hackmyagent 0.7.2 → 0.8.1

package/dist/arp/proxy/server.js

@@ -0,0 +1,331 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ARPProxy = void 0;
+const http = __importStar(require("http"));
+const forward_1 = require("./forward");
+const license_1 = require("../license");
+/**
+ * ARP HTTP Reverse Proxy — sits between clients and upstream AI services,
+ * inspecting requests and responses for AI-layer threats.
+ *
+ * Zero external dependencies (uses Node.js built-in http module).
+ * Alert-only by default; optional blockOnDetection mode.
+ */
+class ARPProxy {
+    constructor(config, deps) {
+        this.server = null;
+        this.config = config;
+        this.deps = deps;
+    }
+    async start() {
+        return new Promise((resolve) => {
+            this.server = http.createServer((req, res) => {
+                this.handleRequest(req, res).catch((err) => {
+                    const message = err instanceof Error ? err.message : String(err);
+                    const statusCode = message === 'Request body too large' ? 413 : 502;
+                    const clientMessage = message === 'Request body too large'
+                        ? 'Request body too large'
+                        : 'Bad gateway';
+                    (0, forward_1.sendError)(res, statusCode, clientMessage);
+                });
+            });
+            this.server.listen(this.config.port, () => {
+                resolve();
+            });
+        });
+    }
+    async stop() {
+        return new Promise((resolve) => {
+            if (this.server) {
+                this.server.close(() => resolve());
+            }
+            else {
+                resolve();
+            }
+        });
+    }
+    getPort() {
+        return this.config.port;
+    }
+    async handleRequest(req, res) {
+        const url = req.url ?? '/';
+        // Find matching upstream
+        const upstream = this.findUpstream(url);
+        if (!upstream) {
+            (0, forward_1.sendError)(res, 404, 'Not found');
+            return;
+        }
+        // Buffer the request body
+        const body = await (0, forward_1.bufferBody)(req);
+        const bodyStr = body.length > 0 ? body.toString('utf-8') : '';
+        // Pre-flight inspection (scan request)
+        const blocked = await this.inspectRequest(upstream, bodyStr, url);
+        if (blocked && this.config.blockOnDetection) {
+            // Blocking mode is a premium feature
+            const canBlock = await (0, license_1.hasFeature)(license_1.PREMIUM_FEATURES.BLOCKING_MODE);
+            if (canBlock) {
+                (0, forward_1.sendError)(res, 403, 'Request blocked by ARP: threat detected');
+                return;
+            }
+            // Community edition: alert only, request passes through
+        }
+        // Strip the pathPrefix from the URL before forwarding
+        let forwardPath = url.startsWith(upstream.pathPrefix)
+            ? url.slice(upstream.pathPrefix.length) || '/'
+            : url;
+        // Validate forward path is relative (prevent SSRF via absolute URL in path)
+        if (!forwardPath.startsWith('/')) {
+            forwardPath = '/' + forwardPath;
+        }
+        if (/^\/\/|^\/[a-zA-Z]+:/.test(forwardPath)) {
+            (0, forward_1.sendError)(res, 400, 'Bad request');
+            return;
+        }
+        // Forward to upstream
+        const result = await (0, forward_1.forwardRequest)(upstream.target, req, body, forwardPath);
+        // Post-flight inspection (scan response)
+        const responseStr = result.body.toString('utf-8');
+        await this.inspectResponse(upstream, responseStr);
+        // Send response back to client
+        (0, forward_1.sendResponse)(res, result.response.statusCode ?? 200, result.response.headers, result.body);
+    }
+    findUpstream(url) {
+        // Sort by prefix length (longest match first)
+        const sorted = [...this.config.upstreams].sort((a, b) => b.pathPrefix.length - a.pathPrefix.length);
+        return sorted.find((u) => url.startsWith(u.pathPrefix));
+    }
+    /**
+     * Inspect inbound request based on upstream protocol type.
+     * Returns true if a threat was detected.
+     */
+    async inspectRequest(upstream, bodyStr, _url) {
+        if (!bodyStr)
+            return false;
+        let detected = false;
+        switch (upstream.protocol) {
+            case 'openai-api': {
+                detected = this.inspectOpenAIRequest(bodyStr);
+                break;
+            }
+            case 'mcp-http': {
+                detected = this.inspectMCPRequest(bodyStr);
+                break;
+            }
+            case 'a2a': {
+                detected = this.inspectA2ARequest(bodyStr);
+                break;
+            }
+            case 'passthrough':
+            default:
+                break;
+        }
+        return detected;
+    }
+    /**
+     * Inspect outbound response based on upstream protocol type.
+     */
+    async inspectResponse(upstream, bodyStr) {
+        if (!bodyStr)
+            return false;
+        let detected = false;
+        switch (upstream.protocol) {
+            case 'openai-api': {
+                detected = this.inspectOpenAIResponse(bodyStr);
+                break;
+            }
+            case 'mcp-http': {
+                detected = this.inspectMCPResponse(bodyStr);
+                break;
+            }
+            case 'a2a': {
+                detected = this.inspectA2AResponse(bodyStr);
+                break;
+            }
+            case 'passthrough':
+            default:
+                break;
+        }
+        return detected;
+    }
+    // --- Protocol-specific inspectors ---
+    inspectOpenAIRequest(bodyStr) {
+        if (!this.deps.promptInterceptor)
+            return false;
+        try {
+            const parsed = JSON.parse(bodyStr);
+            const messages = parsed.messages;
+            if (!Array.isArray(messages))
+                return false;
+            let detected = false;
+            for (const msg of messages) {
+                if (msg.role === 'user' && typeof msg.content === 'string') {
+                    const result = this.deps.promptInterceptor.scanInput(msg.content);
+                    if (result.detected)
+                        detected = true;
+                }
+            }
+            return detected;
+        }
+        catch {
+            return false;
+        }
+    }
+    inspectOpenAIResponse(bodyStr) {
+        if (!this.deps.promptInterceptor)
+            return false;
+        try {
+            const parsed = JSON.parse(bodyStr);
+            const choices = parsed.choices;
+            if (!Array.isArray(choices))
+                return false;
+            let detected = false;
+            for (const choice of choices) {
+                const content = choice.message?.content;
+                if (typeof content === 'string') {
+                    const result = this.deps.promptInterceptor.scanOutput(content);
+                    if (result.detected)
+                        detected = true;
+                }
+            }
+            return detected;
+        }
+        catch {
+            return false;
+        }
+    }
+    inspectMCPRequest(bodyStr) {
+        if (!this.deps.mcpInterceptor)
+            return false;
+        try {
+            const parsed = JSON.parse(bodyStr);
+            // JSON-RPC format: { method: "tools/call", params: { name: "...", arguments: {...} } }
+            if (parsed.method === 'tools/call' && parsed.params) {
+                const toolName = parsed.params.name;
+                const args = parsed.params.arguments ?? {};
+                if (typeof toolName === 'string') {
+                    const result = this.deps.mcpInterceptor.scanToolCall(toolName, args);
+                    return result.detected;
+                }
+            }
+            return false;
+        }
+        catch {
+            return false;
+        }
+    }
+    inspectMCPResponse(bodyStr) {
+        if (!this.deps.promptInterceptor)
+            return false;
+        try {
+            const parsed = JSON.parse(bodyStr);
+            // JSON-RPC result: { result: { content: [{ type: "text", text: "..." }] } }
+            if (parsed.result?.content && Array.isArray(parsed.result.content)) {
+                let detected = false;
+                for (const part of parsed.result.content) {
+                    if (part.type === 'text' && typeof part.text === 'string') {
+                        const result = this.deps.promptInterceptor.scanOutput(part.text);
+                        if (result.detected)
+                            detected = true;
+                    }
+                }
+                return detected;
+            }
+            // JSON-RPC error: { error: { message: "..." } }
+            if (parsed.error?.message && typeof parsed.error.message === 'string') {
+                const result = this.deps.promptInterceptor.scanOutput(parsed.error.message);
+                return result.detected;
+            }
+            return false;
+        }
+        catch {
+            return false;
+        }
+    }
+    inspectA2AResponse(bodyStr) {
+        if (!this.deps.promptInterceptor)
+            return false;
+        try {
+            const parsed = JSON.parse(bodyStr);
+            // A2A response: { content: "..." } or { message: "..." }
+            const content = parsed.content ?? parsed.message ?? '';
+            if (typeof content === 'string' && content) {
+                const result = this.deps.promptInterceptor.scanOutput(content);
+                return result.detected;
+            }
+            return false;
+        }
+        catch {
+            return false;
+        }
+    }
+    inspectA2ARequest(bodyStr) {
+        if (!this.deps.a2aInterceptor)
+            return false;
+        try {
+            const parsed = JSON.parse(bodyStr);
+            // A2A JSON-RPC: { method: "tasks/send", params: { ... } }
+            // Or direct message format: { from: "...", to: "...", content: "..." }
+            const from = parsed.from ?? parsed.params?.from ?? 'unknown';
+            const to = parsed.to ?? parsed.params?.to ?? 'unknown';
+            // Extract content from various A2A message formats
+            let content = '';
+            if (typeof parsed.content === 'string') {
+                content = parsed.content;
+            }
+            else if (parsed.params?.message?.parts) {
+                // A2A protocol message parts
+                for (const part of parsed.params.message.parts) {
+                    if (part.type === 'text' && typeof part.text === 'string') {
+                        content += part.text + '\n';
+                    }
+                }
+            }
+            else if (typeof parsed.params?.content === 'string') {
+                content = parsed.params.content;
+            }
+            if (content) {
+                const result = this.deps.a2aInterceptor.scanMessage(from, to, content);
+                return result.detected;
+            }
+            return false;
+        }
+        catch {
+            return false;
+        }
+    }
+}
+exports.ARPProxy = ARPProxy;
+//# sourceMappingURL=server.js.map

package/dist/arp/proxy/server.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"server.js","sourceRoot":"","sources":["../../../src/arp/proxy/server.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,2CAA6B;AAM7B,uCAAgF;AAChF,wCAA0D;AAS1D;;;;;;GAMG;AACH,MAAa,QAAQ;IAKnB,YAAY,MAAmB,EAAE,IAAkB;QAF3C,WAAM,GAAuB,IAAI,CAAC;QAGxC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;IACnB,CAAC;IAED,KAAK,CAAC,KAAK;QACT,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;YAC7B,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,YAAY,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;gBAC3C,IAAI,CAAC,aAAa,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;oBACzC,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;oBACjE,MAAM,UAAU,GAAG,OAAO,KAAK,wBAAwB,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;oBACpE,MAAM,aAAa,GAAG,OAAO,KAAK,wBAAwB;wBACxD,CAAC,CAAC,wBAAwB;wBAC1B,CAAC,CAAC,aAAa,CAAC;oBAClB,IAAA,mBAAS,EAAC,GAAG,EAAE,UAAU,EAAE,aAAa,CAAC,CAAC;gBAC5C,CAAC,CAAC,CAAC;YACL,CAAC,CAAC,CAAC;YAEH,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,GAAG,EAAE;gBACxC,OAAO,EAAE,CAAC;YACZ,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,IAAI;QACR,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;YAC7B,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;gBAChB,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,OAAO,EAAE,CAAC,CAAC;YACrC,CAAC;iBAAM,CAAC;gBACN,OAAO,EAAE,CAAC;YACZ,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAED,OAAO;QACL,OAAO,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC;IAC1B,CAAC;IAEO,KAAK,CAAC,aAAa,CACzB,GAAyB,EACzB,GAAwB;QAExB,MAAM,GAAG,GAAG,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC;QAE3B,yBAAyB;QACzB,MAAM,QAAQ,GAAG,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC;QACxC,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,IAAA,mBAAS,EAAC,GAAG,EAAE,GAAG,EAAE,WAAW,CAAC,CAAC;YACjC,OAAO;QACT,CAAC;QAED,0BAA0B;QAC1B,MAAM,IAAI,GAAG,MAAM,IAAA,oBAAU,EAAC,GAAG,CAAC,CAAC;QACnC,MAAM,OAAO,GAAG,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QAE9D,uCAAuC;QACvC,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,QAAQ,EAAE,OAAO,EAAE,GAAG,CAAC,CAAC;QAClE,IAAI,OAAO,IAAI,IAAI,CAAC,MAAM,CAAC,gBAAgB,EAAE,CAAC;YAC5C,qCAAqC;YACrC,MAAM,QAAQ,GAAG,MAAM,IAAA,oBAAU,EAAC,0BAAgB,CAAC,aAAa,CAAC,CAAC;YAClE,IAAI,QAAQ,EAAE,CAAC;gBACb,IAAA,mBAAS,EAAC,GAAG,EAAE,GAAG,EAAE,yCAAyC,CAAC,CAAC;gBAC/D,OAAO;YACT,CAAC;YACD,wDAAwD;QAC1D,CAAC;QAED,sDAAsD;QACtD,IAAI,WAAW,GAAG,GAAG,CAAC,UAAU,CAAC,QAAQ,CAAC,UAAU,CAAC;YACnD,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,QAAQ,CAAC,UAAU,CAAC,MAAM,CAAC,IAAI,GAAG;YAC9C,CAAC,CAAC,GAAG,CAAC;QAER,4EAA4E;QAC5E,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YACjC,WAAW,GAAG,GAAG,GAAG,WAAW,CAAC;QAClC,CAAC;QACD,IAAI,qBAAqB,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;YAC5C,IAAA,mBAAS,EAAC,GAAG,EAAE,GAAG,EAAE,aAAa,CAAC,CAAC;YACnC,OAAO;QACT,CAAC;QAED,sBAAsB;QACtB,MAAM,MAAM,GAAG,MAAM,IAAA,wBAAc,EAAC,QAAQ,CAAC,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,WAAW,CAAC,CAAC;QAE7E,yCAAyC;QACzC,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QAClD,MAAM,IAAI,CAAC,eAAe,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC;QAElD,+BAA+B;QAC/B,IAAA,sBAAY,EAAC,GAAG,EAAE,MAAM,CAAC,QAAQ,CAAC,UAAU,IAAI,GAAG,EAAE,MAAM,CAAC,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC;IAC7F,CAAC;IAEO,YAAY,CAAC,GAAW;QAC9B,8CAA8C;QAC9C,MAAM,MAAM,GAAG,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,IAAI,CAC5C,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC,UAAU,CAAC,MAAM,CACpD,CAAC;QACF,OAAO,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC;IAC1D,CAAC;IAED;;;OAGG;IACK,KAAK,CAAC,cAAc,CAC1B,QAAuB,EACvB,OAAe,EACf,IAAY;QAEZ,IAAI,CAAC,OAAO;YAAE,OAAO,KAAK,CAAC;QAE3B,IAAI,QAAQ,GAAG,KAAK,CAAC;QAErB,QAAQ,QAAQ,CAAC,QAAQ,EAAE,CAAC;YAC1B,KAAK,YAAY,CAAC,CAAC,CAAC;gBAClB,QAAQ,GAAG,IAAI,CAAC,oBAAoB,CAAC,OAAO,CAAC,CAAC;gBAC9C,MAAM;YACR,CAAC;YACD,KAAK,UAAU,CAAC,CAAC,CAAC;gBAChB,QAAQ,GAAG,IAAI,CAAC,iBAAiB,CAAC,OAAO,CAAC,CAAC;gBAC3C,MAAM;YACR,CAAC;YACD,KAAK,KAAK,CAAC,CAAC,CAAC;gBACX,QAAQ,GAAG,IAAI,CAAC,iBAAiB,CAAC,OAAO,CAAC,CAAC;gBAC3C,MAAM;YACR,CAAC;YACD,KAAK,aAAa,CAAC;YACnB;gBACE,MAAM;QACV,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,eAAe,CAC3B,QAAuB,EACvB,OAAe;QAEf,IAAI,CAAC,OAAO;YAAE,OAAO,KAAK,CAAC;QAE3B,IAAI,QAAQ,GAAG,KAAK,CAAC;QAErB,QAAQ,QAAQ,CAAC,QAAQ,EAAE,CAAC;YAC1B,KAAK,YAAY,CAAC,CAAC,CAAC;gBAClB,QAAQ,GAAG,IAAI,CAAC,qBAAqB,CAAC,OAAO,CAAC,CAAC;gBAC/C,MAAM;YACR,CAAC;YACD,KAAK,UAAU,CAAC,CAAC,CAAC;gBAChB,QAAQ,GAAG,IAAI,CAAC,kBAAkB,CAAC,OAAO,CAAC,CAAC;gBAC5C,MAAM;YACR,CAAC;YACD,KAAK,KAAK,CAAC,CAAC,CAAC;gBACX,QAAQ,GAAG,IAAI,CAAC,kBAAkB,CAAC,OAAO,CAAC,CAAC;gBAC5C,MAAM;YACR,CAAC;YACD,KAAK,aAAa,CAAC;YACnB;gBACE,MAAM;QACV,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,uCAAuC;IAE/B,oBAAoB,CAAC,OAAe;QAC1C,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,iBAAiB;YAAE,OAAO,KAAK,CAAC;QAE/C,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YACnC,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC;YACjC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC;gBAAE,OAAO,KAAK,CAAC;YAE3C,IAAI,QAAQ,GAAG,KAAK,CAAC;YACrB,KAAK,MAAM,GAAG,IAAI,QAAQ,EAAE,CAAC;gBAC3B,IAAI,GAAG,CAAC,IAAI,KAAK,MAAM,IAAI,OAAO,GAAG,CAAC,OAAO,KAAK,QAAQ,EAAE,CAAC;oBAC3D,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,iBAAiB,CAAC,SAAS,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;oBAClE,IAAI,MAAM,CAAC,QAAQ;wBAAE,QAAQ,GAAG,IAAI,CAAC;gBACvC,CAAC;YACH,CAAC;YACD,OAAO,QAAQ,CAAC;QAClB,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAEO,qBAAqB,CAAC,OAAe;QAC3C,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,iBAAiB;YAAE,OAAO,KAAK,CAAC;QAE/C,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YACnC,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC;YAC/B,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC;gBAAE,OAAO,KAAK,CAAC;YAE1C,IAAI,QAAQ,GAAG,KAAK,CAAC;YACrB,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;gBAC7B,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,EAAE,OAAO,CAAC;gBACxC,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE,CAAC;oBAChC,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,iBAAiB,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;oBAC/D,IAAI,MAAM,CAAC,QAAQ;wBAAE,QAAQ,GAAG,IAAI,CAAC;gBACvC,CAAC;YACH,CAAC;YACD,OAAO,QAAQ,CAAC;QAClB,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAEO,iBAAiB,CAAC,OAAe;QACvC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,cAAc;YAAE,OAAO,KAAK,CAAC;QAE5C,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YAEnC,uFAAuF;YACvF,IAAI,MAAM,CAAC,MAAM,KAAK,YAAY,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;gBACpD,MAAM,QAAQ,GAAG,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC;gBACpC,MAAM,IAAI,GAAG,MAAM,CAAC,MAAM,CAAC,SAAS,IAAI,EAAE,CAAC;gBAC3C,IAAI,OAAO,QAAQ,KAAK,QAAQ,EAAE,CAAC;oBACjC,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,YAAY,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;oBACrE,OAAO,MAAM,CAAC,QAAQ,CAAC;gBACzB,CAAC;YACH,CAAC;YAED,OAAO,KAAK,CAAC;QACf,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAEO,kBAAkB,CAAC,OAAe;QACxC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,iBAAiB;YAAE,OAAO,KAAK,CAAC;QAE/C,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YAEnC,4EAA4E;YAC5E,IAAI,MAAM,CAAC,MAAM,EAAE,OAAO,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC;gBACnE,IAAI,QAAQ,GAAG,KAAK,CAAC;gBACrB,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;oBACzC,IAAI,IAAI,CAAC,IAAI,KAAK,MAAM,IAAI,OAAO,IAAI,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;wBAC1D,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,iBAAiB,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;wBACjE,IAAI,MAAM,CAAC,QAAQ;4BAAE,QAAQ,GAAG,IAAI,CAAC;oBACvC,CAAC;gBACH,CAAC;gBACD,OAAO,QAAQ,CAAC;YAClB,CAAC;YAED,gDAAgD;YAChD,IAAI,MAAM,CAAC,KAAK,EAAE,OAAO,IAAI,OAAO,MAAM,CAAC,KAAK,CAAC,OAAO,KAAK,QAAQ,EAAE,CAAC;gBACtE,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,iBAAiB,CAAC,UAAU,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;gBAC5E,OAAO,MAAM,CAAC,QAAQ,CAAC;YACzB,CAAC;YAED,OAAO,KAAK,CAAC;QACf,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAEO,kBAAkB,CAAC,OAAe;QACxC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,iBAAiB;YAAE,OAAO,KAAK,CAAC;QAE/C,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YAEnC,yDAAyD;YACzD,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,IAAI,MAAM,CAAC,OAAO,IAAI,EAAE,CAAC;YACvD,IAAI,OAAO,OAAO,KAAK,QAAQ,IAAI,OAAO,EAAE,CAAC;gBAC3C,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,iBAAiB,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;gBAC/D,OAAO,MAAM,CAAC,QAAQ,CAAC;YACzB,CAAC;YAED,OAAO,KAAK,CAAC;QACf,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAEO,iBAAiB,CAAC,OAAe;QACvC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,cAAc;YAAE,OAAO,KAAK,CAAC;QAE5C,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YAEnC,0DAA0D;YAC1D,uEAAuE;YACvE,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,IAAI,MAAM,CAAC,MAAM,EAAE,IAAI,IAAI,SAAS,CAAC;YAC7D,MAAM,EAAE,GAAG,MAAM,CAAC,EAAE,IAAI,MAAM,CAAC,MAAM,EAAE,EAAE,IAAI,SAAS,CAAC;YAEvD,mDAAmD;YACnD,IAAI,OAAO,GAAG,EAAE,CAAC;YACjB,IAAI,OAAO,MAAM,CAAC,OAAO,KAAK,QAAQ,EAAE,CAAC;gBACvC,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC;YAC3B,CAAC;iBAAM,IAAI,MAAM,CAAC,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;gBACzC,6BAA6B;gBAC7B,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;oBAC/C,IAAI,IAAI,CAAC,IAAI,KAAK,MAAM,IAAI,OAAO,IAAI,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;wBAC1D,OAAO,IAAI,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;oBAC9B,CAAC;gBACH,CAAC;YACH,CAAC;iBAAM,IAAI,OAAO,MAAM,CAAC,MAAM,EAAE,OAAO,KAAK,QAAQ,EAAE,CAAC;gBACtD,OAAO,GAAG,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC;YAClC,CAAC;YAED,IAAI,OAAO,EAAE,CAAC;gBACZ,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,WAAW,CAAC,IAAI,EAAE,EAAE,EAAE,OAAO,CAAC,CAAC;gBACvE,OAAO,MAAM,CAAC,QAAQ,CAAC;YACzB,CAAC;YAED,OAAO,KAAK,CAAC;QACf,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;CACF;AAnUD,4BAmUC"}

package/dist/arp/reporting/local-log.d.ts

@@ -0,0 +1,22 @@
+import type { ARPEvent, EnforcementResult } from '../types';
+/**
+ * Local JSONL logger — append-only event and enforcement logs.
+ * Follows the aim-core audit.jsonl pattern.
+ */
+export declare class LocalLogger {
+    private readonly dataDir;
+    constructor(dataDir: string);
+    /** Log an ARP event */
+    logEvent(event: ARPEvent): void;
+    /** Log an enforcement action */
+    logEnforcement(result: EnforcementResult): void;
+    /** Read recent events */
+    readEvents(limit?: number): ARPEvent[];
+    /** Read recent enforcement actions */
+    readEnforcements(limit?: number): EnforcementResult[];
+    /** Tail the event log (returns last N lines as JSON) */
+    tail(n?: number): ARPEvent[];
+    private appendLog;
+    private readLog;
+}
+//# sourceMappingURL=local-log.d.ts.map

package/dist/arp/reporting/local-log.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"local-log.d.ts","sourceRoot":"","sources":["../../../src/arp/reporting/local-log.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,QAAQ,EAAE,iBAAiB,EAAE,MAAM,UAAU,CAAC;AAM5D;;;GAGG;AACH,qBAAa,WAAW;IACtB,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAS;gBAErB,OAAO,EAAE,MAAM;IAK3B,uBAAuB;IACvB,QAAQ,CAAC,KAAK,EAAE,QAAQ,GAAG,IAAI;IAI/B,gCAAgC;IAChC,cAAc,CAAC,MAAM,EAAE,iBAAiB,GAAG,IAAI;IAc/C,yBAAyB;IACzB,UAAU,CAAC,KAAK,CAAC,EAAE,MAAM,GAAG,QAAQ,EAAE;IAItC,sCAAsC;IACtC,gBAAgB,CAAC,KAAK,CAAC,EAAE,MAAM,GAAG,iBAAiB,EAAE;IAIrD,wDAAwD;IACxD,IAAI,CAAC,CAAC,GAAE,MAAW,GAAG,QAAQ,EAAE;IAIhC,OAAO,CAAC,SAAS;IAkBjB,OAAO,CAAC,OAAO;CAiBhB"}

package/dist/arp/reporting/local-log.js

@@ -0,0 +1,116 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.LocalLogger = void 0;
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+const EVENT_LOG = 'events.jsonl';
+const ENFORCEMENT_LOG = 'enforcement.jsonl';
+const MAX_LOG_SIZE = 50 * 1024 * 1024; // 50MB
+/**
+ * Local JSONL logger — append-only event and enforcement logs.
+ * Follows the aim-core audit.jsonl pattern.
+ */
+class LocalLogger {
+    constructor(dataDir) {
+        this.dataDir = dataDir;
+        fs.mkdirSync(dataDir, { recursive: true });
+    }
+    /** Log an ARP event */
+    logEvent(event) {
+        this.appendLog(EVENT_LOG, event);
+    }
+    /** Log an enforcement action */
+    logEnforcement(result) {
+        const entry = {
+            timestamp: new Date().toISOString(),
+            action: result.action,
+            targetPid: result.targetPid,
+            success: result.success,
+            reason: result.reason,
+            eventId: result.event.id,
+            eventSource: result.event.source,
+            eventSeverity: result.event.severity,
+        };
+        this.appendLog(ENFORCEMENT_LOG, entry);
+    }
+    /** Read recent events */
+    readEvents(limit) {
+        return this.readLog(EVENT_LOG, limit);
+    }
+    /** Read recent enforcement actions */
+    readEnforcements(limit) {
+        return this.readLog(ENFORCEMENT_LOG, limit);
+    }
+    /** Tail the event log (returns last N lines as JSON) */
+    tail(n = 20) {
+        return this.readLog(EVENT_LOG, n);
+    }
+    appendLog(filename, data) {
+        const filePath = path.join(this.dataDir, filename);
+        // Rotate if needed
+        try {
+            const stat = fs.statSync(filePath);
+            if (stat.size > MAX_LOG_SIZE) {
+                const rotatedPath = `${filePath}.${Date.now()}`;
+                fs.renameSync(filePath, rotatedPath);
+            }
+        }
+        catch {
+            // File doesn't exist yet
+        }
+        const line = JSON.stringify(data) + '\n';
+        fs.appendFileSync(filePath, line, 'utf-8');
+    }
+    readLog(filename, limit) {
+        const filePath = path.join(this.dataDir, filename);
+        if (!fs.existsSync(filePath))
+            return [];
+        try {
+            const content = fs.readFileSync(filePath, 'utf-8');
+            const lines = content.trim().split('\n').filter(Boolean);
+            const entries = lines.map((l) => JSON.parse(l));
+            if (limit && limit > 0) {
+                return entries.slice(-limit);
+            }
+            return entries;
+        }
+        catch {
+            return [];
+        }
+    }
+}
+exports.LocalLogger = LocalLogger;
+//# sourceMappingURL=local-log.js.map

package/dist/arp/reporting/local-log.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"local-log.js","sourceRoot":"","sources":["../../../src/arp/reporting/local-log.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,uCAAyB;AACzB,2CAA6B;AAG7B,MAAM,SAAS,GAAG,cAAc,CAAC;AACjC,MAAM,eAAe,GAAG,mBAAmB,CAAC;AAC5C,MAAM,YAAY,GAAG,EAAE,GAAG,IAAI,GAAG,IAAI,CAAC,CAAC,OAAO;AAE9C;;;GAGG;AACH,MAAa,WAAW;IAGtB,YAAY,OAAe;QACzB,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;QACvB,EAAE,CAAC,SAAS,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAC7C,CAAC;IAED,uBAAuB;IACvB,QAAQ,CAAC,KAAe;QACtB,IAAI,CAAC,SAAS,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;IACnC,CAAC;IAED,gCAAgC;IAChC,cAAc,CAAC,MAAyB;QACtC,MAAM,KAAK,GAAG;YACZ,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,MAAM,EAAE,MAAM,CAAC,MAAM;YACrB,SAAS,EAAE,MAAM,CAAC,SAAS;YAC3B,OAAO,EAAE,MAAM,CAAC,OAAO;YACvB,MAAM,EAAE,MAAM,CAAC,MAAM;YACrB,OAAO,EAAE,MAAM,CAAC,KAAK,CAAC,EAAE;YACxB,WAAW,EAAE,MAAM,CAAC,KAAK,CAAC,MAAM;YAChC,aAAa,EAAE,MAAM,CAAC,KAAK,CAAC,QAAQ;SACrC,CAAC;QACF,IAAI,CAAC,SAAS,CAAC,eAAe,EAAE,KAAK,CAAC,CAAC;IACzC,CAAC;IAED,yBAAyB;IACzB,UAAU,CAAC,KAAc;QACvB,OAAO,IAAI,CAAC,OAAO,CAAW,SAAS,EAAE,KAAK,CAAC,CAAC;IAClD,CAAC;IAED,sCAAsC;IACtC,gBAAgB,CAAC,KAAc;QAC7B,OAAO,IAAI,CAAC,OAAO,CAAoB,eAAe,EAAE,KAAK,CAAC,CAAC;IACjE,CAAC;IAED,wDAAwD;IACxD,IAAI,CAAC,IAAY,EAAE;QACjB,OAAO,IAAI,CAAC,OAAO,CAAW,SAAS,EAAE,CAAC,CAAC,CAAC;IAC9C,CAAC;IAEO,SAAS,CAAC,QAAgB,EAAE,IAAa;QAC/C,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;QAEnD,mBAAmB;QACnB,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;YACnC,IAAI,IAAI,CAAC,IAAI,GAAG,YAAY,EAAE,CAAC;gBAC7B,MAAM,WAAW,GAAG,GAAG,QAAQ,IAAI,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;gBAChD,EAAE,CAAC,UAAU,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC;YACvC,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,yBAAyB;QAC3B,CAAC;QAED,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC;QACzC,EAAE,CAAC,cAAc,CAAC,QAAQ,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;IAC7C,CAAC;IAEO,OAAO,CAAI,QAAgB,EAAE,KAAc;QACjD,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;QACnD,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC;YAAE,OAAO,EAAE,CAAC;QAExC,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;YACnD,MAAM,KAAK,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;YACzD,MAAM,OAAO,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAM,CAAC,CAAC;YAErD,IAAI,KAAK,IAAI,KAAK,GAAG,CAAC,EAAE,CAAC;gBACvB,OAAO,OAAO,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC;YAC/B,CAAC;YACD,OAAO,OAAO,CAAC;QACjB,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,EAAE,CAAC;QACZ,CAAC;IACH,CAAC;CACF;AA9ED,kCA8EC"}