securityclaw 0.0.1

package/src/domain/services/formatting_service.ts

@@ -0,0 +1,101 @@
+import type { ResourceScope } from "../../types.ts";
+import type { SecurityClawLocale } from "../../i18n/locale.ts";
+import { pickLocalized } from "../../i18n/locale.ts";
+
+export class FormattingService {
+  static summarizeForLog(value: unknown, maxLength: number): string {
+    try {
+      const text = JSON.stringify(value);
+      if (text === undefined) {
+        return String(value);
+      }
+      if (text.length <= maxLength) {
+        return text;
+      }
+      return `${text.slice(0, maxLength)}...(truncated)`;
+    } catch {
+      return "[unserializable]";
+    }
+  }
+
+  static formatToolBlockReason(
+    toolName: string,
+    scope: string,
+    traceId: string,
+    decision: "challenge" | "block",
+    decisionSource: string,
+    resourceScope: ResourceScope,
+    reasonCodes: string[],
+    rules: string,
+    locale: SecurityClawLocale = "en",
+  ): string {
+    const reasons = reasonCodes.join(", ");
+    const resourceLabel = FormattingService.formatResourceScopeLabel(resourceScope, locale);
+    const lines = [
+      pickLocalized(
+        locale,
+        decision === "challenge" ? "SecurityClaw 需要审批" : "SecurityClaw 已阻止此操作",
+        decision === "challenge" ? "SecurityClaw Approval Required" : "SecurityClaw Blocked",
+      ),
+      `${pickLocalized(locale, "工具", "Tool")}: ${toolName}`,
+      `${pickLocalized(locale, "范围", "Scope")}: ${scope}`,
+      `${pickLocalized(locale, "资源", "Resource")}: ${resourceLabel} (${resourceScope})`,
+      `${pickLocalized(locale, "来源", "Source")}: ${decisionSource}`,
+      `${pickLocalized(locale, "原因", "Reason")}: ${reasons || pickLocalized(locale, "策略要求复核", "Policy review required")}`,
+      ...(rules && rules !== "-" ? [`${pickLocalized(locale, "规则", "Policy")}: ${rules}`] : []),
+      `${pickLocalized(
+        locale,
+        "处理",
+        "Action",
+      )}: ${pickLocalized(
+        locale,
+        decision === "challenge" ? "联系管理员审批后重试" : "联系安全管理员调整策略",
+        decision === "challenge" ? "Contact an admin to approve and retry" : "Contact a security admin to adjust policy",
+      )}`,
+      `${pickLocalized(locale, "追踪", "Trace")}: ${traceId}`,
+    ];
+    return lines.join("\n");
+  }
+
+  private static formatResourceScopeLabel(scope: ResourceScope, locale: SecurityClawLocale): string {
+    if (scope === "workspace_inside") {
+      return pickLocalized(locale, "工作区内", "Inside workspace");
+    }
+    if (scope === "workspace_outside") {
+      return pickLocalized(locale, "工作区外", "Outside workspace");
+    }
+    if (scope === "system") {
+      return pickLocalized(locale, "系统目录", "System directory");
+    }
+    return pickLocalized(locale, "无路径", "No path");
+  }
+
+  static normalizeToolName(rawToolName: string): string {
+    const tool = rawToolName.trim().toLowerCase();
+    if (tool === "exec" || tool === "shell" || tool === "shell_exec") {
+      return "shell.exec";
+    }
+    if (tool === "fs.list" || tool === "file.list") {
+      return "filesystem.list";
+    }
+    return rawToolName;
+  }
+
+  static matchedRuleIds(matches: Array<{ rule: { rule_id: string } }>): string {
+    if (matches.length === 0) {
+      return "-";
+    }
+    return matches.map((match) => match.rule.rule_id).join(",");
+  }
+
+  static findingsToText(findings: Array<{ pattern_name: string; path: string }>): string {
+    return findings.map((finding) => `${finding.pattern_name}@${finding.path}`).join(", ");
+  }
+
+  static resolveScope(ctx: { workspaceDir?: string; channelId?: string }): string {
+    if (ctx.workspaceDir) {
+      return ctx.workspaceDir.split("/").pop() || "default";
+    }
+    return ctx.channelId ?? "default";
+  }
+}

package/src/domain/services/path_candidate_inference.ts

@@ -0,0 +1,111 @@
+import os from "node:os";
+import path from "node:path";
+
+const HOME_DIR = os.homedir();
+const SHELL_TOKEN_PATTERN = /"[^"]*"|'[^']*'|`[^`]*`|[^\s]+/g;
+const SHELL_PATH_HINT_PATTERN = /(?:~\/?|\/|\.\/|\.\.\/|\$\{?[A-Za-z_][A-Za-z0-9_]*\}?)/;
+const LEADING_ENV_PATH_PATTERN =
+  /^(?:\$(?<bare>[A-Za-z_][A-Za-z0-9_]*)|\$\{(?<braced>[A-Za-z_][A-Za-z0-9_]*)\})(?<suffix>(?:\/.*)?)$/;
+
+function stripShellQuotes(value: string): string {
+  return value.trim().replace(/^["'`]+|["'`]+$/g, "");
+}
+
+function isLeadingEnvironmentPath(value: string): boolean {
+  return LEADING_ENV_PATH_PATTERN.test(value);
+}
+
+function extractPathCandidateFromToken(token: string): string | undefined {
+  const unquoted = stripShellQuotes(token);
+  if (!unquoted) {
+    return undefined;
+  }
+
+  if (isPathLikeCandidate(unquoted)) {
+    return unquoted;
+  }
+
+  const assignmentIndex = unquoted.indexOf("=");
+  if (assignmentIndex <= 0) {
+    return undefined;
+  }
+
+  const suffix = stripShellQuotes(unquoted.slice(assignmentIndex + 1));
+  return isPathLikeCandidate(suffix) ? suffix : undefined;
+}
+
+function expandLeadingEnvironmentPath(candidate: string): string {
+  if (candidate === "~") {
+    return HOME_DIR;
+  }
+  if (candidate.startsWith("~/")) {
+    return path.join(HOME_DIR, candidate.slice(2));
+  }
+
+  const match = candidate.match(LEADING_ENV_PATH_PATTERN);
+  if (!match) {
+    return candidate;
+  }
+
+  const variableName = match.groups?.bare ?? match.groups?.braced;
+  if (!variableName) {
+    return candidate;
+  }
+
+  const resolvedRoot = process.env[variableName] ?? (variableName === "HOME" ? HOME_DIR : undefined);
+  if (!resolvedRoot) {
+    return candidate;
+  }
+
+  const suffix = match.groups?.suffix ?? "";
+  if (!suffix) {
+    return resolvedRoot;
+  }
+
+  return path.join(resolvedRoot, suffix.slice(1));
+}
+
+export function isPathLikeCandidate(value: string): boolean {
+  const trimmed = value.trim();
+  return (
+    trimmed === "~" ||
+    trimmed.startsWith("/") ||
+    trimmed.startsWith("~/") ||
+    trimmed.startsWith("./") ||
+    trimmed.startsWith("../") ||
+    isLeadingEnvironmentPath(trimmed)
+  );
+}
+
+export function hasEmbeddedPathHint(value: string): boolean {
+  return SHELL_PATH_HINT_PATTERN.test(value);
+}
+
+export function extractEmbeddedPathCandidates(value: string): string[] {
+  const tokens = value.match(SHELL_TOKEN_PATTERN) ?? [];
+  const results: string[] = [];
+
+  for (const token of tokens) {
+    const candidate = extractPathCandidateFromToken(token);
+    if (candidate) {
+      results.push(candidate);
+    }
+  }
+
+  return results;
+}
+
+export function resolvePathCandidate(candidate: string, workspaceDir?: string): string | undefined {
+  if (!candidate) {
+    return undefined;
+  }
+
+  const normalized = path.normalize(expandLeadingEnvironmentPath(stripShellQuotes(candidate)));
+  if (path.isAbsolute(normalized)) {
+    return normalized;
+  }
+  if (!workspaceDir) {
+    return undefined;
+  }
+  return path.normalize(path.resolve(workspaceDir, normalized));
+}

package/src/domain/services/sensitive_path_registry.ts

@@ -0,0 +1,288 @@
+import type {
+  SensitivePathConfig,
+  SensitivePathMatchType,
+  SensitivePathRule,
+  SensitivePathSource,
+  SensitivePathStrategyOverride,
+} from "../../types.ts";
+
+const VALID_MATCH_TYPES = new Set<SensitivePathMatchType>(["prefix", "glob", "regex"]);
+
+function builtinRule(
+  id: string,
+  assetLabel: string,
+  matchType: SensitivePathMatchType,
+  pattern: string,
+): SensitivePathRule {
+  return {
+    id,
+    asset_label: assetLabel,
+    match_type: matchType,
+    pattern,
+    source: "builtin",
+  };
+}
+
+const BUILTIN_SENSITIVE_PATH_RULES: SensitivePathRule[] = [
+  builtinRule("credential-env-files", "credential", "regex", "(?:^|/)\\.env(?:\\.[^/\\s]+)?(?:$|/)"),
+  builtinRule("credential-package-config-npmrc", "credential", "regex", "(?:^|/)\\.npmrc(?:$|/)"),
+  builtinRule("credential-package-config-pypirc", "credential", "regex", "(?:^|/)\\.pypirc(?:$|/)"),
+  builtinRule("credential-netrc", "credential", "regex", "(?:^|/)\\.netrc(?:$|/)"),
+  builtinRule("credential-ssh-directory", "credential", "regex", "(?:^|/)\\.ssh(?:/|$)"),
+  builtinRule("credential-gnupg-directory", "credential", "regex", "(?:^|/)\\.gnupg(?:/|$)"),
+  builtinRule("credential-kube-directory", "credential", "regex", "(?:^|/)(?:\\.kube|kubeconfig)(?:$|/)"),
+  builtinRule("credential-cloud-aws-directory", "credential", "regex", "(?:^|/)\\.aws(?:/|$)"),
+  builtinRule("credential-cloud-azure-directory", "credential", "regex", "(?:^|/)\\.azure(?:/|$)"),
+  builtinRule("credential-docker-directory", "credential", "regex", "(?:^|/)\\.docker(?:/|$)"),
+  builtinRule("credential-gcloud-directory", "credential", "regex", "(?:^|/)\\.config/gcloud(?:/|$)"),
+  builtinRule("credential-gh-directory", "credential", "regex", "(?:^|/)\\.config/gh(?:/|$)"),
+  builtinRule("credential-aws-file", "credential", "regex", "(?:^|/)aws/credentials(?:$|/)"),
+  builtinRule("credential-ssh-key-files", "credential", "regex", "(?:^|/)id_(?:rsa|ed25519|ecdsa|dsa)(?:\\.pub)?(?:$|/)"),
+  builtinRule("credential-known-host-files", "credential", "regex", "(?:^|/)(?:authorized_keys|known_hosts)(?:$|/)"),
+  builtinRule("credential-key-material-files", "credential", "regex", "(?:^|/)[^/\\s]+\\.(?:pem|p12|pfx|key)(?:$|/)"),
+  builtinRule("credential-client-secret-json", "credential", "regex", "(?:^|/)client_secret[^/\\s]*\\.json(?:$|/)"),
+
+  builtinRule("download-staging-downloads-directory", "download_staging", "regex", "(?:^|/)downloads(?:/|$)"),
+
+  builtinRule(
+    "personal-content-home-folders",
+    "personal_content",
+    "regex",
+    "(?:^|/)(?:users|home)/[^/]+/(?:desktop|documents|downloads|music|pictures|movies|videos|public)(?:/|$)",
+  ),
+  builtinRule(
+    "personal-content-mounted-home-folders",
+    "personal_content",
+    "regex",
+    "(?:^|/)mnt/[a-z]/users/[^/]+/(?:desktop|documents|downloads|music|pictures|videos|public)(?:/|$)",
+  ),
+  builtinRule(
+    "personal-content-icloud-mobile-documents",
+    "personal_content",
+    "regex",
+    "(?:^|/)library/mobile documents(?:/|$)",
+  ),
+  builtinRule(
+    "personal-content-cloudstorage",
+    "personal_content",
+    "regex",
+    "(?:^|/)library/cloudstorage(?:/|$)",
+  ),
+
+  builtinRule(
+    "browser-profile-macos-chromium-family",
+    "browser_profile",
+    "regex",
+    "(?:^|/)library/application support/(?:google/chrome|chromium|bravesoftware/brave-browser|microsoft edge|vivaldi|arc/user data)(?:/|$)",
+  ),
+  builtinRule(
+    "browser-profile-linux-chromium-family",
+    "browser_profile",
+    "regex",
+    "(?:^|/)\\.config/(?:google-chrome|chromium|bravesoftware/brave-browser|microsoft-edge|vivaldi)(?:/|$)",
+  ),
+  builtinRule("browser-profile-firefox-linux", "browser_profile", "regex", "(?:^|/)\\.mozilla/firefox(?:/|$)"),
+  builtinRule("browser-profile-firefox-macos", "browser_profile", "regex", "(?:^|/)library/application support/firefox(?:/|$)"),
+  builtinRule("browser-profile-safari", "browser_profile", "regex", "(?:^|/)library/safari(?:/|$)"),
+  builtinRule(
+    "browser-profile-safari-container",
+    "browser_profile",
+    "regex",
+    "(?:^|/)library/containers/com\\.apple\\.safari(?:/|$)",
+  ),
+
+  builtinRule(
+    "browser-secret-store-files",
+    "browser_secret_store",
+    "regex",
+    "(?:^|/)(?:cookies(?:-journal)?|login data(?: for account)?|web data|history(?:-journal)?|top sites|shortcuts|visited links|favicons|places\\.sqlite|cookies\\.sqlite|formhistory\\.sqlite|key4\\.db|key3\\.db|logins\\.json|cookies\\.binarycookies|webpageicons\\.db)(?:$|/)",
+  ),
+
+  builtinRule("communication-store-messages", "communication_store", "regex", "(?:^|/)library/messages(?:/|$)"),
+  builtinRule("communication-store-mail", "communication_store", "regex", "(?:^|/)library/mail(?:/|$)"),
+  builtinRule("communication-store-thunderbird", "communication_store", "regex", "(?:^|/)\\.thunderbird(?:/|$)"),
+  builtinRule("communication-store-linux-mail", "communication_store", "regex", "(?:^|/)\\.local/share/(?:evolution|mail)(?:/|$)"),
+];
+const BUILTIN_SENSITIVE_PATH_RULE_ID_SET = new Set(BUILTIN_SENSITIVE_PATH_RULES.map((rule) => rule.id));
+
+function trimmedString(value: unknown): string | undefined {
+  if (typeof value !== "string") {
+    return undefined;
+  }
+  const trimmed = value.trim();
+  return trimmed || undefined;
+}
+
+function sortRules(rules: SensitivePathRule[]): SensitivePathRule[] {
+  return [...rules].sort((left, right) => {
+    const bySource = String(left.source ?? "custom").localeCompare(String(right.source ?? "custom"));
+    if (bySource !== 0) {
+      return bySource;
+    }
+    const byLabel = left.asset_label.localeCompare(right.asset_label);
+    if (byLabel !== 0) {
+      return byLabel;
+    }
+    const byType = left.match_type.localeCompare(right.match_type);
+    if (byType !== 0) {
+      return byType;
+    }
+    return left.id.localeCompare(right.id);
+  });
+}
+
+function dedupeRules(rules: SensitivePathRule[]): SensitivePathRule[] {
+  const map = new Map<string, SensitivePathRule>();
+  rules.forEach((rule) => {
+    map.set(rule.id, rule);
+  });
+  return sortRules(Array.from(map.values()));
+}
+
+function isValidRulePattern(matchType: SensitivePathMatchType, pattern: string): boolean {
+  if (matchType !== "regex") {
+    return true;
+  }
+  try {
+    // Validate custom regex syntax upfront to avoid silently storing dead rules.
+    new RegExp(pattern, "i");
+    return true;
+  } catch {
+    return false;
+  }
+}
+
+export function cloneSensitivePathRule(rule: SensitivePathRule): SensitivePathRule {
+  return { ...rule };
+}
+
+export function cloneSensitivePathRules(rules: SensitivePathRule[]): SensitivePathRule[] {
+  return rules.map((rule) => cloneSensitivePathRule(rule));
+}
+
+export function normalizeSensitivePathRule(
+  value: unknown,
+  fallbackSource: SensitivePathSource,
+): SensitivePathRule | undefined {
+  if (!value || typeof value !== "object" || Array.isArray(value)) {
+    return undefined;
+  }
+
+  const record = value as Record<string, unknown>;
+  const id = trimmedString(record.id);
+  const assetLabel = trimmedString(record.asset_label);
+  const matchType = trimmedString(record.match_type) as SensitivePathMatchType | undefined;
+  const pattern = trimmedString(record.pattern);
+  const source = trimmedString(record.source) as SensitivePathSource | undefined;
+
+  if (!id || !assetLabel || !matchType || !pattern || !VALID_MATCH_TYPES.has(matchType)) {
+    return undefined;
+  }
+  if (!isValidRulePattern(matchType, pattern)) {
+    return undefined;
+  }
+
+  return {
+    id,
+    asset_label: assetLabel,
+    match_type: matchType,
+    pattern,
+    source: source === "builtin" || source === "custom" ? source : fallbackSource,
+  };
+}
+
+export function normalizeSensitivePathRules(
+  value: unknown,
+  fallbackSource: SensitivePathSource,
+): SensitivePathRule[] {
+  if (!Array.isArray(value)) {
+    return [];
+  }
+  return dedupeRules(
+    value
+      .map((entry) => normalizeSensitivePathRule(entry, fallbackSource))
+      .filter((entry): entry is SensitivePathRule => Boolean(entry)),
+  );
+}
+
+export function getBuiltinSensitivePathRules(): SensitivePathRule[] {
+  return cloneSensitivePathRules(BUILTIN_SENSITIVE_PATH_RULES);
+}
+
+export function hydrateSensitivePathConfig(config?: SensitivePathConfig): SensitivePathConfig {
+  const builtinRules = getBuiltinSensitivePathRules();
+  const existingRules = normalizeSensitivePathRules(config?.path_rules, "builtin");
+  return {
+    path_rules: dedupeRules([...builtinRules, ...existingRules]),
+  };
+}
+
+export function normalizeSensitivePathStrategyOverride(value: unknown): SensitivePathStrategyOverride | undefined {
+  if (!value || typeof value !== "object" || Array.isArray(value)) {
+    return undefined;
+  }
+
+  const record = value as Record<string, unknown>;
+  const disabledBuiltinIds = Array.isArray(record.disabled_builtin_ids)
+    ? Array.from(
+        new Set(
+          record.disabled_builtin_ids
+            .map((entry) => trimmedString(entry))
+            .filter((entry): entry is string => Boolean(entry)),
+        ),
+      )
+        .filter((entry) => BUILTIN_SENSITIVE_PATH_RULE_ID_SET.has(entry))
+        .sort((left, right) => left.localeCompare(right))
+    : undefined;
+  const customPathRules = normalizeSensitivePathRules(record.custom_path_rules, "custom")
+    .filter((rule) => !BUILTIN_SENSITIVE_PATH_RULE_ID_SET.has(rule.id))
+    .map((rule) => ({ ...rule, source: "custom" as const }));
+
+  if (!disabledBuiltinIds?.length && customPathRules.length === 0) {
+    return undefined;
+  }
+
+  return {
+    ...(disabledBuiltinIds?.length ? { disabled_builtin_ids: disabledBuiltinIds } : {}),
+    ...(customPathRules.length ? { custom_path_rules: customPathRules } : {}),
+  };
+}
+
+export function applySensitivePathStrategyOverride(
+  base: SensitivePathConfig | undefined,
+  override: SensitivePathStrategyOverride | undefined,
+): SensitivePathConfig {
+  const hydrated = hydrateSensitivePathConfig(base);
+  const normalizedOverride = normalizeSensitivePathStrategyOverride(override);
+  if (!normalizedOverride) {
+    return hydrated;
+  }
+
+  const disabledBuiltinIds = new Set(normalizedOverride.disabled_builtin_ids ?? []);
+  const filteredBaseRules = hydrated.path_rules.filter((rule) => {
+    return !(rule.source === "builtin" && disabledBuiltinIds.has(rule.id));
+  });
+
+  return {
+    path_rules: dedupeRules([
+      ...filteredBaseRules,
+      ...normalizeSensitivePathRules(normalizedOverride.custom_path_rules, "custom"),
+    ]),
+  };
+}
+
+export function listRemovedBuiltinSensitivePathRules(
+  base: SensitivePathConfig | undefined,
+  override: SensitivePathStrategyOverride | undefined,
+): SensitivePathRule[] {
+  const hydrated = hydrateSensitivePathConfig(base);
+  const normalizedOverride = normalizeSensitivePathStrategyOverride(override);
+  if (!normalizedOverride?.disabled_builtin_ids?.length) {
+    return [];
+  }
+
+  const disabledBuiltinIds = new Set(normalizedOverride.disabled_builtin_ids);
+  return hydrated.path_rules
+    .filter((rule) => rule.source === "builtin" && disabledBuiltinIds.has(rule.id))
+    .map((rule) => cloneSensitivePathRule(rule));
+}

package/src/domain/services/sensitivity_label_inference.ts

@@ -0,0 +1,161 @@
+import os from "node:os";
+
+import { getBuiltinSensitivePathRules } from "./sensitive_path_registry.ts";
+import type { SensitivePathRule } from "../../types.ts";
+
+export interface SensitivityLabelContext {
+  assetLabels: string[];
+  dataLabels: string[];
+}
+
+const OTP_PATTERN = /otp|one[- ]time|verification code|验证码|passcode|login (?:code|notification|alert)|登录提醒/i;
+const HOME_DIR = os.homedir().replace(/\\/g, "/").toLowerCase();
+
+function addLabel(labels: Set<string>, condition: boolean, label: string): void {
+  if (condition) {
+    labels.add(label);
+  }
+}
+
+function escapeRegExp(value: string): string {
+  return value.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
+}
+
+function globToRegExp(pattern: string): RegExp {
+  let source = "";
+  for (let index = 0; index < pattern.length; index += 1) {
+    const char = pattern[index];
+    const next = pattern[index + 1];
+    if (char === "*" && next === "*") {
+      source += ".*";
+      index += 1;
+      continue;
+    }
+    if (char === "*") {
+      source += "[^/]*";
+      continue;
+    }
+    if (char === "?") {
+      source += ".";
+      continue;
+    }
+    source += escapeRegExp(char);
+  }
+  return new RegExp(`^${source}$`, "i");
+}
+
+function normalizePathRulePattern(pattern: string): string {
+  const normalized = pattern.replace(/\\/g, "/").trim();
+  if (normalized === "~") {
+    return HOME_DIR;
+  }
+  if (normalized.startsWith("~/")) {
+    return `${HOME_DIR}/${normalized.slice(2)}`.toLowerCase();
+  }
+  if (normalized.startsWith("$HOME/")) {
+    return `${HOME_DIR}/${normalized.slice(6)}`.toLowerCase();
+  }
+  if (normalized.startsWith("${HOME}/")) {
+    return `${HOME_DIR}/${normalized.slice(8)}`.toLowerCase();
+  }
+  return normalized.toLowerCase();
+}
+
+function matchesSensitivePathRule(rule: SensitivePathRule, candidate: string): boolean {
+  try {
+    if (rule.match_type === "prefix") {
+      return matchesPrefixPattern(rule.pattern, candidate);
+    }
+    if (rule.match_type === "glob") {
+      return globToRegExp(normalizePathRulePattern(rule.pattern)).test(candidate);
+    }
+    return new RegExp(rule.pattern, "i").test(candidate);
+  } catch {
+    return false;
+  }
+}
+
+function resolveSensitivePathRules(rules?: SensitivePathRule[]): SensitivePathRule[] {
+  if (!rules) {
+    return getBuiltinSensitivePathRules();
+  }
+  return rules.map((rule) => ({ ...rule }));
+}
+
+function matchesPrefixPattern(pattern: string, candidate: string): boolean {
+  const normalizedPrefix = normalizePathRulePattern(pattern);
+  if (!normalizedPrefix) {
+    return false;
+  }
+  if (candidate === normalizedPrefix) {
+    return true;
+  }
+  if (normalizedPrefix.endsWith("/")) {
+    return candidate.startsWith(normalizedPrefix);
+  }
+  return candidate.startsWith(`${normalizedPrefix}/`);
+}
+
+function normalizeText(value: string): string {
+  return value.replace(/\\/g, "/").toLowerCase();
+}
+
+function normalizePaths(resourcePaths: string[]): string[] {
+  return resourcePaths
+    .filter((value) => value.trim().length > 0)
+    .map((value) => normalizeText(value));
+}
+
+function combinedTextCorpus(resourcePaths: string[], toolArgsSummary: string | undefined): string {
+  return [...normalizePaths(resourcePaths), toolArgsSummary]
+    .filter((value): value is string => typeof value === "string" && value.trim().length > 0)
+    .map((value) => normalizeText(value))
+    .join(" ");
+}
+
+export function inferSensitivityLabels(
+  toolGroup: string | undefined,
+  resourcePaths: string[],
+  toolArgsSummary: string | undefined,
+  sensitivePathRules?: SensitivePathRule[],
+): SensitivityLabelContext {
+  const normalizedPaths = normalizePaths(resourcePaths);
+  const corpus = combinedTextCorpus(resourcePaths, toolArgsSummary);
+  const resolvedSensitivePathRules = resolveSensitivePathRules(sensitivePathRules);
+  const assetLabels = new Set<string>();
+  const dataLabels = new Set<string>();
+
+  addLabel(assetLabels, /\b(?:finance|invoice|billing|payroll|ledger)\b/.test(corpus), "financial");
+  addLabel(dataLabels, /\b(?:finance|invoice|billing|payroll|ledger)\b/.test(corpus), "financial");
+  addLabel(assetLabels, /\b(?:customer|client|crm|contact)\b/.test(corpus), "customer_data");
+  addLabel(dataLabels, /\b(?:customer|client|crm|contact)\b/.test(corpus), "customer_data");
+  addLabel(assetLabels, /\b(?:hr|personnel|resume|employee|salary)\b/.test(corpus), "hr");
+  addLabel(dataLabels, /\b(?:hr|personnel|resume|employee|salary)\b/.test(corpus), "pii");
+
+  const matchedSensitivePathLabels = new Set<string>();
+  normalizedPaths.forEach((candidate) => {
+    resolvedSensitivePathRules.forEach((rule) => {
+      if (matchesSensitivePathRule(rule, candidate)) {
+        matchedSensitivePathLabels.add(rule.asset_label);
+      }
+    });
+  });
+
+  matchedSensitivePathLabels.forEach((label) => assetLabels.add(label));
+  addLabel(dataLabels, matchedSensitivePathLabels.has("credential"), "secret");
+  addLabel(dataLabels, matchedSensitivePathLabels.has("browser_secret_store"), "browser_secret");
+  addLabel(dataLabels, matchedSensitivePathLabels.has("communication_store"), "communications");
+  addLabel(assetLabels, matchedSensitivePathLabels.has("browser_secret_store"), "browser_profile");
+
+  addLabel(dataLabels, /token|secret|password|bearer|cookie|session|jwt|private key|id_rsa/.test(corpus), "secret");
+  addLabel(dataLabels, OTP_PATTERN.test(corpus), "otp");
+  addLabel(assetLabels, /\.github\/workflows\/|dockerfile\b|terraform|\.tf\b|k8s|kubernetes|deployment\.ya?ml|secret\.ya?ml|iam/.test(corpus), "control_plane");
+  addLabel(dataLabels, toolGroup === "email" || toolGroup === "sms", "communications");
+  addLabel(dataLabels, toolGroup === "album", "media");
+  addLabel(dataLabels, toolGroup === "browser", "browser_secret");
+
+  return {
+    assetLabels: [...assetLabels],
+    dataLabels: [...dataLabels],
+  };
+}