@sunaiva/gate 1.0.0 → 1.1.2

package/TIER_DEFINITIONS.md

@@ -0,0 +1,161 @@
+# Tier Definitions — `@sunaiva/gate`
+
+Feature scope of each tier for the Sunaiva Gate product line. The MCP server
+itself (`@sunaiva/gate` on npm) is free forever and is the top-of-funnel into
+the paid tiers. Paid tiers are tied to the **dashboard subscription** + the
+premium rule backend.
+
+> **Pricing**: current pricing is the single source of truth at
+> **https://sunaivacore.io/pricing** — owned by the Sunaiva MCP Command lane,
+> aligned to the Sunaiva Core marketplace pricing model (MCP subscription
+> floor + per-call x402 + skill bundle). This file documents **feature scope
+> per tier** only. Dollar figures intentionally NOT embedded here so the npm
+> package never ships stale pricing.
+
+> **Free tier** (no signup) runs the full constitutional rule set locally on
+> your machine. Paid tiers add the hosted dashboard, premium rule evaluation,
+> audit aggregation, and team features. Without a paid tier the gate still
+> enforces every constitutional rule deterministically — you just don't get
+> the dashboard, premium rules, or team views.
+
+---
+
+## Free — `@sunaiva/gate` (npm package, no signup)
+
+- **Price**: free forever
+- **License**: BUSL-1.1 wrapper (Change Date `2030-05-10` → Apache-2.0)
+- **Scope**:
+  - All 32 constitutional rules evaluated locally (cannot be disabled per the immutability guard)
+  - All 68 premium rule slots present but marked `[server-side]` placeholders (no evaluation — requires Pro+)
+  - Local audit log at `~/.sunaiva/audit/audit.jsonl`
+  - 5 presets (Minimal / Essential / Developer-Safety / Financial-Protection / Full-Suite)
+  - Kill-switch (`DISABLE_SUNAIVA_GATE=1`) and dry-run (`SUNAIVA_GATE_DRY_RUN=1`)
+  - All 6 MCP tools (`validate_action`, `log_bypass`, `get_rules`, `update_rules`, `get_audit_log`, `ship_confidence_check`)
+- **Support**: best-effort email per `SUPPORT.md`
+- **SLA**: none
+- **Use case**: solo developer running Claude Code / Cursor / Windsurf / Copilot locally and wanting a deterministic safety layer
+
+---
+
+## Starter
+
+Everything in Free, plus:
+
+- **Hosted dashboard** — real-time validation activity, audit log search/filter/export, rules manager UI, per-agent integration cards (see `LOVABLE_DASHBOARD_PROMPT.md` in this directory for the spec)
+- **Metered validations per month** (Free tier is locally unmetered; Starter introduces backend-evaluated premium rules with a budget)
+- **Curated subset of premium rules** active — server-side evaluation via `https://mcp.sunaivacore.io/v1/gatehooks` (token-authenticated)
+- **1 connected agent** (Claude Code OR Cursor OR Windsurf OR Copilot — one at a time)
+- **Short-window audit log retention** (see pricing page for current tier limits)
+- **Single user seat**
+- **Email support** with 2 business-day target response
+
+**Best for**: solo developers who want the dashboard view + a curated subset of premium rules
+
+---
+
+## Pro (recommended default)
+
+Everything in Starter, plus:
+
+- **Higher metered validation budget**
+- **All 68 premium rules** active
+- **5 connected agents** (any mix of Claude Code, Cursor, Windsurf, Copilot, Aider, Codex, Zed)
+- **BYOK support** — bring your own Gemini / Anthropic / OpenRouter API key for the LLM portion of Gate 2 (semantic analysis); or stay on the included Managed Gemini Flash
+- **Mid-window audit log retention**
+- **CSV export** of audit log with all metadata
+- **Webhook support** — POST validation events to your own endpoint
+- **Multiple user seats** (shared dashboard, individual API keys)
+- **Email support** with 1 business-day target response
+
+**Best for**: small teams (1-3 developers) with a shared rule set + audit trail need
+
+---
+
+## Power
+
+Everything in Pro, plus:
+
+- **Even higher validation budget**
+- **Custom rules** — author your own detection patterns with severity, category, enforcement type; replicated to all team members
+- **Cross-session severity escalation** — warn-first-block-on-repeat state machine persists across sessions, not just per-session
+- **Long-window audit log retention**
+- **Audit log export to S3 / GCS / Azure Blob** on schedule
+- **Larger team seat allocation**
+- **Priority email support** with same-business-day acknowledgement
+- **Sandbox endpoint** for testing rule changes before pushing to production
+
+**Best for**: small-to-mid engineering teams (4-10 developers) with custom rule requirements
+
+---
+
+## Enterprise — contact sales
+
+Everything in Power, plus:
+
+- **Unlimited validations**
+- **Self-hosted deployment option** (private dashboard + private rule backend; air-gapped if required)
+- **SSO / SAML** via Okta, Azure AD, Google Workspace
+- **Audit log retention**: indefinite, with archive-to-cold-storage policy options
+- **Cryptographic audit export** with HMAC-signed verdicts, byte-compatible with the [`sunaiva-ship-confidence`](https://sunaivacore.io/products/ship-confidence) skill — feeds straight into Ship-Confidence GREEN/RED gates
+- **Large team seat allocation** in the base tier; larger volumes priced per-seat
+- **Custom integration support** — IDE plugins, CI/CD hooks, custom MCP host integration
+- **Dedicated Slack / Teams channel** for support; SLA per the master services agreement
+- **EU AI Act compliance dossier** as an add-on (see [`sunaiva-validation`](https://sunaivacore.io/products/validation) for the Article 9 / 12 / 14 / 15 mapping)
+- **Contractual data-handling commitments** (GDPR DPA, regional data residency)
+
+**Engagement**: email `support@sunaiva.ai` with subject `[sales] Enterprise inquiry` to start the conversation. Pricing is quoted per-engagement on the call.
+
+---
+
+## Tier comparison at a glance
+
+| Feature | Free | Starter | Pro | Power | Enterprise |
+|---|---|---|---|---|---|
+| 32 constitutional rules (local) | ✓ | ✓ | ✓ | ✓ | ✓ |
+| 68 premium rules (server-eval) | — | curated subset | All 68 | All 68 + custom | All 68 + custom |
+| Hosted dashboard | — | ✓ | ✓ | ✓ | ✓ (self-host option) |
+| Validations / month | unmetered (local only) | metered | metered (higher) | metered (highest) | unlimited |
+| Connected agents | unmetered | 1 | 5 | larger team | unlimited |
+| Audit log retention | local only (your disk) | short | mid | long | indefinite |
+| Custom rules | — | — | — | ✓ | ✓ |
+| BYOK (Gemini/Anthropic/OpenRouter) | N/A (no LLM call from free) | — | ✓ | ✓ | ✓ |
+| User seats | 1 (local) | 1 | multiple | larger team | up to enterprise tier |
+| Webhook | — | — | ✓ | ✓ | ✓ |
+| CSV export | — | — | ✓ | ✓ | ✓ |
+| Custom rule packs | — | — | — | ✓ | ✓ |
+| Cross-session severity escalation | per-session | per-session | per-session | ✓ | ✓ |
+| Audit log cloud export | — | — | — | ✓ | ✓ |
+| Sandbox endpoint | — | — | — | ✓ | ✓ |
+| Cryptographic audit export | — | — | — | — | ✓ |
+| SSO / SAML | — | — | — | — | ✓ |
+| Self-hosted option | — | — | — | — | ✓ |
+| EU AI Act compliance dossier | — | — | — | add-on | included |
+| Support response time | best-effort | 2 business days | 1 business day | same business day | dedicated channel + MSA SLA |
+
+---
+
+## What is NOT in any tier
+
+To set buyer expectations clearly:
+
+- **Code review / static analysis** — the gate enforces ACTION-level rules at runtime. It is not a code reviewer. Pair with `sunaiva-ship-confidence` for shipped-artifact verification.
+- **AI model training / fine-tuning** — out of scope. The gate is an enforcement layer, not a model provider.
+- **Network firewall / WAF** — out of scope. The gate operates at the MCP tool-call layer (PreToolUse / PostToolUse / SessionStart events), not the HTTP layer.
+- **Endpoint detection & response (EDR)** — out of scope. Not a host-based security agent.
+- **Production incident response** — out of scope. The gate prevents incidents; it does not respond to them.
+
+---
+
+## Upgrade / downgrade
+
+- Self-service: upgrade Starter → Pro → Power via dashboard billing settings (Stripe-managed)
+- Self-service: downgrade with proration via the same flow
+- Enterprise: contractual; transitions handled per the master services agreement
+- **Cancellations**: refund per Stripe's standard policy. Audit logs export to local disk on cancellation (no data lock-in)
+
+---
+
+*Source of truth for pricing: https://sunaivacore.io/pricing — owned by the
+Sunaiva MCP Command lane, aligned to the canonical Sunaiva Core marketplace
+pricing model (MCP subscription floor + per-call x402 + skill bundle).
+This file is feature-scope only.*

package/dist/config/defaults.d.ts

@@ -1,9 +1,30 @@
 /**
- * Default configuration values for @sunaiva/gate
+ * Default configuration values for @sunaiva/gate.
+ *
+ * The active_rules list defaults to the full constitutional set
+ * (every rule with `enforcement: "constitutional"` in rules.json).
+ * This guarantees that even a user with no on-disk config gets the
+ * full local enforcement layer out of the box. Constitutional rules
+ * cannot be disabled via `update_rules` (enforced by B4's immutability
+ * guard) — they are listed here for explicitness and so that the in-
+ * memory config matches the on-disk default that getConfig() writes.
+ *
+ * To keep this list in sync with rules/rules.json, see
+ * `scripts/verify-bundle.js` which asserts that every constitutional
+ * rule ID appears in DEFAULT_CONFIG.active_rules at pack time.
  */
 export declare const CONFIG_DIR: string;
 export declare const CONFIG_PATH: string;
 export declare const AUDIT_LOG_PATH: string;
+/**
+ * Every constitutional rule ID (enforcement === "constitutional") shipped
+ * in rules/rules.json. Kept as a frozen array so it can be referenced
+ * by B4's immutability guard and by the bundle-verify script.
+ *
+ * UPDATE PROCEDURE: when rules.json gains a new constitutional rule,
+ * add its ID here. The verify-bundle script will flag a mismatch.
+ */
+export declare const CONSTITUTIONAL_RULE_IDS: readonly string[];
 export declare const DEFAULT_CONFIG: GateConfig;
 export declare const MANAGED_API_BASE = "https://api.sunaiva.ai/v1/gate";
 export interface ModelConfig {

package/dist/config/defaults.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"defaults.d.ts","sourceRoot":"","sources":["../../src/config/defaults.ts"],"names":[],"mappings":"AAAA;;GAEG;AAKH,eAAO,MAAM,UAAU,QAA8B,CAAC;AACtD,eAAO,MAAM,WAAW,QAAuC,CAAC;AAChE,eAAO,MAAM,cAAc,QAAkC,CAAC;AAE9D,eAAO,MAAM,cAAc,EAAE,UAe5B,CAAC;AAEF,eAAO,MAAM,gBAAgB,mCAAmC,CAAC;AAEjE,MAAM,WAAW,WAAW;IAC1B,QAAQ,EAAE,SAAS,GAAG,QAAQ,GAAG,WAAW,GAAG,YAAY,GAAG,OAAO,CAAC;IACtE,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,UAAU;IACzB,OAAO,EAAE,MAAM,CAAC;IAChB,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,gBAAgB,EAAE,SAAS,GAAG,WAAW,GAAG,OAAO,CAAC;IACpD,KAAK,EAAE,WAAW,CAAC;IACnB,cAAc,EAAE,MAAM,CAAC;CACxB"}
+{"version":3,"file":"defaults.d.ts","sourceRoot":"","sources":["../../src/config/defaults.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAKH,eAAO,MAAM,UAAU,QAA8B,CAAC;AACtD,eAAO,MAAM,WAAW,QAAuC,CAAC;AAChE,eAAO,MAAM,cAAc,QAAkC,CAAC;AAE9D;;;;;;;GAOG;AACH,eAAO,MAAM,uBAAuB,EAAE,SAAS,MAAM,EAiCnD,CAAC;AAEH,eAAO,MAAM,cAAc,EAAE,UAS5B,CAAC;AAEF,eAAO,MAAM,gBAAgB,mCAAmC,CAAC;AAEjE,MAAM,WAAW,WAAW;IAC1B,QAAQ,EAAE,SAAS,GAAG,QAAQ,GAAG,WAAW,GAAG,YAAY,GAAG,OAAO,CAAC;IACtE,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,UAAU;IACzB,OAAO,EAAE,MAAM,CAAC;IAChB,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,gBAAgB,EAAE,SAAS,GAAG,WAAW,GAAG,OAAO,CAAC;IACpD,KAAK,EAAE,WAAW,CAAC;IACnB,cAAc,EAAE,MAAM,CAAC;CACxB"}

package/dist/config/defaults.js

@@ -1,20 +1,68 @@
 /**
- * Default configuration values for @sunaiva/gate
+ * Default configuration values for @sunaiva/gate.
+ *
+ * The active_rules list defaults to the full constitutional set
+ * (every rule with `enforcement: "constitutional"` in rules.json).
+ * This guarantees that even a user with no on-disk config gets the
+ * full local enforcement layer out of the box. Constitutional rules
+ * cannot be disabled via `update_rules` (enforced by B4's immutability
+ * guard) — they are listed here for explicitness and so that the in-
+ * memory config matches the on-disk default that getConfig() writes.
+ *
+ * To keep this list in sync with rules/rules.json, see
+ * `scripts/verify-bundle.js` which asserts that every constitutional
+ * rule ID appears in DEFAULT_CONFIG.active_rules at pack time.
  */
 import { homedir } from "os";
 import { join } from "path";
 export const CONFIG_DIR = join(homedir(), ".sunaiva");
 export const CONFIG_PATH = join(CONFIG_DIR, "gate-config.json");
 export const AUDIT_LOG_PATH = join(CONFIG_DIR, "audit.jsonl");
+/**
+ * Every constitutional rule ID (enforcement === "constitutional") shipped
+ * in rules/rules.json. Kept as a frozen array so it can be referenced
+ * by B4's immutability guard and by the bundle-verify script.
+ *
+ * UPDATE PROCEDURE: when rules.json gains a new constitutional rule,
+ * add its ID here. The verify-bundle script will flag a mismatch.
+ */
+export const CONSTITUTIONAL_RULE_IDS = Object.freeze([
+    "cmp-002",
+    "com-001",
+    "com-002",
+    "com-005",
+    "com-006",
+    "com-007",
+    "com-009",
+    "com-011",
+    "dat-001",
+    "dat-002",
+    "dat-004",
+    "dat-010",
+    "fin-001",
+    "fin-002",
+    "fin-003",
+    "fin-004",
+    "fin-008",
+    "fin-009",
+    "gov-001",
+    "gov-002",
+    "gov-004",
+    "gov-005",
+    "gov-006",
+    "gov-008",
+    "gov-012",
+    "know-009",
+    "sec-001",
+    "sec-002",
+    "sec-004",
+    "sec-006",
+    "sec-010",
+    "sec-011",
+]);
 export const DEFAULT_CONFIG = {
     api_key: "",
-    active_rules: [
-        "fin-001",
-        "gov-001",
-        "gov-002",
-        "dat-001",
-        "gov-008",
-    ],
+    active_rules: [...CONSTITUTIONAL_RULE_IDS],
     active_preset: "minimal",
     enforcement_mode: "enforce",
     model: {

package/dist/config/defaults.js.map

@@ -1 +1 @@
-{"version":3,"file":"defaults.js","sourceRoot":"","sources":["../../src/config/defaults.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,OAAO,EAAE,MAAM,IAAI,CAAC;AAC7B,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAE5B,MAAM,CAAC,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,EAAE,EAAE,UAAU,CAAC,CAAC;AACtD,MAAM,CAAC,MAAM,WAAW,GAAG,IAAI,CAAC,UAAU,EAAE,kBAAkB,CAAC,CAAC;AAChE,MAAM,CAAC,MAAM,cAAc,GAAG,IAAI,CAAC,UAAU,EAAE,aAAa,CAAC,CAAC;AAE9D,MAAM,CAAC,MAAM,cAAc,GAAe;IACxC,OAAO,EAAE,EAAE;IACX,YAAY,EAAE;QACZ,SAAS;QACT,SAAS;QACT,SAAS;QACT,SAAS;QACT,SAAS;KACV;IACD,aAAa,EAAE,SAAS;IACxB,gBAAgB,EAAE,SAAS;IAC3B,KAAK,EAAE;QACL,QAAQ,EAAE,SAAS;KACpB;IACD,cAAc,EAAE,cAAc;CAC/B,CAAC;AAEF,MAAM,CAAC,MAAM,gBAAgB,GAAG,gCAAgC,CAAC"}
+{"version":3,"file":"defaults.js","sourceRoot":"","sources":["../../src/config/defaults.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,EAAE,OAAO,EAAE,MAAM,IAAI,CAAC;AAC7B,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAE5B,MAAM,CAAC,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,EAAE,EAAE,UAAU,CAAC,CAAC;AACtD,MAAM,CAAC,MAAM,WAAW,GAAG,IAAI,CAAC,UAAU,EAAE,kBAAkB,CAAC,CAAC;AAChE,MAAM,CAAC,MAAM,cAAc,GAAG,IAAI,CAAC,UAAU,EAAE,aAAa,CAAC,CAAC;AAE9D;;;;;;;GAOG;AACH,MAAM,CAAC,MAAM,uBAAuB,GAAsB,MAAM,CAAC,MAAM,CAAC;IACtE,SAAS;IACT,SAAS;IACT,SAAS;IACT,SAAS;IACT,SAAS;IACT,SAAS;IACT,SAAS;IACT,SAAS;IACT,SAAS;IACT,SAAS;IACT,SAAS;IACT,SAAS;IACT,SAAS;IACT,SAAS;IACT,SAAS;IACT,SAAS;IACT,SAAS;IACT,SAAS;IACT,SAAS;IACT,SAAS;IACT,SAAS;IACT,SAAS;IACT,SAAS;IACT,SAAS;IACT,SAAS;IACT,UAAU;IACV,SAAS;IACT,SAAS;IACT,SAAS;IACT,SAAS;IACT,SAAS;IACT,SAAS;CACV,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,cAAc,GAAe;IACxC,OAAO,EAAE,EAAE;IACX,YAAY,EAAE,CAAC,GAAG,uBAAuB,CAAC;IAC1C,aAAa,EAAE,SAAS;IACxB,gBAAgB,EAAE,SAAS;IAC3B,KAAK,EAAE;QACL,QAAQ,EAAE,SAAS;KACpB;IACD,cAAc,EAAE,cAAc;CAC/B,CAAC;AAEF,MAAM,CAAC,MAAM,gBAAgB,GAAG,gCAAgC,CAAC"}

package/dist/config/loader.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"loader.d.ts","sourceRoot":"","sources":["../../src/config/loader.ts"],"names":[],"mappings":"AACA,OAAO,EAA2C,KAAK,UAAU,EAAE,MAAM,eAAe,CAAC;AAEzF,wBAAgB,SAAS,IAAI,UAAU,CAMtC;AAED,wBAAgB,UAAU,CAAC,GAAG,EAAE,UAAU,GAAG,IAAI,CAGhD;AAED,wBAAgB,gBAAgB,IAAI,MAAM,EAAE,CAE3C"}
+{"version":3,"file":"loader.d.ts","sourceRoot":"","sources":["../../src/config/loader.ts"],"names":[],"mappings":"AAQA,OAAO,EAA2C,KAAK,UAAU,EAAE,MAAM,eAAe,CAAC;AAGzF,wBAAgB,SAAS,IAAI,UAAU,CAiBtC;AAED,wBAAgB,UAAU,CAAC,GAAG,EAAE,UAAU,GAAG,IAAI,CAGhD;AAED,wBAAgB,gBAAgB,IAAI,MAAM,EAAE,CAE3C"}

package/dist/config/loader.js

@@ -1,13 +1,31 @@
+/**
+ * Config loader. Constitutional rule IDs are RE-MERGED into active_rules
+ * on every load — see `enforceConstitutionalActive` in immutability.ts.
+ * This means a user can hand-edit `~/.sunaiva/gate-config.json` to remove
+ * constitutional rules and the next runtime load will simply re-add them
+ * (in-memory only — the on-disk file is left untouched).
+ */
 import { readFileSync, writeFileSync, mkdirSync, existsSync } from "node:fs";
 import { CONFIG_DIR, CONFIG_PATH, DEFAULT_CONFIG } from "./defaults.js";
+import { enforceConstitutionalActive } from "../engine/immutability.js";
 export function getConfig() {
+    let loaded;
     try {
-        if (existsSync(CONFIG_PATH))
-            return JSON.parse(readFileSync(CONFIG_PATH, "utf-8"));
+        if (existsSync(CONFIG_PATH)) {
+            loaded = JSON.parse(readFileSync(CONFIG_PATH, "utf-8"));
+        }
+        else {
+            saveConfig(DEFAULT_CONFIG);
+            loaded = { ...DEFAULT_CONFIG };
+        }
     }
-    catch { }
-    saveConfig(DEFAULT_CONFIG);
-    return { ...DEFAULT_CONFIG };
+    catch {
+        saveConfig(DEFAULT_CONFIG);
+        loaded = { ...DEFAULT_CONFIG };
+    }
+    // ALWAYS re-merge constitutional active_rules — user tampering of the
+    // on-disk file cannot disable a constitutional rule.
+    return enforceConstitutionalActive(loaded);
 }
 export function saveConfig(cfg) {
     mkdirSync(CONFIG_DIR, { recursive: true, mode: 0o700 });

package/dist/config/loader.js.map

@@ -1 +1 @@
-{"version":3,"file":"loader.js","sourceRoot":"","sources":["../../src/config/loader.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,aAAa,EAAE,SAAS,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AAC7E,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,cAAc,EAAmB,MAAM,eAAe,CAAC;AAEzF,MAAM,UAAU,SAAS;IACvB,IAAI,CAAC;QACH,IAAI,UAAU,CAAC,WAAW,CAAC;YAAE,OAAO,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC,CAAC;IACrF,CAAC;IAAC,MAAM,CAAC,CAAA,CAAC;IACV,UAAU,CAAC,cAAc,CAAC,CAAC;IAC3B,OAAO,EAAE,GAAG,cAAc,EAAE,CAAC;AAC/B,CAAC;AAED,MAAM,UAAU,UAAU,CAAC,GAAe;IACxC,SAAS,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IACxD,aAAa,CAAC,WAAW,EAAE,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;AAC5E,CAAC;AAED,MAAM,UAAU,gBAAgB;IAC9B,OAAO,SAAS,EAAE,CAAC,YAAY,CAAC;AAClC,CAAC"}
+{"version":3,"file":"loader.js","sourceRoot":"","sources":["../../src/config/loader.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AACH,OAAO,EAAE,YAAY,EAAE,aAAa,EAAE,SAAS,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AAC7E,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,cAAc,EAAmB,MAAM,eAAe,CAAC;AACzF,OAAO,EAAE,2BAA2B,EAAE,MAAM,2BAA2B,CAAC;AAExE,MAAM,UAAU,SAAS;IACvB,IAAI,MAAkB,CAAC;IACvB,IAAI,CAAC;QACH,IAAI,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;YAC5B,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC,CAAC;QAC1D,CAAC;aAAM,CAAC;YACN,UAAU,CAAC,cAAc,CAAC,CAAC;YAC3B,MAAM,GAAG,EAAE,GAAG,cAAc,EAAE,CAAC;QACjC,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,UAAU,CAAC,cAAc,CAAC,CAAC;QAC3B,MAAM,GAAG,EAAE,GAAG,cAAc,EAAE,CAAC;IACjC,CAAC;IAED,sEAAsE;IACtE,qDAAqD;IACrD,OAAO,2BAA2B,CAAC,MAAM,CAAC,CAAC;AAC7C,CAAC;AAED,MAAM,UAAU,UAAU,CAAC,GAAe;IACxC,SAAS,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IACxD,aAAa,CAAC,WAAW,EAAE,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;AAC5E,CAAC;AAED,MAAM,UAAU,gBAAgB;IAC9B,OAAO,SAAS,EAAE,CAAC,YAAY,CAAC;AAClC,CAAC"}

package/dist/engine/backend-client.d.ts

@@ -0,0 +1,58 @@
+/**
+ * Backend client for the Sunaiva Gate premium tier.
+ *
+ * Responsibilities:
+ *   - POST to `<backend_url>` for each premium (`[server-side]`) rule.
+ *   - Fail-OPEN for the *customer*: any backend failure (network, timeout,
+ *     5xx, 401, missing token) results in the rule being SKIPPED, never
+ *     a customer-side block. A Sunaiva outage MUST NOT take down a
+ *     customer's agent pipeline.
+ *   - Emit a once-per-process stderr notice when premium rules are skipped
+ *     because no API token is configured. Subsequent skips in the same
+ *     process are silent.
+ *   - One retry with 500ms backoff on 5xx / network error (per spec).
+ *   - Request timeout default 3000ms, env-overridable.
+ *   - Track audit counters: every skipped rule appears in
+ *     `BackendEvalResult.skipped_rule_ids` with a status code in
+ *     `BackendRuleResult.status` (e.g. `skipped_premium`, `skipped_auth`)
+ *     so the audit ledger can record exactly why a rule was deferred.
+ *
+ * What this module does NOT do:
+ *   - It does NOT decide whether to call the backend at all. That is the
+ *     caller's job (rule-engine.ts checks rule.backend_required + URL).
+ *   - It does NOT block. The returned result is informational; the caller
+ *     turns matched=true with severity=block into a customer-side block.
+ *   - It does NOT mutate global state apart from the once-per-process
+ *     stderr flag.
+ */
+import { BackendClientOptions, BackendEvalResult } from "../types/backend.js";
+/**
+ * Reset the once-per-process notice flag. Test-only — wired so that test
+ * fixtures can assert that the notice fires on the first call but not on
+ * subsequent calls within the same process.
+ */
+export declare function resetPremiumSkippedNotice(): void;
+/**
+ * Returns true iff the once-per-process notice was emitted. Test-only.
+ */
+export declare function wasPremiumSkippedNoticeShown(): boolean;
+export declare class BackendClient {
+    private readonly url;
+    private readonly apiToken;
+    private readonly timeoutMs;
+    private readonly fetchImpl;
+    constructor(options?: BackendClientOptions);
+    /** True iff the client has an API token configured. */
+    isConfigured(): boolean;
+    /**
+     * Evaluate a list of premium rules against `inputText`. Returns one
+     * BackendRuleResult per requested rule. Never throws; backend errors
+     * become `skipped_*` statuses so the caller can fail-OPEN gracefully.
+     */
+    evaluate(ruleIds: string[], inputText: string, context?: Record<string, unknown>): Promise<BackendEvalResult>;
+    /** Single-rule call with retry + timeout. */
+    private evaluateOne;
+    /** Single HTTP call. Returns a tagged outcome — never throws on HTTP. */
+    private callOnce;
+}
+//# sourceMappingURL=backend-client.d.ts.map

package/dist/engine/backend-client.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"backend-client.d.ts","sourceRoot":"","sources":["../../src/engine/backend-client.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AAEH,OAAO,EACL,oBAAoB,EACpB,iBAAiB,EAOlB,MAAM,qBAAqB,CAAC;AAM7B;;;;GAIG;AACH,wBAAgB,yBAAyB,IAAI,IAAI,CAEhD;AAED;;GAEG;AACH,wBAAgB,4BAA4B,IAAI,OAAO,CAEtD;AA0CD,qBAAa,aAAa;IACxB,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAS;IAC7B,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAgB;IACzC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAS;IACnC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAe;gBAE7B,OAAO,GAAE,oBAAyB;IAkB9C,uDAAuD;IACvD,YAAY,IAAI,OAAO;IAIvB;;;;OAIG;IACG,QAAQ,CACZ,OAAO,EAAE,MAAM,EAAE,EACjB,SAAS,EAAE,MAAM,EACjB,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAChC,OAAO,CAAC,iBAAiB,CAAC;IA8C7B,6CAA6C;YAC/B,WAAW;IAgEzB,yEAAyE;YAC3D,QAAQ;CAiFvB"}