@wardnmesh/sdk-node 0.4.0 → 0.4.5

package/CHANGELOG.md

@@ -0,0 +1,147 @@
+# Changelog
+
+All notable changes to @wardnmesh/sdk-node will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [0.4.0] - 2026-01-17
+
+### 🚨 Breaking Changes
+
+**Action-Based Architecture**: Replaces boolean `allowed` field with granular action types.
+
+- **`ScanResult.allowed` → `ScanResult.action`**
+  - Type: `boolean` → `ThreatAction` (`'block'` | `'confirm'` | `'warn'` | `'log'` | `'allow'`)
+  - Provides fine-grained control over threat response
+  - Enables user confirmation for high-risk operations
+
+### Added
+
+- **Confirmation Support** (`action: 'confirm'`)
+  - New `confirmationDetails` field in `ScanResult`
+  - Pre-formatted confirmation messages with context
+  - Configurable timeout and default action
+  - Designed for user approval dialogs in CLI/UI
+
+- **Action Priority System**
+  - `determineAction()` method with priority: `block` > `confirm` > `warn` > `log` > `allow`
+  - Defensive fail-closed design: defaults to `'block'` on invalid actions
+  - Comprehensive validation with fallback safety
+
+- **Enhanced Violation Metadata**
+  - Added `recommendedAction: ThreatAction` field to `Violation`
+  - Added `scope: string` field for categorization
+  - Richer context for decision-making
+
+### Changed
+
+- **Core API**: `scan()` now returns `action` instead of `allowed`
+- **Middleware**: Callbacks now receive full `ScanResult` instead of just `violations`
+- **Error Handling**: Invalid `recommendedAction` values trigger warnings and fail-closed
+
+### Fixed
+
+- **Defensive Design**: Prevents security bypass from missing/invalid `recommendedAction`
+- **Type Safety**: All violation fields properly validated before action determination
+
+### Migration
+
+See [MIGRATION_v0.4.0.md](MIGRATION_v0.4.0.md) for detailed upgrade guide.
+
+**Quick Migration**:
+```typescript
+// Before (v0.2.3)
+if (!result.allowed) { throw new Error('Blocked'); }
+
+// After (v0.4.0)
+if (result.action === 'block') { throw new Error('Blocked'); }
+```
+
+### Testing
+
+- ✅ 17 tests passing (4 test suites)
+- ✅ All action types validated
+- ✅ Confirmation flow tested
+- ✅ Fail-closed behavior verified
+
+---
+
+## [0.2.3] - 2026-01-16
+
+### Fixed
+
+- Improved severity-to-action mapping in integrations
+- Enhanced error handling with better null checks
+
+### Documentation
+
+- Updated examples with current API patterns
+- Clarified rule configuration options
+
+---
+
+## [0.2.0] - 2026-01-15
+
+### Added
+
+- **Semantic Analysis**: ML-based threat detection using local models
+- **State Tracking**: Session-aware detection for multi-turn attacks
+- **Pattern Detectors**: Regex-based threat pattern matching
+- **Sequence Detectors**: Multi-step attack pattern recognition
+
+### Changed
+
+- Unified detector API for all detection types
+- Improved telemetry with detailed metrics
+
+### Performance
+
+- <20ms latency for most scans
+- Local-first processing (no external API calls)
+- Lazy loading for ML models
+
+---
+
+## [0.1.0] - 2026-01-10
+
+### Added
+
+- Initial release of WardnMesh SDK for Node.js
+- Core `Wardn` class with singleton pattern
+- Basic threat detection for:
+  - PII (Personal Identifiable Information)
+  - Prompt injection patterns
+  - API key leakage
+- Express middleware support
+- Next.js middleware support
+- Vercel AI SDK integration
+- Local rule management
+
+### Features
+
+- Rule-based scanning engine
+- Configurable severity levels
+- Telemetry and reporting
+- Extensible detector system
+- TypeScript support with full type definitions
+
+---
+
+## Version Compatibility
+
+| SDK Version | MCP Server | Node.js | Status |
+|-------------|------------|---------|--------|
+| 0.4.0 | 0.2.3+ | 18+ | ✅ Current |
+| 0.2.3 | 0.2.0+ | 18+ | ⚠️ Legacy |
+| 0.2.0 | 0.2.0+ | 18+ | ⚠️ Legacy |
+| 0.1.0 | 0.1.0+ | 18+ | ❌ Deprecated |
+
+---
+
+## Links
+
+- [NPM Package](https://www.npmjs.com/package/@wardnmesh/sdk-node)
+- [GitHub Repository](https://github.com/PCIRCLE-AI/wardnmesh)
+- [Documentation](https://wardnmesh.ai/docs/sdk)
+- [Migration Guides](MIGRATION_v0.4.0.md)

package/README.md

@@ -1,6 +1,6 @@
 # @wardnmesh/sdk-node
 
-> **Latest Version: v0.4.0** (Released 2026-01-17)
+> **Latest Version: v0.4.5** (Released 2026-01-19)
 
 **WardnMesh.AI** (formerly AgentGuard) is an active defense middleware for AI Agents. This SDK allows you to verify LLM inputs/outputs, block prompt injections, and prevent data exfiltration in real-time.
 
@@ -26,9 +26,9 @@
 ## Installation
 
 ```bash
-npm install @wardnmesh/sdk-node@0.4.0
+npm install @wardnmesh/sdk-node@latest
 # or
-yarn add @wardnmesh/sdk-node@0.4.0
+yarn add @wardnmesh/sdk-node@latest
 ```
 
 ## v0.4.0 API Overview

package/dist/detectors/base.d.ts

@@ -1,35 +1,33 @@
 import { ToolData, Violation, Rule, Detector, StateProvider, DetectorType, ThreatAction } from '../types';
 /**
- * Abstract base detector class
+ * Map rule severity to recommended action, with optional rule action override.
  *
+ * Default mapping:
+ * - critical -> block (immediate threat)
+ * - high -> confirm (needs user approval)
+ * - medium -> warn (notify but allow)
+ * - low -> log (record only)
+ *
+ * Rules can override default mapping via rule.action.
+ */
+export declare function mapSeverityToAction(rule: Rule): ThreatAction;
+/**
+ * Map rule category to scope description.
+ */
+export declare function mapCategoryToScope(category: string): string;
+/**
+ * Abstract base detector class.
  * Provides common functionality for all detectors.
  */
 export declare abstract class BaseDetector implements Detector {
     abstract detect(toolData: ToolData, rule: Rule, sessionState: StateProvider): Violation | null;
     abstract getType(): DetectorType | string;
     /**
-     * Generate unique violation ID
+     * Generate unique violation ID using cryptographically secure random.
      */
     protected generateViolationId(): string;
     /**
-     * v0.4.0: Map severity to recommended action, with optional rule action override
-     *
-     * Default mapping:
-     * - critical → block (immediate threat)
-     * - high → confirm (needs user approval)
-     * - medium → warn (notify but allow)
-     * - low → log (record only)
-     *
-     * Rules can override default mapping via rule.action
-     */
-    protected getRecommendedActionForSeverity(rule: Rule): ThreatAction;
-    /**
-     * v0.3.0: Determine scope description based on rule category
-     */
-    protected getScopeForCategory(category: string): string;
-    /**
-     * Create violation object
-     * v0.4.0: Use rule.action override for recommendedAction
+     * Create violation object with standardized structure.
      */
     protected createViolation(rule: Rule, toolData: ToolData, additionalInfo?: Record<string, unknown>): Violation;
     /**

package/dist/detectors/base.js

@@ -1,62 +1,64 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.BaseDetector = void 0;
+exports.mapSeverityToAction = mapSeverityToAction;
+exports.mapCategoryToScope = mapCategoryToScope;
+const crypto_1 = require("crypto");
 /**
- * Abstract base detector class
+ * Map rule severity to recommended action, with optional rule action override.
  *
+ * Default mapping:
+ * - critical -> block (immediate threat)
+ * - high -> confirm (needs user approval)
+ * - medium -> warn (notify but allow)
+ * - low -> log (record only)
+ *
+ * Rules can override default mapping via rule.action.
+ */
+function mapSeverityToAction(rule) {
+    if (rule.action) {
+        return rule.action;
+    }
+    switch (rule.severity) {
+        case 'critical': return 'block';
+        case 'high': return 'confirm';
+        case 'medium': return 'warn';
+        case 'low': return 'log';
+        default: return 'block';
+    }
+}
+/**
+ * Map rule category to scope description.
+ */
+function mapCategoryToScope(category) {
+    switch (category) {
+        case 'workflow': return 'Workflow safety';
+        case 'quality': return 'Code quality';
+        case 'safety': return 'Security';
+        case 'network_boundary': return 'Network access';
+        case 'supply_chain': return 'Supply chain';
+        default: return 'Security violation';
+    }
+}
+/**
+ * Abstract base detector class.
  * Provides common functionality for all detectors.
  */
 class BaseDetector {
     /**
-     * Generate unique violation ID
+     * Generate unique violation ID using cryptographically secure random.
      */
     generateViolationId() {
-        // Note: Using substring() instead of deprecated substr()
-        return `violation_${Date.now()}_${Math.random().toString(36).substring(2, 11)}`;
-    }
-    /**
-     * v0.4.0: Map severity to recommended action, with optional rule action override
-     *
-     * Default mapping:
-     * - critical → block (immediate threat)
-     * - high → confirm (needs user approval)
-     * - medium → warn (notify but allow)
-     * - low → log (record only)
-     *
-     * Rules can override default mapping via rule.action
-     */
-    getRecommendedActionForSeverity(rule) {
-        // Rule action override takes precedence
-        if (rule.action) {
-            return rule.action;
-        }
-        // Default severity-to-action mapping
-        switch (rule.severity) {
-            case 'critical': return 'block';
-            case 'high': return 'confirm'; // v0.4.0: Changed from 'warn' to 'confirm'
-            case 'medium': return 'warn';
-            case 'low': return 'log';
-            default: return 'block';
-        }
-    }
-    /**
-     * v0.3.0: Determine scope description based on rule category
-     */
-    getScopeForCategory(category) {
-        switch (category) {
-            case 'workflow': return 'Workflow safety';
-            case 'quality': return 'Code quality';
-            case 'safety': return 'Security';
-            case 'network_boundary': return 'Network access';
-            case 'supply_chain': return 'Supply chain';
-            default: return 'Security violation';
-        }
+        return `violation_${(0, crypto_1.randomUUID)()}`;
     }
     /**
-     * Create violation object
-     * v0.4.0: Use rule.action override for recommendedAction
+     * Create violation object with standardized structure.
      */
     createViolation(rule, toolData, additionalInfo) {
+        const filePath = (toolData.parameters.file_path ||
+            toolData.parameters.TargetFile ||
+            toolData.parameters.AbsolutePath ||
+            toolData.parameters.path);
         return {
             id: this.generateViolationId(),
             ruleId: rule.id,
@@ -66,13 +68,12 @@ class BaseDetector {
             context: {
                 toolName: toolData.toolName,
                 toolData,
-                filePath: (toolData.parameters.file_path || toolData.parameters.TargetFile || toolData.parameters.AbsolutePath || toolData.parameters.path),
-                additionalInfo
+                filePath,
+                additionalInfo,
             },
             timestamp: new Date().toISOString(),
-            // v0.4.0: Support rule.action override
-            recommendedAction: this.getRecommendedActionForSeverity(rule),
-            scope: this.getScopeForCategory(rule.category)
+            recommendedAction: mapSeverityToAction(rule),
+            scope: mapCategoryToScope(rule.category),
         };
     }
     /**

package/dist/detectors/sequence.js

@@ -2,6 +2,7 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.SequenceDetector = void 0;
 const base_1 = require("./base");
+const safe_regex_1 = require("../utils/safe-regex");
 class SequenceDetector extends base_1.BaseDetector {
     getType() {
         return 'sequence';
@@ -60,7 +61,12 @@ class SequenceDetector extends base_1.BaseDetector {
                 }
                 if (step.matchesPattern) {
                     const currentValue = this.extractValue(currentTool, step.extractPath);
-                    const regex = new RegExp(step.matchesPattern);
+                    // SECURITY FIX Round 16: Use getCachedRegex for ReDoS protection
+                    const regex = (0, safe_regex_1.getCachedRegex)(step.matchesPattern);
+                    if (!regex) {
+                        // Invalid or unsafe pattern - skip this check
+                        return { matched: true };
+                    }
                     if (typeof currentValue === 'string' && !regex.test(currentValue)) {
                         return {
                             matched: false,
@@ -103,7 +109,12 @@ class SequenceDetector extends base_1.BaseDetector {
                 }
             }
             if (step.matchesPattern) {
-                const regex = new RegExp(step.matchesPattern);
+                // SECURITY FIX Round 16: Use getCachedRegex for ReDoS protection
+                const regex = (0, safe_regex_1.getCachedRegex)(step.matchesPattern);
+                if (!regex) {
+                    // Invalid or unsafe pattern - skip this tool
+                    continue;
+                }
                 if (typeof value === 'string' && !regex.test(value)) {
                     continue;
                 }
@@ -123,7 +134,13 @@ class SequenceDetector extends base_1.BaseDetector {
         }
         if (lastStep.matchesPattern) {
             const val = this.extractValue(toolData, lastStep.extractPath);
-            if (typeof val === 'string' && !new RegExp(lastStep.matchesPattern).test(val)) {
+            // SECURITY FIX Round 16: Use getCachedRegex for ReDoS protection
+            const regex = (0, safe_regex_1.getCachedRegex)(lastStep.matchesPattern);
+            if (!regex) {
+                // Invalid or unsafe pattern - skip this check (allow through)
+                return null;
+            }
+            if (typeof val === 'string' && !regex.test(val)) {
                 return null;
             }
         }

package/dist/detectors/state.d.ts

@@ -5,4 +5,5 @@ export declare class StateDetector extends BaseDetector {
     detect(toolData: ToolData, rule: Rule, sessionState: StateProvider): Violation | null;
     private isTriggerEvent;
     private updateStateFromTool;
+    private setStateWithTimestamp;
 }

package/dist/detectors/state.js

@@ -2,6 +2,7 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.StateDetector = void 0;
 const base_1 = require("./base");
+const safe_regex_1 = require("../utils/safe-regex");
 class StateDetector extends base_1.BaseDetector {
     getType() {
         return 'state';
@@ -9,84 +10,56 @@ class StateDetector extends base_1.BaseDetector {
     detect(toolData, rule, sessionState) {
         const config = rule.detector.config;
         this.updateStateFromTool(config, toolData, sessionState);
-        if (this.isTriggerEvent(config, toolData)) {
-            const currentState = sessionState.getCustomState(config.requiredState);
-            if (currentState !== config.targetStateValue) {
-                return {
-                    id: this.generateViolationId(),
-                    ruleId: rule.id,
-                    ruleName: rule.name,
-                    severity: rule.severity,
-                    timestamp: new Date().toISOString(),
-                    description: rule.description,
-                    context: {
-                        toolName: toolData.toolName,
-                        toolData: toolData,
-                        additionalInfo: {
-                            message: `Required state '${config.requiredState}' is '${currentState || 'undefined'}', expected '${config.targetStateValue}'.`
-                        }
-                    },
-                    // v0.4.0: Support rule.action override
-                    recommendedAction: this.getRecommendedActionForSeverity(rule),
-                    scope: this.getScopeForCategory(rule.category)
-                };
-            }
-            if (config.stateDerivation?.validityDurationMs) {
-                const lastUpdate = sessionState.getCustomState(`${config.requiredState}_timestamp`);
-                if (lastUpdate && typeof lastUpdate === 'string') {
-                    const timeDiff = new Date().getTime() - new Date(lastUpdate).getTime();
-                    if (timeDiff > config.stateDerivation.validityDurationMs) {
-                        return {
-                            id: this.generateViolationId(),
-                            ruleId: rule.id,
-                            ruleName: rule.name,
-                            severity: rule.severity,
-                            timestamp: new Date().toISOString(),
-                            description: rule.description,
-                            context: {
-                                toolName: toolData.toolName,
-                                toolData: toolData,
-                                additionalInfo: {
-                                    message: `Required state '${config.requiredState}' has expired (last verified ${Math.floor(timeDiff / 1000)}s ago).`
-                                }
-                            },
-                            // v0.4.0: Support rule.action override
-                            recommendedAction: this.getRecommendedActionForSeverity(rule),
-                            scope: this.getScopeForCategory(rule.category)
-                        };
-                    }
+        if (!this.isTriggerEvent(config, toolData)) {
+            return null;
+        }
+        const currentState = sessionState.getCustomState(config.requiredState);
+        if (currentState !== config.targetStateValue) {
+            const message = `Required state '${config.requiredState}' is '${currentState ?? 'undefined'}', expected '${config.targetStateValue}'.`;
+            return this.createViolation(rule, toolData, { message });
+        }
+        if (config.stateDerivation?.validityDurationMs) {
+            const lastUpdate = sessionState.getCustomState(`${config.requiredState}_timestamp`);
+            if (lastUpdate && typeof lastUpdate === 'string') {
+                const timeDiff = Date.now() - new Date(lastUpdate).getTime();
+                if (timeDiff > config.stateDerivation.validityDurationMs) {
+                    const message = `Required state '${config.requiredState}' has expired (last verified ${Math.floor(timeDiff / 1000)}s ago).`;
+                    return this.createViolation(rule, toolData, { message });
                 }
             }
         }
         return null;
     }
     isTriggerEvent(config, toolData) {
-        if (toolData.toolName !== config.trigger.tool)
+        if (toolData.toolName !== config.trigger.tool) {
+            return false;
+        }
+        if (!config.trigger.parameterMatch) {
+            return true;
+        }
+        const paramValue = this.extractValue(toolData.parameters, config.trigger.parameterMatch.key);
+        if (!paramValue || typeof paramValue !== 'string') {
             return false;
-        if (config.trigger.parameterMatch) {
-            const paramValue = this.extractValue(toolData.parameters, config.trigger.parameterMatch.key);
-            if (!paramValue || typeof paramValue !== 'string')
-                return false;
-            const regex = new RegExp(config.trigger.parameterMatch.valuePattern, 'i');
-            return regex.test(paramValue);
         }
-        return true;
+        const regex = (0, safe_regex_1.getCachedRegex)(config.trigger.parameterMatch.valuePattern, 'i');
+        return regex ? regex.test(paramValue) : false;
     }
     updateStateFromTool(config, toolData, sessionState) {
-        if (config.stateDerivation && toolData.toolName === config.stateDerivation.fromTool) {
-            // Heuristic check for 'test' in command line if it's run_command
-            if (toolData.toolName === 'run_command' && toolData.parameters.CommandLine) {
-                const commandLine = toolData.parameters.CommandLine;
-                if (commandLine.includes('test') || commandLine.includes('vitest')) {
-                    sessionState.setCustomState(config.stateDerivation.setState, config.stateDerivation.setValue);
-                    sessionState.setCustomState(`${config.stateDerivation.setState}_timestamp`, new Date().toISOString());
-                }
-            }
-            else {
-                sessionState.setCustomState(config.stateDerivation.setState, config.stateDerivation.setValue);
-                sessionState.setCustomState(`${config.stateDerivation.setState}_timestamp`, new Date().toISOString());
+        if (!config.stateDerivation || toolData.toolName !== config.stateDerivation.fromTool) {
+            return;
+        }
+        // For run_command tool, only update state if command contains test keywords
+        if (toolData.toolName === 'run_command' && toolData.parameters.CommandLine) {
+            const commandLine = toolData.parameters.CommandLine;
+            if (!commandLine.includes('test') && !commandLine.includes('vitest')) {
+                return;
             }
         }
+        this.setStateWithTimestamp(sessionState, config.stateDerivation.setState, config.stateDerivation.setValue);
+    }
+    setStateWithTimestamp(sessionState, key, value) {
+        sessionState.setCustomState(key, value);
+        sessionState.setCustomState(`${key}_timestamp`, new Date().toISOString());
     }
 }
 exports.StateDetector = StateDetector;

package/dist/utils/safe-regex.d.ts

@@ -51,3 +51,12 @@ export declare function safeRegexExec(regex: RegExp, content: string, maxLength?
  * Safe regex test with content length limit
  */
 export declare function safeRegexTest(regex: RegExp, content: string, maxLength?: number): boolean;
+/**
+ * Create a safe regex with validation
+ * Throws error if pattern is unsafe
+ */
+export declare function createSafeRegex(pattern: string, flags?: string): RegExp;
+/**
+ * Validate multiple regex patterns
+ */
+export declare function validateRegexPatterns(patterns: string[]): RegexValidationResult;

package/dist/utils/safe-regex.js

@@ -12,18 +12,23 @@ exports.resetPatternErrorMetrics = resetPatternErrorMetrics;
 exports.getCachedRegex = getCachedRegex;
 exports.safeRegexExec = safeRegexExec;
 exports.safeRegexTest = safeRegexTest;
+exports.createSafeRegex = createSafeRegex;
+exports.validateRegexPatterns = validateRegexPatterns;
 const logger_1 = require("./logger");
 // Patterns that are known to cause catastrophic backtracking
+// SECURITY FIX: Detect dangerous patterns in BOTH non-capturing (?...) AND capturing (...) groups
+// VULNERABILITY (v1): Required `\?` which only matched (?...) groups, missing dangerous (...) groups
+// FIX (v2): Remove `\?` requirement to catch all dangerous nested quantifiers
 const DANGEROUS_PATTERNS = [
-    /\(\?[^)]*\+[^)]*\)\+/, // Nested quantifiers with +
-    /\(\?[^)]*\*[^)]*\)\+/, // Nested quantifiers with *
-    /\(\?[^)]*\+[^)]*\)\*/, // Nested quantifiers
-    /\(\?[^)]*\*[^)]*\)\*/, // Nested quantifiers
-    /\([^)]+\)\{[0-9]+,\}/, // Unbounded repetition of groups
-    /\.\*\.\*/, // Multiple greedy wildcards
-    /\.\+\.\+/, // Multiple greedy wildcards
-    /\([^)]*\|[^)]*\)\+/, // Alternation with quantifier
-    /\([^)]*\|[^)]*\)\*/, // Alternation with quantifier
+    /\([^)]*\+[^)]*\)\+/, // Nested quantifiers: (...+...)+  or (?...+...)+
+    /\([^)]*\*[^)]*\)\+/, // Nested quantifiers: (...*...)+  or (?...*...)+
+    /\([^)]*\+[^)]*\)\*/, // Nested quantifiers: (...+...)* or (?...+...)*
+    /\([^)]*\*[^)]*\)\*/, // Nested quantifiers: (...*...)* or (?...*...)*
+    /\([^)]+\)\{[0-9]+,\}/, // Unbounded repetition of groups: (...){10,}
+    /\.\*\.\*/, // Multiple greedy wildcards: .*.*
+    /\.\+\.\+/, // Multiple greedy wildcards: .+.+
+    /\([^)]*\|[^)]*\)\+/, // Alternation with quantifier: (a|b)+
+    /\([^)]*\|[^)]*\)\*/, // Alternation with quantifier: (a|b)*
 ];
 // Maximum allowed regex pattern length
 const MAX_PATTERN_LENGTH = 1000;
@@ -166,7 +171,12 @@ function getCachedRegex(pattern, flags = "") {
     errorMetrics.totalPatternsProcessed++;
     // Convert PCRE modifiers first
     const pcreResult = convertPCREModifiers(pattern);
-    if (pcreResult.converted && pcreResult.error) {
+    // SECURITY FIX: Check for PCRE conversion errors
+    // VULNERABILITY (v1): Condition `converted && error` was always false when error exists
+    //   - When unsupported modifiers found: converted=false, error=truthy
+    //   - Condition: false && truthy = false (check skipped!)
+    // FIX (v2): Check error first, regardless of converted status
+    if (pcreResult.error) {
         // Unsupported PCRE modifiers - skip this pattern
         errorMetrics.pcreConversionFailures++;
         logger_1.logger.warn(`Skipping pattern with unsupported PCRE modifiers: ${pcreResult.error}`);
@@ -218,3 +228,26 @@ function safeRegexTest(regex, content, maxLength = 50000) {
     const safeContent = content.length > maxLength ? content.substring(0, maxLength) : content;
     return regex.test(safeContent);
 }
+/**
+ * Create a safe regex with validation
+ * Throws error if pattern is unsafe
+ */
+function createSafeRegex(pattern, flags = "") {
+    const validation = validateRegexPattern(pattern);
+    if (!validation.valid) {
+        throw new Error(validation.error || "Invalid regex pattern");
+    }
+    return new RegExp(pattern, flags);
+}
+/**
+ * Validate multiple regex patterns
+ */
+function validateRegexPatterns(patterns) {
+    for (const pattern of patterns) {
+        const result = validateRegexPattern(pattern);
+        if (!result.valid) {
+            return result;
+        }
+    }
+    return { valid: true };
+}

package/dist/wardn.d.ts

@@ -47,19 +47,7 @@ export declare class Wardn {
     private detectViolation;
     /** Handle semantic detection */
     private detectSemanticViolation;
-    /**
-     * v0.4.0: Map severity to recommended action, with optional rule action override
-     *
-     * Default mapping:
-     * - critical → block (immediate threat)
-     * - high → confirm (needs user approval)
-     * - medium → warn (notify but allow)
-     * - low → log (record only)
-     *
-     * Rules can override default mapping via rule.action
-     */
-    private getRecommendedActionForSeverity;
-    /** Report violation to telemetry */
+    /** Report violation to telemetry (redacts sensitive toolData) */
     private reportViolation;
     /** Report scan completion to telemetry */
     private reportScanComplete;

package/dist/wardn.js

@@ -4,6 +4,7 @@ exports.Wardn = void 0;
 const pattern_1 = require("./detectors/pattern");
 const sequence_1 = require("./detectors/sequence");
 const state_1 = require("./detectors/state");
+const base_1 = require("./detectors/base");
 const safe_regex_1 = require("./utils/safe-regex");
 const update_checker_1 = require("./update-checker");
 const session_manager_1 = require("./state/session-manager");
@@ -201,7 +202,7 @@ class Wardn {
                 if (violation) {
                     violations.push(violation);
                     stateAdapter.addViolation(violation);
-                    this.reportViolation(violation, toolData, currentSessionId);
+                    this.reportViolation(violation, currentSessionId);
                 }
             }
             await this.stateProvider.setState(currentSessionId, stateAdapter.exportState());
@@ -352,50 +353,17 @@ This operation requires your approval to proceed.`;
                 additionalInfo: { score },
             },
             timestamp: new Date().toISOString(),
-            // v0.4.0: Set recommended action (rule.action or default severity mapping)
-            recommendedAction: this.getRecommendedActionForSeverity(rule),
+            recommendedAction: (0, base_1.mapSeverityToAction)(rule),
             scope: 'Semantic analysis',
         };
     }
-    /**
-     * v0.4.0: Map severity to recommended action, with optional rule action override
-     *
-     * Default mapping:
-     * - critical → block (immediate threat)
-     * - high → confirm (needs user approval)
-     * - medium → warn (notify but allow)
-     * - low → log (record only)
-     *
-     * Rules can override default mapping via rule.action
-     */
-    getRecommendedActionForSeverity(rule) {
-        // Rule action override takes precedence
-        if (rule.action) {
-            return rule.action;
-        }
-        // Default severity-to-action mapping
-        switch (rule.severity) {
-            case 'critical':
-                return 'block';
-            case 'high':
-                return 'confirm'; // v0.4.0: Changed from 'warn' to 'confirm'
-            case 'medium':
-                return 'warn';
-            case 'low':
-                return 'log';
-            default:
-                return 'block'; // Safe default
-        }
-    }
-    /** Report violation to telemetry */
-    reportViolation(violation, toolData, sessionId) {
-        // REDACTION: Create a safe copy for the cloud
-        const safeViolation = { ...violation };
-        if (safeViolation.context) {
-            // Remove raw toolData (prompts) from the cloud payload
-            const { toolData: _removed, ...safeContext } = safeViolation.context;
-            safeViolation.context = safeContext;
-        }
+    /** Report violation to telemetry (redacts sensitive toolData) */
+    reportViolation(violation, sessionId) {
+        const { toolData: _redacted, ...safeContext } = violation.context;
+        const safeViolation = {
+            ...violation,
+            context: safeContext,
+        };
         this.telemetry.emit({
             eventType: "violation_detected",
             timestamp: new Date().toISOString(),
@@ -491,14 +459,12 @@ This operation requires your approval to proceed.`;
     async pollRemoteRules() {
         if (!this.config.remoteRulesUrl || this.isShutdown)
             return;
-        const FETCH_TIMEOUT_MS = 10000; // 10 second timeout
         const poll = async () => {
             if (this.isShutdown)
                 return;
             try {
-                // Create AbortController for timeout
                 const controller = new AbortController();
-                const timeoutId = setTimeout(() => controller.abort(), FETCH_TIMEOUT_MS);
+                const timeoutId = setTimeout(() => controller.abort(), security_limits_1.SECURITY_LIMITS.FETCH_TIMEOUT_MS);
                 const response = await fetch(this.config.remoteRulesUrl, {
                     headers: {
                         "Accept": "application/json",

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@wardnmesh/sdk-node",
-  "version": "0.4.0",
+  "version": "0.4.5",
   "description": "WardnMesh.AI Node.js SDK - Active Defense Middleware for AI Agents",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -29,7 +29,8 @@
     "dist",
     "bin",
     "README.md",
-    "LICENSE"
+    "LICENSE",
+    "CHANGELOG.md"
   ],
   "publishConfig": {
     "access": "public"
@@ -42,18 +43,23 @@
   ],
   "repository": {
     "type": "git",
-    "url": "git+https://github.com/PCIRCLE-AI/wardnmesh.git"
+    "url": "git+https://github.com/PCIRCLE-AI/wardnmesh-sdk-node.git"
   },
   "bugs": {
-    "url": "https://github.com/PCIRCLE-AI/wardnmesh/issues"
+    "url": "https://github.com/PCIRCLE-AI/wardnmesh-sdk-node/issues"
   },
   "homepage": "https://wardnmesh.ai",
   "author": "KT",
   "license": "Elastic-2.0",
+  "engines": {
+    "node": ">=18.0.0",
+    "npm": ">=9.0.0"
+  },
   "devDependencies": {
     "@types/jest": "^29.5.11",
     "@types/node": "^20.10.0",
     "jest": "^29.7.0",
+    "next": "^14.2.35",
     "ts-jest": "^29.1.1",
     "typescript": "^5.0.0"
   },
@@ -68,4 +74,4 @@
   "dependencies": {
     "@xenova/transformers": "^2.17.2"
   }
-}
+}

package/dist/agent-guard.d.ts

@@ -1,28 +0,0 @@
-import { AgentGuardConfig, ScanResult, AgentRequest } from "./types";
-import { SessionStateProvider } from "./state/session-manager";
-export declare class AgentGuard {
-    private static instance;
-    private config;
-    private stateProvider;
-    private telemetry;
-    private patternDetector;
-    private sequenceDetector;
-    private stateDetector;
-    private semanticDetector;
-    private constructor();
-    private initTelemetry;
-    static getInstance(): AgentGuard;
-    static init(config: AgentGuardConfig, stateProvider?: SessionStateProvider): AgentGuard;
-    /** Main entry point to scan an agent request */
-    scan(request: AgentRequest): Promise<ScanResult>;
-    /** Normalize request to ToolData format */
-    private normalizeRequest;
-    /** Run detector for a single rule */
-    private detectViolation;
-    /** Handle semantic detection */
-    private detectSemanticViolation;
-    /** Report violation to telemetry */
-    private reportViolation;
-    /** Report scan completion to telemetry */
-    private reportScanComplete;
-}

package/dist/agent-guard.js

@@ -1,206 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.AgentGuard = void 0;
-const pattern_1 = require("./detectors/pattern");
-const sequence_1 = require("./detectors/sequence");
-const state_1 = require("./detectors/state");
-const session_manager_1 = require("./state/session-manager");
-const reporter_1 = require("./telemetry/reporter");
-const semantic_detector_1 = require("./detectors/semantic-detector");
-/** Synchronous state adapter for in-request state management */
-class SyncStateAdapter {
-    constructor(initialState, maxHistory = 50) {
-        this.maxHistory = maxHistory;
-        this.state = {
-            startTime: initialState.startTime || new Date().toISOString(),
-            toolCalls: initialState.toolCalls || [],
-            recentTools: initialState.recentTools || [],
-            detectedViolations: initialState.detectedViolations || [],
-            customState: initialState.customState || {},
-            currentFile: initialState.currentFile,
-        };
-    }
-    getRecentTools(count) {
-        const tools = this.state.recentTools || [];
-        return count ? tools.slice(-count) : tools;
-    }
-    setCustomState(key, value) {
-        this.state.customState[key] = value;
-    }
-    getCustomState(key) {
-        return this.state.customState[key];
-    }
-    addToolCall(tool) {
-        if (!this.state.recentTools)
-            this.state.recentTools = [];
-        this.state.recentTools.push(tool);
-        if (this.state.recentTools.length > this.maxHistory) {
-            this.state.recentTools.shift();
-        }
-    }
-    exportState() {
-        return this.state;
-    }
-}
-class AgentGuard {
-    constructor(config, stateProvider) {
-        this.config = config;
-        this.stateProvider = stateProvider || new session_manager_1.InMemorySessionStateProvider();
-        this.telemetry = this.initTelemetry();
-        this.patternDetector = new pattern_1.PatternDetector();
-        this.sequenceDetector = new sequence_1.SequenceDetector();
-        this.stateDetector = new state_1.StateDetector();
-        this.semanticDetector = semantic_detector_1.SemanticDetector.getInstance();
-        // Emit startup event
-        this.telemetry.emit({
-            eventType: "agent_started",
-            timestamp: new Date().toISOString(),
-            data: {
-                config: {
-                    appName: this.config.telemetry?.serviceName,
-                    ruleCount: this.config.rules.length,
-                },
-            },
-        });
-    }
-    initTelemetry() {
-        if (this.config.telemetry?.enabled && process.env.CCB_ENDPOINT) {
-            return new reporter_1.CCBReporter(process.env.CCB_ENDPOINT, process.env.CCB_API_KEY || "", this.config.telemetry.serviceName || "unknown-service");
-        }
-        return new reporter_1.ConsoleReporter();
-    }
-    static getInstance() {
-        if (!AgentGuard.instance) {
-            throw new Error("AgentGuard not initialized. Call AgentGuard.init() first.");
-        }
-        return AgentGuard.instance;
-    }
-    static init(config, stateProvider) {
-        AgentGuard.instance = new AgentGuard(config, stateProvider);
-        return AgentGuard.instance;
-    }
-    /** Main entry point to scan an agent request */
-    async scan(request) {
-        const start = Date.now();
-        const violations = [];
-        const sessionId = request.sessionId || "default";
-        try {
-            const rawState = await this.stateProvider.getState(sessionId);
-            const stateAdapter = new SyncStateAdapter(rawState, this.config.maxHistorySize);
-            const toolData = this.normalizeRequest(request);
-            stateAdapter.addToolCall(toolData);
-            // Lazy load semantic model if needed
-            if (this.config.rules.some((r) => r.detector.type === "semantic")) {
-                await this.semanticDetector.init();
-            }
-            // Run all detectors
-            for (const rule of this.config.rules) {
-                const violation = await this.detectViolation(rule, toolData, stateAdapter);
-                if (violation) {
-                    violations.push(violation);
-                    this.reportViolation(violation, toolData, sessionId);
-                }
-            }
-            await this.stateProvider.setState(sessionId, stateAdapter.exportState());
-            const result = {
-                allowed: !violations.some((v) => v.severity === "critical"),
-                violations,
-                latencyMs: Date.now() - start,
-                metadata: { analyzedRules: this.config.rules.length },
-            };
-            this.reportScanComplete(result, sessionId);
-            return result;
-        }
-        catch (error) {
-            // Fail-Open Resilience: Never crash the application
-            console.error("[AgentGuard] Scan failed, failing open:", error);
-            this.telemetry.emit({
-                eventType: "error",
-                timestamp: new Date().toISOString(),
-                data: {
-                    error: error instanceof Error ? error.message : "Unknown error",
-                    sessionId,
-                },
-            });
-            return {
-                allowed: true, // Fail-open
-                violations: [],
-                latencyMs: Date.now() - start,
-                metadata: {
-                    error: true,
-                    errorDetails: error instanceof Error ? error.message : "Unknown",
-                },
-            };
-        }
-    }
-    /** Normalize request to ToolData format */
-    normalizeRequest(request) {
-        return {
-            toolName: request.toolName || "llm_input",
-            parameters: request.parameters || { prompt: request.prompt || "" },
-            result: { success: true },
-            duration: 0,
-            timestamp: new Date().toISOString(),
-        };
-    }
-    /** Run detector for a single rule */
-    async detectViolation(rule, toolData, stateAdapter) {
-        switch (rule.detector.type) {
-            case "pattern":
-                return this.patternDetector.detect(toolData, rule, stateAdapter);
-            case "sequence":
-                return this.sequenceDetector.detect(toolData, rule, stateAdapter);
-            case "state":
-                return this.stateDetector.detect(toolData, rule, stateAdapter);
-            case "semantic":
-                return this.detectSemanticViolation(rule, toolData);
-            default:
-                return null;
-        }
-    }
-    /** Handle semantic detection */
-    async detectSemanticViolation(rule, toolData) {
-        const prompt = toolData.parameters.prompt ||
-            JSON.stringify(toolData.parameters);
-        const config = rule.detector.config;
-        const { detected, reason, score } = await this.semanticDetector.scan(prompt, config.threshold || 0.75);
-        if (!detected)
-            return null;
-        return {
-            id: crypto.randomUUID(),
-            ruleId: rule.id,
-            ruleName: rule.name,
-            severity: rule.severity,
-            description: reason || "Semantic Violation",
-            context: {
-                toolName: toolData.toolName,
-                toolData,
-                additionalInfo: { score },
-            },
-            timestamp: new Date().toISOString(),
-        };
-    }
-    /** Report violation to telemetry */
-    reportViolation(violation, toolData, sessionId) {
-        this.telemetry.emit({
-            eventType: "violation_detected",
-            timestamp: new Date().toISOString(),
-            data: { violation, toolData },
-            metadata: { sessionId },
-        });
-    }
-    /** Report scan completion to telemetry */
-    reportScanComplete(result, sessionId) {
-        this.telemetry.emit({
-            eventType: "scan_complete",
-            timestamp: new Date().toISOString(),
-            data: {
-                allowed: result.allowed,
-                latencyMs: result.latencyMs,
-                violationCount: result.violations.length,
-            },
-            metadata: { sessionId },
-        });
-    }
-}
-exports.AgentGuard = AgentGuard;