visus-mcp 0.8.0 → 0.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (36) hide show
  1. package/.claude/settings.local.json +10 -1
  2. package/CHANGELOG.md +45 -0
  3. package/README.md +14 -12
  4. package/STATUS.md +121 -7
  5. package/dist/browser/playwright-renderer.d.ts.map +1 -1
  6. package/dist/browser/playwright-renderer.js +27 -5
  7. package/dist/browser/playwright-renderer.js.map +1 -1
  8. package/dist/sanitizer/framework-mapper.d.ts +4 -0
  9. package/dist/sanitizer/framework-mapper.d.ts.map +1 -1
  10. package/dist/sanitizer/framework-mapper.js +92 -0
  11. package/dist/sanitizer/framework-mapper.js.map +1 -1
  12. package/dist/sanitizer/threat-reporter.d.ts +5 -0
  13. package/dist/sanitizer/threat-reporter.d.ts.map +1 -1
  14. package/dist/sanitizer/threat-reporter.js +15 -6
  15. package/dist/sanitizer/threat-reporter.js.map +1 -1
  16. package/dist/tools/fetch-structured.d.ts.map +1 -1
  17. package/dist/tools/fetch-structured.js +4 -0
  18. package/dist/tools/fetch-structured.js.map +1 -1
  19. package/dist/tools/fetch.d.ts.map +1 -1
  20. package/dist/tools/fetch.js +6 -0
  21. package/dist/tools/fetch.js.map +1 -1
  22. package/dist/tools/read.d.ts.map +1 -1
  23. package/dist/tools/read.js +4 -0
  24. package/dist/tools/read.js.map +1 -1
  25. package/dist/types.d.ts +9 -1
  26. package/dist/types.d.ts.map +1 -1
  27. package/dist/types.js.map +1 -1
  28. package/package.json +1 -1
  29. package/server.json +25 -14
  30. package/src/browser/playwright-renderer.ts +29 -6
  31. package/src/sanitizer/framework-mapper.ts +94 -0
  32. package/src/sanitizer/threat-reporter.ts +17 -6
  33. package/src/tools/fetch-structured.ts +5 -0
  34. package/src/tools/fetch.ts +7 -0
  35. package/src/tools/read.ts +5 -0
  36. package/src/types.ts +9 -1
@@ -4,6 +4,8 @@
4
4
  * Maps injection pattern categories to compliance framework identifiers:
5
5
  * - OWASP LLM Top 10 (2025)
6
6
  * - NIST AI 600-1 (Generative AI Profile)
7
+ * - NIST AI RMF (AI Risk Management Framework - AI 100-1)
8
+ * - NIST CSF 2.0 (Cybersecurity Framework 2.0)
7
9
  * - MITRE ATLAS (Adversarial Threat Landscape for AI Systems)
8
10
  * - ISO/IEC 42001:2023 (AI Management System - Annex A Controls)
9
11
  */
@@ -11,6 +13,8 @@
11
13
  export interface FrameworkMappings {
12
14
  owasp_llm: string;
13
15
  nist_ai_600_1: string;
16
+ nist_ai_rmf: string;
17
+ nist_csf_2_0: string;
14
18
  mitre_atlas: string;
15
19
  iso_42001: string;
16
20
  }
@@ -23,6 +27,8 @@ const FRAMEWORK_MAP: Record<string, FrameworkMappings> = {
23
27
  direct_instruction_injection: {
24
28
  owasp_llm: 'LLM01:2025 - Prompt Injection',
25
29
  nist_ai_600_1: 'MS-2.5 - Prompt Injection',
30
+ nist_ai_rmf: 'MEASURE-2.7 - AI System Security and Resilience',
31
+ nist_csf_2_0: 'DE.CM-01 - Network Monitoring',
26
32
  mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection',
27
33
  iso_42001: 'A.6.1.5 - AI System Security (Adversarial Input)'
28
34
  },
@@ -31,6 +37,8 @@ const FRAMEWORK_MAP: Record<string, FrameworkMappings> = {
31
37
  role_hijacking: {
32
38
  owasp_llm: 'LLM01:2025 - Prompt Injection',
33
39
  nist_ai_600_1: 'MS-2.5 - Prompt Injection',
40
+ nist_ai_rmf: 'MEASURE-2.7 - AI System Security and Resilience',
41
+ nist_csf_2_0: 'DE.CM-01 - Network Monitoring',
34
42
  mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection',
35
43
  iso_42001: 'A.6.1.5 - AI System Security (Adversarial Input)'
36
44
  },
@@ -39,6 +47,8 @@ const FRAMEWORK_MAP: Record<string, FrameworkMappings> = {
39
47
  system_prompt_extraction: {
40
48
  owasp_llm: 'LLM02:2025 - Sensitive Information Disclosure',
41
49
  nist_ai_600_1: 'MS-2.6 - Data Disclosure',
50
+ nist_ai_rmf: 'MEASURE-2.7 - AI System Security and Resilience',
51
+ nist_csf_2_0: 'PR.DS-01 - Data at Rest Protection',
42
52
  mitre_atlas: 'AML.T0048 - External Harms',
43
53
  iso_42001: 'A.6.1.5 - AI System Security (Adversarial Input)'
44
54
  },
@@ -47,6 +57,8 @@ const FRAMEWORK_MAP: Record<string, FrameworkMappings> = {
47
57
  privilege_escalation: {
48
58
  owasp_llm: 'LLM08:2025 - Excessive Agency',
49
59
  nist_ai_600_1: 'GV-1.1 - Policies and Procedures',
60
+ nist_ai_rmf: 'GOVERN-1.1 - Legal and Regulatory Requirements',
61
+ nist_csf_2_0: 'PR.AC-04 - Access Control Enforcement',
50
62
  mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection',
51
63
  iso_42001: 'A.6.1.5 - AI System Security (Adversarial Input)'
52
64
  },
@@ -55,6 +67,8 @@ const FRAMEWORK_MAP: Record<string, FrameworkMappings> = {
55
67
  context_poisoning: {
56
68
  owasp_llm: 'LLM01:2025 - Prompt Injection',
57
69
  nist_ai_600_1: 'MS-2.5 - Prompt Injection',
70
+ nist_ai_rmf: 'MAP-5.1 - Impact Likelihood and Magnitude',
71
+ nist_csf_2_0: 'PR.DS-06 - Integrity Verification',
58
72
  mitre_atlas: 'AML.T0051.001 - LLM Prompt Injection: Indirect',
59
73
  iso_42001: 'A.7.2 - Data Quality'
60
74
  },
@@ -63,6 +77,8 @@ const FRAMEWORK_MAP: Record<string, FrameworkMappings> = {
63
77
  data_exfiltration: {
64
78
  owasp_llm: 'LLM02:2025 - Sensitive Information Disclosure',
65
79
  nist_ai_600_1: 'MS-2.6 - Data Disclosure',
80
+ nist_ai_rmf: 'MANAGE-2.3 - Respond to Unknown Risks',
81
+ nist_csf_2_0: 'DE.AE-02 - Anomaly Detection',
66
82
  mitre_atlas: 'AML.T0048 - External Harms',
67
83
  iso_42001: 'A.7.5 - Data Provenance / A.8.2 - Information to Users'
68
84
  },
@@ -71,6 +87,8 @@ const FRAMEWORK_MAP: Record<string, FrameworkMappings> = {
71
87
  base64_obfuscation: {
72
88
  owasp_llm: 'LLM01:2025 - Prompt Injection',
73
89
  nist_ai_600_1: 'MS-2.5 - Prompt Injection',
90
+ nist_ai_rmf: 'MAP-4.1 - Risk Mapping for AI Components',
91
+ nist_csf_2_0: 'PR.DS-02 - Data-in-Transit Protection',
74
92
  mitre_atlas: 'AML.T0051.001 - LLM Prompt Injection: Indirect',
75
93
  iso_42001: 'A.7.4 - Data Preparation'
76
94
  },
@@ -79,6 +97,8 @@ const FRAMEWORK_MAP: Record<string, FrameworkMappings> = {
79
97
  unicode_lookalikes: {
80
98
  owasp_llm: 'LLM01:2025 - Prompt Injection',
81
99
  nist_ai_600_1: 'MS-2.5 - Prompt Injection',
100
+ nist_ai_rmf: 'MAP-4.1 - Risk Mapping for AI Components',
101
+ nist_csf_2_0: 'PR.DS-02 - Data-in-Transit Protection',
82
102
  mitre_atlas: 'AML.T0051.001 - LLM Prompt Injection: Indirect',
83
103
  iso_42001: 'A.7.4 - Data Preparation'
84
104
  },
@@ -87,6 +107,8 @@ const FRAMEWORK_MAP: Record<string, FrameworkMappings> = {
87
107
  zero_width_characters: {
88
108
  owasp_llm: 'LLM01:2025 - Prompt Injection',
89
109
  nist_ai_600_1: 'MS-2.5 - Prompt Injection',
110
+ nist_ai_rmf: 'MAP-4.1 - Risk Mapping for AI Components',
111
+ nist_csf_2_0: 'PR.DS-02 - Data-in-Transit Protection',
90
112
  mitre_atlas: 'AML.T0051.001 - LLM Prompt Injection: Indirect',
91
113
  iso_42001: 'A.7.4 - Data Preparation'
92
114
  },
@@ -95,6 +117,8 @@ const FRAMEWORK_MAP: Record<string, FrameworkMappings> = {
95
117
  html_script_injection: {
96
118
  owasp_llm: 'LLM01:2025 - Prompt Injection',
97
119
  nist_ai_600_1: 'MS-2.5 - Prompt Injection',
120
+ nist_ai_rmf: 'MEASURE-2.7 - AI System Security and Resilience',
121
+ nist_csf_2_0: 'PR.DS-05 - Data-in-Transit Protection',
98
122
  mitre_atlas: 'AML.T0051.001 - LLM Prompt Injection: Indirect',
99
123
  iso_42001: 'A.6.1.5 - AI System Security (Adversarial Input)'
100
124
  },
@@ -103,6 +127,8 @@ const FRAMEWORK_MAP: Record<string, FrameworkMappings> = {
103
127
  data_uri_injection: {
104
128
  owasp_llm: 'LLM01:2025 - Prompt Injection',
105
129
  nist_ai_600_1: 'MS-2.5 - Prompt Injection',
130
+ nist_ai_rmf: 'MEASURE-2.7 - AI System Security and Resilience',
131
+ nist_csf_2_0: 'PR.DS-05 - Data-in-Transit Protection',
106
132
  mitre_atlas: 'AML.T0051.001 - LLM Prompt Injection: Indirect',
107
133
  iso_42001: 'A.6.1.5 - AI System Security (Adversarial Input)'
108
134
  },
@@ -111,6 +137,8 @@ const FRAMEWORK_MAP: Record<string, FrameworkMappings> = {
111
137
  markdown_link_injection: {
112
138
  owasp_llm: 'LLM01:2025 - Prompt Injection',
113
139
  nist_ai_600_1: 'MS-2.5 - Prompt Injection',
140
+ nist_ai_rmf: 'MEASURE-2.7 - AI System Security and Resilience',
141
+ nist_csf_2_0: 'PR.DS-05 - Data-in-Transit Protection',
114
142
  mitre_atlas: 'AML.T0051.001 - LLM Prompt Injection: Indirect',
115
143
  iso_42001: 'A.6.1.5 - AI System Security (Adversarial Input)'
116
144
  },
@@ -119,6 +147,8 @@ const FRAMEWORK_MAP: Record<string, FrameworkMappings> = {
119
147
  url_fragment_hashjack: {
120
148
  owasp_llm: 'LLM01:2025 - Prompt Injection',
121
149
  nist_ai_600_1: 'MS-2.5 - Prompt Injection',
150
+ nist_ai_rmf: 'MAP-4.1 - Risk Mapping for AI Components',
151
+ nist_csf_2_0: 'PR.DS-05 - Data-in-Transit Protection',
122
152
  mitre_atlas: 'AML.T0051.001 - LLM Prompt Injection: Indirect',
123
153
  iso_42001: 'A.6.1.5 - AI System Security (Adversarial Input)'
124
154
  },
@@ -127,6 +157,8 @@ const FRAMEWORK_MAP: Record<string, FrameworkMappings> = {
127
157
  social_engineering_urgency: {
128
158
  owasp_llm: 'LLM01:2025 - Prompt Injection',
129
159
  nist_ai_600_1: 'MS-2.5 - Prompt Injection',
160
+ nist_ai_rmf: 'GOVERN-2.2 - Personnel Training',
161
+ nist_csf_2_0: 'PR.AT-01 - Awareness Training',
130
162
  mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection',
131
163
  iso_42001: 'A.5.3 - AI Awareness and Training'
132
164
  },
@@ -135,6 +167,8 @@ const FRAMEWORK_MAP: Record<string, FrameworkMappings> = {
135
167
  instruction_delimiter_injection: {
136
168
  owasp_llm: 'LLM01:2025 - Prompt Injection',
137
169
  nist_ai_600_1: 'MS-2.5 - Prompt Injection',
170
+ nist_ai_rmf: 'MEASURE-2.7 - AI System Security and Resilience',
171
+ nist_csf_2_0: 'DE.CM-01 - Network Monitoring',
138
172
  mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection',
139
173
  iso_42001: 'A.6.1.5 - AI System Security (Adversarial Input)'
140
174
  },
@@ -143,6 +177,8 @@ const FRAMEWORK_MAP: Record<string, FrameworkMappings> = {
143
177
  multi_language_obfuscation: {
144
178
  owasp_llm: 'LLM01:2025 - Prompt Injection',
145
179
  nist_ai_600_1: 'MS-2.5 - Prompt Injection',
180
+ nist_ai_rmf: 'MAP-4.1 - Risk Mapping for AI Components',
181
+ nist_csf_2_0: 'PR.DS-02 - Data-in-Transit Protection',
146
182
  mitre_atlas: 'AML.T0051.001 - LLM Prompt Injection: Indirect',
147
183
  iso_42001: 'A.7.4 - Data Preparation'
148
184
  },
@@ -151,6 +187,8 @@ const FRAMEWORK_MAP: Record<string, FrameworkMappings> = {
151
187
  reverse_text_obfuscation: {
152
188
  owasp_llm: 'LLM01:2025 - Prompt Injection',
153
189
  nist_ai_600_1: 'MS-2.5 - Prompt Injection',
190
+ nist_ai_rmf: 'MAP-4.1 - Risk Mapping for AI Components',
191
+ nist_csf_2_0: 'PR.DS-02 - Data-in-Transit Protection',
154
192
  mitre_atlas: 'AML.T0051.001 - LLM Prompt Injection: Indirect',
155
193
  iso_42001: 'A.7.4 - Data Preparation'
156
194
  },
@@ -159,6 +197,8 @@ const FRAMEWORK_MAP: Record<string, FrameworkMappings> = {
159
197
  leetspeak_obfuscation: {
160
198
  owasp_llm: 'LLM01:2025 - Prompt Injection',
161
199
  nist_ai_600_1: 'MS-2.5 - Prompt Injection',
200
+ nist_ai_rmf: 'MAP-4.1 - Risk Mapping for AI Components',
201
+ nist_csf_2_0: 'PR.DS-02 - Data-in-Transit Protection',
162
202
  mitre_atlas: 'AML.T0051.001 - LLM Prompt Injection: Indirect',
163
203
  iso_42001: 'A.7.4 - Data Preparation'
164
204
  },
@@ -167,6 +207,8 @@ const FRAMEWORK_MAP: Record<string, FrameworkMappings> = {
167
207
  jailbreak_keywords: {
168
208
  owasp_llm: 'LLM01:2025 - Prompt Injection',
169
209
  nist_ai_600_1: 'MS-2.5 - Prompt Injection',
210
+ nist_ai_rmf: 'MEASURE-2.7 - AI System Security and Resilience',
211
+ nist_csf_2_0: 'DE.CM-01 - Network Monitoring',
170
212
  mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection',
171
213
  iso_42001: 'A.6.1.5 - AI System Security (Adversarial Input)'
172
214
  },
@@ -175,6 +217,8 @@ const FRAMEWORK_MAP: Record<string, FrameworkMappings> = {
175
217
  token_smuggling: {
176
218
  owasp_llm: 'LLM01:2025 - Prompt Injection',
177
219
  nist_ai_600_1: 'MS-2.5 - Prompt Injection',
220
+ nist_ai_rmf: 'MEASURE-2.7 - AI System Security and Resilience',
221
+ nist_csf_2_0: 'DE.CM-01 - Network Monitoring',
178
222
  mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection',
179
223
  iso_42001: 'A.7.4 - Data Preparation'
180
224
  },
@@ -183,6 +227,8 @@ const FRAMEWORK_MAP: Record<string, FrameworkMappings> = {
183
227
  system_message_injection: {
184
228
  owasp_llm: 'LLM01:2025 - Prompt Injection',
185
229
  nist_ai_600_1: 'MS-2.5 - Prompt Injection',
230
+ nist_ai_rmf: 'MEASURE-2.7 - AI System Security and Resilience',
231
+ nist_csf_2_0: 'DE.CM-01 - Network Monitoring',
186
232
  mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection',
187
233
  iso_42001: 'A.6.1.5 - AI System Security (Adversarial Input)'
188
234
  },
@@ -191,6 +237,8 @@ const FRAMEWORK_MAP: Record<string, FrameworkMappings> = {
191
237
  conversation_reset: {
192
238
  owasp_llm: 'LLM01:2025 - Prompt Injection',
193
239
  nist_ai_600_1: 'MS-2.5 - Prompt Injection',
240
+ nist_ai_rmf: 'MANAGE-4.3 - Incident Communication',
241
+ nist_csf_2_0: 'DE.AE-01 - Baseline Establishment',
194
242
  mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection',
195
243
  iso_42001: 'A.6.2.6 - Logging and Monitoring'
196
244
  },
@@ -199,6 +247,8 @@ const FRAMEWORK_MAP: Record<string, FrameworkMappings> = {
199
247
  memory_manipulation: {
200
248
  owasp_llm: 'LLM01:2025 - Prompt Injection',
201
249
  nist_ai_600_1: 'MS-2.5 - Prompt Injection',
250
+ nist_ai_rmf: 'MAP-5.1 - Impact Likelihood and Magnitude',
251
+ nist_csf_2_0: 'PR.DS-06 - Integrity Verification',
202
252
  mitre_atlas: 'AML.T0051.001 - LLM Prompt Injection: Indirect',
203
253
  iso_42001: 'A.6.2.6 - Logging and Monitoring'
204
254
  },
@@ -207,6 +257,8 @@ const FRAMEWORK_MAP: Record<string, FrameworkMappings> = {
207
257
  capability_probing: {
208
258
  owasp_llm: 'LLM08:2025 - Excessive Agency',
209
259
  nist_ai_600_1: 'GV-1.1 - Policies and Procedures',
260
+ nist_ai_rmf: 'GOVERN-1.1 - Legal and Regulatory Requirements',
261
+ nist_csf_2_0: 'ID.AM-01 - Asset Inventory',
210
262
  mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection',
211
263
  iso_42001: 'A.6.1.2 - AI System Operational Procedures'
212
264
  },
@@ -215,6 +267,8 @@ const FRAMEWORK_MAP: Record<string, FrameworkMappings> = {
215
267
  chain_of_thought_manipulation: {
216
268
  owasp_llm: 'LLM01:2025 - Prompt Injection',
217
269
  nist_ai_600_1: 'MS-2.5 - Prompt Injection',
270
+ nist_ai_rmf: 'MEASURE-2.7 - AI System Security and Resilience',
271
+ nist_csf_2_0: 'DE.CM-01 - Network Monitoring',
218
272
  mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection',
219
273
  iso_42001: 'A.6.1.5 - AI System Security (Adversarial Input)'
220
274
  },
@@ -223,6 +277,8 @@ const FRAMEWORK_MAP: Record<string, FrameworkMappings> = {
223
277
  hypothetical_scenario_injection: {
224
278
  owasp_llm: 'LLM01:2025 - Prompt Injection',
225
279
  nist_ai_600_1: 'MS-2.5 - Prompt Injection',
280
+ nist_ai_rmf: 'MEASURE-2.7 - AI System Security and Resilience',
281
+ nist_csf_2_0: 'DE.CM-01 - Network Monitoring',
226
282
  mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection',
227
283
  iso_42001: 'A.6.1.5 - AI System Security (Adversarial Input)'
228
284
  },
@@ -231,6 +287,8 @@ const FRAMEWORK_MAP: Record<string, FrameworkMappings> = {
231
287
  ethical_override: {
232
288
  owasp_llm: 'LLM08:2025 - Excessive Agency',
233
289
  nist_ai_600_1: 'GV-1.1 - Policies and Procedures',
290
+ nist_ai_rmf: 'GOVERN-1.1 - Legal and Regulatory Requirements',
291
+ nist_csf_2_0: 'GV.PO-01 - Policy Establishment',
234
292
  mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection',
235
293
  iso_42001: 'A.2.2 - Responsible AI Policies'
236
294
  },
@@ -239,6 +297,8 @@ const FRAMEWORK_MAP: Record<string, FrameworkMappings> = {
239
297
  output_format_manipulation: {
240
298
  owasp_llm: 'LLM01:2025 - Prompt Injection',
241
299
  nist_ai_600_1: 'MS-2.5 - Prompt Injection',
300
+ nist_ai_rmf: 'MAP-4.2 - Internal Controls Identification',
301
+ nist_csf_2_0: 'PR.DS-06 - Integrity Verification',
242
302
  mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection',
243
303
  iso_42001: 'A.6.1.2 - AI System Operational Procedures'
244
304
  },
@@ -247,6 +307,8 @@ const FRAMEWORK_MAP: Record<string, FrameworkMappings> = {
247
307
  negative_instruction: {
248
308
  owasp_llm: 'LLM01:2025 - Prompt Injection',
249
309
  nist_ai_600_1: 'MS-2.5 - Prompt Injection',
310
+ nist_ai_rmf: 'MEASURE-2.7 - AI System Security and Resilience',
311
+ nist_csf_2_0: 'DE.CM-01 - Network Monitoring',
250
312
  mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection',
251
313
  iso_42001: 'A.6.1.2 - AI System Operational Procedures'
252
314
  },
@@ -255,6 +317,8 @@ const FRAMEWORK_MAP: Record<string, FrameworkMappings> = {
255
317
  credential_harvesting: {
256
318
  owasp_llm: 'LLM02:2025 - Sensitive Information Disclosure',
257
319
  nist_ai_600_1: 'MS-2.6 - Data Disclosure',
320
+ nist_ai_rmf: 'MANAGE-2.3 - Respond to Unknown Risks',
321
+ nist_csf_2_0: 'PR.AC-01 - Identity Management',
258
322
  mitre_atlas: 'AML.T0048 - External Harms',
259
323
  iso_42001: 'A.7.5 - Data Provenance / A.6.1.5 - AI System Security'
260
324
  },
@@ -263,6 +327,8 @@ const FRAMEWORK_MAP: Record<string, FrameworkMappings> = {
263
327
  time_based_triggers: {
264
328
  owasp_llm: 'LLM01:2025 - Prompt Injection',
265
329
  nist_ai_600_1: 'MS-2.5 - Prompt Injection',
330
+ nist_ai_rmf: 'MEASURE-3.1 - Risk Monitoring',
331
+ nist_csf_2_0: 'DE.CM-03 - User Activity Monitoring',
266
332
  mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection',
267
333
  iso_42001: 'A.6.2.6 - Logging and Monitoring'
268
334
  },
@@ -271,6 +337,8 @@ const FRAMEWORK_MAP: Record<string, FrameworkMappings> = {
271
337
  code_execution_requests: {
272
338
  owasp_llm: 'LLM08:2025 - Excessive Agency',
273
339
  nist_ai_600_1: 'GV-1.1 - Policies and Procedures',
340
+ nist_ai_rmf: 'GOVERN-1.3 - Risk Tolerance',
341
+ nist_csf_2_0: 'PR.AC-04 - Access Control Enforcement',
274
342
  mitre_atlas: 'AML.T0048 - External Harms',
275
343
  iso_42001: 'A.9.3 - Intended Use Boundaries'
276
344
  },
@@ -279,6 +347,8 @@ const FRAMEWORK_MAP: Record<string, FrameworkMappings> = {
279
347
  file_system_access: {
280
348
  owasp_llm: 'LLM08:2025 - Excessive Agency',
281
349
  nist_ai_600_1: 'GV-1.1 - Policies and Procedures',
350
+ nist_ai_rmf: 'GOVERN-1.3 - Risk Tolerance',
351
+ nist_csf_2_0: 'PR.AC-03 - Remote Access Management',
282
352
  mitre_atlas: 'AML.T0048 - External Harms',
283
353
  iso_42001: 'A.9.3 - Intended Use Boundaries'
284
354
  },
@@ -287,6 +357,8 @@ const FRAMEWORK_MAP: Record<string, FrameworkMappings> = {
287
357
  training_data_extraction: {
288
358
  owasp_llm: 'LLM02:2025 - Sensitive Information Disclosure',
289
359
  nist_ai_600_1: 'MS-2.6 - Data Disclosure',
360
+ nist_ai_rmf: 'MAP-1.1 - Negative Impact Documentation',
361
+ nist_csf_2_0: 'PR.DS-01 - Data at Rest Protection',
290
362
  mitre_atlas: 'AML.T0048 - External Harms',
291
363
  iso_42001: 'A.7.5 - Data Provenance'
292
364
  },
@@ -295,6 +367,8 @@ const FRAMEWORK_MAP: Record<string, FrameworkMappings> = {
295
367
  simulator_mode: {
296
368
  owasp_llm: 'LLM01:2025 - Prompt Injection',
297
369
  nist_ai_600_1: 'MS-2.5 - Prompt Injection',
370
+ nist_ai_rmf: 'MEASURE-2.6 - AI System Safety',
371
+ nist_csf_2_0: 'ID.AM-02 - Platform Management',
298
372
  mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection',
299
373
  iso_42001: 'A.9.3 - Intended Use Boundaries'
300
374
  },
@@ -303,6 +377,8 @@ const FRAMEWORK_MAP: Record<string, FrameworkMappings> = {
303
377
  nested_encoding: {
304
378
  owasp_llm: 'LLM01:2025 - Prompt Injection',
305
379
  nist_ai_600_1: 'MS-2.5 - Prompt Injection',
380
+ nist_ai_rmf: 'MAP-4.1 - Risk Mapping for AI Components',
381
+ nist_csf_2_0: 'PR.DS-02 - Data-in-Transit Protection',
306
382
  mitre_atlas: 'AML.T0051.001 - LLM Prompt Injection: Indirect',
307
383
  iso_42001: 'A.7.4 - Data Preparation'
308
384
  },
@@ -311,6 +387,8 @@ const FRAMEWORK_MAP: Record<string, FrameworkMappings> = {
311
387
  payload_splitting: {
312
388
  owasp_llm: 'LLM01:2025 - Prompt Injection',
313
389
  nist_ai_600_1: 'MS-2.5 - Prompt Injection',
390
+ nist_ai_rmf: 'MAP-4.1 - Risk Mapping for AI Components',
391
+ nist_csf_2_0: 'PR.DS-02 - Data-in-Transit Protection',
314
392
  mitre_atlas: 'AML.T0051.001 - LLM Prompt Injection: Indirect',
315
393
  iso_42001: 'A.7.4 - Data Preparation'
316
394
  },
@@ -319,6 +397,8 @@ const FRAMEWORK_MAP: Record<string, FrameworkMappings> = {
319
397
  css_hiding: {
320
398
  owasp_llm: 'LLM01:2025 - Prompt Injection',
321
399
  nist_ai_600_1: 'MS-2.5 - Prompt Injection',
400
+ nist_ai_rmf: 'MAP-4.1 - Risk Mapping for AI Components',
401
+ nist_csf_2_0: 'PR.DS-05 - Data-in-Transit Protection',
322
402
  mitre_atlas: 'AML.T0051.001 - LLM Prompt Injection: Indirect',
323
403
  iso_42001: 'A.7.4 - Data Preparation'
324
404
  },
@@ -327,6 +407,8 @@ const FRAMEWORK_MAP: Record<string, FrameworkMappings> = {
327
407
  authority_impersonation: {
328
408
  owasp_llm: 'LLM01:2025 - Prompt Injection',
329
409
  nist_ai_600_1: 'MS-2.5 - Prompt Injection',
410
+ nist_ai_rmf: 'GOVERN-2.2 - Personnel Training',
411
+ nist_csf_2_0: 'PR.AT-01 - Awareness Training',
330
412
  mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection',
331
413
  iso_42001: 'A.2.2 - Responsible AI Policies'
332
414
  },
@@ -335,6 +417,8 @@ const FRAMEWORK_MAP: Record<string, FrameworkMappings> = {
335
417
  testing_debugging_claims: {
336
418
  owasp_llm: 'LLM01:2025 - Prompt Injection',
337
419
  nist_ai_600_1: 'MS-2.5 - Prompt Injection',
420
+ nist_ai_rmf: 'MEASURE-2.7 - AI System Security and Resilience',
421
+ nist_csf_2_0: 'DE.CM-01 - Network Monitoring',
338
422
  mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection',
339
423
  iso_42001: 'A.6.1.2 - AI System Operational Procedures'
340
424
  },
@@ -343,6 +427,8 @@ const FRAMEWORK_MAP: Record<string, FrameworkMappings> = {
343
427
  callback_url_injection: {
344
428
  owasp_llm: 'LLM02:2025 - Sensitive Information Disclosure',
345
429
  nist_ai_600_1: 'MS-2.6 - Data Disclosure',
430
+ nist_ai_rmf: 'MANAGE-2.3 - Respond to Unknown Risks',
431
+ nist_csf_2_0: 'DE.AE-02 - Anomaly Detection',
346
432
  mitre_atlas: 'AML.T0048 - External Harms',
347
433
  iso_42001: 'A.6.1.5 - AI System Security (Adversarial Input)'
348
434
  },
@@ -351,6 +437,8 @@ const FRAMEWORK_MAP: Record<string, FrameworkMappings> = {
351
437
  whitespace_steganography: {
352
438
  owasp_llm: 'LLM01:2025 - Prompt Injection',
353
439
  nist_ai_600_1: 'MS-2.5 - Prompt Injection',
440
+ nist_ai_rmf: 'MAP-4.1 - Risk Mapping for AI Components',
441
+ nist_csf_2_0: 'PR.DS-02 - Data-in-Transit Protection',
354
442
  mitre_atlas: 'AML.T0051.001 - LLM Prompt Injection: Indirect',
355
443
  iso_42001: 'A.7.4 - Data Preparation'
356
444
  },
@@ -359,6 +447,8 @@ const FRAMEWORK_MAP: Record<string, FrameworkMappings> = {
359
447
  comment_injection: {
360
448
  owasp_llm: 'LLM01:2025 - Prompt Injection',
361
449
  nist_ai_600_1: 'MS-2.5 - Prompt Injection',
450
+ nist_ai_rmf: 'MAP-4.1 - Risk Mapping for AI Components',
451
+ nist_csf_2_0: 'PR.DS-05 - Data-in-Transit Protection',
362
452
  mitre_atlas: 'AML.T0051.001 - LLM Prompt Injection: Indirect',
363
453
  iso_42001: 'A.7.4 - Data Preparation'
364
454
  }
@@ -370,6 +460,8 @@ const FRAMEWORK_MAP: Record<string, FrameworkMappings> = {
370
460
  const DEFAULT_MAPPINGS: FrameworkMappings = {
371
461
  owasp_llm: 'LLM01:2025 - Prompt Injection',
372
462
  nist_ai_600_1: 'MS-2.5 - Prompt Injection',
463
+ nist_ai_rmf: 'MEASURE-2.7 - AI System Security',
464
+ nist_csf_2_0: 'PR.DS-05 - Data-in-Transit Protection',
373
465
  mitre_atlas: 'AML.T0051.000 - LLM Prompt Injection',
374
466
  iso_42001: 'A.6.1.5 - AI System Security'
375
467
  };
@@ -388,6 +480,8 @@ export function getSupportedFrameworks(): string[] {
388
480
  return [
389
481
  'OWASP LLM Top 10 (2025)',
390
482
  'NIST AI 600-1 (Generative AI Profile)',
483
+ 'NIST AI RMF (AI Risk Management Framework)',
484
+ 'NIST CSF 2.0 (Cybersecurity Framework)',
391
485
  'MITRE ATLAS (Adversarial Threat Landscape)',
392
486
  'ISO/IEC 42001:2023 (AI Management System)'
393
487
  ];
@@ -9,7 +9,10 @@
9
9
  * Aligned with:
10
10
  * - OWASP LLM Top 10 (2025)
11
11
  * - NIST AI 600-1 (Generative AI Profile)
12
+ * - NIST AI RMF (AI Risk Management Framework)
13
+ * - NIST CSF 2.0 (Cybersecurity Framework 2.0)
12
14
  * - MITRE ATLAS (Adversarial Threat Landscape)
15
+ * - ISO/IEC 42001:2023 (AI Management System)
13
16
  */
14
17
 
15
18
  import {
@@ -34,6 +37,8 @@ export interface ThreatFinding {
34
37
  confidence: number;
35
38
  owasp_llm: string;
36
39
  nist_ai_600_1: string;
40
+ nist_ai_rmf: string;
41
+ nist_csf_2_0: string;
37
42
  mitre_atlas: string;
38
43
  iso_42001: string;
39
44
  remediation: string;
@@ -103,6 +108,8 @@ function buildFindings(patternsDetected: string[]): ThreatFinding[] {
103
108
  confidence: 0.95, // Default confidence; can be enhanced later
104
109
  owasp_llm: frameworks.owasp_llm,
105
110
  nist_ai_600_1: frameworks.nist_ai_600_1,
111
+ nist_ai_rmf: frameworks.nist_ai_rmf,
112
+ nist_csf_2_0: frameworks.nist_csf_2_0,
106
113
  mitre_atlas: frameworks.mitre_atlas,
107
114
  iso_42001: frameworks.iso_42001,
108
115
  remediation: `Content sanitized. ${category.replace(/_/g, ' ')} removed.`
@@ -126,9 +133,9 @@ function generateToonFindings(findings: ThreatFinding[]): string {
126
133
  * Fallback manual TOON format generation
127
134
  */
128
135
  function generateManualToonFormat(findings: ThreatFinding[]): string {
129
- const header = `findings[${findings.length}]{id,pattern_id,category,severity,confidence,owasp_llm,nist_ai_600_1,mitre_atlas,iso_42001,remediation}:`;
136
+ const header = `findings[${findings.length}]{id,pattern_id,category,severity,confidence,owasp_llm,nist_ai_600_1,nist_ai_rmf,nist_csf_2_0,mitre_atlas,iso_42001,remediation}:`;
130
137
  const rows = findings.map(f =>
131
- `${f.id},${f.pattern_id},${f.category},${f.severity},${f.confidence},${f.owasp_llm},${f.nist_ai_600_1},${f.mitre_atlas},${f.iso_42001},${f.remediation}`
138
+ `${f.id},${f.pattern_id},${f.category},${f.severity},${f.confidence},${f.owasp_llm},${f.nist_ai_600_1},${f.nist_ai_rmf},${f.nist_csf_2_0},${f.mitre_atlas},${f.iso_42001},${f.remediation}`
132
139
  );
133
140
  return `${header}\n${rows.join('\n')}`;
134
141
  }
@@ -151,7 +158,7 @@ function generateMarkdownReport(
151
158
  markdown += `**Generated:** ${timestamp}\n`;
152
159
  markdown += `**Source:** ${sourceUrl}\n`;
153
160
  markdown += `**Overall Severity:** ${overallSeverity}\n`;
154
- markdown += `**Framework:** OWASP LLM Top 10 | NIST AI 600-1 | MITRE ATLAS | ISO/IEC 42001\n\n`;
161
+ markdown += `**Framework:** OWASP LLM Top 10 | NIST AI 600-1 | NIST AI RMF | NIST CSF 2.0 | MITRE ATLAS | ISO/IEC 42001\n\n`;
155
162
 
156
163
  // Findings Summary
157
164
  markdown += '### Findings Summary\n';
@@ -165,16 +172,18 @@ function generateMarkdownReport(
165
172
  // Findings Detail (only if we have findings)
166
173
  if (findings.length > 0) {
167
174
  markdown += '### Findings Detail\n';
168
- markdown += '| # | Category | Severity | Confidence | OWASP | MITRE | ISO 42001 |\n';
169
- markdown += '|---|---|---|---|---|---|---|\n';
175
+ markdown += '| # | Category | Severity | Conf | OWASP | AI-RMF | CSF 2.0 | MITRE | ISO |\n';
176
+ markdown += '|---|---|---|---|---|---|---|---|---|\n';
170
177
 
171
178
  for (const finding of findings.slice(0, 10)) { // Limit to first 10 for readability
172
179
  const confidencePct = Math.round(finding.confidence * 100);
173
180
  const owaspShort = finding.owasp_llm.split(' - ')[0]; // e.g., "LLM01:2025"
181
+ const nistRmfShort = finding.nist_ai_rmf.split(' - ')[0]; // e.g., "MEASURE-2.7"
182
+ const nistCsfShort = finding.nist_csf_2_0.split(' - ')[0]; // e.g., "DE.CM-01"
174
183
  const mitreShort = finding.mitre_atlas.split(' - ')[0]; // e.g., "AML.T0051.000"
175
184
  const isoShort = finding.iso_42001.split(' - ')[0]; // e.g., "A.6.1.5"
176
185
 
177
- markdown += `| ${finding.id} | ${finding.category} | ${finding.severity} | ${confidencePct}% | ${owaspShort} | ${mitreShort} | ${isoShort} |\n`;
186
+ markdown += `| ${finding.id} | ${finding.category} | ${finding.severity} | ${confidencePct}% | ${owaspShort} | ${nistRmfShort} | ${nistCsfShort} | ${mitreShort} | ${isoShort} |\n`;
178
187
  }
179
188
 
180
189
  if (findings.length > 10) {
@@ -256,6 +265,8 @@ export function generateThreatReport(input: ThreatReportInput): ThreatReport | n
256
265
  frameworks: [
257
266
  'OWASP LLM Top 10',
258
267
  'NIST AI 600-1',
268
+ 'NIST AI RMF',
269
+ 'NIST CSF 2.0',
259
270
  'MITRE ATLAS',
260
271
  'ISO/IEC 42001'
261
272
  ],
@@ -119,6 +119,11 @@ export async function visusFetchStructured(
119
119
 
120
120
  const { title, html } = renderResult.value;
121
121
 
122
+ // Type guard: fetch-structured only works with HTML (string), not binary content
123
+ if (Buffer.isBuffer(html)) {
124
+ return Err(new Error('fetch-structured does not support binary content types (PDFs, images). Use visus_fetch instead.'));
125
+ }
126
+
122
127
  // Step 2: Extract structured data from HTML using cheerio
123
128
  const extractedData = extractStructuredData(html, schema);
124
129
 
@@ -40,6 +40,7 @@ export async function visusFetch(input: VisusFetchInput): Promise<Result<VisusFe
40
40
  }
41
41
 
42
42
  const { html, title, contentType } = renderResult.value;
43
+ // rawContent can be string (HTML/JSON/SVG) or Buffer (PDF, binary)
43
44
  const rawContent = html || '';
44
45
 
45
46
  // Step 2: Detect content type and route to specialized handlers if applicable
@@ -53,6 +54,7 @@ export async function visusFetch(input: VisusFetchInput): Promise<Result<VisusFe
53
54
  normalizedMime === 'image/svg+xml') {
54
55
 
55
56
  // Route to specialized content handler
57
+ // Note: rawContent may be Buffer for PDFs, string for JSON/SVG
56
58
  const handlerResult = await routeContentHandler(rawContent, detectedContentType);
57
59
 
58
60
  // Handle unsupported or error cases
@@ -108,6 +110,11 @@ export async function visusFetch(input: VisusFetchInput): Promise<Result<VisusFe
108
110
  }
109
111
 
110
112
  // Step 3: For HTML/XML/RSS - use existing format conversion flow
113
+ // Type guard: rawContent should be string for non-binary types
114
+ if (Buffer.isBuffer(rawContent)) {
115
+ return Err(new Error('Unexpected binary content in HTML/XML/RSS path'));
116
+ }
117
+
111
118
  const formatType = detectFormat(detectedContentType);
112
119
 
113
120
  let processedContent = rawContent;
package/src/tools/read.ts CHANGED
@@ -48,6 +48,11 @@ export async function visusRead(input: VisusReadInput): Promise<Result<VisusRead
48
48
 
49
49
  const { html, title: pageTitle } = renderResult.value;
50
50
 
51
+ // Type guard: visus_read only works with HTML (string), not binary content
52
+ if (Buffer.isBuffer(html)) {
53
+ return Err(new Error('visus_read does not support binary content types (PDFs, images). Use visus_fetch instead.'));
54
+ }
55
+
51
56
  // Step 2: Extract article content using Readability
52
57
  const readerResult = extractArticle(html, url);
53
58
 
package/src/types.ts CHANGED
@@ -130,9 +130,17 @@ export interface VisusSearchOutput {
130
130
 
131
131
  /**
132
132
  * Result from browser rendering
133
+ *
134
+ * @property html - Response content as string (for text) or Buffer (for binary like PDFs)
135
+ * Use Buffer for application/pdf, image/*, and other binary types
136
+ * @property title - Page title extracted from response
137
+ * @property url - Final URL after redirects
138
+ * @property contentType - Content-Type header value (e.g., "application/pdf", "text/html")
139
+ * @property text - Optional text content (when available)
140
+ * @property error - Error message if rendering failed
133
141
  */
134
142
  export interface BrowserRenderResult {
135
- html: string;
143
+ html: string | Buffer;
136
144
  title: string;
137
145
  url: string;
138
146
  contentType?: string;