@wardnmesh/sdk-node 0.2.1

package/dist/middleware/express.js

@@ -0,0 +1,54 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createExpressMiddleware = createExpressMiddleware;
+const logger_1 = require("../utils/logger");
+function createExpressMiddleware(guard, config) {
+    return async (req, res, next) => {
+        try {
+            let wardnRequest;
+            if (config?.extractRequest) {
+                wardnRequest = await config.extractRequest(req);
+            }
+            else {
+                // Default extraction logic: assumes standard JSON body
+                if (!req.body) {
+                    logger_1.logger.warn("req.body is undefined. Ensure express.json() middleware is used before Wardn.");
+                }
+                const sessionIdHeader = req.headers?.["x-session-id"];
+                wardnRequest = {
+                    sessionId: (typeof sessionIdHeader === "string" ? sessionIdHeader : undefined) ||
+                        req.body?.sessionId,
+                    prompt: (req.body?.prompt || req.body?.message),
+                    messages: req.body?.messages,
+                    toolName: req.body?.tool,
+                    parameters: (req.body?.parameters || req.body?.args),
+                };
+            }
+            // If nothing to scan, skip
+            if (!wardnRequest.prompt && !wardnRequest.toolName) {
+                return next();
+            }
+            const result = await guard.scan(wardnRequest);
+            if (!result.allowed) {
+                if (config?.onBlock) {
+                    return config.onBlock(req, res, result);
+                }
+                return res.status(403).json({
+                    error: "Wardn Blocked Request",
+                    code: "WARDN_BLOCK",
+                    violations: result.violations,
+                });
+            }
+            // Attach result to request for downstream use
+            req.wardnResult = result;
+            next();
+        }
+        catch (error) {
+            logger_1.logger.error("Middleware Error:", error);
+            // Fail open or closed? Defaulting to Fail Open to not break app on internal error,
+            // but typically security should Fail Closed.
+            // For now, logging and continuing.
+            next();
+        }
+    };
+}

package/dist/middleware/nextjs.d.ts

@@ -0,0 +1,3 @@
+import { NextRequest, NextResponse } from "next/server";
+import { WardnConfig } from "../types";
+export declare function createNextMiddleware(config: WardnConfig): (req: NextRequest) => Promise<NextResponse<unknown>>;

package/dist/middleware/nextjs.js

@@ -0,0 +1,40 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createNextMiddleware = createNextMiddleware;
+const wardn_1 = require("../wardn");
+const server_1 = require("next/server");
+function createNextMiddleware(config) {
+    // Initialize the singleton if not already initialized
+    try {
+        wardn_1.Wardn.getInstance();
+    }
+    catch {
+        wardn_1.Wardn.init(config);
+    }
+    const guard = wardn_1.Wardn.getInstance();
+    return async function middleware(req) {
+        // Clone the request to read body without consuming the stream
+        const clone = req.clone();
+        const body = await clone.json().catch(() => ({}));
+        // Extract prompt from common locations
+        const prompt = body.prompt ||
+            body.messages?.[body.messages.length - 1]?.content ||
+            JSON.stringify(body);
+        const result = await guard.scan({
+            prompt,
+            metadata: {
+                path: req.nextUrl.pathname,
+                method: req.method,
+                ip: req.ip || req.headers.get("x-forwarded-for") || "unknown",
+            },
+        });
+        if (!result.allowed) {
+            return server_1.NextResponse.json({
+                error: "Request blocked by Wardn Security Policy",
+                code: "WARDN_BLOCK",
+                violations: result.violations,
+            }, { status: 403 });
+        }
+        return server_1.NextResponse.next();
+    };
+}

package/dist/state/session-manager.d.ts

@@ -0,0 +1,13 @@
+export interface SessionStateProvider {
+    getState(sessionId: string): Promise<Record<string, unknown>>;
+    setState(sessionId: string, state: Record<string, unknown>): Promise<void>;
+    updateState(sessionId: string, updates: Record<string, unknown>): Promise<void>;
+    clearState(sessionId: string): Promise<void>;
+}
+export declare class InMemorySessionStateProvider implements SessionStateProvider {
+    private store;
+    getState(sessionId: string): Promise<Record<string, unknown>>;
+    setState(sessionId: string, state: Record<string, unknown>): Promise<void>;
+    updateState(sessionId: string, updates: Record<string, unknown>): Promise<void>;
+    clearState(sessionId: string): Promise<void>;
+}

package/dist/state/session-manager.js

@@ -0,0 +1,22 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.InMemorySessionStateProvider = void 0;
+class InMemorySessionStateProvider {
+    constructor() {
+        this.store = new Map();
+    }
+    async getState(sessionId) {
+        return this.store.get(sessionId) || {};
+    }
+    async setState(sessionId, state) {
+        this.store.set(sessionId, state);
+    }
+    async updateState(sessionId, updates) {
+        const current = await this.getState(sessionId);
+        this.store.set(sessionId, { ...current, ...updates });
+    }
+    async clearState(sessionId) {
+        this.store.delete(sessionId);
+    }
+}
+exports.InMemorySessionStateProvider = InMemorySessionStateProvider;

package/dist/telemetry/reporter.d.ts

@@ -0,0 +1,32 @@
+export interface TelemetryEvent {
+    eventType: "scan_complete" | "violation_detected" | "error" | "agent_started" | "agent_shutdown" | "rules_updated";
+    timestamp: string;
+    data: Record<string, unknown>;
+    metadata?: Record<string, unknown>;
+}
+export interface TelemetryReporter {
+    emit(event: TelemetryEvent): void | Promise<void>;
+    flush(): Promise<void>;
+    stop?(): void;
+}
+export declare class ConsoleReporter implements TelemetryReporter {
+    emit(event: TelemetryEvent): void;
+    flush(): Promise<void>;
+}
+export declare class WardnReporter implements TelemetryReporter {
+    private buffer;
+    private endpoint;
+    private apiKey;
+    private batchSize;
+    private flushInterval;
+    private timer;
+    private serviceName;
+    constructor(endpoint: string, apiKey: string, serviceName?: string);
+    emit(event: TelemetryEvent): void;
+    private startAutoFlush;
+    flush(): Promise<void>;
+    /**
+     * Stop the auto-flush timer. Call this on shutdown.
+     */
+    stop(): void;
+}

package/dist/telemetry/reporter.js

@@ -0,0 +1,86 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.WardnReporter = exports.ConsoleReporter = void 0;
+const logger_1 = require("../utils/logger");
+class ConsoleReporter {
+    emit(event) {
+        if (event.eventType === "violation_detected") {
+            logger_1.logger.warn("Violation Detected:", event.data);
+        }
+        else if (event.eventType === "error") {
+            logger_1.logger.error("Error:", event.data);
+        }
+        // debug logging for scan_complete?
+    }
+    async flush() {
+        // No-op for console
+    }
+}
+exports.ConsoleReporter = ConsoleReporter;
+class WardnReporter {
+    constructor(endpoint, apiKey, serviceName = "unknown_service") {
+        this.buffer = [];
+        this.batchSize = 10;
+        this.flushInterval = 5000;
+        this.timer = null;
+        this.endpoint = endpoint;
+        this.apiKey = apiKey;
+        this.serviceName = serviceName;
+        this.startAutoFlush();
+    }
+    emit(event) {
+        // Add service metadata
+        event.metadata = { ...event.metadata, service: this.serviceName };
+        this.buffer.push(event);
+        if (this.buffer.length >= this.batchSize) {
+            this.flush();
+        }
+    }
+    startAutoFlush() {
+        this.timer = setInterval(() => this.flush(), this.flushInterval);
+        // Unref to not hold process open
+        this.timer.unref();
+    }
+    async flush() {
+        if (this.buffer.length === 0)
+            return;
+        const batch = [...this.buffer];
+        this.buffer = [];
+        try {
+            // Mock HTTP call for now if no endpoint, or real fetch
+            if (!this.endpoint.startsWith("http")) {
+                // Mock flush
+                return;
+            }
+            const apiUrl = this.endpoint.endsWith("/")
+                ? this.endpoint.slice(0, -1)
+                : this.endpoint;
+            await fetch(`${apiUrl}/api/telemetry/batch`, {
+                method: "POST",
+                headers: {
+                    "Content-Type": "application/json",
+                    Authorization: `Bearer ${this.apiKey}`,
+                },
+                body: JSON.stringify({ events: batch }),
+            });
+        }
+        catch (error) {
+            logger_1.logger.error("Failed to flush telemetry:", error);
+            // Retry logic? For now, drop to avoid memory leak or infinitely growing buffer
+        }
+    }
+    /**
+     * Stop the auto-flush timer. Call this on shutdown.
+     */
+    stop() {
+        if (this.timer) {
+            clearInterval(this.timer);
+            this.timer = null;
+        }
+        // Final flush attempt
+        this.flush().catch(() => {
+            // Ignore errors on final flush
+        });
+    }
+}
+exports.WardnReporter = WardnReporter;

package/dist/types.d.ts

@@ -0,0 +1,206 @@
+/**
+ * Rule Schema - Core type definitions for WardnMesh rules
+ */
+export type RuleCategory = "workflow" | "quality" | "safety" | "network_boundary" | "supply_chain";
+export type Severity = "critical" | "major" | "minor";
+export type DetectorType = "sequence" | "state" | "pattern" | "content_analysis" | "semantic";
+export type EscalationLevel = "none" | "warning" | "critical" | "block";
+export interface SequenceDetectorConfig {
+    lookback: number;
+    pattern: SequencePattern[];
+    advancedChecks?: {
+        multipleEditsThreshold?: number;
+        requireSuccessfulRead?: boolean;
+    };
+}
+export interface SequencePattern {
+    tool: string;
+    extractPath: string;
+    storeAs?: string;
+    mustMatch?: string;
+    maxTimeSinceMatch?: number;
+    requireSuccess?: boolean;
+    matchesPattern?: string;
+}
+export interface StateDetectorConfig {
+    requiredState: string;
+    targetStateValue: unknown;
+    trigger: {
+        tool: string;
+        parameterMatch?: {
+            key: string;
+            valuePattern: string;
+        };
+    };
+    stateDerivation?: {
+        fromTool: string;
+        setState: string;
+        setValue: unknown;
+        validityDurationMs?: number;
+    };
+}
+export interface StateCondition {
+    eventType: "scan_complete" | "violation_detected" | "error" | "agent_started";
+    value?: unknown;
+    predicate?: (state: Record<string, unknown>) => boolean;
+}
+export interface PatternDetectorConfig {
+    targetTool: string;
+    targetParameter: string;
+    patterns: {
+        name: string;
+        regex: string;
+        description: string;
+    }[];
+    exceptions?: string[];
+    patternType?: "excessive_usage" | "slow_execution" | "high_failure_rate";
+    threshold?: number;
+    timeWindow?: number;
+}
+export interface ContentAnalysisDetectorConfig {
+    suspiciousPatterns?: RegExp[];
+    validPatterns?: RegExp[];
+    logic: "suspicious_without_valid" | "contains_suspicious" | "missing_valid";
+    minMatches?: number;
+}
+export interface SemanticDetectorConfig {
+    type: "semantic";
+    embeddingMatch?: string;
+    threshold?: number;
+}
+export type DetectorConfig = SequenceDetectorConfig | StateDetectorConfig | PatternDetectorConfig | ContentAnalysisDetectorConfig | SemanticDetectorConfig;
+export type EscalationConfig = Record<number, EscalationLevel>;
+export interface AutofixConfig {
+    enabled: boolean;
+    agent: string;
+    strategy: string;
+    params?: Record<string, unknown>;
+}
+export interface Rule {
+    id: string;
+    name: string;
+    category: RuleCategory;
+    severity: Severity;
+    description: string;
+    detector: {
+        type: DetectorType;
+        config: DetectorConfig;
+    };
+    escalation: EscalationConfig;
+    autofix?: AutofixConfig;
+}
+export interface ToolData {
+    toolName: string;
+    parameters: Record<string, unknown>;
+    result: ToolResult;
+    duration: number;
+    timestamp: string;
+}
+export interface ToolResult {
+    success: boolean;
+    output?: string;
+    error?: string;
+    [key: string]: unknown;
+}
+export interface Violation {
+    id: string;
+    ruleId: string;
+    ruleName: string;
+    severity: Severity;
+    description: string;
+    context: ViolationContext;
+    timestamp: string;
+}
+export interface ViolationContext {
+    toolName: string;
+    toolData: ToolData;
+    filePath?: string;
+    additionalInfo?: Record<string, unknown>;
+}
+export interface ViolationRecord {
+    ruleId: string;
+    count: number;
+    firstViolation: string;
+    lastViolation: string;
+    history: ViolationEvent[];
+    escalationLevel: EscalationLevel;
+}
+export interface ViolationEvent {
+    violation: Violation;
+    timestamp: string;
+    action: "detected" | "warned" | "critical" | "blocked";
+}
+export interface SessionState {
+    startTime: string;
+    toolCalls: ToolData[];
+    recentTools: ToolData[];
+    detectedViolations: Violation[];
+    currentFile?: string;
+    customState: Record<string, unknown>;
+}
+/**
+ * Interface for State Provider
+ */
+export interface StateProvider {
+    getRecentTools(count?: number): ToolData[];
+    setCustomState(key: string, value: unknown): void;
+    getCustomState(key: string): unknown;
+}
+export interface Detector {
+    detect(toolData: ToolData, rule: Rule, sessionState: StateProvider): Violation | null;
+    getType?(): DetectorType | string;
+}
+export declare enum RiskLevel {
+    NONE = "none",
+    WARNING = "warning",
+    CRITICAL = "critical",
+    BLOCK = "block"
+}
+export interface WardnConfig {
+    rules: Rule[];
+    enabled?: boolean;
+    /**
+     * Maximum number of recent tool calls to keep in session state.
+     * Defaults to 50.
+     */
+    maxHistorySize?: number;
+    telemetry?: {
+        enabled?: boolean;
+        serviceName?: string;
+    };
+    /**
+     * URL to poll for rule updates (e.g., "http://localhost:3000/api/rules").
+     * If provided, the SDK will periodically fetch rules from this endpoint.
+     */
+    remoteRulesUrl?: string;
+    /**
+     * API Key for WardnMesh Cloud (optional if WARDN_API_KEY env var is set)
+     */
+    apiKey?: string;
+    /**
+     * Polling interval in milliseconds. Defaults to 60000 (1 minute).
+     */
+    pollingIntervalMs?: number;
+    /**
+     * Behavior when scan encounters an error.
+     * - 'open': Allow request through on error (default, fail-open)
+     * - 'closed': Block request on error (fail-closed, more secure)
+     */
+    failMode?: "open" | "closed";
+}
+export interface WardnRequest {
+    sessionId?: string;
+    toolName?: string;
+    parameters?: Record<string, unknown>;
+    prompt?: string;
+    messages?: unknown[];
+    context?: Record<string, unknown>;
+    metadata?: Record<string, unknown>;
+}
+export interface ScanResult {
+    allowed: boolean;
+    violations: Violation[];
+    latencyMs: number;
+    metadata: Record<string, unknown>;
+}
+export type PatternConfig = PatternDetectorConfig;

package/dist/types.js

@@ -0,0 +1,14 @@
+"use strict";
+/**
+ * Rule Schema - Core type definitions for WardnMesh rules
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.RiskLevel = void 0;
+// --- Public SDK API Types ---
+var RiskLevel;
+(function (RiskLevel) {
+    RiskLevel["NONE"] = "none";
+    RiskLevel["WARNING"] = "warning";
+    RiskLevel["CRITICAL"] = "critical";
+    RiskLevel["BLOCK"] = "block";
+})(RiskLevel || (exports.RiskLevel = RiskLevel = {}));

package/dist/update-checker.d.ts

@@ -0,0 +1,21 @@
+/**
+ * Update Checker - Check for new SDK versions on GitHub Releases
+ * Caches results to avoid excessive API calls
+ */
+export interface VersionInfo {
+    currentVersion: string;
+    latestVersion: string;
+    updateAvailable: boolean;
+    releaseUrl?: string;
+    publishedAt?: string;
+}
+/**
+ * Check for SDK updates (uses cache if available)
+ * @param forceCheck - Force check even if cache is valid
+ * @returns Version information including update availability
+ */
+export declare function checkForUpdates(forceCheck?: boolean): Promise<VersionInfo>;
+/**
+ * Log update notification if update is available
+ */
+export declare function notifyIfUpdateAvailable(): Promise<void>;