@kilnai/core 0.1.16 → 0.9.1

package/dist/safety/tool-result-sanitizer.js

@@ -0,0 +1,62 @@
+// ToolResultSanitizer: wraps SafetyPipeline to sanitize tool execution results
+// Includes optional indirect prompt injection scanning on tool results
+export class ToolResultSanitizer {
+    pipeline;
+    promptScanner;
+    eventBus;
+    constructor(config) {
+        this.pipeline = config.pipeline;
+        this.promptScanner = config.promptScanner;
+        this.eventBus = config.eventBus;
+    }
+    async sanitize(result) {
+        try {
+            const evaluation = await this.pipeline.evaluate(result, "output");
+            if (!evaluation.allowed) {
+                return {
+                    content: evaluation.blockReason ?? "Tool result blocked by safety pipeline",
+                    sanitized: true,
+                    blocked: true,
+                };
+            }
+            if (evaluation.redactedText) {
+                return {
+                    content: evaluation.redactedText,
+                    sanitized: true,
+                    blocked: false,
+                };
+            }
+            // Prompt injection scan on tool results (indirect injection defense)
+            if (this.promptScanner) {
+                try {
+                    const scanResult = this.promptScanner.scanHeuristic(result);
+                    if (!scanResult.safe) {
+                        const alertEvent = {
+                            type: "security_alert",
+                            severity: "high",
+                            category: "indirect_injection",
+                            message: `Tool result contains injection patterns: ${scanResult.threats.map((t) => t.pattern).join(", ")}`,
+                            timestamp: new Date(),
+                            sessionId: "sanitizer",
+                        };
+                        this.eventBus?.emit(alertEvent);
+                        return {
+                            content: "[Tool result blocked: potential prompt injection detected]",
+                            sanitized: true,
+                            blocked: true,
+                        };
+                    }
+                }
+                catch {
+                    // Fail-open: if scanner throws, proceed with original result
+                }
+            }
+            return { content: result, sanitized: false, blocked: false };
+        }
+        catch {
+            // Fail-open: if pipeline throws, return original result
+            return { content: result, sanitized: false, blocked: false };
+        }
+    }
+}
+//# sourceMappingURL=tool-result-sanitizer.js.map

package/dist/safety/tool-result-sanitizer.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"tool-result-sanitizer.js","sourceRoot":"","sources":["../../src/safety/tool-result-sanitizer.ts"],"names":[],"mappings":"AAAA,+EAA+E;AAC/E,uEAAuE;AAmBvE,MAAM,OAAO,mBAAmB;IACb,QAAQ,CAAiB;IACzB,aAAa,CAAiB;IAC9B,QAAQ,CAAY;IAErC,YAAY,MAAiC;QAC3C,IAAI,CAAC,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC;QAChC,IAAI,CAAC,aAAa,GAAG,MAAM,CAAC,aAAa,CAAC;QAC1C,IAAI,CAAC,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC;IAClC,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,MAAc;QAC3B,IAAI,CAAC;YACH,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;YAElE,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC;gBACxB,OAAO;oBACL,OAAO,EAAE,UAAU,CAAC,WAAW,IAAI,wCAAwC;oBAC3E,SAAS,EAAE,IAAI;oBACf,OAAO,EAAE,IAAI;iBACd,CAAC;YACJ,CAAC;YAED,IAAI,UAAU,CAAC,YAAY,EAAE,CAAC;gBAC5B,OAAO;oBACL,OAAO,EAAE,UAAU,CAAC,YAAY;oBAChC,SAAS,EAAE,IAAI;oBACf,OAAO,EAAE,KAAK;iBACf,CAAC;YACJ,CAAC;YAED,qEAAqE;YACrE,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;gBACvB,IAAI,CAAC;oBACH,MAAM,UAAU,GAAG,IAAI,CAAC,aAAa,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC;oBAC5D,IAAI,CAAC,UAAU,CAAC,IAAI,EAAE,CAAC;wBACrB,MAAM,UAAU,GAAuB;4BACrC,IAAI,EAAE,gBAAgB;4BACtB,QAAQ,EAAE,MAAM;4BAChB,QAAQ,EAAE,oBAAoB;4BAC9B,OAAO,EAAE,4CAA4C,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;4BAC1G,SAAS,EAAE,IAAI,IAAI,EAAE;4BACrB,SAAS,EAAE,WAAW;yBACvB,CAAC;wBACF,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC;wBAChC,OAAO;4BACL,OAAO,EAAE,4DAA4D;4BACrE,SAAS,EAAE,IAAI;4BACf,OAAO,EAAE,IAAI;yBACd,CAAC;oBACJ,CAAC;gBACH,CAAC;gBAAC,MAAM,CAAC;oBACP,6DAA6D;gBAC/D,CAAC;YACH,CAAC;YAED,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;QAC/D,CAAC;QAAC,MAAM,CAAC;YACP,wDAAwD;YACxD,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;QAC/D,CAAC;IACH,CAAC;CACF"}

package/dist/security/annotation-authorizer.d.ts

@@ -0,0 +1,13 @@
+import type { CapabilityAnnotations } from "../engine/domain/capability.js";
+import type { ToolAuthorizer, ToolAuthorizationResult, AuthorizationLevel } from "../engine/domain/tool-execution.js";
+export interface AuthorizationPolicy {
+    readonly defaultLevel?: AuthorizationLevel;
+    readonly requireApprovalForUnknown?: boolean;
+}
+export declare class AnnotationAuthorizer implements ToolAuthorizer {
+    private readonly policy;
+    constructor(policy?: AuthorizationPolicy);
+    authorize(toolName: string, annotations?: CapabilityAnnotations): ToolAuthorizationResult;
+    private classifyLevel;
+}
+//# sourceMappingURL=annotation-authorizer.d.ts.map

package/dist/security/annotation-authorizer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"annotation-authorizer.d.ts","sourceRoot":"","sources":["../../src/security/annotation-authorizer.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,gCAAgC,CAAC;AAC5E,OAAO,KAAK,EAAE,cAAc,EAAE,uBAAuB,EAAE,kBAAkB,EAAE,MAAM,oCAAoC,CAAC;AAEtH,MAAM,WAAW,mBAAmB;IAClC,QAAQ,CAAC,YAAY,CAAC,EAAE,kBAAkB,CAAC;IAC3C,QAAQ,CAAC,yBAAyB,CAAC,EAAE,OAAO,CAAC;CAC9C;AAED,qBAAa,oBAAqB,YAAW,cAAc;IACzD,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAgC;gBAE3C,MAAM,CAAC,EAAE,mBAAmB;IAOxC,SAAS,CAAC,QAAQ,EAAE,MAAM,EAAE,WAAW,CAAC,EAAE,qBAAqB,GAAG,uBAAuB;IAgBzF,OAAO,CAAC,aAAa;CAWtB"}

package/dist/security/annotation-authorizer.js

@@ -0,0 +1,37 @@
+// AnnotationAuthorizer: classifies tool authorization level from capability annotations
+export class AnnotationAuthorizer {
+    policy;
+    constructor(policy) {
+        this.policy = {
+            defaultLevel: policy?.defaultLevel ?? 2,
+            requireApprovalForUnknown: policy?.requireApprovalForUnknown ?? false,
+        };
+    }
+    authorize(toolName, annotations) {
+        const level = this.classifyLevel(annotations);
+        if (level === 1) {
+            return { level, allowed: true, requiresApproval: false, reason: "Read-only tool, auto-execute" };
+        }
+        if (level === 2) {
+            return { level, allowed: true, requiresApproval: false, reason: "Audited execution" };
+        }
+        if (level === 3) {
+            return { level, allowed: false, requiresApproval: true, reason: `Tool "${toolName}" requires confirmation` };
+        }
+        // level === 4
+        return { level, allowed: false, requiresApproval: true, reason: `Destructive tool "${toolName}" always requires confirmation` };
+    }
+    classifyLevel(annotations) {
+        if (!annotations) {
+            return this.policy.requireApprovalForUnknown ? 3 : this.policy.defaultLevel;
+        }
+        if (annotations.destructive)
+            return 4;
+        if (annotations.readOnly)
+            return 1;
+        if (annotations.idempotent)
+            return 2;
+        return this.policy.defaultLevel;
+    }
+}
+//# sourceMappingURL=annotation-authorizer.js.map

package/dist/security/annotation-authorizer.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"annotation-authorizer.js","sourceRoot":"","sources":["../../src/security/annotation-authorizer.ts"],"names":[],"mappings":"AAAA,wFAAwF;AAUxF,MAAM,OAAO,oBAAoB;IACd,MAAM,CAAgC;IAEvD,YAAY,MAA4B;QACtC,IAAI,CAAC,MAAM,GAAG;YACZ,YAAY,EAAE,MAAM,EAAE,YAAY,IAAI,CAAC;YACvC,yBAAyB,EAAE,MAAM,EAAE,yBAAyB,IAAI,KAAK;SACtE,CAAC;IACJ,CAAC;IAED,SAAS,CAAC,QAAgB,EAAE,WAAmC;QAC7D,MAAM,KAAK,GAAG,IAAI,CAAC,aAAa,CAAC,WAAW,CAAC,CAAC;QAE9C,IAAI,KAAK,KAAK,CAAC,EAAE,CAAC;YAChB,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,gBAAgB,EAAE,KAAK,EAAE,MAAM,EAAE,8BAA8B,EAAE,CAAC;QACnG,CAAC;QACD,IAAI,KAAK,KAAK,CAAC,EAAE,CAAC;YAChB,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,gBAAgB,EAAE,KAAK,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC;QACxF,CAAC;QACD,IAAI,KAAK,KAAK,CAAC,EAAE,CAAC;YAChB,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,gBAAgB,EAAE,IAAI,EAAE,MAAM,EAAE,SAAS,QAAQ,yBAAyB,EAAE,CAAC;QAC/G,CAAC;QACD,cAAc;QACd,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,gBAAgB,EAAE,IAAI,EAAE,MAAM,EAAE,qBAAqB,QAAQ,gCAAgC,EAAE,CAAC;IAClI,CAAC;IAEO,aAAa,CAAC,WAAmC;QACvD,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,OAAO,IAAI,CAAC,MAAM,CAAC,yBAAyB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC;QAC9E,CAAC;QAED,IAAI,WAAW,CAAC,WAAW;YAAE,OAAO,CAAC,CAAC;QACtC,IAAI,WAAW,CAAC,QAAQ;YAAE,OAAO,CAAC,CAAC;QACnC,IAAI,WAAW,CAAC,UAAU;YAAE,OAAO,CAAC,CAAC;QAErC,OAAO,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC;IAClC,CAAC;CACF"}

package/dist/security/index.d.ts

@@ -7,4 +7,6 @@ export { Guardian } from "./guardian.js";
 export type { GuardianRequest } from "./guardian.js";
 export { SelfAudit } from "./self-audit.js";
 export type { SecurityCheckName, SecurityCheckResult, SecurityAuditReport, SelfAuditOptions, } from "./self-audit.js";
+export { AnnotationAuthorizer } from "./annotation-authorizer.js";
+export type { AuthorizationPolicy } from "./annotation-authorizer.js";
 //# sourceMappingURL=index.d.ts.map

package/dist/security/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/security/index.ts"],"names":[],"mappings":"AAEA,YAAY,EACV,WAAW,EACX,UAAU,EACV,QAAQ,EACR,WAAW,EACX,gBAAgB,EAChB,WAAW,EACX,gBAAgB,EAChB,YAAY,EACZ,oBAAoB,EACpB,cAAc,EACd,cAAc,EACd,qBAAqB,EACrB,aAAa,EACb,WAAW,EACX,qBAAqB,GACtB,MAAM,YAAY,CAAC;AAEpB,OAAO,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAC;AAC/C,OAAO,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AACnD,OAAO,EAAE,aAAa,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC;AACxE,YAAY,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC;AAC5D,OAAO,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAC;AACzC,YAAY,EAAE,eAAe,EAAE,MAAM,eAAe,CAAC;AACrD,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAC5C,YAAY,EACV,iBAAiB,EACjB,mBAAmB,EACnB,mBAAmB,EACnB,gBAAgB,GACjB,MAAM,iBAAiB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/security/index.ts"],"names":[],"mappings":"AAEA,YAAY,EACV,WAAW,EACX,UAAU,EACV,QAAQ,EACR,WAAW,EACX,gBAAgB,EAChB,WAAW,EACX,gBAAgB,EAChB,YAAY,EACZ,oBAAoB,EACpB,cAAc,EACd,cAAc,EACd,qBAAqB,EACrB,aAAa,EACb,WAAW,EACX,qBAAqB,GACtB,MAAM,YAAY,CAAC;AAEpB,OAAO,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAC;AAC/C,OAAO,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AACnD,OAAO,EAAE,aAAa,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC;AACxE,YAAY,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC;AAC5D,OAAO,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAC;AACzC,YAAY,EAAE,eAAe,EAAE,MAAM,eAAe,CAAC;AACrD,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAC5C,YAAY,EACV,iBAAiB,EACjB,mBAAmB,EACnB,mBAAmB,EACnB,gBAAgB,GACjB,MAAM,iBAAiB,CAAC;AACzB,OAAO,EAAE,oBAAoB,EAAE,MAAM,4BAA4B,CAAC;AAClE,YAAY,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC"}

package/dist/security/index.js

@@ -4,4 +4,5 @@ export { AesSecretStore } from "./secret-store.js";
 export { PromptScanner, INJECTION_PATTERNS } from "./prompt-scanner.js";
 export { Guardian } from "./guardian.js";
 export { SelfAudit } from "./self-audit.js";
+export { AnnotationAuthorizer } from "./annotation-authorizer.js";
 //# sourceMappingURL=index.js.map

package/dist/security/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/security/index.ts"],"names":[],"mappings":"AAAA,6EAA6E;AAoB7E,OAAO,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAC;AAC/C,OAAO,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AACnD,OAAO,EAAE,aAAa,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC;AAExE,OAAO,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAC;AAEzC,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/security/index.ts"],"names":[],"mappings":"AAAA,6EAA6E;AAoB7E,OAAO,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAC;AAC/C,OAAO,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AACnD,OAAO,EAAE,aAAa,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC;AAExE,OAAO,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAC;AAEzC,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAO5C,OAAO,EAAE,oBAAoB,EAAE,MAAM,4BAA4B,CAAC"}

package/dist/security/types.d.ts

@@ -1,5 +1,5 @@
 /** Categories of auditable actions */
-export type AuditAction = "capability_executed" | "destructive_blocked" | "destructive_approved" | "injection_detected" | "injection_cleared" | "secret_accessed" | "secret_rotated" | "tenant_created" | "tenant_updated" | "tenant_deleted" | "memory_accessed" | "memory_denied" | "session_started" | "session_ended" | "config_changed" | "self_audit_completed" | "pii_detected" | "content_classified" | "policy_evaluated";
+export type AuditAction = "capability_executed" | "destructive_blocked" | "destructive_approved" | "injection_detected" | "injection_cleared" | "secret_accessed" | "secret_rotated" | "tenant_created" | "tenant_updated" | "tenant_deleted" | "memory_accessed" | "memory_denied" | "session_started" | "session_ended" | "config_changed" | "self_audit_completed" | "pii_detected" | "content_classified" | "policy_evaluated" | "tool_execution";
 /** Single audit log entry */
 export interface AuditEntry {
     readonly id: string;
@@ -7,7 +7,7 @@ export interface AuditEntry {
     readonly action: AuditAction;
     readonly actor: string;
     readonly resource: string;
-    readonly outcome: "allowed" | "denied" | "error";
+    readonly outcome: "allowed" | "denied" | "error" | "success" | "success_sanitized";
     readonly metadata?: Record<string, unknown>;
     readonly tenantId?: string;
     readonly sessionId?: string;

package/dist/security/types.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/security/types.ts"],"names":[],"mappings":"AAIA,sCAAsC;AACtC,MAAM,MAAM,WAAW,GACnB,qBAAqB,GACrB,qBAAqB,GACrB,sBAAsB,GACtB,oBAAoB,GACpB,mBAAmB,GACnB,iBAAiB,GACjB,gBAAgB,GAChB,gBAAgB,GAChB,gBAAgB,GAChB,gBAAgB,GAChB,iBAAiB,GACjB,eAAe,GACf,iBAAiB,GACjB,eAAe,GACf,gBAAgB,GAChB,sBAAsB,GACtB,cAAc,GACd,oBAAoB,GACpB,kBAAkB,CAAC;AAEvB,6BAA6B;AAC7B,MAAM,WAAW,UAAU;IACzB,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,SAAS,EAAE,IAAI,CAAC;IACzB,QAAQ,CAAC,MAAM,EAAE,WAAW,CAAC;IAC7B,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,OAAO,EAAE,SAAS,GAAG,QAAQ,GAAG,OAAO,CAAC;IACjD,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC5C,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,CAAC;CAChC;AAED,wCAAwC;AACxC,MAAM,WAAW,QAAQ;IACvB,MAAM,CAAC,KAAK,EAAE,IAAI,CAAC,UAAU,EAAE,IAAI,GAAG,MAAM,GAAG,cAAc,CAAC,GAAG,UAAU,CAAC;IAC5E,KAAK,CAAC,MAAM,EAAE,WAAW,GAAG,SAAS,UAAU,EAAE,CAAC;IAClD,WAAW,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,MAAM,GAAG,gBAAgB,CAAC;IACpE,KAAK,IAAI,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,WAAW;IAC1B,QAAQ,CAAC,MAAM,CAAC,EAAE,WAAW,CAAC;IAC9B,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,KAAK,CAAC,EAAE,IAAI,CAAC;IACtB,QAAQ,CAAC,KAAK,CAAC,EAAE,IAAI,CAAC;IACtB,QAAQ,CAAC,OAAO,CAAC,EAAE,SAAS,GAAG,QAAQ,GAAG,OAAO,CAAC;IAClD,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC;CACzB;AAED,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,CAAC,KAAK,EAAE,OAAO,CAAC;IACxB,QAAQ,CAAC,cAAc,EAAE,MAAM,CAAC;IAChC,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC;CACzB;AAID,qDAAqD;AACrD,MAAM,WAAW,WAAW;IAC1B,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACtC,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAAC;IAChC,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;IAC1B,MAAM,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;IAC7B,IAAI,IAAI,SAAS,MAAM,EAAE,CAAC;IAC1B,SAAS,CAAC,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;CACvC;AAID,wCAAwC;AACxC,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,CAAC,IAAI,EAAE,OAAO,CAAC;IACvB,QAAQ,CAAC,IAAI,EAAE,WAAW,GAAG,MAAM,CAAC;IACpC,QAAQ,CAAC,OAAO,EAAE,SAAS,YAAY,EAAE,CAAC;IAC1C,QAAQ,CAAC,SAAS,EAAE,IAAI,CAAC;IACzB,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;CAC9B;AAED,MAAM,WAAW,YAAY;IAC3B,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,QAAQ,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;IAC1D,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;CAC9B;AAID,kEAAkE;AAClE,MAAM,WAAW,oBAAoB;IACnC,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC;IAC3B,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,gBAAgB,EAAE,MAAM,CAAC;IAClC,QAAQ,CAAC,SAAS,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;IAC3D,QAAQ,CAAC,cAAc,EAAE,MAAM,CAAC;IAChC,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;CAC5B;AAID,iEAAiE;AACjE,MAAM,WAAW,cAAc;IAC7B,QAAQ,CAAC,QAAQ,CAAC,EAAE,cAAc,CAAC;IACnC,QAAQ,CAAC,eAAe,CAAC,EAAE,qBAAqB,CAAC;IACjD,QAAQ,CAAC,OAAO,CAAC,EAAE,aAAa,CAAC;IACjC,QAAQ,CAAC,KAAK,CAAC,EAAE,WAAW,CAAC;IAC7B,QAAQ,CAAC,eAAe,CAAC,EAAE,qBAAqB,CAAC;CAClD;AAED,MAAM,WAAW,cAAc;IAC7B,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC;IAC1B,QAAQ,CAAC,YAAY,EAAE,WAAW,GAAG,MAAM,CAAC;IAC5C,QAAQ,CAAC,YAAY,EAAE,OAAO,CAAC;IAC/B,QAAQ,CAAC,iBAAiB,EAAE,OAAO,CAAC;CACrC;AAED,MAAM,WAAW,qBAAqB;IACpC,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC;IAC1B,QAAQ,CAAC,aAAa,EAAE,OAAO,CAAC;IAChC,QAAQ,CAAC,gBAAgB,EAAE,OAAO,CAAC;IACnC,QAAQ,CAAC,eAAe,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;CAC9C;AAED,MAAM,WAAW,aAAa;IAC5B,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC;IAC1B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;CAC5B;AAED,MAAM,WAAW,WAAW;IAC1B,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC;IAC1B,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,YAAY,EAAE,OAAO,CAAC;IAC/B,QAAQ,CAAC,aAAa,CAAC,EAAE,MAAM,CAAC;CACjC;AAED,MAAM,WAAW,qBAAqB;IACpC,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC;IAC1B,QAAQ,CAAC,sBAAsB,EAAE,OAAO,CAAC;IACzC,QAAQ,CAAC,iBAAiB,EAAE,OAAO,CAAC;CACrC"}
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/security/types.ts"],"names":[],"mappings":"AAIA,sCAAsC;AACtC,MAAM,MAAM,WAAW,GACnB,qBAAqB,GACrB,qBAAqB,GACrB,sBAAsB,GACtB,oBAAoB,GACpB,mBAAmB,GACnB,iBAAiB,GACjB,gBAAgB,GAChB,gBAAgB,GAChB,gBAAgB,GAChB,gBAAgB,GAChB,iBAAiB,GACjB,eAAe,GACf,iBAAiB,GACjB,eAAe,GACf,gBAAgB,GAChB,sBAAsB,GACtB,cAAc,GACd,oBAAoB,GACpB,kBAAkB,GAClB,gBAAgB,CAAC;AAErB,6BAA6B;AAC7B,MAAM,WAAW,UAAU;IACzB,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,SAAS,EAAE,IAAI,CAAC;IACzB,QAAQ,CAAC,MAAM,EAAE,WAAW,CAAC;IAC7B,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,OAAO,EAAE,SAAS,GAAG,QAAQ,GAAG,OAAO,GAAG,SAAS,GAAG,mBAAmB,CAAC;IACnF,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC5C,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,CAAC;CAChC;AAED,wCAAwC;AACxC,MAAM,WAAW,QAAQ;IACvB,MAAM,CAAC,KAAK,EAAE,IAAI,CAAC,UAAU,EAAE,IAAI,GAAG,MAAM,GAAG,cAAc,CAAC,GAAG,UAAU,CAAC;IAC5E,KAAK,CAAC,MAAM,EAAE,WAAW,GAAG,SAAS,UAAU,EAAE,CAAC;IAClD,WAAW,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,MAAM,GAAG,gBAAgB,CAAC;IACpE,KAAK,IAAI,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,WAAW;IAC1B,QAAQ,CAAC,MAAM,CAAC,EAAE,WAAW,CAAC;IAC9B,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,KAAK,CAAC,EAAE,IAAI,CAAC;IACtB,QAAQ,CAAC,KAAK,CAAC,EAAE,IAAI,CAAC;IACtB,QAAQ,CAAC,OAAO,CAAC,EAAE,SAAS,GAAG,QAAQ,GAAG,OAAO,CAAC;IAClD,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC;CACzB;AAED,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,CAAC,KAAK,EAAE,OAAO,CAAC;IACxB,QAAQ,CAAC,cAAc,EAAE,MAAM,CAAC;IAChC,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC;CACzB;AAID,qDAAqD;AACrD,MAAM,WAAW,WAAW;IAC1B,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACtC,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAAC;IAChC,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;IAC1B,MAAM,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;IAC7B,IAAI,IAAI,SAAS,MAAM,EAAE,CAAC;IAC1B,SAAS,CAAC,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;CACvC;AAID,wCAAwC;AACxC,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,CAAC,IAAI,EAAE,OAAO,CAAC;IACvB,QAAQ,CAAC,IAAI,EAAE,WAAW,GAAG,MAAM,CAAC;IACpC,QAAQ,CAAC,OAAO,EAAE,SAAS,YAAY,EAAE,CAAC;IAC1C,QAAQ,CAAC,SAAS,EAAE,IAAI,CAAC;IACzB,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;CAC9B;AAED,MAAM,WAAW,YAAY;IAC3B,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,QAAQ,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;IAC1D,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;CAC9B;AAID,kEAAkE;AAClE,MAAM,WAAW,oBAAoB;IACnC,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC;IAC3B,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,gBAAgB,EAAE,MAAM,CAAC;IAClC,QAAQ,CAAC,SAAS,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;IAC3D,QAAQ,CAAC,cAAc,EAAE,MAAM,CAAC;IAChC,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;CAC5B;AAID,iEAAiE;AACjE,MAAM,WAAW,cAAc;IAC7B,QAAQ,CAAC,QAAQ,CAAC,EAAE,cAAc,CAAC;IACnC,QAAQ,CAAC,eAAe,CAAC,EAAE,qBAAqB,CAAC;IACjD,QAAQ,CAAC,OAAO,CAAC,EAAE,aAAa,CAAC;IACjC,QAAQ,CAAC,KAAK,CAAC,EAAE,WAAW,CAAC;IAC7B,QAAQ,CAAC,eAAe,CAAC,EAAE,qBAAqB,CAAC;CAClD;AAED,MAAM,WAAW,cAAc;IAC7B,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC;IAC1B,QAAQ,CAAC,YAAY,EAAE,WAAW,GAAG,MAAM,CAAC;IAC5C,QAAQ,CAAC,YAAY,EAAE,OAAO,CAAC;IAC/B,QAAQ,CAAC,iBAAiB,EAAE,OAAO,CAAC;CACrC;AAED,MAAM,WAAW,qBAAqB;IACpC,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC;IAC1B,QAAQ,CAAC,aAAa,EAAE,OAAO,CAAC;IAChC,QAAQ,CAAC,gBAAgB,EAAE,OAAO,CAAC;IACnC,QAAQ,CAAC,eAAe,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;CAC9C;AAED,MAAM,WAAW,aAAa;IAC5B,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC;IAC1B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;CAC5B;AAED,MAAM,WAAW,WAAW;IAC1B,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC;IAC1B,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,YAAY,EAAE,OAAO,CAAC;IAC/B,QAAQ,CAAC,aAAa,CAAC,EAAE,MAAM,CAAC;CACjC;AAED,MAAM,WAAW,qBAAqB;IACpC,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC;IAC1B,QAAQ,CAAC,sBAAsB,EAAE,OAAO,CAAC;IACzC,QAAQ,CAAC,iBAAiB,EAAE,OAAO,CAAC;CACrC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@kilnai/core",
-  "version": "0.1.16",
+  "version": "0.9.1",
   "description": "Domain-agnostic AI orchestration engine -- 7 primitives, 3 composites, YAML-configured",
   "type": "module",
   "exports": {
@@ -45,11 +45,19 @@
     "yaml": "^2.8.2"
   },
   "peerDependencies": {
-    "@opentelemetry/api": "^1.9.0"
+    "@opentelemetry/api": "^1.9.0",
+    "postgres": "^3.4.0",
+    "unpdf": ">=0.12.0"
   },
   "peerDependenciesMeta": {
     "@opentelemetry/api": {
       "optional": true
+    },
+    "postgres": {
+      "optional": true
+    },
+    "unpdf": {
+      "optional": true
     }
   },
   "devDependencies": {