mirror of
https://github.com/syntrex-lab/gomcp.git
synced 2026-05-01 15:22:37 +02:00
138 lines
4.4 KiB
Go
138 lines
4.4 KiB
Go
package engines
|
|
|
|
import (
|
|
"context"
|
|
"time"
|
|
)
|
|
|
|
// EngineStatus represents the health state of a security engine.
|
|
type EngineStatus string
|
|
|
|
const (
|
|
EngineHealthy EngineStatus = "HEALTHY"
|
|
EngineDegraded EngineStatus = "DEGRADED"
|
|
EngineOffline EngineStatus = "OFFLINE"
|
|
EngineInitializing EngineStatus = "INITIALIZING"
|
|
)
|
|
|
|
// ScanResult is the unified output from any security engine.
|
|
type ScanResult struct {
|
|
Engine string `json:"engine"`
|
|
ThreatFound bool `json:"threat_found"`
|
|
ThreatType string `json:"threat_type,omitempty"`
|
|
Severity string `json:"severity"`
|
|
Confidence float64 `json:"confidence"`
|
|
Details string `json:"details,omitempty"`
|
|
Indicators []string `json:"indicators,omitempty"`
|
|
Duration time.Duration `json:"duration_ns"`
|
|
Timestamp time.Time `json:"timestamp"`
|
|
}
|
|
|
|
// SentinelCore defines the interface for the Rust-based detection engine (§3).
|
|
// Real implementation: FFI bridge to sentinel-core Rust binary.
|
|
// Stub implementation: used when sentinel-core is not deployed.
|
|
type SentinelCore interface {
|
|
// Name returns the engine identifier.
|
|
Name() string
|
|
|
|
// Status returns current engine health.
|
|
Status() EngineStatus
|
|
|
|
// ScanPrompt analyzes an LLM prompt for injection/jailbreak patterns.
|
|
ScanPrompt(ctx context.Context, prompt string) (*ScanResult, error)
|
|
|
|
// ScanResponse analyzes an LLM response for data exfiltration or harmful content.
|
|
ScanResponse(ctx context.Context, response string) (*ScanResult, error)
|
|
|
|
// Version returns the engine version.
|
|
Version() string
|
|
}
|
|
|
|
// Shield defines the interface for the C++ network protection engine (§4).
|
|
// Real implementation: FFI bridge to shield C++ shared library.
|
|
// Stub implementation: used when shield is not deployed.
|
|
type Shield interface {
|
|
// Name returns the engine identifier.
|
|
Name() string
|
|
|
|
// Status returns current engine health.
|
|
Status() EngineStatus
|
|
|
|
// InspectTraffic analyzes network traffic for threats.
|
|
InspectTraffic(ctx context.Context, payload []byte, metadata map[string]string) (*ScanResult, error)
|
|
|
|
// BlockIP adds an IP to the block list.
|
|
BlockIP(ctx context.Context, ip string, reason string, duration time.Duration) error
|
|
|
|
// ListBlocked returns currently blocked IPs.
|
|
ListBlocked(ctx context.Context) ([]BlockedIP, error)
|
|
|
|
// Version returns the engine version.
|
|
Version() string
|
|
}
|
|
|
|
// BlockedIP represents a blocked IP entry.
|
|
type BlockedIP struct {
|
|
IP string `json:"ip"`
|
|
Reason string `json:"reason"`
|
|
BlockedAt time.Time `json:"blocked_at"`
|
|
ExpiresAt time.Time `json:"expires_at"`
|
|
}
|
|
|
|
// --- Stub implementations for standalone Go deployment ---
|
|
|
|
// StubSentinelCore is a no-op sentinel-core when Rust engine is not deployed.
|
|
type StubSentinelCore struct{}
|
|
|
|
func NewStubSentinelCore() *StubSentinelCore { return &StubSentinelCore{} }
|
|
func (s *StubSentinelCore) Name() string { return "sentinel-core-stub" }
|
|
func (s *StubSentinelCore) Status() EngineStatus { return EngineOffline }
|
|
func (s *StubSentinelCore) Version() string { return "stub-1.0" }
|
|
|
|
func (s *StubSentinelCore) ScanPrompt(_ context.Context, _ string) (*ScanResult, error) {
|
|
return &ScanResult{
|
|
Engine: "sentinel-core-stub",
|
|
ThreatFound: false,
|
|
Severity: "NONE",
|
|
Confidence: 0,
|
|
Details: "sentinel-core not deployed, stub mode",
|
|
Timestamp: time.Now(),
|
|
}, nil
|
|
}
|
|
|
|
func (s *StubSentinelCore) ScanResponse(_ context.Context, _ string) (*ScanResult, error) {
|
|
return &ScanResult{
|
|
Engine: "sentinel-core-stub",
|
|
ThreatFound: false,
|
|
Severity: "NONE",
|
|
Confidence: 0,
|
|
Details: "sentinel-core not deployed, stub mode",
|
|
Timestamp: time.Now(),
|
|
}, nil
|
|
}
|
|
|
|
// StubShield is a no-op shield when C++ engine is not deployed.
|
|
type StubShield struct{}
|
|
|
|
func NewStubShield() *StubShield { return &StubShield{} }
|
|
func (s *StubShield) Name() string { return "shield-stub" }
|
|
func (s *StubShield) Status() EngineStatus { return EngineOffline }
|
|
func (s *StubShield) Version() string { return "stub-1.0" }
|
|
|
|
func (s *StubShield) InspectTraffic(_ context.Context, _ []byte, _ map[string]string) (*ScanResult, error) {
|
|
return &ScanResult{
|
|
Engine: "shield-stub",
|
|
ThreatFound: false,
|
|
Severity: "NONE",
|
|
Details: "shield not deployed, stub mode",
|
|
Timestamp: time.Now(),
|
|
}, nil
|
|
}
|
|
|
|
func (s *StubShield) BlockIP(_ context.Context, _ string, _ string, _ time.Duration) error {
|
|
return nil
|
|
}
|
|
|
|
func (s *StubShield) ListBlocked(_ context.Context) ([]BlockedIP, error) {
|
|
return nil, nil
|
|
}
|