@aion0/bastion 0.1.7

package/dist/tool-guard/alert.d.ts

@@ -0,0 +1,30 @@
+import type { RuleMatch } from './rules.js';
+export interface AlertConfig {
+    /** Minimum severity to trigger alerts: 'critical' | 'high' | 'medium' | 'low' */
+    minSeverity: string;
+    /** macOS Notification Center */
+    desktop: boolean;
+    /** Webhook URL for POST alerts (Slack, Discord, etc.) */
+    webhookUrl: string;
+}
+export declare function shouldAlert(severity: string, minSeverity: string): boolean;
+export interface AlertPayload {
+    toolName: string;
+    ruleName: string;
+    ruleId: string;
+    severity: string;
+    category: string;
+    matchedText: string;
+    requestId: string;
+    sessionId?: string;
+    timestamp: string;
+}
+export interface AlertEntry extends AlertPayload {
+    id: string;
+    acknowledged: boolean;
+}
+export declare function getRecentAlerts(): AlertEntry[];
+export declare function getUnacknowledgedCount(): number;
+export declare function acknowledgeAlerts(): void;
+export declare function dispatchAlert(config: AlertConfig, toolName: string, ruleMatch: RuleMatch, requestId: string, sessionId?: string): void;
+//# sourceMappingURL=alert.d.ts.map

package/dist/tool-guard/alert.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"alert.d.ts","sourceRoot":"","sources":["../../src/tool-guard/alert.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAI5C,MAAM,WAAW,WAAW;IAC1B,iFAAiF;IACjF,WAAW,EAAE,MAAM,CAAC;IACpB,gCAAgC;IAChC,OAAO,EAAE,OAAO,CAAC;IACjB,yDAAyD;IACzD,UAAU,EAAE,MAAM,CAAC;CACpB;AASD,wBAAgB,WAAW,CAAC,QAAQ,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,GAAG,OAAO,CAM1E;AAED,MAAM,WAAW,YAAY;IAC3B,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;CACnB;AA6DD,MAAM,WAAW,UAAW,SAAQ,YAAY;IAC9C,EAAE,EAAE,MAAM,CAAC;IACX,YAAY,EAAE,OAAO,CAAC;CACvB;AAKD,wBAAgB,eAAe,IAAI,UAAU,EAAE,CAE9C;AAED,wBAAgB,sBAAsB,IAAI,MAAM,CAE/C;AAED,wBAAgB,iBAAiB,IAAI,IAAI,CAExC;AAID,wBAAgB,aAAa,CAC3B,MAAM,EAAE,WAAW,EACnB,QAAQ,EAAE,MAAM,EAChB,SAAS,EAAE,SAAS,EACpB,SAAS,EAAE,MAAM,EACjB,SAAS,CAAC,EAAE,MAAM,GACjB,IAAI,CA4BN"}

package/dist/tool-guard/alert.js

@@ -0,0 +1,113 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.shouldAlert = shouldAlert;
+exports.getRecentAlerts = getRecentAlerts;
+exports.getUnacknowledgedCount = getUnacknowledgedCount;
+exports.acknowledgeAlerts = acknowledgeAlerts;
+exports.dispatchAlert = dispatchAlert;
+const node_child_process_1 = require("node:child_process");
+const node_os_1 = require("node:os");
+const logger_js_1 = require("../utils/logger.js");
+const log = (0, logger_js_1.createLogger)('tool-guard-alert');
+const SEVERITY_RANK = {
+    critical: 4,
+    high: 3,
+    medium: 2,
+    low: 1,
+};
+function shouldAlert(severity, minSeverity) {
+    const minRank = SEVERITY_RANK[minSeverity];
+    // Unknown minSeverity (empty string, 'none', undefined coerced to string, etc.) →
+    // treat as "never block" rather than defaulting to rank 0 which would match everything.
+    if (minRank === undefined)
+        return false;
+    return (SEVERITY_RANK[severity] ?? 0) >= minRank;
+}
+function buildPayload(toolName, ruleMatch, requestId, sessionId) {
+    return {
+        toolName,
+        ruleName: ruleMatch.rule.name,
+        ruleId: ruleMatch.rule.id,
+        severity: ruleMatch.rule.severity,
+        category: ruleMatch.rule.category,
+        matchedText: ruleMatch.matchedText,
+        requestId,
+        sessionId,
+        timestamp: new Date().toISOString(),
+    };
+}
+// ── Desktop notification (macOS) ──
+function sendDesktopNotification(payload) {
+    if ((0, node_os_1.platform)() !== 'darwin')
+        return;
+    const title = `Bastion: ${payload.severity.toUpperCase()} tool call`;
+    const message = `${payload.toolName}: ${payload.ruleName}\\n${payload.matchedText.slice(0, 100)}`;
+    (0, node_child_process_1.execFile)('osascript', [
+        '-e',
+        `display notification "${message}" with title "${title}" sound name "Purr"`,
+    ], (err) => {
+        if (err)
+            log.debug('Desktop notification failed', { error: err.message });
+    });
+}
+// ── Webhook ──
+async function sendWebhook(url, payload) {
+    try {
+        const body = JSON.stringify({
+            text: `[Bastion Tool Guard] **${payload.severity.toUpperCase()}**: \`${payload.toolName}\` — ${payload.ruleName}\nMatched: \`${payload.matchedText.slice(0, 200)}\`\nRequest: ${payload.requestId}`,
+            ...payload,
+        });
+        const res = await fetch(url, {
+            method: 'POST',
+            headers: { 'content-type': 'application/json' },
+            body,
+            signal: AbortSignal.timeout(5000),
+        });
+        if (!res.ok) {
+            log.debug('Webhook response not OK', { status: res.status });
+        }
+    }
+    catch (err) {
+        log.debug('Webhook send failed', { error: err.message });
+    }
+}
+const recentAlerts = [];
+const MAX_ALERTS = 100;
+function getRecentAlerts() {
+    return recentAlerts;
+}
+function getUnacknowledgedCount() {
+    return recentAlerts.filter(a => !a.acknowledged).length;
+}
+function acknowledgeAlerts() {
+    for (const a of recentAlerts)
+        a.acknowledged = true;
+}
+// ── Main dispatch ──
+function dispatchAlert(config, toolName, ruleMatch, requestId, sessionId) {
+    if (!shouldAlert(ruleMatch.rule.severity, config.minSeverity))
+        return;
+    const payload = buildPayload(toolName, ruleMatch, requestId, sessionId);
+    // Always add to in-memory queue
+    recentAlerts.unshift({
+        ...payload,
+        id: crypto.randomUUID(),
+        acknowledged: false,
+    });
+    if (recentAlerts.length > MAX_ALERTS)
+        recentAlerts.length = MAX_ALERTS;
+    // Desktop notification
+    if (config.desktop) {
+        sendDesktopNotification(payload);
+    }
+    // Webhook
+    if (config.webhookUrl) {
+        sendWebhook(config.webhookUrl, payload).catch(() => { });
+    }
+    log.info('Alert dispatched', {
+        severity: payload.severity,
+        toolName: payload.toolName,
+        rule: payload.ruleId,
+    });
+}
+//# sourceMappingURL=alert.js.map

package/dist/tool-guard/alert.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"alert.js","sourceRoot":"","sources":["../../src/tool-guard/alert.ts"],"names":[],"mappings":";;AAuBA,kCAMC;AAiFD,0CAEC;AAED,wDAEC;AAED,8CAEC;AAID,sCAkCC;AA9JD,2DAA8C;AAC9C,qCAAmC;AACnC,kDAAkD;AAGlD,MAAM,GAAG,GAAG,IAAA,wBAAY,EAAC,kBAAkB,CAAC,CAAC;AAW7C,MAAM,aAAa,GAA2B;IAC5C,QAAQ,EAAE,CAAC;IACX,IAAI,EAAE,CAAC;IACP,MAAM,EAAE,CAAC;IACT,GAAG,EAAE,CAAC;CACP,CAAC;AAEF,SAAgB,WAAW,CAAC,QAAgB,EAAE,WAAmB;IAC/D,MAAM,OAAO,GAAG,aAAa,CAAC,WAAW,CAAC,CAAC;IAC3C,kFAAkF;IAClF,wFAAwF;IACxF,IAAI,OAAO,KAAK,SAAS;QAAE,OAAO,KAAK,CAAC;IACxC,OAAO,CAAC,aAAa,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,IAAI,OAAO,CAAC;AACnD,CAAC;AAcD,SAAS,YAAY,CACnB,QAAgB,EAChB,SAAoB,EACpB,SAAiB,EACjB,SAAkB;IAElB,OAAO;QACL,QAAQ;QACR,QAAQ,EAAE,SAAS,CAAC,IAAI,CAAC,IAAI;QAC7B,MAAM,EAAE,SAAS,CAAC,IAAI,CAAC,EAAE;QACzB,QAAQ,EAAE,SAAS,CAAC,IAAI,CAAC,QAAQ;QACjC,QAAQ,EAAE,SAAS,CAAC,IAAI,CAAC,QAAQ;QACjC,WAAW,EAAE,SAAS,CAAC,WAAW;QAClC,SAAS;QACT,SAAS;QACT,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;KACpC,CAAC;AACJ,CAAC;AAED,qCAAqC;AAErC,SAAS,uBAAuB,CAAC,OAAqB;IACpD,IAAI,IAAA,kBAAQ,GAAE,KAAK,QAAQ;QAAE,OAAO;IAEpC,MAAM,KAAK,GAAG,YAAY,OAAO,CAAC,QAAQ,CAAC,WAAW,EAAE,YAAY,CAAC;IACrE,MAAM,OAAO,GAAG,GAAG,OAAO,CAAC,QAAQ,KAAK,OAAO,CAAC,QAAQ,MAAM,OAAO,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC;IAElG,IAAA,6BAAQ,EAAC,WAAW,EAAE;QACpB,IAAI;QACJ,yBAAyB,OAAO,iBAAiB,KAAK,qBAAqB;KAC5E,EAAE,CAAC,GAAG,EAAE,EAAE;QACT,IAAI,GAAG;YAAE,GAAG,CAAC,KAAK,CAAC,6BAA6B,EAAE,EAAE,KAAK,EAAE,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;IAC5E,CAAC,CAAC,CAAC;AACL,CAAC;AAED,gBAAgB;AAEhB,KAAK,UAAU,WAAW,CAAC,GAAW,EAAE,OAAqB;IAC3D,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC;YAC1B,IAAI,EAAE,0BAA0B,OAAO,CAAC,QAAQ,CAAC,WAAW,EAAE,SAAS,OAAO,CAAC,QAAQ,QAAQ,OAAO,CAAC,QAAQ,gBAAgB,OAAO,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,gBAAgB,OAAO,CAAC,SAAS,EAAE;YACnM,GAAG,OAAO;SACX,CAAC,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;YAC3B,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;YAC/C,IAAI;YACJ,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,IAAI,CAAC;SAClC,CAAC,CAAC;QACH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;YACZ,GAAG,CAAC,KAAK,CAAC,yBAAyB,EAAE,EAAE,MAAM,EAAE,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;QAC/D,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,GAAG,CAAC,KAAK,CAAC,qBAAqB,EAAE,EAAE,KAAK,EAAG,GAAa,CAAC,OAAO,EAAE,CAAC,CAAC;IACtE,CAAC;AACH,CAAC;AASD,MAAM,YAAY,GAAiB,EAAE,CAAC;AACtC,MAAM,UAAU,GAAG,GAAG,CAAC;AAEvB,SAAgB,eAAe;IAC7B,OAAO,YAAY,CAAC;AACtB,CAAC;AAED,SAAgB,sBAAsB;IACpC,OAAO,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,MAAM,CAAC;AAC1D,CAAC;AAED,SAAgB,iBAAiB;IAC/B,KAAK,MAAM,CAAC,IAAI,YAAY;QAAE,CAAC,CAAC,YAAY,GAAG,IAAI,CAAC;AACtD,CAAC;AAED,sBAAsB;AAEtB,SAAgB,aAAa,CAC3B,MAAmB,EACnB,QAAgB,EAChB,SAAoB,EACpB,SAAiB,EACjB,SAAkB;IAElB,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,IAAI,CAAC,QAAQ,EAAE,MAAM,CAAC,WAAW,CAAC;QAAE,OAAO;IAEtE,MAAM,OAAO,GAAG,YAAY,CAAC,QAAQ,EAAE,SAAS,EAAE,SAAS,EAAE,SAAS,CAAC,CAAC;IAExE,gCAAgC;IAChC,YAAY,CAAC,OAAO,CAAC;QACnB,GAAG,OAAO;QACV,EAAE,EAAE,MAAM,CAAC,UAAU,EAAE;QACvB,YAAY,EAAE,KAAK;KACpB,CAAC,CAAC;IACH,IAAI,YAAY,CAAC,MAAM,GAAG,UAAU;QAAE,YAAY,CAAC,MAAM,GAAG,UAAU,CAAC;IAEvE,uBAAuB;IACvB,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;QACnB,uBAAuB,CAAC,OAAO,CAAC,CAAC;IACnC,CAAC;IAED,UAAU;IACV,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;QACtB,WAAW,CAAC,MAAM,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;IAC1D,CAAC;IAED,GAAG,CAAC,IAAI,CAAC,kBAAkB,EAAE;QAC3B,QAAQ,EAAE,OAAO,CAAC,QAAQ;QAC1B,QAAQ,EAAE,OAAO,CAAC,QAAQ;QAC1B,IAAI,EAAE,OAAO,CAAC,MAAM;KACrB,CAAC,CAAC;AACL,CAAC"}

package/dist/tool-guard/extractor.d.ts

@@ -0,0 +1,10 @@
+export interface ExtractedToolCall {
+    toolName: string;
+    toolInput: Record<string, unknown> | string;
+    provider: 'anthropic' | 'openai' | 'gemini' | 'unknown';
+}
+export declare function extractToolCallsFromJSON(body: string): ExtractedToolCall[];
+export declare function extractToolCallsFromSSE(body: string): ExtractedToolCall[];
+export declare function extractToolCallsFromParsedEvents(events: Record<string, unknown>[]): ExtractedToolCall[];
+export declare function extractToolCalls(body: string, isStreaming: boolean): ExtractedToolCall[];
+//# sourceMappingURL=extractor.d.ts.map

package/dist/tool-guard/extractor.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"extractor.d.ts","sourceRoot":"","sources":["../../src/tool-guard/extractor.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,iBAAiB;IAChC,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,MAAM,CAAC;IAC5C,QAAQ,EAAE,WAAW,GAAG,QAAQ,GAAG,QAAQ,GAAG,SAAS,CAAC;CACzD;AAkED,wBAAgB,wBAAwB,CAAC,IAAI,EAAE,MAAM,GAAG,iBAAiB,EAAE,CA0B1E;AAwJD,wBAAgB,uBAAuB,CAAC,IAAI,EAAE,MAAM,GAAG,iBAAiB,EAAE,CAIzE;AA4BD,wBAAgB,gCAAgC,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,GAAG,iBAAiB,EAAE,CAGvG;AAID,wBAAgB,gBAAgB,CAAC,IAAI,EAAE,MAAM,EAAE,WAAW,EAAE,OAAO,GAAG,iBAAiB,EAAE,CAKxF"}

package/dist/tool-guard/extractor.js

@@ -0,0 +1,309 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.extractToolCallsFromJSON = extractToolCallsFromJSON;
+exports.extractToolCallsFromSSE = extractToolCallsFromSSE;
+exports.extractToolCallsFromParsedEvents = extractToolCallsFromParsedEvents;
+exports.extractToolCalls = extractToolCalls;
+// ---------- Buffered JSON extraction ----------
+function extractAnthropicJSON(body) {
+    const content = body.content;
+    if (!Array.isArray(content))
+        return [];
+    return content
+        .filter((b) => b?.type === 'tool_use')
+        .map((b) => ({
+        toolName: b.name ?? 'unknown',
+        toolInput: b.input ?? {},
+        provider: 'anthropic',
+    }));
+}
+function extractOpenAIJSON(body) {
+    const choices = body.choices;
+    if (!Array.isArray(choices))
+        return [];
+    const results = [];
+    for (const choice of choices) {
+        const msg = choice.message;
+        if (!msg)
+            continue;
+        const toolCalls = msg.tool_calls;
+        if (!Array.isArray(toolCalls))
+            continue;
+        for (const tc of toolCalls) {
+            const fn = tc.function;
+            if (!fn)
+                continue;
+            let input = {};
+            try {
+                input = JSON.parse(fn.arguments ?? '{}');
+            }
+            catch {
+                input = fn.arguments ?? '';
+            }
+            results.push({
+                toolName: fn.name ?? 'unknown',
+                toolInput: input,
+                provider: 'openai',
+            });
+        }
+    }
+    return results;
+}
+function extractGeminiJSON(body) {
+    const candidates = body.candidates;
+    if (!Array.isArray(candidates))
+        return [];
+    const results = [];
+    for (const candidate of candidates) {
+        const content = candidate.content;
+        if (!content)
+            continue;
+        const parts = content.parts;
+        if (!Array.isArray(parts))
+            continue;
+        for (const part of parts) {
+            const fc = part.functionCall;
+            if (!fc)
+                continue;
+            results.push({
+                toolName: fc.name ?? 'unknown',
+                toolInput: fc.args ?? {},
+                provider: 'gemini',
+            });
+        }
+    }
+    return results;
+}
+function extractToolCallsFromJSON(body) {
+    try {
+        const parsed = JSON.parse(body);
+        // Anthropic format: content[].type === 'tool_use'
+        if (Array.isArray(parsed.content)) {
+            const results = extractAnthropicJSON(parsed);
+            if (results.length > 0)
+                return results;
+        }
+        // OpenAI format: choices[].message.tool_calls[]
+        if (Array.isArray(parsed.choices)) {
+            const results = extractOpenAIJSON(parsed);
+            if (results.length > 0)
+                return results;
+        }
+        // Gemini format: candidates[].content.parts[].functionCall
+        if (Array.isArray(parsed.candidates)) {
+            const results = extractGeminiJSON(parsed);
+            if (results.length > 0)
+                return results;
+        }
+        return [];
+    }
+    catch {
+        return [];
+    }
+}
+// ---------- SSE extraction ----------
+function parseSSEEvents(text) {
+    const events = [];
+    const lines = text.split('\n');
+    const curData = [];
+    for (const line of lines) {
+        if (line.startsWith('data: ')) {
+            curData.push(line.slice(6));
+        }
+        else if (line.trim() === '' && curData.length > 0) {
+            const raw = curData.join('\n');
+            curData.length = 0;
+            if (raw !== '[DONE]') {
+                try {
+                    events.push(JSON.parse(raw));
+                }
+                catch { /* skip */ }
+            }
+        }
+    }
+    if (curData.length > 0) {
+        const raw = curData.join('\n');
+        if (raw !== '[DONE]') {
+            try {
+                events.push(JSON.parse(raw));
+            }
+            catch { /* skip */ }
+        }
+    }
+    return events;
+}
+function extractAnthropicSSE(events) {
+    const results = [];
+    let curToolName = '';
+    let curToolInput = '';
+    for (const d of events) {
+        if (d.type === 'content_block_start') {
+            const cb = d.content_block;
+            if (cb?.type === 'tool_use') {
+                curToolName = cb.name ?? '';
+                curToolInput = '';
+            }
+        }
+        if (d.type === 'content_block_delta') {
+            const delta = d.delta;
+            if (delta?.type === 'input_json_delta') {
+                curToolInput += delta.partial_json ?? '';
+            }
+        }
+        if (d.type === 'content_block_stop') {
+            if (curToolName) {
+                let input = curToolInput;
+                try {
+                    input = JSON.parse(curToolInput);
+                }
+                catch { /* keep as string */ }
+                results.push({ toolName: curToolName, toolInput: input, provider: 'anthropic' });
+                curToolName = '';
+                curToolInput = '';
+            }
+        }
+    }
+    return results;
+}
+function extractOpenAISSE(events) {
+    // OpenAI streams tool calls as: choices[].delta.tool_calls[].function.{name,arguments}
+    // We need to accumulate name + arguments across chunks, keyed by tool call index
+    const toolMap = new Map();
+    for (const d of events) {
+        const choices = d.choices;
+        if (!Array.isArray(choices))
+            continue;
+        for (const choice of choices) {
+            const delta = choice.delta;
+            if (!delta)
+                continue;
+            const toolCalls = delta.tool_calls;
+            if (!Array.isArray(toolCalls))
+                continue;
+            for (const tc of toolCalls) {
+                const idx = tc.index ?? 0;
+                if (!toolMap.has(idx))
+                    toolMap.set(idx, { name: '', args: '' });
+                const entry = toolMap.get(idx);
+                const fn = tc.function;
+                if (fn?.name)
+                    entry.name += fn.name;
+                if (fn?.arguments)
+                    entry.args += fn.arguments;
+            }
+        }
+    }
+    const results = [];
+    for (const [, entry] of toolMap) {
+        if (!entry.name)
+            continue;
+        let input = entry.args;
+        try {
+            input = JSON.parse(entry.args);
+        }
+        catch { /* keep as string */ }
+        results.push({ toolName: entry.name, toolInput: input, provider: 'openai' });
+    }
+    return results;
+}
+/**
+ * OpenAI Responses API SSE format (used by chatgpt.com/backend-api/codex/responses):
+ *   response.output_item.added  → item.type === 'function_call', item.name
+ *   response.function_call_arguments.delta → delta (partial JSON)
+ *   response.function_call_arguments.done  → name, arguments (complete)
+ *   response.output_item.done   → item with complete function call
+ */
+function extractOpenAIResponsesSSE(events) {
+    // Strategy: use .done events as ground truth (they have complete name + arguments)
+    const results = [];
+    for (const d of events) {
+        const eventType = d.type;
+        // response.function_call_arguments.done has complete data
+        if (eventType === 'response.function_call_arguments.done') {
+            const name = d.name;
+            const args = d.arguments;
+            if (name) {
+                let input = args ?? '';
+                try {
+                    input = JSON.parse(args ?? '{}');
+                }
+                catch { /* keep as string */ }
+                results.push({ toolName: name, toolInput: input, provider: 'openai' });
+            }
+            continue;
+        }
+        // Fallback: response.output_item.done with type=function_call
+        if (eventType === 'response.output_item.done') {
+            const item = d.item;
+            if (item?.type === 'function_call') {
+                const name = item.name ?? '';
+                const args = item.arguments ?? '';
+                if (name) {
+                    // Check if we already captured this via function_call_arguments.done
+                    const alreadyCaptured = results.some(r => r.toolName === name);
+                    if (!alreadyCaptured) {
+                        let input = args;
+                        try {
+                            input = JSON.parse(args);
+                        }
+                        catch { /* keep as string */ }
+                        results.push({ toolName: name, toolInput: input, provider: 'openai' });
+                    }
+                }
+            }
+        }
+    }
+    return results;
+}
+function extractGeminiSSE(events) {
+    // Each Gemini SSE event has the same candidates[] structure as the JSON response
+    const results = [];
+    for (const d of events) {
+        const extracted = extractGeminiJSON(d);
+        results.push(...extracted);
+    }
+    return results;
+}
+function extractToolCallsFromSSE(body) {
+    const events = parseSSEEvents(body);
+    if (events.length === 0)
+        return [];
+    return extractToolCallsFromParsedEventsInternal(events);
+}
+// ---------- Pre-parsed events (skip text parsing) ----------
+/** Shared detection logic for pre-parsed events */
+function extractToolCallsFromParsedEventsInternal(events) {
+    // Anthropic: content_block_start / message_start
+    const hasAnthropicEvents = events.some(e => e.type === 'content_block_start' || e.type === 'message_start');
+    if (hasAnthropicEvents)
+        return extractAnthropicSSE(events);
+    // OpenAI Chat Completions: choices[]
+    const hasOpenAIEvents = events.some(e => Array.isArray(e.choices));
+    if (hasOpenAIEvents)
+        return extractOpenAISSE(events);
+    // OpenAI Responses API: response.output_item.added / response.function_call_arguments.*
+    const hasResponsesEvents = events.some(e => {
+        const t = e.type;
+        return t?.startsWith('response.');
+    });
+    if (hasResponsesEvents)
+        return extractOpenAIResponsesSSE(events);
+    // Gemini: candidates[]
+    const hasGeminiEvents = events.some(e => Array.isArray(e.candidates));
+    if (hasGeminiEvents)
+        return extractGeminiSSE(events);
+    return [];
+}
+function extractToolCallsFromParsedEvents(events) {
+    if (events.length === 0)
+        return [];
+    return extractToolCallsFromParsedEventsInternal(events);
+}
+// ---------- Auto-detect ----------
+function extractToolCalls(body, isStreaming) {
+    if (isStreaming || body.includes('data: ')) {
+        return extractToolCallsFromSSE(body);
+    }
+    return extractToolCallsFromJSON(body);
+}
+//# sourceMappingURL=extractor.js.map

package/dist/tool-guard/extractor.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"extractor.js","sourceRoot":"","sources":["../../src/tool-guard/extractor.ts"],"names":[],"mappings":";;AAsEA,4DA0BC;AAwJD,0DAIC;AA4BD,4EAGC;AAID,4CAKC;AA9RD,iDAAiD;AAEjD,SAAS,oBAAoB,CAAC,IAA6B;IACzD,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC;IAC7B,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC;QAAE,OAAO,EAAE,CAAC;IACvC,OAAO,OAAO;SACX,MAAM,CAAC,CAAC,CAA0B,EAAE,EAAE,CAAC,CAAC,EAAE,IAAI,KAAK,UAAU,CAAC;SAC9D,GAAG,CAAC,CAAC,CAA0B,EAAE,EAAE,CAAC,CAAC;QACpC,QAAQ,EAAG,CAAC,CAAC,IAAe,IAAI,SAAS;QACzC,SAAS,EAAG,CAAC,CAAC,KAAiC,IAAI,EAAE;QACrD,QAAQ,EAAE,WAAoB;KAC/B,CAAC,CAAC,CAAC;AACR,CAAC;AAED,SAAS,iBAAiB,CAAC,IAA6B;IACtD,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC;IAC7B,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC;QAAE,OAAO,EAAE,CAAC;IACvC,MAAM,OAAO,GAAwB,EAAE,CAAC;IACxC,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,MAAM,GAAG,GAAI,MAAkC,CAAC,OAA8C,CAAC;QAC/F,IAAI,CAAC,GAAG;YAAE,SAAS;QACnB,MAAM,SAAS,GAAG,GAAG,CAAC,UAAU,CAAC;QACjC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,SAAS,CAAC;YAAE,SAAS;QACxC,KAAK,MAAM,EAAE,IAAI,SAAS,EAAE,CAAC;YAC3B,MAAM,EAAE,GAAI,EAA8B,CAAC,QAA+C,CAAC;YAC3F,IAAI,CAAC,EAAE;gBAAE,SAAS;YAClB,IAAI,KAAK,GAAqC,EAAE,CAAC;YACjD,IAAI,CAAC;gBACH,KAAK,GAAG,IAAI,CAAC,KAAK,CAAE,EAAE,CAAC,SAAoB,IAAI,IAAI,CAAC,CAAC;YACvD,CAAC;YAAC,MAAM,CAAC;gBACP,KAAK,GAAI,EAAE,CAAC,SAAoB,IAAI,EAAE,CAAC;YACzC,CAAC;YACD,OAAO,CAAC,IAAI,CAAC;gBACX,QAAQ,EAAG,EAAE,CAAC,IAAe,IAAI,SAAS;gBAC1C,SAAS,EAAE,KAAK;gBAChB,QAAQ,EAAE,QAAiB;aAC5B,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,iBAAiB,CAAC,IAA6B;IACtD,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC;IACnC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,UAAU,CAAC;QAAE,OAAO,EAAE,CAAC;IAC1C,MAAM,OAAO,GAAwB,EAAE,CAAC;IACxC,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;QACnC,MAAM,OAAO,GAAI,SAAqC,CAAC,OAA8C,CAAC;QACtG,IAAI,CAAC,OAAO;YAAE,SAAS;QACvB,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC;QAC5B,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC;YAAE,SAAS;QACpC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,MAAM,EAAE,GAAI,IAAgC,CAAC,YAAmD,CAAC;YACjG,IAAI,CAAC,EAAE;gBAAE,SAAS;YAClB,OAAO,CAAC,IAAI,CAAC;gBACX,QAAQ,EAAG,EAAE,CAAC,IAAe,IAAI,SAAS;gBAC1C,SAAS,EAAG,EAAE,CAAC,IAAgC,IAAI,EAAE;gBACrD,QAAQ,EAAE,QAAiB;aAC5B,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAgB,wBAAwB,CAAC,IAAY;IACnD,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAA4B,CAAC;QAE3D,kDAAkD;QAClD,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC;YAClC,MAAM,OAAO,GAAG,oBAAoB,CAAC,MAAM,CAAC,CAAC;YAC7C,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC;gBAAE,OAAO,OAAO,CAAC;QACzC,CAAC;QAED,gDAAgD;QAChD,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC;YAClC,MAAM,OAAO,GAAG,iBAAiB,CAAC,MAAM,CAAC,CAAC;YAC1C,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC;gBAAE,OAAO,OAAO,CAAC;QACzC,CAAC;QAED,2DAA2D;QAC3D,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,UAAU,CAAC,EAAE,CAAC;YACrC,MAAM,OAAO,GAAG,iBAAiB,CAAC,MAAM,CAAC,CAAC;YAC1C,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC;gBAAE,OAAO,OAAO,CAAC;QACzC,CAAC;QAED,OAAO,EAAE,CAAC;IACZ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED,uCAAuC;AAEvC,SAAS,cAAc,CAAC,IAAY;IAClC,MAAM,MAAM,GAA8B,EAAE,CAAC;IAC7C,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC/B,MAAM,OAAO,GAAa,EAAE,CAAC;IAC7B,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC9B,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QAC9B,CAAC;aAAM,IAAI,IAAI,CAAC,IAAI,EAAE,KAAK,EAAE,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACpD,MAAM,GAAG,GAAG,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC/B,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC;YACnB,IAAI,GAAG,KAAK,QAAQ,EAAE,CAAC;gBACrB,IAAI,CAAC;oBAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC;gBAAC,CAAC;gBAAC,MAAM,CAAC,CAAC,UAAU,CAAC,CAAC;YAC5D,CAAC;QACH,CAAC;IACH,CAAC;IACD,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACvB,MAAM,GAAG,GAAG,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC/B,IAAI,GAAG,KAAK,QAAQ,EAAE,CAAC;YACrB,IAAI,CAAC;gBAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC;YAAC,CAAC;YAAC,MAAM,CAAC,CAAC,UAAU,CAAC,CAAC;QAC5D,CAAC;IACH,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,mBAAmB,CAAC,MAAiC;IAC5D,MAAM,OAAO,GAAwB,EAAE,CAAC;IACxC,IAAI,WAAW,GAAG,EAAE,CAAC;IACrB,IAAI,YAAY,GAAG,EAAE,CAAC;IAEtB,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE,CAAC;QACvB,IAAI,CAAC,CAAC,IAAI,KAAK,qBAAqB,EAAE,CAAC;YACrC,MAAM,EAAE,GAAG,CAAC,CAAC,aAAoD,CAAC;YAClE,IAAI,EAAE,EAAE,IAAI,KAAK,UAAU,EAAE,CAAC;gBAC5B,WAAW,GAAI,EAAE,CAAC,IAAe,IAAI,EAAE,CAAC;gBACxC,YAAY,GAAG,EAAE,CAAC;YACpB,CAAC;QACH,CAAC;QACD,IAAI,CAAC,CAAC,IAAI,KAAK,qBAAqB,EAAE,CAAC;YACrC,MAAM,KAAK,GAAG,CAAC,CAAC,KAA4C,CAAC;YAC7D,IAAI,KAAK,EAAE,IAAI,KAAK,kBAAkB,EAAE,CAAC;gBACvC,YAAY,IAAK,KAAK,CAAC,YAAuB,IAAI,EAAE,CAAC;YACvD,CAAC;QACH,CAAC;QACD,IAAI,CAAC,CAAC,IAAI,KAAK,oBAAoB,EAAE,CAAC;YACpC,IAAI,WAAW,EAAE,CAAC;gBAChB,IAAI,KAAK,GAAqC,YAAY,CAAC;gBAC3D,IAAI,CAAC;oBAAC,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;gBAAC,CAAC;gBAAC,MAAM,CAAC,CAAC,oBAAoB,CAAC,CAAC;gBACxE,OAAO,CAAC,IAAI,CAAC,EAAE,QAAQ,EAAE,WAAW,EAAE,SAAS,EAAE,KAAK,EAAE,QAAQ,EAAE,WAAW,EAAE,CAAC,CAAC;gBACjF,WAAW,GAAG,EAAE,CAAC;gBACjB,YAAY,GAAG,EAAE,CAAC;YACpB,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,gBAAgB,CAAC,MAAiC;IACzD,uFAAuF;IACvF,iFAAiF;IACjF,MAAM,OAAO,GAAG,IAAI,GAAG,EAA0C,CAAC;IAElE,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE,CAAC;QACvB,MAAM,OAAO,GAAG,CAAC,CAAC,OAAqD,CAAC;QACxE,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC;YAAE,SAAS;QACtC,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;YAC7B,MAAM,KAAK,GAAG,MAAM,CAAC,KAA4C,CAAC;YAClE,IAAI,CAAC,KAAK;gBAAE,SAAS;YACrB,MAAM,SAAS,GAAG,KAAK,CAAC,UAAwD,CAAC;YACjF,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,SAAS,CAAC;gBAAE,SAAS;YACxC,KAAK,MAAM,EAAE,IAAI,SAAS,EAAE,CAAC;gBAC3B,MAAM,GAAG,GAAI,EAAE,CAAC,KAAgB,IAAI,CAAC,CAAC;gBACtC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC;oBAAE,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC,CAAC;gBAChE,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,GAAG,CAAE,CAAC;gBAChC,MAAM,EAAE,GAAG,EAAE,CAAC,QAA+C,CAAC;gBAC9D,IAAI,EAAE,EAAE,IAAI;oBAAE,KAAK,CAAC,IAAI,IAAI,EAAE,CAAC,IAAc,CAAC;gBAC9C,IAAI,EAAE,EAAE,SAAS;oBAAE,KAAK,CAAC,IAAI,IAAI,EAAE,CAAC,SAAmB,CAAC;YAC1D,CAAC;QACH,CAAC;IACH,CAAC;IAED,MAAM,OAAO,GAAwB,EAAE,CAAC;IACxC,KAAK,MAAM,CAAC,EAAE,KAAK,CAAC,IAAI,OAAO,EAAE,CAAC;QAChC,IAAI,CAAC,KAAK,CAAC,IAAI;YAAE,SAAS;QAC1B,IAAI,KAAK,GAAqC,KAAK,CAAC,IAAI,CAAC;QACzD,IAAI,CAAC;YAAC,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAAC,CAAC;QAAC,MAAM,CAAC,CAAC,oBAAoB,CAAC,CAAC;QACtE,OAAO,CAAC,IAAI,CAAC,EAAE,QAAQ,EAAE,KAAK,CAAC,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC,CAAC;IAC/E,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;;;;GAMG;AACH,SAAS,yBAAyB,CAAC,MAAiC;IAClE,mFAAmF;IACnF,MAAM,OAAO,GAAwB,EAAE,CAAC;IAExC,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE,CAAC;QACvB,MAAM,SAAS,GAAG,CAAC,CAAC,IAA0B,CAAC;QAE/C,0DAA0D;QAC1D,IAAI,SAAS,KAAK,uCAAuC,EAAE,CAAC;YAC1D,MAAM,IAAI,GAAG,CAAC,CAAC,IAA0B,CAAC;YAC1C,MAAM,IAAI,GAAG,CAAC,CAAC,SAA+B,CAAC;YAC/C,IAAI,IAAI,EAAE,CAAC;gBACT,IAAI,KAAK,GAAqC,IAAI,IAAI,EAAE,CAAC;gBACzD,IAAI,CAAC;oBAAC,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,IAAI,IAAI,CAAC,CAAC;gBAAC,CAAC;gBAAC,MAAM,CAAC,CAAC,oBAAoB,CAAC,CAAC;gBACxE,OAAO,CAAC,IAAI,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC,CAAC;YACzE,CAAC;YACD,SAAS;QACX,CAAC;QAED,8DAA8D;QAC9D,IAAI,SAAS,KAAK,2BAA2B,EAAE,CAAC;YAC9C,MAAM,IAAI,GAAG,CAAC,CAAC,IAA2C,CAAC;YAC3D,IAAI,IAAI,EAAE,IAAI,KAAK,eAAe,EAAE,CAAC;gBACnC,MAAM,IAAI,GAAI,IAAI,CAAC,IAAe,IAAI,EAAE,CAAC;gBACzC,MAAM,IAAI,GAAI,IAAI,CAAC,SAAoB,IAAI,EAAE,CAAC;gBAC9C,IAAI,IAAI,EAAE,CAAC;oBACT,qEAAqE;oBACrE,MAAM,eAAe,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,IAAI,CAAC,CAAC;oBAC/D,IAAI,CAAC,eAAe,EAAE,CAAC;wBACrB,IAAI,KAAK,GAAqC,IAAI,CAAC;wBACnD,IAAI,CAAC;4BAAC,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;wBAAC,CAAC;wBAAC,MAAM,CAAC,CAAC,oBAAoB,CAAC,CAAC;wBAChE,OAAO,CAAC,IAAI,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC,CAAC;oBACzE,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,gBAAgB,CAAC,MAAiC;IACzD,iFAAiF;IACjF,MAAM,OAAO,GAAwB,EAAE,CAAC;IACxC,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE,CAAC;QACvB,MAAM,SAAS,GAAG,iBAAiB,CAAC,CAAC,CAAC,CAAC;QACvC,OAAO,CAAC,IAAI,CAAC,GAAG,SAAS,CAAC,CAAC;IAC7B,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAgB,uBAAuB,CAAC,IAAY;IAClD,MAAM,MAAM,GAAG,cAAc,CAAC,IAAI,CAAC,CAAC;IACpC,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,CAAC;IACnC,OAAO,wCAAwC,CAAC,MAAM,CAAC,CAAC;AAC1D,CAAC;AAED,8DAA8D;AAE9D,mDAAmD;AACnD,SAAS,wCAAwC,CAAC,MAAiC;IACjF,iDAAiD;IACjD,MAAM,kBAAkB,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,qBAAqB,IAAI,CAAC,CAAC,IAAI,KAAK,eAAe,CAAC,CAAC;IAC5G,IAAI,kBAAkB;QAAE,OAAO,mBAAmB,CAAC,MAAM,CAAC,CAAC;IAE3D,qCAAqC;IACrC,MAAM,eAAe,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,OAAO,CAAE,CAA6B,CAAC,OAAO,CAAC,CAAC,CAAC;IAChG,IAAI,eAAe;QAAE,OAAO,gBAAgB,CAAC,MAAM,CAAC,CAAC;IAErD,wFAAwF;IACxF,MAAM,kBAAkB,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE;QACzC,MAAM,CAAC,GAAG,CAAC,CAAC,IAA0B,CAAC;QACvC,OAAO,CAAC,EAAE,UAAU,CAAC,WAAW,CAAC,CAAC;IACpC,CAAC,CAAC,CAAC;IACH,IAAI,kBAAkB;QAAE,OAAO,yBAAyB,CAAC,MAAM,CAAC,CAAC;IAEjE,uBAAuB;IACvB,MAAM,eAAe,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,OAAO,CAAE,CAA6B,CAAC,UAAU,CAAC,CAAC,CAAC;IACnG,IAAI,eAAe;QAAE,OAAO,gBAAgB,CAAC,MAAM,CAAC,CAAC;IAErD,OAAO,EAAE,CAAC;AACZ,CAAC;AAED,SAAgB,gCAAgC,CAAC,MAAiC;IAChF,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,CAAC;IACnC,OAAO,wCAAwC,CAAC,MAAM,CAAC,CAAC;AAC1D,CAAC;AAED,oCAAoC;AAEpC,SAAgB,gBAAgB,CAAC,IAAY,EAAE,WAAoB;IACjE,IAAI,WAAW,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC3C,OAAO,uBAAuB,CAAC,IAAI,CAAC,CAAC;IACvC,CAAC;IACD,OAAO,wBAAwB,CAAC,IAAI,CAAC,CAAC;AACxC,CAAC"}

package/dist/tool-guard/rules.d.ts

@@ -0,0 +1,18 @@
+export interface ToolGuardRule {
+    id: string;
+    name: string;
+    description: string;
+    severity: 'critical' | 'high' | 'medium' | 'low';
+    category: string;
+    match: {
+        toolName?: RegExp;
+        inputPattern?: RegExp;
+    };
+}
+export declare const BUILTIN_RULES: ToolGuardRule[];
+export interface RuleMatch {
+    rule: ToolGuardRule;
+    matchedText: string;
+}
+export declare function matchRules(toolName: string, toolInput: Record<string, unknown> | string, rules?: ToolGuardRule[]): RuleMatch | null;
+//# sourceMappingURL=rules.d.ts.map

package/dist/tool-guard/rules.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"rules.d.ts","sourceRoot":"","sources":["../../src/tool-guard/rules.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,aAAa;IAC5B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;IACjD,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE;QACL,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,YAAY,CAAC,EAAE,MAAM,CAAC;KACvB,CAAC;CACH;AAeD,eAAO,MAAM,aAAa,EAAE,aAAa,EAqOxC,CAAC;AAEF,MAAM,WAAW,SAAS;IACxB,IAAI,EAAE,aAAa,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,wBAAgB,UAAU,CACxB,QAAQ,EAAE,MAAM,EAChB,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,MAAM,EAC3C,KAAK,GAAE,aAAa,EAAkB,GACrC,SAAS,GAAG,IAAI,CAiBlB"}