@bulwark-ai/gateway 0.1.2 → 0.1.4

package/dist/index.js

@@ -8,6 +8,9 @@ var __hasOwnProp = Object.prototype.hasOwnProperty;
 var __esm = (fn, res) => function __init() {
   return fn && (res = (0, fn[__getOwnPropNames(fn)[0]])(fn = 0)), res;
 };
+var __commonJS = (cb, mod) => function __require() {
+  return mod || (0, cb[__getOwnPropNames(cb)[0]])((mod = { exports: {} }).exports, mod), mod.exports;
+};
 var __export = (target, all) => {
   for (var name in all)
     __defProp(target, name, { get: all[name], enumerable: true });
@@ -134,6 +137,11 @@ CREATE INDEX IF NOT EXISTS idx_bulwark_chunks_tenant ON bulwark_chunks(tenant_id
       _initialized = false;
       _initPromise = null;
       constructor(connectionString, poolConfig) {
+        if (!process.env.BULWARK_POSTGRES_EXPERIMENTAL) {
+          throw new Error(
+            "[Bulwark] Postgres adapter is NOT production-ready. The sync Database interface is incompatible with pg's async driver \u2014 reads return empty data, writes are fire-and-forget. Use SQLite for now. Set BULWARK_POSTGRES_EXPERIMENTAL=1 to bypass this check at your own risk."
+          );
+        }
         this.connectionString = connectionString;
         this.poolConfig = {
           max: poolConfig?.max || 20,
@@ -202,6 +210,96 @@ CREATE INDEX IF NOT EXISTS idx_bulwark_chunks_tenant ON bulwark_chunks(tenant_id
   }
 });
 
+// package.json
+var require_package = __commonJS({
+  "package.json"(exports2, module2) {
+    module2.exports = {
+      name: "@bulwark-ai/gateway",
+      version: "0.1.4",
+      description: "Enterprise AI governance gateway \u2014 PII detection, prompt injection guard, budget control, audit logging, RAG, multi-tenant. Drop into any Node.js app.",
+      main: "dist/index.js",
+      types: "dist/index.d.ts",
+      exports: {
+        ".": {
+          types: "./dist/index.d.ts",
+          import: "./dist/index.mjs",
+          require: "./dist/index.js"
+        }
+      },
+      files: ["dist", "README.md", "LICENSE"],
+      scripts: {
+        build: "tsup",
+        dev: "tsup --watch",
+        test: "vitest run",
+        "test:watch": "vitest",
+        lint: "tsc --noEmit"
+      },
+      keywords: [
+        "ai",
+        "gateway",
+        "ai",
+        "llm",
+        "gateway",
+        "governance",
+        "pii",
+        "prompt-injection",
+        "gdpr",
+        "soc2",
+        "hipaa",
+        "ccpa",
+        "audit",
+        "openai",
+        "anthropic",
+        "mistral",
+        "google",
+        "ollama",
+        "multi-tenant",
+        "rag",
+        "enterprise",
+        "budget",
+        "compliance",
+        "security",
+        "streaming",
+        "rate-limit",
+        "cost-tracking",
+        "admin"
+      ],
+      author: "Bulwark AI",
+      license: "SEE LICENSE IN LICENSE",
+      dependencies: {
+        "@anthropic-ai/sdk": "^0.39.0",
+        "better-sqlite3": "^11.0.0",
+        openai: "^4.80.0",
+        uuid: "^11.0.0"
+      },
+      devDependencies: {
+        "@types/better-sqlite3": "^7.6.0",
+        "@types/express": "^5.0.6",
+        "@types/node": "^22.0.0",
+        "@types/react": "^19.2.14",
+        "@types/uuid": "^10.0.0",
+        react: "^19.2.4",
+        tsup: "^8.0.0",
+        typescript: "^5.7.0",
+        vitest: "^3.0.0"
+      },
+      peerDependencies: {
+        express: "^4.0.0 || ^5.0.0",
+        pg: "^8.0.0",
+        ioredis: "^5.0.0"
+      },
+      peerDependenciesMeta: {
+        express: { optional: true },
+        pg: { optional: true },
+        ioredis: { optional: true }
+      },
+      engines: {
+        node: ">=18"
+      }
+    };
+  }
+});
+
 // src/index.ts
 var index_exports = {};
 __export(index_exports, {
@@ -243,7 +341,6 @@ __export(index_exports, {
   createDatabase: () => createDatabase,
   createNextAuditHandler: () => createNextAuditHandler,
   createNextHandler: () => createNextHandler,
-  createStreamAdapter: () => createStreamAdapter,
   getDashboard: () => getDashboard,
   hardenSystemPrompt: () => hardenSystemPrompt,
   parseCSV: () => parseCSV,
@@ -273,16 +370,36 @@ var PII_PATTERNS = {
   // Generic — covers most EU national ID formats
   medical_id: /\b(?:NHS|EHIC|SVN|AMM)[-\s]?\d{6,12}\b/gi
 };
+function luhnCheck(num) {
+  const digits = num.replace(/[\s-]/g, "");
+  if (!/^\d+$/.test(digits) || digits.length < 13) return false;
+  let sum = 0;
+  let alternate = false;
+  for (let i = digits.length - 1; i >= 0; i--) {
+    let n = parseInt(digits[i], 10);
+    if (alternate) {
+      n *= 2;
+      if (n > 9) n -= 9;
+    }
+    sum += n;
+    alternate = !alternate;
+  }
+  return sum % 10 === 0;
+}
 var PIIDetector = class {
-  config;
+  _config;
   activeTypes;
   constructor(config) {
-    this.config = config;
+    this._config = config;
     this.activeTypes = config.types || ["email", "phone", "ssn", "credit_card", "iban"];
   }
+  /** Whether PII detection is enabled */
+  get config() {
+    return this._config;
+  }
   /** Scan text for PII. Returns matches and optionally redacted text. */
   scan(text) {
-    if (!this.config.enabled) return { text, matches: [], blocked: false, redacted: false };
+    if (!this._config.enabled) return { text, matches: [], blocked: false, redacted: false };
     const matches = [];
     for (const type of this.activeTypes) {
       const pattern = PII_PATTERNS[type];
@@ -290,17 +407,19 @@ var PIIDetector = class {
       const regex = new RegExp(pattern.source, pattern.flags);
       let match;
       while ((match = regex.exec(text)) !== null) {
+        if (type === "credit_card" && !luhnCheck(match[0])) continue;
         matches.push({
           type,
-          value: match[0],
+          value: "[REDACTED]",
+          // SECURITY: Never store raw PII values in match objects
           redacted: `[${type.toUpperCase()}]`,
           start: match.index,
           end: match.index + match[0].length
         });
       }
     }
-    if (this.config.customPatterns) {
-      for (const custom of this.config.customPatterns) {
+    if (this._config.customPatterns) {
+      for (const custom of this._config.customPatterns) {
         try {
           if (/\([^)]*[+*][^)]*\)[+*]/.test(custom.pattern)) continue;
           if (/(\.\*){3,}/.test(custom.pattern)) continue;
@@ -315,7 +434,7 @@ var PIIDetector = class {
             }
             matches.push({
               type: custom.name,
-              value: match[0],
+              value: "[REDACTED]",
               redacted: `[${custom.name.toUpperCase()}]`,
               start: match.index,
               end: match.index + match[0].length
@@ -326,7 +445,7 @@ var PIIDetector = class {
       }
     }
     if (matches.length === 0) return { text, matches: [], blocked: false, redacted: false };
-    const action = this.config.action || "warn";
+    const action = this._config.action || "warn";
     if (action === "block") {
       return { text, matches, blocked: true, redacted: false };
     }
@@ -394,11 +513,16 @@ var PolicyEngine = class {
           break;
         case "regex_block":
           if (policy.regex) {
-            const regex = new RegExp(policy.regex, "gi");
-            const match = regex.exec(text);
-            if (match) {
-              violated = true;
-              matchedPattern = match[0];
+            if (/\([^)]*[+*][^)]*\)[+*]/.test(policy.regex)) break;
+            if (/(\.\*){3,}/.test(policy.regex)) break;
+            try {
+              const regex = new RegExp(policy.regex, "gi");
+              const match = regex.exec(text);
+              if (match) {
+                violated = true;
+                matchedPattern = match[0];
+              }
+            } catch {
             }
           }
           break;
@@ -564,7 +688,7 @@ var CostCalculator = class {
     const outputCost = outputTokens / 1e6 * pricing.output;
     return {
       model,
-      provider: model.startsWith("claude") ? "anthropic" : "openai",
+      provider: this.detectProvider(model),
       inputTokens,
       outputTokens,
       inputCost: Math.round(inputCost * 1e6) / 1e6,
@@ -573,6 +697,15 @@ var CostCalculator = class {
       totalCost: Math.round((inputCost + outputCost) * 1e6) / 1e6
     };
   }
+  /** Detect provider from model name */
+  detectProvider(model) {
+    const m = model.toLowerCase();
+    if (m.startsWith("claude")) return "anthropic";
+    if (m.startsWith("mistral") || m.startsWith("codestral") || m.startsWith("pixtral")) return "mistral";
+    if (m.startsWith("gemini") || m.startsWith("palm")) return "google";
+    if (m.startsWith("llama") || m.startsWith("phi") || m.startsWith("qwen") || m.startsWith("deepseek") || m.startsWith("codellama")) return "ollama";
+    return "openai";
+  }
   /** Update pricing for a model */
   setModelPrice(model, input, output) {
     this.pricing[model] = { input, output };
@@ -584,6 +717,8 @@ var BudgetManager = class {
   enabled;
   config;
   db;
+  /** Tracks which thresholds have already been crossed per scope to avoid duplicate alerts */
+  crossedThresholds = /* @__PURE__ */ new Map();
   constructor(db, config) {
     this.db = db;
     this.config = config;
@@ -607,8 +742,12 @@ var BudgetManager = class {
         return { ok: this.config.onExceeded !== "block", used, limit, costUsd: row?.total_cost || 0 };
       }
       if (limit > 0 && this.config.alertThresholds && this.config.onAlert) {
+        const scopeKey = `user:${scope.userId}`;
+        if (!this.crossedThresholds.has(scopeKey)) this.crossedThresholds.set(scopeKey, /* @__PURE__ */ new Set());
+        const crossed = this.crossedThresholds.get(scopeKey);
         for (const threshold of this.config.alertThresholds) {
-          if (used / limit >= threshold) {
+          if (used / limit >= threshold && !crossed.has(threshold)) {
+            crossed.add(threshold);
             this.config.onAlert({ type: "user", id: scope.userId, threshold, used, limit, costUsd: row?.total_cost || 0 });
           }
         }
@@ -829,6 +968,7 @@ var SQLiteDatabase = class {
 };
 function createDatabase(connection) {
   if (connection.startsWith("postgres://") || connection.startsWith("postgresql://")) {
+    console.warn("[bulwark] WARNING: Postgres adapter is EXPERIMENTAL and NOT production-ready. Governance controls may not work reliably. Use SQLite for production until async DB layer ships in v0.2.");
     const { PostgresDatabase: PostgresDatabase2 } = (init_database_postgres(), __toCommonJS(database_postgres_exports));
     return new PostgresDatabase2(connection);
   }
@@ -838,9 +978,36 @@ function createDatabase(connection) {
 
 // src/providers/openai.ts
 var import_openai = __toESM(require("openai"));
+
+// src/providers/base.ts
+function validateBaseUrl(url) {
+  try {
+    const parsed = new URL(url);
+    const isLocalhost = parsed.hostname === "localhost" || parsed.hostname === "127.0.0.1" || parsed.hostname === "::1";
+    if (parsed.protocol !== "https:" && !isLocalhost) {
+      throw new Error(`Insecure protocol: ${parsed.protocol}. Use HTTPS.`);
+    }
+    const blockedHosts = ["169.254.169.254", "metadata.google.internal", "100.100.100.200"];
+    if (blockedHosts.includes(parsed.hostname)) {
+      throw new Error(`Blocked host: ${parsed.hostname}`);
+    }
+    if (!isLocalhost) {
+      const parts = parsed.hostname.split(".").map(Number);
+      if (parts[0] === 10 || parts[0] === 172 && parts[1] >= 16 && parts[1] <= 31 || parts[0] === 192 && parts[1] === 168) {
+        throw new Error(`Private IP blocked: ${parsed.hostname}`);
+      }
+    }
+  } catch (err) {
+    if (err instanceof Error && err.message.includes("blocked") || err instanceof Error && err.message.includes("Insecure")) throw err;
+    throw new Error(`Invalid baseUrl: ${url}`);
+  }
+}
+
+// src/providers/openai.ts
 var OpenAIProvider = class {
   client;
   constructor(config) {
+    if (config.baseUrl) validateBaseUrl(config.baseUrl);
     this.client = new import_openai.default({ apiKey: config.apiKey, baseURL: config.baseUrl });
   }
   async chat(request) {
@@ -895,6 +1062,7 @@ var import_sdk = __toESM(require("@anthropic-ai/sdk"));
 var AnthropicProvider = class {
   client;
   constructor(config) {
+    if (config.baseUrl) validateBaseUrl(config.baseUrl);
     this.client = new import_sdk.default({ apiKey: config.apiKey, baseURL: config.baseUrl });
   }
   async chat(request) {
@@ -953,6 +1121,7 @@ var MistralProvider = class {
   apiKey;
   baseUrl;
   constructor(config) {
+    if (config.baseUrl) validateBaseUrl(config.baseUrl);
     this.apiKey = config.apiKey;
     this.baseUrl = config.baseUrl || "https://api.mistral.ai/v1";
   }
@@ -994,6 +1163,7 @@ var GoogleProvider = class {
   apiKey;
   baseUrl;
   constructor(config) {
+    if (config.baseUrl) validateBaseUrl(config.baseUrl);
     this.apiKey = config.apiKey;
     this.baseUrl = config.baseUrl || "https://generativelanguage.googleapis.com/v1beta";
   }
@@ -1004,9 +1174,9 @@ var GoogleProvider = class {
       role: m.role === "assistant" ? "model" : "user",
       parts: [{ text: m.content }]
     }));
-    const response = await fetch(`${this.baseUrl}/models/${model}:generateContent?key=${this.apiKey}`, {
+    const response = await fetch(`${this.baseUrl}/models/${model}:generateContent`, {
       method: "POST",
-      headers: { "Content-Type": "application/json" },
+      headers: { "Content-Type": "application/json", "x-goog-api-key": this.apiKey },
       body: JSON.stringify({
         contents,
         systemInstruction: systemInstruction ? { parts: [{ text: systemInstruction.content }] } : void 0,
@@ -1040,6 +1210,7 @@ var GoogleProvider = class {
 var OllamaProvider = class {
   baseUrl;
   constructor(config) {
+    if (config.baseUrl) validateBaseUrl(config.baseUrl);
     this.baseUrl = config.baseUrl || "http://localhost:11434";
   }
   async chat(request) {
@@ -1075,6 +1246,50 @@ var OllamaProvider = class {
   }
 };
 
+// src/providers/azure-openai.ts
+var AzureOpenAIProvider = class {
+  apiKey;
+  endpoint;
+  apiVersion;
+  constructor(config) {
+    this.apiKey = config.apiKey;
+    this.endpoint = config.baseUrl || "";
+    this.apiVersion = config.apiVersion || "2024-10-21";
+    if (!this.endpoint) throw new Error("Azure OpenAI requires baseUrl (endpoint URL)");
+  }
+  async chat(request) {
+    const url = `${this.endpoint}/chat/completions?api-version=${this.apiVersion}`;
+    const response = await fetch(url, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        "api-key": this.apiKey
+      },
+      body: JSON.stringify({
+        messages: request.messages.map((m) => ({ role: m.role, content: m.content })),
+        temperature: request.temperature,
+        max_tokens: request.maxTokens,
+        top_p: request.topP,
+        stop: request.stop
+      })
+    });
+    if (!response.ok) {
+      const err = await response.text();
+      throw new Error(`Azure OpenAI error (${response.status}): ${err}`);
+    }
+    const data = await response.json();
+    return {
+      content: data.choices[0]?.message?.content || "",
+      usage: {
+        inputTokens: data.usage?.prompt_tokens || 0,
+        outputTokens: data.usage?.completion_tokens || 0,
+        totalTokens: data.usage?.total_tokens || 0
+      },
+      finishReason: data.choices[0]?.finish_reason
+    };
+  }
+};
+
 // src/rag/knowledge-base.ts
 var import_uuid2 = require("uuid");
 
@@ -1318,6 +1533,8 @@ var KnowledgeBase = class {
     if (tenantId) {
       sql += " WHERE tenant_id = ?";
       params.push(tenantId);
+    } else {
+      sql += " WHERE (tenant_id IS NULL OR tenant_id = '')";
     }
     sql += " ORDER BY created_at DESC";
     return this.db.queryAll(sql, params);
@@ -1340,8 +1557,11 @@ var MemoryCacheStore = class {
   store = /* @__PURE__ */ new Map();
   counters = /* @__PURE__ */ new Map();
   cleanupTimer;
-  constructor() {
+  maxEntries;
+  constructor(options) {
+    this.maxEntries = options?.maxEntries || 1e4;
     this.cleanupTimer = setInterval(() => this.cleanup(), 6e4);
+    this.cleanupTimer.unref();
   }
   /** Stop background cleanup — call on shutdown */
   close() {
@@ -1368,6 +1588,10 @@ var MemoryCacheStore = class {
     return entry.value;
   }
   async set(key, value, ttlSeconds) {
+    if (this.store.size >= this.maxEntries) {
+      const oldestKey = this.store.keys().next().value;
+      if (oldestKey) this.store.delete(oldestKey);
+    }
     this.store.set(key, {
       value,
       expiresAt: ttlSeconds ? Date.now() + ttlSeconds * 1e3 : void 0
@@ -1417,9 +1641,7 @@ var RateLimiter = class {
     if (!scopeId) return { allowed: true, remaining: Infinity, resetAt: 0 };
     const windowKey = `ratelimit:${this.config.scope}:${scopeId}:${this.currentWindow()}`;
     const count = await this.store.incr(windowKey);
-    if (count === 1) {
-      await this.store.expire(windowKey, this.config.windowSeconds);
-    }
+    await this.store.expire(windowKey, this.config.windowSeconds);
     const remaining = Math.max(0, this.config.maxRequests - count);
     const resetAt = Math.ceil(Date.now() / 1e3 / this.config.windowSeconds) * this.config.windowSeconds * 1e3;
     return {
@@ -1482,15 +1704,22 @@ var TenantManager = class {
     if (updates.name) this.db.run("UPDATE bulwark_tenants SET name = ? WHERE id = ?", [updates.name, id]);
     if (updates.settings) this.db.run("UPDATE bulwark_tenants SET settings = ? WHERE id = ?", [JSON.stringify(updates.settings), id]);
   }
-  /** Delete a tenant and ALL its data */
+  /** Delete a tenant and ALL its data (transactional) */
   delete(id) {
-    this.db.run("DELETE FROM bulwark_chunks WHERE tenant_id = ?", [id]);
-    this.db.run("DELETE FROM bulwark_knowledge_sources WHERE tenant_id = ?", [id]);
-    this.db.run("DELETE FROM bulwark_usage WHERE tenant_id = ?", [id]);
-    this.db.run("DELETE FROM bulwark_audit WHERE tenant_id = ?", [id]);
-    this.db.run("DELETE FROM bulwark_policies WHERE tenant_id = ?", [id]);
-    this.db.run("DELETE FROM bulwark_budgets WHERE tenant_id = ?", [id]);
-    this.db.run("DELETE FROM bulwark_tenants WHERE id = ?", [id]);
+    this.db.run("BEGIN TRANSACTION", []);
+    try {
+      this.db.run("DELETE FROM bulwark_chunks WHERE tenant_id = ?", [id]);
+      this.db.run("DELETE FROM bulwark_knowledge_sources WHERE tenant_id = ?", [id]);
+      this.db.run("DELETE FROM bulwark_usage WHERE tenant_id = ?", [id]);
+      this.db.run("DELETE FROM bulwark_audit WHERE tenant_id = ?", [id]);
+      this.db.run("DELETE FROM bulwark_policies WHERE tenant_id = ?", [id]);
+      this.db.run("DELETE FROM bulwark_budgets WHERE tenant_id = ?", [id]);
+      this.db.run("DELETE FROM bulwark_tenants WHERE id = ?", [id]);
+      this.db.run("COMMIT", []);
+    } catch (err) {
+      this.db.run("ROLLBACK", []);
+      throw err;
+    }
   }
   /** Get usage stats for a tenant */
   getUsage(id) {
@@ -1535,10 +1764,23 @@ var AIGateway = class {
   timeoutMs;
   retryConfig;
   fallbacks;
+  failMode;
+  _enabled;
   initialized = false;
   shutdownRequested = false;
   activeRequests = 0;
   constructor(config) {
+    if (config.mode) {
+      const presets = {
+        strict: { pii: { enabled: true, action: "block" }, budgets: { enabled: true, defaultUserLimit: 1e5, onExceeded: "block" }, promptGuard: { enabled: true, action: "block", sensitivity: "high" }, audit: true },
+        balanced: { pii: { enabled: true, action: "redact" }, budgets: { enabled: true, defaultUserLimit: 5e5 }, audit: true },
+        dev: { pii: { enabled: false }, budgets: { enabled: false }, audit: true }
+      };
+      const preset = presets[config.mode];
+      config = { ...preset, ...config, pii: config.pii ?? preset.pii, budgets: config.budgets ?? preset.budgets };
+    }
+    this.failMode = config.failMode || "fail-closed";
+    this._enabled = config.enabled !== false;
     if (!config.providers || Object.keys(config.providers).length === 0) {
       throw new BulwarkError("INVALID_CONFIG", "At least one provider must be configured");
     }
@@ -1576,6 +1818,7 @@ var AIGateway = class {
     if (config.providers.mistral) this.providers.set("mistral", new MistralProvider(config.providers.mistral));
     if (config.providers.google) this.providers.set("google", new GoogleProvider(config.providers.google));
     if (config.providers.ollama) this.providers.set("ollama", new OllamaProvider(config.providers.ollama));
+    if (config.providers.azure) this.providers.set("azure", new AzureOpenAIProvider(config.providers.azure));
     if (config.rag?.enabled && config.providers.openai?.apiKey) {
       this.kb = new KnowledgeBase(this.db, config.rag, config.providers.openai.apiKey);
     }
@@ -1595,12 +1838,16 @@ var AIGateway = class {
    * Pipeline: Validate → PII scan → Policy check → Rate limit → Budget check → [RAG augment] → LLM call (with timeout) → Token count → Cost calc → Audit log
    */
   async chat(request) {
+    if (this._enabled === false) {
+      throw new BulwarkError("GATEWAY_DISABLED", "AI gateway is disabled. Set enabled: true to resume.");
+    }
     if (this.shutdownRequested) {
       throw new BulwarkError("SHUTTING_DOWN", "Gateway is shutting down, not accepting new requests");
     }
     await this.init();
     this.activeRequests++;
     const start = Date.now();
+    const trace = request.debug ? [] : void 0;
     try {
       this.validateRequest(request);
       const model = request.model || "gpt-4o";
@@ -1690,7 +1937,7 @@ var AIGateway = class {
       const hasSystemMsg = messages.some((m) => m.role === "system");
       if (hasSystemMsg) {
         messages = messages.map(
-          (m) => m.role === "system" ? { ...m, content: hardenSystemPrompt(m.content, { preventExtraction: true, enforceGDPR: !!this.piiDetector }) } : m
+          (m) => m.role === "system" ? { ...m, content: hardenSystemPrompt(m.content, { preventExtraction: true, enforceGDPR: this.piiDetector.config?.enabled ?? false }) } : m
         );
       }
       if (request.knowledgeBase && this.kb) {
@@ -1711,7 +1958,7 @@ ${context}
           if (hasSystemMsg) {
             messages = messages.map((m) => m.role === "system" ? { ...m, content: m.content + ragInstruction } : m);
           } else {
-            const basePrompt = hardenSystemPrompt("You are a helpful assistant.", { preventExtraction: true, enforceGDPR: !!this.piiDetector });
+            const basePrompt = hardenSystemPrompt("You are a helpful assistant.", { preventExtraction: true, enforceGDPR: this.piiDetector.config?.enabled ?? false });
             messages = [{ role: "system", content: basePrompt + ragInstruction }, ...messages];
           }
         }
@@ -1753,7 +2000,8 @@ ${context}
         outputTokens: llmResponse.usage.outputTokens,
         costUsd: cost.totalCost,
         durationMs,
-        piiDetections: totalPii || void 0
+        piiDetections: totalPii || void 0,
+        metadata: request.metadata
       });
       return {
         content: outputContent,
@@ -1767,7 +2015,8 @@ ${context}
         ] : void 0,
         sources,
         auditId,
-        durationMs
+        durationMs,
+        trace
       };
     } finally {
       this.activeRequests--;
@@ -1795,26 +2044,31 @@ ${context}
     try {
       this.validateRequest(request);
       const model = request.model || "gpt-4o";
-      const { provider, providerInstance } = this.resolveProvider(model);
       let messages = [...request.messages];
-      const lastMsg = messages[messages.length - 1];
-      if (lastMsg?.role === "user") {
-        const guardResult = this.promptGuard.scan(lastMsg.content);
-        if (!guardResult.safe && !guardResult.sanitizedText) {
-          throw new BulwarkError("PROMPT_INJECTION", `Prompt injection detected: ${guardResult.injections.map((i) => i.pattern).join(", ")}`);
-        }
-        if (guardResult.sanitizedText) {
-          messages = [...messages.slice(0, -1), { ...lastMsg, content: guardResult.sanitizedText }];
+      for (let i = 0; i < messages.length; i++) {
+        const msg = messages[i];
+        if (msg.role === "user") {
+          const guardResult = this.promptGuard.scan(msg.content);
+          if (!guardResult.safe) {
+            if (guardResult.sanitizedText) {
+              messages = [...messages.slice(0, i), { ...msg, content: guardResult.sanitizedText }, ...messages.slice(i + 1)];
+            } else {
+              throw new BulwarkError("PROMPT_INJECTION", `Prompt injection detected in message ${i}: ${guardResult.injections.map((j) => j.pattern).join(", ")}`, { injections: guardResult.injections });
+            }
+          }
         }
       }
       const piiTypes = [];
       if (request.pii !== false) {
-        const userMsg = messages[messages.length - 1];
-        if (userMsg?.role === "user") {
-          const result = this.piiDetector.scan(userMsg.content);
+        for (let i = 0; i < messages.length; i++) {
+          const msg = messages[i];
+          if (msg.role !== "user") continue;
+          const result = this.piiDetector.scan(msg.content);
           piiTypes.push(...result.matches.map((m) => m.type));
-          if (result.blocked) throw new BulwarkError("PII_BLOCKED", "PII detected and blocked");
-          if (result.redacted) messages = [...messages.slice(0, -1), { ...userMsg, content: result.text }];
+          if (result.blocked) throw new BulwarkError("PII_BLOCKED", `PII detected and blocked in message ${i}`);
+          if (result.redacted) {
+            messages = [...messages.slice(0, i), { ...msg, content: result.text }, ...messages.slice(i + 1)];
+          }
         }
       }
       if (!request.skipPolicies) {
@@ -1830,6 +2084,12 @@ ${context}
         const allowed = await this.budgetManager.checkBudget({ userId: request.userId, teamId: request.teamId, tenantId: request.tenantId });
         if (!allowed.ok) throw new BulwarkError("BUDGET_EXCEEDED", "Budget exceeded");
       }
+      const hasSystemMsg = messages.some((m) => m.role === "system");
+      if (hasSystemMsg) {
+        messages = messages.map(
+          (m) => m.role === "system" ? { ...m, content: hardenSystemPrompt(m.content, { preventExtraction: true, enforceGDPR: this.piiDetector.config?.enabled ?? false }) } : m
+        );
+      }
       let sources = void 0;
       if (request.knowledgeBase && this.kb) {
         const results = await this.kb.search(messages[messages.length - 1]?.content || "", { tenantId: request.tenantId, topK: 6 });
@@ -1838,14 +2098,20 @@ ${context}
           const context = results.map((r, i) => `[${i + 1}] ${r.chunk.sourceName}: ${r.chunk.content}`).join("\n\n");
           const ragInstruction = `
 
+Use ONLY the following knowledge base context to answer. Cite sources using [1], [2] etc.
+
 --- KNOWLEDGE BASE CONTEXT ---
 ${context}
 --- END CONTEXT ---`;
-          const sysMsg = messages.find((m) => m.role === "system");
-          if (sysMsg) messages = messages.map((m) => m.role === "system" ? { ...m, content: m.content + ragInstruction } : m);
-          else messages = [{ role: "system", content: "You are a helpful assistant." + ragInstruction }, ...messages];
+          if (hasSystemMsg) {
+            messages = messages.map((m) => m.role === "system" ? { ...m, content: m.content + ragInstruction } : m);
+          } else {
+            const basePrompt = hardenSystemPrompt("You are a helpful assistant.", { preventExtraction: true, enforceGDPR: this.piiDetector.config?.enabled ?? false });
+            messages = [{ role: "system", content: basePrompt + ragInstruction }, ...messages];
+          }
         }
       }
+      const { provider, providerInstance } = this.resolveProvider(model);
       if (sources) yield { type: "sources", sources };
       if (piiTypes.length > 0) yield { type: "pii_warning", piiTypes };
       if (!providerInstance.chatStream) {
@@ -1971,6 +2237,7 @@ ${context}
     if (m.startsWith("mistral") || m.startsWith("codestral") || m.startsWith("pixtral")) return this.getProvider("mistral");
     if (m.startsWith("gemini") || m.startsWith("palm")) return this.getProvider("google");
     if (m.startsWith("llama") || m.startsWith("phi") || m.startsWith("qwen") || m.startsWith("deepseek") || m.startsWith("codellama")) return this.getProvider("ollama");
+    if (this.providers.has("azure")) return this.getProvider("azure");
     return this.getProvider("openai");
   }
   getProvider(name) {
@@ -2010,6 +2277,13 @@ ${context}
   get tenants() {
     return this._tenantManager;
   }
+  /** Kill switch — disable/enable the gateway at runtime */
+  get enabled() {
+    return this._enabled;
+  }
+  set enabled(value) {
+    this._enabled = value;
+  }
 };
 var BulwarkError = class _BulwarkError extends Error {
   code;
@@ -2032,6 +2306,7 @@ var BulwarkError = class _BulwarkError extends Error {
       INVALID_CONFIG: 400,
       PII_BLOCKED: 403,
       POLICY_BLOCKED: 403,
+      PROMPT_INJECTION: 400,
       PROVIDER_NOT_CONFIGURED: 404,
       RATE_LIMITED: 429,
       BUDGET_EXCEEDED: 429,
@@ -2060,12 +2335,35 @@ async function parsePDF(buffer) {
 function parseHTML(html) {
   return html.replace(/<script[^>]*>[\s\S]*?<\/script>/gi, "").replace(/<style[^>]*>[\s\S]*?<\/style>/gi, "").replace(/<[^>]+>/g, " ").replace(/&nbsp;/g, " ").replace(/&amp;/g, "&").replace(/&lt;/g, "<").replace(/&gt;/g, ">").replace(/&quot;/g, '"').replace(/&#39;/g, "'").replace(/\s+/g, " ").trim();
 }
+function splitCSVLine(line) {
+  const fields = [];
+  let current = "";
+  let inQuotes = false;
+  for (let i = 0; i < line.length; i++) {
+    const ch = line[i];
+    if (ch === '"') {
+      if (inQuotes && line[i + 1] === '"') {
+        current += '"';
+        i++;
+      } else {
+        inQuotes = !inQuotes;
+      }
+    } else if (ch === "," && !inQuotes) {
+      fields.push(current.trim());
+      current = "";
+    } else {
+      current += ch;
+    }
+  }
+  fields.push(current.trim());
+  return fields;
+}
 function parseCSV(csv) {
   const lines = csv.split("\n").filter((l) => l.trim());
   if (lines.length === 0) return "";
-  const headers = lines[0].split(",").map((h) => h.trim().replace(/^"|"$/g, ""));
+  const headers = splitCSVLine(lines[0]);
   const rows = lines.slice(1).map((line) => {
-    const values = line.split(",").map((v) => v.trim().replace(/^"|"$/g, ""));
+    const values = splitCSVLine(line);
     return headers.map((h, i) => `${h}: ${values[i] || ""}`).join(", ");
   });
   return rows.join("\n");
@@ -2178,19 +2476,6 @@ var ResponseCache = class {
   }
 };
 
-// src/streaming.ts
-async function* createStreamAdapter(providerStream, metadata) {
-  if (metadata.sources && metadata.sources.length > 0) {
-    yield { type: "sources", data: { sources: metadata.sources } };
-  }
-  if (metadata.piiWarnings && metadata.piiWarnings.length > 0) {
-    yield { type: "pii_warning", data: { piiTypes: metadata.piiWarnings } };
-  }
-  for await (const chunk of providerStream) {
-    yield { type: "delta", data: { content: chunk } };
-  }
-}
-
 // src/compliance/gdpr.ts
 var GDPRManager = class {
   db;
@@ -2277,8 +2562,11 @@ var GDPRManager = class {
   }
   deleteAndCount(sql, param) {
     try {
+      const countSql = sql.replace(/^DELETE FROM/, "SELECT COUNT(*) as c FROM");
+      const row = this.db.queryOne(countSql, [param]);
+      const count = row?.c || 0;
       this.db.run(sql, [param]);
-      return 0;
+      return count;
     } catch {
       return 0;
     }
@@ -2286,6 +2574,13 @@ var GDPRManager = class {
 };
 
 // src/compliance/soc2.ts
+var BULWARK_VERSION = (() => {
+  try {
+    return require_package().version;
+  } catch {
+    return "0.1.x";
+  }
+})();
 var SOC2Manager = class {
   db;
   config;
@@ -2427,7 +2722,7 @@ var SOC2Manager = class {
       // consumer should populate from their provider config
       uptime: Math.floor((Date.now() - this.startTime) / 1e3),
       activeRequests,
-      version: "0.1.0"
+      version: BULWARK_VERSION
     };
   }
 };
@@ -2754,50 +3049,6 @@ var DataResidencyManager = class {
   }
 };
 
-// src/providers/azure-openai.ts
-var AzureOpenAIProvider = class {
-  apiKey;
-  endpoint;
-  apiVersion;
-  constructor(config) {
-    this.apiKey = config.apiKey;
-    this.endpoint = config.baseUrl || "";
-    this.apiVersion = config.apiVersion || "2024-10-21";
-    if (!this.endpoint) throw new Error("Azure OpenAI requires baseUrl (endpoint URL)");
-  }
-  async chat(request) {
-    const url = `${this.endpoint}/chat/completions?api-version=${this.apiVersion}`;
-    const response = await fetch(url, {
-      method: "POST",
-      headers: {
-        "Content-Type": "application/json",
-        "api-key": this.apiKey
-      },
-      body: JSON.stringify({
-        messages: request.messages.map((m) => ({ role: m.role, content: m.content })),
-        temperature: request.temperature,
-        max_tokens: request.maxTokens,
-        top_p: request.topP,
-        stop: request.stop
-      })
-    });
-    if (!response.ok) {
-      const err = await response.text();
-      throw new Error(`Azure OpenAI error (${response.status}): ${err}`);
-    }
-    const data = await response.json();
-    return {
-      content: data.choices[0]?.message?.content || "",
-      usage: {
-        inputTokens: data.usage?.prompt_tokens || 0,
-        outputTokens: data.usage?.completion_tokens || 0,
-        totalTokens: data.usage?.total_tokens || 0
-      },
-      finishReason: data.choices[0]?.finish_reason
-    };
-  }
-};
-
 // src/middleware/express.ts
 function bulwarkMiddleware(gateway) {
   return (req, _res, next) => {
@@ -2812,7 +3063,7 @@ function bulwarkRouter(gateway, options) {
   router.post("/chat", async (req, res) => {
     try {
       const authCtx = options?.auth?.(req) || {};
-      const { messages, model, temperature, maxTokens, topP, stop, knowledgeBase, pii, skipPolicies, stream: _stream } = req.body;
+      const { messages, model, temperature, maxTokens, topP, stop, knowledgeBase } = req.body;
       const response = await gateway.chat({
         messages,
         model,
@@ -2821,8 +3072,6 @@ function bulwarkRouter(gateway, options) {
         topP,
         stop,
         knowledgeBase,
-        pii,
-        skipPolicies,
         userId: authCtx.userId,
         teamId: authCtx.teamId,
         tenantId: authCtx.tenantId
@@ -2848,7 +3097,7 @@ function bulwarkRouter(gateway, options) {
     }, 3e5);
     try {
       const authCtx = options?.auth?.(req) || {};
-      const { messages, model, temperature, maxTokens, topP, stop, knowledgeBase, pii, skipPolicies } = req.body;
+      const { messages, model, temperature, maxTokens, topP, stop, knowledgeBase } = req.body;
       const stream = gateway.chatStream({
         messages,
         model,
@@ -2857,8 +3106,6 @@ function bulwarkRouter(gateway, options) {
         topP,
         stop,
         knowledgeBase,
-        pii,
-        skipPolicies,
         userId: authCtx.userId,
         teamId: authCtx.teamId,
         tenantId: authCtx.tenantId
@@ -2921,11 +3168,18 @@ function createNextHandler(gateway, options) {
     try {
       const body = await req.json();
       const authCtx = options?.auth?.(req) || {};
+      const { messages, model, temperature, maxTokens, topP, stop, knowledgeBase } = body;
       const response = await gateway.chat({
-        ...body,
-        userId: authCtx.userId || body.userId,
-        teamId: authCtx.teamId || body.teamId,
-        tenantId: authCtx.tenantId || body.tenantId
+        messages,
+        model,
+        temperature,
+        maxTokens,
+        topP,
+        stop,
+        knowledgeBase,
+        userId: authCtx.userId,
+        teamId: authCtx.teamId,
+        tenantId: authCtx.tenantId
       });
       return jsonResponse(response);
     } catch (err) {
@@ -2936,15 +3190,17 @@ function createNextHandler(gateway, options) {
     }
   };
 }
-function createNextAuditHandler(gateway) {
+function createNextAuditHandler(gateway, options) {
   return async function GET(req) {
+    const authCtx = options?.auth?.(req);
+    if (!authCtx) return jsonResponse({ error: "Authentication required", code: "UNAUTHORIZED" }, 401);
     const params = req.nextUrl?.searchParams || new URL(req.url || "http://localhost").searchParams;
     const limit = Math.min(Math.max(1, Number(params.get("limit")) || 50), 1e3);
     const offset = Math.max(0, Number(params.get("offset")) || 0);
     const entries = await gateway.audit.query({
-      userId: params.get("userId") || void 0,
+      userId: authCtx.userId || params.get("userId") || void 0,
       teamId: params.get("teamId") || void 0,
-      tenantId: params.get("tenantId") || void 0,
+      tenantId: authCtx.tenantId || params.get("tenantId") || void 0,
       action: params.get("action") || void 0,
       from: params.get("from") || void 0,
       to: params.get("to") || void 0,
@@ -2963,11 +3219,18 @@ function bulwarkPlugin(fastify, options, done) {
       const request = req;
       const authCtx = auth?.(req) || {};
       const body = request.body;
+      const { messages, model, temperature, maxTokens, topP, stop, knowledgeBase } = body;
       const response = await gateway.chat({
-        ...body,
-        userId: authCtx.userId || body.userId,
-        teamId: authCtx.teamId || body.teamId,
-        tenantId: authCtx.tenantId || body.tenantId
+        messages,
+        model,
+        temperature,
+        maxTokens,
+        topP,
+        stop,
+        knowledgeBase,
+        userId: authCtx.userId,
+        teamId: authCtx.teamId,
+        tenantId: authCtx.tenantId
       });
       return reply.send(response);
     } catch (err) {
@@ -2978,11 +3241,13 @@ function bulwarkPlugin(fastify, options, done) {
     }
   });
   fastify.get(`${options.prefix || ""}/audit`, async (req, reply) => {
+    const authCtx = auth?.(req);
+    if (!authCtx) return reply.status(401).send({ error: "Authentication required", code: "UNAUTHORIZED" });
     const q = req.query;
     const entries = await gateway.audit.query({
-      userId: q.userId,
+      userId: authCtx.userId || q.userId,
       teamId: q.teamId,
-      tenantId: q.tenantId,
+      tenantId: authCtx.tenantId || q.tenantId,
       action: q.action,
       from: q.from,
       to: q.to,
@@ -3047,6 +3312,7 @@ function createAdminRouter(gateway, options) {
     if (!gateway.rag) return res.status(400).json({ error: "RAG not enabled" });
     const { content, name, type, tenantId } = req.body;
     if (!content || !name) return res.status(400).json({ error: "content and name required" });
+    if (typeof content === "string" && content.length > 10 * 1024 * 1024) return res.status(400).json({ error: "Content too large (max 10MB)" });
     try {
       const result = await gateway.rag.ingest(content, { name, type: type || "text", tenantId });
       res.json({ success: true, ...result });
@@ -3072,8 +3338,12 @@ function createAdminRouter(gateway, options) {
   });
   router.get("/policies", (_req, res) => res.json({ policies: gateway.policies.getPolicies() }));
   router.post("/policies", (req, res) => {
+    const policy = req.body;
+    if (!policy.id || !policy.name || !policy.type || !policy.action) {
+      return res.status(400).json({ error: "Policy requires: id, name, type, action" });
+    }
     try {
-      gateway.policies.addPolicy(req.body);
+      gateway.policies.addPolicy(policy);
       res.json({ success: true });
     } catch (err) {
       res.status(400).json({ error: err instanceof Error ? err.message : "Failed" });
@@ -3110,6 +3380,12 @@ function createAdminRouter(gateway, options) {
   router.post("/budgets", (req, res) => {
     const { scopeType, scopeId, monthlyTokenLimit, monthlyCostLimit, tenantId } = req.body;
     if (!scopeType || !scopeId) return res.status(400).json({ error: "scopeType and scopeId required" });
+    if (monthlyTokenLimit !== void 0 && (typeof monthlyTokenLimit !== "number" || monthlyTokenLimit < 0)) {
+      return res.status(400).json({ error: "monthlyTokenLimit must be a non-negative number" });
+    }
+    if (monthlyCostLimit !== void 0 && (typeof monthlyCostLimit !== "number" || monthlyCostLimit < 0)) {
+      return res.status(400).json({ error: "monthlyCostLimit must be a non-negative number" });
+    }
     const id = `budget_${Date.now()}_${Math.random().toString(36).slice(2, 8)}`;
     gateway.database.run(
       "INSERT INTO bulwark_budgets (id, tenant_id, scope_type, scope_id, monthly_token_limit, monthly_cost_limit) VALUES (?, ?, ?, ?, ?, ?)",
@@ -3191,7 +3467,6 @@ function createAdminRouter(gateway, options) {
   createDatabase,
   createNextAuditHandler,
   createNextHandler,
-  createStreamAdapter,
   getDashboard,
   hardenSystemPrompt,
   parseCSV,