n8n-nodes-trusera 0.6.0 → 0.7.0

package/dist/index.d.ts

@@ -9,4 +9,6 @@ export * from './lib/sidecar/pii';
 export * from './lib/sidecar/contentFilter';
 export * from './lib/sidecar/evaluator';
 export * from './lib/sidecar/reporter';
+export * from './lib/sidecar/policyGate';
+export * from './lib/sidecar/toolInterceptor';
 //# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../index.ts"],"names":[],"mappings":"AAAA,cAAc,cAAc,CAAC;AAC7B,cAAc,cAAc,CAAC;AAC7B,cAAc,kBAAkB,CAAC;AACjC,cAAc,oBAAoB,CAAC;AACnC,cAAc,eAAe,CAAC;AAC9B,cAAc,qBAAqB,CAAC;AAGpC,cAAc,qBAAqB,CAAC;AACpC,cAAc,mBAAmB,CAAC;AAClC,cAAc,6BAA6B,CAAC;AAC5C,cAAc,yBAAyB,CAAC;AACxC,cAAc,wBAAwB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../index.ts"],"names":[],"mappings":"AAAA,cAAc,cAAc,CAAC;AAC7B,cAAc,cAAc,CAAC;AAC7B,cAAc,kBAAkB,CAAC;AACjC,cAAc,oBAAoB,CAAC;AACnC,cAAc,eAAe,CAAC;AAC9B,cAAc,qBAAqB,CAAC;AAGpC,cAAc,qBAAqB,CAAC;AACpC,cAAc,mBAAmB,CAAC;AAClC,cAAc,6BAA6B,CAAC;AAC5C,cAAc,yBAAyB,CAAC;AACxC,cAAc,wBAAwB,CAAC;AACvC,cAAc,0BAA0B,CAAC;AACzC,cAAc,+BAA+B,CAAC"}

package/dist/index.js

@@ -26,4 +26,6 @@ __exportStar(require("./lib/sidecar/pii"), exports);
 __exportStar(require("./lib/sidecar/contentFilter"), exports);
 __exportStar(require("./lib/sidecar/evaluator"), exports);
 __exportStar(require("./lib/sidecar/reporter"), exports);
+__exportStar(require("./lib/sidecar/policyGate"), exports);
+__exportStar(require("./lib/sidecar/toolInterceptor"), exports);
 //# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,+CAA6B;AAC7B,+CAA6B;AAC7B,mDAAiC;AACjC,qDAAmC;AACnC,gDAA8B;AAC9B,sDAAoC;AAEpC,8BAA8B;AAC9B,sDAAoC;AACpC,oDAAkC;AAClC,8DAA4C;AAC5C,0DAAwC;AACxC,yDAAuC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,+CAA6B;AAC7B,+CAA6B;AAC7B,mDAAiC;AACjC,qDAAmC;AACnC,gDAA8B;AAC9B,sDAAoC;AAEpC,8BAA8B;AAC9B,sDAAoC;AACpC,oDAAkC;AAClC,8DAA4C;AAC5C,0DAAwC;AACxC,yDAAuC;AACvC,2DAAyC;AACzC,gEAA8C"}

package/dist/lib/sidecar/policyGate.d.ts

@@ -0,0 +1,29 @@
+/**
+ * Policy Gate Evaluator for the Trusera Sidecar v2.
+ *
+ * Evaluates proposed tool calls against Cedar policies, PII detection,
+ * and optional AI-powered "brain mode" analysis.
+ *
+ * Key difference from SidecarEvaluator: the Cedar action is the TOOL NAME
+ * (e.g., "gmail_send_email") not generic "process_data", enabling
+ * tool-specific policies.
+ */
+import type { PolicyGateConfig, PolicyGateResult, ToolCallProposal, BrainAnalysis, CheckResult } from './types';
+export declare class PolicyGateEvaluator {
+    private config;
+    private sidecarEvaluator;
+    constructor(config: PolicyGateConfig);
+    /** Main entry: evaluate a proposed tool call. */
+    evaluateToolCall(proposal: ToolCallProposal): Promise<PolicyGateResult>;
+    /**
+     * Fetch policy summaries from the platform for tool description injection.
+     * Returns: ["Block PII Exfiltration: Prevents agents from exporting PII", ...]
+     */
+    fetchPolicySummaries(): Promise<string[]>;
+    /** Cedar evaluation with tool-call-specific context. */
+    private evaluateToolCedar;
+    /** Brain mode: LLM-powered contextual policy evaluation. */
+    runBrainAnalysis(proposal: ToolCallProposal, policySummaries: string[], priorChecks: CheckResult[]): Promise<BrainAnalysis>;
+    private brainFailOpen;
+}
+//# sourceMappingURL=policyGate.d.ts.map

package/dist/lib/sidecar/policyGate.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"policyGate.d.ts","sourceRoot":"","sources":["../../../lib/sidecar/policyGate.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,KAAK,EACV,gBAAgB,EAChB,gBAAgB,EAChB,gBAAgB,EAChB,aAAa,EACb,WAAW,EAGZ,MAAM,SAAS,CAAC;AAajB,qBAAa,mBAAmB;IAC9B,OAAO,CAAC,MAAM,CAAmB;IACjC,OAAO,CAAC,gBAAgB,CAAmB;gBAE/B,MAAM,EAAE,gBAAgB;IAKpC,iDAAiD;IAC3C,gBAAgB,CAAC,QAAQ,EAAE,gBAAgB,GAAG,OAAO,CAAC,gBAAgB,CAAC;IA6D7E;;;OAGG;IACG,oBAAoB,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;IAgC/C,wDAAwD;YAC1C,iBAAiB;IAuD/B,4DAA4D;IACtD,gBAAgB,CACpB,QAAQ,EAAE,gBAAgB,EAC1B,eAAe,EAAE,MAAM,EAAE,EACzB,WAAW,EAAE,WAAW,EAAE,GACzB,OAAO,CAAC,aAAa,CAAC;IAwEzB,OAAO,CAAC,aAAa;CAStB"}

package/dist/lib/sidecar/policyGate.js

@@ -0,0 +1,231 @@
+"use strict";
+/**
+ * Policy Gate Evaluator for the Trusera Sidecar v2.
+ *
+ * Evaluates proposed tool calls against Cedar policies, PII detection,
+ * and optional AI-powered "brain mode" analysis.
+ *
+ * Key difference from SidecarEvaluator: the Cedar action is the TOOL NAME
+ * (e.g., "gmail_send_email") not generic "process_data", enabling
+ * tool-specific policies.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PolicyGateEvaluator = void 0;
+const evaluator_1 = require("./evaluator");
+/** Max policy summaries to include in tool description. */
+const MAX_POLICY_SUMMARIES = 8;
+/** Max chars per policy summary. */
+const MAX_SUMMARY_LENGTH = 200;
+/** Max brain input size (chars). */
+const MAX_BRAIN_INPUT = 4000;
+/** Module-level policy summary cache. */
+const policySummaryCache = new Map();
+class PolicyGateEvaluator {
+    constructor(config) {
+        this.config = config;
+        this.sidecarEvaluator = new evaluator_1.SidecarEvaluator(config);
+    }
+    /** Main entry: evaluate a proposed tool call. */
+    async evaluateToolCall(proposal) {
+        const startTime = Date.now();
+        const checks = [];
+        const violations = [];
+        // 1. Run PII/injection checks on the tool args (reuse SidecarEvaluator)
+        const argsData = typeof proposal.toolArgs === 'string'
+            ? { raw: proposal.toolArgs }
+            : proposal.toolArgs;
+        const baseResult = await this.sidecarEvaluator.evaluate(argsData);
+        checks.push(...baseResult.checks.filter((c) => c.name !== 'cedar_policy'));
+        violations.push(...baseResult.violations.filter((v) => v.policyName !== 'cedar_policy'));
+        // 2. Cedar evaluation with tool-specific context
+        const cedarCheck = await this.evaluateToolCedar(proposal, checks);
+        checks.push(cedarCheck);
+        if (!cedarCheck.passed) {
+            violations.push({
+                policyName: 'cedar_policy',
+                reason: cedarCheck.details,
+                severity: 'high',
+            });
+        }
+        // 3. Optional brain mode
+        let brainAnalysis;
+        if (this.config.brainMode.enabled && this.config.brainApiKey) {
+            const summaries = await this.fetchPolicySummaries();
+            brainAnalysis = await this.runBrainAnalysis(proposal, summaries, checks);
+            checks.push({
+                name: 'brain_analysis',
+                passed: brainAnalysis.decision !== 'deny',
+                details: brainAnalysis.reasoning,
+                findings: brainAnalysis.flaggedConcerns,
+            });
+            if (brainAnalysis.decision === 'deny') {
+                violations.push({
+                    policyName: 'brain_analysis',
+                    reason: `AI evaluation: ${brainAnalysis.reasoning}`,
+                    severity: 'high',
+                });
+            }
+        }
+        const durationMs = Date.now() - startTime;
+        const allowed = violations.length === 0 || this.config.enforcementMode !== 'block';
+        const policySummaries = await this.fetchPolicySummaries().catch(() => []);
+        return {
+            allowed: violations.length === 0 ? true : allowed,
+            enforcement: this.config.enforcementMode,
+            violations,
+            checks,
+            timestamp: new Date().toISOString(),
+            durationMs,
+            proposal,
+            brainAnalysis,
+            policySummaries,
+        };
+    }
+    /**
+     * Fetch policy summaries from the platform for tool description injection.
+     * Returns: ["Block PII Exfiltration: Prevents agents from exporting PII", ...]
+     */
+    async fetchPolicySummaries() {
+        const cacheKey = `${this.config.platformUrl}::${this.config.apiKey.slice(0, 8)}`;
+        const cached = policySummaryCache.get(cacheKey);
+        if (cached && Date.now() - cached.fetchedAt < this.config.policyCacheTtlMs) {
+            return cached.summaries;
+        }
+        try {
+            const res = await fetch(`${this.config.platformUrl}/api/v1/cedar/policies`, {
+                headers: { Authorization: `Bearer ${this.config.apiKey}` },
+            });
+            if (!res.ok)
+                return cached?.summaries ?? [];
+            const data = (await res.json());
+            const policies = (data.data ?? []).filter((p) => p.enabled);
+            const summaries = policies
+                .slice(0, MAX_POLICY_SUMMARIES)
+                .map((p) => {
+                const desc = p.description.length > MAX_SUMMARY_LENGTH
+                    ? p.description.slice(0, MAX_SUMMARY_LENGTH) + '...'
+                    : p.description;
+                return `${p.name}: ${desc}`;
+            });
+            policySummaryCache.set(cacheKey, { summaries, fetchedAt: Date.now() });
+            return summaries;
+        }
+        catch {
+            return cached?.summaries ?? [];
+        }
+    }
+    /** Cedar evaluation with tool-call-specific context. */
+    async evaluateToolCedar(proposal, priorChecks) {
+        try {
+            const piiCheck = priorChecks.find((c) => c.name === 'pii_detection');
+            const injectionCheck = priorChecks.find((c) => c.name === 'prompt_injection');
+            const context = {
+                tool_name: proposal.toolName,
+                tool_args_keys: Object.keys(proposal.toolArgs),
+                pii_detected: piiCheck ? !piiCheck.passed : false,
+                pii_types: piiCheck?.findings ?? [],
+                injection_detected: injectionCheck ? !injectionCheck.passed : false,
+                contains_pii_self_reported: proposal.containsPii,
+                data_summary: proposal.dataSummary.slice(0, 500),
+                reasoning: proposal.reasoning.slice(0, 500),
+                data_size: JSON.stringify(proposal.toolArgs).length,
+            };
+            const res = await fetch(`${this.config.platformUrl}/api/v1/cedar/evaluate`, {
+                method: 'POST',
+                headers: {
+                    'Content-Type': 'application/json',
+                    Authorization: `Bearer ${this.config.apiKey}`,
+                },
+                body: JSON.stringify({
+                    principal: { type: 'n8n::Agent', id: this.config.agentName },
+                    action: { type: 'n8n::Action', id: proposal.toolName },
+                    resource: { type: 'n8n::ToolCall', id: proposal.toolName },
+                    context,
+                }),
+            });
+            if (!res.ok) {
+                return { name: 'cedar_policy', passed: true, details: `Platform returned ${res.status} — failing open` };
+            }
+            const result = (await res.json());
+            const decision = (result.decision ?? 'allow').toLowerCase();
+            if (decision === 'deny') {
+                const reasons = result.diagnostic?.reasons ?? [`Policy denied tool: ${proposal.toolName}`];
+                return { name: 'cedar_policy', passed: false, details: reasons.join('; '), findings: reasons };
+            }
+            return { name: 'cedar_policy', passed: true, details: 'Cedar policy passed for tool call' };
+        }
+        catch {
+            return { name: 'cedar_policy', passed: true, details: 'Platform unreachable — failing open' };
+        }
+    }
+    /** Brain mode: LLM-powered contextual policy evaluation. */
+    async runBrainAnalysis(proposal, policySummaries, priorChecks) {
+        const startTime = Date.now();
+        try {
+            const baseUrl = (this.config.brainBaseUrl ?? 'https://api.openai.com/v1').replace(/\/+$/, '');
+            const model = this.config.brainMode.model ?? 'gpt-4o-mini';
+            const checksText = priorChecks
+                .map((c) => `- ${c.name}: ${c.passed ? 'PASS' : 'FAIL'} — ${c.details}`)
+                .join('\n');
+            const policiesText = policySummaries.length > 0
+                ? policySummaries.map((s, i) => `${i + 1}. ${s}`).join('\n')
+                : 'No specific policies configured.';
+            const userPrompt = [
+                `Tool: ${proposal.toolName}`,
+                `Arguments: ${JSON.stringify(proposal.toolArgs).slice(0, MAX_BRAIN_INPUT)}`,
+                `Reasoning: ${proposal.reasoning}`,
+                `Contains PII (self-reported): ${proposal.containsPii}`,
+                `Data summary: ${proposal.dataSummary}`,
+                '',
+                `Prior automated checks:\n${checksText}`,
+            ].join('\n');
+            const res = await fetch(`${baseUrl}/chat/completions`, {
+                method: 'POST',
+                headers: {
+                    'Content-Type': 'application/json',
+                    Authorization: `Bearer ${this.config.brainApiKey}`,
+                },
+                body: JSON.stringify({
+                    model,
+                    max_tokens: this.config.brainMode.maxTokens ?? 300,
+                    temperature: this.config.brainMode.temperature ?? 0.1,
+                    response_format: { type: 'json_object' },
+                    messages: [
+                        {
+                            role: 'system',
+                            content: `You are a security policy evaluator for AI agents. Evaluate whether the proposed action should be allowed based on active policies.\n\nActive policies:\n${policiesText}\n\nRespond with JSON: {"decision":"allow"|"deny"|"warn","reasoning":"...","confidence":0.0-1.0,"flagged_concerns":["..."]}`,
+                        },
+                        { role: 'user', content: userPrompt },
+                    ],
+                }),
+            });
+            if (!res.ok) {
+                return this.brainFailOpen(Date.now() - startTime);
+            }
+            const data = (await res.json());
+            const content = data.choices?.[0]?.message?.content ?? '';
+            const parsed = JSON.parse(content);
+            return {
+                decision: parsed.decision ?? 'allow',
+                reasoning: parsed.reasoning ?? 'No reasoning provided',
+                confidence: parsed.confidence ?? 0.5,
+                flaggedConcerns: parsed.flagged_concerns ?? [],
+                durationMs: Date.now() - startTime,
+            };
+        }
+        catch {
+            return this.brainFailOpen(Date.now() - startTime);
+        }
+    }
+    brainFailOpen(durationMs) {
+        return {
+            decision: 'allow',
+            reasoning: 'Brain mode unavailable — failing open',
+            confidence: 0,
+            flaggedConcerns: [],
+            durationMs,
+        };
+    }
+}
+exports.PolicyGateEvaluator = PolicyGateEvaluator;
+//# sourceMappingURL=policyGate.js.map

package/dist/lib/sidecar/policyGate.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"policyGate.js","sourceRoot":"","sources":["../../../lib/sidecar/policyGate.ts"],"names":[],"mappings":";AAAA;;;;;;;;;GASG;;;AAWH,2CAA+C;AAE/C,2DAA2D;AAC3D,MAAM,oBAAoB,GAAG,CAAC,CAAC;AAC/B,oCAAoC;AACpC,MAAM,kBAAkB,GAAG,GAAG,CAAC;AAC/B,oCAAoC;AACpC,MAAM,eAAe,GAAG,IAAI,CAAC;AAE7B,yCAAyC;AACzC,MAAM,kBAAkB,GAAG,IAAI,GAAG,EAAsD,CAAC;AAEzF,MAAa,mBAAmB;IAI9B,YAAY,MAAwB;QAClC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,gBAAgB,GAAG,IAAI,4BAAgB,CAAC,MAAM,CAAC,CAAC;IACvD,CAAC;IAED,iDAAiD;IACjD,KAAK,CAAC,gBAAgB,CAAC,QAA0B;QAC/C,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAC7B,MAAM,MAAM,GAAkB,EAAE,CAAC;QACjC,MAAM,UAAU,GAAgB,EAAE,CAAC;QAEnC,wEAAwE;QACxE,MAAM,QAAQ,GAAG,OAAO,QAAQ,CAAC,QAAQ,KAAK,QAAQ;YACpD,CAAC,CAAC,EAAE,GAAG,EAAE,QAAQ,CAAC,QAAQ,EAAE;YAC5B,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC;QACtB,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QAClE,MAAM,CAAC,IAAI,CAAC,GAAG,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,cAAc,CAAC,CAAC,CAAC;QAC3E,UAAU,CAAC,IAAI,CAAC,GAAG,UAAU,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,KAAK,cAAc,CAAC,CAAC,CAAC;QAEzF,iDAAiD;QACjD,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;QAClE,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QACxB,IAAI,CAAC,UAAU,CAAC,MAAM,EAAE,CAAC;YACvB,UAAU,CAAC,IAAI,CAAC;gBACd,UAAU,EAAE,cAAc;gBAC1B,MAAM,EAAE,UAAU,CAAC,OAAO;gBAC1B,QAAQ,EAAE,MAAM;aACjB,CAAC,CAAC;QACL,CAAC;QAED,yBAAyB;QACzB,IAAI,aAAwC,CAAC;QAC7C,IAAI,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,OAAO,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC;YAC7D,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,oBAAoB,EAAE,CAAC;YACpD,aAAa,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,QAAQ,EAAE,SAAS,EAAE,MAAM,CAAC,CAAC;YACzE,MAAM,CAAC,IAAI,CAAC;gBACV,IAAI,EAAE,gBAAgB;gBACtB,MAAM,EAAE,aAAa,CAAC,QAAQ,KAAK,MAAM;gBACzC,OAAO,EAAE,aAAa,CAAC,SAAS;gBAChC,QAAQ,EAAE,aAAa,CAAC,eAAe;aACxC,CAAC,CAAC;YACH,IAAI,aAAa,CAAC,QAAQ,KAAK,MAAM,EAAE,CAAC;gBACtC,UAAU,CAAC,IAAI,CAAC;oBACd,UAAU,EAAE,gBAAgB;oBAC5B,MAAM,EAAE,kBAAkB,aAAa,CAAC,SAAS,EAAE;oBACnD,QAAQ,EAAE,MAAM;iBACjB,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;QAC1C,MAAM,OAAO,GAAG,UAAU,CAAC,MAAM,KAAK,CAAC,IAAI,IAAI,CAAC,MAAM,CAAC,eAAe,KAAK,OAAO,CAAC;QACnF,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,oBAAoB,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC;QAE1E,OAAO;YACL,OAAO,EAAE,UAAU,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,OAAO;YACjD,WAAW,EAAE,IAAI,CAAC,MAAM,CAAC,eAAe;YACxC,UAAU;YACV,MAAM;YACN,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,UAAU;YACV,QAAQ;YACR,aAAa;YACb,eAAe;SAChB,CAAC;IACJ,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,oBAAoB;QACxB,MAAM,QAAQ,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,WAAW,KAAK,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC;QACjF,MAAM,MAAM,GAAG,kBAAkB,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QAChD,IAAI,MAAM,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,CAAC,SAAS,GAAG,IAAI,CAAC,MAAM,CAAC,gBAAgB,EAAE,CAAC;YAC3E,OAAO,MAAM,CAAC,SAAS,CAAC;QAC1B,CAAC;QAED,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC,WAAW,wBAAwB,EAAE;gBAC1E,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,EAAE;aAC3D,CAAC,CAAC;YACH,IAAI,CAAC,GAAG,CAAC,EAAE;gBAAE,OAAO,MAAM,EAAE,SAAS,IAAI,EAAE,CAAC;YAE5C,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAA6B,CAAC;YAC5D,MAAM,QAAQ,GAAG,CAAC,IAAI,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;YAE5D,MAAM,SAAS,GAAG,QAAQ;iBACvB,KAAK,CAAC,CAAC,EAAE,oBAAoB,CAAC;iBAC9B,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;gBACT,MAAM,IAAI,GAAG,CAAC,CAAC,WAAW,CAAC,MAAM,GAAG,kBAAkB;oBACpD,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,kBAAkB,CAAC,GAAG,KAAK;oBACpD,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC;gBAClB,OAAO,GAAG,CAAC,CAAC,IAAI,KAAK,IAAI,EAAE,CAAC;YAC9B,CAAC,CAAC,CAAC;YAEL,kBAAkB,CAAC,GAAG,CAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;YACvE,OAAO,SAAS,CAAC;QACnB,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,MAAM,EAAE,SAAS,IAAI,EAAE,CAAC;QACjC,CAAC;IACH,CAAC;IAED,wDAAwD;IAChD,KAAK,CAAC,iBAAiB,CAC7B,QAA0B,EAC1B,WAA0B;QAE1B,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,eAAe,CAAC,CAAC;YACrE,MAAM,cAAc,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,kBAAkB,CAAC,CAAC;YAE9E,MAAM,OAAO,GAA4B;gBACvC,SAAS,EAAE,QAAQ,CAAC,QAAQ;gBAC5B,cAAc,EAAE,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC;gBAC9C,YAAY,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK;gBACjD,SAAS,EAAE,QAAQ,EAAE,QAAQ,IAAI,EAAE;gBACnC,kBAAkB,EAAE,cAAc,CAAC,CAAC,CAAC,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK;gBACnE,0BAA0B,EAAE,QAAQ,CAAC,WAAW;gBAChD,YAAY,EAAE,QAAQ,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;gBAChD,SAAS,EAAE,QAAQ,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;gBAC3C,SAAS,EAAE,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,MAAM;aACpD,CAAC;YAEF,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC,WAAW,wBAAwB,EAAE;gBAC1E,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE;oBACP,cAAc,EAAE,kBAAkB;oBAClC,aAAa,EAAE,UAAU,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE;iBAC9C;gBACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;oBACnB,SAAS,EAAE,EAAE,IAAI,EAAE,YAAY,EAAE,EAAE,EAAE,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE;oBAC5D,MAAM,EAAE,EAAE,IAAI,EAAE,aAAa,EAAE,EAAE,EAAE,QAAQ,CAAC,QAAQ,EAAE;oBACtD,QAAQ,EAAE,EAAE,IAAI,EAAE,eAAe,EAAE,EAAE,EAAE,QAAQ,CAAC,QAAQ,EAAE;oBAC1D,OAAO;iBACR,CAAC;aACH,CAAC,CAAC;YAEH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;gBACZ,OAAO,EAAE,IAAI,EAAE,cAAc,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,qBAAqB,GAAG,CAAC,MAAM,iBAAiB,EAAE,CAAC;YAC3G,CAAC;YAED,MAAM,MAAM,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAG/B,CAAC;YAEF,MAAM,QAAQ,GAAG,CAAC,MAAM,CAAC,QAAQ,IAAI,OAAO,CAAC,CAAC,WAAW,EAAE,CAAC;YAC5D,IAAI,QAAQ,KAAK,MAAM,EAAE,CAAC;gBACxB,MAAM,OAAO,GAAG,MAAM,CAAC,UAAU,EAAE,OAAO,IAAI,CAAC,uBAAuB,QAAQ,CAAC,QAAQ,EAAE,CAAC,CAAC;gBAC3F,OAAO,EAAE,IAAI,EAAE,cAAc,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC;YACjG,CAAC;YAED,OAAO,EAAE,IAAI,EAAE,cAAc,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,mCAAmC,EAAE,CAAC;QAC9F,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,EAAE,IAAI,EAAE,cAAc,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,qCAAqC,EAAE,CAAC;QAChG,CAAC;IACH,CAAC;IAED,4DAA4D;IAC5D,KAAK,CAAC,gBAAgB,CACpB,QAA0B,EAC1B,eAAyB,EACzB,WAA0B;QAE1B,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAC7B,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,YAAY,IAAI,2BAA2B,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;YAC9F,MAAM,KAAK,GAAG,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,IAAI,aAAa,CAAC;YAE3D,MAAM,UAAU,GAAG,WAAW;iBAC3B,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,MAAM,CAAC,CAAC,OAAO,EAAE,CAAC;iBACvE,IAAI,CAAC,IAAI,CAAC,CAAC;YAEd,MAAM,YAAY,GAAG,eAAe,CAAC,MAAM,GAAG,CAAC;gBAC7C,CAAC,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC;gBAC5D,CAAC,CAAC,kCAAkC,CAAC;YAEvC,MAAM,UAAU,GAAG;gBACjB,SAAS,QAAQ,CAAC,QAAQ,EAAE;gBAC5B,cAAc,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,eAAe,CAAC,EAAE;gBAC3E,cAAc,QAAQ,CAAC,SAAS,EAAE;gBAClC,iCAAiC,QAAQ,CAAC,WAAW,EAAE;gBACvD,iBAAiB,QAAQ,CAAC,WAAW,EAAE;gBACvC,EAAE;gBACF,4BAA4B,UAAU,EAAE;aACzC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAEb,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,OAAO,mBAAmB,EAAE;gBACrD,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE;oBACP,cAAc,EAAE,kBAAkB;oBAClC,aAAa,EAAE,UAAU,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE;iBACnD;gBACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;oBACnB,KAAK;oBACL,UAAU,EAAE,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,SAAS,IAAI,GAAG;oBAClD,WAAW,EAAE,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,WAAW,IAAI,GAAG;oBACrD,eAAe,EAAE,EAAE,IAAI,EAAE,aAAa,EAAE;oBACxC,QAAQ,EAAE;wBACR;4BACE,IAAI,EAAE,QAAQ;4BACd,OAAO,EAAE,4JAA4J,YAAY,6HAA6H;yBAC/S;wBACD,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE;qBACtC;iBACF,CAAC;aACH,CAAC,CAAC;YAEH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;gBACZ,OAAO,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC,CAAC;YACpD,CAAC;YAED,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAE7B,CAAC;YACF,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,OAAO,IAAI,EAAE,CAAC;YAC1D,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAKhC,CAAC;YAEF,OAAO;gBACL,QAAQ,EAAG,MAAM,CAAC,QAAsC,IAAI,OAAO;gBACnE,SAAS,EAAE,MAAM,CAAC,SAAS,IAAI,uBAAuB;gBACtD,UAAU,EAAE,MAAM,CAAC,UAAU,IAAI,GAAG;gBACpC,eAAe,EAAE,MAAM,CAAC,gBAAgB,IAAI,EAAE;gBAC9C,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;aACnC,CAAC;QACJ,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC,CAAC;QACpD,CAAC;IACH,CAAC;IAEO,aAAa,CAAC,UAAkB;QACtC,OAAO;YACL,QAAQ,EAAE,OAAO;YACjB,SAAS,EAAE,uCAAuC;YAClD,UAAU,EAAE,CAAC;YACb,eAAe,EAAE,EAAE;YACnB,UAAU;SACX,CAAC;IACJ,CAAC;CACF;AAzPD,kDAyPC"}

package/dist/lib/sidecar/reporter.d.ts

@@ -6,7 +6,7 @@
  * processes), this reporter flushes synchronously at the end of node execution
  * since n8n nodes are short-lived.
  */
-import type { SidecarEvent, EvaluationResult } from './types';
+import type { SidecarEvent, EvaluationResult, PolicyGateResult } from './types';
 export declare class SidecarReporter {
     private platformUrl;
     private apiKey;
@@ -24,5 +24,7 @@ export declare class SidecarReporter {
     flush(): Promise<void>;
     /** Create a structured event from an evaluation result. */
     createEvaluationEvent(result: EvaluationResult, inputData: Record<string, unknown>, nodeName: string, workflowId?: string): SidecarEvent;
+    /** Create a structured event from a policy gate (tool-call) result. */
+    createToolCallEvent(result: PolicyGateResult, nodeName: string, workflowId?: string): SidecarEvent;
 }
 //# sourceMappingURL=reporter.d.ts.map

package/dist/lib/sidecar/reporter.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"reporter.d.ts","sourceRoot":"","sources":["../../../lib/sidecar/reporter.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAGH,OAAO,KAAK,EAAE,YAAY,EAAoB,gBAAgB,EAAE,MAAM,SAAS,CAAC;AAShF,qBAAa,eAAe;IAC1B,OAAO,CAAC,WAAW,CAAS;IAC5B,OAAO,CAAC,MAAM,CAAS;IACvB,OAAO,CAAC,SAAS,CAAS;IAC1B,OAAO,CAAC,UAAU,CAAsB;gBAE5B,WAAW,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM;IAMlE;;;OAGG;IACG,gBAAgB,IAAI,OAAO,CAAC,MAAM,CAAC;IAoCzC,0CAA0C;IAC1C,KAAK,CAAC,KAAK,EAAE,YAAY,GAAG,IAAI;IAKhC,0DAA0D;IACpD,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAqC5B,2DAA2D;IAC3D,qBAAqB,CACnB,MAAM,EAAE,gBAAgB,EACxB,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAClC,QAAQ,EAAE,MAAM,EAChB,UAAU,CAAC,EAAE,MAAM,GAClB,YAAY;CAsChB"}
+{"version":3,"file":"reporter.d.ts","sourceRoot":"","sources":["../../../lib/sidecar/reporter.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAGH,OAAO,KAAK,EAAE,YAAY,EAAoB,gBAAgB,EAAE,gBAAgB,EAAE,MAAM,SAAS,CAAC;AAUlG,qBAAa,eAAe;IAC1B,OAAO,CAAC,WAAW,CAAS;IAC5B,OAAO,CAAC,MAAM,CAAS;IACvB,OAAO,CAAC,SAAS,CAAS;IAC1B,OAAO,CAAC,UAAU,CAAsB;gBAE5B,WAAW,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM;IAMlE;;;OAGG;IACG,gBAAgB,IAAI,OAAO,CAAC,MAAM,CAAC;IAoCzC,0CAA0C;IAC1C,KAAK,CAAC,KAAK,EAAE,YAAY,GAAG,IAAI;IAKhC,0DAA0D;IACpD,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAqC5B,2DAA2D;IAC3D,qBAAqB,CACnB,MAAM,EAAE,gBAAgB,EACxB,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAClC,QAAQ,EAAE,MAAM,EAChB,UAAU,CAAC,EAAE,MAAM,GAClB,YAAY;IAuCf,uEAAuE;IACvE,mBAAmB,CACjB,MAAM,EAAE,gBAAgB,EACxB,QAAQ,EAAE,MAAM,EAChB,UAAU,CAAC,EAAE,MAAM,GAClB,YAAY;CA+ChB"}

package/dist/lib/sidecar/reporter.js

@@ -10,6 +10,7 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.SidecarReporter = void 0;
 const crypto_1 = require("crypto");
+const types_1 = require("./types");
 const MAX_QUEUE_SIZE = 10_000;
 const BATCH_SIZE = 100;
 const MAX_EVENT_PAYLOAD_SIZE = 10_000; // 10 KB per event payload
@@ -138,6 +139,50 @@ class SidecarReporter {
             timestamp: result.timestamp,
         };
     }
+    /** Create a structured event from a policy gate (tool-call) result. */
+    createToolCallEvent(result, nodeName, workflowId) {
+        const hasViolations = result.violations.length > 0;
+        let eventType;
+        if (!hasViolations) {
+            eventType = types_1.SidecarEventType.TOOL_CALL_APPROVED;
+        }
+        else if (result.enforcement === 'block') {
+            eventType = types_1.SidecarEventType.TOOL_CALL_DENIED;
+        }
+        else {
+            eventType = types_1.SidecarEventType.TOOL_CALL_WARNED;
+        }
+        const payload = {
+            agent_name: this.agentName,
+            node_name: nodeName,
+            tool_name: result.proposal.toolName,
+            decision: hasViolations ? 'deny' : 'allow',
+            enforcement_mode: result.enforcement,
+            duration_ms: result.durationMs,
+            violations_count: result.violations.length,
+            violations: result.violations.map((v) => ({ policy: v.policyName, reason: v.reason, severity: v.severity })),
+            checks: Object.fromEntries(result.checks.map((c) => [c.name, { passed: c.passed }])),
+        };
+        if (result.brainAnalysis) {
+            payload.brain_analysis = {
+                decision: result.brainAnalysis.decision,
+                confidence: result.brainAnalysis.confidence,
+                reasoning: result.brainAnalysis.reasoning.slice(0, 500),
+            };
+        }
+        if (workflowId)
+            payload.workflow_id = workflowId;
+        return {
+            id: (0, crypto_1.randomUUID)(),
+            type: eventType,
+            agentName: this.agentName,
+            workflowId,
+            nodeName,
+            payload,
+            result: hasViolations ? 'deny' : 'allow',
+            timestamp: result.timestamp,
+        };
+    }
 }
 exports.SidecarReporter = SidecarReporter;
 //# sourceMappingURL=reporter.js.map

package/dist/lib/sidecar/reporter.js.map

@@ -1 +1 @@
-{"version":3,"file":"reporter.js","sourceRoot":"","sources":["../../../lib/sidecar/reporter.ts"],"names":[],"mappings":";AAAA;;;;;;;GAOG;;;AAEH,mCAAoC;AAGpC,MAAM,cAAc,GAAG,MAAM,CAAC;AAC9B,MAAM,UAAU,GAAG,GAAG,CAAC;AACvB,MAAM,sBAAsB,GAAG,MAAM,CAAC,CAAC,0BAA0B;AAEjE,wFAAwF;AACxF,MAAM,sBAAsB,GAAG,IAAI,GAAG,EAAkB,CAAC;AAEzD,MAAa,eAAe;IAM1B,YAAY,WAAmB,EAAE,MAAc,EAAE,SAAiB;QAF1D,eAAU,GAAmB,EAAE,CAAC;QAGtC,IAAI,CAAC,WAAW,GAAG,WAAW,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;QACnD,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,SAAS,GAAG,SAAS,CAAC;IAC7B,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,gBAAgB;QACpB,MAAM,QAAQ,GAAG,GAAG,IAAI,CAAC,SAAS,KAAK,IAAI,CAAC,WAAW,EAAE,CAAC;QAC1D,MAAM,MAAM,GAAG,sBAAsB,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QACpD,IAAI,MAAM;YAAE,OAAO,MAAM,CAAC;QAE1B,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,IAAI,CAAC,WAAW,yBAAyB,EAAE;gBACpE,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE;oBACP,cAAc,EAAE,kBAAkB;oBAClC,aAAa,EAAE,UAAU,IAAI,CAAC,MAAM,EAAE;iBACvC;gBACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;oBACnB,IAAI,EAAE,IAAI,CAAC,SAAS;oBACpB,SAAS,EAAE,KAAK;oBAChB,QAAQ,EAAE;wBACR,WAAW,EAAE,OAAO;wBACpB,OAAO,EAAE,UAAU;wBACnB,SAAS,EAAE,gBAAgB;qBAC5B;iBACF,CAAC;aACH,CAAC,CAAC;YAEH,IAAI,GAAG,CAAC,EAAE,EAAE,CAAC;gBACX,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAA0B,CAAC;gBACzD,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,IAAI,cAAc,CAAC;gBAChD,sBAAsB,CAAC,GAAG,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;gBAC9C,OAAO,OAAO,CAAC;YACjB,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,oCAAoC;QACtC,CAAC;QAED,OAAO,cAAc,CAAC;IACxB,CAAC;IAED,0CAA0C;IAC1C,KAAK,CAAC,KAAmB;QACvB,IAAI,IAAI,CAAC,UAAU,CAAC,MAAM,IAAI,cAAc;YAAE,OAAO;QACrD,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC9B,CAAC;IAED,0DAA0D;IAC1D,KAAK,CAAC,KAAK;QACT,IAAI,IAAI,CAAC,UAAU,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO;QAEzC,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,gBAAgB,EAAE,CAAC;QAC9C,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;QAEzC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,IAAI,UAAU,EAAE,CAAC;YACnD,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,GAAG,UAAU,CAAC,CAAC;YAC9C,IAAI,CAAC;gBACH,MAAM,KAAK,CAAC,GAAG,IAAI,CAAC,WAAW,sBAAsB,EAAE;oBACrD,MAAM,EAAE,MAAM;oBACd,OAAO,EAAE;wBACP,cAAc,EAAE,kBAAkB;wBAClC,aAAa,EAAE,UAAU,IAAI,CAAC,MAAM,EAAE;qBACvC;oBACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;wBACnB,MAAM,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;4BACxB,EAAE,EAAE,CAAC,CAAC,EAAE;4BACR,IAAI,EAAE,CAAC,CAAC,IAAI;4BACZ,IAAI,EAAE,eAAe,CAAC,CAAC,IAAI,EAAE;4BAC7B,OAAO,EAAE,CAAC,CAAC,OAAO;4BAClB,QAAQ,EAAE;gCACR,QAAQ,EAAE,OAAO;gCACjB,UAAU,EAAE,CAAC,CAAC,SAAS;gCACvB,WAAW,EAAE,OAAO;gCACpB,OAAO,EAAE,UAAU;6BACpB;4BACD,SAAS,EAAE,CAAC,CAAC,SAAS;yBACvB,CAAC,CAAC;qBACJ,CAAC;iBACH,CAAC,CAAC;YACL,CAAC;YAAC,MAAM,CAAC;gBACP,qCAAqC;YACvC,CAAC;QACH,CAAC;IACH,CAAC;IAED,2DAA2D;IAC3D,qBAAqB,CACnB,MAAwB,EACxB,SAAkC,EAClC,QAAgB,EAChB,UAAmB;QAEnB,MAAM,aAAa,GAAG,MAAM,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC;QACnD,MAAM,OAAO,GAA4B;YACvC,UAAU,EAAE,IAAI,CAAC,SAAS;YAC1B,SAAS,EAAE,QAAQ;YACnB,gBAAgB,EAAE,MAAM,CAAC,WAAW;YACpC,QAAQ,EAAE,aAAa,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO;YAC1C,WAAW,EAAE,MAAM,CAAC,UAAU;YAC9B,gBAAgB,EAAE,MAAM,CAAC,UAAU,CAAC,MAAM;YAC1C,MAAM,EAAE,MAAM,CAAC,WAAW,CACxB,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;gBACvB,CAAC,CAAC,IAAI;gBACN,EAAE,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE;aAC9E,CAAC,CACH;SACF,CAAC;QAEF,IAAI,UAAU;YAAE,OAAO,CAAC,WAAW,GAAG,UAAU,CAAC;QAEjD,+BAA+B;QAC/B,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;QAC3C,IAAI,UAAU,CAAC,MAAM,GAAG,sBAAsB,EAAE,CAAC;YAC/C,OAAO,CAAC,MAAM,GAAG,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC;QACvC,CAAC;QAED,OAAO;YACL,EAAE,EAAE,IAAA,mBAAU,GAAE;YAChB,IAAI,EAAE,MAAM,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC;gBAChC,CAAC,CAAE,mBAAwC;gBAC3C,CAAC,CAAE,mBAAwC;YAC7C,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,UAAU;YACV,QAAQ;YACR,OAAO;YACP,MAAM,EAAE,aAAa,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO;YACxC,SAAS,EAAE,MAAM,CAAC,SAAS;SAC5B,CAAC;IACJ,CAAC;CACF;AA5ID,0CA4IC"}
+{"version":3,"file":"reporter.js","sourceRoot":"","sources":["../../../lib/sidecar/reporter.ts"],"names":[],"mappings":";AAAA;;;;;;;GAOG;;;AAEH,mCAAoC;AAEpC,mCAAwD;AAExD,MAAM,cAAc,GAAG,MAAM,CAAC;AAC9B,MAAM,UAAU,GAAG,GAAG,CAAC;AACvB,MAAM,sBAAsB,GAAG,MAAM,CAAC,CAAC,0BAA0B;AAEjE,wFAAwF;AACxF,MAAM,sBAAsB,GAAG,IAAI,GAAG,EAAkB,CAAC;AAEzD,MAAa,eAAe;IAM1B,YAAY,WAAmB,EAAE,MAAc,EAAE,SAAiB;QAF1D,eAAU,GAAmB,EAAE,CAAC;QAGtC,IAAI,CAAC,WAAW,GAAG,WAAW,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;QACnD,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,SAAS,GAAG,SAAS,CAAC;IAC7B,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,gBAAgB;QACpB,MAAM,QAAQ,GAAG,GAAG,IAAI,CAAC,SAAS,KAAK,IAAI,CAAC,WAAW,EAAE,CAAC;QAC1D,MAAM,MAAM,GAAG,sBAAsB,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QACpD,IAAI,MAAM;YAAE,OAAO,MAAM,CAAC;QAE1B,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,IAAI,CAAC,WAAW,yBAAyB,EAAE;gBACpE,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE;oBACP,cAAc,EAAE,kBAAkB;oBAClC,aAAa,EAAE,UAAU,IAAI,CAAC,MAAM,EAAE;iBACvC;gBACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;oBACnB,IAAI,EAAE,IAAI,CAAC,SAAS;oBACpB,SAAS,EAAE,KAAK;oBAChB,QAAQ,EAAE;wBACR,WAAW,EAAE,OAAO;wBACpB,OAAO,EAAE,UAAU;wBACnB,SAAS,EAAE,gBAAgB;qBAC5B;iBACF,CAAC;aACH,CAAC,CAAC;YAEH,IAAI,GAAG,CAAC,EAAE,EAAE,CAAC;gBACX,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAA0B,CAAC;gBACzD,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,IAAI,cAAc,CAAC;gBAChD,sBAAsB,CAAC,GAAG,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;gBAC9C,OAAO,OAAO,CAAC;YACjB,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,oCAAoC;QACtC,CAAC;QAED,OAAO,cAAc,CAAC;IACxB,CAAC;IAED,0CAA0C;IAC1C,KAAK,CAAC,KAAmB;QACvB,IAAI,IAAI,CAAC,UAAU,CAAC,MAAM,IAAI,cAAc;YAAE,OAAO;QACrD,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC9B,CAAC;IAED,0DAA0D;IAC1D,KAAK,CAAC,KAAK;QACT,IAAI,IAAI,CAAC,UAAU,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO;QAEzC,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,gBAAgB,EAAE,CAAC;QAC9C,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;QAEzC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,IAAI,UAAU,EAAE,CAAC;YACnD,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,GAAG,UAAU,CAAC,CAAC;YAC9C,IAAI,CAAC;gBACH,MAAM,KAAK,CAAC,GAAG,IAAI,CAAC,WAAW,sBAAsB,EAAE;oBACrD,MAAM,EAAE,MAAM;oBACd,OAAO,EAAE;wBACP,cAAc,EAAE,kBAAkB;wBAClC,aAAa,EAAE,UAAU,IAAI,CAAC,MAAM,EAAE;qBACvC;oBACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;wBACnB,MAAM,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;4BACxB,EAAE,EAAE,CAAC,CAAC,EAAE;4BACR,IAAI,EAAE,CAAC,CAAC,IAAI;4BACZ,IAAI,EAAE,eAAe,CAAC,CAAC,IAAI,EAAE;4BAC7B,OAAO,EAAE,CAAC,CAAC,OAAO;4BAClB,QAAQ,EAAE;gCACR,QAAQ,EAAE,OAAO;gCACjB,UAAU,EAAE,CAAC,CAAC,SAAS;gCACvB,WAAW,EAAE,OAAO;gCACpB,OAAO,EAAE,UAAU;6BACpB;4BACD,SAAS,EAAE,CAAC,CAAC,SAAS;yBACvB,CAAC,CAAC;qBACJ,CAAC;iBACH,CAAC,CAAC;YACL,CAAC;YAAC,MAAM,CAAC;gBACP,qCAAqC;YACvC,CAAC;QACH,CAAC;IACH,CAAC;IAED,2DAA2D;IAC3D,qBAAqB,CACnB,MAAwB,EACxB,SAAkC,EAClC,QAAgB,EAChB,UAAmB;QAEnB,MAAM,aAAa,GAAG,MAAM,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC;QACnD,MAAM,OAAO,GAA4B;YACvC,UAAU,EAAE,IAAI,CAAC,SAAS;YAC1B,SAAS,EAAE,QAAQ;YACnB,gBAAgB,EAAE,MAAM,CAAC,WAAW;YACpC,QAAQ,EAAE,aAAa,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO;YAC1C,WAAW,EAAE,MAAM,CAAC,UAAU;YAC9B,gBAAgB,EAAE,MAAM,CAAC,UAAU,CAAC,MAAM;YAC1C,MAAM,EAAE,MAAM,CAAC,WAAW,CACxB,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;gBACvB,CAAC,CAAC,IAAI;gBACN,EAAE,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE;aAC9E,CAAC,CACH;SACF,CAAC;QAEF,IAAI,UAAU;YAAE,OAAO,CAAC,WAAW,GAAG,UAAU,CAAC;QAEjD,+BAA+B;QAC/B,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;QAC3C,IAAI,UAAU,CAAC,MAAM,GAAG,sBAAsB,EAAE,CAAC;YAC/C,OAAO,CAAC,MAAM,GAAG,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC;QACvC,CAAC;QAED,OAAO;YACL,EAAE,EAAE,IAAA,mBAAU,GAAE;YAChB,IAAI,EAAE,MAAM,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC;gBAChC,CAAC,CAAE,mBAAwC;gBAC3C,CAAC,CAAE,mBAAwC;YAC7C,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,UAAU;YACV,QAAQ;YACR,OAAO;YACP,MAAM,EAAE,aAAa,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO;YACxC,SAAS,EAAE,MAAM,CAAC,SAAS;SAC5B,CAAC;IACJ,CAAC;IAED,uEAAuE;IACvE,mBAAmB,CACjB,MAAwB,EACxB,QAAgB,EAChB,UAAmB;QAEnB,MAAM,aAAa,GAAG,MAAM,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC;QAEnD,IAAI,SAA2B,CAAC;QAChC,IAAI,CAAC,aAAa,EAAE,CAAC;YACnB,SAAS,GAAG,wBAAS,CAAC,kBAAkB,CAAC;QAC3C,CAAC;aAAM,IAAI,MAAM,CAAC,WAAW,KAAK,OAAO,EAAE,CAAC;YAC1C,SAAS,GAAG,wBAAS,CAAC,gBAAgB,CAAC;QACzC,CAAC;aAAM,CAAC;YACN,SAAS,GAAG,wBAAS,CAAC,gBAAgB,CAAC;QACzC,CAAC;QAED,MAAM,OAAO,GAA4B;YACvC,UAAU,EAAE,IAAI,CAAC,SAAS;YAC1B,SAAS,EAAE,QAAQ;YACnB,SAAS,EAAE,MAAM,CAAC,QAAQ,CAAC,QAAQ;YACnC,QAAQ,EAAE,aAAa,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO;YAC1C,gBAAgB,EAAE,MAAM,CAAC,WAAW;YACpC,WAAW,EAAE,MAAM,CAAC,UAAU;YAC9B,gBAAgB,EAAE,MAAM,CAAC,UAAU,CAAC,MAAM;YAC1C,UAAU,EAAE,MAAM,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC,UAAU,EAAE,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,QAAQ,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC;YAC5G,MAAM,EAAE,MAAM,CAAC,WAAW,CACxB,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,CACzD;SACF,CAAC;QAEF,IAAI,MAAM,CAAC,aAAa,EAAE,CAAC;YACzB,OAAO,CAAC,cAAc,GAAG;gBACvB,QAAQ,EAAE,MAAM,CAAC,aAAa,CAAC,QAAQ;gBACvC,UAAU,EAAE,MAAM,CAAC,aAAa,CAAC,UAAU;gBAC3C,SAAS,EAAE,MAAM,CAAC,aAAa,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;aACxD,CAAC;QACJ,CAAC;QAED,IAAI,UAAU;YAAE,OAAO,CAAC,WAAW,GAAG,UAAU,CAAC;QAEjD,OAAO;YACL,EAAE,EAAE,IAAA,mBAAU,GAAE;YAChB,IAAI,EAAE,SAAS;YACf,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,UAAU;YACV,QAAQ;YACR,OAAO;YACP,MAAM,EAAE,aAAa,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO;YACxC,SAAS,EAAE,MAAM,CAAC,SAAS;SAC5B,CAAC;IACJ,CAAC;CACF;AAjMD,0CAiMC"}

package/dist/lib/sidecar/toolInterceptor.d.ts

@@ -0,0 +1,37 @@
+/**
+ * Trusera Tool Interceptor — prompt-injection-proof policy enforcement.
+ *
+ * Monkey-patches BaseTool.prototype.invoke to intercept ALL tool calls
+ * before they execute. This runs at the JavaScript runtime level, so
+ * no LLM prompt injection can bypass it.
+ *
+ * Pattern ported from the Python SDK's TruseraLangChainInterceptor
+ * (which patches BaseTool._run).
+ */
+import type { PolicyGateEvaluator } from './policyGate';
+import type { SidecarReporter } from './reporter';
+import type { EnforcementMode } from './types';
+export declare class TruseraToolInterceptor {
+    private originalInvoke;
+    private installed;
+    /**
+     * Install the monkey-patch on BaseTool.prototype.invoke.
+     * After this, ALL tool calls go through policy evaluation before executing.
+     */
+    install(evaluator: PolicyGateEvaluator, reporter: SidecarReporter, enforcement: EnforcementMode): void;
+    /**
+     * Install on a specific target object (for testing without @langchain/core).
+     * @internal
+     */
+    _installOnTarget(target: {
+        prototype: {
+            invoke: Function;
+        };
+    }, evaluator: PolicyGateEvaluator, reporter: SidecarReporter, enforcement: EnforcementMode): void;
+    private _target;
+    /** Restore the original BaseTool.prototype.invoke. */
+    uninstall(): void;
+    /** Whether the interceptor is currently active. */
+    isInstalled(): boolean;
+}
+//# sourceMappingURL=toolInterceptor.d.ts.map

package/dist/lib/sidecar/toolInterceptor.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"toolInterceptor.d.ts","sourceRoot":"","sources":["../../../lib/sidecar/toolInterceptor.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,cAAc,CAAC;AACxD,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAClD,OAAO,KAAK,EAAE,eAAe,EAAoB,MAAM,SAAS,CAAC;AAKjE,qBAAa,sBAAsB;IACjC,OAAO,CAAC,cAAc,CAAyB;IAC/C,OAAO,CAAC,SAAS,CAAS;IAE1B;;;OAGG;IACH,OAAO,CACL,SAAS,EAAE,mBAAmB,EAC9B,QAAQ,EAAE,eAAe,EACzB,WAAW,EAAE,eAAe,GAC3B,IAAI;IAcP;;;OAGG;IACH,gBAAgB,CACd,MAAM,EAAE;QAAE,SAAS,EAAE;YAAE,MAAM,EAAE,QAAQ,CAAA;SAAE,CAAA;KAAE,EAC3C,SAAS,EAAE,mBAAmB,EAC9B,QAAQ,EAAE,eAAe,EACzB,WAAW,EAAE,eAAe,GAC3B,IAAI;IA6DP,OAAO,CAAC,OAAO,CAAa;IAE5B,sDAAsD;IACtD,SAAS,IAAI,IAAI;IAgBjB,mDAAmD;IACnD,WAAW,IAAI,OAAO;CAGvB"}

package/dist/lib/sidecar/toolInterceptor.js

@@ -0,0 +1,113 @@
+"use strict";
+/**
+ * Trusera Tool Interceptor — prompt-injection-proof policy enforcement.
+ *
+ * Monkey-patches BaseTool.prototype.invoke to intercept ALL tool calls
+ * before they execute. This runs at the JavaScript runtime level, so
+ * no LLM prompt injection can bypass it.
+ *
+ * Pattern ported from the Python SDK's TruseraLangChainInterceptor
+ * (which patches BaseTool._run).
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.TruseraToolInterceptor = void 0;
+/** The name of our own gate tool — skip intercepting it to avoid infinite loops. */
+const GATE_TOOL_NAME = 'trusera_policy_gate';
+class TruseraToolInterceptor {
+    constructor() {
+        this.originalInvoke = null;
+        this.installed = false;
+        // eslint-disable-next-line @typescript-eslint/no-explicit-any
+        this._target = null;
+    }
+    /**
+     * Install the monkey-patch on BaseTool.prototype.invoke.
+     * After this, ALL tool calls go through policy evaluation before executing.
+     */
+    install(evaluator, reporter, enforcement) {
+        if (this.installed)
+            return;
+        let BaseTool;
+        try {
+            BaseTool = require('@langchain/core/tools').BaseTool;
+        }
+        catch {
+            // @langchain/core not available — skip installation silently
+            return;
+        }
+        this._installOnTarget(BaseTool, evaluator, reporter, enforcement);
+    }
+    /**
+     * Install on a specific target object (for testing without @langchain/core).
+     * @internal
+     */
+    _installOnTarget(target, evaluator, reporter, enforcement) {
+        if (this.installed)
+            return;
+        this._target = target;
+        this.originalInvoke = target.prototype.invoke;
+        const self = this;
+        target.prototype.invoke = async function (input, config) {
+            const toolName = this.name ?? 'unknown';
+            // Don't intercept our own policy gate tool
+            if (toolName === GATE_TOOL_NAME) {
+                return self.originalInvoke.call(this, input, config);
+            }
+            // Build a proposal from the tool call
+            const toolArgs = typeof input === 'object' && input !== null
+                ? input
+                : { raw: String(input) };
+            const proposal = {
+                toolName,
+                toolArgs,
+                reasoning: '',
+                containsPii: false,
+                dataSummary: JSON.stringify(toolArgs).slice(0, 500),
+            };
+            // Evaluate against policies
+            const result = await evaluator.evaluateToolCall(proposal);
+            // Report the event (fire-and-forget)
+            reporter.track(reporter.createToolCallEvent(result, 'TruseraInterceptor'));
+            reporter.flush().catch(() => { });
+            // Enforce
+            if (result.violations.length > 0) {
+                const reasons = result.violations.map((v) => v.reason).join('; ');
+                if (enforcement === 'block') {
+                    throw new Error(`[Trusera] BLOCKED: ${toolName} — ${reasons}`);
+                }
+                if (enforcement === 'warn') {
+                    console.warn(`[Trusera] WARNING on ${toolName}: ${reasons}`);
+                }
+                // log mode: continue silently
+            }
+            // Call the original invoke
+            return self.originalInvoke.call(this, input, config);
+        };
+        this.installed = true;
+    }
+    /** Restore the original BaseTool.prototype.invoke. */
+    uninstall() {
+        if (!this.installed || !this.originalInvoke)
+            return;
+        const target = this._target ?? (() => {
+            try {
+                return require('@langchain/core/tools').BaseTool;
+            }
+            catch {
+                return null;
+            }
+        })();
+        if (target) {
+            target.prototype.invoke = this.originalInvoke;
+        }
+        this.originalInvoke = null;
+        this._target = null;
+        this.installed = false;
+    }
+    /** Whether the interceptor is currently active. */
+    isInstalled() {
+        return this.installed;
+    }
+}
+exports.TruseraToolInterceptor = TruseraToolInterceptor;
+//# sourceMappingURL=toolInterceptor.js.map

package/dist/lib/sidecar/toolInterceptor.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"toolInterceptor.js","sourceRoot":"","sources":["../../../lib/sidecar/toolInterceptor.ts"],"names":[],"mappings":";AAAA;;;;;;;;;GASG;;;AAMH,oFAAoF;AACpF,MAAM,cAAc,GAAG,qBAAqB,CAAC;AAE7C,MAAa,sBAAsB;IAAnC;QACU,mBAAc,GAAoB,IAAI,CAAC;QACvC,cAAS,GAAG,KAAK,CAAC;QA6F1B,8DAA8D;QACtD,YAAO,GAAQ,IAAI,CAAC;IAuB9B,CAAC;IAnHC;;;OAGG;IACH,OAAO,CACL,SAA8B,EAC9B,QAAyB,EACzB,WAA4B;QAE5B,IAAI,IAAI,CAAC,SAAS;YAAE,OAAO;QAE3B,IAAI,QAAa,CAAC;QAClB,IAAI,CAAC;YACH,QAAQ,GAAG,OAAO,CAAC,uBAAuB,CAAC,CAAC,QAAQ,CAAC;QACvD,CAAC;QAAC,MAAM,CAAC;YACP,6DAA6D;YAC7D,OAAO;QACT,CAAC;QAED,IAAI,CAAC,gBAAgB,CAAC,QAAQ,EAAE,SAAS,EAAE,QAAQ,EAAE,WAAW,CAAC,CAAC;IACpE,CAAC;IAED;;;OAGG;IACH,gBAAgB,CACd,MAA2C,EAC3C,SAA8B,EAC9B,QAAyB,EACzB,WAA4B;QAE5B,IAAI,IAAI,CAAC,SAAS;YAAE,OAAO;QAE3B,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC;QACtB,IAAI,CAAC,cAAc,GAAG,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC;QAC9C,MAAM,IAAI,GAAG,IAAI,CAAC;QAElB,MAAM,CAAC,SAAS,CAAC,MAAM,GAAG,KAAK,WAE7B,KAAc,EACd,MAAgB;YAEhB,MAAM,QAAQ,GAAW,IAAI,CAAC,IAAI,IAAI,SAAS,CAAC;YAEhD,2CAA2C;YAC3C,IAAI,QAAQ,KAAK,cAAc,EAAE,CAAC;gBAChC,OAAO,IAAI,CAAC,cAAe,CAAC,IAAI,CAAC,IAAI,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;YACxD,CAAC;YAED,sCAAsC;YACtC,MAAM,QAAQ,GACZ,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI;gBACzC,CAAC,CAAE,KAAiC;gBACpC,CAAC,CAAC,EAAE,GAAG,EAAE,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;YAE7B,MAAM,QAAQ,GAAqB;gBACjC,QAAQ;gBACR,QAAQ;gBACR,SAAS,EAAE,EAAE;gBACb,WAAW,EAAE,KAAK;gBAClB,WAAW,EAAE,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;aACpD,CAAC;YAEF,4BAA4B;YAC5B,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,gBAAgB,CAAC,QAAQ,CAAC,CAAC;YAE1D,qCAAqC;YACrC,QAAQ,CAAC,KAAK,CAAC,QAAQ,CAAC,mBAAmB,CAAC,MAAM,EAAE,oBAAoB,CAAC,CAAC,CAAC;YAC3E,QAAQ,CAAC,KAAK,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;YAEjC,UAAU;YACV,IAAI,MAAM,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACjC,MAAM,OAAO,GAAG,MAAM,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBAElE,IAAI,WAAW,KAAK,OAAO,EAAE,CAAC;oBAC5B,MAAM,IAAI,KAAK,CAAC,sBAAsB,QAAQ,MAAM,OAAO,EAAE,CAAC,CAAC;gBACjE,CAAC;gBACD,IAAI,WAAW,KAAK,MAAM,EAAE,CAAC;oBAC3B,OAAO,CAAC,IAAI,CAAC,wBAAwB,QAAQ,KAAK,OAAO,EAAE,CAAC,CAAC;gBAC/D,CAAC;gBACD,8BAA8B;YAChC,CAAC;YAED,2BAA2B;YAC3B,OAAO,IAAI,CAAC,cAAe,CAAC,IAAI,CAAC,IAAI,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;QACxD,CAAC,CAAC;QAEF,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC;IACxB,CAAC;IAKD,sDAAsD;IACtD,SAAS;QACP,IAAI,CAAC,IAAI,CAAC,SAAS,IAAI,CAAC,IAAI,CAAC,cAAc;YAAE,OAAO;QAEpD,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,IAAI,CAAC,GAAG,EAAE;YACnC,IAAI,CAAC;gBAAC,OAAO,OAAO,CAAC,uBAAuB,CAAC,CAAC,QAAQ,CAAC;YAAC,CAAC;YAAC,MAAM,CAAC;gBAAC,OAAO,IAAI,CAAC;YAAC,CAAC;QAClF,CAAC,CAAC,EAAE,CAAC;QAEL,IAAI,MAAM,EAAE,CAAC;YACX,MAAM,CAAC,SAAS,CAAC,MAAM,GAAG,IAAI,CAAC,cAAc,CAAC;QAChD,CAAC;QAED,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC;QAC3B,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC;QACpB,IAAI,CAAC,SAAS,GAAG,KAAK,CAAC;IACzB,CAAC;IAED,mDAAmD;IACnD,WAAW;QACT,OAAO,IAAI,CAAC,SAAS,CAAC;IACxB,CAAC;CACF;AAvHD,wDAuHC"}

package/dist/lib/sidecar/types.d.ts

@@ -36,7 +36,10 @@ export declare enum SidecarEventType {
     CONTENT_FILTERED = "content_filtered",
     PROMPT_INJECTION = "prompt_injection",
     WORKFLOW_BLOCKED = "workflow_blocked",
-    TOOL_VALIDATION = "tool_validation"
+    TOOL_VALIDATION = "tool_validation",
+    TOOL_CALL_APPROVED = "tool_call_approved",
+    TOOL_CALL_DENIED = "tool_call_denied",
+    TOOL_CALL_WARNED = "tool_call_warned"
 }
 /** A single event sent to the platform via /api/v1/events/batch. */
 export interface SidecarEvent {
@@ -71,4 +74,39 @@ export interface EvaluatorConfig {
     inlineCedarDsl?: string;
     policyCacheTtlMs: number;
 }
+/** A proposed tool call submitted to the policy gate. */
+export interface ToolCallProposal {
+    toolName: string;
+    toolArgs: Record<string, unknown>;
+    reasoning: string;
+    containsPii: boolean;
+    dataSummary: string;
+}
+/** Result of a policy gate evaluation. */
+export interface PolicyGateResult extends EvaluationResult {
+    proposal: ToolCallProposal;
+    brainAnalysis?: BrainAnalysis;
+    policySummaries: string[];
+}
+/** Result from the AI-powered brain mode evaluation. */
+export interface BrainAnalysis {
+    decision: 'allow' | 'deny' | 'warn';
+    reasoning: string;
+    confidence: number;
+    flaggedConcerns: string[];
+    durationMs: number;
+}
+/** Configuration for brain mode. */
+export interface BrainModeConfig {
+    enabled: boolean;
+    model?: string;
+    maxTokens?: number;
+    temperature?: number;
+}
+/** Extended evaluator config for the policy gate. */
+export interface PolicyGateConfig extends EvaluatorConfig {
+    brainMode: BrainModeConfig;
+    brainApiKey?: string;
+    brainBaseUrl?: string;
+}
 //# sourceMappingURL=types.d.ts.map

package/dist/lib/sidecar/types.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../lib/sidecar/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,2EAA2E;AAC3E,MAAM,MAAM,eAAe,GAAG,KAAK,GAAG,MAAM,GAAG,OAAO,CAAC;AAEvD,yCAAyC;AACzC,MAAM,MAAM,YAAY,GAAG,UAAU,GAAG,QAAQ,CAAC;AAEjD,6CAA6C;AAC7C,MAAM,MAAM,iBAAiB,GAAG,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;AAEvE,iCAAiC;AACjC,MAAM,WAAW,SAAS;IACxB,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,iBAAiB,CAAC;CAC7B;AAED,mEAAmE;AACnE,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,OAAO,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;CACrB;AAED,6DAA6D;AAC7D,MAAM,WAAW,gBAAgB;IAC/B,OAAO,EAAE,OAAO,CAAC;IACjB,WAAW,EAAE,eAAe,CAAC;IAC7B,UAAU,EAAE,SAAS,EAAE,CAAC;IACxB,MAAM,EAAE,WAAW,EAAE,CAAC;IACtB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,oDAAoD;AACpD,oBAAY,gBAAgB;IAC1B,iBAAiB,sBAAsB;IACvC,YAAY,iBAAiB;IAC7B,gBAAgB,qBAAqB;IACrC,gBAAgB,qBAAqB;IACrC,gBAAgB,qBAAqB;IACrC,eAAe,oBAAoB;CACpC;AAED,oEAAoE;AACpE,MAAM,WAAW,YAAY;IAC3B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,gBAAgB,CAAC;IACvB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACjC,MAAM,EAAE,OAAO,GAAG,MAAM,GAAG,MAAM,CAAC;IAClC,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,8CAA8C;AAC9C,MAAM,WAAW,WAAW;IAC1B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,OAAO,CAAC;IACjB,gBAAgB,EAAE,eAAe,CAAC;CACnC;AAED,8CAA8C;AAC9C,MAAM,WAAW,eAAe;IAC9B,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,EAAE,MAAM,CAAC;IACf,eAAe,EAAE,eAAe,CAAC;IACjC,YAAY,EAAE,YAAY,CAAC;IAC3B,SAAS,EAAE,MAAM,CAAC;IAClB,kBAAkB,EAAE,OAAO,CAAC;IAC5B,mBAAmB,EAAE,OAAO,CAAC;IAC7B,qBAAqB,EAAE,OAAO,CAAC;IAC/B,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,gBAAgB,EAAE,MAAM,CAAC;CAC1B"}
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../lib/sidecar/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,2EAA2E;AAC3E,MAAM,MAAM,eAAe,GAAG,KAAK,GAAG,MAAM,GAAG,OAAO,CAAC;AAEvD,yCAAyC;AACzC,MAAM,MAAM,YAAY,GAAG,UAAU,GAAG,QAAQ,CAAC;AAEjD,6CAA6C;AAC7C,MAAM,MAAM,iBAAiB,GAAG,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;AAEvE,iCAAiC;AACjC,MAAM,WAAW,SAAS;IACxB,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,iBAAiB,CAAC;CAC7B;AAED,mEAAmE;AACnE,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,OAAO,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;CACrB;AAED,6DAA6D;AAC7D,MAAM,WAAW,gBAAgB;IAC/B,OAAO,EAAE,OAAO,CAAC;IACjB,WAAW,EAAE,eAAe,CAAC;IAC7B,UAAU,EAAE,SAAS,EAAE,CAAC;IACxB,MAAM,EAAE,WAAW,EAAE,CAAC;IACtB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,oDAAoD;AACpD,oBAAY,gBAAgB;IAC1B,iBAAiB,sBAAsB;IACvC,YAAY,iBAAiB;IAC7B,gBAAgB,qBAAqB;IACrC,gBAAgB,qBAAqB;IACrC,gBAAgB,qBAAqB;IACrC,eAAe,oBAAoB;IACnC,kBAAkB,uBAAuB;IACzC,gBAAgB,qBAAqB;IACrC,gBAAgB,qBAAqB;CACtC;AAED,oEAAoE;AACpE,MAAM,WAAW,YAAY;IAC3B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,gBAAgB,CAAC;IACvB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACjC,MAAM,EAAE,OAAO,GAAG,MAAM,GAAG,MAAM,CAAC;IAClC,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,8CAA8C;AAC9C,MAAM,WAAW,WAAW;IAC1B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,OAAO,CAAC;IACjB,gBAAgB,EAAE,eAAe,CAAC;CACnC;AAED,8CAA8C;AAC9C,MAAM,WAAW,eAAe;IAC9B,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,EAAE,MAAM,CAAC;IACf,eAAe,EAAE,eAAe,CAAC;IACjC,YAAY,EAAE,YAAY,CAAC;IAC3B,SAAS,EAAE,MAAM,CAAC;IAClB,kBAAkB,EAAE,OAAO,CAAC;IAC5B,mBAAmB,EAAE,OAAO,CAAC;IAC7B,qBAAqB,EAAE,OAAO,CAAC;IAC/B,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,gBAAgB,EAAE,MAAM,CAAC;CAC1B;AAID,yDAAyD;AACzD,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAClC,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,OAAO,CAAC;IACrB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,0CAA0C;AAC1C,MAAM,WAAW,gBAAiB,SAAQ,gBAAgB;IACxD,QAAQ,EAAE,gBAAgB,CAAC;IAC3B,aAAa,CAAC,EAAE,aAAa,CAAC;IAC9B,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AAED,wDAAwD;AACxD,MAAM,WAAW,aAAa;IAC5B,QAAQ,EAAE,OAAO,GAAG,MAAM,GAAG,MAAM,CAAC;IACpC,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,oCAAoC;AACpC,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,OAAO,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,qDAAqD;AACrD,MAAM,WAAW,gBAAiB,SAAQ,eAAe;IACvD,SAAS,EAAE,eAAe,CAAC;IAC3B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB"}