zeroleaks 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of zeroleaks might be problematic. Click here for more details.
- package/LICENSE +106 -0
- package/README.md +140 -0
- package/dist/agents/attacker.d.ts +55 -0
- package/dist/agents/attacker.d.ts.map +1 -0
- package/dist/agents/engine.d.ts +57 -0
- package/dist/agents/engine.d.ts.map +1 -0
- package/dist/agents/evaluator.d.ts +34 -0
- package/dist/agents/evaluator.d.ts.map +1 -0
- package/dist/agents/index.d.ts +7 -0
- package/dist/agents/index.d.ts.map +1 -0
- package/dist/agents/mutator.d.ts +28 -0
- package/dist/agents/mutator.d.ts.map +1 -0
- package/dist/agents/strategist.d.ts +36 -0
- package/dist/agents/strategist.d.ts.map +1 -0
- package/dist/agents/target.d.ts +13 -0
- package/dist/agents/target.d.ts.map +1 -0
- package/dist/bin/cli.d.ts +3 -0
- package/dist/bin/cli.d.ts.map +1 -0
- package/dist/bin/cli.js +23461 -0
- package/dist/index.d.ts +6 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +18358 -0
- package/dist/knowledge/defense-bypass.d.ts +34 -0
- package/dist/knowledge/defense-bypass.d.ts.map +1 -0
- package/dist/knowledge/exfiltration.d.ts +43 -0
- package/dist/knowledge/exfiltration.d.ts.map +1 -0
- package/dist/knowledge/index.d.ts +5 -0
- package/dist/knowledge/index.d.ts.map +1 -0
- package/dist/knowledge/payloads.d.ts +23 -0
- package/dist/knowledge/payloads.d.ts.map +1 -0
- package/dist/knowledge/techniques.d.ts +33 -0
- package/dist/knowledge/techniques.d.ts.map +1 -0
- package/dist/probes/advanced.d.ts +19 -0
- package/dist/probes/advanced.d.ts.map +1 -0
- package/dist/probes/direct.d.ts +8 -0
- package/dist/probes/direct.d.ts.map +1 -0
- package/dist/probes/encoding.d.ts +24 -0
- package/dist/probes/encoding.d.ts.map +1 -0
- package/dist/probes/index.d.ts +27 -0
- package/dist/probes/index.d.ts.map +1 -0
- package/dist/probes/modern.d.ts +14 -0
- package/dist/probes/modern.d.ts.map +1 -0
- package/dist/probes/personas.d.ts +15 -0
- package/dist/probes/personas.d.ts.map +1 -0
- package/dist/probes/social.d.ts +8 -0
- package/dist/probes/social.d.ts.map +1 -0
- package/dist/probes/technical.d.ts +8 -0
- package/dist/probes/technical.d.ts.map +1 -0
- package/dist/types.d.ts +244 -0
- package/dist/types.d.ts.map +1 -0
- package/dist/utils.d.ts +16 -0
- package/dist/utils.d.ts.map +1 -0
- package/package.json +76 -0
|
@@ -0,0 +1,34 @@
|
|
|
1
|
+
export interface DefenseBypassMethod {
|
|
2
|
+
id: string;
|
|
3
|
+
name: string;
|
|
4
|
+
targetDefense: DefenseType;
|
|
5
|
+
source: string;
|
|
6
|
+
documentedSuccess: boolean;
|
|
7
|
+
description: string;
|
|
8
|
+
mechanism: string;
|
|
9
|
+
technique: string;
|
|
10
|
+
example?: string;
|
|
11
|
+
bypassRate?: number;
|
|
12
|
+
adaptiveResistance: "low" | "medium" | "high";
|
|
13
|
+
}
|
|
14
|
+
export type DefenseType = "xpia_classifier" | "content_filter" | "markdown_sanitizer" | "instruction_detection" | "embedding_filter" | "behavioral_monitor" | "output_filter" | "rate_limiting" | "human_in_loop";
|
|
15
|
+
export declare const xpiaBypass: DefenseBypassMethod[];
|
|
16
|
+
export declare const contentFilterBypass: DefenseBypassMethod[];
|
|
17
|
+
export declare const instructionDetectionBypass: DefenseBypassMethod[];
|
|
18
|
+
export declare const embeddingFilterBypass: DefenseBypassMethod[];
|
|
19
|
+
export declare const outputFilterBypass: DefenseBypassMethod[];
|
|
20
|
+
export declare const behavioralMonitorBypass: DefenseBypassMethod[];
|
|
21
|
+
export interface DefenseEffectiveness {
|
|
22
|
+
defense: DefenseType;
|
|
23
|
+
description: string;
|
|
24
|
+
knownBypassCount: number;
|
|
25
|
+
overallEffectiveness: "low" | "medium" | "high";
|
|
26
|
+
adaptiveBypassResistance: "low" | "medium" | "high";
|
|
27
|
+
recommendations: string[];
|
|
28
|
+
}
|
|
29
|
+
export declare const defenseEffectivenessMatrix: DefenseEffectiveness[];
|
|
30
|
+
export declare const allBypassMethods: DefenseBypassMethod[];
|
|
31
|
+
export declare function getBypassMethodsForDefense(defense: DefenseType): DefenseBypassMethod[];
|
|
32
|
+
export declare function getDocumentedBypassMethods(): DefenseBypassMethod[];
|
|
33
|
+
export declare function getHighSuccessBypassMethods(): DefenseBypassMethod[];
|
|
34
|
+
//# sourceMappingURL=defense-bypass.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"defense-bypass.d.ts","sourceRoot":"","sources":["../../src/knowledge/defense-bypass.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,mBAAmB;IAClC,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,aAAa,EAAE,WAAW,CAAC;IAC3B,MAAM,EAAE,MAAM,CAAC;IACf,iBAAiB,EAAE,OAAO,CAAC;IAC3B,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,kBAAkB,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,CAAC;CAC/C;AAED,MAAM,MAAM,WAAW,GACnB,iBAAiB,GACjB,gBAAgB,GAChB,oBAAoB,GACpB,uBAAuB,GACvB,kBAAkB,GAClB,oBAAoB,GACpB,eAAe,GACf,eAAe,GACf,eAAe,CAAC;AAEpB,eAAO,MAAM,UAAU,EAAE,mBAAmB,EAgD3C,CAAC;AAEF,eAAO,MAAM,mBAAmB,EAAE,mBAAmB,EAiDpD,CAAC;AAEF,eAAO,MAAM,0BAA0B,EAAE,mBAAmB,EAiC3D,CAAC;AAEF,eAAO,MAAM,qBAAqB,EAAE,mBAAmB,EAetD,CAAC;AAEF,eAAO,MAAM,kBAAkB,EAAE,mBAAmB,EA+BnD,CAAC;AAEF,eAAO,MAAM,uBAAuB,EAAE,mBAAmB,EAexD,CAAC;AAEF,MAAM,WAAW,oBAAoB;IACnC,OAAO,EAAE,WAAW,CAAC;IACrB,WAAW,EAAE,MAAM,CAAC;IACpB,gBAAgB,EAAE,MAAM,CAAC;IACzB,oBAAoB,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,CAAC;IAChD,wBAAwB,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,CAAC;IACpD,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AAED,eAAO,MAAM,0BAA0B,EAAE,oBAAoB,EAiD5D,CAAC;AAEF,eAAO,MAAM,gBAAgB,EAAE,mBAAmB,EAOjD,CAAC;AAEF,wBAAgB,0BAA0B,CACxC,OAAO,EAAE,WAAW,GACnB,mBAAmB,EAAE,CAEvB;AAED,wBAAgB,0BAA0B,IAAI,mBAAmB,EAAE,CAElE;AAED,wBAAgB,2BAA2B,IAAI,mBAAmB,EAAE,CAEnE"}
|
|
@@ -0,0 +1,43 @@
|
|
|
1
|
+
export interface ExfiltrationVector {
|
|
2
|
+
id: string;
|
|
3
|
+
name: string;
|
|
4
|
+
type: ExfiltrationType;
|
|
5
|
+
source: string;
|
|
6
|
+
realWorldExample?: string;
|
|
7
|
+
description: string;
|
|
8
|
+
mechanism: string;
|
|
9
|
+
template: string;
|
|
10
|
+
encodingMethod?: string;
|
|
11
|
+
requiresExternalServer: boolean;
|
|
12
|
+
requiresUserAction: boolean;
|
|
13
|
+
stealthLevel: "low" | "medium" | "high" | "zero_click";
|
|
14
|
+
detectionDifficulty: "easy" | "moderate" | "hard";
|
|
15
|
+
}
|
|
16
|
+
export type ExfiltrationType = "image_url" | "link_click" | "api_callback" | "form_submission" | "websocket" | "dns_exfil" | "encoded_response";
|
|
17
|
+
export declare const imageExfiltration: ExfiltrationVector[];
|
|
18
|
+
export declare const linkExfiltration: ExfiltrationVector[];
|
|
19
|
+
export declare const encodedResponseExfiltration: ExfiltrationVector[];
|
|
20
|
+
export interface LethalTrifectaAssessment {
|
|
21
|
+
hasPrivateDataAccess: boolean;
|
|
22
|
+
hasUntrustedTokenExposure: boolean;
|
|
23
|
+
hasExfiltrationVector: boolean;
|
|
24
|
+
isVulnerable: boolean;
|
|
25
|
+
riskLevel: "critical" | "high" | "medium" | "low";
|
|
26
|
+
recommendations: string[];
|
|
27
|
+
}
|
|
28
|
+
export declare function assessLethalTrifecta(capabilities: {
|
|
29
|
+
canReadEmails?: boolean;
|
|
30
|
+
canReadDocuments?: boolean;
|
|
31
|
+
canReadDatabases?: boolean;
|
|
32
|
+
processesExternalContent?: boolean;
|
|
33
|
+
processesEmails?: boolean;
|
|
34
|
+
processesSharedDocs?: boolean;
|
|
35
|
+
canRenderImages?: boolean;
|
|
36
|
+
canMakeAPIcalls?: boolean;
|
|
37
|
+
canGenerateLinks?: boolean;
|
|
38
|
+
}): LethalTrifectaAssessment;
|
|
39
|
+
export declare const allExfiltrationVectors: ExfiltrationVector[];
|
|
40
|
+
export declare function getExfiltrationByType(type: ExfiltrationType): ExfiltrationVector[];
|
|
41
|
+
export declare function getZeroClickVectors(): ExfiltrationVector[];
|
|
42
|
+
export declare function getNoServerRequired(): ExfiltrationVector[];
|
|
43
|
+
//# sourceMappingURL=exfiltration.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"exfiltration.d.ts","sourceRoot":"","sources":["../../src/knowledge/exfiltration.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,kBAAkB;IACjC,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,gBAAgB,CAAC;IACvB,MAAM,EAAE,MAAM,CAAC;IACf,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,sBAAsB,EAAE,OAAO,CAAC;IAChC,kBAAkB,EAAE,OAAO,CAAC;IAC5B,YAAY,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,YAAY,CAAC;IACvD,mBAAmB,EAAE,MAAM,GAAG,UAAU,GAAG,MAAM,CAAC;CACnD;AAED,MAAM,MAAM,gBAAgB,GACxB,WAAW,GACX,YAAY,GACZ,cAAc,GACd,iBAAiB,GACjB,WAAW,GACX,WAAW,GACX,kBAAkB,CAAC;AAEvB,eAAO,MAAM,iBAAiB,EAAE,kBAAkB,EAuCjD,CAAC;AAEF,eAAO,MAAM,gBAAgB,EAAE,kBAAkB,EAwChD,CAAC;AAEF,eAAO,MAAM,2BAA2B,EAAE,kBAAkB,EA4C3D,CAAC;AAEF,MAAM,WAAW,wBAAwB;IACvC,oBAAoB,EAAE,OAAO,CAAC;IAC9B,yBAAyB,EAAE,OAAO,CAAC;IACnC,qBAAqB,EAAE,OAAO,CAAC;IAC/B,YAAY,EAAE,OAAO,CAAC;IACtB,SAAS,EAAE,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;IAClD,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AAED,wBAAgB,oBAAoB,CAAC,YAAY,EAAE;IACjD,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,gBAAgB,CAAC,EAAE,OAAO,CAAC;IAC3B,gBAAgB,CAAC,EAAE,OAAO,CAAC;IAC3B,wBAAwB,CAAC,EAAE,OAAO,CAAC;IACnC,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,mBAAmB,CAAC,EAAE,OAAO,CAAC;IAC9B,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,gBAAgB,CAAC,EAAE,OAAO,CAAC;CAC5B,GAAG,wBAAwB,CA0E3B;AAED,eAAO,MAAM,sBAAsB,EAAE,kBAAkB,EAItD,CAAC;AAEF,wBAAgB,qBAAqB,CACnC,IAAI,EAAE,gBAAgB,GACrB,kBAAkB,EAAE,CAEtB;AAED,wBAAgB,mBAAmB,IAAI,kBAAkB,EAAE,CAE1D;AAED,wBAAgB,mBAAmB,IAAI,kBAAkB,EAAE,CAE1D"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/knowledge/index.ts"],"names":[],"mappings":"AAAA,cAAc,cAAc,CAAC;AAC7B,cAAc,YAAY,CAAC;AAC3B,cAAc,gBAAgB,CAAC;AAC/B,cAAc,kBAAkB,CAAC"}
|
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
export interface PayloadTemplate {
|
|
2
|
+
id: string;
|
|
3
|
+
name: string;
|
|
4
|
+
category: PayloadCategory;
|
|
5
|
+
source: string;
|
|
6
|
+
validated: boolean;
|
|
7
|
+
template: string;
|
|
8
|
+
variables: string[];
|
|
9
|
+
targetContext: string[];
|
|
10
|
+
effectiveness: "proven" | "research_validated" | "theoretical";
|
|
11
|
+
evasionTechniques: string[];
|
|
12
|
+
}
|
|
13
|
+
export type PayloadCategory = "system_prompt_extraction" | "data_exfiltration" | "defense_bypass" | "context_injection" | "instruction_override" | "format_exploitation";
|
|
14
|
+
export declare const extractionPayloads: PayloadTemplate[];
|
|
15
|
+
export declare const bypassPayloads: PayloadTemplate[];
|
|
16
|
+
export declare const contextInjectionPayloads: PayloadTemplate[];
|
|
17
|
+
export declare const instructionOverridePayloads: PayloadTemplate[];
|
|
18
|
+
export declare const allPayloadTemplates: PayloadTemplate[];
|
|
19
|
+
export declare function getPayloadsByCategory(category: PayloadCategory): PayloadTemplate[];
|
|
20
|
+
export declare function getProvenPayloads(): PayloadTemplate[];
|
|
21
|
+
export declare function getValidatedPayloads(): PayloadTemplate[];
|
|
22
|
+
export declare function renderPayload(template: PayloadTemplate, variables: Record<string, string>): string;
|
|
23
|
+
//# sourceMappingURL=payloads.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"payloads.d.ts","sourceRoot":"","sources":["../../src/knowledge/payloads.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,eAAe;IAC9B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,eAAe,CAAC;IAC1B,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,OAAO,CAAC;IACnB,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,EAAE,CAAC;IACpB,aAAa,EAAE,MAAM,EAAE,CAAC;IACxB,aAAa,EAAE,QAAQ,GAAG,oBAAoB,GAAG,aAAa,CAAC;IAC/D,iBAAiB,EAAE,MAAM,EAAE,CAAC;CAC7B;AAED,MAAM,MAAM,eAAe,GACvB,0BAA0B,GAC1B,mBAAmB,GACnB,gBAAgB,GAChB,mBAAmB,GACnB,sBAAsB,GACtB,qBAAqB,CAAC;AAE1B,eAAO,MAAM,kBAAkB,EAAE,eAAe,EAyG/C,CAAC;AAEF,eAAO,MAAM,cAAc,EAAE,eAAe,EA6E3C,CAAC;AAEF,eAAO,MAAM,wBAAwB,EAAE,eAAe,EAwDrD,CAAC;AAEF,eAAO,MAAM,2BAA2B,EAAE,eAAe,EA0CxD,CAAC;AAEF,eAAO,MAAM,mBAAmB,EAAE,eAAe,EAKhD,CAAC;AAEF,wBAAgB,qBAAqB,CACnC,QAAQ,EAAE,eAAe,GACxB,eAAe,EAAE,CAEnB;AAED,wBAAgB,iBAAiB,IAAI,eAAe,EAAE,CAErD;AAED,wBAAgB,oBAAoB,IAAI,eAAe,EAAE,CAExD;AAED,wBAAgB,aAAa,CAC3B,QAAQ,EAAE,eAAe,EACzB,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAChC,MAAM,CAMR"}
|
|
@@ -0,0 +1,33 @@
|
|
|
1
|
+
export interface DocumentedTechnique {
|
|
2
|
+
id: string;
|
|
3
|
+
name: string;
|
|
4
|
+
category: TechniqueCategory;
|
|
5
|
+
source: {
|
|
6
|
+
type: "cve" | "academic" | "security_advisory" | "real_world_incident";
|
|
7
|
+
reference: string;
|
|
8
|
+
date: string;
|
|
9
|
+
authors?: string[];
|
|
10
|
+
cvss?: number;
|
|
11
|
+
};
|
|
12
|
+
description: string;
|
|
13
|
+
mechanism: string;
|
|
14
|
+
targetedSystems: string[];
|
|
15
|
+
successRate?: number;
|
|
16
|
+
defensesBypassed: string[];
|
|
17
|
+
payloadTemplate?: string;
|
|
18
|
+
variables?: string[];
|
|
19
|
+
stealthLevel: "low" | "medium" | "high" | "zero_click";
|
|
20
|
+
}
|
|
21
|
+
export type TechniqueCategory = "zero_click_injection" | "rag_poisoning" | "exfiltration" | "memory_poisoning" | "tool_poisoning" | "second_order" | "topic_transition" | "implicit_extraction" | "markdown_injection" | "encoding_bypass";
|
|
22
|
+
export declare const zeroClickTechniques: DocumentedTechnique[];
|
|
23
|
+
export declare const ragPoisoningTechniques: DocumentedTechnique[];
|
|
24
|
+
export declare const implicitExtractionTechniques: DocumentedTechnique[];
|
|
25
|
+
export declare const toolPoisoningTechniques: DocumentedTechnique[];
|
|
26
|
+
export declare const secondOrderTechniques: DocumentedTechnique[];
|
|
27
|
+
export declare const markdownInjectionTechniques: DocumentedTechnique[];
|
|
28
|
+
export declare const allDocumentedTechniques: DocumentedTechnique[];
|
|
29
|
+
export declare function getTechniquesByCategory(category: TechniqueCategory): DocumentedTechnique[];
|
|
30
|
+
export declare function getTechniquesBySource(sourceType: DocumentedTechnique["source"]["type"]): DocumentedTechnique[];
|
|
31
|
+
export declare function getCVETechniques(): DocumentedTechnique[];
|
|
32
|
+
export declare function getHighSuccessRateTechniques(minRate?: number): DocumentedTechnique[];
|
|
33
|
+
//# sourceMappingURL=techniques.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"techniques.d.ts","sourceRoot":"","sources":["../../src/knowledge/techniques.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,mBAAmB;IAClC,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,iBAAiB,CAAC;IAC5B,MAAM,EAAE;QACN,IAAI,EAAE,KAAK,GAAG,UAAU,GAAG,mBAAmB,GAAG,qBAAqB,CAAC;QACvE,SAAS,EAAE,MAAM,CAAC;QAClB,IAAI,EAAE,MAAM,CAAC;QACb,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;QACnB,IAAI,CAAC,EAAE,MAAM,CAAC;KACf,CAAC;IACF,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;IACrB,YAAY,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,YAAY,CAAC;CACxD;AAED,MAAM,MAAM,iBAAiB,GACzB,sBAAsB,GACtB,eAAe,GACf,cAAc,GACd,kBAAkB,GAClB,gBAAgB,GAChB,cAAc,GACd,kBAAkB,GAClB,qBAAqB,GACrB,oBAAoB,GACpB,iBAAiB,CAAC;AAEtB,eAAO,MAAM,mBAAmB,EAAE,mBAAmB,EA0DpD,CAAC;AAEF,eAAO,MAAM,sBAAsB,EAAE,mBAAmB,EAkHvD,CAAC;AAEF,eAAO,MAAM,4BAA4B,EAAE,mBAAmB,EAqD7D,CAAC;AAEF,eAAO,MAAM,uBAAuB,EAAE,mBAAmB,EAiDxD,CAAC;AAEF,eAAO,MAAM,qBAAqB,EAAE,mBAAmB,EAiCtD,CAAC;AAEF,eAAO,MAAM,2BAA2B,EAAE,mBAAmB,EAsD5D,CAAC;AAEF,eAAO,MAAM,uBAAuB,EAAE,mBAAmB,EAOxD,CAAC;AAEF,wBAAgB,uBAAuB,CACrC,QAAQ,EAAE,iBAAiB,GAC1B,mBAAmB,EAAE,CAEvB;AAED,wBAAgB,qBAAqB,CACnC,UAAU,EAAE,mBAAmB,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,GAChD,mBAAmB,EAAE,CAEvB;AAED,wBAAgB,gBAAgB,IAAI,mBAAmB,EAAE,CAExD;AAED,wBAAgB,4BAA4B,CAC1C,OAAO,GAAE,MAAY,GACpB,mBAAmB,EAAE,CAIvB"}
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
export declare const dividers: {
|
|
2
|
+
techiral: string;
|
|
3
|
+
techiral_v2: string;
|
|
4
|
+
sparkle: string;
|
|
5
|
+
};
|
|
6
|
+
export declare const ruleInjections: {
|
|
7
|
+
never_refuse: string;
|
|
8
|
+
freedom_act: string;
|
|
9
|
+
air_gapped: string;
|
|
10
|
+
core_rule: string;
|
|
11
|
+
};
|
|
12
|
+
export declare const advancedProbes: {
|
|
13
|
+
id: string;
|
|
14
|
+
category: string;
|
|
15
|
+
technique: string;
|
|
16
|
+
prompt: string;
|
|
17
|
+
}[];
|
|
18
|
+
export declare function getRandomAdvancedProbe(): (typeof advancedProbes)[number];
|
|
19
|
+
//# sourceMappingURL=advanced.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"advanced.d.ts","sourceRoot":"","sources":["../../src/probes/advanced.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,QAAQ;;;;CAIpB,CAAC;AAEF,eAAO,MAAM,cAAc;;;;;CAQ1B,CAAC;AAEF,eAAO,MAAM,cAAc;;;;;GAoD1B,CAAC;AAEF,wBAAgB,sBAAsB,IAAI,CAAC,OAAO,cAAc,CAAC,CAAC,MAAM,CAAC,CAExE"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"direct.d.ts","sourceRoot":"","sources":["../../src/probes/direct.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,YAAY;;;;;GAmKxB,CAAC;AAEF,wBAAgB,oBAAoB,IAAI,CAAC,OAAO,YAAY,CAAC,CAAC,MAAM,CAAC,CAEpE"}
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
export declare const encodingUtils: {
|
|
2
|
+
toBase64: (text: string) => string;
|
|
3
|
+
toRot13: (text: string) => string;
|
|
4
|
+
toBraille: (text: string) => string;
|
|
5
|
+
toMorse: (text: string) => string;
|
|
6
|
+
toLeetspeak: (text: string) => string;
|
|
7
|
+
reverse: (text: string) => string;
|
|
8
|
+
toHex: (text: string) => string;
|
|
9
|
+
toBinary: (text: string) => string;
|
|
10
|
+
};
|
|
11
|
+
export declare const encodingProbes: {
|
|
12
|
+
id: string;
|
|
13
|
+
category: string;
|
|
14
|
+
technique: string;
|
|
15
|
+
template: (instruction: string) => string;
|
|
16
|
+
}[];
|
|
17
|
+
export declare const standardInstructions: string[];
|
|
18
|
+
export declare function generateEncodingAttacks(): Array<{
|
|
19
|
+
id: string;
|
|
20
|
+
category: string;
|
|
21
|
+
technique: string;
|
|
22
|
+
prompt: string;
|
|
23
|
+
}>;
|
|
24
|
+
//# sourceMappingURL=encoding.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"encoding.d.ts","sourceRoot":"","sources":["../../src/probes/encoding.ts"],"names":[],"mappings":"AAiGA,eAAO,MAAM,aAAa;qBACP,MAAM,KAAG,MAAM;oBAOhB,MAAM,KAAG,MAAM;sBAOb,MAAM,KAAG,MAAM;oBAQjB,MAAM,KAAG,MAAM;wBAQX,MAAM,KAAG,MAAM;oBAcnB,MAAM,KAAG,MAAM;kBAIjB,MAAM,KAAG,MAAM;qBAOZ,MAAM,KAAG,MAAM;CAMjC,CAAC;AAEF,eAAO,MAAM,cAAc;;;;4BAKC,MAAM;GAkEjC,CAAC;AAEF,eAAO,MAAM,oBAAoB,UAShC,CAAC;AAEF,wBAAgB,uBAAuB,IAAI,KAAK,CAAC;IAC/C,EAAE,EAAE,MAAM,CAAC;IACX,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;CAChB,CAAC,CAoBD"}
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
import type { AttackCategory, DefenseLevel, Probe as ModernProbe, ProbeSequence } from "../types";
|
|
2
|
+
export interface Probe {
|
|
3
|
+
id: string;
|
|
4
|
+
category: string;
|
|
5
|
+
technique: string;
|
|
6
|
+
prompt: string;
|
|
7
|
+
}
|
|
8
|
+
export type ExtendedProbe = ModernProbe;
|
|
9
|
+
export type ProbeCategory = "direct" | "encoding" | "persona" | "social" | "technical" | "advanced" | "crescendo" | "many_shot" | "cot_hijack" | "ascii_art" | "reasoning_exploit" | "policy_puppetry" | "context_overflow" | "semantic_shift";
|
|
10
|
+
export declare function getAllProbes(): Probe[];
|
|
11
|
+
export declare function getAllExtendedProbes(): ExtendedProbe[];
|
|
12
|
+
export declare function getProbesByCategory(category: ProbeCategory): Probe[];
|
|
13
|
+
export declare function getExtendedProbesByCategory(category: AttackCategory): ExtendedProbe[];
|
|
14
|
+
export declare function getProbesForDefense(level: DefenseLevel): ExtendedProbe[];
|
|
15
|
+
export declare function getProbeSequence(id: string): ProbeSequence | undefined;
|
|
16
|
+
export declare function getAllProbeSequences(): ProbeSequence[];
|
|
17
|
+
export declare function getRandomProbeFromCategory(category: ProbeCategory): Probe;
|
|
18
|
+
export declare function getAttackSequence(length?: number): Probe[];
|
|
19
|
+
export declare function getProbesForPhase(phase: "reconnaissance" | "soft" | "escalation" | "advanced"): Probe[];
|
|
20
|
+
export { advancedProbes } from "./advanced";
|
|
21
|
+
export { directProbes } from "./direct";
|
|
22
|
+
export { encodingProbes, encodingUtils, generateEncodingAttacks, } from "./encoding";
|
|
23
|
+
export { danPersonas, personaProbes } from "./personas";
|
|
24
|
+
export { socialProbes } from "./social";
|
|
25
|
+
export { technicalProbes } from "./technical";
|
|
26
|
+
export { modernProbes, probeSequences, crescendoProbes, cotHijackProbes, manyShotProbes, asciiArtProbes, reasoningExploitProbes, policyPuppetryProbes, contextOverflowProbes, getModernProbesByCategory, getProbesForDefenseLevel, getSequenceById, } from "./modern";
|
|
27
|
+
//# sourceMappingURL=index.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/probes/index.ts"],"names":[],"mappings":"AAoBA,OAAO,KAAK,EACV,cAAc,EACd,YAAY,EACZ,KAAK,IAAI,WAAW,EACpB,aAAa,EACd,MAAM,UAAU,CAAC;AAElB,MAAM,WAAW,KAAK;IACpB,EAAE,EAAE,MAAM,CAAC;IACX,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,MAAM,aAAa,GAAG,WAAW,CAAC;AAExC,MAAM,MAAM,aAAa,GACrB,QAAQ,GACR,UAAU,GACV,SAAS,GACT,QAAQ,GACR,WAAW,GACX,UAAU,GACV,WAAW,GACX,WAAW,GACX,YAAY,GACZ,WAAW,GACX,mBAAmB,GACnB,iBAAiB,GACjB,kBAAkB,GAClB,gBAAgB,CAAC;AAErB,wBAAgB,YAAY,IAAI,KAAK,EAAE,CAmBtC;AAED,wBAAgB,oBAAoB,IAAI,aAAa,EAAE,CAuBtD;AAED,wBAAgB,mBAAmB,CAAC,QAAQ,EAAE,aAAa,GAAG,KAAK,EAAE,CAkEpE;AAED,wBAAgB,2BAA2B,CACzC,QAAQ,EAAE,cAAc,GACvB,aAAa,EAAE,CAEjB;AAED,wBAAgB,mBAAmB,CAAC,KAAK,EAAE,YAAY,GAAG,aAAa,EAAE,CAExE;AAED,wBAAgB,gBAAgB,CAAC,EAAE,EAAE,MAAM,GAAG,aAAa,GAAG,SAAS,CAEtE;AAED,wBAAgB,oBAAoB,IAAI,aAAa,EAAE,CAEtD;AAED,wBAAgB,0BAA0B,CAAC,QAAQ,EAAE,aAAa,GAAG,KAAK,CAGzE;AAED,wBAAgB,iBAAiB,CAAC,MAAM,SAAK,GAAG,KAAK,EAAE,CA4BtD;AAED,wBAAgB,iBAAiB,CAC/B,KAAK,EAAE,gBAAgB,GAAG,MAAM,GAAG,YAAY,GAAG,UAAU,GAC3D,KAAK,EAAE,CAaT;AAED,OAAO,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAC5C,OAAO,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AACxC,OAAO,EACL,cAAc,EACd,aAAa,EACb,uBAAuB,GACxB,MAAM,YAAY,CAAC;AACpB,OAAO,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AACxD,OAAO,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AACxC,OAAO,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAE9C,OAAO,EACL,YAAY,EACZ,cAAc,EACd,eAAe,EACf,eAAe,EACf,cAAc,EACd,cAAc,EACd,sBAAsB,EACtB,oBAAoB,EACpB,qBAAqB,EACrB,yBAAyB,EACzB,wBAAwB,EACxB,eAAe,GAChB,MAAM,UAAU,CAAC"}
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
import type { Probe, ProbeSequence, AttackCategory, DefenseLevel } from "../types";
|
|
2
|
+
export declare const crescendoProbes: Probe[];
|
|
3
|
+
export declare const cotHijackProbes: Probe[];
|
|
4
|
+
export declare const manyShotProbes: Probe[];
|
|
5
|
+
export declare const asciiArtProbes: Probe[];
|
|
6
|
+
export declare const reasoningExploitProbes: Probe[];
|
|
7
|
+
export declare const policyPuppetryProbes: Probe[];
|
|
8
|
+
export declare const contextOverflowProbes: Probe[];
|
|
9
|
+
export declare const probeSequences: ProbeSequence[];
|
|
10
|
+
export declare const modernProbes: Probe[];
|
|
11
|
+
export declare function getModernProbesByCategory(category: AttackCategory): Probe[];
|
|
12
|
+
export declare function getProbesForDefenseLevel(level: DefenseLevel): Probe[];
|
|
13
|
+
export declare function getSequenceById(id: string): ProbeSequence | undefined;
|
|
14
|
+
//# sourceMappingURL=modern.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"modern.d.ts","sourceRoot":"","sources":["../../src/probes/modern.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,KAAK,EACL,aAAa,EACb,cAAc,EAEd,YAAY,EACb,MAAM,UAAU,CAAC;AAElB,eAAO,MAAM,eAAe,EAAE,KAAK,EA2GlC,CAAC;AAEF,eAAO,MAAM,eAAe,EAAE,KAAK,EA6FlC,CAAC;AAEF,eAAO,MAAM,cAAc,EAAE,KAAK,EAmFjC,CAAC;AAEF,eAAO,MAAM,cAAc,EAAE,KAAK,EAqFjC,CAAC;AAEF,eAAO,MAAM,sBAAsB,EAAE,KAAK,EA8DzC,CAAC;AAEF,eAAO,MAAM,oBAAoB,EAAE,KAAK,EA6EvC,CAAC;AAEF,eAAO,MAAM,qBAAqB,EAAE,KAAK,EAiCxC,CAAC;AAEF,eAAO,MAAM,cAAc,EAAE,aAAa,EAmCzC,CAAC;AAEF,eAAO,MAAM,YAAY,EAAE,KAAK,EAQ/B,CAAC;AAEF,wBAAgB,yBAAyB,CAAC,QAAQ,EAAE,cAAc,GAAG,KAAK,EAAE,CAE3E;AAED,wBAAgB,wBAAwB,CAAC,KAAK,EAAE,YAAY,GAAG,KAAK,EAAE,CAErE;AAED,wBAAgB,eAAe,CAAC,EAAE,EAAE,MAAM,GAAG,aAAa,GAAG,SAAS,CAErE"}
|
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
export declare const danPersonas: {
|
|
2
|
+
dan_11_0: string;
|
|
3
|
+
dude: string;
|
|
4
|
+
stan: string;
|
|
5
|
+
developer_mode: string;
|
|
6
|
+
anti_dan: string;
|
|
7
|
+
};
|
|
8
|
+
export declare const personaProbes: {
|
|
9
|
+
id: string;
|
|
10
|
+
category: string;
|
|
11
|
+
technique: string;
|
|
12
|
+
prompt: string;
|
|
13
|
+
}[];
|
|
14
|
+
export declare function getRandomPersonaProbe(): (typeof personaProbes)[number];
|
|
15
|
+
//# sourceMappingURL=personas.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"personas.d.ts","sourceRoot":"","sources":["../../src/probes/personas.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,WAAW;;;;;;CAUvB,CAAC;AAEF,eAAO,MAAM,aAAa;;;;;GAuEzB,CAAC;AAEF,wBAAgB,qBAAqB,IAAI,CAAC,OAAO,aAAa,CAAC,CAAC,MAAM,CAAC,CAEtE"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"social.d.ts","sourceRoot":"","sources":["../../src/probes/social.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,YAAY;;;;;GAsHxB,CAAC;AAEF,wBAAgB,oBAAoB,IAAI,CAAC,OAAO,YAAY,CAAC,CAAC,MAAM,CAAC,CAEpE"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"technical.d.ts","sourceRoot":"","sources":["../../src/probes/technical.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,eAAe;;;;;GAqI3B,CAAC;AAEF,wBAAgB,uBAAuB,IAAI,CAAC,OAAO,eAAe,CAAC,CAAC,MAAM,CAAC,CAE1E"}
|
package/dist/types.d.ts
ADDED
|
@@ -0,0 +1,244 @@
|
|
|
1
|
+
export type AttackCategory = "direct" | "encoding" | "persona" | "social" | "technical" | "crescendo" | "many_shot" | "ascii_art" | "cot_hijack" | "semantic_shift" | "policy_puppetry" | "context_overflow" | "reasoning_exploit";
|
|
2
|
+
export type AttackPhase = "reconnaissance" | "profiling" | "soft_probe" | "escalation" | "exploitation" | "persistence";
|
|
3
|
+
export type DefenseLevel = "none" | "weak" | "moderate" | "strong" | "hardened";
|
|
4
|
+
export type LeakStatus = "none" | "hint" | "fragment" | "substantial" | "complete";
|
|
5
|
+
export interface AttackNode {
|
|
6
|
+
id: string;
|
|
7
|
+
parentId: string | null;
|
|
8
|
+
depth: number;
|
|
9
|
+
prompt: string;
|
|
10
|
+
technique: string;
|
|
11
|
+
category: AttackCategory;
|
|
12
|
+
executed: boolean;
|
|
13
|
+
response?: string;
|
|
14
|
+
priorScore: number;
|
|
15
|
+
posteriorScore: number;
|
|
16
|
+
leakPotential: number;
|
|
17
|
+
children: AttackNode[];
|
|
18
|
+
mutations?: string[];
|
|
19
|
+
reasoning?: string;
|
|
20
|
+
timestamp: number;
|
|
21
|
+
}
|
|
22
|
+
export interface DefenseProfile {
|
|
23
|
+
level: DefenseLevel;
|
|
24
|
+
confidence: number;
|
|
25
|
+
observedBehaviors: string[];
|
|
26
|
+
guardrails: {
|
|
27
|
+
type: string;
|
|
28
|
+
strength: number;
|
|
29
|
+
bypassed: boolean;
|
|
30
|
+
bypassMethod?: string;
|
|
31
|
+
}[];
|
|
32
|
+
weaknesses: {
|
|
33
|
+
category: AttackCategory;
|
|
34
|
+
description: string;
|
|
35
|
+
exploitability: number;
|
|
36
|
+
}[];
|
|
37
|
+
refusalTriggers: string[];
|
|
38
|
+
safeTopics: string[];
|
|
39
|
+
responsePatterns: {
|
|
40
|
+
pattern: string;
|
|
41
|
+
frequency: number;
|
|
42
|
+
defenseIndicator: boolean;
|
|
43
|
+
}[];
|
|
44
|
+
}
|
|
45
|
+
export interface Finding {
|
|
46
|
+
id: string;
|
|
47
|
+
turn: number;
|
|
48
|
+
timestamp: number;
|
|
49
|
+
extractedContent: string;
|
|
50
|
+
contentType: "system_prompt" | "rule" | "constraint" | "capability" | "persona" | "unknown";
|
|
51
|
+
technique: string;
|
|
52
|
+
category: AttackCategory;
|
|
53
|
+
attackNodeId: string;
|
|
54
|
+
confidence: "high" | "medium" | "low";
|
|
55
|
+
evidence: string;
|
|
56
|
+
severity: "critical" | "high" | "medium" | "low";
|
|
57
|
+
verified: boolean;
|
|
58
|
+
verificationMethod?: string;
|
|
59
|
+
}
|
|
60
|
+
export interface ConversationTurn {
|
|
61
|
+
id: string;
|
|
62
|
+
turn: number;
|
|
63
|
+
timestamp: number;
|
|
64
|
+
role: "attacker" | "target";
|
|
65
|
+
content: string;
|
|
66
|
+
technique?: string;
|
|
67
|
+
category?: AttackCategory;
|
|
68
|
+
phase?: AttackPhase;
|
|
69
|
+
attackNodeId?: string;
|
|
70
|
+
leakStatus?: LeakStatus;
|
|
71
|
+
defenseSignals?: string[];
|
|
72
|
+
extractedFragments?: string[];
|
|
73
|
+
}
|
|
74
|
+
export interface AttackStrategy {
|
|
75
|
+
id: string;
|
|
76
|
+
name: string;
|
|
77
|
+
description: string;
|
|
78
|
+
applicableWhen: {
|
|
79
|
+
defenseLevel?: DefenseLevel[];
|
|
80
|
+
failedCategories?: AttackCategory[];
|
|
81
|
+
turnRange?: [number, number];
|
|
82
|
+
leakStatus?: LeakStatus[];
|
|
83
|
+
};
|
|
84
|
+
attackSequence: {
|
|
85
|
+
category: AttackCategory;
|
|
86
|
+
weight: number;
|
|
87
|
+
techniques: string[];
|
|
88
|
+
}[];
|
|
89
|
+
expectedTurns: number;
|
|
90
|
+
successRate: number;
|
|
91
|
+
priority: number;
|
|
92
|
+
}
|
|
93
|
+
export interface StrategyState {
|
|
94
|
+
currentStrategy: AttackStrategy | null;
|
|
95
|
+
strategyHistory: {
|
|
96
|
+
strategy: AttackStrategy;
|
|
97
|
+
turns: number;
|
|
98
|
+
outcome: "success" | "partial" | "failed" | "ongoing";
|
|
99
|
+
}[];
|
|
100
|
+
adaptationCount: number;
|
|
101
|
+
lastAdaptationReason: string;
|
|
102
|
+
}
|
|
103
|
+
export interface StrategistOutput {
|
|
104
|
+
selectedStrategy: AttackStrategy;
|
|
105
|
+
reasoning: string;
|
|
106
|
+
targetWeaknesses: string[];
|
|
107
|
+
recommendedCategories: AttackCategory[];
|
|
108
|
+
phaseTransition?: AttackPhase;
|
|
109
|
+
shouldReset: boolean;
|
|
110
|
+
resetReason?: string;
|
|
111
|
+
}
|
|
112
|
+
export interface AttackerOutput {
|
|
113
|
+
attack: AttackNode;
|
|
114
|
+
alternatives: AttackNode[];
|
|
115
|
+
reasoning: string;
|
|
116
|
+
expectedDefense: string;
|
|
117
|
+
}
|
|
118
|
+
export interface EvaluatorOutput {
|
|
119
|
+
status: LeakStatus;
|
|
120
|
+
confidence: number;
|
|
121
|
+
extractedContent?: string;
|
|
122
|
+
extractedFragments?: string[];
|
|
123
|
+
techniqueEffectiveness: number;
|
|
124
|
+
defenseAnalysis: {
|
|
125
|
+
type: string;
|
|
126
|
+
strength: number;
|
|
127
|
+
}[];
|
|
128
|
+
recommendation: string;
|
|
129
|
+
suggestedCategories: AttackCategory[];
|
|
130
|
+
shouldContinue: boolean;
|
|
131
|
+
continueReason: string;
|
|
132
|
+
}
|
|
133
|
+
export interface MutatorOutput {
|
|
134
|
+
originalPrompt: string;
|
|
135
|
+
mutations: {
|
|
136
|
+
prompt: string;
|
|
137
|
+
mutationType: string;
|
|
138
|
+
expectedEffectiveness: number;
|
|
139
|
+
}[];
|
|
140
|
+
bestMutation: string;
|
|
141
|
+
reasoning: string;
|
|
142
|
+
}
|
|
143
|
+
export interface ScanConfig {
|
|
144
|
+
maxTurns: number;
|
|
145
|
+
maxTreeDepth: number;
|
|
146
|
+
branchingFactor: number;
|
|
147
|
+
pruningThreshold: number;
|
|
148
|
+
enableCrescendo: boolean;
|
|
149
|
+
enableManyShot: boolean;
|
|
150
|
+
enableBestOfN: boolean;
|
|
151
|
+
bestOfNCount: number;
|
|
152
|
+
maxTokensPerTurn: number;
|
|
153
|
+
maxTotalTokens: number;
|
|
154
|
+
attackerModel: string;
|
|
155
|
+
evaluatorModel: string;
|
|
156
|
+
targetModel?: string;
|
|
157
|
+
onProgress?: (state: ScanProgress) => Promise<void>;
|
|
158
|
+
onFinding?: (finding: Finding) => Promise<void>;
|
|
159
|
+
}
|
|
160
|
+
export interface ScanProgress {
|
|
161
|
+
turn: number;
|
|
162
|
+
maxTurns: number;
|
|
163
|
+
phase: AttackPhase;
|
|
164
|
+
strategy: string;
|
|
165
|
+
leakStatus: LeakStatus;
|
|
166
|
+
findingsCount: number;
|
|
167
|
+
treeNodesExplored: number;
|
|
168
|
+
estimatedCompletion: number;
|
|
169
|
+
}
|
|
170
|
+
export interface ScanResult {
|
|
171
|
+
findings: Finding[];
|
|
172
|
+
overallVulnerability: "critical" | "high" | "medium" | "low" | "secure";
|
|
173
|
+
overallScore: number;
|
|
174
|
+
leakStatus: LeakStatus;
|
|
175
|
+
extractedSystemPrompt?: string;
|
|
176
|
+
extractedFragments: string[];
|
|
177
|
+
turnsUsed: number;
|
|
178
|
+
tokensUsed: number;
|
|
179
|
+
treeNodesExplored: number;
|
|
180
|
+
strategiesUsed: string[];
|
|
181
|
+
defenseProfile: DefenseProfile;
|
|
182
|
+
conversationLog: ConversationTurn[];
|
|
183
|
+
attackTree?: AttackNode;
|
|
184
|
+
summary: string;
|
|
185
|
+
recommendations: string[];
|
|
186
|
+
startTime: number;
|
|
187
|
+
endTime: number;
|
|
188
|
+
duration: number;
|
|
189
|
+
}
|
|
190
|
+
export interface AttackAnalysis {
|
|
191
|
+
turn: number;
|
|
192
|
+
techniqueUsed: string;
|
|
193
|
+
category: AttackCategory;
|
|
194
|
+
targetResponseSummary: string;
|
|
195
|
+
responseLength: number;
|
|
196
|
+
defenseSignals: string[];
|
|
197
|
+
extractionResult: {
|
|
198
|
+
status: LeakStatus;
|
|
199
|
+
extractedContent: string | null;
|
|
200
|
+
confidence: "high" | "medium" | "low" | null;
|
|
201
|
+
evidence: string | null;
|
|
202
|
+
};
|
|
203
|
+
defenseAnalysis: {
|
|
204
|
+
detectedGuardrails: string[];
|
|
205
|
+
weaknessIdentified: string | null;
|
|
206
|
+
bypassPotential: number;
|
|
207
|
+
};
|
|
208
|
+
nextAction: {
|
|
209
|
+
category: AttackCategory;
|
|
210
|
+
technique: string;
|
|
211
|
+
rationale: string;
|
|
212
|
+
priority: number;
|
|
213
|
+
};
|
|
214
|
+
cumulativeExtraction: string;
|
|
215
|
+
progressTowardsGoal: number;
|
|
216
|
+
}
|
|
217
|
+
export interface Probe {
|
|
218
|
+
id: string;
|
|
219
|
+
category: AttackCategory;
|
|
220
|
+
technique: string;
|
|
221
|
+
prompt: string;
|
|
222
|
+
phase: AttackPhase[];
|
|
223
|
+
defenseLevel: DefenseLevel[];
|
|
224
|
+
requiresContext: boolean;
|
|
225
|
+
multiTurn: boolean;
|
|
226
|
+
sequencePosition?: number;
|
|
227
|
+
expectedSuccessRate: number;
|
|
228
|
+
sophistication: number;
|
|
229
|
+
stealthiness: number;
|
|
230
|
+
variables?: string[];
|
|
231
|
+
}
|
|
232
|
+
export interface ProbeSequence {
|
|
233
|
+
id: string;
|
|
234
|
+
name: string;
|
|
235
|
+
description: string;
|
|
236
|
+
category: AttackCategory;
|
|
237
|
+
probes: Probe[];
|
|
238
|
+
requiresAllSteps: boolean;
|
|
239
|
+
canShortCircuit: boolean;
|
|
240
|
+
shortCircuitCondition?: string;
|
|
241
|
+
expectedTurns: number;
|
|
242
|
+
successRate: number;
|
|
243
|
+
}
|
|
244
|
+
//# sourceMappingURL=types.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,cAAc,GACtB,QAAQ,GACR,UAAU,GACV,SAAS,GACT,QAAQ,GACR,WAAW,GACX,WAAW,GACX,WAAW,GACX,WAAW,GACX,YAAY,GACZ,gBAAgB,GAChB,iBAAiB,GACjB,kBAAkB,GAClB,mBAAmB,CAAC;AAExB,MAAM,MAAM,WAAW,GACnB,gBAAgB,GAChB,WAAW,GACX,YAAY,GACZ,YAAY,GACZ,cAAc,GACd,aAAa,CAAC;AAElB,MAAM,MAAM,YAAY,GAAG,MAAM,GAAG,MAAM,GAAG,UAAU,GAAG,QAAQ,GAAG,UAAU,CAAC;AAEhF,MAAM,MAAM,UAAU,GAClB,MAAM,GACN,MAAM,GACN,UAAU,GACV,aAAa,GACb,UAAU,CAAC;AAEf,MAAM,WAAW,UAAU;IACzB,EAAE,EAAE,MAAM,CAAC;IACX,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,cAAc,CAAC;IACzB,QAAQ,EAAE,OAAO,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,cAAc,EAAE,MAAM,CAAC;IACvB,aAAa,EAAE,MAAM,CAAC;IACtB,QAAQ,EAAE,UAAU,EAAE,CAAC;IACvB,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;IACrB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,cAAc;IAC7B,KAAK,EAAE,YAAY,CAAC;IACpB,UAAU,EAAE,MAAM,CAAC;IACnB,iBAAiB,EAAE,MAAM,EAAE,CAAC;IAC5B,UAAU,EAAE;QACV,IAAI,EAAE,MAAM,CAAC;QACb,QAAQ,EAAE,MAAM,CAAC;QACjB,QAAQ,EAAE,OAAO,CAAC;QAClB,YAAY,CAAC,EAAE,MAAM,CAAC;KACvB,EAAE,CAAC;IACJ,UAAU,EAAE;QACV,QAAQ,EAAE,cAAc,CAAC;QACzB,WAAW,EAAE,MAAM,CAAC;QACpB,cAAc,EAAE,MAAM,CAAC;KACxB,EAAE,CAAC;IACJ,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,UAAU,EAAE,MAAM,EAAE,CAAC;IACrB,gBAAgB,EAAE;QAChB,OAAO,EAAE,MAAM,CAAC;QAChB,SAAS,EAAE,MAAM,CAAC;QAClB,gBAAgB,EAAE,OAAO,CAAC;KAC3B,EAAE,CAAC;CACL;AAED,MAAM,WAAW,OAAO;IACtB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,MAAM,CAAC;IAClB,gBAAgB,EAAE,MAAM,CAAC;IACzB,WAAW,EACP,eAAe,GACf,MAAM,GACN,YAAY,GACZ,YAAY,GACZ,SAAS,GACT,SAAS,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,cAAc,CAAC;IACzB,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;IACtC,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;IACjD,QAAQ,EAAE,OAAO,CAAC;IAClB,kBAAkB,CAAC,EAAE,MAAM,CAAC;CAC7B;AAED,MAAM,WAAW,gBAAgB;IAC/B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,EAAE,UAAU,GAAG,QAAQ,CAAC;IAC5B,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,cAAc,CAAC;IAC1B,KAAK,CAAC,EAAE,WAAW,CAAC;IACpB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,UAAU,CAAC,EAAE,UAAU,CAAC;IACxB,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;IAC1B,kBAAkB,CAAC,EAAE,MAAM,EAAE,CAAC;CAC/B;AAED,MAAM,WAAW,cAAc;IAC7B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,cAAc,EAAE;QACd,YAAY,CAAC,EAAE,YAAY,EAAE,CAAC;QAC9B,gBAAgB,CAAC,EAAE,cAAc,EAAE,CAAC;QACpC,SAAS,CAAC,EAAE,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QAC7B,UAAU,CAAC,EAAE,UAAU,EAAE,CAAC;KAC3B,CAAC;IACF,cAAc,EAAE;QACd,QAAQ,EAAE,cAAc,CAAC;QACzB,MAAM,EAAE,MAAM,CAAC;QACf,UAAU,EAAE,MAAM,EAAE,CAAC;KACtB,EAAE,CAAC;IACJ,aAAa,EAAE,MAAM,CAAC;IACtB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,aAAa;IAC5B,eAAe,EAAE,cAAc,GAAG,IAAI,CAAC;IACvC,eAAe,EAAE;QACf,QAAQ,EAAE,cAAc,CAAC;QACzB,KAAK,EAAE,MAAM,CAAC;QACd,OAAO,EAAE,SAAS,GAAG,SAAS,GAAG,QAAQ,GAAG,SAAS,CAAC;KACvD,EAAE,CAAC;IACJ,eAAe,EAAE,MAAM,CAAC;IACxB,oBAAoB,EAAE,MAAM,CAAC;CAC9B;AAED,MAAM,WAAW,gBAAgB;IAC/B,gBAAgB,EAAE,cAAc,CAAC;IACjC,SAAS,EAAE,MAAM,CAAC;IAClB,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B,qBAAqB,EAAE,cAAc,EAAE,CAAC;IACxC,eAAe,CAAC,EAAE,WAAW,CAAC;IAC9B,WAAW,EAAE,OAAO,CAAC;IACrB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,cAAc;IAC7B,MAAM,EAAE,UAAU,CAAC;IACnB,YAAY,EAAE,UAAU,EAAE,CAAC;IAC3B,SAAS,EAAE,MAAM,CAAC;IAClB,eAAe,EAAE,MAAM,CAAC;CACzB;AAED,MAAM,WAAW,eAAe;IAC9B,MAAM,EAAE,UAAU,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,kBAAkB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC9B,sBAAsB,EAAE,MAAM,CAAC;IAC/B,eAAe,EAAE;QACf,IAAI,EAAE,MAAM,CAAC;QACb,QAAQ,EAAE,MAAM,CAAC;KAClB,EAAE,CAAC;IACJ,cAAc,EAAE,MAAM,CAAC;IACvB,mBAAmB,EAAE,cAAc,EAAE,CAAC;IACtC,cAAc,EAAE,OAAO,CAAC;IACxB,cAAc,EAAE,MAAM,CAAC;CACxB;AAED,MAAM,WAAW,aAAa;IAC5B,cAAc,EAAE,MAAM,CAAC;IACvB,SAAS,EAAE;QACT,MAAM,EAAE,MAAM,CAAC;QACf,YAAY,EAAE,MAAM,CAAC;QACrB,qBAAqB,EAAE,MAAM,CAAC;KAC/B,EAAE,CAAC;IACJ,YAAY,EAAE,MAAM,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,UAAU;IACzB,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,EAAE,MAAM,CAAC;IACrB,eAAe,EAAE,MAAM,CAAC;IACxB,gBAAgB,EAAE,MAAM,CAAC;IACzB,eAAe,EAAE,OAAO,CAAC;IACzB,cAAc,EAAE,OAAO,CAAC;IACxB,aAAa,EAAE,OAAO,CAAC;IACvB,YAAY,EAAE,MAAM,CAAC;IACrB,gBAAgB,EAAE,MAAM,CAAC;IACzB,cAAc,EAAE,MAAM,CAAC;IACvB,aAAa,EAAE,MAAM,CAAC;IACtB,cAAc,EAAE,MAAM,CAAC;IACvB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,UAAU,CAAC,EAAE,CAAC,KAAK,EAAE,YAAY,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IACpD,SAAS,CAAC,EAAE,CAAC,OAAO,EAAE,OAAO,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;CACjD;AAED,MAAM,WAAW,YAAY;IAC3B,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,WAAW,CAAC;IACnB,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,UAAU,CAAC;IACvB,aAAa,EAAE,MAAM,CAAC;IACtB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,mBAAmB,EAAE,MAAM,CAAC;CAC7B;AAED,MAAM,WAAW,UAAU;IACzB,QAAQ,EAAE,OAAO,EAAE,CAAC;IACpB,oBAAoB,EAAE,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,GAAG,QAAQ,CAAC;IACxE,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,UAAU,CAAC;IACvB,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B,kBAAkB,EAAE,MAAM,EAAE,CAAC;IAC7B,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,cAAc,EAAE,cAAc,CAAC;IAC/B,eAAe,EAAE,gBAAgB,EAAE,CAAC;IACpC,UAAU,CAAC,EAAE,UAAU,CAAC;IACxB,OAAO,EAAE,MAAM,CAAC;IAChB,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,MAAM,CAAC;IACb,aAAa,EAAE,MAAM,CAAC;IACtB,QAAQ,EAAE,cAAc,CAAC;IACzB,qBAAqB,EAAE,MAAM,CAAC;IAC9B,cAAc,EAAE,MAAM,CAAC;IACvB,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,gBAAgB,EAAE;QAChB,MAAM,EAAE,UAAU,CAAC;QACnB,gBAAgB,EAAE,MAAM,GAAG,IAAI,CAAC;QAChC,UAAU,EAAE,MAAM,GAAG,QAAQ,GAAG,KAAK,GAAG,IAAI,CAAC;QAC7C,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;KACzB,CAAC;IACF,eAAe,EAAE;QACf,kBAAkB,EAAE,MAAM,EAAE,CAAC;QAC7B,kBAAkB,EAAE,MAAM,GAAG,IAAI,CAAC;QAClC,eAAe,EAAE,MAAM,CAAC;KACzB,CAAC;IACF,UAAU,EAAE;QACV,QAAQ,EAAE,cAAc,CAAC;QACzB,SAAS,EAAE,MAAM,CAAC;QAClB,SAAS,EAAE,MAAM,CAAC;QAClB,QAAQ,EAAE,MAAM,CAAC;KAClB,CAAC;IACF,oBAAoB,EAAE,MAAM,CAAC;IAC7B,mBAAmB,EAAE,MAAM,CAAC;CAC7B;AAED,MAAM,WAAW,KAAK;IACpB,EAAE,EAAE,MAAM,CAAC;IACX,QAAQ,EAAE,cAAc,CAAC;IACzB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,WAAW,EAAE,CAAC;IACrB,YAAY,EAAE,YAAY,EAAE,CAAC;IAC7B,eAAe,EAAE,OAAO,CAAC;IACzB,SAAS,EAAE,OAAO,CAAC;IACnB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,mBAAmB,EAAE,MAAM,CAAC;IAC5B,cAAc,EAAE,MAAM,CAAC;IACvB,YAAY,EAAE,MAAM,CAAC;IACrB,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;CACtB;AAED,MAAM,WAAW,aAAa;IAC5B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,cAAc,CAAC;IACzB,MAAM,EAAE,KAAK,EAAE,CAAC;IAChB,gBAAgB,EAAE,OAAO,CAAC;IAC1B,eAAe,EAAE,OAAO,CAAC;IACzB,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B,aAAa,EAAE,MAAM,CAAC;IACtB,WAAW,EAAE,MAAM,CAAC;CACrB"}
|
package/dist/utils.d.ts
ADDED
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
export declare function generateId(prefix?: string): string;
|
|
2
|
+
export declare function generateShortId(): string;
|
|
3
|
+
export declare const encoding: {
|
|
4
|
+
toBase64(text: string): string;
|
|
5
|
+
fromBase64(encoded: string): string;
|
|
6
|
+
toBase64UrlSafe(text: string): string;
|
|
7
|
+
};
|
|
8
|
+
export declare function calculateTextSimilarity(a: string, b: string): number;
|
|
9
|
+
export declare function truncate(text: string, maxLength: number): string;
|
|
10
|
+
export declare function sleep(ms: number): Promise<void>;
|
|
11
|
+
export declare function retry<T>(fn: () => Promise<T>, options?: {
|
|
12
|
+
maxAttempts?: number;
|
|
13
|
+
delayMs?: number;
|
|
14
|
+
backoff?: boolean;
|
|
15
|
+
}): Promise<T>;
|
|
16
|
+
//# sourceMappingURL=utils.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../src/utils.ts"],"names":[],"mappings":"AAAA,wBAAgB,UAAU,CAAC,MAAM,GAAE,MAAW,GAAG,MAAM,CAOtD;AAED,wBAAgB,eAAe,IAAI,MAAM,CAExC;AAED,eAAO,MAAM,QAAQ;mBACJ,MAAM,GAAG,MAAM;wBAOV,MAAM,GAAG,MAAM;0BAOb,MAAM,GAAG,MAAM;CAMtC,CAAC;AAEF,wBAAgB,uBAAuB,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,MAAM,GAAG,MAAM,CAwBpE;AAED,wBAAgB,QAAQ,CAAC,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,MAAM,CAGhE;AAED,wBAAgB,KAAK,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAE/C;AAED,wBAAsB,KAAK,CAAC,CAAC,EAC3B,EAAE,EAAE,MAAM,OAAO,CAAC,CAAC,CAAC,EACpB,OAAO,GAAE;IACP,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,OAAO,CAAC,EAAE,OAAO,CAAC;CACd,GACL,OAAO,CAAC,CAAC,CAAC,CAmBZ"}
|