npm - palaryn - Versions diffs - 0.1.0 → 0.3.2 - Mend

palaryn 0.1.0 → 0.3.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (344) hide show

package/README.md +243 -588
package/dist/sdk/typescript/src/client.js +2 -2
package/dist/sdk/typescript/src/client.js.map +1 -1
package/dist/src/anomaly/detector.d.ts +7 -4
package/dist/src/anomaly/detector.d.ts.map +1 -1
package/dist/src/anomaly/detector.js +22 -12
package/dist/src/anomaly/detector.js.map +1 -1
package/dist/src/audit/logger.d.ts +10 -0
package/dist/src/audit/logger.d.ts.map +1 -1
package/dist/src/audit/logger.js +52 -38
package/dist/src/audit/logger.js.map +1 -1
package/dist/src/auth/routes.d.ts.map +1 -1
package/dist/src/auth/routes.js +35 -0
package/dist/src/auth/routes.js.map +1 -1
package/dist/src/budget/manager.d.ts +5 -0
package/dist/src/budget/manager.d.ts.map +1 -1
package/dist/src/budget/manager.js +32 -0
package/dist/src/budget/manager.js.map +1 -1
package/dist/src/budget/model-pricing.d.ts +20 -0
package/dist/src/budget/model-pricing.d.ts.map +1 -0
package/dist/src/budget/model-pricing.js +107 -0
package/dist/src/budget/model-pricing.js.map +1 -0
package/dist/src/budget/usage-extractor.d.ts +3 -1
package/dist/src/budget/usage-extractor.d.ts.map +1 -1
package/dist/src/budget/usage-extractor.js +47 -3
package/dist/src/budget/usage-extractor.js.map +1 -1
package/dist/src/config/defaults.d.ts.map +1 -1
package/dist/src/config/defaults.js +65 -13
package/dist/src/config/defaults.js.map +1 -1
package/dist/src/dlp/tool-patterns.d.ts +7 -0
package/dist/src/dlp/tool-patterns.d.ts.map +1 -0
package/dist/src/dlp/tool-patterns.js +34 -0
package/dist/src/dlp/tool-patterns.js.map +1 -0
package/dist/src/executor/filesystem-executor.d.ts +28 -0
package/dist/src/executor/filesystem-executor.d.ts.map +1 -0
package/dist/src/executor/filesystem-executor.js +192 -0
package/dist/src/executor/filesystem-executor.js.map +1 -0
package/dist/src/executor/http-executor.d.ts.map +1 -1
package/dist/src/executor/http-executor.js +22 -2
package/dist/src/executor/http-executor.js.map +1 -1
package/dist/src/executor/index.d.ts +4 -0
package/dist/src/executor/index.d.ts.map +1 -1
package/dist/src/executor/index.js +9 -1
package/dist/src/executor/index.js.map +1 -1
package/dist/src/executor/shell-executor.d.ts +22 -0
package/dist/src/executor/shell-executor.d.ts.map +1 -0
package/dist/src/executor/shell-executor.js +119 -0
package/dist/src/executor/shell-executor.js.map +1 -0
package/dist/src/executor/sql-executor.d.ts +29 -0
package/dist/src/executor/sql-executor.d.ts.map +1 -0
package/dist/src/executor/sql-executor.js +114 -0
package/dist/src/executor/sql-executor.js.map +1 -0
package/dist/src/executor/websocket-executor.d.ts +26 -0
package/dist/src/executor/websocket-executor.d.ts.map +1 -0
package/dist/src/executor/websocket-executor.js +205 -0
package/dist/src/executor/websocket-executor.js.map +1 -0
package/dist/src/interceptor/index.d.ts +2 -0
package/dist/src/interceptor/index.d.ts.map +1 -0
package/dist/src/interceptor/index.js +6 -0
package/dist/src/interceptor/index.js.map +1 -0
package/dist/src/interceptor/provider-interceptor.d.ts +36 -0
package/dist/src/interceptor/provider-interceptor.d.ts.map +1 -0
package/dist/src/interceptor/provider-interceptor.js +302 -0
package/dist/src/interceptor/provider-interceptor.js.map +1 -0
package/dist/src/mcp/auth-verifier.d.ts.map +1 -1
package/dist/src/mcp/auth-verifier.js +3 -2
package/dist/src/mcp/auth-verifier.js.map +1 -1
package/dist/src/mcp/bridge.d.ts +14 -10
package/dist/src/mcp/bridge.d.ts.map +1 -1
package/dist/src/mcp/bridge.js +51 -227
package/dist/src/mcp/bridge.js.map +1 -1
package/dist/src/mcp/http-transport.d.ts +2 -0
package/dist/src/mcp/http-transport.d.ts.map +1 -1
package/dist/src/mcp/http-transport.js +117 -66
package/dist/src/mcp/http-transport.js.map +1 -1
package/dist/src/mcp/internal-auth.d.ts +13 -0
package/dist/src/mcp/internal-auth.d.ts.map +1 -0
package/dist/src/mcp/internal-auth.js +12 -0
package/dist/src/mcp/internal-auth.js.map +1 -0
package/dist/src/mcp/tool-definitions.d.ts +41 -0
package/dist/src/mcp/tool-definitions.d.ts.map +1 -0
package/dist/src/mcp/tool-definitions.js +491 -0
package/dist/src/mcp/tool-definitions.js.map +1 -0
package/dist/src/middleware/auth.js.map +1 -1
package/dist/src/middleware/session.js.map +1 -1
package/dist/src/middleware/validate.d.ts +8 -0
package/dist/src/middleware/validate.d.ts.map +1 -1
package/dist/src/middleware/validate.js +45 -0
package/dist/src/middleware/validate.js.map +1 -1
package/dist/src/policy/engine.d.ts +4 -0
package/dist/src/policy/engine.d.ts.map +1 -1
package/dist/src/policy/engine.js +117 -0
package/dist/src/policy/engine.js.map +1 -1
package/dist/src/saas/routes.d.ts.map +1 -1
package/dist/src/saas/routes.js +355 -22
package/dist/src/saas/routes.js.map +1 -1
package/dist/src/server/app.d.ts.map +1 -1
package/dist/src/server/app.js +24 -3
package/dist/src/server/app.js.map +1 -1
package/dist/src/server/gateway.d.ts.map +1 -1
package/dist/src/server/gateway.js +17 -0
package/dist/src/server/gateway.js.map +1 -1
package/dist/src/server/index.d.ts.map +1 -1
package/dist/src/server/index.js +18 -0
package/dist/src/server/index.js.map +1 -1
package/dist/src/storage/interfaces.d.ts +14 -3
package/dist/src/storage/interfaces.d.ts.map +1 -1
package/dist/src/storage/memory.d.ts +2 -0
package/dist/src/storage/memory.d.ts.map +1 -1
package/dist/src/storage/memory.js +6 -0
package/dist/src/storage/memory.js.map +1 -1
package/dist/src/storage/postgres.d.ts +5 -0
package/dist/src/storage/postgres.d.ts.map +1 -1
package/dist/src/storage/postgres.js +16 -0
package/dist/src/storage/postgres.js.map +1 -1
package/dist/src/storage/redis.d.ts +10 -0
package/dist/src/storage/redis.d.ts.map +1 -1
package/dist/src/storage/redis.js +65 -0
package/dist/src/storage/redis.js.map +1 -1
package/dist/src/types/budget.d.ts +4 -0
package/dist/src/types/budget.d.ts.map +1 -1
package/dist/src/types/config.d.ts +58 -0
package/dist/src/types/config.d.ts.map +1 -1
package/dist/src/types/events.d.ts +1 -0
package/dist/src/types/events.d.ts.map +1 -1
package/dist/src/types/policy.d.ts +11 -1
package/dist/src/types/policy.d.ts.map +1 -1
package/dist/src/types/tool-result.d.ts +11 -0
package/dist/src/types/tool-result.d.ts.map +1 -1
package/dist/tests/unit/app-routes.test.d.ts +2 -0
package/dist/tests/unit/app-routes.test.d.ts.map +1 -0
package/dist/tests/unit/app-routes.test.js +715 -0
package/dist/tests/unit/app-routes.test.js.map +1 -0
package/dist/tests/unit/audit-logger.test.js +105 -0
package/dist/tests/unit/audit-logger.test.js.map +1 -1
package/dist/tests/unit/auth-providers.test.d.ts +2 -0
package/dist/tests/unit/auth-providers.test.d.ts.map +1 -0
package/dist/tests/unit/auth-providers.test.js +279 -0
package/dist/tests/unit/auth-providers.test.js.map +1 -0
package/dist/tests/unit/auth-routes-extended.test.d.ts +2 -0
package/dist/tests/unit/auth-routes-extended.test.d.ts.map +1 -0
package/dist/tests/unit/auth-routes-extended.test.js +993 -0
package/dist/tests/unit/auth-routes-extended.test.js.map +1 -0
package/dist/tests/unit/auth-verifier.test.d.ts +2 -0
package/dist/tests/unit/auth-verifier.test.d.ts.map +1 -0
package/dist/tests/unit/auth-verifier.test.js +505 -0
package/dist/tests/unit/auth-verifier.test.js.map +1 -0
package/dist/tests/unit/billing-routes.test.d.ts +2 -0
package/dist/tests/unit/billing-routes.test.d.ts.map +1 -0
package/dist/tests/unit/billing-routes.test.js +432 -0
package/dist/tests/unit/billing-routes.test.js.map +1 -0
package/dist/tests/unit/config-defaults.test.d.ts +2 -0
package/dist/tests/unit/config-defaults.test.d.ts.map +1 -0
package/dist/tests/unit/config-defaults.test.js +119 -0
package/dist/tests/unit/config-defaults.test.js.map +1 -0
package/dist/tests/unit/defaults.test.js +0 -10
package/dist/tests/unit/defaults.test.js.map +1 -1
package/dist/tests/unit/filesystem-executor.test.d.ts +2 -0
package/dist/tests/unit/filesystem-executor.test.d.ts.map +1 -0
package/dist/tests/unit/filesystem-executor.test.js +280 -0
package/dist/tests/unit/filesystem-executor.test.js.map +1 -0
package/dist/tests/unit/gateway-branches.test.d.ts +2 -0
package/dist/tests/unit/gateway-branches.test.d.ts.map +1 -0
package/dist/tests/unit/gateway-branches.test.js +1039 -0
package/dist/tests/unit/gateway-branches.test.js.map +1 -0
package/dist/tests/unit/http-executor-branches.test.d.ts +2 -0
package/dist/tests/unit/http-executor-branches.test.d.ts.map +1 -0
package/dist/tests/unit/http-executor-branches.test.js +495 -0
package/dist/tests/unit/http-executor-branches.test.js.map +1 -0
package/dist/tests/unit/logger.test.d.ts +2 -0
package/dist/tests/unit/logger.test.d.ts.map +1 -0
package/dist/tests/unit/logger.test.js +97 -0
package/dist/tests/unit/logger.test.js.map +1 -0
package/dist/tests/unit/mcp-internal-auth.test.d.ts +2 -0
package/dist/tests/unit/mcp-internal-auth.test.d.ts.map +1 -0
package/dist/tests/unit/mcp-internal-auth.test.js +445 -0
package/dist/tests/unit/mcp-internal-auth.test.js.map +1 -0
package/dist/tests/unit/metrics.test.js +102 -0
package/dist/tests/unit/metrics.test.js.map +1 -1
package/dist/tests/unit/model-pricing.test.d.ts +2 -0
package/dist/tests/unit/model-pricing.test.d.ts.map +1 -0
package/dist/tests/unit/model-pricing.test.js +87 -0
package/dist/tests/unit/model-pricing.test.js.map +1 -0
package/dist/tests/unit/oauth-stores.test.d.ts +2 -0
package/dist/tests/unit/oauth-stores.test.d.ts.map +1 -0
package/dist/tests/unit/oauth-stores.test.js +260 -0
package/dist/tests/unit/oauth-stores.test.js.map +1 -0
package/dist/tests/unit/policy-engine.test.js +466 -0
package/dist/tests/unit/policy-engine.test.js.map +1 -1
package/dist/tests/unit/provider-interceptor.test.d.ts +2 -0
package/dist/tests/unit/provider-interceptor.test.d.ts.map +1 -0
package/dist/tests/unit/provider-interceptor.test.js +472 -0
package/dist/tests/unit/provider-interceptor.test.js.map +1 -0
package/dist/tests/unit/saas-routes-branches.test.d.ts +2 -0
package/dist/tests/unit/saas-routes-branches.test.d.ts.map +1 -0
package/dist/tests/unit/saas-routes-branches.test.js +2165 -0
package/dist/tests/unit/saas-routes-branches.test.js.map +1 -0
package/dist/tests/unit/saas-routes-crud.test.d.ts +2 -0
package/dist/tests/unit/saas-routes-crud.test.d.ts.map +1 -0
package/dist/tests/unit/saas-routes-crud.test.js +332 -0
package/dist/tests/unit/saas-routes-crud.test.js.map +1 -0
package/dist/tests/unit/saas-routes-data.test.d.ts +2 -0
package/dist/tests/unit/saas-routes-data.test.d.ts.map +1 -0
package/dist/tests/unit/saas-routes-data.test.js +405 -0
package/dist/tests/unit/saas-routes-data.test.js.map +1 -0
package/dist/tests/unit/saas-routes.test.js +3 -3
package/dist/tests/unit/saas-routes.test.js.map +1 -1
package/dist/tests/unit/shell-executor.test.d.ts +2 -0
package/dist/tests/unit/shell-executor.test.d.ts.map +1 -0
package/dist/tests/unit/shell-executor.test.js +145 -0
package/dist/tests/unit/shell-executor.test.js.map +1 -0
package/dist/tests/unit/sql-executor.test.d.ts +2 -0
package/dist/tests/unit/sql-executor.test.d.ts.map +1 -0
package/dist/tests/unit/sql-executor.test.js +177 -0
package/dist/tests/unit/sql-executor.test.js.map +1 -0
package/dist/tests/unit/stream-proxy.test.d.ts +2 -0
package/dist/tests/unit/stream-proxy.test.d.ts.map +1 -0
package/dist/tests/unit/stream-proxy.test.js +147 -0
package/dist/tests/unit/stream-proxy.test.js.map +1 -0
package/dist/tests/unit/tool-definitions.test.d.ts +2 -0
package/dist/tests/unit/tool-definitions.test.d.ts.map +1 -0
package/dist/tests/unit/tool-definitions.test.js +184 -0
package/dist/tests/unit/tool-definitions.test.js.map +1 -0
package/dist/tests/unit/usage-extractor.test.js +140 -0
package/dist/tests/unit/usage-extractor.test.js.map +1 -1
package/dist/tests/unit/webhook-handler.test.d.ts +2 -0
package/dist/tests/unit/webhook-handler.test.d.ts.map +1 -0
package/dist/tests/unit/webhook-handler.test.js +453 -0
package/dist/tests/unit/webhook-handler.test.js.map +1 -0
package/dist/tests/unit/webhook-routes.test.d.ts +2 -0
package/dist/tests/unit/webhook-routes.test.d.ts.map +1 -0
package/dist/tests/unit/webhook-routes.test.js +69 -0
package/dist/tests/unit/webhook-routes.test.js.map +1 -0
package/dist/tests/unit/websocket-executor.test.d.ts +2 -0
package/dist/tests/unit/websocket-executor.test.d.ts.map +1 -0
package/dist/tests/unit/websocket-executor.test.js +121 -0
package/dist/tests/unit/websocket-executor.test.js.map +1 -0
package/package.json +8 -2
package/policy-packs/demo_fail.yaml +41 -0
package/policy-packs/full_tools.yaml +136 -0
package/src/admin/index.ts +1 -0
package/src/admin/routes.ts +509 -0
package/src/admin/templates.ts +572 -0
package/src/anomaly/detector.ts +730 -0
package/src/anomaly/index.ts +1 -0
package/src/approval/manager.ts +569 -0
package/src/approval/webhook.ts +133 -0
package/src/audit/logger.ts +490 -0
package/src/auth/index.ts +5 -0
package/src/auth/password.ts +21 -0
package/src/auth/pkce.ts +22 -0
package/src/auth/providers.ts +208 -0
package/src/auth/routes.ts +561 -0
package/src/auth/session.ts +84 -0
package/src/billing/index.ts +6 -0
package/src/billing/plan-enforcer.ts +135 -0
package/src/billing/routes.ts +229 -0
package/src/billing/stripe-client.ts +58 -0
package/src/billing/webhook-handler.ts +182 -0
package/src/billing/webhook-routes.ts +28 -0
package/src/budget/manager.ts +679 -0
package/src/budget/model-pricing.ts +119 -0
package/src/budget/usage-extractor.ts +214 -0
package/src/cli.ts +91 -0
package/src/config/defaults.ts +261 -0
package/src/config/validate.ts +88 -0
package/src/dlp/composite-scanner.ts +213 -0
package/src/dlp/index.ts +9 -0
package/src/dlp/interfaces.ts +34 -0
package/src/dlp/patterns.ts +30 -0
package/src/dlp/prompt-injection-backend.ts +181 -0
package/src/dlp/prompt-injection-patterns.ts +302 -0
package/src/dlp/regex-backend.ts +181 -0
package/src/dlp/scanner.ts +502 -0
package/src/dlp/text-normalizer.ts +225 -0
package/src/dlp/tool-patterns.ts +35 -0
package/src/dlp/trufflehog-backend.ts +190 -0
package/src/executor/filesystem-executor.ts +196 -0
package/src/executor/http-executor.ts +349 -0
package/src/executor/index.ts +9 -0
package/src/executor/interfaces.ts +11 -0
package/src/executor/noop-executor.ts +23 -0
package/src/executor/registry.ts +64 -0
package/src/executor/shell-executor.ts +148 -0
package/src/executor/slack-executor.ts +176 -0
package/src/executor/sql-executor.ts +146 -0
package/src/executor/websocket-executor.ts +211 -0
package/src/index.ts +24 -0
package/src/interceptor/index.ts +1 -0
package/src/interceptor/provider-interceptor.ts +315 -0
package/src/mcp/auth-verifier.ts +152 -0
package/src/mcp/bridge.ts +703 -0
package/src/mcp/http-transport.ts +698 -0
package/src/mcp/index.ts +9 -0
package/src/mcp/internal-auth.ts +14 -0
package/src/mcp/oauth-pages.ts +139 -0
package/src/mcp/oauth-postgres-stores.ts +278 -0
package/src/mcp/oauth-provider.ts +536 -0
package/src/mcp/oauth-stores.ts +202 -0
package/src/mcp/server.ts +55 -0
package/src/mcp/tool-definitions.ts +562 -0
package/src/metrics/collector.ts +357 -0
package/src/metrics/index.ts +1 -0
package/src/middleware/auth.ts +814 -0
package/src/middleware/session.ts +85 -0
package/src/middleware/validate.ts +130 -0
package/src/policy/engine.ts +815 -0
package/src/policy/index.ts +2 -0
package/src/policy/opa-engine.ts +829 -0
package/src/proxy/forward-proxy.ts +649 -0
package/src/proxy/index.ts +1 -0
package/src/ratelimit/limiter.ts +196 -0
package/src/replay/engine.ts +142 -0
package/src/replay/index.ts +1 -0
package/src/saas/index.ts +1 -0
package/src/saas/routes.ts +2178 -0
package/src/server/app.ts +985 -0
package/src/server/errors.ts +49 -0
package/src/server/gateway.ts +1130 -0
package/src/server/index.ts +307 -0
package/src/server/logger.ts +255 -0
package/src/server/stream-proxy.ts +202 -0
package/src/storage/file-persistence.ts +315 -0
package/src/storage/index.ts +4 -0
package/src/storage/interfaces.ts +287 -0
package/src/storage/memory.ts +686 -0
package/src/storage/postgres.ts +1831 -0
package/src/storage/redis.ts +835 -0
package/src/tracing/index.ts +1 -0
package/src/tracing/provider.ts +100 -0
package/src/trust/calculator.ts +141 -0
package/src/trust/index.ts +7 -0
package/src/types/budget.ts +36 -0
package/src/types/config.ts +278 -0
package/src/types/events.ts +41 -0
package/src/types/express.d.ts +14 -0
package/src/types/index.ts +7 -0
package/src/types/policy.ts +83 -0
package/src/types/stripe-config.ts +11 -0
package/src/types/subscription.ts +59 -0
package/src/types/tool-call.ts +47 -0
package/src/types/tool-result.ts +82 -0
package/src/types/user.ts +125 -0
package/tsconfig.json +24 -0

package/dist/tests/unit/gateway-branches.test.js ADDED Viewed

@@ -0,0 +1,1039 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+const http = __importStar(require("http"));
+const gateway_1 = require("../../src/server/gateway");
+const metrics_1 = require("../../src/metrics");
+const tracing_1 = require("../../src/tracing");
+// ---------------------------------------------------------------------------
+// Local test HTTP server
+// ---------------------------------------------------------------------------
+let testServer;
+let testPort;
+beforeAll((done) => {
+    testServer = http.createServer((req, res) => {
+        res.writeHead(200, { 'Content-Type': 'application/json' });
+        res.end(JSON.stringify({ ok: true }));
+    });
+    testServer.listen(0, '127.0.0.1', () => {
+        testPort = testServer.address().port;
+        done();
+    });
+});
+afterAll((done) => {
+    testServer.close(done);
+});
+// ---------------------------------------------------------------------------
+// Test config factory
+// ---------------------------------------------------------------------------
+function testConfig(overrides) {
+    return {
+        port: 0,
+        host: '127.0.0.1',
+        auth: { enabled: false, api_keys: {} },
+        policy: { pack_path: './policy-packs/dev_fast.yaml', default_effect: 'ALLOW', hot_reload: false },
+        dlp: { enabled: false, scan_args: false, scan_output: false, secrets_detection: false, pii_detection: false, default_redaction_method: 'mask' },
+        budget: { task_budget_usd: 100, max_steps_per_task: 1000, max_retries_per_call: 3, max_wall_clock_ms: 300000 },
+        audit: { enabled: false, log_dir: '', console_output: false, retention_days: 30 },
+        executor: { http: { timeout_ms: 5000, max_retries: 1, backoff_base_ms: 100 }, cache: { enabled: false, ttl_ms: 0 } },
+        approval: { enabled: false, token_secret: 'test-secret', default_ttl_seconds: 3600 },
+        ...overrides,
+    };
+}
+// ---------------------------------------------------------------------------
+// Tool call builder
+// ---------------------------------------------------------------------------
+let callCounter = 0;
+function buildToolCall(overrides) {
+    callCounter++;
+    return {
+        tool_call_id: `tc-branch-${Date.now()}-${callCounter}`,
+        task_id: 'task-branch-001',
+        workspace_id: 'ws-test',
+        actor: { type: 'agent', id: 'test-agent' },
+        source: { platform: 'unit-test' },
+        tool: { name: 'http.request', capability: 'read' },
+        args: { method: 'GET', url: `http://127.0.0.1:${testPort}/get` },
+        ...overrides,
+    };
+}
+/** Disable SSRF protection so tests can reach 127.0.0.1 */
+function disableSSRF(gw) {
+    gw.getHttpExecutor().ssrfProtectionEnabled = false;
+    return gw;
+}
+// ===========================================================================
+// Tests
+// ===========================================================================
+describe('Gateway Branches', () => {
+    // =========================================================================
+    // 1. DLP scanning branches in preExecute
+    // =========================================================================
+    describe('DLP scanning branches in preExecute', () => {
+        let gateway;
+        afterEach(() => {
+            gateway.shutdown();
+        });
+        it('detects secrets in args when DLP is enabled and scan_args is true', async () => {
+            gateway = disableSSRF(new gateway_1.Gateway(testConfig({
+                dlp: {
+                    enabled: true,
+                    scan_args: true,
+                    scan_output: false,
+                    secrets_detection: true,
+                    pii_detection: false,
+                    default_redaction_method: 'mask',
+                },
+            })));
+            const tc = buildToolCall({
+                args: {
+                    method: 'GET',
+                    url: `http://127.0.0.1:${testPort}/get`,
+                    api_key: 'AKIAIOSFODNN7EXAMPLE',
+                },
+            });
+            const pre = await gateway.preExecute(tc);
+            // DLP should detect the AWS key pattern in args
+            expect(pre.argsDlp).toBeDefined();
+            expect(pre.argsDlp.detected.length).toBeGreaterThan(0);
+            expect(pre.argsDlp.detected.some((d) => d.includes('aws') || d.includes('secret') || d.includes('key'))).toBe(true);
+        });
+        it('returns severity high when AWS key is detected in args', async () => {
+            gateway = disableSSRF(new gateway_1.Gateway(testConfig({
+                dlp: {
+                    enabled: true,
+                    scan_args: true,
+                    scan_output: false,
+                    secrets_detection: true,
+                    pii_detection: false,
+                    default_redaction_method: 'mask',
+                },
+            })));
+            const tc = buildToolCall({
+                args: {
+                    method: 'GET',
+                    url: `http://127.0.0.1:${testPort}/get`,
+                    secret: 'AKIAIOSFODNN7EXAMPLE',
+                },
+            });
+            const pre = await gateway.preExecute(tc);
+            expect(pre.argsDlp).toBeDefined();
+            expect(pre.argsDlp.severity).toBe('high');
+        });
+        it('blocks when DLP severity is critical via policy default_effect DENY and DLP detection', async () => {
+            // With default_effect DENY and DLP detection the policy will deny
+            gateway = disableSSRF(new gateway_1.Gateway(testConfig({
+                policy: { pack_path: './policy-packs/dev_fast.yaml', default_effect: 'DENY', hot_reload: false },
+                dlp: {
+                    enabled: true,
+                    scan_args: true,
+                    scan_output: false,
+                    secrets_detection: true,
+                    pii_detection: true,
+                    default_redaction_method: 'mask',
+                },
+            })));
+            const tc = buildToolCall({
+                args: {
+                    method: 'GET',
+                    url: `http://127.0.0.1:${testPort}/get`,
+                    credentials: 'AKIAIOSFODNN7EXAMPLE',
+                },
+            });
+            const pre = await gateway.preExecute(tc);
+            // DLP detects secrets; the request should still be allowed by policy (dev_fast allows reads)
+            // but the DLP info should be attached
+            expect(pre.argsDlp).toBeDefined();
+            expect(pre.argsDlp.detected.length).toBeGreaterThan(0);
+        });
+        it('allows with DLP info when severity is low (no secrets/PII)', async () => {
+            // Disable PII detection to avoid matching on 127.0.0.1 in the URL
+            gateway = disableSSRF(new gateway_1.Gateway(testConfig({
+                dlp: {
+                    enabled: true,
+                    scan_args: true,
+                    scan_output: false,
+                    secrets_detection: true,
+                    pii_detection: false,
+                    default_redaction_method: 'mask',
+                },
+            })));
+            const tc = buildToolCall({
+                args: {
+                    method: 'GET',
+                    url: `http://127.0.0.1:${testPort}/get`,
+                    data: 'hello world',
+                },
+            });
+            const pre = await gateway.preExecute(tc);
+            expect(pre.allowed).toBe(true);
+            expect(pre.argsDlp).toBeDefined();
+            expect(pre.argsDlp.detected.length).toBe(0);
+            expect(pre.argsDlp.severity).toBe('low');
+        });
+        it('does not scan args when scan_args is false', async () => {
+            gateway = disableSSRF(new gateway_1.Gateway(testConfig({
+                dlp: {
+                    enabled: true,
+                    scan_args: false,
+                    scan_output: false,
+                    secrets_detection: true,
+                    pii_detection: true,
+                    default_redaction_method: 'mask',
+                },
+            })));
+            const tc = buildToolCall({
+                args: {
+                    method: 'GET',
+                    url: `http://127.0.0.1:${testPort}/get`,
+                    secret: 'AKIAIOSFODNN7EXAMPLE',
+                },
+            });
+            const pre = await gateway.preExecute(tc);
+            expect(pre.argsDlp).toBeDefined();
+            // When scan_args is false, no detections should be made
+            expect(pre.argsDlp.detected.length).toBe(0);
+        });
+        it('detects PII (credit card) in args when pii_detection is enabled', async () => {
+            gateway = disableSSRF(new gateway_1.Gateway(testConfig({
+                dlp: {
+                    enabled: true,
+                    scan_args: true,
+                    scan_output: false,
+                    secrets_detection: false,
+                    pii_detection: true,
+                    default_redaction_method: 'mask',
+                },
+            })));
+            const tc = buildToolCall({
+                args: {
+                    method: 'GET',
+                    url: `http://127.0.0.1:${testPort}/get`,
+                    card: '4111-1111-1111-1111',
+                },
+            });
+            const pre = await gateway.preExecute(tc);
+            expect(pre.argsDlp).toBeDefined();
+            expect(pre.argsDlp.detected.length).toBeGreaterThan(0);
+        });
+    });
+    // =========================================================================
+    // 2. Budget checking branches in preExecute
+    // =========================================================================
+    describe('Budget checking branches in preExecute', () => {
+        let gateway;
+        afterEach(() => {
+            gateway.shutdown();
+        });
+        it('blocks when task budget is exceeded (very low budget)', async () => {
+            gateway = disableSSRF(new gateway_1.Gateway(testConfig({
+                budget: {
+                    task_budget_usd: 0.0001,
+                    max_steps_per_task: 1000,
+                    max_retries_per_call: 3,
+                    max_wall_clock_ms: 300000,
+                },
+            })));
+            const tc = buildToolCall();
+            const pre = await gateway.preExecute(tc);
+            // With an extremely low budget, the estimated cost should exceed it
+            expect(pre.allowed).toBe(false);
+            expect(pre.result).toBeDefined();
+            expect(pre.result.status).toBe('blocked');
+            expect(pre.result.error).toContain('Budget exceeded');
+        });
+        it('blocks when step limit is exceeded', async () => {
+            gateway = disableSSRF(new gateway_1.Gateway(testConfig({
+                budget: {
+                    task_budget_usd: 100,
+                    max_steps_per_task: 1,
+                    max_retries_per_call: 3,
+                    max_wall_clock_ms: 300000,
+                },
+            })));
+            // First call should succeed (1 step allowed)
+            const tc1 = buildToolCall({ task_id: 'task-step-limit' });
+            const result1 = await gateway.execute(tc1);
+            expect(result1.status).toBe('ok');
+            // Second call on same task should be blocked (max_steps_per_task: 1)
+            const tc2 = buildToolCall({ task_id: 'task-step-limit' });
+            const result2 = await gateway.execute(tc2);
+            expect(result2.status).toBe('blocked');
+            expect(result2.error).toContain('Budget exceeded');
+        });
+        it('budget block includes budget report in the result', async () => {
+            gateway = disableSSRF(new gateway_1.Gateway(testConfig({
+                budget: {
+                    task_budget_usd: 0.0001,
+                    max_steps_per_task: 1000,
+                    max_retries_per_call: 3,
+                    max_wall_clock_ms: 300000,
+                },
+            })));
+            const tc = buildToolCall();
+            const result = await gateway.execute(tc);
+            expect(result.status).toBe('blocked');
+            expect(result.budget).toBeDefined();
+            expect(result.budget.estimated_cost_usd).toBeGreaterThanOrEqual(0);
+        });
+        it('blocks with workspace budget when workspace_daily_budget_usd is exceeded', async () => {
+            gateway = disableSSRF(new gateway_1.Gateway(testConfig({
+                budget: {
+                    task_budget_usd: 100,
+                    max_steps_per_task: 1000,
+                    max_retries_per_call: 3,
+                    max_wall_clock_ms: 300000,
+                    workspace_daily_budget_usd: 0.0001,
+                },
+            })));
+            const tc = buildToolCall();
+            const pre = await gateway.preExecute(tc);
+            expect(pre.allowed).toBe(false);
+            expect(pre.result).toBeDefined();
+            expect(pre.result.error).toContain('Budget exceeded');
+        });
+    });
+    // =========================================================================
+    // 3. Post-execute pipeline branches
+    // =========================================================================
+    describe('Post-execute pipeline branches', () => {
+        let gateway;
+        afterEach(() => {
+            gateway.shutdown();
+        });
+        it('DLP scans output when scan_output is true', async () => {
+            gateway = disableSSRF(new gateway_1.Gateway(testConfig({
+                dlp: {
+                    enabled: true,
+                    scan_args: false,
+                    scan_output: true,
+                    secrets_detection: true,
+                    pii_detection: true,
+                    default_redaction_method: 'mask',
+                },
+            })));
+            const tc = buildToolCall();
+            const result = await gateway.execute(tc);
+            // Even if output is clean, the DLP field should exist in the result
+            expect(result.status).toBe('ok');
+            expect(result.dlp).toBeDefined();
+            expect(result.dlp.severity).toBeDefined();
+        });
+        it('DLP output detections are included in result when output contains secrets', async () => {
+            // Create a server that returns a secret in the response body
+            const secretServer = http.createServer((req, res) => {
+                res.writeHead(200, { 'Content-Type': 'application/json' });
+                res.end(JSON.stringify({ api_key: 'AKIAIOSFODNN7EXAMPLE', data: 'test' }));
+            });
+            await new Promise((resolve) => {
+                secretServer.listen(0, '127.0.0.1', () => resolve());
+            });
+            const secretPort = secretServer.address().port;
+            gateway = disableSSRF(new gateway_1.Gateway(testConfig({
+                dlp: {
+                    enabled: true,
+                    scan_args: false,
+                    scan_output: true,
+                    secrets_detection: true,
+                    pii_detection: false,
+                    default_redaction_method: 'mask',
+                },
+            })));
+            const tc = buildToolCall({
+                args: { method: 'GET', url: `http://127.0.0.1:${secretPort}/data` },
+            });
+            const result = await gateway.execute(tc);
+            expect(result.status).toBe('ok');
+            expect(result.dlp).toBeDefined();
+            expect(result.dlp.detected.length).toBeGreaterThan(0);
+            await new Promise((resolve) => secretServer.close(() => resolve()));
+        });
+        it('budget is recorded after successful execution', async () => {
+            gateway = disableSSRF(new gateway_1.Gateway(testConfig()));
+            const tc = buildToolCall();
+            const result = await gateway.execute(tc);
+            expect(result.status).toBe('ok');
+            expect(result.budget).toBeDefined();
+            expect(result.budget.estimated_cost_usd).toBeGreaterThanOrEqual(0);
+            expect(result.budget.spent_cost_usd_task).toBeGreaterThanOrEqual(0);
+        });
+        it('records metrics (recordLLMUsage) when output has model/usage info', async () => {
+            // Create a server that returns LLM-style usage info
+            const llmServer = http.createServer((req, res) => {
+                res.writeHead(200, { 'Content-Type': 'application/json' });
+                res.end(JSON.stringify({
+                    model: 'gpt-4',
+                    usage: {
+                        prompt_tokens: 100,
+                        completion_tokens: 50,
+                        total_tokens: 150,
+                    },
+                    choices: [{ message: { content: 'Hello' } }],
+                }));
+            });
+            await new Promise((resolve) => {
+                llmServer.listen(0, '127.0.0.1', () => resolve());
+            });
+            const llmPort = llmServer.address().port;
+            const metrics = new metrics_1.GatewayMetrics();
+            gateway = disableSSRF(new gateway_1.Gateway(testConfig(), metrics));
+            const tc = buildToolCall({
+                args: { method: 'POST', url: `http://127.0.0.1:${llmPort}/v1/chat/completions`, model: 'gpt-4' },
+            });
+            const result = await gateway.execute(tc);
+            expect(result.status).toBe('ok');
+            // Metrics should have been recorded -- check that metricsText includes LLM data
+            const metricsText = await metrics.getMetrics();
+            expect(metricsText).toContain('palaryn_requests_total');
+            await new Promise((resolve) => llmServer.close(() => resolve()));
+        });
+        it('records tool execution metrics on success', async () => {
+            const metrics = new metrics_1.GatewayMetrics();
+            gateway = disableSSRF(new gateway_1.Gateway(testConfig(), metrics));
+            const tc = buildToolCall();
+            const result = await gateway.execute(tc);
+            expect(result.status).toBe('ok');
+            const metricsText = await metrics.getMetrics();
+            expect(metricsText).toContain('palaryn_requests_total');
+            // Should record an 'ok' status
+            expect(metricsText).toContain('status="ok"');
+        });
+    });
+    // =========================================================================
+    // 4. Anomaly detection branches
+    // =========================================================================
+    describe('Anomaly detection branches', () => {
+        let gateway;
+        afterEach(() => {
+            const detector = gateway.getAnomalyDetector();
+            if (detector)
+                detector.destroy();
+            gateway.shutdown();
+        });
+        it('anomaly detected logs but allows by default (action: log)', async () => {
+            gateway = disableSSRF(new gateway_1.Gateway(testConfig({
+                anomaly: {
+                    enabled: true,
+                    window_ms: 3600000,
+                    z_score_threshold: 3,
+                    min_samples: 10,
+                    action: 'log',
+                    track_actors: true,
+                    track_tools: true,
+                    track_workspaces: true,
+                },
+            })));
+            const tc = buildToolCall();
+            const pre = await gateway.preExecute(tc);
+            // With action 'log' (default), anomalies should not block
+            expect(pre.allowed).toBe(true);
+        });
+        it('anomaly detector is created when anomaly config is enabled', () => {
+            gateway = disableSSRF(new gateway_1.Gateway(testConfig({
+                anomaly: {
+                    enabled: true,
+                    window_ms: 3600000,
+                    z_score_threshold: 3,
+                    min_samples: 10,
+                    action: 'log',
+                },
+            })));
+            expect(gateway.getAnomalyDetector()).toBeDefined();
+        });
+        it('anomaly detector is not created when anomaly config is absent', () => {
+            gateway = disableSSRF(new gateway_1.Gateway(testConfig()));
+            expect(gateway.getAnomalyDetector()).toBeUndefined();
+        });
+        it('getAnomalyBaseline returns baseline data after requests', async () => {
+            gateway = disableSSRF(new gateway_1.Gateway(testConfig({
+                anomaly: {
+                    enabled: true,
+                    window_ms: 3600000,
+                    z_score_threshold: 3,
+                    min_samples: 1,
+                    action: 'log',
+                    track_actors: true,
+                    track_tools: true,
+                    track_workspaces: true,
+                },
+            })));
+            // Make a request so anomaly detector records data
+            const tc = buildToolCall();
+            await gateway.execute(tc);
+            const detector = gateway.getAnomalyDetector();
+            // After at least one request, the detector should have some baseline data
+            const baseline = detector.getBaseline('actor', 'test-agent', 'request_rate');
+            // Baseline may or may not exist depending on internal tracking, but the method should not throw
+            // The rolling window should have some data points
+            const report = detector.getBaselineReport();
+            expect(report).toBeDefined();
+            expect(report.current).toBeDefined();
+            expect(report.baseline).toBeDefined();
+        });
+        it('anomaly block when action is block and high severity alert', async () => {
+            // Use very low thresholds to trigger anomaly on burst
+            gateway = disableSSRF(new gateway_1.Gateway(testConfig({
+                anomaly: {
+                    enabled: true,
+                    window_ms: 60000,
+                    z_score_threshold: 0.01, // extremely low threshold to trigger easily
+                    min_samples: 2,
+                    action: 'block',
+                    track_actors: true,
+                    track_tools: true,
+                    track_workspaces: true,
+                },
+            })));
+            // Build a baseline first with unique task_ids to avoid idempotency
+            for (let i = 0; i < 5; i++) {
+                const tc = buildToolCall({ task_id: `task-anomaly-baseline-${i}` });
+                await gateway.preExecute(tc);
+            }
+            // The anomaly detector tracks request rate; with very low z_score_threshold
+            // subsequent requests should trigger anomaly alerts. However, blocking only
+            // happens if a 'high' severity alert is present. The severity assignment
+            // depends on z-scores. We verify the gateway respects the block action config.
+            const tc = buildToolCall({ task_id: 'task-anomaly-block' });
+            const pre = await gateway.preExecute(tc);
+            // The result depends on whether alerts met the 'high' severity threshold.
+            // We primarily test that the code path does not throw.
+            expect(pre).toBeDefined();
+            expect(typeof pre.allowed).toBe('boolean');
+        });
+    });
+    // =========================================================================
+    // 5. reportUsage method
+    // =========================================================================
+    describe('reportUsage method', () => {
+        let gateway;
+        afterEach(() => {
+            gateway.shutdown();
+        });
+        it('records cost via reportUsage with valid usage data', () => {
+            const metrics = new metrics_1.GatewayMetrics();
+            gateway = new gateway_1.Gateway(testConfig(), metrics);
+            // This should not throw
+            gateway.reportUsage({
+                tool_call_id: 'tc-usage-001',
+                task_id: 'task-usage-001',
+                workspace_id: 'ws-test',
+                actor_id: 'test-agent',
+                actual_cost_usd: 0.05,
+            });
+            // No exception = success. We can verify via metrics.
+            expect(true).toBe(true);
+        });
+        it('records token usage via reportUsage with LLM usage data', async () => {
+            const metrics = new metrics_1.GatewayMetrics();
+            gateway = new gateway_1.Gateway(testConfig(), metrics);
+            gateway.reportUsage({
+                tool_call_id: 'tc-usage-002',
+                task_id: 'task-usage-002',
+                workspace_id: 'ws-test',
+                actor_id: 'test-agent',
+                actual_cost_usd: 0.10,
+                usage: {
+                    input_tokens: 500,
+                    output_tokens: 200,
+                    total_tokens: 700,
+                },
+            });
+            const metricsText = await metrics.getMetrics();
+            // Should contain cost and token counters
+            expect(metricsText).toContain('palaryn_cost_usd_total');
+            expect(metricsText).toContain('palaryn_token_usage_total');
+        });
+        it('reportUsage works without metrics (no crash)', () => {
+            gateway = new gateway_1.Gateway(testConfig());
+            // No metrics passed, should not throw
+            gateway.reportUsage({
+                tool_call_id: 'tc-usage-003',
+                task_id: 'task-usage-003',
+                actual_cost_usd: 0.01,
+            });
+        });
+        it('reportUsage handles missing workspace and actor', () => {
+            gateway = new gateway_1.Gateway(testConfig());
+            // workspace_id and actor_id not provided
+            gateway.reportUsage({
+                tool_call_id: 'tc-usage-004',
+                task_id: 'task-usage-004',
+            });
+        });
+    });
+    // =========================================================================
+    // 6. getTaskTrace
+    // =========================================================================
+    describe('getTaskTrace', () => {
+        let gateway;
+        afterEach(() => {
+            gateway.shutdown();
+        });
+        it('returns events filtered by task_id after execution', async () => {
+            gateway = disableSSRF(new gateway_1.Gateway(testConfig({
+                audit: { enabled: true, log_dir: '', console_output: false, retention_days: 30 },
+            })));
+            const taskId = `task-trace-${Date.now()}`;
+            const tc = buildToolCall({ task_id: taskId });
+            await gateway.execute(tc);
+            const trace = gateway.getTaskTrace(taskId);
+            expect(trace).toBeDefined();
+            expect(Array.isArray(trace)).toBe(true);
+            // There should be at least one audit event for this task
+            expect(trace.length).toBeGreaterThan(0);
+        });
+        it('returns empty array for unknown task_id', () => {
+            gateway = disableSSRF(new gateway_1.Gateway(testConfig({
+                audit: { enabled: true, log_dir: '', console_output: false, retention_days: 30 },
+            })));
+            const trace = gateway.getTaskTrace('nonexistent-task');
+            expect(trace).toBeDefined();
+            expect(Array.isArray(trace)).toBe(true);
+            expect(trace.length).toBe(0);
+        });
+    });
+    // =========================================================================
+    // 7. getCurrentPolicy / validatePolicy
+    // =========================================================================
+    describe('getCurrentPolicy / validatePolicy', () => {
+        let gateway;
+        afterEach(() => {
+            gateway.shutdown();
+        });
+        it('getCurrentPolicy returns the loaded policy pack', () => {
+            gateway = new gateway_1.Gateway(testConfig());
+            const policy = gateway.getCurrentPolicy();
+            expect(policy).toBeDefined();
+            expect(policy.name).toBeDefined();
+            expect(policy.rules).toBeDefined();
+            expect(Array.isArray(policy.rules)).toBe(true);
+            expect(policy.rules.length).toBeGreaterThan(0);
+        });
+        it('validatePolicy returns success for a valid pack', () => {
+            gateway = new gateway_1.Gateway(testConfig());
+            const pack = {
+                name: 'test-pack',
+                version: '1.0.0',
+                rules: [
+                    {
+                        name: 'allow-all',
+                        effect: 'ALLOW',
+                        priority: 1,
+                        conditions: {},
+                    },
+                ],
+            };
+            const result = gateway.validatePolicy(pack);
+            expect(result).toBeDefined();
+            expect(result.valid).toBe(true);
+        });
+        it('validatePolicy returns errors for an invalid pack', () => {
+            gateway = new gateway_1.Gateway(testConfig());
+            const pack = {
+                name: '',
+                version: '',
+                rules: [],
+            };
+            const result = gateway.validatePolicy(pack);
+            expect(result).toBeDefined();
+            // Depending on validation rules, this may or may not have errors
+            // At minimum, the method should return a result with a valid property
+            expect(typeof result.valid).toBe('boolean');
+        });
+    });
+    // =========================================================================
+    // 8. Tracing branches (when tracing is enabled)
+    // =========================================================================
+    describe('Tracing branches', () => {
+        let gateway;
+        afterEach(() => {
+            gateway.shutdown();
+        });
+        it('creates spans for execute when tracing is enabled', async () => {
+            const tracer = new tracing_1.GatewayTracer({
+                enabled: true,
+                service_name: 'palaryn-test',
+                use_simple_processor: true,
+                // Point to a non-existent endpoint so we don't need a real collector
+                otlp_endpoint: 'http://127.0.0.1:1/v1/traces',
+            });
+            tracer.setup();
+            gateway = disableSSRF(new gateway_1.Gateway(testConfig(), undefined, tracer));
+            const tc = buildToolCall();
+            const result = await gateway.execute(tc);
+            // The request should still succeed even with tracing enabled
+            expect(result.status).toBe('ok');
+            expect(result.timing).toBeDefined();
+            expect(result.timing.duration_ms).toBeGreaterThanOrEqual(0);
+            await tracer.shutdown();
+        });
+        it('records span errors on execution failure with tracing', async () => {
+            const tracer = new tracing_1.GatewayTracer({
+                enabled: true,
+                service_name: 'palaryn-test-error',
+                use_simple_processor: true,
+                otlp_endpoint: 'http://127.0.0.1:1/v1/traces',
+            });
+            tracer.setup();
+            gateway = disableSSRF(new gateway_1.Gateway(testConfig(), undefined, tracer));
+            // Register an executor that throws to trigger error span
+            class FailExecutor {
+                async execute() {
+                    throw new Error('Traced failure');
+                }
+            }
+            const registry = gateway.getExecutorRegistry();
+            const httpExec = registry.resolve('http.request');
+            registry.clear();
+            registry.register('fail.*', new FailExecutor());
+            registry.register('http.*', httpExec);
+            registry.register('*', httpExec);
+            const tc = buildToolCall({
+                tool: { name: 'fail.test', capability: 'read' },
+                args: {},
+            });
+            const result = await gateway.execute(tc);
+            expect(result.status).toBe('error');
+            expect(result.error).toContain('Traced failure');
+            await tracer.shutdown();
+        });
+        it('runs without spans when tracing is disabled (no tracer)', async () => {
+            gateway = disableSSRF(new gateway_1.Gateway(testConfig()));
+            const tc = buildToolCall();
+            const result = await gateway.execute(tc);
+            expect(result.status).toBe('ok');
+        });
+    });
+    // =========================================================================
+    // 9. Edge cases
+    // =========================================================================
+    describe('Edge cases', () => {
+        let gateway;
+        afterEach(() => {
+            gateway.shutdown();
+        });
+        it('preExecute with no matching executor does not crash (fallback exists)', async () => {
+            gateway = disableSSRF(new gateway_1.Gateway(testConfig()));
+            // The catch-all '*' executor exists by default, so even unknown tool names resolve
+            const tc = buildToolCall({
+                tool: { name: 'unknown.tool.xyz', capability: 'read' },
+                args: { method: 'GET', url: `http://127.0.0.1:${testPort}/get` },
+            });
+            const pre = await gateway.preExecute(tc);
+            // Should pass pre-execute (policy allows reads)
+            expect(pre.allowed).toBe(true);
+        });
+        it('execute with gateway shutting down reflects shutdown state', async () => {
+            gateway = disableSSRF(new gateway_1.Gateway(testConfig()));
+            expect(gateway.isShuttingDown).toBe(false);
+            // Execute a request first
+            const tc1 = buildToolCall();
+            const result1 = await gateway.execute(tc1);
+            expect(result1.status).toBe('ok');
+            // Shutdown the gateway
+            await gateway.shutdown();
+            expect(gateway.isShuttingDown).toBe(true);
+        });
+        it('preExecute sets timestamp if not already set', async () => {
+            gateway = disableSSRF(new gateway_1.Gateway(testConfig()));
+            const tc = buildToolCall();
+            delete tc.timestamp;
+            expect(tc.timestamp).toBeUndefined();
+            await gateway.preExecute(tc);
+            // After preExecute, timestamp should be set
+            expect(tc.timestamp).toBeDefined();
+            expect(typeof tc.timestamp).toBe('string');
+        });
+        it('preExecute does not overwrite existing timestamp', async () => {
+            gateway = disableSSRF(new gateway_1.Gateway(testConfig()));
+            const existingTs = '2025-01-01T00:00:00.000Z';
+            const tc = buildToolCall({ timestamp: existingTs });
+            await gateway.preExecute(tc);
+            expect(tc.timestamp).toBe(existingTs);
+        });
+        it('execution error releases budget reservation', async () => {
+            gateway = disableSSRF(new gateway_1.Gateway(testConfig({
+                budget: {
+                    task_budget_usd: 0.1,
+                    max_steps_per_task: 100,
+                    max_retries_per_call: 1,
+                    max_wall_clock_ms: 300000,
+                },
+            })));
+            class FailExecutor {
+                async execute() {
+                    throw new Error('Budget release test');
+                }
+            }
+            const registry = gateway.getExecutorRegistry();
+            const httpExec = registry.resolve('http.request');
+            registry.clear();
+            registry.register('fail.*', new FailExecutor());
+            registry.register('http.*', httpExec);
+            registry.register('*', httpExec);
+            const taskId = `task-budget-release-${Date.now()}`;
+            const tc = buildToolCall({
+                task_id: taskId,
+                tool: { name: 'fail.test', capability: 'read' },
+                args: {},
+            });
+            const result = await gateway.execute(tc);
+            expect(result.status).toBe('error');
+            // Budget should not be permanently consumed -- next call should work
+            const tc2 = buildToolCall({
+                task_id: taskId,
+                tool: { name: 'http.request', capability: 'read' },
+                args: { method: 'GET', url: `http://127.0.0.1:${testPort}/get` },
+            });
+            const result2 = await gateway.execute(tc2);
+            expect(result2.status).toBe('ok');
+        });
+        it('execute records error metrics on failure', async () => {
+            const metrics = new metrics_1.GatewayMetrics();
+            gateway = disableSSRF(new gateway_1.Gateway(testConfig(), metrics));
+            class FailExecutor {
+                async execute() {
+                    throw new Error('Metrics error test');
+                }
+            }
+            const registry = gateway.getExecutorRegistry();
+            const httpExec = registry.resolve('http.request');
+            registry.clear();
+            registry.register('fail.*', new FailExecutor());
+            registry.register('http.*', httpExec);
+            registry.register('*', httpExec);
+            const tc = buildToolCall({
+                tool: { name: 'fail.metrics', capability: 'read' },
+                args: {},
+            });
+            const result = await gateway.execute(tc);
+            expect(result.status).toBe('error');
+            const metricsText = await metrics.getMetrics();
+            expect(metricsText).toContain('palaryn_requests_total');
+            expect(metricsText).toContain('status="error"');
+            expect(metricsText).toContain('palaryn_executor_errors_total');
+        });
+        it('merged DLP report combines args and output detections', async () => {
+            // Create a server that returns a body containing a secret
+            const secretServer = http.createServer((req, res) => {
+                res.writeHead(200, { 'Content-Type': 'application/json' });
+                res.end(JSON.stringify({ secret_key: 'AKIAIOSFODNN7EXAMPLE' }));
+            });
+            await new Promise((resolve) => {
+                secretServer.listen(0, '127.0.0.1', () => resolve());
+            });
+            const secretPort = secretServer.address().port;
+            gateway = disableSSRF(new gateway_1.Gateway(testConfig({
+                dlp: {
+                    enabled: true,
+                    scan_args: true,
+                    scan_output: true,
+                    secrets_detection: true,
+                    pii_detection: true,
+                    default_redaction_method: 'mask',
+                },
+            })));
+            const tc = buildToolCall({
+                args: {
+                    method: 'GET',
+                    url: `http://127.0.0.1:${secretPort}/data`,
+                    ssn: '123-45-6789',
+                },
+            });
+            const result = await gateway.execute(tc);
+            expect(result.status).toBe('ok');
+            expect(result.dlp).toBeDefined();
+            // Should have detections from both args (SSN) and output (AWS key)
+            expect(result.dlp.detected.length).toBeGreaterThan(0);
+            await new Promise((resolve) => secretServer.close(() => resolve()));
+        });
+        it('reloadPolicy returns error for invalid pack path', () => {
+            // Create gateway with a valid path, then swap config to invalid
+            gateway = new gateway_1.Gateway(testConfig());
+            gateway.config.policy.pack_path = '/nonexistent/invalid-policy.yaml';
+            const result = gateway.reloadPolicy();
+            expect(result.success).toBe(false);
+            expect(result.error).toBeDefined();
+            expect(result.ruleCount).toBe(0);
+        });
+        it('getPolicyPackPath returns the configured path', () => {
+            gateway = new gateway_1.Gateway(testConfig());
+            const path = gateway.getPolicyPackPath();
+            expect(path).toBe('./policy-packs/dev_fast.yaml');
+        });
+    });
+    // =========================================================================
+    // 10. DLP output warning for sensitive operations (scan_output disabled)
+    // =========================================================================
+    describe('DLP output warning for sensitive operations', () => {
+        let gateway;
+        afterEach(() => {
+            gateway.shutdown();
+        });
+        it('warns (but does not block) when scan_output disabled for write operation', async () => {
+            gateway = disableSSRF(new gateway_1.Gateway(testConfig({
+                dlp: {
+                    enabled: true,
+                    scan_args: false,
+                    scan_output: false,
+                    secrets_detection: true,
+                    pii_detection: true,
+                    default_redaction_method: 'mask',
+                },
+                // Need approval disabled and policy to allow writes
+            })));
+            const tc = buildToolCall({
+                tool: { name: 'http.request', capability: 'write' },
+                args: { method: 'POST', url: `http://127.0.0.1:${testPort}/data` },
+            });
+            const result = await gateway.execute(tc);
+            // Should still succeed -- warning is just logged, not blocking
+            expect(result.status).toBe('ok');
+            expect(result.dlp).toBeDefined();
+        });
+    });
+    // =========================================================================
+    // 11. Metrics integration tests
+    // =========================================================================
+    describe('Metrics integration', () => {
+        let gateway;
+        afterEach(() => {
+            gateway.shutdown();
+        });
+        it('records policy decision metrics', async () => {
+            const metrics = new metrics_1.GatewayMetrics();
+            gateway = disableSSRF(new gateway_1.Gateway(testConfig(), metrics));
+            const tc = buildToolCall();
+            await gateway.execute(tc);
+            const metricsText = await metrics.getMetrics();
+            expect(metricsText).toContain('palaryn_policy_decisions_total');
+        });
+        it('records DLP detection metrics when secrets are found', async () => {
+            const metrics = new metrics_1.GatewayMetrics();
+            gateway = disableSSRF(new gateway_1.Gateway(testConfig({
+                dlp: {
+                    enabled: true,
+                    scan_args: true,
+                    scan_output: false,
+                    secrets_detection: true,
+                    pii_detection: false,
+                    default_redaction_method: 'mask',
+                },
+            }), metrics));
+            const tc = buildToolCall({
+                args: {
+                    method: 'GET',
+                    url: `http://127.0.0.1:${testPort}/get`,
+                    key: 'AKIAIOSFODNN7EXAMPLE',
+                },
+            });
+            await gateway.execute(tc);
+            const metricsText = await metrics.getMetrics();
+            expect(metricsText).toContain('palaryn_dlp_detections_total');
+        });
+        it('records budget block metrics when budget is exceeded', async () => {
+            const metrics = new metrics_1.GatewayMetrics();
+            gateway = disableSSRF(new gateway_1.Gateway(testConfig({
+                budget: {
+                    task_budget_usd: 0.0001,
+                    max_steps_per_task: 1000,
+                    max_retries_per_call: 3,
+                    max_wall_clock_ms: 300000,
+                },
+            }), metrics));
+            const tc = buildToolCall();
+            await gateway.execute(tc);
+            const metricsText = await metrics.getMetrics();
+            expect(metricsText).toContain('palaryn_budget_blocked_total');
+        });
+        it('records cost metrics on successful execution', async () => {
+            const metrics = new metrics_1.GatewayMetrics();
+            gateway = disableSSRF(new gateway_1.Gateway(testConfig(), metrics));
+            const tc = buildToolCall();
+            await gateway.execute(tc);
+            const metricsText = await metrics.getMetrics();
+            expect(metricsText).toContain('palaryn_cost_usd_total');
+        });
+    });
+    // =========================================================================
+    // 12. classifyBudgetReason helper (tested via budget block messages)
+    // =========================================================================
+    describe('Budget reason classification', () => {
+        let gateway;
+        afterEach(() => {
+            gateway.shutdown();
+        });
+        it('classifies task budget reason', async () => {
+            const metrics = new metrics_1.GatewayMetrics();
+            gateway = disableSSRF(new gateway_1.Gateway(testConfig({
+                budget: {
+                    task_budget_usd: 0.0001,
+                    max_steps_per_task: 1000,
+                    max_retries_per_call: 3,
+                    max_wall_clock_ms: 300000,
+                },
+            }), metrics));
+            const tc = buildToolCall();
+            const result = await gateway.execute(tc);
+            expect(result.status).toBe('blocked');
+            const metricsText = await metrics.getMetrics();
+            // Budget block should be classified as 'task'
+            expect(metricsText).toContain('palaryn_budget_blocked_total');
+            expect(metricsText).toContain('reason_type="task"');
+        });
+        it('classifies step limit reason', async () => {
+            const metrics = new metrics_1.GatewayMetrics();
+            gateway = disableSSRF(new gateway_1.Gateway(testConfig({
+                budget: {
+                    task_budget_usd: 100,
+                    max_steps_per_task: 1,
+                    max_retries_per_call: 3,
+                    max_wall_clock_ms: 300000,
+                },
+            }), metrics));
+            const taskId = `task-step-classify-${Date.now()}`;
+            // First call uses the step
+            const tc1 = buildToolCall({ task_id: taskId });
+            await gateway.execute(tc1);
+            // Second call should be blocked with step_limit
+            const tc2 = buildToolCall({ task_id: taskId });
+            const result = await gateway.execute(tc2);
+            expect(result.status).toBe('blocked');
+            const metricsText = await metrics.getMetrics();
+            expect(metricsText).toContain('reason_type="step_limit"');
+        });
+    });
+});
+//# sourceMappingURL=gateway-branches.test.js.map