@queno/agent-node 0.1.2

package/dist/policy/canonical.d.ts

@@ -0,0 +1,23 @@
+/**
+ * Canonical policy serialization (agent side).
+ *
+ * MUST stay byte-for-byte identical to the control-plane implementation in
+ * `rasp/lib/policy-signing.ts`. The Ed25519 signature is computed over these
+ * exact bytes, so any divergence would make every signature fail to verify.
+ */
+/** Policy fields covered by the signature. */
+export interface SignablePolicy {
+    projectId: string;
+    version: number;
+    channel: string;
+    mode: string;
+    detectionRules: unknown;
+    redactionConfig: unknown;
+    dataResidency: unknown;
+    targetAgentVersion: string | null;
+}
+/** Deterministic JSON serialization with recursively sorted object keys. */
+export declare function stableStringify(value: unknown): string;
+/** Build the exact bytes that were signed by the control plane. */
+export declare function canonicalPolicyBytes(policy: SignablePolicy): Buffer;
+//# sourceMappingURL=canonical.d.ts.map

package/dist/policy/canonical.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"canonical.d.ts","sourceRoot":"","sources":["../../src/policy/canonical.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,8CAA8C;AAC9C,MAAM,WAAW,cAAc;IAC7B,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC;IACb,cAAc,EAAE,OAAO,CAAC;IACxB,eAAe,EAAE,OAAO,CAAC;IACzB,aAAa,EAAE,OAAO,CAAC;IACvB,kBAAkB,EAAE,MAAM,GAAG,IAAI,CAAC;CACnC;AAED,4EAA4E;AAC5E,wBAAgB,eAAe,CAAC,KAAK,EAAE,OAAO,GAAG,MAAM,CAgBtD;AAED,mEAAmE;AACnE,wBAAgB,oBAAoB,CAAC,MAAM,EAAE,cAAc,GAAG,MAAM,CAYnE"}

package/dist/policy/canonical.js

@@ -0,0 +1,40 @@
+/**
+ * Canonical policy serialization (agent side).
+ *
+ * MUST stay byte-for-byte identical to the control-plane implementation in
+ * `rasp/lib/policy-signing.ts`. The Ed25519 signature is computed over these
+ * exact bytes, so any divergence would make every signature fail to verify.
+ */
+/** Deterministic JSON serialization with recursively sorted object keys. */
+export function stableStringify(value) {
+    if (value === null || value === undefined)
+        return "null";
+    if (typeof value === "number" || typeof value === "boolean") {
+        return JSON.stringify(value);
+    }
+    if (typeof value === "string")
+        return JSON.stringify(value);
+    if (Array.isArray(value)) {
+        return "[" + value.map((v) => stableStringify(v)).join(",") + "]";
+    }
+    const obj = value;
+    const keys = Object.keys(obj).sort();
+    return ("{" +
+        keys.map((k) => JSON.stringify(k) + ":" + stableStringify(obj[k])).join(",") +
+        "}");
+}
+/** Build the exact bytes that were signed by the control plane. */
+export function canonicalPolicyBytes(policy) {
+    const canonical = {
+        channel: policy.channel,
+        dataResidency: policy.dataResidency ?? null,
+        detectionRules: policy.detectionRules ?? null,
+        mode: policy.mode,
+        projectId: policy.projectId,
+        redactionConfig: policy.redactionConfig ?? null,
+        targetAgentVersion: policy.targetAgentVersion ?? null,
+        version: policy.version,
+    };
+    return Buffer.from(stableStringify(canonical), "utf8");
+}
+//# sourceMappingURL=canonical.js.map

package/dist/policy/canonical.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"canonical.js","sourceRoot":"","sources":["../../src/policy/canonical.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAcH,4EAA4E;AAC5E,MAAM,UAAU,eAAe,CAAC,KAAc;IAC5C,IAAI,KAAK,KAAK,IAAI,IAAI,KAAK,KAAK,SAAS;QAAE,OAAO,MAAM,CAAC;IACzD,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,OAAO,KAAK,KAAK,SAAS,EAAE,CAAC;QAC5D,OAAO,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;IAC/B,CAAC;IACD,IAAI,OAAO,KAAK,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;IAC5D,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO,GAAG,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC;IACpE,CAAC;IACD,MAAM,GAAG,GAAG,KAAgC,CAAC;IAC7C,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;IACrC,OAAO,CACL,GAAG;QACH,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,GAAG,GAAG,GAAG,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC;QAC5E,GAAG,CACJ,CAAC;AACJ,CAAC;AAED,mEAAmE;AACnE,MAAM,UAAU,oBAAoB,CAAC,MAAsB;IACzD,MAAM,SAAS,GAAG;QAChB,OAAO,EAAE,MAAM,CAAC,OAAO;QACvB,aAAa,EAAE,MAAM,CAAC,aAAa,IAAI,IAAI;QAC3C,cAAc,EAAE,MAAM,CAAC,cAAc,IAAI,IAAI;QAC7C,IAAI,EAAE,MAAM,CAAC,IAAI;QACjB,SAAS,EAAE,MAAM,CAAC,SAAS;QAC3B,eAAe,EAAE,MAAM,CAAC,eAAe,IAAI,IAAI;QAC/C,kBAAkB,EAAE,MAAM,CAAC,kBAAkB,IAAI,IAAI;QACrD,OAAO,EAAE,MAAM,CAAC,OAAO;KACxB,CAAC;IACF,OAAO,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC,CAAC;AACzD,CAAC"}

package/dist/policy/policy-manager.d.ts

@@ -0,0 +1,43 @@
+import type { DistributedPolicy } from "./types.js";
+export interface AcceptResult {
+    applied: boolean;
+    reason?: string;
+}
+export declare class PolicyManager {
+    private readonly projectId;
+    private readonly trustedKeys;
+    private current;
+    private lastValid;
+    /** The policy in force immediately before the current one (for self-rollback). */
+    private previous;
+    /**
+     * @param projectId - The agent's project id (part of the signed bytes).
+     * @param publicKeysPem - Pinned trust anchor public key(s) in PEM form.
+     */
+    constructor(projectId: string, publicKeysPem: string[]);
+    /** Currently applied policy, or null if none accepted yet. */
+    get currentPolicy(): DistributedPolicy | null;
+    /** Version currently in force (0 if none). */
+    get currentVersion(): number;
+    /** True if at least one trust anchor is configured. */
+    get hasTrustAnchor(): boolean;
+    /**
+     * Verify and accept a distributed policy.
+     *
+     * @returns Whether the policy was applied, with a reason on rejection.
+     */
+    accept(policy: DistributedPolicy): AcceptResult;
+    /**
+     * Self-rollback: discard the current policy and restore the one in force
+     * before it. Used when applying a freshly-accepted policy fails at runtime
+     * (Addendum D.4). Returns the policy to re-apply, or null if none.
+     */
+    rollback(): DistributedPolicy | null;
+    /**
+     * Add a trusted public key at runtime. Used to honour a key rotation that was
+     * announced inside a previously-verified policy, without re-shipping the
+     * package.
+     */
+    addTrustedKey(pem: string): void;
+}
+//# sourceMappingURL=policy-manager.d.ts.map

package/dist/policy/policy-manager.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy-manager.d.ts","sourceRoot":"","sources":["../../src/policy/policy-manager.ts"],"names":[],"mappings":"AAcA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAEpD,MAAM,WAAW,YAAY;IAC3B,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,qBAAa,aAAa;IAYtB,OAAO,CAAC,QAAQ,CAAC,SAAS;IAX5B,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAW;IACvC,OAAO,CAAC,OAAO,CAAkC;IACjD,OAAO,CAAC,SAAS,CAAkC;IACnD,kFAAkF;IAClF,OAAO,CAAC,QAAQ,CAAkC;IAElD;;;OAGG;gBAEgB,SAAS,EAAE,MAAM,EAClC,aAAa,EAAE,MAAM,EAAE;IAKzB,8DAA8D;IAC9D,IAAI,aAAa,IAAI,iBAAiB,GAAG,IAAI,CAE5C;IAED,8CAA8C;IAC9C,IAAI,cAAc,IAAI,MAAM,CAE3B;IAED,uDAAuD;IACvD,IAAI,cAAc,IAAI,OAAO,CAE5B;IAED;;;;OAIG;IACH,MAAM,CAAC,MAAM,EAAE,iBAAiB,GAAG,YAAY;IAmB/C;;;;OAIG;IACH,QAAQ,IAAI,iBAAiB,GAAG,IAAI;IAWpC;;;;OAIG;IACH,aAAa,CAAC,GAAG,EAAE,MAAM,GAAG,IAAI;CAKjC"}

package/dist/policy/policy-manager.js

@@ -0,0 +1,89 @@
+/**
+ * Policy manager (agent side).
+ *
+ * Owns the trust decision for incoming policies:
+ *  1. Verifies the Ed25519 signature against the pinned trust anchor(s).
+ *  2. Enforces version monotonicity (refuses to apply an older version than the
+ *     one currently in force - anti-replay / anti-rollback).
+ *  3. Tracks the last valid policy so the agent can fall back to it if a new
+ *     policy fails verification (self-rollback of policy, Addendum D.4).
+ *
+ * It never throws; an untrusted or malformed policy is simply rejected and the
+ * current policy is kept.
+ */
+import { verifyPolicySignature } from "./verify.js";
+export class PolicyManager {
+    projectId;
+    trustedKeys;
+    current = null;
+    lastValid = null;
+    /** The policy in force immediately before the current one (for self-rollback). */
+    previous = null;
+    /**
+     * @param projectId - The agent's project id (part of the signed bytes).
+     * @param publicKeysPem - Pinned trust anchor public key(s) in PEM form.
+     */
+    constructor(projectId, publicKeysPem) {
+        this.projectId = projectId;
+        this.trustedKeys = publicKeysPem.filter((k) => k && k.trim().length > 0);
+    }
+    /** Currently applied policy, or null if none accepted yet. */
+    get currentPolicy() {
+        return this.current;
+    }
+    /** Version currently in force (0 if none). */
+    get currentVersion() {
+        return this.current?.version ?? 0;
+    }
+    /** True if at least one trust anchor is configured. */
+    get hasTrustAnchor() {
+        return this.trustedKeys.length > 0;
+    }
+    /**
+     * Verify and accept a distributed policy.
+     *
+     * @returns Whether the policy was applied, with a reason on rejection.
+     */
+    accept(policy) {
+        if (this.trustedKeys.length === 0) {
+            return { applied: false, reason: "no_trust_anchor" };
+        }
+        if (!verifyPolicySignature(this.projectId, policy, this.trustedKeys)) {
+            return { applied: false, reason: "invalid_signature" };
+        }
+        if (this.current && policy.version < this.current.version) {
+            return { applied: false, reason: "stale_version" };
+        }
+        this.previous = this.current;
+        this.current = policy;
+        this.lastValid = policy;
+        return { applied: true };
+    }
+    /**
+     * Self-rollback: discard the current policy and restore the one in force
+     * before it. Used when applying a freshly-accepted policy fails at runtime
+     * (Addendum D.4). Returns the policy to re-apply, or null if none.
+     */
+    rollback() {
+        if (this.previous) {
+            this.current = this.previous;
+            this.lastValid = this.previous;
+            this.previous = null;
+        }
+        else {
+            this.current = null;
+        }
+        return this.current;
+    }
+    /**
+     * Add a trusted public key at runtime. Used to honour a key rotation that was
+     * announced inside a previously-verified policy, without re-shipping the
+     * package.
+     */
+    addTrustedKey(pem) {
+        if (pem && pem.trim().length > 0 && !this.trustedKeys.includes(pem)) {
+            this.trustedKeys.push(pem);
+        }
+    }
+}
+//# sourceMappingURL=policy-manager.js.map

package/dist/policy/policy-manager.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy-manager.js","sourceRoot":"","sources":["../../src/policy/policy-manager.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AACH,OAAO,EAAE,qBAAqB,EAAE,MAAM,aAAa,CAAC;AAQpD,MAAM,OAAO,aAAa;IAYL;IAXF,WAAW,CAAW;IAC/B,OAAO,GAA6B,IAAI,CAAC;IACzC,SAAS,GAA6B,IAAI,CAAC;IACnD,kFAAkF;IAC1E,QAAQ,GAA6B,IAAI,CAAC;IAElD;;;OAGG;IACH,YACmB,SAAiB,EAClC,aAAuB;QADN,cAAS,GAAT,SAAS,CAAQ;QAGlC,IAAI,CAAC,WAAW,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAC3E,CAAC;IAED,8DAA8D;IAC9D,IAAI,aAAa;QACf,OAAO,IAAI,CAAC,OAAO,CAAC;IACtB,CAAC;IAED,8CAA8C;IAC9C,IAAI,cAAc;QAChB,OAAO,IAAI,CAAC,OAAO,EAAE,OAAO,IAAI,CAAC,CAAC;IACpC,CAAC;IAED,uDAAuD;IACvD,IAAI,cAAc;QAChB,OAAO,IAAI,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,CAAC;IACrC,CAAC;IAED;;;;OAIG;IACH,MAAM,CAAC,MAAyB;QAC9B,IAAI,IAAI,CAAC,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAClC,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,iBAAiB,EAAE,CAAC;QACvD,CAAC;QAED,IAAI,CAAC,qBAAqB,CAAC,IAAI,CAAC,SAAS,EAAE,MAAM,EAAE,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;YACrE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC;QACzD,CAAC;QAED,IAAI,IAAI,CAAC,OAAO,IAAI,MAAM,CAAC,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC;YAC1D,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,eAAe,EAAE,CAAC;QACrD,CAAC;QAED,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC;QAC7B,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC;QACtB,IAAI,CAAC,SAAS,GAAG,MAAM,CAAC;QACxB,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IAC3B,CAAC;IAED;;;;OAIG;IACH,QAAQ;QACN,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAClB,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC;YAC7B,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,QAAQ,CAAC;YAC/B,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC;QACvB,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC;QACtB,CAAC;QACD,OAAO,IAAI,CAAC,OAAO,CAAC;IACtB,CAAC;IAED;;;;OAIG;IACH,aAAa,CAAC,GAAW;QACvB,IAAI,GAAG,IAAI,GAAG,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YACpE,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC7B,CAAC;IACH,CAAC;CACF"}

package/dist/policy/types.d.ts

@@ -0,0 +1,70 @@
+/**
+ * Types describing a policy as distributed by the control plane and applied by
+ * the agent. The wire shape returned by `GET /v1/policy` is
+ * {@link DistributedPolicy}; the agent verifies its signature, then applies the
+ * embedded {@link CustomRuleSpec}s, {@link RedactionConfig} and
+ * {@link DataResidencyConfig}.
+ */
+import type { AgentMode, Severity } from "../types.js";
+/**
+ * A customer-defined detection rule, evaluated by the generic
+ * CustomRuleDetector. This is the codeable form of the Addendum requirement
+ * "customers can create custom rules used in the RASP agent by policy".
+ */
+export interface CustomRuleSpec {
+    /** Stable id, surfaced as the matched rule in telemetry. */
+    id: string;
+    /** Human-readable name. */
+    name?: string;
+    /** Machine-readable event type emitted on match (e.g. `custom_rule`). */
+    eventType?: string;
+    /** Severity assigned to a match. */
+    severity?: Severity;
+    /** Which part of the request to inspect. */
+    target?: "path" | "query" | "body" | "headers" | "any";
+    /** Regex source string, tested case-insensitively against stringified values. */
+    pattern: string;
+    /** Optional description for the audit trail. */
+    description?: string;
+    /** Whether the rule is active. Defaults to true. */
+    enabled?: boolean;
+}
+/** How to handle IP addresses found in values. */
+export type IpRedactionMode = "hash" | "mask" | "passthrough";
+/** Redaction directives pushed via policy (Addendum B.2). */
+export interface RedactionConfig {
+    /** denylist (default), allowlist, metadata-only, local-only. */
+    mode?: "denylist" | "allowlist" | "metadata-only" | "local-only";
+    /** Extra field-name regexes to redact (denylist additions). */
+    customKeyPatterns?: string[];
+    /** Field-name regexes that are always allowed through (allowlist mode). */
+    allowKeyPatterns?: string[];
+    /** Whether to apply built-in value detectors (Luhn, SIN, email, etc.). */
+    valueRedaction?: boolean;
+    /** IP handling. Defaults to "hash". */
+    ipMode?: IpRedactionMode;
+}
+/** Data residency directives (Addendum B.3). */
+export interface DataResidencyConfig {
+    /** Strip all payload data, send only event metadata. */
+    metadataOnly?: boolean;
+    /** Keep all telemetry local; never send to the collector. */
+    localOnly?: boolean;
+    /** Only export these event types to the collector (selective export). */
+    exportEventTypes?: string[];
+    /** Only export blocked detections (not informational/monitor). */
+    exportBlockedOnly?: boolean;
+}
+/** Wire shape returned by `GET /v1/policy`. */
+export interface DistributedPolicy {
+    version: number;
+    channel: string;
+    mode: AgentMode;
+    detectionRules: CustomRuleSpec[] | null;
+    redactionConfig: RedactionConfig | null;
+    dataResidency: DataResidencyConfig | null;
+    targetAgentVersion: string | null;
+    signature: string;
+    signingKeyId: string | null;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/policy/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/policy/types.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AACH,OAAO,KAAK,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AAEvD;;;;GAIG;AACH,MAAM,WAAW,cAAc;IAC7B,4DAA4D;IAC5D,EAAE,EAAE,MAAM,CAAC;IACX,2BAA2B;IAC3B,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,yEAAyE;IACzE,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,oCAAoC;IACpC,QAAQ,CAAC,EAAE,QAAQ,CAAC;IACpB,4CAA4C;IAC5C,MAAM,CAAC,EAAE,MAAM,GAAG,OAAO,GAAG,MAAM,GAAG,SAAS,GAAG,KAAK,CAAC;IACvD,iFAAiF;IACjF,OAAO,EAAE,MAAM,CAAC;IAChB,gDAAgD;IAChD,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,oDAAoD;IACpD,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AAED,kDAAkD;AAClD,MAAM,MAAM,eAAe,GAAG,MAAM,GAAG,MAAM,GAAG,aAAa,CAAC;AAE9D,6DAA6D;AAC7D,MAAM,WAAW,eAAe;IAC9B,gEAAgE;IAChE,IAAI,CAAC,EAAE,UAAU,GAAG,WAAW,GAAG,eAAe,GAAG,YAAY,CAAC;IACjE,+DAA+D;IAC/D,iBAAiB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC7B,2EAA2E;IAC3E,gBAAgB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC5B,0EAA0E;IAC1E,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,uCAAuC;IACvC,MAAM,CAAC,EAAE,eAAe,CAAC;CAC1B;AAED,gDAAgD;AAChD,MAAM,WAAW,mBAAmB;IAClC,wDAAwD;IACxD,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB,6DAA6D;IAC7D,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,yEAAyE;IACzE,gBAAgB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC5B,kEAAkE;IAClE,iBAAiB,CAAC,EAAE,OAAO,CAAC;CAC7B;AAED,+CAA+C;AAC/C,MAAM,WAAW,iBAAiB;IAChC,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,SAAS,CAAC;IAChB,cAAc,EAAE,cAAc,EAAE,GAAG,IAAI,CAAC;IACxC,eAAe,EAAE,eAAe,GAAG,IAAI,CAAC;IACxC,aAAa,EAAE,mBAAmB,GAAG,IAAI,CAAC;IAC1C,kBAAkB,EAAE,MAAM,GAAG,IAAI,CAAC;IAClC,SAAS,EAAE,MAAM,CAAC;IAClB,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;CAC7B"}

package/dist/policy/types.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=types.js.map

package/dist/policy/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/policy/types.ts"],"names":[],"mappings":""}

package/dist/policy/verify.d.ts

@@ -0,0 +1,11 @@
+import type { DistributedPolicy } from "./types.js";
+/**
+ * Verify a distributed policy's signature against a set of trusted public keys.
+ *
+ * @param projectId - The agent's project id; included in the signed bytes.
+ * @param policy - The policy returned by `GET /v1/policy`.
+ * @param publicKeysPem - One or more trusted public keys in PEM (SPKI) form.
+ * @returns true iff at least one trusted key validates the signature.
+ */
+export declare function verifyPolicySignature(projectId: string, policy: DistributedPolicy, publicKeysPem: string[]): boolean;
+//# sourceMappingURL=verify.d.ts.map

package/dist/policy/verify.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"verify.d.ts","sourceRoot":"","sources":["../../src/policy/verify.ts"],"names":[],"mappings":"AAcA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAMpD;;;;;;;GAOG;AACH,wBAAgB,qBAAqB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,iBAAiB,EACzB,aAAa,EAAE,MAAM,EAAE,GACtB,OAAO,CAkCT"}

package/dist/policy/verify.js

@@ -0,0 +1,61 @@
+/**
+ * Policy signature verification (agent side).
+ *
+ * The agent pins one or more trusted Ed25519 public keys (the trust anchor).
+ * It verifies every distributed policy against these keys before applying it.
+ * A policy that fails verification is ignored and the previous valid policy is
+ * kept - a compromised network path or collector cannot inject malicious
+ * policies (Addendum E.4.1).
+ *
+ * Multiple keys are supported so a key rotation announced via a previous
+ * (validly signed) policy can be honoured without re-shipping the package.
+ */
+import crypto from "node:crypto";
+import { canonicalPolicyBytes } from "./canonical.js";
+function normalizePem(pem) {
+    return pem.includes("\\n") ? pem.replace(/\\n/g, "\n") : pem;
+}
+/**
+ * Verify a distributed policy's signature against a set of trusted public keys.
+ *
+ * @param projectId - The agent's project id; included in the signed bytes.
+ * @param policy - The policy returned by `GET /v1/policy`.
+ * @param publicKeysPem - One or more trusted public keys in PEM (SPKI) form.
+ * @returns true iff at least one trusted key validates the signature.
+ */
+export function verifyPolicySignature(projectId, policy, publicKeysPem) {
+    if (!policy.signature)
+        return false;
+    const signable = {
+        projectId,
+        version: policy.version,
+        channel: policy.channel,
+        mode: policy.mode,
+        detectionRules: policy.detectionRules ?? null,
+        redactionConfig: policy.redactionConfig ?? null,
+        dataResidency: policy.dataResidency ?? null,
+        targetAgentVersion: policy.targetAgentVersion ?? null,
+    };
+    let bytes;
+    let sig;
+    try {
+        bytes = canonicalPolicyBytes(signable);
+        sig = Buffer.from(policy.signature, "base64");
+    }
+    catch {
+        return false;
+    }
+    for (const pem of publicKeysPem) {
+        try {
+            const key = crypto.createPublicKey(normalizePem(pem));
+            if (crypto.verify(null, bytes, key, sig)) {
+                return true;
+            }
+        }
+        catch {
+            // Try the next key.
+        }
+    }
+    return false;
+}
+//# sourceMappingURL=verify.js.map

package/dist/policy/verify.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"verify.js","sourceRoot":"","sources":["../../src/policy/verify.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AACH,OAAO,MAAM,MAAM,aAAa,CAAC;AACjC,OAAO,EAAE,oBAAoB,EAAuB,MAAM,gBAAgB,CAAC;AAG3E,SAAS,YAAY,CAAC,GAAW;IAC/B,OAAO,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;AAC/D,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,qBAAqB,CACnC,SAAiB,EACjB,MAAyB,EACzB,aAAuB;IAEvB,IAAI,CAAC,MAAM,CAAC,SAAS;QAAE,OAAO,KAAK,CAAC;IAEpC,MAAM,QAAQ,GAAmB;QAC/B,SAAS;QACT,OAAO,EAAE,MAAM,CAAC,OAAO;QACvB,OAAO,EAAE,MAAM,CAAC,OAAO;QACvB,IAAI,EAAE,MAAM,CAAC,IAAI;QACjB,cAAc,EAAE,MAAM,CAAC,cAAc,IAAI,IAAI;QAC7C,eAAe,EAAE,MAAM,CAAC,eAAe,IAAI,IAAI;QAC/C,aAAa,EAAE,MAAM,CAAC,aAAa,IAAI,IAAI;QAC3C,kBAAkB,EAAE,MAAM,CAAC,kBAAkB,IAAI,IAAI;KACtD,CAAC;IAEF,IAAI,KAAa,CAAC;IAClB,IAAI,GAAW,CAAC;IAChB,IAAI,CAAC;QACH,KAAK,GAAG,oBAAoB,CAAC,QAAQ,CAAC,CAAC;QACvC,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;IAChD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;IAED,KAAK,MAAM,GAAG,IAAI,aAAa,EAAE,CAAC;QAChC,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,MAAM,CAAC,eAAe,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC;YACtD,IAAI,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,CAAC,EAAE,CAAC;gBACzC,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,oBAAoB;QACtB,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC"}

package/dist/redaction/audit-log.d.ts

@@ -0,0 +1,40 @@
+import type { RedactionAuditEntry } from "../types.js";
+export declare class AuditLog {
+    private readonly filePath;
+    private readonly maxBytes;
+    private fd;
+    private currentBytes;
+    private rotationIndex;
+    /**
+     * @param filePath - Destination file. Relative paths are resolved against
+     *   the process CWD.
+     * @param maxBytes - Maximum file size before rotation.
+     */
+    constructor(filePath: string, maxBytes: number);
+    /**
+     * Append one entry as JSON + `\n`. Rotates the file first if appending
+     * the line would cross the size threshold.
+     *
+     * All failures (disk full, EBADF, permissions…) are swallowed: an audit
+     * log issue must never propagate into the request hot path.
+     */
+    write(entry: RedactionAuditEntry): void;
+    /**
+     * Close the underlying file descriptor. Idempotent; safe to call from
+     * shutdown handlers and from the kill-switch path.
+     */
+    close(): void;
+    /**
+     * Lazily open the file (creating the parent directory if needed) and
+     * seed `currentBytes` from the existing file size so we don't blow past
+     * `maxBytes` after a restart.
+     */
+    private ensureOpen;
+    /**
+     * Close the active file, rename it to `<path>.<rotationIndex>` and reopen
+     * a fresh one. If the rename fails (e.g. EACCES), keep writing to the
+     * same file - losing rotation is preferred to losing audit data.
+     */
+    private rotate;
+}
+//# sourceMappingURL=audit-log.d.ts.map

package/dist/redaction/audit-log.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"audit-log.d.ts","sourceRoot":"","sources":["../../src/redaction/audit-log.ts"],"names":[],"mappings":"AAiBA,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC;AAEvD,qBAAa,QAAQ;IACnB,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAS;IAClC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAS;IAClC,OAAO,CAAC,EAAE,CAAuB;IACjC,OAAO,CAAC,YAAY,CAAK;IACzB,OAAO,CAAC,aAAa,CAAK;IAE1B;;;;OAIG;gBACS,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM;IAK9C;;;;;;OAMG;IACH,KAAK,CAAC,KAAK,EAAE,mBAAmB,GAAG,IAAI;IAoBvC;;;OAGG;IACH,KAAK,IAAI,IAAI;IAWb;;;;OAIG;IACH,OAAO,CAAC,UAAU;IAgBlB;;;;OAIG;IACH,OAAO,CAAC,MAAM;CAYf"}

package/dist/redaction/audit-log.js

@@ -0,0 +1,110 @@
+/**
+ * Local redaction audit log.
+ *
+ * Per `AGENTS.md` "Local Redaction Audit Log" rules:
+ *  - every redaction action is recorded locally inside the customer
+ *    environment;
+ *  - lines never contain raw sensitive values - only metadata;
+ *  - log rotation by file size is supported to avoid filling the disk;
+ *  - audit-log failures must NEVER crash the host application - every
+ *    failure path here returns silently.
+ *
+ * On-disk format: JSON-Lines (one {@link RedactionAuditEntry} per line),
+ * UTF-8, append-mode. When the file exceeds `maxBytes`, it is renamed to
+ * `<path>.<n>` and a fresh file is opened.
+ */
+import fs from "node:fs";
+import path from "node:path";
+export class AuditLog {
+    filePath;
+    maxBytes;
+    fd = null;
+    currentBytes = 0;
+    rotationIndex = 0;
+    /**
+     * @param filePath - Destination file. Relative paths are resolved against
+     *   the process CWD.
+     * @param maxBytes - Maximum file size before rotation.
+     */
+    constructor(filePath, maxBytes) {
+        this.filePath = path.resolve(filePath);
+        this.maxBytes = maxBytes;
+    }
+    /**
+     * Append one entry as JSON + `\n`. Rotates the file first if appending
+     * the line would cross the size threshold.
+     *
+     * All failures (disk full, EBADF, permissions…) are swallowed: an audit
+     * log issue must never propagate into the request hot path.
+     */
+    write(entry) {
+        try {
+            const line = JSON.stringify(entry) + "\n";
+            const lineBytes = Buffer.byteLength(line, "utf8");
+            this.ensureOpen();
+            if (this.currentBytes + lineBytes > this.maxBytes) {
+                this.rotate();
+            }
+            if (this.fd !== null) {
+                fs.writeSync(this.fd, line);
+                this.currentBytes += lineBytes;
+            }
+        }
+        catch {
+            // Intentional - see class-level note.
+        }
+    }
+    /**
+     * Close the underlying file descriptor. Idempotent; safe to call from
+     * shutdown handlers and from the kill-switch path.
+     */
+    close() {
+        if (this.fd !== null) {
+            try {
+                fs.closeSync(this.fd);
+            }
+            catch {
+                // ignore
+            }
+            this.fd = null;
+        }
+    }
+    /**
+     * Lazily open the file (creating the parent directory if needed) and
+     * seed `currentBytes` from the existing file size so we don't blow past
+     * `maxBytes` after a restart.
+     */
+    ensureOpen() {
+        if (this.fd !== null)
+            return;
+        const dir = path.dirname(this.filePath);
+        fs.mkdirSync(dir, { recursive: true });
+        this.fd = fs.openSync(this.filePath, "a");
+        try {
+            const stat = fs.fstatSync(this.fd);
+            this.currentBytes = stat.size;
+        }
+        catch {
+            this.currentBytes = 0;
+        }
+    }
+    /**
+     * Close the active file, rename it to `<path>.<rotationIndex>` and reopen
+     * a fresh one. If the rename fails (e.g. EACCES), keep writing to the
+     * same file - losing rotation is preferred to losing audit data.
+     */
+    rotate() {
+        this.close();
+        this.rotationIndex += 1;
+        const rotated = `${this.filePath}.${this.rotationIndex}`;
+        try {
+            fs.renameSync(this.filePath, rotated);
+        }
+        catch {
+            // See rationale above.
+        }
+        this.currentBytes = 0;
+        this.ensureOpen();
+    }
+}
+//# sourceMappingURL=audit-log.js.map

package/dist/redaction/audit-log.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"audit-log.js","sourceRoot":"","sources":["../../src/redaction/audit-log.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AACH,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,IAAI,MAAM,WAAW,CAAC;AAG7B,MAAM,OAAO,QAAQ;IACF,QAAQ,CAAS;IACjB,QAAQ,CAAS;IAC1B,EAAE,GAAkB,IAAI,CAAC;IACzB,YAAY,GAAG,CAAC,CAAC;IACjB,aAAa,GAAG,CAAC,CAAC;IAE1B;;;;OAIG;IACH,YAAY,QAAgB,EAAE,QAAgB;QAC5C,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;QACvC,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;IAC3B,CAAC;IAED;;;;;;OAMG;IACH,KAAK,CAAC,KAA0B;QAC9B,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,GAAG,IAAI,CAAC;YAC1C,MAAM,SAAS,GAAG,MAAM,CAAC,UAAU,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;YAElD,IAAI,CAAC,UAAU,EAAE,CAAC;YAElB,IAAI,IAAI,CAAC,YAAY,GAAG,SAAS,GAAG,IAAI,CAAC,QAAQ,EAAE,CAAC;gBAClD,IAAI,CAAC,MAAM,EAAE,CAAC;YAChB,CAAC;YAED,IAAI,IAAI,CAAC,EAAE,KAAK,IAAI,EAAE,CAAC;gBACrB,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,EAAE,IAAI,CAAC,CAAC;gBAC5B,IAAI,CAAC,YAAY,IAAI,SAAS,CAAC;YACjC,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,sCAAsC;QACxC,CAAC;IACH,CAAC;IAED;;;OAGG;IACH,KAAK;QACH,IAAI,IAAI,CAAC,EAAE,KAAK,IAAI,EAAE,CAAC;YACrB,IAAI,CAAC;gBACH,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACxB,CAAC;YAAC,MAAM,CAAC;gBACP,SAAS;YACX,CAAC;YACD,IAAI,CAAC,EAAE,GAAG,IAAI,CAAC;QACjB,CAAC;IACH,CAAC;IAED;;;;OAIG;IACK,UAAU;QAChB,IAAI,IAAI,CAAC,EAAE,KAAK,IAAI;YAAE,OAAO;QAE7B,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACxC,EAAE,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAEvC,IAAI,CAAC,EAAE,GAAG,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;QAE1C,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACnC,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC;QAChC,CAAC;QAAC,MAAM,CAAC;YACP,IAAI,CAAC,YAAY,GAAG,CAAC,CAAC;QACxB,CAAC;IACH,CAAC;IAED;;;;OAIG;IACK,MAAM;QACZ,IAAI,CAAC,KAAK,EAAE,CAAC;QACb,IAAI,CAAC,aAAa,IAAI,CAAC,CAAC;QACxB,MAAM,OAAO,GAAG,GAAG,IAAI,CAAC,QAAQ,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;QACzD,IAAI,CAAC;YACH,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QACxC,CAAC;QAAC,MAAM,CAAC;YACP,uBAAuB;QACzB,CAAC;QACD,IAAI,CAAC,YAAY,GAAG,CAAC,CAAC;QACtB,IAAI,CAAC,UAAU,EAAE,CAAC;IACpB,CAAC;CACF"}

package/dist/redaction/engine.d.ts

@@ -0,0 +1,50 @@
+/**
+ * Redaction engine - sanitises an event payload before it leaves the process.
+ *
+ * Layers (Addendum B.2):
+ *  1. Key-based redaction: object keys matching a {@link RedactionPattern} are
+ *     replaced wholesale.
+ *  2. Value-based redaction: string leaves are scanned for sensitive shapes
+ *     (credit cards, SIN, email, health IDs, IPs, SQL literals) and masked.
+ *  3. Mode:
+ *     - `denylist` (default): strip known-sensitive data, pass everything else.
+ *     - `allowlist`: redact every value except explicitly approved keys (and a
+ *       fixed set of structural envelope keys required by the collector).
+ *
+ * The walker returns a new object - the input is never mutated. A thrown error
+ * is treated by the agent as a fatal redaction failure (the event is dropped).
+ */
+import { type RedactionPattern, type IpMode } from "./patterns.js";
+import type { RedactionConfig } from "../policy/types.js";
+export interface RedactionResult {
+    /** Deep-cloned, sanitised copy of the input value. */
+    redacted: unknown;
+    /** Dotted paths of every field that was replaced or masked. */
+    redactedFields: string[];
+}
+export interface RedactionEngineOptions {
+    mode?: "denylist" | "allowlist";
+    keyPatterns?: RedactionPattern[];
+    allowKeyPatterns?: RegExp[];
+    valueRedaction?: boolean;
+    ipMode?: IpMode;
+}
+export declare class RedactionEngine {
+    private readonly patterns;
+    private readonly mode;
+    private readonly allowKeyPatterns;
+    private readonly valueRedaction;
+    private readonly ipMode;
+    constructor(extraPatternsOrOptions?: RedactionPattern[] | RedactionEngineOptions);
+    /**
+     * Build an engine from a policy-supplied {@link RedactionConfig}. Unknown or
+     * absent fields fall back to safe defaults (denylist + value redaction).
+     */
+    static fromConfig(cfg?: RedactionConfig): RedactionEngine;
+    redact(value: unknown, path?: string): RedactionResult;
+    private walk;
+    private redactLeaf;
+    private isApprovedKey;
+    private shouldRedactKey;
+}
+//# sourceMappingURL=engine.d.ts.map

package/dist/redaction/engine.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"engine.d.ts","sourceRoot":"","sources":["../../src/redaction/engine.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AACH,OAAO,EAGL,KAAK,gBAAgB,EACrB,KAAK,MAAM,EACZ,MAAM,eAAe,CAAC;AACvB,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AAE1D,MAAM,WAAW,eAAe;IAC9B,sDAAsD;IACtD,QAAQ,EAAE,OAAO,CAAC;IAClB,+DAA+D;IAC/D,cAAc,EAAE,MAAM,EAAE,CAAC;CAC1B;AAwBD,MAAM,WAAW,sBAAsB;IACrC,IAAI,CAAC,EAAE,UAAU,GAAG,WAAW,CAAC;IAChC,WAAW,CAAC,EAAE,gBAAgB,EAAE,CAAC;IACjC,gBAAgB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC5B,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,qBAAa,eAAe;IAC1B,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAqB;IAC9C,OAAO,CAAC,QAAQ,CAAC,IAAI,CAA2B;IAChD,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAW;IAC5C,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAU;IACzC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAS;gBAEpB,sBAAsB,GAAE,gBAAgB,EAAE,GAAG,sBAA2B;IAYpF;;;OAGG;IACH,MAAM,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,eAAe,GAAG,eAAe;IA0BzD,MAAM,CAAC,KAAK,EAAE,OAAO,EAAE,IAAI,SAAK,GAAG,eAAe;IAMlD,OAAO,CAAC,IAAI;IAuCZ,OAAO,CAAC,UAAU;IAqBlB,OAAO,CAAC,aAAa;IAKrB,OAAO,CAAC,eAAe;CAGxB"}