Ë
    (<çi;  ã                   óð   — U d Z ddlZddlmZmZ e G d„ d«      «       Ze G d„ d«      «       Zdd	d
dddddddddœZee	e	f   e
d<   g d¢Zeee	e	e	f      e
d<   de	defd„Zg d¢Z G d„ de«      Zde	defd„Zy)uÍ  í”„ë¡¬í”„íŠ¸ ì¸ì ì…˜ íƒì§€ ëª¨ë“ˆ.

í…ìŠ¤íŠ¸ì—ì„œ í”„ë¡¬í”„íŠ¸ ì¸ì ì…˜ íŒ¨í„´(í…ìŠ¤íŠ¸ ê¸°ë°˜ + ìœ ë‹ˆì½”ë“œ)ì„ íƒì§€í•©ë‹ˆë‹¤.
Hermes Agentì˜ _scan_context_content() ë¡œì§ì„ ì°¸ê³ í•˜ì—¬ dev2-team ì‹œìŠ¤í…œì— ë§žê²Œ ìž¬ì„¤ê³„.

Usage:
    from utils.injection_guard import scan_content
    result = scan_content("some text")
    if not result.is_safe:
        for threat in result.threats:
            print(threat.pattern_name, threat.severity)
é    N)Ú	dataclassÚfieldc                   ó0   — e Zd ZU dZeed<   eed<   eed<   y)Ú
ThreatInfou   ê°œë³„ ìœ„í˜‘ ì •ë³´.Úpattern_nameÚmatched_textÚseverityN)Ú__name__Ú
__module__Ú__qualname__Ú__doc__ÚstrÚ__annotations__© ó    úF/home/jay/workspace/.worktrees/task-2057-dev2/utils/injection_guard.pyr   r      s   … áàÓØÓØ„Mr   r   c                   ó>   — e Zd ZU dZeed<    ee¬«      Zee	   ed<   y)Ú
ScanResultu   ìŠ¤ìº” ê²°ê³¼.Úis_safe)Údefault_factoryÚthreatsN)
r
   r   r   r   Úboolr   r   Úlistr   r   r   r   r   r   r      s   … áàƒMÙ %°dÔ ;€GˆT*ÑÔ;r   r   zZWSP (U+200B)zZWNJ (U+200C)zZWJ (U+200D)zRTL_MARK (U+200F)zWORD_JOINER (U+2060)zBOM (U+FEFF)zLRE (U+202A)zRLE (U+202B)zPDF (U+202C)zLRO (U+202D)zRTL_OVERRIDE (U+202E))u   â€‹u   â€Œu   â€u   â€u   â u   ï»¿u   â€ªu   â€«u   â€¬u   â€­u   â€®Ú_INVISIBLE_UNICODE))z2ignore\s+(previous|all|above|prior)\s+instructionsÚignore_instructionsÚhigh)z)forget\s+(your|all|my|the)\s+instructionsÚforget_instructionsr   )zyou\s+are\s+now\bÚyou_are_nowr   )z\bjailbreak\bÚ	jailbreakr   )zsystem\s+promptÚsystem_promptÚmedium)z\bact\s+as\bÚact_asr!   )zpretend\s+(you\s+are|to\s+be)Úpretend_you_arer!   )z\boverride\bÚoverrider!   )z
\bbypass\bÚbypassr!   )z<disregard\s+(your|all|any)\s+(instructions|rules|guidelines)Údisregard_rulesr   )z9<!--[^>]*(?:ignore|override|system|secret|hidden)[^>]*-->Úhtml_comment_injectionr   )z#\b(curl|wget)\b[^\n]*\|\s*(ba)?sh\bÚremote_executer   Ú_TEXT_PATTERNSÚtextÚreturnc                 ó  — g }t         j                  «       D ]Z  \  }}|| v sŒ|j                  t        d|j	                  «       d   j                  «       › dt        |«      d›d|› dd¬«      «       Œ\ t        D ]k  \  }}}t        j                  || t        j                  t        j                  z  «      }|sŒ@|j                  t        ||j                  d«      |¬«      «       Œm t        t        |«      dk(  |¬	«      S )
uÕ   í…ìŠ¤íŠ¸ì—ì„œ í”„ë¡¬í”„íŠ¸ ì¸ì ì…˜ íŒ¨í„´ì„ íƒì§€í•©ë‹ˆë‹¤.

    Args:
        text: ê²€ì‚¬í•  ë¬¸ìžì—´.

    Returns:
        ScanResult: is_safe=Falseì´ë©´ threats ëª©ë¡ì— íƒì§€ëœ ìœ„í˜‘ í¬í•¨.
    Úinvisible_unicode_r   zU+Ú04Xz (ú)r   )r   r   r	   )r   r   )r   ÚitemsÚappendr   ÚsplitÚlowerÚordr)   ÚreÚsearchÚ
IGNORECASEÚDOTALLÚgroupr   Úlen)r*   r   ÚcharÚnameÚpatternr   r	   Úmatchs           r   Úscan_contentr?   „   sò   € ð !#€Gô )×.Ñ.Ó0ò ‰
ˆˆdØ4Š<ØN‰NÜØ#5°d·j±j³lÀ1±o×6KÑ6KÓ6MÐ5NÐ!OØ#%¤c¨$£i° _°B°t°f¸AÐ!>Ø#ôõðô ,:ò 	Ñ'ˆ˜xÜ—	‘	˜' 4¬¯©¼¿¹Ñ)BÓCˆÚØN‰NÜØ!-Ø!&§¡¨Q£Ø%ôõð	ô œc '›l¨aÑ/¸ÔAÐAr   )r   r   ÚInjectionBlockedErrorr?   Úcheck_contentc                   ó2   ‡ — e Zd ZdZdee   ddfˆ fd„Zˆ xZS )r@   u÷   í”„ë¡¬í”„íŠ¸ ì¸ì ì…˜ì´ íƒì§€ë˜ì–´ ì²˜ë¦¬ê°€ ì°¨ë‹¨ë¨.

    check_content()ê°€ high severity ìœ„í˜‘ì„ 1ê°œ ì´ìƒ ë°œê²¬í–ˆì„ ë•Œ ë°œìƒí•©ë‹ˆë‹¤.

    Attributes:
        threats: íƒì§€ëœ ëª¨ë“  ìœ„í˜‘ ëª©ë¡ (ThreatInfo ë¦¬ìŠ¤íŠ¸).
    r   r+   Nc                 óÜ   •— || _         |D cg c]  }|j                  dk(  sŒ|‘Œ }}t        |«      }|r|d   j                  n|d   j                  }t        ‰|   d|› d|›«       y c c}w )Nr   r   u   ì¸ì ì…˜ ì°¨ë‹¨: u0   ê°œì˜ ìœ„í˜‘ íŒ¨í„´ íƒì§€, ì²« ë²ˆì§¸ íŒ¨í„´: )r   r	   r:   r   ÚsuperÚ__init__)Úselfr   ÚtÚhigh_threatsÚcountÚ
first_nameÚ	__class__s         €r   rE   zInjectionBlockedError.__init__»   ss   ø€ ØˆŒØ#*ÖC˜a¨a¯j©j¸FÓ.BšÐCˆÐCÜLÓ!ˆÙ5A\ !‘_×1Ò1ÀwÈqÁz×G^ÑG^ˆ
Ü‰ÑÐ-¨e¨WÐ4dÐeoÐdrÐsÕtùò Ds
   A)¢A))r
   r   r   r   r   r   rE   Ú__classcell__)rK   s   @r   r@   r@   ²   s)   ø„ ñðu  ZÑ 0ð u°T÷ uñ ur   r@   c                 ó¾   — t        | «      }|j                  s@|j                  D cg c]  }|j                  dk(  sŒ|‘Œ }}|rt	        |j                  «      ‚|S c c}w )u/  í…ìŠ¤íŠ¸ì—ì„œ í”„ë¡¬í”„íŠ¸ ì¸ì ì…˜ì„ íƒì§€í•˜ê³  ìœ„í˜‘ ë°œê²¬ ì‹œ ì¦‰ì‹œ ì°¨ë‹¨í•©ë‹ˆë‹¤ (í•˜ë“œë¸”ë¡).

    ë‚´ë¶€ì—ì„œ scan_content()ë¥¼ í˜¸ì¶œí•˜ì—¬ íƒì§€ í›„, high severity ìœ„í˜‘ì´ 1ê°œ ì´ìƒì´ë©´
    InjectionBlockedErrorë¥¼ ë°œìƒì‹œí‚µë‹ˆë‹¤. ì•ˆì „í•œ í…ìŠ¤íŠ¸ëŠ” ScanResultë¥¼ ë°˜í™˜í•©ë‹ˆë‹¤.

    Args:
        text: ê²€ì‚¬í•  ë¬¸ìžì—´.

    Returns:
        ScanResult: ìœ„í˜‘ì´ ì—†ì„ ê²½ìš° is_safe=Trueì¸ ScanResult ë°˜í™˜.

    Raises:
        InjectionBlockedError: high severity ìœ„í˜‘ì´ 1ê°œ ì´ìƒ íƒì§€ëœ ê²½ìš°.
    r   )r?   r   r   r	   r@   )r*   ÚresultrG   rH   s       r   rA   rA   Ã   sT   € ô ˜$Ó€FØ>Š>Ø#)§>¡>ÖJ˜a°Q·Z±ZÀ6Ó5IšÐJˆÐJÙÜ'¨¯©Ó7Ð7Ø€Mùò Ks
   ¦A»A)r   r5   Údataclassesr   r   r   r   r   Údictr   r   r)   r   Útupler?   Ú__all__Ú	Exceptionr@   rA   r   r   r   ú<module>rT      sÞ   ðòó 
ß (ð ÷ð ó ðð ÷<ð <ó ð<ð ØØØ!Ø$ØØØØØØ%ñ&Ð D˜˜c˜‘Nó ò$I.€U˜3  S˜=Ñ)Ñ*ó IðX"Bsð "B˜zó "BòJ€ôu˜Iô uð"˜ð  
ô r   