@kehto/firewall 0.3.0

package/README.md

@@ -0,0 +1,85 @@
+# @kehto/firewall
+
+Pure, WASM-ready behavioral firewall engine for the napplet protocol — zero dependencies, zero side effects.
+
+> **Alpha status:** Kehto is an early runtime implementation for a draft NIP-5D
+> protocol. The firewall engine API is not yet final; treat this package
+> as current implementation guidance, not as a stable protocol guarantee.
+
+## Install
+
+```bash
+pnpm add @kehto/firewall
+```
+
+## Overview
+
+`@kehto/firewall` is Kehto's behavioral abuse-detection engine. It is the temporal complement to `@kehto/acl`: where ACL asks *"is this napplet statically allowed to perform this operation?"*, the firewall asks *"is this napplet abusing an operation over time?"*.
+
+Every function is pure: config + state + observation in, decision + next state out. No I/O, no timers, no globals — the module is trivially compilable to WASM and is the single source of truth for behavioral-firewall decisions.
+
+The core `evaluate(config, state, observation)` function implements:
+
+- **Token-bucket rate limiting** per `(napplet dTag, opClass)` pair with O(1) lazy refill.
+- **Init-burst guard** — catches a napplet flooding ops immediately after initialization.
+- **Content matchers** — declarative rules matching op class, event kind, payload size, or focus state.
+- **Focus multiplier** — tightens rate budgets for unfocused napplets without hard-blocking.
+- **Rule precedence** — per-napplet policy override → op-class rule → global fallback → built-in defaults.
+
+## Quick Start
+
+```ts
+import {
+  evaluate,
+  defaultConfig,
+  createState,
+} from '@kehto/firewall';
+
+const config = defaultConfig();
+let state = createState();
+
+const obs = {
+  napplet: 'chat',
+  opClass: 'relay:write',
+  focused: true,
+  now: Date.now(),
+};
+
+const result = evaluate(config, state, obs);
+// result.decision: 'pass' | 'reject' | 'prompt'
+// result.newState: updated counter state (original unchanged)
+
+state = result.newState;
+```
+
+## Public API
+
+### Types
+- `Observation` — normalized engine input (never a raw protocol envelope)
+- `FirewallConfig` — immutable configuration container (rules + defaults)
+- `FirewallState` — immutable counter state (token buckets + burst counters)
+- `EvaluateResult` — `{ decision, action, ruleId, reason, newState }`
+- `Decision` — `'pass' | 'reject' | 'prompt'`
+- `Action` — `'flag' | 'block' | 'ignore'`
+- `NappletPolicy` — `'allow' | 'deny' | 'ask'`
+- `RateLimit`, `BurstGuard`, `ContentMatcher`, `NappletRules`
+- `Bucket`, `BurstCounter`
+
+### Constants
+- `DEFAULT_RATE_LIMIT`, `DEFAULT_BURST_GUARD`
+- `DEFAULT_EXCEED_ACTION`, `DEFAULT_BURST_ACTION`
+- `DEFAULT_UNFOCUSED_MULTIPLIER`
+
+### Core function
+- `evaluate` — pure decision function (config + state + observation → result)
+- `toKey` — derive the `napplet:opClass` bucket key
+
+### Config mutations
+- `defaultConfig` — built-in conservative config
+- `createState` — empty counter state
+- `setPolicy`, `setRateLimit`, `addMatcher` — immutable config mutations
+- `serialize`, `deserialize` — JSON round-trip for persistence
+
+## License
+
+MIT

package/dist/index.d.ts

@@ -0,0 +1,586 @@
+/**
+ * @kehto/firewall — Pure, side-effect-free type surface.
+ *
+ * All types are immutable (readonly members, Readonly<Record<>> for maps).
+ * No runtime logic lives here — defaults and constants with values live in defaults.ts.
+ * This module has zero imports: it is the leaf dependency of the package.
+ */
+/**
+ * Normalized observation — the sole input surface of the pure firewall engine.
+ *
+ * The pure core NEVER parses protocol envelopes. Phase 81 is responsible for
+ * extracting these fields from raw message envelopes before calling evaluate().
+ *
+ * @param napplet - dTag — version-agnostic identity key ("any version").
+ *                  Keyed by dTag only (not dTag:hash) so rate limits are
+ *                  shared across all versions of the same napplet.
+ * @param opClass - Operation class string, e.g. 'relay:write', 'outbox:publish',
+ *                  'intent:invoke'. Treated as an opaque key by the engine.
+ * @param kind    - Nostr event kind (5 = delete). Present for publish-style ops.
+ * @param size    - Payload byte size. Present when known (e.g. relay:write).
+ * @param initElapsedMs - Milliseconds since this napplet window initialized.
+ *                        Used by the init-burst guard (BURST-01).
+ * @param focused - Whether this napplet is the currently focused window.
+ *                  Shell-owned and forge-proof; never self-reported.
+ * @param msSinceFocusGain - Milliseconds since this napplet last gained focus.
+ *                           Used by content matchers (CONTENT-02).
+ * @param now     - Injected timestamp (Unix ms). evaluate() MUST never read a
+ *                  wall clock — this field makes the function pure and deterministic.
+ */
+interface Observation {
+    readonly napplet: string;
+    readonly opClass: string;
+    readonly kind?: number;
+    readonly size?: number;
+    readonly initElapsedMs?: number;
+    readonly focused: boolean;
+    readonly msSinceFocusGain?: number;
+    readonly now: number;
+}
+/**
+ * Action taken when a firewall rule is exceeded.
+ *
+ * - `'flag'`   — pass the operation but emit an audit event (default for rate limits).
+ * - `'block'`  — reject the operation (default for burst guard).
+ * - `'ignore'` — pass silently without any audit event.
+ */
+type Action = 'flag' | 'block' | 'ignore';
+/**
+ * Decision returned by evaluate() for the caller to act on.
+ *
+ * - `'pass'`   — caller dispatches the operation (action may be `'flag'`).
+ * - `'reject'` — caller drops the operation and returns an error.
+ * - `'prompt'` — caller rejects current message and fires an async consent prompt.
+ */
+type Decision = 'pass' | 'reject' | 'prompt';
+/**
+ * Per-napplet policy posture — hard override for a specific dTag.
+ *
+ * - `'allow'` — always pass, bypassing rate/burst/content checks.
+ * - `'deny'`  — always reject, regardless of budgets.
+ * - `'ask'`   — always prompt for user consent.
+ */
+type NappletPolicy = 'allow' | 'deny' | 'ask';
+/**
+ * Token-bucket rate limit for a single (napplet, opClass) pair.
+ *
+ * The engine computes `refillRatePerMs = capacity / windowMs` lazily on
+ * each evaluate() call — it is never stored in state.
+ *
+ * @param capacity  - Maximum tokens (operations) allowed per window.
+ * @param windowMs  - Window duration in milliseconds.
+ * @param action    - Exceed-action: what to do when the bucket is empty.
+ */
+interface RateLimit {
+    readonly capacity: number;
+    readonly windowMs: number;
+    readonly action: Action;
+}
+/**
+ * Init-burst guard — caps the number of operations fired within the
+ * initialization window (initElapsedMs below windowMs).
+ *
+ * Modeled as a first-class field on NappletRules / FirewallConfig, NOT as
+ * a ContentMatcher (research Open Question 2 — resolved in favor of first-class).
+ *
+ * @param windowMs - The initialization window in milliseconds.
+ * @param maxOps   - Maximum operations allowed inside the init window.
+ * @param action   - Exceed-action; default is `'block'` (BURST-02).
+ */
+interface BurstGuard {
+    readonly windowMs: number;
+    readonly maxOps: number;
+    readonly action: Action;
+}
+/**
+ * Declarative content matcher — matched against an Observation before rate checks.
+ *
+ * All fields except `id` and `action` are optional predicates; a matcher fires
+ * when ALL present predicates are satisfied (AND semantics).
+ *
+ * @param id                  - Stable unique identifier for this matcher rule.
+ * @param opClass             - Restrict match to a specific operation class.
+ * @param kinds               - Match if observation.kind is in this set (e.g. [5] for delete-spam).
+ * @param minSize             - Match if observation.size >= minSize.
+ * @param focused             - Match if observation.focused equals this value.
+ * @param maxMsSinceFocusGain - Match if observation.msSinceFocusGain <= maxMsSinceFocusGain.
+ * @param action              - Action to apply when this matcher fires.
+ */
+interface ContentMatcher {
+    readonly id: string;
+    readonly opClass?: string;
+    readonly kinds?: readonly number[];
+    readonly minSize?: number;
+    readonly focused?: boolean;
+    readonly maxMsSinceFocusGain?: number;
+    readonly action: Action;
+}
+/**
+ * Per-napplet firewall rules — keyed by dTag in FirewallConfig.napplets.
+ *
+ * @param policy     - Optional hard policy override for this dTag.
+ * @param rateLimits - Map from opClass string to a per-op token-bucket limit.
+ * @param globalRate - Optional fallback rate limit applied to all op-classes
+ *                     that lack a specific entry in rateLimits (RATE-03).
+ */
+interface NappletRules {
+    readonly policy?: NappletPolicy;
+    readonly rateLimits: Readonly<Record<string, RateLimit>>;
+    readonly globalRate?: RateLimit;
+}
+/**
+ * Complete firewall configuration — immutable container.
+ *
+ * All mutations (setPolicy, setRateLimit, addMatcher) return a new FirewallConfig;
+ * the original is never modified. Mirrors AclState's immutable-container shape.
+ *
+ * @param napplets            - Per-napplet rule map keyed by dTag.
+ * @param matchers            - Ordered list of content matchers (first-match wins).
+ * @param burstGuard          - Global init-burst guard applied to all napplets.
+ * @param defaultRate         - Global default token-bucket rate applied when no
+ *                              napplet-specific rule matches.
+ * @param unfocusedMultiplier - Fractional multiplier (e.g. 0.25) that tightens
+ *                              rate budgets for unfocused napplets (FOCUS-02).
+ *                              Focus alone NEVER hard-blocks; it only scales tokens.
+ */
+interface FirewallConfig {
+    readonly napplets: Readonly<Record<string, NappletRules>>;
+    readonly matchers: readonly ContentMatcher[];
+    readonly burstGuard: BurstGuard;
+    readonly defaultRate: RateLimit;
+    readonly unfocusedMultiplier: number;
+}
+/**
+ * Token-bucket counter for a single (napplet, opClass) pair.
+ *
+ * The bucket is stored in FirewallState.buckets keyed as `napplet:opClass`.
+ * The refill math is lazy: tokens are only recomputed when evaluate() is called.
+ *
+ * @param tokens     - Current available token count (may be fractional).
+ * @param lastRefill - Timestamp (Unix ms) of the last token-refill computation.
+ */
+interface Bucket {
+    readonly tokens: number;
+    readonly lastRefill: number;
+}
+/**
+ * Init-burst operation counter for a single napplet.
+ *
+ * Stored in FirewallState.bursts keyed by napplet dTag.
+ *
+ * @param count       - Number of operations observed within the current burst window.
+ * @param windowStart - Timestamp (Unix ms) when the current burst window began.
+ */
+interface BurstCounter {
+    readonly count: number;
+    readonly windowStart: number;
+}
+/**
+ * Ephemeral firewall counter state — immutable snapshot.
+ *
+ * Counter state is never persisted (Phase 81 concern). It is reset on reload.
+ * All mutations return a new FirewallState via spread; the original is never modified.
+ *
+ * Mirrors AclState's Readonly<Record<string, AclEntry>> map shape.
+ *
+ * @param buckets - Token-bucket counters keyed as `napplet:opClass`.
+ * @param bursts  - Init-burst counters keyed by napplet dTag.
+ */
+interface FirewallState {
+    readonly buckets: Readonly<Record<string, Bucket>>;
+    readonly bursts: Readonly<Record<string, BurstCounter>>;
+}
+/**
+ * Result returned by evaluate() — the complete output of one firewall check.
+ *
+ * The caller uses `decision` to determine what to do:
+ * - `'pass'`   → dispatch (action may be `'flag'` → also emit audit event).
+ * - `'reject'` → drop + return error.
+ * - `'prompt'` → reject now + fire consent prompt.
+ *
+ * @param decision  - Primary disposition for the caller.
+ * @param action    - The matched rule's exceed-action (informational for `'pass'`).
+ * @param ruleId    - Identifier of the rule that made the decision (or 'default').
+ * @param reason    - Human-readable reason string for logging/audit.
+ * @param newState  - The updated FirewallState after this observation (original unchanged).
+ */
+interface EvaluateResult {
+    readonly decision: Decision;
+    readonly action: Action;
+    readonly ruleId: string;
+    readonly reason: string;
+    readonly newState: FirewallState;
+}
+
+/**
+ * @kehto/firewall — Pure evaluate function.
+ *
+ * This module is PURE, SIDE-EFFECT-FREE, and NEVER reads a wall clock.
+ * `observation.now` is the only time source — no wall-clock reads, no I/O, no mutations.
+ *
+ * Designed for deterministic access control decisions that could be compiled to
+ * WASM without modification (the WASM-ready boundary).
+ */
+
+/**
+ * Compute the token-bucket key from napplet dTag and operation class.
+ *
+ * Key shape: `${napplet}:${opClass}` — deliberately dTag-only (version-agnostic).
+ *
+ * DIVERGENCE FROM @kehto/acl: acl uses `dTag:hash` to distinguish napplet
+ * versions. The firewall intentionally omits the hash so rate budgets are shared
+ * across ALL versions of the same napplet dTag. This is the correct behavior for
+ * a behavioral abuse control: we want to track the napplet identity over time,
+ * not its specific loaded version.
+ *
+ * @param napplet - Napplet dTag (version-agnostic identity key)
+ * @param opClass - Operation class string (e.g. 'relay:write', 'outbox:publish')
+ * @returns Composite key string `napplet:opClass`
+ *
+ * @example
+ * ```ts
+ * toKey('chat', 'relay:write')
+ * // => 'chat:relay:write'
+ * ```
+ */
+declare function toKey(napplet: string, opClass: string): string;
+/**
+ * Evaluate a single firewall observation and return the access decision.
+ *
+ * PURE: no wall-clock reads (no system time APIs), no I/O, no mutation.
+ * All time comes from `observation.now`. The original `config` and `state`
+ * are NEVER modified — every `newState` is returned via immutable spread.
+ *
+ * ## Precedence order (A1 — POLICY-03, first-match-wins, most→least specific)
+ *
+ * 1. **Per-napplet policy** (`allow` / `deny` / `ask`) — hard override for the dTag.
+ *    `allow` → pass (bypass everything); `deny` → reject (block); `ask` → prompt.
+ *    Policy returns do NOT advance any counters; newState = input state.
+ *
+ * 2. **Init-burst guard** — if `observation.initElapsedMs` is defined and less than
+ *    `config.burstGuard.windowMs`, the burst counter for this napplet is advanced.
+ *    If the count exceeds `config.burstGuard.maxOps`, the burst action fires
+ *    (default `block`). The advanced burst counter is returned in newState.
+ *
+ * 3. **Content matchers** — `config.matchers` are evaluated in order; the FIRST
+ *    matcher whose declared conditions (opClass, kinds, size, focus, msSinceFocusGain)
+ *    ALL hold fires its action. Matchers do NOT advance the token bucket.
+ *
+ * 4. **Per-napplet × op-class rate limit** (`config.napplets[napplet].rateLimits[opClass]`)
+ *    with ruleId `'rate:opclass'`.
+ *
+ * 5. **Per-napplet global rate fallback** (`config.napplets[napplet].globalRate`)
+ *    for op-classes with no specific rateLimits entry. ruleId `'rate:global'`.
+ *
+ * 6. **Global default rate** (`config.defaultRate`) — applied when no napplet-specific
+ *    rule exists. ruleId `'rate:default'`.
+ *
+ * ## Unfocused multiplier (A2 — FOCUS-02)
+ *
+ * When `observation.focused === false`, the effective bucket capacity is tightened:
+ * `effectiveCapacity = limit.capacity * config.unfocusedMultiplier`.
+ * Refill rate is derived as `effectiveCapacity / windowMs` so the drip also tightens
+ * proportionally. The bucket KEY stays stable (`napplet:opClass`, no focus suffix).
+ * Because the multiplier is always `> 0`, an unfocused napplet's budget is reduced
+ * but never zero — **focus alone NEVER hard-blocks**.
+ *
+ * @param config      - Immutable firewall configuration
+ * @param state       - Current ephemeral counter state (never mutated)
+ * @param observation - Normalized observation (the sole input surface — CORE-02)
+ * @returns Decision result with updated counter state
+ *
+ * @example
+ * ```ts
+ * import { evaluate, defaultConfig, createState } from '@kehto/firewall';
+ *
+ * const config = defaultConfig();
+ * const state = createState();
+ * const obs = {
+ *   napplet: 'chat',
+ *   opClass: 'relay:write',
+ *   focused: true,
+ *   now: injectedTimestamp,  // caller supplies time; evaluate() never reads a clock
+ * };
+ *
+ * const result = evaluate(config, state, obs);
+ * // result.decision === 'pass'
+ * // result.newState has an updated token bucket for 'chat:relay:write'
+ * ```
+ */
+declare function evaluate(config: FirewallConfig, state: FirewallState, observation: Observation): EvaluateResult;
+
+/**
+ * @kehto/firewall — Pure config mutation functions and serialization.
+ *
+ * Every mutation function takes a FirewallConfig and returns a NEW FirewallConfig.
+ * The original config is never modified. No side effects, no I/O.
+ *
+ * Mirrors the role of @kehto/acl's mutations.ts: immutable spread-return mutations
+ * (grant/revoke pattern), plain JSON.stringify serialize, and defensive deserialize
+ * with shape validation and defaultConfig() fallback (V5 input validation — T-80-01).
+ */
+
+/**
+ * Set the hard policy posture for a specific napplet (dTag).
+ *
+ * Returns a new FirewallConfig with `napplets[napplet].policy` set to `policy`.
+ * If the napplet has no existing entry, a fresh entry is created.
+ * The original config is never modified.
+ *
+ * @param config  - Current firewall config
+ * @param napplet - Napplet dTag to configure
+ * @param policy  - Policy posture ('allow' | 'deny' | 'ask')
+ * @returns New FirewallConfig with the policy set
+ *
+ * @example
+ * ```ts
+ * const cfg2 = setPolicy(cfg, 'chat', 'deny');
+ * // cfg2.napplets['chat'].policy === 'deny'
+ * // cfg is unchanged
+ * ```
+ */
+declare function setPolicy(config: FirewallConfig, napplet: string, policy: NappletPolicy): FirewallConfig;
+/**
+ * Set a per-napplet, per-opClass token-bucket rate limit.
+ *
+ * Returns a new FirewallConfig with `napplets[napplet].rateLimits[opClass]`
+ * set to `limit`. If the napplet has no existing entry, a fresh entry is created.
+ * The original config is never modified.
+ *
+ * @param config  - Current firewall config
+ * @param napplet - Napplet dTag to configure
+ * @param opClass - Operation class string (e.g. 'relay:write', 'outbox:write')
+ * @param limit   - Token-bucket rate limit to apply
+ * @returns New FirewallConfig with the rate limit set
+ *
+ * @example
+ * ```ts
+ * const cfg2 = setRateLimit(cfg, 'chat', 'relay:write', { capacity: 10, windowMs: 5000, action: 'block' });
+ * // cfg2.napplets['chat'].rateLimits['relay:write'].capacity === 10
+ * ```
+ */
+declare function setRateLimit(config: FirewallConfig, napplet: string, opClass: string, limit: RateLimit): FirewallConfig;
+/**
+ * Set a per-napplet global fallback rate limit (RATE-03).
+ *
+ * The global rate is applied to all op-classes for this napplet that lack a
+ * specific `rateLimits` entry. This provides a single budget covering all
+ * unlisted operations rather than relying solely on the config-wide `defaultRate`.
+ *
+ * Returns a new FirewallConfig with `napplets[napplet].globalRate` set.
+ * The original config is never modified.
+ *
+ * @param config  - Current firewall config
+ * @param napplet - Napplet dTag to configure
+ * @param limit   - Global fallback rate limit for this napplet
+ * @returns New FirewallConfig with the global rate set
+ *
+ * @example
+ * ```ts
+ * const cfg2 = setGlobalRate(cfg, 'chat', { capacity: 30, windowMs: 30000, action: 'flag' });
+ * // cfg2.napplets['chat'].globalRate is set; other napplets unaffected
+ * ```
+ */
+declare function setGlobalRate(config: FirewallConfig, napplet: string, limit: RateLimit): FirewallConfig;
+/**
+ * Append a content matcher to the firewall config.
+ *
+ * Matchers are evaluated in order; the first match wins (POLICY-03). Returns a
+ * new FirewallConfig with `matcher` appended to the end of `config.matchers`.
+ * The original config is never modified.
+ *
+ * @param config  - Current firewall config
+ * @param matcher - Content matcher to append
+ * @returns New FirewallConfig with the matcher appended
+ *
+ * @example
+ * ```ts
+ * const cfg2 = addMatcher(cfg, { id: 'delete-spam', opClass: 'relay:write', kinds: [5], action: 'block' });
+ * // cfg2.matchers.length === cfg.matchers.length + 1
+ * ```
+ */
+declare function addMatcher(config: FirewallConfig, matcher: ContentMatcher): FirewallConfig;
+/**
+ * Serialize a FirewallConfig to a JSON string.
+ *
+ * Pure function — no I/O. The persistence adapter in @kehto/shell (Phase 81)
+ * uses this to write config to localStorage or other backends.
+ *
+ * @param config - Firewall config to serialize
+ * @returns JSON string representation
+ *
+ * @example
+ * ```ts
+ * const json = serialize(config);
+ * localStorage.setItem('kehto:firewall', json);
+ * ```
+ */
+declare function serialize(config: FirewallConfig): string;
+/**
+ * Deserialize a FirewallConfig from a JSON string.
+ *
+ * Defensive parse: tries JSON.parse, then shape-validates every top-level and
+ * nested field (napplets map, matchers array, burstGuard, defaultRate, and
+ * unfocusedMultiplier). Rebuilds a validated config from the parsed data.
+ *
+ * On ANY failure (invalid JSON, missing fields, wrong types, invalid action
+ * values, malformed nested structures) falls through to `defaultConfig()`.
+ * This function NEVER throws.
+ *
+ * Security control for T-80-01 (Tampering — persisted config string):
+ * the config string is the only untrusted input to @kehto/firewall. Poisoned
+ * or malformed strings always produce a safe, valid default config.
+ *
+ * @param json - JSON string to parse (may be untrusted)
+ * @returns Parsed and validated FirewallConfig, or defaultConfig() on any failure
+ *
+ * @example
+ * ```ts
+ * const json = localStorage.getItem('kehto:firewall') ?? '';
+ * const config = deserialize(json);
+ * // config is always a valid FirewallConfig — never throws
+ * ```
+ */
+declare function deserialize(json: string): FirewallConfig;
+
+/**
+ * Default exceed-action for rate limits: `flag` (pass + audit).
+ *
+ * Conservative, allow-and-audit default — operations are never silently blocked
+ * on first deployment. The shell hears about violations via audit events without
+ * disrupting the napplet experience (CORE-04).
+ *
+ * @example
+ * ```ts
+ * const limit: RateLimit = { capacity: 60, windowMs: 60_000, action: DEFAULT_EXCEED_ACTION };
+ * ```
+ */
+declare const DEFAULT_EXCEED_ACTION: Action;
+/**
+ * Default action for the init-burst guard: `block`.
+ *
+ * The burst guard is the one documented exception to the conservative `flag`
+ * default. A napplet that fires more than `DEFAULT_BURST_MAX_OPS` operations
+ * within its initialization window is almost certainly misbehaving and should
+ * be stopped immediately (BURST-02).
+ *
+ * @example
+ * ```ts
+ * const guard: BurstGuard = { windowMs: DEFAULT_BURST_WINDOW_MS, maxOps: DEFAULT_BURST_MAX_OPS, action: DEFAULT_BURST_ACTION };
+ * ```
+ */
+declare const DEFAULT_BURST_ACTION: Action;
+/**
+ * Fractional capacity multiplier applied to unfocused napplets: `0.25`.
+ *
+ * Scales the effective token-bucket capacity for napplets that are not the
+ * currently focused window. Chosen at 1/4 so background napplets can still
+ * make legitimate low-rate requests while a sustained high-rate attack from a
+ * background napplet is throttled quickly.
+ *
+ * MUST remain strictly greater than 0 — focus alone must NEVER hard-block a
+ * napplet (FOCUS-02 invariant). A value of 0 would be equivalent to an
+ * unconditional deny for all unfocused napplets.
+ *
+ * @example
+ * ```ts
+ * const effectiveCapacity = limit.capacity * (obs.focused ? 1 : DEFAULT_UNFOCUSED_MULTIPLIER);
+ * ```
+ */
+declare const DEFAULT_UNFOCUSED_MULTIPLIER = 0.25;
+/**
+ * Default token-bucket capacity: 60 operations per window.
+ *
+ * 60 ops/minute is generous for typical napplet relay interactions (reading
+ * profiles, publishing notes) while providing a clear ceiling against rapid
+ * automated relay flooding. Conservative without being restrictive for
+ * well-behaved napplets (CORE-04).
+ *
+ * @example
+ * ```ts
+ * const limit: RateLimit = { capacity: DEFAULT_RATE_CAPACITY, windowMs: DEFAULT_RATE_WINDOW_MS, action: DEFAULT_EXCEED_ACTION };
+ * ```
+ */
+declare const DEFAULT_RATE_CAPACITY = 60;
+/**
+ * Default token-bucket window: 60 000 ms (1 minute).
+ *
+ * A 1-minute rolling window pairs with `DEFAULT_RATE_CAPACITY` (60 ops) to
+ * give each napplet 1 op/second sustained throughput — sufficient for relay
+ * reads, publish flows, and intent invocations under normal usage (CORE-04).
+ *
+ * @example
+ * ```ts
+ * const refillRatePerMs = DEFAULT_RATE_CAPACITY / DEFAULT_RATE_WINDOW_MS; // 0.001 ops/ms
+ * ```
+ */
+declare const DEFAULT_RATE_WINDOW_MS = 60000;
+/**
+ * Default init-burst guard window: 3 000 ms (3 seconds).
+ *
+ * The initialization window covers the first few seconds after a napplet loads.
+ * Legitimate napplets bootstrap with a small number of setup requests; a napplet
+ * that fires many ops in the first 3 seconds is exhibiting burst-attack behavior
+ * (BURST-01, BURST-02).
+ *
+ * @example
+ * ```ts
+ * const guard: BurstGuard = { windowMs: DEFAULT_BURST_WINDOW_MS, maxOps: DEFAULT_BURST_MAX_OPS, action: DEFAULT_BURST_ACTION };
+ * ```
+ */
+declare const DEFAULT_BURST_WINDOW_MS = 3000;
+/**
+ * Default init-burst guard operation cap: 20 operations.
+ *
+ * 20 ops within the first 3 seconds is more than enough for any legitimate
+ * initialization sequence (subscribe, fetch profile, query relays). Exceeding
+ * this indicates automated request flooding and triggers the `block` action
+ * (BURST-02). Value chosen to tolerate brief SDK setup bursts while stopping
+ * malicious behavior.
+ *
+ * @example
+ * ```ts
+ * const guard: BurstGuard = { windowMs: DEFAULT_BURST_WINDOW_MS, maxOps: DEFAULT_BURST_MAX_OPS, action: DEFAULT_BURST_ACTION };
+ * ```
+ */
+declare const DEFAULT_BURST_MAX_OPS = 20;
+/**
+ * Assemble the built-in default FirewallConfig.
+ *
+ * Returns a fresh config applying conservative rate/burst limits to every
+ * napplet out of the box. No per-napplet rules or content matchers are
+ * pre-configured — those are added via the mutation functions in config.ts.
+ *
+ * The exceed-action default is `flag` (CORE-04 — allow + audit). The
+ * init-burst guard default is `block` (BURST-02 — the documented exception).
+ *
+ * @returns A new FirewallConfig with conservative built-in limits
+ *
+ * @example
+ * ```ts
+ * const config = defaultConfig();
+ * // config.defaultRate.action === 'flag'
+ * // config.burstGuard.action === 'block'
+ * // config.unfocusedMultiplier === 0.25
+ * ```
+ */
+declare function defaultConfig(): FirewallConfig;
+/**
+ * Create an empty FirewallState with no token-bucket or burst counters.
+ *
+ * Returns a fresh ephemeral counter state. Counter state is never persisted
+ * (Phase 81 concern) — it is reset on reload and rebuilt as observations arrive.
+ *
+ * Mirrors the `createState()` factory pattern from @kehto/acl/mutations.ts.
+ *
+ * @returns A new FirewallState with empty buckets and bursts maps
+ *
+ * @example
+ * ```ts
+ * const state = createState();
+ * // { buckets: {}, bursts: {} }
+ * ```
+ */
+declare function createState(): FirewallState;
+
+export { type Action, type Bucket, type BurstCounter, type BurstGuard, type ContentMatcher, DEFAULT_BURST_ACTION, DEFAULT_BURST_MAX_OPS, DEFAULT_BURST_WINDOW_MS, DEFAULT_EXCEED_ACTION, DEFAULT_RATE_CAPACITY, DEFAULT_RATE_WINDOW_MS, DEFAULT_UNFOCUSED_MULTIPLIER, type Decision, type EvaluateResult, type FirewallConfig, type FirewallState, type NappletPolicy, type NappletRules, type Observation, type RateLimit, addMatcher, createState, defaultConfig, deserialize, evaluate, serialize, setGlobalRate, setPolicy, setRateLimit, toKey };

package/dist/index.js

@@ -0,0 +1,313 @@
+// src/evaluate.ts
+function toKey(napplet, opClass) {
+  return `${napplet}:${opClass}`;
+}
+function actionToDecision(action) {
+  if (action === "block") return "reject";
+  return "pass";
+}
+function evaluate(config, state, observation) {
+  const { napplet, opClass, now } = observation;
+  const nappletRules = config.napplets[napplet];
+  const policy = nappletRules?.policy;
+  if (policy === "allow") {
+    return {
+      decision: "pass",
+      action: "ignore",
+      ruleId: "policy:allow",
+      reason: `napplet ${napplet} has allow policy \u2014 bypassing all checks`,
+      newState: state
+    };
+  }
+  if (policy === "deny") {
+    return {
+      decision: "reject",
+      action: "block",
+      ruleId: "policy:deny",
+      reason: `napplet ${napplet} has deny policy \u2014 always rejected`,
+      newState: state
+    };
+  }
+  if (policy === "ask") {
+    return {
+      decision: "prompt",
+      action: "block",
+      ruleId: "policy:ask",
+      reason: `napplet ${napplet} has ask policy \u2014 prompting for consent`,
+      newState: state
+    };
+  }
+  const { initElapsedMs } = observation;
+  if (initElapsedMs !== void 0 && initElapsedMs < config.burstGuard.windowMs) {
+    const existingBurst = state.bursts[napplet];
+    const newBurst = {
+      count: (existingBurst?.count ?? 0) + 1,
+      windowStart: existingBurst?.windowStart ?? now
+    };
+    const newBursts = { ...state.bursts, [napplet]: newBurst };
+    if (newBurst.count > config.burstGuard.maxOps) {
+      const burstAction = config.burstGuard.action;
+      return {
+        decision: actionToDecision(burstAction),
+        action: burstAction,
+        ruleId: "burst",
+        reason: `napplet ${napplet} exceeded init-burst limit (${newBurst.count} > ${config.burstGuard.maxOps} ops within ${config.burstGuard.windowMs}ms)`,
+        newState: { ...state, bursts: newBursts }
+      };
+    }
+    state = { ...state, bursts: newBursts };
+  }
+  for (const matcher of config.matchers) {
+    if (matcher.opClass !== void 0 && matcher.opClass !== opClass) continue;
+    if (matcher.kinds !== void 0) {
+      if (observation.kind === void 0) continue;
+      if (!matcher.kinds.includes(observation.kind)) continue;
+    }
+    if (matcher.minSize !== void 0) {
+      if (observation.size === void 0) continue;
+      if (observation.size < matcher.minSize) continue;
+    }
+    if (matcher.focused !== void 0 && matcher.focused !== observation.focused) continue;
+    if (matcher.maxMsSinceFocusGain !== void 0) {
+      if (observation.msSinceFocusGain === void 0) continue;
+      if (observation.msSinceFocusGain > matcher.maxMsSinceFocusGain) continue;
+    }
+    const matcherAction = matcher.action;
+    return {
+      decision: actionToDecision(matcherAction),
+      action: matcherAction,
+      ruleId: `matcher:${matcher.id}`,
+      reason: `content matcher '${matcher.id}' fired`,
+      newState: state
+    };
+  }
+  let rateLimit = config.defaultRate;
+  let rateLimitRuleId = "rate:default";
+  if (nappletRules) {
+    const opClassLimit = nappletRules.rateLimits[opClass];
+    if (opClassLimit) {
+      rateLimit = opClassLimit;
+      rateLimitRuleId = "rate:opclass";
+    } else if (nappletRules.globalRate) {
+      rateLimit = nappletRules.globalRate;
+      rateLimitRuleId = "rate:global";
+    }
+  }
+  const effectiveCapacity = observation.focused ? rateLimit.capacity : rateLimit.capacity * config.unfocusedMultiplier;
+  const refillRatePerMs = effectiveCapacity / rateLimit.windowMs;
+  const bucketKey = toKey(napplet, opClass);
+  const existingBucket = state.buckets[bucketKey];
+  const lastRefill = existingBucket?.lastRefill ?? now;
+  const initialTokens = existingBucket?.tokens ?? effectiveCapacity;
+  const elapsed = Math.max(0, now - lastRefill);
+  const tokens = Math.min(effectiveCapacity, initialTokens + elapsed * refillRatePerMs);
+  if (tokens >= 1) {
+    const nextBucket = { tokens: tokens - 1, lastRefill: now };
+    return {
+      decision: "pass",
+      action: "ignore",
+      ruleId: rateLimitRuleId,
+      reason: `within budget (${rateLimitRuleId})`,
+      newState: {
+        ...state,
+        buckets: { ...state.buckets, [bucketKey]: nextBucket }
+      }
+    };
+  } else {
+    const nextBucket = { tokens, lastRefill: now };
+    const exceedAction = rateLimit.action;
+    return {
+      decision: actionToDecision(exceedAction),
+      action: exceedAction,
+      ruleId: rateLimitRuleId,
+      reason: `rate limit exceeded (${rateLimitRuleId}): ${tokens.toFixed(4)} tokens available, need 1`,
+      newState: {
+        ...state,
+        buckets: { ...state.buckets, [bucketKey]: nextBucket }
+      }
+    };
+  }
+}
+
+// src/defaults.ts
+var DEFAULT_EXCEED_ACTION = "flag";
+var DEFAULT_BURST_ACTION = "block";
+var DEFAULT_UNFOCUSED_MULTIPLIER = 0.25;
+var DEFAULT_RATE_CAPACITY = 60;
+var DEFAULT_RATE_WINDOW_MS = 6e4;
+var DEFAULT_BURST_WINDOW_MS = 3e3;
+var DEFAULT_BURST_MAX_OPS = 20;
+function defaultConfig() {
+  return {
+    napplets: {},
+    matchers: [],
+    burstGuard: {
+      windowMs: DEFAULT_BURST_WINDOW_MS,
+      maxOps: DEFAULT_BURST_MAX_OPS,
+      action: DEFAULT_BURST_ACTION
+    },
+    defaultRate: {
+      capacity: DEFAULT_RATE_CAPACITY,
+      windowMs: DEFAULT_RATE_WINDOW_MS,
+      action: DEFAULT_EXCEED_ACTION
+    },
+    unfocusedMultiplier: DEFAULT_UNFOCUSED_MULTIPLIER
+  };
+}
+function createState() {
+  return { buckets: {}, bursts: {} };
+}
+
+// src/config.ts
+function getNapplet(config, napplet) {
+  const existing = config.napplets[napplet];
+  if (existing) return existing;
+  return { rateLimits: {} };
+}
+function setPolicy(config, napplet, policy) {
+  const entry = getNapplet(config, napplet);
+  return {
+    ...config,
+    napplets: {
+      ...config.napplets,
+      [napplet]: { ...entry, policy }
+    }
+  };
+}
+function setRateLimit(config, napplet, opClass, limit) {
+  const entry = getNapplet(config, napplet);
+  return {
+    ...config,
+    napplets: {
+      ...config.napplets,
+      [napplet]: {
+        ...entry,
+        rateLimits: { ...entry.rateLimits, [opClass]: limit }
+      }
+    }
+  };
+}
+function setGlobalRate(config, napplet, limit) {
+  const entry = getNapplet(config, napplet);
+  return {
+    ...config,
+    napplets: {
+      ...config.napplets,
+      [napplet]: { ...entry, globalRate: limit }
+    }
+  };
+}
+function addMatcher(config, matcher) {
+  return { ...config, matchers: [...config.matchers, matcher] };
+}
+function serialize(config) {
+  return JSON.stringify(config);
+}
+var VALID_ACTIONS = ["flag", "block", "ignore"];
+function isValidAction(v) {
+  return VALID_ACTIONS.includes(v);
+}
+function isValidRateLimit(v) {
+  if (typeof v !== "object" || v === null) return false;
+  const r = v;
+  return typeof r["capacity"] === "number" && isFinite(r["capacity"]) && typeof r["windowMs"] === "number" && isFinite(r["windowMs"]) && isValidAction(r["action"]);
+}
+function isValidBurstGuard(v) {
+  if (typeof v !== "object" || v === null) return false;
+  const b = v;
+  return typeof b["windowMs"] === "number" && isFinite(b["windowMs"]) && typeof b["maxOps"] === "number" && isFinite(b["maxOps"]) && isValidAction(b["action"]);
+}
+function isValidContentMatcher(v) {
+  if (typeof v !== "object" || v === null) return false;
+  const m = v;
+  if (typeof m["id"] !== "string") return false;
+  if (!isValidAction(m["action"])) return false;
+  if ("opClass" in m && typeof m["opClass"] !== "string") return false;
+  if ("minSize" in m && typeof m["minSize"] !== "number") return false;
+  if ("focused" in m && typeof m["focused"] !== "boolean") return false;
+  if ("maxMsSinceFocusGain" in m && typeof m["maxMsSinceFocusGain"] !== "number") return false;
+  if ("kinds" in m) {
+    if (!Array.isArray(m["kinds"])) return false;
+    if (!m["kinds"].every((k) => typeof k === "number")) return false;
+  }
+  return true;
+}
+function isValidNappletRules(v) {
+  if (typeof v !== "object" || v === null) return false;
+  const n = v;
+  if (typeof n["rateLimits"] !== "object" || n["rateLimits"] === null) return false;
+  for (const limit of Object.values(n["rateLimits"])) {
+    if (!isValidRateLimit(limit)) return false;
+  }
+  if ("policy" in n) {
+    const p = n["policy"];
+    if (p !== "allow" && p !== "deny" && p !== "ask") return false;
+  }
+  if ("globalRate" in n && !isValidRateLimit(n["globalRate"])) return false;
+  return true;
+}
+function deserialize(json) {
+  try {
+    const parsed = JSON.parse(json);
+    if (typeof parsed !== "object" || parsed === null || typeof parsed.napplets !== "object" || parsed.napplets === null || !Array.isArray(parsed.matchers) || !isValidBurstGuard(parsed.burstGuard) || !isValidRateLimit(parsed.defaultRate) || typeof parsed.unfocusedMultiplier !== "number" || !isFinite(parsed.unfocusedMultiplier)) {
+      return defaultConfig();
+    }
+    const napplets = {};
+    for (const [key, value] of Object.entries(parsed.napplets)) {
+      if (!isValidNappletRules(value)) return defaultConfig();
+      const raw = value;
+      const rateLimits = {};
+      for (const [opClass, limit] of Object.entries(raw.rateLimits)) {
+        rateLimits[opClass] = limit;
+      }
+      const entry = { rateLimits };
+      const withPolicy = raw.policy !== void 0 ? { ...entry, policy: raw.policy } : entry;
+      const withGlobalRate = raw.globalRate !== void 0 ? { ...withPolicy, globalRate: raw.globalRate } : withPolicy;
+      napplets[key] = withGlobalRate;
+    }
+    const matchers = [];
+    for (const item of parsed.matchers) {
+      if (!isValidContentMatcher(item)) return defaultConfig();
+      matchers.push(item);
+    }
+    const bg = parsed.burstGuard;
+    const dr = parsed.defaultRate;
+    return {
+      napplets,
+      matchers,
+      burstGuard: {
+        windowMs: bg["windowMs"],
+        maxOps: bg["maxOps"],
+        action: bg["action"]
+      },
+      defaultRate: {
+        capacity: dr["capacity"],
+        windowMs: dr["windowMs"],
+        action: dr["action"]
+      },
+      unfocusedMultiplier: parsed.unfocusedMultiplier
+    };
+  } catch {
+  }
+  return defaultConfig();
+}
+export {
+  DEFAULT_BURST_ACTION,
+  DEFAULT_BURST_MAX_OPS,
+  DEFAULT_BURST_WINDOW_MS,
+  DEFAULT_EXCEED_ACTION,
+  DEFAULT_RATE_CAPACITY,
+  DEFAULT_RATE_WINDOW_MS,
+  DEFAULT_UNFOCUSED_MULTIPLIER,
+  addMatcher,
+  createState,
+  defaultConfig,
+  deserialize,
+  evaluate,
+  serialize,
+  setGlobalRate,
+  setPolicy,
+  setRateLimit,
+  toKey
+};
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/evaluate.ts","../src/defaults.ts","../src/config.ts"],"sourcesContent":["/**\n * @kehto/firewall — Pure evaluate function.\n *\n * This module is PURE, SIDE-EFFECT-FREE, and NEVER reads a wall clock.\n * `observation.now` is the only time source — no wall-clock reads, no I/O, no mutations.\n *\n * Designed for deterministic access control decisions that could be compiled to\n * WASM without modification (the WASM-ready boundary).\n */\n\nimport type {\n  Observation,\n  FirewallConfig,\n  FirewallState,\n  Bucket,\n  BurstCounter,\n  EvaluateResult,\n  Action,\n  Decision,\n} from './types.js';\n\n/**\n * Compute the token-bucket key from napplet dTag and operation class.\n *\n * Key shape: `${napplet}:${opClass}` — deliberately dTag-only (version-agnostic).\n *\n * DIVERGENCE FROM @kehto/acl: acl uses `dTag:hash` to distinguish napplet\n * versions. The firewall intentionally omits the hash so rate budgets are shared\n * across ALL versions of the same napplet dTag. This is the correct behavior for\n * a behavioral abuse control: we want to track the napplet identity over time,\n * not its specific loaded version.\n *\n * @param napplet - Napplet dTag (version-agnostic identity key)\n * @param opClass - Operation class string (e.g. 'relay:write', 'outbox:publish')\n * @returns Composite key string `napplet:opClass`\n *\n * @example\n * ```ts\n * toKey('chat', 'relay:write')\n * // => 'chat:relay:write'\n * ```\n */\nexport function toKey(napplet: string, opClass: string): string {\n  return `${napplet}:${opClass}`;\n}\n\n/**\n * Map a rule Action to the caller-facing Decision.\n *\n * - `'flag'`   → `'pass'` (caller dispatches + emits audit event)\n * - `'block'`  → `'reject'` (caller drops the operation)\n * - `'ignore'` → `'pass'` (caller dispatches silently)\n */\nfunction actionToDecision(action: Action): Decision {\n  if (action === 'block') return 'reject';\n  return 'pass'; // 'flag' and 'ignore' both pass\n}\n\n/**\n * Evaluate a single firewall observation and return the access decision.\n *\n * PURE: no wall-clock reads (no system time APIs), no I/O, no mutation.\n * All time comes from `observation.now`. The original `config` and `state`\n * are NEVER modified — every `newState` is returned via immutable spread.\n *\n * ## Precedence order (A1 — POLICY-03, first-match-wins, most→least specific)\n *\n * 1. **Per-napplet policy** (`allow` / `deny` / `ask`) — hard override for the dTag.\n *    `allow` → pass (bypass everything); `deny` → reject (block); `ask` → prompt.\n *    Policy returns do NOT advance any counters; newState = input state.\n *\n * 2. **Init-burst guard** — if `observation.initElapsedMs` is defined and less than\n *    `config.burstGuard.windowMs`, the burst counter for this napplet is advanced.\n *    If the count exceeds `config.burstGuard.maxOps`, the burst action fires\n *    (default `block`). The advanced burst counter is returned in newState.\n *\n * 3. **Content matchers** — `config.matchers` are evaluated in order; the FIRST\n *    matcher whose declared conditions (opClass, kinds, size, focus, msSinceFocusGain)\n *    ALL hold fires its action. Matchers do NOT advance the token bucket.\n *\n * 4. **Per-napplet × op-class rate limit** (`config.napplets[napplet].rateLimits[opClass]`)\n *    with ruleId `'rate:opclass'`.\n *\n * 5. **Per-napplet global rate fallback** (`config.napplets[napplet].globalRate`)\n *    for op-classes with no specific rateLimits entry. ruleId `'rate:global'`.\n *\n * 6. **Global default rate** (`config.defaultRate`) — applied when no napplet-specific\n *    rule exists. ruleId `'rate:default'`.\n *\n * ## Unfocused multiplier (A2 — FOCUS-02)\n *\n * When `observation.focused === false`, the effective bucket capacity is tightened:\n * `effectiveCapacity = limit.capacity * config.unfocusedMultiplier`.\n * Refill rate is derived as `effectiveCapacity / windowMs` so the drip also tightens\n * proportionally. The bucket KEY stays stable (`napplet:opClass`, no focus suffix).\n * Because the multiplier is always `> 0`, an unfocused napplet's budget is reduced\n * but never zero — **focus alone NEVER hard-blocks**.\n *\n * @param config      - Immutable firewall configuration\n * @param state       - Current ephemeral counter state (never mutated)\n * @param observation - Normalized observation (the sole input surface — CORE-02)\n * @returns Decision result with updated counter state\n *\n * @example\n * ```ts\n * import { evaluate, defaultConfig, createState } from '@kehto/firewall';\n *\n * const config = defaultConfig();\n * const state = createState();\n * const obs = {\n *   napplet: 'chat',\n *   opClass: 'relay:write',\n *   focused: true,\n *   now: injectedTimestamp,  // caller supplies time; evaluate() never reads a clock\n * };\n *\n * const result = evaluate(config, state, obs);\n * // result.decision === 'pass'\n * // result.newState has an updated token bucket for 'chat:relay:write'\n * ```\n */\nexport function evaluate(\n  config: FirewallConfig,\n  state: FirewallState,\n  observation: Observation,\n): EvaluateResult {\n  const { napplet, opClass, now } = observation;\n\n  const nappletRules = config.napplets[napplet];\n  const policy = nappletRules?.policy;\n\n  if (policy === 'allow') {\n    return {\n      decision: 'pass',\n      action: 'ignore',\n      ruleId: 'policy:allow',\n      reason: `napplet ${napplet} has allow policy — bypassing all checks`,\n      newState: state,\n    };\n  }\n\n  if (policy === 'deny') {\n    return {\n      decision: 'reject',\n      action: 'block',\n      ruleId: 'policy:deny',\n      reason: `napplet ${napplet} has deny policy — always rejected`,\n      newState: state,\n    };\n  }\n\n  if (policy === 'ask') {\n    return {\n      decision: 'prompt',\n      action: 'block',\n      ruleId: 'policy:ask',\n      reason: `napplet ${napplet} has ask policy — prompting for consent`,\n      newState: state,\n    };\n  }\n\n  const { initElapsedMs } = observation;\n\n  if (initElapsedMs !== undefined && initElapsedMs < config.burstGuard.windowMs) {\n    // Advance the burst counter for this napplet\n    const existingBurst: BurstCounter | undefined = state.bursts[napplet];\n    const newBurst: BurstCounter = {\n      count: (existingBurst?.count ?? 0) + 1,\n      windowStart: existingBurst?.windowStart ?? now,\n    };\n\n    const newBursts = { ...state.bursts, [napplet]: newBurst };\n\n    if (newBurst.count > config.burstGuard.maxOps) {\n      const burstAction = config.burstGuard.action;\n      return {\n        decision: actionToDecision(burstAction),\n        action: burstAction,\n        ruleId: 'burst',\n        reason: `napplet ${napplet} exceeded init-burst limit (${newBurst.count} > ${config.burstGuard.maxOps} ops within ${config.burstGuard.windowMs}ms)`,\n        newState: { ...state, bursts: newBursts },\n      };\n    }\n\n    // Burst count advanced but not exceeded — continue to next tier with updated bursts\n    // We update state to carry the burst counter forward\n    state = { ...state, bursts: newBursts };\n  }\n\n  for (const matcher of config.matchers) {\n    if (matcher.opClass !== undefined && matcher.opClass !== opClass) continue;\n\n    // Check kinds condition (observation.kind must be in the set)\n    if (matcher.kinds !== undefined) {\n      if (observation.kind === undefined) continue;\n      if (!matcher.kinds.includes(observation.kind)) continue;\n    }\n\n    if (matcher.minSize !== undefined) {\n      if (observation.size === undefined) continue;\n      if (observation.size < matcher.minSize) continue;\n    }\n\n    if (matcher.focused !== undefined && matcher.focused !== observation.focused) continue;\n\n    if (matcher.maxMsSinceFocusGain !== undefined) {\n      if (observation.msSinceFocusGain === undefined) continue;\n      if (observation.msSinceFocusGain > matcher.maxMsSinceFocusGain) continue;\n    }\n\n    // All conditions satisfied — this matcher fires\n    const matcherAction = matcher.action;\n    return {\n      decision: actionToDecision(matcherAction),\n      action: matcherAction,\n      ruleId: `matcher:${matcher.id}`,\n      reason: `content matcher '${matcher.id}' fired`,\n      newState: state,\n    };\n  }\n\n  // Resolve the applicable RateLimit (precedence: op-class > global > default)\n  let rateLimit = config.defaultRate;\n  let rateLimitRuleId = 'rate:default';\n\n  if (nappletRules) {\n    const opClassLimit = nappletRules.rateLimits[opClass];\n    if (opClassLimit) {\n      rateLimit = opClassLimit;\n      rateLimitRuleId = 'rate:opclass';\n    } else if (nappletRules.globalRate) {\n      rateLimit = nappletRules.globalRate;\n      rateLimitRuleId = 'rate:global';\n    }\n  }\n\n  // Apply focus multiplier to capacity (A2 — never zeroes the budget)\n  const effectiveCapacity = observation.focused\n    ? rateLimit.capacity\n    : rateLimit.capacity * config.unfocusedMultiplier;\n\n  // Refill rate derived from effective capacity (drip tightens proportionally with focus)\n  const refillRatePerMs = effectiveCapacity / rateLimit.windowMs;\n\n  // Lazy-init bucket: absent key means fresh napplet starting full at `now`\n  const bucketKey = toKey(napplet, opClass);\n  const existingBucket: Bucket | undefined = state.buckets[bucketKey];\n\n  // RESEARCH Pattern 2 token-bucket math:\n  // lazy `lastRefill || now` init — a fresh key starts FULL at effectiveCapacity at now\n  const lastRefill = existingBucket?.lastRefill ?? now;\n  const initialTokens = existingBucket?.tokens ?? effectiveCapacity;\n\n  // Clamp negative clock skew to 0 (T-80-03 mitigation)\n  const elapsed = Math.max(0, now - lastRefill);\n\n  // Refill tokens up to effectiveCapacity, keep fractional tokens\n  const tokens = Math.min(effectiveCapacity, initialTokens + elapsed * refillRatePerMs);\n\n  if (tokens >= 1) {\n    // Within budget — spend one token and pass\n    // ruleId encodes the resolution path so callers and tests can observe which tier resolved\n    const nextBucket: Bucket = { tokens: tokens - 1, lastRefill: now };\n    return {\n      decision: 'pass',\n      action: 'ignore',\n      ruleId: rateLimitRuleId,\n      reason: `within budget (${rateLimitRuleId})`,\n      newState: {\n        ...state,\n        buckets: { ...state.buckets, [bucketKey]: nextBucket },\n      },\n    };\n  } else {\n    // Exceeded budget — apply the rule's exceed-action; still update bucket (no token spent)\n    const nextBucket: Bucket = { tokens, lastRefill: now };\n    const exceedAction = rateLimit.action;\n    return {\n      decision: actionToDecision(exceedAction),\n      action: exceedAction,\n      ruleId: rateLimitRuleId,\n      reason: `rate limit exceeded (${rateLimitRuleId}): ${tokens.toFixed(4)} tokens available, need 1`,\n      newState: {\n        ...state,\n        buckets: { ...state.buckets, [bucketKey]: nextBucket },\n      },\n    };\n  }\n}\n","\nimport type { Action, FirewallConfig, FirewallState } from './types.js';\n\n/**\n * Default exceed-action for rate limits: `flag` (pass + audit).\n *\n * Conservative, allow-and-audit default — operations are never silently blocked\n * on first deployment. The shell hears about violations via audit events without\n * disrupting the napplet experience (CORE-04).\n *\n * @example\n * ```ts\n * const limit: RateLimit = { capacity: 60, windowMs: 60_000, action: DEFAULT_EXCEED_ACTION };\n * ```\n */\nexport const DEFAULT_EXCEED_ACTION: Action = 'flag';\n\n/**\n * Default action for the init-burst guard: `block`.\n *\n * The burst guard is the one documented exception to the conservative `flag`\n * default. A napplet that fires more than `DEFAULT_BURST_MAX_OPS` operations\n * within its initialization window is almost certainly misbehaving and should\n * be stopped immediately (BURST-02).\n *\n * @example\n * ```ts\n * const guard: BurstGuard = { windowMs: DEFAULT_BURST_WINDOW_MS, maxOps: DEFAULT_BURST_MAX_OPS, action: DEFAULT_BURST_ACTION };\n * ```\n */\nexport const DEFAULT_BURST_ACTION: Action = 'block';\n\n/**\n * Fractional capacity multiplier applied to unfocused napplets: `0.25`.\n *\n * Scales the effective token-bucket capacity for napplets that are not the\n * currently focused window. Chosen at 1/4 so background napplets can still\n * make legitimate low-rate requests while a sustained high-rate attack from a\n * background napplet is throttled quickly.\n *\n * MUST remain strictly greater than 0 — focus alone must NEVER hard-block a\n * napplet (FOCUS-02 invariant). A value of 0 would be equivalent to an\n * unconditional deny for all unfocused napplets.\n *\n * @example\n * ```ts\n * const effectiveCapacity = limit.capacity * (obs.focused ? 1 : DEFAULT_UNFOCUSED_MULTIPLIER);\n * ```\n */\nexport const DEFAULT_UNFOCUSED_MULTIPLIER = 0.25;\n\n/**\n * Default token-bucket capacity: 60 operations per window.\n *\n * 60 ops/minute is generous for typical napplet relay interactions (reading\n * profiles, publishing notes) while providing a clear ceiling against rapid\n * automated relay flooding. Conservative without being restrictive for\n * well-behaved napplets (CORE-04).\n *\n * @example\n * ```ts\n * const limit: RateLimit = { capacity: DEFAULT_RATE_CAPACITY, windowMs: DEFAULT_RATE_WINDOW_MS, action: DEFAULT_EXCEED_ACTION };\n * ```\n */\nexport const DEFAULT_RATE_CAPACITY = 60;\n\n/**\n * Default token-bucket window: 60 000 ms (1 minute).\n *\n * A 1-minute rolling window pairs with `DEFAULT_RATE_CAPACITY` (60 ops) to\n * give each napplet 1 op/second sustained throughput — sufficient for relay\n * reads, publish flows, and intent invocations under normal usage (CORE-04).\n *\n * @example\n * ```ts\n * const refillRatePerMs = DEFAULT_RATE_CAPACITY / DEFAULT_RATE_WINDOW_MS; // 0.001 ops/ms\n * ```\n */\nexport const DEFAULT_RATE_WINDOW_MS = 60_000;\n\n/**\n * Default init-burst guard window: 3 000 ms (3 seconds).\n *\n * The initialization window covers the first few seconds after a napplet loads.\n * Legitimate napplets bootstrap with a small number of setup requests; a napplet\n * that fires many ops in the first 3 seconds is exhibiting burst-attack behavior\n * (BURST-01, BURST-02).\n *\n * @example\n * ```ts\n * const guard: BurstGuard = { windowMs: DEFAULT_BURST_WINDOW_MS, maxOps: DEFAULT_BURST_MAX_OPS, action: DEFAULT_BURST_ACTION };\n * ```\n */\nexport const DEFAULT_BURST_WINDOW_MS = 3_000;\n\n/**\n * Default init-burst guard operation cap: 20 operations.\n *\n * 20 ops within the first 3 seconds is more than enough for any legitimate\n * initialization sequence (subscribe, fetch profile, query relays). Exceeding\n * this indicates automated request flooding and triggers the `block` action\n * (BURST-02). Value chosen to tolerate brief SDK setup bursts while stopping\n * malicious behavior.\n *\n * @example\n * ```ts\n * const guard: BurstGuard = { windowMs: DEFAULT_BURST_WINDOW_MS, maxOps: DEFAULT_BURST_MAX_OPS, action: DEFAULT_BURST_ACTION };\n * ```\n */\nexport const DEFAULT_BURST_MAX_OPS = 20;\n\n/**\n * Assemble the built-in default FirewallConfig.\n *\n * Returns a fresh config applying conservative rate/burst limits to every\n * napplet out of the box. No per-napplet rules or content matchers are\n * pre-configured — those are added via the mutation functions in config.ts.\n *\n * The exceed-action default is `flag` (CORE-04 — allow + audit). The\n * init-burst guard default is `block` (BURST-02 — the documented exception).\n *\n * @returns A new FirewallConfig with conservative built-in limits\n *\n * @example\n * ```ts\n * const config = defaultConfig();\n * // config.defaultRate.action === 'flag'\n * // config.burstGuard.action === 'block'\n * // config.unfocusedMultiplier === 0.25\n * ```\n */\nexport function defaultConfig(): FirewallConfig {\n  return {\n    napplets: {},\n    matchers: [],\n    burstGuard: {\n      windowMs: DEFAULT_BURST_WINDOW_MS,\n      maxOps: DEFAULT_BURST_MAX_OPS,\n      action: DEFAULT_BURST_ACTION,\n    },\n    defaultRate: {\n      capacity: DEFAULT_RATE_CAPACITY,\n      windowMs: DEFAULT_RATE_WINDOW_MS,\n      action: DEFAULT_EXCEED_ACTION,\n    },\n    unfocusedMultiplier: DEFAULT_UNFOCUSED_MULTIPLIER,\n  };\n}\n\n/**\n * Create an empty FirewallState with no token-bucket or burst counters.\n *\n * Returns a fresh ephemeral counter state. Counter state is never persisted\n * (Phase 81 concern) — it is reset on reload and rebuilt as observations arrive.\n *\n * Mirrors the `createState()` factory pattern from @kehto/acl/mutations.ts.\n *\n * @returns A new FirewallState with empty buckets and bursts maps\n *\n * @example\n * ```ts\n * const state = createState();\n * // { buckets: {}, bursts: {} }\n * ```\n */\nexport function createState(): FirewallState {\n  return { buckets: {}, bursts: {} };\n}\n","/**\n * @kehto/firewall — Pure config mutation functions and serialization.\n *\n * Every mutation function takes a FirewallConfig and returns a NEW FirewallConfig.\n * The original config is never modified. No side effects, no I/O.\n *\n * Mirrors the role of @kehto/acl's mutations.ts: immutable spread-return mutations\n * (grant/revoke pattern), plain JSON.stringify serialize, and defensive deserialize\n * with shape validation and defaultConfig() fallback (V5 input validation — T-80-01).\n */\n\nimport type {\n  FirewallConfig,\n  NappletRules,\n  RateLimit,\n  ContentMatcher,\n  NappletPolicy,\n  Action,\n} from './types.js';\nimport { defaultConfig } from './defaults.js';\n\n/**\n * Return the existing NappletRules for `napplet`, or a fresh empty entry.\n * Internal helper — not exported. Mirrors acl's `getEntry` (mutations.ts:33-42).\n */\nfunction getNapplet(config: FirewallConfig, napplet: string): NappletRules {\n  const existing = config.napplets[napplet];\n  if (existing) return existing;\n  return { rateLimits: {} };\n}\n\n/**\n * Set the hard policy posture for a specific napplet (dTag).\n *\n * Returns a new FirewallConfig with `napplets[napplet].policy` set to `policy`.\n * If the napplet has no existing entry, a fresh entry is created.\n * The original config is never modified.\n *\n * @param config  - Current firewall config\n * @param napplet - Napplet dTag to configure\n * @param policy  - Policy posture ('allow' | 'deny' | 'ask')\n * @returns New FirewallConfig with the policy set\n *\n * @example\n * ```ts\n * const cfg2 = setPolicy(cfg, 'chat', 'deny');\n * // cfg2.napplets['chat'].policy === 'deny'\n * // cfg is unchanged\n * ```\n */\nexport function setPolicy(\n  config: FirewallConfig,\n  napplet: string,\n  policy: NappletPolicy,\n): FirewallConfig {\n  const entry = getNapplet(config, napplet);\n  return {\n    ...config,\n    napplets: {\n      ...config.napplets,\n      [napplet]: { ...entry, policy },\n    },\n  };\n}\n\n/**\n * Set a per-napplet, per-opClass token-bucket rate limit.\n *\n * Returns a new FirewallConfig with `napplets[napplet].rateLimits[opClass]`\n * set to `limit`. If the napplet has no existing entry, a fresh entry is created.\n * The original config is never modified.\n *\n * @param config  - Current firewall config\n * @param napplet - Napplet dTag to configure\n * @param opClass - Operation class string (e.g. 'relay:write', 'outbox:write')\n * @param limit   - Token-bucket rate limit to apply\n * @returns New FirewallConfig with the rate limit set\n *\n * @example\n * ```ts\n * const cfg2 = setRateLimit(cfg, 'chat', 'relay:write', { capacity: 10, windowMs: 5000, action: 'block' });\n * // cfg2.napplets['chat'].rateLimits['relay:write'].capacity === 10\n * ```\n */\nexport function setRateLimit(\n  config: FirewallConfig,\n  napplet: string,\n  opClass: string,\n  limit: RateLimit,\n): FirewallConfig {\n  const entry = getNapplet(config, napplet);\n  return {\n    ...config,\n    napplets: {\n      ...config.napplets,\n      [napplet]: {\n        ...entry,\n        rateLimits: { ...entry.rateLimits, [opClass]: limit },\n      },\n    },\n  };\n}\n\n/**\n * Set a per-napplet global fallback rate limit (RATE-03).\n *\n * The global rate is applied to all op-classes for this napplet that lack a\n * specific `rateLimits` entry. This provides a single budget covering all\n * unlisted operations rather than relying solely on the config-wide `defaultRate`.\n *\n * Returns a new FirewallConfig with `napplets[napplet].globalRate` set.\n * The original config is never modified.\n *\n * @param config  - Current firewall config\n * @param napplet - Napplet dTag to configure\n * @param limit   - Global fallback rate limit for this napplet\n * @returns New FirewallConfig with the global rate set\n *\n * @example\n * ```ts\n * const cfg2 = setGlobalRate(cfg, 'chat', { capacity: 30, windowMs: 30000, action: 'flag' });\n * // cfg2.napplets['chat'].globalRate is set; other napplets unaffected\n * ```\n */\nexport function setGlobalRate(\n  config: FirewallConfig,\n  napplet: string,\n  limit: RateLimit,\n): FirewallConfig {\n  const entry = getNapplet(config, napplet);\n  return {\n    ...config,\n    napplets: {\n      ...config.napplets,\n      [napplet]: { ...entry, globalRate: limit },\n    },\n  };\n}\n\n/**\n * Append a content matcher to the firewall config.\n *\n * Matchers are evaluated in order; the first match wins (POLICY-03). Returns a\n * new FirewallConfig with `matcher` appended to the end of `config.matchers`.\n * The original config is never modified.\n *\n * @param config  - Current firewall config\n * @param matcher - Content matcher to append\n * @returns New FirewallConfig with the matcher appended\n *\n * @example\n * ```ts\n * const cfg2 = addMatcher(cfg, { id: 'delete-spam', opClass: 'relay:write', kinds: [5], action: 'block' });\n * // cfg2.matchers.length === cfg.matchers.length + 1\n * ```\n */\nexport function addMatcher(config: FirewallConfig, matcher: ContentMatcher): FirewallConfig {\n  return { ...config, matchers: [...config.matchers, matcher] };\n}\n\n/**\n * Serialize a FirewallConfig to a JSON string.\n *\n * Pure function — no I/O. The persistence adapter in @kehto/shell (Phase 81)\n * uses this to write config to localStorage or other backends.\n *\n * @param config - Firewall config to serialize\n * @returns JSON string representation\n *\n * @example\n * ```ts\n * const json = serialize(config);\n * localStorage.setItem('kehto:firewall', json);\n * ```\n */\nexport function serialize(config: FirewallConfig): string {\n  return JSON.stringify(config);\n}\n\nconst VALID_ACTIONS: Action[] = ['flag', 'block', 'ignore'];\n\nfunction isValidAction(v: unknown): v is Action {\n  return VALID_ACTIONS.includes(v as Action);\n}\n\nfunction isValidRateLimit(v: unknown): v is RateLimit {\n  if (typeof v !== 'object' || v === null) return false;\n  const r = v as Record<string, unknown>;\n  return (\n    typeof r['capacity'] === 'number' &&\n    isFinite(r['capacity'] as number) &&\n    typeof r['windowMs'] === 'number' &&\n    isFinite(r['windowMs'] as number) &&\n    isValidAction(r['action'])\n  );\n}\n\nfunction isValidBurstGuard(v: unknown): boolean {\n  if (typeof v !== 'object' || v === null) return false;\n  const b = v as Record<string, unknown>;\n  return (\n    typeof b['windowMs'] === 'number' &&\n    isFinite(b['windowMs'] as number) &&\n    typeof b['maxOps'] === 'number' &&\n    isFinite(b['maxOps'] as number) &&\n    isValidAction(b['action'])\n  );\n}\n\nfunction isValidContentMatcher(v: unknown): v is ContentMatcher {\n  if (typeof v !== 'object' || v === null) return false;\n  const m = v as Record<string, unknown>;\n  if (typeof m['id'] !== 'string') return false;\n  if (!isValidAction(m['action'])) return false;\n  // Optional fields — if present, validate types\n  if ('opClass' in m && typeof m['opClass'] !== 'string') return false;\n  if ('minSize' in m && typeof m['minSize'] !== 'number') return false;\n  if ('focused' in m && typeof m['focused'] !== 'boolean') return false;\n  if ('maxMsSinceFocusGain' in m && typeof m['maxMsSinceFocusGain'] !== 'number') return false;\n  if ('kinds' in m) {\n    if (!Array.isArray(m['kinds'])) return false;\n    if (!(m['kinds'] as unknown[]).every((k) => typeof k === 'number')) return false;\n  }\n  return true;\n}\n\nfunction isValidNappletRules(v: unknown): v is NappletRules {\n  if (typeof v !== 'object' || v === null) return false;\n  const n = v as Record<string, unknown>;\n  // rateLimits must be an object\n  if (typeof n['rateLimits'] !== 'object' || n['rateLimits'] === null) return false;\n  for (const limit of Object.values(n['rateLimits'] as Record<string, unknown>)) {\n    if (!isValidRateLimit(limit)) return false;\n  }\n  // Optional policy\n  if ('policy' in n) {\n    const p = n['policy'];\n    if (p !== 'allow' && p !== 'deny' && p !== 'ask') return false;\n  }\n  // Optional globalRate\n  if ('globalRate' in n && !isValidRateLimit(n['globalRate'])) return false;\n  return true;\n}\n\n/**\n * Deserialize a FirewallConfig from a JSON string.\n *\n * Defensive parse: tries JSON.parse, then shape-validates every top-level and\n * nested field (napplets map, matchers array, burstGuard, defaultRate, and\n * unfocusedMultiplier). Rebuilds a validated config from the parsed data.\n *\n * On ANY failure (invalid JSON, missing fields, wrong types, invalid action\n * values, malformed nested structures) falls through to `defaultConfig()`.\n * This function NEVER throws.\n *\n * Security control for T-80-01 (Tampering — persisted config string):\n * the config string is the only untrusted input to @kehto/firewall. Poisoned\n * or malformed strings always produce a safe, valid default config.\n *\n * @param json - JSON string to parse (may be untrusted)\n * @returns Parsed and validated FirewallConfig, or defaultConfig() on any failure\n *\n * @example\n * ```ts\n * const json = localStorage.getItem('kehto:firewall') ?? '';\n * const config = deserialize(json);\n * // config is always a valid FirewallConfig — never throws\n * ```\n */\nexport function deserialize(json: string): FirewallConfig {\n  try {\n    const parsed = JSON.parse(json);\n\n    // Top-level shape check\n    if (\n      typeof parsed !== 'object' ||\n      parsed === null ||\n      typeof parsed.napplets !== 'object' ||\n      parsed.napplets === null ||\n      !Array.isArray(parsed.matchers) ||\n      !isValidBurstGuard(parsed.burstGuard) ||\n      !isValidRateLimit(parsed.defaultRate) ||\n      typeof parsed.unfocusedMultiplier !== 'number' ||\n      !isFinite(parsed.unfocusedMultiplier)\n    ) {\n      return defaultConfig();\n    }\n\n    const napplets: Record<string, NappletRules> = {};\n    for (const [key, value] of Object.entries(parsed.napplets as Record<string, unknown>)) {\n      if (!isValidNappletRules(value)) return defaultConfig();\n      // The type guard above narrows `value` to NappletRules.\n      const raw = value;\n      const rateLimits: Record<string, RateLimit> = {};\n      for (const [opClass, limit] of Object.entries(raw.rateLimits)) {\n        rateLimits[opClass] = limit;\n      }\n      const entry: NappletRules = { rateLimits };\n      const withPolicy: NappletRules = raw.policy !== undefined\n        ? { ...entry, policy: raw.policy }\n        : entry;\n      const withGlobalRate: NappletRules = raw.globalRate !== undefined\n        ? { ...withPolicy, globalRate: raw.globalRate }\n        : withPolicy;\n      napplets[key] = withGlobalRate;\n    }\n\n    const matchers: ContentMatcher[] = [];\n    for (const item of parsed.matchers as unknown[]) {\n      if (!isValidContentMatcher(item)) return defaultConfig();\n      matchers.push(item as ContentMatcher);\n    }\n\n    // Rebuild burstGuard and defaultRate from validated parsed data\n    const bg = parsed.burstGuard as Record<string, unknown>;\n    const dr = parsed.defaultRate as Record<string, unknown>;\n\n    return {\n      napplets,\n      matchers,\n      burstGuard: {\n        windowMs: bg['windowMs'] as number,\n        maxOps: bg['maxOps'] as number,\n        action: bg['action'] as Action,\n      },\n      defaultRate: {\n        capacity: dr['capacity'] as number,\n        windowMs: dr['windowMs'] as number,\n        action: dr['action'] as Action,\n      },\n      unfocusedMultiplier: parsed.unfocusedMultiplier as number,\n    };\n  } catch {\n    // Invalid JSON — fall through to default\n  }\n  return defaultConfig();\n}\n"],"mappings":";AA0CO,SAAS,MAAM,SAAiB,SAAyB;AAC9D,SAAO,GAAG,OAAO,IAAI,OAAO;AAC9B;AASA,SAAS,iBAAiB,QAA0B;AAClD,MAAI,WAAW,QAAS,QAAO;AAC/B,SAAO;AACT;AAiEO,SAAS,SACd,QACA,OACA,aACgB;AAChB,QAAM,EAAE,SAAS,SAAS,IAAI,IAAI;AAElC,QAAM,eAAe,OAAO,SAAS,OAAO;AAC5C,QAAM,SAAS,cAAc;AAE7B,MAAI,WAAW,SAAS;AACtB,WAAO;AAAA,MACL,UAAU;AAAA,MACV,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR,QAAQ,WAAW,OAAO;AAAA,MAC1B,UAAU;AAAA,IACZ;AAAA,EACF;AAEA,MAAI,WAAW,QAAQ;AACrB,WAAO;AAAA,MACL,UAAU;AAAA,MACV,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR,QAAQ,WAAW,OAAO;AAAA,MAC1B,UAAU;AAAA,IACZ;AAAA,EACF;AAEA,MAAI,WAAW,OAAO;AACpB,WAAO;AAAA,MACL,UAAU;AAAA,MACV,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR,QAAQ,WAAW,OAAO;AAAA,MAC1B,UAAU;AAAA,IACZ;AAAA,EACF;AAEA,QAAM,EAAE,cAAc,IAAI;AAE1B,MAAI,kBAAkB,UAAa,gBAAgB,OAAO,WAAW,UAAU;AAE7E,UAAM,gBAA0C,MAAM,OAAO,OAAO;AACpE,UAAM,WAAyB;AAAA,MAC7B,QAAQ,eAAe,SAAS,KAAK;AAAA,MACrC,aAAa,eAAe,eAAe;AAAA,IAC7C;AAEA,UAAM,YAAY,EAAE,GAAG,MAAM,QAAQ,CAAC,OAAO,GAAG,SAAS;AAEzD,QAAI,SAAS,QAAQ,OAAO,WAAW,QAAQ;AAC7C,YAAM,cAAc,OAAO,WAAW;AACtC,aAAO;AAAA,QACL,UAAU,iBAAiB,WAAW;AAAA,QACtC,QAAQ;AAAA,QACR,QAAQ;AAAA,QACR,QAAQ,WAAW,OAAO,+BAA+B,SAAS,KAAK,MAAM,OAAO,WAAW,MAAM,eAAe,OAAO,WAAW,QAAQ;AAAA,QAC9I,UAAU,EAAE,GAAG,OAAO,QAAQ,UAAU;AAAA,MAC1C;AAAA,IACF;AAIA,YAAQ,EAAE,GAAG,OAAO,QAAQ,UAAU;AAAA,EACxC;AAEA,aAAW,WAAW,OAAO,UAAU;AACrC,QAAI,QAAQ,YAAY,UAAa,QAAQ,YAAY,QAAS;AAGlE,QAAI,QAAQ,UAAU,QAAW;AAC/B,UAAI,YAAY,SAAS,OAAW;AACpC,UAAI,CAAC,QAAQ,MAAM,SAAS,YAAY,IAAI,EAAG;AAAA,IACjD;AAEA,QAAI,QAAQ,YAAY,QAAW;AACjC,UAAI,YAAY,SAAS,OAAW;AACpC,UAAI,YAAY,OAAO,QAAQ,QAAS;AAAA,IAC1C;AAEA,QAAI,QAAQ,YAAY,UAAa,QAAQ,YAAY,YAAY,QAAS;AAE9E,QAAI,QAAQ,wBAAwB,QAAW;AAC7C,UAAI,YAAY,qBAAqB,OAAW;AAChD,UAAI,YAAY,mBAAmB,QAAQ,oBAAqB;AAAA,IAClE;AAGA,UAAM,gBAAgB,QAAQ;AAC9B,WAAO;AAAA,MACL,UAAU,iBAAiB,aAAa;AAAA,MACxC,QAAQ;AAAA,MACR,QAAQ,WAAW,QAAQ,EAAE;AAAA,MAC7B,QAAQ,oBAAoB,QAAQ,EAAE;AAAA,MACtC,UAAU;AAAA,IACZ;AAAA,EACF;AAGA,MAAI,YAAY,OAAO;AACvB,MAAI,kBAAkB;AAEtB,MAAI,cAAc;AAChB,UAAM,eAAe,aAAa,WAAW,OAAO;AACpD,QAAI,cAAc;AAChB,kBAAY;AACZ,wBAAkB;AAAA,IACpB,WAAW,aAAa,YAAY;AAClC,kBAAY,aAAa;AACzB,wBAAkB;AAAA,IACpB;AAAA,EACF;AAGA,QAAM,oBAAoB,YAAY,UAClC,UAAU,WACV,UAAU,WAAW,OAAO;AAGhC,QAAM,kBAAkB,oBAAoB,UAAU;AAGtD,QAAM,YAAY,MAAM,SAAS,OAAO;AACxC,QAAM,iBAAqC,MAAM,QAAQ,SAAS;AAIlE,QAAM,aAAa,gBAAgB,cAAc;AACjD,QAAM,gBAAgB,gBAAgB,UAAU;AAGhD,QAAM,UAAU,KAAK,IAAI,GAAG,MAAM,UAAU;AAG5C,QAAM,SAAS,KAAK,IAAI,mBAAmB,gBAAgB,UAAU,eAAe;AAEpF,MAAI,UAAU,GAAG;AAGf,UAAM,aAAqB,EAAE,QAAQ,SAAS,GAAG,YAAY,IAAI;AACjE,WAAO;AAAA,MACL,UAAU;AAAA,MACV,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR,QAAQ,kBAAkB,eAAe;AAAA,MACzC,UAAU;AAAA,QACR,GAAG;AAAA,QACH,SAAS,EAAE,GAAG,MAAM,SAAS,CAAC,SAAS,GAAG,WAAW;AAAA,MACvD;AAAA,IACF;AAAA,EACF,OAAO;AAEL,UAAM,aAAqB,EAAE,QAAQ,YAAY,IAAI;AACrD,UAAM,eAAe,UAAU;AAC/B,WAAO;AAAA,MACL,UAAU,iBAAiB,YAAY;AAAA,MACvC,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR,QAAQ,wBAAwB,eAAe,MAAM,OAAO,QAAQ,CAAC,CAAC;AAAA,MACtE,UAAU;AAAA,QACR,GAAG;AAAA,QACH,SAAS,EAAE,GAAG,MAAM,SAAS,CAAC,SAAS,GAAG,WAAW;AAAA,MACvD;AAAA,IACF;AAAA,EACF;AACF;;;ACjRO,IAAM,wBAAgC;AAetC,IAAM,uBAA+B;AAmBrC,IAAM,+BAA+B;AAerC,IAAM,wBAAwB;AAc9B,IAAM,yBAAyB;AAe/B,IAAM,0BAA0B;AAgBhC,IAAM,wBAAwB;AAsB9B,SAAS,gBAAgC;AAC9C,SAAO;AAAA,IACL,UAAU,CAAC;AAAA,IACX,UAAU,CAAC;AAAA,IACX,YAAY;AAAA,MACV,UAAU;AAAA,MACV,QAAQ;AAAA,MACR,QAAQ;AAAA,IACV;AAAA,IACA,aAAa;AAAA,MACX,UAAU;AAAA,MACV,UAAU;AAAA,MACV,QAAQ;AAAA,IACV;AAAA,IACA,qBAAqB;AAAA,EACvB;AACF;AAkBO,SAAS,cAA6B;AAC3C,SAAO,EAAE,SAAS,CAAC,GAAG,QAAQ,CAAC,EAAE;AACnC;;;AC9IA,SAAS,WAAW,QAAwB,SAA+B;AACzE,QAAM,WAAW,OAAO,SAAS,OAAO;AACxC,MAAI,SAAU,QAAO;AACrB,SAAO,EAAE,YAAY,CAAC,EAAE;AAC1B;AAqBO,SAAS,UACd,QACA,SACA,QACgB;AAChB,QAAM,QAAQ,WAAW,QAAQ,OAAO;AACxC,SAAO;AAAA,IACL,GAAG;AAAA,IACH,UAAU;AAAA,MACR,GAAG,OAAO;AAAA,MACV,CAAC,OAAO,GAAG,EAAE,GAAG,OAAO,OAAO;AAAA,IAChC;AAAA,EACF;AACF;AAqBO,SAAS,aACd,QACA,SACA,SACA,OACgB;AAChB,QAAM,QAAQ,WAAW,QAAQ,OAAO;AACxC,SAAO;AAAA,IACL,GAAG;AAAA,IACH,UAAU;AAAA,MACR,GAAG,OAAO;AAAA,MACV,CAAC,OAAO,GAAG;AAAA,QACT,GAAG;AAAA,QACH,YAAY,EAAE,GAAG,MAAM,YAAY,CAAC,OAAO,GAAG,MAAM;AAAA,MACtD;AAAA,IACF;AAAA,EACF;AACF;AAuBO,SAAS,cACd,QACA,SACA,OACgB;AAChB,QAAM,QAAQ,WAAW,QAAQ,OAAO;AACxC,SAAO;AAAA,IACL,GAAG;AAAA,IACH,UAAU;AAAA,MACR,GAAG,OAAO;AAAA,MACV,CAAC,OAAO,GAAG,EAAE,GAAG,OAAO,YAAY,MAAM;AAAA,IAC3C;AAAA,EACF;AACF;AAmBO,SAAS,WAAW,QAAwB,SAAyC;AAC1F,SAAO,EAAE,GAAG,QAAQ,UAAU,CAAC,GAAG,OAAO,UAAU,OAAO,EAAE;AAC9D;AAiBO,SAAS,UAAU,QAAgC;AACxD,SAAO,KAAK,UAAU,MAAM;AAC9B;AAEA,IAAM,gBAA0B,CAAC,QAAQ,SAAS,QAAQ;AAE1D,SAAS,cAAc,GAAyB;AAC9C,SAAO,cAAc,SAAS,CAAW;AAC3C;AAEA,SAAS,iBAAiB,GAA4B;AACpD,MAAI,OAAO,MAAM,YAAY,MAAM,KAAM,QAAO;AAChD,QAAM,IAAI;AACV,SACE,OAAO,EAAE,UAAU,MAAM,YACzB,SAAS,EAAE,UAAU,CAAW,KAChC,OAAO,EAAE,UAAU,MAAM,YACzB,SAAS,EAAE,UAAU,CAAW,KAChC,cAAc,EAAE,QAAQ,CAAC;AAE7B;AAEA,SAAS,kBAAkB,GAAqB;AAC9C,MAAI,OAAO,MAAM,YAAY,MAAM,KAAM,QAAO;AAChD,QAAM,IAAI;AACV,SACE,OAAO,EAAE,UAAU,MAAM,YACzB,SAAS,EAAE,UAAU,CAAW,KAChC,OAAO,EAAE,QAAQ,MAAM,YACvB,SAAS,EAAE,QAAQ,CAAW,KAC9B,cAAc,EAAE,QAAQ,CAAC;AAE7B;AAEA,SAAS,sBAAsB,GAAiC;AAC9D,MAAI,OAAO,MAAM,YAAY,MAAM,KAAM,QAAO;AAChD,QAAM,IAAI;AACV,MAAI,OAAO,EAAE,IAAI,MAAM,SAAU,QAAO;AACxC,MAAI,CAAC,cAAc,EAAE,QAAQ,CAAC,EAAG,QAAO;AAExC,MAAI,aAAa,KAAK,OAAO,EAAE,SAAS,MAAM,SAAU,QAAO;AAC/D,MAAI,aAAa,KAAK,OAAO,EAAE,SAAS,MAAM,SAAU,QAAO;AAC/D,MAAI,aAAa,KAAK,OAAO,EAAE,SAAS,MAAM,UAAW,QAAO;AAChE,MAAI,yBAAyB,KAAK,OAAO,EAAE,qBAAqB,MAAM,SAAU,QAAO;AACvF,MAAI,WAAW,GAAG;AAChB,QAAI,CAAC,MAAM,QAAQ,EAAE,OAAO,CAAC,EAAG,QAAO;AACvC,QAAI,CAAE,EAAE,OAAO,EAAgB,MAAM,CAAC,MAAM,OAAO,MAAM,QAAQ,EAAG,QAAO;AAAA,EAC7E;AACA,SAAO;AACT;AAEA,SAAS,oBAAoB,GAA+B;AAC1D,MAAI,OAAO,MAAM,YAAY,MAAM,KAAM,QAAO;AAChD,QAAM,IAAI;AAEV,MAAI,OAAO,EAAE,YAAY,MAAM,YAAY,EAAE,YAAY,MAAM,KAAM,QAAO;AAC5E,aAAW,SAAS,OAAO,OAAO,EAAE,YAAY,CAA4B,GAAG;AAC7E,QAAI,CAAC,iBAAiB,KAAK,EAAG,QAAO;AAAA,EACvC;AAEA,MAAI,YAAY,GAAG;AACjB,UAAM,IAAI,EAAE,QAAQ;AACpB,QAAI,MAAM,WAAW,MAAM,UAAU,MAAM,MAAO,QAAO;AAAA,EAC3D;AAEA,MAAI,gBAAgB,KAAK,CAAC,iBAAiB,EAAE,YAAY,CAAC,EAAG,QAAO;AACpE,SAAO;AACT;AA2BO,SAAS,YAAY,MAA8B;AACxD,MAAI;AACF,UAAM,SAAS,KAAK,MAAM,IAAI;AAG9B,QACE,OAAO,WAAW,YAClB,WAAW,QACX,OAAO,OAAO,aAAa,YAC3B,OAAO,aAAa,QACpB,CAAC,MAAM,QAAQ,OAAO,QAAQ,KAC9B,CAAC,kBAAkB,OAAO,UAAU,KACpC,CAAC,iBAAiB,OAAO,WAAW,KACpC,OAAO,OAAO,wBAAwB,YACtC,CAAC,SAAS,OAAO,mBAAmB,GACpC;AACA,aAAO,cAAc;AAAA,IACvB;AAEA,UAAM,WAAyC,CAAC;AAChD,eAAW,CAAC,KAAK,KAAK,KAAK,OAAO,QAAQ,OAAO,QAAmC,GAAG;AACrF,UAAI,CAAC,oBAAoB,KAAK,EAAG,QAAO,cAAc;AAEtD,YAAM,MAAM;AACZ,YAAM,aAAwC,CAAC;AAC/C,iBAAW,CAAC,SAAS,KAAK,KAAK,OAAO,QAAQ,IAAI,UAAU,GAAG;AAC7D,mBAAW,OAAO,IAAI;AAAA,MACxB;AACA,YAAM,QAAsB,EAAE,WAAW;AACzC,YAAM,aAA2B,IAAI,WAAW,SAC5C,EAAE,GAAG,OAAO,QAAQ,IAAI,OAAO,IAC/B;AACJ,YAAM,iBAA+B,IAAI,eAAe,SACpD,EAAE,GAAG,YAAY,YAAY,IAAI,WAAW,IAC5C;AACJ,eAAS,GAAG,IAAI;AAAA,IAClB;AAEA,UAAM,WAA6B,CAAC;AACpC,eAAW,QAAQ,OAAO,UAAuB;AAC/C,UAAI,CAAC,sBAAsB,IAAI,EAAG,QAAO,cAAc;AACvD,eAAS,KAAK,IAAsB;AAAA,IACtC;AAGA,UAAM,KAAK,OAAO;AAClB,UAAM,KAAK,OAAO;AAElB,WAAO;AAAA,MACL;AAAA,MACA;AAAA,MACA,YAAY;AAAA,QACV,UAAU,GAAG,UAAU;AAAA,QACvB,QAAQ,GAAG,QAAQ;AAAA,QACnB,QAAQ,GAAG,QAAQ;AAAA,MACrB;AAAA,MACA,aAAa;AAAA,QACX,UAAU,GAAG,UAAU;AAAA,QACvB,UAAU,GAAG,UAAU;AAAA,QACvB,QAAQ,GAAG,QAAQ;AAAA,MACrB;AAAA,MACA,qBAAqB,OAAO;AAAA,IAC9B;AAAA,EACF,QAAQ;AAAA,EAER;AACA,SAAO,cAAc;AACvB;","names":[]}

package/package.json

@@ -0,0 +1,49 @@
+{
+  "name": "@kehto/firewall",
+  "version": "0.3.0",
+  "description": "Pure, WASM-ready behavioral firewall engine for the napplet protocol — zero dependencies, zero side effects",
+  "type": "module",
+  "main": "./dist/index.js",
+  "module": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js"
+    }
+  },
+  "files": [
+    "dist"
+  ],
+  "sideEffects": false,
+  "publishConfig": {
+    "access": "public"
+  },
+  "dependencies": {},
+  "peerDependencies": {
+    "@napplet/core": "^0.12.0"
+  },
+  "devDependencies": {
+    "@napplet/core": "^0.12.0",
+    "tsup": "^8.5.0",
+    "typescript": "^5.9.3"
+  },
+  "scripts": {
+    "build": "tsup",
+    "type-check": "tsc --noEmit",
+    "test:unit": "vitest run --config ../../vitest.config.ts"
+  },
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/kehto/web.git",
+    "directory": "packages/firewall"
+  },
+  "keywords": [
+    "nostr",
+    "napplet",
+    "kehto",
+    "firewall",
+    "rate-limit"
+  ]
+}