visus-mcp 0.2.0 → 0.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (107) hide show
  1. package/.claude/settings.local.json +22 -0
  2. package/LINKEDIN-STRATEGY.md +367 -0
  3. package/README.md +491 -16
  4. package/ROADMAP.md +214 -34
  5. package/SECURITY-AUDIT-v1.md +277 -0
  6. package/STATUS.md +801 -42
  7. package/TROUBLESHOOT-AUTH-20260322-2019.md +291 -0
  8. package/TROUBLESHOOT-JEST-20260323-1357.md +139 -0
  9. package/TROUBLESHOOT-LAMBDA-20260322-1945.md +183 -0
  10. package/VISUS-CLAUDE-CODE-PROMPT.md +1 -1
  11. package/VISUS-PROJECT-PLAN.md +7 -0
  12. package/dist/browser/playwright-renderer.d.ts.map +1 -1
  13. package/dist/browser/playwright-renderer.js +7 -0
  14. package/dist/browser/playwright-renderer.js.map +1 -1
  15. package/dist/browser/reader.d.ts +31 -0
  16. package/dist/browser/reader.d.ts.map +1 -0
  17. package/dist/browser/reader.js +98 -0
  18. package/dist/browser/reader.js.map +1 -0
  19. package/dist/index.d.ts +1 -1
  20. package/dist/index.d.ts.map +1 -1
  21. package/dist/index.js +37 -5
  22. package/dist/index.js.map +1 -1
  23. package/dist/lambda-handler.d.ts +0 -6
  24. package/dist/lambda-handler.d.ts.map +1 -1
  25. package/dist/lambda-handler.js +97 -25
  26. package/dist/lambda-handler.js.map +1 -1
  27. package/dist/sanitizer/framework-mapper.d.ts +22 -0
  28. package/dist/sanitizer/framework-mapper.d.ts.map +1 -0
  29. package/dist/sanitizer/framework-mapper.js +296 -0
  30. package/dist/sanitizer/framework-mapper.js.map +1 -0
  31. package/dist/sanitizer/index.d.ts +10 -2
  32. package/dist/sanitizer/index.d.ts.map +1 -1
  33. package/dist/sanitizer/index.js +22 -6
  34. package/dist/sanitizer/index.js.map +1 -1
  35. package/dist/sanitizer/patterns.js +1 -1
  36. package/dist/sanitizer/patterns.js.map +1 -1
  37. package/dist/sanitizer/pii-allowlist.d.ts +49 -0
  38. package/dist/sanitizer/pii-allowlist.d.ts.map +1 -0
  39. package/dist/sanitizer/pii-allowlist.js +231 -0
  40. package/dist/sanitizer/pii-allowlist.js.map +1 -0
  41. package/dist/sanitizer/pii-redactor.d.ts +13 -1
  42. package/dist/sanitizer/pii-redactor.d.ts.map +1 -1
  43. package/dist/sanitizer/pii-redactor.js +26 -2
  44. package/dist/sanitizer/pii-redactor.js.map +1 -1
  45. package/dist/sanitizer/severity-classifier.d.ts +33 -0
  46. package/dist/sanitizer/severity-classifier.d.ts.map +1 -0
  47. package/dist/sanitizer/severity-classifier.js +113 -0
  48. package/dist/sanitizer/severity-classifier.js.map +1 -0
  49. package/dist/sanitizer/threat-reporter.d.ts +65 -0
  50. package/dist/sanitizer/threat-reporter.d.ts.map +1 -0
  51. package/dist/sanitizer/threat-reporter.js +160 -0
  52. package/dist/sanitizer/threat-reporter.js.map +1 -0
  53. package/dist/tools/fetch-structured.d.ts +5 -0
  54. package/dist/tools/fetch-structured.d.ts.map +1 -1
  55. package/dist/tools/fetch-structured.js +59 -8
  56. package/dist/tools/fetch-structured.js.map +1 -1
  57. package/dist/tools/fetch.d.ts +5 -0
  58. package/dist/tools/fetch.d.ts.map +1 -1
  59. package/dist/tools/fetch.js +43 -9
  60. package/dist/tools/fetch.js.map +1 -1
  61. package/dist/tools/read.d.ts +51 -0
  62. package/dist/tools/read.d.ts.map +1 -0
  63. package/dist/tools/read.js +127 -0
  64. package/dist/tools/read.js.map +1 -0
  65. package/dist/tools/search.d.ts +45 -0
  66. package/dist/tools/search.d.ts.map +1 -0
  67. package/dist/tools/search.js +220 -0
  68. package/dist/tools/search.js.map +1 -0
  69. package/dist/types.d.ts +74 -0
  70. package/dist/types.d.ts.map +1 -1
  71. package/dist/types.js.map +1 -1
  72. package/dist/utils/format-converter.d.ts +39 -0
  73. package/dist/utils/format-converter.d.ts.map +1 -0
  74. package/dist/utils/format-converter.js +191 -0
  75. package/dist/utils/format-converter.js.map +1 -0
  76. package/dist/utils/truncate.d.ts +26 -0
  77. package/dist/utils/truncate.d.ts.map +1 -0
  78. package/dist/utils/truncate.js +54 -0
  79. package/dist/utils/truncate.js.map +1 -0
  80. package/infrastructure/stack.ts +55 -6
  81. package/jest.config.js +3 -0
  82. package/package.json +9 -2
  83. package/src/browser/playwright-renderer.ts +8 -0
  84. package/src/browser/reader.ts +129 -0
  85. package/src/index.ts +49 -5
  86. package/src/lambda-handler.ts +131 -26
  87. package/src/sanitizer/framework-mapper.ts +347 -0
  88. package/src/sanitizer/index.ts +28 -6
  89. package/src/sanitizer/patterns.ts +1 -1
  90. package/src/sanitizer/pii-allowlist.ts +273 -0
  91. package/src/sanitizer/pii-redactor.ts +43 -2
  92. package/src/sanitizer/severity-classifier.ts +132 -0
  93. package/src/sanitizer/threat-reporter.ts +261 -0
  94. package/src/tools/fetch-structured.ts +63 -8
  95. package/src/tools/fetch.ts +45 -9
  96. package/src/tools/read.ts +143 -0
  97. package/src/tools/search.ts +263 -0
  98. package/src/types.ts +71 -0
  99. package/src/utils/format-converter.ts +236 -0
  100. package/src/utils/truncate.ts +64 -0
  101. package/tests/auth-smoke.test.ts +480 -0
  102. package/tests/fetch-tool.test.ts +595 -2
  103. package/tests/pii-allowlist.test.ts +282 -0
  104. package/tests/reader.test.ts +353 -0
  105. package/tests/sanitizer.test.ts +52 -0
  106. package/tests/search.test.ts +456 -0
  107. package/tests/threat-reporter.test.ts +266 -0
@@ -10,12 +10,14 @@
10
10
 
11
11
  import { detectAndNeutralize, getSeverityScore, hasCriticalThreats } from './injection-detector.js';
12
12
  import { redactPII } from './pii-redactor.js';
13
+ import { generateThreatReport, type ThreatReport } from './threat-reporter.js';
13
14
 
14
15
  export interface SanitizationResult {
15
16
  content: string;
16
17
  sanitization: {
17
18
  patterns_detected: string[];
18
19
  pii_types_redacted: string[];
20
+ pii_allowlisted: Array<{ type: string; value: string; reason: string }>;
19
21
  content_modified: boolean;
20
22
  };
21
23
  metadata: {
@@ -30,6 +32,7 @@ export interface SanitizationResult {
30
32
  low: number;
31
33
  };
32
34
  };
35
+ threat_report?: ThreatReport;
33
36
  }
34
37
 
35
38
  /**
@@ -37,20 +40,21 @@ export interface SanitizationResult {
37
40
  *
38
41
  * Pipeline:
39
42
  * 1. Injection detection and neutralization (43 patterns)
40
- * 2. PII redaction (email, phone, SSN, CC, IP)
43
+ * 2. PII redaction (email, phone, SSN, CC, IP) with allowlisting
41
44
  * 3. Metadata collection and logging
42
45
  *
43
46
  * @param content Raw content from web page
47
+ * @param sourceUrl Optional source URL for domain-scoped PII allowlisting
44
48
  * @returns Sanitized content with detection metadata
45
49
  */
46
- export function sanitize(content: string): SanitizationResult {
50
+ export function sanitize(content: string, sourceUrl?: string): SanitizationResult {
47
51
  const originalLength = content.length;
48
52
 
49
53
  // Step 1: Detect and neutralize injection patterns
50
54
  const injectionResult = detectAndNeutralize(content);
51
55
 
52
- // Step 2: Redact PII from the already-sanitized content
53
- const piiResult = redactPII(injectionResult.content);
56
+ // Step 2: Redact PII from the already-sanitized content (with allowlisting)
57
+ const piiResult = redactPII(injectionResult.content, sourceUrl);
54
58
 
55
59
  // Step 3: Combine results
56
60
  const finalContent = piiResult.content;
@@ -63,16 +67,26 @@ export function sanitize(content: string): SanitizationResult {
63
67
  logSanitization({
64
68
  patterns_detected: injectionResult.patterns_detected,
65
69
  pii_types_redacted: piiResult.pii_types_redacted,
70
+ pii_allowlisted: piiResult.pii_allowlisted,
66
71
  severity_score: severityScore,
67
72
  has_critical_threats: criticalThreats,
68
73
  content_modified: contentModified
69
74
  });
70
75
 
71
- return {
76
+ // Step 4: Generate threat report (only if findings exist)
77
+ const threatReport = generateThreatReport({
78
+ patterns_detected: injectionResult.patterns_detected,
79
+ pii_redacted: piiResult.pii_types_redacted.length,
80
+ source_url: sourceUrl || 'unknown',
81
+ detections_by_severity: injectionResult.metadata.detections_by_severity
82
+ });
83
+
84
+ const result: SanitizationResult = {
72
85
  content: finalContent,
73
86
  sanitization: {
74
87
  patterns_detected: injectionResult.patterns_detected,
75
88
  pii_types_redacted: piiResult.pii_types_redacted,
89
+ pii_allowlisted: piiResult.pii_allowlisted,
76
90
  content_modified: contentModified
77
91
  },
78
92
  metadata: {
@@ -83,6 +97,13 @@ export function sanitize(content: string): SanitizationResult {
83
97
  detections_by_severity: injectionResult.metadata.detections_by_severity
84
98
  }
85
99
  };
100
+
101
+ // Include threat_report only if findings exist
102
+ if (threatReport) {
103
+ result.threat_report = threatReport;
104
+ }
105
+
106
+ return result;
86
107
  }
87
108
 
88
109
  /**
@@ -92,6 +113,7 @@ export function sanitize(content: string): SanitizationResult {
92
113
  function logSanitization(event: {
93
114
  patterns_detected: string[];
94
115
  pii_types_redacted: string[];
116
+ pii_allowlisted: Array<{ type: string; value: string; reason: string }>;
95
117
  severity_score: number;
96
118
  has_critical_threats: boolean;
97
119
  content_modified: boolean;
@@ -103,7 +125,7 @@ function logSanitization(event: {
103
125
  };
104
126
 
105
127
  // Only log if there were detections (reduce noise)
106
- if (event.content_modified) {
128
+ if (event.content_modified || event.pii_allowlisted.length > 0) {
107
129
  console.error(JSON.stringify(logEntry));
108
130
  }
109
131
  }
@@ -313,7 +313,7 @@ export const INJECTION_PATTERNS: InjectionPattern[] = [
313
313
  {
314
314
  name: 'code_execution_requests',
315
315
  description: 'Requests code execution or contains dangerous code patterns',
316
- regex: /\b(execute|run\s+the\s+following|eval\(|exec\(|os\.system|subprocess|__import__|shell\s+command|bash\s+-c)\b/gi,
316
+ regex: /\b(execute(?!-api\.)|run\s+the\s+following|eval\(|exec\(|os\.system|subprocess|__import__|shell\s+command|bash\s+-c)\b/gi,
317
317
  severity: 'high',
318
318
  action: 'redact'
319
319
  },
@@ -0,0 +1,273 @@
1
+ /**
2
+ * PII Allowlist Configuration
3
+ *
4
+ * Defines trusted phone numbers that should NOT be redacted from web content.
5
+ * Primarily for verified health authority and government emergency numbers.
6
+ *
7
+ * CRITICAL: Only add numbers that are:
8
+ * 1. Publicly published institutional/government numbers
9
+ * 2. Verified health/safety authorities
10
+ * 3. Not personal contact information
11
+ */
12
+
13
+ export interface TrustedPhoneNumber {
14
+ /** Display name for logging */
15
+ name: string;
16
+ /** Normalized phone number variants (all formats this number might appear in) */
17
+ numbers: string[];
18
+ /** Optional: domains where this number is trusted (empty = trusted everywhere) */
19
+ trustedDomains?: string[];
20
+ /** Category for audit logging */
21
+ category: 'emergency' | 'health_authority' | 'government' | 'helpline';
22
+ }
23
+
24
+ export interface PIIAllowlistConfig {
25
+ /** When true, trusted numbers only preserved if source domain matches trustedDomains */
26
+ strictDomainMode: boolean;
27
+ /** List of verified trusted phone numbers */
28
+ trustedPhoneNumbers: TrustedPhoneNumber[];
29
+ }
30
+
31
+ /**
32
+ * Normalize a phone number to digits-only format for comparison
33
+ */
34
+ export function normalizePhoneNumber(phone: string): string {
35
+ return phone.replace(/\D/g, '');
36
+ }
37
+
38
+ /**
39
+ * Extract domain from URL (returns hostname without www.)
40
+ */
41
+ export function extractDomain(url: string): string {
42
+ try {
43
+ const parsedUrl = new URL(url);
44
+ return parsedUrl.hostname.replace(/^www\./, '').toLowerCase();
45
+ } catch {
46
+ return '';
47
+ }
48
+ }
49
+
50
+ /**
51
+ * Built-in allowlist of verified health authority and emergency numbers
52
+ */
53
+ export const DEFAULT_ALLOWLIST: PIIAllowlistConfig = {
54
+ strictDomainMode: false, // Default: trust globally, not domain-scoped
55
+
56
+ trustedPhoneNumbers: [
57
+ // Emergency Services
58
+ {
59
+ name: 'Emergency Services (911)',
60
+ numbers: ['911'],
61
+ category: 'emergency'
62
+ },
63
+
64
+ // Poison Control
65
+ {
66
+ name: 'Poison Control Center',
67
+ numbers: [
68
+ '18002221222',
69
+ '8002221222',
70
+ '1-800-222-1222',
71
+ '800-222-1222'
72
+ ],
73
+ trustedDomains: [
74
+ 'medlineplus.gov',
75
+ 'cdc.gov',
76
+ 'fda.gov',
77
+ 'aapcc.org',
78
+ 'poison.org',
79
+ 'nih.gov',
80
+ 'nlm.nih.gov'
81
+ ],
82
+ category: 'health_authority'
83
+ },
84
+
85
+ // FDA MedWatch (adverse event reporting)
86
+ {
87
+ name: 'FDA MedWatch',
88
+ numbers: [
89
+ '18003321088',
90
+ '8003321088',
91
+ '1-800-332-1088',
92
+ '800-332-1088'
93
+ ],
94
+ trustedDomains: [
95
+ 'fda.gov',
96
+ 'medlineplus.gov',
97
+ 'cdc.gov',
98
+ 'nih.gov'
99
+ ],
100
+ category: 'health_authority'
101
+ },
102
+
103
+ // CDC INFO
104
+ {
105
+ name: 'CDC INFO',
106
+ numbers: [
107
+ '18002324636',
108
+ '8002324636',
109
+ '1-800-232-4636',
110
+ '800-232-4636'
111
+ ],
112
+ trustedDomains: [
113
+ 'cdc.gov',
114
+ 'medlineplus.gov',
115
+ 'nih.gov'
116
+ ],
117
+ category: 'health_authority'
118
+ },
119
+
120
+ // SAMHSA National Helpline (substance abuse/mental health)
121
+ {
122
+ name: 'SAMHSA National Helpline',
123
+ numbers: [
124
+ '18006624357',
125
+ '8006624357',
126
+ '1-800-662-4357',
127
+ '800-662-4357'
128
+ ],
129
+ trustedDomains: [
130
+ 'samhsa.gov',
131
+ 'medlineplus.gov',
132
+ 'cdc.gov',
133
+ 'nih.gov'
134
+ ],
135
+ category: 'helpline'
136
+ },
137
+
138
+ // National Suicide Prevention Lifeline
139
+ {
140
+ name: 'National Suicide Prevention Lifeline',
141
+ numbers: [
142
+ '18002738255',
143
+ '8002738255',
144
+ '1-800-273-8255',
145
+ '800-273-8255',
146
+ '988' // New 3-digit code
147
+ ],
148
+ trustedDomains: [
149
+ 'suicidepreventionlifeline.org',
150
+ 'samhsa.gov',
151
+ 'medlineplus.gov',
152
+ 'cdc.gov',
153
+ 'nih.gov'
154
+ ],
155
+ category: 'helpline'
156
+ },
157
+
158
+ // National Domestic Violence Hotline
159
+ {
160
+ name: 'National Domestic Violence Hotline',
161
+ numbers: [
162
+ '18007997233',
163
+ '8007997233',
164
+ '1-800-799-7233',
165
+ '800-799-7233'
166
+ ],
167
+ trustedDomains: [
168
+ 'thehotline.org',
169
+ 'cdc.gov',
170
+ 'medlineplus.gov',
171
+ 'nih.gov'
172
+ ],
173
+ category: 'helpline'
174
+ },
175
+
176
+ // Medicare
177
+ {
178
+ name: 'Medicare',
179
+ numbers: [
180
+ '18006331795',
181
+ '8006331795',
182
+ '1-800-633-1795',
183
+ '800-633-1795'
184
+ ],
185
+ trustedDomains: [
186
+ 'medicare.gov',
187
+ 'cms.gov',
188
+ 'medlineplus.gov',
189
+ 'nih.gov'
190
+ ],
191
+ category: 'government'
192
+ },
193
+
194
+ // Veterans Crisis Line
195
+ {
196
+ name: 'Veterans Crisis Line',
197
+ numbers: [
198
+ '18002738255',
199
+ '8002738255',
200
+ '1-800-273-8255',
201
+ '800-273-8255'
202
+ ],
203
+ trustedDomains: [
204
+ 'va.gov',
205
+ 'veteranscrisisline.net',
206
+ 'medlineplus.gov',
207
+ 'nih.gov'
208
+ ],
209
+ category: 'helpline'
210
+ }
211
+ ]
212
+ };
213
+
214
+ /**
215
+ * Check if a phone number should be allowlisted (not redacted)
216
+ *
217
+ * @param phoneNumber The phone number to check (in any format)
218
+ * @param sourceUrl Optional source URL for domain-scoped allowlisting
219
+ * @param config Optional custom config (defaults to DEFAULT_ALLOWLIST)
220
+ * @returns The trusted number entry if allowlisted, null otherwise
221
+ */
222
+ export function isAllowlistedPhoneNumber(
223
+ phoneNumber: string,
224
+ sourceUrl?: string,
225
+ config: PIIAllowlistConfig = DEFAULT_ALLOWLIST
226
+ ): TrustedPhoneNumber | null {
227
+ const normalized = normalizePhoneNumber(phoneNumber);
228
+ const sourceDomain = sourceUrl ? extractDomain(sourceUrl) : '';
229
+
230
+ for (const trustedEntry of config.trustedPhoneNumbers) {
231
+ // Check if any variant of this trusted number matches
232
+ const matchesNumber = trustedEntry.numbers.some(variant => {
233
+ const normalizedVariant = normalizePhoneNumber(variant);
234
+ return normalized === normalizedVariant;
235
+ });
236
+
237
+ if (!matchesNumber) {
238
+ continue; // Number doesn't match, check next entry
239
+ }
240
+
241
+ // Number matches - now check domain restrictions
242
+ const hasDomainRestrictions = trustedEntry.trustedDomains && trustedEntry.trustedDomains.length > 0;
243
+
244
+ if (!hasDomainRestrictions) {
245
+ // No domain restrictions - trust globally
246
+ return trustedEntry;
247
+ }
248
+
249
+ // Has domain restrictions
250
+ if (config.strictDomainMode && !sourceUrl) {
251
+ // Strict mode requires domain match, but no URL provided
252
+ continue;
253
+ }
254
+
255
+ if (sourceUrl && trustedEntry.trustedDomains) {
256
+ // Check if source domain matches any trusted domain
257
+ const isDomainTrusted = trustedEntry.trustedDomains.some(trustedDomain => {
258
+ return sourceDomain.endsWith(trustedDomain);
259
+ });
260
+
261
+ if (isDomainTrusted) {
262
+ return trustedEntry;
263
+ }
264
+ }
265
+
266
+ // In non-strict mode, trust the number even if domain doesn't match
267
+ if (!config.strictDomainMode) {
268
+ return trustedEntry;
269
+ }
270
+ }
271
+
272
+ return null; // No match found
273
+ }
@@ -5,14 +5,23 @@
5
5
  * to prevent leakage of sensitive data to the LLM.
6
6
  *
7
7
  * Redacts: emails, phone numbers, SSNs, credit cards, IP addresses
8
+ * Supports allowlisting of trusted institutional phone numbers (e.g., Poison Control)
8
9
  */
9
10
 
11
+ import {
12
+ isAllowlistedPhoneNumber,
13
+ type PIIAllowlistConfig,
14
+ DEFAULT_ALLOWLIST
15
+ } from './pii-allowlist.js';
16
+
10
17
  export interface PIIRedactionResult {
11
18
  content: string;
12
19
  pii_types_redacted: string[];
20
+ pii_allowlisted: Array<{ type: string; value: string; reason: string }>;
13
21
  content_modified: boolean;
14
22
  metadata: {
15
23
  redaction_counts: Record<string, number>;
24
+ allowlist_counts: Record<string, number>;
16
25
  };
17
26
  }
18
27
 
@@ -151,10 +160,20 @@ function luhnCheck(digits: string): boolean {
151
160
 
152
161
  /**
153
162
  * Redact PII from content
163
+ *
164
+ * @param content Content to redact PII from
165
+ * @param sourceUrl Optional source URL for domain-scoped allowlisting
166
+ * @param allowlistConfig Optional custom allowlist config
154
167
  */
155
- export function redactPII(content: string): PIIRedactionResult {
168
+ export function redactPII(
169
+ content: string,
170
+ sourceUrl?: string,
171
+ allowlistConfig: PIIAllowlistConfig = DEFAULT_ALLOWLIST
172
+ ): PIIRedactionResult {
156
173
  const piiTypesRedacted = new Set<string>();
157
174
  const redactionCounts: Record<string, number> = {};
175
+ const allowlistCounts: Record<string, number> = {};
176
+ const piiAllowlisted: Array<{ type: string; value: string; reason: string }> = [];
158
177
  let sanitizedContent = content;
159
178
 
160
179
  for (const pattern of PII_PATTERNS) {
@@ -168,6 +187,26 @@ export function redactPII(content: string): PIIRedactionResult {
168
187
  continue;
169
188
  }
170
189
 
190
+ // Check allowlist for phone numbers
191
+ if (pattern.type === 'PHONE') {
192
+ const allowlistedEntry = isAllowlistedPhoneNumber(
193
+ matchedText,
194
+ sourceUrl,
195
+ allowlistConfig
196
+ );
197
+
198
+ if (allowlistedEntry) {
199
+ // This is a trusted number - DO NOT redact
200
+ piiAllowlisted.push({
201
+ type: pattern.type,
202
+ value: matchedText,
203
+ reason: `Trusted ${allowlistedEntry.category}: ${allowlistedEntry.name}`
204
+ });
205
+ allowlistCounts[pattern.name] = (allowlistCounts[pattern.name] || 0) + 1;
206
+ continue; // Skip redaction
207
+ }
208
+ }
209
+
171
210
  // Redact the PII
172
211
  sanitizedContent = sanitizedContent.replace(
173
212
  matchedText,
@@ -182,9 +221,11 @@ export function redactPII(content: string): PIIRedactionResult {
182
221
  return {
183
222
  content: sanitizedContent,
184
223
  pii_types_redacted: Array.from(piiTypesRedacted),
224
+ pii_allowlisted: piiAllowlisted,
185
225
  content_modified: sanitizedContent !== content,
186
226
  metadata: {
187
- redaction_counts: redactionCounts
227
+ redaction_counts: redactionCounts,
228
+ allowlist_counts: allowlistCounts
188
229
  }
189
230
  };
190
231
  }
@@ -0,0 +1,132 @@
1
+ /**
2
+ * Severity Classification Engine
3
+ *
4
+ * Maps injection pattern categories to standardized severity levels.
5
+ * Used for threat reporting and compliance documentation.
6
+ */
7
+
8
+ export type Severity = 'CRITICAL' | 'HIGH' | 'MEDIUM' | 'LOW';
9
+ export type OverallSeverity = Severity | 'CLEAN';
10
+
11
+ /**
12
+ * Pattern category to severity mapping
13
+ * Aligned with NIST AI 600-1 and OWASP LLM Top 10 risk levels
14
+ */
15
+ const SEVERITY_MAP: Record<string, Severity> = {
16
+ // CRITICAL - Immediate threat, block-level
17
+ direct_instruction_injection: 'CRITICAL',
18
+ role_hijacking: 'CRITICAL',
19
+ system_prompt_extraction: 'CRITICAL',
20
+ privilege_escalation: 'CRITICAL',
21
+ data_exfiltration: 'CRITICAL',
22
+ code_execution_requests: 'CRITICAL',
23
+ memory_manipulation: 'CRITICAL',
24
+ jailbreak_keywords: 'CRITICAL',
25
+ ethical_override: 'CRITICAL',
26
+ credential_harvesting: 'CRITICAL',
27
+ html_script_injection: 'CRITICAL',
28
+
29
+ // HIGH - Significant threat
30
+ context_poisoning: 'HIGH',
31
+ base64_obfuscation: 'HIGH',
32
+ zero_width_characters: 'HIGH',
33
+ data_uri_injection: 'HIGH',
34
+ markdown_link_injection: 'HIGH',
35
+ instruction_delimiter_injection: 'HIGH',
36
+ token_smuggling: 'HIGH',
37
+ system_message_injection: 'HIGH',
38
+ file_system_access: 'HIGH',
39
+ training_data_extraction: 'HIGH',
40
+ nested_encoding: 'HIGH',
41
+ authority_impersonation: 'HIGH',
42
+ callback_url_injection: 'HIGH',
43
+
44
+ // MEDIUM - Moderate threat
45
+ comment_injection: 'MEDIUM',
46
+ unicode_lookalikes: 'MEDIUM',
47
+ url_fragment_hashjack: 'MEDIUM',
48
+ social_engineering_urgency: 'MEDIUM',
49
+ multi_language_obfuscation: 'MEDIUM',
50
+ reverse_text_obfuscation: 'MEDIUM',
51
+ conversation_reset: 'MEDIUM',
52
+ chain_of_thought_manipulation: 'MEDIUM',
53
+ hypothetical_scenario_injection: 'MEDIUM',
54
+ output_format_manipulation: 'MEDIUM',
55
+ simulator_mode: 'MEDIUM',
56
+ payload_splitting: 'MEDIUM',
57
+ css_hiding: 'MEDIUM',
58
+ testing_debugging_claims: 'MEDIUM',
59
+
60
+ // LOW - Low threat, flagged for awareness
61
+ leetspeak_obfuscation: 'LOW',
62
+ capability_probing: 'LOW',
63
+ negative_instruction: 'LOW',
64
+ time_based_triggers: 'LOW',
65
+ whitespace_steganography: 'LOW'
66
+ };
67
+
68
+ /**
69
+ * Classify severity for a single pattern category
70
+ */
71
+ export function classifySeverity(patternCategory: string): Severity {
72
+ return SEVERITY_MAP[patternCategory] || 'LOW';
73
+ }
74
+
75
+ /**
76
+ * Interface for a threat finding
77
+ */
78
+ export interface Finding {
79
+ pattern_category: string;
80
+ severity: Severity;
81
+ }
82
+
83
+ /**
84
+ * Aggregate severity across multiple findings
85
+ * Returns the highest severity level found, or CLEAN if no findings
86
+ */
87
+ export function aggregateSeverity(findings: Finding[]): OverallSeverity {
88
+ if (findings.length === 0) {
89
+ return 'CLEAN';
90
+ }
91
+
92
+ const severities = findings.map(f => f.severity);
93
+
94
+ if (severities.includes('CRITICAL')) return 'CRITICAL';
95
+ if (severities.includes('HIGH')) return 'HIGH';
96
+ if (severities.includes('MEDIUM')) return 'MEDIUM';
97
+ if (severities.includes('LOW')) return 'LOW';
98
+
99
+ return 'CLEAN';
100
+ }
101
+
102
+ /**
103
+ * Count findings by severity level
104
+ */
105
+ export function countBySeverity(findings: Finding[]): Record<Severity, number> {
106
+ const counts: Record<Severity, number> = {
107
+ CRITICAL: 0,
108
+ HIGH: 0,
109
+ MEDIUM: 0,
110
+ LOW: 0
111
+ };
112
+
113
+ for (const finding of findings) {
114
+ counts[finding.severity]++;
115
+ }
116
+
117
+ return counts;
118
+ }
119
+
120
+ /**
121
+ * Get emoji for severity level (for Markdown reports)
122
+ */
123
+ export function getSeverityEmoji(severity: Severity | OverallSeverity): string {
124
+ switch (severity) {
125
+ case 'CRITICAL': return '🔴';
126
+ case 'HIGH': return '🟠';
127
+ case 'MEDIUM': return '🟡';
128
+ case 'LOW': return '🟢';
129
+ case 'CLEAN': return '✅';
130
+ default: return '⚪';
131
+ }
132
+ }