agentlock-shared 0.1.0

package/dist/crypto.js

@@ -0,0 +1,85 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.generateKey = generateKey;
+exports.encrypt = encrypt;
+exports.decrypt = decrypt;
+exports.encryptDEK = encryptDEK;
+exports.decryptDEK = decryptDEK;
+exports.getMasterKey = getMasterKey;
+exports.generateMasterKey = generateMasterKey;
+exports.encryptCredential = encryptCredential;
+exports.decryptCredential = decryptCredential;
+const tweetnacl_1 = __importDefault(require("tweetnacl"));
+const tweetnacl_util_1 = require("tweetnacl-util");
+function generateKey() {
+    return tweetnacl_1.default.randomBytes(32);
+}
+function encrypt(data, key) {
+    const nonce = tweetnacl_1.default.randomBytes(tweetnacl_1.default.secretbox.nonceLength);
+    const message = new TextEncoder().encode(data);
+    const box = tweetnacl_1.default.secretbox(message, nonce, key);
+    const combined = new Uint8Array(nonce.length + box.length);
+    combined.set(nonce);
+    combined.set(box, nonce.length);
+    return (0, tweetnacl_util_1.encodeBase64)(combined);
+}
+function decrypt(encryptedData, key) {
+    const combined = (0, tweetnacl_util_1.decodeBase64)(encryptedData);
+    const nonce = combined.slice(0, tweetnacl_1.default.secretbox.nonceLength);
+    const box = combined.slice(tweetnacl_1.default.secretbox.nonceLength);
+    const message = tweetnacl_1.default.secretbox.open(box, nonce, key);
+    if (!message) {
+        throw new Error('Decryption failed: invalid key or corrupted data');
+    }
+    return new TextDecoder().decode(message);
+}
+function encryptDEK(dek, masterKey) {
+    return encrypt((0, tweetnacl_util_1.encodeBase64)(dek), masterKey);
+}
+function decryptDEK(encryptedDEK, masterKey) {
+    const dekBase64 = decrypt(encryptedDEK, masterKey);
+    return (0, tweetnacl_util_1.decodeBase64)(dekBase64);
+}
+// Cache the decoded master key to avoid creating multiple copies in memory.
+// A single copy is preferable to many short-lived copies scattered on the heap.
+let _cachedMasterKey = null;
+function getMasterKey() {
+    if (_cachedMasterKey)
+        return _cachedMasterKey;
+    const key = process.env.MASTER_KEY;
+    if (!key)
+        throw new Error('MASTER_KEY environment variable not set');
+    _cachedMasterKey = (0, tweetnacl_util_1.decodeBase64)(key);
+    return _cachedMasterKey;
+}
+function generateMasterKey() {
+    return (0, tweetnacl_util_1.encodeBase64)(generateKey());
+}
+function encryptCredential(payload, masterKey) {
+    const dek = generateKey();
+    try {
+        const encryptedDEK = encryptDEK(dek, masterKey);
+        const encryptedPayload = encrypt(JSON.stringify(payload), dek);
+        return { encryptedDEK, encryptedPayload };
+    }
+    finally {
+        // Zero DEK from memory after use (defense-in-depth against heap dumps)
+        dek.fill(0);
+    }
+}
+function decryptCredential(encryptedDEK, encryptedPayload, masterKey) {
+    const dek = decryptDEK(encryptedDEK, masterKey);
+    try {
+        const json = decrypt(encryptedPayload, dek);
+        return JSON.parse(json);
+    }
+    finally {
+        // Best-effort: zero DEK from memory to minimize exposure window.
+        // Not guaranteed by JS runtime, but reduces risk of heap-dump leaks.
+        dek.fill(0);
+    }
+}
+//# sourceMappingURL=crypto.js.map

package/dist/crypto.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"crypto.js","sourceRoot":"","sources":["../src/crypto.ts"],"names":[],"mappings":";;;;;AAGA,kCAEC;AAED,0BAUC;AAED,0BAWC;AAED,gCAEC;AAED,gCAGC;AAMD,oCAMC;AAED,8CAEC;AAED,8CAaC;AAED,8CAcC;AAtFD,0DAA6B;AAC7B,mDAA4D;AAE5D,SAAgB,WAAW;IACzB,OAAO,mBAAI,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;AAC9B,CAAC;AAED,SAAgB,OAAO,CAAC,IAAY,EAAE,GAAe;IACnD,MAAM,KAAK,GAAG,mBAAI,CAAC,WAAW,CAAC,mBAAI,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;IAC3D,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IAC/C,MAAM,GAAG,GAAG,mBAAI,CAAC,SAAS,CAAC,OAAO,EAAE,KAAK,EAAE,GAAG,CAAC,CAAC;IAEhD,MAAM,QAAQ,GAAG,IAAI,UAAU,CAAC,KAAK,CAAC,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC,CAAC;IAC3D,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;IACpB,QAAQ,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IAEhC,OAAO,IAAA,6BAAY,EAAC,QAAQ,CAAC,CAAC;AAChC,CAAC;AAED,SAAgB,OAAO,CAAC,aAAqB,EAAE,GAAe;IAC5D,MAAM,QAAQ,GAAG,IAAA,6BAAY,EAAC,aAAa,CAAC,CAAC;IAC7C,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,mBAAI,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;IAC5D,MAAM,GAAG,GAAG,QAAQ,CAAC,KAAK,CAAC,mBAAI,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;IAEvD,MAAM,OAAO,GAAG,mBAAI,CAAC,SAAS,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,EAAE,GAAG,CAAC,CAAC;IACrD,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAC;IACtE,CAAC;IAED,OAAO,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;AAC3C,CAAC;AAED,SAAgB,UAAU,CAAC,GAAe,EAAE,SAAqB;IAC/D,OAAO,OAAO,CAAC,IAAA,6BAAY,EAAC,GAAG,CAAC,EAAE,SAAS,CAAC,CAAC;AAC/C,CAAC;AAED,SAAgB,UAAU,CAAC,YAAoB,EAAE,SAAqB;IACpE,MAAM,SAAS,GAAG,OAAO,CAAC,YAAY,EAAE,SAAS,CAAC,CAAC;IACnD,OAAO,IAAA,6BAAY,EAAC,SAAS,CAAC,CAAC;AACjC,CAAC;AAED,4EAA4E;AAC5E,gFAAgF;AAChF,IAAI,gBAAgB,GAAsB,IAAI,CAAC;AAE/C,SAAgB,YAAY;IAC1B,IAAI,gBAAgB;QAAE,OAAO,gBAAgB,CAAC;IAC9C,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC;IACnC,IAAI,CAAC,GAAG;QAAE,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAC;IACrE,gBAAgB,GAAG,IAAA,6BAAY,EAAC,GAAG,CAAC,CAAC;IACrC,OAAO,gBAAgB,CAAC;AAC1B,CAAC;AAED,SAAgB,iBAAiB;IAC/B,OAAO,IAAA,6BAAY,EAAC,WAAW,EAAE,CAAC,CAAC;AACrC,CAAC;AAED,SAAgB,iBAAiB,CAC/B,OAAgC,EAChC,SAAqB;IAErB,MAAM,GAAG,GAAG,WAAW,EAAE,CAAC;IAC1B,IAAI,CAAC;QACH,MAAM,YAAY,GAAG,UAAU,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;QAChD,MAAM,gBAAgB,GAAG,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE,GAAG,CAAC,CAAC;QAC/D,OAAO,EAAE,YAAY,EAAE,gBAAgB,EAAE,CAAC;IAC5C,CAAC;YAAS,CAAC;QACT,uEAAuE;QACvE,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAgB,iBAAiB,CAC/B,YAAoB,EACpB,gBAAwB,EACxB,SAAqB;IAErB,MAAM,GAAG,GAAG,UAAU,CAAC,YAAY,EAAE,SAAS,CAAC,CAAC;IAChD,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,OAAO,CAAC,gBAAgB,EAAE,GAAG,CAAC,CAAC;QAC5C,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC1B,CAAC;YAAS,CAAC;QACT,iEAAiE;QACjE,qEAAqE;QACrE,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACd,CAAC;AACH,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,9 @@
+export * from './types.js';
+export * from './crypto.js';
+export * from './signing.js';
+export * from './policy.js';
+export * from './redact.js';
+export * from './schemas.js';
+export * from './plans.js';
+export * from './mcp-catalog.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,YAAY,CAAC;AAC3B,cAAc,aAAa,CAAC;AAC5B,cAAc,cAAc,CAAC;AAC7B,cAAc,aAAa,CAAC;AAC5B,cAAc,aAAa,CAAC;AAC5B,cAAc,cAAc,CAAC;AAC7B,cAAc,YAAY,CAAC;AAC3B,cAAc,kBAAkB,CAAC"}

package/dist/index.js

@@ -0,0 +1,25 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./types.js"), exports);
+__exportStar(require("./crypto.js"), exports);
+__exportStar(require("./signing.js"), exports);
+__exportStar(require("./policy.js"), exports);
+__exportStar(require("./redact.js"), exports);
+__exportStar(require("./schemas.js"), exports);
+__exportStar(require("./plans.js"), exports);
+__exportStar(require("./mcp-catalog.js"), exports);
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,6CAA2B;AAC3B,8CAA4B;AAC5B,+CAA6B;AAC7B,8CAA4B;AAC5B,8CAA4B;AAC5B,+CAA6B;AAC7B,6CAA2B;AAC3B,mDAAiC"}

package/dist/mcp-catalog.d.ts

@@ -0,0 +1,15 @@
+export interface McpServerTemplate {
+    id: string;
+    name: string;
+    description: string;
+    serverUrl: string;
+    authType: 'bearer' | 'none';
+    authLabel?: string;
+    authPlaceholder?: string;
+    authHelpUrl?: string;
+    category: string;
+}
+export declare const MCP_CATALOG: McpServerTemplate[];
+export declare const MCP_CATEGORIES: string[];
+export declare function getMcpTemplate(id: string): McpServerTemplate | undefined;
+//# sourceMappingURL=mcp-catalog.d.ts.map

package/dist/mcp-catalog.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"mcp-catalog.d.ts","sourceRoot":"","sources":["../src/mcp-catalog.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,iBAAiB;IAChC,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,QAAQ,GAAG,MAAM,CAAC;IAC5B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,eAAO,MAAM,WAAW,EAAE,iBAAiB,EAkK1C,CAAC;AAEF,eAAO,MAAM,cAAc,UAAmD,CAAC;AAE/E,wBAAgB,cAAc,CAAC,EAAE,EAAE,MAAM,GAAG,iBAAiB,GAAG,SAAS,CAExE"}

package/dist/mcp-catalog.js

@@ -0,0 +1,160 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.MCP_CATEGORIES = exports.MCP_CATALOG = void 0;
+exports.getMcpTemplate = getMcpTemplate;
+exports.MCP_CATALOG = [
+    // --- Developer Tools ---
+    {
+        id: 'github',
+        name: 'GitHub',
+        description: 'Manage repos, issues, PRs, and code search',
+        serverUrl: 'https://api.githubcopilot.com/mcp/',
+        authType: 'bearer',
+        authLabel: 'Personal Access Token',
+        authPlaceholder: 'ghp_...',
+        authHelpUrl: 'https://github.com/settings/tokens',
+        category: 'Developer Tools',
+    },
+    {
+        id: 'gitlab',
+        name: 'GitLab',
+        description: 'Projects, merge requests, pipelines, and issues',
+        serverUrl: 'https://gitlab.com/-/mcp',
+        authType: 'bearer',
+        authLabel: 'Personal Access Token',
+        authPlaceholder: 'glpat-...',
+        authHelpUrl: 'https://gitlab.com/-/user_settings/personal_access_tokens',
+        category: 'Developer Tools',
+    },
+    {
+        id: 'linear',
+        name: 'Linear',
+        description: 'Issue tracking, projects, and team workflows',
+        serverUrl: 'https://mcp.linear.app/sse',
+        authType: 'bearer',
+        authLabel: 'API Key',
+        authPlaceholder: 'lin_api_...',
+        authHelpUrl: 'https://linear.app/settings/api',
+        category: 'Developer Tools',
+    },
+    {
+        id: 'sentry',
+        name: 'Sentry',
+        description: 'Error tracking, performance monitoring, and alerts',
+        serverUrl: 'https://mcp.sentry.dev/sse',
+        authType: 'bearer',
+        authLabel: 'Auth Token',
+        authPlaceholder: 'sntrys_...',
+        authHelpUrl: 'https://sentry.io/settings/account/api/auth-tokens/',
+        category: 'Developer Tools',
+    },
+    // --- Cloud & Infrastructure ---
+    {
+        id: 'cloudflare',
+        name: 'Cloudflare',
+        description: 'Workers, KV, D1, R2, and DNS management',
+        serverUrl: 'https://workers-mcp.cloudflare.com/mcp',
+        authType: 'bearer',
+        authLabel: 'API Token',
+        authPlaceholder: '',
+        authHelpUrl: 'https://dash.cloudflare.com/profile/api-tokens',
+        category: 'Cloud & Infrastructure',
+    },
+    // --- Communication ---
+    {
+        id: 'slack',
+        name: 'Slack',
+        description: 'Send messages, manage channels, and search conversations',
+        serverUrl: 'https://slack.com/api/mcp',
+        authType: 'bearer',
+        authLabel: 'Bot Token',
+        authPlaceholder: 'xoxb-...',
+        authHelpUrl: 'https://api.slack.com/apps',
+        category: 'Communication',
+    },
+    // --- Search & Data ---
+    {
+        id: 'brave-search',
+        name: 'Brave Search',
+        description: 'Web search, news, and local results',
+        serverUrl: 'https://mcp.brave.com/sse',
+        authType: 'bearer',
+        authLabel: 'API Key',
+        authPlaceholder: 'BSA...',
+        authHelpUrl: 'https://brave.com/search/api/',
+        category: 'Search & Data',
+    },
+    // --- Productivity ---
+    {
+        id: 'notion',
+        name: 'Notion',
+        description: 'Pages, databases, and workspace content',
+        serverUrl: 'https://mcp.notion.so/sse',
+        authType: 'bearer',
+        authLabel: 'Integration Token',
+        authPlaceholder: 'ntn_...',
+        authHelpUrl: 'https://www.notion.so/my-integrations',
+        category: 'Productivity',
+    },
+    // --- AI & LLMs ---
+    {
+        id: 'context7',
+        name: 'Context7',
+        description: 'Up-to-date documentation and code examples for any library',
+        serverUrl: 'https://mcp.context7.com/sse',
+        authType: 'none',
+        category: 'AI & LLMs',
+    },
+    // --- Databases ---
+    {
+        id: 'supabase',
+        name: 'Supabase',
+        description: 'Database queries, auth, storage, and edge functions',
+        serverUrl: 'https://mcp.supabase.com/sse',
+        authType: 'bearer',
+        authLabel: 'Access Token',
+        authPlaceholder: 'sbp_...',
+        authHelpUrl: 'https://supabase.com/dashboard/account/tokens',
+        category: 'Databases',
+    },
+    {
+        id: 'neon',
+        name: 'Neon',
+        description: 'Serverless Postgres — branches, queries, and management',
+        serverUrl: 'https://mcp.neon.tech/sse',
+        authType: 'bearer',
+        authLabel: 'API Key',
+        authPlaceholder: '',
+        authHelpUrl: 'https://console.neon.tech/app/settings/api-keys',
+        category: 'Databases',
+    },
+    // --- Payments ---
+    {
+        id: 'stripe',
+        name: 'Stripe',
+        description: 'Payments, subscriptions, customers, and invoices',
+        serverUrl: 'https://mcp.stripe.com/sse',
+        authType: 'bearer',
+        authLabel: 'Secret Key',
+        authPlaceholder: 'sk_...',
+        authHelpUrl: 'https://dashboard.stripe.com/apikeys',
+        category: 'Payments',
+    },
+    // --- Monitoring ---
+    {
+        id: 'grafana',
+        name: 'Grafana',
+        description: 'Dashboards, alerts, and observability data',
+        serverUrl: 'https://mcp.grafana.com/sse',
+        authType: 'bearer',
+        authLabel: 'Service Account Token',
+        authPlaceholder: 'glsa_...',
+        authHelpUrl: 'https://grafana.com/docs/grafana/latest/administration/service-accounts/',
+        category: 'Monitoring',
+    },
+];
+exports.MCP_CATEGORIES = [...new Set(exports.MCP_CATALOG.map((s) => s.category))];
+function getMcpTemplate(id) {
+    return exports.MCP_CATALOG.find((s) => s.id === id);
+}
+//# sourceMappingURL=mcp-catalog.js.map

package/dist/mcp-catalog.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"mcp-catalog.js","sourceRoot":"","sources":["../src/mcp-catalog.ts"],"names":[],"mappings":";;;AAkLA,wCAEC;AAxKY,QAAA,WAAW,GAAwB;IAC9C,0BAA0B;IAC1B;QACE,EAAE,EAAE,QAAQ;QACZ,IAAI,EAAE,QAAQ;QACd,WAAW,EAAE,4CAA4C;QAEzD,SAAS,EAAE,oCAAoC;QAC/C,QAAQ,EAAE,QAAQ;QAClB,SAAS,EAAE,uBAAuB;QAClC,eAAe,EAAE,SAAS;QAC1B,WAAW,EAAE,oCAAoC;QACjD,QAAQ,EAAE,iBAAiB;KAC5B;IACD;QACE,EAAE,EAAE,QAAQ;QACZ,IAAI,EAAE,QAAQ;QACd,WAAW,EAAE,iDAAiD;QAE9D,SAAS,EAAE,0BAA0B;QACrC,QAAQ,EAAE,QAAQ;QAClB,SAAS,EAAE,uBAAuB;QAClC,eAAe,EAAE,WAAW;QAC5B,WAAW,EAAE,2DAA2D;QACxE,QAAQ,EAAE,iBAAiB;KAC5B;IACD;QACE,EAAE,EAAE,QAAQ;QACZ,IAAI,EAAE,QAAQ;QACd,WAAW,EAAE,8CAA8C;QAE3D,SAAS,EAAE,4BAA4B;QACvC,QAAQ,EAAE,QAAQ;QAClB,SAAS,EAAE,SAAS;QACpB,eAAe,EAAE,aAAa;QAC9B,WAAW,EAAE,iCAAiC;QAC9C,QAAQ,EAAE,iBAAiB;KAC5B;IACD;QACE,EAAE,EAAE,QAAQ;QACZ,IAAI,EAAE,QAAQ;QACd,WAAW,EAAE,oDAAoD;QAEjE,SAAS,EAAE,4BAA4B;QACvC,QAAQ,EAAE,QAAQ;QAClB,SAAS,EAAE,YAAY;QACvB,eAAe,EAAE,YAAY;QAC7B,WAAW,EAAE,qDAAqD;QAClE,QAAQ,EAAE,iBAAiB;KAC5B;IAED,iCAAiC;IACjC;QACE,EAAE,EAAE,YAAY;QAChB,IAAI,EAAE,YAAY;QAClB,WAAW,EAAE,yCAAyC;QACtD,SAAS,EAAE,wCAAwC;QACnD,QAAQ,EAAE,QAAQ;QAClB,SAAS,EAAE,WAAW;QACtB,eAAe,EAAE,EAAE;QACnB,WAAW,EAAE,gDAAgD;QAC7D,QAAQ,EAAE,wBAAwB;KACnC;IAED,wBAAwB;IACxB;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,OAAO;QACb,WAAW,EAAE,0DAA0D;QACvE,SAAS,EAAE,2BAA2B;QACtC,QAAQ,EAAE,QAAQ;QAClB,SAAS,EAAE,WAAW;QACtB,eAAe,EAAE,UAAU;QAC3B,WAAW,EAAE,4BAA4B;QACzC,QAAQ,EAAE,eAAe;KAC1B;IAED,wBAAwB;IACxB;QACE,EAAE,EAAE,cAAc;QAClB,IAAI,EAAE,cAAc;QACpB,WAAW,EAAE,qCAAqC;QAClD,SAAS,EAAE,2BAA2B;QACtC,QAAQ,EAAE,QAAQ;QAClB,SAAS,EAAE,SAAS;QACpB,eAAe,EAAE,QAAQ;QACzB,WAAW,EAAE,+BAA+B;QAC5C,QAAQ,EAAE,eAAe;KAC1B;IAED,uBAAuB;IACvB;QACE,EAAE,EAAE,QAAQ;QACZ,IAAI,EAAE,QAAQ;QACd,WAAW,EAAE,yCAAyC;QACtD,SAAS,EAAE,2BAA2B;QACtC,QAAQ,EAAE,QAAQ;QAClB,SAAS,EAAE,mBAAmB;QAC9B,eAAe,EAAE,SAAS;QAC1B,WAAW,EAAE,uCAAuC;QACpD,QAAQ,EAAE,cAAc;KACzB;IAED,oBAAoB;IACpB;QACE,EAAE,EAAE,UAAU;QACd,IAAI,EAAE,UAAU;QAChB,WAAW,EAAE,4DAA4D;QACzE,SAAS,EAAE,8BAA8B;QACzC,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,WAAW;KACtB;IAED,oBAAoB;IACpB;QACE,EAAE,EAAE,UAAU;QACd,IAAI,EAAE,UAAU;QAChB,WAAW,EAAE,qDAAqD;QAClE,SAAS,EAAE,8BAA8B;QACzC,QAAQ,EAAE,QAAQ;QAClB,SAAS,EAAE,cAAc;QACzB,eAAe,EAAE,SAAS;QAC1B,WAAW,EAAE,+CAA+C;QAC5D,QAAQ,EAAE,WAAW;KACtB;IACD;QACE,EAAE,EAAE,MAAM;QACV,IAAI,EAAE,MAAM;QACZ,WAAW,EAAE,yDAAyD;QACtE,SAAS,EAAE,2BAA2B;QACtC,QAAQ,EAAE,QAAQ;QAClB,SAAS,EAAE,SAAS;QACpB,eAAe,EAAE,EAAE;QACnB,WAAW,EAAE,iDAAiD;QAC9D,QAAQ,EAAE,WAAW;KACtB;IAED,mBAAmB;IACnB;QACE,EAAE,EAAE,QAAQ;QACZ,IAAI,EAAE,QAAQ;QACd,WAAW,EAAE,kDAAkD;QAC/D,SAAS,EAAE,4BAA4B;QACvC,QAAQ,EAAE,QAAQ;QAClB,SAAS,EAAE,YAAY;QACvB,eAAe,EAAE,QAAQ;QACzB,WAAW,EAAE,sCAAsC;QACnD,QAAQ,EAAE,UAAU;KACrB;IAED,qBAAqB;IACrB;QACE,EAAE,EAAE,SAAS;QACb,IAAI,EAAE,SAAS;QACf,WAAW,EAAE,4CAA4C;QACzD,SAAS,EAAE,6BAA6B;QACxC,QAAQ,EAAE,QAAQ;QAClB,SAAS,EAAE,uBAAuB;QAClC,eAAe,EAAE,UAAU;QAC3B,WAAW,EAAE,0EAA0E;QACvF,QAAQ,EAAE,YAAY;KACvB;CACF,CAAC;AAEW,QAAA,cAAc,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,mBAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;AAE/E,SAAgB,cAAc,CAAC,EAAU;IACvC,OAAO,mBAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC;AAC9C,CAAC"}

package/dist/plans.d.ts

@@ -0,0 +1,24 @@
+export type PlanId = 'free' | 'pro' | 'team';
+export interface PlanLimits {
+    actionsPerMonth: number;
+    agents: number;
+    credentials: number;
+    members: number;
+    timelineHistoryDays: number;
+    undoEnabled: boolean;
+    browserSessions: number;
+}
+export interface PlanDefinition extends PlanLimits {
+    id: PlanId;
+    name: string;
+    monthlyPrice: number;
+    yearlyPrice: number;
+    stripePriceMonthly: string;
+    stripePriceYearly: string;
+}
+export declare const PLANS: Record<PlanId, PlanDefinition>;
+export declare function getPlanLimits(plan: string): PlanLimits;
+export declare function canUndo(plan: string): boolean;
+/** Map a Stripe price ID back to a plan ID */
+export declare function planFromPriceId(priceId: string): PlanId | null;
+//# sourceMappingURL=plans.d.ts.map

package/dist/plans.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"plans.d.ts","sourceRoot":"","sources":["../src/plans.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,MAAM,GAAG,MAAM,GAAG,KAAK,GAAG,MAAM,CAAC;AAE7C,MAAM,WAAW,UAAU;IACzB,eAAe,EAAE,MAAM,CAAC;IACxB,MAAM,EAAE,MAAM,CAAC;IACf,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,MAAM,CAAC;IAChB,mBAAmB,EAAE,MAAM,CAAC;IAC5B,WAAW,EAAE,OAAO,CAAC;IACrB,eAAe,EAAE,MAAM,CAAC;CACzB;AAED,MAAM,WAAW,cAAe,SAAQ,UAAU;IAChD,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,YAAY,EAAE,MAAM,CAAC;IACrB,WAAW,EAAE,MAAM,CAAC;IACpB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,iBAAiB,EAAE,MAAM,CAAC;CAC3B;AAED,eAAO,MAAM,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,cAAc,CA8CvC,CAAC;AAEX,wBAAgB,aAAa,CAAC,IAAI,EAAE,MAAM,GAAG,UAAU,CAYtD;AAED,wBAAgB,OAAO,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAE7C;AAED,8CAA8C;AAC9C,wBAAgB,eAAe,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAO9D"}

package/dist/plans.js

@@ -0,0 +1,80 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PLANS = void 0;
+exports.getPlanLimits = getPlanLimits;
+exports.canUndo = canUndo;
+exports.planFromPriceId = planFromPriceId;
+exports.PLANS = {
+    free: {
+        id: 'free',
+        name: 'Free',
+        monthlyPrice: 0,
+        yearlyPrice: 0,
+        stripePriceMonthly: '',
+        stripePriceYearly: '',
+        actionsPerMonth: 1000,
+        agents: 3,
+        credentials: 2,
+        members: 1,
+        timelineHistoryDays: 14,
+        undoEnabled: false,
+        browserSessions: 0,
+    },
+    pro: {
+        id: 'pro',
+        name: 'Pro',
+        monthlyPrice: 900,
+        yearlyPrice: 7900,
+        stripePriceMonthly: 'price_1T6b3m2NRlIkxMrBZ9bmEDYE',
+        stripePriceYearly: 'price_1T6b3m2NRlIkxMrBo2yx01sJ',
+        actionsPerMonth: Infinity,
+        agents: 10,
+        credentials: 25,
+        members: 5,
+        timelineHistoryDays: 90,
+        undoEnabled: true,
+        browserSessions: 2,
+    },
+    team: {
+        id: 'team',
+        name: 'Team',
+        monthlyPrice: 4900,
+        yearlyPrice: 41000,
+        stripePriceMonthly: 'price_1T6b3n2NRlIkxMrBstkfVECC',
+        stripePriceYearly: 'price_1T6b3o2NRlIkxMrBzHoQKPjz',
+        actionsPerMonth: Infinity,
+        agents: 50,
+        credentials: Infinity,
+        members: 25,
+        timelineHistoryDays: 365,
+        undoEnabled: true,
+        browserSessions: 5,
+    },
+};
+function getPlanLimits(plan) {
+    const def = exports.PLANS[plan];
+    if (!def)
+        return exports.PLANS.free;
+    return {
+        actionsPerMonth: def.actionsPerMonth,
+        agents: def.agents,
+        credentials: def.credentials,
+        members: def.members,
+        timelineHistoryDays: def.timelineHistoryDays,
+        undoEnabled: def.undoEnabled,
+        browserSessions: def.browserSessions,
+    };
+}
+function canUndo(plan) {
+    return getPlanLimits(plan).undoEnabled;
+}
+/** Map a Stripe price ID back to a plan ID */
+function planFromPriceId(priceId) {
+    for (const plan of Object.values(exports.PLANS)) {
+        if (plan.stripePriceMonthly === priceId || plan.stripePriceYearly === priceId) {
+            return plan.id;
+        }
+    }
+    return null;
+}
+//# sourceMappingURL=plans.js.map

package/dist/plans.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"plans.js","sourceRoot":"","sources":["../src/plans.ts"],"names":[],"mappings":";;;AAqEA,sCAYC;AAED,0BAEC;AAGD,0CAOC;AA1EY,QAAA,KAAK,GAAmC;IACnD,IAAI,EAAE;QACJ,EAAE,EAAE,MAAM;QACV,IAAI,EAAE,MAAM;QACZ,YAAY,EAAE,CAAC;QACf,WAAW,EAAE,CAAC;QACd,kBAAkB,EAAE,EAAE;QACtB,iBAAiB,EAAE,EAAE;QACrB,eAAe,EAAE,IAAI;QACrB,MAAM,EAAE,CAAC;QACT,WAAW,EAAE,CAAC;QACd,OAAO,EAAE,CAAC;QACV,mBAAmB,EAAE,EAAE;QACvB,WAAW,EAAE,KAAK;QAClB,eAAe,EAAE,CAAC;KACnB;IACD,GAAG,EAAE;QACH,EAAE,EAAE,KAAK;QACT,IAAI,EAAE,KAAK;QACX,YAAY,EAAE,GAAG;QACjB,WAAW,EAAE,IAAI;QACjB,kBAAkB,EAAE,gCAAgC;QACpD,iBAAiB,EAAE,gCAAgC;QACnD,eAAe,EAAE,QAAQ;QACzB,MAAM,EAAE,EAAE;QACV,WAAW,EAAE,EAAE;QACf,OAAO,EAAE,CAAC;QACV,mBAAmB,EAAE,EAAE;QACvB,WAAW,EAAE,IAAI;QACjB,eAAe,EAAE,CAAC;KACnB;IACD,IAAI,EAAE;QACJ,EAAE,EAAE,MAAM;QACV,IAAI,EAAE,MAAM;QACZ,YAAY,EAAE,IAAI;QAClB,WAAW,EAAE,KAAK;QAClB,kBAAkB,EAAE,gCAAgC;QACpD,iBAAiB,EAAE,gCAAgC;QACnD,eAAe,EAAE,QAAQ;QACzB,MAAM,EAAE,EAAE;QACV,WAAW,EAAE,QAAQ;QACrB,OAAO,EAAE,EAAE;QACX,mBAAmB,EAAE,GAAG;QACxB,WAAW,EAAE,IAAI;QACjB,eAAe,EAAE,CAAC;KACnB;CACO,CAAC;AAEX,SAAgB,aAAa,CAAC,IAAY;IACxC,MAAM,GAAG,GAAG,aAAK,CAAC,IAAc,CAAC,CAAC;IAClC,IAAI,CAAC,GAAG;QAAE,OAAO,aAAK,CAAC,IAAI,CAAC;IAC5B,OAAO;QACL,eAAe,EAAE,GAAG,CAAC,eAAe;QACpC,MAAM,EAAE,GAAG,CAAC,MAAM;QAClB,WAAW,EAAE,GAAG,CAAC,WAAW;QAC5B,OAAO,EAAE,GAAG,CAAC,OAAO;QACpB,mBAAmB,EAAE,GAAG,CAAC,mBAAmB;QAC5C,WAAW,EAAE,GAAG,CAAC,WAAW;QAC5B,eAAe,EAAE,GAAG,CAAC,eAAe;KACrC,CAAC;AACJ,CAAC;AAED,SAAgB,OAAO,CAAC,IAAY;IAClC,OAAO,aAAa,CAAC,IAAI,CAAC,CAAC,WAAW,CAAC;AACzC,CAAC;AAED,8CAA8C;AAC9C,SAAgB,eAAe,CAAC,OAAe;IAC7C,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,MAAM,CAAC,aAAK,CAAC,EAAE,CAAC;QACxC,IAAI,IAAI,CAAC,kBAAkB,KAAK,OAAO,IAAI,IAAI,CAAC,iBAAiB,KAAK,OAAO,EAAE,CAAC;YAC9E,OAAO,IAAI,CAAC,EAAE,CAAC;QACjB,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC"}

package/dist/policy.d.ts

@@ -0,0 +1,10 @@
+import type { PolicyRules, AgentActionRequest, PolicyEvaluationResult } from './types.js';
+export declare const DEFAULT_POLICY_RULES: PolicyRules;
+export declare function evaluatePolicy(action: AgentActionRequest, rules: PolicyRules): PolicyEvaluationResult;
+export declare function buildActionPreview(action: AgentActionRequest): {
+    summary: string;
+    target?: string;
+    impact?: string;
+    cost_estimate?: number;
+};
+//# sourceMappingURL=policy.d.ts.map

package/dist/policy.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy.d.ts","sourceRoot":"","sources":["../src/policy.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,WAAW,EACX,kBAAkB,EAClB,sBAAsB,EAGvB,MAAM,YAAY,CAAC;AAUpB,eAAO,MAAM,oBAAoB,EAAE,WAgBlC,CAAC;AAEF,wBAAgB,cAAc,CAC5B,MAAM,EAAE,kBAAkB,EAC1B,KAAK,EAAE,WAAW,GACjB,sBAAsB,CA+FxB;AAED,wBAAgB,kBAAkB,CAAC,MAAM,EAAE,kBAAkB,GAAG;IAC9D,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB,CA8CA"}

package/dist/policy.js

@@ -0,0 +1,168 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DEFAULT_POLICY_RULES = void 0;
+exports.evaluatePolicy = evaluatePolicy;
+exports.buildActionPreview = buildActionPreview;
+const redact_js_1 = require("./redact.js");
+const RISK_MAP = {
+    read: 'low',
+    write: 'medium',
+    financial: 'high',
+    admin: 'critical',
+};
+exports.DEFAULT_POLICY_RULES = {
+    defaultMode: 'require_approval',
+    rules: [
+        { action_type: 'read', decision: 'ALLOW' },
+        { action_type: 'write', decision: 'REQUIRE_APPROVAL' },
+        { action_type: 'financial', decision: 'REQUIRE_APPROVAL' },
+        { action_type: 'admin', decision: 'BLOCK' },
+    ],
+    http: {
+        allowedDomains: [],
+        allowedMethods: ['GET', 'POST', 'PUT', 'DELETE'],
+        blockList: [],
+    },
+    limits: {
+        maxActionsPerHour: 100,
+    },
+};
+function evaluatePolicy(action, rules) {
+    const risk_level = RISK_MAP[action.action_type] ?? 'medium';
+    // Browser tools: browser.open always requires approval
+    if (action.tool.startsWith('browser.')) {
+        if (action.tool === 'browser.open') {
+            return {
+                decision: 'REQUIRE_APPROVAL',
+                risk_level: 'medium',
+                reason: 'Browser sessions always require approval to start',
+            };
+        }
+        // Other browser.* actions with a valid session are handled at the gateway
+        // level (auto-approved). If they reach the policy engine without a session,
+        // they should be blocked.
+        return {
+            decision: 'BLOCK',
+            risk_level: 'medium',
+            reason: 'Browser actions require an active session (use browser.open first)',
+        };
+    }
+    // MCP tools: list_tools is a read (low risk), call_tool defers to action_type rules
+    if (action.tool === 'mcp.list_tools') {
+        return {
+            decision: 'ALLOW',
+            risk_level: 'low',
+            reason: 'MCP tool discovery is read-only',
+        };
+    }
+    if (action.tool.split('.')[0] === 'http' && rules.http) {
+        const url = action.payload.url;
+        if (url) {
+            try {
+                const domain = new URL(url).hostname;
+                // Use exact match or proper subdomain match (preceded by a dot)
+                // to prevent "not-trusted.com" from matching allowlist entry "trusted.com"
+                const matchesDomain = (d, pattern) => d === pattern || d.endsWith('.' + pattern);
+                if (rules.http.blockList.some((b) => matchesDomain(domain, b))) {
+                    return { decision: 'BLOCK', risk_level: 'critical', reason: `Domain ${domain} is in block list` };
+                }
+                if (rules.http.allowedDomains.length === 0) {
+                    // No allowlist configured: safe default is REQUIRE_APPROVAL, not ALLOW.
+                    // This prevents agents from exfiltrating data to arbitrary domains.
+                    return {
+                        decision: 'REQUIRE_APPROVAL',
+                        risk_level,
+                        reason: 'HTTP allowlist not configured — approval required for all HTTP calls',
+                    };
+                }
+                if (!rules.http.allowedDomains.some((d) => matchesDomain(domain, d))) {
+                    return { decision: 'BLOCK', risk_level, reason: `Domain ${domain} not in allowed list` };
+                }
+            }
+            catch {
+                return { decision: 'BLOCK', risk_level: 'critical', reason: 'Invalid URL' };
+            }
+        }
+        const method = action.payload.method?.toUpperCase();
+        if (method && !rules.http.allowedMethods.includes(method)) {
+            return { decision: 'BLOCK', risk_level, reason: `HTTP method ${method} not allowed` };
+        }
+    }
+    if (rules.limits?.maxCostPerAction !== undefined &&
+        action.cost_estimate !== undefined &&
+        action.cost_estimate > rules.limits.maxCostPerAction) {
+        return {
+            decision: 'BLOCK',
+            risk_level: 'high',
+            reason: `Cost estimate ${action.cost_estimate} exceeds limit ${rules.limits.maxCostPerAction}`,
+        };
+    }
+    // Most specific: tool-specific rule
+    let matched = rules.rules.find((r) => r.tool === action.tool);
+    // Then action-type rule
+    if (!matched)
+        matched = rules.rules.find((r) => r.action_type === action.action_type);
+    if (matched) {
+        return {
+            decision: matched.decision,
+            risk_level,
+            reason: `Matched rule: ${matched.action_type ?? matched.tool}`,
+            matched_rule: matched,
+        };
+    }
+    const defaultDecision = rules.defaultMode === 'allow' ? 'ALLOW' : rules.defaultMode === 'block' ? 'BLOCK' : 'REQUIRE_APPROVAL';
+    return { decision: defaultDecision, risk_level, reason: 'Default policy' };
+}
+function buildActionPreview(action) {
+    let summary = `${action.action_type.toUpperCase()} via ${action.tool}`;
+    let target;
+    if (action.tool.split('.')[0] === 'http') {
+        const url = action.payload.url;
+        const method = action.payload.method;
+        if (url) {
+            try {
+                target = new URL(url).hostname;
+            }
+            catch {
+                target = url;
+            }
+            summary = `${method?.toUpperCase() ?? 'HTTP'} request to ${target}`;
+        }
+    }
+    else if (action.tool === 'browser.open') {
+        const url = action.payload.url;
+        if (url) {
+            try {
+                target = new URL(url).hostname;
+            }
+            catch {
+                target = url;
+            }
+            summary = `Open browser session to ${target}`;
+        }
+        else {
+            summary = 'Open browser session';
+        }
+    }
+    else if (action.tool === 'mcp.list_tools') {
+        const server = action.payload.server;
+        target = server;
+        summary = `List available tools on MCP server "${server ?? 'unknown'}"`;
+    }
+    else if (action.tool === 'mcp.call_tool') {
+        const server = action.payload.server;
+        const method = action.payload.method;
+        target = server;
+        summary = `Call "${method ?? 'unknown'}" on MCP server "${server ?? 'unknown'}"`;
+    }
+    else if (action.tool === 'demo') {
+        summary = `Write to demo table: ${JSON.stringify((0, redact_js_1.redact)(action.payload)).slice(0, 80)}`;
+    }
+    return {
+        summary,
+        target,
+        impact: action.action_type === 'write' ? 'Data will be modified' : undefined,
+        cost_estimate: action.cost_estimate,
+    };
+}
+//# sourceMappingURL=policy.js.map

package/dist/policy.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy.js","sourceRoot":"","sources":["../src/policy.ts"],"names":[],"mappings":";;;AAkCA,wCAkGC;AAED,gDAmDC;AAlLD,2CAAqC;AAErC,MAAM,QAAQ,GAA8B;IAC1C,IAAI,EAAE,KAAK;IACX,KAAK,EAAE,QAAQ;IACf,SAAS,EAAE,MAAM;IACjB,KAAK,EAAE,UAAU;CAClB,CAAC;AAEW,QAAA,oBAAoB,GAAgB;IAC/C,WAAW,EAAE,kBAAkB;IAC/B,KAAK,EAAE;QACL,EAAE,WAAW,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE;QAC1C,EAAE,WAAW,EAAE,OAAO,EAAE,QAAQ,EAAE,kBAAkB,EAAE;QACtD,EAAE,WAAW,EAAE,WAAW,EAAE,QAAQ,EAAE,kBAAkB,EAAE;QAC1D,EAAE,WAAW,EAAE,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE;KAC5C;IACD,IAAI,EAAE;QACJ,cAAc,EAAE,EAAE;QAClB,cAAc,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,QAAQ,CAAC;QAChD,SAAS,EAAE,EAAE;KACd;IACD,MAAM,EAAE;QACN,iBAAiB,EAAE,GAAG;KACvB;CACF,CAAC;AAEF,SAAgB,cAAc,CAC5B,MAA0B,EAC1B,KAAkB;IAElB,MAAM,UAAU,GAAG,QAAQ,CAAC,MAAM,CAAC,WAAW,CAAC,IAAI,QAAQ,CAAC;IAE5D,uDAAuD;IACvD,IAAI,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QACvC,IAAI,MAAM,CAAC,IAAI,KAAK,cAAc,EAAE,CAAC;YACnC,OAAO;gBACL,QAAQ,EAAE,kBAAkB;gBAC5B,UAAU,EAAE,QAAQ;gBACpB,MAAM,EAAE,mDAAmD;aAC5D,CAAC;QACJ,CAAC;QACD,0EAA0E;QAC1E,4EAA4E;QAC5E,0BAA0B;QAC1B,OAAO;YACL,QAAQ,EAAE,OAAO;YACjB,UAAU,EAAE,QAAQ;YACpB,MAAM,EAAE,oEAAoE;SAC7E,CAAC;IACJ,CAAC;IAED,oFAAoF;IACpF,IAAI,MAAM,CAAC,IAAI,KAAK,gBAAgB,EAAE,CAAC;QACrC,OAAO;YACL,QAAQ,EAAE,OAAO;YACjB,UAAU,EAAE,KAAK;YACjB,MAAM,EAAE,iCAAiC;SAC1C,CAAC;IACJ,CAAC;IAED,IAAI,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,MAAM,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC;QACvD,MAAM,GAAG,GAAG,MAAM,CAAC,OAAO,CAAC,GAAyB,CAAC;QACrD,IAAI,GAAG,EAAE,CAAC;YACR,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC;gBACrC,gEAAgE;gBAChE,2EAA2E;gBAC3E,MAAM,aAAa,GAAG,CAAC,CAAS,EAAE,OAAe,EAAE,EAAE,CACnD,CAAC,KAAK,OAAO,IAAI,CAAC,CAAC,QAAQ,CAAC,GAAG,GAAG,OAAO,CAAC,CAAC;gBAC7C,IAAI,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,aAAa,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;oBAC/D,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,EAAE,UAAU,MAAM,mBAAmB,EAAE,CAAC;gBACpG,CAAC;gBACD,IAAI,KAAK,CAAC,IAAI,CAAC,cAAc,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;oBAC3C,wEAAwE;oBACxE,oEAAoE;oBACpE,OAAO;wBACL,QAAQ,EAAE,kBAAkB;wBAC5B,UAAU;wBACV,MAAM,EAAE,sEAAsE;qBAC/E,CAAC;gBACJ,CAAC;gBACD,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,aAAa,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;oBACrE,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,UAAU,EAAE,MAAM,EAAE,UAAU,MAAM,sBAAsB,EAAE,CAAC;gBAC3F,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,EAAE,aAAa,EAAE,CAAC;YAC9E,CAAC;QACH,CAAC;QACD,MAAM,MAAM,GAAI,MAAM,CAAC,OAAO,CAAC,MAA6B,EAAE,WAAW,EAAE,CAAC;QAC5E,IAAI,MAAM,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YAC1D,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,UAAU,EAAE,MAAM,EAAE,eAAe,MAAM,cAAc,EAAE,CAAC;QACxF,CAAC;IACH,CAAC;IAED,IACE,KAAK,CAAC,MAAM,EAAE,gBAAgB,KAAK,SAAS;QAC5C,MAAM,CAAC,aAAa,KAAK,SAAS;QAClC,MAAM,CAAC,aAAa,GAAG,KAAK,CAAC,MAAM,CAAC,gBAAgB,EACpD,CAAC;QACD,OAAO;YACL,QAAQ,EAAE,OAAO;YACjB,UAAU,EAAE,MAAM;YAClB,MAAM,EAAE,iBAAiB,MAAM,CAAC,aAAa,kBAAkB,KAAK,CAAC,MAAM,CAAC,gBAAgB,EAAE;SAC/F,CAAC;IACJ,CAAC;IAED,oCAAoC;IACpC,IAAI,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,MAAM,CAAC,IAAI,CAAC,CAAC;IAC9D,wBAAwB;IACxB,IAAI,CAAC,OAAO;QAAE,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,KAAK,MAAM,CAAC,WAAW,CAAC,CAAC;IAEtF,IAAI,OAAO,EAAE,CAAC;QACZ,OAAO;YACL,QAAQ,EAAE,OAAO,CAAC,QAAQ;YAC1B,UAAU;YACV,MAAM,EAAE,iBAAiB,OAAO,CAAC,WAAW,IAAI,OAAO,CAAC,IAAI,EAAE;YAC9D,YAAY,EAAE,OAAO;SACtB,CAAC;IACJ,CAAC;IAED,MAAM,eAAe,GACnB,KAAK,CAAC,WAAW,KAAK,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,WAAW,KAAK,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,kBAAkB,CAAC;IAEzG,OAAO,EAAE,QAAQ,EAAE,eAAe,EAAE,UAAU,EAAE,MAAM,EAAE,gBAAgB,EAAE,CAAC;AAC7E,CAAC;AAED,SAAgB,kBAAkB,CAAC,MAA0B;IAM3D,IAAI,OAAO,GAAG,GAAG,MAAM,CAAC,WAAW,CAAC,WAAW,EAAE,QAAQ,MAAM,CAAC,IAAI,EAAE,CAAC;IACvE,IAAI,MAA0B,CAAC;IAE/B,IAAI,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,MAAM,EAAE,CAAC;QACzC,MAAM,GAAG,GAAG,MAAM,CAAC,OAAO,CAAC,GAAyB,CAAC;QACrD,MAAM,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,MAA4B,CAAC;QAC3D,IAAI,GAAG,EAAE,CAAC;YACR,IAAI,CAAC;gBACH,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC;YACjC,CAAC;YAAC,MAAM,CAAC;gBACP,MAAM,GAAG,GAAG,CAAC;YACf,CAAC;YACD,OAAO,GAAG,GAAG,MAAM,EAAE,WAAW,EAAE,IAAI,MAAM,eAAe,MAAM,EAAE,CAAC;QACtE,CAAC;IACH,CAAC;SAAM,IAAI,MAAM,CAAC,IAAI,KAAK,cAAc,EAAE,CAAC;QAC1C,MAAM,GAAG,GAAG,MAAM,CAAC,OAAO,CAAC,GAAyB,CAAC;QACrD,IAAI,GAAG,EAAE,CAAC;YACR,IAAI,CAAC;gBACH,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC;YACjC,CAAC;YAAC,MAAM,CAAC;gBACP,MAAM,GAAG,GAAG,CAAC;YACf,CAAC;YACD,OAAO,GAAG,2BAA2B,MAAM,EAAE,CAAC;QAChD,CAAC;aAAM,CAAC;YACN,OAAO,GAAG,sBAAsB,CAAC;QACnC,CAAC;IACH,CAAC;SAAM,IAAI,MAAM,CAAC,IAAI,KAAK,gBAAgB,EAAE,CAAC;QAC5C,MAAM,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,MAA4B,CAAC;QAC3D,MAAM,GAAG,MAAM,CAAC;QAChB,OAAO,GAAG,uCAAuC,MAAM,IAAI,SAAS,GAAG,CAAC;IAC1E,CAAC;SAAM,IAAI,MAAM,CAAC,IAAI,KAAK,eAAe,EAAE,CAAC;QAC3C,MAAM,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,MAA4B,CAAC;QAC3D,MAAM,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,MAA4B,CAAC;QAC3D,MAAM,GAAG,MAAM,CAAC;QAChB,OAAO,GAAG,SAAS,MAAM,IAAI,SAAS,oBAAoB,MAAM,IAAI,SAAS,GAAG,CAAC;IACnF,CAAC;SAAM,IAAI,MAAM,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;QAClC,OAAO,GAAG,wBAAwB,IAAI,CAAC,SAAS,CAAC,IAAA,kBAAM,EAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC;IAC1F,CAAC;IAED,OAAO;QACL,OAAO;QACP,MAAM;QACN,MAAM,EAAE,MAAM,CAAC,WAAW,KAAK,OAAO,CAAC,CAAC,CAAC,uBAAuB,CAAC,CAAC,CAAC,SAAS;QAC5E,aAAa,EAAE,MAAM,CAAC,aAAa;KACpC,CAAC;AACJ,CAAC"}

package/dist/redact.d.ts

@@ -0,0 +1,4 @@
+export declare function redact(obj: unknown, depth?: number): unknown;
+export declare function redactHeaders(headers: Record<string, string>): Record<string, string>;
+export declare function sanitizeActionRequest(request: Record<string, unknown>): Record<string, unknown>;
+//# sourceMappingURL=redact.d.ts.map

package/dist/redact.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"redact.d.ts","sourceRoot":"","sources":["../src/redact.ts"],"names":[],"mappings":"AAuFA,wBAAgB,MAAM,CAAC,GAAG,EAAE,OAAO,EAAE,KAAK,SAAI,GAAG,OAAO,CAYvD;AAED,wBAAgB,aAAa,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAMrF;AAED,wBAAgB,qBAAqB,CACnC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAC/B,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAEzB"}