@tuent/sentinel 0.1.4 → 0.1.5

package/dist/{Sentinel-DT0IyGQi.d.ts → Sentinel-CJJ4iYDh.d.ts}

@@ -291,8 +291,16 @@ interface SecurityFinding {
      * its dominant real-world cause is a recognized-tool set gone stale after a
      * Claude Code update, not agent misbehavior — counting it would turn every
      * cc update into a restriction ratchet.
-     */
-    type: "scope_violation" | "temporal_anomaly" | "access_pattern" | "volume_spike" | "unauthorized_target" | "role_violation" | "behavioral_absence" | "agent_quarantined" | "agent_restricted" | "intent_drift" | "hook_block" | "bash_analysis" | "workspace_mismatch" | "unknown_tool";
+     *
+     * `enforcement_error` is likewise non-eligible: it records that Sentinel's
+     * OWN enforcement machinery threw an internal error while screening a call
+     * (so the call was decided by posture, not by policy). The cause is a
+     * Sentinel bug or broken config, not agent misbehavior — counting it would
+     * compound a Sentinel-internal failure into an agent lockout. It is HIGH +
+     * actionable so it alerts and demands operator attention, but it never
+     * moves the escalation ladder.
+     */
+    type: "scope_violation" | "temporal_anomaly" | "access_pattern" | "volume_spike" | "unauthorized_target" | "role_violation" | "behavioral_absence" | "agent_quarantined" | "agent_restricted" | "intent_drift" | "hook_block" | "bash_analysis" | "workspace_mismatch" | "unknown_tool" | "enforcement_error";
     agentId: string;
     agentName: string;
     description: string;

package/dist/Sentinel-XP6NFG6Z.js

@@ -0,0 +1,10 @@
+import {
+  Sentinel
+} from "./chunk-7R6EA7JG.js";
+import "./chunk-M5EEVMLU.js";
+import "./chunk-SKE74CYZ.js";
+import "./chunk-NUXSUSYY.js";
+export {
+  Sentinel
+};
+//# sourceMappingURL=Sentinel-XP6NFG6Z.js.map

package/dist/{chunk-HRI2Y326.js → chunk-3WT3K5TH.js}

@@ -15,13 +15,13 @@ import {
   scanGlobPattern,
   tokenizePaths,
   unionWithDefaultForbiddenPatterns
-} from "./chunk-FIEIGBYL.js";
+} from "./chunk-M5EEVMLU.js";
 import {
   DEFAULT_FORBIDDEN_PATTERNS,
   loadPolicy,
   policyToConfig,
   policyToRole
-} from "./chunk-KWZ7JKKO.js";
+} from "./chunk-SKE74CYZ.js";
 
 // src/gateway/workspaceRouter.ts
 import { resolve, dirname, sep } from "path";
@@ -254,7 +254,15 @@ async function resolveWorkspace(cwd, home) {
   let workspaceRole = null;
   const warnings = [];
   if (policyPath) {
-    const policy = await loadPolicy(policyPath);
+    let policy;
+    try {
+      policy = await loadPolicy(policyPath);
+    } catch (err) {
+      return {
+        ok: false,
+        reason: `the workspace's policy file failed to load (${err instanceof Error ? err.message : String(err)}) \u2014 refusing to serve the workspace without its policy`
+      };
+    }
     const policyDir = dirname(resolve(policyPath));
     root = policyDir;
     const repoRoot = policyToConfig(policy).repo?.root;
@@ -1145,6 +1153,8 @@ var SentinelGateway = class {
   releaseToken;
   /** Item D (F-8): disposition for unknown (non-MCP, unrecognized) tool names. */
   unknownTools;
+  /** Posture for an internal wrap() error: allow (fail-open, default) or block. */
+  onInternalError;
   /** Daemon-staleness build identity (content hash of the launched-from entry),
    *  reported via /health. "unknown" when not supplied by the launcher. */
   buildId;
@@ -1163,6 +1173,7 @@ var SentinelGateway = class {
     this.home = options.home ?? "";
     this.releaseToken = options.releaseToken ?? null;
     this.unknownTools = options.unknownTools ?? "warn";
+    this.onInternalError = options.onInternalError ?? "fail-open";
     this.buildId = options.buildId ?? "unknown";
     const internal = options;
     if (internal.registry) {
@@ -1509,7 +1520,37 @@ var SentinelGateway = class {
       this.sendJson(res, 400, { error: "invalid JSON" });
       return;
     }
-    const event = translator.translatePreToolUse(payload);
+    let event;
+    try {
+      event = translator.translatePreToolUse(payload);
+    } catch (err) {
+      console.error("[SENTINEL GATEWAY] translator error (pre-tool-use):", err);
+      const ts = (/* @__PURE__ */ new Date()).toISOString();
+      const finding = {
+        severity: "HIGH",
+        kind: "actionable",
+        type: "enforcement_error",
+        agentId: this.agentId,
+        agentName: this.agentId,
+        description: `Enforcement error \u2014 the ${translator.agentType} translator threw while parsing a pre-tool-use payload: ${err instanceof Error ? err.message : String(err)}. The request was answered with an error (HTTP 500), not an allow.`,
+        evidence: {
+          action: "tool_invocation",
+          target: "(untranslatable pre-tool-use payload)",
+          timestamp: ts,
+          baselineComparison: "enforcement_internal_error"
+        },
+        recommendation: "Investigate the gateway daemon log for the underlying translator exception \u2014 the payload could not be screened.",
+        timestamp: ts,
+        decision: "deny"
+      };
+      try {
+        await this.sentinel.logFinding(this.agentId, finding);
+      } catch (logErr) {
+        console.error("[SENTINEL GATEWAY] failed to persist enforcement_error finding:", logErr);
+      }
+      this.sendJson(res, 500, { error: "translator error" });
+      return;
+    }
     if (!event) {
       this.sendJson(res, 400, { error: "unable to translate payload" });
       return;
@@ -1934,7 +1975,37 @@ var SentinelGateway = class {
       this.sendJson(res, 200, response);
     } catch (err) {
       console.error("[SENTINEL GATEWAY] wrap() error:", err);
-      const response = translator.formatPreToolUseResponse({ blocked: false });
+      const failClosed = this.onInternalError === "fail-closed";
+      const errMessage = err instanceof Error ? err.message : String(err);
+      const finding = {
+        severity: "HIGH",
+        kind: "actionable",
+        type: "enforcement_error",
+        agentId: routingId,
+        agentName: event.agentName,
+        description: `Enforcement error \u2014 sentinel.wrap() threw while screening "${event.action}": ${errMessage}. The call was ${failClosed ? "BLOCKED" : "ALLOWED WITHOUT SCREENING"} (enforcement.onInternalError: ${this.onInternalError}).`,
+        evidence: {
+          action: event.action,
+          target: event.primaryTarget,
+          timestamp: event.timestamp,
+          baselineComparison: "enforcement_internal_error"
+        },
+        recommendation: `Investigate the gateway daemon log for the underlying exception \u2014 Sentinel's own enforcement failed, so this call was decided by posture, not policy. Set enforcement.onInternalError: "fail-closed" to block instead of allow while the cause is open.`,
+        timestamp: event.timestamp,
+        decision: failClosed ? "deny" : "allow"
+      };
+      try {
+        await this.sentinel.logFinding(routingId, finding);
+      } catch (logErr) {
+        console.error("[SENTINEL GATEWAY] failed to persist enforcement_error finding:", logErr);
+      }
+      this.telemetry.recordToolCall(
+        event.action,
+        "pre",
+        failClosed ? "blocked" : "allowed",
+        Date.now() - start
+      );
+      const response = failClosed ? translator.formatPreToolUseResponse({ blocked: true, finding }) : translator.formatPreToolUseResponse({ blocked: false });
       this.sendJson(res, 200, response);
     }
   }
@@ -2103,11 +2174,11 @@ async function runGatewayDaemon({
   port = DEFAULT_PORT,
   buildId
 }) {
-  const { Sentinel: SentinelClass } = await import("./Sentinel-4QKPFHTI.js");
+  const { Sentinel: SentinelClass } = await import("./Sentinel-XP6NFG6Z.js");
   const { writePidFile, writeReleaseToken } = await import("./pidManager-DOGVN6ZT.js");
   const { homedir } = await import("os");
   const { randomBytes } = await import("crypto");
-  const { loadPolicy: loadPolicy2, policyToRole: policyToRole2, policyToConfig: policyToConfig2 } = await import("./policyLoader-XX6BQXNB.js");
+  const { loadPolicy: loadPolicy2, policyToRole: policyToRole2, policyToConfig: policyToConfig2 } = await import("./policyLoader-NUPBBRKH.js");
   const sentinel = await SentinelClass.fromPolicy(policyPath);
   const baseline = await sentinel.computeBaseline("claude-code");
   sentinel.setBaseline("claude-code", baseline);
@@ -2126,6 +2197,7 @@ async function runGatewayDaemon({
     releaseToken,
     unknownTools: operatorConfig.enforcement?.unknownTools,
     allowUnknownTools: operatorConfig.enforcement?.allowUnknownTools,
+    onInternalError: operatorConfig.enforcement?.onInternalError,
     buildId,
     // The operator policy's custom forbid targets must reach the gateway's own
     // bash-L1/Grep layers (defaults-as-floor union, same chokepoint as role
@@ -2143,4 +2215,4 @@ export {
   SentinelGateway,
   runGatewayDaemon
 };
-//# sourceMappingURL=chunk-HRI2Y326.js.map
+//# sourceMappingURL=chunk-3WT3K5TH.js.map

package/dist/{chunk-I2FVDDSG.js → chunk-7R6EA7JG.js}

@@ -16,7 +16,7 @@ import {
   saveOverlay,
   unionWithDefaultForbiddenPatterns,
   walkForbiddenInodeRoots
-} from "./chunk-FIEIGBYL.js";
+} from "./chunk-M5EEVMLU.js";
 import {
   DEFAULT_MEDIUM_DISPOSITION,
   DEFAULT_QUARANTINE_AFTER,
@@ -25,7 +25,7 @@ import {
   policyToConfig,
   policyToRole,
   withPolicyReadExceptions
-} from "./chunk-KWZ7JKKO.js";
+} from "./chunk-SKE74CYZ.js";
 import {
   publicKeyToBase64,
   reconstructSigningPayload,
@@ -7618,4 +7618,4 @@ export {
   createCliApproval,
   Sentinel
 };
-//# sourceMappingURL=chunk-I2FVDDSG.js.map
+//# sourceMappingURL=chunk-7R6EA7JG.js.map

package/dist/{chunk-FIEIGBYL.js → chunk-M5EEVMLU.js}

@@ -4,7 +4,7 @@ import {
   DEFAULT_NETWORK_DENYLIST_CIDRS,
   checkSaneNumber,
   suggestKey
-} from "./chunk-KWZ7JKKO.js";
+} from "./chunk-SKE74CYZ.js";
 
 // src/repoSensitivityOverlay.ts
 import * as fs from "fs/promises";
@@ -1933,4 +1933,4 @@ export {
   findMatchingException,
   RoleValidator
 };
-//# sourceMappingURL=chunk-FIEIGBYL.js.map
+//# sourceMappingURL=chunk-M5EEVMLU.js.map

package/dist/{chunk-KWZ7JKKO.js → chunk-SKE74CYZ.js}

@@ -343,7 +343,8 @@ function validatePolicy(data) {
       "promote",
       "baselineMaturity",
       "unknownTools",
-      "allowUnknownTools"
+      "allowUnknownTools",
+      "onInternalError"
     ]);
     if (enforcement.restrictAfter !== void 0) {
       requireSaneNumber("enforcement.restrictAfter", enforcement.restrictAfter, {
@@ -399,6 +400,11 @@ function validatePolicy(data) {
         fail("enforcement.allowUnknownTools must be an array of tool name strings");
       }
     }
+    if (enforcement.onInternalError !== void 0) {
+      if (enforcement.onInternalError !== "fail-open" && enforcement.onInternalError !== "fail-closed") {
+        fail('enforcement.onInternalError must be "fail-open" or "fail-closed"');
+      }
+    }
     if (enforcement.baselineMaturity !== void 0) {
       if (typeof enforcement.baselineMaturity !== "object" || enforcement.baselineMaturity === null) {
         fail("enforcement.baselineMaturity must be an object");
@@ -566,7 +572,7 @@ function policyToRole(policy) {
 function policyToConfig(policy) {
   const config = {};
   if (policy.enforcement) {
-    if (policy.enforcement.restrictAfter !== void 0 || policy.enforcement.quarantineAfter !== void 0 || policy.enforcement.promote !== void 0 || policy.enforcement.baselineMaturity !== void 0 || policy.enforcement.unknownTools !== void 0 || policy.enforcement.allowUnknownTools !== void 0) {
+    if (policy.enforcement.restrictAfter !== void 0 || policy.enforcement.quarantineAfter !== void 0 || policy.enforcement.promote !== void 0 || policy.enforcement.baselineMaturity !== void 0 || policy.enforcement.unknownTools !== void 0 || policy.enforcement.allowUnknownTools !== void 0 || policy.enforcement.onInternalError !== void 0) {
       config.enforcement = {};
       if (policy.enforcement.restrictAfter !== void 0) {
         config.enforcement.restrictAfter = policy.enforcement.restrictAfter;
@@ -586,6 +592,9 @@ function policyToConfig(policy) {
       if (policy.enforcement.allowUnknownTools !== void 0) {
         config.enforcement.allowUnknownTools = policy.enforcement.allowUnknownTools;
       }
+      if (policy.enforcement.onInternalError !== void 0) {
+        config.enforcement.onInternalError = policy.enforcement.onInternalError;
+      }
     }
   }
   if (policy.alerts) {
@@ -635,4 +644,4 @@ export {
   policyToRole,
   policyToConfig
 };
-//# sourceMappingURL=chunk-KWZ7JKKO.js.map
+//# sourceMappingURL=chunk-SKE74CYZ.js.map

package/dist/{chunk-LTBVWF5H.js → chunk-UVNRPML4.js}

@@ -7,11 +7,11 @@ import {
 } from "./chunk-B6S2PBS4.js";
 import {
   FORBIDDEN_BASENAMES
-} from "./chunk-FIEIGBYL.js";
+} from "./chunk-M5EEVMLU.js";
 import {
   loadPolicy,
   loadPolicyFromString
-} from "./chunk-KWZ7JKKO.js";
+} from "./chunk-SKE74CYZ.js";
 
 // src/setup/initClaudeCode.ts
 import { access, writeFile as writeFile2, mkdir as mkdir2 } from "fs/promises";
@@ -768,4 +768,4 @@ export {
   computeBuildId,
   runSessionStart
 };
-//# sourceMappingURL=chunk-LTBVWF5H.js.map
+//# sourceMappingURL=chunk-UVNRPML4.js.map

package/dist/cli.js

@@ -1,5 +1,5 @@
 #!/usr/bin/env node
-import"./chunk-TKAKHSZ3.js";import{AgentProfileManager as B,AlertManager as me,AuditTrail as b,BaselineBuilder as x,CorrelationDetector as he,DeviationDetector as _,FileStorageBackend as ye,ProfileStore as we,ReportGenerator as ve,Sentinel as E,SentinelRunner as $e,generateFleetReport as Ae}from"./chunk-I2FVDDSG.js";import{runInitClaudeCode as be}from"./chunk-LTBVWF5H.js";import{readReleaseToken as Ie}from"./chunk-LATQNIRW.js";import{deriveAgentId as Se}from"./chunk-B5QKJHSV.js";import"./chunk-B6S2PBS4.js";import"./chunk-FIEIGBYL.js";import{checkSaneNumber as P,loadPolicy as De,suggestKey as Te}from"./chunk-KWZ7JKKO.js";import{getOrCreateKeyPair as R}from"./chunk-NUXSUSYY.js";import{join as g}from"path";import{homedir as h}from"os";import{readFile as N,writeFile as C,access as G,mkdir as U}from"fs/promises";function ke(t){const o=new Date(t);if(isNaN(o.getTime()))return"unknown";const e=Date.now()-o.getTime();if(e<0)return"just now";const s=Math.floor(e/6e4);if(s<1)return"just now";if(s<60)return`${s} minute${s===1?"":"s"} ago`;const i=Math.floor(s/60);if(i<24)return`${i} hour${i===1?"":"s"} ago`;const a=Math.floor(i/24);if(a<14)return`${a} day${a===1?"":"s"} ago`;const d=Math.floor(a/7);if(a<60)return`${d} week${d===1?"":"s"} ago`;if(a>=365)return"over a year ago";const c=Math.floor(a/30);return`${c} month${c===1?"":"s"} ago`}function Ee(t,o){const n=new Date(o),e=isNaN(n.getTime())?1/0:Math.floor((Date.now()-n.getTime())/864e5);return t<.3||e>30?"declining":t>.7&&e<7?"rising":"stable"}function Ce(t){return t<.3?"inner":t<.65?"middle":"outer"}function J(t){if(t.length===0)return"No petals selected.";const o=new Map;for(const e of t)o.set(e.id,e.label);const n=[`Selected petals (${t.length}):
+import"./chunk-TKAKHSZ3.js";import{AgentProfileManager as B,AlertManager as me,AuditTrail as b,BaselineBuilder as x,CorrelationDetector as he,DeviationDetector as _,FileStorageBackend as ye,ProfileStore as we,ReportGenerator as ve,Sentinel as E,SentinelRunner as $e,generateFleetReport as Ae}from"./chunk-7R6EA7JG.js";import{runInitClaudeCode as be}from"./chunk-UVNRPML4.js";import{readReleaseToken as Ie}from"./chunk-LATQNIRW.js";import{deriveAgentId as Se}from"./chunk-B5QKJHSV.js";import"./chunk-B6S2PBS4.js";import"./chunk-M5EEVMLU.js";import{checkSaneNumber as P,loadPolicy as De,suggestKey as Te}from"./chunk-SKE74CYZ.js";import{getOrCreateKeyPair as R}from"./chunk-NUXSUSYY.js";import{join as g}from"path";import{homedir as h}from"os";import{readFile as N,writeFile as C,access as G,mkdir as U}from"fs/promises";function ke(t){const o=new Date(t);if(isNaN(o.getTime()))return"unknown";const e=Date.now()-o.getTime();if(e<0)return"just now";const s=Math.floor(e/6e4);if(s<1)return"just now";if(s<60)return`${s} minute${s===1?"":"s"} ago`;const i=Math.floor(s/60);if(i<24)return`${i} hour${i===1?"":"s"} ago`;const a=Math.floor(i/24);if(a<14)return`${a} day${a===1?"":"s"} ago`;const d=Math.floor(a/7);if(a<60)return`${d} week${d===1?"":"s"} ago`;if(a>=365)return"over a year ago";const c=Math.floor(a/30);return`${c} month${c===1?"":"s"} ago`}function Ee(t,o){const n=new Date(o),e=isNaN(n.getTime())?1/0:Math.floor((Date.now()-n.getTime())/864e5);return t<.3||e>30?"declining":t>.7&&e<7?"rising":"stable"}function Ce(t){return t<.3?"inner":t<.65?"middle":"outer"}function J(t){if(t.length===0)return"No petals selected.";const o=new Map;for(const e of t)o.set(e.id,e.label);const n=[`Selected petals (${t.length}):
 `];for(const e of t){const s=Ce(e.layer),i=e.isRichData?"":" [filler]";n.push(`- ${e.label}${i}`),n.push(`  Category: ${e.category}`),n.push(`  Layer zone: ${s} (${(e.layer*100).toFixed(0)}%)`),n.push(`  Openness: ${(e.openness*100).toFixed(0)}%`),n.push(`  Description: ${e.description}`),n.push(`  Last active: ${e.lastActive}`);const a=ke(e.lastActive),d=e.weight!=null?Ee(e.weight,e.lastActive):"stable";if(n.push(`  Temporal: Last active ${a} | Weight trend: ${d}`),e.source){const c={seed:"seed data",agent:"observed from activity",manual:"filesystem scan",diary:"personal diary entry",conversation:"created from conversation","agent-monitor":"monitored agent activity"};n.push(`  Source: ${c[e.source]??e.source}`)}if(e.weight!=null&&n.push(`  Weight: ${e.weight.toFixed(2)}`),e.connections.length>0){const c=e.connections.map(r=>o.get(r)??je(r));n.push(`  Connections: ${c.join(", ")}`)}if(e.files&&e.files.length>0){const c=e.files.slice(0,10).map(r=>r.split("/").pop()??r);n.push(`  Key files: ${c.join(", ")}`)}if(e.fileContents&&e.fileContents.length>0){n.push("  File contents:");for(const c of e.fileContents)n.push(`  --- ${c.name} ---`),n.push(c.content.split(`
 `).map(r=>`  ${r}`).join(`
 `))}n.push("")}return n.join(`

package/dist/gateway/index.d.ts

@@ -1,4 +1,4 @@
-import { v as Sentinel, e as AgentRole, S as SecurityFinding } from '../Sentinel-DT0IyGQi.js';
+import { v as Sentinel, e as AgentRole, S as SecurityFinding } from '../Sentinel-CJJ4iYDh.js';
 import 'node:crypto';
 
 /**
@@ -75,6 +75,20 @@ interface SentinelGatewayOptions {
      * Operator-only, same channel as unknownTools.
      */
     allowUnknownTools?: string[];
+    /**
+     * Posture when the core enforcement call (sentinel.wrap()) throws an
+     * INTERNAL error during pre-tool-use screening. This is distinct from the
+     * hook script's tiered fail-closed, which only covers an UNREACHABLE
+     * gateway — here the gateway is reachable and must decide what a clean
+     * response says about an unscreened call. "fail-open" (default) allows it,
+     * preserving the pre-knob availability-over-security behavior; "fail-closed"
+     * is the hardened opt-in that blocks it. Either way an enforcement_error
+     * finding is persisted to the audit trail — observability is unconditional,
+     * only the allow/block decision is configurable. Operator-only, same
+     * channel as unknownTools (enforcement.onInternalError in the launch
+     * --policy yaml).
+     */
+    onInternalError?: "fail-open" | "fail-closed";
     /**
      * Build identity reported via /health (daemon-staleness fix). Content hash of
      * the daemon entry file this process was launched from; session-start compares
@@ -97,6 +111,8 @@ declare class SentinelGateway {
     private readonly releaseToken;
     /** Item D (F-8): disposition for unknown (non-MCP, unrecognized) tool names. */
     private readonly unknownTools;
+    /** Posture for an internal wrap() error: allow (fail-open, default) or block. */
+    private readonly onInternalError;
     /** Daemon-staleness build identity (content hash of the launched-from entry),
      *  reported via /health. "unknown" when not supplied by the launcher. */
     private readonly buildId;

package/dist/gateway/index.js

@@ -1,10 +1,10 @@
 import {
   SentinelGateway
-} from "../chunk-HRI2Y326.js";
+} from "../chunk-3WT3K5TH.js";
 import "../chunk-B5QKJHSV.js";
 import "../chunk-B6S2PBS4.js";
-import "../chunk-FIEIGBYL.js";
-import "../chunk-KWZ7JKKO.js";
+import "../chunk-M5EEVMLU.js";
+import "../chunk-SKE74CYZ.js";
 export {
   SentinelGateway
 };

package/dist/gatewayDaemon.js

@@ -1,16 +1,16 @@
 #!/usr/bin/env node
 import {
   runGatewayDaemon
-} from "./chunk-HRI2Y326.js";
+} from "./chunk-3WT3K5TH.js";
 import {
   computeBuildId,
   runSessionStart
-} from "./chunk-LTBVWF5H.js";
+} from "./chunk-UVNRPML4.js";
 import "./chunk-LATQNIRW.js";
 import "./chunk-B5QKJHSV.js";
 import "./chunk-B6S2PBS4.js";
-import "./chunk-FIEIGBYL.js";
-import "./chunk-KWZ7JKKO.js";
+import "./chunk-M5EEVMLU.js";
+import "./chunk-SKE74CYZ.js";
 
 // src/gatewayDaemon.ts
 import { fileURLToPath } from "url";

package/dist/index.d.ts

@@ -1,5 +1,5 @@
-import { A as AgentActivityEvent, S as SecurityFinding } from './Sentinel-DT0IyGQi.js';
-export { a as AcceptableAction, b as AdapterConfig, c as AgentBaseline, d as AgentMode, e as AgentRole, f as AlertChannel, g as AlertConfig, h as AllowResponse, i as AuditEntry, j as AuditQueryOptions, B as BlockResponse, C as CorrelationFinding, E as ExceptionApprovalContext, k as ExceptionApprovalFn, G as GuideResponse, H as HookCheckpoint, l as HookContext, m as HookHandler, n as HookRegistration, o as HookResponse, I as IntentAlignmentConfig, p as IntentAlignmentResult, M as ModifiableEventFields, q as MonitorOptions, O as OverlayDecisionType, R as RepoSensitivityMap, r as ReportOptions, s as RoleException, t as SecuritySeverity, u as SensitivityOverlay, v as Sentinel, w as SentinelConfig, T as TaskIntent } from './Sentinel-DT0IyGQi.js';
+import { A as AgentActivityEvent, S as SecurityFinding } from './Sentinel-CJJ4iYDh.js';
+export { a as AcceptableAction, b as AdapterConfig, c as AgentBaseline, d as AgentMode, e as AgentRole, f as AlertChannel, g as AlertConfig, h as AllowResponse, i as AuditEntry, j as AuditQueryOptions, B as BlockResponse, C as CorrelationFinding, E as ExceptionApprovalContext, k as ExceptionApprovalFn, G as GuideResponse, H as HookCheckpoint, l as HookContext, m as HookHandler, n as HookRegistration, o as HookResponse, I as IntentAlignmentConfig, p as IntentAlignmentResult, M as ModifiableEventFields, q as MonitorOptions, O as OverlayDecisionType, R as RepoSensitivityMap, r as ReportOptions, s as RoleException, t as SecuritySeverity, u as SensitivityOverlay, v as Sentinel, w as SentinelConfig, T as TaskIntent } from './Sentinel-CJJ4iYDh.js';
 import 'node:crypto';
 
 interface SentinelPolicy {
@@ -60,6 +60,16 @@ interface SentinelPolicy {
         unknownTools?: "deny" | "warn";
         /** Item D escape hatch: native-shaped names to treat as known. */
         allowUnknownTools?: string[];
+        /**
+         * Posture when the gateway's core enforcement call (sentinel.wrap())
+         * throws an INTERNAL error during pre-tool-use screening. "fail-open"
+         * (default) allows the unscreened call — availability over security,
+         * today's behavior; "fail-closed" is the hardened opt-in that blocks it.
+         * Either way the gateway persists an enforcement_error finding — only
+         * the allow/block decision is configurable, never the observability.
+         * Operator launch policy only — the gateway reads it once at start.
+         */
+        onInternalError?: "fail-open" | "fail-closed";
     };
     alerts?: {
         channels: (string | {

package/dist/index.js

@@ -2,20 +2,20 @@ import "./chunk-TKAKHSZ3.js";
 import {
   Sentinel,
   createCliApproval
-} from "./chunk-I2FVDDSG.js";
+} from "./chunk-7R6EA7JG.js";
 import {
   runInitClaudeCode,
   runSessionStart
-} from "./chunk-LTBVWF5H.js";
+} from "./chunk-UVNRPML4.js";
 import "./chunk-LATQNIRW.js";
 import {
   discoverPolicy
 } from "./chunk-B6S2PBS4.js";
-import "./chunk-FIEIGBYL.js";
+import "./chunk-M5EEVMLU.js";
 import {
   loadPolicy,
   loadPolicyFromString
-} from "./chunk-KWZ7JKKO.js";
+} from "./chunk-SKE74CYZ.js";
 import "./chunk-NUXSUSYY.js";
 export {
   Sentinel,

package/dist/{policyLoader-XX6BQXNB.js → policyLoader-NUPBBRKH.js}

@@ -6,7 +6,7 @@ import {
   policyToConfig,
   policyToRole,
   suggestKey
-} from "./chunk-KWZ7JKKO.js";
+} from "./chunk-SKE74CYZ.js";
 export {
   LOCKED_ACTIONABLE_TYPES,
   checkSaneNumber,
@@ -16,4 +16,4 @@ export {
   policyToRole,
   suggestKey
 };
-//# sourceMappingURL=policyLoader-XX6BQXNB.js.map
+//# sourceMappingURL=policyLoader-NUPBBRKH.js.map

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@tuent/sentinel",
-  "version": "0.1.4",
+  "version": "0.1.5",
   "description": "AI agent behavioral security monitoring SDK",
   "author": "Tuent LLC",
   "keywords": [

package/dist/Sentinel-4QKPFHTI.js

@@ -1,10 +0,0 @@
-import {
-  Sentinel
-} from "./chunk-I2FVDDSG.js";
-import "./chunk-FIEIGBYL.js";
-import "./chunk-KWZ7JKKO.js";
-import "./chunk-NUXSUSYY.js";
-export {
-  Sentinel
-};
-//# sourceMappingURL=Sentinel-4QKPFHTI.js.map