@astrasyncai/verification-gateway 1.0.0 → 2.0.0

package/dist/local-evaluator/evaluator.js

@@ -0,0 +1,272 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/local-evaluator/evaluator.ts
+var evaluator_exports = {};
+__export(evaluator_exports, {
+  LocalEvaluator: () => LocalEvaluator,
+  findPurposeRule: () => findPurposeRule
+});
+module.exports = __toCommonJS(evaluator_exports);
+
+// src/gateway/types.ts
+var HIGH_RISK_COMMANDS = [
+  "rm",
+  "rmdir",
+  "dd",
+  "mkfs",
+  "chmod",
+  "chown",
+  "sudo",
+  "su",
+  "curl",
+  "wget",
+  "nc",
+  "netcat",
+  "ssh",
+  "scp",
+  "rsync",
+  "git push",
+  "npm publish",
+  "docker",
+  "kubectl"
+];
+var SENSITIVE_PATHS = [
+  ".ssh",
+  ".aws",
+  ".gnupg",
+  ".env",
+  "credentials",
+  "secrets",
+  "password",
+  ".git/config",
+  "/etc",
+  "/var",
+  "/root",
+  "id_rsa",
+  ".npmrc",
+  ".pypirc"
+];
+
+// src/local-evaluator/evaluator.ts
+var LocalEvaluator = class {
+  constructor(policy) {
+    this.requestCounts = /* @__PURE__ */ new Map();
+    this.policy = policy;
+  }
+  /**
+   * Update the policy (e.g. after hot-reload or sync).
+   */
+  updatePolicy(policy) {
+    this.policy = policy;
+  }
+  /**
+   * Evaluate an action context against the loaded policy.
+   */
+  evaluate(context) {
+    const purposeRule = this.policy.purposes.find((p) => p.id === context.purpose);
+    if (!purposeRule) {
+      return { recommendation: "DENY", reason: "Purpose not in policy" };
+    }
+    if (!purposeRule.allowed) {
+      return { recommendation: "DENY", reason: "Purpose explicitly blocked" };
+    }
+    if (purposeRule.targets && !this.matchesAnyPattern(context.target, purposeRule.targets)) {
+      return { recommendation: "DENY", reason: "Target not in allowed list" };
+    }
+    if (purposeRule.blockedPatterns && this.matchesAnyPattern(context.target, purposeRule.blockedPatterns)) {
+      return { recommendation: "DENY", reason: "Target matches blocked pattern" };
+    }
+    const scopeBlock = this.checkScopeBlock(context);
+    if (scopeBlock) {
+      return { recommendation: "DENY", reason: scopeBlock };
+    }
+    const limitViolation = this.checkLimits(context);
+    if (limitViolation) {
+      return { recommendation: "DENY", reason: limitViolation };
+    }
+    if (context.purpose === "sub_agent.spawn" && this.policy.selfInstantiation) {
+      if (!this.policy.selfInstantiation.allowed) {
+        return { recommendation: "DENY", reason: "Sub-agent spawning is not allowed" };
+      }
+      const depth = context.metadata?.subAgentDepth || 0;
+      if (this.policy.selfInstantiation.maxDepth !== void 0 && depth >= this.policy.selfInstantiation.maxDepth) {
+        return { recommendation: "DENY", reason: `Sub-agent depth ${depth} exceeds max depth ${this.policy.selfInstantiation.maxDepth}` };
+      }
+    }
+    if (purposeRule.requiresApproval) {
+      return { recommendation: "MANUAL_REVIEW", reason: "Purpose requires approval" };
+    }
+    const riskDecision = this.checkRiskThresholds(context);
+    if (riskDecision) {
+      return riskDecision;
+    }
+    return {
+      recommendation: "ALLOW",
+      reason: "All PDLSS checks passed",
+      evaluatedDimensions: {
+        purpose: true,
+        scope: !!this.policy.scope,
+        limits: !!this.policy.limits,
+        riskThresholds: !!this.policy.riskThresholds
+      }
+    };
+  }
+  checkScopeBlock(context) {
+    const scope = this.policy.scope;
+    if (!scope) return null;
+    if (scope.blockedDomains) {
+      const targetDomain = this.extractDomain(context.target);
+      if (this.matchesAnyPattern(targetDomain, scope.blockedDomains)) {
+        return `Target blocked by scope: ${context.target}`;
+      }
+      if (context.networkAccess) {
+        for (const domain of context.networkAccess) {
+          if (this.matchesAnyPattern(this.extractDomain(domain), scope.blockedDomains)) {
+            return `Domain blocked by scope: ${domain}`;
+          }
+        }
+      }
+    }
+    if (scope.blockedResources && this.matchesAnyPattern(context.target, scope.blockedResources)) {
+      return `Resource blocked by scope: ${context.target}`;
+    }
+    if (scope.allowedDomains && context.networkAccess) {
+      for (const domain of context.networkAccess) {
+        if (!this.matchesAnyPattern(this.extractDomain(domain), scope.allowedDomains)) {
+          return `Domain not in allowed list: ${domain}`;
+        }
+      }
+    }
+    return null;
+  }
+  checkLimits(context) {
+    const limits = this.policy.limits;
+    if (!limits) return null;
+    if (limits.maxTransactionAmount !== void 0 && context.transactionValue !== void 0) {
+      if (context.transactionValue > limits.maxTransactionAmount) {
+        return `Transaction value ${context.transactionValue} exceeds limit ${limits.maxTransactionAmount}`;
+      }
+    }
+    if (limits.maxRequestsPerHour !== void 0) {
+      const key = context.purpose;
+      const now = Date.now();
+      const entry = this.requestCounts.get(key);
+      const hourMs = 36e5;
+      if (!entry || now - entry.windowStart > hourMs) {
+        this.requestCounts.set(key, { count: 1, windowStart: now });
+      } else {
+        entry.count++;
+        if (entry.count > limits.maxRequestsPerHour) {
+          return `Rate limit exceeded: ${entry.count}/${limits.maxRequestsPerHour} requests per hour`;
+        }
+      }
+    }
+    return null;
+  }
+  checkRiskThresholds(context) {
+    if (!this.policy.riskThresholds) return null;
+    const riskScore = this.calculateRiskScore(context);
+    const thresholds = this.policy.riskThresholds;
+    if (riskScore >= thresholds.autoBlock.min) {
+      return { recommendation: "DENY", reason: `Risk score ${riskScore} exceeds block threshold` };
+    }
+    if (riskScore >= thresholds.requireApproval.min) {
+      return { recommendation: "MANUAL_REVIEW", reason: `Risk score ${riskScore} requires approval` };
+    }
+    return null;
+  }
+  calculateRiskScore(context) {
+    let score = 0;
+    if (context.riskFactors?.length) {
+      const severityScores = {
+        low: 10,
+        medium: 40,
+        high: 70,
+        critical: 90
+      };
+      for (const factor of context.riskFactors) {
+        const factorScore = severityScores[factor.severity] || 0;
+        if (factorScore > score) score = factorScore;
+      }
+      return score;
+    }
+    if (context.purpose === "shell.exec" && context.target) {
+      const targetLower = context.target.toLowerCase();
+      for (const cmd of HIGH_RISK_COMMANDS) {
+        if (targetLower.startsWith(cmd) || targetLower.includes(` ${cmd} `) || targetLower.includes(` ${cmd}`)) {
+          score = Math.max(score, 80);
+          break;
+        }
+      }
+    }
+    if ((context.purpose === "file.read" || context.purpose === "file.write" || context.purpose === "file.delete") && context.target) {
+      const targetLower = context.target.toLowerCase();
+      for (const sensitivePath of SENSITIVE_PATHS) {
+        if (targetLower.includes(sensitivePath.toLowerCase())) {
+          score = Math.max(score, 50);
+          break;
+        }
+      }
+    }
+    return score;
+  }
+  /**
+   * Extract domain from a URL-like string (strips protocol and path).
+   */
+  extractDomain(value) {
+    let domain = value;
+    const protoIndex = domain.indexOf("://");
+    if (protoIndex !== -1) domain = domain.slice(protoIndex + 3);
+    const slashIndex = domain.indexOf("/");
+    if (slashIndex !== -1) domain = domain.slice(0, slashIndex);
+    const colonIndex = domain.indexOf(":");
+    if (colonIndex !== -1) domain = domain.slice(0, colonIndex);
+    return domain;
+  }
+  /**
+   * Check if a value matches any of the given glob patterns.
+   */
+  matchesAnyPattern(value, patterns) {
+    return patterns.some((pattern) => this.matchGlob(value, pattern));
+  }
+  /**
+   * Simple glob pattern matching.
+   * Supports * (matches any characters including / and spaces) and ? (single char).
+   * Uses the same approach as the backend's matchGlobPattern.
+   */
+  matchGlob(value, pattern) {
+    if (pattern === value) return true;
+    const regexStr = pattern.replace(/[.+^${}()|[\]\\]/g, "\\$&").replace(/\*/g, ".*").replace(/\?/g, ".");
+    try {
+      return new RegExp(`^${regexStr}$`, "i").test(value);
+    } catch {
+      return false;
+    }
+  }
+};
+function findPurposeRule(policy, purposeId) {
+  return policy.purposes.find((p) => p.id === purposeId);
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  LocalEvaluator,
+  findPurposeRule
+});
+//# sourceMappingURL=evaluator.js.map

package/dist/local-evaluator/evaluator.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../src/local-evaluator/evaluator.ts","../../src/gateway/types.ts"],"sourcesContent":["/**\n * Local PDLSS Evaluator\n *\n * Evaluates agent actions against a local PDLSS policy.\n * Same logic as the cloud evaluator but runs in-process with no I/O.\n *\n * Evaluation order:\n * 1. Purpose: find matching rule, check if allowed\n * 2. Purpose: check allowed targets (if specified)\n * 3. Purpose: check blocked patterns (if specified)\n * 4. Scope: check global blocked resources/domains\n * 5. Limits: check transaction/rate limits\n * 6. Risk thresholds + approval requirements\n */\n\nimport type { LocalPolicy, PDLSSContext, VerificationDecision, LocalPurposeRule } from '../gateway/types';\nimport { BASE_RISK_SCORES, HIGH_RISK_COMMANDS, SENSITIVE_PATHS } from '../gateway/types';\n\nexport class LocalEvaluator {\n  private policy: LocalPolicy;\n  private requestCounts: Map<string, { count: number; windowStart: number }> = new Map();\n\n  constructor(policy: LocalPolicy) {\n    this.policy = policy;\n  }\n\n  /**\n   * Update the policy (e.g. after hot-reload or sync).\n   */\n  updatePolicy(policy: LocalPolicy): void {\n    this.policy = policy;\n  }\n\n  /**\n   * Evaluate an action context against the loaded policy.\n   */\n  evaluate(context: PDLSSContext): VerificationDecision {\n    // 1. Purpose: find matching rule\n    const purposeRule = this.policy.purposes.find((p) => p.id === context.purpose);\n    if (!purposeRule) {\n      return { recommendation: 'DENY', reason: 'Purpose not in policy' };\n    }\n    if (!purposeRule.allowed) {\n      return { recommendation: 'DENY', reason: 'Purpose explicitly blocked' };\n    }\n\n    // 2. Purpose: check allowed targets\n    if (purposeRule.targets && !this.matchesAnyPattern(context.target, purposeRule.targets)) {\n      return { recommendation: 'DENY', reason: 'Target not in allowed list' };\n    }\n\n    // 3. Purpose: check blocked patterns\n    if (purposeRule.blockedPatterns && this.matchesAnyPattern(context.target, purposeRule.blockedPatterns)) {\n      return { recommendation: 'DENY', reason: 'Target matches blocked pattern' };\n    }\n\n    // 4. Scope: check global blocked resources/domains\n    const scopeBlock = this.checkScopeBlock(context);\n    if (scopeBlock) {\n      return { recommendation: 'DENY', reason: scopeBlock };\n    }\n\n    // 5. Limits: check transaction and rate limits\n    const limitViolation = this.checkLimits(context);\n    if (limitViolation) {\n      return { recommendation: 'DENY', reason: limitViolation };\n    }\n\n    // 6. Self-instantiation: check sub-agent spawning rules\n    if (context.purpose === 'sub_agent.spawn' && this.policy.selfInstantiation) {\n      if (!this.policy.selfInstantiation.allowed) {\n        return { recommendation: 'DENY', reason: 'Sub-agent spawning is not allowed' };\n      }\n      const depth = (context.metadata?.subAgentDepth as number) || 0;\n      if (this.policy.selfInstantiation.maxDepth !== undefined && depth >= this.policy.selfInstantiation.maxDepth) {\n        return { recommendation: 'DENY', reason: `Sub-agent depth ${depth} exceeds max depth ${this.policy.selfInstantiation.maxDepth}` };\n      }\n    }\n\n    // 7. Risk thresholds + approval requirements\n    if (purposeRule.requiresApproval) {\n      return { recommendation: 'MANUAL_REVIEW', reason: 'Purpose requires approval' };\n    }\n\n    const riskDecision = this.checkRiskThresholds(context);\n    if (riskDecision) {\n      return riskDecision;\n    }\n\n    return {\n      recommendation: 'ALLOW',\n      reason: 'All PDLSS checks passed',\n      evaluatedDimensions: {\n        purpose: true,\n        scope: !!this.policy.scope,\n        limits: !!this.policy.limits,\n        riskThresholds: !!this.policy.riskThresholds,\n      },\n    };\n  }\n\n  private checkScopeBlock(context: PDLSSContext): string | null {\n    const scope = this.policy.scope;\n    if (!scope) return null;\n\n    // Check blocked domains against target and network access\n    if (scope.blockedDomains) {\n      const targetDomain = this.extractDomain(context.target);\n      if (this.matchesAnyPattern(targetDomain, scope.blockedDomains)) {\n        return `Target blocked by scope: ${context.target}`;\n      }\n      if (context.networkAccess) {\n        for (const domain of context.networkAccess) {\n          if (this.matchesAnyPattern(this.extractDomain(domain), scope.blockedDomains)) {\n            return `Domain blocked by scope: ${domain}`;\n          }\n        }\n      }\n    }\n\n    // Check blocked resources against target\n    if (scope.blockedResources && this.matchesAnyPattern(context.target, scope.blockedResources)) {\n      return `Resource blocked by scope: ${context.target}`;\n    }\n\n    // Check allowed domains (if specified, target must match)\n    if (scope.allowedDomains && context.networkAccess) {\n      for (const domain of context.networkAccess) {\n        if (!this.matchesAnyPattern(this.extractDomain(domain), scope.allowedDomains)) {\n          return `Domain not in allowed list: ${domain}`;\n        }\n      }\n    }\n\n    return null;\n  }\n\n  private checkLimits(context: PDLSSContext): string | null {\n    const limits = this.policy.limits;\n    if (!limits) return null;\n\n    // Transaction amount check\n    if (limits.maxTransactionAmount !== undefined && context.transactionValue !== undefined) {\n      if (context.transactionValue > limits.maxTransactionAmount) {\n        return `Transaction value ${context.transactionValue} exceeds limit ${limits.maxTransactionAmount}`;\n      }\n    }\n\n    // Rate limit check\n    if (limits.maxRequestsPerHour !== undefined) {\n      const key = context.purpose;\n      const now = Date.now();\n      const entry = this.requestCounts.get(key);\n      const hourMs = 3600000;\n\n      if (!entry || now - entry.windowStart > hourMs) {\n        this.requestCounts.set(key, { count: 1, windowStart: now });\n      } else {\n        entry.count++;\n        if (entry.count > limits.maxRequestsPerHour) {\n          return `Rate limit exceeded: ${entry.count}/${limits.maxRequestsPerHour} requests per hour`;\n        }\n      }\n    }\n\n    return null;\n  }\n\n  private checkRiskThresholds(context: PDLSSContext): VerificationDecision | null {\n    if (!this.policy.riskThresholds) return null;\n\n    const riskScore = this.calculateRiskScore(context);\n    const thresholds = this.policy.riskThresholds;\n\n    if (riskScore >= thresholds.autoBlock.min) {\n      return { recommendation: 'DENY', reason: `Risk score ${riskScore} exceeds block threshold` };\n    }\n\n    if (riskScore >= thresholds.requireApproval.min) {\n      return { recommendation: 'MANUAL_REVIEW', reason: `Risk score ${riskScore} requires approval` };\n    }\n\n    return null;\n  }\n\n  private calculateRiskScore(context: PDLSSContext): number {\n    let score = 0;\n\n    // Explicit risk factors take priority (highest severity wins)\n    if (context.riskFactors?.length) {\n      const severityScores: Record<string, number> = {\n        low: 10,\n        medium: 40,\n        high: 70,\n        critical: 90,\n      };\n\n      for (const factor of context.riskFactors) {\n        const factorScore = severityScores[factor.severity] || 0;\n        if (factorScore > score) score = factorScore;\n      }\n      return score;\n    }\n\n    // Auto-detect risk from high-risk shell commands\n    if (context.purpose === 'shell.exec' && context.target) {\n      const targetLower = context.target.toLowerCase();\n      for (const cmd of HIGH_RISK_COMMANDS) {\n        if (targetLower.startsWith(cmd) || targetLower.includes(` ${cmd} `) || targetLower.includes(` ${cmd}`)) {\n          score = Math.max(score, 80);\n          break;\n        }\n      }\n    }\n\n    // Auto-detect risk from sensitive file paths (score 50 = review range)\n    if ((context.purpose === 'file.read' || context.purpose === 'file.write' || context.purpose === 'file.delete') && context.target) {\n      const targetLower = context.target.toLowerCase();\n      for (const sensitivePath of SENSITIVE_PATHS) {\n        if (targetLower.includes(sensitivePath.toLowerCase())) {\n          score = Math.max(score, 50);\n          break;\n        }\n      }\n    }\n\n    return score;\n  }\n\n  /**\n   * Extract domain from a URL-like string (strips protocol and path).\n   */\n  private extractDomain(value: string): string {\n    let domain = value;\n    // Strip protocol\n    const protoIndex = domain.indexOf('://');\n    if (protoIndex !== -1) domain = domain.slice(protoIndex + 3);\n    // Strip path\n    const slashIndex = domain.indexOf('/');\n    if (slashIndex !== -1) domain = domain.slice(0, slashIndex);\n    // Strip port\n    const colonIndex = domain.indexOf(':');\n    if (colonIndex !== -1) domain = domain.slice(0, colonIndex);\n    return domain;\n  }\n\n  /**\n   * Check if a value matches any of the given glob patterns.\n   */\n  private matchesAnyPattern(value: string, patterns: string[]): boolean {\n    return patterns.some((pattern) => this.matchGlob(value, pattern));\n  }\n\n  /**\n   * Simple glob pattern matching.\n   * Supports * (matches any characters including / and spaces) and ? (single char).\n   * Uses the same approach as the backend's matchGlobPattern.\n   */\n  private matchGlob(value: string, pattern: string): boolean {\n    // Exact match\n    if (pattern === value) return true;\n\n    // Convert glob to regex\n    const regexStr = pattern\n      .replace(/[.+^${}()|[\\]\\\\]/g, '\\\\$&') // Escape special regex chars (except * and ?)\n      .replace(/\\*/g, '.*')                  // * matches anything\n      .replace(/\\?/g, '.');                  // ? matches single char\n\n    try {\n      return new RegExp(`^${regexStr}$`, 'i').test(value);\n    } catch {\n      return false;\n    }\n  }\n}\n\n/**\n * Convenience: find a matching purpose rule.\n */\nexport function findPurposeRule(policy: LocalPolicy, purposeId: string): LocalPurposeRule | undefined {\n  return policy.purposes.find((p) => p.id === purposeId);\n}\n","/**\n * AstraSync Gateway - Types for gateway modes, local evaluation, and adapter interface.\n */\n\n// ========================================================================\n// Gateway Configuration\n// ========================================================================\n\nexport type GatewayMode = 'online' | 'local' | 'hybrid';\n\n/**\n * Posture controls whether the gateway actively blocks or just monitors.\n * - active: Evaluate and enforce decisions (block/allow/review)\n * - passive: Evaluate and log but never block (telemetry-only mode)\n */\nexport type GatewayPosture = 'active' | 'passive';\n\nexport interface AstraSyncGatewayConfig {\n  mode: GatewayMode;\n  /** Enforcement posture: 'active' blocks actions, 'passive' logs only (default: 'active') */\n  posture?: GatewayPosture;\n  /** AstraSync API base URL (required for online/hybrid modes) */\n  apiBaseUrl?: string;\n  /** API key for authenticating with AstraSync (required for online/hybrid modes) */\n  apiKey?: string;\n  /** Path to local PDLSS policy YAML file (required for local/hybrid modes) */\n  policyFile?: string;\n  /** Inline policy object (alternative to policyFile) */\n  policy?: LocalPolicy;\n  /** Sync interval in seconds for hybrid mode (default: 3600) */\n  syncInterval?: number;\n  /** Cache verification results TTL in seconds (default: 300) */\n  cacheTtl?: number;\n  /** Enable debug logging */\n  debug?: boolean;\n  /** Enable trace logging to .astrasync/traces/ (default: false) */\n  traceEnabled?: boolean;\n  /** Trace log directory (default: .astrasync/traces/) */\n  tracePath?: string;\n  /** Default access level for unverified requests */\n  defaultAccessLevel?: import('../types').AccessLevel;\n  /** Minimum trust score for standard access (online/hybrid) */\n  minTrustScore?: number;\n  /** Minimum trust score for full access (online/hybrid) */\n  minTrustScoreForFull?: number;\n  /** Custom headers to send with API requests */\n  customHeaders?: Record<string, string>;\n  /** Counterparty URL for analytics */\n  counterpartyUrl?: string;\n  /** Counterparty type for analytics */\n  counterpartyType?: import('../types').CounterpartyType;\n}\n\n// ========================================================================\n// PDLSS Context (Agent-side action context)\n// ========================================================================\n\nexport interface PDLSSContext {\n  /** Purpose category (e.g. email.send, shell.exec, file.read) */\n  purpose: string;\n  /** Specific action within purpose */\n  action: string;\n  /** Target resource, recipient, or counterparty */\n  target: string;\n  /** Types of data access (read, write, delete) */\n  dataAccess?: string[];\n  /** Network domains/IPs being accessed */\n  networkAccess?: string[];\n  /** Resource type (customer, order, file, directory, process) */\n  resourceType?: string;\n  /** Risk factors for this action */\n  riskFactors?: RiskFactor[];\n  /** Transaction value (if financial) */\n  transactionValue?: number;\n  /** Currency for transaction */\n  currency?: string;\n  /** Additional metadata */\n  metadata?: Record<string, unknown>;\n}\n\nexport interface RiskFactor {\n  type: 'financial' | 'data_sensitivity' | 'privilege_escalation' | 'network_scope' | 'destructive';\n  severity: 'low' | 'medium' | 'high' | 'critical';\n  detail: string;\n}\n\n// ========================================================================\n// Verification Decision\n// ========================================================================\n\nexport interface VerificationDecision {\n  recommendation: 'ALLOW' | 'DENY' | 'MANUAL_REVIEW';\n  reason: string;\n  trustScore?: number;\n  tokenGuidance?: import('../types').TokenGuidance;\n  sessionId?: string;\n  /** PDLSS dimensions that were evaluated */\n  evaluatedDimensions?: {\n    purpose: boolean;\n    scope: boolean;\n    limits: boolean;\n    riskThresholds: boolean;\n  };\n}\n\n// ========================================================================\n// Local Policy Types (YAML format)\n// ========================================================================\n\nexport interface LocalPolicy {\n  version: string;\n  name: string;\n  description?: string;\n  purposes: LocalPurposeRule[];\n  scope?: LocalScope;\n  limits?: LocalLimits;\n  riskThresholds?: LocalRiskThresholds;\n  selfInstantiation?: LocalSelfInstantiation;\n}\n\nexport interface LocalPurposeRule {\n  id: string;\n  allowed: boolean;\n  targets?: string[];\n  blockedPatterns?: string[];\n  requiresApproval?: boolean;\n}\n\nexport interface LocalScope {\n  allowedDomains?: string[];\n  blockedDomains?: string[];\n  blockedResources?: string[];\n}\n\nexport interface LocalLimits {\n  maxTransactionAmount?: number;\n  maxRequestsPerHour?: number;\n  currency?: string;\n}\n\nexport interface LocalRiskThresholds {\n  autoAllow: { min: number; max: number };\n  requireApproval: { min: number; max: number };\n  autoBlock: { min: number; max: number };\n}\n\nexport interface LocalSelfInstantiation {\n  /** Whether sub-agent spawning is allowed */\n  allowed: boolean;\n  /** Maximum depth of sub-agent chain */\n  maxDepth?: number;\n}\n\n// ========================================================================\n// Risk Scoring Defaults (cherry-picked from trust-harness-core)\n// ========================================================================\n\n/** Base risk scores per action category */\nexport const BASE_RISK_SCORES: Record<string, number> = {\n  'file.read': 10,\n  'file.write': 40,\n  'file.delete': 70,\n  'shell.exec': 50,\n  'network.fetch': 60,\n  'network.request': 60,\n  'email.send': 45,\n  'email.read': 15,\n  'calendar.create': 20,\n  'calendar.modify': 30,\n  'database.query': 25,\n  'database.write': 55,\n  'payment.execute': 80,\n  'sub_agent.spawn': 65,\n  'code.execute': 45,\n};\n\n/** Shell commands that significantly increase risk score */\nexport const HIGH_RISK_COMMANDS = [\n  'rm', 'rmdir', 'dd', 'mkfs', 'chmod', 'chown',\n  'sudo', 'su', 'curl', 'wget', 'nc', 'netcat',\n  'ssh', 'scp', 'rsync', 'git push', 'npm publish',\n  'docker', 'kubectl',\n];\n\n/** File paths that indicate sensitive data access */\nexport const SENSITIVE_PATHS = [\n  '.ssh', '.aws', '.gnupg', '.env', 'credentials',\n  'secrets', 'password', '.git/config', '/etc', '/var', '/root',\n  'id_rsa', '.npmrc', '.pypirc',\n];\n\n// ========================================================================\n// Trace Event Types\n// ========================================================================\n\nexport interface TraceEvent {\n  id: string;\n  timestamp: Date;\n  type: 'evaluation' | 'decision' | 'error' | 'mode_switch';\n  context?: PDLSSContext;\n  decision?: VerificationDecision;\n  metadata?: Record<string, unknown>;\n}\n\n// ========================================================================\n// Adapter Interface Types\n// ========================================================================\n\nexport interface AdapterConfig {\n  /** The gateway instance (handles mode routing) */\n  gateway: unknown; // Typed as AstraSyncGateway at usage site to avoid circular deps\n  /** Platform-specific configuration */\n  adapterOptions: Record<string, unknown>;\n}\n\nexport interface AgentAction {\n  /** Raw action data from the platform */\n  raw: unknown;\n  /** Platform identifier (e.g. 'openclaw-cli', 'cursor', 'browser') */\n  platform: string;\n  /** Timestamp of the action */\n  timestamp: Date;\n}\n\nexport interface InterceptResult {\n  /** Whether the action was intercepted */\n  intercepted: boolean;\n  /** Extracted PDLSS context (if intercepted) */\n  context?: PDLSSContext;\n  /** Reason for not intercepting (if not intercepted) */\n  skipReason?: string;\n}\n\n// ========================================================================\n// Sync Queue Types (Hybrid mode)\n// ========================================================================\n\nexport interface SyncQueueEntry {\n  id: string;\n  context: PDLSSContext;\n  decision: VerificationDecision;\n  timestamp: Date;\n  retryCount: number;\n  status: 'pending' | 'synced' | 'failed';\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACiLO,IAAM,qBAAqB;AAAA,EAChC;AAAA,EAAM;AAAA,EAAS;AAAA,EAAM;AAAA,EAAQ;AAAA,EAAS;AAAA,EACtC;AAAA,EAAQ;AAAA,EAAM;AAAA,EAAQ;AAAA,EAAQ;AAAA,EAAM;AAAA,EACpC;AAAA,EAAO;AAAA,EAAO;AAAA,EAAS;AAAA,EAAY;AAAA,EACnC;AAAA,EAAU;AACZ;AAGO,IAAM,kBAAkB;AAAA,EAC7B;AAAA,EAAQ;AAAA,EAAQ;AAAA,EAAU;AAAA,EAAQ;AAAA,EAClC;AAAA,EAAW;AAAA,EAAY;AAAA,EAAe;AAAA,EAAQ;AAAA,EAAQ;AAAA,EACtD;AAAA,EAAU;AAAA,EAAU;AACtB;;;AD3KO,IAAM,iBAAN,MAAqB;AAAA,EAI1B,YAAY,QAAqB;AAFjC,SAAQ,gBAAqE,oBAAI,IAAI;AAGnF,SAAK,SAAS;AAAA,EAChB;AAAA;AAAA;AAAA;AAAA,EAKA,aAAa,QAA2B;AACtC,SAAK,SAAS;AAAA,EAChB;AAAA;AAAA;AAAA;AAAA,EAKA,SAAS,SAA6C;AAEpD,UAAM,cAAc,KAAK,OAAO,SAAS,KAAK,CAAC,MAAM,EAAE,OAAO,QAAQ,OAAO;AAC7E,QAAI,CAAC,aAAa;AAChB,aAAO,EAAE,gBAAgB,QAAQ,QAAQ,wBAAwB;AAAA,IACnE;AACA,QAAI,CAAC,YAAY,SAAS;AACxB,aAAO,EAAE,gBAAgB,QAAQ,QAAQ,6BAA6B;AAAA,IACxE;AAGA,QAAI,YAAY,WAAW,CAAC,KAAK,kBAAkB,QAAQ,QAAQ,YAAY,OAAO,GAAG;AACvF,aAAO,EAAE,gBAAgB,QAAQ,QAAQ,6BAA6B;AAAA,IACxE;AAGA,QAAI,YAAY,mBAAmB,KAAK,kBAAkB,QAAQ,QAAQ,YAAY,eAAe,GAAG;AACtG,aAAO,EAAE,gBAAgB,QAAQ,QAAQ,iCAAiC;AAAA,IAC5E;AAGA,UAAM,aAAa,KAAK,gBAAgB,OAAO;AAC/C,QAAI,YAAY;AACd,aAAO,EAAE,gBAAgB,QAAQ,QAAQ,WAAW;AAAA,IACtD;AAGA,UAAM,iBAAiB,KAAK,YAAY,OAAO;AAC/C,QAAI,gBAAgB;AAClB,aAAO,EAAE,gBAAgB,QAAQ,QAAQ,eAAe;AAAA,IAC1D;AAGA,QAAI,QAAQ,YAAY,qBAAqB,KAAK,OAAO,mBAAmB;AAC1E,UAAI,CAAC,KAAK,OAAO,kBAAkB,SAAS;AAC1C,eAAO,EAAE,gBAAgB,QAAQ,QAAQ,oCAAoC;AAAA,MAC/E;AACA,YAAM,QAAS,QAAQ,UAAU,iBAA4B;AAC7D,UAAI,KAAK,OAAO,kBAAkB,aAAa,UAAa,SAAS,KAAK,OAAO,kBAAkB,UAAU;AAC3G,eAAO,EAAE,gBAAgB,QAAQ,QAAQ,mBAAmB,KAAK,sBAAsB,KAAK,OAAO,kBAAkB,QAAQ,GAAG;AAAA,MAClI;AAAA,IACF;AAGA,QAAI,YAAY,kBAAkB;AAChC,aAAO,EAAE,gBAAgB,iBAAiB,QAAQ,4BAA4B;AAAA,IAChF;AAEA,UAAM,eAAe,KAAK,oBAAoB,OAAO;AACrD,QAAI,cAAc;AAChB,aAAO;AAAA,IACT;AAEA,WAAO;AAAA,MACL,gBAAgB;AAAA,MAChB,QAAQ;AAAA,MACR,qBAAqB;AAAA,QACnB,SAAS;AAAA,QACT,OAAO,CAAC,CAAC,KAAK,OAAO;AAAA,QACrB,QAAQ,CAAC,CAAC,KAAK,OAAO;AAAA,QACtB,gBAAgB,CAAC,CAAC,KAAK,OAAO;AAAA,MAChC;AAAA,IACF;AAAA,EACF;AAAA,EAEQ,gBAAgB,SAAsC;AAC5D,UAAM,QAAQ,KAAK,OAAO;AAC1B,QAAI,CAAC,MAAO,QAAO;AAGnB,QAAI,MAAM,gBAAgB;AACxB,YAAM,eAAe,KAAK,cAAc,QAAQ,MAAM;AACtD,UAAI,KAAK,kBAAkB,cAAc,MAAM,cAAc,GAAG;AAC9D,eAAO,4BAA4B,QAAQ,MAAM;AAAA,MACnD;AACA,UAAI,QAAQ,eAAe;AACzB,mBAAW,UAAU,QAAQ,eAAe;AAC1C,cAAI,KAAK,kBAAkB,KAAK,cAAc,MAAM,GAAG,MAAM,cAAc,GAAG;AAC5E,mBAAO,4BAA4B,MAAM;AAAA,UAC3C;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAGA,QAAI,MAAM,oBAAoB,KAAK,kBAAkB,QAAQ,QAAQ,MAAM,gBAAgB,GAAG;AAC5F,aAAO,8BAA8B,QAAQ,MAAM;AAAA,IACrD;AAGA,QAAI,MAAM,kBAAkB,QAAQ,eAAe;AACjD,iBAAW,UAAU,QAAQ,eAAe;AAC1C,YAAI,CAAC,KAAK,kBAAkB,KAAK,cAAc,MAAM,GAAG,MAAM,cAAc,GAAG;AAC7E,iBAAO,+BAA+B,MAAM;AAAA,QAC9C;AAAA,MACF;AAAA,IACF;AAEA,WAAO;AAAA,EACT;AAAA,EAEQ,YAAY,SAAsC;AACxD,UAAM,SAAS,KAAK,OAAO;AAC3B,QAAI,CAAC,OAAQ,QAAO;AAGpB,QAAI,OAAO,yBAAyB,UAAa,QAAQ,qBAAqB,QAAW;AACvF,UAAI,QAAQ,mBAAmB,OAAO,sBAAsB;AAC1D,eAAO,qBAAqB,QAAQ,gBAAgB,kBAAkB,OAAO,oBAAoB;AAAA,MACnG;AAAA,IACF;AAGA,QAAI,OAAO,uBAAuB,QAAW;AAC3C,YAAM,MAAM,QAAQ;AACpB,YAAM,MAAM,KAAK,IAAI;AACrB,YAAM,QAAQ,KAAK,cAAc,IAAI,GAAG;AACxC,YAAM,SAAS;AAEf,UAAI,CAAC,SAAS,MAAM,MAAM,cAAc,QAAQ;AAC9C,aAAK,cAAc,IAAI,KAAK,EAAE,OAAO,GAAG,aAAa,IAAI,CAAC;AAAA,MAC5D,OAAO;AACL,cAAM;AACN,YAAI,MAAM,QAAQ,OAAO,oBAAoB;AAC3C,iBAAO,wBAAwB,MAAM,KAAK,IAAI,OAAO,kBAAkB;AAAA,QACzE;AAAA,MACF;AAAA,IACF;AAEA,WAAO;AAAA,EACT;AAAA,EAEQ,oBAAoB,SAAoD;AAC9E,QAAI,CAAC,KAAK,OAAO,eAAgB,QAAO;AAExC,UAAM,YAAY,KAAK,mBAAmB,OAAO;AACjD,UAAM,aAAa,KAAK,OAAO;AAE/B,QAAI,aAAa,WAAW,UAAU,KAAK;AACzC,aAAO,EAAE,gBAAgB,QAAQ,QAAQ,cAAc,SAAS,2BAA2B;AAAA,IAC7F;AAEA,QAAI,aAAa,WAAW,gBAAgB,KAAK;AAC/C,aAAO,EAAE,gBAAgB,iBAAiB,QAAQ,cAAc,SAAS,qBAAqB;AAAA,IAChG;AAEA,WAAO;AAAA,EACT;AAAA,EAEQ,mBAAmB,SAA+B;AACxD,QAAI,QAAQ;AAGZ,QAAI,QAAQ,aAAa,QAAQ;AAC/B,YAAM,iBAAyC;AAAA,QAC7C,KAAK;AAAA,QACL,QAAQ;AAAA,QACR,MAAM;AAAA,QACN,UAAU;AAAA,MACZ;AAEA,iBAAW,UAAU,QAAQ,aAAa;AACxC,cAAM,cAAc,eAAe,OAAO,QAAQ,KAAK;AACvD,YAAI,cAAc,MAAO,SAAQ;AAAA,MACnC;AACA,aAAO;AAAA,IACT;AAGA,QAAI,QAAQ,YAAY,gBAAgB,QAAQ,QAAQ;AACtD,YAAM,cAAc,QAAQ,OAAO,YAAY;AAC/C,iBAAW,OAAO,oBAAoB;AACpC,YAAI,YAAY,WAAW,GAAG,KAAK,YAAY,SAAS,IAAI,GAAG,GAAG,KAAK,YAAY,SAAS,IAAI,GAAG,EAAE,GAAG;AACtG,kBAAQ,KAAK,IAAI,OAAO,EAAE;AAC1B;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAGA,SAAK,QAAQ,YAAY,eAAe,QAAQ,YAAY,gBAAgB,QAAQ,YAAY,kBAAkB,QAAQ,QAAQ;AAChI,YAAM,cAAc,QAAQ,OAAO,YAAY;AAC/C,iBAAW,iBAAiB,iBAAiB;AAC3C,YAAI,YAAY,SAAS,cAAc,YAAY,CAAC,GAAG;AACrD,kBAAQ,KAAK,IAAI,OAAO,EAAE;AAC1B;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAEA,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA,EAKQ,cAAc,OAAuB;AAC3C,QAAI,SAAS;AAEb,UAAM,aAAa,OAAO,QAAQ,KAAK;AACvC,QAAI,eAAe,GAAI,UAAS,OAAO,MAAM,aAAa,CAAC;AAE3D,UAAM,aAAa,OAAO,QAAQ,GAAG;AACrC,QAAI,eAAe,GAAI,UAAS,OAAO,MAAM,GAAG,UAAU;AAE1D,UAAM,aAAa,OAAO,QAAQ,GAAG;AACrC,QAAI,eAAe,GAAI,UAAS,OAAO,MAAM,GAAG,UAAU;AAC1D,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA,EAKQ,kBAAkB,OAAe,UAA6B;AACpE,WAAO,SAAS,KAAK,CAAC,YAAY,KAAK,UAAU,OAAO,OAAO,CAAC;AAAA,EAClE;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOQ,UAAU,OAAe,SAA0B;AAEzD,QAAI,YAAY,MAAO,QAAO;AAG9B,UAAM,WAAW,QACd,QAAQ,qBAAqB,MAAM,EACnC,QAAQ,OAAO,IAAI,EACnB,QAAQ,OAAO,GAAG;AAErB,QAAI;AACF,aAAO,IAAI,OAAO,IAAI,QAAQ,KAAK,GAAG,EAAE,KAAK,KAAK;AAAA,IACpD,QAAQ;AACN,aAAO;AAAA,IACT;AAAA,EACF;AACF;AAKO,SAAS,gBAAgB,QAAqB,WAAiD;AACpG,SAAO,OAAO,SAAS,KAAK,CAAC,MAAM,EAAE,OAAO,SAAS;AACvD;","names":[]}

package/dist/local-evaluator/evaluator.mjs

@@ -0,0 +1,244 @@
+// src/gateway/types.ts
+var HIGH_RISK_COMMANDS = [
+  "rm",
+  "rmdir",
+  "dd",
+  "mkfs",
+  "chmod",
+  "chown",
+  "sudo",
+  "su",
+  "curl",
+  "wget",
+  "nc",
+  "netcat",
+  "ssh",
+  "scp",
+  "rsync",
+  "git push",
+  "npm publish",
+  "docker",
+  "kubectl"
+];
+var SENSITIVE_PATHS = [
+  ".ssh",
+  ".aws",
+  ".gnupg",
+  ".env",
+  "credentials",
+  "secrets",
+  "password",
+  ".git/config",
+  "/etc",
+  "/var",
+  "/root",
+  "id_rsa",
+  ".npmrc",
+  ".pypirc"
+];
+
+// src/local-evaluator/evaluator.ts
+var LocalEvaluator = class {
+  constructor(policy) {
+    this.requestCounts = /* @__PURE__ */ new Map();
+    this.policy = policy;
+  }
+  /**
+   * Update the policy (e.g. after hot-reload or sync).
+   */
+  updatePolicy(policy) {
+    this.policy = policy;
+  }
+  /**
+   * Evaluate an action context against the loaded policy.
+   */
+  evaluate(context) {
+    const purposeRule = this.policy.purposes.find((p) => p.id === context.purpose);
+    if (!purposeRule) {
+      return { recommendation: "DENY", reason: "Purpose not in policy" };
+    }
+    if (!purposeRule.allowed) {
+      return { recommendation: "DENY", reason: "Purpose explicitly blocked" };
+    }
+    if (purposeRule.targets && !this.matchesAnyPattern(context.target, purposeRule.targets)) {
+      return { recommendation: "DENY", reason: "Target not in allowed list" };
+    }
+    if (purposeRule.blockedPatterns && this.matchesAnyPattern(context.target, purposeRule.blockedPatterns)) {
+      return { recommendation: "DENY", reason: "Target matches blocked pattern" };
+    }
+    const scopeBlock = this.checkScopeBlock(context);
+    if (scopeBlock) {
+      return { recommendation: "DENY", reason: scopeBlock };
+    }
+    const limitViolation = this.checkLimits(context);
+    if (limitViolation) {
+      return { recommendation: "DENY", reason: limitViolation };
+    }
+    if (context.purpose === "sub_agent.spawn" && this.policy.selfInstantiation) {
+      if (!this.policy.selfInstantiation.allowed) {
+        return { recommendation: "DENY", reason: "Sub-agent spawning is not allowed" };
+      }
+      const depth = context.metadata?.subAgentDepth || 0;
+      if (this.policy.selfInstantiation.maxDepth !== void 0 && depth >= this.policy.selfInstantiation.maxDepth) {
+        return { recommendation: "DENY", reason: `Sub-agent depth ${depth} exceeds max depth ${this.policy.selfInstantiation.maxDepth}` };
+      }
+    }
+    if (purposeRule.requiresApproval) {
+      return { recommendation: "MANUAL_REVIEW", reason: "Purpose requires approval" };
+    }
+    const riskDecision = this.checkRiskThresholds(context);
+    if (riskDecision) {
+      return riskDecision;
+    }
+    return {
+      recommendation: "ALLOW",
+      reason: "All PDLSS checks passed",
+      evaluatedDimensions: {
+        purpose: true,
+        scope: !!this.policy.scope,
+        limits: !!this.policy.limits,
+        riskThresholds: !!this.policy.riskThresholds
+      }
+    };
+  }
+  checkScopeBlock(context) {
+    const scope = this.policy.scope;
+    if (!scope) return null;
+    if (scope.blockedDomains) {
+      const targetDomain = this.extractDomain(context.target);
+      if (this.matchesAnyPattern(targetDomain, scope.blockedDomains)) {
+        return `Target blocked by scope: ${context.target}`;
+      }
+      if (context.networkAccess) {
+        for (const domain of context.networkAccess) {
+          if (this.matchesAnyPattern(this.extractDomain(domain), scope.blockedDomains)) {
+            return `Domain blocked by scope: ${domain}`;
+          }
+        }
+      }
+    }
+    if (scope.blockedResources && this.matchesAnyPattern(context.target, scope.blockedResources)) {
+      return `Resource blocked by scope: ${context.target}`;
+    }
+    if (scope.allowedDomains && context.networkAccess) {
+      for (const domain of context.networkAccess) {
+        if (!this.matchesAnyPattern(this.extractDomain(domain), scope.allowedDomains)) {
+          return `Domain not in allowed list: ${domain}`;
+        }
+      }
+    }
+    return null;
+  }
+  checkLimits(context) {
+    const limits = this.policy.limits;
+    if (!limits) return null;
+    if (limits.maxTransactionAmount !== void 0 && context.transactionValue !== void 0) {
+      if (context.transactionValue > limits.maxTransactionAmount) {
+        return `Transaction value ${context.transactionValue} exceeds limit ${limits.maxTransactionAmount}`;
+      }
+    }
+    if (limits.maxRequestsPerHour !== void 0) {
+      const key = context.purpose;
+      const now = Date.now();
+      const entry = this.requestCounts.get(key);
+      const hourMs = 36e5;
+      if (!entry || now - entry.windowStart > hourMs) {
+        this.requestCounts.set(key, { count: 1, windowStart: now });
+      } else {
+        entry.count++;
+        if (entry.count > limits.maxRequestsPerHour) {
+          return `Rate limit exceeded: ${entry.count}/${limits.maxRequestsPerHour} requests per hour`;
+        }
+      }
+    }
+    return null;
+  }
+  checkRiskThresholds(context) {
+    if (!this.policy.riskThresholds) return null;
+    const riskScore = this.calculateRiskScore(context);
+    const thresholds = this.policy.riskThresholds;
+    if (riskScore >= thresholds.autoBlock.min) {
+      return { recommendation: "DENY", reason: `Risk score ${riskScore} exceeds block threshold` };
+    }
+    if (riskScore >= thresholds.requireApproval.min) {
+      return { recommendation: "MANUAL_REVIEW", reason: `Risk score ${riskScore} requires approval` };
+    }
+    return null;
+  }
+  calculateRiskScore(context) {
+    let score = 0;
+    if (context.riskFactors?.length) {
+      const severityScores = {
+        low: 10,
+        medium: 40,
+        high: 70,
+        critical: 90
+      };
+      for (const factor of context.riskFactors) {
+        const factorScore = severityScores[factor.severity] || 0;
+        if (factorScore > score) score = factorScore;
+      }
+      return score;
+    }
+    if (context.purpose === "shell.exec" && context.target) {
+      const targetLower = context.target.toLowerCase();
+      for (const cmd of HIGH_RISK_COMMANDS) {
+        if (targetLower.startsWith(cmd) || targetLower.includes(` ${cmd} `) || targetLower.includes(` ${cmd}`)) {
+          score = Math.max(score, 80);
+          break;
+        }
+      }
+    }
+    if ((context.purpose === "file.read" || context.purpose === "file.write" || context.purpose === "file.delete") && context.target) {
+      const targetLower = context.target.toLowerCase();
+      for (const sensitivePath of SENSITIVE_PATHS) {
+        if (targetLower.includes(sensitivePath.toLowerCase())) {
+          score = Math.max(score, 50);
+          break;
+        }
+      }
+    }
+    return score;
+  }
+  /**
+   * Extract domain from a URL-like string (strips protocol and path).
+   */
+  extractDomain(value) {
+    let domain = value;
+    const protoIndex = domain.indexOf("://");
+    if (protoIndex !== -1) domain = domain.slice(protoIndex + 3);
+    const slashIndex = domain.indexOf("/");
+    if (slashIndex !== -1) domain = domain.slice(0, slashIndex);
+    const colonIndex = domain.indexOf(":");
+    if (colonIndex !== -1) domain = domain.slice(0, colonIndex);
+    return domain;
+  }
+  /**
+   * Check if a value matches any of the given glob patterns.
+   */
+  matchesAnyPattern(value, patterns) {
+    return patterns.some((pattern) => this.matchGlob(value, pattern));
+  }
+  /**
+   * Simple glob pattern matching.
+   * Supports * (matches any characters including / and spaces) and ? (single char).
+   * Uses the same approach as the backend's matchGlobPattern.
+   */
+  matchGlob(value, pattern) {
+    if (pattern === value) return true;
+    const regexStr = pattern.replace(/[.+^${}()|[\]\\]/g, "\\$&").replace(/\*/g, ".*").replace(/\?/g, ".");
+    try {
+      return new RegExp(`^${regexStr}$`, "i").test(value);
+    } catch {
+      return false;
+    }
+  }
+};
+function findPurposeRule(policy, purposeId) {
+  return policy.purposes.find((p) => p.id === purposeId);
+}
+export {
+  LocalEvaluator,
+  findPurposeRule
+};
+//# sourceMappingURL=evaluator.mjs.map

package/dist/local-evaluator/evaluator.mjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../src/gateway/types.ts","../../src/local-evaluator/evaluator.ts"],"sourcesContent":["/**\n * AstraSync Gateway - Types for gateway modes, local evaluation, and adapter interface.\n */\n\n// ========================================================================\n// Gateway Configuration\n// ========================================================================\n\nexport type GatewayMode = 'online' | 'local' | 'hybrid';\n\n/**\n * Posture controls whether the gateway actively blocks or just monitors.\n * - active: Evaluate and enforce decisions (block/allow/review)\n * - passive: Evaluate and log but never block (telemetry-only mode)\n */\nexport type GatewayPosture = 'active' | 'passive';\n\nexport interface AstraSyncGatewayConfig {\n  mode: GatewayMode;\n  /** Enforcement posture: 'active' blocks actions, 'passive' logs only (default: 'active') */\n  posture?: GatewayPosture;\n  /** AstraSync API base URL (required for online/hybrid modes) */\n  apiBaseUrl?: string;\n  /** API key for authenticating with AstraSync (required for online/hybrid modes) */\n  apiKey?: string;\n  /** Path to local PDLSS policy YAML file (required for local/hybrid modes) */\n  policyFile?: string;\n  /** Inline policy object (alternative to policyFile) */\n  policy?: LocalPolicy;\n  /** Sync interval in seconds for hybrid mode (default: 3600) */\n  syncInterval?: number;\n  /** Cache verification results TTL in seconds (default: 300) */\n  cacheTtl?: number;\n  /** Enable debug logging */\n  debug?: boolean;\n  /** Enable trace logging to .astrasync/traces/ (default: false) */\n  traceEnabled?: boolean;\n  /** Trace log directory (default: .astrasync/traces/) */\n  tracePath?: string;\n  /** Default access level for unverified requests */\n  defaultAccessLevel?: import('../types').AccessLevel;\n  /** Minimum trust score for standard access (online/hybrid) */\n  minTrustScore?: number;\n  /** Minimum trust score for full access (online/hybrid) */\n  minTrustScoreForFull?: number;\n  /** Custom headers to send with API requests */\n  customHeaders?: Record<string, string>;\n  /** Counterparty URL for analytics */\n  counterpartyUrl?: string;\n  /** Counterparty type for analytics */\n  counterpartyType?: import('../types').CounterpartyType;\n}\n\n// ========================================================================\n// PDLSS Context (Agent-side action context)\n// ========================================================================\n\nexport interface PDLSSContext {\n  /** Purpose category (e.g. email.send, shell.exec, file.read) */\n  purpose: string;\n  /** Specific action within purpose */\n  action: string;\n  /** Target resource, recipient, or counterparty */\n  target: string;\n  /** Types of data access (read, write, delete) */\n  dataAccess?: string[];\n  /** Network domains/IPs being accessed */\n  networkAccess?: string[];\n  /** Resource type (customer, order, file, directory, process) */\n  resourceType?: string;\n  /** Risk factors for this action */\n  riskFactors?: RiskFactor[];\n  /** Transaction value (if financial) */\n  transactionValue?: number;\n  /** Currency for transaction */\n  currency?: string;\n  /** Additional metadata */\n  metadata?: Record<string, unknown>;\n}\n\nexport interface RiskFactor {\n  type: 'financial' | 'data_sensitivity' | 'privilege_escalation' | 'network_scope' | 'destructive';\n  severity: 'low' | 'medium' | 'high' | 'critical';\n  detail: string;\n}\n\n// ========================================================================\n// Verification Decision\n// ========================================================================\n\nexport interface VerificationDecision {\n  recommendation: 'ALLOW' | 'DENY' | 'MANUAL_REVIEW';\n  reason: string;\n  trustScore?: number;\n  tokenGuidance?: import('../types').TokenGuidance;\n  sessionId?: string;\n  /** PDLSS dimensions that were evaluated */\n  evaluatedDimensions?: {\n    purpose: boolean;\n    scope: boolean;\n    limits: boolean;\n    riskThresholds: boolean;\n  };\n}\n\n// ========================================================================\n// Local Policy Types (YAML format)\n// ========================================================================\n\nexport interface LocalPolicy {\n  version: string;\n  name: string;\n  description?: string;\n  purposes: LocalPurposeRule[];\n  scope?: LocalScope;\n  limits?: LocalLimits;\n  riskThresholds?: LocalRiskThresholds;\n  selfInstantiation?: LocalSelfInstantiation;\n}\n\nexport interface LocalPurposeRule {\n  id: string;\n  allowed: boolean;\n  targets?: string[];\n  blockedPatterns?: string[];\n  requiresApproval?: boolean;\n}\n\nexport interface LocalScope {\n  allowedDomains?: string[];\n  blockedDomains?: string[];\n  blockedResources?: string[];\n}\n\nexport interface LocalLimits {\n  maxTransactionAmount?: number;\n  maxRequestsPerHour?: number;\n  currency?: string;\n}\n\nexport interface LocalRiskThresholds {\n  autoAllow: { min: number; max: number };\n  requireApproval: { min: number; max: number };\n  autoBlock: { min: number; max: number };\n}\n\nexport interface LocalSelfInstantiation {\n  /** Whether sub-agent spawning is allowed */\n  allowed: boolean;\n  /** Maximum depth of sub-agent chain */\n  maxDepth?: number;\n}\n\n// ========================================================================\n// Risk Scoring Defaults (cherry-picked from trust-harness-core)\n// ========================================================================\n\n/** Base risk scores per action category */\nexport const BASE_RISK_SCORES: Record<string, number> = {\n  'file.read': 10,\n  'file.write': 40,\n  'file.delete': 70,\n  'shell.exec': 50,\n  'network.fetch': 60,\n  'network.request': 60,\n  'email.send': 45,\n  'email.read': 15,\n  'calendar.create': 20,\n  'calendar.modify': 30,\n  'database.query': 25,\n  'database.write': 55,\n  'payment.execute': 80,\n  'sub_agent.spawn': 65,\n  'code.execute': 45,\n};\n\n/** Shell commands that significantly increase risk score */\nexport const HIGH_RISK_COMMANDS = [\n  'rm', 'rmdir', 'dd', 'mkfs', 'chmod', 'chown',\n  'sudo', 'su', 'curl', 'wget', 'nc', 'netcat',\n  'ssh', 'scp', 'rsync', 'git push', 'npm publish',\n  'docker', 'kubectl',\n];\n\n/** File paths that indicate sensitive data access */\nexport const SENSITIVE_PATHS = [\n  '.ssh', '.aws', '.gnupg', '.env', 'credentials',\n  'secrets', 'password', '.git/config', '/etc', '/var', '/root',\n  'id_rsa', '.npmrc', '.pypirc',\n];\n\n// ========================================================================\n// Trace Event Types\n// ========================================================================\n\nexport interface TraceEvent {\n  id: string;\n  timestamp: Date;\n  type: 'evaluation' | 'decision' | 'error' | 'mode_switch';\n  context?: PDLSSContext;\n  decision?: VerificationDecision;\n  metadata?: Record<string, unknown>;\n}\n\n// ========================================================================\n// Adapter Interface Types\n// ========================================================================\n\nexport interface AdapterConfig {\n  /** The gateway instance (handles mode routing) */\n  gateway: unknown; // Typed as AstraSyncGateway at usage site to avoid circular deps\n  /** Platform-specific configuration */\n  adapterOptions: Record<string, unknown>;\n}\n\nexport interface AgentAction {\n  /** Raw action data from the platform */\n  raw: unknown;\n  /** Platform identifier (e.g. 'openclaw-cli', 'cursor', 'browser') */\n  platform: string;\n  /** Timestamp of the action */\n  timestamp: Date;\n}\n\nexport interface InterceptResult {\n  /** Whether the action was intercepted */\n  intercepted: boolean;\n  /** Extracted PDLSS context (if intercepted) */\n  context?: PDLSSContext;\n  /** Reason for not intercepting (if not intercepted) */\n  skipReason?: string;\n}\n\n// ========================================================================\n// Sync Queue Types (Hybrid mode)\n// ========================================================================\n\nexport interface SyncQueueEntry {\n  id: string;\n  context: PDLSSContext;\n  decision: VerificationDecision;\n  timestamp: Date;\n  retryCount: number;\n  status: 'pending' | 'synced' | 'failed';\n}\n","/**\n * Local PDLSS Evaluator\n *\n * Evaluates agent actions against a local PDLSS policy.\n * Same logic as the cloud evaluator but runs in-process with no I/O.\n *\n * Evaluation order:\n * 1. Purpose: find matching rule, check if allowed\n * 2. Purpose: check allowed targets (if specified)\n * 3. Purpose: check blocked patterns (if specified)\n * 4. Scope: check global blocked resources/domains\n * 5. Limits: check transaction/rate limits\n * 6. Risk thresholds + approval requirements\n */\n\nimport type { LocalPolicy, PDLSSContext, VerificationDecision, LocalPurposeRule } from '../gateway/types';\nimport { BASE_RISK_SCORES, HIGH_RISK_COMMANDS, SENSITIVE_PATHS } from '../gateway/types';\n\nexport class LocalEvaluator {\n  private policy: LocalPolicy;\n  private requestCounts: Map<string, { count: number; windowStart: number }> = new Map();\n\n  constructor(policy: LocalPolicy) {\n    this.policy = policy;\n  }\n\n  /**\n   * Update the policy (e.g. after hot-reload or sync).\n   */\n  updatePolicy(policy: LocalPolicy): void {\n    this.policy = policy;\n  }\n\n  /**\n   * Evaluate an action context against the loaded policy.\n   */\n  evaluate(context: PDLSSContext): VerificationDecision {\n    // 1. Purpose: find matching rule\n    const purposeRule = this.policy.purposes.find((p) => p.id === context.purpose);\n    if (!purposeRule) {\n      return { recommendation: 'DENY', reason: 'Purpose not in policy' };\n    }\n    if (!purposeRule.allowed) {\n      return { recommendation: 'DENY', reason: 'Purpose explicitly blocked' };\n    }\n\n    // 2. Purpose: check allowed targets\n    if (purposeRule.targets && !this.matchesAnyPattern(context.target, purposeRule.targets)) {\n      return { recommendation: 'DENY', reason: 'Target not in allowed list' };\n    }\n\n    // 3. Purpose: check blocked patterns\n    if (purposeRule.blockedPatterns && this.matchesAnyPattern(context.target, purposeRule.blockedPatterns)) {\n      return { recommendation: 'DENY', reason: 'Target matches blocked pattern' };\n    }\n\n    // 4. Scope: check global blocked resources/domains\n    const scopeBlock = this.checkScopeBlock(context);\n    if (scopeBlock) {\n      return { recommendation: 'DENY', reason: scopeBlock };\n    }\n\n    // 5. Limits: check transaction and rate limits\n    const limitViolation = this.checkLimits(context);\n    if (limitViolation) {\n      return { recommendation: 'DENY', reason: limitViolation };\n    }\n\n    // 6. Self-instantiation: check sub-agent spawning rules\n    if (context.purpose === 'sub_agent.spawn' && this.policy.selfInstantiation) {\n      if (!this.policy.selfInstantiation.allowed) {\n        return { recommendation: 'DENY', reason: 'Sub-agent spawning is not allowed' };\n      }\n      const depth = (context.metadata?.subAgentDepth as number) || 0;\n      if (this.policy.selfInstantiation.maxDepth !== undefined && depth >= this.policy.selfInstantiation.maxDepth) {\n        return { recommendation: 'DENY', reason: `Sub-agent depth ${depth} exceeds max depth ${this.policy.selfInstantiation.maxDepth}` };\n      }\n    }\n\n    // 7. Risk thresholds + approval requirements\n    if (purposeRule.requiresApproval) {\n      return { recommendation: 'MANUAL_REVIEW', reason: 'Purpose requires approval' };\n    }\n\n    const riskDecision = this.checkRiskThresholds(context);\n    if (riskDecision) {\n      return riskDecision;\n    }\n\n    return {\n      recommendation: 'ALLOW',\n      reason: 'All PDLSS checks passed',\n      evaluatedDimensions: {\n        purpose: true,\n        scope: !!this.policy.scope,\n        limits: !!this.policy.limits,\n        riskThresholds: !!this.policy.riskThresholds,\n      },\n    };\n  }\n\n  private checkScopeBlock(context: PDLSSContext): string | null {\n    const scope = this.policy.scope;\n    if (!scope) return null;\n\n    // Check blocked domains against target and network access\n    if (scope.blockedDomains) {\n      const targetDomain = this.extractDomain(context.target);\n      if (this.matchesAnyPattern(targetDomain, scope.blockedDomains)) {\n        return `Target blocked by scope: ${context.target}`;\n      }\n      if (context.networkAccess) {\n        for (const domain of context.networkAccess) {\n          if (this.matchesAnyPattern(this.extractDomain(domain), scope.blockedDomains)) {\n            return `Domain blocked by scope: ${domain}`;\n          }\n        }\n      }\n    }\n\n    // Check blocked resources against target\n    if (scope.blockedResources && this.matchesAnyPattern(context.target, scope.blockedResources)) {\n      return `Resource blocked by scope: ${context.target}`;\n    }\n\n    // Check allowed domains (if specified, target must match)\n    if (scope.allowedDomains && context.networkAccess) {\n      for (const domain of context.networkAccess) {\n        if (!this.matchesAnyPattern(this.extractDomain(domain), scope.allowedDomains)) {\n          return `Domain not in allowed list: ${domain}`;\n        }\n      }\n    }\n\n    return null;\n  }\n\n  private checkLimits(context: PDLSSContext): string | null {\n    const limits = this.policy.limits;\n    if (!limits) return null;\n\n    // Transaction amount check\n    if (limits.maxTransactionAmount !== undefined && context.transactionValue !== undefined) {\n      if (context.transactionValue > limits.maxTransactionAmount) {\n        return `Transaction value ${context.transactionValue} exceeds limit ${limits.maxTransactionAmount}`;\n      }\n    }\n\n    // Rate limit check\n    if (limits.maxRequestsPerHour !== undefined) {\n      const key = context.purpose;\n      const now = Date.now();\n      const entry = this.requestCounts.get(key);\n      const hourMs = 3600000;\n\n      if (!entry || now - entry.windowStart > hourMs) {\n        this.requestCounts.set(key, { count: 1, windowStart: now });\n      } else {\n        entry.count++;\n        if (entry.count > limits.maxRequestsPerHour) {\n          return `Rate limit exceeded: ${entry.count}/${limits.maxRequestsPerHour} requests per hour`;\n        }\n      }\n    }\n\n    return null;\n  }\n\n  private checkRiskThresholds(context: PDLSSContext): VerificationDecision | null {\n    if (!this.policy.riskThresholds) return null;\n\n    const riskScore = this.calculateRiskScore(context);\n    const thresholds = this.policy.riskThresholds;\n\n    if (riskScore >= thresholds.autoBlock.min) {\n      return { recommendation: 'DENY', reason: `Risk score ${riskScore} exceeds block threshold` };\n    }\n\n    if (riskScore >= thresholds.requireApproval.min) {\n      return { recommendation: 'MANUAL_REVIEW', reason: `Risk score ${riskScore} requires approval` };\n    }\n\n    return null;\n  }\n\n  private calculateRiskScore(context: PDLSSContext): number {\n    let score = 0;\n\n    // Explicit risk factors take priority (highest severity wins)\n    if (context.riskFactors?.length) {\n      const severityScores: Record<string, number> = {\n        low: 10,\n        medium: 40,\n        high: 70,\n        critical: 90,\n      };\n\n      for (const factor of context.riskFactors) {\n        const factorScore = severityScores[factor.severity] || 0;\n        if (factorScore > score) score = factorScore;\n      }\n      return score;\n    }\n\n    // Auto-detect risk from high-risk shell commands\n    if (context.purpose === 'shell.exec' && context.target) {\n      const targetLower = context.target.toLowerCase();\n      for (const cmd of HIGH_RISK_COMMANDS) {\n        if (targetLower.startsWith(cmd) || targetLower.includes(` ${cmd} `) || targetLower.includes(` ${cmd}`)) {\n          score = Math.max(score, 80);\n          break;\n        }\n      }\n    }\n\n    // Auto-detect risk from sensitive file paths (score 50 = review range)\n    if ((context.purpose === 'file.read' || context.purpose === 'file.write' || context.purpose === 'file.delete') && context.target) {\n      const targetLower = context.target.toLowerCase();\n      for (const sensitivePath of SENSITIVE_PATHS) {\n        if (targetLower.includes(sensitivePath.toLowerCase())) {\n          score = Math.max(score, 50);\n          break;\n        }\n      }\n    }\n\n    return score;\n  }\n\n  /**\n   * Extract domain from a URL-like string (strips protocol and path).\n   */\n  private extractDomain(value: string): string {\n    let domain = value;\n    // Strip protocol\n    const protoIndex = domain.indexOf('://');\n    if (protoIndex !== -1) domain = domain.slice(protoIndex + 3);\n    // Strip path\n    const slashIndex = domain.indexOf('/');\n    if (slashIndex !== -1) domain = domain.slice(0, slashIndex);\n    // Strip port\n    const colonIndex = domain.indexOf(':');\n    if (colonIndex !== -1) domain = domain.slice(0, colonIndex);\n    return domain;\n  }\n\n  /**\n   * Check if a value matches any of the given glob patterns.\n   */\n  private matchesAnyPattern(value: string, patterns: string[]): boolean {\n    return patterns.some((pattern) => this.matchGlob(value, pattern));\n  }\n\n  /**\n   * Simple glob pattern matching.\n   * Supports * (matches any characters including / and spaces) and ? (single char).\n   * Uses the same approach as the backend's matchGlobPattern.\n   */\n  private matchGlob(value: string, pattern: string): boolean {\n    // Exact match\n    if (pattern === value) return true;\n\n    // Convert glob to regex\n    const regexStr = pattern\n      .replace(/[.+^${}()|[\\]\\\\]/g, '\\\\$&') // Escape special regex chars (except * and ?)\n      .replace(/\\*/g, '.*')                  // * matches anything\n      .replace(/\\?/g, '.');                  // ? matches single char\n\n    try {\n      return new RegExp(`^${regexStr}$`, 'i').test(value);\n    } catch {\n      return false;\n    }\n  }\n}\n\n/**\n * Convenience: find a matching purpose rule.\n */\nexport function findPurposeRule(policy: LocalPolicy, purposeId: string): LocalPurposeRule | undefined {\n  return policy.purposes.find((p) => p.id === purposeId);\n}\n"],"mappings":";AAiLO,IAAM,qBAAqB;AAAA,EAChC;AAAA,EAAM;AAAA,EAAS;AAAA,EAAM;AAAA,EAAQ;AAAA,EAAS;AAAA,EACtC;AAAA,EAAQ;AAAA,EAAM;AAAA,EAAQ;AAAA,EAAQ;AAAA,EAAM;AAAA,EACpC;AAAA,EAAO;AAAA,EAAO;AAAA,EAAS;AAAA,EAAY;AAAA,EACnC;AAAA,EAAU;AACZ;AAGO,IAAM,kBAAkB;AAAA,EAC7B;AAAA,EAAQ;AAAA,EAAQ;AAAA,EAAU;AAAA,EAAQ;AAAA,EAClC;AAAA,EAAW;AAAA,EAAY;AAAA,EAAe;AAAA,EAAQ;AAAA,EAAQ;AAAA,EACtD;AAAA,EAAU;AAAA,EAAU;AACtB;;;AC3KO,IAAM,iBAAN,MAAqB;AAAA,EAI1B,YAAY,QAAqB;AAFjC,SAAQ,gBAAqE,oBAAI,IAAI;AAGnF,SAAK,SAAS;AAAA,EAChB;AAAA;AAAA;AAAA;AAAA,EAKA,aAAa,QAA2B;AACtC,SAAK,SAAS;AAAA,EAChB;AAAA;AAAA;AAAA;AAAA,EAKA,SAAS,SAA6C;AAEpD,UAAM,cAAc,KAAK,OAAO,SAAS,KAAK,CAAC,MAAM,EAAE,OAAO,QAAQ,OAAO;AAC7E,QAAI,CAAC,aAAa;AAChB,aAAO,EAAE,gBAAgB,QAAQ,QAAQ,wBAAwB;AAAA,IACnE;AACA,QAAI,CAAC,YAAY,SAAS;AACxB,aAAO,EAAE,gBAAgB,QAAQ,QAAQ,6BAA6B;AAAA,IACxE;AAGA,QAAI,YAAY,WAAW,CAAC,KAAK,kBAAkB,QAAQ,QAAQ,YAAY,OAAO,GAAG;AACvF,aAAO,EAAE,gBAAgB,QAAQ,QAAQ,6BAA6B;AAAA,IACxE;AAGA,QAAI,YAAY,mBAAmB,KAAK,kBAAkB,QAAQ,QAAQ,YAAY,eAAe,GAAG;AACtG,aAAO,EAAE,gBAAgB,QAAQ,QAAQ,iCAAiC;AAAA,IAC5E;AAGA,UAAM,aAAa,KAAK,gBAAgB,OAAO;AAC/C,QAAI,YAAY;AACd,aAAO,EAAE,gBAAgB,QAAQ,QAAQ,WAAW;AAAA,IACtD;AAGA,UAAM,iBAAiB,KAAK,YAAY,OAAO;AAC/C,QAAI,gBAAgB;AAClB,aAAO,EAAE,gBAAgB,QAAQ,QAAQ,eAAe;AAAA,IAC1D;AAGA,QAAI,QAAQ,YAAY,qBAAqB,KAAK,OAAO,mBAAmB;AAC1E,UAAI,CAAC,KAAK,OAAO,kBAAkB,SAAS;AAC1C,eAAO,EAAE,gBAAgB,QAAQ,QAAQ,oCAAoC;AAAA,MAC/E;AACA,YAAM,QAAS,QAAQ,UAAU,iBAA4B;AAC7D,UAAI,KAAK,OAAO,kBAAkB,aAAa,UAAa,SAAS,KAAK,OAAO,kBAAkB,UAAU;AAC3G,eAAO,EAAE,gBAAgB,QAAQ,QAAQ,mBAAmB,KAAK,sBAAsB,KAAK,OAAO,kBAAkB,QAAQ,GAAG;AAAA,MAClI;AAAA,IACF;AAGA,QAAI,YAAY,kBAAkB;AAChC,aAAO,EAAE,gBAAgB,iBAAiB,QAAQ,4BAA4B;AAAA,IAChF;AAEA,UAAM,eAAe,KAAK,oBAAoB,OAAO;AACrD,QAAI,cAAc;AAChB,aAAO;AAAA,IACT;AAEA,WAAO;AAAA,MACL,gBAAgB;AAAA,MAChB,QAAQ;AAAA,MACR,qBAAqB;AAAA,QACnB,SAAS;AAAA,QACT,OAAO,CAAC,CAAC,KAAK,OAAO;AAAA,QACrB,QAAQ,CAAC,CAAC,KAAK,OAAO;AAAA,QACtB,gBAAgB,CAAC,CAAC,KAAK,OAAO;AAAA,MAChC;AAAA,IACF;AAAA,EACF;AAAA,EAEQ,gBAAgB,SAAsC;AAC5D,UAAM,QAAQ,KAAK,OAAO;AAC1B,QAAI,CAAC,MAAO,QAAO;AAGnB,QAAI,MAAM,gBAAgB;AACxB,YAAM,eAAe,KAAK,cAAc,QAAQ,MAAM;AACtD,UAAI,KAAK,kBAAkB,cAAc,MAAM,cAAc,GAAG;AAC9D,eAAO,4BAA4B,QAAQ,MAAM;AAAA,MACnD;AACA,UAAI,QAAQ,eAAe;AACzB,mBAAW,UAAU,QAAQ,eAAe;AAC1C,cAAI,KAAK,kBAAkB,KAAK,cAAc,MAAM,GAAG,MAAM,cAAc,GAAG;AAC5E,mBAAO,4BAA4B,MAAM;AAAA,UAC3C;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAGA,QAAI,MAAM,oBAAoB,KAAK,kBAAkB,QAAQ,QAAQ,MAAM,gBAAgB,GAAG;AAC5F,aAAO,8BAA8B,QAAQ,MAAM;AAAA,IACrD;AAGA,QAAI,MAAM,kBAAkB,QAAQ,eAAe;AACjD,iBAAW,UAAU,QAAQ,eAAe;AAC1C,YAAI,CAAC,KAAK,kBAAkB,KAAK,cAAc,MAAM,GAAG,MAAM,cAAc,GAAG;AAC7E,iBAAO,+BAA+B,MAAM;AAAA,QAC9C;AAAA,MACF;AAAA,IACF;AAEA,WAAO;AAAA,EACT;AAAA,EAEQ,YAAY,SAAsC;AACxD,UAAM,SAAS,KAAK,OAAO;AAC3B,QAAI,CAAC,OAAQ,QAAO;AAGpB,QAAI,OAAO,yBAAyB,UAAa,QAAQ,qBAAqB,QAAW;AACvF,UAAI,QAAQ,mBAAmB,OAAO,sBAAsB;AAC1D,eAAO,qBAAqB,QAAQ,gBAAgB,kBAAkB,OAAO,oBAAoB;AAAA,MACnG;AAAA,IACF;AAGA,QAAI,OAAO,uBAAuB,QAAW;AAC3C,YAAM,MAAM,QAAQ;AACpB,YAAM,MAAM,KAAK,IAAI;AACrB,YAAM,QAAQ,KAAK,cAAc,IAAI,GAAG;AACxC,YAAM,SAAS;AAEf,UAAI,CAAC,SAAS,MAAM,MAAM,cAAc,QAAQ;AAC9C,aAAK,cAAc,IAAI,KAAK,EAAE,OAAO,GAAG,aAAa,IAAI,CAAC;AAAA,MAC5D,OAAO;AACL,cAAM;AACN,YAAI,MAAM,QAAQ,OAAO,oBAAoB;AAC3C,iBAAO,wBAAwB,MAAM,KAAK,IAAI,OAAO,kBAAkB;AAAA,QACzE;AAAA,MACF;AAAA,IACF;AAEA,WAAO;AAAA,EACT;AAAA,EAEQ,oBAAoB,SAAoD;AAC9E,QAAI,CAAC,KAAK,OAAO,eAAgB,QAAO;AAExC,UAAM,YAAY,KAAK,mBAAmB,OAAO;AACjD,UAAM,aAAa,KAAK,OAAO;AAE/B,QAAI,aAAa,WAAW,UAAU,KAAK;AACzC,aAAO,EAAE,gBAAgB,QAAQ,QAAQ,cAAc,SAAS,2BAA2B;AAAA,IAC7F;AAEA,QAAI,aAAa,WAAW,gBAAgB,KAAK;AAC/C,aAAO,EAAE,gBAAgB,iBAAiB,QAAQ,cAAc,SAAS,qBAAqB;AAAA,IAChG;AAEA,WAAO;AAAA,EACT;AAAA,EAEQ,mBAAmB,SAA+B;AACxD,QAAI,QAAQ;AAGZ,QAAI,QAAQ,aAAa,QAAQ;AAC/B,YAAM,iBAAyC;AAAA,QAC7C,KAAK;AAAA,QACL,QAAQ;AAAA,QACR,MAAM;AAAA,QACN,UAAU;AAAA,MACZ;AAEA,iBAAW,UAAU,QAAQ,aAAa;AACxC,cAAM,cAAc,eAAe,OAAO,QAAQ,KAAK;AACvD,YAAI,cAAc,MAAO,SAAQ;AAAA,MACnC;AACA,aAAO;AAAA,IACT;AAGA,QAAI,QAAQ,YAAY,gBAAgB,QAAQ,QAAQ;AACtD,YAAM,cAAc,QAAQ,OAAO,YAAY;AAC/C,iBAAW,OAAO,oBAAoB;AACpC,YAAI,YAAY,WAAW,GAAG,KAAK,YAAY,SAAS,IAAI,GAAG,GAAG,KAAK,YAAY,SAAS,IAAI,GAAG,EAAE,GAAG;AACtG,kBAAQ,KAAK,IAAI,OAAO,EAAE;AAC1B;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAGA,SAAK,QAAQ,YAAY,eAAe,QAAQ,YAAY,gBAAgB,QAAQ,YAAY,kBAAkB,QAAQ,QAAQ;AAChI,YAAM,cAAc,QAAQ,OAAO,YAAY;AAC/C,iBAAW,iBAAiB,iBAAiB;AAC3C,YAAI,YAAY,SAAS,cAAc,YAAY,CAAC,GAAG;AACrD,kBAAQ,KAAK,IAAI,OAAO,EAAE;AAC1B;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAEA,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA,EAKQ,cAAc,OAAuB;AAC3C,QAAI,SAAS;AAEb,UAAM,aAAa,OAAO,QAAQ,KAAK;AACvC,QAAI,eAAe,GAAI,UAAS,OAAO,MAAM,aAAa,CAAC;AAE3D,UAAM,aAAa,OAAO,QAAQ,GAAG;AACrC,QAAI,eAAe,GAAI,UAAS,OAAO,MAAM,GAAG,UAAU;AAE1D,UAAM,aAAa,OAAO,QAAQ,GAAG;AACrC,QAAI,eAAe,GAAI,UAAS,OAAO,MAAM,GAAG,UAAU;AAC1D,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA,EAKQ,kBAAkB,OAAe,UAA6B;AACpE,WAAO,SAAS,KAAK,CAAC,YAAY,KAAK,UAAU,OAAO,OAAO,CAAC;AAAA,EAClE;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOQ,UAAU,OAAe,SAA0B;AAEzD,QAAI,YAAY,MAAO,QAAO;AAG9B,UAAM,WAAW,QACd,QAAQ,qBAAqB,MAAM,EACnC,QAAQ,OAAO,IAAI,EACnB,QAAQ,OAAO,GAAG;AAErB,QAAI;AACF,aAAO,IAAI,OAAO,IAAI,QAAQ,KAAK,GAAG,EAAE,KAAK,KAAK;AAAA,IACpD,QAAQ;AACN,aAAO;AAAA,IACT;AAAA,EACF;AACF;AAKO,SAAS,gBAAgB,QAAqB,WAAiD;AACpG,SAAO,OAAO,SAAS,KAAK,CAAC,MAAM,EAAE,OAAO,SAAS;AACvD;","names":[]}

package/dist/{nextjs-C9FPOjSh.d.ts → nextjs-Cag7libc.d.ts}

@@ -1,6 +1,6 @@
 import * as next_server from 'next/server';
 import { NextRequest } from 'next/server';
-import { N as NextJsMiddlewareOptions } from './types-CS6v75-d.js';
+import { N as NextJsMiddlewareOptions } from './types-Bf8pML07.js';
 
 /**
  * Create Next.js middleware for agent verification

package/dist/{nextjs-BtqyLSVQ.d.mts → nextjs-_C_FcJY5.d.mts}

@@ -1,6 +1,6 @@
 import * as next_server from 'next/server';
 import { NextRequest } from 'next/server';
-import { N as NextJsMiddlewareOptions } from './types-CS6v75-d.mjs';
+import { N as NextJsMiddlewareOptions } from './types-Bf8pML07.mjs';
 
 /**
  * Create Next.js middleware for agent verification

package/dist/{sdk-BkVigGjF.d.ts → sdk-CMPDFUjo.d.ts}

@@ -1,4 +1,4 @@
-import { a as AccessLevel, i as TrustLevel, S as SDKOptions, b as VerificationResult } from './types-CS6v75-d.js';
+import { a as AccessLevel, i as TrustLevel, S as SDKOptions, b as VerificationResult } from './types-Bf8pML07.js';
 
 /**
  * AstraSync Universal Verification Gateway - Access Level Definitions
@@ -109,6 +109,8 @@ declare class VerificationGatewayClient {
         isSubAgentRequest?: boolean;
         parentAgentId?: string;
         subAgentDepth?: number;
+        counterpartyUrl?: string;
+        counterpartyType?: string;
     }): Promise<VerificationResult>;
     /**
      * Quick verification - just check if credentials are valid