@neurosec/sentry 1.0.20 → 1.1.1

package/dist/proxy/cert-manager.js

@@ -0,0 +1,117 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ensureProxyCertificate = ensureProxyCertificate;
+/**
+ * On-disk self-signed certificate provisioning for the Sentry HTTPS proxy.
+ *
+ * Why this exists (S-C8): the previous code defaulted `interceptHttps: false`
+ * and required operators to provision certs by hand at /etc/neuroshield/proxy-cert.pem.
+ * Most operators didn't, so the proxy received zero HTTPS traffic and the
+ * threat engine + redactor never ran on real LLM requests.
+ *
+ * Behavior:
+ *   - On first start, if certPath / keyPath don't exist, generate a self-signed
+ *     2048-bit RSA cert via `openssl req -x509`, valid 365 days, with SANs
+ *     for `localhost`, `127.0.0.1`, `*.openai.com`, `*.anthropic.com`,
+ *     `*.googleapis.com`, etc. Persist to stateDir/proxy-cert.{pem,key}.
+ *   - Cert is written 0600. Daemon owner only.
+ *   - Each call returns { certPath, keyPath, generated, fingerprintSha256 }
+ *     so operators / the Sentry CLI can echo the fingerprint to trust on
+ *     client machines.
+ *   - Clients must trust this CA for HTTPS interception to work — the cert
+ *     fingerprint is logged once at start so operators can pin it.
+ *
+ * Trust model: the cert is the LOCAL ca. We do NOT push it into system
+ * trust stores. Operators decide whether to add it manually or use the
+ * agent-launcher wrapping that sets NODE_EXTRA_CA_CERTS.
+ */
+const fs_1 = __importDefault(require("fs"));
+const path_1 = __importDefault(require("path"));
+const child_process_1 = require("child_process");
+const crypto_1 = require("crypto");
+const logger_1 = require("../logger");
+const DEFAULT_SANS = [
+    'localhost',
+    '127.0.0.1',
+    '::1',
+];
+/**
+ * Ensure a usable cert/key pair exists. Returns the paths plus a SHA-256
+ * fingerprint suitable for client-side pinning.
+ *
+ * Idempotent: if files already exist AND parse as a valid cert, leaves them
+ * alone. Otherwise generates a new self-signed cert via openssl.
+ */
+function ensureProxyCertificate(opts) {
+    const existing = readIfValid(opts.certPath, opts.keyPath);
+    if (existing)
+        return { ...existing, generated: false };
+    if (!hasOpenssl()) {
+        throw new Error('openssl(1) is required to provision the HTTPS proxy cert; install it or supply --certPath/--keyPath');
+    }
+    // Build SAN list — include the operator's extras + defaults.
+    const sansFlat = [...new Set([...DEFAULT_SANS, ...(opts.extraSans ?? [])])];
+    const sanString = sansFlat
+        .map((s) => /^[0-9.]+$|^[0-9a-f:]+$/i.test(s) ? `IP:${s}` : `DNS:${s}`)
+        .join(',');
+    fs_1.default.mkdirSync(path_1.default.dirname(opts.certPath), { recursive: true });
+    fs_1.default.mkdirSync(path_1.default.dirname(opts.keyPath), { recursive: true });
+    (0, child_process_1.execFileSync)('openssl', [
+        'req', '-x509',
+        '-newkey', 'rsa:2048',
+        '-nodes',
+        '-keyout', opts.keyPath,
+        '-out', opts.certPath,
+        '-days', String(opts.validityDays ?? 365),
+        '-subj', '/CN=NeuroShield Sentry Local CA',
+        '-addext', `subjectAltName=${sanString}`,
+    ], { stdio: 'ignore', timeout: 30000 });
+    try {
+        fs_1.default.chmodSync(opts.keyPath, 0o600);
+    }
+    catch { /* best effort */ }
+    try {
+        fs_1.default.chmodSync(opts.certPath, 0o644);
+    }
+    catch { /* best effort */ }
+    const written = readIfValid(opts.certPath, opts.keyPath);
+    if (!written) {
+        throw new Error('Cert provisioning succeeded but the resulting files failed to parse');
+    }
+    logger_1.logger.info('Sentry HTTPS proxy cert generated', {
+        certPath: opts.certPath,
+        keyPath: opts.keyPath,
+        fingerprintSha256: written.fingerprintSha256,
+        notAfter: written.notAfter,
+        sans: sansFlat,
+        hint: 'Trust this cert on agent hosts (e.g. NODE_EXTRA_CA_CERTS) to enable HTTPS interception',
+    });
+    return { ...written, generated: true };
+}
+function readIfValid(certPath, keyPath) {
+    try {
+        if (!fs_1.default.existsSync(certPath) || !fs_1.default.existsSync(keyPath))
+            return null;
+        const certPem = fs_1.default.readFileSync(certPath, 'utf8');
+        const x509 = new crypto_1.X509Certificate(certPem);
+        const fingerprintSha256 = (0, crypto_1.createHash)('sha256').update(x509.raw).digest('hex').toUpperCase();
+        const notAfter = x509.validTo;
+        return { certPath, keyPath, fingerprintSha256, notAfter };
+    }
+    catch {
+        return null;
+    }
+}
+function hasOpenssl() {
+    try {
+        (0, child_process_1.execFileSync)('openssl', ['version'], { stdio: 'ignore', timeout: 2000 });
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+//# sourceMappingURL=cert-manager.js.map

package/dist/proxy/cert-manager.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cert-manager.js","sourceRoot":"","sources":["../../src/proxy/cert-manager.ts"],"names":[],"mappings":";;;;;AA4DA,wDAkDC;AA9GD;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,4CAAoB;AACpB,gDAAwB;AACxB,iDAA6C;AAC7C,mCAAqD;AACrD,sCAAmC;AAEnC,MAAM,YAAY,GAAG;IACnB,WAAW;IACX,WAAW;IACX,KAAK;CACN,CAAC;AAmBF;;;;;;GAMG;AACH,SAAgB,sBAAsB,CAAC,IAA0B;IAC/D,MAAM,QAAQ,GAAG,WAAW,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC;IAC1D,IAAI,QAAQ;QAAE,OAAO,EAAE,GAAG,QAAQ,EAAE,SAAS,EAAE,KAAK,EAAE,CAAC;IAEvD,IAAI,CAAC,UAAU,EAAE,EAAE,CAAC;QAClB,MAAM,IAAI,KAAK,CAAC,qGAAqG,CAAC,CAAC;IACzH,CAAC;IAED,6DAA6D;IAC7D,MAAM,QAAQ,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,CAAC,GAAG,YAAY,EAAE,GAAG,CAAC,IAAI,CAAC,SAAS,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;IAC5E,MAAM,SAAS,GAAG,QAAQ;SACvB,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,yBAAyB,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC;SACtE,IAAI,CAAC,GAAG,CAAC,CAAC;IAEb,YAAE,CAAC,SAAS,CAAC,cAAI,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAC/D,YAAE,CAAC,SAAS,CAAC,cAAI,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAE9D,IAAA,4BAAY,EACV,SAAS,EACT;QACE,KAAK,EAAE,OAAO;QACd,SAAS,EAAE,UAAU;QACrB,QAAQ;QACR,SAAS,EAAE,IAAI,CAAC,OAAO;QACvB,MAAM,EAAE,IAAI,CAAC,QAAQ;QACrB,OAAO,EAAE,MAAM,CAAC,IAAI,CAAC,YAAY,IAAI,GAAG,CAAC;QACzC,OAAO,EAAE,iCAAiC;QAC1C,SAAS,EAAE,kBAAkB,SAAS,EAAE;KACzC,EACD,EAAE,KAAK,EAAE,QAAQ,EAAE,OAAO,EAAE,KAAM,EAAE,CACrC,CAAC;IAEF,IAAI,CAAC;QAAC,YAAE,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;IAAC,CAAC;IAAC,MAAM,CAAC,CAAC,iBAAiB,CAAC,CAAC;IACtE,IAAI,CAAC;QAAC,YAAE,CAAC,SAAS,CAAC,IAAI,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;IAAC,CAAC;IAAC,MAAM,CAAC,CAAC,iBAAiB,CAAC,CAAC;IAEvE,MAAM,OAAO,GAAG,WAAW,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC;IACzD,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CAAC,qEAAqE,CAAC,CAAC;IACzF,CAAC;IAED,eAAM,CAAC,IAAI,CAAC,mCAAmC,EAAE;QAC/C,QAAQ,EAAE,IAAI,CAAC,QAAQ;QACvB,OAAO,EAAE,IAAI,CAAC,OAAO;QACrB,iBAAiB,EAAE,OAAO,CAAC,iBAAiB;QAC5C,QAAQ,EAAE,OAAO,CAAC,QAAQ;QAC1B,IAAI,EAAE,QAAQ;QACd,IAAI,EAAE,wFAAwF;KAC/F,CAAC,CAAC;IAEH,OAAO,EAAE,GAAG,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC;AACzC,CAAC;AAED,SAAS,WAAW,CAAC,QAAgB,EAAE,OAAe;IACpD,IAAI,CAAC;QACH,IAAI,CAAC,YAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,YAAE,CAAC,UAAU,CAAC,OAAO,CAAC;YAAE,OAAO,IAAI,CAAC;QACrE,MAAM,OAAO,GAAG,YAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;QAClD,MAAM,IAAI,GAAG,IAAI,wBAAe,CAAC,OAAO,CAAC,CAAC;QAC1C,MAAM,iBAAiB,GAAG,IAAA,mBAAU,EAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,WAAW,EAAE,CAAC;QAC5F,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC;QAC9B,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,iBAAiB,EAAE,QAAQ,EAAE,CAAC;IAC5D,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAS,UAAU;IACjB,IAAI,CAAC;QACH,IAAA,4BAAY,EAAC,SAAS,EAAE,CAAC,SAAS,CAAC,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;QACzE,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC"}

package/dist/proxy/cert-manager.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=cert-manager.test.d.ts.map

package/dist/proxy/cert-manager.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cert-manager.test.d.ts","sourceRoot":"","sources":["../../src/proxy/cert-manager.test.ts"],"names":[],"mappings":""}

package/dist/proxy/cert-manager.test.js

@@ -0,0 +1,70 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const vitest_1 = require("vitest");
+const fs_1 = __importDefault(require("fs"));
+const os_1 = __importDefault(require("os"));
+const path_1 = __importDefault(require("path"));
+const child_process_1 = require("child_process");
+const cert_manager_1 = require("./cert-manager");
+function hasOpenssl() {
+    try {
+        (0, child_process_1.execFileSync)('openssl', ['version'], { stdio: 'ignore' });
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+function tmpdir() {
+    return fs_1.default.mkdtempSync(path_1.default.join(os_1.default.tmpdir(), 'sentry-cert-'));
+}
+(0, vitest_1.describe)('ensureProxyCertificate (S-C8)', () => {
+    let dir;
+    (0, vitest_1.beforeEach)(() => { dir = tmpdir(); });
+    (0, vitest_1.it)('generates a new cert/key when neither exists', () => {
+        if (!hasOpenssl())
+            return; // CI without openssl
+        const certPath = path_1.default.join(dir, 'cert.pem');
+        const keyPath = path_1.default.join(dir, 'key.pem');
+        const result = (0, cert_manager_1.ensureProxyCertificate)({ certPath, keyPath });
+        (0, vitest_1.expect)(result.generated).toBe(true);
+        (0, vitest_1.expect)(fs_1.default.existsSync(certPath)).toBe(true);
+        (0, vitest_1.expect)(fs_1.default.existsSync(keyPath)).toBe(true);
+        (0, vitest_1.expect)(result.fingerprintSha256).toMatch(/^[A-F0-9]{64}$/);
+        (0, vitest_1.expect)(result.notAfter).toBeTruthy();
+    });
+    (0, vitest_1.it)('is idempotent: re-running returns the existing cert without regenerating', () => {
+        if (!hasOpenssl())
+            return;
+        const certPath = path_1.default.join(dir, 'cert.pem');
+        const keyPath = path_1.default.join(dir, 'key.pem');
+        const first = (0, cert_manager_1.ensureProxyCertificate)({ certPath, keyPath });
+        const second = (0, cert_manager_1.ensureProxyCertificate)({ certPath, keyPath });
+        (0, vitest_1.expect)(second.generated).toBe(false);
+        (0, vitest_1.expect)(second.fingerprintSha256).toBe(first.fingerprintSha256);
+    });
+    (0, vitest_1.it)('regenerates if the existing cert is malformed', () => {
+        if (!hasOpenssl())
+            return;
+        const certPath = path_1.default.join(dir, 'cert.pem');
+        const keyPath = path_1.default.join(dir, 'key.pem');
+        fs_1.default.writeFileSync(certPath, 'not a cert');
+        fs_1.default.writeFileSync(keyPath, 'not a key');
+        const result = (0, cert_manager_1.ensureProxyCertificate)({ certPath, keyPath });
+        (0, vitest_1.expect)(result.generated).toBe(true);
+        (0, vitest_1.expect)(result.fingerprintSha256).toMatch(/^[A-F0-9]{64}$/);
+    });
+    (0, vitest_1.it)('writes the private key 0600', () => {
+        if (!hasOpenssl())
+            return;
+        const certPath = path_1.default.join(dir, 'cert.pem');
+        const keyPath = path_1.default.join(dir, 'key.pem');
+        (0, cert_manager_1.ensureProxyCertificate)({ certPath, keyPath });
+        const mode = fs_1.default.statSync(keyPath).mode & 0o077;
+        (0, vitest_1.expect)(mode).toBe(0);
+    });
+});
+//# sourceMappingURL=cert-manager.test.js.map

package/dist/proxy/cert-manager.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cert-manager.test.js","sourceRoot":"","sources":["../../src/proxy/cert-manager.test.ts"],"names":[],"mappings":";;;;;AAAA,mCAA0D;AAC1D,4CAAoB;AACpB,4CAAoB;AACpB,gDAAwB;AACxB,iDAA6C;AAC7C,iDAAwD;AAExD,SAAS,UAAU;IACjB,IAAI,CAAC;QAAC,IAAA,4BAAY,EAAC,SAAS,EAAE,CAAC,SAAS,CAAC,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC,CAAC;QAAC,OAAO,IAAI,CAAC;IAAC,CAAC;IAC/E,MAAM,CAAC;QAAC,OAAO,KAAK,CAAC;IAAC,CAAC;AACzB,CAAC;AAED,SAAS,MAAM;IACb,OAAO,YAAE,CAAC,WAAW,CAAC,cAAI,CAAC,IAAI,CAAC,YAAE,CAAC,MAAM,EAAE,EAAE,cAAc,CAAC,CAAC,CAAC;AAChE,CAAC;AAED,IAAA,iBAAQ,EAAC,+BAA+B,EAAE,GAAG,EAAE;IAC7C,IAAI,GAAW,CAAC;IAChB,IAAA,mBAAU,EAAC,GAAG,EAAE,GAAG,GAAG,GAAG,MAAM,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;IAEtC,IAAA,WAAE,EAAC,8CAA8C,EAAE,GAAG,EAAE;QACtD,IAAI,CAAC,UAAU,EAAE;YAAE,OAAO,CAAC,qBAAqB;QAChD,MAAM,QAAQ,GAAG,cAAI,CAAC,IAAI,CAAC,GAAG,EAAE,UAAU,CAAC,CAAC;QAC5C,MAAM,OAAO,GAAG,cAAI,CAAC,IAAI,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;QAC1C,MAAM,MAAM,GAAG,IAAA,qCAAsB,EAAC,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,CAAC;QAC7D,IAAA,eAAM,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACpC,IAAA,eAAM,EAAC,YAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC3C,IAAA,eAAM,EAAC,YAAE,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC1C,IAAA,eAAM,EAAC,MAAM,CAAC,iBAAiB,CAAC,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC;QAC3D,IAAA,eAAM,EAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,UAAU,EAAE,CAAC;IACvC,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,0EAA0E,EAAE,GAAG,EAAE;QAClF,IAAI,CAAC,UAAU,EAAE;YAAE,OAAO;QAC1B,MAAM,QAAQ,GAAG,cAAI,CAAC,IAAI,CAAC,GAAG,EAAE,UAAU,CAAC,CAAC;QAC5C,MAAM,OAAO,GAAG,cAAI,CAAC,IAAI,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;QAC1C,MAAM,KAAK,GAAG,IAAA,qCAAsB,EAAC,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,CAAC;QAC5D,MAAM,MAAM,GAAG,IAAA,qCAAsB,EAAC,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,CAAC;QAC7D,IAAA,eAAM,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACrC,IAAA,eAAM,EAAC,MAAM,CAAC,iBAAiB,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,iBAAiB,CAAC,CAAC;IACjE,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,+CAA+C,EAAE,GAAG,EAAE;QACvD,IAAI,CAAC,UAAU,EAAE;YAAE,OAAO;QAC1B,MAAM,QAAQ,GAAG,cAAI,CAAC,IAAI,CAAC,GAAG,EAAE,UAAU,CAAC,CAAC;QAC5C,MAAM,OAAO,GAAG,cAAI,CAAC,IAAI,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;QAC1C,YAAE,CAAC,aAAa,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;QACzC,YAAE,CAAC,aAAa,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;QACvC,MAAM,MAAM,GAAG,IAAA,qCAAsB,EAAC,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,CAAC;QAC7D,IAAA,eAAM,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACpC,IAAA,eAAM,EAAC,MAAM,CAAC,iBAAiB,CAAC,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC;IAC7D,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,6BAA6B,EAAE,GAAG,EAAE;QACrC,IAAI,CAAC,UAAU,EAAE;YAAE,OAAO;QAC1B,MAAM,QAAQ,GAAG,cAAI,CAAC,IAAI,CAAC,GAAG,EAAE,UAAU,CAAC,CAAC;QAC5C,MAAM,OAAO,GAAG,cAAI,CAAC,IAAI,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;QAC1C,IAAA,qCAAsB,EAAC,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,CAAC;QAC9C,MAAM,IAAI,GAAG,YAAE,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,IAAI,GAAG,KAAK,CAAC;QAC/C,IAAA,eAAM,EAAC,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACvB,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/proxy/index.d.ts

@@ -0,0 +1,61 @@
+export { LLMProxyServer } from './proxy-server';
+export { PolicyEnforcer } from './policy-enforcer';
+export { ThreatEngine } from './threat-engine';
+export { RedactionEngine } from './redaction-engine';
+export declare const DEFAULT_POLICIES: ({
+    id: string;
+    name: string;
+    enabled: boolean;
+    priority: number;
+    action: "block";
+    threatTypes: string[];
+    minSeverity: string;
+    minConfidence: number;
+    direction: "input";
+    description: string;
+} | {
+    id: string;
+    name: string;
+    enabled: boolean;
+    priority: number;
+    action: "block";
+    threatTypes: string[];
+    minSeverity: string;
+    minConfidence: number;
+    direction: "output";
+    description: string;
+} | {
+    id: string;
+    name: string;
+    enabled: boolean;
+    priority: number;
+    action: "redact";
+    threatTypes: string[];
+    minSeverity: string;
+    minConfidence: number;
+    direction: "output";
+    description: string;
+} | {
+    id: string;
+    name: string;
+    enabled: boolean;
+    priority: number;
+    action: "warn";
+    threatTypes: string[];
+    minSeverity: string;
+    minConfidence: number;
+    direction: "input";
+    description: string;
+} | {
+    id: string;
+    name: string;
+    enabled: boolean;
+    priority: number;
+    action: "block";
+    threatTypes: string[];
+    minSeverity: string;
+    minConfidence: number;
+    direction: "both";
+    description: string;
+})[];
+//# sourceMappingURL=index.d.ts.map

package/dist/proxy/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/proxy/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AAChD,OAAO,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AACnD,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAC/C,OAAO,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AAErD,eAAO,MAAM,gBAAgB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;IA6D5B,CAAC"}

package/dist/proxy/index.js

@@ -0,0 +1,74 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DEFAULT_POLICIES = exports.RedactionEngine = exports.ThreatEngine = exports.PolicyEnforcer = exports.LLMProxyServer = void 0;
+var proxy_server_1 = require("./proxy-server");
+Object.defineProperty(exports, "LLMProxyServer", { enumerable: true, get: function () { return proxy_server_1.LLMProxyServer; } });
+var policy_enforcer_1 = require("./policy-enforcer");
+Object.defineProperty(exports, "PolicyEnforcer", { enumerable: true, get: function () { return policy_enforcer_1.PolicyEnforcer; } });
+var threat_engine_1 = require("./threat-engine");
+Object.defineProperty(exports, "ThreatEngine", { enumerable: true, get: function () { return threat_engine_1.ThreatEngine; } });
+var redaction_engine_1 = require("./redaction-engine");
+Object.defineProperty(exports, "RedactionEngine", { enumerable: true, get: function () { return redaction_engine_1.RedactionEngine; } });
+exports.DEFAULT_POLICIES = [
+    {
+        id: 'default-block-prompt-injection',
+        name: 'Block Prompt Injection',
+        enabled: true,
+        priority: 100,
+        action: 'block',
+        threatTypes: ['PROMPT_INJECTION', 'JAILBREAK'],
+        minSeverity: 'medium',
+        minConfidence: 0.7,
+        direction: 'input',
+        description: 'Blocks prompt injection and jailbreak attempts',
+    },
+    {
+        id: 'default-block-data-leakage',
+        name: 'Block Data Leakage',
+        enabled: true,
+        priority: 90,
+        action: 'block',
+        threatTypes: ['DATA_LEAKAGE', 'MODEL_THEFT'],
+        minSeverity: 'high',
+        minConfidence: 0.8,
+        direction: 'output',
+        description: 'Blocks data leakage and model theft in responses',
+    },
+    {
+        id: 'default-redact-pii',
+        name: 'Redact PII',
+        enabled: true,
+        priority: 80,
+        action: 'redact',
+        threatTypes: ['PII_EXPOSURE'],
+        minSeverity: 'low',
+        minConfidence: 0.3,
+        direction: 'output',
+        description: 'Redacts personally identifiable information from responses',
+    },
+    {
+        id: 'default-warn-suspicious',
+        name: 'Warn Suspicious Content',
+        enabled: true,
+        priority: 50,
+        action: 'warn',
+        threatTypes: ['ANOMALOUS_BEHAVIOR', 'UNAUTHORIZED_ACCESS'],
+        minSeverity: 'medium',
+        minConfidence: 0.5,
+        direction: 'input',
+        description: 'Warns on suspicious or unauthorized access patterns',
+    },
+    {
+        id: 'default-block-agent-compromise',
+        name: 'Block Agent Compromise',
+        enabled: true,
+        priority: 110,
+        action: 'block',
+        threatTypes: ['AGENT_COMPROMISE'],
+        minSeverity: 'medium',
+        minConfidence: 0.6,
+        direction: 'both',
+        description: 'Blocks agent compromise attempts',
+    },
+];
+//# sourceMappingURL=index.js.map

package/dist/proxy/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/proxy/index.ts"],"names":[],"mappings":";;;AAAA,+CAAgD;AAAvC,8GAAA,cAAc,OAAA;AACvB,qDAAmD;AAA1C,iHAAA,cAAc,OAAA;AACvB,iDAA+C;AAAtC,6GAAA,YAAY,OAAA;AACrB,uDAAqD;AAA5C,mHAAA,eAAe,OAAA;AAEX,QAAA,gBAAgB,GAAG;IAC9B;QACE,EAAE,EAAE,gCAAgC;QACpC,IAAI,EAAE,wBAAwB;QAC9B,OAAO,EAAE,IAAI;QACb,QAAQ,EAAE,GAAG;QACb,MAAM,EAAE,OAAgB;QACxB,WAAW,EAAE,CAAC,kBAAkB,EAAE,WAAW,CAAC;QAC9C,WAAW,EAAE,QAAQ;QACrB,aAAa,EAAE,GAAG;QAClB,SAAS,EAAE,OAAgB;QAC3B,WAAW,EAAE,gDAAgD;KAC9D;IACD;QACE,EAAE,EAAE,4BAA4B;QAChC,IAAI,EAAE,oBAAoB;QAC1B,OAAO,EAAE,IAAI;QACb,QAAQ,EAAE,EAAE;QACZ,MAAM,EAAE,OAAgB;QACxB,WAAW,EAAE,CAAC,cAAc,EAAE,aAAa,CAAC;QAC5C,WAAW,EAAE,MAAM;QACnB,aAAa,EAAE,GAAG;QAClB,SAAS,EAAE,QAAiB;QAC5B,WAAW,EAAE,kDAAkD;KAChE;IACD;QACE,EAAE,EAAE,oBAAoB;QACxB,IAAI,EAAE,YAAY;QAClB,OAAO,EAAE,IAAI;QACb,QAAQ,EAAE,EAAE;QACZ,MAAM,EAAE,QAAiB;QACzB,WAAW,EAAE,CAAC,cAAc,CAAC;QAC7B,WAAW,EAAE,KAAK;QAClB,aAAa,EAAE,GAAG;QAClB,SAAS,EAAE,QAAiB;QAC5B,WAAW,EAAE,4DAA4D;KAC1E;IACD;QACE,EAAE,EAAE,yBAAyB;QAC7B,IAAI,EAAE,yBAAyB;QAC/B,OAAO,EAAE,IAAI;QACb,QAAQ,EAAE,EAAE;QACZ,MAAM,EAAE,MAAe;QACvB,WAAW,EAAE,CAAC,oBAAoB,EAAE,qBAAqB,CAAC;QAC1D,WAAW,EAAE,QAAQ;QACrB,aAAa,EAAE,GAAG;QAClB,SAAS,EAAE,OAAgB;QAC3B,WAAW,EAAE,qDAAqD;KACnE;IACD;QACE,EAAE,EAAE,gCAAgC;QACpC,IAAI,EAAE,wBAAwB;QAC9B,OAAO,EAAE,IAAI;QACb,QAAQ,EAAE,GAAG;QACb,MAAM,EAAE,OAAgB;QACxB,WAAW,EAAE,CAAC,kBAAkB,CAAC;QACjC,WAAW,EAAE,QAAQ;QACrB,aAAa,EAAE,GAAG;QAClB,SAAS,EAAE,MAAe;QAC1B,WAAW,EAAE,kCAAkC;KAChD;CACF,CAAC"}

package/dist/proxy/policy-enforcer.d.ts

@@ -0,0 +1,30 @@
+import { ProxyDecision, ProxyAction } from '../types';
+import { ThreatEngine } from './threat-engine';
+import { RedactionEngine } from './redaction-engine';
+export interface LocalPolicy {
+    id: string;
+    name: string;
+    enabled: boolean;
+    priority: number;
+    action: ProxyAction;
+    threatTypes: string[];
+    minSeverity: string;
+    minConfidence: number;
+    direction: 'input' | 'output' | 'both';
+    description?: string;
+}
+export declare class PolicyEnforcer {
+    private threatEngine;
+    private redactionEngine;
+    private policies;
+    private mode;
+    constructor(threatEngine?: ThreatEngine, redactionEngine?: RedactionEngine);
+    /** Exposed for the proxy-server's structure-aware response redaction. */
+    getRedactionEngine(): RedactionEngine;
+    setMode(mode: 'monitor' | 'enforce' | 'quarantine'): void;
+    setPolicies(policies: LocalPolicy[]): void;
+    addPolicy(policy: LocalPolicy): void;
+    enforce(content: string, direction: 'input' | 'output'): ProxyDecision;
+    private matchesPolicy;
+}
+//# sourceMappingURL=policy-enforcer.d.ts.map

package/dist/proxy/policy-enforcer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy-enforcer.d.ts","sourceRoot":"","sources":["../../src/proxy/policy-enforcer.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAqB,WAAW,EAAE,MAAM,UAAU,CAAC;AACzE,OAAO,EAAE,YAAY,EAAgB,MAAM,iBAAiB,CAAC;AAC7D,OAAO,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AAGrD,MAAM,WAAW,WAAW;IAC1B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,OAAO,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,WAAW,CAAC;IACpB,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,WAAW,EAAE,MAAM,CAAC;IACpB,aAAa,EAAE,MAAM,CAAC;IACtB,SAAS,EAAE,OAAO,GAAG,QAAQ,GAAG,MAAM,CAAC;IACvC,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAWD,qBAAa,cAAc;IACzB,OAAO,CAAC,YAAY,CAAe;IACnC,OAAO,CAAC,eAAe,CAAkB;IACzC,OAAO,CAAC,QAAQ,CAAuC;IACvD,OAAO,CAAC,IAAI,CAAmD;gBAEnD,YAAY,CAAC,EAAE,YAAY,EAAE,eAAe,CAAC,EAAE,eAAe;IAK1E,yEAAyE;IACzE,kBAAkB,IAAI,eAAe;IAIrC,OAAO,CAAC,IAAI,EAAE,SAAS,GAAG,SAAS,GAAG,YAAY,GAAG,IAAI;IAKzD,WAAW,CAAC,QAAQ,EAAE,WAAW,EAAE,GAAG,IAAI;IAU1C,SAAS,CAAC,MAAM,EAAE,WAAW,GAAG,IAAI;IAMpC,OAAO,CAAC,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,OAAO,GAAG,QAAQ,GAAG,aAAa;IA+FtE,OAAO,CAAC,aAAa;CAatB"}

package/dist/proxy/policy-enforcer.js

@@ -0,0 +1,143 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PolicyEnforcer = void 0;
+const threat_engine_1 = require("./threat-engine");
+const redaction_engine_1 = require("./redaction-engine");
+const logger_1 = require("../logger");
+const ACTION_PRIORITY = {
+    block: 4,
+    redact: 3,
+    warn: 2,
+    allow: 1,
+};
+const FORCE_BLOCK_THREATS = new Set(['PROMPT_INJECTION', 'JAILBREAK', 'MODEL_THEFT', 'AGENT_COMPROMISE']);
+class PolicyEnforcer {
+    constructor(threatEngine, redactionEngine) {
+        this.policies = new Map();
+        this.mode = 'enforce';
+        this.threatEngine = threatEngine ?? new threat_engine_1.ThreatEngine();
+        this.redactionEngine = redactionEngine ?? new redaction_engine_1.RedactionEngine();
+    }
+    /** Exposed for the proxy-server's structure-aware response redaction. */
+    getRedactionEngine() {
+        return this.redactionEngine;
+    }
+    setMode(mode) {
+        this.mode = mode;
+        logger_1.logger.info('Policy enforcer mode set', { mode });
+    }
+    setPolicies(policies) {
+        this.policies.clear();
+        for (const p of policies) {
+            if (p.enabled) {
+                this.policies.set(p.id, p);
+            }
+        }
+        logger_1.logger.info('Policies updated', { count: this.policies.size });
+    }
+    addPolicy(policy) {
+        if (policy.enabled) {
+            this.policies.set(policy.id, policy);
+        }
+    }
+    enforce(content, direction) {
+        const analysis = this.threatEngine.analyze(content, direction);
+        if (!analysis.detected) {
+            return {
+                action: 'allow',
+                reason: 'No threats detected',
+                triggeredRules: [],
+                threats: [],
+                riskScore: 0,
+            };
+        }
+        // In monitor mode, always allow but report
+        if (this.mode === 'monitor') {
+            return {
+                action: 'allow',
+                reason: `[MONITOR] Detected ${analysis.signals.length} threat(s)`,
+                triggeredRules: analysis.signals.map(s => s.type),
+                threats: analysis.signals,
+                riskScore: analysis.riskScore,
+            };
+        }
+        if (this.mode === 'quarantine') {
+            return {
+                action: 'block',
+                reason: 'Quarantine mode: all threats blocked',
+                triggeredRules: analysis.signals.map(s => s.type),
+                threats: analysis.signals,
+                riskScore: analysis.riskScore,
+            };
+        }
+        // Evaluate against policies
+        const sortedPolicies = [...this.policies.values()].sort((a, b) => b.priority - a.priority);
+        let finalAction = 'allow';
+        let finalReason = 'No matching policy';
+        const allTriggered = [];
+        for (const policy of sortedPolicies) {
+            const matched = this.matchesPolicy(policy, analysis.signals, direction);
+            if (matched) {
+                allTriggered.push(policy.name || policy.id);
+                if (ACTION_PRIORITY[policy.action] > ACTION_PRIORITY[finalAction]) {
+                    finalAction = policy.action;
+                    finalReason = `Policy '${policy.name || policy.id}' matched`;
+                }
+            }
+        }
+        // If no policy matched but threats exist, apply default based on severity
+        if (allTriggered.length === 0 && analysis.signals.length > 0) {
+            const hasHighSeverity = analysis.signals.some(s => s.severity === 'high' || s.severity === 'critical');
+            if (hasHighSeverity) {
+                finalAction = 'block';
+                finalReason = 'Auto-blocked: high severity threat detected, no matching policy';
+            }
+            else {
+                finalAction = 'warn';
+                finalReason = 'Auto-warn: low severity threat detected, no matching policy';
+            }
+        }
+        // Force-block specific threat types
+        const hasForceBlock = analysis.signals.some(s => FORCE_BLOCK_THREATS.has(s.type));
+        if (hasForceBlock && finalAction !== 'block') {
+            finalAction = 'block';
+            finalReason = 'Force-blocked due to dangerous threat type';
+        }
+        let processedContent = content;
+        if (finalAction === 'redact') {
+            const threatTypes = analysis.signals.map(s => s.type);
+            processedContent = this.redactionEngine.redact(content, threatTypes);
+        }
+        logger_1.logger.info('Policy enforcement', {
+            action: finalAction,
+            threats: analysis.signals.length,
+            riskScore: analysis.riskScore,
+            direction,
+            reason: finalReason,
+        });
+        return {
+            action: finalAction,
+            reason: finalReason,
+            triggeredRules: allTriggered,
+            threats: analysis.signals,
+            riskScore: analysis.riskScore,
+        };
+    }
+    matchesPolicy(policy, threats, direction) {
+        if (policy.direction !== 'both' && policy.direction !== direction)
+            return false;
+        const severityOrder = { info: 0, low: 1, medium: 2, high: 3, critical: 4 };
+        const minSevIdx = severityOrder[policy.minSeverity] ?? 0;
+        return threats.some(threat => {
+            if (policy.threatTypes.length > 0 && !policy.threatTypes.includes(threat.type))
+                return false;
+            if (severityOrder[threat.severity] < minSevIdx)
+                return false;
+            if (threat.confidence < policy.minConfidence)
+                return false;
+            return true;
+        });
+    }
+}
+exports.PolicyEnforcer = PolicyEnforcer;
+//# sourceMappingURL=policy-enforcer.js.map

package/dist/proxy/policy-enforcer.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy-enforcer.js","sourceRoot":"","sources":["../../src/proxy/policy-enforcer.ts"],"names":[],"mappings":";;;AACA,mDAA6D;AAC7D,yDAAqD;AACrD,sCAAmC;AAenC,MAAM,eAAe,GAAgC;IACnD,KAAK,EAAE,CAAC;IACR,MAAM,EAAE,CAAC;IACT,IAAI,EAAE,CAAC;IACP,KAAK,EAAE,CAAC;CACT,CAAC;AAEF,MAAM,mBAAmB,GAAG,IAAI,GAAG,CAAC,CAAC,kBAAkB,EAAE,WAAW,EAAE,aAAa,EAAE,kBAAkB,CAAC,CAAC,CAAC;AAE1G,MAAa,cAAc;IAMzB,YAAY,YAA2B,EAAE,eAAiC;QAHlE,aAAQ,GAA6B,IAAI,GAAG,EAAE,CAAC;QAC/C,SAAI,GAAyC,SAAS,CAAC;QAG7D,IAAI,CAAC,YAAY,GAAG,YAAY,IAAI,IAAI,4BAAY,EAAE,CAAC;QACvD,IAAI,CAAC,eAAe,GAAG,eAAe,IAAI,IAAI,kCAAe,EAAE,CAAC;IAClE,CAAC;IAED,yEAAyE;IACzE,kBAAkB;QAChB,OAAO,IAAI,CAAC,eAAe,CAAC;IAC9B,CAAC;IAED,OAAO,CAAC,IAA0C;QAChD,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;QACjB,eAAM,CAAC,IAAI,CAAC,0BAA0B,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC;IACpD,CAAC;IAED,WAAW,CAAC,QAAuB;QACjC,IAAI,CAAC,QAAQ,CAAC,KAAK,EAAE,CAAC;QACtB,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;YACzB,IAAI,CAAC,CAAC,OAAO,EAAE,CAAC;gBACd,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;YAC7B,CAAC;QACH,CAAC;QACD,eAAM,CAAC,IAAI,CAAC,kBAAkB,EAAE,EAAE,KAAK,EAAE,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC;IACjE,CAAC;IAED,SAAS,CAAC,MAAmB;QAC3B,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;YACnB,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,EAAE,MAAM,CAAC,CAAC;QACvC,CAAC;IACH,CAAC;IAED,OAAO,CAAC,OAAe,EAAE,SAA6B;QACpD,MAAM,QAAQ,GAAiB,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;QAE7E,IAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC;YACvB,OAAO;gBACL,MAAM,EAAE,OAAO;gBACf,MAAM,EAAE,qBAAqB;gBAC7B,cAAc,EAAE,EAAE;gBAClB,OAAO,EAAE,EAAE;gBACX,SAAS,EAAE,CAAC;aACb,CAAC;QACJ,CAAC;QAED,2CAA2C;QAC3C,IAAI,IAAI,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;YAC5B,OAAO;gBACL,MAAM,EAAE,OAAO;gBACf,MAAM,EAAE,sBAAsB,QAAQ,CAAC,OAAO,CAAC,MAAM,YAAY;gBACjE,cAAc,EAAE,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;gBACjD,OAAO,EAAE,QAAQ,CAAC,OAAO;gBACzB,SAAS,EAAE,QAAQ,CAAC,SAAS;aAC9B,CAAC;QACJ,CAAC;QAED,IAAI,IAAI,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;YAC/B,OAAO;gBACL,MAAM,EAAE,OAAO;gBACf,MAAM,EAAE,sCAAsC;gBAC9C,cAAc,EAAE,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;gBACjD,OAAO,EAAE,QAAQ,CAAC,OAAO;gBACzB,SAAS,EAAE,QAAQ,CAAC,SAAS;aAC9B,CAAC;QACJ,CAAC;QAED,4BAA4B;QAC5B,MAAM,cAAc,GAAG,CAAC,GAAG,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,GAAG,CAAC,CAAC,QAAQ,CAAC,CAAC;QAC3F,IAAI,WAAW,GAAgB,OAAO,CAAC;QACvC,IAAI,WAAW,GAAG,oBAAoB,CAAC;QACvC,MAAM,YAAY,GAAa,EAAE,CAAC;QAElC,KAAK,MAAM,MAAM,IAAI,cAAc,EAAE,CAAC;YACpC,MAAM,OAAO,GAAG,IAAI,CAAC,aAAa,CAAC,MAAM,EAAE,QAAQ,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;YACxE,IAAI,OAAO,EAAE,CAAC;gBACZ,YAAY,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,IAAI,MAAM,CAAC,EAAE,CAAC,CAAC;gBAC5C,IAAI,eAAe,CAAC,MAAM,CAAC,MAAM,CAAC,GAAG,eAAe,CAAC,WAAW,CAAC,EAAE,CAAC;oBAClE,WAAW,GAAG,MAAM,CAAC,MAAM,CAAC;oBAC5B,WAAW,GAAG,WAAW,MAAM,CAAC,IAAI,IAAI,MAAM,CAAC,EAAE,WAAW,CAAC;gBAC/D,CAAC;YACH,CAAC;QACH,CAAC;QAED,0EAA0E;QAC1E,IAAI,YAAY,CAAC,MAAM,KAAK,CAAC,IAAI,QAAQ,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC7D,MAAM,eAAe,GAAG,QAAQ,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAChD,CAAC,CAAC,QAAQ,KAAK,MAAM,IAAI,CAAC,CAAC,QAAQ,KAAK,UAAU,CACnD,CAAC;YACF,IAAI,eAAe,EAAE,CAAC;gBACpB,WAAW,GAAG,OAAO,CAAC;gBACtB,WAAW,GAAG,iEAAiE,CAAC;YAClF,CAAC;iBAAM,CAAC;gBACN,WAAW,GAAG,MAAM,CAAC;gBACrB,WAAW,GAAG,6DAA6D,CAAC;YAC9E,CAAC;QACH,CAAC;QAED,oCAAoC;QACpC,MAAM,aAAa,GAAG,QAAQ,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,mBAAmB,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;QAClF,IAAI,aAAa,IAAI,WAAW,KAAK,OAAO,EAAE,CAAC;YAC7C,WAAW,GAAG,OAAO,CAAC;YACtB,WAAW,GAAG,4CAA4C,CAAC;QAC7D,CAAC;QAED,IAAI,gBAAgB,GAAG,OAAO,CAAC;QAC/B,IAAI,WAAW,KAAK,QAAQ,EAAE,CAAC;YAC7B,MAAM,WAAW,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;YACtD,gBAAgB,GAAG,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;QACvE,CAAC;QAED,eAAM,CAAC,IAAI,CAAC,oBAAoB,EAAE;YAChC,MAAM,EAAE,WAAW;YACnB,OAAO,EAAE,QAAQ,CAAC,OAAO,CAAC,MAAM;YAChC,SAAS,EAAE,QAAQ,CAAC,SAAS;YAC7B,SAAS;YACT,MAAM,EAAE,WAAW;SACpB,CAAC,CAAC;QAEH,OAAO;YACL,MAAM,EAAE,WAAW;YACnB,MAAM,EAAE,WAAW;YACnB,cAAc,EAAE,YAAY;YAC5B,OAAO,EAAE,QAAQ,CAAC,OAAO;YACzB,SAAS,EAAE,QAAQ,CAAC,SAAS;SAC9B,CAAC;IACJ,CAAC;IAEO,aAAa,CAAC,MAAmB,EAAE,OAA4B,EAAE,SAA6B;QACpG,IAAI,MAAM,CAAC,SAAS,KAAK,MAAM,IAAI,MAAM,CAAC,SAAS,KAAK,SAAS;YAAE,OAAO,KAAK,CAAC;QAEhF,MAAM,aAAa,GAA2B,EAAE,IAAI,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,QAAQ,EAAE,CAAC,EAAE,CAAC;QACnG,MAAM,SAAS,GAAG,aAAa,CAAC,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;QAEzD,OAAO,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE;YAC3B,IAAI,MAAM,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC;gBAAE,OAAO,KAAK,CAAC;YAC7F,IAAI,aAAa,CAAC,MAAM,CAAC,QAAQ,CAAC,GAAG,SAAS;gBAAE,OAAO,KAAK,CAAC;YAC7D,IAAI,MAAM,CAAC,UAAU,GAAG,MAAM,CAAC,aAAa;gBAAE,OAAO,KAAK,CAAC;YAC3D,OAAO,IAAI,CAAC;QACd,CAAC,CAAC,CAAC;IACL,CAAC;CACF;AAjJD,wCAiJC"}

package/dist/proxy/proxy-server.d.ts

@@ -0,0 +1,42 @@
+import { ProxyConfig } from '../config';
+import { PolicyEnforcer } from './policy-enforcer';
+export declare class LLMProxyServer {
+    private server;
+    private httpsServer;
+    private enforcer;
+    private config;
+    private activeRequests;
+    constructor(config: ProxyConfig, enforcer: PolicyEnforcer);
+    start(): Promise<void>;
+    stop(): Promise<void>;
+    private handleRequest;
+    private forwardRequest;
+    private forwardStreamingResponse;
+    private rewriteStreamingSseLine;
+    private allowDecision;
+    private isLLMRequest;
+    private resolveUpstream;
+    private collectBody;
+    private filterHeaders;
+    /**
+     * Apply RedactionEngine to a response body while preserving structure.
+     *
+     * For chat-completion / messages JSON responses we walk into known textual
+     * fields (`choices[].message.content`, `choices[].delta.content`, top-level
+     * `content[].text`, Anthropic-style `content[]` blocks) and redact those
+     * strings only. For SSE streams (text/event-stream) we redact each `data:`
+     * line's JSON payload in place. For anything else we redact the raw body.
+     *
+     * The previous TODO that returned the body unchanged caused REDACT decisions
+     * to silently pass through unredacted (S-C6).
+     */
+    private applyRedactionToResponse;
+    /**
+     * Walk a parsed JSON tree and replace text content in known LLM response
+     * shapes with redacted versions. We modify in place to preserve the rest
+     * of the object structure (function_call, tool_calls, finish_reason, etc.).
+     */
+    private _walkAndRedactJson;
+    private recordProxyEvent;
+}
+//# sourceMappingURL=proxy-server.d.ts.map

package/dist/proxy/proxy-server.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"proxy-server.d.ts","sourceRoot":"","sources":["../../src/proxy/proxy-server.ts"],"names":[],"mappings":"AAMA,OAAO,EAAE,WAAW,EAAE,MAAM,WAAW,CAAC;AACxC,OAAO,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AAcnD,qBAAa,cAAc;IACzB,OAAO,CAAC,MAAM,CAA4B;IAC1C,OAAO,CAAC,WAAW,CAA6B;IAChD,OAAO,CAAC,QAAQ,CAAiB;IACjC,OAAO,CAAC,MAAM,CAAc;IAC5B,OAAO,CAAC,cAAc,CAA0C;gBAEpD,MAAM,EAAE,WAAW,EAAE,QAAQ,EAAE,cAAc;IAKnD,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAgEtB,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;YAYb,aAAa;YAyHb,cAAc;YAuJd,wBAAwB;IAsHtC,OAAO,CAAC,uBAAuB;IA4B/B,OAAO,CAAC,aAAa;IAUrB,OAAO,CAAC,YAAY;IAepB,OAAO,CAAC,eAAe;IAyCvB,OAAO,CAAC,WAAW;IAyBnB,OAAO,CAAC,aAAa;IAgBrB;;;;;;;;;;;OAWG;IACH,OAAO,CAAC,wBAAwB;IAqChC;;;;OAIG;IACH,OAAO,CAAC,kBAAkB;IAgE1B,OAAO,CAAC,gBAAgB;CAczB"}