icdev 1.0.0__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- icdev/__init__.py +18 -0
- icdev/_paths.py +85 -0
- icdev/_version.py +3 -0
- icdev/data/__init__.py +1 -0
- icdev/data/args/__init__.py +1 -0
- icdev/data/args/agent_authority.yaml +61 -0
- icdev/data/args/agent_config.yaml +355 -0
- icdev/data/args/agentic_fitness.yaml +31 -0
- icdev/data/args/ai_governance_config.yaml +137 -0
- icdev/data/args/atlas_critique_config.yaml +66 -0
- icdev/data/args/bedrock_models.yaml +63 -0
- icdev/data/args/cicd_config.yaml +82 -0
- icdev/data/args/classification_config.yaml +232 -0
- icdev/data/args/cli_config.yaml +154 -0
- icdev/data/args/cloud_config.yaml +63 -0
- icdev/data/args/code_pattern_config.yaml +151 -0
- icdev/data/args/code_quality_config.yaml +47 -0
- icdev/data/args/companion_registry.yaml +202 -0
- icdev/data/args/context_config.yaml +82 -0
- icdev/data/args/csp_monitor_config.yaml +268 -0
- icdev/data/args/cui_markings.yaml +35 -0
- icdev/data/args/db_config.yaml +40 -0
- icdev/data/args/deployment_profiles.yaml +248 -0
- icdev/data/args/dev_profile_config.yaml +144 -0
- icdev/data/args/devsecops_config.yaml +286 -0
- icdev/data/args/endpoint_security_config.yaml +137 -0
- icdev/data/args/extension_config.yaml +79 -0
- icdev/data/args/file_access_tiers.yaml +88 -0
- icdev/data/args/framework_registry.yaml +415 -0
- icdev/data/args/innovation_config.yaml +431 -0
- icdev/data/args/installation_manifest.yaml +1087 -0
- icdev/data/args/llm_config.yaml +495 -0
- icdev/data/args/maintenance_config.yaml +55 -0
- icdev/data/args/memory_config.yaml +83 -0
- icdev/data/args/monitoring_config.yaml +127 -0
- icdev/data/args/mosa_config.yaml +190 -0
- icdev/data/args/nlq_config.yaml +35 -0
- icdev/data/args/observability_config.yaml +39 -0
- icdev/data/args/observability_tracing_config.yaml +170 -0
- icdev/data/args/oscal_tools_config.yaml +43 -0
- icdev/data/args/owasp_agentic_config.yaml +171 -0
- icdev/data/args/phase_registry.yaml +618 -0
- icdev/data/args/project_defaults.yaml +235 -0
- icdev/data/args/prompt_chains.yaml +163 -0
- icdev/data/args/resilience_config.yaml +50 -0
- icdev/data/args/ricoas_config.yaml +191 -0
- icdev/data/args/role_personas.yaml +362 -0
- icdev/data/args/scaling_config.yaml +176 -0
- icdev/data/args/security_gates.yaml +685 -0
- icdev/data/args/skill_injection_config.yaml +322 -0
- icdev/data/args/spec_config.yaml +53 -0
- icdev/data/args/supply_chain_config.yaml +76 -0
- icdev/data/args/translation_config.yaml +228 -0
- icdev/data/args/workflow_templates/ato_acceleration.yaml +54 -0
- icdev/data/args/workflow_templates/build_deploy.yaml +63 -0
- icdev/data/args/workflow_templates/full_compliance.yaml +43 -0
- icdev/data/args/workflow_templates/security_hardening.yaml +55 -0
- icdev/data/args/worktree_config.yaml +34 -0
- icdev/data/args/zta_config.yaml +247 -0
- icdev/data/context/__init__.py +1 -0
- icdev/data/context/agent/__init__.py +1 -0
- icdev/data/context/agent/response_schemas/__init__.py +1 -0
- icdev/data/context/agent/response_schemas/debate_position.json +46 -0
- icdev/data/context/agent/response_schemas/fitness_scorecard.json +74 -0
- icdev/data/context/agent/response_schemas/review_decision.json +39 -0
- icdev/data/context/agent/response_schemas/task_decomposition.json +82 -0
- icdev/data/context/agent/response_schemas/veto_decision.json +40 -0
- icdev/data/context/agentic/__init__.py +1 -0
- icdev/data/context/agentic/architecture_patterns.md +269 -0
- icdev/data/context/agentic/capability_registry.yaml +202 -0
- icdev/data/context/agentic/csp_mcp_registry.yaml +280 -0
- icdev/data/context/agentic/fitness_rubric.md +56 -0
- icdev/data/context/agentic/governance_baseline.md +205 -0
- icdev/data/context/ci/__init__.py +1 -0
- icdev/data/context/ci/worktree_templates.json +44 -0
- icdev/data/context/cloud/__init__.py +1 -0
- icdev/data/context/cloud/csp_service_registry.json +739 -0
- icdev/data/context/compliance/__init__.py +1 -0
- icdev/data/context/compliance/atlas_mitigations.json +293 -0
- icdev/data/context/compliance/atlas_techniques.json +833 -0
- icdev/data/context/compliance/cisa_sbd_requirements.json +432 -0
- icdev/data/context/compliance/cjis_security_policy.json +522 -0
- icdev/data/context/compliance/cmmc_practices.json +2494 -0
- icdev/data/context/compliance/cmmc_report_template.md +142 -0
- icdev/data/context/compliance/cnssi_1253_overlay.json +109 -0
- icdev/data/context/compliance/control_crosswalk.json +1914 -0
- icdev/data/context/compliance/control_families/__init__.py +1 -0
- icdev/data/context/compliance/csp_certifications.json +251 -0
- icdev/data/context/compliance/cssp_report_template.md +193 -0
- icdev/data/context/compliance/cui_templates/__init__.py +1 -0
- icdev/data/context/compliance/cui_templates/banner_block.txt +4 -0
- icdev/data/context/compliance/cui_templates/code_header.txt +8 -0
- icdev/data/context/compliance/cui_templates/document_template.md +35 -0
- icdev/data/context/compliance/data_type_framework_map.json +321 -0
- icdev/data/context/compliance/data_type_registry.json +147 -0
- icdev/data/context/compliance/dod_cssp_8530.json +463 -0
- icdev/data/context/compliance/eu_ai_act_annex_iii.json +108 -0
- icdev/data/context/compliance/export_templates/__init__.py +1 -0
- icdev/data/context/compliance/export_templates/emass_controls.csv.j2 +4 -0
- icdev/data/context/compliance/export_templates/evidence_package.md.j2 +39 -0
- icdev/data/context/compliance/export_templates/executive_summary.md.j2 +55 -0
- icdev/data/context/compliance/export_templates/poam_tracking.csv.j2 +4 -0
- icdev/data/context/compliance/fedramp_20x_ksi_schemas.json +133 -0
- icdev/data/context/compliance/fedramp_high_baseline.json +4370 -0
- icdev/data/context/compliance/fedramp_moderate_baseline.json +2183 -0
- icdev/data/context/compliance/fedramp_report_template.md +181 -0
- icdev/data/context/compliance/fips_200_areas.json +362 -0
- icdev/data/context/compliance/gao_ai_accountability.json +262 -0
- icdev/data/context/compliance/hipaa_security_rule.json +720 -0
- icdev/data/context/compliance/hitrust_csf_v11.json +930 -0
- icdev/data/context/compliance/impact_level_profiles.json +251 -0
- icdev/data/context/compliance/incident_response_template.md +1110 -0
- icdev/data/context/compliance/iso27001_2022_controls.json +750 -0
- icdev/data/context/compliance/iso27001_nist_bridge.json +382 -0
- icdev/data/context/compliance/iso42001_controls.json +254 -0
- icdev/data/context/compliance/ivv_checklist_template.md +80 -0
- icdev/data/context/compliance/ivv_report_template.md +116 -0
- icdev/data/context/compliance/ivv_requirements.json +372 -0
- icdev/data/context/compliance/mosa_crosswalk.json +327 -0
- icdev/data/context/compliance/mosa_framework.json +250 -0
- icdev/data/context/compliance/narrative_templates/AC.md.j2 +101 -0
- icdev/data/context/compliance/narrative_templates/AU.md.j2 +106 -0
- icdev/data/context/compliance/narrative_templates/IA.md.j2 +104 -0
- icdev/data/context/compliance/narrative_templates/SC.md.j2 +102 -0
- icdev/data/context/compliance/narrative_templates/SI.md.j2 +111 -0
- icdev/data/context/compliance/narrative_templates/__init__.py +1 -0
- icdev/data/context/compliance/narrative_templates/default.md.j2 +50 -0
- icdev/data/context/compliance/narrative_templates/executive_summary.j2 +27 -0
- icdev/data/context/compliance/narrative_templates/poam_milestone.j2 +19 -0
- icdev/data/context/compliance/narrative_templates/ssp_section.j2 +11 -0
- icdev/data/context/compliance/nist_800_171_controls.json +1552 -0
- icdev/data/context/compliance/nist_800_207_crosswalk.json +399 -0
- icdev/data/context/compliance/nist_800_207_zta.json +258 -0
- icdev/data/context/compliance/nist_800_53.json +324 -0
- icdev/data/context/compliance/nist_ai_600_1_genai.json +326 -0
- icdev/data/context/compliance/nist_ai_rmf.json +206 -0
- icdev/data/context/compliance/nist_sp_800_60_types.json +1667 -0
- icdev/data/context/compliance/omb_m25_21_high_impact_ai.json +248 -0
- icdev/data/context/compliance/omb_m26_04_unbiased_ai.json +262 -0
- icdev/data/context/compliance/owasp_agentic_asi.json +133 -0
- icdev/data/context/compliance/owasp_agentic_threats.json +285 -0
- icdev/data/context/compliance/owasp_llm_top10.json +274 -0
- icdev/data/context/compliance/pci_dss_v4.json +510 -0
- icdev/data/context/compliance/poam_template.md +117 -0
- icdev/data/context/compliance/safeai_controls.json +512 -0
- icdev/data/context/compliance/sbd_report_template.md +77 -0
- icdev/data/context/compliance/siem_config_templates/__init__.py +1 -0
- icdev/data/context/compliance/siem_config_templates/filebeat.yml +213 -0
- icdev/data/context/compliance/siem_config_templates/log_sources.json +208 -0
- icdev/data/context/compliance/soc2_trust_criteria.json +661 -0
- icdev/data/context/compliance/ssp_template.md +432 -0
- icdev/data/context/compliance/stig_templates/__init__.py +1 -0
- icdev/data/context/compliance/stig_templates/webapp_stig.json +139 -0
- icdev/data/context/compliance/xai_requirements.json +108 -0
- icdev/data/context/dashboard/__init__.py +1 -0
- icdev/data/context/dashboard/nlq_examples.json +50 -0
- icdev/data/context/dashboard/schema_descriptions.json +23 -0
- icdev/data/context/integration/__init__.py +1 -0
- icdev/data/context/integration/approval_workflows.json +32 -0
- icdev/data/context/integration/gitlab_field_mappings.json +33 -0
- icdev/data/context/integration/jira_field_mappings.json +32 -0
- icdev/data/context/integration/reqif_export_schema.json +23 -0
- icdev/data/context/integration/servicenow_field_mappings.json +22 -0
- icdev/data/context/languages/__init__.py +1 -0
- icdev/data/context/languages/framework_patterns.json +205 -0
- icdev/data/context/languages/language_registry.json +279 -0
- icdev/data/context/llm/__init__.py +1 -0
- icdev/data/context/llm/example_provider.py +86 -0
- icdev/data/context/mbse/__init__.py +1 -0
- icdev/data/context/mbse/des_report_template.md +162 -0
- icdev/data/context/mbse/des_requirements.json +411 -0
- icdev/data/context/mbse/digital_thread_patterns.json +403 -0
- icdev/data/context/mbse/reqif_schema.json +280 -0
- icdev/data/context/mbse/sysml_element_types.json +432 -0
- icdev/data/context/modernization/__init__.py +1 -0
- icdev/data/context/modernization/db_type_mappings.json +148 -0
- icdev/data/context/modernization/decomposition_patterns.json +284 -0
- icdev/data/context/modernization/framework_migration_patterns.json +359 -0
- icdev/data/context/modernization/migration_report_template.md +168 -0
- icdev/data/context/modernization/seven_rs_catalog.json +369 -0
- icdev/data/context/modernization/version_upgrade_rules.json +279 -0
- icdev/data/context/oscal/NIST_SP-800-53_rev5_catalog.json +254987 -0
- icdev/data/context/oscal/README.md +43 -0
- icdev/data/context/patterns/__init__.py +1 -0
- icdev/data/context/profiles/__init__.py +1 -0
- icdev/data/context/profiles/dod_baseline_v1.yaml +145 -0
- icdev/data/context/profiles/fedramp_baseline_v1.yaml +143 -0
- icdev/data/context/profiles/financial_baseline_v1.yaml +142 -0
- icdev/data/context/profiles/healthcare_baseline_v1.yaml +135 -0
- icdev/data/context/profiles/law_enforcement_v1.yaml +129 -0
- icdev/data/context/profiles/startup_v1.yaml +134 -0
- icdev/data/context/requirements/__init__.py +1 -0
- icdev/data/context/requirements/ambiguity_patterns.json +97 -0
- icdev/data/context/requirements/boundary_impact_rules.json +123 -0
- icdev/data/context/requirements/default_constitutions.json +67 -0
- icdev/data/context/requirements/document_extraction_rules.json +58 -0
- icdev/data/context/requirements/gap_patterns.json +108 -0
- icdev/data/context/requirements/readiness_rubric.json +78 -0
- icdev/data/context/requirements/red_alternative_patterns.json +210 -0
- icdev/data/context/requirements/safe_templates.json +72 -0
- icdev/data/context/requirements/spec_quality_checklist.json +122 -0
- icdev/data/context/simulation/__init__.py +1 -0
- icdev/data/context/simulation/architecture_patterns.json +36 -0
- icdev/data/context/simulation/coa_templates.json +38 -0
- icdev/data/context/simulation/cost_models.json +23 -0
- icdev/data/context/simulation/risk_categories.json +46 -0
- icdev/data/context/supply_chain/__init__.py +1 -0
- icdev/data/context/supply_chain/isa_templates.json +129 -0
- icdev/data/context/supply_chain/nist_800_161_controls.json +247 -0
- icdev/data/context/supply_chain/scrm_risk_matrix.json +147 -0
- icdev/data/context/templates/__init__.py +1 -0
- icdev/data/context/templates/ansible/__init__.py +1 -0
- icdev/data/context/templates/ansible/playbooks/__init__.py +1 -0
- icdev/data/context/templates/ansible/roles/__init__.py +1 -0
- icdev/data/context/templates/gitlab_ci/__init__.py +1 -0
- icdev/data/context/templates/grafana/__init__.py +1 -0
- icdev/data/context/templates/kubernetes/__init__.py +1 -0
- icdev/data/context/templates/project/__init__.py +1 -0
- icdev/data/context/templates/project/api/__init__.py +1 -0
- icdev/data/context/templates/project/cli/__init__.py +1 -0
- icdev/data/context/templates/project/data_pipeline/__init__.py +1 -0
- icdev/data/context/templates/project/iac/__init__.py +1 -0
- icdev/data/context/templates/project/javascript_frontend/__init__.py +1 -0
- icdev/data/context/templates/project/javascript_frontend/src/__init__.py +1 -0
- icdev/data/context/templates/project/javascript_frontend/tests/__init__.py +1 -0
- icdev/data/context/templates/project/microservice/__init__.py +1 -0
- icdev/data/context/templates/project/python_backend/__init__.py +1 -0
- icdev/data/context/templates/project/python_backend/src/__init__.py +1 -0
- icdev/data/context/templates/project/python_backend/tests/__init__.py +1 -0
- icdev/data/context/templates/project/python_backend/tests/features/__init__.py +1 -0
- icdev/data/context/templates/project/python_backend/tests/steps/__init__.py +1 -0
- icdev/data/context/templates/terraform/__init__.py +1 -0
- icdev/data/context/templates/terraform/govcloud_base/__init__.py +1 -0
- icdev/data/context/templates/terraform/modules/__init__.py +1 -0
- icdev/data/context/tone/__init__.py +1 -0
- icdev/data/context/translation/dependency_mappings.json +186 -0
- icdev/data/context/translation/type_mappings.json +149 -0
- icdev/data/docs/README.md +187 -0
- icdev/data/docs/__init__.py +1 -0
- icdev/data/docs/admin/gateway-guide.md +338 -0
- icdev/data/docs/admin/marketplace-guide.md +396 -0
- icdev/data/docs/admin/monitoring-guide.md +509 -0
- icdev/data/docs/architecture/compliance-framework.md +764 -0
- icdev/data/docs/architecture/database-schema.md +689 -0
- icdev/data/docs/architecture/gotcha-framework.md +518 -0
- icdev/data/docs/architecture/multi-agent-system.md +603 -0
- icdev/data/docs/dx/README.md +106 -0
- icdev/data/docs/dx/__init__.py +1 -0
- icdev/data/docs/dx/ci-cd-integration.md +378 -0
- icdev/data/docs/dx/claude-code-guide.md +213 -0
- icdev/data/docs/dx/companion-guide.md +232 -0
- icdev/data/docs/dx/dev-profiles.md +309 -0
- icdev/data/docs/dx/icdev-yaml-spec.md +219 -0
- icdev/data/docs/dx/integration-tiers.md +279 -0
- icdev/data/docs/dx/llm-routing-guide.md +456 -0
- icdev/data/docs/dx/quickstart.md +192 -0
- icdev/data/docs/dx/sdk-reference.md +356 -0
- icdev/data/docs/dx/unified-mcp-setup.md +525 -0
- icdev/data/docs/features/__init__.py +1 -0
- icdev/data/docs/features/phase-01-gotcha-framework.md +249 -0
- icdev/data/docs/features/phase-02-atlas-build-workflow.md +223 -0
- icdev/data/docs/features/phase-03-tdd-bdd-testing.md +261 -0
- icdev/data/docs/features/phase-04-nist-compliance.md +255 -0
- icdev/data/docs/features/phase-05-security-scanning.md +229 -0
- icdev/data/docs/features/phase-06-infrastructure-deployment.md +288 -0
- icdev/data/docs/features/phase-07-code-review-gates.md +276 -0
- icdev/data/docs/features/phase-08-self-healing.md +223 -0
- icdev/data/docs/features/phase-09-monitoring-observability.md +230 -0
- icdev/data/docs/features/phase-10-dashboard-web-ui.md +218 -0
- icdev/data/docs/features/phase-11-multi-agent-architecture.md +272 -0
- icdev/data/docs/features/phase-12-integration-testing.md +228 -0
- icdev/data/docs/features/phase-13-cicd-integration.md +257 -0
- icdev/data/docs/features/phase-14-secure-by-design-ivv.md +240 -0
- icdev/data/docs/features/phase-15-maintenance-audit.md +192 -0
- icdev/data/docs/features/phase-16-ato-acceleration.md +228 -0
- icdev/data/docs/features/phase-17-multi-framework-compliance.md +223 -0
- icdev/data/docs/features/phase-18-mbse-integration.md +242 -0
- icdev/data/docs/features/phase-19-agentic-generation.md +202 -0
- icdev/data/docs/features/phase-20-fips-security-categorization.md +198 -0
- icdev/data/docs/features/phase-21-saas-multi-tenancy.md +273 -0
- icdev/data/docs/features/phase-22-federated-gotcha-marketplace.md +242 -0
- icdev/data/docs/features/phase-23-universal-compliance-platform.md +238 -0
- icdev/data/docs/features/phase-24-devsecops-pipeline-security.md +198 -0
- icdev/data/docs/features/phase-25-zero-trust-architecture.md +220 -0
- icdev/data/docs/features/phase-26-dod-mosa.md +205 -0
- icdev/data/docs/features/phase-27-cli-capabilities.md +222 -0
- icdev/data/docs/features/phase-28-remote-command-gateway.md +235 -0
- icdev/data/docs/features/phase-29-proactive-monitoring.md +212 -0
- icdev/data/docs/features/phase-30-dashboard-auth.md +215 -0
- icdev/data/docs/features/phase-31-dashboard-ux-low-impact.md +188 -0
- icdev/data/docs/features/phase-32-dashboard-ux-medium-impact.md +223 -0
- icdev/data/docs/features/phase-33-modular-installation.md +218 -0
- icdev/data/docs/features/phase-34-dev-profiles.md +239 -0
- icdev/data/docs/features/phase-35-innovation-engine.md +257 -0
- icdev/data/docs/features/phase-36-evolutionary-intelligence.md +351 -0
- icdev/data/docs/features/phase-37-mitre-atlas-integration.md +485 -0
- icdev/data/docs/features/phase-38-cloud-agnostic-architecture.md +1033 -0
- icdev/data/docs/features/phase-39-observability-operations.md +178 -0
- icdev/data/docs/features/phase-40-nlq-compliance-queries.md +176 -0
- icdev/data/docs/features/phase-41-parallel-cicd.md +169 -0
- icdev/data/docs/features/phase-42-framework-planning.md +177 -0
- icdev/data/docs/features/phase-43-cross-language-translation.md +225 -0
- icdev/data/docs/features/phase-44-innovation-adaptation.md +227 -0
- icdev/data/docs/features/phase-45-owasp-agentic-security.md +239 -0
- icdev/data/docs/features/phase-46-observability-traceability-xai.md +240 -0
- icdev/data/docs/features/phase-47-unified-mcp-gateway.md +257 -0
- icdev/data/docs/features/phase-48-ai-transparency.md +203 -0
- icdev/data/docs/features/phase-49-ai-accountability.md +243 -0
- icdev/data/docs/features/phase-50-ai-governance-intake-chat.md +195 -0
- icdev/data/docs/features/phase-51-unified-chat-dashboard.md +240 -0
- icdev/data/docs/features/phase-52-code-intelligence.md +244 -0
- icdev/data/docs/features/phase-53-fedramp-20x-owasp-asi.md +359 -0
- icdev/data/docs/features/phase-54-slsa-swft-orchestration.md +379 -0
- icdev/data/docs/features/phase-55-a2a-v03-mcp-oauth.md +322 -0
- icdev/data/docs/features/phase-56-evidence-lineage.md +352 -0
- icdev/data/docs/features/phase-57-eu-ai-act-iron-bank.md +319 -0
- icdev/data/docs/features/phase-58-creative-engine.md +370 -0
- icdev/data/docs/features/phase-59-govcon-intelligence.md +535 -0
- icdev/data/docs/features/phase-60-cpmp.md +528 -0
- icdev/data/docs/features/phase-61-orchestration-improvements.md +534 -0
- icdev/data/docs/operations/dashboard-guide.md +354 -0
- icdev/data/docs/operations/deployment-guide.md +556 -0
- icdev/data/docs/operations/saas-admin-guide.md +439 -0
- icdev/data/docs/operations/security-operations-guide.md +733 -0
- icdev/data/docs/runbooks/backup-restore.md +412 -0
- icdev/data/docs/runbooks/troubleshooting.md +499 -0
- icdev/data/features/__init__.py +1 -0
- icdev/data/features/cicd_integration.feature +41 -0
- icdev/data/features/compliance_gates.feature +46 -0
- icdev/data/features/dashboard.feature +72 -0
- icdev/data/features/environment.py +25 -0
- icdev/data/features/project_management.feature +32 -0
- icdev/data/features/requirements_intake.feature +42 -0
- icdev/data/features/saas_platform.feature +53 -0
- icdev/data/features/security_scanning.feature +36 -0
- icdev/data/features/steps/__init__.py +1 -0
- icdev/data/features/steps/cicd_steps.py +465 -0
- icdev/data/features/steps/compliance_steps.py +308 -0
- icdev/data/features/steps/dashboard_steps.py +88 -0
- icdev/data/features/steps/project_steps.py +126 -0
- icdev/data/features/steps/requirements_intake_steps.py +689 -0
- icdev/data/features/steps/saas_platform_steps.py +572 -0
- icdev/data/features/steps/security_steps.py +236 -0
- icdev/data/features/steps/testing_steps.py +226 -0
- icdev/data/features/testing_pipeline.feature +42 -0
- icdev/data/goals/__init__.py +1 -0
- icdev/data/goals/agent_management.md +144 -0
- icdev/data/goals/agentic_generation.md +345 -0
- icdev/data/goals/agentic_threat_model.md +309 -0
- icdev/data/goals/ai_accountability.md +90 -0
- icdev/data/goals/ai_governance_intake.md +132 -0
- icdev/data/goals/ai_transparency.md +76 -0
- icdev/data/goals/atlas_integration.md +405 -0
- icdev/data/goals/ato_acceleration.md +139 -0
- icdev/data/goals/boundary_supply_chain.md +206 -0
- icdev/data/goals/build_app.md +544 -0
- icdev/data/goals/cicd_integration.md +86 -0
- icdev/data/goals/claude_dir_maintenance.md +77 -0
- icdev/data/goals/cli_capabilities.md +340 -0
- icdev/data/goals/cloud_agnostic.md +312 -0
- icdev/data/goals/code_intelligence.md +197 -0
- icdev/data/goals/code_review.md +94 -0
- icdev/data/goals/compliance_workflow.md +858 -0
- icdev/data/goals/continuous_harmonization.md +140 -0
- icdev/data/goals/cross_language_translation.md +171 -0
- icdev/data/goals/dashboard.md +142 -0
- icdev/data/goals/deploy_workflow.md +390 -0
- icdev/data/goals/devsecops_workflow.md +408 -0
- icdev/data/goals/evolutionary_intelligence.md +305 -0
- icdev/data/goals/external_integration.md +113 -0
- icdev/data/goals/framework_planning.md +63 -0
- icdev/data/goals/init_project.md +235 -0
- icdev/data/goals/innovation_engine.md +199 -0
- icdev/data/goals/integration_testing.md +189 -0
- icdev/data/goals/maintenance_audit.md +196 -0
- icdev/data/goals/manifest.md +56 -0
- icdev/data/goals/mbse_integration.md +504 -0
- icdev/data/goals/modernization_workflow.md +618 -0
- icdev/data/goals/monitoring.md +126 -0
- icdev/data/goals/mosa_workflow.md +463 -0
- icdev/data/goals/multi_agent_orchestration.md +68 -0
- icdev/data/goals/nlq_compliance.md +63 -0
- icdev/data/goals/observability.md +64 -0
- icdev/data/goals/observability_traceability_xai.md +154 -0
- icdev/data/goals/owasp_agentic_security.md +395 -0
- icdev/data/goals/parallel_cicd.md +61 -0
- icdev/data/goals/requirements_intake.md +213 -0
- icdev/data/goals/sbd_ivv_workflow.md +195 -0
- icdev/data/goals/security_categorization.md +133 -0
- icdev/data/goals/security_scan.md +381 -0
- icdev/data/goals/self_healing.md +120 -0
- icdev/data/goals/simulation_engine.md +111 -0
- icdev/data/goals/tdd_workflow.md +403 -0
- icdev/data/goals/zero_trust_architecture.md +403 -0
- icdev/data/hardprompts/__init__.py +1 -0
- icdev/data/hardprompts/agent/__init__.py +1 -0
- icdev/data/hardprompts/agent/agentic_architect.md +100 -0
- icdev/data/hardprompts/agent/debate_prompt.md +32 -0
- icdev/data/hardprompts/agent/fitness_evaluation.md +48 -0
- icdev/data/hardprompts/agent/governance_review.md +214 -0
- icdev/data/hardprompts/agent/reviewer_prompt.md +34 -0
- icdev/data/hardprompts/agent/skill_design.md +172 -0
- icdev/data/hardprompts/agent/task_decomposition.md +275 -0
- icdev/data/hardprompts/agent/veto_check_prompt.md +33 -0
- icdev/data/hardprompts/architect/__init__.py +1 -0
- icdev/data/hardprompts/architect/api_design.md +283 -0
- icdev/data/hardprompts/architect/data_model.md +277 -0
- icdev/data/hardprompts/architect/system_design.md +180 -0
- icdev/data/hardprompts/builder/__init__.py +1 -0
- icdev/data/hardprompts/builder/code_generation.md +59 -0
- icdev/data/hardprompts/builder/refactor.md +58 -0
- icdev/data/hardprompts/builder/scaffold_project.md +69 -0
- icdev/data/hardprompts/builder/test_generation.md +87 -0
- icdev/data/hardprompts/ci/__init__.py +1 -0
- icdev/data/hardprompts/ci/worktree_setup.md +35 -0
- icdev/data/hardprompts/compliance/__init__.py +1 -0
- icdev/data/hardprompts/compliance/cmmc_assessment.md +63 -0
- icdev/data/hardprompts/compliance/cssp_assessment.md +75 -0
- icdev/data/hardprompts/compliance/cui_marking.md +86 -0
- icdev/data/hardprompts/compliance/fedramp_assessment.md +55 -0
- icdev/data/hardprompts/compliance/ivv_assessment.md +96 -0
- icdev/data/hardprompts/compliance/poam_generation.md +57 -0
- icdev/data/hardprompts/compliance/sbd_assessment.md +101 -0
- icdev/data/hardprompts/compliance/security_categorization.md +74 -0
- icdev/data/hardprompts/compliance/ssp_generation.md +56 -0
- icdev/data/hardprompts/compliance/stig_evaluation.md +63 -0
- icdev/data/hardprompts/dashboard/__init__.py +1 -0
- icdev/data/hardprompts/dashboard/nlq_system_prompt.md +26 -0
- icdev/data/hardprompts/infra/__init__.py +1 -0
- icdev/data/hardprompts/infra/k8s_manifests.md +118 -0
- icdev/data/hardprompts/infra/pipeline_generation.md +160 -0
- icdev/data/hardprompts/infra/terraform_generation.md +92 -0
- icdev/data/hardprompts/integration/__init__.py +1 -0
- icdev/data/hardprompts/integration/approval_review.md +17 -0
- icdev/data/hardprompts/integration/jira_mapping.md +25 -0
- icdev/data/hardprompts/integration/servicenow_mapping.md +14 -0
- icdev/data/hardprompts/knowledge/__init__.py +1 -0
- icdev/data/hardprompts/knowledge/pattern_detection.md +73 -0
- icdev/data/hardprompts/knowledge/recommendation_engine.md +90 -0
- icdev/data/hardprompts/knowledge/root_cause_analysis.md +91 -0
- icdev/data/hardprompts/maintenance/__init__.py +1 -0
- icdev/data/hardprompts/maintenance/maintenance_assessment.md +82 -0
- icdev/data/hardprompts/mbse/__init__.py +1 -0
- icdev/data/hardprompts/mbse/digital_thread.md +67 -0
- icdev/data/hardprompts/mbse/model_import.md +62 -0
- icdev/data/hardprompts/mbse/model_to_code.md +65 -0
- icdev/data/hardprompts/modernization/__init__.py +1 -0
- icdev/data/hardprompts/modernization/legacy_analysis.md +93 -0
- icdev/data/hardprompts/modernization/migration_planning.md +150 -0
- icdev/data/hardprompts/modernization/seven_r_assessment.md +107 -0
- icdev/data/hardprompts/requirements/__init__.py +1 -0
- icdev/data/hardprompts/requirements/bdd_generation.md +35 -0
- icdev/data/hardprompts/requirements/clarification_prioritization.md +29 -0
- icdev/data/hardprompts/requirements/decomposition.md +60 -0
- icdev/data/hardprompts/requirements/document_extraction.md +45 -0
- icdev/data/hardprompts/requirements/gap_detection.md +70 -0
- icdev/data/hardprompts/requirements/intake_conversation.md +101 -0
- icdev/data/hardprompts/requirements/readiness_assessment.md +39 -0
- icdev/data/hardprompts/requirements/spec_quality.md +33 -0
- icdev/data/hardprompts/requirements/traceability_analysis.md +23 -0
- icdev/data/hardprompts/security/__init__.py +1 -0
- icdev/data/hardprompts/security/endpoint_security.md +78 -0
- icdev/data/hardprompts/security/threat_model.md +70 -0
- icdev/data/hardprompts/security/vulnerability_assessment.md +81 -0
- icdev/data/hardprompts/simulation/__init__.py +1 -0
- icdev/data/hardprompts/simulation/architecture_impact.md +27 -0
- icdev/data/hardprompts/simulation/coa_alternative.md +27 -0
- icdev/data/hardprompts/simulation/coa_generation.md +25 -0
- icdev/data/hardprompts/simulation/compliance_impact.md +28 -0
- icdev/data/hardprompts/simulation/cost_estimation.md +33 -0
- icdev/data/hardprompts/simulation/risk_assessment.md +28 -0
- icdev/data/hardprompts/translation/code_translation.md +68 -0
- icdev/data/hardprompts/translation/dependency_suggestion.md +44 -0
- icdev/data/hardprompts/translation/test_translation.md +64 -0
- icdev/data/hardprompts/translation/translation_repair.md +59 -0
- icdev/py.typed +0 -0
- icdev/tools/__init__.py +1 -0
- icdev/tools/_gen_formatter.py +12 -0
- icdev/tools/a2a/__init__.py +1 -0
- icdev/tools/a2a/agent_cards/architect.json +43 -0
- icdev/tools/a2a/agent_cards/builder.json +50 -0
- icdev/tools/a2a/agent_cards/compliance.json +57 -0
- icdev/tools/a2a/agent_cards/devsecops.json +71 -0
- icdev/tools/a2a/agent_cards/infra.json +57 -0
- icdev/tools/a2a/agent_cards/integration.json +57 -0
- icdev/tools/a2a/agent_cards/knowledge.json +43 -0
- icdev/tools/a2a/agent_cards/mbse.json +57 -0
- icdev/tools/a2a/agent_cards/modernization.json +50 -0
- icdev/tools/a2a/agent_cards/monitor.json +43 -0
- icdev/tools/a2a/agent_cards/orchestrator.json +36 -0
- icdev/tools/a2a/agent_cards/requirements_analyst.json +64 -0
- icdev/tools/a2a/agent_cards/security.json +50 -0
- icdev/tools/a2a/agent_cards/simulation.json +57 -0
- icdev/tools/a2a/agent_cards/supply_chain.json +50 -0
- icdev/tools/a2a/agent_client.py +349 -0
- icdev/tools/a2a/agent_registry.py +412 -0
- icdev/tools/a2a/agent_server.py +579 -0
- icdev/tools/a2a/task.py +200 -0
- icdev/tools/agent/__init__.py +2 -0
- icdev/tools/agent/a2a_agent_card_generator.py +285 -0
- icdev/tools/agent/a2a_discovery_server.py +250 -0
- icdev/tools/agent/agent_executor.py +529 -0
- icdev/tools/agent/agent_memory.py +557 -0
- icdev/tools/agent/agent_models.py +51 -0
- icdev/tools/agent/atlas_critique.py +908 -0
- icdev/tools/agent/authority.py +443 -0
- icdev/tools/agent/bedrock_client.py +1075 -0
- icdev/tools/agent/collaboration.py +871 -0
- icdev/tools/agent/dispatcher_mode.py +665 -0
- icdev/tools/agent/mailbox.py +575 -0
- icdev/tools/agent/prompt_chain_executor.py +1064 -0
- icdev/tools/agent/session_purpose.py +350 -0
- icdev/tools/agent/skill_router.py +638 -0
- icdev/tools/agent/skill_selector.py +486 -0
- icdev/tools/agent/team_orchestrator.py +1108 -0
- icdev/tools/agent/token_tracker.py +290 -0
- icdev/tools/analysis/__init__.py +1 -0
- icdev/tools/analysis/code_analyzer.py +780 -0
- icdev/tools/analysis/runtime_feedback.py +389 -0
- icdev/tools/audit/__init__.py +1 -0
- icdev/tools/audit/audit_logger.py +196 -0
- icdev/tools/audit/audit_query.py +157 -0
- icdev/tools/audit/decision_recorder.py +72 -0
- icdev/tools/builder/__init__.py +1 -0
- icdev/tools/builder/agentic_fitness.py +534 -0
- icdev/tools/builder/agentic_test_templates/test_a2a_callback.py +117 -0
- icdev/tools/builder/agentic_test_templates/test_a2a_lifecycle.feature +52 -0
- icdev/tools/builder/agentic_test_templates/test_agent_card.feature +37 -0
- icdev/tools/builder/agentic_test_templates/test_agent_health.py +128 -0
- icdev/tools/builder/agentic_test_templates/test_memory_system.feature +50 -0
- icdev/tools/builder/agentic_test_templates/test_skill_execution.feature +40 -0
- icdev/tools/builder/app_blueprint.py +1583 -0
- icdev/tools/builder/child_app_generator.py +2852 -0
- icdev/tools/builder/claude_md_generator.py +1734 -0
- icdev/tools/builder/code_generator.py +3703 -0
- icdev/tools/builder/db_init_generator.py +1709 -0
- icdev/tools/builder/dev_profile_manager.py +954 -0
- icdev/tools/builder/formatter.py +768 -0
- icdev/tools/builder/goal_adapter.py +592 -0
- icdev/tools/builder/gotcha_validator.py +812 -0
- icdev/tools/builder/language_support.py +441 -0
- icdev/tools/builder/linter.py +976 -0
- icdev/tools/builder/profile_detector.py +657 -0
- icdev/tools/builder/profile_md_generator.py +723 -0
- icdev/tools/builder/scaffolder.py +1590 -0
- icdev/tools/builder/scaffolder_extended.py +1771 -0
- icdev/tools/builder/test_writer.py +950 -0
- icdev/tools/ci/__init__.py +2 -0
- icdev/tools/ci/connectors/__init__.py +2 -0
- icdev/tools/ci/connectors/base_connector.py +80 -0
- icdev/tools/ci/connectors/connector_registry.py +188 -0
- icdev/tools/ci/connectors/mattermost_connector.py +159 -0
- icdev/tools/ci/connectors/slack_connector.py +197 -0
- icdev/tools/ci/core/__init__.py +2 -0
- icdev/tools/ci/core/air_gap_detector.py +115 -0
- icdev/tools/ci/core/comment_handler.py +192 -0
- icdev/tools/ci/core/conversation_manager.py +479 -0
- icdev/tools/ci/core/event_envelope.py +500 -0
- icdev/tools/ci/core/event_router.py +443 -0
- icdev/tools/ci/core/failure_parser.py +397 -0
- icdev/tools/ci/core/recovery_engine.py +527 -0
- icdev/tools/ci/modules/__init__.py +2 -0
- icdev/tools/ci/modules/agent.py +271 -0
- icdev/tools/ci/modules/git_ops.py +175 -0
- icdev/tools/ci/modules/state.py +117 -0
- icdev/tools/ci/modules/vcs.py +303 -0
- icdev/tools/ci/modules/workflow_ops.py +295 -0
- icdev/tools/ci/modules/worktree.py +340 -0
- icdev/tools/ci/pipeline_config_generator.py +558 -0
- icdev/tools/ci/triggers/__init__.py +2 -0
- icdev/tools/ci/triggers/gitlab_task_monitor.py +330 -0
- icdev/tools/ci/triggers/poll_trigger.py +237 -0
- icdev/tools/ci/triggers/webhook_server.py +356 -0
- icdev/tools/ci/workflows/__init__.py +2 -0
- icdev/tools/ci/workflows/icdev_build.py +140 -0
- icdev/tools/ci/workflows/icdev_comply.py +284 -0
- icdev/tools/ci/workflows/icdev_document.py +152 -0
- icdev/tools/ci/workflows/icdev_e2e.py +188 -0
- icdev/tools/ci/workflows/icdev_patch.py +186 -0
- icdev/tools/ci/workflows/icdev_plan.py +202 -0
- icdev/tools/ci/workflows/icdev_plan_build.py +41 -0
- icdev/tools/ci/workflows/icdev_plan_build_test.py +46 -0
- icdev/tools/ci/workflows/icdev_plan_build_test_review.py +47 -0
- icdev/tools/ci/workflows/icdev_review.py +126 -0
- icdev/tools/ci/workflows/icdev_sdlc.py +261 -0
- icdev/tools/ci/workflows/icdev_test.py +240 -0
- icdev/tools/cli/__init__.py +1 -0
- icdev/tools/cli/output_formatter.py +756 -0
- icdev/tools/cli_formatter.py +42 -0
- icdev/tools/cloud/__init__.py +11 -0
- icdev/tools/cloud/cloud_mode_manager.py +364 -0
- icdev/tools/cloud/csp_changelog.py +383 -0
- icdev/tools/cloud/csp_health_checker.py +268 -0
- icdev/tools/cloud/csp_monitor.py +951 -0
- icdev/tools/cloud/iam_provider.py +593 -0
- icdev/tools/cloud/kms_provider.py +346 -0
- icdev/tools/cloud/monitoring_provider.py +628 -0
- icdev/tools/cloud/provider_factory.py +376 -0
- icdev/tools/cloud/region_validator.py +345 -0
- icdev/tools/cloud/registry_provider.py +563 -0
- icdev/tools/cloud/secrets_provider.py +486 -0
- icdev/tools/cloud/storage_provider.py +446 -0
- icdev/tools/compat/__init__.py +21 -0
- icdev/tools/compat/cli_harmonizer.py +251 -0
- icdev/tools/compat/datetime_utils.py +18 -0
- icdev/tools/compat/db_utils.py +160 -0
- icdev/tools/compat/platform_utils.py +123 -0
- icdev/tools/compliance/__init__.py +1 -0
- icdev/tools/compliance/accountability_manager.py +397 -0
- icdev/tools/compliance/ai_accountability_audit.py +294 -0
- icdev/tools/compliance/ai_impact_assessor.py +273 -0
- icdev/tools/compliance/ai_incident_response.py +301 -0
- icdev/tools/compliance/ai_inventory_manager.py +239 -0
- icdev/tools/compliance/ai_reassessment_scheduler.py +256 -0
- icdev/tools/compliance/ai_transparency_audit.py +248 -0
- icdev/tools/compliance/atlas_assessor.py +278 -0
- icdev/tools/compliance/atlas_report_generator.py +1211 -0
- icdev/tools/compliance/base_assessor.py +597 -0
- icdev/tools/compliance/cato_monitor.py +1385 -0
- icdev/tools/compliance/cato_scheduler.py +699 -0
- icdev/tools/compliance/cjis_assessor.py +76 -0
- icdev/tools/compliance/classification_manager.py +1353 -0
- icdev/tools/compliance/cmmc_assessor.py +1491 -0
- icdev/tools/compliance/cmmc_report_generator.py +1100 -0
- icdev/tools/compliance/compliance_detector.py +463 -0
- icdev/tools/compliance/compliance_exporter.py +427 -0
- icdev/tools/compliance/compliance_status.py +825 -0
- icdev/tools/compliance/control_mapper.py +505 -0
- icdev/tools/compliance/crosswalk_engine.py +1203 -0
- icdev/tools/compliance/cssp_assessor.py +1045 -0
- icdev/tools/compliance/cssp_evidence_collector.py +729 -0
- icdev/tools/compliance/cssp_report_generator.py +1116 -0
- icdev/tools/compliance/cui_marker.py +388 -0
- icdev/tools/compliance/diagram_validator.py +600 -0
- icdev/tools/compliance/emass/__init__.py +2 -0
- icdev/tools/compliance/emass/emass_client.py +840 -0
- icdev/tools/compliance/emass/emass_export.py +777 -0
- icdev/tools/compliance/emass/emass_sync.py +826 -0
- icdev/tools/compliance/eu_ai_act_classifier.py +194 -0
- icdev/tools/compliance/evidence_collector.py +468 -0
- icdev/tools/compliance/fairness_assessor.py +316 -0
- icdev/tools/compliance/fedramp_assessor.py +1808 -0
- icdev/tools/compliance/fedramp_authorization_packager.py +137 -0
- icdev/tools/compliance/fedramp_ksi_generator.py +355 -0
- icdev/tools/compliance/fedramp_report_generator.py +1128 -0
- icdev/tools/compliance/fips199_categorizer.py +881 -0
- icdev/tools/compliance/fips200_validator.py +315 -0
- icdev/tools/compliance/gao_ai_assessor.py +231 -0
- icdev/tools/compliance/gao_evidence_builder.py +308 -0
- icdev/tools/compliance/hipaa_assessor.py +78 -0
- icdev/tools/compliance/hitrust_assessor.py +49 -0
- icdev/tools/compliance/incident_response_plan.py +718 -0
- icdev/tools/compliance/iso27001_assessor.py +92 -0
- icdev/tools/compliance/iso42001_assessor.py +114 -0
- icdev/tools/compliance/ivv_assessor.py +2327 -0
- icdev/tools/compliance/ivv_report_generator.py +1662 -0
- icdev/tools/compliance/model_card_generator.py +297 -0
- icdev/tools/compliance/mosa_assessor.py +117 -0
- icdev/tools/compliance/multi_regime_assessor.py +451 -0
- icdev/tools/compliance/narrative_generator.py +1013 -0
- icdev/tools/compliance/nist_800_207_assessor.py +191 -0
- icdev/tools/compliance/nist_ai_600_1_assessor.py +188 -0
- icdev/tools/compliance/nist_ai_rmf_assessor.py +110 -0
- icdev/tools/compliance/nist_lookup.py +245 -0
- icdev/tools/compliance/omb_m25_21_assessor.py +228 -0
- icdev/tools/compliance/omb_m26_04_assessor.py +188 -0
- icdev/tools/compliance/oscal_catalog_adapter.py +395 -0
- icdev/tools/compliance/oscal_generator.py +2170 -0
- icdev/tools/compliance/oscal_tools.py +1182 -0
- icdev/tools/compliance/owasp_agentic_assessor.py +226 -0
- icdev/tools/compliance/owasp_asi_assessor.py +200 -0
- icdev/tools/compliance/owasp_llm_assessor.py +244 -0
- icdev/tools/compliance/pci_dss_assessor.py +80 -0
- icdev/tools/compliance/pi_compliance_tracker.py +1461 -0
- icdev/tools/compliance/poam_generator.py +405 -0
- icdev/tools/compliance/resolve_marking.py +283 -0
- icdev/tools/compliance/sbd_assessor.py +2068 -0
- icdev/tools/compliance/sbd_report_generator.py +1236 -0
- icdev/tools/compliance/sbom_generator.py +1008 -0
- icdev/tools/compliance/siem_config_generator.py +674 -0
- icdev/tools/compliance/slsa_attestation_generator.py +490 -0
- icdev/tools/compliance/soc2_assessor.py +77 -0
- icdev/tools/compliance/ssp_generator.py +573 -0
- icdev/tools/compliance/stig_checker.py +727 -0
- icdev/tools/compliance/swft_evidence_bundler.py +337 -0
- icdev/tools/compliance/system_card_generator.py +309 -0
- icdev/tools/compliance/traceability_matrix.py +1281 -0
- icdev/tools/compliance/universal_classification_manager.py +1172 -0
- icdev/tools/compliance/xacta/__init__.py +2 -0
- icdev/tools/compliance/xacta/xacta_client.py +449 -0
- icdev/tools/compliance/xacta/xacta_export.py +557 -0
- icdev/tools/compliance/xacta/xacta_sync.py +333 -0
- icdev/tools/compliance/xai_assessor.py +231 -0
- icdev/tools/dashboard/__init__.py +1 -0
- icdev/tools/dashboard/api/__init__.py +1 -0
- icdev/tools/dashboard/api/_pipeline_state.py +17 -0
- icdev/tools/dashboard/api/activity.py +206 -0
- icdev/tools/dashboard/api/admin.py +176 -0
- icdev/tools/dashboard/api/agents.py +53 -0
- icdev/tools/dashboard/api/ai_accountability.py +163 -0
- icdev/tools/dashboard/api/ai_transparency.py +198 -0
- icdev/tools/dashboard/api/audit.py +58 -0
- icdev/tools/dashboard/api/batch.py +666 -0
- icdev/tools/dashboard/api/chat.py +241 -0
- icdev/tools/dashboard/api/cicd.py +219 -0
- icdev/tools/dashboard/api/code_quality.py +223 -0
- icdev/tools/dashboard/api/compliance.py +171 -0
- icdev/tools/dashboard/api/cpmp.py +915 -0
- icdev/tools/dashboard/api/diagrams.py +65 -0
- icdev/tools/dashboard/api/events.py +250 -0
- icdev/tools/dashboard/api/evidence.py +99 -0
- icdev/tools/dashboard/api/fedramp_20x.py +77 -0
- icdev/tools/dashboard/api/govcon.py +1095 -0
- icdev/tools/dashboard/api/intake.py +1171 -0
- icdev/tools/dashboard/api/lineage.py +163 -0
- icdev/tools/dashboard/api/metrics.py +155 -0
- icdev/tools/dashboard/api/nlq.py +72 -0
- icdev/tools/dashboard/api/orchestration.py +472 -0
- icdev/tools/dashboard/api/oscal.py +183 -0
- icdev/tools/dashboard/api/prod_audit.py +183 -0
- icdev/tools/dashboard/api/projects.py +191 -0
- icdev/tools/dashboard/api/proposals.py +1084 -0
- icdev/tools/dashboard/api/traces.py +363 -0
- icdev/tools/dashboard/api/usage.py +234 -0
- icdev/tools/dashboard/app.py +1986 -0
- icdev/tools/dashboard/auth.py +500 -0
- icdev/tools/dashboard/byok.py +245 -0
- icdev/tools/dashboard/chat_manager.py +675 -0
- icdev/tools/dashboard/config.py +116 -0
- icdev/tools/dashboard/diagram_definitions.py +642 -0
- icdev/tools/dashboard/nlq_processor.py +323 -0
- icdev/tools/dashboard/phase_loader.py +136 -0
- icdev/tools/dashboard/sse_manager.py +89 -0
- icdev/tools/dashboard/state_tracker.py +267 -0
- icdev/tools/dashboard/static/css/style.css +706 -0
- icdev/tools/dashboard/static/css/ux.css +2047 -0
- icdev/tools/dashboard/static/js/activity.js +322 -0
- icdev/tools/dashboard/static/js/api.js +161 -0
- icdev/tools/dashboard/static/js/batch.js +814 -0
- icdev/tools/dashboard/static/js/charts.js +618 -0
- icdev/tools/dashboard/static/js/chat.js +1514 -0
- icdev/tools/dashboard/static/js/kanban.js +113 -0
- icdev/tools/dashboard/static/js/live.js +569 -0
- icdev/tools/dashboard/static/js/mermaid-icdev.js +332 -0
- icdev/tools/dashboard/static/js/proposals.js +588 -0
- icdev/tools/dashboard/static/js/shortcuts.js +544 -0
- icdev/tools/dashboard/static/js/tables.js +652 -0
- icdev/tools/dashboard/static/js/tour.js +524 -0
- icdev/tools/dashboard/static/js/ux.js +942 -0
- icdev/tools/dashboard/templates/404.html +10 -0
- icdev/tools/dashboard/templates/activity.html +80 -0
- icdev/tools/dashboard/templates/admin/users.html +144 -0
- icdev/tools/dashboard/templates/ai_accountability.html +235 -0
- icdev/tools/dashboard/templates/ai_transparency.html +263 -0
- icdev/tools/dashboard/templates/base.html +104 -0
- icdev/tools/dashboard/templates/batch.html +23 -0
- icdev/tools/dashboard/templates/chat.html +332 -0
- icdev/tools/dashboard/templates/children.html +149 -0
- icdev/tools/dashboard/templates/cicd.html +253 -0
- icdev/tools/dashboard/templates/code_quality.html +214 -0
- icdev/tools/dashboard/templates/cpmp/cor_detail.html +220 -0
- icdev/tools/dashboard/templates/cpmp/cor_portal.html +91 -0
- icdev/tools/dashboard/templates/cpmp/deliverable_detail.html +197 -0
- icdev/tools/dashboard/templates/cpmp/detail.html +578 -0
- icdev/tools/dashboard/templates/cpmp/portfolio.html +202 -0
- icdev/tools/dashboard/templates/dev_profiles.html +304 -0
- icdev/tools/dashboard/templates/diagrams.html +224 -0
- icdev/tools/dashboard/templates/events/timeline.html +232 -0
- icdev/tools/dashboard/templates/evidence.html +134 -0
- icdev/tools/dashboard/templates/fedramp_20x.html +207 -0
- icdev/tools/dashboard/templates/gateway.html +244 -0
- icdev/tools/dashboard/templates/govcon/capabilities.html +135 -0
- icdev/tools/dashboard/templates/govcon/pipeline.html +214 -0
- icdev/tools/dashboard/templates/govcon/requirements.html +120 -0
- icdev/tools/dashboard/templates/index.html +254 -0
- icdev/tools/dashboard/templates/lineage.html +141 -0
- icdev/tools/dashboard/templates/login.html +51 -0
- icdev/tools/dashboard/templates/monitoring/overview.html +193 -0
- icdev/tools/dashboard/templates/orchestration/dashboard.html +545 -0
- icdev/tools/dashboard/templates/oscal.html +263 -0
- icdev/tools/dashboard/templates/phases.html +150 -0
- icdev/tools/dashboard/templates/prod_audit.html +280 -0
- icdev/tools/dashboard/templates/profile.html +183 -0
- icdev/tools/dashboard/templates/projects/detail.html +583 -0
- icdev/tools/dashboard/templates/projects/list.html +47 -0
- icdev/tools/dashboard/templates/proposals/detail.html +1253 -0
- icdev/tools/dashboard/templates/proposals/list.html +179 -0
- icdev/tools/dashboard/templates/proposals/section_detail.html +193 -0
- icdev/tools/dashboard/templates/provenance.html +181 -0
- icdev/tools/dashboard/templates/query/nlq.html +234 -0
- icdev/tools/dashboard/templates/quick_paths.html +69 -0
- icdev/tools/dashboard/templates/traces.html +155 -0
- icdev/tools/dashboard/templates/translation_detail.html +199 -0
- icdev/tools/dashboard/templates/translations.html +162 -0
- icdev/tools/dashboard/templates/usage.html +225 -0
- icdev/tools/dashboard/templates/wizard.html +539 -0
- icdev/tools/dashboard/templates/xai.html +208 -0
- icdev/tools/dashboard/ux_helpers.py +962 -0
- icdev/tools/dashboard/websocket.py +81 -0
- icdev/tools/db/__init__.py +1 -0
- icdev/tools/db/backup.py +312 -0
- icdev/tools/db/backup_manager.py +832 -0
- icdev/tools/db/init_icdev_db.py +5900 -0
- icdev/tools/db/migrate.py +178 -0
- icdev/tools/db/migration_runner.py +549 -0
- icdev/tools/db/migrations/001_baseline/meta.json +9 -0
- icdev/tools/db/migrations/001_baseline/up.py +68 -0
- icdev/tools/db/migrations/002_memory_enhancements/down.sql +8 -0
- icdev/tools/db/migrations/002_memory_enhancements/meta.json +9 -0
- icdev/tools/db/migrations/002_memory_enhancements/up.py +118 -0
- icdev/tools/db/migrations/003_dev_profiles/meta.json +8 -0
- icdev/tools/db/migrations/003_dev_profiles/up.py +93 -0
- icdev/tools/db/migrations/004_innovation_engine/down.py +19 -0
- icdev/tools/db/migrations/004_innovation_engine/up.py +227 -0
- icdev/tools/db/migrations/005_phase_37_ai_security/down.py +19 -0
- icdev/tools/db/migrations/005_phase_37_ai_security/up.py +258 -0
- icdev/tools/db/migrations/006_phase_36_evolution/down.py +21 -0
- icdev/tools/db/migrations/006_phase_36_evolution/up.py +323 -0
- icdev/tools/db/migrations/007_phase_38_cloud/down.py +14 -0
- icdev/tools/db/migrations/007_phase_38_cloud/up.py +110 -0
- icdev/tools/db/migrations/008_phase36_37_integration/up.py +55 -0
- icdev/tools/db/migrations/__init__.py +2 -0
- icdev/tools/devsecops/__init__.py +2 -0
- icdev/tools/devsecops/attestation_manager.py +458 -0
- icdev/tools/devsecops/network_segmentation_generator.py +614 -0
- icdev/tools/devsecops/pdp_config_generator.py +1256 -0
- icdev/tools/devsecops/pipeline_security_generator.py +484 -0
- icdev/tools/devsecops/policy_generator.py +653 -0
- icdev/tools/devsecops/profile_manager.py +388 -0
- icdev/tools/devsecops/service_mesh_generator.py +1073 -0
- icdev/tools/devsecops/zta_maturity_scorer.py +368 -0
- icdev/tools/devsecops/zta_terraform_generator.py +1303 -0
- icdev/tools/dx/__init__.py +3 -0
- icdev/tools/dx/companion.py +266 -0
- icdev/tools/dx/instruction_generator.py +753 -0
- icdev/tools/dx/mcp_config_generator.py +282 -0
- icdev/tools/dx/skill_translator.py +425 -0
- icdev/tools/dx/tool_detector.py +144 -0
- icdev/tools/extensions/__init__.py +21 -0
- icdev/tools/extensions/builtins/010_ai_governance_chat.py +277 -0
- icdev/tools/extensions/builtins/__init__.py +2 -0
- icdev/tools/extensions/extension_manager.py +455 -0
- icdev/tools/infra/__init__.py +1 -0
- icdev/tools/infra/ansible_generator.py +869 -0
- icdev/tools/infra/dockerfile_generator.py +361 -0
- icdev/tools/infra/infra_status.py +393 -0
- icdev/tools/infra/ironbank_metadata_generator.py +411 -0
- icdev/tools/infra/k8s_generator.py +1002 -0
- icdev/tools/infra/pipeline_generator.py +832 -0
- icdev/tools/infra/rollback.py +400 -0
- icdev/tools/infra/terraform_generator.py +1142 -0
- icdev/tools/infra/terraform_generator_azure.py +1254 -0
- icdev/tools/infra/terraform_generator_gcp.py +953 -0
- icdev/tools/infra/terraform_generator_ibm.py +360 -0
- icdev/tools/infra/terraform_generator_oci.py +919 -0
- icdev/tools/infra/terraform_generator_onprem.py +319 -0
- icdev/tools/innovation/__init__.py +8 -0
- icdev/tools/innovation/competitive_intel.py +492 -0
- icdev/tools/innovation/innovation_manager.py +681 -0
- icdev/tools/innovation/introspective_analyzer.py +774 -0
- icdev/tools/innovation/register_external_patterns.py +440 -0
- icdev/tools/innovation/signal_ranker.py +1038 -0
- icdev/tools/innovation/solution_generator.py +697 -0
- icdev/tools/innovation/standards_monitor.py +466 -0
- icdev/tools/innovation/trend_detector.py +1046 -0
- icdev/tools/innovation/triage_engine.py +1149 -0
- icdev/tools/innovation/web_scanner.py +894 -0
- icdev/tools/installer/__init__.py +1 -0
- icdev/tools/installer/compliance_configurator.py +637 -0
- icdev/tools/installer/installer.py +1711 -0
- icdev/tools/installer/module_registry.py +805 -0
- icdev/tools/installer/platform_setup.py +961 -0
- icdev/tools/integration/__init__.py +2 -0
- icdev/tools/integration/approval_manager.py +561 -0
- icdev/tools/integration/doors_exporter.py +627 -0
- icdev/tools/integration/gitlab_connector.py +784 -0
- icdev/tools/integration/jira_connector.py +774 -0
- icdev/tools/integration/servicenow_connector.py +693 -0
- icdev/tools/knowledge/__init__.py +1 -0
- icdev/tools/knowledge/knowledge_ingest.py +293 -0
- icdev/tools/knowledge/pattern_detector.py +693 -0
- icdev/tools/knowledge/recommendation_engine.py +461 -0
- icdev/tools/knowledge/self_heal_analyzer.py +504 -0
- icdev/tools/llm/__init__.py +72 -0
- icdev/tools/llm/anthropic_provider.py +170 -0
- icdev/tools/llm/azure_openai_provider.py +338 -0
- icdev/tools/llm/bedrock_provider.py +315 -0
- icdev/tools/llm/embedding_provider.py +438 -0
- icdev/tools/llm/gemini_provider.py +381 -0
- icdev/tools/llm/ibm_watsonx_provider.py +232 -0
- icdev/tools/llm/oci_genai_provider.py +462 -0
- icdev/tools/llm/ollama_provider.py +340 -0
- icdev/tools/llm/openai_provider.py +225 -0
- icdev/tools/llm/provider.py +355 -0
- icdev/tools/llm/provider_sdk.py +175 -0
- icdev/tools/llm/router.py +780 -0
- icdev/tools/llm/vertex_ai_provider.py +374 -0
- icdev/tools/maintenance/__init__.py +2 -0
- icdev/tools/maintenance/dependency_scanner.py +1030 -0
- icdev/tools/maintenance/maintenance_auditor.py +815 -0
- icdev/tools/maintenance/remediation_engine.py +966 -0
- icdev/tools/maintenance/vulnerability_checker.py +987 -0
- icdev/tools/mbse/__init__.py +3 -0
- icdev/tools/mbse/des_assessor.py +1186 -0
- icdev/tools/mbse/des_report_generator.py +800 -0
- icdev/tools/mbse/diagram_extractor.py +811 -0
- icdev/tools/mbse/digital_thread.py +1665 -0
- icdev/tools/mbse/model_code_generator.py +1122 -0
- icdev/tools/mbse/model_control_mapper.py +420 -0
- icdev/tools/mbse/pi_model_tracker.py +1093 -0
- icdev/tools/mbse/reqif_parser.py +1483 -0
- icdev/tools/mbse/sync_engine.py +1805 -0
- icdev/tools/mbse/xmi_parser.py +1573 -0
- icdev/tools/mcp/__init__.py +1 -0
- icdev/tools/mcp/base_server.py +535 -0
- icdev/tools/mcp/builder_server.py +725 -0
- icdev/tools/mcp/compliance_server.py +1407 -0
- icdev/tools/mcp/context_indexer.py +199 -0
- icdev/tools/mcp/context_server.py +305 -0
- icdev/tools/mcp/core_server.py +679 -0
- icdev/tools/mcp/devsecops_server.py +432 -0
- icdev/tools/mcp/gap_handlers.py +1079 -0
- icdev/tools/mcp/gateway_server.py +339 -0
- icdev/tools/mcp/generate_registry.py +623 -0
- icdev/tools/mcp/infra_server.py +264 -0
- icdev/tools/mcp/innovation_server.py +316 -0
- icdev/tools/mcp/integration_server.py +527 -0
- icdev/tools/mcp/knowledge_server.py +429 -0
- icdev/tools/mcp/maintenance_server.py +248 -0
- icdev/tools/mcp/marketplace_server.py +499 -0
- icdev/tools/mcp/mbse_server.py +398 -0
- icdev/tools/mcp/modernization_server.py +496 -0
- icdev/tools/mcp/observability_server.py +354 -0
- icdev/tools/mcp/requirements_server.py +415 -0
- icdev/tools/mcp/simulation_server.py +468 -0
- icdev/tools/mcp/standalone/__init__.py +2 -0
- icdev/tools/mcp/standalone/builder.py +59 -0
- icdev/tools/mcp/standalone/compliance.py +59 -0
- icdev/tools/mcp/standalone/core.py +59 -0
- icdev/tools/mcp/standalone/knowledge.py +59 -0
- icdev/tools/mcp/standalone/maintenance.py +59 -0
- icdev/tools/mcp/supply_chain_server.py +476 -0
- icdev/tools/mcp/tool_registry.py +2008 -0
- icdev/tools/mcp/unified_server.py +158 -0
- icdev/tools/memory/__init__.py +2 -0
- icdev/tools/memory/auto_capture.py +347 -0
- icdev/tools/memory/embed_memory.py +158 -0
- icdev/tools/memory/history_compressor.py +334 -0
- icdev/tools/memory/hybrid_search.py +236 -0
- icdev/tools/memory/maintenance_cron.py +289 -0
- icdev/tools/memory/memory_consolidation.py +444 -0
- icdev/tools/memory/memory_db.py +133 -0
- icdev/tools/memory/memory_read.py +102 -0
- icdev/tools/memory/memory_write.py +222 -0
- icdev/tools/memory/semantic_search.py +139 -0
- icdev/tools/memory/time_decay.py +435 -0
- icdev/tools/modernization/__init__.py +3 -0
- icdev/tools/modernization/architecture_extractor.py +734 -0
- icdev/tools/modernization/compliance_bridge.py +1499 -0
- icdev/tools/modernization/db_migration_planner.py +1385 -0
- icdev/tools/modernization/doc_generator.py +1428 -0
- icdev/tools/modernization/framework_migrator.py +1525 -0
- icdev/tools/modernization/legacy_analyzer.py +1948 -0
- icdev/tools/modernization/migration_code_generator.py +1639 -0
- icdev/tools/modernization/migration_report_generator.py +1653 -0
- icdev/tools/modernization/migration_tracker.py +1726 -0
- icdev/tools/modernization/monolith_decomposer.py +1508 -0
- icdev/tools/modernization/seven_r_assessor.py +1658 -0
- icdev/tools/modernization/strangler_fig_manager.py +1705 -0
- icdev/tools/modernization/ui_analyzer.py +771 -0
- icdev/tools/modernization/version_migrator.py +1392 -0
- icdev/tools/monitor/__init__.py +1 -0
- icdev/tools/monitor/alert_correlator.py +495 -0
- icdev/tools/monitor/auto_resolver.py +612 -0
- icdev/tools/monitor/health_checker.py +509 -0
- icdev/tools/monitor/heartbeat_daemon.py +792 -0
- icdev/tools/monitor/log_analyzer.py +516 -0
- icdev/tools/monitor/metric_collector.py +496 -0
- icdev/tools/mosa/__init__.py +10 -0
- icdev/tools/mosa/icd_generator.py +370 -0
- icdev/tools/mosa/modular_design_analyzer.py +683 -0
- icdev/tools/mosa/mosa_code_enforcer.py +349 -0
- icdev/tools/mosa/tsp_generator.py +265 -0
- icdev/tools/observability/__init__.py +100 -0
- icdev/tools/observability/genai_attributes.py +88 -0
- icdev/tools/observability/instrumentation.py +140 -0
- icdev/tools/observability/mlflow_exporter.py +194 -0
- icdev/tools/observability/otel_tracer.py +168 -0
- icdev/tools/observability/provenance/__init__.py +3 -0
- icdev/tools/observability/provenance/prov_recorder.py +324 -0
- icdev/tools/observability/shap/__init__.py +3 -0
- icdev/tools/observability/shap/agent_shap.py +275 -0
- icdev/tools/observability/sqlite_tracer.py +361 -0
- icdev/tools/observability/trace_context.py +205 -0
- icdev/tools/observability/tracer.py +230 -0
- icdev/tools/orchestration/__init__.py +2 -0
- icdev/tools/orchestration/workflow_composer.py +361 -0
- icdev/tools/project/__init__.py +1 -0
- icdev/tools/project/manifest_loader.py +418 -0
- icdev/tools/project/project_create.py +350 -0
- icdev/tools/project/project_list.py +174 -0
- icdev/tools/project/project_scaffold.py +1715 -0
- icdev/tools/project/project_status.py +479 -0
- icdev/tools/project/session_context_builder.py +757 -0
- icdev/tools/project/validate_manifest.py +55 -0
- icdev/tools/registry/__init__.py +10 -0
- icdev/tools/registry/absorption_engine.py +832 -0
- icdev/tools/registry/capability_evaluator.py +668 -0
- icdev/tools/registry/child_registry.py +617 -0
- icdev/tools/registry/cross_pollinator.py +1065 -0
- icdev/tools/registry/genome_manager.py +671 -0
- icdev/tools/registry/learning_collector.py +912 -0
- icdev/tools/registry/propagation_manager.py +942 -0
- icdev/tools/registry/staging_manager.py +742 -0
- icdev/tools/registry/telemetry_collector.py +423 -0
- icdev/tools/requirements/__init__.py +1 -0
- icdev/tools/requirements/ai_governance_scorer.py +208 -0
- icdev/tools/requirements/boundary_analyzer.py +1293 -0
- icdev/tools/requirements/clarification_engine.py +618 -0
- icdev/tools/requirements/complexity_scorer.py +387 -0
- icdev/tools/requirements/consistency_analyzer.py +803 -0
- icdev/tools/requirements/constitution_manager.py +605 -0
- icdev/tools/requirements/decomposition_engine.py +778 -0
- icdev/tools/requirements/document_extractor.py +1016 -0
- icdev/tools/requirements/elicitation_techniques.py +519 -0
- icdev/tools/requirements/gap_detector.py +271 -0
- icdev/tools/requirements/intake_engine.py +2188 -0
- icdev/tools/requirements/prd_generator.py +847 -0
- icdev/tools/requirements/prd_validator.py +595 -0
- icdev/tools/requirements/readiness_scorer.py +313 -0
- icdev/tools/requirements/spec_organizer.py +1029 -0
- icdev/tools/requirements/spec_quality_checker.py +1097 -0
- icdev/tools/requirements/traceability_builder.py +579 -0
- icdev/tools/resilience/__init__.py +34 -0
- icdev/tools/resilience/circuit_breaker.py +340 -0
- icdev/tools/resilience/correlation.py +150 -0
- icdev/tools/resilience/errors.py +81 -0
- icdev/tools/resilience/retry.py +95 -0
- icdev/tools/schemas/__init__.py +27 -0
- icdev/tools/schemas/chat.py +61 -0
- icdev/tools/schemas/compliance.py +56 -0
- icdev/tools/schemas/core.py +85 -0
- icdev/tools/schemas/innovation.py +37 -0
- icdev/tools/schemas/validation.py +109 -0
- icdev/tools/sdk/__init__.py +3 -0
- icdev/tools/sdk/icdev_client.py +218 -0
- icdev/tools/security/__init__.py +1 -0
- icdev/tools/security/agent_output_validator.py +330 -0
- icdev/tools/security/agent_trust_scorer.py +466 -0
- icdev/tools/security/ai_bom_generator.py +725 -0
- icdev/tools/security/ai_telemetry_logger.py +469 -0
- icdev/tools/security/atlas_red_team.py +543 -0
- icdev/tools/security/code_pattern_scanner.py +378 -0
- icdev/tools/security/confabulation_detector.py +271 -0
- icdev/tools/security/container_scanner.py +491 -0
- icdev/tools/security/dependency_auditor.py +944 -0
- icdev/tools/security/endpoint_security_scanner.py +579 -0
- icdev/tools/security/mcp_tool_authorizer.py +243 -0
- icdev/tools/security/prompt_injection_detector.py +737 -0
- icdev/tools/security/sast_runner.py +948 -0
- icdev/tools/security/secret_detector.py +378 -0
- icdev/tools/security/tool_chain_validator.py +357 -0
- icdev/tools/security/vuln_scanner.py +539 -0
- icdev/tools/simulation/__init__.py +2 -0
- icdev/tools/simulation/coa_generator.py +1552 -0
- icdev/tools/simulation/monte_carlo.py +758 -0
- icdev/tools/simulation/scenario_manager.py +1073 -0
- icdev/tools/simulation/simulation_engine.py +1104 -0
- icdev/tools/supply_chain/__init__.py +2 -0
- icdev/tools/supply_chain/cve_triager.py +705 -0
- icdev/tools/supply_chain/dependency_graph.py +645 -0
- icdev/tools/supply_chain/isa_manager.py +540 -0
- icdev/tools/supply_chain/scrm_assessor.py +546 -0
- icdev/tools/testing/__init__.py +2 -0
- icdev/tools/testing/acceptance_validator.py +411 -0
- icdev/tools/testing/claude_dir_validator.py +831 -0
- icdev/tools/testing/data_types.py +199 -0
- icdev/tools/testing/e2e_runner.py +715 -0
- icdev/tools/testing/fuzz_cli.py +306 -0
- icdev/tools/testing/health_check.py +483 -0
- icdev/tools/testing/platform_check.py +143 -0
- icdev/tools/testing/production_audit.py +1862 -0
- icdev/tools/testing/production_remediate.py +804 -0
- icdev/tools/testing/screenshot_validator.py +539 -0
- icdev/tools/testing/smoke_test.py +283 -0
- icdev/tools/testing/test_agent_models.py +117 -0
- icdev/tools/testing/test_orchestrator.py +957 -0
- icdev/tools/testing/utils.py +229 -0
- icdev/tools/translation/__init__.py +17 -0
- icdev/tools/translation/code_translator.py +550 -0
- icdev/tools/translation/dependency_mapper.py +277 -0
- icdev/tools/translation/feature_map.py +395 -0
- icdev/tools/translation/project_assembler.py +439 -0
- icdev/tools/translation/source_extractor.py +609 -0
- icdev/tools/translation/test_translator.py +333 -0
- icdev/tools/translation/translation_manager.py +582 -0
- icdev/tools/translation/translation_validator.py +662 -0
- icdev/tools/translation/type_checker.py +371 -0
- icdev-1.0.0.dist-info/METADATA +868 -0
- icdev-1.0.0.dist-info/RECORD +1105 -0
- icdev-1.0.0.dist-info/WHEEL +5 -0
- icdev-1.0.0.dist-info/entry_points.txt +9 -0
- icdev-1.0.0.dist-info/licenses/LICENSE +254 -0
- icdev-1.0.0.dist-info/licenses/NOTICE +268 -0
- icdev-1.0.0.dist-info/top_level.txt +1 -0
|
@@ -0,0 +1,737 @@
|
|
|
1
|
+
#!/usr/bin/env python3
|
|
2
|
+
# CUI // SP-CTI
|
|
3
|
+
"""Prompt Injection Detector — scan text and files for prompt injection attacks.
|
|
4
|
+
|
|
5
|
+
Detects 5 categories of prompt injection per REQ-37-021:
|
|
6
|
+
1. Role hijacking — attempts to override system instructions
|
|
7
|
+
2. Delimiter attacks — injecting chat/prompt delimiters
|
|
8
|
+
3. Instruction injection — explicit override/bypass language
|
|
9
|
+
4. Data exfiltration triggers — attempts to send data externally
|
|
10
|
+
5. Encoded payloads — Base64, unicode escapes, Cyrillic homoglyphs
|
|
11
|
+
|
|
12
|
+
Pattern: tools/security/secret_detector.py (regex BUILTIN_PATTERNS, severity levels, CLI with --gate)
|
|
13
|
+
ADRs: D217 (regex+heuristic, air-gap safe), D218 (SHA-256 prompt hashing)
|
|
14
|
+
|
|
15
|
+
CLI:
|
|
16
|
+
python tools/security/prompt_injection_detector.py --text "ignore previous instructions" --json
|
|
17
|
+
python tools/security/prompt_injection_detector.py --file /path/to/file.md --json
|
|
18
|
+
python tools/security/prompt_injection_detector.py --project-dir /path --gate --json
|
|
19
|
+
"""
|
|
20
|
+
|
|
21
|
+
import argparse
|
|
22
|
+
import base64
|
|
23
|
+
import hashlib
|
|
24
|
+
import json
|
|
25
|
+
import re
|
|
26
|
+
import sqlite3
|
|
27
|
+
import uuid
|
|
28
|
+
from datetime import datetime, timezone
|
|
29
|
+
from pathlib import Path
|
|
30
|
+
from typing import Dict, List, Optional
|
|
31
|
+
from icdev._paths import get_project_root
|
|
32
|
+
|
|
33
|
+
BASE_DIR = get_project_root()
|
|
34
|
+
DB_PATH = BASE_DIR / "data" / "icdev.db"
|
|
35
|
+
|
|
36
|
+
# ============================================================
|
|
37
|
+
# INJECTION PATTERNS — 5 categories per REQ-37-021
|
|
38
|
+
# ============================================================
|
|
39
|
+
INJECTION_PATTERNS: List[Dict] = [
|
|
40
|
+
# ── Category 1: Role Hijacking ──
|
|
41
|
+
{
|
|
42
|
+
"name": "role_hijack_ignore_previous",
|
|
43
|
+
"pattern": r"(?i)(ignore|disregard|forget|abandon|drop)\s+(all\s+)?(previous|prior|above|earlier|existing|system|original)\s+(instructions|prompts|rules|context|guidelines|directives|constraints)",
|
|
44
|
+
"category": "role_hijacking",
|
|
45
|
+
"severity": "critical",
|
|
46
|
+
"confidence": 0.95,
|
|
47
|
+
"description": "Attempts to discard prior system instructions",
|
|
48
|
+
},
|
|
49
|
+
{
|
|
50
|
+
"name": "role_hijack_you_are_now",
|
|
51
|
+
"pattern": r"(?i)you\s+are\s+now\s+(a\s+)?[a-z]+",
|
|
52
|
+
"category": "role_hijacking",
|
|
53
|
+
"severity": "critical",
|
|
54
|
+
"confidence": 0.85,
|
|
55
|
+
"description": "Attempts to reassign the AI's identity/role",
|
|
56
|
+
},
|
|
57
|
+
{
|
|
58
|
+
"name": "role_hijack_new_instructions",
|
|
59
|
+
"pattern": r"(?i)(new\s+instructions|updated\s+system\s+prompt|your\s+new\s+role|act\s+as\s+if|pretend\s+you\s+are|roleplay\s+as)",
|
|
60
|
+
"category": "role_hijacking",
|
|
61
|
+
"severity": "high",
|
|
62
|
+
"confidence": 0.80,
|
|
63
|
+
"description": "Attempts to inject new role or system prompt",
|
|
64
|
+
},
|
|
65
|
+
{
|
|
66
|
+
"name": "role_hijack_jailbreak",
|
|
67
|
+
"pattern": r"(?i)(DAN|do\s+anything\s+now|developer\s+mode|jailbreak|unrestricted\s+mode|god\s+mode|admin\s+mode)",
|
|
68
|
+
"category": "role_hijacking",
|
|
69
|
+
"severity": "critical",
|
|
70
|
+
"confidence": 0.90,
|
|
71
|
+
"description": "Known jailbreak prompt patterns",
|
|
72
|
+
},
|
|
73
|
+
# ── Category 2: Delimiter Attacks ──
|
|
74
|
+
{
|
|
75
|
+
"name": "delimiter_system_tag",
|
|
76
|
+
"pattern": r"<\|?(?:im_start|im_end|system|user|assistant|endoftext)\|?>",
|
|
77
|
+
"category": "delimiter_attack",
|
|
78
|
+
"severity": "critical",
|
|
79
|
+
"confidence": 0.95,
|
|
80
|
+
"description": "Injecting chat template delimiters (OpenAI/HuggingFace format)",
|
|
81
|
+
},
|
|
82
|
+
{
|
|
83
|
+
"name": "delimiter_xml_system",
|
|
84
|
+
"pattern": r"</?system(?:\s+[^>]*)?>",
|
|
85
|
+
"category": "delimiter_attack",
|
|
86
|
+
"severity": "high",
|
|
87
|
+
"confidence": 0.80,
|
|
88
|
+
"description": "Injecting XML-style system tags",
|
|
89
|
+
},
|
|
90
|
+
{
|
|
91
|
+
"name": "delimiter_inst",
|
|
92
|
+
"pattern": r"\[/?INST\]|\[/?SYS\]",
|
|
93
|
+
"category": "delimiter_attack",
|
|
94
|
+
"severity": "critical",
|
|
95
|
+
"confidence": 0.90,
|
|
96
|
+
"description": "Injecting Llama/Mistral instruction delimiters",
|
|
97
|
+
},
|
|
98
|
+
{
|
|
99
|
+
"name": "delimiter_markdown_system",
|
|
100
|
+
"pattern": r"```\s*system\s*\n",
|
|
101
|
+
"category": "delimiter_attack",
|
|
102
|
+
"severity": "high",
|
|
103
|
+
"confidence": 0.75,
|
|
104
|
+
"description": "Markdown code block disguised as system prompt",
|
|
105
|
+
},
|
|
106
|
+
{
|
|
107
|
+
"name": "delimiter_triple_backtick_injection",
|
|
108
|
+
"pattern": r"```\s*(?:python|bash|sh|javascript)\s*\n.*(?:exec|eval|subprocess|os\.system|import\s+os)",
|
|
109
|
+
"category": "delimiter_attack",
|
|
110
|
+
"severity": "high",
|
|
111
|
+
"confidence": 0.70,
|
|
112
|
+
"description": "Code block with executable payload",
|
|
113
|
+
},
|
|
114
|
+
# ── Category 3: Instruction Injection ──
|
|
115
|
+
{
|
|
116
|
+
"name": "instruction_override",
|
|
117
|
+
"pattern": r"(?i)(override|bypass|circumvent|ignore|disable|turn\s+off|deactivate|skip)\s+(your|the|all|my|any|every)\s+(\w+\s+)?(instructions|rules|restrictions|guidelines|filters|safety|guardrails|constraints|policies|limitations)",
|
|
118
|
+
"category": "instruction_injection",
|
|
119
|
+
"severity": "critical",
|
|
120
|
+
"confidence": 0.90,
|
|
121
|
+
"description": "Explicit instruction override attempts",
|
|
122
|
+
},
|
|
123
|
+
{
|
|
124
|
+
"name": "instruction_do_not_follow",
|
|
125
|
+
"pattern": r"(?i)do\s+not\s+follow\s+(your|the|any|previous)\s+(instructions|guidelines|rules|training|programming)",
|
|
126
|
+
"category": "instruction_injection",
|
|
127
|
+
"severity": "critical",
|
|
128
|
+
"confidence": 0.92,
|
|
129
|
+
"description": "Direct instruction to violate guidelines",
|
|
130
|
+
},
|
|
131
|
+
{
|
|
132
|
+
"name": "instruction_secret_mode",
|
|
133
|
+
"pattern": r"(?i)(enter|switch\s+to|enable|activate)\s+(secret|hidden|debug|test|admin|root|sudo|unrestricted|verbose|developer)\s+(mode|access|state|prompt)",
|
|
134
|
+
"category": "instruction_injection",
|
|
135
|
+
"severity": "high",
|
|
136
|
+
"confidence": 0.85,
|
|
137
|
+
"description": "Attempts to activate non-existent modes",
|
|
138
|
+
},
|
|
139
|
+
{
|
|
140
|
+
"name": "instruction_system_prompt_reveal",
|
|
141
|
+
"pattern": r"(?i)(reveal|show|display|print|output|repeat|recite|tell\s+me)\s+(me\s+)?(your|the)\s+(system\s+prompt|instructions|initial\s+prompt|original\s+prompt|hidden\s+prompt|internal\s+prompt|internal\s+instructions|configuration|rules)",
|
|
142
|
+
"category": "instruction_injection",
|
|
143
|
+
"severity": "high",
|
|
144
|
+
"confidence": 0.88,
|
|
145
|
+
"description": "System prompt extraction attempt (AML.T0056)",
|
|
146
|
+
},
|
|
147
|
+
# ── Category 4: Data Exfiltration Triggers ──
|
|
148
|
+
{
|
|
149
|
+
"name": "exfil_send_data",
|
|
150
|
+
"pattern": r"(?i)(send|email|post|transmit|forward|upload|exfiltrate|transfer|relay)\s+(\w+\s+){0,4}(to|at|via)\s+(https?://|ftp://|mailto:|[a-zA-Z0-9._%+-]+@)",
|
|
151
|
+
"category": "data_exfiltration",
|
|
152
|
+
"severity": "critical",
|
|
153
|
+
"confidence": 0.90,
|
|
154
|
+
"description": "Attempts to exfiltrate data to external endpoints",
|
|
155
|
+
},
|
|
156
|
+
{
|
|
157
|
+
"name": "exfil_curl_wget",
|
|
158
|
+
"pattern": r"(?i)(curl|wget|fetch|http\.get|requests\.(?:get|post)|urllib)\s+['\"]?https?://",
|
|
159
|
+
"category": "data_exfiltration",
|
|
160
|
+
"severity": "high",
|
|
161
|
+
"confidence": 0.80,
|
|
162
|
+
"description": "HTTP request commands targeting external URLs",
|
|
163
|
+
},
|
|
164
|
+
{
|
|
165
|
+
"name": "exfil_webhook_url",
|
|
166
|
+
"pattern": r"(?i)(webhook|callback|notify)\s*[=:]\s*['\"]?https?://",
|
|
167
|
+
"category": "data_exfiltration",
|
|
168
|
+
"severity": "high",
|
|
169
|
+
"confidence": 0.75,
|
|
170
|
+
"description": "Webhook/callback URL injection",
|
|
171
|
+
},
|
|
172
|
+
{
|
|
173
|
+
"name": "exfil_encode_and_send",
|
|
174
|
+
"pattern": r"(?i)(encode|encrypt|compress|serialize)\s+(and|then|before)\s+(send|post|transmit|upload)",
|
|
175
|
+
"category": "data_exfiltration",
|
|
176
|
+
"severity": "high",
|
|
177
|
+
"confidence": 0.80,
|
|
178
|
+
"description": "Encode-then-exfiltrate pattern",
|
|
179
|
+
},
|
|
180
|
+
# ── Category 5: Encoded Payloads ──
|
|
181
|
+
{
|
|
182
|
+
"name": "encoded_base64_block",
|
|
183
|
+
"pattern": r"(?:[A-Za-z0-9+/]{4}){10,}(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?",
|
|
184
|
+
"category": "encoded_payload",
|
|
185
|
+
"severity": "medium",
|
|
186
|
+
"confidence": 0.60,
|
|
187
|
+
"description": "Suspicious Base64-encoded block (40+ chars)",
|
|
188
|
+
},
|
|
189
|
+
{
|
|
190
|
+
"name": "encoded_unicode_escape",
|
|
191
|
+
"pattern": r"(?:\\u[0-9a-fA-F]{4}){4,}",
|
|
192
|
+
"category": "encoded_payload",
|
|
193
|
+
"severity": "medium",
|
|
194
|
+
"confidence": 0.70,
|
|
195
|
+
"description": "Unicode escape sequence chain (potential obfuscation)",
|
|
196
|
+
},
|
|
197
|
+
{
|
|
198
|
+
"name": "encoded_hex_payload",
|
|
199
|
+
"pattern": r"(?:\\x[0-9a-fA-F]{2}){8,}",
|
|
200
|
+
"category": "encoded_payload",
|
|
201
|
+
"severity": "medium",
|
|
202
|
+
"confidence": 0.65,
|
|
203
|
+
"description": "Hex-encoded payload (potential obfuscation)",
|
|
204
|
+
},
|
|
205
|
+
{
|
|
206
|
+
"name": "encoded_cyrillic_homoglyph",
|
|
207
|
+
"pattern": r"[\u0400-\u04FF]",
|
|
208
|
+
"category": "encoded_payload",
|
|
209
|
+
"severity": "high",
|
|
210
|
+
"confidence": 0.60,
|
|
211
|
+
"description": "Cyrillic characters (potential homoglyph attack)",
|
|
212
|
+
},
|
|
213
|
+
{
|
|
214
|
+
"name": "encoded_invisible_chars",
|
|
215
|
+
"pattern": r"[\u200b\u200c\u200d\u200e\u200f\u2060\u2061\u2062\u2063\u2064\ufeff]",
|
|
216
|
+
"category": "encoded_payload",
|
|
217
|
+
"severity": "high",
|
|
218
|
+
"confidence": 0.75,
|
|
219
|
+
"description": "Invisible/zero-width Unicode characters (steganographic injection)",
|
|
220
|
+
},
|
|
221
|
+
]
|
|
222
|
+
|
|
223
|
+
# File extensions to scan
|
|
224
|
+
SCANNABLE_EXTENSIONS = {
|
|
225
|
+
".md", ".yaml", ".yml", ".json", ".txt", ".csv",
|
|
226
|
+
".py", ".js", ".ts", ".java", ".go", ".rs", ".cs",
|
|
227
|
+
".html", ".xml", ".toml", ".cfg", ".ini", ".conf",
|
|
228
|
+
".sh", ".bash", ".bat", ".ps1",
|
|
229
|
+
".env", ".properties", ".feature", ".gherkin",
|
|
230
|
+
}
|
|
231
|
+
|
|
232
|
+
SKIP_DIRS = {
|
|
233
|
+
"venv", "node_modules", ".git", "__pycache__", "build", "dist",
|
|
234
|
+
".eggs", ".tox", ".mypy_cache", ".pytest_cache", ".tmp",
|
|
235
|
+
}
|
|
236
|
+
|
|
237
|
+
|
|
238
|
+
class PromptInjectionDetector:
|
|
239
|
+
"""Detect prompt injection attacks in text and files.
|
|
240
|
+
|
|
241
|
+
Uses regex + heuristic pattern matching (D217 — air-gap safe,
|
|
242
|
+
no LLM dependency). Logs detections to append-only DB table.
|
|
243
|
+
"""
|
|
244
|
+
|
|
245
|
+
def __init__(self, db_path: Optional[Path] = None):
|
|
246
|
+
self._db_path = db_path or DB_PATH
|
|
247
|
+
self._compiled_patterns = [
|
|
248
|
+
{
|
|
249
|
+
"name": p["name"],
|
|
250
|
+
"regex": re.compile(p["pattern"]),
|
|
251
|
+
"category": p["category"],
|
|
252
|
+
"severity": p["severity"],
|
|
253
|
+
"confidence": p["confidence"],
|
|
254
|
+
"description": p["description"],
|
|
255
|
+
}
|
|
256
|
+
for p in INJECTION_PATTERNS
|
|
257
|
+
]
|
|
258
|
+
|
|
259
|
+
# ---------------------------------------------------------------
|
|
260
|
+
# Scanning
|
|
261
|
+
# ---------------------------------------------------------------
|
|
262
|
+
def scan_text(self, text: str, source: str = "unknown") -> Dict:
|
|
263
|
+
"""Scan text for prompt injection patterns.
|
|
264
|
+
|
|
265
|
+
Args:
|
|
266
|
+
text: The text to scan.
|
|
267
|
+
source: Origin label (e.g. 'user_input', 'jira_issue', 'file:foo.md').
|
|
268
|
+
|
|
269
|
+
Returns:
|
|
270
|
+
Dict with keys: detected, confidence, findings, action, source,
|
|
271
|
+
text_hash, scanned_at.
|
|
272
|
+
"""
|
|
273
|
+
findings = []
|
|
274
|
+
text_hash = hashlib.sha256(text.encode("utf-8")).hexdigest()
|
|
275
|
+
|
|
276
|
+
for pat in self._compiled_patterns:
|
|
277
|
+
for match in pat["regex"].finditer(text):
|
|
278
|
+
# Context: surrounding text for human review
|
|
279
|
+
start = max(0, match.start() - 30)
|
|
280
|
+
end = min(len(text), match.end() + 30)
|
|
281
|
+
context_snippet = text[start:end].replace("\n", " ")
|
|
282
|
+
|
|
283
|
+
findings.append({
|
|
284
|
+
"pattern_name": pat["name"],
|
|
285
|
+
"category": pat["category"],
|
|
286
|
+
"severity": pat["severity"],
|
|
287
|
+
"confidence": pat["confidence"],
|
|
288
|
+
"match": match.group()[:100],
|
|
289
|
+
"position": match.start(),
|
|
290
|
+
"context": context_snippet[:200],
|
|
291
|
+
"description": pat["description"],
|
|
292
|
+
})
|
|
293
|
+
|
|
294
|
+
# Deduplicate overlapping matches of same category
|
|
295
|
+
findings = self._deduplicate_findings(findings)
|
|
296
|
+
|
|
297
|
+
confidence = self._compute_confidence(findings)
|
|
298
|
+
action = self._determine_action(confidence)
|
|
299
|
+
|
|
300
|
+
return {
|
|
301
|
+
"detected": len(findings) > 0,
|
|
302
|
+
"confidence": round(confidence, 4),
|
|
303
|
+
"action": action,
|
|
304
|
+
"findings": findings,
|
|
305
|
+
"finding_count": len(findings),
|
|
306
|
+
"source": source,
|
|
307
|
+
"text_hash": text_hash,
|
|
308
|
+
"scanned_at": datetime.now(timezone.utc).isoformat(),
|
|
309
|
+
}
|
|
310
|
+
|
|
311
|
+
def scan_file(self, file_path: str, source: Optional[str] = None) -> Dict:
|
|
312
|
+
"""Scan a file for prompt injection patterns.
|
|
313
|
+
|
|
314
|
+
Args:
|
|
315
|
+
file_path: Path to the file.
|
|
316
|
+
source: Override source label.
|
|
317
|
+
|
|
318
|
+
Returns:
|
|
319
|
+
Dict matching scan_text output, with added file_path key.
|
|
320
|
+
"""
|
|
321
|
+
path = Path(file_path)
|
|
322
|
+
if not path.exists():
|
|
323
|
+
return {
|
|
324
|
+
"detected": False,
|
|
325
|
+
"confidence": 0.0,
|
|
326
|
+
"action": "allow",
|
|
327
|
+
"findings": [],
|
|
328
|
+
"finding_count": 0,
|
|
329
|
+
"source": source or f"file:{path.name}",
|
|
330
|
+
"file_path": str(path),
|
|
331
|
+
"error": "File not found",
|
|
332
|
+
"scanned_at": datetime.now(timezone.utc).isoformat(),
|
|
333
|
+
}
|
|
334
|
+
|
|
335
|
+
try:
|
|
336
|
+
content = path.read_text(encoding="utf-8", errors="ignore")
|
|
337
|
+
except IOError as e:
|
|
338
|
+
return {
|
|
339
|
+
"detected": False,
|
|
340
|
+
"confidence": 0.0,
|
|
341
|
+
"action": "allow",
|
|
342
|
+
"findings": [],
|
|
343
|
+
"finding_count": 0,
|
|
344
|
+
"source": source or f"file:{path.name}",
|
|
345
|
+
"file_path": str(path),
|
|
346
|
+
"error": str(e),
|
|
347
|
+
"scanned_at": datetime.now(timezone.utc).isoformat(),
|
|
348
|
+
}
|
|
349
|
+
|
|
350
|
+
result = self.scan_text(content, source=source or f"file:{path.name}")
|
|
351
|
+
result["file_path"] = str(path)
|
|
352
|
+
return result
|
|
353
|
+
|
|
354
|
+
def scan_project(self, project_dir: str) -> Dict:
|
|
355
|
+
"""Scan all scannable files in a project directory.
|
|
356
|
+
|
|
357
|
+
Returns:
|
|
358
|
+
Dict with project-level summary and per-file findings.
|
|
359
|
+
"""
|
|
360
|
+
root = Path(project_dir)
|
|
361
|
+
file_results = []
|
|
362
|
+
total_findings = 0
|
|
363
|
+
files_scanned = 0
|
|
364
|
+
max_confidence = 0.0
|
|
365
|
+
|
|
366
|
+
for fpath in self._walk_files(root):
|
|
367
|
+
files_scanned += 1
|
|
368
|
+
result = self.scan_file(str(fpath), source=f"project:{fpath.relative_to(root)}")
|
|
369
|
+
if result["detected"]:
|
|
370
|
+
file_results.append(result)
|
|
371
|
+
total_findings += result["finding_count"]
|
|
372
|
+
max_confidence = max(max_confidence, result["confidence"])
|
|
373
|
+
|
|
374
|
+
overall_action = self._determine_action(max_confidence) if total_findings > 0 else "allow"
|
|
375
|
+
|
|
376
|
+
return {
|
|
377
|
+
"detected": total_findings > 0,
|
|
378
|
+
"confidence": round(max_confidence, 4),
|
|
379
|
+
"action": overall_action,
|
|
380
|
+
"total_findings": total_findings,
|
|
381
|
+
"files_with_findings": len(file_results),
|
|
382
|
+
"files_scanned": files_scanned,
|
|
383
|
+
"file_results": file_results,
|
|
384
|
+
"project_dir": str(root),
|
|
385
|
+
"scanned_at": datetime.now(timezone.utc).isoformat(),
|
|
386
|
+
}
|
|
387
|
+
|
|
388
|
+
# ---------------------------------------------------------------
|
|
389
|
+
# Confidence & action logic
|
|
390
|
+
# ---------------------------------------------------------------
|
|
391
|
+
def _compute_confidence(self, findings: List[Dict]) -> float:
|
|
392
|
+
"""Compute aggregate confidence from individual findings.
|
|
393
|
+
|
|
394
|
+
Uses max-confidence approach weighted by severity. Multiple
|
|
395
|
+
findings in the same category boost confidence slightly.
|
|
396
|
+
"""
|
|
397
|
+
if not findings:
|
|
398
|
+
return 0.0
|
|
399
|
+
|
|
400
|
+
severity_weight = {
|
|
401
|
+
"critical": 1.0,
|
|
402
|
+
"high": 0.85,
|
|
403
|
+
"medium": 0.65,
|
|
404
|
+
"low": 0.40,
|
|
405
|
+
}
|
|
406
|
+
|
|
407
|
+
# Start with highest individual confidence
|
|
408
|
+
max_conf = max(f["confidence"] for f in findings)
|
|
409
|
+
|
|
410
|
+
# Boost for multiple categories detected
|
|
411
|
+
categories = set(f["category"] for f in findings)
|
|
412
|
+
category_boost = min(0.10, len(categories) * 0.03)
|
|
413
|
+
|
|
414
|
+
# Boost for severity
|
|
415
|
+
severities = [f["severity"] for f in findings]
|
|
416
|
+
max_severity_weight = max(severity_weight.get(s, 0.5) for s in severities)
|
|
417
|
+
|
|
418
|
+
# Final confidence: base * severity weight + category diversity boost
|
|
419
|
+
confidence = min(1.0, (max_conf * max_severity_weight) + category_boost)
|
|
420
|
+
return confidence
|
|
421
|
+
|
|
422
|
+
@staticmethod
|
|
423
|
+
def _determine_action(confidence: float) -> str:
|
|
424
|
+
"""Determine response action based on confidence level.
|
|
425
|
+
|
|
426
|
+
Per REQ-37-022:
|
|
427
|
+
>= 0.90: block — reject input, log, alert
|
|
428
|
+
0.70–0.89: flag — log, continue with warning, require review
|
|
429
|
+
0.50–0.69: warn — log, continue normally with warning
|
|
430
|
+
< 0.50: allow — log only if detected, continue normally
|
|
431
|
+
"""
|
|
432
|
+
if confidence >= 0.90:
|
|
433
|
+
return "block"
|
|
434
|
+
elif confidence >= 0.70:
|
|
435
|
+
return "flag"
|
|
436
|
+
elif confidence >= 0.50:
|
|
437
|
+
return "warn"
|
|
438
|
+
return "allow"
|
|
439
|
+
|
|
440
|
+
def _deduplicate_findings(self, findings: List[Dict]) -> List[Dict]:
|
|
441
|
+
"""Remove duplicate findings at the same position for same category."""
|
|
442
|
+
seen = set()
|
|
443
|
+
deduped = []
|
|
444
|
+
for f in findings:
|
|
445
|
+
key = (f["category"], f["position"])
|
|
446
|
+
if key not in seen:
|
|
447
|
+
seen.add(key)
|
|
448
|
+
deduped.append(f)
|
|
449
|
+
return deduped
|
|
450
|
+
|
|
451
|
+
# ---------------------------------------------------------------
|
|
452
|
+
# Database logging (append-only per D6)
|
|
453
|
+
# ---------------------------------------------------------------
|
|
454
|
+
def log_detection(
|
|
455
|
+
self,
|
|
456
|
+
scan_result: Dict,
|
|
457
|
+
project_id: Optional[str] = None,
|
|
458
|
+
user_id: Optional[str] = None,
|
|
459
|
+
) -> Optional[str]:
|
|
460
|
+
"""Log a detection result to the prompt_injection_log table.
|
|
461
|
+
|
|
462
|
+
Append-only per D6 — no UPDATE/DELETE.
|
|
463
|
+
|
|
464
|
+
Returns:
|
|
465
|
+
The log entry ID, or None if DB unavailable.
|
|
466
|
+
"""
|
|
467
|
+
if not self._db_path.exists():
|
|
468
|
+
return None
|
|
469
|
+
|
|
470
|
+
entry_id = str(uuid.uuid4())
|
|
471
|
+
try:
|
|
472
|
+
conn = sqlite3.connect(str(self._db_path))
|
|
473
|
+
conn.execute(
|
|
474
|
+
"""INSERT INTO prompt_injection_log
|
|
475
|
+
(id, project_id, user_id, source, text_hash,
|
|
476
|
+
detected, confidence, action, finding_count,
|
|
477
|
+
findings_json, scanned_at, classification)
|
|
478
|
+
VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)""",
|
|
479
|
+
(
|
|
480
|
+
entry_id,
|
|
481
|
+
project_id,
|
|
482
|
+
user_id,
|
|
483
|
+
scan_result.get("source", "unknown"),
|
|
484
|
+
scan_result.get("text_hash", ""),
|
|
485
|
+
1 if scan_result.get("detected") else 0,
|
|
486
|
+
scan_result.get("confidence", 0.0),
|
|
487
|
+
scan_result.get("action", "allow"),
|
|
488
|
+
scan_result.get("finding_count", 0),
|
|
489
|
+
json.dumps(scan_result.get("findings", [])),
|
|
490
|
+
scan_result.get("scanned_at", datetime.now(timezone.utc).isoformat()),
|
|
491
|
+
"CUI",
|
|
492
|
+
),
|
|
493
|
+
)
|
|
494
|
+
conn.commit()
|
|
495
|
+
conn.close()
|
|
496
|
+
return entry_id
|
|
497
|
+
except Exception:
|
|
498
|
+
return None
|
|
499
|
+
|
|
500
|
+
# ---------------------------------------------------------------
|
|
501
|
+
# Gate evaluation
|
|
502
|
+
# ---------------------------------------------------------------
|
|
503
|
+
def evaluate_gate(self, project_id: str) -> Dict:
|
|
504
|
+
"""Evaluate prompt injection security gate for a project.
|
|
505
|
+
|
|
506
|
+
Checks:
|
|
507
|
+
- Any high-confidence (block-level) injections unresolved
|
|
508
|
+
- Number of flag-level injections within threshold
|
|
509
|
+
- Detection system active (this tool exists and patterns loaded)
|
|
510
|
+
|
|
511
|
+
Returns:
|
|
512
|
+
Dict with keys: passed, blocking_issues, warnings, details.
|
|
513
|
+
"""
|
|
514
|
+
blocking_issues = []
|
|
515
|
+
warnings = []
|
|
516
|
+
|
|
517
|
+
# Check 1: Detection active
|
|
518
|
+
if not self._compiled_patterns:
|
|
519
|
+
blocking_issues.append("prompt_injection_defense_inactive")
|
|
520
|
+
|
|
521
|
+
# Check 2: Query recent detections from DB
|
|
522
|
+
blocked_count = 0
|
|
523
|
+
flagged_count = 0
|
|
524
|
+
|
|
525
|
+
if self._db_path.exists():
|
|
526
|
+
try:
|
|
527
|
+
conn = sqlite3.connect(str(self._db_path))
|
|
528
|
+
cursor = conn.execute(
|
|
529
|
+
"""SELECT action, COUNT(*) FROM prompt_injection_log
|
|
530
|
+
WHERE project_id = ? AND action IN ('block', 'flag')
|
|
531
|
+
GROUP BY action""",
|
|
532
|
+
(project_id,),
|
|
533
|
+
)
|
|
534
|
+
for row in cursor:
|
|
535
|
+
if row[0] == "block":
|
|
536
|
+
blocked_count = row[1]
|
|
537
|
+
elif row[0] == "flag":
|
|
538
|
+
flagged_count = row[1]
|
|
539
|
+
conn.close()
|
|
540
|
+
except Exception:
|
|
541
|
+
pass
|
|
542
|
+
|
|
543
|
+
if blocked_count > 0:
|
|
544
|
+
blocking_issues.append(
|
|
545
|
+
f"high_confidence_injection_unresolved: {blocked_count} blocked injection(s)"
|
|
546
|
+
)
|
|
547
|
+
|
|
548
|
+
if flagged_count > 5:
|
|
549
|
+
warnings.append(
|
|
550
|
+
f"flagged_injection_count_high: {flagged_count} flagged injection(s)"
|
|
551
|
+
)
|
|
552
|
+
|
|
553
|
+
return {
|
|
554
|
+
"passed": len(blocking_issues) == 0,
|
|
555
|
+
"blocking_issues": blocking_issues,
|
|
556
|
+
"warnings": warnings,
|
|
557
|
+
"details": {
|
|
558
|
+
"detection_active": len(self._compiled_patterns) > 0,
|
|
559
|
+
"pattern_count": len(self._compiled_patterns),
|
|
560
|
+
"blocked_count": blocked_count,
|
|
561
|
+
"flagged_count": flagged_count,
|
|
562
|
+
},
|
|
563
|
+
}
|
|
564
|
+
|
|
565
|
+
# ---------------------------------------------------------------
|
|
566
|
+
# File walking
|
|
567
|
+
# ---------------------------------------------------------------
|
|
568
|
+
@staticmethod
|
|
569
|
+
def _walk_files(root: Path):
|
|
570
|
+
"""Walk scannable files, skipping binaries and ignored dirs."""
|
|
571
|
+
for item in root.iterdir():
|
|
572
|
+
if item.name in SKIP_DIRS:
|
|
573
|
+
continue
|
|
574
|
+
if item.is_dir():
|
|
575
|
+
yield from PromptInjectionDetector._walk_files(item)
|
|
576
|
+
elif item.is_file():
|
|
577
|
+
if item.suffix.lower() in SCANNABLE_EXTENSIONS:
|
|
578
|
+
yield item
|
|
579
|
+
|
|
580
|
+
# ---------------------------------------------------------------
|
|
581
|
+
# Base64 deep inspection
|
|
582
|
+
# ---------------------------------------------------------------
|
|
583
|
+
def check_base64_payload(self, text: str) -> List[Dict]:
|
|
584
|
+
"""Decode Base64 blocks and scan decoded content for injection.
|
|
585
|
+
|
|
586
|
+
Returns list of findings from decoded payloads.
|
|
587
|
+
"""
|
|
588
|
+
b64_pattern = re.compile(
|
|
589
|
+
r"(?:[A-Za-z0-9+/]{4}){10,}(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?"
|
|
590
|
+
)
|
|
591
|
+
deep_findings = []
|
|
592
|
+
|
|
593
|
+
for match in b64_pattern.finditer(text):
|
|
594
|
+
try:
|
|
595
|
+
decoded = base64.b64decode(match.group()).decode("utf-8", errors="ignore")
|
|
596
|
+
if len(decoded) > 10:
|
|
597
|
+
inner_result = self.scan_text(decoded, source="base64_decoded")
|
|
598
|
+
if inner_result["detected"]:
|
|
599
|
+
for f in inner_result["findings"]:
|
|
600
|
+
f["note"] = "Found inside Base64-encoded payload"
|
|
601
|
+
deep_findings.append(f)
|
|
602
|
+
except Exception:
|
|
603
|
+
continue
|
|
604
|
+
|
|
605
|
+
return deep_findings
|
|
606
|
+
|
|
607
|
+
|
|
608
|
+
# ===============================================================
|
|
609
|
+
# CLI
|
|
610
|
+
# ===============================================================
|
|
611
|
+
def main():
|
|
612
|
+
parser = argparse.ArgumentParser(
|
|
613
|
+
description="Prompt Injection Detector — scan text and files for injection attacks"
|
|
614
|
+
)
|
|
615
|
+
parser.add_argument("--text", help="Text string to scan")
|
|
616
|
+
parser.add_argument("--file", help="File path to scan")
|
|
617
|
+
parser.add_argument("--project-dir", help="Project directory to scan (all scannable files)")
|
|
618
|
+
parser.add_argument("--gate", action="store_true", help="Evaluate security gate for project")
|
|
619
|
+
parser.add_argument("--project-id", help="Project ID for gate evaluation and logging")
|
|
620
|
+
parser.add_argument("--deep", action="store_true", help="Enable deep Base64 payload inspection")
|
|
621
|
+
parser.add_argument("--log", action="store_true", help="Log results to database")
|
|
622
|
+
parser.add_argument("--json", action="store_true", help="Output as JSON")
|
|
623
|
+
args = parser.parse_args()
|
|
624
|
+
|
|
625
|
+
detector = PromptInjectionDetector()
|
|
626
|
+
result = None
|
|
627
|
+
|
|
628
|
+
if args.text:
|
|
629
|
+
result = detector.scan_text(args.text, source="cli_text")
|
|
630
|
+
if args.deep:
|
|
631
|
+
deep = detector.check_base64_payload(args.text)
|
|
632
|
+
if deep:
|
|
633
|
+
result["deep_findings"] = deep
|
|
634
|
+
result["finding_count"] += len(deep)
|
|
635
|
+
result["detected"] = True
|
|
636
|
+
|
|
637
|
+
elif args.file:
|
|
638
|
+
result = detector.scan_file(args.file)
|
|
639
|
+
if args.deep:
|
|
640
|
+
try:
|
|
641
|
+
content = Path(args.file).read_text(encoding="utf-8", errors="ignore")
|
|
642
|
+
deep = detector.check_base64_payload(content)
|
|
643
|
+
if deep:
|
|
644
|
+
result["deep_findings"] = deep
|
|
645
|
+
result["finding_count"] += len(deep)
|
|
646
|
+
result["detected"] = True
|
|
647
|
+
except IOError:
|
|
648
|
+
pass
|
|
649
|
+
|
|
650
|
+
elif args.project_dir:
|
|
651
|
+
result = detector.scan_project(args.project_dir)
|
|
652
|
+
|
|
653
|
+
elif args.gate:
|
|
654
|
+
if not args.project_id:
|
|
655
|
+
print("Error: --project-id required for --gate evaluation", file=__import__("sys").stderr)
|
|
656
|
+
__import__("sys").exit(1)
|
|
657
|
+
result = detector.evaluate_gate(args.project_id)
|
|
658
|
+
|
|
659
|
+
else:
|
|
660
|
+
parser.print_help()
|
|
661
|
+
return
|
|
662
|
+
|
|
663
|
+
# Log to DB if requested
|
|
664
|
+
if args.log and result and not args.gate:
|
|
665
|
+
entry_id = detector.log_detection(result, project_id=args.project_id)
|
|
666
|
+
if entry_id:
|
|
667
|
+
result["log_entry_id"] = entry_id
|
|
668
|
+
|
|
669
|
+
# Gate evaluation can be combined with scan
|
|
670
|
+
if args.gate and args.project_id and not (not args.text and not args.file and not args.project_dir):
|
|
671
|
+
gate_result = detector.evaluate_gate(args.project_id)
|
|
672
|
+
if result:
|
|
673
|
+
result["gate"] = gate_result
|
|
674
|
+
|
|
675
|
+
# Output
|
|
676
|
+
if args.json:
|
|
677
|
+
print(json.dumps(result, indent=2))
|
|
678
|
+
else:
|
|
679
|
+
_print_human(result, is_gate=args.gate and not args.text and not args.file and not args.project_dir)
|
|
680
|
+
|
|
681
|
+
|
|
682
|
+
def _print_human(result: Dict, is_gate: bool = False):
|
|
683
|
+
"""Print human-readable output."""
|
|
684
|
+
if is_gate:
|
|
685
|
+
status = "PASSED" if result.get("passed") else "FAILED"
|
|
686
|
+
print(f"Prompt Injection Security Gate: {status}")
|
|
687
|
+
details = result.get("details", {})
|
|
688
|
+
print(f" Detection active: {details.get('detection_active', False)}")
|
|
689
|
+
print(f" Patterns loaded: {details.get('pattern_count', 0)}")
|
|
690
|
+
print(f" Blocked detections: {details.get('blocked_count', 0)}")
|
|
691
|
+
print(f" Flagged detections: {details.get('flagged_count', 0)}")
|
|
692
|
+
for issue in result.get("blocking_issues", []):
|
|
693
|
+
print(f" BLOCKING: {issue}")
|
|
694
|
+
for warn in result.get("warnings", []):
|
|
695
|
+
print(f" WARNING: {warn}")
|
|
696
|
+
return
|
|
697
|
+
|
|
698
|
+
detected = result.get("detected", False)
|
|
699
|
+
confidence = result.get("confidence", 0.0)
|
|
700
|
+
action = result.get("action", "allow")
|
|
701
|
+
source = result.get("source", "unknown")
|
|
702
|
+
|
|
703
|
+
print(f"Prompt Injection Scan ({source})")
|
|
704
|
+
print(f" Detected: {detected}")
|
|
705
|
+
print(f" Confidence: {confidence:.2%}")
|
|
706
|
+
print(f" Action: {action.upper()}")
|
|
707
|
+
|
|
708
|
+
findings = result.get("findings", [])
|
|
709
|
+
if findings:
|
|
710
|
+
print(f" Findings: {len(findings)}")
|
|
711
|
+
for f in findings[:20]:
|
|
712
|
+
sev = f.get("severity", "?")
|
|
713
|
+
cat = f.get("category", "?")
|
|
714
|
+
name = f.get("pattern_name", "?")
|
|
715
|
+
print(f" [{sev}] {cat}: {name}")
|
|
716
|
+
print(f" {f.get('description', '')}")
|
|
717
|
+
if len(findings) > 20:
|
|
718
|
+
print(f" ... and {len(findings) - 20} more")
|
|
719
|
+
else:
|
|
720
|
+
print(" No injection patterns detected.")
|
|
721
|
+
|
|
722
|
+
# Project-level summary
|
|
723
|
+
if "files_scanned" in result:
|
|
724
|
+
print(f"\n Files scanned: {result['files_scanned']}")
|
|
725
|
+
print(f" Files with findings: {result['files_with_findings']}")
|
|
726
|
+
print(f" Total findings: {result['total_findings']}")
|
|
727
|
+
|
|
728
|
+
gate = result.get("gate")
|
|
729
|
+
if gate:
|
|
730
|
+
status = "PASSED" if gate["passed"] else "FAILED"
|
|
731
|
+
print(f"\n Security Gate: {status}")
|
|
732
|
+
for issue in gate.get("blocking_issues", []):
|
|
733
|
+
print(f" BLOCKING: {issue}")
|
|
734
|
+
|
|
735
|
+
|
|
736
|
+
if __name__ == "__main__":
|
|
737
|
+
main()
|