mlld
Version:
mlld: a modular prompt scripting language
136 lines (134 loc) • 3.85 kB
JavaScript
import { __name, __publicField } from './chunk-OMKLS24H.mjs';
// security/taint/TaintTracker.ts
var TaintLevel = /* @__PURE__ */ function(TaintLevel2) {
TaintLevel2["TRUSTED"] = "trusted";
TaintLevel2["REGISTRY_SAFE"] = "registry_safe";
TaintLevel2["REGISTRY_WARNING"] = "registry_warning";
TaintLevel2["GIST_DIRECT"] = "gist_direct";
TaintLevel2["USER_INPUT"] = "user_input";
TaintLevel2["FILE_SYSTEM"] = "file_system";
TaintLevel2["NETWORK"] = "network";
TaintLevel2["LLM_OUTPUT"] = "llm_output";
TaintLevel2["COMMAND_OUTPUT"] = "command_output";
TaintLevel2["MIXED"] = "mixed";
return TaintLevel2;
}({});
var _TaintTracker = class _TaintTracker {
constructor() {
__publicField(this, "taintMap", /* @__PURE__ */ new Map());
}
/**
* Mark a value with a taint level
*/
mark(id, value, taint, source, advisoryIds) {
this.taintMap.set(id, {
value,
taint,
sources: [
source
],
advisories: advisoryIds
});
}
/**
* Get taint info for a value
*/
getTaint(id) {
return this.taintMap.get(id);
}
/**
* Mark an import based on its source and advisories
*/
markImport(id, content, source, advisories) {
let taint;
if (source.startsWith("mlld://registry/")) {
taint = advisories.length > 0 ? "registry_warning" : "registry_safe";
} else if (source.startsWith("mlld://gist/")) {
taint = "gist_direct";
} else if (source.startsWith("http://") || source.startsWith("https://")) {
taint = "network";
} else {
taint = "file_system";
}
this.mark(id, content, taint, source, advisories.map((a) => a.id));
return taint;
}
/**
* Check if a command comes from an LLM
*/
isLLMCommand(command) {
const llmPatterns = [
/^(claude|anthropic|ai)/i,
/^(gpt|openai|chatgpt)/i,
/^(llm|ai-|ml-)/i,
/^(bard|gemini|palm)/i,
/^(mistral|llama|alpaca)/i
];
const baseCommand = command.split(/\s+/)[0];
return llmPatterns.some((pattern) => pattern.test(baseCommand));
}
/**
* Mark command output with appropriate taint
*/
markCommandOutput(id, output, command, source) {
const taint = this.isLLMCommand(command) ? "llm_output" : "command_output";
this.mark(id, output, taint, `cmd:${command}`);
return taint;
}
/**
* Combine taint levels (always use the most restrictive)
*/
combineTaint(taints) {
const priority = [
"llm_output",
"registry_warning",
"network",
"gist_direct",
"command_output",
"user_input",
"registry_safe",
"file_system",
"trusted"
];
for (const level of priority) {
if (taints.includes(level)) {
return level;
}
}
return "mixed";
}
/**
* Check if a taint level requires approval for command execution
*/
requiresApprovalForExecution(taint) {
return [
"llm_output",
"registry_warning",
"network",
"gist_direct"
].includes(taint);
}
/**
* Get human-readable description of taint level
*/
describeTaint(taint) {
const descriptions = {
["trusted"]: "Trusted (literal in source)",
["registry_safe"]: "Registry module (no advisories)",
["registry_warning"]: "\u26A0\uFE0F Registry module with security advisories",
["gist_direct"]: "Direct gist import",
["user_input"]: "User input",
["file_system"]: "Local file",
["network"]: "Network content",
["llm_output"]: "\u{1F6A8} LLM-generated content",
["command_output"]: "Command output",
["mixed"]: "Mixed sources"
};
return descriptions[taint] || taint;
}
};
__name(_TaintTracker, "TaintTracker");
var TaintTracker = _TaintTracker;
export { TaintLevel, TaintTracker };
//# sourceMappingURL=chunk-KYJC7SAY.mjs.map
//# sourceMappingURL=chunk-KYJC7SAY.mjs.map