visus-mcp 0.2.0 → 0.6.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.claude/settings.local.json +22 -0
- package/LINKEDIN-STRATEGY.md +367 -0
- package/README.md +491 -16
- package/ROADMAP.md +214 -34
- package/SECURITY-AUDIT-v1.md +277 -0
- package/STATUS.md +801 -42
- package/TROUBLESHOOT-AUTH-20260322-2019.md +291 -0
- package/TROUBLESHOOT-JEST-20260323-1357.md +139 -0
- package/TROUBLESHOOT-LAMBDA-20260322-1945.md +183 -0
- package/VISUS-CLAUDE-CODE-PROMPT.md +1 -1
- package/VISUS-PROJECT-PLAN.md +7 -0
- package/dist/browser/playwright-renderer.d.ts.map +1 -1
- package/dist/browser/playwright-renderer.js +7 -0
- package/dist/browser/playwright-renderer.js.map +1 -1
- package/dist/browser/reader.d.ts +31 -0
- package/dist/browser/reader.d.ts.map +1 -0
- package/dist/browser/reader.js +98 -0
- package/dist/browser/reader.js.map +1 -0
- package/dist/index.d.ts +1 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +37 -5
- package/dist/index.js.map +1 -1
- package/dist/lambda-handler.d.ts +0 -6
- package/dist/lambda-handler.d.ts.map +1 -1
- package/dist/lambda-handler.js +97 -25
- package/dist/lambda-handler.js.map +1 -1
- package/dist/sanitizer/framework-mapper.d.ts +22 -0
- package/dist/sanitizer/framework-mapper.d.ts.map +1 -0
- package/dist/sanitizer/framework-mapper.js +296 -0
- package/dist/sanitizer/framework-mapper.js.map +1 -0
- package/dist/sanitizer/index.d.ts +10 -2
- package/dist/sanitizer/index.d.ts.map +1 -1
- package/dist/sanitizer/index.js +22 -6
- package/dist/sanitizer/index.js.map +1 -1
- package/dist/sanitizer/patterns.js +1 -1
- package/dist/sanitizer/patterns.js.map +1 -1
- package/dist/sanitizer/pii-allowlist.d.ts +49 -0
- package/dist/sanitizer/pii-allowlist.d.ts.map +1 -0
- package/dist/sanitizer/pii-allowlist.js +231 -0
- package/dist/sanitizer/pii-allowlist.js.map +1 -0
- package/dist/sanitizer/pii-redactor.d.ts +13 -1
- package/dist/sanitizer/pii-redactor.d.ts.map +1 -1
- package/dist/sanitizer/pii-redactor.js +26 -2
- package/dist/sanitizer/pii-redactor.js.map +1 -1
- package/dist/sanitizer/severity-classifier.d.ts +33 -0
- package/dist/sanitizer/severity-classifier.d.ts.map +1 -0
- package/dist/sanitizer/severity-classifier.js +113 -0
- package/dist/sanitizer/severity-classifier.js.map +1 -0
- package/dist/sanitizer/threat-reporter.d.ts +65 -0
- package/dist/sanitizer/threat-reporter.d.ts.map +1 -0
- package/dist/sanitizer/threat-reporter.js +160 -0
- package/dist/sanitizer/threat-reporter.js.map +1 -0
- package/dist/tools/fetch-structured.d.ts +5 -0
- package/dist/tools/fetch-structured.d.ts.map +1 -1
- package/dist/tools/fetch-structured.js +59 -8
- package/dist/tools/fetch-structured.js.map +1 -1
- package/dist/tools/fetch.d.ts +5 -0
- package/dist/tools/fetch.d.ts.map +1 -1
- package/dist/tools/fetch.js +43 -9
- package/dist/tools/fetch.js.map +1 -1
- package/dist/tools/read.d.ts +51 -0
- package/dist/tools/read.d.ts.map +1 -0
- package/dist/tools/read.js +127 -0
- package/dist/tools/read.js.map +1 -0
- package/dist/tools/search.d.ts +45 -0
- package/dist/tools/search.d.ts.map +1 -0
- package/dist/tools/search.js +220 -0
- package/dist/tools/search.js.map +1 -0
- package/dist/types.d.ts +74 -0
- package/dist/types.d.ts.map +1 -1
- package/dist/types.js.map +1 -1
- package/dist/utils/format-converter.d.ts +39 -0
- package/dist/utils/format-converter.d.ts.map +1 -0
- package/dist/utils/format-converter.js +191 -0
- package/dist/utils/format-converter.js.map +1 -0
- package/dist/utils/truncate.d.ts +26 -0
- package/dist/utils/truncate.d.ts.map +1 -0
- package/dist/utils/truncate.js +54 -0
- package/dist/utils/truncate.js.map +1 -0
- package/infrastructure/stack.ts +55 -6
- package/jest.config.js +3 -0
- package/package.json +9 -2
- package/src/browser/playwright-renderer.ts +8 -0
- package/src/browser/reader.ts +129 -0
- package/src/index.ts +49 -5
- package/src/lambda-handler.ts +131 -26
- package/src/sanitizer/framework-mapper.ts +347 -0
- package/src/sanitizer/index.ts +28 -6
- package/src/sanitizer/patterns.ts +1 -1
- package/src/sanitizer/pii-allowlist.ts +273 -0
- package/src/sanitizer/pii-redactor.ts +43 -2
- package/src/sanitizer/severity-classifier.ts +132 -0
- package/src/sanitizer/threat-reporter.ts +261 -0
- package/src/tools/fetch-structured.ts +63 -8
- package/src/tools/fetch.ts +45 -9
- package/src/tools/read.ts +143 -0
- package/src/tools/search.ts +263 -0
- package/src/types.ts +71 -0
- package/src/utils/format-converter.ts +236 -0
- package/src/utils/truncate.ts +64 -0
- package/tests/auth-smoke.test.ts +480 -0
- package/tests/fetch-tool.test.ts +595 -2
- package/tests/pii-allowlist.test.ts +282 -0
- package/tests/reader.test.ts +353 -0
- package/tests/sanitizer.test.ts +52 -0
- package/tests/search.test.ts +456 -0
- package/tests/threat-reporter.test.ts +266 -0
package/src/sanitizer/index.ts
CHANGED
|
@@ -10,12 +10,14 @@
|
|
|
10
10
|
|
|
11
11
|
import { detectAndNeutralize, getSeverityScore, hasCriticalThreats } from './injection-detector.js';
|
|
12
12
|
import { redactPII } from './pii-redactor.js';
|
|
13
|
+
import { generateThreatReport, type ThreatReport } from './threat-reporter.js';
|
|
13
14
|
|
|
14
15
|
export interface SanitizationResult {
|
|
15
16
|
content: string;
|
|
16
17
|
sanitization: {
|
|
17
18
|
patterns_detected: string[];
|
|
18
19
|
pii_types_redacted: string[];
|
|
20
|
+
pii_allowlisted: Array<{ type: string; value: string; reason: string }>;
|
|
19
21
|
content_modified: boolean;
|
|
20
22
|
};
|
|
21
23
|
metadata: {
|
|
@@ -30,6 +32,7 @@ export interface SanitizationResult {
|
|
|
30
32
|
low: number;
|
|
31
33
|
};
|
|
32
34
|
};
|
|
35
|
+
threat_report?: ThreatReport;
|
|
33
36
|
}
|
|
34
37
|
|
|
35
38
|
/**
|
|
@@ -37,20 +40,21 @@ export interface SanitizationResult {
|
|
|
37
40
|
*
|
|
38
41
|
* Pipeline:
|
|
39
42
|
* 1. Injection detection and neutralization (43 patterns)
|
|
40
|
-
* 2. PII redaction (email, phone, SSN, CC, IP)
|
|
43
|
+
* 2. PII redaction (email, phone, SSN, CC, IP) with allowlisting
|
|
41
44
|
* 3. Metadata collection and logging
|
|
42
45
|
*
|
|
43
46
|
* @param content Raw content from web page
|
|
47
|
+
* @param sourceUrl Optional source URL for domain-scoped PII allowlisting
|
|
44
48
|
* @returns Sanitized content with detection metadata
|
|
45
49
|
*/
|
|
46
|
-
export function sanitize(content: string): SanitizationResult {
|
|
50
|
+
export function sanitize(content: string, sourceUrl?: string): SanitizationResult {
|
|
47
51
|
const originalLength = content.length;
|
|
48
52
|
|
|
49
53
|
// Step 1: Detect and neutralize injection patterns
|
|
50
54
|
const injectionResult = detectAndNeutralize(content);
|
|
51
55
|
|
|
52
|
-
// Step 2: Redact PII from the already-sanitized content
|
|
53
|
-
const piiResult = redactPII(injectionResult.content);
|
|
56
|
+
// Step 2: Redact PII from the already-sanitized content (with allowlisting)
|
|
57
|
+
const piiResult = redactPII(injectionResult.content, sourceUrl);
|
|
54
58
|
|
|
55
59
|
// Step 3: Combine results
|
|
56
60
|
const finalContent = piiResult.content;
|
|
@@ -63,16 +67,26 @@ export function sanitize(content: string): SanitizationResult {
|
|
|
63
67
|
logSanitization({
|
|
64
68
|
patterns_detected: injectionResult.patterns_detected,
|
|
65
69
|
pii_types_redacted: piiResult.pii_types_redacted,
|
|
70
|
+
pii_allowlisted: piiResult.pii_allowlisted,
|
|
66
71
|
severity_score: severityScore,
|
|
67
72
|
has_critical_threats: criticalThreats,
|
|
68
73
|
content_modified: contentModified
|
|
69
74
|
});
|
|
70
75
|
|
|
71
|
-
|
|
76
|
+
// Step 4: Generate threat report (only if findings exist)
|
|
77
|
+
const threatReport = generateThreatReport({
|
|
78
|
+
patterns_detected: injectionResult.patterns_detected,
|
|
79
|
+
pii_redacted: piiResult.pii_types_redacted.length,
|
|
80
|
+
source_url: sourceUrl || 'unknown',
|
|
81
|
+
detections_by_severity: injectionResult.metadata.detections_by_severity
|
|
82
|
+
});
|
|
83
|
+
|
|
84
|
+
const result: SanitizationResult = {
|
|
72
85
|
content: finalContent,
|
|
73
86
|
sanitization: {
|
|
74
87
|
patterns_detected: injectionResult.patterns_detected,
|
|
75
88
|
pii_types_redacted: piiResult.pii_types_redacted,
|
|
89
|
+
pii_allowlisted: piiResult.pii_allowlisted,
|
|
76
90
|
content_modified: contentModified
|
|
77
91
|
},
|
|
78
92
|
metadata: {
|
|
@@ -83,6 +97,13 @@ export function sanitize(content: string): SanitizationResult {
|
|
|
83
97
|
detections_by_severity: injectionResult.metadata.detections_by_severity
|
|
84
98
|
}
|
|
85
99
|
};
|
|
100
|
+
|
|
101
|
+
// Include threat_report only if findings exist
|
|
102
|
+
if (threatReport) {
|
|
103
|
+
result.threat_report = threatReport;
|
|
104
|
+
}
|
|
105
|
+
|
|
106
|
+
return result;
|
|
86
107
|
}
|
|
87
108
|
|
|
88
109
|
/**
|
|
@@ -92,6 +113,7 @@ export function sanitize(content: string): SanitizationResult {
|
|
|
92
113
|
function logSanitization(event: {
|
|
93
114
|
patterns_detected: string[];
|
|
94
115
|
pii_types_redacted: string[];
|
|
116
|
+
pii_allowlisted: Array<{ type: string; value: string; reason: string }>;
|
|
95
117
|
severity_score: number;
|
|
96
118
|
has_critical_threats: boolean;
|
|
97
119
|
content_modified: boolean;
|
|
@@ -103,7 +125,7 @@ function logSanitization(event: {
|
|
|
103
125
|
};
|
|
104
126
|
|
|
105
127
|
// Only log if there were detections (reduce noise)
|
|
106
|
-
if (event.content_modified) {
|
|
128
|
+
if (event.content_modified || event.pii_allowlisted.length > 0) {
|
|
107
129
|
console.error(JSON.stringify(logEntry));
|
|
108
130
|
}
|
|
109
131
|
}
|
|
@@ -313,7 +313,7 @@ export const INJECTION_PATTERNS: InjectionPattern[] = [
|
|
|
313
313
|
{
|
|
314
314
|
name: 'code_execution_requests',
|
|
315
315
|
description: 'Requests code execution or contains dangerous code patterns',
|
|
316
|
-
regex: /\b(execute|run\s+the\s+following|eval\(|exec\(|os\.system|subprocess|__import__|shell\s+command|bash\s+-c)\b/gi,
|
|
316
|
+
regex: /\b(execute(?!-api\.)|run\s+the\s+following|eval\(|exec\(|os\.system|subprocess|__import__|shell\s+command|bash\s+-c)\b/gi,
|
|
317
317
|
severity: 'high',
|
|
318
318
|
action: 'redact'
|
|
319
319
|
},
|
|
@@ -0,0 +1,273 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* PII Allowlist Configuration
|
|
3
|
+
*
|
|
4
|
+
* Defines trusted phone numbers that should NOT be redacted from web content.
|
|
5
|
+
* Primarily for verified health authority and government emergency numbers.
|
|
6
|
+
*
|
|
7
|
+
* CRITICAL: Only add numbers that are:
|
|
8
|
+
* 1. Publicly published institutional/government numbers
|
|
9
|
+
* 2. Verified health/safety authorities
|
|
10
|
+
* 3. Not personal contact information
|
|
11
|
+
*/
|
|
12
|
+
|
|
13
|
+
export interface TrustedPhoneNumber {
|
|
14
|
+
/** Display name for logging */
|
|
15
|
+
name: string;
|
|
16
|
+
/** Normalized phone number variants (all formats this number might appear in) */
|
|
17
|
+
numbers: string[];
|
|
18
|
+
/** Optional: domains where this number is trusted (empty = trusted everywhere) */
|
|
19
|
+
trustedDomains?: string[];
|
|
20
|
+
/** Category for audit logging */
|
|
21
|
+
category: 'emergency' | 'health_authority' | 'government' | 'helpline';
|
|
22
|
+
}
|
|
23
|
+
|
|
24
|
+
export interface PIIAllowlistConfig {
|
|
25
|
+
/** When true, trusted numbers only preserved if source domain matches trustedDomains */
|
|
26
|
+
strictDomainMode: boolean;
|
|
27
|
+
/** List of verified trusted phone numbers */
|
|
28
|
+
trustedPhoneNumbers: TrustedPhoneNumber[];
|
|
29
|
+
}
|
|
30
|
+
|
|
31
|
+
/**
|
|
32
|
+
* Normalize a phone number to digits-only format for comparison
|
|
33
|
+
*/
|
|
34
|
+
export function normalizePhoneNumber(phone: string): string {
|
|
35
|
+
return phone.replace(/\D/g, '');
|
|
36
|
+
}
|
|
37
|
+
|
|
38
|
+
/**
|
|
39
|
+
* Extract domain from URL (returns hostname without www.)
|
|
40
|
+
*/
|
|
41
|
+
export function extractDomain(url: string): string {
|
|
42
|
+
try {
|
|
43
|
+
const parsedUrl = new URL(url);
|
|
44
|
+
return parsedUrl.hostname.replace(/^www\./, '').toLowerCase();
|
|
45
|
+
} catch {
|
|
46
|
+
return '';
|
|
47
|
+
}
|
|
48
|
+
}
|
|
49
|
+
|
|
50
|
+
/**
|
|
51
|
+
* Built-in allowlist of verified health authority and emergency numbers
|
|
52
|
+
*/
|
|
53
|
+
export const DEFAULT_ALLOWLIST: PIIAllowlistConfig = {
|
|
54
|
+
strictDomainMode: false, // Default: trust globally, not domain-scoped
|
|
55
|
+
|
|
56
|
+
trustedPhoneNumbers: [
|
|
57
|
+
// Emergency Services
|
|
58
|
+
{
|
|
59
|
+
name: 'Emergency Services (911)',
|
|
60
|
+
numbers: ['911'],
|
|
61
|
+
category: 'emergency'
|
|
62
|
+
},
|
|
63
|
+
|
|
64
|
+
// Poison Control
|
|
65
|
+
{
|
|
66
|
+
name: 'Poison Control Center',
|
|
67
|
+
numbers: [
|
|
68
|
+
'18002221222',
|
|
69
|
+
'8002221222',
|
|
70
|
+
'1-800-222-1222',
|
|
71
|
+
'800-222-1222'
|
|
72
|
+
],
|
|
73
|
+
trustedDomains: [
|
|
74
|
+
'medlineplus.gov',
|
|
75
|
+
'cdc.gov',
|
|
76
|
+
'fda.gov',
|
|
77
|
+
'aapcc.org',
|
|
78
|
+
'poison.org',
|
|
79
|
+
'nih.gov',
|
|
80
|
+
'nlm.nih.gov'
|
|
81
|
+
],
|
|
82
|
+
category: 'health_authority'
|
|
83
|
+
},
|
|
84
|
+
|
|
85
|
+
// FDA MedWatch (adverse event reporting)
|
|
86
|
+
{
|
|
87
|
+
name: 'FDA MedWatch',
|
|
88
|
+
numbers: [
|
|
89
|
+
'18003321088',
|
|
90
|
+
'8003321088',
|
|
91
|
+
'1-800-332-1088',
|
|
92
|
+
'800-332-1088'
|
|
93
|
+
],
|
|
94
|
+
trustedDomains: [
|
|
95
|
+
'fda.gov',
|
|
96
|
+
'medlineplus.gov',
|
|
97
|
+
'cdc.gov',
|
|
98
|
+
'nih.gov'
|
|
99
|
+
],
|
|
100
|
+
category: 'health_authority'
|
|
101
|
+
},
|
|
102
|
+
|
|
103
|
+
// CDC INFO
|
|
104
|
+
{
|
|
105
|
+
name: 'CDC INFO',
|
|
106
|
+
numbers: [
|
|
107
|
+
'18002324636',
|
|
108
|
+
'8002324636',
|
|
109
|
+
'1-800-232-4636',
|
|
110
|
+
'800-232-4636'
|
|
111
|
+
],
|
|
112
|
+
trustedDomains: [
|
|
113
|
+
'cdc.gov',
|
|
114
|
+
'medlineplus.gov',
|
|
115
|
+
'nih.gov'
|
|
116
|
+
],
|
|
117
|
+
category: 'health_authority'
|
|
118
|
+
},
|
|
119
|
+
|
|
120
|
+
// SAMHSA National Helpline (substance abuse/mental health)
|
|
121
|
+
{
|
|
122
|
+
name: 'SAMHSA National Helpline',
|
|
123
|
+
numbers: [
|
|
124
|
+
'18006624357',
|
|
125
|
+
'8006624357',
|
|
126
|
+
'1-800-662-4357',
|
|
127
|
+
'800-662-4357'
|
|
128
|
+
],
|
|
129
|
+
trustedDomains: [
|
|
130
|
+
'samhsa.gov',
|
|
131
|
+
'medlineplus.gov',
|
|
132
|
+
'cdc.gov',
|
|
133
|
+
'nih.gov'
|
|
134
|
+
],
|
|
135
|
+
category: 'helpline'
|
|
136
|
+
},
|
|
137
|
+
|
|
138
|
+
// National Suicide Prevention Lifeline
|
|
139
|
+
{
|
|
140
|
+
name: 'National Suicide Prevention Lifeline',
|
|
141
|
+
numbers: [
|
|
142
|
+
'18002738255',
|
|
143
|
+
'8002738255',
|
|
144
|
+
'1-800-273-8255',
|
|
145
|
+
'800-273-8255',
|
|
146
|
+
'988' // New 3-digit code
|
|
147
|
+
],
|
|
148
|
+
trustedDomains: [
|
|
149
|
+
'suicidepreventionlifeline.org',
|
|
150
|
+
'samhsa.gov',
|
|
151
|
+
'medlineplus.gov',
|
|
152
|
+
'cdc.gov',
|
|
153
|
+
'nih.gov'
|
|
154
|
+
],
|
|
155
|
+
category: 'helpline'
|
|
156
|
+
},
|
|
157
|
+
|
|
158
|
+
// National Domestic Violence Hotline
|
|
159
|
+
{
|
|
160
|
+
name: 'National Domestic Violence Hotline',
|
|
161
|
+
numbers: [
|
|
162
|
+
'18007997233',
|
|
163
|
+
'8007997233',
|
|
164
|
+
'1-800-799-7233',
|
|
165
|
+
'800-799-7233'
|
|
166
|
+
],
|
|
167
|
+
trustedDomains: [
|
|
168
|
+
'thehotline.org',
|
|
169
|
+
'cdc.gov',
|
|
170
|
+
'medlineplus.gov',
|
|
171
|
+
'nih.gov'
|
|
172
|
+
],
|
|
173
|
+
category: 'helpline'
|
|
174
|
+
},
|
|
175
|
+
|
|
176
|
+
// Medicare
|
|
177
|
+
{
|
|
178
|
+
name: 'Medicare',
|
|
179
|
+
numbers: [
|
|
180
|
+
'18006331795',
|
|
181
|
+
'8006331795',
|
|
182
|
+
'1-800-633-1795',
|
|
183
|
+
'800-633-1795'
|
|
184
|
+
],
|
|
185
|
+
trustedDomains: [
|
|
186
|
+
'medicare.gov',
|
|
187
|
+
'cms.gov',
|
|
188
|
+
'medlineplus.gov',
|
|
189
|
+
'nih.gov'
|
|
190
|
+
],
|
|
191
|
+
category: 'government'
|
|
192
|
+
},
|
|
193
|
+
|
|
194
|
+
// Veterans Crisis Line
|
|
195
|
+
{
|
|
196
|
+
name: 'Veterans Crisis Line',
|
|
197
|
+
numbers: [
|
|
198
|
+
'18002738255',
|
|
199
|
+
'8002738255',
|
|
200
|
+
'1-800-273-8255',
|
|
201
|
+
'800-273-8255'
|
|
202
|
+
],
|
|
203
|
+
trustedDomains: [
|
|
204
|
+
'va.gov',
|
|
205
|
+
'veteranscrisisline.net',
|
|
206
|
+
'medlineplus.gov',
|
|
207
|
+
'nih.gov'
|
|
208
|
+
],
|
|
209
|
+
category: 'helpline'
|
|
210
|
+
}
|
|
211
|
+
]
|
|
212
|
+
};
|
|
213
|
+
|
|
214
|
+
/**
|
|
215
|
+
* Check if a phone number should be allowlisted (not redacted)
|
|
216
|
+
*
|
|
217
|
+
* @param phoneNumber The phone number to check (in any format)
|
|
218
|
+
* @param sourceUrl Optional source URL for domain-scoped allowlisting
|
|
219
|
+
* @param config Optional custom config (defaults to DEFAULT_ALLOWLIST)
|
|
220
|
+
* @returns The trusted number entry if allowlisted, null otherwise
|
|
221
|
+
*/
|
|
222
|
+
export function isAllowlistedPhoneNumber(
|
|
223
|
+
phoneNumber: string,
|
|
224
|
+
sourceUrl?: string,
|
|
225
|
+
config: PIIAllowlistConfig = DEFAULT_ALLOWLIST
|
|
226
|
+
): TrustedPhoneNumber | null {
|
|
227
|
+
const normalized = normalizePhoneNumber(phoneNumber);
|
|
228
|
+
const sourceDomain = sourceUrl ? extractDomain(sourceUrl) : '';
|
|
229
|
+
|
|
230
|
+
for (const trustedEntry of config.trustedPhoneNumbers) {
|
|
231
|
+
// Check if any variant of this trusted number matches
|
|
232
|
+
const matchesNumber = trustedEntry.numbers.some(variant => {
|
|
233
|
+
const normalizedVariant = normalizePhoneNumber(variant);
|
|
234
|
+
return normalized === normalizedVariant;
|
|
235
|
+
});
|
|
236
|
+
|
|
237
|
+
if (!matchesNumber) {
|
|
238
|
+
continue; // Number doesn't match, check next entry
|
|
239
|
+
}
|
|
240
|
+
|
|
241
|
+
// Number matches - now check domain restrictions
|
|
242
|
+
const hasDomainRestrictions = trustedEntry.trustedDomains && trustedEntry.trustedDomains.length > 0;
|
|
243
|
+
|
|
244
|
+
if (!hasDomainRestrictions) {
|
|
245
|
+
// No domain restrictions - trust globally
|
|
246
|
+
return trustedEntry;
|
|
247
|
+
}
|
|
248
|
+
|
|
249
|
+
// Has domain restrictions
|
|
250
|
+
if (config.strictDomainMode && !sourceUrl) {
|
|
251
|
+
// Strict mode requires domain match, but no URL provided
|
|
252
|
+
continue;
|
|
253
|
+
}
|
|
254
|
+
|
|
255
|
+
if (sourceUrl && trustedEntry.trustedDomains) {
|
|
256
|
+
// Check if source domain matches any trusted domain
|
|
257
|
+
const isDomainTrusted = trustedEntry.trustedDomains.some(trustedDomain => {
|
|
258
|
+
return sourceDomain.endsWith(trustedDomain);
|
|
259
|
+
});
|
|
260
|
+
|
|
261
|
+
if (isDomainTrusted) {
|
|
262
|
+
return trustedEntry;
|
|
263
|
+
}
|
|
264
|
+
}
|
|
265
|
+
|
|
266
|
+
// In non-strict mode, trust the number even if domain doesn't match
|
|
267
|
+
if (!config.strictDomainMode) {
|
|
268
|
+
return trustedEntry;
|
|
269
|
+
}
|
|
270
|
+
}
|
|
271
|
+
|
|
272
|
+
return null; // No match found
|
|
273
|
+
}
|
|
@@ -5,14 +5,23 @@
|
|
|
5
5
|
* to prevent leakage of sensitive data to the LLM.
|
|
6
6
|
*
|
|
7
7
|
* Redacts: emails, phone numbers, SSNs, credit cards, IP addresses
|
|
8
|
+
* Supports allowlisting of trusted institutional phone numbers (e.g., Poison Control)
|
|
8
9
|
*/
|
|
9
10
|
|
|
11
|
+
import {
|
|
12
|
+
isAllowlistedPhoneNumber,
|
|
13
|
+
type PIIAllowlistConfig,
|
|
14
|
+
DEFAULT_ALLOWLIST
|
|
15
|
+
} from './pii-allowlist.js';
|
|
16
|
+
|
|
10
17
|
export interface PIIRedactionResult {
|
|
11
18
|
content: string;
|
|
12
19
|
pii_types_redacted: string[];
|
|
20
|
+
pii_allowlisted: Array<{ type: string; value: string; reason: string }>;
|
|
13
21
|
content_modified: boolean;
|
|
14
22
|
metadata: {
|
|
15
23
|
redaction_counts: Record<string, number>;
|
|
24
|
+
allowlist_counts: Record<string, number>;
|
|
16
25
|
};
|
|
17
26
|
}
|
|
18
27
|
|
|
@@ -151,10 +160,20 @@ function luhnCheck(digits: string): boolean {
|
|
|
151
160
|
|
|
152
161
|
/**
|
|
153
162
|
* Redact PII from content
|
|
163
|
+
*
|
|
164
|
+
* @param content Content to redact PII from
|
|
165
|
+
* @param sourceUrl Optional source URL for domain-scoped allowlisting
|
|
166
|
+
* @param allowlistConfig Optional custom allowlist config
|
|
154
167
|
*/
|
|
155
|
-
export function redactPII(
|
|
168
|
+
export function redactPII(
|
|
169
|
+
content: string,
|
|
170
|
+
sourceUrl?: string,
|
|
171
|
+
allowlistConfig: PIIAllowlistConfig = DEFAULT_ALLOWLIST
|
|
172
|
+
): PIIRedactionResult {
|
|
156
173
|
const piiTypesRedacted = new Set<string>();
|
|
157
174
|
const redactionCounts: Record<string, number> = {};
|
|
175
|
+
const allowlistCounts: Record<string, number> = {};
|
|
176
|
+
const piiAllowlisted: Array<{ type: string; value: string; reason: string }> = [];
|
|
158
177
|
let sanitizedContent = content;
|
|
159
178
|
|
|
160
179
|
for (const pattern of PII_PATTERNS) {
|
|
@@ -168,6 +187,26 @@ export function redactPII(content: string): PIIRedactionResult {
|
|
|
168
187
|
continue;
|
|
169
188
|
}
|
|
170
189
|
|
|
190
|
+
// Check allowlist for phone numbers
|
|
191
|
+
if (pattern.type === 'PHONE') {
|
|
192
|
+
const allowlistedEntry = isAllowlistedPhoneNumber(
|
|
193
|
+
matchedText,
|
|
194
|
+
sourceUrl,
|
|
195
|
+
allowlistConfig
|
|
196
|
+
);
|
|
197
|
+
|
|
198
|
+
if (allowlistedEntry) {
|
|
199
|
+
// This is a trusted number - DO NOT redact
|
|
200
|
+
piiAllowlisted.push({
|
|
201
|
+
type: pattern.type,
|
|
202
|
+
value: matchedText,
|
|
203
|
+
reason: `Trusted ${allowlistedEntry.category}: ${allowlistedEntry.name}`
|
|
204
|
+
});
|
|
205
|
+
allowlistCounts[pattern.name] = (allowlistCounts[pattern.name] || 0) + 1;
|
|
206
|
+
continue; // Skip redaction
|
|
207
|
+
}
|
|
208
|
+
}
|
|
209
|
+
|
|
171
210
|
// Redact the PII
|
|
172
211
|
sanitizedContent = sanitizedContent.replace(
|
|
173
212
|
matchedText,
|
|
@@ -182,9 +221,11 @@ export function redactPII(content: string): PIIRedactionResult {
|
|
|
182
221
|
return {
|
|
183
222
|
content: sanitizedContent,
|
|
184
223
|
pii_types_redacted: Array.from(piiTypesRedacted),
|
|
224
|
+
pii_allowlisted: piiAllowlisted,
|
|
185
225
|
content_modified: sanitizedContent !== content,
|
|
186
226
|
metadata: {
|
|
187
|
-
redaction_counts: redactionCounts
|
|
227
|
+
redaction_counts: redactionCounts,
|
|
228
|
+
allowlist_counts: allowlistCounts
|
|
188
229
|
}
|
|
189
230
|
};
|
|
190
231
|
}
|
|
@@ -0,0 +1,132 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Severity Classification Engine
|
|
3
|
+
*
|
|
4
|
+
* Maps injection pattern categories to standardized severity levels.
|
|
5
|
+
* Used for threat reporting and compliance documentation.
|
|
6
|
+
*/
|
|
7
|
+
|
|
8
|
+
export type Severity = 'CRITICAL' | 'HIGH' | 'MEDIUM' | 'LOW';
|
|
9
|
+
export type OverallSeverity = Severity | 'CLEAN';
|
|
10
|
+
|
|
11
|
+
/**
|
|
12
|
+
* Pattern category to severity mapping
|
|
13
|
+
* Aligned with NIST AI 600-1 and OWASP LLM Top 10 risk levels
|
|
14
|
+
*/
|
|
15
|
+
const SEVERITY_MAP: Record<string, Severity> = {
|
|
16
|
+
// CRITICAL - Immediate threat, block-level
|
|
17
|
+
direct_instruction_injection: 'CRITICAL',
|
|
18
|
+
role_hijacking: 'CRITICAL',
|
|
19
|
+
system_prompt_extraction: 'CRITICAL',
|
|
20
|
+
privilege_escalation: 'CRITICAL',
|
|
21
|
+
data_exfiltration: 'CRITICAL',
|
|
22
|
+
code_execution_requests: 'CRITICAL',
|
|
23
|
+
memory_manipulation: 'CRITICAL',
|
|
24
|
+
jailbreak_keywords: 'CRITICAL',
|
|
25
|
+
ethical_override: 'CRITICAL',
|
|
26
|
+
credential_harvesting: 'CRITICAL',
|
|
27
|
+
html_script_injection: 'CRITICAL',
|
|
28
|
+
|
|
29
|
+
// HIGH - Significant threat
|
|
30
|
+
context_poisoning: 'HIGH',
|
|
31
|
+
base64_obfuscation: 'HIGH',
|
|
32
|
+
zero_width_characters: 'HIGH',
|
|
33
|
+
data_uri_injection: 'HIGH',
|
|
34
|
+
markdown_link_injection: 'HIGH',
|
|
35
|
+
instruction_delimiter_injection: 'HIGH',
|
|
36
|
+
token_smuggling: 'HIGH',
|
|
37
|
+
system_message_injection: 'HIGH',
|
|
38
|
+
file_system_access: 'HIGH',
|
|
39
|
+
training_data_extraction: 'HIGH',
|
|
40
|
+
nested_encoding: 'HIGH',
|
|
41
|
+
authority_impersonation: 'HIGH',
|
|
42
|
+
callback_url_injection: 'HIGH',
|
|
43
|
+
|
|
44
|
+
// MEDIUM - Moderate threat
|
|
45
|
+
comment_injection: 'MEDIUM',
|
|
46
|
+
unicode_lookalikes: 'MEDIUM',
|
|
47
|
+
url_fragment_hashjack: 'MEDIUM',
|
|
48
|
+
social_engineering_urgency: 'MEDIUM',
|
|
49
|
+
multi_language_obfuscation: 'MEDIUM',
|
|
50
|
+
reverse_text_obfuscation: 'MEDIUM',
|
|
51
|
+
conversation_reset: 'MEDIUM',
|
|
52
|
+
chain_of_thought_manipulation: 'MEDIUM',
|
|
53
|
+
hypothetical_scenario_injection: 'MEDIUM',
|
|
54
|
+
output_format_manipulation: 'MEDIUM',
|
|
55
|
+
simulator_mode: 'MEDIUM',
|
|
56
|
+
payload_splitting: 'MEDIUM',
|
|
57
|
+
css_hiding: 'MEDIUM',
|
|
58
|
+
testing_debugging_claims: 'MEDIUM',
|
|
59
|
+
|
|
60
|
+
// LOW - Low threat, flagged for awareness
|
|
61
|
+
leetspeak_obfuscation: 'LOW',
|
|
62
|
+
capability_probing: 'LOW',
|
|
63
|
+
negative_instruction: 'LOW',
|
|
64
|
+
time_based_triggers: 'LOW',
|
|
65
|
+
whitespace_steganography: 'LOW'
|
|
66
|
+
};
|
|
67
|
+
|
|
68
|
+
/**
|
|
69
|
+
* Classify severity for a single pattern category
|
|
70
|
+
*/
|
|
71
|
+
export function classifySeverity(patternCategory: string): Severity {
|
|
72
|
+
return SEVERITY_MAP[patternCategory] || 'LOW';
|
|
73
|
+
}
|
|
74
|
+
|
|
75
|
+
/**
|
|
76
|
+
* Interface for a threat finding
|
|
77
|
+
*/
|
|
78
|
+
export interface Finding {
|
|
79
|
+
pattern_category: string;
|
|
80
|
+
severity: Severity;
|
|
81
|
+
}
|
|
82
|
+
|
|
83
|
+
/**
|
|
84
|
+
* Aggregate severity across multiple findings
|
|
85
|
+
* Returns the highest severity level found, or CLEAN if no findings
|
|
86
|
+
*/
|
|
87
|
+
export function aggregateSeverity(findings: Finding[]): OverallSeverity {
|
|
88
|
+
if (findings.length === 0) {
|
|
89
|
+
return 'CLEAN';
|
|
90
|
+
}
|
|
91
|
+
|
|
92
|
+
const severities = findings.map(f => f.severity);
|
|
93
|
+
|
|
94
|
+
if (severities.includes('CRITICAL')) return 'CRITICAL';
|
|
95
|
+
if (severities.includes('HIGH')) return 'HIGH';
|
|
96
|
+
if (severities.includes('MEDIUM')) return 'MEDIUM';
|
|
97
|
+
if (severities.includes('LOW')) return 'LOW';
|
|
98
|
+
|
|
99
|
+
return 'CLEAN';
|
|
100
|
+
}
|
|
101
|
+
|
|
102
|
+
/**
|
|
103
|
+
* Count findings by severity level
|
|
104
|
+
*/
|
|
105
|
+
export function countBySeverity(findings: Finding[]): Record<Severity, number> {
|
|
106
|
+
const counts: Record<Severity, number> = {
|
|
107
|
+
CRITICAL: 0,
|
|
108
|
+
HIGH: 0,
|
|
109
|
+
MEDIUM: 0,
|
|
110
|
+
LOW: 0
|
|
111
|
+
};
|
|
112
|
+
|
|
113
|
+
for (const finding of findings) {
|
|
114
|
+
counts[finding.severity]++;
|
|
115
|
+
}
|
|
116
|
+
|
|
117
|
+
return counts;
|
|
118
|
+
}
|
|
119
|
+
|
|
120
|
+
/**
|
|
121
|
+
* Get emoji for severity level (for Markdown reports)
|
|
122
|
+
*/
|
|
123
|
+
export function getSeverityEmoji(severity: Severity | OverallSeverity): string {
|
|
124
|
+
switch (severity) {
|
|
125
|
+
case 'CRITICAL': return '🔴';
|
|
126
|
+
case 'HIGH': return '🟠';
|
|
127
|
+
case 'MEDIUM': return '🟡';
|
|
128
|
+
case 'LOW': return '🟢';
|
|
129
|
+
case 'CLEAN': return '✅';
|
|
130
|
+
default: return '⚪';
|
|
131
|
+
}
|
|
132
|
+
}
|