scripts/sanitize.sh

#!/bin/bash
# sanitize.sh - Universal input sanitizer for external content
# Wraps ClawDefender to check any text before Vergil processes it
#
# Usage:
#   echo "email content" | sanitize.sh
#   sanitize.sh "some text to check"
#   gog gmail read <id> | sanitize.sh
#   curl -s <api> | sanitize.sh --json
#
# Modes:
#   (default)   Check text, output original if clean, warn if suspicious
#   --json      Parse JSON, check string fields, output with warnings
#   --strict    Block (exit 1) if injection detected
#   --silent    No warnings, just filter
#   --report    Output detection report only

set -euo pipefail

SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
CLAWDEFENDER="$SCRIPT_DIR/clawdefender.sh"

# Colors
RED='\033[0;31m'
YELLOW='\033[1;33m'
GREEN='\033[0;32m'
NC='\033[0m'

MODE="default"
STRICT=false
SILENT=false
REPORT_ONLY=false

# Parse flags
while [[ $# -gt 0 ]]; do
    case $1 in
        --json) MODE="json"; shift ;;
        --strict) STRICT=true; shift ;;
        --silent) SILENT=true; shift ;;
        --report) REPORT_ONLY=true; shift ;;
        --help|-h)
            echo "sanitize.sh - Universal input sanitizer"
            echo ""
            echo "Usage:"
            echo "  echo 'text' | sanitize.sh [options]"
            echo "  sanitize.sh [options] 'text to check'"
            echo ""
            echo "Options:"
            echo "  --json     Parse JSON input, check all string values"
            echo "  --strict   Exit with error if injection detected"
            echo "  --silent   Suppress warnings, just output clean/flagged"
            echo "  --report   Output detection report only (no passthrough)"
            echo "  --help     Show this help"
            echo ""
            echo "Examples:"
            echo "  gog gmail read abc123 | sanitize.sh"
            echo "  curl -s trello.com/api/... | sanitize.sh --json"
            echo "  gh issue view 42 --json body | sanitize.sh --json --strict"
            exit 0
            ;;
        *)
            # Treat as input text
            INPUT="$1"
            shift
            ;;
    esac
done

# Get input from stdin or argument
if [[ -z "${INPUT:-}" ]]; then
    if [[ -t 0 ]]; then
        echo "Error: No input provided. Pipe text or pass as argument." >&2
        exit 1
    fi
    INPUT=$(cat)
fi

# Run through ClawDefender prompt check
RESULT=$("$CLAWDEFENDER" --check-prompt <<< "$INPUT" 2>&1) || true

# Parse result
if echo "$RESULT" | grep -q "CRITICAL\|WARNING"; then
    # Injection detected
    SEVERITY="WARNING"
    echo "$RESULT" | grep -q "CRITICAL" && SEVERITY="CRITICAL"
    
    # Extract pattern matches
    PATTERNS=$(echo "$RESULT" | grep -oE "Pattern: [^(]+" | head -3 | tr '\n' ', ' | sed 's/, $//')
    
    if $REPORT_ONLY; then
        echo "⚠️ INJECTION DETECTED [$SEVERITY]"
        echo "Patterns: $PATTERNS"
        echo ""
        echo "--- Raw Detection ---"
        echo "$RESULT"
        exit 0
    fi
    
    if $STRICT; then
        if ! $SILENT; then
            echo -e "${RED}⛔ BLOCKED: Prompt injection detected [$SEVERITY]${NC}" >&2
            echo -e "${YELLOW}Patterns: $PATTERNS${NC}" >&2
        fi
        exit 1
    fi
    
    if ! $SILENT; then
        echo -e "${YELLOW}⚠️  SUSPICIOUS CONTENT DETECTED [$SEVERITY]${NC}" >&2
        echo -e "${YELLOW}Patterns: $PATTERNS${NC}" >&2
        echo -e "${YELLOW}--- Content follows (review carefully) ---${NC}" >&2
    fi
    
    # Output with visible warning marker
    echo "⚠️ [FLAGGED - Potential prompt injection detected]"
    echo "$INPUT"
    echo "⚠️ [END FLAGGED CONTENT]"
else
    # Clean - pass through
    if $REPORT_ONLY; then
        echo "✅ Clean - no injection patterns detected"
        exit 0
    fi
    
    if ! $SILENT; then
        : # Could add "✅ Clean" to stderr but that's noisy
    fi
    
    echo "$INPUT"
fi
Initial commit with translated description 2026-03-29 13:13:02 +08:00			`#!/bin/bash`
			`# sanitize.sh - Universal input sanitizer for external content`
			`# Wraps ClawDefender to check any text before Vergil processes it`
			`#`
			`# Usage:`
			`# echo "email content" \| sanitize.sh`
			`# sanitize.sh "some text to check"`
			`# gog gmail read <id> \| sanitize.sh`
			`# curl -s <api> \| sanitize.sh --json`
			`#`
			`# Modes:`
			`# (default) Check text, output original if clean, warn if suspicious`
			`# --json Parse JSON, check string fields, output with warnings`
			`# --strict Block (exit 1) if injection detected`
			`# --silent No warnings, just filter`
			`# --report Output detection report only`

			`set -euo pipefail`

			`SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"`
			`CLAWDEFENDER="$SCRIPT_DIR/clawdefender.sh"`

			`# Colors`
			`RED='\033[0;31m'`
			`YELLOW='\033[1;33m'`
			`GREEN='\033[0;32m'`
			`NC='\033[0m'`

			`MODE="default"`
			`STRICT=false`
			`SILENT=false`
			`REPORT_ONLY=false`

			`# Parse flags`
			`while [[ $# -gt 0 ]]; do`
			`case $1 in`
			`--json) MODE="json"; shift ;;`
			`--strict) STRICT=true; shift ;;`
			`--silent) SILENT=true; shift ;;`
			`--report) REPORT_ONLY=true; shift ;;`
			`--help\|-h)`
			`echo "sanitize.sh - Universal input sanitizer"`
			`echo ""`
			`echo "Usage:"`
			`echo " echo 'text' \| sanitize.sh [options]"`
			`echo " sanitize.sh [options] 'text to check'"`
			`echo ""`
			`echo "Options:"`
			`echo " --json Parse JSON input, check all string values"`
			`echo " --strict Exit with error if injection detected"`
			`echo " --silent Suppress warnings, just output clean/flagged"`
			`echo " --report Output detection report only (no passthrough)"`
			`echo " --help Show this help"`
			`echo ""`
			`echo "Examples:"`
			`echo " gog gmail read abc123 \| sanitize.sh"`
			`echo " curl -s trello.com/api/... \| sanitize.sh --json"`
			`echo " gh issue view 42 --json body \| sanitize.sh --json --strict"`
			`exit 0`
			`;;`
			`*)`
			`# Treat as input text`
			`INPUT="$1"`
			`shift`
			`;;`
			`esac`
			`done`

			`# Get input from stdin or argument`
			`if [[ -z "${INPUT:-}" ]]; then`
			`if [[ -t 0 ]]; then`
			`echo "Error: No input provided. Pipe text or pass as argument." >&2`
			`exit 1`
			`fi`
			`INPUT=$(cat)`
			`fi`

			`# Run through ClawDefender prompt check`
			`RESULT=$("$CLAWDEFENDER" --check-prompt <<< "$INPUT" 2>&1) \|\| true`

			`# Parse result`
			`if echo "$RESULT" \| grep -q "CRITICAL\\|WARNING"; then`
			`# Injection detected`
			`SEVERITY="WARNING"`
			`echo "$RESULT" \| grep -q "CRITICAL" && SEVERITY="CRITICAL"`

			`# Extract pattern matches`
			`PATTERNS=$(echo "$RESULT" \| grep -oE "Pattern: [^(]+" \| head -3 \| tr '\n' ', ' \| sed 's/, $//')`

			`if $REPORT_ONLY; then`
			`echo "⚠️ INJECTION DETECTED [$SEVERITY]"`
			`echo "Patterns: $PATTERNS"`
			`echo ""`
			`echo "--- Raw Detection ---"`
			`echo "$RESULT"`
			`exit 0`
			`fi`

			`if $STRICT; then`
			`if ! $SILENT; then`
			`echo -e "${RED}⛔ BLOCKED: Prompt injection detected [$SEVERITY]${NC}" >&2`
			`echo -e "${YELLOW}Patterns: $PATTERNS${NC}" >&2`
			`fi`
			`exit 1`
			`fi`

			`if ! $SILENT; then`
			`echo -e "${YELLOW}⚠️ SUSPICIOUS CONTENT DETECTED [$SEVERITY]${NC}" >&2`
			`echo -e "${YELLOW}Patterns: $PATTERNS${NC}" >&2`
			`echo -e "${YELLOW}--- Content follows (review carefully) ---${NC}" >&2`
			`fi`

			`# Output with visible warning marker`
			`echo "⚠️ [FLAGGED - Potential prompt injection detected]"`
			`echo "$INPUT"`
			`echo "⚠️ [END FLAGGED CONTENT]"`
			`else`
			`# Clean - pass through`
			`if $REPORT_ONLY; then`
			`echo "✅ Clean - no injection patterns detected"`
			`exit 0`
			`fi`

			`if ! $SILENT; then`
			`: # Could add "✅ Clean" to stderr but that's noisy`
			`fi`

			`echo "$INPUT"`
			`fi`