@solongate/sdk 0.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.d.ts +511 -0
- package/dist/index.js +927 -0
- package/dist/index.js.map +1 -0
- package/package.json +40 -0
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":["../src/config.ts","../src/interceptor.ts","../src/logger.ts","../src/token-issuer.ts","../src/server-verifier.ts","../src/rate-limiter.ts","../src/solongate.ts","../src/secure-server.ts","../src/api-client.ts"],"names":["DEFAULT_INPUT_GUARD_CONFIG","randomUUID","createHmac","TOKEN_ALGORITHM","RateLimitError"],"mappings":";;;;;;;;AA2BO,IAAM,cAAA,GAA4C,OAAO,MAAA,CAAO;AAAA,EACrE,eAAA,EAAiB,IAAA;AAAA,EACjB,aAAA,EAAe,IAAA;AAAA,EACf,QAAA,EAAU,MAAA;AAAA,EACV,mBAAA,EAAqB,GAAA;AAAA,EACrB,aAAA,EAAe,KAAA;AAAA,EACf,wBAAA,EAA0B,GAAA;AAAA,EAC1B,gBAAA,EAAkB,EAAA;AAAA,EAClB,eAAA,EAAiB,EAAA;AAAA,EACjB,gBAAA,EAAkB,0BAAA;AAAA,EAClB,uBAAA,EAAyB;AAC3B,CAAC;AAEM,SAAS,cACd,UAAA,EACiD;AACjD,EAAA,MAAM,WAAqB,EAAC;AAC5B,EAAA,MAAM,MAAA,GAAS,EAAE,GAAG,cAAA,EAAgB,GAAG,UAAA,EAAW;AAElD,EAAA,IAAI,CAAC,OAAO,eAAA,EAAiB;AAC3B,IAAA,QAAA,CAAS,IAAA,CAAK,8BAA8B,mBAAmB,CAAA;AAAA,EACjE;AACA,EAAA,IAAI,MAAA,CAAO,6BAA6B,CAAA,EAAG;AACzC,IAAA,QAAA,CAAS,IAAA,CAAK,8BAA8B,eAAe,CAAA;AAAA,EAC7D;AACA,EAAA,IAAI,OAAO,aAAA,EAAe;AACxB,IAAA,QAAA,CAAS,IAAA;AAAA,MACP;AAAA,KACF;AAAA,EACF;AACA,EAAA,IAAI,MAAA,CAAO,WAAA,IAAe,MAAA,CAAO,WAAA,CAAY,SAAS,EAAA,EAAI;AACxD,IAAA,QAAA,CAAS,IAAA;AAAA,MACP;AAAA,KACF;AAAA,EACF;AAEA,EAAA,OAAO,EAAE,QAAQ,QAAA,EAAS;AAC5B;ACbA,eAAsB,iBAAA,CACpB,MAAA,EACA,YAAA,EACA,OAAA,EAC4B;AAC5B,EAAA,MAAM,YAAY,UAAA,EAAW;AAC7B,EAAA,MAAM,SAAA,GAAA,iBAAY,IAAI,IAAA,EAAK,EAAE,WAAA,EAAY;AAEzC,EAAA,MAAM,OAAA,GAAU,qBAAA,CAAsB,EAAE,SAAA,EAAW,CAAA;AAEnD,EAAA,MAAM,OAAA,GAA4B;AAAA,IAChC,OAAA;AAAA,IACA,UAAU,MAAA,CAAO,IAAA;AAAA,IACjB,UAAA,EAAY,SAAA;AAAA,IACZ,SAAA,EAAW,MAAA,CAAO,SAAA,IAAa,EAAC;AAAA,IAChC,oBAAoB,UAAA,CAAW,OAAA;AAAA,IAC/B;AAAA,GACF;AAGA,EAAA,IAAI,QAAQ,WAAA,EAAa;AAEvB,IAAA,IAAI,QAAQ,gBAAA,EAAkB;AAC5B,MAAA,MAAM,SAAA,GAAY,QAAQ,WAAA,CAAY,UAAA;AAAA,QACpC,MAAA,CAAO,IAAA;AAAA,QACP,OAAA,CAAQ;AAAA,OACV;AACA,MAAA,IAAI,CAAC,UAAU,OAAA,EAAS;AACtB,QAAA,MAAM,MAAA,GAA0B;AAAA,UAC9B,MAAA,EAAQ,OAAA;AAAA,UACR,OAAA;AAAA,UACA,OAAO,IAAI,cAAA,CAAe,MAAA,CAAO,IAAA,EAAM,QAAQ,gBAAgB,CAAA;AAAA,UAC/D,SAAA,EAAA,iBAAW,IAAI,IAAA,EAAK,EAAE,WAAA;AAAY,SACpC;AACA,QAAA,OAAA,CAAQ,aAAa,MAAM,CAAA;AAC3B,QAAA,OAAO,sBAAA;AAAA,UACL,CAAA,8BAAA,EAAiC,OAAO,IAAI,CAAA,CAAA;AAAA,SAC9C;AAAA,MACF;AAAA,IACF;AAGA,IAAA,IAAI,QAAQ,wBAAA,EAA0B;AACpC,MAAA,MAAM,WAAA,GAAc,QAAQ,WAAA,CAAY,gBAAA;AAAA,QACtC,OAAA,CAAQ;AAAA,OACV;AACA,MAAA,IAAI,CAAC,YAAY,OAAA,EAAS;AACxB,QAAA,MAAM,MAAA,GAA0B;AAAA,UAC9B,MAAA,EAAQ,OAAA;AAAA,UACR,OAAA;AAAA,UACA,KAAA,EAAO,IAAI,cAAA,CAAe,GAAA,EAAK,QAAQ,wBAAwB,CAAA;AAAA,UAC/D,SAAA,EAAA,iBAAW,IAAI,IAAA,EAAK,EAAE,WAAA;AAAY,SACpC;AACA,QAAA,OAAA,CAAQ,aAAa,MAAM,CAAA;AAC3B,QAAA,OAAO,uBAAuB,4BAA4B,CAAA;AAAA,MAC5D;AAAA,IACF;AAAA,EACF;AAGA,EAAA,IAAI,OAAA,CAAQ,eAAA,IAAmB,MAAA,CAAO,SAAA,EAAW;AAC/C,IAAA,MAAM,WAAA,GAAc,QAAQ,gBAAA,IAAoBA,0BAAAA;AAChD,IAAA,MAAM,YAAA,GAAe,aAAA,CAAc,WAAA,EAAa,MAAA,CAAO,WAAW,WAAW,CAAA;AAE7E,IAAA,IAAI,CAAC,aAAa,IAAA,EAAM;AACtB,MAAA,MAAM,kBAAA,GAAqB,aAAa,OAAA,CAAQ,GAAA;AAAA,QAC9C,CAAC,CAAA,KAAM,CAAA,EAAG,CAAA,CAAE,IAAI,KAAK,CAAA,CAAE,WAAW,CAAA,SAAA,EAAY,CAAA,CAAE,KAAK,CAAA,CAAA;AAAA,OACvD;AACA,MAAA,MAAM,MAAA,GAA0B;AAAA,QAC9B,MAAA,EAAQ,OAAA;AAAA,QACR,OAAA;AAAA,QACA,KAAA,EAAO,IAAI,qBAAA,CAAsB,MAAA,CAAO,MAAM,kBAAkB,CAAA;AAAA,QAChE,SAAA,EAAA,iBAAW,IAAI,IAAA,EAAK,EAAE,WAAA;AAAY,OACpC;AACA,MAAA,OAAA,CAAQ,aAAa,MAAM,CAAA;AAE3B,MAAA,MAAM,SAAS,OAAA,CAAQ,aAAA,GACnB,4BAA4B,YAAA,CAAa,OAAA,CAAQ,MAAM,CAAA,mBAAA,CAAA,GACvD,0BAAA;AACJ,MAAA,OAAO,uBAAuB,MAAM,CAAA;AAAA,IACtC;AAAA,EACF;AAGA,EAAA,MAAM,QAAA,GAAW,OAAA,CAAQ,YAAA,CAAa,QAAA,CAAS,OAAO,CAAA;AAEtD,EAAA,IAAI,QAAA,CAAS,WAAW,MAAA,EAAQ;AAC9B,IAAA,MAAM,MAAA,GAA0B;AAAA,MAC9B,MAAA,EAAQ,QAAA;AAAA,MACR,OAAA;AAAA,MACA,QAAA;AAAA,MACA,SAAA,EAAA,iBAAW,IAAI,IAAA,EAAK,EAAE,WAAA;AAAY,KACpC;AACA,IAAA,OAAA,CAAQ,aAAa,MAAM,CAAA;AAE3B,IAAA,MAAM,MAAA,GAAS,OAAA,CAAQ,aAAA,GACnB,QAAA,CAAS,MAAA,GACT,2CAAA;AACJ,IAAA,OAAO,uBAAuB,MAAM,CAAA;AAAA,EACtC;AAGA,EAAA,IAAI,eAAA;AACJ,EAAA,IAAI,QAAQ,WAAA,EAAa;AACvB,IAAA,eAAA,GAAkB,QAAQ,WAAA,CAAY,KAAA;AAAA,MACpC,SAAA;AAAA,MACA,CAAC,WAAW,OAAO,CAAA;AAAA,MACnB,CAAC,OAAO,IAAI;AAAA,KACd;AAAA,EACF;AAGA,EAAA,IAAI,OAAA,CAAQ,kBAAkB,eAAA,EAAiB;AAC7C,IAAA,OAAA,CAAQ,cAAA,CAAe,mBAAA,CAAoB,MAAA,EAAQ,eAAe,CAAA;AAAA,EACpE;AAGA,EAAA,IAAI;AACF,IAAA,MAAM,SAAA,GAAY,YAAY,GAAA,EAAI;AAClC,IAAA,MAAM,UAAA,GAAa,MAAM,YAAA,CAAa,MAAM,CAAA;AAC5C,IAAA,MAAM,UAAA,GAAa,WAAA,CAAY,GAAA,EAAI,GAAI,SAAA;AAGvC,IAAA,IAAI,QAAQ,WAAA,EAAa;AACvB,MAAA,OAAA,CAAQ,WAAA,CAAY,UAAA,CAAW,MAAA,CAAO,IAAI,CAAA;AAAA,IAC5C;AAGA,IAAA,MAAM,MAAA,GAA0B;AAAA,MAC9B,MAAA,EAAQ,SAAA;AAAA,MACR,OAAA;AAAA,MACA,QAAA;AAAA,MACA,UAAA;AAAA,MACA,UAAA;AAAA,MACA,SAAA,EAAA,iBAAW,IAAI,IAAA,EAAK,EAAE,WAAA;AAAY,KACpC;AACA,IAAA,OAAA,CAAQ,aAAa,MAAM,CAAA;AAE3B,IAAA,OAAO,UAAA;AAAA,EACT,SAAS,KAAA,EAAO;AACd,IAAA,MAAM,MAAA,GAA0B;AAAA,MAC9B,MAAA,EAAQ,OAAA;AAAA,MACR,OAAA;AAAA,MACA,KAAA,EAAO,KAAA,YAAiB,KAAA,GACpB,IAAI,kBAAkB,MAAA,CAAO,IAAA,EAAM,KAAA,CAAM,OAAO,CAAA,GAChD,IAAI,iBAAA,CAAkB,MAAA,CAAO,MAAM,wBAAwB,CAAA;AAAA,MAC/D,SAAA,EAAA,iBAAW,IAAI,IAAA,EAAK,EAAE,WAAA;AAAY,KACpC;AACA,IAAA,OAAA,CAAQ,aAAa,MAAM,CAAA;AAC3B,IAAA,MAAM,KAAA;AAAA,EACR;AACF;;;ACtMA,IAAM,eAAA,GAA4C;AAAA,EAChD,KAAA,EAAO,CAAA;AAAA,EACP,IAAA,EAAM,CAAA;AAAA,EACN,IAAA,EAAM,CAAA;AAAA,EACN,KAAA,EAAO;AACT,CAAA;AAMO,IAAM,iBAAN,MAAqB;AAAA,EACT,QAAA;AAAA,EACA,OAAA;AAAA,EAEjB,YAAY,OAAA,EAAgD;AAC1D,IAAA,IAAA,CAAK,WAAW,OAAA,CAAQ,KAAA;AACxB,IAAA,IAAA,CAAK,UAAU,OAAA,CAAQ,OAAA;AAAA,EACzB;AAAA,EAEA,YAAY,MAAA,EAA+B;AACzC,IAAA,IAAI,CAAC,KAAK,OAAA,EAAS;AAEnB,IAAA,MAAM,KAAA,GAAQ;AAAA,MACZ,IAAA,EAAM,mBAAA;AAAA,MACN,QAAQ,MAAA,CAAO,MAAA;AAAA,MACf,QAAA,EAAU,OAAO,OAAA,CAAQ,QAAA;AAAA,MACzB,UAAA,EAAY,OAAO,OAAA,CAAQ,kBAAA;AAAA,MAC3B,UAAA,EAAY,MAAA,CAAO,OAAA,CAAQ,OAAA,CAAQ,UAAA;AAAA,MACnC,SAAA,EAAW,MAAA,CAAO,OAAA,CAAQ,OAAA,CAAQ,SAAA;AAAA,MAClC,WAAW,MAAA,CAAO,SAAA;AAAA,MAClB,GAAI,MAAA,CAAO,MAAA,KAAW,aAAa,EAAE,UAAA,EAAY,OAAO,UAAA,EAAW;AAAA,MACnE,GAAI,OAAO,MAAA,KAAW,QAAA,IAAY,EAAE,MAAA,EAAQ,MAAA,CAAO,SAAS,MAAA,EAAO;AAAA,MACnE,GAAI,OAAO,MAAA,KAAW,OAAA,IAAW,EAAE,KAAA,EAAO,MAAA,CAAO,MAAM,IAAA;AAAK,KAC9D;AAEA,IAAA,IAAI,MAAA,CAAO,MAAA,KAAW,QAAA,IAAY,MAAA,CAAO,WAAW,OAAA,EAAS;AAC3D,MAAA,IAAA,CAAK,GAAA,CAAI,QAAQ,KAAK,CAAA;AAAA,IACxB,CAAA,MAAO;AACL,MAAA,IAAA,CAAK,GAAA,CAAI,QAAQ,KAAK,CAAA;AAAA,IACxB;AAAA,EACF;AAAA,EAEQ,GAAA,CAAI,OAAiB,IAAA,EAAqC;AAChE,IAAA,IAAI,gBAAgB,KAAK,CAAA,GAAI,eAAA,CAAgB,IAAA,CAAK,QAAQ,CAAA,EAAG;AAE7D,IAAA,MAAM,SAAS,IAAA,CAAK,SAAA,CAAU,EAAE,KAAA,EAAO,GAAG,MAAM,CAAA;AAChD,IAAA,QAAQ,KAAA;AAAO,MACb,KAAK,OAAA;AACH,QAAA,OAAA,CAAQ,KAAA,CAAM,CAAA,YAAA,EAAe,MAAM,CAAA,CAAE,CAAA;AACrC,QAAA;AAAA,MACF,KAAK,MAAA;AACH,QAAA,OAAA,CAAQ,IAAA,CAAK,CAAA,YAAA,EAAe,MAAM,CAAA,CAAE,CAAA;AACpC,QAAA;AAAA,MACF,KAAK,OAAA;AACH,QAAA,OAAA,CAAQ,KAAA,CAAM,CAAA,YAAA,EAAe,MAAM,CAAA,CAAE,CAAA;AACrC,QAAA;AAAA,MACF;AACE,QAAA,OAAA,CAAQ,IAAA,CAAK,CAAA,YAAA,EAAe,MAAM,CAAA,CAAE,CAAA;AAAA;AACxC,EACF;AACF;AC3CO,IAAM,cAAN,MAAkB;AAAA,EACN,MAAA;AAAA,EACA,UAAA;AAAA,EACA,MAAA;AAAA,EACA,UAAA,uBAAiB,GAAA,EAAY;AAAA,EAC7B,aAAA,uBAAoB,GAAA,EAAY;AAAA,EAEjD,YAAY,MAAA,EAAqB;AAC/B,IAAA,IAAI,MAAA,CAAO,MAAA,CAAO,MAAA,GAAS,iBAAA,EAAmB;AAC5C,MAAA,MAAM,IAAI,KAAA;AAAA,QACR,iCAAiC,iBAAiB,CAAA,WAAA;AAAA,OACpD;AAAA,IACF;AACA,IAAA,IAAA,CAAK,SAAS,MAAA,CAAO,MAAA;AACrB,IAAA,IAAA,CAAK,UAAA,GAAa,OAAO,UAAA,IAAc,yBAAA;AACvC,IAAA,IAAA,CAAK,SAAS,MAAA,CAAO,MAAA;AAAA,EACvB;AAAA;AAAA;AAAA;AAAA,EAKA,KAAA,CACE,WACA,WAAA,EACA,SAAA,EACA,cAAiC,CAAC,GAAG,GACrC,SAAA,EACQ;AACR,IAAA,MAAM,MAAM,IAAA,CAAK,KAAA,CAAM,IAAA,CAAK,GAAA,KAAQ,GAAI,CAAA;AACxC,IAAA,MAAM,MAAMC,UAAAA,EAAW;AAEvB,IAAA,MAAM,OAAA,GAA2B;AAAA,MAC/B,GAAA;AAAA,MACA,KAAK,IAAA,CAAK,MAAA;AAAA,MACV,GAAA,EAAK,SAAA;AAAA,MACL,GAAA,EAAK,GAAA;AAAA,MACL,GAAA,EAAK,MAAM,IAAA,CAAK,UAAA;AAAA,MAChB,WAAA,EAAa,CAAC,GAAG,WAAW,CAAA;AAAA,MAC5B,SAAA,EAAW,CAAC,GAAG,SAAS,CAAA;AAAA,MACxB,WAAA,EAAa,CAAC,GAAG,WAAW,CAAA;AAAA,MAC5B,GAAI,SAAA,IAAa,EAAE,WAAW,CAAC,GAAG,SAAS,CAAA;AAAE,KAC/C;AAEA,IAAA,OAAO,IAAA,CAAK,KAAK,OAAO,CAAA;AAAA,EAC1B;AAAA;AAAA;AAAA;AAAA,EAKA,OAAO,KAAA,EAAwC;AAE7C,IAAA,MAAM,MAAA,GAAS,IAAA,CAAK,cAAA,CAAe,KAAK,CAAA;AACxC,IAAA,IAAI,CAAC,MAAA,CAAO,KAAA,IAAS,CAAC,OAAO,OAAA,EAAS;AACpC,MAAA,OAAO,MAAA;AAAA,IACT;AAEA,IAAA,MAAM,UAAU,MAAA,CAAO,OAAA;AAGvB,IAAA,MAAM,MAAM,IAAA,CAAK,KAAA,CAAM,IAAA,CAAK,GAAA,KAAQ,GAAI,CAAA;AACxC,IAAA,IAAI,OAAA,CAAQ,OAAO,GAAA,EAAK;AACtB,MAAA,OAAO,EAAE,KAAA,EAAO,KAAA,EAAO,MAAA,EAAQ,eAAA,EAAgB;AAAA,IACjD;AAGA,IAAA,IAAI,IAAA,CAAK,aAAA,CAAc,GAAA,CAAI,OAAA,CAAQ,GAAG,CAAA,EAAG;AACvC,MAAA,OAAO,EAAE,KAAA,EAAO,KAAA,EAAO,MAAA,EAAQ,wBAAA,EAAyB;AAAA,IAC1D;AAGA,IAAA,IAAI,IAAA,CAAK,UAAA,CAAW,GAAA,CAAI,OAAA,CAAQ,GAAG,CAAA,EAAG;AACpC,MAAA,OAAO,EAAE,KAAA,EAAO,KAAA,EAAO,MAAA,EAAQ,sCAAA,EAAuC;AAAA,IACxE;AAGA,IAAA,IAAA,CAAK,UAAA,CAAW,GAAA,CAAI,OAAA,CAAQ,GAAG,CAAA;AAE/B,IAAA,OAAO,EAAE,KAAA,EAAO,IAAA,EAAM,OAAA,EAAQ;AAAA,EAChC;AAAA;AAAA;AAAA;AAAA,EAKA,OAAO,GAAA,EAAmB;AACxB,IAAA,IAAA,CAAK,aAAA,CAAc,IAAI,GAAG,CAAA;AAAA,EAC5B;AAAA;AAAA;AAAA;AAAA,EAKA,UAAU,GAAA,EAAsB;AAC9B,IAAA,OAAO,IAAA,CAAK,aAAA,CAAc,GAAA,CAAI,GAAG,CAAA;AAAA,EACnC;AAAA;AAAA,EAIQ,KAAK,OAAA,EAAkC;AAC7C,IAAA,MAAM,MAAA,GAAS,eAAA,CAAgB,IAAA,CAAK,SAAA,CAAU,EAAE,KAAK,eAAA,EAAiB,GAAA,EAAK,KAAA,EAAO,CAAC,CAAA;AACnF,IAAA,MAAM,IAAA,GAAO,eAAA,CAAgB,IAAA,CAAK,SAAA,CAAU,OAAO,CAAC,CAAA;AACpD,IAAA,MAAM,YAAY,IAAA,CAAK,gBAAA,CAAiB,GAAG,MAAM,CAAA,CAAA,EAAI,IAAI,CAAA,CAAE,CAAA;AAC3D,IAAA,OAAO,CAAA,EAAG,MAAM,CAAA,CAAA,EAAI,IAAI,IAAI,SAAS,CAAA,CAAA;AAAA,EACvC;AAAA,EAEQ,eAAe,KAAA,EAAwC;AAC7D,IAAA,MAAM,KAAA,GAAQ,KAAA,CAAM,KAAA,CAAM,GAAG,CAAA;AAC7B,IAAA,IAAI,KAAA,CAAM,WAAW,CAAA,EAAG;AACtB,MAAA,OAAO,EAAE,KAAA,EAAO,KAAA,EAAO,MAAA,EAAQ,sBAAA,EAAuB;AAAA,IACxD;AAEA,IAAA,MAAM,CAAC,MAAA,EAAQ,IAAA,EAAM,SAAS,CAAA,GAAI,KAAA;AAClC,IAAA,MAAM,oBAAoB,IAAA,CAAK,gBAAA,CAAiB,GAAG,MAAM,CAAA,CAAA,EAAI,IAAI,CAAA,CAAE,CAAA;AAEnE,IAAA,IAAI,cAAc,iBAAA,EAAmB;AACnC,MAAA,OAAO,EAAE,KAAA,EAAO,KAAA,EAAO,MAAA,EAAQ,yBAAA,EAA0B;AAAA,IAC3D;AAEA,IAAA,IAAI;AACF,MAAA,MAAM,OAAA,GAAU,IAAA,CAAK,KAAA,CAAM,eAAA,CAAgB,IAAI,CAAC,CAAA;AAChD,MAAA,OAAO,EAAE,KAAA,EAAO,IAAA,EAAM,OAAA,EAAQ;AAAA,IAChC,CAAA,CAAA,MAAQ;AACN,MAAA,OAAO,EAAE,KAAA,EAAO,KAAA,EAAO,MAAA,EAAQ,uBAAA,EAAwB;AAAA,IACzD;AAAA,EACF;AAAA,EAEQ,iBAAiB,IAAA,EAAsB;AAC7C,IAAA,OAAO,eAAA;AAAA,MACL,UAAA,CAAW,UAAU,IAAA,CAAK,MAAM,EAAE,MAAA,CAAO,IAAI,CAAA,CAAE,MAAA,CAAO,QAAQ;AAAA,KAChE;AAAA,EACF;AACF;AAEA,SAAS,gBAAgB,GAAA,EAAqB;AAC5C,EAAA,OAAO,OAAO,IAAA,CAAK,GAAG,CAAA,CACnB,QAAA,CAAS,QAAQ,CAAA,CACjB,OAAA,CAAQ,KAAA,EAAO,GAAG,EAClB,OAAA,CAAQ,KAAA,EAAO,GAAG,CAAA,CAClB,OAAA,CAAQ,OAAO,EAAE,CAAA;AACtB;AAEA,SAAS,gBAAgB,GAAA,EAAqB;AAC5C,EAAA,MAAM,MAAA,GAAS,MAAM,GAAA,CAAI,MAAA,CAAA,CAAQ,IAAK,GAAA,CAAI,MAAA,GAAS,KAAM,CAAC,CAAA;AAC1D,EAAA,OAAO,MAAA,CAAO,IAAA,CAAK,MAAA,CAAO,OAAA,CAAQ,IAAA,EAAM,GAAG,CAAA,CAAE,OAAA,CAAQ,IAAA,EAAM,GAAG,CAAA,EAAG,QAAQ,EAAE,QAAA,EAAS;AACtF;ACpIO,IAAM,iBAAN,MAAqB;AAAA,EACT,aAAA;AAAA,EACA,QAAA;AAAA,EACA,UAAA,uBAAiB,GAAA,EAAY;AAAA,EAE9C,YAAY,MAAA,EAGT;AACD,IAAA,IAAI,MAAA,CAAO,aAAA,CAAc,MAAA,GAAS,EAAA,EAAI;AACpC,MAAA,MAAM,IAAI,MAAM,+CAA+C,CAAA;AAAA,IACjE;AACA,IAAA,IAAA,CAAK,gBAAgB,MAAA,CAAO,aAAA;AAC5B,IAAA,IAAA,CAAK,QAAA,GAAW,OAAO,QAAA,IAAY,GAAA;AAAA,EACrC;AAAA;AAAA;AAAA;AAAA,EAKA,WAAA,CAAY,QAA2B,eAAA,EAAiC;AACtE,IAAA,MAAM,OAAO,IAAA,CAAK,SAAA,CAAU,EAAE,MAAA,EAAQ,iBAAiB,CAAA;AACvD,IAAA,OAAOC,UAAAA,CAAW,UAAU,IAAA,CAAK,aAAa,EAC3C,MAAA,CAAO,IAAI,CAAA,CACX,MAAA,CAAO,KAAK,CAAA;AAAA,EACjB;AAAA;AAAA;AAAA;AAAA,EAKA,eAAA,CACE,MAAA,EACA,eAAA,EACA,SAAA,EACS;AACT,IAAA,MAAM,QAAA,GAAW,IAAA,CAAK,WAAA,CAAY,MAAA,EAAQ,eAAe,CAAA;AAEzD,IAAA,IAAI,QAAA,CAAS,MAAA,KAAW,SAAA,CAAU,MAAA,EAAQ,OAAO,KAAA;AACjD,IAAA,IAAI,MAAA,GAAS,CAAA;AACb,IAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,QAAA,CAAS,QAAQ,CAAA,EAAA,EAAK;AACxC,MAAA,MAAA,IAAU,SAAS,UAAA,CAAW,CAAC,CAAA,GAAI,SAAA,CAAU,WAAW,CAAC,CAAA;AAAA,IAC3D;AACA,IAAA,OAAO,MAAA,KAAW,CAAA;AAAA,EACpB;AAAA;AAAA;AAAA;AAAA,EAKA,mBAAA,CACE,QACA,eAAA,EACkB;AAClB,IAAA,MAAM,SAAA,GAAA,iBAAY,IAAI,IAAA,EAAK,EAAE,WAAA,EAAY;AACzC,IAAA,MAAM,QAAQD,UAAAA,EAAW;AACzB,IAAA,MAAM,SAAA,GAAY,IAAA,CAAK,WAAA,CAAY,MAAA,EAAQ,eAAe,CAAA;AAE1D,IAAA,OAAO;AAAA,MACL,MAAA;AAAA,MACA,eAAA;AAAA,MACA,SAAA;AAAA,MACA,SAAA;AAAA,MACA;AAAA,KACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,sBAAsB,OAAA,EAAsD;AAE1E,IAAA,MAAM,cAAc,IAAI,IAAA,CAAK,OAAA,CAAQ,SAAS,EAAE,OAAA,EAAQ;AACxD,IAAA,MAAM,GAAA,GAAM,KAAK,GAAA,EAAI;AACrB,IAAA,IAAI,KAAA,CAAM,WAAW,CAAA,EAAG;AACtB,MAAA,OAAO,EAAE,KAAA,EAAO,KAAA,EAAO,MAAA,EAAQ,mBAAA,EAAoB;AAAA,IACrD;AACA,IAAA,IAAI,GAAA,GAAM,WAAA,GAAc,IAAA,CAAK,QAAA,EAAU;AACrC,MAAA,OAAO,EAAE,KAAA,EAAO,KAAA,EAAO,MAAA,EAAQ,iBAAA,EAAkB;AAAA,IACnD;AACA,IAAA,IAAI,WAAA,GAAc,MAAM,GAAA,EAAQ;AAC9B,MAAA,OAAO,EAAE,KAAA,EAAO,KAAA,EAAO,MAAA,EAAQ,iCAAA,EAAkC;AAAA,IACnE;AAGA,IAAA,IAAI,IAAA,CAAK,UAAA,CAAW,GAAA,CAAI,OAAA,CAAQ,KAAK,CAAA,EAAG;AACtC,MAAA,OAAO,EAAE,KAAA,EAAO,KAAA,EAAO,MAAA,EAAQ,mCAAA,EAAoC;AAAA,IACrE;AAGA,IAAA,IAAI,CAAC,KAAK,eAAA,CAAgB,OAAA,CAAQ,QAAQ,OAAA,CAAQ,eAAA,EAAiB,OAAA,CAAQ,SAAS,CAAA,EAAG;AACrF,MAAA,OAAO,EAAE,KAAA,EAAO,KAAA,EAAO,MAAA,EAAQ,mBAAA,EAAoB;AAAA,IACrD;AAGA,IAAA,IAAA,CAAK,UAAA,CAAW,GAAA,CAAI,OAAA,CAAQ,KAAK,CAAA;AAEjC,IAAA,OAAO,EAAE,OAAO,IAAA,EAAK;AAAA,EACvB;AACF;ACxGO,IAAM,cAAN,MAAkB;AAAA,EACN,QAAA;AAAA,EACA,OAAA,uBAAc,GAAA,EAA0B;AAAA,EACjD,gBAA8B,EAAC;AAAA,EAEvC,YAAY,OAAA,EAAiC;AAC3C,IAAA,IAAA,CAAK,QAAA,GAAW,SAAS,QAAA,IAAY,oBAAA;AAAA,EACvC;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,UAAA,CACE,UACA,cAAA,EACiB;AACjB,IAAA,MAAM,GAAA,GAAM,KAAK,GAAA,EAAI;AACrB,IAAA,MAAM,WAAA,GAAc,MAAM,IAAA,CAAK,QAAA;AAE/B,IAAA,MAAM,OAAA,GAAU,IAAA,CAAK,gBAAA,CAAiB,QAAA,EAAU,WAAW,CAAA;AAC3D,IAAA,MAAM,QAAQ,OAAA,CAAQ,MAAA;AACtB,IAAA,MAAM,UAAU,KAAA,GAAQ,cAAA;AACxB,IAAA,MAAM,SAAA,GAAY,IAAA,CAAK,GAAA,CAAI,CAAA,EAAG,iBAAiB,KAAK,CAAA;AACpD,IAAA,MAAM,OAAA,GAAU,OAAA,CAAQ,MAAA,GAAS,CAAA,GAC7B,OAAA,CAAQ,CAAC,CAAA,CAAG,SAAA,GAAY,IAAA,CAAK,QAAA,GAC7B,GAAA,GAAM,IAAA,CAAK,QAAA;AAEf,IAAA,OAAO,EAAE,OAAA,EAAS,SAAA,EAAW,OAAA,EAAQ;AAAA,EACvC;AAAA;AAAA;AAAA;AAAA,EAKA,iBAAiB,cAAA,EAAyC;AACxD,IAAA,MAAM,GAAA,GAAM,KAAK,GAAA,EAAI;AACrB,IAAA,MAAM,WAAA,GAAc,MAAM,IAAA,CAAK,QAAA;AAE/B,IAAA,IAAA,CAAK,aAAA,GAAgB,KAAK,aAAA,CAAc,MAAA;AAAA,MACtC,CAAC,CAAA,KAAM,CAAA,CAAE,SAAA,GAAY;AAAA,KACvB;AACA,IAAA,MAAM,KAAA,GAAQ,KAAK,aAAA,CAAc,MAAA;AACjC,IAAA,MAAM,UAAU,KAAA,GAAQ,cAAA;AACxB,IAAA,MAAM,SAAA,GAAY,IAAA,CAAK,GAAA,CAAI,CAAA,EAAG,iBAAiB,KAAK,CAAA;AACpD,IAAA,MAAM,OAAA,GAAU,IAAA,CAAK,aAAA,CAAc,MAAA,GAAS,CAAA,GACxC,IAAA,CAAK,aAAA,CAAc,CAAC,CAAA,CAAG,SAAA,GAAY,IAAA,CAAK,QAAA,GACxC,MAAM,IAAA,CAAK,QAAA;AAEf,IAAA,OAAO,EAAE,OAAA,EAAS,SAAA,EAAW,OAAA,EAAQ;AAAA,EACvC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,cAAA,CACE,QAAA,EACA,cAAA,EACA,WAAA,EACiB;AAEjB,IAAA,MAAM,MAAA,GAAS,IAAA,CAAK,UAAA,CAAW,QAAA,EAAU,cAAc,CAAA;AACvD,IAAA,IAAI,CAAC,OAAO,OAAA,EAAS;AACnB,MAAA,OAAO,MAAA;AAAA,IACT;AAGA,IAAA,IAAI,gBAAgB,MAAA,EAAW;AAC7B,MAAA,MAAM,YAAA,GAAe,IAAA,CAAK,gBAAA,CAAiB,WAAW,CAAA;AACtD,MAAA,IAAI,CAAC,aAAa,OAAA,EAAS;AACzB,QAAA,OAAO,YAAA;AAAA,MACT;AAAA,IACF;AAGA,IAAA,IAAA,CAAK,WAAW,QAAQ,CAAA;AACxB,IAAA,OAAO,MAAA;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,WAAW,QAAA,EAAwB;AACjC,IAAA,MAAM,GAAA,GAAM,KAAK,GAAA,EAAI;AACrB,IAAA,MAAM,MAAA,GAAqB,EAAE,SAAA,EAAW,GAAA,EAAI;AAG5C,IAAA,MAAM,UAAU,IAAA,CAAK,OAAA,CAAQ,GAAA,CAAI,QAAQ,KAAK,EAAC;AAC/C,IAAA,OAAA,CAAQ,KAAK,MAAM,CAAA;AAGnB,IAAA,IAAI,OAAA,CAAQ,SAAS,sBAAA,EAAwB;AAC3C,MAAA,MAAM,WAAA,GAAc,MAAM,IAAA,CAAK,QAAA;AAC/B,MAAA,MAAM,UAAU,OAAA,CAAQ,MAAA,CAAO,CAAC,CAAA,KAAM,CAAA,CAAE,YAAY,WAAW,CAAA;AAC/D,MAAA,IAAA,CAAK,OAAA,CAAQ,GAAA,CAAI,QAAA,EAAU,OAAO,CAAA;AAAA,IACpC,CAAA,MAAO;AACL,MAAA,IAAA,CAAK,OAAA,CAAQ,GAAA,CAAI,QAAA,EAAU,OAAO,CAAA;AAAA,IACpC;AAGA,IAAA,IAAA,CAAK,aAAA,CAAc,KAAK,MAAM,CAAA;AAC9B,IAAA,IAAI,IAAA,CAAK,aAAA,CAAc,MAAA,GAAS,sBAAA,EAAwB;AACtD,MAAA,MAAM,WAAA,GAAc,MAAM,IAAA,CAAK,QAAA;AAC/B,MAAA,IAAA,CAAK,aAAA,GAAgB,KAAK,aAAA,CAAc,MAAA;AAAA,QACtC,CAAC,CAAA,KAAM,CAAA,CAAE,SAAA,GAAY;AAAA,OACvB;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,SAAS,QAAA,EAA0D;AACjE,IAAA,MAAM,GAAA,GAAM,KAAK,GAAA,EAAI;AACrB,IAAA,MAAM,WAAA,GAAc,MAAM,IAAA,CAAK,QAAA;AAC/B,IAAA,MAAM,OAAA,GAAU,IAAA,CAAK,gBAAA,CAAiB,QAAA,EAAU,WAAW,CAAA;AAC3D,IAAA,OAAO,EAAE,KAAA,EAAO,OAAA,CAAQ,MAAA,EAAQ,WAAA,EAAY;AAAA,EAC9C;AAAA;AAAA;AAAA;AAAA,EAKA,UAAU,QAAA,EAAwB;AAChC,IAAA,IAAA,CAAK,OAAA,CAAQ,OAAO,QAAQ,CAAA;AAAA,EAC9B;AAAA;AAAA;AAAA;AAAA,EAKA,QAAA,GAAiB;AACf,IAAA,IAAA,CAAK,QAAQ,KAAA,EAAM;AACnB,IAAA,IAAA,CAAK,gBAAgB,EAAC;AAAA,EACxB;AAAA,EAEQ,gBAAA,CACN,UACA,WAAA,EACc;AACd,IAAA,MAAM,UAAU,IAAA,CAAK,OAAA,CAAQ,GAAA,CAAI,QAAQ,KAAK,EAAC;AAC/C,IAAA,MAAM,SAAS,OAAA,CAAQ,MAAA,CAAO,CAAC,CAAA,KAAM,CAAA,CAAE,YAAY,WAAW,CAAA;AAG9D,IAAA,IAAI,MAAA,CAAO,MAAA,KAAW,OAAA,CAAQ,MAAA,EAAQ;AACpC,MAAA,IAAA,CAAK,OAAA,CAAQ,GAAA,CAAI,QAAA,EAAU,MAAM,CAAA;AAAA,IACnC;AAEA,IAAA,OAAO,MAAA;AAAA,EACT;AACF;;;ACjKO,IAAM,YAAA,GAAN,cAA2B,KAAA,CAAM;AAAA,EACtC,YAAY,OAAA,EAAiB;AAC3B,IAAA,KAAA;AAAA,MACE,GAAG,OAAO;AAAA;AAAA,8DAAA;AAAA,KAGZ;AACA,IAAA,IAAA,CAAK,IAAA,GAAO,cAAA;AAAA,EACd;AACF;AAwBO,IAAM,YAAN,MAAgB;AAAA,EACJ,YAAA;AAAA,EACA,MAAA;AAAA,EACA,MAAA;AAAA,EACA,cAAA;AAAA,EACA,WAAA;AAAA,EACA,cAAA;AAAA,EACA,WAAA;AAAA,EACA,MAAA;AAAA,EACT,gBAAA,GAAmB,KAAA;AAAA,EAE3B,YAAY,OAAA,EAMT;AAED,IAAA,MAAM,MAAA,GAAS,OAAA,CAAQ,MAAA,IAAU,OAAA,CAAQ,IAAI,iBAAA,IAAqB,EAAA;AAClE,IAAA,IAAI,CAAC,MAAA,EAAQ;AACX,MAAA,MAAM,IAAI,aAAa,wCAAwC,CAAA;AAAA,IACjE;AACA,IAAA,IAAI,CAAC,OAAO,UAAA,CAAW,UAAU,KAAK,CAAC,MAAA,CAAO,UAAA,CAAW,UAAU,CAAA,EAAG;AACpE,MAAA,MAAM,IAAI,YAAA;AAAA,QACR;AAAA,OACF;AAAA,IACF;AACA,IAAA,IAAA,CAAK,MAAA,GAAS,MAAA;AAEd,IAAA,MAAM,EAAE,MAAA,EAAQ,QAAA,EAAS,GAAI,aAAA,CAAc,QAAQ,MAAM,CAAA;AACzD,IAAA,IAAA,CAAK,MAAA,GAAS,MAAA;AACd,IAAA,IAAA,CAAK,cAAA,GAAiB,QAAA;AAEtB,IAAA,IAAA,CAAK,MAAA,GAAS,IAAI,cAAA,CAAe;AAAA,MAC/B,OAAO,MAAA,CAAO,QAAA;AAAA,MACd,SAAS,MAAA,CAAO;AAAA,KACjB,CAAA;AAED,IAAA,KAAA,MAAW,WAAW,QAAA,EAAU;AAC9B,MAAA,OAAA,CAAQ,IAAA,CAAK,CAAA,qBAAA,EAAwB,OAAO,CAAA,CAAE,CAAA;AAAA,IAChD;AAGA,IAAA,MAAM,KAAA,GAAQ,MAAA,CAAO,uBAAA,GAA0B,IAAI,aAAY,GAAI,MAAA;AACnE,IAAA,IAAA,CAAK,YAAA,GAAe,IAAI,YAAA,CAAa;AAAA,MACnC,SAAA,EAAW,OAAA,CAAQ,SAAA,IAAa,MAAA,CAAO,SAAA;AAAA,MACvC,WAAW,MAAA,CAAO,mBAAA;AAAA,MAClB;AAAA,KACD,CAAA;AAGD,IAAA,IAAA,CAAK,WAAA,GAAc,MAAA,CAAO,WAAA,GACtB,IAAI,WAAA,CAAY;AAAA,MACd,QAAQ,MAAA,CAAO,WAAA;AAAA,MACf,YAAY,MAAA,CAAO,eAAA;AAAA,MACnB,SAAA,EAAWE,eAAAA;AAAA,MACX,MAAA,EAAQ,MAAA,CAAO,WAAA,IAAe,OAAA,CAAQ;AAAA,KACvC,CAAA,GACD,IAAA;AAGJ,IAAA,IAAA,CAAK,cAAA,GAAiB,MAAA,CAAO,aAAA,GACzB,IAAI,cAAA,CAAe,EAAE,aAAA,EAAe,MAAA,CAAO,aAAA,EAAe,CAAA,GAC1D,IAAA;AAGJ,IAAA,IAAA,CAAK,WAAA,GAAc,IAAI,WAAA,EAAY;AAAA,EACrC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAc,eAAA,GAAiC;AAC7C,IAAA,IAAI,KAAK,gBAAA,EAAkB;AAG3B,IAAA,IAAI,IAAA,CAAK,MAAA,CAAO,UAAA,CAAW,UAAU,CAAA,EAAG;AACtC,MAAA,IAAA,CAAK,gBAAA,GAAmB,IAAA;AACxB,MAAA;AAAA,IACF;AAEA,IAAA,MAAM,MAAA,GAAS,IAAA,CAAK,MAAA,CAAO,MAAA,IAAU,2BAAA;AACrC,IAAA,IAAI;AACF,MAAA,MAAM,GAAA,GAAM,MAAM,KAAA,CAAM,CAAA,EAAG,MAAM,CAAA,eAAA,CAAA,EAAmB;AAAA,QAClD,OAAA,EAAS;AAAA,UACP,aAAa,IAAA,CAAK,MAAA;AAAA,UAClB,eAAA,EAAiB,CAAA,OAAA,EAAU,IAAA,CAAK,MAAM,CAAA;AAAA,SACxC;AAAA,QACA,MAAA,EAAQ,WAAA,CAAY,OAAA,CAAQ,GAAM;AAAA,OACnC,CAAA;AAED,MAAA,IAAI,GAAA,CAAI,WAAW,GAAA,EAAK;AACtB,QAAA,MAAM,IAAI,aAAa,6BAA6B,CAAA;AAAA,MACtD;AACA,MAAA,IAAI,GAAA,CAAI,WAAW,GAAA,EAAK;AACtB,QAAA,MAAM,IAAI,aAAa,+DAA+D,CAAA;AAAA,MACxF;AAEA,MAAA,IAAA,CAAK,gBAAA,GAAmB,IAAA;AAAA,IAC1B,SAAS,GAAA,EAAK;AACZ,MAAA,IAAI,GAAA,YAAe,cAAc,MAAM,GAAA;AACvC,MAAA,MAAM,IAAI,YAAA;AAAA,QACR;AAAA,OACF;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,eAAA,CACJ,MAAA,EACA,YAAA,EAC4B;AAE5B,IAAA,MAAM,KAAK,eAAA,EAAgB;AAE3B,IAAA,OAAO,iBAAA,CAAkB,QAAQ,YAAA,EAAc;AAAA,MAC7C,cAAc,IAAA,CAAK,YAAA;AAAA,MACnB,eAAA,EAAiB,KAAK,MAAA,CAAO,eAAA;AAAA,MAC7B,aAAA,EAAe,KAAK,MAAA,CAAO,aAAA;AAAA,MAC3B,YAAY,CAAC,MAAA,KAAW,IAAA,CAAK,MAAA,CAAO,YAAY,MAAM,CAAA;AAAA,MACtD,WAAA,EAAa,KAAK,WAAA,IAAe,MAAA;AAAA,MACjC,cAAA,EAAgB,KAAK,cAAA,IAAkB,MAAA;AAAA,MACvC,aAAa,IAAA,CAAK,WAAA;AAAA,MAClB,gBAAA,EAAkB,KAAK,MAAA,CAAO,gBAAA;AAAA,MAC9B,gBAAA,EAAkB,KAAK,MAAA,CAAO,gBAAA;AAAA,MAC9B,wBAAA,EAA0B,KAAK,MAAA,CAAO;AAAA,KACvC,CAAA;AAAA,EACH;AAAA;AAAA,EAGA,UAAA,CACE,WACA,OAAA,EACA;AACA,IAAA,OAAO,IAAA,CAAK,YAAA,CAAa,aAAA,CAAc,SAAA,EAAW,OAAO,CAAA;AAAA,EAC3D;AAAA;AAAA,EAGA,WAAA,GAAiC;AAC/B,IAAA,OAAO;AAAA,MACL,GAAG,IAAA,CAAK,cAAA;AAAA,MACR,GAAG,IAAA,CAAK,YAAA,CAAa,mBAAA,GAAsB,GAAA,CAAI,CAAC,CAAA,KAAM,CAAA,CAAA,EAAI,CAAA,CAAE,KAAK,CAAA,EAAA,EAAK,CAAA,CAAE,OAAO,CAAA,CAAE;AAAA,KACnF;AAAA,EACF;AAAA;AAAA,EAGA,eAAA,GAAgC;AAC9B,IAAA,OAAO,IAAA,CAAK,YAAA;AAAA,EACd;AAAA;AAAA,EAGA,cAAA,GAA8B;AAC5B,IAAA,OAAO,IAAA,CAAK,WAAA;AAAA,EACd;AAAA;AAAA,EAGA,cAAA,GAAqC;AACnC,IAAA,OAAO,IAAA,CAAK,WAAA;AAAA,EACd;AACF;ACxKO,IAAM,eAAA,GAAN,cAA8B,SAAA,CAAU;AAAA,EAC5B,IAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASjB,WAAA,CACE,UAAA,EACA,gBAAA,EACA,UAAA,EACA;AACA,IAAA,KAAA,CAAM,YAAY,UAAU,CAAA;AAE5B,IAAA,IAAA,CAAK,IAAA,GAAO,IAAI,SAAA,CAAU;AAAA,MACxB,MAAM,UAAA,CAAW,IAAA;AAAA,MACjB,SAAS,UAAA,CAAW,OAAA;AAAA,MACpB,QAAQ,gBAAA,EAAkB,MAAA;AAAA,MAC1B,WAAW,gBAAA,EAAkB,SAAA;AAAA,MAC7B,QAAQ,gBAAA,EAAkB;AAAA,KAC3B,CAAA;AAED,IAAA,MAAM,QAAA,GAAW,IAAA,CAAK,IAAA,CAAK,WAAA,EAAY;AACvC,IAAA,KAAA,MAAW,KAAK,QAAA,EAAU;AACxB,MAAA,OAAA,CAAQ,IAAA,CAAK,CAAA,YAAA,EAAe,CAAC,CAAA,CAAE,CAAA;AAAA,IACjC;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASS,IAAA,CAAK,SAAiB,IAAA,EAAgD;AAC7E,IAAA,MAAM,OAAA,GAAU,IAAA,CAAK,IAAA,CAAK,MAAA,GAAS,CAAC,CAAA;AACpC,IAAA,IAAI,OAAO,YAAY,UAAA,EAAY;AAEjC,MAAA,OAAQ,MAAM,IAAA,CAAkB,IAAA,CAAK,IAAA,EAAM,IAAA,EAAM,GAAG,IAAI,CAAA;AAAA,IAC1D;AAEA,IAAA,MAAM,QAAA,GAAW,IAAA;AACjB,IAAA,MAAM,OAAO,IAAA,CAAK,IAAA;AAElB,IAAA,IAAA,CAAK,IAAA,CAAK,MAAA,GAAS,CAAC,CAAA,GAAI,UAAU,QAAA,KAAwB;AAIxD,MAAA,MAAM,WACJ,QAAA,CAAS,MAAA,GAAS,CAAA,IAClB,OAAO,SAAS,CAAC,CAAA,KAAM,QAAA,IACvB,QAAA,CAAS,CAAC,CAAA,KAAM,IAAA,GACX,QAAA,CAAS,CAAC,IACX,EAAC;AAEP,MAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,eAAA;AAAA,QACxB,EAAE,IAAA,EAAM,QAAA,EAAU,SAAA,EAAW,QAAA,EAAS;AAAA,QACtC,YAAa,OAAA,CAAqB,GAAG,QAAQ;AAAA,OAC/C;AAGA,MAAA,OAAO,EAAE,GAAG,MAAA,EAAQ,OAAA,EAAS,CAAC,GAAG,MAAA,CAAO,OAAO,CAAA,EAAE;AAAA,IACnD,CAAA;AAEA,IAAA,OAAQ,MAAM,IAAA,CAAkB,IAAA,CAAK,IAAA,EAAM,IAAA,EAAM,GAAG,IAAI,CAAA;AAAA,EAC1D;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOS,YAAA,CACP,IAAA,EACA,MAAA,EACA,EAAA,EACuC;AACvC,IAAA,IAAI,OAAO,OAAO,UAAA,EAAY;AAC5B,MAAA,OAAQ,MAAM,YAAA,CAA0B,IAAA,CAAK,IAAA,EAAM,IAAA,EAAM,QAAQ,EAAE,CAAA;AAAA,IACrE;AAEA,IAAA,MAAM,QAAA,GAAW,IAAA;AACjB,IAAA,MAAM,OAAO,IAAA,CAAK,IAAA;AAElB,IAAA,MAAM,SAAA,GAAY,UAAU,QAAA,KAAwB;AAClD,MAAA,MAAM,WACJ,QAAA,CAAS,MAAA,GAAS,CAAA,IAClB,OAAO,SAAS,CAAC,CAAA,KAAM,QAAA,IACvB,QAAA,CAAS,CAAC,CAAA,KAAM,IAAA,GACX,QAAA,CAAS,CAAC,IACX,EAAC;AAEP,MAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,eAAA;AAAA,QACxB,EAAE,IAAA,EAAM,QAAA,EAAU,SAAA,EAAW,QAAA,EAAS;AAAA,QACtC,YAAa,EAAA,CAAgB,GAAG,QAAQ;AAAA,OAC1C;AAEA,MAAA,OAAO,EAAE,GAAG,MAAA,EAAQ,OAAA,EAAS,CAAC,GAAG,MAAA,CAAO,OAAO,CAAA,EAAE;AAAA,IACnD,CAAA;AAEA,IAAA,OAAQ,MAAM,YAAA,CAA0B,IAAA,CAAK,IAAA,EAAM,IAAA,EAAM,QAAQ,SAAS,CAAA;AAAA,EAC5E;AAAA;AAAA,EAGA,YAAA,GAA0B;AACxB,IAAA,OAAO,IAAA,CAAK,IAAA;AAAA,EACd;AACF;ACtIA,IAAM,eAAA,GAAkB,2BAAA;AACxB,IAAM,WAAA,GAAc,IAAA;AACpB,IAAM,WAAA,GAAc,OAAA;AA+Cb,IAAM,QAAA,GAAN,cAAuB,KAAA,CAAM;AAAA,EAClC,WAAA,CACE,OAAA,EACgB,UAAA,EACA,SAAA,EACA,OAAe,WAAA,EAC/B;AACA,IAAA,KAAA,CAAM,OAAO,CAAA;AAJG,IAAA,IAAA,CAAA,UAAA,GAAA,UAAA;AACA,IAAA,IAAA,CAAA,SAAA,GAAA,SAAA;AACA,IAAA,IAAA,CAAA,IAAA,GAAA,IAAA;AAGhB,IAAA,IAAA,CAAK,IAAA,GAAO,UAAA;AAAA,EACd;AACF;AAEO,IAAM,mBAAA,GAAN,cAAkC,QAAA,CAAS;AAAA,EAChD,WAAA,CAAY,UAAU,iBAAA,EAAmB;AACvC,IAAA,KAAA,CAAM,OAAA,EAAS,GAAA,EAAK,MAAA,EAAW,sBAAsB,CAAA;AACrD,IAAA,IAAA,CAAK,IAAA,GAAO,qBAAA;AAAA,EACd;AACF;AAEO,IAAMC,eAAAA,GAAN,cAA6B,QAAA,CAAS;AAAA,EAC3C,WAAA,CACE,SACgB,UAAA,EAChB;AACA,IAAA,KAAA,CAAM,OAAA,EAAS,GAAA,EAAK,MAAA,EAAW,kBAAkB,CAAA;AAFjC,IAAA,IAAA,CAAA,UAAA,GAAA,UAAA;AAGhB,IAAA,IAAA,CAAK,IAAA,GAAO,gBAAA;AAAA,EACd;AACF;AAGA,IAAM,mBAAN,MAAuB;AAAA,EACrB,YAAoB,MAAA,EAAsB;AAAtB,IAAA,IAAA,CAAA,MAAA,GAAA,MAAA;AAAA,EAAuB;AAAA,EAE3C,MAAM,GAAA,CAAI,QAAA,GAAW,SAAA,EAAW,OAAA,EAAsC;AACpE,IAAA,MAAM,MAAA,GAAS,OAAA,GAAU,CAAA,SAAA,EAAY,OAAO,CAAA,CAAA,GAAK,EAAA;AACjD,IAAA,OAAO,IAAA,CAAK,OAAO,OAAA,CAAQ,KAAA,EAAO,aAAa,QAAQ,CAAA,EAAG,MAAM,CAAA,CAAE,CAAA;AAAA,EACpE;AAAA,EAEA,MAAM,IAAA,GAAoF;AACxF,IAAA,OAAO,IAAA,CAAK,MAAA,CAAO,OAAA,CAAQ,KAAA,EAAO,WAAW,CAAA;AAAA,EAC/C;AAAA,EAEA,MAAM,OAAO,MAAA,EAAuC;AAClD,IAAA,OAAO,IAAA,CAAK,MAAA,CAAO,OAAA,CAAQ,MAAA,EAAQ,aAAa,MAAM,CAAA;AAAA,EACxD;AAAA,EAEA,MAAM,MAAA,CAAO,QAAA,EAAkB,MAAA,EAAuC;AACpE,IAAA,OAAO,KAAK,MAAA,CAAO,OAAA,CAAQ,OAAO,CAAA,UAAA,EAAa,QAAQ,IAAI,MAAM,CAAA;AAAA,EACnE;AACF,CAAA;AAEA,IAAM,iBAAN,MAAqB;AAAA,EACnB,YAAoB,MAAA,EAAsB;AAAtB,IAAA,IAAA,CAAA,MAAA,GAAA,MAAA;AAAA,EAAuB;AAAA,EAE3C,MAAM,MAAA,CAAO,IAAA,EAAc,KAAA,EAAgB,aAAa,EAAA,EAA0B;AAChF,IAAA,MAAM,WAAW,MAAM,IAAA,CAAK,MAAA,CAAO,OAAA,CAMhC,QAAQ,SAAA,EAAW;AAAA,MACpB,IAAA;AAAA,MACA,KAAA,EAAO,KAAA,IAAS,CAAA,QAAA,EAAW,IAAI,CAAA,CAAA;AAAA,MAC/B,WAAA,EAAa;AAAA,KACd,CAAA;AAED,IAAA,OAAO;AAAA,MACL,OAAO,QAAA,CAAS,KAAA;AAAA,MAChB,MAAM,QAAA,CAAS,IAAA;AAAA,MACf,OAAO,QAAA,CAAS,KAAA;AAAA,MAChB,WAAW,QAAA,CAAS,UAAA;AAAA,MACpB,OAAO,QAAA,CAAS;AAAA,KAClB;AAAA,EACF;AAAA,EAEA,MAAM,OAAO,KAAA,EAA2F;AACtG,IAAA,OAAO,KAAK,MAAA,CAAO,OAAA,CAAQ,QAAQ,gBAAA,EAAkB,EAAE,OAAO,CAAA;AAAA,EAChE;AACF,CAAA;AAEA,IAAM,gBAAN,MAAoB;AAAA,EAClB,YAAoB,MAAA,EAAsB;AAAtB,IAAA,IAAA,CAAA,MAAA,GAAA,MAAA;AAAA,EAAuB;AAAA,EAE3C,MAAM,IAAA,GAAmC;AACvC,IAAA,OAAO,IAAA,CAAK,MAAA,CAAO,OAAA,CAAQ,KAAA,EAAO,QAAQ,CAAA;AAAA,EAC5C;AAAA,EAEA,MAAM,IAAI,IAAA,EAA6B;AACrC,IAAA,OAAO,KAAK,MAAA,CAAO,OAAA,CAAQ,KAAA,EAAO,CAAA,OAAA,EAAU,IAAI,CAAA,CAAE,CAAA;AAAA,EACpD;AAAA,EAEA,MAAM,SACJ,IAAA,EACA,WAAA,EACA,aACA,WAAA,GAAwB,CAAC,MAAM,CAAA,EAChB;AACf,IAAA,OAAO,IAAA,CAAK,MAAA,CAAO,OAAA,CAAQ,MAAA,EAAQ,QAAA,EAAU;AAAA,MAC3C,IAAA;AAAA,MACA,WAAA;AAAA,MACA,YAAA,EAAc,WAAA;AAAA,MACd;AAAA,KACD,CAAA;AAAA,EACH;AAAA,EAEA,MAAM,MAAA,CAAO,IAAA,EAAc,IAAA,EAAoC;AAC7D,IAAA,OAAO,KAAK,MAAA,CAAO,OAAA,CAAQ,OAAO,CAAA,OAAA,EAAU,IAAI,IAAI,IAAI,CAAA;AAAA,EAC1D;AAAA,EAEA,MAAM,OAAO,IAAA,EAA6C;AACxD,IAAA,OAAO,KAAK,MAAA,CAAO,OAAA,CAAQ,QAAA,EAAU,CAAA,OAAA,EAAU,IAAI,CAAA,CAAE,CAAA;AAAA,EACvD;AACF,CAAA;AAGO,IAAM,eAAN,MAAmB;AAAA,EACP,MAAA;AAAA,EACA,MAAA;AAAA,EACA,OAAA;AAAA,EACA,UAAA;AAAA,EAED,QAAA;AAAA,EACA,MAAA;AAAA,EACA,KAAA;AAAA,EAEhB,YAAY,MAAA,EAA4B;AAEtC,IAAA,IAAI,OAAO,WAAW,QAAA,EAAU;AAC9B,MAAA,MAAA,GAAS,EAAE,QAAQ,MAAA,EAAO;AAAA,IAC5B;AAGA,IAAA,IAAA,CAAK,MAAA,GAAS,OAAO,MAAA,KAAW,OAAO,YAAY,WAAA,GAAc,OAAA,CAAQ,GAAA,CAAI,iBAAA,GAAoB,EAAA,CAAA,IAAO,EAAA;AAExG,IAAA,IAAI,CAAC,KAAK,MAAA,EAAQ;AAChB,MAAA,MAAM,IAAI,mBAAA;AAAA,QACR;AAAA,OACF;AAAA,IACF;AAGA,IAAA,IAAI,CAAC,IAAA,CAAK,MAAA,CAAO,UAAA,CAAW,UAAU,CAAA,IAAK,CAAC,IAAA,CAAK,MAAA,CAAO,UAAA,CAAW,UAAU,CAAA,EAAG;AAC9E,MAAA,MAAM,IAAI,mBAAA;AAAA,QACR;AAAA,OACF;AAAA,IACF;AAEA,IAAA,IAAA,CAAK,MAAA,GAAS,OAAO,MAAA,IAAU,eAAA;AAC/B,IAAA,IAAA,CAAK,OAAA,GAAU,OAAO,OAAA,IAAW,GAAA;AACjC,IAAA,IAAA,CAAK,UAAA,GAAa,OAAO,UAAA,IAAc,CAAA;AAGvC,IAAA,IAAA,CAAK,QAAA,GAAW,IAAI,gBAAA,CAAiB,IAAI,CAAA;AACzC,IAAA,IAAA,CAAK,MAAA,GAAS,IAAI,cAAA,CAAe,IAAI,CAAA;AACrC,IAAA,IAAA,CAAK,KAAA,GAAQ,IAAI,aAAA,CAAc,IAAI,CAAA;AAAA,EACrC;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,OAAA,CAAW,MAAA,EAAgB,IAAA,EAAc,IAAA,EAA4B;AACzE,IAAA,MAAM,MAAM,CAAA,EAAG,IAAA,CAAK,MAAM,CAAA,KAAA,EAAQ,WAAW,GAAG,IAAI,CAAA,CAAA;AACpD,IAAA,IAAI,SAAA;AAEJ,IAAA,KAAA,IAAS,OAAA,GAAU,CAAA,EAAG,OAAA,GAAU,IAAA,CAAK,YAAY,OAAA,EAAA,EAAW;AAC1D,MAAA,IAAI;AACF,QAAA,MAAM,UAAA,GAAa,IAAI,eAAA,EAAgB;AACvC,QAAA,MAAM,YAAY,UAAA,CAAW,MAAM,WAAW,KAAA,EAAM,EAAG,KAAK,OAAO,CAAA;AAEnE,QAAA,MAAM,QAAA,GAAW,MAAM,KAAA,CAAM,GAAA,EAAK;AAAA,UAChC,MAAA;AAAA,UACA,OAAA,EAAS;AAAA,YACP,aAAa,IAAA,CAAK,MAAA;AAAA,YAClB,eAAA,EAAiB,CAAA,OAAA,EAAU,IAAA,CAAK,MAAM,CAAA,CAAA;AAAA,YACtC,cAAA,EAAgB,kBAAA;AAAA,YAChB,YAAA,EAAc,gBAAgB,WAAW,CAAA;AAAA,WAC3C;AAAA,UACA,IAAA,EAAM,IAAA,GAAO,IAAA,CAAK,SAAA,CAAU,IAAI,CAAA,GAAI,KAAA,CAAA;AAAA,UACpC,QAAQ,UAAA,CAAW;AAAA,SACpB,CAAA;AAED,QAAA,YAAA,CAAa,SAAS,CAAA;AAEtB,QAAA,IAAI,QAAA,CAAS,WAAW,GAAA,EAAK;AAC3B,UAAA,MAAM,aAAa,QAAA,CAAS,QAAA,CAAS,QAAQ,GAAA,CAAI,aAAa,KAAK,GAAG,CAAA;AACtE,UAAA,MAAM,IAAI,QAAQ,CAAC,OAAA,KAAY,WAAW,OAAA,EAAS,UAAA,GAAa,GAAI,CAAC,CAAA;AACrE,UAAA;AAAA,QACF;AAEA,QAAA,IAAI,QAAA,CAAS,WAAW,GAAA,EAAK;AAC3B,UAAA,MAAM,IAAI,oBAAoB,iBAAiB,CAAA;AAAA,QACjD;AAEA,QAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,UAAA,MAAM,SAAA,GAAa,MAAM,QAAA,CAAS,IAAA,GAAO,KAAA,CAAM,OAAO,EAAC,CAAE,CAAA;AACzD,UAAA,MAAM,IAAI,QAAA;AAAA,YACR,SAAA,CAAU,OAAO,OAAA,IAAW,eAAA;AAAA,YAC5B,QAAA,CAAS,MAAA;AAAA,YACT,QAAA,CAAS,OAAA,CAAQ,GAAA,CAAI,cAAc,CAAA,IAAK,KAAA;AAAA,WAC1C;AAAA,QACF;AAEA,QAAA,OAAQ,MAAM,SAAS,IAAA,EAAK;AAAA,MAC9B,SAAS,KAAA,EAAO;AACd,QAAA,IAAI,KAAA,YAAiB,QAAA,IAAY,KAAA,YAAiB,mBAAA,EAAqB;AACrE,UAAA,MAAM,KAAA;AAAA,QACR;AACA,QAAA,SAAA,GAAY,KAAA;AAAA,MACd;AAAA,IACF;AAEA,IAAA,MAAM,IAAI,QAAA,CAAS,SAAA,EAAW,OAAA,IAAW,gBAAgB,CAAA;AAAA,EAC3D;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAaA,MAAM,QAAA,CACJ,IAAA,EACA,IAAA,EACA,OAAA,GAGI,EAAC,EACsB;AAC3B,IAAA,MAAM,SAAA,GAAY,YAAY,GAAA,EAAI;AAElC,IAAA,MAAM,QAAA,GAAW,MAAM,IAAA,CAAK,OAAA,CAWzB,QAAQ,WAAA,EAAa;AAAA,MACtB,IAAA;AAAA,MACA,SAAA,EAAW,IAAA;AAAA,MACX,WAAA,EAAa,OAAA,CAAQ,UAAA,IAAc,UAAA,CAAW,QAAA;AAAA,MAC9C,aAAA,EAAe,QAAQ,YAAA,KAAiB;AAAA,KACzC,CAAA;AAED,IAAA,MAAM,SAAA,GAAY,WAAA,CAAY,GAAA,EAAI,GAAI,SAAA;AAEtC,IAAA,OAAO;AAAA,MACL,SAAS,QAAA,CAAS,OAAA;AAAA,MAClB,IAAA;AAAA,MACA,QAAA,EAAU,SAAS,QAAA,GACf;AAAA,QACE,MAAA,EAAQ,SAAS,QAAA,CAAS,MAAA;AAAA,QAC1B,WAAA,EAAa,SAAS,QAAA,CAAS,YAAA;AAAA,QAC/B,MAAA,EAAQ,SAAS,QAAA,CAAS,MAAA;AAAA,QAC1B,SAAA,EAAW,SAAS,QAAA,CAAS,YAAA;AAAA,QAC7B,gBAAA,EAAkB;AAAA,OACpB,GACA,MAAA;AAAA,MACJ,OAAO,QAAA,CAAS,KAAA;AAAA,MAChB,gBAAgB,QAAA,CAAS,gBAAA;AAAA,MACzB,WAAW,QAAA,CAAS,UAAA;AAAA,MACpB;AAAA,KACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,UAAA,GAAsB;AACpB,IAAA,OAAO,IAAA,CAAK,MAAA,CAAO,UAAA,CAAW,UAAU,CAAA;AAAA,EAC1C;AAAA;AAAA;AAAA;AAAA,EAKA,UAAA,GAAsB;AACpB,IAAA,OAAO,IAAA,CAAK,MAAA,CAAO,UAAA,CAAW,UAAU,CAAA;AAAA,EAC1C;AACF","file":"index.js","sourcesContent":["import type { PolicySet, InputGuardConfig } from '@solongate/core';\nimport { UNSAFE_CONFIGURATION_WARNINGS, DEFAULT_INPUT_GUARD_CONFIG } from '@solongate/core';\n\n/**\n * Configuration for the SolonGate SDK.\n * All fields have secure defaults. Weakening requires explicit opt-in.\n */\nexport interface SolonGateConfig {\n readonly policySet?: PolicySet;\n readonly validateSchemas: boolean;\n readonly enableLogging: boolean;\n readonly logLevel: 'debug' | 'info' | 'warn' | 'error';\n readonly evaluationTimeoutMs: number;\n readonly verboseErrors: boolean;\n readonly globalRateLimitPerMinute: number;\n\n // Phase 1 additions\n readonly rateLimitPerTool: number;\n readonly tokenSecret?: string;\n readonly tokenTtlSeconds: number;\n readonly tokenIssuer?: string;\n readonly gatewaySecret?: string;\n readonly inputGuardConfig: InputGuardConfig;\n readonly enableVersionedPolicies: boolean;\n readonly apiUrl?: string;\n}\n\nexport const DEFAULT_CONFIG: Readonly<SolonGateConfig> = Object.freeze({\n validateSchemas: true,\n enableLogging: true,\n logLevel: 'info',\n evaluationTimeoutMs: 100,\n verboseErrors: false,\n globalRateLimitPerMinute: 600,\n rateLimitPerTool: 60,\n tokenTtlSeconds: 30,\n inputGuardConfig: DEFAULT_INPUT_GUARD_CONFIG,\n enableVersionedPolicies: true,\n});\n\nexport function resolveConfig(\n userConfig?: Partial<SolonGateConfig>,\n): { config: SolonGateConfig; warnings: string[] } {\n const warnings: string[] = [];\n const config = { ...DEFAULT_CONFIG, ...userConfig };\n\n if (!config.validateSchemas) {\n warnings.push(UNSAFE_CONFIGURATION_WARNINGS.DISABLED_VALIDATION);\n }\n if (config.globalRateLimitPerMinute === 0) {\n warnings.push(UNSAFE_CONFIGURATION_WARNINGS.RATE_LIMIT_ZERO);\n }\n if (config.verboseErrors) {\n warnings.push(\n 'Verbose errors enabled: internal error details will be sent to the LLM.',\n );\n }\n if (config.tokenSecret && config.tokenSecret.length < 32) {\n warnings.push(\n 'Token secret is shorter than 32 characters. Use a longer secret for production.',\n );\n }\n\n return { config, warnings };\n}\n","import type {\n ExecutionRequest,\n ExecutionResult,\n McpCallToolParams,\n McpCallToolResult,\n} from '@solongate/core';\nimport {\n Permission,\n PolicyDeniedError,\n SchemaValidationError,\n RateLimitError,\n createDeniedToolResult,\n createSecurityContext,\n sanitizeInput,\n type InputGuardConfig,\n DEFAULT_INPUT_GUARD_CONFIG,\n} from '@solongate/core';\nimport type { PolicyEngine } from '@solongate/policy-engine';\nimport type { TokenIssuer } from './token-issuer.js';\nimport type { ServerVerifier } from './server-verifier.js';\nimport type { RateLimiter } from './rate-limiter.js';\nimport { randomUUID } from 'node:crypto';\n\nexport interface InterceptorOptions {\n readonly policyEngine: PolicyEngine;\n readonly validateSchemas: boolean;\n readonly verboseErrors: boolean;\n readonly onDecision?: (result: ExecutionResult) => void;\n\n // Phase 1 additions\n readonly tokenIssuer?: TokenIssuer;\n readonly serverVerifier?: ServerVerifier;\n readonly rateLimiter?: RateLimiter;\n readonly inputGuardConfig?: InputGuardConfig;\n readonly rateLimitPerTool?: number;\n readonly globalRateLimitPerMinute?: number;\n}\n\n/**\n * Intercepts an MCP tool call and runs the full security pipeline:\n *\n * 1. Rate limit check → RateLimitError if exceeded\n * 2. Input guard (sanitization) → SchemaValidationError if dangerous\n * 3. Policy evaluation → PolicyDeniedError if denied\n * 4. Issue capability token (if TokenIssuer configured)\n * 5. Sign request (if ServerVerifier configured)\n * 6. Call upstream\n * 7. Record rate limit usage\n * 8. Log to audit trail\n * 9. Return result\n */\nexport async function interceptToolCall(\n params: McpCallToolParams,\n upstreamCall: (params: McpCallToolParams) => Promise<McpCallToolResult>,\n options: InterceptorOptions,\n): Promise<McpCallToolResult> {\n const requestId = randomUUID();\n const timestamp = new Date().toISOString();\n\n const context = createSecurityContext({ requestId });\n\n const request: ExecutionRequest = {\n context,\n toolName: params.name,\n serverName: 'default',\n arguments: params.arguments ?? {},\n requiredPermission: Permission.EXECUTE,\n timestamp,\n };\n\n // --- Step 1: Rate limit check ---\n if (options.rateLimiter) {\n // Per-tool rate limit\n if (options.rateLimitPerTool) {\n const toolLimit = options.rateLimiter.checkLimit(\n params.name,\n options.rateLimitPerTool,\n );\n if (!toolLimit.allowed) {\n const result: ExecutionResult = {\n status: 'ERROR',\n request,\n error: new RateLimitError(params.name, options.rateLimitPerTool),\n timestamp: new Date().toISOString(),\n };\n options.onDecision?.(result);\n return createDeniedToolResult(\n `Rate limit exceeded for tool \"${params.name}\"`,\n );\n }\n }\n\n // Global rate limit\n if (options.globalRateLimitPerMinute) {\n const globalLimit = options.rateLimiter.checkGlobalLimit(\n options.globalRateLimitPerMinute,\n );\n if (!globalLimit.allowed) {\n const result: ExecutionResult = {\n status: 'ERROR',\n request,\n error: new RateLimitError('*', options.globalRateLimitPerMinute),\n timestamp: new Date().toISOString(),\n };\n options.onDecision?.(result);\n return createDeniedToolResult('Global rate limit exceeded');\n }\n }\n }\n\n // --- Step 2: Input guard (sanitization) ---\n if (options.validateSchemas && params.arguments) {\n const guardConfig = options.inputGuardConfig ?? DEFAULT_INPUT_GUARD_CONFIG;\n const sanitization = sanitizeInput('arguments', params.arguments, guardConfig);\n\n if (!sanitization.safe) {\n const threatDescriptions = sanitization.threats.map(\n (t) => `${t.type}: ${t.description} (field: ${t.field})`,\n );\n const result: ExecutionResult = {\n status: 'ERROR',\n request,\n error: new SchemaValidationError(params.name, threatDescriptions),\n timestamp: new Date().toISOString(),\n };\n options.onDecision?.(result);\n\n const reason = options.verboseErrors\n ? `Input validation failed: ${sanitization.threats.length} threat(s) detected`\n : 'Input validation failed.';\n return createDeniedToolResult(reason);\n }\n }\n\n // --- Step 3: Policy evaluation ---\n const decision = options.policyEngine.evaluate(request);\n\n if (decision.effect === 'DENY') {\n const result: ExecutionResult = {\n status: 'DENIED',\n request,\n decision,\n timestamp: new Date().toISOString(),\n };\n options.onDecision?.(result);\n\n const reason = options.verboseErrors\n ? decision.reason\n : 'Tool execution denied by security policy.';\n return createDeniedToolResult(reason);\n }\n\n // --- Step 4: Issue capability token ---\n let capabilityToken: string | undefined;\n if (options.tokenIssuer) {\n capabilityToken = options.tokenIssuer.issue(\n requestId,\n [Permission.EXECUTE],\n [params.name],\n );\n }\n\n // --- Step 5: Sign request ---\n if (options.serverVerifier && capabilityToken) {\n options.serverVerifier.createSignedRequest(params, capabilityToken);\n }\n\n // --- Step 6: Call upstream ---\n try {\n const startTime = performance.now();\n const toolResult = await upstreamCall(params);\n const durationMs = performance.now() - startTime;\n\n // --- Step 7: Record rate limit usage ---\n if (options.rateLimiter) {\n options.rateLimiter.recordCall(params.name);\n }\n\n // --- Step 8: Log to audit trail ---\n const result: ExecutionResult = {\n status: 'ALLOWED',\n request,\n decision,\n toolResult,\n durationMs,\n timestamp: new Date().toISOString(),\n };\n options.onDecision?.(result);\n\n return toolResult;\n } catch (error) {\n const result: ExecutionResult = {\n status: 'ERROR',\n request,\n error: error instanceof Error\n ? new PolicyDeniedError(params.name, error.message)\n : new PolicyDeniedError(params.name, 'Unknown upstream error'),\n timestamp: new Date().toISOString(),\n };\n options.onDecision?.(result);\n throw error;\n }\n}\n","import type { ExecutionResult } from '@solongate/core';\n\nexport type LogLevel = 'debug' | 'info' | 'warn' | 'error';\n\nconst LOG_LEVEL_ORDER: Record<LogLevel, number> = {\n debug: 0,\n info: 1,\n warn: 2,\n error: 3,\n};\n\n/**\n * Structured security event logger.\n * Outputs JSON-formatted log entries for machine consumption.\n */\nexport class SecurityLogger {\n private readonly minLevel: LogLevel;\n private readonly enabled: boolean;\n\n constructor(options: { level: LogLevel; enabled: boolean }) {\n this.minLevel = options.level;\n this.enabled = options.enabled;\n }\n\n logDecision(result: ExecutionResult): void {\n if (!this.enabled) return;\n\n const entry = {\n type: 'security_decision',\n status: result.status,\n toolName: result.request.toolName,\n permission: result.request.requiredPermission,\n trustLevel: result.request.context.trustLevel,\n requestId: result.request.context.requestId,\n timestamp: result.timestamp,\n ...(result.status === 'ALLOWED' && { durationMs: result.durationMs }),\n ...(result.status === 'DENIED' && { reason: result.decision.reason }),\n ...(result.status === 'ERROR' && { error: result.error.code }),\n };\n\n if (result.status === 'DENIED' || result.status === 'ERROR') {\n this.log('warn', entry);\n } else {\n this.log('info', entry);\n }\n }\n\n private log(level: LogLevel, data: Record<string, unknown>): void {\n if (LOG_LEVEL_ORDER[level] < LOG_LEVEL_ORDER[this.minLevel]) return;\n\n const output = JSON.stringify({ level, ...data });\n switch (level) {\n case 'error':\n console.error(`[SolonGate] ${output}`);\n break;\n case 'warn':\n console.warn(`[SolonGate] ${output}`);\n break;\n case 'debug':\n console.debug(`[SolonGate] ${output}`);\n break;\n default:\n console.info(`[SolonGate] ${output}`);\n }\n }\n}\n","import { createHmac, randomUUID } from 'node:crypto';\nimport type {\n CapabilityToken,\n TokenConfig,\n TokenVerificationResult,\n Permission,\n} from '@solongate/core';\nimport {\n DEFAULT_TOKEN_TTL_SECONDS,\n TOKEN_ALGORITHM,\n MIN_SECRET_LENGTH,\n} from '@solongate/core';\n\n/**\n * Issues and verifies capability tokens using HMAC-SHA256.\n *\n * Security properties:\n * - Short-lived TTL (default 30 seconds)\n * - Single-use nonces (replay prevention)\n * - Revocation support\n * - No external JWT library dependency\n */\nexport class TokenIssuer {\n private readonly secret: string;\n private readonly ttlSeconds: number;\n private readonly issuer: string;\n private readonly usedNonces = new Set<string>();\n private readonly revokedTokens = new Set<string>();\n\n constructor(config: TokenConfig) {\n if (config.secret.length < MIN_SECRET_LENGTH) {\n throw new Error(\n `Token secret must be at least ${MIN_SECRET_LENGTH} characters`,\n );\n }\n this.secret = config.secret;\n this.ttlSeconds = config.ttlSeconds || DEFAULT_TOKEN_TTL_SECONDS;\n this.issuer = config.issuer;\n }\n\n /**\n * Issues a signed capability token.\n */\n issue(\n requestId: string,\n permissions: readonly Permission[],\n toolScope: readonly string[],\n serverScope: readonly string[] = ['*'],\n pathScope?: readonly string[],\n ): string {\n const now = Math.floor(Date.now() / 1000);\n const jti = randomUUID();\n\n const payload: CapabilityToken = {\n jti,\n iss: this.issuer,\n sub: requestId,\n iat: now,\n exp: now + this.ttlSeconds,\n permissions: [...permissions],\n toolScope: [...toolScope],\n serverScope: [...serverScope],\n ...(pathScope && { pathScope: [...pathScope] }),\n };\n\n return this.sign(payload);\n }\n\n /**\n * Verifies a capability token and consumes the nonce (single-use).\n */\n verify(token: string): TokenVerificationResult {\n // 1. Parse and verify signature\n const parsed = this.parseAndVerify(token);\n if (!parsed.valid || !parsed.payload) {\n return parsed;\n }\n\n const payload = parsed.payload;\n\n // 2. Check expiration\n const now = Math.floor(Date.now() / 1000);\n if (payload.exp <= now) {\n return { valid: false, reason: 'Token expired' };\n }\n\n // 3. Check if revoked\n if (this.revokedTokens.has(payload.jti)) {\n return { valid: false, reason: 'Token has been revoked' };\n }\n\n // 4. Check if already used (single-use)\n if (this.usedNonces.has(payload.jti)) {\n return { valid: false, reason: 'Token already used (replay detected)' };\n }\n\n // 5. Consume nonce\n this.usedNonces.add(payload.jti);\n\n return { valid: true, payload };\n }\n\n /**\n * Revokes a token by its ID.\n */\n revoke(jti: string): void {\n this.revokedTokens.add(jti);\n }\n\n /**\n * Checks if a token ID has been revoked.\n */\n isRevoked(jti: string): boolean {\n return this.revokedTokens.has(jti);\n }\n\n // --- Internal helpers ---\n\n private sign(payload: CapabilityToken): string {\n const header = base64UrlEncode(JSON.stringify({ alg: TOKEN_ALGORITHM, typ: 'JWT' }));\n const body = base64UrlEncode(JSON.stringify(payload));\n const signature = this.computeSignature(`${header}.${body}`);\n return `${header}.${body}.${signature}`;\n }\n\n private parseAndVerify(token: string): TokenVerificationResult {\n const parts = token.split('.');\n if (parts.length !== 3) {\n return { valid: false, reason: 'Invalid token format' };\n }\n\n const [header, body, signature] = parts as [string, string, string];\n const expectedSignature = this.computeSignature(`${header}.${body}`);\n\n if (signature !== expectedSignature) {\n return { valid: false, reason: 'Invalid token signature' };\n }\n\n try {\n const payload = JSON.parse(base64UrlDecode(body)) as CapabilityToken;\n return { valid: true, payload };\n } catch {\n return { valid: false, reason: 'Invalid token payload' };\n }\n }\n\n private computeSignature(data: string): string {\n return base64UrlEncode(\n createHmac('sha256', this.secret).update(data).digest('base64'),\n );\n }\n}\n\nfunction base64UrlEncode(str: string): string {\n return Buffer.from(str)\n .toString('base64')\n .replace(/\\+/g, '-')\n .replace(/\\//g, '_')\n .replace(/=+$/, '');\n}\n\nfunction base64UrlDecode(str: string): string {\n const padded = str + '='.repeat((4 - (str.length % 4)) % 4);\n return Buffer.from(padded.replace(/-/g, '+').replace(/_/g, '/'), 'base64').toString();\n}\n","import { createHmac, randomUUID } from 'node:crypto';\nimport type { McpCallToolParams } from '@solongate/core';\n\n/**\n * A signed MCP request that includes capability token and integrity signature.\n * Requests without valid gateway signature should be rejected by MCP servers.\n */\nexport interface SignedMcpRequest {\n readonly params: McpCallToolParams;\n readonly capabilityToken: string;\n readonly signature: string;\n readonly timestamp: string;\n readonly nonce: string;\n}\n\n/**\n * Result of validating a signed request.\n */\nexport interface SignatureValidationResult {\n readonly valid: boolean;\n readonly reason?: string;\n}\n\n/**\n * Signs and verifies MCP requests to ensure they originate from the gateway.\n *\n * Security properties:\n * - HMAC-SHA256 signature of request params + token\n * - Timestamp to prevent old request replays\n * - Nonce for uniqueness\n * - Configurable max age for timestamp validation\n */\nexport class ServerVerifier {\n private readonly gatewaySecret: string;\n private readonly maxAgeMs: number;\n private readonly usedNonces = new Set<string>();\n\n constructor(config: {\n gatewaySecret: string;\n maxAgeMs?: number;\n }) {\n if (config.gatewaySecret.length < 32) {\n throw new Error('Gateway secret must be at least 32 characters');\n }\n this.gatewaySecret = config.gatewaySecret;\n this.maxAgeMs = config.maxAgeMs ?? 60_000; // 1 minute default\n }\n\n /**\n * Computes HMAC signature for request data.\n */\n signRequest(params: McpCallToolParams, capabilityToken: string): string {\n const data = JSON.stringify({ params, capabilityToken });\n return createHmac('sha256', this.gatewaySecret)\n .update(data)\n .digest('hex');\n }\n\n /**\n * Verifies the HMAC signature of request data.\n */\n verifySignature(\n params: McpCallToolParams,\n capabilityToken: string,\n signature: string,\n ): boolean {\n const expected = this.signRequest(params, capabilityToken);\n // Constant-time comparison to prevent timing attacks\n if (expected.length !== signature.length) return false;\n let result = 0;\n for (let i = 0; i < expected.length; i++) {\n result |= expected.charCodeAt(i) ^ signature.charCodeAt(i);\n }\n return result === 0;\n }\n\n /**\n * Creates a complete signed request including timestamp and nonce.\n */\n createSignedRequest(\n params: McpCallToolParams,\n capabilityToken: string,\n ): SignedMcpRequest {\n const timestamp = new Date().toISOString();\n const nonce = randomUUID();\n const signature = this.signRequest(params, capabilityToken);\n\n return {\n params,\n capabilityToken,\n signature,\n timestamp,\n nonce,\n };\n }\n\n /**\n * Validates a complete signed request including timestamp, nonce, and signature.\n */\n validateSignedRequest(request: SignedMcpRequest): SignatureValidationResult {\n // 1. Check timestamp freshness\n const requestTime = new Date(request.timestamp).getTime();\n const now = Date.now();\n if (isNaN(requestTime)) {\n return { valid: false, reason: 'Invalid timestamp' };\n }\n if (now - requestTime > this.maxAgeMs) {\n return { valid: false, reason: 'Request too old' };\n }\n if (requestTime > now + 30_000) {\n return { valid: false, reason: 'Request timestamp in the future' };\n }\n\n // 2. Check nonce uniqueness\n if (this.usedNonces.has(request.nonce)) {\n return { valid: false, reason: 'Duplicate nonce (replay detected)' };\n }\n\n // 3. Verify signature\n if (!this.verifySignature(request.params, request.capabilityToken, request.signature)) {\n return { valid: false, reason: 'Invalid signature' };\n }\n\n // 4. Mark nonce as used\n this.usedNonces.add(request.nonce);\n\n return { valid: true };\n }\n}\n","import { RATE_LIMIT_WINDOW_MS, RATE_LIMIT_MAX_ENTRIES } from '@solongate/core';\n\n/**\n * Result of a rate limit check.\n */\nexport interface RateLimitResult {\n readonly allowed: boolean;\n readonly remaining: number;\n readonly resetAt: number;\n}\n\n/**\n * Record of a single tool call for rate tracking.\n */\ninterface CallRecord {\n readonly timestamp: number;\n}\n\n/**\n * Sliding window rate limiter for tool calls.\n *\n * Tracks per-tool and global call rates using an in-memory sliding window.\n * Window size defaults to 1 minute.\n */\nexport class RateLimiter {\n private readonly windowMs: number;\n private readonly records = new Map<string, CallRecord[]>();\n private globalRecords: CallRecord[] = [];\n\n constructor(options?: { windowMs?: number }) {\n this.windowMs = options?.windowMs ?? RATE_LIMIT_WINDOW_MS;\n }\n\n /**\n * Checks if a tool call is within the rate limit.\n * Does NOT record the call - use recordCall() after successful execution.\n */\n checkLimit(\n toolName: string,\n limitPerWindow: number,\n ): RateLimitResult {\n const now = Date.now();\n const windowStart = now - this.windowMs;\n\n const records = this.getActiveRecords(toolName, windowStart);\n const count = records.length;\n const allowed = count < limitPerWindow;\n const remaining = Math.max(0, limitPerWindow - count);\n const resetAt = records.length > 0\n ? records[0]!.timestamp + this.windowMs\n : now + this.windowMs;\n\n return { allowed, remaining, resetAt };\n }\n\n /**\n * Checks the global rate limit across all tools.\n */\n checkGlobalLimit(limitPerWindow: number): RateLimitResult {\n const now = Date.now();\n const windowStart = now - this.windowMs;\n\n this.globalRecords = this.globalRecords.filter(\n (r) => r.timestamp > windowStart,\n );\n const count = this.globalRecords.length;\n const allowed = count < limitPerWindow;\n const remaining = Math.max(0, limitPerWindow - count);\n const resetAt = this.globalRecords.length > 0\n ? this.globalRecords[0]!.timestamp + this.windowMs\n : now + this.windowMs;\n\n return { allowed, remaining, resetAt };\n }\n\n /**\n * Atomically checks and records a tool call.\n * Prevents TOCTOU race conditions between check and record.\n * Returns the rate limit result; if allowed, the call is already recorded.\n */\n checkAndRecord(\n toolName: string,\n limitPerWindow: number,\n globalLimit?: number,\n ): RateLimitResult {\n // Check per-tool limit\n const result = this.checkLimit(toolName, limitPerWindow);\n if (!result.allowed) {\n return result;\n }\n\n // Check global limit if provided\n if (globalLimit !== undefined) {\n const globalResult = this.checkGlobalLimit(globalLimit);\n if (!globalResult.allowed) {\n return globalResult;\n }\n }\n\n // Atomically record since we've confirmed it's allowed\n this.recordCall(toolName);\n return result;\n }\n\n /**\n * Records a tool call for rate limiting.\n * Call this after successful execution.\n */\n recordCall(toolName: string): void {\n const now = Date.now();\n const record: CallRecord = { timestamp: now };\n\n // Per-tool tracking\n const records = this.records.get(toolName) ?? [];\n records.push(record);\n\n // Cleanup old entries to prevent unbounded growth\n if (records.length > RATE_LIMIT_MAX_ENTRIES) {\n const windowStart = now - this.windowMs;\n const cleaned = records.filter((r) => r.timestamp > windowStart);\n this.records.set(toolName, cleaned);\n } else {\n this.records.set(toolName, records);\n }\n\n // Global tracking\n this.globalRecords.push(record);\n if (this.globalRecords.length > RATE_LIMIT_MAX_ENTRIES) {\n const windowStart = now - this.windowMs;\n this.globalRecords = this.globalRecords.filter(\n (r) => r.timestamp > windowStart,\n );\n }\n }\n\n /**\n * Gets usage stats for a tool.\n */\n getUsage(toolName: string): { count: number; windowStart: number } {\n const now = Date.now();\n const windowStart = now - this.windowMs;\n const records = this.getActiveRecords(toolName, windowStart);\n return { count: records.length, windowStart };\n }\n\n /**\n * Resets rate tracking for a specific tool.\n */\n resetTool(toolName: string): void {\n this.records.delete(toolName);\n }\n\n /**\n * Resets all rate tracking.\n */\n resetAll(): void {\n this.records.clear();\n this.globalRecords = [];\n }\n\n private getActiveRecords(\n toolName: string,\n windowStart: number,\n ): CallRecord[] {\n const records = this.records.get(toolName) ?? [];\n const active = records.filter((r) => r.timestamp > windowStart);\n\n // Update stored records to remove expired entries\n if (active.length !== records.length) {\n this.records.set(toolName, active);\n }\n\n return active;\n }\n}\n","import type { PolicySet, McpCallToolParams, McpCallToolResult } from '@solongate/core';\nimport { TOKEN_ALGORITHM } from '@solongate/core';\nimport { PolicyEngine, PolicyStore } from '@solongate/policy-engine';\nimport { resolveConfig, type SolonGateConfig } from './config.js';\nimport { interceptToolCall } from './interceptor.js';\nimport { SecurityLogger } from './logger.js';\nimport { TokenIssuer } from './token-issuer.js';\nimport { ServerVerifier } from './server-verifier.js';\nimport { RateLimiter } from './rate-limiter.js';\n\n/**\n * Error thrown when a valid SolonGate license (API key) is missing or invalid.\n */\nexport class LicenseError extends Error {\n constructor(message: string) {\n super(\n `${message}\\n` +\n ' Get your API key at https://solongate.com\\n' +\n \" Usage: new SolonGate({ name: '...', apiKey: 'sg_live_xxx' })\",\n );\n this.name = 'LicenseError';\n }\n}\n\n/**\n * SolonGate - Security Gateway for MCP Tool Servers.\n *\n * Requires a valid API key. Get one at https://solongate.com\n *\n * Usage:\n * ```typescript\n * const gate = new SolonGate({ name: 'my-gateway', apiKey: 'sg_live_xxx' });\n *\n * // Intercept a tool call\n * const result = await gate.executeToolCall(\n * { name: 'file.read', arguments: { path: '/etc/passwd' } },\n * async (params) => upstreamMcpServer.callTool(params),\n * );\n * ```\n *\n * Architecture:\n * [LLM] -> [SolonGate.executeToolCall] -> [Security Pipeline] -> [Upstream MCP Server]\n *\n * Pipeline:\n * Rate Limit → Input Guard → Policy Eval → Token Issue → Sign → Call → Audit\n */\nexport class SolonGate {\n private readonly policyEngine: PolicyEngine;\n private readonly config: SolonGateConfig;\n private readonly logger: SecurityLogger;\n private readonly configWarnings: string[];\n private readonly tokenIssuer: TokenIssuer | null;\n private readonly serverVerifier: ServerVerifier | null;\n private readonly rateLimiter: RateLimiter;\n private readonly apiKey: string;\n private licenseValidated = false;\n\n constructor(options: {\n name: string;\n version?: string;\n apiKey?: string;\n config?: Partial<SolonGateConfig>;\n policySet?: PolicySet;\n }) {\n // License gate: require a valid API key\n const apiKey = options.apiKey || process.env.SOLONGATE_API_KEY || '';\n if (!apiKey) {\n throw new LicenseError('A valid SolonGate API key is required.');\n }\n if (!apiKey.startsWith('sg_live_') && !apiKey.startsWith('sg_test_')) {\n throw new LicenseError(\n \"Invalid API key format. Keys must start with 'sg_live_' or 'sg_test_'.\",\n );\n }\n this.apiKey = apiKey;\n\n const { config, warnings } = resolveConfig(options.config);\n this.config = config;\n this.configWarnings = warnings;\n\n this.logger = new SecurityLogger({\n level: config.logLevel,\n enabled: config.enableLogging,\n });\n\n for (const warning of warnings) {\n console.warn(`[SolonGate] WARNING: ${warning}`);\n }\n\n // Initialize PolicyEngine with optional versioned store\n const store = config.enableVersionedPolicies ? new PolicyStore() : undefined;\n this.policyEngine = new PolicyEngine({\n policySet: options.policySet ?? config.policySet,\n timeoutMs: config.evaluationTimeoutMs,\n store,\n });\n\n // Initialize TokenIssuer if secret is provided\n this.tokenIssuer = config.tokenSecret\n ? new TokenIssuer({\n secret: config.tokenSecret,\n ttlSeconds: config.tokenTtlSeconds,\n algorithm: TOKEN_ALGORITHM,\n issuer: config.tokenIssuer ?? options.name,\n })\n : null;\n\n // Initialize ServerVerifier if gateway secret is provided\n this.serverVerifier = config.gatewaySecret\n ? new ServerVerifier({ gatewaySecret: config.gatewaySecret })\n : null;\n\n // Always initialize rate limiter\n this.rateLimiter = new RateLimiter();\n }\n\n /**\n * Validate the API key against the SolonGate cloud API.\n * Called once on first executeToolCall. Throws LicenseError if invalid.\n * Test keys (sg_test_) skip online validation.\n */\n private async validateLicense(): Promise<void> {\n if (this.licenseValidated) return;\n\n // Test keys skip online validation (for unit tests and local dev)\n if (this.apiKey.startsWith('sg_test_')) {\n this.licenseValidated = true;\n return;\n }\n\n const apiUrl = this.config.apiUrl ?? 'https://api.solongate.com';\n try {\n const res = await fetch(`${apiUrl}/api/v1/auth/me`, {\n headers: {\n 'X-API-Key': this.apiKey,\n 'Authorization': `Bearer ${this.apiKey}`,\n },\n signal: AbortSignal.timeout(10_000),\n });\n\n if (res.status === 401) {\n throw new LicenseError('Invalid or expired API key.');\n }\n if (res.status === 403) {\n throw new LicenseError('Your subscription is inactive. Renew at https://solongate.com');\n }\n\n this.licenseValidated = true;\n } catch (err) {\n if (err instanceof LicenseError) throw err;\n throw new LicenseError(\n 'Unable to reach SolonGate license server. Check your internet connection.',\n );\n }\n }\n\n /**\n * Intercept and evaluate a tool call against the full security pipeline.\n * If denied at any stage, returns an error result without calling upstream.\n * If allowed, calls upstream and returns the result.\n */\n async executeToolCall(\n params: McpCallToolParams,\n upstreamCall: (params: McpCallToolParams) => Promise<McpCallToolResult>,\n ): Promise<McpCallToolResult> {\n // Validate license on first call\n await this.validateLicense();\n\n return interceptToolCall(params, upstreamCall, {\n policyEngine: this.policyEngine,\n validateSchemas: this.config.validateSchemas,\n verboseErrors: this.config.verboseErrors,\n onDecision: (result) => this.logger.logDecision(result),\n tokenIssuer: this.tokenIssuer ?? undefined,\n serverVerifier: this.serverVerifier ?? undefined,\n rateLimiter: this.rateLimiter,\n inputGuardConfig: this.config.inputGuardConfig,\n rateLimitPerTool: this.config.rateLimitPerTool,\n globalRateLimitPerMinute: this.config.globalRateLimitPerMinute,\n });\n }\n\n /** Load a new policy set at runtime. */\n loadPolicy(\n policySet: PolicySet,\n options?: { reason?: string; createdBy?: string },\n ) {\n return this.policyEngine.loadPolicySet(policySet, options);\n }\n\n /** Get current security warnings. */\n getWarnings(): readonly string[] {\n return [\n ...this.configWarnings,\n ...this.policyEngine.getSecurityWarnings().map((w) => `[${w.level}] ${w.message}`),\n ];\n }\n\n /** Get the policy engine for direct access. */\n getPolicyEngine(): PolicyEngine {\n return this.policyEngine;\n }\n\n /** Get the rate limiter for direct access. */\n getRateLimiter(): RateLimiter {\n return this.rateLimiter;\n }\n\n /** Get the token issuer (null if not configured). */\n getTokenIssuer(): TokenIssuer | null {\n return this.tokenIssuer;\n }\n}\n","/**\n * SecureMcpServer — Drop-in replacement for McpServer with SolonGate protection.\n *\n * Extends the standard McpServer and automatically wraps every tool handler\n * with SolonGate's security pipeline (rate limiting, input guard, policy eval,\n * audit logging). No manual wrapping of individual tool handlers needed.\n *\n * Usage:\n * ```typescript\n * import { SecureMcpServer } from '@solongate/sdk';\n *\n * // Just replace `new McpServer(...)` with `new SecureMcpServer(...)`\n * const server = new SecureMcpServer({\n * name: 'my-server',\n * version: '1.0.0',\n * });\n *\n * // Register tools as normal — they're automatically protected\n * server.tool('file_read', { path: z.string() }, async ({ path }) => {\n * return { content: [{ type: 'text', text: readFileSync(path, 'utf-8') }] };\n * });\n *\n * // API key comes from env: SOLONGATE_API_KEY=sg_live_xxx\n * ```\n */\n\nimport { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';\nimport type { Implementation } from '@modelcontextprotocol/sdk/types.js';\nimport type { PolicySet, McpCallToolResult } from '@solongate/core';\nimport { SolonGate } from './solongate.js';\nimport type { SolonGateConfig } from './config.js';\n\n/**\n * Options for SecureMcpServer that control SolonGate behavior.\n */\nexport interface SecureMcpServerOptions {\n /** SolonGate Cloud API key. Defaults to process.env.SOLONGATE_API_KEY */\n apiKey?: string;\n /** Policy set to enforce. If omitted, uses cloud policy or default. */\n policySet?: PolicySet;\n /** SolonGate configuration overrides. */\n config?: Partial<SolonGateConfig>;\n}\n\nexport class SecureMcpServer extends McpServer {\n private readonly gate: SolonGate;\n\n /**\n * Create a secure MCP server.\n *\n * @param serverInfo - MCP server info (name, version)\n * @param solongateOptions - SolonGate security options\n * @param mcpOptions - Standard McpServer options (capabilities, etc.)\n */\n constructor(\n serverInfo: Implementation,\n solongateOptions?: SecureMcpServerOptions,\n mcpOptions?: ConstructorParameters<typeof McpServer>[1],\n ) {\n super(serverInfo, mcpOptions);\n\n this.gate = new SolonGate({\n name: serverInfo.name,\n version: serverInfo.version,\n apiKey: solongateOptions?.apiKey,\n policySet: solongateOptions?.policySet,\n config: solongateOptions?.config,\n });\n\n const warnings = this.gate.getWarnings();\n for (const w of warnings) {\n console.warn(`[SolonGate] ${w}`);\n }\n }\n\n /**\n * Override tool() to auto-wrap handlers with SolonGate security pipeline.\n *\n * Supports all McpServer.tool() overloads — the handler (always the last\n * argument) is transparently wrapped. Tool name, description, schema, and\n * annotations pass through unchanged.\n */\n override tool(name: string, ...rest: unknown[]): ReturnType<McpServer['tool']> {\n const handler = rest[rest.length - 1];\n if (typeof handler !== 'function') {\n // Not a handler — pass through unchanged\n return (super.tool as Function).call(this, name, ...rest);\n }\n\n const toolName = name;\n const gate = this.gate;\n\n rest[rest.length - 1] = async (...callArgs: unknown[]) => {\n // Extract tool arguments for policy evaluation.\n // Schema-based tools: callArgs = [parsedArgs, extra]\n // Zero-arg tools: callArgs = [extra]\n const toolArgs =\n callArgs.length > 1 &&\n typeof callArgs[0] === 'object' &&\n callArgs[0] !== null\n ? (callArgs[0] as Record<string, unknown>)\n : {};\n\n const result = await gate.executeToolCall(\n { name: toolName, arguments: toolArgs },\n async () => (handler as Function)(...callArgs) as Promise<McpCallToolResult>,\n );\n\n // Bridge McpCallToolResult (readonly content) to CallToolResult (mutable content)\n return { ...result, content: [...result.content] };\n };\n\n return (super.tool as Function).call(this, name, ...rest);\n }\n\n /**\n * Override registerTool() to auto-wrap handlers with SolonGate security pipeline.\n *\n * This is the modern (non-deprecated) API for registering tools.\n */\n override registerTool(\n name: string,\n config: Parameters<McpServer['registerTool']>[1],\n cb: unknown,\n ): ReturnType<McpServer['registerTool']> {\n if (typeof cb !== 'function') {\n return (super.registerTool as Function).call(this, name, config, cb);\n }\n\n const toolName = name;\n const gate = this.gate;\n\n const wrappedCb = async (...callArgs: unknown[]) => {\n const toolArgs =\n callArgs.length > 1 &&\n typeof callArgs[0] === 'object' &&\n callArgs[0] !== null\n ? (callArgs[0] as Record<string, unknown>)\n : {};\n\n const result = await gate.executeToolCall(\n { name: toolName, arguments: toolArgs },\n async () => (cb as Function)(...callArgs) as Promise<McpCallToolResult>,\n );\n\n return { ...result, content: [...result.content] };\n };\n\n return (super.registerTool as Function).call(this, name, config, wrappedCb);\n }\n\n /** Get the underlying SolonGate instance for direct access. */\n getSolonGate(): SolonGate {\n return this.gate;\n }\n}\n","/**\n * SolonGate API Client for TypeScript/JavaScript\n *\n * Provides cloud-based security management with API keys.\n *\n * @example\n * ```typescript\n * import { SolonGateAPI } from '@solongate/sdk';\n *\n * const api = new SolonGateAPI({ apiKey: 'sg_live_xxx' });\n *\n * const result = await api.validate('file.read', { path: '/home/user/doc.txt' });\n * if (result.allowed) {\n * console.log('Allowed! Token:', result.token);\n * }\n * ```\n */\n\nimport { TrustLevel, PolicyEffect, type PolicySet, type PolicyDecision } from '@solongate/core';\n\n// Constants\nconst DEFAULT_API_URL = 'https://api.solongate.com';\nconst API_VERSION = 'v1';\nconst SDK_VERSION = '0.2.0';\n\n// Types\nexport interface APIConfig {\n apiKey: string;\n apiUrl?: string;\n timeout?: number;\n maxRetries?: number;\n}\n\nexport interface ValidationRequest {\n tool: string;\n arguments: Record<string, unknown>;\n trustLevel?: TrustLevel;\n includeToken?: boolean;\n}\n\nexport interface ValidationResult {\n allowed: boolean;\n tool: string;\n decision?: PolicyDecision;\n token?: string;\n tokenExpiresAt?: number;\n requestId?: string;\n latencyMs?: number;\n}\n\nexport interface TokenResult {\n token: string;\n tool: string;\n scope: string;\n expiresAt: string;\n nonce: string;\n}\n\nexport interface Tool {\n id: string;\n name: string;\n description: string;\n inputSchema?: Record<string, unknown>;\n permissions: string[];\n enabled: boolean;\n createdAt: string;\n updatedAt: string;\n}\n\n// Errors\nexport class APIError extends Error {\n constructor(\n message: string,\n public readonly statusCode?: number,\n public readonly requestId?: string,\n public readonly code: string = 'API_ERROR',\n ) {\n super(message);\n this.name = 'APIError';\n }\n}\n\nexport class AuthenticationError extends APIError {\n constructor(message = 'Invalid API key') {\n super(message, 401, undefined, 'AUTHENTICATION_ERROR');\n this.name = 'AuthenticationError';\n }\n}\n\nexport class RateLimitError extends APIError {\n constructor(\n message: string,\n public readonly retryAfter?: number,\n ) {\n super(message, 429, undefined, 'RATE_LIMIT_ERROR');\n this.name = 'RateLimitError';\n }\n}\n\n// Resource classes\nclass PoliciesResource {\n constructor(private client: SolonGateAPI) {}\n\n async get(policyId = 'default', version?: number): Promise<PolicySet> {\n const params = version ? `?version=${version}` : '';\n return this.client.request('GET', `/policies/${policyId}${params}`);\n }\n\n async list(): Promise<{ policies: Array<{ id: string; name: string; version: number }> }> {\n return this.client.request('GET', '/policies');\n }\n\n async create(policy: PolicySet): Promise<PolicySet> {\n return this.client.request('POST', '/policies', policy);\n }\n\n async update(policyId: string, policy: PolicySet): Promise<PolicySet> {\n return this.client.request('PUT', `/policies/${policyId}`, policy);\n }\n}\n\nclass TokensResource {\n constructor(private client: SolonGateAPI) {}\n\n async create(tool: string, scope?: string, ttlSeconds = 30): Promise<TokenResult> {\n const response = await this.client.request<{\n token: string;\n tool: string;\n scope: string;\n expires_at: string;\n nonce: string;\n }>('POST', '/tokens', {\n tool,\n scope: scope || `EXECUTE:${tool}`,\n ttl_seconds: ttlSeconds,\n });\n\n return {\n token: response.token,\n tool: response.tool,\n scope: response.scope,\n expiresAt: response.expires_at,\n nonce: response.nonce,\n };\n }\n\n async verify(token: string): Promise<{ valid: boolean; error?: string; tool?: string; scope?: string }> {\n return this.client.request('POST', '/tokens/verify', { token });\n }\n}\n\nclass ToolsResource {\n constructor(private client: SolonGateAPI) {}\n\n async list(): Promise<{ tools: Tool[] }> {\n return this.client.request('GET', '/tools');\n }\n\n async get(name: string): Promise<Tool> {\n return this.client.request('GET', `/tools/${name}`);\n }\n\n async register(\n name: string,\n description: string,\n inputSchema?: Record<string, unknown>,\n permissions: string[] = ['READ'],\n ): Promise<Tool> {\n return this.client.request('POST', '/tools', {\n name,\n description,\n input_schema: inputSchema,\n permissions,\n });\n }\n\n async update(name: string, data: Partial<Tool>): Promise<Tool> {\n return this.client.request('PUT', `/tools/${name}`, data);\n }\n\n async delete(name: string): Promise<{ deleted: boolean }> {\n return this.client.request('DELETE', `/tools/${name}`);\n }\n}\n\n// Main API Client\nexport class SolonGateAPI {\n private readonly apiKey: string;\n private readonly apiUrl: string;\n private readonly timeout: number;\n private readonly maxRetries: number;\n\n public readonly policies: PoliciesResource;\n public readonly tokens: TokensResource;\n public readonly tools: ToolsResource;\n\n constructor(config: APIConfig | string) {\n // Allow passing just the API key as a string\n if (typeof config === 'string') {\n config = { apiKey: config };\n }\n\n // Get API key from config or environment\n this.apiKey = config.apiKey || (typeof process !== 'undefined' ? process.env.SOLONGATE_API_KEY : '') || '';\n\n if (!this.apiKey) {\n throw new AuthenticationError(\n 'API key is required. Provide apiKey in config or set SOLONGATE_API_KEY environment variable.',\n );\n }\n\n // Validate API key format\n if (!this.apiKey.startsWith('sg_live_') && !this.apiKey.startsWith('sg_test_')) {\n throw new AuthenticationError(\n \"Invalid API key format. Keys should start with 'sg_live_' or 'sg_test_'\",\n );\n }\n\n this.apiUrl = config.apiUrl || DEFAULT_API_URL;\n this.timeout = config.timeout || 30000;\n this.maxRetries = config.maxRetries || 3;\n\n // Initialize resources\n this.policies = new PoliciesResource(this);\n this.tokens = new TokensResource(this);\n this.tools = new ToolsResource(this);\n }\n\n /**\n * Make an API request.\n * @internal\n */\n async request<T>(method: string, path: string, body?: unknown): Promise<T> {\n const url = `${this.apiUrl}/api/${API_VERSION}${path}`;\n let lastError: Error | undefined;\n\n for (let attempt = 0; attempt < this.maxRetries; attempt++) {\n try {\n const controller = new AbortController();\n const timeoutId = setTimeout(() => controller.abort(), this.timeout);\n\n const response = await fetch(url, {\n method,\n headers: {\n 'X-API-Key': this.apiKey,\n 'Authorization': `Bearer ${this.apiKey}`,\n 'Content-Type': 'application/json',\n 'User-Agent': `solongate-js/${SDK_VERSION}`,\n },\n body: body ? JSON.stringify(body) : undefined,\n signal: controller.signal,\n });\n\n clearTimeout(timeoutId);\n\n if (response.status === 429) {\n const retryAfter = parseInt(response.headers.get('Retry-After') || '1');\n await new Promise((resolve) => setTimeout(resolve, retryAfter * 1000));\n continue;\n }\n\n if (response.status === 401) {\n throw new AuthenticationError('Invalid API key');\n }\n\n if (!response.ok) {\n const errorData = (await response.json().catch(() => ({}))) as Record<string, any>;\n throw new APIError(\n errorData.error?.message || 'Unknown error',\n response.status,\n response.headers.get('X-Request-Id') || undefined,\n );\n }\n\n return (await response.json()) as T;\n } catch (error) {\n if (error instanceof APIError || error instanceof AuthenticationError) {\n throw error;\n }\n lastError = error as Error;\n }\n }\n\n throw new APIError(lastError?.message || 'Request failed');\n }\n\n /**\n * Validate a tool call against policies.\n *\n * @example\n * ```typescript\n * const result = await api.validate('file.read', { path: '/home/user/doc.txt' });\n * if (result.allowed) {\n * // Proceed with the tool call\n * }\n * ```\n */\n async validate(\n tool: string,\n args: Record<string, unknown>,\n options: {\n trustLevel?: TrustLevel;\n includeToken?: boolean;\n } = {},\n ): Promise<ValidationResult> {\n const startTime = performance.now();\n\n const response = await this.request<{\n allowed: boolean;\n decision?: {\n effect: string;\n matched_rule?: unknown;\n reason: string;\n evaluated_at: string;\n };\n token?: string;\n token_expires_at?: number;\n request_id?: string;\n }>('POST', '/validate', {\n tool,\n arguments: args,\n trust_level: options.trustLevel || TrustLevel.VERIFIED,\n include_token: options.includeToken !== false,\n });\n\n const latencyMs = performance.now() - startTime;\n\n return {\n allowed: response.allowed,\n tool,\n decision: response.decision\n ? {\n effect: response.decision.effect as PolicyEffect,\n matchedRule: response.decision.matched_rule as any,\n reason: response.decision.reason,\n timestamp: response.decision.evaluated_at,\n evaluationTimeMs: 0,\n }\n : undefined,\n token: response.token,\n tokenExpiresAt: response.token_expires_at,\n requestId: response.request_id,\n latencyMs,\n };\n }\n\n /**\n * Check if using live (production) API key.\n */\n isLiveMode(): boolean {\n return this.apiKey.startsWith('sg_live_');\n }\n\n /**\n * Check if using test (development) API key.\n */\n isTestMode(): boolean {\n return this.apiKey.startsWith('sg_test_');\n }\n}\n\n// Default export\nexport default SolonGateAPI;\n"]}
|
package/package.json
ADDED
|
@@ -0,0 +1,40 @@
|
|
|
1
|
+
{
|
|
2
|
+
"name": "@solongate/sdk",
|
|
3
|
+
"version": "0.1.1",
|
|
4
|
+
"type": "module",
|
|
5
|
+
"main": "./dist/index.js",
|
|
6
|
+
"module": "./dist/index.js",
|
|
7
|
+
"types": "./dist/index.d.ts",
|
|
8
|
+
"exports": {
|
|
9
|
+
".": {
|
|
10
|
+
"types": "./dist/index.d.ts",
|
|
11
|
+
"import": "./dist/index.js"
|
|
12
|
+
}
|
|
13
|
+
},
|
|
14
|
+
"files": [
|
|
15
|
+
"dist"
|
|
16
|
+
],
|
|
17
|
+
"scripts": {
|
|
18
|
+
"build": "tsup",
|
|
19
|
+
"dev": "tsup --watch",
|
|
20
|
+
"test": "vitest run",
|
|
21
|
+
"test:watch": "vitest",
|
|
22
|
+
"typecheck": "tsc --noEmit",
|
|
23
|
+
"clean": "rm -rf dist .turbo"
|
|
24
|
+
},
|
|
25
|
+
"dependencies": {
|
|
26
|
+
"@modelcontextprotocol/sdk": "^1.26.0",
|
|
27
|
+
"@solongate/core": "workspace:*",
|
|
28
|
+
"@solongate/policy-engine": "workspace:*",
|
|
29
|
+
"zod": "^3.25.0"
|
|
30
|
+
},
|
|
31
|
+
"devDependencies": {
|
|
32
|
+
"@solongate/tsconfig": "workspace:*",
|
|
33
|
+
"tsup": "^8.3.0",
|
|
34
|
+
"typescript": "^5.7.0",
|
|
35
|
+
"vitest": "^2.1.0"
|
|
36
|
+
},
|
|
37
|
+
"peerDependencies": {
|
|
38
|
+
"@modelcontextprotocol/sdk": ">=1.0.0"
|
|
39
|
+
}
|
|
40
|
+
}
|