npm - @queno/agent-node - Versions diffs - 0.1.2 - Mend

@queno/agent-node 0.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (154) hide show

package/README.md +421 -0
package/dist/agent.d.ts +222 -0
package/dist/agent.d.ts.map +1 -0
package/dist/agent.js +591 -0
package/dist/agent.js.map +1 -0
package/dist/api-discovery/discovery-buffer.d.ts +27 -0
package/dist/api-discovery/discovery-buffer.d.ts.map +1 -0
package/dist/api-discovery/discovery-buffer.js +50 -0
package/dist/api-discovery/discovery-buffer.js.map +1 -0
package/dist/api-discovery/endpoint-observer.d.ts +25 -0
package/dist/api-discovery/endpoint-observer.d.ts.map +1 -0
package/dist/api-discovery/endpoint-observer.js +127 -0
package/dist/api-discovery/endpoint-observer.js.map +1 -0
package/dist/api-discovery/route-normalizer.d.ts +15 -0
package/dist/api-discovery/route-normalizer.d.ts.map +1 -0
package/dist/api-discovery/route-normalizer.js +34 -0
package/dist/api-discovery/route-normalizer.js.map +1 -0
package/dist/config.d.ts +100 -0
package/dist/config.d.ts.map +1 -0
package/dist/config.js +101 -0
package/dist/config.js.map +1 -0
package/dist/db-hooks/correlate.d.ts +19 -0
package/dist/db-hooks/correlate.d.ts.map +1 -0
package/dist/db-hooks/correlate.js +45 -0
package/dist/db-hooks/correlate.js.map +1 -0
package/dist/db-hooks/instrument.d.ts +27 -0
package/dist/db-hooks/instrument.d.ts.map +1 -0
package/dist/db-hooks/instrument.js +194 -0
package/dist/db-hooks/instrument.js.map +1 -0
package/dist/detectors/base.d.ts +61 -0
package/dist/detectors/base.d.ts.map +1 -0
package/dist/detectors/base.js +57 -0
package/dist/detectors/base.js.map +1 -0
package/dist/detectors/bola.d.ts +60 -0
package/dist/detectors/bola.d.ts.map +1 -0
package/dist/detectors/bola.js +108 -0
package/dist/detectors/bola.js.map +1 -0
package/dist/detectors/command-injection.d.ts +22 -0
package/dist/detectors/command-injection.d.ts.map +1 -0
package/dist/detectors/command-injection.js +41 -0
package/dist/detectors/command-injection.js.map +1 -0
package/dist/detectors/custom-rule.d.ts +24 -0
package/dist/detectors/custom-rule.d.ts.map +1 -0
package/dist/detectors/custom-rule.js +65 -0
package/dist/detectors/custom-rule.js.map +1 -0
package/dist/detectors/index.d.ts +17 -0
package/dist/detectors/index.d.ts.map +1 -0
package/dist/detectors/index.js +31 -0
package/dist/detectors/index.js.map +1 -0
package/dist/detectors/nosql-injection.d.ts +23 -0
package/dist/detectors/nosql-injection.d.ts.map +1 -0
package/dist/detectors/nosql-injection.js +54 -0
package/dist/detectors/nosql-injection.js.map +1 -0
package/dist/detectors/path-traversal.d.ts +21 -0
package/dist/detectors/path-traversal.d.ts.map +1 -0
package/dist/detectors/path-traversal.js +54 -0
package/dist/detectors/path-traversal.js.map +1 -0
package/dist/detectors/prototype-pollution.d.ts +23 -0
package/dist/detectors/prototype-pollution.d.ts.map +1 -0
package/dist/detectors/prototype-pollution.js +50 -0
package/dist/detectors/prototype-pollution.js.map +1 -0
package/dist/detectors/sql-injection.d.ts +22 -0
package/dist/detectors/sql-injection.d.ts.map +1 -0
package/dist/detectors/sql-injection.js +42 -0
package/dist/detectors/sql-injection.js.map +1 -0
package/dist/detectors/ssrf.d.ts +26 -0
package/dist/detectors/ssrf.d.ts.map +1 -0
package/dist/detectors/ssrf.js +37 -0
package/dist/detectors/ssrf.js.map +1 -0
package/dist/detectors/suspicious-headers.d.ts +25 -0
package/dist/detectors/suspicious-headers.d.ts.map +1 -0
package/dist/detectors/suspicious-headers.js +87 -0
package/dist/detectors/suspicious-headers.js.map +1 -0
package/dist/detectors/template-injection.d.ts +27 -0
package/dist/detectors/template-injection.d.ts.map +1 -0
package/dist/detectors/template-injection.js +35 -0
package/dist/detectors/template-injection.js.map +1 -0
package/dist/detectors/xss.d.ts +22 -0
package/dist/detectors/xss.d.ts.map +1 -0
package/dist/detectors/xss.js +38 -0
package/dist/detectors/xss.js.map +1 -0
package/dist/index.d.ts +28 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +24 -0
package/dist/index.js.map +1 -0
package/dist/integrations/express.d.ts +39 -0
package/dist/integrations/express.d.ts.map +1 -0
package/dist/integrations/express.js +62 -0
package/dist/integrations/express.js.map +1 -0
package/dist/integrations/fastify.d.ts +33 -0
package/dist/integrations/fastify.d.ts.map +1 -0
package/dist/integrations/fastify.js +63 -0
package/dist/integrations/fastify.js.map +1 -0
package/dist/integrations/nestjs.d.ts +40 -0
package/dist/integrations/nestjs.d.ts.map +1 -0
package/dist/integrations/nestjs.js +58 -0
package/dist/integrations/nestjs.js.map +1 -0
package/dist/policy/canonical.d.ts +23 -0
package/dist/policy/canonical.d.ts.map +1 -0
package/dist/policy/canonical.js +40 -0
package/dist/policy/canonical.js.map +1 -0
package/dist/policy/policy-manager.d.ts +43 -0
package/dist/policy/policy-manager.d.ts.map +1 -0
package/dist/policy/policy-manager.js +89 -0
package/dist/policy/policy-manager.js.map +1 -0
package/dist/policy/types.d.ts +70 -0
package/dist/policy/types.d.ts.map +1 -0
package/dist/policy/types.js +2 -0
package/dist/policy/types.js.map +1 -0
package/dist/policy/verify.d.ts +11 -0
package/dist/policy/verify.d.ts.map +1 -0
package/dist/policy/verify.js +61 -0
package/dist/policy/verify.js.map +1 -0
package/dist/redaction/audit-log.d.ts +40 -0
package/dist/redaction/audit-log.d.ts.map +1 -0
package/dist/redaction/audit-log.js +110 -0
package/dist/redaction/audit-log.js.map +1 -0
package/dist/redaction/engine.d.ts +50 -0
package/dist/redaction/engine.d.ts.map +1 -0
package/dist/redaction/engine.js +143 -0
package/dist/redaction/engine.js.map +1 -0
package/dist/redaction/patterns.d.ts +24 -0
package/dist/redaction/patterns.d.ts.map +1 -0
package/dist/redaction/patterns.js +142 -0
package/dist/redaction/patterns.js.map +1 -0
package/dist/runtime-context.d.ts +33 -0
package/dist/runtime-context.d.ts.map +1 -0
package/dist/runtime-context.js +46 -0
package/dist/runtime-context.js.map +1 -0
package/dist/self-protect.d.ts +34 -0
package/dist/self-protect.d.ts.map +1 -0
package/dist/self-protect.js +134 -0
package/dist/self-protect.js.map +1 -0
package/dist/transport/buffer.d.ts +52 -0
package/dist/transport/buffer.d.ts.map +1 -0
package/dist/transport/buffer.js +57 -0
package/dist/transport/buffer.js.map +1 -0
package/dist/transport/client.d.ts +77 -0
package/dist/transport/client.d.ts.map +1 -0
package/dist/transport/client.js +178 -0
package/dist/transport/client.js.map +1 -0
package/dist/transport/heartbeat.d.ts +86 -0
package/dist/transport/heartbeat.d.ts.map +1 -0
package/dist/transport/heartbeat.js +110 -0
package/dist/transport/heartbeat.js.map +1 -0
package/dist/transport/secure-request.d.ts +30 -0
package/dist/transport/secure-request.d.ts.map +1 -0
package/dist/transport/secure-request.js +95 -0
package/dist/transport/secure-request.js.map +1 -0
package/dist/types.d.ts +311 -0
package/dist/types.d.ts.map +1 -0
package/dist/types.js +12 -0
package/dist/types.js.map +1 -0
package/package.json +60 -0

package/dist/detectors/suspicious-headers.js ADDED Viewed

@@ -0,0 +1,87 @@
+/** Threshold above which a single header value is treated as suspicious. */
+const MAX_HEADER_VALUE_LENGTH = 8192;
+/** Threshold above which the header count is treated as suspicious. */
+const MAX_HEADERS_COUNT = 100;
+/**
+ * Characters allowed in a legal `Host` header. Anything outside this set
+ * triggers a host-header-injection finding.
+ */
+const HOST_INJECTION_PATTERN = /[^a-zA-Z0-9\-._:\[\]]/;
+export class SuspiciousHeadersDetector {
+    name = "suspicious-headers";
+    detect(req) {
+        const headers = req.headers;
+        const entries = Object.entries(headers);
+        if (entries.length > MAX_HEADERS_COUNT) {
+            return {
+                detectorName: this.name,
+                eventType: "suspicious_headers",
+                severity: "medium",
+                description: `Abnormal header count: ${entries.length}`,
+                location: "headers",
+            };
+        }
+        for (const [name, value] of entries) {
+            const v = Array.isArray(value) ? value.join(", ") : value ?? "";
+            if (v.length > MAX_HEADER_VALUE_LENGTH) {
+                return {
+                    detectorName: this.name,
+                    eventType: "suspicious_headers",
+                    severity: "medium",
+                    description: `Oversized header value for '${name}' (${v.length} bytes)`,
+                    location: `header:${name}`,
+                };
+            }
+            if (name.toLowerCase() === "host" && HOST_INJECTION_PATTERN.test(v)) {
+                return {
+                    detectorName: this.name,
+                    eventType: "host_header_injection",
+                    severity: "medium",
+                    description: "Suspicious characters in Host header",
+                    matchedValue: v.slice(0, 200),
+                    location: "header:host",
+                };
+            }
+            if (name.toLowerCase() === "x-forwarded-for") {
+                const ips = v.split(",").map((s) => s.trim());
+                for (const ip of ips) {
+                    if (isPrivateIp(ip)) {
+                        return {
+                            detectorName: this.name,
+                            eventType: "suspicious_headers",
+                            severity: "medium",
+                            description: "Private IP injected in X-Forwarded-For header",
+                            matchedValue: ip,
+                            location: "header:x-forwarded-for",
+                        };
+                    }
+                }
+            }
+            if (/[\r\n]/.test(v)) {
+                return {
+                    detectorName: this.name,
+                    eventType: "header_injection",
+                    severity: "high",
+                    description: `Newline injection detected in header '${name}'`,
+                    matchedValue: v.slice(0, 200),
+                    location: `header:${name}`,
+                };
+            }
+        }
+        return null;
+    }
+}
+/**
+ * True iff `ip` belongs to a loopback or RFC1918 private range.
+ *
+ * Used only to flag client-supplied `X-Forwarded-For` values pretending to
+ * originate from a trusted internal host.
+ */
+function isPrivateIp(ip) {
+    return (/^127\./.test(ip) ||
+        /^10\./.test(ip) ||
+        /^192\.168\./.test(ip) ||
+        /^172\.(1[6-9]|2\d|3[01])\./.test(ip) ||
+        ip === "::1");
+}
+//# sourceMappingURL=suspicious-headers.js.map

package/dist/detectors/suspicious-headers.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"suspicious-headers.js","sourceRoot":"","sources":["../../src/detectors/suspicious-headers.ts"],"names":[],"mappings":"AAqBA,4EAA4E;AAC5E,MAAM,uBAAuB,GAAG,IAAI,CAAC;AACrC,uEAAuE;AACvE,MAAM,iBAAiB,GAAG,GAAG,CAAC;AAE9B;;;GAGG;AACH,MAAM,sBAAsB,GAAG,uBAAuB,CAAC;AAEvD,MAAM,OAAO,yBAAyB;IAC3B,IAAI,GAAG,oBAAoB,CAAC;IAErC,MAAM,CAAC,GAAsB;QAC3B,MAAM,OAAO,GAAG,GAAG,CAAC,OAAO,CAAC;QAC5B,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAExC,IAAI,OAAO,CAAC,MAAM,GAAG,iBAAiB,EAAE,CAAC;YACvC,OAAO;gBACL,YAAY,EAAE,IAAI,CAAC,IAAI;gBACvB,SAAS,EAAE,oBAAoB;gBAC/B,QAAQ,EAAE,QAAQ;gBAClB,WAAW,EAAE,0BAA0B,OAAO,CAAC,MAAM,EAAE;gBACvD,QAAQ,EAAE,SAAS;aACpB,CAAC;QACJ,CAAC;QAED,KAAK,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,OAAO,EAAE,CAAC;YACpC,MAAM,CAAC,GAAG,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YAEhE,IAAI,CAAC,CAAC,MAAM,GAAG,uBAAuB,EAAE,CAAC;gBACvC,OAAO;oBACL,YAAY,EAAE,IAAI,CAAC,IAAI;oBACvB,SAAS,EAAE,oBAAoB;oBAC/B,QAAQ,EAAE,QAAQ;oBAClB,WAAW,EAAE,+BAA+B,IAAI,MAAM,CAAC,CAAC,MAAM,SAAS;oBACvE,QAAQ,EAAE,UAAU,IAAI,EAAE;iBAC3B,CAAC;YACJ,CAAC;YAED,IAAI,IAAI,CAAC,WAAW,EAAE,KAAK,MAAM,IAAI,sBAAsB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;gBACpE,OAAO;oBACL,YAAY,EAAE,IAAI,CAAC,IAAI;oBACvB,SAAS,EAAE,uBAAuB;oBAClC,QAAQ,EAAE,QAAQ;oBAClB,WAAW,EAAE,sCAAsC;oBACnD,YAAY,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;oBAC7B,QAAQ,EAAE,aAAa;iBACxB,CAAC;YACJ,CAAC;YAED,IAAI,IAAI,CAAC,WAAW,EAAE,KAAK,iBAAiB,EAAE,CAAC;gBAC7C,MAAM,GAAG,GAAG,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;gBAC9C,KAAK,MAAM,EAAE,IAAI,GAAG,EAAE,CAAC;oBACrB,IAAI,WAAW,CAAC,EAAE,CAAC,EAAE,CAAC;wBACpB,OAAO;4BACL,YAAY,EAAE,IAAI,CAAC,IAAI;4BACvB,SAAS,EAAE,oBAAoB;4BAC/B,QAAQ,EAAE,QAAQ;4BAClB,WAAW,EAAE,+CAA+C;4BAC5D,YAAY,EAAE,EAAE;4BAChB,QAAQ,EAAE,wBAAwB;yBACnC,CAAC;oBACJ,CAAC;gBACH,CAAC;YACH,CAAC;YAED,IAAI,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;gBACrB,OAAO;oBACL,YAAY,EAAE,IAAI,CAAC,IAAI;oBACvB,SAAS,EAAE,kBAAkB;oBAC7B,QAAQ,EAAE,MAAM;oBAChB,WAAW,EAAE,yCAAyC,IAAI,GAAG;oBAC7D,YAAY,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;oBAC7B,QAAQ,EAAE,UAAU,IAAI,EAAE;iBAC3B,CAAC;YACJ,CAAC;QACH,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;CACF;AAED;;;;;GAKG;AACH,SAAS,WAAW,CAAC,EAAU;IAC7B,OAAO,CACL,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QACjB,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;QAChB,aAAa,CAAC,IAAI,CAAC,EAAE,CAAC;QACtB,4BAA4B,CAAC,IAAI,CAAC,EAAE,CAAC;QACrC,EAAE,KAAK,KAAK,CACb,CAAC;AACJ,CAAC"}

package/dist/detectors/template-injection.d.ts ADDED Viewed

@@ -0,0 +1,27 @@
+/**
+ * Server-Side Template Injection (SSTI) signature detector.
+ *
+ * Looks for the canonical delimiter shapes of popular server-side template
+ * engines:
+ *  - `{{ … }}` / `{% … %}` - Twig, Jinja2, Nunjucks, Pebble.
+ *  - `<% … %>` - ERB, EJS.
+ *  - `{{{ … }}}` - Handlebars triple-stache.
+ *  - `${ … }` - Thymeleaf (and JSP EL).
+ *  - `#{ … }` - Velocity.
+ *  - `<#… >` - Freemarker.
+ *
+ * Also matches the classic `7*7` math probe in each delimiter style - a
+ * cheap, very high-signal indicator.
+ *
+ * Severity: `high`.
+ *
+ * Known limits: applications that legitimately echo back template-like
+ * strings (CMS editors, code paste forms) may produce false positives.
+ */
+import type { Detector } from "./base.js";
+import type { DetectionResult, NormalizedRequest } from "../types.js";
+export declare class TemplateInjectionDetector implements Detector {
+    readonly name = "template-injection";
+    detect(req: NormalizedRequest): DetectionResult | null;
+}
+//# sourceMappingURL=template-injection.d.ts.map

package/dist/detectors/template-injection.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"template-injection.d.ts","sourceRoot":"","sources":["../../src/detectors/template-injection.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AACH,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,WAAW,CAAC;AAE1C,OAAO,KAAK,EAAE,eAAe,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAetE,qBAAa,yBAA0B,YAAW,QAAQ;IACxD,QAAQ,CAAC,IAAI,wBAAwB;IAErC,MAAM,CAAC,GAAG,EAAE,iBAAiB,GAAG,eAAe,GAAG,IAAI;CAmBvD"}

package/dist/detectors/template-injection.js ADDED Viewed

@@ -0,0 +1,35 @@
+import { flattenValues } from "./base.js";
+const SSTI_PATTERNS = [
+    /\{\{.*\}\}/s,
+    /\{%.*%\}/s,
+    /<%[=\-]?.*%>/s,
+    /\{\{\{.*\}\}\}/s,
+    /\$\{.*\}/s,
+    /#\{.*\}/s,
+    /<#.*>/s,
+    /\$\{7\s*\*\s*7\}/,
+    /\{\{7\s*\*\s*7\}\}/,
+    /<%=\s*7\s*\*\s*7\s*%>/,
+];
+export class TemplateInjectionDetector {
+    name = "template-injection";
+    detect(req) {
+        const values = [...flattenValues(req.query), ...flattenValues(req.body)];
+        for (const val of values) {
+            for (const pattern of SSTI_PATTERNS) {
+                if (pattern.test(val)) {
+                    return {
+                        detectorName: this.name,
+                        eventType: "template_injection",
+                        severity: "high",
+                        description: "Server-side template injection (SSTI) pattern detected",
+                        matchedValue: val.slice(0, 200),
+                        location: "query/body",
+                    };
+                }
+            }
+        }
+        return null;
+    }
+}
+//# sourceMappingURL=template-injection.js.map

package/dist/detectors/template-injection.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"template-injection.js","sourceRoot":"","sources":["../../src/detectors/template-injection.ts"],"names":[],"mappings":"AAqBA,OAAO,EAAE,aAAa,EAAE,MAAM,WAAW,CAAC;AAG1C,MAAM,aAAa,GAAG;IACpB,aAAa;IACb,WAAW;IACX,eAAe;IACf,iBAAiB;IACjB,WAAW;IACX,UAAU;IACV,QAAQ;IACR,kBAAkB;IAClB,oBAAoB;IACpB,uBAAuB;CACxB,CAAC;AAEF,MAAM,OAAO,yBAAyB;IAC3B,IAAI,GAAG,oBAAoB,CAAC;IAErC,MAAM,CAAC,GAAsB;QAC3B,MAAM,MAAM,GAAG,CAAC,GAAG,aAAa,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,GAAG,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC;QAEzE,KAAK,MAAM,GAAG,IAAI,MAAM,EAAE,CAAC;YACzB,KAAK,MAAM,OAAO,IAAI,aAAa,EAAE,CAAC;gBACpC,IAAI,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;oBACtB,OAAO;wBACL,YAAY,EAAE,IAAI,CAAC,IAAI;wBACvB,SAAS,EAAE,oBAAoB;wBAC/B,QAAQ,EAAE,MAAM;wBAChB,WAAW,EAAE,wDAAwD;wBACrE,YAAY,EAAE,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;wBAC/B,QAAQ,EAAE,YAAY;qBACvB,CAAC;gBACJ,CAAC;YACH,CAAC;QACH,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;CACF"}

package/dist/detectors/xss.d.ts ADDED Viewed

@@ -0,0 +1,22 @@
+/**
+ * Cross-Site Scripting (XSS) signature detector.
+ *
+ * Scans `query` and `body` values for the most common reflected/stored XSS
+ * payload shapes: `<script>`, `javascript:` URLs, inline event handlers,
+ * `<iframe>`, `<svg onload=…>`, IE `expression(…)`, and the canonical
+ * `<img src=x onerror=…>` probe.
+ *
+ * Severity: `high`.
+ *
+ * Known limits: signature-based, no HTML parser - an attacker who breaks the
+ * payload across multiple parameters or uses very unusual encoding may evade
+ * detection. The request `path` is not scanned to limit false positives on
+ * legitimate URLs containing the substring `script`.
+ */
+import type { Detector } from "./base.js";
+import type { DetectionResult, NormalizedRequest } from "../types.js";
+export declare class XssDetector implements Detector {
+    readonly name = "xss";
+    detect(req: NormalizedRequest): DetectionResult | null;
+}
+//# sourceMappingURL=xss.d.ts.map

package/dist/detectors/xss.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"xss.d.ts","sourceRoot":"","sources":["../../src/detectors/xss.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AACH,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,WAAW,CAAC;AAE1C,OAAO,KAAK,EAAE,eAAe,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAetE,qBAAa,WAAY,YAAW,QAAQ;IAC1C,QAAQ,CAAC,IAAI,SAAS;IAEtB,MAAM,CAAC,GAAG,EAAE,iBAAiB,GAAG,eAAe,GAAG,IAAI;CAsBvD"}

package/dist/detectors/xss.js ADDED Viewed

@@ -0,0 +1,38 @@
+import { flattenValues } from "./base.js";
+const XSS_PATTERNS = [
+    /<script[\s>]/i,
+    /<\/script>/i,
+    /javascript\s*:/i,
+    /data\s*:\s*text\/html/i,
+    /on\w+\s*=\s*["']?[^"'>]*(alert|confirm|prompt|eval|fetch|document|window)/i,
+    /<iframe[\s>]/i,
+    /<svg[\s>].*?on\w+/is,
+    /expression\s*\(/i,
+    /vbscript\s*:/i,
+    /<img[^>]+src\s*=\s*["']?\s*x[^>]*onerror/i,
+];
+export class XssDetector {
+    name = "xss";
+    detect(req) {
+        const values = [
+            ...flattenValues(req.query),
+            ...flattenValues(req.body),
+        ];
+        for (const val of values) {
+            for (const pattern of XSS_PATTERNS) {
+                if (pattern.test(val)) {
+                    return {
+                        detectorName: this.name,
+                        eventType: "xss",
+                        severity: "high",
+                        description: "Cross-site scripting (XSS) pattern detected",
+                        matchedValue: val.slice(0, 200),
+                        location: "query/body",
+                    };
+                }
+            }
+        }
+        return null;
+    }
+}
+//# sourceMappingURL=xss.js.map

package/dist/detectors/xss.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"xss.js","sourceRoot":"","sources":["../../src/detectors/xss.ts"],"names":[],"mappings":"AAgBA,OAAO,EAAE,aAAa,EAAE,MAAM,WAAW,CAAC;AAG1C,MAAM,YAAY,GAAG;IACnB,eAAe;IACf,aAAa;IACb,iBAAiB;IACjB,wBAAwB;IACxB,4EAA4E;IAC5E,eAAe;IACf,qBAAqB;IACrB,kBAAkB;IAClB,eAAe;IACf,2CAA2C;CAC5C,CAAC;AAEF,MAAM,OAAO,WAAW;IACb,IAAI,GAAG,KAAK,CAAC;IAEtB,MAAM,CAAC,GAAsB;QAC3B,MAAM,MAAM,GAAG;YACb,GAAG,aAAa,CAAC,GAAG,CAAC,KAAK,CAAC;YAC3B,GAAG,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC;SAC3B,CAAC;QAEF,KAAK,MAAM,GAAG,IAAI,MAAM,EAAE,CAAC;YACzB,KAAK,MAAM,OAAO,IAAI,YAAY,EAAE,CAAC;gBACnC,IAAI,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;oBACtB,OAAO;wBACL,YAAY,EAAE,IAAI,CAAC,IAAI;wBACvB,SAAS,EAAE,KAAK;wBAChB,QAAQ,EAAE,MAAM;wBAChB,WAAW,EAAE,6CAA6C;wBAC1D,YAAY,EAAE,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;wBAC/B,QAAQ,EAAE,YAAY;qBACvB,CAAC;gBACJ,CAAC;YACH,CAAC;QACH,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;CACF"}

package/dist/index.d.ts ADDED Viewed

@@ -0,0 +1,28 @@
+/**
+ * Public entry point for `@queno/agent-node`.
+ *
+ * Re-exports the runtime surface that customer applications are expected to
+ * consume:
+ *  - {@link RaspAgent} - the agent lifecycle object (start, stop, inspect).
+ *  - {@link validateConfig} - Zod-backed config validator (throws on bad input).
+ *  - Framework integrations: Express middleware, Fastify plugin, NestJS middleware.
+ *  - Public types describing config, requests, detections, events and heartbeats.
+ *  - The {@link Detector} contract and {@link createDefaultDetectors} factory so
+ *    integrators can extend or replace the bundled detector set.
+ *
+ * Nothing else in `src/` is part of the supported API.
+ */
+export { RaspAgent } from "./agent.js";
+export { validateConfig } from "./config.js";
+export { createExpressMiddleware } from "./integrations/express.js";
+export { createFastifyPlugin } from "./integrations/fastify.js";
+export { createNestMiddleware } from "./integrations/nestjs.js";
+export type { RaspConfig, NormalizedRequest, DetectionResult, EventPayload, HeartbeatPayload, HeartbeatResponse, DiscoveryEntry, DiscoveryPayload, AuthStatus, Severity, AgentMode, AgentStatus, } from "./types.js";
+export type { Detector } from "./detectors/index.js";
+export { createDefaultDetectors } from "./detectors/index.js";
+export { CustomRuleDetector } from "./detectors/custom-rule.js";
+export { instrumentDatabaseDrivers, instrumentPrismaClient, verifyHookIntegrity, } from "./db-hooks/instrument.js";
+export { SecureStore, startSelfProtection, detectDebugger, } from "./self-protect.js";
+export type { SelfProtectionOptions } from "./self-protect.js";
+export type { DistributedPolicy, CustomRuleSpec, RedactionConfig, DataResidencyConfig, IpRedactionMode, } from "./policy/types.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AACH,OAAO,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AACvC,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAC7C,OAAO,EAAE,uBAAuB,EAAE,MAAM,2BAA2B,CAAC;AACpE,OAAO,EAAE,mBAAmB,EAAE,MAAM,2BAA2B,CAAC;AAChE,OAAO,EAAE,oBAAoB,EAAE,MAAM,0BAA0B,CAAC;AAEhE,YAAY,EACV,UAAU,EACV,iBAAiB,EACjB,eAAe,EACf,YAAY,EACZ,gBAAgB,EAChB,iBAAiB,EACjB,cAAc,EACd,gBAAgB,EAChB,UAAU,EACV,QAAQ,EACR,SAAS,EACT,WAAW,GACZ,MAAM,YAAY,CAAC;AAEpB,YAAY,EAAE,QAAQ,EAAE,MAAM,sBAAsB,CAAC;AACrD,OAAO,EAAE,sBAAsB,EAAE,MAAM,sBAAsB,CAAC;AAC9D,OAAO,EAAE,kBAAkB,EAAE,MAAM,4BAA4B,CAAC;AAChE,OAAO,EACL,yBAAyB,EACzB,sBAAsB,EACtB,mBAAmB,GACpB,MAAM,0BAA0B,CAAC;AAElC,OAAO,EACL,WAAW,EACX,mBAAmB,EACnB,cAAc,GACf,MAAM,mBAAmB,CAAC;AAC3B,YAAY,EAAE,qBAAqB,EAAE,MAAM,mBAAmB,CAAC;AAE/D,YAAY,EACV,iBAAiB,EACjB,cAAc,EACd,eAAe,EACf,mBAAmB,EACnB,eAAe,GAChB,MAAM,mBAAmB,CAAC"}

package/dist/index.js ADDED Viewed

@@ -0,0 +1,24 @@
+/**
+ * Public entry point for `@queno/agent-node`.
+ *
+ * Re-exports the runtime surface that customer applications are expected to
+ * consume:
+ *  - {@link RaspAgent} - the agent lifecycle object (start, stop, inspect).
+ *  - {@link validateConfig} - Zod-backed config validator (throws on bad input).
+ *  - Framework integrations: Express middleware, Fastify plugin, NestJS middleware.
+ *  - Public types describing config, requests, detections, events and heartbeats.
+ *  - The {@link Detector} contract and {@link createDefaultDetectors} factory so
+ *    integrators can extend or replace the bundled detector set.
+ *
+ * Nothing else in `src/` is part of the supported API.
+ */
+export { RaspAgent } from "./agent.js";
+export { validateConfig } from "./config.js";
+export { createExpressMiddleware } from "./integrations/express.js";
+export { createFastifyPlugin } from "./integrations/fastify.js";
+export { createNestMiddleware } from "./integrations/nestjs.js";
+export { createDefaultDetectors } from "./detectors/index.js";
+export { CustomRuleDetector } from "./detectors/custom-rule.js";
+export { instrumentDatabaseDrivers, instrumentPrismaClient, verifyHookIntegrity, } from "./db-hooks/instrument.js";
+export { SecureStore, startSelfProtection, detectDebugger, } from "./self-protect.js";
+//# sourceMappingURL=index.js.map

package/dist/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AACH,OAAO,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AACvC,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAC7C,OAAO,EAAE,uBAAuB,EAAE,MAAM,2BAA2B,CAAC;AACpE,OAAO,EAAE,mBAAmB,EAAE,MAAM,2BAA2B,CAAC;AAChE,OAAO,EAAE,oBAAoB,EAAE,MAAM,0BAA0B,CAAC;AAkBhE,OAAO,EAAE,sBAAsB,EAAE,MAAM,sBAAsB,CAAC;AAC9D,OAAO,EAAE,kBAAkB,EAAE,MAAM,4BAA4B,CAAC;AAChE,OAAO,EACL,yBAAyB,EACzB,sBAAsB,EACtB,mBAAmB,GACpB,MAAM,0BAA0B,CAAC;AAElC,OAAO,EACL,WAAW,EACX,mBAAmB,EACnB,cAAc,GACf,MAAM,mBAAmB,CAAC"}

package/dist/integrations/express.d.ts ADDED Viewed

@@ -0,0 +1,39 @@
+/**
+ * Express integration.
+ *
+ * Exposes {@link createExpressMiddleware}, a factory that returns a standard
+ * `(req, res, next)` middleware bound to a {@link RaspAgent} instance.
+ *
+ * Behaviour:
+ *  - Every request is normalised into a {@link NormalizedRequest} and run
+ *    through `agent.inspect`.
+ *  - In `monitor` mode the request always passes through, even on detection.
+ *  - In `block` mode a detected request is short-circuited with `403`
+ *    `{ error: "Request blocked by RASP", eventType }`.
+ *  - Any thrown error inside the middleware is swallowed so the agent never
+ *    takes down the host application (fail-open).
+ *
+ * @example
+ * ```ts
+ * import express from "express";
+ * import { RaspAgent, createExpressMiddleware } from "@queno/agent-node";
+ *
+ * const agent = new RaspAgent({ apiKey, projectId, agentId, mode: "monitor" });
+ * agent.start();
+ *
+ * const app = express();
+ * app.use(express.json());
+ * app.use(createExpressMiddleware(agent));
+ * ```
+ */
+import type { Request, Response, NextFunction } from "express";
+import type { RaspAgent } from "../agent.js";
+/**
+ * Build an Express middleware bound to a {@link RaspAgent}.
+ *
+ * The middleware must be registered **after** body parsing
+ * (`express.json()`, `express.urlencoded()`) so `req.body` is populated
+ * when detectors run.
+ */
+export declare function createExpressMiddleware(agent: RaspAgent): (req: Request, res: Response, next: NextFunction) => void;
+//# sourceMappingURL=express.d.ts.map

package/dist/integrations/express.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"express.d.ts","sourceRoot":"","sources":["../../src/integrations/express.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AACH,OAAO,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAC/D,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAG7C;;;;;;GAMG;AACH,wBAAgB,uBAAuB,CAAC,KAAK,EAAE,SAAS,IACvB,KAAK,OAAO,EAAE,KAAK,QAAQ,EAAE,MAAM,YAAY,KAAG,IAAI,CAwCtF"}

package/dist/integrations/express.js ADDED Viewed

@@ -0,0 +1,62 @@
+/**
+ * Build an Express middleware bound to a {@link RaspAgent}.
+ *
+ * The middleware must be registered **after** body parsing
+ * (`express.json()`, `express.urlencoded()`) so `req.body` is populated
+ * when detectors run.
+ */
+export function createExpressMiddleware(agent) {
+    return function raspMiddleware(req, res, next) {
+        try {
+            const normalized = {
+                method: req.method,
+                path: req.path,
+                query: req.query,
+                headers: req.headers,
+                body: req.body,
+                sourceIp: extractSourceIp(req),
+            };
+            // Bind a runtime context (DB correlation) before the handler runs.
+            const ctx = agent.beginRequest(normalized);
+            const detection = agent.inspect(normalized);
+            if (detection && agent.mode === "block") {
+                res.status(403).json({
+                    error: "Request blocked by RASP",
+                    eventType: detection.eventType,
+                });
+                return;
+            }
+            // Response-phase observation for traffic profiling + auth confirmation.
+            const start = Date.now();
+            res.on("finish", () => {
+                const r = req;
+                agent.endRequest(ctx, normalized, {
+                    statusCode: res.statusCode,
+                    durationMs: Date.now() - start,
+                    authenticated: r.user != null || r.auth != null,
+                });
+            });
+        }
+        catch {
+            // Fail-open - see file-level note.
+        }
+        next();
+    };
+}
+/**
+ * Best-effort source IP resolution:
+ *  1. First entry of `X-Forwarded-For`, when present (string or array).
+ *  2. Fallback to `req.socket.remoteAddress`.
+ *
+ * No trust validation is performed - operators relying on `X-Forwarded-For`
+ * must terminate it at a known proxy.
+ */
+function extractSourceIp(req) {
+    const forwarded = req.headers["x-forwarded-for"];
+    if (typeof forwarded === "string")
+        return forwarded.split(",")[0]?.trim();
+    if (Array.isArray(forwarded))
+        return forwarded[0]?.split(",")[0]?.trim();
+    return req.socket?.remoteAddress;
+}
+//# sourceMappingURL=express.js.map

package/dist/integrations/express.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"express.js","sourceRoot":"","sources":["../../src/integrations/express.ts"],"names":[],"mappings":"AAgCA;;;;;;GAMG;AACH,MAAM,UAAU,uBAAuB,CAAC,KAAgB;IACtD,OAAO,SAAS,cAAc,CAAC,GAAY,EAAE,GAAa,EAAE,IAAkB;QAC5E,IAAI,CAAC;YACH,MAAM,UAAU,GAAsB;gBACpC,MAAM,EAAE,GAAG,CAAC,MAAM;gBAClB,IAAI,EAAE,GAAG,CAAC,IAAI;gBACd,KAAK,EAAE,GAAG,CAAC,KAAgC;gBAC3C,OAAO,EAAE,GAAG,CAAC,OAAwD;gBACrE,IAAI,EAAE,GAAG,CAAC,IAAI;gBACd,QAAQ,EAAE,eAAe,CAAC,GAAG,CAAC;aAC/B,CAAC;YAEF,mEAAmE;YACnE,MAAM,GAAG,GAAG,KAAK,CAAC,YAAY,CAAC,UAAU,CAAC,CAAC;YAE3C,MAAM,SAAS,GAAG,KAAK,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;YAE5C,IAAI,SAAS,IAAI,KAAK,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;gBACxC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;oBACnB,KAAK,EAAE,yBAAyB;oBAChC,SAAS,EAAE,SAAS,CAAC,SAAS;iBAC/B,CAAC,CAAC;gBACH,OAAO;YACT,CAAC;YAED,wEAAwE;YACxE,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;YACzB,GAAG,CAAC,EAAE,CAAC,QAAQ,EAAE,GAAG,EAAE;gBACpB,MAAM,CAAC,GAAG,GAAmD,CAAC;gBAC9D,KAAK,CAAC,UAAU,CAAC,GAAG,EAAE,UAAU,EAAE;oBAChC,UAAU,EAAE,GAAG,CAAC,UAAU;oBAC1B,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK;oBAC9B,aAAa,EAAE,CAAC,CAAC,IAAI,IAAI,IAAI,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI;iBAChD,CAAC,CAAC;YACL,CAAC,CAAC,CAAC;QACL,CAAC;QAAC,MAAM,CAAC;YACP,mCAAmC;QACrC,CAAC;QAED,IAAI,EAAE,CAAC;IACT,CAAC,CAAC;AACJ,CAAC;AAED;;;;;;;GAOG;AACH,SAAS,eAAe,CAAC,GAAY;IACnC,MAAM,SAAS,GAAG,GAAG,CAAC,OAAO,CAAC,iBAAiB,CAAC,CAAC;IACjD,IAAI,OAAO,SAAS,KAAK,QAAQ;QAAE,OAAO,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC;IAC1E,IAAI,KAAK,CAAC,OAAO,CAAC,SAAS,CAAC;QAAE,OAAO,SAAS,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC;IACzE,OAAO,GAAG,CAAC,MAAM,EAAE,aAAa,CAAC;AACnC,CAAC"}

package/dist/integrations/fastify.d.ts ADDED Viewed

@@ -0,0 +1,33 @@
+/**
+ * Fastify integration.
+ *
+ * Exposes {@link createFastifyPlugin}, a factory that returns a Fastify
+ * plugin attaching an `onRequest` hook bound to a {@link RaspAgent}.
+ *
+ * Behaviour mirrors the Express integration:
+ *  - The request is normalised and inspected.
+ *  - `monitor` mode lets the request continue regardless of the result.
+ *  - `block` mode replies `403 { error, eventType }` and short-circuits
+ *    the route handler.
+ *  - Any thrown error is swallowed (fail-open).
+ *
+ * @example
+ * ```ts
+ * import Fastify from "fastify";
+ * import { RaspAgent, createFastifyPlugin } from "@queno/agent-node";
+ *
+ * const agent = new RaspAgent({ apiKey, projectId, agentId });
+ * agent.start();
+ *
+ * const fastify = Fastify();
+ * await fastify.register(createFastifyPlugin(agent));
+ * ```
+ *
+ * @remarks The hook fires at `onRequest`, before body parsing. If body
+ * inspection is required, switch the hook to `preHandler` in this file or
+ * register a separate hook downstream.
+ */
+import type { FastifyInstance } from "fastify";
+import type { RaspAgent } from "../agent.js";
+export declare function createFastifyPlugin(agent: RaspAgent): (fastify: FastifyInstance) => Promise<void>;
+//# sourceMappingURL=fastify.d.ts.map

package/dist/integrations/fastify.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"fastify.d.ts","sourceRoot":"","sources":["../../src/integrations/fastify.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG;AACH,OAAO,KAAK,EAAE,eAAe,EAAgC,MAAM,SAAS,CAAC;AAC7E,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAG7C,wBAAgB,mBAAmB,CAAC,KAAK,EAAE,SAAS,IACjB,SAAS,eAAe,KAAG,OAAO,CAAC,IAAI,CAAC,CA4D1E"}

package/dist/integrations/fastify.js ADDED Viewed

@@ -0,0 +1,63 @@
+export function createFastifyPlugin(agent) {
+    return async function raspPlugin(fastify) {
+        fastify.addHook("onRequest", async (request, reply) => {
+            try {
+                const normalized = {
+                    method: request.method,
+                    path: request.url.split("?")[0] ?? request.url,
+                    query: request.query ?? {},
+                    headers: request.headers,
+                    body: request.body,
+                    sourceIp: extractSourceIp(request),
+                };
+                const ctx = agent.beginRequest(normalized);
+                request.__raspCtx = ctx;
+                const detection = agent.inspect(normalized);
+                if (detection && agent.mode === "block") {
+                    return reply.status(403).send({
+                        error: "Request blocked by RASP",
+                        eventType: detection.eventType,
+                    });
+                }
+            }
+            catch {
+                // Fail-open - see file-level note.
+            }
+        });
+        // Response-phase observation for traffic profiling + auth confirmation.
+        fastify.addHook("onResponse", async (request, reply) => {
+            try {
+                const normalized = {
+                    method: request.method,
+                    path: request.url.split("?")[0] ?? request.url,
+                    query: request.query ?? {},
+                    headers: request.headers,
+                    body: request.body,
+                    sourceIp: undefined,
+                };
+                const r = request;
+                agent.endRequest(r.__raspCtx ?? null, normalized, {
+                    statusCode: reply.statusCode,
+                    durationMs: Math.round(reply.elapsedTime),
+                    authenticated: r.user != null || r.auth != null,
+                });
+            }
+            catch {
+                // Fail-open.
+            }
+        });
+    };
+}
+/**
+ * Best-effort source IP resolution; see the Express integration for the
+ * trust caveat.
+ */
+function extractSourceIp(req) {
+    const forwarded = req.headers["x-forwarded-for"];
+    if (typeof forwarded === "string")
+        return forwarded.split(",")[0]?.trim();
+    if (Array.isArray(forwarded))
+        return forwarded[0]?.split(",")[0]?.trim();
+    return req.socket?.remoteAddress;
+}
+//# sourceMappingURL=fastify.js.map

package/dist/integrations/fastify.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"fastify.js","sourceRoot":"","sources":["../../src/integrations/fastify.ts"],"names":[],"mappings":"AAiCA,MAAM,UAAU,mBAAmB,CAAC,KAAgB;IAClD,OAAO,KAAK,UAAU,UAAU,CAAC,OAAwB;QACvD,OAAO,CAAC,OAAO,CACb,WAAW,EACX,KAAK,EAAE,OAAuB,EAAE,KAAmB,EAAiB,EAAE;YACpE,IAAI,CAAC;gBACH,MAAM,UAAU,GAAsB;oBACpC,MAAM,EAAE,OAAO,CAAC,MAAM;oBACtB,IAAI,EAAE,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,OAAO,CAAC,GAAG;oBAC9C,KAAK,EAAG,OAAO,CAAC,KAAiC,IAAI,EAAE;oBACvD,OAAO,EAAE,OAAO,CAAC,OAAwD;oBACzE,IAAI,EAAE,OAAO,CAAC,IAAI;oBAClB,QAAQ,EAAE,eAAe,CAAC,OAAO,CAAC;iBACnC,CAAC;gBAEF,MAAM,GAAG,GAAG,KAAK,CAAC,YAAY,CAAC,UAAU,CAAC,CAAC;gBAC1C,OAAoD,CAAC,SAAS,GAAG,GAAG,CAAC;gBAEtE,MAAM,SAAS,GAAG,KAAK,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;gBAE5C,IAAI,SAAS,IAAI,KAAK,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;oBACxC,OAAO,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;wBAC5B,KAAK,EAAE,yBAAyB;wBAChC,SAAS,EAAE,SAAS,CAAC,SAAS;qBAC/B,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,mCAAmC;YACrC,CAAC;QACH,CAAC,CACF,CAAC;QAEF,wEAAwE;QACxE,OAAO,CAAC,OAAO,CACb,YAAY,EACZ,KAAK,EAAE,OAAuB,EAAE,KAAmB,EAAiB,EAAE;YACpE,IAAI,CAAC;gBACH,MAAM,UAAU,GAAsB;oBACpC,MAAM,EAAE,OAAO,CAAC,MAAM;oBACtB,IAAI,EAAE,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,OAAO,CAAC,GAAG;oBAC9C,KAAK,EAAG,OAAO,CAAC,KAAiC,IAAI,EAAE;oBACvD,OAAO,EAAE,OAAO,CAAC,OAAwD;oBACzE,IAAI,EAAE,OAAO,CAAC,IAAI;oBAClB,QAAQ,EAAE,SAAS;iBACpB,CAAC;gBACF,MAAM,CAAC,GAAG,OAIT,CAAC;gBACF,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS,IAAI,IAAI,EAAE,UAAU,EAAE;oBAChD,UAAU,EAAE,KAAK,CAAC,UAAU;oBAC5B,UAAU,EAAE,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,WAAW,CAAC;oBACzC,aAAa,EAAE,CAAC,CAAC,IAAI,IAAI,IAAI,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI;iBAChD,CAAC,CAAC;YACL,CAAC;YAAC,MAAM,CAAC;gBACP,aAAa;YACf,CAAC;QACH,CAAC,CACF,CAAC;IACJ,CAAC,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,SAAS,eAAe,CAAC,GAAmB;IAC1C,MAAM,SAAS,GAAG,GAAG,CAAC,OAAO,CAAC,iBAAiB,CAAC,CAAC;IACjD,IAAI,OAAO,SAAS,KAAK,QAAQ;QAAE,OAAO,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC;IAC1E,IAAI,KAAK,CAAC,OAAO,CAAC,SAAS,CAAC;QAAE,OAAO,SAAS,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC;IACzE,OAAO,GAAG,CAAC,MAAM,EAAE,aAAa,CAAC;AACnC,CAAC"}

package/dist/integrations/nestjs.d.ts ADDED Viewed

@@ -0,0 +1,40 @@
+/**
+ * NestJS integration.
+ *
+ * Exposes {@link createNestMiddleware}, a factory that returns a NestJS
+ * middleware **class** bound to a {@link RaspAgent} instance.
+ *
+ * Behaviour matches the Express adapter (Nest's middleware contract is
+ * Express-compatible by default):
+ *  - The request is normalised and inspected.
+ *  - `monitor` mode lets the request continue.
+ *  - `block` mode replies `403 { error, eventType }` and skips the next
+ *    handler.
+ *  - Any thrown error is swallowed (fail-open).
+ *
+ * @example
+ * ```ts
+ * import { MiddlewareConsumer, Module, NestModule } from "@nestjs/common";
+ * import { RaspAgent, createNestMiddleware } from "@queno/agent-node";
+ *
+ * const agent = new RaspAgent({ apiKey, projectId, agentId });
+ * agent.start();
+ *
+ * @Module({})
+ * export class AppModule implements NestModule {
+ *   configure(consumer: MiddlewareConsumer) {
+ *     consumer.apply(createNestMiddleware(agent)).forRoutes("*");
+ *   }
+ * }
+ * ```
+ */
+import type { NestMiddleware } from "@nestjs/common";
+import type { RaspAgent } from "../agent.js";
+/**
+ * Build a Nest middleware class bound to a {@link RaspAgent}.
+ *
+ * A class is returned (rather than an instance) because Nest itself
+ * instantiates middlewares from its DI container.
+ */
+export declare function createNestMiddleware(agent: RaspAgent): new () => NestMiddleware;
+//# sourceMappingURL=nestjs.d.ts.map

package/dist/integrations/nestjs.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"nestjs.d.ts","sourceRoot":"","sources":["../../src/integrations/nestjs.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA6BG;AACH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AAErD,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAG7C;;;;;GAKG;AACH,wBAAgB,oBAAoB,CAAC,KAAK,EAAE,SAAS,GAAG,UAAU,cAAc,CA0C/E"}

package/dist/integrations/nestjs.js ADDED Viewed

@@ -0,0 +1,58 @@
+/**
+ * Build a Nest middleware class bound to a {@link RaspAgent}.
+ *
+ * A class is returned (rather than an instance) because Nest itself
+ * instantiates middlewares from its DI container.
+ */
+export function createNestMiddleware(agent) {
+    class RaspNestMiddleware {
+        use(req, res, next) {
+            try {
+                const normalized = {
+                    method: req.method,
+                    path: req.path,
+                    query: req.query,
+                    headers: req.headers,
+                    body: req.body,
+                    sourceIp: extractSourceIp(req),
+                };
+                const ctx = agent.beginRequest(normalized);
+                const detection = agent.inspect(normalized);
+                if (detection && agent.mode === "block") {
+                    res.status(403).json({
+                        error: "Request blocked by RASP",
+                        eventType: detection.eventType,
+                    });
+                    return;
+                }
+                const start = Date.now();
+                res.on("finish", () => {
+                    const r = req;
+                    agent.endRequest(ctx, normalized, {
+                        statusCode: res.statusCode,
+                        durationMs: Date.now() - start,
+                        authenticated: r.user != null || r.auth != null,
+                    });
+                });
+            }
+            catch {
+                // Fail-open - see file-level note.
+            }
+            next();
+        }
+    }
+    return RaspNestMiddleware;
+}
+/**
+ * Best-effort source IP resolution; see the Express integration for the
+ * trust caveat.
+ */
+function extractSourceIp(req) {
+    const forwarded = req.headers["x-forwarded-for"];
+    if (typeof forwarded === "string")
+        return forwarded.split(",")[0]?.trim();
+    if (Array.isArray(forwarded))
+        return forwarded[0]?.split(",")[0]?.trim();
+    return req.socket?.remoteAddress;
+}
+//# sourceMappingURL=nestjs.js.map

package/dist/integrations/nestjs.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"nestjs.js","sourceRoot":"","sources":["../../src/integrations/nestjs.ts"],"names":[],"mappings":"AAmCA;;;;;GAKG;AACH,MAAM,UAAU,oBAAoB,CAAC,KAAgB;IACnD,MAAM,kBAAkB;QACtB,GAAG,CAAC,GAAY,EAAE,GAAa,EAAE,IAAkB;YACjD,IAAI,CAAC;gBACH,MAAM,UAAU,GAAsB;oBACpC,MAAM,EAAE,GAAG,CAAC,MAAM;oBAClB,IAAI,EAAE,GAAG,CAAC,IAAI;oBACd,KAAK,EAAE,GAAG,CAAC,KAAgC;oBAC3C,OAAO,EAAE,GAAG,CAAC,OAAwD;oBACrE,IAAI,EAAE,GAAG,CAAC,IAAI;oBACd,QAAQ,EAAE,eAAe,CAAC,GAAG,CAAC;iBAC/B,CAAC;gBAEF,MAAM,GAAG,GAAG,KAAK,CAAC,YAAY,CAAC,UAAU,CAAC,CAAC;gBAE3C,MAAM,SAAS,GAAG,KAAK,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;gBAE5C,IAAI,SAAS,IAAI,KAAK,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;oBACxC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;wBACnB,KAAK,EAAE,yBAAyB;wBAChC,SAAS,EAAE,SAAS,CAAC,SAAS;qBAC/B,CAAC,CAAC;oBACH,OAAO;gBACT,CAAC;gBAED,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;gBACzB,GAAG,CAAC,EAAE,CAAC,QAAQ,EAAE,GAAG,EAAE;oBACpB,MAAM,CAAC,GAAG,GAAmD,CAAC;oBAC9D,KAAK,CAAC,UAAU,CAAC,GAAG,EAAE,UAAU,EAAE;wBAChC,UAAU,EAAE,GAAG,CAAC,UAAU;wBAC1B,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK;wBAC9B,aAAa,EAAE,CAAC,CAAC,IAAI,IAAI,IAAI,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI;qBAChD,CAAC,CAAC;gBACL,CAAC,CAAC,CAAC;YACL,CAAC;YAAC,MAAM,CAAC;gBACP,mCAAmC;YACrC,CAAC;YACD,IAAI,EAAE,CAAC;QACT,CAAC;KACF;IAED,OAAO,kBAAkB,CAAC;AAC5B,CAAC;AAED;;;GAGG;AACH,SAAS,eAAe,CAAC,GAAY;IACnC,MAAM,SAAS,GAAG,GAAG,CAAC,OAAO,CAAC,iBAAiB,CAAC,CAAC;IACjD,IAAI,OAAO,SAAS,KAAK,QAAQ;QAAE,OAAO,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC;IAC1E,IAAI,KAAK,CAAC,OAAO,CAAC,SAAS,CAAC;QAAE,OAAO,SAAS,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC;IACzE,OAAQ,GAAG,CAAC,MAAiD,EAAE,aAAa,CAAC;AAC/E,CAAC"}