@sovr/engine 1.2.0 → 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/dist/index.d.mts +24 -2
  2. package/dist/index.d.ts +24 -2
  3. package/dist/index.js +61 -0
  4. package/dist/index.mjs +61 -0
  5. package/package.json +1 -1
package/dist/index.d.mts CHANGED
@@ -179,12 +179,34 @@ declare const DEFAULT_RULES: PolicyRule[];
179
179
  * }
180
180
  * ```
181
181
  */
182
+ type EngineTier = 'free' | 'personal' | 'starter' | 'pro' | 'enterprise';
183
+ interface EngineTierLimits {
184
+ evaluationsPerMonth: number;
185
+ irreversibleAllowsPerMonth: number;
186
+ }
182
187
  declare class PolicyEngine {
183
188
  private rules;
184
189
  private defaultVerdict;
185
190
  private auditLog;
186
191
  private onAudit?;
187
- constructor(config: EngineConfig);
192
+ private _tier;
193
+ private _usage;
194
+ constructor(config: EngineConfig & {
195
+ tier?: EngineTier;
196
+ });
197
+ /** Set the current tier (e.g., after API key verification) */
198
+ setTier(tier: EngineTier): void;
199
+ /** Get current tier */
200
+ get tier(): EngineTier;
201
+ /** Get tier limits */
202
+ get tierLimits(): EngineTierLimits;
203
+ /** Get current usage */
204
+ get usage(): {
205
+ evaluations: number;
206
+ irreversibleAllows: number;
207
+ monthKey: string;
208
+ };
209
+ private _resetMonthIfNeeded;
188
210
  /**
189
211
  * Evaluate an action against the policy rules.
190
212
  * Returns a decision with verdict, risk score, and matched rules.
@@ -215,4 +237,4 @@ declare class PolicyEngine {
215
237
  }): void;
216
238
  }
217
239
 
218
- export { type AuditEvent, type Channel, DEFAULT_RULES, type EngineConfig, type EvalRequest, type EvalResult, type ExecContext, type HttpContext, type McpContext, PolicyEngine, type PolicyRule, type RiskLevel, type RuleCondition, type SqlContext, type Verdict, PolicyEngine as default };
240
+ export { type AuditEvent, type Channel, DEFAULT_RULES, type EngineConfig, type EngineTier, type EngineTierLimits, type EvalRequest, type EvalResult, type ExecContext, type HttpContext, type McpContext, PolicyEngine, type PolicyRule, type RiskLevel, type RuleCondition, type SqlContext, type Verdict, PolicyEngine as default };
package/dist/index.d.ts CHANGED
@@ -179,12 +179,34 @@ declare const DEFAULT_RULES: PolicyRule[];
179
179
  * }
180
180
  * ```
181
181
  */
182
+ type EngineTier = 'free' | 'personal' | 'starter' | 'pro' | 'enterprise';
183
+ interface EngineTierLimits {
184
+ evaluationsPerMonth: number;
185
+ irreversibleAllowsPerMonth: number;
186
+ }
182
187
  declare class PolicyEngine {
183
188
  private rules;
184
189
  private defaultVerdict;
185
190
  private auditLog;
186
191
  private onAudit?;
187
- constructor(config: EngineConfig);
192
+ private _tier;
193
+ private _usage;
194
+ constructor(config: EngineConfig & {
195
+ tier?: EngineTier;
196
+ });
197
+ /** Set the current tier (e.g., after API key verification) */
198
+ setTier(tier: EngineTier): void;
199
+ /** Get current tier */
200
+ get tier(): EngineTier;
201
+ /** Get tier limits */
202
+ get tierLimits(): EngineTierLimits;
203
+ /** Get current usage */
204
+ get usage(): {
205
+ evaluations: number;
206
+ irreversibleAllows: number;
207
+ monthKey: string;
208
+ };
209
+ private _resetMonthIfNeeded;
188
210
  /**
189
211
  * Evaluate an action against the policy rules.
190
212
  * Returns a decision with verdict, risk score, and matched rules.
@@ -215,4 +237,4 @@ declare class PolicyEngine {
215
237
  }): void;
216
238
  }
217
239
 
218
- export { type AuditEvent, type Channel, DEFAULT_RULES, type EngineConfig, type EvalRequest, type EvalResult, type ExecContext, type HttpContext, type McpContext, PolicyEngine, type PolicyRule, type RiskLevel, type RuleCondition, type SqlContext, type Verdict, PolicyEngine as default };
240
+ export { type AuditEvent, type Channel, DEFAULT_RULES, type EngineConfig, type EngineTier, type EngineTierLimits, type EvalRequest, type EvalResult, type ExecContext, type HttpContext, type McpContext, PolicyEngine, type PolicyRule, type RiskLevel, type RuleCondition, type SqlContext, type Verdict, PolicyEngine as default };
package/dist/index.js CHANGED
@@ -258,22 +258,75 @@ var RISK_SCORES = {
258
258
  high: 70,
259
259
  critical: 95
260
260
  };
261
+ var ENGINE_TIER_LIMITS = {
262
+ free: { evaluationsPerMonth: 50, irreversibleAllowsPerMonth: 0 },
263
+ personal: { evaluationsPerMonth: 5e3, irreversibleAllowsPerMonth: 500 },
264
+ starter: { evaluationsPerMonth: 5e4, irreversibleAllowsPerMonth: 5e3 },
265
+ pro: { evaluationsPerMonth: 5e5, irreversibleAllowsPerMonth: 5e4 },
266
+ enterprise: { evaluationsPerMonth: -1, irreversibleAllowsPerMonth: -1 }
267
+ };
261
268
  var PolicyEngine = class {
262
269
  rules;
263
270
  defaultVerdict;
264
271
  auditLog;
265
272
  onAudit;
273
+ _tier = "free";
274
+ _usage = { evaluations: 0, irreversibleAllows: 0, monthKey: "" };
266
275
  constructor(config) {
267
276
  this.rules = config.rules.map((r) => ({ ...r, conditions: r.conditions ? [...r.conditions] : void 0 })).sort((a, b) => b.priority - a.priority);
268
277
  this.defaultVerdict = config.default_verdict ?? "allow";
269
278
  this.auditLog = config.audit_log ?? false;
270
279
  this.onAudit = config.on_audit;
280
+ this._tier = config.tier ?? "free";
281
+ const now = /* @__PURE__ */ new Date();
282
+ this._usage.monthKey = `${now.getFullYear()}-${String(now.getMonth() + 1).padStart(2, "0")}`;
283
+ }
284
+ /** Set the current tier (e.g., after API key verification) */
285
+ setTier(tier) {
286
+ this._tier = tier;
287
+ }
288
+ /** Get current tier */
289
+ get tier() {
290
+ return this._tier;
291
+ }
292
+ /** Get tier limits */
293
+ get tierLimits() {
294
+ return ENGINE_TIER_LIMITS[this._tier];
295
+ }
296
+ /** Get current usage */
297
+ get usage() {
298
+ return { ...this._usage };
299
+ }
300
+ _resetMonthIfNeeded() {
301
+ const now = /* @__PURE__ */ new Date();
302
+ const mk = `${now.getFullYear()}-${String(now.getMonth() + 1).padStart(2, "0")}`;
303
+ if (this._usage.monthKey !== mk) {
304
+ this._usage = { evaluations: 0, irreversibleAllows: 0, monthKey: mk };
305
+ }
271
306
  }
272
307
  /**
273
308
  * Evaluate an action against the policy rules.
274
309
  * Returns a decision with verdict, risk score, and matched rules.
275
310
  */
276
311
  evaluate(request) {
312
+ this._resetMonthIfNeeded();
313
+ this._usage.evaluations++;
314
+ const evalLimit = ENGINE_TIER_LIMITS[this._tier].evaluationsPerMonth;
315
+ if (evalLimit >= 0 && this._usage.evaluations > evalLimit) {
316
+ return {
317
+ decision_id: generateDecisionId(),
318
+ verdict: "deny",
319
+ allowed: false,
320
+ requires_approval: false,
321
+ reason: `Evaluation quota exceeded (${evalLimit}/month for ${this._tier} tier). Upgrade at https://sovr.inc/pricing`,
322
+ risk_score: 0,
323
+ matched_rules: [],
324
+ risk_level: "none",
325
+ channel: request.channel,
326
+ trace_id: request.trace_id || generateTraceId(),
327
+ timestamp: Date.now()
328
+ };
329
+ }
277
330
  const traceId = request.trace_id || generateTraceId();
278
331
  const decisionId = generateDecisionId();
279
332
  const matchedRules = [];
@@ -339,6 +392,14 @@ var PolicyEngine = class {
339
392
  Promise.resolve(this.onAudit(event)).catch(() => {
340
393
  });
341
394
  }
395
+ if (this._tier === "free") {
396
+ return {
397
+ ...result,
398
+ risk_score: 0,
399
+ matched_rules: [],
400
+ reason: "[UPGRADE to Personal+ for detailed evaluation results] https://sovr.inc/pricing"
401
+ };
402
+ }
342
403
  return result;
343
404
  }
344
405
  /**
package/dist/index.mjs CHANGED
@@ -232,22 +232,75 @@ var RISK_SCORES = {
232
232
  high: 70,
233
233
  critical: 95
234
234
  };
235
+ var ENGINE_TIER_LIMITS = {
236
+ free: { evaluationsPerMonth: 50, irreversibleAllowsPerMonth: 0 },
237
+ personal: { evaluationsPerMonth: 5e3, irreversibleAllowsPerMonth: 500 },
238
+ starter: { evaluationsPerMonth: 5e4, irreversibleAllowsPerMonth: 5e3 },
239
+ pro: { evaluationsPerMonth: 5e5, irreversibleAllowsPerMonth: 5e4 },
240
+ enterprise: { evaluationsPerMonth: -1, irreversibleAllowsPerMonth: -1 }
241
+ };
235
242
  var PolicyEngine = class {
236
243
  rules;
237
244
  defaultVerdict;
238
245
  auditLog;
239
246
  onAudit;
247
+ _tier = "free";
248
+ _usage = { evaluations: 0, irreversibleAllows: 0, monthKey: "" };
240
249
  constructor(config) {
241
250
  this.rules = config.rules.map((r) => ({ ...r, conditions: r.conditions ? [...r.conditions] : void 0 })).sort((a, b) => b.priority - a.priority);
242
251
  this.defaultVerdict = config.default_verdict ?? "allow";
243
252
  this.auditLog = config.audit_log ?? false;
244
253
  this.onAudit = config.on_audit;
254
+ this._tier = config.tier ?? "free";
255
+ const now = /* @__PURE__ */ new Date();
256
+ this._usage.monthKey = `${now.getFullYear()}-${String(now.getMonth() + 1).padStart(2, "0")}`;
257
+ }
258
+ /** Set the current tier (e.g., after API key verification) */
259
+ setTier(tier) {
260
+ this._tier = tier;
261
+ }
262
+ /** Get current tier */
263
+ get tier() {
264
+ return this._tier;
265
+ }
266
+ /** Get tier limits */
267
+ get tierLimits() {
268
+ return ENGINE_TIER_LIMITS[this._tier];
269
+ }
270
+ /** Get current usage */
271
+ get usage() {
272
+ return { ...this._usage };
273
+ }
274
+ _resetMonthIfNeeded() {
275
+ const now = /* @__PURE__ */ new Date();
276
+ const mk = `${now.getFullYear()}-${String(now.getMonth() + 1).padStart(2, "0")}`;
277
+ if (this._usage.monthKey !== mk) {
278
+ this._usage = { evaluations: 0, irreversibleAllows: 0, monthKey: mk };
279
+ }
245
280
  }
246
281
  /**
247
282
  * Evaluate an action against the policy rules.
248
283
  * Returns a decision with verdict, risk score, and matched rules.
249
284
  */
250
285
  evaluate(request) {
286
+ this._resetMonthIfNeeded();
287
+ this._usage.evaluations++;
288
+ const evalLimit = ENGINE_TIER_LIMITS[this._tier].evaluationsPerMonth;
289
+ if (evalLimit >= 0 && this._usage.evaluations > evalLimit) {
290
+ return {
291
+ decision_id: generateDecisionId(),
292
+ verdict: "deny",
293
+ allowed: false,
294
+ requires_approval: false,
295
+ reason: `Evaluation quota exceeded (${evalLimit}/month for ${this._tier} tier). Upgrade at https://sovr.inc/pricing`,
296
+ risk_score: 0,
297
+ matched_rules: [],
298
+ risk_level: "none",
299
+ channel: request.channel,
300
+ trace_id: request.trace_id || generateTraceId(),
301
+ timestamp: Date.now()
302
+ };
303
+ }
251
304
  const traceId = request.trace_id || generateTraceId();
252
305
  const decisionId = generateDecisionId();
253
306
  const matchedRules = [];
@@ -313,6 +366,14 @@ var PolicyEngine = class {
313
366
  Promise.resolve(this.onAudit(event)).catch(() => {
314
367
  });
315
368
  }
369
+ if (this._tier === "free") {
370
+ return {
371
+ ...result,
372
+ risk_score: 0,
373
+ matched_rules: [],
374
+ reason: "[UPGRADE to Personal+ for detailed evaluation results] https://sovr.inc/pricing"
375
+ };
376
+ }
316
377
  return result;
317
378
  }
318
379
  /**
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@sovr/engine",
3
- "version": "1.2.0",
3
+ "version": "2.0.0",
4
4
  "description": "Unified Policy Engine for SOVR — the single decision plane for all proxy channels",
5
5
  "main": "dist/index.js",
6
6
  "module": "dist/index.mjs",