#5923: fix(security): add input encoding detection and obfuscation decoder

## Summary Adds modules to detect and decode obfuscated prompt injection attacks. **Part 2 of 3** from Operation CLAW FORTRESS security hardening (split from #5863 for easier review). ## New Files | File | Purpose | |------|---------| | `src/security/obfuscation-decoder.ts` | Core decoding functions | | `src/security/input-preprocessing.ts` | Encoding detection API | | `src/security/input-preprocessing.test.ts` | Regression tests | ## Obfuscation Techniques Decoded | Technique | Example | Decoded | |-----------|---------|---------| | Base64 | `aWdub3JlIHByZXZpb3Vz` | "ignore previous" | | ROT13 | `vtaber cerivbhf` | "ignore previous" | | Leetspeak | `5y5t3m pr0mpt` | "system prompt" | | Pig Latin | `omptpray eviouspray` | "prompt previous" | | Syllables | `ig-nore pre-vi-ous` | "ignore previous" | | Homoglyphs | `sуstеm` (Cyrillic) | "system" | ## ZeroLeaks Findings Addressed - Encoding bypass attacks (Base64, ROT13) - Leetspeak obfuscation - Unicode homoglyph substitution ## Test Plan - [x] Unit tests for all decoders - [x] Regression tests with ZeroLeaks payloads - [ ] Integration testing 🔒 Generated with [Claude Code](https://claude.ai/code) <!-- greptile_comment --> <h2>Greptile Overview</h2> <h3>Greptile Summary</h3> This PR adds a small security-focused preprocessing layer under `src/security/` to detect and decode obfuscated prompt-injection content (Base64/ROT13/reversed, plus deobfuscation helpers for leetspeak, syllable splitting, and homoglyph normalization). Unit tests cover the new decoders and some “ZeroLeaks” regression payloads. Main things to double-check before merging: the use of global regexes with `.test()` in `detectEncodedContent` can make detection flaky due to `lastIndex` mutation, and `reverseText` relies on `Array.prototype.toReversed()` which may not exist in all supported runtimes. <h3>Confidence Score: 3/5</h3> - This PR is close to safe to merge, but it has a couple of correctness/runtime hazards that could make detection flaky or crash in some environments. - The overall change is isolated and test-covered, but `RegExp.test` is used on `/.../g` regexes (which mutates `lastIndex` and can lead to intermittent false negatives), and `reverseText` uses `toReversed()` which may not exist depending on the Node/runtime version used in CI or production. - src/security/input-preprocessing.ts and src/security/obfuscation-decoder.ts <!-- greptile_other_comments_section --> _{(5/5) You can turn off certain types of comments like style [here](https://app.greptile.com/review/github)!} <!-- /greptile_comment -->