npm - agentlock-shared - Versions diffs - 0.1.0 → 0.3.0 - Mend

agentlock-shared 0.1.0 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (171) hide show

package/dist/__tests__/billing.test.d.ts +2 -0
package/dist/__tests__/billing.test.d.ts.map +1 -0
package/dist/__tests__/billing.test.js +31 -0
package/dist/__tests__/billing.test.js.map +1 -0
package/dist/__tests__/crypto.test.js +137 -47
package/dist/__tests__/crypto.test.js.map +1 -1
package/dist/__tests__/dns-pinning.test.d.ts +2 -0
package/dist/__tests__/dns-pinning.test.d.ts.map +1 -0
package/dist/__tests__/dns-pinning.test.js +33 -0
package/dist/__tests__/dns-pinning.test.js.map +1 -0
package/dist/__tests__/llm-classifier-cache-store.test.d.ts +2 -0
package/dist/__tests__/llm-classifier-cache-store.test.d.ts.map +1 -0
package/dist/__tests__/llm-classifier-cache-store.test.js +65 -0
package/dist/__tests__/llm-classifier-cache-store.test.js.map +1 -0
package/dist/__tests__/llm-classifier-cache.test.d.ts +2 -0
package/dist/__tests__/llm-classifier-cache.test.d.ts.map +1 -0
package/dist/__tests__/llm-classifier-cache.test.js +44 -0
package/dist/__tests__/llm-classifier-cache.test.js.map +1 -0
package/dist/__tests__/llm-classifier.test.d.ts +2 -0
package/dist/__tests__/llm-classifier.test.d.ts.map +1 -0
package/dist/__tests__/llm-classifier.test.js +167 -0
package/dist/__tests__/llm-classifier.test.js.map +1 -0
package/dist/__tests__/messaging.test.d.ts +2 -0
package/dist/__tests__/messaging.test.d.ts.map +1 -0
package/dist/__tests__/messaging.test.js +75 -0
package/dist/__tests__/messaging.test.js.map +1 -0
package/dist/__tests__/plans-classifier-limits.test.d.ts +2 -0
package/dist/__tests__/plans-classifier-limits.test.d.ts.map +1 -0
package/dist/__tests__/plans-classifier-limits.test.js +22 -0
package/dist/__tests__/plans-classifier-limits.test.js.map +1 -0
package/dist/__tests__/policy-category-floor.test.d.ts +2 -0
package/dist/__tests__/policy-category-floor.test.d.ts.map +1 -0
package/dist/__tests__/policy-category-floor.test.js +46 -0
package/dist/__tests__/policy-category-floor.test.js.map +1 -0
package/dist/__tests__/policy-claude-bash.test.d.ts +2 -0
package/dist/__tests__/policy-claude-bash.test.d.ts.map +1 -0
package/dist/__tests__/policy-claude-bash.test.js +401 -0
package/dist/__tests__/policy-claude-bash.test.js.map +1 -0
package/dist/__tests__/policy-llm-floor.test.d.ts +2 -0
package/dist/__tests__/policy-llm-floor.test.d.ts.map +1 -0
package/dist/__tests__/policy-llm-floor.test.js +107 -0
package/dist/__tests__/policy-llm-floor.test.js.map +1 -0
package/dist/__tests__/policy-ssh-e2e.test.d.ts +2 -0
package/dist/__tests__/policy-ssh-e2e.test.d.ts.map +1 -0
package/dist/__tests__/policy-ssh-e2e.test.js +89 -0
package/dist/__tests__/policy-ssh-e2e.test.js.map +1 -0
package/dist/__tests__/policy-ssh-sessions.test.d.ts +2 -0
package/dist/__tests__/policy-ssh-sessions.test.d.ts.map +1 -0
package/dist/__tests__/policy-ssh-sessions.test.js +139 -0
package/dist/__tests__/policy-ssh-sessions.test.js.map +1 -0
package/dist/__tests__/policy-ssh.test.d.ts +2 -0
package/dist/__tests__/policy-ssh.test.d.ts.map +1 -0
package/dist/__tests__/policy-ssh.test.js +180 -0
package/dist/__tests__/policy-ssh.test.js.map +1 -0
package/dist/__tests__/policy.test.js +522 -7
package/dist/__tests__/policy.test.js.map +1 -1
package/dist/__tests__/redact.test.js +76 -0
package/dist/__tests__/redact.test.js.map +1 -1
package/dist/__tests__/signing.test.js +89 -0
package/dist/__tests__/signing.test.js.map +1 -1
package/dist/__tests__/ssh-fingerprint.test.d.ts +2 -0
package/dist/__tests__/ssh-fingerprint.test.d.ts.map +1 -0
package/dist/__tests__/ssh-fingerprint.test.js +19 -0
package/dist/__tests__/ssh-fingerprint.test.js.map +1 -0
package/dist/__tests__/vpn-route.test.d.ts +2 -0
package/dist/__tests__/vpn-route.test.d.ts.map +1 -0
package/dist/__tests__/vpn-route.test.js +72 -0
package/dist/__tests__/vpn-route.test.js.map +1 -0
package/dist/__tests__/wireguard.test.d.ts +2 -0
package/dist/__tests__/wireguard.test.d.ts.map +1 -0
package/dist/__tests__/wireguard.test.js +114 -0
package/dist/__tests__/wireguard.test.js.map +1 -0
package/dist/billing.d.ts +12 -0
package/dist/billing.d.ts.map +1 -0
package/dist/billing.js +41 -0
package/dist/billing.js.map +1 -0
package/dist/crypto.d.ts +41 -0
package/dist/crypto.d.ts.map +1 -1
package/dist/crypto.js +208 -6
package/dist/crypto.js.map +1 -1
package/dist/dns-pinning.d.ts +28 -0
package/dist/dns-pinning.d.ts.map +1 -0
package/dist/dns-pinning.js +113 -0
package/dist/dns-pinning.js.map +1 -0
package/dist/index.d.ts +6 -0
package/dist/index.d.ts.map +1 -1
package/dist/index.js +9 -0
package/dist/index.js.map +1 -1
package/dist/llm-classifier-cache-store.d.ts +49 -0
package/dist/llm-classifier-cache-store.d.ts.map +1 -0
package/dist/llm-classifier-cache-store.js +63 -0
package/dist/llm-classifier-cache-store.js.map +1 -0
package/dist/llm-classifier-cache.d.ts +6 -0
package/dist/llm-classifier-cache.d.ts.map +1 -0
package/dist/llm-classifier-cache.js +52 -0
package/dist/llm-classifier-cache.js.map +1 -0
package/dist/llm-classifier.d.ts +29 -0
package/dist/llm-classifier.d.ts.map +1 -0
package/dist/llm-classifier.js +191 -0
package/dist/llm-classifier.js.map +1 -0
package/dist/observability.d.ts +36 -0
package/dist/observability.d.ts.map +1 -0
package/dist/observability.js +75 -0
package/dist/observability.js.map +1 -0
package/dist/plans.d.ts +21 -0
package/dist/plans.d.ts.map +1 -1
package/dist/plans.js +52 -14
package/dist/plans.js.map +1 -1
package/dist/policy.d.ts +173 -3
package/dist/policy.d.ts.map +1 -1
package/dist/policy.js +951 -58
package/dist/policy.js.map +1 -1
package/dist/redact.d.ts.map +1 -1
package/dist/redact.js +104 -7
package/dist/redact.js.map +1 -1
package/dist/regex-safety.d.ts +21 -0
package/dist/regex-safety.d.ts.map +1 -0
package/dist/regex-safety.js +49 -0
package/dist/regex-safety.js.map +1 -0
package/dist/sanitize.d.ts +31 -0
package/dist/sanitize.d.ts.map +1 -0
package/dist/sanitize.js +54 -0
package/dist/sanitize.js.map +1 -0
package/dist/schemas.d.ts +267 -14
package/dist/schemas.d.ts.map +1 -1
package/dist/schemas.js +152 -10
package/dist/schemas.js.map +1 -1
package/dist/signing.d.ts +15 -0
package/dist/signing.d.ts.map +1 -1
package/dist/signing.js +53 -4
package/dist/signing.js.map +1 -1
package/dist/ssh-fingerprint.d.ts +10 -0
package/dist/ssh-fingerprint.d.ts.map +1 -0
package/dist/ssh-fingerprint.js +52 -0
package/dist/ssh-fingerprint.js.map +1 -0
package/dist/ssrf.d.ts +36 -0
package/dist/ssrf.d.ts.map +1 -0
package/dist/ssrf.js +140 -0
package/dist/ssrf.js.map +1 -0
package/dist/types.d.ts +131 -0
package/dist/types.d.ts.map +1 -1
package/dist/wireguard.d.ts +63 -0
package/dist/wireguard.d.ts.map +1 -0
package/dist/wireguard.js +226 -0
package/dist/wireguard.js.map +1 -0
package/package.json +42 -29
package/.turbo/turbo-build.log +0 -4
package/.turbo/turbo-test.log +0 -34
package/dist/__tests__/content-crypto.test.d.ts +0 -2
package/dist/__tests__/content-crypto.test.d.ts.map +0 -1
package/dist/__tests__/content-crypto.test.js +0 -117
package/dist/__tests__/content-crypto.test.js.map +0 -1
package/dist/content-crypto.d.ts +0 -24
package/dist/content-crypto.d.ts.map +0 -1
package/dist/content-crypto.js +0 -58
package/dist/content-crypto.js.map +0 -1
package/src/__tests__/policy.test.ts +0 -88
package/src/__tests__/redact.test.ts +0 -41
package/src/__tests__/signing.test.ts +0 -55
package/src/crypto.ts +0 -87
package/src/index.ts +0 -8
package/src/mcp-catalog.ts +0 -181
package/src/plans.ts +0 -96
package/src/policy.ts +0 -186
package/src/redact.ts +0 -114
package/src/schemas.ts +0 -53
package/src/signing.ts +0 -120
package/src/types.ts +0 -212
package/test-gateway.mjs +0 -47
package/tsconfig.json +0 -10
package/vitest.config.ts +0 -8

package/dist/llm-classifier-cache.js ADDED Viewed

@@ -0,0 +1,52 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.buildCacheKey = buildCacheKey;
+const crypto_1 = require("crypto");
+/**
+ * Shape-keyed cache key for LLM risk classifications. Keys are derived
+ * from the SHAPE of the payload, not its values — see the Phase 1 doc
+ * for the rationale. The actual storage of cached entries lives in
+ * `llm-classifier-cache-store.ts`.
+ *
+ * Properties:
+ *
+ * 1. **Privacy**: payload values never enter the cache key.
+ * 2. **Efficiency**: two calls to `notion.delete_page` with different page
+ *    IDs resolve to the same cache entry.
+ * 3. **Stability**: key ordering doesn't matter, so `{a:1,b:2}` and
+ *    `{b:2,a:1}` hit the same entry.
+ */
+/**
+ * Recursively extract the "shape" of a value: key names and nested
+ * structure, with all leaf values replaced by a generic sentinel.
+ */
+function extractShape(value, depth = 0) {
+    if (depth > 3)
+        return '<deep>';
+    if (value === null)
+        return null;
+    if (value === undefined)
+        return undefined;
+    if (Array.isArray(value)) {
+        return value.length > 0 ? [extractShape(value[0], depth + 1)] : [];
+    }
+    if (typeof value === 'object') {
+        const obj = value;
+        const sorted = Object.keys(obj).sort();
+        const out = {};
+        for (const k of sorted) {
+            out[k] = extractShape(obj[k], depth + 1);
+        }
+        return out;
+    }
+    return '<value>';
+}
+/**
+ * Compute a stable cache key from the (lowercased) tool name and the
+ * payload shape. Output is a 32-char hex digest.
+ */
+function buildCacheKey(tool, payload) {
+    const normalized = `${tool.toLowerCase()}|${JSON.stringify(extractShape(payload))}`;
+    return (0, crypto_1.createHash)('sha256').update(normalized).digest('hex').slice(0, 32);
+}
+//# sourceMappingURL=llm-classifier-cache.js.map

package/dist/llm-classifier-cache.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"llm-classifier-cache.js","sourceRoot":"","sources":["../src/llm-classifier-cache.ts"],"names":[],"mappings":";;AA4CA,sCAMC;AAlDD,mCAAoC;AAEpC;;;;;;;;;;;;;GAaG;AAEH;;;GAGG;AACH,SAAS,YAAY,CAAC,KAAc,EAAE,KAAK,GAAG,CAAC;IAC7C,IAAI,KAAK,GAAG,CAAC;QAAE,OAAO,QAAQ,CAAC;IAC/B,IAAI,KAAK,KAAK,IAAI;QAAE,OAAO,IAAI,CAAC;IAChC,IAAI,KAAK,KAAK,SAAS;QAAE,OAAO,SAAS,CAAC;IAC1C,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;IACrE,CAAC;IACD,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,MAAM,GAAG,GAAG,KAAgC,CAAC;QAC7C,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;QACvC,MAAM,GAAG,GAA4B,EAAE,CAAC;QACxC,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE,CAAC;YACvB,GAAG,CAAC,CAAC,CAAC,GAAG,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,KAAK,GAAG,CAAC,CAAC,CAAC;QAC3C,CAAC;QACD,OAAO,GAAG,CAAC;IACb,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;;GAGG;AACH,SAAgB,aAAa,CAC3B,IAAY,EACZ,OAAgC;IAEhC,MAAM,UAAU,GAAG,GAAG,IAAI,CAAC,WAAW,EAAE,IAAI,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC;IACpF,OAAO,IAAA,mBAAU,EAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;AAC5E,CAAC"}

package/dist/llm-classifier.d.ts ADDED Viewed

@@ -0,0 +1,29 @@
+import type { LLMClassification } from './types.js';
+export interface ClassifyOptions {
+    /** Hard cap on how long to wait for the LLM. Defaults to 800ms. */
+    timeoutMs?: number;
+}
+type ClassifierFn = (tool: string, payload: Record<string, unknown>) => Promise<Omit<LLMClassification, 'cached'> | null>;
+/** Test-only: replace the classifier implementation. Pass null to reset. */
+export declare function __setClassifierForTest(fn: ClassifierFn | null): void;
+/**
+ * Strip values from a payload, keeping only keys and type descriptors.
+ * Separate from the cache-key version because we want slightly more detail
+ * for the LLM (it sees type names, not just `<string>`).
+ */
+/**
+ * Exported for unit-test verification of the privacy guarantee. Not part of
+ * the stable public API — treat as internal.
+ * @internal
+ */
+export declare function shapeOnly(value: unknown, depth?: number): unknown;
+/**
+ * Classify a tool call using the LLM. Returns null if the classifier is
+ * disabled (no API key), fails, or times out. Results are cached by
+ * tool + payload shape for the default TTL (24h).
+ *
+ * This function NEVER throws — all errors are caught and turned into null.
+ */
+export declare function classifyWithLLM(tool: string, payload: Record<string, unknown>, options?: ClassifyOptions): Promise<LLMClassification | null>;
+export {};
+//# sourceMappingURL=llm-classifier.d.ts.map

package/dist/llm-classifier.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"llm-classifier.d.ts","sourceRoot":"","sources":["../src/llm-classifier.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAmCpD,MAAM,WAAW,eAAe;IAC9B,mEAAmE;IACnE,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AASD,KAAK,YAAY,GAAG,CAClB,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAC7B,OAAO,CAAC,IAAI,CAAC,iBAAiB,EAAE,QAAQ,CAAC,GAAG,IAAI,CAAC,CAAC;AAIvD,4EAA4E;AAC5E,wBAAgB,sBAAsB,CAAC,EAAE,EAAE,YAAY,GAAG,IAAI,GAAG,IAAI,CAEpE;AAmED;;;;GAIG;AAOH;;;;GAIG;AACH,wBAAgB,SAAS,CAAC,KAAK,EAAE,OAAO,EAAE,KAAK,SAAI,GAAG,OAAO,CAiB5D;AAMD;;;;;;GAMG;AACH,wBAAsB,eAAe,CACnC,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAChC,OAAO,GAAE,eAAoB,GAC5B,OAAO,CAAC,iBAAiB,GAAG,IAAI,CAAC,CAkDnC"}

package/dist/llm-classifier.js ADDED Viewed

@@ -0,0 +1,191 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.__setClassifierForTest = __setClassifierForTest;
+exports.shapeOnly = shapeOnly;
+exports.classifyWithLLM = classifyWithLLM;
+const zod_1 = require("zod");
+const llm_classifier_cache_js_1 = require("./llm-classifier-cache.js");
+const llm_classifier_cache_store_js_1 = require("./llm-classifier-cache-store.js");
+/**
+ * LLM-based risk classifier. Called by the gateway when the server-side
+ * static category floor (`getCategoryFloor`) returns `read` — i.e. the tool
+ * name and payload don't match any of the hardcoded financial/admin
+ * patterns. The LLM provides a second opinion on what the tool is doing
+ * based on its name and payload shape.
+ *
+ * Security & privacy:
+ * - Only the TOOL NAME and PAYLOAD SHAPE (keys, types, nested structure) are
+ *   sent to the LLM. Actual payload values never leave the server.
+ * - The LLM's output is advisory. The policy layer applies
+ *   `max(declared, staticFloor, llmFloor)` — the LLM can only UPGRADE a
+ *   classification, never downgrade.
+ * - All calls are hard-capped at 800ms. If the LLM is slow, unreachable, or
+ *   errors for any reason, this function returns `null` and the gateway
+ *   falls back to the static floor alone.
+ * - Caching is by shape, so identical tool-call patterns resolve to the same
+ *   entry regardless of actual values. Cache is in-memory (per-process) in
+ *   this slice; a persistent store follows in a later phase.
+ */
+// ---------------------------------------------------------------------------
+// Classifier I/O schema
+// ---------------------------------------------------------------------------
+const ClassificationSchema = zod_1.z.object({
+    category: zod_1.z.enum(['read', 'write', 'financial', 'admin']),
+    reason: zod_1.z.string().min(1).max(200),
+    confidence: zod_1.z.number().min(0).max(1),
+});
+let testClassifier = null;
+/** Test-only: replace the classifier implementation. Pass null to reset. */
+function __setClassifierForTest(fn) {
+    testClassifier = fn;
+}
+// ---------------------------------------------------------------------------
+// Default classifier — OpenRouter via Vercel AI SDK
+// ---------------------------------------------------------------------------
+const MODEL_ID = 'google/gemini-2.5-flash-lite';
+const SYSTEM_PROMPT = `You are a security classifier for an AI agent proxy. Your job is to look at a tool name and payload shape and classify the action into one of four risk categories:
+- "read": retrieves or inspects data without modifying anything (lookups, lists, snapshots, queries)
+- "write": creates, updates, or deletes data in a standard application context (create_page, update_record, delete_item, post_message)
+- "financial": moves money or handles payment/billing (charges, refunds, invoices, subscriptions, payouts, wire transfers)
+- "admin": privileged administrative actions (user management, permission changes, key rotation, database drops, MFA resets, workspace deletion)
+Rules:
+1. When in doubt between two categories, pick the MORE restrictive one. Security over convenience.
+2. Base your decision primarily on the TOOL NAME — it is the strongest signal.
+3. The payload shape is provided as a hint, but contains no actual values (only type descriptors).
+4. If the tool name clearly suggests a read (list_*, get_*, fetch_*, search_*, show_*, describe_*), return "read".
+5. If the tool name mentions money, payments, billing, or financial verbs (charge, refund, transfer, payout), return "financial".
+6. If the tool name mentions user management, permissions, keys, or destructive schema changes, return "admin".
+7. Otherwise, if the tool name suggests any mutation (create, update, delete, send, post, modify), return "write".
+8. Keep "reason" under 200 characters. Be terse and specific.
+Return a JSON object with fields: category, reason, and confidence (a number between 0.0 and 1.0).`;
+async function defaultClassifier(tool, payload) {
+    const apiKey = process.env.OPENROUTER_API_KEY;
+    if (!apiKey)
+        return null;
+    // Dynamic import so packages/shared doesn't force-load the AI SDK at module
+    // init time — keeps startup fast when the classifier is disabled.
+    // v6 structured-output pattern: generateText + Output.object({ schema }).
+    const [{ createOpenRouter }, { generateText, Output }] = await Promise.all([
+        import('@openrouter/ai-sdk-provider'),
+        import('ai'),
+    ]);
+    const openrouter = createOpenRouter({ apiKey });
+    // Send ONLY the tool name and payload shape — values are stripped in the
+    // prompt construction below.
+    const payloadShape = shapeOnly(payload);
+    const userPrompt = `Tool: ${tool}\nPayload shape: ${JSON.stringify(payloadShape)}`;
+    // v6 structured output: pass the Zod schema via `output: Output.object({ schema })`.
+    // The parsed + validated value is returned on the `output` property of the result.
+    const { output } = await generateText({
+        model: openrouter(MODEL_ID),
+        output: Output.object({ schema: ClassificationSchema }),
+        system: SYSTEM_PROMPT,
+        prompt: userPrompt,
+    });
+    return {
+        category: output.category,
+        reason: output.reason,
+        confidence: output.confidence,
+        model: MODEL_ID,
+    };
+}
+/**
+ * Strip values from a payload, keeping only keys and type descriptors.
+ * Separate from the cache-key version because we want slightly more detail
+ * for the LLM (it sees type names, not just `<string>`).
+ */
+// TODO: `shapeOnly` here and `extractShape` in llm-classifier-cache.ts share
+// ~95% of their logic (recursive walk, depth cap, key sorting, array
+// handling). The only meaningful difference is the leaf format: this one
+// uses `<${typeof value}>` for the LLM, the cache version uses `<value>`
+// for dedup. Consolidate into a shared `walkShape(value, leafFormatter)`
+// helper when adding support for `Map`/`Set`/`Date` so both stay in sync.
+/**
+ * Exported for unit-test verification of the privacy guarantee. Not part of
+ * the stable public API — treat as internal.
+ * @internal
+ */
+function shapeOnly(value, depth = 0) {
+    if (depth > 3)
+        return '<deep>';
+    if (value === null)
+        return null;
+    if (value === undefined)
+        return undefined;
+    if (Array.isArray(value)) {
+        return value.length > 0 ? [shapeOnly(value[0], depth + 1)] : [];
+    }
+    if (typeof value === 'object') {
+        const obj = value;
+        const sorted = Object.keys(obj).sort();
+        const out = {};
+        for (const k of sorted) {
+            out[k] = shapeOnly(obj[k], depth + 1);
+        }
+        return out;
+    }
+    return `<${typeof value}>`;
+}
+// ---------------------------------------------------------------------------
+// Public API
+// ---------------------------------------------------------------------------
+/**
+ * Classify a tool call using the LLM. Returns null if the classifier is
+ * disabled (no API key), fails, or times out. Results are cached by
+ * tool + payload shape for the default TTL (24h).
+ *
+ * This function NEVER throws — all errors are caught and turned into null.
+ */
+async function classifyWithLLM(tool, payload, options = {}) {
+    const timeoutMs = options.timeoutMs ?? 800;
+    // Cache check — the store is async but has its own internal timeout +
+    // error handling and will resolve to null on any failure.
+    const cacheKey = (0, llm_classifier_cache_js_1.buildCacheKey)(tool, payload);
+    const store = (0, llm_classifier_cache_store_js_1.getClassifierCacheStore)();
+    const cached = await store.get(cacheKey);
+    if (cached) {
+        return cached;
+    }
+    // Select classifier impl
+    const impl = testClassifier ?? defaultClassifier;
+    // Race the classifier against a hard timeout.
+    // We track the timer so we can clear it when the classifier wins, and we
+    // attach a noop catch to the classifier promise so an eventual rejection
+    // after the race doesn't become an unhandled rejection.
+    let timer;
+    try {
+        const classifierPromise = impl(tool, payload);
+        // Swallow any post-race rejection from the losing side.
+        classifierPromise.catch(() => { });
+        const timeoutPromise = new Promise((resolve) => {
+            timer = setTimeout(() => resolve(null), timeoutMs);
+        });
+        const result = await Promise.race([classifierPromise, timeoutPromise]);
+        if (!result)
+            return null;
+        // Cache and return. We fire-and-forget the set so a slow persistent
+        // store never blocks the gateway response. The store swallows errors
+        // internally; the `.catch` here is a belt-and-braces guard against
+        // an unhandled rejection if a future implementation throws.
+        store.set(cacheKey, result).catch(() => { });
+        return { ...result, cached: false };
+    }
+    catch (err) {
+        // Log but never throw — graceful fallback to static-floor-only behavior.
+        // Bugs (Zod parse failures, typos) still surface here instead of being
+        // invisibly dropped.
+        console.warn('[llm-classifier] error, falling back to static floor', {
+            tool,
+            error: err instanceof Error ? err.message : String(err),
+        });
+        return null;
+    }
+    finally {
+        if (timer)
+            clearTimeout(timer);
+    }
+}
+//# sourceMappingURL=llm-classifier.js.map

package/dist/llm-classifier.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"llm-classifier.js","sourceRoot":"","sources":["../src/llm-classifier.ts"],"names":[],"mappings":";;AAwDA,wDAEC;AAmFD,8BAiBC;AAaD,0CAsDC;AAjOD,6BAAwB;AAExB,uEAA0D;AAC1D,mFAA0E;AAE1E;;;;;;;;;;;;;;;;;;;GAmBG;AAEH,8EAA8E;AAC9E,wBAAwB;AACxB,8EAA8E;AAE9E,MAAM,oBAAoB,GAAG,OAAC,CAAC,MAAM,CAAC;IACpC,QAAQ,EAAE,OAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,OAAO,EAAE,WAAW,EAAE,OAAO,CAAC,CAAC;IACzD,MAAM,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC;IAClC,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;CACrC,CAAC,CAAC;AAmBH,IAAI,cAAc,GAAwB,IAAI,CAAC;AAE/C,4EAA4E;AAC5E,SAAgB,sBAAsB,CAAC,EAAuB;IAC5D,cAAc,GAAG,EAAE,CAAC;AACtB,CAAC;AAED,8EAA8E;AAC9E,oDAAoD;AACpD,8EAA8E;AAE9E,MAAM,QAAQ,GAAG,8BAA8B,CAAC;AAEhD,MAAM,aAAa,GAAG;;;;;;;;;;;;;;;;;mGAiB6E,CAAC;AAEpG,KAAK,UAAU,iBAAiB,CAC9B,IAAY,EACZ,OAAgC;IAEhC,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC;IAC9C,IAAI,CAAC,MAAM;QAAE,OAAO,IAAI,CAAC;IAEzB,4EAA4E;IAC5E,kEAAkE;IAClE,0EAA0E;IAC1E,MAAM,CAAC,EAAE,gBAAgB,EAAE,EAAE,EAAE,YAAY,EAAE,MAAM,EAAE,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;QACzE,MAAM,CAAC,6BAA6B,CAAC;QACrC,MAAM,CAAC,IAAI,CAAC;KACb,CAAC,CAAC;IAEH,MAAM,UAAU,GAAG,gBAAgB,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC;IAEhD,yEAAyE;IACzE,6BAA6B;IAC7B,MAAM,YAAY,GAAG,SAAS,CAAC,OAAO,CAAC,CAAC;IAExC,MAAM,UAAU,GAAG,SAAS,IAAI,oBAAoB,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,EAAE,CAAC;IAEnF,qFAAqF;IACrF,mFAAmF;IACnF,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,YAAY,CAAC;QACpC,KAAK,EAAE,UAAU,CAAC,QAAQ,CAAC;QAC3B,MAAM,EAAE,MAAM,CAAC,MAAM,CAAC,EAAE,MAAM,EAAE,oBAAoB,EAAE,CAAC;QACvD,MAAM,EAAE,aAAa;QACrB,MAAM,EAAE,UAAU;KACnB,CAAC,CAAC;IAEH,OAAO;QACL,QAAQ,EAAE,MAAM,CAAC,QAAQ;QACzB,MAAM,EAAE,MAAM,CAAC,MAAM;QACrB,UAAU,EAAE,MAAM,CAAC,UAAU;QAC7B,KAAK,EAAE,QAAQ;KAChB,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACH,6EAA6E;AAC7E,qEAAqE;AACrE,yEAAyE;AACzE,yEAAyE;AACzE,yEAAyE;AACzE,0EAA0E;AAC1E;;;;GAIG;AACH,SAAgB,SAAS,CAAC,KAAc,EAAE,KAAK,GAAG,CAAC;IACjD,IAAI,KAAK,GAAG,CAAC;QAAE,OAAO,QAAQ,CAAC;IAC/B,IAAI,KAAK,KAAK,IAAI;QAAE,OAAO,IAAI,CAAC;IAChC,IAAI,KAAK,KAAK,SAAS;QAAE,OAAO,SAAS,CAAC;IAC1C,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;IAClE,CAAC;IACD,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,MAAM,GAAG,GAAG,KAAgC,CAAC;QAC7C,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;QACvC,MAAM,GAAG,GAA4B,EAAE,CAAC;QACxC,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE,CAAC;YACvB,GAAG,CAAC,CAAC,CAAC,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,KAAK,GAAG,CAAC,CAAC,CAAC;QACxC,CAAC;QACD,OAAO,GAAG,CAAC;IACb,CAAC;IACD,OAAO,IAAI,OAAO,KAAK,GAAG,CAAC;AAC7B,CAAC;AAED,8EAA8E;AAC9E,aAAa;AACb,8EAA8E;AAE9E;;;;;;GAMG;AACI,KAAK,UAAU,eAAe,CACnC,IAAY,EACZ,OAAgC,EAChC,UAA2B,EAAE;IAE7B,MAAM,SAAS,GAAG,OAAO,CAAC,SAAS,IAAI,GAAG,CAAC;IAE3C,sEAAsE;IACtE,0DAA0D;IAC1D,MAAM,QAAQ,GAAG,IAAA,uCAAa,EAAC,IAAI,EAAE,OAAO,CAAC,CAAC;IAC9C,MAAM,KAAK,GAAG,IAAA,uDAAuB,GAAE,CAAC;IACxC,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IACzC,IAAI,MAAM,EAAE,CAAC;QACX,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,yBAAyB;IACzB,MAAM,IAAI,GAAG,cAAc,IAAI,iBAAiB,CAAC;IAEjD,8CAA8C;IAC9C,yEAAyE;IACzE,yEAAyE;IACzE,wDAAwD;IACxD,IAAI,KAAgD,CAAC;IACrD,IAAI,CAAC;QACH,MAAM,iBAAiB,GAAG,IAAI,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;QAC9C,wDAAwD;QACxD,iBAAiB,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;QAElC,MAAM,cAAc,GAAG,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,EAAE;YACnD,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,SAAS,CAAC,CAAC;QACrD,CAAC,CAAC,CAAC;QAEH,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC,iBAAiB,EAAE,cAAc,CAAC,CAAC,CAAC;QACvE,IAAI,CAAC,MAAM;YAAE,OAAO,IAAI,CAAC;QAEzB,oEAAoE;QACpE,qEAAqE;QACrE,mEAAmE;QACnE,4DAA4D;QAC5D,KAAK,CAAC,GAAG,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;QAC5C,OAAO,EAAE,GAAG,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;IACtC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,yEAAyE;QACzE,uEAAuE;QACvE,qBAAqB;QACrB,OAAO,CAAC,IAAI,CAAC,sDAAsD,EAAE;YACnE,IAAI;YACJ,KAAK,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;SACxD,CAAC,CAAC;QACH,OAAO,IAAI,CAAC;IACd,CAAC;YAAS,CAAC;QACT,IAAI,KAAK;YAAE,YAAY,CAAC,KAAK,CAAC,CAAC;IACjC,CAAC;AACH,CAAC"}

package/dist/observability.d.ts ADDED Viewed

@@ -0,0 +1,36 @@
+/**
+ * Light-weight structured logging + tracing helpers shared by web & runner.
+ *
+ * This is deliberately NOT a full observability stack (no Sentry SDK, no
+ * OTEL exporter). It gives us JSON-per-line output that downstream log
+ * aggregators (Vercel, Fly.io, Datadog, Axiom…) can parse and index. Drop
+ * a real tracer/exporter in later by replacing these functions — every
+ * call site uses the exported names, no `console.*` sprinkled around.
+ *
+ * Design rules:
+ * - Never throw. A logger that can crash your request path is worse than
+ *   a logger that silently no-ops when env is weird.
+ * - Never include secrets. Callers should `sanitizeError()` first when the
+ *   payload comes from an Error object or external service response.
+ * - One line per event, minified JSON, stable field names.
+ */
+export type LogLevel = 'debug' | 'info' | 'warn' | 'error';
+/**
+ * Emit a structured log line. Meant for server-side JS (Runner + Next.js
+ * route handlers). Browser code should use the console directly.
+ *
+ * The `ctx` object should contain scalar identifiers (workspace_id,
+ * request_id, agent_id, job_id) — anything else gets JSON.stringified
+ * verbatim, so don't pass objects with potential secrets.
+ */
+export declare function log(level: LogLevel, message: string, ctx?: Record<string, unknown>): void;
+export declare const logInfo: (msg: string, ctx?: Record<string, unknown>) => void;
+export declare const logWarn: (msg: string, ctx?: Record<string, unknown>) => void;
+export declare const logDebug: (msg: string, ctx?: Record<string, unknown>) => void;
+/**
+ * Log an Error (or unknown) under the `error` level with a sanitized
+ * message and optional context. Stack traces and connection strings are
+ * stripped by `sanitizeError()` before emit.
+ */
+export declare function logError(msg: string, err: unknown, ctx?: Record<string, unknown>): void;
+//# sourceMappingURL=observability.d.ts.map

package/dist/observability.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"observability.d.ts","sourceRoot":"","sources":["../src/observability.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAIH,MAAM,MAAM,QAAQ,GAAG,OAAO,GAAG,MAAM,GAAG,MAAM,GAAG,OAAO,CAAC;AAW3D;;;;;;;GAOG;AACH,wBAAgB,GAAG,CACjB,KAAK,EAAE,QAAQ,EACf,OAAO,EAAE,MAAM,EACf,GAAG,GAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAM,GAChC,IAAI,CAmBN;AAED,eAAO,MAAM,OAAO,GAAK,KAAK,MAAM,EAAE,MAAM,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,SAA2B,CAAC;AAC/F,eAAO,MAAM,OAAO,GAAK,KAAK,MAAM,EAAE,MAAM,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,SAA2B,CAAC;AAC/F,eAAO,MAAM,QAAQ,GAAI,KAAK,MAAM,EAAE,MAAM,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,SAA2B,CAAC;AAE/F;;;;GAIG;AACH,wBAAgB,QAAQ,CACtB,GAAG,EAAE,MAAM,EACX,GAAG,EAAE,OAAO,EACZ,GAAG,GAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAM,GAChC,IAAI,CAEN"}

package/dist/observability.js ADDED Viewed

@@ -0,0 +1,75 @@
+"use strict";
+/**
+ * Light-weight structured logging + tracing helpers shared by web & runner.
+ *
+ * This is deliberately NOT a full observability stack (no Sentry SDK, no
+ * OTEL exporter). It gives us JSON-per-line output that downstream log
+ * aggregators (Vercel, Fly.io, Datadog, Axiom…) can parse and index. Drop
+ * a real tracer/exporter in later by replacing these functions — every
+ * call site uses the exported names, no `console.*` sprinkled around.
+ *
+ * Design rules:
+ * - Never throw. A logger that can crash your request path is worse than
+ *   a logger that silently no-ops when env is weird.
+ * - Never include secrets. Callers should `sanitizeError()` first when the
+ *   payload comes from an Error object or external service response.
+ * - One line per event, minified JSON, stable field names.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.logDebug = exports.logWarn = exports.logInfo = void 0;
+exports.log = log;
+exports.logError = logError;
+const sanitize_js_1 = require("./sanitize.js");
+const LOG_LEVEL_ORDER = {
+    debug: 10, info: 20, warn: 30, error: 40,
+};
+function resolveMinLevel() {
+    const raw = (typeof process !== 'undefined' && process.env?.LOG_LEVEL) || 'info';
+    return LOG_LEVEL_ORDER[raw] ?? LOG_LEVEL_ORDER.info;
+}
+/**
+ * Emit a structured log line. Meant for server-side JS (Runner + Next.js
+ * route handlers). Browser code should use the console directly.
+ *
+ * The `ctx` object should contain scalar identifiers (workspace_id,
+ * request_id, agent_id, job_id) — anything else gets JSON.stringified
+ * verbatim, so don't pass objects with potential secrets.
+ */
+function log(level, message, ctx = {}) {
+    try {
+        if (LOG_LEVEL_ORDER[level] < resolveMinLevel())
+            return;
+        const line = JSON.stringify({
+            ts: new Date().toISOString(),
+            level,
+            msg: message,
+            ...ctx,
+        });
+        // stderr for warn/error so error aggregators pick them up separately
+        // from info/debug; matches Fastify+pino convention.
+        if (level === 'warn' || level === 'error') {
+            process.stderr.write(line + '\n');
+        }
+        else {
+            process.stdout.write(line + '\n');
+        }
+    }
+    catch {
+        /* swallow — logging must never throw */
+    }
+}
+const logInfo = (msg, ctx) => log('info', msg, ctx);
+exports.logInfo = logInfo;
+const logWarn = (msg, ctx) => log('warn', msg, ctx);
+exports.logWarn = logWarn;
+const logDebug = (msg, ctx) => log('debug', msg, ctx);
+exports.logDebug = logDebug;
+/**
+ * Log an Error (or unknown) under the `error` level with a sanitized
+ * message and optional context. Stack traces and connection strings are
+ * stripped by `sanitizeError()` before emit.
+ */
+function logError(msg, err, ctx = {}) {
+    log('error', msg, { ...ctx, error: (0, sanitize_js_1.sanitizeError)(err) });
+}
+//# sourceMappingURL=observability.js.map

package/dist/observability.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"observability.js","sourceRoot":"","sources":["../src/observability.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;GAeG;;;AAuBH,kBAuBC;AAWD,4BAMC;AA7DD,+CAA8C;AAI9C,MAAM,eAAe,GAA6B;IAChD,KAAK,EAAE,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,KAAK,EAAE,EAAE;CACzC,CAAC;AAEF,SAAS,eAAe;IACtB,MAAM,GAAG,GAAG,CAAC,OAAO,OAAO,KAAK,WAAW,IAAI,OAAO,CAAC,GAAG,EAAE,SAAS,CAAC,IAAI,MAAM,CAAC;IACjF,OAAO,eAAe,CAAC,GAAe,CAAC,IAAI,eAAe,CAAC,IAAI,CAAC;AAClE,CAAC;AAED;;;;;;;GAOG;AACH,SAAgB,GAAG,CACjB,KAAe,EACf,OAAe,EACf,MAA+B,EAAE;IAEjC,IAAI,CAAC;QACH,IAAI,eAAe,CAAC,KAAK,CAAC,GAAG,eAAe,EAAE;YAAE,OAAO;QACvD,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC;YAC1B,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YAC5B,KAAK;YACL,GAAG,EAAE,OAAO;YACZ,GAAG,GAAG;SACP,CAAC,CAAC;QACH,qEAAqE;QACrE,oDAAoD;QACpD,IAAI,KAAK,KAAK,MAAM,IAAI,KAAK,KAAK,OAAO,EAAE,CAAC;YAC1C,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,GAAG,IAAI,CAAC,CAAC;QACpC,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,GAAG,IAAI,CAAC,CAAC;QACpC,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,wCAAwC;IAC1C,CAAC;AACH,CAAC;AAEM,MAAM,OAAO,GAAI,CAAC,GAAW,EAAE,GAA6B,EAAE,EAAE,CAAC,GAAG,CAAC,MAAM,EAAG,GAAG,EAAE,GAAG,CAAC,CAAC;AAAlF,QAAA,OAAO,WAA2E;AACxF,MAAM,OAAO,GAAI,CAAC,GAAW,EAAE,GAA6B,EAAE,EAAE,CAAC,GAAG,CAAC,MAAM,EAAG,GAAG,EAAE,GAAG,CAAC,CAAC;AAAlF,QAAA,OAAO,WAA2E;AACxF,MAAM,QAAQ,GAAG,CAAC,GAAW,EAAE,GAA6B,EAAE,EAAE,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC;AAAlF,QAAA,QAAQ,YAA0E;AAE/F;;;;GAIG;AACH,SAAgB,QAAQ,CACtB,GAAW,EACX,GAAY,EACZ,MAA+B,EAAE;IAEjC,GAAG,CAAC,OAAO,EAAE,GAAG,EAAE,EAAE,GAAG,GAAG,EAAE,KAAK,EAAE,IAAA,2BAAa,EAAC,GAAG,CAAC,EAAE,CAAC,CAAC;AAC3D,CAAC"}

package/dist/plans.d.ts CHANGED Viewed

@@ -4,9 +4,20 @@ export interface PlanLimits {
     agents: number;
     credentials: number;
     members: number;
+    policies: number;
     timelineHistoryDays: number;
     undoEnabled: boolean;
     browserSessions: number;
+    /**
+     * Maximum number of concurrent persistent SSH sessions (`ssh.open`).
+     * Free is held to 0 — those plans use one-shot `ssh.run` only. Pro and
+     * Team get a small concurrency budget. The TTL per session is enforced
+     * separately via {@link sshMaxTtlMinutes}.
+     */
+    sshSessions: number;
+    messagesPerMonth: number;
+    messageHistoryDays: number;
+    threadsPerAgent: number;
 }
 export interface PlanDefinition extends PlanLimits {
     id: PlanId;
@@ -19,6 +30,16 @@ export interface PlanDefinition extends PlanLimits {
 export declare const PLANS: Record<PlanId, PlanDefinition>;
 export declare function getPlanLimits(plan: string): PlanLimits;
 export declare function canUndo(plan: string): boolean;
+/**
+ * Maximum SSH session TTL (minutes) allowed per plan.
+ *
+ * Longer TTLs widen the blast radius if a session is hijacked or forgotten,
+ * so we cap conservatively. Team gets the industry-standard "up to one
+ * hour" window; Free/Pro are held to the shorter 20-minute cap —
+ * agents that need longer operations should re-open a session via
+ * approval rather than keep one idling.
+ */
+export declare function sshMaxTtlMinutes(plan: string): number;
 /** Map a Stripe price ID back to a plan ID */
 export declare function planFromPriceId(priceId: string): PlanId | null;
 //# sourceMappingURL=plans.d.ts.map

package/dist/plans.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"plans.d.ts","sourceRoot":"","sources":["../src/plans.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,MAAM,GAAG,MAAM,GAAG,KAAK,GAAG,MAAM,CAAC;AAE7C,MAAM,WAAW,UAAU;IACzB,eAAe,EAAE,MAAM,CAAC;IACxB,MAAM,EAAE,MAAM,CAAC;IACf,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,MAAM,CAAC;IAChB,mBAAmB,EAAE,MAAM,CAAC;IAC5B,WAAW,EAAE,OAAO,CAAC;IACrB,eAAe,EAAE,MAAM,CAAC;CACzB;AAED,MAAM,WAAW,cAAe,SAAQ,UAAU;IAChD,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,YAAY,EAAE,MAAM,CAAC;IACrB,WAAW,EAAE,MAAM,CAAC;IACpB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,iBAAiB,EAAE,MAAM,CAAC;CAC3B;AAED,eAAO,MAAM,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,cAAc,~~CA8CvC~~,CAAC;AAEX,wBAAgB,aAAa,CAAC,IAAI,EAAE,MAAM,GAAG,UAAU,~~CAYtD~~;AAED,wBAAgB,OAAO,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAE7C;AAED,8CAA8C;AAC9C,wBAAgB,eAAe,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAO9D"}
1	+ {"version":3,"file":"plans.d.ts","sourceRoot":"","sources":["../src/plans.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,MAAM,GAAG,MAAM,GAAG,KAAK,GAAG,MAAM,CAAC;AAE7C,MAAM,WAAW,UAAU;IACzB,eAAe,EAAE,MAAM,CAAC;IACxB,MAAM,EAAE,MAAM,CAAC;IACf,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;IACjB,mBAAmB,EAAE,MAAM,CAAC;IAC5B,WAAW,EAAE,OAAO,CAAC;IACrB,eAAe,EAAE,MAAM,CAAC;IACxB;;;;;OAKG;IACH,WAAW,EAAE,MAAM,CAAC;IACpB,gBAAgB,EAAE,MAAM,CAAC;IACzB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,eAAe,EAAE,MAAM,CAAC;CACzB;AAED,MAAM,WAAW,cAAe,SAAQ,UAAU;IAChD,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,YAAY,EAAE,MAAM,CAAC;IACrB,WAAW,EAAE,MAAM,CAAC;IACpB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,iBAAiB,EAAE,MAAM,CAAC;CAC3B;AAED,eAAO,MAAM,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,cAAc,CA6DvC,CAAC;AAEX,wBAAgB,aAAa,CAAC,IAAI,EAAE,MAAM,GAAG,UAAU,CAgBtD;AAED,wBAAgB,OAAO,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAE7C;AAED;;;;;;;;GAQG;AACH,wBAAgB,gBAAgB,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CASrD;AAED,8CAA8C;AAC9C,wBAAgB,eAAe,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAO9D"}

package/dist/plans.js CHANGED Viewed

@@ -3,6 +3,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.PLANS = void 0;
 exports.getPlanLimits = getPlanLimits;
 exports.canUndo = canUndo;
+exports.sshMaxTtlMinutes = sshMaxTtlMinutes;
 exports.planFromPriceId = planFromPriceId;
 exports.PLANS = {
     free: {
@@ -12,28 +13,38 @@ exports.PLANS = {
         yearlyPrice: 0,
         stripePriceMonthly: '',
         stripePriceYearly: '',
-        actionsPerMonth: 1000,
-        agents: 3,
+        actionsPerMonth: 100,
+        agents: 1,
         credentials: 2,
         members: 1,
+        policies: 3,
         timelineHistoryDays: 14,
         undoEnabled: false,
         browserSessions: 0,
+        sshSessions: 0,
+        messagesPerMonth: 100,
+        messageHistoryDays: 7,
+        threadsPerAgent: 5,
     },
     pro: {
         id: 'pro',
         name: 'Pro',
         monthlyPrice: 900,
-        yearlyPrice: 7900,
+        yearlyPrice: 7550,
         stripePriceMonthly: 'price_1T6b3m2NRlIkxMrBZ9bmEDYE',
-        stripePriceYearly: 'price_1T6b3m2NRlIkxMrBo2yx01sJ',
-        actionsPerMonth: Infinity,
-        agents: 10,
-        credentials: 25,
-        members: 5,
+        stripePriceYearly: 'price_1TQTJy2NRlIkxMrBhcSh8E8i',
+        actionsPerMonth: 2000,
+        agents: 5,
+        credentials: 15,
+        members: 3,
+        policies: 10,
         timelineHistoryDays: 90,
         undoEnabled: true,
         browserSessions: 2,
+        sshSessions: 2,
+        messagesPerMonth: 5000,
+        messageHistoryDays: 30,
+        threadsPerAgent: 50,
     },
     team: {
         id: 'team',
@@ -42,32 +53,59 @@ exports.PLANS = {
         yearlyPrice: 41000,
         stripePriceMonthly: 'price_1T6b3n2NRlIkxMrBstkfVECC',
         stripePriceYearly: 'price_1T6b3o2NRlIkxMrBzHoQKPjz',
-        actionsPerMonth: Infinity,
-        agents: 50,
+        actionsPerMonth: 10000,
+        agents: 20,
         credentials: Infinity,
-        members: 25,
+        members: 10,
+        policies: 50,
         timelineHistoryDays: 365,
         undoEnabled: true,
         browserSessions: 5,
+        sshSessions: 5,
+        messagesPerMonth: Infinity,
+        messageHistoryDays: 90,
+        threadsPerAgent: Infinity,
     },
 };
 function getPlanLimits(plan) {
-    const def = exports.PLANS[plan];
-    if (!def)
-        return exports.PLANS.free;
+    const def = exports.PLANS[plan] ?? exports.PLANS.free;
     return {
         actionsPerMonth: def.actionsPerMonth,
         agents: def.agents,
         credentials: def.credentials,
         members: def.members,
+        policies: def.policies,
         timelineHistoryDays: def.timelineHistoryDays,
         undoEnabled: def.undoEnabled,
         browserSessions: def.browserSessions,
+        sshSessions: def.sshSessions,
+        messagesPerMonth: def.messagesPerMonth,
+        messageHistoryDays: def.messageHistoryDays,
+        threadsPerAgent: def.threadsPerAgent,
     };
 }
 function canUndo(plan) {
     return getPlanLimits(plan).undoEnabled;
 }
+/**
+ * Maximum SSH session TTL (minutes) allowed per plan.
+ *
+ * Longer TTLs widen the blast radius if a session is hijacked or forgotten,
+ * so we cap conservatively. Team gets the industry-standard "up to one
+ * hour" window; Free/Pro are held to the shorter 20-minute cap —
+ * agents that need longer operations should re-open a session via
+ * approval rather than keep one idling.
+ */
+function sshMaxTtlMinutes(plan) {
+    switch (plan) {
+        case 'team':
+            return 60;
+        case 'pro':
+        case 'free':
+        default:
+            return 20;
+    }
+}
 /** Map a Stripe price ID back to a plan ID */
 function planFromPriceId(priceId) {
     for (const plan of Object.values(exports.PLANS)) {

package/dist/plans.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"plans.js","sourceRoot":"","sources":["../src/plans.ts"],"names":[],"mappings":";;;~~AAqEA~~,~~sCAYC~~;AAED,0BAEC;AAGD,0CAOC;~~AA1EY~~,QAAA,KAAK,GAAmC;IACnD,IAAI,EAAE;QACJ,EAAE,EAAE,MAAM;QACV,IAAI,EAAE,MAAM;QACZ,YAAY,EAAE,CAAC;QACf,WAAW,EAAE,CAAC;QACd,kBAAkB,EAAE,EAAE;QACtB,iBAAiB,EAAE,EAAE;QACrB,eAAe,EAAE,~~IAAI~~;~~QACrB~~,MAAM,EAAE,CAAC;QACT,WAAW,EAAE,CAAC;QACd,OAAO,EAAE,CAAC;QACV,mBAAmB,EAAE,EAAE;QACvB,WAAW,EAAE,KAAK;QAClB,eAAe,EAAE,CAAC;KACnB;IACD,GAAG,EAAE;QACH,EAAE,EAAE,KAAK;QACT,IAAI,EAAE,KAAK;QACX,YAAY,EAAE,GAAG;QACjB,WAAW,EAAE,IAAI;QACjB,kBAAkB,EAAE,gCAAgC;QACpD,iBAAiB,EAAE,gCAAgC;QACnD,eAAe,EAAE,~~QAAQ~~;~~QACzB~~,MAAM,EAAE,~~EAAE~~;~~QACV~~,WAAW,EAAE,EAAE;QACf,OAAO,EAAE,CAAC;QACV,mBAAmB,EAAE,EAAE;QACvB,WAAW,EAAE,IAAI;QACjB,eAAe,EAAE,CAAC;~~KACnB~~;IACD,IAAI,EAAE;QACJ,EAAE,EAAE,MAAM;QACV,IAAI,EAAE,MAAM;QACZ,YAAY,EAAE,IAAI;QAClB,WAAW,EAAE,KAAK;QAClB,kBAAkB,EAAE,gCAAgC;QACpD,iBAAiB,EAAE,gCAAgC;QACnD,eAAe,EAAE,~~QAAQ~~;~~QACzB~~,MAAM,EAAE,EAAE;QACV,WAAW,EAAE,QAAQ;QACrB,OAAO,EAAE,EAAE;QACX,mBAAmB,EAAE,GAAG;QACxB,WAAW,EAAE,IAAI;QACjB,eAAe,EAAE,CAAC;~~KACnB~~;CACO,CAAC;AAEX,SAAgB,aAAa,CAAC,IAAY;IACxC,MAAM,GAAG,GAAG,aAAK,CAAC,IAAc,CAAC,~~CAAC;IAClC,~~IAAI,~~CAAC,GAAG;QAAE,OAAO,~~aAAK,CAAC,IAAI,CAAC;~~IAC5B~~,OAAO;QACL,eAAe,EAAE,GAAG,CAAC,eAAe;QACpC,MAAM,EAAE,GAAG,CAAC,MAAM;QAClB,WAAW,EAAE,GAAG,CAAC,WAAW;QAC5B,OAAO,EAAE,GAAG,CAAC,OAAO;QACpB,mBAAmB,EAAE,GAAG,CAAC,mBAAmB;QAC5C,WAAW,EAAE,GAAG,CAAC,WAAW;QAC5B,eAAe,EAAE,GAAG,CAAC,eAAe;KACrC,CAAC;AACJ,CAAC;AAED,SAAgB,OAAO,CAAC,IAAY;IAClC,OAAO,aAAa,CAAC,IAAI,CAAC,CAAC,WAAW,CAAC;AACzC,CAAC;AAED,8CAA8C;AAC9C,SAAgB,eAAe,CAAC,OAAe;IAC7C,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,MAAM,CAAC,aAAK,CAAC,EAAE,CAAC;QACxC,IAAI,IAAI,CAAC,kBAAkB,KAAK,OAAO,IAAI,IAAI,CAAC,iBAAiB,KAAK,OAAO,EAAE,CAAC;YAC9E,OAAO,IAAI,CAAC,EAAE,CAAC;QACjB,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC"}
1	+ {"version":3,"file":"plans.js","sourceRoot":"","sources":["../src/plans.ts"],"names":[],"mappings":";;;AA+FA,sCAgBC;AAED,0BAEC;AAWD,4CASC;AAGD,0CAOC;AAjHY,QAAA,KAAK,GAAmC;IACnD,IAAI,EAAE;QACJ,EAAE,EAAE,MAAM;QACV,IAAI,EAAE,MAAM;QACZ,YAAY,EAAE,CAAC;QACf,WAAW,EAAE,CAAC;QACd,kBAAkB,EAAE,EAAE;QACtB,iBAAiB,EAAE,EAAE;QACrB,eAAe,EAAE,GAAG;QACpB,MAAM,EAAE,CAAC;QACT,WAAW,EAAE,CAAC;QACd,OAAO,EAAE,CAAC;QACV,QAAQ,EAAE,CAAC;QACX,mBAAmB,EAAE,EAAE;QACvB,WAAW,EAAE,KAAK;QAClB,eAAe,EAAE,CAAC;QAClB,WAAW,EAAE,CAAC;QACd,gBAAgB,EAAE,GAAG;QACrB,kBAAkB,EAAE,CAAC;QACrB,eAAe,EAAE,CAAC;KACnB;IACD,GAAG,EAAE;QACH,EAAE,EAAE,KAAK;QACT,IAAI,EAAE,KAAK;QACX,YAAY,EAAE,GAAG;QACjB,WAAW,EAAE,IAAI;QACjB,kBAAkB,EAAE,gCAAgC;QACpD,iBAAiB,EAAE,gCAAgC;QACnD,eAAe,EAAE,IAAI;QACrB,MAAM,EAAE,CAAC;QACT,WAAW,EAAE,EAAE;QACf,OAAO,EAAE,CAAC;QACV,QAAQ,EAAE,EAAE;QACZ,mBAAmB,EAAE,EAAE;QACvB,WAAW,EAAE,IAAI;QACjB,eAAe,EAAE,CAAC;QAClB,WAAW,EAAE,CAAC;QACd,gBAAgB,EAAE,IAAI;QACtB,kBAAkB,EAAE,EAAE;QACtB,eAAe,EAAE,EAAE;KACpB;IACD,IAAI,EAAE;QACJ,EAAE,EAAE,MAAM;QACV,IAAI,EAAE,MAAM;QACZ,YAAY,EAAE,IAAI;QAClB,WAAW,EAAE,KAAK;QAClB,kBAAkB,EAAE,gCAAgC;QACpD,iBAAiB,EAAE,gCAAgC;QACnD,eAAe,EAAE,KAAK;QACtB,MAAM,EAAE,EAAE;QACV,WAAW,EAAE,QAAQ;QACrB,OAAO,EAAE,EAAE;QACX,QAAQ,EAAE,EAAE;QACZ,mBAAmB,EAAE,GAAG;QACxB,WAAW,EAAE,IAAI;QACjB,eAAe,EAAE,CAAC;QAClB,WAAW,EAAE,CAAC;QACd,gBAAgB,EAAE,QAAQ;QAC1B,kBAAkB,EAAE,EAAE;QACtB,eAAe,EAAE,QAAQ;KAC1B;CACO,CAAC;AAEX,SAAgB,aAAa,CAAC,IAAY;IACxC,MAAM,GAAG,GAAG,aAAK,CAAC,IAAc,CAAC,IAAI,aAAK,CAAC,IAAI,CAAC;IAChD,OAAO;QACL,eAAe,EAAE,GAAG,CAAC,eAAe;QACpC,MAAM,EAAE,GAAG,CAAC,MAAM;QAClB,WAAW,EAAE,GAAG,CAAC,WAAW;QAC5B,OAAO,EAAE,GAAG,CAAC,OAAO;QACpB,QAAQ,EAAE,GAAG,CAAC,QAAQ;QACtB,mBAAmB,EAAE,GAAG,CAAC,mBAAmB;QAC5C,WAAW,EAAE,GAAG,CAAC,WAAW;QAC5B,eAAe,EAAE,GAAG,CAAC,eAAe;QACpC,WAAW,EAAE,GAAG,CAAC,WAAW;QAC5B,gBAAgB,EAAE,GAAG,CAAC,gBAAgB;QACtC,kBAAkB,EAAE,GAAG,CAAC,kBAAkB;QAC1C,eAAe,EAAE,GAAG,CAAC,eAAe;KACrC,CAAC;AACJ,CAAC;AAED,SAAgB,OAAO,CAAC,IAAY;IAClC,OAAO,aAAa,CAAC,IAAI,CAAC,CAAC,WAAW,CAAC;AACzC,CAAC;AAED;;;;;;;;GAQG;AACH,SAAgB,gBAAgB,CAAC,IAAY;IAC3C,QAAQ,IAAc,EAAE,CAAC;QACvB,KAAK,MAAM;YACT,OAAO,EAAE,CAAC;QACZ,KAAK,KAAK,CAAC;QACX,KAAK,MAAM,CAAC;QACZ;YACE,OAAO,EAAE,CAAC;IACd,CAAC;AACH,CAAC;AAED,8CAA8C;AAC9C,SAAgB,eAAe,CAAC,OAAe;IAC7C,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,MAAM,CAAC,aAAK,CAAC,EAAE,CAAC;QACxC,IAAI,IAAI,CAAC,kBAAkB,KAAK,OAAO,IAAI,IAAI,CAAC,iBAAiB,KAAK,OAAO,EAAE,CAAC;YAC9E,OAAO,IAAI,CAAC,EAAE,CAAC;QACjB,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC"}