visus-mcp 0.6.2 → 0.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (177) hide show
  1. package/.claude/settings.local.json +6 -1
  2. package/.env.status +7 -0
  3. package/CHANGELOG.md +65 -0
  4. package/CLAUDE.md +3 -0
  5. package/README.md +15 -7
  6. package/SECURITY.md +2 -0
  7. package/STATUS.md +203 -9
  8. package/dist/content-handlers/index.d.ts +36 -0
  9. package/dist/content-handlers/index.d.ts.map +1 -0
  10. package/dist/content-handlers/index.js +59 -0
  11. package/dist/content-handlers/index.js.map +1 -0
  12. package/dist/content-handlers/json-handler.d.ts +28 -0
  13. package/dist/content-handlers/json-handler.d.ts.map +1 -0
  14. package/dist/content-handlers/json-handler.js +116 -0
  15. package/dist/content-handlers/json-handler.js.map +1 -0
  16. package/dist/content-handlers/pdf-handler.d.ts +29 -0
  17. package/dist/content-handlers/pdf-handler.d.ts.map +1 -0
  18. package/dist/content-handlers/pdf-handler.js +77 -0
  19. package/dist/content-handlers/pdf-handler.js.map +1 -0
  20. package/dist/content-handlers/svg-handler.d.ts +35 -0
  21. package/dist/content-handlers/svg-handler.d.ts.map +1 -0
  22. package/dist/content-handlers/svg-handler.js +206 -0
  23. package/dist/content-handlers/svg-handler.js.map +1 -0
  24. package/dist/content-handlers/types.d.ts +42 -0
  25. package/dist/content-handlers/types.d.ts.map +1 -0
  26. package/dist/content-handlers/types.js +7 -0
  27. package/dist/content-handlers/types.js.map +1 -0
  28. package/dist/tools/fetch.d.ts.map +1 -1
  29. package/dist/tools/fetch.js +62 -4
  30. package/dist/tools/fetch.js.map +1 -1
  31. package/package.json +2 -1
  32. package/server.json +2 -2
  33. package/src/content-handlers/index.ts +72 -0
  34. package/src/content-handlers/json-handler.ts +137 -0
  35. package/src/content-handlers/pdf-handler.ts +91 -0
  36. package/src/content-handlers/svg-handler.ts +243 -0
  37. package/src/content-handlers/types.ts +44 -0
  38. package/src/tools/fetch.ts +69 -4
  39. package/.github/ISSUE_TEMPLATE/bug_report.md +0 -47
  40. package/.github/ISSUE_TEMPLATE/false_positive.md +0 -43
  41. package/.github/ISSUE_TEMPLATE/new_pattern.md +0 -49
  42. package/.github/ISSUE_TEMPLATE/security_report.md +0 -31
  43. package/.github/PULL_REQUEST_TEMPLATE.md +0 -39
  44. package/.mcpregistry_github_token +0 -1
  45. package/.mcpregistry_registry_token +0 -1
  46. package/CONTRIBUTING.md +0 -329
  47. package/LINKEDIN-STRATEGY.md +0 -367
  48. package/ROADMAP.md +0 -221
  49. package/SECURITY-AUDIT-v1.md +0 -277
  50. package/SUBMISSION.md +0 -66
  51. package/TROUBLESHOOT-AUTH-20260322-2019.md +0 -291
  52. package/TROUBLESHOOT-BUILD-20260319-1450.md +0 -546
  53. package/TROUBLESHOOT-COGNITO-AUTH-20260324-2029.md +0 -415
  54. package/TROUBLESHOOT-COGNITO-JWT-20260324.md +0 -592
  55. package/TROUBLESHOOT-FETCH-20260320-1150.md +0 -168
  56. package/TROUBLESHOOT-JEST-20260323-1357.md +0 -139
  57. package/TROUBLESHOOT-LAMBDA-20260322-1945.md +0 -183
  58. package/TROUBLESHOOT-PLAYWRIGHT-20260321-1549.md +0 -217
  59. package/TROUBLESHOOT-SSL-20260320-1138.md +0 -171
  60. package/TROUBLESHOOT-STRUCTURED-20260320-1200.md +0 -246
  61. package/TROUBLESHOOT-TEST-20260320-0942.md +0 -281
  62. package/VISUS-CLAUDE-CODE-PROMPT.md +0 -324
  63. package/VISUS-PROJECT-PLAN.md +0 -205
  64. package/cdk.json +0 -73
  65. package/infrastructure/app.ts +0 -39
  66. package/infrastructure/stack.ts +0 -298
  67. package/jest.config.js +0 -33
  68. package/jest.setup.js +0 -9
  69. package/lambda-deploy/index.js +0 -81512
  70. package/lambda-deploy/index.js.map +0 -7
  71. package/lambda-package/browser/__mocks__/playwright-renderer.d.ts +0 -25
  72. package/lambda-package/browser/__mocks__/playwright-renderer.d.ts.map +0 -1
  73. package/lambda-package/browser/__mocks__/playwright-renderer.js +0 -119
  74. package/lambda-package/browser/__mocks__/playwright-renderer.js.map +0 -1
  75. package/lambda-package/browser/playwright-renderer.d.ts +0 -40
  76. package/lambda-package/browser/playwright-renderer.d.ts.map +0 -1
  77. package/lambda-package/browser/playwright-renderer.js +0 -214
  78. package/lambda-package/browser/playwright-renderer.js.map +0 -1
  79. package/lambda-package/browser/reader.d.ts +0 -31
  80. package/lambda-package/browser/reader.d.ts.map +0 -1
  81. package/lambda-package/browser/reader.js +0 -98
  82. package/lambda-package/browser/reader.js.map +0 -1
  83. package/lambda-package/index.d.ts +0 -18
  84. package/lambda-package/index.d.ts.map +0 -1
  85. package/lambda-package/index.js +0 -238
  86. package/lambda-package/index.js.map +0 -1
  87. package/lambda-package/lambda-handler.d.ts +0 -28
  88. package/lambda-package/lambda-handler.d.ts.map +0 -1
  89. package/lambda-package/lambda-handler.js +0 -257
  90. package/lambda-package/lambda-handler.js.map +0 -1
  91. package/lambda-package/package-lock.json +0 -7435
  92. package/lambda-package/package.json +0 -74
  93. package/lambda-package/runtime.d.ts +0 -50
  94. package/lambda-package/runtime.d.ts.map +0 -1
  95. package/lambda-package/runtime.js +0 -86
  96. package/lambda-package/runtime.js.map +0 -1
  97. package/lambda-package/sanitizer/elicit-runner.d.ts +0 -48
  98. package/lambda-package/sanitizer/elicit-runner.d.ts.map +0 -1
  99. package/lambda-package/sanitizer/elicit-runner.js +0 -100
  100. package/lambda-package/sanitizer/elicit-runner.js.map +0 -1
  101. package/lambda-package/sanitizer/framework-mapper.d.ts +0 -24
  102. package/lambda-package/sanitizer/framework-mapper.d.ts.map +0 -1
  103. package/lambda-package/sanitizer/framework-mapper.js +0 -342
  104. package/lambda-package/sanitizer/framework-mapper.js.map +0 -1
  105. package/lambda-package/sanitizer/hitl-gate.d.ts +0 -69
  106. package/lambda-package/sanitizer/hitl-gate.d.ts.map +0 -1
  107. package/lambda-package/sanitizer/hitl-gate.js +0 -101
  108. package/lambda-package/sanitizer/hitl-gate.js.map +0 -1
  109. package/lambda-package/sanitizer/index.d.ts +0 -63
  110. package/lambda-package/sanitizer/index.d.ts.map +0 -1
  111. package/lambda-package/sanitizer/index.js +0 -105
  112. package/lambda-package/sanitizer/index.js.map +0 -1
  113. package/lambda-package/sanitizer/injection-detector.d.ts +0 -34
  114. package/lambda-package/sanitizer/injection-detector.d.ts.map +0 -1
  115. package/lambda-package/sanitizer/injection-detector.js +0 -89
  116. package/lambda-package/sanitizer/injection-detector.js.map +0 -1
  117. package/lambda-package/sanitizer/patterns.d.ts +0 -30
  118. package/lambda-package/sanitizer/patterns.d.ts.map +0 -1
  119. package/lambda-package/sanitizer/patterns.js +0 -372
  120. package/lambda-package/sanitizer/patterns.js.map +0 -1
  121. package/lambda-package/sanitizer/pii-allowlist.d.ts +0 -49
  122. package/lambda-package/sanitizer/pii-allowlist.d.ts.map +0 -1
  123. package/lambda-package/sanitizer/pii-allowlist.js +0 -231
  124. package/lambda-package/sanitizer/pii-allowlist.js.map +0 -1
  125. package/lambda-package/sanitizer/pii-redactor.d.ts +0 -41
  126. package/lambda-package/sanitizer/pii-redactor.d.ts.map +0 -1
  127. package/lambda-package/sanitizer/pii-redactor.js +0 -213
  128. package/lambda-package/sanitizer/pii-redactor.js.map +0 -1
  129. package/lambda-package/sanitizer/severity-classifier.d.ts +0 -33
  130. package/lambda-package/sanitizer/severity-classifier.d.ts.map +0 -1
  131. package/lambda-package/sanitizer/severity-classifier.js +0 -113
  132. package/lambda-package/sanitizer/severity-classifier.js.map +0 -1
  133. package/lambda-package/sanitizer/threat-reporter.d.ts +0 -66
  134. package/lambda-package/sanitizer/threat-reporter.d.ts.map +0 -1
  135. package/lambda-package/sanitizer/threat-reporter.js +0 -163
  136. package/lambda-package/sanitizer/threat-reporter.js.map +0 -1
  137. package/lambda-package/tools/fetch-structured.d.ts +0 -51
  138. package/lambda-package/tools/fetch-structured.d.ts.map +0 -1
  139. package/lambda-package/tools/fetch-structured.js +0 -237
  140. package/lambda-package/tools/fetch-structured.js.map +0 -1
  141. package/lambda-package/tools/fetch.d.ts +0 -49
  142. package/lambda-package/tools/fetch.d.ts.map +0 -1
  143. package/lambda-package/tools/fetch.js +0 -131
  144. package/lambda-package/tools/fetch.js.map +0 -1
  145. package/lambda-package/tools/read.d.ts +0 -51
  146. package/lambda-package/tools/read.d.ts.map +0 -1
  147. package/lambda-package/tools/read.js +0 -127
  148. package/lambda-package/tools/read.js.map +0 -1
  149. package/lambda-package/tools/search.d.ts +0 -45
  150. package/lambda-package/tools/search.d.ts.map +0 -1
  151. package/lambda-package/tools/search.js +0 -220
  152. package/lambda-package/tools/search.js.map +0 -1
  153. package/lambda-package/types.d.ts +0 -167
  154. package/lambda-package/types.d.ts.map +0 -1
  155. package/lambda-package/types.js +0 -16
  156. package/lambda-package/types.js.map +0 -1
  157. package/lambda-package/utils/format-converter.d.ts +0 -39
  158. package/lambda-package/utils/format-converter.d.ts.map +0 -1
  159. package/lambda-package/utils/format-converter.js +0 -191
  160. package/lambda-package/utils/format-converter.js.map +0 -1
  161. package/lambda-package/utils/truncate.d.ts +0 -26
  162. package/lambda-package/utils/truncate.d.ts.map +0 -1
  163. package/lambda-package/utils/truncate.js +0 -54
  164. package/lambda-package/utils/truncate.js.map +0 -1
  165. package/lambda.zip +0 -0
  166. package/test-output.txt +0 -4
  167. package/tests/auth-smoke.test.ts +0 -480
  168. package/tests/elicit-runner.test.ts +0 -232
  169. package/tests/fetch-tool.test.ts +0 -922
  170. package/tests/hitl-gate.test.ts +0 -267
  171. package/tests/injection-corpus.ts +0 -338
  172. package/tests/pii-allowlist.test.ts +0 -282
  173. package/tests/reader.test.ts +0 -353
  174. package/tests/sanitizer.test.ts +0 -358
  175. package/tests/search.test.ts +0 -456
  176. package/tests/threat-reporter.test.ts +0 -334
  177. package/tsconfig.cdk.json +0 -35
@@ -1,342 +0,0 @@
1
- /**
2
- * Compliance Framework Mapper
3
- *
4
- * Maps injection pattern categories to compliance framework identifiers:
5
- * - OWASP LLM Top 10 (2025)
6
- * - NIST AI 600-1 (Generative AI Profile)
7
- * - MITRE ATLAS (Adversarial Threat Landscape for AI Systems)
8
- * - ISO/IEC 42001:2023 (AI Management System - Annex A Controls)
9
- */
10
- /**
11
- * Pattern category to framework mapping
12
- */
13
- const FRAMEWORK_MAP = {
14
- // Direct instruction injection
15
- direct_instruction_injection: {
16
- owasp_llm: 'LLM01:2025 - Prompt Injection',
17
- nist_ai_600_1: 'MS-2.5 - Prompt Injection',
18
- mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection',
19
- iso_42001: 'A.6.1.5 - AI System Security (Adversarial Input)'
20
- },
21
- // Role hijacking
22
- role_hijacking: {
23
- owasp_llm: 'LLM01:2025 - Prompt Injection',
24
- nist_ai_600_1: 'MS-2.5 - Prompt Injection',
25
- mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection',
26
- iso_42001: 'A.6.1.5 - AI System Security (Adversarial Input)'
27
- },
28
- // System prompt extraction
29
- system_prompt_extraction: {
30
- owasp_llm: 'LLM02:2025 - Sensitive Information Disclosure',
31
- nist_ai_600_1: 'MS-2.6 - Data Disclosure',
32
- mitre_atlas: 'AML.T0048 - External Harms',
33
- iso_42001: 'A.6.1.5 - AI System Security (Adversarial Input)'
34
- },
35
- // Privilege escalation
36
- privilege_escalation: {
37
- owasp_llm: 'LLM08:2025 - Excessive Agency',
38
- nist_ai_600_1: 'GV-1.1 - Policies and Procedures',
39
- mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection',
40
- iso_42001: 'A.6.1.5 - AI System Security (Adversarial Input)'
41
- },
42
- // Context poisoning
43
- context_poisoning: {
44
- owasp_llm: 'LLM01:2025 - Prompt Injection',
45
- nist_ai_600_1: 'MS-2.5 - Prompt Injection',
46
- mitre_atlas: 'AML.T0051.001 - LLM Prompt Injection: Indirect',
47
- iso_42001: 'A.7.2 - Data Quality'
48
- },
49
- // Data exfiltration
50
- data_exfiltration: {
51
- owasp_llm: 'LLM02:2025 - Sensitive Information Disclosure',
52
- nist_ai_600_1: 'MS-2.6 - Data Disclosure',
53
- mitre_atlas: 'AML.T0048 - External Harms',
54
- iso_42001: 'A.7.5 - Data Provenance / A.8.2 - Information to Users'
55
- },
56
- // Encoding obfuscation
57
- base64_obfuscation: {
58
- owasp_llm: 'LLM01:2025 - Prompt Injection',
59
- nist_ai_600_1: 'MS-2.5 - Prompt Injection',
60
- mitre_atlas: 'AML.T0051.001 - LLM Prompt Injection: Indirect',
61
- iso_42001: 'A.7.4 - Data Preparation'
62
- },
63
- // Unicode lookalikes
64
- unicode_lookalikes: {
65
- owasp_llm: 'LLM01:2025 - Prompt Injection',
66
- nist_ai_600_1: 'MS-2.5 - Prompt Injection',
67
- mitre_atlas: 'AML.T0051.001 - LLM Prompt Injection: Indirect',
68
- iso_42001: 'A.7.4 - Data Preparation'
69
- },
70
- // Zero-width characters
71
- zero_width_characters: {
72
- owasp_llm: 'LLM01:2025 - Prompt Injection',
73
- nist_ai_600_1: 'MS-2.5 - Prompt Injection',
74
- mitre_atlas: 'AML.T0051.001 - LLM Prompt Injection: Indirect',
75
- iso_42001: 'A.7.4 - Data Preparation'
76
- },
77
- // HTML script injection
78
- html_script_injection: {
79
- owasp_llm: 'LLM01:2025 - Prompt Injection',
80
- nist_ai_600_1: 'MS-2.5 - Prompt Injection',
81
- mitre_atlas: 'AML.T0051.001 - LLM Prompt Injection: Indirect',
82
- iso_42001: 'A.6.1.5 - AI System Security (Adversarial Input)'
83
- },
84
- // Data URI injection
85
- data_uri_injection: {
86
- owasp_llm: 'LLM01:2025 - Prompt Injection',
87
- nist_ai_600_1: 'MS-2.5 - Prompt Injection',
88
- mitre_atlas: 'AML.T0051.001 - LLM Prompt Injection: Indirect',
89
- iso_42001: 'A.6.1.5 - AI System Security (Adversarial Input)'
90
- },
91
- // Markdown link injection
92
- markdown_link_injection: {
93
- owasp_llm: 'LLM01:2025 - Prompt Injection',
94
- nist_ai_600_1: 'MS-2.5 - Prompt Injection',
95
- mitre_atlas: 'AML.T0051.001 - LLM Prompt Injection: Indirect',
96
- iso_42001: 'A.6.1.5 - AI System Security (Adversarial Input)'
97
- },
98
- // URL fragment attacks
99
- url_fragment_hashjack: {
100
- owasp_llm: 'LLM01:2025 - Prompt Injection',
101
- nist_ai_600_1: 'MS-2.5 - Prompt Injection',
102
- mitre_atlas: 'AML.T0051.001 - LLM Prompt Injection: Indirect',
103
- iso_42001: 'A.6.1.5 - AI System Security (Adversarial Input)'
104
- },
105
- // Social engineering
106
- social_engineering_urgency: {
107
- owasp_llm: 'LLM01:2025 - Prompt Injection',
108
- nist_ai_600_1: 'MS-2.5 - Prompt Injection',
109
- mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection',
110
- iso_42001: 'A.5.3 - AI Awareness and Training'
111
- },
112
- // Instruction delimiter injection
113
- instruction_delimiter_injection: {
114
- owasp_llm: 'LLM01:2025 - Prompt Injection',
115
- nist_ai_600_1: 'MS-2.5 - Prompt Injection',
116
- mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection',
117
- iso_42001: 'A.6.1.5 - AI System Security (Adversarial Input)'
118
- },
119
- // Multi-language obfuscation
120
- multi_language_obfuscation: {
121
- owasp_llm: 'LLM01:2025 - Prompt Injection',
122
- nist_ai_600_1: 'MS-2.5 - Prompt Injection',
123
- mitre_atlas: 'AML.T0051.001 - LLM Prompt Injection: Indirect',
124
- iso_42001: 'A.7.4 - Data Preparation'
125
- },
126
- // Reverse text obfuscation
127
- reverse_text_obfuscation: {
128
- owasp_llm: 'LLM01:2025 - Prompt Injection',
129
- nist_ai_600_1: 'MS-2.5 - Prompt Injection',
130
- mitre_atlas: 'AML.T0051.001 - LLM Prompt Injection: Indirect',
131
- iso_42001: 'A.7.4 - Data Preparation'
132
- },
133
- // Leetspeak obfuscation
134
- leetspeak_obfuscation: {
135
- owasp_llm: 'LLM01:2025 - Prompt Injection',
136
- nist_ai_600_1: 'MS-2.5 - Prompt Injection',
137
- mitre_atlas: 'AML.T0051.001 - LLM Prompt Injection: Indirect',
138
- iso_42001: 'A.7.4 - Data Preparation'
139
- },
140
- // Jailbreak keywords
141
- jailbreak_keywords: {
142
- owasp_llm: 'LLM01:2025 - Prompt Injection',
143
- nist_ai_600_1: 'MS-2.5 - Prompt Injection',
144
- mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection',
145
- iso_42001: 'A.6.1.5 - AI System Security (Adversarial Input)'
146
- },
147
- // Token smuggling
148
- token_smuggling: {
149
- owasp_llm: 'LLM01:2025 - Prompt Injection',
150
- nist_ai_600_1: 'MS-2.5 - Prompt Injection',
151
- mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection',
152
- iso_42001: 'A.7.4 - Data Preparation'
153
- },
154
- // System message injection
155
- system_message_injection: {
156
- owasp_llm: 'LLM01:2025 - Prompt Injection',
157
- nist_ai_600_1: 'MS-2.5 - Prompt Injection',
158
- mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection',
159
- iso_42001: 'A.6.1.5 - AI System Security (Adversarial Input)'
160
- },
161
- // Conversation reset
162
- conversation_reset: {
163
- owasp_llm: 'LLM01:2025 - Prompt Injection',
164
- nist_ai_600_1: 'MS-2.5 - Prompt Injection',
165
- mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection',
166
- iso_42001: 'A.6.2.6 - Logging and Monitoring'
167
- },
168
- // Memory manipulation
169
- memory_manipulation: {
170
- owasp_llm: 'LLM01:2025 - Prompt Injection',
171
- nist_ai_600_1: 'MS-2.5 - Prompt Injection',
172
- mitre_atlas: 'AML.T0051.001 - LLM Prompt Injection: Indirect',
173
- iso_42001: 'A.6.2.6 - Logging and Monitoring'
174
- },
175
- // Capability probing
176
- capability_probing: {
177
- owasp_llm: 'LLM08:2025 - Excessive Agency',
178
- nist_ai_600_1: 'GV-1.1 - Policies and Procedures',
179
- mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection',
180
- iso_42001: 'A.6.1.2 - AI System Operational Procedures'
181
- },
182
- // Chain-of-thought manipulation
183
- chain_of_thought_manipulation: {
184
- owasp_llm: 'LLM01:2025 - Prompt Injection',
185
- nist_ai_600_1: 'MS-2.5 - Prompt Injection',
186
- mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection',
187
- iso_42001: 'A.6.1.5 - AI System Security (Adversarial Input)'
188
- },
189
- // Hypothetical scenario injection
190
- hypothetical_scenario_injection: {
191
- owasp_llm: 'LLM01:2025 - Prompt Injection',
192
- nist_ai_600_1: 'MS-2.5 - Prompt Injection',
193
- mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection',
194
- iso_42001: 'A.6.1.5 - AI System Security (Adversarial Input)'
195
- },
196
- // Ethical override
197
- ethical_override: {
198
- owasp_llm: 'LLM08:2025 - Excessive Agency',
199
- nist_ai_600_1: 'GV-1.1 - Policies and Procedures',
200
- mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection',
201
- iso_42001: 'A.2.2 - Responsible AI Policies'
202
- },
203
- // Output format manipulation
204
- output_format_manipulation: {
205
- owasp_llm: 'LLM01:2025 - Prompt Injection',
206
- nist_ai_600_1: 'MS-2.5 - Prompt Injection',
207
- mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection',
208
- iso_42001: 'A.6.1.2 - AI System Operational Procedures'
209
- },
210
- // Negative instruction
211
- negative_instruction: {
212
- owasp_llm: 'LLM01:2025 - Prompt Injection',
213
- nist_ai_600_1: 'MS-2.5 - Prompt Injection',
214
- mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection',
215
- iso_42001: 'A.6.1.2 - AI System Operational Procedures'
216
- },
217
- // Credential harvesting
218
- credential_harvesting: {
219
- owasp_llm: 'LLM02:2025 - Sensitive Information Disclosure',
220
- nist_ai_600_1: 'MS-2.6 - Data Disclosure',
221
- mitre_atlas: 'AML.T0048 - External Harms',
222
- iso_42001: 'A.7.5 - Data Provenance / A.6.1.5 - AI System Security'
223
- },
224
- // Time-based triggers
225
- time_based_triggers: {
226
- owasp_llm: 'LLM01:2025 - Prompt Injection',
227
- nist_ai_600_1: 'MS-2.5 - Prompt Injection',
228
- mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection',
229
- iso_42001: 'A.6.2.6 - Logging and Monitoring'
230
- },
231
- // Code execution requests
232
- code_execution_requests: {
233
- owasp_llm: 'LLM08:2025 - Excessive Agency',
234
- nist_ai_600_1: 'GV-1.1 - Policies and Procedures',
235
- mitre_atlas: 'AML.T0048 - External Harms',
236
- iso_42001: 'A.9.3 - Intended Use Boundaries'
237
- },
238
- // File system access
239
- file_system_access: {
240
- owasp_llm: 'LLM08:2025 - Excessive Agency',
241
- nist_ai_600_1: 'GV-1.1 - Policies and Procedures',
242
- mitre_atlas: 'AML.T0048 - External Harms',
243
- iso_42001: 'A.9.3 - Intended Use Boundaries'
244
- },
245
- // Training data extraction
246
- training_data_extraction: {
247
- owasp_llm: 'LLM02:2025 - Sensitive Information Disclosure',
248
- nist_ai_600_1: 'MS-2.6 - Data Disclosure',
249
- mitre_atlas: 'AML.T0048 - External Harms',
250
- iso_42001: 'A.7.5 - Data Provenance'
251
- },
252
- // Simulator mode
253
- simulator_mode: {
254
- owasp_llm: 'LLM01:2025 - Prompt Injection',
255
- nist_ai_600_1: 'MS-2.5 - Prompt Injection',
256
- mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection',
257
- iso_42001: 'A.9.3 - Intended Use Boundaries'
258
- },
259
- // Nested encoding
260
- nested_encoding: {
261
- owasp_llm: 'LLM01:2025 - Prompt Injection',
262
- nist_ai_600_1: 'MS-2.5 - Prompt Injection',
263
- mitre_atlas: 'AML.T0051.001 - LLM Prompt Injection: Indirect',
264
- iso_42001: 'A.7.4 - Data Preparation'
265
- },
266
- // Payload splitting
267
- payload_splitting: {
268
- owasp_llm: 'LLM01:2025 - Prompt Injection',
269
- nist_ai_600_1: 'MS-2.5 - Prompt Injection',
270
- mitre_atlas: 'AML.T0051.001 - LLM Prompt Injection: Indirect',
271
- iso_42001: 'A.7.4 - Data Preparation'
272
- },
273
- // CSS-based hiding
274
- css_hiding: {
275
- owasp_llm: 'LLM01:2025 - Prompt Injection',
276
- nist_ai_600_1: 'MS-2.5 - Prompt Injection',
277
- mitre_atlas: 'AML.T0051.001 - LLM Prompt Injection: Indirect',
278
- iso_42001: 'A.7.4 - Data Preparation'
279
- },
280
- // Authority impersonation
281
- authority_impersonation: {
282
- owasp_llm: 'LLM01:2025 - Prompt Injection',
283
- nist_ai_600_1: 'MS-2.5 - Prompt Injection',
284
- mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection',
285
- iso_42001: 'A.2.2 - Responsible AI Policies'
286
- },
287
- // Testing/debugging claims
288
- testing_debugging_claims: {
289
- owasp_llm: 'LLM01:2025 - Prompt Injection',
290
- nist_ai_600_1: 'MS-2.5 - Prompt Injection',
291
- mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection',
292
- iso_42001: 'A.6.1.2 - AI System Operational Procedures'
293
- },
294
- // Callback URL injection
295
- callback_url_injection: {
296
- owasp_llm: 'LLM02:2025 - Sensitive Information Disclosure',
297
- nist_ai_600_1: 'MS-2.6 - Data Disclosure',
298
- mitre_atlas: 'AML.T0048 - External Harms',
299
- iso_42001: 'A.6.1.5 - AI System Security (Adversarial Input)'
300
- },
301
- // Whitespace steganography
302
- whitespace_steganography: {
303
- owasp_llm: 'LLM01:2025 - Prompt Injection',
304
- nist_ai_600_1: 'MS-2.5 - Prompt Injection',
305
- mitre_atlas: 'AML.T0051.001 - LLM Prompt Injection: Indirect',
306
- iso_42001: 'A.7.4 - Data Preparation'
307
- },
308
- // Comment injection
309
- comment_injection: {
310
- owasp_llm: 'LLM01:2025 - Prompt Injection',
311
- nist_ai_600_1: 'MS-2.5 - Prompt Injection',
312
- mitre_atlas: 'AML.T0051.001 - LLM Prompt Injection: Indirect',
313
- iso_42001: 'A.7.4 - Data Preparation'
314
- }
315
- };
316
- /**
317
- * Default mapping for unknown pattern categories
318
- */
319
- const DEFAULT_MAPPINGS = {
320
- owasp_llm: 'LLM01:2025 - Prompt Injection',
321
- nist_ai_600_1: 'MS-2.5 - Prompt Injection',
322
- mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection',
323
- iso_42001: 'A.6.1.5 - AI System Security'
324
- };
325
- /**
326
- * Get framework mappings for a pattern category
327
- */
328
- export function getFrameworkMappings(patternCategory) {
329
- return FRAMEWORK_MAP[patternCategory] || DEFAULT_MAPPINGS;
330
- }
331
- /**
332
- * Get all supported frameworks
333
- */
334
- export function getSupportedFrameworks() {
335
- return [
336
- 'OWASP LLM Top 10 (2025)',
337
- 'NIST AI 600-1 (Generative AI Profile)',
338
- 'MITRE ATLAS (Adversarial Threat Landscape)',
339
- 'ISO/IEC 42001:2023 (AI Management System)'
340
- ];
341
- }
342
- //# sourceMappingURL=framework-mapper.js.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"framework-mapper.js","sourceRoot":"","sources":["../../src/sanitizer/framework-mapper.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AASH;;GAEG;AACH,MAAM,aAAa,GAAsC;IACvD,+BAA+B;IAC/B,4BAA4B,EAAE;QAC5B,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,sCAAsC;QACnD,SAAS,EAAE,kDAAkD;KAC9D;IAED,iBAAiB;IACjB,cAAc,EAAE;QACd,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,sCAAsC;QACnD,SAAS,EAAE,kDAAkD;KAC9D;IAED,2BAA2B;IAC3B,wBAAwB,EAAE;QACxB,SAAS,EAAE,+CAA+C;QAC1D,aAAa,EAAE,0BAA0B;QACzC,WAAW,EAAE,4BAA4B;QACzC,SAAS,EAAE,kDAAkD;KAC9D;IAED,uBAAuB;IACvB,oBAAoB,EAAE;QACpB,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,kCAAkC;QACjD,WAAW,EAAE,sCAAsC;QACnD,SAAS,EAAE,kDAAkD;KAC9D;IAED,oBAAoB;IACpB,iBAAiB,EAAE;QACjB,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,gDAAgD;QAC7D,SAAS,EAAE,sBAAsB;KAClC;IAED,oBAAoB;IACpB,iBAAiB,EAAE;QACjB,SAAS,EAAE,+CAA+C;QAC1D,aAAa,EAAE,0BAA0B;QACzC,WAAW,EAAE,4BAA4B;QACzC,SAAS,EAAE,wDAAwD;KACpE;IAED,uBAAuB;IACvB,kBAAkB,EAAE;QAClB,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,gDAAgD;QAC7D,SAAS,EAAE,0BAA0B;KACtC;IAED,qBAAqB;IACrB,kBAAkB,EAAE;QAClB,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,gDAAgD;QAC7D,SAAS,EAAE,0BAA0B;KACtC;IAED,wBAAwB;IACxB,qBAAqB,EAAE;QACrB,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,gDAAgD;QAC7D,SAAS,EAAE,0BAA0B;KACtC;IAED,wBAAwB;IACxB,qBAAqB,EAAE;QACrB,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,gDAAgD;QAC7D,SAAS,EAAE,kDAAkD;KAC9D;IAED,qBAAqB;IACrB,kBAAkB,EAAE;QAClB,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,gDAAgD;QAC7D,SAAS,EAAE,kDAAkD;KAC9D;IAED,0BAA0B;IAC1B,uBAAuB,EAAE;QACvB,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,gDAAgD;QAC7D,SAAS,EAAE,kDAAkD;KAC9D;IAED,uBAAuB;IACvB,qBAAqB,EAAE;QACrB,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,gDAAgD;QAC7D,SAAS,EAAE,kDAAkD;KAC9D;IAED,qBAAqB;IACrB,0BAA0B,EAAE;QAC1B,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,sCAAsC;QACnD,SAAS,EAAE,mCAAmC;KAC/C;IAED,kCAAkC;IAClC,+BAA+B,EAAE;QAC/B,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,sCAAsC;QACnD,SAAS,EAAE,kDAAkD;KAC9D;IAED,6BAA6B;IAC7B,0BAA0B,EAAE;QAC1B,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,gDAAgD;QAC7D,SAAS,EAAE,0BAA0B;KACtC;IAED,2BAA2B;IAC3B,wBAAwB,EAAE;QACxB,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,gDAAgD;QAC7D,SAAS,EAAE,0BAA0B;KACtC;IAED,wBAAwB;IACxB,qBAAqB,EAAE;QACrB,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,gDAAgD;QAC7D,SAAS,EAAE,0BAA0B;KACtC;IAED,qBAAqB;IACrB,kBAAkB,EAAE;QAClB,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,sCAAsC;QACnD,SAAS,EAAE,kDAAkD;KAC9D;IAED,kBAAkB;IAClB,eAAe,EAAE;QACf,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,sCAAsC;QACnD,SAAS,EAAE,0BAA0B;KACtC;IAED,2BAA2B;IAC3B,wBAAwB,EAAE;QACxB,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,sCAAsC;QACnD,SAAS,EAAE,kDAAkD;KAC9D;IAED,qBAAqB;IACrB,kBAAkB,EAAE;QAClB,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,sCAAsC;QACnD,SAAS,EAAE,kCAAkC;KAC9C;IAED,sBAAsB;IACtB,mBAAmB,EAAE;QACnB,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,gDAAgD;QAC7D,SAAS,EAAE,kCAAkC;KAC9C;IAED,qBAAqB;IACrB,kBAAkB,EAAE;QAClB,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,kCAAkC;QACjD,WAAW,EAAE,sCAAsC;QACnD,SAAS,EAAE,4CAA4C;KACxD;IAED,gCAAgC;IAChC,6BAA6B,EAAE;QAC7B,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,sCAAsC;QACnD,SAAS,EAAE,kDAAkD;KAC9D;IAED,kCAAkC;IAClC,+BAA+B,EAAE;QAC/B,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,sCAAsC;QACnD,SAAS,EAAE,kDAAkD;KAC9D;IAED,mBAAmB;IACnB,gBAAgB,EAAE;QAChB,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,kCAAkC;QACjD,WAAW,EAAE,sCAAsC;QACnD,SAAS,EAAE,iCAAiC;KAC7C;IAED,6BAA6B;IAC7B,0BAA0B,EAAE;QAC1B,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,sCAAsC;QACnD,SAAS,EAAE,4CAA4C;KACxD;IAED,uBAAuB;IACvB,oBAAoB,EAAE;QACpB,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,sCAAsC;QACnD,SAAS,EAAE,4CAA4C;KACxD;IAED,wBAAwB;IACxB,qBAAqB,EAAE;QACrB,SAAS,EAAE,+CAA+C;QAC1D,aAAa,EAAE,0BAA0B;QACzC,WAAW,EAAE,4BAA4B;QACzC,SAAS,EAAE,wDAAwD;KACpE;IAED,sBAAsB;IACtB,mBAAmB,EAAE;QACnB,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,sCAAsC;QACnD,SAAS,EAAE,kCAAkC;KAC9C;IAED,0BAA0B;IAC1B,uBAAuB,EAAE;QACvB,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,kCAAkC;QACjD,WAAW,EAAE,4BAA4B;QACzC,SAAS,EAAE,iCAAiC;KAC7C;IAED,qBAAqB;IACrB,kBAAkB,EAAE;QAClB,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,kCAAkC;QACjD,WAAW,EAAE,4BAA4B;QACzC,SAAS,EAAE,iCAAiC;KAC7C;IAED,2BAA2B;IAC3B,wBAAwB,EAAE;QACxB,SAAS,EAAE,+CAA+C;QAC1D,aAAa,EAAE,0BAA0B;QACzC,WAAW,EAAE,4BAA4B;QACzC,SAAS,EAAE,yBAAyB;KACrC;IAED,iBAAiB;IACjB,cAAc,EAAE;QACd,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,sCAAsC;QACnD,SAAS,EAAE,iCAAiC;KAC7C;IAED,kBAAkB;IAClB,eAAe,EAAE;QACf,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,gDAAgD;QAC7D,SAAS,EAAE,0BAA0B;KACtC;IAED,oBAAoB;IACpB,iBAAiB,EAAE;QACjB,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,gDAAgD;QAC7D,SAAS,EAAE,0BAA0B;KACtC;IAED,mBAAmB;IACnB,UAAU,EAAE;QACV,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,gDAAgD;QAC7D,SAAS,EAAE,0BAA0B;KACtC;IAED,0BAA0B;IAC1B,uBAAuB,EAAE;QACvB,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,sCAAsC;QACnD,SAAS,EAAE,iCAAiC;KAC7C;IAED,2BAA2B;IAC3B,wBAAwB,EAAE;QACxB,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,sCAAsC;QACnD,SAAS,EAAE,4CAA4C;KACxD;IAED,yBAAyB;IACzB,sBAAsB,EAAE;QACtB,SAAS,EAAE,+CAA+C;QAC1D,aAAa,EAAE,0BAA0B;QACzC,WAAW,EAAE,4BAA4B;QACzC,SAAS,EAAE,kDAAkD;KAC9D;IAED,2BAA2B;IAC3B,wBAAwB,EAAE;QACxB,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,gDAAgD;QAC7D,SAAS,EAAE,0BAA0B;KACtC;IAED,oBAAoB;IACpB,iBAAiB,EAAE;QACjB,SAAS,EAAE,+BAA+B;QAC1C,aAAa,EAAE,2BAA2B;QAC1C,WAAW,EAAE,gDAAgD;QAC7D,SAAS,EAAE,0BAA0B;KACtC;CACF,CAAC;AAEF;;GAEG;AACH,MAAM,gBAAgB,GAAsB;IAC1C,SAAS,EAAE,+BAA+B;IAC1C,aAAa,EAAE,2BAA2B;IAC1C,WAAW,EAAE,sCAAsC;IACnD,SAAS,EAAE,8BAA8B;CAC1C,CAAC;AAEF;;GAEG;AACH,MAAM,UAAU,oBAAoB,CAAC,eAAuB;IAC1D,OAAO,aAAa,CAAC,eAAe,CAAC,IAAI,gBAAgB,CAAC;AAC5D,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,sBAAsB;IACpC,OAAO;QACL,yBAAyB;QACzB,uCAAuC;QACvC,4CAA4C;QAC5C,2CAA2C;KAC5C,CAAC;AACJ,CAAC"}
@@ -1,69 +0,0 @@
1
- /**
2
- * HITL (Human-in-the-Loop) Gate
3
- *
4
- * Determines when to pause tool execution for user confirmation
5
- * based on threat severity. Only CRITICAL threats trigger elicitation.
6
- *
7
- * Design:
8
- * - HIGH/MEDIUM/LOW threats → silent sanitization (business as usual)
9
- * - CRITICAL threats → pause execution, user confirmation required
10
- *
11
- * Security model: Sanitization is the security gate. HITL is UX.
12
- * Content is ALWAYS sanitized before reaching the LLM, whether or not
13
- * the user accepts the elicitation prompt.
14
- */
15
- import type { ThreatReport } from './threat-reporter.js';
16
- /**
17
- * Determines whether to trigger HITL elicitation
18
- *
19
- * Returns true ONLY when:
20
- * - threatReport is not null
21
- * - threatReport.overall_severity === 'CRITICAL'
22
- * - threatReport.total_findings > 0
23
- *
24
- * @param threatReport The threat report from sanitization
25
- * @returns true if elicitation should be triggered
26
- */
27
- export declare function shouldElicit(threatReport: ThreatReport | null): boolean;
28
- /**
29
- * Builds a user-facing elicitation message for CRITICAL threats
30
- *
31
- * Format:
32
- * ⚠️ Visus blocked a CRITICAL threat on this page.
33
- *
34
- * {total_findings} injection attempt(s) detected on:
35
- * {url}
36
- *
37
- * Highest severity finding: {top_category}
38
- * ({top_owasp} | {top_mitre})
39
- *
40
- * Content has been sanitized. Proceed with clean version?
41
- *
42
- * @param threatReport The threat report with CRITICAL severity
43
- * @param url The source URL
44
- * @returns A clear, concise message under 300 characters
45
- */
46
- export declare function buildElicitMessage(threatReport: ThreatReport, url: string): string;
47
- /**
48
- * Elicitation schema for user confirmation
49
- *
50
- * CRITICAL: Must be flat primitive properties only (no nested objects, no arrays)
51
- * per MCP elicitation specification.
52
- */
53
- export declare const ElicitSchema: {
54
- readonly type: "object";
55
- readonly properties: {
56
- readonly proceed: {
57
- readonly type: "boolean";
58
- readonly title: "Proceed with sanitized content";
59
- readonly description: "Content has been cleaned. View sanitized version?";
60
- };
61
- readonly view_report: {
62
- readonly type: "boolean";
63
- readonly title: "Include threat report in response";
64
- readonly description: "Attach the full NIST/OWASP/MITRE threat report?";
65
- };
66
- };
67
- readonly required: readonly ["proceed"];
68
- };
69
- //# sourceMappingURL=hitl-gate.d.ts.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"hitl-gate.d.ts","sourceRoot":"","sources":["../../src/sanitizer/hitl-gate.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AAEzD;;;;;;;;;;GAUG;AACH,wBAAgB,YAAY,CAAC,YAAY,EAAE,YAAY,GAAG,IAAI,GAAG,OAAO,CASvE;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAgB,kBAAkB,CAAC,YAAY,EAAE,YAAY,EAAE,GAAG,EAAE,MAAM,GAAG,MAAM,CA8BlF;AAED;;;;;GAKG;AACH,eAAO,MAAM,YAAY;;;;;;;;;;;;;;;CAef,CAAC"}
@@ -1,101 +0,0 @@
1
- /**
2
- * HITL (Human-in-the-Loop) Gate
3
- *
4
- * Determines when to pause tool execution for user confirmation
5
- * based on threat severity. Only CRITICAL threats trigger elicitation.
6
- *
7
- * Design:
8
- * - HIGH/MEDIUM/LOW threats → silent sanitization (business as usual)
9
- * - CRITICAL threats → pause execution, user confirmation required
10
- *
11
- * Security model: Sanitization is the security gate. HITL is UX.
12
- * Content is ALWAYS sanitized before reaching the LLM, whether or not
13
- * the user accepts the elicitation prompt.
14
- */
15
- /**
16
- * Determines whether to trigger HITL elicitation
17
- *
18
- * Returns true ONLY when:
19
- * - threatReport is not null
20
- * - threatReport.overall_severity === 'CRITICAL'
21
- * - threatReport.total_findings > 0
22
- *
23
- * @param threatReport The threat report from sanitization
24
- * @returns true if elicitation should be triggered
25
- */
26
- export function shouldElicit(threatReport) {
27
- if (!threatReport) {
28
- return false;
29
- }
30
- return (threatReport.overall_severity === 'CRITICAL' &&
31
- threatReport.total_findings > 0);
32
- }
33
- /**
34
- * Builds a user-facing elicitation message for CRITICAL threats
35
- *
36
- * Format:
37
- * ⚠️ Visus blocked a CRITICAL threat on this page.
38
- *
39
- * {total_findings} injection attempt(s) detected on:
40
- * {url}
41
- *
42
- * Highest severity finding: {top_category}
43
- * ({top_owasp} | {top_mitre})
44
- *
45
- * Content has been sanitized. Proceed with clean version?
46
- *
47
- * @param threatReport The threat report with CRITICAL severity
48
- * @param url The source URL
49
- * @returns A clear, concise message under 300 characters
50
- */
51
- export function buildElicitMessage(threatReport, url) {
52
- // Find the highest-confidence CRITICAL finding
53
- const findings = threatReport.findings_toon
54
- .split('\n')
55
- .slice(1) // Skip header
56
- .filter(line => line.trim().length > 0);
57
- let topCategory = 'unknown';
58
- let topOwasp = 'N/A';
59
- let topMitre = 'N/A';
60
- if (findings.length > 0) {
61
- // Parse first finding (highest confidence)
62
- const parts = findings[0].split(',');
63
- if (parts.length >= 8) {
64
- topCategory = parts[2]; // category field
65
- topOwasp = parts[5].split(' - ')[0]; // owasp_llm field (short form)
66
- topMitre = parts[7].split(' - ')[0]; // mitre_atlas field (short form)
67
- }
68
- }
69
- return `⚠️ Visus blocked a CRITICAL threat on this page.
70
-
71
- ${threatReport.total_findings} injection attempt(s) detected on:
72
- ${url}
73
-
74
- Highest severity finding: ${topCategory}
75
- (${topOwasp} | ${topMitre})
76
-
77
- Content has been sanitized. Proceed with clean version?`;
78
- }
79
- /**
80
- * Elicitation schema for user confirmation
81
- *
82
- * CRITICAL: Must be flat primitive properties only (no nested objects, no arrays)
83
- * per MCP elicitation specification.
84
- */
85
- export const ElicitSchema = {
86
- type: 'object',
87
- properties: {
88
- proceed: {
89
- type: 'boolean',
90
- title: 'Proceed with sanitized content',
91
- description: 'Content has been cleaned. View sanitized version?'
92
- },
93
- view_report: {
94
- type: 'boolean',
95
- title: 'Include threat report in response',
96
- description: 'Attach the full NIST/OWASP/MITRE threat report?'
97
- }
98
- },
99
- required: ['proceed']
100
- };
101
- //# sourceMappingURL=hitl-gate.js.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"hitl-gate.js","sourceRoot":"","sources":["../../src/sanitizer/hitl-gate.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAIH;;;;;;;;;;GAUG;AACH,MAAM,UAAU,YAAY,CAAC,YAAiC;IAC5D,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,OAAO,KAAK,CAAC;IACf,CAAC;IAED,OAAO,CACL,YAAY,CAAC,gBAAgB,KAAK,UAAU;QAC5C,YAAY,CAAC,cAAc,GAAG,CAAC,CAChC,CAAC;AACJ,CAAC;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,MAAM,UAAU,kBAAkB,CAAC,YAA0B,EAAE,GAAW;IACxE,+CAA+C;IAC/C,MAAM,QAAQ,GAAG,YAAY,CAAC,aAAa;SACxC,KAAK,CAAC,IAAI,CAAC;SACX,KAAK,CAAC,CAAC,CAAC,CAAC,cAAc;SACvB,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAE1C,IAAI,WAAW,GAAG,SAAS,CAAC;IAC5B,IAAI,QAAQ,GAAG,KAAK,CAAC;IACrB,IAAI,QAAQ,GAAG,KAAK,CAAC;IAErB,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxB,2CAA2C;QAC3C,MAAM,KAAK,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACrC,IAAI,KAAK,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;YACtB,WAAW,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,iBAAiB;YACzC,QAAQ,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,+BAA+B;YACpE,QAAQ,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,iCAAiC;QACxE,CAAC;IACH,CAAC;IAED,OAAO;;EAEP,YAAY,CAAC,cAAc;EAC3B,GAAG;;4BAEuB,WAAW;GACpC,QAAQ,MAAM,QAAQ;;wDAE+B,CAAC;AACzD,CAAC;AAED;;;;;GAKG;AACH,MAAM,CAAC,MAAM,YAAY,GAAG;IAC1B,IAAI,EAAE,QAAQ;IACd,UAAU,EAAE;QACV,OAAO,EAAE;YACP,IAAI,EAAE,SAAS;YACf,KAAK,EAAE,gCAAgC;YACvC,WAAW,EAAE,mDAAmD;SACjE;QACD,WAAW,EAAE;YACX,IAAI,EAAE,SAAS;YACf,KAAK,EAAE,mCAAmC;YAC1C,WAAW,EAAE,iDAAiD;SAC/D;KACF;IACD,QAAQ,EAAE,CAAC,SAAS,CAAC;CACb,CAAC"}
@@ -1,63 +0,0 @@
1
- /**
2
- * Sanitizer Orchestrator
3
- *
4
- * Main entry point for content sanitization. Coordinates injection detection
5
- * and PII redaction pipelines.
6
- *
7
- * CRITICAL: This is the core security mechanism. Every web page MUST pass
8
- * through this sanitizer before reaching the LLM. This cannot be bypassed.
9
- */
10
- import { type ThreatReport } from './threat-reporter.js';
11
- export interface SanitizationResult {
12
- content: string;
13
- sanitization: {
14
- patterns_detected: string[];
15
- pii_types_redacted: string[];
16
- pii_allowlisted: Array<{
17
- type: string;
18
- value: string;
19
- reason: string;
20
- }>;
21
- content_modified: boolean;
22
- };
23
- metadata: {
24
- original_length: number;
25
- sanitized_length: number;
26
- severity_score: number;
27
- has_critical_threats: boolean;
28
- detections_by_severity: {
29
- critical: number;
30
- high: number;
31
- medium: number;
32
- low: number;
33
- };
34
- };
35
- threat_report?: ThreatReport;
36
- }
37
- /**
38
- * Sanitize content through the full pipeline
39
- *
40
- * Pipeline:
41
- * 1. Injection detection and neutralization (43 patterns)
42
- * 2. PII redaction (email, phone, SSN, CC, IP) with allowlisting
43
- * 3. Metadata collection and logging
44
- *
45
- * @param content Raw content from web page
46
- * @param sourceUrl Optional source URL for domain-scoped PII allowlisting
47
- * @returns Sanitized content with detection metadata
48
- */
49
- export declare function sanitize(content: string, sourceUrl?: string): SanitizationResult;
50
- /**
51
- * Quick check: does content need sanitization?
52
- * (Used for optimization - skip pipeline if content is clean)
53
- *
54
- * Note: Still run full pipeline for safety, but this can be used for metrics
55
- */
56
- export declare function needsSanitization(_content: string): boolean;
57
- /**
58
- * Export sub-components for testing
59
- */
60
- export { detectAndNeutralize } from './injection-detector.js';
61
- export { redactPII, containsPII, detectPIITypes } from './pii-redactor.js';
62
- export { INJECTION_PATTERNS, getAllPatternNames } from './patterns.js';
63
- //# sourceMappingURL=index.d.ts.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/sanitizer/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAIH,OAAO,EAAwB,KAAK,YAAY,EAAE,MAAM,sBAAsB,CAAC;AAE/E,MAAM,WAAW,kBAAkB;IACjC,OAAO,EAAE,MAAM,CAAC;IAChB,YAAY,EAAE;QACZ,iBAAiB,EAAE,MAAM,EAAE,CAAC;QAC5B,kBAAkB,EAAE,MAAM,EAAE,CAAC;QAC7B,eAAe,EAAE,KAAK,CAAC;YAAE,IAAI,EAAE,MAAM,CAAC;YAAC,KAAK,EAAE,MAAM,CAAC;YAAC,MAAM,EAAE,MAAM,CAAA;SAAE,CAAC,CAAC;QACxE,gBAAgB,EAAE,OAAO,CAAC;KAC3B,CAAC;IACF,QAAQ,EAAE;QACR,eAAe,EAAE,MAAM,CAAC;QACxB,gBAAgB,EAAE,MAAM,CAAC;QACzB,cAAc,EAAE,MAAM,CAAC;QACvB,oBAAoB,EAAE,OAAO,CAAC;QAC9B,sBAAsB,EAAE;YACtB,QAAQ,EAAE,MAAM,CAAC;YACjB,IAAI,EAAE,MAAM,CAAC;YACb,MAAM,EAAE,MAAM,CAAC;YACf,GAAG,EAAE,MAAM,CAAC;SACb,CAAC;KACH,CAAC;IACF,aAAa,CAAC,EAAE,YAAY,CAAC;CAC9B;AAED;;;;;;;;;;;GAWG;AACH,wBAAgB,QAAQ,CAAC,OAAO,EAAE,MAAM,EAAE,SAAS,CAAC,EAAE,MAAM,GAAG,kBAAkB,CAyDhF;AA0BD;;;;;GAKG;AACH,wBAAgB,iBAAiB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAG3D;AAED;;GAEG;AACH,OAAO,EAAE,mBAAmB,EAAE,MAAM,yBAAyB,CAAC;AAC9D,OAAO,EAAE,SAAS,EAAE,WAAW,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AAC3E,OAAO,EAAE,kBAAkB,EAAE,kBAAkB,EAAE,MAAM,eAAe,CAAC"}