@tokentestai/ais 0.1.0

package/dist/index.d.ts

@@ -0,0 +1,547 @@
+import { Readable, Writable } from 'node:stream';
+
+interface PackageInfo {
+    name: string;
+    version: string;
+}
+declare function getPackageInfo(): PackageInfo;
+declare const PACKAGE_NAME: string;
+declare const VERSION: string;
+
+declare const SECRET_TYPES: readonly ["PASSWORD", "APIKEY", "DBCONN", "PRIVATE_KEY", "BEARER_TOKEN", "JWT", "GENERIC"];
+type SecretType = (typeof SECRET_TYPES)[number];
+declare const SECRET_SOURCES: readonly ["manual", "argv", "stdin", "proxy"];
+type SecretSource = (typeof SECRET_SOURCES)[number];
+interface VaultEntry {
+    token: string;
+    secret: string;
+    type: SecretType;
+    createdAt: number;
+    hitCount: number;
+    name?: string;
+    source?: SecretSource;
+}
+type TokenGenerator = (secret: string, type: SecretType, sessionId: string) => string;
+
+declare const DEFAULT_AIS_STATE_PATH_DISPLAY = "~/.ais/ais-state.json";
+interface AisRecentRecord {
+    id: string;
+    createdAt: number;
+    lastSeenAt: number;
+    name?: string;
+    preview: string;
+    seenCount: number;
+    source: SecretSource;
+    type: SecretType;
+}
+interface AisState {
+    excludedRecordIds: string[];
+    excludedTypes: SecretType[];
+    recentRecords: AisRecentRecord[];
+}
+interface AisStoreOptions {
+    path?: string;
+    recentLimit?: number;
+}
+interface RecordSecretOptions {
+    name?: string;
+    source: SecretSource;
+    timestamp?: number;
+}
+declare function createDefaultAisState(): AisState;
+declare function buildAisRecordId(secret: string): string;
+declare function resolveAisStatePath(path?: string): string;
+declare class AisStore {
+    private readonly options;
+    private dirty;
+    private loaded;
+    private state;
+    constructor(options?: AisStoreOptions);
+    load(): Promise<AisState>;
+    save(): Promise<void>;
+    getPath(): string;
+    getState(): AisState;
+    isExcluded(secret: string, type: SecretType): boolean;
+    recordSecret(secret: string, type: SecretType, options: RecordSecretOptions): AisRecentRecord;
+    setRecordExcluded(id: string, excluded: boolean): boolean;
+    setTypeExcluded(type: SecretType, excluded: boolean): void;
+    private assertLoaded;
+    private sortRecentRecords;
+    private trimRecentRecords;
+}
+
+declare const PROTECT_TOOLS: readonly ["claude", "codex", "openclaw"];
+declare const UPDATE_CHANNELS: readonly ["latest", "next"];
+type ProtectTool = (typeof PROTECT_TOOLS)[number];
+type UpdateChannel = (typeof UPDATE_CHANNELS)[number];
+declare function isProtectTool(value: string): value is ProtectTool;
+declare function isUpdateChannel(value: string): value is UpdateChannel;
+
+declare const DEFAULT_AUTOMATION_STATE_PATH_DISPLAY = "~/.ais/automation-state.json";
+type UpdateCheckResult = 'available' | 'failed' | 'never' | 'skipped' | 'up-to-date' | 'updated';
+interface ProtectToolRuntimeState {
+    backupPath?: string;
+    installed: boolean;
+    lastChangedAt?: number;
+    lastError?: string;
+    managedPath?: string;
+    originalCommandPath?: string;
+    suspended: boolean;
+}
+interface AutomationState {
+    protect: {
+        tools: Record<ProtectTool, ProtectToolRuntimeState>;
+    };
+    update: {
+        lastChannel?: UpdateChannel;
+        lastCheckedAt?: number;
+        lastError?: string;
+        lastLocalVersion?: string;
+        lastRemoteVersion?: string;
+        lastResult: UpdateCheckResult;
+        skipNextCheck: boolean;
+    };
+}
+interface LoadedAutomationState {
+    exists: boolean;
+    path: string;
+    recoveredFrom?: string;
+    recoveryReason?: string;
+    state: AutomationState;
+}
+declare function createDefaultAutomationState(): AutomationState;
+declare function createDefaultProtectToolRuntimeState(): ProtectToolRuntimeState;
+declare function resolveAutomationStatePath(path?: string): string;
+declare function loadAutomationState(path?: string): Promise<LoadedAutomationState>;
+declare function saveAutomationState(state: AutomationState, path?: string): Promise<void>;
+declare function clearProtectRuntimeState(state: AutomationState, tool?: ProtectTool, now?: number): AutomationState;
+declare function cloneAutomationState(state: AutomationState): AutomationState;
+
+type DetectionConfidence = 'high' | 'medium' | 'low';
+interface DetectedSecret {
+    value: string;
+    type: SecretType;
+    confidence: DetectionConfidence;
+    start: number;
+    end: number;
+    patternId: string;
+}
+interface SecretDetector {
+    detect(input: string): DetectedSecret[];
+}
+
+interface PatternDefinition {
+    extractValue(match: RegExpMatchArray): string | null;
+    id: string;
+    type: SecretType;
+    expression: RegExp;
+}
+interface CustomPatternDefinition {
+    id: string;
+    regex: string;
+    type: SecretType;
+}
+interface PatternDetectorOptions {
+    customPatterns?: CustomPatternDefinition[];
+}
+declare const KNOWN_SECRET_PATTERNS: PatternDefinition[];
+declare class PatternDetector implements SecretDetector {
+    private readonly patterns;
+    constructor(options?: PatternDetectorOptions);
+    detect(input: string): DetectedSecret[];
+}
+
+interface CombinedDetectorOptions {
+    customPatterns?: CustomPatternDefinition[];
+    enablePattern?: boolean;
+    enableContext?: boolean;
+    enableEntropy?: boolean;
+    entropyThreshold?: number;
+}
+declare class CombinedDetector implements SecretDetector {
+    private readonly stages;
+    constructor(options?: CombinedDetectorOptions);
+    detect(input: string): DetectedSecret[];
+}
+
+declare class ContextDetector implements SecretDetector {
+    detect(input: string): DetectedSecret[];
+}
+
+interface EntropyDetectorOptions {
+    threshold?: number;
+}
+declare function calculateShannonEntropy(value: string): number;
+declare class EntropyDetector implements SecretDetector {
+    private readonly options;
+    constructor(options?: EntropyDetectorOptions);
+    detect(input: string): DetectedSecret[];
+}
+
+interface PtyWrapperOptions {
+    flushStdinData?: () => string;
+    flushStdoutData?: () => string;
+    onStdinData?: (data: string) => string;
+    onStdoutData?: (data: string) => string;
+    stdin?: Readable & {
+        isRaw?: boolean;
+        isTTY?: boolean;
+        setRawMode?: (mode: boolean) => void;
+    };
+    stdout?: Writable & {
+        columns?: number;
+        isTTY?: boolean;
+        rows?: number;
+    };
+    cwd?: string;
+    env?: NodeJS.ProcessEnv;
+}
+declare function runPtyCommand(command: string, args: string[], options?: PtyWrapperOptions): Promise<number>;
+declare function createPtyWrapper(command: string, args: string[], options?: PtyWrapperOptions): Promise<void>;
+
+type ProxyProvider = 'anthropic' | 'openai';
+type ProxyTargets = Record<ProxyProvider, string>;
+
+declare const DEFAULT_TARGETS: ProxyTargets;
+declare function getDefaultProxyTargets(env?: NodeJS.ProcessEnv): ProxyTargets;
+declare function buildProxyEnvironment(proxyBaseUrl: string, env?: NodeJS.ProcessEnv): NodeJS.ProcessEnv;
+
+declare const TOKEN_REGEX: RegExp;
+declare const TOKEN_MAX_LENGTH: number;
+interface SessionVaultOptions {
+    sessionId?: string;
+    tokenGenerator?: TokenGenerator;
+}
+interface RegisterSecretOptions {
+    createdAt?: number;
+    hitCount?: number;
+    name?: string;
+    source?: SecretSource;
+    token?: string;
+}
+declare function generateToken(secret: string, type: SecretType, sessionId: string): string;
+declare class SessionVault {
+    private readonly nameToSecret;
+    private revisionNumber;
+    private readonly secretToEntry;
+    private readonly tokenToEntry;
+    private readonly sessionId;
+    private readonly tokenGenerator;
+    constructor(options?: SessionVaultOptions);
+    get size(): number;
+    get revision(): number;
+    register(secret: string, type: SecretType, options?: RegisterSecretOptions): string;
+    findByName(name: string): VaultEntry | null;
+    resolve(token: string): string | null;
+    getSecretToTokenPairs(): Array<[string, string]>;
+    snapshot(): VaultEntry[];
+    removeByName(name: string): VaultEntry | null;
+    getTokenToSecretPairs(): Array<[string, string]>;
+    isToken(value: string): boolean;
+    destroy(): void;
+    private removeBySecret;
+    private updateExistingEntry;
+    private assertNameAvailable;
+}
+
+interface ProxyOptions {
+    captureDir?: string;
+    defaultProvider?: ProxyProvider;
+    host?: string;
+    maxPortAttempts?: number;
+    onRequestText?: (body: string) => void;
+    port?: number;
+    publicHost?: string;
+    targetBaseUrl?: string;
+    targets?: Partial<ProxyTargets>;
+    timeoutMs?: number;
+    vault: SessionVault;
+}
+declare class ProxyServer {
+    private readonly options;
+    private activePort;
+    private readonly activeUpgradeSockets;
+    private readonly captureDir?;
+    private readonly defaultProvider?;
+    private readonly host;
+    private readonly maxPortAttempts;
+    private readonly port;
+    private readonly publicHost;
+    private readonly responsesCompatibilityStore;
+    private server;
+    private readonly targets;
+    private readonly timeoutMs;
+    constructor(options: ProxyOptions);
+    getBaseUrl(): string;
+    start(): Promise<number>;
+    stop(): Promise<void>;
+    private handleUpgrade;
+    private handleRequest;
+    private handleResponsesCompatibilityRead;
+    private forwardResponsesRequestWithFallback;
+    private forwardTranslatedResponsesCompatibilityRequest;
+    private forwardResponsesCompatibilityResponse;
+    private forwardUpgradeFallbackResponse;
+    private sendUpgradeError;
+    private trackUpgradeSocket;
+    private forwardRequest;
+    private forwardResponse;
+    private inspectAndMaskTextBody;
+    private writeResponsesCompatibilityCapture;
+}
+
+declare const DEFAULT_VAULT_PATH: string;
+declare class EncryptedVault {
+    static exists(path?: string): boolean;
+    static save(data: Record<string, VaultEntry>, password: string, path?: string): Promise<void>;
+    static load(password: string, path?: string): Promise<Record<string, VaultEntry>>;
+}
+
+interface KeychainModule {
+    deletePassword(service: string, account: string): Promise<boolean>;
+    getPassword(service: string, account: string): Promise<string | null>;
+    setPassword(service: string, account: string, password: string): Promise<void>;
+}
+type KeychainModuleLoader = () => Promise<KeychainModule | {
+    default: KeychainModule;
+}>;
+declare function setKeychainModuleLoaderForTesting(loader: KeychainModuleLoader): void;
+declare function resetKeychainModuleLoaderForTesting(): void;
+declare class KeychainStore {
+    static readonly SERVICE = "ais";
+    private static readonly ACCOUNT;
+    static setVaultPassword(password: string): Promise<void>;
+    static getVaultPassword(): Promise<string | null>;
+    static deleteVaultPassword(): Promise<void>;
+    static isAvailable(): Promise<boolean>;
+}
+
+interface KeychainStoreLike {
+    getVaultPassword(): Promise<string | null>;
+    isAvailable(): Promise<boolean>;
+    setVaultPassword(password: string): Promise<void>;
+}
+interface StorageManagerOptions {
+    env?: NodeJS.ProcessEnv;
+    keychain?: KeychainStoreLike;
+    persistDetectedSecrets?: boolean;
+    vaultOptions?: SessionVaultOptions;
+    vaultPassword?: string;
+    vaultPath?: string;
+}
+declare class StorageManager {
+    private readonly options;
+    private cachedPassword;
+    private readonly env;
+    private readonly keychain;
+    constructor(options?: StorageManagerOptions);
+    initialize(): Promise<SessionVault>;
+    save(vault: SessionVault): Promise<void>;
+    setup(): Promise<boolean>;
+    getVaultPath(): string;
+    private getReadablePassword;
+    private getWritablePassword;
+    private getDirectPassword;
+}
+
+interface RegisterSecretValueOptions {
+    name?: string;
+}
+interface AisStats {
+    detectedSecrets: number;
+    maskedInputs: number;
+    proxyEnabled: boolean;
+    proxyPort: number | null;
+    registeredSecrets: number;
+    restoredOutputs: number;
+}
+interface AisRuntimeOptions {
+    ais?: (AisStoreOptions & {
+        store?: AisStore;
+    }) | false;
+    automation?: {
+        path: string;
+        protect: {
+            enabled: boolean;
+            tools: Record<ProtectTool, boolean>;
+        };
+        state: AutomationState;
+        update: {
+            channel: UpdateChannel;
+            checkIntervalMinutes: number;
+            enabled: boolean;
+            silent: boolean;
+            skipCheck: boolean;
+        };
+    };
+    cwd?: string;
+    debug?: boolean;
+    detectionWindow?: number;
+    detector?: CombinedDetectorOptions;
+    dryRun?: boolean;
+    env?: NodeJS.ProcessEnv;
+    logFile?: string;
+    proxy?: Omit<ProxyOptions, 'vault'>;
+    storage?: (StorageManagerOptions & {
+        manager?: StorageManager;
+    }) | false;
+    stdin?: PtyWrapperOptions['stdin'];
+    stdout?: PtyWrapperOptions['stdout'];
+    vault?: SessionVaultOptions;
+}
+declare function stripVaultArtifacts(input: string): string;
+declare class AisRuntime {
+    private readonly options;
+    private readonly argvDetector;
+    private readonly detector;
+    private readonly detectionBuffers;
+    private readonly aisStore?;
+    private readonly interceptor;
+    private proxyPort;
+    private readonly proxy;
+    private readonly storageManager?;
+    private storageLoaded;
+    private readonly stdoutRestorer;
+    private readonly vault;
+    private readonly stats;
+    private running;
+    constructor(options?: AisRuntimeOptions);
+    start(command: string, args: string[]): Promise<void>;
+    registerSecret(secret: string, type?: SecretType, options?: RegisterSecretValueOptions): string;
+    getStats(): AisStats;
+    private debug;
+    private warn;
+    private writeMessage;
+    private loadStoredSecrets;
+    private loadAisState;
+    private detectSecrets;
+    private flushStdin;
+    private flushStdout;
+    private handleStdin;
+    private handleStdout;
+    private handleProxyRequestText;
+    private prepareArgs;
+    private registerSecretValue;
+    private resetDetectionBuffers;
+}
+
+declare const DEFAULT_CONFIG_PATH: string;
+declare const DEFAULT_VAULT_PATH_DISPLAY = "~/.ais/vault.enc";
+interface CustomPatternConfig {
+    id: string;
+    regex: string;
+    type: SecretType;
+}
+interface AisConfig {
+    ais: {
+        recentLimit: number;
+        statePath: string;
+    };
+    automation: {
+        statePath: string;
+    };
+    customPatterns: CustomPatternConfig[];
+    detection: {
+        context: boolean;
+        entropy: boolean;
+        entropyThreshold: number;
+        patterns: boolean;
+    };
+    display: {
+        debug: boolean;
+    };
+    protect: {
+        enabled: boolean;
+        tools: {
+            claude: boolean;
+            codex: boolean;
+            openclaw: boolean;
+        };
+    };
+    storage: {
+        persistSecrets: boolean;
+        vaultPath: string;
+    };
+    update: {
+        channel: UpdateChannel;
+        checkIntervalMinutes: number;
+        enabled: boolean;
+        silent: boolean;
+    };
+}
+interface LoadedConfig {
+    config: AisConfig;
+    exists: boolean;
+    path: string;
+}
+declare function createDefaultConfig(): AisConfig;
+declare function expandHomePath(path: string): string;
+declare function resolveConfigPath(path?: string): string;
+declare function loadConfig(path?: string): Promise<LoadedConfig>;
+declare function saveConfig(config: AisConfig, path?: string): Promise<void>;
+
+interface BidirectionalFlushResult {
+    apiResponse: string;
+    input: string;
+    output: string;
+}
+declare class BidirectionalInterceptor {
+    private readonly vault;
+    private readonly apiResponseReplacer;
+    private readonly inputReplacer;
+    private readonly outputReplacer;
+    private syncedRevision;
+    constructor(vault: SessionVault);
+    processInput(chunk: string): string;
+    processOutput(chunk: string): string;
+    processApiResponse(chunk: string): string;
+    flush(): BidirectionalFlushResult;
+    updateRules(): void;
+    private syncRules;
+}
+
+declare class StreamReplacer {
+    private buffer;
+    private matcher;
+    private maxPatternLen;
+    private prefixes;
+    constructor(replacements: Map<string, string>);
+    push(chunk: string): string;
+    flush(): string;
+    updateRules(replacements: Map<string, string>): void;
+    private getLookbehindLength;
+    private getSafeLimit;
+}
+
+interface ProtectShellCommandResult {
+    exitCode: number;
+    stderr: string;
+    stdout: string;
+}
+type ProtectShellRunner = (command: string, args: string[], options: {
+    env?: NodeJS.ProcessEnv;
+}) => Promise<ProtectShellCommandResult>;
+interface ProtectRuntimeOptions {
+    aisCliPath?: string;
+    env?: NodeJS.ProcessEnv;
+    homeDir?: string;
+    nodePath?: string;
+    now?: () => number;
+    shellPath?: string;
+    shellRunner?: ProtectShellRunner;
+}
+interface ProtectSyncResult {
+    changed: boolean;
+    errors: string[];
+    state: AutomationState;
+    warnings: string[];
+}
+interface ProtectRestoreResult extends ProtectSyncResult {
+    config: AisConfig;
+}
+declare function syncProtectRuntime(config: AisConfig, state: AutomationState, options?: ProtectRuntimeOptions): Promise<ProtectSyncResult>;
+declare function refreshProtectRuntime(state: AutomationState, options?: ProtectRuntimeOptions): Promise<ProtectSyncResult>;
+declare function restoreProtectRuntime(config: AisConfig, state: AutomationState, options?: ProtectRuntimeOptions): Promise<ProtectRestoreResult>;
+declare function resolveProtectedCommand(command: string, env?: NodeJS.ProcessEnv, options?: Pick<ProtectRuntimeOptions, 'homeDir'>): Promise<string>;
+
+export { type AisConfig, type AisRecentRecord, AisRuntime, type AisRuntimeOptions, type AisState, type AisStats, AisStore, type AisStoreOptions, type AutomationState, type BidirectionalFlushResult, BidirectionalInterceptor, CombinedDetector, type CombinedDetectorOptions, ContextDetector, type CustomPatternConfig, type CustomPatternDefinition, DEFAULT_AIS_STATE_PATH_DISPLAY, DEFAULT_AUTOMATION_STATE_PATH_DISPLAY, DEFAULT_CONFIG_PATH, DEFAULT_TARGETS as DEFAULT_PROXY_TARGETS, DEFAULT_VAULT_PATH, DEFAULT_VAULT_PATH_DISPLAY, type DetectedSecret, type DetectionConfidence, EncryptedVault, EntropyDetector, type EntropyDetectorOptions, KNOWN_SECRET_PATTERNS, KeychainStore, type LoadedAutomationState, type LoadedConfig, PACKAGE_NAME, PROTECT_TOOLS, PatternDetector, type PatternDetectorOptions, type ProtectRestoreResult, type ProtectRuntimeOptions, type ProtectShellCommandResult, type ProtectShellRunner, type ProtectSyncResult, type ProtectTool, type ProtectToolRuntimeState, type ProxyOptions, type ProxyProvider, ProxyServer, type ProxyTargets, type PtyWrapperOptions, type RecordSecretOptions, type RegisterSecretOptions, type RegisterSecretValueOptions, type SecretDetector, type SecretSource, type SecretType, SessionVault, type SessionVaultOptions, StorageManager, type StorageManagerOptions, StreamReplacer, TOKEN_MAX_LENGTH, TOKEN_REGEX, type TokenGenerator, UPDATE_CHANNELS, type UpdateChannel, type UpdateCheckResult, VERSION, type VaultEntry, buildAisRecordId, buildProxyEnvironment, calculateShannonEntropy, clearProtectRuntimeState, cloneAutomationState, createDefaultAisState, createDefaultAutomationState, createDefaultConfig, createDefaultProtectToolRuntimeState, createPtyWrapper, expandHomePath, generateToken, getDefaultProxyTargets, getPackageInfo, isProtectTool, isUpdateChannel, loadAutomationState, loadConfig, refreshProtectRuntime, resetKeychainModuleLoaderForTesting, resolveAisStatePath, resolveAutomationStatePath, resolveConfigPath, resolveProtectedCommand, restoreProtectRuntime, runPtyCommand, saveAutomationState, saveConfig, setKeychainModuleLoaderForTesting, stripVaultArtifacts, syncProtectRuntime };