@jterrats/open-orchestra 1.0.17 → 1.1.0

package/dist/security/payment-card-detection.js

@@ -0,0 +1,48 @@
+const paymentCardCandidatePattern = /\b\d(?:[ -]?\d){12,18}\b/g;
+export function hasPaymentCardLikeValue(value) {
+    return paymentCardCandidates(value).some(isPaymentCardLikeValue);
+}
+export function redactPaymentCardLikeValues(value, replacement) {
+    return value.replace(paymentCardCandidatePattern, (match, offset) => isPaymentCardLikeCandidate(value, match, offset) ? replacement : match);
+}
+export function isPaymentCardLikeValue(value) {
+    const digits = value.replace(/[ -]/g, "");
+    if (digits.length < 13 || digits.length > 19)
+        return false;
+    return luhnChecksum(digits);
+}
+function paymentCardCandidates(value) {
+    paymentCardCandidatePattern.lastIndex = 0;
+    return [...value.matchAll(paymentCardCandidatePattern)]
+        .filter((match) => isPaymentCardLikeCandidate(value, match[0], match.index ?? 0))
+        .map((match) => match[0]);
+}
+function isPaymentCardLikeCandidate(source, value, offset) {
+    if (!isPaymentCardLikeValue(value))
+        return false;
+    const before = source[offset - 1] ?? "";
+    const after = source[offset + value.length] ?? "";
+    return !isIdentifierBoundary(before) && !isIdentifierBoundary(after);
+}
+function isIdentifierBoundary(value) {
+    return /[A-Za-z0-9_-]/.test(value);
+}
+function luhnChecksum(value) {
+    let sum = 0;
+    let shouldDouble = false;
+    for (let index = value.length - 1; index >= 0; index -= 1) {
+        const digit = Number(value[index]);
+        if (!Number.isInteger(digit))
+            return false;
+        let contribution = digit;
+        if (shouldDouble) {
+            contribution = digit * 2;
+            if (contribution > 9)
+                contribution -= 9;
+        }
+        sum += contribution;
+        shouldDouble = !shouldDouble;
+    }
+    return sum > 0 && sum % 10 === 0;
+}
+//# sourceMappingURL=payment-card-detection.js.map

package/dist/security/payment-card-detection.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"payment-card-detection.js","sourceRoot":"","sources":["../../src/security/payment-card-detection.ts"],"names":[],"mappings":"AAAA,MAAM,2BAA2B,GAAG,2BAA2B,CAAC;AAEhE,MAAM,UAAU,uBAAuB,CAAC,KAAa;IACnD,OAAO,qBAAqB,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;AACnE,CAAC;AAED,MAAM,UAAU,2BAA2B,CACzC,KAAa,EACb,WAAmB;IAEnB,OAAO,KAAK,CAAC,OAAO,CAAC,2BAA2B,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE,CAClE,0BAA0B,CAAC,KAAK,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,KAAK,CACvE,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,sBAAsB,CAAC,KAAa;IAClD,MAAM,MAAM,GAAG,KAAK,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;IAC1C,IAAI,MAAM,CAAC,MAAM,GAAG,EAAE,IAAI,MAAM,CAAC,MAAM,GAAG,EAAE;QAAE,OAAO,KAAK,CAAC;IAC3D,OAAO,YAAY,CAAC,MAAM,CAAC,CAAC;AAC9B,CAAC;AAED,SAAS,qBAAqB,CAAC,KAAa;IAC1C,2BAA2B,CAAC,SAAS,GAAG,CAAC,CAAC;IAC1C,OAAO,CAAC,GAAG,KAAK,CAAC,QAAQ,CAAC,2BAA2B,CAAC,CAAC;SACpD,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAChB,0BAA0B,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,KAAK,IAAI,CAAC,CAAC,CAC9D;SACA,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;AAC9B,CAAC;AAED,SAAS,0BAA0B,CACjC,MAAc,EACd,KAAa,EACb,MAAc;IAEd,IAAI,CAAC,sBAAsB,CAAC,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IACjD,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;IACxC,MAAM,KAAK,GAAG,MAAM,CAAC,MAAM,GAAG,KAAK,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;IAClD,OAAO,CAAC,oBAAoB,CAAC,MAAM,CAAC,IAAI,CAAC,oBAAoB,CAAC,KAAK,CAAC,CAAC;AACvE,CAAC;AAED,SAAS,oBAAoB,CAAC,KAAa;IACzC,OAAO,eAAe,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;AACrC,CAAC;AAED,SAAS,YAAY,CAAC,KAAa;IACjC,IAAI,GAAG,GAAG,CAAC,CAAC;IACZ,IAAI,YAAY,GAAG,KAAK,CAAC;IACzB,KAAK,IAAI,KAAK,GAAG,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,KAAK,IAAI,CAAC,EAAE,KAAK,IAAI,CAAC,EAAE,CAAC;QAC1D,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC;QACnC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,CAAC;YAAE,OAAO,KAAK,CAAC;QAC3C,IAAI,YAAY,GAAG,KAAK,CAAC;QACzB,IAAI,YAAY,EAAE,CAAC;YACjB,YAAY,GAAG,KAAK,GAAG,CAAC,CAAC;YACzB,IAAI,YAAY,GAAG,CAAC;gBAAE,YAAY,IAAI,CAAC,CAAC;QAC1C,CAAC;QACD,GAAG,IAAI,YAAY,CAAC;QACpB,YAAY,GAAG,CAAC,YAAY,CAAC;IAC/B,CAAC;IACD,OAAO,GAAG,GAAG,CAAC,IAAI,GAAG,GAAG,EAAE,KAAK,CAAC,CAAC;AACnC,CAAC"}

package/dist/security/policy-types.d.ts

@@ -5,7 +5,7 @@ export type PolicySink = "evidence" | "htmlText" | "json" | "log" | "markdown" |
 export type SegmentKind = "data" | "evidence" | "instruction" | "providerResponse" | "toolInput" | "toolOutput" | "unknown";
 export type DataClassification = "public" | "internal" | "restricted" | "unknown";
 export type FindingSeverity = "low" | "medium" | "high" | "critical";
-export type ContentFindingKind = "indirectPromptInjection" | "noSqlLike" | "pathTraversal" | "promptInjection" | "secretShaped" | "shellLike" | "sqlLike" | "unsafeUrl";
+export type ContentFindingKind = "indirectPromptInjection" | "noSqlLike" | "pathTraversal" | "piiEmail" | "piiPaymentCard" | "piiPhone" | "piiSsn" | "promptInjection" | "secretShaped" | "shellLike" | "sqlLike" | "unsafeUrl";
 export interface ContentFinding {
     kind: ContentFindingKind;
     ruleId: string;

package/dist/security/provider-egress-policy.d.ts

@@ -0,0 +1,27 @@
+import type { ContentClassification, DataClassification, PolicyDecision } from "./policy-types.js";
+import type { ModelMessage } from "../types/model-config.js";
+export interface ProviderEgressClassification {
+    classification: DataClassification;
+    findings: ContentClassification["findings"];
+}
+export interface ProviderEgressClassifier {
+    classify(text: string): ProviderEgressClassification;
+}
+export interface ProviderEgressPolicyInput {
+    requestId?: string;
+    taskId: string;
+    role: string;
+    actor: string;
+    providerId: string;
+    messages: ModelMessage[];
+    classifier?: ProviderEgressClassifier;
+}
+export interface ProviderEgressPolicyDecision {
+    allowed: boolean;
+    requestId: string;
+    outcome: PolicyDecision["outcome"];
+    safeMessage?: string;
+    matchedRuleIds: string[];
+    redactionStatus: PolicyDecision["redactionStatus"];
+}
+export declare function evaluateProviderEgressPolicy(input: ProviderEgressPolicyInput): ProviderEgressPolicyDecision;

package/dist/security/provider-egress-policy.js

@@ -0,0 +1,72 @@
+import { randomUUID } from "node:crypto";
+import { evaluateSecurityPolicy } from "./policy-engine.js";
+import { intakePromptSegment } from "./prompt-intake.js";
+import { redactPromptSegments } from "./redaction.js";
+export function evaluateProviderEgressPolicy(input) {
+    const requestId = input.requestId ?? `provider-egress-${randomUUID()}`;
+    const segments = input.messages.map((message, index) => providerPromptSegment(message, index, input.classifier));
+    const redactionReport = redactPromptSegments(segments);
+    const decision = evaluateSecurityPolicy({
+        requestId,
+        subject: {
+            id: input.actor,
+            subjectType: "runtime",
+            workspaceId: input.taskId,
+        },
+        action: "provider.message",
+        resource: {
+            resourceType: "prompt",
+            summary: `provider egress to ${input.providerId}`,
+            workspaceId: input.taskId,
+        },
+        sink: "provider",
+        dataClassification: highestDataClassification(segments),
+        segments,
+        redactionReport,
+    });
+    const allowed = redactionReport.status === "notRequired" &&
+        !hasRestrictedClassification(segments);
+    return {
+        allowed,
+        requestId,
+        outcome: decision.outcome,
+        matchedRuleIds: decision.matchedRuleIds,
+        redactionStatus: decision.redactionStatus,
+        ...(allowed
+            ? {}
+            : {
+                safeMessage: "provider egress blocked by restricted-content policy before provider execution",
+            }),
+    };
+}
+function hasRestrictedClassification(segments) {
+    return segments.some((segment) => segment.classification.classification === "restricted");
+}
+function providerPromptSegment(message, index, classifier) {
+    const segment = intakePromptSegment({
+        id: `message-${index + 1}`,
+        kind: message.role === "tool" ? "toolOutput" : "instruction",
+        provenance: `model-message:${message.role}`,
+        sink: "provider",
+        text: message.content,
+    }, `message-${index + 1}`);
+    if (!classifier)
+        return segment;
+    return {
+        ...segment,
+        classification: classifier.classify(message.content),
+    };
+}
+function highestDataClassification(segments) {
+    if (segments.some((segment) => segment.classification.classification === "restricted")) {
+        return "restricted";
+    }
+    if (segments.some((segment) => segment.classification.classification === "unknown")) {
+        return "unknown";
+    }
+    if (segments.some((segment) => segment.classification.classification === "internal")) {
+        return "internal";
+    }
+    return "public";
+}
+//# sourceMappingURL=provider-egress-policy.js.map

package/dist/security/provider-egress-policy.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"provider-egress-policy.js","sourceRoot":"","sources":["../../src/security/provider-egress-policy.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,sBAAsB,EAAE,MAAM,oBAAoB,CAAC;AAC5D,OAAO,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AACzD,OAAO,EAAE,oBAAoB,EAAE,MAAM,gBAAgB,CAAC;AAqCtD,MAAM,UAAU,4BAA4B,CAC1C,KAAgC;IAEhC,MAAM,SAAS,GAAG,KAAK,CAAC,SAAS,IAAI,mBAAmB,UAAU,EAAE,EAAE,CAAC;IACvE,MAAM,QAAQ,GAAG,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,KAAK,EAAE,EAAE,CACrD,qBAAqB,CAAC,OAAO,EAAE,KAAK,EAAE,KAAK,CAAC,UAAU,CAAC,CACxD,CAAC;IACF,MAAM,eAAe,GAAG,oBAAoB,CAAC,QAAQ,CAAC,CAAC;IACvD,MAAM,QAAQ,GAAG,sBAAsB,CAAC;QACtC,SAAS;QACT,OAAO,EAAE;YACP,EAAE,EAAE,KAAK,CAAC,KAAK;YACf,WAAW,EAAE,SAAS;YACtB,WAAW,EAAE,KAAK,CAAC,MAAM;SAC1B;QACD,MAAM,EAAE,kBAAkB;QAC1B,QAAQ,EAAE;YACR,YAAY,EAAE,QAAQ;YACtB,OAAO,EAAE,sBAAsB,KAAK,CAAC,UAAU,EAAE;YACjD,WAAW,EAAE,KAAK,CAAC,MAAM;SAC1B;QACD,IAAI,EAAE,UAAU;QAChB,kBAAkB,EAAE,yBAAyB,CAAC,QAAQ,CAAC;QACvD,QAAQ;QACR,eAAe;KAChB,CAAC,CAAC;IACH,MAAM,OAAO,GACX,eAAe,CAAC,MAAM,KAAK,aAAa;QACxC,CAAC,2BAA2B,CAAC,QAAQ,CAAC,CAAC;IACzC,OAAO;QACL,OAAO;QACP,SAAS;QACT,OAAO,EAAE,QAAQ,CAAC,OAAO;QACzB,cAAc,EAAE,QAAQ,CAAC,cAAc;QACvC,eAAe,EAAE,QAAQ,CAAC,eAAe;QACzC,GAAG,CAAC,OAAO;YACT,CAAC,CAAC,EAAE;YACJ,CAAC,CAAC;gBACE,WAAW,EACT,gFAAgF;aACnF,CAAC;KACP,CAAC;AACJ,CAAC;AAED,SAAS,2BAA2B,CAAC,QAAyB;IAC5D,OAAO,QAAQ,CAAC,IAAI,CAClB,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,cAAc,CAAC,cAAc,KAAK,YAAY,CACpE,CAAC;AACJ,CAAC;AAED,SAAS,qBAAqB,CAC5B,OAAqB,EACrB,KAAa,EACb,UAAgD;IAEhD,MAAM,OAAO,GAAG,mBAAmB,CACjC;QACE,EAAE,EAAE,WAAW,KAAK,GAAG,CAAC,EAAE;QAC1B,IAAI,EAAE,OAAO,CAAC,IAAI,KAAK,MAAM,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,aAAa;QAC5D,UAAU,EAAE,iBAAiB,OAAO,CAAC,IAAI,EAAE;QAC3C,IAAI,EAAE,UAAU;QAChB,IAAI,EAAE,OAAO,CAAC,OAAO;KACtB,EACD,WAAW,KAAK,GAAG,CAAC,EAAE,CACvB,CAAC;IACF,IAAI,CAAC,UAAU;QAAE,OAAO,OAAO,CAAC;IAChC,OAAO;QACL,GAAG,OAAO;QACV,cAAc,EAAE,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC,OAAO,CAAC;KACrD,CAAC;AACJ,CAAC;AAED,SAAS,yBAAyB,CAChC,QAAyB;IAEzB,IACE,QAAQ,CAAC,IAAI,CACX,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,cAAc,CAAC,cAAc,KAAK,YAAY,CACpE,EACD,CAAC;QACD,OAAO,YAAY,CAAC;IACtB,CAAC;IACD,IACE,QAAQ,CAAC,IAAI,CACX,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,cAAc,CAAC,cAAc,KAAK,SAAS,CACjE,EACD,CAAC;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,IACE,QAAQ,CAAC,IAAI,CACX,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,cAAc,CAAC,cAAc,KAAK,UAAU,CAClE,EACD,CAAC;QACD,OAAO,UAAU,CAAC;IACpB,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC"}

package/dist/security/public-api-auth.d.ts

@@ -0,0 +1,20 @@
+import type http from "node:http";
+import type { ChatScope } from "../types/chat.js";
+export declare const PUBLIC_LOCAL_DEV_USER_ID_HEADER = "x-orchestra-user-id";
+export interface PublicApiPrincipal {
+    id: string;
+    displayName: string;
+    source: "local_dev_header";
+}
+export interface PublicApiAuthContext {
+    requestId: string;
+    principal: PublicApiPrincipal;
+    scope: ChatScope;
+    rateLimitKey: string;
+}
+export declare function authenticatePublicApiRequest(input: {
+    request: http.IncomingMessage;
+    requestId: string;
+    workspaceKey: string;
+}): PublicApiAuthContext;
+export declare function workspaceKeyForRoot(root: string): string;

package/dist/security/public-api-auth.js

@@ -0,0 +1,55 @@
+import { createHash } from "node:crypto";
+import { ChatApiError } from "../chat-api-errors.js";
+export const PUBLIC_LOCAL_DEV_USER_ID_HEADER = "x-orchestra-user-id";
+const PUBLIC_LOCAL_DEV_USER_NAME_HEADER = "x-orchestra-user-name";
+const MAX_PRINCIPAL_ID_LENGTH = 128;
+const MAX_DISPLAY_NAME_LENGTH = 160;
+export function authenticatePublicApiRequest(input) {
+    const principalId = boundedHeaderValue(input.request.headers[PUBLIC_LOCAL_DEV_USER_ID_HEADER], PUBLIC_LOCAL_DEV_USER_ID_HEADER, input.requestId, MAX_PRINCIPAL_ID_LENGTH);
+    if (!principalId) {
+        throw new ChatApiError("unauthorized", "authentication is required", 401, input.requestId);
+    }
+    const displayName = boundedHeaderValue(input.request.headers[PUBLIC_LOCAL_DEV_USER_NAME_HEADER], PUBLIC_LOCAL_DEV_USER_NAME_HEADER, input.requestId, MAX_DISPLAY_NAME_LENGTH) ?? principalId;
+    return {
+        requestId: input.requestId,
+        principal: {
+            id: principalId,
+            displayName,
+            source: "local_dev_header",
+        },
+        scope: publicScope(input.workspaceKey, principalId),
+        rateLimitKey: `${input.workspaceKey}:${principalId}`,
+    };
+}
+export function workspaceKeyForRoot(root) {
+    return createHash("sha256").update(root).digest("hex").slice(0, 16);
+}
+function publicScope(workspaceKey, principalId) {
+    const principalKey = createHash("sha256")
+        .update(principalId)
+        .digest("hex")
+        .slice(0, 16);
+    return {
+        tenantId: `workspace:${workspaceKey}`,
+        workspaceId: workspaceKey,
+        taskId: `public-chat:${principalKey}`,
+        runId: "api-v1",
+        phase: "api",
+        sessionId: principalKey,
+    };
+}
+function boundedHeaderValue(value, field, requestId, maxLength) {
+    if (Array.isArray(value)) {
+        throw new ChatApiError("invalid_request", `${field} header must have a single value`, 400, requestId);
+    }
+    if (typeof value !== "string")
+        return undefined;
+    const normalized = value.trim();
+    if (!normalized)
+        return undefined;
+    if (normalized.length > maxLength) {
+        throw new ChatApiError("invalid_request", `${field} header is too long`, 400, requestId);
+    }
+    return normalized;
+}
+//# sourceMappingURL=public-api-auth.js.map

package/dist/security/public-api-auth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"public-api-auth.js","sourceRoot":"","sources":["../../src/security/public-api-auth.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAEzC,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AAGrD,MAAM,CAAC,MAAM,+BAA+B,GAAG,qBAAqB,CAAC;AACrE,MAAM,iCAAiC,GAAG,uBAAuB,CAAC;AAClE,MAAM,uBAAuB,GAAG,GAAG,CAAC;AACpC,MAAM,uBAAuB,GAAG,GAAG,CAAC;AAepC,MAAM,UAAU,4BAA4B,CAAC,KAI5C;IACC,MAAM,WAAW,GAAG,kBAAkB,CACpC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,+BAA+B,CAAC,EACtD,+BAA+B,EAC/B,KAAK,CAAC,SAAS,EACf,uBAAuB,CACxB,CAAC;IACF,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,MAAM,IAAI,YAAY,CACpB,cAAc,EACd,4BAA4B,EAC5B,GAAG,EACH,KAAK,CAAC,SAAS,CAChB,CAAC;IACJ,CAAC;IACD,MAAM,WAAW,GACf,kBAAkB,CAChB,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,iCAAiC,CAAC,EACxD,iCAAiC,EACjC,KAAK,CAAC,SAAS,EACf,uBAAuB,CACxB,IAAI,WAAW,CAAC;IACnB,OAAO;QACL,SAAS,EAAE,KAAK,CAAC,SAAS;QAC1B,SAAS,EAAE;YACT,EAAE,EAAE,WAAW;YACf,WAAW;YACX,MAAM,EAAE,kBAAkB;SAC3B;QACD,KAAK,EAAE,WAAW,CAAC,KAAK,CAAC,YAAY,EAAE,WAAW,CAAC;QACnD,YAAY,EAAE,GAAG,KAAK,CAAC,YAAY,IAAI,WAAW,EAAE;KACrD,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,IAAY;IAC9C,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;AACtE,CAAC;AAED,SAAS,WAAW,CAAC,YAAoB,EAAE,WAAmB;IAC5D,MAAM,YAAY,GAAG,UAAU,CAAC,QAAQ,CAAC;SACtC,MAAM,CAAC,WAAW,CAAC;SACnB,MAAM,CAAC,KAAK,CAAC;SACb,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IAChB,OAAO;QACL,QAAQ,EAAE,aAAa,YAAY,EAAE;QACrC,WAAW,EAAE,YAAY;QACzB,MAAM,EAAE,eAAe,YAAY,EAAE;QACrC,KAAK,EAAE,QAAQ;QACf,KAAK,EAAE,KAAK;QACZ,SAAS,EAAE,YAAY;KACxB,CAAC;AACJ,CAAC;AAED,SAAS,kBAAkB,CACzB,KAAoC,EACpC,KAAa,EACb,SAAiB,EACjB,SAAiB;IAEjB,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACzB,MAAM,IAAI,YAAY,CACpB,iBAAiB,EACjB,GAAG,KAAK,kCAAkC,EAC1C,GAAG,EACH,SAAS,CACV,CAAC;IACJ,CAAC;IACD,IAAI,OAAO,KAAK,KAAK,QAAQ;QAAE,OAAO,SAAS,CAAC;IAChD,MAAM,UAAU,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC;IAChC,IAAI,CAAC,UAAU;QAAE,OAAO,SAAS,CAAC;IAClC,IAAI,UAAU,CAAC,MAAM,GAAG,SAAS,EAAE,CAAC;QAClC,MAAM,IAAI,YAAY,CACpB,iBAAiB,EACjB,GAAG,KAAK,qBAAqB,EAC7B,GAAG,EACH,SAAS,CACV,CAAC;IACJ,CAAC;IACD,OAAO,UAAU,CAAC;AACpB,CAAC"}

package/dist/security/public-api-policy.d.ts

@@ -0,0 +1,8 @@
+export interface PublicApiAdmission {
+    release: () => void;
+}
+export declare function admitPublicApiRequest(input: {
+    key: string;
+    requestId: string;
+    now?: number;
+}): PublicApiAdmission;

package/dist/security/public-api-policy.js

@@ -0,0 +1,40 @@
+import { ChatApiError } from "../chat-api-errors.js";
+const RATE_LIMIT_WINDOW_MS = 60_000;
+const RATE_LIMIT_MAX_REQUESTS = 60;
+const MAX_CONCURRENT_REQUESTS = 4;
+const buckets = new Map();
+export function admitPublicApiRequest(input) {
+    const now = input.now ?? Date.now();
+    const bucket = activeBucket(input.key, now);
+    if (bucket.requestCount >= RATE_LIMIT_MAX_REQUESTS) {
+        throw new ChatApiError("rate_limited", "rate limit exceeded", 429, input.requestId, true);
+    }
+    if (bucket.activeRequests >= MAX_CONCURRENT_REQUESTS) {
+        throw new ChatApiError("rate_limited", "too many concurrent requests", 429, input.requestId, true);
+    }
+    bucket.requestCount += 1;
+    bucket.activeRequests += 1;
+    let isReleased = false;
+    return {
+        release: () => {
+            if (isReleased)
+                return;
+            isReleased = true;
+            bucket.activeRequests = Math.max(0, bucket.activeRequests - 1);
+        },
+    };
+}
+function activeBucket(key, now) {
+    const existing = buckets.get(key);
+    if (existing && now - existing.windowStartedAt < RATE_LIMIT_WINDOW_MS) {
+        return existing;
+    }
+    const created = {
+        windowStartedAt: now,
+        requestCount: 0,
+        activeRequests: 0,
+    };
+    buckets.set(key, created);
+    return created;
+}
+//# sourceMappingURL=public-api-policy.js.map

package/dist/security/public-api-policy.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"public-api-policy.js","sourceRoot":"","sources":["../../src/security/public-api-policy.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AAErD,MAAM,oBAAoB,GAAG,MAAM,CAAC;AACpC,MAAM,uBAAuB,GAAG,EAAE,CAAC;AACnC,MAAM,uBAAuB,GAAG,CAAC,CAAC;AAQlC,MAAM,OAAO,GAAG,IAAI,GAAG,EAAwB,CAAC;AAMhD,MAAM,UAAU,qBAAqB,CAAC,KAIrC;IACC,MAAM,GAAG,GAAG,KAAK,CAAC,GAAG,IAAI,IAAI,CAAC,GAAG,EAAE,CAAC;IACpC,MAAM,MAAM,GAAG,YAAY,CAAC,KAAK,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IAC5C,IAAI,MAAM,CAAC,YAAY,IAAI,uBAAuB,EAAE,CAAC;QACnD,MAAM,IAAI,YAAY,CACpB,cAAc,EACd,qBAAqB,EACrB,GAAG,EACH,KAAK,CAAC,SAAS,EACf,IAAI,CACL,CAAC;IACJ,CAAC;IACD,IAAI,MAAM,CAAC,cAAc,IAAI,uBAAuB,EAAE,CAAC;QACrD,MAAM,IAAI,YAAY,CACpB,cAAc,EACd,8BAA8B,EAC9B,GAAG,EACH,KAAK,CAAC,SAAS,EACf,IAAI,CACL,CAAC;IACJ,CAAC;IACD,MAAM,CAAC,YAAY,IAAI,CAAC,CAAC;IACzB,MAAM,CAAC,cAAc,IAAI,CAAC,CAAC;IAC3B,IAAI,UAAU,GAAG,KAAK,CAAC;IACvB,OAAO;QACL,OAAO,EAAE,GAAG,EAAE;YACZ,IAAI,UAAU;gBAAE,OAAO;YACvB,UAAU,GAAG,IAAI,CAAC;YAClB,MAAM,CAAC,cAAc,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,MAAM,CAAC,cAAc,GAAG,CAAC,CAAC,CAAC;QACjE,CAAC;KACF,CAAC;AACJ,CAAC;AAED,SAAS,YAAY,CAAC,GAAW,EAAE,GAAW;IAC5C,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IAClC,IAAI,QAAQ,IAAI,GAAG,GAAG,QAAQ,CAAC,eAAe,GAAG,oBAAoB,EAAE,CAAC;QACtE,OAAO,QAAQ,CAAC;IAClB,CAAC;IACD,MAAM,OAAO,GAAiB;QAC5B,eAAe,EAAE,GAAG;QACpB,YAAY,EAAE,CAAC;QACf,cAAc,EAAE,CAAC;KAClB,CAAC;IACF,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;IAC1B,OAAO,OAAO,CAAC;AACjB,CAAC"}

package/dist/security/redaction.js

@@ -1,7 +1,19 @@
+import { hasPaymentCardLikeValue, redactPaymentCardLikeValues, } from "./payment-card-detection.js";
 const secretReplacement = "[REDACTED_SECRET]";
+const piiReplacement = "[REDACTED_PII]";
 const bearerPattern = /\bbearer\s+[a-z0-9._-]{12,}/gi;
 const assignmentPattern = /\b(api[_-]?key|password|secret|token)(\s*[:=]\s*)[^\s"']{12,}/gi;
 const secretPatterns = [bearerPattern, assignmentPattern];
+const emailPattern = /\b[a-z0-9._%+-]+@[a-z0-9.-]+[.][a-z]{2,}\b/gi;
+const phonePattern = /(?:\+?1[\s.-]?)?(?:[(]\d{3}[)]|\b\d{3})[\s.-]?\d{3}[\s.-]?\d{4}\b/g;
+const ssnPattern = /\b\d{3}-\d{2}-\d{4}\b/g;
+const paymentCardPattern = /\b(?:\d[ -]?){13,19}\b/g;
+const piiPatterns = [
+    emailPattern,
+    phonePattern,
+    ssnPattern,
+    paymentCardPattern,
+];
 export function redactPromptSegments(segments) {
     const redactedSegments = segments.map(redactPromptSegment);
     const status = reportStatus(redactedSegments);
@@ -12,36 +24,55 @@ export function redactPromptSegments(segments) {
     };
 }
 export function redactPromptSegment(segment) {
-    const secretFindings = segment.classification.findings.filter((finding) => finding.kind === "secretShaped");
-    const redactedText = redactSecrets(segment.text);
+    const restrictedFindings = segment.classification.findings.filter((finding) => finding.kind === "secretShaped" || finding.kind.startsWith("pii"));
+    const redactedText = redactRestrictedValues(segment.text);
     const wasRedacted = redactedText !== segment.text;
-    const hasRemainingSecret = secretPatterns.some((pattern) => {
-        pattern.lastIndex = 0;
-        return pattern.test(redactedText);
-    });
+    const hasRemainingRestrictedValue = hasRestrictedValue(redactedText);
     return {
         id: segment.id,
         text: redactedText,
-        status: redactionStatus(secretFindings.length, wasRedacted, hasRemainingSecret),
-        redactedFindings: wasRedacted ? ["secretShaped"] : [],
+        status: redactionStatus(restrictedFindings.length, wasRedacted, hasRemainingRestrictedValue),
+        redactedFindings: wasRedacted
+            ? uniqueFindingKinds(restrictedFindings.map((finding) => finding.kind))
+            : [],
     };
 }
-function redactSecrets(text) {
-    return text
+function redactRestrictedValues(text) {
+    const secretRedacted = text
         .replace(bearerPattern, secretReplacement)
         .replace(assignmentPattern, (_match, label, separator) => {
         return `${label}${separator}${secretReplacement}`;
     });
+    return secretRedacted
+        .replace(emailPattern, piiReplacement)
+        .replace(phonePattern, piiReplacement)
+        .replace(ssnPattern, piiReplacement)
+        .replace(paymentCardPattern, (match) => redactPaymentCardLikeValues(match, piiReplacement));
 }
-function redactionStatus(secretFindingCount, wasRedacted, hasRemainingSecret) {
-    if (hasRemainingSecret)
+function redactionStatus(restrictedFindingCount, wasRedacted, hasRemainingRestrictedValue) {
+    if (hasRemainingRestrictedValue)
         return "unsafeUnredacted";
     if (wasRedacted)
         return "redacted";
-    if (secretFindingCount > 0)
+    if (restrictedFindingCount > 0)
         return "unsafeUnredacted";
     return "notRequired";
 }
+function hasRestrictedValue(text) {
+    return [...secretPatterns, ...piiPatterns].some((pattern) => {
+        pattern.lastIndex = 0;
+        if (pattern === paymentCardPattern) {
+            return paymentCardPattern.test(text) && hasPaymentCard(text);
+        }
+        return pattern.test(text);
+    });
+}
+function hasPaymentCard(text) {
+    return hasPaymentCardLikeValue(text);
+}
+function uniqueFindingKinds(findings) {
+    return [...new Set(findings)];
+}
 function reportStatus(segments) {
     if (segments.some((segment) => segment.status === "unsafeUnredacted")) {
         return "unsafeUnredacted";

package/dist/security/redaction.js.map

@@ -1 +1 @@
-{"version":3,"file":"redaction.js","sourceRoot":"","sources":["../../src/security/redaction.ts"],"names":[],"mappings":"AAQA,MAAM,iBAAiB,GAAG,mBAAmB,CAAC;AAC9C,MAAM,aAAa,GAAG,+BAA+B,CAAC;AACtD,MAAM,iBAAiB,GACrB,iEAAiE,CAAC;AACpE,MAAM,cAAc,GAAG,CAAC,aAAa,EAAE,iBAAiB,CAAU,CAAC;AAEnE,MAAM,UAAU,oBAAoB,CAClC,QAAyB;IAEzB,MAAM,gBAAgB,GAAG,QAAQ,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAC;IAC3D,MAAM,MAAM,GAAG,YAAY,CAAC,gBAAgB,CAAC,CAAC;IAC9C,OAAO;QACL,MAAM;QACN,gBAAgB;QAChB,gBAAgB,EAAE,gBAAgB,CAAC,gBAAgB,EAAE,MAAM,CAAC;KAC7D,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,OAAsB;IACxD,MAAM,cAAc,GAAG,OAAO,CAAC,cAAc,CAAC,QAAQ,CAAC,MAAM,CAC3D,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,KAAK,cAAc,CAC7C,CAAC;IACF,MAAM,YAAY,GAAG,aAAa,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IACjD,MAAM,WAAW,GAAG,YAAY,KAAK,OAAO,CAAC,IAAI,CAAC;IAClD,MAAM,kBAAkB,GAAG,cAAc,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE;QACzD,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC;QACtB,OAAO,OAAO,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IACpC,CAAC,CAAC,CAAC;IACH,OAAO;QACL,EAAE,EAAE,OAAO,CAAC,EAAE;QACd,IAAI,EAAE,YAAY;QAClB,MAAM,EAAE,eAAe,CACrB,cAAc,CAAC,MAAM,EACrB,WAAW,EACX,kBAAkB,CACnB;QACD,gBAAgB,EAAE,WAAW,CAAC,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,EAAE;KACtD,CAAC;AACJ,CAAC;AAED,SAAS,aAAa,CAAC,IAAY;IACjC,OAAO,IAAI;SACR,OAAO,CAAC,aAAa,EAAE,iBAAiB,CAAC;SACzC,OAAO,CAAC,iBAAiB,EAAE,CAAC,MAAM,EAAE,KAAa,EAAE,SAAiB,EAAE,EAAE;QACvE,OAAO,GAAG,KAAK,GAAG,SAAS,GAAG,iBAAiB,EAAE,CAAC;IACpD,CAAC,CAAC,CAAC;AACP,CAAC;AAED,SAAS,eAAe,CACtB,kBAA0B,EAC1B,WAAoB,EACpB,kBAA2B;IAE3B,IAAI,kBAAkB;QAAE,OAAO,kBAAkB,CAAC;IAClD,IAAI,WAAW;QAAE,OAAO,UAAU,CAAC;IACnC,IAAI,kBAAkB,GAAG,CAAC;QAAE,OAAO,kBAAkB,CAAC;IACtD,OAAO,aAAa,CAAC;AACvB,CAAC;AAED,SAAS,YAAY,CAAC,QAA2B;IAC/C,IAAI,QAAQ,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,MAAM,KAAK,kBAAkB,CAAC,EAAE,CAAC;QACtE,OAAO,kBAAkB,CAAC;IAC5B,CAAC;IACD,IAAI,QAAQ,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,MAAM,KAAK,UAAU,CAAC,EAAE,CAAC;QAC9D,OAAO,UAAU,CAAC;IACpB,CAAC;IACD,OAAO,aAAa,CAAC;AACvB,CAAC;AAED,SAAS,gBAAgB,CACvB,QAA2B,EAC3B,MAAuB;IAEvB,IAAI,MAAM,KAAK,aAAa;QAAE,OAAO,CAAC,+BAA+B,CAAC,CAAC;IACvE,OAAO,QAAQ;SACZ,MAAM,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,gBAAgB,CAAC,MAAM,GAAG,CAAC,CAAC;SACxD,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,eAAe,CAAC,OAAO,CAAC,EAAE,EAAE,OAAO,CAAC,gBAAgB,CAAC,CAAC,CAAC;AAC7E,CAAC;AAED,SAAS,eAAe,CACtB,SAAiB,EACjB,QAA8B;IAE9B,OAAO,WAAW,SAAS,aAAa,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;AAChE,CAAC"}
+{"version":3,"file":"redaction.js","sourceRoot":"","sources":["../../src/security/redaction.ts"],"names":[],"mappings":"AAOA,OAAO,EACL,uBAAuB,EACvB,2BAA2B,GAC5B,MAAM,6BAA6B,CAAC;AAErC,MAAM,iBAAiB,GAAG,mBAAmB,CAAC;AAC9C,MAAM,cAAc,GAAG,gBAAgB,CAAC;AACxC,MAAM,aAAa,GAAG,+BAA+B,CAAC;AACtD,MAAM,iBAAiB,GACrB,iEAAiE,CAAC;AACpE,MAAM,cAAc,GAAG,CAAC,aAAa,EAAE,iBAAiB,CAAU,CAAC;AACnE,MAAM,YAAY,GAAG,8CAA8C,CAAC;AACpE,MAAM,YAAY,GAChB,oEAAoE,CAAC;AACvE,MAAM,UAAU,GAAG,wBAAwB,CAAC;AAC5C,MAAM,kBAAkB,GAAG,yBAAyB,CAAC;AACrD,MAAM,WAAW,GAAG;IAClB,YAAY;IACZ,YAAY;IACZ,UAAU;IACV,kBAAkB;CACV,CAAC;AAEX,MAAM,UAAU,oBAAoB,CAClC,QAAyB;IAEzB,MAAM,gBAAgB,GAAG,QAAQ,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAC;IAC3D,MAAM,MAAM,GAAG,YAAY,CAAC,gBAAgB,CAAC,CAAC;IAC9C,OAAO;QACL,MAAM;QACN,gBAAgB;QAChB,gBAAgB,EAAE,gBAAgB,CAAC,gBAAgB,EAAE,MAAM,CAAC;KAC7D,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,OAAsB;IACxD,MAAM,kBAAkB,GAAG,OAAO,CAAC,cAAc,CAAC,QAAQ,CAAC,MAAM,CAC/D,CAAC,OAAO,EAAE,EAAE,CACV,OAAO,CAAC,IAAI,KAAK,cAAc,IAAI,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,CACpE,CAAC;IACF,MAAM,YAAY,GAAG,sBAAsB,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IAC1D,MAAM,WAAW,GAAG,YAAY,KAAK,OAAO,CAAC,IAAI,CAAC;IAClD,MAAM,2BAA2B,GAAG,kBAAkB,CAAC,YAAY,CAAC,CAAC;IACrE,OAAO;QACL,EAAE,EAAE,OAAO,CAAC,EAAE;QACd,IAAI,EAAE,YAAY;QAClB,MAAM,EAAE,eAAe,CACrB,kBAAkB,CAAC,MAAM,EACzB,WAAW,EACX,2BAA2B,CAC5B;QACD,gBAAgB,EAAE,WAAW;YAC3B,CAAC,CAAC,kBAAkB,CAAC,kBAAkB,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;YACvE,CAAC,CAAC,EAAE;KACP,CAAC;AACJ,CAAC;AAED,SAAS,sBAAsB,CAAC,IAAY;IAC1C,MAAM,cAAc,GAAG,IAAI;SACxB,OAAO,CAAC,aAAa,EAAE,iBAAiB,CAAC;SACzC,OAAO,CAAC,iBAAiB,EAAE,CAAC,MAAM,EAAE,KAAa,EAAE,SAAiB,EAAE,EAAE;QACvE,OAAO,GAAG,KAAK,GAAG,SAAS,GAAG,iBAAiB,EAAE,CAAC;IACpD,CAAC,CAAC,CAAC;IACL,OAAO,cAAc;SAClB,OAAO,CAAC,YAAY,EAAE,cAAc,CAAC;SACrC,OAAO,CAAC,YAAY,EAAE,cAAc,CAAC;SACrC,OAAO,CAAC,UAAU,EAAE,cAAc,CAAC;SACnC,OAAO,CAAC,kBAAkB,EAAE,CAAC,KAAK,EAAE,EAAE,CACrC,2BAA2B,CAAC,KAAK,EAAE,cAAc,CAAC,CACnD,CAAC;AACN,CAAC;AAED,SAAS,eAAe,CACtB,sBAA8B,EAC9B,WAAoB,EACpB,2BAAoC;IAEpC,IAAI,2BAA2B;QAAE,OAAO,kBAAkB,CAAC;IAC3D,IAAI,WAAW;QAAE,OAAO,UAAU,CAAC;IACnC,IAAI,sBAAsB,GAAG,CAAC;QAAE,OAAO,kBAAkB,CAAC;IAC1D,OAAO,aAAa,CAAC;AACvB,CAAC;AAED,SAAS,kBAAkB,CAAC,IAAY;IACtC,OAAO,CAAC,GAAG,cAAc,EAAE,GAAG,WAAW,CAAC,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE;QAC1D,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC;QACtB,IAAI,OAAO,KAAK,kBAAkB,EAAE,CAAC;YACnC,OAAO,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,cAAc,CAAC,IAAI,CAAC,CAAC;QAC/D,CAAC;QACD,OAAO,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC5B,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,cAAc,CAAC,IAAY;IAClC,OAAO,uBAAuB,CAAC,IAAI,CAAC,CAAC;AACvC,CAAC;AAED,SAAS,kBAAkB,CACzB,QAA8B;IAE9B,OAAO,CAAC,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC;AAChC,CAAC;AAED,SAAS,YAAY,CAAC,QAA2B;IAC/C,IAAI,QAAQ,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,MAAM,KAAK,kBAAkB,CAAC,EAAE,CAAC;QACtE,OAAO,kBAAkB,CAAC;IAC5B,CAAC;IACD,IAAI,QAAQ,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,MAAM,KAAK,UAAU,CAAC,EAAE,CAAC;QAC9D,OAAO,UAAU,CAAC;IACpB,CAAC;IACD,OAAO,aAAa,CAAC;AACvB,CAAC;AAED,SAAS,gBAAgB,CACvB,QAA2B,EAC3B,MAAuB;IAEvB,IAAI,MAAM,KAAK,aAAa;QAAE,OAAO,CAAC,+BAA+B,CAAC,CAAC;IACvE,OAAO,QAAQ;SACZ,MAAM,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,gBAAgB,CAAC,MAAM,GAAG,CAAC,CAAC;SACxD,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,eAAe,CAAC,OAAO,CAAC,EAAE,EAAE,OAAO,CAAC,gBAAgB,CAAC,CAAC,CAAC;AAC7E,CAAC;AAED,SAAS,eAAe,CACtB,SAAiB,EACjB,QAA8B;IAE9B,OAAO,WAAW,SAAS,aAAa,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;AAChE,CAAC"}

package/dist/security/restricted-content-quarantine.d.ts

@@ -0,0 +1,17 @@
+import type { RestrictedDataBoundary } from "../types/restricted-data.js";
+export interface RestrictedIngressField {
+    name: string;
+    text: string;
+}
+export interface RestrictedIngressQuarantineRequest {
+    root: string;
+    requestId: string;
+    boundary: RestrictedDataBoundary;
+    fields: RestrictedIngressField[];
+    actorId?: string;
+    tenantId?: string;
+    workspaceId?: string;
+    taskId?: string;
+    threadId?: string;
+}
+export declare function enforceRestrictedIngressQuarantine(request: RestrictedIngressQuarantineRequest): Promise<void>;

package/dist/security/restricted-content-quarantine.js

@@ -0,0 +1,50 @@
+import { ChatApiError } from "../chat-api-errors.js";
+import { appendEvent } from "../workspace.js";
+import { classifyRestrictedData, evaluateRestrictedBoundaryPolicy, } from "./restricted-data-classifier.js";
+export async function enforceRestrictedIngressQuarantine(request) {
+    const classification = classifyRestrictedFields(request.fields);
+    const decision = evaluateRestrictedBoundaryPolicy({
+        requestId: request.requestId,
+        boundary: request.boundary,
+        classification,
+    });
+    if (decision.outcome !== "block")
+        return;
+    await recordRestrictedIngressBlocked(request, decision);
+    throw new ChatApiError("policy_blocked", "request was blocked by policy", 403, request.requestId);
+}
+function classifyRestrictedFields(fields) {
+    const classifications = fields
+        .map((field) => classifyRestrictedData(field.text))
+        .filter((classification) => classification.hasRestrictedData);
+    return {
+        hasRestrictedData: classifications.length > 0,
+        findings: classifications.flatMap((classification) => classification.findings),
+        redactedText: "",
+        redactionCount: classifications.reduce((total, classification) => total + classification.redactionCount, 0),
+    };
+}
+async function recordRestrictedIngressBlocked(request, decision) {
+    await appendEvent(request.root, {
+        type: "RESTRICTED_INGRESS_BLOCKED",
+        actor: request.actorId ?? "api",
+        summary: decision.auditSummary,
+        ...(request.taskId ? { taskId: request.taskId } : {}),
+        metadata: {
+            requestId: request.requestId,
+            decisionId: decision.decisionId,
+            boundary: decision.boundary,
+            categories: decision.categories,
+            recommendations: decision.recommendations,
+            redactionCount: decision.redactionCount,
+            providerEgress: decision.providerEgress,
+            rawPersistence: decision.rawPersistence,
+            sanitizedReasons: decision.sanitizedReasons,
+            fieldNames: request.fields.map((field) => field.name),
+            ...(request.tenantId ? { tenantId: request.tenantId } : {}),
+            ...(request.workspaceId ? { workspaceId: request.workspaceId } : {}),
+            ...(request.threadId ? { threadId: request.threadId } : {}),
+        },
+    });
+}
+//# sourceMappingURL=restricted-content-quarantine.js.map

package/dist/security/restricted-content-quarantine.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"restricted-content-quarantine.js","sourceRoot":"","sources":["../../src/security/restricted-content-quarantine.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AACrD,OAAO,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAC9C,OAAO,EACL,sBAAsB,EACtB,gCAAgC,GACjC,MAAM,iCAAiC,CAAC;AAwBzC,MAAM,CAAC,KAAK,UAAU,kCAAkC,CACtD,OAA2C;IAE3C,MAAM,cAAc,GAAG,wBAAwB,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IAChE,MAAM,QAAQ,GAAG,gCAAgC,CAAC;QAChD,SAAS,EAAE,OAAO,CAAC,SAAS;QAC5B,QAAQ,EAAE,OAAO,CAAC,QAAQ;QAC1B,cAAc;KACf,CAAC,CAAC;IACH,IAAI,QAAQ,CAAC,OAAO,KAAK,OAAO;QAAE,OAAO;IACzC,MAAM,8BAA8B,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;IACxD,MAAM,IAAI,YAAY,CACpB,gBAAgB,EAChB,+BAA+B,EAC/B,GAAG,EACH,OAAO,CAAC,SAAS,CAClB,CAAC;AACJ,CAAC;AAED,SAAS,wBAAwB,CAC/B,MAAgC;IAEhC,MAAM,eAAe,GAAG,MAAM;SAC3B,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,sBAAsB,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;SAClD,MAAM,CAAC,CAAC,cAAc,EAAE,EAAE,CAAC,cAAc,CAAC,iBAAiB,CAAC,CAAC;IAChE,OAAO;QACL,iBAAiB,EAAE,eAAe,CAAC,MAAM,GAAG,CAAC;QAC7C,QAAQ,EAAE,eAAe,CAAC,OAAO,CAC/B,CAAC,cAAc,EAAE,EAAE,CAAC,cAAc,CAAC,QAAQ,CAC5C;QACD,YAAY,EAAE,EAAE;QAChB,cAAc,EAAE,eAAe,CAAC,MAAM,CACpC,CAAC,KAAK,EAAE,cAAc,EAAE,EAAE,CAAC,KAAK,GAAG,cAAc,CAAC,cAAc,EAChE,CAAC,CACF;KACF,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,8BAA8B,CAC3C,OAA2C,EAC3C,QAA0C;IAE1C,MAAM,WAAW,CAAC,OAAO,CAAC,IAAI,EAAE;QAC9B,IAAI,EAAE,4BAA4B;QAClC,KAAK,EAAE,OAAO,CAAC,OAAO,IAAI,KAAK;QAC/B,OAAO,EAAE,QAAQ,CAAC,YAAY;QAC9B,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACrD,QAAQ,EAAE;YACR,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,UAAU,EAAE,QAAQ,CAAC,UAAU;YAC/B,QAAQ,EAAE,QAAQ,CAAC,QAAQ;YAC3B,UAAU,EAAE,QAAQ,CAAC,UAAU;YAC/B,eAAe,EAAE,QAAQ,CAAC,eAAe;YACzC,cAAc,EAAE,QAAQ,CAAC,cAAc;YACvC,cAAc,EAAE,QAAQ,CAAC,cAAc;YACvC,cAAc,EAAE,QAAQ,CAAC,cAAc;YACvC,gBAAgB,EAAE,QAAQ,CAAC,gBAAgB;YAC3C,UAAU,EAAE,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC;YACrD,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,OAAO,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAC3D,GAAG,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,OAAO,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACpE,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,OAAO,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SAC5D;KACF,CAAC,CAAC;AACL,CAAC"}

package/dist/security/restricted-data-classifier.d.ts

@@ -0,0 +1,9 @@
+import type { RestrictedBoundaryPolicyDecision, RestrictedBoundaryPolicyRequest, RestrictedDataAuditEvent, RestrictedDataAuditEventType, RestrictedDataClassification } from "../types/restricted-data.js";
+export declare function classifyRestrictedData(text: string): RestrictedDataClassification;
+export declare function evaluateRestrictedBoundaryPolicy(request: RestrictedBoundaryPolicyRequest): RestrictedBoundaryPolicyDecision;
+export declare function restrictedAuditEventForClassification(input: {
+    eventType: RestrictedDataAuditEventType;
+    sourceId: string;
+    classification: RestrictedDataClassification;
+    decision?: RestrictedBoundaryPolicyDecision;
+}): RestrictedDataAuditEvent;