@dotsetlabs/tollgate 0.1.0

package/dist/session/sqlite-store.js

@@ -0,0 +1,209 @@
+/**
+ * SQLite-backed Session Store for Tollgate
+ *
+ * Provides persistent session storage that survives process restarts.
+ * Uses the same database as the audit logger for consistency.
+ *
+ * @example
+ * ```typescript
+ * import { SqliteSessionStore } from './sqlite-store.js';
+ * import { SessionManager } from './manager.js';
+ *
+ * const store = new SqliteSessionStore('./data/sessions.db');
+ * const manager = new SessionManager(store);
+ *
+ * // Sessions now persist across restarts
+ * ```
+ */
+import Database from 'better-sqlite3';
+import { existsSync, mkdirSync } from 'node:fs';
+import { dirname } from 'node:path';
+import { sessionLogger as logger } from '../utils/logger.js';
+// =============================================================================
+// Schema
+// =============================================================================
+const SESSION_SCHEMA = `
+  CREATE TABLE IF NOT EXISTS session_grants (
+    id TEXT PRIMARY KEY,
+    created_at TEXT NOT NULL,
+    expires_at TEXT,
+    server TEXT NOT NULL,
+    scope TEXT NOT NULL,
+    scope_value TEXT,
+    tool TEXT,
+    granted_by TEXT NOT NULL,
+    usage_count INTEGER DEFAULT 0,
+    original_request_id TEXT
+  );
+
+  CREATE INDEX IF NOT EXISTS idx_session_grants_server ON session_grants(server);
+  CREATE INDEX IF NOT EXISTS idx_session_grants_expires ON session_grants(expires_at);
+`;
+// =============================================================================
+// SQLite Session Store
+// =============================================================================
+/**
+ * SQLite-backed session store for persistent session grants.
+ *
+ * Features:
+ * - Sessions survive process restarts
+ * - Automatic cleanup of expired grants
+ * - Thread-safe via SQLite's locking
+ */
+export class SqliteSessionStore {
+    db;
+    insertStmt;
+    getStmt;
+    deleteStmt;
+    updateUsageStmt;
+    constructor(dbPath) {
+        // Ensure directory exists
+        const dir = dirname(dbPath);
+        if (!existsSync(dir)) {
+            mkdirSync(dir, { recursive: true });
+        }
+        this.db = new Database(dbPath);
+        this.db.pragma('journal_mode = WAL');
+        // Initialize schema
+        this.db.exec(SESSION_SCHEMA);
+        // Prepare statements
+        this.insertStmt = this.db.prepare(`
+      INSERT OR REPLACE INTO session_grants
+        (id, created_at, expires_at, server, scope, scope_value, tool, granted_by, usage_count, original_request_id)
+      VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
+    `);
+        this.getStmt = this.db.prepare(`
+      SELECT * FROM session_grants WHERE id = ?
+    `);
+        this.deleteStmt = this.db.prepare(`
+      DELETE FROM session_grants WHERE id = ?
+    `);
+        this.updateUsageStmt = this.db.prepare(`
+      UPDATE session_grants SET usage_count = usage_count + 1 WHERE id = ?
+    `);
+    }
+    // ---------------------------------------------------------------------------
+    // SessionStore Interface
+    // ---------------------------------------------------------------------------
+    set(grant) {
+        this.insertStmt.run(grant.id, grant.createdAt.toISOString(), grant.expiresAt?.toISOString() ?? null, grant.server, grant.scope, grant.scopeValue ?? null, grant.tool ?? null, grant.grantedBy, grant.usageCount, grant.originalRequestId ?? null);
+    }
+    get(id) {
+        try {
+            const row = this.getStmt.get(id);
+            if (!row)
+                return undefined;
+            return this.rowToGrant(row);
+        }
+        catch (error) {
+            logger.error('Error getting grant', {
+                grantId: id,
+                error: error instanceof Error ? error.message : String(error),
+            });
+            return undefined;
+        }
+    }
+    findMatching(context) {
+        try {
+            const now = new Date().toISOString();
+            // Find all non-expired grants for this server
+            const stmt = this.db.prepare(`
+        SELECT * FROM session_grants
+        WHERE server = ?
+          AND (expires_at IS NULL OR expires_at > ?)
+      `);
+            const rows = stmt.all(context.server, now);
+            return rows.map((row) => this.rowToGrant(row));
+        }
+        catch (error) {
+            logger.error('Error finding matching grants', {
+                server: context.server,
+                error: error instanceof Error ? error.message : String(error),
+            });
+            return [];
+        }
+    }
+    delete(id) {
+        const result = this.deleteStmt.run(id);
+        return result.changes > 0;
+    }
+    pruneExpired() {
+        const now = new Date().toISOString();
+        const stmt = this.db.prepare(`
+      DELETE FROM session_grants
+      WHERE expires_at IS NOT NULL AND expires_at <= ?
+    `);
+        const result = stmt.run(now);
+        return result.changes;
+    }
+    getAll() {
+        const stmt = this.db.prepare(`SELECT * FROM session_grants`);
+        const rows = stmt.all();
+        return rows.map((row) => this.rowToGrant(row));
+    }
+    clear() {
+        this.db.exec(`DELETE FROM session_grants`);
+    }
+    getStats() {
+        const now = new Date().toISOString();
+        const fiveMinutesFromNow = new Date(Date.now() + 5 * 60 * 1000).toISOString();
+        const statsStmt = this.db.prepare(`
+      SELECT
+        COUNT(*) as total,
+        SUM(CASE WHEN scope = 'exact' THEN 1 ELSE 0 END) as exact_count,
+        SUM(CASE WHEN scope = 'tool' THEN 1 ELSE 0 END) as tool_count,
+        SUM(CASE WHEN scope = 'server' THEN 1 ELSE 0 END) as server_count,
+        SUM(CASE WHEN scope = 'pattern' THEN 1 ELSE 0 END) as pattern_count,
+        COALESCE(SUM(usage_count), 0) as total_usage,
+        SUM(CASE WHEN expires_at IS NOT NULL AND expires_at <= ? THEN 1 ELSE 0 END) as expiring_soon
+      FROM session_grants
+      WHERE expires_at IS NULL OR expires_at > ?
+    `);
+        const result = statsStmt.get(fiveMinutesFromNow, now);
+        return {
+            activeGrants: result.total,
+            grantsByScope: {
+                exact: result.exact_count,
+                tool: result.tool_count,
+                server: result.server_count,
+                pattern: result.pattern_count,
+            },
+            totalUsage: result.total_usage,
+            expiringSoon: result.expiring_soon,
+        };
+    }
+    // ---------------------------------------------------------------------------
+    // Additional Methods
+    // ---------------------------------------------------------------------------
+    /**
+     * Increment usage count for a grant.
+     * Called when a grant is used to authorize a tool call.
+     */
+    incrementUsage(id) {
+        this.updateUsageStmt.run(id);
+    }
+    /**
+     * Close the database connection.
+     */
+    close() {
+        this.db.close();
+    }
+    // ---------------------------------------------------------------------------
+    // Private Helpers
+    // ---------------------------------------------------------------------------
+    rowToGrant(row) {
+        return {
+            id: row.id,
+            createdAt: new Date(row.created_at),
+            expiresAt: row.expires_at ? new Date(row.expires_at) : null,
+            server: row.server,
+            scope: row.scope,
+            scopeValue: row.scope_value ?? undefined,
+            tool: row.tool ?? undefined,
+            grantedBy: row.granted_by,
+            usageCount: row.usage_count,
+            originalRequestId: row.original_request_id ?? undefined,
+        };
+    }
+}
+//# sourceMappingURL=sqlite-store.js.map

package/dist/session/sqlite-store.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sqlite-store.js","sourceRoot":"","sources":["../../src/session/sqlite-store.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH,OAAO,QAAQ,MAAM,gBAAgB,CAAC;AACtC,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,SAAS,CAAC;AAChD,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAGpC,OAAO,EAAE,aAAa,IAAI,MAAM,EAAE,MAAM,oBAAoB,CAAC;AAE7D,gFAAgF;AAChF,SAAS;AACT,gFAAgF;AAEhF,MAAM,cAAc,GAAG;;;;;;;;;;;;;;;;CAgBtB,CAAC;AAEF,gFAAgF;AAChF,uBAAuB;AACvB,gFAAgF;AAEhF;;;;;;;GAOG;AACH,MAAM,OAAO,kBAAkB;IACrB,EAAE,CAAoB;IACtB,UAAU,CAAqB;IAC/B,OAAO,CAAqB;IAC5B,UAAU,CAAqB;IAC/B,eAAe,CAAqB;IAE5C,YAAY,MAAc;QACxB,0BAA0B;QAC1B,MAAM,GAAG,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;QAC5B,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YACrB,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QACtC,CAAC;QAED,IAAI,CAAC,EAAE,GAAG,IAAI,QAAQ,CAAC,MAAM,CAAC,CAAC;QAC/B,IAAI,CAAC,EAAE,CAAC,MAAM,CAAC,oBAAoB,CAAC,CAAC;QAErC,oBAAoB;QACpB,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;QAE7B,qBAAqB;QACrB,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC;;;;KAIjC,CAAC,CAAC;QAEH,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC;;KAE9B,CAAC,CAAC;QAEH,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC;;KAEjC,CAAC,CAAC;QAEH,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC;;KAEtC,CAAC,CAAC;IACL,CAAC;IAED,8EAA8E;IAC9E,yBAAyB;IACzB,8EAA8E;IAE9E,GAAG,CAAC,KAAmB;QACrB,IAAI,CAAC,UAAU,CAAC,GAAG,CACjB,KAAK,CAAC,EAAE,EACR,KAAK,CAAC,SAAS,CAAC,WAAW,EAAE,EAC7B,KAAK,CAAC,SAAS,EAAE,WAAW,EAAE,IAAI,IAAI,EACtC,KAAK,CAAC,MAAM,EACZ,KAAK,CAAC,KAAK,EACX,KAAK,CAAC,UAAU,IAAI,IAAI,EACxB,KAAK,CAAC,IAAI,IAAI,IAAI,EAClB,KAAK,CAAC,SAAS,EACf,KAAK,CAAC,UAAU,EAChB,KAAK,CAAC,iBAAiB,IAAI,IAAI,CAChC,CAAC;IACJ,CAAC;IAED,GAAG,CAAC,EAAU;QACZ,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAgC,CAAC;YAChE,IAAI,CAAC,GAAG;gBAAE,OAAO,SAAS,CAAC;YAC3B,OAAO,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;QAC9B,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,qBAAqB,EAAE;gBAClC,OAAO,EAAE,EAAE;gBACX,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;aAC9D,CAAC,CAAC;YACH,OAAO,SAAS,CAAC;QACnB,CAAC;IACH,CAAC;IAED,YAAY,CAAC,OAAwB;QACnC,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;YAErC,8CAA8C;YAC9C,MAAM,IAAI,GAAG,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC;;;;OAI5B,CAAC,CAAC;YAEH,MAAM,IAAI,GAAG,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG,CAAsB,CAAC;YAChE,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC;QACjD,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,+BAA+B,EAAE;gBAC5C,MAAM,EAAE,OAAO,CAAC,MAAM;gBACtB,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;aAC9D,CAAC,CAAC;YACH,OAAO,EAAE,CAAC;QACZ,CAAC;IACH,CAAC;IAED,MAAM,CAAC,EAAU;QACf,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QACvC,OAAO,MAAM,CAAC,OAAO,GAAG,CAAC,CAAC;IAC5B,CAAC;IAED,YAAY;QACV,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACrC,MAAM,IAAI,GAAG,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC;;;KAG5B,CAAC,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAC7B,OAAO,MAAM,CAAC,OAAO,CAAC;IACxB,CAAC;IAED,MAAM;QACJ,MAAM,IAAI,GAAG,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC,8BAA8B,CAAC,CAAC;QAC7D,MAAM,IAAI,GAAG,IAAI,CAAC,GAAG,EAAuB,CAAC;QAC7C,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC;IACjD,CAAC;IAED,KAAK;QACH,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,4BAA4B,CAAC,CAAC;IAC7C,CAAC;IAED,QAAQ;QACN,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACrC,MAAM,kBAAkB,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;QAE9E,MAAM,SAAS,GAAG,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC;;;;;;;;;;;KAWjC,CAAC,CAAC;QAEH,MAAM,MAAM,GAAG,SAAS,CAAC,GAAG,CAAC,kBAAkB,EAAE,GAAG,CAQnD,CAAC;QAEF,OAAO;YACL,YAAY,EAAE,MAAM,CAAC,KAAK;YAC1B,aAAa,EAAE;gBACb,KAAK,EAAE,MAAM,CAAC,WAAW;gBACzB,IAAI,EAAE,MAAM,CAAC,UAAU;gBACvB,MAAM,EAAE,MAAM,CAAC,YAAY;gBAC3B,OAAO,EAAE,MAAM,CAAC,aAAa;aAC9B;YACD,UAAU,EAAE,MAAM,CAAC,WAAW;YAC9B,YAAY,EAAE,MAAM,CAAC,aAAa;SACnC,CAAC;IACJ,CAAC;IAED,8EAA8E;IAC9E,qBAAqB;IACrB,8EAA8E;IAE9E;;;OAGG;IACH,cAAc,CAAC,EAAU;QACvB,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAC/B,CAAC;IAED;;OAEG;IACH,KAAK;QACH,IAAI,CAAC,EAAE,CAAC,KAAK,EAAE,CAAC;IAClB,CAAC;IAED,8EAA8E;IAC9E,kBAAkB;IAClB,8EAA8E;IAEtE,UAAU,CAAC,GAAoB;QACrC,OAAO;YACL,EAAE,EAAE,GAAG,CAAC,EAAE;YACV,SAAS,EAAE,IAAI,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC;YACnC,SAAS,EAAE,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,IAAI;YAC3D,MAAM,EAAE,GAAG,CAAC,MAAM;YAClB,KAAK,EAAE,GAAG,CAAC,KAAqB;YAChC,UAAU,EAAE,GAAG,CAAC,WAAW,IAAI,SAAS;YACxC,IAAI,EAAE,GAAG,CAAC,IAAI,IAAI,SAAS;YAC3B,SAAS,EAAE,GAAG,CAAC,UAA4C;YAC3D,UAAU,EAAE,GAAG,CAAC,WAAW;YAC3B,iBAAiB,EAAE,GAAG,CAAC,mBAAmB,IAAI,SAAS;SACxD,CAAC;IACJ,CAAC;CACF"}

package/dist/session/types.d.ts

@@ -0,0 +1,179 @@
+/**
+ * Session-based approval types for Tollgate
+ *
+ * Sessions allow users to grant time-bounded approval for tool calls,
+ * reducing approval fatigue while maintaining security through:
+ * - Time-limited grants (TTL)
+ * - Scoped permissions (exact, tool, server, pattern)
+ * - Full audit trail
+ */
+import type { ToolCallContext } from '../policy/types.js';
+/**
+ * Scope determines what future tool calls a session grant covers.
+ *
+ * @example
+ * // 'exact' - Only this exact tool with these exact arguments
+ * // User approves: postgres:query with args { sql: "SELECT * FROM users" }
+ * // Matches: postgres:query with args { sql: "SELECT * FROM users" }
+ * // Does NOT match: postgres:query with args { sql: "SELECT * FROM orders" }
+ *
+ * @example
+ * // 'tool' - Any call to this tool on this server
+ * // User approves: postgres:query
+ * // Matches: postgres:query with ANY args
+ *
+ * @example
+ * // 'server' - Any tool call on this server
+ * // User approves: postgres
+ * // Matches: postgres:query, postgres:execute, postgres:list_tables, etc.
+ *
+ * @example
+ * // 'pattern' - Tools matching a glob pattern on this server
+ * // User approves: postgres with pattern "read_*"
+ * // Matches: postgres:read_file, postgres:read_config
+ * // Does NOT match: postgres:write_file
+ */
+export type SessionScope = 'exact' | 'tool' | 'server' | 'pattern';
+/**
+ * Predefined session durations for terminal UI.
+ * Users can select these via keyboard shortcuts.
+ */
+export type SessionDuration = 'once' | '5min' | '15min' | '30min' | 'session';
+/**
+ * Converts a SessionDuration to TTL in seconds.
+ * 'session' returns -1 to indicate "until restart".
+ */
+export declare function durationToTtlSeconds(duration: SessionDuration): number;
+/**
+ * A session grant represents a time-bounded approval for future tool calls.
+ *
+ * When a user approves a tool call, they can optionally grant a session
+ * that allows similar future calls without re-prompting.
+ */
+export interface SessionGrant {
+    /** Unique identifier for this grant */
+    readonly id: string;
+    /** When the grant was created */
+    readonly createdAt: Date;
+    /** When the grant expires (null = session lifetime) */
+    readonly expiresAt: Date | null;
+    /** Server this grant applies to */
+    readonly server: string;
+    /** Scope of the grant */
+    readonly scope: SessionScope;
+    /**
+     * Scope-specific value:
+     * - 'exact': JSON-stringified args
+     * - 'tool': tool name
+     * - 'server': undefined
+     * - 'pattern': glob pattern
+     */
+    readonly scopeValue?: string;
+    /** Tool name (for 'exact' and 'tool' scopes) */
+    readonly tool?: string;
+    /** How this grant was created */
+    readonly grantedBy: 'terminal' | 'webhook' | 'api';
+    /** Number of times this grant has been used */
+    usageCount: number;
+    /** Original request that triggered this grant (for audit) */
+    readonly originalRequestId?: string;
+}
+/**
+ * Input for creating a new session grant.
+ */
+export interface CreateSessionGrantInput {
+    /** The tool call context that triggered approval */
+    context: ToolCallContext;
+    /** Scope of the grant */
+    scope: SessionScope;
+    /** Duration of the grant */
+    duration: SessionDuration;
+    /** How the grant was created */
+    grantedBy: 'terminal' | 'webhook' | 'api';
+    /** Pattern for 'pattern' scope */
+    pattern?: string;
+    /** ID of the original approval request (for audit linkage) */
+    originalRequestId?: string;
+}
+/**
+ * Result of checking if a session grant covers a tool call.
+ */
+export interface SessionCheckResult {
+    /** Whether a valid grant exists */
+    readonly granted: boolean;
+    /** The grant that covers this call (if granted) */
+    readonly grant?: SessionGrant;
+    /** Why the check failed (if not granted) */
+    readonly reason?: 'no_grant' | 'expired' | 'scope_mismatch';
+}
+/**
+ * Configuration for session behavior in a tool policy.
+ * Enhanced from the original SessionConfig in policy/types.ts.
+ */
+export interface SessionPolicyConfig {
+    /**
+     * Whether to offer session options when prompting.
+     * @default true
+     */
+    allowRemember?: boolean;
+    /**
+     * Default scope when user doesn't specify.
+     * @default 'tool'
+     */
+    defaultScope?: SessionScope;
+    /**
+     * Maximum TTL in seconds that can be granted.
+     * @default 1800 (30 minutes)
+     */
+    maxTtl?: number;
+    /**
+     * Allowed durations to show in terminal UI.
+     * @default ['once', '5min', '15min', 'session']
+     */
+    allowedDurations?: SessionDuration[];
+    /**
+     * Whether to persist grants to disk (survives restart).
+     * @default false
+     */
+    persist?: boolean;
+}
+/**
+ * Default session policy configuration.
+ */
+export declare const DEFAULT_SESSION_CONFIG: Required<SessionPolicyConfig>;
+/**
+ * Statistics about session usage.
+ */
+export interface SessionStats {
+    /** Total active grants */
+    activeGrants: number;
+    /** Grants by scope */
+    grantsByScope: Record<SessionScope, number>;
+    /** Total tool calls authorized via session */
+    totalUsage: number;
+    /** Grants expiring in the next 5 minutes */
+    expiringSoon: number;
+}
+/**
+ * Interface for session storage backends.
+ * Allows for in-memory or persistent storage.
+ */
+export interface SessionStore {
+    /** Store a new grant */
+    set(grant: SessionGrant): void;
+    /** Get a grant by ID */
+    get(id: string): SessionGrant | undefined;
+    /** Find grants that might match a context */
+    findMatching(context: ToolCallContext): SessionGrant[];
+    /** Remove a grant */
+    delete(id: string): boolean;
+    /** Remove all expired grants */
+    pruneExpired(): number;
+    /** Get all active grants */
+    getAll(): SessionGrant[];
+    /** Clear all grants */
+    clear(): void;
+    /** Get statistics */
+    getStats(): SessionStats;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/session/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/session/types.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AAE1D;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,MAAM,MAAM,YAAY,GAAG,OAAO,GAAG,MAAM,GAAG,QAAQ,GAAG,SAAS,CAAC;AAEnE;;;GAGG;AACH,MAAM,MAAM,eAAe,GACvB,MAAM,GACN,MAAM,GACN,OAAO,GACP,OAAO,GACP,SAAS,CAAC;AAEd;;;GAGG;AACH,wBAAgB,oBAAoB,CAAC,QAAQ,EAAE,eAAe,GAAG,MAAM,CAatE;AAED;;;;;GAKG;AACH,MAAM,WAAW,YAAY;IAC3B,uCAAuC;IACvC,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;IAEpB,iCAAiC;IACjC,QAAQ,CAAC,SAAS,EAAE,IAAI,CAAC;IAEzB,uDAAuD;IACvD,QAAQ,CAAC,SAAS,EAAE,IAAI,GAAG,IAAI,CAAC;IAEhC,mCAAmC;IACnC,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IAExB,yBAAyB;IACzB,QAAQ,CAAC,KAAK,EAAE,YAAY,CAAC;IAE7B;;;;;;OAMG;IACH,QAAQ,CAAC,UAAU,CAAC,EAAE,MAAM,CAAC;IAE7B,gDAAgD;IAChD,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IAEvB,iCAAiC;IACjC,QAAQ,CAAC,SAAS,EAAE,UAAU,GAAG,SAAS,GAAG,KAAK,CAAC;IAEnD,+CAA+C;IAC/C,UAAU,EAAE,MAAM,CAAC;IAEnB,6DAA6D;IAC7D,QAAQ,CAAC,iBAAiB,CAAC,EAAE,MAAM,CAAC;CACrC;AAED;;GAEG;AACH,MAAM,WAAW,uBAAuB;IACtC,oDAAoD;IACpD,OAAO,EAAE,eAAe,CAAC;IAEzB,yBAAyB;IACzB,KAAK,EAAE,YAAY,CAAC;IAEpB,4BAA4B;IAC5B,QAAQ,EAAE,eAAe,CAAC;IAE1B,gCAAgC;IAChC,SAAS,EAAE,UAAU,GAAG,SAAS,GAAG,KAAK,CAAC;IAE1C,kCAAkC;IAClC,OAAO,CAAC,EAAE,MAAM,CAAC;IAEjB,8DAA8D;IAC9D,iBAAiB,CAAC,EAAE,MAAM,CAAC;CAC5B;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,mCAAmC;IACnC,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC;IAE1B,mDAAmD;IACnD,QAAQ,CAAC,KAAK,CAAC,EAAE,YAAY,CAAC;IAE9B,4CAA4C;IAC5C,QAAQ,CAAC,MAAM,CAAC,EAAE,UAAU,GAAG,SAAS,GAAG,gBAAgB,CAAC;CAC7D;AAED;;;GAGG;AACH,MAAM,WAAW,mBAAmB;IAClC;;;OAGG;IACH,aAAa,CAAC,EAAE,OAAO,CAAC;IAExB;;;OAGG;IACH,YAAY,CAAC,EAAE,YAAY,CAAC;IAE5B;;;OAGG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC;IAEhB;;;OAGG;IACH,gBAAgB,CAAC,EAAE,eAAe,EAAE,CAAC;IAErC;;;OAGG;IACH,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AAED;;GAEG;AACH,eAAO,MAAM,sBAAsB,EAAE,QAAQ,CAAC,mBAAmB,CAMhE,CAAC;AAEF;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,0BAA0B;IAC1B,YAAY,EAAE,MAAM,CAAC;IAErB,sBAAsB;IACtB,aAAa,EAAE,MAAM,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;IAE5C,8CAA8C;IAC9C,UAAU,EAAE,MAAM,CAAC;IAEnB,4CAA4C;IAC5C,YAAY,EAAE,MAAM,CAAC;CACtB;AAED;;;GAGG;AACH,MAAM,WAAW,YAAY;IAC3B,wBAAwB;IACxB,GAAG,CAAC,KAAK,EAAE,YAAY,GAAG,IAAI,CAAC;IAE/B,wBAAwB;IACxB,GAAG,CAAC,EAAE,EAAE,MAAM,GAAG,YAAY,GAAG,SAAS,CAAC;IAE1C,6CAA6C;IAC7C,YAAY,CAAC,OAAO,EAAE,eAAe,GAAG,YAAY,EAAE,CAAC;IAEvD,qBAAqB;IACrB,MAAM,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC;IAE5B,gCAAgC;IAChC,YAAY,IAAI,MAAM,CAAC;IAEvB,4BAA4B;IAC5B,MAAM,IAAI,YAAY,EAAE,CAAC;IAEzB,uBAAuB;IACvB,KAAK,IAAI,IAAI,CAAC;IAEd,qBAAqB;IACrB,QAAQ,IAAI,YAAY,CAAC;CAC1B"}

package/dist/session/types.js

@@ -0,0 +1,38 @@
+/**
+ * Session-based approval types for Tollgate
+ *
+ * Sessions allow users to grant time-bounded approval for tool calls,
+ * reducing approval fatigue while maintaining security through:
+ * - Time-limited grants (TTL)
+ * - Scoped permissions (exact, tool, server, pattern)
+ * - Full audit trail
+ */
+/**
+ * Converts a SessionDuration to TTL in seconds.
+ * 'session' returns -1 to indicate "until restart".
+ */
+export function durationToTtlSeconds(duration) {
+    switch (duration) {
+        case 'once':
+            return 0;
+        case '5min':
+            return 5 * 60;
+        case '15min':
+            return 15 * 60;
+        case '30min':
+            return 30 * 60;
+        case 'session':
+            return -1; // Special value: no expiry until restart
+    }
+}
+/**
+ * Default session policy configuration.
+ */
+export const DEFAULT_SESSION_CONFIG = {
+    allowRemember: true,
+    defaultScope: 'tool',
+    maxTtl: 30 * 60, // 30 minutes
+    allowedDurations: ['once', '5min', '15min', 'session'],
+    persist: false,
+};
+//# sourceMappingURL=types.js.map

package/dist/session/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/session/types.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AA0CH;;;GAGG;AACH,MAAM,UAAU,oBAAoB,CAAC,QAAyB;IAC5D,QAAQ,QAAQ,EAAE,CAAC;QACjB,KAAK,MAAM;YACT,OAAO,CAAC,CAAC;QACX,KAAK,MAAM;YACT,OAAO,CAAC,GAAG,EAAE,CAAC;QAChB,KAAK,OAAO;YACV,OAAO,EAAE,GAAG,EAAE,CAAC;QACjB,KAAK,OAAO;YACV,OAAO,EAAE,GAAG,EAAE,CAAC;QACjB,KAAK,SAAS;YACZ,OAAO,CAAC,CAAC,CAAC,CAAC,yCAAyC;IACxD,CAAC;AACH,CAAC;AAuHD;;GAEG;AACH,MAAM,CAAC,MAAM,sBAAsB,GAAkC;IACnE,aAAa,EAAE,IAAI;IACnB,YAAY,EAAE,MAAM;IACpB,MAAM,EAAE,EAAE,GAAG,EAAE,EAAE,aAAa;IAC9B,gBAAgB,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,SAAS,CAAC;IACtD,OAAO,EAAE,KAAK;CACf,CAAC"}

package/dist/templates.d.ts

@@ -0,0 +1,64 @@
+/**
+ * Server Templates Library for Tollgate
+ *
+ * Extended collection of MCP server templates for quick configuration.
+ * These templates provide recommended policies for popular MCP servers.
+ *
+ * Usage via CLI:
+ *   tollgate templates list              # List all available templates
+ *   tollgate templates show <name>       # Show template details
+ *   tollgate templates apply <name>      # Add template to tollgate.yaml
+ *
+ * @module templates
+ */
+import type { ServerTemplate } from './wizard.js';
+/**
+ * Template categories for organization.
+ */
+export type TemplateCategory = 'database' | 'filesystem' | 'web' | 'productivity' | 'developer' | 'ai' | 'communication';
+/**
+ * Extended template with category and tags.
+ */
+export interface ExtendedTemplate extends ServerTemplate {
+    /** Category for grouping */
+    category: TemplateCategory;
+    /** Searchable tags */
+    tags: string[];
+    /** URL to MCP server documentation */
+    docsUrl?: string;
+    /** Whether the template has been verified/tested */
+    verified: boolean;
+}
+/**
+ * Complete template library.
+ */
+export declare const TEMPLATE_LIBRARY: ExtendedTemplate[];
+/**
+ * Get all templates.
+ */
+export declare function getAllTemplates(): ExtendedTemplate[];
+/**
+ * Get templates by category.
+ */
+export declare function getTemplatesByCategory(category: TemplateCategory): ExtendedTemplate[];
+/**
+ * Get template by name.
+ */
+export declare function getTemplateByName(name: string): ExtendedTemplate | undefined;
+/**
+ * Search templates by keyword.
+ */
+export declare function searchTemplates(query: string): ExtendedTemplate[];
+/**
+ * Get unique categories.
+ */
+export declare function getCategories(): TemplateCategory[];
+/**
+ * Generate YAML configuration for a template.
+ */
+export declare function generateTemplateYaml(template: ExtendedTemplate, policyPreset?: 'strict' | 'balanced' | 'permissive'): string;
+/**
+ * Generate full config file from multiple templates.
+ */
+export declare function generateFullConfig(templateNames: string[], policyPreset?: 'strict' | 'balanced' | 'permissive'): string;
+//# sourceMappingURL=templates.d.ts.map

package/dist/templates.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"templates.d.ts","sourceRoot":"","sources":["../src/templates.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAMlD;;GAEG;AACH,MAAM,MAAM,gBAAgB,GACtB,UAAU,GACV,YAAY,GACZ,KAAK,GACL,cAAc,GACd,WAAW,GACX,IAAI,GACJ,eAAe,CAAC;AAEtB;;GAEG;AACH,MAAM,WAAW,gBAAiB,SAAQ,cAAc;IACpD,4BAA4B;IAC5B,QAAQ,EAAE,gBAAgB,CAAC;IAC3B,sBAAsB;IACtB,IAAI,EAAE,MAAM,EAAE,CAAC;IACf,sCAAsC;IACtC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,oDAAoD;IACpD,QAAQ,EAAE,OAAO,CAAC;CACrB;AAED;;GAEG;AACH,eAAO,MAAM,gBAAgB,EAAE,gBAAgB,EAkT9C,CAAC;AAMF;;GAEG;AACH,wBAAgB,eAAe,IAAI,gBAAgB,EAAE,CAEpD;AAED;;GAEG;AACH,wBAAgB,sBAAsB,CAAC,QAAQ,EAAE,gBAAgB,GAAG,gBAAgB,EAAE,CAErF;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,MAAM,GAAG,gBAAgB,GAAG,SAAS,CAE5E;AAED;;GAEG;AACH,wBAAgB,eAAe,CAAC,KAAK,EAAE,MAAM,GAAG,gBAAgB,EAAE,CASjE;AAED;;GAEG;AACH,wBAAgB,aAAa,IAAI,gBAAgB,EAAE,CAElD;AAED;;GAEG;AACH,wBAAgB,oBAAoB,CAChC,QAAQ,EAAE,gBAAgB,EAC1B,YAAY,GAAE,QAAQ,GAAG,UAAU,GAAG,YAAyB,GAChE,MAAM,CAyER;AAED;;GAEG;AACH,wBAAgB,kBAAkB,CAC9B,aAAa,EAAE,MAAM,EAAE,EACvB,YAAY,GAAE,QAAQ,GAAG,UAAU,GAAG,YAAyB,GAChE,MAAM,CA0BR"}