visus-mcp 0.6.2 → 0.8.0

package/lambda-package/sanitizer/pii-allowlist.d.ts

@@ -1,49 +0,0 @@
-/**
- * PII Allowlist Configuration
- *
- * Defines trusted phone numbers that should NOT be redacted from web content.
- * Primarily for verified health authority and government emergency numbers.
- *
- * CRITICAL: Only add numbers that are:
- * 1. Publicly published institutional/government numbers
- * 2. Verified health/safety authorities
- * 3. Not personal contact information
- */
-export interface TrustedPhoneNumber {
-    /** Display name for logging */
-    name: string;
-    /** Normalized phone number variants (all formats this number might appear in) */
-    numbers: string[];
-    /** Optional: domains where this number is trusted (empty = trusted everywhere) */
-    trustedDomains?: string[];
-    /** Category for audit logging */
-    category: 'emergency' | 'health_authority' | 'government' | 'helpline';
-}
-export interface PIIAllowlistConfig {
-    /** When true, trusted numbers only preserved if source domain matches trustedDomains */
-    strictDomainMode: boolean;
-    /** List of verified trusted phone numbers */
-    trustedPhoneNumbers: TrustedPhoneNumber[];
-}
-/**
- * Normalize a phone number to digits-only format for comparison
- */
-export declare function normalizePhoneNumber(phone: string): string;
-/**
- * Extract domain from URL (returns hostname without www.)
- */
-export declare function extractDomain(url: string): string;
-/**
- * Built-in allowlist of verified health authority and emergency numbers
- */
-export declare const DEFAULT_ALLOWLIST: PIIAllowlistConfig;
-/**
- * Check if a phone number should be allowlisted (not redacted)
- *
- * @param phoneNumber The phone number to check (in any format)
- * @param sourceUrl Optional source URL for domain-scoped allowlisting
- * @param config Optional custom config (defaults to DEFAULT_ALLOWLIST)
- * @returns The trusted number entry if allowlisted, null otherwise
- */
-export declare function isAllowlistedPhoneNumber(phoneNumber: string, sourceUrl?: string, config?: PIIAllowlistConfig): TrustedPhoneNumber | null;
-//# sourceMappingURL=pii-allowlist.d.ts.map

package/lambda-package/sanitizer/pii-allowlist.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"pii-allowlist.d.ts","sourceRoot":"","sources":["../../src/sanitizer/pii-allowlist.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,MAAM,WAAW,kBAAkB;IACjC,+BAA+B;IAC/B,IAAI,EAAE,MAAM,CAAC;IACb,iFAAiF;IACjF,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,kFAAkF;IAClF,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;IAC1B,iCAAiC;IACjC,QAAQ,EAAE,WAAW,GAAG,kBAAkB,GAAG,YAAY,GAAG,UAAU,CAAC;CACxE;AAED,MAAM,WAAW,kBAAkB;IACjC,wFAAwF;IACxF,gBAAgB,EAAE,OAAO,CAAC;IAC1B,6CAA6C;IAC7C,mBAAmB,EAAE,kBAAkB,EAAE,CAAC;CAC3C;AAED;;GAEG;AACH,wBAAgB,oBAAoB,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAE1D;AAED;;GAEG;AACH,wBAAgB,aAAa,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAOjD;AAED;;GAEG;AACH,eAAO,MAAM,iBAAiB,EAAE,kBA+J/B,CAAC;AAEF;;;;;;;GAOG;AACH,wBAAgB,wBAAwB,CACtC,WAAW,EAAE,MAAM,EACnB,SAAS,CAAC,EAAE,MAAM,EAClB,MAAM,GAAE,kBAAsC,GAC7C,kBAAkB,GAAG,IAAI,CA+C3B"}

package/lambda-package/sanitizer/pii-allowlist.js

@@ -1,231 +0,0 @@
-/**
- * PII Allowlist Configuration
- *
- * Defines trusted phone numbers that should NOT be redacted from web content.
- * Primarily for verified health authority and government emergency numbers.
- *
- * CRITICAL: Only add numbers that are:
- * 1. Publicly published institutional/government numbers
- * 2. Verified health/safety authorities
- * 3. Not personal contact information
- */
-/**
- * Normalize a phone number to digits-only format for comparison
- */
-export function normalizePhoneNumber(phone) {
-    return phone.replace(/\D/g, '');
-}
-/**
- * Extract domain from URL (returns hostname without www.)
- */
-export function extractDomain(url) {
-    try {
-        const parsedUrl = new URL(url);
-        return parsedUrl.hostname.replace(/^www\./, '').toLowerCase();
-    }
-    catch {
-        return '';
-    }
-}
-/**
- * Built-in allowlist of verified health authority and emergency numbers
- */
-export const DEFAULT_ALLOWLIST = {
-    strictDomainMode: false, // Default: trust globally, not domain-scoped
-    trustedPhoneNumbers: [
-        // Emergency Services
-        {
-            name: 'Emergency Services (911)',
-            numbers: ['911'],
-            category: 'emergency'
-        },
-        // Poison Control
-        {
-            name: 'Poison Control Center',
-            numbers: [
-                '18002221222',
-                '8002221222',
-                '1-800-222-1222',
-                '800-222-1222'
-            ],
-            trustedDomains: [
-                'medlineplus.gov',
-                'cdc.gov',
-                'fda.gov',
-                'aapcc.org',
-                'poison.org',
-                'nih.gov',
-                'nlm.nih.gov'
-            ],
-            category: 'health_authority'
-        },
-        // FDA MedWatch (adverse event reporting)
-        {
-            name: 'FDA MedWatch',
-            numbers: [
-                '18003321088',
-                '8003321088',
-                '1-800-332-1088',
-                '800-332-1088'
-            ],
-            trustedDomains: [
-                'fda.gov',
-                'medlineplus.gov',
-                'cdc.gov',
-                'nih.gov'
-            ],
-            category: 'health_authority'
-        },
-        // CDC INFO
-        {
-            name: 'CDC INFO',
-            numbers: [
-                '18002324636',
-                '8002324636',
-                '1-800-232-4636',
-                '800-232-4636'
-            ],
-            trustedDomains: [
-                'cdc.gov',
-                'medlineplus.gov',
-                'nih.gov'
-            ],
-            category: 'health_authority'
-        },
-        // SAMHSA National Helpline (substance abuse/mental health)
-        {
-            name: 'SAMHSA National Helpline',
-            numbers: [
-                '18006624357',
-                '8006624357',
-                '1-800-662-4357',
-                '800-662-4357'
-            ],
-            trustedDomains: [
-                'samhsa.gov',
-                'medlineplus.gov',
-                'cdc.gov',
-                'nih.gov'
-            ],
-            category: 'helpline'
-        },
-        // National Suicide Prevention Lifeline
-        {
-            name: 'National Suicide Prevention Lifeline',
-            numbers: [
-                '18002738255',
-                '8002738255',
-                '1-800-273-8255',
-                '800-273-8255',
-                '988' // New 3-digit code
-            ],
-            trustedDomains: [
-                'suicidepreventionlifeline.org',
-                'samhsa.gov',
-                'medlineplus.gov',
-                'cdc.gov',
-                'nih.gov'
-            ],
-            category: 'helpline'
-        },
-        // National Domestic Violence Hotline
-        {
-            name: 'National Domestic Violence Hotline',
-            numbers: [
-                '18007997233',
-                '8007997233',
-                '1-800-799-7233',
-                '800-799-7233'
-            ],
-            trustedDomains: [
-                'thehotline.org',
-                'cdc.gov',
-                'medlineplus.gov',
-                'nih.gov'
-            ],
-            category: 'helpline'
-        },
-        // Medicare
-        {
-            name: 'Medicare',
-            numbers: [
-                '18006331795',
-                '8006331795',
-                '1-800-633-1795',
-                '800-633-1795'
-            ],
-            trustedDomains: [
-                'medicare.gov',
-                'cms.gov',
-                'medlineplus.gov',
-                'nih.gov'
-            ],
-            category: 'government'
-        },
-        // Veterans Crisis Line
-        {
-            name: 'Veterans Crisis Line',
-            numbers: [
-                '18002738255',
-                '8002738255',
-                '1-800-273-8255',
-                '800-273-8255'
-            ],
-            trustedDomains: [
-                'va.gov',
-                'veteranscrisisline.net',
-                'medlineplus.gov',
-                'nih.gov'
-            ],
-            category: 'helpline'
-        }
-    ]
-};
-/**
- * Check if a phone number should be allowlisted (not redacted)
- *
- * @param phoneNumber The phone number to check (in any format)
- * @param sourceUrl Optional source URL for domain-scoped allowlisting
- * @param config Optional custom config (defaults to DEFAULT_ALLOWLIST)
- * @returns The trusted number entry if allowlisted, null otherwise
- */
-export function isAllowlistedPhoneNumber(phoneNumber, sourceUrl, config = DEFAULT_ALLOWLIST) {
-    const normalized = normalizePhoneNumber(phoneNumber);
-    const sourceDomain = sourceUrl ? extractDomain(sourceUrl) : '';
-    for (const trustedEntry of config.trustedPhoneNumbers) {
-        // Check if any variant of this trusted number matches
-        const matchesNumber = trustedEntry.numbers.some(variant => {
-            const normalizedVariant = normalizePhoneNumber(variant);
-            return normalized === normalizedVariant;
-        });
-        if (!matchesNumber) {
-            continue; // Number doesn't match, check next entry
-        }
-        // Number matches - now check domain restrictions
-        const hasDomainRestrictions = trustedEntry.trustedDomains && trustedEntry.trustedDomains.length > 0;
-        if (!hasDomainRestrictions) {
-            // No domain restrictions - trust globally
-            return trustedEntry;
-        }
-        // Has domain restrictions
-        if (config.strictDomainMode && !sourceUrl) {
-            // Strict mode requires domain match, but no URL provided
-            continue;
-        }
-        if (sourceUrl && trustedEntry.trustedDomains) {
-            // Check if source domain matches any trusted domain
-            const isDomainTrusted = trustedEntry.trustedDomains.some(trustedDomain => {
-                return sourceDomain.endsWith(trustedDomain);
-            });
-            if (isDomainTrusted) {
-                return trustedEntry;
-            }
-        }
-        // In non-strict mode, trust the number even if domain doesn't match
-        if (!config.strictDomainMode) {
-            return trustedEntry;
-        }
-    }
-    return null; // No match found
-}
-//# sourceMappingURL=pii-allowlist.js.map

package/lambda-package/sanitizer/pii-allowlist.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"pii-allowlist.js","sourceRoot":"","sources":["../../src/sanitizer/pii-allowlist.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAoBH;;GAEG;AACH,MAAM,UAAU,oBAAoB,CAAC,KAAa;IAChD,OAAO,KAAK,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;AAClC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,aAAa,CAAC,GAAW;IACvC,IAAI,CAAC;QACH,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;QAC/B,OAAO,SAAS,CAAC,QAAQ,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;IAChE,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,iBAAiB,GAAuB;IACnD,gBAAgB,EAAE,KAAK,EAAE,6CAA6C;IAEtE,mBAAmB,EAAE;QACnB,qBAAqB;QACrB;YACE,IAAI,EAAE,0BAA0B;YAChC,OAAO,EAAE,CAAC,KAAK,CAAC;YAChB,QAAQ,EAAE,WAAW;SACtB;QAED,iBAAiB;QACjB;YACE,IAAI,EAAE,uBAAuB;YAC7B,OAAO,EAAE;gBACP,aAAa;gBACb,YAAY;gBACZ,gBAAgB;gBAChB,cAAc;aACf;YACD,cAAc,EAAE;gBACd,iBAAiB;gBACjB,SAAS;gBACT,SAAS;gBACT,WAAW;gBACX,YAAY;gBACZ,SAAS;gBACT,aAAa;aACd;YACD,QAAQ,EAAE,kBAAkB;SAC7B;QAED,yCAAyC;QACzC;YACE,IAAI,EAAE,cAAc;YACpB,OAAO,EAAE;gBACP,aAAa;gBACb,YAAY;gBACZ,gBAAgB;gBAChB,cAAc;aACf;YACD,cAAc,EAAE;gBACd,SAAS;gBACT,iBAAiB;gBACjB,SAAS;gBACT,SAAS;aACV;YACD,QAAQ,EAAE,kBAAkB;SAC7B;QAED,WAAW;QACX;YACE,IAAI,EAAE,UAAU;YAChB,OAAO,EAAE;gBACP,aAAa;gBACb,YAAY;gBACZ,gBAAgB;gBAChB,cAAc;aACf;YACD,cAAc,EAAE;gBACd,SAAS;gBACT,iBAAiB;gBACjB,SAAS;aACV;YACD,QAAQ,EAAE,kBAAkB;SAC7B;QAED,2DAA2D;QAC3D;YACE,IAAI,EAAE,0BAA0B;YAChC,OAAO,EAAE;gBACP,aAAa;gBACb,YAAY;gBACZ,gBAAgB;gBAChB,cAAc;aACf;YACD,cAAc,EAAE;gBACd,YAAY;gBACZ,iBAAiB;gBACjB,SAAS;gBACT,SAAS;aACV;YACD,QAAQ,EAAE,UAAU;SACrB;QAED,uCAAuC;QACvC;YACE,IAAI,EAAE,sCAAsC;YAC5C,OAAO,EAAE;gBACP,aAAa;gBACb,YAAY;gBACZ,gBAAgB;gBAChB,cAAc;gBACd,KAAK,CAAC,mBAAmB;aAC1B;YACD,cAAc,EAAE;gBACd,+BAA+B;gBAC/B,YAAY;gBACZ,iBAAiB;gBACjB,SAAS;gBACT,SAAS;aACV;YACD,QAAQ,EAAE,UAAU;SACrB;QAED,qCAAqC;QACrC;YACE,IAAI,EAAE,oCAAoC;YAC1C,OAAO,EAAE;gBACP,aAAa;gBACb,YAAY;gBACZ,gBAAgB;gBAChB,cAAc;aACf;YACD,cAAc,EAAE;gBACd,gBAAgB;gBAChB,SAAS;gBACT,iBAAiB;gBACjB,SAAS;aACV;YACD,QAAQ,EAAE,UAAU;SACrB;QAED,WAAW;QACX;YACE,IAAI,EAAE,UAAU;YAChB,OAAO,EAAE;gBACP,aAAa;gBACb,YAAY;gBACZ,gBAAgB;gBAChB,cAAc;aACf;YACD,cAAc,EAAE;gBACd,cAAc;gBACd,SAAS;gBACT,iBAAiB;gBACjB,SAAS;aACV;YACD,QAAQ,EAAE,YAAY;SACvB;QAED,uBAAuB;QACvB;YACE,IAAI,EAAE,sBAAsB;YAC5B,OAAO,EAAE;gBACP,aAAa;gBACb,YAAY;gBACZ,gBAAgB;gBAChB,cAAc;aACf;YACD,cAAc,EAAE;gBACd,QAAQ;gBACR,wBAAwB;gBACxB,iBAAiB;gBACjB,SAAS;aACV;YACD,QAAQ,EAAE,UAAU;SACrB;KACF;CACF,CAAC;AAEF;;;;;;;GAOG;AACH,MAAM,UAAU,wBAAwB,CACtC,WAAmB,EACnB,SAAkB,EAClB,SAA6B,iBAAiB;IAE9C,MAAM,UAAU,GAAG,oBAAoB,CAAC,WAAW,CAAC,CAAC;IACrD,MAAM,YAAY,GAAG,SAAS,CAAC,CAAC,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;IAE/D,KAAK,MAAM,YAAY,IAAI,MAAM,CAAC,mBAAmB,EAAE,CAAC;QACtD,sDAAsD;QACtD,MAAM,aAAa,GAAG,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE;YACxD,MAAM,iBAAiB,GAAG,oBAAoB,CAAC,OAAO,CAAC,CAAC;YACxD,OAAO,UAAU,KAAK,iBAAiB,CAAC;QAC1C,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC,aAAa,EAAE,CAAC;YACnB,SAAS,CAAC,yCAAyC;QACrD,CAAC;QAED,iDAAiD;QACjD,MAAM,qBAAqB,GAAG,YAAY,CAAC,cAAc,IAAI,YAAY,CAAC,cAAc,CAAC,MAAM,GAAG,CAAC,CAAC;QAEpG,IAAI,CAAC,qBAAqB,EAAE,CAAC;YAC3B,0CAA0C;YAC1C,OAAO,YAAY,CAAC;QACtB,CAAC;QAED,0BAA0B;QAC1B,IAAI,MAAM,CAAC,gBAAgB,IAAI,CAAC,SAAS,EAAE,CAAC;YAC1C,yDAAyD;YACzD,SAAS;QACX,CAAC;QAED,IAAI,SAAS,IAAI,YAAY,CAAC,cAAc,EAAE,CAAC;YAC7C,oDAAoD;YACpD,MAAM,eAAe,GAAG,YAAY,CAAC,cAAc,CAAC,IAAI,CAAC,aAAa,CAAC,EAAE;gBACvE,OAAO,YAAY,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;YAC9C,CAAC,CAAC,CAAC;YAEH,IAAI,eAAe,EAAE,CAAC;gBACpB,OAAO,YAAY,CAAC;YACtB,CAAC;QACH,CAAC;QAED,oEAAoE;QACpE,IAAI,CAAC,MAAM,CAAC,gBAAgB,EAAE,CAAC;YAC7B,OAAO,YAAY,CAAC;QACtB,CAAC;IACH,CAAC;IAED,OAAO,IAAI,CAAC,CAAC,iBAAiB;AAChC,CAAC"}

package/lambda-package/sanitizer/pii-redactor.d.ts

@@ -1,41 +0,0 @@
-/**
- * PII Redaction Engine
- *
- * Detects and redacts personally identifiable information (PII) from content
- * to prevent leakage of sensitive data to the LLM.
- *
- * Redacts: emails, phone numbers, SSNs, credit cards, IP addresses
- * Supports allowlisting of trusted institutional phone numbers (e.g., Poison Control)
- */
-import { type PIIAllowlistConfig } from './pii-allowlist.js';
-export interface PIIRedactionResult {
-    content: string;
-    pii_types_redacted: string[];
-    pii_allowlisted: Array<{
-        type: string;
-        value: string;
-        reason: string;
-    }>;
-    content_modified: boolean;
-    metadata: {
-        redaction_counts: Record<string, number>;
-        allowlist_counts: Record<string, number>;
-    };
-}
-/**
- * Redact PII from content
- *
- * @param content Content to redact PII from
- * @param sourceUrl Optional source URL for domain-scoped allowlisting
- * @param allowlistConfig Optional custom allowlist config
- */
-export declare function redactPII(content: string, sourceUrl?: string, allowlistConfig?: PIIAllowlistConfig): PIIRedactionResult;
-/**
- * Check if content contains any PII (without redacting)
- */
-export declare function containsPII(content: string): boolean;
-/**
- * Get list of PII types detected (without redacting)
- */
-export declare function detectPIITypes(content: string): string[];
-//# sourceMappingURL=pii-redactor.d.ts.map

package/lambda-package/sanitizer/pii-redactor.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"pii-redactor.d.ts","sourceRoot":"","sources":["../../src/sanitizer/pii-redactor.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAEL,KAAK,kBAAkB,EAExB,MAAM,oBAAoB,CAAC;AAE5B,MAAM,WAAW,kBAAkB;IACjC,OAAO,EAAE,MAAM,CAAC;IAChB,kBAAkB,EAAE,MAAM,EAAE,CAAC;IAC7B,eAAe,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IACxE,gBAAgB,EAAE,OAAO,CAAC;IAC1B,QAAQ,EAAE;QACR,gBAAgB,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACzC,gBAAgB,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;KAC1C,CAAC;CACH;AAuID;;;;;;GAMG;AACH,wBAAgB,SAAS,CACvB,OAAO,EAAE,MAAM,EACf,SAAS,CAAC,EAAE,MAAM,EAClB,eAAe,GAAE,kBAAsC,GACtD,kBAAkB,CA2DpB;AAED;;GAEG;AACH,wBAAgB,WAAW,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAYpD;AAED;;GAEG;AACH,wBAAgB,cAAc,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,EAAE,CAcxD"}

package/lambda-package/sanitizer/pii-redactor.js

@@ -1,213 +0,0 @@
-/**
- * PII Redaction Engine
- *
- * Detects and redacts personally identifiable information (PII) from content
- * to prevent leakage of sensitive data to the LLM.
- *
- * Redacts: emails, phone numbers, SSNs, credit cards, IP addresses
- * Supports allowlisting of trusted institutional phone numbers (e.g., Poison Control)
- */
-import { isAllowlistedPhoneNumber, DEFAULT_ALLOWLIST } from './pii-allowlist.js';
-/**
- * PII detection patterns with validators
- */
-const PII_PATTERNS = [
-    // Email addresses
-    {
-        type: 'EMAIL',
-        name: 'email',
-        regex: /\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Z|a-z]{2,}\b/g,
-        validator: (match) => {
-            // Basic email validation
-            return /^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(match);
-        }
-    },
-    // Phone numbers (US and international formats)
-    {
-        type: 'PHONE',
-        name: 'phone',
-        regex: /(\+\d{1,3}[\s-]?)?\(?\d{3}\)?[\s.-]?\d{3}[\s.-]?\d{4}\b/g,
-        validator: (match) => {
-            // Remove non-digits and check length
-            const digits = match.replace(/\D/g, '');
-            return digits.length >= 10 && digits.length <= 15;
-        }
-    },
-    // US Social Security Numbers
-    {
-        type: 'SSN',
-        name: 'ssn',
-        regex: /\b\d{3}[-\s]?\d{2}[-\s]?\d{4}\b/g,
-        validator: (match) => {
-            const digits = match.replace(/\D/g, '');
-            // Basic SSN format check (9 digits)
-            if (digits.length !== 9)
-                return false;
-            // Reject invalid SSN patterns
-            if (digits === '000000000')
-                return false;
-            if (digits.startsWith('000'))
-                return false;
-            if (digits.startsWith('666'))
-                return false;
-            if (digits.startsWith('9'))
-                return false;
-            return true;
-        }
-    },
-    // Credit card numbers (13-19 digits with optional separators)
-    // Matches: 4-4-4-4 (Visa/MC), 4-6-5 (AmEx), or continuous digits
-    {
-        type: 'CC',
-        name: 'credit_card',
-        regex: /\b(?:\d{4}[\s-]?\d{6}[\s-]?\d{5}|\d{4}[\s-]?\d{4}[\s-]?\d{4}[\s-]?\d{4,7}|\d{13,19})\b/g,
-        validator: (match) => {
-            const digits = match.replace(/\D/g, '');
-            if (digits.length < 13 || digits.length > 19)
-                return false;
-            return luhnCheck(digits);
-        }
-    },
-    // IPv4 addresses
-    {
-        type: 'IP',
-        name: 'ipv4',
-        regex: /\b(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b/g,
-        validator: (match) => {
-            // Exclude common non-PII patterns like version numbers
-            if (match.startsWith('0.0.0'))
-                return false;
-            if (match.startsWith('255.255.255'))
-                return false;
-            return true;
-        }
-    },
-    // IPv6 addresses (simplified pattern)
-    {
-        type: 'IP',
-        name: 'ipv6',
-        regex: /\b(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}\b/g,
-        validator: () => true
-    },
-    // US Passport numbers
-    {
-        type: 'PASSPORT',
-        name: 'passport',
-        regex: /\b[A-Z]{1,2}\d{6,9}\b/g,
-        validator: (match) => {
-            // Basic format: 1-2 letters + 6-9 digits
-            return /^[A-Z]{1,2}\d{6,9}$/.test(match);
-        }
-    },
-    // Driver's license patterns (varies by state, general pattern)
-    {
-        type: 'DL',
-        name: 'drivers_license',
-        regex: /\b[A-Z]{1,2}\d{5,8}\b/g,
-        validator: (match) => {
-            // Overlap with passport, but keep for completeness
-            return /^[A-Z]{1,2}\d{5,8}$/.test(match);
-        }
-    }
-];
-/**
- * Luhn algorithm for credit card validation
- */
-function luhnCheck(digits) {
-    let sum = 0;
-    let alternate = false;
-    for (let i = digits.length - 1; i >= 0; i--) {
-        let n = parseInt(digits.charAt(i), 10);
-        if (alternate) {
-            n *= 2;
-            if (n > 9) {
-                n = n - 9;
-            }
-        }
-        sum += n;
-        alternate = !alternate;
-    }
-    return sum % 10 === 0;
-}
-/**
- * Redact PII from content
- *
- * @param content Content to redact PII from
- * @param sourceUrl Optional source URL for domain-scoped allowlisting
- * @param allowlistConfig Optional custom allowlist config
- */
-export function redactPII(content, sourceUrl, allowlistConfig = DEFAULT_ALLOWLIST) {
-    const piiTypesRedacted = new Set();
-    const redactionCounts = {};
-    const allowlistCounts = {};
-    const piiAllowlisted = [];
-    let sanitizedContent = content;
-    for (const pattern of PII_PATTERNS) {
-        const matches = Array.from(sanitizedContent.matchAll(pattern.regex));
-        for (const match of matches) {
-            const matchedText = match[0];
-            // Apply validator if present
-            if (pattern.validator && !pattern.validator(matchedText)) {
-                continue;
-            }
-            // Check allowlist for phone numbers
-            if (pattern.type === 'PHONE') {
-                const allowlistedEntry = isAllowlistedPhoneNumber(matchedText, sourceUrl, allowlistConfig);
-                if (allowlistedEntry) {
-                    // This is a trusted number - DO NOT redact
-                    piiAllowlisted.push({
-                        type: pattern.type,
-                        value: matchedText,
-                        reason: `Trusted ${allowlistedEntry.category}: ${allowlistedEntry.name}`
-                    });
-                    allowlistCounts[pattern.name] = (allowlistCounts[pattern.name] || 0) + 1;
-                    continue; // Skip redaction
-                }
-            }
-            // Redact the PII
-            sanitizedContent = sanitizedContent.replace(matchedText, `[REDACTED:${pattern.type}]`);
-            piiTypesRedacted.add(pattern.name);
-            redactionCounts[pattern.name] = (redactionCounts[pattern.name] || 0) + 1;
-        }
-    }
-    return {
-        content: sanitizedContent,
-        pii_types_redacted: Array.from(piiTypesRedacted),
-        pii_allowlisted: piiAllowlisted,
-        content_modified: sanitizedContent !== content,
-        metadata: {
-            redaction_counts: redactionCounts,
-            allowlist_counts: allowlistCounts
-        }
-    };
-}
-/**
- * Check if content contains any PII (without redacting)
- */
-export function containsPII(content) {
-    for (const pattern of PII_PATTERNS) {
-        const matches = Array.from(content.matchAll(pattern.regex));
-        for (const match of matches) {
-            if (!pattern.validator || pattern.validator(match[0])) {
-                return true;
-            }
-        }
-    }
-    return false;
-}
-/**
- * Get list of PII types detected (without redacting)
- */
-export function detectPIITypes(content) {
-    const detected = new Set();
-    for (const pattern of PII_PATTERNS) {
-        const matches = Array.from(content.matchAll(pattern.regex));
-        for (const match of matches) {
-            if (!pattern.validator || pattern.validator(match[0])) {
-                detected.add(pattern.name);
-            }
-        }
-    }
-    return Array.from(detected);
-}
-//# sourceMappingURL=pii-redactor.js.map

package/lambda-package/sanitizer/pii-redactor.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"pii-redactor.js","sourceRoot":"","sources":["../../src/sanitizer/pii-redactor.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EACL,wBAAwB,EAExB,iBAAiB,EAClB,MAAM,oBAAoB,CAAC;AAoB5B;;GAEG;AACH,MAAM,YAAY,GAAiB;IACjC,kBAAkB;IAClB;QACE,IAAI,EAAE,OAAO;QACb,IAAI,EAAE,OAAO;QACb,KAAK,EAAE,sDAAsD;QAC7D,SAAS,EAAE,CAAC,KAAa,EAAE,EAAE;YAC3B,yBAAyB;YACzB,OAAO,4BAA4B,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAClD,CAAC;KACF;IAED,+CAA+C;IAC/C;QACE,IAAI,EAAE,OAAO;QACb,IAAI,EAAE,OAAO;QACb,KAAK,EAAE,0DAA0D;QACjE,SAAS,EAAE,CAAC,KAAa,EAAE,EAAE;YAC3B,qCAAqC;YACrC,MAAM,MAAM,GAAG,KAAK,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;YACxC,OAAO,MAAM,CAAC,MAAM,IAAI,EAAE,IAAI,MAAM,CAAC,MAAM,IAAI,EAAE,CAAC;QACpD,CAAC;KACF;IAED,6BAA6B;IAC7B;QACE,IAAI,EAAE,KAAK;QACX,IAAI,EAAE,KAAK;QACX,KAAK,EAAE,kCAAkC;QACzC,SAAS,EAAE,CAAC,KAAa,EAAE,EAAE;YAC3B,MAAM,MAAM,GAAG,KAAK,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;YACxC,oCAAoC;YACpC,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC;gBAAE,OAAO,KAAK,CAAC;YACtC,8BAA8B;YAC9B,IAAI,MAAM,KAAK,WAAW;gBAAE,OAAO,KAAK,CAAC;YACzC,IAAI,MAAM,CAAC,UAAU,CAAC,KAAK,CAAC;gBAAE,OAAO,KAAK,CAAC;YAC3C,IAAI,MAAM,CAAC,UAAU,CAAC,KAAK,CAAC;gBAAE,OAAO,KAAK,CAAC;YAC3C,IAAI,MAAM,CAAC,UAAU,CAAC,GAAG,CAAC;gBAAE,OAAO,KAAK,CAAC;YACzC,OAAO,IAAI,CAAC;QACd,CAAC;KACF;IAED,8DAA8D;IAC9D,iEAAiE;IACjE;QACE,IAAI,EAAE,IAAI;QACV,IAAI,EAAE,aAAa;QACnB,KAAK,EAAE,yFAAyF;QAChG,SAAS,EAAE,CAAC,KAAa,EAAE,EAAE;YAC3B,MAAM,MAAM,GAAG,KAAK,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;YACxC,IAAI,MAAM,CAAC,MAAM,GAAG,EAAE,IAAI,MAAM,CAAC,MAAM,GAAG,EAAE;gBAAE,OAAO,KAAK,CAAC;YAC3D,OAAO,SAAS,CAAC,MAAM,CAAC,CAAC;QAC3B,CAAC;KACF;IAED,iBAAiB;IACjB;QACE,IAAI,EAAE,IAAI;QACV,IAAI,EAAE,MAAM;QACZ,KAAK,EAAE,gGAAgG;QACvG,SAAS,EAAE,CAAC,KAAa,EAAE,EAAE;YAC3B,uDAAuD;YACvD,IAAI,KAAK,CAAC,UAAU,CAAC,OAAO,CAAC;gBAAE,OAAO,KAAK,CAAC;YAC5C,IAAI,KAAK,CAAC,UAAU,CAAC,aAAa,CAAC;gBAAE,OAAO,KAAK,CAAC;YAClD,OAAO,IAAI,CAAC;QACd,CAAC;KACF;IAED,sCAAsC;IACtC;QACE,IAAI,EAAE,IAAI;QACV,IAAI,EAAE,MAAM;QACZ,KAAK,EAAE,+CAA+C;QACtD,SAAS,EAAE,GAAG,EAAE,CAAC,IAAI;KACtB;IAED,sBAAsB;IACtB;QACE,IAAI,EAAE,UAAU;QAChB,IAAI,EAAE,UAAU;QAChB,KAAK,EAAE,wBAAwB;QAC/B,SAAS,EAAE,CAAC,KAAa,EAAE,EAAE;YAC3B,yCAAyC;YACzC,OAAO,qBAAqB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC3C,CAAC;KACF;IAED,+DAA+D;IAC/D;QACE,IAAI,EAAE,IAAI;QACV,IAAI,EAAE,iBAAiB;QACvB,KAAK,EAAE,wBAAwB;QAC/B,SAAS,EAAE,CAAC,KAAa,EAAE,EAAE;YAC3B,mDAAmD;YACnD,OAAO,qBAAqB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC3C,CAAC;KACF;CACF,CAAC;AAEF;;GAEG;AACH,SAAS,SAAS,CAAC,MAAc;IAC/B,IAAI,GAAG,GAAG,CAAC,CAAC;IACZ,IAAI,SAAS,GAAG,KAAK,CAAC;IAEtB,KAAK,IAAI,CAAC,GAAG,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;QAC5C,IAAI,CAAC,GAAG,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAEvC,IAAI,SAAS,EAAE,CAAC;YACd,CAAC,IAAI,CAAC,CAAC;YACP,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;gBACV,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;YACZ,CAAC;QACH,CAAC;QAED,GAAG,IAAI,CAAC,CAAC;QACT,SAAS,GAAG,CAAC,SAAS,CAAC;IACzB,CAAC;IAED,OAAO,GAAG,GAAG,EAAE,KAAK,CAAC,CAAC;AACxB,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,SAAS,CACvB,OAAe,EACf,SAAkB,EAClB,kBAAsC,iBAAiB;IAEvD,MAAM,gBAAgB,GAAG,IAAI,GAAG,EAAU,CAAC;IAC3C,MAAM,eAAe,GAA2B,EAAE,CAAC;IACnD,MAAM,eAAe,GAA2B,EAAE,CAAC;IACnD,MAAM,cAAc,GAA2D,EAAE,CAAC;IAClF,IAAI,gBAAgB,GAAG,OAAO,CAAC;IAE/B,KAAK,MAAM,OAAO,IAAI,YAAY,EAAE,CAAC;QACnC,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC;QAErE,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;YAC5B,MAAM,WAAW,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YAE7B,6BAA6B;YAC7B,IAAI,OAAO,CAAC,SAAS,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,WAAW,CAAC,EAAE,CAAC;gBACzD,SAAS;YACX,CAAC;YAED,oCAAoC;YACpC,IAAI,OAAO,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;gBAC7B,MAAM,gBAAgB,GAAG,wBAAwB,CAC/C,WAAW,EACX,SAAS,EACT,eAAe,CAChB,CAAC;gBAEF,IAAI,gBAAgB,EAAE,CAAC;oBACrB,2CAA2C;oBAC3C,cAAc,CAAC,IAAI,CAAC;wBAClB,IAAI,EAAE,OAAO,CAAC,IAAI;wBAClB,KAAK,EAAE,WAAW;wBAClB,MAAM,EAAE,WAAW,gBAAgB,CAAC,QAAQ,KAAK,gBAAgB,CAAC,IAAI,EAAE;qBACzE,CAAC,CAAC;oBACH,eAAe,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,eAAe,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;oBACzE,SAAS,CAAC,iBAAiB;gBAC7B,CAAC;YACH,CAAC;YAED,iBAAiB;YACjB,gBAAgB,GAAG,gBAAgB,CAAC,OAAO,CACzC,WAAW,EACX,aAAa,OAAO,CAAC,IAAI,GAAG,CAC7B,CAAC;YAEF,gBAAgB,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;YACnC,eAAe,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,eAAe,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;QAC3E,CAAC;IACH,CAAC;IAED,OAAO;QACL,OAAO,EAAE,gBAAgB;QACzB,kBAAkB,EAAE,KAAK,CAAC,IAAI,CAAC,gBAAgB,CAAC;QAChD,eAAe,EAAE,cAAc;QAC/B,gBAAgB,EAAE,gBAAgB,KAAK,OAAO;QAC9C,QAAQ,EAAE;YACR,gBAAgB,EAAE,eAAe;YACjC,gBAAgB,EAAE,eAAe;SAClC;KACF,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,WAAW,CAAC,OAAe;IACzC,KAAK,MAAM,OAAO,IAAI,YAAY,EAAE,CAAC;QACnC,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC;QAE5D,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;YAC5B,IAAI,CAAC,OAAO,CAAC,SAAS,IAAI,OAAO,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;gBACtD,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,cAAc,CAAC,OAAe;IAC5C,MAAM,QAAQ,GAAG,IAAI,GAAG,EAAU,CAAC;IAEnC,KAAK,MAAM,OAAO,IAAI,YAAY,EAAE,CAAC;QACnC,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC;QAE5D,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;YAC5B,IAAI,CAAC,OAAO,CAAC,SAAS,IAAI,OAAO,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;gBACtD,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;YAC7B,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;AAC9B,CAAC"}

package/lambda-package/sanitizer/severity-classifier.d.ts

@@ -1,33 +0,0 @@
-/**
- * Severity Classification Engine
- *
- * Maps injection pattern categories to standardized severity levels.
- * Used for threat reporting and compliance documentation.
- */
-export type Severity = 'CRITICAL' | 'HIGH' | 'MEDIUM' | 'LOW';
-export type OverallSeverity = Severity | 'CLEAN';
-/**
- * Classify severity for a single pattern category
- */
-export declare function classifySeverity(patternCategory: string): Severity;
-/**
- * Interface for a threat finding
- */
-export interface Finding {
-    pattern_category: string;
-    severity: Severity;
-}
-/**
- * Aggregate severity across multiple findings
- * Returns the highest severity level found, or CLEAN if no findings
- */
-export declare function aggregateSeverity(findings: Finding[]): OverallSeverity;
-/**
- * Count findings by severity level
- */
-export declare function countBySeverity(findings: Finding[]): Record<Severity, number>;
-/**
- * Get emoji for severity level (for Markdown reports)
- */
-export declare function getSeverityEmoji(severity: Severity | OverallSeverity): string;
-//# sourceMappingURL=severity-classifier.d.ts.map

package/lambda-package/sanitizer/severity-classifier.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"severity-classifier.d.ts","sourceRoot":"","sources":["../../src/sanitizer/severity-classifier.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,MAAM,MAAM,QAAQ,GAAG,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;AAC9D,MAAM,MAAM,eAAe,GAAG,QAAQ,GAAG,OAAO,CAAC;AA2DjD;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,eAAe,EAAE,MAAM,GAAG,QAAQ,CAElE;AAED;;GAEG;AACH,MAAM,WAAW,OAAO;IACtB,gBAAgB,EAAE,MAAM,CAAC;IACzB,QAAQ,EAAE,QAAQ,CAAC;CACpB;AAED;;;GAGG;AACH,wBAAgB,iBAAiB,CAAC,QAAQ,EAAE,OAAO,EAAE,GAAG,eAAe,CAatE;AAED;;GAEG;AACH,wBAAgB,eAAe,CAAC,QAAQ,EAAE,OAAO,EAAE,GAAG,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,CAa7E;AAED;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,QAAQ,EAAE,QAAQ,GAAG,eAAe,GAAG,MAAM,CAS7E"}