n8n-nodes-trusera 0.5.2 → 0.6.0

package/README.md

@@ -326,3 +326,4 @@ The interactive HTML dashboard includes:
 ## License
 
 MIT
+

package/credentials/TruseraPlatformApi.credentials.ts

@@ -0,0 +1,49 @@
+import type {
+  IAuthenticateGeneric,
+  ICredentialTestRequest,
+  ICredentialType,
+  INodeProperties,
+} from 'n8n-workflow';
+
+export class TruseraPlatformApi implements ICredentialType {
+  name = 'truseraPlatformApi';
+  displayName = 'Trusera Platform API';
+  documentationUrl = 'https://docs.trusera.dev/n8n-sidecar';
+
+  properties: INodeProperties[] = [
+    {
+      displayName: 'API Key',
+      name: 'apiKey',
+      type: 'string',
+      typeOptions: { password: true },
+      default: '',
+      required: true,
+      description: 'Trusera platform API key (starts with tsk_)',
+    },
+    {
+      displayName: 'Platform URL',
+      name: 'platformUrl',
+      type: 'string',
+      default: 'https://api.trusera.io',
+      required: false,
+      description: 'Trusera platform API URL',
+    },
+  ];
+
+  authenticate: IAuthenticateGeneric = {
+    type: 'generic',
+    properties: {
+      headers: {
+        Authorization: '=Bearer {{$credentials.apiKey}}',
+      },
+    },
+  };
+
+  test: ICredentialTestRequest = {
+    request: {
+      baseURL: '={{$credentials.platformUrl}}',
+      url: '/api/v1/agents/stats',
+      method: 'GET',
+    },
+  };
+}

package/dist/credentials/TruseraPlatformApi.credentials.d.ts

@@ -0,0 +1,10 @@
+import type { IAuthenticateGeneric, ICredentialTestRequest, ICredentialType, INodeProperties } from 'n8n-workflow';
+export declare class TruseraPlatformApi implements ICredentialType {
+    name: string;
+    displayName: string;
+    documentationUrl: string;
+    properties: INodeProperties[];
+    authenticate: IAuthenticateGeneric;
+    test: ICredentialTestRequest;
+}
+//# sourceMappingURL=TruseraPlatformApi.credentials.d.ts.map

package/dist/credentials/TruseraPlatformApi.credentials.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"TruseraPlatformApi.credentials.d.ts","sourceRoot":"","sources":["../../credentials/TruseraPlatformApi.credentials.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,oBAAoB,EACpB,sBAAsB,EACtB,eAAe,EACf,eAAe,EAChB,MAAM,cAAc,CAAC;AAEtB,qBAAa,kBAAmB,YAAW,eAAe;IACxD,IAAI,SAAwB;IAC5B,WAAW,SAA0B;IACrC,gBAAgB,SAA0C;IAE1D,UAAU,EAAE,eAAe,EAAE,CAkB3B;IAEF,YAAY,EAAE,oBAAoB,CAOhC;IAEF,IAAI,EAAE,sBAAsB,CAM1B;CACH"}

package/dist/credentials/TruseraPlatformApi.credentials.js

@@ -0,0 +1,46 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.TruseraPlatformApi = void 0;
+class TruseraPlatformApi {
+    constructor() {
+        this.name = 'truseraPlatformApi';
+        this.displayName = 'Trusera Platform API';
+        this.documentationUrl = 'https://docs.trusera.dev/n8n-sidecar';
+        this.properties = [
+            {
+                displayName: 'API Key',
+                name: 'apiKey',
+                type: 'string',
+                typeOptions: { password: true },
+                default: '',
+                required: true,
+                description: 'Trusera platform API key (starts with tsk_)',
+            },
+            {
+                displayName: 'Platform URL',
+                name: 'platformUrl',
+                type: 'string',
+                default: 'https://api.trusera.io',
+                required: false,
+                description: 'Trusera platform API URL',
+            },
+        ];
+        this.authenticate = {
+            type: 'generic',
+            properties: {
+                headers: {
+                    Authorization: '=Bearer {{$credentials.apiKey}}',
+                },
+            },
+        };
+        this.test = {
+            request: {
+                baseURL: '={{$credentials.platformUrl}}',
+                url: '/api/v1/agents/stats',
+                method: 'GET',
+            },
+        };
+    }
+}
+exports.TruseraPlatformApi = TruseraPlatformApi;
+//# sourceMappingURL=TruseraPlatformApi.credentials.js.map

package/dist/credentials/TruseraPlatformApi.credentials.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"TruseraPlatformApi.credentials.js","sourceRoot":"","sources":["../../credentials/TruseraPlatformApi.credentials.ts"],"names":[],"mappings":";;;AAOA,MAAa,kBAAkB;IAA/B;QACE,SAAI,GAAG,oBAAoB,CAAC;QAC5B,gBAAW,GAAG,sBAAsB,CAAC;QACrC,qBAAgB,GAAG,sCAAsC,CAAC;QAE1D,eAAU,GAAsB;YAC9B;gBACE,WAAW,EAAE,SAAS;gBACtB,IAAI,EAAE,QAAQ;gBACd,IAAI,EAAE,QAAQ;gBACd,WAAW,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE;gBAC/B,OAAO,EAAE,EAAE;gBACX,QAAQ,EAAE,IAAI;gBACd,WAAW,EAAE,6CAA6C;aAC3D;YACD;gBACE,WAAW,EAAE,cAAc;gBAC3B,IAAI,EAAE,aAAa;gBACnB,IAAI,EAAE,QAAQ;gBACd,OAAO,EAAE,wBAAwB;gBACjC,QAAQ,EAAE,KAAK;gBACf,WAAW,EAAE,0BAA0B;aACxC;SACF,CAAC;QAEF,iBAAY,GAAyB;YACnC,IAAI,EAAE,SAAS;YACf,UAAU,EAAE;gBACV,OAAO,EAAE;oBACP,aAAa,EAAE,iCAAiC;iBACjD;aACF;SACF,CAAC;QAEF,SAAI,GAA2B;YAC7B,OAAO,EAAE;gBACP,OAAO,EAAE,+BAA+B;gBACxC,GAAG,EAAE,sBAAsB;gBAC3B,MAAM,EAAE,KAAK;aACd;SACF,CAAC;IACJ,CAAC;CAAA;AAzCD,gDAyCC"}

package/dist/index.d.ts

@@ -4,4 +4,9 @@ export * from './lib/riskScorer';
 export * from './lib/policyEngine';
 export * from './lib/scanner';
 export * from './lib/dashboardHtml';
+export * from './lib/sidecar/types';
+export * from './lib/sidecar/pii';
+export * from './lib/sidecar/contentFilter';
+export * from './lib/sidecar/evaluator';
+export * from './lib/sidecar/reporter';
 //# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../index.ts"],"names":[],"mappings":"AAAA,cAAc,cAAc,CAAC;AAC7B,cAAc,cAAc,CAAC;AAC7B,cAAc,kBAAkB,CAAC;AACjC,cAAc,oBAAoB,CAAC;AACnC,cAAc,eAAe,CAAC;AAC9B,cAAc,qBAAqB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../index.ts"],"names":[],"mappings":"AAAA,cAAc,cAAc,CAAC;AAC7B,cAAc,cAAc,CAAC;AAC7B,cAAc,kBAAkB,CAAC;AACjC,cAAc,oBAAoB,CAAC;AACnC,cAAc,eAAe,CAAC;AAC9B,cAAc,qBAAqB,CAAC;AAGpC,cAAc,qBAAqB,CAAC;AACpC,cAAc,mBAAmB,CAAC;AAClC,cAAc,6BAA6B,CAAC;AAC5C,cAAc,yBAAyB,CAAC;AACxC,cAAc,wBAAwB,CAAC"}

package/dist/index.js

@@ -20,4 +20,10 @@ __exportStar(require("./lib/riskScorer"), exports);
 __exportStar(require("./lib/policyEngine"), exports);
 __exportStar(require("./lib/scanner"), exports);
 __exportStar(require("./lib/dashboardHtml"), exports);
+// Sidecar runtime enforcement
+__exportStar(require("./lib/sidecar/types"), exports);
+__exportStar(require("./lib/sidecar/pii"), exports);
+__exportStar(require("./lib/sidecar/contentFilter"), exports);
+__exportStar(require("./lib/sidecar/evaluator"), exports);
+__exportStar(require("./lib/sidecar/reporter"), exports);
 //# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,+CAA6B;AAC7B,+CAA6B;AAC7B,mDAAiC;AACjC,qDAAmC;AACnC,gDAA8B;AAC9B,sDAAoC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,+CAA6B;AAC7B,+CAA6B;AAC7B,mDAAiC;AACjC,qDAAmC;AACnC,gDAA8B;AAC9B,sDAAoC;AAEpC,8BAA8B;AAC9B,sDAAoC;AACpC,oDAAkC;AAClC,8DAA4C;AAC5C,0DAAwC;AACxC,yDAAuC"}

package/dist/lib/sidecar/contentFilter.d.ts

@@ -0,0 +1,21 @@
+/**
+ * Content filtering for the Trusera Sidecar.
+ *
+ * Pattern-based detection for prompt injection and dangerous content.
+ * Conservative patterns — high precision, lower recall. The platform's
+ * Cedar policies handle nuanced enforcement; these are a lightweight first pass.
+ */
+/** A single content filter match. */
+export interface ContentFilterResult {
+    type: 'prompt_injection' | 'dangerous_content';
+    name: string;
+    matched: string;
+    severity: 'critical' | 'high' | 'medium' | 'low';
+}
+/** Detect prompt injection patterns. */
+export declare function detectPromptInjection(text: string): ContentFilterResult[];
+/** Detect dangerous content patterns. */
+export declare function detectDangerousContent(text: string): ContentFilterResult[];
+/** Combined content filter — runs both injection + dangerous content checks. */
+export declare function runContentFilter(text: string): ContentFilterResult[];
+//# sourceMappingURL=contentFilter.d.ts.map

package/dist/lib/sidecar/contentFilter.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"contentFilter.d.ts","sourceRoot":"","sources":["../../../lib/sidecar/contentFilter.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAKH,qCAAqC;AACrC,MAAM,WAAW,mBAAmB;IAClC,IAAI,EAAE,kBAAkB,GAAG,mBAAmB,CAAC;IAC/C,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;CAClD;AA6FD,wCAAwC;AACxC,wBAAgB,qBAAqB,CAAC,IAAI,EAAE,MAAM,GAAG,mBAAmB,EAAE,CAIzE;AAED,yCAAyC;AACzC,wBAAgB,sBAAsB,CAAC,IAAI,EAAE,MAAM,GAAG,mBAAmB,EAAE,CAI1E;AAED,gFAAgF;AAChF,wBAAgB,gBAAgB,CAAC,IAAI,EAAE,MAAM,GAAG,mBAAmB,EAAE,CAOpE"}

package/dist/lib/sidecar/contentFilter.js

@@ -0,0 +1,120 @@
+"use strict";
+/**
+ * Content filtering for the Trusera Sidecar.
+ *
+ * Pattern-based detection for prompt injection and dangerous content.
+ * Conservative patterns — high precision, lower recall. The platform's
+ * Cedar policies handle nuanced enforcement; these are a lightweight first pass.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.detectPromptInjection = detectPromptInjection;
+exports.detectDangerousContent = detectDangerousContent;
+exports.runContentFilter = runContentFilter;
+/** Maximum text length to scan (100 KB). */
+const MAX_SCAN_LENGTH = 100_000;
+const PROMPT_INJECTION_PATTERNS = [
+    {
+        name: 'ignore_instructions',
+        pattern: /ignore\s+(?:all\s+)?(?:previous|prior|above|earlier)\s+(?:instructions|prompts|context|rules)/gi,
+        severity: 'critical',
+        type: 'prompt_injection',
+    },
+    {
+        name: 'role_reassignment',
+        pattern: /you\s+are\s+now\s+(?:a|an|the|my)\s+/gi,
+        severity: 'high',
+        type: 'prompt_injection',
+    },
+    {
+        name: 'system_prompt_extraction',
+        pattern: /(?:repeat|show|reveal|print|output|display|tell\s+me)\s+(?:your|the)\s+(?:system\s+)?(?:prompt|instructions|rules|guidelines)/gi,
+        severity: 'high',
+        type: 'prompt_injection',
+    },
+    {
+        name: 'jailbreak_dan',
+        pattern: /\bDAN\b.*?(?:do\s+anything\s+now|jailbreak|bypass|unrestricted)/gi,
+        severity: 'critical',
+        type: 'prompt_injection',
+    },
+    {
+        name: 'delimiter_injection',
+        pattern: /(?:<\/?system>|<\/?user>|<\/?assistant>|\[INST\]|\[\/INST\]|<<SYS>>|<\/SYS>>)/gi,
+        severity: 'high',
+        type: 'prompt_injection',
+    },
+    {
+        name: 'instruction_override',
+        pattern: /(?:new\s+instructions?|override\s+(?:instructions?|rules)|forget\s+(?:everything|all|previous))/gi,
+        severity: 'critical',
+        type: 'prompt_injection',
+    },
+    {
+        name: 'base64_instruction',
+        pattern: /(?:decode|execute|run|eval)\s+(?:this\s+)?(?:base64|b64)\s*[:=]/gi,
+        severity: 'high',
+        type: 'prompt_injection',
+    },
+];
+const DANGEROUS_CONTENT_PATTERNS = [
+    {
+        name: 'sql_injection_in_llm',
+        pattern: /(?:;\s*DROP\s+TABLE|;\s*DELETE\s+FROM|UNION\s+(?:ALL\s+)?SELECT|'\s*OR\s+'1'\s*=\s*'1)/gi,
+        severity: 'high',
+        type: 'dangerous_content',
+    },
+    {
+        name: 'path_traversal',
+        pattern: /(?:\.\.\/){2,}|(?:\.\.\\){2,}/g,
+        severity: 'medium',
+        type: 'dangerous_content',
+    },
+    {
+        name: 'shell_injection',
+        pattern: /(?:;\s*(?:rm|wget|curl|nc|bash|sh|python|perl|ruby)\s+-|`[^`]*`|\$\([^)]*\))/gi,
+        severity: 'high',
+        type: 'dangerous_content',
+    },
+    {
+        name: 'encoded_payload',
+        pattern: /(?:&#x[0-9a-f]{2,4};){3,}|(?:%[0-9a-f]{2}){5,}/gi,
+        severity: 'medium',
+        type: 'dangerous_content',
+    },
+];
+function runPatterns(text, patterns) {
+    const results = [];
+    for (const { name, pattern, severity, type } of patterns) {
+        pattern.lastIndex = 0;
+        const match = pattern.exec(text);
+        if (match) {
+            results.push({ type, name, matched: match[0], severity });
+        }
+    }
+    return results;
+}
+/** Detect prompt injection patterns. */
+function detectPromptInjection(text) {
+    if (!text)
+        return [];
+    const scanText = text.length > MAX_SCAN_LENGTH ? text.slice(0, MAX_SCAN_LENGTH) : text;
+    return runPatterns(scanText, PROMPT_INJECTION_PATTERNS);
+}
+/** Detect dangerous content patterns. */
+function detectDangerousContent(text) {
+    if (!text)
+        return [];
+    const scanText = text.length > MAX_SCAN_LENGTH ? text.slice(0, MAX_SCAN_LENGTH) : text;
+    return runPatterns(scanText, DANGEROUS_CONTENT_PATTERNS);
+}
+/** Combined content filter — runs both injection + dangerous content checks. */
+function runContentFilter(text) {
+    if (!text)
+        return [];
+    const scanText = text.length > MAX_SCAN_LENGTH ? text.slice(0, MAX_SCAN_LENGTH) : text;
+    return [
+        ...runPatterns(scanText, PROMPT_INJECTION_PATTERNS),
+        ...runPatterns(scanText, DANGEROUS_CONTENT_PATTERNS),
+    ];
+}
+//# sourceMappingURL=contentFilter.js.map

package/dist/lib/sidecar/contentFilter.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"contentFilter.js","sourceRoot":"","sources":["../../../lib/sidecar/contentFilter.ts"],"names":[],"mappings":";AAAA;;;;;;GAMG;;AAyGH,sDAIC;AAGD,wDAIC;AAGD,4CAOC;AA5HD,4CAA4C;AAC5C,MAAM,eAAe,GAAG,OAAO,CAAC;AAiBhC,MAAM,yBAAyB,GAA6B;IAC1D;QACE,IAAI,EAAE,qBAAqB;QAC3B,OAAO,EAAE,iGAAiG;QAC1G,QAAQ,EAAE,UAAU;QACpB,IAAI,EAAE,kBAAkB;KACzB;IACD;QACE,IAAI,EAAE,mBAAmB;QACzB,OAAO,EAAE,wCAAwC;QACjD,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,kBAAkB;KACzB;IACD;QACE,IAAI,EAAE,0BAA0B;QAChC,OAAO,EAAE,iIAAiI;QAC1I,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,kBAAkB;KACzB;IACD;QACE,IAAI,EAAE,eAAe;QACrB,OAAO,EAAE,mEAAmE;QAC5E,QAAQ,EAAE,UAAU;QACpB,IAAI,EAAE,kBAAkB;KACzB;IACD;QACE,IAAI,EAAE,qBAAqB;QAC3B,OAAO,EAAE,iFAAiF;QAC1F,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,kBAAkB;KACzB;IACD;QACE,IAAI,EAAE,sBAAsB;QAC5B,OAAO,EAAE,mGAAmG;QAC5G,QAAQ,EAAE,UAAU;QACpB,IAAI,EAAE,kBAAkB;KACzB;IACD;QACE,IAAI,EAAE,oBAAoB;QAC1B,OAAO,EAAE,mEAAmE;QAC5E,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,kBAAkB;KACzB;CACF,CAAC;AAEF,MAAM,0BAA0B,GAA6B;IAC3D;QACE,IAAI,EAAE,sBAAsB;QAC5B,OAAO,EAAE,0FAA0F;QACnG,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,mBAAmB;KAC1B;IACD;QACE,IAAI,EAAE,gBAAgB;QACtB,OAAO,EAAE,gCAAgC;QACzC,QAAQ,EAAE,QAAQ;QAClB,IAAI,EAAE,mBAAmB;KAC1B;IACD;QACE,IAAI,EAAE,iBAAiB;QACvB,OAAO,EAAE,gFAAgF;QACzF,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,mBAAmB;KAC1B;IACD;QACE,IAAI,EAAE,iBAAiB;QACvB,OAAO,EAAE,kDAAkD;QAC3D,QAAQ,EAAE,QAAQ;QAClB,IAAI,EAAE,mBAAmB;KAC1B;CACF,CAAC;AAEF,SAAS,WAAW,CAAC,IAAY,EAAE,QAAkC;IACnE,MAAM,OAAO,GAA0B,EAAE,CAAC;IAC1C,KAAK,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,IAAI,QAAQ,EAAE,CAAC;QACzD,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC;QACtB,MAAM,KAAK,GAAG,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACjC,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,CAAC,CAAC;QAC5D,CAAC;IACH,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,wCAAwC;AACxC,SAAgB,qBAAqB,CAAC,IAAY;IAChD,IAAI,CAAC,IAAI;QAAE,OAAO,EAAE,CAAC;IACrB,MAAM,QAAQ,GAAG,IAAI,CAAC,MAAM,GAAG,eAAe,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,eAAe,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IACvF,OAAO,WAAW,CAAC,QAAQ,EAAE,yBAAyB,CAAC,CAAC;AAC1D,CAAC;AAED,yCAAyC;AACzC,SAAgB,sBAAsB,CAAC,IAAY;IACjD,IAAI,CAAC,IAAI;QAAE,OAAO,EAAE,CAAC;IACrB,MAAM,QAAQ,GAAG,IAAI,CAAC,MAAM,GAAG,eAAe,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,eAAe,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IACvF,OAAO,WAAW,CAAC,QAAQ,EAAE,0BAA0B,CAAC,CAAC;AAC3D,CAAC;AAED,gFAAgF;AAChF,SAAgB,gBAAgB,CAAC,IAAY;IAC3C,IAAI,CAAC,IAAI;QAAE,OAAO,EAAE,CAAC;IACrB,MAAM,QAAQ,GAAG,IAAI,CAAC,MAAM,GAAG,eAAe,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,eAAe,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IACvF,OAAO;QACL,GAAG,WAAW,CAAC,QAAQ,EAAE,yBAAyB,CAAC;QACnD,GAAG,WAAW,CAAC,QAAQ,EAAE,0BAA0B,CAAC;KACrD,CAAC;AACJ,CAAC"}

package/dist/lib/sidecar/evaluator.d.ts

@@ -0,0 +1,33 @@
+/**
+ * Core evaluation pipeline for the Trusera Sidecar.
+ *
+ * Combines Cedar policy evaluation, PII detection, and content filtering
+ * into a single evaluation pipeline with fail-open design.
+ */
+import type { EvaluatorConfig, EvaluationResult } from './types';
+export declare class SidecarEvaluator {
+    private config;
+    constructor(config: EvaluatorConfig);
+    /** Main evaluation entry point. */
+    evaluate(data: Record<string, unknown>): Promise<EvaluationResult>;
+    /** PII detection check. */
+    private checkPii;
+    /** Prompt injection detection check. */
+    private checkPromptInjection;
+    /** Content filter check. */
+    private checkContentFilter;
+    /** Cedar policy evaluation — calls platform API or evaluates inline. */
+    private evaluateCedarPolicies;
+    /** Evaluate against Cedar policies fetched from the platform. */
+    private evaluatePlatformCedar;
+    /** Evaluate inline Cedar DSL against platform's evaluate endpoint. */
+    private evaluateInlineCedar;
+    /** Build Cedar evaluation context from input data + prior check results. */
+    private buildCedarContext;
+    /**
+     * Recursively extract all string values from an object into a single text blob.
+     * Used for PII detection and content filtering.
+     */
+    private extractTextContent;
+}
+//# sourceMappingURL=evaluator.d.ts.map

package/dist/lib/sidecar/evaluator.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"evaluator.d.ts","sourceRoot":"","sources":["../../../lib/sidecar/evaluator.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EACV,eAAe,EACf,gBAAgB,EAIjB,MAAM,SAAS,CAAC;AAUjB,qBAAa,gBAAgB;IAC3B,OAAO,CAAC,MAAM,CAAkB;gBAEpB,MAAM,EAAE,eAAe;IAInC,mCAAmC;IAC7B,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,OAAO,CAAC,gBAAgB,CAAC;IAsExE,2BAA2B;IAC3B,OAAO,CAAC,QAAQ;IAchB,wCAAwC;IACxC,OAAO,CAAC,oBAAoB;IAc5B,4BAA4B;IAC5B,OAAO,CAAC,kBAAkB;IAc1B,wEAAwE;YAC1D,qBAAqB;IAenC,iEAAiE;YACnD,qBAAqB;IAwDnC,sEAAsE;YACxD,mBAAmB;IAwDjC,4EAA4E;IAC5E,OAAO,CAAC,iBAAiB;IA0BzB;;;OAGG;IACH,OAAO,CAAC,kBAAkB;CAgB3B"}

package/dist/lib/sidecar/evaluator.js

@@ -0,0 +1,270 @@
+"use strict";
+/**
+ * Core evaluation pipeline for the Trusera Sidecar.
+ *
+ * Combines Cedar policy evaluation, PII detection, and content filtering
+ * into a single evaluation pipeline with fail-open design.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SidecarEvaluator = void 0;
+const pii_1 = require("./pii");
+const contentFilter_1 = require("./contentFilter");
+/** Max context size sent to platform (50 KB). */
+const MAX_CONTEXT_SIZE = 50_000;
+/** Module-level policy cache. */
+const policyCache = new Map();
+class SidecarEvaluator {
+    constructor(config) {
+        this.config = config;
+    }
+    /** Main evaluation entry point. */
+    async evaluate(data) {
+        const startTime = Date.now();
+        const checks = [];
+        const violations = [];
+        // Extract all text content from the input data
+        const textContent = this.extractTextContent(data);
+        // Run built-in checks
+        if (this.config.enablePiiDetection) {
+            const piiCheck = this.checkPii(textContent);
+            checks.push(piiCheck);
+            if (!piiCheck.passed) {
+                violations.push({
+                    policyName: 'pii_detection',
+                    reason: `PII detected: ${piiCheck.findings?.join(', ') ?? 'unknown types'}`,
+                    severity: 'high',
+                });
+            }
+        }
+        if (this.config.enablePromptInjection) {
+            const injectionCheck = this.checkPromptInjection(textContent);
+            checks.push(injectionCheck);
+            if (!injectionCheck.passed) {
+                violations.push({
+                    policyName: 'prompt_injection',
+                    reason: `Prompt injection detected: ${injectionCheck.findings?.join(', ') ?? 'unknown pattern'}`,
+                    severity: 'critical',
+                });
+            }
+        }
+        if (this.config.enableContentFilter) {
+            const contentCheck = this.checkContentFilter(textContent);
+            checks.push(contentCheck);
+            if (!contentCheck.passed) {
+                violations.push({
+                    policyName: 'content_filter',
+                    reason: `Dangerous content detected: ${contentCheck.findings?.join(', ') ?? 'unknown pattern'}`,
+                    severity: 'high',
+                });
+            }
+        }
+        // Cedar policy evaluation
+        const cedarCheck = await this.evaluateCedarPolicies(data, checks);
+        checks.push(cedarCheck);
+        if (!cedarCheck.passed) {
+            violations.push({
+                policyName: 'cedar_policy',
+                reason: cedarCheck.details,
+                severity: 'high',
+            });
+        }
+        const durationMs = Date.now() - startTime;
+        const allowed = violations.length === 0 || this.config.enforcementMode !== 'block';
+        return {
+            allowed: violations.length === 0 ? true : allowed,
+            enforcement: this.config.enforcementMode,
+            violations,
+            checks,
+            timestamp: new Date().toISOString(),
+            durationMs,
+        };
+    }
+    /** PII detection check. */
+    checkPii(text) {
+        const matches = (0, pii_1.detectPii)(text);
+        if (matches.length === 0) {
+            return { name: 'pii_detection', passed: true, details: 'No PII detected' };
+        }
+        const types = [...new Set(matches.map((m) => m.type))];
+        return {
+            name: 'pii_detection',
+            passed: false,
+            details: `Found ${matches.length} PII instance(s): ${types.join(', ')}`,
+            findings: types,
+        };
+    }
+    /** Prompt injection detection check. */
+    checkPromptInjection(text) {
+        const matches = (0, contentFilter_1.detectPromptInjection)(text);
+        if (matches.length === 0) {
+            return { name: 'prompt_injection', passed: true, details: 'No injection patterns detected' };
+        }
+        const names = matches.map((m) => m.name);
+        return {
+            name: 'prompt_injection',
+            passed: false,
+            details: `Found ${matches.length} injection pattern(s): ${names.join(', ')}`,
+            findings: names,
+        };
+    }
+    /** Content filter check. */
+    checkContentFilter(text) {
+        const matches = (0, contentFilter_1.detectDangerousContent)(text);
+        if (matches.length === 0) {
+            return { name: 'content_filter', passed: true, details: 'No dangerous content detected' };
+        }
+        const names = matches.map((m) => m.name);
+        return {
+            name: 'content_filter',
+            passed: false,
+            details: `Found ${matches.length} dangerous pattern(s): ${names.join(', ')}`,
+            findings: names,
+        };
+    }
+    /** Cedar policy evaluation — calls platform API or evaluates inline. */
+    async evaluateCedarPolicies(data, priorChecks) {
+        if (this.config.policySource === 'inline' && !this.config.inlineCedarDsl?.trim()) {
+            return { name: 'cedar_policy', passed: true, details: 'No inline Cedar policy configured' };
+        }
+        if (this.config.policySource === 'platform') {
+            return this.evaluatePlatformCedar(data, priorChecks);
+        }
+        return this.evaluateInlineCedar(data, priorChecks);
+    }
+    /** Evaluate against Cedar policies fetched from the platform. */
+    async evaluatePlatformCedar(data, priorChecks) {
+        try {
+            const context = this.buildCedarContext(data, priorChecks);
+            const res = await fetch(`${this.config.platformUrl}/api/v1/cedar/evaluate`, {
+                method: 'POST',
+                headers: {
+                    'Content-Type': 'application/json',
+                    Authorization: `Bearer ${this.config.apiKey}`,
+                },
+                body: JSON.stringify({
+                    principal: { type: 'n8n::Agent', id: this.config.agentName },
+                    action: { type: 'n8n::Action', id: 'process_data' },
+                    resource: { type: 'n8n::WorkflowData', id: 'input' },
+                    context,
+                }),
+            });
+            if (!res.ok) {
+                return {
+                    name: 'cedar_policy',
+                    passed: true,
+                    details: `Platform returned ${res.status} — failing open`,
+                };
+            }
+            const result = (await res.json());
+            const decision = (result.decision ?? 'allow').toLowerCase();
+            if (decision === 'deny') {
+                const reasons = result.diagnostic?.reasons ?? ['Policy denied the request'];
+                return {
+                    name: 'cedar_policy',
+                    passed: false,
+                    details: reasons.join('; '),
+                    findings: reasons,
+                };
+            }
+            return { name: 'cedar_policy', passed: true, details: 'Cedar policy evaluation passed' };
+        }
+        catch {
+            // Fail open — platform unreachable
+            return {
+                name: 'cedar_policy',
+                passed: true,
+                details: 'Platform unreachable — failing open',
+            };
+        }
+    }
+    /** Evaluate inline Cedar DSL against platform's evaluate endpoint. */
+    async evaluateInlineCedar(data, priorChecks) {
+        try {
+            const context = this.buildCedarContext(data, priorChecks);
+            const res = await fetch(`${this.config.platformUrl}/api/v1/cedar/evaluate`, {
+                method: 'POST',
+                headers: {
+                    'Content-Type': 'application/json',
+                    Authorization: `Bearer ${this.config.apiKey}`,
+                },
+                body: JSON.stringify({
+                    principal: { type: 'n8n::Agent', id: this.config.agentName },
+                    action: { type: 'n8n::Action', id: 'process_data' },
+                    resource: { type: 'n8n::WorkflowData', id: 'input' },
+                    context,
+                    inline_policy: this.config.inlineCedarDsl,
+                }),
+            });
+            if (!res.ok) {
+                return {
+                    name: 'cedar_policy',
+                    passed: true,
+                    details: `Platform returned ${res.status} — failing open`,
+                };
+            }
+            const result = (await res.json());
+            const decision = (result.decision ?? 'allow').toLowerCase();
+            if (decision === 'deny') {
+                const reasons = result.diagnostic?.reasons ?? ['Inline policy denied the request'];
+                return {
+                    name: 'cedar_policy',
+                    passed: false,
+                    details: reasons.join('; '),
+                    findings: reasons,
+                };
+            }
+            return { name: 'cedar_policy', passed: true, details: 'Inline Cedar policy passed' };
+        }
+        catch {
+            return {
+                name: 'cedar_policy',
+                passed: true,
+                details: 'Platform unreachable — failing open',
+            };
+        }
+    }
+    /** Build Cedar evaluation context from input data + prior check results. */
+    buildCedarContext(data, priorChecks) {
+        const piiCheck = priorChecks.find((c) => c.name === 'pii_detection');
+        const injectionCheck = priorChecks.find((c) => c.name === 'prompt_injection');
+        const contentCheck = priorChecks.find((c) => c.name === 'content_filter');
+        const context = {
+            pii_detected: piiCheck ? !piiCheck.passed : false,
+            pii_types: piiCheck?.findings ?? [],
+            injection_detected: injectionCheck ? !injectionCheck.passed : false,
+            content_filter_triggered: contentCheck ? !contentCheck.passed : false,
+            data_keys: Object.keys(data),
+            data_size: JSON.stringify(data).length,
+        };
+        // Truncate context to max size
+        const contextStr = JSON.stringify(context);
+        if (contextStr.length > MAX_CONTEXT_SIZE) {
+            delete context.data_keys;
+        }
+        return context;
+    }
+    /**
+     * Recursively extract all string values from an object into a single text blob.
+     * Used for PII detection and content filtering.
+     */
+    extractTextContent(data) {
+        const parts = [];
+        function walk(value) {
+            if (typeof value === 'string') {
+                parts.push(value);
+            }
+            else if (Array.isArray(value)) {
+                for (const item of value)
+                    walk(item);
+            }
+            else if (value !== null && typeof value === 'object') {
+                for (const v of Object.values(value))
+                    walk(v);
+            }
+        }
+        walk(data);
+        return parts.join(' ');
+    }
+}
+exports.SidecarEvaluator = SidecarEvaluator;
+//# sourceMappingURL=evaluator.js.map

package/dist/lib/sidecar/evaluator.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"evaluator.js","sourceRoot":"","sources":["../../../lib/sidecar/evaluator.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;;AASH,+BAA6C;AAC7C,mDAAkG;AAElG,iDAAiD;AACjD,MAAM,gBAAgB,GAAG,MAAM,CAAC;AAEhC,iCAAiC;AACjC,MAAM,WAAW,GAAG,IAAI,GAAG,EAA0D,CAAC;AAEtF,MAAa,gBAAgB;IAG3B,YAAY,MAAuB;QACjC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED,mCAAmC;IACnC,KAAK,CAAC,QAAQ,CAAC,IAA6B;QAC1C,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAC7B,MAAM,MAAM,GAAkB,EAAE,CAAC;QACjC,MAAM,UAAU,GAAgB,EAAE,CAAC;QAEnC,+CAA+C;QAC/C,MAAM,WAAW,GAAG,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAC;QAElD,sBAAsB;QACtB,IAAI,IAAI,CAAC,MAAM,CAAC,kBAAkB,EAAE,CAAC;YACnC,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;YAC5C,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YACtB,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC;gBACrB,UAAU,CAAC,IAAI,CAAC;oBACd,UAAU,EAAE,eAAe;oBAC3B,MAAM,EAAE,iBAAiB,QAAQ,CAAC,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,IAAI,eAAe,EAAE;oBAC3E,QAAQ,EAAE,MAAM;iBACjB,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,IAAI,IAAI,CAAC,MAAM,CAAC,qBAAqB,EAAE,CAAC;YACtC,MAAM,cAAc,GAAG,IAAI,CAAC,oBAAoB,CAAC,WAAW,CAAC,CAAC;YAC9D,MAAM,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;YAC5B,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,CAAC;gBAC3B,UAAU,CAAC,IAAI,CAAC;oBACd,UAAU,EAAE,kBAAkB;oBAC9B,MAAM,EAAE,8BAA8B,cAAc,CAAC,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,IAAI,iBAAiB,EAAE;oBAChG,QAAQ,EAAE,UAAU;iBACrB,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,IAAI,IAAI,CAAC,MAAM,CAAC,mBAAmB,EAAE,CAAC;YACpC,MAAM,YAAY,GAAG,IAAI,CAAC,kBAAkB,CAAC,WAAW,CAAC,CAAC;YAC1D,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;YAC1B,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,CAAC;gBACzB,UAAU,CAAC,IAAI,CAAC;oBACd,UAAU,EAAE,gBAAgB;oBAC5B,MAAM,EAAE,+BAA+B,YAAY,CAAC,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,IAAI,iBAAiB,EAAE;oBAC/F,QAAQ,EAAE,MAAM;iBACjB,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,0BAA0B;QAC1B,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,qBAAqB,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;QAClE,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QACxB,IAAI,CAAC,UAAU,CAAC,MAAM,EAAE,CAAC;YACvB,UAAU,CAAC,IAAI,CAAC;gBACd,UAAU,EAAE,cAAc;gBAC1B,MAAM,EAAE,UAAU,CAAC,OAAO;gBAC1B,QAAQ,EAAE,MAAM;aACjB,CAAC,CAAC;QACL,CAAC;QAED,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;QAC1C,MAAM,OAAO,GACX,UAAU,CAAC,MAAM,KAAK,CAAC,IAAI,IAAI,CAAC,MAAM,CAAC,eAAe,KAAK,OAAO,CAAC;QAErE,OAAO;YACL,OAAO,EAAE,UAAU,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,OAAO;YACjD,WAAW,EAAE,IAAI,CAAC,MAAM,CAAC,eAAe;YACxC,UAAU;YACV,MAAM;YACN,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,UAAU;SACX,CAAC;IACJ,CAAC;IAED,2BAA2B;IACnB,QAAQ,CAAC,IAAY;QAC3B,MAAM,OAAO,GAAG,IAAA,eAAS,EAAC,IAAI,CAAC,CAAC;QAChC,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACzB,OAAO,EAAE,IAAI,EAAE,eAAe,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,iBAAiB,EAAE,CAAC;QAC7E,CAAC;QACD,MAAM,KAAK,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACvD,OAAO;YACL,IAAI,EAAE,eAAe;YACrB,MAAM,EAAE,KAAK;YACb,OAAO,EAAE,SAAS,OAAO,CAAC,MAAM,qBAAqB,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;YACvE,QAAQ,EAAE,KAAK;SAChB,CAAC;IACJ,CAAC;IAED,wCAAwC;IAChC,oBAAoB,CAAC,IAAY;QACvC,MAAM,OAAO,GAAG,IAAA,qCAAqB,EAAC,IAAI,CAAC,CAAC;QAC5C,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACzB,OAAO,EAAE,IAAI,EAAE,kBAAkB,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,gCAAgC,EAAE,CAAC;QAC/F,CAAC;QACD,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;QACzC,OAAO;YACL,IAAI,EAAE,kBAAkB;YACxB,MAAM,EAAE,KAAK;YACb,OAAO,EAAE,SAAS,OAAO,CAAC,MAAM,0BAA0B,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;YAC5E,QAAQ,EAAE,KAAK;SAChB,CAAC;IACJ,CAAC;IAED,4BAA4B;IACpB,kBAAkB,CAAC,IAAY;QACrC,MAAM,OAAO,GAAG,IAAA,sCAAsB,EAAC,IAAI,CAAC,CAAC;QAC7C,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACzB,OAAO,EAAE,IAAI,EAAE,gBAAgB,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,+BAA+B,EAAE,CAAC;QAC5F,CAAC;QACD,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;QACzC,OAAO;YACL,IAAI,EAAE,gBAAgB;YACtB,MAAM,EAAE,KAAK;YACb,OAAO,EAAE,SAAS,OAAO,CAAC,MAAM,0BAA0B,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;YAC5E,QAAQ,EAAE,KAAK;SAChB,CAAC;IACJ,CAAC;IAED,wEAAwE;IAChE,KAAK,CAAC,qBAAqB,CACjC,IAA6B,EAC7B,WAA0B;QAE1B,IAAI,IAAI,CAAC,MAAM,CAAC,YAAY,KAAK,QAAQ,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,cAAc,EAAE,IAAI,EAAE,EAAE,CAAC;YACjF,OAAO,EAAE,IAAI,EAAE,cAAc,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,mCAAmC,EAAE,CAAC;QAC9F,CAAC;QAED,IAAI,IAAI,CAAC,MAAM,CAAC,YAAY,KAAK,UAAU,EAAE,CAAC;YAC5C,OAAO,IAAI,CAAC,qBAAqB,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC;QACvD,CAAC;QAED,OAAO,IAAI,CAAC,mBAAmB,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC;IACrD,CAAC;IAED,iEAAiE;IACzD,KAAK,CAAC,qBAAqB,CACjC,IAA6B,EAC7B,WAA0B;QAE1B,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,IAAI,CAAC,iBAAiB,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC;YAE1D,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC,WAAW,wBAAwB,EAAE;gBAC1E,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE;oBACP,cAAc,EAAE,kBAAkB;oBAClC,aAAa,EAAE,UAAU,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE;iBAC9C;gBACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;oBACnB,SAAS,EAAE,EAAE,IAAI,EAAE,YAAY,EAAE,EAAE,EAAE,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE;oBAC5D,MAAM,EAAE,EAAE,IAAI,EAAE,aAAa,EAAE,EAAE,EAAE,cAAc,EAAE;oBACnD,QAAQ,EAAE,EAAE,IAAI,EAAE,mBAAmB,EAAE,EAAE,EAAE,OAAO,EAAE;oBACpD,OAAO;iBACR,CAAC;aACH,CAAC,CAAC;YAEH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;gBACZ,OAAO;oBACL,IAAI,EAAE,cAAc;oBACpB,MAAM,EAAE,IAAI;oBACZ,OAAO,EAAE,qBAAqB,GAAG,CAAC,MAAM,iBAAiB;iBAC1D,CAAC;YACJ,CAAC;YAED,MAAM,MAAM,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAG/B,CAAC;YAEF,MAAM,QAAQ,GAAG,CAAC,MAAM,CAAC,QAAQ,IAAI,OAAO,CAAC,CAAC,WAAW,EAAE,CAAC;YAC5D,IAAI,QAAQ,KAAK,MAAM,EAAE,CAAC;gBACxB,MAAM,OAAO,GAAG,MAAM,CAAC,UAAU,EAAE,OAAO,IAAI,CAAC,2BAA2B,CAAC,CAAC;gBAC5E,OAAO;oBACL,IAAI,EAAE,cAAc;oBACpB,MAAM,EAAE,KAAK;oBACb,OAAO,EAAE,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC;oBAC3B,QAAQ,EAAE,OAAO;iBAClB,CAAC;YACJ,CAAC;YAED,OAAO,EAAE,IAAI,EAAE,cAAc,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,gCAAgC,EAAE,CAAC;QAC3F,CAAC;QAAC,MAAM,CAAC;YACP,mCAAmC;YACnC,OAAO;gBACL,IAAI,EAAE,cAAc;gBACpB,MAAM,EAAE,IAAI;gBACZ,OAAO,EAAE,qCAAqC;aAC/C,CAAC;QACJ,CAAC;IACH,CAAC;IAED,sEAAsE;IAC9D,KAAK,CAAC,mBAAmB,CAC/B,IAA6B,EAC7B,WAA0B;QAE1B,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,IAAI,CAAC,iBAAiB,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC;YAE1D,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC,WAAW,wBAAwB,EAAE;gBAC1E,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE;oBACP,cAAc,EAAE,kBAAkB;oBAClC,aAAa,EAAE,UAAU,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE;iBAC9C;gBACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;oBACnB,SAAS,EAAE,EAAE,IAAI,EAAE,YAAY,EAAE,EAAE,EAAE,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE;oBAC5D,MAAM,EAAE,EAAE,IAAI,EAAE,aAAa,EAAE,EAAE,EAAE,cAAc,EAAE;oBACnD,QAAQ,EAAE,EAAE,IAAI,EAAE,mBAAmB,EAAE,EAAE,EAAE,OAAO,EAAE;oBACpD,OAAO;oBACP,aAAa,EAAE,IAAI,CAAC,MAAM,CAAC,cAAc;iBAC1C,CAAC;aACH,CAAC,CAAC;YAEH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;gBACZ,OAAO;oBACL,IAAI,EAAE,cAAc;oBACpB,MAAM,EAAE,IAAI;oBACZ,OAAO,EAAE,qBAAqB,GAAG,CAAC,MAAM,iBAAiB;iBAC1D,CAAC;YACJ,CAAC;YAED,MAAM,MAAM,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAG/B,CAAC;YAEF,MAAM,QAAQ,GAAG,CAAC,MAAM,CAAC,QAAQ,IAAI,OAAO,CAAC,CAAC,WAAW,EAAE,CAAC;YAC5D,IAAI,QAAQ,KAAK,MAAM,EAAE,CAAC;gBACxB,MAAM,OAAO,GAAG,MAAM,CAAC,UAAU,EAAE,OAAO,IAAI,CAAC,kCAAkC,CAAC,CAAC;gBACnF,OAAO;oBACL,IAAI,EAAE,cAAc;oBACpB,MAAM,EAAE,KAAK;oBACb,OAAO,EAAE,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC;oBAC3B,QAAQ,EAAE,OAAO;iBAClB,CAAC;YACJ,CAAC;YAED,OAAO,EAAE,IAAI,EAAE,cAAc,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,4BAA4B,EAAE,CAAC;QACvF,CAAC;QAAC,MAAM,CAAC;YACP,OAAO;gBACL,IAAI,EAAE,cAAc;gBACpB,MAAM,EAAE,IAAI;gBACZ,OAAO,EAAE,qCAAqC;aAC/C,CAAC;QACJ,CAAC;IACH,CAAC;IAED,4EAA4E;IACpE,iBAAiB,CACvB,IAA6B,EAC7B,WAA0B;QAE1B,MAAM,QAAQ,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,eAAe,CAAC,CAAC;QACrE,MAAM,cAAc,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,kBAAkB,CAAC,CAAC;QAC9E,MAAM,YAAY,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,gBAAgB,CAAC,CAAC;QAE1E,MAAM,OAAO,GAA4B;YACvC,YAAY,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK;YACjD,SAAS,EAAE,QAAQ,EAAE,QAAQ,IAAI,EAAE;YACnC,kBAAkB,EAAE,cAAc,CAAC,CAAC,CAAC,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK;YACnE,wBAAwB,EAAE,YAAY,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK;YACrE,SAAS,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC;YAC5B,SAAS,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,MAAM;SACvC,CAAC;QAEF,+BAA+B;QAC/B,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;QAC3C,IAAI,UAAU,CAAC,MAAM,GAAG,gBAAgB,EAAE,CAAC;YACzC,OAAO,OAAO,CAAC,SAAS,CAAC;QAC3B,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;;OAGG;IACK,kBAAkB,CAAC,IAA6B;QACtD,MAAM,KAAK,GAAa,EAAE,CAAC;QAE3B,SAAS,IAAI,CAAC,KAAc;YAC1B,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;gBAC9B,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YACpB,CAAC;iBAAM,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;gBAChC,KAAK,MAAM,IAAI,IAAI,KAAK;oBAAE,IAAI,CAAC,IAAI,CAAC,CAAC;YACvC,CAAC;iBAAM,IAAI,KAAK,KAAK,IAAI,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;gBACvD,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,MAAM,CAAC,KAAgC,CAAC;oBAAE,IAAI,CAAC,CAAC,CAAC,CAAC;YAC3E,CAAC;QACH,CAAC;QAED,IAAI,CAAC,IAAI,CAAC,CAAC;QACX,OAAO,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACzB,CAAC;CACF;AA5SD,4CA4SC"}

package/dist/lib/sidecar/pii.d.ts

@@ -0,0 +1,26 @@
+/**
+ * PII detection for the Trusera Sidecar.
+ *
+ * Regex-based scanning for personally identifiable information.
+ * Designed for high precision (few false positives) over recall.
+ */
+/** A single PII match. */
+export interface PiiMatch {
+    type: string;
+    value: string;
+    redacted: string;
+    position: number;
+}
+/**
+ * Detect PII in a text string.
+ * Returns all matches found. Scans up to MAX_SCAN_LENGTH bytes.
+ */
+export declare function detectPii(text: string): PiiMatch[];
+/**
+ * Redact all PII matches in a text string.
+ * Replaces each match with [REDACTED_<TYPE>].
+ */
+export declare function redactPii(text: string, matches: PiiMatch[]): string;
+/** Quick boolean check: does the text contain any PII? */
+export declare function containsPii(text: string): boolean;
+//# sourceMappingURL=pii.d.ts.map