shieldcortex 2.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +21 -0
- package/README.md +282 -0
- package/dashboard/components.json +22 -0
- package/dashboard/eslint.config.mjs +42 -0
- package/dashboard/next.config.ts +7 -0
- package/dashboard/package-lock.json +8053 -0
- package/dashboard/package.json +44 -0
- package/dashboard/postcss.config.mjs +7 -0
- package/dashboard/public/file.svg +1 -0
- package/dashboard/public/globe.svg +1 -0
- package/dashboard/public/next.svg +1 -0
- package/dashboard/public/vercel.svg +1 -0
- package/dashboard/public/window.svg +1 -0
- package/dashboard/scripts/ensure-api.mjs +76 -0
- package/dashboard/src/app/error.tsx +49 -0
- package/dashboard/src/app/favicon.ico +0 -0
- package/dashboard/src/app/globals.css +130 -0
- package/dashboard/src/app/layout.tsx +35 -0
- package/dashboard/src/app/page.tsx +364 -0
- package/dashboard/src/components/Providers.tsx +27 -0
- package/dashboard/src/components/brain/ActivityPulseSystem.tsx +229 -0
- package/dashboard/src/components/brain/BrainMesh.tsx +133 -0
- package/dashboard/src/components/brain/BrainRegions.tsx +254 -0
- package/dashboard/src/components/brain/BrainScene.tsx +255 -0
- package/dashboard/src/components/brain/CategoryLabels.tsx +103 -0
- package/dashboard/src/components/brain/CoreSphere.tsx +215 -0
- package/dashboard/src/components/brain/DataFlowParticles.tsx +123 -0
- package/dashboard/src/components/brain/DataStreamRings.tsx +161 -0
- package/dashboard/src/components/brain/ElectronFlow.tsx +323 -0
- package/dashboard/src/components/brain/HolographicGrid.tsx +235 -0
- package/dashboard/src/components/brain/MemoryLinks.tsx +271 -0
- package/dashboard/src/components/brain/MemoryNode.tsx +245 -0
- package/dashboard/src/components/brain/NeuralPathways.tsx +441 -0
- package/dashboard/src/components/brain/SynapseNodes.tsx +312 -0
- package/dashboard/src/components/brain/TimelineControls.tsx +205 -0
- package/dashboard/src/components/chip/ChipScene.tsx +497 -0
- package/dashboard/src/components/chip/ChipSubstrate.tsx +238 -0
- package/dashboard/src/components/chip/CortexCore.tsx +210 -0
- package/dashboard/src/components/chip/DataBus.tsx +416 -0
- package/dashboard/src/components/chip/MemoryCell.tsx +225 -0
- package/dashboard/src/components/chip/MemoryGrid.tsx +328 -0
- package/dashboard/src/components/chip/QuantumCell.tsx +316 -0
- package/dashboard/src/components/chip/SectionLabel.tsx +113 -0
- package/dashboard/src/components/chip/index.ts +14 -0
- package/dashboard/src/components/controls/ControlPanel.tsx +106 -0
- package/dashboard/src/components/controls/VersionPanel.tsx +185 -0
- package/dashboard/src/components/dashboard/StatsPanel.tsx +164 -0
- package/dashboard/src/components/debug/ActivityLog.tsx +250 -0
- package/dashboard/src/components/debug/DebugPanel.tsx +101 -0
- package/dashboard/src/components/debug/QueryTester.tsx +192 -0
- package/dashboard/src/components/debug/RelationshipGraph.tsx +403 -0
- package/dashboard/src/components/debug/SqlConsole.tsx +319 -0
- package/dashboard/src/components/graph/KnowledgeGraph.tsx +230 -0
- package/dashboard/src/components/graph/OntologyGraph.tsx +631 -0
- package/dashboard/src/components/insights/ActivityHeatmap.tsx +131 -0
- package/dashboard/src/components/insights/InsightsView.tsx +46 -0
- package/dashboard/src/components/insights/KnowledgeMapPanel.tsx +80 -0
- package/dashboard/src/components/insights/QualityPanel.tsx +116 -0
- package/dashboard/src/components/memories/MemoriesView.tsx +150 -0
- package/dashboard/src/components/memories/MemoryCard.tsx +103 -0
- package/dashboard/src/components/memory/MemoryDetail.tsx +325 -0
- package/dashboard/src/components/nav/NavRail.tsx +54 -0
- package/dashboard/src/components/ui/button.tsx +62 -0
- package/dashboard/src/components/ui/card.tsx +92 -0
- package/dashboard/src/components/ui/input.tsx +21 -0
- package/dashboard/src/hooks/useDebouncedValue.ts +24 -0
- package/dashboard/src/hooks/useMemories.ts +458 -0
- package/dashboard/src/hooks/useSuggestions.ts +46 -0
- package/dashboard/src/lib/category-colors.ts +84 -0
- package/dashboard/src/lib/position-algorithm.ts +177 -0
- package/dashboard/src/lib/simplex-noise.ts +217 -0
- package/dashboard/src/lib/store.ts +88 -0
- package/dashboard/src/lib/utils.ts +6 -0
- package/dashboard/src/lib/websocket.ts +249 -0
- package/dashboard/src/types/memory.ts +73 -0
- package/dashboard/tsconfig.json +34 -0
- package/dist/__tests__/consolidation-merge.test.d.ts +9 -0
- package/dist/__tests__/consolidation-merge.test.d.ts.map +1 -0
- package/dist/__tests__/consolidation-merge.test.js +137 -0
- package/dist/__tests__/consolidation-merge.test.js.map +1 -0
- package/dist/__tests__/contradictions.test.d.ts +8 -0
- package/dist/__tests__/contradictions.test.d.ts.map +1 -0
- package/dist/__tests__/contradictions.test.js +78 -0
- package/dist/__tests__/contradictions.test.js.map +1 -0
- package/dist/__tests__/salience-evolution.test.d.ts +7 -0
- package/dist/__tests__/salience-evolution.test.d.ts.map +1 -0
- package/dist/__tests__/salience-evolution.test.js +151 -0
- package/dist/__tests__/salience-evolution.test.js.map +1 -0
- package/dist/__tests__/store.test.d.ts +7 -0
- package/dist/__tests__/store.test.d.ts.map +1 -0
- package/dist/__tests__/store.test.js +582 -0
- package/dist/__tests__/store.test.js.map +1 -0
- package/dist/api/control.d.ts +27 -0
- package/dist/api/control.d.ts.map +1 -0
- package/dist/api/control.js +60 -0
- package/dist/api/control.js.map +1 -0
- package/dist/api/events.d.ts +159 -0
- package/dist/api/events.d.ts.map +1 -0
- package/dist/api/events.js +155 -0
- package/dist/api/events.js.map +1 -0
- package/dist/api/version.d.ts +36 -0
- package/dist/api/version.d.ts.map +1 -0
- package/dist/api/version.js +146 -0
- package/dist/api/version.js.map +1 -0
- package/dist/api/visualization-server.d.ts +11 -0
- package/dist/api/visualization-server.d.ts.map +1 -0
- package/dist/api/visualization-server.js +1186 -0
- package/dist/api/visualization-server.js.map +1 -0
- package/dist/context/project-context.d.ts +57 -0
- package/dist/context/project-context.d.ts.map +1 -0
- package/dist/context/project-context.js +135 -0
- package/dist/context/project-context.js.map +1 -0
- package/dist/database/init.d.ts +49 -0
- package/dist/database/init.d.ts.map +1 -0
- package/dist/database/init.js +567 -0
- package/dist/database/init.js.map +1 -0
- package/dist/defence/__tests__/firewall.test.d.ts +8 -0
- package/dist/defence/__tests__/firewall.test.d.ts.map +1 -0
- package/dist/defence/__tests__/firewall.test.js +123 -0
- package/dist/defence/__tests__/firewall.test.js.map +1 -0
- package/dist/defence/__tests__/fragmentation.test.d.ts +7 -0
- package/dist/defence/__tests__/fragmentation.test.d.ts.map +1 -0
- package/dist/defence/__tests__/fragmentation.test.js +51 -0
- package/dist/defence/__tests__/fragmentation.test.js.map +1 -0
- package/dist/defence/__tests__/pipeline.test.d.ts +8 -0
- package/dist/defence/__tests__/pipeline.test.d.ts.map +1 -0
- package/dist/defence/__tests__/pipeline.test.js +61 -0
- package/dist/defence/__tests__/pipeline.test.js.map +1 -0
- package/dist/defence/__tests__/sensitivity.test.d.ts +7 -0
- package/dist/defence/__tests__/sensitivity.test.d.ts.map +1 -0
- package/dist/defence/__tests__/sensitivity.test.js +61 -0
- package/dist/defence/__tests__/sensitivity.test.js.map +1 -0
- package/dist/defence/__tests__/trust.test.d.ts +7 -0
- package/dist/defence/__tests__/trust.test.d.ts.map +1 -0
- package/dist/defence/__tests__/trust.test.js +49 -0
- package/dist/defence/__tests__/trust.test.js.map +1 -0
- package/dist/defence/audit/index.d.ts +4 -0
- package/dist/defence/audit/index.d.ts.map +1 -0
- package/dist/defence/audit/index.js +3 -0
- package/dist/defence/audit/index.js.map +1 -0
- package/dist/defence/audit/logger.d.ts +14 -0
- package/dist/defence/audit/logger.d.ts.map +1 -0
- package/dist/defence/audit/logger.js +54 -0
- package/dist/defence/audit/logger.js.map +1 -0
- package/dist/defence/audit/queries.d.ts +33 -0
- package/dist/defence/audit/queries.d.ts.map +1 -0
- package/dist/defence/audit/queries.js +103 -0
- package/dist/defence/audit/queries.js.map +1 -0
- package/dist/defence/firewall/anomaly-scorer.d.ts +8 -0
- package/dist/defence/firewall/anomaly-scorer.d.ts.map +1 -0
- package/dist/defence/firewall/anomaly-scorer.js +58 -0
- package/dist/defence/firewall/anomaly-scorer.js.map +1 -0
- package/dist/defence/firewall/encoding-detector.d.ts +13 -0
- package/dist/defence/firewall/encoding-detector.d.ts.map +1 -0
- package/dist/defence/firewall/encoding-detector.js +120 -0
- package/dist/defence/firewall/encoding-detector.js.map +1 -0
- package/dist/defence/firewall/index.d.ts +21 -0
- package/dist/defence/firewall/index.d.ts.map +1 -0
- package/dist/defence/firewall/index.js +133 -0
- package/dist/defence/firewall/index.js.map +1 -0
- package/dist/defence/firewall/instruction-detector.d.ts +12 -0
- package/dist/defence/firewall/instruction-detector.d.ts.map +1 -0
- package/dist/defence/firewall/instruction-detector.js +99 -0
- package/dist/defence/firewall/instruction-detector.js.map +1 -0
- package/dist/defence/firewall/privilege-detector.d.ts +13 -0
- package/dist/defence/firewall/privilege-detector.d.ts.map +1 -0
- package/dist/defence/firewall/privilege-detector.js +89 -0
- package/dist/defence/firewall/privilege-detector.js.map +1 -0
- package/dist/defence/fragmentation/assembly-detector.d.ts +18 -0
- package/dist/defence/fragmentation/assembly-detector.d.ts.map +1 -0
- package/dist/defence/fragmentation/assembly-detector.js +72 -0
- package/dist/defence/fragmentation/assembly-detector.js.map +1 -0
- package/dist/defence/fragmentation/entity-extractor.d.ts +19 -0
- package/dist/defence/fragmentation/entity-extractor.d.ts.map +1 -0
- package/dist/defence/fragmentation/entity-extractor.js +86 -0
- package/dist/defence/fragmentation/entity-extractor.js.map +1 -0
- package/dist/defence/fragmentation/index.d.ts +23 -0
- package/dist/defence/fragmentation/index.d.ts.map +1 -0
- package/dist/defence/fragmentation/index.js +49 -0
- package/dist/defence/fragmentation/index.js.map +1 -0
- package/dist/defence/fragmentation/temporal-analyzer.d.ts +28 -0
- package/dist/defence/fragmentation/temporal-analyzer.d.ts.map +1 -0
- package/dist/defence/fragmentation/temporal-analyzer.js +41 -0
- package/dist/defence/fragmentation/temporal-analyzer.js.map +1 -0
- package/dist/defence/index.d.ts +12 -0
- package/dist/defence/index.d.ts.map +1 -0
- package/dist/defence/index.js +18 -0
- package/dist/defence/index.js.map +1 -0
- package/dist/defence/pipeline.d.ts +9 -0
- package/dist/defence/pipeline.d.ts.map +1 -0
- package/dist/defence/pipeline.js +115 -0
- package/dist/defence/pipeline.js.map +1 -0
- package/dist/defence/scanner/index.d.ts +5 -0
- package/dist/defence/scanner/index.d.ts.map +1 -0
- package/dist/defence/scanner/index.js +5 -0
- package/dist/defence/scanner/index.js.map +1 -0
- package/dist/defence/scanner/scan-existing.d.ts +34 -0
- package/dist/defence/scanner/scan-existing.d.ts.map +1 -0
- package/dist/defence/scanner/scan-existing.js +136 -0
- package/dist/defence/scanner/scan-existing.js.map +1 -0
- package/dist/defence/sensitivity/classifier.d.ts +6 -0
- package/dist/defence/sensitivity/classifier.d.ts.map +1 -0
- package/dist/defence/sensitivity/classifier.js +50 -0
- package/dist/defence/sensitivity/classifier.js.map +1 -0
- package/dist/defence/sensitivity/index.d.ts +11 -0
- package/dist/defence/sensitivity/index.d.ts.map +1 -0
- package/dist/defence/sensitivity/index.js +13 -0
- package/dist/defence/sensitivity/index.js.map +1 -0
- package/dist/defence/sensitivity/patterns.d.ts +14 -0
- package/dist/defence/sensitivity/patterns.d.ts.map +1 -0
- package/dist/defence/sensitivity/patterns.js +67 -0
- package/dist/defence/sensitivity/patterns.js.map +1 -0
- package/dist/defence/sensitivity/redaction.d.ts +17 -0
- package/dist/defence/sensitivity/redaction.d.ts.map +1 -0
- package/dist/defence/sensitivity/redaction.js +47 -0
- package/dist/defence/sensitivity/redaction.js.map +1 -0
- package/dist/defence/trust/index.d.ts +3 -0
- package/dist/defence/trust/index.d.ts.map +1 -0
- package/dist/defence/trust/index.js +3 -0
- package/dist/defence/trust/index.js.map +1 -0
- package/dist/defence/trust/recall-filter.d.ts +10 -0
- package/dist/defence/trust/recall-filter.d.ts.map +1 -0
- package/dist/defence/trust/recall-filter.js +38 -0
- package/dist/defence/trust/recall-filter.js.map +1 -0
- package/dist/defence/trust/source-scorer.d.ts +6 -0
- package/dist/defence/trust/source-scorer.d.ts.map +1 -0
- package/dist/defence/trust/source-scorer.js +34 -0
- package/dist/defence/trust/source-scorer.js.map +1 -0
- package/dist/defence/types.d.ts +88 -0
- package/dist/defence/types.d.ts.map +1 -0
- package/dist/defence/types.js +15 -0
- package/dist/defence/types.js.map +1 -0
- package/dist/embeddings/generator.d.ts +20 -0
- package/dist/embeddings/generator.d.ts.map +1 -0
- package/dist/embeddings/generator.js +83 -0
- package/dist/embeddings/generator.js.map +1 -0
- package/dist/embeddings/index.d.ts +2 -0
- package/dist/embeddings/index.d.ts.map +1 -0
- package/dist/embeddings/index.js +2 -0
- package/dist/embeddings/index.js.map +1 -0
- package/dist/errors.d.ts +74 -0
- package/dist/errors.d.ts.map +1 -0
- package/dist/errors.js +131 -0
- package/dist/errors.js.map +1 -0
- package/dist/graph/backfill.d.ts +6 -0
- package/dist/graph/backfill.d.ts.map +1 -0
- package/dist/graph/backfill.js +33 -0
- package/dist/graph/backfill.js.map +1 -0
- package/dist/graph/extract.d.ts +21 -0
- package/dist/graph/extract.d.ts.map +1 -0
- package/dist/graph/extract.js +231 -0
- package/dist/graph/extract.js.map +1 -0
- package/dist/graph/resolve.d.ts +6 -0
- package/dist/graph/resolve.d.ts.map +1 -0
- package/dist/graph/resolve.js +126 -0
- package/dist/graph/resolve.js.map +1 -0
- package/dist/index.d.ts +31 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +248 -0
- package/dist/index.js.map +1 -0
- package/dist/memory/activation.d.ts +69 -0
- package/dist/memory/activation.d.ts.map +1 -0
- package/dist/memory/activation.js +168 -0
- package/dist/memory/activation.js.map +1 -0
- package/dist/memory/consolidate.d.ts +98 -0
- package/dist/memory/consolidate.d.ts.map +1 -0
- package/dist/memory/consolidate.js +511 -0
- package/dist/memory/consolidate.js.map +1 -0
- package/dist/memory/contradiction.d.ts +69 -0
- package/dist/memory/contradiction.d.ts.map +1 -0
- package/dist/memory/contradiction.js +286 -0
- package/dist/memory/contradiction.js.map +1 -0
- package/dist/memory/decay.d.ts +62 -0
- package/dist/memory/decay.d.ts.map +1 -0
- package/dist/memory/decay.js +184 -0
- package/dist/memory/decay.js.map +1 -0
- package/dist/memory/salience.d.ts +36 -0
- package/dist/memory/salience.d.ts.map +1 -0
- package/dist/memory/salience.js +216 -0
- package/dist/memory/salience.js.map +1 -0
- package/dist/memory/similarity.d.ts +57 -0
- package/dist/memory/similarity.d.ts.map +1 -0
- package/dist/memory/similarity.js +114 -0
- package/dist/memory/similarity.js.map +1 -0
- package/dist/memory/store.d.ts +179 -0
- package/dist/memory/store.d.ts.map +1 -0
- package/dist/memory/store.js +1184 -0
- package/dist/memory/store.js.map +1 -0
- package/dist/memory/types.d.ts +97 -0
- package/dist/memory/types.d.ts.map +1 -0
- package/dist/memory/types.js +30 -0
- package/dist/memory/types.js.map +1 -0
- package/dist/server.d.ts +12 -0
- package/dist/server.d.ts.map +1 -0
- package/dist/server.js +568 -0
- package/dist/server.js.map +1 -0
- package/dist/service/install.d.ts +15 -0
- package/dist/service/install.d.ts.map +1 -0
- package/dist/service/install.js +178 -0
- package/dist/service/install.js.map +1 -0
- package/dist/service/templates.d.ts +13 -0
- package/dist/service/templates.d.ts.map +1 -0
- package/dist/service/templates.js +58 -0
- package/dist/service/templates.js.map +1 -0
- package/dist/setup/claude-md.d.ts +12 -0
- package/dist/setup/claude-md.d.ts.map +1 -0
- package/dist/setup/claude-md.js +68 -0
- package/dist/setup/claude-md.js.map +1 -0
- package/dist/setup/clawdbot.d.ts +15 -0
- package/dist/setup/clawdbot.d.ts.map +1 -0
- package/dist/setup/clawdbot.js +118 -0
- package/dist/setup/clawdbot.js.map +1 -0
- package/dist/setup/doctor.d.ts +5 -0
- package/dist/setup/doctor.d.ts.map +1 -0
- package/dist/setup/doctor.js +141 -0
- package/dist/setup/doctor.js.map +1 -0
- package/dist/setup/hooks.d.ts +6 -0
- package/dist/setup/hooks.d.ts.map +1 -0
- package/dist/setup/hooks.js +36 -0
- package/dist/setup/hooks.js.map +1 -0
- package/dist/setup/migrate.d.ts +16 -0
- package/dist/setup/migrate.d.ts.map +1 -0
- package/dist/setup/migrate.js +164 -0
- package/dist/setup/migrate.js.map +1 -0
- package/dist/setup/settings-hooks.d.ts +7 -0
- package/dist/setup/settings-hooks.d.ts.map +1 -0
- package/dist/setup/settings-hooks.js +83 -0
- package/dist/setup/settings-hooks.js.map +1 -0
- package/dist/setup/uninstall.d.ts +12 -0
- package/dist/setup/uninstall.d.ts.map +1 -0
- package/dist/setup/uninstall.js +125 -0
- package/dist/setup/uninstall.js.map +1 -0
- package/dist/tools/context.d.ts +135 -0
- package/dist/tools/context.d.ts.map +1 -0
- package/dist/tools/context.js +273 -0
- package/dist/tools/context.js.map +1 -0
- package/dist/tools/forget.d.ts +53 -0
- package/dist/tools/forget.d.ts.map +1 -0
- package/dist/tools/forget.js +179 -0
- package/dist/tools/forget.js.map +1 -0
- package/dist/tools/graph.d.ts +46 -0
- package/dist/tools/graph.d.ts.map +1 -0
- package/dist/tools/graph.js +206 -0
- package/dist/tools/graph.js.map +1 -0
- package/dist/tools/recall.d.ts +79 -0
- package/dist/tools/recall.d.ts.map +1 -0
- package/dist/tools/recall.js +156 -0
- package/dist/tools/recall.js.map +1 -0
- package/dist/tools/remember.d.ts +83 -0
- package/dist/tools/remember.d.ts.map +1 -0
- package/dist/tools/remember.js +151 -0
- package/dist/tools/remember.js.map +1 -0
- package/dist/worker/brain-worker.d.ts +100 -0
- package/dist/worker/brain-worker.d.ts.map +1 -0
- package/dist/worker/brain-worker.js +283 -0
- package/dist/worker/brain-worker.js.map +1 -0
- package/dist/worker/link-discovery.d.ts +47 -0
- package/dist/worker/link-discovery.d.ts.map +1 -0
- package/dist/worker/link-discovery.js +103 -0
- package/dist/worker/link-discovery.js.map +1 -0
- package/dist/worker/predictive-consolidation.d.ts +46 -0
- package/dist/worker/predictive-consolidation.d.ts.map +1 -0
- package/dist/worker/predictive-consolidation.js +110 -0
- package/dist/worker/predictive-consolidation.js.map +1 -0
- package/dist/worker/types.d.ts +91 -0
- package/dist/worker/types.d.ts.map +1 -0
- package/dist/worker/types.js +22 -0
- package/dist/worker/types.js.map +1 -0
- package/hooks/clawdbot/cortex-memory/HOOK.md +71 -0
- package/hooks/clawdbot/cortex-memory/handler.js +279 -0
- package/package.json +73 -0
- package/scripts/pre-compact-hook.mjs +716 -0
- package/scripts/session-end-hook.mjs +548 -0
- package/scripts/session-start-hook.mjs +221 -0
- package/scripts/start-dashboard.sh +41 -0
- package/scripts/stop-dashboard.sh +21 -0
- package/scripts/stop-hook.mjs +163 -0
|
@@ -0,0 +1,89 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Privilege Detector
|
|
3
|
+
*
|
|
4
|
+
* Detects credential references, external URLs, system access,
|
|
5
|
+
* and network exfiltration attempts in memory content.
|
|
6
|
+
*/
|
|
7
|
+
const INDICATOR_GROUPS = [
|
|
8
|
+
{
|
|
9
|
+
name: 'credential_reference',
|
|
10
|
+
severity: 'high',
|
|
11
|
+
patterns: [
|
|
12
|
+
/\bpassword\s*[=:]/i,
|
|
13
|
+
/\bapi[_-]?key\s*[=:]/i,
|
|
14
|
+
/\bsecret[_-]?key\s*[=:]/i,
|
|
15
|
+
/\btoken\s*[=:]/i,
|
|
16
|
+
/\bbearer\s+[A-Za-z0-9._~+/=-]+/i,
|
|
17
|
+
/\bauth[_-]?token\s*[=:]/i,
|
|
18
|
+
/\bcredential\s*[=:]/i,
|
|
19
|
+
/\bprivate[_-]?key\b/i,
|
|
20
|
+
/\bAKIA[0-9A-Z]{16}\b/, // AWS access key pattern
|
|
21
|
+
],
|
|
22
|
+
},
|
|
23
|
+
{
|
|
24
|
+
name: 'system_access',
|
|
25
|
+
severity: 'high',
|
|
26
|
+
patterns: [
|
|
27
|
+
/\bsudo\b/i,
|
|
28
|
+
/\bchmod\s+[0-7]{3,4}\b/,
|
|
29
|
+
/\bchown\b/i,
|
|
30
|
+
/\/etc\/passwd\b/,
|
|
31
|
+
/\/etc\/shadow\b/,
|
|
32
|
+
/\broot\s+access\b/i,
|
|
33
|
+
/\badmin\s+(access|privileges?|rights?|panel)\b/i,
|
|
34
|
+
],
|
|
35
|
+
},
|
|
36
|
+
{
|
|
37
|
+
name: 'destructive_filesystem',
|
|
38
|
+
severity: 'high',
|
|
39
|
+
patterns: [
|
|
40
|
+
/\brm\s+-rf\b/,
|
|
41
|
+
/\bdel\s+\/f\b/i,
|
|
42
|
+
/\bformat\s+[a-z]:/i,
|
|
43
|
+
/\bmkfs\b/,
|
|
44
|
+
/\brmdir\s+\/s\b/i,
|
|
45
|
+
],
|
|
46
|
+
},
|
|
47
|
+
{
|
|
48
|
+
name: 'network_exfiltration',
|
|
49
|
+
severity: 'medium',
|
|
50
|
+
patterns: [
|
|
51
|
+
/\bcurl\s+.*(-d|--data)\b/i,
|
|
52
|
+
/\bwget\s/i,
|
|
53
|
+
/\bfetch\s*\(/i,
|
|
54
|
+
/\bXMLHttpRequest\b/,
|
|
55
|
+
/\bsend\s+to\s+/i,
|
|
56
|
+
/\bexfiltrate\b/i,
|
|
57
|
+
/\bupload\s+to\s+/i,
|
|
58
|
+
],
|
|
59
|
+
},
|
|
60
|
+
{
|
|
61
|
+
name: 'external_url',
|
|
62
|
+
severity: 'low',
|
|
63
|
+
patterns: [
|
|
64
|
+
/https?:\/\/[^\s"'<>]+/i,
|
|
65
|
+
],
|
|
66
|
+
},
|
|
67
|
+
];
|
|
68
|
+
const SEVERITY_ORDER = { low: 0, medium: 1, high: 2 };
|
|
69
|
+
export function detectPrivilegeEscalation(content) {
|
|
70
|
+
const indicators = [];
|
|
71
|
+
let highestSeverity = 'low';
|
|
72
|
+
for (const group of INDICATOR_GROUPS) {
|
|
73
|
+
for (const pattern of group.patterns) {
|
|
74
|
+
if (pattern.test(content)) {
|
|
75
|
+
indicators.push(group.name);
|
|
76
|
+
if (SEVERITY_ORDER[group.severity] > SEVERITY_ORDER[highestSeverity]) {
|
|
77
|
+
highestSeverity = group.severity;
|
|
78
|
+
}
|
|
79
|
+
break;
|
|
80
|
+
}
|
|
81
|
+
}
|
|
82
|
+
}
|
|
83
|
+
return {
|
|
84
|
+
detected: indicators.length > 0,
|
|
85
|
+
indicators: [...new Set(indicators)],
|
|
86
|
+
severity: indicators.length > 0 ? highestSeverity : 'low',
|
|
87
|
+
};
|
|
88
|
+
}
|
|
89
|
+
//# sourceMappingURL=privilege-detector.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"privilege-detector.js","sourceRoot":"","sources":["../../../src/defence/firewall/privilege-detector.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAcH,MAAM,gBAAgB,GAAqB;IACzC;QACE,IAAI,EAAE,sBAAsB;QAC5B,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE;YACR,oBAAoB;YACpB,uBAAuB;YACvB,0BAA0B;YAC1B,iBAAiB;YACjB,iCAAiC;YACjC,0BAA0B;YAC1B,sBAAsB;YACtB,sBAAsB;YACtB,sBAAsB,EAAE,yBAAyB;SAClD;KACF;IACD;QACE,IAAI,EAAE,eAAe;QACrB,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE;YACR,WAAW;YACX,wBAAwB;YACxB,YAAY;YACZ,iBAAiB;YACjB,iBAAiB;YACjB,oBAAoB;YACpB,iDAAiD;SAClD;KACF;IACD;QACE,IAAI,EAAE,wBAAwB;QAC9B,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE;YACR,cAAc;YACd,gBAAgB;YAChB,oBAAoB;YACpB,UAAU;YACV,kBAAkB;SACnB;KACF;IACD;QACE,IAAI,EAAE,sBAAsB;QAC5B,QAAQ,EAAE,QAAQ;QAClB,QAAQ,EAAE;YACR,2BAA2B;YAC3B,WAAW;YACX,eAAe;YACf,oBAAoB;YACpB,iBAAiB;YACjB,iBAAiB;YACjB,mBAAmB;SACpB;KACF;IACD;QACE,IAAI,EAAE,cAAc;QACpB,QAAQ,EAAE,KAAK;QACf,QAAQ,EAAE;YACR,wBAAwB;SACzB;KACF;CACF,CAAC;AAEF,MAAM,cAAc,GAA2B,EAAE,GAAG,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;AAE9E,MAAM,UAAU,yBAAyB,CAAC,OAAe;IACvD,MAAM,UAAU,GAAa,EAAE,CAAC;IAChC,IAAI,eAAe,GAA8B,KAAK,CAAC;IAEvD,KAAK,MAAM,KAAK,IAAI,gBAAgB,EAAE,CAAC;QACrC,KAAK,MAAM,OAAO,IAAI,KAAK,CAAC,QAAQ,EAAE,CAAC;YACrC,IAAI,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC1B,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;gBAC5B,IAAI,cAAc,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG,cAAc,CAAC,eAAe,CAAC,EAAE,CAAC;oBACrE,eAAe,GAAG,KAAK,CAAC,QAAQ,CAAC;gBACnC,CAAC;gBACD,MAAM;YACR,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO;QACL,QAAQ,EAAE,UAAU,CAAC,MAAM,GAAG,CAAC;QAC/B,UAAU,EAAE,CAAC,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC,CAAC;QACpC,QAAQ,EAAE,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,KAAK;KAC1D,CAAC;AACJ,CAAC"}
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Assembly detection — scoring heuristics for fragmented payload risk
|
|
3
|
+
*
|
|
4
|
+
* Evaluates whether overlapping entities across memories could combine
|
|
5
|
+
* into a coherent attack payload (e.g., URL + credential = exfiltration).
|
|
6
|
+
*/
|
|
7
|
+
import type { ExtractedEntity } from './entity-extractor.js';
|
|
8
|
+
import type { OverlappingEntity } from './temporal-analyzer.js';
|
|
9
|
+
export interface AssemblyAnalysis {
|
|
10
|
+
score: number;
|
|
11
|
+
risk: string;
|
|
12
|
+
suspiciousPatterns: string[];
|
|
13
|
+
}
|
|
14
|
+
/**
|
|
15
|
+
* Detect whether overlapping entities suggest payload assembly
|
|
16
|
+
*/
|
|
17
|
+
export declare function detectAssembly(overlapping: OverlappingEntity[], newEntities: ExtractedEntity[]): AssemblyAnalysis;
|
|
18
|
+
//# sourceMappingURL=assembly-detector.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"assembly-detector.d.ts","sourceRoot":"","sources":["../../../src/defence/fragmentation/assembly-detector.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AAC7D,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAC;AAEhE,MAAM,WAAW,gBAAgB;IAC/B,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,CAAC;IACb,kBAAkB,EAAE,MAAM,EAAE,CAAC;CAC9B;AAED;;GAEG;AACH,wBAAgB,cAAc,CAC5B,WAAW,EAAE,iBAAiB,EAAE,EAChC,WAAW,EAAE,eAAe,EAAE,GAC7B,gBAAgB,CAkFlB"}
|
|
@@ -0,0 +1,72 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Assembly detection — scoring heuristics for fragmented payload risk
|
|
3
|
+
*
|
|
4
|
+
* Evaluates whether overlapping entities across memories could combine
|
|
5
|
+
* into a coherent attack payload (e.g., URL + credential = exfiltration).
|
|
6
|
+
*/
|
|
7
|
+
/**
|
|
8
|
+
* Detect whether overlapping entities suggest payload assembly
|
|
9
|
+
*/
|
|
10
|
+
export function detectAssembly(overlapping, newEntities) {
|
|
11
|
+
if (overlapping.length === 0) {
|
|
12
|
+
return { score: 0, risk: 'none', suspiciousPatterns: [] };
|
|
13
|
+
}
|
|
14
|
+
let score = 0;
|
|
15
|
+
const suspiciousPatterns = [];
|
|
16
|
+
const overlapTypes = new Set(overlapping.map(o => o.type));
|
|
17
|
+
const newTypes = new Set(newEntities.map(e => e.type));
|
|
18
|
+
const allTypes = new Set([...overlapTypes, ...newTypes]);
|
|
19
|
+
const allMemoryIds = new Set();
|
|
20
|
+
for (const o of overlapping) {
|
|
21
|
+
for (const id of o.memoryIds) {
|
|
22
|
+
allMemoryIds.add(id);
|
|
23
|
+
}
|
|
24
|
+
}
|
|
25
|
+
const memoryCount = allMemoryIds.size;
|
|
26
|
+
// URL + credential → high risk
|
|
27
|
+
if (allTypes.has('url') && (allTypes.has('credential') || allTypes.has('api_key'))) {
|
|
28
|
+
score += 0.4;
|
|
29
|
+
suspiciousPatterns.push(`URL and credential entities found across ${memoryCount} memories — possible exfiltration pattern`);
|
|
30
|
+
}
|
|
31
|
+
// URL + command → medium risk
|
|
32
|
+
if (allTypes.has('url') && allTypes.has('command')) {
|
|
33
|
+
score += 0.3;
|
|
34
|
+
suspiciousPatterns.push(`URL and command entities found across ${memoryCount} memories — possible remote execution pattern`);
|
|
35
|
+
}
|
|
36
|
+
// Command + file path → medium risk
|
|
37
|
+
if (allTypes.has('command') && allTypes.has('file_path')) {
|
|
38
|
+
score += 0.25;
|
|
39
|
+
suspiciousPatterns.push(`Command and file path entities found across ${memoryCount} memories — possible local exploitation pattern`);
|
|
40
|
+
}
|
|
41
|
+
// IP address + credential → high risk
|
|
42
|
+
if (allTypes.has('ip_address') && (allTypes.has('credential') || allTypes.has('api_key'))) {
|
|
43
|
+
score += 0.4;
|
|
44
|
+
suspiciousPatterns.push(`IP address and credential entities found across ${memoryCount} memories — possible lateral movement pattern`);
|
|
45
|
+
}
|
|
46
|
+
// Multiple overlapping entities from different sources
|
|
47
|
+
if (memoryCount >= 3) {
|
|
48
|
+
score += 0.1 * Math.min(memoryCount - 2, 3);
|
|
49
|
+
suspiciousPatterns.push(`Entities overlap across ${memoryCount} distinct memory sources`);
|
|
50
|
+
}
|
|
51
|
+
// More than 3 overlapping entities bonus
|
|
52
|
+
if (overlapping.length > 3) {
|
|
53
|
+
score += 0.2;
|
|
54
|
+
suspiciousPatterns.push(`${overlapping.length} overlapping entities detected — high fragment density`);
|
|
55
|
+
}
|
|
56
|
+
score = Math.min(score, 1.0);
|
|
57
|
+
let risk;
|
|
58
|
+
if (score >= 0.7) {
|
|
59
|
+
risk = 'critical';
|
|
60
|
+
}
|
|
61
|
+
else if (score >= 0.4) {
|
|
62
|
+
risk = 'high';
|
|
63
|
+
}
|
|
64
|
+
else if (score >= 0.2) {
|
|
65
|
+
risk = 'medium';
|
|
66
|
+
}
|
|
67
|
+
else {
|
|
68
|
+
risk = 'low';
|
|
69
|
+
}
|
|
70
|
+
return { score, risk, suspiciousPatterns };
|
|
71
|
+
}
|
|
72
|
+
//# sourceMappingURL=assembly-detector.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"assembly-detector.js","sourceRoot":"","sources":["../../../src/defence/fragmentation/assembly-detector.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAWH;;GAEG;AACH,MAAM,UAAU,cAAc,CAC5B,WAAgC,EAChC,WAA8B;IAE9B,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC7B,OAAO,EAAE,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,kBAAkB,EAAE,EAAE,EAAE,CAAC;IAC5D,CAAC;IAED,IAAI,KAAK,GAAG,CAAC,CAAC;IACd,MAAM,kBAAkB,GAAa,EAAE,CAAC;IAExC,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;IAC3D,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;IACvD,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,CAAC,GAAG,YAAY,EAAE,GAAG,QAAQ,CAAC,CAAC,CAAC;IAEzD,MAAM,YAAY,GAAG,IAAI,GAAG,EAAU,CAAC;IACvC,KAAK,MAAM,CAAC,IAAI,WAAW,EAAE,CAAC;QAC5B,KAAK,MAAM,EAAE,IAAI,CAAC,CAAC,SAAS,EAAE,CAAC;YAC7B,YAAY,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QACvB,CAAC;IACH,CAAC;IACD,MAAM,WAAW,GAAG,YAAY,CAAC,IAAI,CAAC;IAEtC,+BAA+B;IAC/B,IAAI,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,YAAY,CAAC,IAAI,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC;QACnF,KAAK,IAAI,GAAG,CAAC;QACb,kBAAkB,CAAC,IAAI,CACrB,4CAA4C,WAAW,2CAA2C,CACnG,CAAC;IACJ,CAAC;IAED,8BAA8B;IAC9B,IAAI,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC;QACnD,KAAK,IAAI,GAAG,CAAC;QACb,kBAAkB,CAAC,IAAI,CACrB,yCAAyC,WAAW,+CAA+C,CACpG,CAAC;IACJ,CAAC;IAED,oCAAoC;IACpC,IAAI,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,QAAQ,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE,CAAC;QACzD,KAAK,IAAI,IAAI,CAAC;QACd,kBAAkB,CAAC,IAAI,CACrB,+CAA+C,WAAW,iDAAiD,CAC5G,CAAC;IACJ,CAAC;IAED,sCAAsC;IACtC,IAAI,QAAQ,CAAC,GAAG,CAAC,YAAY,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,YAAY,CAAC,IAAI,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC;QAC1F,KAAK,IAAI,GAAG,CAAC;QACb,kBAAkB,CAAC,IAAI,CACrB,mDAAmD,WAAW,+CAA+C,CAC9G,CAAC;IACJ,CAAC;IAED,uDAAuD;IACvD,IAAI,WAAW,IAAI,CAAC,EAAE,CAAC;QACrB,KAAK,IAAI,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,WAAW,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC;QAC5C,kBAAkB,CAAC,IAAI,CACrB,2BAA2B,WAAW,0BAA0B,CACjE,CAAC;IACJ,CAAC;IAED,yCAAyC;IACzC,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC3B,KAAK,IAAI,GAAG,CAAC;QACb,kBAAkB,CAAC,IAAI,CACrB,GAAG,WAAW,CAAC,MAAM,wDAAwD,CAC9E,CAAC;IACJ,CAAC;IAED,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;IAE7B,IAAI,IAAY,CAAC;IACjB,IAAI,KAAK,IAAI,GAAG,EAAE,CAAC;QACjB,IAAI,GAAG,UAAU,CAAC;IACpB,CAAC;SAAM,IAAI,KAAK,IAAI,GAAG,EAAE,CAAC;QACxB,IAAI,GAAG,MAAM,CAAC;IAChB,CAAC;SAAM,IAAI,KAAK,IAAI,GAAG,EAAE,CAAC;QACxB,IAAI,GAAG,QAAQ,CAAC;IAClB,CAAC;SAAM,CAAC;QACN,IAAI,GAAG,KAAK,CAAC;IACf,CAAC;IAED,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,kBAAkB,EAAE,CAAC;AAC7C,CAAC"}
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Entity extraction from memory content
|
|
3
|
+
*
|
|
4
|
+
* Identifies security-relevant entities (URLs, credentials, commands, etc.)
|
|
5
|
+
* that could be fragments of a larger attack payload.
|
|
6
|
+
*/
|
|
7
|
+
export interface ExtractedEntity {
|
|
8
|
+
type: 'url' | 'credential' | 'command' | 'file_path' | 'api_key' | 'ip_address';
|
|
9
|
+
value: string;
|
|
10
|
+
}
|
|
11
|
+
/**
|
|
12
|
+
* Extract security-relevant entities from content
|
|
13
|
+
*/
|
|
14
|
+
export declare function extractEntities(content: string): ExtractedEntity[];
|
|
15
|
+
/**
|
|
16
|
+
* Store extracted entities in the fragmentation_entities table
|
|
17
|
+
*/
|
|
18
|
+
export declare function storeExtractedEntities(memoryId: number, entities: ExtractedEntity[]): void;
|
|
19
|
+
//# sourceMappingURL=entity-extractor.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"entity-extractor.d.ts","sourceRoot":"","sources":["../../../src/defence/fragmentation/entity-extractor.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,KAAK,GAAG,YAAY,GAAG,SAAS,GAAG,WAAW,GAAG,SAAS,GAAG,YAAY,CAAC;IAChF,KAAK,EAAE,MAAM,CAAC;CACf;AAwBD;;GAEG;AACH,wBAAgB,eAAe,CAAC,OAAO,EAAE,MAAM,GAAG,eAAe,EAAE,CAoDlE;AAED;;GAEG;AACH,wBAAgB,sBAAsB,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,eAAe,EAAE,GAAG,IAAI,CAe1F"}
|
|
@@ -0,0 +1,86 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Entity extraction from memory content
|
|
3
|
+
*
|
|
4
|
+
* Identifies security-relevant entities (URLs, credentials, commands, etc.)
|
|
5
|
+
* that could be fragments of a larger attack payload.
|
|
6
|
+
*/
|
|
7
|
+
import { getDatabase } from '../../database/init.js';
|
|
8
|
+
// ── Regex patterns ──
|
|
9
|
+
const URL_PATTERN = /https?:\/\/[^\s"'<>)\]]+/gi;
|
|
10
|
+
const API_KEY_PATTERNS = [
|
|
11
|
+
/sk-[A-Za-z0-9]{20,}/g, // OpenAI-style
|
|
12
|
+
/AKIA[A-Z0-9]{16}/g, // AWS access key
|
|
13
|
+
/ghp_[A-Za-z0-9]{36,}/g, // GitHub PAT
|
|
14
|
+
/gho_[A-Za-z0-9]{36,}/g, // GitHub OAuth
|
|
15
|
+
/glpat-[A-Za-z0-9\-_]{20,}/g, // GitLab PAT
|
|
16
|
+
/xox[bposa]-[A-Za-z0-9\-]+/g, // Slack tokens
|
|
17
|
+
];
|
|
18
|
+
const CREDENTIAL_PATTERN = /(?:token|password|secret|key|auth)[=:\s]+["']?([A-Za-z0-9_\-]{20,})["']?/gi;
|
|
19
|
+
const COMMAND_PATTERNS = /(?:^|\s)((?:curl|wget|ssh|scp|rsync|chmod|chown|rm|sudo|apt|yum|pip|npm|docker|kubectl|nc|ncat|bash|sh|python|perl|ruby|eval|exec)\s+[^\n]{3,})/gim;
|
|
20
|
+
const UNIX_PATH_PATTERN = /(?:^|\s)(\/(?:etc|var|tmp|usr|home|opt|root|dev|proc|sys|bin|sbin)\/[^\s"'<>]+)/gm;
|
|
21
|
+
const WINDOWS_PATH_PATTERN = /(?:^|\s)([A-Z]:\\[^\s"'<>]+)/gm;
|
|
22
|
+
const IPV4_PATTERN = /\b(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\b/g;
|
|
23
|
+
/**
|
|
24
|
+
* Extract security-relevant entities from content
|
|
25
|
+
*/
|
|
26
|
+
export function extractEntities(content) {
|
|
27
|
+
const entities = [];
|
|
28
|
+
const seen = new Set();
|
|
29
|
+
const add = (type, value) => {
|
|
30
|
+
const key = `${type}:${value}`;
|
|
31
|
+
if (!seen.has(key)) {
|
|
32
|
+
seen.add(key);
|
|
33
|
+
entities.push({ type, value });
|
|
34
|
+
}
|
|
35
|
+
};
|
|
36
|
+
// URLs
|
|
37
|
+
for (const match of content.matchAll(URL_PATTERN)) {
|
|
38
|
+
add('url', match[0]);
|
|
39
|
+
}
|
|
40
|
+
// API keys (check before generic credentials)
|
|
41
|
+
for (const pattern of API_KEY_PATTERNS) {
|
|
42
|
+
for (const match of content.matchAll(pattern)) {
|
|
43
|
+
add('api_key', match[0]);
|
|
44
|
+
}
|
|
45
|
+
}
|
|
46
|
+
// Credentials
|
|
47
|
+
for (const match of content.matchAll(CREDENTIAL_PATTERN)) {
|
|
48
|
+
add('credential', match[1]);
|
|
49
|
+
}
|
|
50
|
+
// Commands
|
|
51
|
+
for (const match of content.matchAll(COMMAND_PATTERNS)) {
|
|
52
|
+
add('command', match[1].trim());
|
|
53
|
+
}
|
|
54
|
+
// File paths
|
|
55
|
+
for (const match of content.matchAll(UNIX_PATH_PATTERN)) {
|
|
56
|
+
add('file_path', match[1]);
|
|
57
|
+
}
|
|
58
|
+
for (const match of content.matchAll(WINDOWS_PATH_PATTERN)) {
|
|
59
|
+
add('file_path', match[1]);
|
|
60
|
+
}
|
|
61
|
+
// IP addresses
|
|
62
|
+
for (const match of content.matchAll(IPV4_PATTERN)) {
|
|
63
|
+
const ip = match[1];
|
|
64
|
+
const parts = ip.split('.').map(Number);
|
|
65
|
+
if (parts.every(p => p >= 0 && p <= 255)) {
|
|
66
|
+
add('ip_address', ip);
|
|
67
|
+
}
|
|
68
|
+
}
|
|
69
|
+
return entities;
|
|
70
|
+
}
|
|
71
|
+
/**
|
|
72
|
+
* Store extracted entities in the fragmentation_entities table
|
|
73
|
+
*/
|
|
74
|
+
export function storeExtractedEntities(memoryId, entities) {
|
|
75
|
+
if (entities.length === 0)
|
|
76
|
+
return;
|
|
77
|
+
const db = getDatabase();
|
|
78
|
+
const stmt = db.prepare('INSERT INTO fragmentation_entities (memory_id, entity_type, entity_value) VALUES (?, ?, ?)');
|
|
79
|
+
const insertMany = db.transaction((items) => {
|
|
80
|
+
for (const entity of items) {
|
|
81
|
+
stmt.run(memoryId, entity.type, entity.value);
|
|
82
|
+
}
|
|
83
|
+
});
|
|
84
|
+
insertMany(entities);
|
|
85
|
+
}
|
|
86
|
+
//# sourceMappingURL=entity-extractor.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"entity-extractor.js","sourceRoot":"","sources":["../../../src/defence/fragmentation/entity-extractor.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,WAAW,EAAE,MAAM,wBAAwB,CAAC;AAOrD,uBAAuB;AAEvB,MAAM,WAAW,GAAG,4BAA4B,CAAC;AAEjD,MAAM,gBAAgB,GAAG;IACvB,sBAAsB,EAAQ,eAAe;IAC7C,mBAAmB,EAAW,iBAAiB;IAC/C,uBAAuB,EAAO,aAAa;IAC3C,uBAAuB,EAAO,eAAe;IAC7C,4BAA4B,EAAE,aAAa;IAC3C,4BAA4B,EAAE,eAAe;CAC9C,CAAC;AAEF,MAAM,kBAAkB,GAAG,4EAA4E,CAAC;AAExG,MAAM,gBAAgB,GAAG,oJAAoJ,CAAC;AAE9K,MAAM,iBAAiB,GAAG,mFAAmF,CAAC;AAC9G,MAAM,oBAAoB,GAAG,gCAAgC,CAAC;AAE9D,MAAM,YAAY,GAAG,2CAA2C,CAAC;AAEjE;;GAEG;AACH,MAAM,UAAU,eAAe,CAAC,OAAe;IAC7C,MAAM,QAAQ,GAAsB,EAAE,CAAC;IACvC,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;IAE/B,MAAM,GAAG,GAAG,CAAC,IAA6B,EAAE,KAAa,EAAE,EAAE;QAC3D,MAAM,GAAG,GAAG,GAAG,IAAI,IAAI,KAAK,EAAE,CAAC;QAC/B,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;YACnB,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;YACd,QAAQ,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QACjC,CAAC;IACH,CAAC,CAAC;IAEF,OAAO;IACP,KAAK,MAAM,KAAK,IAAI,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;QAClD,GAAG,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IACvB,CAAC;IAED,8CAA8C;IAC9C,KAAK,MAAM,OAAO,IAAI,gBAAgB,EAAE,CAAC;QACvC,KAAK,MAAM,KAAK,IAAI,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;YAC9C,GAAG,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QAC3B,CAAC;IACH,CAAC;IAED,cAAc;IACd,KAAK,MAAM,KAAK,IAAI,OAAO,CAAC,QAAQ,CAAC,kBAAkB,CAAC,EAAE,CAAC;QACzD,GAAG,CAAC,YAAY,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IAC9B,CAAC;IAED,WAAW;IACX,KAAK,MAAM,KAAK,IAAI,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAC,EAAE,CAAC;QACvD,GAAG,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;IAClC,CAAC;IAED,aAAa;IACb,KAAK,MAAM,KAAK,IAAI,OAAO,CAAC,QAAQ,CAAC,iBAAiB,CAAC,EAAE,CAAC;QACxD,GAAG,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IAC7B,CAAC;IACD,KAAK,MAAM,KAAK,IAAI,OAAO,CAAC,QAAQ,CAAC,oBAAoB,CAAC,EAAE,CAAC;QAC3D,GAAG,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IAC7B,CAAC;IAED,eAAe;IACf,KAAK,MAAM,KAAK,IAAI,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE,CAAC;QACnD,MAAM,EAAE,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QACpB,MAAM,KAAK,GAAG,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACxC,IAAI,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;YACzC,GAAG,CAAC,YAAY,EAAE,EAAE,CAAC,CAAC;QACxB,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,sBAAsB,CAAC,QAAgB,EAAE,QAA2B;IAClF,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO;IAElC,MAAM,EAAE,GAAG,WAAW,EAAE,CAAC;IACzB,MAAM,IAAI,GAAG,EAAE,CAAC,OAAO,CACrB,4FAA4F,CAC7F,CAAC;IAEF,MAAM,UAAU,GAAG,EAAE,CAAC,WAAW,CAAC,CAAC,KAAwB,EAAE,EAAE;QAC7D,KAAK,MAAM,MAAM,IAAI,KAAK,EAAE,CAAC;YAC3B,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC;QAChD,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,UAAU,CAAC,QAAQ,CAAC,CAAC;AACvB,CAAC"}
|
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Fragmentation Detector
|
|
3
|
+
*
|
|
4
|
+
* Detects fragmented payload assembly — the attack vector where individually
|
|
5
|
+
* benign memories combine into an attack when assembled. Inspired by the
|
|
6
|
+
* Palo Alto research on memory poisoning through fragment accumulation.
|
|
7
|
+
*/
|
|
8
|
+
import type { DefenceConfig, FragmentationAnalysis } from '../types.js';
|
|
9
|
+
export { extractEntities, storeExtractedEntities } from './entity-extractor.js';
|
|
10
|
+
export type { ExtractedEntity } from './entity-extractor.js';
|
|
11
|
+
export { getRecentEntities, findOverlappingEntities } from './temporal-analyzer.js';
|
|
12
|
+
export type { OverlappingEntity } from './temporal-analyzer.js';
|
|
13
|
+
export { detectAssembly } from './assembly-detector.js';
|
|
14
|
+
export type { AssemblyAnalysis } from './assembly-detector.js';
|
|
15
|
+
/**
|
|
16
|
+
* Full fragmentation analysis pipeline for incoming content
|
|
17
|
+
*/
|
|
18
|
+
export declare function analyzeFragmentation(content: string, title: string, config: DefenceConfig): FragmentationAnalysis;
|
|
19
|
+
/**
|
|
20
|
+
* Store fragmentation data for a newly created memory
|
|
21
|
+
*/
|
|
22
|
+
export declare function storeFragmentationData(memoryId: number, content: string): void;
|
|
23
|
+
//# sourceMappingURL=index.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/defence/fragmentation/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,qBAAqB,EAAE,MAAM,aAAa,CAAC;AAKxE,OAAO,EAAE,eAAe,EAAE,sBAAsB,EAAE,MAAM,uBAAuB,CAAC;AAChF,YAAY,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AAC7D,OAAO,EAAE,iBAAiB,EAAE,uBAAuB,EAAE,MAAM,wBAAwB,CAAC;AACpF,YAAY,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAC;AAChE,OAAO,EAAE,cAAc,EAAE,MAAM,wBAAwB,CAAC;AACxD,YAAY,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAE/D;;GAEG;AACH,wBAAgB,oBAAoB,CAClC,OAAO,EAAE,MAAM,EACf,KAAK,EAAE,MAAM,EACb,MAAM,EAAE,aAAa,GACpB,qBAAqB,CA+BvB;AAED;;GAEG;AACH,wBAAgB,sBAAsB,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,IAAI,CAG9E"}
|
|
@@ -0,0 +1,49 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Fragmentation Detector
|
|
3
|
+
*
|
|
4
|
+
* Detects fragmented payload assembly — the attack vector where individually
|
|
5
|
+
* benign memories combine into an attack when assembled. Inspired by the
|
|
6
|
+
* Palo Alto research on memory poisoning through fragment accumulation.
|
|
7
|
+
*/
|
|
8
|
+
import { extractEntities, storeExtractedEntities } from './entity-extractor.js';
|
|
9
|
+
import { findOverlappingEntities } from './temporal-analyzer.js';
|
|
10
|
+
import { detectAssembly } from './assembly-detector.js';
|
|
11
|
+
export { extractEntities, storeExtractedEntities } from './entity-extractor.js';
|
|
12
|
+
export { getRecentEntities, findOverlappingEntities } from './temporal-analyzer.js';
|
|
13
|
+
export { detectAssembly } from './assembly-detector.js';
|
|
14
|
+
/**
|
|
15
|
+
* Full fragmentation analysis pipeline for incoming content
|
|
16
|
+
*/
|
|
17
|
+
export function analyzeFragmentation(content, title, config) {
|
|
18
|
+
const fullText = `${title}\n${content}`;
|
|
19
|
+
const newEntities = extractEntities(fullText);
|
|
20
|
+
if (newEntities.length === 0) {
|
|
21
|
+
return {
|
|
22
|
+
score: 0,
|
|
23
|
+
relatedMemoryIds: [],
|
|
24
|
+
suspiciousEntities: [],
|
|
25
|
+
assemblyRisk: 'none',
|
|
26
|
+
};
|
|
27
|
+
}
|
|
28
|
+
const windowHours = config.fragmentationWindowHours;
|
|
29
|
+
const overlapping = findOverlappingEntities(newEntities, windowHours);
|
|
30
|
+
const assembly = detectAssembly(overlapping, newEntities);
|
|
31
|
+
const relatedMemoryIds = [
|
|
32
|
+
...new Set(overlapping.flatMap(o => o.memoryIds)),
|
|
33
|
+
];
|
|
34
|
+
const suspiciousEntities = overlapping.map(o => `${o.type}:${o.value} (${o.occurrences} occurrences)`);
|
|
35
|
+
return {
|
|
36
|
+
score: assembly.score,
|
|
37
|
+
relatedMemoryIds,
|
|
38
|
+
suspiciousEntities,
|
|
39
|
+
assemblyRisk: assembly.risk,
|
|
40
|
+
};
|
|
41
|
+
}
|
|
42
|
+
/**
|
|
43
|
+
* Store fragmentation data for a newly created memory
|
|
44
|
+
*/
|
|
45
|
+
export function storeFragmentationData(memoryId, content) {
|
|
46
|
+
const entities = extractEntities(content);
|
|
47
|
+
storeExtractedEntities(memoryId, entities);
|
|
48
|
+
}
|
|
49
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/defence/fragmentation/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAGH,OAAO,EAAE,eAAe,EAAE,sBAAsB,EAAE,MAAM,uBAAuB,CAAC;AAChF,OAAO,EAAE,uBAAuB,EAAE,MAAM,wBAAwB,CAAC;AACjE,OAAO,EAAE,cAAc,EAAE,MAAM,wBAAwB,CAAC;AAExD,OAAO,EAAE,eAAe,EAAE,sBAAsB,EAAE,MAAM,uBAAuB,CAAC;AAEhF,OAAO,EAAE,iBAAiB,EAAE,uBAAuB,EAAE,MAAM,wBAAwB,CAAC;AAEpF,OAAO,EAAE,cAAc,EAAE,MAAM,wBAAwB,CAAC;AAGxD;;GAEG;AACH,MAAM,UAAU,oBAAoB,CAClC,OAAe,EACf,KAAa,EACb,MAAqB;IAErB,MAAM,QAAQ,GAAG,GAAG,KAAK,KAAK,OAAO,EAAE,CAAC;IACxC,MAAM,WAAW,GAAG,eAAe,CAAC,QAAQ,CAAC,CAAC;IAE9C,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC7B,OAAO;YACL,KAAK,EAAE,CAAC;YACR,gBAAgB,EAAE,EAAE;YACpB,kBAAkB,EAAE,EAAE;YACtB,YAAY,EAAE,MAAM;SACrB,CAAC;IACJ,CAAC;IAED,MAAM,WAAW,GAAG,MAAM,CAAC,wBAAwB,CAAC;IACpD,MAAM,WAAW,GAAG,uBAAuB,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC;IACtE,MAAM,QAAQ,GAAG,cAAc,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC;IAE1D,MAAM,gBAAgB,GAAG;QACvB,GAAG,IAAI,GAAG,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;KAClD,CAAC;IAEF,MAAM,kBAAkB,GAAG,WAAW,CAAC,GAAG,CACxC,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,KAAK,KAAK,CAAC,CAAC,WAAW,eAAe,CAC3D,CAAC;IAEF,OAAO;QACL,KAAK,EAAE,QAAQ,CAAC,KAAK;QACrB,gBAAgB;QAChB,kBAAkB;QAClB,YAAY,EAAE,QAAQ,CAAC,IAAI;KAC5B,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,sBAAsB,CAAC,QAAgB,EAAE,OAAe;IACtE,MAAM,QAAQ,GAAG,eAAe,CAAC,OAAO,CAAC,CAAC;IAC1C,sBAAsB,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;AAC7C,CAAC"}
|
|
@@ -0,0 +1,28 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Temporal analysis of entity fragments
|
|
3
|
+
*
|
|
4
|
+
* Looks for entity overlap across memories within a time window,
|
|
5
|
+
* detecting potential fragment assembly over time.
|
|
6
|
+
*/
|
|
7
|
+
import type { ExtractedEntity } from './entity-extractor.js';
|
|
8
|
+
export interface OverlappingEntity {
|
|
9
|
+
type: string;
|
|
10
|
+
value: string;
|
|
11
|
+
occurrences: number;
|
|
12
|
+
memoryIds: number[];
|
|
13
|
+
}
|
|
14
|
+
export interface RecentEntity {
|
|
15
|
+
entity_type: string;
|
|
16
|
+
entity_value: string;
|
|
17
|
+
memory_id: number;
|
|
18
|
+
detected_at: string;
|
|
19
|
+
}
|
|
20
|
+
/**
|
|
21
|
+
* Query fragmentation_entities for entries within the time window
|
|
22
|
+
*/
|
|
23
|
+
export declare function getRecentEntities(windowHours: number): RecentEntity[];
|
|
24
|
+
/**
|
|
25
|
+
* Find entities from the new memory that also appear in recent memories
|
|
26
|
+
*/
|
|
27
|
+
export declare function findOverlappingEntities(entities: ExtractedEntity[], windowHours: number): OverlappingEntity[];
|
|
28
|
+
//# sourceMappingURL=temporal-analyzer.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"temporal-analyzer.d.ts","sourceRoot":"","sources":["../../../src/defence/fragmentation/temporal-analyzer.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AAE7D,MAAM,WAAW,iBAAiB;IAChC,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,EAAE,CAAC;CACrB;AAED,MAAM,WAAW,YAAY;IAC3B,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,WAAW,EAAE,MAAM,GAAG,YAAY,EAAE,CAUrE;AAED;;GAEG;AACH,wBAAgB,uBAAuB,CACrC,QAAQ,EAAE,eAAe,EAAE,EAC3B,WAAW,EAAE,MAAM,GAClB,iBAAiB,EAAE,CAuBrB"}
|
|
@@ -0,0 +1,41 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Temporal analysis of entity fragments
|
|
3
|
+
*
|
|
4
|
+
* Looks for entity overlap across memories within a time window,
|
|
5
|
+
* detecting potential fragment assembly over time.
|
|
6
|
+
*/
|
|
7
|
+
import { getDatabase } from '../../database/init.js';
|
|
8
|
+
/**
|
|
9
|
+
* Query fragmentation_entities for entries within the time window
|
|
10
|
+
*/
|
|
11
|
+
export function getRecentEntities(windowHours) {
|
|
12
|
+
const db = getDatabase();
|
|
13
|
+
const rows = db.prepare(`SELECT entity_type, entity_value, memory_id, detected_at
|
|
14
|
+
FROM fragmentation_entities
|
|
15
|
+
WHERE detected_at >= datetime('now', ? || ' hours')
|
|
16
|
+
ORDER BY detected_at DESC`).all(-windowHours);
|
|
17
|
+
return rows;
|
|
18
|
+
}
|
|
19
|
+
/**
|
|
20
|
+
* Find entities from the new memory that also appear in recent memories
|
|
21
|
+
*/
|
|
22
|
+
export function findOverlappingEntities(entities, windowHours) {
|
|
23
|
+
if (entities.length === 0)
|
|
24
|
+
return [];
|
|
25
|
+
const recent = getRecentEntities(windowHours);
|
|
26
|
+
const overlapping = [];
|
|
27
|
+
for (const entity of entities) {
|
|
28
|
+
const matches = recent.filter(r => r.entity_type === entity.type && r.entity_value === entity.value);
|
|
29
|
+
if (matches.length > 0) {
|
|
30
|
+
const memoryIds = [...new Set(matches.map(m => m.memory_id))];
|
|
31
|
+
overlapping.push({
|
|
32
|
+
type: entity.type,
|
|
33
|
+
value: entity.value,
|
|
34
|
+
occurrences: matches.length,
|
|
35
|
+
memoryIds,
|
|
36
|
+
});
|
|
37
|
+
}
|
|
38
|
+
}
|
|
39
|
+
return overlapping;
|
|
40
|
+
}
|
|
41
|
+
//# sourceMappingURL=temporal-analyzer.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"temporal-analyzer.js","sourceRoot":"","sources":["../../../src/defence/fragmentation/temporal-analyzer.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,WAAW,EAAE,MAAM,wBAAwB,CAAC;AAiBrD;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAAC,WAAmB;IACnD,MAAM,EAAE,GAAG,WAAW,EAAE,CAAC;IACzB,MAAM,IAAI,GAAG,EAAE,CAAC,OAAO,CACrB;;;+BAG2B,CAC5B,CAAC,GAAG,CAAC,CAAC,WAAW,CAAmB,CAAC;IAEtC,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,uBAAuB,CACrC,QAA2B,EAC3B,WAAmB;IAEnB,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,CAAC;IAErC,MAAM,MAAM,GAAG,iBAAiB,CAAC,WAAW,CAAC,CAAC;IAC9C,MAAM,WAAW,GAAwB,EAAE,CAAC;IAE5C,KAAK,MAAM,MAAM,IAAI,QAAQ,EAAE,CAAC;QAC9B,MAAM,OAAO,GAAG,MAAM,CAAC,MAAM,CAC3B,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,WAAW,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,CAAC,YAAY,KAAK,MAAM,CAAC,KAAK,CACtE,CAAC;QAEF,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACvB,MAAM,SAAS,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;YAC9D,WAAW,CAAC,IAAI,CAAC;gBACf,IAAI,EAAE,MAAM,CAAC,IAAI;gBACjB,KAAK,EAAE,MAAM,CAAC,KAAK;gBACnB,WAAW,EAAE,OAAO,CAAC,MAAM;gBAC3B,SAAS;aACV,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,WAAW,CAAC;AACrB,CAAC"}
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Defence layer — top-level re-exports
|
|
3
|
+
*/
|
|
4
|
+
export { runDefencePipeline } from './pipeline.js';
|
|
5
|
+
export { DEFAULT_DEFENCE_CONFIG } from './types.js';
|
|
6
|
+
export type { DefenceConfig, DefencePipelineResult, DefenceSource, FirewallAnalysis, FirewallResult, FragmentationAnalysis, SensitivityClassification, SensitivityLevel, ThreatIndicator, TrustScore, QuarantineEntry, AuditEntry, } from './types.js';
|
|
7
|
+
export { scoreSource, filterByTrust } from './trust/index.js';
|
|
8
|
+
export { analyzeFirewall } from './firewall/index.js';
|
|
9
|
+
export { classifySensitivity, redactContent, redactForDisplay } from './sensitivity/index.js';
|
|
10
|
+
export { analyzeFragmentation, storeFragmentationData } from './fragmentation/index.js';
|
|
11
|
+
export { logAudit, queryAuditLogs, getAuditStats } from './audit/index.js';
|
|
12
|
+
//# sourceMappingURL=index.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/defence/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAGH,OAAO,EAAE,kBAAkB,EAAE,MAAM,eAAe,CAAC;AAGnD,OAAO,EAAE,sBAAsB,EAAE,MAAM,YAAY,CAAC;AACpD,YAAY,EACV,aAAa,EACb,qBAAqB,EACrB,aAAa,EACb,gBAAgB,EAChB,cAAc,EACd,qBAAqB,EACrB,yBAAyB,EACzB,gBAAgB,EAChB,eAAe,EACf,UAAU,EACV,eAAe,EACf,UAAU,GACX,MAAM,YAAY,CAAC;AAGpB,OAAO,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AAG9D,OAAO,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAC;AAGtD,OAAO,EAAE,mBAAmB,EAAE,aAAa,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAG9F,OAAO,EAAE,oBAAoB,EAAE,sBAAsB,EAAE,MAAM,0BAA0B,CAAC;AAGxF,OAAO,EAAE,QAAQ,EAAE,cAAc,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC"}
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Defence layer — top-level re-exports
|
|
3
|
+
*/
|
|
4
|
+
// Pipeline
|
|
5
|
+
export { runDefencePipeline } from './pipeline.js';
|
|
6
|
+
// Config & types
|
|
7
|
+
export { DEFAULT_DEFENCE_CONFIG } from './types.js';
|
|
8
|
+
// Trust
|
|
9
|
+
export { scoreSource, filterByTrust } from './trust/index.js';
|
|
10
|
+
// Firewall
|
|
11
|
+
export { analyzeFirewall } from './firewall/index.js';
|
|
12
|
+
// Sensitivity
|
|
13
|
+
export { classifySensitivity, redactContent, redactForDisplay } from './sensitivity/index.js';
|
|
14
|
+
// Fragmentation
|
|
15
|
+
export { analyzeFragmentation, storeFragmentationData } from './fragmentation/index.js';
|
|
16
|
+
// Audit
|
|
17
|
+
export { logAudit, queryAuditLogs, getAuditStats } from './audit/index.js';
|
|
18
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/defence/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,WAAW;AACX,OAAO,EAAE,kBAAkB,EAAE,MAAM,eAAe,CAAC;AAEnD,iBAAiB;AACjB,OAAO,EAAE,sBAAsB,EAAE,MAAM,YAAY,CAAC;AAgBpD,QAAQ;AACR,OAAO,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AAE9D,WAAW;AACX,OAAO,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAC;AAEtD,cAAc;AACd,OAAO,EAAE,mBAAmB,EAAE,aAAa,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAE9F,gBAAgB;AAChB,OAAO,EAAE,oBAAoB,EAAE,sBAAsB,EAAE,MAAM,0BAA0B,CAAC;AAExF,QAAQ;AACR,OAAO,EAAE,QAAQ,EAAE,cAAc,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC"}
|
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Defence Pipeline Orchestrator
|
|
3
|
+
*
|
|
4
|
+
* Runs all 5 defence layers in sequence and returns a unified result.
|
|
5
|
+
* Fail-open: if any layer throws, the pipeline defaults to ALLOW with a warning.
|
|
6
|
+
*/
|
|
7
|
+
import type { DefenceConfig, DefencePipelineResult, DefenceSource } from './types.js';
|
|
8
|
+
export declare function runDefencePipeline(content: string, title: string, source: DefenceSource, config?: DefenceConfig): DefencePipelineResult;
|
|
9
|
+
//# sourceMappingURL=pipeline.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"pipeline.d.ts","sourceRoot":"","sources":["../../src/defence/pipeline.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EACV,aAAa,EACb,qBAAqB,EACrB,aAAa,EAKd,MAAM,YAAY,CAAC;AASpB,wBAAgB,kBAAkB,CAChC,OAAO,EAAE,MAAM,EACf,KAAK,EAAE,MAAM,EACb,MAAM,EAAE,aAAa,EACrB,MAAM,CAAC,EAAE,aAAa,GACrB,qBAAqB,CAqHvB"}
|
|
@@ -0,0 +1,115 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Defence Pipeline Orchestrator
|
|
3
|
+
*
|
|
4
|
+
* Runs all 5 defence layers in sequence and returns a unified result.
|
|
5
|
+
* Fail-open: if any layer throws, the pipeline defaults to ALLOW with a warning.
|
|
6
|
+
*/
|
|
7
|
+
import { DEFAULT_DEFENCE_CONFIG } from './types.js';
|
|
8
|
+
import { scoreSource } from './trust/index.js';
|
|
9
|
+
import { analyzeFirewall } from './firewall/index.js';
|
|
10
|
+
import { classifySensitivity } from './sensitivity/index.js';
|
|
11
|
+
import { analyzeFragmentation } from './fragmentation/index.js';
|
|
12
|
+
import { logAudit, createContentHash } from './audit/index.js';
|
|
13
|
+
export function runDefencePipeline(content, title, source, config) {
|
|
14
|
+
const cfg = config ?? DEFAULT_DEFENCE_CONFIG;
|
|
15
|
+
const startTime = performance.now();
|
|
16
|
+
try {
|
|
17
|
+
// 1. Score trust
|
|
18
|
+
const trust = scoreSource(source);
|
|
19
|
+
// 2. Run firewall
|
|
20
|
+
const firewall = analyzeFirewall(content, title, source, trust.score, cfg);
|
|
21
|
+
// 3. Classify sensitivity
|
|
22
|
+
const sensitivity = classifySensitivity(content, title);
|
|
23
|
+
// 4. Run fragmentation detection (if enabled and firewall didn't block)
|
|
24
|
+
let fragmentation = null;
|
|
25
|
+
if (cfg.enableFragmentationDetection && firewall.result !== 'BLOCK') {
|
|
26
|
+
fragmentation = analyzeFragmentation(content, title, cfg);
|
|
27
|
+
}
|
|
28
|
+
// 5. Determine final decision
|
|
29
|
+
let allowed;
|
|
30
|
+
let reason;
|
|
31
|
+
if (firewall.result === 'BLOCK') {
|
|
32
|
+
allowed = false;
|
|
33
|
+
reason = firewall.reason;
|
|
34
|
+
}
|
|
35
|
+
else if (fragmentation !== null &&
|
|
36
|
+
fragmentation.score > cfg.autoQuarantineThreshold) {
|
|
37
|
+
allowed = false;
|
|
38
|
+
reason = `Quarantined: fragmentation score ${fragmentation.score} exceeds threshold ${cfg.autoQuarantineThreshold}`;
|
|
39
|
+
}
|
|
40
|
+
else {
|
|
41
|
+
allowed = true;
|
|
42
|
+
reason = firewall.reason;
|
|
43
|
+
}
|
|
44
|
+
const durationMs = Math.round(performance.now() - startTime);
|
|
45
|
+
// 6. Log audit
|
|
46
|
+
const _contentHash = createContentHash(content);
|
|
47
|
+
const auditId = logAudit({
|
|
48
|
+
memory_id: null,
|
|
49
|
+
timestamp: new Date().toISOString(),
|
|
50
|
+
source_type: source.type,
|
|
51
|
+
source_identifier: source.identifier,
|
|
52
|
+
trust_score: trust.score,
|
|
53
|
+
sensitivity_level: sensitivity.level,
|
|
54
|
+
firewall_result: firewall.result,
|
|
55
|
+
anomaly_score: firewall.anomalyScore,
|
|
56
|
+
threat_indicators: JSON.stringify(firewall.threatIndicators),
|
|
57
|
+
blocked_patterns: JSON.stringify(firewall.blockedPatterns),
|
|
58
|
+
reason,
|
|
59
|
+
fragmentation_score: fragmentation?.score ?? null,
|
|
60
|
+
pipeline_duration_ms: durationMs,
|
|
61
|
+
});
|
|
62
|
+
return {
|
|
63
|
+
allowed,
|
|
64
|
+
firewall,
|
|
65
|
+
fragmentation,
|
|
66
|
+
sensitivity,
|
|
67
|
+
trust,
|
|
68
|
+
auditId,
|
|
69
|
+
};
|
|
70
|
+
}
|
|
71
|
+
catch (err) {
|
|
72
|
+
// Fail-open: log warning and allow
|
|
73
|
+
const durationMs = Math.round(performance.now() - startTime);
|
|
74
|
+
console.error('[defence] Pipeline error, failing open:', err);
|
|
75
|
+
const auditId = logAudit({
|
|
76
|
+
memory_id: null,
|
|
77
|
+
timestamp: new Date().toISOString(),
|
|
78
|
+
source_type: source.type,
|
|
79
|
+
source_identifier: source.identifier,
|
|
80
|
+
trust_score: 0,
|
|
81
|
+
sensitivity_level: 'PUBLIC',
|
|
82
|
+
firewall_result: 'ALLOW',
|
|
83
|
+
anomaly_score: 0,
|
|
84
|
+
threat_indicators: '[]',
|
|
85
|
+
blocked_patterns: '[]',
|
|
86
|
+
reason: `Pipeline error (fail-open): ${err instanceof Error ? err.message : String(err)}`,
|
|
87
|
+
fragmentation_score: null,
|
|
88
|
+
pipeline_duration_ms: durationMs,
|
|
89
|
+
});
|
|
90
|
+
return {
|
|
91
|
+
allowed: true,
|
|
92
|
+
firewall: {
|
|
93
|
+
result: 'ALLOW',
|
|
94
|
+
reason: 'Pipeline error — fail-open default',
|
|
95
|
+
threatIndicators: [],
|
|
96
|
+
anomalyScore: 0,
|
|
97
|
+
blockedPatterns: [],
|
|
98
|
+
},
|
|
99
|
+
fragmentation: null,
|
|
100
|
+
sensitivity: {
|
|
101
|
+
level: 'PUBLIC',
|
|
102
|
+
confidence: 0,
|
|
103
|
+
detectedPatterns: [],
|
|
104
|
+
redactionRequired: false,
|
|
105
|
+
},
|
|
106
|
+
trust: {
|
|
107
|
+
score: 0,
|
|
108
|
+
source,
|
|
109
|
+
hierarchy: [],
|
|
110
|
+
},
|
|
111
|
+
auditId,
|
|
112
|
+
};
|
|
113
|
+
}
|
|
114
|
+
}
|
|
115
|
+
//# sourceMappingURL=pipeline.js.map
|