agentlock-shared 0.2.0 → 0.3.0

package/dist/crypto.js.map

@@ -1 +1 @@
-{"version":3,"file":"crypto.js","sourceRoot":"","sources":["../src/crypto.ts"],"names":[],"mappings":";;;;;AAYA,kCAEC;AAOD,0BAUC;AAYD,0BA0BC;AAcD,0CAUC;AAMD,0CAKC;AAkDD,gCAEC;AAED,gCAGC;AAMD,oCAMC;AAMD,oDAOC;AAGD,0CAUC;AAED,8CAEC;AAED,8CAaC;AAED,8CAcC;AA1OD,0DAA6B;AAC7B,mDAA4D;AAE5D;;;;;;GAMG;AACH,MAAM,eAAe,GAAG,OAAO,CAAC;AAEhC,SAAgB,WAAW;IACzB,OAAO,mBAAI,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;AAC9B,CAAC;AAED;;;;GAIG;AACH,SAAgB,OAAO,CAAC,IAAY,EAAE,GAAe;IACnD,MAAM,KAAK,GAAG,mBAAI,CAAC,WAAW,CAAC,mBAAI,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;IAC3D,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IAC/C,MAAM,GAAG,GAAG,mBAAI,CAAC,SAAS,CAAC,OAAO,EAAE,KAAK,EAAE,GAAG,CAAC,CAAC;IAEhD,MAAM,QAAQ,GAAG,IAAI,UAAU,CAAC,KAAK,CAAC,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC,CAAC;IAC3D,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;IACpB,QAAQ,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IAEhC,OAAO,IAAA,6BAAY,EAAC,QAAQ,CAAC,CAAC;AAChC,CAAC;AAED;;;;;;;;;GASG;AACH,SAAgB,OAAO,CAAC,aAAqB,EAAE,GAAe;IAC5D,4DAA4D;IAC5D,IAAI,aAAa,CAAC,UAAU,CAAC,eAAe,CAAC,EAAE,CAAC;QAC9C,OAAO,uBAAuB,CAAC,aAAa,EAAE,GAAG,CAAC,CAAC;IACrD,CAAC;IAED,yDAAyD;IACzD,MAAM,QAAQ,GAAG,IAAA,6BAAY,EAAC,aAAa,CAAC,CAAC;IAC7C,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,mBAAI,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;IAC5D,MAAM,GAAG,GAAG,QAAQ,CAAC,KAAK,CAAC,mBAAI,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;IAEvD,MAAM,OAAO,GAAG,mBAAI,CAAC,SAAS,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,EAAE,GAAG,CAAC,CAAC;IACrD,IAAI,OAAO,EAAE,CAAC;QACZ,OAAO,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAC3C,CAAC;IAED,+CAA+C;IAC/C,MAAM,OAAO,GAAG,oBAAoB,EAAE,CAAC;IACvC,IAAI,OAAO,EAAE,CAAC;QACZ,MAAM,QAAQ,GAAG,mBAAI,CAAC,SAAS,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC;QAC1D,IAAI,QAAQ,EAAE,CAAC;YACb,OAAO,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QAC5C,CAAC;IACH,CAAC;IAED,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAC;AACtE,CAAC;AAED;;;;;;;;;;;GAWG;AACH,SAAgB,eAAe,CAAC,IAAY,EAAE,SAAqB;IACjE,MAAM,GAAG,GAAG,WAAW,EAAE,CAAC;IAC1B,IAAI,CAAC;QACH,MAAM,UAAU,GAAG,OAAO,CAAC,IAAA,6BAAY,EAAC,GAAG,CAAC,EAAE,SAAS,CAAC,CAAC;QACzD,MAAM,gBAAgB,GAAG,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;QAC5C,OAAO,GAAG,eAAe,GAAG,UAAU,IAAI,gBAAgB,EAAE,CAAC;IAC/D,CAAC;YAAS,CAAC;QACT,uEAAuE;QACvE,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACd,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,SAAgB,eAAe,CAAC,aAAqB,EAAE,SAAqB;IAC1E,IAAI,CAAC,aAAa,CAAC,UAAU,CAAC,eAAe,CAAC,EAAE,CAAC;QAC/C,MAAM,IAAI,KAAK,CAAC,wDAAwD,CAAC,CAAC;IAC5E,CAAC;IACD,OAAO,uBAAuB,CAAC,aAAa,EAAE,SAAS,CAAC,CAAC;AAC3D,CAAC;AAED;;;GAGG;AACH,SAAS,uBAAuB,CAAC,aAAqB,EAAE,SAAqB;IAC3E,+DAA+D;IAC/D,yEAAyE;IACzE,gFAAgF;IAChF,MAAM,aAAa,GAAG,aAAa,CAAC,KAAK,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC;IAClE,MAAM,cAAc,GAAG,aAAa,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;IACtD,IAAI,cAAc,IAAI,CAAC,EAAE,CAAC;QACxB,MAAM,IAAI,KAAK,CAAC,wDAAwD,CAAC,CAAC;IAC5E,CAAC;IACD,MAAM,UAAU,GAAG,aAAa,CAAC,KAAK,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;IAC1D,MAAM,gBAAgB,GAAG,aAAa,CAAC,KAAK,CAAC,cAAc,GAAG,CAAC,CAAC,CAAC;IAEjE,IAAI,CAAC,UAAU,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACrC,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC;IACnE,CAAC;IAED,mEAAmE;IACnE,IAAI,SAAiB,CAAC;IACtB,IAAI,CAAC;QACH,SAAS,GAAG,OAAO,CAAC,UAAU,EAAE,SAAS,CAAC,CAAC;IAC7C,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAC;IACtE,CAAC;IAED,MAAM,GAAG,GAAG,IAAA,6BAAY,EAAC,SAAS,CAAC,CAAC;IACpC,IAAI,CAAC;QACH,6CAA6C;QAC7C,kEAAkE;QAClE,iEAAiE;QACjE,2BAA2B;QAC3B,MAAM,QAAQ,GAAG,IAAA,6BAAY,EAAC,gBAAgB,CAAC,CAAC;QAChD,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,mBAAI,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;QAC5D,MAAM,GAAG,GAAG,QAAQ,CAAC,KAAK,CAAC,mBAAI,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;QACvD,MAAM,OAAO,GAAG,mBAAI,CAAC,SAAS,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,EAAE,GAAG,CAAC,CAAC;QACrD,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,IAAI,KAAK,CAAC,uDAAuD,CAAC,CAAC;QAC3E,CAAC;QACD,OAAO,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAC3C,CAAC;YAAS,CAAC;QACT,iCAAiC;QACjC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAgB,UAAU,CAAC,GAAe,EAAE,SAAqB;IAC/D,OAAO,OAAO,CAAC,IAAA,6BAAY,EAAC,GAAG,CAAC,EAAE,SAAS,CAAC,CAAC;AAC/C,CAAC;AAED,SAAgB,UAAU,CAAC,YAAoB,EAAE,SAAqB;IACpE,MAAM,SAAS,GAAG,OAAO,CAAC,YAAY,EAAE,SAAS,CAAC,CAAC;IACnD,OAAO,IAAA,6BAAY,EAAC,SAAS,CAAC,CAAC;AACjC,CAAC;AAED,4EAA4E;AAC5E,gFAAgF;AAChF,IAAI,gBAAgB,GAAsB,IAAI,CAAC;AAE/C,SAAgB,YAAY;IAC1B,IAAI,gBAAgB;QAAE,OAAO,gBAAgB,CAAC,KAAK,EAAE,CAAC;IACtD,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC;IACnC,IAAI,CAAC,GAAG;QAAE,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAC;IACrE,gBAAgB,GAAG,IAAA,6BAAY,EAAC,GAAG,CAAC,CAAC;IACrC,OAAO,gBAAgB,CAAC,KAAK,EAAE,CAAC;AAClC,CAAC;AAED,uEAAuE;AACvE,IAAI,cAAc,GAAsB,IAAI,CAAC;AAC7C,IAAI,eAAe,GAAG,KAAK,CAAC;AAE5B,SAAgB,oBAAoB;IAClC,IAAI,eAAe;QAAE,OAAO,cAAc,CAAC,CAAC,CAAC,cAAc,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;IAC3E,eAAe,GAAG,IAAI,CAAC;IACvB,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC;IAC5C,IAAI,CAAC,GAAG;QAAE,OAAO,IAAI,CAAC;IACtB,cAAc,GAAG,IAAA,6BAAY,EAAC,GAAG,CAAC,CAAC;IACnC,OAAO,cAAc,CAAC,KAAK,EAAE,CAAC;AAChC,CAAC;AAED,sEAAsE;AACtE,SAAgB,eAAe;IAC7B,IAAI,gBAAgB,EAAE,CAAC;QACrB,gBAAgB,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACzB,gBAAgB,GAAG,IAAI,CAAC;IAC1B,CAAC;IACD,IAAI,cAAc,EAAE,CAAC;QACnB,cAAc,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACvB,cAAc,GAAG,IAAI,CAAC;IACxB,CAAC;IACD,eAAe,GAAG,KAAK,CAAC;AAC1B,CAAC;AAED,SAAgB,iBAAiB;IAC/B,OAAO,IAAA,6BAAY,EAAC,WAAW,EAAE,CAAC,CAAC;AACrC,CAAC;AAED,SAAgB,iBAAiB,CAC/B,OAAgC,EAChC,SAAqB;IAErB,MAAM,GAAG,GAAG,WAAW,EAAE,CAAC;IAC1B,IAAI,CAAC;QACH,MAAM,YAAY,GAAG,UAAU,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;QAChD,MAAM,gBAAgB,GAAG,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE,GAAG,CAAC,CAAC;QAC/D,OAAO,EAAE,YAAY,EAAE,gBAAgB,EAAE,CAAC;IAC5C,CAAC;YAAS,CAAC;QACT,uEAAuE;QACvE,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAgB,iBAAiB,CAC/B,YAAoB,EACpB,gBAAwB,EACxB,SAAqB;IAErB,MAAM,GAAG,GAAG,UAAU,CAAC,YAAY,EAAE,SAAS,CAAC,CAAC;IAChD,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,OAAO,CAAC,gBAAgB,EAAE,GAAG,CAAC,CAAC;QAC5C,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC1B,CAAC;YAAS,CAAC;QACT,iEAAiE;QACjE,qEAAqE;QACrE,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACd,CAAC;AACH,CAAC"}
+{"version":3,"file":"crypto.js","sourceRoot":"","sources":["../src/crypto.ts"],"names":[],"mappings":";;;;;AAYA,kCAEC;AAOD,0BAUC;AAYD,0BAwBC;AAcD,0CAUC;AAMD,0CAKC;AAkDD,gCAEC;AAED,gCAGC;AA0BD,oCAMC;AA0CD,sDAOC;AAGD,oDAEC;AAGD,0CAUC;AAED,8CAEC;AAED,8CAaC;AAED,8CAcC;AArSD,0DAA6B;AAC7B,mDAA4D;AAE5D;;;;;;GAMG;AACH,MAAM,eAAe,GAAG,OAAO,CAAC;AAEhC,SAAgB,WAAW;IACzB,OAAO,mBAAI,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;AAC9B,CAAC;AAED;;;;GAIG;AACH,SAAgB,OAAO,CAAC,IAAY,EAAE,GAAe;IACnD,MAAM,KAAK,GAAG,mBAAI,CAAC,WAAW,CAAC,mBAAI,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;IAC3D,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IAC/C,MAAM,GAAG,GAAG,mBAAI,CAAC,SAAS,CAAC,OAAO,EAAE,KAAK,EAAE,GAAG,CAAC,CAAC;IAEhD,MAAM,QAAQ,GAAG,IAAI,UAAU,CAAC,KAAK,CAAC,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC,CAAC;IAC3D,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;IACpB,QAAQ,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IAEhC,OAAO,IAAA,6BAAY,EAAC,QAAQ,CAAC,CAAC;AAChC,CAAC;AAED;;;;;;;;;GASG;AACH,SAAgB,OAAO,CAAC,aAAqB,EAAE,GAAe;IAC5D,4DAA4D;IAC5D,IAAI,aAAa,CAAC,UAAU,CAAC,eAAe,CAAC,EAAE,CAAC;QAC9C,OAAO,uBAAuB,CAAC,aAAa,EAAE,GAAG,CAAC,CAAC;IACrD,CAAC;IAED,yDAAyD;IACzD,MAAM,QAAQ,GAAG,IAAA,6BAAY,EAAC,aAAa,CAAC,CAAC;IAC7C,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,mBAAI,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;IAC5D,MAAM,GAAG,GAAG,QAAQ,CAAC,KAAK,CAAC,mBAAI,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;IAEvD,MAAM,OAAO,GAAG,mBAAI,CAAC,SAAS,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,EAAE,GAAG,CAAC,CAAC;IACrD,IAAI,OAAO,EAAE,CAAC;QACZ,OAAO,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAC3C,CAAC;IAED,wDAAwD;IACxD,oDAAoD;IACpD,KAAK,MAAM,OAAO,IAAI,qBAAqB,EAAE,EAAE,CAAC;QAC9C,MAAM,OAAO,GAAG,mBAAI,CAAC,SAAS,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC;QACzD,IAAI,OAAO;YAAE,OAAO,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IACxD,CAAC;IAED,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAC;AACtE,CAAC;AAED;;;;;;;;;;;GAWG;AACH,SAAgB,eAAe,CAAC,IAAY,EAAE,SAAqB;IACjE,MAAM,GAAG,GAAG,WAAW,EAAE,CAAC;IAC1B,IAAI,CAAC;QACH,MAAM,UAAU,GAAG,OAAO,CAAC,IAAA,6BAAY,EAAC,GAAG,CAAC,EAAE,SAAS,CAAC,CAAC;QACzD,MAAM,gBAAgB,GAAG,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;QAC5C,OAAO,GAAG,eAAe,GAAG,UAAU,IAAI,gBAAgB,EAAE,CAAC;IAC/D,CAAC;YAAS,CAAC;QACT,uEAAuE;QACvE,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACd,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,SAAgB,eAAe,CAAC,aAAqB,EAAE,SAAqB;IAC1E,IAAI,CAAC,aAAa,CAAC,UAAU,CAAC,eAAe,CAAC,EAAE,CAAC;QAC/C,MAAM,IAAI,KAAK,CAAC,wDAAwD,CAAC,CAAC;IAC5E,CAAC;IACD,OAAO,uBAAuB,CAAC,aAAa,EAAE,SAAS,CAAC,CAAC;AAC3D,CAAC;AAED;;;GAGG;AACH,SAAS,uBAAuB,CAAC,aAAqB,EAAE,SAAqB;IAC3E,+DAA+D;IAC/D,yEAAyE;IACzE,gFAAgF;IAChF,MAAM,aAAa,GAAG,aAAa,CAAC,KAAK,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC;IAClE,MAAM,cAAc,GAAG,aAAa,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;IACtD,IAAI,cAAc,IAAI,CAAC,EAAE,CAAC;QACxB,MAAM,IAAI,KAAK,CAAC,wDAAwD,CAAC,CAAC;IAC5E,CAAC;IACD,MAAM,UAAU,GAAG,aAAa,CAAC,KAAK,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;IAC1D,MAAM,gBAAgB,GAAG,aAAa,CAAC,KAAK,CAAC,cAAc,GAAG,CAAC,CAAC,CAAC;IAEjE,IAAI,CAAC,UAAU,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACrC,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC;IACnE,CAAC;IAED,mEAAmE;IACnE,IAAI,SAAiB,CAAC;IACtB,IAAI,CAAC;QACH,SAAS,GAAG,OAAO,CAAC,UAAU,EAAE,SAAS,CAAC,CAAC;IAC7C,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAC;IACtE,CAAC;IAED,MAAM,GAAG,GAAG,IAAA,6BAAY,EAAC,SAAS,CAAC,CAAC;IACpC,IAAI,CAAC;QACH,6CAA6C;QAC7C,kEAAkE;QAClE,iEAAiE;QACjE,2BAA2B;QAC3B,MAAM,QAAQ,GAAG,IAAA,6BAAY,EAAC,gBAAgB,CAAC,CAAC;QAChD,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,mBAAI,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;QAC5D,MAAM,GAAG,GAAG,QAAQ,CAAC,KAAK,CAAC,mBAAI,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;QACvD,MAAM,OAAO,GAAG,mBAAI,CAAC,SAAS,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,EAAE,GAAG,CAAC,CAAC;QACrD,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,IAAI,KAAK,CAAC,uDAAuD,CAAC,CAAC;QAC3E,CAAC;QACD,OAAO,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAC3C,CAAC;YAAS,CAAC;QACT,iCAAiC;QACjC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAgB,UAAU,CAAC,GAAe,EAAE,SAAqB;IAC/D,OAAO,OAAO,CAAC,IAAA,6BAAY,EAAC,GAAG,CAAC,EAAE,SAAS,CAAC,CAAC;AAC/C,CAAC;AAED,SAAgB,UAAU,CAAC,YAAoB,EAAE,SAAqB;IACpE,MAAM,SAAS,GAAG,OAAO,CAAC,YAAY,EAAE,SAAS,CAAC,CAAC;IACnD,OAAO,IAAA,6BAAY,EAAC,SAAS,CAAC,CAAC;AACjC,CAAC;AAED,4EAA4E;AAC5E,gFAAgF;AAChF,IAAI,gBAAgB,GAAsB,IAAI,CAAC;AAE/C;;4DAE4D;AAC5D,MAAM,oBAAoB,GAAG,EAAE,CAAC;AAEhC,SAAS,iBAAiB,CAAC,GAAW,EAAE,IAAY;IAClD,IAAI,OAAmB,CAAC;IACxB,IAAI,CAAC;QACH,OAAO,GAAG,IAAA,6BAAY,EAAC,GAAG,CAAC,CAAC;IAC9B,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,KAAK,CAAC,GAAG,IAAI,sBAAsB,CAAC,CAAC;IACjD,CAAC;IACD,IAAI,OAAO,CAAC,MAAM,KAAK,oBAAoB,EAAE,CAAC;QAC5C,MAAM,IAAI,KAAK,CACb,GAAG,IAAI,2BAA2B,oBAAoB,eAAe,OAAO,CAAC,MAAM,GAAG,CACvF,CAAC;IACJ,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAgB,YAAY;IAC1B,IAAI,gBAAgB;QAAE,OAAO,gBAAgB,CAAC,KAAK,EAAE,CAAC;IACtD,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC;IACnC,IAAI,CAAC,GAAG;QAAE,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAC;IACrE,gBAAgB,GAAG,iBAAiB,CAAC,GAAG,EAAE,YAAY,CAAC,CAAC;IACxD,OAAO,gBAAgB,CAAC,KAAK,EAAE,CAAC;AAClC,CAAC;AAED,wEAAwE;AACxE,wCAAwC;AACxC,gFAAgF;AAChF,oEAAoE;AACpE,QAAQ;AACR,oEAAoE;AACpE,EAAE;AACF,0EAA0E;AAC1E,uEAAuE;AACvE,yEAAyE;AACzE,mEAAmE;AACnE,EAAE;AACF,2EAA2E;AAC3E,0DAA0D;AAC1D,MAAM,iBAAiB,GAAG,CAAC,CAAC;AAC5B,MAAM,aAAa,GAAuC,IAAI,KAAK,CAAC,iBAAiB,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAElG,SAAS,kBAAkB,CAAC,IAAY;IACtC,qEAAqE;IACrE,OAAO,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,uBAAuB,IAAI,GAAG,CAAC,EAAE,CAAC;AAChF,CAAC;AAED,SAAS,mBAAmB,CAAC,IAAY;IACvC,MAAM,MAAM,GAAG,aAAa,CAAC,IAAI,CAAC,CAAC;IACnC,IAAI,MAAM,KAAK,OAAO;QAAE,OAAO,IAAI,CAAC;IACpC,IAAI,MAAM,YAAY,UAAU;QAAE,OAAO,MAAM,CAAC,KAAK,EAAE,CAAC;IACxD,MAAM,IAAI,GAAG,kBAAkB,CAAC,IAAI,CAAC,CAAC;IACtC,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IAC9B,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,aAAa,CAAC,IAAI,CAAC,GAAG,OAAO,CAAC;QAC9B,OAAO,IAAI,CAAC;IACd,CAAC;IACD,MAAM,GAAG,GAAG,iBAAiB,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;IACzC,aAAa,CAAC,IAAI,CAAC,GAAG,GAAG,CAAC;IAC1B,OAAO,GAAG,CAAC,KAAK,EAAE,CAAC;AACrB,CAAC;AAED;;GAEG;AACH,SAAgB,qBAAqB;IACnC,MAAM,GAAG,GAAiB,EAAE,CAAC;IAC7B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,iBAAiB,EAAE,CAAC,EAAE,EAAE,CAAC;QAC3C,MAAM,CAAC,GAAG,mBAAmB,CAAC,CAAC,CAAC,CAAC;QACjC,IAAI,CAAC;YAAE,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACrB,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,8EAA8E;AAC9E,SAAgB,oBAAoB;IAClC,OAAO,mBAAmB,CAAC,CAAC,CAAC,CAAC;AAChC,CAAC;AAED,sEAAsE;AACtE,SAAgB,eAAe;IAC7B,IAAI,gBAAgB,EAAE,CAAC;QACrB,gBAAgB,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACzB,gBAAgB,GAAG,IAAI,CAAC;IAC1B,CAAC;IACD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,iBAAiB,EAAE,CAAC,EAAE,EAAE,CAAC;QAC3C,MAAM,CAAC,GAAG,aAAa,CAAC,CAAC,CAAC,CAAC;QAC3B,IAAI,CAAC,YAAY,UAAU;YAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACvC,aAAa,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC;IAC1B,CAAC;AACH,CAAC;AAED,SAAgB,iBAAiB;IAC/B,OAAO,IAAA,6BAAY,EAAC,WAAW,EAAE,CAAC,CAAC;AACrC,CAAC;AAED,SAAgB,iBAAiB,CAC/B,OAAgC,EAChC,SAAqB;IAErB,MAAM,GAAG,GAAG,WAAW,EAAE,CAAC;IAC1B,IAAI,CAAC;QACH,MAAM,YAAY,GAAG,UAAU,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;QAChD,MAAM,gBAAgB,GAAG,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE,GAAG,CAAC,CAAC;QAC/D,OAAO,EAAE,YAAY,EAAE,gBAAgB,EAAE,CAAC;IAC5C,CAAC;YAAS,CAAC;QACT,uEAAuE;QACvE,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAgB,iBAAiB,CAC/B,YAAoB,EACpB,gBAAwB,EACxB,SAAqB;IAErB,MAAM,GAAG,GAAG,UAAU,CAAC,YAAY,EAAE,SAAS,CAAC,CAAC;IAChD,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,OAAO,CAAC,gBAAgB,EAAE,GAAG,CAAC,CAAC;QAC5C,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC1B,CAAC;YAAS,CAAC;QACT,iEAAiE;QACjE,qEAAqE;QACrE,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACd,CAAC;AACH,CAAC"}

package/dist/dns-pinning.d.ts

@@ -0,0 +1,28 @@
+import { type LookupOptions } from 'dns';
+import type { SsrfResolver } from './ssrf.js';
+/**
+ * DNS pinning for SSRF-safe server-side fetches. Canonical home for both the
+ * Runner connectors and the Web inline executor — previously this lived only
+ * in apps/runner and the inline path used unpinned global fetch, leaving a
+ * DNS-rebinding/TOCTOU window. Shared so there is one implementation.
+ *
+ * NOTE: this module imports Node's `dns` / `dns/promises` and is therefore
+ * server-only. Like `./ssrf.ts` it is NOT re-exported from `index.ts`; import
+ * it from the `agentlock-shared/dns-pinning` subpath in server-only code so
+ * Next.js client bundles never try to resolve the Node DNS imports.
+ */
+type DnsLookupCb = (err: NodeJS.ErrnoException | null, address: string, family: number) => void;
+export type PinnedLookup = ((hostname: string, options: LookupOptions, callback: DnsLookupCb) => void) & {
+    resolver: SsrfResolver;
+};
+export interface CreatePinnedLookupOptions {
+    servers?: string[];
+    preferFamily?: 4 | 6;
+}
+/**
+ * Cache the first resolved IP per hostname for the lifetime of the returned
+ * lookup function so validation and connect use the exact same DNS answer.
+ */
+export declare function createPinnedLookup(opts?: CreatePinnedLookupOptions): PinnedLookup;
+export {};
+//# sourceMappingURL=dns-pinning.d.ts.map

package/dist/dns-pinning.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"dns-pinning.d.ts","sourceRoot":"","sources":["../src/dns-pinning.ts"],"names":[],"mappings":"AAAA,OAAO,EAAuB,KAAK,aAAa,EAAE,MAAM,KAAK,CAAC;AAG9D,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,WAAW,CAAC;AAE9C;;;;;;;;;;GAUG;AAEH,KAAK,WAAW,GAAG,CAAC,GAAG,EAAE,MAAM,CAAC,cAAc,GAAG,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,KAAK,IAAI,CAAC;AAChG,MAAM,MAAM,YAAY,GAAG,CAAC,CAC1B,QAAQ,EAAE,MAAM,EAChB,OAAO,EAAE,aAAa,EACtB,QAAQ,EAAE,WAAW,KAClB,IAAI,CAAC,GAAG;IACX,QAAQ,EAAE,YAAY,CAAC;CACxB,CAAC;AAEF,MAAM,WAAW,yBAAyB;IACxC,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IACnB,YAAY,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC;CACtB;AAiCD;;;GAGG;AACH,wBAAgB,kBAAkB,CAAC,IAAI,GAAE,yBAA8B,GAAG,YAAY,CA6FrF"}

package/dist/dns-pinning.js

@@ -0,0 +1,113 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createPinnedLookup = createPinnedLookup;
+const dns_1 = require("dns");
+const promises_1 = require("dns/promises");
+const net_1 = require("net");
+const DNS_TIMEOUT_MS = 2_000;
+function withTimeout(promise, ms) {
+    return Promise.race([
+        promise,
+        new Promise((_, reject) => {
+            setTimeout(() => reject(new Error(`DNS lookup timed out after ${ms}ms`)), ms);
+        }),
+    ]);
+}
+function createLookupError(hostname) {
+    const err = new Error(`DNS resolution failed for ${hostname}`);
+    err.code = 'ENOTFOUND';
+    return err;
+}
+function normalizeRequestedFamily(family) {
+    if (family === 'IPv4')
+        return 4;
+    if (family === 'IPv6')
+        return 6;
+    return typeof family === 'number' ? family : 0;
+}
+function familyOrder(preferred, requestedFamily = 0) {
+    if (requestedFamily === 4 || requestedFamily === 6) {
+        return [requestedFamily];
+    }
+    if (preferred === 6)
+        return [6, 4];
+    return [4, 6];
+}
+/**
+ * Cache the first resolved IP per hostname for the lifetime of the returned
+ * lookup function so validation and connect use the exact same DNS answer.
+ */
+function createPinnedLookup(opts = {}) {
+    const cache = new Map();
+    const resolver = opts.servers && opts.servers.length > 0 ? new promises_1.Resolver() : null;
+    if (resolver && opts.servers) {
+        resolver.setServers(opts.servers);
+    }
+    const resolveOne = async (hostname, requestedFamily = 0) => {
+        const hit = cache.get(hostname);
+        if (hit)
+            return hit;
+        const literalFamily = (0, net_1.isIP)(hostname);
+        if (literalFamily) {
+            const literal = { address: hostname, family: literalFamily };
+            cache.set(hostname, literal);
+            return literal;
+        }
+        if (!resolver) {
+            for (const family of familyOrder(opts.preferFamily, requestedFamily)) {
+                try {
+                    const resolved = await withTimeout(new Promise((resolve, reject) => {
+                        (0, dns_1.lookup)(hostname, { family, all: false }, (err, address, resolvedFamily) => {
+                            if (err)
+                                return reject(err);
+                            resolve({ address, family: resolvedFamily });
+                        });
+                    }), DNS_TIMEOUT_MS);
+                    cache.set(hostname, resolved);
+                    return resolved;
+                }
+                catch {
+                    // Try the next family below.
+                }
+            }
+            throw createLookupError(hostname);
+        }
+        for (const family of familyOrder(opts.preferFamily, requestedFamily)) {
+            const answers = await withTimeout(family === 4
+                ? resolver.resolve4(hostname).catch(() => [])
+                : resolver.resolve6(hostname).catch(() => []), DNS_TIMEOUT_MS);
+            const address = answers[0];
+            if (address) {
+                const resolved = { address, family };
+                cache.set(hostname, resolved);
+                return resolved;
+            }
+        }
+        throw createLookupError(hostname);
+    };
+    const lookup = ((hostname, options, callback) => {
+        // Node >=20 / undici call a custom lookup with `{ all: true }` (Happy-Eyeballs
+        // auto-select-family) and then expect `callback(null, [{ address, family }])`.
+        // The legacy 3-arg `callback(null, address, family)` form silently fails there
+        // (undici throws "Invalid IP address: undefined"), which BOTH breaks name-based
+        // requests AND voids the DNS pin (the connect re-resolves). Honor both shapes.
+        const wantAll = options.all === true;
+        resolveOne(hostname, normalizeRequestedFamily(options.family))
+            .then(({ address, family }) => {
+            if (wantAll) {
+                callback(null, [{ address, family }]);
+            }
+            else {
+                callback(null, address, family);
+            }
+        })
+            .catch((err) => {
+            callback(err, '', 0);
+        });
+    });
+    lookup.resolver = (hostname) => resolveOne(hostname)
+        .then(({ address }) => [address])
+        .catch(() => []);
+    return lookup;
+}
+//# sourceMappingURL=dns-pinning.js.map

package/dist/dns-pinning.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"dns-pinning.js","sourceRoot":"","sources":["../src/dns-pinning.ts"],"names":[],"mappings":";;AAkEA,gDA6FC;AA/JD,6BAA8D;AAC9D,2CAAwC;AACxC,6BAA2B;AA6B3B,MAAM,cAAc,GAAG,KAAK,CAAC;AAE7B,SAAS,WAAW,CAAI,OAAmB,EAAE,EAAU;IACrD,OAAO,OAAO,CAAC,IAAI,CAAC;QAClB,OAAO;QACP,IAAI,OAAO,CAAI,CAAC,CAAC,EAAE,MAAM,EAAE,EAAE;YAC3B,UAAU,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,8BAA8B,EAAE,IAAI,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAChF,CAAC,CAAC;KACH,CAAC,CAAC;AACL,CAAC;AAED,SAAS,iBAAiB,CAAC,QAAgB;IACzC,MAAM,GAAG,GAAG,IAAI,KAAK,CAAC,6BAA6B,QAAQ,EAAE,CAA0B,CAAC;IACxF,GAAG,CAAC,IAAI,GAAG,WAAW,CAAC;IACvB,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,wBAAwB,CAAC,MAA2C;IAC3E,IAAI,MAAM,KAAK,MAAM;QAAE,OAAO,CAAC,CAAC;IAChC,IAAI,MAAM,KAAK,MAAM;QAAE,OAAO,CAAC,CAAC;IAChC,OAAO,OAAO,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;AACjD,CAAC;AAED,SAAS,WAAW,CAAC,SAAiB,EAAE,eAAe,GAAG,CAAC;IACzD,IAAI,eAAe,KAAK,CAAC,IAAI,eAAe,KAAK,CAAC,EAAE,CAAC;QACnD,OAAO,CAAC,eAAwB,CAAC,CAAC;IACpC,CAAC;IACD,IAAI,SAAS,KAAK,CAAC;QAAE,OAAO,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IACnC,OAAO,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;AAChB,CAAC;AAED;;;GAGG;AACH,SAAgB,kBAAkB,CAAC,OAAkC,EAAE;IACrE,MAAM,KAAK,GAAG,IAAI,GAAG,EAA+C,CAAC;IACrE,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,IAAI,IAAI,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,mBAAQ,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;IACjF,IAAI,QAAQ,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;QAC7B,QAAQ,CAAC,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACpC,CAAC;IAED,MAAM,UAAU,GAAG,KAAK,EACtB,QAAgB,EAChB,eAAe,GAAG,CAAC,EAC2B,EAAE;QAChD,MAAM,GAAG,GAAG,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QAChC,IAAI,GAAG;YAAE,OAAO,GAAG,CAAC;QAEpB,MAAM,aAAa,GAAG,IAAA,UAAI,EAAC,QAAQ,CAAC,CAAC;QACrC,IAAI,aAAa,EAAE,CAAC;YAClB,MAAM,OAAO,GAAG,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,aAAa,EAAE,CAAC;YAC7D,KAAK,CAAC,GAAG,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;YAC7B,OAAO,OAAO,CAAC;QACjB,CAAC;QAED,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,KAAK,MAAM,MAAM,IAAI,WAAW,CAAC,IAAI,CAAC,YAAY,EAAE,eAAe,CAAC,EAAE,CAAC;gBACrE,IAAI,CAAC;oBACH,MAAM,QAAQ,GAAG,MAAM,WAAW,CAChC,IAAI,OAAO,CAAsC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;wBACnE,IAAA,YAAS,EACP,QAAQ,EACR,EAAE,MAAM,EAAE,GAAG,EAAE,KAAc,EAAE,EAC/B,CAAC,GAAG,EAAE,OAAO,EAAE,cAAc,EAAE,EAAE;4BAC/B,IAAI,GAAG;gCAAE,OAAO,MAAM,CAAC,GAAG,CAAC,CAAC;4BAC5B,OAAO,CAAC,EAAE,OAAO,EAAE,MAAM,EAAE,cAAc,EAAE,CAAC,CAAC;wBAC/C,CAAC,CACF,CAAC;oBACJ,CAAC,CAAC,EACF,cAAc,CACf,CAAC;oBACF,KAAK,CAAC,GAAG,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;oBAC9B,OAAO,QAAQ,CAAC;gBAClB,CAAC;gBAAC,MAAM,CAAC;oBACP,6BAA6B;gBAC/B,CAAC;YACH,CAAC;YACD,MAAM,iBAAiB,CAAC,QAAQ,CAAC,CAAC;QACpC,CAAC;QAED,KAAK,MAAM,MAAM,IAAI,WAAW,CAAC,IAAI,CAAC,YAAY,EAAE,eAAe,CAAC,EAAE,CAAC;YACrE,MAAM,OAAO,GAAG,MAAM,WAAW,CAC/B,MAAM,KAAK,CAAC;gBACV,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAc,CAAC;gBACzD,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAc,CAAC,EAC3D,cAAc,CACf,CAAC;YACF,MAAM,OAAO,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;YAC3B,IAAI,OAAO,EAAE,CAAC;gBACZ,MAAM,QAAQ,GAAG,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC;gBACrC,KAAK,CAAC,GAAG,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;gBAC9B,OAAO,QAAQ,CAAC;YAClB,CAAC;QACH,CAAC;QAED,MAAM,iBAAiB,CAAC,QAAQ,CAAC,CAAC;IACpC,CAAC,CAAC;IAEF,MAAM,MAAM,GAAG,CAAC,CAAC,QAAgB,EAAE,OAAsB,EAAE,QAAqB,EAAE,EAAE;QAClF,+EAA+E;QAC/E,+EAA+E;QAC/E,+EAA+E;QAC/E,gFAAgF;QAChF,+EAA+E;QAC/E,MAAM,OAAO,GAAI,OAA6C,CAAC,GAAG,KAAK,IAAI,CAAC;QAC5E,UAAU,CAAC,QAAQ,EAAE,wBAAwB,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;aAC3D,IAAI,CAAC,CAAC,EAAE,OAAO,EAAE,MAAM,EAAE,EAAE,EAAE;YAC5B,IAAI,OAAO,EAAE,CAAC;gBACX,QAAwF,CACvF,IAAI,EACJ,CAAC,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC,CACtB,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,QAAQ,CAAC,IAAI,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;YAClC,CAAC;QACH,CAAC,CAAC;aACD,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;YACb,QAAQ,CAAC,GAA4B,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC;QAChD,CAAC,CAAC,CAAC;IACP,CAAC,CAAiB,CAAC;IAEnB,MAAM,CAAC,QAAQ,GAAG,CAAC,QAAgB,EAAE,EAAE,CACrC,UAAU,CAAC,QAAQ,CAAC;SACjB,IAAI,CAAC,CAAC,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC;SAChC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC;IAErB,OAAO,MAAM,CAAC;AAChB,CAAC"}

package/dist/index.d.ts

@@ -5,5 +5,11 @@ export * from './policy.js';
 export * from './redact.js';
 export * from './schemas.js';
 export * from './plans.js';
+export * from './billing.js';
 export * from './mcp-catalog.js';
+export * from './wireguard.js';
+export * from './regex-safety.js';
+export * from './sanitize.js';
+export * from './observability.js';
+export * from './ssh-fingerprint.js';
 //# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,YAAY,CAAC;AAC3B,cAAc,aAAa,CAAC;AAC5B,cAAc,cAAc,CAAC;AAC7B,cAAc,aAAa,CAAC;AAC5B,cAAc,aAAa,CAAC;AAC5B,cAAc,cAAc,CAAC;AAC7B,cAAc,YAAY,CAAC;AAC3B,cAAc,kBAAkB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,YAAY,CAAC;AAC3B,cAAc,aAAa,CAAC;AAC5B,cAAc,cAAc,CAAC;AAC7B,cAAc,aAAa,CAAC;AAC5B,cAAc,aAAa,CAAC;AAC5B,cAAc,cAAc,CAAC;AAC7B,cAAc,YAAY,CAAC;AAC3B,cAAc,cAAc,CAAC;AAC7B,cAAc,kBAAkB,CAAC;AACjC,cAAc,gBAAgB,CAAC;AAC/B,cAAc,mBAAmB,CAAC;AAIlC,cAAc,eAAe,CAAC;AAC9B,cAAc,oBAAoB,CAAC;AACnC,cAAc,sBAAsB,CAAC"}

package/dist/index.js

@@ -21,5 +21,14 @@ __exportStar(require("./policy.js"), exports);
 __exportStar(require("./redact.js"), exports);
 __exportStar(require("./schemas.js"), exports);
 __exportStar(require("./plans.js"), exports);
+__exportStar(require("./billing.js"), exports);
 __exportStar(require("./mcp-catalog.js"), exports);
+__exportStar(require("./wireguard.js"), exports);
+__exportStar(require("./regex-safety.js"), exports);
+// ssrf.ts is intentionally NOT re-exported here — it imports Node's
+// `dns/promises`, which Next.js client bundles can't resolve. Server-only
+// callers should import from the `agentlock-shared/ssrf` subpath directly.
+__exportStar(require("./sanitize.js"), exports);
+__exportStar(require("./observability.js"), exports);
+__exportStar(require("./ssh-fingerprint.js"), exports);
 //# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,6CAA2B;AAC3B,8CAA4B;AAC5B,+CAA6B;AAC7B,8CAA4B;AAC5B,8CAA4B;AAC5B,+CAA6B;AAC7B,6CAA2B;AAC3B,mDAAiC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,6CAA2B;AAC3B,8CAA4B;AAC5B,+CAA6B;AAC7B,8CAA4B;AAC5B,8CAA4B;AAC5B,+CAA6B;AAC7B,6CAA2B;AAC3B,+CAA6B;AAC7B,mDAAiC;AACjC,iDAA+B;AAC/B,oDAAkC;AAClC,oEAAoE;AACpE,0EAA0E;AAC1E,2EAA2E;AAC3E,gDAA8B;AAC9B,qDAAmC;AACnC,uDAAqC"}

package/dist/llm-classifier-cache-store.d.ts

@@ -0,0 +1,49 @@
+import type { LLMClassification } from './types.js';
+/**
+ * Storage abstraction for cached LLM classifications. Two implementations
+ * exist:
+ *
+ * 1. {@link InMemoryCacheStore} — the default, used in tests and as a
+ *    fallback when no durable store has been injected. Survives as long
+ *    as the process is alive, but not across cold starts or scale-out.
+ * 2. A Supabase-backed adapter (see `apps/web/src/lib/classifier-cache-store.ts`)
+ *    that is wired in at module load time by the gateway handler.
+ *
+ * Privacy guarantee (see `buildCacheKey` in llm-classifier-cache.ts): the
+ * cache key is a SHA-256 hash of (tool_name + payload shape). Neither the
+ * key nor the stored classification contains actual payload values.
+ *
+ * All methods MUST swallow infrastructure errors and return null (for
+ * `get`) or resolve silently (for `set`). The classifier treats a cache
+ * error identically to a cache miss, and the LLM will be called again —
+ * this is the same graceful-degradation pattern used by `classifyWithLLM`
+ * when the LLM itself errors or times out.
+ */
+export interface CacheStore {
+    get(key: string): Promise<(Omit<LLMClassification, 'cached'> & {
+        cached: true;
+    }) | null>;
+    set(key: string, classification: Omit<LLMClassification, 'cached'>): Promise<void>;
+}
+export interface InMemoryCacheStoreOptions {
+    /** Time-to-live for cache entries. Defaults to 24 hours. */
+    ttlMs?: number;
+}
+export declare class InMemoryCacheStore implements CacheStore {
+    private readonly map;
+    private readonly ttlMs;
+    constructor(options?: InMemoryCacheStoreOptions);
+    get(key: string): Promise<(Omit<LLMClassification, 'cached'> & {
+        cached: true;
+    }) | null>;
+    set(key: string, classification: Omit<LLMClassification, 'cached'>): Promise<void>;
+    /** Current entry count. Intended for tests and metrics. */
+    size(): number;
+    /** Empty the cache. Intended for tests and manual ops. */
+    clear(): void;
+}
+export declare function setClassifierCacheStore(store: CacheStore): void;
+export declare function getClassifierCacheStore(): CacheStore;
+/** Test-only: drop any injected store and clear the default in-memory store. */
+export declare function resetClassifierCacheStoreForTest(): void;
+//# sourceMappingURL=llm-classifier-cache-store.d.ts.map

package/dist/llm-classifier-cache-store.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"llm-classifier-cache-store.d.ts","sourceRoot":"","sources":["../src/llm-classifier-cache-store.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAEpD;;;;;;;;;;;;;;;;;;;GAmBG;AACH,MAAM,WAAW,UAAU;IACzB,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,CAAC,IAAI,CAAC,iBAAiB,EAAE,QAAQ,CAAC,GAAG;QAAE,MAAM,EAAE,IAAI,CAAA;KAAE,CAAC,GAAG,IAAI,CAAC,CAAC;IACzF,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,cAAc,EAAE,IAAI,CAAC,iBAAiB,EAAE,QAAQ,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CACpF;AAWD,MAAM,WAAW,yBAAyB;IACxC,4DAA4D;IAC5D,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAID,qBAAa,kBAAmB,YAAW,UAAU;IACnD,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAoC;IACxD,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAS;gBAEnB,OAAO,GAAE,yBAA8B;IAI7C,GAAG,CACP,GAAG,EAAE,MAAM,GACV,OAAO,CAAC,CAAC,IAAI,CAAC,iBAAiB,EAAE,QAAQ,CAAC,GAAG;QAAE,MAAM,EAAE,IAAI,CAAA;KAAE,CAAC,GAAG,IAAI,CAAC;IAUnE,GAAG,CACP,GAAG,EAAE,MAAM,EACX,cAAc,EAAE,IAAI,CAAC,iBAAiB,EAAE,QAAQ,CAAC,GAChD,OAAO,CAAC,IAAI,CAAC;IAIhB,2DAA2D;IAC3D,IAAI,IAAI,MAAM;IAId,0DAA0D;IAC1D,KAAK,IAAI,IAAI;CAGd;AAaD,wBAAgB,uBAAuB,CAAC,KAAK,EAAE,UAAU,GAAG,IAAI,CAE/D;AAED,wBAAgB,uBAAuB,IAAI,UAAU,CAIpD;AAED,gFAAgF;AAChF,wBAAgB,gCAAgC,IAAI,IAAI,CAIvD"}

package/dist/llm-classifier-cache-store.js

@@ -0,0 +1,63 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.InMemoryCacheStore = void 0;
+exports.setClassifierCacheStore = setClassifierCacheStore;
+exports.getClassifierCacheStore = getClassifierCacheStore;
+exports.resetClassifierCacheStoreForTest = resetClassifierCacheStoreForTest;
+const DEFAULT_TTL_MS = 24 * 60 * 60 * 1000;
+class InMemoryCacheStore {
+    map = new Map();
+    ttlMs;
+    constructor(options = {}) {
+        this.ttlMs = options.ttlMs ?? DEFAULT_TTL_MS;
+    }
+    async get(key) {
+        const entry = this.map.get(key);
+        if (!entry)
+            return null;
+        if (Date.now() - entry.cachedAt >= this.ttlMs) {
+            this.map.delete(key);
+            return null;
+        }
+        return { ...entry.classification, cached: true };
+    }
+    async set(key, classification) {
+        this.map.set(key, { classification, cachedAt: Date.now() });
+    }
+    /** Current entry count. Intended for tests and metrics. */
+    size() {
+        return this.map.size;
+    }
+    /** Empty the cache. Intended for tests and manual ops. */
+    clear() {
+        this.map.clear();
+    }
+}
+exports.InMemoryCacheStore = InMemoryCacheStore;
+// ---------------------------------------------------------------------------
+// Module-level singleton
+// ---------------------------------------------------------------------------
+// The gateway handler calls `setClassifierCacheStore(new SupabaseCacheStore())`
+// at module load. Tests use `resetClassifierCacheStoreForTest()` to go back
+// to a fresh InMemoryCacheStore. Anything that does not inject a store gets
+// the default in-memory implementation.
+let injected = null;
+let defaultStore = null;
+function setClassifierCacheStore(store) {
+    injected = store;
+}
+function getClassifierCacheStore() {
+    if (injected)
+        return injected;
+    if (!defaultStore)
+        defaultStore = new InMemoryCacheStore();
+    return defaultStore;
+}
+/** Test-only: drop any injected store and clear the default in-memory store. */
+function resetClassifierCacheStoreForTest() {
+    injected = null;
+    if (defaultStore)
+        defaultStore.clear();
+    defaultStore = null;
+}
+//# sourceMappingURL=llm-classifier-cache-store.js.map

package/dist/llm-classifier-cache-store.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"llm-classifier-cache-store.js","sourceRoot":"","sources":["../src/llm-classifier-cache-store.ts"],"names":[],"mappings":";;;AA4FA,0DAEC;AAED,0DAIC;AAGD,4EAIC;AAlED,MAAM,cAAc,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;AAE3C,MAAa,kBAAkB;IACZ,GAAG,GAAG,IAAI,GAAG,EAAyB,CAAC;IACvC,KAAK,CAAS;IAE/B,YAAY,UAAqC,EAAE;QACjD,IAAI,CAAC,KAAK,GAAG,OAAO,CAAC,KAAK,IAAI,cAAc,CAAC;IAC/C,CAAC;IAED,KAAK,CAAC,GAAG,CACP,GAAW;QAEX,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAChC,IAAI,CAAC,KAAK;YAAE,OAAO,IAAI,CAAC;QACxB,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC,QAAQ,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YAC9C,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YACrB,OAAO,IAAI,CAAC;QACd,CAAC;QACD,OAAO,EAAE,GAAG,KAAK,CAAC,cAAc,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC;IACnD,CAAC;IAED,KAAK,CAAC,GAAG,CACP,GAAW,EACX,cAAiD;QAEjD,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;IAC9D,CAAC;IAED,2DAA2D;IAC3D,IAAI;QACF,OAAO,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC;IACvB,CAAC;IAED,0DAA0D;IAC1D,KAAK;QACH,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC;IACnB,CAAC;CACF;AApCD,gDAoCC;AAED,8EAA8E;AAC9E,yBAAyB;AACzB,8EAA8E;AAC9E,gFAAgF;AAChF,4EAA4E;AAC5E,4EAA4E;AAC5E,wCAAwC;AAExC,IAAI,QAAQ,GAAsB,IAAI,CAAC;AACvC,IAAI,YAAY,GAA8B,IAAI,CAAC;AAEnD,SAAgB,uBAAuB,CAAC,KAAiB;IACvD,QAAQ,GAAG,KAAK,CAAC;AACnB,CAAC;AAED,SAAgB,uBAAuB;IACrC,IAAI,QAAQ;QAAE,OAAO,QAAQ,CAAC;IAC9B,IAAI,CAAC,YAAY;QAAE,YAAY,GAAG,IAAI,kBAAkB,EAAE,CAAC;IAC3D,OAAO,YAAY,CAAC;AACtB,CAAC;AAED,gFAAgF;AAChF,SAAgB,gCAAgC;IAC9C,QAAQ,GAAG,IAAI,CAAC;IAChB,IAAI,YAAY;QAAE,YAAY,CAAC,KAAK,EAAE,CAAC;IACvC,YAAY,GAAG,IAAI,CAAC;AACtB,CAAC"}

package/dist/llm-classifier-cache.d.ts

@@ -0,0 +1,6 @@
+/**
+ * Compute a stable cache key from the (lowercased) tool name and the
+ * payload shape. Output is a 32-char hex digest.
+ */
+export declare function buildCacheKey(tool: string, payload: Record<string, unknown>): string;
+//# sourceMappingURL=llm-classifier-cache.d.ts.map

package/dist/llm-classifier-cache.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"llm-classifier-cache.d.ts","sourceRoot":"","sources":["../src/llm-classifier-cache.ts"],"names":[],"mappings":"AAwCA;;;GAGG;AACH,wBAAgB,aAAa,CAC3B,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAC/B,MAAM,CAGR"}

package/dist/llm-classifier-cache.js

@@ -0,0 +1,52 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.buildCacheKey = buildCacheKey;
+const crypto_1 = require("crypto");
+/**
+ * Shape-keyed cache key for LLM risk classifications. Keys are derived
+ * from the SHAPE of the payload, not its values — see the Phase 1 doc
+ * for the rationale. The actual storage of cached entries lives in
+ * `llm-classifier-cache-store.ts`.
+ *
+ * Properties:
+ *
+ * 1. **Privacy**: payload values never enter the cache key.
+ * 2. **Efficiency**: two calls to `notion.delete_page` with different page
+ *    IDs resolve to the same cache entry.
+ * 3. **Stability**: key ordering doesn't matter, so `{a:1,b:2}` and
+ *    `{b:2,a:1}` hit the same entry.
+ */
+/**
+ * Recursively extract the "shape" of a value: key names and nested
+ * structure, with all leaf values replaced by a generic sentinel.
+ */
+function extractShape(value, depth = 0) {
+    if (depth > 3)
+        return '<deep>';
+    if (value === null)
+        return null;
+    if (value === undefined)
+        return undefined;
+    if (Array.isArray(value)) {
+        return value.length > 0 ? [extractShape(value[0], depth + 1)] : [];
+    }
+    if (typeof value === 'object') {
+        const obj = value;
+        const sorted = Object.keys(obj).sort();
+        const out = {};
+        for (const k of sorted) {
+            out[k] = extractShape(obj[k], depth + 1);
+        }
+        return out;
+    }
+    return '<value>';
+}
+/**
+ * Compute a stable cache key from the (lowercased) tool name and the
+ * payload shape. Output is a 32-char hex digest.
+ */
+function buildCacheKey(tool, payload) {
+    const normalized = `${tool.toLowerCase()}|${JSON.stringify(extractShape(payload))}`;
+    return (0, crypto_1.createHash)('sha256').update(normalized).digest('hex').slice(0, 32);
+}
+//# sourceMappingURL=llm-classifier-cache.js.map

package/dist/llm-classifier-cache.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"llm-classifier-cache.js","sourceRoot":"","sources":["../src/llm-classifier-cache.ts"],"names":[],"mappings":";;AA4CA,sCAMC;AAlDD,mCAAoC;AAEpC;;;;;;;;;;;;;GAaG;AAEH;;;GAGG;AACH,SAAS,YAAY,CAAC,KAAc,EAAE,KAAK,GAAG,CAAC;IAC7C,IAAI,KAAK,GAAG,CAAC;QAAE,OAAO,QAAQ,CAAC;IAC/B,IAAI,KAAK,KAAK,IAAI;QAAE,OAAO,IAAI,CAAC;IAChC,IAAI,KAAK,KAAK,SAAS;QAAE,OAAO,SAAS,CAAC;IAC1C,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;IACrE,CAAC;IACD,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,MAAM,GAAG,GAAG,KAAgC,CAAC;QAC7C,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;QACvC,MAAM,GAAG,GAA4B,EAAE,CAAC;QACxC,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE,CAAC;YACvB,GAAG,CAAC,CAAC,CAAC,GAAG,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,KAAK,GAAG,CAAC,CAAC,CAAC;QAC3C,CAAC;QACD,OAAO,GAAG,CAAC;IACb,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;;GAGG;AACH,SAAgB,aAAa,CAC3B,IAAY,EACZ,OAAgC;IAEhC,MAAM,UAAU,GAAG,GAAG,IAAI,CAAC,WAAW,EAAE,IAAI,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC;IACpF,OAAO,IAAA,mBAAU,EAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;AAC5E,CAAC"}

package/dist/llm-classifier.d.ts

@@ -0,0 +1,29 @@
+import type { LLMClassification } from './types.js';
+export interface ClassifyOptions {
+    /** Hard cap on how long to wait for the LLM. Defaults to 800ms. */
+    timeoutMs?: number;
+}
+type ClassifierFn = (tool: string, payload: Record<string, unknown>) => Promise<Omit<LLMClassification, 'cached'> | null>;
+/** Test-only: replace the classifier implementation. Pass null to reset. */
+export declare function __setClassifierForTest(fn: ClassifierFn | null): void;
+/**
+ * Strip values from a payload, keeping only keys and type descriptors.
+ * Separate from the cache-key version because we want slightly more detail
+ * for the LLM (it sees type names, not just `<string>`).
+ */
+/**
+ * Exported for unit-test verification of the privacy guarantee. Not part of
+ * the stable public API — treat as internal.
+ * @internal
+ */
+export declare function shapeOnly(value: unknown, depth?: number): unknown;
+/**
+ * Classify a tool call using the LLM. Returns null if the classifier is
+ * disabled (no API key), fails, or times out. Results are cached by
+ * tool + payload shape for the default TTL (24h).
+ *
+ * This function NEVER throws — all errors are caught and turned into null.
+ */
+export declare function classifyWithLLM(tool: string, payload: Record<string, unknown>, options?: ClassifyOptions): Promise<LLMClassification | null>;
+export {};
+//# sourceMappingURL=llm-classifier.d.ts.map

package/dist/llm-classifier.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"llm-classifier.d.ts","sourceRoot":"","sources":["../src/llm-classifier.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAmCpD,MAAM,WAAW,eAAe;IAC9B,mEAAmE;IACnE,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AASD,KAAK,YAAY,GAAG,CAClB,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAC7B,OAAO,CAAC,IAAI,CAAC,iBAAiB,EAAE,QAAQ,CAAC,GAAG,IAAI,CAAC,CAAC;AAIvD,4EAA4E;AAC5E,wBAAgB,sBAAsB,CAAC,EAAE,EAAE,YAAY,GAAG,IAAI,GAAG,IAAI,CAEpE;AAmED;;;;GAIG;AAOH;;;;GAIG;AACH,wBAAgB,SAAS,CAAC,KAAK,EAAE,OAAO,EAAE,KAAK,SAAI,GAAG,OAAO,CAiB5D;AAMD;;;;;;GAMG;AACH,wBAAsB,eAAe,CACnC,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAChC,OAAO,GAAE,eAAoB,GAC5B,OAAO,CAAC,iBAAiB,GAAG,IAAI,CAAC,CAkDnC"}