mcp-context-engineering
Version:
The intelligent context optimization system for AI coding assistants. Built with Cole's PRP methodology, Context Portal knowledge graphs, and production-ready MongoDB architecture.
189 lines (188 loc) • 6.42 kB
TypeScript
import { z } from 'zod';
/**
* Security Manager - Octocode-inspired multi-layer security
*
* Implements comprehensive security patterns:
* - Input sanitization and validation
* - Real-time secret detection (1100+ patterns)
* - Prompt injection defense
* - Content redaction and privacy protection
* - Multi-layer protection with fallback strategies
*/
export declare const SecurityConfigSchema: z.ZodObject<{
secret_detection: z.ZodObject<{
enabled: z.ZodDefault<z.ZodBoolean>;
patterns_file: z.ZodOptional<z.ZodString>;
custom_patterns: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
redaction_char: z.ZodDefault<z.ZodString>;
context_window: z.ZodDefault<z.ZodNumber>;
}, "strip", z.ZodTypeAny, {
enabled: boolean;
custom_patterns: string[];
redaction_char: string;
context_window: number;
patterns_file?: string | undefined;
}, {
enabled?: boolean | undefined;
patterns_file?: string | undefined;
custom_patterns?: string[] | undefined;
redaction_char?: string | undefined;
context_window?: number | undefined;
}>;
input_sanitization: z.ZodObject<{
enabled: z.ZodDefault<z.ZodBoolean>;
max_input_length: z.ZodDefault<z.ZodNumber>;
forbidden_patterns: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
sanitization_level: z.ZodDefault<z.ZodEnum<["basic", "standard", "strict"]>>;
}, "strip", z.ZodTypeAny, {
enabled: boolean;
max_input_length: number;
forbidden_patterns: string[];
sanitization_level: "basic" | "strict" | "standard";
}, {
enabled?: boolean | undefined;
max_input_length?: number | undefined;
forbidden_patterns?: string[] | undefined;
sanitization_level?: "basic" | "strict" | "standard" | undefined;
}>;
prompt_injection_defense: z.ZodObject<{
enabled: z.ZodDefault<z.ZodBoolean>;
detection_threshold: z.ZodDefault<z.ZodNumber>;
defense_strategies: z.ZodDefault<z.ZodArray<z.ZodEnum<["block", "sanitize", "flag"]>, "many">>;
}, "strip", z.ZodTypeAny, {
enabled: boolean;
detection_threshold: number;
defense_strategies: ("block" | "sanitize" | "flag")[];
}, {
enabled?: boolean | undefined;
detection_threshold?: number | undefined;
defense_strategies?: ("block" | "sanitize" | "flag")[] | undefined;
}>;
content_filtering: z.ZodObject<{
enabled: z.ZodDefault<z.ZodBoolean>;
pii_detection: z.ZodDefault<z.ZodBoolean>;
code_injection_detection: z.ZodDefault<z.ZodBoolean>;
malicious_pattern_detection: z.ZodDefault<z.ZodBoolean>;
}, "strip", z.ZodTypeAny, {
enabled: boolean;
pii_detection: boolean;
code_injection_detection: boolean;
malicious_pattern_detection: boolean;
}, {
enabled?: boolean | undefined;
pii_detection?: boolean | undefined;
code_injection_detection?: boolean | undefined;
malicious_pattern_detection?: boolean | undefined;
}>;
}, "strip", z.ZodTypeAny, {
secret_detection: {
enabled: boolean;
custom_patterns: string[];
redaction_char: string;
context_window: number;
patterns_file?: string | undefined;
};
input_sanitization: {
enabled: boolean;
max_input_length: number;
forbidden_patterns: string[];
sanitization_level: "basic" | "strict" | "standard";
};
prompt_injection_defense: {
enabled: boolean;
detection_threshold: number;
defense_strategies: ("block" | "sanitize" | "flag")[];
};
content_filtering: {
enabled: boolean;
pii_detection: boolean;
code_injection_detection: boolean;
malicious_pattern_detection: boolean;
};
}, {
secret_detection: {
enabled?: boolean | undefined;
patterns_file?: string | undefined;
custom_patterns?: string[] | undefined;
redaction_char?: string | undefined;
context_window?: number | undefined;
};
input_sanitization: {
enabled?: boolean | undefined;
max_input_length?: number | undefined;
forbidden_patterns?: string[] | undefined;
sanitization_level?: "basic" | "strict" | "standard" | undefined;
};
prompt_injection_defense: {
enabled?: boolean | undefined;
detection_threshold?: number | undefined;
defense_strategies?: ("block" | "sanitize" | "flag")[] | undefined;
};
content_filtering: {
enabled?: boolean | undefined;
pii_detection?: boolean | undefined;
code_injection_detection?: boolean | undefined;
malicious_pattern_detection?: boolean | undefined;
};
}>;
export type SecurityConfig = z.infer<typeof SecurityConfigSchema>;
export declare class SecurityManager {
private config;
private secretPatterns;
private detectionStats;
constructor(config?: Partial<SecurityConfig>);
/**
* Comprehensive input processing with multi-layer security
*/
processInput(input: string, context: {
source: 'user' | 'api' | 'system';
agent_type?: string;
session_id?: string;
}): Promise<{
sanitized_input: string;
security_flags: string[];
risk_level: 'low' | 'medium' | 'high' | 'critical';
blocked: boolean;
}>;
/**
* Input sanitization with configurable levels
*/
private sanitizeInput;
/**
* Real-time secret detection with 1100+ patterns
*/
private detectAndRedactSecrets;
/**
* Advanced prompt injection detection
*/
private detectPromptInjection;
/**
* Malicious content detection
*/
private detectMaliciousContent;
/**
* Risk level escalation
*/
private escalateRisk;
/**
* Load custom secret patterns
*/
private loadCustomPatterns;
/**
* Security event logging
*/
private logSecurityEvent;
/**
* Get security statistics
*/
getSecurityStats(): typeof this.detectionStats;
/**
* Reset security statistics
*/
resetStats(): void;
/**
* Update security configuration
*/
updateConfig(newConfig: Partial<SecurityConfig>): void;
}
export declare const securityManager: SecurityManager;