opalserve 0.1.2 → 2.0.0

package/dist/governance/policy.js

@@ -1,162 +0,0 @@
-export class PolicyEngine {
-    policies = new Map();
-    auditCallback;
-    setAuditCallback(callback) {
-        this.auditCallback = callback;
-    }
-    registerPolicy(policy) {
-        policy.rules.sort((a, b) => b.priority - a.priority);
-        this.policies.set(policy.id, policy);
-    }
-    getPolicy(id) {
-        return this.policies.get(id);
-    }
-    getAllPolicies() {
-        return Array.from(this.policies.values());
-    }
-    deletePolicy(id) {
-        return this.policies.delete(id);
-    }
-    evaluate(context) {
-        const auditEvents = [];
-        const matchedRules = [];
-        for (const policy of this.policies.values()) {
-            if (!policy.enabled)
-                continue;
-            for (const rule of policy.rules) {
-                if (!rule.enabled)
-                    continue;
-                const matches = this.evaluateConditions(rule.conditions, context);
-                if (matches) {
-                    matchedRules.push(rule);
-                    if (policy.auditEnabled && this.auditCallback) {
-                        auditEvents.push({
-                            type: 'admin.action',
-                            requestId: context.requestId || `policy-${Date.now()}`,
-                            agentId: context.agentId,
-                            agentName: context.agentName,
-                            action: `policy:${policy.name}:${rule.name}`,
-                            result: rule.effect === 'allow' ? 'success' : rule.effect === 'deny' ? 'denied' : 'success',
-                            metadata: { policyId: policy.id, ruleId: rule.id },
-                            context: {},
-                        });
-                    }
-                    if (rule.effect === 'deny') {
-                        return { allowed: false, matchedRules, auditEvents };
-                    }
-                    if (rule.effect === 'allow') {
-                        return { allowed: true, matchedRules, auditEvents };
-                    }
-                }
-            }
-            if (matchedRules.length === 0) {
-                return {
-                    allowed: policy.defaultEffect === 'allow',
-                    matchedRules: [],
-                    auditEvents,
-                };
-            }
-        }
-        return { allowed: true, matchedRules, auditEvents };
-    }
-    evaluateConditions(conditions, context) {
-        if (conditions.length === 0)
-            return true;
-        return conditions.every(condition => {
-            const value = this.getNestedValue(context, condition.field);
-            return this.evaluateOperator(condition.operator, value, condition.value);
-        });
-    }
-    getNestedValue(obj, path) {
-        const keys = path.split('.');
-        let current = obj;
-        for (const key of keys) {
-            if (current === null || current === undefined)
-                return undefined;
-            current = current[key];
-        }
-        return current;
-    }
-    evaluateOperator(operator, actual, expected) {
-        switch (operator) {
-            case 'equals':
-                return actual === expected;
-            case 'not_equals':
-                return actual !== expected;
-            case 'contains':
-                return typeof actual === 'string' && typeof expected === 'string' && actual.includes(expected);
-            case 'not_contains':
-                return typeof actual === 'string' && typeof expected === 'string' && !actual.includes(expected);
-            case 'in':
-                return Array.isArray(expected) && expected.includes(actual);
-            case 'not_in':
-                return Array.isArray(expected) && !expected.includes(actual);
-            case 'greater_than':
-                return typeof actual === 'number' && typeof expected === 'number' && actual > expected;
-            case 'less_than':
-                return typeof actual === 'number' && typeof expected === 'number' && actual < expected;
-            default:
-                return false;
-        }
-    }
-    createDefaultPolicies() {
-        const highValueToolsPolicy = {
-            id: 'high-value-tools',
-            name: 'High-Value Tool Protection',
-            description: 'Protect sensitive tools requiring additional verification',
-            version: '1.0.0',
-            enabled: true,
-            rules: [
-                {
-                    id: 'deny-database-write',
-                    name: 'Deny Database Writes',
-                    description: 'Block write operations to production databases',
-                    enabled: true,
-                    priority: 100,
-                    conditions: [
-                        { field: 'tool.capabilities', operator: 'contains', value: 'write' },
-                        { field: 'tool.serverName', operator: 'contains', value: 'postgres' },
-                    ],
-                    effect: 'deny',
-                    actions: ['notify-admin'],
-                    metadata: {},
-                },
-            ],
-            defaultEffect: 'allow',
-            auditEnabled: true,
-            complianceFrameworks: ['SOC2', 'GDPR'],
-            createdAt: new Date().toISOString(),
-            updatedAt: new Date().toISOString(),
-        };
-        const trustLevelPolicy = {
-            id: 'trust-level-access',
-            name: 'Trust Level Access Control',
-            description: 'Restrict access based on identity trust level',
-            version: '1.0.0',
-            enabled: true,
-            rules: [
-                {
-                    id: 'low-trust-limited-tools',
-                    name: 'Low Trust Limited Access',
-                    description: 'Limit tools for low-trust identities',
-                    enabled: true,
-                    priority: 50,
-                    conditions: [
-                        { field: 'identity.trustLevel', operator: 'in', value: ['untrusted', 'low'] },
-                    ],
-                    effect: 'deny',
-                    actions: ['require-reapproval'],
-                    metadata: {},
-                },
-            ],
-            defaultEffect: 'allow',
-            auditEnabled: true,
-            complianceFrameworks: ['ISO27001'],
-            createdAt: new Date().toISOString(),
-            updatedAt: new Date().toISOString(),
-        };
-        this.registerPolicy(highValueToolsPolicy);
-        this.registerPolicy(trustLevelPolicy);
-    }
-}
-//# sourceMappingURL=policy.js.map

package/dist/governance/policy.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"policy.js","sourceRoot":"","sources":["../../src/governance/policy.ts"],"names":[],"mappings":"AAEA,MAAM,OAAO,YAAY;IACf,QAAQ,GAAkC,IAAI,GAAG,EAAE,CAAC;IACpD,aAAa,CAAyD;IAE9E,gBAAgB,CAAC,QAA+D;QAC9E,IAAI,CAAC,aAAa,GAAG,QAAQ,CAAC;IAChC,CAAC;IAED,cAAc,CAAC,MAAwB;QACrC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,GAAG,CAAC,CAAC,QAAQ,CAAC,CAAC;QACrD,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,EAAE,MAAM,CAAC,CAAC;IACvC,CAAC;IAED,SAAS,CAAC,EAAU;QAClB,OAAO,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAC/B,CAAC;IAED,cAAc;QACZ,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;IAC5C,CAAC;IAED,YAAY,CAAC,EAAU;QACrB,OAAO,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;IAClC,CAAC;IAED,QAAQ,CAAC,OAAgC;QAKvC,MAAM,WAAW,GAA2C,EAAE,CAAC;QAC/D,MAAM,YAAY,GAAiB,EAAE,CAAC;QAEtC,KAAK,MAAM,MAAM,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,EAAE,CAAC;YAC5C,IAAI,CAAC,MAAM,CAAC,OAAO;gBAAE,SAAS;YAE9B,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;gBAChC,IAAI,CAAC,IAAI,CAAC,OAAO;oBAAE,SAAS;gBAE5B,MAAM,OAAO,GAAG,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;gBAElE,IAAI,OAAO,EAAE,CAAC;oBACZ,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;oBAExB,IAAI,MAAM,CAAC,YAAY,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;wBAC9C,WAAW,CAAC,IAAI,CAAC;4BACf,IAAI,EAAE,cAAc;4BACpB,SAAS,EAAE,OAAO,CAAC,SAAmB,IAAI,UAAU,IAAI,CAAC,GAAG,EAAE,EAAE;4BAChE,OAAO,EAAE,OAAO,CAAC,OAAiB;4BAClC,SAAS,EAAE,OAAO,CAAC,SAAmB;4BACtC,MAAM,EAAE,UAAU,MAAM,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,EAAE;4BAC5C,MAAM,EAAE,IAAI,CAAC,MAAM,KAAK,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,KAAK,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS;4BAC3F,QAAQ,EAAE,EAAE,QAAQ,EAAE,MAAM,CAAC,EAAE,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,EAAE;4BAClD,OAAO,EAAE,EAAE;yBACZ,CAAC,CAAC;oBACL,CAAC;oBAED,IAAI,IAAI,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;wBAC3B,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,YAAY,EAAE,WAAW,EAAE,CAAC;oBACvD,CAAC;oBAED,IAAI,IAAI,CAAC,MAAM,KAAK,OAAO,EAAE,CAAC;wBAC5B,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,YAAY,EAAE,WAAW,EAAE,CAAC;oBACtD,CAAC;gBACH,CAAC;YACH,CAAC;YAED,IAAI,YAAY,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBAC9B,OAAO;oBACL,OAAO,EAAE,MAAM,CAAC,aAAa,KAAK,OAAO;oBACzC,YAAY,EAAE,EAAE;oBAChB,WAAW;iBACZ,CAAC;YACJ,CAAC;QACH,CAAC;QAED,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,YAAY,EAAE,WAAW,EAAE,CAAC;IACtD,CAAC;IAEO,kBAAkB,CAAC,UAAoC,EAAE,OAAgC;QAC/F,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,IAAI,CAAC;QAEzC,OAAO,UAAU,CAAC,KAAK,CAAC,SAAS,CAAC,EAAE;YAClC,MAAM,KAAK,GAAG,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,SAAS,CAAC,KAAK,CAAC,CAAC;YAC5D,OAAO,IAAI,CAAC,gBAAgB,CAAC,SAAS,CAAC,QAAQ,EAAE,KAAK,EAAE,SAAS,CAAC,KAAK,CAAC,CAAC;QAC3E,CAAC,CAAC,CAAC;IACL,CAAC;IAEO,cAAc,CAAC,GAA4B,EAAE,IAAY;QAC/D,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC7B,IAAI,OAAO,GAAY,GAAG,CAAC;QAE3B,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;YACvB,IAAI,OAAO,KAAK,IAAI,IAAI,OAAO,KAAK,SAAS;gBAAE,OAAO,SAAS,CAAC;YAChE,OAAO,GAAI,OAAmC,CAAC,GAAG,CAAC,CAAC;QACtD,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;IAEO,gBAAgB,CAAC,QAAiD,EAAE,MAAe,EAAE,QAAiB;QAC5G,QAAQ,QAAQ,EAAE,CAAC;YACjB,KAAK,QAAQ;gBACX,OAAO,MAAM,KAAK,QAAQ,CAAC;YAC7B,KAAK,YAAY;gBACf,OAAO,MAAM,KAAK,QAAQ,CAAC;YAC7B,KAAK,UAAU;gBACb,OAAO,OAAO,MAAM,KAAK,QAAQ,IAAI,OAAO,QAAQ,KAAK,QAAQ,IAAI,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;YACjG,KAAK,cAAc;gBACjB,OAAO,OAAO,MAAM,KAAK,QAAQ,IAAI,OAAO,QAAQ,KAAK,QAAQ,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;YAClG,KAAK,IAAI;gBACP,OAAO,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;YAC9D,KAAK,QAAQ;gBACX,OAAO,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;YAC/D,KAAK,cAAc;gBACjB,OAAO,OAAO,MAAM,KAAK,QAAQ,IAAI,OAAO,QAAQ,KAAK,QAAQ,IAAI,MAAM,GAAG,QAAQ,CAAC;YACzF,KAAK,WAAW;gBACd,OAAO,OAAO,MAAM,KAAK,QAAQ,IAAI,OAAO,QAAQ,KAAK,QAAQ,IAAI,MAAM,GAAG,QAAQ,CAAC;YACzF;gBACE,OAAO,KAAK,CAAC;QACjB,CAAC;IACH,CAAC;IAED,qBAAqB;QACnB,MAAM,oBAAoB,GAAqB;YAC7C,EAAE,EAAE,kBAAkB;YACtB,IAAI,EAAE,4BAA4B;YAClC,WAAW,EAAE,2DAA2D;YACxE,OAAO,EAAE,OAAO;YAChB,OAAO,EAAE,IAAI;YACb,KAAK,EAAE;gBACL;oBACE,EAAE,EAAE,qBAAqB;oBACzB,IAAI,EAAE,sBAAsB;oBAC5B,WAAW,EAAE,gDAAgD;oBAC7D,OAAO,EAAE,IAAI;oBACb,QAAQ,EAAE,GAAG;oBACb,UAAU,EAAE;wBACV,EAAE,KAAK,EAAE,mBAAmB,EAAE,QAAQ,EAAE,UAAU,EAAE,KAAK,EAAE,OAAO,EAAE;wBACpE,EAAE,KAAK,EAAE,iBAAiB,EAAE,QAAQ,EAAE,UAAU,EAAE,KAAK,EAAE,UAAU,EAAE;qBACtE;oBACD,MAAM,EAAE,MAAM;oBACd,OAAO,EAAE,CAAC,cAAc,CAAC;oBACzB,QAAQ,EAAE,EAAE;iBACb;aACF;YACD,aAAa,EAAE,OAAO;YACtB,YAAY,EAAE,IAAI;YAClB,oBAAoB,EAAE,CAAC,MAAM,EAAE,MAAM,CAAC;YACtC,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACpC,CAAC;QAEF,MAAM,gBAAgB,GAAqB;YACzC,EAAE,EAAE,oBAAoB;YACxB,IAAI,EAAE,4BAA4B;YAClC,WAAW,EAAE,+CAA+C;YAC5D,OAAO,EAAE,OAAO;YAChB,OAAO,EAAE,IAAI;YACb,KAAK,EAAE;gBACL;oBACE,EAAE,EAAE,yBAAyB;oBAC7B,IAAI,EAAE,0BAA0B;oBAChC,WAAW,EAAE,sCAAsC;oBACnD,OAAO,EAAE,IAAI;oBACb,QAAQ,EAAE,EAAE;oBACZ,UAAU,EAAE;wBACV,EAAE,KAAK,EAAE,qBAAqB,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,WAAW,EAAE,KAAK,CAAC,EAAE;qBAC9E;oBACD,MAAM,EAAE,MAAM;oBACd,OAAO,EAAE,CAAC,oBAAoB,CAAC;oBAC/B,QAAQ,EAAE,EAAE;iBACb;aACF;YACD,aAAa,EAAE,OAAO;YACtB,YAAY,EAAE,IAAI;YAClB,oBAAoB,EAAE,CAAC,UAAU,CAAC;YAClC,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACpC,CAAC;QAEF,IAAI,CAAC,cAAc,CAAC,oBAAoB,CAAC,CAAC;QAC1C,IAAI,CAAC,cAAc,CAAC,gBAAgB,CAAC,CAAC;IACxC,CAAC;CACF"}

package/dist/governance/rate-limiter.d.ts

@@ -1,20 +0,0 @@
-import type { RateLimitState } from './types.js';
-export interface RateLimitConfig {
-    windowMs: number;
-    maxRequests: number;
-    blockDurationMs: number;
-}
-export declare class RateLimiter {
-    private states;
-    private configs;
-    configure(identityId: string, config: RateLimitConfig): void;
-    check(identityId: string): {
-        allowed: boolean;
-        remaining: number;
-        resetAt: number;
-    };
-    reset(identityId: string): void;
-    getState(identityId: string): RateLimitState | undefined;
-    cleanup(maxAgeMs: number): number;
-}
-//# sourceMappingURL=rate-limiter.d.ts.map

package/dist/governance/rate-limiter.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"rate-limiter.d.ts","sourceRoot":"","sources":["../../src/governance/rate-limiter.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAEjD,MAAM,WAAW,eAAe;IAC9B,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe,EAAE,MAAM,CAAC;CACzB;AAED,qBAAa,WAAW;IACtB,OAAO,CAAC,MAAM,CAA0C;IACxD,OAAO,CAAC,OAAO,CAA2C;IAE1D,SAAS,CAAC,UAAU,EAAE,MAAM,EAAE,MAAM,EAAE,eAAe,GAAG,IAAI;IAI5D,KAAK,CAAC,UAAU,EAAE,MAAM,GAAG;QAAE,OAAO,EAAE,OAAO,CAAC;QAAC,SAAS,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE;IAyDnF,KAAK,CAAC,UAAU,EAAE,MAAM,GAAG,IAAI;IAI/B,QAAQ,CAAC,UAAU,EAAE,MAAM,GAAG,cAAc,GAAG,SAAS;IAIxD,OAAO,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM;CAalC"}

package/dist/governance/rate-limiter.js

@@ -1,73 +0,0 @@
-export class RateLimiter {
-    states = new Map();
-    configs = new Map();
-    configure(identityId, config) {
-        this.configs.set(identityId, config);
-    }
-    check(identityId) {
-        const config = this.configs.get(identityId);
-        if (!config) {
-            return { allowed: true, remaining: -1, resetAt: 0 };
-        }
-        const now = Date.now();
-        let state = this.states.get(identityId);
-        if (!state || now - state.windowStart >= config.windowMs) {
-            state = {
-                identityId,
-                windowStart: now,
-                count: 0,
-                blocked: false,
-                blockedUntil: null,
-            };
-            this.states.set(identityId, state);
-        }
-        if (state.blocked && state.blockedUntil && now < state.blockedUntil) {
-            return {
-                allowed: false,
-                remaining: 0,
-                resetAt: state.blockedUntil,
-            };
-        }
-        if (state.blocked && state.blockedUntil && now >= state.blockedUntil) {
-            state.blocked = false;
-            state.blockedUntil = null;
-            state.windowStart = now;
-            state.count = 0;
-        }
-        state.count++;
-        this.states.set(identityId, state);
-        if (state.count > config.maxRequests) {
-            state.blocked = true;
-            state.blockedUntil = now + config.blockDurationMs;
-            this.states.set(identityId, state);
-            return {
-                allowed: false,
-                remaining: 0,
-                resetAt: state.blockedUntil,
-            };
-        }
-        return {
-            allowed: true,
-            remaining: config.maxRequests - state.count,
-            resetAt: state.windowStart + config.windowMs,
-        };
-    }
-    reset(identityId) {
-        this.states.delete(identityId);
-    }
-    getState(identityId) {
-        return this.states.get(identityId);
-    }
-    cleanup(maxAgeMs) {
-        const now = Date.now();
-        let cleaned = 0;
-        for (const [identityId, state] of this.states.entries()) {
-            if (now - state.windowStart > maxAgeMs && !state.blocked) {
-                this.states.delete(identityId);
-                cleaned++;
-            }
-        }
-        return cleaned;
-    }
-}
-//# sourceMappingURL=rate-limiter.js.map

package/dist/governance/rate-limiter.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"rate-limiter.js","sourceRoot":"","sources":["../../src/governance/rate-limiter.ts"],"names":[],"mappings":"AAQA,MAAM,OAAO,WAAW;IACd,MAAM,GAAgC,IAAI,GAAG,EAAE,CAAC;IAChD,OAAO,GAAiC,IAAI,GAAG,EAAE,CAAC;IAE1D,SAAS,CAAC,UAAkB,EAAE,MAAuB;QACnD,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;IACvC,CAAC;IAED,KAAK,CAAC,UAAkB;QACtB,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QAC5C,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC,CAAC,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC;QACtD,CAAC;QAED,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,IAAI,KAAK,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QAExC,IAAI,CAAC,KAAK,IAAI,GAAG,GAAG,KAAK,CAAC,WAAW,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;YACzD,KAAK,GAAG;gBACN,UAAU;gBACV,WAAW,EAAE,GAAG;gBAChB,KAAK,EAAE,CAAC;gBACR,OAAO,EAAE,KAAK;gBACd,YAAY,EAAE,IAAI;aACnB,CAAC;YACF,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC;QACrC,CAAC;QAED,IAAI,KAAK,CAAC,OAAO,IAAI,KAAK,CAAC,YAAY,IAAI,GAAG,GAAG,KAAK,CAAC,YAAY,EAAE,CAAC;YACpE,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,SAAS,EAAE,CAAC;gBACZ,OAAO,EAAE,KAAK,CAAC,YAAY;aAC5B,CAAC;QACJ,CAAC;QAED,IAAI,KAAK,CAAC,OAAO,IAAI,KAAK,CAAC,YAAY,IAAI,GAAG,IAAI,KAAK,CAAC,YAAY,EAAE,CAAC;YACrE,KAAK,CAAC,OAAO,GAAG,KAAK,CAAC;YACtB,KAAK,CAAC,YAAY,GAAG,IAAI,CAAC;YAC1B,KAAK,CAAC,WAAW,GAAG,GAAG,CAAC;YACxB,KAAK,CAAC,KAAK,GAAG,CAAC,CAAC;QAClB,CAAC;QAED,KAAK,CAAC,KAAK,EAAE,CAAC;QACd,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC;QAEnC,IAAI,KAAK,CAAC,KAAK,GAAG,MAAM,CAAC,WAAW,EAAE,CAAC;YACrC,KAAK,CAAC,OAAO,GAAG,IAAI,CAAC;YACrB,KAAK,CAAC,YAAY,GAAG,GAAG,GAAG,MAAM,CAAC,eAAe,CAAC;YAClD,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC;YAEnC,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,SAAS,EAAE,CAAC;gBACZ,OAAO,EAAE,KAAK,CAAC,YAAY;aAC5B,CAAC;QACJ,CAAC;QAED,OAAO;YACL,OAAO,EAAE,IAAI;YACb,SAAS,EAAE,MAAM,CAAC,WAAW,GAAG,KAAK,CAAC,KAAK;YAC3C,OAAO,EAAE,KAAK,CAAC,WAAW,GAAG,MAAM,CAAC,QAAQ;SAC7C,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,UAAkB;QACtB,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;IACjC,CAAC;IAED,QAAQ,CAAC,UAAkB;QACzB,OAAO,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IACrC,CAAC;IAED,OAAO,CAAC,QAAgB;QACtB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,IAAI,OAAO,GAAG,CAAC,CAAC;QAEhB,KAAK,MAAM,CAAC,UAAU,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,EAAE,CAAC;YACxD,IAAI,GAAG,GAAG,KAAK,CAAC,WAAW,GAAG,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC;gBACzD,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;gBAC/B,OAAO,EAAE,CAAC;YACZ,CAAC;QACH,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;CACF"}

package/dist/governance/types.d.ts

@@ -1,246 +0,0 @@
-import { z } from 'zod';
-export declare const AuditEventTypeSchema: z.ZodEnum<["identity.created", "identity.updated", "identity.deleted", "identity.authenticated", "identity.auth_failed", "tool.accessed", "tool.executed", "tool.denied", "tool.error", "server.registered", "server.deregistered", "server.health_check", "workflow.created", "workflow.executed", "workflow.failed", "workflow.completed", "permission.checked", "permission.denied", "rate_limit.exceeded", "token.issued", "token.revoked", "admin.action"]>;
-export declare const AuditEventSchema: z.ZodObject<{
-    id: z.ZodString;
-    type: z.ZodEnum<["identity.created", "identity.updated", "identity.deleted", "identity.authenticated", "identity.auth_failed", "tool.accessed", "tool.executed", "tool.denied", "tool.error", "server.registered", "server.deregistered", "server.health_check", "workflow.created", "workflow.executed", "workflow.failed", "workflow.completed", "permission.checked", "permission.denied", "rate_limit.exceeded", "token.issued", "token.revoked", "admin.action"]>;
-    timestamp: z.ZodString;
-    agentId: z.ZodOptional<z.ZodString>;
-    agentName: z.ZodOptional<z.ZodString>;
-    sessionId: z.ZodOptional<z.ZodString>;
-    requestId: z.ZodString;
-    ipAddress: z.ZodOptional<z.ZodString>;
-    userAgent: z.ZodOptional<z.ZodString>;
-    resourceType: z.ZodOptional<z.ZodString>;
-    resourceId: z.ZodOptional<z.ZodString>;
-    action: z.ZodString;
-    result: z.ZodEnum<["success", "denied", "error"]>;
-    reason: z.ZodOptional<z.ZodString>;
-    metadata: z.ZodDefault<z.ZodRecord<z.ZodString, z.ZodAny>>;
-    context: z.ZodDefault<z.ZodRecord<z.ZodString, z.ZodAny>>;
-}, "strip", z.ZodTypeAny, {
-    id: string;
-    type: "identity.created" | "identity.updated" | "identity.deleted" | "identity.authenticated" | "identity.auth_failed" | "tool.accessed" | "tool.executed" | "tool.denied" | "tool.error" | "server.registered" | "server.deregistered" | "server.health_check" | "workflow.created" | "workflow.executed" | "workflow.failed" | "workflow.completed" | "permission.checked" | "permission.denied" | "rate_limit.exceeded" | "token.issued" | "token.revoked" | "admin.action";
-    metadata: Record<string, any>;
-    context: Record<string, any>;
-    result: "error" | "success" | "denied";
-    timestamp: string;
-    requestId: string;
-    action: string;
-    agentId?: string | undefined;
-    agentName?: string | undefined;
-    sessionId?: string | undefined;
-    ipAddress?: string | undefined;
-    userAgent?: string | undefined;
-    resourceType?: string | undefined;
-    resourceId?: string | undefined;
-    reason?: string | undefined;
-}, {
-    id: string;
-    type: "identity.created" | "identity.updated" | "identity.deleted" | "identity.authenticated" | "identity.auth_failed" | "tool.accessed" | "tool.executed" | "tool.denied" | "tool.error" | "server.registered" | "server.deregistered" | "server.health_check" | "workflow.created" | "workflow.executed" | "workflow.failed" | "workflow.completed" | "permission.checked" | "permission.denied" | "rate_limit.exceeded" | "token.issued" | "token.revoked" | "admin.action";
-    result: "error" | "success" | "denied";
-    timestamp: string;
-    requestId: string;
-    action: string;
-    metadata?: Record<string, any> | undefined;
-    agentId?: string | undefined;
-    context?: Record<string, any> | undefined;
-    agentName?: string | undefined;
-    sessionId?: string | undefined;
-    ipAddress?: string | undefined;
-    userAgent?: string | undefined;
-    resourceType?: string | undefined;
-    resourceId?: string | undefined;
-    reason?: string | undefined;
-}>;
-export declare const PolicyRuleSchema: z.ZodObject<{
-    id: z.ZodString;
-    name: z.ZodString;
-    description: z.ZodOptional<z.ZodString>;
-    enabled: z.ZodDefault<z.ZodBoolean>;
-    priority: z.ZodDefault<z.ZodNumber>;
-    conditions: z.ZodDefault<z.ZodArray<z.ZodObject<{
-        field: z.ZodString;
-        operator: z.ZodEnum<["equals", "not_equals", "contains", "not_contains", "in", "not_in", "greater_than", "less_than"]>;
-        value: z.ZodUnknown;
-    }, "strip", z.ZodTypeAny, {
-        field: string;
-        operator: "equals" | "greater_than" | "not_equals" | "contains" | "not_contains" | "in" | "not_in" | "less_than";
-        value?: unknown;
-    }, {
-        field: string;
-        operator: "equals" | "greater_than" | "not_equals" | "contains" | "not_contains" | "in" | "not_in" | "less_than";
-        value?: unknown;
-    }>, "many">>;
-    effect: z.ZodEnum<["allow", "deny", "audit", "rate_limit"]>;
-    actions: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
-    metadata: z.ZodDefault<z.ZodRecord<z.ZodString, z.ZodAny>>;
-}, "strip", z.ZodTypeAny, {
-    id: string;
-    name: string;
-    metadata: Record<string, any>;
-    enabled: boolean;
-    priority: number;
-    conditions: {
-        field: string;
-        operator: "equals" | "greater_than" | "not_equals" | "contains" | "not_contains" | "in" | "not_in" | "less_than";
-        value?: unknown;
-    }[];
-    effect: "allow" | "deny" | "audit" | "rate_limit";
-    actions: string[];
-    description?: string | undefined;
-}, {
-    id: string;
-    name: string;
-    effect: "allow" | "deny" | "audit" | "rate_limit";
-    description?: string | undefined;
-    metadata?: Record<string, any> | undefined;
-    enabled?: boolean | undefined;
-    priority?: number | undefined;
-    conditions?: {
-        field: string;
-        operator: "equals" | "greater_than" | "not_equals" | "contains" | "not_contains" | "in" | "not_in" | "less_than";
-        value?: unknown;
-    }[] | undefined;
-    actions?: string[] | undefined;
-}>;
-export declare const GovernancePolicySchema: z.ZodObject<{
-    id: z.ZodString;
-    name: z.ZodString;
-    description: z.ZodString;
-    version: z.ZodDefault<z.ZodString>;
-    enabled: z.ZodDefault<z.ZodBoolean>;
-    rules: z.ZodDefault<z.ZodArray<z.ZodObject<{
-        id: z.ZodString;
-        name: z.ZodString;
-        description: z.ZodOptional<z.ZodString>;
-        enabled: z.ZodDefault<z.ZodBoolean>;
-        priority: z.ZodDefault<z.ZodNumber>;
-        conditions: z.ZodDefault<z.ZodArray<z.ZodObject<{
-            field: z.ZodString;
-            operator: z.ZodEnum<["equals", "not_equals", "contains", "not_contains", "in", "not_in", "greater_than", "less_than"]>;
-            value: z.ZodUnknown;
-        }, "strip", z.ZodTypeAny, {
-            field: string;
-            operator: "equals" | "greater_than" | "not_equals" | "contains" | "not_contains" | "in" | "not_in" | "less_than";
-            value?: unknown;
-        }, {
-            field: string;
-            operator: "equals" | "greater_than" | "not_equals" | "contains" | "not_contains" | "in" | "not_in" | "less_than";
-            value?: unknown;
-        }>, "many">>;
-        effect: z.ZodEnum<["allow", "deny", "audit", "rate_limit"]>;
-        actions: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
-        metadata: z.ZodDefault<z.ZodRecord<z.ZodString, z.ZodAny>>;
-    }, "strip", z.ZodTypeAny, {
-        id: string;
-        name: string;
-        metadata: Record<string, any>;
-        enabled: boolean;
-        priority: number;
-        conditions: {
-            field: string;
-            operator: "equals" | "greater_than" | "not_equals" | "contains" | "not_contains" | "in" | "not_in" | "less_than";
-            value?: unknown;
-        }[];
-        effect: "allow" | "deny" | "audit" | "rate_limit";
-        actions: string[];
-        description?: string | undefined;
-    }, {
-        id: string;
-        name: string;
-        effect: "allow" | "deny" | "audit" | "rate_limit";
-        description?: string | undefined;
-        metadata?: Record<string, any> | undefined;
-        enabled?: boolean | undefined;
-        priority?: number | undefined;
-        conditions?: {
-            field: string;
-            operator: "equals" | "greater_than" | "not_equals" | "contains" | "not_contains" | "in" | "not_in" | "less_than";
-            value?: unknown;
-        }[] | undefined;
-        actions?: string[] | undefined;
-    }>, "many">>;
-    defaultEffect: z.ZodDefault<z.ZodEnum<["allow", "deny"]>>;
-    auditEnabled: z.ZodDefault<z.ZodBoolean>;
-    complianceFrameworks: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
-    createdAt: z.ZodString;
-    updatedAt: z.ZodString;
-}, "strip", z.ZodTypeAny, {
-    id: string;
-    name: string;
-    description: string;
-    createdAt: string;
-    updatedAt: string;
-    version: string;
-    enabled: boolean;
-    rules: {
-        id: string;
-        name: string;
-        metadata: Record<string, any>;
-        enabled: boolean;
-        priority: number;
-        conditions: {
-            field: string;
-            operator: "equals" | "greater_than" | "not_equals" | "contains" | "not_contains" | "in" | "not_in" | "less_than";
-            value?: unknown;
-        }[];
-        effect: "allow" | "deny" | "audit" | "rate_limit";
-        actions: string[];
-        description?: string | undefined;
-    }[];
-    defaultEffect: "allow" | "deny";
-    auditEnabled: boolean;
-    complianceFrameworks: string[];
-}, {
-    id: string;
-    name: string;
-    description: string;
-    createdAt: string;
-    updatedAt: string;
-    version?: string | undefined;
-    enabled?: boolean | undefined;
-    rules?: {
-        id: string;
-        name: string;
-        effect: "allow" | "deny" | "audit" | "rate_limit";
-        description?: string | undefined;
-        metadata?: Record<string, any> | undefined;
-        enabled?: boolean | undefined;
-        priority?: number | undefined;
-        conditions?: {
-            field: string;
-            operator: "equals" | "greater_than" | "not_equals" | "contains" | "not_contains" | "in" | "not_in" | "less_than";
-            value?: unknown;
-        }[] | undefined;
-        actions?: string[] | undefined;
-    }[] | undefined;
-    defaultEffect?: "allow" | "deny" | undefined;
-    auditEnabled?: boolean | undefined;
-    complianceFrameworks?: string[] | undefined;
-}>;
-export type AuditEventType = z.infer<typeof AuditEventTypeSchema>;
-export type AuditEvent = z.infer<typeof AuditEventSchema>;
-export type PolicyRule = z.infer<typeof PolicyRuleSchema>;
-export type GovernancePolicy = z.infer<typeof GovernancePolicySchema>;
-export interface RateLimitState {
-    identityId: string;
-    windowStart: number;
-    count: number;
-    blocked: boolean;
-    blockedUntil: number | null;
-}
-export interface ComplianceReport {
-    generatedAt: string;
-    period: {
-        start: string;
-        end: string;
-    };
-    totalEvents: number;
-    byType: Record<string, number>;
-    byAgent: Record<string, number>;
-    deniedAccess: number;
-    rateLimitExceeded: number;
-    policyViolations: number;
-    recommendations: string[];
-}
-//# sourceMappingURL=types.d.ts.map

package/dist/governance/types.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/governance/types.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,eAAO,MAAM,oBAAoB,kcAuB/B,CAAC;AAEH,eAAO,MAAM,gBAAgB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAiB3B,CAAC;AAEH,eAAO,MAAM,gBAAgB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAc3B,CAAC;AAEH,eAAO,MAAM,sBAAsB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAYjC,CAAC;AAEH,MAAM,MAAM,cAAc,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,oBAAoB,CAAC,CAAC;AAClE,MAAM,MAAM,UAAU,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,gBAAgB,CAAC,CAAC;AAC1D,MAAM,MAAM,UAAU,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,gBAAgB,CAAC,CAAC;AAC1D,MAAM,MAAM,gBAAgB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,sBAAsB,CAAC,CAAC;AAEtE,MAAM,WAAW,cAAc;IAC7B,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,EAAE,MAAM,CAAC;IACpB,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,OAAO,CAAC;IACjB,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;CAC7B;AAED,MAAM,WAAW,gBAAgB;IAC/B,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,EAAE;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,GAAG,EAAE,MAAM,CAAA;KAAE,CAAC;IACvC,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC/B,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAChC,YAAY,EAAE,MAAM,CAAC;IACrB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,gBAAgB,EAAE,MAAM,CAAC;IACzB,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B"}

package/dist/governance/types.js

@@ -1,72 +0,0 @@
-import { z } from 'zod';
-export const AuditEventTypeSchema = z.enum([
-    'identity.created',
-    'identity.updated',
-    'identity.deleted',
-    'identity.authenticated',
-    'identity.auth_failed',
-    'tool.accessed',
-    'tool.executed',
-    'tool.denied',
-    'tool.error',
-    'server.registered',
-    'server.deregistered',
-    'server.health_check',
-    'workflow.created',
-    'workflow.executed',
-    'workflow.failed',
-    'workflow.completed',
-    'permission.checked',
-    'permission.denied',
-    'rate_limit.exceeded',
-    'token.issued',
-    'token.revoked',
-    'admin.action',
-]);
-export const AuditEventSchema = z.object({
-    id: z.string(),
-    type: AuditEventTypeSchema,
-    timestamp: z.string(),
-    agentId: z.string().optional(),
-    agentName: z.string().optional(),
-    sessionId: z.string().optional(),
-    requestId: z.string(),
-    ipAddress: z.string().optional(),
-    userAgent: z.string().optional(),
-    resourceType: z.string().optional(),
-    resourceId: z.string().optional(),
-    action: z.string(),
-    result: z.enum(['success', 'denied', 'error']),
-    reason: z.string().optional(),
-    metadata: z.record(z.any()).default({}),
-    context: z.record(z.any()).default({}),
-});
-export const PolicyRuleSchema = z.object({
-    id: z.string(),
-    name: z.string(),
-    description: z.string().optional(),
-    enabled: z.boolean().default(true),
-    priority: z.number().default(0),
-    conditions: z.array(z.object({
-        field: z.string(),
-        operator: z.enum(['equals', 'not_equals', 'contains', 'not_contains', 'in', 'not_in', 'greater_than', 'less_than']),
-        value: z.unknown(),
-    })).default([]),
-    effect: z.enum(['allow', 'deny', 'audit', 'rate_limit']),
-    actions: z.array(z.string()).default([]),
-    metadata: z.record(z.any()).default({}),
-});
-export const GovernancePolicySchema = z.object({
-    id: z.string(),
-    name: z.string(),
-    description: z.string(),
-    version: z.string().default('1.0.0'),
-    enabled: z.boolean().default(true),
-    rules: z.array(PolicyRuleSchema).default([]),
-    defaultEffect: z.enum(['allow', 'deny']).default('allow'),
-    auditEnabled: z.boolean().default(true),
-    complianceFrameworks: z.array(z.string()).default([]),
-    createdAt: z.string(),
-    updatedAt: z.string(),
-});
-//# sourceMappingURL=types.js.map

package/dist/governance/types.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/governance/types.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,MAAM,CAAC,MAAM,oBAAoB,GAAG,CAAC,CAAC,IAAI,CAAC;IACzC,kBAAkB;IAClB,kBAAkB;IAClB,kBAAkB;IAClB,wBAAwB;IACxB,sBAAsB;IACtB,eAAe;IACf,eAAe;IACf,aAAa;IACb,YAAY;IACZ,mBAAmB;IACnB,qBAAqB;IACrB,qBAAqB;IACrB,kBAAkB;IAClB,mBAAmB;IACnB,iBAAiB;IACjB,oBAAoB;IACpB,oBAAoB;IACpB,mBAAmB;IACnB,qBAAqB;IACrB,cAAc;IACd,eAAe;IACf,cAAc;CACf,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,CAAC,MAAM,CAAC;IACvC,EAAE,EAAE,CAAC,CAAC,MAAM,EAAE;IACd,IAAI,EAAE,oBAAoB;IAC1B,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE;IACrB,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC9B,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAChC,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAChC,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE;IACrB,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAChC,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAChC,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACnC,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACjC,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE;IAClB,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,SAAS,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;IAC9C,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC7B,QAAQ,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC;IACvC,OAAO,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC;CACvC,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,CAAC,MAAM,CAAC;IACvC,EAAE,EAAE,CAAC,CAAC,MAAM,EAAE;IACd,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE;IAChB,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAClC,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;IAClC,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,CAAC,CAAC;IAC/B,UAAU,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC;QAC3B,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE;QACjB,QAAQ,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,YAAY,EAAE,UAAU,EAAE,cAAc,EAAE,IAAI,EAAE,QAAQ,EAAE,cAAc,EAAE,WAAW,CAAC,CAAC;QACnH,KAAK,EAAE,CAAC,CAAC,OAAO,EAAE;KACnB,CAAC,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC;IACf,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,YAAY,CAAC,CAAC;IACxD,OAAO,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC;IACxC,QAAQ,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC;CACxC,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,sBAAsB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC7C,EAAE,EAAE,CAAC,CAAC,MAAM,EAAE;IACd,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE;IAChB,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE;IACvB,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,OAAO,CAAC;IACpC,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;IAClC,KAAK,EAAE,CAAC,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC;IAC5C,aAAa,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC;IACzD,YAAY,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;IACvC,oBAAoB,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC;IACrD,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE;IACrB,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE;CACtB,CAAC,CAAC"}

package/dist/identity/access-control.d.ts

@@ -1,15 +0,0 @@
-import type { IdentityContext, Permission } from './types.js';
-import type { Tool, Server } from '../types/index.js';
-export interface AccessDecision {
-    allowed: boolean;
-    reason: string;
-    constraints?: Record<string, unknown>;
-}
-export declare class AccessControl {
-    checkToolAccess(context: IdentityContext, tool: Tool): AccessDecision;
-    checkServerAccess(context: IdentityContext, server: Server): AccessDecision;
-    checkPermission(context: IdentityContext, permission: Permission): AccessDecision;
-    checkRateLimit(context: IdentityContext, currentCount: number, window: 'minute' | 'hour'): AccessDecision;
-    sanitizeContext(context: IdentityContext, tool: Tool): Record<string, unknown>;
-}
-//# sourceMappingURL=access-control.d.ts.map

package/dist/identity/access-control.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"access-control.d.ts","sourceRoot":"","sources":["../../src/identity/access-control.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAC9D,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,mBAAmB,CAAC;AAEtD,MAAM,WAAW,cAAc;IAC7B,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACvC;AAED,qBAAa,aAAa;IACxB,eAAe,CAAC,OAAO,EAAE,eAAe,EAAE,IAAI,EAAE,IAAI,GAAG,cAAc;IA4CrE,iBAAiB,CAAC,OAAO,EAAE,eAAe,EAAE,MAAM,EAAE,MAAM,GAAG,cAAc;IAmB3E,eAAe,CAAC,OAAO,EAAE,eAAe,EAAE,UAAU,EAAE,UAAU,GAAG,cAAc;IAOjF,cAAc,CAAC,OAAO,EAAE,eAAe,EAAE,YAAY,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,GAAG,MAAM,GAAG,cAAc;IAmBzG,eAAe,CAAC,OAAO,EAAE,eAAe,EAAE,IAAI,EAAE,IAAI,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC;CAmB/E"}