@kilnai/core 0.1.0

package/dist/safety/rails.d.ts

@@ -0,0 +1,33 @@
+import type { RailConfig, TopicRailConfig, CompetitorRailConfig, EscalationRailConfig, ComplianceRailConfig } from "../engine/domain/safety-config.js";
+import type { PolicyResult, SafetyDirection } from "./types.js";
+/** Interface for a policy rail that evaluates messages */
+export interface PolicyRail {
+    evaluate(text: string, direction: SafetyDirection): PolicyResult;
+}
+/** Case-insensitive keyword match against block/escalate arrays */
+export declare class TopicRail implements PolicyRail {
+    private readonly config;
+    constructor(config: TopicRailConfig);
+    evaluate(text: string, _direction: SafetyDirection): PolicyResult;
+}
+/** Checks for competitor names in message */
+export declare class CompetitorRail implements PolicyRail {
+    private readonly config;
+    constructor(config: CompetitorRailConfig);
+    evaluate(text: string, _direction: SafetyDirection): PolicyResult;
+}
+/** Always allowed, but sets escalate flag when triggers match */
+export declare class EscalationRail implements PolicyRail {
+    private readonly config;
+    constructor(config: EscalationRailConfig);
+    evaluate(text: string, _direction: SafetyDirection): PolicyResult;
+}
+/** On output: checks required present + forbid absent. On input: always allowed */
+export declare class ComplianceRail implements PolicyRail {
+    private readonly config;
+    constructor(config: ComplianceRailConfig);
+    evaluate(text: string, direction: SafetyDirection): PolicyResult;
+}
+/** Factory: creates the appropriate rail from config */
+export declare function createRail(config: RailConfig): PolicyRail;
+//# sourceMappingURL=rails.d.ts.map

package/dist/safety/rails.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"rails.d.ts","sourceRoot":"","sources":["../../src/safety/rails.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,UAAU,EAAE,eAAe,EAAE,oBAAoB,EAAE,oBAAoB,EAAE,oBAAoB,EAAE,MAAM,mCAAmC,CAAC;AACvJ,OAAO,KAAK,EAAE,YAAY,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAEhE,0DAA0D;AAC1D,MAAM,WAAW,UAAU;IACzB,QAAQ,CAAC,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,eAAe,GAAG,YAAY,CAAC;CAClE;AAED,mEAAmE;AACnE,qBAAa,SAAU,YAAW,UAAU;IAC1C,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAkB;gBAE7B,MAAM,EAAE,eAAe;IAInC,QAAQ,CAAC,IAAI,EAAE,MAAM,EAAE,UAAU,EAAE,eAAe,GAAG,YAAY;CAgClE;AAED,6CAA6C;AAC7C,qBAAa,cAAe,YAAW,UAAU;IAC/C,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAuB;gBAElC,MAAM,EAAE,oBAAoB;IAIxC,QAAQ,CAAC,IAAI,EAAE,MAAM,EAAE,UAAU,EAAE,eAAe,GAAG,YAAY;CAgBlE;AAED,iEAAiE;AACjE,qBAAa,cAAe,YAAW,UAAU;IAC/C,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAuB;gBAElC,MAAM,EAAE,oBAAoB;IAIxC,QAAQ,CAAC,IAAI,EAAE,MAAM,EAAE,UAAU,EAAE,eAAe,GAAG,YAAY;CAgBlE;AAED,mFAAmF;AACnF,qBAAa,cAAe,YAAW,UAAU;IAC/C,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAuB;gBAElC,MAAM,EAAE,oBAAoB;IAIxC,QAAQ,CAAC,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,eAAe,GAAG,YAAY;CAqCjE;AAED,wDAAwD;AACxD,wBAAgB,UAAU,CAAC,MAAM,EAAE,UAAU,GAAG,UAAU,CAWzD"}

package/dist/safety/rails.js

@@ -0,0 +1,134 @@
+// Policy Rails: topic, competitor, escalation, compliance guardrails
+/** Case-insensitive keyword match against block/escalate arrays */
+export class TopicRail {
+    config;
+    constructor(config) {
+        this.config = config;
+    }
+    evaluate(text, _direction) {
+        const lower = text.toLowerCase();
+        // Check blocked topics
+        if (this.config.block) {
+            for (const topic of this.config.block) {
+                if (lower.includes(topic.toLowerCase())) {
+                    return {
+                        allowed: false,
+                        railType: "topic",
+                        reason: `Blocked topic detected: ${topic}`,
+                    };
+                }
+            }
+        }
+        // Check escalation topics
+        if (this.config.escalate) {
+            for (const topic of this.config.escalate) {
+                if (lower.includes(topic.toLowerCase())) {
+                    return {
+                        allowed: true,
+                        railType: "topic",
+                        reason: `Escalation topic detected: ${topic}`,
+                        escalate: true,
+                    };
+                }
+            }
+        }
+        return { allowed: true, railType: "topic" };
+    }
+}
+/** Checks for competitor names in message */
+export class CompetitorRail {
+    config;
+    constructor(config) {
+        this.config = config;
+    }
+    evaluate(text, _direction) {
+        const lower = text.toLowerCase();
+        for (const competitor of this.config.competitors) {
+            if (lower.includes(competitor.toLowerCase())) {
+                return {
+                    allowed: false,
+                    railType: "competitor",
+                    reason: `Competitor mentioned: ${competitor}`,
+                    suggestion: this.config.response,
+                };
+            }
+        }
+        return { allowed: true, railType: "competitor" };
+    }
+}
+/** Always allowed, but sets escalate flag when triggers match */
+export class EscalationRail {
+    config;
+    constructor(config) {
+        this.config = config;
+    }
+    evaluate(text, _direction) {
+        const lower = text.toLowerCase();
+        for (const trigger of this.config.triggers) {
+            if (lower.includes(trigger.toLowerCase())) {
+                return {
+                    allowed: true,
+                    railType: "escalation",
+                    reason: `Escalation trigger detected: ${trigger}`,
+                    escalate: true,
+                };
+            }
+        }
+        return { allowed: true, railType: "escalation" };
+    }
+}
+/** On output: checks required present + forbid absent. On input: always allowed */
+export class ComplianceRail {
+    config;
+    constructor(config) {
+        this.config = config;
+    }
+    evaluate(text, direction) {
+        // Compliance only applies to output
+        if (direction === "input") {
+            return { allowed: true, railType: "compliance" };
+        }
+        // Check forbidden phrases
+        if (this.config.forbid) {
+            const lower = text.toLowerCase();
+            for (const phrase of this.config.forbid) {
+                if (lower.includes(phrase.toLowerCase())) {
+                    return {
+                        allowed: false,
+                        railType: "compliance",
+                        reason: `Forbidden phrase detected: ${phrase}`,
+                    };
+                }
+            }
+        }
+        // Check required phrases
+        if (this.config.required) {
+            const lower = text.toLowerCase();
+            for (const phrase of this.config.required) {
+                if (!lower.includes(phrase.toLowerCase())) {
+                    return {
+                        allowed: false,
+                        railType: "compliance",
+                        reason: `Required phrase missing: ${phrase}`,
+                        suggestion: `Include: "${phrase}"`,
+                    };
+                }
+            }
+        }
+        return { allowed: true, railType: "compliance" };
+    }
+}
+/** Factory: creates the appropriate rail from config */
+export function createRail(config) {
+    switch (config.type) {
+        case "topic":
+            return new TopicRail(config);
+        case "competitor":
+            return new CompetitorRail(config);
+        case "escalation":
+            return new EscalationRail(config);
+        case "compliance":
+            return new ComplianceRail(config);
+    }
+}
+//# sourceMappingURL=rails.js.map

package/dist/safety/rails.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"rails.js","sourceRoot":"","sources":["../../src/safety/rails.ts"],"names":[],"mappings":"AAAA,qEAAqE;AAUrE,mEAAmE;AACnE,MAAM,OAAO,SAAS;IACH,MAAM,CAAkB;IAEzC,YAAY,MAAuB;QACjC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED,QAAQ,CAAC,IAAY,EAAE,UAA2B;QAChD,MAAM,KAAK,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;QAEjC,uBAAuB;QACvB,IAAI,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;YACtB,KAAK,MAAM,KAAK,IAAI,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;gBACtC,IAAI,KAAK,CAAC,QAAQ,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC,EAAE,CAAC;oBACxC,OAAO;wBACL,OAAO,EAAE,KAAK;wBACd,QAAQ,EAAE,OAAO;wBACjB,MAAM,EAAE,2BAA2B,KAAK,EAAE;qBAC3C,CAAC;gBACJ,CAAC;YACH,CAAC;QACH,CAAC;QAED,0BAA0B;QAC1B,IAAI,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC;YACzB,KAAK,MAAM,KAAK,IAAI,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC;gBACzC,IAAI,KAAK,CAAC,QAAQ,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC,EAAE,CAAC;oBACxC,OAAO;wBACL,OAAO,EAAE,IAAI;wBACb,QAAQ,EAAE,OAAO;wBACjB,MAAM,EAAE,8BAA8B,KAAK,EAAE;wBAC7C,QAAQ,EAAE,IAAI;qBACf,CAAC;gBACJ,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC;IAC9C,CAAC;CACF;AAED,6CAA6C;AAC7C,MAAM,OAAO,cAAc;IACR,MAAM,CAAuB;IAE9C,YAAY,MAA4B;QACtC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED,QAAQ,CAAC,IAAY,EAAE,UAA2B;QAChD,MAAM,KAAK,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;QAEjC,KAAK,MAAM,UAAU,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC;YACjD,IAAI,KAAK,CAAC,QAAQ,CAAC,UAAU,CAAC,WAAW,EAAE,CAAC,EAAE,CAAC;gBAC7C,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,QAAQ,EAAE,YAAY;oBACtB,MAAM,EAAE,yBAAyB,UAAU,EAAE;oBAC7C,UAAU,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ;iBACjC,CAAC;YACJ,CAAC;QACH,CAAC;QAED,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,YAAY,EAAE,CAAC;IACnD,CAAC;CACF;AAED,iEAAiE;AACjE,MAAM,OAAO,cAAc;IACR,MAAM,CAAuB;IAE9C,YAAY,MAA4B;QACtC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED,QAAQ,CAAC,IAAY,EAAE,UAA2B;QAChD,MAAM,KAAK,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;QAEjC,KAAK,MAAM,OAAO,IAAI,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC;YAC3C,IAAI,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,EAAE,CAAC;gBAC1C,OAAO;oBACL,OAAO,EAAE,IAAI;oBACb,QAAQ,EAAE,YAAY;oBACtB,MAAM,EAAE,gCAAgC,OAAO,EAAE;oBACjD,QAAQ,EAAE,IAAI;iBACf,CAAC;YACJ,CAAC;QACH,CAAC;QAED,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,YAAY,EAAE,CAAC;IACnD,CAAC;CACF;AAED,mFAAmF;AACnF,MAAM,OAAO,cAAc;IACR,MAAM,CAAuB;IAE9C,YAAY,MAA4B;QACtC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED,QAAQ,CAAC,IAAY,EAAE,SAA0B;QAC/C,oCAAoC;QACpC,IAAI,SAAS,KAAK,OAAO,EAAE,CAAC;YAC1B,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,YAAY,EAAE,CAAC;QACnD,CAAC;QAED,0BAA0B;QAC1B,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;YACvB,MAAM,KAAK,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;YACjC,KAAK,MAAM,MAAM,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;gBACxC,IAAI,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC,EAAE,CAAC;oBACzC,OAAO;wBACL,OAAO,EAAE,KAAK;wBACd,QAAQ,EAAE,YAAY;wBACtB,MAAM,EAAE,8BAA8B,MAAM,EAAE;qBAC/C,CAAC;gBACJ,CAAC;YACH,CAAC;QACH,CAAC;QAED,yBAAyB;QACzB,IAAI,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC;YACzB,MAAM,KAAK,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;YACjC,KAAK,MAAM,MAAM,IAAI,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC;gBAC1C,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC,EAAE,CAAC;oBAC1C,OAAO;wBACL,OAAO,EAAE,KAAK;wBACd,QAAQ,EAAE,YAAY;wBACtB,MAAM,EAAE,4BAA4B,MAAM,EAAE;wBAC5C,UAAU,EAAE,aAAa,MAAM,GAAG;qBACnC,CAAC;gBACJ,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,YAAY,EAAE,CAAC;IACnD,CAAC;CACF;AAED,wDAAwD;AACxD,MAAM,UAAU,UAAU,CAAC,MAAkB;IAC3C,QAAQ,MAAM,CAAC,IAAI,EAAE,CAAC;QACpB,KAAK,OAAO;YACV,OAAO,IAAI,SAAS,CAAC,MAAM,CAAC,CAAC;QAC/B,KAAK,YAAY;YACf,OAAO,IAAI,cAAc,CAAC,MAAM,CAAC,CAAC;QACpC,KAAK,YAAY;YACf,OAAO,IAAI,cAAc,CAAC,MAAM,CAAC,CAAC;QACpC,KAAK,YAAY;YACf,OAAO,IAAI,cAAc,CAAC,MAAM,CAAC,CAAC;IACtC,CAAC;AACH,CAAC"}

package/dist/safety/safety-pipeline.d.ts

@@ -0,0 +1,41 @@
+import type { SafetyConfig } from "../engine/domain/safety-config.js";
+import type { SafetyDirection, SafetyPipelineResult } from "./types.js";
+import type { PiiDeepScanProvider } from "./pii-scanner.js";
+import type { ContentDeepScanProvider } from "./content-classifier.js";
+export interface SafetyPipelineOptions {
+    readonly piiProvider?: PiiDeepScanProvider;
+    readonly contentProvider?: ContentDeepScanProvider;
+}
+export interface SafetyMetrics {
+    readonly scansInput: number;
+    readonly scansOutput: number;
+    readonly blocksInput: number;
+    readonly blocksOutput: number;
+    readonly piiDetections: number;
+    readonly contentBlocks: number;
+    readonly policyEvaluations: number;
+}
+export declare class SafetyPipeline {
+    private readonly config;
+    private readonly piiScanner?;
+    private readonly contentClassifier?;
+    private readonly rails;
+    private _scansInput;
+    private _scansOutput;
+    private _blocksInput;
+    private _blocksOutput;
+    private _piiDetections;
+    private _contentBlocks;
+    private _policyEvaluations;
+    constructor(config: SafetyConfig);
+    get metrics(): SafetyMetrics;
+    /**
+     * Evaluate text through the full safety pipeline.
+     * Order: PII scan -> content classification -> policy rails.
+     * Short-circuits on block: if PII blocks, content/rails don't run.
+     * Redacted text carries forward through subsequent steps.
+     */
+    evaluate(text: string, direction: SafetyDirection, options?: SafetyPipelineOptions): Promise<SafetyPipelineResult>;
+    private evaluateContentAndRails;
+}
+//# sourceMappingURL=safety-pipeline.d.ts.map

package/dist/safety/safety-pipeline.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"safety-pipeline.d.ts","sourceRoot":"","sources":["../../src/safety/safety-pipeline.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,mCAAmC,CAAC;AACtE,OAAO,KAAK,EAAE,eAAe,EAAE,oBAAoB,EAAgB,MAAM,YAAY,CAAC;AAEtF,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,kBAAkB,CAAC;AAE5D,OAAO,KAAK,EAAE,uBAAuB,EAAE,MAAM,yBAAyB,CAAC;AAIvE,MAAM,WAAW,qBAAqB;IACpC,QAAQ,CAAC,WAAW,CAAC,EAAE,mBAAmB,CAAC;IAC3C,QAAQ,CAAC,eAAe,CAAC,EAAE,uBAAuB,CAAC;CACpD;AAED,MAAM,WAAW,aAAa;IAC5B,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;IAC/B,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;IAC/B,QAAQ,CAAC,iBAAiB,EAAE,MAAM,CAAC;CACpC;AAED,qBAAa,cAAc;IACzB,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAe;IACtC,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAa;IACzC,OAAO,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAoB;IACvD,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAwB;IAE9C,OAAO,CAAC,WAAW,CAAK;IACxB,OAAO,CAAC,YAAY,CAAK;IACzB,OAAO,CAAC,YAAY,CAAK;IACzB,OAAO,CAAC,aAAa,CAAK;IAC1B,OAAO,CAAC,cAAc,CAAK;IAC3B,OAAO,CAAC,cAAc,CAAK;IAC3B,OAAO,CAAC,kBAAkB,CAAK;gBAEnB,MAAM,EAAE,YAAY;IAchC,IAAI,OAAO,IAAI,aAAa,CAU3B;IAED;;;;;OAKG;IACG,QAAQ,CACZ,IAAI,EAAE,MAAM,EACZ,SAAS,EAAE,eAAe,EAC1B,OAAO,CAAC,EAAE,qBAAqB,GAC9B,OAAO,CAAC,oBAAoB,CAAC;YA0ElB,uBAAuB;CA8CtC"}

package/dist/safety/safety-pipeline.js

@@ -0,0 +1,153 @@
+// Safety Pipeline: orchestrates PII scanning, content classification, and policy rails
+import { PiiScanner } from "./pii-scanner.js";
+import { ContentClassifier } from "./content-classifier.js";
+import { createRail } from "./rails.js";
+export class SafetyPipeline {
+    config;
+    piiScanner;
+    contentClassifier;
+    rails;
+    _scansInput = 0;
+    _scansOutput = 0;
+    _blocksInput = 0;
+    _blocksOutput = 0;
+    _piiDetections = 0;
+    _contentBlocks = 0;
+    _policyEvaluations = 0;
+    constructor(config) {
+        this.config = config;
+        if (config.pii) {
+            this.piiScanner = new PiiScanner(config.pii);
+        }
+        if (config.content?.enabled) {
+            this.contentClassifier = new ContentClassifier(config.content);
+        }
+        this.rails = (config.rails ?? []).map(createRail);
+    }
+    get metrics() {
+        return {
+            scansInput: this._scansInput,
+            scansOutput: this._scansOutput,
+            blocksInput: this._blocksInput,
+            blocksOutput: this._blocksOutput,
+            piiDetections: this._piiDetections,
+            contentBlocks: this._contentBlocks,
+            policyEvaluations: this._policyEvaluations,
+        };
+    }
+    /**
+     * Evaluate text through the full safety pipeline.
+     * Order: PII scan -> content classification -> policy rails.
+     * Short-circuits on block: if PII blocks, content/rails don't run.
+     * Redacted text carries forward through subsequent steps.
+     */
+    async evaluate(text, direction, options) {
+        if (direction === "input") {
+            this._scansInput++;
+        }
+        else {
+            this._scansOutput++;
+        }
+        let currentText = text;
+        const policyResults = [];
+        // 1. PII scan
+        if (this.piiScanner) {
+            const piiResult = await this.piiScanner.scan(currentText, options?.piiProvider);
+            if (piiResult.matches.length > 0) {
+                this._piiDetections++;
+                const action = this.config.pii.action;
+                if (action === "block") {
+                    if (direction === "input") {
+                        this._blocksInput++;
+                    }
+                    else {
+                        this._blocksOutput++;
+                    }
+                    return {
+                        allowed: false,
+                        pii: piiResult,
+                        policyResults: [],
+                        blockReason: `PII detected: ${piiResult.matches.map((m) => m.type).join(", ")}`,
+                    };
+                }
+                if (action === "redact") {
+                    currentText = this.piiScanner.redact(currentText, piiResult.matches);
+                    const result = await this.evaluateContentAndRails(currentText, direction, options, policyResults);
+                    if (!result.allowed) {
+                        if (direction === "input") {
+                            this._blocksInput++;
+                        }
+                        else {
+                            this._blocksOutput++;
+                        }
+                    }
+                    return {
+                        ...result,
+                        redactedText: currentText,
+                        pii: piiResult,
+                    };
+                }
+                // action === "detect" -- just record, continue with original text
+                const result = await this.evaluateContentAndRails(currentText, direction, options, policyResults);
+                if (!result.allowed) {
+                    if (direction === "input") {
+                        this._blocksInput++;
+                    }
+                    else {
+                        this._blocksOutput++;
+                    }
+                }
+                return { ...result, pii: piiResult };
+            }
+        }
+        // No PII found or no PII config -- continue to content + rails
+        const result = await this.evaluateContentAndRails(currentText, direction, options, policyResults);
+        if (!result.allowed) {
+            if (direction === "input") {
+                this._blocksInput++;
+            }
+            else {
+                this._blocksOutput++;
+            }
+        }
+        return result;
+    }
+    async evaluateContentAndRails(text, direction, options, policyResults) {
+        // 2. Content classification
+        let contentResult;
+        if (this.contentClassifier) {
+            contentResult = await this.contentClassifier.classify(text, options?.contentProvider);
+            const violations = this.contentClassifier.evaluateThresholds(contentResult.scores);
+            const blocked = violations.some((v) => v.action === "block");
+            if (blocked) {
+                this._contentBlocks++;
+                return {
+                    allowed: false,
+                    content: contentResult,
+                    policyResults,
+                    blockReason: `Content policy violated: ${violations.filter((v) => v.action === "block").map((v) => v.category).join(", ")}`,
+                };
+            }
+        }
+        // 3. Policy rails -- evaluate all, short-circuit on first block
+        for (const rail of this.rails) {
+            this._policyEvaluations++;
+            const result = rail.evaluate(text, direction);
+            policyResults.push(result);
+            if (!result.allowed) {
+                return {
+                    allowed: false,
+                    content: contentResult,
+                    policyResults,
+                    blockReason: result.reason ?? `Blocked by ${result.railType} rail`,
+                };
+            }
+        }
+        return {
+            allowed: true,
+            ...(contentResult ? { content: contentResult } : {}),
+            policyResults,
+        };
+    }
+}
+//# sourceMappingURL=safety-pipeline.js.map

package/dist/safety/safety-pipeline.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"safety-pipeline.js","sourceRoot":"","sources":["../../src/safety/safety-pipeline.ts"],"names":[],"mappings":"AAAA,uFAAuF;AAIvF,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAE9C,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAE5D,OAAO,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAkBxC,MAAM,OAAO,cAAc;IACR,MAAM,CAAe;IACrB,UAAU,CAAc;IACxB,iBAAiB,CAAqB;IACtC,KAAK,CAAwB;IAEtC,WAAW,GAAG,CAAC,CAAC;IAChB,YAAY,GAAG,CAAC,CAAC;IACjB,YAAY,GAAG,CAAC,CAAC;IACjB,aAAa,GAAG,CAAC,CAAC;IAClB,cAAc,GAAG,CAAC,CAAC;IACnB,cAAc,GAAG,CAAC,CAAC;IACnB,kBAAkB,GAAG,CAAC,CAAC;IAE/B,YAAY,MAAoB;QAC9B,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QAErB,IAAI,MAAM,CAAC,GAAG,EAAE,CAAC;YACf,IAAI,CAAC,UAAU,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAC/C,CAAC;QAED,IAAI,MAAM,CAAC,OAAO,EAAE,OAAO,EAAE,CAAC;YAC5B,IAAI,CAAC,iBAAiB,GAAG,IAAI,iBAAiB,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QACjE,CAAC;QAED,IAAI,CAAC,KAAK,GAAG,CAAC,MAAM,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IACpD,CAAC;IAED,IAAI,OAAO;QACT,OAAO;YACL,UAAU,EAAE,IAAI,CAAC,WAAW;YAC5B,WAAW,EAAE,IAAI,CAAC,YAAY;YAC9B,WAAW,EAAE,IAAI,CAAC,YAAY;YAC9B,YAAY,EAAE,IAAI,CAAC,aAAa;YAChC,aAAa,EAAE,IAAI,CAAC,cAAc;YAClC,aAAa,EAAE,IAAI,CAAC,cAAc;YAClC,iBAAiB,EAAE,IAAI,CAAC,kBAAkB;SAC3C,CAAC;IACJ,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,QAAQ,CACZ,IAAY,EACZ,SAA0B,EAC1B,OAA+B;QAE/B,IAAI,SAAS,KAAK,OAAO,EAAE,CAAC;YAC1B,IAAI,CAAC,WAAW,EAAE,CAAC;QACrB,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,YAAY,EAAE,CAAC;QACtB,CAAC;QAED,IAAI,WAAW,GAAG,IAAI,CAAC;QACvB,MAAM,aAAa,GAAmB,EAAE,CAAC;QAEzC,cAAc;QACd,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;YACpB,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,WAAW,EAAE,OAAO,EAAE,WAAW,CAAC,CAAC;YAEhF,IAAI,SAAS,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACjC,IAAI,CAAC,cAAc,EAAE,CAAC;gBACtB,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,GAAI,CAAC,MAAM,CAAC;gBAEvC,IAAI,MAAM,KAAK,OAAO,EAAE,CAAC;oBACvB,IAAI,SAAS,KAAK,OAAO,EAAE,CAAC;wBAC1B,IAAI,CAAC,YAAY,EAAE,CAAC;oBACtB,CAAC;yBAAM,CAAC;wBACN,IAAI,CAAC,aAAa,EAAE,CAAC;oBACvB,CAAC;oBACD,OAAO;wBACL,OAAO,EAAE,KAAK;wBACd,GAAG,EAAE,SAAS;wBACd,aAAa,EAAE,EAAE;wBACjB,WAAW,EAAE,iBAAiB,SAAS,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;qBAChF,CAAC;gBACJ,CAAC;gBAED,IAAI,MAAM,KAAK,QAAQ,EAAE,CAAC;oBACxB,WAAW,GAAG,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,WAAW,EAAE,SAAS,CAAC,OAAO,CAAC,CAAC;oBACrE,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,uBAAuB,CAAC,WAAW,EAAE,SAAS,EAAE,OAAO,EAAE,aAAa,CAAC,CAAC;oBAClG,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;wBACpB,IAAI,SAAS,KAAK,OAAO,EAAE,CAAC;4BAC1B,IAAI,CAAC,YAAY,EAAE,CAAC;wBACtB,CAAC;6BAAM,CAAC;4BACN,IAAI,CAAC,aAAa,EAAE,CAAC;wBACvB,CAAC;oBACH,CAAC;oBACD,OAAO;wBACL,GAAG,MAAM;wBACT,YAAY,EAAE,WAAW;wBACzB,GAAG,EAAE,SAAS;qBACf,CAAC;gBACJ,CAAC;gBAED,kEAAkE;gBAClE,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,uBAAuB,CAAC,WAAW,EAAE,SAAS,EAAE,OAAO,EAAE,aAAa,CAAC,CAAC;gBAClG,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;oBACpB,IAAI,SAAS,KAAK,OAAO,EAAE,CAAC;wBAC1B,IAAI,CAAC,YAAY,EAAE,CAAC;oBACtB,CAAC;yBAAM,CAAC;wBACN,IAAI,CAAC,aAAa,EAAE,CAAC;oBACvB,CAAC;gBACH,CAAC;gBACD,OAAO,EAAE,GAAG,MAAM,EAAE,GAAG,EAAE,SAAS,EAAE,CAAC;YACvC,CAAC;QACH,CAAC;QAED,+DAA+D;QAC/D,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,uBAAuB,CAAC,WAAW,EAAE,SAAS,EAAE,OAAO,EAAE,aAAa,CAAC,CAAC;QAClG,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACpB,IAAI,SAAS,KAAK,OAAO,EAAE,CAAC;gBAC1B,IAAI,CAAC,YAAY,EAAE,CAAC;YACtB,CAAC;iBAAM,CAAC;gBACN,IAAI,CAAC,aAAa,EAAE,CAAC;YACvB,CAAC;QACH,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IAEO,KAAK,CAAC,uBAAuB,CACnC,IAAY,EACZ,SAA0B,EAC1B,OAA0C,EAC1C,aAA6B;QAE7B,4BAA4B;QAC5B,IAAI,aAAa,CAAC;QAClB,IAAI,IAAI,CAAC,iBAAiB,EAAE,CAAC;YAC3B,aAAa,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,QAAQ,CAAC,IAAI,EAAE,OAAO,EAAE,eAAe,CAAC,CAAC;YACtF,MAAM,UAAU,GAAG,IAAI,CAAC,iBAAiB,CAAC,kBAAkB,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC;YAEnF,MAAM,OAAO,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,OAAO,CAAC,CAAC;YAC7D,IAAI,OAAO,EAAE,CAAC;gBACZ,IAAI,CAAC,cAAc,EAAE,CAAC;gBACtB,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,OAAO,EAAE,aAAa;oBACtB,aAAa;oBACb,WAAW,EAAE,4BAA4B,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,OAAO,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;iBAC5H,CAAC;YACJ,CAAC;QACH,CAAC;QAED,gEAAgE;QAChE,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YAC9B,IAAI,CAAC,kBAAkB,EAAE,CAAC;YAC1B,MAAM,MAAM,GAAG,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;YAC9C,aAAa,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YAE3B,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;gBACpB,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,OAAO,EAAE,aAAa;oBACtB,aAAa;oBACb,WAAW,EAAE,MAAM,CAAC,MAAM,IAAI,cAAc,MAAM,CAAC,QAAQ,OAAO;iBACnE,CAAC;YACJ,CAAC;QACH,CAAC;QAED,OAAO;YACL,OAAO,EAAE,IAAI;YACb,GAAG,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,aAAa,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACpD,aAAa;SACd,CAAC;IACJ,CAAC;CACF"}

package/dist/safety/types.d.ts

@@ -0,0 +1,38 @@
+import type { PiiType, ContentCategory, RailType } from "../engine/domain/safety-config.js";
+export interface PiiMatch {
+    readonly type: PiiType;
+    readonly value: string;
+    readonly startIndex: number;
+    readonly endIndex: number;
+}
+export interface PiiScanResult {
+    readonly matches: readonly PiiMatch[];
+    readonly tier: "heuristic" | "deep";
+    readonly scannedAt: Date;
+}
+export interface ContentScore {
+    readonly category: ContentCategory;
+    readonly confidence: number;
+}
+export interface ContentClassificationResult {
+    readonly scores: readonly ContentScore[];
+    readonly tier: "heuristic" | "deep";
+    readonly scannedAt: Date;
+}
+export interface PolicyResult {
+    readonly allowed: boolean;
+    readonly railType: RailType;
+    readonly reason?: string;
+    readonly suggestion?: string;
+    readonly escalate?: boolean;
+}
+export type SafetyDirection = "input" | "output";
+export interface SafetyPipelineResult {
+    readonly allowed: boolean;
+    readonly redactedText?: string;
+    readonly pii?: PiiScanResult;
+    readonly content?: ContentClassificationResult;
+    readonly policyResults: readonly PolicyResult[];
+    readonly blockReason?: string;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/safety/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/safety/types.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,OAAO,EAAE,eAAe,EAAE,QAAQ,EAAE,MAAM,mCAAmC,CAAC;AAE5F,MAAM,WAAW,QAAQ;IACvB,QAAQ,CAAC,IAAI,EAAE,OAAO,CAAC;IACvB,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;CAC3B;AAED,MAAM,WAAW,aAAa;IAC5B,QAAQ,CAAC,OAAO,EAAE,SAAS,QAAQ,EAAE,CAAC;IACtC,QAAQ,CAAC,IAAI,EAAE,WAAW,GAAG,MAAM,CAAC;IACpC,QAAQ,CAAC,SAAS,EAAE,IAAI,CAAC;CAC1B;AAED,MAAM,WAAW,YAAY;IAC3B,QAAQ,CAAC,QAAQ,EAAE,eAAe,CAAC;IACnC,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;CAC7B;AAED,MAAM,WAAW,2BAA2B;IAC1C,QAAQ,CAAC,MAAM,EAAE,SAAS,YAAY,EAAE,CAAC;IACzC,QAAQ,CAAC,IAAI,EAAE,WAAW,GAAG,MAAM,CAAC;IACpC,QAAQ,CAAC,SAAS,EAAE,IAAI,CAAC;CAC1B;AAED,MAAM,WAAW,YAAY;IAC3B,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC;IAC1B,QAAQ,CAAC,QAAQ,EAAE,QAAQ,CAAC;IAC5B,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,UAAU,CAAC,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,QAAQ,CAAC,EAAE,OAAO,CAAC;CAC7B;AAED,MAAM,MAAM,eAAe,GAAG,OAAO,GAAG,QAAQ,CAAC;AAEjD,MAAM,WAAW,oBAAoB;IACnC,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC;IAC1B,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,CAAC;IAC/B,QAAQ,CAAC,GAAG,CAAC,EAAE,aAAa,CAAC;IAC7B,QAAQ,CAAC,OAAO,CAAC,EAAE,2BAA2B,CAAC;IAC/C,QAAQ,CAAC,aAAa,EAAE,SAAS,YAAY,EAAE,CAAC;IAChD,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,CAAC;CAC/B"}

package/dist/safety/types.js

@@ -0,0 +1,3 @@
+// Safety runtime types: result types for PII scanning, content classification, and policy rails
+export {};
+//# sourceMappingURL=types.js.map

package/dist/safety/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/safety/types.ts"],"names":[],"mappings":"AAAA,gGAAgG"}

package/dist/sandbox/index.d.ts

@@ -0,0 +1,17 @@
+/** Filesystem access policy */
+export type FsPolicy = "read-only" | "read-write" | "none";
+/** Network access policy */
+export type NetPolicy = "none" | "package-managers" | "documentation" | "full";
+/** Sandbox configuration per agent */
+export interface SandboxConfig {
+    readonly fsPolicy: FsPolicy;
+    readonly netPolicy: NetPolicy;
+    readonly allowedPaths: readonly string[];
+    readonly deniedPaths: readonly string[];
+    readonly allowedDomains: readonly string[];
+}
+export { SandboxPolicy, createPolicy, createTenantSandbox, ROLE_PRESETS } from "./policies.js";
+export { PathValidator, isSubPath } from "./path-validator.js";
+export type { ValidationResult } from "./path-validator.js";
+export { NetworkFilter, PACKAGE_MANAGER_DOMAINS, DOCUMENTATION_DOMAINS, } from "./network-filter.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/sandbox/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/sandbox/index.ts"],"names":[],"mappings":"AAAA,+BAA+B;AAC/B,MAAM,MAAM,QAAQ,GAAG,WAAW,GAAG,YAAY,GAAG,MAAM,CAAC;AAE3D,4BAA4B;AAC5B,MAAM,MAAM,SAAS,GAAG,MAAM,GAAG,kBAAkB,GAAG,eAAe,GAAG,MAAM,CAAC;AAE/E,sCAAsC;AACtC,MAAM,WAAW,aAAa;IAC5B,QAAQ,CAAC,QAAQ,EAAE,QAAQ,CAAC;IAC5B,QAAQ,CAAC,SAAS,EAAE,SAAS,CAAC;IAC9B,QAAQ,CAAC,YAAY,EAAE,SAAS,MAAM,EAAE,CAAC;IACzC,QAAQ,CAAC,WAAW,EAAE,SAAS,MAAM,EAAE,CAAC;IACxC,QAAQ,CAAC,cAAc,EAAE,SAAS,MAAM,EAAE,CAAC;CAC5C;AAED,OAAO,EAAE,aAAa,EAAE,YAAY,EAAE,mBAAmB,EAAE,YAAY,EAAE,MAAM,eAAe,CAAC;AAC/F,OAAO,EAAE,aAAa,EAAE,SAAS,EAAE,MAAM,qBAAqB,CAAC;AAC/D,YAAY,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC;AAC5D,OAAO,EACL,aAAa,EACb,uBAAuB,EACvB,qBAAqB,GACtB,MAAM,qBAAqB,CAAC"}

package/dist/sandbox/index.js

@@ -0,0 +1,4 @@
+export { SandboxPolicy, createPolicy, createTenantSandbox, ROLE_PRESETS } from "./policies.js";
+export { PathValidator, isSubPath } from "./path-validator.js";
+export { NetworkFilter, PACKAGE_MANAGER_DOMAINS, DOCUMENTATION_DOMAINS, } from "./network-filter.js";
+//# sourceMappingURL=index.js.map

package/dist/sandbox/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/sandbox/index.ts"],"names":[],"mappings":"AAeA,OAAO,EAAE,aAAa,EAAE,YAAY,EAAE,mBAAmB,EAAE,YAAY,EAAE,MAAM,eAAe,CAAC;AAC/F,OAAO,EAAE,aAAa,EAAE,SAAS,EAAE,MAAM,qBAAqB,CAAC;AAE/D,OAAO,EACL,aAAa,EACb,uBAAuB,EACvB,qBAAqB,GACtB,MAAM,qBAAqB,CAAC"}

package/dist/sandbox/network-filter.d.ts

@@ -0,0 +1,13 @@
+import type { SandboxPolicy } from "./policies.js";
+import type { ValidationResult } from "./path-validator.js";
+export declare const PACKAGE_MANAGER_DOMAINS: readonly ["registry.npmjs.org", "pypi.org", "proxy.golang.org", "plugins.gradle.org", "repo.maven.apache.org", "crates.io"];
+export declare const DOCUMENTATION_DOMAINS: readonly ["docs.python.org", "developer.mozilla.org", "pkg.go.dev", "docs.oracle.com", "react.dev", "nodejs.org", "bun.sh"];
+export declare class NetworkFilter {
+    private readonly _policy;
+    constructor({ policy }: {
+        policy: SandboxPolicy;
+    });
+    validateUrl(url: string): ValidationResult;
+    validateDomain(domain: string): ValidationResult;
+}
+//# sourceMappingURL=network-filter.d.ts.map

package/dist/sandbox/network-filter.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"network-filter.d.ts","sourceRoot":"","sources":["../../src/sandbox/network-filter.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AACnD,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC;AAE5D,eAAO,MAAM,uBAAuB,6HAO1B,CAAC;AAEX,eAAO,MAAM,qBAAqB,6HAQxB,CAAC;AAEX,qBAAa,aAAa;IACxB,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAgB;gBAE5B,EAAE,MAAM,EAAE,EAAE;QAAE,MAAM,EAAE,aAAa,CAAA;KAAE;IAIjD,WAAW,CAAC,GAAG,EAAE,MAAM,GAAG,gBAAgB;IAa1C,cAAc,CAAC,MAAM,EAAE,MAAM,GAAG,gBAAgB;CAMjD"}

package/dist/sandbox/network-filter.js

@@ -0,0 +1,43 @@
+export const PACKAGE_MANAGER_DOMAINS = [
+    "registry.npmjs.org",
+    "pypi.org",
+    "proxy.golang.org",
+    "plugins.gradle.org",
+    "repo.maven.apache.org",
+    "crates.io",
+];
+export const DOCUMENTATION_DOMAINS = [
+    "docs.python.org",
+    "developer.mozilla.org",
+    "pkg.go.dev",
+    "docs.oracle.com",
+    "react.dev",
+    "nodejs.org",
+    "bun.sh",
+];
+export class NetworkFilter {
+    _policy;
+    constructor({ policy }) {
+        this._policy = policy;
+    }
+    validateUrl(url) {
+        let hostname;
+        try {
+            hostname = new URL(url).hostname;
+        }
+        catch {
+            return { allowed: false, reason: `Invalid URL: ${url}` };
+        }
+        if (this._policy.canAccess(hostname)) {
+            return { allowed: true };
+        }
+        return { allowed: false, reason: `Network access denied: ${hostname}` };
+    }
+    validateDomain(domain) {
+        if (this._policy.canAccess(domain)) {
+            return { allowed: true };
+        }
+        return { allowed: false, reason: `Domain access denied: ${domain}` };
+    }
+}
+//# sourceMappingURL=network-filter.js.map

package/dist/sandbox/network-filter.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"network-filter.js","sourceRoot":"","sources":["../../src/sandbox/network-filter.ts"],"names":[],"mappings":"AAGA,MAAM,CAAC,MAAM,uBAAuB,GAAG;IACrC,oBAAoB;IACpB,UAAU;IACV,kBAAkB;IAClB,oBAAoB;IACpB,uBAAuB;IACvB,WAAW;CACH,CAAC;AAEX,MAAM,CAAC,MAAM,qBAAqB,GAAG;IACnC,iBAAiB;IACjB,uBAAuB;IACvB,YAAY;IACZ,iBAAiB;IACjB,WAAW;IACX,YAAY;IACZ,QAAQ;CACA,CAAC;AAEX,MAAM,OAAO,aAAa;IACP,OAAO,CAAgB;IAExC,YAAY,EAAE,MAAM,EAA6B;QAC/C,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC;IACxB,CAAC;IAED,WAAW,CAAC,GAAW;QACrB,IAAI,QAAgB,CAAC;QACrB,IAAI,CAAC;YACH,QAAQ,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC;QACnC,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,gBAAgB,GAAG,EAAE,EAAE,CAAC;QAC3D,CAAC;QACD,IAAI,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,QAAQ,CAAC,EAAE,CAAC;YACrC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;QAC3B,CAAC;QACD,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,0BAA0B,QAAQ,EAAE,EAAE,CAAC;IAC1E,CAAC;IAED,cAAc,CAAC,MAAc;QAC3B,IAAI,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,MAAM,CAAC,EAAE,CAAC;YACnC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;QAC3B,CAAC;QACD,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,yBAAyB,MAAM,EAAE,EAAE,CAAC;IACvE,CAAC;CACF"}

package/dist/sandbox/path-validator.d.ts

@@ -0,0 +1,16 @@
+import type { SandboxPolicy } from "./policies.js";
+export interface ValidationResult {
+    allowed: boolean;
+    reason?: string;
+}
+export declare function isSubPath(child: string, parent: string): boolean;
+export declare class PathValidator {
+    private readonly _policy;
+    constructor({ policy }: {
+        policy: SandboxPolicy;
+    });
+    validateRead(filePath: string): ValidationResult;
+    validateWrite(filePath: string): ValidationResult;
+    validateExecute(command: string, _cwd: string): ValidationResult;
+}
+//# sourceMappingURL=path-validator.d.ts.map

package/dist/sandbox/path-validator.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"path-validator.d.ts","sourceRoot":"","sources":["../../src/sandbox/path-validator.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAEnD,MAAM,WAAW,gBAAgB;IAC/B,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAYD,wBAAgB,SAAS,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAQhE;AAED,qBAAa,aAAa;IACxB,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAgB;gBAE5B,EAAE,MAAM,EAAE,EAAE;QAAE,MAAM,EAAE,aAAa,CAAA;KAAE;IAIjD,YAAY,CAAC,QAAQ,EAAE,MAAM,GAAG,gBAAgB;IAOhD,aAAa,CAAC,QAAQ,EAAE,MAAM,GAAG,gBAAgB;IAOjD,eAAe,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,gBAAgB;CAWjE"}

package/dist/sandbox/path-validator.js

@@ -0,0 +1,47 @@
+import { resolve } from "node:path";
+const DANGEROUS_PATTERNS = [
+    /\brm\s+-rf\s+[\/\\]/,
+    /\bchmod\b/,
+    /\bchown\b/,
+    /\bsudo\b/,
+    /\bmkfs\b/,
+    /\bdd\s+if=/,
+    /\bformat\s+[a-z]:/i,
+];
+export function isSubPath(child, parent) {
+    const resolvedChild = resolve(child);
+    const resolvedParent = resolve(parent);
+    return (resolvedChild.startsWith(resolvedParent + "/") ||
+        resolvedChild.startsWith(resolvedParent + "\\") ||
+        resolvedChild === resolvedParent);
+}
+export class PathValidator {
+    _policy;
+    constructor({ policy }) {
+        this._policy = policy;
+    }
+    validateRead(filePath) {
+        if (this._policy.canRead(filePath)) {
+            return { allowed: true };
+        }
+        return { allowed: false, reason: `Read access denied: ${filePath}` };
+    }
+    validateWrite(filePath) {
+        if (this._policy.canWrite(filePath)) {
+            return { allowed: true };
+        }
+        return { allowed: false, reason: `Write access denied: ${filePath}` };
+    }
+    validateExecute(command, _cwd) {
+        for (const pattern of DANGEROUS_PATTERNS) {
+            if (pattern.test(command)) {
+                return {
+                    allowed: false,
+                    reason: `Dangerous command blocked: ${command}`,
+                };
+            }
+        }
+        return { allowed: true };
+    }
+}
+//# sourceMappingURL=path-validator.js.map

package/dist/sandbox/path-validator.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"path-validator.js","sourceRoot":"","sources":["../../src/sandbox/path-validator.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAQpC,MAAM,kBAAkB,GAAG;IACzB,qBAAqB;IACrB,WAAW;IACX,WAAW;IACX,UAAU;IACV,UAAU;IACV,YAAY;IACZ,oBAAoB;CACZ,CAAC;AAEX,MAAM,UAAU,SAAS,CAAC,KAAa,EAAE,MAAc;IACrD,MAAM,aAAa,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC;IACrC,MAAM,cAAc,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IACvC,OAAO,CACL,aAAa,CAAC,UAAU,CAAC,cAAc,GAAG,GAAG,CAAC;QAC9C,aAAa,CAAC,UAAU,CAAC,cAAc,GAAG,IAAI,CAAC;QAC/C,aAAa,KAAK,cAAc,CACjC,CAAC;AACJ,CAAC;AAED,MAAM,OAAO,aAAa;IACP,OAAO,CAAgB;IAExC,YAAY,EAAE,MAAM,EAA6B;QAC/C,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC;IACxB,CAAC;IAED,YAAY,CAAC,QAAgB;QAC3B,IAAI,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;YACnC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;QAC3B,CAAC;QACD,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,uBAAuB,QAAQ,EAAE,EAAE,CAAC;IACvE,CAAC;IAED,aAAa,CAAC,QAAgB;QAC5B,IAAI,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;YACpC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;QAC3B,CAAC;QACD,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,wBAAwB,QAAQ,EAAE,EAAE,CAAC;IACxE,CAAC;IAED,eAAe,CAAC,OAAe,EAAE,IAAY;QAC3C,KAAK,MAAM,OAAO,IAAI,kBAAkB,EAAE,CAAC;YACzC,IAAI,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC1B,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,MAAM,EAAE,8BAA8B,OAAO,EAAE;iBAChD,CAAC;YACJ,CAAC;QACH,CAAC;QACD,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IAC3B,CAAC;CACF"}