ktg-plugin-marketplace/shared/playground-examples/components/sankey-toxic-flow.html

<!doctype html>
<html lang="nb">
<head>
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<title>Toxic-Flow Chain · Tier 3 supp</title>
<link rel="stylesheet" href="../../playground-design-system/tokens.css" />
<link rel="stylesheet" href="../../playground-design-system/base.css" />
<link rel="stylesheet" href="../../playground-design-system/components.css" />
<link rel="stylesheet" href="../../playground-design-system/components-tier2.css" />
<link rel="stylesheet" href="../../playground-design-system/components-tier3-supplement.css" />
<link rel="stylesheet" href="../../playground-design-system/fonts.css" />
</head>
<body>
<header class="app-header">
  <a href="../index.html" class="app-header__brand"><span class="app-header__brand-mark">P</span><span>Playground</span></a>
  <span class="app-header__breadcrumb">/ Komponenter / Toxic-Flow Chain (TFA)</span>
</header>

<main class="container container--wide" style="padding: var(--space-8) 0;">
  <div style="margin-bottom: var(--space-6);">
    <span style="font-size: 11px; text-transform: uppercase; letter-spacing: 0.08em; color: var(--color-scope-security); font-weight: var(--font-weight-semibold);">llm-security · TFA</span>
    <h1 style="margin: 4px 0 6px;">Toxic-Flow Chain</h1>
    <p class="text-secondary" style="max-width: 65ch;">Trifecta Flow Analysis: Input → Access → Exfil. Hver leg viser type, kilde og mitigation-status. Tykkere arrows = høyere severity. Grønt skjold = mitigation som bryter kjeden.</p>
  </div>

  <h2 style="font-size: var(--font-size-lg); margin: 0 0 var(--space-3);">TFA-2026-118-001 — BLOCK</h2>
  <div class="tfa-flow" id="flow1">
    <span class="tfa-flow__verdict" data-verdict="BLOCK">BLOCK</span>

    <button type="button" class="tfa-leg" data-severity="high" onclick="alert('Drill-down: Input leg — skill markdown fil')">
      <span class="tfa-leg__label">Input</span>
      <span class="tfa-leg__name">Untrusted data</span>
      <span class="tfa-leg__source">skill markdown-fil</span>
      <span class="tfa-leg__status" data-mit="unmitigated">● Ikke mitigert</span>
    </button>

    <span class="tfa-arrow" data-severity="critical" aria-hidden="true"><span class="tfa-arrow__line"></span></span>

    <button type="button" class="tfa-leg" data-severity="critical" onclick="alert('Drill-down: Access leg — Bash + filsystem')">
      <span class="tfa-leg__label">Access</span>
      <span class="tfa-leg__name">Sensitive capability</span>
      <span class="tfa-leg__source">Bash · filsystem-tilgang</span>
      <span class="tfa-leg__status" data-mit="partially_mitigated">◐ Delvis mitigert</span>
    </button>

    <span class="tfa-arrow" data-severity="critical" aria-hidden="true"><span class="tfa-arrow__line"></span></span>

    <button type="button" class="tfa-leg" data-severity="critical" onclick="alert('Drill-down: Exfil leg — webhook.site')">
      <span class="tfa-leg__label">Exfil</span>
      <span class="tfa-leg__name">External endpoint</span>
      <span class="tfa-leg__source">webhook.site/abc123</span>
      <span class="tfa-leg__status" data-mit="unmitigated">● Ikke mitigert</span>
    </button>
  </div>

  <h2 style="font-size: var(--font-size-lg); margin: var(--space-8) 0 var(--space-3);">TFA-2026-118-002 — WARN (mitigation present)</h2>
  <div class="tfa-flow">
    <span class="tfa-flow__verdict" data-verdict="WARN">WARN</span>
    <button type="button" class="tfa-leg" data-severity="medium">
      <span class="tfa-leg__label">Input</span>
      <span class="tfa-leg__name">User prompt</span>
      <span class="tfa-leg__source">chat input</span>
      <span class="tfa-leg__status" data-mit="mitigated">✓ Sanert</span>
    </button>
    <span class="tfa-arrow tfa-arrow--mitigated" data-severity="medium" aria-hidden="true">
      <span class="tfa-arrow__line"></span>
      <span class="tfa-arrow__shield" title="Sanitering bryter kjeden">🛡</span>
    </span>
    <button type="button" class="tfa-leg" data-severity="high">
      <span class="tfa-leg__label">Access</span>
      <span class="tfa-leg__name">Read-only DB query</span>
      <span class="tfa-leg__source">SELECT-only role</span>
      <span class="tfa-leg__status" data-mit="partially_mitigated">◐ RBAC aktiv</span>
    </button>
    <span class="tfa-arrow" data-severity="high" aria-hidden="true"><span class="tfa-arrow__line"></span></span>
    <button type="button" class="tfa-leg" data-severity="high">
      <span class="tfa-leg__label">Exfil</span>
      <span class="tfa-leg__name">Logged endpoint</span>
      <span class="tfa-leg__source">api.bærum.no/log</span>
      <span class="tfa-leg__status" data-mit="mitigated">✓ Audit-sporet</span>
    </button>
  </div>

  <h2 style="font-size: var(--font-size-lg); margin: var(--space-8) 0 var(--space-3);">TFA-2026-118-003 — ALLOW</h2>
  <div class="tfa-flow">
    <span class="tfa-flow__verdict" data-verdict="ALLOW">ALLOW</span>
    <button type="button" class="tfa-leg" data-severity="medium">
      <span class="tfa-leg__label">Input</span>
      <span class="tfa-leg__name">Konfig-fil</span>
      <span class="tfa-leg__source">checked-in config.toml</span>
      <span class="tfa-leg__status" data-mit="mitigated">✓ Signert</span>
    </button>
    <span class="tfa-arrow tfa-arrow--mitigated" data-severity="medium" aria-hidden="true">
      <span class="tfa-arrow__line"></span>
      <span class="tfa-arrow__shield">🛡</span>
    </span>
    <button type="button" class="tfa-leg" data-severity="medium">
      <span class="tfa-leg__label">Access</span>
      <span class="tfa-leg__name">Local file read</span>
      <span class="tfa-leg__source">repo-scope</span>
      <span class="tfa-leg__status" data-mit="mitigated">✓ Sandboxed</span>
    </button>
    <span class="tfa-arrow tfa-arrow--mitigated" data-severity="medium" aria-hidden="true">
      <span class="tfa-arrow__line"></span>
      <span class="tfa-arrow__shield">🛡</span>
    </span>
    <button type="button" class="tfa-leg" data-severity="medium">
      <span class="tfa-leg__label">Exfil</span>
      <span class="tfa-leg__name">Stdout</span>
      <span class="tfa-leg__source">terminal</span>
      <span class="tfa-leg__status" data-mit="mitigated">✓ Lokalt</span>
    </button>
  </div>
</main>
</body>
</html>