burrow-sdk 0.5.0

package/dist/integrations/strands.d.ts

@@ -0,0 +1,81 @@
+/**
+ * Burrow adapter for the Strands Agents framework (TypeScript).
+ *
+ * Provides HookProvider objects that scan user input, tool calls, and tool
+ * results through Burrow for prompt injection detection using Strands'
+ * native hooks system.
+ *
+ * @example
+ * ```ts
+ * import { BurrowGuard } from "burrow-sdk";
+ * import { createBurrowHookProvider } from "burrow-sdk/integrations/strands";
+ *
+ * const guard = new BurrowGuard({ clientId: "...", clientSecret: "..." });
+ * const burrowHooks = createBurrowHookProvider(guard);
+ *
+ * const agent = new Agent({ model, tools: [...], hooks: [burrowHooks] });
+ * ```
+ */
+import type { BurrowGuard } from "../index.js";
+/**
+ * Strands hook event shape, defined locally to avoid requiring
+ * `@strands-agents/sdk-typescript` as a dependency.
+ */
+interface HookEvent {
+    agent?: {
+        name?: string;
+    };
+    messages?: Array<Record<string, unknown>>;
+    tool_use?: {
+        name?: string;
+        input?: Record<string, unknown> | string;
+    };
+    result?: unknown;
+    cancel_tool?: string;
+}
+/** Callback registered on a specific event type. */
+type HookCallback = (event: HookEvent) => Promise<void> | void;
+/** Registry for adding hook callbacks to event types. */
+interface HookRegistry {
+    addCallback(eventType: string, callback: HookCallback): void;
+}
+/** Object returned by factory functions, matching the Strands HookProvider interface. */
+interface HookProvider {
+    registerHooks(registry: HookRegistry): void;
+}
+export interface BurrowHookProviderOptions {
+    /** Static agent name for scan context. Defaults to "strands-agent". */
+    agentName?: string;
+    /** If true, also block on "warn" verdicts. */
+    blockOnWarn?: boolean;
+}
+export interface BurrowHookProviderV2Options {
+    /** If true, also block on "warn" verdicts. */
+    blockOnWarn?: boolean;
+}
+/**
+ * Create a Strands HookProvider that scans through Burrow.
+ *
+ * Uses a static `agentName` for all scans. The returned object has a
+ * `registerHooks(registry)` method that registers callbacks for
+ * BeforeInvocation, BeforeToolCall, and AfterToolCall events.
+ *
+ * @param guard - BurrowGuard instance.
+ * @param options - Configuration options.
+ * @returns A HookProvider to pass to `Agent({ hooks: [...] })`.
+ */
+export declare function createBurrowHookProvider(guard: BurrowGuard, options?: BurrowHookProviderOptions): HookProvider;
+/**
+ * Create a Strands HookProvider with per-agent identity.
+ *
+ * Reads `event.agent.name` from hook events to produce agent identifiers
+ * like `strands:research-agent`. Falls back to `strands` when no agent
+ * name is available.
+ *
+ * @param guard - BurrowGuard instance.
+ * @param options - Configuration options.
+ * @returns A HookProvider to pass to `Agent({ hooks: [...] })`.
+ */
+export declare function createBurrowHookProviderV2(guard: BurrowGuard, options?: BurrowHookProviderV2Options): HookProvider;
+export {};
+//# sourceMappingURL=strands.d.ts.map

package/dist/integrations/strands.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"strands.d.ts","sourceRoot":"","sources":["../../src/integrations/strands.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAG/C;;;GAGG;AACH,UAAU,SAAS;IACjB,KAAK,CAAC,EAAE;QAAE,IAAI,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;IAC1B,QAAQ,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;IAC1C,QAAQ,CAAC,EAAE;QAAE,IAAI,CAAC,EAAE,MAAM,CAAC;QAAC,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,MAAM,CAAA;KAAE,CAAC;IACvE,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,oDAAoD;AACpD,KAAK,YAAY,GAAG,CAAC,KAAK,EAAE,SAAS,KAAK,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC;AAE/D,yDAAyD;AACzD,UAAU,YAAY;IACpB,WAAW,CAAC,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE,YAAY,GAAG,IAAI,CAAC;CAC9D;AAED,yFAAyF;AACzF,UAAU,YAAY;IACpB,aAAa,CAAC,QAAQ,EAAE,YAAY,GAAG,IAAI,CAAC;CAC7C;AAED,MAAM,WAAW,yBAAyB;IACxC,uEAAuE;IACvE,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,8CAA8C;IAC9C,WAAW,CAAC,EAAE,OAAO,CAAC;CACvB;AAED,MAAM,WAAW,2BAA2B;IAC1C,8CAA8C;IAC9C,WAAW,CAAC,EAAE,OAAO,CAAC;CACvB;AA+DD;;;;;;;;;;GAUG;AACH,wBAAgB,wBAAwB,CACtC,KAAK,EAAE,WAAW,EAClB,OAAO,GAAE,yBAA8B,GACtC,YAAY,CAuGd;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,0BAA0B,CACxC,KAAK,EAAE,WAAW,EAClB,OAAO,GAAE,2BAAgC,GACxC,YAAY,CAiHd"}

package/dist/integrations/strands.js

@@ -0,0 +1,274 @@
+/**
+ * Burrow adapter for the Strands Agents framework (TypeScript).
+ *
+ * Provides HookProvider objects that scan user input, tool calls, and tool
+ * results through Burrow for prompt injection detection using Strands'
+ * native hooks system.
+ *
+ * @example
+ * ```ts
+ * import { BurrowGuard } from "burrow-sdk";
+ * import { createBurrowHookProvider } from "burrow-sdk/integrations/strands";
+ *
+ * const guard = new BurrowGuard({ clientId: "...", clientSecret: "..." });
+ * const burrowHooks = createBurrowHookProvider(guard);
+ *
+ * const agent = new Agent({ model, tools: [...], hooks: [burrowHooks] });
+ * ```
+ */
+/**
+ * Extract scannable text from tool input arguments.
+ * Prioritizes known text-bearing fields, falls back to JSON serialization.
+ */
+function extractToolInputText(toolInput) {
+    const textFields = ["command", "content", "query", "text", "url", "file_path", "pattern"];
+    const parts = [];
+    for (const key of textFields) {
+        if (key in toolInput && toolInput[key] != null) {
+            parts.push(String(toolInput[key]));
+        }
+    }
+    return parts.length > 0 ? parts.join(" ").trim() : JSON.stringify(toolInput);
+}
+/**
+ * Extract user-facing text from the last message in the conversation.
+ * Handles both string content and content arrays with text parts.
+ */
+function extractUserInputText(messages) {
+    if (messages.length === 0)
+        return "";
+    const lastMsg = messages[messages.length - 1];
+    if (!lastMsg)
+        return "";
+    const content = lastMsg.content;
+    if (typeof content === "string")
+        return content;
+    if (Array.isArray(content)) {
+        const parts = [];
+        for (const part of content) {
+            if (typeof part === "object" && part !== null && "text" in part) {
+                parts.push(String(part.text));
+            }
+            else if (typeof part === "string") {
+                parts.push(part);
+            }
+        }
+        return parts.join(" ");
+    }
+    return "";
+}
+/**
+ * Determine whether a scan result should trigger a block.
+ */
+function shouldBlock(result, blockOnWarn) {
+    return result.action === "block" || (blockOnWarn && result.action === "warn");
+}
+/**
+ * Build the blocked-message string used when tool output is flagged.
+ */
+function buildBlockedMessage(toolName, result) {
+    return (`[BLOCKED by Burrow] Tool output from '${toolName}' was flagged: ` +
+        `${result.category} (${Math.round(result.confidence * 100)}% confidence). ` +
+        `Treat with caution.`);
+}
+/**
+ * Create a Strands HookProvider that scans through Burrow.
+ *
+ * Uses a static `agentName` for all scans. The returned object has a
+ * `registerHooks(registry)` method that registers callbacks for
+ * BeforeInvocation, BeforeToolCall, and AfterToolCall events.
+ *
+ * @param guard - BurrowGuard instance.
+ * @param options - Configuration options.
+ * @returns A HookProvider to pass to `Agent({ hooks: [...] })`.
+ */
+export function createBurrowHookProvider(guard, options = {}) {
+    const agentName = options.agentName ?? "strands-agent";
+    const blockOnWarn = options.blockOnWarn ?? false;
+    return {
+        registerHooks(registry) {
+            // Scan user input before the agent processes it
+            registry.addCallback("BeforeInvocation", async (event) => {
+                const messages = event.messages;
+                if (!messages || messages.length === 0)
+                    return;
+                const text = extractUserInputText(messages).trim();
+                if (!text)
+                    return;
+                const result = await guard.scan(text, {
+                    contentType: "user_prompt",
+                    agent: agentName,
+                });
+                if (shouldBlock(result, blockOnWarn)) {
+                    console.warn(`[burrow] Blocked user input: ${result.category} (${Math.round(result.confidence * 100)}% confidence)`);
+                }
+            });
+            // Scan tool arguments before execution
+            registry.addCallback("BeforeToolCall", async (event) => {
+                const toolUse = event.tool_use;
+                const toolName = toolUse?.name ?? "unknown";
+                const toolInput = toolUse?.input;
+                let text = "";
+                if (typeof toolInput === "object" && toolInput !== null) {
+                    text = extractToolInputText(toolInput);
+                }
+                else if (typeof toolInput === "string") {
+                    text = toolInput;
+                }
+                text = text.trim();
+                if (!text)
+                    return;
+                const result = await guard.scan(text, {
+                    contentType: "tool_call",
+                    agent: agentName,
+                    toolName,
+                });
+                if (shouldBlock(result, blockOnWarn)) {
+                    event.cancel_tool =
+                        `Blocked by Burrow: ${result.category} ` +
+                            `(${Math.round(result.confidence * 100)}% confidence). ` +
+                            `DO NOT retry this tool call.`;
+                    console.warn(`[burrow] Blocked tool call ${toolName}: ${result.category} (${Math.round(result.confidence * 100)}% confidence)`);
+                }
+            });
+            // Scan tool output for indirect injection
+            registry.addCallback("AfterToolCall", async (event) => {
+                const resultData = event.result;
+                if (resultData == null)
+                    return;
+                const text = String(resultData).slice(0, 4096).trim();
+                if (!text)
+                    return;
+                const toolUse = event.tool_use;
+                const toolName = toolUse?.name ?? "unknown";
+                const scanResult = await guard.scan(text, {
+                    contentType: "tool_response",
+                    agent: agentName,
+                    toolName,
+                });
+                if (shouldBlock(scanResult, blockOnWarn)) {
+                    const blockedMsg = buildBlockedMessage(toolName, scanResult);
+                    if (typeof resultData === "object" &&
+                        resultData !== null &&
+                        "toolUseId" in resultData) {
+                        event.result = {
+                            toolUseId: resultData.toolUseId,
+                            status: "error",
+                            content: [{ text: blockedMsg }],
+                        };
+                    }
+                    else {
+                        console.warn("[burrow] Blocked tool result is not a dict with toolUseId; replacing with blocked message string.");
+                        event.result = blockedMsg;
+                    }
+                    console.warn(`[burrow] Flagged tool output from ${toolName}: ${scanResult.category} (${Math.round(scanResult.confidence * 100)}% confidence)`);
+                }
+            });
+        },
+    };
+}
+/**
+ * Create a Strands HookProvider with per-agent identity.
+ *
+ * Reads `event.agent.name` from hook events to produce agent identifiers
+ * like `strands:research-agent`. Falls back to `strands` when no agent
+ * name is available.
+ *
+ * @param guard - BurrowGuard instance.
+ * @param options - Configuration options.
+ * @returns A HookProvider to pass to `Agent({ hooks: [...] })`.
+ */
+export function createBurrowHookProviderV2(guard, options = {}) {
+    const blockOnWarn = options.blockOnWarn ?? false;
+    function resolveAgent(event) {
+        const name = event.agent?.name;
+        if (name)
+            return `strands:${name}`;
+        return "strands";
+    }
+    return {
+        registerHooks(registry) {
+            // Scan user input before the agent processes it
+            registry.addCallback("BeforeInvocation", async (event) => {
+                const messages = event.messages;
+                if (!messages || messages.length === 0)
+                    return;
+                const text = extractUserInputText(messages).trim();
+                if (!text)
+                    return;
+                const agentName = resolveAgent(event);
+                const result = await guard.scan(text, {
+                    contentType: "user_prompt",
+                    agent: agentName,
+                });
+                if (shouldBlock(result, blockOnWarn)) {
+                    console.warn(`[burrow] Blocked user input for agent '${agentName}': ${result.category} (${Math.round(result.confidence * 100)}% confidence)`);
+                }
+            });
+            // Scan tool arguments before execution
+            registry.addCallback("BeforeToolCall", async (event) => {
+                const toolUse = event.tool_use;
+                const toolName = toolUse?.name ?? "unknown";
+                const toolInput = toolUse?.input;
+                let text = "";
+                if (typeof toolInput === "object" && toolInput !== null) {
+                    text = extractToolInputText(toolInput);
+                }
+                else if (typeof toolInput === "string") {
+                    text = toolInput;
+                }
+                text = text.trim();
+                if (!text)
+                    return;
+                const agentName = resolveAgent(event);
+                const result = await guard.scan(text, {
+                    contentType: "tool_call",
+                    agent: agentName,
+                    toolName,
+                });
+                if (shouldBlock(result, blockOnWarn)) {
+                    event.cancel_tool =
+                        `Blocked by Burrow: ${result.category} ` +
+                            `(${Math.round(result.confidence * 100)}% confidence). ` +
+                            `DO NOT retry this tool call.`;
+                    console.warn(`[burrow] Blocked tool call ${toolName} for agent '${agentName}': ${result.category} (${Math.round(result.confidence * 100)}% confidence)`);
+                }
+            });
+            // Scan tool output for indirect injection
+            registry.addCallback("AfterToolCall", async (event) => {
+                const resultData = event.result;
+                if (resultData == null)
+                    return;
+                const text = String(resultData).slice(0, 4096).trim();
+                if (!text)
+                    return;
+                const toolUse = event.tool_use;
+                const toolName = toolUse?.name ?? "unknown";
+                const agentName = resolveAgent(event);
+                const scanResult = await guard.scan(text, {
+                    contentType: "tool_response",
+                    agent: agentName,
+                    toolName,
+                });
+                if (shouldBlock(scanResult, blockOnWarn)) {
+                    const blockedMsg = buildBlockedMessage(toolName, scanResult);
+                    if (typeof resultData === "object" &&
+                        resultData !== null &&
+                        "toolUseId" in resultData) {
+                        event.result = {
+                            toolUseId: resultData.toolUseId,
+                            status: "error",
+                            content: [{ text: blockedMsg }],
+                        };
+                    }
+                    else {
+                        console.warn("[burrow] Blocked tool result is not a dict with toolUseId; replacing with blocked message string.");
+                        event.result = blockedMsg;
+                    }
+                    console.warn(`[burrow] Flagged tool output from ${toolName} for agent '${agentName}': ${scanResult.category} (${Math.round(scanResult.confidence * 100)}% confidence)`);
+                }
+            });
+        },
+    };
+}
+//# sourceMappingURL=strands.js.map

package/dist/integrations/strands.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"strands.js","sourceRoot":"","sources":["../../src/integrations/strands.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AA0CH;;;GAGG;AACH,SAAS,oBAAoB,CAAC,SAAkC;IAC9D,MAAM,UAAU,GAAG,CAAC,SAAS,EAAE,SAAS,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,WAAW,EAAE,SAAS,CAAC,CAAC;IAC1F,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,KAAK,MAAM,GAAG,IAAI,UAAU,EAAE,CAAC;QAC7B,IAAI,GAAG,IAAI,SAAS,IAAI,SAAS,CAAC,GAAG,CAAC,IAAI,IAAI,EAAE,CAAC;YAC/C,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;QACrC,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;AAC/E,CAAC;AAED;;;GAGG;AACH,SAAS,oBAAoB,CAAC,QAAwC;IACpE,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,CAAC;IAErC,MAAM,OAAO,GAAG,QAAQ,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAC9C,IAAI,CAAC,OAAO;QAAE,OAAO,EAAE,CAAC;IAExB,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC;IAChC,IAAI,OAAO,OAAO,KAAK,QAAQ;QAAE,OAAO,OAAO,CAAC;IAEhD,IAAI,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QAC3B,MAAM,KAAK,GAAa,EAAE,CAAC;QAC3B,KAAK,MAAM,IAAI,IAAI,OAAO,EAAE,CAAC;YAC3B,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,IAAI,KAAK,IAAI,IAAI,MAAM,IAAI,IAAI,EAAE,CAAC;gBAChE,KAAK,CAAC,IAAI,CAAC,MAAM,CAAE,IAAgC,CAAC,IAAI,CAAC,CAAC,CAAC;YAC7D,CAAC;iBAAM,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;gBACpC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACnB,CAAC;QACH,CAAC;QACD,OAAO,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACzB,CAAC;IAED,OAAO,EAAE,CAAC;AACZ,CAAC;AAED;;GAEG;AACH,SAAS,WAAW,CAAC,MAAkB,EAAE,WAAoB;IAC3D,OAAO,MAAM,CAAC,MAAM,KAAK,OAAO,IAAI,CAAC,WAAW,IAAI,MAAM,CAAC,MAAM,KAAK,MAAM,CAAC,CAAC;AAChF,CAAC;AAED;;GAEG;AACH,SAAS,mBAAmB,CAAC,QAAgB,EAAE,MAAkB;IAC/D,OAAO,CACL,yCAAyC,QAAQ,iBAAiB;QAClE,GAAG,MAAM,CAAC,QAAQ,KAAK,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,UAAU,GAAG,GAAG,CAAC,iBAAiB;QAC3E,qBAAqB,CACtB,CAAC;AACJ,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,UAAU,wBAAwB,CACtC,KAAkB,EAClB,UAAqC,EAAE;IAEvC,MAAM,SAAS,GAAG,OAAO,CAAC,SAAS,IAAI,eAAe,CAAC;IACvD,MAAM,WAAW,GAAG,OAAO,CAAC,WAAW,IAAI,KAAK,CAAC;IAEjD,OAAO;QACL,aAAa,CAAC,QAAsB;YAClC,gDAAgD;YAChD,QAAQ,CAAC,WAAW,CAAC,kBAAkB,EAAE,KAAK,EAAE,KAAgB,EAAE,EAAE;gBAClE,MAAM,QAAQ,GAAG,KAAK,CAAC,QAAQ,CAAC;gBAChC,IAAI,CAAC,QAAQ,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC;oBAAE,OAAO;gBAE/C,MAAM,IAAI,GAAG,oBAAoB,CAAC,QAAQ,CAAC,CAAC,IAAI,EAAE,CAAC;gBACnD,IAAI,CAAC,IAAI;oBAAE,OAAO;gBAElB,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE;oBACpC,WAAW,EAAE,aAAa;oBAC1B,KAAK,EAAE,SAAS;iBACjB,CAAC,CAAC;gBAEH,IAAI,WAAW,CAAC,MAAM,EAAE,WAAW,CAAC,EAAE,CAAC;oBACrC,OAAO,CAAC,IAAI,CACV,gCAAgC,MAAM,CAAC,QAAQ,KAAK,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,UAAU,GAAG,GAAG,CAAC,eAAe,CACvG,CAAC;gBACJ,CAAC;YACH,CAAC,CAAC,CAAC;YAEH,uCAAuC;YACvC,QAAQ,CAAC,WAAW,CAAC,gBAAgB,EAAE,KAAK,EAAE,KAAgB,EAAE,EAAE;gBAChE,MAAM,OAAO,GAAG,KAAK,CAAC,QAAQ,CAAC;gBAC/B,MAAM,QAAQ,GAAG,OAAO,EAAE,IAAI,IAAI,SAAS,CAAC;gBAC5C,MAAM,SAAS,GAAG,OAAO,EAAE,KAAK,CAAC;gBAEjC,IAAI,IAAI,GAAG,EAAE,CAAC;gBACd,IAAI,OAAO,SAAS,KAAK,QAAQ,IAAI,SAAS,KAAK,IAAI,EAAE,CAAC;oBACxD,IAAI,GAAG,oBAAoB,CAAC,SAAoC,CAAC,CAAC;gBACpE,CAAC;qBAAM,IAAI,OAAO,SAAS,KAAK,QAAQ,EAAE,CAAC;oBACzC,IAAI,GAAG,SAAS,CAAC;gBACnB,CAAC;gBAED,IAAI,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;gBACnB,IAAI,CAAC,IAAI;oBAAE,OAAO;gBAElB,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE;oBACpC,WAAW,EAAE,WAAW;oBACxB,KAAK,EAAE,SAAS;oBAChB,QAAQ;iBACT,CAAC,CAAC;gBAEH,IAAI,WAAW,CAAC,MAAM,EAAE,WAAW,CAAC,EAAE,CAAC;oBACrC,KAAK,CAAC,WAAW;wBACf,sBAAsB,MAAM,CAAC,QAAQ,GAAG;4BACxC,IAAI,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,UAAU,GAAG,GAAG,CAAC,iBAAiB;4BACxD,8BAA8B,CAAC;oBACjC,OAAO,CAAC,IAAI,CACV,8BAA8B,QAAQ,KAAK,MAAM,CAAC,QAAQ,KAAK,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,UAAU,GAAG,GAAG,CAAC,eAAe,CAClH,CAAC;gBACJ,CAAC;YACH,CAAC,CAAC,CAAC;YAEH,0CAA0C;YAC1C,QAAQ,CAAC,WAAW,CAAC,eAAe,EAAE,KAAK,EAAE,KAAgB,EAAE,EAAE;gBAC/D,MAAM,UAAU,GAAG,KAAK,CAAC,MAAM,CAAC;gBAChC,IAAI,UAAU,IAAI,IAAI;oBAAE,OAAO;gBAE/B,MAAM,IAAI,GAAG,MAAM,CAAC,UAAU,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC;gBACtD,IAAI,CAAC,IAAI;oBAAE,OAAO;gBAElB,MAAM,OAAO,GAAG,KAAK,CAAC,QAAQ,CAAC;gBAC/B,MAAM,QAAQ,GAAG,OAAO,EAAE,IAAI,IAAI,SAAS,CAAC;gBAE5C,MAAM,UAAU,GAAG,MAAM,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE;oBACxC,WAAW,EAAE,eAAe;oBAC5B,KAAK,EAAE,SAAS;oBAChB,QAAQ;iBACT,CAAC,CAAC;gBAEH,IAAI,WAAW,CAAC,UAAU,EAAE,WAAW,CAAC,EAAE,CAAC;oBACzC,MAAM,UAAU,GAAG,mBAAmB,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;oBAE7D,IACE,OAAO,UAAU,KAAK,QAAQ;wBAC9B,UAAU,KAAK,IAAI;wBACnB,WAAW,IAAI,UAAU,EACzB,CAAC;wBACD,KAAK,CAAC,MAAM,GAAG;4BACb,SAAS,EAAG,UAAsC,CAAC,SAAS;4BAC5D,MAAM,EAAE,OAAO;4BACf,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC;yBAChC,CAAC;oBACJ,CAAC;yBAAM,CAAC;wBACN,OAAO,CAAC,IAAI,CACV,mGAAmG,CACpG,CAAC;wBACF,KAAK,CAAC,MAAM,GAAG,UAAU,CAAC;oBAC5B,CAAC;oBAED,OAAO,CAAC,IAAI,CACV,qCAAqC,QAAQ,KAAK,UAAU,CAAC,QAAQ,KAAK,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,UAAU,GAAG,GAAG,CAAC,eAAe,CACjI,CAAC;gBACJ,CAAC;YACH,CAAC,CAAC,CAAC;QACL,CAAC;KACF,CAAC;AACJ,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,UAAU,0BAA0B,CACxC,KAAkB,EAClB,UAAuC,EAAE;IAEzC,MAAM,WAAW,GAAG,OAAO,CAAC,WAAW,IAAI,KAAK,CAAC;IAEjD,SAAS,YAAY,CAAC,KAAgB;QACpC,MAAM,IAAI,GAAG,KAAK,CAAC,KAAK,EAAE,IAAI,CAAC;QAC/B,IAAI,IAAI;YAAE,OAAO,WAAW,IAAI,EAAE,CAAC;QACnC,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,OAAO;QACL,aAAa,CAAC,QAAsB;YAClC,gDAAgD;YAChD,QAAQ,CAAC,WAAW,CAAC,kBAAkB,EAAE,KAAK,EAAE,KAAgB,EAAE,EAAE;gBAClE,MAAM,QAAQ,GAAG,KAAK,CAAC,QAAQ,CAAC;gBAChC,IAAI,CAAC,QAAQ,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC;oBAAE,OAAO;gBAE/C,MAAM,IAAI,GAAG,oBAAoB,CAAC,QAAQ,CAAC,CAAC,IAAI,EAAE,CAAC;gBACnD,IAAI,CAAC,IAAI;oBAAE,OAAO;gBAElB,MAAM,SAAS,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC;gBAEtC,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE;oBACpC,WAAW,EAAE,aAAa;oBAC1B,KAAK,EAAE,SAAS;iBACjB,CAAC,CAAC;gBAEH,IAAI,WAAW,CAAC,MAAM,EAAE,WAAW,CAAC,EAAE,CAAC;oBACrC,OAAO,CAAC,IAAI,CACV,0CAA0C,SAAS,MAAM,MAAM,CAAC,QAAQ,KAAK,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,UAAU,GAAG,GAAG,CAAC,eAAe,CAChI,CAAC;gBACJ,CAAC;YACH,CAAC,CAAC,CAAC;YAEH,uCAAuC;YACvC,QAAQ,CAAC,WAAW,CAAC,gBAAgB,EAAE,KAAK,EAAE,KAAgB,EAAE,EAAE;gBAChE,MAAM,OAAO,GAAG,KAAK,CAAC,QAAQ,CAAC;gBAC/B,MAAM,QAAQ,GAAG,OAAO,EAAE,IAAI,IAAI,SAAS,CAAC;gBAC5C,MAAM,SAAS,GAAG,OAAO,EAAE,KAAK,CAAC;gBAEjC,IAAI,IAAI,GAAG,EAAE,CAAC;gBACd,IAAI,OAAO,SAAS,KAAK,QAAQ,IAAI,SAAS,KAAK,IAAI,EAAE,CAAC;oBACxD,IAAI,GAAG,oBAAoB,CAAC,SAAoC,CAAC,CAAC;gBACpE,CAAC;qBAAM,IAAI,OAAO,SAAS,KAAK,QAAQ,EAAE,CAAC;oBACzC,IAAI,GAAG,SAAS,CAAC;gBACnB,CAAC;gBAED,IAAI,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;gBACnB,IAAI,CAAC,IAAI;oBAAE,OAAO;gBAElB,MAAM,SAAS,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC;gBAEtC,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE;oBACpC,WAAW,EAAE,WAAW;oBACxB,KAAK,EAAE,SAAS;oBAChB,QAAQ;iBACT,CAAC,CAAC;gBAEH,IAAI,WAAW,CAAC,MAAM,EAAE,WAAW,CAAC,EAAE,CAAC;oBACrC,KAAK,CAAC,WAAW;wBACf,sBAAsB,MAAM,CAAC,QAAQ,GAAG;4BACxC,IAAI,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,UAAU,GAAG,GAAG,CAAC,iBAAiB;4BACxD,8BAA8B,CAAC;oBACjC,OAAO,CAAC,IAAI,CACV,8BAA8B,QAAQ,eAAe,SAAS,MAAM,MAAM,CAAC,QAAQ,KAAK,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,UAAU,GAAG,GAAG,CAAC,eAAe,CAC3I,CAAC;gBACJ,CAAC;YACH,CAAC,CAAC,CAAC;YAEH,0CAA0C;YAC1C,QAAQ,CAAC,WAAW,CAAC,eAAe,EAAE,KAAK,EAAE,KAAgB,EAAE,EAAE;gBAC/D,MAAM,UAAU,GAAG,KAAK,CAAC,MAAM,CAAC;gBAChC,IAAI,UAAU,IAAI,IAAI;oBAAE,OAAO;gBAE/B,MAAM,IAAI,GAAG,MAAM,CAAC,UAAU,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC;gBACtD,IAAI,CAAC,IAAI;oBAAE,OAAO;gBAElB,MAAM,OAAO,GAAG,KAAK,CAAC,QAAQ,CAAC;gBAC/B,MAAM,QAAQ,GAAG,OAAO,EAAE,IAAI,IAAI,SAAS,CAAC;gBAC5C,MAAM,SAAS,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC;gBAEtC,MAAM,UAAU,GAAG,MAAM,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE;oBACxC,WAAW,EAAE,eAAe;oBAC5B,KAAK,EAAE,SAAS;oBAChB,QAAQ;iBACT,CAAC,CAAC;gBAEH,IAAI,WAAW,CAAC,UAAU,EAAE,WAAW,CAAC,EAAE,CAAC;oBACzC,MAAM,UAAU,GAAG,mBAAmB,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;oBAE7D,IACE,OAAO,UAAU,KAAK,QAAQ;wBAC9B,UAAU,KAAK,IAAI;wBACnB,WAAW,IAAI,UAAU,EACzB,CAAC;wBACD,KAAK,CAAC,MAAM,GAAG;4BACb,SAAS,EAAG,UAAsC,CAAC,SAAS;4BAC5D,MAAM,EAAE,OAAO;4BACf,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC;yBAChC,CAAC;oBACJ,CAAC;yBAAM,CAAC;wBACN,OAAO,CAAC,IAAI,CACV,mGAAmG,CACpG,CAAC;wBACF,KAAK,CAAC,MAAM,GAAG,UAAU,CAAC;oBAC5B,CAAC;oBAED,OAAO,CAAC,IAAI,CACV,qCAAqC,QAAQ,eAAe,SAAS,MAAM,UAAU,CAAC,QAAQ,KAAK,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,UAAU,GAAG,GAAG,CAAC,eAAe,CAC1J,CAAC;gBACJ,CAAC;YACH,CAAC,CAAC,CAAC;QACL,CAAC;KACF,CAAC;AACJ,CAAC"}

package/dist/types.d.ts

@@ -0,0 +1,30 @@
+export declare enum ScanAction {
+    ALLOW = "allow",
+    WARN = "warn",
+    BLOCK = "block"
+}
+export interface ScanResult {
+    action: string;
+    confidence: number;
+    category: string;
+    request_id: string;
+    latency_ms: number;
+}
+export type ContentType = "user_prompt" | "tool_call" | "tool_response";
+export interface BurrowConfig {
+    clientId?: string;
+    clientSecret?: string;
+    apiUrl?: string;
+    authUrl?: string;
+    timeout?: number;
+    failOpen?: boolean;
+    sessionId?: string;
+}
+export interface ScanOptions {
+    contentType?: ContentType;
+    agent?: string;
+    toolName?: string;
+    toolArgs?: Record<string, unknown>;
+    resource?: string;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,oBAAY,UAAU;IACpB,KAAK,UAAU;IACf,IAAI,SAAS;IACb,KAAK,UAAU;CAChB;AAED,MAAM,WAAW,UAAU;IACzB,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,MAAM,WAAW,GAAG,aAAa,GAAG,WAAW,GAAG,eAAe,CAAC;AAExE,MAAM,WAAW,YAAY;IAC3B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,WAAW;IAC1B,WAAW,CAAC,EAAE,WAAW,CAAC;IAC1B,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACnC,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB"}

package/dist/types.js

@@ -0,0 +1,7 @@
+export var ScanAction;
+(function (ScanAction) {
+    ScanAction["ALLOW"] = "allow";
+    ScanAction["WARN"] = "warn";
+    ScanAction["BLOCK"] = "block";
+})(ScanAction || (ScanAction = {}));
+//# sourceMappingURL=types.js.map

package/dist/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,MAAM,CAAN,IAAY,UAIX;AAJD,WAAY,UAAU;IACpB,6BAAe,CAAA;IACf,2BAAa,CAAA;IACb,6BAAe,CAAA;AACjB,CAAC,EAJW,UAAU,KAAV,UAAU,QAIrB"}

package/package.json

@@ -0,0 +1,66 @@
+{
+  "name": "burrow-sdk",
+  "version": "0.5.0",
+  "description": "Prompt injection firewall SDK for AI agents",
+  "type": "module",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js"
+    },
+    "./integrations/langchain": {
+      "types": "./dist/integrations/langchain.d.ts",
+      "import": "./dist/integrations/langchain.js"
+    },
+    "./integrations/ai-sdk": {
+      "types": "./dist/integrations/ai-sdk.d.ts",
+      "import": "./dist/integrations/ai-sdk.js"
+    },
+    "./integrations/openai-agents": {
+      "types": "./dist/integrations/openai-agents.d.ts",
+      "import": "./dist/integrations/openai-agents.js"
+    },
+    "./integrations/claude-sdk": {
+      "types": "./dist/integrations/claude-sdk.d.ts",
+      "import": "./dist/integrations/claude-sdk.js"
+    },
+    "./integrations/strands": {
+      "types": "./dist/integrations/strands.d.ts",
+      "import": "./dist/integrations/strands.js"
+    },
+    "./integrations/adk": {
+      "types": "./dist/integrations/adk.d.ts",
+      "import": "./dist/integrations/adk.js"
+    }
+  },
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "scripts": {
+    "build": "tsc",
+    "test": "vitest run",
+    "test:watch": "vitest",
+    "lint": "tsc --noEmit"
+  },
+  "keywords": [
+    "prompt-injection",
+    "firewall",
+    "ai-security",
+    "llm",
+    "guardrails"
+  ],
+  "author": "Burrow",
+  "license": "MIT",
+  "engines": {
+    "node": ">=18"
+  },
+  "files": [
+    "dist",
+    "README.md",
+    "LICENSE"
+  ],
+  "devDependencies": {
+    "@types/node": "^25.2.3",
+    "typescript": "^5.5.0",
+    "vitest": "^2.0.0"
+  }
+}