@dotsetlabs/tollgate 0.1.0

package/dist/constants.d.ts

@@ -0,0 +1,33 @@
+/**
+ * Shared constants for Tollgate
+ *
+ * Centralizes configuration defaults to avoid duplication across modules.
+ *
+ * @module constants
+ */
+import type { ResilienceConfig } from './policy/types.js';
+/**
+ * Default timeout for approval requests in milliseconds.
+ * After this time, unanswered approval requests are automatically denied.
+ */
+export declare const DEFAULT_APPROVAL_TIMEOUT_MS = 60000;
+/**
+ * Default port for the interactive approval web UI.
+ */
+export declare const DEFAULT_APPROVAL_PORT = 9847;
+/**
+ * Maximum request body size in bytes for the approval API.
+ * Limits request body to prevent DoS attacks.
+ */
+export declare const MAX_APPROVAL_REQUEST_BODY_BYTES = 10240;
+/**
+ * Default resilience configuration for upstream connections.
+ * Used by both the bridge and orchestrator.
+ */
+export declare const DEFAULT_RESILIENCE: Required<ResilienceConfig>;
+/**
+ * Default timeout for analyzer execution in milliseconds.
+ * Prevents analyzers from blocking indefinitely.
+ */
+export declare const DEFAULT_ANALYZER_TIMEOUT_MS = 5000;
+//# sourceMappingURL=constants.d.ts.map

package/dist/constants.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../src/constants.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;AAM1D;;;GAGG;AACH,eAAO,MAAM,2BAA2B,QAAS,CAAC;AAElD;;GAEG;AACH,eAAO,MAAM,qBAAqB,OAAO,CAAC;AAE1C;;;GAGG;AACH,eAAO,MAAM,+BAA+B,QAAS,CAAC;AAMtD;;;GAGG;AACH,eAAO,MAAM,kBAAkB,EAAE,QAAQ,CAAC,gBAAgB,CAazD,CAAC;AAMF;;;GAGG;AACH,eAAO,MAAM,2BAA2B,OAAQ,CAAC"}

package/dist/constants.js

@@ -0,0 +1,54 @@
+/**
+ * Shared constants for Tollgate
+ *
+ * Centralizes configuration defaults to avoid duplication across modules.
+ *
+ * @module constants
+ */
+// ============================================================================
+// Approval Defaults
+// ============================================================================
+/**
+ * Default timeout for approval requests in milliseconds.
+ * After this time, unanswered approval requests are automatically denied.
+ */
+export const DEFAULT_APPROVAL_TIMEOUT_MS = 60_000;
+/**
+ * Default port for the interactive approval web UI.
+ */
+export const DEFAULT_APPROVAL_PORT = 9847;
+/**
+ * Maximum request body size in bytes for the approval API.
+ * Limits request body to prevent DoS attacks.
+ */
+export const MAX_APPROVAL_REQUEST_BODY_BYTES = 10_240;
+// ============================================================================
+// Resilience Defaults
+// ============================================================================
+/**
+ * Default resilience configuration for upstream connections.
+ * Used by both the bridge and orchestrator.
+ */
+export const DEFAULT_RESILIENCE = {
+    failureMode: 'fail-closed',
+    upstreamTimeoutMs: 30_000,
+    healthCheck: {
+        enabled: true,
+        intervalMs: 30_000,
+        timeoutMs: 5_000,
+        failureThreshold: 3,
+    },
+    shutdown: {
+        timeoutMs: 10_000,
+        drainTimeoutMs: 5_000,
+    },
+};
+// ============================================================================
+// Analyzer Defaults
+// ============================================================================
+/**
+ * Default timeout for analyzer execution in milliseconds.
+ * Prevents analyzers from blocking indefinitely.
+ */
+export const DEFAULT_ANALYZER_TIMEOUT_MS = 5_000;
+//# sourceMappingURL=constants.js.map

package/dist/constants.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"constants.js","sourceRoot":"","sources":["../src/constants.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAIH,+EAA+E;AAC/E,oBAAoB;AACpB,+EAA+E;AAE/E;;;GAGG;AACH,MAAM,CAAC,MAAM,2BAA2B,GAAG,MAAM,CAAC;AAElD;;GAEG;AACH,MAAM,CAAC,MAAM,qBAAqB,GAAG,IAAI,CAAC;AAE1C;;;GAGG;AACH,MAAM,CAAC,MAAM,+BAA+B,GAAG,MAAM,CAAC;AAEtD,+EAA+E;AAC/E,sBAAsB;AACtB,+EAA+E;AAE/E;;;GAGG;AACH,MAAM,CAAC,MAAM,kBAAkB,GAA+B;IAC5D,WAAW,EAAE,aAAa;IAC1B,iBAAiB,EAAE,MAAM;IACzB,WAAW,EAAE;QACX,OAAO,EAAE,IAAI;QACb,UAAU,EAAE,MAAM;QAClB,SAAS,EAAE,KAAK;QAChB,gBAAgB,EAAE,CAAC;KACpB;IACD,QAAQ,EAAE;QACR,SAAS,EAAE,MAAM;QACjB,cAAc,EAAE,KAAK;KACtB;CACF,CAAC;AAEF,+EAA+E;AAC/E,oBAAoB;AACpB,+EAA+E;AAE/E;;;GAGG;AACH,MAAM,CAAC,MAAM,2BAA2B,GAAG,KAAK,CAAC"}

package/dist/errors.d.ts

@@ -0,0 +1,28 @@
+/**
+ * Error Utilities
+ *
+ * Centralized error handling utilities for production-ready type safety.
+ */
+/**
+ * Interface for AggregateError which may contain multiple underlying errors
+ */
+export interface AggregateErrorLike {
+    errors: Error[];
+    message: string;
+    name: string;
+}
+/**
+ * Type guard to check if an error is an AggregateError
+ * AggregateError is a standard JS error type that aggregates multiple errors
+ */
+export declare function isAggregateError(error: unknown): error is AggregateErrorLike;
+/**
+ * Safely extract an error message from an unknown error
+ * Handles Error objects, strings, and fallback for other types
+ */
+export declare function getErrorMessage(error: unknown): string;
+/**
+ * Extract all error messages from an error, including nested AggregateError messages
+ */
+export declare function getAllErrorMessages(error: unknown): string[];
+//# sourceMappingURL=errors.d.ts.map

package/dist/errors.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"errors.d.ts","sourceRoot":"","sources":["../src/errors.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH;;GAEG;AACH,MAAM,WAAW,kBAAkB;IAC/B,MAAM,EAAE,KAAK,EAAE,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC;CAChB;AAED;;;GAGG;AACH,wBAAgB,gBAAgB,CAAC,KAAK,EAAE,OAAO,GAAG,KAAK,IAAI,kBAAkB,CAM5E;AAED;;;GAGG;AACH,wBAAgB,eAAe,CAAC,KAAK,EAAE,OAAO,GAAG,MAAM,CAQtD;AAED;;GAEG;AACH,wBAAgB,mBAAmB,CAAC,KAAK,EAAE,OAAO,GAAG,MAAM,EAAE,CAK5D"}

package/dist/errors.js

@@ -0,0 +1,37 @@
+/**
+ * Error Utilities
+ *
+ * Centralized error handling utilities for production-ready type safety.
+ */
+/**
+ * Type guard to check if an error is an AggregateError
+ * AggregateError is a standard JS error type that aggregates multiple errors
+ */
+export function isAggregateError(error) {
+    return (error instanceof Error &&
+        'errors' in error &&
+        Array.isArray(error.errors));
+}
+/**
+ * Safely extract an error message from an unknown error
+ * Handles Error objects, strings, and fallback for other types
+ */
+export function getErrorMessage(error) {
+    if (error instanceof Error) {
+        return error.message;
+    }
+    if (typeof error === 'string') {
+        return error;
+    }
+    return String(error);
+}
+/**
+ * Extract all error messages from an error, including nested AggregateError messages
+ */
+export function getAllErrorMessages(error) {
+    if (isAggregateError(error)) {
+        return error.errors.map((e) => e.message || String(e));
+    }
+    return [getErrorMessage(error)];
+}
+//# sourceMappingURL=errors.js.map

package/dist/errors.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"errors.js","sourceRoot":"","sources":["../src/errors.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAWH;;;GAGG;AACH,MAAM,UAAU,gBAAgB,CAAC,KAAc;IAC3C,OAAO,CACH,KAAK,YAAY,KAAK;QACtB,QAAQ,IAAI,KAAK;QACjB,KAAK,CAAC,OAAO,CAAE,KAA4B,CAAC,MAAM,CAAC,CACtD,CAAC;AACN,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,eAAe,CAAC,KAAc;IAC1C,IAAI,KAAK,YAAY,KAAK,EAAE,CAAC;QACzB,OAAO,KAAK,CAAC,OAAO,CAAC;IACzB,CAAC;IACD,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC5B,OAAO,KAAK,CAAC;IACjB,CAAC;IACD,OAAO,MAAM,CAAC,KAAK,CAAC,CAAC;AACzB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,mBAAmB,CAAC,KAAc;IAC9C,IAAI,gBAAgB,CAAC,KAAK,CAAC,EAAE,CAAC;QAC1B,OAAO,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,IAAI,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;IAC3D,CAAC;IACD,OAAO,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC,CAAC;AACpC,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,49 @@
+/**
+ * Tollgate - MCP Security Proxy
+ *
+ * The sudo command for AI agents - policy-based access control for MCP servers.
+ *
+ * @example
+ * ```typescript
+ * import { TollgateBridge, PolicyEngine, AuditLogger } from '@dotsetlabs/tollgate';
+ *
+ * // Start a tollgate proxy with configuration
+ * const bridge = new TollgateBridge({
+ *   config,
+ *   serverName: 'postgres',
+ * });
+ * await bridge.start();
+ * ```
+ *
+ * @packageDocumentation
+ */
+export { PolicyEngine } from './policy/engine.js';
+export { validateConfig, normalizeToolPolicy, resolveServerEnv, getServerConfig, processNaturalPolicies, validateNaturalPolicies, type NaturalPolicyResult, } from './policy/parser.js';
+export { validateConfigWithDetails, formatValidationIssues, type ValidationResult, type ValidationIssue, type ValidationLevel, } from './policy/validator.js';
+export type { PolicyAction, PolicyDecision, ToolPolicy, SessionConfig, ServerConfig, TollgateConfig, FailureMode, HealthCheckConfig, ShutdownConfig, ResilienceConfig, ToolCallContext, GuardrailAction, GuardrailResult, GuardrailsConfig, PromptInjectionGuardrailConfig, } from './policy/types.js';
+export { parsePolicy, parseNaturalPolicies, policiesToConfig, isValidPolicyStatement, getSuggestions, POLICY_TEMPLATES, type ParsedPolicy, type ParserOptions, } from './policy/natural-language.js';
+export { AnalyzerRegistry, analyzerRegistry, riskToAction, inferAnalyzer, extractAnalyzableContent, SqlAnalyzer, FilesystemAnalyzer, ShellAnalyzer, HttpAnalyzer, PromptInjectionAnalyzer, type ConcreteAction, } from './analyzers/index.js';
+export type { ContentAnalyzer, AnalysisResult, AnalyzerContext, RiskLevel, RiskMapping, } from './analyzers/types.js';
+export { DEFAULT_RISK_MAPPING } from './analyzers/types.js';
+export { defineAnalyzer, defineAsyncAnalyzer, createPatternAnalyzer, isCustomAnalyzer, isAsyncAnalyzer, type AnalyzerDefinition, type CustomAnalyzer, } from './analyzers/sdk.js';
+export { loadAnalyzer, loadAnalyzers, loadAnalyzersFromConfig, initializeAnalyzers, cleanupAnalyzers, unloadAnalyzer, listCustomAnalyzers, resolveAnalyzerPath, type LoadResult, type LoaderOptions, } from './analyzers/loader.js';
+export { TollgateBridge, startWrapMode, type BridgeOptions, type WrapOptions, } from './proxy/bridge.js';
+export { TollgateServer, type TollgateServerOptions } from './proxy/server.js';
+export { UpstreamClient, type UpstreamClientOptions, type HealthStatus, } from './proxy/client.js';
+export { SessionManager, InMemorySessionStore, SqliteSessionStore, durationToTtlSeconds, DEFAULT_SESSION_CONFIG, type SessionScope, type SessionDuration, type SessionGrant, type CreateSessionGrantInput, type SessionCheckResult, type SessionPolicyConfig, type SessionStats, type SessionStore, } from './session/index.js';
+export { AuditLogger, type AuditLoggerOptions } from './audit/logger.js';
+export { AuditExporter, exportAuditRecords, type ExportFormat, type ExportOptions, } from './audit/exporter.js';
+export { PiiRedactor, createRedactor, redactPii, redactPiiFromObject, containsPii, type RedactionOptions, } from './audit/redaction.js';
+export { AUDIT_SCHEMA, SCHEMA_VERSION as AUDIT_VERSION } from './audit/schema.js';
+export type { AuditRecord, SessionGrantRecord, RiskLevel as AuditRiskLevel } from './audit/schema.js';
+export { TerminalApprovalHandler } from './approval/terminal.js';
+export { InteractiveApprovalHandler } from './approval/interactive.js';
+export type { ApprovalHandler, ApprovalRequest, ApprovalResponse, ApprovalResult, SessionGrantInfo, } from './approval/types.js';
+export { loadConfig, expandEnvVars, getDataDir } from './utils/config.js';
+export { TollgateError, ConfigError, PolicyError, ProxyError, UpstreamError, } from './utils/errors.js';
+export { Logger, logger, createLogger, proxyLogger, sessionLogger, policyLogger, orchestratorLogger, upstreamLogger, approvalLogger, type LogLevel, type LogEntry, type LoggerConfig, } from './utils/logger.js';
+export { runWizard, generateConfig, SERVER_TEMPLATES, POLICY_PRESETS, type WizardResult, type ServerTemplate, type PolicyPreset, } from './wizard.js';
+export { TEMPLATE_LIBRARY, getAllTemplates, getTemplateByName, getTemplatesByCategory, searchTemplates, getCategories, generateTemplateYaml, generateFullConfig, type ExtendedTemplate, type TemplateCategory, } from './templates.js';
+export { scanServer, analyzeTool, generatePolicy, generateServerConfig, type ScanResult, type AnalyzedTool, type ToolRiskLevel, type RiskIndicator, type ScannerOptions, } from './scanner.js';
+export { Orchestrator, type ServerStatus, type ManagedServer, type OrchestratorOptions, type OrchestratorEvent, type OrchestratorEventHandler, type CommandResult, type ServerStats, type OrchestratorStats, } from './orchestrator/index.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAMH,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAElD,OAAO,EACL,cAAc,EACd,mBAAmB,EACnB,gBAAgB,EAChB,eAAe,EACf,sBAAsB,EACtB,uBAAuB,EACvB,KAAK,mBAAmB,GACzB,MAAM,oBAAoB,CAAC;AAE5B,OAAO,EACL,yBAAyB,EACzB,sBAAsB,EACtB,KAAK,gBAAgB,EACrB,KAAK,eAAe,EACpB,KAAK,eAAe,GACrB,MAAM,uBAAuB,CAAC;AAE/B,YAAY,EACV,YAAY,EACZ,cAAc,EACd,UAAU,EACV,aAAa,EACb,YAAY,EACZ,cAAc,EACd,WAAW,EACX,iBAAiB,EACjB,cAAc,EACd,gBAAgB,EAChB,eAAe,EAEf,eAAe,EACf,eAAe,EACf,gBAAgB,EAChB,8BAA8B,GAC/B,MAAM,mBAAmB,CAAC;AAG3B,OAAO,EACL,WAAW,EACX,oBAAoB,EACpB,gBAAgB,EAChB,sBAAsB,EACtB,cAAc,EACd,gBAAgB,EAChB,KAAK,YAAY,EACjB,KAAK,aAAa,GACnB,MAAM,8BAA8B,CAAC;AAMtC,OAAO,EACL,gBAAgB,EAChB,gBAAgB,EAChB,YAAY,EACZ,aAAa,EACb,wBAAwB,EACxB,WAAW,EACX,kBAAkB,EAClB,aAAa,EACb,YAAY,EACZ,uBAAuB,EACvB,KAAK,cAAc,GACpB,MAAM,sBAAsB,CAAC;AAE9B,YAAY,EACV,eAAe,EACf,cAAc,EACd,eAAe,EACf,SAAS,EACT,WAAW,GACZ,MAAM,sBAAsB,CAAC;AAE9B,OAAO,EAAE,oBAAoB,EAAE,MAAM,sBAAsB,CAAC;AAM5D,OAAO,EACL,cAAc,EACd,mBAAmB,EACnB,qBAAqB,EACrB,gBAAgB,EAChB,eAAe,EACf,KAAK,kBAAkB,EACvB,KAAK,cAAc,GACpB,MAAM,oBAAoB,CAAC;AAE5B,OAAO,EACL,YAAY,EACZ,aAAa,EACb,uBAAuB,EACvB,mBAAmB,EACnB,gBAAgB,EAChB,cAAc,EACd,mBAAmB,EACnB,mBAAmB,EACnB,KAAK,UAAU,EACf,KAAK,aAAa,GACnB,MAAM,uBAAuB,CAAC;AAM/B,OAAO,EACL,cAAc,EACd,aAAa,EACb,KAAK,aAAa,EAClB,KAAK,WAAW,GACjB,MAAM,mBAAmB,CAAC;AAE3B,OAAO,EAAE,cAAc,EAAE,KAAK,qBAAqB,EAAE,MAAM,mBAAmB,CAAC;AAE/E,OAAO,EACL,cAAc,EACd,KAAK,qBAAqB,EAC1B,KAAK,YAAY,GAClB,MAAM,mBAAmB,CAAC;AAM3B,OAAO,EACL,cAAc,EACd,oBAAoB,EACpB,kBAAkB,EAClB,oBAAoB,EACpB,sBAAsB,EACtB,KAAK,YAAY,EACjB,KAAK,eAAe,EACpB,KAAK,YAAY,EACjB,KAAK,uBAAuB,EAC5B,KAAK,kBAAkB,EACvB,KAAK,mBAAmB,EACxB,KAAK,YAAY,EACjB,KAAK,YAAY,GAClB,MAAM,oBAAoB,CAAC;AAM5B,OAAO,EAAE,WAAW,EAAE,KAAK,kBAAkB,EAAE,MAAM,mBAAmB,CAAC;AAEzE,OAAO,EACL,aAAa,EACb,kBAAkB,EAClB,KAAK,YAAY,EACjB,KAAK,aAAa,GACnB,MAAM,qBAAqB,CAAC;AAE7B,OAAO,EACL,WAAW,EACX,cAAc,EACd,SAAS,EACT,mBAAmB,EACnB,WAAW,EACX,KAAK,gBAAgB,GACtB,MAAM,sBAAsB,CAAC;AAE9B,OAAO,EAAE,YAAY,EAAE,cAAc,IAAI,aAAa,EAAE,MAAM,mBAAmB,CAAC;AAElF,YAAY,EAAE,WAAW,EAAE,kBAAkB,EAAE,SAAS,IAAI,cAAc,EAAE,MAAM,mBAAmB,CAAC;AAMtG,OAAO,EAAE,uBAAuB,EAAE,MAAM,wBAAwB,CAAC;AAEjE,OAAO,EAAE,0BAA0B,EAAE,MAAM,2BAA2B,CAAC;AAEvE,YAAY,EACV,eAAe,EACf,eAAe,EACf,gBAAgB,EAChB,cAAc,EACd,gBAAgB,GACjB,MAAM,qBAAqB,CAAC;AAM7B,OAAO,EAAE,UAAU,EAAE,aAAa,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAE1E,OAAO,EACL,aAAa,EACb,WAAW,EACX,WAAW,EACX,UAAU,EACV,aAAa,GACd,MAAM,mBAAmB,CAAC;AAE3B,OAAO,EACL,MAAM,EACN,MAAM,EACN,YAAY,EACZ,WAAW,EACX,aAAa,EACb,YAAY,EACZ,kBAAkB,EAClB,cAAc,EACd,cAAc,EACd,KAAK,QAAQ,EACb,KAAK,QAAQ,EACb,KAAK,YAAY,GAClB,MAAM,mBAAmB,CAAC;AAM3B,OAAO,EACL,SAAS,EACT,cAAc,EACd,gBAAgB,EAChB,cAAc,EACd,KAAK,YAAY,EACjB,KAAK,cAAc,EACnB,KAAK,YAAY,GAClB,MAAM,aAAa,CAAC;AAMrB,OAAO,EACL,gBAAgB,EAChB,eAAe,EACf,iBAAiB,EACjB,sBAAsB,EACtB,eAAe,EACf,aAAa,EACb,oBAAoB,EACpB,kBAAkB,EAClB,KAAK,gBAAgB,EACrB,KAAK,gBAAgB,GACtB,MAAM,gBAAgB,CAAC;AAMxB,OAAO,EACL,UAAU,EACV,WAAW,EACX,cAAc,EACd,oBAAoB,EACpB,KAAK,UAAU,EACf,KAAK,YAAY,EACjB,KAAK,aAAa,EAClB,KAAK,aAAa,EAClB,KAAK,cAAc,GACpB,MAAM,cAAc,CAAC;AAMtB,OAAO,EACL,YAAY,EACZ,KAAK,YAAY,EACjB,KAAK,aAAa,EAClB,KAAK,mBAAmB,EACxB,KAAK,iBAAiB,EACtB,KAAK,wBAAwB,EAC7B,KAAK,aAAa,EAClB,KAAK,WAAW,EAChB,KAAK,iBAAiB,GACvB,MAAM,yBAAyB,CAAC"}

package/dist/index.js

@@ -0,0 +1,82 @@
+/**
+ * Tollgate - MCP Security Proxy
+ *
+ * The sudo command for AI agents - policy-based access control for MCP servers.
+ *
+ * @example
+ * ```typescript
+ * import { TollgateBridge, PolicyEngine, AuditLogger } from '@dotsetlabs/tollgate';
+ *
+ * // Start a tollgate proxy with configuration
+ * const bridge = new TollgateBridge({
+ *   config,
+ *   serverName: 'postgres',
+ * });
+ * await bridge.start();
+ * ```
+ *
+ * @packageDocumentation
+ */
+// ============================================================================
+// Core Policy Engine
+// ============================================================================
+export { PolicyEngine } from './policy/engine.js';
+export { validateConfig, normalizeToolPolicy, resolveServerEnv, getServerConfig, processNaturalPolicies, validateNaturalPolicies, } from './policy/parser.js';
+export { validateConfigWithDetails, formatValidationIssues, } from './policy/validator.js';
+// Natural Language Policy Parser
+export { parsePolicy, parseNaturalPolicies, policiesToConfig, isValidPolicyStatement, getSuggestions, POLICY_TEMPLATES, } from './policy/natural-language.js';
+// ============================================================================
+// Content Analyzers
+// ============================================================================
+export { AnalyzerRegistry, analyzerRegistry, riskToAction, inferAnalyzer, extractAnalyzableContent, SqlAnalyzer, FilesystemAnalyzer, ShellAnalyzer, HttpAnalyzer, PromptInjectionAnalyzer, } from './analyzers/index.js';
+export { DEFAULT_RISK_MAPPING } from './analyzers/types.js';
+// ============================================================================
+// Custom Analyzer SDK
+// ============================================================================
+export { defineAnalyzer, defineAsyncAnalyzer, createPatternAnalyzer, isCustomAnalyzer, isAsyncAnalyzer, } from './analyzers/sdk.js';
+export { loadAnalyzer, loadAnalyzers, loadAnalyzersFromConfig, initializeAnalyzers, cleanupAnalyzers, unloadAnalyzer, listCustomAnalyzers, resolveAnalyzerPath, } from './analyzers/loader.js';
+// ============================================================================
+// Proxy Components
+// ============================================================================
+export { TollgateBridge, startWrapMode, } from './proxy/bridge.js';
+export { TollgateServer } from './proxy/server.js';
+export { UpstreamClient, } from './proxy/client.js';
+// ============================================================================
+// Session Management
+// ============================================================================
+export { SessionManager, InMemorySessionStore, SqliteSessionStore, durationToTtlSeconds, DEFAULT_SESSION_CONFIG, } from './session/index.js';
+// ============================================================================
+// Audit Logging
+// ============================================================================
+export { AuditLogger } from './audit/logger.js';
+export { AuditExporter, exportAuditRecords, } from './audit/exporter.js';
+export { PiiRedactor, createRedactor, redactPii, redactPiiFromObject, containsPii, } from './audit/redaction.js';
+export { AUDIT_SCHEMA, SCHEMA_VERSION as AUDIT_VERSION } from './audit/schema.js';
+// ============================================================================
+// Approval Handling
+// ============================================================================
+export { TerminalApprovalHandler } from './approval/terminal.js';
+export { InteractiveApprovalHandler } from './approval/interactive.js';
+// ============================================================================
+// Utilities
+// ============================================================================
+export { loadConfig, expandEnvVars, getDataDir } from './utils/config.js';
+export { TollgateError, ConfigError, PolicyError, ProxyError, UpstreamError, } from './utils/errors.js';
+export { Logger, logger, createLogger, proxyLogger, sessionLogger, policyLogger, orchestratorLogger, upstreamLogger, approvalLogger, } from './utils/logger.js';
+// ============================================================================
+// Configuration Wizard
+// ============================================================================
+export { runWizard, generateConfig, SERVER_TEMPLATES, POLICY_PRESETS, } from './wizard.js';
+// ============================================================================
+// Template Library
+// ============================================================================
+export { TEMPLATE_LIBRARY, getAllTemplates, getTemplateByName, getTemplatesByCategory, searchTemplates, getCategories, generateTemplateYaml, generateFullConfig, } from './templates.js';
+// ============================================================================
+// MCP Server Scanner
+// ============================================================================
+export { scanServer, analyzeTool, generatePolicy, generateServerConfig, } from './scanner.js';
+// ============================================================================
+// Multi-Server Orchestrator
+// ============================================================================
+export { Orchestrator, } from './orchestrator/index.js';
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAEH,+EAA+E;AAC/E,qBAAqB;AACrB,+EAA+E;AAE/E,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAElD,OAAO,EACL,cAAc,EACd,mBAAmB,EACnB,gBAAgB,EAChB,eAAe,EACf,sBAAsB,EACtB,uBAAuB,GAExB,MAAM,oBAAoB,CAAC;AAE5B,OAAO,EACL,yBAAyB,EACzB,sBAAsB,GAIvB,MAAM,uBAAuB,CAAC;AAqB/B,iCAAiC;AACjC,OAAO,EACL,WAAW,EACX,oBAAoB,EACpB,gBAAgB,EAChB,sBAAsB,EACtB,cAAc,EACd,gBAAgB,GAGjB,MAAM,8BAA8B,CAAC;AAEtC,+EAA+E;AAC/E,oBAAoB;AACpB,+EAA+E;AAE/E,OAAO,EACL,gBAAgB,EAChB,gBAAgB,EAChB,YAAY,EACZ,aAAa,EACb,wBAAwB,EACxB,WAAW,EACX,kBAAkB,EAClB,aAAa,EACb,YAAY,EACZ,uBAAuB,GAExB,MAAM,sBAAsB,CAAC;AAU9B,OAAO,EAAE,oBAAoB,EAAE,MAAM,sBAAsB,CAAC;AAE5D,+EAA+E;AAC/E,sBAAsB;AACtB,+EAA+E;AAE/E,OAAO,EACL,cAAc,EACd,mBAAmB,EACnB,qBAAqB,EACrB,gBAAgB,EAChB,eAAe,GAGhB,MAAM,oBAAoB,CAAC;AAE5B,OAAO,EACL,YAAY,EACZ,aAAa,EACb,uBAAuB,EACvB,mBAAmB,EACnB,gBAAgB,EAChB,cAAc,EACd,mBAAmB,EACnB,mBAAmB,GAGpB,MAAM,uBAAuB,CAAC;AAE/B,+EAA+E;AAC/E,mBAAmB;AACnB,+EAA+E;AAE/E,OAAO,EACL,cAAc,EACd,aAAa,GAGd,MAAM,mBAAmB,CAAC;AAE3B,OAAO,EAAE,cAAc,EAA8B,MAAM,mBAAmB,CAAC;AAE/E,OAAO,EACL,cAAc,GAGf,MAAM,mBAAmB,CAAC;AAE3B,+EAA+E;AAC/E,qBAAqB;AACrB,+EAA+E;AAE/E,OAAO,EACL,cAAc,EACd,oBAAoB,EACpB,kBAAkB,EAClB,oBAAoB,EACpB,sBAAsB,GASvB,MAAM,oBAAoB,CAAC;AAE5B,+EAA+E;AAC/E,gBAAgB;AAChB,+EAA+E;AAE/E,OAAO,EAAE,WAAW,EAA2B,MAAM,mBAAmB,CAAC;AAEzE,OAAO,EACL,aAAa,EACb,kBAAkB,GAGnB,MAAM,qBAAqB,CAAC;AAE7B,OAAO,EACL,WAAW,EACX,cAAc,EACd,SAAS,EACT,mBAAmB,EACnB,WAAW,GAEZ,MAAM,sBAAsB,CAAC;AAE9B,OAAO,EAAE,YAAY,EAAE,cAAc,IAAI,aAAa,EAAE,MAAM,mBAAmB,CAAC;AAIlF,+EAA+E;AAC/E,oBAAoB;AACpB,+EAA+E;AAE/E,OAAO,EAAE,uBAAuB,EAAE,MAAM,wBAAwB,CAAC;AAEjE,OAAO,EAAE,0BAA0B,EAAE,MAAM,2BAA2B,CAAC;AAUvE,+EAA+E;AAC/E,YAAY;AACZ,+EAA+E;AAE/E,OAAO,EAAE,UAAU,EAAE,aAAa,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAE1E,OAAO,EACL,aAAa,EACb,WAAW,EACX,WAAW,EACX,UAAU,EACV,aAAa,GACd,MAAM,mBAAmB,CAAC;AAE3B,OAAO,EACL,MAAM,EACN,MAAM,EACN,YAAY,EACZ,WAAW,EACX,aAAa,EACb,YAAY,EACZ,kBAAkB,EAClB,cAAc,EACd,cAAc,GAIf,MAAM,mBAAmB,CAAC;AAE3B,+EAA+E;AAC/E,uBAAuB;AACvB,+EAA+E;AAE/E,OAAO,EACL,SAAS,EACT,cAAc,EACd,gBAAgB,EAChB,cAAc,GAIf,MAAM,aAAa,CAAC;AAErB,+EAA+E;AAC/E,mBAAmB;AACnB,+EAA+E;AAE/E,OAAO,EACL,gBAAgB,EAChB,eAAe,EACf,iBAAiB,EACjB,sBAAsB,EACtB,eAAe,EACf,aAAa,EACb,oBAAoB,EACpB,kBAAkB,GAGnB,MAAM,gBAAgB,CAAC;AAExB,+EAA+E;AAC/E,qBAAqB;AACrB,+EAA+E;AAE/E,OAAO,EACL,UAAU,EACV,WAAW,EACX,cAAc,EACd,oBAAoB,GAMrB,MAAM,cAAc,CAAC;AAEtB,+EAA+E;AAC/E,4BAA4B;AAC5B,+EAA+E;AAE/E,OAAO,EACL,YAAY,GASb,MAAM,yBAAyB,CAAC"}

package/dist/orchestrator/index.d.ts

@@ -0,0 +1,11 @@
+/**
+ * Multi-Server Orchestrator Module
+ *
+ * Provides multi-server management for Tollgate, allowing a single process
+ * to manage multiple MCP servers with unified control and monitoring.
+ *
+ * @module orchestrator
+ */
+export { Orchestrator } from './manager.js';
+export type { ServerStatus, ManagedServer, OrchestratorOptions, OrchestratorEvent, OrchestratorEventHandler, CommandResult, ServerStats, OrchestratorStats, } from './types.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/orchestrator/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/orchestrator/index.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC;AAE5C,YAAY,EACV,YAAY,EACZ,aAAa,EACb,mBAAmB,EACnB,iBAAiB,EACjB,wBAAwB,EACxB,aAAa,EACb,WAAW,EACX,iBAAiB,GAClB,MAAM,YAAY,CAAC"}

package/dist/orchestrator/index.js

@@ -0,0 +1,10 @@
+/**
+ * Multi-Server Orchestrator Module
+ *
+ * Provides multi-server management for Tollgate, allowing a single process
+ * to manage multiple MCP servers with unified control and monitoring.
+ *
+ * @module orchestrator
+ */
+export { Orchestrator } from './manager.js';
+//# sourceMappingURL=index.js.map

package/dist/orchestrator/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/orchestrator/index.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC"}

package/dist/orchestrator/manager.d.ts

@@ -0,0 +1,127 @@
+/**
+ * Multi-Server Orchestrator Manager
+ *
+ * Manages multiple MCP server instances in a single Tollgate process.
+ * Provides lifecycle management, health monitoring, and unified control.
+ *
+ * @module orchestrator/manager
+ */
+import type { AuditRecord } from '../audit/schema.js';
+import type { ManagedServer, OrchestratorOptions, OrchestratorEventHandler, OrchestratorStats, CommandResult } from './types.js';
+/**
+ * Multi-Server Orchestrator
+ *
+ * Manages multiple MCP servers in a single process, providing:
+ * - Lifecycle management (start, stop, restart)
+ * - Health monitoring
+ * - Unified statistics
+ * - Event-driven status updates
+ *
+ * @example
+ * ```typescript
+ * const orchestrator = new Orchestrator({
+ *   config,
+ *   autoStart: true,
+ * });
+ *
+ * orchestrator.on((event) => {
+ *   console.log(`[${event.type}]`, event);
+ * });
+ *
+ * await orchestrator.start();
+ * ```
+ */
+export declare class Orchestrator {
+    private readonly options;
+    private readonly config;
+    private readonly resilience;
+    private readonly servers;
+    private readonly instances;
+    private readonly eventHandlers;
+    private readonly startTime;
+    private isShuttingDown;
+    private approvalHandler?;
+    constructor(options: OrchestratorOptions);
+    /**
+     * Register an event handler.
+     */
+    on(handler: OrchestratorEventHandler): void;
+    /**
+     * Remove an event handler.
+     */
+    off(handler: OrchestratorEventHandler): void;
+    /**
+     * Emit an event to all handlers.
+     */
+    private emit;
+    /**
+     * Start the orchestrator and optionally auto-start servers.
+     */
+    start(): Promise<void>;
+    /**
+     * Shutdown the orchestrator and all running servers.
+     */
+    shutdown(): Promise<void>;
+    /**
+     * Get all configured server names.
+     */
+    getServerNames(): string[];
+    /**
+     * Get names of currently running servers.
+     */
+    getRunningServers(): string[];
+    /**
+     * Get names of stopped servers.
+     */
+    getStoppedServers(): string[];
+    /**
+     * Get information about a specific server.
+     */
+    getServer(name: string): ManagedServer | undefined;
+    /**
+     * Get all managed servers.
+     */
+    getAllServers(): ManagedServer[];
+    /**
+     * Get aggregated audit records from all running server instances.
+     * Records are sorted by timestamp (most recent first).
+     */
+    getAggregatedAuditRecords(limit?: number): AuditRecord[];
+    /**
+     * Start a specific server.
+     */
+    startServer(name: string): Promise<CommandResult>;
+    /**
+     * Stop a specific server.
+     */
+    stopServer(name: string): Promise<CommandResult>;
+    /**
+     * Restart a specific server.
+     */
+    restartServer(name: string): Promise<CommandResult>;
+    /**
+     * Start all servers.
+     */
+    startAll(): Promise<CommandResult[]>;
+    /**
+     * Stop all servers.
+     */
+    stopAll(): Promise<CommandResult[]>;
+    /**
+     * Get statistics for all servers.
+     */
+    getStats(): OrchestratorStats;
+    /**
+     * Get server logs (from audit logger).
+     */
+    getServerLogs(name: string, limit?: number): Promise<CommandResult>;
+    /**
+     * Creates the appropriate approval handler based on configuration.
+     */
+    private createApprovalHandler;
+    /**
+     * Creates the appropriate session store based on configuration.
+     */
+    private createSessionManager;
+}
+//# sourceMappingURL=manager.d.ts.map

package/dist/orchestrator/manager.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"manager.d.ts","sourceRoot":"","sources":["../../src/orchestrator/manager.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAOH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AAYtD,OAAO,KAAK,EACV,aAAa,EACb,mBAAmB,EAEnB,wBAAwB,EACxB,iBAAiB,EAEjB,aAAa,EACd,MAAM,YAAY,CAAC;AAYpB;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,qBAAa,YAAY;IACvB,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAsB;IAC9C,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAiB;IACxC,OAAO,CAAC,QAAQ,CAAC,UAAU,CAA6B;IACxD,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAyC;IACjE,OAAO,CAAC,QAAQ,CAAC,SAAS,CAA0C;IACpE,OAAO,CAAC,QAAQ,CAAC,aAAa,CAA4C;IAC1E,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAO;IACjC,OAAO,CAAC,cAAc,CAAS;IAC/B,OAAO,CAAC,eAAe,CAAC,CAAkB;gBAE9B,OAAO,EAAE,mBAAmB;IA4CxC;;OAEG;IACH,EAAE,CAAC,OAAO,EAAE,wBAAwB,GAAG,IAAI;IAI3C;;OAEG;IACH,GAAG,CAAC,OAAO,EAAE,wBAAwB,GAAG,IAAI;IAI5C;;OAEG;IACH,OAAO,CAAC,IAAI;IAaZ;;OAEG;IACG,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAiC5B;;OAEG;IACG,QAAQ,IAAI,OAAO,CAAC,IAAI,CAAC;IAoB/B;;OAEG;IACH,cAAc,IAAI,MAAM,EAAE;IAI1B;;OAEG;IACH,iBAAiB,IAAI,MAAM,EAAE;IAM7B;;OAEG;IACH,iBAAiB,IAAI,MAAM,EAAE;IAM7B;;OAEG;IACH,SAAS,CAAC,IAAI,EAAE,MAAM,GAAG,aAAa,GAAG,SAAS;IAIlD;;OAEG;IACH,aAAa,IAAI,aAAa,EAAE;IAIhC;;;OAGG;IACH,yBAAyB,CAAC,KAAK,SAAK,GAAG,WAAW,EAAE;IAkBpD;;OAEG;IACG,WAAW,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,CAAC;IA+FvD;;OAEG;IACG,UAAU,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,CAAC;IAoDtD;;OAEG;IACG,aAAa,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,CAAC;IASzD;;OAEG;IACG,QAAQ,IAAI,OAAO,CAAC,aAAa,EAAE,CAAC;IAS1C;;OAEG;IACG,OAAO,IAAI,OAAO,CAAC,aAAa,EAAE,CAAC;IASzC;;OAEG;IACH,QAAQ,IAAI,iBAAiB;IA+C7B;;OAEG;IACG,aAAa,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,SAAK,GAAG,OAAO,CAAC,aAAa,CAAC;IAyBrE;;OAEG;IACH,OAAO,CAAC,qBAAqB;IAiB7B;;OAEG;IACH,OAAO,CAAC,oBAAoB;CAc7B"}