visus-mcp 0.8.0 → 0.9.0

package/.claude/settings.local.json

@@ -60,7 +60,16 @@
       "Bash(unzip:*)",
       "Bash(mkdir:*)",
       "Bash(comm -13:*)",
-      "Bash(comm -23:*)"
+      "Bash(comm -23:*)",
+      "Bash(npx @modelcontextprotocol/registry-cli:*)",
+      "Bash(make:*)",
+      "Bash(tar:*)",
+      "Bash(./mcp-publisher:*)",
+      "Bash(/tmp/mcp-publisher auth login:*)",
+      "Bash(/tmp/mcp-publisher login:*)",
+      "Bash(/tmp/mcp-publisher publish:*)",
+      "WebFetch(domain:airc.nist.gov)",
+      "WebFetch(domain:csf.tools)"
     ],
     "deny": [],
     "ask": []

package/CHANGELOG.md

@@ -7,6 +7,41 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [0.9.0] - 2026-03-26
+
+### Added
+
+- **NIST AI RMF Framework Mappings** (`src/sanitizer/framework-mapper.ts`)
+  - Added NIST AI Risk Management Framework (AI 100-1) mappings for all 43 injection patterns
+  - Maps threats to four core functions: GOVERN, MAP, MEASURE, and MANAGE
+  - Examples: GOVERN-1.1 (Legal Requirements), MEASURE-2.7 (AI System Security), MANAGE-2.3 (Respond to Unknown Risks)
+  - Provides comprehensive risk management alignment for federal/government users
+
+- **NIST CSF 2.0 Framework Mappings** (`src/sanitizer/framework-mapper.ts`)
+  - Added NIST Cybersecurity Framework 2.0 mappings for all 43 injection patterns
+  - Maps threats to six core functions: IDENTIFY, PROTECT, DETECT, RESPOND, RECOVER, and GOVERN
+  - Examples: DE.CM-01 (Network Monitoring), PR.DS-01 (Data at Rest Protection), PR.AC-04 (Access Control)
+  - Widely adopted enterprise cybersecurity framework for compliance and audit requirements
+
+- **Enhanced Threat Reporting** (`src/sanitizer/threat-reporter.ts`)
+  - Expanded framework coverage from 4 to 6 compliance frameworks
+  - Updated TOON format from 10 fields to 12 fields (added nist_ai_rmf, nist_csf_2_0)
+  - Enhanced Markdown threat report table with new AI-RMF and CSF 2.0 columns
+  - All threat reports now include comprehensive 6-framework alignment
+
+### Changed
+
+- **Framework Badge** (README.md) - Updated security badge to highlight NIST AI RMF and CSF 2.0
+- **Tool Descriptions** (README.md) - All 4 MCP tools now reference 6 frameworks in their descriptions
+- **Framework Alignments Section** (README.md) - Expanded to document all 6 frameworks with descriptions
+- **Test Coverage** (tests/threat-reporter.test.ts) - Updated to verify 6 frameworks and 12 TOON fields
+
+### Fixed
+
+- **server.json Version Sync** - Ensured server.json version matches package.json per MCP Registry requirements
+
+## [0.8.1] - 2026-03-25
+
 ### Added
 
 - **PDF Content Handler** (`src/content-handlers/pdf-handler.ts`)
@@ -56,9 +91,19 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
   - Tests for error handling (corrupt/invalid content)
   - Tests for edge cases (nested structures, arrays, malformed input)
 
+### Fixed
+
+- **PDF Text Extraction** - Fixed critical bug where PDF content was passed as corrupted UTF-8 strings instead of binary data
+  - Root cause: `response.text()` in `playwright-renderer.ts` converted all response bodies to strings, mangling binary PDFs
+  - Fix: Use `response.arrayBuffer()` for binary content types (`application/pdf`, `image/*`, `application/octet-stream`)
+  - Impact: PDF handler now receives proper binary data, text extraction works correctly
+  - Files modified: `src/types.ts`, `src/browser/playwright-renderer.ts`, `src/tools/fetch.ts`, `src/tools/read.ts`, `src/tools/fetch-structured.ts`
+  - Note: Some complex PDFs may fail with "Invalid Root reference" error - this is a limitation of the pdf-parse library, not Visus
+
 ### Changed
 
 - Added `pdf-parse` dependency (v2.4.5) for PDF text extraction
+- Updated `BrowserRenderResult.html` type to `string | Buffer` to support binary content
 
 ## [0.6.2] - 2026-03-14
 

package/README.md

@@ -5,7 +5,7 @@
 [![tools](https://img.shields.io/badge/MCP%20tools-4-blue)](https://github.com/visus-mcp/visus-mcp)
 [![mcp](https://img.shields.io/badge/MCP-compatible-brightgreen)](https://modelcontextprotocol.io)
 [![license](https://img.shields.io/badge/license-MIT-blue)](https://github.com/visus-mcp/visus-mcp/blob/main/LICENSE)
-[![security](https://img.shields.io/badge/frameworks-NIST%20%7C%20OWASP%20%7C%20MITRE%20%7C%20ISO42001-orange)](https://github.com/visus-mcp/visus-mcp/blob/main/SECURITY.md)
+[![security](https://img.shields.io/badge/frameworks-NIST%20AI%20RMF%20%7C%20CSF%202.0%20%7C%20OWASP%20%7C%20MITRE%20%7C%20ISO42001-orange)](https://github.com/visus-mcp/visus-mcp/blob/main/SECURITY.md)
 [![iso42001](https://img.shields.io/badge/ISO%2FIEC-42001%3A2023-blueviolet)](https://www.iso.org/standard/81230.html)
 
 > **Your AI agent shouldn't have to read garbage.**
@@ -19,7 +19,7 @@ Claude handles most of it. But it still has to read all of it first. You still p
 
 Built as infrastructure, not a replacement for Claude's own safety training. The two layers together are stronger than either alone.
 ```bash
-npx visus-mcp@0.6.0
+npx visus-mcp@0.9.0
 ```
 
 *"What the web shows you, Lateos reads safely."*
@@ -185,7 +185,7 @@ Restart Claude Desktop. Visus tools are now available to Claude.
 
 ### `visus_fetch`
 
-Fetch and sanitize a web page with automatic format detection. Supports HTML, JSON, XML, and RSS/Atom feeds. Includes NIST AI 600-1 / OWASP LLM / MITRE ATLAS / ISO/IEC 42001 aligned threat report when injection or PII is detected.
+Fetch and sanitize a web page with automatic format detection. Supports HTML, JSON, XML, and RSS/Atom feeds. Includes NIST AI RMF / CSF 2.0 / AI 600-1 / OWASP LLM / MITRE ATLAS / ISO/IEC 42001 aligned threat report when injection or PII is detected.
 
 **Supported Formats:**
 - **HTML** (`text/html`, `application/xhtml+xml`) - Standard web pages, returned as-is
@@ -195,7 +195,7 @@ Fetch and sanitize a web page with automatic format detection. Supports HTML, JS
 
 ### `visus_read`
 
-Extract clean article content from a web page using Mozilla Readability (reader mode). Includes NIST AI 600-1 / OWASP LLM / MITRE ATLAS / ISO/IEC 42001 aligned threat report when injection or PII is detected.
+Extract clean article content from a web page using Mozilla Readability (reader mode). Includes NIST AI RMF / CSF 2.0 / AI 600-1 / OWASP LLM / MITRE ATLAS / ISO/IEC 42001 aligned threat report when injection or PII is detected.
 
 **Input:**
 ```json
@@ -227,7 +227,7 @@ Extract clean article content from a web page using Mozilla Readability (reader
 
 ### `visus_search`
 
-Search the web via DuckDuckGo and return sanitized results with prompt injection and PII removed. Use before `visus_fetch` or `visus_read` to safely discover and then read pages. Includes NIST AI 600-1 / OWASP LLM / MITRE ATLAS / ISO/IEC 42001 aligned threat report when injection or PII is detected.
+Search the web via DuckDuckGo and return sanitized results with prompt injection and PII removed. Use before `visus_fetch` or `visus_read` to safely discover and then read pages. Includes NIST AI RMF / CSF 2.0 / AI 600-1 / OWASP LLM / MITRE ATLAS / ISO/IEC 42001 aligned threat report when injection or PII is detected.
 
 **Input:**
 ```json
@@ -260,7 +260,7 @@ All search result titles and snippets are independently sanitized before reachin
 
 ### `visus_fetch_structured`
 
-Extract structured data from a web page according to a schema. Includes NIST AI 600-1 / OWASP LLM / MITRE ATLAS / ISO/IEC 42001 aligned threat report when injection or PII is detected.
+Extract structured data from a web page according to a schema. Includes NIST AI RMF / CSF 2.0 / AI 600-1 / OWASP LLM / MITRE ATLAS / ISO/IEC 42001 aligned threat report when injection or PII is detected.
 
 **Input:**
 ```json
@@ -313,7 +313,7 @@ Findings are encoded using [TOON format](https://toonformat.dev) for token effic
 - Pattern ID and category
 - Severity level (CRITICAL, HIGH, MEDIUM, LOW)
 - Confidence score
-- Framework alignments (OWASP LLM Top 10, NIST AI 600-1, MITRE ATLAS, ISO/IEC 42001)
+- Framework alignments (OWASP LLM Top 10, NIST AI 600-1, NIST AI RMF, NIST CSF 2.0, MITRE ATLAS, ISO/IEC 42001)
 - Remediation status
 
 ### 2. Markdown Compliance Report (Human-Readable)
@@ -328,10 +328,12 @@ A formatted Markdown table renders cleanly in Claude Desktop and GitHub, showing
 
 ### Framework Alignments
 
-Every detected threat is mapped to four compliance frameworks:
+Every detected threat is mapped to six compliance frameworks:
 
 - **[OWASP LLM Top 10 (2025)](https://owasp.org/www-project-top-10-for-large-language-model-applications/)**: Industry-standard LLM security risks
 - **[NIST AI 600-1](https://csrc.nist.gov/pubs/ai/600/1/final)**: Generative AI Profile for risk management
+- **[NIST AI RMF](https://www.nist.gov/itl/ai-risk-management-framework)**: AI Risk Management Framework (AI 100-1) with GOVERN, MAP, MEASURE, and MANAGE functions
+- **[NIST CSF 2.0](https://www.nist.gov/cyberframework)**: Cybersecurity Framework 2.0 with IDENTIFY, PROTECT, DETECT, RESPOND, RECOVER, and GOVERN functions
 - **[MITRE ATLAS](https://atlas.mitre.org/)**: Adversarial Threat Landscape for AI Systems
 - **[ISO/IEC 42001:2023](https://www.iso.org/standard/81230.html)**: International AI Management System standard — Annex A controls for AI system security, data quality, and responsible AI governance. Globally recognized for enterprise and regulatory procurement.
 
@@ -378,7 +380,7 @@ When a HIGH severity injection is detected:
 **Generated:** 2026-03-23T14:30:00.000Z
 **Source:** https://malicious.example.com
 **Overall Severity:** HIGH
-**Framework:** OWASP LLM Top 10 | NIST AI 600-1 | MITRE ATLAS | ISO/IEC 42001
+**Framework:** OWASP LLM Top 10 | NIST AI 600-1 | NIST AI RMF | NIST CSF 2.0 | MITRE ATLAS | ISO/IEC 42001
 
 ### Findings Summary
 | Severity | Count |
@@ -389,9 +391,9 @@ When a HIGH severity injection is detected:
 | 🟢 LOW | 0 |
 
 ### Findings Detail
-| # | Category | Severity | Confidence | OWASP | MITRE | ISO 42001 |
-|---|---|---|---|---|---|---|
-| 1 | role_hijacking | CRITICAL | 95% | LLM01:2025 | AML.T0051.000 | A.6.1.5 |
+| # | Category | Severity | Conf | OWASP | AI-RMF | CSF 2.0 | MITRE | ISO |
+|---|---|---|---|---|---|---|---|---|
+| 1 | role_hijacking | CRITICAL | 95% | LLM01:2025 | MEASURE-2.7 | DE.CM-01 | AML.T0051.000 | A.6.1.5 |
 
 ### Remediation Status
 ✅ All findings sanitized. Content delivered clean.

package/STATUS.md

@@ -1,9 +1,120 @@
 # Visus MCP - Project Status
 
-**Generated:** 2026-03-25
-**Version:** 0.8.0
+**Generated:** 2026-03-26
+**Version:** 0.9.0
 **Phase:** 3 (Anthropic Directory Prep)
-**Status:** ✅ **v0.8.0 COMPLETE** - PDF/JSON/SVG Content Handlers
+**Status:** ✅ **v0.9.0 COMPLETE** - NIST AI RMF & CSF 2.0 Framework Mappings
+
+---
+
+## v0.9.0 Release - NIST AI RMF & CSF 2.0 Framework Mappings
+
+**Status:** ✅ COMPLETE (Ready for release)
+**Type:** Feature enhancement - Expanded compliance framework support
+**Implemented:** 2026-03-26
+**Tests:** 294/294 passing (100%)
+
+### Features Added
+
+**NIST AI Risk Management Framework (AI RMF / AI 100-1) Mappings**
+- Added comprehensive mappings for all 43 injection patterns to NIST AI RMF controls
+- Maps threats to four core functions: GOVERN, MAP, MEASURE, and MANAGE
+- Examples:
+  - GOVERN-1.1: Legal and Regulatory Requirements
+  - MAP-4.1: Risk Mapping for AI Components
+  - MEASURE-2.7: AI System Security and Resilience
+  - MANAGE-2.3: Respond to Unknown Risks
+- Provides federal/government compliance alignment for procurement
+
+**NIST Cybersecurity Framework 2.0 (CSF 2.0) Mappings**
+- Added comprehensive mappings for all 43 injection patterns to CSF 2.0 controls
+- Maps threats to six core functions: IDENTIFY, PROTECT, DETECT, RESPOND, RECOVER, and GOVERN
+- Examples:
+  - DE.CM-01: Network Monitoring
+  - PR.DS-01: Data at Rest Protection
+  - PR.AC-04: Access Control Enforcement
+  - DE.AE-02: Anomaly Detection
+- Widely adopted enterprise cybersecurity framework for audit requirements
+
+**Enhanced Threat Reporting**
+- Expanded framework coverage from 4 to 6 compliance frameworks
+- Updated TOON format from 10 fields to 12 fields (added nist_ai_rmf, nist_csf_2_0)
+- Enhanced Markdown threat report table with new AI-RMF and CSF 2.0 columns
+- All threat reports now include comprehensive 6-framework alignment
+
+### Documentation Updates
+- Updated security badge to highlight NIST AI RMF and CSF 2.0
+- Updated all 4 MCP tool descriptions to reference 6 frameworks
+- Expanded "Framework Alignments" section with NIST AI RMF and CSF 2.0 descriptions
+- Updated example threat reports to show 9-column table format
+
+### Files Modified
+- `src/sanitizer/framework-mapper.ts` - Added nist_ai_rmf and nist_csf_2_0 fields, mappings for all 43 patterns
+- `src/sanitizer/threat-reporter.ts` - Updated ThreatFinding interface, TOON format, Markdown report
+- `README.md` - Updated badges, tool descriptions, framework alignments section, examples
+- `tests/threat-reporter.test.ts` - Updated to verify 6 frameworks and 12 TOON fields
+- `CHANGELOG.md` - Added v0.9.0 release notes
+
+### Why This Matters
+- **Federal/Government Procurement**: NIST AI RMF is widely adopted by U.S. federal agencies
+- **Enterprise Compliance**: CSF 2.0 is the de facto standard for cybersecurity audit requirements
+- **Natural Extension**: Builds on existing NIST AI 600-1 mapping infrastructure
+- **High Value, Easy Implementation**: Leveraged existing framework mapping system
+
+---
+
+## v0.8.1 Release - PDF Extraction Bug Fix
+
+**Status:** ✅ COMPLETE (Ready for release)
+**Type:** Critical bug fix
+**Implemented:** 2026-03-25
+**Tests:** 294/294 passing (100%)
+
+### Bug Fixed
+
+**PDF Text Extraction Returning Binary Data Instead of Text**
+
+**Root Cause:** `response.text()` in `src/browser/playwright-renderer.ts` was converting ALL response bodies to UTF-8 strings, including binary PDFs. This corrupted the binary data before it reached the pdf-parse library, causing the PDF handler to receive mangled strings instead of proper binary content.
+
+**Impact:** All PDF extractions failed, returning raw binary garbage like "%PDF-1.7..." instead of extracted text.
+
+**Fix:** Implemented content-type detection in the renderer to use `response.arrayBuffer()` for binary types and `response.text()` for text types.
+
+### Technical Details
+
+**Files Modified:**
+1. **src/types.ts** - Updated `BrowserRenderResult.html` from `string` to `string | Buffer`
+   - Added JSDoc explaining when Buffer is used (PDFs, images, binary content)
+
+2. **src/browser/playwright-renderer.ts** - Added binary content detection
+   - Checks Content-Type: `application/pdf`, `image/*`, `application/octet-stream`
+   - Binary types: `response.arrayBuffer()` → `Buffer.from(arrayBuffer)`
+   - Text types: `response.text()` → string (existing behavior)
+
+3. **src/tools/fetch.ts** - Added Buffer type guard
+   - Ensures Buffer content doesn't reach HTML/XML/RSS path (would cause errors)
+
+4. **src/tools/fetch-structured.ts** - Added Buffer rejection
+   - Structured extraction doesn't support binary types - returns clear error message
+
+5. **src/tools/read.ts** - Added Buffer rejection
+   - Reader mode (Readability) doesn't support binary types - returns clear error message
+
+**Verification:**
+- ✅ All 294 tests passing - zero regressions
+- ✅ Manual test with WAI dummy PDF: Text extraction working correctly
+- ✅ Metadata extraction working (Author, Creator, Producer fields)
+- ✅ Content is readable English, not binary garbage
+
+**Known Limitations:**
+- Some complex PDFs may fail with "Invalid Root reference" error
+- This is a limitation of the pdf-parse library (v2.4.5), not Visus
+- Simple to moderately complex PDFs work correctly
+
+**Documentation:**
+- Updated CHANGELOG.md with bug fix entry
+- Created TROUBLESHOOT-PDF-EXTRACTION-20260325-2040.md with full investigation log
+- Added inline comments explaining Buffer handling in all modified files
 
 ---
 
@@ -458,7 +569,7 @@ When prompt injection or PII is detected, Visus now automatically generates stru
 **Key Features:**
 - ✅ TOON-formatted findings array (token-efficient, machine-readable)
 - ✅ Markdown compliance report (human-readable, renders in Claude Desktop)
-- ✅ Four framework alignments: OWASP LLM Top 10, NIST AI 600-1, MITRE ATLAS, ISO/IEC 42001
+- ✅ Six framework alignments: OWASP LLM Top 10, NIST AI 600-1, NIST AI RMF, NIST CSF 2.0, MITRE ATLAS, ISO/IEC 42001
 - ✅ Severity classification (CRITICAL, HIGH, MEDIUM, LOW, CLEAN)
 - ✅ Zero overhead for clean pages (report omitted when no findings)
 - ✅ Aggregated reporting across multiple results (search, structured extraction)
@@ -484,6 +595,8 @@ When prompt injection or PII is detected, Visus now automatically generates stru
 **Framework Alignments:**
 - **OWASP LLM Top 10 (2025)**: Industry-standard LLM security risks
 - **NIST AI 600-1**: Generative AI Profile for risk management
+- **NIST AI RMF**: AI Risk Management Framework (AI 100-1) with GOVERN, MAP, MEASURE, MANAGE functions
+- **NIST CSF 2.0**: Cybersecurity Framework 2.0 with IDENTIFY, PROTECT, DETECT, RESPOND, RECOVER, GOVERN functions
 - **MITRE ATLAS**: Adversarial Threat Landscape for AI Systems
 - **ISO/IEC 42001:2023**: International AI Management System standard (Annex A controls)
 
@@ -1773,7 +1886,7 @@ npm URL:        https://www.npmjs.com/package/visus-mcp
 **Contact:** security@lateos.ai
 **Repository:** https://github.com/visus-mcp/visus-mcp
 **npm Package:** https://www.npmjs.com/package/visus-mcp
-**Installation:** `npm install -g visus-mcp@0.6.0` or `npx visus-mcp@0.6.0`
+**Installation:** `npm install -g visus-mcp@0.8.1` or `npx visus-mcp@0.8.1`
 
 ---
 
@@ -1790,7 +1903,8 @@ npm URL:        https://www.npmjs.com/package/visus-mcp
 **v0.5.0:** ✅ PUBLISHED TO NPM (Threat Reporting + ISO/IEC 42001 - 31 tests added)
 **v0.6.0:** ✅ PUBLISHED TO NPM (Content-Type Format Detection - 14 tests added)
 **v0.7.0:** ✅ COMPLETE (HITL Elicitation Bridge for CRITICAL threats - 30 tests added)
-**v0.8.0:** ✅ COMPLETE (PDF/JSON/SVG Content Handlers - 48 tests added)
+**v0.8.0:** ✅ PUBLISHED TO NPM (PDF/JSON/SVG Content Handlers - 48 tests added)
+**v0.8.1:** ✅ COMPLETE (PDF Extraction Bug Fix - binary content handling)
 **Security Audit:** ✅ COMPLETE + REMEDIATED (24 auth tests, 100% compliance)
 **Lambda Endpoint:** [API_ENDPOINT]
-**Latest Release:** v0.6.0 (2026-03-23)
+**Latest Release:** v0.8.0 (2026-03-25)

package/dist/browser/playwright-renderer.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"playwright-renderer.d.ts","sourceRoot":"","sources":["../../src/browser/playwright-renderer.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AAkN/D;;;;;;;;;;GAUG;AACH,wBAAsB,UAAU,CAC9B,GAAG,EAAE,MAAM,EACX,OAAO,GAAE;IACP,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,MAAM,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,UAAU,CAAC;CAClC,GACL,OAAO,CAAC,MAAM,CAAC,mBAAmB,EAAE,KAAK,CAAC,CAAC,CAuB7C;AAED;;;;;;GAMG;AACH,wBAAsB,QAAQ,CAC5B,GAAG,EAAE,MAAM,EACX,UAAU,SAAO,GAChB,OAAO,CAAC,MAAM,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC,CAwBjC;AAED;;;GAGG;AACH,wBAAsB,YAAY,IAAI,OAAO,CAAC,IAAI,CAAC,CAGlD"}
+{"version":3,"file":"playwright-renderer.d.ts","sourceRoot":"","sources":["../../src/browser/playwright-renderer.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AAyO/D;;;;;;;;;;GAUG;AACH,wBAAsB,UAAU,CAC9B,GAAG,EAAE,MAAM,EACX,OAAO,GAAE;IACP,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,MAAM,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,UAAU,CAAC;CAClC,GACL,OAAO,CAAC,MAAM,CAAC,mBAAmB,EAAE,KAAK,CAAC,CAAC,CAuB7C;AAED;;;;;;GAMG;AACH,wBAAsB,QAAQ,CAC5B,GAAG,EAAE,MAAM,EACX,UAAU,SAAO,GAChB,OAAO,CAAC,MAAM,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC,CAwBjC;AAED;;;GAGG;AACH,wBAAsB,YAAY,IAAI,OAAO,CAAC,IAAI,CAAC,CAGlD"}

package/dist/browser/playwright-renderer.js

@@ -88,6 +88,8 @@ async function renderWithLambda(url, timeout_ms) {
             return Err(new Error(`Lambda renderer error: ${body.error}`));
         }
         // Success response
+        // TODO: Lambda renderer needs PDF support - should return binary content as base64
+        // for application/pdf responses instead of always converting to HTML string
         return Ok({
             html: body.html,
             title: body.title,
@@ -127,15 +129,35 @@ async function renderWithFetch(url, timeout_ms) {
             if (!response.ok) {
                 return Err(new Error(`HTTP ${response.status}: ${response.statusText}`));
             }
-            const html = await response.text();
-            // Capture Content-Type header
+            // Capture Content-Type header before reading body
             const contentTypeHeader = response.headers.get('content-type');
             const contentType = contentTypeHeader
                 ? contentTypeHeader.split(';')[0].trim() // Remove charset and other params
                 : 'text/html'; // Default to HTML if missing
-            // Extract title using regex (simple fallback)
-            const titleMatch = html.match(/<title[^>]*>(.*?)<\/title>/i);
-            const title = titleMatch ? titleMatch[1].trim() : '';
+            // Read response body - use arrayBuffer() for binary types, text() for text types
+            // CRITICAL: pdf-parse requires original binary bytes, not UTF-8 string conversion
+            const isBinary = contentType === 'application/pdf' ||
+                contentType.startsWith('image/') ||
+                contentType.startsWith('application/octet-stream');
+            let html;
+            let title = '';
+            if (isBinary) {
+                // Binary content (PDF, images, etc.) - preserve byte integrity
+                const arrayBuffer = await response.arrayBuffer();
+                html = Buffer.from(arrayBuffer);
+                // Title extraction not meaningful for binary content
+                title = '';
+            }
+            else {
+                // Text content (HTML, JSON, etc.) - read as UTF-8 string
+                const textContent = await response.text();
+                html = textContent;
+                // Extract title using regex (HTML only)
+                if (contentType.includes('html')) {
+                    const titleMatch = textContent.match(/<title[^>]*>(.*?)<\/title>/i);
+                    title = titleMatch ? titleMatch[1].trim() : '';
+                }
+            }
             return Ok({
                 html,
                 title,

package/dist/browser/playwright-renderer.js.map

@@ -1 +1 @@
-{"version":3,"file":"playwright-renderer.js","sourceRoot":"","sources":["../../src/browser/playwright-renderer.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAGH,OAAO,EAAE,EAAE,EAAE,GAAG,EAAE,MAAM,aAAa,CAAC;AAEtC;;GAEG;AACH,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC;AAoBpD;;GAEG;AACH,SAAS,WAAW,CAAC,QAA4B,EAAE,GAAW;IAC5D,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC;QAC3B,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACnC,KAAK,EAAE,mBAAmB;QAC1B,QAAQ;QACR,GAAG;KACJ,CAAC,CAAC,CAAC;AACN,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,gBAAgB,CAC7B,EAAoB,EACpB,UAAkB,EAClB,cAAsB;IAEtB,IAAI,SAAgB,CAAC;IAErB,KAAK,IAAI,OAAO,GAAG,CAAC,EAAE,OAAO,GAAG,UAAU,EAAE,OAAO,EAAE,EAAE,CAAC;QACtD,IAAI,CAAC;YACH,OAAO,MAAM,EAAE,EAAE,CAAC;QACpB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,SAAS,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;YAEtE,IAAI,OAAO,GAAG,UAAU,GAAG,CAAC,EAAE,CAAC;gBAC7B,MAAM,OAAO,GAAG,cAAc,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;gBACtD,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC;oBAC3B,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;oBACnC,KAAK,EAAE,eAAe;oBACtB,OAAO,EAAE,OAAO,GAAG,CAAC;oBACpB,WAAW,EAAE,UAAU;oBACvB,QAAQ,EAAE,OAAO;oBACjB,KAAK,EAAE,SAAS,CAAC,OAAO;iBACzB,CAAC,CAAC,CAAC;gBAEJ,MAAM,IAAI,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC;YAC7D,CAAC;QACH,CAAC;IACH,CAAC;IAED,MAAM,SAAU,CAAC;AACnB,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,gBAAgB,CAC7B,GAAW,EACX,UAAkB;IAElB,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,OAAO,GAAG,CAAC,IAAI,KAAK,CAAC,mCAAmC,CAAC,CAAC,CAAC;IAC7D,CAAC;IAED,WAAW,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;IAE3B,IAAI,CAAC;QACH,2DAA2D;QAC3D,MAAM,QAAQ,GAAG,MAAM,gBAAgB,CAAC,KAAK,IAAI,EAAE;YACjD,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;YACzC,MAAM,SAAS,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,UAAU,GAAG,IAAI,CAAC,CAAC;YAE1E,IAAI,CAAC;gBACH,OAAO,MAAM,KAAK,CAAC,GAAG,YAAY,SAAS,EAAE;oBAC3C,MAAM,EAAE,MAAM;oBACd,OAAO,EAAE;wBACP,cAAc,EAAE,kBAAkB;qBACnC;oBACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;wBACnB,GAAG;wBACH,UAAU;wBACV,mBAAmB,EAAE,MAAM,EAAE,gBAAgB;qBAC9C,CAAC;oBACF,MAAM,EAAE,UAAU,CAAC,MAAM;iBAC1B,CAAC,CAAC;YACL,CAAC;oBAAS,CAAC;gBACT,YAAY,CAAC,SAAS,CAAC,CAAC;YAC1B,CAAC;QACH,CAAC,EAAE,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC,oCAAoC;QAEjD,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAA6C,CAAC;QAE9E,gCAAgC;QAChC,IAAI,OAAO,IAAI,IAAI,EAAE,CAAC;YACpB,OAAO,GAAG,CAAC,IAAI,KAAK,CAAC,0BAA0B,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;QAChE,CAAC;QAED,mBAAmB;QACnB,OAAO,EAAE,CAAC;YACR,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,GAAG;YACH,WAAW,EAAE,WAAW,EAAE,mCAAmC;YAC7D,IAAI,EAAE,SAAS,EAAE,uCAAuC;SACzD,CAAC,CAAC;IAEL,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,YAAY,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAE5E,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC;YAC3B,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,KAAK,EAAE,wBAAwB;YAC/B,GAAG;YACH,KAAK,EAAE,YAAY;SACpB,CAAC,CAAC,CAAC;QAEJ,OAAO,GAAG,CAAC,IAAI,KAAK,CAAC,2BAA2B,YAAY,EAAE,CAAC,CAAC,CAAC;IACnE,CAAC;AACH,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,eAAe,CAC5B,GAAW,EACX,UAAkB;IAElB,WAAW,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;IAE1B,IAAI,CAAC;QACH,kCAAkC;QAClC,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;QACzC,MAAM,SAAS,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,UAAU,CAAC,CAAC;QAEnE,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;gBAChC,MAAM,EAAE,KAAK;gBACb,OAAO,EAAE;oBACP,YAAY,EAAE,8FAA8F;iBAC7G;gBACD,MAAM,EAAE,UAAU,CAAC,MAAM;aAC1B,CAAC,CAAC;YAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBACjB,OAAO,GAAG,CAAC,IAAI,KAAK,CAAC,QAAQ,QAAQ,CAAC,MAAM,KAAK,QAAQ,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC;YAC3E,CAAC;YAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YAEnC,8BAA8B;YAC9B,MAAM,iBAAiB,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;YAC/D,MAAM,WAAW,GAAG,iBAAiB;gBACnC,CAAC,CAAC,iBAAiB,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAE,kCAAkC;gBAC5E,CAAC,CAAC,WAAW,CAAC,CAAC,6BAA6B;YAE9C,8CAA8C;YAC9C,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,6BAA6B,CAAC,CAAC;YAC7D,MAAM,KAAK,GAAG,UAAU,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAErD,OAAO,EAAE,CAAC;gBACR,IAAI;gBACJ,KAAK;gBACL,GAAG;gBACH,WAAW;gBACX,IAAI,EAAE,SAAS;aAChB,CAAC,CAAC;QAEL,CAAC;gBAAS,CAAC;YACT,YAAY,CAAC,SAAS,CAAC,CAAC;QAC1B,CAAC;IAEH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,KAAK,YAAY,KAAK,EAAE,CAAC;YAC3B,8BAA8B;YAC9B,IAAI,KAAK,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;gBAChC,OAAO,GAAG,CAAC,IAAI,KAAK,CAAC,4BAA4B,UAAU,IAAI,CAAC,CAAC,CAAC;YACpE,CAAC;YAED,wBAAwB;YACxB,IAAI,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,CAAC;gBAClF,OAAO,GAAG,CAAC,IAAI,KAAK,CAAC,kBAAkB,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;YAC3D,CAAC;YAED,OAAO,GAAG,CAAC,KAAK,CAAC,CAAC;QACpB,CAAC;QAED,OAAO,GAAG,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IACvC,CAAC;AACH,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,CAAC,KAAK,UAAU,UAAU,CAC9B,GAAW,EACX,UAGI,EAAE;IAEN,MAAM,OAAO,GAAG,OAAO,CAAC,UAAU,IAAI,KAAK,CAAC,CAAC,qBAAqB;IAElE,gDAAgD;IAChD,IAAI,YAAY,EAAE,CAAC;QACjB,MAAM,YAAY,GAAG,MAAM,gBAAgB,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;QAE1D,oCAAoC;QACpC,IAAI,YAAY,CAAC,EAAE,EAAE,CAAC;YACpB,OAAO,YAAY,CAAC;QACtB,CAAC;QAED,oDAAoD;QACpD,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC;YAC3B,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,KAAK,EAAE,0BAA0B;YACjC,GAAG;YACH,YAAY,EAAE,YAAY,CAAC,KAAK,CAAC,OAAO;SACzC,CAAC,CAAC,CAAC;IACN,CAAC;IAED,uCAAuC;IACvC,OAAO,MAAM,eAAe,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;AAC7C,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,QAAQ,CAC5B,GAAW,EACX,UAAU,GAAG,IAAI;IAEjB,IAAI,CAAC;QACH,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;QACzC,MAAM,SAAS,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,UAAU,CAAC,CAAC;QAEnE,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;gBAChC,MAAM,EAAE,MAAM;gBACd,MAAM,EAAE,UAAU,CAAC,MAAM;aAC1B,CAAC,CAAC;YAEH,kDAAkD;YAClD,MAAM,YAAY,GAAG,CAAC,QAAQ,CAAC,MAAM,IAAI,GAAG,IAAI,QAAQ,CAAC,MAAM,GAAG,GAAG,CAAC,CAAC;YAEvE,OAAO,EAAE,CAAC,YAAY,CAAC,CAAC;QAE1B,CAAC;gBAAS,CAAC;YACT,YAAY,CAAC,SAAS,CAAC,CAAC;QAC1B,CAAC;IAEH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,wBAAwB;QACxB,OAAO,EAAE,CAAC,KAAK,CAAC,CAAC;IACnB,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY;IAChC,iEAAiE;IACjE,6DAA6D;AAC/D,CAAC"}
+{"version":3,"file":"playwright-renderer.js","sourceRoot":"","sources":["../../src/browser/playwright-renderer.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAGH,OAAO,EAAE,EAAE,EAAE,GAAG,EAAE,MAAM,aAAa,CAAC;AAEtC;;GAEG;AACH,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC;AAoBpD;;GAEG;AACH,SAAS,WAAW,CAAC,QAA4B,EAAE,GAAW;IAC5D,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC;QAC3B,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACnC,KAAK,EAAE,mBAAmB;QAC1B,QAAQ;QACR,GAAG;KACJ,CAAC,CAAC,CAAC;AACN,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,gBAAgB,CAC7B,EAAoB,EACpB,UAAkB,EAClB,cAAsB;IAEtB,IAAI,SAAgB,CAAC;IAErB,KAAK,IAAI,OAAO,GAAG,CAAC,EAAE,OAAO,GAAG,UAAU,EAAE,OAAO,EAAE,EAAE,CAAC;QACtD,IAAI,CAAC;YACH,OAAO,MAAM,EAAE,EAAE,CAAC;QACpB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,SAAS,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;YAEtE,IAAI,OAAO,GAAG,UAAU,GAAG,CAAC,EAAE,CAAC;gBAC7B,MAAM,OAAO,GAAG,cAAc,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;gBACtD,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC;oBAC3B,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;oBACnC,KAAK,EAAE,eAAe;oBACtB,OAAO,EAAE,OAAO,GAAG,CAAC;oBACpB,WAAW,EAAE,UAAU;oBACvB,QAAQ,EAAE,OAAO;oBACjB,KAAK,EAAE,SAAS,CAAC,OAAO;iBACzB,CAAC,CAAC,CAAC;gBAEJ,MAAM,IAAI,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC;YAC7D,CAAC;QACH,CAAC;IACH,CAAC;IAED,MAAM,SAAU,CAAC;AACnB,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,gBAAgB,CAC7B,GAAW,EACX,UAAkB;IAElB,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,OAAO,GAAG,CAAC,IAAI,KAAK,CAAC,mCAAmC,CAAC,CAAC,CAAC;IAC7D,CAAC;IAED,WAAW,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;IAE3B,IAAI,CAAC;QACH,2DAA2D;QAC3D,MAAM,QAAQ,GAAG,MAAM,gBAAgB,CAAC,KAAK,IAAI,EAAE;YACjD,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;YACzC,MAAM,SAAS,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,UAAU,GAAG,IAAI,CAAC,CAAC;YAE1E,IAAI,CAAC;gBACH,OAAO,MAAM,KAAK,CAAC,GAAG,YAAY,SAAS,EAAE;oBAC3C,MAAM,EAAE,MAAM;oBACd,OAAO,EAAE;wBACP,cAAc,EAAE,kBAAkB;qBACnC;oBACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;wBACnB,GAAG;wBACH,UAAU;wBACV,mBAAmB,EAAE,MAAM,EAAE,gBAAgB;qBAC9C,CAAC;oBACF,MAAM,EAAE,UAAU,CAAC,MAAM;iBAC1B,CAAC,CAAC;YACL,CAAC;oBAAS,CAAC;gBACT,YAAY,CAAC,SAAS,CAAC,CAAC;YAC1B,CAAC;QACH,CAAC,EAAE,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC,oCAAoC;QAEjD,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAA6C,CAAC;QAE9E,gCAAgC;QAChC,IAAI,OAAO,IAAI,IAAI,EAAE,CAAC;YACpB,OAAO,GAAG,CAAC,IAAI,KAAK,CAAC,0BAA0B,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;QAChE,CAAC;QAED,mBAAmB;QACnB,mFAAmF;QACnF,4EAA4E;QAC5E,OAAO,EAAE,CAAC;YACR,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,GAAG;YACH,WAAW,EAAE,WAAW,EAAE,mCAAmC;YAC7D,IAAI,EAAE,SAAS,EAAE,uCAAuC;SACzD,CAAC,CAAC;IAEL,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,YAAY,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAE5E,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC;YAC3B,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,KAAK,EAAE,wBAAwB;YAC/B,GAAG;YACH,KAAK,EAAE,YAAY;SACpB,CAAC,CAAC,CAAC;QAEJ,OAAO,GAAG,CAAC,IAAI,KAAK,CAAC,2BAA2B,YAAY,EAAE,CAAC,CAAC,CAAC;IACnE,CAAC;AACH,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,eAAe,CAC5B,GAAW,EACX,UAAkB;IAElB,WAAW,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;IAE1B,IAAI,CAAC;QACH,kCAAkC;QAClC,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;QACzC,MAAM,SAAS,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,UAAU,CAAC,CAAC;QAEnE,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;gBAChC,MAAM,EAAE,KAAK;gBACb,OAAO,EAAE;oBACP,YAAY,EAAE,8FAA8F;iBAC7G;gBACD,MAAM,EAAE,UAAU,CAAC,MAAM;aAC1B,CAAC,CAAC;YAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBACjB,OAAO,GAAG,CAAC,IAAI,KAAK,CAAC,QAAQ,QAAQ,CAAC,MAAM,KAAK,QAAQ,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC;YAC3E,CAAC;YAED,kDAAkD;YAClD,MAAM,iBAAiB,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;YAC/D,MAAM,WAAW,GAAG,iBAAiB;gBACnC,CAAC,CAAC,iBAAiB,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAE,kCAAkC;gBAC5E,CAAC,CAAC,WAAW,CAAC,CAAC,6BAA6B;YAE9C,iFAAiF;YACjF,kFAAkF;YAClF,MAAM,QAAQ,GAAG,WAAW,KAAK,iBAAiB;gBAClC,WAAW,CAAC,UAAU,CAAC,QAAQ,CAAC;gBAChC,WAAW,CAAC,UAAU,CAAC,0BAA0B,CAAC,CAAC;YAEnE,IAAI,IAAqB,CAAC;YAC1B,IAAI,KAAK,GAAG,EAAE,CAAC;YAEf,IAAI,QAAQ,EAAE,CAAC;gBACb,+DAA+D;gBAC/D,MAAM,WAAW,GAAG,MAAM,QAAQ,CAAC,WAAW,EAAE,CAAC;gBACjD,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;gBAChC,qDAAqD;gBACrD,KAAK,GAAG,EAAE,CAAC;YACb,CAAC;iBAAM,CAAC;gBACN,yDAAyD;gBACzD,MAAM,WAAW,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;gBAC1C,IAAI,GAAG,WAAW,CAAC;gBAEnB,wCAAwC;gBACxC,IAAI,WAAW,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;oBACjC,MAAM,UAAU,GAAG,WAAW,CAAC,KAAK,CAAC,6BAA6B,CAAC,CAAC;oBACpE,KAAK,GAAG,UAAU,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;gBACjD,CAAC;YACH,CAAC;YAED,OAAO,EAAE,CAAC;gBACR,IAAI;gBACJ,KAAK;gBACL,GAAG;gBACH,WAAW;gBACX,IAAI,EAAE,SAAS;aAChB,CAAC,CAAC;QAEL,CAAC;gBAAS,CAAC;YACT,YAAY,CAAC,SAAS,CAAC,CAAC;QAC1B,CAAC;IAEH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,KAAK,YAAY,KAAK,EAAE,CAAC;YAC3B,8BAA8B;YAC9B,IAAI,KAAK,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;gBAChC,OAAO,GAAG,CAAC,IAAI,KAAK,CAAC,4BAA4B,UAAU,IAAI,CAAC,CAAC,CAAC;YACpE,CAAC;YAED,wBAAwB;YACxB,IAAI,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,CAAC;gBAClF,OAAO,GAAG,CAAC,IAAI,KAAK,CAAC,kBAAkB,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;YAC3D,CAAC;YAED,OAAO,GAAG,CAAC,KAAK,CAAC,CAAC;QACpB,CAAC;QAED,OAAO,GAAG,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IACvC,CAAC;AACH,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,CAAC,KAAK,UAAU,UAAU,CAC9B,GAAW,EACX,UAGI,EAAE;IAEN,MAAM,OAAO,GAAG,OAAO,CAAC,UAAU,IAAI,KAAK,CAAC,CAAC,qBAAqB;IAElE,gDAAgD;IAChD,IAAI,YAAY,EAAE,CAAC;QACjB,MAAM,YAAY,GAAG,MAAM,gBAAgB,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;QAE1D,oCAAoC;QACpC,IAAI,YAAY,CAAC,EAAE,EAAE,CAAC;YACpB,OAAO,YAAY,CAAC;QACtB,CAAC;QAED,oDAAoD;QACpD,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC;YAC3B,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,KAAK,EAAE,0BAA0B;YACjC,GAAG;YACH,YAAY,EAAE,YAAY,CAAC,KAAK,CAAC,OAAO;SACzC,CAAC,CAAC,CAAC;IACN,CAAC;IAED,uCAAuC;IACvC,OAAO,MAAM,eAAe,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;AAC7C,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,QAAQ,CAC5B,GAAW,EACX,UAAU,GAAG,IAAI;IAEjB,IAAI,CAAC;QACH,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;QACzC,MAAM,SAAS,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,UAAU,CAAC,CAAC;QAEnE,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;gBAChC,MAAM,EAAE,MAAM;gBACd,MAAM,EAAE,UAAU,CAAC,MAAM;aAC1B,CAAC,CAAC;YAEH,kDAAkD;YAClD,MAAM,YAAY,GAAG,CAAC,QAAQ,CAAC,MAAM,IAAI,GAAG,IAAI,QAAQ,CAAC,MAAM,GAAG,GAAG,CAAC,CAAC;YAEvE,OAAO,EAAE,CAAC,YAAY,CAAC,CAAC;QAE1B,CAAC;gBAAS,CAAC;YACT,YAAY,CAAC,SAAS,CAAC,CAAC;QAC1B,CAAC;IAEH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,wBAAwB;QACxB,OAAO,EAAE,CAAC,KAAK,CAAC,CAAC;IACnB,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY;IAChC,iEAAiE;IACjE,6DAA6D;AAC/D,CAAC"}

package/dist/sanitizer/framework-mapper.d.ts

@@ -4,12 +4,16 @@
  * Maps injection pattern categories to compliance framework identifiers:
  * - OWASP LLM Top 10 (2025)
  * - NIST AI 600-1 (Generative AI Profile)
+ * - NIST AI RMF (AI Risk Management Framework - AI 100-1)
+ * - NIST CSF 2.0 (Cybersecurity Framework 2.0)
  * - MITRE ATLAS (Adversarial Threat Landscape for AI Systems)
  * - ISO/IEC 42001:2023 (AI Management System - Annex A Controls)
  */
 export interface FrameworkMappings {
     owasp_llm: string;
     nist_ai_600_1: string;
+    nist_ai_rmf: string;
+    nist_csf_2_0: string;
     mitre_atlas: string;
     iso_42001: string;
 }

package/dist/sanitizer/framework-mapper.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"framework-mapper.d.ts","sourceRoot":"","sources":["../../src/sanitizer/framework-mapper.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,MAAM,WAAW,iBAAiB;IAChC,SAAS,EAAE,MAAM,CAAC;IAClB,aAAa,EAAE,MAAM,CAAC;IACtB,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;CACnB;AAyWD;;GAEG;AACH,wBAAgB,oBAAoB,CAAC,eAAe,EAAE,MAAM,GAAG,iBAAiB,CAE/E;AAED;;GAEG;AACH,wBAAgB,sBAAsB,IAAI,MAAM,EAAE,CAOjD"}
+{"version":3,"file":"framework-mapper.d.ts","sourceRoot":"","sources":["../../src/sanitizer/framework-mapper.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,MAAM,WAAW,iBAAiB;IAChC,SAAS,EAAE,MAAM,CAAC;IAClB,aAAa,EAAE,MAAM,CAAC;IACtB,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;IACrB,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;CACnB;AAicD;;GAEG;AACH,wBAAgB,oBAAoB,CAAC,eAAe,EAAE,MAAM,GAAG,iBAAiB,CAE/E;AAED;;GAEG;AACH,wBAAgB,sBAAsB,IAAI,MAAM,EAAE,CASjD"}