hackmyagent 0.7.2 → 0.8.0

package/dist/arp/proxy/forward.js

@@ -0,0 +1,152 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.bufferBody = bufferBody;
+exports.forwardRequest = forwardRequest;
+exports.sendResponse = sendResponse;
+exports.sendError = sendError;
+const http = __importStar(require("http"));
+const https = __importStar(require("https"));
+const url_1 = require("url");
+/** Maximum request/response body size (10 MB) */
+const MAX_BODY_BYTES = 10 * 1024 * 1024;
+/**
+ * Buffer the full request body from an IncomingMessage.
+ * Rejects with 413 if body exceeds MAX_BODY_BYTES.
+ */
+function bufferBody(req) {
+    return new Promise((resolve, reject) => {
+        const chunks = [];
+        let totalBytes = 0;
+        req.on('data', (chunk) => {
+            totalBytes += chunk.length;
+            if (totalBytes > MAX_BODY_BYTES) {
+                req.destroy();
+                reject(new Error('Request body too large'));
+                return;
+            }
+            chunks.push(chunk);
+        });
+        req.on('end', () => resolve(Buffer.concat(chunks)));
+        req.on('error', reject);
+    });
+}
+/**
+ * Forward an HTTP request to an upstream target and pipe the response back.
+ * Returns the upstream response and its body buffer (for inspection).
+ */
+function forwardRequest(upstream, req, body, originalPath) {
+    return new Promise((resolve, reject) => {
+        const target = new url_1.URL(originalPath, upstream);
+        const isHttps = target.protocol === 'https:';
+        const mod = isHttps ? https : http;
+        const options = {
+            hostname: target.hostname,
+            port: target.port || (isHttps ? 443 : 80),
+            path: target.pathname + target.search,
+            method: req.method,
+            headers: copyHeaders(req.headers, target.hostname),
+            timeout: 30000,
+        };
+        const proxyReq = mod.request(options, (proxyRes) => {
+            const chunks = [];
+            let totalBytes = 0;
+            proxyRes.on('data', (chunk) => {
+                totalBytes += chunk.length;
+                if (totalBytes > MAX_BODY_BYTES) {
+                    proxyRes.destroy();
+                    reject(new Error('Upstream response too large'));
+                    return;
+                }
+                chunks.push(chunk);
+            });
+            proxyRes.on('end', () => {
+                resolve({
+                    response: proxyRes,
+                    body: Buffer.concat(chunks),
+                });
+            });
+            proxyRes.on('error', reject);
+        });
+        proxyReq.on('error', reject);
+        proxyReq.on('timeout', () => {
+            proxyReq.destroy();
+            reject(new Error('Upstream request timed out'));
+        });
+        if (body.length > 0) {
+            proxyReq.write(body);
+        }
+        proxyReq.end();
+    });
+}
+/**
+ * Copy headers from source to a plain object, updating Host header.
+ */
+function copyHeaders(source, targetHost) {
+    const headers = {};
+    for (const [key, value] of Object.entries(source)) {
+        if (key.toLowerCase() === 'host') {
+            headers[key] = targetHost;
+        }
+        else if (key.toLowerCase() !== 'connection') {
+            headers[key] = value;
+        }
+    }
+    return headers;
+}
+/**
+ * Write headers and body to the client response.
+ */
+function sendResponse(res, statusCode, headers, body) {
+    for (const [key, value] of Object.entries(headers)) {
+        if (value !== undefined && key.toLowerCase() !== 'transfer-encoding') {
+            res.setHeader(key, value);
+        }
+    }
+    res.writeHead(statusCode);
+    res.end(body);
+}
+/**
+ * Send an error response as JSON.
+ */
+function sendError(res, statusCode, message) {
+    const body = JSON.stringify({ error: message });
+    res.writeHead(statusCode, {
+        'content-type': 'application/json',
+        'content-length': Buffer.byteLength(body),
+    });
+    res.end(body);
+}
+//# sourceMappingURL=forward.js.map

package/dist/arp/proxy/forward.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"forward.js","sourceRoot":"","sources":["../../../src/arp/proxy/forward.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAWA,gCAgBC;AAMD,wCAoDC;AAyBD,oCAaC;AAKD,8BAWC;AA3ID,2CAA6B;AAC7B,6CAA+B;AAC/B,6BAA0B;AAE1B,iDAAiD;AACjD,MAAM,cAAc,GAAG,EAAE,GAAG,IAAI,GAAG,IAAI,CAAC;AAExC;;;GAGG;AACH,SAAgB,UAAU,CAAC,GAAyB;IAClD,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,MAAM,MAAM,GAAa,EAAE,CAAC;QAC5B,IAAI,UAAU,GAAG,CAAC,CAAC;QACnB,GAAG,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;YAC/B,UAAU,IAAI,KAAK,CAAC,MAAM,CAAC;YAC3B,IAAI,UAAU,GAAG,cAAc,EAAE,CAAC;gBAChC,GAAG,CAAC,OAAO,EAAE,CAAC;gBACd,MAAM,CAAC,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC,CAAC;gBAC5C,OAAO;YACT,CAAC;YACD,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACrB,CAAC,CAAC,CAAC;QACH,GAAG,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;QACpD,GAAG,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAC1B,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;;GAGG;AACH,SAAgB,cAAc,CAC5B,QAAgB,EAChB,GAAyB,EACzB,IAAY,EACZ,YAAoB;IAEpB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,MAAM,MAAM,GAAG,IAAI,SAAG,CAAC,YAAY,EAAE,QAAQ,CAAC,CAAC;QAC/C,MAAM,OAAO,GAAG,MAAM,CAAC,QAAQ,KAAK,QAAQ,CAAC;QAC7C,MAAM,GAAG,GAAG,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC;QAEnC,MAAM,OAAO,GAAwB;YACnC,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,IAAI,EAAE,MAAM,CAAC,IAAI,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;YACzC,IAAI,EAAE,MAAM,CAAC,QAAQ,GAAG,MAAM,CAAC,MAAM;YACrC,MAAM,EAAE,GAAG,CAAC,MAAM;YAClB,OAAO,EAAE,WAAW,CAAC,GAAG,CAAC,OAAO,EAAE,MAAM,CAAC,QAAQ,CAAC;YAClD,OAAO,EAAE,KAAK;SACf,CAAC;QAEF,MAAM,QAAQ,GAAG,GAAG,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE,EAAE;YACjD,MAAM,MAAM,GAAa,EAAE,CAAC;YAC5B,IAAI,UAAU,GAAG,CAAC,CAAC;YACnB,QAAQ,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;gBACpC,UAAU,IAAI,KAAK,CAAC,MAAM,CAAC;gBAC3B,IAAI,UAAU,GAAG,cAAc,EAAE,CAAC;oBAChC,QAAQ,CAAC,OAAO,EAAE,CAAC;oBACnB,MAAM,CAAC,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC,CAAC;oBACjD,OAAO;gBACT,CAAC;gBACD,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YACrB,CAAC,CAAC,CAAC;YACH,QAAQ,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE;gBACtB,OAAO,CAAC;oBACN,QAAQ,EAAE,QAAQ;oBAClB,IAAI,EAAE,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC;iBAC5B,CAAC,CAAC;YACL,CAAC,CAAC,CAAC;YACH,QAAQ,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QAC/B,CAAC,CAAC,CAAC;QAEH,QAAQ,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QAC7B,QAAQ,CAAC,EAAE,CAAC,SAAS,EAAE,GAAG,EAAE;YAC1B,QAAQ,CAAC,OAAO,EAAE,CAAC;YACnB,MAAM,CAAC,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC,CAAC;QAClD,CAAC,CAAC,CAAC;QAEH,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACpB,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QACvB,CAAC;QACD,QAAQ,CAAC,GAAG,EAAE,CAAC;IACjB,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;GAEG;AACH,SAAS,WAAW,CAClB,MAAgC,EAChC,UAAkB;IAElB,MAAM,OAAO,GAA6B,EAAE,CAAC;IAE7C,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;QAClD,IAAI,GAAG,CAAC,WAAW,EAAE,KAAK,MAAM,EAAE,CAAC;YACjC,OAAO,CAAC,GAAG,CAAC,GAAG,UAAU,CAAC;QAC5B,CAAC;aAAM,IAAI,GAAG,CAAC,WAAW,EAAE,KAAK,YAAY,EAAE,CAAC;YAC9C,OAAO,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;QACvB,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;GAEG;AACH,SAAgB,YAAY,CAC1B,GAAwB,EACxB,UAAkB,EAClB,OAAiC,EACjC,IAAY;IAEZ,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QACnD,IAAI,KAAK,KAAK,SAAS,IAAI,GAAG,CAAC,WAAW,EAAE,KAAK,mBAAmB,EAAE,CAAC;YACrE,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;QAC5B,CAAC;IACH,CAAC;IACD,GAAG,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;IAC1B,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;AAChB,CAAC;AAED;;GAEG;AACH,SAAgB,SAAS,CACvB,GAAwB,EACxB,UAAkB,EAClB,OAAe;IAEf,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC,CAAC;IAChD,GAAG,CAAC,SAAS,CAAC,UAAU,EAAE;QACxB,cAAc,EAAE,kBAAkB;QAClC,gBAAgB,EAAE,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC;KAC1C,CAAC,CAAC;IACH,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;AAChB,CAAC"}

package/dist/arp/proxy/server.d.ts

@@ -0,0 +1,45 @@
+import type { ProxyConfig } from '../types';
+import type { EventEngine } from '../engine/event-engine';
+import type { PromptInterceptor } from '../interceptors/prompt';
+import type { MCPProtocolInterceptor } from '../interceptors/mcp-protocol';
+import type { A2AProtocolInterceptor } from '../interceptors/a2a-protocol';
+export interface ARPProxyDeps {
+    engine: EventEngine;
+    promptInterceptor?: PromptInterceptor;
+    mcpInterceptor?: MCPProtocolInterceptor;
+    a2aInterceptor?: A2AProtocolInterceptor;
+}
+/**
+ * ARP HTTP Reverse Proxy — sits between clients and upstream AI services,
+ * inspecting requests and responses for AI-layer threats.
+ *
+ * Zero external dependencies (uses Node.js built-in http module).
+ * Alert-only by default; optional blockOnDetection mode.
+ */
+export declare class ARPProxy {
+    private readonly config;
+    private readonly deps;
+    private server;
+    constructor(config: ProxyConfig, deps: ARPProxyDeps);
+    start(): Promise<void>;
+    stop(): Promise<void>;
+    getPort(): number;
+    private handleRequest;
+    private findUpstream;
+    /**
+     * Inspect inbound request based on upstream protocol type.
+     * Returns true if a threat was detected.
+     */
+    private inspectRequest;
+    /**
+     * Inspect outbound response based on upstream protocol type.
+     */
+    private inspectResponse;
+    private inspectOpenAIRequest;
+    private inspectOpenAIResponse;
+    private inspectMCPRequest;
+    private inspectMCPResponse;
+    private inspectA2AResponse;
+    private inspectA2ARequest;
+}
+//# sourceMappingURL=server.d.ts.map

package/dist/arp/proxy/server.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../../src/arp/proxy/server.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,WAAW,EAA2B,MAAM,UAAU,CAAC;AACrE,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAC;AAChE,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,8BAA8B,CAAC;AAC3E,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,8BAA8B,CAAC;AAI3E,MAAM,WAAW,YAAY;IAC3B,MAAM,EAAE,WAAW,CAAC;IACpB,iBAAiB,CAAC,EAAE,iBAAiB,CAAC;IACtC,cAAc,CAAC,EAAE,sBAAsB,CAAC;IACxC,cAAc,CAAC,EAAE,sBAAsB,CAAC;CACzC;AAED;;;;;;GAMG;AACH,qBAAa,QAAQ;IACnB,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAc;IACrC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAe;IACpC,OAAO,CAAC,MAAM,CAA4B;gBAE9B,MAAM,EAAE,WAAW,EAAE,IAAI,EAAE,YAAY;IAK7C,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAmBtB,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;IAU3B,OAAO,IAAI,MAAM;YAIH,aAAa;IAsD3B,OAAO,CAAC,YAAY;IAQpB;;;OAGG;YACW,cAAc;IA8B5B;;OAEG;YACW,eAAe;IA+B7B,OAAO,CAAC,oBAAoB;IAqB5B,OAAO,CAAC,qBAAqB;IAsB7B,OAAO,CAAC,iBAAiB;IAsBzB,OAAO,CAAC,kBAAkB;IA8B1B,OAAO,CAAC,kBAAkB;IAmB1B,OAAO,CAAC,iBAAiB;CAoC1B"}

package/dist/arp/proxy/server.js

@@ -0,0 +1,331 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ARPProxy = void 0;
+const http = __importStar(require("http"));
+const forward_1 = require("./forward");
+const license_1 = require("../license");
+/**
+ * ARP HTTP Reverse Proxy — sits between clients and upstream AI services,
+ * inspecting requests and responses for AI-layer threats.
+ *
+ * Zero external dependencies (uses Node.js built-in http module).
+ * Alert-only by default; optional blockOnDetection mode.
+ */
+class ARPProxy {
+    constructor(config, deps) {
+        this.server = null;
+        this.config = config;
+        this.deps = deps;
+    }
+    async start() {
+        return new Promise((resolve) => {
+            this.server = http.createServer((req, res) => {
+                this.handleRequest(req, res).catch((err) => {
+                    const message = err instanceof Error ? err.message : String(err);
+                    const statusCode = message === 'Request body too large' ? 413 : 502;
+                    const clientMessage = message === 'Request body too large'
+                        ? 'Request body too large'
+                        : 'Bad gateway';
+                    (0, forward_1.sendError)(res, statusCode, clientMessage);
+                });
+            });
+            this.server.listen(this.config.port, () => {
+                resolve();
+            });
+        });
+    }
+    async stop() {
+        return new Promise((resolve) => {
+            if (this.server) {
+                this.server.close(() => resolve());
+            }
+            else {
+                resolve();
+            }
+        });
+    }
+    getPort() {
+        return this.config.port;
+    }
+    async handleRequest(req, res) {
+        const url = req.url ?? '/';
+        // Find matching upstream
+        const upstream = this.findUpstream(url);
+        if (!upstream) {
+            (0, forward_1.sendError)(res, 404, 'Not found');
+            return;
+        }
+        // Buffer the request body
+        const body = await (0, forward_1.bufferBody)(req);
+        const bodyStr = body.length > 0 ? body.toString('utf-8') : '';
+        // Pre-flight inspection (scan request)
+        const blocked = await this.inspectRequest(upstream, bodyStr, url);
+        if (blocked && this.config.blockOnDetection) {
+            // Blocking mode is a premium feature
+            const canBlock = await (0, license_1.hasFeature)(license_1.PREMIUM_FEATURES.BLOCKING_MODE);
+            if (canBlock) {
+                (0, forward_1.sendError)(res, 403, 'Request blocked by ARP: threat detected');
+                return;
+            }
+            // Community edition: alert only, request passes through
+        }
+        // Strip the pathPrefix from the URL before forwarding
+        let forwardPath = url.startsWith(upstream.pathPrefix)
+            ? url.slice(upstream.pathPrefix.length) || '/'
+            : url;
+        // Validate forward path is relative (prevent SSRF via absolute URL in path)
+        if (!forwardPath.startsWith('/')) {
+            forwardPath = '/' + forwardPath;
+        }
+        if (/^\/\/|^\/[a-zA-Z]+:/.test(forwardPath)) {
+            (0, forward_1.sendError)(res, 400, 'Bad request');
+            return;
+        }
+        // Forward to upstream
+        const result = await (0, forward_1.forwardRequest)(upstream.target, req, body, forwardPath);
+        // Post-flight inspection (scan response)
+        const responseStr = result.body.toString('utf-8');
+        await this.inspectResponse(upstream, responseStr);
+        // Send response back to client
+        (0, forward_1.sendResponse)(res, result.response.statusCode ?? 200, result.response.headers, result.body);
+    }
+    findUpstream(url) {
+        // Sort by prefix length (longest match first)
+        const sorted = [...this.config.upstreams].sort((a, b) => b.pathPrefix.length - a.pathPrefix.length);
+        return sorted.find((u) => url.startsWith(u.pathPrefix));
+    }
+    /**
+     * Inspect inbound request based on upstream protocol type.
+     * Returns true if a threat was detected.
+     */
+    async inspectRequest(upstream, bodyStr, _url) {
+        if (!bodyStr)
+            return false;
+        let detected = false;
+        switch (upstream.protocol) {
+            case 'openai-api': {
+                detected = this.inspectOpenAIRequest(bodyStr);
+                break;
+            }
+            case 'mcp-http': {
+                detected = this.inspectMCPRequest(bodyStr);
+                break;
+            }
+            case 'a2a': {
+                detected = this.inspectA2ARequest(bodyStr);
+                break;
+            }
+            case 'passthrough':
+            default:
+                break;
+        }
+        return detected;
+    }
+    /**
+     * Inspect outbound response based on upstream protocol type.
+     */
+    async inspectResponse(upstream, bodyStr) {
+        if (!bodyStr)
+            return false;
+        let detected = false;
+        switch (upstream.protocol) {
+            case 'openai-api': {
+                detected = this.inspectOpenAIResponse(bodyStr);
+                break;
+            }
+            case 'mcp-http': {
+                detected = this.inspectMCPResponse(bodyStr);
+                break;
+            }
+            case 'a2a': {
+                detected = this.inspectA2AResponse(bodyStr);
+                break;
+            }
+            case 'passthrough':
+            default:
+                break;
+        }
+        return detected;
+    }
+    // --- Protocol-specific inspectors ---
+    inspectOpenAIRequest(bodyStr) {
+        if (!this.deps.promptInterceptor)
+            return false;
+        try {
+            const parsed = JSON.parse(bodyStr);
+            const messages = parsed.messages;
+            if (!Array.isArray(messages))
+                return false;
+            let detected = false;
+            for (const msg of messages) {
+                if (msg.role === 'user' && typeof msg.content === 'string') {
+                    const result = this.deps.promptInterceptor.scanInput(msg.content);
+                    if (result.detected)
+                        detected = true;
+                }
+            }
+            return detected;
+        }
+        catch {
+            return false;
+        }
+    }
+    inspectOpenAIResponse(bodyStr) {
+        if (!this.deps.promptInterceptor)
+            return false;
+        try {
+            const parsed = JSON.parse(bodyStr);
+            const choices = parsed.choices;
+            if (!Array.isArray(choices))
+                return false;
+            let detected = false;
+            for (const choice of choices) {
+                const content = choice.message?.content;
+                if (typeof content === 'string') {
+                    const result = this.deps.promptInterceptor.scanOutput(content);
+                    if (result.detected)
+                        detected = true;
+                }
+            }
+            return detected;
+        }
+        catch {
+            return false;
+        }
+    }
+    inspectMCPRequest(bodyStr) {
+        if (!this.deps.mcpInterceptor)
+            return false;
+        try {
+            const parsed = JSON.parse(bodyStr);
+            // JSON-RPC format: { method: "tools/call", params: { name: "...", arguments: {...} } }
+            if (parsed.method === 'tools/call' && parsed.params) {
+                const toolName = parsed.params.name;
+                const args = parsed.params.arguments ?? {};
+                if (typeof toolName === 'string') {
+                    const result = this.deps.mcpInterceptor.scanToolCall(toolName, args);
+                    return result.detected;
+                }
+            }
+            return false;
+        }
+        catch {
+            return false;
+        }
+    }
+    inspectMCPResponse(bodyStr) {
+        if (!this.deps.promptInterceptor)
+            return false;
+        try {
+            const parsed = JSON.parse(bodyStr);
+            // JSON-RPC result: { result: { content: [{ type: "text", text: "..." }] } }
+            if (parsed.result?.content && Array.isArray(parsed.result.content)) {
+                let detected = false;
+                for (const part of parsed.result.content) {
+                    if (part.type === 'text' && typeof part.text === 'string') {
+                        const result = this.deps.promptInterceptor.scanOutput(part.text);
+                        if (result.detected)
+                            detected = true;
+                    }
+                }
+                return detected;
+            }
+            // JSON-RPC error: { error: { message: "..." } }
+            if (parsed.error?.message && typeof parsed.error.message === 'string') {
+                const result = this.deps.promptInterceptor.scanOutput(parsed.error.message);
+                return result.detected;
+            }
+            return false;
+        }
+        catch {
+            return false;
+        }
+    }
+    inspectA2AResponse(bodyStr) {
+        if (!this.deps.promptInterceptor)
+            return false;
+        try {
+            const parsed = JSON.parse(bodyStr);
+            // A2A response: { content: "..." } or { message: "..." }
+            const content = parsed.content ?? parsed.message ?? '';
+            if (typeof content === 'string' && content) {
+                const result = this.deps.promptInterceptor.scanOutput(content);
+                return result.detected;
+            }
+            return false;
+        }
+        catch {
+            return false;
+        }
+    }
+    inspectA2ARequest(bodyStr) {
+        if (!this.deps.a2aInterceptor)
+            return false;
+        try {
+            const parsed = JSON.parse(bodyStr);
+            // A2A JSON-RPC: { method: "tasks/send", params: { ... } }
+            // Or direct message format: { from: "...", to: "...", content: "..." }
+            const from = parsed.from ?? parsed.params?.from ?? 'unknown';
+            const to = parsed.to ?? parsed.params?.to ?? 'unknown';
+            // Extract content from various A2A message formats
+            let content = '';
+            if (typeof parsed.content === 'string') {
+                content = parsed.content;
+            }
+            else if (parsed.params?.message?.parts) {
+                // A2A protocol message parts
+                for (const part of parsed.params.message.parts) {
+                    if (part.type === 'text' && typeof part.text === 'string') {
+                        content += part.text + '\n';
+                    }
+                }
+            }
+            else if (typeof parsed.params?.content === 'string') {
+                content = parsed.params.content;
+            }
+            if (content) {
+                const result = this.deps.a2aInterceptor.scanMessage(from, to, content);
+                return result.detected;
+            }
+            return false;
+        }
+        catch {
+            return false;
+        }
+    }
+}
+exports.ARPProxy = ARPProxy;
+//# sourceMappingURL=server.js.map

package/dist/arp/proxy/server.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"server.js","sourceRoot":"","sources":["../../../src/arp/proxy/server.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,2CAA6B;AAM7B,uCAAgF;AAChF,wCAA0D;AAS1D;;;;;;GAMG;AACH,MAAa,QAAQ;IAKnB,YAAY,MAAmB,EAAE,IAAkB;QAF3C,WAAM,GAAuB,IAAI,CAAC;QAGxC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;IACnB,CAAC;IAED,KAAK,CAAC,KAAK;QACT,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;YAC7B,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,YAAY,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;gBAC3C,IAAI,CAAC,aAAa,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;oBACzC,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;oBACjE,MAAM,UAAU,GAAG,OAAO,KAAK,wBAAwB,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;oBACpE,MAAM,aAAa,GAAG,OAAO,KAAK,wBAAwB;wBACxD,CAAC,CAAC,wBAAwB;wBAC1B,CAAC,CAAC,aAAa,CAAC;oBAClB,IAAA,mBAAS,EAAC,GAAG,EAAE,UAAU,EAAE,aAAa,CAAC,CAAC;gBAC5C,CAAC,CAAC,CAAC;YACL,CAAC,CAAC,CAAC;YAEH,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,GAAG,EAAE;gBACxC,OAAO,EAAE,CAAC;YACZ,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,IAAI;QACR,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;YAC7B,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;gBAChB,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,OAAO,EAAE,CAAC,CAAC;YACrC,CAAC;iBAAM,CAAC;gBACN,OAAO,EAAE,CAAC;YACZ,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAED,OAAO;QACL,OAAO,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC;IAC1B,CAAC;IAEO,KAAK,CAAC,aAAa,CACzB,GAAyB,EACzB,GAAwB;QAExB,MAAM,GAAG,GAAG,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC;QAE3B,yBAAyB;QACzB,MAAM,QAAQ,GAAG,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC;QACxC,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,IAAA,mBAAS,EAAC,GAAG,EAAE,GAAG,EAAE,WAAW,CAAC,CAAC;YACjC,OAAO;QACT,CAAC;QAED,0BAA0B;QAC1B,MAAM,IAAI,GAAG,MAAM,IAAA,oBAAU,EAAC,GAAG,CAAC,CAAC;QACnC,MAAM,OAAO,GAAG,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QAE9D,uCAAuC;QACvC,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,QAAQ,EAAE,OAAO,EAAE,GAAG,CAAC,CAAC;QAClE,IAAI,OAAO,IAAI,IAAI,CAAC,MAAM,CAAC,gBAAgB,EAAE,CAAC;YAC5C,qCAAqC;YACrC,MAAM,QAAQ,GAAG,MAAM,IAAA,oBAAU,EAAC,0BAAgB,CAAC,aAAa,CAAC,CAAC;YAClE,IAAI,QAAQ,EAAE,CAAC;gBACb,IAAA,mBAAS,EAAC,GAAG,EAAE,GAAG,EAAE,yCAAyC,CAAC,CAAC;gBAC/D,OAAO;YACT,CAAC;YACD,wDAAwD;QAC1D,CAAC;QAED,sDAAsD;QACtD,IAAI,WAAW,GAAG,GAAG,CAAC,UAAU,CAAC,QAAQ,CAAC,UAAU,CAAC;YACnD,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,QAAQ,CAAC,UAAU,CAAC,MAAM,CAAC,IAAI,GAAG;YAC9C,CAAC,CAAC,GAAG,CAAC;QAER,4EAA4E;QAC5E,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YACjC,WAAW,GAAG,GAAG,GAAG,WAAW,CAAC;QAClC,CAAC;QACD,IAAI,qBAAqB,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;YAC5C,IAAA,mBAAS,EAAC,GAAG,EAAE,GAAG,EAAE,aAAa,CAAC,CAAC;YACnC,OAAO;QACT,CAAC;QAED,sBAAsB;QACtB,MAAM,MAAM,GAAG,MAAM,IAAA,wBAAc,EAAC,QAAQ,CAAC,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,WAAW,CAAC,CAAC;QAE7E,yCAAyC;QACzC,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QAClD,MAAM,IAAI,CAAC,eAAe,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC;QAElD,+BAA+B;QAC/B,IAAA,sBAAY,EAAC,GAAG,EAAE,MAAM,CAAC,QAAQ,CAAC,UAAU,IAAI,GAAG,EAAE,MAAM,CAAC,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC;IAC7F,CAAC;IAEO,YAAY,CAAC,GAAW;QAC9B,8CAA8C;QAC9C,MAAM,MAAM,GAAG,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,IAAI,CAC5C,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC,UAAU,CAAC,MAAM,CACpD,CAAC;QACF,OAAO,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC;IAC1D,CAAC;IAED;;;OAGG;IACK,KAAK,CAAC,cAAc,CAC1B,QAAuB,EACvB,OAAe,EACf,IAAY;QAEZ,IAAI,CAAC,OAAO;YAAE,OAAO,KAAK,CAAC;QAE3B,IAAI,QAAQ,GAAG,KAAK,CAAC;QAErB,QAAQ,QAAQ,CAAC,QAAQ,EAAE,CAAC;YAC1B,KAAK,YAAY,CAAC,CAAC,CAAC;gBAClB,QAAQ,GAAG,IAAI,CAAC,oBAAoB,CAAC,OAAO,CAAC,CAAC;gBAC9C,MAAM;YACR,CAAC;YACD,KAAK,UAAU,CAAC,CAAC,CAAC;gBAChB,QAAQ,GAAG,IAAI,CAAC,iBAAiB,CAAC,OAAO,CAAC,CAAC;gBAC3C,MAAM;YACR,CAAC;YACD,KAAK,KAAK,CAAC,CAAC,CAAC;gBACX,QAAQ,GAAG,IAAI,CAAC,iBAAiB,CAAC,OAAO,CAAC,CAAC;gBAC3C,MAAM;YACR,CAAC;YACD,KAAK,aAAa,CAAC;YACnB;gBACE,MAAM;QACV,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,eAAe,CAC3B,QAAuB,EACvB,OAAe;QAEf,IAAI,CAAC,OAAO;YAAE,OAAO,KAAK,CAAC;QAE3B,IAAI,QAAQ,GAAG,KAAK,CAAC;QAErB,QAAQ,QAAQ,CAAC,QAAQ,EAAE,CAAC;YAC1B,KAAK,YAAY,CAAC,CAAC,CAAC;gBAClB,QAAQ,GAAG,IAAI,CAAC,qBAAqB,CAAC,OAAO,CAAC,CAAC;gBAC/C,MAAM;YACR,CAAC;YACD,KAAK,UAAU,CAAC,CAAC,CAAC;gBAChB,QAAQ,GAAG,IAAI,CAAC,kBAAkB,CAAC,OAAO,CAAC,CAAC;gBAC5C,MAAM;YACR,CAAC;YACD,KAAK,KAAK,CAAC,CAAC,CAAC;gBACX,QAAQ,GAAG,IAAI,CAAC,kBAAkB,CAAC,OAAO,CAAC,CAAC;gBAC5C,MAAM;YACR,CAAC;YACD,KAAK,aAAa,CAAC;YACnB;gBACE,MAAM;QACV,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,uCAAuC;IAE/B,oBAAoB,CAAC,OAAe;QAC1C,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,iBAAiB;YAAE,OAAO,KAAK,CAAC;QAE/C,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YACnC,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC;YACjC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC;gBAAE,OAAO,KAAK,CAAC;YAE3C,IAAI,QAAQ,GAAG,KAAK,CAAC;YACrB,KAAK,MAAM,GAAG,IAAI,QAAQ,EAAE,CAAC;gBAC3B,IAAI,GAAG,CAAC,IAAI,KAAK,MAAM,IAAI,OAAO,GAAG,CAAC,OAAO,KAAK,QAAQ,EAAE,CAAC;oBAC3D,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,iBAAiB,CAAC,SAAS,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;oBAClE,IAAI,MAAM,CAAC,QAAQ;wBAAE,QAAQ,GAAG,IAAI,CAAC;gBACvC,CAAC;YACH,CAAC;YACD,OAAO,QAAQ,CAAC;QAClB,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAEO,qBAAqB,CAAC,OAAe;QAC3C,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,iBAAiB;YAAE,OAAO,KAAK,CAAC;QAE/C,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YACnC,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC;YAC/B,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC;gBAAE,OAAO,KAAK,CAAC;YAE1C,IAAI,QAAQ,GAAG,KAAK,CAAC;YACrB,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;gBAC7B,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,EAAE,OAAO,CAAC;gBACxC,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE,CAAC;oBAChC,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,iBAAiB,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;oBAC/D,IAAI,MAAM,CAAC,QAAQ;wBAAE,QAAQ,GAAG,IAAI,CAAC;gBACvC,CAAC;YACH,CAAC;YACD,OAAO,QAAQ,CAAC;QAClB,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAEO,iBAAiB,CAAC,OAAe;QACvC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,cAAc;YAAE,OAAO,KAAK,CAAC;QAE5C,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YAEnC,uFAAuF;YACvF,IAAI,MAAM,CAAC,MAAM,KAAK,YAAY,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;gBACpD,MAAM,QAAQ,GAAG,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC;gBACpC,MAAM,IAAI,GAAG,MAAM,CAAC,MAAM,CAAC,SAAS,IAAI,EAAE,CAAC;gBAC3C,IAAI,OAAO,QAAQ,KAAK,QAAQ,EAAE,CAAC;oBACjC,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,YAAY,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;oBACrE,OAAO,MAAM,CAAC,QAAQ,CAAC;gBACzB,CAAC;YACH,CAAC;YAED,OAAO,KAAK,CAAC;QACf,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAEO,kBAAkB,CAAC,OAAe;QACxC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,iBAAiB;YAAE,OAAO,KAAK,CAAC;QAE/C,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YAEnC,4EAA4E;YAC5E,IAAI,MAAM,CAAC,MAAM,EAAE,OAAO,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC;gBACnE,IAAI,QAAQ,GAAG,KAAK,CAAC;gBACrB,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;oBACzC,IAAI,IAAI,CAAC,IAAI,KAAK,MAAM,IAAI,OAAO,IAAI,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;wBAC1D,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,iBAAiB,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;wBACjE,IAAI,MAAM,CAAC,QAAQ;4BAAE,QAAQ,GAAG,IAAI,CAAC;oBACvC,CAAC;gBACH,CAAC;gBACD,OAAO,QAAQ,CAAC;YAClB,CAAC;YAED,gDAAgD;YAChD,IAAI,MAAM,CAAC,KAAK,EAAE,OAAO,IAAI,OAAO,MAAM,CAAC,KAAK,CAAC,OAAO,KAAK,QAAQ,EAAE,CAAC;gBACtE,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,iBAAiB,CAAC,UAAU,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;gBAC5E,OAAO,MAAM,CAAC,QAAQ,CAAC;YACzB,CAAC;YAED,OAAO,KAAK,CAAC;QACf,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAEO,kBAAkB,CAAC,OAAe;QACxC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,iBAAiB;YAAE,OAAO,KAAK,CAAC;QAE/C,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YAEnC,yDAAyD;YACzD,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,IAAI,MAAM,CAAC,OAAO,IAAI,EAAE,CAAC;YACvD,IAAI,OAAO,OAAO,KAAK,QAAQ,IAAI,OAAO,EAAE,CAAC;gBAC3C,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,iBAAiB,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;gBAC/D,OAAO,MAAM,CAAC,QAAQ,CAAC;YACzB,CAAC;YAED,OAAO,KAAK,CAAC;QACf,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAEO,iBAAiB,CAAC,OAAe;QACvC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,cAAc;YAAE,OAAO,KAAK,CAAC;QAE5C,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YAEnC,0DAA0D;YAC1D,uEAAuE;YACvE,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,IAAI,MAAM,CAAC,MAAM,EAAE,IAAI,IAAI,SAAS,CAAC;YAC7D,MAAM,EAAE,GAAG,MAAM,CAAC,EAAE,IAAI,MAAM,CAAC,MAAM,EAAE,EAAE,IAAI,SAAS,CAAC;YAEvD,mDAAmD;YACnD,IAAI,OAAO,GAAG,EAAE,CAAC;YACjB,IAAI,OAAO,MAAM,CAAC,OAAO,KAAK,QAAQ,EAAE,CAAC;gBACvC,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC;YAC3B,CAAC;iBAAM,IAAI,MAAM,CAAC,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;gBACzC,6BAA6B;gBAC7B,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;oBAC/C,IAAI,IAAI,CAAC,IAAI,KAAK,MAAM,IAAI,OAAO,IAAI,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;wBAC1D,OAAO,IAAI,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;oBAC9B,CAAC;gBACH,CAAC;YACH,CAAC;iBAAM,IAAI,OAAO,MAAM,CAAC,MAAM,EAAE,OAAO,KAAK,QAAQ,EAAE,CAAC;gBACtD,OAAO,GAAG,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC;YAClC,CAAC;YAED,IAAI,OAAO,EAAE,CAAC;gBACZ,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,WAAW,CAAC,IAAI,EAAE,EAAE,EAAE,OAAO,CAAC,CAAC;gBACvE,OAAO,MAAM,CAAC,QAAQ,CAAC;YACzB,CAAC;YAED,OAAO,KAAK,CAAC;QACf,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;CACF;AAnUD,4BAmUC"}

package/dist/arp/reporting/local-log.d.ts

@@ -0,0 +1,22 @@
+import type { ARPEvent, EnforcementResult } from '../types';
+/**
+ * Local JSONL logger — append-only event and enforcement logs.
+ * Follows the aim-core audit.jsonl pattern.
+ */
+export declare class LocalLogger {
+    private readonly dataDir;
+    constructor(dataDir: string);
+    /** Log an ARP event */
+    logEvent(event: ARPEvent): void;
+    /** Log an enforcement action */
+    logEnforcement(result: EnforcementResult): void;
+    /** Read recent events */
+    readEvents(limit?: number): ARPEvent[];
+    /** Read recent enforcement actions */
+    readEnforcements(limit?: number): EnforcementResult[];
+    /** Tail the event log (returns last N lines as JSON) */
+    tail(n?: number): ARPEvent[];
+    private appendLog;
+    private readLog;
+}
+//# sourceMappingURL=local-log.d.ts.map

package/dist/arp/reporting/local-log.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"local-log.d.ts","sourceRoot":"","sources":["../../../src/arp/reporting/local-log.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,QAAQ,EAAE,iBAAiB,EAAE,MAAM,UAAU,CAAC;AAM5D;;;GAGG;AACH,qBAAa,WAAW;IACtB,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAS;gBAErB,OAAO,EAAE,MAAM;IAK3B,uBAAuB;IACvB,QAAQ,CAAC,KAAK,EAAE,QAAQ,GAAG,IAAI;IAI/B,gCAAgC;IAChC,cAAc,CAAC,MAAM,EAAE,iBAAiB,GAAG,IAAI;IAc/C,yBAAyB;IACzB,UAAU,CAAC,KAAK,CAAC,EAAE,MAAM,GAAG,QAAQ,EAAE;IAItC,sCAAsC;IACtC,gBAAgB,CAAC,KAAK,CAAC,EAAE,MAAM,GAAG,iBAAiB,EAAE;IAIrD,wDAAwD;IACxD,IAAI,CAAC,CAAC,GAAE,MAAW,GAAG,QAAQ,EAAE;IAIhC,OAAO,CAAC,SAAS;IAkBjB,OAAO,CAAC,OAAO;CAiBhB"}