milens 0.6.1 → 0.6.3

package/dist/gateway/context-memory.d.ts

@@ -0,0 +1,68 @@
+/** A shared context entry */
+interface ContextEntry {
+    key: string;
+    value: string;
+    source: string;
+    addedAt: number;
+    hash: string;
+    tags: string[];
+}
+/** Change notification */
+interface ContextChange {
+    type: 'add' | 'update' | 'remove';
+    key: string;
+    value?: string;
+    source: string;
+    timestamp: number;
+}
+type ChangeListener = (change: ContextChange) => void;
+export declare class ContextMemory {
+    private agents;
+    private entries;
+    private listeners;
+    private changeLog;
+    private maxEntries;
+    private maxChangeLog;
+    constructor(opts?: {
+        maxEntries?: number;
+        maxChangeLog?: number;
+    });
+    /** Register a new agent session */
+    registerAgent(name: string, role: string): string;
+    /** Remove an agent session */
+    removeAgent(agentId: string): void;
+    /** Add or update a context entry (dedup by content hash) */
+    set(agentId: string, key: string, value: string, tags?: string[]): boolean;
+    /** Get a context entry */
+    get(key: string): string | undefined;
+    /** Remove a context entry */
+    remove(agentId: string, key: string): boolean;
+    /** Get all context entries matching tags */
+    getByTags(tags: string[]): ContextEntry[];
+    /** Get all context contributed by a specific agent */
+    getByAgent(agentId: string): ContextEntry[];
+    /** Subscribe to context changes */
+    subscribe(agentId: string, listener: ChangeListener): void;
+    /** Get changes since a timestamp */
+    getChangesSince(since: number): ContextChange[];
+    /** Build a summary string of shared context (for injection into prompts) */
+    buildContextSummary(maxTokens?: number): string;
+    /** List active agents */
+    listAgents(): {
+        id: string;
+        name: string;
+        role: string;
+        contextCount: number;
+        lastActive: number;
+    }[];
+    /** Get stats */
+    getStats(): {
+        agents: number;
+        entries: number;
+        changeLogSize: number;
+    };
+    private recordChange;
+    private evictOldest;
+}
+export {};
+//# sourceMappingURL=context-memory.d.ts.map

package/dist/gateway/context-memory.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"context-memory.d.ts","sourceRoot":"","sources":["../../src/gateway/context-memory.ts"],"names":[],"mappings":"AAcA,6BAA6B;AAC7B,UAAU,YAAY;IACpB,GAAG,EAAE,MAAM,CAAC;IACZ,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,EAAE,CAAC;CAChB;AAED,0BAA0B;AAC1B,UAAU,aAAa;IACrB,IAAI,EAAE,KAAK,GAAG,QAAQ,GAAG,QAAQ,CAAC;IAClC,GAAG,EAAE,MAAM,CAAC;IACZ,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,KAAK,cAAc,GAAG,CAAC,MAAM,EAAE,aAAa,KAAK,IAAI,CAAC;AAEtD,qBAAa,aAAa;IACxB,OAAO,CAAC,MAAM,CAAmC;IACjD,OAAO,CAAC,OAAO,CAAmC;IAClD,OAAO,CAAC,SAAS,CAAqC;IACtD,OAAO,CAAC,SAAS,CAAuB;IACxC,OAAO,CAAC,UAAU,CAAS;IAC3B,OAAO,CAAC,YAAY,CAAS;gBAEjB,IAAI,GAAE;QAAE,UAAU,CAAC,EAAE,MAAM,CAAC;QAAC,YAAY,CAAC,EAAE,MAAM,CAAA;KAAO;IAKrE,mCAAmC;IACnC,aAAa,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,MAAM;IAWjD,8BAA8B;IAC9B,WAAW,CAAC,OAAO,EAAE,MAAM,GAAG,IAAI;IAKlC,4DAA4D;IAC5D,GAAG,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,IAAI,GAAE,MAAM,EAAO,GAAG,OAAO;IAgC9E,0BAA0B;IAC1B,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS;IAIpC,6BAA6B;IAC7B,MAAM,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,OAAO;IAY7C,4CAA4C;IAC5C,SAAS,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,YAAY,EAAE;IAOzC,sDAAsD;IACtD,UAAU,CAAC,OAAO,EAAE,MAAM,GAAG,YAAY,EAAE;IAQ3C,mCAAmC;IACnC,SAAS,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,cAAc,GAAG,IAAI;IAI1D,oCAAoC;IACpC,eAAe,CAAC,KAAK,EAAE,MAAM,GAAG,aAAa,EAAE;IAI/C,4EAA4E;IAC5E,mBAAmB,CAAC,SAAS,SAAO,GAAG,MAAM;IAoB7C,yBAAyB;IACzB,UAAU,IAAI;QAAE,EAAE,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAC;QAAC,YAAY,EAAE,MAAM,CAAC;QAAC,UAAU,EAAE,MAAM,CAAA;KAAE,EAAE;IAUpG,gBAAgB;IAChB,QAAQ;;;;;IAQR,OAAO,CAAC,YAAY;IAcpB,OAAO,CAAC,WAAW;CASpB"}

package/dist/gateway/context-memory.js

@@ -0,0 +1,157 @@
+// ── Context Memory — shared context across multi-agent sessions ──
+import { createHash, randomUUID } from 'node:crypto';
+export class ContextMemory {
+    agents = new Map();
+    entries = new Map();
+    listeners = new Map();
+    changeLog = [];
+    maxEntries;
+    maxChangeLog;
+    constructor(opts = {}) {
+        this.maxEntries = opts.maxEntries ?? 500;
+        this.maxChangeLog = opts.maxChangeLog ?? 1000;
+    }
+    /** Register a new agent session */
+    registerAgent(name, role) {
+        const id = randomUUID().slice(0, 8);
+        this.agents.set(id, {
+            id, name, role,
+            joinedAt: Date.now(),
+            lastActive: Date.now(),
+            contextKeys: new Set(),
+        });
+        return id;
+    }
+    /** Remove an agent session */
+    removeAgent(agentId) {
+        this.agents.delete(agentId);
+        this.listeners.delete(agentId);
+    }
+    /** Add or update a context entry (dedup by content hash) */
+    set(agentId, key, value, tags = []) {
+        const agent = this.agents.get(agentId);
+        if (!agent)
+            return false;
+        const hash = createHash('sha256').update(value).digest('hex').slice(0, 12);
+        // Check for duplicate content under a different key
+        const existing = this.entries.get(key);
+        if (existing && existing.hash === hash) {
+            return false; // No change
+        }
+        // Enforce capacity
+        if (!existing && this.entries.size >= this.maxEntries) {
+            this.evictOldest();
+        }
+        const changeType = existing ? 'update' : 'add';
+        this.entries.set(key, {
+            key, value,
+            source: agentId,
+            addedAt: Date.now(),
+            hash,
+            tags,
+        });
+        agent.contextKeys.add(key);
+        agent.lastActive = Date.now();
+        this.recordChange({ type: changeType, key, value, source: agentId, timestamp: Date.now() });
+        return true;
+    }
+    /** Get a context entry */
+    get(key) {
+        return this.entries.get(key)?.value;
+    }
+    /** Remove a context entry */
+    remove(agentId, key) {
+        const entry = this.entries.get(key);
+        if (!entry)
+            return false;
+        this.entries.delete(key);
+        const agent = this.agents.get(agentId);
+        agent?.contextKeys.delete(key);
+        this.recordChange({ type: 'remove', key, source: agentId, timestamp: Date.now() });
+        return true;
+    }
+    /** Get all context entries matching tags */
+    getByTags(tags) {
+        const tagSet = new Set(tags);
+        return [...this.entries.values()].filter(e => e.tags.some(t => tagSet.has(t)));
+    }
+    /** Get all context contributed by a specific agent */
+    getByAgent(agentId) {
+        const agent = this.agents.get(agentId);
+        if (!agent)
+            return [];
+        return [...agent.contextKeys]
+            .map(k => this.entries.get(k))
+            .filter((e) => e !== undefined);
+    }
+    /** Subscribe to context changes */
+    subscribe(agentId, listener) {
+        this.listeners.set(agentId, listener);
+    }
+    /** Get changes since a timestamp */
+    getChangesSince(since) {
+        return this.changeLog.filter(c => c.timestamp > since);
+    }
+    /** Build a summary string of shared context (for injection into prompts) */
+    buildContextSummary(maxTokens = 2000) {
+        const entries = [...this.entries.values()]
+            .sort((a, b) => b.addedAt - a.addedAt);
+        const lines = [];
+        let approxTokens = 0;
+        for (const entry of entries) {
+            const line = `[${entry.tags.join(',')}] ${entry.key}: ${entry.value}`;
+            const lineTokens = Math.ceil(line.length / 4);
+            if (approxTokens + lineTokens > maxTokens)
+                break;
+            lines.push(line);
+            approxTokens += lineTokens;
+        }
+        return lines.length
+            ? `--- Shared Context (${this.agents.size} agents) ---\n${lines.join('\n')}`
+            : '';
+    }
+    /** List active agents */
+    listAgents() {
+        return [...this.agents.values()].map(a => ({
+            id: a.id,
+            name: a.name,
+            role: a.role,
+            contextCount: a.contextKeys.size,
+            lastActive: a.lastActive,
+        }));
+    }
+    /** Get stats */
+    getStats() {
+        return {
+            agents: this.agents.size,
+            entries: this.entries.size,
+            changeLogSize: this.changeLog.length,
+        };
+    }
+    recordChange(change) {
+        this.changeLog.push(change);
+        if (this.changeLog.length > this.maxChangeLog) {
+            this.changeLog = this.changeLog.slice(-Math.floor(this.maxChangeLog * 0.8));
+        }
+        // Notify other agents
+        for (const [agentId, listener] of this.listeners) {
+            if (agentId !== change.source) {
+                try {
+                    listener(change);
+                }
+                catch { /* ignore listener errors */ }
+            }
+        }
+    }
+    evictOldest() {
+        let oldest = null;
+        for (const entry of this.entries.values()) {
+            if (!oldest || entry.addedAt < oldest.addedAt)
+                oldest = entry;
+        }
+        if (oldest) {
+            this.entries.delete(oldest.key);
+        }
+    }
+}
+//# sourceMappingURL=context-memory.js.map

package/dist/gateway/context-memory.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"context-memory.js","sourceRoot":"","sources":["../../src/gateway/context-memory.ts"],"names":[],"mappings":"AAAA,oEAAoE;AAEpE,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAiCrD,MAAM,OAAO,aAAa;IAChB,MAAM,GAAG,IAAI,GAAG,EAAwB,CAAC;IACzC,OAAO,GAAG,IAAI,GAAG,EAAwB,CAAC;IAC1C,SAAS,GAAG,IAAI,GAAG,EAA0B,CAAC;IAC9C,SAAS,GAAoB,EAAE,CAAC;IAChC,UAAU,CAAS;IACnB,YAAY,CAAS;IAE7B,YAAY,OAAuD,EAAE;QACnE,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,UAAU,IAAI,GAAG,CAAC;QACzC,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC,YAAY,IAAI,IAAI,CAAC;IAChD,CAAC;IAED,mCAAmC;IACnC,aAAa,CAAC,IAAY,EAAE,IAAY;QACtC,MAAM,EAAE,GAAG,UAAU,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QACpC,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,EAAE;YAClB,EAAE,EAAE,IAAI,EAAE,IAAI;YACd,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE;YACpB,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE;YACtB,WAAW,EAAE,IAAI,GAAG,EAAE;SACvB,CAAC,CAAC;QACH,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,8BAA8B;IAC9B,WAAW,CAAC,OAAe;QACzB,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QAC5B,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IACjC,CAAC;IAED,4DAA4D;IAC5D,GAAG,CAAC,OAAe,EAAE,GAAW,EAAE,KAAa,EAAE,OAAiB,EAAE;QAClE,MAAM,KAAK,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QACvC,IAAI,CAAC,KAAK;YAAE,OAAO,KAAK,CAAC;QAEzB,MAAM,IAAI,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAE3E,oDAAoD;QACpD,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACvC,IAAI,QAAQ,IAAI,QAAQ,CAAC,IAAI,KAAK,IAAI,EAAE,CAAC;YACvC,OAAO,KAAK,CAAC,CAAC,YAAY;QAC5B,CAAC;QAED,mBAAmB;QACnB,IAAI,CAAC,QAAQ,IAAI,IAAI,CAAC,OAAO,CAAC,IAAI,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;YACtD,IAAI,CAAC,WAAW,EAAE,CAAC;QACrB,CAAC;QAED,MAAM,UAAU,GAAG,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC;QAC/C,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE;YACpB,GAAG,EAAE,KAAK;YACV,MAAM,EAAE,OAAO;YACf,OAAO,EAAE,IAAI,CAAC,GAAG,EAAE;YACnB,IAAI;YACJ,IAAI;SACL,CAAC,CAAC;QACH,KAAK,CAAC,WAAW,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAC3B,KAAK,CAAC,UAAU,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAE9B,IAAI,CAAC,YAAY,CAAC,EAAE,IAAI,EAAE,UAAU,EAAE,GAAG,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAC5F,OAAO,IAAI,CAAC;IACd,CAAC;IAED,0BAA0B;IAC1B,GAAG,CAAC,GAAW;QACb,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,KAAK,CAAC;IACtC,CAAC;IAED,6BAA6B;IAC7B,MAAM,CAAC,OAAe,EAAE,GAAW;QACjC,MAAM,KAAK,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACpC,IAAI,CAAC,KAAK;YAAE,OAAO,KAAK,CAAC;QAEzB,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACzB,MAAM,KAAK,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QACvC,KAAK,EAAE,WAAW,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAE/B,IAAI,CAAC,YAAY,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QACnF,OAAO,IAAI,CAAC;IACd,CAAC;IAED,4CAA4C;IAC5C,SAAS,CAAC,IAAc;QACtB,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,CAAC;QAC7B,OAAO,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC,MAAM,CACtC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CACrC,CAAC;IACJ,CAAC;IAED,sDAAsD;IACtD,UAAU,CAAC,OAAe;QACxB,MAAM,KAAK,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QACvC,IAAI,CAAC,KAAK;YAAE,OAAO,EAAE,CAAC;QACtB,OAAO,CAAC,GAAG,KAAK,CAAC,WAAW,CAAC;aAC1B,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;aAC7B,MAAM,CAAC,CAAC,CAAC,EAAqB,EAAE,CAAC,CAAC,KAAK,SAAS,CAAC,CAAC;IACvD,CAAC;IAED,mCAAmC;IACnC,SAAS,CAAC,OAAe,EAAE,QAAwB;QACjD,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;IACxC,CAAC;IAED,oCAAoC;IACpC,eAAe,CAAC,KAAa;QAC3B,OAAO,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,GAAG,KAAK,CAAC,CAAC;IACzD,CAAC;IAED,4EAA4E;IAC5E,mBAAmB,CAAC,SAAS,GAAG,IAAI;QAClC,MAAM,OAAO,GAAG,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC;aACvC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC;QAEzC,MAAM,KAAK,GAAa,EAAE,CAAC;QAC3B,IAAI,YAAY,GAAG,CAAC,CAAC;QAErB,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;YAC5B,MAAM,IAAI,GAAG,IAAI,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,KAAK,CAAC,GAAG,KAAK,KAAK,CAAC,KAAK,EAAE,CAAC;YACtE,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;YAC9C,IAAI,YAAY,GAAG,UAAU,GAAG,SAAS;gBAAE,MAAM;YACjD,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACjB,YAAY,IAAI,UAAU,CAAC;QAC7B,CAAC;QAED,OAAO,KAAK,CAAC,MAAM;YACjB,CAAC,CAAC,uBAAuB,IAAI,CAAC,MAAM,CAAC,IAAI,iBAAiB,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;YAC5E,CAAC,CAAC,EAAE,CAAC;IACT,CAAC;IAED,yBAAyB;IACzB,UAAU;QACR,OAAO,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;YACzC,EAAE,EAAE,CAAC,CAAC,EAAE;YACR,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,YAAY,EAAE,CAAC,CAAC,WAAW,CAAC,IAAI;YAChC,UAAU,EAAE,CAAC,CAAC,UAAU;SACzB,CAAC,CAAC,CAAC;IACN,CAAC;IAED,gBAAgB;IAChB,QAAQ;QACN,OAAO;YACL,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,IAAI;YACxB,OAAO,EAAE,IAAI,CAAC,OAAO,CAAC,IAAI;YAC1B,aAAa,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM;SACrC,CAAC;IACJ,CAAC;IAEO,YAAY,CAAC,MAAqB;QACxC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAC5B,IAAI,IAAI,CAAC,SAAS,CAAC,MAAM,GAAG,IAAI,CAAC,YAAY,EAAE,CAAC;YAC9C,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,YAAY,GAAG,GAAG,CAAC,CAAC,CAAC;QAC9E,CAAC;QAED,sBAAsB;QACtB,KAAK,MAAM,CAAC,OAAO,EAAE,QAAQ,CAAC,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;YACjD,IAAI,OAAO,KAAK,MAAM,CAAC,MAAM,EAAE,CAAC;gBAC9B,IAAI,CAAC;oBAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;gBAAC,CAAC;gBAAC,MAAM,CAAC,CAAC,4BAA4B,CAAC,CAAC;YAClE,CAAC;QACH,CAAC;IACH,CAAC;IAEO,WAAW;QACjB,IAAI,MAAM,GAAwB,IAAI,CAAC;QACvC,KAAK,MAAM,KAAK,IAAI,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC;YAC1C,IAAI,CAAC,MAAM,IAAI,KAAK,CAAC,OAAO,GAAG,MAAM,CAAC,OAAO;gBAAE,MAAM,GAAG,KAAK,CAAC;QAChE,CAAC;QACD,IAAI,MAAM,EAAE,CAAC;YACX,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAClC,CAAC;IACH,CAAC;CACF"}

package/dist/gateway/observability.d.ts

@@ -0,0 +1,83 @@
+import type { CostRecord, Intent, Tier } from './types.js';
+import type BetterSqlite3 from 'better-sqlite3';
+export declare class CostTracker {
+    private rawDb;
+    private stmts;
+    constructor(rawDb: BetterSqlite3.Database);
+    private prepareStatements;
+    /** Record a completed request */
+    record(data: {
+        provider: string;
+        model: string;
+        tokensIn: number;
+        tokensOut: number;
+        costEstimate: number;
+        durationMs: number;
+        symbolIds: string[];
+        filePaths: string[];
+        intent: Intent;
+        complexityScore: number;
+        tier: Tier;
+        cacheHit: boolean;
+    }): string;
+    /** Cost breakdown by provider + model */
+    getCostByProvider(windowSql?: string): {
+        provider: string;
+        model: string;
+        request_count: number;
+        total_tokens_in: number;
+        total_tokens_out: number;
+        total_cost: number;
+        avg_duration: number;
+    }[];
+    /** Cost breakdown by file path */
+    getCostByFile(limit?: number, windowSql?: string): {
+        file_path: string;
+        request_count: number;
+        total_tokens: number;
+        total_cost: number;
+    }[];
+    /** Cost breakdown by intent */
+    getCostByIntent(windowSql?: string): {
+        intent: string;
+        request_count: number;
+        total_tokens: number;
+        total_cost: number;
+        avg_complexity: number;
+    }[];
+    /** Cost breakdown by tier */
+    getCostByTier(windowSql?: string): {
+        tier: string;
+        request_count: number;
+        total_cost: number;
+        avg_duration: number;
+    }[];
+    /** Cache hit/miss stats and savings */
+    getCacheSavings(windowSql?: string): {
+        cacheHits: any;
+        cacheMisses: any;
+        costSaved: any;
+        tokensSaved: any;
+        hitRate: number;
+    };
+    /** Most expensive symbols */
+    getTopExpensiveSymbols(limit?: number, windowSql?: string): {
+        symbol_id: string;
+        request_count: number;
+        total_cost: number;
+        total_tokens: number;
+    }[];
+    /** Overall summary */
+    getSummary(windowSql?: string): {
+        totalRequests: any;
+        totalTokensIn: any;
+        totalTokensOut: any;
+        totalCost: any;
+        avgDuration: any;
+        firstRequest: any;
+        lastRequest: any;
+    };
+    /** Get recent requests for debugging */
+    getRecentRequests(limit?: number): CostRecord[];
+}
+//# sourceMappingURL=observability.d.ts.map

package/dist/gateway/observability.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"observability.d.ts","sourceRoot":"","sources":["../../src/gateway/observability.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,YAAY,CAAC;AAC3D,OAAO,KAAK,aAAa,MAAM,gBAAgB,CAAC;AAEhD,qBAAa,WAAW;IAGV,OAAO,CAAC,KAAK;IAFzB,OAAO,CAAC,KAAK,CAA+C;gBAExC,KAAK,EAAE,aAAa,CAAC,QAAQ;IAIjD,OAAO,CAAC,iBAAiB;IAyFzB,iCAAiC;IACjC,MAAM,CAAC,IAAI,EAAE;QACX,QAAQ,EAAE,MAAM,CAAC;QACjB,KAAK,EAAE,MAAM,CAAC;QACd,QAAQ,EAAE,MAAM,CAAC;QACjB,SAAS,EAAE,MAAM,CAAC;QAClB,YAAY,EAAE,MAAM,CAAC;QACrB,UAAU,EAAE,MAAM,CAAC;QACnB,SAAS,EAAE,MAAM,EAAE,CAAC;QACpB,SAAS,EAAE,MAAM,EAAE,CAAC;QACpB,MAAM,EAAE,MAAM,CAAC;QACf,eAAe,EAAE,MAAM,CAAC;QACxB,IAAI,EAAE,IAAI,CAAC;QACX,QAAQ,EAAE,OAAO,CAAC;KACnB,GAAG,MAAM;IAiBV,yCAAyC;IACzC,iBAAiB,CAAC,SAAS,SAAa,GACS;QAC7C,QAAQ,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAC;QAChC,aAAa,EAAE,MAAM,CAAC;QAAC,eAAe,EAAE,MAAM,CAAC;QAAC,gBAAgB,EAAE,MAAM,CAAC;QACzE,UAAU,EAAE,MAAM,CAAC;QAAC,YAAY,EAAE,MAAM,CAAC;KAC1C,EAAE;IAGL,kCAAkC;IAClC,aAAa,CAAC,KAAK,SAAK,EAAE,SAAS,SAAa,GACI;QAChD,SAAS,EAAE,MAAM,CAAC;QAAC,aAAa,EAAE,MAAM,CAAC;QAAC,YAAY,EAAE,MAAM,CAAC;QAAC,UAAU,EAAE,MAAM,CAAC;KACpF,EAAE;IAGL,+BAA+B;IAC/B,eAAe,CAAC,SAAS,SAAa,GACS;QAC3C,MAAM,EAAE,MAAM,CAAC;QAAC,aAAa,EAAE,MAAM,CAAC;QAAC,YAAY,EAAE,MAAM,CAAC;QAAC,UAAU,EAAE,MAAM,CAAC;QAAC,cAAc,EAAE,MAAM,CAAC;KACzG,EAAE;IAGL,6BAA6B;IAC7B,aAAa,CAAC,SAAS,SAAa,GACS;QACzC,IAAI,EAAE,MAAM,CAAC;QAAC,aAAa,EAAE,MAAM,CAAC;QAAC,UAAU,EAAE,MAAM,CAAC;QAAC,YAAY,EAAE,MAAM,CAAC;KAC/E,EAAE;IAGL,uCAAuC;IACvC,eAAe,CAAC,SAAS,SAAa;;;;;;;IAatC,6BAA6B;IAC7B,sBAAsB,CAAC,KAAK,SAAK,EAAE,SAAS,SAAa,GACD;QACpD,SAAS,EAAE,MAAM,CAAC;QAAC,aAAa,EAAE,MAAM,CAAC;QAAC,UAAU,EAAE,MAAM,CAAC;QAAC,YAAY,EAAE,MAAM,CAAC;KACpF,EAAE;IAGL,sBAAsB;IACtB,UAAU,CAAC,SAAS,SAAa;;;;;;;;;IAajC,wCAAwC;IACxC,iBAAiB,CAAC,KAAK,SAAK,GAAG,UAAU,EAAE;CAkB5C"}

package/dist/gateway/observability.js

@@ -0,0 +1,152 @@
+// ── Observability — per-function / per-file cost tracking ──
+import { randomUUID } from 'node:crypto';
+export class CostTracker {
+    rawDb;
+    stmts;
+    constructor(rawDb) {
+        this.rawDb = rawDb;
+        this.stmts = this.prepareStatements();
+    }
+    prepareStatements() {
+        return {
+            insert: this.rawDb.prepare(`INSERT INTO gateway_cost_log
+         (request_id, provider, model, tokens_in, tokens_out, cost_estimate, duration_ms,
+          symbol_ids, file_paths, intent, complexity_score, tier, cache_hit)
+         VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`),
+            byProvider: this.rawDb.prepare(`SELECT provider, model,
+           COUNT(*) as request_count,
+           SUM(tokens_in) as total_tokens_in,
+           SUM(tokens_out) as total_tokens_out,
+           SUM(cost_estimate) as total_cost,
+           AVG(duration_ms) as avg_duration
+         FROM gateway_cost_log
+         WHERE timestamp >= datetime('now', ?)
+         GROUP BY provider, model
+         ORDER BY total_cost DESC`),
+            byFile: this.rawDb.prepare(`SELECT jf.value as file_path,
+           COUNT(*) as request_count,
+           SUM(cl.tokens_in + cl.tokens_out) as total_tokens,
+           SUM(cl.cost_estimate) as total_cost
+         FROM gateway_cost_log cl, json_each(cl.file_paths) jf
+         WHERE cl.timestamp >= datetime('now', ?)
+         GROUP BY jf.value
+         ORDER BY total_cost DESC
+         LIMIT ?`),
+            byIntent: this.rawDb.prepare(`SELECT intent,
+           COUNT(*) as request_count,
+           SUM(tokens_in + tokens_out) as total_tokens,
+           SUM(cost_estimate) as total_cost,
+           AVG(complexity_score) as avg_complexity
+         FROM gateway_cost_log
+         WHERE timestamp >= datetime('now', ?)
+         GROUP BY intent
+         ORDER BY total_cost DESC`),
+            byTier: this.rawDb.prepare(`SELECT tier,
+           COUNT(*) as request_count,
+           SUM(cost_estimate) as total_cost,
+           AVG(duration_ms) as avg_duration
+         FROM gateway_cost_log
+         WHERE timestamp >= datetime('now', ?)
+         GROUP BY tier`),
+            cacheSavings: this.rawDb.prepare(`SELECT
+           SUM(CASE WHEN cache_hit = 1 THEN 1 ELSE 0 END) as cache_hits,
+           SUM(CASE WHEN cache_hit = 0 THEN 1 ELSE 0 END) as cache_misses,
+           SUM(CASE WHEN cache_hit = 1 THEN cost_estimate ELSE 0 END) as cost_saved,
+           SUM(CASE WHEN cache_hit = 1 THEN tokens_in + tokens_out ELSE 0 END) as tokens_saved
+         FROM gateway_cost_log
+         WHERE timestamp >= datetime('now', ?)`),
+            topSymbols: this.rawDb.prepare(`SELECT js.value as symbol_id,
+           COUNT(*) as request_count,
+           SUM(cl.cost_estimate) as total_cost,
+           SUM(cl.tokens_in + cl.tokens_out) as total_tokens
+         FROM gateway_cost_log cl, json_each(cl.symbol_ids) js
+         WHERE cl.timestamp >= datetime('now', ?)
+         GROUP BY js.value
+         ORDER BY total_cost DESC
+         LIMIT ?`),
+            summary: this.rawDb.prepare(`SELECT
+           COUNT(*) as total_requests,
+           SUM(tokens_in) as total_tokens_in,
+           SUM(tokens_out) as total_tokens_out,
+           SUM(cost_estimate) as total_cost,
+           AVG(duration_ms) as avg_duration,
+           MIN(timestamp) as first_request,
+           MAX(timestamp) as last_request
+         FROM gateway_cost_log
+         WHERE timestamp >= datetime('now', ?)`),
+            recentRequests: this.rawDb.prepare(`SELECT * FROM gateway_cost_log ORDER BY timestamp DESC LIMIT ?`),
+        };
+    }
+    /** Record a completed request */
+    record(data) {
+        const requestId = randomUUID();
+        this.stmts.insert.run(requestId, data.provider, data.model, data.tokensIn, data.tokensOut, data.costEstimate, data.durationMs, JSON.stringify(data.symbolIds), JSON.stringify(data.filePaths), data.intent, data.complexityScore, data.tier, data.cacheHit ? 1 : 0);
+        return requestId;
+    }
+    /** Cost breakdown by provider + model */
+    getCostByProvider(windowSql = '-30 days') {
+        return this.stmts.byProvider.all(windowSql);
+    }
+    /** Cost breakdown by file path */
+    getCostByFile(limit = 20, windowSql = '-30 days') {
+        return this.stmts.byFile.all(windowSql, limit);
+    }
+    /** Cost breakdown by intent */
+    getCostByIntent(windowSql = '-30 days') {
+        return this.stmts.byIntent.all(windowSql);
+    }
+    /** Cost breakdown by tier */
+    getCostByTier(windowSql = '-30 days') {
+        return this.stmts.byTier.all(windowSql);
+    }
+    /** Cache hit/miss stats and savings */
+    getCacheSavings(windowSql = '-30 days') {
+        const row = this.stmts.cacheSavings.get(windowSql);
+        return {
+            cacheHits: row?.cache_hits ?? 0,
+            cacheMisses: row?.cache_misses ?? 0,
+            costSaved: row?.cost_saved ?? 0,
+            tokensSaved: row?.tokens_saved ?? 0,
+            hitRate: row?.cache_hits
+                ? row.cache_hits / (row.cache_hits + row.cache_misses)
+                : 0,
+        };
+    }
+    /** Most expensive symbols */
+    getTopExpensiveSymbols(limit = 10, windowSql = '-30 days') {
+        return this.stmts.topSymbols.all(windowSql, limit);
+    }
+    /** Overall summary */
+    getSummary(windowSql = '-30 days') {
+        const row = this.stmts.summary.get(windowSql);
+        return {
+            totalRequests: row?.total_requests ?? 0,
+            totalTokensIn: row?.total_tokens_in ?? 0,
+            totalTokensOut: row?.total_tokens_out ?? 0,
+            totalCost: row?.total_cost ?? 0,
+            avgDuration: row?.avg_duration ?? 0,
+            firstRequest: row?.first_request ?? null,
+            lastRequest: row?.last_request ?? null,
+        };
+    }
+    /** Get recent requests for debugging */
+    getRecentRequests(limit = 10) {
+        return this.stmts.recentRequests.all(limit).map(r => ({
+            requestId: r.request_id,
+            timestamp: r.timestamp,
+            provider: r.provider,
+            model: r.model,
+            tokensIn: r.tokens_in,
+            tokensOut: r.tokens_out,
+            costEstimate: r.cost_estimate,
+            durationMs: r.duration_ms,
+            symbolIds: JSON.parse(r.symbol_ids || '[]'),
+            filePaths: JSON.parse(r.file_paths || '[]'),
+            intent: r.intent,
+            complexityScore: r.complexity_score,
+            tier: r.tier,
+            cacheHit: !!r.cache_hit,
+        }));
+    }
+}
+//# sourceMappingURL=observability.js.map

package/dist/gateway/observability.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"observability.js","sourceRoot":"","sources":["../../src/gateway/observability.ts"],"names":[],"mappings":"AAAA,8DAA8D;AAE9D,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAIzC,MAAM,OAAO,WAAW;IAGF;IAFZ,KAAK,CAA+C;IAE5D,YAAoB,KAA6B;QAA7B,UAAK,GAAL,KAAK,CAAwB;QAC/C,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,iBAAiB,EAAE,CAAC;IACxC,CAAC;IAEO,iBAAiB;QACvB,OAAO;YACL,MAAM,EAAE,IAAI,CAAC,KAAK,CAAC,OAAO,CACxB;;;wDAGgD,CACjD;YACD,UAAU,EAAE,IAAI,CAAC,KAAK,CAAC,OAAO,CAC5B;;;;;;;;;kCAS0B,CAC3B;YACD,MAAM,EAAE,IAAI,CAAC,KAAK,CAAC,OAAO,CACxB;;;;;;;;iBAQS,CACV;YACD,QAAQ,EAAE,IAAI,CAAC,KAAK,CAAC,OAAO,CAC1B;;;;;;;;kCAQ0B,CAC3B;YACD,MAAM,EAAE,IAAI,CAAC,KAAK,CAAC,OAAO,CACxB;;;;;;uBAMe,CAChB;YACD,YAAY,EAAE,IAAI,CAAC,KAAK,CAAC,OAAO,CAC9B;;;;;;+CAMuC,CACxC;YACD,UAAU,EAAE,IAAI,CAAC,KAAK,CAAC,OAAO,CAC5B;;;;;;;;iBAQS,CACV;YACD,OAAO,EAAE,IAAI,CAAC,KAAK,CAAC,OAAO,CACzB;;;;;;;;;+CASuC,CACxC;YACD,cAAc,EAAE,IAAI,CAAC,KAAK,CAAC,OAAO,CAChC,gEAAgE,CACjE;SACF,CAAC;IACJ,CAAC;IAED,iCAAiC;IACjC,MAAM,CAAC,IAaN;QACC,MAAM,SAAS,GAAG,UAAU,EAAE,CAAC;QAC/B,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CACnB,SAAS,EACT,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,KAAK,EACzB,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC,YAAY,EAChD,IAAI,CAAC,UAAU,EACf,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,SAAS,CAAC,EAC9B,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,SAAS,CAAC,EAC9B,IAAI,CAAC,MAAM,EACX,IAAI,CAAC,eAAe,EACpB,IAAI,CAAC,IAAI,EACT,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CACtB,CAAC;QACF,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,yCAAyC;IACzC,iBAAiB,CAAC,SAAS,GAAG,UAAU;QACtC,OAAO,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,SAAS,CAIvC,CAAC;IACN,CAAC;IAED,kCAAkC;IAClC,aAAa,CAAC,KAAK,GAAG,EAAE,EAAE,SAAS,GAAG,UAAU;QAC9C,OAAO,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,SAAS,EAAE,KAAK,CAE1C,CAAC;IACN,CAAC;IAED,+BAA+B;IAC/B,eAAe,CAAC,SAAS,GAAG,UAAU;QACpC,OAAO,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,SAAS,CAErC,CAAC;IACN,CAAC;IAED,6BAA6B;IAC7B,aAAa,CAAC,SAAS,GAAG,UAAU;QAClC,OAAO,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,SAAS,CAEnC,CAAC;IACN,CAAC;IAED,uCAAuC;IACvC,eAAe,CAAC,SAAS,GAAG,UAAU;QACpC,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,GAAG,CAAC,SAAS,CAAQ,CAAC;QAC1D,OAAO;YACL,SAAS,EAAE,GAAG,EAAE,UAAU,IAAI,CAAC;YAC/B,WAAW,EAAE,GAAG,EAAE,YAAY,IAAI,CAAC;YACnC,SAAS,EAAE,GAAG,EAAE,UAAU,IAAI,CAAC;YAC/B,WAAW,EAAE,GAAG,EAAE,YAAY,IAAI,CAAC;YACnC,OAAO,EAAE,GAAG,EAAE,UAAU;gBACtB,CAAC,CAAC,GAAG,CAAC,UAAU,GAAG,CAAC,GAAG,CAAC,UAAU,GAAG,GAAG,CAAC,YAAY,CAAC;gBACtD,CAAC,CAAC,CAAC;SACN,CAAC;IACJ,CAAC;IAED,6BAA6B;IAC7B,sBAAsB,CAAC,KAAK,GAAG,EAAE,EAAE,SAAS,GAAG,UAAU;QACvD,OAAO,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,SAAS,EAAE,KAAK,CAE9C,CAAC;IACN,CAAC;IAED,sBAAsB;IACtB,UAAU,CAAC,SAAS,GAAG,UAAU;QAC/B,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,SAAS,CAAQ,CAAC;QACrD,OAAO;YACL,aAAa,EAAE,GAAG,EAAE,cAAc,IAAI,CAAC;YACvC,aAAa,EAAE,GAAG,EAAE,eAAe,IAAI,CAAC;YACxC,cAAc,EAAE,GAAG,EAAE,gBAAgB,IAAI,CAAC;YAC1C,SAAS,EAAE,GAAG,EAAE,UAAU,IAAI,CAAC;YAC/B,WAAW,EAAE,GAAG,EAAE,YAAY,IAAI,CAAC;YACnC,YAAY,EAAE,GAAG,EAAE,aAAa,IAAI,IAAI;YACxC,WAAW,EAAE,GAAG,EAAE,YAAY,IAAI,IAAI;SACvC,CAAC;IACJ,CAAC;IAED,wCAAwC;IACxC,iBAAiB,CAAC,KAAK,GAAG,EAAE;QAC1B,OAAQ,IAAI,CAAC,KAAK,CAAC,cAAc,CAAC,GAAG,CAAC,KAAK,CAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;YAC/D,SAAS,EAAE,CAAC,CAAC,UAAU;YACvB,SAAS,EAAE,CAAC,CAAC,SAAS;YACtB,QAAQ,EAAE,CAAC,CAAC,QAAQ;YACpB,KAAK,EAAE,CAAC,CAAC,KAAK;YACd,QAAQ,EAAE,CAAC,CAAC,SAAS;YACrB,SAAS,EAAE,CAAC,CAAC,UAAU;YACvB,YAAY,EAAE,CAAC,CAAC,aAAa;YAC7B,UAAU,EAAE,CAAC,CAAC,WAAW;YACzB,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,UAAU,IAAI,IAAI,CAAC;YAC3C,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,UAAU,IAAI,IAAI,CAAC;YAC3C,MAAM,EAAE,CAAC,CAAC,MAAM;YAChB,eAAe,EAAE,CAAC,CAAC,gBAAgB;YACnC,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,QAAQ,EAAE,CAAC,CAAC,CAAC,CAAC,SAAS;SACxB,CAAC,CAAC,CAAC;IACN,CAAC;CACF"}

package/dist/gateway/privacy.d.ts

@@ -0,0 +1,27 @@
+import type { ChatMessage, PrivacyRule, PrivacyDecision, MessageAnalysis } from './types.js';
+import type BetterSqlite3 from 'better-sqlite3';
+export declare class PrivacyFilter {
+    private rawDb;
+    private defaultRules;
+    private rulesCache;
+    private stmts;
+    constructor(rawDb: BetterSqlite3.Database, defaultRules?: PrivacyRule[]);
+    private prepareStatements;
+    /** Evaluate privacy decision for a request based on referenced files */
+    evaluate(analysis: MessageAnalysis): PrivacyDecision;
+    /** Mask sensitive content in messages — returns masked messages + unmask map */
+    maskMessages(messages: ChatMessage[], rules: PrivacyRule[]): {
+        masked: ChatMessage[];
+        unmaskMap: Map<string, string>;
+    };
+    /** Restore original content from masked tokens */
+    unmask(text: string, unmaskMap: Map<string, string>): string;
+    /** Add a privacy rule (persisted to DB) */
+    addRule(rule: PrivacyRule): void;
+    /** Remove a privacy rule */
+    removeRule(pathPattern: string): boolean;
+    /** List all rules */
+    listRules(): PrivacyRule[];
+    private loadRules;
+}
+//# sourceMappingURL=privacy.d.ts.map

package/dist/gateway/privacy.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"privacy.d.ts","sourceRoot":"","sources":["../../src/gateway/privacy.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,WAAW,EAAE,WAAW,EAAiB,eAAe,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAC5G,OAAO,KAAK,aAAa,MAAM,gBAAgB,CAAC;AAEhD,qBAAa,aAAa;IAKtB,OAAO,CAAC,KAAK;IACb,OAAO,CAAC,YAAY;IALtB,OAAO,CAAC,UAAU,CAA8B;IAChD,OAAO,CAAC,KAAK,CAAiD;gBAGpD,KAAK,EAAE,aAAa,CAAC,QAAQ,EAC7B,YAAY,GAAE,WAAW,EAAO;IAK1C,OAAO,CAAC,iBAAiB;IAUzB,wEAAwE;IACxE,QAAQ,CAAC,QAAQ,EAAE,eAAe,GAAG,eAAe;IA6BpD,gFAAgF;IAChF,YAAY,CAAC,QAAQ,EAAE,WAAW,EAAE,EAAE,KAAK,EAAE,WAAW,EAAE,GAAG;QAAE,MAAM,EAAE,WAAW,EAAE,CAAC;QAAC,SAAS,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;KAAE;IAsBtH,kDAAkD;IAClD,MAAM,CAAC,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,MAAM;IAQ5D,2CAA2C;IAC3C,OAAO,CAAC,IAAI,EAAE,WAAW,GAAG,IAAI;IAKhC,4BAA4B;IAC5B,UAAU,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO;IAMxC,qBAAqB;IACrB,SAAS,IAAI,WAAW,EAAE;IAI1B,OAAO,CAAC,SAAS;CAUlB"}

package/dist/gateway/privacy.js

@@ -0,0 +1,139 @@
+// ── Privacy filter — path-based sensitivity rules with masking ──
+import { randomBytes } from 'node:crypto';
+export class PrivacyFilter {
+    rawDb;
+    defaultRules;
+    rulesCache = null;
+    stmts;
+    constructor(rawDb, defaultRules = []) {
+        this.rawDb = rawDb;
+        this.defaultRules = defaultRules;
+        this.stmts = this.prepareStatements();
+    }
+    prepareStatements() {
+        return {
+            listRules: this.rawDb.prepare('SELECT * FROM gateway_privacy_rules ORDER BY path_pattern'),
+            addRule: this.rawDb.prepare(`INSERT OR REPLACE INTO gateway_privacy_rules (path_pattern, action, reason) VALUES (?, ?, ?)`),
+            removeRule: this.rawDb.prepare('DELETE FROM gateway_privacy_rules WHERE path_pattern = ?'),
+        };
+    }
+    /** Evaluate privacy decision for a request based on referenced files */
+    evaluate(analysis) {
+        const rules = this.loadRules();
+        const matched = [];
+        let highestAction = 'allow';
+        for (const file of analysis.files) {
+            for (const rule of rules) {
+                if (matchGlob(file, rule.pathPattern)) {
+                    matched.push(rule);
+                    highestAction = promoteAction(highestAction, rule.action);
+                }
+            }
+        }
+        // Also check symbol file paths
+        for (const sym of analysis.symbols) {
+            for (const rule of rules) {
+                if (matchGlob(sym.filePath, rule.pathPattern)) {
+                    if (!matched.some(m => m.pathPattern === rule.pathPattern)) {
+                        matched.push(rule);
+                        highestAction = promoteAction(highestAction, rule.action);
+                    }
+                }
+            }
+        }
+        return { action: highestAction, matchedRules: matched };
+    }
+    /** Mask sensitive content in messages — returns masked messages + unmask map */
+    maskMessages(messages, rules) {
+        const unmaskMap = new Map();
+        const masked = messages.map(msg => {
+            const content = typeof msg.content === 'string' ? msg.content : '';
+            if (!content)
+                return msg;
+            let result = content;
+            for (const rule of rules) {
+                if (rule.action !== 'mask')
+                    continue;
+                result = maskPatternOccurrences(result, rule.pathPattern, unmaskMap);
+            }
+            // Mask inline @sensitive annotations
+            result = maskSensitiveAnnotations(result, unmaskMap);
+            return { ...msg, content: result };
+        });
+        return { masked, unmaskMap };
+    }
+    /** Restore original content from masked tokens */
+    unmask(text, unmaskMap) {
+        let result = text;
+        for (const [token, original] of unmaskMap) {
+            result = result.replaceAll(token, original);
+        }
+        return result;
+    }
+    /** Add a privacy rule (persisted to DB) */
+    addRule(rule) {
+        this.stmts.addRule.run(rule.pathPattern, rule.action, rule.reason ?? null);
+        this.rulesCache = null;
+    }
+    /** Remove a privacy rule */
+    removeRule(pathPattern) {
+        const r = this.stmts.removeRule.run(pathPattern);
+        this.rulesCache = null;
+        return r.changes > 0;
+    }
+    /** List all rules */
+    listRules() {
+        return this.loadRules();
+    }
+    loadRules() {
+        if (this.rulesCache)
+            return this.rulesCache;
+        const dbRules = this.stmts.listRules.all().map(r => ({
+            pathPattern: r.path_pattern,
+            action: r.action,
+            reason: r.reason ?? undefined,
+        }));
+        this.rulesCache = [...this.defaultRules, ...dbRules];
+        return this.rulesCache;
+    }
+}
+// ── Helpers ──
+/** Simple glob matching: supports * and ** */
+function matchGlob(filePath, pattern) {
+    const regex = pattern
+        .replace(/[.+^${}()|[\]\\]/g, '\\$&') // Escape special regex chars
+        .replace(/\*\*/g, '{{GLOBSTAR}}') // Temp placeholder
+        .replace(/\*/g, '[^/]*') // Single glob
+        .replace(/{{GLOBSTAR}}/g, '.*'); // Double glob
+    return new RegExp(`^${regex}$`).test(filePath);
+}
+/** Promote to higher severity: block > local-only > mask > allow */
+function promoteAction(current, incoming) {
+    const priority = { allow: 0, mask: 1, 'local-only': 2, block: 3 };
+    return (priority[incoming] ?? 0) > (priority[current] ?? 0) ? incoming : current;
+}
+/** Replace occurrences matching a glob pattern in text with masked tokens */
+function maskPatternOccurrences(text, pathPattern, unmaskMap) {
+    // Extract a searchable pattern from the glob (e.g., "secrets/**" → "secrets/")
+    const literalPrefix = pathPattern.replace(/\*.*$/, '');
+    if (!literalPrefix || !text.includes(literalPrefix))
+        return text;
+    // Find all file-path-like substrings starting with the literal prefix
+    const filePathRe = new RegExp(literalPrefix.replace(/[.+^${}()|[\]\\]/g, '\\$&') + '[\\w/._-]*', 'g');
+    return text.replace(filePathRe, match => {
+        if (!matchGlob(match, pathPattern))
+            return match;
+        const token = `[REDACTED_${randomBytes(4).toString('hex')}]`;
+        unmaskMap.set(token, match);
+        return token;
+    });
+}
+/** Mask content wrapped in @sensitive{...} annotations */
+function maskSensitiveAnnotations(text, unmaskMap) {
+    return text.replace(/@sensitive\{([^}]+)\}/g, (_match, inner) => {
+        const token = `[REDACTED_${randomBytes(4).toString('hex')}]`;
+        unmaskMap.set(token, inner);
+        return token;
+    });
+}
+//# sourceMappingURL=privacy.js.map