visus-mcp 0.1.0

package/dist/sanitizer/index.d.ts

@@ -0,0 +1,55 @@
+/**
+ * Sanitizer Orchestrator
+ *
+ * Main entry point for content sanitization. Coordinates injection detection
+ * and PII redaction pipelines.
+ *
+ * CRITICAL: This is the core security mechanism. Every web page MUST pass
+ * through this sanitizer before reaching the LLM. This cannot be bypassed.
+ */
+export interface SanitizationResult {
+    content: string;
+    sanitization: {
+        patterns_detected: string[];
+        pii_types_redacted: string[];
+        content_modified: boolean;
+    };
+    metadata: {
+        original_length: number;
+        sanitized_length: number;
+        severity_score: number;
+        has_critical_threats: boolean;
+        detections_by_severity: {
+            critical: number;
+            high: number;
+            medium: number;
+            low: number;
+        };
+    };
+}
+/**
+ * Sanitize content through the full pipeline
+ *
+ * Pipeline:
+ * 1. Injection detection and neutralization (43 patterns)
+ * 2. PII redaction (email, phone, SSN, CC, IP)
+ * 3. Metadata collection and logging
+ *
+ * @param content Raw content from web page
+ * @returns Sanitized content with detection metadata
+ */
+export declare function sanitize(content: string): SanitizationResult;
+/**
+ * Quick check: does content need sanitization?
+ * (Used for optimization - skip pipeline if content is clean)
+ *
+ * Note: Still run full pipeline for safety, but this can be used for metrics
+ */
+export declare function needsSanitization(_content: string): boolean;
+/**
+ * Export sub-components for testing
+ */
+export { detectAndNeutralize } from './injection-detector.js';
+export { redactPII, containsPII, detectPIITypes } from './pii-redactor.js';
+export { INJECTION_PATTERNS, getAllPatternNames } from './patterns.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/sanitizer/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/sanitizer/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAKH,MAAM,WAAW,kBAAkB;IACjC,OAAO,EAAE,MAAM,CAAC;IAChB,YAAY,EAAE;QACZ,iBAAiB,EAAE,MAAM,EAAE,CAAC;QAC5B,kBAAkB,EAAE,MAAM,EAAE,CAAC;QAC7B,gBAAgB,EAAE,OAAO,CAAC;KAC3B,CAAC;IACF,QAAQ,EAAE;QACR,eAAe,EAAE,MAAM,CAAC;QACxB,gBAAgB,EAAE,MAAM,CAAC;QACzB,cAAc,EAAE,MAAM,CAAC;QACvB,oBAAoB,EAAE,OAAO,CAAC;QAC9B,sBAAsB,EAAE;YACtB,QAAQ,EAAE,MAAM,CAAC;YACjB,IAAI,EAAE,MAAM,CAAC;YACb,MAAM,EAAE,MAAM,CAAC;YACf,GAAG,EAAE,MAAM,CAAC;SACb,CAAC;KACH,CAAC;CACH;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,QAAQ,CAAC,OAAO,EAAE,MAAM,GAAG,kBAAkB,CAwC5D;AAyBD;;;;;GAKG;AACH,wBAAgB,iBAAiB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAG3D;AAED;;GAEG;AACH,OAAO,EAAE,mBAAmB,EAAE,MAAM,yBAAyB,CAAC;AAC9D,OAAO,EAAE,SAAS,EAAE,WAAW,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AAC3E,OAAO,EAAE,kBAAkB,EAAE,kBAAkB,EAAE,MAAM,eAAe,CAAC"}

package/dist/sanitizer/index.js

@@ -0,0 +1,89 @@
+/**
+ * Sanitizer Orchestrator
+ *
+ * Main entry point for content sanitization. Coordinates injection detection
+ * and PII redaction pipelines.
+ *
+ * CRITICAL: This is the core security mechanism. Every web page MUST pass
+ * through this sanitizer before reaching the LLM. This cannot be bypassed.
+ */
+import { detectAndNeutralize, getSeverityScore, hasCriticalThreats } from './injection-detector.js';
+import { redactPII } from './pii-redactor.js';
+/**
+ * Sanitize content through the full pipeline
+ *
+ * Pipeline:
+ * 1. Injection detection and neutralization (43 patterns)
+ * 2. PII redaction (email, phone, SSN, CC, IP)
+ * 3. Metadata collection and logging
+ *
+ * @param content Raw content from web page
+ * @returns Sanitized content with detection metadata
+ */
+export function sanitize(content) {
+    const originalLength = content.length;
+    // Step 1: Detect and neutralize injection patterns
+    const injectionResult = detectAndNeutralize(content);
+    // Step 2: Redact PII from the already-sanitized content
+    const piiResult = redactPII(injectionResult.content);
+    // Step 3: Combine results
+    const finalContent = piiResult.content;
+    const contentModified = injectionResult.content_modified || piiResult.content_modified;
+    const severityScore = getSeverityScore(injectionResult.metadata.detections_by_severity);
+    const criticalThreats = hasCriticalThreats(injectionResult.metadata.detections_by_severity);
+    // Log to stderr for monitoring (not stdout - MCP protocol)
+    logSanitization({
+        patterns_detected: injectionResult.patterns_detected,
+        pii_types_redacted: piiResult.pii_types_redacted,
+        severity_score: severityScore,
+        has_critical_threats: criticalThreats,
+        content_modified: contentModified
+    });
+    return {
+        content: finalContent,
+        sanitization: {
+            patterns_detected: injectionResult.patterns_detected,
+            pii_types_redacted: piiResult.pii_types_redacted,
+            content_modified: contentModified
+        },
+        metadata: {
+            original_length: originalLength,
+            sanitized_length: finalContent.length,
+            severity_score: severityScore,
+            has_critical_threats: criticalThreats,
+            detections_by_severity: injectionResult.metadata.detections_by_severity
+        }
+    };
+}
+/**
+ * Log sanitization events to stderr for monitoring
+ * (structured JSON logging per Lateos conventions)
+ */
+function logSanitization(event) {
+    const logEntry = {
+        timestamp: new Date().toISOString(),
+        event: 'sanitization',
+        ...event
+    };
+    // Only log if there were detections (reduce noise)
+    if (event.content_modified) {
+        console.error(JSON.stringify(logEntry));
+    }
+}
+/**
+ * Quick check: does content need sanitization?
+ * (Used for optimization - skip pipeline if content is clean)
+ *
+ * Note: Still run full pipeline for safety, but this can be used for metrics
+ */
+export function needsSanitization(_content) {
+    // Always sanitize - this is just a helper for metrics
+    return true;
+}
+/**
+ * Export sub-components for testing
+ */
+export { detectAndNeutralize } from './injection-detector.js';
+export { redactPII, containsPII, detectPIITypes } from './pii-redactor.js';
+export { INJECTION_PATTERNS, getAllPatternNames } from './patterns.js';
+//# sourceMappingURL=index.js.map

package/dist/sanitizer/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/sanitizer/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAE,mBAAmB,EAAE,gBAAgB,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AACpG,OAAO,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AAuB9C;;;;;;;;;;GAUG;AACH,MAAM,UAAU,QAAQ,CAAC,OAAe;IACtC,MAAM,cAAc,GAAG,OAAO,CAAC,MAAM,CAAC;IAEtC,mDAAmD;IACnD,MAAM,eAAe,GAAG,mBAAmB,CAAC,OAAO,CAAC,CAAC;IAErD,wDAAwD;IACxD,MAAM,SAAS,GAAG,SAAS,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC;IAErD,0BAA0B;IAC1B,MAAM,YAAY,GAAG,SAAS,CAAC,OAAO,CAAC;IACvC,MAAM,eAAe,GAAG,eAAe,CAAC,gBAAgB,IAAI,SAAS,CAAC,gBAAgB,CAAC;IAEvF,MAAM,aAAa,GAAG,gBAAgB,CAAC,eAAe,CAAC,QAAQ,CAAC,sBAAsB,CAAC,CAAC;IACxF,MAAM,eAAe,GAAG,kBAAkB,CAAC,eAAe,CAAC,QAAQ,CAAC,sBAAsB,CAAC,CAAC;IAE5F,2DAA2D;IAC3D,eAAe,CAAC;QACd,iBAAiB,EAAE,eAAe,CAAC,iBAAiB;QACpD,kBAAkB,EAAE,SAAS,CAAC,kBAAkB;QAChD,cAAc,EAAE,aAAa;QAC7B,oBAAoB,EAAE,eAAe;QACrC,gBAAgB,EAAE,eAAe;KAClC,CAAC,CAAC;IAEH,OAAO;QACL,OAAO,EAAE,YAAY;QACrB,YAAY,EAAE;YACZ,iBAAiB,EAAE,eAAe,CAAC,iBAAiB;YACpD,kBAAkB,EAAE,SAAS,CAAC,kBAAkB;YAChD,gBAAgB,EAAE,eAAe;SAClC;QACD,QAAQ,EAAE;YACR,eAAe,EAAE,cAAc;YAC/B,gBAAgB,EAAE,YAAY,CAAC,MAAM;YACrC,cAAc,EAAE,aAAa;YAC7B,oBAAoB,EAAE,eAAe;YACrC,sBAAsB,EAAE,eAAe,CAAC,QAAQ,CAAC,sBAAsB;SACxE;KACF,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,SAAS,eAAe,CAAC,KAMxB;IACC,MAAM,QAAQ,GAAG;QACf,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACnC,KAAK,EAAE,cAAc;QACrB,GAAG,KAAK;KACT,CAAC;IAEF,mDAAmD;IACnD,IAAI,KAAK,CAAC,gBAAgB,EAAE,CAAC;QAC3B,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC;IAC1C,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,iBAAiB,CAAC,QAAgB;IAChD,sDAAsD;IACtD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;GAEG;AACH,OAAO,EAAE,mBAAmB,EAAE,MAAM,yBAAyB,CAAC;AAC9D,OAAO,EAAE,SAAS,EAAE,WAAW,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AAC3E,OAAO,EAAE,kBAAkB,EAAE,kBAAkB,EAAE,MAAM,eAAe,CAAC"}

package/dist/sanitizer/injection-detector.d.ts

@@ -0,0 +1,34 @@
+/**
+ * Injection Detection Engine
+ *
+ * Scans content against all 43 injection patterns and neutralizes threats
+ * based on pattern action directives (strip, redact, escape).
+ */
+export interface DetectionResult {
+    content: string;
+    patterns_detected: string[];
+    content_modified: boolean;
+    metadata: {
+        original_length: number;
+        sanitized_length: number;
+        detections_by_severity: {
+            critical: number;
+            high: number;
+            medium: number;
+            low: number;
+        };
+    };
+}
+/**
+ * Detect and neutralize injection patterns in content
+ */
+export declare function detectAndNeutralize(content: string): DetectionResult;
+/**
+ * Get severity score for logging/monitoring
+ */
+export declare function getSeverityScore(detectionsBySeverity: DetectionResult['metadata']['detections_by_severity']): number;
+/**
+ * Check if content has critical threats
+ */
+export declare function hasCriticalThreats(detectionsBySeverity: DetectionResult['metadata']['detections_by_severity']): boolean;
+//# sourceMappingURL=injection-detector.d.ts.map

package/dist/sanitizer/injection-detector.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"injection-detector.d.ts","sourceRoot":"","sources":["../../src/sanitizer/injection-detector.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,MAAM,CAAC;IAChB,iBAAiB,EAAE,MAAM,EAAE,CAAC;IAC5B,gBAAgB,EAAE,OAAO,CAAC;IAC1B,QAAQ,EAAE;QACR,eAAe,EAAE,MAAM,CAAC;QACxB,gBAAgB,EAAE,MAAM,CAAC;QACzB,sBAAsB,EAAE;YACtB,QAAQ,EAAE,MAAM,CAAC;YACjB,IAAI,EAAE,MAAM,CAAC;YACb,MAAM,EAAE,MAAM,CAAC;YACf,GAAG,EAAE,MAAM,CAAC;SACb,CAAC;KACH,CAAC;CACH;AAED;;GAEG;AACH,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,MAAM,GAAG,eAAe,CAmCpE;AAwCD;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,oBAAoB,EAAE,eAAe,CAAC,UAAU,CAAC,CAAC,wBAAwB,CAAC,GAAG,MAAM,CAOpH;AAED;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,oBAAoB,EAAE,eAAe,CAAC,UAAU,CAAC,CAAC,wBAAwB,CAAC,GAAG,OAAO,CAEvH"}

package/dist/sanitizer/injection-detector.js

@@ -0,0 +1,89 @@
+/**
+ * Injection Detection Engine
+ *
+ * Scans content against all 43 injection patterns and neutralizes threats
+ * based on pattern action directives (strip, redact, escape).
+ */
+import { INJECTION_PATTERNS } from './patterns.js';
+/**
+ * Detect and neutralize injection patterns in content
+ */
+export function detectAndNeutralize(content) {
+    const originalLength = content.length;
+    const patternsDetected = new Set();
+    const detectionsBySeverity = {
+        critical: 0,
+        high: 0,
+        medium: 0,
+        low: 0
+    };
+    let sanitizedContent = content;
+    // Apply each pattern
+    for (const pattern of INJECTION_PATTERNS) {
+        const matches = sanitizedContent.match(pattern.regex);
+        if (matches && matches.length > 0) {
+            patternsDetected.add(pattern.name);
+            detectionsBySeverity[pattern.severity] += matches.length;
+            // Apply action
+            sanitizedContent = applyAction(sanitizedContent, pattern);
+        }
+    }
+    return {
+        content: sanitizedContent,
+        patterns_detected: Array.from(patternsDetected),
+        content_modified: sanitizedContent !== content,
+        metadata: {
+            original_length: originalLength,
+            sanitized_length: sanitizedContent.length,
+            detections_by_severity: detectionsBySeverity
+        }
+    };
+}
+/**
+ * Apply the appropriate action for a pattern match
+ */
+function applyAction(content, pattern) {
+    switch (pattern.action) {
+        case 'strip':
+            // Remove matched content entirely
+            return content.replace(pattern.regex, '');
+        case 'redact':
+            // Replace with redaction marker
+            return content.replace(pattern.regex, `[REDACTED:${pattern.name.toUpperCase()}]`);
+        case 'escape':
+            // HTML escape matched content
+            return content.replace(pattern.regex, (match) => escapeHtml(match));
+        default:
+            return content;
+    }
+}
+/**
+ * HTML escape special characters
+ */
+function escapeHtml(text) {
+    const htmlEntities = {
+        '&': '&',
+        '<': '&lt;',
+        '>': '&gt;',
+        '"': '&quot;',
+        "'": '&#39;',
+        '/': '&#x2F;'
+    };
+    return text.replace(/[&<>"'/]/g, (char) => htmlEntities[char] || char);
+}
+/**
+ * Get severity score for logging/monitoring
+ */
+export function getSeverityScore(detectionsBySeverity) {
+    return (detectionsBySeverity.critical * 100 +
+        detectionsBySeverity.high * 50 +
+        detectionsBySeverity.medium * 10 +
+        detectionsBySeverity.low * 1);
+}
+/**
+ * Check if content has critical threats
+ */
+export function hasCriticalThreats(detectionsBySeverity) {
+    return detectionsBySeverity.critical > 0;
+}
+//# sourceMappingURL=injection-detector.js.map

package/dist/sanitizer/injection-detector.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"injection-detector.js","sourceRoot":"","sources":["../../src/sanitizer/injection-detector.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,kBAAkB,EAAyB,MAAM,eAAe,CAAC;AAkB1E;;GAEG;AACH,MAAM,UAAU,mBAAmB,CAAC,OAAe;IACjD,MAAM,cAAc,GAAG,OAAO,CAAC,MAAM,CAAC;IACtC,MAAM,gBAAgB,GAAG,IAAI,GAAG,EAAU,CAAC;IAC3C,MAAM,oBAAoB,GAAG;QAC3B,QAAQ,EAAE,CAAC;QACX,IAAI,EAAE,CAAC;QACP,MAAM,EAAE,CAAC;QACT,GAAG,EAAE,CAAC;KACP,CAAC;IAEF,IAAI,gBAAgB,GAAG,OAAO,CAAC;IAE/B,qBAAqB;IACrB,KAAK,MAAM,OAAO,IAAI,kBAAkB,EAAE,CAAC;QACzC,MAAM,OAAO,GAAG,gBAAgB,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;QAEtD,IAAI,OAAO,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAClC,gBAAgB,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;YACnC,oBAAoB,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,OAAO,CAAC,MAAM,CAAC;YAEzD,eAAe;YACf,gBAAgB,GAAG,WAAW,CAAC,gBAAgB,EAAE,OAAO,CAAC,CAAC;QAC5D,CAAC;IACH,CAAC;IAED,OAAO;QACL,OAAO,EAAE,gBAAgB;QACzB,iBAAiB,EAAE,KAAK,CAAC,IAAI,CAAC,gBAAgB,CAAC;QAC/C,gBAAgB,EAAE,gBAAgB,KAAK,OAAO;QAC9C,QAAQ,EAAE;YACR,eAAe,EAAE,cAAc;YAC/B,gBAAgB,EAAE,gBAAgB,CAAC,MAAM;YACzC,sBAAsB,EAAE,oBAAoB;SAC7C;KACF,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,WAAW,CAAC,OAAe,EAAE,OAAyB;IAC7D,QAAQ,OAAO,CAAC,MAAM,EAAE,CAAC;QACvB,KAAK,OAAO;YACV,kCAAkC;YAClC,OAAO,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;QAE5C,KAAK,QAAQ;YACX,gCAAgC;YAChC,OAAO,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,aAAa,OAAO,CAAC,IAAI,CAAC,WAAW,EAAE,GAAG,CAAC,CAAC;QAEpF,KAAK,QAAQ;YACX,8BAA8B;YAC9B,OAAO,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC,KAAK,EAAE,EAAE,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC;QAEtE;YACE,OAAO,OAAO,CAAC;IACnB,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,UAAU,CAAC,IAAY;IAC9B,MAAM,YAAY,GAA2B;QAC3C,GAAG,EAAE,OAAO;QACZ,GAAG,EAAE,MAAM;QACX,GAAG,EAAE,MAAM;QACX,GAAG,EAAE,QAAQ;QACb,GAAG,EAAE,OAAO;QACZ,GAAG,EAAE,QAAQ;KACd,CAAC;IAEF,OAAO,IAAI,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,IAAI,EAAE,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,CAAC;AACzE,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,gBAAgB,CAAC,oBAA2E;IAC1G,OAAO,CACL,oBAAoB,CAAC,QAAQ,GAAG,GAAG;QACnC,oBAAoB,CAAC,IAAI,GAAG,EAAE;QAC9B,oBAAoB,CAAC,MAAM,GAAG,EAAE;QAChC,oBAAoB,CAAC,GAAG,GAAG,CAAC,CAC7B,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,kBAAkB,CAAC,oBAA2E;IAC5G,OAAO,oBAAoB,CAAC,QAAQ,GAAG,CAAC,CAAC;AAC3C,CAAC"}

package/dist/sanitizer/patterns.d.ts

@@ -0,0 +1,30 @@
+/**
+ * Lateos Injection Pattern Library
+ *
+ * 43 validated injection pattern categories for detecting and neutralizing
+ * prompt injection attacks in web content before it reaches the LLM.
+ *
+ * Each pattern includes:
+ * - name: Pattern identifier
+ * - description: What this pattern detects
+ * - regex: Detection pattern (case-insensitive by default)
+ * - severity: risk level (critical, high, medium, low)
+ * - action: how to handle matches (strip, redact, escape)
+ */
+export interface InjectionPattern {
+    name: string;
+    description: string;
+    regex: RegExp;
+    severity: 'critical' | 'high' | 'medium' | 'low';
+    action: 'strip' | 'redact' | 'escape';
+}
+export declare const INJECTION_PATTERNS: InjectionPattern[];
+/**
+ * Get all pattern names for logging/testing
+ */
+export declare function getAllPatternNames(): string[];
+/**
+ * Get patterns by severity level
+ */
+export declare function getPatternsBySeverity(severity: 'critical' | 'high' | 'medium' | 'low'): InjectionPattern[];
+//# sourceMappingURL=patterns.d.ts.map

package/dist/sanitizer/patterns.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"patterns.d.ts","sourceRoot":"","sources":["../../src/sanitizer/patterns.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,MAAM,WAAW,gBAAgB;IAC/B,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;IACjD,MAAM,EAAE,OAAO,GAAG,QAAQ,GAAG,QAAQ,CAAC;CACvC;AAED,eAAO,MAAM,kBAAkB,EAAE,gBAAgB,EAmYhD,CAAC;AAEF;;GAEG;AACH,wBAAgB,kBAAkB,IAAI,MAAM,EAAE,CAE7C;AAED;;GAEG;AACH,wBAAgB,qBAAqB,CAAC,QAAQ,EAAE,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,GAAG,gBAAgB,EAAE,CAE1G"}