@runcore-sh/runcore 0.1.8 → 0.1.10

package/dist/llm/providers/index.js

@@ -6,6 +6,7 @@ import { openRouterProvider } from "./openrouter.js";
 import { anthropicProvider } from "./anthropic.js";
 import { openAIProvider } from "./openai.js";
 import { ollamaProvider } from "./ollama.js";
+import { assertProviderAllowed } from "../guard.js";
 import { createLogger } from "../../utils/logger.js";
 const log = createLogger("llm.providers");
 // ── Registry ────────────────────────────────────────────────────────────────
@@ -15,8 +16,13 @@ const providers = new Map([
     ["openai", openAIProvider],
     ["ollama", ollamaProvider],
 ]);
-/** Get a provider by name. Throws if unknown. */
+/**
+ * Get a provider by name. Throws if unknown.
+ * Enforces privateMode — cloud providers are blocked when private mode is on.
+ */
 export function getProvider(name) {
+    // Guard: block cloud providers in private mode BEFORE returning the provider
+    assertProviderAllowed(name);
     const provider = providers.get(name);
     if (!provider)
         throw new Error(`Unknown LLM provider: ${name}`);
@@ -44,4 +50,5 @@ export { anthropicProvider } from "./anthropic.js";
 export { openAIProvider } from "./openai.js";
 export { ollamaProvider } from "./ollama.js";
 export { LLMError, classifyApiError } from "../errors.js";
+export { PrivateModeError, isPrivateMode } from "../guard.js";
 //# sourceMappingURL=index.js.map

package/dist/llm/providers/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/llm/providers/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAGH,OAAO,EAAE,kBAAkB,EAAE,MAAM,iBAAiB,CAAC;AACrD,OAAO,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAC;AACnD,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAC7C,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAC7C,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AAErD,MAAM,GAAG,GAAG,YAAY,CAAC,eAAe,CAAC,CAAC;AAE1C,+EAA+E;AAE/E,MAAM,SAAS,GAAG,IAAI,GAAG,CAA4B;IACnD,CAAC,YAAY,EAAE,kBAAkB,CAAC;IAClC,CAAC,WAAW,EAAE,iBAAiB,CAAC;IAChC,CAAC,QAAQ,EAAE,cAAc,CAAC;IAC1B,CAAC,QAAQ,EAAE,cAAc,CAAC;CAC3B,CAAC,CAAC;AAEH,iDAAiD;AACjD,MAAM,UAAU,WAAW,CAAC,IAAkB;IAC5C,MAAM,QAAQ,GAAG,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IACrC,IAAI,CAAC,QAAQ;QAAE,MAAM,IAAI,KAAK,CAAC,yBAAyB,IAAI,EAAE,CAAC,CAAC;IAChE,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,2DAA2D;AAC3D,MAAM,UAAU,gBAAgB,CAAC,QAAqB;IACpD,SAAS,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;IACvC,GAAG,CAAC,IAAI,CAAC,qBAAqB,EAAE,EAAE,IAAI,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC;AAC3D,CAAC;AAED,0CAA0C;AAC1C,MAAM,UAAU,aAAa;IAC3B,OAAO,CAAC,GAAG,SAAS,CAAC,IAAI,EAAE,CAAC,CAAC;AAC/B,CAAC;AAED,qFAAqF;AACrF,MAAM,CAAC,KAAK,UAAU,qBAAqB;IACzC,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,GAAG,CAC/B,CAAC,GAAG,SAAS,CAAC,OAAO,EAAE,CAAC,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC,IAAI,EAAE,QAAQ,CAAC,EAAE,EAAE;QACtD,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,WAAW,EAAE,CAAC;QAC/C,OAAO,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC;IACjC,CAAC,CAAC,CACH,CAAC;IACF,OAAO,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAqB,EAAE,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC;AAC9D,CAAC;AAKD,OAAO,EAAE,kBAAkB,EAAE,MAAM,iBAAiB,CAAC;AACrD,OAAO,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAC;AACnD,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAC7C,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAC7C,OAAO,EAAE,QAAQ,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/llm/providers/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAGH,OAAO,EAAE,kBAAkB,EAAE,MAAM,iBAAiB,CAAC;AACrD,OAAO,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAC;AACnD,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAC7C,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAC7C,OAAO,EAAE,qBAAqB,EAAE,MAAM,aAAa,CAAC;AACpD,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AAErD,MAAM,GAAG,GAAG,YAAY,CAAC,eAAe,CAAC,CAAC;AAE1C,+EAA+E;AAE/E,MAAM,SAAS,GAAG,IAAI,GAAG,CAA4B;IACnD,CAAC,YAAY,EAAE,kBAAkB,CAAC;IAClC,CAAC,WAAW,EAAE,iBAAiB,CAAC;IAChC,CAAC,QAAQ,EAAE,cAAc,CAAC;IAC1B,CAAC,QAAQ,EAAE,cAAc,CAAC;CAC3B,CAAC,CAAC;AAEH;;;GAGG;AACH,MAAM,UAAU,WAAW,CAAC,IAAkB;IAC5C,6EAA6E;IAC7E,qBAAqB,CAAC,IAAI,CAAC,CAAC;IAE5B,MAAM,QAAQ,GAAG,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IACrC,IAAI,CAAC,QAAQ;QAAE,MAAM,IAAI,KAAK,CAAC,yBAAyB,IAAI,EAAE,CAAC,CAAC;IAChE,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,2DAA2D;AAC3D,MAAM,UAAU,gBAAgB,CAAC,QAAqB;IACpD,SAAS,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;IACvC,GAAG,CAAC,IAAI,CAAC,qBAAqB,EAAE,EAAE,IAAI,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC;AAC3D,CAAC;AAED,0CAA0C;AAC1C,MAAM,UAAU,aAAa;IAC3B,OAAO,CAAC,GAAG,SAAS,CAAC,IAAI,EAAE,CAAC,CAAC;AAC/B,CAAC;AAED,qFAAqF;AACrF,MAAM,CAAC,KAAK,UAAU,qBAAqB;IACzC,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,GAAG,CAC/B,CAAC,GAAG,SAAS,CAAC,OAAO,EAAE,CAAC,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC,IAAI,EAAE,QAAQ,CAAC,EAAE,EAAE;QACtD,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,WAAW,EAAE,CAAC;QAC/C,OAAO,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC;IACjC,CAAC,CAAC,CACH,CAAC;IACF,OAAO,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAqB,EAAE,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC;AAC9D,CAAC;AAKD,OAAO,EAAE,kBAAkB,EAAE,MAAM,iBAAiB,CAAC;AACrD,OAAO,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAC;AACnD,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAC7C,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAC7C,OAAO,EAAE,QAAQ,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAC1D,OAAO,EAAE,gBAAgB,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC"}

package/dist/llm/redact.d.ts

@@ -0,0 +1,39 @@
+/**
+ * Sensitive data redaction for outbound LLM requests.
+ * Pattern-based detection — if it looks like a secret, redact it before network egress.
+ * Runs inside the fetch guard, after message assembly, before the wire.
+ *
+ * When a PrivacyMembrane is active, delegates to it for reversible typed-placeholder
+ * redaction. Falls back to one-way [REDACTED:category] replacement otherwise.
+ */
+import type { PrivacyMembrane } from "./membrane.js";
+/** Set the active PrivacyMembrane for reversible redaction. */
+export declare function setActiveMembrane(membrane: PrivacyMembrane): void;
+/** Get the active membrane (or null if none). */
+export declare function getActiveMembrane(): PrivacyMembrane | null;
+/**
+ * Rehydrate placeholders in an LLM response back to original values.
+ * No-op if no membrane is active.
+ */
+export declare function rehydrateResponse(text: string): string;
+/** Track redaction stats per request for audit logging. */
+interface RedactionStats {
+    totalRedactions: number;
+    categories: Record<string, number>;
+}
+/**
+ * Redact sensitive patterns from a string (one-way fallback).
+ * Returns the cleaned string and stats about what was redacted.
+ */
+export declare function redactSensitive(text: string): {
+    cleaned: string;
+    stats: RedactionStats;
+};
+/**
+ * Redact sensitive data from an LLM request body (JSON string).
+ * When a membrane is active, delegates to it for reversible redaction.
+ * Otherwise falls back to one-way pattern replacement.
+ */
+export declare function redactRequestBody(bodyStr: string): string;
+export {};
+//# sourceMappingURL=redact.d.ts.map

package/dist/llm/redact.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"redact.d.ts","sourceRoot":"","sources":["../../src/llm/redact.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,eAAe,CAAC;AASrD,+DAA+D;AAC/D,wBAAgB,iBAAiB,CAAC,QAAQ,EAAE,eAAe,GAAG,IAAI,CAGjE;AAED,iDAAiD;AACjD,wBAAgB,iBAAiB,IAAI,eAAe,GAAG,IAAI,CAE1D;AAED;;;GAGG;AACH,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAGtD;AAoCD,2DAA2D;AAC3D,UAAU,cAAc;IACtB,eAAe,EAAE,MAAM,CAAC;IACxB,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CACpC;AAED;;;GAGG;AACH,wBAAgB,eAAe,CAAC,IAAI,EAAE,MAAM,GAAG;IAAE,OAAO,EAAE,MAAM,CAAC;IAAC,KAAK,EAAE,cAAc,CAAA;CAAE,CA0BxF;AAED;;;;GAIG;AACH,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,CAqEzD"}

package/dist/llm/redact.js

@@ -0,0 +1,155 @@
+/**
+ * Sensitive data redaction for outbound LLM requests.
+ * Pattern-based detection — if it looks like a secret, redact it before network egress.
+ * Runs inside the fetch guard, after message assembly, before the wire.
+ *
+ * When a PrivacyMembrane is active, delegates to it for reversible typed-placeholder
+ * redaction. Falls back to one-way [REDACTED:category] replacement otherwise.
+ */
+import { createLogger } from "../utils/logger.js";
+const log = createLogger("llm.redact");
+// --- Active membrane (singleton, set at startup) ---
+let activeMembrane = null;
+/** Set the active PrivacyMembrane for reversible redaction. */
+export function setActiveMembrane(membrane) {
+    activeMembrane = membrane;
+    log.info("PrivacyMembrane activated");
+}
+/** Get the active membrane (or null if none). */
+export function getActiveMembrane() {
+    return activeMembrane;
+}
+/**
+ * Rehydrate placeholders in an LLM response back to original values.
+ * No-op if no membrane is active.
+ */
+export function rehydrateResponse(text) {
+    if (!activeMembrane)
+        return text;
+    return activeMembrane.rehydrate(text);
+}
+// --- One-way fallback (original behavior) ---
+/** Placeholder for redacted content. Includes the category so the LLM knows what was removed. */
+function placeholder(category) {
+    return `[REDACTED:${category}]`;
+}
+/**
+ * Redaction rules: [pattern, category, description].
+ * Order matters — more specific patterns first to avoid partial matches.
+ */
+const RULES = [
+    // SSN: 123-45-6789 or 123 45 6789
+    [/\b\d{3}[-\s]\d{2}[-\s]\d{4}\b/g, "SSN"],
+    // Credit card: 13-19 digits, optionally grouped by spaces or dashes
+    [/\b(?:\d[ -]*?){13,19}\b/g, "CARD"],
+    // API keys: common prefixes (sk-, pk-, api-, key-, token_)
+    [/\b(?:sk|pk|api|key|token)[_-][A-Za-z0-9_-]{20,}\b/g, "API_KEY"],
+    // Bearer tokens in content (not headers — those are legitimate)
+    [/\bBearer\s+[A-Za-z0-9_.-]{20,}\b/g, "BEARER_TOKEN"],
+    // AWS access keys: AKIA + 16 alphanumeric
+    [/\bAKIA[0-9A-Z]{16}\b/g, "AWS_KEY"],
+    // Private keys (PEM blocks)
+    [/-----BEGIN\s+(RSA\s+)?PRIVATE\s+KEY-----[\s\S]*?-----END\s+(RSA\s+)?PRIVATE\s+KEY-----/g, "PRIVATE_KEY"],
+    // Generic long hex/base64 secrets (40+ chars, likely tokens)
+    [/\b[A-Fa-f0-9]{40,}\b/g, "HEX_SECRET"],
+];
+/**
+ * Redact sensitive patterns from a string (one-way fallback).
+ * Returns the cleaned string and stats about what was redacted.
+ */
+export function redactSensitive(text) {
+    const stats = { totalRedactions: 0, categories: {} };
+    let cleaned = text;
+    for (const [pattern, category] of RULES) {
+        // Reset lastIndex for global patterns
+        pattern.lastIndex = 0;
+        const matches = cleaned.match(pattern);
+        if (matches) {
+            // Filter out false positives: skip short numeric sequences for CARD rule
+            const validMatches = category === "CARD"
+                ? matches.filter((m) => m.replace(/[\s-]/g, "").length >= 13)
+                : matches;
+            if (validMatches.length > 0) {
+                for (const match of validMatches) {
+                    cleaned = cleaned.replace(match, placeholder(category));
+                }
+                stats.totalRedactions += validMatches.length;
+                stats.categories[category] = (stats.categories[category] ?? 0) + validMatches.length;
+            }
+        }
+        pattern.lastIndex = 0;
+    }
+    return { cleaned, stats };
+}
+/**
+ * Redact sensitive data from an LLM request body (JSON string).
+ * When a membrane is active, delegates to it for reversible redaction.
+ * Otherwise falls back to one-way pattern replacement.
+ */
+export function redactRequestBody(bodyStr) {
+    let parsed;
+    try {
+        parsed = JSON.parse(bodyStr);
+    }
+    catch {
+        return bodyStr; // not JSON, pass through
+    }
+    // Only process if it looks like an LLM API request (has messages array)
+    const messages = parsed.messages;
+    if (!Array.isArray(messages))
+        return bodyStr;
+    // Delegate to membrane when active (reversible typed placeholders)
+    if (activeMembrane) {
+        for (const msg of messages) {
+            if (typeof msg.content === "string") {
+                msg.content = activeMembrane.apply(msg.content);
+            }
+            if (Array.isArray(msg.content)) {
+                for (const block of msg.content) {
+                    if (block.type === "text" && typeof block.text === "string") {
+                        block.text = activeMembrane.apply(block.text);
+                    }
+                }
+            }
+        }
+        return JSON.stringify(parsed);
+    }
+    // Fallback: one-way redaction
+    let totalRedactions = 0;
+    const allCategories = {};
+    for (const msg of messages) {
+        if (typeof msg.content === "string") {
+            const { cleaned, stats } = redactSensitive(msg.content);
+            if (stats.totalRedactions > 0) {
+                msg.content = cleaned;
+                totalRedactions += stats.totalRedactions;
+                for (const [cat, count] of Object.entries(stats.categories)) {
+                    allCategories[cat] = (allCategories[cat] ?? 0) + count;
+                }
+            }
+        }
+        // Handle Anthropic-style content blocks: [{ type: "text", text: "..." }]
+        if (Array.isArray(msg.content)) {
+            for (const block of msg.content) {
+                if (block.type === "text" && typeof block.text === "string") {
+                    const { cleaned, stats } = redactSensitive(block.text);
+                    if (stats.totalRedactions > 0) {
+                        block.text = cleaned;
+                        totalRedactions += stats.totalRedactions;
+                        for (const [cat, count] of Object.entries(stats.categories)) {
+                            allCategories[cat] = (allCategories[cat] ?? 0) + count;
+                        }
+                    }
+                }
+            }
+        }
+    }
+    if (totalRedactions > 0) {
+        log.warn("Redacted sensitive data from outbound LLM request", {
+            redactions: totalRedactions,
+            categories: allCategories,
+        });
+    }
+    return JSON.stringify(parsed);
+}
+//# sourceMappingURL=redact.js.map

package/dist/llm/redact.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"redact.js","sourceRoot":"","sources":["../../src/llm/redact.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAGH,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAElD,MAAM,GAAG,GAAG,YAAY,CAAC,YAAY,CAAC,CAAC;AAEvC,sDAAsD;AAEtD,IAAI,cAAc,GAA2B,IAAI,CAAC;AAElD,+DAA+D;AAC/D,MAAM,UAAU,iBAAiB,CAAC,QAAyB;IACzD,cAAc,GAAG,QAAQ,CAAC;IAC1B,GAAG,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC;AACxC,CAAC;AAED,iDAAiD;AACjD,MAAM,UAAU,iBAAiB;IAC/B,OAAO,cAAc,CAAC;AACxB,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,iBAAiB,CAAC,IAAY;IAC5C,IAAI,CAAC,cAAc;QAAE,OAAO,IAAI,CAAC;IACjC,OAAO,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;AACxC,CAAC;AAED,+CAA+C;AAE/C,iGAAiG;AACjG,SAAS,WAAW,CAAC,QAAgB;IACnC,OAAO,aAAa,QAAQ,GAAG,CAAC;AAClC,CAAC;AAED;;;GAGG;AACH,MAAM,KAAK,GAA4B;IACrC,kCAAkC;IAClC,CAAC,gCAAgC,EAAE,KAAK,CAAC;IAEzC,oEAAoE;IACpE,CAAC,0BAA0B,EAAE,MAAM,CAAC;IAEpC,2DAA2D;IAC3D,CAAC,oDAAoD,EAAE,SAAS,CAAC;IAEjE,gEAAgE;IAChE,CAAC,mCAAmC,EAAE,cAAc,CAAC;IAErD,0CAA0C;IAC1C,CAAC,uBAAuB,EAAE,SAAS,CAAC;IAEpC,4BAA4B;IAC5B,CAAC,yFAAyF,EAAE,aAAa,CAAC;IAE1G,6DAA6D;IAC7D,CAAC,uBAAuB,EAAE,YAAY,CAAC;CACxC,CAAC;AAQF;;;GAGG;AACH,MAAM,UAAU,eAAe,CAAC,IAAY;IAC1C,MAAM,KAAK,GAAmB,EAAE,eAAe,EAAE,CAAC,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC;IACrE,IAAI,OAAO,GAAG,IAAI,CAAC;IAEnB,KAAK,MAAM,CAAC,OAAO,EAAE,QAAQ,CAAC,IAAI,KAAK,EAAE,CAAC;QACxC,sCAAsC;QACtC,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC;QACtB,MAAM,OAAO,GAAG,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QACvC,IAAI,OAAO,EAAE,CAAC;YACZ,yEAAyE;YACzE,MAAM,YAAY,GAAG,QAAQ,KAAK,MAAM;gBACtC,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC,MAAM,IAAI,EAAE,CAAC;gBAC7D,CAAC,CAAC,OAAO,CAAC;YAEZ,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC5B,KAAK,MAAM,KAAK,IAAI,YAAY,EAAE,CAAC;oBACjC,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,WAAW,CAAC,QAAQ,CAAC,CAAC,CAAC;gBAC1D,CAAC;gBACD,KAAK,CAAC,eAAe,IAAI,YAAY,CAAC,MAAM,CAAC;gBAC7C,KAAK,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,GAAG,YAAY,CAAC,MAAM,CAAC;YACvF,CAAC;QACH,CAAC;QACD,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC;IACxB,CAAC;IAED,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;AAC5B,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,iBAAiB,CAAC,OAAe;IAC/C,IAAI,MAA+B,CAAC;IACpC,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IAC/B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,OAAO,CAAC,CAAC,yBAAyB;IAC3C,CAAC;IAED,wEAAwE;IACxE,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC;IACjC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC;QAAE,OAAO,OAAO,CAAC;IAE7C,mEAAmE;IACnE,IAAI,cAAc,EAAE,CAAC;QACnB,KAAK,MAAM,GAAG,IAAI,QAAQ,EAAE,CAAC;YAC3B,IAAI,OAAO,GAAG,CAAC,OAAO,KAAK,QAAQ,EAAE,CAAC;gBACpC,GAAG,CAAC,OAAO,GAAG,cAAc,CAAC,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YAClD,CAAC;YACD,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC/B,KAAK,MAAM,KAAK,IAAI,GAAG,CAAC,OAAO,EAAE,CAAC;oBAChC,IAAI,KAAK,CAAC,IAAI,KAAK,MAAM,IAAI,OAAO,KAAK,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;wBAC5D,KAAK,CAAC,IAAI,GAAG,cAAc,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;oBAChD,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QACD,OAAO,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;IAChC,CAAC;IAED,8BAA8B;IAC9B,IAAI,eAAe,GAAG,CAAC,CAAC;IACxB,MAAM,aAAa,GAA2B,EAAE,CAAC;IAEjD,KAAK,MAAM,GAAG,IAAI,QAAQ,EAAE,CAAC;QAC3B,IAAI,OAAO,GAAG,CAAC,OAAO,KAAK,QAAQ,EAAE,CAAC;YACpC,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,GAAG,eAAe,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YACxD,IAAI,KAAK,CAAC,eAAe,GAAG,CAAC,EAAE,CAAC;gBAC9B,GAAG,CAAC,OAAO,GAAG,OAAO,CAAC;gBACtB,eAAe,IAAI,KAAK,CAAC,eAAe,CAAC;gBACzC,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,UAAU,CAAC,EAAE,CAAC;oBAC5D,aAAa,CAAC,GAAG,CAAC,GAAG,CAAC,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,GAAG,KAAK,CAAC;gBACzD,CAAC;YACH,CAAC;QACH,CAAC;QACD,yEAAyE;QACzE,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;YAC/B,KAAK,MAAM,KAAK,IAAI,GAAG,CAAC,OAAO,EAAE,CAAC;gBAChC,IAAI,KAAK,CAAC,IAAI,KAAK,MAAM,IAAI,OAAO,KAAK,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;oBAC5D,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,GAAG,eAAe,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;oBACvD,IAAI,KAAK,CAAC,eAAe,GAAG,CAAC,EAAE,CAAC;wBAC9B,KAAK,CAAC,IAAI,GAAG,OAAO,CAAC;wBACrB,eAAe,IAAI,KAAK,CAAC,eAAe,CAAC;wBACzC,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,UAAU,CAAC,EAAE,CAAC;4BAC5D,aAAa,CAAC,GAAG,CAAC,GAAG,CAAC,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,GAAG,KAAK,CAAC;wBACzD,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,IAAI,eAAe,GAAG,CAAC,EAAE,CAAC;QACxB,GAAG,CAAC,IAAI,CAAC,mDAAmD,EAAE;YAC5D,UAAU,EAAE,eAAe;YAC3B,UAAU,EAAE,aAAa;SAC1B,CAAC,CAAC;IACL,CAAC;IAED,OAAO,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;AAChC,CAAC"}

package/dist/llm/sensitive-registry.d.ts

@@ -0,0 +1,33 @@
+/**
+ * SensitiveRegistry — loads sensitive terms from brain/knowledge/sensitive.yaml
+ * plus built-in pattern rules (SSN, cards, API keys, etc.).
+ *
+ * Terms are sorted longest-first so longer matches take priority.
+ * Hand-rolled YAML parse — no external dependency.
+ */
+export interface SensitiveTerm {
+    value: string;
+    category: string;
+}
+export interface SensitivePattern {
+    pattern: RegExp;
+    category: string;
+}
+export declare class SensitiveRegistry {
+    private terms;
+    private customPatterns;
+    private loaded;
+    /** All built-in + custom regex patterns. */
+    get patterns(): SensitivePattern[];
+    /** All explicit terms, sorted longest-first. */
+    get sensitiveTerms(): SensitiveTerm[];
+    /** Load sensitive.yaml from brain/knowledge/. Graceful if missing. */
+    load(brainRoot: string): Promise<void>;
+    get isLoaded(): boolean;
+    /**
+     * Hand-rolled YAML parser for our simple format.
+     * Expects a list of entries with `value`, `category`, and optionally `pattern` fields.
+     */
+    private parseYaml;
+}
+//# sourceMappingURL=sensitive-registry.d.ts.map

package/dist/llm/sensitive-registry.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sensitive-registry.d.ts","sourceRoot":"","sources":["../../src/llm/sensitive-registry.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAQH,MAAM,WAAW,aAAa;IAC5B,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,gBAAgB;IAC/B,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAaD,qBAAa,iBAAiB;IAC5B,OAAO,CAAC,KAAK,CAAuB;IACpC,OAAO,CAAC,cAAc,CAA0B;IAChD,OAAO,CAAC,MAAM,CAAS;IAEvB,4CAA4C;IAC5C,IAAI,QAAQ,IAAI,gBAAgB,EAAE,CAEjC;IAED,gDAAgD;IAChD,IAAI,cAAc,IAAI,aAAa,EAAE,CAEpC;IAED,sEAAsE;IAChE,IAAI,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAoB5C,IAAI,QAAQ,IAAI,OAAO,CAEtB;IAED;;;OAGG;IACH,OAAO,CAAC,SAAS;CA2ClB"}

package/dist/llm/sensitive-registry.js

@@ -0,0 +1,106 @@
+/**
+ * SensitiveRegistry — loads sensitive terms from brain/knowledge/sensitive.yaml
+ * plus built-in pattern rules (SSN, cards, API keys, etc.).
+ *
+ * Terms are sorted longest-first so longer matches take priority.
+ * Hand-rolled YAML parse — no external dependency.
+ */
+import { readFile } from "node:fs/promises";
+import { join } from "node:path";
+import { createLogger } from "../utils/logger.js";
+const log = createLogger("llm.sensitive-registry");
+/** Built-in patterns — carried over from redact.ts */
+const BUILTIN_PATTERNS = [
+    { pattern: /\b\d{3}[-\s]\d{2}[-\s]\d{4}\b/g, category: "SSN" },
+    { pattern: /\b(?:\d[ -]*?){13,19}\b/g, category: "CARD" },
+    { pattern: /\b(?:sk|pk|api|key|token)[_-][A-Za-z0-9_-]{20,}\b/g, category: "API_KEY" },
+    { pattern: /\bBearer\s+[A-Za-z0-9_.-]{20,}\b/g, category: "BEARER_TOKEN" },
+    { pattern: /\bAKIA[0-9A-Z]{16}\b/g, category: "AWS_KEY" },
+    { pattern: /-----BEGIN\s+(RSA\s+)?PRIVATE\s+KEY-----[\s\S]*?-----END\s+(RSA\s+)?PRIVATE\s+KEY-----/g, category: "PRIVATE_KEY" },
+    { pattern: /\b[A-Fa-f0-9]{40,}\b/g, category: "HEX_SECRET" },
+];
+export class SensitiveRegistry {
+    terms = [];
+    customPatterns = [];
+    loaded = false;
+    /** All built-in + custom regex patterns. */
+    get patterns() {
+        return [...BUILTIN_PATTERNS, ...this.customPatterns];
+    }
+    /** All explicit terms, sorted longest-first. */
+    get sensitiveTerms() {
+        return this.terms;
+    }
+    /** Load sensitive.yaml from brain/knowledge/. Graceful if missing. */
+    async load(brainRoot) {
+        const filePath = join(brainRoot, "knowledge", "sensitive.yaml");
+        try {
+            const raw = await readFile(filePath, "utf-8");
+            this.parseYaml(raw);
+            this.loaded = true;
+            log.info("Loaded sensitive registry", {
+                terms: this.terms.length,
+                customPatterns: this.customPatterns.length,
+            });
+        }
+        catch (err) {
+            if (err.code === "ENOENT") {
+                log.debug("No sensitive.yaml found — using built-in patterns only");
+            }
+            else {
+                log.warn("Failed to parse sensitive.yaml — using built-in patterns only", { error: err.message });
+            }
+            this.loaded = true; // graceful degradation
+        }
+    }
+    get isLoaded() {
+        return this.loaded;
+    }
+    /**
+     * Hand-rolled YAML parser for our simple format.
+     * Expects a list of entries with `value`, `category`, and optionally `pattern` fields.
+     */
+    parseYaml(raw) {
+        const terms = [];
+        const customPatterns = [];
+        // Split into entries by "- " at start of line (top-level list items)
+        const entries = raw.split(/^(?=\s*- )/m).filter((s) => s.trim());
+        for (const entry of entries) {
+            const lines = entry.split("\n").map((l) => l.trim()).filter((l) => l && !l.startsWith("#"));
+            let value;
+            let category;
+            let pattern;
+            for (const line of lines) {
+                // Strip leading "- " for the first field in a list item
+                const cleaned = line.replace(/^-\s*/, "");
+                const kvMatch = cleaned.match(/^(\w+)\s*:\s*(.+)$/);
+                if (!kvMatch)
+                    continue;
+                const [, key, val] = kvMatch;
+                const unquoted = val.replace(/^["']|["']$/g, "").trim();
+                if (key === "value")
+                    value = unquoted;
+                else if (key === "category")
+                    category = unquoted;
+                else if (key === "pattern")
+                    pattern = unquoted;
+            }
+            if (pattern && category) {
+                try {
+                    customPatterns.push({ pattern: new RegExp(pattern, "g"), category: category.toUpperCase() });
+                }
+                catch {
+                    log.warn("Invalid regex in sensitive.yaml", { pattern, category });
+                }
+            }
+            else if (value && category) {
+                terms.push({ value, category: category.toUpperCase() });
+            }
+        }
+        // Sort terms longest-first so longer matches take priority
+        terms.sort((a, b) => b.value.length - a.value.length);
+        this.terms = terms;
+        this.customPatterns = customPatterns;
+    }
+}
+//# sourceMappingURL=sensitive-registry.js.map

package/dist/llm/sensitive-registry.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sensitive-registry.js","sourceRoot":"","sources":["../../src/llm/sensitive-registry.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAElD,MAAM,GAAG,GAAG,YAAY,CAAC,wBAAwB,CAAC,CAAC;AAYnD,sDAAsD;AACtD,MAAM,gBAAgB,GAAuB;IAC3C,EAAE,OAAO,EAAE,gCAAgC,EAAE,QAAQ,EAAE,KAAK,EAAE;IAC9D,EAAE,OAAO,EAAE,0BAA0B,EAAE,QAAQ,EAAE,MAAM,EAAE;IACzD,EAAE,OAAO,EAAE,oDAAoD,EAAE,QAAQ,EAAE,SAAS,EAAE;IACtF,EAAE,OAAO,EAAE,mCAAmC,EAAE,QAAQ,EAAE,cAAc,EAAE;IAC1E,EAAE,OAAO,EAAE,uBAAuB,EAAE,QAAQ,EAAE,SAAS,EAAE;IACzD,EAAE,OAAO,EAAE,yFAAyF,EAAE,QAAQ,EAAE,aAAa,EAAE;IAC/H,EAAE,OAAO,EAAE,uBAAuB,EAAE,QAAQ,EAAE,YAAY,EAAE;CAC7D,CAAC;AAEF,MAAM,OAAO,iBAAiB;IACpB,KAAK,GAAoB,EAAE,CAAC;IAC5B,cAAc,GAAuB,EAAE,CAAC;IACxC,MAAM,GAAG,KAAK,CAAC;IAEvB,4CAA4C;IAC5C,IAAI,QAAQ;QACV,OAAO,CAAC,GAAG,gBAAgB,EAAE,GAAG,IAAI,CAAC,cAAc,CAAC,CAAC;IACvD,CAAC;IAED,gDAAgD;IAChD,IAAI,cAAc;QAChB,OAAO,IAAI,CAAC,KAAK,CAAC;IACpB,CAAC;IAED,sEAAsE;IACtE,KAAK,CAAC,IAAI,CAAC,SAAiB;QAC1B,MAAM,QAAQ,GAAG,IAAI,CAAC,SAAS,EAAE,WAAW,EAAE,gBAAgB,CAAC,CAAC;QAChE,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,MAAM,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;YAC9C,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;YACpB,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC;YACnB,GAAG,CAAC,IAAI,CAAC,2BAA2B,EAAE;gBACpC,KAAK,EAAE,IAAI,CAAC,KAAK,CAAC,MAAM;gBACxB,cAAc,EAAE,IAAI,CAAC,cAAc,CAAC,MAAM;aAC3C,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,IAAI,GAAG,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;gBAC1B,GAAG,CAAC,KAAK,CAAC,wDAAwD,CAAC,CAAC;YACtE,CAAC;iBAAM,CAAC;gBACN,GAAG,CAAC,IAAI,CAAC,+DAA+D,EAAE,EAAE,KAAK,EAAE,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;YACpG,CAAC;YACD,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC,uBAAuB;QAC7C,CAAC;IACH,CAAC;IAED,IAAI,QAAQ;QACV,OAAO,IAAI,CAAC,MAAM,CAAC;IACrB,CAAC;IAED;;;OAGG;IACK,SAAS,CAAC,GAAW;QAC3B,MAAM,KAAK,GAAoB,EAAE,CAAC;QAClC,MAAM,cAAc,GAAuB,EAAE,CAAC;QAE9C,qEAAqE;QACrE,MAAM,OAAO,GAAG,GAAG,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;QAEjE,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;YAC5B,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC;YAE5F,IAAI,KAAyB,CAAC;YAC9B,IAAI,QAA4B,CAAC;YACjC,IAAI,OAA2B,CAAC;YAEhC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;gBACzB,wDAAwD;gBACxD,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;gBAC1C,MAAM,OAAO,GAAG,OAAO,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAC;gBACpD,IAAI,CAAC,OAAO;oBAAE,SAAS;gBACvB,MAAM,CAAC,EAAE,GAAG,EAAE,GAAG,CAAC,GAAG,OAAO,CAAC;gBAC7B,MAAM,QAAQ,GAAG,GAAG,CAAC,OAAO,CAAC,cAAc,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;gBACxD,IAAI,GAAG,KAAK,OAAO;oBAAE,KAAK,GAAG,QAAQ,CAAC;qBACjC,IAAI,GAAG,KAAK,UAAU;oBAAE,QAAQ,GAAG,QAAQ,CAAC;qBAC5C,IAAI,GAAG,KAAK,SAAS;oBAAE,OAAO,GAAG,QAAQ,CAAC;YACjD,CAAC;YAED,IAAI,OAAO,IAAI,QAAQ,EAAE,CAAC;gBACxB,IAAI,CAAC;oBACH,cAAc,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,IAAI,MAAM,CAAC,OAAO,EAAE,GAAG,CAAC,EAAE,QAAQ,EAAE,QAAQ,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;gBAC/F,CAAC;gBAAC,MAAM,CAAC;oBACP,GAAG,CAAC,IAAI,CAAC,iCAAiC,EAAE,EAAE,OAAO,EAAE,QAAQ,EAAE,CAAC,CAAC;gBACrE,CAAC;YACH,CAAC;iBAAM,IAAI,KAAK,IAAI,QAAQ,EAAE,CAAC;gBAC7B,KAAK,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,QAAQ,EAAE,QAAQ,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;YAC1D,CAAC;QACH,CAAC;QAED,2DAA2D;QAC3D,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAEtD,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;QACnB,IAAI,CAAC,cAAc,GAAG,cAAc,CAAC;IACvC,CAAC;CACF"}

package/dist/mcp-server.d.ts

@@ -0,0 +1,11 @@
+#!/usr/bin/env node
+/**
+ * Core Brain MCP Server — exposes Brain memory and knowledge to Claude Code.
+ * stdio-only transport. No network port. All logging to stderr.
+ *
+ * Tools: memory_retrieve, memory_learn, memory_list, read_brain_file,
+ *        get_settings, list_locked, list_rooms
+ * Resources: brain://memory/*, brain://identity, brain://operations
+ */
+export {};
+//# sourceMappingURL=mcp-server.d.ts.map

package/dist/mcp-server.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"mcp-server.d.ts","sourceRoot":"","sources":["../src/mcp-server.ts"],"names":[],"mappings":";AACA;;;;;;;GAOG"}