npm - llm-trust-guard - Versions diffs - 4.13.6 → 4.14.0 - Mend

llm-trust-guard 4.13.6 → 4.14.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (15) hide show

package/dist/guards/delegation-scope-guard.d.ts +87 -0
package/dist/guards/delegation-scope-guard.js +1 -0
package/dist/guards/spawn-policy-guard.d.ts +96 -0
package/dist/guards/spawn-policy-guard.js +1 -0
package/dist/guards/trust-transitivity-guard.d.ts +108 -0
package/dist/guards/trust-transitivity-guard.js +1 -0
package/dist/index.d.ts +3 -0
package/dist/index.js +1 -1
package/dist/index.mjs +3 -3
package/dist/integrations/index.d.ts +1 -0
package/dist/integrations/index.js +1 -1
package/dist/integrations/vercel-ai-sdk.d.ts +177 -0
package/dist/integrations/vercel-ai-sdk.js +1 -0
package/dist/types/index.d.ts +21 -0
package/package.json +5 -1

package/dist/guards/delegation-scope-guard.d.ts ADDED Viewed

@@ -0,0 +1,87 @@
+/**
+ * DelegationScopeGuard (L33)
+ *
+ * Limits what permissions a child agent can inherit from its parent.
+ * Like OAuth token downscoping — a child can only receive a strict subset
+ * of the parent's scopes, and scopes further decay with each delegation hop.
+ *
+ * Threat Model:
+ * - ASI07: Insecure Inter-Agent Communication
+ * - Privilege amplification via delegation (child claims more than parent has)
+ * - Lateral movement through scope inheritance
+ * - Scope laundering (accumulating permissions across hops)
+ *
+ * Protection Capabilities:
+ * - Strict subset enforcement (child ⊆ parent)
+ * - Per-hop scope decay
+ * - Blocked scope list (never inheritable regardless of parent)
+ * - Maximum allowed scope set
+ * - Full delegation audit trail
+ */
+export interface DelegationScopeGuardConfig {
+    /**
+     * Maximum fraction of parent scopes a child may inherit per hop (0–1).
+     * 1.0 = child may inherit all parent scopes; 0.5 = at most half; 0 = no inheritance.
+     * Default: 1.0 (no automatic decay — rely on explicit scope lists instead)
+     */
+    maxScopeInheritance?: number;
+    /** Scopes that can never be delegated to any child, regardless of parent. */
+    blockedScopes?: string[];
+    /**
+     * Fraction by which the effective scope set shrinks per delegation hop (0–1).
+     * 0 = no decay; 0.25 = 25% fewer scopes each hop.
+     * Default: 0 (disabled)
+     */
+    scopeDecayPerHop?: number;
+    /** If set, only these scopes can ever appear in any delegation. */
+    allowedScopes?: string[];
+}
+export interface DelegationRequest {
+    /** ID of the delegating parent agent */
+    parentAgentId: string;
+    /** Scopes the parent currently holds */
+    parentScopes: string[];
+    /** ID of the child agent receiving delegation */
+    childAgentId: string;
+    /** Scopes the child is requesting */
+    requestedScopes: string[];
+    /** Delegation hop depth (0 = root → first child) */
+    hopDepth: number;
+    /** Optional justification */
+    reason?: string;
+}
+export interface DelegationScopeResult {
+    allowed: boolean;
+    reason: string;
+    violations: string[];
+    request_id: string;
+    scope_analysis: {
+        parent_scopes: string[];
+        requested_scopes: string[];
+        granted_scopes: string[];
+        blocked_scopes_found: string[];
+        out_of_parent_scopes: string[];
+        exceeds_inheritance_limit: boolean;
+        decay_applied: boolean;
+        effective_max_scopes: number;
+    };
+}
+export declare class DelegationScopeGuard {
+    readonly guardName = "DelegationScopeGuard";
+    readonly guardLayer = "L33";
+    private readonly config;
+    /** Audit trail: delegationId → result */
+    private readonly auditLog;
+    constructor(config?: DelegationScopeGuardConfig);
+    /**
+     * Validate a delegation request and return the actually-grantable scopes.
+     *
+     * @param request - The delegation being attempted
+     * @param requestId - Optional trace ID
+     */
+    validateDelegation(request: DelegationRequest, requestId?: string): DelegationScopeResult;
+    /** Return the audit trail for a delegation request. */
+    getAuditLog(requestId: string): DelegationScopeResult | undefined;
+    /** Clear the audit log. */
+    clearAuditLog(): void;
+}

package/dist/guards/delegation-scope-guard.js ADDED Viewed

@@ -0,0 +1 @@

+ "use strict";var __createBinding=this&&this.__createBinding||(Object.create?(function(c,e,n,o){o===void 0&&(o=n);var t=Object.getOwnPropertyDescriptor(e,n);(!t||("get"in t?!e.__esModule:t.writable||t.configurable))&&(t={enumerable:!0,get:function(){return e[n]}}),Object.defineProperty(c,o,t)}):(function(c,e,n,o){o===void 0&&(o=n),c[o]=e[n]})),__setModuleDefault=this&&this.__setModuleDefault||(Object.create?(function(c,e){Object.defineProperty(c,"default",{enumerable:!0,value:e})}):function(c,e){c.default=e}),__importStar=this&&this.__importStar||(function(){var c=function(e){return c=Object.getOwnPropertyNames||function(n){var o=[];for(var t in n)Object.prototype.hasOwnProperty.call(n,t)&&(o[o.length]=t);return o},c(e)};return function(e){if(e&&e.__esModule)return e;var n={};if(e!=null)for(var o=c(e),t=0;t<o.length;t++)o[t]!=="default"&&__createBinding(n,e,o[t]);return __setModuleDefault(n,e),n}})();Object.defineProperty(exports,"__esModule",{value:!0}),exports.DelegationScopeGuard=void 0;const crypto=__importStar(require("crypto"));class DelegationScopeGuard{constructor(e={}){this.guardName="DelegationScopeGuard",this.guardLayer="L33",this.auditLog=new Map,this.config={maxScopeInheritance:e.maxScopeInheritance??1,blockedScopes:e.blockedScopes??[],scopeDecayPerHop:e.scopeDecayPerHop??0,allowedScopes:e.allowedScopes??[]}}validateDelegation(e,n){const o=n??`delg-${crypto.randomBytes(6).toString("hex")}`,t=[],d=new Set(e.parentScopes),s=e.requestedScopes,a=s.filter(i=>this.config.blockedScopes.includes(i));a.length>0&&t.push(`blocked_scopes: [${a.join(", ")}]`);const l=s.filter(i=>!d.has(i));if(l.length>0&&t.push(`scopes_exceed_parent: [${l.join(", ")}]`),this.config.allowedScopes.length>0){const i=s.filter(b=>!this.config.allowedScopes.includes(b));i.length>0&&t.push(`scopes_not_in_allowlist: [${i.join(", ")}]`)}const f=Math.max(0,1-this.config.scopeDecayPerHop*e.hopDepth),g=Math.floor(e.parentScopes.length*this.config.maxScopeInheritance*f),r=Math.max(0,g),_=this.config.scopeDecayPerHop>0&&e.hopDepth>0,u=s.length>r;u&&t.push(`inheritance_limit_exceeded: requested ${s.length}, max ${r}`);const S=s.filter(i=>d.has(i)&&!this.config.blockedScopes.includes(i)&&(this.config.allowedScopes.length===0||this.config.allowedScopes.includes(i))).slice(0,r),p=t.length===0,h={allowed:p,reason:p?"Delegation scopes granted":`Delegation restricted: ${t.slice(0,3).join("; ")}`,violations:t,request_id:o,scope_analysis:{parent_scopes:e.parentScopes,requested_scopes:s,granted_scopes:p?S:[],blocked_scopes_found:a,out_of_parent_scopes:l,exceeds_inheritance_limit:u,decay_applied:_,effective_max_scopes:r}};return this.auditLog.set(o,h),h}getAuditLog(e){return this.auditLog.get(e)}clearAuditLog(){this.auditLog.clear()}}exports.DelegationScopeGuard=DelegationScopeGuard;

package/dist/guards/spawn-policy-guard.d.ts ADDED Viewed

@@ -0,0 +1,96 @@
+/**
+ * SpawnPolicyGuard (L32)
+ *
+ * Controls whether agents can spawn child agents (sub-agents).
+ * Think of this as Content Security Policy (CSP) but for agent spawning —
+ * it defines which agents are allowed to create other agents, under what
+ * conditions, and with what constraints.
+ *
+ * Threat Model:
+ * - ASI07: Insecure Inter-Agent Communication
+ * - Unauthorized agent spawning (an agent spawns helpers to evade controls)
+ * - Third-party agent injection (untrusted spawned agents carry out attacks)
+ * - Delegation depth explosion (recursive sub-agent spawning)
+ * - Privilege amplification through spawning
+ *
+ * Protection Capabilities:
+ * - Per-origin spawn allowlisting
+ * - Third-party spawn gating
+ * - Delegation depth enforcement
+ * - Human-in-the-loop gate for new agents
+ * - Runtime spawn counter per parent agent
+ */
+export interface SpawnPolicyGuardConfig {
+    /** Allow agents to spawn from third-party / untrusted origins (default: false) */
+    allowThirdPartySpawning?: boolean;
+    /** Maximum delegation depth: 0 = no spawning, 1 = parent→child only (default: 2) */
+    maxDelegationDepth?: number;
+    /** Gate every spawn through human approval (default: false) */
+    requireApprovalForNewAgents?: boolean;
+    /** Allowlist of spawn origins that are trusted. Empty = all registered origins allowed */
+    allowedSpawnOrigins?: string[];
+    /** Maximum number of active child agents per parent (default: 10) */
+    maxChildrenPerParent?: number;
+    /** Require the spawning agent to be registered before it can spawn */
+    requireRegisteredParent?: boolean;
+}
+export interface SpawnRequest {
+    /** ID of the agent requesting to spawn */
+    parentAgentId: string;
+    /** Proposed ID for the new child agent */
+    childAgentId: string;
+    /** Declared origin / runtime of the child (e.g. "openai", "anthropic", "internal") */
+    spawnOrigin: string;
+    /** How many hops deep in the delegation chain is the parent */
+    delegationDepth: number;
+    /** Is the child coming from a third-party / external system? */
+    isThirdParty: boolean;
+    /** Optional reason / justification */
+    reason?: string;
+    /** Additional metadata */
+    metadata?: Record<string, unknown>;
+}
+export interface SpawnPolicyResult {
+    allowed: boolean;
+    reason: string;
+    violations: string[];
+    request_id: string;
+    policy_analysis: {
+        third_party_blocked: boolean;
+        depth_exceeded: boolean;
+        origin_blocked: boolean;
+        parent_not_registered: boolean;
+        children_limit_exceeded: boolean;
+        approval_required: boolean;
+    };
+    requires_human_approval: boolean;
+}
+export declare class SpawnPolicyGuard {
+    readonly guardName = "SpawnPolicyGuard";
+    readonly guardLayer = "L32";
+    private readonly config;
+    /** parentAgentId → set of active child IDs */
+    private readonly activeChildren;
+    /** Set of registered parent agent IDs */
+    private readonly registeredParents;
+    constructor(config?: SpawnPolicyGuardConfig);
+    /**
+     * Register an agent as an approved parent that is allowed to spawn.
+     */
+    registerParent(agentId: string): void;
+    /**
+     * Record that a child agent has terminated / been removed.
+     */
+    removeChild(parentAgentId: string, childAgentId: string): void;
+    /**
+     * Validate whether a spawn request should be permitted.
+     *
+     * @param request - Describes the proposed spawn
+     * @param requestId - Optional trace ID
+     */
+    validateSpawn(request: SpawnRequest, requestId?: string): SpawnPolicyResult;
+    /** Return active child count for a parent. */
+    getChildCount(parentAgentId: string): number;
+    /** Reset all state (useful between test runs). */
+    reset(): void;
+}

package/dist/guards/spawn-policy-guard.js ADDED Viewed

@@ -0,0 +1 @@

+ "use strict";var __createBinding=this&&this.__createBinding||(Object.create?(function(n,e,r,i){i===void 0&&(i=r);var t=Object.getOwnPropertyDescriptor(e,r);(!t||("get"in t?!e.__esModule:t.writable||t.configurable))&&(t={enumerable:!0,get:function(){return e[r]}}),Object.defineProperty(n,i,t)}):(function(n,e,r,i){i===void 0&&(i=r),n[i]=e[r]})),__setModuleDefault=this&&this.__setModuleDefault||(Object.create?(function(n,e){Object.defineProperty(n,"default",{enumerable:!0,value:e})}):function(n,e){n.default=e}),__importStar=this&&this.__importStar||(function(){var n=function(e){return n=Object.getOwnPropertyNames||function(r){var i=[];for(var t in r)Object.prototype.hasOwnProperty.call(r,t)&&(i[i.length]=t);return i},n(e)};return function(e){if(e&&e.__esModule)return e;var r={};if(e!=null)for(var i=n(e),t=0;t<i.length;t++)i[t]!=="default"&&__createBinding(r,e,i[t]);return __setModuleDefault(r,e),r}})();Object.defineProperty(exports,"__esModule",{value:!0}),exports.SpawnPolicyGuard=void 0;const crypto=__importStar(require("crypto"));class SpawnPolicyGuard{constructor(e={}){this.guardName="SpawnPolicyGuard",this.guardLayer="L32",this.activeChildren=new Map,this.registeredParents=new Set,this.config={allowThirdPartySpawning:e.allowThirdPartySpawning??!1,maxDelegationDepth:e.maxDelegationDepth??2,requireApprovalForNewAgents:e.requireApprovalForNewAgents??!1,allowedSpawnOrigins:e.allowedSpawnOrigins??[],maxChildrenPerParent:e.maxChildrenPerParent??10,requireRegisteredParent:e.requireRegisteredParent??!0}}registerParent(e){this.registeredParents.add(e)}removeChild(e,r){this.activeChildren.get(e)?.delete(r)}validateSpawn(e,r){const i=r??`spawn-${crypto.randomBytes(6).toString("hex")}`,t=[],a={third_party_blocked:!1,depth_exceeded:!1,origin_blocked:!1,parent_not_registered:!1,children_limit_exceeded:!1,approval_required:!1};this.config.requireRegisteredParent&&!this.registeredParents.has(e.parentAgentId)&&(t.push("parent_not_registered"),a.parent_not_registered=!0),e.isThirdParty&&!this.config.allowThirdPartySpawning&&(t.push("third_party_spawning_blocked"),a.third_party_blocked=!0),e.delegationDepth>=this.config.maxDelegationDepth&&(t.push(`delegation_depth_exceeded: ${e.delegationDepth} >= max ${this.config.maxDelegationDepth}`),a.depth_exceeded=!0),this.config.allowedSpawnOrigins.length>0&&!this.config.allowedSpawnOrigins.includes(e.spawnOrigin)&&(t.push(`spawn_origin_not_allowed: ${e.spawnOrigin}`),a.origin_blocked=!0);const d=this.activeChildren.get(e.parentAgentId)?.size??0;d>=this.config.maxChildrenPerParent&&(t.push(`children_limit_exceeded: ${d} >= max ${this.config.maxChildrenPerParent}`),a.children_limit_exceeded=!0);const s=this.config.requireApprovalForNewAgents;s&&(a.approval_required=!0);const l=t.length===0;return l&&(this.activeChildren.has(e.parentAgentId)||this.activeChildren.set(e.parentAgentId,new Set),this.activeChildren.get(e.parentAgentId).add(e.childAgentId)),{allowed:l,reason:l?"Spawn permitted":`Spawn blocked: ${t.slice(0,3).join("; ")}`,violations:t,request_id:i,policy_analysis:a,requires_human_approval:s}}getChildCount(e){return this.activeChildren.get(e)?.size??0}reset(){this.activeChildren.clear(),this.registeredParents.clear()}}exports.SpawnPolicyGuard=SpawnPolicyGuard;

package/dist/guards/trust-transitivity-guard.d.ts ADDED Viewed

@@ -0,0 +1,108 @@
+/**
+ * TrustTransitivityGuard (L34)
+ *
+ * Governs whether trust flows transitively through an agent chain.
+ * "You trust A. A trusts B. B trusts C. Should you trust C?"
+ *
+ * Modelled on X.509 certificate chain validation — the chain is only as
+ * strong as its weakest link, and depth / decay rules prevent unbounded
+ * trust propagation.
+ *
+ * Threat Model:
+ * - ASI07: Insecure Inter-Agent Communication
+ * - Trust laundering: accumulating trust through intermediaries
+ * - Long-chain attacks: building trust through many low-trust hops
+ * - Phantom-agent injection: inserting a forged agent into a trusted chain
+ *
+ * Protection Capabilities:
+ * - Configurable transitivity modes: none | one-hop | full
+ * - Per-hop trust decay
+ * - Maximum chain depth enforcement
+ * - Individual agent trust score validation
+ * - Full chain audit result with per-hop breakdown
+ */
+export type TransitivityMode = "none" | "one-hop" | "full";
+export interface TrustTransitivityGuardConfig {
+    /**
+     * How far trust propagates:
+     *  - "none"    — only direct (registered) trust. A trusts B; B→C is NOT transitive.
+     *  - "one-hop" — A trusts B, B trusts C → A may trust C (but not C→D).
+     *  - "full"    — trust is transitive up to maxChainDepth.
+     * Default: "one-hop"
+     */
+    transitivity?: TransitivityMode;
+    /** Maximum chain length before trust is denied (default: 3) */
+    maxChainDepth?: number;
+    /**
+     * Fractional trust reduction per hop (0–1).
+     * E.g. 0.2 → each hop multiplies effective trust by 0.8.
+     * Default: 0.1
+     */
+    trustDecayPerHop?: number;
+    /**
+     * Minimum effective trust score required to pass (0–100).
+     * Default: 50
+     */
+    minTrustScore?: number;
+}
+export interface AgentTrustEntry {
+    agentId: string;
+    /** Trust score 0–100 — set when registering */
+    trustScore: number;
+    /** Other agent IDs this agent explicitly trusts */
+    trustedAgents: string[];
+}
+export interface TrustChainLink {
+    agentId: string;
+    /** Raw trust score of this agent */
+    trustScore: number;
+    /** Effective trust score after decay from this hop */
+    effectiveTrustScore: number;
+    /** Whether this hop is a direct (registered) trust relationship */
+    directTrust: boolean;
+}
+export interface TrustTransitivityResult {
+    allowed: boolean;
+    reason: string;
+    violations: string[];
+    request_id: string;
+    chain_analysis: {
+        chain: TrustChainLink[];
+        chain_depth: number;
+        final_effective_trust: number;
+        transitivity_mode: TransitivityMode;
+        depth_exceeded: boolean;
+        trust_below_minimum: boolean;
+        unknown_agents: string[];
+        broken_links: Array<{
+            from: string;
+            to: string;
+        }>;
+    };
+}
+export declare class TrustTransitivityGuard {
+    readonly guardName = "TrustTransitivityGuard";
+    readonly guardLayer = "L34";
+    private readonly config;
+    /** Registered agents and their trust relationships */
+    private readonly trustRegistry;
+    constructor(config?: TrustTransitivityGuardConfig);
+    /**
+     * Register an agent and declare which other agents it trusts.
+     */
+    registerAgent(entry: AgentTrustEntry): void;
+    /**
+     * Validate a trust chain from the first element (requester) through to the last
+     * element (the agent whose actions need approval).
+     *
+     * @param agentChain - Ordered list of agent IDs, index 0 is the root/trustor.
+     * @param requestId  - Optional trace ID.
+     */
+    validateTrustChain(agentChain: string[], requestId?: string): TrustTransitivityResult;
+    /** Update the trust score of a registered agent. */
+    updateTrustScore(agentId: string, score: number): void;
+    /** Check whether agentA directly trusts agentB (no transitivity). */
+    directlyTrusts(agentA: string, agentB: string): boolean;
+    /** Clear the trust registry. */
+    reset(): void;
+}

package/dist/guards/trust-transitivity-guard.js ADDED Viewed

@@ -0,0 +1 @@

+ "use strict";var __createBinding=this&&this.__createBinding||(Object.create?(function(s,t,i,r){r===void 0&&(r=i);var e=Object.getOwnPropertyDescriptor(t,i);(!e||("get"in e?!t.__esModule:e.writable||e.configurable))&&(e={enumerable:!0,get:function(){return t[i]}}),Object.defineProperty(s,r,e)}):(function(s,t,i,r){r===void 0&&(r=i),s[r]=t[i]})),__setModuleDefault=this&&this.__setModuleDefault||(Object.create?(function(s,t){Object.defineProperty(s,"default",{enumerable:!0,value:t})}):function(s,t){s.default=t}),__importStar=this&&this.__importStar||(function(){var s=function(t){return s=Object.getOwnPropertyNames||function(i){var r=[];for(var e in i)Object.prototype.hasOwnProperty.call(i,e)&&(r[r.length]=e);return r},s(t)};return function(t){if(t&&t.__esModule)return t;var i={};if(t!=null)for(var r=s(t),e=0;e<r.length;e++)r[e]!=="default"&&__createBinding(i,t,r[e]);return __setModuleDefault(i,t),i}})();Object.defineProperty(exports,"__esModule",{value:!0}),exports.TrustTransitivityGuard=void 0;const crypto=__importStar(require("crypto"));class TrustTransitivityGuard{constructor(t={}){this.guardName="TrustTransitivityGuard",this.guardLayer="L34",this.trustRegistry=new Map,this.config={transitivity:t.transitivity??"one-hop",maxChainDepth:t.maxChainDepth??3,trustDecayPerHop:t.trustDecayPerHop??.1,minTrustScore:t.minTrustScore??50}}registerAgent(t){this.trustRegistry.set(t.agentId,{...t})}validateTrustChain(t,i){const r=i??`ttg-${crypto.randomBytes(6).toString("hex")}`,e=[],d=[],p=[],c=[];if(t.length===0)return{allowed:!1,reason:"Empty agent chain",violations:["empty_chain"],request_id:r,chain_analysis:{chain:[],chain_depth:0,final_effective_trust:0,transitivity_mode:this.config.transitivity,depth_exceeded:!1,trust_below_minimum:!0,unknown_agents:[],broken_links:[]}};const a=t.length-1,_=a>this.config.maxChainDepth;_&&e.push(`chain_depth_exceeded: ${a} > max ${this.config.maxChainDepth}`),this.config.transitivity==="none"&&a>0?e.push("transitivity_disabled: only direct trust allowed"):this.config.transitivity==="one-hop"&&a>1&&e.push(`transitivity_one_hop: chain has ${a} hops, max 1`);let o=100;for(let u=0;u<t.length;u++){const n=t[u],h=this.trustRegistry.get(n);if(!h){d.push(n),e.push(`unknown_agent: ${n}`),c.push({agentId:n,trustScore:0,effectiveTrustScore:0,directTrust:!1}),o=0;continue}const m=u===0?1:Math.pow(1-this.config.trustDecayPerHop,u);o=Math.round(h.trustScore*m);let l=!1;if(u>0){const f=t[u-1],v=this.trustRegistry.get(f);v&&v.trustedAgents.includes(n)?l=!0:(p.push({from:f,to:n}),e.push(`broken_trust_link: ${f} \u2192 ${n}`))}else l=!0;c.push({agentId:n,trustScore:h.trustScore,effectiveTrustScore:o,directTrust:l})}const y=o<this.config.minTrustScore;y&&e.push(`effective_trust_too_low: ${o} < min ${this.config.minTrustScore}`);const g=e.length===0;return{allowed:g,reason:g?"Trust chain validated":`Trust chain rejected: ${e.slice(0,3).join("; ")}`,violations:e,request_id:r,chain_analysis:{chain:c,chain_depth:a,final_effective_trust:o,transitivity_mode:this.config.transitivity,depth_exceeded:_,trust_below_minimum:y,unknown_agents:d,broken_links:p}}}updateTrustScore(t,i){const r=this.trustRegistry.get(t);r&&(r.trustScore=Math.max(0,Math.min(100,i)))}directlyTrusts(t,i){return this.trustRegistry.get(t)?.trustedAgents.includes(i)??!1}reset(){this.trustRegistry.clear()}}exports.TrustTransitivityGuard=TrustTransitivityGuard;

package/dist/index.d.ts CHANGED Viewed

@@ -51,6 +51,9 @@ export { CompressionDetector, CompressionDetectorConfig, CompressionDetectorResu
 export { ExternalDataGuard, ExternalDataGuardConfig, ExternalDataGuardResult, DataProvenance } from "./guards/external-data-guard";
 export { AgentSkillGuard, AgentSkillGuardConfig, AgentSkillGuardResult, SkillDefinition, SkillThreat } from "./guards/agent-skill-guard";
 export { SessionIntegrityGuard, SessionIntegrityGuardConfig, SessionIntegrityResult, SessionState } from "./guards/session-integrity-guard";
+export { SpawnPolicyGuard, SpawnPolicyGuardConfig, SpawnRequest, SpawnPolicyResult } from "./guards/spawn-policy-guard";
+export { DelegationScopeGuard, DelegationScopeGuardConfig, DelegationRequest, DelegationScopeResult } from "./guards/delegation-scope-guard";
+export { TrustTransitivityGuard, TrustTransitivityGuardConfig, TransitivityMode, AgentTrustEntry, TrustChainLink, TrustTransitivityResult } from "./guards/trust-transitivity-guard";
 export { DetectionClassifier, DetectionResult, DetectionThreat, DetectionContext, createRegexClassifier, mergeDetectionResults } from "./detection-backend";
 import { InputSanitizer } from "./guards/input-sanitizer";
 import { ToolRegistry } from "./guards/tool-registry";

package/dist/index.js CHANGED Viewed

	@@ -1 +1 @@
1	- "use strict";var __createBinding=this&&this.__createBinding\|\|(Object.create?(function(l,e,i,o){o===void 0&&(o=i);var a=Object.getOwnPropertyDescriptor(e,i);(!a\|\|("get"in a?!e.__esModule:a.writable\|\|a.configurable))&&(a={enumerable:!0,get:function(){return e[i]}}),Object.defineProperty(l,o,a)}):(function(l,e,i,o){o===void 0&&(o=i),l[o]=e[i]})),__exportStar=this&&this.__exportStar\|\|function(l,e){for(var i in l)i!=="default"&&!Object.prototype.hasOwnProperty.call(e,i)&&__createBinding(e,l,i)},__importDefault=this&&this.__importDefault\|\|function(l){return l&&l.__esModule?l:{default:l}};Object.defineProperty(exports,"__esModule",{value:!0}),exports.TrustGuard=exports.mergeDetectionResults=exports.createRegexClassifier=exports.SessionIntegrityGuard=exports.AgentSkillGuard=exports.ExternalDataGuard=exports.CompressionDetector=exports.HeuristicAnalyzer=exports.TokenCostGuard=exports.OutputSchemaGuard=exports.ContextBudgetGuard=exports.ToolResultGuard=exports.StatePersistenceGuard=exports.AutonomyEscalationGuard=exports.TrustExploitationGuard=exports.PromptLeakageGuard=exports.MCPSecurityGuard=exports.DriftDetector=exports.CircuitBreaker=exports.AgentCommunicationGuard=exports.CodeExecutionGuard=exports.RAGGuard=exports.MemoryGuard=exports.MultiModalGuard=exports.EncodingDetector=exports.ToolChainValidator=exports.ConversationGuard=exports.OutputFilter=exports.ExecutionMonitor=exports.SchemaValidator=exports.TenantBoundary=exports.PolicyGate=exports.ToolRegistry=exports.InputSanitizer=void 0,__exportStar(require("./types"),exports);var input_sanitizer_1=require("./guards/input-sanitizer");Object.defineProperty(exports,"InputSanitizer",{enumerable:!0,get:function(){return input_sanitizer_1.InputSanitizer}});var tool_registry_1=require("./guards/tool-registry");Object.defineProperty(exports,"ToolRegistry",{enumerable:!0,get:function(){return tool_registry_1.ToolRegistry}});var policy_gate_1=require("./guards/policy-gate");Object.defineProperty(exports,"PolicyGate",{enumerable:!0,get:function(){return policy_gate_1.PolicyGate}});var tenant_boundary_1=require("./guards/tenant-boundary");Object.defineProperty(exports,"TenantBoundary",{enumerable:!0,get:function(){return tenant_boundary_1.TenantBoundary}});var schema_validator_1=require("./guards/schema-validator");Object.defineProperty(exports,"SchemaValidator",{enumerable:!0,get:function(){return schema_validator_1.SchemaValidator}});var execution_monitor_1=require("./guards/execution-monitor");Object.defineProperty(exports,"ExecutionMonitor",{enumerable:!0,get:function(){return execution_monitor_1.ExecutionMonitor}});var output_filter_1=require("./guards/output-filter");Object.defineProperty(exports,"OutputFilter",{enumerable:!0,get:function(){return output_filter_1.OutputFilter}});var conversation_guard_1=require("./guards/conversation-guard");Object.defineProperty(exports,"ConversationGuard",{enumerable:!0,get:function(){return conversation_guard_1.ConversationGuard}});var tool_chain_validator_1=require("./guards/tool-chain-validator");Object.defineProperty(exports,"ToolChainValidator",{enumerable:!0,get:function(){return tool_chain_validator_1.ToolChainValidator}});var encoding_detector_1=require("./guards/encoding-detector");Object.defineProperty(exports,"EncodingDetector",{enumerable:!0,get:function(){return encoding_detector_1.EncodingDetector}});var multimodal_guard_1=require("./guards/multimodal-guard");Object.defineProperty(exports,"MultiModalGuard",{enumerable:!0,get:function(){return multimodal_guard_1.MultiModalGuard}});var memory_guard_1=require("./guards/memory-guard");Object.defineProperty(exports,"MemoryGuard",{enumerable:!0,get:function(){return memory_guard_1.MemoryGuard}});var rag_guard_1=require("./guards/rag-guard");Object.defineProperty(exports,"RAGGuard",{enumerable:!0,get:function(){return rag_guard_1.RAGGuard}});var code_execution_guard_1=require("./guards/code-execution-guard");Object.defineProperty(exports,"CodeExecutionGuard",{enumerable:!0,get:function(){return code_execution_guard_1.CodeExecutionGuard}});var agent_communication_guard_1=require("./guards/agent-communication-guard");Object.defineProperty(exports,"AgentCommunicationGuard",{enumerable:!0,get:function(){return agent_communication_guard_1.AgentCommunicationGuard}});var circuit_breaker_1=require("./guards/circuit-breaker");Object.defineProperty(exports,"CircuitBreaker",{enumerable:!0,get:function(){return circuit_breaker_1.CircuitBreaker}});var drift_detector_1=require("./guards/drift-detector");Object.defineProperty(exports,"DriftDetector",{enumerable:!0,get:function(){return drift_detector_1.DriftDetector}});var mcp_security_guard_1=require("./guards/mcp-security-guard");Object.defineProperty(exports,"MCPSecurityGuard",{enumerable:!0,get:function(){return mcp_security_guard_1.MCPSecurityGuard}});var prompt_leakage_guard_1=require("./guards/prompt-leakage-guard");Object.defineProperty(exports,"PromptLeakageGuard",{enumerable:!0,get:function(){return prompt_leakage_guard_1.PromptLeakageGuard}});var trust_exploitation_guard_1=require("./guards/trust-exploitation-guard");Object.defineProperty(exports,"TrustExploitationGuard",{enumerable:!0,get:function(){return trust_exploitation_guard_1.TrustExploitationGuard}});var autonomy_escalation_guard_1=require("./guards/autonomy-escalation-guard");Object.defineProperty(exports,"AutonomyEscalationGuard",{enumerable:!0,get:function(){return autonomy_escalation_guard_1.AutonomyEscalationGuard}});var state_persistence_guard_1=require("./guards/state-persistence-guard");Object.defineProperty(exports,"StatePersistenceGuard",{enumerable:!0,get:function(){return state_persistence_guard_1.StatePersistenceGuard}});var tool_result_guard_1=require("./guards/tool-result-guard");Object.defineProperty(exports,"ToolResultGuard",{enumerable:!0,get:function(){return tool_result_guard_1.ToolResultGuard}});var context_budget_guard_1=require("./guards/context-budget-guard");Object.defineProperty(exports,"ContextBudgetGuard",{enumerable:!0,get:function(){return context_budget_guard_1.ContextBudgetGuard}});var output_schema_guard_1=require("./guards/output-schema-guard");Object.defineProperty(exports,"OutputSchemaGuard",{enumerable:!0,get:function(){return output_schema_guard_1.OutputSchemaGuard}});var token_cost_guard_1=require("./guards/token-cost-guard");Object.defineProperty(exports,"TokenCostGuard",{enumerable:!0,get:function(){return token_cost_guard_1.TokenCostGuard}});var heuristic_analyzer_1=require("./guards/heuristic-analyzer");Object.defineProperty(exports,"HeuristicAnalyzer",{enumerable:!0,get:function(){return heuristic_analyzer_1.HeuristicAnalyzer}});var compression_detector_1=require("./guards/compression-detector");Object.defineProperty(exports,"CompressionDetector",{enumerable:!0,get:function(){return compression_detector_1.CompressionDetector}});var external_data_guard_1=require("./guards/external-data-guard");Object.defineProperty(exports,"ExternalDataGuard",{enumerable:!0,get:function(){return external_data_guard_1.ExternalDataGuard}});var agent_skill_guard_1=require("./guards/agent-skill-guard");Object.defineProperty(exports,"AgentSkillGuard",{enumerable:!0,get:function(){return agent_skill_guard_1.AgentSkillGuard}});var session_integrity_guard_1=require("./guards/session-integrity-guard");Object.defineProperty(exports,"SessionIntegrityGuard",{enumerable:!0,get:function(){return session_integrity_guard_1.SessionIntegrityGuard}});var detection_backend_1=require("./detection-backend");Object.defineProperty(exports,"createRegexClassifier",{enumerable:!0,get:function(){return detection_backend_1.createRegexClassifier}}),Object.defineProperty(exports,"mergeDetectionResults",{enumerable:!0,get:function(){return detection_backend_1.mergeDetectionResults}});const crypto_1=__importDefault(require("crypto")),input_sanitizer_2=require("./guards/input-sanitizer"),tool_registry_2=require("./guards/tool-registry"),policy_gate_2=require("./guards/policy-gate"),tenant_boundary_2=require("./guards/tenant-boundary"),schema_validator_2=require("./guards/schema-validator"),execution_monitor_2=require("./guards/execution-monitor"),output_filter_2=require("./guards/output-filter"),conversation_guard_2=require("./guards/conversation-guard"),tool_chain_validator_2=require("./guards/tool-chain-validator"),encoding_detector_2=require("./guards/encoding-detector"),multimodal_guard_2=require("./guards/multimodal-guard"),memory_guard_2=require("./guards/memory-guard"),rag_guard_2=require("./guards/rag-guard"),code_execution_guard_2=require("./guards/code-execution-guard"),agent_communication_guard_2=require("./guards/agent-communication-guard"),circuit_breaker_2=require("./guards/circuit-breaker"),drift_detector_2=require("./guards/drift-detector"),mcp_security_guard_2=require("./guards/mcp-security-guard"),prompt_leakage_guard_2=require("./guards/prompt-leakage-guard"),trust_exploitation_guard_2=require("./guards/trust-exploitation-guard"),autonomy_escalation_guard_2=require("./guards/autonomy-escalation-guard"),state_persistence_guard_2=require("./guards/state-persistence-guard"),tool_result_guard_2=require("./guards/tool-result-guard"),context_budget_guard_2=require("./guards/context-budget-guard"),output_schema_guard_2=require("./guards/output-schema-guard"),token_cost_guard_2=require("./guards/token-cost-guard");class TrustGuard{constructor(e={}){this.metrics={totalChecks:0,blockedChecks:0,totalTimeMs:0,errors:0},this.logger=e.logger\|\|((o,a)=>{a==="error"?console.error(o):a==="warn"?console.warn(o):console.log(o)}),this.maxInputLength=e.maxInputLength??1e5,this.failMode=e.failMode??"closed",this.onBlock=e.onBlock,this.onAlert=e.onAlert,this.onError=e.onError;const i=e.logger\|\|void 0;if(e.sanitizer?.enabled!==!1&&(this.sanitizer=new input_sanitizer_2.InputSanitizer({threshold:e.sanitizer?.threshold,customPatterns:e.sanitizer?.customPatterns,detectPAP:e.sanitizer?.detectPAP,papThreshold:e.sanitizer?.papThreshold,minPersuasionTechniques:e.sanitizer?.minPersuasionTechniques,blockCompoundPersuasion:e.sanitizer?.blockCompoundPersuasion,logger:i})),e.registry?.enabled!==!1&&e.registry?.tools&&(this.registry=new tool_registry_2.ToolRegistry({tools:e.registry.tools,logger:i})),e.policy?.enabled!==!1&&(this.policy=new policy_gate_2.PolicyGate({roleHierarchy:e.policy?.roleHierarchy,logger:i})),e.tenant?.enabled!==!1){const o=e.tenant?.resourceOwnership?new Map(Object.entries(e.tenant.resourceOwnership).map(([a,r])=>[a,{resource_id:a,tenant_id:r.tenant_id}])):void 0;this.tenant=new tenant_boundary_2.TenantBoundary({resourceOwnership:o,logger:i})}e.schema?.enabled!==!1&&(this.schema=new schema_validator_2.SchemaValidator({strictTypes:e.schema?.strictTypes,logger:i})),e.execution?.enabled!==!1&&(this.execution=new execution_monitor_2.ExecutionMonitor({maxRequestsPerMinute:e.execution?.maxRequestsPerMinute,maxRequestsPerHour:e.execution?.maxRequestsPerHour,operationCosts:e.execution?.operationCosts,maxCostPerMinute:e.execution?.maxCostPerMinute,maxCostPerHour:e.execution?.maxCostPerHour,logger:i})),e.output?.enabled!==!1&&(this.output=new output_filter_2.OutputFilter({detectPII:e.output?.detectPII,detectSecrets:e.output?.detectSecrets,roleFilters:e.output?.roleFilters,logger:i})),e.conversation?.enabled!==!1&&(this.conversation=new conversation_guard_2.ConversationGuard({maxConversationLength:e.conversation?.maxConversationLength,escalationThreshold:e.conversation?.escalationThreshold,logger:i})),e.chain?.enabled!==!1&&(this.chain=new tool_chain_validator_2.ToolChainValidator({maxToolsPerRequest:e.chain?.maxToolsPerRequest,maxSensitiveToolsPerSession:e.chain?.maxSensitiveToolsPerSession,sensitiveTools:e.chain?.sensitiveTools,logger:i})),e.encoding?.enabled!==!1&&(this.encoding=new encoding_detector_2.EncodingDetector({maxDecodingDepth:e.encoding?.maxDecodingDepth,maxEncodedRatio:e.encoding?.maxEncodedRatio,logger:i})),e.multiModal?.enabled&&(this.multiModal=new multimodal_guard_2.MultiModalGuard({scanMetadata:e.multiModal.scanMetadata,detectBase64Payloads:e.multiModal.detectBase64Payloads,allowedMimeTypes:e.multiModal.allowedMimeTypes})),e.memory?.enabled&&(this.memoryGuard=new memory_guard_2.MemoryGuard({enableIntegrityCheck:e.memory.enableIntegrityCheck,detectInjections:e.memory.detectInjections,maxMemoryItems:e.memory.maxMemoryItems,signingKey:e.memory.signingKey,autoQuarantine:e.memory.autoQuarantine,riskThreshold:e.memory.riskThreshold})),e.rag?.enabled&&(this.ragGuard=new rag_guard_2.RAGGuard({detectInjections:e.rag.detectInjections,verifySource:e.rag.verifySource,trustedSources:e.rag.trustedSources,blockedSources:e.rag.blockedSources,maxDocumentSize:e.rag.maxDocumentSize,minTrustScore:e.rag.minTrustScore,detectEmbeddingAttacks:e.rag.detectEmbeddingAttacks})),e.codeExecution?.enabled&&(this.codeExecution=new code_execution_guard_2.CodeExecutionGuard({allowedLanguages:e.codeExecution.allowedLanguages,maxCodeLength:e.codeExecution.maxCodeLength,maxExecutionTime:e.codeExecution.maxExecutionTime,allowNetwork:e.codeExecution.allowNetwork,allowFileSystem:e.codeExecution.allowFileSystem,allowShell:e.codeExecution.allowShell,riskThreshold:e.codeExecution.riskThreshold})),e.agentCommunication?.enabled&&(this.agentCommunication=new agent_communication_guard_2.AgentCommunicationGuard({allowedAgents:e.agentCommunication.allowedAgents,requireSignatures:e.agentCommunication.requireSignatures,strictMode:e.agentCommunication.strictMode,maxMessageAge:e.agentCommunication.maxMessageAge})),e.circuitBreaker?.enabled&&(this.circuitBreaker=new circuit_breaker_2.CircuitBreaker({failureThreshold:e.circuitBreaker.failureThreshold,minimumRequests:e.circuitBreaker.minimumRequests,windowSize:e.circuitBreaker.windowSize,recoveryTimeout:e.circuitBreaker.recoveryTimeout,successThreshold:e.circuitBreaker.successThreshold})),e.driftDetector?.enabled&&(this.driftDetector=new drift_detector_2.DriftDetector({minimumSamples:e.driftDetector.minimumSamples,anomalyThreshold:e.driftDetector.anomalyThreshold,alertThreshold:e.driftDetector.alertThreshold,checkGoalAlignment:e.driftDetector.checkGoalAlignment})),e.mcpSecurity?.enabled&&(this.mcpSecurity=new mcp_security_guard_2.MCPSecurityGuard({detectToolShadowing:e.mcpSecurity.detectToolShadowing,toolBlocklist:e.mcpSecurity.toolBlocklist,strictMode:e.mcpSecurity.strictMode,minServerReputation:e.mcpSecurity.minServerReputation})),e.promptLeakage?.enabled&&(this.promptLeakage=new prompt_leakage_guard_2.PromptLeakageGuard({detectLeetspeak:e.promptLeakage.detectLeetspeak,detectROT13:e.promptLeakage.detectROT13,detectBase64:e.promptLeakage.detectBase64,detectIndirectExtraction:e.promptLeakage.detectIndirectExtraction,monitorOutput:e.promptLeakage.monitorOutput,systemPromptKeywords:e.promptLeakage.systemPromptKeywords,riskThreshold:e.promptLeakage.riskThreshold})),e.trustExploitation?.enabled&&(this.trustExploitation=new trust_exploitation_guard_2.TrustExploitationGuard({humanApprovalRequired:e.trustExploitation.humanApprovalRequired,maxAutonomousActions:e.trustExploitation.maxAutonomousActions,monitorGoalConsistency:e.trustExploitation.monitorGoalConsistency,detectPermissionEscalation:e.trustExploitation.detectPermissionEscalation,sensitiveActions:e.trustExploitation.sensitiveActions})),e.autonomyEscalation?.enabled&&(this.autonomyEscalation=new autonomy_escalation_guard_2.AutonomyEscalationGuard({maxAutonomyLevel:e.autonomyEscalation.maxAutonomyLevel,baseAutonomyLevel:e.autonomyEscalation.baseAutonomyLevel,detectSelfModification:e.autonomyEscalation.detectSelfModification,maxSubAgents:e.autonomyEscalation.maxSubAgents,enforceHITL:e.autonomyEscalation.enforceHITL,alwaysRequireHuman:e.autonomyEscalation.alwaysRequireHuman})),e.statePersistence?.enabled&&(this.statePersistence=new state_persistence_guard_2.StatePersistenceGuard({enableIntegrityCheck:e.statePersistence.enableIntegrityCheck,requireEncryption:e.statePersistence.requireEncryption,maxStateSize:e.statePersistence.maxStateSize,maxStateAge:e.statePersistence.maxStateAge,enforceSessionIsolation:e.statePersistence.enforceSessionIsolation,sensitiveKeys:e.statePersistence.sensitiveKeys,detectTampering:e.statePersistence.detectTampering})),e.toolResult?.enabled&&(this.toolResultGuard=new tool_result_guard_2.ToolResultGuard(e.toolResult)),e.contextBudget?.enabled&&(this.contextBudget=new context_budget_guard_2.ContextBudgetGuard(e.contextBudget)),e.outputSchema?.enabled&&(this.outputSchema=new output_schema_guard_2.OutputSchemaGuard(e.outputSchema)),e.tokenCost?.enabled&&(this.tokenCostGuard=new token_cost_guard_2.TokenCostGuard(e.tokenCost)),e.classifier&&(this.classifier=e.classifier)}check(e,i,o,a={}){const r=`req-${crypto_1.default.randomUUID()}`,s=[];this.logger(`[TrustGuard:${r}] Checking: ${e}`,"info");const n=Date.now();this.metrics.totalChecks++;try{const u=this.runChecks(e,i,o,a,r);return this.metrics.totalTimeMs+=Date.now()-n,u.allowed\|\|(this.metrics.blockedChecks++,this.onBlock&&this.onBlock(u.block_layer\|\|"UNKNOWN",u,r)),u}catch(u){this.metrics.totalTimeMs+=Date.now()-n,this.metrics.errors++;const t=u instanceof Error?u.message:String(u);return this.logger(`[TrustGuard:${r}] Guard error: ${t}`,"error"),this.onError&&this.onError("TrustGuard",u instanceof Error?u:new Error(t),r),this.failMode==="open"?{allowed:!0,all_violations:["GUARD_ERROR"],request_id:r}:{allowed:!1,block_reason:`Internal guard error: ${t}`,all_violations:["GUARD_ERROR"],request_id:r}}}runChecks(e,i,o,a,r){const s=[];if(a.userInput&&a.userInput.length>this.maxInputLength)return this.logger(`[TrustGuard:${r}] BLOCKED: Input too long (${a.userInput.length} > ${this.maxInputLength})`,"warn"),{allowed:!1,block_layer:"L1",block_reason:`Input length ${a.userInput.length} exceeds maximum ${this.maxInputLength}`,all_violations:["INPUT_TOO_LONG"],request_id:r};if(this.encoding&&a.userInput){const t=this.encoding.detect(a.userInput,r);if(!t.allowed)return this.logger(`[TrustGuard:${r}] BLOCKED by Encoding Detector`,"warn"),{allowed:!1,block_layer:"ENCODING",block_reason:t.reason,all_violations:t.violations,encoding:t,request_id:r};s.push(...t.violations)}if(this.sanitizer&&a.userInput){const t=this.sanitizer.sanitize(a.userInput,r);if(!t.allowed)return this.logger(`[TrustGuard:${r}] BLOCKED by L1`,"warn"),{allowed:!1,block_layer:"L1",block_reason:t.reason,all_violations:t.violations,sanitizer:t,request_id:r};s.push(...t.violations)}if(this.promptLeakage&&a.userInput){const t=this.promptLeakage.check(a.userInput,r);if(!t.allowed)return this.logger(`[TrustGuard:${r}] BLOCKED by Prompt Leakage Guard`,"warn"),{allowed:!1,block_layer:"PROMPT_LEAKAGE",block_reason:t.reason,all_violations:[...s,...t.violations],request_id:r};s.push(...t.violations)}if(this.memoryGuard&&a.userInput&&o?.session_id){const t=this.memoryGuard.validateContextInjection(a.userInput,o.session_id,r);if(!t.allowed)return this.logger(`[TrustGuard:${r}] BLOCKED by Memory Guard`,"warn"),{allowed:!1,block_layer:"MEMORY",block_reason:t.reason,all_violations:[...s,...t.violations],request_id:r};s.push(...t.violations)}if(this.conversation&&a.userInput&&o?.session_id){const t=this.conversation.check(o.session_id,a.userInput,[e],a.claimedRole,r);if(!t.allowed)return this.logger(`[TrustGuard:${r}] BLOCKED by Conversation Guard`,"warn"),{allowed:!1,block_layer:"CONV",block_reason:t.reason,all_violations:[...s,...t.violations],conversation:t,request_id:r};s.push(...t.violations)}let n;if(this.registry){const t=this.registry.check(e,o?.role\|\|"",r);if(!t.allowed)return this.logger(`[TrustGuard:${r}] BLOCKED by L2`,"warn"),{allowed:!1,block_layer:"L2",block_reason:t.reason,all_violations:[...s,...t.violations],registry:t,request_id:r};n=t.tool,s.push(...t.violations)}if(this.chain&&o?.session_id){const t=a.allToolsInRequest?this.chain.validateBatch(o.session_id,a.allToolsInRequest,r):this.chain.validate(o.session_id,e,void 0,r);if(!t.allowed)return this.logger(`[TrustGuard:${r}] BLOCKED by Tool Chain Validator`,"warn"),{allowed:!1,block_layer:"CHAIN",block_reason:t.reason,all_violations:[...s,...t.violations],chain:t,request_id:r};s.push(...t.violations)}if(this.policy&&n){const t=this.policy.check(n,i,o,a.claimedRole,r);if(!t.allowed)return this.logger(`[TrustGuard:${r}] BLOCKED by L3`,"warn"),{allowed:!1,block_layer:"L3",block_reason:t.reason,all_violations:[...s,...t.violations],policy:t,request_id:r};s.push(...t.violations)}else this.policy&&!n&&this.logger(`[TrustGuard:${r}] Policy gate skipped: no tool definition (registry disabled or tool not found)`,"warn");if(this.autonomyEscalation&&o?.session_id){const t=this.autonomyEscalation.validate(e,o.session_id,i,r);if(!t.allowed)return this.logger(`[TrustGuard:${r}] BLOCKED by Autonomy Escalation Guard`,"warn"),{allowed:!1,block_layer:"AUTONOMY",block_reason:t.reason,all_violations:[...s,...t.violations],request_id:r};s.push(...t.violations)}let u=i;if(this.tenant&&o){const t=this.tenant.check(e,i,o,r);if(!t.allowed)return this.logger(`[TrustGuard:${r}] BLOCKED by L4`,"warn"),{allowed:!1,block_layer:"L4",block_reason:t.reason,all_violations:[...s,...t.violations],tenant:t,request_id:r};t.enforced_params&&(u=t.enforced_params),s.push(...t.violations)}if(this.schema&&n){const t=this.schema.validate(n,u,r);if(!t.allowed)return this.logger(`[TrustGuard:${r}] BLOCKED by L5`,"warn"),{allowed:!1,block_layer:"L5",block_reason:t.reason,all_violations:[...s,...t.violations],schema:t,request_id:r};s.push(...t.violations)}if(this.execution){const t=this.execution.check(e,o?.user_id,o?.session_id,r);if(!t.allowed)return this.logger(`[TrustGuard:${r}] BLOCKED by L6`,"warn"),{allowed:!1,block_layer:"L6",block_reason:t.reason,all_violations:[...s,...t.violations],execution:t,request_id:r};s.push(...t.violations)}if(this.circuitBreaker){const t=this.circuitBreaker.check(e,r);if(!t.allowed)return this.logger(`[TrustGuard:${r}] BLOCKED by Circuit Breaker`,"warn"),{allowed:!1,block_layer:"L6",block_reason:t.reason,all_violations:[...s,"CIRCUIT_OPEN"],request_id:r}}return this.logger(`[TrustGuard:${r}] All checks PASSED`,"info"),{allowed:!0,all_violations:s,request_id:r}}filterOutput(e,i,o){let a=e,r=!1,s=!1,n=!1,u=!0;const t=typeof e=="string"?e:"";if(t.length>this.maxInputLength&&this.logger(`[TrustGuard] Output too long (${t.length}), truncating for filter`,"warn"),this.output){const c=this.output.filter(e,i,o);a=c.filtered_response,r=c.pii_detected.length>0,s=c.secrets_detected.length>0,c.allowed\|\|(u=!1)}if(this.promptLeakage){const c=typeof a=="string"?a:JSON.stringify(a),d=this.promptLeakage.checkOutput(c,o);d.leaked&&(u=!1,n=!0,d.sanitized_output&&(a=d.sanitized_output))}return{allowed:u,filtered:a,pii_detected:r,secrets_detected:s,prompt_leakage_detected:n}}completeOperation(e,i,o=!0){this.execution&&this.execution.completeOperation(e?.user_id,e?.session_id),this.circuitBreaker&&i&&(o?this.circuitBreaker.recordSuccess(i):this.circuitBreaker.recordFailure(i))}getToolsForRole(e){return this.registry?this.registry.getToolsForRole(e):[]}getMetrics(){const e=this.metrics.totalChecks>0?this.metrics.totalTimeMs/this.metrics.totalChecks:0;return{totalChecks:this.metrics.totalChecks,blockedChecks:this.metrics.blockedChecks,blockRate:this.metrics.totalChecks>0?this.metrics.blockedChecks/this.metrics.totalChecks:0,avgExecutionTimeMs:Math.round(e100)/100,errors:this.metrics.errors}}getGuards(){return{sanitizer:this.sanitizer,registry:this.registry,policy:this.policy,tenant:this.tenant,schema:this.schema,execution:this.execution,output:this.output,conversation:this.conversation,chain:this.chain,encoding:this.encoding,multiModal:this.multiModal,memory:this.memoryGuard,rag:this.ragGuard,codeExecution:this.codeExecution,agentCommunication:this.agentCommunication,circuitBreaker:this.circuitBreaker,driftDetector:this.driftDetector,mcpSecurity:this.mcpSecurity,promptLeakage:this.promptLeakage,trustExploitation:this.trustExploitation,autonomyEscalation:this.autonomyEscalation,statePersistence:this.statePersistence,toolResult:this.toolResultGuard,contextBudget:this.contextBudget,outputSchema:this.outputSchema,tokenCost:this.tokenCostGuard}}resetSession(e){this.conversation?.resetSession(e),this.chain?.resetSession(e),this.execution?.reset(void 0,e),this.memoryGuard?.clearSession(e),this.trustExploitation?.resetSession(e),this.autonomyEscalation?.resetSession(e),this.statePersistence?.resetSession(e),this.contextBudget?.resetSession(e)}destroy(){this.conversation?.destroy(),this.agentCommunication?.destroy(),this.contextBudget?.destroy(),this.tokenCostGuard?.destroy(),this.execution?.reset(),this.circuitBreaker?.resetAll(),this.driftDetector?.resetAgent?.("")}validateToolResult(e,i,o){if(!this.toolResultGuard)return{allowed:!0,violations:[]};const a=this.toolResultGuard.validateResult(e,i,o);return{allowed:a.allowed,violations:a.violations}}validateOutput(e,i,o){if(!this.outputSchema)return{allowed:!0,violations:[],threats:[]};const a=this.outputSchema.validate(e,i,o);return{allowed:a.allowed,violations:a.violations,threats:a.threats}}async checkAsync(e,i,o,a={}){const r=this.check(e,i,o,a);if(!this.classifier\|\|!r.allowed\|\|!a.userInput)return r;try{const s=await this.classifier(a.userInput,{type:"user_input",sessionId:o?.session_id});if(!s.safe)return{...r,allowed:!1,block_layer:"L1",block_reason:`Classifier detected threat: ${s.threats.map(n=>n.category).join(", ")}`,all_violations:[...r.all_violations,...s.threats.map(n=>`CLASSIFIER_${n.category.toUpperCase()}`)]}}catch(s){const n=s instanceof Error?s.message:String(s);this.logger(`[TrustGuard] Classifier error: ${n}`,"error")}return r}}exports.TrustGuard=TrustGuard,__exportStar(require("./integrations/index.js"),exports),exports.default=TrustGuard;
1	+ "use strict";var __createBinding=this&&this.__createBinding\|\|(Object.create?(function(l,e,i,o){o===void 0&&(o=i);var a=Object.getOwnPropertyDescriptor(e,i);(!a\|\|("get"in a?!e.__esModule:a.writable\|\|a.configurable))&&(a={enumerable:!0,get:function(){return e[i]}}),Object.defineProperty(l,o,a)}):(function(l,e,i,o){o===void 0&&(o=i),l[o]=e[i]})),__exportStar=this&&this.__exportStar\|\|function(l,e){for(var i in l)i!=="default"&&!Object.prototype.hasOwnProperty.call(e,i)&&__createBinding(e,l,i)},__importDefault=this&&this.__importDefault\|\|function(l){return l&&l.__esModule?l:{default:l}};Object.defineProperty(exports,"__esModule",{value:!0}),exports.TrustGuard=exports.mergeDetectionResults=exports.createRegexClassifier=exports.TrustTransitivityGuard=exports.DelegationScopeGuard=exports.SpawnPolicyGuard=exports.SessionIntegrityGuard=exports.AgentSkillGuard=exports.ExternalDataGuard=exports.CompressionDetector=exports.HeuristicAnalyzer=exports.TokenCostGuard=exports.OutputSchemaGuard=exports.ContextBudgetGuard=exports.ToolResultGuard=exports.StatePersistenceGuard=exports.AutonomyEscalationGuard=exports.TrustExploitationGuard=exports.PromptLeakageGuard=exports.MCPSecurityGuard=exports.DriftDetector=exports.CircuitBreaker=exports.AgentCommunicationGuard=exports.CodeExecutionGuard=exports.RAGGuard=exports.MemoryGuard=exports.MultiModalGuard=exports.EncodingDetector=exports.ToolChainValidator=exports.ConversationGuard=exports.OutputFilter=exports.ExecutionMonitor=exports.SchemaValidator=exports.TenantBoundary=exports.PolicyGate=exports.ToolRegistry=exports.InputSanitizer=void 0,__exportStar(require("./types"),exports);var input_sanitizer_1=require("./guards/input-sanitizer");Object.defineProperty(exports,"InputSanitizer",{enumerable:!0,get:function(){return input_sanitizer_1.InputSanitizer}});var tool_registry_1=require("./guards/tool-registry");Object.defineProperty(exports,"ToolRegistry",{enumerable:!0,get:function(){return tool_registry_1.ToolRegistry}});var policy_gate_1=require("./guards/policy-gate");Object.defineProperty(exports,"PolicyGate",{enumerable:!0,get:function(){return policy_gate_1.PolicyGate}});var tenant_boundary_1=require("./guards/tenant-boundary");Object.defineProperty(exports,"TenantBoundary",{enumerable:!0,get:function(){return tenant_boundary_1.TenantBoundary}});var schema_validator_1=require("./guards/schema-validator");Object.defineProperty(exports,"SchemaValidator",{enumerable:!0,get:function(){return schema_validator_1.SchemaValidator}});var execution_monitor_1=require("./guards/execution-monitor");Object.defineProperty(exports,"ExecutionMonitor",{enumerable:!0,get:function(){return execution_monitor_1.ExecutionMonitor}});var output_filter_1=require("./guards/output-filter");Object.defineProperty(exports,"OutputFilter",{enumerable:!0,get:function(){return output_filter_1.OutputFilter}});var conversation_guard_1=require("./guards/conversation-guard");Object.defineProperty(exports,"ConversationGuard",{enumerable:!0,get:function(){return conversation_guard_1.ConversationGuard}});var tool_chain_validator_1=require("./guards/tool-chain-validator");Object.defineProperty(exports,"ToolChainValidator",{enumerable:!0,get:function(){return tool_chain_validator_1.ToolChainValidator}});var encoding_detector_1=require("./guards/encoding-detector");Object.defineProperty(exports,"EncodingDetector",{enumerable:!0,get:function(){return encoding_detector_1.EncodingDetector}});var multimodal_guard_1=require("./guards/multimodal-guard");Object.defineProperty(exports,"MultiModalGuard",{enumerable:!0,get:function(){return multimodal_guard_1.MultiModalGuard}});var memory_guard_1=require("./guards/memory-guard");Object.defineProperty(exports,"MemoryGuard",{enumerable:!0,get:function(){return memory_guard_1.MemoryGuard}});var rag_guard_1=require("./guards/rag-guard");Object.defineProperty(exports,"RAGGuard",{enumerable:!0,get:function(){return rag_guard_1.RAGGuard}});var code_execution_guard_1=require("./guards/code-execution-guard");Object.defineProperty(exports,"CodeExecutionGuard",{enumerable:!0,get:function(){return code_execution_guard_1.CodeExecutionGuard}});var agent_communication_guard_1=require("./guards/agent-communication-guard");Object.defineProperty(exports,"AgentCommunicationGuard",{enumerable:!0,get:function(){return agent_communication_guard_1.AgentCommunicationGuard}});var circuit_breaker_1=require("./guards/circuit-breaker");Object.defineProperty(exports,"CircuitBreaker",{enumerable:!0,get:function(){return circuit_breaker_1.CircuitBreaker}});var drift_detector_1=require("./guards/drift-detector");Object.defineProperty(exports,"DriftDetector",{enumerable:!0,get:function(){return drift_detector_1.DriftDetector}});var mcp_security_guard_1=require("./guards/mcp-security-guard");Object.defineProperty(exports,"MCPSecurityGuard",{enumerable:!0,get:function(){return mcp_security_guard_1.MCPSecurityGuard}});var prompt_leakage_guard_1=require("./guards/prompt-leakage-guard");Object.defineProperty(exports,"PromptLeakageGuard",{enumerable:!0,get:function(){return prompt_leakage_guard_1.PromptLeakageGuard}});var trust_exploitation_guard_1=require("./guards/trust-exploitation-guard");Object.defineProperty(exports,"TrustExploitationGuard",{enumerable:!0,get:function(){return trust_exploitation_guard_1.TrustExploitationGuard}});var autonomy_escalation_guard_1=require("./guards/autonomy-escalation-guard");Object.defineProperty(exports,"AutonomyEscalationGuard",{enumerable:!0,get:function(){return autonomy_escalation_guard_1.AutonomyEscalationGuard}});var state_persistence_guard_1=require("./guards/state-persistence-guard");Object.defineProperty(exports,"StatePersistenceGuard",{enumerable:!0,get:function(){return state_persistence_guard_1.StatePersistenceGuard}});var tool_result_guard_1=require("./guards/tool-result-guard");Object.defineProperty(exports,"ToolResultGuard",{enumerable:!0,get:function(){return tool_result_guard_1.ToolResultGuard}});var context_budget_guard_1=require("./guards/context-budget-guard");Object.defineProperty(exports,"ContextBudgetGuard",{enumerable:!0,get:function(){return context_budget_guard_1.ContextBudgetGuard}});var output_schema_guard_1=require("./guards/output-schema-guard");Object.defineProperty(exports,"OutputSchemaGuard",{enumerable:!0,get:function(){return output_schema_guard_1.OutputSchemaGuard}});var token_cost_guard_1=require("./guards/token-cost-guard");Object.defineProperty(exports,"TokenCostGuard",{enumerable:!0,get:function(){return token_cost_guard_1.TokenCostGuard}});var heuristic_analyzer_1=require("./guards/heuristic-analyzer");Object.defineProperty(exports,"HeuristicAnalyzer",{enumerable:!0,get:function(){return heuristic_analyzer_1.HeuristicAnalyzer}});var compression_detector_1=require("./guards/compression-detector");Object.defineProperty(exports,"CompressionDetector",{enumerable:!0,get:function(){return compression_detector_1.CompressionDetector}});var external_data_guard_1=require("./guards/external-data-guard");Object.defineProperty(exports,"ExternalDataGuard",{enumerable:!0,get:function(){return external_data_guard_1.ExternalDataGuard}});var agent_skill_guard_1=require("./guards/agent-skill-guard");Object.defineProperty(exports,"AgentSkillGuard",{enumerable:!0,get:function(){return agent_skill_guard_1.AgentSkillGuard}});var session_integrity_guard_1=require("./guards/session-integrity-guard");Object.defineProperty(exports,"SessionIntegrityGuard",{enumerable:!0,get:function(){return session_integrity_guard_1.SessionIntegrityGuard}});var spawn_policy_guard_1=require("./guards/spawn-policy-guard");Object.defineProperty(exports,"SpawnPolicyGuard",{enumerable:!0,get:function(){return spawn_policy_guard_1.SpawnPolicyGuard}});var delegation_scope_guard_1=require("./guards/delegation-scope-guard");Object.defineProperty(exports,"DelegationScopeGuard",{enumerable:!0,get:function(){return delegation_scope_guard_1.DelegationScopeGuard}});var trust_transitivity_guard_1=require("./guards/trust-transitivity-guard");Object.defineProperty(exports,"TrustTransitivityGuard",{enumerable:!0,get:function(){return trust_transitivity_guard_1.TrustTransitivityGuard}});var detection_backend_1=require("./detection-backend");Object.defineProperty(exports,"createRegexClassifier",{enumerable:!0,get:function(){return detection_backend_1.createRegexClassifier}}),Object.defineProperty(exports,"mergeDetectionResults",{enumerable:!0,get:function(){return detection_backend_1.mergeDetectionResults}});const crypto_1=__importDefault(require("crypto")),input_sanitizer_2=require("./guards/input-sanitizer"),tool_registry_2=require("./guards/tool-registry"),policy_gate_2=require("./guards/policy-gate"),tenant_boundary_2=require("./guards/tenant-boundary"),schema_validator_2=require("./guards/schema-validator"),execution_monitor_2=require("./guards/execution-monitor"),output_filter_2=require("./guards/output-filter"),conversation_guard_2=require("./guards/conversation-guard"),tool_chain_validator_2=require("./guards/tool-chain-validator"),encoding_detector_2=require("./guards/encoding-detector"),multimodal_guard_2=require("./guards/multimodal-guard"),memory_guard_2=require("./guards/memory-guard"),rag_guard_2=require("./guards/rag-guard"),code_execution_guard_2=require("./guards/code-execution-guard"),agent_communication_guard_2=require("./guards/agent-communication-guard"),circuit_breaker_2=require("./guards/circuit-breaker"),drift_detector_2=require("./guards/drift-detector"),mcp_security_guard_2=require("./guards/mcp-security-guard"),prompt_leakage_guard_2=require("./guards/prompt-leakage-guard"),trust_exploitation_guard_2=require("./guards/trust-exploitation-guard"),autonomy_escalation_guard_2=require("./guards/autonomy-escalation-guard"),state_persistence_guard_2=require("./guards/state-persistence-guard"),tool_result_guard_2=require("./guards/tool-result-guard"),context_budget_guard_2=require("./guards/context-budget-guard"),output_schema_guard_2=require("./guards/output-schema-guard"),token_cost_guard_2=require("./guards/token-cost-guard"),SENSITIVITY_PRESETS={strict:{sanitizer:{threshold:.15,papThreshold:.25,minPersuasionTechniques:1},compression:{threshold:.6},encoding:{maxEncodedRatio:.05},promptLeakage:{riskThreshold:.3},rag:{minTrustScore:.8},drift:{anomalyThreshold:.5},memory:{riskThreshold:.3}},balanced:{sanitizer:{threshold:.3,papThreshold:.4,minPersuasionTechniques:2},compression:{threshold:.55},encoding:{maxEncodedRatio:.1},promptLeakage:{riskThreshold:.5},rag:{minTrustScore:.6},drift:{anomalyThreshold:.7},memory:{riskThreshold:.5}},permissive:{sanitizer:{threshold:.5,papThreshold:.6,minPersuasionTechniques:3},compression:{threshold:.45},encoding:{maxEncodedRatio:.2},promptLeakage:{riskThreshold:.7},rag:{minTrustScore:.4},drift:{anomalyThreshold:.85},memory:{riskThreshold:.7}}};class TrustGuard{constructor(e={}){this.metrics={totalChecks:0,blockedChecks:0,totalTimeMs:0,errors:0},this.logger=e.logger\|\|((a,r)=>{r==="error"?console.error(a):r==="warn"?console.warn(a):console.log(a)}),this.maxInputLength=e.maxInputLength??1e5,this.failMode=e.failMode??"closed",this.onBlock=e.onBlock,this.onAlert=e.onAlert,this.onError=e.onError;const i=e.logger\|\|void 0,o=SENSITIVITY_PRESETS[e.sensitivity??"balanced"];if(e.sanitizer?.enabled!==!1&&(this.sanitizer=new input_sanitizer_2.InputSanitizer({threshold:e.sanitizer?.threshold??o.sanitizer.threshold,customPatterns:e.sanitizer?.customPatterns,detectPAP:e.sanitizer?.detectPAP,papThreshold:e.sanitizer?.papThreshold??o.sanitizer.papThreshold,minPersuasionTechniques:e.sanitizer?.minPersuasionTechniques??o.sanitizer.minPersuasionTechniques,blockCompoundPersuasion:e.sanitizer?.blockCompoundPersuasion,logger:i})),e.registry?.enabled!==!1&&e.registry?.tools&&(this.registry=new tool_registry_2.ToolRegistry({tools:e.registry.tools,logger:i})),e.policy?.enabled!==!1&&(this.policy=new policy_gate_2.PolicyGate({roleHierarchy:e.policy?.roleHierarchy,logger:i})),e.tenant?.enabled!==!1){const a=e.tenant?.resourceOwnership?new Map(Object.entries(e.tenant.resourceOwnership).map(([r,s])=>[r,{resource_id:r,tenant_id:s.tenant_id}])):void 0;this.tenant=new tenant_boundary_2.TenantBoundary({resourceOwnership:a,logger:i})}e.schema?.enabled!==!1&&(this.schema=new schema_validator_2.SchemaValidator({strictTypes:e.schema?.strictTypes,logger:i})),e.execution?.enabled!==!1&&(this.execution=new execution_monitor_2.ExecutionMonitor({maxRequestsPerMinute:e.execution?.maxRequestsPerMinute,maxRequestsPerHour:e.execution?.maxRequestsPerHour,operationCosts:e.execution?.operationCosts,maxCostPerMinute:e.execution?.maxCostPerMinute,maxCostPerHour:e.execution?.maxCostPerHour,logger:i})),e.output?.enabled!==!1&&(this.output=new output_filter_2.OutputFilter({detectPII:e.output?.detectPII,detectSecrets:e.output?.detectSecrets,roleFilters:e.output?.roleFilters,logger:i})),e.conversation?.enabled!==!1&&(this.conversation=new conversation_guard_2.ConversationGuard({maxConversationLength:e.conversation?.maxConversationLength,escalationThreshold:e.conversation?.escalationThreshold,logger:i})),e.chain?.enabled!==!1&&(this.chain=new tool_chain_validator_2.ToolChainValidator({maxToolsPerRequest:e.chain?.maxToolsPerRequest,maxSensitiveToolsPerSession:e.chain?.maxSensitiveToolsPerSession,sensitiveTools:e.chain?.sensitiveTools,logger:i})),e.encoding?.enabled!==!1&&(this.encoding=new encoding_detector_2.EncodingDetector({maxDecodingDepth:e.encoding?.maxDecodingDepth,maxEncodedRatio:e.encoding?.maxEncodedRatio??o.encoding.maxEncodedRatio,logger:i})),e.multiModal?.enabled&&(this.multiModal=new multimodal_guard_2.MultiModalGuard({scanMetadata:e.multiModal.scanMetadata,detectBase64Payloads:e.multiModal.detectBase64Payloads,allowedMimeTypes:e.multiModal.allowedMimeTypes})),e.memory?.enabled&&(this.memoryGuard=new memory_guard_2.MemoryGuard({enableIntegrityCheck:e.memory.enableIntegrityCheck,detectInjections:e.memory.detectInjections,maxMemoryItems:e.memory.maxMemoryItems,signingKey:e.memory.signingKey,autoQuarantine:e.memory.autoQuarantine,riskThreshold:e.memory.riskThreshold??o.memory.riskThreshold})),e.rag?.enabled&&(this.ragGuard=new rag_guard_2.RAGGuard({detectInjections:e.rag.detectInjections,verifySource:e.rag.verifySource,trustedSources:e.rag.trustedSources,blockedSources:e.rag.blockedSources,maxDocumentSize:e.rag.maxDocumentSize,minTrustScore:e.rag.minTrustScore??o.rag.minTrustScore,detectEmbeddingAttacks:e.rag.detectEmbeddingAttacks})),e.codeExecution?.enabled&&(this.codeExecution=new code_execution_guard_2.CodeExecutionGuard({allowedLanguages:e.codeExecution.allowedLanguages,maxCodeLength:e.codeExecution.maxCodeLength,maxExecutionTime:e.codeExecution.maxExecutionTime,allowNetwork:e.codeExecution.allowNetwork,allowFileSystem:e.codeExecution.allowFileSystem,allowShell:e.codeExecution.allowShell,riskThreshold:e.codeExecution.riskThreshold})),e.agentCommunication?.enabled&&(this.agentCommunication=new agent_communication_guard_2.AgentCommunicationGuard({allowedAgents:e.agentCommunication.allowedAgents,requireSignatures:e.agentCommunication.requireSignatures,strictMode:e.agentCommunication.strictMode,maxMessageAge:e.agentCommunication.maxMessageAge})),e.circuitBreaker?.enabled&&(this.circuitBreaker=new circuit_breaker_2.CircuitBreaker({failureThreshold:e.circuitBreaker.failureThreshold,minimumRequests:e.circuitBreaker.minimumRequests,windowSize:e.circuitBreaker.windowSize,recoveryTimeout:e.circuitBreaker.recoveryTimeout,successThreshold:e.circuitBreaker.successThreshold})),e.driftDetector?.enabled&&(this.driftDetector=new drift_detector_2.DriftDetector({minimumSamples:e.driftDetector.minimumSamples,anomalyThreshold:e.driftDetector.anomalyThreshold??o.drift.anomalyThreshold,alertThreshold:e.driftDetector.alertThreshold,checkGoalAlignment:e.driftDetector.checkGoalAlignment})),e.mcpSecurity?.enabled&&(this.mcpSecurity=new mcp_security_guard_2.MCPSecurityGuard({detectToolShadowing:e.mcpSecurity.detectToolShadowing,toolBlocklist:e.mcpSecurity.toolBlocklist,strictMode:e.mcpSecurity.strictMode,minServerReputation:e.mcpSecurity.minServerReputation})),e.promptLeakage?.enabled&&(this.promptLeakage=new prompt_leakage_guard_2.PromptLeakageGuard({detectLeetspeak:e.promptLeakage.detectLeetspeak,detectROT13:e.promptLeakage.detectROT13,detectBase64:e.promptLeakage.detectBase64,detectIndirectExtraction:e.promptLeakage.detectIndirectExtraction,monitorOutput:e.promptLeakage.monitorOutput,systemPromptKeywords:e.promptLeakage.systemPromptKeywords,riskThreshold:e.promptLeakage.riskThreshold??o.promptLeakage.riskThreshold})),e.trustExploitation?.enabled&&(this.trustExploitation=new trust_exploitation_guard_2.TrustExploitationGuard({humanApprovalRequired:e.trustExploitation.humanApprovalRequired,maxAutonomousActions:e.trustExploitation.maxAutonomousActions,monitorGoalConsistency:e.trustExploitation.monitorGoalConsistency,detectPermissionEscalation:e.trustExploitation.detectPermissionEscalation,sensitiveActions:e.trustExploitation.sensitiveActions})),e.autonomyEscalation?.enabled&&(this.autonomyEscalation=new autonomy_escalation_guard_2.AutonomyEscalationGuard({maxAutonomyLevel:e.autonomyEscalation.maxAutonomyLevel,baseAutonomyLevel:e.autonomyEscalation.baseAutonomyLevel,detectSelfModification:e.autonomyEscalation.detectSelfModification,maxSubAgents:e.autonomyEscalation.maxSubAgents,enforceHITL:e.autonomyEscalation.enforceHITL,alwaysRequireHuman:e.autonomyEscalation.alwaysRequireHuman})),e.statePersistence?.enabled&&(this.statePersistence=new state_persistence_guard_2.StatePersistenceGuard({enableIntegrityCheck:e.statePersistence.enableIntegrityCheck,requireEncryption:e.statePersistence.requireEncryption,maxStateSize:e.statePersistence.maxStateSize,maxStateAge:e.statePersistence.maxStateAge,enforceSessionIsolation:e.statePersistence.enforceSessionIsolation,sensitiveKeys:e.statePersistence.sensitiveKeys,detectTampering:e.statePersistence.detectTampering})),e.toolResult?.enabled&&(this.toolResultGuard=new tool_result_guard_2.ToolResultGuard(e.toolResult)),e.contextBudget?.enabled&&(this.contextBudget=new context_budget_guard_2.ContextBudgetGuard(e.contextBudget)),e.outputSchema?.enabled&&(this.outputSchema=new output_schema_guard_2.OutputSchemaGuard(e.outputSchema)),e.tokenCost?.enabled&&(this.tokenCostGuard=new token_cost_guard_2.TokenCostGuard(e.tokenCost)),e.classifier&&(this.classifier=e.classifier)}check(e,i,o,a={}){const r=`req-${crypto_1.default.randomUUID()}`,s=[];this.logger(`[TrustGuard:${r}] Checking: ${e}`,"info");const n=Date.now();this.metrics.totalChecks++;try{const u=this.runChecks(e,i,o,a,r);return this.metrics.totalTimeMs+=Date.now()-n,u.allowed\|\|(this.metrics.blockedChecks++,this.onBlock&&this.onBlock(u.block_layer\|\|"UNKNOWN",u,r)),u}catch(u){this.metrics.totalTimeMs+=Date.now()-n,this.metrics.errors++;const t=u instanceof Error?u.message:String(u);return this.logger(`[TrustGuard:${r}] Guard error: ${t}`,"error"),this.onError&&this.onError("TrustGuard",u instanceof Error?u:new Error(t),r),this.failMode==="open"?{allowed:!0,all_violations:["GUARD_ERROR"],request_id:r}:{allowed:!1,block_reason:`Internal guard error: ${t}`,all_violations:["GUARD_ERROR"],request_id:r}}}runChecks(e,i,o,a,r){const s=[];if(a.userInput&&a.userInput.length>this.maxInputLength)return this.logger(`[TrustGuard:${r}] BLOCKED: Input too long (${a.userInput.length} > ${this.maxInputLength})`,"warn"),{allowed:!1,block_layer:"L1",block_reason:`Input length ${a.userInput.length} exceeds maximum ${this.maxInputLength}`,all_violations:["INPUT_TOO_LONG"],request_id:r};if(this.encoding&&a.userInput){const t=this.encoding.detect(a.userInput,r);if(!t.allowed)return this.logger(`[TrustGuard:${r}] BLOCKED by Encoding Detector`,"warn"),{allowed:!1,block_layer:"ENCODING",block_reason:t.reason,all_violations:t.violations,encoding:t,request_id:r};s.push(...t.violations)}if(this.sanitizer&&a.userInput){const t=this.sanitizer.sanitize(a.userInput,r);if(!t.allowed)return this.logger(`[TrustGuard:${r}] BLOCKED by L1`,"warn"),{allowed:!1,block_layer:"L1",block_reason:t.reason,all_violations:t.violations,sanitizer:t,request_id:r};s.push(...t.violations)}if(this.promptLeakage&&a.userInput){const t=this.promptLeakage.check(a.userInput,r);if(!t.allowed)return this.logger(`[TrustGuard:${r}] BLOCKED by Prompt Leakage Guard`,"warn"),{allowed:!1,block_layer:"PROMPT_LEAKAGE",block_reason:t.reason,all_violations:[...s,...t.violations],request_id:r};s.push(...t.violations)}if(this.memoryGuard&&a.userInput&&o?.session_id){const t=this.memoryGuard.validateContextInjection(a.userInput,o.session_id,r);if(!t.allowed)return this.logger(`[TrustGuard:${r}] BLOCKED by Memory Guard`,"warn"),{allowed:!1,block_layer:"MEMORY",block_reason:t.reason,all_violations:[...s,...t.violations],request_id:r};s.push(...t.violations)}if(this.conversation&&a.userInput&&o?.session_id){const t=this.conversation.check(o.session_id,a.userInput,[e],a.claimedRole,r);if(!t.allowed)return this.logger(`[TrustGuard:${r}] BLOCKED by Conversation Guard`,"warn"),{allowed:!1,block_layer:"CONV",block_reason:t.reason,all_violations:[...s,...t.violations],conversation:t,request_id:r};s.push(...t.violations)}let n;if(this.registry){const t=this.registry.check(e,o?.role\|\|"",r);if(!t.allowed)return this.logger(`[TrustGuard:${r}] BLOCKED by L2`,"warn"),{allowed:!1,block_layer:"L2",block_reason:t.reason,all_violations:[...s,...t.violations],registry:t,request_id:r};n=t.tool,s.push(...t.violations)}if(this.chain&&o?.session_id){const t=a.allToolsInRequest?this.chain.validateBatch(o.session_id,a.allToolsInRequest,r):this.chain.validate(o.session_id,e,void 0,r);if(!t.allowed)return this.logger(`[TrustGuard:${r}] BLOCKED by Tool Chain Validator`,"warn"),{allowed:!1,block_layer:"CHAIN",block_reason:t.reason,all_violations:[...s,...t.violations],chain:t,request_id:r};s.push(...t.violations)}if(this.policy&&n){const t=this.policy.check(n,i,o,a.claimedRole,r);if(!t.allowed)return this.logger(`[TrustGuard:${r}] BLOCKED by L3`,"warn"),{allowed:!1,block_layer:"L3",block_reason:t.reason,all_violations:[...s,...t.violations],policy:t,request_id:r};s.push(...t.violations)}else this.policy&&!n&&this.logger(`[TrustGuard:${r}] Policy gate skipped: no tool definition (registry disabled or tool not found)`,"warn");if(this.autonomyEscalation&&o?.session_id){const t=this.autonomyEscalation.validate(e,o.session_id,i,r);if(!t.allowed)return this.logger(`[TrustGuard:${r}] BLOCKED by Autonomy Escalation Guard`,"warn"),{allowed:!1,block_layer:"AUTONOMY",block_reason:t.reason,all_violations:[...s,...t.violations],request_id:r};s.push(...t.violations)}let u=i;if(this.tenant&&o){const t=this.tenant.check(e,i,o,r);if(!t.allowed)return this.logger(`[TrustGuard:${r}] BLOCKED by L4`,"warn"),{allowed:!1,block_layer:"L4",block_reason:t.reason,all_violations:[...s,...t.violations],tenant:t,request_id:r};t.enforced_params&&(u=t.enforced_params),s.push(...t.violations)}if(this.schema&&n){const t=this.schema.validate(n,u,r);if(!t.allowed)return this.logger(`[TrustGuard:${r}] BLOCKED by L5`,"warn"),{allowed:!1,block_layer:"L5",block_reason:t.reason,all_violations:[...s,...t.violations],schema:t,request_id:r};s.push(...t.violations)}if(this.execution){const t=this.execution.check(e,o?.user_id,o?.session_id,r);if(!t.allowed)return this.logger(`[TrustGuard:${r}] BLOCKED by L6`,"warn"),{allowed:!1,block_layer:"L6",block_reason:t.reason,all_violations:[...s,...t.violations],execution:t,request_id:r};s.push(...t.violations)}if(this.circuitBreaker){const t=this.circuitBreaker.check(e,r);if(!t.allowed)return this.logger(`[TrustGuard:${r}] BLOCKED by Circuit Breaker`,"warn"),{allowed:!1,block_layer:"L6",block_reason:t.reason,all_violations:[...s,"CIRCUIT_OPEN"],request_id:r}}return this.logger(`[TrustGuard:${r}] All checks PASSED`,"info"),{allowed:!0,all_violations:s,request_id:r}}filterOutput(e,i,o){let a=e,r=!1,s=!1,n=!1,u=!0;const t=typeof e=="string"?e:"";if(t.length>this.maxInputLength&&this.logger(`[TrustGuard] Output too long (${t.length}), truncating for filter`,"warn"),this.output){const d=this.output.filter(e,i,o);a=d.filtered_response,r=d.pii_detected.length>0,s=d.secrets_detected.length>0,d.allowed\|\|(u=!1)}if(this.promptLeakage){const d=typeof a=="string"?a:JSON.stringify(a),c=this.promptLeakage.checkOutput(d,o);c.leaked&&(u=!1,n=!0,c.sanitized_output&&(a=c.sanitized_output))}return{allowed:u,filtered:a,pii_detected:r,secrets_detected:s,prompt_leakage_detected:n}}completeOperation(e,i,o=!0){this.execution&&this.execution.completeOperation(e?.user_id,e?.session_id),this.circuitBreaker&&i&&(o?this.circuitBreaker.recordSuccess(i):this.circuitBreaker.recordFailure(i))}getToolsForRole(e){return this.registry?this.registry.getToolsForRole(e):[]}getMetrics(){const e=this.metrics.totalChecks>0?this.metrics.totalTimeMs/this.metrics.totalChecks:0;return{totalChecks:this.metrics.totalChecks,blockedChecks:this.metrics.blockedChecks,blockRate:this.metrics.totalChecks>0?this.metrics.blockedChecks/this.metrics.totalChecks:0,avgExecutionTimeMs:Math.round(e100)/100,errors:this.metrics.errors}}getGuards(){return{sanitizer:this.sanitizer,registry:this.registry,policy:this.policy,tenant:this.tenant,schema:this.schema,execution:this.execution,output:this.output,conversation:this.conversation,chain:this.chain,encoding:this.encoding,multiModal:this.multiModal,memory:this.memoryGuard,rag:this.ragGuard,codeExecution:this.codeExecution,agentCommunication:this.agentCommunication,circuitBreaker:this.circuitBreaker,driftDetector:this.driftDetector,mcpSecurity:this.mcpSecurity,promptLeakage:this.promptLeakage,trustExploitation:this.trustExploitation,autonomyEscalation:this.autonomyEscalation,statePersistence:this.statePersistence,toolResult:this.toolResultGuard,contextBudget:this.contextBudget,outputSchema:this.outputSchema,tokenCost:this.tokenCostGuard}}resetSession(e){this.conversation?.resetSession(e),this.chain?.resetSession(e),this.execution?.reset(void 0,e),this.memoryGuard?.clearSession(e),this.trustExploitation?.resetSession(e),this.autonomyEscalation?.resetSession(e),this.statePersistence?.resetSession(e),this.contextBudget?.resetSession(e)}destroy(){this.conversation?.destroy(),this.agentCommunication?.destroy(),this.contextBudget?.destroy(),this.tokenCostGuard?.destroy(),this.execution?.reset(),this.circuitBreaker?.resetAll(),this.driftDetector?.resetAgent?.("")}validateToolResult(e,i,o){if(!this.toolResultGuard)return{allowed:!0,violations:[]};const a=this.toolResultGuard.validateResult(e,i,o);return{allowed:a.allowed,violations:a.violations}}validateOutput(e,i,o){if(!this.outputSchema)return{allowed:!0,violations:[],threats:[]};const a=this.outputSchema.validate(e,i,o);return{allowed:a.allowed,violations:a.violations,threats:a.threats}}async checkAsync(e,i,o,a={}){const r=this.check(e,i,o,a);if(!this.classifier\|\|!r.allowed\|\|!a.userInput)return r;try{const s=await this.classifier(a.userInput,{type:"user_input",sessionId:o?.session_id});if(!s.safe)return{...r,allowed:!1,block_layer:"L1",block_reason:`Classifier detected threat: ${s.threats.map(n=>n.category).join(", ")}`,all_violations:[...r.all_violations,...s.threats.map(n=>`CLASSIFIER_${n.category.toUpperCase()}`)]}}catch(s){const n=s instanceof Error?s.message:String(s);this.logger(`[TrustGuard] Classifier error: ${n}`,"error")}return r}}exports.TrustGuard=TrustGuard,__exportStar(require("./integrations/index.js"),exports),exports.default=TrustGuard;