@dotsetlabs/tollgate 0.1.0

package/dist/policy/validator.js

@@ -0,0 +1,453 @@
+/**
+ * Policy Validator for Tollgate
+ *
+ * Provides comprehensive validation of Tollgate configuration files
+ * with detailed error messages and suggestions for common issues.
+ *
+ * @example
+ * ```typescript
+ * import { validateConfigWithDetails } from './validator.js';
+ *
+ * const issues = validateConfigWithDetails(config);
+ * if (issues.some(i => i.level === 'error')) {
+ *   console.error('Configuration has errors');
+ *   process.exit(1);
+ * }
+ * ```
+ */
+import { minimatch } from 'minimatch';
+import { analyzerRegistry } from '../analyzers/index.js';
+// =============================================================================
+// Constants
+// =============================================================================
+const VALID_ACTIONS = ['allow', 'deny', 'prompt', 'smart'];
+const VALID_SCOPES = ['exact', 'tool', 'server', 'pattern'];
+const VALID_RISK_LEVELS = ['safe', 'read', 'write', 'destructive', 'dangerous'];
+const VALID_APPROVAL_METHODS = ['terminal', 'interactive', 'webhook'];
+// =============================================================================
+// Main Validation Function
+// =============================================================================
+/**
+ * Validates a Tollgate configuration with detailed error reporting.
+ *
+ * @param config - The configuration to validate
+ * @param serverFilter - Optional: only validate a specific server
+ * @returns Validation result with all issues found
+ */
+export function validateConfigWithDetails(config, serverFilter) {
+    const issues = [];
+    const analyzersUsed = new Set();
+    let toolPoliciesCount = 0;
+    let smartAnalysisEnabled = false;
+    // Validate version
+    if (!config.version) {
+        issues.push({
+            level: 'error',
+            path: 'version',
+            message: 'Configuration must specify a version',
+            suggestion: 'Add: version: "1"',
+        });
+    }
+    else if (config.version !== '1') {
+        issues.push({
+            level: 'error',
+            path: 'version',
+            message: `Unsupported config version: ${config.version}`,
+            suggestion: 'Use version: "1"',
+            details: { supportedVersions: ['1'] },
+        });
+    }
+    // Validate global defaults
+    if (config.defaults) {
+        if (config.defaults.action) {
+            if (!VALID_ACTIONS.includes(config.defaults.action)) {
+                issues.push({
+                    level: 'error',
+                    path: 'defaults.action',
+                    message: `Invalid default action: ${config.defaults.action}`,
+                    suggestion: `Use one of: ${VALID_ACTIONS.join(', ')}`,
+                });
+            }
+            if (config.defaults.action === 'smart') {
+                issues.push({
+                    level: 'warning',
+                    path: 'defaults.action',
+                    message: "'smart' as global default may not work as expected",
+                    suggestion: "Set 'smart' at the server or tool level with an analyzer configured",
+                });
+            }
+        }
+        if (config.defaults.timeout !== undefined) {
+            if (typeof config.defaults.timeout !== 'number' || config.defaults.timeout < 0) {
+                issues.push({
+                    level: 'error',
+                    path: 'defaults.timeout',
+                    message: 'Timeout must be a positive number (milliseconds)',
+                });
+            }
+            else if (config.defaults.timeout < 5000) {
+                issues.push({
+                    level: 'warning',
+                    path: 'defaults.timeout',
+                    message: `Timeout of ${config.defaults.timeout}ms may be too short for user approval`,
+                    suggestion: 'Consider using at least 30000ms (30 seconds)',
+                });
+            }
+        }
+    }
+    // Validate approval configuration
+    if (config.approval) {
+        if (config.approval.method && !VALID_APPROVAL_METHODS.includes(config.approval.method)) {
+            issues.push({
+                level: 'error',
+                path: 'approval.method',
+                message: `Invalid approval method: ${config.approval.method}`,
+                suggestion: `Use one of: ${VALID_APPROVAL_METHODS.join(', ')}`,
+            });
+        }
+        if (config.approval.method === 'webhook') {
+            if (!config.approval.url) {
+                issues.push({
+                    level: 'error',
+                    path: 'approval.url',
+                    message: 'Webhook approval method requires a URL',
+                    suggestion: 'Add: url: "https://your-webhook-endpoint.com"',
+                });
+            }
+            issues.push({
+                level: 'info',
+                path: 'approval.method',
+                message: 'Webhook approval is not yet implemented',
+                suggestion: 'Use method: terminal for now',
+            });
+        }
+    }
+    // Validate servers
+    if (!config.servers || Object.keys(config.servers).length === 0) {
+        issues.push({
+            level: 'warning',
+            path: 'servers',
+            message: 'No servers configured',
+            suggestion: 'Add at least one server configuration',
+        });
+    }
+    else {
+        const serverNames = Object.keys(config.servers);
+        // Check for server filter
+        if (serverFilter && !serverNames.includes(serverFilter)) {
+            issues.push({
+                level: 'error',
+                path: 'servers',
+                message: `Server "${serverFilter}" not found in configuration`,
+                details: { availableServers: serverNames },
+            });
+        }
+        // Validate each server
+        for (const [name, server] of Object.entries(config.servers)) {
+            if (serverFilter && name !== serverFilter)
+                continue;
+            const serverPath = `servers.${name}`;
+            const serverIssues = validateServerConfig(name, server, serverPath);
+            issues.push(...serverIssues.issues);
+            toolPoliciesCount += serverIssues.toolPoliciesCount;
+            if (serverIssues.analyzersUsed.length > 0) {
+                smartAnalysisEnabled = true;
+                serverIssues.analyzersUsed.forEach((a) => analyzersUsed.add(a));
+            }
+        }
+    }
+    // Count issues by level
+    const errorCount = issues.filter((i) => i.level === 'error').length;
+    const warningCount = issues.filter((i) => i.level === 'warning').length;
+    const infoCount = issues.filter((i) => i.level === 'info').length;
+    return {
+        valid: errorCount === 0,
+        issues,
+        errorCount,
+        warningCount,
+        infoCount,
+        stats: {
+            serversConfigured: Object.keys(config.servers ?? {}).length,
+            toolPoliciesConfigured: toolPoliciesCount,
+            smartAnalysisEnabled,
+            analyzersUsed: Array.from(analyzersUsed),
+        },
+    };
+}
+function validateServerConfig(name, config, basePath) {
+    const issues = [];
+    const analyzersUsed = [];
+    let toolPoliciesCount = 0;
+    // Validate command
+    if (!config.command) {
+        issues.push({
+            level: 'error',
+            path: basePath,
+            message: `Server "${name}" must specify a command`,
+            suggestion: 'Add: command: "npx" (or path to your MCP server)',
+        });
+    }
+    // Validate args
+    if (config.args && !Array.isArray(config.args)) {
+        issues.push({
+            level: 'error',
+            path: `${basePath}.args`,
+            message: 'args must be an array of strings',
+            suggestion: 'Use: args: ["-y", "@modelcontextprotocol/server-postgres"]',
+        });
+    }
+    // Check for environment variables
+    if (config.env) {
+        for (const [key, value] of Object.entries(config.env)) {
+            if (typeof value === 'string' && value.includes('${')) {
+                const varMatch = value.match(/\$\{(\w+)\}/);
+                if (varMatch && varMatch[1]) {
+                    const envVar = varMatch[1];
+                    if (!process.env[envVar]) {
+                        issues.push({
+                            level: 'warning',
+                            path: `${basePath}.env.${key}`,
+                            message: `Environment variable ${envVar} is not set`,
+                            suggestion: `Set ${envVar} in your environment or .env file`,
+                        });
+                    }
+                }
+            }
+        }
+    }
+    // Validate server defaults
+    if (config.defaults) {
+        if (config.defaults.action && !VALID_ACTIONS.includes(config.defaults.action)) {
+            issues.push({
+                level: 'error',
+                path: `${basePath}.defaults.action`,
+                message: `Invalid default action: ${config.defaults.action}`,
+                suggestion: `Use one of: ${VALID_ACTIONS.join(', ')}`,
+            });
+        }
+        if (config.defaults.analyzer) {
+            if (!analyzerRegistry.has(config.defaults.analyzer)) {
+                issues.push({
+                    level: 'error',
+                    path: `${basePath}.defaults.analyzer`,
+                    message: `Unknown analyzer: ${config.defaults.analyzer}`,
+                    suggestion: `Use one of: ${analyzerRegistry.list().join(', ')}`,
+                });
+            }
+            else {
+                analyzersUsed.push(config.defaults.analyzer);
+            }
+        }
+    }
+    // Validate tool policies
+    if (config.tools) {
+        const patterns = Object.keys(config.tools);
+        toolPoliciesCount = patterns.length;
+        // Check for catch-all pattern
+        const hasCatchAll = patterns.includes('*');
+        if (!hasCatchAll && !config.defaults?.action) {
+            issues.push({
+                level: 'info',
+                path: `${basePath}.tools`,
+                message: 'No catch-all pattern (*) and no server defaults configured',
+                suggestion: 'Add a catch-all policy: "*": { action: deny } for security',
+            });
+        }
+        // Validate each tool policy
+        for (const [pattern, policy] of Object.entries(config.tools)) {
+            const policyPath = `${basePath}.tools.${pattern}`;
+            const policyIssues = validateToolPolicy(pattern, policy, policyPath, name);
+            issues.push(...policyIssues.issues);
+            if (policyIssues.analyzerUsed) {
+                analyzersUsed.push(policyIssues.analyzerUsed);
+            }
+        }
+        // Check for potentially unreachable patterns
+        checkPatternReachability(patterns, issues, `${basePath}.tools`);
+    }
+    else if (!config.defaults?.action) {
+        issues.push({
+            level: 'warning',
+            path: basePath,
+            message: `Server "${name}" has no tool policies and no defaults`,
+            suggestion: 'Add tool policies or set defaults.action',
+        });
+    }
+    return { issues, toolPoliciesCount, analyzersUsed };
+}
+function validateToolPolicy(pattern, policy, basePath, serverName) {
+    const issues = [];
+    let analyzerUsed;
+    // Normalize policy
+    const normalizedPolicy = typeof policy === 'string' ? { action: policy } : policy;
+    // Validate action
+    if (!VALID_ACTIONS.includes(normalizedPolicy.action)) {
+        issues.push({
+            level: 'error',
+            path: basePath,
+            message: `Invalid action: ${normalizedPolicy.action}`,
+            suggestion: `Use one of: ${VALID_ACTIONS.join(', ')}`,
+        });
+    }
+    // Validate smart action configuration
+    if (normalizedPolicy.action === 'smart') {
+        if (normalizedPolicy.analyzer) {
+            if (!analyzerRegistry.has(normalizedPolicy.analyzer)) {
+                issues.push({
+                    level: 'error',
+                    path: `${basePath}.analyzer`,
+                    message: `Unknown analyzer: ${normalizedPolicy.analyzer}`,
+                    suggestion: `Use one of: ${analyzerRegistry.list().join(', ')}`,
+                });
+            }
+            else {
+                analyzerUsed = normalizedPolicy.analyzer;
+            }
+        }
+        else {
+            // Check if we can infer the analyzer
+            const canInfer = ['postgres', 'mysql', 'sqlite', 'database', 'filesystem', 'file', 'fs', 'shell', 'terminal', 'bash'].some((keyword) => serverName.toLowerCase().includes(keyword));
+            if (!canInfer) {
+                issues.push({
+                    level: 'warning',
+                    path: basePath,
+                    message: "Smart action without explicit analyzer - may fall back to 'prompt'",
+                    suggestion: `Add: analyzer: sql (or filesystem, shell)`,
+                });
+            }
+        }
+        // Validate risk mappings
+        if (normalizedPolicy.risks) {
+            for (const [risk, action] of Object.entries(normalizedPolicy.risks)) {
+                if (!VALID_RISK_LEVELS.includes(risk)) {
+                    issues.push({
+                        level: 'error',
+                        path: `${basePath}.risks.${risk}`,
+                        message: `Invalid risk level: ${risk}`,
+                        suggestion: `Use one of: ${VALID_RISK_LEVELS.join(', ')}`,
+                    });
+                }
+                if (!['allow', 'deny', 'prompt'].includes(action)) {
+                    issues.push({
+                        level: 'error',
+                        path: `${basePath}.risks.${risk}`,
+                        message: `Invalid action for risk mapping: ${action}`,
+                        suggestion: 'Use one of: allow, deny, prompt',
+                    });
+                }
+            }
+        }
+    }
+    // Validate session configuration
+    if (normalizedPolicy.session) {
+        if (normalizedPolicy.session.scope && !VALID_SCOPES.includes(normalizedPolicy.session.scope)) {
+            issues.push({
+                level: 'error',
+                path: `${basePath}.session.scope`,
+                message: `Invalid session scope: ${normalizedPolicy.session.scope}`,
+                suggestion: `Use one of: ${VALID_SCOPES.join(', ')}`,
+            });
+        }
+        if (normalizedPolicy.session.ttl !== undefined) {
+            if (typeof normalizedPolicy.session.ttl !== 'number' || normalizedPolicy.session.ttl < 0) {
+                issues.push({
+                    level: 'error',
+                    path: `${basePath}.session.ttl`,
+                    message: 'TTL must be a positive number (seconds)',
+                });
+            }
+            else if (normalizedPolicy.session.ttl > 86400) {
+                issues.push({
+                    level: 'warning',
+                    path: `${basePath}.session.ttl`,
+                    message: 'Session TTL over 24 hours may pose security risks',
+                    suggestion: 'Consider using a shorter TTL for security',
+                });
+            }
+        }
+    }
+    // Validate glob pattern syntax
+    if (pattern.includes('*')) {
+        try {
+            // Test the pattern with minimatch
+            minimatch('test', pattern);
+        }
+        catch {
+            issues.push({
+                level: 'error',
+                path: basePath,
+                message: `Invalid glob pattern: ${pattern}`,
+                suggestion: 'Check glob pattern syntax',
+            });
+        }
+    }
+    return { issues, analyzerUsed };
+}
+// =============================================================================
+// Pattern Analysis
+// =============================================================================
+/**
+ * Checks for patterns that might be unreachable due to ordering.
+ */
+function checkPatternReachability(patterns, issues, basePath) {
+    // Sort patterns by specificity (exact match > longer patterns > wildcards > catch-all)
+    const sortedPatterns = [...patterns].sort((a, b) => {
+        if (a === '*')
+            return 1;
+        if (b === '*')
+            return -1;
+        if (a.includes('*') && !b.includes('*'))
+            return 1;
+        if (!a.includes('*') && b.includes('*'))
+            return -1;
+        return b.length - a.length;
+    });
+    // Check if any specific pattern would match before a broader one
+    for (let i = 0; i < sortedPatterns.length; i++) {
+        const current = sortedPatterns[i];
+        if (!current || current === '*')
+            continue;
+        for (let j = i + 1; j < sortedPatterns.length; j++) {
+            const broader = sortedPatterns[j];
+            if (!broader || broader === '*')
+                continue;
+            // Check if broader pattern would match things current pattern matches
+            if (broader.includes('*') && !current.includes('*')) {
+                if (minimatch(current, broader)) {
+                    issues.push({
+                        level: 'info',
+                        path: `${basePath}.${broader}`,
+                        message: `Pattern "${broader}" would also match "${current}", but exact match takes precedence`,
+                    });
+                }
+            }
+        }
+    }
+}
+// =============================================================================
+// Output Formatting
+// =============================================================================
+/**
+ * Formats validation issues for console output.
+ */
+export function formatValidationIssues(issues) {
+    const lines = [];
+    const grouped = {
+        error: issues.filter((i) => i.level === 'error'),
+        warning: issues.filter((i) => i.level === 'warning'),
+        info: issues.filter((i) => i.level === 'info'),
+    };
+    for (const [level, levelIssues] of Object.entries(grouped)) {
+        if (levelIssues.length === 0)
+            continue;
+        const icon = level === 'error' ? '✗' : level === 'warning' ? '⚠' : 'ℹ';
+        for (const issue of levelIssues) {
+            lines.push(`  ${icon} [${issue.path}] ${issue.message}`);
+            if (issue.suggestion) {
+                lines.push(`    → ${issue.suggestion}`);
+            }
+        }
+    }
+    return lines.join('\n');
+}
+//# sourceMappingURL=validator.js.map

package/dist/policy/validator.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"validator.js","sourceRoot":"","sources":["../../src/policy/validator.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AAOtC,OAAO,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AA2DzD,gFAAgF;AAChF,YAAY;AACZ,gFAAgF;AAEhF,MAAM,aAAa,GAAmB,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;AAC3E,MAAM,YAAY,GAAG,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,SAAS,CAAC,CAAC;AAC5D,MAAM,iBAAiB,GAAG,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,aAAa,EAAE,WAAW,CAAC,CAAC;AAChF,MAAM,sBAAsB,GAAG,CAAC,UAAU,EAAE,aAAa,EAAE,SAAS,CAAC,CAAC;AAEtE,gFAAgF;AAChF,2BAA2B;AAC3B,gFAAgF;AAEhF;;;;;;GAMG;AACH,MAAM,UAAU,yBAAyB,CACvC,MAAsB,EACtB,YAAqB;IAErB,MAAM,MAAM,GAAsB,EAAE,CAAC;IACrC,MAAM,aAAa,GAAG,IAAI,GAAG,EAAU,CAAC;IACxC,IAAI,iBAAiB,GAAG,CAAC,CAAC;IAC1B,IAAI,oBAAoB,GAAG,KAAK,CAAC;IAEjC,mBAAmB;IACnB,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;QACpB,MAAM,CAAC,IAAI,CAAC;YACV,KAAK,EAAE,OAAO;YACd,IAAI,EAAE,SAAS;YACf,OAAO,EAAE,sCAAsC;YAC/C,UAAU,EAAE,mBAAmB;SAChC,CAAC,CAAC;IACL,CAAC;SAAM,IAAI,MAAM,CAAC,OAAO,KAAK,GAAG,EAAE,CAAC;QAClC,MAAM,CAAC,IAAI,CAAC;YACV,KAAK,EAAE,OAAO;YACd,IAAI,EAAE,SAAS;YACf,OAAO,EAAE,+BAA+B,MAAM,CAAC,OAAO,EAAE;YACxD,UAAU,EAAE,kBAAkB;YAC9B,OAAO,EAAE,EAAE,iBAAiB,EAAE,CAAC,GAAG,CAAC,EAAE;SACtC,CAAC,CAAC;IACL,CAAC;IAED,2BAA2B;IAC3B,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;QACpB,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC;YAC3B,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;gBACpD,MAAM,CAAC,IAAI,CAAC;oBACV,KAAK,EAAE,OAAO;oBACd,IAAI,EAAE,iBAAiB;oBACvB,OAAO,EAAE,2BAA2B,MAAM,CAAC,QAAQ,CAAC,MAAM,EAAE;oBAC5D,UAAU,EAAE,eAAe,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;iBACtD,CAAC,CAAC;YACL,CAAC;YACD,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,KAAK,OAAO,EAAE,CAAC;gBACvC,MAAM,CAAC,IAAI,CAAC;oBACV,KAAK,EAAE,SAAS;oBAChB,IAAI,EAAE,iBAAiB;oBACvB,OAAO,EAAE,oDAAoD;oBAC7D,UAAU,EAAE,qEAAqE;iBAClF,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,IAAI,MAAM,CAAC,QAAQ,CAAC,OAAO,KAAK,SAAS,EAAE,CAAC;YAC1C,IAAI,OAAO,MAAM,CAAC,QAAQ,CAAC,OAAO,KAAK,QAAQ,IAAI,MAAM,CAAC,QAAQ,CAAC,OAAO,GAAG,CAAC,EAAE,CAAC;gBAC/E,MAAM,CAAC,IAAI,CAAC;oBACV,KAAK,EAAE,OAAO;oBACd,IAAI,EAAE,kBAAkB;oBACxB,OAAO,EAAE,kDAAkD;iBAC5D,CAAC,CAAC;YACL,CAAC;iBAAM,IAAI,MAAM,CAAC,QAAQ,CAAC,OAAO,GAAG,IAAI,EAAE,CAAC;gBAC1C,MAAM,CAAC,IAAI,CAAC;oBACV,KAAK,EAAE,SAAS;oBAChB,IAAI,EAAE,kBAAkB;oBACxB,OAAO,EAAE,cAAc,MAAM,CAAC,QAAQ,CAAC,OAAO,uCAAuC;oBACrF,UAAU,EAAE,8CAA8C;iBAC3D,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,kCAAkC;IAClC,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;QACpB,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,IAAI,CAAC,sBAAsB,CAAC,QAAQ,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YACvF,MAAM,CAAC,IAAI,CAAC;gBACV,KAAK,EAAE,OAAO;gBACd,IAAI,EAAE,iBAAiB;gBACvB,OAAO,EAAE,4BAA4B,MAAM,CAAC,QAAQ,CAAC,MAAM,EAAE;gBAC7D,UAAU,EAAE,eAAe,sBAAsB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;aAC/D,CAAC,CAAC;QACL,CAAC;QAED,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;YACzC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,GAAG,EAAE,CAAC;gBACzB,MAAM,CAAC,IAAI,CAAC;oBACV,KAAK,EAAE,OAAO;oBACd,IAAI,EAAE,cAAc;oBACpB,OAAO,EAAE,wCAAwC;oBACjD,UAAU,EAAE,+CAA+C;iBAC5D,CAAC,CAAC;YACL,CAAC;YACD,MAAM,CAAC,IAAI,CAAC;gBACV,KAAK,EAAE,MAAM;gBACb,IAAI,EAAE,iBAAiB;gBACvB,OAAO,EAAE,yCAAyC;gBAClD,UAAU,EAAE,8BAA8B;aAC3C,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,mBAAmB;IACnB,IAAI,CAAC,MAAM,CAAC,OAAO,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAChE,MAAM,CAAC,IAAI,CAAC;YACV,KAAK,EAAE,SAAS;YAChB,IAAI,EAAE,SAAS;YACf,OAAO,EAAE,uBAAuB;YAChC,UAAU,EAAE,uCAAuC;SACpD,CAAC,CAAC;IACL,CAAC;SAAM,CAAC;QACN,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QAEhD,0BAA0B;QAC1B,IAAI,YAAY,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE,CAAC;YACxD,MAAM,CAAC,IAAI,CAAC;gBACV,KAAK,EAAE,OAAO;gBACd,IAAI,EAAE,SAAS;gBACf,OAAO,EAAE,WAAW,YAAY,8BAA8B;gBAC9D,OAAO,EAAE,EAAE,gBAAgB,EAAE,WAAW,EAAE;aAC3C,CAAC,CAAC;QACL,CAAC;QAED,uBAAuB;QACvB,KAAK,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC;YAC5D,IAAI,YAAY,IAAI,IAAI,KAAK,YAAY;gBAAE,SAAS;YAEpD,MAAM,UAAU,GAAG,WAAW,IAAI,EAAE,CAAC;YACrC,MAAM,YAAY,GAAG,oBAAoB,CAAC,IAAI,EAAE,MAAM,EAAE,UAAU,CAAC,CAAC;YACpE,MAAM,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC;YACpC,iBAAiB,IAAI,YAAY,CAAC,iBAAiB,CAAC;YAEpD,IAAI,YAAY,CAAC,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC1C,oBAAoB,GAAG,IAAI,CAAC;gBAC5B,YAAY,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;YAClE,CAAC;QACH,CAAC;IACH,CAAC;IAED,wBAAwB;IACxB,MAAM,UAAU,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,OAAO,CAAC,CAAC,MAAM,CAAC;IACpE,MAAM,YAAY,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,SAAS,CAAC,CAAC,MAAM,CAAC;IACxE,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,MAAM,CAAC,CAAC,MAAM,CAAC;IAElE,OAAO;QACL,KAAK,EAAE,UAAU,KAAK,CAAC;QACvB,MAAM;QACN,UAAU;QACV,YAAY;QACZ,SAAS;QACT,KAAK,EAAE;YACL,iBAAiB,EAAE,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC,MAAM;YAC3D,sBAAsB,EAAE,iBAAiB;YACzC,oBAAoB;YACpB,aAAa,EAAE,KAAK,CAAC,IAAI,CAAC,aAAa,CAAC;SACzC;KACF,CAAC;AACJ,CAAC;AAYD,SAAS,oBAAoB,CAC3B,IAAY,EACZ,MAAoB,EACpB,QAAgB;IAEhB,MAAM,MAAM,GAAsB,EAAE,CAAC;IACrC,MAAM,aAAa,GAAa,EAAE,CAAC;IACnC,IAAI,iBAAiB,GAAG,CAAC,CAAC;IAE1B,mBAAmB;IACnB,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;QACpB,MAAM,CAAC,IAAI,CAAC;YACV,KAAK,EAAE,OAAO;YACd,IAAI,EAAE,QAAQ;YACd,OAAO,EAAE,WAAW,IAAI,0BAA0B;YAClD,UAAU,EAAE,kDAAkD;SAC/D,CAAC,CAAC;IACL,CAAC;IAED,gBAAgB;IAChB,IAAI,MAAM,CAAC,IAAI,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;QAC/C,MAAM,CAAC,IAAI,CAAC;YACV,KAAK,EAAE,OAAO;YACd,IAAI,EAAE,GAAG,QAAQ,OAAO;YACxB,OAAO,EAAE,kCAAkC;YAC3C,UAAU,EAAE,4DAA4D;SACzE,CAAC,CAAC;IACL,CAAC;IAED,kCAAkC;IAClC,IAAI,MAAM,CAAC,GAAG,EAAE,CAAC;QACf,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;YACtD,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;gBACtD,MAAM,QAAQ,GAAG,KAAK,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC;gBAC5C,IAAI,QAAQ,IAAI,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC;oBAC5B,MAAM,MAAM,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;oBAC3B,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;wBACzB,MAAM,CAAC,IAAI,CAAC;4BACV,KAAK,EAAE,SAAS;4BAChB,IAAI,EAAE,GAAG,QAAQ,QAAQ,GAAG,EAAE;4BAC9B,OAAO,EAAE,wBAAwB,MAAM,aAAa;4BACpD,UAAU,EAAE,OAAO,MAAM,mCAAmC;yBAC7D,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,2BAA2B;IAC3B,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;QACpB,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YAC9E,MAAM,CAAC,IAAI,CAAC;gBACV,KAAK,EAAE,OAAO;gBACd,IAAI,EAAE,GAAG,QAAQ,kBAAkB;gBACnC,OAAO,EAAE,2BAA2B,MAAM,CAAC,QAAQ,CAAC,MAAM,EAAE;gBAC5D,UAAU,EAAE,eAAe,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;aACtD,CAAC,CAAC;QACL,CAAC;QAED,IAAI,MAAM,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC;YAC7B,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;gBACpD,MAAM,CAAC,IAAI,CAAC;oBACV,KAAK,EAAE,OAAO;oBACd,IAAI,EAAE,GAAG,QAAQ,oBAAoB;oBACrC,OAAO,EAAE,qBAAqB,MAAM,CAAC,QAAQ,CAAC,QAAQ,EAAE;oBACxD,UAAU,EAAE,eAAe,gBAAgB,CAAC,IAAI,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;iBAChE,CAAC,CAAC;YACL,CAAC;iBAAM,CAAC;gBACN,aAAa,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;YAC/C,CAAC;QACH,CAAC;IACH,CAAC;IAED,yBAAyB;IACzB,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;QACjB,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAC3C,iBAAiB,GAAG,QAAQ,CAAC,MAAM,CAAC;QAEpC,8BAA8B;QAC9B,MAAM,WAAW,GAAG,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;QAC3C,IAAI,CAAC,WAAW,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,MAAM,EAAE,CAAC;YAC7C,MAAM,CAAC,IAAI,CAAC;gBACV,KAAK,EAAE,MAAM;gBACb,IAAI,EAAE,GAAG,QAAQ,QAAQ;gBACzB,OAAO,EAAE,4DAA4D;gBACrE,UAAU,EAAE,4DAA4D;aACzE,CAAC,CAAC;QACL,CAAC;QAED,4BAA4B;QAC5B,KAAK,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;YAC7D,MAAM,UAAU,GAAG,GAAG,QAAQ,UAAU,OAAO,EAAE,CAAC;YAClD,MAAM,YAAY,GAAG,kBAAkB,CAAC,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,IAAI,CAAC,CAAC;YAC3E,MAAM,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC;YAEpC,IAAI,YAAY,CAAC,YAAY,EAAE,CAAC;gBAC9B,aAAa,CAAC,IAAI,CAAC,YAAY,CAAC,YAAY,CAAC,CAAC;YAChD,CAAC;QACH,CAAC;QAED,6CAA6C;QAC7C,wBAAwB,CAAC,QAAQ,EAAE,MAAM,EAAE,GAAG,QAAQ,QAAQ,CAAC,CAAC;IAClE,CAAC;SAAM,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,MAAM,EAAE,CAAC;QACpC,MAAM,CAAC,IAAI,CAAC;YACV,KAAK,EAAE,SAAS;YAChB,IAAI,EAAE,QAAQ;YACd,OAAO,EAAE,WAAW,IAAI,wCAAwC;YAChE,UAAU,EAAE,0CAA0C;SACvD,CAAC,CAAC;IACL,CAAC;IAED,OAAO,EAAE,MAAM,EAAE,iBAAiB,EAAE,aAAa,EAAE,CAAC;AACtD,CAAC;AAWD,SAAS,kBAAkB,CACzB,OAAe,EACf,MAAiC,EACjC,QAAgB,EAChB,UAAkB;IAElB,MAAM,MAAM,GAAsB,EAAE,CAAC;IACrC,IAAI,YAAgC,CAAC;IAErC,mBAAmB;IACnB,MAAM,gBAAgB,GAAG,OAAO,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC;IAElF,kBAAkB;IAClB,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,gBAAgB,CAAC,MAAM,CAAC,EAAE,CAAC;QACrD,MAAM,CAAC,IAAI,CAAC;YACV,KAAK,EAAE,OAAO;YACd,IAAI,EAAE,QAAQ;YACd,OAAO,EAAE,mBAAmB,gBAAgB,CAAC,MAAM,EAAE;YACrD,UAAU,EAAE,eAAe,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;SACtD,CAAC,CAAC;IACL,CAAC;IAED,sCAAsC;IACtC,IAAI,gBAAgB,CAAC,MAAM,KAAK,OAAO,EAAE,CAAC;QACxC,IAAI,gBAAgB,CAAC,QAAQ,EAAE,CAAC;YAC9B,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,gBAAgB,CAAC,QAAQ,CAAC,EAAE,CAAC;gBACrD,MAAM,CAAC,IAAI,CAAC;oBACV,KAAK,EAAE,OAAO;oBACd,IAAI,EAAE,GAAG,QAAQ,WAAW;oBAC5B,OAAO,EAAE,qBAAqB,gBAAgB,CAAC,QAAQ,EAAE;oBACzD,UAAU,EAAE,eAAe,gBAAgB,CAAC,IAAI,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;iBAChE,CAAC,CAAC;YACL,CAAC;iBAAM,CAAC;gBACN,YAAY,GAAG,gBAAgB,CAAC,QAAQ,CAAC;YAC3C,CAAC;QACH,CAAC;aAAM,CAAC;YACN,qCAAqC;YACrC,MAAM,QAAQ,GAAG,CAAC,UAAU,EAAE,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,UAAU,EAAE,MAAM,CAAC,CAAC,IAAI,CACxH,CAAC,OAAO,EAAE,EAAE,CAAC,UAAU,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,OAAO,CAAC,CACxD,CAAC;YAEF,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACd,MAAM,CAAC,IAAI,CAAC;oBACV,KAAK,EAAE,SAAS;oBAChB,IAAI,EAAE,QAAQ;oBACd,OAAO,EAAE,oEAAoE;oBAC7E,UAAU,EAAE,2CAA2C;iBACxD,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,yBAAyB;QACzB,IAAI,gBAAgB,CAAC,KAAK,EAAE,CAAC;YAC3B,KAAK,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,gBAAgB,CAAC,KAAK,CAAC,EAAE,CAAC;gBACpE,IAAI,CAAC,iBAAiB,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;oBACtC,MAAM,CAAC,IAAI,CAAC;wBACV,KAAK,EAAE,OAAO;wBACd,IAAI,EAAE,GAAG,QAAQ,UAAU,IAAI,EAAE;wBACjC,OAAO,EAAE,uBAAuB,IAAI,EAAE;wBACtC,UAAU,EAAE,eAAe,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;qBAC1D,CAAC,CAAC;gBACL,CAAC;gBACD,IAAI,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,MAAgB,CAAC,EAAE,CAAC;oBAC5D,MAAM,CAAC,IAAI,CAAC;wBACV,KAAK,EAAE,OAAO;wBACd,IAAI,EAAE,GAAG,QAAQ,UAAU,IAAI,EAAE;wBACjC,OAAO,EAAE,oCAAoC,MAAM,EAAE;wBACrD,UAAU,EAAE,iCAAiC;qBAC9C,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,iCAAiC;IACjC,IAAI,gBAAgB,CAAC,OAAO,EAAE,CAAC;QAC7B,IAAI,gBAAgB,CAAC,OAAO,CAAC,KAAK,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,gBAAgB,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;YAC7F,MAAM,CAAC,IAAI,CAAC;gBACV,KAAK,EAAE,OAAO;gBACd,IAAI,EAAE,GAAG,QAAQ,gBAAgB;gBACjC,OAAO,EAAE,0BAA0B,gBAAgB,CAAC,OAAO,CAAC,KAAK,EAAE;gBACnE,UAAU,EAAE,eAAe,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;aACrD,CAAC,CAAC;QACL,CAAC;QAED,IAAI,gBAAgB,CAAC,OAAO,CAAC,GAAG,KAAK,SAAS,EAAE,CAAC;YAC/C,IAAI,OAAO,gBAAgB,CAAC,OAAO,CAAC,GAAG,KAAK,QAAQ,IAAI,gBAAgB,CAAC,OAAO,CAAC,GAAG,GAAG,CAAC,EAAE,CAAC;gBACzF,MAAM,CAAC,IAAI,CAAC;oBACV,KAAK,EAAE,OAAO;oBACd,IAAI,EAAE,GAAG,QAAQ,cAAc;oBAC/B,OAAO,EAAE,yCAAyC;iBACnD,CAAC,CAAC;YACL,CAAC;iBAAM,IAAI,gBAAgB,CAAC,OAAO,CAAC,GAAG,GAAG,KAAK,EAAE,CAAC;gBAChD,MAAM,CAAC,IAAI,CAAC;oBACV,KAAK,EAAE,SAAS;oBAChB,IAAI,EAAE,GAAG,QAAQ,cAAc;oBAC/B,OAAO,EAAE,mDAAmD;oBAC5D,UAAU,EAAE,2CAA2C;iBACxD,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,+BAA+B;IAC/B,IAAI,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QAC1B,IAAI,CAAC;YACH,kCAAkC;YAClC,SAAS,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QAC7B,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,CAAC,IAAI,CAAC;gBACV,KAAK,EAAE,OAAO;gBACd,IAAI,EAAE,QAAQ;gBACd,OAAO,EAAE,yBAAyB,OAAO,EAAE;gBAC3C,UAAU,EAAE,2BAA2B;aACxC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,EAAE,MAAM,EAAE,YAAY,EAAE,CAAC;AAClC,CAAC;AAED,gFAAgF;AAChF,mBAAmB;AACnB,gFAAgF;AAEhF;;GAEG;AACH,SAAS,wBAAwB,CAC/B,QAAkB,EAClB,MAAyB,EACzB,QAAgB;IAEhB,uFAAuF;IACvF,MAAM,cAAc,GAAG,CAAC,GAAG,QAAQ,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;QACjD,IAAI,CAAC,KAAK,GAAG;YAAE,OAAO,CAAC,CAAC;QACxB,IAAI,CAAC,KAAK,GAAG;YAAE,OAAO,CAAC,CAAC,CAAC;QACzB,IAAI,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC;YAAE,OAAO,CAAC,CAAC;QAClD,IAAI,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC;YAAE,OAAO,CAAC,CAAC,CAAC;QACnD,OAAO,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,MAAM,CAAC;IAC7B,CAAC,CAAC,CAAC;IAEH,iEAAiE;IACjE,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,cAAc,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAC/C,MAAM,OAAO,GAAG,cAAc,CAAC,CAAC,CAAC,CAAC;QAClC,IAAI,CAAC,OAAO,IAAI,OAAO,KAAK,GAAG;YAAE,SAAS;QAE1C,KAAK,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,cAAc,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACnD,MAAM,OAAO,GAAG,cAAc,CAAC,CAAC,CAAC,CAAC;YAClC,IAAI,CAAC,OAAO,IAAI,OAAO,KAAK,GAAG;gBAAE,SAAS;YAE1C,sEAAsE;YACtE,IAAI,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;gBACpD,IAAI,SAAS,CAAC,OAAO,EAAE,OAAO,CAAC,EAAE,CAAC;oBAChC,MAAM,CAAC,IAAI,CAAC;wBACV,KAAK,EAAE,MAAM;wBACb,IAAI,EAAE,GAAG,QAAQ,IAAI,OAAO,EAAE;wBAC9B,OAAO,EAAE,YAAY,OAAO,uBAAuB,OAAO,qCAAqC;qBAChG,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC;AAED,gFAAgF;AAChF,oBAAoB;AACpB,gFAAgF;AAEhF;;GAEG;AACH,MAAM,UAAU,sBAAsB,CAAC,MAAyB;IAC9D,MAAM,KAAK,GAAa,EAAE,CAAC;IAE3B,MAAM,OAAO,GAAG;QACd,KAAK,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,OAAO,CAAC;QAChD,OAAO,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,SAAS,CAAC;QACpD,IAAI,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,MAAM,CAAC;KAC/C,CAAC;IAEF,KAAK,MAAM,CAAC,KAAK,EAAE,WAAW,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QAC3D,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC;YAAE,SAAS;QAEvC,MAAM,IAAI,GAAG,KAAK,KAAK,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,KAAK,SAAS,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;QAEvE,KAAK,MAAM,KAAK,IAAI,WAAW,EAAE,CAAC;YAChC,KAAK,CAAC,IAAI,CAAC,KAAK,IAAI,KAAK,KAAK,CAAC,IAAI,KAAK,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;YACzD,IAAI,KAAK,CAAC,UAAU,EAAE,CAAC;gBACrB,KAAK,CAAC,IAAI,CAAC,SAAS,KAAK,CAAC,UAAU,EAAE,CAAC,CAAC;YAC1C,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC"}

package/dist/proxy/bridge.d.ts

@@ -0,0 +1,84 @@
+/**
+ * Tollgate Bridge
+ *
+ * Orchestrates the proxy components: policy engine, session manager,
+ * audit logger, approval handler, and upstream client.
+ *
+ * Resilience features:
+ * - Graceful shutdown with configurable timeout
+ * - Force exit after graceful shutdown timeout
+ * - Health status monitoring
+ */
+import type { TollgateConfig, FailureMode } from '../policy/types.js';
+export interface BridgeOptions {
+    config: TollgateConfig;
+    serverName: string;
+    auditPath?: string;
+    approvalTimeout?: number;
+    /** Disable session-based approvals */
+    disableSessions?: boolean;
+    /**
+     * Enable dry-run mode.
+     * In dry-run mode:
+     * - Policies are fully evaluated
+     * - Prompts are shown (if policy requires)
+     * - Audit logs are written
+     * - BUT tool calls are NOT forwarded to the upstream server
+     */
+    dryRun?: boolean;
+    /**
+     * Override failure mode from config.
+     * - 'fail-closed': Deny all requests when upstream is down (default)
+     * - 'fail-open': Allow all requests when upstream is down
+     * - 'fail-readonly': Only allow read operations when upstream is down
+     */
+    failureMode?: FailureMode;
+}
+export declare class TollgateBridge {
+    private server;
+    private options;
+    private resilience;
+    private isShuttingDown;
+    private forceExitTimeout;
+    constructor(options: BridgeOptions);
+    start(): Promise<void>;
+    /**
+     * Stop the bridge and all components.
+     * Waits for in-flight requests to complete before closing.
+     */
+    stop(): Promise<void>;
+    /**
+     * Handle upstream health status changes.
+     */
+    private handleHealthChange;
+    /**
+     * Creates the appropriate approval handler based on configuration.
+     */
+    private createApprovalHandler;
+    /**
+     * Creates the appropriate session store based on configuration.
+     */
+    private createSessionStore;
+}
+export interface WrapOptions {
+    command: string;
+    args: string[];
+    env?: Record<string, string>;
+    defaultAction?: 'allow' | 'deny' | 'prompt';
+    auditPath?: string;
+    approvalTimeout?: number;
+    /** Approval method: terminal or interactive */
+    approvalMethod?: 'terminal' | 'interactive';
+    /** Port for interactive approval UI */
+    approvalPort?: number;
+    /** Enable persistent session storage */
+    persistSessions?: boolean;
+    /** Path for persistent session database */
+    sessionPath?: string;
+    /** Enable dry-run mode */
+    dryRun?: boolean;
+    /** Failure mode when upstream is unavailable */
+    failureMode?: FailureMode;
+}
+export declare function startWrapMode(options: WrapOptions): Promise<void>;
+//# sourceMappingURL=bridge.d.ts.map

package/dist/proxy/bridge.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"bridge.d.ts","sourceRoot":"","sources":["../../src/proxy/bridge.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAIH,OAAO,KAAK,EAAE,cAAc,EAAE,WAAW,EAAoB,MAAM,oBAAoB,CAAC;AAgBxF,MAAM,WAAW,aAAa;IAC5B,MAAM,EAAE,cAAc,CAAC;IACvB,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,sCAAsC;IACtC,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B;;;;;;;OAOG;IACH,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB;;;;;OAKG;IACH,WAAW,CAAC,EAAE,WAAW,CAAC;CAC3B;AAED,qBAAa,cAAc;IACzB,OAAO,CAAC,MAAM,CAA+B;IAC7C,OAAO,CAAC,OAAO,CAAgB;IAC/B,OAAO,CAAC,UAAU,CAA6B;IAC/C,OAAO,CAAC,cAAc,CAAS;IAC/B,OAAO,CAAC,gBAAgB,CAA+B;gBAE3C,OAAO,EAAE,aAAa;IAqB5B,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAoF5B;;;OAGG;IACG,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;IAO3B;;OAEG;IACH,OAAO,CAAC,kBAAkB;IAW1B;;OAEG;IACH,OAAO,CAAC,qBAAqB;IAsB7B;;OAEG;IACH,OAAO,CAAC,kBAAkB;CAe3B;AAED,MAAM,WAAW,WAAW;IAC1B,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,EAAE,CAAC;IACf,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC7B,aAAa,CAAC,EAAE,OAAO,GAAG,MAAM,GAAG,QAAQ,CAAC;IAC5C,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,+CAA+C;IAC/C,cAAc,CAAC,EAAE,UAAU,GAAG,aAAa,CAAC;IAC5C,uCAAuC;IACvC,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,wCAAwC;IACxC,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,2CAA2C;IAC3C,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,0BAA0B;IAC1B,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,gDAAgD;IAChD,WAAW,CAAC,EAAE,WAAW,CAAC;CAC3B;AAED,wBAAsB,aAAa,CAAC,OAAO,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC,CAmCvE"}