nexus-agents - v2.80.0
    Preparing search index...

    Function sanitizeInput

    • Sanitizes untrusted GitHub input through the full Layer 1 pipeline:

      1. HTML stripping (picture/source/img tags)
      2. XML tag stripping (system/human/assistant)
      3. HTML comment stripping (instruction-bearing comments only)
      4. Injection pattern detection
      5. Trust tier assignment

      Use HostileInputFirewall.process() in agent code paths. Calling sanitizeInput() directly only runs Layer 1 — it does not evaluate the Rule of Two (enforced in policy-gate.ts via evaluatePolicy) and does not emit audit-trail events. An agent that processes untrusted input while holding both write access and secrets violates the Rule of Two; the policy gate is what catches this, and it only runs inside the firewall pipeline. Direct use of this function is appropriate for unit tests and pure content analysis, not for agent decision paths.

      Parameters

      • content: string

        Raw untrusted content from GitHub

      • userRole: "unknown" | "owner" | "maintainer" | "collaborator" | "contributor" | "member"

        GitHub user's relationship to the repository

      • username: string

        GitHub username (for allowlist check)

      • Optionalconfig: Partial<
            {
                allowlistedMaintainers: string[];
                failOpen: boolean;
                maxInputLength: number;
            },
        >

        Optional sanitizer configuration

      Returns {
          content: string;
          originalLength: number;
          trustTier: "1" | "2" | "3" | "4";
          userRole:
              | "unknown"
              | "owner"
              | "maintainer"
              | "collaborator"
              | "contributor"
              | "member";
          injectionFlags: (
              | "authority_claim"
              | "instruction_pattern"
              | "system_prompt_manipulation"
              | "hidden_content"
              | "urgency_manipulation"
              | "fake_conversation"
              | "base64_encoded"
              | "external_link_instruction"
          )[];
          strippedElements: {
              tag: string;
              reason: string;
              startIndex: number;
              length: number;
          }[];
          wasModified: boolean;
          sanitizedAt: string;
      }

      SanitizedInput with cleaned content and audit data

      • content: string

        Sanitized content with dangerous elements removed.

      • originalLength: number

        Original content before sanitization (for audit).

      • trustTier: "1" | "2" | "3" | "4"

        Assigned trust tier based on user role and content analysis.

      • userRole: "unknown" | "owner" | "maintainer" | "collaborator" | "contributor" | "member"

        GitHub user role of the input source.

      • injectionFlags: (
            | "authority_claim"
            | "instruction_pattern"
            | "system_prompt_manipulation"
            | "hidden_content"
            | "urgency_manipulation"
            | "fake_conversation"
            | "base64_encoded"
            | "external_link_instruction"
        )[]

        Injection patterns detected in content.

      • strippedElements: { tag: string; reason: string; startIndex: number; length: number }[]

        Elements stripped during sanitization (audit trail).

      • wasModified: boolean

        Whether any dangerous content was detected and stripped.

      • sanitizedAt: string

        Timestamp of sanitization (ISO 8601).

      • packages/nexus-agents/src/security/firewall/firewall-pipeline.ts
      • packages/nexus-agents/src/security/policy-gate.ts

    Settings

    Member Visibility