ai-shield-core 0.1.0

package/dist/audit/logger.d.ts

@@ -0,0 +1,40 @@
+import type { AuditRecord, ScanResult, ScanContext } from "../types.js";
+import type { AuditStore } from "./types.js";
+export interface AuditLoggerConfig {
+    store: AuditStore;
+    batchSize?: number;
+    flushIntervalMs?: number;
+}
+export declare class AuditLogger {
+    private store;
+    private buffer;
+    private batchSize;
+    private flushTimer;
+    constructor(config: AuditLoggerConfig);
+    /** Log a scan result */
+    log(input: string, result: ScanResult, context?: ScanContext, extra?: {
+        model?: string;
+        outputTokenCount?: number;
+        toolsCalled?: string[];
+        costUsd?: number;
+    }): Promise<void>;
+    /** Flush buffered records to store */
+    flush(): Promise<void>;
+    /** Close the logger (flush + stop timer) */
+    close(): Promise<void>;
+}
+export declare class ConsoleAuditStore implements AuditStore {
+    write(record: AuditRecord): Promise<void>;
+    writeBatch(records: AuditRecord[]): Promise<void>;
+    flush(): Promise<void>;
+    close(): Promise<void>;
+    private print;
+}
+export declare class MemoryAuditStore implements AuditStore {
+    records: AuditRecord[];
+    write(record: AuditRecord): Promise<void>;
+    writeBatch(records: AuditRecord[]): Promise<void>;
+    flush(): Promise<void>;
+    close(): Promise<void>;
+}
+//# sourceMappingURL=logger.d.ts.map

package/dist/audit/logger.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"logger.d.ts","sourceRoot":"","sources":["../../src/audit/logger.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,WAAW,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AACxE,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAO7C,MAAM,WAAW,iBAAiB;IAChC,KAAK,EAAE,UAAU,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,eAAe,CAAC,EAAE,MAAM,CAAC;CAC1B;AAED,qBAAa,WAAW;IACtB,OAAO,CAAC,KAAK,CAAa;IAC1B,OAAO,CAAC,MAAM,CAAqB;IACnC,OAAO,CAAC,SAAS,CAAS;IAC1B,OAAO,CAAC,UAAU,CAA+C;gBAErD,MAAM,EAAE,iBAAiB;IAUrC,wBAAwB;IAClB,GAAG,CACP,KAAK,EAAE,MAAM,EACb,MAAM,EAAE,UAAU,EAClB,OAAO,GAAE,WAAgB,EACzB,KAAK,GAAE;QACL,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,gBAAgB,CAAC,EAAE,MAAM,CAAC;QAC1B,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;QACvB,OAAO,CAAC,EAAE,MAAM,CAAC;KACb,GACL,OAAO,CAAC,IAAI,CAAC;IA+BhB,sCAAsC;IAChC,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAO5B,4CAA4C;IACtC,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;CAQ7B;AAID,qBAAa,iBAAkB,YAAW,UAAU;IAC5C,KAAK,CAAC,MAAM,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC;IAIzC,UAAU,CAAC,OAAO,EAAE,WAAW,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC;IAIjD,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IACtB,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAE5B,OAAO,CAAC,KAAK;CAUd;AAID,qBAAa,gBAAiB,YAAW,UAAU;IACjD,OAAO,EAAE,WAAW,EAAE,CAAM;IAEtB,KAAK,CAAC,MAAM,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC;IAIzC,UAAU,CAAC,OAAO,EAAE,WAAW,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC;IAIjD,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IACtB,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;CAC7B"}

package/dist/audit/logger.js

@@ -0,0 +1,100 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.MemoryAuditStore = exports.ConsoleAuditStore = exports.AuditLogger = void 0;
+const node_crypto_1 = require("node:crypto");
+const node_crypto_2 = require("node:crypto");
+class AuditLogger {
+    store;
+    buffer = [];
+    batchSize;
+    flushTimer = null;
+    constructor(config) {
+        this.store = config.store;
+        this.batchSize = config.batchSize ?? 100;
+        const flushMs = config.flushIntervalMs ?? 1000;
+        this.flushTimer = setInterval(() => {
+            void this.flush();
+        }, flushMs);
+    }
+    /** Log a scan result */
+    async log(input, result, context = {}, extra = {}) {
+        const record = {
+            id: (0, node_crypto_1.randomUUID)(),
+            timestamp: new Date(),
+            sessionId: context.sessionId,
+            agentId: context.agentId,
+            userIdHash: context.userId
+                ? (0, node_crypto_2.createHash)("sha256").update(context.userId).digest("hex").substring(0, 16)
+                : undefined,
+            requestType: context.tools?.length ? "tool_call" : "chat",
+            inputHash: (0, node_crypto_2.createHash)("sha256").update(input).digest("hex"),
+            inputTokenCount: Math.ceil(input.length / 4), // rough estimate
+            model: extra.model,
+            securityDecision: result.decision,
+            securityReason: result.violations.length > 0
+                ? result.violations.map((v) => v.message).join("; ")
+                : undefined,
+            violations: result.violations,
+            scanDurationMs: result.meta.scanDurationMs,
+            outputTokenCount: extra.outputTokenCount,
+            toolsCalled: extra.toolsCalled,
+            costUsd: extra.costUsd,
+        };
+        this.buffer.push(record);
+        if (this.buffer.length >= this.batchSize) {
+            await this.flush();
+        }
+    }
+    /** Flush buffered records to store */
+    async flush() {
+        if (this.buffer.length === 0)
+            return;
+        const batch = this.buffer.splice(0);
+        await this.store.writeBatch(batch);
+    }
+    /** Close the logger (flush + stop timer) */
+    async close() {
+        if (this.flushTimer) {
+            clearInterval(this.flushTimer);
+            this.flushTimer = null;
+        }
+        await this.flush();
+        await this.store.close();
+    }
+}
+exports.AuditLogger = AuditLogger;
+// --- Console Store (for development) ---
+class ConsoleAuditStore {
+    async write(record) {
+        this.print(record);
+    }
+    async writeBatch(records) {
+        for (const record of records)
+            this.print(record);
+    }
+    async flush() { }
+    async close() { }
+    print(record) {
+        const icon = record.securityDecision === "block" ? "BLOCK" : record.securityDecision === "warn" ? "WARN " : "ALLOW";
+        const violations = record.violations.length > 0
+            ? ` [${record.violations.map((v) => v.message).join(", ")}]`
+            : "";
+        // Using stderr to not interfere with application output
+        process.stderr.write(`[AI-Shield] ${icon} | ${record.scanDurationMs.toFixed(1)}ms | agent=${record.agentId ?? "-"} | ${record.inputHash.substring(0, 8)}...${violations}\n`);
+    }
+}
+exports.ConsoleAuditStore = ConsoleAuditStore;
+// --- Memory Store (for testing) ---
+class MemoryAuditStore {
+    records = [];
+    async write(record) {
+        this.records.push(record);
+    }
+    async writeBatch(records) {
+        this.records.push(...records);
+    }
+    async flush() { }
+    async close() { }
+}
+exports.MemoryAuditStore = MemoryAuditStore;
+//# sourceMappingURL=logger.js.map

package/dist/audit/logger.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"logger.js","sourceRoot":"","sources":["../../src/audit/logger.ts"],"names":[],"mappings":";;;AAAA,6CAAyC;AACzC,6CAAyC;AAezC,MAAa,WAAW;IACd,KAAK,CAAa;IAClB,MAAM,GAAkB,EAAE,CAAC;IAC3B,SAAS,CAAS;IAClB,UAAU,GAA0C,IAAI,CAAC;IAEjE,YAAY,MAAyB;QACnC,IAAI,CAAC,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC;QAC1B,IAAI,CAAC,SAAS,GAAG,MAAM,CAAC,SAAS,IAAI,GAAG,CAAC;QACzC,MAAM,OAAO,GAAG,MAAM,CAAC,eAAe,IAAI,IAAI,CAAC;QAE/C,IAAI,CAAC,UAAU,GAAG,WAAW,CAAC,GAAG,EAAE;YACjC,KAAK,IAAI,CAAC,KAAK,EAAE,CAAC;QACpB,CAAC,EAAE,OAAO,CAAC,CAAC;IACd,CAAC;IAED,wBAAwB;IACxB,KAAK,CAAC,GAAG,CACP,KAAa,EACb,MAAkB,EAClB,UAAuB,EAAE,EACzB,QAKI,EAAE;QAEN,MAAM,MAAM,GAAgB;YAC1B,EAAE,EAAE,IAAA,wBAAU,GAAE;YAChB,SAAS,EAAE,IAAI,IAAI,EAAE;YACrB,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,UAAU,EAAE,OAAO,CAAC,MAAM;gBACxB,CAAC,CAAC,IAAA,wBAAU,EAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC;gBAC5E,CAAC,CAAC,SAAS;YACb,WAAW,EAAE,OAAO,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,MAAM;YACzD,SAAS,EAAE,IAAA,wBAAU,EAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;YAC3D,eAAe,EAAE,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,EAAE,iBAAiB;YAC/D,KAAK,EAAE,KAAK,CAAC,KAAK;YAClB,gBAAgB,EAAE,MAAM,CAAC,QAAQ;YACjC,cAAc,EAAE,MAAM,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC;gBAC1C,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC;gBACpD,CAAC,CAAC,SAAS;YACb,UAAU,EAAE,MAAM,CAAC,UAAU;YAC7B,cAAc,EAAE,MAAM,CAAC,IAAI,CAAC,cAAc;YAC1C,gBAAgB,EAAE,KAAK,CAAC,gBAAgB;YACxC,WAAW,EAAE,KAAK,CAAC,WAAW;YAC9B,OAAO,EAAE,KAAK,CAAC,OAAO;SACvB,CAAC;QAEF,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAEzB,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;YACzC,MAAM,IAAI,CAAC,KAAK,EAAE,CAAC;QACrB,CAAC;IACH,CAAC;IAED,sCAAsC;IACtC,KAAK,CAAC,KAAK;QACT,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO;QAErC,MAAM,KAAK,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;QACpC,MAAM,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;IACrC,CAAC;IAED,4CAA4C;IAC5C,KAAK,CAAC,KAAK;QACT,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;YACpB,aAAa,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YAC/B,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC;QACzB,CAAC;QACD,MAAM,IAAI,CAAC,KAAK,EAAE,CAAC;QACnB,MAAM,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;IAC3B,CAAC;CACF;AA3ED,kCA2EC;AAED,0CAA0C;AAE1C,MAAa,iBAAiB;IAC5B,KAAK,CAAC,KAAK,CAAC,MAAmB;QAC7B,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IACrB,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,OAAsB;QACrC,KAAK,MAAM,MAAM,IAAI,OAAO;YAAE,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IACnD,CAAC;IAED,KAAK,CAAC,KAAK,KAA+B,CAAC;IAC3C,KAAK,CAAC,KAAK,KAA+B,CAAC;IAEnC,KAAK,CAAC,MAAmB;QAC/B,MAAM,IAAI,GAAG,MAAM,CAAC,gBAAgB,KAAK,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,gBAAgB,KAAK,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC;QACpH,MAAM,UAAU,GAAG,MAAM,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC;YAC7C,CAAC,CAAC,KAAK,MAAM,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG;YAC5D,CAAC,CAAC,EAAE,CAAC;QACP,wDAAwD;QACxD,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,eAAe,IAAI,MAAM,MAAM,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC,CAAC,cAAc,MAAM,CAAC,OAAO,IAAI,GAAG,MAAM,MAAM,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,CAAC,MAAM,UAAU,IAAI,CACvJ,CAAC;IACJ,CAAC;CACF;AAtBD,8CAsBC;AAED,qCAAqC;AAErC,MAAa,gBAAgB;IAC3B,OAAO,GAAkB,EAAE,CAAC;IAE5B,KAAK,CAAC,KAAK,CAAC,MAAmB;QAC7B,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAC5B,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,OAAsB;QACrC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,OAAO,CAAC,CAAC;IAChC,CAAC;IAED,KAAK,CAAC,KAAK,KAA+B,CAAC;IAC3C,KAAK,CAAC,KAAK,KAA+B,CAAC;CAC5C;AAbD,4CAaC"}

package/dist/audit/types.d.ts

@@ -0,0 +1,12 @@
+import type { AuditRecord } from "../types.js";
+export interface AuditStore {
+    /** Write a single record */
+    write(record: AuditRecord): Promise<void>;
+    /** Write a batch of records */
+    writeBatch(records: AuditRecord[]): Promise<void>;
+    /** Flush any buffered records */
+    flush(): Promise<void>;
+    /** Close the store */
+    close(): Promise<void>;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/audit/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/audit/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAM/C,MAAM,WAAW,UAAU;IACzB,4BAA4B;IAC5B,KAAK,CAAC,MAAM,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC1C,+BAA+B;IAC/B,UAAU,CAAC,OAAO,EAAE,WAAW,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAClD,iCAAiC;IACjC,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;IACvB,sBAAsB;IACtB,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;CACxB"}

package/dist/audit/types.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=types.js.map

package/dist/audit/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/audit/types.ts"],"names":[],"mappings":""}

package/dist/cache/lru.d.ts

@@ -0,0 +1,27 @@
+export interface LRUCacheConfig {
+    /** Maximum number of cached entries (default: 1000) */
+    maxSize?: number;
+    /** Time-to-live in milliseconds (default: 300_000 = 5 minutes) */
+    ttlMs?: number;
+}
+export declare class ScanLRUCache<V = unknown> {
+    private cache;
+    private readonly maxSize;
+    private readonly ttlMs;
+    constructor(config?: LRUCacheConfig);
+    /** Get a cached value. Returns undefined on miss or expiry. Promotes to MRU on hit. */
+    get(key: string): V | undefined;
+    /** Store a value. Evicts LRU entry if at capacity. */
+    set(key: string, value: V): void;
+    /** Check if key exists and is not expired */
+    has(key: string): boolean;
+    /** Delete a specific key */
+    delete(key: string): boolean;
+    /** Clear all entries */
+    clear(): void;
+    /** Current number of entries (may include expired) */
+    get size(): number;
+    /** Remove all expired entries. Returns count of removed entries. */
+    prune(): number;
+}
+//# sourceMappingURL=lru.d.ts.map

package/dist/cache/lru.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"lru.d.ts","sourceRoot":"","sources":["../../src/cache/lru.ts"],"names":[],"mappings":"AAKA,MAAM,WAAW,cAAc;IAC7B,uDAAuD;IACvD,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,kEAAkE;IAClE,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAOD,qBAAa,YAAY,CAAC,CAAC,GAAG,OAAO;IACnC,OAAO,CAAC,KAAK,CAAoC;IACjD,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAS;IACjC,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAS;gBAEnB,MAAM,GAAE,cAAmB;IAKvC,uFAAuF;IACvF,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,CAAC,GAAG,SAAS;IAe/B,sDAAsD;IACtD,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,GAAG,IAAI;IAgBhC,6CAA6C;IAC7C,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO;IAIzB,4BAA4B;IAC5B,MAAM,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO;IAI5B,wBAAwB;IACxB,KAAK,IAAI,IAAI;IAIb,sDAAsD;IACtD,IAAI,IAAI,IAAI,MAAM,CAEjB;IAED,oEAAoE;IACpE,KAAK,IAAI,MAAM;CAWhB"}

package/dist/cache/lru.js

@@ -0,0 +1,74 @@
+"use strict";
+// ============================================================
+// LRU Cache — O(1) scan result caching with TTL
+// Uses Map insertion-order for LRU eviction
+// ============================================================
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ScanLRUCache = void 0;
+class ScanLRUCache {
+    cache = new Map();
+    maxSize;
+    ttlMs;
+    constructor(config = {}) {
+        this.maxSize = config.maxSize ?? 1000;
+        this.ttlMs = config.ttlMs ?? 300_000;
+    }
+    /** Get a cached value. Returns undefined on miss or expiry. Promotes to MRU on hit. */
+    get(key) {
+        const entry = this.cache.get(key);
+        if (!entry)
+            return undefined;
+        if (Date.now() > entry.expiresAt) {
+            this.cache.delete(key);
+            return undefined;
+        }
+        // Promote to most-recently-used (Map maintains insertion order)
+        this.cache.delete(key);
+        this.cache.set(key, entry);
+        return entry.value;
+    }
+    /** Store a value. Evicts LRU entry if at capacity. */
+    set(key, value) {
+        // Remove existing to update position
+        this.cache.delete(key);
+        // Evict oldest (first in Map) if at capacity
+        if (this.cache.size >= this.maxSize) {
+            const oldestKey = this.cache.keys().next().value;
+            this.cache.delete(oldestKey);
+        }
+        this.cache.set(key, {
+            value,
+            expiresAt: Date.now() + this.ttlMs,
+        });
+    }
+    /** Check if key exists and is not expired */
+    has(key) {
+        return this.get(key) !== undefined;
+    }
+    /** Delete a specific key */
+    delete(key) {
+        return this.cache.delete(key);
+    }
+    /** Clear all entries */
+    clear() {
+        this.cache.clear();
+    }
+    /** Current number of entries (may include expired) */
+    get size() {
+        return this.cache.size;
+    }
+    /** Remove all expired entries. Returns count of removed entries. */
+    prune() {
+        const now = Date.now();
+        let removed = 0;
+        for (const [key, entry] of this.cache) {
+            if (now > entry.expiresAt) {
+                this.cache.delete(key);
+                removed++;
+            }
+        }
+        return removed;
+    }
+}
+exports.ScanLRUCache = ScanLRUCache;
+//# sourceMappingURL=lru.js.map

package/dist/cache/lru.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"lru.js","sourceRoot":"","sources":["../../src/cache/lru.ts"],"names":[],"mappings":";AAAA,+DAA+D;AAC/D,gDAAgD;AAChD,4CAA4C;AAC5C,+DAA+D;;;AAc/D,MAAa,YAAY;IACf,KAAK,GAAG,IAAI,GAAG,EAAyB,CAAC;IAChC,OAAO,CAAS;IAChB,KAAK,CAAS;IAE/B,YAAY,SAAyB,EAAE;QACrC,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC,OAAO,IAAI,IAAI,CAAC;QACtC,IAAI,CAAC,KAAK,GAAG,MAAM,CAAC,KAAK,IAAI,OAAO,CAAC;IACvC,CAAC;IAED,uFAAuF;IACvF,GAAG,CAAC,GAAW;QACb,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAClC,IAAI,CAAC,KAAK;YAAE,OAAO,SAAS,CAAC;QAE7B,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC,SAAS,EAAE,CAAC;YACjC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YACvB,OAAO,SAAS,CAAC;QACnB,CAAC;QAED,gEAAgE;QAChE,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACvB,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;QAC3B,OAAO,KAAK,CAAC,KAAK,CAAC;IACrB,CAAC;IAED,sDAAsD;IACtD,GAAG,CAAC,GAAW,EAAE,KAAQ;QACvB,qCAAqC;QACrC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAEvB,6CAA6C;QAC7C,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YACpC,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,IAAI,EAAE,CAAC,KAAe,CAAC;YAC3D,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QAC/B,CAAC;QAED,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,EAAE;YAClB,KAAK;YACL,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,KAAK;SACnC,CAAC,CAAC;IACL,CAAC;IAED,6CAA6C;IAC7C,GAAG,CAAC,GAAW;QACb,OAAO,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,KAAK,SAAS,CAAC;IACrC,CAAC;IAED,4BAA4B;IAC5B,MAAM,CAAC,GAAW;QAChB,OAAO,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IAChC,CAAC;IAED,wBAAwB;IACxB,KAAK;QACH,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;IACrB,CAAC;IAED,sDAAsD;IACtD,IAAI,IAAI;QACN,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC;IACzB,CAAC;IAED,oEAAoE;IACpE,KAAK;QACH,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,IAAI,OAAO,GAAG,CAAC,CAAC;QAChB,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACtC,IAAI,GAAG,GAAG,KAAK,CAAC,SAAS,EAAE,CAAC;gBAC1B,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;gBACvB,OAAO,EAAE,CAAC;YACZ,CAAC;QACH,CAAC;QACD,OAAO,OAAO,CAAC;IACjB,CAAC;CACF;AA3ED,oCA2EC"}

package/dist/cost/anomaly.d.ts

@@ -0,0 +1,10 @@
+export interface AnomalyResult {
+    isAnomaly: boolean;
+    zScore: number;
+    currentValue: number;
+    mean: number;
+    stdDev: number;
+}
+/** Detect anomalies using z-score (>2.5 standard deviations = anomaly) */
+export declare function detectAnomaly(currentValue: number, historicalValues: number[], threshold?: number): AnomalyResult;
+//# sourceMappingURL=anomaly.d.ts.map

package/dist/cost/anomaly.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"anomaly.d.ts","sourceRoot":"","sources":["../../src/cost/anomaly.ts"],"names":[],"mappings":"AAKA,MAAM,WAAW,aAAa;IAC5B,SAAS,EAAE,OAAO,CAAC;IACnB,MAAM,EAAE,MAAM,CAAC;IACf,YAAY,EAAE,MAAM,CAAC;IACrB,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,0EAA0E;AAC1E,wBAAgB,aAAa,CAC3B,YAAY,EAAE,MAAM,EACpB,gBAAgB,EAAE,MAAM,EAAE,EAC1B,SAAS,GAAE,MAAY,GACtB,aAAa,CAsCf"}

package/dist/cost/anomaly.js

@@ -0,0 +1,42 @@
+"use strict";
+// ============================================================
+// Cost Anomaly Detection — Z-Score based
+// Flags unusual spending patterns
+// ============================================================
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.detectAnomaly = detectAnomaly;
+/** Detect anomalies using z-score (>2.5 standard deviations = anomaly) */
+function detectAnomaly(currentValue, historicalValues, threshold = 2.5) {
+    if (historicalValues.length < 3) {
+        // Not enough data to determine anomaly
+        return {
+            isAnomaly: false,
+            zScore: 0,
+            currentValue,
+            mean: currentValue,
+            stdDev: 0,
+        };
+    }
+    const mean = historicalValues.reduce((a, b) => a + b, 0) / historicalValues.length;
+    const variance = historicalValues.reduce((sum, val) => sum + (val - mean) ** 2, 0) /
+        historicalValues.length;
+    const stdDev = Math.sqrt(variance);
+    if (stdDev === 0) {
+        return {
+            isAnomaly: currentValue !== mean,
+            zScore: currentValue === mean ? 0 : Infinity,
+            currentValue,
+            mean,
+            stdDev: 0,
+        };
+    }
+    const zScore = (currentValue - mean) / stdDev;
+    return {
+        isAnomaly: zScore > threshold,
+        zScore,
+        currentValue,
+        mean,
+        stdDev,
+    };
+}
+//# sourceMappingURL=anomaly.js.map

package/dist/cost/anomaly.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"anomaly.js","sourceRoot":"","sources":["../../src/cost/anomaly.ts"],"names":[],"mappings":";AAAA,+DAA+D;AAC/D,yCAAyC;AACzC,kCAAkC;AAClC,+DAA+D;;AAW/D,sCA0CC;AA3CD,0EAA0E;AAC1E,SAAgB,aAAa,CAC3B,YAAoB,EACpB,gBAA0B,EAC1B,YAAoB,GAAG;IAEvB,IAAI,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAChC,uCAAuC;QACvC,OAAO;YACL,SAAS,EAAE,KAAK;YAChB,MAAM,EAAE,CAAC;YACT,YAAY;YACZ,IAAI,EAAE,YAAY;YAClB,MAAM,EAAE,CAAC;SACV,CAAC;IACJ,CAAC;IAED,MAAM,IAAI,GACR,gBAAgB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,GAAG,gBAAgB,CAAC,MAAM,CAAC;IACxE,MAAM,QAAQ,GACZ,gBAAgB,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACjE,gBAAgB,CAAC,MAAM,CAAC;IAC1B,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAEnC,IAAI,MAAM,KAAK,CAAC,EAAE,CAAC;QACjB,OAAO;YACL,SAAS,EAAE,YAAY,KAAK,IAAI;YAChC,MAAM,EAAE,YAAY,KAAK,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ;YAC5C,YAAY;YACZ,IAAI;YACJ,MAAM,EAAE,CAAC;SACV,CAAC;IACJ,CAAC;IAED,MAAM,MAAM,GAAG,CAAC,YAAY,GAAG,IAAI,CAAC,GAAG,MAAM,CAAC;IAE9C,OAAO;QACL,SAAS,EAAE,MAAM,GAAG,SAAS;QAC7B,MAAM;QACN,YAAY;QACZ,IAAI;QACJ,MAAM;KACP,CAAC;AACJ,CAAC"}

package/dist/cost/pricing.d.ts

@@ -0,0 +1,7 @@
+import type { ModelPricing } from "../types.js";
+export declare const MODEL_PRICING: Record<string, ModelPricing>;
+/** Get pricing for a model, fallback to gpt-4o-mini rates */
+export declare function getModelPricing(model: string): ModelPricing;
+/** Estimate cost for a given number of tokens */
+export declare function estimateCost(model: string, inputTokens: number, outputTokens: number): number;
+//# sourceMappingURL=pricing.d.ts.map

package/dist/cost/pricing.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"pricing.d.ts","sourceRoot":"","sources":["../../src/cost/pricing.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAOhD,eAAO,MAAM,aAAa,EAAE,MAAM,CAAC,MAAM,EAAE,YAAY,CAsBtD,CAAC;AAEF,6DAA6D;AAC7D,wBAAgB,eAAe,CAAC,KAAK,EAAE,MAAM,GAAG,YAAY,CAY3D;AAED,iDAAiD;AACjD,wBAAgB,YAAY,CAC1B,KAAK,EAAE,MAAM,EACb,WAAW,EAAE,MAAM,EACnB,YAAY,EAAE,MAAM,GACnB,MAAM,CAMR"}

package/dist/cost/pricing.js

@@ -0,0 +1,51 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.MODEL_PRICING = void 0;
+exports.getModelPricing = getModelPricing;
+exports.estimateCost = estimateCost;
+// ============================================================
+// Model Pricing Table — Updated Feb 2026
+// Prices in USD per 1M tokens
+// ============================================================
+exports.MODEL_PRICING = {
+    // OpenAI
+    "gpt-5.2": { inputPer1M: 2.50, outputPer1M: 10.0 },
+    "gpt-5.1": { inputPer1M: 2.50, outputPer1M: 10.0 },
+    "gpt-5": { inputPer1M: 2.50, outputPer1M: 10.0 },
+    "gpt-4.1": { inputPer1M: 2.00, outputPer1M: 8.00 },
+    "gpt-4o": { inputPer1M: 2.50, outputPer1M: 10.0 },
+    "gpt-4o-mini": { inputPer1M: 0.15, outputPer1M: 0.60 },
+    "o3": { inputPer1M: 10.0, outputPer1M: 40.0 },
+    "o3-mini": { inputPer1M: 1.10, outputPer1M: 4.40 },
+    "o4-mini": { inputPer1M: 1.10, outputPer1M: 4.40 },
+    // Anthropic
+    "claude-opus-4-6": { inputPer1M: 15.0, outputPer1M: 75.0 },
+    "claude-sonnet-4-6": { inputPer1M: 3.0, outputPer1M: 15.0 },
+    "claude-haiku-4-5": { inputPer1M: 0.80, outputPer1M: 4.0 },
+    // Aliases
+    "gpt-5.2-turbo": { inputPer1M: 2.50, outputPer1M: 10.0 },
+    opus: { inputPer1M: 15.0, outputPer1M: 75.0 },
+    sonnet: { inputPer1M: 3.0, outputPer1M: 15.0 },
+    haiku: { inputPer1M: 0.80, outputPer1M: 4.0 },
+};
+/** Get pricing for a model, fallback to gpt-4o-mini rates */
+function getModelPricing(model) {
+    // Try exact match
+    const exact = exports.MODEL_PRICING[model];
+    if (exact)
+        return exact;
+    // Try prefix match (e.g., "gpt-4o-2024-08-06" → "gpt-4o")
+    for (const [key, pricing] of Object.entries(exports.MODEL_PRICING)) {
+        if (model.startsWith(key))
+            return pricing;
+    }
+    // Fallback
+    return { inputPer1M: 0.15, outputPer1M: 0.60 };
+}
+/** Estimate cost for a given number of tokens */
+function estimateCost(model, inputTokens, outputTokens) {
+    const pricing = getModelPricing(model);
+    return ((inputTokens / 1_000_000) * pricing.inputPer1M +
+        (outputTokens / 1_000_000) * pricing.outputPer1M);
+}
+//# sourceMappingURL=pricing.js.map

package/dist/cost/pricing.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"pricing.js","sourceRoot":"","sources":["../../src/cost/pricing.ts"],"names":[],"mappings":";;;AAgCA,0CAYC;AAGD,oCAUC;AAvDD,+DAA+D;AAC/D,yCAAyC;AACzC,8BAA8B;AAC9B,+DAA+D;AAElD,QAAA,aAAa,GAAiC;IACzD,SAAS;IACT,SAAS,EAAE,EAAE,UAAU,EAAE,IAAI,EAAE,WAAW,EAAE,IAAI,EAAE;IAClD,SAAS,EAAE,EAAE,UAAU,EAAE,IAAI,EAAE,WAAW,EAAE,IAAI,EAAE;IAClD,OAAO,EAAE,EAAE,UAAU,EAAE,IAAI,EAAE,WAAW,EAAE,IAAI,EAAE;IAChD,SAAS,EAAE,EAAE,UAAU,EAAE,IAAI,EAAE,WAAW,EAAE,IAAI,EAAE;IAClD,QAAQ,EAAE,EAAE,UAAU,EAAE,IAAI,EAAE,WAAW,EAAE,IAAI,EAAE;IACjD,aAAa,EAAE,EAAE,UAAU,EAAE,IAAI,EAAE,WAAW,EAAE,IAAI,EAAE;IACtD,IAAI,EAAE,EAAE,UAAU,EAAE,IAAI,EAAE,WAAW,EAAE,IAAI,EAAE;IAC7C,SAAS,EAAE,EAAE,UAAU,EAAE,IAAI,EAAE,WAAW,EAAE,IAAI,EAAE;IAClD,SAAS,EAAE,EAAE,UAAU,EAAE,IAAI,EAAE,WAAW,EAAE,IAAI,EAAE;IAElD,YAAY;IACZ,iBAAiB,EAAE,EAAE,UAAU,EAAE,IAAI,EAAE,WAAW,EAAE,IAAI,EAAE;IAC1D,mBAAmB,EAAE,EAAE,UAAU,EAAE,GAAG,EAAE,WAAW,EAAE,IAAI,EAAE;IAC3D,kBAAkB,EAAE,EAAE,UAAU,EAAE,IAAI,EAAE,WAAW,EAAE,GAAG,EAAE;IAE1D,UAAU;IACV,eAAe,EAAE,EAAE,UAAU,EAAE,IAAI,EAAE,WAAW,EAAE,IAAI,EAAE;IACxD,IAAI,EAAE,EAAE,UAAU,EAAE,IAAI,EAAE,WAAW,EAAE,IAAI,EAAE;IAC7C,MAAM,EAAE,EAAE,UAAU,EAAE,GAAG,EAAE,WAAW,EAAE,IAAI,EAAE;IAC9C,KAAK,EAAE,EAAE,UAAU,EAAE,IAAI,EAAE,WAAW,EAAE,GAAG,EAAE;CAC9C,CAAC;AAEF,6DAA6D;AAC7D,SAAgB,eAAe,CAAC,KAAa;IAC3C,kBAAkB;IAClB,MAAM,KAAK,GAAG,qBAAa,CAAC,KAAK,CAAC,CAAC;IACnC,IAAI,KAAK;QAAE,OAAO,KAAK,CAAC;IAExB,0DAA0D;IAC1D,KAAK,MAAM,CAAC,GAAG,EAAE,OAAO,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,qBAAa,CAAC,EAAE,CAAC;QAC3D,IAAI,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC;YAAE,OAAO,OAAO,CAAC;IAC5C,CAAC;IAED,WAAW;IACX,OAAO,EAAE,UAAU,EAAE,IAAI,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC;AACjD,CAAC;AAED,iDAAiD;AACjD,SAAgB,YAAY,CAC1B,KAAa,EACb,WAAmB,EACnB,YAAoB;IAEpB,MAAM,OAAO,GAAG,eAAe,CAAC,KAAK,CAAC,CAAC;IACvC,OAAO,CACL,CAAC,WAAW,GAAG,SAAS,CAAC,GAAG,OAAO,CAAC,UAAU;QAC9C,CAAC,YAAY,GAAG,SAAS,CAAC,GAAG,OAAO,CAAC,WAAW,CACjD,CAAC;AACJ,CAAC"}

package/dist/cost/tracker.d.ts

@@ -0,0 +1,24 @@
+import type { BudgetConfig, BudgetCheckResult, CostRecord } from "../types.js";
+/** Minimal Redis interface (compatible with ioredis) */
+export interface RedisLike {
+    get(key: string): Promise<string | null>;
+    incrbyfloat(key: string, increment: number): Promise<string>;
+    expire(key: string, seconds: number): Promise<number>;
+}
+export declare class CostTracker {
+    private store;
+    private budgets;
+    private records;
+    constructor(budgets?: Record<string, BudgetConfig>, redis?: RedisLike);
+    /** Check if a request is within budget BEFORE sending to LLM */
+    checkBudget(entityId: string, model: string, estimatedInputTokens: number, estimatedOutputTokens?: number): Promise<BudgetCheckResult>;
+    /** Record actual cost AFTER receiving response */
+    recordCost(entityId: string, model: string, inputTokens: number, outputTokens: number): Promise<CostRecord>;
+    /** Get current spend for an entity */
+    getCurrentSpend(entityId: string): Promise<number>;
+    /** Get all recorded costs (for export/audit) */
+    getRecords(): CostRecord[];
+    private budgetKey;
+    private periodSeconds;
+}
+//# sourceMappingURL=tracker.d.ts.map

package/dist/cost/tracker.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"tracker.d.ts","sourceRoot":"","sources":["../../src/cost/tracker.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,YAAY,EACZ,iBAAiB,EAEjB,UAAU,EACX,MAAM,aAAa,CAAC;AASrB,wDAAwD;AACxD,MAAM,WAAW,SAAS;IACxB,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IACzC,WAAW,CAAC,GAAG,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAC7D,MAAM,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;CACvD;AAgCD,qBAAa,WAAW;IACtB,OAAO,CAAC,KAAK,CAAY;IACzB,OAAO,CAAC,OAAO,CAA4B;IAC3C,OAAO,CAAC,OAAO,CAAoB;gBAGjC,OAAO,GAAE,MAAM,CAAC,MAAM,EAAE,YAAY,CAAM,EAC1C,KAAK,CAAC,EAAE,SAAS;IAMnB,gEAAgE;IAC1D,WAAW,CACf,QAAQ,EAAE,MAAM,EAChB,KAAK,EAAE,MAAM,EACb,oBAAoB,EAAE,MAAM,EAC5B,qBAAqB,GAAE,MAAY,GAClC,OAAO,CAAC,iBAAiB,CAAC;IAgC7B,kDAAkD;IAC5C,UAAU,CACd,QAAQ,EAAE,MAAM,EAChB,KAAK,EAAE,MAAM,EACb,WAAW,EAAE,MAAM,EACnB,YAAY,EAAE,MAAM,GACnB,OAAO,CAAC,UAAU,CAAC;IA+BtB,sCAAsC;IAChC,eAAe,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAOxD,gDAAgD;IAChD,UAAU,IAAI,UAAU,EAAE;IAI1B,OAAO,CAAC,SAAS;IAmBjB,OAAO,CAAC,aAAa;CAUtB"}

package/dist/cost/tracker.js

@@ -0,0 +1,136 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CostTracker = void 0;
+const pricing_js_1 = require("./pricing.js");
+/** In-memory fallback store */
+class MemoryStore {
+    data = new Map();
+    async get(key) {
+        const entry = this.data.get(key);
+        if (!entry)
+            return null;
+        if (entry.expiresAt && Date.now() > entry.expiresAt) {
+            this.data.delete(key);
+            return null;
+        }
+        return entry.value;
+    }
+    async incrbyfloat(key, increment) {
+        const current = parseFloat((await this.get(key)) ?? "0");
+        const newValue = (current + increment).toString();
+        const entry = this.data.get(key);
+        this.data.set(key, { value: newValue, expiresAt: entry?.expiresAt });
+        return newValue;
+    }
+    async expire(key, seconds) {
+        const entry = this.data.get(key);
+        if (!entry)
+            return 0;
+        entry.expiresAt = Date.now() + seconds * 1000;
+        return 1;
+    }
+}
+class CostTracker {
+    store;
+    budgets;
+    records = [];
+    constructor(budgets = {}, redis) {
+        this.store = redis ?? new MemoryStore();
+        this.budgets = new Map(Object.entries(budgets));
+    }
+    /** Check if a request is within budget BEFORE sending to LLM */
+    async checkBudget(entityId, model, estimatedInputTokens, estimatedOutputTokens = 500) {
+        const budget = this.budgets.get(entityId);
+        if (!budget) {
+            return { allowed: true, currentSpend: 0, remainingBudget: Infinity };
+        }
+        const estimated = (0, pricing_js_1.estimateCost)(model, estimatedInputTokens, estimatedOutputTokens);
+        const key = this.budgetKey(entityId, budget.period);
+        const currentSpend = parseFloat((await this.store.get(key)) ?? "0");
+        if (currentSpend + estimated > budget.hardLimit) {
+            return {
+                allowed: false,
+                currentSpend,
+                remainingBudget: Math.max(0, budget.hardLimit - currentSpend),
+                warning: `Hard budget limit reached: $${currentSpend.toFixed(2)} / $${budget.hardLimit}`,
+            };
+        }
+        const warning = currentSpend + estimated > budget.softLimit
+            ? `Approaching budget: $${currentSpend.toFixed(2)} / $${budget.hardLimit} (${Math.round((currentSpend / budget.hardLimit) * 100)}%)`
+            : undefined;
+        return {
+            allowed: true,
+            currentSpend,
+            remainingBudget: budget.hardLimit - currentSpend,
+            warning,
+        };
+    }
+    /** Record actual cost AFTER receiving response */
+    async recordCost(entityId, model, inputTokens, outputTokens) {
+        const cost = (0, pricing_js_1.estimateCost)(model, inputTokens, outputTokens);
+        const record = {
+            entityId,
+            model,
+            inputTokens,
+            outputTokens,
+            cost,
+            timestamp: new Date(),
+        };
+        // Update budget counter
+        const budget = this.budgets.get(entityId);
+        if (budget) {
+            const key = this.budgetKey(entityId, budget.period);
+            await this.store.incrbyfloat(key, cost);
+            await this.store.expire(key, this.periodSeconds(budget.period) * 2);
+        }
+        // Also update any matching broader budgets (global, etc.)
+        const globalBudget = this.budgets.get("global");
+        if (globalBudget && entityId !== "global") {
+            const globalKey = this.budgetKey("global", globalBudget.period);
+            await this.store.incrbyfloat(globalKey, cost);
+            await this.store.expire(globalKey, this.periodSeconds(globalBudget.period) * 2);
+        }
+        this.records.push(record);
+        return record;
+    }
+    /** Get current spend for an entity */
+    async getCurrentSpend(entityId) {
+        const budget = this.budgets.get(entityId);
+        if (!budget)
+            return 0;
+        const key = this.budgetKey(entityId, budget.period);
+        return parseFloat((await this.store.get(key)) ?? "0");
+    }
+    /** Get all recorded costs (for export/audit) */
+    getRecords() {
+        return [...this.records];
+    }
+    budgetKey(entityId, period) {
+        const now = new Date();
+        let periodKey;
+        switch (period) {
+            case "hourly":
+                periodKey = `${now.getUTCFullYear()}-${now.getUTCMonth()}-${now.getUTCDate()}-${now.getUTCHours()}`;
+                break;
+            case "daily":
+                periodKey = `${now.getUTCFullYear()}-${now.getUTCMonth()}-${now.getUTCDate()}`;
+                break;
+            case "monthly":
+                periodKey = `${now.getUTCFullYear()}-${now.getUTCMonth()}`;
+                break;
+        }
+        return `ai-shield:cost:${entityId}:${periodKey}`;
+    }
+    periodSeconds(period) {
+        switch (period) {
+            case "hourly":
+                return 3600;
+            case "daily":
+                return 86400;
+            case "monthly":
+                return 86400 * 31;
+        }
+    }
+}
+exports.CostTracker = CostTracker;
+//# sourceMappingURL=tracker.js.map

package/dist/cost/tracker.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"tracker.js","sourceRoot":"","sources":["../../src/cost/tracker.ts"],"names":[],"mappings":";;;AAMA,6CAA4C;AAe5C,+BAA+B;AAC/B,MAAM,WAAW;IACP,IAAI,GAAG,IAAI,GAAG,EAAiD,CAAC;IAExE,KAAK,CAAC,GAAG,CAAC,GAAW;QACnB,MAAM,KAAK,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACjC,IAAI,CAAC,KAAK;YAAE,OAAO,IAAI,CAAC;QACxB,IAAI,KAAK,CAAC,SAAS,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC,SAAS,EAAE,CAAC;YACpD,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YACtB,OAAO,IAAI,CAAC;QACd,CAAC;QACD,OAAO,KAAK,CAAC,KAAK,CAAC;IACrB,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,GAAW,EAAE,SAAiB;QAC9C,MAAM,OAAO,GAAG,UAAU,CAAC,CAAC,MAAM,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC;QACzD,MAAM,QAAQ,GAAG,CAAC,OAAO,GAAG,SAAS,CAAC,CAAC,QAAQ,EAAE,CAAC;QAClD,MAAM,KAAK,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACjC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE,SAAS,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC,CAAC;QACrE,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,GAAW,EAAE,OAAe;QACvC,MAAM,KAAK,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACjC,IAAI,CAAC,KAAK;YAAE,OAAO,CAAC,CAAC;QACrB,KAAK,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,OAAO,GAAG,IAAI,CAAC;QAC9C,OAAO,CAAC,CAAC;IACX,CAAC;CACF;AAED,MAAa,WAAW;IACd,KAAK,CAAY;IACjB,OAAO,CAA4B;IACnC,OAAO,GAAiB,EAAE,CAAC;IAEnC,YACE,UAAwC,EAAE,EAC1C,KAAiB;QAEjB,IAAI,CAAC,KAAK,GAAG,KAAK,IAAI,IAAI,WAAW,EAAE,CAAC;QACxC,IAAI,CAAC,OAAO,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC;IAClD,CAAC;IAED,gEAAgE;IAChE,KAAK,CAAC,WAAW,CACf,QAAgB,EAChB,KAAa,EACb,oBAA4B,EAC5B,wBAAgC,GAAG;QAEnC,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QAC1C,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,YAAY,EAAE,CAAC,EAAE,eAAe,EAAE,QAAQ,EAAE,CAAC;QACvE,CAAC;QAED,MAAM,SAAS,GAAG,IAAA,yBAAY,EAAC,KAAK,EAAE,oBAAoB,EAAE,qBAAqB,CAAC,CAAC;QACnF,MAAM,GAAG,GAAG,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;QACpD,MAAM,YAAY,GAAG,UAAU,CAAC,CAAC,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC;QAEpE,IAAI,YAAY,GAAG,SAAS,GAAG,MAAM,CAAC,SAAS,EAAE,CAAC;YAChD,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,YAAY;gBACZ,eAAe,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,MAAM,CAAC,SAAS,GAAG,YAAY,CAAC;gBAC7D,OAAO,EAAE,+BAA+B,YAAY,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,MAAM,CAAC,SAAS,EAAE;aACzF,CAAC;QACJ,CAAC;QAED,MAAM,OAAO,GACX,YAAY,GAAG,SAAS,GAAG,MAAM,CAAC,SAAS;YACzC,CAAC,CAAC,wBAAwB,YAAY,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,MAAM,CAAC,SAAS,KAAK,IAAI,CAAC,KAAK,CAAC,CAAC,YAAY,GAAG,MAAM,CAAC,SAAS,CAAC,GAAG,GAAG,CAAC,IAAI;YACpI,CAAC,CAAC,SAAS,CAAC;QAEhB,OAAO;YACL,OAAO,EAAE,IAAI;YACb,YAAY;YACZ,eAAe,EAAE,MAAM,CAAC,SAAS,GAAG,YAAY;YAChD,OAAO;SACR,CAAC;IACJ,CAAC;IAED,kDAAkD;IAClD,KAAK,CAAC,UAAU,CACd,QAAgB,EAChB,KAAa,EACb,WAAmB,EACnB,YAAoB;QAEpB,MAAM,IAAI,GAAG,IAAA,yBAAY,EAAC,KAAK,EAAE,WAAW,EAAE,YAAY,CAAC,CAAC;QAC5D,MAAM,MAAM,GAAe;YACzB,QAAQ;YACR,KAAK;YACL,WAAW;YACX,YAAY;YACZ,IAAI;YACJ,SAAS,EAAE,IAAI,IAAI,EAAE;SACtB,CAAC;QAEF,wBAAwB;QACxB,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QAC1C,IAAI,MAAM,EAAE,CAAC;YACX,MAAM,GAAG,GAAG,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;YACpD,MAAM,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;YACxC,MAAM,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;QACtE,CAAC;QAED,0DAA0D;QAC1D,MAAM,YAAY,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QAChD,IAAI,YAAY,IAAI,QAAQ,KAAK,QAAQ,EAAE,CAAC;YAC1C,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,YAAY,CAAC,MAAM,CAAC,CAAC;YAChE,MAAM,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;YAC9C,MAAM,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,SAAS,EAAE,IAAI,CAAC,aAAa,CAAC,YAAY,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;QAClF,CAAC;QAED,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAC1B,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,sCAAsC;IACtC,KAAK,CAAC,eAAe,CAAC,QAAgB;QACpC,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QAC1C,IAAI,CAAC,MAAM;YAAE,OAAO,CAAC,CAAC;QACtB,MAAM,GAAG,GAAG,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;QACpD,OAAO,UAAU,CAAC,CAAC,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC;IACxD,CAAC;IAED,gDAAgD;IAChD,UAAU;QACR,OAAO,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC,CAAC;IAC3B,CAAC;IAEO,SAAS,CAAC,QAAgB,EAAE,MAAoB;QACtD,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,IAAI,SAAiB,CAAC;QAEtB,QAAQ,MAAM,EAAE,CAAC;YACf,KAAK,QAAQ;gBACX,SAAS,GAAG,GAAG,GAAG,CAAC,cAAc,EAAE,IAAI,GAAG,CAAC,WAAW,EAAE,IAAI,GAAG,CAAC,UAAU,EAAE,IAAI,GAAG,CAAC,WAAW,EAAE,EAAE,CAAC;gBACpG,MAAM;YACR,KAAK,OAAO;gBACV,SAAS,GAAG,GAAG,GAAG,CAAC,cAAc,EAAE,IAAI,GAAG,CAAC,WAAW,EAAE,IAAI,GAAG,CAAC,UAAU,EAAE,EAAE,CAAC;gBAC/E,MAAM;YACR,KAAK,SAAS;gBACZ,SAAS,GAAG,GAAG,GAAG,CAAC,cAAc,EAAE,IAAI,GAAG,CAAC,WAAW,EAAE,EAAE,CAAC;gBAC3D,MAAM;QACV,CAAC;QAED,OAAO,kBAAkB,QAAQ,IAAI,SAAS,EAAE,CAAC;IACnD,CAAC;IAEO,aAAa,CAAC,MAAoB;QACxC,QAAQ,MAAM,EAAE,CAAC;YACf,KAAK,QAAQ;gBACX,OAAO,IAAI,CAAC;YACd,KAAK,OAAO;gBACV,OAAO,KAAK,CAAC;YACf,KAAK,SAAS;gBACZ,OAAO,KAAK,GAAG,EAAE,CAAC;QACtB,CAAC;IACH,CAAC;CACF;AAlID,kCAkIC"}

package/dist/index.d.ts

@@ -0,0 +1,18 @@
+export { AIShield } from "./shield.js";
+export { HeuristicScanner, type HeuristicConfig } from "./scanner/heuristic.js";
+export { PIIScanner } from "./scanner/pii.js";
+export { ScannerChain, type ChainConfig } from "./scanner/chain.js";
+export { injectCanary, checkCanaryLeak } from "./scanner/canary.js";
+export { PolicyEngine, type PolicyPreset } from "./policy/engine.js";
+export { ToolPolicyScanner } from "./policy/tools.js";
+export { CostTracker, type RedisLike } from "./cost/tracker.js";
+export { detectAnomaly, type AnomalyResult } from "./cost/anomaly.js";
+export { getModelPricing, estimateCost, MODEL_PRICING } from "./cost/pricing.js";
+export { AuditLogger, ConsoleAuditStore, MemoryAuditStore } from "./audit/logger.js";
+export type { AuditStore } from "./audit/types.js";
+export { ScanLRUCache, type LRUCacheConfig } from "./cache/lru.js";
+export type { ScanDecision, ScanResult, ScannerResult, Scanner, ScanContext, Violation, ViolationType, PIIType, PIIAction, PIIEntity, PIIConfig, ToolCall, ToolPermissions, ToolPolicy, ToolManifestPin, BudgetPeriod, BudgetConfig, CostEstimate, CostRecord, BudgetCheckResult, ModelPricing, AuditRecord, AuditConfig, ShieldConfig, InjectionConfig, CostConfig, CacheConfig, ToolConfig, PresetName, } from "./types.js";
+import type { ShieldConfig, ScanResult, ScanContext } from "./types.js";
+/** Quick scan — one line, maximum protection */
+export declare function shield(input: string, configOrContext?: ShieldConfig | ScanContext): Promise<ScanResult>;
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AAGvC,OAAO,EAAE,gBAAgB,EAAE,KAAK,eAAe,EAAE,MAAM,wBAAwB,CAAC;AAChF,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAC9C,OAAO,EAAE,YAAY,EAAE,KAAK,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACpE,OAAO,EAAE,YAAY,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAC;AAGpE,OAAO,EAAE,YAAY,EAAE,KAAK,YAAY,EAAE,MAAM,oBAAoB,CAAC;AACrE,OAAO,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAGtD,OAAO,EAAE,WAAW,EAAE,KAAK,SAAS,EAAE,MAAM,mBAAmB,CAAC;AAChE,OAAO,EAAE,aAAa,EAAE,KAAK,aAAa,EAAE,MAAM,mBAAmB,CAAC;AACtE,OAAO,EAAE,eAAe,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC;AAGjF,OAAO,EAAE,WAAW,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;AACrF,YAAY,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAGnD,OAAO,EAAE,YAAY,EAAE,KAAK,cAAc,EAAE,MAAM,gBAAgB,CAAC;AAGnE,YAAY,EAEV,YAAY,EACZ,UAAU,EACV,aAAa,EACb,OAAO,EACP,WAAW,EACX,SAAS,EACT,aAAa,EAEb,OAAO,EACP,SAAS,EACT,SAAS,EACT,SAAS,EAET,QAAQ,EACR,eAAe,EACf,UAAU,EACV,eAAe,EAEf,YAAY,EACZ,YAAY,EACZ,YAAY,EACZ,UAAU,EACV,iBAAiB,EACjB,YAAY,EAEZ,WAAW,EACX,WAAW,EAEX,YAAY,EACZ,eAAe,EACf,UAAU,EACV,WAAW,EACX,UAAU,EACV,UAAU,GACX,MAAM,YAAY,CAAC;AAKpB,OAAO,KAAK,EAAE,YAAY,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAExE,gDAAgD;AAChD,wBAAsB,MAAM,CAC1B,KAAK,EAAE,MAAM,EACb,eAAe,CAAC,EAAE,YAAY,GAAG,WAAW,GAC3C,OAAO,CAAC,UAAU,CAAC,CAarB"}