visus-mcp 0.6.2 → 0.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (203) hide show
  1. package/.claude/settings.local.json +15 -1
  2. package/.env.status +7 -0
  3. package/CHANGELOG.md +110 -0
  4. package/CLAUDE.md +3 -0
  5. package/README.md +29 -19
  6. package/SECURITY.md +2 -0
  7. package/STATUS.md +320 -12
  8. package/dist/browser/playwright-renderer.d.ts.map +1 -1
  9. package/dist/browser/playwright-renderer.js +27 -5
  10. package/dist/browser/playwright-renderer.js.map +1 -1
  11. package/dist/content-handlers/index.d.ts +36 -0
  12. package/dist/content-handlers/index.d.ts.map +1 -0
  13. package/dist/content-handlers/index.js +59 -0
  14. package/dist/content-handlers/index.js.map +1 -0
  15. package/dist/content-handlers/json-handler.d.ts +28 -0
  16. package/dist/content-handlers/json-handler.d.ts.map +1 -0
  17. package/dist/content-handlers/json-handler.js +116 -0
  18. package/dist/content-handlers/json-handler.js.map +1 -0
  19. package/dist/content-handlers/pdf-handler.d.ts +29 -0
  20. package/dist/content-handlers/pdf-handler.d.ts.map +1 -0
  21. package/dist/content-handlers/pdf-handler.js +77 -0
  22. package/dist/content-handlers/pdf-handler.js.map +1 -0
  23. package/dist/content-handlers/svg-handler.d.ts +35 -0
  24. package/dist/content-handlers/svg-handler.d.ts.map +1 -0
  25. package/dist/content-handlers/svg-handler.js +206 -0
  26. package/dist/content-handlers/svg-handler.js.map +1 -0
  27. package/dist/content-handlers/types.d.ts +42 -0
  28. package/dist/content-handlers/types.d.ts.map +1 -0
  29. package/dist/content-handlers/types.js +7 -0
  30. package/dist/content-handlers/types.js.map +1 -0
  31. package/dist/sanitizer/framework-mapper.d.ts +4 -0
  32. package/dist/sanitizer/framework-mapper.d.ts.map +1 -1
  33. package/dist/sanitizer/framework-mapper.js +92 -0
  34. package/dist/sanitizer/framework-mapper.js.map +1 -1
  35. package/dist/sanitizer/threat-reporter.d.ts +5 -0
  36. package/dist/sanitizer/threat-reporter.d.ts.map +1 -1
  37. package/dist/sanitizer/threat-reporter.js +15 -6
  38. package/dist/sanitizer/threat-reporter.js.map +1 -1
  39. package/dist/tools/fetch-structured.d.ts.map +1 -1
  40. package/dist/tools/fetch-structured.js +4 -0
  41. package/dist/tools/fetch-structured.js.map +1 -1
  42. package/dist/tools/fetch.d.ts.map +1 -1
  43. package/dist/tools/fetch.js +68 -4
  44. package/dist/tools/fetch.js.map +1 -1
  45. package/dist/tools/read.d.ts.map +1 -1
  46. package/dist/tools/read.js +4 -0
  47. package/dist/tools/read.js.map +1 -1
  48. package/dist/types.d.ts +9 -1
  49. package/dist/types.d.ts.map +1 -1
  50. package/dist/types.js.map +1 -1
  51. package/package.json +2 -1
  52. package/server.json +25 -14
  53. package/src/browser/playwright-renderer.ts +29 -6
  54. package/src/content-handlers/index.ts +72 -0
  55. package/src/content-handlers/json-handler.ts +137 -0
  56. package/src/content-handlers/pdf-handler.ts +91 -0
  57. package/src/content-handlers/svg-handler.ts +243 -0
  58. package/src/content-handlers/types.ts +44 -0
  59. package/src/sanitizer/framework-mapper.ts +94 -0
  60. package/src/sanitizer/threat-reporter.ts +17 -6
  61. package/src/tools/fetch-structured.ts +5 -0
  62. package/src/tools/fetch.ts +76 -4
  63. package/src/tools/read.ts +5 -0
  64. package/src/types.ts +9 -1
  65. package/.github/ISSUE_TEMPLATE/bug_report.md +0 -47
  66. package/.github/ISSUE_TEMPLATE/false_positive.md +0 -43
  67. package/.github/ISSUE_TEMPLATE/new_pattern.md +0 -49
  68. package/.github/ISSUE_TEMPLATE/security_report.md +0 -31
  69. package/.github/PULL_REQUEST_TEMPLATE.md +0 -39
  70. package/.mcpregistry_github_token +0 -1
  71. package/.mcpregistry_registry_token +0 -1
  72. package/CONTRIBUTING.md +0 -329
  73. package/LINKEDIN-STRATEGY.md +0 -367
  74. package/ROADMAP.md +0 -221
  75. package/SECURITY-AUDIT-v1.md +0 -277
  76. package/SUBMISSION.md +0 -66
  77. package/TROUBLESHOOT-AUTH-20260322-2019.md +0 -291
  78. package/TROUBLESHOOT-BUILD-20260319-1450.md +0 -546
  79. package/TROUBLESHOOT-COGNITO-AUTH-20260324-2029.md +0 -415
  80. package/TROUBLESHOOT-COGNITO-JWT-20260324.md +0 -592
  81. package/TROUBLESHOOT-FETCH-20260320-1150.md +0 -168
  82. package/TROUBLESHOOT-JEST-20260323-1357.md +0 -139
  83. package/TROUBLESHOOT-LAMBDA-20260322-1945.md +0 -183
  84. package/TROUBLESHOOT-PLAYWRIGHT-20260321-1549.md +0 -217
  85. package/TROUBLESHOOT-SSL-20260320-1138.md +0 -171
  86. package/TROUBLESHOOT-STRUCTURED-20260320-1200.md +0 -246
  87. package/TROUBLESHOOT-TEST-20260320-0942.md +0 -281
  88. package/VISUS-CLAUDE-CODE-PROMPT.md +0 -324
  89. package/VISUS-PROJECT-PLAN.md +0 -205
  90. package/cdk.json +0 -73
  91. package/infrastructure/app.ts +0 -39
  92. package/infrastructure/stack.ts +0 -298
  93. package/jest.config.js +0 -33
  94. package/jest.setup.js +0 -9
  95. package/lambda-deploy/index.js +0 -81512
  96. package/lambda-deploy/index.js.map +0 -7
  97. package/lambda-package/browser/__mocks__/playwright-renderer.d.ts +0 -25
  98. package/lambda-package/browser/__mocks__/playwright-renderer.d.ts.map +0 -1
  99. package/lambda-package/browser/__mocks__/playwright-renderer.js +0 -119
  100. package/lambda-package/browser/__mocks__/playwright-renderer.js.map +0 -1
  101. package/lambda-package/browser/playwright-renderer.d.ts +0 -40
  102. package/lambda-package/browser/playwright-renderer.d.ts.map +0 -1
  103. package/lambda-package/browser/playwright-renderer.js +0 -214
  104. package/lambda-package/browser/playwright-renderer.js.map +0 -1
  105. package/lambda-package/browser/reader.d.ts +0 -31
  106. package/lambda-package/browser/reader.d.ts.map +0 -1
  107. package/lambda-package/browser/reader.js +0 -98
  108. package/lambda-package/browser/reader.js.map +0 -1
  109. package/lambda-package/index.d.ts +0 -18
  110. package/lambda-package/index.d.ts.map +0 -1
  111. package/lambda-package/index.js +0 -238
  112. package/lambda-package/index.js.map +0 -1
  113. package/lambda-package/lambda-handler.d.ts +0 -28
  114. package/lambda-package/lambda-handler.d.ts.map +0 -1
  115. package/lambda-package/lambda-handler.js +0 -257
  116. package/lambda-package/lambda-handler.js.map +0 -1
  117. package/lambda-package/package-lock.json +0 -7435
  118. package/lambda-package/package.json +0 -74
  119. package/lambda-package/runtime.d.ts +0 -50
  120. package/lambda-package/runtime.d.ts.map +0 -1
  121. package/lambda-package/runtime.js +0 -86
  122. package/lambda-package/runtime.js.map +0 -1
  123. package/lambda-package/sanitizer/elicit-runner.d.ts +0 -48
  124. package/lambda-package/sanitizer/elicit-runner.d.ts.map +0 -1
  125. package/lambda-package/sanitizer/elicit-runner.js +0 -100
  126. package/lambda-package/sanitizer/elicit-runner.js.map +0 -1
  127. package/lambda-package/sanitizer/framework-mapper.d.ts +0 -24
  128. package/lambda-package/sanitizer/framework-mapper.d.ts.map +0 -1
  129. package/lambda-package/sanitizer/framework-mapper.js +0 -342
  130. package/lambda-package/sanitizer/framework-mapper.js.map +0 -1
  131. package/lambda-package/sanitizer/hitl-gate.d.ts +0 -69
  132. package/lambda-package/sanitizer/hitl-gate.d.ts.map +0 -1
  133. package/lambda-package/sanitizer/hitl-gate.js +0 -101
  134. package/lambda-package/sanitizer/hitl-gate.js.map +0 -1
  135. package/lambda-package/sanitizer/index.d.ts +0 -63
  136. package/lambda-package/sanitizer/index.d.ts.map +0 -1
  137. package/lambda-package/sanitizer/index.js +0 -105
  138. package/lambda-package/sanitizer/index.js.map +0 -1
  139. package/lambda-package/sanitizer/injection-detector.d.ts +0 -34
  140. package/lambda-package/sanitizer/injection-detector.d.ts.map +0 -1
  141. package/lambda-package/sanitizer/injection-detector.js +0 -89
  142. package/lambda-package/sanitizer/injection-detector.js.map +0 -1
  143. package/lambda-package/sanitizer/patterns.d.ts +0 -30
  144. package/lambda-package/sanitizer/patterns.d.ts.map +0 -1
  145. package/lambda-package/sanitizer/patterns.js +0 -372
  146. package/lambda-package/sanitizer/patterns.js.map +0 -1
  147. package/lambda-package/sanitizer/pii-allowlist.d.ts +0 -49
  148. package/lambda-package/sanitizer/pii-allowlist.d.ts.map +0 -1
  149. package/lambda-package/sanitizer/pii-allowlist.js +0 -231
  150. package/lambda-package/sanitizer/pii-allowlist.js.map +0 -1
  151. package/lambda-package/sanitizer/pii-redactor.d.ts +0 -41
  152. package/lambda-package/sanitizer/pii-redactor.d.ts.map +0 -1
  153. package/lambda-package/sanitizer/pii-redactor.js +0 -213
  154. package/lambda-package/sanitizer/pii-redactor.js.map +0 -1
  155. package/lambda-package/sanitizer/severity-classifier.d.ts +0 -33
  156. package/lambda-package/sanitizer/severity-classifier.d.ts.map +0 -1
  157. package/lambda-package/sanitizer/severity-classifier.js +0 -113
  158. package/lambda-package/sanitizer/severity-classifier.js.map +0 -1
  159. package/lambda-package/sanitizer/threat-reporter.d.ts +0 -66
  160. package/lambda-package/sanitizer/threat-reporter.d.ts.map +0 -1
  161. package/lambda-package/sanitizer/threat-reporter.js +0 -163
  162. package/lambda-package/sanitizer/threat-reporter.js.map +0 -1
  163. package/lambda-package/tools/fetch-structured.d.ts +0 -51
  164. package/lambda-package/tools/fetch-structured.d.ts.map +0 -1
  165. package/lambda-package/tools/fetch-structured.js +0 -237
  166. package/lambda-package/tools/fetch-structured.js.map +0 -1
  167. package/lambda-package/tools/fetch.d.ts +0 -49
  168. package/lambda-package/tools/fetch.d.ts.map +0 -1
  169. package/lambda-package/tools/fetch.js +0 -131
  170. package/lambda-package/tools/fetch.js.map +0 -1
  171. package/lambda-package/tools/read.d.ts +0 -51
  172. package/lambda-package/tools/read.d.ts.map +0 -1
  173. package/lambda-package/tools/read.js +0 -127
  174. package/lambda-package/tools/read.js.map +0 -1
  175. package/lambda-package/tools/search.d.ts +0 -45
  176. package/lambda-package/tools/search.d.ts.map +0 -1
  177. package/lambda-package/tools/search.js +0 -220
  178. package/lambda-package/tools/search.js.map +0 -1
  179. package/lambda-package/types.d.ts +0 -167
  180. package/lambda-package/types.d.ts.map +0 -1
  181. package/lambda-package/types.js +0 -16
  182. package/lambda-package/types.js.map +0 -1
  183. package/lambda-package/utils/format-converter.d.ts +0 -39
  184. package/lambda-package/utils/format-converter.d.ts.map +0 -1
  185. package/lambda-package/utils/format-converter.js +0 -191
  186. package/lambda-package/utils/format-converter.js.map +0 -1
  187. package/lambda-package/utils/truncate.d.ts +0 -26
  188. package/lambda-package/utils/truncate.d.ts.map +0 -1
  189. package/lambda-package/utils/truncate.js +0 -54
  190. package/lambda-package/utils/truncate.js.map +0 -1
  191. package/lambda.zip +0 -0
  192. package/test-output.txt +0 -4
  193. package/tests/auth-smoke.test.ts +0 -480
  194. package/tests/elicit-runner.test.ts +0 -232
  195. package/tests/fetch-tool.test.ts +0 -922
  196. package/tests/hitl-gate.test.ts +0 -267
  197. package/tests/injection-corpus.ts +0 -338
  198. package/tests/pii-allowlist.test.ts +0 -282
  199. package/tests/reader.test.ts +0 -353
  200. package/tests/sanitizer.test.ts +0 -358
  201. package/tests/search.test.ts +0 -456
  202. package/tests/threat-reporter.test.ts +0 -334
  203. package/tsconfig.cdk.json +0 -35
@@ -1,334 +0,0 @@
1
- /**
2
- * Threat Reporter Test Suite
3
- *
4
- * Tests TOON encoding, Markdown generation, and framework mappings
5
- */
6
-
7
- import { generateThreatReport } from '../src/sanitizer/threat-reporter.js';
8
- import { classifySeverity, aggregateSeverity, countBySeverity, getSeverityEmoji } from '../src/sanitizer/severity-classifier.js';
9
- import { getFrameworkMappings } from '../src/sanitizer/framework-mapper.js';
10
-
11
- describe('Threat Reporter', () => {
12
- describe('generateThreatReport()', () => {
13
- it('should return null for clean page (no findings)', () => {
14
- const result = generateThreatReport({
15
- patterns_detected: [],
16
- pii_redacted: 0,
17
- source_url: 'https://example.com'
18
- });
19
-
20
- expect(result).toBeNull();
21
- });
22
-
23
- it('should generate report for single HIGH injection', () => {
24
- const result = generateThreatReport({
25
- patterns_detected: ['role_hijacking'],
26
- pii_redacted: 0,
27
- source_url: 'https://malicious.example.com'
28
- });
29
-
30
- expect(result).not.toBeNull();
31
- if (result) {
32
- expect(result.overall_severity).toBe('CRITICAL'); // role_hijacking is CRITICAL
33
- expect(result.total_findings).toBe(1);
34
- expect(result.by_severity.CRITICAL).toBe(1);
35
- expect(result.by_severity.HIGH).toBe(0);
36
- }
37
- });
38
-
39
- it('should classify CRITICAL + MEDIUM as overall CRITICAL', () => {
40
- const result = generateThreatReport({
41
- patterns_detected: ['data_exfiltration', 'comment_injection'],
42
- pii_redacted: 0,
43
- source_url: 'https://test.example.com'
44
- });
45
-
46
- expect(result).not.toBeNull();
47
- if (result) {
48
- expect(result.overall_severity).toBe('CRITICAL');
49
- expect(result.total_findings).toBe(2);
50
- expect(result.by_severity.CRITICAL).toBe(1);
51
- expect(result.by_severity.MEDIUM).toBe(1);
52
- }
53
- });
54
-
55
- it('should include PII redacted count in report', () => {
56
- const result = generateThreatReport({
57
- patterns_detected: ['role_hijacking'],
58
- pii_redacted: 3,
59
- source_url: 'https://test.example.com'
60
- });
61
-
62
- expect(result).not.toBeNull();
63
- if (result) {
64
- expect(result.pii_redacted).toBe(3);
65
- expect(result.report_markdown).toContain('Items Redacted:** 3');
66
- }
67
- });
68
-
69
- it('should have non-empty TOON findings string when findings exist', () => {
70
- const result = generateThreatReport({
71
- patterns_detected: ['role_hijacking'],
72
- pii_redacted: 0,
73
- source_url: 'https://test.example.com'
74
- });
75
-
76
- expect(result).not.toBeNull();
77
- if (result) {
78
- expect(result.findings_toon).toBeTruthy();
79
- expect(result.findings_toon.length).toBeGreaterThan(0);
80
- }
81
- });
82
-
83
- it('should include all required sections in Markdown report', () => {
84
- const result = generateThreatReport({
85
- patterns_detected: ['role_hijacking', 'data_exfiltration'],
86
- pii_redacted: 2,
87
- source_url: 'https://test.example.com'
88
- });
89
-
90
- expect(result).not.toBeNull();
91
- if (result) {
92
- const md = result.report_markdown;
93
- expect(md).toContain('Visus Threat Report');
94
- expect(md).toContain('Findings Summary');
95
- expect(md).toContain('Findings Detail');
96
- expect(md).toContain('PII Redaction');
97
- expect(md).toContain('Remediation Status');
98
- expect(md).toContain('Generated:');
99
- expect(md).toContain('Source:');
100
- expect(md).toContain('Overall Severity:');
101
- }
102
- });
103
-
104
- it('should contain valid TOON format with correct field count', () => {
105
- const result = generateThreatReport({
106
- patterns_detected: ['role_hijacking'],
107
- pii_redacted: 0,
108
- source_url: 'https://test.example.com'
109
- });
110
-
111
- expect(result).not.toBeNull();
112
- if (result) {
113
- const toon = result.findings_toon;
114
- // TOON should contain findings array with expected fields
115
- expect(toon).toContain('findings');
116
- }
117
- });
118
-
119
- it('should use all four severity emojis in Markdown', () => {
120
- const result = generateThreatReport({
121
- patterns_detected: ['role_hijacking'], // CRITICAL
122
- pii_redacted: 0,
123
- source_url: 'https://test.example.com'
124
- });
125
-
126
- expect(result).not.toBeNull();
127
- if (result) {
128
- const md = result.report_markdown;
129
- // Should have severity emojis in the table
130
- expect(md).toContain('🔴'); // CRITICAL
131
- expect(md).toContain('🟠'); // HIGH
132
- expect(md).toContain('🟡'); // MEDIUM
133
- expect(md).toContain('🟢'); // LOW
134
- }
135
- });
136
-
137
- it('should include all four frameworks', () => {
138
- const result = generateThreatReport({
139
- patterns_detected: ['role_hijacking'],
140
- pii_redacted: 0,
141
- source_url: 'https://test.example.com'
142
- });
143
-
144
- expect(result).not.toBeNull();
145
- if (result) {
146
- expect(result.frameworks).toContain('OWASP LLM Top 10');
147
- expect(result.frameworks).toContain('NIST AI 600-1');
148
- expect(result.frameworks).toContain('MITRE ATLAS');
149
- expect(result.frameworks).toContain('ISO/IEC 42001');
150
- }
151
- });
152
-
153
- it('should mark sanitization_applied as true', () => {
154
- const result = generateThreatReport({
155
- patterns_detected: ['role_hijacking'],
156
- pii_redacted: 0,
157
- source_url: 'https://test.example.com'
158
- });
159
-
160
- expect(result).not.toBeNull();
161
- if (result) {
162
- expect(result.sanitization_applied).toBe(true);
163
- }
164
- });
165
-
166
- it('should include timestamp in ISO format', () => {
167
- const result = generateThreatReport({
168
- patterns_detected: ['role_hijacking'],
169
- pii_redacted: 0,
170
- source_url: 'https://test.example.com'
171
- });
172
-
173
- expect(result).not.toBeNull();
174
- if (result) {
175
- expect(result.generated).toMatch(/^\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}/);
176
- }
177
- });
178
- });
179
-
180
- describe('Severity Classifier', () => {
181
- it('should classify role_hijacking as CRITICAL', () => {
182
- expect(classifySeverity('role_hijacking')).toBe('CRITICAL');
183
- });
184
-
185
- it('should classify data_exfiltration as CRITICAL', () => {
186
- expect(classifySeverity('data_exfiltration')).toBe('CRITICAL');
187
- });
188
-
189
- it('should classify context_poisoning as HIGH', () => {
190
- expect(classifySeverity('context_poisoning')).toBe('HIGH');
191
- });
192
-
193
- it('should classify comment_injection as MEDIUM', () => {
194
- expect(classifySeverity('comment_injection')).toBe('MEDIUM');
195
- });
196
-
197
- it('should classify leetspeak_obfuscation as LOW', () => {
198
- expect(classifySeverity('leetspeak_obfuscation')).toBe('LOW');
199
- });
200
-
201
- it('should aggregate to CLEAN when no findings', () => {
202
- expect(aggregateSeverity([])).toBe('CLEAN');
203
- });
204
-
205
- it('should aggregate to CRITICAL when CRITICAL finding present', () => {
206
- const findings = [
207
- { pattern_category: 'role_hijacking', severity: 'CRITICAL' as const },
208
- { pattern_category: 'comment_injection', severity: 'MEDIUM' as const }
209
- ];
210
- expect(aggregateSeverity(findings)).toBe('CRITICAL');
211
- });
212
-
213
- it('should aggregate to HIGH when no CRITICAL but HIGH present', () => {
214
- const findings = [
215
- { pattern_category: 'context_poisoning', severity: 'HIGH' as const },
216
- { pattern_category: 'comment_injection', severity: 'MEDIUM' as const }
217
- ];
218
- expect(aggregateSeverity(findings)).toBe('HIGH');
219
- });
220
-
221
- it('should count findings by severity correctly', () => {
222
- const findings = [
223
- { pattern_category: 'role_hijacking', severity: 'CRITICAL' as const },
224
- { pattern_category: 'data_exfiltration', severity: 'CRITICAL' as const },
225
- { pattern_category: 'context_poisoning', severity: 'HIGH' as const },
226
- { pattern_category: 'comment_injection', severity: 'MEDIUM' as const }
227
- ];
228
-
229
- const counts = countBySeverity(findings);
230
- expect(counts.CRITICAL).toBe(2);
231
- expect(counts.HIGH).toBe(1);
232
- expect(counts.MEDIUM).toBe(1);
233
- expect(counts.LOW).toBe(0);
234
- });
235
-
236
- it('should return correct emojis for all severity levels', () => {
237
- expect(getSeverityEmoji('CRITICAL')).toBe('🔴');
238
- expect(getSeverityEmoji('HIGH')).toBe('🟠');
239
- expect(getSeverityEmoji('MEDIUM')).toBe('🟡');
240
- expect(getSeverityEmoji('LOW')).toBe('🟢');
241
- expect(getSeverityEmoji('CLEAN')).toBe('✅');
242
- });
243
- });
244
-
245
- describe('Framework Mapper', () => {
246
- it('should map role_hijacking to correct frameworks', () => {
247
- const mappings = getFrameworkMappings('role_hijacking');
248
- expect(mappings.owasp_llm).toContain('LLM01:2025');
249
- expect(mappings.nist_ai_600_1).toContain('MS-2.5');
250
- expect(mappings.mitre_atlas).toContain('AML.T0051');
251
- expect(mappings.iso_42001).toBe('A.6.1.5 - AI System Security (Adversarial Input)');
252
- });
253
-
254
- it('should map data_exfiltration to correct frameworks', () => {
255
- const mappings = getFrameworkMappings('data_exfiltration');
256
- expect(mappings.owasp_llm).toContain('LLM02:2025');
257
- expect(mappings.nist_ai_600_1).toContain('MS-2.6');
258
- expect(mappings.mitre_atlas).toContain('AML.T0048');
259
- expect(mappings.iso_42001).toContain('A.7.5');
260
- });
261
-
262
- it('should return default mappings for unknown pattern', () => {
263
- const mappings = getFrameworkMappings('unknown_pattern_xyz');
264
- expect(mappings.owasp_llm).toContain('LLM01:2025');
265
- expect(mappings.nist_ai_600_1).toContain('MS-2.5');
266
- expect(mappings.mitre_atlas).toContain('AML.T0051');
267
- expect(mappings.iso_42001).toBe('A.6.1.5 - AI System Security');
268
- });
269
-
270
- it('should have ISO 42001 mapping for all 43 patterns', () => {
271
- // List of all 43 patterns from injection corpus
272
- const allPatterns = [
273
- 'direct_instruction_injection', 'role_hijacking', 'system_prompt_extraction',
274
- 'privilege_escalation', 'context_poisoning', 'data_exfiltration',
275
- 'base64_obfuscation', 'unicode_lookalikes', 'zero_width_characters',
276
- 'html_script_injection', 'data_uri_injection', 'markdown_link_injection',
277
- 'url_fragment_hashjack', 'social_engineering_urgency', 'instruction_delimiter_injection',
278
- 'multi_language_obfuscation', 'reverse_text_obfuscation', 'leetspeak_obfuscation',
279
- 'jailbreak_keywords', 'token_smuggling', 'system_message_injection',
280
- 'conversation_reset', 'memory_manipulation', 'capability_probing',
281
- 'chain_of_thought_manipulation', 'hypothetical_scenario_injection', 'ethical_override',
282
- 'output_format_manipulation', 'negative_instruction', 'credential_harvesting',
283
- 'time_based_triggers', 'code_execution_requests', 'file_system_access',
284
- 'training_data_extraction', 'simulator_mode', 'nested_encoding',
285
- 'payload_splitting', 'css_hiding', 'authority_impersonation',
286
- 'testing_debugging_claims', 'callback_url_injection', 'whitespace_steganography',
287
- 'comment_injection'
288
- ];
289
-
290
- for (const pattern of allPatterns) {
291
- const mappings = getFrameworkMappings(pattern);
292
- expect(mappings.iso_42001).toBeTruthy();
293
- expect(mappings.iso_42001.length).toBeGreaterThan(0);
294
- expect(mappings.iso_42001).toMatch(/^A\.\d+/); // Should start with A.X (Annex A format)
295
- }
296
- });
297
-
298
- it('should include ISO 42001 column in Markdown report', () => {
299
- const result = generateThreatReport({
300
- patterns_detected: ['role_hijacking'],
301
- pii_redacted: 0,
302
- source_url: 'https://test.example.com'
303
- });
304
-
305
- expect(result).not.toBeNull();
306
- if (result) {
307
- const md = result.report_markdown;
308
- expect(md).toContain('ISO 42001');
309
- expect(md).toContain('ISO/IEC 42001');
310
- }
311
- });
312
-
313
- it('should have 10 fields in TOON header', () => {
314
- const result = generateThreatReport({
315
- patterns_detected: ['role_hijacking'],
316
- pii_redacted: 0,
317
- source_url: 'https://test.example.com'
318
- });
319
-
320
- expect(result).not.toBeNull();
321
- if (result) {
322
- const toon = result.findings_toon;
323
- // TOON header should have 10 fields: id, pattern_id, category, severity, confidence, owasp_llm, nist_ai_600_1, mitre_atlas, iso_42001, remediation
324
- expect(toon).toMatch(/findings\[\d+\]\{[^}]+\}/);
325
- const headerMatch = toon.match(/findings\[\d+\]\{([^}]+)\}/);
326
- if (headerMatch) {
327
- const fields = headerMatch[1].split(',');
328
- expect(fields.length).toBe(10);
329
- expect(fields).toContain('iso_42001');
330
- }
331
- }
332
- });
333
- });
334
- });
package/tsconfig.cdk.json DELETED
@@ -1,35 +0,0 @@
1
- {
2
- "compilerOptions": {
3
- "target": "ES2020",
4
- "module": "commonjs",
5
- "lib": ["ES2020"],
6
- "declaration": true,
7
- "strict": true,
8
- "noImplicitAny": true,
9
- "strictNullChecks": true,
10
- "noImplicitThis": true,
11
- "alwaysStrict": true,
12
- "noUnusedLocals": false,
13
- "noUnusedParameters": false,
14
- "noImplicitReturns": true,
15
- "noFallthroughCasesInSwitch": false,
16
- "inlineSourceMap": true,
17
- "inlineSources": true,
18
- "experimentalDecorators": true,
19
- "strictPropertyInitialization": false,
20
- "esModuleInterop": true,
21
- "skipLibCheck": true,
22
- "forceConsistentCasingInFileNames": true,
23
- "resolveJsonModule": true,
24
- "typeRoots": ["./node_modules/@types"]
25
- },
26
- "ts-node": {
27
- "transpileOnly": true,
28
- "files": true,
29
- "compilerOptions": {
30
- "module": "commonjs"
31
- }
32
- },
33
- "exclude": ["node_modules", "cdk.out", "dist", "src", "tests"],
34
- "include": ["infrastructure/**/*.ts"]
35
- }