@queno/agent-node 0.1.2

package/README.md

@@ -0,0 +1,421 @@
+# @queno/agent-node
+
+> Runtime Application Self-Protection for Node.js - Express · Fastify · NestJS
+
+[![npm version](https://img.shields.io/badge/npm-0.1.2-blue)](https://www.npmjs.com/package/@queno/agent-node)
+[![node](https://img.shields.io/badge/node-%3E%3D18-brightgreen)](https://nodejs.org)
+[![license](https://img.shields.io/badge/license-MIT-green)](./LICENSE)
+[![build](https://img.shields.io/badge/build-passing-brightgreen)](#)
+
+`@queno/agent-node` is a lightweight RASP agent that installs inside your Node.js application and **detects, redacts, audits, and optionally blocks** runtime attacks - without a proxy, without a WAF, and without crashing your app.
+
+It instruments Express, Fastify, and NestJS middleware to inspect each incoming request against 10 built-in attack detectors. Sensitive data is redacted **before leaving the process**, a tamper-evident audit log is written locally, and security events are forwarded to the RASP collector.
+
+---
+
+## Features
+
+- **10 built-in detectors** - SQL injection, XSS, Command injection, Path traversal, NoSQL injection, SSRF, Prototype pollution, Template injection, Suspicious headers, BOLA/IDOR
+- **Local redaction engine** - key-based denylist + value-based (email, card, SIN/RAMQ, IP). Redaction happens *before* telemetry leaves the process
+- **Local JSONL audit log** - metadata-only, never raw sensitive values, with automatic rotation
+- **Monitor and block modes** - monitor by default; block must be explicitly enabled or pushed via signed policy
+- **Signed policy distribution** - Ed25519 signed configuration from the dashboard (mode, custom rules, redaction config). Agents verify before applying
+- **Passive API discovery** - observes endpoints at runtime, normalizes routes, flushes inventory to the collector
+- **Self-protection (optional)** - AES-256-GCM in-memory secret store, anti-debug detection, DB hook integrity
+- **Fail-open** - any internal error is swallowed; the agent never crashes the host application
+- **Single runtime dependency** - only `zod`. No axios, no winston, no lodash
+
+---
+
+## Requirements
+
+| Requirement | Version |
+|---|---|
+| Node.js | **≥ 18** |
+| TypeScript | ≥ 5 (optional) |
+| Framework | Express ≥ 4, Fastify ≥ 4, or NestJS ≥ 10 |
+
+> Node ≥ 18 is required for native `crypto` (AES-GCM, Ed25519, HMAC), native `fetch`, and `AsyncLocalStorage`.
+
+---
+
+## Installation
+
+```bash
+# npm
+npm install @queno/agent-node
+
+# pnpm
+pnpm add @queno/agent-node
+
+# yarn
+yarn add @queno/agent-node
+```
+
+Install the peer dependency for your framework - only what you need:
+
+```bash
+# Express
+npm install express
+
+# Fastify
+npm install fastify
+
+# NestJS
+npm install @nestjs/common @nestjs/core
+```
+
+---
+
+## Quickstart
+
+Before you start: create a **Project** and an **Agent** in the RASP dashboard, then copy the `apiKey`, `projectId`, and `agentId`.
+
+### Express
+
+```typescript
+import express from "express";
+import { RaspAgent, createExpressMiddleware } from "@queno/agent-node";
+
+// 1. Create and start the agent
+const agent = new RaspAgent({
+  apiKey:    process.env.RASP_API_KEY!,
+  projectId: process.env.RASP_PROJECT_ID!,
+  agentId:   process.env.RASP_AGENT_ID!,
+  framework: "express",
+  mode:      "monitor", // "monitor" | "block"
+});
+agent.start();
+
+const app = express();
+app.use(express.json());
+app.use(express.urlencoded({ extended: false }));
+
+// 2. Mount the RASP middleware AFTER body parsers
+app.use(createExpressMiddleware(agent));
+
+// 3. Your routes
+app.get("/api/users/:id", (req, res) => {
+  // In block mode, the middleware already replied 403 if an attack was detected
+  res.json({ id: req.params.id });
+});
+
+// 4. Drain on shutdown
+process.on("SIGTERM", async () => {
+  await agent.stop(); // flushes event buffer + closes audit log
+  process.exit(0);
+});
+
+app.listen(3000);
+```
+
+### Fastify
+
+```typescript
+import Fastify from "fastify";
+import { RaspAgent, createFastifyPlugin } from "@queno/agent-node";
+
+const agent = new RaspAgent({
+  apiKey:    process.env.RASP_API_KEY!,
+  projectId: process.env.RASP_PROJECT_ID!,
+  agentId:   process.env.RASP_AGENT_ID!,
+  framework: "fastify",
+});
+agent.start();
+
+const fastify = Fastify({ logger: true });
+
+// Register as a Fastify plugin
+await fastify.register(createFastifyPlugin(agent));
+
+fastify.get("/api/items", async () => ({ items: [] }));
+
+await fastify.listen({ port: 3000 });
+
+process.on("SIGTERM", async () => {
+  await fastify.close();
+  await agent.stop();
+});
+```
+
+> **Note:** The Fastify plugin hooks into `onRequest` (before body parsing). To inspect request bodies, add a `preHandler` hook after plugin registration.
+
+### NestJS
+
+```typescript
+// rasp.module.ts
+import { Module, NestModule, MiddlewareConsumer } from "@nestjs/common";
+import { RaspAgent, createNestMiddleware } from "@queno/agent-node";
+
+export const raspAgent = new RaspAgent({
+  apiKey:    process.env.RASP_API_KEY!,
+  projectId: process.env.RASP_PROJECT_ID!,
+  agentId:   process.env.RASP_AGENT_ID!,
+  framework: "nestjs",
+});
+raspAgent.start();
+
+@Module({ imports: [/* your modules */] })
+export class AppModule implements NestModule {
+  configure(consumer: MiddlewareConsumer) {
+    consumer
+      .apply(createNestMiddleware(raspAgent))
+      .forRoutes("*");
+  }
+}
+```
+
+```typescript
+// main.ts - graceful shutdown
+import { raspAgent } from "./rasp.module";
+
+process.on("SIGTERM", async () => {
+  await raspAgent.stop();
+});
+```
+
+---
+
+## Configuration
+
+Pass a `RaspConfig` object to the `RaspAgent` constructor. All fields except `apiKey`, `projectId`, and `agentId` are optional with safe defaults.
+
+| Option | Type | Default | Min | Description |
+|---|---|---|---|---|
+| `apiKey` * | `string` | - | - | API key generated in the dashboard |
+| `projectId` * | `string` | - | - | Project ID |
+| `agentId` * | `string` | - | - | Agent ID (registered in the dashboard) |
+| `mode` | `"monitor" \| "block"` | `"monitor"` | - | Initial mode. Can be overridden by a signed policy |
+| `channel` | `"stable" \| "early" \| "edge"` | `"stable"` | - | Policy and version distribution channel |
+| `heartbeatIntervalMs` | `number` | `30000` | `5000` | Heartbeat interval |
+| `flushIntervalMs` | `number` | `5000` | `1000` | Event buffer flush interval |
+| `bufferMaxSize` | `number` | `50` | `1` | Flush also triggers at this buffer size |
+| `transportTimeoutMs` | `number` | `5000` | `500` | HTTP timeout to the collector |
+| `auditLog` | `boolean` | `true` | - | Enable local JSONL audit log |
+| `auditLogPath` | `string` | `"./rasp-audit.log"` | - | Local audit log path |
+| `auditLogMaxBytes` | `number` | `10485760` | `1` | Rotation size (10 MB default) |
+| `discoveryFlushIntervalMs` | `number` | `60000` | `5000` | API discovery flush interval |
+| `hmacSecret` | `string` | - | - | HMAC-SHA256 secret if `HMAC_REQUIRED=true` on the collector |
+| `instrumentDb` | `boolean` | `false` | - | Enable DB driver monkey-patching for BOLA correlation (`pg`, `mysql2`, `mongoose`, `knex`, `sequelize`, Prisma) |
+| `selfProtect` | `boolean` | `false` | - | Enable anti-debug, hook integrity checks, extended SecureStore |
+| `policyPublicKey` | `string` | Dev key (built-in) | - | Ed25519 PEM public key. **Override in production** |
+| `agentVersion` | `string` | - | - | Reported in heartbeats |
+| `framework` | `string` | - | - | Free-form tag reported in heartbeats |
+| `tls` | `object` | - | - | TLS/mTLS: `caCert`, `clientCert`, `clientKey`, `collectorFingerprints`, `rejectUnauthorized` |
+
+### Environment variables
+
+Two environment variables are read from `process.env` by `src/config.ts`:
+
+| Variable | Default | Description |
+|---|---|---|
+| `RASP_COLLECTOR_URL` | `https://collector.rasp.dev` | Override the collector URL (dev/staging) |
+| `RASP_POLICY_PUBLIC_KEY` | Built-in dev key | Override the trusted Ed25519 public key |
+
+All other options are passed directly via `RaspConfig` - not read from the environment.
+
+---
+
+## Modes
+
+### Monitor (default)
+
+All requests pass through. Detections are reported as events to the collector and visible in the dashboard. **No impact on your application's responses.**
+
+```typescript
+const agent = new RaspAgent({ ..., mode: "monitor" });
+```
+
+### Block
+
+When an attack is detected, the middleware replies with `HTTP 403` and does **not** call `next()`:
+
+```json
+{ "error": "Request blocked by RASP", "eventType": "sql_injection" }
+```
+
+```typescript
+const agent = new RaspAgent({ ..., mode: "block" });
+```
+
+> **Important:** Always read `agent.mode` at runtime - the mode may change via a signed policy pushed from the dashboard. Do not rely on the boot config value.
+
+### Kill-switch
+
+If the dashboard activates a kill-switch (per-agent or global), the agent's `inspect()` becomes a no-op on the next heartbeat. The agent stops sending telemetry but continues heartbeating to detect when the kill-switch is lifted. **Recovery is automatic.**
+
+---
+
+## Detectors
+
+| # | Detector | Severity | Targets |
+|---|---|---|---|
+| 1 | SQL injection | critical | query, body, path |
+| 2 | XSS | high | query, body |
+| 3 | Command injection | critical | query, body, path |
+| 4 | Path traversal | high | query, body, path |
+| 5 | NoSQL injection | high | query, body |
+| 6 | SSRF | high | query, body |
+| 7 | Prototype pollution | critical | query, body |
+| 8 | Template injection | high | query, body |
+| 9 | Suspicious headers | medium/high | headers |
+| 10 | BOLA / IDOR | high | path, JWT `sub` |
+
+Detection is **synchronous** on the request path. All telemetry side-effects (redaction, audit, buffer, transport) are **async fire-and-forget**.
+
+---
+
+## Security & Privacy
+
+### Redaction before transport
+
+The redaction engine runs **before** any event enters the transport buffer. If redaction throws, the event is **dropped** (fail-closed) and logged locally with `dropped: true`. No raw sensitive value ever leaves the process.
+
+**Default key redaction:** `authorization`, `cookie`, `password`, `secret`, `token`, `api_key`, `ssn`, `credit_card`, `cvv`, `pin`, `x-api-key` and more.
+
+**Value-based redaction:** emails → `[EMAIL:<hash>]`, Luhn-valid cards → `****-****-****-XXXX`, SIN → `[SIN REDACTED]`, RAMQ → `[HEALTH_ID REDACTED]`, SQL literals → `[STRING]`/`[INT]`.
+
+### Local audit log
+
+Every redaction action is journaled locally as JSONL (`./rasp-audit.log` by default). Contents: timestamp, eventType, severity, redactedFields - **never raw values**. The log never leaves the customer's environment.
+
+### Secrets in memory
+
+`apiKey` and `hmacSecret` are stored encrypted in memory using `SecureStore` (AES-256-GCM, per-process random key). They never appear in heap dumps or crash logs.
+
+### Signed policy
+
+The agent verifies every policy with Ed25519 before applying it. Policies are monotonically versioned - replay attacks are rejected. Without a valid signature, the agent keeps its last known-good policy.
+
+### Transport hardening
+
+- **HMAC-SHA256** payload signing (`X-RASP-Signature` header) - opt-in via `hmacSecret`
+- **TLS certificate pinning** - via `tls.collectorFingerprints` (SHA-256 DER)
+- **mTLS** - via `tls.clientCert` + `tls.clientKey`
+
+### Fail-open (never crash your app)
+
+Every exception inside the agent - in detectors, transport, audit log - is caught and swallowed. The agent never propagates errors to the host application.
+
+---
+
+## Extension
+
+### Custom detector
+
+```typescript
+import { RaspAgent, Detector, NormalizedRequest, DetectionResult } from "@queno/agent-node";
+
+const myDetector: Detector = {
+  name: "my-detector",
+  detect(req: NormalizedRequest): DetectionResult | null {
+    if (req.path.startsWith("/internal")) {
+      return {
+        eventType:    "unauthorized_internal_access",
+        severity:     "high",
+        detectorName: "my-detector",
+        matchedValue: req.path,
+        matchedField: "path",
+      };
+    }
+    return null;
+  },
+};
+
+const agent = new RaspAgent(
+  { apiKey, projectId, agentId },
+  { extraDetectors: [myDetector] },
+);
+```
+
+### Prisma instrumentation (BOLA DB correlation)
+
+```typescript
+import { PrismaClient } from "@prisma/client";
+import { instrumentPrismaClient } from "@queno/agent-node";
+
+const prisma = new PrismaClient({
+  log: [{ emit: "event", level: "query" }], // required
+});
+instrumentPrismaClient(prisma);
+
+const agent = new RaspAgent({ ..., instrumentDb: true });
+```
+
+Also supports `pg`, `mysql2`, `sequelize`, `mongoose`, and `knex` via `instrumentDatabaseDrivers()` (called automatically when `instrumentDb: true`).
+
+---
+
+## Self-protection
+
+When `selfProtect: true`:
+
+- **Anti-debug** - warns if `--inspect`/`--debug` args or a V8 inspector is detected
+- **Hook integrity** - polls every 30s to detect tampering of installed DB driver hooks
+- **SecureStore** - always active regardless of this flag: `apiKey` and `hmacSecret` are encrypted in-process
+
+---
+
+## API discovery
+
+The agent passively observes HTTP endpoints at runtime and normalizes routes (`:id` substitution for numeric, UUID, and CUID-like segments). Observations are flushed every 60 seconds (configurable) to `POST /v1/discovery` on the collector.
+
+Discover shadow APIs, zombie endpoints (no traffic in 30 days), and get an auth coverage heatmap in the dashboard. Export your live API inventory as an OpenAPI spec.
+
+---
+
+## Development warning
+
+> **⚠ The default `policyPublicKey` is a development key** bundled in `src/config.ts`. It works out of the box with the RASP platform seed data. **Before production deployment, override it** with your actual Ed25519 public key via `RaspConfig.policyPublicKey` or `RASP_POLICY_PUBLIC_KEY`.
+
+---
+
+## Architecture overview
+
+```
+Host application
+└── RASP middleware (Express / Fastify / NestJS)
+    ├── inspect(req)
+    │   ├── EndpointObserver.observe()   ← passive API discovery
+    │   ├── Detectors[0..N].detect()     ← first-match, sync
+    │   └── handleDetection() [async]
+    │       ├── RedactionEngine.redact() ← fail-closed on error
+    │       ├── AuditLog.write()         ← local JSONL, never sent
+    │       └── EventBuffer.enqueue()    ← batch flush → collector
+    └── endRequest(outcome)
+        ├── EndpointObserver.observeOutcome()
+        └── correlateBola()              ← DB query correlation (opt-in)
+
+EventBuffer → POST /v1/events  → rasp-collector → PostgreSQL
+Heartbeat   → POST /v1/heartbeat (kill-switch, policy version, upgrade)
+            ← GET  /v1/policy   (Ed25519 signed, verified locally)
+Discovery   → POST /v1/discovery (batched, 60s)
+```
+
+---
+
+## Testing
+
+```bash
+pnpm test          # vitest run
+pnpm test:watch    # vitest watch
+pnpm typecheck     # tsc --noEmit
+```
+
+Test coverage areas: redaction engine, redaction patterns (email/card/SIN/IP), policy rejection, canonical bytes, custom rules, self-protect, hook integrity.
+
+See `examples/banking-api/` for a full end-to-end test harness (Express app with intentionally vulnerable routes).
+
+---
+
+## Further reading
+
+- [`AGENTS.md`](./AGENTS.md) - architecture rules and security invariants for contributors
+- [`examples/banking-api/README.md`](./examples/banking-api/README.md) - local test lab with attack payloads
+- [Technical documentation](../rasp/docs/dossier-technique.html) - full architecture doc, integration guide, design decisions, and recommendations (French)
+
+---
+
+## License
+
+MIT

package/dist/agent.d.ts

@@ -0,0 +1,222 @@
+/**
+ * {@link RaspAgent} - the entry point of the RASP runtime.
+ *
+ * Wires together five subsystems:
+ *  1. Detectors        - pattern matchers run on every incoming request.
+ *  2. Redaction engine - strips secrets/PII before anything leaves the process.
+ *  3. Audit log        - local JSONL trace of every redaction action.
+ *  4. Event buffer     - batches sanitised events to the collector.
+ *  5. Heartbeat        - liveness signal + kill-switch / policy delivery channel.
+ *
+ * Invariants enforced here:
+ *  - {@link RaspAgent.inspect} never throws (fail-open).
+ *  - A detection is **never** enqueued before passing through the redaction
+ *    engine; if redaction fails the event is dropped and audit-logged.
+ *  - When the kill switch is received, inspection is disabled and the buffer
+ *    is drained.
+ */
+import { type ValidatedRaspConfig } from "./config.js";
+import type { RaspConfig, NormalizedRequest, DetectionResult, AgentMode } from "./types.js";
+import { type Detector } from "./detectors/index.js";
+import { type RequestContext } from "./runtime-context.js";
+import type { RequestOutcome } from "./types.js";
+export declare class RaspAgent {
+    /** Fully validated configuration with defaults applied. */
+    readonly cfg: ValidatedRaspConfig;
+    private redaction;
+    private readonly auditLog;
+    private readonly client;
+    private readonly buffer;
+    private readonly heartbeat;
+    /** Built-in signature detectors. */
+    private readonly baseDetectors;
+    /** User-supplied detectors passed to the constructor. */
+    private readonly extraDetectors;
+    /** Active detector chain, rebuilt when custom rules arrive via policy. */
+    private detectors;
+    private readonly observer;
+    private readonly discoveryBuffer;
+    /** Verifies and tracks signed policies distributed by the control plane. */
+    private readonly policyManager;
+    /** Data residency directives applied in {@link handleDetection}. */
+    private dataResidency;
+    /** Version the control plane wants this agent to run (canary cohort / pin). */
+    private targetVersion;
+    /** True when an upgrade is available for this agent. */
+    private upgradePending;
+    /** Set to true after a kill-switch heartbeat - short-circuits {@link inspect}. */
+    private killed;
+    /** Stops the self-protection timer (Addendum E.7); null when disabled. */
+    private stopSelfProtection;
+    /**
+     * Enforcement mode in effect. Initialised from `cfg.mode` and updated
+     * whenever the collector returns a different mode in a heartbeat response.
+     */
+    private currentMode;
+    /**
+     * Deduplication key for `policy_rejected` telemetry: `"<version>:<reason>"`.
+     * Prevents spamming the collector on every heartbeat cycle when the same
+     * policy is repeatedly rejected (e.g. a persistent trust-anchor mismatch).
+     */
+    private lastRejectedPolicyKey;
+    /**
+     * Build a new agent.
+     *
+     * The constructor validates the config (throws on bad input), instantiates
+     * the subsystems and registers the default detectors. The heartbeat loop is
+     * **not** started until {@link start} is called.
+     *
+     * @param rawConfig - User-supplied configuration. Validated via
+     *   {@link validateConfig}; throws if required fields are missing.
+     * @param extraDetectors - Optional custom detectors appended after the
+     *   built-in set. They run in declaration order and the first non-null
+     *   detection wins.
+     */
+    constructor(rawConfig: RaspConfig, extraDetectors?: Detector[]);
+    /**
+     * Start the heartbeat loop. Idempotent.
+     *
+     * Call once during application bootstrap, after the framework middleware
+     * has been registered. The buffer flush timer is already armed by the
+     * constructor.
+     */
+    start(): void;
+    /**
+     * Begin a request's runtime context for DB correlation. Called by the
+     * framework integration at the start of the request, before the handler runs,
+     * so DB queries issued during the request are attributed to it.
+     *
+     * @returns The bound context, or `null` when DB instrumentation is disabled.
+     */
+    beginRequest(req: NormalizedRequest): RequestContext | null;
+    /**
+     * Finalise a request: record its outcome for traffic profiling and, when a
+     * DB context is present, run BOLA-via-DB correlation and report any finding.
+     */
+    endRequest(ctx: RequestContext | null, req: NormalizedRequest, outcome: RequestOutcome): void;
+    /**
+     * The enforcement mode currently in effect. Reflects remote mode changes
+     * (heartbeat) and applied policies, so integrations should consult this
+     * rather than the boot config.
+     */
+    get mode(): AgentMode;
+    /** The policy version currently applied (0 if none). */
+    get policyVersion(): number;
+    /**
+     * Version the control plane wants this agent to run, and whether an upgrade
+     * is pending. The Node agent is delivered as an npm package and cannot
+     * hot-swap its own binary, so the upgrade is surfaced (logged + queryable)
+     * for the host's deployment automation to act on, rather than self-applied.
+     */
+    get desiredVersion(): {
+        targetVersion: string | null;
+        upgradePending: boolean;
+    };
+    /**
+     * React to the target version advertised by the heartbeat. Records the target
+     * and logs an actionable message when an upgrade is available. Never throws.
+     */
+    private handleTargetVersion;
+    /**
+     * Graceful shutdown.
+     *
+     * Stops the heartbeat timer, drains the buffer (final flush) and closes
+     * the audit log file descriptor. Safe to await during process exit.
+     */
+    stop(): Promise<void>;
+    /**
+     * Run every detector against a normalised request.
+     *
+     * Detectors run in registration order; the first one returning a non-null
+     * result wins. Detector exceptions are swallowed so that a bug in one
+     * detector cannot take down the host application.
+     *
+     * @param req - Framework-agnostic request view.
+     * @returns The first {@link DetectionResult} found, or `null` when the
+     *   request is clean (or when the kill switch is active).
+     *
+     * @remarks Side-effects (redaction, audit log, buffering) happen in the
+     *   background via {@link handleDetection}; this method itself returns
+     *   synchronously.
+     */
+    /**
+     * Record the response-phase outcome of a request for API-discovery traffic
+     * profiling (status code, latency, confirmed auth middleware execution).
+     * Called by the framework integration's response hook. Never throws.
+     */
+    observeOutcome(req: NormalizedRequest, outcome: import("./types.js").RequestOutcome): void;
+    inspect(req: NormalizedRequest): DetectionResult | null;
+    /**
+     * Build a raw event payload, redact it, audit-log locally and enqueue it.
+     *
+     * Control flow:
+     *  1. Assemble the raw {@link EventPayload} from config + detection + request.
+     *  2. Run it through the {@link RedactionEngine}. On failure → drop and
+     *     audit-log with `dropped: true`.
+     *  3. If any field was redacted → write a non-dropped audit-log line.
+     *  4. Stamp `auditLoggedLocally` into the event metadata and enqueue.
+     */
+    private handleDetection;
+    /**
+     * Apply data residency directives (Addendum B.3) before an event is queued
+     * for transmission.
+     *
+     * @returns The (possibly trimmed) event to send, or `null` if the event must
+     *   stay local / be skipped. The local audit log has already been written by
+     *   the caller, so dropping here still leaves a verifiable local record.
+     */
+    private applyDataResidency;
+    /**
+     * Handle a kill-switch heartbeat response.
+     *
+     * Disables inspection, drains the buffer and closes the audit log. The
+     * heartbeat scheduler has already stopped itself by the time this is
+     * called.
+     */
+    private handleKillSwitch;
+    /**
+     * Called when the kill switch transitions from active back to inactive.
+     * Re-enables inspection and restarts self-protection if configured.
+     */
+    private handleRecover;
+    /**
+     * React to a policy-version change signalled by the heartbeat.
+     *
+     * Fetches the latest signed policy, verifies its Ed25519 signature against
+     * the pinned trust anchor, and applies it. An untrusted, malformed or stale
+     * policy is ignored and the agent keeps its current configuration
+     * (self-rollback of policy - Addendum D.4 / E.4.1). Never throws.
+     *
+     * Rejections are surfaced via a `console.warn` and a `policy_rejected`
+     * telemetry event so operators can diagnose trust-anchor mismatches without
+     * reading raw application logs.
+     */
+    private handlePolicyChange;
+    /**
+     * Emit a single `policy_rejected` telemetry event so the control plane can
+     * surface trust-anchor or signature mismatches in the dashboard.
+     *
+     * The event is deduplicated by `version:reason` so a persistent rejection
+     * (e.g. a misconfigured trust anchor that the operator has not yet fixed)
+     * does not flood the collector on every heartbeat cycle.
+     *
+     * The payload passes through the redaction engine (Addendum B.2 / AGENTS.md
+     * rule: "All telemetry must pass through the redaction engine before
+     * buffering") and the data-residency filter before being enqueued.
+     */
+    private enqueuePolicyRejected;
+    /**
+     * Apply a verified policy to the live agent: enforcement mode, customer
+     * detection rules, redaction configuration and data residency directives.
+     */
+    private applyPolicy;
+    /** Rebuild the active detector chain from base + custom rules + extras. */
+    private rebuildDetectors;
+    /**
+     * Reconfigure the redaction engine from a policy. The engine always keeps its
+     * built-in protections; the policy can only add field-name patterns and tune
+     * value-based redaction / IP handling.
+     */
+    private applyRedactionConfig;
+}
+//# sourceMappingURL=agent.d.ts.map

package/dist/agent.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"agent.d.ts","sourceRoot":"","sources":["../src/agent.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AACH,OAAO,EAAiC,KAAK,mBAAmB,EAAE,MAAM,aAAa,CAAC;AACtF,OAAO,KAAK,EACV,UAAU,EACV,iBAAiB,EAEjB,eAAe,EACf,SAAS,EACV,MAAM,YAAY,CAAC;AAMpB,OAAO,EAA0B,KAAK,QAAQ,EAAE,MAAM,sBAAsB,CAAC;AAc7E,OAAO,EAAgB,KAAK,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACzE,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAEjD,qBAAa,SAAS;IACpB,2DAA2D;IAC3D,QAAQ,CAAC,GAAG,EAAE,mBAAmB,CAAC;IAClC,OAAO,CAAC,SAAS,CAAkB;IACnC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAkB;IAC3C,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAkB;IACzC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAc;IACrC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAqB;IAC/C,oCAAoC;IACpC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAa;IAC3C,yDAAyD;IACzD,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAa;IAC5C,0EAA0E;IAC1E,OAAO,CAAC,SAAS,CAAa;IAC9B,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAmB;IAC5C,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAkB;IAClD,4EAA4E;IAC5E,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAgB;IAC9C,oEAAoE;IACpE,OAAO,CAAC,aAAa,CAAoC;IACzD,+EAA+E;IAC/E,OAAO,CAAC,aAAa,CAAuB;IAC5C,wDAAwD;IACxD,OAAO,CAAC,cAAc,CAAS;IAC/B,kFAAkF;IAClF,OAAO,CAAC,MAAM,CAAS;IACvB,0EAA0E;IAC1E,OAAO,CAAC,kBAAkB,CAA6B;IACvD;;;OAGG;IACH,OAAO,CAAC,WAAW,CAAY;IAC/B;;;;OAIG;IACH,OAAO,CAAC,qBAAqB,CAAuB;IAEpD;;;;;;;;;;;;OAYG;gBACS,SAAS,EAAE,UAAU,EAAE,cAAc,GAAE,QAAQ,EAAO;IA2DlE;;;;;;OAMG;IACH,KAAK,IAAI,IAAI;IAcb;;;;;;OAMG;IACH,YAAY,CAAC,GAAG,EAAE,iBAAiB,GAAG,cAAc,GAAG,IAAI;IAmB3D;;;OAGG;IACH,UAAU,CACR,GAAG,EAAE,cAAc,GAAG,IAAI,EAC1B,GAAG,EAAE,iBAAiB,EACtB,OAAO,EAAE,cAAc,GACtB,IAAI;IAeP;;;;OAIG;IACH,IAAI,IAAI,IAAI,SAAS,CAEpB;IAED,wDAAwD;IACxD,IAAI,aAAa,IAAI,MAAM,CAE1B;IAED;;;;;OAKG;IACH,IAAI,cAAc,IAAI;QAAE,aAAa,EAAE,MAAM,GAAG,IAAI,CAAC;QAAC,cAAc,EAAE,OAAO,CAAA;KAAE,CAE9E;IAED;;;OAGG;IACH,OAAO,CAAC,mBAAmB;IAmB3B;;;;;OAKG;IACG,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;IAQ3B;;;;;;;;;;;;;;OAcG;IACH;;;;OAIG;IACH,cAAc,CAAC,GAAG,EAAE,iBAAiB,EAAE,OAAO,EAAE,OAAO,YAAY,EAAE,cAAc,GAAG,IAAI;IAS1F,OAAO,CAAC,GAAG,EAAE,iBAAiB,GAAG,eAAe,GAAG,IAAI;IAsBvD;;;;;;;;;OASG;YACW,eAAe;IAoE7B;;;;;;;OAOG;IACH,OAAO,CAAC,kBAAkB;IA8B1B;;;;;;OAMG;IACH,OAAO,CAAC,gBAAgB;IAQxB;;;OAGG;IACH,OAAO,CAAC,aAAa;IAUrB;;;;;;;;;;;OAWG;IACH,OAAO,CAAC,kBAAkB;IAiD1B;;;;;;;;;;;OAWG;IACH,OAAO,CAAC,qBAAqB;IAwC7B;;;OAGG;IACH,OAAO,CAAC,WAAW;IAgBnB,2EAA2E;IAC3E,OAAO,CAAC,gBAAgB;IAUxB;;;;OAIG;IACH,OAAO,CAAC,oBAAoB;CAG7B"}