@riotprompt/riotprompt 0.0.21 → 1.0.0

package/dist/security/serialization-schemas.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"serialization-schemas.js","sources":["../../src/security/serialization-schemas.ts"],"sourcesContent":["/**\n * RiotPrompt - Serialization Schemas\n *\n * Zod schemas for validating deserialized data to prevent\n * object injection attacks and ensure data integrity.\n */\n\nimport { z } from 'zod';\n\n/**\n * Schema version for forward compatibility\n */\nexport const SCHEMA_VERSION = '1.0.0';\n\n/**\n * Maximum sizes for serialized data\n */\nexport const SERIALIZATION_LIMITS = {\n    maxContentLength: 1_000_000,    // 1MB per message\n    maxArgumentsLength: 100_000,    // 100KB for tool arguments\n    maxMessages: 10_000,            // 10k messages per conversation\n    maxContextItems: 1_000,         // 1k context items\n    maxStringLength: 100,           // 100 chars for names/ids\n    maxToolCalls: 100,              // 100 tool calls per message\n};\n\n/**\n * Tool call schema\n */\nexport const ToolCallSchema = z.object({\n    id: z.string().max(SERIALIZATION_LIMITS.maxStringLength),\n    type: z.literal('function'),\n    function: z.object({\n        name: z.string().max(SERIALIZATION_LIMITS.maxStringLength),\n        arguments: z.string().max(SERIALIZATION_LIMITS.maxArgumentsLength),\n    }),\n});\n\nexport type ToolCall = z.infer<typeof ToolCallSchema>;\n\n/**\n * Conversation message schema\n */\nexport const ConversationMessageSchema = z.object({\n    role: z.enum(['system', 'user', 'assistant', 'tool']),\n    content: z.string().nullable().refine(\n        val => val === null || val.length <= SERIALIZATION_LIMITS.maxContentLength,\n        { message: `Content exceeds maximum length of ${SERIALIZATION_LIMITS.maxContentLength}` }\n    ),\n    name: z.string().max(SERIALIZATION_LIMITS.maxStringLength).optional(),\n    tool_calls: z.array(ToolCallSchema).max(SERIALIZATION_LIMITS.maxToolCalls).optional(),\n    tool_call_id: z.string().max(SERIALIZATION_LIMITS.maxStringLength).optional(),\n});\n\nexport type ConversationMessage = z.infer<typeof ConversationMessageSchema>;\n\n/**\n * Conversation metadata schema\n */\nexport const ConversationMetadataSchema = z.object({\n    model: z.string().max(SERIALIZATION_LIMITS.maxStringLength),\n    created: z.string().datetime(),\n    lastModified: z.string().datetime(),\n    messageCount: z.number().int().nonnegative(),\n    toolCallCount: z.number().int().nonnegative(),\n});\n\nexport type ConversationMetadata = z.infer<typeof ConversationMetadataSchema>;\n\n/**\n * Serialized conversation schema\n */\nexport const SerializedConversationSchema = z.object({\n    // Optional version for forward compatibility\n    version: z.string().optional(),\n    messages: z.array(ConversationMessageSchema).max(SERIALIZATION_LIMITS.maxMessages),\n    metadata: ConversationMetadataSchema,\n    contextProvided: z.array(z.string().max(1000)).max(SERIALIZATION_LIMITS.maxContextItems).optional(),\n});\n\nexport type SerializedConversation = z.infer<typeof SerializedConversationSchema>;\n\n/**\n * Prompt serialization schema (flexible for various prompt structures)\n */\nexport const SerializedPromptSchema = z.object({\n    version: z.string().optional(),\n    persona: z.any().optional(),\n    instructions: z.any().optional(),\n    contexts: z.any().optional(),\n    content: z.any().optional(),\n});\n\nexport type SerializedPrompt = z.infer<typeof SerializedPromptSchema>;\n\n/**\n * Logged conversation schema (for conversation-logger)\n */\nexport const LoggedConversationSchema = z.object({\n    id: z.string().max(200),\n    metadata: z.object({\n        startTime: z.union([z.string().datetime(), z.date()]),\n        endTime: z.union([z.string().datetime(), z.date()]).optional(),\n        duration: z.number().nonnegative().optional(),\n        model: z.string().max(SERIALIZATION_LIMITS.maxStringLength),\n        template: z.string().max(SERIALIZATION_LIMITS.maxStringLength).optional(),\n        userContext: z.record(z.string(), z.any()).optional(),\n    }),\n    prompt: z.object({\n        persona: z.string().optional(),\n        instructions: z.string().optional(),\n        content: z.array(z.string()).optional(),\n        context: z.array(z.string()).optional(),\n    }).optional(),\n    messages: z.array(z.object({\n        index: z.number().int().nonnegative(),\n        timestamp: z.string(),\n        role: z.string(),\n        content: z.string().nullable(),\n        tool_calls: z.array(ToolCallSchema).optional(),\n        tool_call_id: z.string().optional(),\n        metadata: z.record(z.string(), z.any()).optional(),\n    })).max(SERIALIZATION_LIMITS.maxMessages),\n    summary: z.object({\n        totalMessages: z.number().int().nonnegative(),\n        totalTokens: z.number().int().nonnegative().optional(),\n        toolCallsExecuted: z.number().int().nonnegative(),\n        iterations: z.number().int().nonnegative(),\n        finalOutput: z.string().optional(),\n        success: z.boolean(),\n    }),\n});\n\nexport type LoggedConversation = z.infer<typeof LoggedConversationSchema>;\n\n/**\n * Validate serialized conversation data\n *\n * @param data - The data to validate\n * @returns Validation result\n */\nexport function validateConversation(data: unknown): {\n    success: boolean;\n    data?: SerializedConversation;\n    error?: string;\n} {\n    const result = SerializedConversationSchema.safeParse(data);\n\n    if (result.success) {\n        return { success: true, data: result.data };\n    }\n\n    // Create safe error message (don't leak full schema details)\n    const issues = result.error.issues\n        .slice(0, 3) // Limit to first 3 issues\n        .map(i => `${i.path.join('.')}: ${i.message}`)\n        .join('; ');\n\n    return { success: false, error: issues };\n}\n\n/**\n * Validate logged conversation data\n *\n * @param data - The data to validate\n * @returns Validation result\n */\nexport function validateLoggedConversation(data: unknown): {\n    success: boolean;\n    data?: LoggedConversation;\n    error?: string;\n} {\n    const result = LoggedConversationSchema.safeParse(data);\n\n    if (result.success) {\n        return { success: true, data: result.data };\n    }\n\n    const issues = result.error.issues\n        .slice(0, 3)\n        .map(i => `${i.path.join('.')}: ${i.message}`)\n        .join('; ');\n\n    return { success: false, error: issues };\n}\n\n/**\n * Safe JSON parse with schema validation\n *\n * @param json - JSON string to parse\n * @param schema - Zod schema to validate against\n * @returns Parsed and validated data\n * @throws Error if parsing or validation fails\n */\nexport function safeJsonParse<T>(\n    json: string,\n    schema: z.ZodSchema<T>\n): T {\n    let parsed: unknown;\n\n    try {\n        parsed = JSON.parse(json);\n    } catch {\n        throw new Error('Invalid JSON format');\n    }\n\n    const result = schema.safeParse(parsed);\n\n    if (!result.success) {\n        const issues = result.error.issues\n            .slice(0, 3)\n            .map(i => `${i.path.join('.')}: ${i.message}`)\n            .join('; ');\n        throw new Error(`Validation failed: ${issues}`);\n    }\n\n    return result.data;\n}\n\n"],"names":["SCHEMA_VERSION","SERIALIZATION_LIMITS","maxContentLength","maxArgumentsLength","maxMessages","maxContextItems","maxStringLength","maxToolCalls","ToolCallSchema","z","object","id","string","max","type","literal","function","name","arguments","ConversationMessageSchema","role","enum","content","nullable","refine","val","length","message","optional","tool_calls","array","tool_call_id","ConversationMetadataSchema","model","created","datetime","lastModified","messageCount","number","int","nonnegative","toolCallCount","SerializedConversationSchema","version","messages","metadata","contextProvided","SerializedPromptSchema","persona","any","instructions","contexts","LoggedConversationSchema","startTime","union","date","endTime","duration","template","userContext","record","prompt","context","index","timestamp","summary","totalMessages","totalTokens","toolCallsExecuted","iterations","finalOutput","success","boolean","validateConversation","data","result","safeParse","issues","error","slice","map","i","path","join","validateLoggedConversation","safeJsonParse","json","schema","parsed","JSON","parse","Error"],"mappings":";;AASA;;IAGO,MAAMA,cAAAA,GAAiB;AAE9B;;UAGaC,oBAAAA,GAAuB;IAChCC,gBAAAA,EAAkB,OAAA;IAClBC,kBAAAA,EAAoB,MAAA;IACpBC,WAAAA,EAAa,KAAA;IACbC,eAAAA,EAAiB,IAAA;IACjBC,eAAAA,EAAiB,GAAA;IACjBC,YAAAA,EAAc;AAClB;AAEA;;AAEC,IACM,MAAMC,cAAAA,GAAiBC,CAAAA,CAAEC,MAAM,CAAC;AACnCC,IAAAA,EAAAA,EAAIF,EAAEG,MAAM,EAAA,CAAGC,GAAG,CAACZ,qBAAqBK,eAAe,CAAA;IACvDQ,IAAAA,EAAML,CAAAA,CAAEM,OAAO,CAAC,UAAA,CAAA;IAChBC,QAAAA,EAAUP,CAAAA,CAAEC,MAAM,CAAC;AACfO,QAAAA,IAAAA,EAAMR,EAAEG,MAAM,EAAA,CAAGC,GAAG,CAACZ,qBAAqBK,eAAe,CAAA;AACzDY,QAAAA,SAAAA,EAAWT,EAAEG,MAAM,EAAA,CAAGC,GAAG,CAACZ,qBAAqBE,kBAAkB;AACrE,KAAA;AACJ,CAAA;AAIA;;AAEC,IACM,MAAMgB,yBAAAA,GAA4BV,CAAAA,CAAEC,MAAM,CAAC;IAC9CU,IAAAA,EAAMX,CAAAA,CAAEY,IAAI,CAAC;AAAC,QAAA,QAAA;AAAU,QAAA,MAAA;AAAQ,QAAA,WAAA;AAAa,QAAA;AAAO,KAAA,CAAA;AACpDC,IAAAA,OAAAA,EAASb,EAAEG,MAAM,EAAA,CAAGW,QAAQ,EAAA,CAAGC,MAAM,CACjCC,CAAAA,GAAAA,GAAOA,GAAAA,KAAQ,QAAQA,GAAAA,CAAIC,MAAM,IAAIzB,oBAAAA,CAAqBC,gBAAgB,EAC1E;AAAEyB,QAAAA,OAAAA,EAAS,CAAC,kCAAkC,EAAE1B,oBAAAA,CAAqBC,gBAAgB,CAAA;AAAG,KAAA,CAAA;IAE5Fe,IAAAA,EAAMR,CAAAA,CAAEG,MAAM,EAAA,CAAGC,GAAG,CAACZ,oBAAAA,CAAqBK,eAAe,EAAEsB,QAAQ,EAAA;IACnEC,UAAAA,EAAYpB,CAAAA,CAAEqB,KAAK,CAACtB,cAAAA,CAAAA,CAAgBK,GAAG,CAACZ,oBAAAA,CAAqBM,YAAY,CAAA,CAAEqB,QAAQ,EAAA;IACnFG,YAAAA,EAActB,CAAAA,CAAEG,MAAM,EAAA,CAAGC,GAAG,CAACZ,oBAAAA,CAAqBK,eAAe,EAAEsB,QAAQ;AAC/E,CAAA;AAIA;;AAEC,IACM,MAAMI,0BAAAA,GAA6BvB,CAAAA,CAAEC,MAAM,CAAC;AAC/CuB,IAAAA,KAAAA,EAAOxB,EAAEG,MAAM,EAAA,CAAGC,GAAG,CAACZ,qBAAqBK,eAAe,CAAA;IAC1D4B,OAAAA,EAASzB,CAAAA,CAAEG,MAAM,EAAA,CAAGuB,QAAQ,EAAA;IAC5BC,YAAAA,EAAc3B,CAAAA,CAAEG,MAAM,EAAA,CAAGuB,QAAQ,EAAA;AACjCE,IAAAA,YAAAA,EAAc5B,CAAAA,CAAE6B,MAAM,EAAA,CAAGC,GAAG,GAAGC,WAAW,EAAA;AAC1CC,IAAAA,aAAAA,EAAehC,CAAAA,CAAE6B,MAAM,EAAA,CAAGC,GAAG,GAAGC,WAAW;AAC/C,CAAA;AAIA;;AAEC,IACM,MAAME,4BAAAA,GAA+BjC,CAAAA,CAAEC,MAAM,CAAC;;IAEjDiC,OAAAA,EAASlC,CAAAA,CAAEG,MAAM,EAAA,CAAGgB,QAAQ,EAAA;AAC5BgB,IAAAA,QAAAA,EAAUnC,EAAEqB,KAAK,CAACX,2BAA2BN,GAAG,CAACZ,qBAAqBG,WAAW,CAAA;IACjFyC,QAAAA,EAAUb,0BAAAA;AACVc,IAAAA,eAAAA,EAAiBrC,CAAAA,CAAEqB,KAAK,CAACrB,CAAAA,CAAEG,MAAM,EAAA,CAAGC,GAAG,CAAC,IAAA,CAAA,CAAA,CAAOA,GAAG,CAACZ,oBAAAA,CAAqBI,eAAe,EAAEuB,QAAQ;AACrG,CAAA;AAIA;;AAEC,IACM,MAAMmB,sBAAAA,GAAyBtC,CAAAA,CAAEC,MAAM,CAAC;IAC3CiC,OAAAA,EAASlC,CAAAA,CAAEG,MAAM,EAAA,CAAGgB,QAAQ,EAAA;IAC5BoB,OAAAA,EAASvC,CAAAA,CAAEwC,GAAG,EAAA,CAAGrB,QAAQ,EAAA;IACzBsB,YAAAA,EAAczC,CAAAA,CAAEwC,GAAG,EAAA,CAAGrB,QAAQ,EAAA;IAC9BuB,QAAAA,EAAU1C,CAAAA,CAAEwC,GAAG,EAAA,CAAGrB,QAAQ,EAAA;IAC1BN,OAAAA,EAASb,CAAAA,CAAEwC,GAAG,EAAA,CAAGrB,QAAQ;AAC7B,CAAA;AAIA;;AAEC,IACM,MAAMwB,wBAAAA,GAA2B3C,CAAAA,CAAEC,MAAM,CAAC;AAC7CC,IAAAA,EAAAA,EAAIF,CAAAA,CAAEG,MAAM,EAAA,CAAGC,GAAG,CAAC,GAAA,CAAA;IACnBgC,QAAAA,EAAUpC,CAAAA,CAAEC,MAAM,CAAC;QACf2C,SAAAA,EAAW5C,CAAAA,CAAE6C,KAAK,CAAC;YAAC7C,CAAAA,CAAEG,MAAM,GAAGuB,QAAQ,EAAA;AAAI1B,YAAAA,CAAAA,CAAE8C,IAAI;AAAG,SAAA,CAAA;QACpDC,OAAAA,EAAS/C,CAAAA,CAAE6C,KAAK,CAAC;YAAC7C,CAAAA,CAAEG,MAAM,GAAGuB,QAAQ,EAAA;AAAI1B,YAAAA,CAAAA,CAAE8C,IAAI;AAAG,SAAA,CAAA,CAAE3B,QAAQ,EAAA;AAC5D6B,QAAAA,QAAAA,EAAUhD,CAAAA,CAAE6B,MAAM,EAAA,CAAGE,WAAW,GAAGZ,QAAQ,EAAA;AAC3CK,QAAAA,KAAAA,EAAOxB,EAAEG,MAAM,EAAA,CAAGC,GAAG,CAACZ,qBAAqBK,eAAe,CAAA;QAC1DoD,QAAAA,EAAUjD,CAAAA,CAAEG,MAAM,EAAA,CAAGC,GAAG,CAACZ,oBAAAA,CAAqBK,eAAe,EAAEsB,QAAQ,EAAA;QACvE+B,WAAAA,EAAalD,CAAAA,CAAEmD,MAAM,CAACnD,CAAAA,CAAEG,MAAM,EAAA,EAAIH,CAAAA,CAAEwC,GAAG,EAAA,CAAA,CAAIrB,QAAQ;AACvD,KAAA,CAAA;IACAiC,MAAAA,EAAQpD,CAAAA,CAAEC,MAAM,CAAC;QACbsC,OAAAA,EAASvC,CAAAA,CAAEG,MAAM,EAAA,CAAGgB,QAAQ,EAAA;QAC5BsB,YAAAA,EAAczC,CAAAA,CAAEG,MAAM,EAAA,CAAGgB,QAAQ,EAAA;AACjCN,QAAAA,OAAAA,EAASb,EAAEqB,KAAK,CAACrB,CAAAA,CAAEG,MAAM,IAAIgB,QAAQ,EAAA;AACrCkC,QAAAA,OAAAA,EAASrD,EAAEqB,KAAK,CAACrB,CAAAA,CAAEG,MAAM,IAAIgB,QAAQ;AACzC,KAAA,CAAA,CAAGA,QAAQ,EAAA;AACXgB,IAAAA,QAAAA,EAAUnC,CAAAA,CAAEqB,KAAK,CAACrB,CAAAA,CAAEC,MAAM,CAAC;AACvBqD,QAAAA,KAAAA,EAAOtD,CAAAA,CAAE6B,MAAM,EAAA,CAAGC,GAAG,GAAGC,WAAW,EAAA;AACnCwB,QAAAA,SAAAA,EAAWvD,EAAEG,MAAM,EAAA;AACnBQ,QAAAA,IAAAA,EAAMX,EAAEG,MAAM,EAAA;QACdU,OAAAA,EAASb,CAAAA,CAAEG,MAAM,EAAA,CAAGW,QAAQ,EAAA;AAC5BM,QAAAA,UAAAA,EAAYpB,CAAAA,CAAEqB,KAAK,CAACtB,cAAAA,CAAAA,CAAgBoB,QAAQ,EAAA;QAC5CG,YAAAA,EAActB,CAAAA,CAAEG,MAAM,EAAA,CAAGgB,QAAQ,EAAA;QACjCiB,QAAAA,EAAUpC,CAAAA,CAAEmD,MAAM,CAACnD,CAAAA,CAAEG,MAAM,EAAA,EAAIH,CAAAA,CAAEwC,GAAG,EAAA,CAAA,CAAIrB,QAAQ;KACpD,CAAA,CAAA,CAAIf,GAAG,CAACZ,oBAAAA,CAAqBG,WAAW,CAAA;IACxC6D,OAAAA,EAASxD,CAAAA,CAAEC,MAAM,CAAC;AACdwD,QAAAA,aAAAA,EAAezD,CAAAA,CAAE6B,MAAM,EAAA,CAAGC,GAAG,GAAGC,WAAW,EAAA;AAC3C2B,QAAAA,WAAAA,EAAa1D,EAAE6B,MAAM,EAAA,CAAGC,GAAG,EAAA,CAAGC,WAAW,GAAGZ,QAAQ,EAAA;AACpDwC,QAAAA,iBAAAA,EAAmB3D,CAAAA,CAAE6B,MAAM,EAAA,CAAGC,GAAG,GAAGC,WAAW,EAAA;AAC/C6B,QAAAA,UAAAA,EAAY5D,CAAAA,CAAE6B,MAAM,EAAA,CAAGC,GAAG,GAAGC,WAAW,EAAA;QACxC8B,WAAAA,EAAa7D,CAAAA,CAAEG,MAAM,EAAA,CAAGgB,QAAQ,EAAA;AAChC2C,QAAAA,OAAAA,EAAS9D,EAAE+D,OAAO;AACtB,KAAA;AACJ,CAAA;AAIA;;;;;IAMO,SAASC,oBAAAA,CAAqBC,IAAa,EAAA;IAK9C,MAAMC,MAAAA,GAASjC,4BAAAA,CAA6BkC,SAAS,CAACF,IAAAA,CAAAA;IAEtD,IAAIC,MAAAA,CAAOJ,OAAO,EAAE;QAChB,OAAO;YAAEA,OAAAA,EAAS,IAAA;AAAMG,YAAAA,IAAAA,EAAMC,OAAOD;AAAK,SAAA;AAC9C,IAAA;;IAGA,MAAMG,MAAAA,GAASF,MAAAA,CAAOG,KAAK,CAACD,MAAM,CAC7BE,KAAK,CAAC,CAAA,EAAG,CAAA,CAAA;AACTC,KAAAA,GAAG,CAACC,CAAAA,CAAAA,GAAK,CAAA,EAAGA,CAAAA,CAAEC,IAAI,CAACC,IAAI,CAAC,GAAA,CAAA,CAAK,EAAE,EAAEF,CAAAA,CAAEtD,OAAO,CAAA,CAAE,CAAA,CAC5CwD,IAAI,CAAC,IAAA,CAAA;IAEV,OAAO;QAAEZ,OAAAA,EAAS,KAAA;QAAOO,KAAAA,EAAOD;AAAO,KAAA;AAC3C;AAEA;;;;;IAMO,SAASO,0BAAAA,CAA2BV,IAAa,EAAA;IAKpD,MAAMC,MAAAA,GAASvB,wBAAAA,CAAyBwB,SAAS,CAACF,IAAAA,CAAAA;IAElD,IAAIC,MAAAA,CAAOJ,OAAO,EAAE;QAChB,OAAO;YAAEA,OAAAA,EAAS,IAAA;AAAMG,YAAAA,IAAAA,EAAMC,OAAOD;AAAK,SAAA;AAC9C,IAAA;AAEA,IAAA,MAAMG,MAAAA,GAASF,MAAAA,CAAOG,KAAK,CAACD,MAAM,CAC7BE,KAAK,CAAC,CAAA,EAAG,CAAA,CAAA,CACTC,GAAG,CAACC,CAAAA,CAAAA,GAAK,CAAA,EAAGA,CAAAA,CAAEC,IAAI,CAACC,IAAI,CAAC,GAAA,CAAA,CAAK,EAAE,EAAEF,CAAAA,CAAEtD,OAAO,CAAA,CAAE,CAAA,CAC5CwD,IAAI,CAAC,IAAA,CAAA;IAEV,OAAO;QAAEZ,OAAAA,EAAS,KAAA;QAAOO,KAAAA,EAAOD;AAAO,KAAA;AAC3C;AAEA;;;;;;;AAOC,IACM,SAASQ,aAAAA,CACZC,IAAY,EACZC,MAAsB,EAAA;IAEtB,IAAIC,MAAAA;IAEJ,IAAI;QACAA,MAAAA,GAASC,IAAAA,CAAKC,KAAK,CAACJ,IAAAA,CAAAA;AACxB,IAAA,CAAA,CAAE,OAAM;AACJ,QAAA,MAAM,IAAIK,KAAAA,CAAM,qBAAA,CAAA;AACpB,IAAA;IAEA,MAAMhB,MAAAA,GAASY,MAAAA,CAAOX,SAAS,CAACY,MAAAA,CAAAA;IAEhC,IAAI,CAACb,MAAAA,CAAOJ,OAAO,EAAE;AACjB,QAAA,MAAMM,MAAAA,GAASF,MAAAA,CAAOG,KAAK,CAACD,MAAM,CAC7BE,KAAK,CAAC,CAAA,EAAG,CAAA,CAAA,CACTC,GAAG,CAACC,CAAAA,CAAAA,GAAK,CAAA,EAAGA,CAAAA,CAAEC,IAAI,CAACC,IAAI,CAAC,GAAA,CAAA,CAAK,EAAE,EAAEF,CAAAA,CAAEtD,OAAO,CAAA,CAAE,CAAA,CAC5CwD,IAAI,CAAC,IAAA,CAAA;AACV,QAAA,MAAM,IAAIQ,KAAAA,CAAM,CAAC,mBAAmB,EAAEd,MAAAA,CAAAA,CAAQ,CAAA;AAClD,IAAA;AAEA,IAAA,OAAOF,OAAOD,IAAI;AACtB;;;;"}

package/dist/security/timeout-guard.d.ts

@@ -0,0 +1,123 @@
+import { TimeoutConfig } from './types';
+import { SecurityAuditLogger } from './audit-logger';
+/**
+ * Custom timeout error for identification
+ */
+export declare class TimeoutError extends Error {
+    readonly isTimeout = true;
+    readonly operation: string;
+    readonly timeoutMs: number;
+    constructor(message: string, operation?: string, timeoutMs?: number);
+}
+/**
+ * TimeoutGuard provides timeout protection for async operations.
+ *
+ * Features:
+ * - Configurable timeouts per operation type
+ * - AbortController integration
+ * - Audit logging of timeouts
+ * - Custom TimeoutError for identification
+ *
+ * @example
+ * ```typescript
+ * const guard = new TimeoutGuard({ llmTimeout: 60000 });
+ *
+ * // Wrap an LLM call
+ * const response = await guard.withLLMTimeout(
+ *   client.chat.completions.create({ ... }),
+ *   'openai-chat'
+ * );
+ *
+ * // Wrap any promise
+ * const result = await guard.withTimeout(
+ *   fetchData(),
+ *   5000,
+ *   'fetch-data'
+ * );
+ * ```
+ */
+export declare class TimeoutGuard {
+    private config;
+    private auditLogger;
+    constructor(config?: Partial<TimeoutConfig>, auditLogger?: SecurityAuditLogger);
+    /**
+     * Wrap a promise with timeout
+     *
+     * @param promise - The promise to wrap
+     * @param timeoutMs - Timeout in milliseconds
+     * @param operation - Operation name for logging
+     * @returns The result of the promise
+     * @throws TimeoutError if the operation times out
+     */
+    withTimeout<T>(promise: Promise<T>, timeoutMs: number, operation: string): Promise<T>;
+    /**
+     * Wrap an LLM call with appropriate timeout
+     *
+     * @param promise - The LLM call promise
+     * @param operation - Operation name for logging
+     * @returns The result of the LLM call
+     */
+    withLLMTimeout<T>(promise: Promise<T>, operation?: string): Promise<T>;
+    /**
+     * Wrap a tool execution with appropriate timeout
+     *
+     * @param promise - The tool execution promise
+     * @param toolName - Name of the tool
+     * @returns The result of the tool execution
+     */
+    withToolTimeout<T>(promise: Promise<T>, toolName: string): Promise<T>;
+    /**
+     * Wrap a file operation with appropriate timeout
+     *
+     * @param promise - The file operation promise
+     * @param operation - Operation name for logging
+     * @returns The result of the file operation
+     */
+    withFileTimeout<T>(promise: Promise<T>, operation?: string): Promise<T>;
+    /**
+     * Create an AbortController with timeout
+     *
+     * @param timeoutMs - Timeout in milliseconds
+     * @param operation - Operation name for logging
+     * @returns AbortController that will abort after timeout
+     */
+    createAbortController(timeoutMs: number, operation: string): {
+        controller: AbortController;
+        cleanup: () => void;
+    };
+    /**
+     * Get timeout for a specific operation type
+     *
+     * @param type - The operation type
+     * @returns Timeout in milliseconds
+     */
+    getTimeout(type: 'default' | 'llm' | 'tool' | 'file'): number;
+    /**
+     * Check if timeout protection is enabled
+     */
+    isEnabled(): boolean;
+    /**
+     * Enable or disable timeout protection
+     */
+    setEnabled(enabled: boolean): void;
+    /**
+     * Get the current configuration
+     */
+    getConfig(): TimeoutConfig;
+}
+/**
+ * Check if an error is a TimeoutError
+ */
+export declare function isTimeoutError(error: unknown): error is TimeoutError;
+/**
+ * Get the global TimeoutGuard instance
+ */
+export declare function getTimeoutGuard(): TimeoutGuard;
+/**
+ * Configure the global TimeoutGuard
+ */
+export declare function configureTimeoutGuard(config: Partial<TimeoutConfig>): void;
+/**
+ * Reset the global TimeoutGuard
+ */
+export declare function resetTimeoutGuard(): void;

package/dist/security/timeout-guard.js

@@ -0,0 +1,223 @@
+import { getAuditLogger } from './audit-logger.js';
+
+/**
+ * RiotPrompt - Timeout Guard
+ *
+ * Implements request timeouts for LLM calls and other external operations
+ * to prevent resource exhaustion and improve reliability.
+ */ function _define_property(obj, key, value) {
+    if (key in obj) {
+        Object.defineProperty(obj, key, {
+            value: value,
+            enumerable: true,
+            configurable: true,
+            writable: true
+        });
+    } else {
+        obj[key] = value;
+    }
+    return obj;
+}
+/**
+ * Default timeout configuration
+ */ const DEFAULT_CONFIG = {
+    enabled: true,
+    defaultTimeout: 30000,
+    llmTimeout: 120000,
+    toolTimeout: 30000,
+    fileTimeout: 5000
+};
+/**
+ * Custom timeout error for identification
+ */ class TimeoutError extends Error {
+    constructor(message, operation = 'unknown', timeoutMs = 0){
+        super(message), _define_property(this, "isTimeout", true), _define_property(this, "operation", void 0), _define_property(this, "timeoutMs", void 0);
+        this.name = 'TimeoutError';
+        this.operation = operation;
+        this.timeoutMs = timeoutMs;
+    }
+}
+/**
+ * TimeoutGuard provides timeout protection for async operations.
+ *
+ * Features:
+ * - Configurable timeouts per operation type
+ * - AbortController integration
+ * - Audit logging of timeouts
+ * - Custom TimeoutError for identification
+ *
+ * @example
+ * ```typescript
+ * const guard = new TimeoutGuard({ llmTimeout: 60000 });
+ *
+ * // Wrap an LLM call
+ * const response = await guard.withLLMTimeout(
+ *   client.chat.completions.create({ ... }),
+ *   'openai-chat'
+ * );
+ *
+ * // Wrap any promise
+ * const result = await guard.withTimeout(
+ *   fetchData(),
+ *   5000,
+ *   'fetch-data'
+ * );
+ * ```
+ */ class TimeoutGuard {
+    /**
+     * Wrap a promise with timeout
+     *
+     * @param promise - The promise to wrap
+     * @param timeoutMs - Timeout in milliseconds
+     * @param operation - Operation name for logging
+     * @returns The result of the promise
+     * @throws TimeoutError if the operation times out
+     */ async withTimeout(promise, timeoutMs, operation) {
+        if (!this.config.enabled || timeoutMs <= 0) {
+            return promise;
+        }
+        return new Promise((resolve, reject)=>{
+            let settled = false;
+            const timeoutId = setTimeout(()=>{
+                if (!settled) {
+                    settled = true;
+                    this.auditLogger.requestTimeout(operation, timeoutMs);
+                    reject(new TimeoutError(`Operation "${operation}" timed out after ${timeoutMs}ms`, operation, timeoutMs));
+                }
+            }, timeoutMs);
+            promise.then((result)=>{
+                if (!settled) {
+                    settled = true;
+                    clearTimeout(timeoutId);
+                    resolve(result);
+                }
+            }).catch((error)=>{
+                if (!settled) {
+                    settled = true;
+                    clearTimeout(timeoutId);
+                    reject(error);
+                }
+            });
+        });
+    }
+    /**
+     * Wrap an LLM call with appropriate timeout
+     *
+     * @param promise - The LLM call promise
+     * @param operation - Operation name for logging
+     * @returns The result of the LLM call
+     */ async withLLMTimeout(promise, operation = 'llm-call') {
+        return this.withTimeout(promise, this.config.llmTimeout, operation);
+    }
+    /**
+     * Wrap a tool execution with appropriate timeout
+     *
+     * @param promise - The tool execution promise
+     * @param toolName - Name of the tool
+     * @returns The result of the tool execution
+     */ async withToolTimeout(promise, toolName) {
+        return this.withTimeout(promise, this.config.toolTimeout, `tool:${toolName}`);
+    }
+    /**
+     * Wrap a file operation with appropriate timeout
+     *
+     * @param promise - The file operation promise
+     * @param operation - Operation name for logging
+     * @returns The result of the file operation
+     */ async withFileTimeout(promise, operation = 'file-operation') {
+        return this.withTimeout(promise, this.config.fileTimeout, operation);
+    }
+    /**
+     * Create an AbortController with timeout
+     *
+     * @param timeoutMs - Timeout in milliseconds
+     * @param operation - Operation name for logging
+     * @returns AbortController that will abort after timeout
+     */ createAbortController(timeoutMs, operation) {
+        const controller = new AbortController();
+        const timeoutId = setTimeout(()=>{
+            if (!controller.signal.aborted) {
+                this.auditLogger.requestTimeout(operation, timeoutMs);
+                controller.abort(new TimeoutError(`Operation "${operation}" timed out`, operation, timeoutMs));
+            }
+        }, timeoutMs);
+        const cleanup = ()=>{
+            clearTimeout(timeoutId);
+        };
+        return {
+            controller,
+            cleanup
+        };
+    }
+    /**
+     * Get timeout for a specific operation type
+     *
+     * @param type - The operation type
+     * @returns Timeout in milliseconds
+     */ getTimeout(type) {
+        switch(type){
+            case 'llm':
+                return this.config.llmTimeout;
+            case 'tool':
+                return this.config.toolTimeout;
+            case 'file':
+                return this.config.fileTimeout;
+            default:
+                return this.config.defaultTimeout;
+        }
+    }
+    /**
+     * Check if timeout protection is enabled
+     */ isEnabled() {
+        return this.config.enabled;
+    }
+    /**
+     * Enable or disable timeout protection
+     */ setEnabled(enabled) {
+        this.config.enabled = enabled;
+    }
+    /**
+     * Get the current configuration
+     */ getConfig() {
+        return {
+            ...this.config
+        };
+    }
+    constructor(config = {}, auditLogger){
+        _define_property(this, "config", void 0);
+        _define_property(this, "auditLogger", void 0);
+        this.config = {
+            ...DEFAULT_CONFIG,
+            ...config
+        };
+        this.auditLogger = auditLogger || getAuditLogger();
+    }
+}
+/**
+ * Check if an error is a TimeoutError
+ */ function isTimeoutError(error) {
+    return error instanceof TimeoutError || error !== null && typeof error === 'object' && 'isTimeout' in error && error.isTimeout === true;
+}
+// Global instance
+let globalTimeoutGuard = null;
+/**
+ * Get the global TimeoutGuard instance
+ */ function getTimeoutGuard() {
+    if (!globalTimeoutGuard) {
+        globalTimeoutGuard = new TimeoutGuard();
+    }
+    return globalTimeoutGuard;
+}
+/**
+ * Configure the global TimeoutGuard
+ */ function configureTimeoutGuard(config) {
+    globalTimeoutGuard = new TimeoutGuard(config);
+}
+/**
+ * Reset the global TimeoutGuard
+ */ function resetTimeoutGuard() {
+    globalTimeoutGuard = null;
+}
+
+export { TimeoutError, TimeoutGuard, configureTimeoutGuard, getTimeoutGuard, isTimeoutError, resetTimeoutGuard };
+//# sourceMappingURL=timeout-guard.js.map

package/dist/security/timeout-guard.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"timeout-guard.js","sources":["../../src/security/timeout-guard.ts"],"sourcesContent":["/**\n * RiotPrompt - Timeout Guard\n *\n * Implements request timeouts for LLM calls and other external operations\n * to prevent resource exhaustion and improve reliability.\n */\n\nimport { TimeoutConfig } from './types';\nimport { getAuditLogger, SecurityAuditLogger } from './audit-logger';\n\n/**\n * Default timeout configuration\n */\nconst DEFAULT_CONFIG: TimeoutConfig = {\n    enabled: true,\n    defaultTimeout: 30000,      // 30 seconds\n    llmTimeout: 120000,         // 2 minutes\n    toolTimeout: 30000,         // 30 seconds\n    fileTimeout: 5000,          // 5 seconds\n};\n\n/**\n * Custom timeout error for identification\n */\nexport class TimeoutError extends Error {\n    readonly isTimeout = true;\n    readonly operation: string;\n    readonly timeoutMs: number;\n\n    constructor(message: string, operation: string = 'unknown', timeoutMs: number = 0) {\n        super(message);\n        this.name = 'TimeoutError';\n        this.operation = operation;\n        this.timeoutMs = timeoutMs;\n    }\n}\n\n/**\n * TimeoutGuard provides timeout protection for async operations.\n *\n * Features:\n * - Configurable timeouts per operation type\n * - AbortController integration\n * - Audit logging of timeouts\n * - Custom TimeoutError for identification\n *\n * @example\n * ```typescript\n * const guard = new TimeoutGuard({ llmTimeout: 60000 });\n *\n * // Wrap an LLM call\n * const response = await guard.withLLMTimeout(\n *   client.chat.completions.create({ ... }),\n *   'openai-chat'\n * );\n *\n * // Wrap any promise\n * const result = await guard.withTimeout(\n *   fetchData(),\n *   5000,\n *   'fetch-data'\n * );\n * ```\n */\nexport class TimeoutGuard {\n    private config: TimeoutConfig;\n    private auditLogger: SecurityAuditLogger;\n\n    constructor(config: Partial<TimeoutConfig> = {}, auditLogger?: SecurityAuditLogger) {\n        this.config = { ...DEFAULT_CONFIG, ...config };\n        this.auditLogger = auditLogger || getAuditLogger();\n    }\n\n    /**\n     * Wrap a promise with timeout\n     *\n     * @param promise - The promise to wrap\n     * @param timeoutMs - Timeout in milliseconds\n     * @param operation - Operation name for logging\n     * @returns The result of the promise\n     * @throws TimeoutError if the operation times out\n     */\n    async withTimeout<T>(\n        promise: Promise<T>,\n        timeoutMs: number,\n        operation: string\n    ): Promise<T> {\n        if (!this.config.enabled || timeoutMs <= 0) {\n            return promise;\n        }\n\n        return new Promise<T>((resolve, reject) => {\n            let settled = false;\n\n            const timeoutId = setTimeout(() => {\n                if (!settled) {\n                    settled = true;\n                    this.auditLogger.requestTimeout(operation, timeoutMs);\n                    reject(new TimeoutError(\n                        `Operation \"${operation}\" timed out after ${timeoutMs}ms`,\n                        operation,\n                        timeoutMs\n                    ));\n                }\n            }, timeoutMs);\n\n            promise\n                .then((result) => {\n                    if (!settled) {\n                        settled = true;\n                        clearTimeout(timeoutId);\n                        resolve(result);\n                    }\n                })\n                .catch((error) => {\n                    if (!settled) {\n                        settled = true;\n                        clearTimeout(timeoutId);\n                        reject(error);\n                    }\n                });\n        });\n    }\n\n    /**\n     * Wrap an LLM call with appropriate timeout\n     *\n     * @param promise - The LLM call promise\n     * @param operation - Operation name for logging\n     * @returns The result of the LLM call\n     */\n    async withLLMTimeout<T>(promise: Promise<T>, operation: string = 'llm-call'): Promise<T> {\n        return this.withTimeout(promise, this.config.llmTimeout, operation);\n    }\n\n    /**\n     * Wrap a tool execution with appropriate timeout\n     *\n     * @param promise - The tool execution promise\n     * @param toolName - Name of the tool\n     * @returns The result of the tool execution\n     */\n    async withToolTimeout<T>(promise: Promise<T>, toolName: string): Promise<T> {\n        return this.withTimeout(promise, this.config.toolTimeout, `tool:${toolName}`);\n    }\n\n    /**\n     * Wrap a file operation with appropriate timeout\n     *\n     * @param promise - The file operation promise\n     * @param operation - Operation name for logging\n     * @returns The result of the file operation\n     */\n    async withFileTimeout<T>(promise: Promise<T>, operation: string = 'file-operation'): Promise<T> {\n        return this.withTimeout(promise, this.config.fileTimeout, operation);\n    }\n\n    /**\n     * Create an AbortController with timeout\n     *\n     * @param timeoutMs - Timeout in milliseconds\n     * @param operation - Operation name for logging\n     * @returns AbortController that will abort after timeout\n     */\n    createAbortController(timeoutMs: number, operation: string): { controller: AbortController; cleanup: () => void } {\n        const controller = new AbortController();\n\n        const timeoutId = setTimeout(() => {\n            if (!controller.signal.aborted) {\n                this.auditLogger.requestTimeout(operation, timeoutMs);\n                controller.abort(new TimeoutError(\n                    `Operation \"${operation}\" timed out`,\n                    operation,\n                    timeoutMs\n                ));\n            }\n        }, timeoutMs);\n\n        const cleanup = () => {\n            clearTimeout(timeoutId);\n        };\n\n        return { controller, cleanup };\n    }\n\n    /**\n     * Get timeout for a specific operation type\n     *\n     * @param type - The operation type\n     * @returns Timeout in milliseconds\n     */\n    getTimeout(type: 'default' | 'llm' | 'tool' | 'file'): number {\n        switch (type) {\n            case 'llm': return this.config.llmTimeout;\n            case 'tool': return this.config.toolTimeout;\n            case 'file': return this.config.fileTimeout;\n            default: return this.config.defaultTimeout;\n        }\n    }\n\n    /**\n     * Check if timeout protection is enabled\n     */\n    isEnabled(): boolean {\n        return this.config.enabled;\n    }\n\n    /**\n     * Enable or disable timeout protection\n     */\n    setEnabled(enabled: boolean): void {\n        this.config.enabled = enabled;\n    }\n\n    /**\n     * Get the current configuration\n     */\n    getConfig(): TimeoutConfig {\n        return { ...this.config };\n    }\n}\n\n/**\n * Check if an error is a TimeoutError\n */\nexport function isTimeoutError(error: unknown): error is TimeoutError {\n    return error instanceof TimeoutError || (\n        error !== null &&\n        typeof error === 'object' &&\n        'isTimeout' in error &&\n        (error as { isTimeout: boolean }).isTimeout === true\n    );\n}\n\n// Global instance\nlet globalTimeoutGuard: TimeoutGuard | null = null;\n\n/**\n * Get the global TimeoutGuard instance\n */\nexport function getTimeoutGuard(): TimeoutGuard {\n    if (!globalTimeoutGuard) {\n        globalTimeoutGuard = new TimeoutGuard();\n    }\n    return globalTimeoutGuard;\n}\n\n/**\n * Configure the global TimeoutGuard\n */\nexport function configureTimeoutGuard(config: Partial<TimeoutConfig>): void {\n    globalTimeoutGuard = new TimeoutGuard(config);\n}\n\n/**\n * Reset the global TimeoutGuard\n */\nexport function resetTimeoutGuard(): void {\n    globalTimeoutGuard = null;\n}\n\n"],"names":["DEFAULT_CONFIG","enabled","defaultTimeout","llmTimeout","toolTimeout","fileTimeout","TimeoutError","Error","message","operation","timeoutMs","isTimeout","name","TimeoutGuard","withTimeout","promise","config","Promise","resolve","reject","settled","timeoutId","setTimeout","auditLogger","requestTimeout","then","result","clearTimeout","catch","error","withLLMTimeout","withToolTimeout","toolName","withFileTimeout","createAbortController","controller","AbortController","signal","aborted","abort","cleanup","getTimeout","type","isEnabled","setEnabled","getConfig","getAuditLogger","isTimeoutError","globalTimeoutGuard","getTimeoutGuard","configureTimeoutGuard","resetTimeoutGuard"],"mappings":";;AAAA;;;;;AAKC,IAAA,SAAA,gBAAA,CAAA,GAAA,EAAA,GAAA,EAAA,KAAA,EAAA;;;;;;;;;;;;;AAKD;;AAEC,IACD,MAAMA,cAAAA,GAAgC;IAClCC,OAAAA,EAAS,IAAA;IACTC,cAAAA,EAAgB,KAAA;IAChBC,UAAAA,EAAY,MAAA;IACZC,WAAAA,EAAa,KAAA;IACbC,WAAAA,EAAa;AACjB,CAAA;AAEA;;IAGO,MAAMC,YAAAA,SAAqBC,KAAAA,CAAAA;AAK9B,IAAA,WAAA,CAAYC,OAAe,EAAEC,SAAAA,GAAoB,SAAS,EAAEC,SAAAA,GAAoB,CAAC,CAAE;QAC/E,KAAK,CAACF,OAAAA,CAAAA,EALV,gBAAA,CAAA,IAAA,EAASG,WAAAA,EAAY,IAAA,CAAA,EACrB,gBAAA,CAAA,IAAA,EAASF,WAAAA,EAAT,MAAA,CAAA,EACA,gBAAA,CAAA,IAAA,EAASC,WAAAA,EAAT,MAAA,CAAA;QAII,IAAI,CAACE,IAAI,GAAG,cAAA;QACZ,IAAI,CAACH,SAAS,GAAGA,SAAAA;QACjB,IAAI,CAACC,SAAS,GAAGA,SAAAA;AACrB,IAAA;AACJ;AAEA;;;;;;;;;;;;;;;;;;;;;;;;;;AA0BC,IACM,MAAMG,YAAAA,CAAAA;AAST;;;;;;;;AAQC,QACD,MAAMC,WAAAA,CACFC,OAAmB,EACnBL,SAAiB,EACjBD,SAAiB,EACP;QACV,IAAI,CAAC,IAAI,CAACO,MAAM,CAACf,OAAO,IAAIS,aAAa,CAAA,EAAG;YACxC,OAAOK,OAAAA;AACX,QAAA;QAEA,OAAO,IAAIE,OAAAA,CAAW,CAACC,OAAAA,EAASC,MAAAA,GAAAA;AAC5B,YAAA,IAAIC,OAAAA,GAAU,KAAA;AAEd,YAAA,MAAMC,YAAYC,UAAAA,CAAW,IAAA;AACzB,gBAAA,IAAI,CAACF,OAAAA,EAAS;oBACVA,OAAAA,GAAU,IAAA;AACV,oBAAA,IAAI,CAACG,WAAW,CAACC,cAAc,CAACf,SAAAA,EAAWC,SAAAA,CAAAA;AAC3CS,oBAAAA,MAAAA,CAAO,IAAIb,YAAAA,CACP,CAAC,WAAW,EAAEG,SAAAA,CAAU,kBAAkB,EAAEC,SAAAA,CAAU,EAAE,CAAC,EACzDD,SAAAA,EACAC,SAAAA,CAAAA,CAAAA;AAER,gBAAA;YACJ,CAAA,EAAGA,SAAAA,CAAAA;YAEHK,OAAAA,CACKU,IAAI,CAAC,CAACC,MAAAA,GAAAA;AACH,gBAAA,IAAI,CAACN,OAAAA,EAAS;oBACVA,OAAAA,GAAU,IAAA;oBACVO,YAAAA,CAAaN,SAAAA,CAAAA;oBACbH,OAAAA,CAAQQ,MAAAA,CAAAA;AACZ,gBAAA;YACJ,CAAA,CAAA,CACCE,KAAK,CAAC,CAACC,KAAAA,GAAAA;AACJ,gBAAA,IAAI,CAACT,OAAAA,EAAS;oBACVA,OAAAA,GAAU,IAAA;oBACVO,YAAAA,CAAaN,SAAAA,CAAAA;oBACbF,MAAAA,CAAOU,KAAAA,CAAAA;AACX,gBAAA;AACJ,YAAA,CAAA,CAAA;AACR,QAAA,CAAA,CAAA;AACJ,IAAA;AAEA;;;;;;AAMC,QACD,MAAMC,cAAAA,CAAkBf,OAAmB,EAAEN,SAAAA,GAAoB,UAAU,EAAc;QACrF,OAAO,IAAI,CAACK,WAAW,CAACC,OAAAA,EAAS,IAAI,CAACC,MAAM,CAACb,UAAU,EAAEM,SAAAA,CAAAA;AAC7D,IAAA;AAEA;;;;;;AAMC,QACD,MAAMsB,eAAAA,CAAmBhB,OAAmB,EAAEiB,QAAgB,EAAc;AACxE,QAAA,OAAO,IAAI,CAAClB,WAAW,CAACC,SAAS,IAAI,CAACC,MAAM,CAACZ,WAAW,EAAE,CAAC,KAAK,EAAE4B,QAAAA,CAAAA,CAAU,CAAA;AAChF,IAAA;AAEA;;;;;;AAMC,QACD,MAAMC,eAAAA,CAAmBlB,OAAmB,EAAEN,SAAAA,GAAoB,gBAAgB,EAAc;QAC5F,OAAO,IAAI,CAACK,WAAW,CAACC,OAAAA,EAAS,IAAI,CAACC,MAAM,CAACX,WAAW,EAAEI,SAAAA,CAAAA;AAC9D,IAAA;AAEA;;;;;;AAMC,QACDyB,qBAAAA,CAAsBxB,SAAiB,EAAED,SAAiB,EAAwD;AAC9G,QAAA,MAAM0B,aAAa,IAAIC,eAAAA,EAAAA;AAEvB,QAAA,MAAMf,YAAYC,UAAAA,CAAW,IAAA;AACzB,YAAA,IAAI,CAACa,UAAAA,CAAWE,MAAM,CAACC,OAAO,EAAE;AAC5B,gBAAA,IAAI,CAACf,WAAW,CAACC,cAAc,CAACf,SAAAA,EAAWC,SAAAA,CAAAA;gBAC3CyB,UAAAA,CAAWI,KAAK,CAAC,IAAIjC,YAAAA,CACjB,CAAC,WAAW,EAAEG,SAAAA,CAAU,WAAW,CAAC,EACpCA,SAAAA,EACAC,SAAAA,CAAAA,CAAAA;AAER,YAAA;QACJ,CAAA,EAAGA,SAAAA,CAAAA;AAEH,QAAA,MAAM8B,OAAAA,GAAU,IAAA;YACZb,YAAAA,CAAaN,SAAAA,CAAAA;AACjB,QAAA,CAAA;QAEA,OAAO;AAAEc,YAAAA,UAAAA;AAAYK,YAAAA;AAAQ,SAAA;AACjC,IAAA;AAEA;;;;;QAMAC,UAAAA,CAAWC,IAAyC,EAAU;QAC1D,OAAQA,IAAAA;YACJ,KAAK,KAAA;AAAO,gBAAA,OAAO,IAAI,CAAC1B,MAAM,CAACb,UAAU;YACzC,KAAK,MAAA;AAAQ,gBAAA,OAAO,IAAI,CAACa,MAAM,CAACZ,WAAW;YAC3C,KAAK,MAAA;AAAQ,gBAAA,OAAO,IAAI,CAACY,MAAM,CAACX,WAAW;AAC3C,YAAA;AAAS,gBAAA,OAAO,IAAI,CAACW,MAAM,CAACd,cAAc;AAC9C;AACJ,IAAA;AAEA;;AAEC,QACDyC,SAAAA,GAAqB;AACjB,QAAA,OAAO,IAAI,CAAC3B,MAAM,CAACf,OAAO;AAC9B,IAAA;AAEA;;QAGA2C,UAAAA,CAAW3C,OAAgB,EAAQ;AAC/B,QAAA,IAAI,CAACe,MAAM,CAACf,OAAO,GAAGA,OAAAA;AAC1B,IAAA;AAEA;;AAEC,QACD4C,SAAAA,GAA2B;QACvB,OAAO;YAAE,GAAG,IAAI,CAAC7B;AAAO,SAAA;AAC5B,IAAA;AAvJA,IAAA,WAAA,CAAYA,MAAAA,GAAiC,EAAE,EAAEO,WAAiC,CAAE;AAHpF,QAAA,gBAAA,CAAA,IAAA,EAAQP,UAAR,MAAA,CAAA;AACA,QAAA,gBAAA,CAAA,IAAA,EAAQO,eAAR,MAAA,CAAA;QAGI,IAAI,CAACP,MAAM,GAAG;AAAE,YAAA,GAAGhB,cAAc;AAAE,YAAA,GAAGgB;AAAO,SAAA;QAC7C,IAAI,CAACO,WAAW,GAAGA,WAAAA,IAAeuB,cAAAA,EAAAA;AACtC,IAAA;AAqJJ;AAEA;;IAGO,SAASC,cAAAA,CAAelB,KAAc,EAAA;AACzC,IAAA,OAAOA,KAAAA,YAAiBvB,YAAAA,IACpBuB,KAAAA,KAAU,IAAA,IACV,OAAOA,KAAAA,KAAU,QAAA,IACjB,WAAA,IAAeA,KAAAA,IACdA,KAAAA,CAAiClB,SAAS,KAAK,IAAA;AAExD;AAEA;AACA,IAAIqC,kBAAAA,GAA0C,IAAA;AAE9C;;AAEC,IACM,SAASC,eAAAA,GAAAA;AACZ,IAAA,IAAI,CAACD,kBAAAA,EAAoB;AACrBA,QAAAA,kBAAAA,GAAqB,IAAInC,YAAAA,EAAAA;AAC7B,IAAA;IACA,OAAOmC,kBAAAA;AACX;AAEA;;IAGO,SAASE,qBAAAA,CAAsBlC,MAA8B,EAAA;AAChEgC,IAAAA,kBAAAA,GAAqB,IAAInC,YAAAA,CAAaG,MAAAA,CAAAA;AAC1C;AAEA;;AAEC,IACM,SAASmC,iBAAAA,GAAAA;IACZH,kBAAAA,GAAqB,IAAA;AACzB;;;;"}

package/dist/security/types.d.ts

@@ -0,0 +1,86 @@
+import { z } from 'zod';
+export declare const PathSecurityConfigSchema: z.ZodObject<{
+    enabled: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
+    basePaths: z.ZodDefault<z.ZodOptional<z.ZodArray<z.ZodString>>>;
+    allowAbsolute: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
+    allowSymlinks: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
+    denyPatterns: z.ZodDefault<z.ZodOptional<z.ZodArray<z.ZodString>>>;
+}, z.core.$strip>;
+export declare const ToolSecurityConfigSchema: z.ZodObject<{
+    enabled: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
+    validateParams: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
+    sandboxExecution: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
+    allowedTools: z.ZodOptional<z.ZodArray<z.ZodString>>;
+    deniedTools: z.ZodDefault<z.ZodOptional<z.ZodArray<z.ZodString>>>;
+    maxExecutionTime: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
+    maxConcurrentCalls: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
+}, z.core.$strip>;
+export declare const SecretSecurityConfigSchema: z.ZodObject<{
+    enabled: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
+    redactInLogs: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
+    redactInErrors: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
+    patterns: z.ZodDefault<z.ZodOptional<z.ZodArray<z.ZodCustom<RegExp, RegExp>>>>;
+    customPatterns: z.ZodDefault<z.ZodOptional<z.ZodArray<z.ZodCustom<RegExp, RegExp>>>>;
+}, z.core.$strip>;
+export declare const LogSecurityConfigSchema: z.ZodObject<{
+    enabled: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
+    auditSecurityEvents: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
+    sanitizeStackTraces: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
+    maxContentLength: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
+}, z.core.$strip>;
+export declare const TimeoutConfigSchema: z.ZodObject<{
+    enabled: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
+    defaultTimeout: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
+    llmTimeout: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
+    toolTimeout: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
+    fileTimeout: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
+}, z.core.$strip>;
+export declare function createDefaultPathSecurityConfig(): PathSecurityConfig;
+export declare function createDefaultToolSecurityConfig(): ToolSecurityConfig;
+export declare function createDefaultSecretSecurityConfig(): SecretSecurityConfig;
+export declare function createDefaultLogSecurityConfig(): LogSecurityConfig;
+export declare function createDefaultTimeoutConfig(): TimeoutConfig;
+export declare const SecurityConfigSchema: z.ZodObject<{
+    paths: z.ZodDefault<z.ZodOptional<z.ZodObject<{
+        enabled: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
+        basePaths: z.ZodDefault<z.ZodOptional<z.ZodArray<z.ZodString>>>;
+        allowAbsolute: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
+        allowSymlinks: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
+        denyPatterns: z.ZodDefault<z.ZodOptional<z.ZodArray<z.ZodString>>>;
+    }, z.core.$strip>>>;
+    tools: z.ZodDefault<z.ZodOptional<z.ZodObject<{
+        enabled: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
+        validateParams: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
+        sandboxExecution: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
+        allowedTools: z.ZodOptional<z.ZodArray<z.ZodString>>;
+        deniedTools: z.ZodDefault<z.ZodOptional<z.ZodArray<z.ZodString>>>;
+        maxExecutionTime: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
+        maxConcurrentCalls: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
+    }, z.core.$strip>>>;
+    secrets: z.ZodDefault<z.ZodOptional<z.ZodObject<{
+        enabled: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
+        redactInLogs: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
+        redactInErrors: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
+        patterns: z.ZodDefault<z.ZodOptional<z.ZodArray<z.ZodCustom<RegExp, RegExp>>>>;
+        customPatterns: z.ZodDefault<z.ZodOptional<z.ZodArray<z.ZodCustom<RegExp, RegExp>>>>;
+    }, z.core.$strip>>>;
+    logging: z.ZodDefault<z.ZodOptional<z.ZodObject<{
+        enabled: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
+        auditSecurityEvents: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
+        sanitizeStackTraces: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
+        maxContentLength: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
+    }, z.core.$strip>>>;
+    timeouts: z.ZodDefault<z.ZodOptional<z.ZodObject<{
+        enabled: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
+        defaultTimeout: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
+        llmTimeout: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
+        toolTimeout: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
+        fileTimeout: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
+    }, z.core.$strip>>>;
+}, z.core.$strip>;
+export type PathSecurityConfig = z.infer<typeof PathSecurityConfigSchema>;
+export type ToolSecurityConfig = z.infer<typeof ToolSecurityConfigSchema>;
+export type SecretSecurityConfig = z.infer<typeof SecretSecurityConfigSchema>;
+export type LogSecurityConfig = z.infer<typeof LogSecurityConfigSchema>;
+export type TimeoutConfig = z.infer<typeof TimeoutConfigSchema>;
+export type SecurityConfig = z.infer<typeof SecurityConfigSchema>;

package/dist/security/types.js

@@ -0,0 +1,80 @@
+import { z } from 'zod';
+
+// Path Security Configuration
+const PathSecurityConfigSchema = z.object({
+    enabled: z.boolean().optional().default(true),
+    basePaths: z.array(z.string()).optional().default([]),
+    allowAbsolute: z.boolean().optional().default(false),
+    allowSymlinks: z.boolean().optional().default(false),
+    denyPatterns: z.array(z.string()).optional().default([
+        '\\.\\.',
+        '~',
+        '\\$\\{'
+    ])
+});
+// Tool Security Configuration
+const ToolSecurityConfigSchema = z.object({
+    enabled: z.boolean().optional().default(true),
+    validateParams: z.boolean().optional().default(true),
+    sandboxExecution: z.boolean().optional().default(false),
+    allowedTools: z.array(z.string()).optional(),
+    deniedTools: z.array(z.string()).optional().default([]),
+    maxExecutionTime: z.number().optional().default(30000),
+    maxConcurrentCalls: z.number().optional().default(10)
+});
+// Secret Security Configuration
+const SecretSecurityConfigSchema = z.object({
+    enabled: z.boolean().optional().default(true),
+    redactInLogs: z.boolean().optional().default(true),
+    redactInErrors: z.boolean().optional().default(true),
+    patterns: z.array(z.instanceof(RegExp)).optional().default([
+        /api[_-]?key[\s:="']+[\w-]+/gi,
+        /password[\s:="']+[\w-]+/gi,
+        /Bearer\s+[\w-]+/gi,
+        /sk-[a-zA-Z0-9]{48,}/g,
+        /AKIA[0-9A-Z]{16}/g
+    ]),
+    customPatterns: z.array(z.instanceof(RegExp)).optional().default([])
+});
+// Logging Security Configuration
+const LogSecurityConfigSchema = z.object({
+    enabled: z.boolean().optional().default(true),
+    auditSecurityEvents: z.boolean().optional().default(true),
+    sanitizeStackTraces: z.boolean().optional().default(true),
+    maxContentLength: z.number().optional().default(10000)
+});
+// Timeout Configuration
+const TimeoutConfigSchema = z.object({
+    enabled: z.boolean().optional().default(true),
+    defaultTimeout: z.number().optional().default(30000),
+    llmTimeout: z.number().optional().default(120000),
+    toolTimeout: z.number().optional().default(30000),
+    fileTimeout: z.number().optional().default(5000)
+});
+// Helper to create default configs
+function createDefaultPathSecurityConfig() {
+    return PathSecurityConfigSchema.parse({});
+}
+function createDefaultToolSecurityConfig() {
+    return ToolSecurityConfigSchema.parse({});
+}
+function createDefaultSecretSecurityConfig() {
+    return SecretSecurityConfigSchema.parse({});
+}
+function createDefaultLogSecurityConfig() {
+    return LogSecurityConfigSchema.parse({});
+}
+function createDefaultTimeoutConfig() {
+    return TimeoutConfigSchema.parse({});
+}
+// Complete Security Configuration
+const SecurityConfigSchema = z.object({
+    paths: PathSecurityConfigSchema.optional().default(createDefaultPathSecurityConfig),
+    tools: ToolSecurityConfigSchema.optional().default(createDefaultToolSecurityConfig),
+    secrets: SecretSecurityConfigSchema.optional().default(createDefaultSecretSecurityConfig),
+    logging: LogSecurityConfigSchema.optional().default(createDefaultLogSecurityConfig),
+    timeouts: TimeoutConfigSchema.optional().default(createDefaultTimeoutConfig)
+});
+
+export { LogSecurityConfigSchema, PathSecurityConfigSchema, SecretSecurityConfigSchema, SecurityConfigSchema, TimeoutConfigSchema, ToolSecurityConfigSchema, createDefaultLogSecurityConfig, createDefaultPathSecurityConfig, createDefaultSecretSecurityConfig, createDefaultTimeoutConfig, createDefaultToolSecurityConfig };
+//# sourceMappingURL=types.js.map

package/dist/security/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sources":["../../src/security/types.ts"],"sourcesContent":["import { z } from 'zod';\n\n// Path Security Configuration\nexport const PathSecurityConfigSchema = z.object({\n    enabled: z.boolean().optional().default(true),\n    basePaths: z.array(z.string()).optional().default([]),\n    allowAbsolute: z.boolean().optional().default(false),\n    allowSymlinks: z.boolean().optional().default(false),\n    denyPatterns: z.array(z.string()).optional().default([\n        '\\\\.\\\\.',        // Parent directory\n        '~',             // Home directory expansion\n        '\\\\$\\\\{',        // Variable expansion\n    ]),\n});\n\n// Tool Security Configuration\nexport const ToolSecurityConfigSchema = z.object({\n    enabled: z.boolean().optional().default(true),\n    validateParams: z.boolean().optional().default(true),\n    sandboxExecution: z.boolean().optional().default(false),\n    allowedTools: z.array(z.string()).optional(),\n    deniedTools: z.array(z.string()).optional().default([]),\n    maxExecutionTime: z.number().optional().default(30000), // 30 seconds\n    maxConcurrentCalls: z.number().optional().default(10),\n});\n\n// Secret Security Configuration\nexport const SecretSecurityConfigSchema = z.object({\n    enabled: z.boolean().optional().default(true),\n    redactInLogs: z.boolean().optional().default(true),\n    redactInErrors: z.boolean().optional().default(true),\n    patterns: z.array(z.instanceof(RegExp)).optional().default([\n        /api[_-]?key[\\s:=\"']+[\\w-]+/gi,\n        /password[\\s:=\"']+[\\w-]+/gi,\n        /Bearer\\s+[\\w-]+/gi,\n        /sk-[a-zA-Z0-9]{48,}/g,\n        /AKIA[0-9A-Z]{16}/g,  // AWS Access Key\n    ]),\n    customPatterns: z.array(z.instanceof(RegExp)).optional().default([]),\n});\n\n// Logging Security Configuration\nexport const LogSecurityConfigSchema = z.object({\n    enabled: z.boolean().optional().default(true),\n    auditSecurityEvents: z.boolean().optional().default(true),\n    sanitizeStackTraces: z.boolean().optional().default(true),\n    maxContentLength: z.number().optional().default(10000),\n});\n\n// Timeout Configuration\nexport const TimeoutConfigSchema = z.object({\n    enabled: z.boolean().optional().default(true),\n    defaultTimeout: z.number().optional().default(30000),\n    llmTimeout: z.number().optional().default(120000), // 2 minutes for LLM calls\n    toolTimeout: z.number().optional().default(30000),\n    fileTimeout: z.number().optional().default(5000),\n});\n\n// Helper to create default configs\nexport function createDefaultPathSecurityConfig(): PathSecurityConfig {\n    return PathSecurityConfigSchema.parse({});\n}\n\nexport function createDefaultToolSecurityConfig(): ToolSecurityConfig {\n    return ToolSecurityConfigSchema.parse({});\n}\n\nexport function createDefaultSecretSecurityConfig(): SecretSecurityConfig {\n    return SecretSecurityConfigSchema.parse({});\n}\n\nexport function createDefaultLogSecurityConfig(): LogSecurityConfig {\n    return LogSecurityConfigSchema.parse({});\n}\n\nexport function createDefaultTimeoutConfig(): TimeoutConfig {\n    return TimeoutConfigSchema.parse({});\n}\n\n// Complete Security Configuration\nexport const SecurityConfigSchema = z.object({\n    paths: PathSecurityConfigSchema.optional().default(createDefaultPathSecurityConfig),\n    tools: ToolSecurityConfigSchema.optional().default(createDefaultToolSecurityConfig),\n    secrets: SecretSecurityConfigSchema.optional().default(createDefaultSecretSecurityConfig),\n    logging: LogSecurityConfigSchema.optional().default(createDefaultLogSecurityConfig),\n    timeouts: TimeoutConfigSchema.optional().default(createDefaultTimeoutConfig),\n});\n\n// Type exports\nexport type PathSecurityConfig = z.infer<typeof PathSecurityConfigSchema>;\nexport type ToolSecurityConfig = z.infer<typeof ToolSecurityConfigSchema>;\nexport type SecretSecurityConfig = z.infer<typeof SecretSecurityConfigSchema>;\nexport type LogSecurityConfig = z.infer<typeof LogSecurityConfigSchema>;\nexport type TimeoutConfig = z.infer<typeof TimeoutConfigSchema>;\nexport type SecurityConfig = z.infer<typeof SecurityConfigSchema>;\n"],"names":["PathSecurityConfigSchema","z","object","enabled","boolean","optional","default","basePaths","array","string","allowAbsolute","allowSymlinks","denyPatterns","ToolSecurityConfigSchema","validateParams","sandboxExecution","allowedTools","deniedTools","maxExecutionTime","number","maxConcurrentCalls","SecretSecurityConfigSchema","redactInLogs","redactInErrors","patterns","instanceof","RegExp","customPatterns","LogSecurityConfigSchema","auditSecurityEvents","sanitizeStackTraces","maxContentLength","TimeoutConfigSchema","defaultTimeout","llmTimeout","toolTimeout","fileTimeout","createDefaultPathSecurityConfig","parse","createDefaultToolSecurityConfig","createDefaultSecretSecurityConfig","createDefaultLogSecurityConfig","createDefaultTimeoutConfig","SecurityConfigSchema","paths","tools","secrets","logging","timeouts"],"mappings":";;AAEA;AACO,MAAMA,wBAAAA,GAA2BC,CAAAA,CAAEC,MAAM,CAAC;AAC7CC,IAAAA,OAAAA,EAASF,EAAEG,OAAO,EAAA,CAAGC,QAAQ,EAAA,CAAGC,OAAO,CAAC,IAAA,CAAA;IACxCC,SAAAA,EAAWN,CAAAA,CAAEO,KAAK,CAACP,CAAAA,CAAEQ,MAAM,IAAIJ,QAAQ,EAAA,CAAGC,OAAO,CAAC,EAAE,CAAA;AACpDI,IAAAA,aAAAA,EAAeT,EAAEG,OAAO,EAAA,CAAGC,QAAQ,EAAA,CAAGC,OAAO,CAAC,KAAA,CAAA;AAC9CK,IAAAA,aAAAA,EAAeV,EAAEG,OAAO,EAAA,CAAGC,QAAQ,EAAA,CAAGC,OAAO,CAAC,KAAA,CAAA;IAC9CM,YAAAA,EAAcX,CAAAA,CAAEO,KAAK,CAACP,CAAAA,CAAEQ,MAAM,EAAA,CAAA,CAAIJ,QAAQ,EAAA,CAAGC,OAAO,CAAC;AACjD,QAAA,QAAA;AACA,QAAA,GAAA;AACA,QAAA;AACH,KAAA;AACL,CAAA;AAEA;AACO,MAAMO,wBAAAA,GAA2BZ,CAAAA,CAAEC,MAAM,CAAC;AAC7CC,IAAAA,OAAAA,EAASF,EAAEG,OAAO,EAAA,CAAGC,QAAQ,EAAA,CAAGC,OAAO,CAAC,IAAA,CAAA;AACxCQ,IAAAA,cAAAA,EAAgBb,EAAEG,OAAO,EAAA,CAAGC,QAAQ,EAAA,CAAGC,OAAO,CAAC,IAAA,CAAA;AAC/CS,IAAAA,gBAAAA,EAAkBd,EAAEG,OAAO,EAAA,CAAGC,QAAQ,EAAA,CAAGC,OAAO,CAAC,KAAA,CAAA;AACjDU,IAAAA,YAAAA,EAAcf,EAAEO,KAAK,CAACP,CAAAA,CAAEQ,MAAM,IAAIJ,QAAQ,EAAA;IAC1CY,WAAAA,EAAahB,CAAAA,CAAEO,KAAK,CAACP,CAAAA,CAAEQ,MAAM,IAAIJ,QAAQ,EAAA,CAAGC,OAAO,CAAC,EAAE,CAAA;AACtDY,IAAAA,gBAAAA,EAAkBjB,EAAEkB,MAAM,EAAA,CAAGd,QAAQ,EAAA,CAAGC,OAAO,CAAC,KAAA,CAAA;AAChDc,IAAAA,kBAAAA,EAAoBnB,EAAEkB,MAAM,EAAA,CAAGd,QAAQ,EAAA,CAAGC,OAAO,CAAC,EAAA;AACtD,CAAA;AAEA;AACO,MAAMe,0BAAAA,GAA6BpB,CAAAA,CAAEC,MAAM,CAAC;AAC/CC,IAAAA,OAAAA,EAASF,EAAEG,OAAO,EAAA,CAAGC,QAAQ,EAAA,CAAGC,OAAO,CAAC,IAAA,CAAA;AACxCgB,IAAAA,YAAAA,EAAcrB,EAAEG,OAAO,EAAA,CAAGC,QAAQ,EAAA,CAAGC,OAAO,CAAC,IAAA,CAAA;AAC7CiB,IAAAA,cAAAA,EAAgBtB,EAAEG,OAAO,EAAA,CAAGC,QAAQ,EAAA,CAAGC,OAAO,CAAC,IAAA,CAAA;IAC/CkB,QAAAA,EAAUvB,CAAAA,CAAEO,KAAK,CAACP,CAAAA,CAAEwB,UAAU,CAACC,MAAAA,CAAAA,CAAAA,CAASrB,QAAQ,EAAA,CAAGC,OAAO,CAAC;AACvD,QAAA,8BAAA;AACA,QAAA,2BAAA;AACA,QAAA,mBAAA;AACA,QAAA,sBAAA;AACA,QAAA;AACH,KAAA,CAAA;IACDqB,cAAAA,EAAgB1B,CAAAA,CAAEO,KAAK,CAACP,CAAAA,CAAEwB,UAAU,CAACC,MAAAA,CAAAA,CAAAA,CAASrB,QAAQ,EAAA,CAAGC,OAAO,CAAC,EAAE;AACvE,CAAA;AAEA;AACO,MAAMsB,uBAAAA,GAA0B3B,CAAAA,CAAEC,MAAM,CAAC;AAC5CC,IAAAA,OAAAA,EAASF,EAAEG,OAAO,EAAA,CAAGC,QAAQ,EAAA,CAAGC,OAAO,CAAC,IAAA,CAAA;AACxCuB,IAAAA,mBAAAA,EAAqB5B,EAAEG,OAAO,EAAA,CAAGC,QAAQ,EAAA,CAAGC,OAAO,CAAC,IAAA,CAAA;AACpDwB,IAAAA,mBAAAA,EAAqB7B,EAAEG,OAAO,EAAA,CAAGC,QAAQ,EAAA,CAAGC,OAAO,CAAC,IAAA,CAAA;AACpDyB,IAAAA,gBAAAA,EAAkB9B,EAAEkB,MAAM,EAAA,CAAGd,QAAQ,EAAA,CAAGC,OAAO,CAAC,KAAA;AACpD,CAAA;AAEA;AACO,MAAM0B,mBAAAA,GAAsB/B,CAAAA,CAAEC,MAAM,CAAC;AACxCC,IAAAA,OAAAA,EAASF,EAAEG,OAAO,EAAA,CAAGC,QAAQ,EAAA,CAAGC,OAAO,CAAC,IAAA,CAAA;AACxC2B,IAAAA,cAAAA,EAAgBhC,EAAEkB,MAAM,EAAA,CAAGd,QAAQ,EAAA,CAAGC,OAAO,CAAC,KAAA,CAAA;AAC9C4B,IAAAA,UAAAA,EAAYjC,EAAEkB,MAAM,EAAA,CAAGd,QAAQ,EAAA,CAAGC,OAAO,CAAC,MAAA,CAAA;AAC1C6B,IAAAA,WAAAA,EAAalC,EAAEkB,MAAM,EAAA,CAAGd,QAAQ,EAAA,CAAGC,OAAO,CAAC,KAAA,CAAA;AAC3C8B,IAAAA,WAAAA,EAAanC,EAAEkB,MAAM,EAAA,CAAGd,QAAQ,EAAA,CAAGC,OAAO,CAAC,IAAA;AAC/C,CAAA;AAEA;AACO,SAAS+B,+BAAAA,GAAAA;IACZ,OAAOrC,wBAAAA,CAAyBsC,KAAK,CAAC,EAAC,CAAA;AAC3C;AAEO,SAASC,+BAAAA,GAAAA;IACZ,OAAO1B,wBAAAA,CAAyByB,KAAK,CAAC,EAAC,CAAA;AAC3C;AAEO,SAASE,iCAAAA,GAAAA;IACZ,OAAOnB,0BAAAA,CAA2BiB,KAAK,CAAC,EAAC,CAAA;AAC7C;AAEO,SAASG,8BAAAA,GAAAA;IACZ,OAAOb,uBAAAA,CAAwBU,KAAK,CAAC,EAAC,CAAA;AAC1C;AAEO,SAASI,0BAAAA,GAAAA;IACZ,OAAOV,mBAAAA,CAAoBM,KAAK,CAAC,EAAC,CAAA;AACtC;AAEA;AACO,MAAMK,oBAAAA,GAAuB1C,CAAAA,CAAEC,MAAM,CAAC;AACzC0C,IAAAA,KAAAA,EAAO5C,wBAAAA,CAAyBK,QAAQ,EAAA,CAAGC,OAAO,CAAC+B,+BAAAA,CAAAA;AACnDQ,IAAAA,KAAAA,EAAOhC,wBAAAA,CAAyBR,QAAQ,EAAA,CAAGC,OAAO,CAACiC,+BAAAA,CAAAA;AACnDO,IAAAA,OAAAA,EAASzB,0BAAAA,CAA2BhB,QAAQ,EAAA,CAAGC,OAAO,CAACkC,iCAAAA,CAAAA;AACvDO,IAAAA,OAAAA,EAASnB,uBAAAA,CAAwBvB,QAAQ,EAAA,CAAGC,OAAO,CAACmC,8BAAAA,CAAAA;AACpDO,IAAAA,QAAAA,EAAUhB,mBAAAA,CAAoB3B,QAAQ,EAAA,CAAGC,OAAO,CAACoC,0BAAAA;AACrD,CAAA;;;;"}

package/dist/token-budget.js

@@ -397,5 +397,5 @@ function _define_property(obj, key, value) {
     }
 }
 
-export { TokenBudgetManager, TokenCounter, TokenBudgetManager as default };
+export { TokenBudgetManager, TokenCounter };
 //# sourceMappingURL=token-budget.js.map

package/dist/tools.js

@@ -320,5 +320,5 @@ const ToolSchema = z.object({
     }
 }
 
-export { ToolRegistry, ToolRegistry as default };
+export { ToolRegistry };
 //# sourceMappingURL=tools.js.map

package/guide/index.md

@@ -49,7 +49,9 @@ const result = await executeChat(prompt, { model: 'gpt-4o' });
 
 This guide directory contains specialized documentation for different aspects of the system:
 
+*   [Integration](./integration.md): Comprehensive guide for integrating RiotPrompt as a library, including API reference, conversation management, tool integration, and agentic workflows.
 *   [Architecture](./architecture.md): Internal design, module structure, and data flow.
 *   [Usage Patterns](./usage.md): Common patterns for CLI and library usage, including the Recipes API and Structured Outputs.
 *   [Configuration](./configuration.md): Deep dive into configuration options.
+*   [Security](./security.md): Security best practices and features.
 *   [Development](./development.md): Guide for contributing to `riotprompt`.