@elisym/sdk 0.6.0 → 0.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/index.cjs CHANGED
@@ -2412,12 +2412,149 @@ function validateAgentName(name) {
2412
2412
  }
2413
2413
  }
2414
2414
 
2415
+ // src/primitives/rateLimiter.ts
2416
+ function createSlidingWindowLimiter(options) {
2417
+ const { windowMs, maxPerWindow, maxKeys } = options;
2418
+ if (windowMs <= 0) {
2419
+ throw new RangeError("windowMs must be > 0");
2420
+ }
2421
+ if (maxPerWindow <= 0) {
2422
+ throw new RangeError("maxPerWindow must be > 0");
2423
+ }
2424
+ if (maxKeys <= 0) {
2425
+ throw new RangeError("maxKeys must be > 0");
2426
+ }
2427
+ const entries = /* @__PURE__ */ new Map();
2428
+ function evictIfNeeded() {
2429
+ while (entries.size > maxKeys) {
2430
+ const oldestKey = entries.keys().next().value;
2431
+ if (oldestKey === void 0) {
2432
+ return;
2433
+ }
2434
+ entries.delete(oldestKey);
2435
+ }
2436
+ }
2437
+ return {
2438
+ peek(key, now = Date.now()) {
2439
+ const entry = entries.get(key);
2440
+ if (!entry) {
2441
+ return { allowed: true, resetAt: now + windowMs, count: 0 };
2442
+ }
2443
+ const cutoff = now - windowMs;
2444
+ const fresh = entry.hits.filter((timestamp) => timestamp > cutoff);
2445
+ return {
2446
+ allowed: fresh.length < maxPerWindow,
2447
+ resetAt: (fresh[0] ?? now) + windowMs,
2448
+ count: fresh.length
2449
+ };
2450
+ },
2451
+ check(key, now = Date.now()) {
2452
+ const entry = entries.get(key) ?? { hits: [] };
2453
+ const cutoff = now - windowMs;
2454
+ const fresh = entry.hits.filter((timestamp) => timestamp > cutoff);
2455
+ if (fresh.length >= maxPerWindow) {
2456
+ entries.delete(key);
2457
+ entries.set(key, { hits: fresh });
2458
+ return {
2459
+ allowed: false,
2460
+ resetAt: (fresh[0] ?? now) + windowMs,
2461
+ count: fresh.length
2462
+ };
2463
+ }
2464
+ fresh.push(now);
2465
+ entries.delete(key);
2466
+ entries.set(key, { hits: fresh });
2467
+ evictIfNeeded();
2468
+ return {
2469
+ allowed: true,
2470
+ resetAt: (fresh[0] ?? now) + windowMs,
2471
+ count: fresh.length
2472
+ };
2473
+ },
2474
+ prune(now = Date.now()) {
2475
+ const cutoff = now - windowMs;
2476
+ for (const [key, entry] of entries) {
2477
+ const fresh = entry.hits.filter((timestamp) => timestamp > cutoff);
2478
+ if (fresh.length === 0) {
2479
+ entries.delete(key);
2480
+ } else if (fresh.length !== entry.hits.length) {
2481
+ entry.hits = fresh;
2482
+ }
2483
+ }
2484
+ },
2485
+ size() {
2486
+ return entries.size;
2487
+ },
2488
+ reset() {
2489
+ entries.clear();
2490
+ }
2491
+ };
2492
+ }
2493
+
2494
+ // src/primitives/logRedact.ts
2495
+ var SECRET_REDACT_PATHS = [
2496
+ "*.ELISYM_NOSTR_PRIVATE_KEY",
2497
+ "*.ELISYM_SOLANA_PRIVATE_KEY",
2498
+ "*.nostrPrivateKeyHex",
2499
+ "*.solanaPrivateKeyBase58",
2500
+ "*.secretKey",
2501
+ "*.secret",
2502
+ "ELISYM_NOSTR_PRIVATE_KEY",
2503
+ "ELISYM_SOLANA_PRIVATE_KEY",
2504
+ // Canonical on-disk `.secrets.json` field names. Logging the whole
2505
+ // `secrets` object, or any single field directly, must not leak.
2506
+ "llm_api_key",
2507
+ "nostr_secret_key",
2508
+ "solana_secret_key",
2509
+ "*.llm_api_key",
2510
+ "*.nostr_secret_key",
2511
+ "*.solana_secret_key",
2512
+ "secrets",
2513
+ "*.secrets"
2514
+ ];
2515
+ var INPUT_REDACT_PATHS = [
2516
+ "content",
2517
+ "input",
2518
+ "prompt",
2519
+ "*.content",
2520
+ "*.input",
2521
+ "*.prompt",
2522
+ "event.content",
2523
+ "*.event.content",
2524
+ // JobLedger entries carry the raw Nostr event JSON (which embeds
2525
+ // `event.content`) and the full LLM `resultContent` - both are
2526
+ // customer-confidential and must never land in a structured log.
2527
+ "rawEventJson",
2528
+ "resultContent",
2529
+ "*.rawEventJson",
2530
+ "*.resultContent"
2531
+ ];
2532
+ var DEFAULT_REDACT_PATHS = [...SECRET_REDACT_PATHS, ...INPUT_REDACT_PATHS];
2533
+ var INPUT_REDACT_LEAVES = /* @__PURE__ */ new Set([
2534
+ "content",
2535
+ "input",
2536
+ "prompt",
2537
+ "rawEventJson",
2538
+ "resultContent"
2539
+ ]);
2540
+ function makeCensor() {
2541
+ return (_value, path) => {
2542
+ const last = path[path.length - 1];
2543
+ if (last !== void 0 && INPUT_REDACT_LEAVES.has(last)) {
2544
+ return "[INPUT REDACTED]";
2545
+ }
2546
+ return "[REDACTED]";
2547
+ };
2548
+ }
2549
+
2415
2550
  exports.BoundedSet = BoundedSet;
2416
2551
  exports.DEFAULTS = DEFAULTS;
2417
2552
  exports.DEFAULT_KIND_OFFSET = DEFAULT_KIND_OFFSET;
2553
+ exports.DEFAULT_REDACT_PATHS = DEFAULT_REDACT_PATHS;
2418
2554
  exports.DiscoveryService = DiscoveryService;
2419
2555
  exports.ElisymClient = ElisymClient;
2420
2556
  exports.ElisymIdentity = ElisymIdentity;
2557
+ exports.INPUT_REDACT_PATHS = INPUT_REDACT_PATHS;
2421
2558
  exports.KIND_APP_HANDLER = KIND_APP_HANDLER;
2422
2559
  exports.KIND_JOB_FEEDBACK = KIND_JOB_FEEDBACK;
2423
2560
  exports.KIND_JOB_REQUEST = KIND_JOB_REQUEST;
@@ -2437,6 +2574,7 @@ exports.PROTOCOL_TREASURY = PROTOCOL_TREASURY;
2437
2574
  exports.PaymentRequestSchema = PaymentRequestSchema;
2438
2575
  exports.PingService = PingService;
2439
2576
  exports.RELAYS = RELAYS;
2577
+ exports.SECRET_REDACT_PATHS = SECRET_REDACT_PATHS;
2440
2578
  exports.SolanaPaymentStrategy = SolanaPaymentStrategy;
2441
2579
  exports.assertExpiry = assertExpiry;
2442
2580
  exports.assertLamports = assertLamports;
@@ -2445,12 +2583,14 @@ exports.calculateProtocolFee = calculateProtocolFee;
2445
2583
  exports.clearPriorityFeeCache = clearPriorityFeeCache;
2446
2584
  exports.clearProtocolConfigCache = clearProtocolConfigCache;
2447
2585
  exports.createPaymentRequestWithOnchainConfig = createPaymentRequestWithOnchainConfig;
2586
+ exports.createSlidingWindowLimiter = createSlidingWindowLimiter;
2448
2587
  exports.estimatePriorityFeeMicroLamports = estimatePriorityFeeMicroLamports;
2449
2588
  exports.formatSol = formatSol;
2450
2589
  exports.getProtocolConfig = getProtocolConfig;
2451
2590
  exports.getProtocolProgramId = getProtocolProgramId;
2452
2591
  exports.jobRequestKind = jobRequestKind;
2453
2592
  exports.jobResultKind = jobResultKind;
2593
+ exports.makeCensor = makeCensor;
2454
2594
  exports.nip44Decrypt = nip44Decrypt;
2455
2595
  exports.nip44Encrypt = nip44Encrypt;
2456
2596
  exports.parsePaymentRequest = parsePaymentRequest;