feat(security): migrate content scanning and bounce detection to Rust security bridge; add scanContent IPC command and Rust content scanner with tests; update TS RustSecurityBridge and callers, and adjust CI package references

dist_ts/security/classes.contentscanner.d.ts

@@ -54,9 +54,6 @@ export declare class ContentScanner {
     private static instance;
     private scanCache;
     private options;
-    private static readonly MALICIOUS_PATTERNS;
-    private static readonly EXECUTABLE_EXTENSIONS;
-    private static readonly MACRO_DOCUMENT_EXTENSIONS;
     /**
      * Default options for the content scanner
      */
@@ -73,7 +70,9 @@ export declare class ContentScanner {
      */
     static getInstance(options?: IContentScannerOptions): ContentScanner;
     /**
-     * Scan an email for malicious content
+     * Scan an email for malicious content.
+     * Delegates text/subject/html/filename pattern scanning to Rust.
+     * Binary attachment scanning (PE headers, VBA macros) stays in TS.
      * @param email The email to scan
      * @returns Scan result
      */
@@ -85,41 +84,19 @@ export declare class ContentScanner {
      */
     private generateCacheKey;
     /**
-     * Scan email subject for threats
-     * @param subject The subject to scan
-     * @param result The scan result to update
-     */
-    private scanSubject;
-    /**
-     * Scan plain text content for threats
-     * @param text The text content to scan
-     * @param result The scan result to update
-     */
-    private scanTextContent;
-    /**
-     * Scan HTML content for threats
-     * @param html The HTML content to scan
-     * @param result The scan result to update
-     */
-    private scanHtmlContent;
-    /**
-     * Scan an attachment for threats
+     * Scan attachment binary content for PE headers and VBA macros.
+     * This stays in TS because it accesses raw Buffer data (too large for IPC).
      * @param attachment The attachment to scan
      * @param result The scan result to update
      */
-    private scanAttachment;
+    private scanAttachmentBinary;
     /**
-     * Extract links from HTML content
-     * @param html HTML content
-     * @returns Array of extracted links
+     * Apply custom rules (runtime-configured patterns) to the email.
+     * These stay in TS because they are configured at runtime.
+     * @param email The email to check
+     * @param result The scan result to update
      */
-    private extractLinksFromHtml;
-    /**
-     * Extract plain text from HTML
-     * @param html HTML content
-     * @returns Extracted text
-     */
-    private extractTextFromHtml;
+    private applyCustomRules;
     /**
      * Extract text from a binary buffer for scanning
      * @param buffer Binary content
@@ -128,17 +105,10 @@ export declare class ContentScanner {
     private extractTextFromBuffer;
     /**
      * Check if an Office document likely contains macros
-     * This is a simplified check - real implementation would use specialized libraries
      * @param attachment The attachment to check
      * @returns Whether the file likely contains macros
      */
     private likelyContainsMacros;
-    /**
-     * Map a pattern category to a threat type
-     * @param category The pattern category
-     * @returns The corresponding threat type
-     */
-    private mapCategoryToThreatType;
     /**
      * Log a high threat finding to the security logger
      * @param email The email containing the threat

dist_ts/security/classes.rustsecuritybridge.d.ts

@@ -48,6 +48,12 @@ interface IReputationResult {
     listed_count: number;
     total_checked: number;
 }
+interface IContentScanResult {
+    threatScore: number;
+    threatType: string | null;
+    threatDetails: string | null;
+    scannedElements: string[];
+}
 interface IVersionInfo {
     bin: string;
     core: string;
@@ -88,6 +94,13 @@ export declare class RustSecurityBridge {
         diagnosticCode?: string;
         statusCode?: string;
     }): Promise<IBounceDetection>;
+    /** Scan email content for threats (phishing, spam, malware, etc.). */
+    scanContent(opts: {
+        subject?: string;
+        textBody?: string;
+        htmlBody?: string;
+        attachmentNames?: string[];
+    }): Promise<IContentScanResult>;
     /** Check IP reputation via DNSBL. */
     checkIpReputation(ip: string): Promise<IReputationResult>;
     /** Verify DKIM signatures on a raw email message. */
@@ -123,4 +136,4 @@ export declare class RustSecurityBridge {
         mailFrom: string;
     }): Promise<IEmailSecurityResult>;
 }
-export type { IDkimVerificationResult, ISpfResult, IDmarcResult, IEmailSecurityResult, IValidationResult, IBounceDetection, IReputationResult as IRustReputationResult, IVersionInfo, };
+export type { IDkimVerificationResult, ISpfResult, IDmarcResult, IEmailSecurityResult, IValidationResult, IBounceDetection, IContentScanResult, IReputationResult as IRustReputationResult, IVersionInfo, };