devfortress-sdk 4.2.0 → 4.2.1

package/dist/agent.js

@@ -0,0 +1,177 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AgentAdapter = void 0;
+exports.validateAgentId = validateAgentId;
+function summarizeInput(input, maxLen, sanitize) {
+    if (!input)
+        return '{}';
+    const keys = Object.keys(input);
+    const summary = {};
+    for (const key of keys) {
+        const val = input[key];
+        if (val === undefined || val === null) {
+            summary[key] = 'null';
+        }
+        else if (typeof val === 'string') {
+            if (sanitize &&
+                (key.toLowerCase().includes('key') ||
+                    key.toLowerCase().includes('token') ||
+                    key.toLowerCase().includes('secret') ||
+                    key.toLowerCase().includes('password'))) {
+                summary[key] = '[REDACTED]';
+            }
+            else {
+                summary[key] = val.length > 64 ? val.substring(0, 61) + '...' : val;
+            }
+        }
+        else if (typeof val === 'number' || typeof val === 'boolean') {
+            summary[key] = String(val);
+        }
+        else if (Array.isArray(val)) {
+            summary[key] = `Array(${val.length})`;
+        }
+        else {
+            summary[key] = '{...}';
+        }
+    }
+    const str = JSON.stringify(summary);
+    return str.length > maxLen ? str.substring(0, maxLen - 3) + '...' : str;
+}
+const AGENT_ID_MAX_LENGTH = 128;
+const AGENT_ID_PATTERN = /^[a-zA-Z0-9_\-.:@]+$/;
+function validateAgentId(agentId) {
+    if (!agentId || typeof agentId !== 'string') {
+        throw new Error('agentId is required and must be a non-empty string');
+    }
+    if (agentId.length > AGENT_ID_MAX_LENGTH) {
+        throw new Error(`agentId must be at most ${AGENT_ID_MAX_LENGTH} characters`);
+    }
+    if (!AGENT_ID_PATTERN.test(agentId)) {
+        throw new Error('agentId may only contain alphanumeric characters, hyphens, underscores, dots, colons, and @');
+    }
+}
+class AgentAdapter {
+    constructor(df, config) {
+        this.sessionToolCounts = new Map();
+        validateAgentId(config.agentId);
+        this.df = df;
+        this.agentId = config.agentId;
+        this.agentName = config.agentName || config.agentId;
+        this.agentIp = config.agentIp || '127.0.0.1';
+        this.maxInputSummaryLength = config.maxInputSummaryLength ?? 256;
+        this.sanitizeInputs = config.sanitizeInputs ?? true;
+        this.onFlagged = config.onFlagged;
+    }
+    async observeToolCall(toolCall, sessionId) {
+        const inputSummary = summarizeInput(toolCall.input, this.maxInputSummaryLength, this.sanitizeInputs);
+        const sid = sessionId || 'default';
+        const count = (this.sessionToolCounts.get(sid) || 0) + 1;
+        this.sessionToolCounts.set(sid, count);
+        const pseudoRequest = {
+            method: 'TOOL_CALL',
+            url: `/agent/${this.agentId}/tool/${toolCall.tool}`,
+            headers: {
+                'user-agent': `DevFortress-Agent/${this.agentName}`,
+                'x-forwarded-for': this.agentIp,
+            },
+        };
+        const result = await this.df.observe(pseudoRequest, {
+            meta: {
+                agent_id: this.agentId,
+                agent_name: this.agentName,
+                tool_name: toolCall.tool,
+                input_summary: inputSummary,
+                duration_ms: toolCall.durationMs,
+                model: toolCall.model,
+                framework: toolCall.framework || 'custom',
+                session_tool_count: count,
+                session_id: sessionId,
+                event_category: 'agent_tool_call',
+            },
+            skipEnrichment: true,
+        });
+        if (result?.flagged && this.onFlagged) {
+            await this.onFlagged(toolCall, result);
+        }
+        return result;
+    }
+    async observeLangChainTool(toolName, toolInput, options) {
+        return this.observeToolCall({
+            tool: toolName,
+            input: toolInput,
+            framework: 'langchain',
+            model: options?.model,
+            durationMs: options?.durationMs,
+        }, options?.sessionId);
+    }
+    async observeOpenAIToolCall(toolCall, options) {
+        let parsedArgs = {};
+        try {
+            parsedArgs = JSON.parse(toolCall.function.arguments);
+        }
+        catch {
+            parsedArgs = { raw: toolCall.function.arguments };
+        }
+        return this.observeToolCall({
+            tool: toolCall.function.name,
+            input: parsedArgs,
+            framework: 'openai',
+            model: options?.model,
+            durationMs: options?.durationMs,
+        }, options?.sessionId);
+    }
+    async observeHttpToolCall(url, method, options) {
+        return this.observeToolCall({
+            tool: `http:${method.toUpperCase()}`,
+            input: { url, status_code: options?.statusCode },
+            framework: 'raw_http',
+            durationMs: options?.durationMs,
+            meta: options?.meta,
+        }, options?.sessionId);
+    }
+    async trackSessionStart(sessionId, taskDescription) {
+        this.sessionToolCounts.set(sessionId, 0);
+        return this.df.observe({
+            method: 'SESSION_START',
+            url: `/agent/${this.agentId}/session/${sessionId}`,
+            headers: {
+                'user-agent': `DevFortress-Agent/${this.agentName}`,
+                'x-forwarded-for': this.agentIp,
+            },
+        }, {
+            meta: {
+                agent_id: this.agentId,
+                session_id: sessionId,
+                task_description: taskDescription,
+                event_category: 'agent_session_start',
+            },
+            skipEnrichment: true,
+        });
+    }
+    async trackSessionEnd(sessionId, summary) {
+        const toolCount = this.sessionToolCounts.get(sessionId) || 0;
+        this.sessionToolCounts.delete(sessionId);
+        return this.df.observe({
+            method: 'SESSION_END',
+            url: `/agent/${this.agentId}/session/${sessionId}`,
+            headers: {
+                'user-agent': `DevFortress-Agent/${this.agentName}`,
+                'x-forwarded-for': this.agentIp,
+            },
+        }, {
+            meta: {
+                agent_id: this.agentId,
+                session_id: sessionId,
+                total_tools: summary?.totalTools ?? toolCount,
+                total_duration_ms: summary?.durationMs,
+                success: summary?.success,
+                event_category: 'agent_session_end',
+            },
+            skipEnrichment: true,
+        });
+    }
+    getSessionToolCount(sessionId) {
+        return this.sessionToolCounts.get(sessionId) || 0;
+    }
+}
+exports.AgentAdapter = AgentAdapter;

package/dist/browser.d.ts

@@ -1,14 +1,5 @@
-/**
- * DevFortress SDK - Browser Entry Point
- *
- * Lightweight browser-compatible client for sending security events
- * from client-side applications. Uses fetch API instead of axios.
- *
- * @packageDocumentation
- */
 export type { DevFortressClientOptions, LiveThreatEvent, EventType, SeverityLevel, ApiResponse, } from './types';
 import type { DevFortressClientOptions } from './types';
-/** @deprecated Use DevFortressClientOptions instead */
 export type BrowserClientOptions = DevFortressClientOptions;
 export declare class DevFortressBrowserClient {
     private apiKey;
@@ -17,9 +8,6 @@ export declare class DevFortressBrowserClient {
     private retries;
     private debug;
     constructor(options: DevFortressClientOptions);
-    /**
-     * Track a security event from the browser
-     */
     trackEvent(event: {
         eventType: string;
         ip?: string;
@@ -37,25 +25,10 @@ export declare class DevFortressBrowserClient {
         eventId?: string;
         message?: string;
     }>;
-    /**
-     * Track a page error as a security event
-     */
     trackError(error: Error, context?: Record<string, unknown>): void;
-    /**
-     * Track a failed API response
-     */
     trackApiFailure(url: string, status: number, method?: string): void;
-    /**
-     * Install global error handler for automatic tracking
-     */
     installGlobalErrorHandler(): () => void;
-    /**
-     * Test connection to the surveillance API
-     */
     testConnection(): Promise<boolean>;
     private sendWithRetry;
 }
-/**
- * Create a pre-configured browser client instance
- */
 export declare function createBrowserClient(options: DevFortressClientOptions): DevFortressBrowserClient;

package/dist/browser.js

@@ -1,12 +1,4 @@
 "use strict";
-/**
- * DevFortress SDK - Browser Entry Point
- *
- * Lightweight browser-compatible client for sending security events
- * from client-side applications. Uses fetch API instead of axios.
- *
- * @packageDocumentation
- */
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.DevFortressBrowserClient = void 0;
 exports.createBrowserClient = createBrowserClient;
@@ -23,17 +15,12 @@ class DevFortressBrowserClient {
         this.timeout = options.timeout || DEFAULT_TIMEOUT;
         this.retries = options.retries || DEFAULT_RETRIES;
         this.debug = options.debug || false;
-        // Warn if endpoint is not HTTPS
         if (this.endpoint.startsWith('http://') &&
             !this.endpoint.includes('localhost') &&
             !this.endpoint.includes('127.0.0.1')) {
-            // eslint-disable-next-line no-console
             console.warn('[DevFortress] WARNING: Using non-HTTPS endpoint. API key will be transmitted in cleartext.');
         }
     }
-    /**
-     * Track a security event from the browser
-     */
     async trackEvent(event) {
         const payload = {
             ...event,
@@ -44,9 +31,6 @@ class DevFortressBrowserClient {
         };
         return this.sendWithRetry(payload, 1);
     }
-    /**
-     * Track a page error as a security event
-     */
     trackError(error, context) {
         this.trackEvent({
             eventType: 'custom',
@@ -57,12 +41,8 @@ class DevFortressBrowserClient {
             },
             severity: 'MEDIUM',
         }).catch(() => {
-            // Silently fail - don't crash the app for telemetry
         });
     }
-    /**
-     * Track a failed API response
-     */
     trackApiFailure(url, status, method = 'GET') {
         let eventType = 'custom';
         let severity = 'LOW';
@@ -90,12 +70,8 @@ class DevFortressBrowserClient {
             severity,
             reason: `API ${method} ${url} returned ${status}`,
         }).catch(() => {
-            // Silently fail
         });
     }
-    /**
-     * Install global error handler for automatic tracking
-     */
     installGlobalErrorHandler() {
         if (typeof window === 'undefined')
             return () => { };
@@ -114,15 +90,11 @@ class DevFortressBrowserClient {
         };
         window.addEventListener('error', handler);
         window.addEventListener('unhandledrejection', rejectionHandler);
-        // Return cleanup function
         return () => {
             window.removeEventListener('error', handler);
             window.removeEventListener('unhandledrejection', rejectionHandler);
         };
     }
-    /**
-     * Test connection to the surveillance API
-     */
     async testConnection() {
         try {
             await this.trackEvent({
@@ -151,7 +123,6 @@ class DevFortressBrowserClient {
             });
             clearTimeout(timeoutId);
             if (!response.ok) {
-                // Don't retry on client errors
                 if (response.status < 500) {
                     const errorData = await response.json().catch(() => ({}));
                     throw new Error(errorData.message || `HTTP ${response.status}`);
@@ -165,7 +136,6 @@ class DevFortressBrowserClient {
             if (attempt < this.retries) {
                 const backoff = Math.pow(2, attempt) * 500;
                 if (this.debug) {
-                    // eslint-disable-next-line no-console
                     console.log(`[DevFortress] Retrying in ${backoff}ms (attempt ${attempt}/${this.retries})`);
                 }
                 await new Promise(resolve => setTimeout(resolve, backoff));
@@ -176,9 +146,6 @@ class DevFortressBrowserClient {
     }
 }
 exports.DevFortressBrowserClient = DevFortressBrowserClient;
-/**
- * Create a pre-configured browser client instance
- */
 function createBrowserClient(options) {
     return new DevFortressBrowserClient(options);
 }

package/dist/circuit-breaker.d.ts

@@ -1,29 +1,7 @@
-/**
- * DevFortress SDK — Platform Circuit Breaker
- *
- * Monitors connectivity to the DevFortress platform and provides
- * automatic failover from external to internal closed-loop mode.
- *
- * Three states:
- *   - CLOSED:    Platform is reachable, external CL is active
- *   - OPEN:      Platform is unreachable, internal CL takes over
- *   - HALF-OPEN: Testing if platform has recovered
- *
- * Transition rules:
- *   CLOSED → OPEN:      After `failureThreshold` consecutive failures
- *   OPEN → HALF-OPEN:   After `recoveryTimeMs` elapsed
- *   HALF-OPEN → CLOSED: First successful call
- *   HALF-OPEN → OPEN:   First failed call
- *
- * @packageDocumentation
- */
 export type CircuitState = 'closed' | 'open' | 'half-open';
 export interface CircuitBreakerConfig {
-    /** Number of consecutive failures before opening the circuit. Default: 3 */
     failureThreshold?: number;
-    /** Time in ms to wait before testing recovery. Default: 60_000 (1 min) */
     recoveryTimeMs?: number;
-    /** Callback when circuit state changes */
     onStateChange?: (from: CircuitState, to: CircuitState, reason: string) => void;
 }
 export declare class PlatformCircuitBreaker {
@@ -34,35 +12,16 @@ export declare class PlatformCircuitBreaker {
     private recoveryTimeMs;
     private onStateChange?;
     constructor(config?: CircuitBreakerConfig);
-    /**
-     * Check if external platform calls should be attempted.
-     * Returns true if the circuit allows external calls (CLOSED or HALF-OPEN).
-     */
     shouldCallExternal(): boolean;
-    /**
-     * Record a successful external call.
-     */
     recordSuccess(): void;
-    /**
-     * Record a failed external call.
-     */
     recordFailure(): void;
-    /**
-     * Get current circuit state.
-     */
     getState(): CircuitState;
-    /**
-     * Get diagnostics info.
-     */
     getDiagnostics(): {
         state: CircuitState;
         failureCount: number;
         lastFailureTime: number;
         msUntilRecoveryAttempt: number;
     };
-    /**
-     * Force reset the circuit breaker to closed state.
-     */
     reset(): void;
     private transition;
 }

package/dist/circuit-breaker.js

@@ -1,23 +1,4 @@
 "use strict";
-/**
- * DevFortress SDK — Platform Circuit Breaker
- *
- * Monitors connectivity to the DevFortress platform and provides
- * automatic failover from external to internal closed-loop mode.
- *
- * Three states:
- *   - CLOSED:    Platform is reachable, external CL is active
- *   - OPEN:      Platform is unreachable, internal CL takes over
- *   - HALF-OPEN: Testing if platform has recovered
- *
- * Transition rules:
- *   CLOSED → OPEN:      After `failureThreshold` consecutive failures
- *   OPEN → HALF-OPEN:   After `recoveryTimeMs` elapsed
- *   HALF-OPEN → CLOSED: First successful call
- *   HALF-OPEN → OPEN:   First failed call
- *
- * @packageDocumentation
- */
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.PlatformCircuitBreaker = void 0;
 class PlatformCircuitBreaker {
@@ -29,36 +10,24 @@ class PlatformCircuitBreaker {
         this.recoveryTimeMs = config.recoveryTimeMs ?? 60000;
         this.onStateChange = config.onStateChange;
     }
-    /**
-     * Check if external platform calls should be attempted.
-     * Returns true if the circuit allows external calls (CLOSED or HALF-OPEN).
-     */
     shouldCallExternal() {
         if (this.state === 'closed')
             return true;
         if (this.state === 'open') {
-            // Check if recovery time has elapsed
             if (Date.now() - this.lastFailureTime >= this.recoveryTimeMs) {
                 this.transition('half-open', 'recovery_timeout_elapsed');
-                return true; // Allow one test call
+                return true;
             }
             return false;
         }
-        // half-open — allow the test call
         return true;
     }
-    /**
-     * Record a successful external call.
-     */
     recordSuccess() {
         if (this.state === 'half-open') {
             this.transition('closed', 'test_call_succeeded');
         }
         this.failureCount = 0;
     }
-    /**
-     * Record a failed external call.
-     */
     recordFailure() {
         this.failureCount++;
         this.lastFailureTime = Date.now();
@@ -70,15 +39,9 @@ class PlatformCircuitBreaker {
             this.transition('open', `${this.failureCount}_consecutive_failures`);
         }
     }
-    /**
-     * Get current circuit state.
-     */
     getState() {
         return this.state;
     }
-    /**
-     * Get diagnostics info.
-     */
     getDiagnostics() {
         const msUntilRecovery = this.state === 'open'
             ? Math.max(0, this.recoveryTimeMs - (Date.now() - this.lastFailureTime))
@@ -90,9 +53,6 @@ class PlatformCircuitBreaker {
             msUntilRecoveryAttempt: msUntilRecovery,
         };
     }
-    /**
-     * Force reset the circuit breaker to closed state.
-     */
     reset() {
         this.transition('closed', 'manual_reset');
         this.failureCount = 0;
@@ -108,7 +68,6 @@ class PlatformCircuitBreaker {
                 this.onStateChange(from, to, reason);
             }
             catch {
-                // Callback errors should not break the circuit breaker
             }
         }
     }

package/dist/client.d.ts

@@ -1,7 +1,3 @@
-/**
- * DevFortress API Client
- * Core client for sending events to DevFortress surveillance API
- */
 import type { DevFortressClientOptions, LiveThreatEvent, ApiResponse } from './types';
 export declare class DevFortressClient {
     private apiKey;
@@ -11,16 +7,7 @@ export declare class DevFortressClient {
     private debug;
     private axios;
     constructor(options: DevFortressClientOptions);
-    /**
-     * Track a security event
-     */
     trackEvent(event: LiveThreatEvent): Promise<ApiResponse>;
-    /**
-     * Send event with automatic retry logic
-     */
     private sendWithRetry;
-    /**
-     * Test connection to surveillance API
-     */
     testConnection(): Promise<boolean>;
 }

package/dist/client.js

@@ -1,8 +1,4 @@
 "use strict";
-/**
- * DevFortress API Client
- * Core client for sending events to DevFortress surveillance API
- */
 var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
@@ -22,11 +18,9 @@ class DevFortressClient {
         this.timeout = options.timeout || DEFAULT_TIMEOUT;
         this.retries = options.retries || DEFAULT_RETRIES;
         this.debug = options.debug || false;
-        // Warn if endpoint is not HTTPS
         if (this.endpoint.startsWith('http://') &&
             !this.endpoint.includes('localhost') &&
             !this.endpoint.includes('127.0.0.1')) {
-            // eslint-disable-next-line no-console
             console.warn('[DevFortress] WARNING: Using non-HTTPS endpoint. API key will be transmitted in cleartext.');
         }
         this.axios = axios_1.default.create({
@@ -38,12 +32,8 @@ class DevFortressClient {
             },
         });
     }
-    /**
-     * Track a security event
-     */
     async trackEvent(event) {
         try {
-            // Add timestamp if not provided
             const payload = {
                 ...event,
                 timestamp: event.timestamp || new Date().toISOString(),
@@ -55,9 +45,6 @@ class DevFortressClient {
             throw new Error(`Failed to track event: ${error instanceof Error ? error.message : 'Unknown error'}`);
         }
     }
-    /**
-     * Send event with automatic retry logic
-     */
     async sendWithRetry(payload, attempt = 1) {
         try {
             const response = await this.axios.post('', payload);
@@ -65,22 +52,17 @@ class DevFortressClient {
         }
         catch (error) {
             const axiosError = error;
-            // Don't retry on client errors (4xx)
             if (axiosError.response?.status && axiosError.response.status < 500) {
                 throw error;
             }
-            // Retry on server errors (5xx) or network errors
             if (attempt < this.retries) {
-                const backoff = Math.pow(2, attempt) * 1000; // Exponential backoff
+                const backoff = Math.pow(2, attempt) * 1000;
                 await new Promise(resolve => setTimeout(resolve, backoff));
                 return this.sendWithRetry(payload, attempt + 1);
             }
             throw error;
         }
     }
-    /**
-     * Test connection to surveillance API
-     */
     async testConnection() {
         try {
             await this.trackEvent({

package/dist/devfortress.d.ts

@@ -0,0 +1,64 @@
+import type { DevFortressConfig, CLMode, ObserveResult, ObserveOptions, ThreatSeverity, ThreatHandler, ActionReport } from './types';
+import { InternalClosedLoopEngine } from './internal-closed-loop-engine';
+import { PlatformCircuitBreaker } from './circuit-breaker';
+import { UnifiedAuditTrail } from './unified-audit';
+import { TierGate } from './tier-gate';
+export declare class DevFortress {
+    private apiKey;
+    private appId;
+    private environment;
+    private debug;
+    private endpoint;
+    private timeout;
+    private retries;
+    private enrichment;
+    private responseWebhook;
+    private cacheConfig;
+    private axios;
+    private apiAxios;
+    private handlers;
+    private mode;
+    private internalEngine;
+    private circuitBreaker;
+    private auditTrail;
+    private tierGate;
+    constructor(config: DevFortressConfig);
+    getMode(): CLMode;
+    getAudit(): UnifiedAuditTrail;
+    getTierGate(): TierGate;
+    getInternalEngine(): InternalClosedLoopEngine | null;
+    getCircuitBreakerDiagnostics(): ReturnType<PlatformCircuitBreaker['getDiagnostics']> | null;
+    observe(req: unknown, options?: ObserveOptions): Promise<ObserveResult | null>;
+    private observeExternal;
+    private observeInternal;
+    private observeHybrid;
+    private relayToExternalAsync;
+    private fireThreatHandlers;
+    enrichEvent(eventId: string, additionalData: Record<string, unknown>): Promise<void>;
+    isBlocked(ip: string, options?: {
+        userId?: string;
+        sessionId?: string;
+    }): Promise<boolean>;
+    onThreatDetected(severity: ThreatSeverity | '*', handler: ThreatHandler): void;
+    reportActionTaken(eventId: string, report: ActionReport): Promise<void>;
+    handleWebhook(rawBody: string, signature: string, timestamp: string): Promise<boolean>;
+    blockIP(ip: string, ttlSeconds?: number): void;
+    unblockIP(ip: string): void;
+    trackEvent(event: {
+        eventType: string;
+        ip: string;
+        severity?: 'LOW' | 'MEDIUM' | 'HIGH' | 'CRITICAL';
+        method?: string;
+        path?: string;
+        userAgent?: string;
+        statusCode?: number;
+        metadata?: Record<string, unknown>;
+    }): Promise<{
+        success: boolean;
+        eventId?: string;
+    }>;
+    registerTestIPs(ips: string[]): Promise<boolean>;
+    testConnection(): Promise<boolean>;
+    private sendWithRetry;
+    private log;
+}