@tuent/sentinel 0.1.0

package/dist/mcpAdapter-R47GX2P3.js

@@ -0,0 +1,178 @@
+import {
+  LogAdapter
+} from "./chunk-PDWWRZXF.js";
+
+// src/adapters/mcpAdapter.ts
+var ACTION_MAP = {
+  bash: "command_exec",
+  shell: "command_exec",
+  terminal: "command_exec",
+  read_file: "file_read",
+  file_read: "file_read",
+  view: "file_read",
+  write_file: "file_write",
+  file_write: "file_write",
+  create_file: "file_write",
+  str_replace: "file_write",
+  web_search: "network_request",
+  fetch: "network_request",
+  http: "network_request",
+  sql: "database_query",
+  query: "database_query",
+  database: "database_query"
+};
+function mapToolToAction(tool) {
+  return ACTION_MAP[tool] ?? "tool_invocation";
+}
+var McpAdapter = class {
+  agentId;
+  agentName;
+  logDir;
+  pollIntervalMs;
+  logAdapter = null;
+  currentLogFile = null;
+  onEvent = null;
+  dirPollTimer = null;
+  running = false;
+  scanning = false;
+  constructor(agentId, agentName, options) {
+    this.agentId = agentId;
+    this.agentName = agentName;
+    const home = process.env.HOME ?? process.env.USERPROFILE ?? "/tmp";
+    this.logDir = options?.logDir ?? `${home}/.mcp/logs`;
+    this.pollIntervalMs = options?.pollIntervalMs ?? 3e3;
+  }
+  async start(onEvent) {
+    if (this.running) return;
+    this.onEvent = onEvent;
+    this.running = true;
+    const latestLog = await this.findLatestLogFile();
+    if (latestLog) {
+      await this.attachToLogFile(latestLog);
+    } else {
+      console.warn(`No MCP logs found in ${this.logDir}. Waiting for activity...`);
+    }
+    this.dirPollTimer = setInterval(() => this.scanForNewLogs(), this.pollIntervalMs);
+    console.log(`McpAdapter monitoring MCP activity for agent ${this.agentId}`);
+  }
+  async stop() {
+    if (this.dirPollTimer) {
+      clearInterval(this.dirPollTimer);
+      this.dirPollTimer = null;
+    }
+    await this.logAdapter?.stop();
+    this.logAdapter = null;
+    this.currentLogFile = null;
+    this.running = false;
+    this.onEvent = null;
+    console.log(`McpAdapter stopped for agent ${this.agentId}`);
+  }
+  async findLatestLogFile() {
+    const { readdir, stat } = await import("fs/promises");
+    const { join } = await import("path");
+    let entries;
+    try {
+      entries = await readdir(this.logDir);
+    } catch {
+      return null;
+    }
+    let latestFile = null;
+    let latestMtime = 0;
+    for (const entry of entries) {
+      const fullPath = join(this.logDir, entry);
+      try {
+        const info = await stat(fullPath);
+        if (info.isFile() && info.mtimeMs > latestMtime) {
+          latestMtime = info.mtimeMs;
+          latestFile = fullPath;
+        }
+      } catch {
+      }
+    }
+    return latestFile;
+  }
+  async scanForNewLogs() {
+    if (!this.running || this.scanning) return;
+    this.scanning = true;
+    try {
+      const latestLog = await this.findLatestLogFile();
+      if (latestLog && latestLog !== this.currentLogFile) {
+        await this.attachToLogFile(latestLog);
+      }
+    } finally {
+      this.scanning = false;
+    }
+  }
+  async attachToLogFile(logFile) {
+    await this.logAdapter?.stop();
+    this.currentLogFile = logFile;
+    this.logAdapter = new LogAdapter(this.agentId, logFile, {
+      pollIntervalMs: this.pollIntervalMs,
+      fieldMapping: { action: "timestamp", target: "timestamp" }
+    });
+    await this.logAdapter.start((rawEvent) => {
+      const event = this.parseMcpEntry(rawEvent);
+      if (event) {
+        this.onEvent?.(event);
+      }
+    });
+  }
+  parseMcpEntry(raw) {
+    const timestamp = raw.timestamp;
+    if (!timestamp) return null;
+    if (raw.method && typeof raw.method === "string") {
+      const params = raw.params;
+      const toolName = params?.name ?? raw.method;
+      const args = params?.arguments;
+      const target = args ? `${toolName}: ${JSON.stringify(args)}` : toolName;
+      const t = target.slice(0, 200);
+      return {
+        agentId: this.agentId,
+        agentName: this.agentName,
+        agentRole: "mcp-agent",
+        action: "tool_invocation",
+        targets: [t],
+        primaryTarget: t,
+        schemaVersion: 2,
+        timestamp,
+        metadata: { tool: raw.method }
+      };
+    }
+    if (raw.tool && typeof raw.tool === "string") {
+      const input = typeof raw.input === "string" ? raw.input : "";
+      const t = input.slice(0, 200);
+      return {
+        agentId: this.agentId,
+        agentName: this.agentName,
+        agentRole: "mcp-agent",
+        action: mapToolToAction(raw.tool),
+        targets: [t],
+        primaryTarget: t,
+        schemaVersion: 2,
+        timestamp,
+        metadata: { tool: raw.tool }
+      };
+    }
+    if (raw.type === "tool_use" && raw.name && typeof raw.name === "string") {
+      const content = typeof raw.content === "string" ? raw.content : "";
+      const t = content.slice(0, 200);
+      return {
+        agentId: this.agentId,
+        agentName: this.agentName,
+        agentRole: "mcp-agent",
+        action: mapToolToAction(raw.name),
+        targets: [t],
+        primaryTarget: t,
+        schemaVersion: 2,
+        timestamp,
+        metadata: { tool: raw.name }
+      };
+    }
+    return null;
+  }
+};
+export {
+  McpAdapter,
+  mapToolToAction
+};
+//# sourceMappingURL=mcpAdapter-R47GX2P3.js.map

package/dist/pidManager-ZYC7SICM.js

@@ -0,0 +1,15 @@
+import {
+  acquireGatewayLock,
+  readPidFile,
+  removePidFile,
+  verifyPidIsGateway,
+  writePidFile
+} from "./chunk-CUJKNIKT.js";
+export {
+  acquireGatewayLock,
+  readPidFile,
+  removePidFile,
+  verifyPidIsGateway,
+  writePidFile
+};
+//# sourceMappingURL=pidManager-ZYC7SICM.js.map

package/dist/policyLoader-6KR5VFVV.js

@@ -0,0 +1,15 @@
+import {
+  LOCKED_ACTIONABLE_TYPES,
+  loadPolicy,
+  loadPolicyFromString,
+  policyToConfig,
+  policyToRole
+} from "./chunk-2FFMYSVC.js";
+export {
+  LOCKED_ACTIONABLE_TYPES,
+  loadPolicy,
+  loadPolicyFromString,
+  policyToConfig,
+  policyToRole
+};
+//# sourceMappingURL=policyLoader-6KR5VFVV.js.map

package/dist/webhookReceiver-NAVMQ6N5.js

@@ -0,0 +1,203 @@
+// src/adapters/webhookReceiver.ts
+var DEFAULT_MAX_BODY_SIZE = 1024 * 1024;
+var REQUIRED_FIELDS = ["agentId", "action", "targets", "timestamp"];
+var KNOWN_ACTIONS = /* @__PURE__ */ new Set([
+  "file_read",
+  "file_write",
+  "api_call",
+  "database_query",
+  "command_exec",
+  "tool_invocation",
+  "network_request"
+]);
+var WebhookReceiver = class {
+  configuredPort;
+  apiKey;
+  maxBodySize;
+  server = null;
+  onEvent = null;
+  running = false;
+  startedAt = 0;
+  constructor(port = 5151, options) {
+    this.configuredPort = port;
+    this.apiKey = options?.apiKey;
+    this.maxBodySize = options?.maxBodySize ?? DEFAULT_MAX_BODY_SIZE;
+  }
+  get port() {
+    const addr = this.server?.address();
+    if (addr && typeof addr === "object") {
+      return addr.port;
+    }
+    return this.configuredPort;
+  }
+  async start(onEvent) {
+    if (this.running) return;
+    this.onEvent = onEvent;
+    this.running = true;
+    this.startedAt = Date.now();
+    const http = await import("http");
+    this.server = http.createServer((req, res) => this.handleRequest(req, res));
+    await new Promise((resolve, reject) => {
+      this.server.once("error", reject);
+      this.server.listen(this.configuredPort, () => {
+        this.server.removeListener("error", reject);
+        resolve();
+      });
+    });
+    console.log(`Sentinel webhook receiver listening on port ${this.port}`);
+  }
+  async stop() {
+    if (!this.server) return;
+    await new Promise((resolve, reject) => {
+      this.server.close((err) => err ? reject(err) : resolve());
+    });
+    this.server = null;
+    this.running = false;
+    this.onEvent = null;
+    console.log("Sentinel webhook receiver stopped");
+  }
+  isRunning() {
+    return this.running;
+  }
+  handleRequest(req, res) {
+    const url = req.url ?? "";
+    const method = req.method ?? "";
+    if (method === "GET" && url === "/api/sentinel/health") {
+      this.sendJson(res, 200, {
+        status: "running",
+        uptime: Math.floor((Date.now() - this.startedAt) / 1e3)
+      });
+      return;
+    }
+    if (method === "POST" && url === "/api/sentinel/events") {
+      this.readBody(req, res, (body) => this.handleSingleEvent(body, req, res));
+      return;
+    }
+    if (method === "POST" && url === "/api/sentinel/events/batch") {
+      this.readBody(req, res, (body) => this.handleBatchEvents(body, req, res));
+      return;
+    }
+    this.sendJson(res, 404, { error: "not found" });
+  }
+  readBody(req, res, onBody) {
+    let size = 0;
+    let exceeded = false;
+    const chunks = [];
+    req.on("data", (chunk) => {
+      size += chunk.length;
+      if (size > this.maxBodySize) {
+        if (!exceeded) {
+          exceeded = true;
+          this.sendJson(res, 413, { error: "body too large" });
+          req.destroy();
+        }
+        return;
+      }
+      chunks.push(chunk);
+    });
+    req.on("end", () => {
+      if (exceeded) return;
+      onBody(Buffer.concat(chunks).toString("utf-8"));
+    });
+  }
+  handleSingleEvent(body, req, res) {
+    if (!this.checkAuth(req, res)) return;
+    let event;
+    try {
+      event = JSON.parse(body);
+    } catch {
+      this.sendJson(res, 400, { error: "invalid JSON" });
+      return;
+    }
+    this.normalizeEvent(event);
+    const missing = this.validateEvent(event);
+    if (missing) {
+      this.sendJson(res, 400, { error: `missing required field: ${missing}` });
+      return;
+    }
+    if (!event.agentName) event.agentName = event.agentId;
+    if (!event.agentRole) event.agentRole = "unknown";
+    this.flagUnknownAction(event);
+    this.onEvent?.(event.agentId, event);
+    this.sendJson(res, 200, { status: "accepted" });
+  }
+  handleBatchEvents(body, req, res) {
+    if (!this.checkAuth(req, res)) return;
+    let payload;
+    try {
+      payload = JSON.parse(body);
+    } catch {
+      this.sendJson(res, 400, { error: "invalid JSON" });
+      return;
+    }
+    if (!Array.isArray(payload.events)) {
+      this.sendJson(res, 400, { error: "missing required field: events" });
+      return;
+    }
+    let processed = 0;
+    let skipped = 0;
+    for (const event of payload.events) {
+      this.normalizeEvent(event);
+      const missing = this.validateEvent(event);
+      if (missing) {
+        skipped++;
+      } else {
+        if (!event.agentName) event.agentName = event.agentId;
+        if (!event.agentRole) event.agentRole = "unknown";
+        this.flagUnknownAction(event);
+        this.onEvent?.(event.agentId, event);
+        processed++;
+      }
+    }
+    this.sendJson(res, 200, { status: "accepted", processed, skipped });
+  }
+  checkAuth(req, res) {
+    if (!this.apiKey) return true;
+    const auth = req.headers.authorization;
+    if (!auth || auth !== `Bearer ${this.apiKey}`) {
+      this.sendJson(res, 401, { error: "unauthorized" });
+      return false;
+    }
+    return true;
+  }
+  flagUnknownAction(event) {
+    if (!KNOWN_ACTIONS.has(event.action)) {
+      console.warn(`Sentinel: unknown action type "${event.action}" from agent ${event.agentId}`);
+      if (!event.metadata) {
+        event.metadata = {};
+      }
+      event.metadata._unknownAction = "true";
+    }
+  }
+  /**
+   * v1→v2 normalization (Decision 4): accept legacy `target: string` payloads
+   * and normalize to `targets: string[]` + `primaryTarget` + `schemaVersion: 2`.
+   */
+  normalizeEvent(event) {
+    if (!event.targets && typeof event.target === "string") {
+      event.targets = [event.target];
+      event.primaryTarget = event.target;
+      event.schemaVersion = 2;
+    }
+    if (Array.isArray(event.targets) && !event.primaryTarget) {
+      event.primaryTarget = event.targets[0];
+    }
+    if (!event.schemaVersion) {
+      event.schemaVersion = 2;
+    }
+  }
+  validateEvent(event) {
+    for (const field of REQUIRED_FIELDS) {
+      if (!event[field]) return field;
+    }
+    return null;
+  }
+  sendJson(res, status, data) {
+    res.writeHead(status, { "Content-Type": "application/json" });
+    res.end(JSON.stringify(data));
+  }
+};
+export {
+  WebhookReceiver
+};
+//# sourceMappingURL=webhookReceiver-NAVMQ6N5.js.map

package/package.json

@@ -0,0 +1,61 @@
+{
+  "name": "@tuent/sentinel",
+  "version": "0.1.0",
+  "description": "AI agent behavioral security monitoring SDK",
+  "author": "Tuent LLC",
+  "keywords": [
+    "ai-agent",
+    "claude-code",
+    "runtime-security",
+    "behavioral-monitoring",
+    "anomaly-detection",
+    "audit-trail",
+    "security",
+    "sentinel"
+  ],
+  "license": "Apache-2.0",
+  "type": "module",
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js"
+    },
+    "./gateway": {
+      "types": "./dist/gateway/index.d.ts",
+      "import": "./dist/gateway/index.js"
+    }
+  },
+  "files": [
+    "dist",
+    "!dist/**/*.map",
+    "LICENSE",
+    "README.md"
+  ],
+  "engines": {
+    "node": ">=20"
+  },
+  "bin": {
+    "sentinel": "dist/cli.js"
+  },
+  "publishConfig": {
+    "access": "public"
+  },
+  "scripts": {
+    "build": "tsup && node scripts/scrub-dts.mjs && node scripts/minify-cli.mjs",
+    "prepack": "npm run build",
+    "test": "vitest run"
+  },
+  "dependencies": {
+    "js-yaml": "^4.1.0",
+    "shell-quote": "^1.8.3"
+  },
+  "devDependencies": {
+    "@types/js-yaml": "^4.0.9",
+    "@types/node": "^25.3.2",
+    "@types/shell-quote": "^1.7.5",
+    "tsup": "^8.5.1",
+    "typescript": "^5.7.0"
+  }
+}