@quint-security/core 0.3.0

package/dist/db.js

@@ -0,0 +1,157 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuditDb = void 0;
+exports.openAuditDb = openAuditDb;
+const better_sqlite3_1 = __importDefault(require("better-sqlite3"));
+const node_fs_1 = require("node:fs");
+const node_path_1 = require("node:path");
+const SCHEMA = `
+CREATE TABLE IF NOT EXISTS audit_log (
+  id              INTEGER PRIMARY KEY AUTOINCREMENT,
+  timestamp       TEXT NOT NULL,
+  server_name     TEXT NOT NULL,
+  direction       TEXT NOT NULL,
+  method          TEXT NOT NULL,
+  message_id      TEXT,
+  tool_name       TEXT,
+  arguments_json  TEXT,
+  response_json   TEXT,
+  verdict         TEXT NOT NULL,
+  risk_score      INTEGER,
+  risk_level      TEXT,
+  policy_hash     TEXT NOT NULL DEFAULT '',
+  prev_hash       TEXT NOT NULL DEFAULT '',
+  nonce           TEXT NOT NULL DEFAULT '',
+  signature       TEXT NOT NULL,
+  public_key      TEXT NOT NULL
+);
+
+CREATE INDEX IF NOT EXISTS idx_timestamp   ON audit_log(timestamp);
+CREATE INDEX IF NOT EXISTS idx_server_name ON audit_log(server_name);
+CREATE INDEX IF NOT EXISTS idx_tool_name   ON audit_log(tool_name);
+CREATE INDEX IF NOT EXISTS idx_verdict     ON audit_log(verdict);
+`;
+// Migration: add columns if they don't exist (for DBs created before this version)
+const MIGRATIONS = [
+    `ALTER TABLE audit_log ADD COLUMN policy_hash TEXT NOT NULL DEFAULT ''`,
+    `ALTER TABLE audit_log ADD COLUMN prev_hash TEXT NOT NULL DEFAULT ''`,
+    `ALTER TABLE audit_log ADD COLUMN nonce TEXT NOT NULL DEFAULT ''`,
+    `ALTER TABLE audit_log ADD COLUMN risk_score INTEGER`,
+    `ALTER TABLE audit_log ADD COLUMN risk_level TEXT`,
+];
+class AuditDb {
+    db;
+    constructor(dbPath) {
+        (0, node_fs_1.mkdirSync)((0, node_path_1.dirname)(dbPath), { recursive: true });
+        this.db = new better_sqlite3_1.default(dbPath);
+        this.db.pragma("journal_mode = WAL");
+        this.db.exec(SCHEMA);
+        this.migrate();
+    }
+    migrate() {
+        for (const sql of MIGRATIONS) {
+            try {
+                this.db.exec(sql);
+            }
+            catch {
+                // Column already exists — ignore
+            }
+        }
+    }
+    /** Get the signature of the last entry (for hash chaining) */
+    getLastSignature() {
+        const row = this.db.prepare("SELECT signature FROM audit_log ORDER BY id DESC LIMIT 1").get();
+        return row?.signature ?? null;
+    }
+    /**
+     * Atomically read the last signature and insert a new entry.
+     * This prevents chain breaks when multiple proxy instances share a DB.
+     */
+    insertAtomic(buildEntry) {
+        const insertStmt = this.db.prepare(`
+      INSERT INTO audit_log
+        (timestamp, server_name, direction, method, message_id, tool_name,
+         arguments_json, response_json, verdict, risk_score, risk_level,
+         policy_hash, prev_hash, nonce, signature, public_key)
+      VALUES
+        (@timestamp, @server_name, @direction, @method, @message_id, @tool_name,
+         @arguments_json, @response_json, @verdict, @risk_score, @risk_level,
+         @policy_hash, @prev_hash, @nonce, @signature, @public_key)
+    `);
+        const lastSigStmt = this.db.prepare("SELECT signature FROM audit_log ORDER BY id DESC LIMIT 1");
+        let rowId = 0;
+        this.db.transaction(() => {
+            const lastRow = lastSigStmt.get();
+            const entry = buildEntry(lastRow?.signature ?? null);
+            const result = insertStmt.run(entry);
+            rowId = result.lastInsertRowid;
+        })();
+        return rowId;
+    }
+    insert(entry) {
+        const stmt = this.db.prepare(`
+      INSERT INTO audit_log
+        (timestamp, server_name, direction, method, message_id, tool_name,
+         arguments_json, response_json, verdict, risk_score, risk_level,
+         policy_hash, prev_hash, nonce, signature, public_key)
+      VALUES
+        (@timestamp, @server_name, @direction, @method, @message_id, @tool_name,
+         @arguments_json, @response_json, @verdict, @risk_score, @risk_level,
+         @policy_hash, @prev_hash, @nonce, @signature, @public_key)
+    `);
+        const result = stmt.run(entry);
+        return result.lastInsertRowid;
+    }
+    getById(id) {
+        return this.db.prepare("SELECT * FROM audit_log WHERE id = ?").get(id);
+    }
+    /** Get entries in ID order (ascending) for chain verification */
+    getRange(startId, endId) {
+        return this.db.prepare("SELECT * FROM audit_log WHERE id >= ? AND id <= ? ORDER BY id ASC").all(startId, endId);
+    }
+    /** Get all entries in ID order (ascending) for chain verification */
+    getAll() {
+        return this.db.prepare("SELECT * FROM audit_log ORDER BY id ASC").all();
+    }
+    query(opts = {}) {
+        const conditions = [];
+        const params = {};
+        if (opts.server) {
+            conditions.push("server_name = @server");
+            params.server = opts.server;
+        }
+        if (opts.tool) {
+            conditions.push("tool_name = @tool");
+            params.tool = opts.tool;
+        }
+        if (opts.verdict) {
+            conditions.push("verdict = @verdict");
+            params.verdict = opts.verdict;
+        }
+        if (opts.since) {
+            conditions.push("timestamp >= @since");
+            params.since = opts.since;
+        }
+        const where = conditions.length > 0 ? `WHERE ${conditions.join(" AND ")}` : "";
+        const limit = opts.limit ?? 100;
+        return this.db.prepare(`SELECT * FROM audit_log ${where} ORDER BY id DESC LIMIT ${limit}`).all(params);
+    }
+    getLast(n) {
+        return this.db.prepare("SELECT * FROM audit_log ORDER BY id DESC LIMIT ?").all(n);
+    }
+    count() {
+        const row = this.db.prepare("SELECT COUNT(*) as cnt FROM audit_log").get();
+        return row.cnt;
+    }
+    close() {
+        this.db.close();
+    }
+}
+exports.AuditDb = AuditDb;
+function openAuditDb(dataDir) {
+    return new AuditDb((0, node_path_1.join)(dataDir, "quint.db"));
+}
+//# sourceMappingURL=db.js.map

package/dist/db.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"db.js","sourceRoot":"","sources":["../src/db.ts"],"names":[],"mappings":";;;;;;AAqLA,kCAEC;AAvLD,oEAAsC;AACtC,qCAAoC;AACpC,yCAA0C;AAG1C,MAAM,MAAM,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;CAyBd,CAAC;AAEF,mFAAmF;AACnF,MAAM,UAAU,GAAG;IACjB,uEAAuE;IACvE,qEAAqE;IACrE,iEAAiE;IACjE,qDAAqD;IACrD,kDAAkD;CACnD,CAAC;AAEF,MAAa,OAAO;IACV,EAAE,CAAoB;IAE9B,YAAY,MAAc;QACxB,IAAA,mBAAS,EAAC,IAAA,mBAAO,EAAC,MAAM,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAChD,IAAI,CAAC,EAAE,GAAG,IAAI,wBAAQ,CAAC,MAAM,CAAC,CAAC;QAC/B,IAAI,CAAC,EAAE,CAAC,MAAM,CAAC,oBAAoB,CAAC,CAAC;QACrC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACrB,IAAI,CAAC,OAAO,EAAE,CAAC;IACjB,CAAC;IAEO,OAAO;QACb,KAAK,MAAM,GAAG,IAAI,UAAU,EAAE,CAAC;YAC7B,IAAI,CAAC;gBACH,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YACpB,CAAC;YAAC,MAAM,CAAC;gBACP,iCAAiC;YACnC,CAAC;QACH,CAAC;IACH,CAAC;IAED,8DAA8D;IAC9D,gBAAgB;QACd,MAAM,GAAG,GAAG,IAAI,CAAC,EAAE,CAAC,OAAO,CACzB,0DAA0D,CAC3D,CAAC,GAAG,EAAuC,CAAC;QAC7C,OAAO,GAAG,EAAE,SAAS,IAAI,IAAI,CAAC;IAChC,CAAC;IAED;;;OAGG;IACH,YAAY,CAAC,UAAoE;QAC/E,MAAM,UAAU,GAAG,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC;;;;;;;;;KASlC,CAAC,CAAC;QACH,MAAM,WAAW,GAAG,IAAI,CAAC,EAAE,CAAC,OAAO,CACjC,0DAA0D,CAC3D,CAAC;QAEF,IAAI,KAAK,GAAG,CAAC,CAAC;QACd,IAAI,CAAC,EAAE,CAAC,WAAW,CAAC,GAAG,EAAE;YACvB,MAAM,OAAO,GAAG,WAAW,CAAC,GAAG,EAAuC,CAAC;YACvE,MAAM,KAAK,GAAG,UAAU,CAAC,OAAO,EAAE,SAAS,IAAI,IAAI,CAAC,CAAC;YACrD,MAAM,MAAM,GAAG,UAAU,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;YACrC,KAAK,GAAG,MAAM,CAAC,eAAyB,CAAC;QAC3C,CAAC,CAAC,EAAE,CAAC;QACL,OAAO,KAAK,CAAC;IACf,CAAC;IAED,MAAM,CAAC,KAA6B;QAClC,MAAM,IAAI,GAAG,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC;;;;;;;;;KAS5B,CAAC,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QAC/B,OAAO,MAAM,CAAC,eAAyB,CAAC;IAC1C,CAAC;IAED,OAAO,CAAC,EAAU;QAChB,OAAO,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC,sCAAsC,CAAC,CAAC,GAAG,CAAC,EAAE,CAA2B,CAAC;IACnG,CAAC;IAED,iEAAiE;IACjE,QAAQ,CAAC,OAAe,EAAE,KAAa;QACrC,OAAO,IAAI,CAAC,EAAE,CAAC,OAAO,CACpB,mEAAmE,CACpE,CAAC,GAAG,CAAC,OAAO,EAAE,KAAK,CAAiB,CAAC;IACxC,CAAC;IAED,qEAAqE;IACrE,MAAM;QACJ,OAAO,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC,yCAAyC,CAAC,CAAC,GAAG,EAAkB,CAAC;IAC1F,CAAC;IAED,KAAK,CAAC,OAMF,EAAE;QACJ,MAAM,UAAU,GAAa,EAAE,CAAC;QAChC,MAAM,MAAM,GAA4B,EAAE,CAAC;QAE3C,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;YAChB,UAAU,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;YACzC,MAAM,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC;QAC9B,CAAC;QACD,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;YACd,UAAU,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;YACrC,MAAM,CAAC,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC;QAC1B,CAAC;QACD,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YACjB,UAAU,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;YACtC,MAAM,CAAC,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC;QAChC,CAAC;QACD,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,UAAU,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAC;YACvC,MAAM,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC;QAC5B,CAAC;QAED,MAAM,KAAK,GAAG,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAC/E,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,IAAI,GAAG,CAAC;QAEhC,OAAO,IAAI,CAAC,EAAE,CAAC,OAAO,CACpB,2BAA2B,KAAK,2BAA2B,KAAK,EAAE,CACnE,CAAC,GAAG,CAAC,MAAM,CAAiB,CAAC;IAChC,CAAC;IAED,OAAO,CAAC,CAAS;QACf,OAAO,IAAI,CAAC,EAAE,CAAC,OAAO,CACpB,kDAAkD,CACnD,CAAC,GAAG,CAAC,CAAC,CAAiB,CAAC;IAC3B,CAAC;IAED,KAAK;QACH,MAAM,GAAG,GAAG,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC,uCAAuC,CAAC,CAAC,GAAG,EAAqB,CAAC;QAC9F,OAAO,GAAG,CAAC,GAAG,CAAC;IACjB,CAAC;IAED,KAAK;QACH,IAAI,CAAC,EAAE,CAAC,KAAK,EAAE,CAAC;IAClB,CAAC;CACF;AA1ID,0BA0IC;AAED,SAAgB,WAAW,CAAC,OAAe;IACzC,OAAO,IAAI,OAAO,CAAC,IAAA,gBAAI,EAAC,OAAO,EAAE,UAAU,CAAC,CAAC,CAAC;AAChD,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,9 @@
+export * from "./types.js";
+export * from "./crypto.js";
+export * from "./db.js";
+export * from "./auth-db.js";
+export * from "./auth.js";
+export * from "./config.js";
+export * from "./log.js";
+export * from "./risk.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,YAAY,CAAC;AAC3B,cAAc,aAAa,CAAC;AAC5B,cAAc,SAAS,CAAC;AACxB,cAAc,cAAc,CAAC;AAC7B,cAAc,WAAW,CAAC;AAC1B,cAAc,aAAa,CAAC;AAC5B,cAAc,UAAU,CAAC;AACzB,cAAc,WAAW,CAAC"}

package/dist/index.js

@@ -0,0 +1,25 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./types.js"), exports);
+__exportStar(require("./crypto.js"), exports);
+__exportStar(require("./db.js"), exports);
+__exportStar(require("./auth-db.js"), exports);
+__exportStar(require("./auth.js"), exports);
+__exportStar(require("./config.js"), exports);
+__exportStar(require("./log.js"), exports);
+__exportStar(require("./risk.js"), exports);
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,6CAA2B;AAC3B,8CAA4B;AAC5B,0CAAwB;AACxB,+CAA6B;AAC7B,4CAA0B;AAC1B,8CAA4B;AAC5B,2CAAyB;AACzB,4CAA0B"}

package/dist/log.d.ts

@@ -0,0 +1,15 @@
+declare const LEVELS: {
+    readonly debug: 0;
+    readonly info: 1;
+    readonly warn: 2;
+    readonly error: 3;
+};
+type Level = keyof typeof LEVELS;
+export declare function setLogLevel(level: Level): void;
+export declare function getLogLevel(): Level;
+export declare function logDebug(msg: string): void;
+export declare function logInfo(msg: string): void;
+export declare function logWarn(msg: string): void;
+export declare function logError(msg: string): void;
+export {};
+//# sourceMappingURL=log.d.ts.map

package/dist/log.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"log.d.ts","sourceRoot":"","sources":["../src/log.ts"],"names":[],"mappings":"AAAA,QAAA,MAAM,MAAM;;;;;CAAoD,CAAC;AACjE,KAAK,KAAK,GAAG,MAAM,OAAO,MAAM,CAAC;AAIjC,wBAAgB,WAAW,CAAC,KAAK,EAAE,KAAK,GAAG,IAAI,CAE9C;AAED,wBAAgB,WAAW,IAAI,KAAK,CAEnC;AAMD,wBAAgB,QAAQ,CAAC,GAAG,EAAE,MAAM,GAAG,IAAI,CAE1C;AAED,wBAAgB,OAAO,CAAC,GAAG,EAAE,MAAM,GAAG,IAAI,CAEzC;AAED,wBAAgB,OAAO,CAAC,GAAG,EAAE,MAAM,GAAG,IAAI,CAEzC;AAED,wBAAgB,QAAQ,CAAC,GAAG,EAAE,MAAM,GAAG,IAAI,CAE1C"}

package/dist/log.js

@@ -0,0 +1,36 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.setLogLevel = setLogLevel;
+exports.getLogLevel = getLogLevel;
+exports.logDebug = logDebug;
+exports.logInfo = logInfo;
+exports.logWarn = logWarn;
+exports.logError = logError;
+const LEVELS = { debug: 0, info: 1, warn: 2, error: 3 };
+let currentLevel = "info";
+function setLogLevel(level) {
+    currentLevel = level;
+}
+function getLogLevel() {
+    return currentLevel;
+}
+function shouldLog(level) {
+    return LEVELS[level] >= LEVELS[currentLevel];
+}
+function logDebug(msg) {
+    if (shouldLog("debug"))
+        process.stderr.write(`quint [debug]: ${msg}\n`);
+}
+function logInfo(msg) {
+    if (shouldLog("info"))
+        process.stderr.write(`quint: ${msg}\n`);
+}
+function logWarn(msg) {
+    if (shouldLog("warn"))
+        process.stderr.write(`quint [warn]: ${msg}\n`);
+}
+function logError(msg) {
+    if (shouldLog("error"))
+        process.stderr.write(`quint [error]: ${msg}\n`);
+}
+//# sourceMappingURL=log.js.map

package/dist/log.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"log.js","sourceRoot":"","sources":["../src/log.ts"],"names":[],"mappings":";;AAKA,kCAEC;AAED,kCAEC;AAMD,4BAEC;AAED,0BAEC;AAED,0BAEC;AAED,4BAEC;AA/BD,MAAM,MAAM,GAAG,EAAE,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAW,CAAC;AAGjE,IAAI,YAAY,GAAU,MAAM,CAAC;AAEjC,SAAgB,WAAW,CAAC,KAAY;IACtC,YAAY,GAAG,KAAK,CAAC;AACvB,CAAC;AAED,SAAgB,WAAW;IACzB,OAAO,YAAY,CAAC;AACtB,CAAC;AAED,SAAS,SAAS,CAAC,KAAY;IAC7B,OAAO,MAAM,CAAC,KAAK,CAAC,IAAI,MAAM,CAAC,YAAY,CAAC,CAAC;AAC/C,CAAC;AAED,SAAgB,QAAQ,CAAC,GAAW;IAClC,IAAI,SAAS,CAAC,OAAO,CAAC;QAAE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,kBAAkB,GAAG,IAAI,CAAC,CAAC;AAC1E,CAAC;AAED,SAAgB,OAAO,CAAC,GAAW;IACjC,IAAI,SAAS,CAAC,MAAM,CAAC;QAAE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC;AACjE,CAAC;AAED,SAAgB,OAAO,CAAC,GAAW;IACjC,IAAI,SAAS,CAAC,MAAM,CAAC;QAAE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,iBAAiB,GAAG,IAAI,CAAC,CAAC;AACxE,CAAC;AAED,SAAgB,QAAQ,CAAC,GAAW;IAClC,IAAI,SAAS,CAAC,OAAO,CAAC;QAAE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,kBAAkB,GAAG,IAAI,CAAC,CAAC;AAC1E,CAAC"}

package/dist/risk.d.ts

@@ -0,0 +1,72 @@
+/**
+ * Risk scoring engine.
+ *
+ * Each intercepted action gets a risk score from 0–100.
+ * The score is based on:
+ *   1. The method being called (tools/call is riskier than tools/list)
+ *   2. The tool name (some tools are inherently more dangerous)
+ *   3. The arguments (e.g. destructive keywords like "delete", "drop", "rm")
+ *   4. Accumulated behavior (repeated high-risk attempts escalate)
+ *
+ * If the score exceeds a threshold, the action can be:
+ *   - Flagged for manual approval
+ *   - Auto-denied
+ *   - Trigger session/token revocation
+ */
+interface RiskPattern {
+    /** Glob pattern for tool name */
+    tool: string;
+    /** Base risk score for this tool (0-100) */
+    baseScore: number;
+}
+export interface RiskScore {
+    /** Final score 0-100 (capped) */
+    score: number;
+    /** Base score from tool pattern match */
+    baseScore: number;
+    /** Boost from argument analysis */
+    argBoost: number;
+    /** Boost from repeated high-risk behavior */
+    behaviorBoost: number;
+    /** Human-readable risk level */
+    level: "low" | "medium" | "high" | "critical";
+    /** Reasons contributing to the score */
+    reasons: string[];
+}
+export interface RiskThresholds {
+    /** Score at which action is flagged for review (default 60) */
+    flag: number;
+    /** Score at which action is auto-denied (default 85) */
+    deny: number;
+    /** Number of high-risk actions in window before revocation (default 5) */
+    revokeAfter: number;
+    /** Time window in ms for behavior tracking (default 5 minutes) */
+    windowMs: number;
+}
+export declare class RiskEngine {
+    private thresholds;
+    private tracker;
+    private customPatterns;
+    constructor(opts?: {
+        thresholds?: Partial<RiskThresholds>;
+        customPatterns?: RiskPattern[];
+    });
+    /**
+     * Score a tool call.
+     * @param toolName  The MCP tool being called
+     * @param argsJson  JSON string of arguments (optional)
+     * @param subjectId Who is making the call (API key ID, session subject, or "anonymous")
+     */
+    score(toolName: string, argsJson: string | null, subjectId?: string): RiskScore;
+    /**
+     * Check if the subject should be revoked based on repeated high-risk behavior.
+     */
+    shouldRevoke(subjectId: string): boolean;
+    /**
+     * Determine the action based on risk score.
+     */
+    evaluate(risk: RiskScore): "allow" | "flag" | "deny";
+    getThresholds(): RiskThresholds;
+}
+export {};
+//# sourceMappingURL=risk.d.ts.map

package/dist/risk.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"risk.d.ts","sourceRoot":"","sources":["../src/risk.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAIH,UAAU,WAAW;IACnB,iCAAiC;IACjC,IAAI,EAAE,MAAM,CAAC;IACb,4CAA4C;IAC5C,SAAS,EAAE,MAAM,CAAC;CACnB;AAmDD,MAAM,WAAW,SAAS;IACxB,iCAAiC;IACjC,KAAK,EAAE,MAAM,CAAC;IACd,yCAAyC;IACzC,SAAS,EAAE,MAAM,CAAC;IAClB,mCAAmC;IACnC,QAAQ,EAAE,MAAM,CAAC;IACjB,6CAA6C;IAC7C,aAAa,EAAE,MAAM,CAAC;IACtB,gCAAgC;IAChC,KAAK,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;IAC9C,wCAAwC;IACxC,OAAO,EAAE,MAAM,EAAE,CAAC;CACnB;AAED,MAAM,WAAW,cAAc;IAC7B,+DAA+D;IAC/D,IAAI,EAAE,MAAM,CAAC;IACb,wDAAwD;IACxD,IAAI,EAAE,MAAM,CAAC;IACb,0EAA0E;IAC1E,WAAW,EAAE,MAAM,CAAC;IACpB,kEAAkE;IAClE,QAAQ,EAAE,MAAM,CAAC;CAClB;AAuCD,qBAAa,UAAU;IACrB,OAAO,CAAC,UAAU,CAAiB;IACnC,OAAO,CAAC,OAAO,CAAkB;IACjC,OAAO,CAAC,cAAc,CAAgB;gBAE1B,IAAI,CAAC,EAAE;QAAE,UAAU,CAAC,EAAE,OAAO,CAAC,cAAc,CAAC,CAAC;QAAC,cAAc,CAAC,EAAE,WAAW,EAAE,CAAA;KAAE;IAM3F;;;;;OAKG;IACH,KAAK,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,IAAI,EAAE,SAAS,GAAE,MAAoB,GAAG,SAAS;IAsD5F;;OAEG;IACH,YAAY,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO;IAIxC;;OAEG;IACH,QAAQ,CAAC,IAAI,EAAE,SAAS,GAAG,OAAO,GAAG,MAAM,GAAG,MAAM;IAMpD,aAAa,IAAI,cAAc;CAGhC"}

package/dist/risk.js

@@ -0,0 +1,177 @@
+"use strict";
+/**
+ * Risk scoring engine.
+ *
+ * Each intercepted action gets a risk score from 0–100.
+ * The score is based on:
+ *   1. The method being called (tools/call is riskier than tools/list)
+ *   2. The tool name (some tools are inherently more dangerous)
+ *   3. The arguments (e.g. destructive keywords like "delete", "drop", "rm")
+ *   4. Accumulated behavior (repeated high-risk attempts escalate)
+ *
+ * If the score exceeds a threshold, the action can be:
+ *   - Flagged for manual approval
+ *   - Auto-denied
+ *   - Trigger session/token revocation
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.RiskEngine = void 0;
+const DEFAULT_TOOL_RISKS = [
+    // Destructive file operations
+    { tool: "Delete*", baseScore: 80 },
+    { tool: "Remove*", baseScore: 80 },
+    { tool: "Rm*", baseScore: 80 },
+    // Write operations
+    { tool: "Write*", baseScore: 50 },
+    { tool: "Create*", baseScore: 40 },
+    { tool: "Update*", baseScore: 45 },
+    { tool: "Edit*", baseScore: 45 },
+    // Database operations
+    { tool: "*Sql*", baseScore: 60 },
+    { tool: "*Query*", baseScore: 40 },
+    { tool: "*Database*", baseScore: 55 },
+    // Execution
+    { tool: "*Execute*", baseScore: 70 },
+    { tool: "*Run*", baseScore: 65 },
+    { tool: "*Shell*", baseScore: 75 },
+    { tool: "*Bash*", baseScore: 75 },
+    { tool: "*Command*", baseScore: 70 },
+    // Network
+    { tool: "*Fetch*", baseScore: 35 },
+    { tool: "*Http*", baseScore: 35 },
+    { tool: "*Request*", baseScore: 35 },
+    // Read operations (low risk)
+    { tool: "Read*", baseScore: 10 },
+    { tool: "Get*", baseScore: 10 },
+    { tool: "List*", baseScore: 5 },
+    { tool: "Search*", baseScore: 10 },
+];
+// Argument keywords that bump the risk score
+const DANGEROUS_ARG_KEYWORDS = [
+    { pattern: /\bdrop\b/i, boost: 30 },
+    { pattern: /\bdelete\b/i, boost: 25 },
+    { pattern: /\btruncate\b/i, boost: 25 },
+    { pattern: /\brm\s+-rf\b/i, boost: 30 },
+    { pattern: /\bformat\b/i, boost: 20 },
+    { pattern: /\b(sudo|chmod|chown)\b/i, boost: 25 },
+    { pattern: /\bpassword\b/i, boost: 15 },
+    { pattern: /\bsecret\b/i, boost: 15 },
+    { pattern: /\btoken\b/i, boost: 10 },
+    { pattern: /\b(\.env|credentials)\b/i, boost: 20 },
+];
+// ── Risk scoring logic ──────────────────────────────────────────
+const config_js_1 = require("./config.js");
+const DEFAULT_THRESHOLDS = {
+    flag: 60,
+    deny: 85,
+    revokeAfter: 5,
+    windowMs: 5 * 60 * 1000,
+};
+/**
+ * In-memory tracker for repeated high-risk behavior per subject.
+ */
+class BehaviorTracker {
+    // subjectId → timestamps of high-risk actions
+    history = new Map();
+    windowMs;
+    constructor(windowMs) {
+        this.windowMs = windowMs;
+    }
+    record(subjectId) {
+        const now = Date.now();
+        const entries = this.history.get(subjectId) ?? [];
+        entries.push(now);
+        this.history.set(subjectId, entries);
+    }
+    /** Count of high-risk actions within the sliding window. */
+    count(subjectId) {
+        const cutoff = Date.now() - this.windowMs;
+        const entries = this.history.get(subjectId) ?? [];
+        const recent = entries.filter((t) => t > cutoff);
+        // Prune old entries
+        this.history.set(subjectId, recent);
+        return recent.length;
+    }
+}
+class RiskEngine {
+    thresholds;
+    tracker;
+    customPatterns;
+    constructor(opts) {
+        this.thresholds = { ...DEFAULT_THRESHOLDS, ...opts?.thresholds };
+        this.tracker = new BehaviorTracker(this.thresholds.windowMs);
+        this.customPatterns = opts?.customPatterns ?? [];
+    }
+    /**
+     * Score a tool call.
+     * @param toolName  The MCP tool being called
+     * @param argsJson  JSON string of arguments (optional)
+     * @param subjectId Who is making the call (API key ID, session subject, or "anonymous")
+     */
+    score(toolName, argsJson, subjectId = "anonymous") {
+        const reasons = [];
+        let baseScore = 20; // default for unknown tools
+        // Check custom patterns first, then defaults
+        const allPatterns = [...this.customPatterns, ...DEFAULT_TOOL_RISKS];
+        for (const pattern of allPatterns) {
+            if ((0, config_js_1.globMatch)(pattern.tool, toolName)) {
+                baseScore = pattern.baseScore;
+                reasons.push(`tool "${toolName}" matches pattern "${pattern.tool}" (base=${pattern.baseScore})`);
+                break;
+            }
+        }
+        if (reasons.length === 0) {
+            reasons.push(`tool "${toolName}" — no pattern match, using default base score`);
+        }
+        // Argument analysis
+        let argBoost = 0;
+        if (argsJson) {
+            for (const kw of DANGEROUS_ARG_KEYWORDS) {
+                if (kw.pattern.test(argsJson)) {
+                    argBoost += kw.boost;
+                    reasons.push(`argument contains "${kw.pattern.source}" (+${kw.boost})`);
+                }
+            }
+        }
+        // Behavior escalation
+        let behaviorBoost = 0;
+        const recentCount = this.tracker.count(subjectId);
+        if (recentCount > 0) {
+            // Each prior high-risk action in the window adds 5 points
+            behaviorBoost = recentCount * 5;
+            reasons.push(`${recentCount} high-risk action(s) in window (+${behaviorBoost})`);
+        }
+        const raw = baseScore + argBoost + behaviorBoost;
+        const score = Math.min(100, Math.max(0, raw));
+        const level = score >= this.thresholds.deny ? "critical"
+            : score >= this.thresholds.flag ? "high"
+                : score >= 30 ? "medium"
+                    : "low";
+        // Record if this was a high-risk action
+        if (score >= this.thresholds.flag) {
+            this.tracker.record(subjectId);
+        }
+        return { score, baseScore, argBoost, behaviorBoost, level, reasons };
+    }
+    /**
+     * Check if the subject should be revoked based on repeated high-risk behavior.
+     */
+    shouldRevoke(subjectId) {
+        return this.tracker.count(subjectId) >= this.thresholds.revokeAfter;
+    }
+    /**
+     * Determine the action based on risk score.
+     */
+    evaluate(risk) {
+        if (risk.score >= this.thresholds.deny)
+            return "deny";
+        if (risk.score >= this.thresholds.flag)
+            return "flag";
+        return "allow";
+    }
+    getThresholds() {
+        return { ...this.thresholds };
+    }
+}
+exports.RiskEngine = RiskEngine;
+//# sourceMappingURL=risk.js.map

package/dist/risk.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"risk.js","sourceRoot":"","sources":["../src/risk.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;GAcG;;;AAWH,MAAM,kBAAkB,GAAkB;IACxC,8BAA8B;IAC9B,EAAE,IAAI,EAAE,SAAS,EAAQ,SAAS,EAAE,EAAE,EAAE;IACxC,EAAE,IAAI,EAAE,SAAS,EAAQ,SAAS,EAAE,EAAE,EAAE;IACxC,EAAE,IAAI,EAAE,KAAK,EAAY,SAAS,EAAE,EAAE,EAAE;IACxC,mBAAmB;IACnB,EAAE,IAAI,EAAE,QAAQ,EAAS,SAAS,EAAE,EAAE,EAAE;IACxC,EAAE,IAAI,EAAE,SAAS,EAAQ,SAAS,EAAE,EAAE,EAAE;IACxC,EAAE,IAAI,EAAE,SAAS,EAAQ,SAAS,EAAE,EAAE,EAAE;IACxC,EAAE,IAAI,EAAE,OAAO,EAAU,SAAS,EAAE,EAAE,EAAE;IACxC,sBAAsB;IACtB,EAAE,IAAI,EAAE,OAAO,EAAU,SAAS,EAAE,EAAE,EAAE;IACxC,EAAE,IAAI,EAAE,SAAS,EAAQ,SAAS,EAAE,EAAE,EAAE;IACxC,EAAE,IAAI,EAAE,YAAY,EAAK,SAAS,EAAE,EAAE,EAAE;IACxC,YAAY;IACZ,EAAE,IAAI,EAAE,WAAW,EAAM,SAAS,EAAE,EAAE,EAAE;IACxC,EAAE,IAAI,EAAE,OAAO,EAAU,SAAS,EAAE,EAAE,EAAE;IACxC,EAAE,IAAI,EAAE,SAAS,EAAQ,SAAS,EAAE,EAAE,EAAE;IACxC,EAAE,IAAI,EAAE,QAAQ,EAAS,SAAS,EAAE,EAAE,EAAE;IACxC,EAAE,IAAI,EAAE,WAAW,EAAM,SAAS,EAAE,EAAE,EAAE;IACxC,UAAU;IACV,EAAE,IAAI,EAAE,SAAS,EAAQ,SAAS,EAAE,EAAE,EAAE;IACxC,EAAE,IAAI,EAAE,QAAQ,EAAS,SAAS,EAAE,EAAE,EAAE;IACxC,EAAE,IAAI,EAAE,WAAW,EAAM,SAAS,EAAE,EAAE,EAAE;IACxC,6BAA6B;IAC7B,EAAE,IAAI,EAAE,OAAO,EAAU,SAAS,EAAE,EAAE,EAAE;IACxC,EAAE,IAAI,EAAE,MAAM,EAAW,SAAS,EAAE,EAAE,EAAE;IACxC,EAAE,IAAI,EAAE,OAAO,EAAU,SAAS,EAAE,CAAC,EAAE;IACvC,EAAE,IAAI,EAAE,SAAS,EAAQ,SAAS,EAAE,EAAE,EAAE;CACzC,CAAC;AAEF,6CAA6C;AAC7C,MAAM,sBAAsB,GAAG;IAC7B,EAAE,OAAO,EAAE,WAAW,EAAQ,KAAK,EAAE,EAAE,EAAE;IACzC,EAAE,OAAO,EAAE,aAAa,EAAM,KAAK,EAAE,EAAE,EAAE;IACzC,EAAE,OAAO,EAAE,eAAe,EAAI,KAAK,EAAE,EAAE,EAAE;IACzC,EAAE,OAAO,EAAE,eAAe,EAAI,KAAK,EAAE,EAAE,EAAE;IACzC,EAAE,OAAO,EAAE,aAAa,EAAM,KAAK,EAAE,EAAE,EAAE;IACzC,EAAE,OAAO,EAAE,yBAAyB,EAAE,KAAK,EAAE,EAAE,EAAE;IACjD,EAAE,OAAO,EAAE,eAAe,EAAI,KAAK,EAAE,EAAE,EAAE;IACzC,EAAE,OAAO,EAAE,aAAa,EAAM,KAAK,EAAE,EAAE,EAAE;IACzC,EAAE,OAAO,EAAE,YAAY,EAAO,KAAK,EAAE,EAAE,EAAE;IACzC,EAAE,OAAO,EAAE,0BAA0B,EAAE,KAAK,EAAE,EAAE,EAAE;CACnD,CAAC;AAEF,mEAAmE;AAEnE,2CAAwC;AA4BxC,MAAM,kBAAkB,GAAmB;IACzC,IAAI,EAAE,EAAE;IACR,IAAI,EAAE,EAAE;IACR,WAAW,EAAE,CAAC;IACd,QAAQ,EAAE,CAAC,GAAG,EAAE,GAAG,IAAI;CACxB,CAAC;AAEF;;GAEG;AACH,MAAM,eAAe;IACnB,8CAA8C;IACtC,OAAO,GAA0B,IAAI,GAAG,EAAE,CAAC;IAC3C,QAAQ,CAAS;IAEzB,YAAY,QAAgB;QAC1B,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;IAC3B,CAAC;IAED,MAAM,CAAC,SAAiB;QACtB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC;QAClD,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAClB,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;IACvC,CAAC;IAED,4DAA4D;IAC5D,KAAK,CAAC,SAAiB;QACrB,MAAM,MAAM,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,QAAQ,CAAC;QAC1C,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC;QAClD,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,MAAM,CAAC,CAAC;QACjD,oBAAoB;QACpB,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;QACpC,OAAO,MAAM,CAAC,MAAM,CAAC;IACvB,CAAC;CACF;AAED,MAAa,UAAU;IACb,UAAU,CAAiB;IAC3B,OAAO,CAAkB;IACzB,cAAc,CAAgB;IAEtC,YAAY,IAA+E;QACzF,IAAI,CAAC,UAAU,GAAG,EAAE,GAAG,kBAAkB,EAAE,GAAG,IAAI,EAAE,UAAU,EAAE,CAAC;QACjE,IAAI,CAAC,OAAO,GAAG,IAAI,eAAe,CAAC,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;QAC7D,IAAI,CAAC,cAAc,GAAG,IAAI,EAAE,cAAc,IAAI,EAAE,CAAC;IACnD,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,QAAgB,EAAE,QAAuB,EAAE,YAAoB,WAAW;QAC9E,MAAM,OAAO,GAAa,EAAE,CAAC;QAC7B,IAAI,SAAS,GAAG,EAAE,CAAC,CAAC,4BAA4B;QAEhD,6CAA6C;QAC7C,MAAM,WAAW,GAAG,CAAC,GAAG,IAAI,CAAC,cAAc,EAAE,GAAG,kBAAkB,CAAC,CAAC;QACpE,KAAK,MAAM,OAAO,IAAI,WAAW,EAAE,CAAC;YAClC,IAAI,IAAA,qBAAS,EAAC,OAAO,CAAC,IAAI,EAAE,QAAQ,CAAC,EAAE,CAAC;gBACtC,SAAS,GAAG,OAAO,CAAC,SAAS,CAAC;gBAC9B,OAAO,CAAC,IAAI,CAAC,SAAS,QAAQ,sBAAsB,OAAO,CAAC,IAAI,WAAW,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC;gBACjG,MAAM;YACR,CAAC;QACH,CAAC;QAED,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACzB,OAAO,CAAC,IAAI,CAAC,SAAS,QAAQ,gDAAgD,CAAC,CAAC;QAClF,CAAC;QAED,oBAAoB;QACpB,IAAI,QAAQ,GAAG,CAAC,CAAC;QACjB,IAAI,QAAQ,EAAE,CAAC;YACb,KAAK,MAAM,EAAE,IAAI,sBAAsB,EAAE,CAAC;gBACxC,IAAI,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;oBAC9B,QAAQ,IAAI,EAAE,CAAC,KAAK,CAAC;oBACrB,OAAO,CAAC,IAAI,CAAC,sBAAsB,EAAE,CAAC,OAAO,CAAC,MAAM,OAAO,EAAE,CAAC,KAAK,GAAG,CAAC,CAAC;gBAC1E,CAAC;YACH,CAAC;QACH,CAAC;QAED,sBAAsB;QACtB,IAAI,aAAa,GAAG,CAAC,CAAC;QACtB,MAAM,WAAW,GAAG,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;QAClD,IAAI,WAAW,GAAG,CAAC,EAAE,CAAC;YACpB,0DAA0D;YAC1D,aAAa,GAAG,WAAW,GAAG,CAAC,CAAC;YAChC,OAAO,CAAC,IAAI,CAAC,GAAG,WAAW,oCAAoC,aAAa,GAAG,CAAC,CAAC;QACnF,CAAC;QAED,MAAM,GAAG,GAAG,SAAS,GAAG,QAAQ,GAAG,aAAa,CAAC;QACjD,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;QAE9C,MAAM,KAAK,GAAG,KAAK,IAAI,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,UAAU;YACtD,CAAC,CAAC,KAAK,IAAI,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM;gBACxC,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,CAAC,QAAQ;oBACxB,CAAC,CAAC,KAAK,CAAC;QAEV,wCAAwC;QACxC,IAAI,KAAK,IAAI,IAAI,CAAC,UAAU,CAAC,IAAI,EAAE,CAAC;YAClC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QACjC,CAAC;QAED,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,QAAQ,EAAE,aAAa,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC;IACvE,CAAC;IAED;;OAEG;IACH,YAAY,CAAC,SAAiB;QAC5B,OAAO,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,SAAS,CAAC,IAAI,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC;IACtE,CAAC;IAED;;OAEG;IACH,QAAQ,CAAC,IAAe;QACtB,IAAI,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,UAAU,CAAC,IAAI;YAAE,OAAO,MAAM,CAAC;QACtD,IAAI,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,UAAU,CAAC,IAAI;YAAE,OAAO,MAAM,CAAC;QACtD,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,aAAa;QACX,OAAO,EAAE,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC;IAChC,CAAC;CACF;AA1FD,gCA0FC"}

package/dist/types.d.ts

@@ -0,0 +1,89 @@
+export interface JsonRpcRequest {
+    jsonrpc: "2.0";
+    id?: string | number | null;
+    method: string;
+    params?: Record<string, unknown>;
+}
+export interface JsonRpcResponse {
+    jsonrpc: "2.0";
+    id: string | number | null;
+    result?: unknown;
+    error?: JsonRpcError;
+}
+export interface JsonRpcError {
+    code: number;
+    message: string;
+    data?: unknown;
+}
+export type JsonRpcMessage = JsonRpcRequest | JsonRpcResponse;
+export interface McpToolCallParams {
+    name: string;
+    arguments?: Record<string, unknown>;
+}
+export type Action = "allow" | "deny";
+export type Verdict = "allow" | "deny" | "passthrough";
+export interface ToolRule {
+    tool: string;
+    action: Action;
+}
+export interface ServerPolicy {
+    server: string;
+    default_action: Action;
+    tools: ToolRule[];
+}
+export interface PolicyConfig {
+    version: number;
+    data_dir: string;
+    log_level: "debug" | "info" | "warn" | "error";
+    servers: ServerPolicy[];
+}
+export interface AuditEntry {
+    id?: number;
+    timestamp: string;
+    server_name: string;
+    direction: "request" | "response";
+    method: string;
+    message_id: string | null;
+    tool_name: string | null;
+    arguments_json: string | null;
+    response_json: string | null;
+    verdict: Verdict;
+    risk_score: number | null;
+    risk_level: string | null;
+    policy_hash: string;
+    prev_hash: string;
+    nonce: string;
+    signature: string;
+    public_key: string;
+}
+export interface ApiKey {
+    id: string;
+    key_hash: string;
+    owner_id: string;
+    label: string;
+    scopes: string;
+    created_at: string;
+    expires_at: string | null;
+    revoked: boolean;
+}
+export interface Session {
+    id: string;
+    subject_id: string;
+    auth_method: string;
+    scopes: string;
+    issued_at: string;
+    expires_at: string;
+    revoked: boolean;
+}
+export interface KeyPair {
+    publicKey: string;
+    privateKey: string;
+}
+export declare function isJsonRpcRequest(msg: unknown): msg is JsonRpcRequest;
+export declare function isJsonRpcResponse(msg: unknown): msg is JsonRpcResponse;
+export declare function isToolCallRequest(msg: JsonRpcRequest): boolean;
+export declare function extractToolInfo(msg: JsonRpcRequest): {
+    name: string;
+    args: Record<string, unknown>;
+} | null;
+//# sourceMappingURL=types.d.ts.map

package/dist/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAEA,MAAM,WAAW,cAAc;IAC7B,OAAO,EAAE,KAAK,CAAC;IACf,EAAE,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAAC;IAC5B,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAClC;AAED,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,KAAK,CAAC;IACf,EAAE,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAAC;IAC3B,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,KAAK,CAAC,EAAE,YAAY,CAAC;CACtB;AAED,MAAM,WAAW,YAAY;IAC3B,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,OAAO,CAAC;CAChB;AAED,MAAM,MAAM,cAAc,GAAG,cAAc,GAAG,eAAe,CAAC;AAI9D,MAAM,WAAW,iBAAiB;IAChC,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACrC;AAID,MAAM,MAAM,MAAM,GAAG,OAAO,GAAG,MAAM,CAAC;AACtC,MAAM,MAAM,OAAO,GAAG,OAAO,GAAG,MAAM,GAAG,aAAa,CAAC;AAEvD,MAAM,WAAW,QAAQ;IACvB,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,YAAY;IAC3B,MAAM,EAAE,MAAM,CAAC;IACf,cAAc,EAAE,MAAM,CAAC;IACvB,KAAK,EAAE,QAAQ,EAAE,CAAC;CACnB;AAED,MAAM,WAAW,YAAY;IAC3B,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,OAAO,GAAG,MAAM,GAAG,MAAM,GAAG,OAAO,CAAC;IAC/C,OAAO,EAAE,YAAY,EAAE,CAAC;CACzB;AAID,MAAM,WAAW,UAAU;IACzB,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,SAAS,GAAG,UAAU,CAAC;IAClC,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,cAAc,EAAE,MAAM,GAAG,IAAI,CAAC;IAC9B,aAAa,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7B,OAAO,EAAE,OAAO,CAAC;IACjB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;CACpB;AAID,MAAM,WAAW,MAAM;IACrB,EAAE,EAAE,MAAM,CAAC;IACX,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,OAAO,EAAE,OAAO,CAAC;CAClB;AAED,MAAM,WAAW,OAAO;IACtB,EAAE,EAAE,MAAM,CAAC;IACX,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,OAAO,CAAC;CAClB;AAID,MAAM,WAAW,OAAO;IACtB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;CACpB;AAID,wBAAgB,gBAAgB,CAAC,GAAG,EAAE,OAAO,GAAG,GAAG,IAAI,cAAc,CAIpE;AAED,wBAAgB,iBAAiB,CAAC,GAAG,EAAE,OAAO,GAAG,GAAG,IAAI,eAAe,CAItE;AAED,wBAAgB,iBAAiB,CAAC,GAAG,EAAE,cAAc,GAAG,OAAO,CAE9D;AAED,wBAAgB,eAAe,CAAC,GAAG,EAAE,cAAc,GAAG;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;CAAE,GAAG,IAAI,CAQ3G"}

package/dist/types.js

@@ -0,0 +1,35 @@
+"use strict";
+// ── JSON-RPC types ──────────────────────────────────────────────
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.isJsonRpcRequest = isJsonRpcRequest;
+exports.isJsonRpcResponse = isJsonRpcResponse;
+exports.isToolCallRequest = isToolCallRequest;
+exports.extractToolInfo = extractToolInfo;
+// ── Helper: check if message is a JSON-RPC request ──────────────
+function isJsonRpcRequest(msg) {
+    if (typeof msg !== "object" || msg === null)
+        return false;
+    const obj = msg;
+    return obj.jsonrpc === "2.0" && typeof obj.method === "string";
+}
+function isJsonRpcResponse(msg) {
+    if (typeof msg !== "object" || msg === null)
+        return false;
+    const obj = msg;
+    return obj.jsonrpc === "2.0" && ("result" in obj || "error" in obj);
+}
+function isToolCallRequest(msg) {
+    return msg.method === "tools/call";
+}
+function extractToolInfo(msg) {
+    if (!isToolCallRequest(msg))
+        return null;
+    const params = msg.params;
+    if (!params?.name)
+        return null;
+    return {
+        name: params.name,
+        args: params.arguments ?? {},
+    };
+}
+//# sourceMappingURL=types.js.map