@bookedsolid/reagent 0.7.1 → 0.10.0

package/dist/config/daemon-loader.d.ts

@@ -0,0 +1,16 @@
+import type { DaemonConfig } from '../types/daemon.js';
+/**
+ * Async daemon config loader.
+ *
+ * Reads ~/.reagent/daemon.yaml and returns a validated DaemonConfig.
+ * Falls back to defaults if the file is absent — the daemon does not require
+ * the config file to exist.
+ */
+export declare function loadDaemonConfigAsync(): Promise<DaemonConfig>;
+/**
+ * Synchronous daemon config loader — for CLI startup paths that must be sync.
+ *
+ * Falls back to defaults if ~/.reagent/daemon.yaml is absent.
+ */
+export declare function loadDaemonConfig(): DaemonConfig;
+//# sourceMappingURL=daemon-loader.d.ts.map

package/dist/config/daemon-loader.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"daemon-loader.d.ts","sourceRoot":"","sources":["../../src/config/daemon-loader.ts"],"names":[],"mappings":"AAMA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AA+CvD;;;;;;GAMG;AACH,wBAAsB,qBAAqB,IAAI,OAAO,CAAC,YAAY,CAAC,CAYnE;AAED;;;;GAIG;AACH,wBAAgB,gBAAgB,IAAI,YAAY,CAS/C"}

package/dist/config/daemon-loader.js

@@ -0,0 +1,76 @@
+import fs from 'node:fs';
+import fsPromises from 'node:fs/promises';
+import os from 'node:os';
+import path from 'node:path';
+import { parse as parseYaml } from 'yaml';
+import { z } from 'zod';
+/** Path to the global daemon config: ~/.reagent/daemon.yaml */
+function getDaemonConfigPath() {
+    return path.join(os.homedir(), '.reagent', 'daemon.yaml');
+}
+const DaemonAuthSchema = z.object({
+    api_keys: z.array(z.string()).optional(),
+});
+const DaemonConfigSchema = z.object({
+    port: z.number().int().min(1).max(65535).default(7777),
+    bind: z.string().default('127.0.0.1'),
+    session_ttl_minutes: z.number().int().min(1).default(30),
+    log_level: z.enum(['debug', 'info', 'warn', 'error']).default('info'),
+    auth: DaemonAuthSchema.optional(),
+});
+/** Default config used when ~/.reagent/daemon.yaml is absent. */
+const DAEMON_DEFAULTS = {
+    port: 7777,
+    bind: '127.0.0.1',
+    session_ttl_minutes: 30,
+    log_level: 'info',
+};
+function parseRawDaemonConfig(raw, configPath) {
+    let parsed;
+    try {
+        parsed = parseYaml(raw);
+    }
+    catch (yamlErr) {
+        throw new Error(`Failed to parse daemon YAML at ${configPath}: ${yamlErr instanceof Error ? yamlErr.message : yamlErr}`);
+    }
+    try {
+        // parseYaml returns null for an empty file — treat as empty object so defaults apply
+        return DaemonConfigSchema.parse(parsed ?? {});
+    }
+    catch (zodErr) {
+        throw new Error(`Invalid daemon config schema at ${configPath}: ${zodErr instanceof Error ? zodErr.message : zodErr}`);
+    }
+}
+/**
+ * Async daemon config loader.
+ *
+ * Reads ~/.reagent/daemon.yaml and returns a validated DaemonConfig.
+ * Falls back to defaults if the file is absent — the daemon does not require
+ * the config file to exist.
+ */
+export async function loadDaemonConfigAsync() {
+    const configPath = getDaemonConfigPath();
+    let raw;
+    try {
+        raw = await fsPromises.readFile(configPath, 'utf8');
+    }
+    catch {
+        // File absent — return defaults
+        return { ...DAEMON_DEFAULTS };
+    }
+    return parseRawDaemonConfig(raw, configPath);
+}
+/**
+ * Synchronous daemon config loader — for CLI startup paths that must be sync.
+ *
+ * Falls back to defaults if ~/.reagent/daemon.yaml is absent.
+ */
+export function loadDaemonConfig() {
+    const configPath = getDaemonConfigPath();
+    if (!fs.existsSync(configPath)) {
+        return { ...DAEMON_DEFAULTS };
+    }
+    const raw = fs.readFileSync(configPath, 'utf8');
+    return parseRawDaemonConfig(raw, configPath);
+}
+//# sourceMappingURL=daemon-loader.js.map

package/dist/config/daemon-loader.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"daemon-loader.js","sourceRoot":"","sources":["../../src/config/daemon-loader.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,UAAU,MAAM,kBAAkB,CAAC;AAC1C,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,KAAK,IAAI,SAAS,EAAE,MAAM,MAAM,CAAC;AAC1C,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAGxB,+DAA+D;AAC/D,SAAS,mBAAmB;IAC1B,OAAO,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,UAAU,EAAE,aAAa,CAAC,CAAC;AAC5D,CAAC;AAED,MAAM,gBAAgB,GAAG,CAAC,CAAC,MAAM,CAAC;IAChC,QAAQ,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;CACzC,CAAC,CAAC;AAEH,MAAM,kBAAkB,GAAG,CAAC,CAAC,MAAM,CAAC;IAClC,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC;IACtD,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,WAAW,CAAC;IACrC,mBAAmB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC;IACxD,SAAS,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC;IACrE,IAAI,EAAE,gBAAgB,CAAC,QAAQ,EAAE;CAClC,CAAC,CAAC;AAEH,iEAAiE;AACjE,MAAM,eAAe,GAAiB;IACpC,IAAI,EAAE,IAAI;IACV,IAAI,EAAE,WAAW;IACjB,mBAAmB,EAAE,EAAE;IACvB,SAAS,EAAE,MAAM;CAClB,CAAC;AAEF,SAAS,oBAAoB,CAAC,GAAW,EAAE,UAAkB;IAC3D,IAAI,MAAe,CAAC;IACpB,IAAI,CAAC;QACH,MAAM,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC;IAC1B,CAAC;IAAC,OAAO,OAAO,EAAE,CAAC;QACjB,MAAM,IAAI,KAAK,CACb,kCAAkC,UAAU,KAAK,OAAO,YAAY,KAAK,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,EAAE,CACxG,CAAC;IACJ,CAAC;IAED,IAAI,CAAC;QACH,qFAAqF;QACrF,OAAO,kBAAkB,CAAC,KAAK,CAAC,MAAM,IAAI,EAAE,CAAiB,CAAC;IAChE,CAAC;IAAC,OAAO,MAAM,EAAE,CAAC;QAChB,MAAM,IAAI,KAAK,CACb,mCAAmC,UAAU,KAAK,MAAM,YAAY,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,EAAE,CACtG,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,qBAAqB;IACzC,MAAM,UAAU,GAAG,mBAAmB,EAAE,CAAC;IAEzC,IAAI,GAAW,CAAC;IAChB,IAAI,CAAC;QACH,GAAG,GAAG,MAAM,UAAU,CAAC,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;IACtD,CAAC;IAAC,MAAM,CAAC;QACP,gCAAgC;QAChC,OAAO,EAAE,GAAG,eAAe,EAAE,CAAC;IAChC,CAAC;IAED,OAAO,oBAAoB,CAAC,GAAG,EAAE,UAAU,CAAC,CAAC;AAC/C,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,gBAAgB;IAC9B,MAAM,UAAU,GAAG,mBAAmB,EAAE,CAAC;IAEzC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAC/B,OAAO,EAAE,GAAG,eAAe,EAAE,CAAC;IAChC,CAAC;IAED,MAAM,GAAG,GAAG,EAAE,CAAC,YAAY,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;IAChD,OAAO,oBAAoB,CAAC,GAAG,EAAE,UAAU,CAAC,CAAC;AAC/C,CAAC"}

package/dist/config/gateway-config.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"gateway-config.d.ts","sourceRoot":"","sources":["../../src/config/gateway-config.ts"],"names":[],"mappings":"AAKA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC;AAsCvD,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,MAAM,GAAG,aAAa,CAmChE"}
+{"version":3,"file":"gateway-config.d.ts","sourceRoot":"","sources":["../../src/config/gateway-config.ts"],"names":[],"mappings":"AAKA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC;AA6CvD,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,MAAM,GAAG,aAAa,CAmChE"}

package/dist/config/gateway-config.js

@@ -12,10 +12,16 @@ const DownstreamServerSchema = z.object({
     args: z.array(z.string()).default([]),
     env: z.record(z.string()).optional(),
     tool_overrides: z.record(ToolOverrideSchema).optional(),
+    max_concurrent_calls: z.number().int().min(0).optional(),
+    calls_per_minute: z.number().int().min(0).optional(),
+});
+const GatewayOptionsSchema = z.object({
+    max_result_size_kb: z.number().int().min(1).optional(),
 });
 const GatewayConfigSchema = z.object({
     version: z.string(),
     servers: z.record(DownstreamServerSchema),
+    gateway: GatewayOptionsSchema.optional(),
 });
 /**
  * Resolve `${ENV_VAR}` references in string values.

package/dist/config/gateway-config.js.map

@@ -1 +1 @@
-{"version":3,"file":"gateway-config.js","sourceRoot":"","sources":["../../src/config/gateway-config.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,KAAK,IAAI,SAAS,EAAE,MAAM,MAAM,CAAC;AAC1C,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,IAAI,EAAE,MAAM,mBAAmB,CAAC;AAGzC,MAAM,kBAAkB,GAAG,CAAC,CAAC,MAAM,CAAC;IAClC,IAAI,EAAE,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE;IACnC,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;CAChC,CAAC,CAAC;AAEH,MAAM,sBAAsB,GAAG,CAAC,CAAC,MAAM,CAAC;IACtC,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE;IACnB,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC;IACrC,GAAG,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACpC,cAAc,EAAE,CAAC,CAAC,MAAM,CAAC,kBAAkB,CAAC,CAAC,QAAQ,EAAE;CACxD,CAAC,CAAC;AAEH,MAAM,mBAAmB,GAAG,CAAC,CAAC,MAAM,CAAC;IACnC,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE;IACnB,OAAO,EAAE,CAAC,CAAC,MAAM,CAAC,sBAAsB,CAAC;CAC1C,CAAC,CAAC;AAEH;;GAEG;AACH,SAAS,cAAc,CAAC,GAA2B;IACjD,MAAM,QAAQ,GAA2B,EAAE,CAAC;IAC5C,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QAC/C,QAAQ,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,OAAO,CAAC,gBAAgB,EAAE,CAAC,MAAM,EAAE,OAAe,EAAE,EAAE;YAC1E,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YACtC,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;gBAC3B,OAAO,CAAC,KAAK,CACX,kCAAkC,OAAO,wCAAwC,GAAG,mCAAmC,CACxH,CAAC;YACJ,CAAC;YACD,OAAO,QAAQ,IAAI,EAAE,CAAC;QACxB,CAAC,CAAC,CAAC;IACL,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,MAAM,UAAU,iBAAiB,CAAC,OAAe;IAC/C,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,UAAU,EAAE,cAAc,CAAC,CAAC;IAElE,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAC/B,MAAM,IAAI,KAAK,CAAC,6BAA6B,UAAU,EAAE,CAAC,CAAC;IAC7D,CAAC;IAED,MAAM,GAAG,GAAG,EAAE,CAAC,YAAY,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;IAEhD,IAAI,MAAe,CAAC;IACpB,IAAI,CAAC;QACH,MAAM,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC;IAC1B,CAAC;IAAC,OAAO,OAAO,EAAE,CAAC;QACjB,MAAM,IAAI,KAAK,CACb,mCAAmC,UAAU,KAAK,OAAO,YAAY,KAAK,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,EAAE,CACzG,CAAC;IACJ,CAAC;IAED,IAAI,MAAM,CAAC;IACX,IAAI,CAAC;QACH,MAAM,GAAG,mBAAmB,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IAC7C,CAAC;IAAC,OAAO,MAAM,EAAE,CAAC;QAChB,MAAM,IAAI,KAAK,CACb,oCAAoC,UAAU,KAAK,MAAM,YAAY,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,EAAE,CACvG,CAAC;IACJ,CAAC;IAED,wCAAwC;IACxC,KAAK,MAAM,MAAM,IAAI,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC;QACnD,IAAI,MAAM,CAAC,GAAG,EAAE,CAAC;YACf,MAAM,CAAC,GAAG,GAAG,cAAc,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAC1C,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC"}
+{"version":3,"file":"gateway-config.js","sourceRoot":"","sources":["../../src/config/gateway-config.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,KAAK,IAAI,SAAS,EAAE,MAAM,MAAM,CAAC;AAC1C,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,IAAI,EAAE,MAAM,mBAAmB,CAAC;AAGzC,MAAM,kBAAkB,GAAG,CAAC,CAAC,MAAM,CAAC;IAClC,IAAI,EAAE,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE;IACnC,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;CAChC,CAAC,CAAC;AAEH,MAAM,sBAAsB,GAAG,CAAC,CAAC,MAAM,CAAC;IACtC,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE;IACnB,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC;IACrC,GAAG,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACpC,cAAc,EAAE,CAAC,CAAC,MAAM,CAAC,kBAAkB,CAAC,CAAC,QAAQ,EAAE;IACvD,oBAAoB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IACxD,gBAAgB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;CACrD,CAAC,CAAC;AAEH,MAAM,oBAAoB,GAAG,CAAC,CAAC,MAAM,CAAC;IACpC,kBAAkB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;CACvD,CAAC,CAAC;AAEH,MAAM,mBAAmB,GAAG,CAAC,CAAC,MAAM,CAAC;IACnC,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE;IACnB,OAAO,EAAE,CAAC,CAAC,MAAM,CAAC,sBAAsB,CAAC;IACzC,OAAO,EAAE,oBAAoB,CAAC,QAAQ,EAAE;CACzC,CAAC,CAAC;AAEH;;GAEG;AACH,SAAS,cAAc,CAAC,GAA2B;IACjD,MAAM,QAAQ,GAA2B,EAAE,CAAC;IAC5C,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QAC/C,QAAQ,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,OAAO,CAAC,gBAAgB,EAAE,CAAC,MAAM,EAAE,OAAe,EAAE,EAAE;YAC1E,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YACtC,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;gBAC3B,OAAO,CAAC,KAAK,CACX,kCAAkC,OAAO,wCAAwC,GAAG,mCAAmC,CACxH,CAAC;YACJ,CAAC;YACD,OAAO,QAAQ,IAAI,EAAE,CAAC;QACxB,CAAC,CAAC,CAAC;IACL,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,MAAM,UAAU,iBAAiB,CAAC,OAAe;IAC/C,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,UAAU,EAAE,cAAc,CAAC,CAAC;IAElE,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAC/B,MAAM,IAAI,KAAK,CAAC,6BAA6B,UAAU,EAAE,CAAC,CAAC;IAC7D,CAAC;IAED,MAAM,GAAG,GAAG,EAAE,CAAC,YAAY,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;IAEhD,IAAI,MAAe,CAAC;IACpB,IAAI,CAAC;QACH,MAAM,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC;IAC1B,CAAC;IAAC,OAAO,OAAO,EAAE,CAAC;QACjB,MAAM,IAAI,KAAK,CACb,mCAAmC,UAAU,KAAK,OAAO,YAAY,KAAK,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,EAAE,CACzG,CAAC;IACJ,CAAC;IAED,IAAI,MAAM,CAAC;IACX,IAAI,CAAC;QACH,MAAM,GAAG,mBAAmB,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IAC7C,CAAC;IAAC,OAAO,MAAM,EAAE,CAAC;QAChB,MAAM,IAAI,KAAK,CACb,oCAAoC,UAAU,KAAK,MAAM,YAAY,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,EAAE,CACvG,CAAC;IACJ,CAAC;IAED,wCAAwC;IACxC,KAAK,MAAM,MAAM,IAAI,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC;QACnD,IAAI,MAAM,CAAC,GAAG,EAAE,CAAC;YACf,MAAM,CAAC,GAAG,GAAG,cAAc,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAC1C,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC"}

package/dist/config/policy-loader.d.ts

@@ -1,3 +1,30 @@
 import type { Policy } from '../types/index.js';
+/**
+ * Async policy loader with TTL cache and mtime-based invalidation.
+ *
+ * Cache behavior:
+ * - On each call, stat the file to get current mtime.
+ * - If mtime changed since the cached entry, invalidate immediately regardless of TTL.
+ * - If the entry is older than the TTL, re-read from disk.
+ * - Otherwise, return the cached entry.
+ *
+ * TTL is configurable via the REAGENT_POLICY_CACHE_TTL_MS environment variable.
+ *
+ * PERFORMANCE: fs.promises.readFile avoids blocking the event loop on every tool invocation.
+ * SECURITY: mtime invalidation ensures a tightened policy takes effect on the next call.
+ * CONCURRENCY: inflightReads map guarantees at most one disk read per baseDir at a time.
+ */
+export declare function loadPolicyAsync(baseDir: string): Promise<Policy>;
+/**
+ * Synchronous policy loader — retained for CLI startup paths that must be sync.
+ * Does NOT use the cache — always reads from disk.
+ *
+ * Prefer loadPolicyAsync for middleware and any async context.
+ */
 export declare function loadPolicy(baseDir: string): Policy;
+/**
+ * Invalidate the cache for a given baseDir.
+ * Exposed for testing — production code should rely on TTL and mtime invalidation.
+ */
+export declare function invalidatePolicyCache(baseDir?: string): void;
 //# sourceMappingURL=policy-loader.d.ts.map

package/dist/config/policy-loader.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"policy-loader.d.ts","sourceRoot":"","sources":["../../src/config/policy-loader.ts"],"names":[],"mappings":"AAKA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,mBAAmB,CAAC;AAuBhD,wBAAgB,UAAU,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,CAoClD"}
+{"version":3,"file":"policy-loader.d.ts","sourceRoot":"","sources":["../../src/config/policy-loader.ts"],"names":[],"mappings":"AAMA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,mBAAmB,CAAC;AA+FhD;;;;;;;;;;;;;;GAcG;AACH,wBAAsB,eAAe,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CA6BtE;AAED;;;;;GAKG;AACH,wBAAgB,UAAU,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,CASlD;AAED;;;GAGG;AACH,wBAAgB,qBAAqB,CAAC,OAAO,CAAC,EAAE,MAAM,GAAG,IAAI,CAM5D"}

package/dist/config/policy-loader.js

@@ -1,4 +1,5 @@
 import fs from 'node:fs';
+import fsPromises from 'node:fs/promises';
 import path from 'node:path';
 import { parse as parseYaml } from 'yaml';
 import { z } from 'zod';
@@ -22,12 +23,28 @@ const PolicySchema = z.object({
     blocked_paths: z.array(z.string()),
     notification_channel: z.string().default(''),
 });
-export function loadPolicy(baseDir) {
-    const policyPath = path.join(baseDir, '.reagent', 'policy.yaml');
-    if (!fs.existsSync(policyPath)) {
-        throw new Error(`Policy file not found: ${policyPath}`);
+/** Default TTL for the policy cache — 30 seconds. Configurable via env var. */
+const DEFAULT_CACHE_TTL_MS = 30_000;
+/**
+ * Module-level cache: one entry per baseDir (singleton per process).
+ * SECURITY: Cache is never used to serve a more permissive policy than the file on disk.
+ * mtime-based invalidation ensures policy tightening takes effect before TTL expires.
+ */
+const policyCache = new Map();
+// Coalesce concurrent cache misses — two callers racing to populate the same
+// key should share one disk read, not stomp each other. On a gateway under load
+// this is the difference between an occasional wasted syscall and a data race
+// on a security boundary.
+const inflightReads = new Map();
+function applyMaxCeiling(policy) {
+    // SECURITY: Enforce max_autonomy_level ceiling — clamp if autonomy_level exceeds it.
+    if (LEVEL_ORDER[policy.autonomy_level] > LEVEL_ORDER[policy.max_autonomy_level]) {
+        console.error(`[reagent] WARNING: autonomy_level ${policy.autonomy_level} exceeds max_autonomy_level ${policy.max_autonomy_level} — clamping to ${policy.max_autonomy_level}`);
+        return { ...policy, autonomy_level: policy.max_autonomy_level };
     }
-    const raw = fs.readFileSync(policyPath, 'utf8');
+    return policy;
+}
+function parseRawPolicy(raw, policyPath) {
     let parsed;
     try {
         parsed = parseYaml(raw);
@@ -42,11 +59,87 @@ export function loadPolicy(baseDir) {
     catch (zodErr) {
         throw new Error(`Invalid policy schema at ${policyPath}: ${zodErr instanceof Error ? zodErr.message : zodErr}`);
     }
-    // SECURITY: Enforce max_autonomy_level ceiling — clamp if autonomy_level exceeds it.
-    if (LEVEL_ORDER[policy.autonomy_level] > LEVEL_ORDER[policy.max_autonomy_level]) {
-        console.error(`[reagent] WARNING: autonomy_level ${policy.autonomy_level} exceeds max_autonomy_level ${policy.max_autonomy_level} — clamping to ${policy.max_autonomy_level}`);
-        policy = { ...policy, autonomy_level: policy.max_autonomy_level };
-    }
+    return applyMaxCeiling(policy);
+}
+/**
+ * Reads and parses the policy file from disk, then populates the cache.
+ * Kept separate so the inflight map can hold a single promise per baseDir
+ * and multiple concurrent callers can join it rather than each issuing their
+ * own stat+read pair.
+ */
+async function readPolicyFromDisk(baseDir, policyPath, currentMtime) {
+    const raw = await fsPromises.readFile(policyPath, 'utf8');
+    const policy = parseRawPolicy(raw, policyPath);
+    policyCache.set(baseDir, { policy, cachedAt: Date.now(), mtimeMs: currentMtime });
     return policy;
 }
+/**
+ * Async policy loader with TTL cache and mtime-based invalidation.
+ *
+ * Cache behavior:
+ * - On each call, stat the file to get current mtime.
+ * - If mtime changed since the cached entry, invalidate immediately regardless of TTL.
+ * - If the entry is older than the TTL, re-read from disk.
+ * - Otherwise, return the cached entry.
+ *
+ * TTL is configurable via the REAGENT_POLICY_CACHE_TTL_MS environment variable.
+ *
+ * PERFORMANCE: fs.promises.readFile avoids blocking the event loop on every tool invocation.
+ * SECURITY: mtime invalidation ensures a tightened policy takes effect on the next call.
+ * CONCURRENCY: inflightReads map guarantees at most one disk read per baseDir at a time.
+ */
+export async function loadPolicyAsync(baseDir) {
+    const policyPath = path.join(baseDir, '.reagent', 'policy.yaml');
+    const ttlMs = Number(process.env.REAGENT_POLICY_CACHE_TTL_MS ?? DEFAULT_CACHE_TTL_MS);
+    const now = Date.now();
+    // Check mtime before consulting the cache — a changed file always invalidates.
+    let currentMtime;
+    try {
+        const stat = await fsPromises.stat(policyPath);
+        currentMtime = stat.mtimeMs;
+    }
+    catch {
+        throw new Error(`Policy file not found: ${policyPath}`);
+    }
+    const cached = policyCache.get(baseDir);
+    if (cached !== undefined && cached.mtimeMs === currentMtime && now - cached.cachedAt < ttlMs) {
+        return cached.policy;
+    }
+    // If another caller already kicked off a read for this baseDir, join it rather
+    // than issuing a second syscall and racing on the cache write.
+    const inflight = inflightReads.get(baseDir);
+    if (inflight)
+        return inflight;
+    const read = readPolicyFromDisk(baseDir, policyPath, currentMtime).finally(() => {
+        inflightReads.delete(baseDir);
+    });
+    inflightReads.set(baseDir, read);
+    return read;
+}
+/**
+ * Synchronous policy loader — retained for CLI startup paths that must be sync.
+ * Does NOT use the cache — always reads from disk.
+ *
+ * Prefer loadPolicyAsync for middleware and any async context.
+ */
+export function loadPolicy(baseDir) {
+    const policyPath = path.join(baseDir, '.reagent', 'policy.yaml');
+    if (!fs.existsSync(policyPath)) {
+        throw new Error(`Policy file not found: ${policyPath}`);
+    }
+    const raw = fs.readFileSync(policyPath, 'utf8');
+    return parseRawPolicy(raw, policyPath);
+}
+/**
+ * Invalidate the cache for a given baseDir.
+ * Exposed for testing — production code should rely on TTL and mtime invalidation.
+ */
+export function invalidatePolicyCache(baseDir) {
+    if (baseDir === undefined) {
+        policyCache.clear();
+    }
+    else {
+        policyCache.delete(baseDir);
+    }
+}
 //# sourceMappingURL=policy-loader.js.map

package/dist/config/policy-loader.js.map

@@ -1 +1 @@
-{"version":3,"file":"policy-loader.js","sourceRoot":"","sources":["../../src/config/policy-loader.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,KAAK,IAAI,SAAS,EAAE,MAAM,MAAM,CAAC;AAC1C,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC;AAGlD,8EAA8E;AAC9E,MAAM,WAAW,GAAkC;IACjD,CAAC,aAAa,CAAC,EAAE,CAAC,EAAE,CAAC;IACrB,CAAC,aAAa,CAAC,EAAE,CAAC,EAAE,CAAC;IACrB,CAAC,aAAa,CAAC,EAAE,CAAC,EAAE,CAAC;IACrB,CAAC,aAAa,CAAC,EAAE,CAAC,EAAE,CAAC;CACtB,CAAC;AAEF,MAAM,YAAY,GAAG,CAAC,CAAC,MAAM,CAAC;IAC5B,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE;IACnB,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE;IACnB,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE;IACxB,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE;IACxB,cAAc,EAAE,CAAC,CAAC,UAAU,CAAC,aAAa,CAAC;IAC3C,kBAAkB,EAAE,CAAC,CAAC,UAAU,CAAC,aAAa,CAAC;IAC/C,iCAAiC,EAAE,CAAC,CAAC,OAAO,EAAE;IAC9C,oBAAoB,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC;IAChD,aAAa,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;IAClC,oBAAoB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC;CAC7C,CAAC,CAAC;AAEH,MAAM,UAAU,UAAU,CAAC,OAAe;IACxC,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,UAAU,EAAE,aAAa,CAAC,CAAC;IAEjE,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAC/B,MAAM,IAAI,KAAK,CAAC,0BAA0B,UAAU,EAAE,CAAC,CAAC;IAC1D,CAAC;IAED,MAAM,GAAG,GAAG,EAAE,CAAC,YAAY,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;IAEhD,IAAI,MAAe,CAAC;IACpB,IAAI,CAAC;QACH,MAAM,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC;IAC1B,CAAC;IAAC,OAAO,OAAO,EAAE,CAAC;QACjB,MAAM,IAAI,KAAK,CACb,kCAAkC,UAAU,KAAK,OAAO,YAAY,KAAK,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,EAAE,CACxG,CAAC;IACJ,CAAC;IAED,IAAI,MAAc,CAAC;IACnB,IAAI,CAAC;QACH,MAAM,GAAG,YAAY,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IACtC,CAAC;IAAC,OAAO,MAAM,EAAE,CAAC;QAChB,MAAM,IAAI,KAAK,CACb,4BAA4B,UAAU,KAAK,MAAM,YAAY,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,EAAE,CAC/F,CAAC;IACJ,CAAC;IAED,qFAAqF;IACrF,IAAI,WAAW,CAAC,MAAM,CAAC,cAAc,CAAC,GAAG,WAAW,CAAC,MAAM,CAAC,kBAAkB,CAAC,EAAE,CAAC;QAChF,OAAO,CAAC,KAAK,CACX,qCAAqC,MAAM,CAAC,cAAc,+BAA+B,MAAM,CAAC,kBAAkB,kBAAkB,MAAM,CAAC,kBAAkB,EAAE,CAChK,CAAC;QACF,MAAM,GAAG,EAAE,GAAG,MAAM,EAAE,cAAc,EAAE,MAAM,CAAC,kBAAkB,EAAE,CAAC;IACpE,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC"}
+{"version":3,"file":"policy-loader.js","sourceRoot":"","sources":["../../src/config/policy-loader.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,UAAU,MAAM,kBAAkB,CAAC;AAC1C,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,KAAK,IAAI,SAAS,EAAE,MAAM,MAAM,CAAC;AAC1C,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC;AAGlD,8EAA8E;AAC9E,MAAM,WAAW,GAAkC;IACjD,CAAC,aAAa,CAAC,EAAE,CAAC,EAAE,CAAC;IACrB,CAAC,aAAa,CAAC,EAAE,CAAC,EAAE,CAAC;IACrB,CAAC,aAAa,CAAC,EAAE,CAAC,EAAE,CAAC;IACrB,CAAC,aAAa,CAAC,EAAE,CAAC,EAAE,CAAC;CACtB,CAAC;AAEF,MAAM,YAAY,GAAG,CAAC,CAAC,MAAM,CAAC;IAC5B,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE;IACnB,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE;IACnB,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE;IACxB,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE;IACxB,cAAc,EAAE,CAAC,CAAC,UAAU,CAAC,aAAa,CAAC;IAC3C,kBAAkB,EAAE,CAAC,CAAC,UAAU,CAAC,aAAa,CAAC;IAC/C,iCAAiC,EAAE,CAAC,CAAC,OAAO,EAAE;IAC9C,oBAAoB,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC;IAChD,aAAa,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;IAClC,oBAAoB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC;CAC7C,CAAC,CAAC;AAEH,+EAA+E;AAC/E,MAAM,oBAAoB,GAAG,MAAM,CAAC;AAQpC;;;;GAIG;AACH,MAAM,WAAW,GAAG,IAAI,GAAG,EAA4B,CAAC;AAExD,6EAA6E;AAC7E,gFAAgF;AAChF,8EAA8E;AAC9E,0BAA0B;AAC1B,MAAM,aAAa,GAAG,IAAI,GAAG,EAA2B,CAAC;AAEzD,SAAS,eAAe,CAAC,MAAc;IACrC,qFAAqF;IACrF,IAAI,WAAW,CAAC,MAAM,CAAC,cAAc,CAAC,GAAG,WAAW,CAAC,MAAM,CAAC,kBAAkB,CAAC,EAAE,CAAC;QAChF,OAAO,CAAC,KAAK,CACX,qCAAqC,MAAM,CAAC,cAAc,+BAA+B,MAAM,CAAC,kBAAkB,kBAAkB,MAAM,CAAC,kBAAkB,EAAE,CAChK,CAAC;QACF,OAAO,EAAE,GAAG,MAAM,EAAE,cAAc,EAAE,MAAM,CAAC,kBAAkB,EAAE,CAAC;IAClE,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,cAAc,CAAC,GAAW,EAAE,UAAkB;IACrD,IAAI,MAAe,CAAC;IACpB,IAAI,CAAC;QACH,MAAM,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC;IAC1B,CAAC;IAAC,OAAO,OAAO,EAAE,CAAC;QACjB,MAAM,IAAI,KAAK,CACb,kCAAkC,UAAU,KAAK,OAAO,YAAY,KAAK,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,EAAE,CACxG,CAAC;IACJ,CAAC;IAED,IAAI,MAAc,CAAC;IACnB,IAAI,CAAC;QACH,MAAM,GAAG,YAAY,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IACtC,CAAC;IAAC,OAAO,MAAM,EAAE,CAAC;QAChB,MAAM,IAAI,KAAK,CACb,4BAA4B,UAAU,KAAK,MAAM,YAAY,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,EAAE,CAC/F,CAAC;IACJ,CAAC;IAED,OAAO,eAAe,CAAC,MAAM,CAAC,CAAC;AACjC,CAAC;AAED;;;;;GAKG;AACH,KAAK,UAAU,kBAAkB,CAC/B,OAAe,EACf,UAAkB,EAClB,YAAoB;IAEpB,MAAM,GAAG,GAAG,MAAM,UAAU,CAAC,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;IAC1D,MAAM,MAAM,GAAG,cAAc,CAAC,GAAG,EAAE,UAAU,CAAC,CAAC;IAC/C,WAAW,CAAC,GAAG,CAAC,OAAO,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,EAAE,OAAO,EAAE,YAAY,EAAE,CAAC,CAAC;IAClF,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;;;;;;;;;;;GAcG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CAAC,OAAe;IACnD,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,UAAU,EAAE,aAAa,CAAC,CAAC;IACjE,MAAM,KAAK,GAAG,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,2BAA2B,IAAI,oBAAoB,CAAC,CAAC;IACtF,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAEvB,+EAA+E;IAC/E,IAAI,YAAoB,CAAC;IACzB,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,MAAM,UAAU,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAC/C,YAAY,GAAG,IAAI,CAAC,OAAO,CAAC;IAC9B,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,KAAK,CAAC,0BAA0B,UAAU,EAAE,CAAC,CAAC;IAC1D,CAAC;IAED,MAAM,MAAM,GAAG,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IACxC,IAAI,MAAM,KAAK,SAAS,IAAI,MAAM,CAAC,OAAO,KAAK,YAAY,IAAI,GAAG,GAAG,MAAM,CAAC,QAAQ,GAAG,KAAK,EAAE,CAAC;QAC7F,OAAO,MAAM,CAAC,MAAM,CAAC;IACvB,CAAC;IAED,+EAA+E;IAC/E,+DAA+D;IAC/D,MAAM,QAAQ,GAAG,aAAa,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IAC5C,IAAI,QAAQ;QAAE,OAAO,QAAQ,CAAC;IAE9B,MAAM,IAAI,GAAG,kBAAkB,CAAC,OAAO,EAAE,UAAU,EAAE,YAAY,CAAC,CAAC,OAAO,CAAC,GAAG,EAAE;QAC9E,aAAa,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAChC,CAAC,CAAC,CAAC;IACH,aAAa,CAAC,GAAG,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;IACjC,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,UAAU,CAAC,OAAe;IACxC,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,UAAU,EAAE,aAAa,CAAC,CAAC;IAEjE,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAC/B,MAAM,IAAI,KAAK,CAAC,0BAA0B,UAAU,EAAE,CAAC,CAAC;IAC1D,CAAC;IAED,MAAM,GAAG,GAAG,EAAE,CAAC,YAAY,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;IAChD,OAAO,cAAc,CAAC,GAAG,EAAE,UAAU,CAAC,CAAC;AACzC,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,qBAAqB,CAAC,OAAgB;IACpD,IAAI,OAAO,KAAK,SAAS,EAAE,CAAC;QAC1B,WAAW,CAAC,KAAK,EAAE,CAAC;IACtB,CAAC;SAAM,CAAC;QACN,WAAW,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAC9B,CAAC;AACH,CAAC"}

package/dist/gateway/circuit-breaker.d.ts

@@ -0,0 +1,60 @@
+export type CircuitState = 'closed' | 'open' | 'half-open';
+export interface CircuitBreakerOptions {
+    /** Consecutive failures before opening the circuit. Default: 5 */
+    failureThreshold?: number;
+    /** Milliseconds to wait in open state before moving to half-open. Default: 30_000 */
+    cooldownMs?: number;
+}
+export interface CircuitStatus {
+    state: CircuitState;
+    serverName: string;
+    /** ISO timestamp of when the circuit will attempt recovery (only set when open) */
+    retryAt?: string;
+}
+interface CircuitEntry {
+    state: CircuitState;
+    consecutiveFailures: number;
+    openedAt: number | null;
+    failureThreshold: number;
+    cooldownMs: number;
+}
+/**
+ * Per-server circuit breaker.
+ *
+ * State machine:
+ *   closed   → open      after N consecutive failures
+ *   open     → half-open after cooldown period
+ *   half-open → closed   on next success
+ *   half-open → open     on next failure
+ *
+ * State is kept in memory — resets to closed on gateway restart.
+ */
+export declare class CircuitBreaker {
+    private circuits;
+    private defaultOptions;
+    constructor(defaults?: CircuitBreakerOptions);
+    private getOrCreate;
+    /**
+     * Check whether a call to `serverName` is allowed.
+     *
+     * Returns null if the call may proceed, or a CircuitStatus with the
+     * current state if the circuit is open (or still deciding in half-open).
+     *
+     * Side effect: transitions open → half-open if cooldown has elapsed.
+     */
+    isAllowed(serverName: string): CircuitStatus | null;
+    /**
+     * Record a successful call. Transitions half-open → closed.
+     * In closed state, resets the consecutive failure counter.
+     */
+    recordSuccess(serverName: string): void;
+    /**
+     * Record a failed call. Increments failure counter.
+     * Transitions closed → open when threshold is reached, or half-open → open immediately.
+     */
+    recordFailure(serverName: string): void;
+    /** Expose internal state for testing */
+    getCircuit(serverName: string): CircuitEntry | undefined;
+}
+export {};
+//# sourceMappingURL=circuit-breaker.d.ts.map

package/dist/gateway/circuit-breaker.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"circuit-breaker.d.ts","sourceRoot":"","sources":["../../src/gateway/circuit-breaker.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,YAAY,GAAG,QAAQ,GAAG,MAAM,GAAG,WAAW,CAAC;AAE3D,MAAM,WAAW,qBAAqB;IACpC,kEAAkE;IAClE,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,qFAAqF;IACrF,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,aAAa;IAC5B,KAAK,EAAE,YAAY,CAAC;IACpB,UAAU,EAAE,MAAM,CAAC;IACnB,mFAAmF;IACnF,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,UAAU,YAAY;IACpB,KAAK,EAAE,YAAY,CAAC;IACpB,mBAAmB,EAAE,MAAM,CAAC;IAC5B,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,gBAAgB,EAAE,MAAM,CAAC;IACzB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED;;;;;;;;;;GAUG;AACH,qBAAa,cAAc;IACzB,OAAO,CAAC,QAAQ,CAAmC;IACnD,OAAO,CAAC,cAAc,CAAkC;gBAE5C,QAAQ,GAAE,qBAA0B;IAOhD,OAAO,CAAC,WAAW;IAenB;;;;;;;OAOG;IACH,SAAS,CAAC,UAAU,EAAE,MAAM,GAAG,aAAa,GAAG,IAAI;IA6BnD;;;OAGG;IACH,aAAa,CAAC,UAAU,EAAE,MAAM,GAAG,IAAI;IAYvC;;;OAGG;IACH,aAAa,CAAC,UAAU,EAAE,MAAM,GAAG,IAAI;IAoBvC,wCAAwC;IACxC,UAAU,CAAC,UAAU,EAAE,MAAM,GAAG,YAAY,GAAG,SAAS;CAGzD"}

package/dist/gateway/circuit-breaker.js

@@ -0,0 +1,104 @@
+/**
+ * Per-server circuit breaker.
+ *
+ * State machine:
+ *   closed   → open      after N consecutive failures
+ *   open     → half-open after cooldown period
+ *   half-open → closed   on next success
+ *   half-open → open     on next failure
+ *
+ * State is kept in memory — resets to closed on gateway restart.
+ */
+export class CircuitBreaker {
+    circuits = new Map();
+    defaultOptions;
+    constructor(defaults = {}) {
+        this.defaultOptions = {
+            failureThreshold: defaults.failureThreshold ?? 5,
+            cooldownMs: defaults.cooldownMs ?? 30_000,
+        };
+    }
+    getOrCreate(serverName) {
+        let entry = this.circuits.get(serverName);
+        if (!entry) {
+            entry = {
+                state: 'closed',
+                consecutiveFailures: 0,
+                openedAt: null,
+                failureThreshold: this.defaultOptions.failureThreshold,
+                cooldownMs: this.defaultOptions.cooldownMs,
+            };
+            this.circuits.set(serverName, entry);
+        }
+        return entry;
+    }
+    /**
+     * Check whether a call to `serverName` is allowed.
+     *
+     * Returns null if the call may proceed, or a CircuitStatus with the
+     * current state if the circuit is open (or still deciding in half-open).
+     *
+     * Side effect: transitions open → half-open if cooldown has elapsed.
+     */
+    isAllowed(serverName) {
+        const entry = this.getOrCreate(serverName);
+        if (entry.state === 'closed')
+            return null;
+        if (entry.state === 'open') {
+            const elapsed = Date.now() - (entry.openedAt ?? 0);
+            if (elapsed >= entry.cooldownMs) {
+                // Move to half-open so the next call acts as a probe
+                entry.state = 'half-open';
+                entry.consecutiveFailures = 0;
+                console.error(`[reagent] circuit-breaker: "${serverName}" transitioned open → half-open (probing recovery)`);
+                return null; // Let the call through as the probe
+            }
+            const retryAt = new Date((entry.openedAt ?? 0) + entry.cooldownMs).toISOString();
+            return {
+                state: 'open',
+                serverName,
+                retryAt,
+            };
+        }
+        // half-open: allow exactly one probe call through
+        return null;
+    }
+    /**
+     * Record a successful call. Transitions half-open → closed.
+     * In closed state, resets the consecutive failure counter.
+     */
+    recordSuccess(serverName) {
+        const entry = this.getOrCreate(serverName);
+        if (entry.state === 'half-open') {
+            entry.state = 'closed';
+            entry.consecutiveFailures = 0;
+            entry.openedAt = null;
+            console.error(`[reagent] circuit-breaker: "${serverName}" recovered — circuit closed`);
+        }
+        else if (entry.state === 'closed') {
+            entry.consecutiveFailures = 0;
+        }
+    }
+    /**
+     * Record a failed call. Increments failure counter.
+     * Transitions closed → open when threshold is reached, or half-open → open immediately.
+     */
+    recordFailure(serverName) {
+        const entry = this.getOrCreate(serverName);
+        if (entry.state === 'open')
+            return; // Already open — nothing to do
+        entry.consecutiveFailures++;
+        const shouldOpen = entry.state === 'half-open' || entry.consecutiveFailures >= entry.failureThreshold;
+        if (shouldOpen) {
+            entry.state = 'open';
+            entry.openedAt = Date.now();
+            const retryAt = new Date(entry.openedAt + entry.cooldownMs).toISOString();
+            console.error(`[reagent] circuit-breaker: "${serverName}" OPENED after ${entry.consecutiveFailures} failure(s) — will retry at ${retryAt}`);
+        }
+    }
+    /** Expose internal state for testing */
+    getCircuit(serverName) {
+        return this.circuits.get(serverName);
+    }
+}
+//# sourceMappingURL=circuit-breaker.js.map

package/dist/gateway/circuit-breaker.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"circuit-breaker.js","sourceRoot":"","sources":["../../src/gateway/circuit-breaker.ts"],"names":[],"mappings":"AAwBA;;;;;;;;;;GAUG;AACH,MAAM,OAAO,cAAc;IACjB,QAAQ,GAAG,IAAI,GAAG,EAAwB,CAAC;IAC3C,cAAc,CAAkC;IAExD,YAAY,WAAkC,EAAE;QAC9C,IAAI,CAAC,cAAc,GAAG;YACpB,gBAAgB,EAAE,QAAQ,CAAC,gBAAgB,IAAI,CAAC;YAChD,UAAU,EAAE,QAAQ,CAAC,UAAU,IAAI,MAAM;SAC1C,CAAC;IACJ,CAAC;IAEO,WAAW,CAAC,UAAkB;QACpC,IAAI,KAAK,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QAC1C,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,KAAK,GAAG;gBACN,KAAK,EAAE,QAAQ;gBACf,mBAAmB,EAAE,CAAC;gBACtB,QAAQ,EAAE,IAAI;gBACd,gBAAgB,EAAE,IAAI,CAAC,cAAc,CAAC,gBAAgB;gBACtD,UAAU,EAAE,IAAI,CAAC,cAAc,CAAC,UAAU;aAC3C,CAAC;YACF,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC;QACvC,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;;;;;;OAOG;IACH,SAAS,CAAC,UAAkB;QAC1B,MAAM,KAAK,GAAG,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC;QAE3C,IAAI,KAAK,CAAC,KAAK,KAAK,QAAQ;YAAE,OAAO,IAAI,CAAC;QAE1C,IAAI,KAAK,CAAC,KAAK,KAAK,MAAM,EAAE,CAAC;YAC3B,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,KAAK,CAAC,QAAQ,IAAI,CAAC,CAAC,CAAC;YACnD,IAAI,OAAO,IAAI,KAAK,CAAC,UAAU,EAAE,CAAC;gBAChC,qDAAqD;gBACrD,KAAK,CAAC,KAAK,GAAG,WAAW,CAAC;gBAC1B,KAAK,CAAC,mBAAmB,GAAG,CAAC,CAAC;gBAC9B,OAAO,CAAC,KAAK,CACX,+BAA+B,UAAU,oDAAoD,CAC9F,CAAC;gBACF,OAAO,IAAI,CAAC,CAAC,oCAAoC;YACnD,CAAC;YAED,MAAM,OAAO,GAAG,IAAI,IAAI,CAAC,CAAC,KAAK,CAAC,QAAQ,IAAI,CAAC,CAAC,GAAG,KAAK,CAAC,UAAU,CAAC,CAAC,WAAW,EAAE,CAAC;YACjF,OAAO;gBACL,KAAK,EAAE,MAAM;gBACb,UAAU;gBACV,OAAO;aACR,CAAC;QACJ,CAAC;QAED,kDAAkD;QAClD,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;;OAGG;IACH,aAAa,CAAC,UAAkB;QAC9B,MAAM,KAAK,GAAG,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC;QAC3C,IAAI,KAAK,CAAC,KAAK,KAAK,WAAW,EAAE,CAAC;YAChC,KAAK,CAAC,KAAK,GAAG,QAAQ,CAAC;YACvB,KAAK,CAAC,mBAAmB,GAAG,CAAC,CAAC;YAC9B,KAAK,CAAC,QAAQ,GAAG,IAAI,CAAC;YACtB,OAAO,CAAC,KAAK,CAAC,+BAA+B,UAAU,8BAA8B,CAAC,CAAC;QACzF,CAAC;aAAM,IAAI,KAAK,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;YACpC,KAAK,CAAC,mBAAmB,GAAG,CAAC,CAAC;QAChC,CAAC;IACH,CAAC;IAED;;;OAGG;IACH,aAAa,CAAC,UAAkB;QAC9B,MAAM,KAAK,GAAG,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC;QAE3C,IAAI,KAAK,CAAC,KAAK,KAAK,MAAM;YAAE,OAAO,CAAC,+BAA+B;QAEnE,KAAK,CAAC,mBAAmB,EAAE,CAAC;QAE5B,MAAM,UAAU,GACd,KAAK,CAAC,KAAK,KAAK,WAAW,IAAI,KAAK,CAAC,mBAAmB,IAAI,KAAK,CAAC,gBAAgB,CAAC;QAErF,IAAI,UAAU,EAAE,CAAC;YACf,KAAK,CAAC,KAAK,GAAG,MAAM,CAAC;YACrB,KAAK,CAAC,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;YAC5B,MAAM,OAAO,GAAG,IAAI,IAAI,CAAC,KAAK,CAAC,QAAQ,GAAG,KAAK,CAAC,UAAU,CAAC,CAAC,WAAW,EAAE,CAAC;YAC1E,OAAO,CAAC,KAAK,CACX,+BAA+B,UAAU,kBAAkB,KAAK,CAAC,mBAAmB,+BAA+B,OAAO,EAAE,CAC7H,CAAC;QACJ,CAAC;IACH,CAAC;IAED,wCAAwC;IACxC,UAAU,CAAC,UAAkB;QAC3B,OAAO,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IACvC,CAAC;CACF"}

package/dist/gateway/collision-detector.d.ts

@@ -0,0 +1,31 @@
+import type { ClientManager } from './client-manager.js';
+export interface CollisionEntry {
+    toolName: string;
+    /** Server that "owns" the original name */
+    primaryServer: string;
+    /** Server whose tool is shadowed and will be prefixed */
+    shadowedServer: string;
+    /** The namespaced name the shadowed tool will be registered under */
+    namespacedName: string;
+}
+export interface CollisionReport {
+    collisions: CollisionEntry[];
+    /**
+     * Maps `serverName/toolName` → registered name.
+     * For primary tools: registered name equals toolName.
+     * For shadowed tools: registered name is `serverName/toolName`.
+     */
+    nameMap: Map<string, string>;
+}
+/**
+ * Detects tool name collisions across all downstream servers.
+ *
+ * When two servers expose the same bare tool name, the first server encountered
+ * wins and keeps the original name. The second server's tool gets prefixed as
+ * `{serverName}/{toolName}`. This is deterministic (Map insertion order).
+ *
+ * Runs before the gateway starts accepting connections so admins know about
+ * shadowed tools at startup rather than silently losing one.
+ */
+export declare function detectToolCollisions(clientManager: ClientManager): Promise<CollisionReport>;
+//# sourceMappingURL=collision-detector.d.ts.map

package/dist/gateway/collision-detector.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"collision-detector.d.ts","sourceRoot":"","sources":["../../src/gateway/collision-detector.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AAEzD,MAAM,WAAW,cAAc;IAC7B,QAAQ,EAAE,MAAM,CAAC;IACjB,2CAA2C;IAC3C,aAAa,EAAE,MAAM,CAAC;IACtB,yDAAyD;IACzD,cAAc,EAAE,MAAM,CAAC;IACvB,qEAAqE;IACrE,cAAc,EAAE,MAAM,CAAC;CACxB;AAED,MAAM,WAAW,eAAe;IAC9B,UAAU,EAAE,cAAc,EAAE,CAAC;IAC7B;;;;OAIG;IACH,OAAO,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAC9B;AAED;;;;;;;;;GASG;AACH,wBAAsB,oBAAoB,CAAC,aAAa,EAAE,aAAa,GAAG,OAAO,CAAC,eAAe,CAAC,CAiDjG"}

package/dist/gateway/collision-detector.js

@@ -0,0 +1,53 @@
+/**
+ * Detects tool name collisions across all downstream servers.
+ *
+ * When two servers expose the same bare tool name, the first server encountered
+ * wins and keeps the original name. The second server's tool gets prefixed as
+ * `{serverName}/{toolName}`. This is deterministic (Map insertion order).
+ *
+ * Runs before the gateway starts accepting connections so admins know about
+ * shadowed tools at startup rather than silently losing one.
+ */
+export async function detectToolCollisions(clientManager) {
+    // toolName → first server to register it
+    const seen = new Map();
+    const collisions = [];
+    // key = `serverName::toolName`, value = what name it will be registered as
+    const nameMap = new Map();
+    for (const [serverName, managed] of clientManager.getAllClients()) {
+        let tools;
+        try {
+            const result = await managed.client.listTools();
+            tools = result.tools;
+        }
+        catch (err) {
+            console.error(`[reagent] collision-detector: could not list tools from "${serverName}":`, err instanceof Error ? err.message : err);
+            continue;
+        }
+        for (const tool of tools) {
+            const key = `${serverName}::${tool.name}`;
+            const prior = seen.get(tool.name);
+            if (prior !== undefined) {
+                // This tool name was already claimed by `prior` server
+                const namespacedName = `${serverName}/${tool.name}`;
+                collisions.push({
+                    toolName: tool.name,
+                    primaryServer: prior,
+                    shadowedServer: serverName,
+                    namespacedName,
+                });
+                nameMap.set(key, namespacedName);
+                // Warn with enough detail that an admin can act on it
+                console.error(`[reagent] WARN [GHSA-4j9r] tool name collision: "${tool.name}" is exposed by ` +
+                    `both "${prior}" (primary, keeps original name) and "${serverName}" ` +
+                    `(shadowed, will be registered as "${namespacedName}")`);
+            }
+            else {
+                seen.set(tool.name, serverName);
+                nameMap.set(key, tool.name);
+            }
+        }
+    }
+    return { collisions, nameMap };
+}
+//# sourceMappingURL=collision-detector.js.map

package/dist/gateway/collision-detector.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"collision-detector.js","sourceRoot":"","sources":["../../src/gateway/collision-detector.ts"],"names":[],"mappings":"AAsBA;;;;;;;;;GASG;AACH,MAAM,CAAC,KAAK,UAAU,oBAAoB,CAAC,aAA4B;IACrE,yCAAyC;IACzC,MAAM,IAAI,GAAG,IAAI,GAAG,EAAkB,CAAC;IACvC,MAAM,UAAU,GAAqB,EAAE,CAAC;IACxC,2EAA2E;IAC3E,MAAM,OAAO,GAAG,IAAI,GAAG,EAAkB,CAAC;IAE1C,KAAK,MAAM,CAAC,UAAU,EAAE,OAAO,CAAC,IAAI,aAAa,CAAC,aAAa,EAAE,EAAE,CAAC;QAClE,IAAI,KAA8B,CAAC;QACnC,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,MAAM,CAAC,SAAS,EAAE,CAAC;YAChD,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC;QACvB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,CAAC,KAAK,CACX,4DAA4D,UAAU,IAAI,EAC1E,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CACzC,CAAC;YACF,SAAS;QACX,CAAC;QAED,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,MAAM,GAAG,GAAG,GAAG,UAAU,KAAK,IAAI,CAAC,IAAI,EAAE,CAAC;YAC1C,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAElC,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;gBACxB,uDAAuD;gBACvD,MAAM,cAAc,GAAG,GAAG,UAAU,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;gBACpD,UAAU,CAAC,IAAI,CAAC;oBACd,QAAQ,EAAE,IAAI,CAAC,IAAI;oBACnB,aAAa,EAAE,KAAK;oBACpB,cAAc,EAAE,UAAU;oBAC1B,cAAc;iBACf,CAAC,CAAC;gBACH,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,cAAc,CAAC,CAAC;gBAEjC,sDAAsD;gBACtD,OAAO,CAAC,KAAK,CACX,oDAAoD,IAAI,CAAC,IAAI,kBAAkB;oBAC7E,SAAS,KAAK,yCAAyC,UAAU,IAAI;oBACrE,qCAAqC,cAAc,IAAI,CAC1D,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;gBAChC,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;YAC9B,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,EAAE,UAAU,EAAE,OAAO,EAAE,CAAC;AACjC,CAAC"}

package/dist/gateway/middleware/blocked-paths.js

@@ -1,6 +1,6 @@
 import path from 'node:path';
 import { InvocationStatus } from '../../types/index.js';
-import { loadPolicy } from '../../config/policy-loader.js';
+import { loadPolicyAsync } from '../../config/policy-loader.js';
 /**
  * Pre-execution middleware: denies tool invocations whose arguments
  * reference paths that are in the policy's blocked_paths list.
@@ -16,7 +16,7 @@ export function createBlockedPathsMiddleware(initialPolicy, baseDir) {
         let blockedPaths = initialPolicy.blocked_paths;
         if (baseDir) {
             try {
-                const policy = loadPolicy(baseDir);
+                const policy = await loadPolicyAsync(baseDir);
                 blockedPaths = policy.blocked_paths;
             }
             catch {

package/dist/gateway/middleware/blocked-paths.js.map

@@ -1 +1 @@
-{"version":3,"file":"blocked-paths.js","sourceRoot":"","sources":["../../../src/gateway/middleware/blocked-paths.ts"],"names":[],"mappings":"AAAA,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,gBAAgB,EAAE,MAAM,sBAAsB,CAAC;AACxD,OAAO,EAAE,UAAU,EAAE,MAAM,+BAA+B,CAAC;AAI3D;;;;;;;;GAQG;AACH,MAAM,UAAU,4BAA4B,CAAC,aAAqB,EAAE,OAAgB;IAClF,OAAO,KAAK,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;QACzB,oEAAoE;QACpE,IAAI,YAAY,GAAG,aAAa,CAAC,aAAa,CAAC;QAC/C,IAAI,OAAO,EAAE,CAAC;YACZ,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,UAAU,CAAC,OAAO,CAAC,CAAC;gBACnC,YAAY,GAAG,MAAM,CAAC,aAAa,CAAC;YACtC,CAAC;YAAC,MAAM,CAAC;gBACP,8DAA8D;YAChE,CAAC;QACH,CAAC;QAED,gEAAgE;QAChE,MAAM,KAAK,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,CAAC,GAAG,YAAY,EAAE,WAAW,CAAC,CAAC,CAAC,CAAC;QAE3D,uDAAuD;QACvD,MAAM,YAAY,GAAG,mBAAmB,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAExD,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,YAAY,EAAE,CAAC;YACxC,KAAK,MAAM,OAAO,IAAI,KAAK,EAAE,CAAC;gBAC5B,IAAI,mBAAmB,CAAC,KAAK,EAAE,OAAO,CAAC,EAAE,CAAC;oBACxC,GAAG,CAAC,MAAM,GAAG,gBAAgB,CAAC,MAAM,CAAC;oBACrC,GAAG,CAAC,KAAK,GAAG,aAAa,GAAG,8BAA8B,OAAO,YAAY,GAAG,CAAC,SAAS,EAAE,CAAC;oBAC7F,OAAO;gBACT,CAAC;YACH,CAAC;QACH,CAAC;QAED,MAAM,IAAI,EAAE,CAAC;IACf,CAAC,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,SAAS,mBAAmB,CAC1B,GAAY,EACZ,MAAM,GAAG,EAAE,EACX,IAAI,GAAG,IAAI,OAAO,EAAE;IAEpB,MAAM,OAAO,GAA4B,EAAE,CAAC;IAE5C,IAAI,GAAG,KAAK,IAAI,IAAI,GAAG,KAAK,SAAS;QAAE,OAAO,OAAO,CAAC;IACtD,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;QAC5B,OAAO,CAAC,IAAI,CAAC,CAAC,MAAM,IAAI,OAAO,EAAE,GAAG,CAAC,CAAC,CAAC;QACvC,OAAO,OAAO,CAAC;IACjB,CAAC;IACD,IAAI,OAAO,GAAG,KAAK,QAAQ;QAAE,OAAO,OAAO,CAAC;IAE5C,2BAA2B;IAC3B,MAAM,MAAM,GAAG,GAAa,CAAC;IAC7B,IAAI,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC;QAAE,OAAO,OAAO,CAAC;IACrC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IAEjB,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QACvB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACpC,OAAO,CAAC,IAAI,CAAC,GAAG,mBAAmB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,GAAG,MAAM,IAAI,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC,CAAC;QACxE,CAAC;IACH,CAAC;SAAM,CAAC;QACN,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;YAC/C,MAAM,OAAO,GAAG,MAAM,CAAC,CAAC,CAAC,GAAG,MAAM,IAAI,GAAG,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC;YAClD,OAAO,CAAC,IAAI,CAAC,GAAG,mBAAmB,CAAC,KAAK,EAAE,OAAO,EAAE,IAAI,CAAC,CAAC,CAAC;QAC7D,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;;;;GAMG;AACH,SAAS,mBAAmB,CAAC,KAAa,EAAE,WAAmB;IAC7D,gFAAgF;IAChF,MAAM,UAAU,GAAG,aAAa,CAAC,KAAK,CAAC,CAAC;IACxC,MAAM,iBAAiB,GAAG,WAAW,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,WAAW,EAAE,CAAC;IAExE,8CAA8C;IAC9C,IAAI,UAAU,CAAC,QAAQ,CAAC,iBAAiB,CAAC;QAAE,OAAO,IAAI,CAAC;IAExD,6DAA6D;IAC7D,MAAM,QAAQ,GAAG,iBAAiB,CAAC,OAAO,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;IAC1D,IAAI,QAAQ,IAAI,UAAU,CAAC,QAAQ,CAAC,QAAQ,CAAC;QAAE,OAAO,IAAI,CAAC;IAE3D,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;;;;;GAOG;AACH,SAAS,aAAa,CAAC,KAAa;IAClC,IAAI,OAAO,GAAG,KAAK,CAAC;IAEpB,oEAAoE;IACpE,IAAI,CAAC;QACH,OAAO,GAAG,kBAAkB,CAAC,KAAK,CAAC,CAAC;IACtC,CAAC;IAAC,MAAM,CAAC;QACP,2EAA2E;IAC7E,CAAC;IAED,2CAA2C;IAC3C,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;IAEtC,6EAA6E;IAC7E,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;IAEtD,4CAA4C;IAC5C,OAAO,OAAO,CAAC,WAAW,EAAE,CAAC;AAC/B,CAAC"}
+{"version":3,"file":"blocked-paths.js","sourceRoot":"","sources":["../../../src/gateway/middleware/blocked-paths.ts"],"names":[],"mappings":"AAAA,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,gBAAgB,EAAE,MAAM,sBAAsB,CAAC;AACxD,OAAO,EAAE,eAAe,EAAE,MAAM,+BAA+B,CAAC;AAIhE;;;;;;;;GAQG;AACH,MAAM,UAAU,4BAA4B,CAAC,aAAqB,EAAE,OAAgB;IAClF,OAAO,KAAK,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;QACzB,oEAAoE;QACpE,IAAI,YAAY,GAAG,aAAa,CAAC,aAAa,CAAC;QAC/C,IAAI,OAAO,EAAE,CAAC;YACZ,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,MAAM,eAAe,CAAC,OAAO,CAAC,CAAC;gBAC9C,YAAY,GAAG,MAAM,CAAC,aAAa,CAAC;YACtC,CAAC;YAAC,MAAM,CAAC;gBACP,8DAA8D;YAChE,CAAC;QACH,CAAC;QAED,gEAAgE;QAChE,MAAM,KAAK,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,CAAC,GAAG,YAAY,EAAE,WAAW,CAAC,CAAC,CAAC,CAAC;QAE3D,uDAAuD;QACvD,MAAM,YAAY,GAAG,mBAAmB,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAExD,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,YAAY,EAAE,CAAC;YACxC,KAAK,MAAM,OAAO,IAAI,KAAK,EAAE,CAAC;gBAC5B,IAAI,mBAAmB,CAAC,KAAK,EAAE,OAAO,CAAC,EAAE,CAAC;oBACxC,GAAG,CAAC,MAAM,GAAG,gBAAgB,CAAC,MAAM,CAAC;oBACrC,GAAG,CAAC,KAAK,GAAG,aAAa,GAAG,8BAA8B,OAAO,YAAY,GAAG,CAAC,SAAS,EAAE,CAAC;oBAC7F,OAAO;gBACT,CAAC;YACH,CAAC;QACH,CAAC;QAED,MAAM,IAAI,EAAE,CAAC;IACf,CAAC,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,SAAS,mBAAmB,CAC1B,GAAY,EACZ,MAAM,GAAG,EAAE,EACX,IAAI,GAAG,IAAI,OAAO,EAAE;IAEpB,MAAM,OAAO,GAA4B,EAAE,CAAC;IAE5C,IAAI,GAAG,KAAK,IAAI,IAAI,GAAG,KAAK,SAAS;QAAE,OAAO,OAAO,CAAC;IACtD,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;QAC5B,OAAO,CAAC,IAAI,CAAC,CAAC,MAAM,IAAI,OAAO,EAAE,GAAG,CAAC,CAAC,CAAC;QACvC,OAAO,OAAO,CAAC;IACjB,CAAC;IACD,IAAI,OAAO,GAAG,KAAK,QAAQ;QAAE,OAAO,OAAO,CAAC;IAE5C,2BAA2B;IAC3B,MAAM,MAAM,GAAG,GAAa,CAAC;IAC7B,IAAI,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC;QAAE,OAAO,OAAO,CAAC;IACrC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IAEjB,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QACvB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACpC,OAAO,CAAC,IAAI,CAAC,GAAG,mBAAmB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,GAAG,MAAM,IAAI,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC,CAAC;QACxE,CAAC;IACH,CAAC;SAAM,CAAC;QACN,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;YAC/C,MAAM,OAAO,GAAG,MAAM,CAAC,CAAC,CAAC,GAAG,MAAM,IAAI,GAAG,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC;YAClD,OAAO,CAAC,IAAI,CAAC,GAAG,mBAAmB,CAAC,KAAK,EAAE,OAAO,EAAE,IAAI,CAAC,CAAC,CAAC;QAC7D,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;;;;GAMG;AACH,SAAS,mBAAmB,CAAC,KAAa,EAAE,WAAmB;IAC7D,gFAAgF;IAChF,MAAM,UAAU,GAAG,aAAa,CAAC,KAAK,CAAC,CAAC;IACxC,MAAM,iBAAiB,GAAG,WAAW,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,WAAW,EAAE,CAAC;IAExE,8CAA8C;IAC9C,IAAI,UAAU,CAAC,QAAQ,CAAC,iBAAiB,CAAC;QAAE,OAAO,IAAI,CAAC;IAExD,6DAA6D;IAC7D,MAAM,QAAQ,GAAG,iBAAiB,CAAC,OAAO,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;IAC1D,IAAI,QAAQ,IAAI,UAAU,CAAC,QAAQ,CAAC,QAAQ,CAAC;QAAE,OAAO,IAAI,CAAC;IAE3D,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;;;;;GAOG;AACH,SAAS,aAAa,CAAC,KAAa;IAClC,IAAI,OAAO,GAAG,KAAK,CAAC;IAEpB,oEAAoE;IACpE,IAAI,CAAC;QACH,OAAO,GAAG,kBAAkB,CAAC,KAAK,CAAC,CAAC;IACtC,CAAC;IAAC,MAAM,CAAC;QACP,2EAA2E;IAC7E,CAAC;IAED,2CAA2C;IAC3C,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;IAEtC,6EAA6E;IAC7E,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;IAEtD,4CAA4C;IAC5C,OAAO,OAAO,CAAC,WAAW,EAAE,CAAC;AAC/B,CAAC"}