agentic-qe 2.8.1 → 2.8.2

package/dist/infrastructure/network/DomainWhitelist.d.ts

@@ -0,0 +1,111 @@
+/**
+ * Domain Whitelist for Network Policy Enforcement
+ *
+ * Manages allowed domains with support for wildcards and subdomains.
+ * Provides O(1) lookup for exact matches and O(n) for wildcard patterns.
+ *
+ * @module infrastructure/network/DomainWhitelist
+ * @see Issue #146 - Security Hardening: SP-3 Network Policy Enforcement
+ */
+/**
+ * Domain whitelist with wildcard support
+ *
+ * Features:
+ * - Exact domain matching
+ * - Wildcard patterns (*.example.com)
+ * - Subdomain matching
+ * - Case-insensitive matching
+ */
+export declare class DomainWhitelist {
+    /** Exact domain matches (normalized to lowercase) */
+    private exactDomains;
+    /** Wildcard patterns as regex */
+    private wildcardPatterns;
+    /** Original domain list */
+    private domains;
+    constructor(domains?: string[]);
+    /**
+     * Add a domain to the whitelist
+     * @param domain Domain or pattern (e.g., "example.com" or "*.example.com")
+     */
+    addDomain(domain: string): void;
+    /**
+     * Remove a domain from the whitelist
+     * @param domain Domain to remove
+     */
+    removeDomain(domain: string): void;
+    /**
+     * Check if a domain is allowed
+     * @param domain Domain to check
+     * @returns true if allowed
+     */
+    isAllowed(domain: string): boolean;
+    /**
+     * Check if a URL is allowed
+     * @param url Full URL to check
+     * @returns true if the domain is allowed
+     */
+    isUrlAllowed(url: string): boolean;
+    /**
+     * List all domains in the whitelist
+     */
+    listDomains(): string[];
+    /**
+     * Get the number of domains
+     */
+    size(): number;
+    /**
+     * Clear all domains
+     */
+    clear(): void;
+    /**
+     * Check if the whitelist is empty
+     */
+    isEmpty(): boolean;
+    /**
+     * Merge another whitelist into this one
+     */
+    merge(other: DomainWhitelist): void;
+    /**
+     * Create a copy of this whitelist
+     */
+    clone(): DomainWhitelist;
+    /**
+     * Get matching pattern for a domain (for debugging)
+     */
+    getMatchingPattern(domain: string): string | null;
+    /**
+     * Export to JSON
+     */
+    toJSON(): string[];
+    /**
+     * Create from JSON
+     */
+    static fromJSON(domains: string[]): DomainWhitelist;
+    /**
+     * Escape special regex characters
+     */
+    private escapeRegex;
+}
+/**
+ * Common domain presets
+ */
+export declare const COMMON_DOMAIN_PRESETS: {
+    /** Anthropic API */
+    anthropic: string[];
+    /** GitHub */
+    github: string[];
+    /** npm registry */
+    npm: string[];
+    /** Security databases */
+    security: string[];
+    /** OpenAI */
+    openai: string[];
+    /** Localhost */
+    localhost: string[];
+};
+/**
+ * Create a whitelist from presets
+ */
+export declare function createWhitelistFromPresets(...presetNames: (keyof typeof COMMON_DOMAIN_PRESETS)[]): DomainWhitelist;
+//# sourceMappingURL=DomainWhitelist.d.ts.map

package/dist/infrastructure/network/DomainWhitelist.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"DomainWhitelist.d.ts","sourceRoot":"","sources":["../../../src/infrastructure/network/DomainWhitelist.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH;;;;;;;;GAQG;AACH,qBAAa,eAAe;IAC1B,qDAAqD;IACrD,OAAO,CAAC,YAAY,CAAc;IAElC,iCAAiC;IACjC,OAAO,CAAC,gBAAgB,CAA4C;IAEpE,2BAA2B;IAC3B,OAAO,CAAC,OAAO,CAAW;gBAEd,OAAO,GAAE,MAAM,EAAO;IAUlC;;;OAGG;IACH,SAAS,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI;IAuB/B;;;OAGG;IACH,YAAY,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI;IAiBlC;;;;OAIG;IACH,SAAS,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO;IAkBlC;;;;OAIG;IACH,YAAY,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO;IASlC;;OAEG;IACH,WAAW,IAAI,MAAM,EAAE;IAIvB;;OAEG;IACH,IAAI,IAAI,MAAM;IAId;;OAEG;IACH,KAAK,IAAI,IAAI;IAMb;;OAEG;IACH,OAAO,IAAI,OAAO;IAIlB;;OAEG;IACH,KAAK,CAAC,KAAK,EAAE,eAAe,GAAG,IAAI;IAMnC;;OAEG;IACH,KAAK,IAAI,eAAe;IAIxB;;OAEG;IACH,kBAAkB,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI;IAgBjD;;OAEG;IACH,MAAM,IAAI,MAAM,EAAE;IAIlB;;OAEG;IACH,MAAM,CAAC,QAAQ,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,eAAe;IAQnD;;OAEG;IACH,OAAO,CAAC,WAAW;CAGpB;AAED;;GAEG;AACH,eAAO,MAAM,qBAAqB;IAChC,oBAAoB;;IAGpB,aAAa;;IAGb,mBAAmB;;IAGnB,yBAAyB;;IAGzB,aAAa;;IAGb,gBAAgB;;CAEjB,CAAC;AAEF;;GAEG;AACH,wBAAgB,0BAA0B,CACxC,GAAG,WAAW,EAAE,CAAC,MAAM,OAAO,qBAAqB,CAAC,EAAE,GACrD,eAAe,CAWjB"}

package/dist/infrastructure/network/DomainWhitelist.js

@@ -0,0 +1,216 @@
+"use strict";
+/**
+ * Domain Whitelist for Network Policy Enforcement
+ *
+ * Manages allowed domains with support for wildcards and subdomains.
+ * Provides O(1) lookup for exact matches and O(n) for wildcard patterns.
+ *
+ * @module infrastructure/network/DomainWhitelist
+ * @see Issue #146 - Security Hardening: SP-3 Network Policy Enforcement
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.COMMON_DOMAIN_PRESETS = exports.DomainWhitelist = void 0;
+exports.createWhitelistFromPresets = createWhitelistFromPresets;
+/**
+ * Domain whitelist with wildcard support
+ *
+ * Features:
+ * - Exact domain matching
+ * - Wildcard patterns (*.example.com)
+ * - Subdomain matching
+ * - Case-insensitive matching
+ */
+class DomainWhitelist {
+    constructor(domains = []) {
+        this.exactDomains = new Set();
+        this.wildcardPatterns = [];
+        this.domains = [];
+        for (const domain of domains) {
+            this.addDomain(domain);
+        }
+    }
+    /**
+     * Add a domain to the whitelist
+     * @param domain Domain or pattern (e.g., "example.com" or "*.example.com")
+     */
+    addDomain(domain) {
+        const normalized = domain.toLowerCase().trim();
+        if (this.domains.includes(normalized)) {
+            return; // Already added
+        }
+        this.domains.push(normalized);
+        if (normalized.startsWith('*.')) {
+            // Wildcard pattern
+            const suffix = normalized.slice(2);
+            const regexPattern = `^([a-z0-9-]+\\.)*${this.escapeRegex(suffix)}$`;
+            this.wildcardPatterns.push({
+                pattern: normalized,
+                regex: new RegExp(regexPattern, 'i'),
+            });
+        }
+        else {
+            // Exact domain
+            this.exactDomains.add(normalized);
+        }
+    }
+    /**
+     * Remove a domain from the whitelist
+     * @param domain Domain to remove
+     */
+    removeDomain(domain) {
+        const normalized = domain.toLowerCase().trim();
+        const index = this.domains.indexOf(normalized);
+        if (index === -1)
+            return;
+        this.domains.splice(index, 1);
+        if (normalized.startsWith('*.')) {
+            // Remove wildcard pattern
+            this.wildcardPatterns = this.wildcardPatterns.filter((p) => p.pattern !== normalized);
+        }
+        else {
+            // Remove exact domain
+            this.exactDomains.delete(normalized);
+        }
+    }
+    /**
+     * Check if a domain is allowed
+     * @param domain Domain to check
+     * @returns true if allowed
+     */
+    isAllowed(domain) {
+        const normalized = domain.toLowerCase().trim();
+        // Check exact match first (O(1))
+        if (this.exactDomains.has(normalized)) {
+            return true;
+        }
+        // Check wildcard patterns (O(n))
+        for (const { regex } of this.wildcardPatterns) {
+            if (regex.test(normalized)) {
+                return true;
+            }
+        }
+        return false;
+    }
+    /**
+     * Check if a URL is allowed
+     * @param url Full URL to check
+     * @returns true if the domain is allowed
+     */
+    isUrlAllowed(url) {
+        try {
+            const parsedUrl = new URL(url);
+            return this.isAllowed(parsedUrl.hostname);
+        }
+        catch {
+            return false;
+        }
+    }
+    /**
+     * List all domains in the whitelist
+     */
+    listDomains() {
+        return [...this.domains];
+    }
+    /**
+     * Get the number of domains
+     */
+    size() {
+        return this.domains.length;
+    }
+    /**
+     * Clear all domains
+     */
+    clear() {
+        this.exactDomains.clear();
+        this.wildcardPatterns = [];
+        this.domains = [];
+    }
+    /**
+     * Check if the whitelist is empty
+     */
+    isEmpty() {
+        return this.domains.length === 0;
+    }
+    /**
+     * Merge another whitelist into this one
+     */
+    merge(other) {
+        for (const domain of other.domains) {
+            this.addDomain(domain);
+        }
+    }
+    /**
+     * Create a copy of this whitelist
+     */
+    clone() {
+        return new DomainWhitelist([...this.domains]);
+    }
+    /**
+     * Get matching pattern for a domain (for debugging)
+     */
+    getMatchingPattern(domain) {
+        const normalized = domain.toLowerCase().trim();
+        if (this.exactDomains.has(normalized)) {
+            return normalized;
+        }
+        for (const { pattern, regex } of this.wildcardPatterns) {
+            if (regex.test(normalized)) {
+                return pattern;
+            }
+        }
+        return null;
+    }
+    /**
+     * Export to JSON
+     */
+    toJSON() {
+        return [...this.domains];
+    }
+    /**
+     * Create from JSON
+     */
+    static fromJSON(domains) {
+        return new DomainWhitelist(domains);
+    }
+    // ============================================
+    // Private Methods
+    // ============================================
+    /**
+     * Escape special regex characters
+     */
+    escapeRegex(str) {
+        return str.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
+    }
+}
+exports.DomainWhitelist = DomainWhitelist;
+/**
+ * Common domain presets
+ */
+exports.COMMON_DOMAIN_PRESETS = {
+    /** Anthropic API */
+    anthropic: ['api.anthropic.com'],
+    /** GitHub */
+    github: ['api.github.com', 'github.com', 'raw.githubusercontent.com'],
+    /** npm registry */
+    npm: ['registry.npmjs.org', 'www.npmjs.com'],
+    /** Security databases */
+    security: ['nvd.nist.gov', 'cve.mitre.org', 'osv.dev', 'security.snyk.io'],
+    /** OpenAI */
+    openai: ['api.openai.com'],
+    /** Localhost */
+    localhost: ['localhost', '127.0.0.1', '::1'],
+};
+/**
+ * Create a whitelist from presets
+ */
+function createWhitelistFromPresets(...presetNames) {
+    const domains = [];
+    for (const name of presetNames) {
+        const preset = exports.COMMON_DOMAIN_PRESETS[name];
+        if (preset) {
+            domains.push(...preset);
+        }
+    }
+    return new DomainWhitelist(domains);
+}
+//# sourceMappingURL=DomainWhitelist.js.map

package/dist/infrastructure/network/DomainWhitelist.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"DomainWhitelist.js","sourceRoot":"","sources":["../../../src/infrastructure/network/DomainWhitelist.ts"],"names":[],"mappings":";AAAA;;;;;;;;GAQG;;;AAyOH,gEAaC;AApPD;;;;;;;;GAQG;AACH,MAAa,eAAe;IAU1B,YAAY,UAAoB,EAAE;QAChC,IAAI,CAAC,YAAY,GAAG,IAAI,GAAG,EAAE,CAAC;QAC9B,IAAI,CAAC,gBAAgB,GAAG,EAAE,CAAC;QAC3B,IAAI,CAAC,OAAO,GAAG,EAAE,CAAC;QAElB,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;YAC7B,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;QACzB,CAAC;IACH,CAAC;IAED;;;OAGG;IACH,SAAS,CAAC,MAAc;QACtB,MAAM,UAAU,GAAG,MAAM,CAAC,WAAW,EAAE,CAAC,IAAI,EAAE,CAAC;QAE/C,IAAI,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;YACtC,OAAO,CAAC,gBAAgB;QAC1B,CAAC;QAED,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAE9B,IAAI,UAAU,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;YAChC,mBAAmB;YACnB,MAAM,MAAM,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YACnC,MAAM,YAAY,GAAG,oBAAoB,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,GAAG,CAAC;YACrE,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC;gBACzB,OAAO,EAAE,UAAU;gBACnB,KAAK,EAAE,IAAI,MAAM,CAAC,YAAY,EAAE,GAAG,CAAC;aACrC,CAAC,CAAC;QACL,CAAC;aAAM,CAAC;YACN,eAAe;YACf,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QACpC,CAAC;IACH,CAAC;IAED;;;OAGG;IACH,YAAY,CAAC,MAAc;QACzB,MAAM,UAAU,GAAG,MAAM,CAAC,WAAW,EAAE,CAAC,IAAI,EAAE,CAAC;QAE/C,MAAM,KAAK,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;QAC/C,IAAI,KAAK,KAAK,CAAC,CAAC;YAAE,OAAO;QAEzB,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;QAE9B,IAAI,UAAU,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;YAChC,0BAA0B;YAC1B,IAAI,CAAC,gBAAgB,GAAG,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,UAAU,CAAC,CAAC;QACxF,CAAC;aAAM,CAAC;YACN,sBAAsB;YACtB,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;QACvC,CAAC;IACH,CAAC;IAED;;;;OAIG;IACH,SAAS,CAAC,MAAc;QACtB,MAAM,UAAU,GAAG,MAAM,CAAC,WAAW,EAAE,CAAC,IAAI,EAAE,CAAC;QAE/C,iCAAiC;QACjC,IAAI,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,CAAC;YACtC,OAAO,IAAI,CAAC;QACd,CAAC;QAED,iCAAiC;QACjC,KAAK,MAAM,EAAE,KAAK,EAAE,IAAI,IAAI,CAAC,gBAAgB,EAAE,CAAC;YAC9C,IAAI,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC;gBAC3B,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;;;OAIG;IACH,YAAY,CAAC,GAAW;QACtB,IAAI,CAAC;YACH,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;YAC/B,OAAO,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;QAC5C,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED;;OAEG;IACH,WAAW;QACT,OAAO,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC,CAAC;IAC3B,CAAC;IAED;;OAEG;IACH,IAAI;QACF,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC;IAC7B,CAAC;IAED;;OAEG;IACH,KAAK;QACH,IAAI,CAAC,YAAY,CAAC,KAAK,EAAE,CAAC;QAC1B,IAAI,CAAC,gBAAgB,GAAG,EAAE,CAAC;QAC3B,IAAI,CAAC,OAAO,GAAG,EAAE,CAAC;IACpB,CAAC;IAED;;OAEG;IACH,OAAO;QACL,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,KAAK,CAAC,CAAC;IACnC,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,KAAsB;QAC1B,KAAK,MAAM,MAAM,IAAI,KAAK,CAAC,OAAO,EAAE,CAAC;YACnC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;QACzB,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK;QACH,OAAO,IAAI,eAAe,CAAC,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC;IAChD,CAAC;IAED;;OAEG;IACH,kBAAkB,CAAC,MAAc;QAC/B,MAAM,UAAU,GAAG,MAAM,CAAC,WAAW,EAAE,CAAC,IAAI,EAAE,CAAC;QAE/C,IAAI,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,CAAC;YACtC,OAAO,UAAU,CAAC;QACpB,CAAC;QAED,KAAK,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,IAAI,IAAI,CAAC,gBAAgB,EAAE,CAAC;YACvD,IAAI,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC;gBAC3B,OAAO,OAAO,CAAC;YACjB,CAAC;QACH,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;OAEG;IACH,MAAM;QACJ,OAAO,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC,CAAC;IAC3B,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,QAAQ,CAAC,OAAiB;QAC/B,OAAO,IAAI,eAAe,CAAC,OAAO,CAAC,CAAC;IACtC,CAAC;IAED,+CAA+C;IAC/C,kBAAkB;IAClB,+CAA+C;IAE/C;;OAEG;IACK,WAAW,CAAC,GAAW;QAC7B,OAAO,GAAG,CAAC,OAAO,CAAC,qBAAqB,EAAE,MAAM,CAAC,CAAC;IACpD,CAAC;CACF;AAlMD,0CAkMC;AAED;;GAEG;AACU,QAAA,qBAAqB,GAAG;IACnC,oBAAoB;IACpB,SAAS,EAAE,CAAC,mBAAmB,CAAC;IAEhC,aAAa;IACb,MAAM,EAAE,CAAC,gBAAgB,EAAE,YAAY,EAAE,2BAA2B,CAAC;IAErE,mBAAmB;IACnB,GAAG,EAAE,CAAC,oBAAoB,EAAE,eAAe,CAAC;IAE5C,yBAAyB;IACzB,QAAQ,EAAE,CAAC,cAAc,EAAE,eAAe,EAAE,SAAS,EAAE,kBAAkB,CAAC;IAE1E,aAAa;IACb,MAAM,EAAE,CAAC,gBAAgB,CAAC;IAE1B,gBAAgB;IAChB,SAAS,EAAE,CAAC,WAAW,EAAE,WAAW,EAAE,KAAK,CAAC;CAC7C,CAAC;AAEF;;GAEG;AACH,SAAgB,0BAA0B,CACxC,GAAG,WAAmD;IAEtD,MAAM,OAAO,GAAa,EAAE,CAAC;IAE7B,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE,CAAC;QAC/B,MAAM,MAAM,GAAG,6BAAqB,CAAC,IAAI,CAAC,CAAC;QAC3C,IAAI,MAAM,EAAE,CAAC;YACX,OAAO,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,CAAC;QAC1B,CAAC;IACH,CAAC;IAED,OAAO,IAAI,eAAe,CAAC,OAAO,CAAC,CAAC;AACtC,CAAC"}

package/dist/infrastructure/network/NetworkPolicyManager.d.ts

@@ -0,0 +1,97 @@
+/**
+ * Network Policy Manager for Agent Network Access Control
+ *
+ * Central manager for enforcing network policies, domain whitelisting,
+ * rate limiting, and audit logging for all agent types.
+ *
+ * @module infrastructure/network/NetworkPolicyManager
+ * @see Issue #146 - Security Hardening: SP-3 Network Policy Enforcement
+ */
+import type { NetworkPolicy, PolicyCheckResult, NetworkPolicyManagerConfig, NetworkPolicyEventHandler, RateLimitStatus } from './types.js';
+import { AuditLogger } from './AuditLogger.js';
+/**
+ * Network Policy Manager
+ *
+ * Features:
+ * - Per-agent-type policies
+ * - Domain whitelisting
+ * - Rate limiting with token bucket
+ * - Comprehensive audit logging
+ * - Event emission for monitoring
+ */
+export declare class NetworkPolicyManager {
+    private config;
+    private policies;
+    private whitelists;
+    private rateLimiters;
+    private auditLogger;
+    private eventHandlers;
+    private initialized;
+    constructor(config?: Partial<NetworkPolicyManagerConfig>);
+    /**
+     * Initialize the policy manager with default policies
+     */
+    initialize(): Promise<void>;
+    /**
+     * Shutdown the policy manager
+     */
+    shutdown(): Promise<void>;
+    /**
+     * Register a network policy
+     */
+    registerPolicy(policy: NetworkPolicy): void;
+    /**
+     * Check if a request is allowed
+     */
+    checkRequest(agentId: string, agentType: string, domain: string): Promise<PolicyCheckResult>;
+    /**
+     * Record a request (consumes rate limit token)
+     */
+    recordRequest(agentId: string, agentType: string, domain: string, allowed: boolean, responseTimeMs?: number): Promise<void>;
+    /**
+     * Get policy for an agent type
+     */
+    getPolicy(agentType: string): NetworkPolicy;
+    /**
+     * Update a policy
+     */
+    updatePolicy(agentType: string, updates: Partial<NetworkPolicy>): void;
+    /**
+     * Get rate limit status for an agent
+     */
+    getRateLimitStatus(agentId: string, agentType: string): RateLimitStatus;
+    /**
+     * Reset rate limit for an agent
+     */
+    resetRateLimit(agentId: string, agentType: string): void;
+    /**
+     * Get audit logger
+     */
+    getAuditLogger(): AuditLogger;
+    /**
+     * Get audit statistics
+     */
+    getAuditStats(since?: Date): Promise<import("./types.js").AuditStats>;
+    /**
+     * List all registered policy agent types
+     */
+    listPolicies(): string[];
+    /**
+     * Add event handler
+     */
+    on(handler: NetworkPolicyEventHandler): void;
+    /**
+     * Remove event handler
+     */
+    off(handler: NetworkPolicyEventHandler): void;
+    private getWhitelist;
+    private getRateLimiter;
+    private logAndEmit;
+    private emitEvent;
+    private log;
+}
+/**
+ * Create a new NetworkPolicyManager
+ */
+export declare function createNetworkPolicyManager(config?: Partial<NetworkPolicyManagerConfig>): NetworkPolicyManager;
+//# sourceMappingURL=NetworkPolicyManager.d.ts.map

package/dist/infrastructure/network/NetworkPolicyManager.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"NetworkPolicyManager.d.ts","sourceRoot":"","sources":["../../../src/infrastructure/network/NetworkPolicyManager.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,KAAK,EACV,aAAa,EACb,iBAAiB,EACjB,0BAA0B,EAE1B,yBAAyB,EACzB,eAAe,EAChB,MAAM,YAAY,CAAC;AAIpB,OAAO,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAc/C;;;;;;;;;GASG;AACH,qBAAa,oBAAoB;IAC/B,OAAO,CAAC,MAAM,CAA6B;IAC3C,OAAO,CAAC,QAAQ,CAA6B;IAC7C,OAAO,CAAC,UAAU,CAA+B;IACjD,OAAO,CAAC,YAAY,CAAgC;IACpD,OAAO,CAAC,WAAW,CAAc;IACjC,OAAO,CAAC,aAAa,CAAmC;IACxD,OAAO,CAAC,WAAW,CAAkB;gBAEzB,MAAM,GAAE,OAAO,CAAC,0BAA0B,CAAM;IAc5D;;OAEG;IACG,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;IAiBjC;;OAEG;IACG,QAAQ,IAAI,OAAO,CAAC,IAAI,CAAC;IAa/B;;OAEG;IACH,cAAc,CAAC,MAAM,EAAE,aAAa,GAAG,IAAI;IAc3C;;OAEG;IACG,YAAY,CAChB,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,iBAAiB,CAAC;IA6C7B;;OAEG;IACG,aAAa,CACjB,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,OAAO,EAAE,OAAO,EAChB,cAAc,CAAC,EAAE,MAAM,GACtB,OAAO,CAAC,IAAI,CAAC;IAqBhB;;OAEG;IACH,SAAS,CAAC,SAAS,EAAE,MAAM,GAAG,aAAa;IAI3C;;OAEG;IACH,YAAY,CAAC,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,CAAC,aAAa,CAAC,GAAG,IAAI;IAsBtE;;OAEG;IACH,kBAAkB,CAAC,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,eAAe;IAKvE;;OAEG;IACH,cAAc,CAAC,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,IAAI;IAMxD;;OAEG;IACH,cAAc,IAAI,WAAW;IAI7B;;OAEG;IACG,aAAa,CAAC,KAAK,CAAC,EAAE,IAAI;IAIhC;;OAEG;IACH,YAAY,IAAI,MAAM,EAAE;IAIxB;;OAEG;IACH,EAAE,CAAC,OAAO,EAAE,yBAAyB,GAAG,IAAI;IAI5C;;OAEG;IACH,GAAG,CAAC,OAAO,EAAE,yBAAyB,GAAG,IAAI;IAW7C,OAAO,CAAC,YAAY;IAUpB,OAAO,CAAC,cAAc;YAUR,UAAU;IAqCxB,OAAO,CAAC,SAAS;IAUjB,OAAO,CAAC,GAAG;CAKZ;AAED;;GAEG;AACH,wBAAgB,0BAA0B,CACxC,MAAM,CAAC,EAAE,OAAO,CAAC,0BAA0B,CAAC,GAC3C,oBAAoB,CAEtB"}