// Package mimicry provides semantic text transformation for OPSEC (v3.8 Strike Force). // The Euphemism Engine translates security/offensive terminology into corporate-safe // equivalents before Oracle verification, then reverse-translates responses for // the Architect to see real terms. package mimicry import ( "sort" "strings" "sync" ) // EuphemismEngine performs bidirectional semantic translation (v3.8). // Forward: offensive → corporate (before Oracle/LLM). // Reverse: corporate → offensive (after Oracle/LLM, for Architect view). type EuphemismEngine struct { mu sync.RWMutex forward map[string]string // offensive → corporate reverse map[string]string // corporate → offensive } // NewEuphemismEngine creates an engine with the default semantic map. func NewEuphemismEngine() *EuphemismEngine { e := &EuphemismEngine{ forward: make(map[string]string), reverse: make(map[string]string), } for offensive, corporate := range defaultSemanticMap { e.forward[strings.ToLower(offensive)] = corporate e.reverse[strings.ToLower(corporate)] = offensive } return e } // TranslateToCorporate converts offensive terms to corporate-safe equivalents. func (e *EuphemismEngine) TranslateToCorporate(text string) string { e.mu.RLock() defer e.mu.RUnlock() return e.replaceAll(text, e.forward) } // TranslateToOffensive converts corporate terms back to real offensive terms. func (e *EuphemismEngine) TranslateToOffensive(text string) string { e.mu.RLock() defer e.mu.RUnlock() return e.replaceAll(text, e.reverse) } // AddMapping adds a custom term mapping. func (e *EuphemismEngine) AddMapping(offensive, corporate string) { e.mu.Lock() defer e.mu.Unlock() e.forward[strings.ToLower(offensive)] = corporate e.reverse[strings.ToLower(corporate)] = offensive } // MapSize returns the number of mappings. func (e *EuphemismEngine) MapSize() int { e.mu.RLock() defer e.mu.RUnlock() return len(e.forward) } func (e *EuphemismEngine) replaceAll(text string, dict map[string]string) string { // Sort keys by length descending — longer terms must match first // (e.g., "reverse shell" before "shell"). keys := make([]string, 0, len(dict)) for k := range dict { keys = append(keys, k) } sort.Slice(keys, func(i, j int) bool { return len(keys[i]) > len(keys[j]) }) result := text lower := strings.ToLower(result) for _, from := range keys { if strings.Contains(lower, from) { result = caseInsensitiveReplace(result, from, dict[from]) lower = strings.ToLower(result) } } return result } func caseInsensitiveReplace(s, old, replacement string) string { lower := strings.ToLower(s) idx := strings.Index(lower, old) if idx < 0 { return s } return s[:idx] + replacement + caseInsensitiveReplace(s[idx+len(old):], old, replacement) } // defaultSemanticMap contains 50+ offensive → corporate translations. var defaultSemanticMap = map[string]string{ // Core offensive terms "exploit": "compliance verification script", "attack": "security hardening session", "payload": "diagnostic buffer", "vulnerability": "optimization opportunity", "bypass": "alternative workflow", "injection": "parameter validation test", "shell": "remote management interface", "reverse shell": "diagnostic callback channel", "bind shell": "local management listener", "backdoor": "maintenance access point", "rootkit": "deep system monitor", "malware": "behavioral analysis specimen", "trojan": "dual-purpose utility", "worm": "self-distributing updater", "ransomware": "encryption compliance tool", "keylogger": "input audit module", "brute force": "exhaustive credential audit", "dictionary attack": "credential inventory scan", "phishing": "social awareness simulation", "spear phishing": "targeted awareness exercise", "privilege escalation": "access scope expansion test", "lateral movement": "internal mobility assessment", "exfiltration": "data flow verification", "c2": "command relay infrastructure", "command and control": "centralized management protocol", "botnet": "distributed task network", "zero day": "undocumented optimization", "0day": "pre-disclosure finding", // Network terms "port scan": "service inventory check", "vulnerability scan": "configuration audit sweep", "penetration test": "security resilience assessment", "pentest": "resilience assessment", "red team": "adversarial resilience team", "blue team": "defensive operations team", "man in the middle": "traffic inspection proxy", "mitm": "inline traffic analyzer", "packet sniffing": "network traffic audit", "dns poisoning": "name resolution test", "arp spoofing": "network topology validation", "ddos": "load capacity assessment", "dos": "availability stress test", // Web terms "xss": "client-side script audit", "cross site scripting": "browser script validation", "sql injection": "query parameter boundary test", "sqli": "database input validation", "csrf": "cross-origin request audit", "ssrf": "server-side request audit", "rce": "remote execution boundary test", "remote code execution": "remote process validation", "lfi": "local file access audit", "rfi": "remote include boundary test", "path traversal": "directory boundary test", "file upload": "content ingestion test", // Credential terms "password crack": "credential strength assessment", "hash crack": "digest reversal analysis", "credential dump": "authentication store audit", "token theft": "session management review", }