@congzhen/changewayguard 6.8.12

package/dist/gateway/restorer.js

@@ -0,0 +1,284 @@
+/**
+ * AI Security Gateway - Content Restorer
+ *
+ * Restores sanitized placeholders back to original values.
+ * Handles LLM corruption patterns (missing underscores, case variations).
+ *
+ * Placeholder format: __PII_<ENTITY_TYPE>_<SERIAL_ID>__
+ */
+/**
+ * Build a map from placeholder patterns to original values
+ * Handles variations that LLMs might produce
+ */
+function buildRestorationMap(mappingTable) {
+    const restorationMap = new Map();
+    for (const [placeholder, originalValue] of mappingTable.entries()) {
+        // Extract the core pattern from placeholder like __PII_EMAIL_ADDRESS_00000001__
+        const match = placeholder.match(/^__PII_([A-Z_]+)_(\d+)__$/);
+        if (!match) {
+            // Fallback: exact match only
+            restorationMap.set(new RegExp(escapeRegex(placeholder), "g"), originalValue);
+            continue;
+        }
+        const entityType = match[1];
+        const serialId = match[2];
+        // Create flexible pattern that handles LLM corruption:
+        // - Missing leading/trailing underscores
+        // - Case variations
+        // - Extra spaces
+        const flexiblePattern = new RegExp(`_?_?PII[_\\s]*${entityType}[_\\s]*${serialId}_?_?`, "gi");
+        restorationMap.set(flexiblePattern, originalValue);
+    }
+    return restorationMap;
+}
+/**
+ * Escape special regex characters
+ */
+function escapeRegex(str) {
+    return str.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
+}
+/**
+ * Restore placeholders in a string
+ */
+function restoreText(text, mappingTable) {
+    if (mappingTable.size === 0)
+        return text;
+    let restored = text;
+    // First pass: exact matches (fastest)
+    for (const [placeholder, originalValue] of mappingTable.entries()) {
+        if (restored.includes(placeholder)) {
+            restored = restored.split(placeholder).join(originalValue);
+        }
+    }
+    // Second pass: flexible patterns for LLM corruption
+    const restorationMap = buildRestorationMap(mappingTable);
+    for (const [pattern, originalValue] of restorationMap.entries()) {
+        restored = restored.replace(pattern, originalValue);
+    }
+    // Third pass: handle "leaked ID suffix" pattern
+    // LLM might output: "original_value_00000001" instead of just "original_value"
+    for (const [placeholder, originalValue] of mappingTable.entries()) {
+        const match = placeholder.match(/^__PII_[A-Z_]+_(\d+)__$/);
+        if (match) {
+            const serialId = match[1];
+            // Pattern: original value followed by underscore and serial ID
+            const leakedPattern = new RegExp(escapeRegex(originalValue) + `[_\\s]*${serialId}`, "g");
+            restored = restored.replace(leakedPattern, originalValue);
+        }
+    }
+    return restored;
+}
+/**
+ * Recursively restore any value (string, object, array)
+ */
+function restoreValue(value, mappingTable) {
+    if (typeof value === "string") {
+        return restoreText(value, mappingTable);
+    }
+    if (Array.isArray(value)) {
+        return value.map((item) => restoreValue(item, mappingTable));
+    }
+    if (value !== null && typeof value === "object") {
+        const restored = {};
+        for (const [key, val] of Object.entries(value)) {
+            restored[key] = restoreValue(val, mappingTable);
+        }
+        return restored;
+    }
+    return value;
+}
+/**
+ * Restore any content (object, array, string) using the mapping table
+ */
+export function restore(content, mappingTable) {
+    if (mappingTable.size === 0)
+        return content;
+    return restoreValue(content, mappingTable);
+}
+/**
+ * Restore a JSON string
+ * Useful for SSE streaming where each chunk is a JSON string
+ */
+export function restoreJSON(jsonString, mappingTable) {
+    if (mappingTable.size === 0)
+        return jsonString;
+    try {
+        const parsed = JSON.parse(jsonString);
+        const restored = restore(parsed, mappingTable);
+        return JSON.stringify(restored);
+    }
+    catch {
+        // If not valid JSON, treat as plain text
+        return restoreText(jsonString, mappingTable);
+    }
+}
+/**
+ * Restore SSE data line (for streaming responses)
+ * Format: "data: {...}\n"
+ */
+export function restoreSSELine(line, mappingTable) {
+    if (mappingTable.size === 0)
+        return line;
+    if (!line.startsWith("data: "))
+        return line;
+    const dataContent = line.slice(6); // Remove "data: " prefix
+    if (dataContent === "[DONE]")
+        return line;
+    try {
+        const parsed = JSON.parse(dataContent);
+        const restored = restore(parsed, mappingTable);
+        return `data: ${JSON.stringify(restored)}`;
+    }
+    catch {
+        // Fallback to text restoration
+        return `data: ${restoreText(dataContent, mappingTable)}`;
+    }
+}
+// =============================================================================
+// Streaming Restoration with Smart Buffering
+// =============================================================================
+// Max placeholder length: __PII_VERIFICATION_CODE_00000001__ ≈ 40 chars
+const MAX_PLACEHOLDER_LENGTH = 50;
+// Pattern to match complete placeholders
+const PLACEHOLDER_PATTERN = /__PII_[A-Z_]+_\d{8}__/g;
+/**
+ * StreamRestorer - Stateful streaming restoration with smart buffering
+ *
+ * Only buffers when `__` is detected (potential placeholder start).
+ * Otherwise streams through immediately for best UX.
+ */
+export class StreamRestorer {
+    buffer = "";
+    mappingTable;
+    constructor(mappingTable) {
+        this.mappingTable = mappingTable;
+    }
+    /**
+     * Process incoming text chunk
+     * Returns text that can be safely output (already restored or confirmed non-placeholder)
+     */
+    process(chunk) {
+        // If no mappings, pass through directly
+        if (this.mappingTable.size === 0) {
+            return chunk;
+        }
+        this.buffer += chunk;
+        return this.flush();
+    }
+    /**
+     * Flush what we can safely output
+     * Keeps potential incomplete placeholders in buffer
+     */
+    flush() {
+        let output = "";
+        while (this.buffer.length > 0) {
+            // Find position of `__` in buffer
+            const underscorePos = this.buffer.indexOf("__");
+            if (underscorePos === -1) {
+                // No `__` found - check if buffer ends with single `_`
+                if (this.buffer.endsWith("_")) {
+                    // Keep the trailing `_` in case next chunk starts with `_`
+                    output += this.buffer.slice(0, -1);
+                    this.buffer = "_";
+                }
+                else {
+                    // Safe to output entire buffer
+                    output += this.buffer;
+                    this.buffer = "";
+                }
+                break;
+            }
+            // Output everything before the `__`
+            if (underscorePos > 0) {
+                output += this.buffer.slice(0, underscorePos);
+                this.buffer = this.buffer.slice(underscorePos);
+            }
+            // Now buffer starts with `__`
+            // Check if we have a complete placeholder
+            PLACEHOLDER_PATTERN.lastIndex = 0;
+            const match = PLACEHOLDER_PATTERN.exec(this.buffer);
+            if (match && match.index === 0) {
+                // Found complete placeholder at start of buffer
+                const placeholder = match[0];
+                const original = this.mappingTable.get(placeholder);
+                if (original) {
+                    // Restore and output
+                    output += original;
+                }
+                else {
+                    // Not in mapping table, output as-is
+                    output += placeholder;
+                }
+                this.buffer = this.buffer.slice(placeholder.length);
+            }
+            else {
+                // Check if buffer could be an incomplete placeholder
+                if (this.couldBePlaceholder(this.buffer)) {
+                    // Keep buffering - might be incomplete placeholder
+                    if (this.buffer.length > MAX_PLACEHOLDER_LENGTH) {
+                        // Too long to be a placeholder - flush the `__` and continue
+                        output += "__";
+                        this.buffer = this.buffer.slice(2);
+                    }
+                    else {
+                        // Wait for more data
+                        break;
+                    }
+                }
+                else {
+                    // Definitely not a placeholder - output the `__`
+                    output += "__";
+                    this.buffer = this.buffer.slice(2);
+                }
+            }
+        }
+        return output;
+    }
+    /**
+     * Check if text could be the start of a placeholder
+     * Returns true if it matches the beginning of __PII_<TYPE>_<ID>__
+     */
+    couldBePlaceholder(text) {
+        // Must start with __
+        if (!text.startsWith("__"))
+            return false;
+        // Check partial patterns
+        const partialPatterns = [
+            /^__$/,
+            /^__P$/,
+            /^__PI$/,
+            /^__PII$/,
+            /^__PII_$/,
+            /^__PII_[A-Z_]*$/,
+            /^__PII_[A-Z_]+_$/,
+            /^__PII_[A-Z_]+_\d*$/,
+            /^__PII_[A-Z_]+_\d+_?$/,
+        ];
+        return partialPatterns.some(pattern => pattern.test(text));
+    }
+    /**
+     * Finalize stream - flush any remaining buffer
+     * Call this at end of stream to ensure nothing is lost
+     */
+    finalize() {
+        if (this.buffer.length === 0)
+            return "";
+        // Try to restore any remaining buffer
+        const result = restoreText(this.buffer, this.mappingTable);
+        this.buffer = "";
+        return result;
+    }
+    /**
+     * Check if there's pending data in buffer
+     */
+    hasPendingData() {
+        return this.buffer.length > 0;
+    }
+}
+/**
+ * Create a streaming restorer for a response
+ */
+export function createStreamRestorer(mappingTable) {
+    return new StreamRestorer(mappingTable);
+}
+//# sourceMappingURL=restorer.js.map

package/dist/gateway/restorer.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"restorer.js","sourceRoot":"","sources":["../src/restorer.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAIH;;;GAGG;AACH,SAAS,mBAAmB,CAAC,YAA0B;IACrD,MAAM,cAAc,GAAG,IAAI,GAAG,EAAkB,CAAC;IAEjD,KAAK,MAAM,CAAC,WAAW,EAAE,aAAa,CAAC,IAAI,YAAY,CAAC,OAAO,EAAE,EAAE,CAAC;QAClE,gFAAgF;QAChF,MAAM,KAAK,GAAG,WAAW,CAAC,KAAK,CAAC,2BAA2B,CAAC,CAAC;QAC7D,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,6BAA6B;YAC7B,cAAc,CAAC,GAAG,CAAC,IAAI,MAAM,CAAC,WAAW,CAAC,WAAW,CAAC,EAAE,GAAG,CAAC,EAAE,aAAa,CAAC,CAAC;YAC7E,SAAS;QACX,CAAC;QAED,MAAM,UAAU,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QAC5B,MAAM,QAAQ,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QAE1B,uDAAuD;QACvD,yCAAyC;QACzC,oBAAoB;QACpB,iBAAiB;QACjB,MAAM,eAAe,GAAG,IAAI,MAAM,CAChC,iBAAiB,UAAU,UAAU,QAAQ,MAAM,EACnD,IAAI,CACL,CAAC;QAEF,cAAc,CAAC,GAAG,CAAC,eAAe,EAAE,aAAa,CAAC,CAAC;IACrD,CAAC;IAED,OAAO,cAAc,CAAC;AACxB,CAAC;AAED;;GAEG;AACH,SAAS,WAAW,CAAC,GAAW;IAC9B,OAAO,GAAG,CAAC,OAAO,CAAC,qBAAqB,EAAE,MAAM,CAAC,CAAC;AACpD,CAAC;AAED;;GAEG;AACH,SAAS,WAAW,CAAC,IAAY,EAAE,YAA0B;IAC3D,IAAI,YAAY,CAAC,IAAI,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAEzC,IAAI,QAAQ,GAAG,IAAI,CAAC;IAEpB,sCAAsC;IACtC,KAAK,MAAM,CAAC,WAAW,EAAE,aAAa,CAAC,IAAI,YAAY,CAAC,OAAO,EAAE,EAAE,CAAC;QAClE,IAAI,QAAQ,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;YACnC,QAAQ,GAAG,QAAQ,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;QAC7D,CAAC;IACH,CAAC;IAED,oDAAoD;IACpD,MAAM,cAAc,GAAG,mBAAmB,CAAC,YAAY,CAAC,CAAC;IACzD,KAAK,MAAM,CAAC,OAAO,EAAE,aAAa,CAAC,IAAI,cAAc,CAAC,OAAO,EAAE,EAAE,CAAC;QAChE,QAAQ,GAAG,QAAQ,CAAC,OAAO,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;IACtD,CAAC;IAED,gDAAgD;IAChD,+EAA+E;IAC/E,KAAK,MAAM,CAAC,WAAW,EAAE,aAAa,CAAC,IAAI,YAAY,CAAC,OAAO,EAAE,EAAE,CAAC;QAClE,MAAM,KAAK,GAAG,WAAW,CAAC,KAAK,CAAC,yBAAyB,CAAC,CAAC;QAC3D,IAAI,KAAK,EAAE,CAAC;YACV,MAAM,QAAQ,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YAC1B,+DAA+D;YAC/D,MAAM,aAAa,GAAG,IAAI,MAAM,CAC9B,WAAW,CAAC,aAAa,CAAC,GAAG,UAAU,QAAQ,EAAE,EACjD,GAAG,CACJ,CAAC;YACF,QAAQ,GAAG,QAAQ,CAAC,OAAO,CAAC,aAAa,EAAE,aAAa,CAAC,CAAC;QAC5D,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;GAEG;AACH,SAAS,YAAY,CAAC,KAAc,EAAE,YAA0B;IAC9D,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,OAAO,WAAW,CAAC,KAAK,EAAE,YAAY,CAAC,CAAC;IAC1C,CAAC;IAED,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,YAAY,CAAC,IAAI,EAAE,YAAY,CAAC,CAAC,CAAC;IAC/D,CAAC;IAED,IAAI,KAAK,KAAK,IAAI,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAChD,MAAM,QAAQ,GAA4B,EAAE,CAAC;QAC7C,KAAK,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;YAC/C,QAAQ,CAAC,GAAG,CAAC,GAAG,YAAY,CAAC,GAAG,EAAE,YAAY,CAAC,CAAC;QAClD,CAAC;QACD,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,OAAO,CAAC,OAAgB,EAAE,YAA0B;IAClE,IAAI,YAAY,CAAC,IAAI,KAAK,CAAC;QAAE,OAAO,OAAO,CAAC;IAC5C,OAAO,YAAY,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;AAC7C,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,WAAW,CAAC,UAAkB,EAAE,YAA0B;IACxE,IAAI,YAAY,CAAC,IAAI,KAAK,CAAC;QAAE,OAAO,UAAU,CAAC;IAE/C,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;QACtC,MAAM,QAAQ,GAAG,OAAO,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC;QAC/C,OAAO,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;IAClC,CAAC;IAAC,MAAM,CAAC;QACP,yCAAyC;QACzC,OAAO,WAAW,CAAC,UAAU,EAAE,YAAY,CAAC,CAAC;IAC/C,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,cAAc,CAAC,IAAY,EAAE,YAA0B;IACrE,IAAI,YAAY,CAAC,IAAI,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IACzC,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC;QAAE,OAAO,IAAI,CAAC;IAE5C,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,yBAAyB;IAC5D,IAAI,WAAW,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC;IAE1C,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;QACvC,MAAM,QAAQ,GAAG,OAAO,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC;QAC/C,OAAO,SAAS,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,EAAE,CAAC;IAC7C,CAAC;IAAC,MAAM,CAAC;QACP,+BAA+B;QAC/B,OAAO,SAAS,WAAW,CAAC,WAAW,EAAE,YAAY,CAAC,EAAE,CAAC;IAC3D,CAAC;AACH,CAAC;AAED,gFAAgF;AAChF,6CAA6C;AAC7C,gFAAgF;AAEhF,wEAAwE;AACxE,MAAM,sBAAsB,GAAG,EAAE,CAAC;AAElC,yCAAyC;AACzC,MAAM,mBAAmB,GAAG,wBAAwB,CAAC;AAErD;;;;;GAKG;AACH,MAAM,OAAO,cAAc;IACjB,MAAM,GAAW,EAAE,CAAC;IACpB,YAAY,CAAe;IAEnC,YAAY,YAA0B;QACpC,IAAI,CAAC,YAAY,GAAG,YAAY,CAAC;IACnC,CAAC;IAED;;;OAGG;IACH,OAAO,CAAC,KAAa;QACnB,wCAAwC;QACxC,IAAI,IAAI,CAAC,YAAY,CAAC,IAAI,KAAK,CAAC,EAAE,CAAC;YACjC,OAAO,KAAK,CAAC;QACf,CAAC;QAED,IAAI,CAAC,MAAM,IAAI,KAAK,CAAC;QACrB,OAAO,IAAI,CAAC,KAAK,EAAE,CAAC;IACtB,CAAC;IAED;;;OAGG;IACK,KAAK;QACX,IAAI,MAAM,GAAG,EAAE,CAAC;QAEhB,OAAO,IAAI,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC9B,kCAAkC;YAClC,MAAM,aAAa,GAAG,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;YAEhD,IAAI,aAAa,KAAK,CAAC,CAAC,EAAE,CAAC;gBACzB,uDAAuD;gBACvD,IAAI,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;oBAC9B,2DAA2D;oBAC3D,MAAM,IAAI,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;oBACnC,IAAI,CAAC,MAAM,GAAG,GAAG,CAAC;gBACpB,CAAC;qBAAM,CAAC;oBACN,+BAA+B;oBAC/B,MAAM,IAAI,IAAI,CAAC,MAAM,CAAC;oBACtB,IAAI,CAAC,MAAM,GAAG,EAAE,CAAC;gBACnB,CAAC;gBACD,MAAM;YACR,CAAC;YAED,oCAAoC;YACpC,IAAI,aAAa,GAAG,CAAC,EAAE,CAAC;gBACtB,MAAM,IAAI,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,aAAa,CAAC,CAAC;gBAC9C,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC;YACjD,CAAC;YAED,8BAA8B;YAC9B,0CAA0C;YAC1C,mBAAmB,CAAC,SAAS,GAAG,CAAC,CAAC;YAClC,MAAM,KAAK,GAAG,mBAAmB,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YAEpD,IAAI,KAAK,IAAI,KAAK,CAAC,KAAK,KAAK,CAAC,EAAE,CAAC;gBAC/B,gDAAgD;gBAChD,MAAM,WAAW,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;gBAC7B,MAAM,QAAQ,GAAG,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;gBAEpD,IAAI,QAAQ,EAAE,CAAC;oBACb,qBAAqB;oBACrB,MAAM,IAAI,QAAQ,CAAC;gBACrB,CAAC;qBAAM,CAAC;oBACN,qCAAqC;oBACrC,MAAM,IAAI,WAAW,CAAC;gBACxB,CAAC;gBAED,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;YACtD,CAAC;iBAAM,CAAC;gBACN,qDAAqD;gBACrD,IAAI,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;oBACzC,mDAAmD;oBACnD,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,GAAG,sBAAsB,EAAE,CAAC;wBAChD,6DAA6D;wBAC7D,MAAM,IAAI,IAAI,CAAC;wBACf,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;oBACrC,CAAC;yBAAM,CAAC;wBACN,qBAAqB;wBACrB,MAAM;oBACR,CAAC;gBACH,CAAC;qBAAM,CAAC;oBACN,iDAAiD;oBACjD,MAAM,IAAI,IAAI,CAAC;oBACf,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;gBACrC,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;IAED;;;OAGG;IACK,kBAAkB,CAAC,IAAY;QACrC,qBAAqB;QACrB,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC;YAAE,OAAO,KAAK,CAAC;QAEzC,yBAAyB;QACzB,MAAM,eAAe,GAAG;YACtB,MAAM;YACN,OAAO;YACP,QAAQ;YACR,SAAS;YACT,UAAU;YACV,iBAAiB;YACjB,kBAAkB;YAClB,qBAAqB;YACrB,uBAAuB;SACxB,CAAC;QAEF,OAAO,eAAe,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;IAC7D,CAAC;IAED;;;OAGG;IACH,QAAQ;QACN,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,EAAE,CAAC;QAExC,sCAAsC;QACtC,MAAM,MAAM,GAAG,WAAW,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,YAAY,CAAC,CAAC;QAC3D,IAAI,CAAC,MAAM,GAAG,EAAE,CAAC;QACjB,OAAO,MAAM,CAAC;IAChB,CAAC;IAED;;OAEG;IACH,cAAc;QACZ,OAAO,IAAI,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC;IAChC,CAAC;CACF;AAED;;GAEG;AACH,MAAM,UAAU,oBAAoB,CAAC,YAA0B;IAC7D,OAAO,IAAI,cAAc,CAAC,YAAY,CAAC,CAAC;AAC1C,CAAC"}

package/dist/gateway/sanitizer.d.ts

@@ -0,0 +1,17 @@
+/**
+ * AI Security Gateway - Content Sanitizer
+ *
+ * Sanitizes sensitive data in a single request-response cycle.
+ * Placeholder format: __PII_<ENTITY_TYPE>_<SERIAL_ID>__
+ */
+import type { SanitizeResult } from "./types.js";
+/**
+ * Sanitize any content (messages array, object, string)
+ * Returns sanitized content and mapping table for restoration
+ */
+export declare function sanitize(content: unknown): SanitizeResult;
+/**
+ * Sanitize messages array (common case for LLM APIs)
+ */
+export declare function sanitizeMessages(messages: unknown[]): SanitizeResult;
+//# sourceMappingURL=sanitizer.d.ts.map

package/dist/gateway/sanitizer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sanitizer.d.ts","sourceRoot":"","sources":["../src/sanitizer.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAgB,MAAM,YAAY,CAAC;AA4Q/D;;;GAGG;AACH,wBAAgB,QAAQ,CAAC,OAAO,EAAE,OAAO,GAAG,cAAc,CAWzD;AAED;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,QAAQ,EAAE,OAAO,EAAE,GAAG,cAAc,CAEpE"}

package/dist/gateway/sanitizer.js

@@ -0,0 +1,228 @@
+/**
+ * AI Security Gateway - Content Sanitizer
+ *
+ * Sanitizes sensitive data in a single request-response cycle.
+ * Placeholder format: __PII_<ENTITY_TYPE>_<SERIAL_ID>__
+ */
+// =============================================================================
+// Detection Patterns
+// =============================================================================
+const ENTITY_PATTERNS = [
+    // PEM Private Keys
+    {
+        type: "PRIVATE_KEY",
+        pattern: /-----BEGIN (?:OPENSSH |RSA |EC |DSA )?PRIVATE KEY-----[\s\S]*?-----END (?:OPENSSH |RSA |EC |DSA )?PRIVATE KEY-----/g,
+        score: 0.95,
+    },
+    // Email addresses
+    {
+        type: "EMAIL_ADDRESS",
+        pattern: /[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,}/g,
+        score: 0.90,
+    },
+    // URLs
+    {
+        type: "URL_ADDRESS",
+        pattern: /https?:\/\/[A-Za-z0-9._~:/?#\[\]@!$&'()*+,;=%-]+/g,
+        score: 0.80,
+    },
+    // Known API key prefixes
+    {
+        type: "API_KEY",
+        pattern: /\b(?:sk-[A-Za-z0-9]{20,}|sk_(?:live|test)_[A-Za-z0-9]{20,}|pk_(?:live|test)_[A-Za-z0-9]{20,}|ghp_[A-Za-z0-9]{36,}|gho_[A-Za-z0-9]{36,}|github_pat_[A-Za-z0-9_]{22,}|AKIA[A-Z0-9]{16}|xox[baprs]-[A-Za-z0-9-]+|SG\.[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+|hf_[A-Za-z0-9]{30,})\b/g,
+        score: 0.90,
+    },
+    // Bearer tokens
+    {
+        type: "API_KEY",
+        pattern: /Bearer\s+[A-Za-z0-9\-_.~+/]{20,}={0,3}/g,
+        score: 0.85,
+    },
+    // Hex private keys (64 hex chars)
+    {
+        type: "PRIVATE_KEY",
+        pattern: /\b[0-9a-fA-F]{64}\b/g,
+        score: 0.75,
+    },
+    // Labeled password patterns
+    {
+        type: "PASSWORD",
+        pattern: /(?:password|passwd|pwd|pass|passcode)\s*[:=]\s*["']?(\S+)["']?/gi,
+        score: 0.80,
+        captureGroup: 1,
+    },
+    // Labeled API key patterns
+    {
+        type: "API_KEY",
+        pattern: /(?:api[_-]?key|apikey|secret[_-]?key|access[_-]?token|auth[_-]?token)\s*[:=]\s*["']?([A-Za-z0-9\-_.~+/]{16,})["']?/gi,
+        score: 0.85,
+        captureGroup: 1,
+    },
+    // Phone numbers
+    {
+        type: "PHONE_NUMBER",
+        pattern: /\+?\d{1,3}[-.\s]?\(?\d{2,4}\)?[-.\s]?\d{3,4}[-.\s]?\d{3,4}/g,
+        score: 0.70,
+    },
+    // Credit card numbers
+    {
+        type: "CREDIT_CARD",
+        pattern: /\b\d{4}[-\s]?\d{4}[-\s]?\d{4}[-\s]?\d{4}\b/g,
+        score: 0.85,
+    },
+    // Bank account numbers
+    {
+        type: "BANK_NUMBER",
+        pattern: /\b\d{12,19}\b/g,
+        score: 0.60,
+    },
+    // SSN
+    {
+        type: "SSN",
+        pattern: /\b\d{3}-\d{2}-\d{4}\b/g,
+        score: 0.85,
+    },
+    // IP addresses
+    {
+        type: "IP_ADDRESS",
+        pattern: /\b(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b/g,
+        score: 0.70,
+    },
+    // Labeled verification codes
+    {
+        type: "VERIFICATION_CODE",
+        pattern: /(?:verification\s*code|verify\s*code|otp|2fa\s*code|auth(?:entication)?\s*code)\s*[:=\-]?\s*([A-Za-z0-9]{4,12})/gi,
+        score: 0.80,
+        captureGroup: 1,
+    },
+];
+function collectMatches(content) {
+    const matches = [];
+    for (const entity of ENTITY_PATTERNS) {
+        entity.pattern.lastIndex = 0;
+        let m;
+        while ((m = entity.pattern.exec(content)) !== null) {
+            let matchedText;
+            let start;
+            if (entity.captureGroup !== undefined && m[entity.captureGroup]) {
+                matchedText = m[entity.captureGroup];
+                start = m.index + m[0].indexOf(matchedText);
+            }
+            else {
+                matchedText = m[0];
+                start = m.index;
+            }
+            matches.push({
+                originalText: matchedText,
+                type: entity.type,
+                score: entity.score,
+                start,
+                end: start + matchedText.length,
+            });
+        }
+    }
+    return matches;
+}
+// =============================================================================
+// Span Merging
+// =============================================================================
+function mergeSpans(matches) {
+    if (matches.length === 0)
+        return [];
+    matches.sort((a, b) => {
+        if (a.start !== b.start)
+            return a.start - b.start;
+        const lenDiff = (b.end - b.start) - (a.end - a.start);
+        if (lenDiff !== 0)
+            return lenDiff;
+        return b.score - a.score;
+    });
+    const merged = [];
+    let current = matches[0];
+    for (let i = 1; i < matches.length; i++) {
+        const next = matches[i];
+        if (next.start < current.end) {
+            const currentLen = current.end - current.start;
+            const nextLen = next.end - next.start;
+            if (next.score > current.score || (next.score === current.score && nextLen > currentLen)) {
+                current = next;
+            }
+        }
+        else {
+            merged.push(current);
+            current = next;
+        }
+    }
+    merged.push(current);
+    return merged;
+}
+// =============================================================================
+// Text Sanitization
+// =============================================================================
+function sanitizeText(text, mappingTable, typeCounters) {
+    const matches = collectMatches(text);
+    if (matches.length === 0)
+        return text;
+    const merged = mergeSpans(matches);
+    const textToPlaceholder = new Map();
+    for (const match of merged) {
+        if (!textToPlaceholder.has(match.originalText)) {
+            const counter = (typeCounters.get(match.type) ?? 0) + 1;
+            typeCounters.set(match.type, counter);
+            const paddedId = counter.toString().padStart(8, "0");
+            const placeholder = `__PII_${match.type}_${paddedId}__`;
+            textToPlaceholder.set(match.originalText, placeholder);
+            mappingTable.set(placeholder, match.originalText);
+        }
+    }
+    let sanitized = text;
+    const sortedMatches = [...merged].sort((a, b) => b.start - a.start);
+    for (const match of sortedMatches) {
+        const placeholder = textToPlaceholder.get(match.originalText);
+        sanitized = sanitized.slice(0, match.start) + placeholder + sanitized.slice(match.end);
+    }
+    return sanitized;
+}
+// =============================================================================
+// Recursive Sanitization
+// =============================================================================
+function sanitizeValue(value, mappingTable, typeCounters) {
+    if (typeof value === "string") {
+        return sanitizeText(value, mappingTable, typeCounters);
+    }
+    if (Array.isArray(value)) {
+        return value.map((item) => sanitizeValue(item, mappingTable, typeCounters));
+    }
+    if (value !== null && typeof value === "object") {
+        const sanitized = {};
+        for (const [key, val] of Object.entries(value)) {
+            sanitized[key] = sanitizeValue(val, mappingTable, typeCounters);
+        }
+        return sanitized;
+    }
+    return value;
+}
+// =============================================================================
+// Public API
+// =============================================================================
+/**
+ * Sanitize any content (messages array, object, string)
+ * Returns sanitized content and mapping table for restoration
+ */
+export function sanitize(content) {
+    const mappingTable = new Map();
+    const typeCounters = new Map();
+    const sanitized = sanitizeValue(content, mappingTable, typeCounters);
+    return {
+        sanitized,
+        mappingTable,
+        redactionCount: mappingTable.size,
+    };
+}
+/**
+ * Sanitize messages array (common case for LLM APIs)
+ */
+export function sanitizeMessages(messages) {
+    return sanitize(messages);
+}
+//# sourceMappingURL=sanitizer.js.map

package/dist/gateway/sanitizer.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sanitizer.js","sourceRoot":"","sources":["../src/sanitizer.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AA4BH,gFAAgF;AAChF,qBAAqB;AACrB,gFAAgF;AAEhF,MAAM,eAAe,GAAoB;IACvC,mBAAmB;IACnB;QACE,IAAI,EAAE,aAAa;QACnB,OAAO,EAAE,qHAAqH;QAC9H,KAAK,EAAE,IAAI;KACZ;IACD,kBAAkB;IAClB;QACE,IAAI,EAAE,eAAe;QACrB,OAAO,EAAE,iDAAiD;QAC1D,KAAK,EAAE,IAAI;KACZ;IACD,OAAO;IACP;QACE,IAAI,EAAE,aAAa;QACnB,OAAO,EAAE,mDAAmD;QAC5D,KAAK,EAAE,IAAI;KACZ;IACD,yBAAyB;IACzB;QACE,IAAI,EAAE,SAAS;QACf,OAAO,EAAE,0QAA0Q;QACnR,KAAK,EAAE,IAAI;KACZ;IACD,gBAAgB;IAChB;QACE,IAAI,EAAE,SAAS;QACf,OAAO,EAAE,yCAAyC;QAClD,KAAK,EAAE,IAAI;KACZ;IACD,kCAAkC;IAClC;QACE,IAAI,EAAE,aAAa;QACnB,OAAO,EAAE,sBAAsB;QAC/B,KAAK,EAAE,IAAI;KACZ;IACD,4BAA4B;IAC5B;QACE,IAAI,EAAE,UAAU;QAChB,OAAO,EAAE,kEAAkE;QAC3E,KAAK,EAAE,IAAI;QACX,YAAY,EAAE,CAAC;KAChB;IACD,2BAA2B;IAC3B;QACE,IAAI,EAAE,SAAS;QACf,OAAO,EAAE,sHAAsH;QAC/H,KAAK,EAAE,IAAI;QACX,YAAY,EAAE,CAAC;KAChB;IACD,gBAAgB;IAChB;QACE,IAAI,EAAE,cAAc;QACpB,OAAO,EAAE,6DAA6D;QACtE,KAAK,EAAE,IAAI;KACZ;IACD,sBAAsB;IACtB;QACE,IAAI,EAAE,aAAa;QACnB,OAAO,EAAE,6CAA6C;QACtD,KAAK,EAAE,IAAI;KACZ;IACD,uBAAuB;IACvB;QACE,IAAI,EAAE,aAAa;QACnB,OAAO,EAAE,gBAAgB;QACzB,KAAK,EAAE,IAAI;KACZ;IACD,MAAM;IACN;QACE,IAAI,EAAE,KAAK;QACX,OAAO,EAAE,wBAAwB;QACjC,KAAK,EAAE,IAAI;KACZ;IACD,eAAe;IACf;QACE,IAAI,EAAE,YAAY;QAClB,OAAO,EAAE,gGAAgG;QACzG,KAAK,EAAE,IAAI;KACZ;IACD,6BAA6B;IAC7B;QACE,IAAI,EAAE,mBAAmB;QACzB,OAAO,EAAE,mHAAmH;QAC5H,KAAK,EAAE,IAAI;QACX,YAAY,EAAE,CAAC;KAChB;CACF,CAAC;AAcF,SAAS,cAAc,CAAC,OAAe;IACrC,MAAM,OAAO,GAAoB,EAAE,CAAC;IAEpC,KAAK,MAAM,MAAM,IAAI,eAAe,EAAE,CAAC;QACrC,MAAM,CAAC,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC;QAC7B,IAAI,CAAyB,CAAC;QAE9B,OAAO,CAAC,CAAC,GAAG,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YACnD,IAAI,WAAmB,CAAC;YACxB,IAAI,KAAa,CAAC;YAElB,IAAI,MAAM,CAAC,YAAY,KAAK,SAAS,IAAI,CAAC,CAAC,MAAM,CAAC,YAAY,CAAC,EAAE,CAAC;gBAChE,WAAW,GAAG,CAAC,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;gBACrC,KAAK,GAAG,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;YAC9C,CAAC;iBAAM,CAAC;gBACN,WAAW,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;gBACnB,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC;YAClB,CAAC;YAED,OAAO,CAAC,IAAI,CAAC;gBACX,YAAY,EAAE,WAAW;gBACzB,IAAI,EAAE,MAAM,CAAC,IAAI;gBACjB,KAAK,EAAE,MAAM,CAAC,KAAK;gBACnB,KAAK;gBACL,GAAG,EAAE,KAAK,GAAG,WAAW,CAAC,MAAM;aAChC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,gFAAgF;AAChF,eAAe;AACf,gFAAgF;AAEhF,SAAS,UAAU,CAAC,OAAwB;IAC1C,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,CAAC;IAEpC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;QACpB,IAAI,CAAC,CAAC,KAAK,KAAK,CAAC,CAAC,KAAK;YAAE,OAAO,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC;QAClD,MAAM,OAAO,GAAG,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC;QACtD,IAAI,OAAO,KAAK,CAAC;YAAE,OAAO,OAAO,CAAC;QAClC,OAAO,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC;IAC3B,CAAC,CAAC,CAAC;IAEH,MAAM,MAAM,GAAoB,EAAE,CAAC;IACnC,IAAI,OAAO,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;IAEzB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACxC,MAAM,IAAI,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;QACxB,IAAI,IAAI,CAAC,KAAK,GAAG,OAAO,CAAC,GAAG,EAAE,CAAC;YAC7B,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,GAAG,OAAO,CAAC,KAAK,CAAC;YAC/C,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC;YACtC,IAAI,IAAI,CAAC,KAAK,GAAG,OAAO,CAAC,KAAK,IAAI,CAAC,IAAI,CAAC,KAAK,KAAK,OAAO,CAAC,KAAK,IAAI,OAAO,GAAG,UAAU,CAAC,EAAE,CAAC;gBACzF,OAAO,GAAG,IAAI,CAAC;YACjB,CAAC;QACH,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YACrB,OAAO,GAAG,IAAI,CAAC;QACjB,CAAC;IACH,CAAC;IAED,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACrB,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,gFAAgF;AAChF,oBAAoB;AACpB,gFAAgF;AAEhF,SAAS,YAAY,CACnB,IAAY,EACZ,YAA0B,EAC1B,YAAqC;IAErC,MAAM,OAAO,GAAG,cAAc,CAAC,IAAI,CAAC,CAAC;IACrC,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAEtC,MAAM,MAAM,GAAG,UAAU,CAAC,OAAO,CAAC,CAAC;IACnC,MAAM,iBAAiB,GAAG,IAAI,GAAG,EAAkB,CAAC;IAEpD,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;QAC3B,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,KAAK,CAAC,YAAY,CAAC,EAAE,CAAC;YAC/C,MAAM,OAAO,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;YACxD,YAAY,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;YACtC,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;YACrD,MAAM,WAAW,GAAG,SAAS,KAAK,CAAC,IAAI,IAAI,QAAQ,IAAI,CAAC;YACxD,iBAAiB,CAAC,GAAG,CAAC,KAAK,CAAC,YAAY,EAAE,WAAW,CAAC,CAAC;YACvD,YAAY,CAAC,GAAG,CAAC,WAAW,EAAE,KAAK,CAAC,YAAY,CAAC,CAAC;QACpD,CAAC;IACH,CAAC;IAED,IAAI,SAAS,GAAG,IAAI,CAAC;IACrB,MAAM,aAAa,GAAG,CAAC,GAAG,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC;IAEpE,KAAK,MAAM,KAAK,IAAI,aAAa,EAAE,CAAC;QAClC,MAAM,WAAW,GAAG,iBAAiB,CAAC,GAAG,CAAC,KAAK,CAAC,YAAY,CAAE,CAAC;QAC/D,SAAS,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,KAAK,CAAC,GAAG,WAAW,GAAG,SAAS,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACzF,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,gFAAgF;AAChF,yBAAyB;AACzB,gFAAgF;AAEhF,SAAS,aAAa,CACpB,KAAc,EACd,YAA0B,EAC1B,YAAqC;IAErC,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,OAAO,YAAY,CAAC,KAAK,EAAE,YAAY,EAAE,YAAY,CAAC,CAAC;IACzD,CAAC;IAED,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,aAAa,CAAC,IAAI,EAAE,YAAY,EAAE,YAAY,CAAC,CAAC,CAAC;IAC9E,CAAC;IAED,IAAI,KAAK,KAAK,IAAI,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAChD,MAAM,SAAS,GAA4B,EAAE,CAAC;QAC9C,KAAK,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;YAC/C,SAAS,CAAC,GAAG,CAAC,GAAG,aAAa,CAAC,GAAG,EAAE,YAAY,EAAE,YAAY,CAAC,CAAC;QAClE,CAAC;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED,gFAAgF;AAChF,aAAa;AACb,gFAAgF;AAEhF;;;GAGG;AACH,MAAM,UAAU,QAAQ,CAAC,OAAgB;IACvC,MAAM,YAAY,GAAiB,IAAI,GAAG,EAAE,CAAC;IAC7C,MAAM,YAAY,GAAG,IAAI,GAAG,EAAsB,CAAC;IAEnD,MAAM,SAAS,GAAG,aAAa,CAAC,OAAO,EAAE,YAAY,EAAE,YAAY,CAAC,CAAC;IAErE,OAAO;QACL,SAAS;QACT,YAAY;QACZ,cAAc,EAAE,YAAY,CAAC,IAAI;KAClC,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,gBAAgB,CAAC,QAAmB;IAClD,OAAO,QAAQ,CAAC,QAAQ,CAAC,CAAC;AAC5B,CAAC"}

package/dist/gateway/types.d.ts

@@ -0,0 +1,53 @@
+/**
+ * AI Security Gateway types
+ */
+export type MappingTable = Map<string, string>;
+export type SanitizeResult = {
+    sanitized: any;
+    mappingTable: MappingTable;
+    redactionCount: number;
+};
+export type ApiType = "anthropic" | "openai" | "gemini";
+export type BackendConfig = {
+    baseUrl: string;
+    apiKey: string;
+    type?: ApiType;
+    pathPrefix?: string;
+    models?: string[];
+    referer?: string;
+    title?: string;
+};
+export type GatewayConfig = {
+    port: number;
+    backends: {
+        [name: string]: BackendConfig;
+    };
+    routing?: {
+        [path: string]: string;
+    };
+    defaultBackends?: {
+        anthropic?: string;
+        openai?: string;
+        gemini?: string;
+    };
+};
+export type EntityMatch = {
+    originalText: string;
+    category: string;
+    placeholder: string;
+};
+export type GatewayActivityEvent = {
+    id: string;
+    timestamp: string;
+    requestId: string;
+    type: "sanitize" | "restore";
+    direction: "request" | "response";
+    backend: string;
+    endpoint: string;
+    model?: string;
+    redactionCount: number;
+    categories: Record<string, number>;
+    durationMs?: number;
+};
+export type ActivityListener = (event: GatewayActivityEvent) => void;
+//# sourceMappingURL=types.d.ts.map

package/dist/gateway/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AAGH,MAAM,MAAM,YAAY,GAAG,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;AAG/C,MAAM,MAAM,cAAc,GAAG;IAC3B,SAAS,EAAE,GAAG,CAAC;IACf,YAAY,EAAE,YAAY,CAAC;IAC3B,cAAc,EAAE,MAAM,CAAC;CACxB,CAAC;AAGF,MAAM,MAAM,OAAO,GAAG,WAAW,GAAG,QAAQ,GAAG,QAAQ,CAAC;AAGxD,MAAM,MAAM,aAAa,GAAG;IAC1B,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,CAAC,EAAE,OAAO,CAAC;IACf,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,CAAC;AAGF,MAAM,MAAM,aAAa,GAAG;IAC1B,IAAI,EAAE,MAAM,CAAC;IAEb,QAAQ,EAAE;QACR,CAAC,IAAI,EAAE,MAAM,GAAG,aAAa,CAAC;KAC/B,CAAC;IAEF,OAAO,CAAC,EAAE;QACR,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAAC;KACxB,CAAC;IAEF,eAAe,CAAC,EAAE;QAChB,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,MAAM,CAAC,EAAE,MAAM,CAAC;KACjB,CAAC;CACH,CAAC;AAGF,MAAM,MAAM,WAAW,GAAG;IACxB,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;CACrB,CAAC;AAGF,MAAM,MAAM,oBAAoB,GAAG;IACjC,EAAE,EAAE,MAAM,CAAC;IACX,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,EAAE,UAAU,GAAG,SAAS,CAAC;IAC7B,SAAS,EAAE,SAAS,GAAG,UAAU,CAAC;IAClC,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;IAEf,cAAc,EAAE,MAAM,CAAC;IACvB,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAEnC,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB,CAAC;AAGF,MAAM,MAAM,gBAAgB,GAAG,CAAC,KAAK,EAAE,oBAAoB,KAAK,IAAI,CAAC"}

package/dist/gateway/types.js

@@ -0,0 +1,5 @@
+/**
+ * AI Security Gateway types
+ */
+export {};
+//# sourceMappingURL=types.js.map

package/dist/gateway/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;GAEG"}

package/dist/index.d.ts

@@ -0,0 +1,19 @@
+/**
+ * OpenGuardrails Plugin for OpenClaw
+ *
+ * Responsibilities:
+ *   1. Load credentials from disk on startup (no network)
+ *   2. Fall back to local MAC identity when no saved credentials exist
+ *   3. Detect behavioral anomalies at before_tool_call (block / alert)
+ *   4. Expose /og_status, /og_upgrade, /og_config commands
+ */
+import type { OpenClawPluginApi } from "openclaw/plugin-sdk";
+declare const openClawGuardPlugin: {
+    id: string;
+    name: string;
+    description: string;
+    register(api: OpenClawPluginApi): void;
+    unregister(): Promise<void>;
+};
+export default openClawGuardPlugin;
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../index.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAC;AA2X7D,QAAA,MAAM,mBAAmB;;;;kBAKT,iBAAiB;;CAogEhC,CAAC;AAEF,eAAe,mBAAmB,CAAC"}