npm - agentlock-shared - Versions diffs - 0.2.0 → 0.3.0 - Mend

agentlock-shared 0.2.0 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (169) hide show

package/dist/__tests__/billing.test.d.ts +2 -0
package/dist/__tests__/billing.test.d.ts.map +1 -0
package/dist/__tests__/billing.test.js +31 -0
package/dist/__tests__/billing.test.js.map +1 -0
package/dist/__tests__/dns-pinning.test.d.ts +2 -0
package/dist/__tests__/dns-pinning.test.d.ts.map +1 -0
package/dist/__tests__/dns-pinning.test.js +33 -0
package/dist/__tests__/dns-pinning.test.js.map +1 -0
package/dist/__tests__/llm-classifier-cache-store.test.d.ts +2 -0
package/dist/__tests__/llm-classifier-cache-store.test.d.ts.map +1 -0
package/dist/__tests__/llm-classifier-cache-store.test.js +65 -0
package/dist/__tests__/llm-classifier-cache-store.test.js.map +1 -0
package/dist/__tests__/llm-classifier-cache.test.d.ts +2 -0
package/dist/__tests__/llm-classifier-cache.test.d.ts.map +1 -0
package/dist/__tests__/llm-classifier-cache.test.js +44 -0
package/dist/__tests__/llm-classifier-cache.test.js.map +1 -0
package/dist/__tests__/llm-classifier.test.d.ts +2 -0
package/dist/__tests__/llm-classifier.test.d.ts.map +1 -0
package/dist/__tests__/llm-classifier.test.js +167 -0
package/dist/__tests__/llm-classifier.test.js.map +1 -0
package/dist/__tests__/plans-classifier-limits.test.d.ts +2 -0
package/dist/__tests__/plans-classifier-limits.test.d.ts.map +1 -0
package/dist/__tests__/plans-classifier-limits.test.js +22 -0
package/dist/__tests__/plans-classifier-limits.test.js.map +1 -0
package/dist/__tests__/policy-category-floor.test.d.ts +2 -0
package/dist/__tests__/policy-category-floor.test.d.ts.map +1 -0
package/dist/__tests__/policy-category-floor.test.js +46 -0
package/dist/__tests__/policy-category-floor.test.js.map +1 -0
package/dist/__tests__/policy-claude-bash.test.d.ts +2 -0
package/dist/__tests__/policy-claude-bash.test.d.ts.map +1 -0
package/dist/__tests__/policy-claude-bash.test.js +401 -0
package/dist/__tests__/policy-claude-bash.test.js.map +1 -0
package/dist/__tests__/policy-llm-floor.test.d.ts +2 -0
package/dist/__tests__/policy-llm-floor.test.d.ts.map +1 -0
package/dist/__tests__/policy-llm-floor.test.js +107 -0
package/dist/__tests__/policy-llm-floor.test.js.map +1 -0
package/dist/__tests__/policy-ssh-e2e.test.d.ts +2 -0
package/dist/__tests__/policy-ssh-e2e.test.d.ts.map +1 -0
package/dist/__tests__/policy-ssh-e2e.test.js +89 -0
package/dist/__tests__/policy-ssh-e2e.test.js.map +1 -0
package/dist/__tests__/policy-ssh-sessions.test.d.ts +2 -0
package/dist/__tests__/policy-ssh-sessions.test.d.ts.map +1 -0
package/dist/__tests__/policy-ssh-sessions.test.js +139 -0
package/dist/__tests__/policy-ssh-sessions.test.js.map +1 -0
package/dist/__tests__/policy-ssh.test.d.ts +2 -0
package/dist/__tests__/policy-ssh.test.d.ts.map +1 -0
package/dist/__tests__/policy-ssh.test.js +180 -0
package/dist/__tests__/policy-ssh.test.js.map +1 -0
package/dist/__tests__/policy.test.js +400 -2
package/dist/__tests__/policy.test.js.map +1 -1
package/dist/__tests__/redact.test.js +76 -0
package/dist/__tests__/redact.test.js.map +1 -1
package/dist/__tests__/signing.test.js +89 -0
package/dist/__tests__/signing.test.js.map +1 -1
package/dist/__tests__/ssh-fingerprint.test.d.ts +2 -0
package/dist/__tests__/ssh-fingerprint.test.d.ts.map +1 -0
package/dist/__tests__/ssh-fingerprint.test.js +19 -0
package/dist/__tests__/ssh-fingerprint.test.js.map +1 -0
package/dist/__tests__/vpn-route.test.d.ts +2 -0
package/dist/__tests__/vpn-route.test.d.ts.map +1 -0
package/dist/__tests__/vpn-route.test.js +72 -0
package/dist/__tests__/vpn-route.test.js.map +1 -0
package/dist/__tests__/wireguard.test.d.ts +2 -0
package/dist/__tests__/wireguard.test.d.ts.map +1 -0
package/dist/__tests__/wireguard.test.js +114 -0
package/dist/__tests__/wireguard.test.js.map +1 -0
package/dist/billing.d.ts +12 -0
package/dist/billing.d.ts.map +1 -0
package/dist/billing.js +41 -0
package/dist/billing.js.map +1 -0
package/dist/crypto.d.ts +5 -0
package/dist/crypto.d.ts.map +1 -1
package/dist/crypto.js +80 -23
package/dist/crypto.js.map +1 -1
package/dist/dns-pinning.d.ts +28 -0
package/dist/dns-pinning.d.ts.map +1 -0
package/dist/dns-pinning.js +113 -0
package/dist/dns-pinning.js.map +1 -0
package/dist/index.d.ts +6 -0
package/dist/index.d.ts.map +1 -1
package/dist/index.js +9 -0
package/dist/index.js.map +1 -1
package/dist/llm-classifier-cache-store.d.ts +49 -0
package/dist/llm-classifier-cache-store.d.ts.map +1 -0
package/dist/llm-classifier-cache-store.js +63 -0
package/dist/llm-classifier-cache-store.js.map +1 -0
package/dist/llm-classifier-cache.d.ts +6 -0
package/dist/llm-classifier-cache.d.ts.map +1 -0
package/dist/llm-classifier-cache.js +52 -0
package/dist/llm-classifier-cache.js.map +1 -0
package/dist/llm-classifier.d.ts +29 -0
package/dist/llm-classifier.d.ts.map +1 -0
package/dist/llm-classifier.js +191 -0
package/dist/llm-classifier.js.map +1 -0
package/dist/observability.d.ts +36 -0
package/dist/observability.d.ts.map +1 -0
package/dist/observability.js +75 -0
package/dist/observability.js.map +1 -0
package/dist/plans.d.ts +17 -0
package/dist/plans.d.ts.map +1 -1
package/dist/plans.js +36 -14
package/dist/plans.js.map +1 -1
package/dist/policy.d.ts +173 -3
package/dist/policy.d.ts.map +1 -1
package/dist/policy.js +910 -42
package/dist/policy.js.map +1 -1
package/dist/redact.d.ts.map +1 -1
package/dist/redact.js +83 -3
package/dist/redact.js.map +1 -1
package/dist/regex-safety.d.ts +21 -0
package/dist/regex-safety.d.ts.map +1 -0
package/dist/regex-safety.js +49 -0
package/dist/regex-safety.js.map +1 -0
package/dist/sanitize.d.ts +31 -0
package/dist/sanitize.d.ts.map +1 -0
package/dist/sanitize.js +54 -0
package/dist/sanitize.js.map +1 -0
package/dist/schemas.d.ts +202 -10
package/dist/schemas.d.ts.map +1 -1
package/dist/schemas.js +91 -1
package/dist/schemas.js.map +1 -1
package/dist/signing.d.ts +15 -0
package/dist/signing.d.ts.map +1 -1
package/dist/signing.js +53 -4
package/dist/signing.js.map +1 -1
package/dist/ssh-fingerprint.d.ts +10 -0
package/dist/ssh-fingerprint.d.ts.map +1 -0
package/dist/ssh-fingerprint.js +52 -0
package/dist/ssh-fingerprint.js.map +1 -0
package/dist/ssrf.d.ts +36 -0
package/dist/ssrf.d.ts.map +1 -0
package/dist/ssrf.js +140 -0
package/dist/ssrf.js.map +1 -0
package/dist/types.d.ts +130 -0
package/dist/types.d.ts.map +1 -1
package/dist/wireguard.d.ts +63 -0
package/dist/wireguard.d.ts.map +1 -0
package/dist/wireguard.js +226 -0
package/dist/wireguard.js.map +1 -0
package/package.json +42 -29
package/.turbo/turbo-build.log +0 -4
package/.turbo/turbo-test.log +0 -76
package/dist/__tests__/content-crypto.test.d.ts +0 -2
package/dist/__tests__/content-crypto.test.d.ts.map +0 -1
package/dist/__tests__/content-crypto.test.js +0 -117
package/dist/__tests__/content-crypto.test.js.map +0 -1
package/dist/__tests__/signing.test (# Edit conflict 2026-04-01 z3etfmC #).js +0 -51
package/dist/__tests__/signing.test.js (# Edit conflict 2026-04-01 4rndy9C #).map +0 -1
package/dist/content-crypto.d.ts +0 -24
package/dist/content-crypto.d.ts.map +0 -1
package/dist/content-crypto.js +0 -58
package/dist/content-crypto.js.map +0 -1
package/src/__tests__/crypto.test.ts +0 -169
package/src/__tests__/messaging.test.ts +0 -83
package/src/__tests__/policy.test.ts +0 -222
package/src/__tests__/redact.test.ts +0 -41
package/src/__tests__/signing.test.ts +0 -55
package/src/crypto.ts +0 -235
package/src/index.ts +0 -8
package/src/mcp-catalog.ts +0 -181
package/src/plans.ts +0 -116
package/src/policy.ts +0 -216
package/src/redact.ts +0 -131
package/src/schemas.ts +0 -121
package/src/signing.ts +0 -120
package/src/types.ts +0 -213
package/test-gateway.mjs +0 -47
package/tsconfig.json +0 -10
package/vitest.config.ts +0 -8

package/dist/content-crypto.js DELETED Viewed

@@ -1,58 +0,0 @@
-"use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.PAYLOAD_VERSION_WCK = exports.PAYLOAD_VERSION_LEGACY = void 0;
-exports.generateWCK = generateWCK;
-exports.wrapKey = wrapKey;
-exports.unwrapKey = unwrapKey;
-exports.deriveKEK = deriveKEK;
-exports.wrapWCKForUser = wrapWCKForUser;
-exports.unwrapWCKFromUser = unwrapWCKFromUser;
-const tweetnacl_1 = __importDefault(require("tweetnacl"));
-const tweetnacl_util_1 = require("tweetnacl-util");
-const scrypt_1 = require("@noble/hashes/scrypt");
-/** Payload encrypted with MASTER_KEY (legacy) */
-exports.PAYLOAD_VERSION_LEGACY = 0;
-/** Payload encrypted with per-workspace WCK */
-exports.PAYLOAD_VERSION_WCK = 1;
-/** Generate a random 32-byte Workspace Content Key */
-function generateWCK() {
-    return tweetnacl_1.default.randomBytes(32);
-}
-/** Wrap a WCK using a wrapping key (e.g. MASTER_KEY). Returns base64 ciphertext + nonce. */
-function wrapKey(wck, wrappingKey) {
-    const nonce = tweetnacl_1.default.randomBytes(tweetnacl_1.default.secretbox.nonceLength);
-    const box = tweetnacl_1.default.secretbox(wck, nonce, wrappingKey);
-    return { ciphertext: (0, tweetnacl_util_1.encodeBase64)(box), nonce: (0, tweetnacl_util_1.encodeBase64)(nonce) };
-}
-/** Unwrap a WCK using a wrapping key. Returns the raw 32-byte WCK. */
-function unwrapKey(ciphertext, nonce, wrappingKey) {
-    const box = (0, tweetnacl_util_1.decodeBase64)(ciphertext);
-    const n = (0, tweetnacl_util_1.decodeBase64)(nonce);
-    const result = tweetnacl_1.default.secretbox.open(box, n, wrappingKey);
-    if (!result) {
-        throw new Error('unwrapKey failed: invalid wrapping key or corrupted data');
-    }
-    return result;
-}
-/** Derive a Key Encryption Key from a passphrase using scrypt. */
-function deriveKEK(passphrase, salt) {
-    const pw = new TextEncoder().encode(passphrase);
-    return (0, scrypt_1.scrypt)(pw, salt, { N: 2 ** 15, r: 8, p: 1, dkLen: 32 });
-}
-/** Wrap a WCK for a user using their passphrase. Returns base64 strings. */
-function wrapWCKForUser(wck, passphrase) {
-    const salt = tweetnacl_1.default.randomBytes(32);
-    const kek = deriveKEK(passphrase, salt);
-    const { ciphertext, nonce } = wrapKey(wck, kek);
-    return { ciphertext, nonce, salt: (0, tweetnacl_util_1.encodeBase64)(salt) };
-}
-/** Unwrap a WCK using a user's passphrase. Returns the raw 32-byte WCK. */
-function unwrapWCKFromUser(ciphertext, nonce, salt, passphrase) {
-    const saltBytes = (0, tweetnacl_util_1.decodeBase64)(salt);
-    const kek = deriveKEK(passphrase, saltBytes);
-    return unwrapKey(ciphertext, nonce, kek);
-}
-//# sourceMappingURL=content-crypto.js.map

package/dist/content-crypto.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"content-crypto.js","sourceRoot":"","sources":["../src/content-crypto.ts"],"names":[],"mappings":";;;;;;AAUA,kCAEC;AAGD,0BAOC;AAGD,8BAYC;AAGD,8BAMC;AAGD,wCAQC;AAGD,8CASC;AArED,0DAA6B;AAC7B,mDAA4D;AAC5D,iDAA8C;AAE9C,iDAAiD;AACpC,QAAA,sBAAsB,GAAG,CAAC,CAAC;AACxC,+CAA+C;AAClC,QAAA,mBAAmB,GAAG,CAAC,CAAC;AAErC,sDAAsD;AACtD,SAAgB,WAAW;IACzB,OAAO,mBAAI,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;AAC9B,CAAC;AAED,4FAA4F;AAC5F,SAAgB,OAAO,CACrB,GAAe,EACf,WAAuB;IAEvB,MAAM,KAAK,GAAG,mBAAI,CAAC,WAAW,CAAC,mBAAI,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;IAC3D,MAAM,GAAG,GAAG,mBAAI,CAAC,SAAS,CAAC,GAAG,EAAE,KAAK,EAAE,WAAW,CAAC,CAAC;IACpD,OAAO,EAAE,UAAU,EAAE,IAAA,6BAAY,EAAC,GAAG,CAAC,EAAE,KAAK,EAAE,IAAA,6BAAY,EAAC,KAAK,CAAC,EAAE,CAAC;AACvE,CAAC;AAED,sEAAsE;AACtE,SAAgB,SAAS,CACvB,UAAkB,EAClB,KAAa,EACb,WAAuB;IAEvB,MAAM,GAAG,GAAG,IAAA,6BAAY,EAAC,UAAU,CAAC,CAAC;IACrC,MAAM,CAAC,GAAG,IAAA,6BAAY,EAAC,KAAK,CAAC,CAAC;IAC9B,MAAM,MAAM,GAAG,mBAAI,CAAC,SAAS,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,EAAE,WAAW,CAAC,CAAC;IACxD,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,IAAI,KAAK,CAAC,0DAA0D,CAAC,CAAC;IAC9E,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,kEAAkE;AAClE,SAAgB,SAAS,CACvB,UAAkB,EAClB,IAAgB;IAEhB,MAAM,EAAE,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;IAChD,OAAO,IAAA,eAAM,EAAC,EAAE,EAAE,IAAI,EAAE,EAAE,CAAC,EAAE,CAAC,IAAI,EAAE,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC,CAAC;AACjE,CAAC;AAED,4EAA4E;AAC5E,SAAgB,cAAc,CAC5B,GAAe,EACf,UAAkB;IAElB,MAAM,IAAI,GAAG,mBAAI,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;IAClC,MAAM,GAAG,GAAG,SAAS,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC;IACxC,MAAM,EAAE,UAAU,EAAE,KAAK,EAAE,GAAG,OAAO,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IAChD,OAAO,EAAE,UAAU,EAAE,KAAK,EAAE,IAAI,EAAE,IAAA,6BAAY,EAAC,IAAI,CAAC,EAAE,CAAC;AACzD,CAAC;AAED,2EAA2E;AAC3E,SAAgB,iBAAiB,CAC/B,UAAkB,EAClB,KAAa,EACb,IAAY,EACZ,UAAkB;IAElB,MAAM,SAAS,GAAG,IAAA,6BAAY,EAAC,IAAI,CAAC,CAAC;IACrC,MAAM,GAAG,GAAG,SAAS,CAAC,UAAU,EAAE,SAAS,CAAC,CAAC;IAC7C,OAAO,SAAS,CAAC,UAAU,EAAE,KAAK,EAAE,GAAG,CAAC,CAAC;AAC3C,CAAC"}

package/src/__tests__/crypto.test.ts DELETED Viewed

@@ -1,169 +0,0 @@
-import { describe, it, expect } from 'vitest';
-import nacl from 'tweetnacl';
-import { encodeBase64 } from 'tweetnacl-util';
-import {
-  encrypt,
-  decrypt,
-  envelopeEncrypt,
-  envelopeDecrypt,
-  generateKey,
-  encryptCredential,
-  decryptCredential,
-} from '../crypto.js';
-// Deterministic test key (not from env -- tests must not depend on MASTER_KEY)
-const testMasterKey = nacl.randomBytes(32);
-describe('encrypt / decrypt (low-level)', () => {
-  it('round-trips a string', () => {
-    const data = 'hello world';
-    const encrypted = encrypt(data, testMasterKey);
-    expect(encrypted).not.toBe(data);
-    expect(decrypt(encrypted, testMasterKey)).toBe(data);
-  });
-  it('produces different ciphertext each call (random nonce)', () => {
-    const data = 'deterministic?';
-    const a = encrypt(data, testMasterKey);
-    const b = encrypt(data, testMasterKey);
-    expect(a).not.toBe(b);
-  });
-  it('rejects wrong key', () => {
-    const data = 'secret';
-    const encrypted = encrypt(data, testMasterKey);
-    const wrongKey = nacl.randomBytes(32);
-    expect(() => decrypt(encrypted, wrongKey)).toThrow('Decryption failed');
-  });
-  it('handles empty string', () => {
-    const encrypted = encrypt('', testMasterKey);
-    expect(decrypt(encrypted, testMasterKey)).toBe('');
-  });
-  it('handles unicode', () => {
-    const data = 'Hello unicode world';
-    const encrypted = encrypt(data, testMasterKey);
-    expect(decrypt(encrypted, testMasterKey)).toBe(data);
-  });
-});
-describe('envelopeEncrypt / envelopeDecrypt', () => {
-  it('round-trips a string', () => {
-    const data = 'envelope test data';
-    const encrypted = envelopeEncrypt(data, testMasterKey);
-    expect(encrypted).toMatch(/^env1:/);
-    expect(envelopeDecrypt(encrypted, testMasterKey)).toBe(data);
-  });
-  it('produces different ciphertext each call (fresh DEK + nonce)', () => {
-    const data = 'same data';
-    const a = envelopeEncrypt(data, testMasterKey);
-    const b = envelopeEncrypt(data, testMasterKey);
-    expect(a).not.toBe(b);
-  });
-  it('rejects wrong master key', () => {
-    const data = 'secret';
-    const encrypted = envelopeEncrypt(data, testMasterKey);
-    const wrongKey = nacl.randomBytes(32);
-    expect(() => envelopeDecrypt(encrypted, wrongKey)).toThrow();
-  });
-  it('handles empty string', () => {
-    const encrypted = envelopeEncrypt('', testMasterKey);
-    expect(envelopeDecrypt(encrypted, testMasterKey)).toBe('');
-  });
-  it('handles large data', () => {
-    const data = 'x'.repeat(100_000);
-    const encrypted = envelopeEncrypt(data, testMasterKey);
-    expect(envelopeDecrypt(encrypted, testMasterKey)).toBe(data);
-  });
-  it('handles JSON data', () => {
-    const obj = { tool: 'http', payload: { url: 'https://example.com' }, nested: [1, 2, 3] };
-    const data = JSON.stringify(obj);
-    const encrypted = envelopeEncrypt(data, testMasterKey);
-    const decrypted = JSON.parse(envelopeDecrypt(encrypted, testMasterKey));
-    expect(decrypted).toEqual(obj);
-  });
-  it('envelopeDecrypt rejects non-envelope data', () => {
-    const legacy = encrypt('legacy data', testMasterKey);
-    expect(() => envelopeDecrypt(legacy, testMasterKey)).toThrow('missing env1: prefix');
-  });
-  it('rejects malformed envelope (no separator)', () => {
-    expect(() => envelopeDecrypt('env1:nodatahere', testMasterKey)).toThrow('missing DEK/payload separator');
-  });
-  it('rejects malformed envelope (empty parts)', () => {
-    // env1:: has withoutPrefix=":" where lastIndexOf(':') returns 0,
-    // caught by the separatorIndex <= 0 check
-    expect(() => envelopeDecrypt('env1::', testMasterKey)).toThrow('missing DEK/payload separator');
-    // env1:abc: has empty payload after separator
-    expect(() => envelopeDecrypt('env1:abc:', testMasterKey)).toThrow('empty DEK or payload');
-  });
-});
-describe('decrypt() backward compatibility', () => {
-  it('transparently decrypts envelope-encrypted data', () => {
-    const data = 'new envelope data';
-    const encrypted = envelopeEncrypt(data, testMasterKey);
-    // decrypt() should auto-detect the env1: prefix and handle it
-    expect(decrypt(encrypted, testMasterKey)).toBe(data);
-  });
-  it('still decrypts legacy direct-encrypted data', () => {
-    const data = 'legacy direct data';
-    const encrypted = encrypt(data, testMasterKey);
-    // Legacy data should still work with decrypt()
-    expect(decrypt(encrypted, testMasterKey)).toBe(data);
-  });
-  it('handles mixed legacy and envelope data in sequence', () => {
-    const legacyData = 'old format';
-    const envelopeData = 'new format';
-    const legacyEncrypted = encrypt(legacyData, testMasterKey);
-    const envelopeEncrypted = envelopeEncrypt(envelopeData, testMasterKey);
-    // Both should decrypt through the same decrypt() function
-    expect(decrypt(legacyEncrypted, testMasterKey)).toBe(legacyData);
-    expect(decrypt(envelopeEncrypted, testMasterKey)).toBe(envelopeData);
-  });
-});
-describe('encryptCredential / decryptCredential (existing DEK pattern)', () => {
-  it('still works correctly after envelope changes', () => {
-    const payload = { api_key: 'sk-test-12345', name: 'test-cred' };
-    const { encryptedDEK, encryptedPayload } = encryptCredential(payload, testMasterKey);
-    const decrypted = decryptCredential(encryptedDEK, encryptedPayload, testMasterKey);
-    expect(decrypted).toEqual(payload);
-  });
-});
-describe('envelope format structure', () => {
-  it('has exactly the env1:wrappedDEK:payload format', () => {
-    const encrypted = envelopeEncrypt('test', testMasterKey);
-    const parts = encrypted.split(':');
-    // Should be: "env1", wrappedDEK (base64), payload (base64)
-    expect(parts[0]).toBe('env1');
-    expect(parts.length).toBe(3);
-    // Both parts after prefix should be valid base64
-    expect(parts[1].length).toBeGreaterThan(0);
-    expect(parts[2].length).toBeGreaterThan(0);
-  });
-  it('base64 parts do not contain colons', () => {
-    // Run multiple times to catch edge cases with different random nonces
-    for (let i = 0; i < 20; i++) {
-      const encrypted = envelopeEncrypt(`test data ${i}`, testMasterKey);
-      const withoutPrefix = encrypted.slice(5); // remove "env1:"
-      const colonCount = (withoutPrefix.match(/:/g) || []).length;
-      // Exactly one colon separating wrappedDEK and payload
-      expect(colonCount).toBe(1);
-    }
-  });
-});

package/src/__tests__/messaging.test.ts DELETED Viewed

@@ -1,83 +0,0 @@
-import { describe, it, expect } from 'vitest';
-import { SendMessageSchema, AgentSendMessageSchema, ApproveRequestSchema } from '../schemas';
-describe('SendMessageSchema', () => {
-  it('accepts valid message with content only', () => {
-    const result = SendMessageSchema.safeParse({ content: 'Hello agent' });
-    expect(result.success).toBe(true);
-  });
-  it('accepts message with thread_id and expires_at', () => {
-    const result = SendMessageSchema.safeParse({
-      content: 'Do this task',
-      thread_id: '550e8400-e29b-41d4-a716-446655440000',
-      expires_at: '2026-04-01T12:00:00Z',
-    });
-    expect(result.success).toBe(true);
-  });
-  it('rejects empty content', () => {
-    const result = SendMessageSchema.safeParse({ content: '' });
-    expect(result.success).toBe(false);
-  });
-  it('rejects content over 4096 chars', () => {
-    const result = SendMessageSchema.safeParse({ content: 'x'.repeat(4097) });
-    expect(result.success).toBe(false);
-  });
-  it('rejects invalid thread_id', () => {
-    const result = SendMessageSchema.safeParse({ content: 'hi', thread_id: 'not-a-uuid' });
-    expect(result.success).toBe(false);
-  });
-});
-describe('AgentSendMessageSchema', () => {
-  it('requires thread_id', () => {
-    const result = AgentSendMessageSchema.safeParse({ content: 'Reply' });
-    expect(result.success).toBe(false);
-  });
-  it('accepts valid reply', () => {
-    const result = AgentSendMessageSchema.safeParse({
-      content: 'I found 3 files',
-      thread_id: '550e8400-e29b-41d4-a716-446655440000',
-    });
-    expect(result.success).toBe(true);
-  });
-});
-describe('ApproveRequestSchema with reply_message', () => {
-  it('accepts approve without reply', () => {
-    const result = ApproveRequestSchema.safeParse({ action: 'approve' });
-    expect(result.success).toBe(true);
-  });
-  it('accepts approve with reply_message', () => {
-    const result = ApproveRequestSchema.safeParse({
-      action: 'approve',
-      reply_message: 'Only delete files older than 7 days',
-    });
-    expect(result.success).toBe(true);
-    if (result.success) {
-      expect(result.data.reply_message).toBe('Only delete files older than 7 days');
-    }
-  });
-  it('accepts deny with reason and reply_message', () => {
-    const result = ApproveRequestSchema.safeParse({
-      action: 'deny',
-      reason: 'Too risky',
-      reply_message: 'Try a safer approach',
-    });
-    expect(result.success).toBe(true);
-  });
-  it('rejects reply_message over 2000 chars', () => {
-    const result = ApproveRequestSchema.safeParse({
-      action: 'approve',
-      reply_message: 'x'.repeat(2001),
-    });
-    expect(result.success).toBe(false);
-  });
-});

package/src/__tests__/policy.test.ts DELETED Viewed

@@ -1,222 +0,0 @@
-import { describe, it, expect } from 'vitest';
-import { evaluatePolicy, DEFAULT_POLICY_RULES } from '../policy.js';
-import type { AgentActionRequest } from '../types.js';
-describe('Policy Engine', () => {
-  it('should ALLOW read actions by default', () => {
-    // Use a non-http tool to test the default read policy (http without URL is now correctly blocked)
-    const action: AgentActionRequest = { action_type: 'read', tool: 'demo.list', payload: {} };
-    expect(evaluatePolicy(action, DEFAULT_POLICY_RULES).decision).toBe('ALLOW');
-  });
-  it('should REQUIRE_APPROVAL for write actions', () => {
-    const action: AgentActionRequest = { action_type: 'write', tool: 'demo', payload: {} };
-    expect(evaluatePolicy(action, DEFAULT_POLICY_RULES).decision).toBe('REQUIRE_APPROVAL');
-  });
-  it('should BLOCK admin actions', () => {
-    const action: AgentActionRequest = { action_type: 'admin', tool: 'system', payload: {} };
-    expect(evaluatePolicy(action, DEFAULT_POLICY_RULES).decision).toBe('BLOCK');
-  });
-  it('should REQUIRE_APPROVAL for financial actions', () => {
-    const action: AgentActionRequest = { action_type: 'financial', tool: 'stripe', payload: {} };
-    expect(evaluatePolicy(action, DEFAULT_POLICY_RULES).decision).toBe('REQUIRE_APPROVAL');
-  });
-  it('should BLOCK disallowed HTTP domains', () => {
-    const action: AgentActionRequest = {
-      action_type: 'read',
-      tool: 'http',
-      payload: { url: 'https://evil.com/data', method: 'GET' },
-    };
-    const rules = {
-      ...DEFAULT_POLICY_RULES,
-      http: { allowedDomains: ['trusted.com'], allowedMethods: ['GET'], blockList: [] },
-    };
-    expect(evaluatePolicy(action, rules).decision).toBe('BLOCK');
-  });
-  it('should BLOCK explicitly blocklisted domains', () => {
-    const action: AgentActionRequest = {
-      action_type: 'read',
-      tool: 'http',
-      payload: { url: 'https://evil.com/data', method: 'GET' },
-    };
-    const rules = {
-      ...DEFAULT_POLICY_RULES,
-      http: { allowedDomains: [], allowedMethods: ['GET'], blockList: ['evil.com'] },
-    };
-    expect(evaluatePolicy(action, rules).decision).toBe('BLOCK');
-  });
-  it('should REQUIRE_APPROVAL for admin actions even when defaultMode is allow', () => {
-    const action: AgentActionRequest = { action_type: 'admin', tool: 'system', payload: {} };
-    const rules = { ...DEFAULT_POLICY_RULES, defaultMode: 'allow' as const, rules: [] };
-    const result = evaluatePolicy(action, rules);
-    expect(result.decision).toBe('REQUIRE_APPROVAL');
-  });
-  it('should REQUIRE_APPROVAL for financial actions even when defaultMode is allow', () => {
-    const action: AgentActionRequest = { action_type: 'financial', tool: 'stripe', payload: {} };
-    const rules = { ...DEFAULT_POLICY_RULES, defaultMode: 'allow' as const, rules: [] };
-    const result = evaluatePolicy(action, rules);
-    expect(result.decision).toBe('REQUIRE_APPROVAL');
-  });
-  it('should REQUIRE_APPROVAL for admin action even with explicit ALLOW rule', () => {
-    const action: AgentActionRequest = { action_type: 'admin', tool: 'admin.delete_user', payload: {} };
-    const rules = {
-      ...DEFAULT_POLICY_RULES,
-      defaultMode: 'allow' as const,
-      rules: [{ action_type: 'admin' as const, decision: 'ALLOW' as const }],
-    };
-    const result = evaluatePolicy(action, rules);
-    expect(result.decision).toBe('REQUIRE_APPROVAL');
-  });
-  it('should REQUIRE_APPROVAL for financial action even with explicit ALLOW rule', () => {
-    const action: AgentActionRequest = { action_type: 'financial', tool: 'stripe.charge', payload: {} };
-    const rules = {
-      ...DEFAULT_POLICY_RULES,
-      defaultMode: 'allow' as const,
-      rules: [{ action_type: 'financial' as const, decision: 'ALLOW' as const }],
-    };
-    const result = evaluatePolicy(action, rules);
-    expect(result.decision).toBe('REQUIRE_APPROVAL');
-  });
-  it('should still respect explicit rules for admin even with defaultMode allow', () => {
-    const action: AgentActionRequest = { action_type: 'admin', tool: 'system', payload: {} };
-    const rules = {
-      ...DEFAULT_POLICY_RULES,
-      defaultMode: 'allow' as const,
-      rules: [{ action_type: 'admin' as const, decision: 'BLOCK' as const }],
-    };
-    expect(evaluatePolicy(action, rules).decision).toBe('BLOCK');
-  });
-  it('should BLOCK when cost exceeds limit', () => {
-    const action: AgentActionRequest = {
-      action_type: 'financial',
-      tool: 'stripe',
-      payload: {},
-      cost_estimate: 1000,
-    };
-    const rules = { ...DEFAULT_POLICY_RULES, limits: { maxCostPerAction: 100 } };
-    expect(evaluatePolicy(action, rules).decision).toBe('BLOCK');
-  });
-  // --- Case-sensitivity bypass tests ---
-  it('should enforce HTTP domain allowlist even with mixed-case tool name', () => {
-    const action: AgentActionRequest = {
-      action_type: 'read',
-      tool: 'Http.get',
-      payload: { url: 'https://evil.com/data', method: 'GET' },
-    };
-    const rules = {
-      ...DEFAULT_POLICY_RULES,
-      http: { allowedDomains: ['trusted.com'], allowedMethods: ['GET'], blockList: [] },
-    };
-    expect(evaluatePolicy(action, rules).decision).toBe('BLOCK');
-  });
-  it('should match tool-specific rules case-insensitively', () => {
-    const action: AgentActionRequest = {
-      action_type: 'read',
-      tool: 'MCP.list_tools',
-      payload: {},
-    };
-    const result = evaluatePolicy(action, DEFAULT_POLICY_RULES);
-    expect(result.decision).toBe('ALLOW');
-  });
-  // --- URL edge cases ---
-  it('should not match subdomain of blocklisted domain (e.g., notevil.com vs evil.com)', () => {
-    const action: AgentActionRequest = {
-      action_type: 'read',
-      tool: 'http.get',
-      payload: { url: 'https://notevil.com/data', method: 'GET' },
-    };
-    const rules = {
-      ...DEFAULT_POLICY_RULES,
-      http: { allowedDomains: ['notevil.com', 'trusted.com'], allowedMethods: ['GET'], blockList: ['evil.com'] },
-    };
-    expect(evaluatePolicy(action, rules).decision).not.toBe('BLOCK');
-  });
-  it('should BLOCK HTTP tool with no URL in payload', () => {
-    const action: AgentActionRequest = {
-      action_type: 'read',
-      tool: 'http.get',
-      payload: {},
-    };
-    const rules = {
-      ...DEFAULT_POLICY_RULES,
-      http: { allowedDomains: ['trusted.com'], allowedMethods: ['GET'], blockList: [] },
-    };
-    expect(evaluatePolicy(action, rules).decision).toBe('BLOCK');
-  });
-  // --- Browser tool policy ---
-  it('should REQUIRE_APPROVAL for browser.open', () => {
-    const action: AgentActionRequest = {
-      action_type: 'write',
-      tool: 'browser.open',
-      payload: { url: 'https://example.com' },
-    };
-    const result = evaluatePolicy(action, DEFAULT_POLICY_RULES);
-    expect(result.decision).toBe('REQUIRE_APPROVAL');
-  });
-  it('should BLOCK browser.* actions without a session (reaching policy engine)', () => {
-    const action: AgentActionRequest = {
-      action_type: 'write',
-      tool: 'browser.click',
-      payload: {},
-    };
-    const result = evaluatePolicy(action, DEFAULT_POLICY_RULES);
-    expect(result.decision).toBe('BLOCK');
-  });
-  // --- Unknown action_type ---
-  it('should BLOCK unknown action types', () => {
-    const action = {
-      action_type: 'delete' as 'read',
-      tool: 'custom.tool',
-      payload: {},
-    };
-    const result = evaluatePolicy(action, DEFAULT_POLICY_RULES);
-    expect(result.decision).toBe('BLOCK');
-  });
-  // --- cost_estimate omission ---
-  it('should not enforce budget check when cost_estimate is omitted', () => {
-    const action: AgentActionRequest = {
-      action_type: 'write',
-      tool: 'demo',
-      payload: {},
-      // cost_estimate intentionally omitted
-    };
-    const rules = { ...DEFAULT_POLICY_RULES, limits: { maxCostPerAction: 100 } };
-    // Should match action_type 'write' rule, not be BLOCK-ed by cost limit
-    expect(evaluatePolicy(action, rules).decision).toBe('REQUIRE_APPROVAL');
-  });
-  // --- HTTP allowlist not configured ---
-  it('should REQUIRE_APPROVAL when HTTP allowlist is empty (safe default)', () => {
-    const action: AgentActionRequest = {
-      action_type: 'read',
-      tool: 'http.get',
-      payload: { url: 'https://any-site.com/data', method: 'GET' },
-    };
-    const result = evaluatePolicy(action, DEFAULT_POLICY_RULES);
-    expect(result.decision).toBe('REQUIRE_APPROVAL');
-  });
-});

package/src/__tests__/redact.test.ts DELETED Viewed

@@ -1,41 +0,0 @@
-import { describe, it, expect } from 'vitest';
-import { redact, redactHeaders } from '../redact.js';
-describe('Redaction', () => {
-  it('should redact api_key fields', () => {
-    const obj = { name: 'test', api_key: 'super-secret-123', data: { token: 'abc' } };
-    const result = redact(obj) as Record<string, unknown>;
-    expect(result.api_key).toBe('[REDACTED]');
-    expect((result.data as Record<string, unknown>).token).toBe('[REDACTED]');
-    expect(result.name).toBe('test');
-  });
-  it('should redact Authorization headers', () => {
-    const headers = { Authorization: 'Bearer secret', 'Content-Type': 'application/json' };
-    const result = redactHeaders(headers);
-    expect(result['Authorization']).toBe('[REDACTED]');
-    expect(result['Content-Type']).toBe('application/json');
-  });
-  it('should handle nested objects', () => {
-    const obj = { level1: { level2: { password: 'secret', safe: 'ok' } } };
-    const result = redact(obj) as { level1: { level2: { password: string; safe: string } } };
-    expect(result.level1.level2.password).toBe('[REDACTED]');
-    expect(result.level1.level2.safe).toBe('ok');
-  });
-  it('should handle arrays', () => {
-    const obj = { items: [{ token: 'secret1' }, { token: 'secret2' }] };
-    const result = redact(obj) as { items: { token: string }[] };
-    expect(result.items[0].token).toBe('[REDACTED]');
-    expect(result.items[1].token).toBe('[REDACTED]');
-  });
-  it('should not redact safe fields', () => {
-    const obj = { name: 'test', url: 'https://example.com', status: 200 };
-    const result = redact(obj) as typeof obj;
-    expect(result.name).toBe('test');
-    expect(result.url).toBe('https://example.com');
-    expect(result.status).toBe(200);
-  });
-});

package/src/__tests__/signing.test.ts DELETED Viewed

@@ -1,55 +0,0 @@
-import { describe, it, expect } from 'vitest';
-import { generateKeypair, signRequest, verifyRequest, canonicalStringify } from '../signing.js';
-describe('Ed25519 Signing', () => {
-  it('should generate valid keypair', () => {
-    const kp = generateKeypair();
-    expect(kp.publicKey).toBeTruthy();
-    expect(kp.privateKey).toBeTruthy();
-    expect(kp.publicKey.length).toBeGreaterThan(0);
-  });
-  it('should sign and verify a request', () => {
-    const kp = generateKeypair();
-    const body = { action_type: 'write', tool: 'demo', payload: { key: 'value' } };
-    const headers = signRequest(body, 'agent-123', kp.privateKey);
-    expect(() => verifyRequest(body, headers, kp.publicKey)).not.toThrow();
-  });
-  it('should reject tampered body (top-level field)', () => {
-    const kp = generateKeypair();
-    const body = { action_type: 'write', tool: 'demo', payload: { key: 'value' } };
-    const headers = signRequest(body, 'agent-123', kp.privateKey);
-    const tampered = { ...body, tool: 'admin' };
-    expect(() => verifyRequest(tampered, headers, kp.publicKey)).toThrow('Invalid signature');
-  });
-  it('should reject tampered nested payload field', () => {
-    const kp = generateKeypair();
-    const body = { action_type: 'write', tool: 'demo', payload: { key: 'value', amount: 100 } };
-    const headers = signRequest(body, 'agent-123', kp.privateKey);
-    const tampered = { ...body, payload: { key: 'value', amount: 999999 } };
-    expect(() => verifyRequest(tampered, headers, kp.publicKey)).toThrow('Invalid signature');
-  });
-  it('canonicalStringify should sort keys recursively at all nesting levels', () => {
-    const obj = { z: 1, a: { y: 2, b: 3 }, m: [{ q: 4, c: 5 }] };
-    const result = canonicalStringify(obj);
-    // All object levels must have sorted keys
-    expect(result).toBe('{"a":{"b":3,"y":2},"m":[{"c":5,"q":4}],"z":1}');
-  });
-  it('should reject missing headers', () => {
-    const kp = generateKeypair();
-    const body = { action_type: 'write', tool: 'demo', payload: {} };
-    expect(() => verifyRequest(body, {}, kp.publicKey)).toThrow('Missing required signature headers');
-  });
-  it('should reject stale timestamp', () => {
-    const kp = generateKeypair();
-    const body = { action_type: 'write', tool: 'demo', payload: {} };
-    const headers = signRequest(body, 'agent-123', kp.privateKey);
-    headers['x-timestamp'] = String(Date.now() - 10 * 60 * 1000);
-    expect(() => verifyRequest(body, headers, kp.publicKey)).toThrow('Timestamp skew');
-  });
-});