@agentguard-run/spend 0.4.3 → 0.5.0

package/dist/index.js

@@ -7,9 +7,10 @@
  * 64/071,781; 64/071,789).
  */
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.t = exports.resolveLocale = exports.TRANSLATIONS = exports.SUPPORTED_LOCALES = exports.DEFAULT_LOCALE = exports.withSpendGuardBedrock = exports.withSpendGuardAnthropic = exports.AgentGuardBlockedError = exports.withSpendGuard = exports.SpendGuard = exports.writeAdvisorOutputs = exports.createAdvisorSessionLogger = exports.resolveAdvisorApiKey = exports.createAdvisorClient = exports.projectedSavings = exports.buildPolicyFromProfile = exports.buildBusinessProfile = exports.AdvisorConversation = exports.modelCostFromOpenRouter = exports.persistOverrides = exports.syncPricingIntoCostTable = exports.getCachedCatalog = exports.fetchCatalog = exports.recordTelemetryEvent = exports.resetTelemetryInstallId = exports.disableTelemetry = exports.enableTelemetry = exports.telemetryStatus = exports.InMemorySpendStore = exports.InMemoryDecisionLogStore = exports.GENESIS_PREVIOUS_HASH = exports.verifyChain = exports.verifyEntry = exports.signDecision = exports.computeSignerFingerprint = exports.computeEntryHash = exports.sha256Hex = exports.canonicalJson = exports.adjustPolicyWindowSpend = exports.buildScopeKey = exports.evaluatePolicy = exports.knownModelCosts = exports.persistCostOverrides = exports.loadPersistedCostOverrides = exports.listCostOverrides = exports.inferProvider = exports.computeCallCents = exports.clearCostOverrides = exports.setCostOverride = exports.getModelCost = void 0;
-exports.PATENT_NOTICE = exports.AGENTGUARD_SPEND_VERSION = exports.formatBlockedTrace = void 0;
+exports.AgentGuardWorkflowStateError = exports.AgentGuardDurationCapError = exports.AgentGuardChainCorruptError = exports.AgentGuardBudgetCapError = exports.validateReceiptChain = exports.computeChainHash = exports.WorkflowContext = exports.workflow = exports.modelCostFromOpenRouter = exports.persistOverrides = exports.syncPricingIntoCostTable = exports.getCachedCatalog = exports.fetchCatalog = exports.recordTelemetryEvent = exports.resetTelemetryInstallId = exports.disableTelemetry = exports.enableTelemetry = exports.telemetryStatus = exports.licenseKeyFingerprint = exports.clearConfiguredLicenseKey = exports.writeConfiguredLicenseKey = exports.readConfiguredLicenseKey = exports.validateAndRegisterLicense = exports.validateLicenseKey = exports.AgentGuardLicenseRequiredError = exports.InMemorySpendStore = exports.InMemoryDecisionLogStore = exports.GENESIS_PREVIOUS_HASH = exports.verifyChain = exports.verifyEntry = exports.signDecision = exports.computeSignerFingerprint = exports.computeEntryHash = exports.sha256Hex = exports.canonicalJson = exports.BUILT_IN_KEYWORD_WATCHLISTS = exports.findCustomKeywordWatchlists = exports.enforcePolicyLicenseGates = exports.adjustPolicyWindowSpend = exports.buildScopeKey = exports.evaluatePolicy = exports.knownModelCosts = exports.persistCostOverrides = exports.loadPersistedCostOverrides = exports.listCostOverrides = exports.inferProvider = exports.computeCallCents = exports.clearCostOverrides = exports.setCostOverride = exports.getModelCost = void 0;
+exports.PATENT_NOTICE = exports.agentguard = exports.AGENTGUARD_SPEND_VERSION = exports.formatBlockedTrace = exports.t = exports.resolveLocale = exports.TRANSLATIONS = exports.SUPPORTED_LOCALES = exports.DEFAULT_LOCALE = exports.withSpendGuardBedrock = exports.withSpendGuardAnthropic = exports.AgentGuardBlockedError = exports.withSpendGuard = exports.SpendGuard = exports.writeAdvisorOutputs = exports.createAdvisorSessionLogger = exports.resolveAdvisorApiKey = exports.createAdvisorClient = exports.projectedSavings = exports.buildPolicyFromProfile = exports.buildBusinessProfile = exports.AdvisorConversation = void 0;
 const telemetry_1 = require("./telemetry");
+const context_1 = require("./workflow/context");
 // Cost table
 var cost_table_1 = require("./cost-table");
 Object.defineProperty(exports, "getModelCost", { enumerable: true, get: function () { return cost_table_1.getModelCost; } });
@@ -26,6 +27,9 @@ var policy_1 = require("./policy");
 Object.defineProperty(exports, "evaluatePolicy", { enumerable: true, get: function () { return policy_1.evaluatePolicy; } });
 Object.defineProperty(exports, "buildScopeKey", { enumerable: true, get: function () { return policy_1.buildScopeKey; } });
 Object.defineProperty(exports, "adjustPolicyWindowSpend", { enumerable: true, get: function () { return policy_1.adjustPolicyWindowSpend; } });
+Object.defineProperty(exports, "enforcePolicyLicenseGates", { enumerable: true, get: function () { return policy_1.enforcePolicyLicenseGates; } });
+Object.defineProperty(exports, "findCustomKeywordWatchlists", { enumerable: true, get: function () { return policy_1.findCustomKeywordWatchlists; } });
+Object.defineProperty(exports, "BUILT_IN_KEYWORD_WATCHLISTS", { enumerable: true, get: function () { return policy_1.BUILT_IN_KEYWORD_WATCHLISTS; } });
 // Decision log
 var decision_log_1 = require("./decision-log");
 Object.defineProperty(exports, "canonicalJson", { enumerable: true, get: function () { return decision_log_1.canonicalJson; } });
@@ -40,6 +44,15 @@ Object.defineProperty(exports, "InMemoryDecisionLogStore", { enumerable: true, g
 // In-memory spend store
 var store_memory_1 = require("./store-memory");
 Object.defineProperty(exports, "InMemorySpendStore", { enumerable: true, get: function () { return store_memory_1.InMemorySpendStore; } });
+// License controls
+var license_1 = require("./license");
+Object.defineProperty(exports, "AgentGuardLicenseRequiredError", { enumerable: true, get: function () { return license_1.AgentGuardLicenseRequiredError; } });
+Object.defineProperty(exports, "validateLicenseKey", { enumerable: true, get: function () { return license_1.validateLicenseKey; } });
+Object.defineProperty(exports, "validateAndRegisterLicense", { enumerable: true, get: function () { return license_1.validateAndRegisterLicense; } });
+Object.defineProperty(exports, "readConfiguredLicenseKey", { enumerable: true, get: function () { return license_1.readConfiguredLicenseKey; } });
+Object.defineProperty(exports, "writeConfiguredLicenseKey", { enumerable: true, get: function () { return license_1.writeConfiguredLicenseKey; } });
+Object.defineProperty(exports, "clearConfiguredLicenseKey", { enumerable: true, get: function () { return license_1.clearConfiguredLicenseKey; } });
+Object.defineProperty(exports, "licenseKeyFingerprint", { enumerable: true, get: function () { return license_1.licenseKeyFingerprint; } });
 // Telemetry controls
 var telemetry_2 = require("./telemetry");
 Object.defineProperty(exports, "telemetryStatus", { enumerable: true, get: function () { return telemetry_2.telemetryStatus; } });
@@ -54,6 +67,18 @@ Object.defineProperty(exports, "getCachedCatalog", { enumerable: true, get: func
 Object.defineProperty(exports, "syncPricingIntoCostTable", { enumerable: true, get: function () { return openrouter_catalog_1.syncPricingIntoCostTable; } });
 Object.defineProperty(exports, "persistOverrides", { enumerable: true, get: function () { return openrouter_catalog_1.persistOverrides; } });
 Object.defineProperty(exports, "modelCostFromOpenRouter", { enumerable: true, get: function () { return openrouter_catalog_1.modelCostFromOpenRouter; } });
+// Workflow primitive
+var context_2 = require("./workflow/context");
+Object.defineProperty(exports, "workflow", { enumerable: true, get: function () { return context_2.workflow; } });
+Object.defineProperty(exports, "WorkflowContext", { enumerable: true, get: function () { return context_2.WorkflowContext; } });
+var chain_validator_1 = require("./workflow/chain-validator");
+Object.defineProperty(exports, "computeChainHash", { enumerable: true, get: function () { return chain_validator_1.computeChainHash; } });
+Object.defineProperty(exports, "validateReceiptChain", { enumerable: true, get: function () { return chain_validator_1.validateReceiptChain; } });
+var errors_1 = require("./workflow/errors");
+Object.defineProperty(exports, "AgentGuardBudgetCapError", { enumerable: true, get: function () { return errors_1.AgentGuardBudgetCapError; } });
+Object.defineProperty(exports, "AgentGuardChainCorruptError", { enumerable: true, get: function () { return errors_1.AgentGuardChainCorruptError; } });
+Object.defineProperty(exports, "AgentGuardDurationCapError", { enumerable: true, get: function () { return errors_1.AgentGuardDurationCapError; } });
+Object.defineProperty(exports, "AgentGuardWorkflowStateError", { enumerable: true, get: function () { return errors_1.AgentGuardWorkflowStateError; } });
 // Advisor local setup
 var conversation_1 = require("./advisor/conversation");
 Object.defineProperty(exports, "AdvisorConversation", { enumerable: true, get: function () { return conversation_1.AdvisorConversation; } });
@@ -83,7 +108,10 @@ Object.defineProperty(exports, "TRANSLATIONS", { enumerable: true, get: function
 Object.defineProperty(exports, "resolveLocale", { enumerable: true, get: function () { return i18n_1.resolveLocale; } });
 Object.defineProperty(exports, "t", { enumerable: true, get: function () { return i18n_1.t; } });
 Object.defineProperty(exports, "formatBlockedTrace", { enumerable: true, get: function () { return i18n_1.formatBlockedTrace; } });
-exports.AGENTGUARD_SPEND_VERSION = '0.4.3';
+exports.AGENTGUARD_SPEND_VERSION = '0.5.0';
+exports.agentguard = {
+    workflow: context_1.workflow,
+};
 /** Patent marking. 35 U.S.C. § 287 constructive notice. */
 exports.PATENT_NOTICE = 'Protected by U.S. patent-pending technology ' +
     '(App. Nos. 63/983,615; 63/983,621; 63/983,843; 63/984,626; ' +

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAAA;;;;;;GAMG;;;;AAEH,2CAA8E;AAmB9E,aAAa;AACb,2CAWsB;AAVpB,0GAAA,YAAY,OAAA;AACZ,6GAAA,eAAe,OAAA;AACf,gHAAA,kBAAkB,OAAA;AAClB,8GAAA,gBAAgB,OAAA;AAChB,2GAAA,aAAa,OAAA;AACb,+GAAA,iBAAiB,OAAA;AACjB,wHAAA,0BAA0B,OAAA;AAC1B,kHAAA,oBAAoB,OAAA;AACpB,6GAAA,eAAe,OAAA;AAIjB,gBAAgB;AAChB,mCAAkF;AAAzE,wGAAA,cAAc,OAAA;AAAE,uGAAA,aAAa,OAAA;AAAE,iHAAA,uBAAuB,OAAA;AAE/D,eAAe;AACf,+CAUwB;AATtB,6GAAA,aAAa,OAAA;AACb,yGAAA,SAAS,OAAA;AACT,gHAAA,gBAAgB,OAAA;AAChB,wHAAA,wBAAwB,OAAA;AACxB,4GAAA,YAAY,OAAA;AACZ,2GAAA,WAAW,OAAA;AACX,2GAAA,WAAW,OAAA;AACX,qHAAA,qBAAqB,OAAA;AACrB,wHAAA,wBAAwB,OAAA;AAG1B,wBAAwB;AACxB,+CAAoD;AAA3C,kHAAA,kBAAkB,OAAA;AAE3B,qBAAqB;AACrB,yCAOqB;AANnB,4GAAA,eAAe,OAAA;AACf,4GAAA,eAAe,OAAA;AACf,6GAAA,gBAAgB,OAAA;AAChB,oHAAA,uBAAuB,OAAA;AACvB,iHAAA,oBAAoB,OAAA;AAItB,qBAAqB;AACrB,2DAS8B;AAR5B,kHAAA,YAAY,OAAA;AACZ,sHAAA,gBAAgB,OAAA;AAChB,8HAAA,wBAAwB,OAAA;AACxB,sHAAA,gBAAgB,OAAA;AAChB,6HAAA,uBAAuB,OAAA;AAOzB,sBAAsB;AACtB,uDAOgC;AAN9B,mHAAA,mBAAmB,OAAA;AACnB,oHAAA,oBAAoB,OAAA;AACpB,sHAAA,sBAAsB,OAAA;AACtB,gHAAA,gBAAgB,OAAA;AAIlB,mDAA2H;AAAlH,iHAAA,mBAAmB,OAAA;AAAE,kHAAA,oBAAoB,OAAA;AAClD,2CAAwG;AAA/F,oHAAA,0BAA0B,OAAA;AAAE,6GAAA,mBAAmB,OAAA;AAExD,eAAe;AACf,6CAQuB;AAPrB,yGAAA,UAAU,OAAA;AACV,6GAAA,cAAc,OAAA;AACd,qHAAA,sBAAsB,OAAA;AAOxB,kDAA6F;AAApF,oHAAA,uBAAuB,OAAA;AAChC,8CAAuF;AAA9E,gHAAA,qBAAqB,OAAA;AAE9B,sCAAsC;AACtC,+BASgB;AARd,sGAAA,cAAc,OAAA;AACd,yGAAA,iBAAiB,OAAA;AACjB,oGAAA,YAAY,OAAA;AAEZ,qGAAA,aAAa,OAAA;AACb,yFAAA,CAAC,OAAA;AACD,0GAAA,kBAAkB,OAAA;AAIP,QAAA,wBAAwB,GAAG,OAAO,CAAC;AAEhD,2DAA2D;AAC9C,QAAA,aAAa,GACxB,8CAA8C;IAC9C,6DAA6D;IAC7D,sDAAsD,CAAC;AACzD,IAAA,gCAAuB,EAAC,UAAU,CAAC,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAAA;;;;;;GAMG;;;;AAEH,2CAA8E;AAC9E,gDAA6D;AAmB7D,aAAa;AACb,2CAWsB;AAVpB,0GAAA,YAAY,OAAA;AACZ,6GAAA,eAAe,OAAA;AACf,gHAAA,kBAAkB,OAAA;AAClB,8GAAA,gBAAgB,OAAA;AAChB,2GAAA,aAAa,OAAA;AACb,+GAAA,iBAAiB,OAAA;AACjB,wHAAA,0BAA0B,OAAA;AAC1B,kHAAA,oBAAoB,OAAA;AACpB,6GAAA,eAAe,OAAA;AAIjB,gBAAgB;AAChB,mCAAuK;AAA9J,wGAAA,cAAc,OAAA;AAAE,uGAAA,aAAa,OAAA;AAAE,iHAAA,uBAAuB,OAAA;AAAE,mHAAA,yBAAyB,OAAA;AAAE,qHAAA,2BAA2B,OAAA;AAAE,qHAAA,2BAA2B,OAAA;AAEpJ,eAAe;AACf,+CAUwB;AATtB,6GAAA,aAAa,OAAA;AACb,yGAAA,SAAS,OAAA;AACT,gHAAA,gBAAgB,OAAA;AAChB,wHAAA,wBAAwB,OAAA;AACxB,4GAAA,YAAY,OAAA;AACZ,2GAAA,WAAW,OAAA;AACX,2GAAA,WAAW,OAAA;AACX,qHAAA,qBAAqB,OAAA;AACrB,wHAAA,wBAAwB,OAAA;AAG1B,wBAAwB;AACxB,+CAAoD;AAA3C,kHAAA,kBAAkB,OAAA;AAE3B,mBAAmB;AACnB,qCAWmB;AAVjB,yHAAA,8BAA8B,OAAA;AAC9B,6GAAA,kBAAkB,OAAA;AAClB,qHAAA,0BAA0B,OAAA;AAC1B,mHAAA,wBAAwB,OAAA;AACxB,oHAAA,yBAAyB,OAAA;AACzB,oHAAA,yBAAyB,OAAA;AACzB,gHAAA,qBAAqB,OAAA;AAMvB,qBAAqB;AACrB,yCAOqB;AANnB,4GAAA,eAAe,OAAA;AACf,4GAAA,eAAe,OAAA;AACf,6GAAA,gBAAgB,OAAA;AAChB,oHAAA,uBAAuB,OAAA;AACvB,iHAAA,oBAAoB,OAAA;AAItB,qBAAqB;AACrB,2DAS8B;AAR5B,kHAAA,YAAY,OAAA;AACZ,sHAAA,gBAAgB,OAAA;AAChB,8HAAA,wBAAwB,OAAA;AACxB,sHAAA,gBAAgB,OAAA;AAChB,6HAAA,uBAAuB,OAAA;AAQzB,qBAAqB;AACrB,8CAA+D;AAAtD,mGAAA,QAAQ,OAAA;AAAE,0GAAA,eAAe,OAAA;AAClC,8DAAoF;AAA3E,mHAAA,gBAAgB,OAAA;AAAE,uHAAA,oBAAoB,OAAA;AAC/C,4CAK2B;AAJzB,kHAAA,wBAAwB,OAAA;AACxB,qHAAA,2BAA2B,OAAA;AAC3B,oHAAA,0BAA0B,OAAA;AAC1B,sHAAA,4BAA4B,OAAA;AAY9B,sBAAsB;AACtB,uDAOgC;AAN9B,mHAAA,mBAAmB,OAAA;AACnB,oHAAA,oBAAoB,OAAA;AACpB,sHAAA,sBAAsB,OAAA;AACtB,gHAAA,gBAAgB,OAAA;AAIlB,mDAA2H;AAAlH,iHAAA,mBAAmB,OAAA;AAAE,kHAAA,oBAAoB,OAAA;AAClD,2CAAwG;AAA/F,oHAAA,0BAA0B,OAAA;AAAE,6GAAA,mBAAmB,OAAA;AAExD,eAAe;AACf,6CAQuB;AAPrB,yGAAA,UAAU,OAAA;AACV,6GAAA,cAAc,OAAA;AACd,qHAAA,sBAAsB,OAAA;AAOxB,kDAA6F;AAApF,oHAAA,uBAAuB,OAAA;AAChC,8CAAuF;AAA9E,gHAAA,qBAAqB,OAAA;AAE9B,sCAAsC;AACtC,+BASgB;AARd,sGAAA,cAAc,OAAA;AACd,yGAAA,iBAAiB,OAAA;AACjB,oGAAA,YAAY,OAAA;AAEZ,qGAAA,aAAa,OAAA;AACb,yFAAA,CAAC,OAAA;AACD,0GAAA,kBAAkB,OAAA;AAIP,QAAA,wBAAwB,GAAG,OAAO,CAAC;AAGnC,QAAA,UAAU,GAAG;IACxB,QAAQ,EAAE,kBAAW;CACtB,CAAC;AAEF,2DAA2D;AAC9C,QAAA,aAAa,GACxB,8CAA8C;IAC9C,6DAA6D;IAC7D,sDAAsD,CAAC;AACzD,IAAA,gCAAuB,EAAC,UAAU,CAAC,CAAC"}

package/dist/license.d.ts

@@ -0,0 +1,44 @@
+/**
+ * AgentGuard(TM) Spend: local license validation helpers.
+ *
+ * License checks send only license key fingerprints, anonymous machine ids,
+ * and SDK metadata to AgentGuard endpoints. Prompts, completions, provider
+ * keys, signing keys, and policy bodies are never sent.
+ */
+export type AgentGuardTier = 'free' | 'solo' | 'startup' | 'growth';
+export interface AgentGuardLicenseFeatures {
+    postureSwitching: boolean;
+    customWatchlists: boolean;
+    outcomeBuilder: boolean;
+    reviewerCascade: boolean;
+    verticalSkillPackImport: boolean;
+    auditRetentionDays: number;
+    maxActiveSeats: number;
+}
+export interface AgentGuardLicenseStatus {
+    valid: boolean;
+    tier: AgentGuardTier;
+    seats: number;
+    expiresAt: string | null;
+    features: AgentGuardLicenseFeatures;
+}
+export interface LicenseClientOptions {
+    endpointBaseUrl?: string;
+    nowMs?: number;
+    force?: boolean;
+    home?: string;
+    postJson?: (url: string, payload: Record<string, unknown>) => Promise<unknown>;
+}
+export declare class AgentGuardLicenseRequiredError extends Error {
+    code: string;
+    constructor(message: string);
+}
+export declare function agentguardHome(home?: string): string;
+export declare function configPath(home?: string): string;
+export declare function readConfiguredLicenseKey(home?: string): string | null;
+export declare function writeConfiguredLicenseKey(licenseKey: string, home?: string): void;
+export declare function clearConfiguredLicenseKey(home?: string): void;
+export declare function licenseKeyFingerprint(licenseKey: string): string;
+export declare function validateLicenseKey(licenseKey?: string | null, opts?: LicenseClientOptions): Promise<AgentGuardLicenseStatus>;
+export declare function validateAndRegisterLicense(licenseKey?: string | null, opts?: LicenseClientOptions): Promise<AgentGuardLicenseStatus>;
+//# sourceMappingURL=license.d.ts.map

package/dist/license.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"license.d.ts","sourceRoot":"","sources":["../src/license.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AASH,MAAM,MAAM,cAAc,GAAG,MAAM,GAAG,MAAM,GAAG,SAAS,GAAG,QAAQ,CAAC;AAEpE,MAAM,WAAW,yBAAyB;IACxC,gBAAgB,EAAE,OAAO,CAAC;IAC1B,gBAAgB,EAAE,OAAO,CAAC;IAC1B,cAAc,EAAE,OAAO,CAAC;IACxB,eAAe,EAAE,OAAO,CAAC;IACzB,uBAAuB,EAAE,OAAO,CAAC;IACjC,kBAAkB,EAAE,MAAM,CAAC;IAC3B,cAAc,EAAE,MAAM,CAAC;CACxB;AAED,MAAM,WAAW,uBAAuB;IACtC,KAAK,EAAE,OAAO,CAAC;IACf,IAAI,EAAE,cAAc,CAAC;IACrB,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,QAAQ,EAAE,yBAAyB,CAAC;CACrC;AAED,MAAM,WAAW,oBAAoB;IACnC,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,QAAQ,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC;CAChF;AAoBD,qBAAa,8BAA+B,SAAQ,KAAK;IACvD,IAAI,SAAiC;gBACzB,OAAO,EAAE,MAAM;CAI5B;AAED,wBAAgB,cAAc,CAAC,IAAI,CAAC,EAAE,MAAM,GAAG,MAAM,CAEpD;AAED,wBAAgB,UAAU,CAAC,IAAI,CAAC,EAAE,MAAM,GAAG,MAAM,CAEhD;AAED,wBAAgB,wBAAwB,CAAC,IAAI,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CASrE;AAED,wBAAgB,yBAAyB,CAAC,UAAU,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,MAAM,GAAG,IAAI,CAQjF;AAED,wBAAgB,yBAAyB,CAAC,IAAI,CAAC,EAAE,MAAM,GAAG,IAAI,CAO7D;AAED,wBAAgB,qBAAqB,CAAC,UAAU,EAAE,MAAM,GAAG,MAAM,CAEhE;AAED,wBAAsB,kBAAkB,CAAC,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,EAAE,IAAI,GAAE,oBAAyB,GAAG,OAAO,CAAC,uBAAuB,CAAC,CActI;AAED,wBAAsB,0BAA0B,CAAC,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,EAAE,IAAI,GAAE,oBAAyB,GAAG,OAAO,CAAC,uBAAuB,CAAC,CAmB9I"}

package/dist/license.js

@@ -0,0 +1,278 @@
+"use strict";
+/**
+ * AgentGuard(TM) Spend: local license validation helpers.
+ *
+ * License checks send only license key fingerprints, anonymous machine ids,
+ * and SDK metadata to AgentGuard endpoints. Prompts, completions, provider
+ * keys, signing keys, and policy bodies are never sent.
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AgentGuardLicenseRequiredError = void 0;
+exports.agentguardHome = agentguardHome;
+exports.configPath = configPath;
+exports.readConfiguredLicenseKey = readConfiguredLicenseKey;
+exports.writeConfiguredLicenseKey = writeConfiguredLicenseKey;
+exports.clearConfiguredLicenseKey = clearConfiguredLicenseKey;
+exports.licenseKeyFingerprint = licenseKeyFingerprint;
+exports.validateLicenseKey = validateLicenseKey;
+exports.validateAndRegisterLicense = validateAndRegisterLicense;
+const crypto = __importStar(require("crypto"));
+const fs = __importStar(require("fs"));
+const http = __importStar(require("http"));
+const https = __importStar(require("https"));
+const os = __importStar(require("os"));
+const path = __importStar(require("path"));
+const DEFAULT_ENDPOINT = 'https://agentguard.run';
+const DAY_MS = 24 * 60 * 60 * 1000;
+const FREE_STATUS = {
+    valid: true,
+    tier: 'free',
+    seats: 1,
+    expiresAt: null,
+    features: {
+        postureSwitching: false,
+        customWatchlists: false,
+        outcomeBuilder: false,
+        reviewerCascade: false,
+        verticalSkillPackImport: false,
+        auditRetentionDays: 7,
+        maxActiveSeats: 1,
+    },
+};
+class AgentGuardLicenseRequiredError extends Error {
+    code = 'AGENTGUARD_LICENSE_REQUIRED';
+    constructor(message) {
+        super(message);
+        this.name = 'AgentGuardLicenseRequiredError';
+    }
+}
+exports.AgentGuardLicenseRequiredError = AgentGuardLicenseRequiredError;
+function agentguardHome(home) {
+    return home || process.env.AGENTGUARD_HOME || path.join(os.homedir(), '.agentguard');
+}
+function configPath(home) {
+    return path.join(agentguardHome(home), 'config.json');
+}
+function readConfiguredLicenseKey(home) {
+    if (process.env.AGENTGUARD_LICENSE_KEY)
+        return process.env.AGENTGUARD_LICENSE_KEY.trim();
+    try {
+        const parsed = JSON.parse(fs.readFileSync(configPath(home), 'utf8'));
+        const key = parsed.licenseKey || parsed.license_key;
+        return key ? String(key).trim() : null;
+    }
+    catch {
+        return null;
+    }
+}
+function writeConfiguredLicenseKey(licenseKey, home) {
+    const file = configPath(home);
+    fs.mkdirSync(path.dirname(file), { recursive: true, mode: 0o700 });
+    let parsed = {};
+    try {
+        parsed = JSON.parse(fs.readFileSync(file, 'utf8'));
+    }
+    catch { }
+    parsed.licenseKey = licenseKey.trim();
+    fs.writeFileSync(file, JSON.stringify(parsed, null, 2) + '\n', { mode: 0o600 });
+    try {
+        fs.chmodSync(file, 0o600);
+    }
+    catch {
+        return;
+    }
+}
+function clearConfiguredLicenseKey(home) {
+    const file = configPath(home);
+    let parsed = {};
+    try {
+        parsed = JSON.parse(fs.readFileSync(file, 'utf8'));
+    }
+    catch {
+        return;
+    }
+    delete parsed.licenseKey;
+    delete parsed.license_key;
+    fs.writeFileSync(file, JSON.stringify(parsed, null, 2) + '\n', { mode: 0o600 });
+}
+function licenseKeyFingerprint(licenseKey) {
+    return crypto.createHash('sha256').update(licenseKey).digest('hex').slice(0, 16);
+}
+async function validateLicenseKey(licenseKey, opts = {}) {
+    const key = licenseKey?.trim() || null;
+    if (!key)
+        return { ...FREE_STATUS, features: { ...FREE_STATUS.features } };
+    const now = opts.nowMs ?? Date.now();
+    const cache = licenseCachePath(key, opts.home);
+    if (!opts.force) {
+        const cached = readCachedStatus(cache, now);
+        if (cached)
+            return cached;
+    }
+    const base = (opts.endpointBaseUrl || process.env.AGENTGUARD_LICENSE_ENDPOINT || DEFAULT_ENDPOINT).replace(/\/$/, '');
+    const raw = await (opts.postJson ?? postJson)(`${base}/api/license/validate`, { license_key: key });
+    const status = normalizeStatus(raw);
+    writeCachedStatus(cache, status, now);
+    return status;
+}
+async function validateAndRegisterLicense(licenseKey, opts = {}) {
+    const key = licenseKey?.trim() || readConfiguredLicenseKey(opts.home);
+    const status = await validateLicenseKey(key, opts);
+    const processId = processUuid(opts.home);
+    const machineFingerprint = anonymousMachineFingerprint(opts.home);
+    const base = (opts.endpointBaseUrl || process.env.AGENTGUARD_LICENSE_ENDPOINT || DEFAULT_ENDPOINT).replace(/\/$/, '');
+    try {
+        const seat = await (opts.postJson ?? postJson)(`${base}/api/license/seats`, {
+            license_key: key || undefined,
+            machine_fingerprint: machineFingerprint,
+            process_id: processId,
+        });
+        if (seat && seat.ok === false) {
+            throw new AgentGuardLicenseRequiredError(`Active SDK process limit exceeded for this license. Active seats: ${seat.activeSeats ?? 'unknown'}. Limit: ${seat.maxActiveSeats ?? status.features.maxActiveSeats}. Upgrade at https://agentguard.run/pricing or activate a team license with: agentguard auth license-key <KEY>`);
+        }
+    }
+    catch (err) {
+        if (err instanceof AgentGuardLicenseRequiredError)
+            throw err;
+    }
+    return status;
+}
+function licenseCachePath(licenseKey, home) {
+    return path.join(agentguardHome(home), `license-${crypto.createHash('sha256').update(licenseKey).digest('hex')}.json`);
+}
+function readCachedStatus(file, now) {
+    try {
+        const parsed = JSON.parse(fs.readFileSync(file, 'utf8'));
+        if (!parsed.fetchedAt || now - parsed.fetchedAt > DAY_MS)
+            return null;
+        return normalizeStatus(parsed.status);
+    }
+    catch {
+        return null;
+    }
+}
+function writeCachedStatus(file, status, now) {
+    try {
+        fs.mkdirSync(path.dirname(file), { recursive: true, mode: 0o700 });
+        fs.writeFileSync(file, JSON.stringify({ fetchedAt: now, status }, null, 2) + '\n', { mode: 0o600 });
+        fs.chmodSync(file, 0o600);
+    }
+    catch {
+        return;
+    }
+}
+function processUuid(home) {
+    const file = path.join(agentguardHome(home), 'process-id');
+    try {
+        const existing = fs.readFileSync(file, 'utf8').trim();
+        if (existing)
+            return existing;
+    }
+    catch { }
+    const id = crypto.randomUUID();
+    try {
+        fs.mkdirSync(path.dirname(file), { recursive: true, mode: 0o700 });
+        fs.writeFileSync(file, id + '\n', { mode: 0o600 });
+        fs.chmodSync(file, 0o600);
+    }
+    catch { }
+    return id;
+}
+function anonymousMachineFingerprint(home) {
+    const file = path.join(agentguardHome(home), 'install.json');
+    try {
+        const parsed = JSON.parse(fs.readFileSync(file, 'utf8'));
+        if (parsed.anonymous_install_id)
+            return crypto.createHash('sha256').update(parsed.anonymous_install_id).digest('hex');
+    }
+    catch { }
+    const seed = `${os.platform()}:${os.arch()}:${os.homedir()}:${os.hostname()}`;
+    return crypto.createHash('sha256').update(seed).digest('hex');
+}
+function normalizeStatus(raw) {
+    const obj = raw && typeof raw === 'object' ? raw : {};
+    const features = obj.features && typeof obj.features === 'object' ? obj.features : {};
+    return {
+        valid: obj.valid === true,
+        tier: normalizeTier(obj.tier),
+        seats: numberOr(obj.seats, normalizeTier(obj.tier) === 'growth' ? 50 : normalizeTier(obj.tier) === 'startup' ? 5 : 1),
+        expiresAt: typeof obj.expiresAt === 'string' ? obj.expiresAt : null,
+        features: {
+            postureSwitching: features.postureSwitching === true,
+            customWatchlists: features.customWatchlists === true,
+            outcomeBuilder: features.outcomeBuilder === true,
+            reviewerCascade: features.reviewerCascade === true,
+            verticalSkillPackImport: features.verticalSkillPackImport === true,
+            auditRetentionDays: numberOr(features.auditRetentionDays, 7),
+            maxActiveSeats: numberOr(features.maxActiveSeats, 1),
+        },
+    };
+}
+function normalizeTier(value) {
+    return value === 'solo' || value === 'startup' || value === 'growth' ? value : 'free';
+}
+function numberOr(value, fallback) {
+    return typeof value === 'number' && Number.isFinite(value) ? value : fallback;
+}
+function postJson(url, payload) {
+    void payload;
+    if (url.startsWith('mock://'))
+        return Promise.resolve({ ...FREE_STATUS, features: { ...FREE_STATUS.features } });
+    return new Promise((resolve, reject) => {
+        const parsed = new URL(url);
+        const client = parsed.protocol === 'http:' ? http : https;
+        const body = JSON.stringify(payload);
+        const req = client.request({ method: 'POST', hostname: parsed.hostname, port: parsed.port, path: parsed.pathname + parsed.search, headers: { 'content-type': 'application/json', 'content-length': Buffer.byteLength(body) }, timeout: 5000 }, (res) => {
+            const chunks = [];
+            res.on('data', (chunk) => chunks.push(chunk));
+            res.on('end', () => {
+                const text = Buffer.concat(chunks).toString('utf8');
+                if ((res.statusCode ?? 0) >= 400)
+                    return reject(new Error(`license endpoint failed: ${res.statusCode} ${text.slice(0, 160)}`));
+                try {
+                    resolve(text ? JSON.parse(text) : {});
+                }
+                catch {
+                    resolve({});
+                }
+            });
+        });
+        req.on('error', reject);
+        req.on('timeout', () => req.destroy(new Error('license endpoint timed out')));
+        req.end(body);
+    });
+}
+//# sourceMappingURL=license.js.map

package/dist/license.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"license.js","sourceRoot":"","sources":["../src/license.ts"],"names":[],"mappings":";AAAA;;;;;;GAMG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA+DH,wCAEC;AAED,gCAEC;AAED,4DASC;AAED,8DAQC;AAED,8DAOC;AAED,sDAEC;AAED,gDAcC;AAED,gEAmBC;AA1ID,+CAAiC;AACjC,uCAAyB;AACzB,2CAA6B;AAC7B,6CAA+B;AAC/B,uCAAyB;AACzB,2CAA6B;AA8B7B,MAAM,gBAAgB,GAAG,wBAAwB,CAAC;AAClD,MAAM,MAAM,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;AACnC,MAAM,WAAW,GAA4B;IAC3C,KAAK,EAAE,IAAI;IACX,IAAI,EAAE,MAAM;IACZ,KAAK,EAAE,CAAC;IACR,SAAS,EAAE,IAAI;IACf,QAAQ,EAAE;QACR,gBAAgB,EAAE,KAAK;QACvB,gBAAgB,EAAE,KAAK;QACvB,cAAc,EAAE,KAAK;QACrB,eAAe,EAAE,KAAK;QACtB,uBAAuB,EAAE,KAAK;QAC9B,kBAAkB,EAAE,CAAC;QACrB,cAAc,EAAE,CAAC;KAClB;CACF,CAAC;AAEF,MAAa,8BAA+B,SAAQ,KAAK;IACvD,IAAI,GAAG,6BAA6B,CAAC;IACrC,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,gCAAgC,CAAC;IAC/C,CAAC;CACF;AAND,wEAMC;AAED,SAAgB,cAAc,CAAC,IAAa;IAC1C,OAAO,IAAI,IAAI,OAAO,CAAC,GAAG,CAAC,eAAe,IAAI,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,aAAa,CAAC,CAAC;AACvF,CAAC;AAED,SAAgB,UAAU,CAAC,IAAa;IACtC,OAAO,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,EAAE,aAAa,CAAC,CAAC;AACxD,CAAC;AAED,SAAgB,wBAAwB,CAAC,IAAa;IACpD,IAAI,OAAO,CAAC,GAAG,CAAC,sBAAsB;QAAE,OAAO,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC,IAAI,EAAE,CAAC;IACzF,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC,CAAkD,CAAC;QACtH,MAAM,GAAG,GAAG,MAAM,CAAC,UAAU,IAAI,MAAM,CAAC,WAAW,CAAC;QACpD,OAAO,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;IACzC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAgB,yBAAyB,CAAC,UAAkB,EAAE,IAAa;IACzE,MAAM,IAAI,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC;IAC9B,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IACnE,IAAI,MAAM,GAA4B,EAAE,CAAC;IACzC,IAAI,CAAC;QAAC,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,IAAI,EAAE,MAAM,CAAC,CAA4B,CAAC;IAAC,CAAC;IAAC,MAAM,CAAC,CAAA,CAAC;IAC/F,MAAM,CAAC,UAAU,GAAG,UAAU,CAAC,IAAI,EAAE,CAAC;IACtC,EAAE,CAAC,aAAa,CAAC,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IAChF,IAAI,CAAC;QAAC,EAAE,CAAC,SAAS,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;IAAC,CAAC;IAAC,MAAM,CAAC;QAAC,OAAO;IAAC,CAAC;AACtD,CAAC;AAED,SAAgB,yBAAyB,CAAC,IAAa;IACrD,MAAM,IAAI,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC;IAC9B,IAAI,MAAM,GAA4B,EAAE,CAAC;IACzC,IAAI,CAAC;QAAC,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,IAAI,EAAE,MAAM,CAAC,CAA4B,CAAC;IAAC,CAAC;IAAC,MAAM,CAAC;QAAC,OAAO;IAAC,CAAC;IACxG,OAAO,MAAM,CAAC,UAAU,CAAC;IACzB,OAAO,MAAM,CAAC,WAAW,CAAC;IAC1B,EAAE,CAAC,aAAa,CAAC,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;AAClF,CAAC;AAED,SAAgB,qBAAqB,CAAC,UAAkB;IACtD,OAAO,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;AACnF,CAAC;AAEM,KAAK,UAAU,kBAAkB,CAAC,UAA0B,EAAE,OAA6B,EAAE;IAClG,MAAM,GAAG,GAAG,UAAU,EAAE,IAAI,EAAE,IAAI,IAAI,CAAC;IACvC,IAAI,CAAC,GAAG;QAAE,OAAO,EAAE,GAAG,WAAW,EAAE,QAAQ,EAAE,EAAE,GAAG,WAAW,CAAC,QAAQ,EAAE,EAAE,CAAC;IAC3E,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,GAAG,EAAE,CAAC;IACrC,MAAM,KAAK,GAAG,gBAAgB,CAAC,GAAG,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;IAC/C,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC;QAChB,MAAM,MAAM,GAAG,gBAAgB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;QAC5C,IAAI,MAAM;YAAE,OAAO,MAAM,CAAC;IAC5B,CAAC;IACD,MAAM,IAAI,GAAG,CAAC,IAAI,CAAC,eAAe,IAAI,OAAO,CAAC,GAAG,CAAC,2BAA2B,IAAI,gBAAgB,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IACtH,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,QAAQ,IAAI,QAAQ,CAAC,CAAC,GAAG,IAAI,uBAAuB,EAAE,EAAE,WAAW,EAAE,GAAG,EAAE,CAAC,CAAC;IACpG,MAAM,MAAM,GAAG,eAAe,CAAC,GAAG,CAAC,CAAC;IACpC,iBAAiB,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,CAAC,CAAC;IACtC,OAAO,MAAM,CAAC;AAChB,CAAC;AAEM,KAAK,UAAU,0BAA0B,CAAC,UAA0B,EAAE,OAA6B,EAAE;IAC1G,MAAM,GAAG,GAAG,UAAU,EAAE,IAAI,EAAE,IAAI,wBAAwB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACtE,MAAM,MAAM,GAAG,MAAM,kBAAkB,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;IACnD,MAAM,SAAS,GAAG,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACzC,MAAM,kBAAkB,GAAG,2BAA2B,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAClE,MAAM,IAAI,GAAG,CAAC,IAAI,CAAC,eAAe,IAAI,OAAO,CAAC,GAAG,CAAC,2BAA2B,IAAI,gBAAgB,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IACtH,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,QAAQ,IAAI,QAAQ,CAAC,CAAC,GAAG,IAAI,oBAAoB,EAAE;YAC1E,WAAW,EAAE,GAAG,IAAI,SAAS;YAC7B,mBAAmB,EAAE,kBAAkB;YACvC,UAAU,EAAE,SAAS;SACtB,CAAoE,CAAC;QACtE,IAAI,IAAI,IAAI,IAAI,CAAC,EAAE,KAAK,KAAK,EAAE,CAAC;YAC9B,MAAM,IAAI,8BAA8B,CAAC,qEAAqE,IAAI,CAAC,WAAW,IAAI,SAAS,YAAY,IAAI,CAAC,cAAc,IAAI,MAAM,CAAC,QAAQ,CAAC,cAAc,gHAAgH,CAAC,CAAC;QAChU,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAI,GAAG,YAAY,8BAA8B;YAAE,MAAM,GAAG,CAAC;IAC/D,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,gBAAgB,CAAC,UAAkB,EAAE,IAAa;IACzD,OAAO,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,EAAE,WAAW,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;AACzH,CAAC;AAED,SAAS,gBAAgB,CAAC,IAAY,EAAE,GAAW;IACjD,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,IAAI,EAAE,MAAM,CAAC,CAA2C,CAAC;QACnG,IAAI,CAAC,MAAM,CAAC,SAAS,IAAI,GAAG,GAAG,MAAM,CAAC,SAAS,GAAG,MAAM;YAAE,OAAO,IAAI,CAAC;QACtE,OAAO,eAAe,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IACxC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAS,iBAAiB,CAAC,IAAY,EAAE,MAA+B,EAAE,GAAW;IACnF,IAAI,CAAC;QACH,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QACnE,EAAE,CAAC,aAAa,CAAC,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,SAAS,EAAE,GAAG,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QACpG,EAAE,CAAC,SAAS,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;IAC5B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO;IACT,CAAC;AACH,CAAC;AAED,SAAS,WAAW,CAAC,IAAa;IAChC,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,EAAE,YAAY,CAAC,CAAC;IAC3D,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,EAAE,CAAC,YAAY,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC,IAAI,EAAE,CAAC;QACtD,IAAI,QAAQ;YAAE,OAAO,QAAQ,CAAC;IAChC,CAAC;IAAC,MAAM,CAAC,CAAA,CAAC;IACV,MAAM,EAAE,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;IAC/B,IAAI,CAAC;QACH,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QACnE,EAAE,CAAC,aAAa,CAAC,IAAI,EAAE,EAAE,GAAG,IAAI,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QACnD,EAAE,CAAC,SAAS,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;IAC5B,CAAC;IAAC,MAAM,CAAC,CAAA,CAAC;IACV,OAAO,EAAE,CAAC;AACZ,CAAC;AAED,SAAS,2BAA2B,CAAC,IAAa;IAChD,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,EAAE,cAAc,CAAC,CAAC;IAC7D,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,IAAI,EAAE,MAAM,CAAC,CAAsC,CAAC;QAC9F,IAAI,MAAM,CAAC,oBAAoB;YAAE,OAAO,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,oBAAoB,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IACxH,CAAC;IAAC,MAAM,CAAC,CAAA,CAAC;IACV,MAAM,IAAI,GAAG,GAAG,EAAE,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,QAAQ,EAAE,EAAE,CAAC;IAC9E,OAAO,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AAChE,CAAC;AAED,SAAS,eAAe,CAAC,GAAY;IACnC,MAAM,GAAG,GAAG,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,GAA8B,CAAC,CAAC,CAAC,EAAE,CAAC;IACjF,MAAM,QAAQ,GAAG,GAAG,CAAC,QAAQ,IAAI,OAAO,GAAG,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,QAAmC,CAAC,CAAC,CAAC,EAAE,CAAC;IACjH,OAAO;QACL,KAAK,EAAE,GAAG,CAAC,KAAK,KAAK,IAAI;QACzB,IAAI,EAAE,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC;QAC7B,KAAK,EAAE,QAAQ,CAAC,GAAG,CAAC,KAAK,EAAE,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC,KAAK,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QACrH,SAAS,EAAE,OAAO,GAAG,CAAC,SAAS,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI;QACnE,QAAQ,EAAE;YACR,gBAAgB,EAAE,QAAQ,CAAC,gBAAgB,KAAK,IAAI;YACpD,gBAAgB,EAAE,QAAQ,CAAC,gBAAgB,KAAK,IAAI;YACpD,cAAc,EAAE,QAAQ,CAAC,cAAc,KAAK,IAAI;YAChD,eAAe,EAAE,QAAQ,CAAC,eAAe,KAAK,IAAI;YAClD,uBAAuB,EAAE,QAAQ,CAAC,uBAAuB,KAAK,IAAI;YAClE,kBAAkB,EAAE,QAAQ,CAAC,QAAQ,CAAC,kBAAkB,EAAE,CAAC,CAAC;YAC5D,cAAc,EAAE,QAAQ,CAAC,QAAQ,CAAC,cAAc,EAAE,CAAC,CAAC;SACrD;KACF,CAAC;AACJ,CAAC;AAED,SAAS,aAAa,CAAC,KAAc;IACnC,OAAO,KAAK,KAAK,MAAM,IAAI,KAAK,KAAK,SAAS,IAAI,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC;AACxF,CAAC;AAED,SAAS,QAAQ,CAAC,KAAc,EAAE,QAAgB;IAChD,OAAO,OAAO,KAAK,KAAK,QAAQ,IAAI,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,QAAQ,CAAC;AAChF,CAAC;AAED,SAAS,QAAQ,CAAC,GAAW,EAAE,OAAgC;IAC7D,KAAK,OAAO,CAAC;IACb,IAAI,GAAG,CAAC,UAAU,CAAC,SAAS,CAAC;QAAE,OAAO,OAAO,CAAC,OAAO,CAAC,EAAE,GAAG,WAAW,EAAE,QAAQ,EAAE,EAAE,GAAG,WAAW,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;IACjH,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;QAC5B,MAAM,MAAM,GAAG,MAAM,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC;QAC1D,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;QACrC,MAAM,GAAG,GAAG,MAAM,CAAC,OAAO,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,CAAC,QAAQ,EAAE,IAAI,EAAE,MAAM,CAAC,IAAI,EAAE,IAAI,EAAE,MAAM,CAAC,QAAQ,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,gBAAgB,EAAE,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE,CAAC,GAAG,EAAE,EAAE;YACrP,MAAM,MAAM,GAAa,EAAE,CAAC;YAC5B,GAAG,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;YACtD,GAAG,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE;gBACjB,MAAM,IAAI,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;gBACpD,IAAI,CAAC,GAAG,CAAC,UAAU,IAAI,CAAC,CAAC,IAAI,GAAG;oBAAE,OAAO,MAAM,CAAC,IAAI,KAAK,CAAC,4BAA4B,GAAG,CAAC,UAAU,IAAI,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC;gBAC/H,IAAI,CAAC;oBAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;gBAAC,CAAC;gBAAC,MAAM,CAAC;oBAAC,OAAO,CAAC,EAAE,CAAC,CAAC;gBAAC,CAAC;YACvE,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QACH,GAAG,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QACxB,GAAG,CAAC,EAAE,CAAC,SAAS,EAAE,GAAG,EAAE,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC,CAAC,CAAC;QAC9E,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IAChB,CAAC,CAAC,CAAC;AACL,CAAC"}

package/dist/policy.d.ts

@@ -9,7 +9,8 @@
  * (App. Nos. 63/983,615; 63/983,621; 63/983,843; 63/984,626;
  * 64/071,781; 64/071,789).
  */
-import type { SpendPolicy, CallContext, SpendDecision, SpendStore, SpendScope, SpendAction } from './types';
+import type { SpendPolicy, CallContext, SpendDecision, SpendStore, SpendScope, SpendAction, ReviewerCascadeOutcome, ReviewerCascadeReceipt } from './types';
+import { type AgentGuardLicenseStatus } from './license';
 /**
  * Build a collision-resistant storage key from a SpendScope. The hash is over
  * canonical JSON, so attacker-controlled separators in tenant/user IDs cannot
@@ -21,6 +22,19 @@ export declare function buildScopeKey(scope: SpendScope): string;
  * Empty fields in the policy scope are wildcards.
  */
 declare function policyMatchesCall(policyScope: SpendScope, callScope: SpendScope): boolean;
+export interface ReviewerCascadeInput {
+    drafterConfidence?: number;
+    outputText?: string;
+    highRiskClassifierScore?: number;
+    keywordWatchlist?: string[];
+    reviewerVerdict?: string;
+}
+export declare function getReviewerCascadeOutcome(policy: SpendPolicy, outcomeName: string): ReviewerCascadeOutcome | null;
+export declare function evaluateReviewerCascadeOutcome(outcomeName: string, outcome: ReviewerCascadeOutcome, input?: ReviewerCascadeInput): ReviewerCascadeReceipt;
+export declare function evaluateReviewerTriggers(triggers: unknown[], input?: ReviewerCascadeInput): string[];
+export declare const BUILT_IN_KEYWORD_WATCHLISTS: Set<string>;
+export declare function enforcePolicyLicenseGates(policy: SpendPolicy, license: AgentGuardLicenseStatus): void;
+export declare function findCustomKeywordWatchlists(policy: SpendPolicy): string[];
 declare function mostRestrictive(a: SpendAction, b: SpendAction): SpendAction;
 export declare function evaluatePolicy(policy: SpendPolicy, call: CallContext, store: SpendStore): Promise<SpendDecision>;
 export declare function adjustPolicyWindowSpend(policy: SpendPolicy, store: SpendStore, deltaCents: number): Promise<void>;

package/dist/policy.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"policy.d.ts","sourceRoot":"","sources":["../src/policy.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAGH,OAAO,KAAK,EACV,WAAW,EACX,WAAW,EACX,aAAa,EACb,UAAU,EAEV,UAAU,EAEV,WAAW,EACZ,MAAM,SAAS,CAAC;AA+BjB;;;;GAIG;AACH,wBAAgB,aAAa,CAAC,KAAK,EAAE,UAAU,GAAG,MAAM,CAEvD;AAmBD;;;GAGG;AACH,iBAAS,iBAAiB,CAAC,WAAW,EAAE,UAAU,EAAE,SAAS,EAAE,UAAU,GAAG,OAAO,CAQlF;AASD,iBAAS,eAAe,CAAC,CAAC,EAAE,WAAW,EAAE,CAAC,EAAE,WAAW,GAAG,WAAW,CAEpE;AAED,wBAAsB,cAAc,CAClC,MAAM,EAAE,WAAW,EACnB,IAAI,EAAE,WAAW,EACjB,KAAK,EAAE,UAAU,GAChB,OAAO,CAAC,aAAa,CAAC,CA8HxB;AAsJD,wBAAsB,uBAAuB,CAC3C,MAAM,EAAE,WAAW,EACnB,KAAK,EAAE,UAAU,EACjB,UAAU,EAAE,MAAM,GACjB,OAAO,CAAC,IAAI,CAAC,CASf;AA2CD,iBAAS,0BAA0B,CACjC,OAAO,EAAE,WAAW,CAAC,WAAW,CAAC,oBAAoB,CAAC,CAAC,EACvD,QAAQ,EAAE,WAAW,CAAC,WAAW,CAAC,oBAAoB,CAAC,CAAC,GACvD,OAAO,CAET;AA6BD,eAAO,MAAM,QAAQ;;;;CAAqE,CAAC"}
+{"version":3,"file":"policy.d.ts","sourceRoot":"","sources":["../src/policy.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAGH,OAAO,KAAK,EACV,WAAW,EACX,WAAW,EACX,aAAa,EACb,UAAU,EAEV,UAAU,EAEV,WAAW,EACX,sBAAsB,EACtB,sBAAsB,EACvB,MAAM,SAAS,CAAC;AAGjB,OAAO,EAAkC,KAAK,uBAAuB,EAAE,MAAM,WAAW,CAAC;AA6BzF;;;;GAIG;AACH,wBAAgB,aAAa,CAAC,KAAK,EAAE,UAAU,GAAG,MAAM,CAEvD;AAmBD;;;GAGG;AACH,iBAAS,iBAAiB,CAAC,WAAW,EAAE,UAAU,EAAE,SAAS,EAAE,UAAU,GAAG,OAAO,CAQlF;AAID,MAAM,WAAW,oBAAoB;IACnC,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,uBAAuB,CAAC,EAAE,MAAM,CAAC;IACjC,gBAAgB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC5B,eAAe,CAAC,EAAE,MAAM,CAAC;CAC1B;AAED,wBAAgB,yBAAyB,CAAC,MAAM,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,GAAG,sBAAsB,GAAG,IAAI,CAGjH;AAED,wBAAgB,8BAA8B,CAC5C,WAAW,EAAE,MAAM,EACnB,OAAO,EAAE,sBAAsB,EAC/B,KAAK,GAAE,oBAAyB,GAC/B,sBAAsB,CAUxB;AAED,wBAAgB,wBAAwB,CAAC,QAAQ,EAAE,OAAO,EAAE,EAAE,KAAK,GAAE,oBAAyB,GAAG,MAAM,EAAE,CAoBxG;AAED,eAAO,MAAM,2BAA2B,aAMtC,CAAC;AAEH,wBAAgB,yBAAyB,CAAC,MAAM,EAAE,WAAW,EAAE,OAAO,EAAE,uBAAuB,GAAG,IAAI,CAWrG;AAED,wBAAgB,2BAA2B,CAAC,MAAM,EAAE,WAAW,GAAG,MAAM,EAAE,CAIzE;AAkCD,iBAAS,eAAe,CAAC,CAAC,EAAE,WAAW,EAAE,CAAC,EAAE,WAAW,GAAG,WAAW,CAEpE;AAED,wBAAsB,cAAc,CAClC,MAAM,EAAE,WAAW,EACnB,IAAI,EAAE,WAAW,EACjB,KAAK,EAAE,UAAU,GAChB,OAAO,CAAC,aAAa,CAAC,CA8HxB;AAsJD,wBAAsB,uBAAuB,CAC3C,MAAM,EAAE,WAAW,EACnB,KAAK,EAAE,UAAU,EACjB,UAAU,EAAE,MAAM,GACjB,OAAO,CAAC,IAAI,CAAC,CASf;AA2CD,iBAAS,0BAA0B,CACjC,OAAO,EAAE,WAAW,CAAC,WAAW,CAAC,oBAAoB,CAAC,CAAC,EACvD,QAAQ,EAAE,WAAW,CAAC,WAAW,CAAC,oBAAoB,CAAC,CAAC,GACvD,OAAO,CAET;AA6BD,eAAO,MAAM,QAAQ;;;;CAAqE,CAAC"}

package/dist/policy.js

@@ -11,13 +11,19 @@
  * 64/071,781; 64/071,789).
  */
 Object.defineProperty(exports, "__esModule", { value: true });
-exports._testing = void 0;
+exports._testing = exports.BUILT_IN_KEYWORD_WATCHLISTS = void 0;
 exports.buildScopeKey = buildScopeKey;
+exports.getReviewerCascadeOutcome = getReviewerCascadeOutcome;
+exports.evaluateReviewerCascadeOutcome = evaluateReviewerCascadeOutcome;
+exports.evaluateReviewerTriggers = evaluateReviewerTriggers;
+exports.enforcePolicyLicenseGates = enforcePolicyLicenseGates;
+exports.findCustomKeywordWatchlists = findCustomKeywordWatchlists;
 exports.evaluatePolicy = evaluatePolicy;
 exports.adjustPolicyWindowSpend = adjustPolicyWindowSpend;
 const crypto_1 = require("crypto");
 const cost_table_1 = require("./cost-table");
 const decision_log_1 = require("./decision-log");
+const license_1 = require("./license");
 /**
  * Build a collision-resistant storage key from a SpendScope. The hash is over
  * canonical JSON, so attacker-controlled separators in tenant/user IDs cannot
@@ -65,6 +71,94 @@ function policyMatchesCall(policyScope, callScope) {
         return false;
     return true;
 }
+function getReviewerCascadeOutcome(policy, outcomeName) {
+    const outcomes = policy.outcomes;
+    return outcomes?.[outcomeName] ?? null;
+}
+function evaluateReviewerCascadeOutcome(outcomeName, outcome, input = {}) {
+    const triggerFired = evaluateReviewerTriggers(outcome.reviewer?.trigger ?? [], input);
+    const reviewerRuns = Boolean(outcome.reviewer && triggerFired.length > 0);
+    return {
+        outcome: outcomeName,
+        drafter: outcome.drafter,
+        reviewer: reviewerRuns && outcome.reviewer ? { model: outcome.reviewer.model, maxCostCents: outcome.reviewer.maxCostCents } : null,
+        triggerFired,
+        reviewerVerdict: reviewerRuns ? input.reviewerVerdict ?? 'review_required' : 'drafter_only',
+    };
+}
+function evaluateReviewerTriggers(triggers, input = {}) {
+    const fired = [];
+    const output = (input.outputText ?? '').toLowerCase();
+    for (const trigger of triggers) {
+        if (!trigger || typeof trigger !== 'object')
+            continue;
+        const t = trigger;
+        if (typeof t.drafter_confidence_below === 'number' && typeof input.drafterConfidence === 'number' && input.drafterConfidence < t.drafter_confidence_below) {
+            fired.push(`drafter_confidence_below:${t.drafter_confidence_below}`);
+        }
+        if (Array.isArray(t.output_contains_any) && t.output_contains_any.some((term) => typeof term === 'string' && output.includes(term.toLowerCase()))) {
+            fired.push('output_contains_any');
+        }
+        if (typeof t.high_risk_classifier_score_above === 'number' && typeof input.highRiskClassifierScore === 'number' && input.highRiskClassifierScore > t.high_risk_classifier_score_above) {
+            fired.push(`high_risk_classifier_score_above:${t.high_risk_classifier_score_above}`);
+        }
+        if (typeof t.keyword_watchlist === 'string' && (input.keywordWatchlist ?? []).some((term) => output.includes(term.toLowerCase()))) {
+            fired.push(`keyword_watchlist:${t.keyword_watchlist}`);
+        }
+    }
+    return [...new Set(fired)];
+}
+exports.BUILT_IN_KEYWORD_WATCHLISTS = new Set([
+    'law-firm-defaults',
+    'cpa-defaults',
+    'ecommerce-defaults',
+    'real-estate-defaults',
+    'insurance-defaults',
+]);
+function enforcePolicyLicenseGates(policy, license) {
+    const posture = policyPosture(policy);
+    if (posture && posture !== 'standard' && !license.features.postureSwitching) {
+        throw new license_1.AgentGuardLicenseRequiredError(`Posture switching requires a Solo license. Get one at https://agentguard.run/pricing or via Visa CLI:
+visa-cli buy https://agentguard.run/api/x402/license?tier=solo
+Then activate with: agentguard auth license-key <KEY>`);
+    }
+    const custom = findCustomKeywordWatchlists(policy);
+    if (custom.length > 0 && !license.features.customWatchlists) {
+        throw new license_1.AgentGuardLicenseRequiredError(`Custom keyword watchlists require a Solo license. Built-in watchlists remain available on the free tier. Activate with: agentguard auth license-key <KEY>`);
+    }
+}
+function findCustomKeywordWatchlists(policy) {
+    const found = new Set();
+    scanForKeywordWatchlists(policy, found);
+    return [...found].filter((name) => !exports.BUILT_IN_KEYWORD_WATCHLISTS.has(name));
+}
+function policyPosture(policy) {
+    const anyPolicy = policy;
+    const posture = anyPolicy.governancePosture?.posture || anyPolicy.posture;
+    return typeof posture === 'string' ? posture.toLowerCase() : null;
+}
+function scanForKeywordWatchlists(value, found) {
+    if (!value)
+        return;
+    if (typeof value === 'string') {
+        const match = value.match(/keyword_watchlist\s*:\s*([A-Za-z0-9_-]+)/);
+        if (match?.[1])
+            found.add(match[1]);
+        return;
+    }
+    if (Array.isArray(value)) {
+        for (const item of value)
+            scanForKeywordWatchlists(item, found);
+        return;
+    }
+    if (typeof value === 'object') {
+        for (const [key, child] of Object.entries(value)) {
+            if (key === 'keyword_watchlist' && typeof child === 'string')
+                found.add(child);
+            scanForKeywordWatchlists(child, found);
+        }
+    }
+}
 const ACTION_RANK = {
     block: 3,
     downgrade: 2,