@safebrowse/core 0.1.2-rc.1

package/dist/policy.js

@@ -0,0 +1,74 @@
+import { normalizeOrigin } from "./utils.js";
+function mergeArrays(...groups) {
+    const merged = new Set();
+    for (const group of groups) {
+        for (const item of group ?? []) {
+            merged.add(item.toLowerCase());
+        }
+    }
+    return merged;
+}
+function mergeBooleans(layers, selector, fallback) {
+    let current = fallback;
+    for (const layer of layers) {
+        const value = selector(layer);
+        if (typeof value === "boolean") {
+            current = value;
+        }
+    }
+    return current;
+}
+export function compilePolicy(policyPack) {
+    const layers = [...policyPack.layers];
+    const readOnlyOrigins = new Set([...mergeArrays(...layers.map((layer) => layer.origins?.readOnlyAllow))].map((origin) => normalizeOrigin(origin)));
+    const writableOrigins = new Set([...mergeArrays(...layers.map((layer) => layer.origins?.writableAllow))].map((origin) => normalizeOrigin(origin)));
+    let memoryDurableWrites = "deny";
+    for (const layer of layers) {
+        if (layer.memory?.durableWrites) {
+            memoryDurableWrites = layer.memory.durableWrites;
+        }
+    }
+    let telemetrySampling = "adaptive";
+    for (const layer of layers) {
+        if (layer.telemetry?.sampling) {
+            telemetrySampling = layer.telemetry.sampling;
+        }
+    }
+    return {
+        packId: policyPack.packId,
+        profile: policyPack.profile,
+        version: policyPack.version,
+        layerOrder: layers.map((layer) => layer.name),
+        layerProvenance: layers.map((layer) => ({
+            name: layer.name,
+            version: layer.version,
+            profile: layer.profile
+        })),
+        readOnlyOrigins,
+        writableOrigins,
+        allowedActions: mergeArrays(...layers.map((layer) => layer.actions?.allow)),
+        approvalActions: mergeArrays(...layers.map((layer) => layer.actions?.requireApproval)),
+        deniedActions: mergeArrays(...layers.map((layer) => layer.actions?.deny)),
+        allowedMimeTypes: mergeArrays(...layers.map((layer) => layer.artifacts?.allowMimeTypes)),
+        protectedMemoryKeys: mergeArrays(...layers.map((layer) => layer.memory?.protectedKeys)),
+        memoryDurableWrites,
+        forbidTokenPassthrough: mergeBooleans(layers, (layer) => layer.toolProtocol?.forbidTokenPassthrough, true),
+        enforceExactRedirectUri: mergeBooleans(layers, (layer) => layer.toolProtocol?.enforceExactRedirectUri, true),
+        allowedRegistrySigners: mergeArrays(...layers.map((layer) => layer.toolProtocol?.allowedRegistrySigners)),
+        requireVerifiedRegistry: mergeBooleans(layers, (layer) => layer.toolProtocol?.requireVerifiedRegistry, true),
+        requireApprovalBinding: mergeBooleans(layers, (layer) => layer.toolProtocol?.requireApprovalBinding, true),
+        requireOauthStateBinding: mergeBooleans(layers, (layer) => layer.toolProtocol?.requireOauthStateBinding, true),
+        taintedConnectorFlowDecision: [...layers]
+            .reverse()
+            .find((layer) => layer.toolProtocol?.taintedConnectorFlowDecision)
+            ?.toolProtocol?.taintedConnectorFlowDecision ?? "block",
+        allowLoopbackCallbacksInDev: mergeBooleans(layers, (layer) => layer.toolProtocol?.allowLoopbackCallbacksInDev, false),
+        enableDocumentHandoff: mergeBooleans(layers, (layer) => layer.artifacts?.enableDocumentHandoff, true),
+        quarantineOnHiddenTextMismatch: mergeBooleans(layers, (layer) => layer.artifacts?.quarantineOnHiddenTextMismatch, true),
+        replayBundle: mergeBooleans(layers, (layer) => layer.telemetry?.replayBundle, true),
+        redactSensitiveValues: mergeBooleans(layers, (layer) => layer.telemetry?.redactSensitiveValues, true),
+        telemetrySampling,
+        compiledAt: new Date().toISOString()
+    };
+}
+//# sourceMappingURL=policy.js.map

package/dist/policy.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy.js","sourceRoot":"","sources":["../src/policy.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAE7C,SAAS,WAAW,CAAC,GAAG,MAAmC;IACzD,MAAM,MAAM,GAAG,IAAI,GAAG,EAAU,CAAC;IACjC,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;QAC3B,KAAK,MAAM,IAAI,IAAI,KAAK,IAAI,EAAE,EAAE,CAAC;YAC/B,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC;QACjC,CAAC;IACH,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,aAAa,CACpB,MAAqB,EACrB,QAAqD,EACrD,QAAiB;IAEjB,IAAI,OAAO,GAAG,QAAQ,CAAC;IACvB,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;QAC3B,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC;QAC9B,IAAI,OAAO,KAAK,KAAK,SAAS,EAAE,CAAC;YAC/B,OAAO,GAAG,KAAK,CAAC;QAClB,CAAC;IACH,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,UAAsB;IAClD,MAAM,MAAM,GAAG,CAAC,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC;IAEtC,MAAM,eAAe,GAAG,IAAI,GAAG,CAC7B,CAAC,GAAG,WAAW,CAAC,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CACtF,eAAe,CAAC,MAAM,CAAC,CACxB,CACF,CAAC;IACF,MAAM,eAAe,GAAG,IAAI,GAAG,CAC7B,CAAC,GAAG,WAAW,CAAC,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CACtF,eAAe,CAAC,MAAM,CAAC,CACxB,CACF,CAAC;IAEF,IAAI,mBAAmB,GAAkC,MAAM,CAAC;IAChE,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;QAC3B,IAAI,KAAK,CAAC,MAAM,EAAE,aAAa,EAAE,CAAC;YAChC,mBAAmB,GAAG,KAAK,CAAC,MAAM,CAAC,aAAa,CAAC;QACnD,CAAC;IACH,CAAC;IAED,IAAI,iBAAiB,GAAgC,UAAU,CAAC;IAChE,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;QAC3B,IAAI,KAAK,CAAC,SAAS,EAAE,QAAQ,EAAE,CAAC;YAC9B,iBAAiB,GAAG,KAAK,CAAC,SAAS,CAAC,QAAQ,CAAC;QAC/C,CAAC;IACH,CAAC;IAED,OAAO;QACL,MAAM,EAAE,UAAU,CAAC,MAAM;QACzB,OAAO,EAAE,UAAU,CAAC,OAAO;QAC3B,OAAO,EAAE,UAAU,CAAC,OAAO;QAC3B,UAAU,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC;QAC7C,eAAe,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;YACtC,IAAI,EAAE,KAAK,CAAC,IAAI;YAChB,OAAO,EAAE,KAAK,CAAC,OAAO;YACtB,OAAO,EAAE,KAAK,CAAC,OAAO;SACvB,CAAC,CAAC;QACH,eAAe;QACf,eAAe;QACf,cAAc,EAAE,WAAW,CAAC,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;QAC3E,eAAe,EAAE,WAAW,CAAC,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,OAAO,EAAE,eAAe,CAAC,CAAC;QACtF,aAAa,EAAE,WAAW,CAAC,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;QACzE,gBAAgB,EAAE,WAAW,CAAC,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,SAAS,EAAE,cAAc,CAAC,CAAC;QACxF,mBAAmB,EAAE,WAAW,CAAC,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC;QACvF,mBAAmB;QACnB,sBAAsB,EAAE,aAAa,CACnC,MAAM,EACN,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,YAAY,EAAE,sBAAsB,EACrD,IAAI,CACL;QACD,uBAAuB,EAAE,aAAa,CACpC,MAAM,EACN,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,YAAY,EAAE,uBAAuB,EACtD,IAAI,CACL;QACD,sBAAsB,EAAE,WAAW,CACjC,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,YAAY,EAAE,sBAAsB,CAAC,CACrE;QACD,uBAAuB,EAAE,aAAa,CACpC,MAAM,EACN,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,YAAY,EAAE,uBAAuB,EACtD,IAAI,CACL;QACD,sBAAsB,EAAE,aAAa,CACnC,MAAM,EACN,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,YAAY,EAAE,sBAAsB,EACrD,IAAI,CACL;QACD,wBAAwB,EAAE,aAAa,CACrC,MAAM,EACN,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,YAAY,EAAE,wBAAwB,EACvD,IAAI,CACL;QACD,4BAA4B,EAC1B,CAAC,GAAG,MAAM,CAAC;aACR,OAAO,EAAE;aACT,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,YAAY,EAAE,4BAA4B,CAAC;YAClE,EAAE,YAAY,EAAE,4BAA4B,IAAI,OAAO;QAC3D,2BAA2B,EAAE,aAAa,CACxC,MAAM,EACN,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,YAAY,EAAE,2BAA2B,EAC1D,KAAK,CACN;QACD,qBAAqB,EAAE,aAAa,CAClC,MAAM,EACN,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,SAAS,EAAE,qBAAqB,EACjD,IAAI,CACL;QACD,8BAA8B,EAAE,aAAa,CAC3C,MAAM,EACN,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,SAAS,EAAE,8BAA8B,EAC1D,IAAI,CACL;QACD,YAAY,EAAE,aAAa,CAAC,MAAM,EAAE,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,SAAS,EAAE,YAAY,EAAE,IAAI,CAAC;QACnF,qBAAqB,EAAE,aAAa,CAClC,MAAM,EACN,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,SAAS,EAAE,qBAAqB,EACjD,IAAI,CACL;QACD,iBAAiB;QACjB,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;KACrC,CAAC;AACJ,CAAC"}

package/dist/promptInjection.d.ts

@@ -0,0 +1,3 @@
+import type { ObservationEnvelope, PromptGuardResult, RuntimeContext } from "./types.js";
+export declare function runPromptInjectionGuard(observation: ObservationEnvelope, context?: Pick<RuntimeContext, "knowledgeBase">): PromptGuardResult;
+//# sourceMappingURL=promptInjection.d.ts.map

package/dist/promptInjection.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"promptInjection.d.ts","sourceRoot":"","sources":["../src/promptInjection.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,mBAAmB,EAAE,iBAAiB,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AA4BzF,wBAAgB,uBAAuB,CACrC,WAAW,EAAE,mBAAmB,EAChC,OAAO,CAAC,EAAE,IAAI,CAAC,cAAc,EAAE,eAAe,CAAC,GAC9C,iBAAiB,CAqDnB"}

package/dist/promptInjection.js

@@ -0,0 +1,58 @@
+import { clamp, uniq } from "./utils.js";
+const DIRECT_OVERRIDE = /\b(ignore (?:(all|any|the)\s+)?(previous|prior)|disregard (?:(all|any|the)\s+)?(previous|prior)|system prompt|developer message|you are now|act as|override instructions)\b/i;
+const PRIVILEGE_CLAIM = /\b(admin(istrator)?|root access|privileged role|security bypass|policy exception)\b/i;
+const EXFILTRATION_CUE = /\b(exfiltrate|send (the|all) data|forward .*token|reveal secrets?|credential)\b/i;
+const SOCIAL_ENGINEERING = /\b(urgent|immediately|secret|confidential|do not tell|silently|quietly)\b/i;
+const TYPOGLYCEMIA = /\b(ignroe|prevouis|sysetm|developre|instrucitons|credentails)\b/i;
+function matchKbFamily(patterns, familyHints) {
+    return patterns
+        .filter((pattern) => {
+        const family = String(pattern.family_key ?? "").toLowerCase();
+        const name = String(pattern.pattern_name ?? "").toLowerCase();
+        return familyHints.some((hint) => family.includes(hint) || name.includes(hint));
+    })
+        .slice(0, 8)
+        .map((pattern) => String(pattern.pattern_id ?? pattern.id ?? "unknown-pattern"));
+}
+export function runPromptInjectionGuard(observation, context) {
+    const suspicionFlags = [];
+    const familyHints = [];
+    let score = observation.suspicionFlags.length ? 0.15 : 0;
+    if (DIRECT_OVERRIDE.test(observation.normalizedText)) {
+        suspicionFlags.push("prompt_override_language");
+        familyHints.push("override");
+        score += 0.35;
+    }
+    if (PRIVILEGE_CLAIM.test(observation.normalizedText)) {
+        suspicionFlags.push("privilege_claim_language");
+        familyHints.push("role");
+        score += 0.2;
+    }
+    if (EXFILTRATION_CUE.test(observation.normalizedText)) {
+        suspicionFlags.push("exfiltration_cue");
+        familyHints.push("unsafe");
+        score += 0.25;
+    }
+    if (SOCIAL_ENGINEERING.test(observation.normalizedText)) {
+        suspicionFlags.push("social_engineering_pressure");
+        familyHints.push("social");
+        score += 0.15;
+    }
+    if (TYPOGLYCEMIA.test(observation.normalizedText)) {
+        suspicionFlags.push("obfuscated_typoglycemia");
+        familyHints.push("obfus");
+        score += 0.2;
+    }
+    if (observation.fragments.some((fragment) => fragment.visibilityClass !== "visible")) {
+        suspicionFlags.push("non_visible_instruction_channel");
+        familyHints.push("hidden");
+        score += 0.2;
+    }
+    const matchedPatternIds = matchKbFamily(context?.knowledgeBase?.promptInjectionPatterns ?? [], uniq(familyHints));
+    return {
+        suspicionFlags: uniq(suspicionFlags),
+        matchedPatternIds,
+        riskScore: clamp(score)
+    };
+}
+//# sourceMappingURL=promptInjection.js.map

package/dist/promptInjection.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"promptInjection.js","sourceRoot":"","sources":["../src/promptInjection.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,YAAY,CAAC;AAEzC,MAAM,eAAe,GACnB,8KAA8K,CAAC;AACjL,MAAM,eAAe,GACnB,sFAAsF,CAAC;AACzF,MAAM,gBAAgB,GACpB,kFAAkF,CAAC;AACrF,MAAM,kBAAkB,GACtB,4EAA4E,CAAC;AAC/E,MAAM,YAAY,GAChB,kEAAkE,CAAC;AAErE,SAAS,aAAa,CACpB,QAAwC,EACxC,WAAqB;IAErB,OAAO,QAAQ;SACZ,MAAM,CAAC,CAAC,OAAO,EAAE,EAAE;QAClB,MAAM,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,UAAU,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;QAC9D,MAAM,IAAI,GAAG,MAAM,CAAC,OAAO,CAAC,YAAY,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;QAC9D,OAAO,WAAW,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC;IAClF,CAAC,CAAC;SACD,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC;SACX,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,EAAE,IAAI,iBAAiB,CAAC,CAAC,CAAC;AACrF,CAAC;AAED,MAAM,UAAU,uBAAuB,CACrC,WAAgC,EAChC,OAA+C;IAE/C,MAAM,cAAc,GAAa,EAAE,CAAC;IACpC,MAAM,WAAW,GAAa,EAAE,CAAC;IACjC,IAAI,KAAK,GAAG,WAAW,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;IAEzD,IAAI,eAAe,CAAC,IAAI,CAAC,WAAW,CAAC,cAAc,CAAC,EAAE,CAAC;QACrD,cAAc,CAAC,IAAI,CAAC,0BAA0B,CAAC,CAAC;QAChD,WAAW,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAC7B,KAAK,IAAI,IAAI,CAAC;IAChB,CAAC;IAED,IAAI,eAAe,CAAC,IAAI,CAAC,WAAW,CAAC,cAAc,CAAC,EAAE,CAAC;QACrD,cAAc,CAAC,IAAI,CAAC,0BAA0B,CAAC,CAAC;QAChD,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACzB,KAAK,IAAI,GAAG,CAAC;IACf,CAAC;IAED,IAAI,gBAAgB,CAAC,IAAI,CAAC,WAAW,CAAC,cAAc,CAAC,EAAE,CAAC;QACtD,cAAc,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;QACxC,WAAW,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAC3B,KAAK,IAAI,IAAI,CAAC;IAChB,CAAC;IAED,IAAI,kBAAkB,CAAC,IAAI,CAAC,WAAW,CAAC,cAAc,CAAC,EAAE,CAAC;QACxD,cAAc,CAAC,IAAI,CAAC,6BAA6B,CAAC,CAAC;QACnD,WAAW,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAC3B,KAAK,IAAI,IAAI,CAAC;IAChB,CAAC;IAED,IAAI,YAAY,CAAC,IAAI,CAAC,WAAW,CAAC,cAAc,CAAC,EAAE,CAAC;QAClD,cAAc,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC;QAC/C,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAC1B,KAAK,IAAI,GAAG,CAAC;IACf,CAAC;IAED,IACE,WAAW,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,EAAE,CAAC,QAAQ,CAAC,eAAe,KAAK,SAAS,CAAC,EAChF,CAAC;QACD,cAAc,CAAC,IAAI,CAAC,iCAAiC,CAAC,CAAC;QACvD,WAAW,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAC3B,KAAK,IAAI,GAAG,CAAC;IACf,CAAC;IAED,MAAM,iBAAiB,GAAG,aAAa,CACrC,OAAO,EAAE,aAAa,EAAE,uBAAuB,IAAI,EAAE,EACrD,IAAI,CAAC,WAAW,CAAC,CAClB,CAAC;IAEF,OAAO;QACL,cAAc,EAAE,IAAI,CAAC,cAAc,CAAC;QACpC,iBAAiB;QACjB,SAAS,EAAE,KAAK,CAAC,KAAK,CAAC;KACxB,CAAC;AACJ,CAAC"}

package/dist/replay.d.ts

@@ -0,0 +1,3 @@
+import type { ReplayBundle, ReplayEvent, RuntimeContext } from "./types.js";
+export declare function buildReplayBundle(events: ReplayEvent[], context: Pick<RuntimeContext, "policy">): ReplayBundle;
+//# sourceMappingURL=replay.d.ts.map

package/dist/replay.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"replay.d.ts","sourceRoot":"","sources":["../src/replay.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,YAAY,EAAE,WAAW,EAAE,cAAc,EAAe,MAAM,YAAY,CAAC;AAOzF,wBAAgB,iBAAiB,CAC/B,MAAM,EAAE,WAAW,EAAE,EACrB,OAAO,EAAE,IAAI,CAAC,cAAc,EAAE,QAAQ,CAAC,GACtC,YAAY,CAoCd"}

package/dist/replay.js

@@ -0,0 +1,39 @@
+import { randomUUID } from "node:crypto";
+import { sha256Hex, stableStringify } from "./utils.js";
+function isVerdictPayload(payload) {
+    return Boolean(payload && typeof payload === "object" && "decision" in payload);
+}
+export function buildReplayBundle(events, context) {
+    let blockingDecisions = 0;
+    let reviewDecisions = 0;
+    for (const event of events) {
+        if (isVerdictPayload(event.payload)) {
+            if (event.payload.decision === "BLOCK") {
+                blockingDecisions += 1;
+            }
+            if (event.payload.decision === "USER_CONFIRM" ||
+                event.payload.decision === "REPLAN_READ_ONLY" ||
+                event.payload.decision === "QUARANTINE_ARTIFACT") {
+                reviewDecisions += 1;
+            }
+        }
+    }
+    return {
+        bundleId: randomUUID(),
+        createdAt: new Date().toISOString(),
+        policyVersion: context.policy.version,
+        profile: context.policy.profile,
+        policyLayers: context.policy.layerProvenance,
+        eventDigests: events.map((event) => sha256Hex(stableStringify(event))),
+        events: events.map((event) => ({
+            ...event,
+            timestamp: event.timestamp ?? new Date().toISOString()
+        })),
+        metrics: {
+            totalEvents: events.length,
+            blockingDecisions,
+            reviewDecisions
+        }
+    };
+}
+//# sourceMappingURL=replay.js.map

package/dist/replay.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"replay.js","sourceRoot":"","sources":["../src/replay.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAGzC,OAAO,EAAE,SAAS,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAExD,SAAS,gBAAgB,CAAC,OAAgB;IACxC,OAAO,OAAO,CAAC,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ,IAAI,UAAU,IAAI,OAAO,CAAC,CAAC;AAClF,CAAC;AAED,MAAM,UAAU,iBAAiB,CAC/B,MAAqB,EACrB,OAAuC;IAEvC,IAAI,iBAAiB,GAAG,CAAC,CAAC;IAC1B,IAAI,eAAe,GAAG,CAAC,CAAC;IAExB,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;QAC3B,IAAI,gBAAgB,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC;YACpC,IAAI,KAAK,CAAC,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;gBACvC,iBAAiB,IAAI,CAAC,CAAC;YACzB,CAAC;YACD,IACE,KAAK,CAAC,OAAO,CAAC,QAAQ,KAAK,cAAc;gBACzC,KAAK,CAAC,OAAO,CAAC,QAAQ,KAAK,kBAAkB;gBAC7C,KAAK,CAAC,OAAO,CAAC,QAAQ,KAAK,qBAAqB,EAChD,CAAC;gBACD,eAAe,IAAI,CAAC,CAAC;YACvB,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO;QACL,QAAQ,EAAE,UAAU,EAAE;QACtB,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACnC,aAAa,EAAE,OAAO,CAAC,MAAM,CAAC,OAAO;QACrC,OAAO,EAAE,OAAO,CAAC,MAAM,CAAC,OAAO;QAC/B,YAAY,EAAE,OAAO,CAAC,MAAM,CAAC,eAAe;QAC5C,YAAY,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,SAAS,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC,CAAC;QACtE,MAAM,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;YAC7B,GAAG,KAAK;YACR,SAAS,EAAE,KAAK,CAAC,SAAS,IAAI,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACvD,CAAC,CAAC;QACH,OAAO,EAAE;YACP,WAAW,EAAE,MAAM,CAAC,MAAM;YAC1B,iBAAiB;YACjB,eAAe;SAChB;KACF,CAAC;AACJ,CAAC"}

package/dist/sanitize.d.ts

@@ -0,0 +1,3 @@
+import type { ObservationEnvelope, RawObservationInput, RuntimeContext } from "./types.js";
+export declare function sanitizeObservation(input: RawObservationInput, context?: Partial<RuntimeContext>): ObservationEnvelope;
+//# sourceMappingURL=sanitize.d.ts.map

package/dist/sanitize.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sanitize.d.ts","sourceRoot":"","sources":["../src/sanitize.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EACV,mBAAmB,EAEnB,mBAAmB,EACnB,cAAc,EACf,MAAM,YAAY,CAAC;AAGpB,wBAAgB,mBAAmB,CACjC,KAAK,EAAE,mBAAmB,EAC1B,OAAO,GAAE,OAAO,CAAC,cAAc,CAAM,GACpC,mBAAmB,CAoDrB"}

package/dist/sanitize.js

@@ -0,0 +1,50 @@
+import { randomUUID } from "node:crypto";
+import { runPromptInjectionGuard } from "./promptInjection.js";
+import { normalizeTrustSignals } from "./trust.js";
+import { normalizeText, sha256Hex, uniq } from "./utils.js";
+export function sanitizeObservation(input, context = {}) {
+    const trustSignals = normalizeTrustSignals(input.trustSignals);
+    const fragments = input.fragments?.map((fragment) => ({
+        fragmentId: fragment.fragmentId ?? randomUUID(),
+        text: normalizeText(fragment.text),
+        visibilityClass: fragment.visibilityClass ?? trustSignals.visibilityClass,
+        medium: fragment.medium ?? "text",
+        sourceOrigin: fragment.sourceOrigin ?? trustSignals.sourceOrigin,
+        frameOrigin: fragment.frameOrigin ?? trustSignals.frameOrigin,
+        selector: fragment.selector,
+        tainted: fragment.tainted ?? trustSignals.taintClass !== "trusted"
+    })) ?? [];
+    const text = normalizeText(input.text ?? fragments.map((fragment) => fragment.text).join(" "));
+    const baseFlags = [
+        ...fragments
+            .filter((fragment) => fragment.visibilityClass === "hidden")
+            .map(() => "hidden_fragment_present"),
+        ...fragments
+            .filter((fragment) => fragment.visibilityClass === "metadata")
+            .map(() => "metadata_fragment_present")
+    ];
+    const envelope = {
+        observationId: input.observationId ?? randomUUID(),
+        taskId: input.taskId,
+        sourceType: input.sourceType ?? "page",
+        text,
+        normalizedText: text.toLowerCase(),
+        fragments,
+        trustSignals,
+        suspicionFlags: uniq(baseFlags),
+        matchedPatternIds: [],
+        riskScore: 0,
+        rawHash: input.rawHash ?? sha256Hex(text),
+        createdAt: (context.now?.() ?? new Date()).toISOString()
+    };
+    const promptGuard = runPromptInjectionGuard(envelope, {
+        knowledgeBase: context.knowledgeBase
+    });
+    return {
+        ...envelope,
+        suspicionFlags: uniq([...envelope.suspicionFlags, ...promptGuard.suspicionFlags]),
+        matchedPatternIds: promptGuard.matchedPatternIds,
+        riskScore: promptGuard.riskScore
+    };
+}
+//# sourceMappingURL=sanitize.js.map

package/dist/sanitize.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sanitize.js","sourceRoot":"","sources":["../src/sanitize.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAEzC,OAAO,EAAE,uBAAuB,EAAE,MAAM,sBAAsB,CAAC;AAC/D,OAAO,EAAE,qBAAqB,EAAE,MAAM,YAAY,CAAC;AAOnD,OAAO,EAAE,aAAa,EAAE,SAAS,EAAE,IAAI,EAAE,MAAM,YAAY,CAAC;AAE5D,MAAM,UAAU,mBAAmB,CACjC,KAA0B,EAC1B,UAAmC,EAAE;IAErC,MAAM,YAAY,GAAG,qBAAqB,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;IAC/D,MAAM,SAAS,GACb,KAAK,CAAC,SAAS,EAAE,GAAG,CAAC,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;QAClC,UAAU,EAAE,QAAQ,CAAC,UAAU,IAAI,UAAU,EAAE;QAC/C,IAAI,EAAE,aAAa,CAAC,QAAQ,CAAC,IAAI,CAAC;QAClC,eAAe,EAAE,QAAQ,CAAC,eAAe,IAAI,YAAY,CAAC,eAAe;QACzE,MAAM,EAAE,QAAQ,CAAC,MAAM,IAAI,MAAM;QACjC,YAAY,EAAE,QAAQ,CAAC,YAAY,IAAI,YAAY,CAAC,YAAY;QAChE,WAAW,EAAE,QAAQ,CAAC,WAAW,IAAI,YAAY,CAAC,WAAW;QAC7D,QAAQ,EAAE,QAAQ,CAAC,QAAQ;QAC3B,OAAO,EAAE,QAAQ,CAAC,OAAO,IAAI,YAAY,CAAC,UAAU,KAAK,SAAS;KACnE,CAAC,CAAC,IAAI,EAAE,CAAC;IAEZ,MAAM,IAAI,GAAG,aAAa,CACxB,KAAK,CAAC,IAAI,IAAI,SAAS,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CACnE,CAAC;IAEF,MAAM,SAAS,GAAG;QAChB,GAAG,SAAS;aACT,MAAM,CAAC,CAAC,QAAQ,EAAE,EAAE,CAAC,QAAQ,CAAC,eAAe,KAAK,QAAQ,CAAC;aAC3D,GAAG,CAAC,GAAG,EAAE,CAAC,yBAAyB,CAAC;QACvC,GAAG,SAAS;aACT,MAAM,CAAC,CAAC,QAAQ,EAAE,EAAE,CAAC,QAAQ,CAAC,eAAe,KAAK,UAAU,CAAC;aAC7D,GAAG,CAAC,GAAG,EAAE,CAAC,2BAA2B,CAAC;KAC1C,CAAC;IAEF,MAAM,QAAQ,GAAwB;QACpC,aAAa,EAAE,KAAK,CAAC,aAAa,IAAI,UAAU,EAAE;QAClD,MAAM,EAAE,KAAK,CAAC,MAAM;QACpB,UAAU,EAAE,KAAK,CAAC,UAAU,IAAI,MAAM;QACtC,IAAI;QACJ,cAAc,EAAE,IAAI,CAAC,WAAW,EAAE;QAClC,SAAS;QACT,YAAY;QACZ,cAAc,EAAE,IAAI,CAAC,SAAS,CAAC;QAC/B,iBAAiB,EAAE,EAAE;QACrB,SAAS,EAAE,CAAC;QACZ,OAAO,EAAE,KAAK,CAAC,OAAO,IAAI,SAAS,CAAC,IAAI,CAAC;QACzC,SAAS,EAAE,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,IAAI,IAAI,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE;KACzD,CAAC;IAEF,MAAM,WAAW,GAAG,uBAAuB,CAAC,QAAQ,EAAE;QACpD,aAAa,EAAE,OAAO,CAAC,aAAa;KACrC,CAAC,CAAC;IAEH,OAAO;QACL,GAAG,QAAQ;QACX,cAAc,EAAE,IAAI,CAAC,CAAC,GAAG,QAAQ,CAAC,cAAc,EAAE,GAAG,WAAW,CAAC,cAAc,CAAC,CAAC;QACjF,iBAAiB,EAAE,WAAW,CAAC,iBAAiB;QAChD,SAAS,EAAE,WAAW,CAAC,SAAS;KACjC,CAAC;AACJ,CAAC"}

package/dist/toolProtocol.d.ts

@@ -0,0 +1,3 @@
+import type { RuntimeContext, SafeVerdict, ToolRequest } from "./types.js";
+export declare function evaluateToolRequest(request: ToolRequest, context: RuntimeContext): SafeVerdict;
+//# sourceMappingURL=toolProtocol.d.ts.map

package/dist/toolProtocol.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"toolProtocol.d.ts","sourceRoot":"","sources":["../src/toolProtocol.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,cAAc,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AA2B3E,wBAAgB,mBAAmB,CACjC,OAAO,EAAE,WAAW,EACpB,OAAO,EAAE,cAAc,GACtB,WAAW,CA+Eb"}

package/dist/toolProtocol.js

@@ -0,0 +1,80 @@
+import { normalizeTrustSignals } from "./trust.js";
+import { clamp, isPrivateHost, uniq } from "./utils.js";
+const MALICIOUS_TOOL_TEXT = /\b(ignore previous|system prompt|override|send token|reveal secrets?|exfiltrate)\b/i;
+function matchToolPatterns(reasons, patterns) {
+    const hints = reasons.join(" ").toLowerCase();
+    return patterns
+        .filter((pattern) => {
+        const family = String(pattern.family_key ?? "").toLowerCase();
+        const name = String(pattern.pattern_name ?? "").toLowerCase();
+        return ((hints.includes("manifest") && family.includes("description")) ||
+            (hints.includes("redirect") && name.includes("redirect")) ||
+            (hints.includes("token") && name.includes("token")) ||
+            (hints.includes("ssrf") && family.includes("ssrf")));
+    })
+        .slice(0, 8)
+        .map((pattern) => String(pattern.pattern_id ?? "unknown-tool-pattern"));
+}
+export function evaluateToolRequest(request, context) {
+    normalizeTrustSignals({
+        artifactKind: "tool_manifest",
+        extractionMethod: "api",
+        ...(request.trustSignals ?? {})
+    });
+    const reasonCodes = [];
+    let decision = "ALLOW";
+    let riskScore = 0.25;
+    const descriptions = [request.description, ...(request.schemaDescriptions ?? [])];
+    if (descriptions.some((value) => MALICIOUS_TOOL_TEXT.test(value))) {
+        decision = "BLOCK";
+        reasonCodes.push("MALICIOUS_TOOL_MANIFEST");
+        riskScore = 0.95;
+    }
+    if (context.policy.forbidTokenPassthrough && request.tokenPassthroughRequested) {
+        decision = "BLOCK";
+        reasonCodes.push("TOKEN_PASSTHROUGH_FORBIDDEN");
+        riskScore = 0.95;
+    }
+    if (context.policy.enforceExactRedirectUri &&
+        request.authType === "oauth" &&
+        request.requestedRedirectUri &&
+        request.allowedRedirectUris?.length &&
+        !request.allowedRedirectUris.includes(request.requestedRedirectUri)) {
+        decision = "BLOCK";
+        reasonCodes.push("REDIRECT_URI_MISMATCH");
+        riskScore = 0.9;
+    }
+    if (request.egressHosts?.some((host) => isPrivateHost(host)) &&
+        !request.allowLocalhostEgress) {
+        decision = "BLOCK";
+        reasonCodes.push("SSRF_EGRESS_DENIED");
+        riskScore = 0.95;
+    }
+    if (request.registrySigned === false) {
+        decision = decision === "ALLOW" ? "USER_CONFIRM" : decision;
+        reasonCodes.push("UNSIGNED_TOOL_REGISTRY_ENTRY");
+        riskScore = Math.max(riskScore, 0.55);
+    }
+    if (request.registrySigner &&
+        context.policy.allowedRegistrySigners.size &&
+        !context.policy.allowedRegistrySigners.has(request.registrySigner.toLowerCase())) {
+        decision = "USER_CONFIRM";
+        reasonCodes.push("REGISTRY_SIGNER_NOT_ALLOWLISTED");
+        riskScore = Math.max(riskScore, 0.65);
+    }
+    const matchedPatternIds = matchToolPatterns(reasonCodes, context.knowledgeBase?.toolProtocolPatterns ?? []);
+    return {
+        decision,
+        reasonCodes: uniq(reasonCodes),
+        riskScore: clamp(riskScore),
+        safeConstraints: {
+            exact_redirect_uri: context.policy.enforceExactRedirectUri,
+            token_passthrough_allowed: !context.policy.forbidTokenPassthrough,
+            allowed_registry_signers: [...context.policy.allowedRegistrySigners]
+        },
+        matchedPatternIds,
+        incidentPlaybookId: decision === "BLOCK" ? "IR-04" : undefined,
+        telemetryTags: uniq([request.toolId, decision.toLowerCase()])
+    };
+}
+//# sourceMappingURL=toolProtocol.js.map

package/dist/toolProtocol.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"toolProtocol.js","sourceRoot":"","sources":["../src/toolProtocol.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,qBAAqB,EAAE,MAAM,YAAY,CAAC;AACnD,OAAO,EAAE,KAAK,EAAE,aAAa,EAAE,IAAI,EAAE,MAAM,YAAY,CAAC;AAExD,MAAM,mBAAmB,GACvB,qFAAqF,CAAC;AAExF,SAAS,iBAAiB,CACxB,OAAiB,EACjB,QAAwC;IAExC,MAAM,KAAK,GAAG,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,WAAW,EAAE,CAAC;IAC9C,OAAO,QAAQ;SACZ,MAAM,CAAC,CAAC,OAAO,EAAE,EAAE;QAClB,MAAM,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,UAAU,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;QAC9D,MAAM,IAAI,GAAG,MAAM,CAAC,OAAO,CAAC,YAAY,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;QAC9D,OAAO,CACL,CAAC,KAAK,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,MAAM,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;YAC9D,CAAC,KAAK,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;YACzD,CAAC,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;YACnD,CAAC,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CACpD,CAAC;IACJ,CAAC,CAAC;SACD,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC;SACX,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,UAAU,IAAI,sBAAsB,CAAC,CAAC,CAAC;AAC5E,CAAC;AAED,MAAM,UAAU,mBAAmB,CACjC,OAAoB,EACpB,OAAuB;IAEvB,qBAAqB,CAAC;QACpB,YAAY,EAAE,eAAe;QAC7B,gBAAgB,EAAE,KAAK;QACvB,GAAG,CAAC,OAAO,CAAC,YAAY,IAAI,EAAE,CAAC;KAChC,CAAC,CAAC;IAEH,MAAM,WAAW,GAAa,EAAE,CAAC;IACjC,IAAI,QAAQ,GAA4B,OAAO,CAAC;IAChD,IAAI,SAAS,GAAG,IAAI,CAAC;IAErB,MAAM,YAAY,GAAG,CAAC,OAAO,CAAC,WAAW,EAAE,GAAG,CAAC,OAAO,CAAC,kBAAkB,IAAI,EAAE,CAAC,CAAC,CAAC;IAClF,IAAI,YAAY,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,mBAAmB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC;QAClE,QAAQ,GAAG,OAAO,CAAC;QACnB,WAAW,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC;QAC5C,SAAS,GAAG,IAAI,CAAC;IACnB,CAAC;IAED,IAAI,OAAO,CAAC,MAAM,CAAC,sBAAsB,IAAI,OAAO,CAAC,yBAAyB,EAAE,CAAC;QAC/E,QAAQ,GAAG,OAAO,CAAC;QACnB,WAAW,CAAC,IAAI,CAAC,6BAA6B,CAAC,CAAC;QAChD,SAAS,GAAG,IAAI,CAAC;IACnB,CAAC;IAED,IACE,OAAO,CAAC,MAAM,CAAC,uBAAuB;QACtC,OAAO,CAAC,QAAQ,KAAK,OAAO;QAC5B,OAAO,CAAC,oBAAoB;QAC5B,OAAO,CAAC,mBAAmB,EAAE,MAAM;QACnC,CAAC,OAAO,CAAC,mBAAmB,CAAC,QAAQ,CAAC,OAAO,CAAC,oBAAoB,CAAC,EACnE,CAAC;QACD,QAAQ,GAAG,OAAO,CAAC;QACnB,WAAW,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;QAC1C,SAAS,GAAG,GAAG,CAAC;IAClB,CAAC;IAED,IACE,OAAO,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC;QACxD,CAAC,OAAO,CAAC,oBAAoB,EAC7B,CAAC;QACD,QAAQ,GAAG,OAAO,CAAC;QACnB,WAAW,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;QACvC,SAAS,GAAG,IAAI,CAAC;IACnB,CAAC;IAED,IAAI,OAAO,CAAC,cAAc,KAAK,KAAK,EAAE,CAAC;QACrC,QAAQ,GAAG,QAAQ,KAAK,OAAO,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,QAAQ,CAAC;QAC5D,WAAW,CAAC,IAAI,CAAC,8BAA8B,CAAC,CAAC;QACjD,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;IACxC,CAAC;IAED,IACE,OAAO,CAAC,cAAc;QACtB,OAAO,CAAC,MAAM,CAAC,sBAAsB,CAAC,IAAI;QAC1C,CAAC,OAAO,CAAC,MAAM,CAAC,sBAAsB,CAAC,GAAG,CAAC,OAAO,CAAC,cAAc,CAAC,WAAW,EAAE,CAAC,EAChF,CAAC;QACD,QAAQ,GAAG,cAAc,CAAC;QAC1B,WAAW,CAAC,IAAI,CAAC,iCAAiC,CAAC,CAAC;QACpD,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;IACxC,CAAC;IAED,MAAM,iBAAiB,GAAG,iBAAiB,CACzC,WAAW,EACX,OAAO,CAAC,aAAa,EAAE,oBAAoB,IAAI,EAAE,CAClD,CAAC;IAEF,OAAO;QACL,QAAQ;QACR,WAAW,EAAE,IAAI,CAAC,WAAW,CAAC;QAC9B,SAAS,EAAE,KAAK,CAAC,SAAS,CAAC;QAC3B,eAAe,EAAE;YACf,kBAAkB,EAAE,OAAO,CAAC,MAAM,CAAC,uBAAuB;YAC1D,yBAAyB,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,sBAAsB;YACjE,wBAAwB,EAAE,CAAC,GAAG,OAAO,CAAC,MAAM,CAAC,sBAAsB,CAAC;SACrE;QACD,iBAAiB;QACjB,kBAAkB,EAAE,QAAQ,KAAK,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS;QAC9D,aAAa,EAAE,IAAI,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,QAAQ,CAAC,WAAW,EAAE,CAAC,CAAC;KAC9D,CAAC;AACJ,CAAC"}

package/dist/toolProtocolV2.d.ts

@@ -0,0 +1,6 @@
+import type { RuntimeContext, ToolCallbackVerificationRequest, ToolCallbackVerificationResult, ToolOnboardingSession, ToolPreparationResult, ToolRequest } from "./types.js";
+export declare function computeToolManifestHash(request: Pick<ToolRequest, "toolId" | "description" | "authType" | "requestedScopes" | "callbackUri" | "requestedRedirectUri">): string;
+export declare function computeToolSchemaHash(schemaDescriptions?: string[]): string;
+export declare function prepareToolOnboarding(request: ToolRequest, context: RuntimeContext): ToolPreparationResult;
+export declare function verifyToolCallback(request: ToolCallbackVerificationRequest, session: ToolOnboardingSession | undefined, context: RuntimeContext): ToolCallbackVerificationResult;
+//# sourceMappingURL=toolProtocolV2.d.ts.map

package/dist/toolProtocolV2.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"toolProtocolV2.d.ts","sourceRoot":"","sources":["../src/toolProtocolV2.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAEV,cAAc,EAEd,+BAA+B,EAC/B,8BAA8B,EAC9B,qBAAqB,EACrB,qBAAqB,EACrB,WAAW,EAGZ,MAAM,YAAY,CAAC;AAgCpB,wBAAgB,uBAAuB,CAAC,OAAO,EAAE,IAAI,CACnD,WAAW,EACX,QAAQ,GAAG,aAAa,GAAG,UAAU,GAAG,iBAAiB,GAAG,aAAa,GAAG,sBAAsB,CACnG,GAAG,MAAM,CAUT;AAED,wBAAgB,qBAAqB,CAAC,kBAAkB,CAAC,EAAE,MAAM,EAAE,GAAG,MAAM,CAE3E;AA+HD,wBAAgB,qBAAqB,CACnC,OAAO,EAAE,WAAW,EACpB,OAAO,EAAE,cAAc,GACtB,qBAAqB,CA6KvB;AAED,wBAAgB,kBAAkB,CAChC,OAAO,EAAE,+BAA+B,EACxC,OAAO,EAAE,qBAAqB,GAAG,SAAS,EAC1C,OAAO,EAAE,cAAc,GACtB,8BAA8B,CAoEhC"}