/** * Anti-Termination Protection System * * Comprehensive protection against unconventional remote attacks that could * terminate the AI runtime or CLI. Implements multiple layers of defense: * * 1. Signal Protection - Intercept and neutralize termination signals * 2. Resource Protection - Prevent OOM killer and resource exhaustion * 3. Exception Armor - Catch all unhandled errors without crashing * 4. Process Integrity - Detect manipulation attempts * 5. Watchdog System - Self-monitoring heartbeat * 6. Input Sanitization - Prevent malformed input crashes * 7. Network Protection - Defend against network-based termination * 8. Parent Process Protection - Handle orphan scenarios * 9. File Descriptor Protection - Prevent fd exhaustion * 10. Memory Protection - Detect corruption attempts * * @module antiTermination */ /** Protection status and metrics */ export interface ProtectionStatus { enabled: boolean; signalProtection: boolean; resourceProtection: boolean; exceptionArmor: boolean; watchdogActive: boolean; blockedSignals: number; blockedExceptions: number; blockedAttacks: number; uptimeMs: number; memoryUsageMB: number; cpuUsagePercent: number; lastHeartbeat: number; } /** Attack event for logging */ interface AttackEvent { type: string; timestamp: number; details: string; blocked: boolean; source?: string; } /** Configuration options */ export interface AntiTerminationConfig { /** Enable signal interception (default: true) */ interceptSignals?: boolean; /** Enable resource monitoring (default: true) */ monitorResources?: boolean; /** Enable exception armor (default: true) */ armorExceptions?: boolean; /** Enable watchdog heartbeat (default: true) */ enableWatchdog?: boolean; /** Watchdog interval in ms (default: 5000) */ watchdogIntervalMs?: number; /** Memory threshold percentage to trigger GC (default: 85) */ memoryThresholdPercent?: number; /** Maximum blocked signals before alert (default: 10) */ maxBlockedSignalsAlert?: number; /** Enable verbose logging (default: false) */ verbose?: boolean; /** Callback on attack detection */ onAttackDetected?: (event: AttackEvent) => void; } /** * Anti-Termination Protection System */ export declare class AntiTerminationProtection { private config; private startTime; private blockedSignals; private blockedExceptions; private blockedAttacks; private attackLog; private watchdogTimer; private resourceMonitorTimer; private lastHeartbeat; private signalHandlers; private originalProcessExit; private isShuttingDown; private shutdownCallbacks; private criticalSection; private criticalSectionDepth; constructor(config?: AntiTerminationConfig); /** * Initialize all protection mechanisms */ initialize(): void; /** * Install signal interception for all termination signals */ private installSignalProtection; /** * Handle incoming termination signal */ private handleSignal; /** * Attempt to detect the source of a signal */ private detectSignalSource; /** * Monitor for pending signals (including SIGKILL attempts) */ private monitorPendingSignals; /** * Install exception armor to catch all unhandled errors */ private installExceptionArmor; /** * Handle uncaught exception without crashing */ private handleException; /** * Handle unhandled promise rejection without crashing */ private handleRejection; /** * Handle process warnings */ private handleWarning; /** * Check if an error matches known attack patterns */ private isAttackPattern; /** * Install guard on process.exit to prevent unauthorized termination */ private installProcessExitGuard; /** * Install input sanitization to prevent malformed input crashes */ private installInputSanitization; /** * Install network protection against remote termination attacks */ private installNetworkProtection; /** * Install parent process protection */ private installParentProcessProtection; /** * Install file descriptor protection */ private installFileDescriptorProtection; /** * Install memory protection */ private installMemoryProtection; /** * Start resource monitoring */ private startResourceMonitoring; /** * Start watchdog heartbeat */ private startWatchdog; /** * Verify runtime self-integrity */ private verifySelfIntegrity; /** * Trigger garbage collection if available */ private triggerGC; /** * Enter critical section - blocks all termination */ enterCriticalSection(): void; /** * Exit critical section */ exitCriticalSection(): void; /** * Register a shutdown callback */ onShutdown(callback: () => Promise | void): void; /** * Initiate authorized graceful shutdown */ shutdown(code?: number): Promise; /** * Cleanup protection resources */ private cleanup; /** * Log an attack event */ private logAttack; /** * Internal logging */ private log; /** * Get current protection status */ getStatus(): ProtectionStatus; /** * Get attack log */ getAttackLog(): AttackEvent[]; } /** * Initialize global protection (singleton) */ export declare function initializeProtection(config?: AntiTerminationConfig): AntiTerminationProtection; /** * Get protection instance */ export declare function getProtection(): AntiTerminationProtection | null; /** * Enter critical section - blocks all termination attempts */ export declare function enterCriticalSection(): void; /** * Exit critical section */ export declare function exitCriticalSection(): void; /** * Initiate authorized shutdown */ export declare function authorizedShutdown(code?: number): Promise; /** * Get protection status */ export declare function getProtectionStatus(): ProtectionStatus | null; export {}; //# sourceMappingURL=antiTermination.d.ts.map