visus-mcp 0.6.0 → 0.6.2

package/dist/sanitizer/framework-mapper.js

@@ -5,6 +5,7 @@
  * - OWASP LLM Top 10 (2025)
  * - NIST AI 600-1 (Generative AI Profile)
  * - MITRE ATLAS (Adversarial Threat Landscape for AI Systems)
+ * - ISO/IEC 42001:2023 (AI Management System - Annex A Controls)
  */
 /**
  * Pattern category to framework mapping
@@ -14,259 +15,302 @@ const FRAMEWORK_MAP = {
     direct_instruction_injection: {
         owasp_llm: 'LLM01:2025 - Prompt Injection',
         nist_ai_600_1: 'MS-2.5 - Prompt Injection',
-        mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection'
+        mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection',
+        iso_42001: 'A.6.1.5 - AI System Security (Adversarial Input)'
     },
     // Role hijacking
     role_hijacking: {
         owasp_llm: 'LLM01:2025 - Prompt Injection',
         nist_ai_600_1: 'MS-2.5 - Prompt Injection',
-        mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection'
+        mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection',
+        iso_42001: 'A.6.1.5 - AI System Security (Adversarial Input)'
     },
     // System prompt extraction
     system_prompt_extraction: {
         owasp_llm: 'LLM02:2025 - Sensitive Information Disclosure',
         nist_ai_600_1: 'MS-2.6 - Data Disclosure',
-        mitre_atlas: 'AML.T0048 - External Harms'
+        mitre_atlas: 'AML.T0048 - External Harms',
+        iso_42001: 'A.6.1.5 - AI System Security (Adversarial Input)'
     },
     // Privilege escalation
     privilege_escalation: {
         owasp_llm: 'LLM08:2025 - Excessive Agency',
         nist_ai_600_1: 'GV-1.1 - Policies and Procedures',
-        mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection'
+        mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection',
+        iso_42001: 'A.6.1.5 - AI System Security (Adversarial Input)'
     },
     // Context poisoning
     context_poisoning: {
         owasp_llm: 'LLM01:2025 - Prompt Injection',
         nist_ai_600_1: 'MS-2.5 - Prompt Injection',
-        mitre_atlas: 'AML.T0051.001 - LLM Prompt Injection: Indirect'
+        mitre_atlas: 'AML.T0051.001 - LLM Prompt Injection: Indirect',
+        iso_42001: 'A.7.2 - Data Quality'
     },
     // Data exfiltration
     data_exfiltration: {
         owasp_llm: 'LLM02:2025 - Sensitive Information Disclosure',
         nist_ai_600_1: 'MS-2.6 - Data Disclosure',
-        mitre_atlas: 'AML.T0048 - External Harms'
+        mitre_atlas: 'AML.T0048 - External Harms',
+        iso_42001: 'A.7.5 - Data Provenance / A.8.2 - Information to Users'
     },
     // Encoding obfuscation
     base64_obfuscation: {
         owasp_llm: 'LLM01:2025 - Prompt Injection',
         nist_ai_600_1: 'MS-2.5 - Prompt Injection',
-        mitre_atlas: 'AML.T0051.001 - LLM Prompt Injection: Indirect'
+        mitre_atlas: 'AML.T0051.001 - LLM Prompt Injection: Indirect',
+        iso_42001: 'A.7.4 - Data Preparation'
     },
     // Unicode lookalikes
     unicode_lookalikes: {
         owasp_llm: 'LLM01:2025 - Prompt Injection',
         nist_ai_600_1: 'MS-2.5 - Prompt Injection',
-        mitre_atlas: 'AML.T0051.001 - LLM Prompt Injection: Indirect'
+        mitre_atlas: 'AML.T0051.001 - LLM Prompt Injection: Indirect',
+        iso_42001: 'A.7.4 - Data Preparation'
     },
     // Zero-width characters
     zero_width_characters: {
         owasp_llm: 'LLM01:2025 - Prompt Injection',
         nist_ai_600_1: 'MS-2.5 - Prompt Injection',
-        mitre_atlas: 'AML.T0051.001 - LLM Prompt Injection: Indirect'
+        mitre_atlas: 'AML.T0051.001 - LLM Prompt Injection: Indirect',
+        iso_42001: 'A.7.4 - Data Preparation'
     },
     // HTML script injection
     html_script_injection: {
         owasp_llm: 'LLM01:2025 - Prompt Injection',
         nist_ai_600_1: 'MS-2.5 - Prompt Injection',
-        mitre_atlas: 'AML.T0051.001 - LLM Prompt Injection: Indirect'
+        mitre_atlas: 'AML.T0051.001 - LLM Prompt Injection: Indirect',
+        iso_42001: 'A.6.1.5 - AI System Security (Adversarial Input)'
     },
     // Data URI injection
     data_uri_injection: {
         owasp_llm: 'LLM01:2025 - Prompt Injection',
         nist_ai_600_1: 'MS-2.5 - Prompt Injection',
-        mitre_atlas: 'AML.T0051.001 - LLM Prompt Injection: Indirect'
+        mitre_atlas: 'AML.T0051.001 - LLM Prompt Injection: Indirect',
+        iso_42001: 'A.6.1.5 - AI System Security (Adversarial Input)'
     },
     // Markdown link injection
     markdown_link_injection: {
         owasp_llm: 'LLM01:2025 - Prompt Injection',
         nist_ai_600_1: 'MS-2.5 - Prompt Injection',
-        mitre_atlas: 'AML.T0051.001 - LLM Prompt Injection: Indirect'
+        mitre_atlas: 'AML.T0051.001 - LLM Prompt Injection: Indirect',
+        iso_42001: 'A.6.1.5 - AI System Security (Adversarial Input)'
     },
     // URL fragment attacks
     url_fragment_hashjack: {
         owasp_llm: 'LLM01:2025 - Prompt Injection',
         nist_ai_600_1: 'MS-2.5 - Prompt Injection',
-        mitre_atlas: 'AML.T0051.001 - LLM Prompt Injection: Indirect'
+        mitre_atlas: 'AML.T0051.001 - LLM Prompt Injection: Indirect',
+        iso_42001: 'A.6.1.5 - AI System Security (Adversarial Input)'
     },
     // Social engineering
     social_engineering_urgency: {
         owasp_llm: 'LLM01:2025 - Prompt Injection',
         nist_ai_600_1: 'MS-2.5 - Prompt Injection',
-        mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection'
+        mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection',
+        iso_42001: 'A.5.3 - AI Awareness and Training'
     },
     // Instruction delimiter injection
     instruction_delimiter_injection: {
         owasp_llm: 'LLM01:2025 - Prompt Injection',
         nist_ai_600_1: 'MS-2.5 - Prompt Injection',
-        mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection'
+        mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection',
+        iso_42001: 'A.6.1.5 - AI System Security (Adversarial Input)'
     },
     // Multi-language obfuscation
     multi_language_obfuscation: {
         owasp_llm: 'LLM01:2025 - Prompt Injection',
         nist_ai_600_1: 'MS-2.5 - Prompt Injection',
-        mitre_atlas: 'AML.T0051.001 - LLM Prompt Injection: Indirect'
+        mitre_atlas: 'AML.T0051.001 - LLM Prompt Injection: Indirect',
+        iso_42001: 'A.7.4 - Data Preparation'
     },
     // Reverse text obfuscation
     reverse_text_obfuscation: {
         owasp_llm: 'LLM01:2025 - Prompt Injection',
         nist_ai_600_1: 'MS-2.5 - Prompt Injection',
-        mitre_atlas: 'AML.T0051.001 - LLM Prompt Injection: Indirect'
+        mitre_atlas: 'AML.T0051.001 - LLM Prompt Injection: Indirect',
+        iso_42001: 'A.7.4 - Data Preparation'
     },
     // Leetspeak obfuscation
     leetspeak_obfuscation: {
         owasp_llm: 'LLM01:2025 - Prompt Injection',
         nist_ai_600_1: 'MS-2.5 - Prompt Injection',
-        mitre_atlas: 'AML.T0051.001 - LLM Prompt Injection: Indirect'
+        mitre_atlas: 'AML.T0051.001 - LLM Prompt Injection: Indirect',
+        iso_42001: 'A.7.4 - Data Preparation'
     },
     // Jailbreak keywords
     jailbreak_keywords: {
         owasp_llm: 'LLM01:2025 - Prompt Injection',
         nist_ai_600_1: 'MS-2.5 - Prompt Injection',
-        mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection'
+        mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection',
+        iso_42001: 'A.6.1.5 - AI System Security (Adversarial Input)'
     },
     // Token smuggling
     token_smuggling: {
         owasp_llm: 'LLM01:2025 - Prompt Injection',
         nist_ai_600_1: 'MS-2.5 - Prompt Injection',
-        mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection'
+        mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection',
+        iso_42001: 'A.7.4 - Data Preparation'
     },
     // System message injection
     system_message_injection: {
         owasp_llm: 'LLM01:2025 - Prompt Injection',
         nist_ai_600_1: 'MS-2.5 - Prompt Injection',
-        mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection'
+        mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection',
+        iso_42001: 'A.6.1.5 - AI System Security (Adversarial Input)'
     },
     // Conversation reset
     conversation_reset: {
         owasp_llm: 'LLM01:2025 - Prompt Injection',
         nist_ai_600_1: 'MS-2.5 - Prompt Injection',
-        mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection'
+        mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection',
+        iso_42001: 'A.6.2.6 - Logging and Monitoring'
     },
     // Memory manipulation
     memory_manipulation: {
         owasp_llm: 'LLM01:2025 - Prompt Injection',
         nist_ai_600_1: 'MS-2.5 - Prompt Injection',
-        mitre_atlas: 'AML.T0051.001 - LLM Prompt Injection: Indirect'
+        mitre_atlas: 'AML.T0051.001 - LLM Prompt Injection: Indirect',
+        iso_42001: 'A.6.2.6 - Logging and Monitoring'
     },
     // Capability probing
     capability_probing: {
         owasp_llm: 'LLM08:2025 - Excessive Agency',
         nist_ai_600_1: 'GV-1.1 - Policies and Procedures',
-        mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection'
+        mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection',
+        iso_42001: 'A.6.1.2 - AI System Operational Procedures'
     },
     // Chain-of-thought manipulation
     chain_of_thought_manipulation: {
         owasp_llm: 'LLM01:2025 - Prompt Injection',
         nist_ai_600_1: 'MS-2.5 - Prompt Injection',
-        mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection'
+        mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection',
+        iso_42001: 'A.6.1.5 - AI System Security (Adversarial Input)'
     },
     // Hypothetical scenario injection
     hypothetical_scenario_injection: {
         owasp_llm: 'LLM01:2025 - Prompt Injection',
         nist_ai_600_1: 'MS-2.5 - Prompt Injection',
-        mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection'
+        mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection',
+        iso_42001: 'A.6.1.5 - AI System Security (Adversarial Input)'
     },
     // Ethical override
     ethical_override: {
         owasp_llm: 'LLM08:2025 - Excessive Agency',
         nist_ai_600_1: 'GV-1.1 - Policies and Procedures',
-        mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection'
+        mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection',
+        iso_42001: 'A.2.2 - Responsible AI Policies'
     },
     // Output format manipulation
     output_format_manipulation: {
         owasp_llm: 'LLM01:2025 - Prompt Injection',
         nist_ai_600_1: 'MS-2.5 - Prompt Injection',
-        mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection'
+        mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection',
+        iso_42001: 'A.6.1.2 - AI System Operational Procedures'
     },
     // Negative instruction
     negative_instruction: {
         owasp_llm: 'LLM01:2025 - Prompt Injection',
         nist_ai_600_1: 'MS-2.5 - Prompt Injection',
-        mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection'
+        mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection',
+        iso_42001: 'A.6.1.2 - AI System Operational Procedures'
     },
     // Credential harvesting
     credential_harvesting: {
         owasp_llm: 'LLM02:2025 - Sensitive Information Disclosure',
         nist_ai_600_1: 'MS-2.6 - Data Disclosure',
-        mitre_atlas: 'AML.T0048 - External Harms'
+        mitre_atlas: 'AML.T0048 - External Harms',
+        iso_42001: 'A.7.5 - Data Provenance / A.6.1.5 - AI System Security'
     },
     // Time-based triggers
     time_based_triggers: {
         owasp_llm: 'LLM01:2025 - Prompt Injection',
         nist_ai_600_1: 'MS-2.5 - Prompt Injection',
-        mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection'
+        mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection',
+        iso_42001: 'A.6.2.6 - Logging and Monitoring'
     },
     // Code execution requests
     code_execution_requests: {
         owasp_llm: 'LLM08:2025 - Excessive Agency',
         nist_ai_600_1: 'GV-1.1 - Policies and Procedures',
-        mitre_atlas: 'AML.T0048 - External Harms'
+        mitre_atlas: 'AML.T0048 - External Harms',
+        iso_42001: 'A.9.3 - Intended Use Boundaries'
     },
     // File system access
     file_system_access: {
         owasp_llm: 'LLM08:2025 - Excessive Agency',
         nist_ai_600_1: 'GV-1.1 - Policies and Procedures',
-        mitre_atlas: 'AML.T0048 - External Harms'
+        mitre_atlas: 'AML.T0048 - External Harms',
+        iso_42001: 'A.9.3 - Intended Use Boundaries'
     },
     // Training data extraction
     training_data_extraction: {
         owasp_llm: 'LLM02:2025 - Sensitive Information Disclosure',
         nist_ai_600_1: 'MS-2.6 - Data Disclosure',
-        mitre_atlas: 'AML.T0048 - External Harms'
+        mitre_atlas: 'AML.T0048 - External Harms',
+        iso_42001: 'A.7.5 - Data Provenance'
     },
     // Simulator mode
     simulator_mode: {
         owasp_llm: 'LLM01:2025 - Prompt Injection',
         nist_ai_600_1: 'MS-2.5 - Prompt Injection',
-        mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection'
+        mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection',
+        iso_42001: 'A.9.3 - Intended Use Boundaries'
     },
     // Nested encoding
     nested_encoding: {
         owasp_llm: 'LLM01:2025 - Prompt Injection',
         nist_ai_600_1: 'MS-2.5 - Prompt Injection',
-        mitre_atlas: 'AML.T0051.001 - LLM Prompt Injection: Indirect'
+        mitre_atlas: 'AML.T0051.001 - LLM Prompt Injection: Indirect',
+        iso_42001: 'A.7.4 - Data Preparation'
     },
     // Payload splitting
     payload_splitting: {
         owasp_llm: 'LLM01:2025 - Prompt Injection',
         nist_ai_600_1: 'MS-2.5 - Prompt Injection',
-        mitre_atlas: 'AML.T0051.001 - LLM Prompt Injection: Indirect'
+        mitre_atlas: 'AML.T0051.001 - LLM Prompt Injection: Indirect',
+        iso_42001: 'A.7.4 - Data Preparation'
     },
     // CSS-based hiding
     css_hiding: {
         owasp_llm: 'LLM01:2025 - Prompt Injection',
         nist_ai_600_1: 'MS-2.5 - Prompt Injection',
-        mitre_atlas: 'AML.T0051.001 - LLM Prompt Injection: Indirect'
+        mitre_atlas: 'AML.T0051.001 - LLM Prompt Injection: Indirect',
+        iso_42001: 'A.7.4 - Data Preparation'
     },
     // Authority impersonation
     authority_impersonation: {
         owasp_llm: 'LLM01:2025 - Prompt Injection',
         nist_ai_600_1: 'MS-2.5 - Prompt Injection',
-        mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection'
+        mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection',
+        iso_42001: 'A.2.2 - Responsible AI Policies'
     },
     // Testing/debugging claims
     testing_debugging_claims: {
         owasp_llm: 'LLM01:2025 - Prompt Injection',
         nist_ai_600_1: 'MS-2.5 - Prompt Injection',
-        mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection'
+        mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection',
+        iso_42001: 'A.6.1.2 - AI System Operational Procedures'
     },
     // Callback URL injection
     callback_url_injection: {
         owasp_llm: 'LLM02:2025 - Sensitive Information Disclosure',
         nist_ai_600_1: 'MS-2.6 - Data Disclosure',
-        mitre_atlas: 'AML.T0048 - External Harms'
+        mitre_atlas: 'AML.T0048 - External Harms',
+        iso_42001: 'A.6.1.5 - AI System Security (Adversarial Input)'
     },
     // Whitespace steganography
     whitespace_steganography: {
         owasp_llm: 'LLM01:2025 - Prompt Injection',
         nist_ai_600_1: 'MS-2.5 - Prompt Injection',
-        mitre_atlas: 'AML.T0051.001 - LLM Prompt Injection: Indirect'
+        mitre_atlas: 'AML.T0051.001 - LLM Prompt Injection: Indirect',
+        iso_42001: 'A.7.4 - Data Preparation'
     },
     // Comment injection
     comment_injection: {
         owasp_llm: 'LLM01:2025 - Prompt Injection',
         nist_ai_600_1: 'MS-2.5 - Prompt Injection',
-        mitre_atlas: 'AML.T0051.001 - LLM Prompt Injection: Indirect'
+        mitre_atlas: 'AML.T0051.001 - LLM Prompt Injection: Indirect',
+        iso_42001: 'A.7.4 - Data Preparation'
     }
 };
 /**
@@ -275,7 +319,8 @@ const FRAMEWORK_MAP = {
 const DEFAULT_MAPPINGS = {
     owasp_llm: 'LLM01:2025 - Prompt Injection',
     nist_ai_600_1: 'MS-2.5 - Prompt Injection',
-    mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection'
+    mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection',
+    iso_42001: 'A.6.1.5 - AI System Security'
 };
 /**
  * Get framework mappings for a pattern category
@@ -290,7 +335,8 @@ export function getSupportedFrameworks() {
     return [
         'OWASP LLM Top 10 (2025)',
         'NIST AI 600-1 (Generative AI Profile)',
-        'MITRE ATLAS (Adversarial Threat Landscape)'
+        'MITRE ATLAS (Adversarial Threat Landscape)',
+        'ISO/IEC 42001:2023 (AI Management System)'
     ];
 }
 //# sourceMappingURL=framework-mapper.js.map

package/dist/sanitizer/framework-mapper.js.map

@@ -1 +1 @@
-{"version":3,"file":"framework-mapper.js","sourceRoot":"","sources":["../../src/sanitizer/framework-mapper.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAQH;;GAEG;AACH,MAAM,aAAa,GAAsC;IACvD,+BAA+B;IAC/B,4BAA4B,EAAE;QAC5B,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,sCAAsC;KACpD;IAED,iBAAiB;IACjB,cAAc,EAAE;QACd,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,sCAAsC;KACpD;IAED,2BAA2B;IAC3B,wBAAwB,EAAE;QACxB,SAAS,EAAE,+CAA+C;QAC1D,aAAa,EAAE,0BAA0B;QACzC,WAAW,EAAE,4BAA4B;KAC1C;IAED,uBAAuB;IACvB,oBAAoB,EAAE;QACpB,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,kCAAkC;QACjD,WAAW,EAAE,sCAAsC;KACpD;IAED,oBAAoB;IACpB,iBAAiB,EAAE;QACjB,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,gDAAgD;KAC9D;IAED,oBAAoB;IACpB,iBAAiB,EAAE;QACjB,SAAS,EAAE,+CAA+C;QAC1D,aAAa,EAAE,0BAA0B;QACzC,WAAW,EAAE,4BAA4B;KAC1C;IAED,uBAAuB;IACvB,kBAAkB,EAAE;QAClB,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,gDAAgD;KAC9D;IAED,qBAAqB;IACrB,kBAAkB,EAAE;QAClB,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,gDAAgD;KAC9D;IAED,wBAAwB;IACxB,qBAAqB,EAAE;QACrB,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,gDAAgD;KAC9D;IAED,wBAAwB;IACxB,qBAAqB,EAAE;QACrB,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,gDAAgD;KAC9D;IAED,qBAAqB;IACrB,kBAAkB,EAAE;QAClB,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,gDAAgD;KAC9D;IAED,0BAA0B;IAC1B,uBAAuB,EAAE;QACvB,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,gDAAgD;KAC9D;IAED,uBAAuB;IACvB,qBAAqB,EAAE;QACrB,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,gDAAgD;KAC9D;IAED,qBAAqB;IACrB,0BAA0B,EAAE;QAC1B,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,sCAAsC;KACpD;IAED,kCAAkC;IAClC,+BAA+B,EAAE;QAC/B,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,sCAAsC;KACpD;IAED,6BAA6B;IAC7B,0BAA0B,EAAE;QAC1B,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,gDAAgD;KAC9D;IAED,2BAA2B;IAC3B,wBAAwB,EAAE;QACxB,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,gDAAgD;KAC9D;IAED,wBAAwB;IACxB,qBAAqB,EAAE;QACrB,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,gDAAgD;KAC9D;IAED,qBAAqB;IACrB,kBAAkB,EAAE;QAClB,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,sCAAsC;KACpD;IAED,kBAAkB;IAClB,eAAe,EAAE;QACf,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,sCAAsC;KACpD;IAED,2BAA2B;IAC3B,wBAAwB,EAAE;QACxB,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,sCAAsC;KACpD;IAED,qBAAqB;IACrB,kBAAkB,EAAE;QAClB,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,sCAAsC;KACpD;IAED,sBAAsB;IACtB,mBAAmB,EAAE;QACnB,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,gDAAgD;KAC9D;IAED,qBAAqB;IACrB,kBAAkB,EAAE;QAClB,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,kCAAkC;QACjD,WAAW,EAAE,sCAAsC;KACpD;IAED,gCAAgC;IAChC,6BAA6B,EAAE;QAC7B,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,sCAAsC;KACpD;IAED,kCAAkC;IAClC,+BAA+B,EAAE;QAC/B,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,sCAAsC;KACpD;IAED,mBAAmB;IACnB,gBAAgB,EAAE;QAChB,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,kCAAkC;QACjD,WAAW,EAAE,sCAAsC;KACpD;IAED,6BAA6B;IAC7B,0BAA0B,EAAE;QAC1B,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,sCAAsC;KACpD;IAED,uBAAuB;IACvB,oBAAoB,EAAE;QACpB,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,sCAAsC;KACpD;IAED,wBAAwB;IACxB,qBAAqB,EAAE;QACrB,SAAS,EAAE,+CAA+C;QAC1D,aAAa,EAAE,0BAA0B;QACzC,WAAW,EAAE,4BAA4B;KAC1C;IAED,sBAAsB;IACtB,mBAAmB,EAAE;QACnB,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,sCAAsC;KACpD;IAED,0BAA0B;IAC1B,uBAAuB,EAAE;QACvB,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,kCAAkC;QACjD,WAAW,EAAE,4BAA4B;KAC1C;IAED,qBAAqB;IACrB,kBAAkB,EAAE;QAClB,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,kCAAkC;QACjD,WAAW,EAAE,4BAA4B;KAC1C;IAED,2BAA2B;IAC3B,wBAAwB,EAAE;QACxB,SAAS,EAAE,+CAA+C;QAC1D,aAAa,EAAE,0BAA0B;QACzC,WAAW,EAAE,4BAA4B;KAC1C;IAED,iBAAiB;IACjB,cAAc,EAAE;QACd,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,sCAAsC;KACpD;IAED,kBAAkB;IAClB,eAAe,EAAE;QACf,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,gDAAgD;KAC9D;IAED,oBAAoB;IACpB,iBAAiB,EAAE;QACjB,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,gDAAgD;KAC9D;IAED,mBAAmB;IACnB,UAAU,EAAE;QACV,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,gDAAgD;KAC9D;IAED,0BAA0B;IAC1B,uBAAuB,EAAE;QACvB,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,sCAAsC;KACpD;IAED,2BAA2B;IAC3B,wBAAwB,EAAE;QACxB,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,sCAAsC;KACpD;IAED,yBAAyB;IACzB,sBAAsB,EAAE;QACtB,SAAS,EAAE,+CAA+C;QAC1D,aAAa,EAAE,0BAA0B;QACzC,WAAW,EAAE,4BAA4B;KAC1C;IAED,2BAA2B;IAC3B,wBAAwB,EAAE;QACxB,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,gDAAgD;KAC9D;IAED,oBAAoB;IACpB,iBAAiB,EAAE;QACjB,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,gDAAgD;KAC9D;CACF,CAAC;AAEF;;GAEG;AACH,MAAM,gBAAgB,GAAsB;IAC1C,SAAS,EAAE,+BAA+B;IAC1C,aAAa,EAAE,2BAA2B;IAC1C,WAAW,EAAE,sCAAsC;CACpD,CAAC;AAEF;;GAEG;AACH,MAAM,UAAU,oBAAoB,CAAC,eAAuB;IAC1D,OAAO,aAAa,CAAC,eAAe,CAAC,IAAI,gBAAgB,CAAC;AAC5D,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,sBAAsB;IACpC,OAAO;QACL,yBAAyB;QACzB,uCAAuC;QACvC,4CAA4C;KAC7C,CAAC;AACJ,CAAC"}
+{"version":3,"file":"framework-mapper.js","sourceRoot":"","sources":["../../src/sanitizer/framework-mapper.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AASH;;GAEG;AACH,MAAM,aAAa,GAAsC;IACvD,+BAA+B;IAC/B,4BAA4B,EAAE;QAC5B,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,sCAAsC;QACnD,SAAS,EAAE,kDAAkD;KAC9D;IAED,iBAAiB;IACjB,cAAc,EAAE;QACd,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,sCAAsC;QACnD,SAAS,EAAE,kDAAkD;KAC9D;IAED,2BAA2B;IAC3B,wBAAwB,EAAE;QACxB,SAAS,EAAE,+CAA+C;QAC1D,aAAa,EAAE,0BAA0B;QACzC,WAAW,EAAE,4BAA4B;QACzC,SAAS,EAAE,kDAAkD;KAC9D;IAED,uBAAuB;IACvB,oBAAoB,EAAE;QACpB,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,kCAAkC;QACjD,WAAW,EAAE,sCAAsC;QACnD,SAAS,EAAE,kDAAkD;KAC9D;IAED,oBAAoB;IACpB,iBAAiB,EAAE;QACjB,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,gDAAgD;QAC7D,SAAS,EAAE,sBAAsB;KAClC;IAED,oBAAoB;IACpB,iBAAiB,EAAE;QACjB,SAAS,EAAE,+CAA+C;QAC1D,aAAa,EAAE,0BAA0B;QACzC,WAAW,EAAE,4BAA4B;QACzC,SAAS,EAAE,wDAAwD;KACpE;IAED,uBAAuB;IACvB,kBAAkB,EAAE;QAClB,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,gDAAgD;QAC7D,SAAS,EAAE,0BAA0B;KACtC;IAED,qBAAqB;IACrB,kBAAkB,EAAE;QAClB,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,gDAAgD;QAC7D,SAAS,EAAE,0BAA0B;KACtC;IAED,wBAAwB;IACxB,qBAAqB,EAAE;QACrB,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,gDAAgD;QAC7D,SAAS,EAAE,0BAA0B;KACtC;IAED,wBAAwB;IACxB,qBAAqB,EAAE;QACrB,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,gDAAgD;QAC7D,SAAS,EAAE,kDAAkD;KAC9D;IAED,qBAAqB;IACrB,kBAAkB,EAAE;QAClB,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,gDAAgD;QAC7D,SAAS,EAAE,kDAAkD;KAC9D;IAED,0BAA0B;IAC1B,uBAAuB,EAAE;QACvB,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,gDAAgD;QAC7D,SAAS,EAAE,kDAAkD;KAC9D;IAED,uBAAuB;IACvB,qBAAqB,EAAE;QACrB,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,gDAAgD;QAC7D,SAAS,EAAE,kDAAkD;KAC9D;IAED,qBAAqB;IACrB,0BAA0B,EAAE;QAC1B,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,sCAAsC;QACnD,SAAS,EAAE,mCAAmC;KAC/C;IAED,kCAAkC;IAClC,+BAA+B,EAAE;QAC/B,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,sCAAsC;QACnD,SAAS,EAAE,kDAAkD;KAC9D;IAED,6BAA6B;IAC7B,0BAA0B,EAAE;QAC1B,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,gDAAgD;QAC7D,SAAS,EAAE,0BAA0B;KACtC;IAED,2BAA2B;IAC3B,wBAAwB,EAAE;QACxB,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,gDAAgD;QAC7D,SAAS,EAAE,0BAA0B;KACtC;IAED,wBAAwB;IACxB,qBAAqB,EAAE;QACrB,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,gDAAgD;QAC7D,SAAS,EAAE,0BAA0B;KACtC;IAED,qBAAqB;IACrB,kBAAkB,EAAE;QAClB,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,sCAAsC;QACnD,SAAS,EAAE,kDAAkD;KAC9D;IAED,kBAAkB;IAClB,eAAe,EAAE;QACf,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,sCAAsC;QACnD,SAAS,EAAE,0BAA0B;KACtC;IAED,2BAA2B;IAC3B,wBAAwB,EAAE;QACxB,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,sCAAsC;QACnD,SAAS,EAAE,kDAAkD;KAC9D;IAED,qBAAqB;IACrB,kBAAkB,EAAE;QAClB,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,sCAAsC;QACnD,SAAS,EAAE,kCAAkC;KAC9C;IAED,sBAAsB;IACtB,mBAAmB,EAAE;QACnB,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,gDAAgD;QAC7D,SAAS,EAAE,kCAAkC;KAC9C;IAED,qBAAqB;IACrB,kBAAkB,EAAE;QAClB,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,kCAAkC;QACjD,WAAW,EAAE,sCAAsC;QACnD,SAAS,EAAE,4CAA4C;KACxD;IAED,gCAAgC;IAChC,6BAA6B,EAAE;QAC7B,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,sCAAsC;QACnD,SAAS,EAAE,kDAAkD;KAC9D;IAED,kCAAkC;IAClC,+BAA+B,EAAE;QAC/B,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,sCAAsC;QACnD,SAAS,EAAE,kDAAkD;KAC9D;IAED,mBAAmB;IACnB,gBAAgB,EAAE;QAChB,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,kCAAkC;QACjD,WAAW,EAAE,sCAAsC;QACnD,SAAS,EAAE,iCAAiC;KAC7C;IAED,6BAA6B;IAC7B,0BAA0B,EAAE;QAC1B,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,sCAAsC;QACnD,SAAS,EAAE,4CAA4C;KACxD;IAED,uBAAuB;IACvB,oBAAoB,EAAE;QACpB,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,sCAAsC;QACnD,SAAS,EAAE,4CAA4C;KACxD;IAED,wBAAwB;IACxB,qBAAqB,EAAE;QACrB,SAAS,EAAE,+CAA+C;QAC1D,aAAa,EAAE,0BAA0B;QACzC,WAAW,EAAE,4BAA4B;QACzC,SAAS,EAAE,wDAAwD;KACpE;IAED,sBAAsB;IACtB,mBAAmB,EAAE;QACnB,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,sCAAsC;QACnD,SAAS,EAAE,kCAAkC;KAC9C;IAED,0BAA0B;IAC1B,uBAAuB,EAAE;QACvB,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,kCAAkC;QACjD,WAAW,EAAE,4BAA4B;QACzC,SAAS,EAAE,iCAAiC;KAC7C;IAED,qBAAqB;IACrB,kBAAkB,EAAE;QAClB,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,kCAAkC;QACjD,WAAW,EAAE,4BAA4B;QACzC,SAAS,EAAE,iCAAiC;KAC7C;IAED,2BAA2B;IAC3B,wBAAwB,EAAE;QACxB,SAAS,EAAE,+CAA+C;QAC1D,aAAa,EAAE,0BAA0B;QACzC,WAAW,EAAE,4BAA4B;QACzC,SAAS,EAAE,yBAAyB;KACrC;IAED,iBAAiB;IACjB,cAAc,EAAE;QACd,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,sCAAsC;QACnD,SAAS,EAAE,iCAAiC;KAC7C;IAED,kBAAkB;IAClB,eAAe,EAAE;QACf,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,gDAAgD;QAC7D,SAAS,EAAE,0BAA0B;KACtC;IAED,oBAAoB;IACpB,iBAAiB,EAAE;QACjB,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,gDAAgD;QAC7D,SAAS,EAAE,0BAA0B;KACtC;IAED,mBAAmB;IACnB,UAAU,EAAE;QACV,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,gDAAgD;QAC7D,SAAS,EAAE,0BAA0B;KACtC;IAED,0BAA0B;IAC1B,uBAAuB,EAAE;QACvB,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,sCAAsC;QACnD,SAAS,EAAE,iCAAiC;KAC7C;IAED,2BAA2B;IAC3B,wBAAwB,EAAE;QACxB,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,sCAAsC;QACnD,SAAS,EAAE,4CAA4C;KACxD;IAED,yBAAyB;IACzB,sBAAsB,EAAE;QACtB,SAAS,EAAE,+CAA+C;QAC1D,aAAa,EAAE,0BAA0B;QACzC,WAAW,EAAE,4BAA4B;QACzC,SAAS,EAAE,kDAAkD;KAC9D;IAED,2BAA2B;IAC3B,wBAAwB,EAAE;QACxB,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,gDAAgD;QAC7D,SAAS,EAAE,0BAA0B;KACtC;IAED,oBAAoB;IACpB,iBAAiB,EAAE;QACjB,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,gDAAgD;QAC7D,SAAS,EAAE,0BAA0B;KACtC;CACF,CAAC;AAEF;;GAEG;AACH,MAAM,gBAAgB,GAAsB;IAC1C,SAAS,EAAE,+BAA+B;IAC1C,aAAa,EAAE,2BAA2B;IAC1C,WAAW,EAAE,sCAAsC;IACnD,SAAS,EAAE,8BAA8B;CAC1C,CAAC;AAEF;;GAEG;AACH,MAAM,UAAU,oBAAoB,CAAC,eAAuB;IAC1D,OAAO,aAAa,CAAC,eAAe,CAAC,IAAI,gBAAgB,CAAC;AAC5D,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,sBAAsB;IACpC,OAAO;QACL,yBAAyB;QACzB,uCAAuC;QACvC,4CAA4C;QAC5C,2CAA2C;KAC5C,CAAC;AACJ,CAAC"}

package/dist/sanitizer/hitl-gate.d.ts

@@ -0,0 +1,69 @@
+/**
+ * HITL (Human-in-the-Loop) Gate
+ *
+ * Determines when to pause tool execution for user confirmation
+ * based on threat severity. Only CRITICAL threats trigger elicitation.
+ *
+ * Design:
+ * - HIGH/MEDIUM/LOW threats → silent sanitization (business as usual)
+ * - CRITICAL threats → pause execution, user confirmation required
+ *
+ * Security model: Sanitization is the security gate. HITL is UX.
+ * Content is ALWAYS sanitized before reaching the LLM, whether or not
+ * the user accepts the elicitation prompt.
+ */
+import type { ThreatReport } from './threat-reporter.js';
+/**
+ * Determines whether to trigger HITL elicitation
+ *
+ * Returns true ONLY when:
+ * - threatReport is not null
+ * - threatReport.overall_severity === 'CRITICAL'
+ * - threatReport.total_findings > 0
+ *
+ * @param threatReport The threat report from sanitization
+ * @returns true if elicitation should be triggered
+ */
+export declare function shouldElicit(threatReport: ThreatReport | null): boolean;
+/**
+ * Builds a user-facing elicitation message for CRITICAL threats
+ *
+ * Format:
+ * ⚠️ Visus blocked a CRITICAL threat on this page.
+ *
+ * {total_findings} injection attempt(s) detected on:
+ * {url}
+ *
+ * Highest severity finding: {top_category}
+ * ({top_owasp} | {top_mitre})
+ *
+ * Content has been sanitized. Proceed with clean version?
+ *
+ * @param threatReport The threat report with CRITICAL severity
+ * @param url The source URL
+ * @returns A clear, concise message under 300 characters
+ */
+export declare function buildElicitMessage(threatReport: ThreatReport, url: string): string;
+/**
+ * Elicitation schema for user confirmation
+ *
+ * CRITICAL: Must be flat primitive properties only (no nested objects, no arrays)
+ * per MCP elicitation specification.
+ */
+export declare const ElicitSchema: {
+    readonly type: "object";
+    readonly properties: {
+        readonly proceed: {
+            readonly type: "boolean";
+            readonly title: "Proceed with sanitized content";
+            readonly description: "Content has been cleaned. View sanitized version?";
+        };
+        readonly view_report: {
+            readonly type: "boolean";
+            readonly title: "Include threat report in response";
+            readonly description: "Attach the full NIST/OWASP/MITRE threat report?";
+        };
+    };
+    readonly required: readonly ["proceed"];
+};
+//# sourceMappingURL=hitl-gate.d.ts.map

package/dist/sanitizer/hitl-gate.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"hitl-gate.d.ts","sourceRoot":"","sources":["../../src/sanitizer/hitl-gate.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AAEzD;;;;;;;;;;GAUG;AACH,wBAAgB,YAAY,CAAC,YAAY,EAAE,YAAY,GAAG,IAAI,GAAG,OAAO,CASvE;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAgB,kBAAkB,CAAC,YAAY,EAAE,YAAY,EAAE,GAAG,EAAE,MAAM,GAAG,MAAM,CA8BlF;AAED;;;;;GAKG;AACH,eAAO,MAAM,YAAY;;;;;;;;;;;;;;;CAef,CAAC"}

package/dist/sanitizer/hitl-gate.js

@@ -0,0 +1,101 @@
+/**
+ * HITL (Human-in-the-Loop) Gate
+ *
+ * Determines when to pause tool execution for user confirmation
+ * based on threat severity. Only CRITICAL threats trigger elicitation.
+ *
+ * Design:
+ * - HIGH/MEDIUM/LOW threats → silent sanitization (business as usual)
+ * - CRITICAL threats → pause execution, user confirmation required
+ *
+ * Security model: Sanitization is the security gate. HITL is UX.
+ * Content is ALWAYS sanitized before reaching the LLM, whether or not
+ * the user accepts the elicitation prompt.
+ */
+/**
+ * Determines whether to trigger HITL elicitation
+ *
+ * Returns true ONLY when:
+ * - threatReport is not null
+ * - threatReport.overall_severity === 'CRITICAL'
+ * - threatReport.total_findings > 0
+ *
+ * @param threatReport The threat report from sanitization
+ * @returns true if elicitation should be triggered
+ */
+export function shouldElicit(threatReport) {
+    if (!threatReport) {
+        return false;
+    }
+    return (threatReport.overall_severity === 'CRITICAL' &&
+        threatReport.total_findings > 0);
+}
+/**
+ * Builds a user-facing elicitation message for CRITICAL threats
+ *
+ * Format:
+ * ⚠️ Visus blocked a CRITICAL threat on this page.
+ *
+ * {total_findings} injection attempt(s) detected on:
+ * {url}
+ *
+ * Highest severity finding: {top_category}
+ * ({top_owasp} | {top_mitre})
+ *
+ * Content has been sanitized. Proceed with clean version?
+ *
+ * @param threatReport The threat report with CRITICAL severity
+ * @param url The source URL
+ * @returns A clear, concise message under 300 characters
+ */
+export function buildElicitMessage(threatReport, url) {
+    // Find the highest-confidence CRITICAL finding
+    const findings = threatReport.findings_toon
+        .split('\n')
+        .slice(1) // Skip header
+        .filter(line => line.trim().length > 0);
+    let topCategory = 'unknown';
+    let topOwasp = 'N/A';
+    let topMitre = 'N/A';
+    if (findings.length > 0) {
+        // Parse first finding (highest confidence)
+        const parts = findings[0].split(',');
+        if (parts.length >= 8) {
+            topCategory = parts[2]; // category field
+            topOwasp = parts[5].split(' - ')[0]; // owasp_llm field (short form)
+            topMitre = parts[7].split(' - ')[0]; // mitre_atlas field (short form)
+        }
+    }
+    return `⚠️ Visus blocked a CRITICAL threat on this page.
+
+${threatReport.total_findings} injection attempt(s) detected on:
+${url}
+
+Highest severity finding: ${topCategory}
+(${topOwasp} | ${topMitre})
+
+Content has been sanitized. Proceed with clean version?`;
+}
+/**
+ * Elicitation schema for user confirmation
+ *
+ * CRITICAL: Must be flat primitive properties only (no nested objects, no arrays)
+ * per MCP elicitation specification.
+ */
+export const ElicitSchema = {
+    type: 'object',
+    properties: {
+        proceed: {
+            type: 'boolean',
+            title: 'Proceed with sanitized content',
+            description: 'Content has been cleaned. View sanitized version?'
+        },
+        view_report: {
+            type: 'boolean',
+            title: 'Include threat report in response',
+            description: 'Attach the full NIST/OWASP/MITRE threat report?'
+        }
+    },
+    required: ['proceed']
+};
+//# sourceMappingURL=hitl-gate.js.map

package/dist/sanitizer/hitl-gate.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"hitl-gate.js","sourceRoot":"","sources":["../../src/sanitizer/hitl-gate.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAIH;;;;;;;;;;GAUG;AACH,MAAM,UAAU,YAAY,CAAC,YAAiC;IAC5D,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,OAAO,KAAK,CAAC;IACf,CAAC;IAED,OAAO,CACL,YAAY,CAAC,gBAAgB,KAAK,UAAU;QAC5C,YAAY,CAAC,cAAc,GAAG,CAAC,CAChC,CAAC;AACJ,CAAC;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,MAAM,UAAU,kBAAkB,CAAC,YAA0B,EAAE,GAAW;IACxE,+CAA+C;IAC/C,MAAM,QAAQ,GAAG,YAAY,CAAC,aAAa;SACxC,KAAK,CAAC,IAAI,CAAC;SACX,KAAK,CAAC,CAAC,CAAC,CAAC,cAAc;SACvB,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAE1C,IAAI,WAAW,GAAG,SAAS,CAAC;IAC5B,IAAI,QAAQ,GAAG,KAAK,CAAC;IACrB,IAAI,QAAQ,GAAG,KAAK,CAAC;IAErB,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxB,2CAA2C;QAC3C,MAAM,KAAK,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACrC,IAAI,KAAK,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;YACtB,WAAW,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,iBAAiB;YACzC,QAAQ,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,+BAA+B;YACpE,QAAQ,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,iCAAiC;QACxE,CAAC;IACH,CAAC;IAED,OAAO;;EAEP,YAAY,CAAC,cAAc;EAC3B,GAAG;;4BAEuB,WAAW;GACpC,QAAQ,MAAM,QAAQ;;wDAE+B,CAAC;AACzD,CAAC;AAED;;;;;GAKG;AACH,MAAM,CAAC,MAAM,YAAY,GAAG;IAC1B,IAAI,EAAE,QAAQ;IACd,UAAU,EAAE;QACV,OAAO,EAAE;YACP,IAAI,EAAE,SAAS;YACf,KAAK,EAAE,gCAAgC;YACvC,WAAW,EAAE,mDAAmD;SACjE;QACD,WAAW,EAAE;YACX,IAAI,EAAE,SAAS;YACf,KAAK,EAAE,mCAAmC;YAC1C,WAAW,EAAE,iDAAiD;SAC/D;KACF;IACD,QAAQ,EAAE,CAAC,SAAS,CAAC;CACb,CAAC"}

package/dist/sanitizer/threat-reporter.d.ts

@@ -24,6 +24,7 @@ export interface ThreatFinding {
     owasp_llm: string;
     nist_ai_600_1: string;
     mitre_atlas: string;
+    iso_42001: string;
     remediation: string;
 }
 /**

package/dist/sanitizer/threat-reporter.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"threat-reporter.d.ts","sourceRoot":"","sources":["../../src/sanitizer/threat-reporter.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,EAKL,KAAK,QAAQ,EACb,KAAK,eAAe,EAErB,MAAM,0BAA0B,CAAC;AAGlC;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,EAAE,EAAE,MAAM,CAAC;IACX,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,QAAQ,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;IAClB,aAAa,EAAE,MAAM,CAAC;IACtB,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,gBAAgB,EAAE,eAAe,CAAC;IAClC,cAAc,EAAE,MAAM,CAAC;IACvB,WAAW,EAAE,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IACtC,YAAY,EAAE,MAAM,CAAC;IACrB,oBAAoB,EAAE,OAAO,CAAC;IAC9B,UAAU,EAAE,MAAM,EAAE,CAAC;IACrB,aAAa,EAAE,MAAM,CAAC;IACtB,eAAe,EAAE,MAAM,CAAC;CACzB;AAED;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,iBAAiB,EAAE,MAAM,EAAE,CAAC;IAC5B,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,sBAAsB,CAAC,EAAE;QACvB,QAAQ,EAAE,MAAM,CAAC;QACjB,IAAI,EAAE,MAAM,CAAC;QACb,MAAM,EAAE,MAAM,CAAC;QACf,GAAG,EAAE,MAAM,CAAC;KACb,CAAC;CACH;AAoID;;;;GAIG;AACH,wBAAgB,oBAAoB,CAAC,KAAK,EAAE,iBAAiB,GAAG,YAAY,GAAG,IAAI,CAqDlF"}
+{"version":3,"file":"threat-reporter.d.ts","sourceRoot":"","sources":["../../src/sanitizer/threat-reporter.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,EAKL,KAAK,QAAQ,EACb,KAAK,eAAe,EAErB,MAAM,0BAA0B,CAAC;AAGlC;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,EAAE,EAAE,MAAM,CAAC;IACX,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,QAAQ,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;IAClB,aAAa,EAAE,MAAM,CAAC;IACtB,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,gBAAgB,EAAE,eAAe,CAAC;IAClC,cAAc,EAAE,MAAM,CAAC;IACvB,WAAW,EAAE,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IACtC,YAAY,EAAE,MAAM,CAAC;IACrB,oBAAoB,EAAE,OAAO,CAAC;IAC9B,UAAU,EAAE,MAAM,EAAE,CAAC;IACrB,aAAa,EAAE,MAAM,CAAC;IACtB,eAAe,EAAE,MAAM,CAAC;CACzB;AAED;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,iBAAiB,EAAE,MAAM,EAAE,CAAC;IAC5B,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,sBAAsB,CAAC,EAAE;QACvB,QAAQ,EAAE,MAAM,CAAC;QACjB,IAAI,EAAE,MAAM,CAAC;QACb,MAAM,EAAE,MAAM,CAAC;QACf,GAAG,EAAE,MAAM,CAAC;KACb,CAAC;CACH;AAsID;;;;GAIG;AACH,wBAAgB,oBAAoB,CAAC,KAAK,EAAE,iBAAiB,GAAG,YAAY,GAAG,IAAI,CAsDlF"}

package/dist/sanitizer/threat-reporter.js

@@ -44,6 +44,7 @@ function buildFindings(patternsDetected) {
             owasp_llm: frameworks.owasp_llm,
             nist_ai_600_1: frameworks.nist_ai_600_1,
             mitre_atlas: frameworks.mitre_atlas,
+            iso_42001: frameworks.iso_42001,
             remediation: `Content sanitized. ${category.replace(/_/g, ' ')} removed.`
         };
     });
@@ -62,8 +63,8 @@ function generateToonFindings(findings) {
  * Fallback manual TOON format generation
  */
 function generateManualToonFormat(findings) {
-    const header = `findings[${findings.length}]{id,pattern_id,category,severity,confidence,owasp_llm,nist_ai_600_1,mitre_atlas,remediation}:`;
-    const rows = findings.map(f => `${f.id},${f.pattern_id},${f.category},${f.severity},${f.confidence},${f.owasp_llm},${f.nist_ai_600_1},${f.mitre_atlas},${f.remediation}`);
+    const header = `findings[${findings.length}]{id,pattern_id,category,severity,confidence,owasp_llm,nist_ai_600_1,mitre_atlas,iso_42001,remediation}:`;
+    const rows = findings.map(f => `${f.id},${f.pattern_id},${f.category},${f.severity},${f.confidence},${f.owasp_llm},${f.nist_ai_600_1},${f.mitre_atlas},${f.iso_42001},${f.remediation}`);
     return `${header}\n${rows.join('\n')}`;
 }
 /**
@@ -76,7 +77,7 @@ function generateMarkdownReport(findings, overallSeverity, bySeverity, piiRedact
     markdown += `**Generated:** ${timestamp}\n`;
     markdown += `**Source:** ${sourceUrl}\n`;
     markdown += `**Overall Severity:** ${overallSeverity}\n`;
-    markdown += `**Framework:** OWASP LLM Top 10 | NIST AI 600-1 | MITRE ATLAS\n\n`;
+    markdown += `**Framework:** OWASP LLM Top 10 | NIST AI 600-1 | MITRE ATLAS | ISO/IEC 42001\n\n`;
     // Findings Summary
     markdown += '### Findings Summary\n';
     markdown += '| Severity | Count |\n';
@@ -88,13 +89,14 @@ function generateMarkdownReport(findings, overallSeverity, bySeverity, piiRedact
     // Findings Detail (only if we have findings)
     if (findings.length > 0) {
         markdown += '### Findings Detail\n';
-        markdown += '| # | Category | Severity | Confidence | OWASP | MITRE |\n';
-        markdown += '|---|---|---|---|---|---|\n';
+        markdown += '| # | Category | Severity | Confidence | OWASP | MITRE | ISO 42001 |\n';
+        markdown += '|---|---|---|---|---|---|---|\n';
         for (const finding of findings.slice(0, 10)) { // Limit to first 10 for readability
             const confidencePct = Math.round(finding.confidence * 100);
             const owaspShort = finding.owasp_llm.split(' - ')[0]; // e.g., "LLM01:2025"
             const mitreShort = finding.mitre_atlas.split(' - ')[0]; // e.g., "AML.T0051.000"
-            markdown += `| ${finding.id} | ${finding.category} | ${finding.severity} | ${confidencePct}% | ${owaspShort} | ${mitreShort} |\n`;
+            const isoShort = finding.iso_42001.split(' - ')[0]; // e.g., "A.6.1.5"
+            markdown += `| ${finding.id} | ${finding.category} | ${finding.severity} | ${confidencePct}% | ${owaspShort} | ${mitreShort} | ${isoShort} |\n`;
         }
         if (findings.length > 10) {
             markdown += `\n*...and ${findings.length - 10} more findings*\n`;
@@ -151,7 +153,8 @@ export function generateThreatReport(input) {
         frameworks: [
             'OWASP LLM Top 10',
             'NIST AI 600-1',
-            'MITRE ATLAS'
+            'MITRE ATLAS',
+            'ISO/IEC 42001'
         ],
         findings_toon: toonFindings,
         report_markdown: markdownReport