@cdot65/prisma-airs-cursor-hooks 0.1.0

package/LICENSE

@@ -0,0 +1,201 @@
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright [yyyy] [name of copyright owner]
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.

package/README.md

@@ -0,0 +1,295 @@
+# Prisma AIRS Cursor Hooks
+
+Cursor IDE hooks that scan prompts and AI responses in real-time using [Prisma AI Runtime Security (AIRS)](https://www.paloaltonetworks.com/prisma/ai-runtime-security). Intercepts prompts before they reach the AI agent and responses before they're displayed, scanning for prompt injections, malicious code, sensitive data leakage, and policy violations.
+
+Built on the [`@cdot65/prisma-airs-sdk`](https://github.com/cdot65/prisma-airs-sdk).
+
+## Architecture
+
+```
+Developer prompt → beforeSubmitPrompt hook → AIRS Sync API → allow/block
+                                                  ↓
+                        Cursor AI Agent (if allowed)
+                                                  ↓
+AI response → afterAgentResponse hook → code extractor → AIRS Sync API → allow/block
+                                         ↓
+                        (response field + code_response field)
+```
+
+Both hooks use Cursor's native hooks.json system. They receive structured JSON on stdin, scan via the AIRS API, and reply on stdout (`{ "continue": false }` to block prompts, `{ "permission": "deny" }` + exit code 2 to block responses).
+
+## Prerequisites
+
+- **Node.js 18+** (native fetch, crypto.randomUUID)
+- **Cursor IDE** (with hooks support)
+- **Prisma AIRS API key** and regional endpoint URL
+- **AIRS security profiles** configured for prompt and response scanning
+
+## Setup
+
+### Option A: Install from npm (recommended)
+
+```bash
+npm install -g @cdot65/prisma-airs-cursor-hooks
+```
+
+Then register hooks in Cursor:
+
+```bash
+prisma-airs-hooks install --global
+```
+
+### Option B: Install from source
+
+```bash
+git clone https://github.com/cdot65/prisma-airs-cursor-hooks.git
+cd prisma-airs-cursor-hooks
+npm install   # also runs `npm run build` via prepare hook
+```
+
+### 2. Set environment variables
+
+Add to your shell profile (`~/.zshrc`, `~/.bashrc`, etc.):
+
+```bash
+export AIRS_API_KEY=<your-x-pan-token>
+export AIRS_API_ENDPOINT=https://service.api.aisecurity.paloaltonetworks.com  # optional, defaults to US
+export AIRS_PROMPT_PROFILE=cursor-ide-prompt-profile      # optional
+export AIRS_RESPONSE_PROFILE=cursor-ide-response-profile  # optional
+```
+
+> **Note:** Cursor inherits your shell environment, so hooks automatically have access to these variables. Only `AIRS_API_KEY` is required — endpoint defaults to US and profile names default to `cursor-ide-prompt-profile` / `cursor-ide-response-profile`.
+
+Available regional endpoints:
+| Region | Endpoint |
+|--------|----------|
+| US (default) | `https://service.api.aisecurity.paloaltonetworks.com` |
+| EU | `https://service-de.api.aisecurity.paloaltonetworks.com` |
+| India | `https://service-in.api.aisecurity.paloaltonetworks.com` |
+| Singapore | `https://service-sg.api.aisecurity.paloaltonetworks.com` |
+
+### 3. Validate connectivity
+
+```bash
+# Test that your API key and endpoint work
+npm run validate-connection
+
+# Confirm prompt injection detection is active
+npm run validate-detection
+```
+
+### 4. Install hooks into Cursor
+
+If installed from npm:
+
+```bash
+prisma-airs-hooks install --global
+```
+
+If installed from source:
+
+```bash
+npm run install-hooks -- --global  # all workspaces (~/.cursor/hooks.json)
+```
+
+This writes `hooks.json` registering two hooks pointing at precompiled JS in `dist/`:
+- **`beforeSubmitPrompt`** — scans every prompt before it reaches the AI agent
+- **`afterAgentResponse`** — scans every AI response (with code extraction) before display
+
+It also copies `airs-config.json` to the hooks config directory.
+
+> **Why compiled JS?** Hooks run as a fresh process on every prompt/response. Using precompiled JS (`node dist/...`) vs TypeScript (`npx tsx src/...`) eliminates ~1.5s of startup overhead per invocation (npx resolution + tsx transpilation). See [Development mode](#development-mode) for the tsx alternative.
+
+### 5. Restart Cursor
+
+Cursor reads `hooks.json` at startup. **Restart Cursor** to activate the hooks.
+
+### 6. Verify installation
+
+```bash
+npm run verify-hooks
+```
+
+## Configuration
+
+Runtime config lives at `.cursor/hooks/airs-config.json`:
+
+```json
+{
+  "endpoint": "${AIRS_API_ENDPOINT}",
+  "apiKeyEnvVar": "AIRS_API_KEY",
+  "profiles": {
+    "prompt": "cursor-ide-prompt-profile",
+    "response": "cursor-ide-response-profile"
+  },
+  "mode": "observe",
+  "timeout_ms": 3000,
+  "retry": {
+    "enabled": true,
+    "max_attempts": 1,
+    "backoff_base_ms": 200
+  },
+  "logging": {
+    "path": ".cursor/hooks/airs-scan.log",
+    "include_content": false
+  },
+  "enforcement": {
+    "prompt_injection": "block",
+    "dlp": "block",
+    "malicious_code": "block",
+    "url_categorization": "block",
+    "toxicity": "block",
+    "custom_topic": "block"
+  },
+  "circuit_breaker": {
+    "enabled": true,
+    "failure_threshold": 5,
+    "cooldown_ms": 60000
+  }
+}
+```
+
+### Modes
+
+| Mode | Behavior |
+|------|----------|
+| `observe` | Log scan results, never block (default — start here) |
+| `enforce` | Block prompts/responses that AIRS flags |
+| `bypass` | Skip scanning entirely |
+
+### Enforcement actions
+
+When `mode` is `enforce`, each detection service can be configured independently:
+
+| Action | Behavior |
+|--------|----------|
+| `block` | Prevent the prompt/response from passing through |
+| `mask` | Log a warning and allow through (DLP masking) |
+| `allow` | Log but allow through |
+
+### Circuit breaker
+
+After `failure_threshold` consecutive AIRS API failures, scanning is temporarily bypassed for `cooldown_ms` milliseconds. A probe request is sent after cooldown — if it succeeds, scanning resumes normally.
+
+## Scanning details
+
+### Prompt scanning (beforeSubmitPrompt)
+
+- Prompt text sent to AIRS with `prompt` content key
+- Scanned against the prompt security profile (prompt injection, DLP, toxicity, custom topics)
+
+### Response scanning (afterAgentResponse)
+
+- AI response is parsed by the code extractor:
+  - Fenced code blocks (` ```lang `) are extracted with language detection
+  - Indented code blocks (4+ spaces) are detected
+  - Heuristic fallback for unfenced code-like content
+- Natural language goes in the `response` field
+- Extracted code goes in the `code_response` field (triggers WildFire/ATP malicious code detection)
+- Scanned against the response security profile (malicious code, DLP, URL categorization, toxicity)
+
+### Fail-open design
+
+Scanning **never blocks the developer workflow** on infrastructure failures:
+- `failClosed: false` in hooks.json — Cursor allows through if the hook process crashes
+- Network errors and timeouts return `{ "permission": "allow" }`
+- Config errors return allow with a warning message
+- Circuit breaker bypasses scanning after consecutive failures
+
+## Commands
+
+| Command | Description |
+|---------|-------------|
+| `npm run build` | Compile hooks to `dist/` (also runs on `npm install`) |
+| `npm test` | Run all tests (66 tests across 9 suites) |
+| `npm run typecheck` | TypeScript type checking |
+| `npm run validate-connection` | Test AIRS API connectivity |
+| `npm run validate-detection` | Verify prompt injection detection |
+| `npm run install-hooks` | Write AIRS entries to `.cursor/hooks.json` |
+| `npm run uninstall-hooks` | Remove AIRS entries from `.cursor/hooks.json` |
+| `npm run verify-hooks` | Check hooks are installed and env vars set |
+| `npm run stats` | Show scan statistics from log file |
+| `npm run stats -- --since 7d --json` | Stats for last 7 days as JSON |
+
+## Uninstall
+
+```bash
+# npm global install
+prisma-airs-hooks uninstall --global
+
+# from source
+npm run uninstall-hooks -- --global
+```
+
+Removes AIRS entries from `.cursor/hooks.json` while preserving other hooks, config, and logs. Restart Cursor after uninstalling.
+
+## Development
+
+```bash
+# Install dependencies + build
+npm install
+
+# Run tests in watch mode
+npm run test:watch
+
+# Type check
+npm run typecheck
+
+# Rebuild after source changes
+npm run build
+
+# Build docs
+npm run docs:build
+```
+
+### Development mode
+
+During development you can run hooks directly from TypeScript source without a build step. This is useful when iterating on hook logic — changes take effect immediately without rebuilding.
+
+Manually edit `~/.cursor/hooks.json` (or `.cursor/hooks.json`) to use tsx:
+
+```json
+{
+  "command": "npx tsx \"/path/to/prisma-airs-cursor-hooks/src/hooks/before-submit-prompt.ts\""
+}
+```
+
+This adds ~1.5s per hook invocation compared to compiled JS, so switch back to `node dist/...` for production use:
+
+```bash
+npm run build
+npm run install-hooks -- --global
+```
+
+### Project structure
+
+```
+src/                           TypeScript source
+  hooks/
+    before-submit-prompt.ts    Cursor beforeSubmitPrompt entry point
+    after-agent-response.ts    Cursor afterAgentResponse entry point
+  config.ts                    Config loader (project → global fallback)
+  airs-client.ts               SDK wrapper with circuit breaker
+  scanner.ts                   Scan orchestration + DLP masking + UX messages
+  code-extractor.ts            Separates code from natural language
+  logger.ts                    JSON Lines logging with rotation
+  circuit-breaker.ts           Failure tracking with cooldown bypass
+  dlp-masking.ts               Per-service enforcement actions
+  log-rotation.ts              Rotate logs at 10MB
+  types.ts                     TypeScript interfaces
+  adapters/                    Multi-IDE adapter layer
+dist/                          Compiled JS (production hooks point here)
+scripts/
+  install-hooks.ts             Write .cursor/hooks.json (points at dist/)
+  uninstall-hooks.ts           Remove AIRS entries from hooks.json
+  verify-hooks.ts              Tamper detection
+  validate-connection.ts       Test AIRS connectivity
+  validate-detection.ts        Verify detection works
+  airs-stats.ts                Scan statistics CLI
+test/
+  9 test suites, 66 tests (incl. compiled JS integration tests)
+```
+
+## License
+
+MIT

package/airs-config.json

@@ -0,0 +1,32 @@
+{
+  "endpoint": "${AIRS_API_ENDPOINT}",
+  "apiKeyEnvVar": "AIRS_API_KEY",
+  "profiles": {
+    "prompt": "${AIRS_PROMPT_PROFILE}",
+    "response": "${AIRS_RESPONSE_PROFILE}"
+  },
+  "mode": "enforce",
+  "timeout_ms": 3000,
+  "retry": {
+    "enabled": true,
+    "max_attempts": 1,
+    "backoff_base_ms": 200
+  },
+  "logging": {
+    "path": ".cursor/hooks/airs-scan.log",
+    "include_content": false
+  },
+  "enforcement": {
+    "prompt_injection": "block",
+    "dlp": "block",
+    "malicious_code": "block",
+    "url_categorization": "block",
+    "toxicity": "block",
+    "custom_topic": "block"
+  },
+  "circuit_breaker": {
+    "enabled": true,
+    "failure_threshold": 5,
+    "cooldown_ms": 60000
+  }
+}

package/dist/adapters/cursor-adapter.js

@@ -0,0 +1,51 @@
+/**
+ * Cursor IDE hook adapter.
+ *
+ * Cursor hooks contract (v1):
+ *   stdin  → structured JSON with event-specific fields
+ *   stdout → JSON { permission: "allow"|"deny"|"ask", userMessage?, agentMessage? }
+ *   exit 0 = success; exit 2 = deny
+ *   stderr → debug logs (shown in Cursor's "Hooks" output panel)
+ *
+ * Environment variables injected by Cursor:
+ *   CURSOR_PROJECT_DIR, CURSOR_VERSION, CURSOR_USER_EMAIL,
+ *   CURSOR_TRANSCRIPT_PATH, CURSOR_CODE_REMOTE
+ */
+export class CursorHookAdapter {
+    preSendHandler;
+    preDisplayHandler;
+    registerPreSend(handler) {
+        this.preSendHandler = handler;
+    }
+    registerPreDisplay(handler) {
+        this.preDisplayHandler = handler;
+    }
+    /** Execute a hook given parsed content and the registered handler */
+    async execute(content, handler) {
+        if (!handler) {
+            this.respond({ permission: "allow" });
+            return;
+        }
+        try {
+            const result = await handler(content);
+            if (result.action === "block") {
+                this.respond({
+                    permission: "deny",
+                    userMessage: result.message ?? "Blocked by Prisma AIRS.",
+                });
+                return;
+            }
+            const output = { permission: "allow" };
+            if (result.message)
+                output.userMessage = result.message;
+            this.respond(output);
+        }
+        catch {
+            // Fail-open
+            this.respond({ permission: "allow" });
+        }
+    }
+    respond(output) {
+        process.stdout.write(JSON.stringify(output) + "\n");
+    }
+}

package/dist/adapters/index.js

@@ -0,0 +1 @@
+export { CursorHookAdapter } from "./cursor-adapter.js";

package/dist/adapters/types.js

@@ -0,0 +1 @@
+export {};

package/dist/airs-client.js

@@ -0,0 +1,92 @@
+import { init, Scanner, Content, AISecSDKException, } from "@cdot65/prisma-airs-sdk";
+import { getApiKey } from "./config.js";
+import { CircuitBreaker } from "./circuit-breaker.js";
+let initialized = false;
+/** Module-level circuit breaker — persists across scans within a process */
+let breaker = null;
+/** Initialize the SDK from our hook config */
+function ensureInit(config, logger) {
+    if (!initialized) {
+        const apiKey = getApiKey(config);
+        init({
+            apiKey,
+            apiEndpoint: config.endpoint,
+            numRetries: config.retry.enabled ? config.retry.max_attempts : 0,
+        });
+        initialized = true;
+    }
+    if (!breaker && config.circuit_breaker?.enabled) {
+        breaker = new CircuitBreaker({
+            failureThreshold: config.circuit_breaker.failure_threshold,
+            cooldownMs: config.circuit_breaker.cooldown_ms,
+        }, (from, to) => {
+            logger?.logEvent("circuit_breaker_transition", { from, to });
+        });
+    }
+}
+/** Reset init state (for testing) */
+export function resetInit() {
+    initialized = false;
+    breaker = null;
+}
+/** Get the current circuit breaker (exposed for stats/diagnostics) */
+export function getCircuitBreaker() {
+    return breaker;
+}
+/** Synthetic fail-open result when circuit breaker is open */
+function circuitOpenResult() {
+    return {
+        action: "allow",
+        scan_id: "",
+        report_id: "",
+        category: "bypassed",
+    };
+}
+/** Scan a prompt via AIRS Sync API using the SDK */
+export async function scanPromptContent(config, prompt, appUser, logger) {
+    ensureInit(config, logger);
+    // Circuit breaker check — bypass scan if open
+    if (breaker && !breaker.shouldAllow()) {
+        logger?.logEvent("scan_bypassed_circuit_open", { direction: "prompt" });
+        return { result: circuitOpenResult(), latencyMs: 0 };
+    }
+    const scanner = new Scanner();
+    const content = new Content({ prompt });
+    const start = Date.now();
+    try {
+        const result = await scanner.syncScan({ profile_name: config.profiles.prompt }, content, { metadata: { app_name: "cursor-ide", app_user: appUser } });
+        const latencyMs = Date.now() - start;
+        breaker?.recordSuccess();
+        return { result, latencyMs };
+    }
+    catch (err) {
+        breaker?.recordFailure();
+        throw err;
+    }
+}
+/** Scan a response (with optional code) via AIRS Sync API using the SDK */
+export async function scanResponseContent(config, response, codeResponse, appUser, logger) {
+    ensureInit(config, logger);
+    if (breaker && !breaker.shouldAllow()) {
+        logger?.logEvent("scan_bypassed_circuit_open", { direction: "response" });
+        return { result: circuitOpenResult(), latencyMs: 0 };
+    }
+    const scanner = new Scanner();
+    const contentOpts = { response };
+    if (codeResponse) {
+        contentOpts.codeResponse = codeResponse;
+    }
+    const content = new Content(contentOpts);
+    const start = Date.now();
+    try {
+        const result = await scanner.syncScan({ profile_name: config.profiles.response }, content, { metadata: { app_name: "cursor-ide", app_user: appUser } });
+        const latencyMs = Date.now() - start;
+        breaker?.recordSuccess();
+        return { result, latencyMs };
+    }
+    catch (err) {
+        breaker?.recordFailure();
+        throw err;
+    }
+}
+export { AISecSDKException };