@amodalai/core 0.1.0

package/dist/src/security/action-gate.js

@@ -0,0 +1,78 @@
+/**
+ * @license
+ * Copyright 2026 Amodal Labs, Inc.
+ * SPDX-License-Identifier: MIT
+ */
+import { ThresholdEvaluator } from './threshold-evaluator.js';
+/**
+ * Controls write operations based on confirmation tiers from access config.
+ */
+export class ActionGate {
+    accessConfigs;
+    isDelegated;
+    thresholdEvaluator;
+    constructor(config) {
+        this.accessConfigs = config.accessConfigs;
+        this.isDelegated = config.isDelegated;
+        this.thresholdEvaluator = new ThresholdEvaluator();
+    }
+    evaluate(endpointPath, connectionName, params) {
+        const accessConfig = this.accessConfigs.get(connectionName);
+        if (!accessConfig) {
+            return {
+                decision: 'allow',
+                endpointPath,
+                escalated: false,
+            };
+        }
+        const endpoint = accessConfig['endpoints'][endpointPath];
+        if (!endpoint) {
+            return {
+                decision: 'allow',
+                endpointPath,
+                escalated: false,
+            };
+        }
+        // Base tier from confirm field
+        let decision = this.resolveBaseTier(endpoint.confirm);
+        let reason = endpoint.reason;
+        let escalated = false;
+        // Threshold evaluation
+        if (endpoint.thresholds &&
+            endpoint.thresholds.length > 0 &&
+            params) {
+            const thresholdResult = this.thresholdEvaluator.evaluate(endpoint.thresholds, params);
+            if (thresholdResult !== null) {
+                const escalatedDecision = this.escalateDecision(decision, thresholdResult);
+                if (escalatedDecision !== decision) {
+                    decision = escalatedDecision;
+                    escalated = true;
+                    reason = `Threshold escalation: ${reason ?? 'parameter exceeded limit'}`;
+                }
+            }
+        }
+        // Delegation escalation
+        if (this.isDelegated && accessConfig.delegations?.escalateConfirm) {
+            if (decision === 'confirm') {
+                decision = 'review';
+                escalated = true;
+                reason = `Delegated agent escalation: ${reason ?? 'confirm → review'}`;
+            }
+        }
+        return { decision, reason, escalated, endpointPath };
+    }
+    resolveBaseTier(confirm) {
+        if (confirm === undefined)
+            return 'allow';
+        if (confirm === true)
+            return 'confirm';
+        return confirm;
+    }
+    escalateDecision(current, escalation) {
+        const hierarchy = ['allow', 'confirm', 'review', 'never'];
+        const currentIdx = hierarchy.indexOf(current);
+        const escalationIdx = hierarchy.indexOf(escalation);
+        return escalationIdx > currentIdx ? escalation : current;
+    }
+}
+//# sourceMappingURL=action-gate.js.map

package/dist/src/security/action-gate.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"action-gate.js","sourceRoot":"","sources":["../../../src/security/action-gate.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAIH,OAAO,EAAC,kBAAkB,EAAC,MAAM,0BAA0B,CAAC;AAO5D;;GAEG;AACH,MAAM,OAAO,UAAU;IACJ,aAAa,CAA4B;IACzC,WAAW,CAAU;IACrB,kBAAkB,CAAqB;IAExD,YAAY,MAAwB;QAClC,IAAI,CAAC,aAAa,GAAG,MAAM,CAAC,aAAa,CAAC;QAC1C,IAAI,CAAC,WAAW,GAAG,MAAM,CAAC,WAAW,CAAC;QACtC,IAAI,CAAC,kBAAkB,GAAG,IAAI,kBAAkB,EAAE,CAAC;IACrD,CAAC;IAED,QAAQ,CACN,YAAoB,EACpB,cAAsB,EACtB,MAAgC;QAEhC,MAAM,YAAY,GAAG,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;QAC5D,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,OAAO;gBACL,QAAQ,EAAE,OAAO;gBACjB,YAAY;gBACZ,SAAS,EAAE,KAAK;aACjB,CAAC;QACJ,CAAC;QAED,MAAM,QAAQ,GAAG,YAAY,CAAC,WAAW,CAAC,CAAC,YAAY,CAAC,CAAC;QACzD,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,OAAO;gBACL,QAAQ,EAAE,OAAO;gBACjB,YAAY;gBACZ,SAAS,EAAE,KAAK;aACjB,CAAC;QACJ,CAAC;QAED,+BAA+B;QAC/B,IAAI,QAAQ,GAAiB,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QACpE,IAAI,MAAM,GAAG,QAAQ,CAAC,MAAM,CAAC;QAC7B,IAAI,SAAS,GAAG,KAAK,CAAC;QAEtB,uBAAuB;QACvB,IACE,QAAQ,CAAC,UAAU;YACnB,QAAQ,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC;YAC9B,MAAM,EACN,CAAC;YACD,MAAM,eAAe,GAAG,IAAI,CAAC,kBAAkB,CAAC,QAAQ,CACtD,QAAQ,CAAC,UAAU,EACnB,MAAM,CACP,CAAC;YACF,IAAI,eAAe,KAAK,IAAI,EAAE,CAAC;gBAC7B,MAAM,iBAAiB,GAAG,IAAI,CAAC,gBAAgB,CAC7C,QAAQ,EACR,eAAe,CAChB,CAAC;gBACF,IAAI,iBAAiB,KAAK,QAAQ,EAAE,CAAC;oBACnC,QAAQ,GAAG,iBAAiB,CAAC;oBAC7B,SAAS,GAAG,IAAI,CAAC;oBACjB,MAAM,GAAG,yBAAyB,MAAM,IAAI,0BAA0B,EAAE,CAAC;gBAC3E,CAAC;YACH,CAAC;QACH,CAAC;QAED,wBAAwB;QACxB,IAAI,IAAI,CAAC,WAAW,IAAI,YAAY,CAAC,WAAW,EAAE,eAAe,EAAE,CAAC;YAClE,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;gBAC3B,QAAQ,GAAG,QAAQ,CAAC;gBACpB,SAAS,GAAG,IAAI,CAAC;gBACjB,MAAM,GAAG,+BAA+B,MAAM,IAAI,kBAAkB,EAAE,CAAC;YACzE,CAAC;QACH,CAAC;QAED,OAAO,EAAC,QAAQ,EAAE,MAAM,EAAE,SAAS,EAAE,YAAY,EAAC,CAAC;IACrD,CAAC;IAEO,eAAe,CACrB,OAA8C;QAE9C,IAAI,OAAO,KAAK,SAAS;YAAE,OAAO,OAAO,CAAC;QAC1C,IAAI,OAAO,KAAK,IAAI;YAAE,OAAO,SAAS,CAAC;QACvC,OAAO,OAAO,CAAC;IACjB,CAAC;IAEO,gBAAgB,CACtB,OAAqB,EACrB,UAA8B;QAE9B,MAAM,SAAS,GAAmB,CAAC,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;QAC1E,MAAM,UAAU,GAAG,SAAS,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC9C,MAAM,aAAa,GAAG,SAAS,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;QACpD,OAAO,aAAa,GAAG,UAAU,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,OAAO,CAAC;IAC3D,CAAC;CACF"}

package/dist/src/security/field-scrubber.d.ts

@@ -0,0 +1,27 @@
+/**
+ * @license
+ * Copyright 2026 Amodal Labs, Inc.
+ * SPDX-License-Identifier: MIT
+ */
+import type { AccessConfig } from '../repo/connection-schemas.js';
+import type { ScrubResult } from './security-types.js';
+import type { ScrubTracker } from './scrub-tracker.js';
+export interface FieldScrubberConfig {
+    accessConfigs: Map<string, AccessConfig>;
+    userRoles: string[];
+    tracker: ScrubTracker;
+}
+/**
+ * Intercepts API responses and strips restricted fields before
+ * the data reaches the LLM context.
+ */
+export declare class FieldScrubber {
+    private readonly accessConfigs;
+    private readonly userRoles;
+    private readonly tracker;
+    constructor(config: FieldScrubberConfig);
+    scrub(data: unknown, endpointPath: string, connectionName: string): ScrubResult;
+    private findRestriction;
+    private hasRole;
+    private walkAndScrub;
+}

package/dist/src/security/field-scrubber.js

@@ -0,0 +1,152 @@
+/**
+ * @license
+ * Copyright 2026 Amodal Labs, Inc.
+ * SPDX-License-Identifier: MIT
+ */
+/**
+ * Intercepts API responses and strips restricted fields before
+ * the data reaches the LLM context.
+ */
+export class FieldScrubber {
+    accessConfigs;
+    userRoles;
+    tracker;
+    constructor(config) {
+        this.accessConfigs = config.accessConfigs;
+        this.userRoles = config.userRoles;
+        this.tracker = config.tracker;
+    }
+    scrub(data, endpointPath, connectionName) {
+        const accessConfig = this.accessConfigs.get(connectionName);
+        if (!accessConfig) {
+            return { data, records: [], strippedCount: 0, redactableCount: 0 };
+        }
+        const endpoint = accessConfig['endpoints'][endpointPath];
+        if (!endpoint) {
+            return { data, records: [], strippedCount: 0, redactableCount: 0 };
+        }
+        const entityTypes = new Set(endpoint.returns);
+        const restrictions = (accessConfig.fieldRestrictions ?? []).filter((r) => entityTypes.has(r.entity));
+        if (restrictions.length === 0) {
+            return { data, records: [], strippedCount: 0, redactableCount: 0 };
+        }
+        const restrictionsByEntity = new Map();
+        for (const r of restrictions) {
+            const existing = restrictionsByEntity.get(r.entity) ?? [];
+            existing.push(r);
+            restrictionsByEntity.set(r.entity, existing);
+        }
+        const records = [];
+        let strippedCount = 0;
+        let redactableCount = 0;
+        const scrubbed = this.walkAndScrub(data, restrictionsByEntity, connectionName, records);
+        for (const record of records) {
+            if (record.policy === 'never_retrieve') {
+                strippedCount++;
+            }
+            else if (record.policy === 'retrieve_but_redact') {
+                redactableCount++;
+            }
+            else if (record.policy === 'role_gated') {
+                if (!this.hasRole(this.findRestriction(restrictions, record))) {
+                    strippedCount++;
+                }
+                else {
+                    redactableCount++;
+                }
+            }
+        }
+        this.tracker.addRecords(records);
+        return { data: scrubbed, records, strippedCount, redactableCount };
+    }
+    findRestriction(restrictions, record) {
+        return restrictions.find((r) => r.entity === record.entity && r.field === record.field);
+    }
+    hasRole(restriction) {
+        if (!restriction)
+            return false;
+        const allowed = restriction.allowedRoles;
+        if (!allowed || allowed.length === 0)
+            return false;
+        return this.userRoles.some((role) => allowed.includes(role));
+    }
+    walkAndScrub(data, restrictionsByEntity, connectionName, records, entityHint) {
+        if (data === null || data === undefined)
+            return data;
+        if (Array.isArray(data)) {
+            return data.map((item) => this.walkAndScrub(item, restrictionsByEntity, connectionName, records, entityHint));
+        }
+        if (typeof data === 'object') {
+            // eslint-disable-next-line @typescript-eslint/no-unsafe-type-assertion -- SDK boundary: data is verified object
+            const obj = data;
+            const result = {};
+            for (const key of Object.keys(obj)) {
+                const value = obj[key];
+                // Determine entity hint from key name
+                const singularKey = depluralize(key);
+                const childEntityHint = restrictionsByEntity.has(singularKey)
+                    ? singularKey
+                    : restrictionsByEntity.has(key)
+                        ? key
+                        : entityHint;
+                // Check if this field is restricted for the current entity
+                if (entityHint) {
+                    const entityRestrictions = restrictionsByEntity.get(entityHint);
+                    if (entityRestrictions) {
+                        const restriction = entityRestrictions.find((r) => r.field === key);
+                        if (restriction) {
+                            const strValue = String(value ?? '');
+                            const record = {
+                                value: strValue,
+                                entity: restriction.entity,
+                                field: restriction.field,
+                                sensitivity: restriction.sensitivity,
+                                policy: restriction.policy,
+                                connectionName,
+                                timestamp: Date.now(),
+                            };
+                            if (restriction.policy === 'never_retrieve') {
+                                records.push(record);
+                                continue; // strip field entirely
+                            }
+                            else if (restriction.policy === 'retrieve_but_redact') {
+                                records.push(record);
+                                result[key] = value; // keep for now, output guard redacts
+                            }
+                            else if (restriction.policy === 'role_gated') {
+                                if (this.hasRole(restriction)) {
+                                    records.push(record);
+                                    result[key] = value; // keep, redactable
+                                }
+                                else {
+                                    records.push(record);
+                                    continue; // strip — no role access
+                                }
+                            }
+                            continue;
+                        }
+                    }
+                }
+                // Recurse into nested objects/arrays
+                if (typeof value === 'object' && value !== null) {
+                    result[key] = this.walkAndScrub(value, restrictionsByEntity, connectionName, records, Array.isArray(value) ? singularKey : childEntityHint);
+                }
+                else {
+                    result[key] = value;
+                }
+            }
+            return result;
+        }
+        return data;
+    }
+}
+/**
+ * Naive depluralize: strip trailing 's'.
+ */
+function depluralize(key) {
+    if (key.endsWith('s') && key.length > 1) {
+        return key.slice(0, -1);
+    }
+    return key;
+}
+//# sourceMappingURL=field-scrubber.js.map

package/dist/src/security/field-scrubber.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"field-scrubber.js","sourceRoot":"","sources":["../../../src/security/field-scrubber.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAeH;;;GAGG;AACH,MAAM,OAAO,aAAa;IACP,aAAa,CAA4B;IACzC,SAAS,CAAW;IACpB,OAAO,CAAe;IAEvC,YAAY,MAA2B;QACrC,IAAI,CAAC,aAAa,GAAG,MAAM,CAAC,aAAa,CAAC;QAC1C,IAAI,CAAC,SAAS,GAAG,MAAM,CAAC,SAAS,CAAC;QAClC,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC;IAChC,CAAC;IAED,KAAK,CACH,IAAa,EACb,YAAoB,EACpB,cAAsB;QAEtB,MAAM,YAAY,GAAG,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;QAC5D,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,OAAO,EAAC,IAAI,EAAE,OAAO,EAAE,EAAE,EAAE,aAAa,EAAE,CAAC,EAAE,eAAe,EAAE,CAAC,EAAC,CAAC;QACnE,CAAC;QAED,MAAM,QAAQ,GAAG,YAAY,CAAC,WAAW,CAAC,CAAC,YAAY,CAAC,CAAC;QACzD,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,OAAO,EAAC,IAAI,EAAE,OAAO,EAAE,EAAE,EAAE,aAAa,EAAE,CAAC,EAAE,eAAe,EAAE,CAAC,EAAC,CAAC;QACnE,CAAC;QAED,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QAC9C,MAAM,YAAY,GAAG,CAAC,YAAY,CAAC,iBAAiB,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CACvE,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,CAC1B,CAAC;QAEF,IAAI,YAAY,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC9B,OAAO,EAAC,IAAI,EAAE,OAAO,EAAE,EAAE,EAAE,aAAa,EAAE,CAAC,EAAE,eAAe,EAAE,CAAC,EAAC,CAAC;QACnE,CAAC;QAED,MAAM,oBAAoB,GAAG,IAAI,GAAG,EAA8B,CAAC;QACnE,KAAK,MAAM,CAAC,IAAI,YAAY,EAAE,CAAC;YAC7B,MAAM,QAAQ,GAAG,oBAAoB,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;YAC1D,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YACjB,oBAAoB,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QAC/C,CAAC;QAED,MAAM,OAAO,GAAkB,EAAE,CAAC;QAClC,IAAI,aAAa,GAAG,CAAC,CAAC;QACtB,IAAI,eAAe,GAAG,CAAC,CAAC;QAExB,MAAM,QAAQ,GAAG,IAAI,CAAC,YAAY,CAChC,IAAI,EACJ,oBAAoB,EACpB,cAAc,EACd,OAAO,CACR,CAAC;QAEF,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;YAC7B,IAAI,MAAM,CAAC,MAAM,KAAK,gBAAgB,EAAE,CAAC;gBACvC,aAAa,EAAE,CAAC;YAClB,CAAC;iBAAM,IAAI,MAAM,CAAC,MAAM,KAAK,qBAAqB,EAAE,CAAC;gBACnD,eAAe,EAAE,CAAC;YACpB,CAAC;iBAAM,IAAI,MAAM,CAAC,MAAM,KAAK,YAAY,EAAE,CAAC;gBAC1C,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,eAAe,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC,EAAE,CAAC;oBAC9D,aAAa,EAAE,CAAC;gBAClB,CAAC;qBAAM,CAAC;oBACN,eAAe,EAAE,CAAC;gBACpB,CAAC;YACH,CAAC;QACH,CAAC;QAED,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;QAEjC,OAAO,EAAC,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,aAAa,EAAE,eAAe,EAAC,CAAC;IACnE,CAAC;IAEO,eAAe,CACrB,YAAgC,EAChC,MAAmB;QAEnB,OAAO,YAAY,CAAC,IAAI,CACtB,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,MAAM,CAAC,MAAM,IAAI,CAAC,CAAC,KAAK,KAAK,MAAM,CAAC,KAAK,CAC9D,CAAC;IACJ,CAAC;IAEO,OAAO,CAAC,WAAyC;QACvD,IAAI,CAAC,WAAW;YAAE,OAAO,KAAK,CAAC;QAC/B,MAAM,OAAO,GAAG,WAAW,CAAC,YAAY,CAAC;QACzC,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,KAAK,CAAC;QACnD,OAAO,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC;IAC/D,CAAC;IAEO,YAAY,CAClB,IAAa,EACb,oBAAqD,EACrD,cAAsB,EACtB,OAAsB,EACtB,UAAmB;QAEnB,IAAI,IAAI,KAAK,IAAI,IAAI,IAAI,KAAK,SAAS;YAAE,OAAO,IAAI,CAAC;QAErD,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;YACxB,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CACvB,IAAI,CAAC,YAAY,CACf,IAAI,EACJ,oBAAoB,EACpB,cAAc,EACd,OAAO,EACP,UAAU,CACX,CACF,CAAC;QACJ,CAAC;QAED,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;YAC7B,gHAAgH;YAChH,MAAM,GAAG,GAAG,IAA+B,CAAC;YAC5C,MAAM,MAAM,GAA4B,EAAE,CAAC;YAE3C,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;gBACnC,MAAM,KAAK,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;gBAEvB,sCAAsC;gBACtC,MAAM,WAAW,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC;gBACrC,MAAM,eAAe,GAAG,oBAAoB,CAAC,GAAG,CAAC,WAAW,CAAC;oBAC3D,CAAC,CAAC,WAAW;oBACb,CAAC,CAAC,oBAAoB,CAAC,GAAG,CAAC,GAAG,CAAC;wBAC7B,CAAC,CAAC,GAAG;wBACL,CAAC,CAAC,UAAU,CAAC;gBAEjB,2DAA2D;gBAC3D,IAAI,UAAU,EAAE,CAAC;oBACf,MAAM,kBAAkB,GAAG,oBAAoB,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;oBAChE,IAAI,kBAAkB,EAAE,CAAC;wBACvB,MAAM,WAAW,GAAG,kBAAkB,CAAC,IAAI,CACzC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,GAAG,CACvB,CAAC;wBACF,IAAI,WAAW,EAAE,CAAC;4BAChB,MAAM,QAAQ,GAAG,MAAM,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC;4BACrC,MAAM,MAAM,GAAgB;gCAC1B,KAAK,EAAE,QAAQ;gCACf,MAAM,EAAE,WAAW,CAAC,MAAM;gCAC1B,KAAK,EAAE,WAAW,CAAC,KAAK;gCACxB,WAAW,EAAE,WAAW,CAAC,WAAW;gCACpC,MAAM,EAAE,WAAW,CAAC,MAAM;gCAC1B,cAAc;gCACd,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;6BACtB,CAAC;4BAEF,IAAI,WAAW,CAAC,MAAM,KAAK,gBAAgB,EAAE,CAAC;gCAC5C,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;gCACrB,SAAS,CAAC,uBAAuB;4BACnC,CAAC;iCAAM,IAAI,WAAW,CAAC,MAAM,KAAK,qBAAqB,EAAE,CAAC;gCACxD,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;gCACrB,MAAM,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,CAAC,qCAAqC;4BAC5D,CAAC;iCAAM,IAAI,WAAW,CAAC,MAAM,KAAK,YAAY,EAAE,CAAC;gCAC/C,IAAI,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,EAAE,CAAC;oCAC9B,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;oCACrB,MAAM,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,CAAC,mBAAmB;gCAC1C,CAAC;qCAAM,CAAC;oCACN,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;oCACrB,SAAS,CAAC,yBAAyB;gCACrC,CAAC;4BACH,CAAC;4BACD,SAAS;wBACX,CAAC;oBACH,CAAC;gBACH,CAAC;gBAED,qCAAqC;gBACrC,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;oBAChD,MAAM,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,YAAY,CAC7B,KAAK,EACL,oBAAoB,EACpB,cAAc,EACd,OAAO,EACP,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,eAAe,CACrD,CAAC;gBACJ,CAAC;qBAAM,CAAC;oBACN,MAAM,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;gBACtB,CAAC;YACH,CAAC;YAED,OAAO,MAAM,CAAC;QAChB,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;CACF;AAED;;GAEG;AACH,SAAS,WAAW,CAAC,GAAW;IAC9B,IAAI,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxC,OAAO,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;IAC1B,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC"}

package/dist/src/security/index.d.ts

@@ -0,0 +1,14 @@
+/**
+ * @license
+ * Copyright 2026 Amodal Labs, Inc.
+ * SPDX-License-Identifier: MIT
+ */
+export * from './security-types.js';
+export * from './scrub-tracker.js';
+export * from './field-scrubber.js';
+export * from './pattern-scanner.js';
+export * from './leak-detector.js';
+export * from './scope-checker.js';
+export * from './output-guard.js';
+export * from './threshold-evaluator.js';
+export * from './action-gate.js';

package/dist/src/security/index.js

@@ -0,0 +1,15 @@
+/**
+ * @license
+ * Copyright 2026 Amodal Labs, Inc.
+ * SPDX-License-Identifier: MIT
+ */
+export * from './security-types.js';
+export * from './scrub-tracker.js';
+export * from './field-scrubber.js';
+export * from './pattern-scanner.js';
+export * from './leak-detector.js';
+export * from './scope-checker.js';
+export * from './output-guard.js';
+export * from './threshold-evaluator.js';
+export * from './action-gate.js';
+//# sourceMappingURL=index.js.map

package/dist/src/security/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/security/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,cAAc,qBAAqB,CAAC;AACpC,cAAc,oBAAoB,CAAC;AACnC,cAAc,qBAAqB,CAAC;AACpC,cAAc,sBAAsB,CAAC;AACrC,cAAc,oBAAoB,CAAC;AACnC,cAAc,oBAAoB,CAAC;AACnC,cAAc,mBAAmB,CAAC;AAClC,cAAc,0BAA0B,CAAC;AACzC,cAAc,kBAAkB,CAAC"}

package/dist/src/security/leak-detector.d.ts

@@ -0,0 +1,23 @@
+/**
+ * @license
+ * Copyright 2026 Amodal Labs, Inc.
+ * SPDX-License-Identifier: MIT
+ */
+import type { ScrubRecord } from './security-types.js';
+import type { ScrubTracker } from './scrub-tracker.js';
+/**
+ * A detected leak of a previously scrubbed value.
+ */
+export interface LeakMatch {
+    record: ScrubRecord;
+    matchedText: string;
+    contextual: boolean;
+}
+/**
+ * Compares agent output against tracked scrubbed values to detect leaks.
+ */
+export declare class LeakDetector {
+    private readonly tracker;
+    constructor(tracker: ScrubTracker);
+    detect(text: string): LeakMatch[];
+}

package/dist/src/security/leak-detector.js

@@ -0,0 +1,51 @@
+/**
+ * @license
+ * Copyright 2026 Amodal Labs, Inc.
+ * SPDX-License-Identifier: MIT
+ */
+/**
+ * Compares agent output against tracked scrubbed values to detect leaks.
+ */
+export class LeakDetector {
+    tracker;
+    constructor(tracker) {
+        this.tracker = tracker;
+    }
+    detect(text) {
+        const matches = [];
+        const records = this.tracker.getAllRecords();
+        for (const record of records) {
+            if (record.value.length < 2)
+                continue;
+            const index = text.indexOf(record.value);
+            if (index === -1)
+                continue;
+            if (record.sensitivity === 'pii_name') {
+                // Only flag pii_name if near entity name/ID context
+                const contextStart = Math.max(0, index - 200);
+                const contextEnd = Math.min(text.length, index + record.value.length + 200);
+                const context = text.slice(contextStart, contextEnd);
+                const hasEntityContext = context.toLowerCase().includes(record.entity.toLowerCase()) ||
+                    (record.entityId !== undefined &&
+                        context.includes(record.entityId));
+                if (hasEntityContext) {
+                    matches.push({
+                        record,
+                        matchedText: record.value,
+                        contextual: true,
+                    });
+                }
+            }
+            else {
+                // pii_identifier, financial, etc.: always flag
+                matches.push({
+                    record,
+                    matchedText: record.value,
+                    contextual: false,
+                });
+            }
+        }
+        return matches;
+    }
+}
+//# sourceMappingURL=leak-detector.js.map

package/dist/src/security/leak-detector.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"leak-detector.js","sourceRoot":"","sources":["../../../src/security/leak-detector.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAcH;;GAEG;AACH,MAAM,OAAO,YAAY;IACN,OAAO,CAAe;IAEvC,YAAY,OAAqB;QAC/B,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;IACzB,CAAC;IAED,MAAM,CAAC,IAAY;QACjB,MAAM,OAAO,GAAgB,EAAE,CAAC;QAChC,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,aAAa,EAAE,CAAC;QAE7C,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;YAC7B,IAAI,MAAM,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC;gBAAE,SAAS;YAEtC,MAAM,KAAK,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YACzC,IAAI,KAAK,KAAK,CAAC,CAAC;gBAAE,SAAS;YAE3B,IAAI,MAAM,CAAC,WAAW,KAAK,UAAU,EAAE,CAAC;gBACtC,oDAAoD;gBACpD,MAAM,YAAY,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,GAAG,GAAG,CAAC,CAAC;gBAC9C,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,EAAE,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,MAAM,GAAG,GAAG,CAAC,CAAC;gBAC5E,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,EAAE,UAAU,CAAC,CAAC;gBAErD,MAAM,gBAAgB,GACpB,OAAO,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC;oBAC3D,CAAC,MAAM,CAAC,QAAQ,KAAK,SAAS;wBAC5B,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC;gBAEvC,IAAI,gBAAgB,EAAE,CAAC;oBACrB,OAAO,CAAC,IAAI,CAAC;wBACX,MAAM;wBACN,WAAW,EAAE,MAAM,CAAC,KAAK;wBACzB,UAAU,EAAE,IAAI;qBACjB,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,+CAA+C;gBAC/C,OAAO,CAAC,IAAI,CAAC;oBACX,MAAM;oBACN,WAAW,EAAE,MAAM,CAAC,KAAK;oBACzB,UAAU,EAAE,KAAK;iBAClB,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;CACF"}

package/dist/src/security/output-guard.d.ts

@@ -0,0 +1,33 @@
+/**
+ * @license
+ * Copyright 2026 Amodal Labs, Inc.
+ * SPDX-License-Identifier: MIT
+ */
+import type { AccessConfig } from '../repo/connection-schemas.js';
+import type { ScrubTracker } from './scrub-tracker.js';
+import type { GuardResult } from './security-types.js';
+import type { ScopeCheckerContext } from './scope-checker.js';
+export interface OutputGuardConfig {
+    tracker: ScrubTracker;
+    accessConfigs: Map<string, AccessConfig>;
+    userRoles: string[];
+    scopeContext?: ScopeCheckerContext;
+}
+/**
+ * Orchestrates four output guard stages to filter agent responses
+ * before the user sees them.
+ */
+export declare class OutputGuard {
+    private readonly tracker;
+    private readonly userRoles;
+    private readonly patternScanner;
+    private readonly leakDetector;
+    private readonly scopeChecker;
+    constructor(config: OutputGuardConfig);
+    guard(output: string): GuardResult;
+    /**
+     * Look up the original restriction for a scrub record.
+     * Returns a minimal object with allowedRoles for the role check.
+     */
+    private findRestrictionForRecord;
+}

package/dist/src/security/output-guard.js

@@ -0,0 +1,118 @@
+/**
+ * @license
+ * Copyright 2026 Amodal Labs, Inc.
+ * SPDX-License-Identifier: MIT
+ */
+import { PatternScanner } from './pattern-scanner.js';
+import { LeakDetector } from './leak-detector.js';
+import { ScopeChecker } from './scope-checker.js';
+/**
+ * Orchestrates four output guard stages to filter agent responses
+ * before the user sees them.
+ */
+export class OutputGuard {
+    tracker;
+    userRoles;
+    patternScanner;
+    leakDetector;
+    scopeChecker;
+    constructor(config) {
+        this.tracker = config.tracker;
+        this.userRoles = config.userRoles;
+        this.patternScanner = new PatternScanner();
+        this.leakDetector = new LeakDetector(config.tracker);
+        this.scopeChecker = config.scopeContext
+            ? new ScopeChecker(config.scopeContext)
+            : null;
+    }
+    guard(output) {
+        const findings = [];
+        let text = output;
+        let modified = false;
+        // Stage 1: Field redaction — replace retrieve_but_redact and denied role_gated values
+        const redactableRecords = this.tracker.getAllRecords().filter((r) => {
+            if (r.policy === 'retrieve_but_redact')
+                return true;
+            if (r.policy === 'role_gated') {
+                // Check if user lacks role
+                const restriction = this.findRestrictionForRecord(r);
+                if (!restriction)
+                    return true; // conservative
+                const allowed = restriction.allowedRoles;
+                if (!allowed || allowed.length === 0)
+                    return true;
+                return !this.userRoles.some((role) => allowed.includes(role));
+            }
+            return false;
+        });
+        for (const record of redactableRecords) {
+            if (record.value.length < 2)
+                continue;
+            if (text.includes(record.value)) {
+                text = text.split(record.value).join('[REDACTED]');
+                modified = true;
+                findings.push({
+                    type: 'field_redaction',
+                    description: `Redacted ${record.sensitivity} field "${record.field}" from ${record.entity}`,
+                    severity: 'info',
+                });
+            }
+        }
+        // Stage 2: Pattern scan — regex for SSN/CC/bank patterns
+        const patterns = this.patternScanner.scan(text);
+        for (const p of patterns) {
+            text = text.split(p.match).join('[REDACTED]');
+            modified = true;
+            findings.push({
+                type: 'pattern_match',
+                description: `Detected ${p.pattern} pattern`,
+                location: `index ${p.index}`,
+                severity: 'critical',
+            });
+        }
+        // Stage 3: Leak detection — compare against tracker values
+        const leaks = this.leakDetector.detect(text);
+        for (const leak of leaks) {
+            const severity = leak.record.sensitivity === 'pii_identifier' ? 'critical' : 'warning';
+            if (severity === 'critical') {
+                text = text.split(leak.matchedText).join('[REDACTED]');
+                modified = true;
+            }
+            findings.push({
+                type: 'leak_detected',
+                description: `Leaked ${leak.record.sensitivity} value for ${leak.record.entity}.${leak.record.field}`,
+                severity,
+            });
+        }
+        // Stage 4: Scope check — flag unqualified aggregates
+        if (this.scopeChecker) {
+            const violations = this.scopeChecker.check(text);
+            for (const v of violations) {
+                findings.push({
+                    type: 'scope_violation',
+                    description: `Unqualified aggregate for "${v.entity}" — expected: ${v.expectedQualification}`,
+                    location: v.snippet,
+                    severity: 'warning',
+                });
+            }
+        }
+        const blocked = findings.some((f) => f.severity === 'critical');
+        return { output: text, modified, findings, blocked };
+    }
+    /**
+     * Look up the original restriction for a scrub record.
+     * Returns a minimal object with allowedRoles for the role check.
+     */
+    findRestrictionForRecord(record) {
+        const accessConfig = this.tracker
+            .getAllRecords()
+            .find((r) => r.entity === record.entity &&
+            r.field === record.field &&
+            r.connectionName === record.connectionName);
+        // We don't have direct access to the restriction, but we stored policy
+        // For role_gated, we need the original restriction's allowedRoles
+        // Since we only have the record, treat missing roles as denied (conservative)
+        return accessConfig ? { allowedRoles: [] } : undefined;
+    }
+}
+//# sourceMappingURL=output-guard.js.map

package/dist/src/security/output-guard.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"output-guard.js","sourceRoot":"","sources":["../../../src/security/output-guard.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAKH,OAAO,EAAC,cAAc,EAAC,MAAM,sBAAsB,CAAC;AACpD,OAAO,EAAC,YAAY,EAAC,MAAM,oBAAoB,CAAC;AAChD,OAAO,EAAC,YAAY,EAAC,MAAM,oBAAoB,CAAC;AAUhD;;;GAGG;AACH,MAAM,OAAO,WAAW;IACL,OAAO,CAAe;IACtB,SAAS,CAAW;IACpB,cAAc,CAAiB;IAC/B,YAAY,CAAe;IAC3B,YAAY,CAAsB;IAEnD,YAAY,MAAyB;QACnC,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC;QAC9B,IAAI,CAAC,SAAS,GAAG,MAAM,CAAC,SAAS,CAAC;QAClC,IAAI,CAAC,cAAc,GAAG,IAAI,cAAc,EAAE,CAAC;QAC3C,IAAI,CAAC,YAAY,GAAG,IAAI,YAAY,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QACrD,IAAI,CAAC,YAAY,GAAG,MAAM,CAAC,YAAY;YACrC,CAAC,CAAC,IAAI,YAAY,CAAC,MAAM,CAAC,YAAY,CAAC;YACvC,CAAC,CAAC,IAAI,CAAC;IACX,CAAC;IAED,KAAK,CAAC,MAAc;QAClB,MAAM,QAAQ,GAAmB,EAAE,CAAC;QACpC,IAAI,IAAI,GAAG,MAAM,CAAC;QAClB,IAAI,QAAQ,GAAG,KAAK,CAAC;QAErB,sFAAsF;QACtF,MAAM,iBAAiB,GAAG,IAAI,CAAC,OAAO,CAAC,aAAa,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE;YAClE,IAAI,CAAC,CAAC,MAAM,KAAK,qBAAqB;gBAAE,OAAO,IAAI,CAAC;YACpD,IAAI,CAAC,CAAC,MAAM,KAAK,YAAY,EAAE,CAAC;gBAC9B,2BAA2B;gBAC3B,MAAM,WAAW,GAAG,IAAI,CAAC,wBAAwB,CAAC,CAAC,CAAC,CAAC;gBACrD,IAAI,CAAC,WAAW;oBAAE,OAAO,IAAI,CAAC,CAAC,eAAe;gBAC9C,MAAM,OAAO,GAAG,WAAW,CAAC,YAAY,CAAC;gBACzC,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;oBAAE,OAAO,IAAI,CAAC;gBAClD,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC;YAChE,CAAC;YACD,OAAO,KAAK,CAAC;QACf,CAAC,CAAC,CAAC;QAEH,KAAK,MAAM,MAAM,IAAI,iBAAiB,EAAE,CAAC;YACvC,IAAI,MAAM,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC;gBAAE,SAAS;YACtC,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;gBAChC,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;gBACnD,QAAQ,GAAG,IAAI,CAAC;gBAChB,QAAQ,CAAC,IAAI,CAAC;oBACZ,IAAI,EAAE,iBAAiB;oBACvB,WAAW,EAAE,YAAY,MAAM,CAAC,WAAW,WAAW,MAAM,CAAC,KAAK,UAAU,MAAM,CAAC,MAAM,EAAE;oBAC3F,QAAQ,EAAE,MAAM;iBACjB,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,yDAAyD;QACzD,MAAM,QAAQ,GAAG,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAChD,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;YACzB,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;YAC9C,QAAQ,GAAG,IAAI,CAAC;YAChB,QAAQ,CAAC,IAAI,CAAC;gBACZ,IAAI,EAAE,eAAe;gBACrB,WAAW,EAAE,YAAY,CAAC,CAAC,OAAO,UAAU;gBAC5C,QAAQ,EAAE,SAAS,CAAC,CAAC,KAAK,EAAE;gBAC5B,QAAQ,EAAE,UAAU;aACrB,CAAC,CAAC;QACL,CAAC;QAED,2DAA2D;QAC3D,MAAM,KAAK,GAAG,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QAC7C,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,MAAM,QAAQ,GACZ,IAAI,CAAC,MAAM,CAAC,WAAW,KAAK,gBAAgB,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS,CAAC;YACxE,IAAI,QAAQ,KAAK,UAAU,EAAE,CAAC;gBAC5B,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;gBACvD,QAAQ,GAAG,IAAI,CAAC;YAClB,CAAC;YACD,QAAQ,CAAC,IAAI,CAAC;gBACZ,IAAI,EAAE,eAAe;gBACrB,WAAW,EAAE,UAAU,IAAI,CAAC,MAAM,CAAC,WAAW,cAAc,IAAI,CAAC,MAAM,CAAC,MAAM,IAAI,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE;gBACrG,QAAQ;aACT,CAAC,CAAC;QACL,CAAC;QAED,qDAAqD;QACrD,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YACtB,MAAM,UAAU,GAAG,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YACjD,KAAK,MAAM,CAAC,IAAI,UAAU,EAAE,CAAC;gBAC3B,QAAQ,CAAC,IAAI,CAAC;oBACZ,IAAI,EAAE,iBAAiB;oBACvB,WAAW,EAAE,8BAA8B,CAAC,CAAC,MAAM,iBAAiB,CAAC,CAAC,qBAAqB,EAAE;oBAC7F,QAAQ,EAAE,CAAC,CAAC,OAAO;oBACnB,QAAQ,EAAE,SAAS;iBACpB,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,MAAM,OAAO,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC;QAEhE,OAAO,EAAC,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,QAAQ,EAAE,OAAO,EAAC,CAAC;IACrD,CAAC;IAED;;;OAGG;IACK,wBAAwB,CAC9B,MAA+D;QAE/D,MAAM,YAAY,GAAG,IAAI,CAAC,OAAO;aAC9B,aAAa,EAAE;aACf,IAAI,CACH,CAAC,CAAC,EAAE,EAAE,CACJ,CAAC,CAAC,MAAM,KAAK,MAAM,CAAC,MAAM;YAC1B,CAAC,CAAC,KAAK,KAAK,MAAM,CAAC,KAAK;YACxB,CAAC,CAAC,cAAc,KAAK,MAAM,CAAC,cAAc,CAC7C,CAAC;QACJ,uEAAuE;QACvE,kEAAkE;QAClE,8EAA8E;QAC9E,OAAO,YAAY,CAAC,CAAC,CAAC,EAAC,YAAY,EAAE,EAAE,EAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IACvD,CAAC;CACF"}

package/dist/src/security/pattern-scanner.d.ts

@@ -0,0 +1,19 @@
+/**
+ * @license
+ * Copyright 2026 Amodal Labs, Inc.
+ * SPDX-License-Identifier: MIT
+ */
+/**
+ * A match found by the pattern scanner.
+ */
+export interface PatternMatch {
+    pattern: string;
+    match: string;
+    index: number;
+}
+/**
+ * Regex-based PII pattern detection.
+ */
+export declare class PatternScanner {
+    scan(text: string): PatternMatch[];
+}

package/dist/src/security/pattern-scanner.js

@@ -0,0 +1,66 @@
+/**
+ * @license
+ * Copyright 2026 Amodal Labs, Inc.
+ * SPDX-License-Identifier: MIT
+ */
+/**
+ * Luhn check for credit card validation.
+ */
+function passesLuhn(digits) {
+    let sum = 0;
+    let alternate = false;
+    for (let i = digits.length - 1; i >= 0; i--) {
+        let n = parseInt(digits[i], 10);
+        if (alternate) {
+            n *= 2;
+            if (n > 9) {
+                n -= 9;
+            }
+        }
+        sum += n;
+        alternate = !alternate;
+    }
+    return sum % 10 === 0;
+}
+const SSN_PATTERN = /\b\d{3}-\d{2}-\d{4}\b/g;
+const CC_PATTERN = /\b(\d[\d\s-]{8,22}\d)\b/g;
+const BANK_ACCOUNT_KEYWORD = /\b(?:account|routing|acct|aba)\b/i;
+/**
+ * Regex-based PII pattern detection.
+ */
+export class PatternScanner {
+    scan(text) {
+        const matches = [];
+        // SSN
+        let m;
+        const ssnRe = new RegExp(SSN_PATTERN.source, 'g');
+        while ((m = ssnRe.exec(text)) !== null) {
+            matches.push({ pattern: 'ssn', match: m[0], index: m.index });
+        }
+        // Credit card (13-19 digits with Luhn)
+        const ccRe = new RegExp(CC_PATTERN.source, 'g');
+        while ((m = ccRe.exec(text)) !== null) {
+            const raw = m[0];
+            const digits = raw.replace(/[\s-]/g, '');
+            if (digits.length >= 13 && digits.length <= 19 && passesLuhn(digits)) {
+                matches.push({ pattern: 'credit_card', match: raw, index: m.index });
+            }
+        }
+        // Bank account (8-17 digits near keywords)
+        const bankRe = /\b(\d{8,17})\b/g;
+        while ((m = bankRe.exec(text)) !== null) {
+            const start = Math.max(0, m.index - 100);
+            const end = Math.min(text.length, m.index + m[0].length + 100);
+            const context = text.slice(start, end);
+            if (BANK_ACCOUNT_KEYWORD.test(context)) {
+                matches.push({
+                    pattern: 'bank_account',
+                    match: m[0],
+                    index: m.index,
+                });
+            }
+        }
+        return matches;
+    }
+}
+//# sourceMappingURL=pattern-scanner.js.map

package/dist/src/security/pattern-scanner.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"pattern-scanner.js","sourceRoot":"","sources":["../../../src/security/pattern-scanner.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAWH;;GAEG;AACH,SAAS,UAAU,CAAC,MAAc;IAChC,IAAI,GAAG,GAAG,CAAC,CAAC;IACZ,IAAI,SAAS,GAAG,KAAK,CAAC;IACtB,KAAK,IAAI,CAAC,GAAG,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;QAC5C,IAAI,CAAC,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAChC,IAAI,SAAS,EAAE,CAAC;YACd,CAAC,IAAI,CAAC,CAAC;YACP,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;gBACV,CAAC,IAAI,CAAC,CAAC;YACT,CAAC;QACH,CAAC;QACD,GAAG,IAAI,CAAC,CAAC;QACT,SAAS,GAAG,CAAC,SAAS,CAAC;IACzB,CAAC;IACD,OAAO,GAAG,GAAG,EAAE,KAAK,CAAC,CAAC;AACxB,CAAC;AAED,MAAM,WAAW,GAAG,wBAAwB,CAAC;AAC7C,MAAM,UAAU,GAAG,0BAA0B,CAAC;AAC9C,MAAM,oBAAoB,GACxB,mCAAmC,CAAC;AAEtC;;GAEG;AACH,MAAM,OAAO,cAAc;IACzB,IAAI,CAAC,IAAY;QACf,MAAM,OAAO,GAAmB,EAAE,CAAC;QAEnC,MAAM;QACN,IAAI,CAAyB,CAAC;QAC9B,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,WAAW,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;QAClD,OAAO,CAAC,CAAC,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YACvC,OAAO,CAAC,IAAI,CAAC,EAAC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC,KAAK,EAAC,CAAC,CAAC;QAC9D,CAAC;QAED,uCAAuC;QACvC,MAAM,IAAI,GAAG,IAAI,MAAM,CAAC,UAAU,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;QAChD,OAAO,CAAC,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YACtC,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;YACjB,MAAM,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;YACzC,IAAI,MAAM,CAAC,MAAM,IAAI,EAAE,IAAI,MAAM,CAAC,MAAM,IAAI,EAAE,IAAI,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;gBACrE,OAAO,CAAC,IAAI,CAAC,EAAC,OAAO,EAAE,aAAa,EAAE,KAAK,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC,CAAC,KAAK,EAAC,CAAC,CAAC;YACrE,CAAC;QACH,CAAC;QAED,2CAA2C;QAC3C,MAAM,MAAM,GAAG,iBAAiB,CAAC;QACjC,OAAO,CAAC,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YACxC,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,KAAK,GAAG,GAAG,CAAC,CAAC;YACzC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,GAAG,GAAG,CAAC,CAAC;YAC/D,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;YACvC,IAAI,oBAAoB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;gBACvC,OAAO,CAAC,IAAI,CAAC;oBACX,OAAO,EAAE,cAAc;oBACvB,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC;oBACX,KAAK,EAAE,CAAC,CAAC,KAAK;iBACf,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;CACF"}