agentic-qe 2.8.1 → 2.8.2

package/dist/infrastructure/network/AgentRateLimiter.js

@@ -0,0 +1,186 @@
+"use strict";
+/**
+ * Agent Rate Limiter for Network Policy Enforcement
+ *
+ * Token bucket rate limiter with per-agent tracking.
+ * Supports both per-minute and per-hour limits.
+ *
+ * @module infrastructure/network/AgentRateLimiter
+ * @see Issue #146 - Security Hardening: SP-3 Network Policy Enforcement
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AgentRateLimiter = void 0;
+exports.createDefaultRateLimiter = createDefaultRateLimiter;
+/**
+ * Agent rate limiter using token bucket algorithm
+ *
+ * Features:
+ * - Per-agent rate limiting
+ * - Burst allowance via token bucket
+ * - Per-minute and per-hour limits
+ * - Automatic token refill
+ */
+class AgentRateLimiter {
+    constructor(config) {
+        this.cleanupInterval = null;
+        this.config = config;
+        this.buckets = new Map();
+        // Cleanup stale buckets every 10 minutes
+        this.cleanupInterval = setInterval(() => this.cleanup(), 10 * 60 * 1000);
+    }
+    /**
+     * Check if request is allowed without consuming
+     */
+    check(agentId) {
+        const bucket = this.getOrCreateBucket(agentId);
+        this.refillBucket(bucket);
+        this.updateWindows(bucket);
+        return this.calculateStatus(bucket, false);
+    }
+    /**
+     * Consume a request token
+     */
+    consume(agentId) {
+        const bucket = this.getOrCreateBucket(agentId);
+        this.refillBucket(bucket);
+        this.updateWindows(bucket);
+        const status = this.calculateStatus(bucket, true);
+        if (!status.limited) {
+            // Consume token
+            bucket.tokens -= 1;
+            bucket.minuteCount += 1;
+            bucket.hourCount += 1;
+        }
+        return status;
+    }
+    /**
+     * Reset rate limit for an agent
+     */
+    reset(agentId) {
+        this.buckets.delete(agentId);
+    }
+    /**
+     * Get current status for agent
+     */
+    getStatus(agentId) {
+        return this.check(agentId);
+    }
+    /**
+     * Get all agent IDs being tracked
+     */
+    getTrackedAgents() {
+        return Array.from(this.buckets.keys());
+    }
+    /**
+     * Stop the cleanup interval
+     */
+    close() {
+        if (this.cleanupInterval) {
+            clearInterval(this.cleanupInterval);
+            this.cleanupInterval = null;
+        }
+    }
+    // ============================================
+    // Private Methods
+    // ============================================
+    getOrCreateBucket(agentId) {
+        let bucket = this.buckets.get(agentId);
+        if (!bucket) {
+            const now = Date.now();
+            bucket = {
+                tokens: this.config.burstSize,
+                lastRefill: now,
+                minuteCount: 0,
+                minuteWindowStart: now,
+                hourCount: 0,
+                hourWindowStart: now,
+            };
+            this.buckets.set(agentId, bucket);
+        }
+        return bucket;
+    }
+    refillBucket(bucket) {
+        const now = Date.now();
+        const elapsed = now - bucket.lastRefill;
+        // Refill rate: requests per minute / 60 seconds
+        const refillRate = this.config.requestsPerMinute / 60;
+        const refillAmount = (elapsed / 1000) * refillRate;
+        bucket.tokens = Math.min(this.config.burstSize, bucket.tokens + refillAmount);
+        bucket.lastRefill = now;
+    }
+    updateWindows(bucket) {
+        const now = Date.now();
+        // Reset minute window
+        if (now - bucket.minuteWindowStart >= 60000) {
+            bucket.minuteCount = 0;
+            bucket.minuteWindowStart = now;
+        }
+        // Reset hour window
+        if (now - bucket.hourWindowStart >= 3600000) {
+            bucket.hourCount = 0;
+            bucket.hourWindowStart = now;
+        }
+    }
+    calculateStatus(bucket, forConsume) {
+        const now = Date.now();
+        // Check per-minute limit
+        const minuteRemaining = this.config.requestsPerMinute - bucket.minuteCount;
+        const minuteResetIn = 60000 - (now - bucket.minuteWindowStart);
+        // Check per-hour limit
+        const hourRemaining = this.config.requestsPerHour - bucket.hourCount;
+        const hourResetIn = 3600000 - (now - bucket.hourWindowStart);
+        // Check token bucket
+        const tokensAvailable = bucket.tokens >= 1;
+        // Determine if limited
+        // For check(): report if we're AT the limit (next request would fail)
+        // For consume(): report if we're OVER the limit (this request fails)
+        let limited = false;
+        let retryAfter = 0;
+        // Check minute limit
+        if (bucket.minuteCount >= this.config.requestsPerMinute) {
+            limited = true;
+            retryAfter = Math.max(retryAfter, minuteResetIn);
+        }
+        // Check hour limit
+        if (bucket.hourCount >= this.config.requestsPerHour) {
+            limited = true;
+            retryAfter = Math.max(retryAfter, hourResetIn);
+        }
+        // Check token bucket (only for consume to allow burst)
+        if (forConsume && !tokensAvailable) {
+            limited = true;
+            // Estimate time to refill one token
+            const refillRate = this.config.requestsPerMinute / 60;
+            retryAfter = Math.max(retryAfter, Math.ceil(1000 / refillRate));
+        }
+        return {
+            limited,
+            currentRate: bucket.minuteCount,
+            remaining: Math.min(minuteRemaining, hourRemaining, Math.floor(bucket.tokens)),
+            resetIn: Math.min(minuteResetIn, hourResetIn),
+            retryAfter: limited ? retryAfter : undefined,
+        };
+    }
+    cleanup() {
+        const now = Date.now();
+        const staleThreshold = 3600000; // 1 hour
+        for (const [agentId, bucket] of this.buckets) {
+            // Remove buckets that haven't been used in an hour
+            if (now - bucket.lastRefill > staleThreshold) {
+                this.buckets.delete(agentId);
+            }
+        }
+    }
+}
+exports.AgentRateLimiter = AgentRateLimiter;
+/**
+ * Create a rate limiter with default configuration
+ */
+function createDefaultRateLimiter() {
+    return new AgentRateLimiter({
+        requestsPerMinute: 60,
+        requestsPerHour: 1000,
+        burstSize: 10,
+    });
+}
+//# sourceMappingURL=AgentRateLimiter.js.map

package/dist/infrastructure/network/AgentRateLimiter.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"AgentRateLimiter.js","sourceRoot":"","sources":["../../../src/infrastructure/network/AgentRateLimiter.ts"],"names":[],"mappings":";AAAA;;;;;;;;GAQG;;;AAmOH,4DAMC;AA9MD;;;;;;;;GAQG;AACH,MAAa,gBAAgB;IAK3B,YAAY,MAAuB;QAF3B,oBAAe,GAA0C,IAAI,CAAC;QAGpE,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,OAAO,GAAG,IAAI,GAAG,EAAE,CAAC;QAEzB,yCAAyC;QACzC,IAAI,CAAC,eAAe,GAAG,WAAW,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,OAAO,EAAE,EAAE,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAC3E,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,OAAe;QACnB,MAAM,MAAM,GAAG,IAAI,CAAC,iBAAiB,CAAC,OAAO,CAAC,CAAC;QAC/C,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;QAC1B,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC;QAE3B,OAAO,IAAI,CAAC,eAAe,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;IAC7C,CAAC;IAED;;OAEG;IACH,OAAO,CAAC,OAAe;QACrB,MAAM,MAAM,GAAG,IAAI,CAAC,iBAAiB,CAAC,OAAO,CAAC,CAAC;QAC/C,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;QAC1B,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC;QAE3B,MAAM,MAAM,GAAG,IAAI,CAAC,eAAe,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;QAElD,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACpB,gBAAgB;YAChB,MAAM,CAAC,MAAM,IAAI,CAAC,CAAC;YACnB,MAAM,CAAC,WAAW,IAAI,CAAC,CAAC;YACxB,MAAM,CAAC,SAAS,IAAI,CAAC,CAAC;QACxB,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,OAAe;QACnB,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAC/B,CAAC;IAED;;OAEG;IACH,SAAS,CAAC,OAAe;QACvB,OAAO,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IAC7B,CAAC;IAED;;OAEG;IACH,gBAAgB;QACd,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC;IACzC,CAAC;IAED;;OAEG;IACH,KAAK;QACH,IAAI,IAAI,CAAC,eAAe,EAAE,CAAC;YACzB,aAAa,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;YACpC,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC;QAC9B,CAAC;IACH,CAAC;IAED,+CAA+C;IAC/C,kBAAkB;IAClB,+CAA+C;IAEvC,iBAAiB,CAAC,OAAe;QACvC,IAAI,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QAEvC,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;YACvB,MAAM,GAAG;gBACP,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,SAAS;gBAC7B,UAAU,EAAE,GAAG;gBACf,WAAW,EAAE,CAAC;gBACd,iBAAiB,EAAE,GAAG;gBACtB,SAAS,EAAE,CAAC;gBACZ,eAAe,EAAE,GAAG;aACrB,CAAC;YACF,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QACpC,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;IAEO,YAAY,CAAC,MAAmB;QACtC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,MAAM,OAAO,GAAG,GAAG,GAAG,MAAM,CAAC,UAAU,CAAC;QAExC,gDAAgD;QAChD,MAAM,UAAU,GAAG,IAAI,CAAC,MAAM,CAAC,iBAAiB,GAAG,EAAE,CAAC;QACtD,MAAM,YAAY,GAAG,CAAC,OAAO,GAAG,IAAI,CAAC,GAAG,UAAU,CAAC;QAEnD,MAAM,CAAC,MAAM,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,MAAM,GAAG,YAAY,CAAC,CAAC;QAC9E,MAAM,CAAC,UAAU,GAAG,GAAG,CAAC;IAC1B,CAAC;IAEO,aAAa,CAAC,MAAmB;QACvC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAEvB,sBAAsB;QACtB,IAAI,GAAG,GAAG,MAAM,CAAC,iBAAiB,IAAI,KAAK,EAAE,CAAC;YAC5C,MAAM,CAAC,WAAW,GAAG,CAAC,CAAC;YACvB,MAAM,CAAC,iBAAiB,GAAG,GAAG,CAAC;QACjC,CAAC;QAED,oBAAoB;QACpB,IAAI,GAAG,GAAG,MAAM,CAAC,eAAe,IAAI,OAAO,EAAE,CAAC;YAC5C,MAAM,CAAC,SAAS,GAAG,CAAC,CAAC;YACrB,MAAM,CAAC,eAAe,GAAG,GAAG,CAAC;QAC/B,CAAC;IACH,CAAC;IAEO,eAAe,CAAC,MAAmB,EAAE,UAAmB;QAC9D,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAEvB,yBAAyB;QACzB,MAAM,eAAe,GAAG,IAAI,CAAC,MAAM,CAAC,iBAAiB,GAAG,MAAM,CAAC,WAAW,CAAC;QAC3E,MAAM,aAAa,GAAG,KAAK,GAAG,CAAC,GAAG,GAAG,MAAM,CAAC,iBAAiB,CAAC,CAAC;QAE/D,uBAAuB;QACvB,MAAM,aAAa,GAAG,IAAI,CAAC,MAAM,CAAC,eAAe,GAAG,MAAM,CAAC,SAAS,CAAC;QACrE,MAAM,WAAW,GAAG,OAAO,GAAG,CAAC,GAAG,GAAG,MAAM,CAAC,eAAe,CAAC,CAAC;QAE7D,qBAAqB;QACrB,MAAM,eAAe,GAAG,MAAM,CAAC,MAAM,IAAI,CAAC,CAAC;QAE3C,uBAAuB;QACvB,sEAAsE;QACtE,qEAAqE;QACrE,IAAI,OAAO,GAAG,KAAK,CAAC;QACpB,IAAI,UAAU,GAAG,CAAC,CAAC;QAEnB,qBAAqB;QACrB,IAAI,MAAM,CAAC,WAAW,IAAI,IAAI,CAAC,MAAM,CAAC,iBAAiB,EAAE,CAAC;YACxD,OAAO,GAAG,IAAI,CAAC;YACf,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,UAAU,EAAE,aAAa,CAAC,CAAC;QACnD,CAAC;QAED,mBAAmB;QACnB,IAAI,MAAM,CAAC,SAAS,IAAI,IAAI,CAAC,MAAM,CAAC,eAAe,EAAE,CAAC;YACpD,OAAO,GAAG,IAAI,CAAC;YACf,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;QACjD,CAAC;QAED,uDAAuD;QACvD,IAAI,UAAU,IAAI,CAAC,eAAe,EAAE,CAAC;YACnC,OAAO,GAAG,IAAI,CAAC;YACf,oCAAoC;YACpC,MAAM,UAAU,GAAG,IAAI,CAAC,MAAM,CAAC,iBAAiB,GAAG,EAAE,CAAC;YACtD,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,UAAU,EAAE,IAAI,CAAC,IAAI,CAAC,IAAI,GAAG,UAAU,CAAC,CAAC,CAAC;QAClE,CAAC;QAED,OAAO;YACL,OAAO;YACP,WAAW,EAAE,MAAM,CAAC,WAAW;YAC/B,SAAS,EAAE,IAAI,CAAC,GAAG,CAAC,eAAe,EAAE,aAAa,EAAE,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;YAC9E,OAAO,EAAE,IAAI,CAAC,GAAG,CAAC,aAAa,EAAE,WAAW,CAAC;YAC7C,UAAU,EAAE,OAAO,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS;SAC7C,CAAC;IACJ,CAAC;IAEO,OAAO;QACb,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,MAAM,cAAc,GAAG,OAAO,CAAC,CAAC,SAAS;QAEzC,KAAK,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YAC7C,mDAAmD;YACnD,IAAI,GAAG,GAAG,MAAM,CAAC,UAAU,GAAG,cAAc,EAAE,CAAC;gBAC7C,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;YAC/B,CAAC;QACH,CAAC;IACH,CAAC;CACF;AA1LD,4CA0LC;AAED;;GAEG;AACH,SAAgB,wBAAwB;IACtC,OAAO,IAAI,gBAAgB,CAAC;QAC1B,iBAAiB,EAAE,EAAE;QACrB,eAAe,EAAE,IAAI;QACrB,SAAS,EAAE,EAAE;KACd,CAAC,CAAC;AACL,CAAC"}

package/dist/infrastructure/network/AuditLogger.d.ts

@@ -0,0 +1,102 @@
+/**
+ * Audit Logger for Network Policy Enforcement
+ *
+ * Logs all network requests with configurable retention and querying.
+ * Supports both in-memory and persistent storage.
+ *
+ * @module infrastructure/network/AuditLogger
+ * @see Issue #146 - Security Hardening: SP-3 Network Policy Enforcement
+ */
+import type { AuditEntry, AuditQueryFilter, AuditStats } from './types.js';
+/**
+ * Audit logger configuration
+ */
+export interface AuditLoggerConfig {
+    /** Maximum entries to keep in memory */
+    maxEntries: number;
+    /** Persist to file */
+    persistToFile: boolean;
+    /** File path for persistence */
+    filePath?: string;
+    /** Auto-save interval in ms (0 to disable) */
+    autoSaveIntervalMs: number;
+    /** Enable debug logging */
+    debug: boolean;
+}
+/**
+ * Audit logger for network requests
+ *
+ * Features:
+ * - In-memory circular buffer
+ * - Query by agent, domain, action, time range
+ * - Statistics aggregation
+ * - JSON export
+ * - Optional file persistence
+ */
+export declare class AuditLogger {
+    private entries;
+    private config;
+    private saveInterval;
+    private dirty;
+    constructor(config?: Partial<AuditLoggerConfig>);
+    /**
+     * Log a network request
+     */
+    log(entry: Omit<AuditEntry, 'id' | 'timestamp'>): Promise<AuditEntry>;
+    /**
+     * Log an allowed request
+     */
+    logAllowed(agentId: string, agentType: string, domain: string, options?: Partial<AuditEntry>): Promise<AuditEntry>;
+    /**
+     * Log a blocked request
+     */
+    logBlocked(agentId: string, agentType: string, domain: string, reason: string, options?: Partial<AuditEntry>): Promise<AuditEntry>;
+    /**
+     * Log a rate-limited request
+     */
+    logRateLimited(agentId: string, agentType: string, domain: string, options?: Partial<AuditEntry>): Promise<AuditEntry>;
+    /**
+     * Query audit entries
+     */
+    query(filter: AuditQueryFilter): Promise<AuditEntry[]>;
+    /**
+     * Get audit statistics
+     */
+    getStats(since?: Date): Promise<AuditStats>;
+    /**
+     * Export entries to JSON file
+     */
+    exportToJson(filepath: string): Promise<void>;
+    /**
+     * Import entries from JSON file
+     */
+    importFromJson(filepath: string): Promise<number>;
+    /**
+     * Save to configured file
+     */
+    save(): Promise<void>;
+    /**
+     * Load from configured file
+     */
+    load(): Promise<void>;
+    /**
+     * Clear all entries
+     */
+    clear(): void;
+    /**
+     * Get entry count
+     */
+    size(): number;
+    /**
+     * Get recent entries
+     */
+    getRecent(count?: number): AuditEntry[];
+    /**
+     * Close and cleanup
+     */
+    close(): Promise<void>;
+    private startAutoSave;
+    private stopAutoSave;
+    private debug;
+}
+//# sourceMappingURL=AuditLogger.d.ts.map

package/dist/infrastructure/network/AuditLogger.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"AuditLogger.d.ts","sourceRoot":"","sources":["../../../src/infrastructure/network/AuditLogger.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAKH,OAAO,KAAK,EAAE,UAAU,EAAe,gBAAgB,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAExF;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,wCAAwC;IACxC,UAAU,EAAE,MAAM,CAAC;IAEnB,sBAAsB;IACtB,aAAa,EAAE,OAAO,CAAC;IAEvB,gCAAgC;IAChC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB,8CAA8C;IAC9C,kBAAkB,EAAE,MAAM,CAAC;IAE3B,2BAA2B;IAC3B,KAAK,EAAE,OAAO,CAAC;CAChB;AAYD;;;;;;;;;GASG;AACH,qBAAa,WAAW;IACtB,OAAO,CAAC,OAAO,CAAe;IAC9B,OAAO,CAAC,MAAM,CAAoB;IAClC,OAAO,CAAC,YAAY,CAA+C;IACnE,OAAO,CAAC,KAAK,CAAkB;gBAEnB,MAAM,GAAE,OAAO,CAAC,iBAAiB,CAAM;IASnD;;OAEG;IACG,GAAG,CAAC,KAAK,EAAE,IAAI,CAAC,UAAU,EAAE,IAAI,GAAG,WAAW,CAAC,GAAG,OAAO,CAAC,UAAU,CAAC;IAoB3E;;OAEG;IACG,UAAU,CACd,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,OAAO,GAAE,OAAO,CAAC,UAAU,CAAM,GAChC,OAAO,CAAC,UAAU,CAAC;IAUtB;;OAEG;IACG,UAAU,CACd,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,MAAM,EACd,OAAO,GAAE,OAAO,CAAC,UAAU,CAAM,GAChC,OAAO,CAAC,UAAU,CAAC;IAWtB;;OAEG;IACG,cAAc,CAClB,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,OAAO,GAAE,OAAO,CAAC,UAAU,CAAM,GAChC,OAAO,CAAC,UAAU,CAAC;IAWtB;;OAEG;IACG,KAAK,CAAC,MAAM,EAAE,gBAAgB,GAAG,OAAO,CAAC,UAAU,EAAE,CAAC;IAwC5D;;OAEG;IACG,QAAQ,CAAC,KAAK,CAAC,EAAE,IAAI,GAAG,OAAO,CAAC,UAAU,CAAC;IAqDjD;;OAEG;IACG,YAAY,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAOnD;;OAEG;IACG,cAAc,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAoBvD;;OAEG;IACG,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;IAa3B;;OAEG;IACG,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;IAQ3B;;OAEG;IACH,KAAK,IAAI,IAAI;IAMb;;OAEG;IACH,IAAI,IAAI,MAAM;IAId;;OAEG;IACH,SAAS,CAAC,KAAK,GAAE,MAAW,GAAG,UAAU,EAAE;IAI3C;;OAEG;IACG,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAS5B,OAAO,CAAC,aAAa;IAQrB,OAAO,CAAC,YAAY;IAOpB,OAAO,CAAC,KAAK;CAKd"}

package/dist/infrastructure/network/AuditLogger.js

@@ -0,0 +1,284 @@
+"use strict";
+/**
+ * Audit Logger for Network Policy Enforcement
+ *
+ * Logs all network requests with configurable retention and querying.
+ * Supports both in-memory and persistent storage.
+ *
+ * @module infrastructure/network/AuditLogger
+ * @see Issue #146 - Security Hardening: SP-3 Network Policy Enforcement
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuditLogger = void 0;
+const crypto_1 = require("crypto");
+const promises_1 = require("fs/promises");
+const path_1 = require("path");
+/**
+ * Default audit logger configuration
+ */
+const DEFAULT_CONFIG = {
+    maxEntries: 10000,
+    persistToFile: false,
+    autoSaveIntervalMs: 0,
+    debug: false,
+};
+/**
+ * Audit logger for network requests
+ *
+ * Features:
+ * - In-memory circular buffer
+ * - Query by agent, domain, action, time range
+ * - Statistics aggregation
+ * - JSON export
+ * - Optional file persistence
+ */
+class AuditLogger {
+    constructor(config = {}) {
+        this.saveInterval = null;
+        this.dirty = false;
+        this.config = { ...DEFAULT_CONFIG, ...config };
+        this.entries = [];
+        if (this.config.persistToFile && this.config.autoSaveIntervalMs > 0) {
+            this.startAutoSave();
+        }
+    }
+    /**
+     * Log a network request
+     */
+    async log(entry) {
+        const fullEntry = {
+            id: (0, crypto_1.randomUUID)(),
+            timestamp: new Date(),
+            ...entry,
+        };
+        this.entries.push(fullEntry);
+        this.dirty = true;
+        // Evict oldest if over limit
+        if (this.entries.length > this.config.maxEntries) {
+            this.entries.shift();
+        }
+        this.debug(`Logged: ${entry.action} ${entry.domain} for ${entry.agentType}`);
+        return fullEntry;
+    }
+    /**
+     * Log an allowed request
+     */
+    async logAllowed(agentId, agentType, domain, options = {}) {
+        return this.log({
+            agentId,
+            agentType,
+            domain,
+            action: 'allowed',
+            ...options,
+        });
+    }
+    /**
+     * Log a blocked request
+     */
+    async logBlocked(agentId, agentType, domain, reason, options = {}) {
+        return this.log({
+            agentId,
+            agentType,
+            domain,
+            action: 'blocked',
+            reason,
+            ...options,
+        });
+    }
+    /**
+     * Log a rate-limited request
+     */
+    async logRateLimited(agentId, agentType, domain, options = {}) {
+        return this.log({
+            agentId,
+            agentType,
+            domain,
+            action: 'rate_limited',
+            reason: 'Rate limit exceeded',
+            ...options,
+        });
+    }
+    /**
+     * Query audit entries
+     */
+    async query(filter) {
+        let results = [...this.entries];
+        // Apply filters
+        if (filter.agentId) {
+            results = results.filter((e) => e.agentId === filter.agentId);
+        }
+        if (filter.agentType) {
+            results = results.filter((e) => e.agentType === filter.agentType);
+        }
+        if (filter.domain) {
+            results = results.filter((e) => e.domain === filter.domain);
+        }
+        if (filter.action) {
+            results = results.filter((e) => e.action === filter.action);
+        }
+        if (filter.since) {
+            results = results.filter((e) => e.timestamp >= filter.since);
+        }
+        if (filter.until) {
+            results = results.filter((e) => e.timestamp <= filter.until);
+        }
+        // Apply pagination
+        if (filter.offset) {
+            results = results.slice(filter.offset);
+        }
+        if (filter.limit) {
+            results = results.slice(0, filter.limit);
+        }
+        return results;
+    }
+    /**
+     * Get audit statistics
+     */
+    async getStats(since) {
+        const sinceDate = since || new Date(Date.now() - 24 * 60 * 60 * 1000); // Default: last 24h
+        const filtered = this.entries.filter((e) => e.timestamp >= sinceDate);
+        const byDomain = {};
+        const byAgentType = {};
+        let totalResponseTime = 0;
+        let responseTimeCount = 0;
+        let allowedRequests = 0;
+        let blockedRequests = 0;
+        let rateLimitedRequests = 0;
+        for (const entry of filtered) {
+            // Count by domain
+            byDomain[entry.domain] = (byDomain[entry.domain] || 0) + 1;
+            // Count by agent type
+            byAgentType[entry.agentType] = (byAgentType[entry.agentType] || 0) + 1;
+            // Count by action
+            switch (entry.action) {
+                case 'allowed':
+                    allowedRequests++;
+                    break;
+                case 'blocked':
+                    blockedRequests++;
+                    break;
+                case 'rate_limited':
+                    rateLimitedRequests++;
+                    break;
+            }
+            // Sum response times
+            if (entry.responseTimeMs !== undefined) {
+                totalResponseTime += entry.responseTimeMs;
+                responseTimeCount++;
+            }
+        }
+        return {
+            totalRequests: filtered.length,
+            allowedRequests,
+            blockedRequests,
+            rateLimitedRequests,
+            byDomain,
+            byAgentType,
+            avgResponseTimeMs: responseTimeCount > 0 ? totalResponseTime / responseTimeCount : 0,
+            since: sinceDate,
+            timestamp: new Date(),
+        };
+    }
+    /**
+     * Export entries to JSON file
+     */
+    async exportToJson(filepath) {
+        const data = JSON.stringify(this.entries, null, 2);
+        await (0, promises_1.mkdir)((0, path_1.dirname)(filepath), { recursive: true });
+        await (0, promises_1.writeFile)(filepath, data, 'utf-8');
+        this.debug(`Exported ${this.entries.length} entries to ${filepath}`);
+    }
+    /**
+     * Import entries from JSON file
+     */
+    async importFromJson(filepath) {
+        try {
+            const data = await (0, promises_1.readFile)(filepath, 'utf-8');
+            const entries = JSON.parse(data);
+            // Convert timestamp strings to Date objects
+            for (const entry of entries) {
+                entry.timestamp = new Date(entry.timestamp);
+            }
+            this.entries = entries;
+            this.dirty = false;
+            this.debug(`Imported ${entries.length} entries from ${filepath}`);
+            return entries.length;
+        }
+        catch (error) {
+            this.debug(`Failed to import: ${error.message}`);
+            return 0;
+        }
+    }
+    /**
+     * Save to configured file
+     */
+    async save() {
+        if (!this.config.persistToFile || !this.config.filePath) {
+            return;
+        }
+        if (!this.dirty) {
+            return;
+        }
+        await this.exportToJson(this.config.filePath);
+        this.dirty = false;
+    }
+    /**
+     * Load from configured file
+     */
+    async load() {
+        if (!this.config.persistToFile || !this.config.filePath) {
+            return;
+        }
+        await this.importFromJson(this.config.filePath);
+    }
+    /**
+     * Clear all entries
+     */
+    clear() {
+        this.entries = [];
+        this.dirty = true;
+        this.debug('Cleared all entries');
+    }
+    /**
+     * Get entry count
+     */
+    size() {
+        return this.entries.length;
+    }
+    /**
+     * Get recent entries
+     */
+    getRecent(count = 10) {
+        return this.entries.slice(-count);
+    }
+    /**
+     * Close and cleanup
+     */
+    async close() {
+        this.stopAutoSave();
+        await this.save();
+    }
+    // ============================================
+    // Private Methods
+    // ============================================
+    startAutoSave() {
+        if (this.saveInterval)
+            return;
+        this.saveInterval = setInterval(async () => {
+            await this.save();
+        }, this.config.autoSaveIntervalMs);
+    }
+    stopAutoSave() {
+        if (this.saveInterval) {
+            clearInterval(this.saveInterval);
+            this.saveInterval = null;
+        }
+    }
+    debug(message) {
+        if (this.config.debug) {
+            console.log(`[AuditLogger] ${message}`);
+        }
+    }
+}
+exports.AuditLogger = AuditLogger;
+//# sourceMappingURL=AuditLogger.js.map

package/dist/infrastructure/network/AuditLogger.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"AuditLogger.js","sourceRoot":"","sources":["../../../src/infrastructure/network/AuditLogger.ts"],"names":[],"mappings":";AAAA;;;;;;;;GAQG;;;AAEH,mCAAoC;AACpC,0CAAyD;AACzD,+BAA+B;AAuB/B;;GAEG;AACH,MAAM,cAAc,GAAsB;IACxC,UAAU,EAAE,KAAK;IACjB,aAAa,EAAE,KAAK;IACpB,kBAAkB,EAAE,CAAC;IACrB,KAAK,EAAE,KAAK;CACb,CAAC;AAEF;;;;;;;;;GASG;AACH,MAAa,WAAW;IAMtB,YAAY,SAAqC,EAAE;QAH3C,iBAAY,GAA0C,IAAI,CAAC;QAC3D,UAAK,GAAY,KAAK,CAAC;QAG7B,IAAI,CAAC,MAAM,GAAG,EAAE,GAAG,cAAc,EAAE,GAAG,MAAM,EAAE,CAAC;QAC/C,IAAI,CAAC,OAAO,GAAG,EAAE,CAAC;QAElB,IAAI,IAAI,CAAC,MAAM,CAAC,aAAa,IAAI,IAAI,CAAC,MAAM,CAAC,kBAAkB,GAAG,CAAC,EAAE,CAAC;YACpE,IAAI,CAAC,aAAa,EAAE,CAAC;QACvB,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,GAAG,CAAC,KAA2C;QACnD,MAAM,SAAS,GAAe;YAC5B,EAAE,EAAE,IAAA,mBAAU,GAAE;YAChB,SAAS,EAAE,IAAI,IAAI,EAAE;YACrB,GAAG,KAAK;SACT,CAAC;QAEF,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAC7B,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC;QAElB,6BAA6B;QAC7B,IAAI,IAAI,CAAC,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,UAAU,EAAE,CAAC;YACjD,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;QACvB,CAAC;QAED,IAAI,CAAC,KAAK,CAAC,WAAW,KAAK,CAAC,MAAM,IAAI,KAAK,CAAC,MAAM,QAAQ,KAAK,CAAC,SAAS,EAAE,CAAC,CAAC;QAE7E,OAAO,SAAS,CAAC;IACnB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,UAAU,CACd,OAAe,EACf,SAAiB,EACjB,MAAc,EACd,UAA+B,EAAE;QAEjC,OAAO,IAAI,CAAC,GAAG,CAAC;YACd,OAAO;YACP,SAAS;YACT,MAAM;YACN,MAAM,EAAE,SAAS;YACjB,GAAG,OAAO;SACX,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,UAAU,CACd,OAAe,EACf,SAAiB,EACjB,MAAc,EACd,MAAc,EACd,UAA+B,EAAE;QAEjC,OAAO,IAAI,CAAC,GAAG,CAAC;YACd,OAAO;YACP,SAAS;YACT,MAAM;YACN,MAAM,EAAE,SAAS;YACjB,MAAM;YACN,GAAG,OAAO;SACX,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,cAAc,CAClB,OAAe,EACf,SAAiB,EACjB,MAAc,EACd,UAA+B,EAAE;QAEjC,OAAO,IAAI,CAAC,GAAG,CAAC;YACd,OAAO;YACP,SAAS;YACT,MAAM;YACN,MAAM,EAAE,cAAc;YACtB,MAAM,EAAE,qBAAqB;YAC7B,GAAG,OAAO;SACX,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,KAAK,CAAC,MAAwB;QAClC,IAAI,OAAO,GAAG,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC,CAAC;QAEhC,gBAAgB;QAChB,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;YACnB,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,MAAM,CAAC,OAAO,CAAC,CAAC;QAChE,CAAC;QAED,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;YACrB,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,KAAK,MAAM,CAAC,SAAS,CAAC,CAAC;QACpE,CAAC;QAED,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;YAClB,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,MAAM,CAAC,MAAM,CAAC,CAAC;QAC9D,CAAC;QAED,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;YAClB,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,MAAM,CAAC,MAAM,CAAC,CAAC;QAC9D,CAAC;QAED,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;YACjB,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,IAAI,MAAM,CAAC,KAAM,CAAC,CAAC;QAChE,CAAC;QAED,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;YACjB,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,IAAI,MAAM,CAAC,KAAM,CAAC,CAAC;QAChE,CAAC;QAED,mBAAmB;QACnB,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;YAClB,OAAO,GAAG,OAAO,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QACzC,CAAC;QAED,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;YACjB,OAAO,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC;QAC3C,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,QAAQ,CAAC,KAAY;QACzB,MAAM,SAAS,GAAG,KAAK,IAAI,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,CAAC,oBAAoB;QAC3F,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,IAAI,SAAS,CAAC,CAAC;QAEtE,MAAM,QAAQ,GAA2B,EAAE,CAAC;QAC5C,MAAM,WAAW,GAA2B,EAAE,CAAC;QAC/C,IAAI,iBAAiB,GAAG,CAAC,CAAC;QAC1B,IAAI,iBAAiB,GAAG,CAAC,CAAC;QAE1B,IAAI,eAAe,GAAG,CAAC,CAAC;QACxB,IAAI,eAAe,GAAG,CAAC,CAAC;QACxB,IAAI,mBAAmB,GAAG,CAAC,CAAC;QAE5B,KAAK,MAAM,KAAK,IAAI,QAAQ,EAAE,CAAC;YAC7B,kBAAkB;YAClB,QAAQ,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;YAE3D,sBAAsB;YACtB,WAAW,CAAC,KAAK,CAAC,SAAS,CAAC,GAAG,CAAC,WAAW,CAAC,KAAK,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;YAEvE,kBAAkB;YAClB,QAAQ,KAAK,CAAC,MAAM,EAAE,CAAC;gBACrB,KAAK,SAAS;oBACZ,eAAe,EAAE,CAAC;oBAClB,MAAM;gBACR,KAAK,SAAS;oBACZ,eAAe,EAAE,CAAC;oBAClB,MAAM;gBACR,KAAK,cAAc;oBACjB,mBAAmB,EAAE,CAAC;oBACtB,MAAM;YACV,CAAC;YAED,qBAAqB;YACrB,IAAI,KAAK,CAAC,cAAc,KAAK,SAAS,EAAE,CAAC;gBACvC,iBAAiB,IAAI,KAAK,CAAC,cAAc,CAAC;gBAC1C,iBAAiB,EAAE,CAAC;YACtB,CAAC;QACH,CAAC;QAED,OAAO;YACL,aAAa,EAAE,QAAQ,CAAC,MAAM;YAC9B,eAAe;YACf,eAAe;YACf,mBAAmB;YACnB,QAAQ;YACR,WAAW;YACX,iBAAiB,EAAE,iBAAiB,GAAG,CAAC,CAAC,CAAC,CAAC,iBAAiB,GAAG,iBAAiB,CAAC,CAAC,CAAC,CAAC;YACpF,KAAK,EAAE,SAAS;YAChB,SAAS,EAAE,IAAI,IAAI,EAAE;SACtB,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,YAAY,CAAC,QAAgB;QACjC,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;QACnD,MAAM,IAAA,gBAAK,EAAC,IAAA,cAAO,EAAC,QAAQ,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QACpD,MAAM,IAAA,oBAAS,EAAC,QAAQ,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;QACzC,IAAI,CAAC,KAAK,CAAC,YAAY,IAAI,CAAC,OAAO,CAAC,MAAM,eAAe,QAAQ,EAAE,CAAC,CAAC;IACvE,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,cAAc,CAAC,QAAgB;QACnC,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,IAAA,mBAAQ,EAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;YAC/C,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAiB,CAAC;YAEjD,4CAA4C;YAC5C,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;gBAC5B,KAAK,CAAC,SAAS,GAAG,IAAI,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;YAC9C,CAAC;YAED,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;YACvB,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;YACnB,IAAI,CAAC,KAAK,CAAC,YAAY,OAAO,CAAC,MAAM,iBAAiB,QAAQ,EAAE,CAAC,CAAC;YAClE,OAAO,OAAO,CAAC,MAAM,CAAC;QACxB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,KAAK,CAAC,qBAAsB,KAAe,CAAC,OAAO,EAAE,CAAC,CAAC;YAC5D,OAAO,CAAC,CAAC;QACX,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,IAAI;QACR,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,aAAa,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC;YACxD,OAAO;QACT,CAAC;QAED,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC;YAChB,OAAO;QACT,CAAC;QAED,MAAM,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QAC9C,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;IACrB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,IAAI;QACR,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,aAAa,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC;YACxD,OAAO;QACT,CAAC;QAED,MAAM,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IAClD,CAAC;IAED;;OAEG;IACH,KAAK;QACH,IAAI,CAAC,OAAO,GAAG,EAAE,CAAC;QAClB,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC;QAClB,IAAI,CAAC,KAAK,CAAC,qBAAqB,CAAC,CAAC;IACpC,CAAC;IAED;;OAEG;IACH,IAAI;QACF,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC;IAC7B,CAAC;IAED;;OAEG;IACH,SAAS,CAAC,QAAgB,EAAE;QAC1B,OAAO,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC;IACpC,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,KAAK;QACT,IAAI,CAAC,YAAY,EAAE,CAAC;QACpB,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;IACpB,CAAC;IAED,+CAA+C;IAC/C,kBAAkB;IAClB,+CAA+C;IAEvC,aAAa;QACnB,IAAI,IAAI,CAAC,YAAY;YAAE,OAAO;QAE9B,IAAI,CAAC,YAAY,GAAG,WAAW,CAAC,KAAK,IAAI,EAAE;YACzC,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;QACpB,CAAC,EAAE,IAAI,CAAC,MAAM,CAAC,kBAAkB,CAAC,CAAC;IACrC,CAAC;IAEO,YAAY;QAClB,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YACtB,aAAa,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;YACjC,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC;QAC3B,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,OAAe;QAC3B,IAAI,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;YACtB,OAAO,CAAC,GAAG,CAAC,iBAAiB,OAAO,EAAE,CAAC,CAAC;QAC1C,CAAC;IACH,CAAC;CACF;AArTD,kCAqTC"}