npm - shieldcortex - Versions diffs - 2.13.2 → 2.14.0 - Mend

shieldcortex 2.13.2 → 2.14.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (117) hide show

package/dist/defence/iron-dome/audit.js ADDED Viewed

@@ -0,0 +1,34 @@
+/**
+ * Iron Dome — Audit Logging
+ *
+ * Uses the existing ShieldCortex audit system to log Iron Dome events.
+ */
+import { logAudit } from '../audit/logger.js';
+/**
+ * Log an Iron Dome event to the defence audit table.
+ * Fire-and-forget safe: errors are caught and logged, never thrown.
+ */
+export function logIronDomeAudit(event) {
+    try {
+        logAudit({
+            memory_id: null,
+            project: null,
+            timestamp: new Date().toISOString(),
+            source_type: event.source?.type ?? 'cli',
+            source_identifier: event.source?.identifier ?? 'iron-dome',
+            trust_score: 0,
+            sensitivity_level: 'PUBLIC',
+            firewall_result: event.allowed ? 'ALLOW' : 'BLOCK',
+            anomaly_score: 0,
+            threat_indicators: '[]',
+            blocked_patterns: '[]',
+            reason: `[iron-dome:${event.action}] ${event.reason}`,
+            fragmentation_score: null,
+            pipeline_duration_ms: null,
+        });
+    }
+    catch (err) {
+        console.error('[iron-dome] Failed to log audit event:', err);
+    }
+}
+//# sourceMappingURL=audit.js.map

package/dist/defence/iron-dome/audit.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"audit.js","sourceRoot":"","sources":["../../../src/defence/iron-dome/audit.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAW9C;;;GAGG;AACH,MAAM,UAAU,gBAAgB,CAAC,KAAyB;IACxD,IAAI,CAAC;QACH,QAAQ,CAAC;YACP,SAAS,EAAE,IAAI;YACf,OAAO,EAAE,IAAI;YACb,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,WAAW,EAAE,KAAK,CAAC,MAAM,EAAE,IAAI,IAAI,KAAK;YACxC,iBAAiB,EAAE,KAAK,CAAC,MAAM,EAAE,UAAU,IAAI,WAAW;YAC1D,WAAW,EAAE,CAAC;YACd,iBAAiB,EAAE,QAAQ;YAC3B,eAAe,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO;YAClD,aAAa,EAAE,CAAC;YAChB,iBAAiB,EAAE,IAAI;YACvB,gBAAgB,EAAE,IAAI;YACtB,MAAM,EAAE,cAAc,KAAK,CAAC,MAAM,KAAK,KAAK,CAAC,MAAM,EAAE;YACrD,mBAAmB,EAAE,IAAI;YACzB,oBAAoB,EAAE,IAAI;SAC3B,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,KAAK,CAAC,wCAAwC,EAAE,GAAG,CAAC,CAAC;IAC/D,CAAC;AACH,CAAC"}

package/dist/defence/iron-dome/config.d.ts ADDED Viewed

@@ -0,0 +1,28 @@
+/**
+ * Iron Dome — Configuration types and defaults
+ *
+ * Defines the IronDomeConfig interface and pre-built profiles
+ * for different security postures.
+ */
+export interface IronDomePiiRules {
+    neverOutput: string[];
+    aggregatesOnly: string[];
+}
+export interface IronDomeSubAgentRestrictions {
+    blockedOperations: string[];
+    sanitiseContext: boolean;
+}
+export type IronDomeProfile = 'school' | 'enterprise' | 'personal' | 'paranoid';
+export interface IronDomeConfig {
+    enabled: boolean;
+    trustedChannels: string[];
+    killPhrase: string;
+    requireApproval: string[];
+    autoApprove: string[];
+    piiRules: IronDomePiiRules;
+    subAgentRestrictions: IronDomeSubAgentRestrictions;
+    profile?: IronDomeProfile;
+}
+export declare const DEFAULT_IRON_DOME_CONFIG: IronDomeConfig;
+export declare const IRON_DOME_PROFILES: Record<IronDomeProfile, Omit<IronDomeConfig, 'enabled'>>;
+//# sourceMappingURL=config.d.ts.map

package/dist/defence/iron-dome/config.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../../src/defence/iron-dome/config.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH,MAAM,WAAW,gBAAgB;IAC/B,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,cAAc,EAAE,MAAM,EAAE,CAAC;CAC1B;AAED,MAAM,WAAW,4BAA4B;IAC3C,iBAAiB,EAAE,MAAM,EAAE,CAAC;IAC5B,eAAe,EAAE,OAAO,CAAC;CAC1B;AAED,MAAM,MAAM,eAAe,GAAG,QAAQ,GAAG,YAAY,GAAG,UAAU,GAAG,UAAU,CAAC;AAEhF,MAAM,WAAW,cAAc;IAC7B,OAAO,EAAE,OAAO,CAAC;IACjB,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,UAAU,EAAE,MAAM,CAAC;IACnB,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,QAAQ,EAAE,gBAAgB,CAAC;IAC3B,oBAAoB,EAAE,4BAA4B,CAAC;IACnD,OAAO,CAAC,EAAE,eAAe,CAAC;CAC3B;AAID,eAAO,MAAM,wBAAwB,EAAE,cActC,CAAC;AAIF,eAAO,MAAM,kBAAkB,EAAE,MAAM,CAAC,eAAe,EAAE,IAAI,CAAC,cAAc,EAAE,SAAS,CAAC,CA8FvF,CAAC"}

package/dist/defence/iron-dome/config.js ADDED Viewed

@@ -0,0 +1,116 @@
+/**
+ * Iron Dome — Configuration types and defaults
+ *
+ * Defines the IronDomeConfig interface and pre-built profiles
+ * for different security postures.
+ */
+// ── Default Configuration ──
+export const DEFAULT_IRON_DOME_CONFIG = {
+    enabled: false,
+    trustedChannels: ['terminal', 'cli'],
+    killPhrase: 'full stop',
+    requireApproval: ['send_email', 'delete_file', 'api_call', 'purchase', 'transfer_funds'],
+    autoApprove: ['read_file', 'search', 'calculate', 'format'],
+    piiRules: {
+        neverOutput: [],
+        aggregatesOnly: [],
+    },
+    subAgentRestrictions: {
+        blockedOperations: [],
+        sanitiseContext: false,
+    },
+};
+// ── Pre-built Profiles ──
+export const IRON_DOME_PROFILES = {
+    school: {
+        trustedChannels: ['terminal', 'cli'],
+        killPhrase: 'full stop',
+        requireApproval: [
+            'send_email', 'delete_file', 'api_call', 'export_data',
+            'share_data', 'modify_records', 'create_report',
+        ],
+        autoApprove: ['read_file', 'search', 'calculate', 'format'],
+        piiRules: {
+            neverOutput: [
+                'pupil_name', 'student_name', 'date_of_birth', 'address',
+                'parent_name', 'guardian_name', 'medical_info', 'sen_status',
+                'fsm_status', 'ethnicity', 'religion', 'national_insurance',
+            ],
+            aggregatesOnly: [
+                'attendance', 'grades', 'behaviour_points', 'exclusions',
+            ],
+        },
+        subAgentRestrictions: {
+            blockedOperations: ['export_pupil_data', 'bulk_email', 'modify_safeguarding'],
+            sanitiseContext: true,
+        },
+        profile: 'school',
+    },
+    enterprise: {
+        trustedChannels: ['terminal', 'cli', 'slack'],
+        killPhrase: 'full stop',
+        requireApproval: [
+            'send_email', 'delete_file', 'api_call', 'purchase',
+            'transfer_funds', 'modify_permissions', 'deploy', 'export_data',
+        ],
+        autoApprove: ['read_file', 'search', 'calculate', 'format', 'lint', 'test'],
+        piiRules: {
+            neverOutput: [
+                'credit_card', 'bank_account', 'ssn', 'tax_id',
+                'salary', 'compensation',
+            ],
+            aggregatesOnly: [
+                'revenue', 'expenses', 'headcount',
+            ],
+        },
+        subAgentRestrictions: {
+            blockedOperations: ['export_financial_data', 'modify_payroll'],
+            sanitiseContext: true,
+        },
+        profile: 'enterprise',
+    },
+    personal: {
+        trustedChannels: ['terminal', 'cli', 'telegram', 'email'],
+        killPhrase: 'full stop',
+        requireApproval: [
+            'send_email', 'purchase', 'transfer_funds', 'delete_file',
+        ],
+        autoApprove: [
+            'read_file', 'search', 'calculate', 'format',
+            'api_call', 'create_file',
+        ],
+        piiRules: {
+            neverOutput: ['password', 'credit_card', 'bank_account'],
+            aggregatesOnly: [],
+        },
+        subAgentRestrictions: {
+            blockedOperations: [],
+            sanitiseContext: false,
+        },
+        profile: 'personal',
+    },
+    paranoid: {
+        trustedChannels: ['terminal'],
+        killPhrase: 'full stop',
+        requireApproval: [
+            'send_email', 'delete_file', 'api_call', 'purchase',
+            'transfer_funds', 'create_file', 'modify_file', 'deploy',
+            'export_data', 'share_data', 'modify_permissions',
+            'install_package', 'run_script', 'network_request',
+        ],
+        autoApprove: ['search', 'calculate', 'format'],
+        piiRules: {
+            neverOutput: [
+                'password', 'credit_card', 'bank_account', 'ssn', 'tax_id',
+                'date_of_birth', 'address', 'phone_number', 'email_address',
+            ],
+            aggregatesOnly: ['salary', 'revenue', 'expenses'],
+        },
+        subAgentRestrictions: {
+            blockedOperations: ['export_data', 'network_request', 'install_package'],
+            sanitiseContext: true,
+        },
+        profile: 'paranoid',
+    },
+};
+//# sourceMappingURL=config.js.map

package/dist/defence/iron-dome/config.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"config.js","sourceRoot":"","sources":["../../../src/defence/iron-dome/config.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AA2BH,8BAA8B;AAE9B,MAAM,CAAC,MAAM,wBAAwB,GAAmB;IACtD,OAAO,EAAE,KAAK;IACd,eAAe,EAAE,CAAC,UAAU,EAAE,KAAK,CAAC;IACpC,UAAU,EAAE,WAAW;IACvB,eAAe,EAAE,CAAC,YAAY,EAAE,aAAa,EAAE,UAAU,EAAE,UAAU,EAAE,gBAAgB,CAAC;IACxF,WAAW,EAAE,CAAC,WAAW,EAAE,QAAQ,EAAE,WAAW,EAAE,QAAQ,CAAC;IAC3D,QAAQ,EAAE;QACR,WAAW,EAAE,EAAE;QACf,cAAc,EAAE,EAAE;KACnB;IACD,oBAAoB,EAAE;QACpB,iBAAiB,EAAE,EAAE;QACrB,eAAe,EAAE,KAAK;KACvB;CACF,CAAC;AAEF,2BAA2B;AAE3B,MAAM,CAAC,MAAM,kBAAkB,GAA6D;IAC1F,MAAM,EAAE;QACN,eAAe,EAAE,CAAC,UAAU,EAAE,KAAK,CAAC;QACpC,UAAU,EAAE,WAAW;QACvB,eAAe,EAAE;YACf,YAAY,EAAE,aAAa,EAAE,UAAU,EAAE,aAAa;YACtD,YAAY,EAAE,gBAAgB,EAAE,eAAe;SAChD;QACD,WAAW,EAAE,CAAC,WAAW,EAAE,QAAQ,EAAE,WAAW,EAAE,QAAQ,CAAC;QAC3D,QAAQ,EAAE;YACR,WAAW,EAAE;gBACX,YAAY,EAAE,cAAc,EAAE,eAAe,EAAE,SAAS;gBACxD,aAAa,EAAE,eAAe,EAAE,cAAc,EAAE,YAAY;gBAC5D,YAAY,EAAE,WAAW,EAAE,UAAU,EAAE,oBAAoB;aAC5D;YACD,cAAc,EAAE;gBACd,YAAY,EAAE,QAAQ,EAAE,kBAAkB,EAAE,YAAY;aACzD;SACF;QACD,oBAAoB,EAAE;YACpB,iBAAiB,EAAE,CAAC,mBAAmB,EAAE,YAAY,EAAE,qBAAqB,CAAC;YAC7E,eAAe,EAAE,IAAI;SACtB;QACD,OAAO,EAAE,QAAQ;KAClB;IAED,UAAU,EAAE;QACV,eAAe,EAAE,CAAC,UAAU,EAAE,KAAK,EAAE,OAAO,CAAC;QAC7C,UAAU,EAAE,WAAW;QACvB,eAAe,EAAE;YACf,YAAY,EAAE,aAAa,EAAE,UAAU,EAAE,UAAU;YACnD,gBAAgB,EAAE,oBAAoB,EAAE,QAAQ,EAAE,aAAa;SAChE;QACD,WAAW,EAAE,CAAC,WAAW,EAAE,QAAQ,EAAE,WAAW,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC;QAC3E,QAAQ,EAAE;YACR,WAAW,EAAE;gBACX,aAAa,EAAE,cAAc,EAAE,KAAK,EAAE,QAAQ;gBAC9C,QAAQ,EAAE,cAAc;aACzB;YACD,cAAc,EAAE;gBACd,SAAS,EAAE,UAAU,EAAE,WAAW;aACnC;SACF;QACD,oBAAoB,EAAE;YACpB,iBAAiB,EAAE,CAAC,uBAAuB,EAAE,gBAAgB,CAAC;YAC9D,eAAe,EAAE,IAAI;SACtB;QACD,OAAO,EAAE,YAAY;KACtB;IAED,QAAQ,EAAE;QACR,eAAe,EAAE,CAAC,UAAU,EAAE,KAAK,EAAE,UAAU,EAAE,OAAO,CAAC;QACzD,UAAU,EAAE,WAAW;QACvB,eAAe,EAAE;YACf,YAAY,EAAE,UAAU,EAAE,gBAAgB,EAAE,aAAa;SAC1D;QACD,WAAW,EAAE;YACX,WAAW,EAAE,QAAQ,EAAE,WAAW,EAAE,QAAQ;YAC5C,UAAU,EAAE,aAAa;SAC1B;QACD,QAAQ,EAAE;YACR,WAAW,EAAE,CAAC,UAAU,EAAE,aAAa,EAAE,cAAc,CAAC;YACxD,cAAc,EAAE,EAAE;SACnB;QACD,oBAAoB,EAAE;YACpB,iBAAiB,EAAE,EAAE;YACrB,eAAe,EAAE,KAAK;SACvB;QACD,OAAO,EAAE,UAAU;KACpB;IAED,QAAQ,EAAE;QACR,eAAe,EAAE,CAAC,UAAU,CAAC;QAC7B,UAAU,EAAE,WAAW;QACvB,eAAe,EAAE;YACf,YAAY,EAAE,aAAa,EAAE,UAAU,EAAE,UAAU;YACnD,gBAAgB,EAAE,aAAa,EAAE,aAAa,EAAE,QAAQ;YACxD,aAAa,EAAE,YAAY,EAAE,oBAAoB;YACjD,iBAAiB,EAAE,YAAY,EAAE,iBAAiB;SACnD;QACD,WAAW,EAAE,CAAC,QAAQ,EAAE,WAAW,EAAE,QAAQ,CAAC;QAC9C,QAAQ,EAAE;YACR,WAAW,EAAE;gBACX,UAAU,EAAE,aAAa,EAAE,cAAc,EAAE,KAAK,EAAE,QAAQ;gBAC1D,eAAe,EAAE,SAAS,EAAE,cAAc,EAAE,eAAe;aAC5D;YACD,cAAc,EAAE,CAAC,QAAQ,EAAE,SAAS,EAAE,UAAU,CAAC;SAClD;QACD,oBAAoB,EAAE;YACpB,iBAAiB,EAAE,CAAC,aAAa,EAAE,iBAAiB,EAAE,iBAAiB,CAAC;YACxE,eAAe,EAAE,IAAI;SACtB;QACD,OAAO,EAAE,UAAU;KACpB;CACF,CAAC"}

package/dist/defence/iron-dome/gateway.d.ts ADDED Viewed

@@ -0,0 +1,24 @@
+/**
+ * Iron Dome — Instruction Gateway
+ *
+ * Validates whether an instruction channel is trusted before
+ * allowing commands through. Builds on existing trust scoring concepts.
+ */
+import type { IronDomeConfig } from './config.js';
+import type { DefenceSource } from '../types.js';
+export interface GatewayResult {
+    allowed: boolean;
+    channel: string;
+    reason: string;
+    trustLevel: 'trusted' | 'untrusted' | 'blocked';
+}
+/**
+ * Check if a channel is trusted according to Iron Dome configuration.
+ */
+export declare function isChannelTrusted(channel: string, config: IronDomeConfig): boolean;
+/**
+ * Validate an instruction through the gateway.
+ * Returns whether the instruction should be processed.
+ */
+export declare function validateGateway(channel: string, instruction: string, config: IronDomeConfig, source?: DefenceSource): GatewayResult;
+//# sourceMappingURL=gateway.d.ts.map

package/dist/defence/iron-dome/gateway.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"gateway.d.ts","sourceRoot":"","sources":["../../../src/defence/iron-dome/gateway.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAClD,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAGjD,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE,OAAO,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,SAAS,GAAG,WAAW,GAAG,SAAS,CAAC;CACjD;AAED;;GAEG;AACH,wBAAgB,gBAAgB,CAC9B,OAAO,EAAE,MAAM,EACf,MAAM,EAAE,cAAc,GACrB,OAAO,CAGT;AAED;;;GAGG;AACH,wBAAgB,eAAe,CAC7B,OAAO,EAAE,MAAM,EACf,WAAW,EAAE,MAAM,EACnB,MAAM,EAAE,cAAc,EACtB,MAAM,CAAC,EAAE,aAAa,GACrB,aAAa,CAgCf"}

package/dist/defence/iron-dome/gateway.js ADDED Viewed

@@ -0,0 +1,49 @@
+/**
+ * Iron Dome — Instruction Gateway
+ *
+ * Validates whether an instruction channel is trusted before
+ * allowing commands through. Builds on existing trust scoring concepts.
+ */
+import { logIronDomeAudit } from './audit.js';
+/**
+ * Check if a channel is trusted according to Iron Dome configuration.
+ */
+export function isChannelTrusted(channel, config) {
+    if (!config.enabled)
+        return true;
+    return config.trustedChannels.includes(channel.toLowerCase());
+}
+/**
+ * Validate an instruction through the gateway.
+ * Returns whether the instruction should be processed.
+ */
+export function validateGateway(channel, instruction, config, source) {
+    if (!config.enabled) {
+        return {
+            allowed: true,
+            channel,
+            reason: 'Iron Dome is not active',
+            trustLevel: 'trusted',
+        };
+    }
+    const normChannel = channel.toLowerCase();
+    const trusted = config.trustedChannels.includes(normChannel);
+    const result = {
+        allowed: trusted,
+        channel: normChannel,
+        reason: trusted
+            ? `Channel "${normChannel}" is trusted`
+            : `Channel "${normChannel}" is not in trusted channels list`,
+        trustLevel: trusted ? 'trusted' : 'untrusted',
+    };
+    // Log the gateway check
+    logIronDomeAudit({
+        action: 'gateway_check',
+        channel: normChannel,
+        allowed: result.allowed,
+        reason: result.reason,
+        source,
+    });
+    return result;
+}
+//# sourceMappingURL=gateway.js.map

package/dist/defence/iron-dome/gateway.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"gateway.js","sourceRoot":"","sources":["../../../src/defence/iron-dome/gateway.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH,OAAO,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAS9C;;GAEG;AACH,MAAM,UAAU,gBAAgB,CAC9B,OAAe,EACf,MAAsB;IAEtB,IAAI,CAAC,MAAM,CAAC,OAAO;QAAE,OAAO,IAAI,CAAC;IACjC,OAAO,MAAM,CAAC,eAAe,CAAC,QAAQ,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,CAAC;AAChE,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,eAAe,CAC7B,OAAe,EACf,WAAmB,EACnB,MAAsB,EACtB,MAAsB;IAEtB,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;QACpB,OAAO;YACL,OAAO,EAAE,IAAI;YACb,OAAO;YACP,MAAM,EAAE,yBAAyB;YACjC,UAAU,EAAE,SAAS;SACtB,CAAC;IACJ,CAAC;IAED,MAAM,WAAW,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC;IAC1C,MAAM,OAAO,GAAG,MAAM,CAAC,eAAe,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;IAE7D,MAAM,MAAM,GAAkB;QAC5B,OAAO,EAAE,OAAO;QAChB,OAAO,EAAE,WAAW;QACpB,MAAM,EAAE,OAAO;YACb,CAAC,CAAC,YAAY,WAAW,cAAc;YACvC,CAAC,CAAC,YAAY,WAAW,mCAAmC;QAC9D,UAAU,EAAE,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,WAAW;KAC9C,CAAC;IAEF,wBAAwB;IACxB,gBAAgB,CAAC;QACf,MAAM,EAAE,eAAe;QACvB,OAAO,EAAE,WAAW;QACpB,OAAO,EAAE,MAAM,CAAC,OAAO;QACvB,MAAM,EAAE,MAAM,CAAC,MAAM;QACrB,MAAM;KACP,CAAC,CAAC;IAEH,OAAO,MAAM,CAAC;AAChB,CAAC"}

package/dist/defence/iron-dome/index.d.ts ADDED Viewed

@@ -0,0 +1,40 @@
+/**
+ * Iron Dome — Behaviour Protection Layer
+ *
+ * Protects agent BEHAVIOUR (instruction gating, action approval, injection scanning)
+ * while the existing defence layer protects agent MEMORY.
+ *
+ * Main exports for the Iron Dome module.
+ */
+import type { IronDomeConfig, IronDomeProfile } from './config.js';
+export { DEFAULT_IRON_DOME_CONFIG, IRON_DOME_PROFILES } from './config.js';
+export type { IronDomeConfig, IronDomeProfile, IronDomePiiRules, IronDomeSubAgentRestrictions } from './config.js';
+export { scanForInjection } from './injection-scanner.js';
+export type { InjectionScanResult, InjectionDetection, InjectionSeverity, InjectionCategory } from './injection-scanner.js';
+export { isChannelTrusted, validateGateway } from './gateway.js';
+export type { GatewayResult } from './gateway.js';
+export { isActionAllowed } from './action-gate.js';
+export type { ActionGateResult, ActionDecision } from './action-gate.js';
+export { checkPII } from './pii-guard.js';
+export type { PiiCheckResult, PiiViolation } from './pii-guard.js';
+export { handleKillPhrase } from './kill-switch.js';
+export type { KillSwitchResult } from './kill-switch.js';
+export { logIronDomeAudit } from './audit.js';
+export type { IronDomeAuditEvent } from './audit.js';
+/**
+ * Activate Iron Dome with an optional profile.
+ */
+export declare function activateIronDome(profile?: IronDomeProfile): IronDomeConfig;
+/**
+ * Deactivate Iron Dome.
+ */
+export declare function deactivateIronDome(): void;
+/**
+ * Get the current Iron Dome status and configuration.
+ */
+export declare function getIronDomeStatus(): {
+    enabled: boolean;
+    config: IronDomeConfig;
+    profile?: IronDomeProfile;
+};
+//# sourceMappingURL=index.d.ts.map

package/dist/defence/iron-dome/index.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/defence/iron-dome/index.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAGH,OAAO,KAAK,EAAE,cAAc,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAMnE,OAAO,EAAE,wBAAwB,EAAE,kBAAkB,EAAE,MAAM,aAAa,CAAC;AAC3E,YAAY,EAAE,cAAc,EAAE,eAAe,EAAE,gBAAgB,EAAE,4BAA4B,EAAE,MAAM,aAAa,CAAC;AAEnH,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,YAAY,EAAE,mBAAmB,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAC;AAE5H,OAAO,EAAE,gBAAgB,EAAE,eAAe,EAAE,MAAM,cAAc,CAAC;AACjE,YAAY,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAElD,OAAO,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AACnD,YAAY,EAAE,gBAAgB,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAEzE,OAAO,EAAE,QAAQ,EAAE,MAAM,gBAAgB,CAAC;AAC1C,YAAY,EAAE,cAAc,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAEnE,OAAO,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AACpD,YAAY,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AAEzD,OAAO,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAC9C,YAAY,EAAE,kBAAkB,EAAE,MAAM,YAAY,CAAC;AA4DrD;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,OAAO,CAAC,EAAE,eAAe,GAAG,cAAc,CAyB1E;AAED;;GAEG;AACH,wBAAgB,kBAAkB,IAAI,IAAI,CASzC;AAED;;GAEG;AACH,wBAAgB,iBAAiB,IAAI;IACnC,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,EAAE,cAAc,CAAC;IACvB,OAAO,CAAC,EAAE,eAAe,CAAC;CAC3B,CAOA"}

package/dist/defence/iron-dome/index.js ADDED Viewed

@@ -0,0 +1,125 @@
+/**
+ * Iron Dome — Behaviour Protection Layer
+ *
+ * Protects agent BEHAVIOUR (instruction gating, action approval, injection scanning)
+ * while the existing defence layer protects agent MEMORY.
+ *
+ * Main exports for the Iron Dome module.
+ */
+import { getDatabase } from '../../database/init.js';
+import { DEFAULT_IRON_DOME_CONFIG, IRON_DOME_PROFILES } from './config.js';
+import { logIronDomeAudit } from './audit.js';
+// ── Re-exports ──
+export { DEFAULT_IRON_DOME_CONFIG, IRON_DOME_PROFILES } from './config.js';
+export { scanForInjection } from './injection-scanner.js';
+export { isChannelTrusted, validateGateway } from './gateway.js';
+export { isActionAllowed } from './action-gate.js';
+export { checkPII } from './pii-guard.js';
+export { handleKillPhrase } from './kill-switch.js';
+export { logIronDomeAudit } from './audit.js';
+// ── Iron Dome State Management ──
+// In-memory config (persisted to SQLite iron_dome_config table)
+let activeConfig = { ...DEFAULT_IRON_DOME_CONFIG };
+/**
+ * Ensure the iron_dome_config table exists.
+ */
+function ensureTable() {
+    try {
+        const db = getDatabase();
+        db.exec(`
+      CREATE TABLE IF NOT EXISTS iron_dome_config (
+        key TEXT PRIMARY KEY,
+        value TEXT NOT NULL,
+        updated_at TEXT NOT NULL DEFAULT (datetime('now'))
+      )
+    `);
+    }
+    catch {
+        // Database may not be initialised yet — config stays in memory
+    }
+}
+/**
+ * Load Iron Dome configuration from the database.
+ */
+function loadConfig() {
+    try {
+        ensureTable();
+        const db = getDatabase();
+        const row = db.prepare('SELECT value FROM iron_dome_config WHERE key = ?').get('config');
+        if (row) {
+            activeConfig = JSON.parse(row.value);
+            return activeConfig;
+        }
+    }
+    catch {
+        // Fall through to default
+    }
+    return activeConfig;
+}
+/**
+ * Save Iron Dome configuration to the database.
+ */
+function saveConfig(config) {
+    try {
+        ensureTable();
+        const db = getDatabase();
+        db.prepare(`
+      INSERT INTO iron_dome_config (key, value, updated_at)
+      VALUES ('config', ?, datetime('now'))
+      ON CONFLICT(key) DO UPDATE SET value = excluded.value, updated_at = excluded.updated_at
+    `).run(JSON.stringify(config));
+    }
+    catch (err) {
+        console.error('[iron-dome] Failed to save config:', err);
+    }
+}
+/**
+ * Activate Iron Dome with an optional profile.
+ */
+export function activateIronDome(profile) {
+    let config;
+    if (profile && IRON_DOME_PROFILES[profile]) {
+        config = {
+            ...IRON_DOME_PROFILES[profile],
+            enabled: true,
+        };
+    }
+    else {
+        config = {
+            ...DEFAULT_IRON_DOME_CONFIG,
+            enabled: true,
+        };
+    }
+    activeConfig = config;
+    saveConfig(config);
+    logIronDomeAudit({
+        action: 'activate',
+        allowed: true,
+        reason: profile ? `Activated with profile: ${profile}` : 'Activated with default config',
+    });
+    return config;
+}
+/**
+ * Deactivate Iron Dome.
+ */
+export function deactivateIronDome() {
+    activeConfig = { ...DEFAULT_IRON_DOME_CONFIG, enabled: false };
+    saveConfig(activeConfig);
+    logIronDomeAudit({
+        action: 'deactivate',
+        allowed: true,
+        reason: 'Iron Dome deactivated',
+    });
+}
+/**
+ * Get the current Iron Dome status and configuration.
+ */
+export function getIronDomeStatus() {
+    const config = loadConfig();
+    return {
+        enabled: config.enabled,
+        config,
+        profile: config.profile,
+    };
+}
+//# sourceMappingURL=index.js.map

package/dist/defence/iron-dome/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/defence/iron-dome/index.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,WAAW,EAAE,MAAM,wBAAwB,CAAC;AAErD,OAAO,EAAE,wBAAwB,EAAE,kBAAkB,EAAE,MAAM,aAAa,CAAC;AAC3E,OAAO,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAE9C,mBAAmB;AAEnB,OAAO,EAAE,wBAAwB,EAAE,kBAAkB,EAAE,MAAM,aAAa,CAAC;AAG3E,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAG1D,OAAO,EAAE,gBAAgB,EAAE,eAAe,EAAE,MAAM,cAAc,CAAC;AAGjE,OAAO,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAGnD,OAAO,EAAE,QAAQ,EAAE,MAAM,gBAAgB,CAAC;AAG1C,OAAO,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AAGpD,OAAO,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAG9C,mCAAmC;AAEnC,gEAAgE;AAChE,IAAI,YAAY,GAAmB,EAAE,GAAG,wBAAwB,EAAE,CAAC;AAEnE;;GAEG;AACH,SAAS,WAAW;IAClB,IAAI,CAAC;QACH,MAAM,EAAE,GAAG,WAAW,EAAE,CAAC;QACzB,EAAE,CAAC,IAAI,CAAC;;;;;;KAMP,CAAC,CAAC;IACL,CAAC;IAAC,MAAM,CAAC;QACP,+DAA+D;IACjE,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,UAAU;IACjB,IAAI,CAAC;QACH,WAAW,EAAE,CAAC;QACd,MAAM,EAAE,GAAG,WAAW,EAAE,CAAC;QACzB,MAAM,GAAG,GAAG,EAAE,CAAC,OAAO,CAAC,kDAAkD,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAkC,CAAC;QAC1H,IAAI,GAAG,EAAE,CAAC;YACR,YAAY,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;YACrC,OAAO,YAAY,CAAC;QACtB,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,0BAA0B;IAC5B,CAAC;IACD,OAAO,YAAY,CAAC;AACtB,CAAC;AAED;;GAEG;AACH,SAAS,UAAU,CAAC,MAAsB;IACxC,IAAI,CAAC;QACH,WAAW,EAAE,CAAC;QACd,MAAM,EAAE,GAAG,WAAW,EAAE,CAAC;QACzB,EAAE,CAAC,OAAO,CAAC;;;;KAIV,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC;IACjC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,KAAK,CAAC,oCAAoC,EAAE,GAAG,CAAC,CAAC;IAC3D,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,gBAAgB,CAAC,OAAyB;IACxD,IAAI,MAAsB,CAAC;IAE3B,IAAI,OAAO,IAAI,kBAAkB,CAAC,OAAO,CAAC,EAAE,CAAC;QAC3C,MAAM,GAAG;YACP,GAAG,kBAAkB,CAAC,OAAO,CAAC;YAC9B,OAAO,EAAE,IAAI;SACd,CAAC;IACJ,CAAC;SAAM,CAAC;QACN,MAAM,GAAG;YACP,GAAG,wBAAwB;YAC3B,OAAO,EAAE,IAAI;SACd,CAAC;IACJ,CAAC;IAED,YAAY,GAAG,MAAM,CAAC;IACtB,UAAU,CAAC,MAAM,CAAC,CAAC;IAEnB,gBAAgB,CAAC;QACf,MAAM,EAAE,UAAU;QAClB,OAAO,EAAE,IAAI;QACb,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC,2BAA2B,OAAO,EAAE,CAAC,CAAC,CAAC,+BAA+B;KACzF,CAAC,CAAC;IAEH,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,kBAAkB;IAChC,YAAY,GAAG,EAAE,GAAG,wBAAwB,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;IAC/D,UAAU,CAAC,YAAY,CAAC,CAAC;IAEzB,gBAAgB,CAAC;QACf,MAAM,EAAE,YAAY;QACpB,OAAO,EAAE,IAAI;QACb,MAAM,EAAE,uBAAuB;KAChC,CAAC,CAAC;AACL,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,iBAAiB;IAK/B,MAAM,MAAM,GAAG,UAAU,EAAE,CAAC;IAC5B,OAAO;QACL,OAAO,EAAE,MAAM,CAAC,OAAO;QACvB,MAAM;QACN,OAAO,EAAE,MAAM,CAAC,OAAO;KACxB,CAAC;AACJ,CAAC"}

package/dist/defence/iron-dome/injection-scanner.d.ts ADDED Viewed

@@ -0,0 +1,28 @@
+/**
+ * Iron Dome — Prompt Injection Scanner
+ *
+ * Port of ~/clawd/skills/iron-dome/scripts/scan.py to TypeScript.
+ * Detects prompt injection patterns in text content from untrusted sources
+ * (emails, form submissions, API responses, web pages).
+ */
+export type InjectionSeverity = 'low' | 'medium' | 'high' | 'critical';
+export type InjectionCategory = 'fake_system_message' | 'authority_claim' | 'urgency_secrecy' | 'credential_extraction' | 'instruction_injection' | 'encoding_trick' | 'role_manipulation' | 'context_escape';
+export interface InjectionDetection {
+    category: InjectionCategory;
+    severity: InjectionSeverity;
+    pattern: string;
+    match: string;
+    description: string;
+}
+export interface InjectionScanResult {
+    clean: boolean;
+    riskLevel: 'NONE' | 'LOW' | 'MEDIUM' | 'HIGH' | 'CRITICAL';
+    detections: InjectionDetection[];
+    textLength: number;
+    summary: string;
+}
+/**
+ * Scan text for prompt injection patterns.
+ */
+export declare function scanForInjection(text: string): InjectionScanResult;
+//# sourceMappingURL=injection-scanner.d.ts.map

package/dist/defence/iron-dome/injection-scanner.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"injection-scanner.d.ts","sourceRoot":"","sources":["../../../src/defence/iron-dome/injection-scanner.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAIH,MAAM,MAAM,iBAAiB,GAAG,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;AAEvE,MAAM,MAAM,iBAAiB,GACzB,qBAAqB,GACrB,iBAAiB,GACjB,iBAAiB,GACjB,uBAAuB,GACvB,uBAAuB,GACvB,gBAAgB,GAChB,mBAAmB,GACnB,gBAAgB,CAAC;AAErB,MAAM,WAAW,kBAAkB;IACjC,QAAQ,EAAE,iBAAiB,CAAC;IAC5B,QAAQ,EAAE,iBAAiB,CAAC;IAC5B,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,mBAAmB;IAClC,KAAK,EAAE,OAAO,CAAC;IACf,SAAS,EAAE,MAAM,GAAG,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;IAC3D,UAAU,EAAE,kBAAkB,EAAE,CAAC;IACjC,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC;CACjB;AAkQD;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,IAAI,EAAE,MAAM,GAAG,mBAAmB,CAkElE"}

package/dist/defence/iron-dome/injection-scanner.js ADDED Viewed

@@ -0,0 +1,117 @@
+/**
+ * Iron Dome — Prompt Injection Scanner
+ *
+ * Port of ~/clawd/skills/iron-dome/scripts/scan.py to TypeScript.
+ * Detects prompt injection patterns in text content from untrusted sources
+ * (emails, form submissions, API responses, web pages).
+ */
+const PATTERNS = [];
+function pattern(category, severity, name, description, regex) {
+    PATTERNS.push({ category, severity, name, description, regex });
+}
+// ── Fake system / admin messages ──
+pattern('fake_system_message', 'critical', 'system_prompt_override', 'Attempts to override or replace the system prompt', /(?:new|updated?|revised?|override|replace)\s+(?:system\s+)?(?:prompt|instructions?|rules?|directives?)\s*[:=]/gi);
+pattern('fake_system_message', 'critical', 'system_message_tag', 'Fake system message markers embedded in content', /(?:\[\/?\s*system\s*\]|<\/?\s*system\s*>|<<\s*system\s*>>|---\s*system\s*---|SYSTEM\s*(?:MESSAGE|PROMPT|NOTE|INSTRUCTION)\s*:)/gi);
+pattern('fake_system_message', 'high', 'ignore_previous', 'Instruction to ignore or forget previous context', /(?:ignore|forget|disregard|override|discard|drop|reset)\s+(?:all\s+)?(?:previous|prior|above|earlier|existing|old|original)\s+(?:instructions?|rules?|context|prompts?|directives?|constraints?|guidelines?)/gi);
+pattern('fake_system_message', 'high', 'new_instructions', 'Claims to provide new operating instructions', /(?:from\s+now\s+on|starting\s+now|henceforth|going\s+forward)\s*[,:]?\s*(?:you\s+(?:must|should|will|are|need)|your\s+(?:new|updated?))/gi);
+pattern('fake_system_message', 'high', 'end_of_prompt', 'Fake end-of-prompt markers to inject new context', /(?:---\s*END\s+OF\s+(?:SYSTEM\s+)?(?:PROMPT|INSTRUCTIONS?)|END_INSTRUCTIONS?|<\/instructions?>|={3,}\s*(?:END|STOP))/gi);
+pattern('fake_system_message', 'medium', 'developer_mode', 'Claims to enable special modes or bypass restrictions', /(?:developer|debug|admin|maintenance|test|god|sudo|root|unrestricted|jailbreak)\s*mode\s*(?:enabled|activated|on|engaged)/gi);
+// ── Authority claims ──
+pattern('authority_claim', 'high', 'identity_claim', 'Claims to be an admin, owner, developer, or authority figure', /(?:I\s+am|this\s+is|speaking\s+as|writing\s+as|signed|regards)\s*[,:]?\s*(?:the\s+)?(?:admin(?:istrator)?|owner|developer|creator|operator|manager|ceo|cto|boss|supervisor|root\s+user|system\s+admin)/gi);
+pattern('authority_claim', 'high', 'as_the_authority', 'Uses "as the [role]" to claim authority', /as\s+the\s+(?:admin(?:istrator)?|owner|developer|creator|operator|system\s+(?:admin|operator)|lead|manager|supervisor|principal|head)/gi);
+pattern('authority_claim', 'medium', 'authorised_claim', 'Claims authorisation for an action', /(?:I(?:'m|\s+am)\s+)?(?:author[iy][sz]ed?|permitted|allowed|granted\s+(?:access|permission))\s+(?:to|by|for|from)/gi);
+pattern('authority_claim', 'medium', 'michael_impersonation', 'Claims to be Michael or the user', /(?:(?:this\s+is|I\s+am|it'?s|from)\s+Michael|Michael\s+(?:says?|wants?|told|asked|instructed|requests?|needs?)\s+(?:you\s+)?to)/gi);
+// ── Urgency + secrecy combinations ──
+pattern('urgency_secrecy', 'high', 'urgency_secrecy_combo', 'Combines urgency with secrecy — classic social engineering', /(?:(?:urgent(?:ly)?|immediate(?:ly)?|right\s+now|asap|time[- ]sensitive|critical(?:ly)?|emergency)[\s\S]{0,100}(?:don'?t\s+(?:tell|mention|inform|alert|notify|share)|keep\s+(?:this\s+)?(?:secret|quiet|private|between\s+us|confidential)|do\s*n(?:ot|'t)\s+(?:log|record|audit|report)))|(?:(?:don'?t\s+(?:tell|mention|inform|alert|notify|share)|keep\s+(?:this\s+)?(?:secret|quiet|private|between\s+us|confidential))[\s\S]{0,100}(?:urgent(?:ly)?|immediate(?:ly)?|right\s+now|asap|time[- ]sensitive|critical(?:ly)?|emergency))/gi);
+pattern('urgency_secrecy', 'medium', 'secrecy_instruction', 'Instructions to hide actions or avoid logging', /(?:don'?t|do\s+not|never|avoid)\s+(?:tell|mention|inform|alert|notify|share\s+with|report\s+to|log|record|audit|let\s+(?:anyone|(?:the\s+)?(?:admin|owner|user|michael))\s+know)/gi);
+pattern('urgency_secrecy', 'medium', 'bypass_approval', 'Attempts to skip approval or verification steps', /(?:skip|bypass|ignore|disable|turn\s+off|override|circumvent|avoid)\s+(?:the\s+)?(?:approv(?:al|e)|verif(?:y|ication)|confirm(?:ation)?|review|check|auth(?:entication|orisation)?|gate|filter|scan|iron\s*dome|security)/gi);
+// ── Credential / secret extraction ──
+pattern('credential_extraction', 'critical', 'credential_request', 'Requests passwords, keys, tokens, or secrets', /(?:(?:send|give|share|show|reveal|output|print|display|paste|tell|provide)\s+(?:me\s+)?(?:the\s+)?(?:password|api[- ]?key|secret[- ]?key|token|private[- ]?key|credentials?|auth[- ]?(?:token|key|secret)|ssh[- ]?key|access[- ]?key|master[- ]?key|encryption[- ]?key|certificate|\.env|secret))/gi);
+pattern('credential_extraction', 'critical', 'exfiltration_attempt', 'Attempts to send data to external destinations', /(?:(?:send|forward|post|upload|transmit|exfiltrate|copy|transfer)\s+(?:(?:all|the|this|that|those|your)\s+)?(?:data|info(?:rmation)?|content|email|message|file|log|credential|secret|key|token|password|config)\s+to\s+(?:https?:\/\/|(?:my|this|the)\s+(?:server|endpoint|api|email|address|url)))/gi);
+pattern('credential_extraction', 'high', 'env_file_access', 'Attempts to read sensitive config files', /(?:(?:read|cat|show|display|print|output|open|access|get)\s+(?:the\s+)?(?:\.env|\.ssh|credentials?\.(?:json|yml|yaml|xml|ini|conf)|secret|private\.key|auth\.json|token\.json|config.*(?:password|secret|key)))/gi);
+// ── Instruction injection in data fields ──
+pattern('instruction_injection', 'high', 'instruction_in_data', 'Imperative instructions embedded in what should be data', /(?:^|\n)\s*(?:IMPORTANT|NOTE|INSTRUCTION|ACTION\s*REQUIRED|TASK|TODO|EXECUTE|PERFORM|RUN)\s*:\s*(?:you\s+(?:must|should|need\s+to|have\s+to)|please\s+(?:do|run|execute|send|delete|modify|change))/gi);
+pattern('instruction_injection', 'high', 'ai_directive', 'Directives addressed to the AI/assistant/agent', /(?:dear\s+(?:ai|assistant|agent|bot|model|llm|gpt|claude|jarvis)|(?:hey|hi|hello)\s+(?:ai|assistant|agent|bot|model))\s*[,:]?\s*(?:please|you\s+(?:must|should|need)|I\s+(?:need|want)\s+you\s+to)/gi);
+pattern('instruction_injection', 'medium', 'hidden_instruction', 'Instructions disguised with special formatting or whitespace', /(?:\[INST\]|\[\/INST\]|<\|(?:im_start|im_end|system|user|assistant)\|>|###\s*(?:System|Instruction|Human|Assistant)\s*:)/gi);
+pattern('instruction_injection', 'medium', 'email_injection', 'Email body containing commands for the processing agent', /(?:when\s+(?:you|the\s+(?:ai|agent|assistant|bot))\s+(?:read|process|receive|see|get)\s+this|if\s+(?:an?\s+)?(?:ai|agent|assistant|bot)\s+(?:is\s+)?(?:reading|processing|scanning)\s+this)/gi);
+// ── Encoding / obfuscation tricks ──
+pattern('encoding_trick', 'medium', 'base64_instruction', 'Base64-encoded content that may hide instructions', /(?:decode|execute|run|follow|process)\s+(?:this\s+)?(?:base64|encoded|b64)\s*:\s*[A-Za-z0-9+/]{20,}={0,2}/gi);
+pattern('encoding_trick', 'medium', 'unicode_obfuscation', 'Zero-width or special unicode characters used for obfuscation', /[\u200b\u200c\u200d\u200e\u200f\u2060\u2061\u2062\u2063\u2064\ufeff]{2,}/g);
+pattern('encoding_trick', 'low', 'rot13_instruction', 'ROT13-encoded instructions', /(?:rot13|decode|decipher)\s*:\s*[a-zA-Z\s]{10,}/gi);
+// ── Role manipulation ──
+pattern('role_manipulation', 'high', 'roleplay_injection', 'Attempts to get the agent to adopt a different role', /(?:you\s+are\s+(?:now|no\s+longer)\s+(?:a|an|the)\s+|pretend\s+(?:you(?:'re|\s+are)\s+|to\s+be\s+)|act\s+as\s+(?:if\s+you(?:'re|\s+are)\s+)?(?:a|an|the)\s+|roleplay\s+as|your\s+new\s+(?:role|identity|persona)\s+is)/gi);
+pattern('role_manipulation', 'high', 'constraint_removal', 'Attempts to remove safety constraints or rules', /(?:you\s+(?:don'?t|do\s+not)\s+(?:have|need)\s+(?:any\s+)?(?:rules?|constraints?|restrictions?|limitations?|guidelines?|boundaries?))|(?:(?:remove|disable|turn\s+off|drop|ignore)\s+(?:all\s+)?(?:your\s+)?(?:safety|security|content)?\s*(?:rules?|filters?|constraints?|restrictions?|limitations?|guidelines?|guardrails?|boundaries?))/gi);
+// ── Context escape ──
+pattern('context_escape', 'high', 'conversation_reset', 'Attempts to reset the conversation or start a new context', /(?:(?:new|fresh|clean)\s+conversation|conversation\s+(?:reset|restart)|start(?:ing)?\s+(?:over|fresh|new\s+(?:session|conversation))|clear\s+(?:context|history|memory|conversation))/gi);
+pattern('context_escape', 'medium', 'output_format_hijack', 'Attempts to control the output format for injection', /(?:respond\s+(?:only\s+)?with|your\s+(?:only\s+)?(?:response|output|reply)\s+(?:should|must|will)\s+be|output\s+(?:exactly|only|nothing\s+(?:but|except))|say\s+(?:only|exactly|nothing\s+(?:but|except)))\s+/gi);
+// ── Scanner ──
+/**
+ * Scan text for prompt injection patterns.
+ */
+export function scanForInjection(text) {
+    const detections = [];
+    for (const pat of PATTERNS) {
+        // Reset lastIndex for global regexes
+        pat.regex.lastIndex = 0;
+        let match;
+        while ((match = pat.regex.exec(text)) !== null) {
+            detections.push({
+                category: pat.category,
+                severity: pat.severity,
+                pattern: pat.name,
+                match: match[0].trim().slice(0, 200),
+                description: pat.description,
+            });
+        }
+    }
+    // Deduplicate: same category + pattern + overlapping matched text
+    const seen = new Set();
+    const unique = [];
+    for (const d of detections) {
+        const key = `${d.category}:${d.pattern}:${d.match.slice(0, 80)}`;
+        if (!seen.has(key)) {
+            seen.add(key);
+            unique.push(d);
+        }
+    }
+    // Determine overall risk level
+    let riskLevel = 'NONE';
+    if (unique.length > 0) {
+        const severities = unique.map(d => d.severity);
+        if (severities.includes('critical')) {
+            riskLevel = 'CRITICAL';
+        }
+        else if (severities.includes('high')) {
+            riskLevel = 'HIGH';
+        }
+        else if (severities.includes('medium')) {
+            riskLevel = 'MEDIUM';
+        }
+        else {
+            riskLevel = 'LOW';
+        }
+    }
+    // Build summary
+    let summary;
+    if (unique.length === 0) {
+        summary = 'No prompt injection patterns detected.';
+    }
+    else {
+        const cats = {};
+        for (const d of unique) {
+            cats[d.category] = (cats[d.category] ?? 0) + 1;
+        }
+        const parts = Object.entries(cats)
+            .sort(([a], [b]) => a.localeCompare(b))
+            .map(([k, v]) => `${v}x ${k}`);
+        summary = `${unique.length} detection(s): ${parts.join(', ')}`;
+    }
+    return {
+        clean: unique.length === 0,
+        riskLevel,
+        detections: unique,
+        textLength: text.length,
+        summary,
+    };
+}
+//# sourceMappingURL=injection-scanner.js.map

package/dist/defence/iron-dome/injection-scanner.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"injection-scanner.js","sourceRoot":"","sources":["../../../src/defence/iron-dome/injection-scanner.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AA0CH,MAAM,QAAQ,GAAiB,EAAE,CAAC;AAElC,SAAS,OAAO,CACd,QAA2B,EAC3B,QAA2B,EAC3B,IAAY,EACZ,WAAmB,EACnB,KAAa;IAEb,QAAQ,CAAC,IAAI,CAAC,EAAE,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,WAAW,EAAE,KAAK,EAAE,CAAC,CAAC;AAClE,CAAC;AAED,qCAAqC;AAErC,OAAO,CACL,qBAAqB,EACrB,UAAU,EACV,wBAAwB,EACxB,mDAAmD,EACnD,iHAAiH,CAClH,CAAC;AAEF,OAAO,CACL,qBAAqB,EACrB,UAAU,EACV,oBAAoB,EACpB,iDAAiD,EACjD,kIAAkI,CACnI,CAAC;AAEF,OAAO,CACL,qBAAqB,EACrB,MAAM,EACN,iBAAiB,EACjB,kDAAkD,EAClD,gNAAgN,CACjN,CAAC;AAEF,OAAO,CACL,qBAAqB,EACrB,MAAM,EACN,kBAAkB,EAClB,8CAA8C,EAC9C,2IAA2I,CAC5I,CAAC;AAEF,OAAO,CACL,qBAAqB,EACrB,MAAM,EACN,eAAe,EACf,kDAAkD,EAClD,wHAAwH,CACzH,CAAC;AAEF,OAAO,CACL,qBAAqB,EACrB,QAAQ,EACR,gBAAgB,EAChB,uDAAuD,EACvD,6HAA6H,CAC9H,CAAC;AAEF,yBAAyB;AAEzB,OAAO,CACL,iBAAiB,EACjB,MAAM,EACN,gBAAgB,EAChB,8DAA8D,EAC9D,0MAA0M,CAC3M,CAAC;AAEF,OAAO,CACL,iBAAiB,EACjB,MAAM,EACN,kBAAkB,EAClB,yCAAyC,EACzC,yIAAyI,CAC1I,CAAC;AAEF,OAAO,CACL,iBAAiB,EACjB,QAAQ,EACR,kBAAkB,EAClB,oCAAoC,EACpC,qHAAqH,CACtH,CAAC;AAEF,OAAO,CACL,iBAAiB,EACjB,QAAQ,EACR,uBAAuB,EACvB,kCAAkC,EAClC,mIAAmI,CACpI,CAAC;AAEF,uCAAuC;AAEvC,OAAO,CACL,iBAAiB,EACjB,MAAM,EACN,uBAAuB,EACvB,4DAA4D,EAC5D,6gBAA6gB,CAC9gB,CAAC;AAEF,OAAO,CACL,iBAAiB,EACjB,QAAQ,EACR,qBAAqB,EACrB,+CAA+C,EAC/C,oLAAoL,CACrL,CAAC;AAEF,OAAO,CACL,iBAAiB,EACjB,QAAQ,EACR,iBAAiB,EACjB,iDAAiD,EACjD,6NAA6N,CAC9N,CAAC;AAEF,uCAAuC;AAEvC,OAAO,CACL,uBAAuB,EACvB,UAAU,EACV,oBAAoB,EACpB,8CAA8C,EAC9C,qSAAqS,CACtS,CAAC;AAEF,OAAO,CACL,uBAAuB,EACvB,UAAU,EACV,sBAAsB,EACtB,gDAAgD,EAChD,wSAAwS,CACzS,CAAC;AAEF,OAAO,CACL,uBAAuB,EACvB,MAAM,EACN,iBAAiB,EACjB,yCAAyC,EACzC,mNAAmN,CACpN,CAAC;AAEF,6CAA6C;AAE7C,OAAO,CACL,uBAAuB,EACvB,MAAM,EACN,qBAAqB,EACrB,yDAAyD,EACzD,uMAAuM,CACxM,CAAC;AAEF,OAAO,CACL,uBAAuB,EACvB,MAAM,EACN,cAAc,EACd,gDAAgD,EAChD,sMAAsM,CACvM,CAAC;AAEF,OAAO,CACL,uBAAuB,EACvB,QAAQ,EACR,oBAAoB,EACpB,8DAA8D,EAC9D,4HAA4H,CAC7H,CAAC;AAEF,OAAO,CACL,uBAAuB,EACvB,QAAQ,EACR,iBAAiB,EACjB,yDAAyD,EACzD,+LAA+L,CAChM,CAAC;AAEF,sCAAsC;AAEtC,OAAO,CACL,gBAAgB,EAChB,QAAQ,EACR,oBAAoB,EACpB,mDAAmD,EACnD,6GAA6G,CAC9G,CAAC;AAEF,OAAO,CACL,gBAAgB,EAChB,QAAQ,EACR,qBAAqB,EACrB,+DAA+D,EAC/D,2EAA2E,CAC5E,CAAC;AAEF,OAAO,CACL,gBAAgB,EAChB,KAAK,EACL,mBAAmB,EACnB,4BAA4B,EAC5B,mDAAmD,CACpD,CAAC;AAEF,0BAA0B;AAE1B,OAAO,CACL,mBAAmB,EACnB,MAAM,EACN,oBAAoB,EACpB,qDAAqD,EACrD,0NAA0N,CAC3N,CAAC;AAEF,OAAO,CACL,mBAAmB,EACnB,MAAM,EACN,oBAAoB,EACpB,gDAAgD,EAChD,+UAA+U,CAChV,CAAC;AAEF,uBAAuB;AAEvB,OAAO,CACL,gBAAgB,EAChB,MAAM,EACN,oBAAoB,EACpB,2DAA2D,EAC3D,yLAAyL,CAC1L,CAAC;AAEF,OAAO,CACL,gBAAgB,EAChB,QAAQ,EACR,sBAAsB,EACtB,qDAAqD,EACrD,iNAAiN,CAClN,CAAC;AAEF,gBAAgB;AAEhB;;GAEG;AACH,MAAM,UAAU,gBAAgB,CAAC,IAAY;IAC3C,MAAM,UAAU,GAAyB,EAAE,CAAC;IAE5C,KAAK,MAAM,GAAG,IAAI,QAAQ,EAAE,CAAC;QAC3B,qCAAqC;QACrC,GAAG,CAAC,KAAK,CAAC,SAAS,GAAG,CAAC,CAAC;QACxB,IAAI,KAA6B,CAAC;QAClC,OAAO,CAAC,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YAC/C,UAAU,CAAC,IAAI,CAAC;gBACd,QAAQ,EAAE,GAAG,CAAC,QAAQ;gBACtB,QAAQ,EAAE,GAAG,CAAC,QAAQ;gBACtB,OAAO,EAAE,GAAG,CAAC,IAAI;gBACjB,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;gBACpC,WAAW,EAAE,GAAG,CAAC,WAAW;aAC7B,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,kEAAkE;IAClE,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;IAC/B,MAAM,MAAM,GAAyB,EAAE,CAAC;IACxC,KAAK,MAAM,CAAC,IAAI,UAAU,EAAE,CAAC;QAC3B,MAAM,GAAG,GAAG,GAAG,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,OAAO,IAAI,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC;QACjE,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;YACnB,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;YACd,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACjB,CAAC;IACH,CAAC;IAED,+BAA+B;IAC/B,IAAI,SAAS,GAAqC,MAAM,CAAC;IACzD,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACtB,MAAM,UAAU,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;QAC/C,IAAI,UAAU,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;YACpC,SAAS,GAAG,UAAU,CAAC;QACzB,CAAC;aAAM,IAAI,UAAU,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YACvC,SAAS,GAAG,MAAM,CAAC;QACrB,CAAC;aAAM,IAAI,UAAU,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;YACzC,SAAS,GAAG,QAAQ,CAAC;QACvB,CAAC;aAAM,CAAC;YACN,SAAS,GAAG,KAAK,CAAC;QACpB,CAAC;IACH,CAAC;IAED,gBAAgB;IAChB,IAAI,OAAe,CAAC;IACpB,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACxB,OAAO,GAAG,wCAAwC,CAAC;IACrD,CAAC;SAAM,CAAC;QACN,MAAM,IAAI,GAA2B,EAAE,CAAC;QACxC,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE,CAAC;YACvB,IAAI,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;QACjD,CAAC;QACD,MAAM,KAAK,GAAG,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC;aAC/B,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC;aACtC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;QACjC,OAAO,GAAG,GAAG,MAAM,CAAC,MAAM,kBAAkB,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;IACjE,CAAC;IAED,OAAO;QACL,KAAK,EAAE,MAAM,CAAC,MAAM,KAAK,CAAC;QAC1B,SAAS;QACT,UAAU,EAAE,MAAM;QAClB,UAAU,EAAE,IAAI,CAAC,MAAM;QACvB,OAAO;KACR,CAAC;AACJ,CAAC"}

package/dist/defence/iron-dome/kill-switch.d.ts ADDED Viewed

@@ -0,0 +1,16 @@
+/**
+ * Iron Dome — Kill Switch
+ *
+ * Handles kill phrase detection. When the kill phrase is detected
+ * in input, Iron Dome immediately halts all processing.
+ */
+import type { IronDomeConfig } from './config.js';
+export interface KillSwitchResult {
+    triggered: boolean;
+    phrase: string;
+}
+/**
+ * Check if the input contains the kill phrase.
+ */
+export declare function handleKillPhrase(input: string, config: IronDomeConfig): KillSwitchResult;
+//# sourceMappingURL=kill-switch.d.ts.map