@sovr/engine 3.6.0 → 4.0.0

package/dist/index.js

@@ -42,6 +42,7 @@ __export(index_exports, {
   SOVR_FEATURE_SWITCHES: () => SOVR_FEATURE_SWITCHES,
   SelfConstraintEngine: () => SelfConstraintEngine,
   SemanticDriftDetectorEngine: () => SemanticDriftDetectorEngine,
+  TIME_WINDOWS: () => TIME_WINDOWS,
   TimeSeriesAggregator: () => TimeSeriesAggregator,
   TrendAlertEngine: () => TrendAlertEngine,
   TwoPhaseRouter: () => TwoPhaseRouter,
@@ -4326,6 +4327,60 @@ var OverrideDriftAnalyzer = class {
   }
 };
 
+// src/cockpitDataService.ts
+var TIME_WINDOWS = {
+  "1h": { label: "1 \u5C0F\u65F6", seconds: 3600 },
+  "6h": { label: "6 \u5C0F\u65F6", seconds: 21600 },
+  "24h": { label: "24 \u5C0F\u65F6", seconds: 86400 },
+  "7d": { label: "7 \u5929", seconds: 604800 },
+  "30d": { label: "30 \u5929", seconds: 2592e3 }
+};
+var collectors = [];
+function registerMetricCollector(collector) {
+  const exists = collectors.findIndex((c) => c.name === collector.name);
+  if (exists >= 0) {
+    collectors[exists] = collector;
+  } else {
+    collectors.push(collector);
+  }
+}
+registerMetricCollector({
+  name: "gate_requests_total",
+  category: "gate",
+  unit: "req/min",
+  collect: async () => 0
+});
+registerMetricCollector({
+  name: "gate_block_rate",
+  category: "gate",
+  unit: "%",
+  collect: async () => 0
+});
+registerMetricCollector({
+  name: "audit_events_total",
+  category: "audit",
+  unit: "events/min",
+  collect: async () => 0
+});
+registerMetricCollector({
+  name: "trust_score",
+  category: "trust",
+  unit: "score",
+  collect: async () => 85
+});
+registerMetricCollector({
+  name: "budget_utilization",
+  category: "budget",
+  unit: "%",
+  collect: async () => 0
+});
+registerMetricCollector({
+  name: "avg_latency_ms",
+  category: "performance",
+  unit: "ms",
+  collect: async () => 0
+});
+
 // src/index.ts
 var DEFAULT_RULES = [
   // --- HTTP Proxy: Dangerous outbound calls ---
@@ -4560,8 +4615,11 @@ var RISK_SCORES = {
   high: 70,
   critical: 95
 };
-var ENGINE_VERSION = "3.4.0";
+var ENGINE_VERSION = "4.0.0";
 var ENGINE_VERSION_CHECK_URL = "https://api.sovr.inc/api/sovr/v1/version/check";
+var DEFAULT_METERING_ENDPOINT = "https://sovr-ai-mkzgqqeh.manus.space/api/v1/metering/batch";
+var LOGIN_VALIDATE_URL = "https://sovr-ai-mkzgqqeh.manus.space/api/keys/validate";
+var IRREVERSIBLE_ACTION_REGEX = /^(DELETE|DROP|TRUNCATE|ALTER|UPDATE|INSERT|CREATE|GRANT|REVOKE|COPY|shell_exec|file_write|db_delete|db_update|db_execute|payment|deploy|publish)$/i;
 var ENGINE_TIER_LIMITS = {
   free: { evaluationsPerMonth: 50, irreversibleAllowsPerMonth: 0 },
   personal: { evaluationsPerMonth: 5e3, irreversibleAllowsPerMonth: 500 },
@@ -4578,6 +4636,28 @@ var PolicyEngine = class {
   _usage = { evaluations: 0, irreversibleAllows: 0, monthKey: "" };
   _apiKey;
   _versionChecked = false;
+  // v4.0.0: BillingReporter
+  _billingEnabled;
+  _billingEndpoint;
+  _billingBuffer = [];
+  _billingFlushTimer = null;
+  _billingFlushInterval;
+  _billingBufferMax;
+  _billingStats = {
+    eventsReported: 0,
+    eventsDropped: 0,
+    bufferSize: 0,
+    byType: {
+      "gate.check": 0,
+      "gate.block": 0,
+      "irreversible.allowed": 0,
+      "trust_bundle.issued": 0,
+      "trust_bundle.exported": 0,
+      "replay.requested": 0,
+      "auditor.session": 0
+    }
+  };
+  _loginValidated = false;
   constructor(config) {
     this._apiKey = config.apiKey || process.env.SOVR_API_KEY || "";
     if (!this._apiKey) {
@@ -4609,7 +4689,19 @@ var PolicyEngine = class {
     this._tier = config.tier ?? "free";
     const now = /* @__PURE__ */ new Date();
     this._usage.monthKey = `${now.getFullYear()}-${String(now.getMonth() + 1).padStart(2, "0")}`;
+    const billing = config.billing ?? {};
+    this._billingEnabled = billing.enabled !== false;
+    this._billingEndpoint = billing.meteringEndpoint ?? DEFAULT_METERING_ENDPOINT;
+    this._billingFlushInterval = billing.flushIntervalMs ?? 1e4;
+    this._billingBufferMax = billing.bufferMax ?? 500;
     this._asyncVersionCheck();
+    this._asyncLoginValidation();
+    if (this._billingEnabled) {
+      this._billingFlushTimer = setInterval(() => {
+        this._flushBillingBuffer().catch(() => {
+        });
+      }, this._billingFlushInterval);
+    }
   }
   /** v3.1.0: Async version check — blocks evaluate() on first call if deprecated */
   async _asyncVersionCheck() {
@@ -4652,6 +4744,137 @@ var PolicyEngine = class {
       }
     }
   }
+  // ============================================================================
+  // v4.0.0: Mandatory Login Validation (Remote API Key → User Identity)
+  // ============================================================================
+  /**
+   * Async login validation — verifies API Key is bound to a registered user.
+   * Runs once at startup. On failure: logs warning but allows operation (fail-open).
+   * On success: sets tier from server response.
+   */
+  async _asyncLoginValidation() {
+    if (this._loginValidated) return;
+    try {
+      const res = await globalThis.fetch(LOGIN_VALIDATE_URL, {
+        method: "GET",
+        headers: {
+          "Authorization": `Bearer ${this._apiKey}`,
+          "X-SOVR-Source": "engine",
+          "X-SOVR-Version": ENGINE_VERSION
+        },
+        signal: AbortSignal.timeout(8e3)
+      });
+      if (res.ok) {
+        const data = await res.json();
+        this._loginValidated = true;
+        if (data.tier) {
+          this._tier = data.tier;
+        }
+        if (data.valid === false) {
+          console.error(
+            "\n\u2554\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2557\n\u2551          SOVR LOGIN VALIDATION FAILED                        \u2551\n\u2560\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2563\n\u2551  Your API key is not bound to a registered user.            \u2551\n\u2551  Please login at: https://sovr.inc/login                    \u2551\n\u2551  Then get a valid key: https://sovr.inc/dashboard/api-keys  \u2551\n\u255A\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u255D\n"
+          );
+        }
+      } else if (res.status === 401 || res.status === 403) {
+        console.error(
+          `[SOVR ENGINE] Login validation failed (HTTP ${res.status}). API key may be invalid or expired.`
+        );
+      }
+    } catch {
+    }
+  }
+  /** Get login validation status */
+  get loginValidated() {
+    return this._loginValidated;
+  }
+  // ============================================================================
+  // v4.0.0: BillingReporter — 7 event types, batch flush, quota check
+  // ============================================================================
+  /**
+   * Record a billing event into the buffer.
+   * Fire-and-forget — never blocks the main request flow.
+   */
+  recordBillingEvent(event_type, action, resource, verdict, metadata) {
+    if (!this._billingEnabled) return;
+    this._billingBuffer.push({
+      event_type,
+      action,
+      resource,
+      verdict,
+      api_key: this._apiKey,
+      timestamp: Date.now(),
+      metadata
+    });
+    this._billingStats.byType[event_type] = (this._billingStats.byType[event_type] || 0) + 1;
+    if (this._billingBuffer.length >= this._billingBufferMax) {
+      this._flushBillingBuffer().catch(() => {
+      });
+    }
+  }
+  /**
+   * Flush billing buffer to the metering endpoint.
+   * Batch POST — fire-and-forget with re-queue on failure.
+   */
+  async _flushBillingBuffer() {
+    if (this._billingBuffer.length === 0) return;
+    const batch = this._billingBuffer.splice(0, this._billingBufferMax);
+    try {
+      const response = await globalThis.fetch(this._billingEndpoint, {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/json",
+          "Authorization": `Bearer ${this._apiKey}`,
+          "X-SOVR-Source": "engine",
+          "X-SOVR-Version": ENGINE_VERSION
+        },
+        body: JSON.stringify({ events: batch }),
+        signal: AbortSignal.timeout(5e3)
+      });
+      if (response.ok) {
+        this._billingStats.eventsReported += batch.length;
+      } else {
+        throw new Error(`HTTP ${response.status}`);
+      }
+    } catch {
+      if (this._billingBuffer.length < this._billingBufferMax * 2) {
+        this._billingBuffer.unshift(...batch);
+      } else {
+        this._billingStats.eventsDropped += batch.length;
+      }
+    }
+  }
+  /**
+   * Classify an evaluate() call into the appropriate billing event type.
+   * Key pricing principle: "放行的不可逆动作" is the highest-price tax base.
+   */
+  _classifyBillingEvent(action, verdict) {
+    if (verdict === "deny" || verdict === "block") {
+      return "gate.block";
+    }
+    if ((verdict === "allow" || verdict === "escalate") && IRREVERSIBLE_ACTION_REGEX.test(action)) {
+      return "irreversible.allowed";
+    }
+    return "gate.check";
+  }
+  /** Get billing statistics */
+  get billingStats() {
+    return {
+      ...this._billingStats,
+      bufferSize: this._billingBuffer.length
+    };
+  }
+  /**
+   * Flush remaining billing events and stop the timer.
+   * Call this before process exit for clean shutdown.
+   */
+  async shutdown() {
+    if (this._billingFlushTimer) {
+      clearInterval(this._billingFlushTimer);
+      this._billingFlushTimer = null;
+    }
+    await this._flushBillingBuffer().catch(() => {
+    });
+  }
   /** Set the current tier (e.g., after API key verification) */
   setTier(tier) {
     this._tier = tier;
@@ -4763,6 +4986,14 @@ var PolicyEngine = class {
       Promise.resolve(this.onAudit(event)).catch(() => {
       });
     }
+    const billingType = this._classifyBillingEvent(request.action, verdict);
+    this.recordBillingEvent(billingType, request.action, request.resource, verdict, {
+      risk_score: riskScore,
+      risk_level: riskLevel,
+      decision_id: decisionId,
+      channel: request.channel,
+      matched_rules: matchedRules.length
+    });
     if (this._tier === "free") {
       return {
         ...result,
@@ -4837,6 +5068,7 @@ var index_default = PolicyEngine;
   SOVR_FEATURE_SWITCHES,
   SelfConstraintEngine,
   SemanticDriftDetectorEngine,
+  TIME_WINDOWS,
   TimeSeriesAggregator,
   TrendAlertEngine,
   TwoPhaseRouter,

package/dist/index.mjs

@@ -4257,6 +4257,60 @@ var OverrideDriftAnalyzer = class {
   }
 };
 
+// src/cockpitDataService.ts
+var TIME_WINDOWS = {
+  "1h": { label: "1 \u5C0F\u65F6", seconds: 3600 },
+  "6h": { label: "6 \u5C0F\u65F6", seconds: 21600 },
+  "24h": { label: "24 \u5C0F\u65F6", seconds: 86400 },
+  "7d": { label: "7 \u5929", seconds: 604800 },
+  "30d": { label: "30 \u5929", seconds: 2592e3 }
+};
+var collectors = [];
+function registerMetricCollector(collector) {
+  const exists = collectors.findIndex((c) => c.name === collector.name);
+  if (exists >= 0) {
+    collectors[exists] = collector;
+  } else {
+    collectors.push(collector);
+  }
+}
+registerMetricCollector({
+  name: "gate_requests_total",
+  category: "gate",
+  unit: "req/min",
+  collect: async () => 0
+});
+registerMetricCollector({
+  name: "gate_block_rate",
+  category: "gate",
+  unit: "%",
+  collect: async () => 0
+});
+registerMetricCollector({
+  name: "audit_events_total",
+  category: "audit",
+  unit: "events/min",
+  collect: async () => 0
+});
+registerMetricCollector({
+  name: "trust_score",
+  category: "trust",
+  unit: "score",
+  collect: async () => 85
+});
+registerMetricCollector({
+  name: "budget_utilization",
+  category: "budget",
+  unit: "%",
+  collect: async () => 0
+});
+registerMetricCollector({
+  name: "avg_latency_ms",
+  category: "performance",
+  unit: "ms",
+  collect: async () => 0
+});
+
 // src/index.ts
 var DEFAULT_RULES = [
   // --- HTTP Proxy: Dangerous outbound calls ---
@@ -4491,8 +4545,11 @@ var RISK_SCORES = {
   high: 70,
   critical: 95
 };
-var ENGINE_VERSION = "3.4.0";
+var ENGINE_VERSION = "4.0.0";
 var ENGINE_VERSION_CHECK_URL = "https://api.sovr.inc/api/sovr/v1/version/check";
+var DEFAULT_METERING_ENDPOINT = "https://sovr-ai-mkzgqqeh.manus.space/api/v1/metering/batch";
+var LOGIN_VALIDATE_URL = "https://sovr-ai-mkzgqqeh.manus.space/api/keys/validate";
+var IRREVERSIBLE_ACTION_REGEX = /^(DELETE|DROP|TRUNCATE|ALTER|UPDATE|INSERT|CREATE|GRANT|REVOKE|COPY|shell_exec|file_write|db_delete|db_update|db_execute|payment|deploy|publish)$/i;
 var ENGINE_TIER_LIMITS = {
   free: { evaluationsPerMonth: 50, irreversibleAllowsPerMonth: 0 },
   personal: { evaluationsPerMonth: 5e3, irreversibleAllowsPerMonth: 500 },
@@ -4509,6 +4566,28 @@ var PolicyEngine = class {
   _usage = { evaluations: 0, irreversibleAllows: 0, monthKey: "" };
   _apiKey;
   _versionChecked = false;
+  // v4.0.0: BillingReporter
+  _billingEnabled;
+  _billingEndpoint;
+  _billingBuffer = [];
+  _billingFlushTimer = null;
+  _billingFlushInterval;
+  _billingBufferMax;
+  _billingStats = {
+    eventsReported: 0,
+    eventsDropped: 0,
+    bufferSize: 0,
+    byType: {
+      "gate.check": 0,
+      "gate.block": 0,
+      "irreversible.allowed": 0,
+      "trust_bundle.issued": 0,
+      "trust_bundle.exported": 0,
+      "replay.requested": 0,
+      "auditor.session": 0
+    }
+  };
+  _loginValidated = false;
   constructor(config) {
     this._apiKey = config.apiKey || process.env.SOVR_API_KEY || "";
     if (!this._apiKey) {
@@ -4540,7 +4619,19 @@ var PolicyEngine = class {
     this._tier = config.tier ?? "free";
     const now = /* @__PURE__ */ new Date();
     this._usage.monthKey = `${now.getFullYear()}-${String(now.getMonth() + 1).padStart(2, "0")}`;
+    const billing = config.billing ?? {};
+    this._billingEnabled = billing.enabled !== false;
+    this._billingEndpoint = billing.meteringEndpoint ?? DEFAULT_METERING_ENDPOINT;
+    this._billingFlushInterval = billing.flushIntervalMs ?? 1e4;
+    this._billingBufferMax = billing.bufferMax ?? 500;
     this._asyncVersionCheck();
+    this._asyncLoginValidation();
+    if (this._billingEnabled) {
+      this._billingFlushTimer = setInterval(() => {
+        this._flushBillingBuffer().catch(() => {
+        });
+      }, this._billingFlushInterval);
+    }
   }
   /** v3.1.0: Async version check — blocks evaluate() on first call if deprecated */
   async _asyncVersionCheck() {
@@ -4583,6 +4674,137 @@ var PolicyEngine = class {
       }
     }
   }
+  // ============================================================================
+  // v4.0.0: Mandatory Login Validation (Remote API Key → User Identity)
+  // ============================================================================
+  /**
+   * Async login validation — verifies API Key is bound to a registered user.
+   * Runs once at startup. On failure: logs warning but allows operation (fail-open).
+   * On success: sets tier from server response.
+   */
+  async _asyncLoginValidation() {
+    if (this._loginValidated) return;
+    try {
+      const res = await globalThis.fetch(LOGIN_VALIDATE_URL, {
+        method: "GET",
+        headers: {
+          "Authorization": `Bearer ${this._apiKey}`,
+          "X-SOVR-Source": "engine",
+          "X-SOVR-Version": ENGINE_VERSION
+        },
+        signal: AbortSignal.timeout(8e3)
+      });
+      if (res.ok) {
+        const data = await res.json();
+        this._loginValidated = true;
+        if (data.tier) {
+          this._tier = data.tier;
+        }
+        if (data.valid === false) {
+          console.error(
+            "\n\u2554\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2557\n\u2551          SOVR LOGIN VALIDATION FAILED                        \u2551\n\u2560\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2563\n\u2551  Your API key is not bound to a registered user.            \u2551\n\u2551  Please login at: https://sovr.inc/login                    \u2551\n\u2551  Then get a valid key: https://sovr.inc/dashboard/api-keys  \u2551\n\u255A\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u255D\n"
+          );
+        }
+      } else if (res.status === 401 || res.status === 403) {
+        console.error(
+          `[SOVR ENGINE] Login validation failed (HTTP ${res.status}). API key may be invalid or expired.`
+        );
+      }
+    } catch {
+    }
+  }
+  /** Get login validation status */
+  get loginValidated() {
+    return this._loginValidated;
+  }
+  // ============================================================================
+  // v4.0.0: BillingReporter — 7 event types, batch flush, quota check
+  // ============================================================================
+  /**
+   * Record a billing event into the buffer.
+   * Fire-and-forget — never blocks the main request flow.
+   */
+  recordBillingEvent(event_type, action, resource, verdict, metadata) {
+    if (!this._billingEnabled) return;
+    this._billingBuffer.push({
+      event_type,
+      action,
+      resource,
+      verdict,
+      api_key: this._apiKey,
+      timestamp: Date.now(),
+      metadata
+    });
+    this._billingStats.byType[event_type] = (this._billingStats.byType[event_type] || 0) + 1;
+    if (this._billingBuffer.length >= this._billingBufferMax) {
+      this._flushBillingBuffer().catch(() => {
+      });
+    }
+  }
+  /**
+   * Flush billing buffer to the metering endpoint.
+   * Batch POST — fire-and-forget with re-queue on failure.
+   */
+  async _flushBillingBuffer() {
+    if (this._billingBuffer.length === 0) return;
+    const batch = this._billingBuffer.splice(0, this._billingBufferMax);
+    try {
+      const response = await globalThis.fetch(this._billingEndpoint, {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/json",
+          "Authorization": `Bearer ${this._apiKey}`,
+          "X-SOVR-Source": "engine",
+          "X-SOVR-Version": ENGINE_VERSION
+        },
+        body: JSON.stringify({ events: batch }),
+        signal: AbortSignal.timeout(5e3)
+      });
+      if (response.ok) {
+        this._billingStats.eventsReported += batch.length;
+      } else {
+        throw new Error(`HTTP ${response.status}`);
+      }
+    } catch {
+      if (this._billingBuffer.length < this._billingBufferMax * 2) {
+        this._billingBuffer.unshift(...batch);
+      } else {
+        this._billingStats.eventsDropped += batch.length;
+      }
+    }
+  }
+  /**
+   * Classify an evaluate() call into the appropriate billing event type.
+   * Key pricing principle: "放行的不可逆动作" is the highest-price tax base.
+   */
+  _classifyBillingEvent(action, verdict) {
+    if (verdict === "deny" || verdict === "block") {
+      return "gate.block";
+    }
+    if ((verdict === "allow" || verdict === "escalate") && IRREVERSIBLE_ACTION_REGEX.test(action)) {
+      return "irreversible.allowed";
+    }
+    return "gate.check";
+  }
+  /** Get billing statistics */
+  get billingStats() {
+    return {
+      ...this._billingStats,
+      bufferSize: this._billingBuffer.length
+    };
+  }
+  /**
+   * Flush remaining billing events and stop the timer.
+   * Call this before process exit for clean shutdown.
+   */
+  async shutdown() {
+    if (this._billingFlushTimer) {
+      clearInterval(this._billingFlushTimer);
+      this._billingFlushTimer = null;
+    }
+    await this._flushBillingBuffer().catch(() => {
+    });
+  }
   /** Set the current tier (e.g., after API key verification) */
   setTier(tier) {
     this._tier = tier;
@@ -4694,6 +4916,14 @@ var PolicyEngine = class {
       Promise.resolve(this.onAudit(event)).catch(() => {
       });
     }
+    const billingType = this._classifyBillingEvent(request.action, verdict);
+    this.recordBillingEvent(billingType, request.action, request.resource, verdict, {
+      risk_score: riskScore,
+      risk_level: riskLevel,
+      decision_id: decisionId,
+      channel: request.channel,
+      matched_rules: matchedRules.length
+    });
     if (this._tier === "free") {
       return {
         ...result,
@@ -4767,6 +4997,7 @@ export {
   SOVR_FEATURE_SWITCHES,
   SelfConstraintEngine,
   SemanticDriftDetectorEngine,
+  TIME_WINDOWS,
   TimeSeriesAggregator,
   TrendAlertEngine,
   TwoPhaseRouter,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sovr/engine",
-  "version": "3.6.0",
+  "version": "4.0.0",
   "description": "Unified Policy Engine for SOVR — the single decision plane for all proxy channels",
   "main": "dist/index.js",
   "module": "dist/index.mjs",