devfortress-sdk 4.2.0

package/dist/client.js

@@ -0,0 +1,98 @@
+"use strict";
+/**
+ * DevFortress API Client
+ * Core client for sending events to DevFortress surveillance API
+ */
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DevFortressClient = void 0;
+const axios_1 = __importDefault(require("axios"));
+const DEFAULT_ENDPOINT = 'https://www.devfortress.net/api/events/ingest';
+const DEFAULT_TIMEOUT = 5000;
+const DEFAULT_RETRIES = 3;
+class DevFortressClient {
+    constructor(options) {
+        if (!options.apiKey) {
+            throw new Error('DevFortressClient: apiKey is required');
+        }
+        this.apiKey = options.apiKey;
+        this.endpoint = options.endpoint || DEFAULT_ENDPOINT;
+        this.timeout = options.timeout || DEFAULT_TIMEOUT;
+        this.retries = options.retries || DEFAULT_RETRIES;
+        this.debug = options.debug || false;
+        // Warn if endpoint is not HTTPS
+        if (this.endpoint.startsWith('http://') &&
+            !this.endpoint.includes('localhost') &&
+            !this.endpoint.includes('127.0.0.1')) {
+            // eslint-disable-next-line no-console
+            console.warn('[DevFortress] WARNING: Using non-HTTPS endpoint. API key will be transmitted in cleartext.');
+        }
+        this.axios = axios_1.default.create({
+            baseURL: this.endpoint,
+            timeout: this.timeout,
+            headers: {
+                'Content-Type': 'application/json',
+                'X-DevFortress-Key': this.apiKey,
+            },
+        });
+    }
+    /**
+     * Track a security event
+     */
+    async trackEvent(event) {
+        try {
+            // Add timestamp if not provided
+            const payload = {
+                ...event,
+                timestamp: event.timestamp || new Date().toISOString(),
+            };
+            const response = await this.sendWithRetry(payload);
+            return response.data;
+        }
+        catch (error) {
+            throw new Error(`Failed to track event: ${error instanceof Error ? error.message : 'Unknown error'}`);
+        }
+    }
+    /**
+     * Send event with automatic retry logic
+     */
+    async sendWithRetry(payload, attempt = 1) {
+        try {
+            const response = await this.axios.post('', payload);
+            return response;
+        }
+        catch (error) {
+            const axiosError = error;
+            // Don't retry on client errors (4xx)
+            if (axiosError.response?.status && axiosError.response.status < 500) {
+                throw error;
+            }
+            // Retry on server errors (5xx) or network errors
+            if (attempt < this.retries) {
+                const backoff = Math.pow(2, attempt) * 1000; // Exponential backoff
+                await new Promise(resolve => setTimeout(resolve, backoff));
+                return this.sendWithRetry(payload, attempt + 1);
+            }
+            throw error;
+        }
+    }
+    /**
+     * Test connection to surveillance API
+     */
+    async testConnection() {
+        try {
+            await this.trackEvent({
+                eventType: 'custom',
+                ip: '127.0.0.1',
+                metadata: { test: true },
+            });
+            return true;
+        }
+        catch {
+            return false;
+        }
+    }
+}
+exports.DevFortressClient = DevFortressClient;

package/dist/index.d.ts

@@ -0,0 +1,53 @@
+/**
+ * DevFortress SDK v4.0.0 — Main Entry Point (Node.js)
+ *
+ * For browser usage, import from 'devfortress-sdk/browser' instead.
+ * For zero-config quick start, import from 'devfortress-sdk/quick'.
+ * For Express middleware, use devfortressMiddleware from this package.
+ * For FastAPI/Flask, see the Python middleware in src/middleware/
+ *
+ * NEW in v4.0 — Closed-Loop Mode Architecture:
+ * - Three protection modes: external, internal, hybrid
+ * - Circuit breaker with automatic failover (hybrid mode)
+ * - Unified audit trail (internal + external merged timeline)
+ * - Tier-gated feature access (Starter/Pro/Enterprise)
+ * - Backward compatible — existing external-mode code works unchanged
+ *
+ * v3.3:
+ * - Internal Closed-Loop Engine (3-tier deterministic + ML + async relay)
+ * - Air-gap mode support (no external dependencies in Tier 1 + 2)
+ *
+ * v3.2:
+ * - Agent security (AgentAdapter, credential management, anomaly detection)
+ *
+ * v3.1:
+ * - Zero-config quick start (df.init({ apiKey }))
+ * - Privacy-strict mode, Debug mode
+ *
+ * v3.0:
+ * - DevFortress class with observe(), isBlocked(), onThreatDetected()
+ * - AbuseIPDB integration, Token alias security, Webhook handler
+ *
+ * @packageDocumentation
+ */
+export { init, getInstance, getDataSnapshot } from './quick';
+export type { QuickConfig } from './quick';
+export { DevFortress } from './devfortress';
+export { PlatformCircuitBreaker } from './circuit-breaker';
+export type { CircuitState, CircuitBreakerConfig } from './circuit-breaker';
+export { UnifiedAuditTrail } from './unified-audit';
+export type { AuditSource, UnifiedAuditEntry, UnifiedAuditConfig, } from './unified-audit';
+export { TierGate } from './tier-gate';
+export type { SubscriptionTier, TierCapabilities } from './tier-gate';
+export { checkIP, reportIP, syncBlacklist, scoreThreat, getCachedScore, } from './abuseipdb';
+export { TokenAliasManager, EmergencyBlocklist } from './token-alias';
+export type { CacheAdapter, TokenAliasManagerConfig, RevocationReason, } from './token-alias';
+export { AgentAdapter, validateAgentId } from './agent';
+export type { AgentToolCall, AgentAdapterConfig } from './agent';
+export { AgentCredentialManager, AgentBaselineEngine, AgentAnomalyDetector, AgentScopeEnforcer, } from './agent-security';
+export type { AgentCredentialType, AgentCredentialAliasData, AgentBaselineMetrics, AgentSessionRecord, AgentAnomalyType, AgentAnomalySignal, AgentScopeDefinition, } from './agent-security';
+export { InternalClosedLoopEngine } from './internal-closed-loop-engine';
+export type { InternalCLConfig, InternalCLRequest, InternalCLResult, InternalCLDecision, InternalCLAction, InternalCLAuditEntry, InternalCLRule, } from './internal-closed-loop-engine';
+export { DevFortressClient } from './client';
+export { devfortressMiddleware } from './middleware/express';
+export type { CLMode, DevFortressConfig, EnrichmentConfig, ObserveResult, ObserveOptions, ThreatEvent, ThreatSeverity, ThreatHandler, ActionReport, WebhookPayload, AbuseIPDBScore, AbuseIPDBCheckResult, CompositeScoreResult, TokenAliasData, DevFortressClientOptions, LiveThreatEvent, EventType, SeverityLevel, DevFortressMiddlewareOptions, ApiResponse, } from './types';

package/dist/index.js

@@ -0,0 +1,78 @@
+"use strict";
+/**
+ * DevFortress SDK v4.0.0 — Main Entry Point (Node.js)
+ *
+ * For browser usage, import from 'devfortress-sdk/browser' instead.
+ * For zero-config quick start, import from 'devfortress-sdk/quick'.
+ * For Express middleware, use devfortressMiddleware from this package.
+ * For FastAPI/Flask, see the Python middleware in src/middleware/
+ *
+ * NEW in v4.0 — Closed-Loop Mode Architecture:
+ * - Three protection modes: external, internal, hybrid
+ * - Circuit breaker with automatic failover (hybrid mode)
+ * - Unified audit trail (internal + external merged timeline)
+ * - Tier-gated feature access (Starter/Pro/Enterprise)
+ * - Backward compatible — existing external-mode code works unchanged
+ *
+ * v3.3:
+ * - Internal Closed-Loop Engine (3-tier deterministic + ML + async relay)
+ * - Air-gap mode support (no external dependencies in Tier 1 + 2)
+ *
+ * v3.2:
+ * - Agent security (AgentAdapter, credential management, anomaly detection)
+ *
+ * v3.1:
+ * - Zero-config quick start (df.init({ apiKey }))
+ * - Privacy-strict mode, Debug mode
+ *
+ * v3.0:
+ * - DevFortress class with observe(), isBlocked(), onThreatDetected()
+ * - AbuseIPDB integration, Token alias security, Webhook handler
+ *
+ * @packageDocumentation
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.devfortressMiddleware = exports.DevFortressClient = exports.InternalClosedLoopEngine = exports.AgentScopeEnforcer = exports.AgentAnomalyDetector = exports.AgentBaselineEngine = exports.AgentCredentialManager = exports.validateAgentId = exports.AgentAdapter = exports.EmergencyBlocklist = exports.TokenAliasManager = exports.getCachedScore = exports.scoreThreat = exports.syncBlacklist = exports.reportIP = exports.checkIP = exports.TierGate = exports.UnifiedAuditTrail = exports.PlatformCircuitBreaker = exports.DevFortress = exports.getDataSnapshot = exports.getInstance = exports.init = void 0;
+// v3.1 — Zero-config quick start
+var quick_1 = require("./quick");
+Object.defineProperty(exports, "init", { enumerable: true, get: function () { return quick_1.init; } });
+Object.defineProperty(exports, "getInstance", { enumerable: true, get: function () { return quick_1.getInstance; } });
+Object.defineProperty(exports, "getDataSnapshot", { enumerable: true, get: function () { return quick_1.getDataSnapshot; } });
+// v3.0 — Primary export
+var devfortress_1 = require("./devfortress");
+Object.defineProperty(exports, "DevFortress", { enumerable: true, get: function () { return devfortress_1.DevFortress; } });
+// v4.0 — Closed-Loop Mode Architecture
+var circuit_breaker_1 = require("./circuit-breaker");
+Object.defineProperty(exports, "PlatformCircuitBreaker", { enumerable: true, get: function () { return circuit_breaker_1.PlatformCircuitBreaker; } });
+var unified_audit_1 = require("./unified-audit");
+Object.defineProperty(exports, "UnifiedAuditTrail", { enumerable: true, get: function () { return unified_audit_1.UnifiedAuditTrail; } });
+var tier_gate_1 = require("./tier-gate");
+Object.defineProperty(exports, "TierGate", { enumerable: true, get: function () { return tier_gate_1.TierGate; } });
+// v3.0 — AbuseIPDB integration
+var abuseipdb_1 = require("./abuseipdb");
+Object.defineProperty(exports, "checkIP", { enumerable: true, get: function () { return abuseipdb_1.checkIP; } });
+Object.defineProperty(exports, "reportIP", { enumerable: true, get: function () { return abuseipdb_1.reportIP; } });
+Object.defineProperty(exports, "syncBlacklist", { enumerable: true, get: function () { return abuseipdb_1.syncBlacklist; } });
+Object.defineProperty(exports, "scoreThreat", { enumerable: true, get: function () { return abuseipdb_1.scoreThreat; } });
+Object.defineProperty(exports, "getCachedScore", { enumerable: true, get: function () { return abuseipdb_1.getCachedScore; } });
+// v3.0 — Token alias security
+var token_alias_1 = require("./token-alias");
+Object.defineProperty(exports, "TokenAliasManager", { enumerable: true, get: function () { return token_alias_1.TokenAliasManager; } });
+Object.defineProperty(exports, "EmergencyBlocklist", { enumerable: true, get: function () { return token_alias_1.EmergencyBlocklist; } });
+// v3.2 — Agent Security (IP-C1 through IP-C5)
+var agent_1 = require("./agent");
+Object.defineProperty(exports, "AgentAdapter", { enumerable: true, get: function () { return agent_1.AgentAdapter; } });
+Object.defineProperty(exports, "validateAgentId", { enumerable: true, get: function () { return agent_1.validateAgentId; } });
+var agent_security_1 = require("./agent-security");
+Object.defineProperty(exports, "AgentCredentialManager", { enumerable: true, get: function () { return agent_security_1.AgentCredentialManager; } });
+Object.defineProperty(exports, "AgentBaselineEngine", { enumerable: true, get: function () { return agent_security_1.AgentBaselineEngine; } });
+Object.defineProperty(exports, "AgentAnomalyDetector", { enumerable: true, get: function () { return agent_security_1.AgentAnomalyDetector; } });
+Object.defineProperty(exports, "AgentScopeEnforcer", { enumerable: true, get: function () { return agent_security_1.AgentScopeEnforcer; } });
+// v3.3 — Internal Closed-Loop Engine
+var internal_closed_loop_engine_1 = require("./internal-closed-loop-engine");
+Object.defineProperty(exports, "InternalClosedLoopEngine", { enumerable: true, get: function () { return internal_closed_loop_engine_1.InternalClosedLoopEngine; } });
+// v1.x — Backward compatible exports
+var client_1 = require("./client");
+Object.defineProperty(exports, "DevFortressClient", { enumerable: true, get: function () { return client_1.DevFortressClient; } });
+var express_1 = require("./middleware/express");
+Object.defineProperty(exports, "devfortressMiddleware", { enumerable: true, get: function () { return express_1.devfortressMiddleware; } });

package/dist/middleware/express.d.ts

@@ -0,0 +1,9 @@
+/**
+ * Express.js Middleware for DevFortress Surveillance
+ */
+import { Request, Response, NextFunction } from 'express';
+import type { DevFortressMiddlewareOptions } from '../types';
+/**
+ * Create Express middleware for automatic threat monitoring
+ */
+export declare function devfortressMiddleware(options: DevFortressMiddlewareOptions): (req: Request, res: Response, next: NextFunction) => Promise<void>;

package/dist/middleware/express.js

@@ -0,0 +1,236 @@
+"use strict";
+/**
+ * Express.js Middleware for DevFortress Surveillance
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.devfortressMiddleware = devfortressMiddleware;
+const client_1 = require("../client");
+/**
+ * Create Express middleware for automatic threat monitoring
+ */
+function devfortressMiddleware(options) {
+    const client = new client_1.DevFortressClient(options);
+    const { captureBody = false, captureHeaders = false, excludePaths = [], sanitize, onRequest, onError, mode = 'external', } = options;
+    return async function devfortressMiddlewareHandler(req, res, next) {
+        // Skip excluded paths
+        if (excludePaths.some(path => req.path.startsWith(path))) {
+            return next();
+        }
+        const startTime = Date.now();
+        // Capture response
+        const originalSend = res.send;
+        res.send = function (body) {
+            return originalSend.call(this, body);
+        };
+        // Wait for response to finish
+        res.on('finish', async () => {
+            try {
+                const responseTime = Date.now() - startTime;
+                const statusCode = res.statusCode;
+                // Determine if this is a security event
+                let eventType = null;
+                let severity = 'LOW';
+                let reason;
+                // Check for authentication failures
+                if (statusCode === 401 || statusCode === 403) {
+                    eventType = 'auth_failure';
+                    severity = 'MEDIUM';
+                    reason = 'Authentication or authorization failed';
+                }
+                // Check for validation errors
+                else if (statusCode === 400 || statusCode === 422) {
+                    eventType = 'validation_error';
+                    severity = 'LOW';
+                    reason = 'Request validation failed';
+                }
+                // Check for rate limiting
+                else if (statusCode === 429) {
+                    eventType = 'rate_limit_exceeded';
+                    severity = 'MEDIUM';
+                    reason = 'Rate limit exceeded';
+                }
+                // Check for server errors
+                else if (statusCode >= 500) {
+                    eventType = '5xx_error';
+                    severity = 'HIGH';
+                    reason = `Server error: ${statusCode}`;
+                }
+                // Check for client errors
+                else if (statusCode >= 400) {
+                    eventType = '4xx_error';
+                    severity = 'LOW';
+                    reason = `Client error: ${statusCode}`;
+                }
+                // Check for suspicious patterns
+                const suspiciousPatterns = detectSuspiciousPatterns(req);
+                if (suspiciousPatterns.length > 0) {
+                    eventType = 'suspicious_pattern';
+                    severity = 'HIGH';
+                    reason = `Suspicious patterns detected: ${suspiciousPatterns.join(', ')}`;
+                }
+                // Allow custom event detection
+                if (onRequest) {
+                    const customEvent = onRequest(req);
+                    if (customEvent) {
+                        eventType = customEvent.eventType || eventType;
+                        severity = customEvent.severity || severity;
+                        reason = customEvent.reason || reason;
+                    }
+                }
+                // Only track if we detected an event
+                if (eventType) {
+                    let metadata = {
+                        method: req.method,
+                        path: req.path,
+                        query: req.query,
+                        responseTime,
+                    };
+                    if (captureHeaders) {
+                        metadata.headers = req.headers;
+                    }
+                    if (captureBody && req.body) {
+                        metadata.body = req.body;
+                    }
+                    // Sanitize metadata if function provided
+                    if (sanitize) {
+                        metadata = sanitize(metadata);
+                    }
+                    // Determine auth phase: if a userId is present, this is post-auth
+                    const reqAny = req;
+                    const userObj = reqAny.user;
+                    const userId = (typeof reqAny.userId === 'string' ? reqAny.userId : null) ||
+                        (typeof userObj?.id === 'string' ? userObj.id : null);
+                    const sessionId = (typeof reqAny.sessionId === 'string' ? reqAny.sessionId : null) ||
+                        (typeof req.headers['x-session-id'] === 'string' ? req.headers['x-session-id'] : null);
+                    const authPhase = userId ? 'post_auth' : 'pre_auth';
+                    // Determine action taken based on status code and event type
+                    let actionTaken = 'monitored';
+                    if (statusCode === 429) {
+                        actionTaken = 'rate_limited';
+                    }
+                    else if (statusCode === 403) {
+                        actionTaken = 'blocked';
+                    }
+                    else if (statusCode === 401 && userId) {
+                        actionTaken = 'session_revoked';
+                    }
+                    else if (statusCode === 401) {
+                        actionTaken = 'blocked';
+                    }
+                    else if (statusCode >= 400 && statusCode < 500) {
+                        actionTaken = 'flagged';
+                    }
+                    else if (statusCode >= 200 && statusCode < 300 && suspiciousPatterns.length > 0) {
+                        actionTaken = 'flagged';
+                    }
+                    else if (statusCode >= 200 && statusCode < 300) {
+                        actionTaken = 'allowed';
+                    }
+                    // Session remains active if action is not blocking/revoking
+                    const sessionActiveAfterAction = !['blocked', 'session_revoked'].includes(actionTaken);
+                    const event = {
+                        eventType,
+                        ip: getClientIp(req),
+                        method: req.method,
+                        path: req.path,
+                        userAgent: req.get('user-agent') || null,
+                        statusCode,
+                        responseTime,
+                        metadata: { ...metadata },
+                        severity,
+                        reason,
+                        // v3.1 observability fields
+                        clMode: mode,
+                        authPhase,
+                        actionTaken,
+                        responseLatencyMs: responseTime,
+                        userId: userId || null,
+                        sessionId: sessionId || null,
+                        sessionActiveAfterAction,
+                    };
+                    // Track event asynchronously (non-blocking)
+                    client.trackEvent(event).catch(error => {
+                        if (onError) {
+                            onError(error);
+                        }
+                    });
+                }
+            }
+            catch (error) {
+                if (onError) {
+                    onError(error);
+                }
+            }
+        });
+        next();
+    };
+}
+/**
+ * Get client IP address from request
+ */
+function getClientIp(req) {
+    return (req.headers['x-forwarded-for']?.split(',')[0]?.trim() ||
+        req.headers['x-real-ip'] ||
+        req.socket.remoteAddress ||
+        '0.0.0.0');
+}
+/**
+ * Detect suspicious patterns in request
+ */
+function detectSuspiciousPatterns(req) {
+    const patterns = [];
+    // SQL Injection patterns
+    const sqlPatterns = [
+        /('\s*\bor\b\s+'[^']*'\s*=\s*')/i,
+        /(\bunion\b\s+\bselect\b)/i,
+        /(\bdrop\b\s+\btable\b)/i,
+        /(\binsert\b\s+\binto\b)/i,
+        /('\s*or\s*'1'\s*=\s*'1)/i,
+        /(;\s*--)/,
+    ];
+    // XSS patterns
+    const xssPatterns = [
+        /<script[^>]*>[\s\S]*?<\/script>/i,
+        /<iframe[^>]*>[\s\S]*?<\/iframe>/i,
+        /javascript:/i,
+        /onerror\s*=\s*/i,
+        /onload\s*=\s*/i,
+    ];
+    // Path traversal patterns
+    const traversalPatterns = [
+        /\.\.[\/\\]/,
+        /\/etc\/passwd/i,
+        /\/windows\/system32/i,
+    ];
+    let requestString;
+    try {
+        requestString = JSON.stringify({
+            url: req.url,
+            query: req.query,
+            body: req.body,
+        }).slice(0, 10000); // Limit size to prevent performance issues
+    }
+    catch {
+        requestString = req.url || '';
+    }
+    // Check SQL injection
+    if (sqlPatterns.some(pattern => pattern.test(requestString))) {
+        patterns.push('sql_injection');
+    }
+    // Check XSS
+    if (xssPatterns.some(pattern => pattern.test(requestString))) {
+        patterns.push('xss');
+    }
+    // Check path traversal
+    if (traversalPatterns.some(pattern => pattern.test(requestString))) {
+        patterns.push('path_traversal');
+    }
+    // Check for excessive failed auth attempts
+    if (req.headers['x-devfortress-failed-attempts']) {
+        const attempts = parseInt(req.headers['x-devfortress-failed-attempts'], 10);
+        if (attempts > 5) {
+            patterns.push('brute_force');
+        }
+    }
+    return patterns;
+}

package/dist/quick.d.ts

@@ -0,0 +1,37 @@
+/**
+ * DevFortress SDK — Zero-Config Quick Start
+ *
+ * One-line initialization for fastest time-to-first-event:
+ *   import df from 'devfortress-sdk/quick';
+ *   df.init({ apiKey: 'df_...' });
+ *
+ * Auto-detects framework (Express, Fastify, Next.js, Hono)
+ * and applies appropriate middleware configuration.
+ */
+import { DevFortress } from './devfortress';
+export interface QuickConfig {
+    apiKey: string;
+    /** App identifier (auto-generated from package.json name if omitted) */
+    appId?: string;
+    /** Privacy mode: 'standard' | 'strict'. Strict never sends user agents, IPs are hashed */
+    privacy?: 'standard' | 'strict';
+    /** Enable console debug logs: [DF →] / [DF ✗] */
+    debug?: boolean;
+    /** Override ingest endpoint */
+    endpoint?: string;
+    /** Environment tag */
+    environment?: string;
+}
+export declare function init(config: QuickConfig): DevFortress;
+export declare function getInstance(): DevFortress | null;
+/** Data snapshot for privacy transparency — shows what would be sent */
+export declare function getDataSnapshot(req: unknown): {
+    collected: Record<string, string>;
+    neverCollected: string[];
+};
+declare const _default: {
+    init: typeof init;
+    getInstance: typeof getInstance;
+    getDataSnapshot: typeof getDataSnapshot;
+};
+export default _default;

package/dist/quick.js

@@ -0,0 +1,135 @@
+"use strict";
+/**
+ * DevFortress SDK — Zero-Config Quick Start
+ *
+ * One-line initialization for fastest time-to-first-event:
+ *   import df from 'devfortress-sdk/quick';
+ *   df.init({ apiKey: 'df_...' });
+ *
+ * Auto-detects framework (Express, Fastify, Next.js, Hono)
+ * and applies appropriate middleware configuration.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.init = init;
+exports.getInstance = getInstance;
+exports.getDataSnapshot = getDataSnapshot;
+const devfortress_1 = require("./devfortress");
+function detectFramework() {
+    try {
+        // Check for Next.js
+        if (typeof process !== 'undefined') {
+            if (process.env.NEXT_RUNTIME || process.env.__NEXT_PRIVATE_ORIGIN) {
+                return 'nextjs';
+            }
+        }
+        // Check for Express (most common)
+        try {
+            require.resolve('express');
+            return 'express';
+        }
+        catch {
+            /* not available */
+        }
+        // Check for Fastify
+        try {
+            require.resolve('fastify');
+            return 'fastify';
+        }
+        catch {
+            /* not available */
+        }
+        // Check for Hono
+        try {
+            require.resolve('hono');
+            return 'hono';
+        }
+        catch {
+            /* not available */
+        }
+    }
+    catch {
+        /* detection failed */
+    }
+    return 'unknown';
+}
+/* ─── Auto-detect app ID ─── */
+function autoAppId() {
+    try {
+        // Try to read from nearest package.json
+        const pkg = require(process.cwd() + '/package.json');
+        if (pkg.name)
+            return pkg.name;
+    }
+    catch {
+        /* no package.json */
+    }
+    return `app-${Date.now().toString(36)}`;
+}
+/* ─── Quick start factory ─── */
+let _instance = null;
+function init(config) {
+    const framework = detectFramework();
+    const appId = config.appId ?? autoAppId();
+    const isStrict = config.privacy === 'strict';
+    const fullConfig = {
+        apiKey: config.apiKey,
+        appId,
+        environment: config.environment ?? process.env.NODE_ENV ?? 'production',
+        debug: config.debug ?? false,
+        endpoint: config.endpoint,
+        // In strict privacy mode, hash IPs before sending
+        enrichment: isStrict
+            ? {
+                getIP: (req) => {
+                    const r = req;
+                    const raw = r.ip ?? r.socket?.remoteAddress ?? 'unknown';
+                    // SHA-256 hash for privacy
+                    const crypto = require('crypto');
+                    return crypto
+                        .createHash('sha256')
+                        .update(raw)
+                        .digest('hex')
+                        .slice(0, 16);
+                },
+            }
+            : undefined,
+    };
+    _instance = new devfortress_1.DevFortress(fullConfig);
+    if (config.debug) {
+        console.log(`[DF →] DevFortress initialized (framework: ${framework}, privacy: ${config.privacy ?? 'standard'}, appId: ${appId})`);
+    }
+    return _instance;
+}
+function getInstance() {
+    return _instance;
+}
+/** Data snapshot for privacy transparency — shows what would be sent */
+function getDataSnapshot(req) {
+    const r = req;
+    return {
+        collected: {
+            ip: typeof r.ip === 'string' ? r.ip : 'from socket',
+            method: String(r.method ?? 'unknown'),
+            path: String(r.url ?? r.path ?? 'unknown'),
+            statusCode: 'after response',
+            responseTime: 'measured automatically',
+            timestamp: new Date().toISOString(),
+            userAgent: 'first 200 chars only',
+        },
+        neverCollected: [
+            'Request body content',
+            'Response body content',
+            'Cookies or session data',
+            'Authorization headers',
+            'Real session tokens (anonymised via proprietary mechanism)',
+            'Query string values',
+            'Form data',
+            'File uploads',
+            'Database queries',
+            'Environment variables',
+            'Source code',
+            'User PII (names, emails, phone numbers)',
+        ],
+    };
+}
+exports.default = { init, getInstance, getDataSnapshot };