devfortress-sdk 4.2.0 → 4.2.1

package/dist/index.d.ts

@@ -1,35 +1,3 @@
-/**
- * DevFortress SDK v4.0.0 — Main Entry Point (Node.js)
- *
- * For browser usage, import from 'devfortress-sdk/browser' instead.
- * For zero-config quick start, import from 'devfortress-sdk/quick'.
- * For Express middleware, use devfortressMiddleware from this package.
- * For FastAPI/Flask, see the Python middleware in src/middleware/
- *
- * NEW in v4.0 — Closed-Loop Mode Architecture:
- * - Three protection modes: external, internal, hybrid
- * - Circuit breaker with automatic failover (hybrid mode)
- * - Unified audit trail (internal + external merged timeline)
- * - Tier-gated feature access (Starter/Pro/Enterprise)
- * - Backward compatible — existing external-mode code works unchanged
- *
- * v3.3:
- * - Internal Closed-Loop Engine (3-tier deterministic + ML + async relay)
- * - Air-gap mode support (no external dependencies in Tier 1 + 2)
- *
- * v3.2:
- * - Agent security (AgentAdapter, credential management, anomaly detection)
- *
- * v3.1:
- * - Zero-config quick start (df.init({ apiKey }))
- * - Privacy-strict mode, Debug mode
- *
- * v3.0:
- * - DevFortress class with observe(), isBlocked(), onThreatDetected()
- * - AbuseIPDB integration, Token alias security, Webhook handler
- *
- * @packageDocumentation
- */
 export { init, getInstance, getDataSnapshot } from './quick';
 export type { QuickConfig } from './quick';
 export { DevFortress } from './devfortress';

package/dist/index.js

@@ -1,65 +1,27 @@
 "use strict";
-/**
- * DevFortress SDK v4.0.0 — Main Entry Point (Node.js)
- *
- * For browser usage, import from 'devfortress-sdk/browser' instead.
- * For zero-config quick start, import from 'devfortress-sdk/quick'.
- * For Express middleware, use devfortressMiddleware from this package.
- * For FastAPI/Flask, see the Python middleware in src/middleware/
- *
- * NEW in v4.0 — Closed-Loop Mode Architecture:
- * - Three protection modes: external, internal, hybrid
- * - Circuit breaker with automatic failover (hybrid mode)
- * - Unified audit trail (internal + external merged timeline)
- * - Tier-gated feature access (Starter/Pro/Enterprise)
- * - Backward compatible — existing external-mode code works unchanged
- *
- * v3.3:
- * - Internal Closed-Loop Engine (3-tier deterministic + ML + async relay)
- * - Air-gap mode support (no external dependencies in Tier 1 + 2)
- *
- * v3.2:
- * - Agent security (AgentAdapter, credential management, anomaly detection)
- *
- * v3.1:
- * - Zero-config quick start (df.init({ apiKey }))
- * - Privacy-strict mode, Debug mode
- *
- * v3.0:
- * - DevFortress class with observe(), isBlocked(), onThreatDetected()
- * - AbuseIPDB integration, Token alias security, Webhook handler
- *
- * @packageDocumentation
- */
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.devfortressMiddleware = exports.DevFortressClient = exports.InternalClosedLoopEngine = exports.AgentScopeEnforcer = exports.AgentAnomalyDetector = exports.AgentBaselineEngine = exports.AgentCredentialManager = exports.validateAgentId = exports.AgentAdapter = exports.EmergencyBlocklist = exports.TokenAliasManager = exports.getCachedScore = exports.scoreThreat = exports.syncBlacklist = exports.reportIP = exports.checkIP = exports.TierGate = exports.UnifiedAuditTrail = exports.PlatformCircuitBreaker = exports.DevFortress = exports.getDataSnapshot = exports.getInstance = exports.init = void 0;
-// v3.1 — Zero-config quick start
 var quick_1 = require("./quick");
 Object.defineProperty(exports, "init", { enumerable: true, get: function () { return quick_1.init; } });
 Object.defineProperty(exports, "getInstance", { enumerable: true, get: function () { return quick_1.getInstance; } });
 Object.defineProperty(exports, "getDataSnapshot", { enumerable: true, get: function () { return quick_1.getDataSnapshot; } });
-// v3.0 — Primary export
 var devfortress_1 = require("./devfortress");
 Object.defineProperty(exports, "DevFortress", { enumerable: true, get: function () { return devfortress_1.DevFortress; } });
-// v4.0 — Closed-Loop Mode Architecture
 var circuit_breaker_1 = require("./circuit-breaker");
 Object.defineProperty(exports, "PlatformCircuitBreaker", { enumerable: true, get: function () { return circuit_breaker_1.PlatformCircuitBreaker; } });
 var unified_audit_1 = require("./unified-audit");
 Object.defineProperty(exports, "UnifiedAuditTrail", { enumerable: true, get: function () { return unified_audit_1.UnifiedAuditTrail; } });
 var tier_gate_1 = require("./tier-gate");
 Object.defineProperty(exports, "TierGate", { enumerable: true, get: function () { return tier_gate_1.TierGate; } });
-// v3.0 — AbuseIPDB integration
 var abuseipdb_1 = require("./abuseipdb");
 Object.defineProperty(exports, "checkIP", { enumerable: true, get: function () { return abuseipdb_1.checkIP; } });
 Object.defineProperty(exports, "reportIP", { enumerable: true, get: function () { return abuseipdb_1.reportIP; } });
 Object.defineProperty(exports, "syncBlacklist", { enumerable: true, get: function () { return abuseipdb_1.syncBlacklist; } });
 Object.defineProperty(exports, "scoreThreat", { enumerable: true, get: function () { return abuseipdb_1.scoreThreat; } });
 Object.defineProperty(exports, "getCachedScore", { enumerable: true, get: function () { return abuseipdb_1.getCachedScore; } });
-// v3.0 — Token alias security
 var token_alias_1 = require("./token-alias");
 Object.defineProperty(exports, "TokenAliasManager", { enumerable: true, get: function () { return token_alias_1.TokenAliasManager; } });
 Object.defineProperty(exports, "EmergencyBlocklist", { enumerable: true, get: function () { return token_alias_1.EmergencyBlocklist; } });
-// v3.2 — Agent Security (IP-C1 through IP-C5)
 var agent_1 = require("./agent");
 Object.defineProperty(exports, "AgentAdapter", { enumerable: true, get: function () { return agent_1.AgentAdapter; } });
 Object.defineProperty(exports, "validateAgentId", { enumerable: true, get: function () { return agent_1.validateAgentId; } });
@@ -68,10 +30,8 @@ Object.defineProperty(exports, "AgentCredentialManager", { enumerable: true, get
 Object.defineProperty(exports, "AgentBaselineEngine", { enumerable: true, get: function () { return agent_security_1.AgentBaselineEngine; } });
 Object.defineProperty(exports, "AgentAnomalyDetector", { enumerable: true, get: function () { return agent_security_1.AgentAnomalyDetector; } });
 Object.defineProperty(exports, "AgentScopeEnforcer", { enumerable: true, get: function () { return agent_security_1.AgentScopeEnforcer; } });
-// v3.3 — Internal Closed-Loop Engine
 var internal_closed_loop_engine_1 = require("./internal-closed-loop-engine");
 Object.defineProperty(exports, "InternalClosedLoopEngine", { enumerable: true, get: function () { return internal_closed_loop_engine_1.InternalClosedLoopEngine; } });
-// v1.x — Backward compatible exports
 var client_1 = require("./client");
 Object.defineProperty(exports, "DevFortressClient", { enumerable: true, get: function () { return client_1.DevFortressClient; } });
 var express_1 = require("./middleware/express");

package/dist/internal-closed-loop-engine.d.ts

@@ -0,0 +1,123 @@
+import type { ThreatSeverity } from './types';
+export interface InternalCLConfig {
+    failMode?: 'closed' | 'open';
+    enableExternalRelay?: boolean;
+    maxBlockedEntries?: number;
+    maxRateLimitEntries?: number;
+    maxAuditEntries?: number;
+    defaultBlockTtlSeconds?: number;
+    tier2Scorer?: (request: InternalCLRequest) => Promise<number> | number;
+    blockThreshold?: number;
+    rateLimitThreshold?: number;
+    rateLimitMax?: number;
+    rateLimitWindowMs?: number;
+    debug?: boolean;
+    onAction?: (action: InternalCLAction) => Promise<void> | void;
+}
+export interface InternalCLRequest {
+    ip: string;
+    method: string;
+    path: string;
+    userAgent?: string;
+    userId?: string | null;
+    sessionId?: string | null;
+    body?: string;
+    query?: string;
+    headers?: Record<string, string>;
+    agentId?: string;
+    toolName?: string;
+    timestamp?: number;
+}
+export type InternalCLDecision = 'allow' | 'block' | 'rate_limit' | 'challenge' | 'quarantine';
+export interface InternalCLResult {
+    decision: InternalCLDecision;
+    score: number;
+    tier: 1 | 2 | 3;
+    matchedRules: string[];
+    evaluationTimeUs: number;
+    actions: InternalCLAction[];
+    eventId: string;
+}
+export interface InternalCLAction {
+    type: 'block_ip' | 'rate_limit' | 'block_session' | 'block_user' | 'quarantine_agent' | 'log';
+    target: string;
+    reason: string;
+    ttlSeconds: number;
+    timestamp: number;
+    eventId: string;
+}
+export interface InternalCLAuditEntry {
+    eventId: string;
+    timestamp: number;
+    ip: string;
+    decision: InternalCLDecision;
+    score: number;
+    tier: 1 | 2 | 3;
+    matchedRules: string[];
+    userId?: string | null;
+    agentId?: string;
+    path: string;
+    method: string;
+}
+export interface InternalCLRule {
+    name: string;
+    description: string;
+    severity: ThreatSeverity;
+    score: number;
+    decision: InternalCLDecision;
+    match: (req: InternalCLRequest) => boolean;
+    enabled: boolean;
+}
+export declare class InternalClosedLoopEngine {
+    private config;
+    private blockedIPs;
+    private blockedUsers;
+    private blockedSessions;
+    private quarantinedAgents;
+    private rateLimiter;
+    private auditLog;
+    private rules;
+    private eventCounter;
+    constructor(config?: InternalCLConfig);
+    evaluate(req: InternalCLRequest): Promise<InternalCLResult>;
+    blockIP(ip: string, reason: string, ttlSeconds?: number): void;
+    unblockIP(ip: string): boolean;
+    blockUser(userId: string, reason: string, ttlSeconds?: number): void;
+    blockSession(sessionId: string, reason: string, ttlSeconds?: number): void;
+    quarantineAgent(agentId: string, reason: string): void;
+    unquarantineAgent(agentId: string): boolean;
+    isIPBlocked(ip: string): boolean;
+    isAgentQuarantined(agentId: string): boolean;
+    addRule(rule: InternalCLRule): void;
+    removeRule(name: string): boolean;
+    getRules(): ReadonlyArray<Omit<InternalCLRule, 'match'> & {
+        name: string;
+    }>;
+    getAuditLog(limit?: number): ReadonlyArray<InternalCLAuditEntry>;
+    getStats(): {
+        blockedIPs: number;
+        blockedUsers: number;
+        blockedSessions: number;
+        quarantinedAgents: number;
+        rateLimitEntries: number;
+        auditLogSize: number;
+        rulesCount: number;
+        failMode: string;
+    };
+    importBlockedIPs(entries: Array<{
+        ip: string;
+        reason: string;
+        ttlSeconds?: number;
+    }>): number;
+    _reset(): void;
+    private checkBlocked;
+    private evaluateTier1;
+    private checkRateLimit;
+    private recordRequest;
+    private executeActions;
+    private recordAudit;
+    private relayToExternal;
+    private generateEventId;
+    private registerDefaultRules;
+    private log;
+}