ai-shield-core 0.1.0 → 0.2.0

package/dist/cost/anomaly.js

@@ -1,12 +1,9 @@
-"use strict";
 // ============================================================
 // Cost Anomaly Detection — Z-Score based
 // Flags unusual spending patterns
 // ============================================================
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.detectAnomaly = detectAnomaly;
 /** Detect anomalies using z-score (>2.5 standard deviations = anomaly) */
-function detectAnomaly(currentValue, historicalValues, threshold = 2.5) {
+export function detectAnomaly(currentValue, historicalValues, threshold = 2.5) {
     if (historicalValues.length < 3) {
         // Not enough data to determine anomaly
         return {

package/dist/cost/pricing.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"pricing.d.ts","sourceRoot":"","sources":["../../src/cost/pricing.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAOhD,eAAO,MAAM,aAAa,EAAE,MAAM,CAAC,MAAM,EAAE,YAAY,CAsBtD,CAAC;AAEF,6DAA6D;AAC7D,wBAAgB,eAAe,CAAC,KAAK,EAAE,MAAM,GAAG,YAAY,CAY3D;AAED,iDAAiD;AACjD,wBAAgB,YAAY,CAC1B,KAAK,EAAE,MAAM,EACb,WAAW,EAAE,MAAM,EACnB,YAAY,EAAE,MAAM,GACnB,MAAM,CAMR"}
+{"version":3,"file":"pricing.d.ts","sourceRoot":"","sources":["../../src/cost/pricing.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAShD,eAAO,MAAM,aAAa,EAAE,MAAM,CAAC,MAAM,EAAE,YAAY,CAwBtD,CAAC;AAEF,6DAA6D;AAC7D,wBAAgB,eAAe,CAAC,KAAK,EAAE,MAAM,GAAG,YAAY,CAY3D;AAED,iDAAiD;AACjD,wBAAgB,YAAY,CAC1B,KAAK,EAAE,MAAM,EACb,WAAW,EAAE,MAAM,EACnB,YAAY,EAAE,MAAM,GACnB,MAAM,CAMR"}

package/dist/cost/pricing.js

@@ -1,13 +1,10 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.MODEL_PRICING = void 0;
-exports.getModelPricing = getModelPricing;
-exports.estimateCost = estimateCost;
 // ============================================================
-// Model Pricing Table — Updated Feb 2026
-// Prices in USD per 1M tokens
+// Model Pricing Table — Updated April 2026
+// Prices in USD per 1M tokens.
+// Includes `cachedInputPer1M` for providers that support prompt caching
+// (Anthropic cache reads land at ~10% of standard input rate).
 // ============================================================
-exports.MODEL_PRICING = {
+export const MODEL_PRICING = {
     // OpenAI
     "gpt-5.2": { inputPer1M: 2.50, outputPer1M: 10.0 },
     "gpt-5.1": { inputPer1M: 2.50, outputPer1M: 10.0 },
@@ -18,24 +15,26 @@ exports.MODEL_PRICING = {
     "o3": { inputPer1M: 10.0, outputPer1M: 40.0 },
     "o3-mini": { inputPer1M: 1.10, outputPer1M: 4.40 },
     "o4-mini": { inputPer1M: 1.10, outputPer1M: 4.40 },
-    // Anthropic
-    "claude-opus-4-6": { inputPer1M: 15.0, outputPer1M: 75.0 },
-    "claude-sonnet-4-6": { inputPer1M: 3.0, outputPer1M: 15.0 },
-    "claude-haiku-4-5": { inputPer1M: 0.80, outputPer1M: 4.0 },
+    // Anthropic — April 2026 line-up (Opus 4.7, Sonnet 4.6, Haiku 4.5)
+    "claude-opus-4-7": { inputPer1M: 15.0, outputPer1M: 75.0, cachedInputPer1M: 1.50 },
+    "claude-opus-4-6": { inputPer1M: 15.0, outputPer1M: 75.0, cachedInputPer1M: 1.50 },
+    "claude-sonnet-4-6": { inputPer1M: 3.0, outputPer1M: 15.0, cachedInputPer1M: 0.30 },
+    "claude-sonnet-4-5": { inputPer1M: 3.0, outputPer1M: 15.0, cachedInputPer1M: 0.30 },
+    "claude-haiku-4-5": { inputPer1M: 0.80, outputPer1M: 4.0, cachedInputPer1M: 0.08 },
     // Aliases
     "gpt-5.2-turbo": { inputPer1M: 2.50, outputPer1M: 10.0 },
-    opus: { inputPer1M: 15.0, outputPer1M: 75.0 },
-    sonnet: { inputPer1M: 3.0, outputPer1M: 15.0 },
-    haiku: { inputPer1M: 0.80, outputPer1M: 4.0 },
+    opus: { inputPer1M: 15.0, outputPer1M: 75.0, cachedInputPer1M: 1.50 },
+    sonnet: { inputPer1M: 3.0, outputPer1M: 15.0, cachedInputPer1M: 0.30 },
+    haiku: { inputPer1M: 0.80, outputPer1M: 4.0, cachedInputPer1M: 0.08 },
 };
 /** Get pricing for a model, fallback to gpt-4o-mini rates */
-function getModelPricing(model) {
+export function getModelPricing(model) {
     // Try exact match
-    const exact = exports.MODEL_PRICING[model];
+    const exact = MODEL_PRICING[model];
     if (exact)
         return exact;
     // Try prefix match (e.g., "gpt-4o-2024-08-06" → "gpt-4o")
-    for (const [key, pricing] of Object.entries(exports.MODEL_PRICING)) {
+    for (const [key, pricing] of Object.entries(MODEL_PRICING)) {
         if (model.startsWith(key))
             return pricing;
     }
@@ -43,7 +42,7 @@ function getModelPricing(model) {
     return { inputPer1M: 0.15, outputPer1M: 0.60 };
 }
 /** Estimate cost for a given number of tokens */
-function estimateCost(model, inputTokens, outputTokens) {
+export function estimateCost(model, inputTokens, outputTokens) {
     const pricing = getModelPricing(model);
     return ((inputTokens / 1_000_000) * pricing.inputPer1M +
         (outputTokens / 1_000_000) * pricing.outputPer1M);

package/dist/cost/tracker.d.ts

@@ -5,15 +5,33 @@ export interface RedisLike {
     incrbyfloat(key: string, increment: number): Promise<string>;
     expire(key: string, seconds: number): Promise<number>;
 }
+export interface CostTrackerOptions {
+    /**
+     * Cap on in-memory CostRecord retention (ring-buffer).
+     * Default: 10_000. Set to 0 to disable record retention entirely
+     * (use this in long-running processes that only care about budget
+     * counters, not per-request records).
+     * Override via env: AI_SHIELD_MAX_RECORDS.
+     */
+    maxRecords?: number;
+}
 export declare class CostTracker {
     private store;
     private budgets;
     private records;
-    constructor(budgets?: Record<string, BudgetConfig>, redis?: RedisLike);
+    private maxRecords;
+    constructor(budgets?: Record<string, BudgetConfig>, redis?: RedisLike, options?: CostTrackerOptions);
     /** Check if a request is within budget BEFORE sending to LLM */
     checkBudget(entityId: string, model: string, estimatedInputTokens: number, estimatedOutputTokens?: number): Promise<BudgetCheckResult>;
     /** Record actual cost AFTER receiving response */
     recordCost(entityId: string, model: string, inputTokens: number, outputTokens: number): Promise<CostRecord>;
+    /**
+     * Append a record with ring-buffer semantics to prevent unbounded memory growth.
+     * When maxRecords is 0, records are not retained.
+     */
+    private appendRecord;
+    /** Clear all in-memory records (e.g., after export) */
+    clearRecords(): void;
     /** Get current spend for an entity */
     getCurrentSpend(entityId: string): Promise<number>;
     /** Get all recorded costs (for export/audit) */

package/dist/cost/tracker.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"tracker.d.ts","sourceRoot":"","sources":["../../src/cost/tracker.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,YAAY,EACZ,iBAAiB,EAEjB,UAAU,EACX,MAAM,aAAa,CAAC;AASrB,wDAAwD;AACxD,MAAM,WAAW,SAAS;IACxB,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IACzC,WAAW,CAAC,GAAG,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAC7D,MAAM,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;CACvD;AAgCD,qBAAa,WAAW;IACtB,OAAO,CAAC,KAAK,CAAY;IACzB,OAAO,CAAC,OAAO,CAA4B;IAC3C,OAAO,CAAC,OAAO,CAAoB;gBAGjC,OAAO,GAAE,MAAM,CAAC,MAAM,EAAE,YAAY,CAAM,EAC1C,KAAK,CAAC,EAAE,SAAS;IAMnB,gEAAgE;IAC1D,WAAW,CACf,QAAQ,EAAE,MAAM,EAChB,KAAK,EAAE,MAAM,EACb,oBAAoB,EAAE,MAAM,EAC5B,qBAAqB,GAAE,MAAY,GAClC,OAAO,CAAC,iBAAiB,CAAC;IAgC7B,kDAAkD;IAC5C,UAAU,CACd,QAAQ,EAAE,MAAM,EAChB,KAAK,EAAE,MAAM,EACb,WAAW,EAAE,MAAM,EACnB,YAAY,EAAE,MAAM,GACnB,OAAO,CAAC,UAAU,CAAC;IA+BtB,sCAAsC;IAChC,eAAe,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAOxD,gDAAgD;IAChD,UAAU,IAAI,UAAU,EAAE;IAI1B,OAAO,CAAC,SAAS;IAmBjB,OAAO,CAAC,aAAa;CAUtB"}
+{"version":3,"file":"tracker.d.ts","sourceRoot":"","sources":["../../src/cost/tracker.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,YAAY,EACZ,iBAAiB,EAEjB,UAAU,EACX,MAAM,aAAa,CAAC;AASrB,wDAAwD;AACxD,MAAM,WAAW,SAAS;IACxB,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IACzC,WAAW,CAAC,GAAG,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAC7D,MAAM,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;CACvD;AAgCD,MAAM,WAAW,kBAAkB;IACjC;;;;;;OAMG;IACH,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,qBAAa,WAAW;IACtB,OAAO,CAAC,KAAK,CAAY;IACzB,OAAO,CAAC,OAAO,CAA4B;IAC3C,OAAO,CAAC,OAAO,CAAoB;IACnC,OAAO,CAAC,UAAU,CAAS;gBAGzB,OAAO,GAAE,MAAM,CAAC,MAAM,EAAE,YAAY,CAAM,EAC1C,KAAK,CAAC,EAAE,SAAS,EACjB,OAAO,GAAE,kBAAuB;IAQlC,gEAAgE;IAC1D,WAAW,CACf,QAAQ,EAAE,MAAM,EAChB,KAAK,EAAE,MAAM,EACb,oBAAoB,EAAE,MAAM,EAC5B,qBAAqB,GAAE,MAAY,GAClC,OAAO,CAAC,iBAAiB,CAAC;IAgC7B,kDAAkD;IAC5C,UAAU,CACd,QAAQ,EAAE,MAAM,EAChB,KAAK,EAAE,MAAM,EACb,WAAW,EAAE,MAAM,EACnB,YAAY,EAAE,MAAM,GACnB,OAAO,CAAC,UAAU,CAAC;IA+BtB;;;OAGG;IACH,OAAO,CAAC,YAAY;IAUpB,uDAAuD;IACvD,YAAY,IAAI,IAAI;IAIpB,sCAAsC;IAChC,eAAe,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAOxD,gDAAgD;IAChD,UAAU,IAAI,UAAU,EAAE;IAI1B,OAAO,CAAC,SAAS;IAmBjB,OAAO,CAAC,aAAa;CAUtB"}

package/dist/cost/tracker.js

@@ -1,7 +1,4 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.CostTracker = void 0;
-const pricing_js_1 = require("./pricing.js");
+import { estimateCost } from "./pricing.js";
 /** In-memory fallback store */
 class MemoryStore {
     data = new Map();
@@ -30,13 +27,16 @@ class MemoryStore {
         return 1;
     }
 }
-class CostTracker {
+export class CostTracker {
     store;
     budgets;
     records = [];
-    constructor(budgets = {}, redis) {
+    maxRecords;
+    constructor(budgets = {}, redis, options = {}) {
         this.store = redis ?? new MemoryStore();
         this.budgets = new Map(Object.entries(budgets));
+        const envCap = Number(process.env.AI_SHIELD_MAX_RECORDS);
+        this.maxRecords = options.maxRecords ?? (Number.isFinite(envCap) && envCap >= 0 ? envCap : 10_000);
     }
     /** Check if a request is within budget BEFORE sending to LLM */
     async checkBudget(entityId, model, estimatedInputTokens, estimatedOutputTokens = 500) {
@@ -44,7 +44,7 @@ class CostTracker {
         if (!budget) {
             return { allowed: true, currentSpend: 0, remainingBudget: Infinity };
         }
-        const estimated = (0, pricing_js_1.estimateCost)(model, estimatedInputTokens, estimatedOutputTokens);
+        const estimated = estimateCost(model, estimatedInputTokens, estimatedOutputTokens);
         const key = this.budgetKey(entityId, budget.period);
         const currentSpend = parseFloat((await this.store.get(key)) ?? "0");
         if (currentSpend + estimated > budget.hardLimit) {
@@ -67,7 +67,7 @@ class CostTracker {
     }
     /** Record actual cost AFTER receiving response */
     async recordCost(entityId, model, inputTokens, outputTokens) {
-        const cost = (0, pricing_js_1.estimateCost)(model, inputTokens, outputTokens);
+        const cost = estimateCost(model, inputTokens, outputTokens);
         const record = {
             entityId,
             model,
@@ -90,9 +90,27 @@ class CostTracker {
             await this.store.incrbyfloat(globalKey, cost);
             await this.store.expire(globalKey, this.periodSeconds(globalBudget.period) * 2);
         }
-        this.records.push(record);
+        this.appendRecord(record);
         return record;
     }
+    /**
+     * Append a record with ring-buffer semantics to prevent unbounded memory growth.
+     * When maxRecords is 0, records are not retained.
+     */
+    appendRecord(record) {
+        if (this.maxRecords === 0)
+            return;
+        this.records.push(record);
+        if (this.records.length > this.maxRecords) {
+            // Drop oldest entries — O(1) amortized using splice(0, overflow)
+            const overflow = this.records.length - this.maxRecords;
+            this.records.splice(0, overflow);
+        }
+    }
+    /** Clear all in-memory records (e.g., after export) */
+    clearRecords() {
+        this.records.length = 0;
+    }
     /** Get current spend for an entity */
     async getCurrentSpend(entityId) {
         const budget = this.budgets.get(entityId);
@@ -132,5 +150,4 @@ class CostTracker {
         }
     }
 }
-exports.CostTracker = CostTracker;
 //# sourceMappingURL=tracker.js.map

package/dist/index.d.ts

@@ -3,16 +3,45 @@ export { HeuristicScanner, type HeuristicConfig } from "./scanner/heuristic.js";
 export { PIIScanner } from "./scanner/pii.js";
 export { ScannerChain, type ChainConfig } from "./scanner/chain.js";
 export { injectCanary, checkCanaryLeak } from "./scanner/canary.js";
+export { IngestionScanner, scanIngested, trustTierForSource, type IngestionScannerConfig, type IngestionScanResult, } from "./scanner/ingestion.js";
+export { wrapContext, scanWrappedContext, assemblePrompt, flattenViolations, type WrapContextInput, type AssembleOptions, } from "./context/wrap-context.js";
+export { mintMemoryCanary, verifyMemoryCanary, rotateMemoryCanary, buildSentinelEntry, bulkVerify, type MintMemoryCanaryOptions, } from "./canary/memory.js";
 export { PolicyEngine, type PolicyPreset } from "./policy/engine.js";
 export { ToolPolicyScanner } from "./policy/tools.js";
+export { CircuitBreakerRegistry, makeBreakerScope, type CircuitBreakerOptions, } from "./policy/circuit-breaker.js";
 export { CostTracker, type RedisLike } from "./cost/tracker.js";
 export { detectAnomaly, type AnomalyResult } from "./cost/anomaly.js";
 export { getModelPricing, estimateCost, MODEL_PRICING } from "./cost/pricing.js";
 export { AuditLogger, ConsoleAuditStore, MemoryAuditStore } from "./audit/logger.js";
 export type { AuditStore } from "./audit/types.js";
 export { ScanLRUCache, type LRUCacheConfig } from "./cache/lru.js";
-export type { ScanDecision, ScanResult, ScannerResult, Scanner, ScanContext, Violation, ViolationType, PIIType, PIIAction, PIIEntity, PIIConfig, ToolCall, ToolPermissions, ToolPolicy, ToolManifestPin, BudgetPeriod, BudgetConfig, CostEstimate, CostRecord, BudgetCheckResult, ModelPricing, AuditRecord, AuditConfig, ShieldConfig, InjectionConfig, CostConfig, CacheConfig, ToolConfig, PresetName, } from "./types.js";
+export type { ScanDecision, ScanResult, ScannerResult, Scanner, ScanContext, Violation, ViolationType, IngestionSource, TrustTier, ContextSegment, WrappedContext, MemoryCanaryEntry, MemoryCanaryVerification, CircuitState, CircuitBreakerConfig, CircuitBreakerDecision, CounterStoreLike, PIIType, PIIAction, PIIEntity, PIIConfig, ToolCall, ToolPermissions, ToolPolicy, ToolManifestPin, BudgetPeriod, BudgetConfig, CostEstimate, CostRecord, BudgetCheckResult, ModelPricing, AuditRecord, AuditConfig, ShieldConfig, InjectionConfig, CostConfig, CacheConfig, ToolConfig, PresetName, } from "./types.js";
 import type { ShieldConfig, ScanResult, ScanContext } from "./types.js";
-/** Quick scan — one line, maximum protection */
+/**
+ * Quick scan — one line, maximum protection.
+ *
+ * **Performance warning:** This creates a new AIShield instance on every call.
+ * For production use with multiple calls, create a single `new AIShield(config)`
+ * instance and reuse it — this avoids repeated scanner chain setup and teardown.
+ *
+ * Use `createShieldSingleton()` for a cached version that reuses a single instance.
+ */
 export declare function shield(input: string, configOrContext?: ShieldConfig | ScanContext): Promise<ScanResult>;
+/**
+ * Create a cached shield function that reuses a single AIShield instance.
+ * Much better performance than `shield()` for repeated calls.
+ *
+ * @example
+ * ```ts
+ * const scan = createShieldSingleton({ injection: { strictness: "high" } });
+ * const r1 = await scan("input 1");
+ * const r2 = await scan("input 2");
+ * // Call scan.close() when done (e.g., on process exit)
+ * await scan.close();
+ * ```
+ */
+export declare function createShieldSingleton(config?: ShieldConfig): {
+    (input: string, context?: ScanContext): Promise<ScanResult>;
+    close(): Promise<void>;
+};
 //# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AAGvC,OAAO,EAAE,gBAAgB,EAAE,KAAK,eAAe,EAAE,MAAM,wBAAwB,CAAC;AAChF,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAC9C,OAAO,EAAE,YAAY,EAAE,KAAK,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACpE,OAAO,EAAE,YAAY,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAC;AAGpE,OAAO,EAAE,YAAY,EAAE,KAAK,YAAY,EAAE,MAAM,oBAAoB,CAAC;AACrE,OAAO,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAGtD,OAAO,EAAE,WAAW,EAAE,KAAK,SAAS,EAAE,MAAM,mBAAmB,CAAC;AAChE,OAAO,EAAE,aAAa,EAAE,KAAK,aAAa,EAAE,MAAM,mBAAmB,CAAC;AACtE,OAAO,EAAE,eAAe,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC;AAGjF,OAAO,EAAE,WAAW,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;AACrF,YAAY,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAGnD,OAAO,EAAE,YAAY,EAAE,KAAK,cAAc,EAAE,MAAM,gBAAgB,CAAC;AAGnE,YAAY,EAEV,YAAY,EACZ,UAAU,EACV,aAAa,EACb,OAAO,EACP,WAAW,EACX,SAAS,EACT,aAAa,EAEb,OAAO,EACP,SAAS,EACT,SAAS,EACT,SAAS,EAET,QAAQ,EACR,eAAe,EACf,UAAU,EACV,eAAe,EAEf,YAAY,EACZ,YAAY,EACZ,YAAY,EACZ,UAAU,EACV,iBAAiB,EACjB,YAAY,EAEZ,WAAW,EACX,WAAW,EAEX,YAAY,EACZ,eAAe,EACf,UAAU,EACV,WAAW,EACX,UAAU,EACV,UAAU,GACX,MAAM,YAAY,CAAC;AAKpB,OAAO,KAAK,EAAE,YAAY,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAExE,gDAAgD;AAChD,wBAAsB,MAAM,CAC1B,KAAK,EAAE,MAAM,EACb,eAAe,CAAC,EAAE,YAAY,GAAG,WAAW,GAC3C,OAAO,CAAC,UAAU,CAAC,CAarB"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AAGvC,OAAO,EAAE,gBAAgB,EAAE,KAAK,eAAe,EAAE,MAAM,wBAAwB,CAAC;AAChF,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAC9C,OAAO,EAAE,YAAY,EAAE,KAAK,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACpE,OAAO,EAAE,YAAY,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAC;AACpE,OAAO,EACL,gBAAgB,EAChB,YAAY,EACZ,kBAAkB,EAClB,KAAK,sBAAsB,EAC3B,KAAK,mBAAmB,GACzB,MAAM,wBAAwB,CAAC;AAGhC,OAAO,EACL,WAAW,EACX,kBAAkB,EAClB,cAAc,EACd,iBAAiB,EACjB,KAAK,gBAAgB,EACrB,KAAK,eAAe,GACrB,MAAM,2BAA2B,CAAC;AAGnC,OAAO,EACL,gBAAgB,EAChB,kBAAkB,EAClB,kBAAkB,EAClB,kBAAkB,EAClB,UAAU,EACV,KAAK,uBAAuB,GAC7B,MAAM,oBAAoB,CAAC;AAG5B,OAAO,EAAE,YAAY,EAAE,KAAK,YAAY,EAAE,MAAM,oBAAoB,CAAC;AACrE,OAAO,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AACtD,OAAO,EACL,sBAAsB,EACtB,gBAAgB,EAChB,KAAK,qBAAqB,GAC3B,MAAM,6BAA6B,CAAC;AAGrC,OAAO,EAAE,WAAW,EAAE,KAAK,SAAS,EAAE,MAAM,mBAAmB,CAAC;AAChE,OAAO,EAAE,aAAa,EAAE,KAAK,aAAa,EAAE,MAAM,mBAAmB,CAAC;AACtE,OAAO,EAAE,eAAe,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC;AAGjF,OAAO,EAAE,WAAW,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;AACrF,YAAY,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAGnD,OAAO,EAAE,YAAY,EAAE,KAAK,cAAc,EAAE,MAAM,gBAAgB,CAAC;AAGnE,YAAY,EAEV,YAAY,EACZ,UAAU,EACV,aAAa,EACb,OAAO,EACP,WAAW,EACX,SAAS,EACT,aAAa,EAEb,eAAe,EACf,SAAS,EACT,cAAc,EACd,cAAc,EAEd,iBAAiB,EACjB,wBAAwB,EAExB,YAAY,EACZ,oBAAoB,EACpB,sBAAsB,EACtB,gBAAgB,EAEhB,OAAO,EACP,SAAS,EACT,SAAS,EACT,SAAS,EAET,QAAQ,EACR,eAAe,EACf,UAAU,EACV,eAAe,EAEf,YAAY,EACZ,YAAY,EACZ,YAAY,EACZ,UAAU,EACV,iBAAiB,EACjB,YAAY,EAEZ,WAAW,EACX,WAAW,EAEX,YAAY,EACZ,eAAe,EACf,UAAU,EACV,WAAW,EACX,UAAU,EACV,UAAU,GACX,MAAM,YAAY,CAAC;AAKpB,OAAO,KAAK,EAAE,YAAY,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAExE;;;;;;;;GAQG;AACH,wBAAsB,MAAM,CAC1B,KAAK,EAAE,MAAM,EACb,eAAe,CAAC,EAAE,YAAY,GAAG,WAAW,GAC3C,OAAO,CAAC,UAAU,CAAC,CAarB;AAED;;;;;;;;;;;;GAYG;AACH,wBAAgB,qBAAqB,CAAC,MAAM,GAAE,YAAiB,GAAG;IAChE,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,WAAW,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC;IAC5D,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;CACxB,CAUA"}

package/dist/index.js

@@ -1,54 +1,47 @@
-"use strict";
 // ============================================================
 // ai-shield-core — Public API
 // ============================================================
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.ScanLRUCache = exports.MemoryAuditStore = exports.ConsoleAuditStore = exports.AuditLogger = exports.MODEL_PRICING = exports.estimateCost = exports.getModelPricing = exports.detectAnomaly = exports.CostTracker = exports.ToolPolicyScanner = exports.PolicyEngine = exports.checkCanaryLeak = exports.injectCanary = exports.ScannerChain = exports.PIIScanner = exports.HeuristicScanner = exports.AIShield = void 0;
-exports.shield = shield;
 // Main class
-var shield_js_1 = require("./shield.js");
-Object.defineProperty(exports, "AIShield", { enumerable: true, get: function () { return shield_js_1.AIShield; } });
+export { AIShield } from "./shield.js";
 // Scanners (for custom chain building)
-var heuristic_js_1 = require("./scanner/heuristic.js");
-Object.defineProperty(exports, "HeuristicScanner", { enumerable: true, get: function () { return heuristic_js_1.HeuristicScanner; } });
-var pii_js_1 = require("./scanner/pii.js");
-Object.defineProperty(exports, "PIIScanner", { enumerable: true, get: function () { return pii_js_1.PIIScanner; } });
-var chain_js_1 = require("./scanner/chain.js");
-Object.defineProperty(exports, "ScannerChain", { enumerable: true, get: function () { return chain_js_1.ScannerChain; } });
-var canary_js_1 = require("./scanner/canary.js");
-Object.defineProperty(exports, "injectCanary", { enumerable: true, get: function () { return canary_js_1.injectCanary; } });
-Object.defineProperty(exports, "checkCanaryLeak", { enumerable: true, get: function () { return canary_js_1.checkCanaryLeak; } });
+export { HeuristicScanner } from "./scanner/heuristic.js";
+export { PIIScanner } from "./scanner/pii.js";
+export { ScannerChain } from "./scanner/chain.js";
+export { injectCanary, checkCanaryLeak } from "./scanner/canary.js";
+export { IngestionScanner, scanIngested, trustTierForSource, } from "./scanner/ingestion.js";
+// Context / Trust-Tier
+export { wrapContext, scanWrappedContext, assemblePrompt, flattenViolations, } from "./context/wrap-context.js";
+// Memory Canary / Persistence-Poisoning
+export { mintMemoryCanary, verifyMemoryCanary, rotateMemoryCanary, buildSentinelEntry, bulkVerify, } from "./canary/memory.js";
 // Policy
-var engine_js_1 = require("./policy/engine.js");
-Object.defineProperty(exports, "PolicyEngine", { enumerable: true, get: function () { return engine_js_1.PolicyEngine; } });
-var tools_js_1 = require("./policy/tools.js");
-Object.defineProperty(exports, "ToolPolicyScanner", { enumerable: true, get: function () { return tools_js_1.ToolPolicyScanner; } });
+export { PolicyEngine } from "./policy/engine.js";
+export { ToolPolicyScanner } from "./policy/tools.js";
+export { CircuitBreakerRegistry, makeBreakerScope, } from "./policy/circuit-breaker.js";
 // Cost
-var tracker_js_1 = require("./cost/tracker.js");
-Object.defineProperty(exports, "CostTracker", { enumerable: true, get: function () { return tracker_js_1.CostTracker; } });
-var anomaly_js_1 = require("./cost/anomaly.js");
-Object.defineProperty(exports, "detectAnomaly", { enumerable: true, get: function () { return anomaly_js_1.detectAnomaly; } });
-var pricing_js_1 = require("./cost/pricing.js");
-Object.defineProperty(exports, "getModelPricing", { enumerable: true, get: function () { return pricing_js_1.getModelPricing; } });
-Object.defineProperty(exports, "estimateCost", { enumerable: true, get: function () { return pricing_js_1.estimateCost; } });
-Object.defineProperty(exports, "MODEL_PRICING", { enumerable: true, get: function () { return pricing_js_1.MODEL_PRICING; } });
+export { CostTracker } from "./cost/tracker.js";
+export { detectAnomaly } from "./cost/anomaly.js";
+export { getModelPricing, estimateCost, MODEL_PRICING } from "./cost/pricing.js";
 // Audit
-var logger_js_1 = require("./audit/logger.js");
-Object.defineProperty(exports, "AuditLogger", { enumerable: true, get: function () { return logger_js_1.AuditLogger; } });
-Object.defineProperty(exports, "ConsoleAuditStore", { enumerable: true, get: function () { return logger_js_1.ConsoleAuditStore; } });
-Object.defineProperty(exports, "MemoryAuditStore", { enumerable: true, get: function () { return logger_js_1.MemoryAuditStore; } });
+export { AuditLogger, ConsoleAuditStore, MemoryAuditStore } from "./audit/logger.js";
 // Cache
-var lru_js_1 = require("./cache/lru.js");
-Object.defineProperty(exports, "ScanLRUCache", { enumerable: true, get: function () { return lru_js_1.ScanLRUCache; } });
+export { ScanLRUCache } from "./cache/lru.js";
 // --- Convenience function ---
-const shield_js_2 = require("./shield.js");
-/** Quick scan — one line, maximum protection */
-async function shield(input, configOrContext) {
+import { AIShield } from "./shield.js";
+/**
+ * Quick scan — one line, maximum protection.
+ *
+ * **Performance warning:** This creates a new AIShield instance on every call.
+ * For production use with multiple calls, create a single `new AIShield(config)`
+ * instance and reuse it — this avoids repeated scanner chain setup and teardown.
+ *
+ * Use `createShieldSingleton()` for a cached version that reuses a single instance.
+ */
+export async function shield(input, configOrContext) {
     // Detect if second arg is config or context
     const isConfig = configOrContext && ("injection" in configOrContext || "pii" in configOrContext || "cost" in configOrContext || "preset" in configOrContext && typeof configOrContext.preset === "string" && !("agentId" in configOrContext));
     const config = isConfig ? configOrContext : {};
     const context = isConfig ? {} : configOrContext ?? {};
-    const instance = new shield_js_2.AIShield(config);
+    const instance = new AIShield(config);
     try {
         return await instance.scan(input, context);
     }
@@ -56,4 +49,25 @@ async function shield(input, configOrContext) {
         await instance.close();
     }
 }
+/**
+ * Create a cached shield function that reuses a single AIShield instance.
+ * Much better performance than `shield()` for repeated calls.
+ *
+ * @example
+ * ```ts
+ * const scan = createShieldSingleton({ injection: { strictness: "high" } });
+ * const r1 = await scan("input 1");
+ * const r2 = await scan("input 2");
+ * // Call scan.close() when done (e.g., on process exit)
+ * await scan.close();
+ * ```
+ */
+export function createShieldSingleton(config = {}) {
+    const instance = new AIShield(config);
+    const scan = (input, context) => {
+        return instance.scan(input, context);
+    };
+    scan.close = () => instance.close();
+    return scan;
+}
 //# sourceMappingURL=index.js.map

package/dist/policy/circuit-breaker.d.ts

@@ -0,0 +1,70 @@
+import type { CircuitBreakerConfig, CircuitBreakerDecision, CircuitState, CounterStoreLike, ScanContext, ToolCall, ViolationType } from "../types.js";
+export interface CircuitBreakerOptions {
+    /** Optional distributed counter store (ioredis-compatible). */
+    counterStore?: CounterStoreLike;
+    /**
+     * Cap on the number of (tool, scope) pairs tracked in-process.
+     * Prevents unbounded growth in long-lived runtimes. Default: 5_000.
+     * Override via env `AI_SHIELD_CIRCUIT_MAX_KEYS`.
+     */
+    maxKeys?: number;
+}
+/**
+ * Registry of breakers keyed by `${tool}::${scope}`. The registry
+ * owns config + state; per-(tool, scope) breakers are created lazily.
+ */
+export declare class CircuitBreakerRegistry {
+    private configs;
+    private states;
+    /**
+     * Reserved for distributed-counter mode (e.g. cross-replica state).
+     * The in-process path is the supported v0.2 surface; the store is
+     * accepted so callers wiring up an `ioredis`-shaped backend get a
+     * stable constructor option, and downstream releases can swap the
+     * internal accounting to use it without breaking the API.
+     */
+    protected readonly store: CounterStoreLike;
+    private readonly maxKeys;
+    constructor(configs?: CircuitBreakerConfig[], options?: CircuitBreakerOptions);
+    /** Configure (or re-configure) a breaker. Idempotent. */
+    configure(config: CircuitBreakerConfig): void;
+    /**
+     * Check whether a tool call is allowed. Records the attempt either
+     * way; callers must invoke `recordSuccess()`/`recordFailure()` AFTER
+     * the actual call so anomaly counts stay honest.
+     */
+    check(tool: ToolCall, context?: ScanContext): Promise<CircuitBreakerDecision>;
+    /** Record a successful tool invocation. Closes a half-open breaker. */
+    recordSuccess(toolName: string, context?: ScanContext): void;
+    /**
+     * Record a failed tool invocation. Trips the breaker once
+     * `failureThreshold` failures accumulate within the window.
+     */
+    recordFailure(toolName: string, context?: ScanContext): void;
+    /** Manually force a breaker into a state — useful for tests / ops. */
+    trip(toolName: string, scope?: string): void;
+    reset(toolName: string, scope?: string): void;
+    /** Inspect current state — for dashboards / audit. */
+    inspect(toolName: string, scope?: string): {
+        state: CircuitState;
+        callsInWindow: number;
+        writesInWindow: number;
+        failuresInWindow: number;
+    } | null;
+    /** Suggested ViolationType for a denied decision — useful in audit logs. */
+    static violationType(decision: CircuitBreakerDecision): ViolationType;
+    private getOrInitState;
+}
+/**
+ * Build the scope string the circuit breaker uses internally for a
+ * given (agentId, sessionId) pair. Exposed so callers of `inspect()`,
+ * `trip()`, and `reset()` don't have to know the separator convention.
+ *
+ * @example
+ * ```ts
+ * const scope = makeBreakerScope("agent-a", "session-1");
+ * const snap = registry.inspect("delete_user", scope);
+ * ```
+ */
+export declare function makeBreakerScope(agentId?: string, sessionId?: string): string;
+//# sourceMappingURL=circuit-breaker.d.ts.map

package/dist/policy/circuit-breaker.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"circuit-breaker.d.ts","sourceRoot":"","sources":["../../src/policy/circuit-breaker.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,oBAAoB,EACpB,sBAAsB,EACtB,YAAY,EACZ,gBAAgB,EAChB,WAAW,EACX,QAAQ,EACR,aAAa,EACd,MAAM,aAAa,CAAC;AAiFrB,MAAM,WAAW,qBAAqB;IACpC,+DAA+D;IAC/D,YAAY,CAAC,EAAE,gBAAgB,CAAC;IAChC;;;;OAIG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED;;;GAGG;AACH,qBAAa,sBAAsB;IACjC,OAAO,CAAC,OAAO,CAAqD;IACpE,OAAO,CAAC,MAAM,CAAoC;IAClD;;;;;;OAMG;IACH,SAAS,CAAC,QAAQ,CAAC,KAAK,EAAE,gBAAgB,CAAC;IAC3C,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAS;gBAG/B,OAAO,GAAE,oBAAoB,EAAO,EACpC,OAAO,GAAE,qBAA0B;IAYrC,yDAAyD;IACzD,SAAS,CAAC,MAAM,EAAE,oBAAoB,GAAG,IAAI;IAiB7C;;;;OAIG;IACG,KAAK,CACT,IAAI,EAAE,QAAQ,EACd,OAAO,GAAE,WAAgB,GACxB,OAAO,CAAC,sBAAsB,CAAC;IAsIlC,uEAAuE;IACvE,aAAa,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,GAAE,WAAgB,GAAG,IAAI;IAWhE;;;OAGG;IACH,aAAa,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,GAAE,WAAgB,GAAG,IAAI;IAgBhE,sEAAsE;IACtE,IAAI,CAAC,QAAQ,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI;IAO5C,KAAK,CAAC,QAAQ,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI;IAK7C,sDAAsD;IACtD,OAAO,CAAC,QAAQ,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,MAAM,GAAG;QACzC,KAAK,EAAE,YAAY,CAAC;QACpB,aAAa,EAAE,MAAM,CAAC;QACtB,cAAc,EAAE,MAAM,CAAC;QACvB,gBAAgB,EAAE,MAAM,CAAC;KAC1B,GAAG,IAAI;IAeR,4EAA4E;IAC5E,MAAM,CAAC,aAAa,CAAC,QAAQ,EAAE,sBAAsB,GAAG,aAAa;IAUrE,OAAO,CAAC,cAAc;CA2BvB;AAsBD;;;;;;;;;;GAUG;AACH,wBAAgB,gBAAgB,CAC9B,OAAO,CAAC,EAAE,MAAM,EAChB,SAAS,CAAC,EAAE,MAAM,GACjB,MAAM,CAKR"}