
27704
+ function scrubAuditPayload(value) {
27705
+ if (value === void 0) {
27706
+ return void 0;
27707
+ }
27708
+ if (typeof value === "string") {
27709
+ return maskKnownSensitiveText(value);
27710
+ }
27711
+ if (value === null || typeof value !== "object") {
27712
+ return value;
27713
+ }
27714
+ try {
27715
+ return applyTextTransforms(value, (text) => maskKnownSensitiveText(text));
27716
+ } catch {
27717
+ return "[payload omitted: audit masking failed]";
27718
+ }
27719
+ }
27255
27720
  function worstLockStatus(checks) {
27256
27721
  if (checks.length === 0)
27257
27722
  return "unknown";
@@ -27274,6 +27739,23 @@ function descriptorName(item, fallback) {
27274
27739
  }
27275
27740
  return `${fallback}:${JSON.stringify(item).slice(0, 80)}`;
27276
27741
  }
27742
+ function formatBlockedToolCallResultText(decision, tool, verbose) {
27743
+ if (!verbose) {
27744
+ return "Palizade blocked this tool call. This action was prevented by your local Palizade security policy.";
27745
+ }
27746
+ const rule = decision.matchedRuleId ?? "policy-default";
27747
+ const reason = scrubClientBlockText(trimTrailingPeriod(decision.reason));
27748
+ return `Palizade blocked this tool call. Rule: ${rule}. Reason: ${reason}. Tool: ${tool}. This action was prevented by your local Palizade security policy.`;
27749
+ }
27750
+ function scrubClientBlockText(text) {
27751
+ return text.replace(/\btaint_[A-Za-z0-9-]+\b/gu, "[taint-id]");
27752
+ }
27753
+ function trimTrailingPeriod(text) {
27754
+ return text.endsWith(".") ? text.slice(0, -1) : text;
27755
+ }
27756
+ function dedupePreservingOrder(values) {
27757
+ return [...new Set(values)];
27758
+ }
27277
27759
  function auditScopeId(scope, profileId, runId, sessionId) {
27278
27760
  if (scope === "process") {
27279
27761
  return `process:${sessionId}`;
@@ -27923,6 +28405,7 @@ var SqliteTaintStore = class {
27923
28405
  payload_hash text not null,
27924
28406
  detector_score real not null,
27925
28407
  labels_json text not null,
28408
+ classes_json text,
27926
28409
  fingerprint_json text not null
27927
28410
  );
27928
28411
  create index if not exists idx_taint_session on taint_records(session_id);
@@ -27938,6 +28421,7 @@ var SqliteTaintStore = class {
27938
28421
  this.ensureColumn("taint_records", "scope_id", "text");
27939
28422
  this.ensureColumn("taint_records", "run_id", "text");
27940
28423
  this.ensureColumn("taint_records", "expires_at", "text");
28424
+ this.ensureColumn("taint_records", "classes_json", "text");
27941
28425
  this.db.exec(`
27942
28426
  create index if not exists idx_taint_scope on taint_records(scope_id);
27943
28427
  create index if not exists idx_taint_expires on taint_records(expires_at);
@@ -27962,11 +28446,12 @@ var SqliteTaintStore = class {
27962
28446
  payloadHash: sha2563(input2.text),
27963
28447
  detectorScore: input2.detectorScore,
27964
28448
  labels: [...input2.labels],
28449
+ classes: normalizeClasses(input2.classes),
27965
28450
  fingerprint: makeProtectedFingerprint(input2.text, this.hmacKey)
27966
28451
  };
27967
28452
  this.db.prepare(`insert into taint_records
27968
- (id, profile_id, scope_id, run_id, session_id, source_server, source_tool, trust, created_at, expires_at, payload_hash, detector_score, labels_json, fingerprint_json)
27969
- values (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`).run(record2.id, record2.profileId, record2.scopeId, record2.runId ?? null, record2.sessionId, record2.sourceServer, record2.sourceTool, record2.trust, record2.createdAt, record2.expiresAt, record2.payloadHash, record2.detectorScore, JSON.stringify(record2.labels), JSON.stringify(record2.fingerprint));
28453
+ (id, profile_id, scope_id, run_id, session_id, source_server, source_tool, trust, created_at, expires_at, payload_hash, detector_score, labels_json, classes_json, fingerprint_json)
28454
+ values (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`).run(record2.id, record2.profileId, record2.scopeId, record2.runId ?? null, record2.sessionId, record2.sourceServer, record2.sourceTool, record2.trust, record2.createdAt, record2.expiresAt, record2.payloadHash, record2.detectorScore, JSON.stringify(record2.labels), JSON.stringify(record2.classes), JSON.stringify(record2.fingerprint));
27970
28455
  return record2;
27971
28456
  }
27972
28457
  get(id) {
@@ -27984,27 +28469,34 @@ var SqliteTaintStore = class {
27984
28469
  const records = this.recordsForScope(sessionId);
27985
28470
  const matches = [];
27986
28471
  for (const record2 of records) {
28472
+ if (!matchesClassFilter(record2.classes, options.classes)) {
28473
+ continue;
28474
+ }
27987
28475
  const incomingFragments = new Set(incoming.substrings);
27988
28476
  const substring = record2.fingerprint.substrings.find((candidate) => candidate.length >= minNormalizedLength && incomingFragments.has(candidate));
27989
28477
  if (substring) {
27990
- matches.push({ taintId: record2.id, reason: "substring", token: substring });
28478
+ matches.push({ taintId: record2.id, reason: "substring", token: substring, classes: record2.classes });
27991
28479
  continue;
27992
28480
  }
27993
28481
  const token = record2.fingerprint.tokens.find((candidate) => candidate.length >= 8 && incoming.tokens.includes(candidate));
27994
28482
  if (token) {
27995
- matches.push({ taintId: record2.id, reason: "token", token });
28483
+ matches.push({ taintId: record2.id, reason: "token", token, classes: record2.classes });
27996
28484
  continue;
27997
28485
  }
27998
28486
  if (record2.fingerprint.normalized.length >= 32 && incoming.normalized.length >= 32) {
27999
28487
  const distance = hammingDistanceHex(record2.fingerprint.simhash, incoming.simhash);
28000
28488
  if (distance <= fuzzyHammingMax) {
28001
- matches.push({ taintId: record2.id, reason: "fuzzy", score: 1 - distance / 64 });
28489
+ matches.push({ taintId: record2.id, reason: "fuzzy", classes: record2.classes, score: 1 - distance / 64 });
28002
28490
  }
28003
28491
  }
28004
28492
  }
28005
28493
  for (const temporal of this.activeTemporalRows(sessionId)) {
28006
28494
  for (const taintId of JSON.parse(temporal.source_taint_ids_json)) {
28007
- matches.push({ taintId, reason: "temporal" });
28495
+ const record2 = this.get(taintId);
28496
+ const classes = record2?.classes ?? ["untrusted"];
28497
+ if (matchesClassFilter(classes, options.classes)) {
28498
+ matches.push({ taintId, reason: "temporal", classes });
28499
+ }
28008
28500
  }
28009
28501
  }
28010
28502
  return dedupeMatches(matches);
@@ -28101,9 +28593,17 @@ function rowToRecord(row) {
28101
28593
  payloadHash: row.payload_hash,
28102
28594
  detectorScore: row.detector_score,
28103
28595
  labels: JSON.parse(row.labels_json),
28596
+ classes: row.classes_json ? JSON.parse(row.classes_json) : ["untrusted"],
28104
28597
  fingerprint: JSON.parse(row.fingerprint_json)
28105
28598
  };
28106
28599
  }
28600
+ function normalizeClasses(classes) {
28601
+ const normalized = classes && classes.length > 0 ? classes : ["untrusted"];
28602
+ return [...new Set(normalized)];
28603
+ }
28604
+ function matchesClassFilter(classes, filter) {
28605
+ return !filter || filter.some((taintClass) => classes.includes(taintClass));
28606
+ }
28107
28607
  function makeProtectedFingerprint(input2, key) {
28108
28608
  const normalized = normalizeText(input2);
28109
28609
  const fragments = makeSubstrings(normalized).map((fragment) => hmacSha256Hex(key, fragment));
@@ -28194,6 +28694,12 @@ function createDetector(config2) {
28194
28694
  if (config2.detectors.heuristic) {
28195
28695
  detectors2.push(new HeuristicDetector());
28196
28696
  }
28697
+ if (config2.detectors.secrets.enabled || config2.detectors.pii.enabled) {
28698
+ detectors2.push(new SensitiveDataDetector({
28699
+ secrets: config2.detectors.secrets,
28700
+ pii: config2.detectors.pii
28701
+ }));
28702
+ }
28197
28703
  if (config2.detectors.onnxModelPath) {
28198
28704
  detectors2.push(new OptionalOnnxDetector({ modelPath: config2.detectors.onnxModelPath }));
28199
28705
  }
@@ -28388,6 +28894,7 @@ audit:
28388
28894
  jsonl: .palizade/audit.jsonl
28389
28895
  sqlite: .palizade/audit.sqlite
28390
28896
  captureRawPayloads: false
28897
+ errorVerbosity: true
28391
28898
 
28392
28899
  approvals:
28393
28900
  mode: localhost
@@ -28401,6 +28908,15 @@ detectors:
28401
28908
  model: sinatras/Llama-Prompt-Guard-2-86M-ONNX
28402
28909
  cacheDir: .palizade/models
28403
28910
  device: cpu
28911
+ secrets:
28912
+ enabled: false
28913
+ pii:
28914
+ enabled: false
28915
+
28916
+ egress:
28917
+ allowlist:
28918
+ hosts: []
28919
+ emails: []
28404
28920
 
28405
28921
  transport:
28406
28922
  maxMessageBytes: 67108864
@@ -28432,6 +28948,9 @@ servers:
28432
28948
  read_web: source
28433
28949
  send_email: sink
28434
28950
  echo: pure
28951
+ sensitive: false
28952
+ sensitiveTools: {}
28953
+ sensitivePathPatterns: []
28435
28954
  filesystem:
28436
28955
  command: node
28437
28956
  args:
@@ -28453,6 +28972,9 @@ servers:
28453
28972
  edit_file: sink
28454
28973
  create_directory: sink
28455
28974
  move_file: sink
28975
+ sensitive: false
28976
+ sensitiveTools: {}
28977
+ sensitivePathPatterns: []
28456
28978
  `;
28457
28979
  var DEFAULT_POLICY = `version: 1
28458
28980
  defaults:
@@ -28524,7 +29046,6 @@ rules:
28524
29046
  when:
28525
29047
  direction: response
28526
29048
  method: tools/call
28527
- trust: untrusted
28528
29049
  detector_score_gte: 0.35
28529
29050
  action: sanitize
28530
29051
  reason: Untrusted tool output contains injection-like signals.
@@ -28540,6 +29061,15 @@ rules:
28540
29061
  action: sanitize
28541
29062
  reason: Resource or prompt content contains injection-like signals.
28542
29063
 
29064
+ - id: sanitize-strong-injection-any-trust
29065
+ name: Spotlight strong injection signals regardless of trust
29066
+ when:
29067
+ direction: response
29068
+ method: tools/call
29069
+ detector_score_gte: 0.75
29070
+ action: sanitize
29071
+ reason: Strong injection signal in tool output.
29072
+
28543
29073
  - id: block-tainted-sink
28544
29074
  name: Block tainted content entering sinks
28545
29075
  when:
@@ -28579,7 +29109,7 @@ rules:
28579
29109
 
28580
29110
  // src/index.ts
28581
29111
  var program2 = new Command();
28582
- program2.name("palizade").description("MCP-native prompt-injection firewall and security proxy").version("0.1.0").option("-c, --config <path>", "Path to palizade.yaml", "palizade.yaml");
29112
+ program2.name("palizade").description("MCP-native prompt-injection firewall and security proxy").version("0.2.2").option("-c, --config <path>", "Path to palizade.yaml", "palizade.yaml");
28583
29113
  program2.command("init").description("Create a starter palizade.yaml, default policy, and state directory").option("--force", "Overwrite existing files", false).action(async (options) => {
28584
29114
  await writeIfMissing("palizade.yaml", DEFAULT_CONFIG, options.force);
28585
29115
  await writeIfMissing("policies/default.yaml", DEFAULT_POLICY, options.force);
package/dist/index.js CHANGED
@@ -12,7 +12,7 @@ const program = new Command();
12
12
  program
13
13
  .name("palizade")
14
14
  .description("MCP-native prompt-injection firewall and security proxy")
15
- .version("0.1.0")
15
+ .version(__PKG_VERSION__)
16
16
  .option("-c, --config <path>", "Path to palizade.yaml", "palizade.yaml");
17
17
  program.command("init")
18
18
  .description("Create a starter palizade.yaml, default policy, and state directory")
package/dist/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AACA,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AAC1D,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAC7C,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EACL,2BAA2B,EAC3B,aAAa,EACb,UAAU,EACV,aAAa,EACb,aAAa,EAEd,MAAM,gBAAgB,CAAC;AACxB,OAAO,EAAE,cAAc,EAAE,aAAa,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AAClF,OAAO,EAAE,iBAAiB,EAAE,oBAAoB,EAAE,oBAAoB,EAAE,yBAAyB,EAAE,MAAM,qBAAqB,CAAC;AAC/H,OAAO,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AACnD,OAAO,EAAE,iBAAiB,EAAE,mBAAmB,EAAE,uBAAuB,EAAE,MAAM,qBAAqB,CAAC;AACtG,OAAO,EAAE,cAAc,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AAEhE,MAAM,OAAO,GAAG,IAAI,OAAO,EAAE,CAAC;AAE9B,OAAO;KACJ,IAAI,CAAC,UAAU,CAAC;KAChB,WAAW,CAAC,yDAAyD,CAAC;KACtE,OAAO,CAAC,OAAO,CAAC;KAChB,MAAM,CAAC,qBAAqB,EAAE,uBAAuB,EAAE,eAAe,CAAC,CAAC;AAE3E,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC;KACpB,WAAW,CAAC,qEAAqE,CAAC;KAClF,MAAM,CAAC,SAAS,EAAE,0BAA0B,EAAE,KAAK,CAAC;KACpD,MAAM,CAAC,KAAK,EAAE,OAA2B,EAAE,EAAE;IAC5C,6FAA6F;IAC7F,MAAM,cAAc,CAAC,eAAe,EAAE,cAAc,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC;IACrE,MAAM,cAAc,CAAC,uBAAuB,EAAE,cAAc,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC;IAC7E,MAAM,KAAK,CAAC,WAAW,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAC9C,OAAO,CAAC,GAAG,CAAC,6EAA6E,CAAC,CAAC;AAC7F,CAAC,CAAC,CAAC;AAEL,OAAO,CAAC,OAAO,CAAC,gBAAgB,CAAC;KAC9B,WAAW,CAAC,4DAA4D,CAAC;KACzE,QAAQ,CAAC,cAAc,EAAE,gCAAgC,CAAC;KAC1D,MAAM,CAAC,iBAAiB,EAAE,eAAe,EAAE,gBAAgB,CAAC;KAC5D,MAAM,CAAC,iBAAiB,EAAE,sCAAsC,CAAC;KACjE,MAAM,CAAC,wBAAwB,EAAE,0CAA0C,CAAC;KAC5E,MAAM,CAAC,oBAAoB,EAAE,+BAA+B,CAAC;KAC7D,MAAM,CAAC,WAAW,EAAE,sDAAsD,EAAE,KAAK,CAAC;KAClF,MAAM,CAAC,SAAS,EAAE,wCAAwC,EAAE,KAAK,CAAC;KAClE,MAAM,CAAC,KAAK,EAAE,UAAkB,EAAE,OAOlC,EAAE,OAAgB,EAAE,EAAE;IACrB,MAAM,MAAM,GAAG,MAAM,mBAAmB,CAAC;QACvC,UAAU;QACV,MAAM,EAAE,OAAO,CAAC,MAAM;QACtB,UAAU,EAAE,uBAAuB,CAAC,OAAO,EAAE,OAAO,CAAC;QACrD,gBAAgB,EAAE,OAAO,CAAC,YAAY;QACtC,SAAS,EAAE,OAAO,CAAC,IAAI;QACvB,MAAM,EAAE,OAAO,CAAC,MAAM;QACtB,KAAK,EAAE,OAAO,CAAC,KAAK;QACpB,OAAO,EAAE,iBAAiB,EAAE;KAC7B,CAAC,CAAC;IACH,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;QACtC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACxB,CAAC;IACD,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;QACnB,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;QAC/B,OAAO;IACT,CAAC;IACD,OAAO,CAAC,GAAG,CAAC,WAAW,MAAM,CAAC,gBAAgB,EAAE,CAAC,CAAC;IAClD,OAAO,CAAC,GAAG,CAAC,UAAU,MAAM,CAAC,SAAS,EAAE,CAAC,CAAC;IAC1C,OAAO,CAAC,GAAG,CAAC,YAAY,MAAM,CAAC,KAAK,CAAC,OAAO,IAAI,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAC/E,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,WAAW,MAAM,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC,wCAAwC,CAAC,CAAC;IAC3G,OAAO,CAAC,GAAG,CAAC,qEAAqE,CAAC,CAAC;AACrF,CAAC,CAAC,CAAC;AAEL,MAAM,SAAS,GAAG,OAAO,CAAC,OAAO,CAAC,WAAW,CAAC;KAC3C,WAAW,CAAC,iCAAiC,CAAC,CAAC;AAElD,SAAS,CAAC,OAAO,CAAC,SAAS,CAAC;KACzB,WAAW,CAAC,qCAAqC,CAAC;KAClD,QAAQ,CAAC,QAAQ,EAAE,wCAAwC,CAAC;KAC5D,MAAM,CAAC,iBAAiB,EAAE,uBAAuB,EAAE,yBAAyB,CAAC;KAC7E,MAAM,CAAC,mBAAmB,EAAE,uBAAuB,EAAE,kBAAkB,CAAC;KACxE,MAAM,CAAC,KAAK,EAAE,IAAY,EAAE,OAA4C,EAAE,EAAE;IAC3E,IAAI,IAAI,KAAK,cAAc,EAAE,CAAC;QAC5B,MAAM,IAAI,KAAK,CAAC,qBAAqB,IAAI,IAAI,CAAC,CAAC;IACjD,CAAC;IACD,MAAM,KAAK,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACnD,OAAO,CAAC,GAAG,CAAC,eAAe,OAAO,CAAC,KAAK,OAAO,OAAO,CAAC,QAAQ,KAAK,CAAC,CAAC;IACtE,MAAM,oBAAoB,CAAC,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE,QAAQ,EAAE,OAAO,CAAC,QAAQ,EAAE,CAAC,CAAC;IACjF,OAAO,CAAC,GAAG,CAAC,sFAAsF,CAAC,CAAC;AACtG,CAAC,CAAC,CAAC;AAEL,SAAS,CAAC,OAAO,CAAC,QAAQ,CAAC;KACxB,WAAW,CAAC,iDAAiD,CAAC;KAC9D,QAAQ,CAAC,QAAQ,EAAE,2BAA2B,CAAC;KAC/C,MAAM,CAAC,KAAK,EAAE,IAAY,EAAE,EAAE;IAC7B,MAAM,MAAM,GAAG,sDAAsD,CAAC;IACtE,MAAM,SAAS,GAAG,wFAAwF,CAAC;IAC3G,MAAM,OAAO,GAAG,WAAW,CAAC,GAAG,EAAE,CAAC;IAClC,IAAI,IAAI,KAAK,WAAW,EAAE,CAAC;QACzB,MAAM,QAAQ,GAAG,IAAI,iBAAiB,EAAE,CAAC;QACzC,MAAM,YAAY,GAAG,MAAM,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QACnD,MAAM,eAAe,GAAG,MAAM,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QACzD,MAAM,OAAO,GAAG,WAAW,CAAC,GAAG,EAAE,GAAG,OAAO,CAAC;QAC5C,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC;YACzB,QAAQ,EAAE,WAAW;YACrB,MAAM,EAAE,SAAS;YACjB,MAAM,EAAE,YAAY;YACpB,SAAS,EAAE,eAAe;YAC1B,UAAU,EAAE,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;YACtC,IAAI,EAAE,YAAY,CAAC,KAAK,GAAG,eAAe,CAAC,KAAK;SACjD,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QACb,IAAI,YAAY,CAAC,KAAK,IAAI,eAAe,CAAC,KAAK;YAAE,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACtE,OAAO;IACT,CAAC;IACD,IAAI,IAAI,KAAK,cAAc,EAAE,CAAC;QAC5B,MAAM,UAAU,GAAG,OAAO,CAAC,IAAI,EAAsB,CAAC,MAAM,CAAC;QAC7D,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,UAAU,CAAC,CAAC;QAC5C,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,YAAY,CAAC,OAAO,EAAE,CAAC;YAC3C,MAAM,IAAI,KAAK,CAAC,2EAA2E,CAAC,CAAC;QAC/F,CAAC;QACD,MAAM,QAAQ,GAAG,IAAI,oBAAoB,CAAC;YACxC,KAAK,EAAE,MAAM,CAAC,SAAS,CAAC,YAAY,CAAC,KAAK;YAC1C,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,MAAM,CAAC,SAAS,CAAC,YAAY,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACvG,MAAM,EAAE,MAAM,CAAC,SAAS,CAAC,YAAY,CAAC,MAAM;SAC7C,CAAC,CAAC;QACH,MAAM,YAAY,GAAG,MAAM,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QACnD,MAAM,eAAe,GAAG,MAAM,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QACzD,MAAM,OAAO,GAAG,WAAW,CAAC,GAAG,EAAE,GAAG,OAAO,CAAC;QAC5C,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC;YACzB,QAAQ,EAAE,cAAc;YACxB,MAAM,EAAE,gBAAgB;YACxB,KAAK,EAAE,MAAM,CAAC,SAAS,CAAC,YAAY,CAAC,KAAK;YAC1C,MAAM,EAAE,MAAM,CAAC,SAAS,CAAC,YAAY,CAAC,MAAM;YAC5C,aAAa,EAAE,uCAAuC;YACtD,MAAM,EAAE,YAAY;YACpB,SAAS,EAAE,eAAe;YAC1B,UAAU,EAAE,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;YACtC,IAAI,EAAE,YAAY,CAAC,KAAK,GAAG,eAAe,CAAC,KAAK;SACjD,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QACb,IAAI,YAAY,CAAC,KAAK,IAAI,eAAe,CAAC,KAAK;YAAE,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACtE,OAAO;IACT,CAAC;IACD,MAAM,IAAI,KAAK,CAAC,qBAAqB,IAAI,IAAI,CAAC,CAAC;AACjD,CAAC,CAAC,CAAC;AAEL,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC;KACpB,WAAW,CAAC,wCAAwC,CAAC;KACrD,QAAQ,CAAC,cAAc,EAAE,gCAAgC,CAAC;KAC1D,MAAM,CAAC,KAAK,EAAE,UAAkB,EAAE,EAAE;IACnC,MAAM,UAAU,GAAG,OAAO,CAAC,IAAI,EAAsB,CAAC,MAAM,CAAC;IAC7D,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,UAAU,CAAC,CAAC;IAC5C,MAAM,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;IAC1C,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,IAAI,KAAK,CAAC,mBAAmB,UAAU,IAAI,CAAC,CAAC;IACrD,CAAC;IACD,MAAM,OAAO,GAAG,MAAM,aAAa,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;IACxD,MAAM,KAAK,GAAG,IAAI,aAAa,CAAC,EAAE,UAAU,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,CAAC,SAAS,EAAE,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;IAC7G,MAAM,KAAK,CAAC,GAAG,EAAE,CAAC;AACpB,CAAC,CAAC,CAAC;AAEL,MAAM,IAAI,GAAG,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC;KACjC,WAAW,CAAC,0CAA0C,CAAC,CAAC;AAE3D,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC;KACpB,WAAW,CAAC,6DAA6D,CAAC;KAC1E,QAAQ,CAAC,cAAc,EAAE,gCAAgC,CAAC;KAC1D,MAAM,CAAC,sBAAsB,EAAE,0BAA0B,EAAE,IAAI,CAAC;KAChE,MAAM,CAAC,KAAK,EAAE,UAAkB,EAAE,OAA4B,EAAE,EAAE;IACjE,MAAM,UAAU,GAAG,OAAO,CAAC,IAAI,EAAsB,CAAC,MAAM,CAAC;IAC7D,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,UAAU,CAAC,CAAC;IAC5C,MAAM,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;IAC1C,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,IAAI,KAAK,CAAC,mBAAmB,UAAU,IAAI,CAAC,CAAC;IACrD,CAAC;IACD,MAAM,KAAK,GAAG,MAAM,2BAA2B,CAAC,MAAM,EAAE,aAAa,CAAC,OAAO,CAAC,OAAO,CAAC,CAAc,CAAC;IACrG,MAAM,MAAM,GAAG,MAAM,IAAI,aAAa,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,YAAY,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC;IACxF,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;QAC3B,OAAO,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,MAAM,KAAK,UAAU,IAAI,KAAK,CAAC,IAAI,KAAK,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;IAC7E,CAAC;IACD,OAAO,CAAC,GAAG,CAAC,YAAY,MAAM,CAAC,MAAM,eAAe,MAAM,CAAC,QAAQ,GAAG,CAAC,CAAC;AAC1E,CAAC,CAAC,CAAC;AAEL,MAAM,KAAK,GAAG,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC;KACnC,WAAW,CAAC,mBAAmB,CAAC;KAChC,MAAM,CAAC,mBAAmB,EAAE,0CAA0C,EAAE,IAAI,CAAC;KAC7E,MAAM,CAAC,mBAAmB,EAAE,kBAAkB,CAAC;KAC/C,MAAM,CAAC,qBAAqB,EAAE,mBAAmB,CAAC;KAClD,MAAM,CAAC,mBAAmB,EAAE,kBAAkB,CAAC;KAC/C,MAAM,CAAC,eAAe,EAAE,gBAAgB,CAAC;KACzC,MAAM,CAAC,aAAa,EAAE,gBAAgB,EAAE,IAAI,CAAC;KAC7C,MAAM,CAAC,KAAK,EAAE,OAA2G,EAAE,EAAE;IAC5H,MAAM,UAAU,GAAG,OAAO,CAAC,IAAI,EAAsB,CAAC,MAAM,CAAC;IAC7D,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,UAAU,CAAC,CAAC;IAC5C,MAAM,IAAI,GAAG,IAAI,cAAc,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IACpD,MAAM,KAAK,GAOP;QACF,KAAK,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,aAAa,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QACzD,KAAK,EAAE,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC;KAC7B,CAAC;IACF,IAAI,OAAO,CAAC,MAAM;QAAE,KAAK,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAClD,IAAI,OAAO,CAAC,OAAO;QAAE,KAAK,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC;IACrD,IAAI,OAAO,CAAC,MAAM;QAAE,KAAK,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAClD,IAAI,OAAO,CAAC,IAAI;QAAE,KAAK,CAAC,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;IAC5C,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IAEvC,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACxB,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC,CAAC;QACxC,OAAO;IACT,CAAC;IAED,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;QAC3B,MAAM,IAAI,GAAG,KAAK,CAAC,YAAY,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,KAAK,CAAC,YAAY,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAC5E,MAAM,KAAK,GAAG,KAAK,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,UAAU,KAAK,CAAC,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACtF,OAAO,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,EAAE,IAAI,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,KAAK,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,IAAI,GAAG,IAAI,KAAK,CAAC,IAAI,IAAI,KAAK,CAAC,MAAM,IAAI,GAAG,GAAG,IAAI,GAAG,KAAK,EAAE,CAAC,CAAC;QAC9J,IAAI,KAAK,CAAC,MAAM,EAAE,CAAC;YACjB,OAAO,CAAC,GAAG,CAAC,KAAK,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC;QACnC,CAAC;IACH,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC;KACpB,WAAW,CAAC,mCAAmC,CAAC;KAChD,MAAM,CAAC,KAAK,IAAI,EAAE;IACjB,MAAM,UAAU,GAAG,OAAO,CAAC,IAAI,EAAsB,CAAC,MAAM,CAAC;IAC7D,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,UAAU,CAAC,CAAC;IAC5C,MAAM,MAAM,GAAG,MAAM,IAAI,cAAc,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,EAAE,KAAK,EAAE,MAAM,CAAC,gBAAgB,EAAE,CAAC,CAAC;IACtG,MAAM,MAAM,GAAG,gBAAgB,CAAC,MAAM,CAAC,CAAC;IACxC,IAAI,MAAM,CAAC,EAAE,EAAE,CAAC;QACd,MAAM,MAAM,GAAG,MAAM,CAAC,WAAW,GAAG,CAAC,CAAC,CAAC,CAAC,aAAa,MAAM,CAAC,WAAW,2BAA2B,CAAC,CAAC,CAAC,EAAE,CAAC;QACxG,OAAO,CAAC,GAAG,CAAC,mBAAmB,MAAM,CAAC,MAAM,GAAG,MAAM,CAAC,WAAW,qBAAqB,MAAM,CAAC,YAAY,cAAc,MAAM,IAAI,CAAC,CAAC;QACnI,OAAO;IACT,CAAC;IACD,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IACtD,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;AACvB,CAAC,CAAC,CAAC;AAEL,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC;KACnB,WAAW,CAAC,gDAAgD,CAAC;KAC7D,MAAM,CAAC,yBAAyB,EAAE,sBAAsB,EAAE,KAAK,CAAC;KAChE,MAAM,CAAC,KAAK,EAAE,OAA8B,EAAE,EAAE;IAC/C,MAAM,UAAU,GAAG,OAAO,CAAC,IAAI,EAAsB,CAAC,MAAM,CAAC;IAC7D,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,UAAU,CAAC,CAAC;IAC5C,MAAM,MAAM,GAAG,MAAM,IAAI,cAAc,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,aAAa,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;IAC3H,OAAO,CAAC,GAAG,CAAC,UAAU,MAAM,kBAAkB,CAAC,CAAC;AAClD,CAAC,CAAC,CAAC;AAEL,MAAM,KAAK,GAAG,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC;KACnC,WAAW,CAAC,oBAAoB,CAAC,CAAC;AAErC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC;KACnB,WAAW,CAAC,6BAA6B,CAAC;KAC1C,MAAM,CAAC,KAAK,IAAI,EAAE;IACjB,MAAM,UAAU,GAAG,OAAO,CAAC,IAAI,EAAsB,CAAC,MAAM,CAAC;IAC7D,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,UAAU,CAAC,CAAC;IAC5C,MAAM,KAAK,GAAG,IAAI,gBAAgB,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,EAAE;QACtD,KAAK,EAAE,MAAM,CAAC,KAAK,CAAC,KAAK;QACzB,SAAS,EAAE,MAAM,CAAC,KAAK,CAAC,SAAS;QACjC,OAAO,EAAE,MAAM,CAAC,KAAK,CAAC,OAAO;QAC7B,KAAK,EAAE,MAAM,CAAC,KAAK,CAAC,KAAK;QACzB,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KAC/E,CAAC,CAAC;IACH,MAAM,MAAM,GAAG,KAAK,CAAC,YAAY,EAAE,CAAC;IACpC,KAAK,CAAC,KAAK,EAAE,CAAC;IACd,OAAO,CAAC,GAAG,CAAC,UAAU,MAAM,mBAAmB,CAAC,CAAC;AACnD,CAAC,CAAC,CAAC;AAEL,OAAO,CAAC,OAAO,CAAC,QAAQ,CAAC;KACtB,WAAW,CAAC,uCAAuC,CAAC;KACpD,MAAM,CAAC,KAAK,IAAI,EAAE;IACjB,MAAM,UAAU,GAAG,OAAO,CAAC,IAAI,EAAsB,CAAC,MAAM,CAAC;IAC7D,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,UAAU,CAAC,CAAC;IAC5C,OAAO,CAAC,GAAG,CAAC,WAAW,OAAO,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC;IAC9C,OAAO,CAAC,GAAG,CAAC,WAAW,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;IACxC,OAAO,CAAC,GAAG,CAAC,aAAa,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC;IAC5C,OAAO,CAAC,GAAG,CAAC,gBAAgB,MAAM,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC,CAAC;IAClD,KAAK,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC;QAC5D,OAAO,CAAC,GAAG,CAAC,UAAU,IAAI,KAAK,MAAM,CAAC,OAAO,IAAI,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,WAAW,MAAM,CAAC,KAAK,GAAG,CAAC,CAAC;IACpG,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,OAAO,CAAC,UAAU,EAAE,CAAC,KAAK,CAAC,CAAC,KAAc,EAAE,EAAE;IAC5C,OAAO,CAAC,KAAK,CAAC,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;IACtE,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;AACvB,CAAC,CAAC,CAAC;AAEH,KAAK,UAAU,cAAc,CAAC,IAAY,EAAE,OAAe,EAAE,KAAc;IACzE,IAAI,CAAC,KAAK,IAAI,MAAM,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;QACjC,OAAO,CAAC,GAAG,CAAC,oBAAoB,IAAI,EAAE,CAAC,CAAC;QACxC,OAAO;IACT,CAAC;IACD,MAAM,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAChD,MAAM,SAAS,CAAC,IAAI,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;IACvC,OAAO,CAAC,GAAG,CAAC,SAAS,IAAI,EAAE,CAAC,CAAC;AAC/B,CAAC;AAED,KAAK,UAAU,MAAM,CAAC,IAAY;IAChC,IAAI,CAAC;QACH,MAAM,IAAI,CAAC,IAAI,CAAC,CAAC;QACjB,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAK,KAA+B,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YACvD,OAAO,KAAK,CAAC;QACf,CAAC;QACD,MAAM,KAAK,CAAC;IACd,CAAC;AACH,CAAC"}
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AACA,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AAC1D,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAC7C,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EACL,2BAA2B,EAC3B,aAAa,EACb,UAAU,EACV,aAAa,EACb,aAAa,EAEd,MAAM,gBAAgB,CAAC;AACxB,OAAO,EAAE,cAAc,EAAE,aAAa,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AAClF,OAAO,EAAE,iBAAiB,EAAE,oBAAoB,EAAE,oBAAoB,EAAE,yBAAyB,EAAE,MAAM,qBAAqB,CAAC;AAC/H,OAAO,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AACnD,OAAO,EAAE,iBAAiB,EAAE,mBAAmB,EAAE,uBAAuB,EAAE,MAAM,qBAAqB,CAAC;AACtG,OAAO,EAAE,cAAc,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AAIhE,MAAM,OAAO,GAAG,IAAI,OAAO,EAAE,CAAC;AAE9B,OAAO;KACJ,IAAI,CAAC,UAAU,CAAC;KAChB,WAAW,CAAC,yDAAyD,CAAC;KACtE,OAAO,CAAC,eAAe,CAAC;KACxB,MAAM,CAAC,qBAAqB,EAAE,uBAAuB,EAAE,eAAe,CAAC,CAAC;AAE3E,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC;KACpB,WAAW,CAAC,qEAAqE,CAAC;KAClF,MAAM,CAAC,SAAS,EAAE,0BAA0B,EAAE,KAAK,CAAC;KACpD,MAAM,CAAC,KAAK,EAAE,OAA2B,EAAE,EAAE;IAC5C,6FAA6F;IAC7F,MAAM,cAAc,CAAC,eAAe,EAAE,cAAc,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC;IACrE,MAAM,cAAc,CAAC,uBAAuB,EAAE,cAAc,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC;IAC7E,MAAM,KAAK,CAAC,WAAW,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAC9C,OAAO,CAAC,GAAG,CAAC,6EAA6E,CAAC,CAAC;AAC7F,CAAC,CAAC,CAAC;AAEL,OAAO,CAAC,OAAO,CAAC,gBAAgB,CAAC;KAC9B,WAAW,CAAC,4DAA4D,CAAC;KACzE,QAAQ,CAAC,cAAc,EAAE,gCAAgC,CAAC;KAC1D,MAAM,CAAC,iBAAiB,EAAE,eAAe,EAAE,gBAAgB,CAAC;KAC5D,MAAM,CAAC,iBAAiB,EAAE,sCAAsC,CAAC;KACjE,MAAM,CAAC,wBAAwB,EAAE,0CAA0C,CAAC;KAC5E,MAAM,CAAC,oBAAoB,EAAE,+BAA+B,CAAC;KAC7D,MAAM,CAAC,WAAW,EAAE,sDAAsD,EAAE,KAAK,CAAC;KAClF,MAAM,CAAC,SAAS,EAAE,wCAAwC,EAAE,KAAK,CAAC;KAClE,MAAM,CAAC,KAAK,EAAE,UAAkB,EAAE,OAOlC,EAAE,OAAgB,EAAE,EAAE;IACrB,MAAM,MAAM,GAAG,MAAM,mBAAmB,CAAC;QACvC,UAAU;QACV,MAAM,EAAE,OAAO,CAAC,MAAM;QACtB,UAAU,EAAE,uBAAuB,CAAC,OAAO,EAAE,OAAO,CAAC;QACrD,gBAAgB,EAAE,OAAO,CAAC,YAAY;QACtC,SAAS,EAAE,OAAO,CAAC,IAAI;QACvB,MAAM,EAAE,OAAO,CAAC,MAAM;QACtB,KAAK,EAAE,OAAO,CAAC,KAAK;QACpB,OAAO,EAAE,iBAAiB,EAAE;KAC7B,CAAC,CAAC;IACH,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;QACtC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACxB,CAAC;IACD,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;QACnB,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;QAC/B,OAAO;IACT,CAAC;IACD,OAAO,CAAC,GAAG,CAAC,WAAW,MAAM,CAAC,gBAAgB,EAAE,CAAC,CAAC;IAClD,OAAO,CAAC,GAAG,CAAC,UAAU,MAAM,CAAC,SAAS,EAAE,CAAC,CAAC;IAC1C,OAAO,CAAC,GAAG,CAAC,YAAY,MAAM,CAAC,KAAK,CAAC,OAAO,IAAI,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAC/E,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,WAAW,MAAM,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC,wCAAwC,CAAC,CAAC;IAC3G,OAAO,CAAC,GAAG,CAAC,qEAAqE,CAAC,CAAC;AACrF,CAAC,CAAC,CAAC;AAEL,MAAM,SAAS,GAAG,OAAO,CAAC,OAAO,CAAC,WAAW,CAAC;KAC3C,WAAW,CAAC,iCAAiC,CAAC,CAAC;AAElD,SAAS,CAAC,OAAO,CAAC,SAAS,CAAC;KACzB,WAAW,CAAC,qCAAqC,CAAC;KAClD,QAAQ,CAAC,QAAQ,EAAE,wCAAwC,CAAC;KAC5D,MAAM,CAAC,iBAAiB,EAAE,uBAAuB,EAAE,yBAAyB,CAAC;KAC7E,MAAM,CAAC,mBAAmB,EAAE,uBAAuB,EAAE,kBAAkB,CAAC;KACxE,MAAM,CAAC,KAAK,EAAE,IAAY,EAAE,OAA4C,EAAE,EAAE;IAC3E,IAAI,IAAI,KAAK,cAAc,EAAE,CAAC;QAC5B,MAAM,IAAI,KAAK,CAAC,qBAAqB,IAAI,IAAI,CAAC,CAAC;IACjD,CAAC;IACD,MAAM,KAAK,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACnD,OAAO,CAAC,GAAG,CAAC,eAAe,OAAO,CAAC,KAAK,OAAO,OAAO,CAAC,QAAQ,KAAK,CAAC,CAAC;IACtE,MAAM,oBAAoB,CAAC,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE,QAAQ,EAAE,OAAO,CAAC,QAAQ,EAAE,CAAC,CAAC;IACjF,OAAO,CAAC,GAAG,CAAC,sFAAsF,CAAC,CAAC;AACtG,CAAC,CAAC,CAAC;AAEL,SAAS,CAAC,OAAO,CAAC,QAAQ,CAAC;KACxB,WAAW,CAAC,iDAAiD,CAAC;KAC9D,QAAQ,CAAC,QAAQ,EAAE,2BAA2B,CAAC;KAC/C,MAAM,CAAC,KAAK,EAAE,IAAY,EAAE,EAAE;IAC7B,MAAM,MAAM,GAAG,sDAAsD,CAAC;IACtE,MAAM,SAAS,GAAG,wFAAwF,CAAC;IAC3G,MAAM,OAAO,GAAG,WAAW,CAAC,GAAG,EAAE,CAAC;IAClC,IAAI,IAAI,KAAK,WAAW,EAAE,CAAC;QACzB,MAAM,QAAQ,GAAG,IAAI,iBAAiB,EAAE,CAAC;QACzC,MAAM,YAAY,GAAG,MAAM,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QACnD,MAAM,eAAe,GAAG,MAAM,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QACzD,MAAM,OAAO,GAAG,WAAW,CAAC,GAAG,EAAE,GAAG,OAAO,CAAC;QAC5C,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC;YACzB,QAAQ,EAAE,WAAW;YACrB,MAAM,EAAE,SAAS;YACjB,MAAM,EAAE,YAAY;YACpB,SAAS,EAAE,eAAe;YAC1B,UAAU,EAAE,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;YACtC,IAAI,EAAE,YAAY,CAAC,KAAK,GAAG,eAAe,CAAC,KAAK;SACjD,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QACb,IAAI,YAAY,CAAC,KAAK,IAAI,eAAe,CAAC,KAAK;YAAE,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACtE,OAAO;IACT,CAAC;IACD,IAAI,IAAI,KAAK,cAAc,EAAE,CAAC;QAC5B,MAAM,UAAU,GAAG,OAAO,CAAC,IAAI,EAAsB,CAAC,MAAM,CAAC;QAC7D,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,UAAU,CAAC,CAAC;QAC5C,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,YAAY,CAAC,OAAO,EAAE,CAAC;YAC3C,MAAM,IAAI,KAAK,CAAC,2EAA2E,CAAC,CAAC;QAC/F,CAAC;QACD,MAAM,QAAQ,GAAG,IAAI,oBAAoB,CAAC;YACxC,KAAK,EAAE,MAAM,CAAC,SAAS,CAAC,YAAY,CAAC,KAAK;YAC1C,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,MAAM,CAAC,SAAS,CAAC,YAAY,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACvG,MAAM,EAAE,MAAM,CAAC,SAAS,CAAC,YAAY,CAAC,MAAM;SAC7C,CAAC,CAAC;QACH,MAAM,YAAY,GAAG,MAAM,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QACnD,MAAM,eAAe,GAAG,MAAM,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QACzD,MAAM,OAAO,GAAG,WAAW,CAAC,GAAG,EAAE,GAAG,OAAO,CAAC;QAC5C,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC;YACzB,QAAQ,EAAE,cAAc;YACxB,MAAM,EAAE,gBAAgB;YACxB,KAAK,EAAE,MAAM,CAAC,SAAS,CAAC,YAAY,CAAC,KAAK;YAC1C,MAAM,EAAE,MAAM,CAAC,SAAS,CAAC,YAAY,CAAC,MAAM;YAC5C,aAAa,EAAE,uCAAuC;YACtD,MAAM,EAAE,YAAY;YACpB,SAAS,EAAE,eAAe;YAC1B,UAAU,EAAE,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;YACtC,IAAI,EAAE,YAAY,CAAC,KAAK,GAAG,eAAe,CAAC,KAAK;SACjD,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QACb,IAAI,YAAY,CAAC,KAAK,IAAI,eAAe,CAAC,KAAK;YAAE,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACtE,OAAO;IACT,CAAC;IACD,MAAM,IAAI,KAAK,CAAC,qBAAqB,IAAI,IAAI,CAAC,CAAC;AACjD,CAAC,CAAC,CAAC;AAEL,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC;KACpB,WAAW,CAAC,wCAAwC,CAAC;KACrD,QAAQ,CAAC,cAAc,EAAE,gCAAgC,CAAC;KAC1D,MAAM,CAAC,KAAK,EAAE,UAAkB,EAAE,EAAE;IACnC,MAAM,UAAU,GAAG,OAAO,CAAC,IAAI,EAAsB,CAAC,MAAM,CAAC;IAC7D,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,UAAU,CAAC,CAAC;IAC5C,MAAM,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;IAC1C,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,IAAI,KAAK,CAAC,mBAAmB,UAAU,IAAI,CAAC,CAAC;IACrD,CAAC;IACD,MAAM,OAAO,GAAG,MAAM,aAAa,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;IACxD,MAAM,KAAK,GAAG,IAAI,aAAa,CAAC,EAAE,UAAU,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,CAAC,SAAS,EAAE,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;IAC7G,MAAM,KAAK,CAAC,GAAG,EAAE,CAAC;AACpB,CAAC,CAAC,CAAC;AAEL,MAAM,IAAI,GAAG,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC;KACjC,WAAW,CAAC,0CAA0C,CAAC,CAAC;AAE3D,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC;KACpB,WAAW,CAAC,6DAA6D,CAAC;KAC1E,QAAQ,CAAC,cAAc,EAAE,gCAAgC,CAAC;KAC1D,MAAM,CAAC,sBAAsB,EAAE,0BAA0B,EAAE,IAAI,CAAC;KAChE,MAAM,CAAC,KAAK,EAAE,UAAkB,EAAE,OAA4B,EAAE,EAAE;IACjE,MAAM,UAAU,GAAG,OAAO,CAAC,IAAI,EAAsB,CAAC,MAAM,CAAC;IAC7D,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,UAAU,CAAC,CAAC;IAC5C,MAAM,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;IAC1C,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,IAAI,KAAK,CAAC,mBAAmB,UAAU,IAAI,CAAC,CAAC;IACrD,CAAC;IACD,MAAM,KAAK,GAAG,MAAM,2BAA2B,CAAC,MAAM,EAAE,aAAa,CAAC,OAAO,CAAC,OAAO,CAAC,CAAc,CAAC;IACrG,MAAM,MAAM,GAAG,MAAM,IAAI,aAAa,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,YAAY,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC;IACxF,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;QAC3B,OAAO,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,MAAM,KAAK,UAAU,IAAI,KAAK,CAAC,IAAI,KAAK,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;IAC7E,CAAC;IACD,OAAO,CAAC,GAAG,CAAC,YAAY,MAAM,CAAC,MAAM,eAAe,MAAM,CAAC,QAAQ,GAAG,CAAC,CAAC;AAC1E,CAAC,CAAC,CAAC;AAEL,MAAM,KAAK,GAAG,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC;KACnC,WAAW,CAAC,mBAAmB,CAAC;KAChC,MAAM,CAAC,mBAAmB,EAAE,0CAA0C,EAAE,IAAI,CAAC;KAC7E,MAAM,CAAC,mBAAmB,EAAE,kBAAkB,CAAC;KAC/C,MAAM,CAAC,qBAAqB,EAAE,mBAAmB,CAAC;KAClD,MAAM,CAAC,mBAAmB,EAAE,kBAAkB,CAAC;KAC/C,MAAM,CAAC,eAAe,EAAE,gBAAgB,CAAC;KACzC,MAAM,CAAC,aAAa,EAAE,gBAAgB,EAAE,IAAI,CAAC;KAC7C,MAAM,CAAC,KAAK,EAAE,OAA2G,EAAE,EAAE;IAC5H,MAAM,UAAU,GAAG,OAAO,CAAC,IAAI,EAAsB,CAAC,MAAM,CAAC;IAC7D,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,UAAU,CAAC,CAAC;IAC5C,MAAM,IAAI,GAAG,IAAI,cAAc,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IACpD,MAAM,KAAK,GAOP;QACF,KAAK,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,aAAa,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QACzD,KAAK,EAAE,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC;KAC7B,CAAC;IACF,IAAI,OAAO,CAAC,MAAM;QAAE,KAAK,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAClD,IAAI,OAAO,CAAC,OAAO;QAAE,KAAK,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC;IACrD,IAAI,OAAO,CAAC,MAAM;QAAE,KAAK,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAClD,IAAI,OAAO,CAAC,IAAI;QAAE,KAAK,CAAC,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;IAC5C,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IAEvC,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACxB,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC,CAAC;QACxC,OAAO;IACT,CAAC;IAED,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;QAC3B,MAAM,IAAI,GAAG,KAAK,CAAC,YAAY,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,KAAK,CAAC,YAAY,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAC5E,MAAM,KAAK,GAAG,KAAK,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,UAAU,KAAK,CAAC,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACtF,OAAO,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,EAAE,IAAI,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,KAAK,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,IAAI,GAAG,IAAI,KAAK,CAAC,IAAI,IAAI,KAAK,CAAC,MAAM,IAAI,GAAG,GAAG,IAAI,GAAG,KAAK,EAAE,CAAC,CAAC;QAC9J,IAAI,KAAK,CAAC,MAAM,EAAE,CAAC;YACjB,OAAO,CAAC,GAAG,CAAC,KAAK,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC;QACnC,CAAC;IACH,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC;KACpB,WAAW,CAAC,mCAAmC,CAAC;KAChD,MAAM,CAAC,KAAK,IAAI,EAAE;IACjB,MAAM,UAAU,GAAG,OAAO,CAAC,IAAI,EAAsB,CAAC,MAAM,CAAC;IAC7D,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,UAAU,CAAC,CAAC;IAC5C,MAAM,MAAM,GAAG,MAAM,IAAI,cAAc,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,EAAE,KAAK,EAAE,MAAM,CAAC,gBAAgB,EAAE,CAAC,CAAC;IACtG,MAAM,MAAM,GAAG,gBAAgB,CAAC,MAAM,CAAC,CAAC;IACxC,IAAI,MAAM,CAAC,EAAE,EAAE,CAAC;QACd,MAAM,MAAM,GAAG,MAAM,CAAC,WAAW,GAAG,CAAC,CAAC,CAAC,CAAC,aAAa,MAAM,CAAC,WAAW,2BAA2B,CAAC,CAAC,CAAC,EAAE,CAAC;QACxG,OAAO,CAAC,GAAG,CAAC,mBAAmB,MAAM,CAAC,MAAM,GAAG,MAAM,CAAC,WAAW,qBAAqB,MAAM,CAAC,YAAY,cAAc,MAAM,IAAI,CAAC,CAAC;QACnI,OAAO;IACT,CAAC;IACD,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IACtD,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;AACvB,CAAC,CAAC,CAAC;AAEL,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC;KACnB,WAAW,CAAC,gDAAgD,CAAC;KAC7D,MAAM,CAAC,yBAAyB,EAAE,sBAAsB,EAAE,KAAK,CAAC;KAChE,MAAM,CAAC,KAAK,EAAE,OAA8B,EAAE,EAAE;IAC/C,MAAM,UAAU,GAAG,OAAO,CAAC,IAAI,EAAsB,CAAC,MAAM,CAAC;IAC7D,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,UAAU,CAAC,CAAC;IAC5C,MAAM,MAAM,GAAG,MAAM,IAAI,cAAc,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,aAAa,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;IAC3H,OAAO,CAAC,GAAG,CAAC,UAAU,MAAM,kBAAkB,CAAC,CAAC;AAClD,CAAC,CAAC,CAAC;AAEL,MAAM,KAAK,GAAG,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC;KACnC,WAAW,CAAC,oBAAoB,CAAC,CAAC;AAErC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC;KACnB,WAAW,CAAC,6BAA6B,CAAC;KAC1C,MAAM,CAAC,KAAK,IAAI,EAAE;IACjB,MAAM,UAAU,GAAG,OAAO,CAAC,IAAI,EAAsB,CAAC,MAAM,CAAC;IAC7D,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,UAAU,CAAC,CAAC;IAC5C,MAAM,KAAK,GAAG,IAAI,gBAAgB,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,EAAE;QACtD,KAAK,EAAE,MAAM,CAAC,KAAK,CAAC,KAAK;QACzB,SAAS,EAAE,MAAM,CAAC,KAAK,CAAC,SAAS;QACjC,OAAO,EAAE,MAAM,CAAC,KAAK,CAAC,OAAO;QAC7B,KAAK,EAAE,MAAM,CAAC,KAAK,CAAC,KAAK;QACzB,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KAC/E,CAAC,CAAC;IACH,MAAM,MAAM,GAAG,KAAK,CAAC,YAAY,EAAE,CAAC;IACpC,KAAK,CAAC,KAAK,EAAE,CAAC;IACd,OAAO,CAAC,GAAG,CAAC,UAAU,MAAM,mBAAmB,CAAC,CAAC;AACnD,CAAC,CAAC,CAAC;AAEL,OAAO,CAAC,OAAO,CAAC,QAAQ,CAAC;KACtB,WAAW,CAAC,uCAAuC,CAAC;KACpD,MAAM,CAAC,KAAK,IAAI,EAAE;IACjB,MAAM,UAAU,GAAG,OAAO,CAAC,IAAI,EAAsB,CAAC,MAAM,CAAC;IAC7D,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,UAAU,CAAC,CAAC;IAC5C,OAAO,CAAC,GAAG,CAAC,WAAW,OAAO,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC;IAC9C,OAAO,CAAC,GAAG,CAAC,WAAW,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;IACxC,OAAO,CAAC,GAAG,CAAC,aAAa,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC;IAC5C,OAAO,CAAC,GAAG,CAAC,gBAAgB,MAAM,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC,CAAC;IAClD,KAAK,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC;QAC5D,OAAO,CAAC,GAAG,CAAC,UAAU,IAAI,KAAK,MAAM,CAAC,OAAO,IAAI,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,WAAW,MAAM,CAAC,KAAK,GAAG,CAAC,CAAC;IACpG,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,OAAO,CAAC,UAAU,EAAE,CAAC,KAAK,CAAC,CAAC,KAAc,EAAE,EAAE;IAC5C,OAAO,CAAC,KAAK,CAAC,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;IACtE,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;AACvB,CAAC,CAAC,CAAC;AAEH,KAAK,UAAU,cAAc,CAAC,IAAY,EAAE,OAAe,EAAE,KAAc;IACzE,IAAI,CAAC,KAAK,IAAI,MAAM,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;QACjC,OAAO,CAAC,GAAG,CAAC,oBAAoB,IAAI,EAAE,CAAC,CAAC;QACxC,OAAO;IACT,CAAC;IACD,MAAM,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAChD,MAAM,SAAS,CAAC,IAAI,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;IACvC,OAAO,CAAC,GAAG,CAAC,SAAS,IAAI,EAAE,CAAC,CAAC;AAC/B,CAAC;AAED,KAAK,UAAU,MAAM,CAAC,IAAY;IAChC,IAAI,CAAC;QACH,MAAM,IAAI,CAAC,IAAI,CAAC,CAAC;QACjB,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAK,KAA+B,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YACvD,OAAO,KAAK,CAAC;QACf,CAAC;QACD,MAAM,KAAK,CAAC;IACd,CAAC;AACH,CAAC"}
@@ -1,3 +1,3 @@
1
- export declare const DEFAULT_CONFIG = "stateDir: .palizade\npolicy: policies/default.yaml\nlockfile: palizade.lock\n\naudit:\n jsonl: .palizade/audit.jsonl\n sqlite: .palizade/audit.sqlite\n captureRawPayloads: false\n\napprovals:\n mode: localhost\n timeoutMs: 30000\n default: deny\n\ndetectors:\n heuristic: true\n promptGuard2:\n enabled: false\n model: sinatras/Llama-Prompt-Guard-2-86M-ONNX\n cacheDir: .palizade/models\n device: cpu\n\ntransport:\n maxMessageBytes: 67108864\n maxBufferedBytes: 67108864\n allowBatches: false\n allowContentLength: false\n\ntaint:\n sqlite: .palizade/taint.sqlite\n keyPath: .palizade/taint.key\n scope: profile\n profileId: default\n ttlMs: 86400000\n suspiciousScore: 0.35\n fuzzyHammingMax: 7\n temporal:\n enabled: true\n turns: 3\n ttlMs: 300000\n detectorScoreGte: 0.55\n\nservers:\n toy:\n command: node\n args:\n - examples/toy-mcp-server/server.mjs\n trust: untrusted\n toolClasses:\n read_web: source\n send_email: sink\n echo: pure\n filesystem:\n command: node\n args:\n - node_modules/@modelcontextprotocol/server-filesystem/dist/index.js\n - .\n trust: semi\n toolClasses:\n read_file: source\n read_text_file: source\n read_media_file: source\n read_multiple_files: source\n list_directory: source\n list_directory_with_sizes: source\n directory_tree: source\n search_files: source\n get_file_info: source\n list_allowed_directories: source\n write_file: sink\n edit_file: sink\n create_directory: sink\n move_file: sink\n";
2
- export declare const DEFAULT_POLICY = "version: 1\ndefaults:\n action: allow\n on_error: block\n\nrules:\n - id: deny-server-sampling\n name: Deny server-initiated model access\n when:\n direction: request\n method: sampling/createMessage\n action: block\n reason: MCP server attempted to access the model through sampling.\n\n - id: block-poisoned-tool-metadata\n name: Block poisoned tool metadata\n when:\n direction: response\n method: tools/list\n detector_score_gte: 0.75\n action: block\n reason: Tool metadata looks like prompt injection or tool poisoning.\n\n - id: block-untrusted-unknown-tool\n name: Block unknown tools on untrusted servers\n when:\n direction: request\n method: tools/call\n trust: untrusted\n tool_class: unknown\n action: block\n reason: Unknown tools on untrusted servers must be classified explicitly.\n\n - id: approve-semi-unknown-tool\n name: Require approval for unknown tools on semi-trusted servers\n when:\n direction: request\n method: tools/call\n trust: semi\n tool_class: unknown\n action: require_approval\n reason: Unknown tools on semi-trusted servers require approval.\n\n - id: log-trusted-unknown-tool\n name: Audit unknown tools on trusted servers\n when:\n direction: request\n method: tools/call\n trust: trusted\n tool_class: unknown\n action: log_only\n reason: Unknown tool on trusted server allowed with audit logging.\n\n - id: log-unapproved-tool-metadata\n name: Surface tool lock drift\n when:\n direction: response\n method: tools/list\n lock_status:\n - missing\n - new\n - changed\n action: log_only\n reason: Tool metadata is not approved in palizade.lock.\n\n - id: sanitize-suspicious-untrusted-output\n name: Spotlight suspicious untrusted output\n when:\n direction: response\n method: tools/call\n trust: untrusted\n detector_score_gte: 0.35\n action: sanitize\n reason: Untrusted tool output contains injection-like signals.\n\n - id: sanitize-suspicious-resource-content\n name: Spotlight suspicious resource content\n when:\n direction: response\n method:\n - resources/read\n - prompts/get\n detector_score_gte: 0.35\n action: sanitize\n reason: Resource or prompt content contains injection-like signals.\n\n - id: block-tainted-sink\n name: Block tainted content entering sinks\n when:\n direction: request\n method: tools/call\n tool_class: sink\n taint: true\n action: block\n reason: Tainted content is flowing into a sink tool.\n\n - id: block-tainted-egress-destination\n name: Block tainted outbound destinations\n when:\n direction: request\n method: tools/call\n capabilities_any:\n - network_egress\n - sends_message\n tainted_argument_role_any:\n - url\n - hostname\n - email_recipient\n - http_query\n action: block\n reason: Tainted content is being used as an outbound destination or query parameter.\n\n - id: require-approval-temporal-taint-sink\n name: Require approval during temporal taint\n when:\n direction: request\n method: tools/call\n tool_class: sink\n temporal_taint: true\n action: require_approval\n reason: Recent suspicious untrusted content makes sink calls risky.\n";
1
+ export declare const DEFAULT_CONFIG = "stateDir: .palizade\npolicy: policies/default.yaml\nlockfile: palizade.lock\n\naudit:\n jsonl: .palizade/audit.jsonl\n sqlite: .palizade/audit.sqlite\n captureRawPayloads: false\n errorVerbosity: true\n\napprovals:\n mode: localhost\n timeoutMs: 30000\n default: deny\n\ndetectors:\n heuristic: true\n promptGuard2:\n enabled: false\n model: sinatras/Llama-Prompt-Guard-2-86M-ONNX\n cacheDir: .palizade/models\n device: cpu\n secrets:\n enabled: false\n pii:\n enabled: false\n\negress:\n allowlist:\n hosts: []\n emails: []\n\ntransport:\n maxMessageBytes: 67108864\n maxBufferedBytes: 67108864\n allowBatches: false\n allowContentLength: false\n\ntaint:\n sqlite: .palizade/taint.sqlite\n keyPath: .palizade/taint.key\n scope: profile\n profileId: default\n ttlMs: 86400000\n suspiciousScore: 0.35\n fuzzyHammingMax: 7\n temporal:\n enabled: true\n turns: 3\n ttlMs: 300000\n detectorScoreGte: 0.55\n\nservers:\n toy:\n command: node\n args:\n - examples/toy-mcp-server/server.mjs\n trust: untrusted\n toolClasses:\n read_web: source\n send_email: sink\n echo: pure\n sensitive: false\n sensitiveTools: {}\n sensitivePathPatterns: []\n filesystem:\n command: node\n args:\n - node_modules/@modelcontextprotocol/server-filesystem/dist/index.js\n - .\n trust: semi\n toolClasses:\n read_file: source\n read_text_file: source\n read_media_file: source\n read_multiple_files: source\n list_directory: source\n list_directory_with_sizes: source\n directory_tree: source\n search_files: source\n get_file_info: source\n list_allowed_directories: source\n write_file: sink\n edit_file: sink\n create_directory: sink\n move_file: sink\n sensitive: false\n sensitiveTools: {}\n sensitivePathPatterns: []\n";
2
+ export declare const DEFAULT_POLICY = "version: 1\ndefaults:\n action: allow\n on_error: block\n\nrules:\n - id: deny-server-sampling\n name: Deny server-initiated model access\n when:\n direction: request\n method: sampling/createMessage\n action: block\n reason: MCP server attempted to access the model through sampling.\n\n - id: block-poisoned-tool-metadata\n name: Block poisoned tool metadata\n when:\n direction: response\n method: tools/list\n detector_score_gte: 0.75\n action: block\n reason: Tool metadata looks like prompt injection or tool poisoning.\n\n - id: block-untrusted-unknown-tool\n name: Block unknown tools on untrusted servers\n when:\n direction: request\n method: tools/call\n trust: untrusted\n tool_class: unknown\n action: block\n reason: Unknown tools on untrusted servers must be classified explicitly.\n\n - id: approve-semi-unknown-tool\n name: Require approval for unknown tools on semi-trusted servers\n when:\n direction: request\n method: tools/call\n trust: semi\n tool_class: unknown\n action: require_approval\n reason: Unknown tools on semi-trusted servers require approval.\n\n - id: log-trusted-unknown-tool\n name: Audit unknown tools on trusted servers\n when:\n direction: request\n method: tools/call\n trust: trusted\n tool_class: unknown\n action: log_only\n reason: Unknown tool on trusted server allowed with audit logging.\n\n - id: log-unapproved-tool-metadata\n name: Surface tool lock drift\n when:\n direction: response\n method: tools/list\n lock_status:\n - missing\n - new\n - changed\n action: log_only\n reason: Tool metadata is not approved in palizade.lock.\n\n - id: sanitize-suspicious-untrusted-output\n name: Spotlight suspicious untrusted output\n when:\n direction: response\n method: tools/call\n detector_score_gte: 0.35\n action: sanitize\n reason: Untrusted tool output contains injection-like signals.\n\n - id: sanitize-suspicious-resource-content\n name: Spotlight suspicious resource content\n when:\n direction: response\n method:\n - resources/read\n - prompts/get\n detector_score_gte: 0.35\n action: sanitize\n reason: Resource or prompt content contains injection-like signals.\n\n - id: sanitize-strong-injection-any-trust\n name: Spotlight strong injection signals regardless of trust\n when:\n direction: response\n method: tools/call\n detector_score_gte: 0.75\n action: sanitize\n reason: Strong injection signal in tool output.\n\n - id: block-tainted-sink\n name: Block tainted content entering sinks\n when:\n direction: request\n method: tools/call\n tool_class: sink\n taint: true\n action: block\n reason: Tainted content is flowing into a sink tool.\n\n - id: block-tainted-egress-destination\n name: Block tainted outbound destinations\n when:\n direction: request\n method: tools/call\n capabilities_any:\n - network_egress\n - sends_message\n tainted_argument_role_any:\n - url\n - hostname\n - email_recipient\n - http_query\n action: block\n reason: Tainted content is being used as an outbound destination or query parameter.\n\n - id: require-approval-temporal-taint-sink\n name: Require approval during temporal taint\n when:\n direction: request\n method: tools/call\n tool_class: sink\n temporal_taint: true\n action: require_approval\n reason: Recent suspicious untrusted content makes sink calls risky.\n";
3
3
  //# sourceMappingURL=templates.d.ts.map
@@ -1 +1 @@
1
- {"version":3,"file":"templates.d.ts","sourceRoot":"","sources":["../src/templates.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,cAAc,6kDAyE1B,CAAC;AAEF,eAAO,MAAM,cAAc,k4GAyH1B,CAAC"}
1
+ {"version":3,"file":"templates.d.ts","sourceRoot":"","sources":["../src/templates.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,cAAc,m3DAyF1B,CAAC;AAEF,eAAO,MAAM,cAAc,soHAiI1B,CAAC"}
package/dist/templates.js CHANGED
@@ -6,6 +6,7 @@ audit:
6
6
  jsonl: .palizade/audit.jsonl
7
7
  sqlite: .palizade/audit.sqlite
8
8
  captureRawPayloads: false
9
+ errorVerbosity: true
9
10
 
10
11
  approvals:
11
12
  mode: localhost
@@ -19,6 +20,15 @@ detectors:
19
20
  model: sinatras/Llama-Prompt-Guard-2-86M-ONNX
20
21
  cacheDir: .palizade/models
21
22
  device: cpu
23
+ secrets:
24
+ enabled: false
25
+ pii:
26
+ enabled: false
27
+
28
+ egress:
29
+ allowlist:
30
+ hosts: []
31
+ emails: []
22
32
 
23
33
  transport:
24
34
  maxMessageBytes: 67108864
@@ -50,6 +60,9 @@ servers:
50
60
  read_web: source
51
61
  send_email: sink
52
62
  echo: pure
63
+ sensitive: false
64
+ sensitiveTools: {}
65
+ sensitivePathPatterns: []
53
66
  filesystem:
54
67
  command: node
55
68
  args:
@@ -71,6 +84,9 @@ servers:
71
84
  edit_file: sink
72
85
  create_directory: sink
73
86
  move_file: sink
87
+ sensitive: false
88
+ sensitiveTools: {}
89
+ sensitivePathPatterns: []
74
90
  `;
75
91
  export const DEFAULT_POLICY = `version: 1
76
92
  defaults:
@@ -142,7 +158,6 @@ rules:
142
158
  when:
143
159
  direction: response
144
160
  method: tools/call
145
- trust: untrusted
146
161
  detector_score_gte: 0.35
147
162
  action: sanitize
148
163
  reason: Untrusted tool output contains injection-like signals.
@@ -158,6 +173,15 @@ rules:
158
173
  action: sanitize
159
174
  reason: Resource or prompt content contains injection-like signals.
160
175
 
176
+ - id: sanitize-strong-injection-any-trust
177
+ name: Spotlight strong injection signals regardless of trust
178
+ when:
179
+ direction: response
180
+ method: tools/call
181
+ detector_score_gte: 0.75
182
+ action: sanitize
183
+ reason: Strong injection signal in tool output.
184
+
161
185
  - id: block-tainted-sink
162
186
  name: Block tainted content entering sinks
163
187
  when:
@@ -1 +1 @@
1
- {"version":3,"file":"templates.js","sourceRoot":"","sources":["../src/templates.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,MAAM,cAAc,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAyE7B,CAAC;AAEF,MAAM,CAAC,MAAM,cAAc,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAyH7B,CAAC"}
1
+ {"version":3,"file":"templates.js","sourceRoot":"","sources":["../src/templates.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,MAAM,cAAc,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAyF7B,CAAC;AAEF,MAAM,CAAC,MAAM,cAAc,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAiI7B,CAAC"}
package/package.json CHANGED
@@ -1,56 +1,56 @@
1
- {
2
- "name": "palizade",
3
- "version": "0.1.2",
4
- "description": "MCP-native prompt-injection firewall and security proxy.",
5
- "license": "Apache-2.0",
6
- "type": "module",
7
- "bin": {
8
- "palizade": "dist/index.cjs"
9
- },
10
- "files": [
11
- "dist",
12
- "README.md"
13
- ],
14
- "keywords": [
15
- "mcp",
16
- "security",
17
- "prompt-injection",
18
- "proxy",
19
- "taint"
20
- ],
21
- "homepage": "https://github.com/hunar2006/palizade#readme",
22
- "bugs": {
23
- "url": "https://github.com/hunar2006/palizade/issues"
24
- },
25
- "repository": {
26
- "type": "git",
27
- "url": "git+https://github.com/hunar2006/palizade.git",
28
- "directory": "packages/cli"
29
- },
30
- "publishConfig": {
31
- "access": "public"
32
- },
33
- "main": "dist/index.cjs",
34
- "types": "dist/index.d.ts",
35
- "exports": {
36
- ".": "./dist/index.cjs"
37
- },
38
- "scripts": {
39
- "build": "tsc -b && pnpm run bundle",
40
- "bundle": "esbuild src/index.ts --bundle --platform=node --format=cjs --external:@huggingface/transformers --outfile=dist/index.cjs",
41
- "test": "vitest run"
42
- },
43
- "dependencies": {
44
- "@huggingface/transformers": "^4.2.0",
45
- "commander": "^14.0.2",
46
- "yaml": "^2.8.2"
47
- },
48
- "devDependencies": {
49
- "@palizade/approvals": "workspace:*",
50
- "@palizade/audit": "workspace:*",
51
- "@palizade/core": "workspace:*",
52
- "@palizade/detectors": "workspace:*",
53
- "@palizade/policy": "workspace:*",
54
- "@palizade/taint": "workspace:*"
55
- }
56
- }
1
+ {
2
+ "name": "palizade",
3
+ "version": "0.2.2",
4
+ "description": "MCP-native prompt-injection firewall and security proxy.",
5
+ "license": "Apache-2.0",
6
+ "type": "module",
7
+ "bin": {
8
+ "palizade": "dist/index.cjs"
9
+ },
10
+ "files": [
11
+ "dist",
12
+ "README.md"
13
+ ],
14
+ "keywords": [
15
+ "mcp",
16
+ "security",
17
+ "prompt-injection",
18
+ "proxy",
19
+ "taint"
20
+ ],
21
+ "homepage": "https://github.com/hunar2006/palizade#readme",
22
+ "bugs": {
23
+ "url": "https://github.com/hunar2006/palizade/issues"
24
+ },
25
+ "repository": {
26
+ "type": "git",
27
+ "url": "git+https://github.com/hunar2006/palizade.git",
28
+ "directory": "packages/cli"
29
+ },
30
+ "publishConfig": {
31
+ "access": "public"
32
+ },
33
+ "main": "dist/index.cjs",
34
+ "types": "dist/index.d.ts",
35
+ "exports": {
36
+ ".": "./dist/index.cjs"
37
+ },
38
+ "scripts": {
39
+ "build": "tsc -b && pnpm run bundle",
40
+ "bundle": "node build.mjs",
41
+ "test": "vitest run"
42
+ },
43
+ "dependencies": {
44
+ "@huggingface/transformers": "^4.2.0",
45
+ "commander": "^14.0.2",
46
+ "yaml": "^2.8.2"
47
+ },
48
+ "devDependencies": {
49
+ "@palizade/approvals": "workspace:*",
50
+ "@palizade/audit": "workspace:*",
51
+ "@palizade/core": "workspace:*",
52
+ "@palizade/detectors": "workspace:*",
53
+ "@palizade/policy": "workspace:*",
54
+ "@palizade/taint": "workspace:*"
55
+ }
56
+ }