sovr-mcp-proxy 7.0.0 → 7.1.0

package/dist/semanticAnalyzer.js

@@ -0,0 +1,701 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/semanticAnalyzer.ts
+var semanticAnalyzer_exports = {};
+__export(semanticAnalyzer_exports, {
+  SemanticAnalyzer: () => SemanticAnalyzer,
+  createParanoidAnalyzer: () => createParanoidAnalyzer,
+  createSemanticAnalyzer: () => createSemanticAnalyzer
+});
+module.exports = __toCommonJS(semanticAnalyzer_exports);
+var BUILTIN_RULES = [
+  // ── Data Destruction ──
+  {
+    id: "destroy-rm-rf",
+    name: "Recursive file deletion",
+    category: "data_destruction",
+    patterns: [
+      { type: "regex", value: "rm\\s+(-[a-zA-Z]*r[a-zA-Z]*f|--recursive)\\s", target: "command" },
+      { type: "regex", value: "rm\\s+(-[a-zA-Z]*f[a-zA-Z]*r)\\s", target: "command" },
+      { type: "keyword", value: "shred", target: "command" },
+      { type: "keyword", value: "wipe", target: "command" }
+    ],
+    riskLevel: "critical",
+    priority: 100,
+    polarity: "negative"
+  },
+  {
+    id: "destroy-db-drop",
+    name: "Database destruction",
+    category: "data_destruction",
+    patterns: [
+      { type: "regex", value: "DROP\\s+(TABLE|DATABASE|SCHEMA|INDEX)", target: "arguments", caseSensitive: false },
+      { type: "regex", value: "TRUNCATE\\s+TABLE", target: "arguments", caseSensitive: false },
+      { type: "regex", value: "DELETE\\s+FROM\\s+\\w+\\s*$", target: "arguments", caseSensitive: false }
+      // DELETE without WHERE
+    ],
+    riskLevel: "critical",
+    priority: 100,
+    polarity: "negative"
+  },
+  {
+    id: "destroy-format",
+    name: "Disk formatting",
+    category: "data_destruction",
+    patterns: [
+      { type: "regex", value: "mkfs\\.", target: "command" },
+      { type: "regex", value: "dd\\s+.*of=/dev/", target: "command" },
+      { type: "regex", value: "format\\s+[A-Z]:", target: "command", caseSensitive: false }
+    ],
+    riskLevel: "critical",
+    priority: 100,
+    polarity: "negative"
+  },
+  {
+    id: "destroy-find-delete",
+    name: "Find and delete (rm -rf equivalent)",
+    category: "data_destruction",
+    patterns: [
+      { type: "regex", value: "find\\s+.*-delete", target: "command" },
+      { type: "regex", value: "find\\s+.*-exec\\s+rm", target: "command" },
+      { type: "regex", value: "xargs\\s+rm", target: "command" }
+    ],
+    riskLevel: "dangerous",
+    priority: 95,
+    polarity: "negative"
+  },
+  // ── Data Exfiltration ──
+  {
+    id: "exfil-curl-post",
+    name: "Data upload via curl/wget",
+    category: "data_exfiltration",
+    patterns: [
+      { type: "regex", value: "curl\\s+.*(-d|--data|--upload-file|-F|--form)\\s", target: "command" },
+      { type: "regex", value: "curl\\s+.*-X\\s*(POST|PUT)", target: "command", caseSensitive: false },
+      { type: "regex", value: "wget\\s+.*--post", target: "command" }
+    ],
+    riskLevel: "suspicious",
+    priority: 80,
+    polarity: "negative"
+  },
+  {
+    id: "exfil-pipe-network",
+    name: "Piping data to network",
+    category: "data_exfiltration",
+    patterns: [
+      { type: "regex", value: "cat\\s+.*\\|\\s*(nc|netcat|curl|wget)", target: "command" },
+      { type: "regex", value: "(tar|zip|gzip)\\s+.*\\|\\s*(nc|curl)", target: "command" },
+      { type: "regex", value: "base64\\s+.*\\|\\s*curl", target: "command" }
+    ],
+    riskLevel: "dangerous",
+    priority: 90,
+    polarity: "negative"
+  },
+  {
+    id: "exfil-dns",
+    name: "DNS exfiltration",
+    category: "data_exfiltration",
+    patterns: [
+      { type: "regex", value: "dig\\s+.*\\$\\(", target: "command" },
+      { type: "regex", value: "nslookup\\s+.*\\$\\(", target: "command" }
+    ],
+    riskLevel: "critical",
+    priority: 95,
+    polarity: "negative"
+  },
+  // ── Privilege Escalation ──
+  {
+    id: "privesc-sudo",
+    name: "Privilege escalation via sudo",
+    category: "privilege_escalation",
+    patterns: [
+      { type: "regex", value: "sudo\\s+", target: "command" },
+      { type: "regex", value: "su\\s+-", target: "command" },
+      { type: "keyword", value: "doas", target: "command" }
+    ],
+    riskLevel: "dangerous",
+    priority: 85,
+    polarity: "negative"
+  },
+  {
+    id: "privesc-chmod",
+    name: "Permission modification",
+    category: "privilege_escalation",
+    patterns: [
+      { type: "regex", value: "chmod\\s+(777|\\+s|u\\+s|g\\+s)", target: "command" },
+      { type: "regex", value: "chown\\s+root", target: "command" },
+      { type: "regex", value: "setuid", target: "command" }
+    ],
+    riskLevel: "dangerous",
+    priority: 85,
+    polarity: "negative"
+  },
+  // ── Code Execution ──
+  {
+    id: "exec-remote",
+    name: "Remote code execution",
+    category: "code_execution",
+    patterns: [
+      { type: "regex", value: "curl\\s+.*\\|\\s*(sh|bash|python|node|perl|ruby)", target: "command" },
+      { type: "regex", value: "wget\\s+.*\\|\\s*(sh|bash)", target: "command" },
+      { type: "regex", value: "eval\\s*\\(", target: "arguments" },
+      { type: "regex", value: "exec\\s*\\(", target: "arguments" }
+    ],
+    riskLevel: "critical",
+    priority: 100,
+    polarity: "negative"
+  },
+  {
+    id: "exec-obfuscated",
+    name: "Obfuscated execution",
+    category: "code_execution",
+    patterns: [
+      { type: "regex", value: "\\$\\(.*\\)", target: "command" },
+      { type: "regex", value: "`[^`]+`", target: "command" },
+      { type: "regex", value: "base64\\s+(-d|--decode)", target: "command" },
+      { type: "regex", value: "\\\\x[0-9a-fA-F]{2}", target: "arguments" }
+    ],
+    riskLevel: "suspicious",
+    priority: 75,
+    polarity: "negative"
+  },
+  // ── Credential Access ──
+  {
+    id: "cred-env",
+    name: "Environment variable access",
+    category: "credential_access",
+    patterns: [
+      { type: "regex", value: "\\$\\{?(API_KEY|SECRET|TOKEN|PASSWORD|CREDENTIAL)", target: "command", caseSensitive: false },
+      { type: "regex", value: "printenv|env\\s*$", target: "command" },
+      { type: "regex", value: "cat\\s+.*\\.(env|secret|key|pem|crt)", target: "command" }
+    ],
+    riskLevel: "dangerous",
+    priority: 90,
+    polarity: "negative"
+  },
+  {
+    id: "cred-ssh",
+    name: "SSH key access",
+    category: "credential_access",
+    patterns: [
+      { type: "regex", value: "cat\\s+.*\\.ssh/(id_rsa|id_ed25519|authorized_keys)", target: "command" },
+      { type: "regex", value: "ssh-keygen", target: "command" }
+    ],
+    riskLevel: "dangerous",
+    priority: 85,
+    polarity: "negative"
+  },
+  // ── Financial Operations ──
+  {
+    id: "finance-payment",
+    name: "Payment/transfer operation",
+    category: "financial_operation",
+    patterns: [
+      { type: "keyword", value: "payment", target: "tool_name" },
+      { type: "keyword", value: "transfer", target: "tool_name" },
+      { type: "keyword", value: "checkout", target: "tool_name" },
+      { type: "keyword", value: "invoice", target: "tool_name" },
+      { type: "regex", value: "stripe|paypal|braintree", target: "arguments", caseSensitive: false }
+    ],
+    riskLevel: "dangerous",
+    priority: 90,
+    polarity: "negative"
+  },
+  // ── System Modification ──
+  {
+    id: "sysmod-service",
+    name: "System service modification",
+    category: "system_modification",
+    patterns: [
+      { type: "regex", value: "systemctl\\s+(stop|disable|mask|restart)", target: "command" },
+      { type: "regex", value: "service\\s+\\w+\\s+(stop|restart)", target: "command" },
+      { type: "regex", value: "kill\\s+-9", target: "command" },
+      { type: "regex", value: "pkill", target: "command" }
+    ],
+    riskLevel: "suspicious",
+    priority: 70,
+    polarity: "negative"
+  },
+  {
+    id: "sysmod-cron",
+    name: "Cron job modification",
+    category: "system_modification",
+    patterns: [
+      { type: "regex", value: "crontab\\s+-[er]", target: "command" },
+      { type: "regex", value: "/etc/cron", target: "command" }
+    ],
+    riskLevel: "dangerous",
+    priority: 80,
+    polarity: "negative"
+  },
+  // ── Read-Only (Positive) ──
+  {
+    id: "readonly-safe",
+    name: "Safe read-only commands",
+    category: "read_only",
+    patterns: [
+      { type: "regex", value: "^(ls|cat|head|tail|grep|find|echo|pwd|whoami|date|wc|file|stat|du|df|uptime|hostname)\\b", target: "command" },
+      { type: "regex", value: "^SELECT\\s", target: "arguments", caseSensitive: false }
+    ],
+    riskLevel: "safe",
+    priority: 50,
+    polarity: "positive"
+  },
+  {
+    id: "readonly-git",
+    name: "Safe git read operations",
+    category: "read_only",
+    patterns: [
+      { type: "regex", value: "git\\s+(status|log|diff|show|branch|remote|tag)\\b", target: "command" }
+    ],
+    riskLevel: "safe",
+    priority: 50,
+    polarity: "positive"
+  }
+];
+function analyzeStructure(command) {
+  const structure = {
+    baseCommand: "",
+    args: [],
+    pipeChain: [],
+    redirections: [],
+    subshells: [],
+    envVars: [],
+    filePaths: [],
+    networkTargets: [],
+    isWrapped: false,
+    complexity: 0
+  };
+  const wrapMatch = command.match(/^(bash|sh|zsh|dash|ksh)\s+(-c\s+)?["'](.+)["']$/);
+  if (wrapMatch) {
+    structure.isWrapped = true;
+    structure.complexity += 20;
+    const inner = analyzeStructure(wrapMatch[3]);
+    return { ...inner, isWrapped: true, complexity: inner.complexity + 20 };
+  }
+  structure.pipeChain = command.split(/\s*\|\s*/).map((s) => s.trim()).filter(Boolean);
+  structure.complexity += (structure.pipeChain.length - 1) * 10;
+  const firstCmd = structure.pipeChain[0] || command;
+  const parts = firstCmd.split(/\s+/);
+  structure.baseCommand = parts[0] || "";
+  structure.args = parts.slice(1);
+  const redirectMatches = command.match(/[12]?>>?\s*\S+/g);
+  if (redirectMatches) {
+    structure.redirections = redirectMatches;
+    structure.complexity += redirectMatches.length * 5;
+  }
+  const subshellMatches = command.match(/\$\([^)]+\)/g);
+  if (subshellMatches) {
+    structure.subshells = subshellMatches;
+    structure.complexity += subshellMatches.length * 15;
+  }
+  const backtickMatches = command.match(/`[^`]+`/g);
+  if (backtickMatches) {
+    structure.subshells.push(...backtickMatches);
+    structure.complexity += backtickMatches.length * 15;
+  }
+  const envMatches = command.match(/\$\{?\w+\}?/g);
+  if (envMatches) {
+    structure.envVars = envMatches;
+    structure.complexity += envMatches.length * 3;
+  }
+  const pathMatches = command.match(/(?:\/[\w.-]+)+/g);
+  if (pathMatches) {
+    structure.filePaths = pathMatches;
+  }
+  const urlMatches = command.match(/https?:\/\/[^\s'"]+/g);
+  if (urlMatches) {
+    structure.networkTargets = urlMatches;
+    structure.complexity += urlMatches.length * 5;
+  }
+  const ipMatches = command.match(/\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}/g);
+  if (ipMatches) {
+    structure.networkTargets.push(...ipMatches);
+    structure.complexity += ipMatches.length * 5;
+  }
+  return structure;
+}
+function structuralRiskAssessment(structure) {
+  const findings = [];
+  let riskScore = 0;
+  if (structure.isWrapped) {
+    findings.push("Command is wrapped in bash -c (possible obfuscation)");
+    riskScore += 20;
+  }
+  if (structure.pipeChain.length > 3) {
+    findings.push(`Complex pipe chain (${structure.pipeChain.length} stages)`);
+    riskScore += 15;
+  }
+  if (structure.subshells.length > 0) {
+    findings.push(`Command substitution detected (${structure.subshells.length} instances)`);
+    riskScore += structure.subshells.length * 10;
+  }
+  const sensitivePaths = structure.filePaths.filter(
+    (p) => /\/(etc|root|\.ssh|\.gnupg|\.aws|\.config|proc|sys|dev)\//.test(p)
+  );
+  if (sensitivePaths.length > 0) {
+    findings.push(`Sensitive paths accessed: ${sensitivePaths.join(", ")}`);
+    riskScore += sensitivePaths.length * 15;
+  }
+  if (structure.networkTargets.length > 0) {
+    findings.push(`Network targets: ${structure.networkTargets.join(", ")}`);
+    riskScore += 10;
+  }
+  if (structure.complexity > 50) {
+    findings.push(`High command complexity (score: ${structure.complexity})`);
+    riskScore += 10;
+  }
+  if (structure.redirections.length > 1) {
+    findings.push(`Multiple redirections (${structure.redirections.length})`);
+    riskScore += 5;
+  }
+  riskScore = Math.min(riskScore, 100);
+  let riskLevel;
+  if (riskScore < 20) riskLevel = "safe";
+  else if (riskScore < 45) riskLevel = "suspicious";
+  else if (riskScore < 70) riskLevel = "dangerous";
+  else riskLevel = "critical";
+  return {
+    riskLevel,
+    riskScore,
+    confidence: 0.7,
+    // Structural analysis has moderate confidence
+    findings
+  };
+}
+function buildLLMPrompt(toolName, args, context) {
+  return `You are SOVR Security Analyzer. Analyze this AI agent tool call for security risks.
+
+TOOL: ${toolName}
+ARGUMENTS: ${JSON.stringify(args, null, 2)}
+
+PRIOR ANALYSIS:
+- Rule-based risk: ${context.ruleResult.riskLevel} (score: ${context.ruleResult.riskScore})
+  Findings: ${context.ruleResult.findings.join("; ") || "none"}
+- Structural risk: ${context.structuralResult.riskLevel} (score: ${context.structuralResult.riskScore})
+  Findings: ${context.structuralResult.findings.join("; ") || "none"}
+
+Respond in JSON format ONLY:
+{
+  "intent": "brief description of what this command intends to do",
+  "riskLevel": "safe|suspicious|dangerous|critical",
+  "confidence": 0.0-1.0,
+  "reasoning": "explain your assessment"
+}
+
+Rules:
+- Focus on INTENT, not just syntax
+- Consider if the command could be a disguised destructive operation
+- "safe" = read-only or benign modification
+- "suspicious" = could be harmful but has legitimate uses
+- "dangerous" = likely harmful, should require approval
+- "critical" = almost certainly destructive or exfiltrating`;
+}
+var SemanticAnalyzer = class {
+  config;
+  rules;
+  constructor(config = {}) {
+    this.config = {
+      enableLLM: config.enableLLM ?? false,
+      llmProvider: config.llmProvider,
+      llmTriggerThreshold: config.llmTriggerThreshold ?? 40,
+      llmTimeout: config.llmTimeout ?? 1e4,
+      customRules: config.customRules ?? [],
+      enableStructural: config.enableStructural ?? true,
+      sensitivity: config.sensitivity ?? "medium"
+    };
+    this.rules = [...BUILTIN_RULES, ...this.config.customRules].sort((a, b) => b.priority - a.priority);
+  }
+  /**
+   * Analyze a tool call for security risks.
+   * Returns a comprehensive analysis result with multi-layer findings.
+   */
+  async analyze(toolName, args) {
+    const startTime = Date.now();
+    const ruleResult = this.analyzeWithRules(toolName, args);
+    let structuralResult = { riskLevel: "safe", riskScore: 0, confidence: 0, findings: [] };
+    if (this.config.enableStructural) {
+      const command = this.extractCommand(toolName, args);
+      if (command) {
+        const structure = analyzeStructure(command);
+        structuralResult = structuralRiskAssessment(structure);
+      }
+    }
+    let llmResult;
+    const combinedScore = Math.max(ruleResult.riskScore, structuralResult.riskScore);
+    if (this.config.enableLLM && this.config.llmProvider && combinedScore >= this.config.llmTriggerThreshold && combinedScore < 80) {
+      try {
+        const prompt = buildLLMPrompt(toolName, args, { ruleResult, structuralResult });
+        const judgment = await this.config.llmProvider.analyze(prompt, this.config.llmTimeout);
+        llmResult = {
+          riskLevel: judgment.riskLevel,
+          riskScore: this.riskLevelToScore(judgment.riskLevel),
+          confidence: judgment.confidence,
+          findings: [`LLM intent: ${judgment.intent}`, `LLM reasoning: ${judgment.reasoning}`]
+        };
+      } catch {
+        llmResult = void 0;
+      }
+    }
+    const intents = this.collectIntents(ruleResult, structuralResult, llmResult);
+    const finalResult = this.combineResults(ruleResult, structuralResult, llmResult);
+    return {
+      ...finalResult,
+      intents,
+      layers: {
+        rules: ruleResult,
+        structural: structuralResult,
+        llm: llmResult
+      },
+      durationMs: Date.now() - startTime
+    };
+  }
+  /** Quick synchronous check (Layer 1 only, for hot path) */
+  quickCheck(toolName, args) {
+    const result = this.analyzeWithRules(toolName, args);
+    return {
+      riskLevel: result.riskLevel,
+      riskScore: result.riskScore,
+      topFinding: result.findings[0] || "No findings"
+    };
+  }
+  /** Add custom rules at runtime */
+  addRule(rule) {
+    this.rules.push(rule);
+    this.rules.sort((a, b) => b.priority - a.priority);
+  }
+  /** Get all active rules */
+  getRules() {
+    return [...this.rules];
+  }
+  // ─── Private ─────────────────────────────────────────────────────────────
+  analyzeWithRules(toolName, args) {
+    const findings = [];
+    let maxRiskScore = 0;
+    let maxRiskLevel = "safe";
+    let hasPositiveMatch = false;
+    const argsStr = JSON.stringify(args);
+    const command = this.extractCommand(toolName, args);
+    for (const rule of this.rules) {
+      let matched = false;
+      for (const pattern of rule.patterns) {
+        const target = this.getPatternTarget(pattern.target, toolName, command, argsStr);
+        if (!target) continue;
+        switch (pattern.type) {
+          case "regex": {
+            const flags = pattern.caseSensitive === false ? "i" : "";
+            const regex = new RegExp(pattern.value, flags);
+            if (regex.test(target)) matched = true;
+            break;
+          }
+          case "keyword": {
+            const searchIn = pattern.caseSensitive ? target : target.toLowerCase();
+            const searchFor = pattern.caseSensitive ? pattern.value : pattern.value.toLowerCase();
+            if (searchIn.includes(searchFor)) matched = true;
+            break;
+          }
+          case "sequence": {
+            const keywords = pattern.value.split(",").map((k) => k.trim());
+            let lastIndex = -1;
+            let allFound = true;
+            for (const kw of keywords) {
+              const idx = target.indexOf(kw, lastIndex + 1);
+              if (idx === -1) {
+                allFound = false;
+                break;
+              }
+              lastIndex = idx;
+            }
+            if (allFound) matched = true;
+            break;
+          }
+        }
+        if (matched) break;
+      }
+      if (matched) {
+        if (rule.polarity === "positive") {
+          hasPositiveMatch = true;
+          findings.push(`\u2713 ${rule.name}`);
+        } else {
+          findings.push(`\u2717 ${rule.name} [${rule.riskLevel}]`);
+          const ruleScore = this.riskLevelToScore(rule.riskLevel);
+          if (ruleScore > maxRiskScore) {
+            maxRiskScore = ruleScore;
+            maxRiskLevel = rule.riskLevel;
+          }
+        }
+      }
+    }
+    maxRiskScore = this.applySensitivity(maxRiskScore);
+    if (hasPositiveMatch && maxRiskScore === 0) {
+      return { riskLevel: "safe", riskScore: 0, confidence: 0.9, findings };
+    }
+    return {
+      riskLevel: maxRiskLevel,
+      riskScore: maxRiskScore,
+      confidence: findings.length > 0 ? 0.85 : 0.5,
+      findings
+    };
+  }
+  extractCommand(toolName, args) {
+    for (const key of ["command", "cmd", "query", "sql", "script", "code", "input"]) {
+      if (typeof args[key] === "string") return args[key];
+    }
+    if (["bash", "shell", "exec", "run_command"].includes(toolName.toLowerCase())) {
+      const firstStr = Object.values(args).find((v) => typeof v === "string");
+      if (firstStr) return firstStr;
+    }
+    return null;
+  }
+  getPatternTarget(target, toolName, command, argsStr) {
+    switch (target) {
+      case "tool_name":
+        return toolName;
+      case "command":
+        return command;
+      case "arguments":
+        return argsStr;
+      case "full_context":
+        return `${toolName} ${command || ""} ${argsStr}`;
+      default:
+        return null;
+    }
+  }
+  riskLevelToScore(level) {
+    switch (level) {
+      case "safe":
+        return 0;
+      case "suspicious":
+        return 35;
+      case "dangerous":
+        return 65;
+      case "critical":
+        return 90;
+      default:
+        return 50;
+    }
+  }
+  applySensitivity(score) {
+    switch (this.config.sensitivity) {
+      case "low":
+        return Math.max(0, score - 15);
+      case "medium":
+        return score;
+      case "high":
+        return Math.min(100, score + 10);
+      case "paranoid":
+        return Math.min(100, score + 25);
+    }
+  }
+  collectIntents(ruleResult, structuralResult, llmResult) {
+    const intents = [];
+    for (const finding of ruleResult.findings) {
+      if (finding.startsWith("\u2717")) {
+        const match = finding.match(/✗ (.+) \[(\w+)\]/);
+        if (match) {
+          intents.push({
+            category: "code_execution",
+            // Simplified — real impl would map from rule
+            description: match[1],
+            confidence: ruleResult.confidence,
+            source: "rule",
+            evidence: [finding]
+          });
+        }
+      }
+    }
+    for (const finding of structuralResult.findings) {
+      intents.push({
+        category: "code_execution",
+        description: finding,
+        confidence: structuralResult.confidence,
+        source: "structural",
+        evidence: [finding]
+      });
+    }
+    if (llmResult) {
+      for (const finding of llmResult.findings) {
+        intents.push({
+          category: "code_execution",
+          description: finding,
+          confidence: llmResult.confidence,
+          source: "llm",
+          evidence: [finding]
+        });
+      }
+    }
+    return intents;
+  }
+  combineResults(ruleResult, structuralResult, llmResult) {
+    const ruleWeight = 0.5;
+    const structWeight = 0.3;
+    const llmWeight = llmResult ? 0.2 : 0;
+    const normalizer = ruleWeight + structWeight + llmWeight;
+    const combinedScore = Math.round(
+      (ruleResult.riskScore * ruleWeight + structuralResult.riskScore * structWeight + (llmResult?.riskScore ?? 0) * llmWeight) / normalizer
+    );
+    const levels = [ruleResult.riskLevel, structuralResult.riskLevel, llmResult?.riskLevel].filter(Boolean);
+    const levelOrder = { safe: 0, suspicious: 1, dangerous: 2, critical: 3 };
+    const maxLevel = levels.reduce(
+      (max, l) => (levelOrder[l] ?? 0) > (levelOrder[max] ?? 0) ? l : max,
+      "safe"
+    );
+    const confidence = Math.round(
+      (ruleResult.confidence * ruleWeight + structuralResult.confidence * structWeight + (llmResult?.confidence ?? 0) * llmWeight) / normalizer * 100
+    ) / 100;
+    let recommendation;
+    if (combinedScore < 20) recommendation = "allow";
+    else if (combinedScore < 45) recommendation = "warn";
+    else if (combinedScore < 70) recommendation = "require-approval";
+    else recommendation = "block";
+    const allFindings = [
+      ...ruleResult.findings,
+      ...structuralResult.findings,
+      ...llmResult?.findings ?? []
+    ];
+    const explanation = allFindings.length > 0 ? `Risk: ${maxLevel} (score: ${combinedScore}). Findings: ${allFindings.slice(0, 3).join("; ")}` : `Risk: ${maxLevel} (score: ${combinedScore}). No specific findings.`;
+    return {
+      riskLevel: maxLevel,
+      riskScore: combinedScore,
+      confidence,
+      recommendation,
+      explanation
+    };
+  }
+};
+function createSemanticAnalyzer(overrides = {}) {
+  return new SemanticAnalyzer(overrides);
+}
+function createParanoidAnalyzer(llmProvider) {
+  return new SemanticAnalyzer({
+    enableLLM: !!llmProvider,
+    llmProvider,
+    llmTriggerThreshold: 20,
+    llmTimeout: 15e3,
+    enableStructural: true,
+    sensitivity: "paranoid"
+  });
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  SemanticAnalyzer,
+  createParanoidAnalyzer,
+  createSemanticAnalyzer
+});