palaryn 0.1.0 → 0.3.2

package/src/budget/model-pricing.ts

@@ -0,0 +1,119 @@
+import { TokenPricing } from '../types/budget';
+
+/**
+ * Built-in model pricing database.
+ * Prices are per TOKEN (not per million). Updated March 2026.
+ *
+ * Fallback chain: workspace config → built-in pricing → undefined (falls to DEFAULT_COST_TABLE).
+ */
+export const MODEL_PRICING: Record<string, TokenPricing> = {
+  // ── Anthropic ──────────────────────────────────────────────
+  'claude-opus-4-6':                   { input_per_token: 15 / 1e6,  output_per_token: 75 / 1e6 },
+  'claude-sonnet-4-6':                 { input_per_token: 3 / 1e6,   output_per_token: 15 / 1e6 },
+  'claude-haiku-4-5':                  { input_per_token: 1 / 1e6,   output_per_token: 5 / 1e6 },
+  'claude-sonnet-4-5':                 { input_per_token: 3 / 1e6,   output_per_token: 15 / 1e6 },
+  'claude-3-5-sonnet-20241022':        { input_per_token: 3 / 1e6,   output_per_token: 15 / 1e6 },
+  'claude-3-5-haiku-20241022':         { input_per_token: 1 / 1e6,   output_per_token: 5 / 1e6 },
+  'claude-3-opus-20240229':            { input_per_token: 15 / 1e6,  output_per_token: 75 / 1e6 },
+  'claude-3-sonnet-20240229':          { input_per_token: 3 / 1e6,   output_per_token: 15 / 1e6 },
+  'claude-3-haiku-20240307':           { input_per_token: 0.25 / 1e6, output_per_token: 1.25 / 1e6 },
+
+  // ── OpenAI ─────────────────────────────────────────────────
+  'gpt-4.1':                           { input_per_token: 2 / 1e6,   output_per_token: 8 / 1e6 },
+  'gpt-4.1-mini':                      { input_per_token: 0.4 / 1e6, output_per_token: 1.6 / 1e6 },
+  'gpt-4.1-nano':                      { input_per_token: 0.1 / 1e6, output_per_token: 0.4 / 1e6 },
+  'gpt-4o':                            { input_per_token: 2.5 / 1e6, output_per_token: 10 / 1e6 },
+  'gpt-4o-mini':                       { input_per_token: 0.15 / 1e6, output_per_token: 0.6 / 1e6 },
+  'gpt-4-turbo':                       { input_per_token: 10 / 1e6,  output_per_token: 30 / 1e6 },
+  'o3':                                { input_per_token: 2 / 1e6,   output_per_token: 8 / 1e6 },
+  'o3-mini':                           { input_per_token: 1.1 / 1e6, output_per_token: 4.4 / 1e6 },
+  'o1':                                { input_per_token: 15 / 1e6,  output_per_token: 60 / 1e6 },
+  'o1-mini':                           { input_per_token: 3 / 1e6,   output_per_token: 12 / 1e6 },
+
+  // ── Google ─────────────────────────────────────────────────
+  'gemini-2.5-pro':                    { input_per_token: 1.25 / 1e6, output_per_token: 10 / 1e6 },
+  'gemini-2.5-flash':                  { input_per_token: 0.15 / 1e6, output_per_token: 0.6 / 1e6 },
+  'gemini-2.0-flash':                  { input_per_token: 0.1 / 1e6,  output_per_token: 0.4 / 1e6 },
+  'gemini-1.5-pro':                    { input_per_token: 1.25 / 1e6, output_per_token: 5 / 1e6 },
+  'gemini-1.5-flash':                  { input_per_token: 0.075 / 1e6, output_per_token: 0.3 / 1e6 },
+
+  // ── Mistral ────────────────────────────────────────────────
+  'mistral-large-latest':              { input_per_token: 2 / 1e6,   output_per_token: 6 / 1e6 },
+  'mistral-small-latest':              { input_per_token: 0.2 / 1e6, output_per_token: 0.6 / 1e6 },
+  'codestral-latest':                  { input_per_token: 0.3 / 1e6, output_per_token: 0.9 / 1e6 },
+
+  // ── Meta (via API providers) ───────────────────────────────
+  'llama-3.3-70b':                     { input_per_token: 0.8 / 1e6, output_per_token: 0.8 / 1e6 },
+  'llama-3.1-405b':                    { input_per_token: 3 / 1e6,   output_per_token: 3 / 1e6 },
+  'llama-3.1-70b':                     { input_per_token: 0.8 / 1e6, output_per_token: 0.8 / 1e6 },
+  'llama-3.1-8b':                      { input_per_token: 0.1 / 1e6, output_per_token: 0.1 / 1e6 },
+
+  // ── Cohere ─────────────────────────────────────────────────
+  'command-r-plus':                    { input_per_token: 2.5 / 1e6, output_per_token: 10 / 1e6 },
+  'command-r':                         { input_per_token: 0.15 / 1e6, output_per_token: 0.6 / 1e6 },
+};
+
+/**
+ * Alias map for model name normalization.
+ * Maps common variations/prefixes to canonical model names in MODEL_PRICING.
+ */
+const MODEL_ALIASES: Record<string, string> = {
+  // OpenAI versioned snapshots
+  'gpt-4o-2024-11-20': 'gpt-4o',
+  'gpt-4o-2024-08-06': 'gpt-4o',
+  'gpt-4o-mini-2024-07-18': 'gpt-4o-mini',
+  'gpt-4-turbo-2024-04-09': 'gpt-4-turbo',
+  // Anthropic shortcuts
+  'claude-3.5-sonnet': 'claude-sonnet-4-5',
+  'claude-3.5-haiku': 'claude-haiku-4-5',
+};
+
+/**
+ * Resolve token pricing for a model name.
+ *
+ * Lookup order:
+ * 1. Exact match in `overrides` (workspace-level config)
+ * 2. Exact match in built-in MODEL_PRICING
+ * 3. Alias lookup
+ * 4. Prefix match (e.g. "gpt-4o-2024-05-13" → "gpt-4o")
+ * 5. undefined — caller falls back to DEFAULT_COST_TABLE
+ */
+export function resolveModelPricing(
+  modelName: string,
+  overrides?: Record<string, TokenPricing>,
+): TokenPricing | undefined {
+  // 1. Workspace override (exact)
+  if (overrides?.[modelName]) return overrides[modelName];
+
+  // 2. Built-in exact match
+  if (MODEL_PRICING[modelName]) return MODEL_PRICING[modelName];
+
+  // 3. Alias lookup
+  const aliased = MODEL_ALIASES[modelName];
+  if (aliased) {
+    return overrides?.[aliased] ?? MODEL_PRICING[aliased];
+  }
+
+  // 4. Prefix match — find the longest matching key
+  //    e.g. "claude-3-5-sonnet-20241022-v2" matches "claude-3-5-sonnet-20241022"
+  let bestMatch: string | undefined;
+  let bestLen = 0;
+
+  const allKeys = new Set([
+    ...Object.keys(MODEL_PRICING),
+    ...(overrides ? Object.keys(overrides) : []),
+  ]);
+
+  for (const key of allKeys) {
+    if (modelName.startsWith(key) && key.length > bestLen) {
+      bestMatch = key;
+      bestLen = key.length;
+    }
+  }
+
+  if (bestMatch) {
+    return overrides?.[bestMatch] ?? MODEL_PRICING[bestMatch];
+  }
+
+  return undefined;
+}

package/src/budget/usage-extractor.ts

@@ -0,0 +1,214 @@
+import { UsageData } from '../types/tool-result';
+import { TokenPricing } from '../types/budget';
+import { resolveModelPricing } from './model-pricing';
+
+export class UsageExtractor {
+  private tokenPricing: Record<string, TokenPricing>;
+
+  constructor(tokenPricing?: Record<string, TokenPricing>) {
+    this.tokenPricing = tokenPricing || {};
+  }
+
+  /**
+   * Extract usage data from HTTP response headers.
+   * Supports Anthropic, OpenAI-style, and generic header conventions.
+   */
+  extractFromHeaders(headers?: Record<string, string>): UsageData | undefined {
+    if (!headers) return undefined;
+
+    // Normalize header keys to lowercase for case-insensitive matching
+    const normalized: Record<string, string> = {};
+    for (const [key, value] of Object.entries(headers)) {
+      normalized[key.toLowerCase()] = value;
+    }
+
+    const inputTokens = this.parseIntHeader(normalized['x-usage-input-tokens']);
+    const outputTokens = this.parseIntHeader(normalized['x-usage-output-tokens']);
+    const totalTokens = this.parseIntHeader(normalized['x-usage-total-tokens']);
+    const providerCost = this.parseFloatHeader(normalized['x-usage-cost-usd']);
+
+    if (inputTokens === undefined && outputTokens === undefined && totalTokens === undefined && providerCost === undefined) {
+      return undefined;
+    }
+
+    const usage: UsageData = {
+      source: 'headers',
+    };
+
+    if (inputTokens !== undefined) usage.input_tokens = inputTokens;
+    if (outputTokens !== undefined) usage.output_tokens = outputTokens;
+    if (totalTokens !== undefined) {
+      usage.total_tokens = totalTokens;
+    } else if (inputTokens !== undefined && outputTokens !== undefined) {
+      usage.total_tokens = inputTokens + outputTokens;
+    }
+    if (providerCost !== undefined) usage.provider_cost_usd = providerCost;
+
+    return usage;
+  }
+
+  /**
+   * Extract usage data from response body.
+   * Supports OpenAI-style `usage` object and Anthropic-style `usage` object,
+   * including cache tokens (Anthropic) and reasoning tokens (OpenAI o1/o3).
+   */
+  extractFromBody(body: unknown): UsageData | undefined {
+    if (!body || typeof body !== 'object') return undefined;
+
+    const bodyObj = body as Record<string, unknown>;
+    const usageObj = bodyObj.usage as Record<string, unknown> | undefined;
+
+    if (!usageObj || typeof usageObj !== 'object') return undefined;
+
+    // OpenAI format: usage.prompt_tokens, usage.completion_tokens, usage.total_tokens
+    const promptTokens = typeof usageObj.prompt_tokens === 'number' ? usageObj.prompt_tokens : undefined;
+    const completionTokens = typeof usageObj.completion_tokens === 'number' ? usageObj.completion_tokens : undefined;
+    const totalTokens = typeof usageObj.total_tokens === 'number' ? usageObj.total_tokens : undefined;
+
+    // Anthropic format: usage.input_tokens, usage.output_tokens
+    const inputTokens = typeof usageObj.input_tokens === 'number' ? usageObj.input_tokens : promptTokens;
+    const outputTokens = typeof usageObj.output_tokens === 'number' ? usageObj.output_tokens : completionTokens;
+
+    // Anthropic cache tokens
+    const cacheCreationTokens = typeof usageObj.cache_creation_input_tokens === 'number'
+      ? usageObj.cache_creation_input_tokens : undefined;
+    const cacheReadTokens = typeof usageObj.cache_read_input_tokens === 'number'
+      ? usageObj.cache_read_input_tokens : undefined;
+
+    // OpenAI reasoning tokens (o1/o3 models)
+    // Located at usage.completion_tokens_details.reasoning_tokens
+    let reasoningTokens: number | undefined;
+    const completionDetails = usageObj.completion_tokens_details as Record<string, unknown> | undefined;
+    if (completionDetails && typeof completionDetails === 'object') {
+      reasoningTokens = typeof completionDetails.reasoning_tokens === 'number'
+        ? completionDetails.reasoning_tokens : undefined;
+    }
+
+    if (inputTokens === undefined && outputTokens === undefined && totalTokens === undefined) {
+      return undefined;
+    }
+
+    const usage: UsageData = {
+      source: 'body',
+    };
+
+    if (inputTokens !== undefined) usage.input_tokens = inputTokens;
+    if (outputTokens !== undefined) usage.output_tokens = outputTokens;
+    if (totalTokens !== undefined) {
+      usage.total_tokens = totalTokens;
+    } else if (inputTokens !== undefined && outputTokens !== undefined) {
+      usage.total_tokens = inputTokens + outputTokens;
+    }
+    if (cacheCreationTokens !== undefined) usage.cache_creation_tokens = cacheCreationTokens;
+    if (cacheReadTokens !== undefined) usage.cache_read_tokens = cacheReadTokens;
+    if (reasoningTokens !== undefined) usage.reasoning_tokens = reasoningTokens;
+
+    return usage;
+  }
+
+  /**
+   * Compute cost from usage data using token pricing config.
+   * Falls back to built-in MODEL_PRICING when workspace config doesn't have the model.
+   * Returns the computed cost in USD, or undefined if pricing not available.
+   */
+  computeCost(usage: UsageData, model?: string): number | undefined {
+    if (!model) return undefined;
+
+    // Resolve pricing: workspace config → built-in pricing → undefined
+    const pricing = resolveModelPricing(model, this.tokenPricing);
+    if (!pricing) return undefined;
+
+    let cost = 0;
+
+    // Base input tokens (excluding cache tokens which are billed differently)
+    if (usage.input_tokens !== undefined) {
+      cost += usage.input_tokens * pricing.input_per_token;
+    }
+
+    // Base output tokens
+    if (usage.output_tokens !== undefined) {
+      cost += usage.output_tokens * pricing.output_per_token;
+    }
+
+    // Cache creation tokens: billed at cache_creation_multiplier × input price (default 1.25x)
+    if (usage.cache_creation_tokens !== undefined && usage.cache_creation_tokens > 0) {
+      const multiplier = pricing.cache_creation_multiplier ?? 1.25;
+      cost += usage.cache_creation_tokens * pricing.input_per_token * multiplier;
+    }
+
+    // Cache read tokens: billed at cache_read_multiplier × input price (default 0.1x)
+    if (usage.cache_read_tokens !== undefined && usage.cache_read_tokens > 0) {
+      const multiplier = pricing.cache_read_multiplier ?? 0.1;
+      cost += usage.cache_read_tokens * pricing.input_per_token * multiplier;
+    }
+
+    // Reasoning tokens (o1/o3): billed at output price
+    if (usage.reasoning_tokens !== undefined && usage.reasoning_tokens > 0) {
+      cost += usage.reasoning_tokens * pricing.output_per_token;
+    }
+
+    return cost;
+  }
+
+  /**
+   * Extract model name from response body.
+   * Supports OpenAI format (body.model) and Anthropic format (body.model).
+   */
+  extractModelFromBody(body: unknown): string | undefined {
+    if (!body || typeof body !== 'object') return undefined;
+    const bodyObj = body as Record<string, unknown>;
+    if (typeof bodyObj.model === 'string') return bodyObj.model;
+    return undefined;
+  }
+
+  /**
+   * Detect provider from model name.
+   */
+  detectProvider(model: string): string {
+    if (/^claude/i.test(model)) return 'anthropic';
+    if (/^gpt|^o[1-9]|^dall-e/i.test(model)) return 'openai';
+    if (/^gemini/i.test(model)) return 'google';
+    if (/^mistral|^mixtral/i.test(model)) return 'mistral';
+    if (/^llama/i.test(model)) return 'meta';
+    if (/^command/i.test(model)) return 'cohere';
+    return 'unknown';
+  }
+
+  /**
+   * Merge two UsageData objects. The second (body) takes precedence for conflicting fields,
+   * except provider_cost_usd which is preferred from headers.
+   */
+  merge(fromHeaders?: UsageData, fromBody?: UsageData): UsageData | undefined {
+    if (!fromHeaders && !fromBody) return undefined;
+    if (!fromHeaders) return fromBody;
+    if (!fromBody) return fromHeaders;
+
+    return {
+      input_tokens: fromBody.input_tokens ?? fromHeaders.input_tokens,
+      output_tokens: fromBody.output_tokens ?? fromHeaders.output_tokens,
+      total_tokens: fromBody.total_tokens ?? fromHeaders.total_tokens,
+      cache_creation_tokens: fromBody.cache_creation_tokens ?? fromHeaders.cache_creation_tokens,
+      cache_read_tokens: fromBody.cache_read_tokens ?? fromHeaders.cache_read_tokens,
+      reasoning_tokens: fromBody.reasoning_tokens ?? fromHeaders.reasoning_tokens,
+      provider_cost_usd: fromHeaders.provider_cost_usd ?? fromBody.provider_cost_usd,
+      computed_cost_usd: fromHeaders.computed_cost_usd ?? fromBody.computed_cost_usd,
+      source: fromBody.source && fromHeaders.source
+        ? `${fromHeaders.source}+${fromBody.source}`
+        : fromBody.source || fromHeaders.source,
+      model: fromBody.model ?? fromHeaders.model,
+      provider: fromBody.provider ?? fromHeaders.provider,
+    };
+  }
+
+  private parseIntHeader(value?: string): number | undefined {
+    if (value === undefined) return undefined;
+    const parsed = parseInt(value, 10);
+    return isNaN(parsed) ? undefined : parsed;
+  }
+
+  private parseFloatHeader(value?: string): number | undefined {
+    if (value === undefined) return undefined;
+    const parsed = parseFloat(value);
+    return isNaN(parsed) ? undefined : parsed;
+  }
+}

package/src/cli.ts

@@ -0,0 +1,91 @@
+#!/usr/bin/env node
+
+import * as path from 'path';
+import * as os from 'os';
+import * as fs from 'fs';
+import { Command } from 'commander';
+
+// Resolve the package root (two levels up from dist/src/cli.js)
+const PACKAGE_ROOT = path.resolve(__dirname, '..', '..');
+
+// Read version from package.json
+const pkg = JSON.parse(fs.readFileSync(path.join(PACKAGE_ROOT, 'package.json'), 'utf-8'));
+
+const program = new Command();
+
+program
+  .name('palaryn')
+  .description('Model-agnostic infrastructure layer for AI agent I/O security')
+  .version(pkg.version);
+
+program
+  .command('start', { isDefault: true })
+  .description('Start the gateway server')
+  .option('-p, --port <port>', 'Server port', '3000')
+  .option('--host <host>', 'Bind address', '0.0.0.0')
+  .option('--policy-pack <path>', 'Path to policy pack YAML')
+  .option('--audit-log-dir <path>', 'Audit log directory')
+  .option('--no-auth', 'Disable authentication')
+  .action(async (opts) => {
+    // Set env vars from CLI flags BEFORE importing server modules
+    // (DEFAULT_CONFIG reads env vars at import time)
+    process.env.PORT = opts.port;
+    process.env.HOST = opts.host;
+
+    if (opts.policyPack) {
+      process.env.POLICY_PACK_PATH = opts.policyPack;
+    } else if (!process.env.POLICY_PACK_PATH) {
+      // Resolve default policy pack relative to the package installation dir
+      const bundledPack = path.join(PACKAGE_ROOT, 'policy-packs', 'default.yaml');
+      if (fs.existsSync(bundledPack)) {
+        process.env.POLICY_PACK_PATH = bundledPack;
+      }
+    }
+
+    if (opts.auditLogDir) {
+      process.env.AUDIT_LOG_DIR = opts.auditLogDir;
+    } else if (!process.env.AUDIT_LOG_DIR) {
+      // Default audit logs to ~/.palaryn/logs for global installs
+      const defaultLogDir = path.join(os.homedir(), '.palaryn', 'logs');
+      fs.mkdirSync(defaultLogDir, { recursive: true });
+      process.env.AUDIT_LOG_DIR = defaultLogDir;
+    }
+
+    if (!opts.auth) {
+      process.env.AUTH_ENABLED = 'false';
+    }
+
+    // Now import and start the server (env vars are set)
+    const { startServer } = await import('./server/index');
+    await startServer();
+  });
+
+program
+  .command('mcp')
+  .description('Start MCP stdio server (for claude mcp add palaryn -- palaryn mcp)')
+  .option('--workspace <id>', 'Workspace ID')
+  .option('--actor <id>', 'Actor ID')
+  .action(async (opts) => {
+    if (opts.workspace) {
+      process.env.PALARYN_MCP_WORKSPACE = opts.workspace;
+    }
+    if (opts.actor) {
+      process.env.PALARYN_MCP_ACTOR = opts.actor;
+    }
+
+    // Resolve default policy pack for MCP server too
+    if (!process.env.POLICY_PACK_PATH) {
+      const bundledPack = path.join(PACKAGE_ROOT, 'policy-packs', 'default.yaml');
+      if (fs.existsSync(bundledPack)) {
+        process.env.POLICY_PACK_PATH = bundledPack;
+      }
+    }
+
+    const { startMCPServer } = await import('./mcp/server');
+    await startMCPServer();
+  });
+
+program.parseAsync(process.argv).catch((err) => {
+  console.error('Fatal error:', err instanceof Error ? err.message : String(err));
+  process.exit(1);
+});

package/src/config/defaults.ts

@@ -0,0 +1,261 @@
+import * as crypto from 'crypto';
+import * as fs from 'fs';
+import { GatewayConfig } from '../types/config';
+import { MODEL_PRICING } from '../budget/model-pricing';
+
+const isProduction = process.env.NODE_ENV === 'production';
+
+/**
+ * Read a secret from a file path or env var.
+ * Lookup order:
+ *   1. `<ENV_VAR>_FILE`  — path to a file whose contents are the secret
+ *      (e.g. `/run/secrets/stripe_key`). Trailing whitespace is stripped.
+ *   2. `<ENV_VAR>`       — plain env var (fallback, dev convenience).
+ *
+ * This lets you use Docker secrets, Kubernetes secret volumes, or any
+ * file-based secret manager without exposing values in env vars.
+ */
+function readSecret(envVar: string): string | undefined {
+  const filePath = process.env[`${envVar}_FILE`];
+  if (filePath) {
+    try {
+      return fs.readFileSync(filePath, 'utf-8').trim();
+    } catch (err) {
+      const msg = err instanceof Error ? err.message : String(err);
+      throw new Error(`Failed to read secret file for ${envVar}_FILE (${filePath}): ${msg}`);
+    }
+  }
+  return process.env[envVar];
+}
+
+function requireSecret(envVar: string): string {
+  const value = readSecret(envVar);
+  if (value) return value;
+  if (isProduction) {
+    throw new Error(`${envVar} (or ${envVar}_FILE) must be set in production`);
+  }
+  const generated = crypto.randomBytes(32).toString('hex');
+  console.warn(`[config] WARNING: ${envVar} not set — generated random dev secret. Set ${envVar} or ${envVar}_FILE for stable restarts.`);
+  return generated;
+}
+
+export const DEFAULT_CONFIG: GatewayConfig = {
+  port: parseInt(process.env.PORT || '3000', 10),
+  host: process.env.HOST || '0.0.0.0',
+  auth: {
+    enabled: process.env.AUTH_ENABLED !== 'false',
+    api_keys: isProduction ? {} : {
+      'dev-key-001': { workspace_id: 'ws_default', description: 'Development key' },
+      'pn_2b922eca4de8b8666f1dcc72d0763de9440deebec42e9277a1a82352771362f3': { workspace_id: 'd214b8e5-da34-41a1-bf30-ae6c0e7dd50c', description: 'Android app key' },
+    },
+    jwt_secret: requireSecret('JWT_SECRET'),
+    jwt: {
+      enabled: false,
+      secret: process.env.JWT_SECRET,
+      algorithms: ['RS256', 'HS256'],
+      workspace_claim: 'workspace_id',
+      roles_claim: 'roles',
+      actor_claim: 'sub',
+    },
+    rbac: {
+      enabled: false,  // Off by default for backwards compat
+      roles: {
+        admin: {
+          description: 'Full admin access',
+          permissions: ['admin:full'],
+        },
+        operator: {
+          description: 'Can execute tools and manage approvals',
+          permissions: ['tool:execute', 'approval:manage', 'trace:read', 'policy:read'],
+        },
+        readonly: {
+          description: 'Read-only access',
+          permissions: ['tool:execute:read', 'trace:read', 'policy:read'],
+        },
+        agent: {
+          description: 'AI agent - can execute tools',
+          permissions: ['tool:execute'],
+        },
+      },
+      default_role: 'agent',
+    },
+  },
+  policy: {
+    pack_path: process.env.POLICY_PACK_PATH || './policy-packs/default.yaml',
+    default_effect: 'DENY',
+    hot_reload: true,
+  },
+  dlp: {
+    enabled: true,
+    scan_args: true,
+    scan_output: true,
+    secrets_detection: true,
+    pii_detection: true,
+    prompt_injection_detection: true,
+    prompt_injection_action: 'log',
+    prompt_injection_block_threshold: 'high',
+    prompt_injection_response: 'deny',
+    default_redaction_method: 'mask',
+  },
+  budget: {
+    task_budget_usd: process.env.BUDGET_TASK_USD
+      ? parseFloat(process.env.BUDGET_TASK_USD) : 2.0,
+    user_daily_budget_usd: process.env.BUDGET_USER_DAILY_USD
+      ? parseFloat(process.env.BUDGET_USER_DAILY_USD) : 50.0,
+    user_monthly_budget_usd: process.env.BUDGET_USER_MONTHLY_USD
+      ? parseFloat(process.env.BUDGET_USER_MONTHLY_USD) : 500.0,
+    workspace_daily_budget_usd: process.env.BUDGET_WORKSPACE_DAILY_USD
+      ? parseFloat(process.env.BUDGET_WORKSPACE_DAILY_USD) : 200.0,
+    workspace_monthly_budget_usd: process.env.BUDGET_WORKSPACE_MONTHLY_USD
+      ? parseFloat(process.env.BUDGET_WORKSPACE_MONTHLY_USD) : 5000.0,
+    max_steps_per_task: process.env.BUDGET_MAX_STEPS
+      ? parseInt(process.env.BUDGET_MAX_STEPS, 10) : 50,
+    max_retries_per_call: 3,
+    max_wall_clock_ms: 300000,
+    token_pricing: MODEL_PRICING,
+  },
+  audit: {
+    enabled: true,
+    log_dir: process.env.AUDIT_LOG_DIR || './logs',
+    console_output: !isProduction,
+    retention_days: 30,
+  },
+  executor: {
+    http: {
+      timeout_ms: 15000,
+      max_retries: 3,
+      backoff_base_ms: 1000,
+    },
+    cache: {
+      enabled: true,
+      ttl_ms: 300000,
+    },
+    filesystem: process.env.PALARYN_FILE_ENABLED === 'true' ? {
+      enabled: true,
+      base_dir: process.env.PALARYN_FILE_BASE_DIR || './sandbox',
+      allowed_extensions: process.env.PALARYN_FILE_EXTENSIONS
+        ? process.env.PALARYN_FILE_EXTENSIONS.split(',').map(s => s.trim())
+        : undefined,
+      max_file_size_bytes: process.env.PALARYN_FILE_MAX_SIZE
+        ? parseInt(process.env.PALARYN_FILE_MAX_SIZE, 10)
+        : 10 * 1024 * 1024,
+    } : undefined,
+    sql: process.env.PALARYN_SQL_ENABLED === 'true' ? {
+      enabled: true,
+      connection_string: process.env.PALARYN_SQL_CONNECTION || '',
+      timeout_ms: process.env.PALARYN_SQL_TIMEOUT
+        ? parseInt(process.env.PALARYN_SQL_TIMEOUT, 10)
+        : 30000,
+      read_only: process.env.PALARYN_SQL_READONLY !== 'false',
+      max_rows: process.env.PALARYN_SQL_MAX_ROWS
+        ? parseInt(process.env.PALARYN_SQL_MAX_ROWS, 10)
+        : 1000,
+      blocked_tables: process.env.PALARYN_SQL_BLOCKED_TABLES
+        ? process.env.PALARYN_SQL_BLOCKED_TABLES.split(',').map(s => s.trim())
+        : undefined,
+    } : undefined,
+    shell: process.env.PALARYN_SHELL_ENABLED === 'true' ? {
+      enabled: true,
+      allowed_commands: process.env.PALARYN_SHELL_ALLOWED
+        ? process.env.PALARYN_SHELL_ALLOWED.split(',').map(s => s.trim())
+        : [],
+      blocked_commands: process.env.PALARYN_SHELL_BLOCKED
+        ? process.env.PALARYN_SHELL_BLOCKED.split(',').map(s => s.trim())
+        : undefined,
+      timeout_ms: process.env.PALARYN_SHELL_TIMEOUT
+        ? parseInt(process.env.PALARYN_SHELL_TIMEOUT, 10)
+        : 30000,
+      cwd: process.env.PALARYN_SHELL_CWD,
+      max_output_bytes: process.env.PALARYN_SHELL_MAX_OUTPUT
+        ? parseInt(process.env.PALARYN_SHELL_MAX_OUTPUT, 10)
+        : 1024 * 1024,
+    } : undefined,
+    websocket: process.env.PALARYN_WS_ENABLED === 'true' ? {
+      enabled: true,
+      allowed_urls: process.env.PALARYN_WS_ALLOWED_URLS
+        ? process.env.PALARYN_WS_ALLOWED_URLS.split(',').map(s => s.trim())
+        : [],
+      connect_timeout_ms: process.env.PALARYN_WS_CONNECT_TIMEOUT
+        ? parseInt(process.env.PALARYN_WS_CONNECT_TIMEOUT, 10)
+        : 10000,
+      max_message_size_bytes: process.env.PALARYN_WS_MAX_MSG_SIZE
+        ? parseInt(process.env.PALARYN_WS_MAX_MSG_SIZE, 10)
+        : 1024 * 1024,
+    } : undefined,
+    provider_intercept: process.env.PALARYN_PROVIDER_INTERCEPT_ENABLED === 'true' ? {
+      enabled: true,
+      provider_url_patterns: process.env.PALARYN_PROVIDER_URL_PATTERNS
+        ? process.env.PALARYN_PROVIDER_URL_PATTERNS.split(',').map(s => s.trim())
+        : ['api\\.anthropic\\.com', 'api\\.openai\\.com', 'generativelanguage\\.googleapis\\.com'],
+      scan_inputs: process.env.PALARYN_PROVIDER_SCAN_INPUTS !== 'false',
+      scan_outputs: process.env.PALARYN_PROVIDER_SCAN_OUTPUTS !== 'false',
+    } : undefined,
+  },
+  approval: {
+    enabled: true,
+    token_secret: requireSecret('APPROVAL_SECRET'),
+    default_ttl_seconds: 3600,
+  },
+  rate_limit: {
+    enabled: true,
+    actor_max_per_window: process.env.RATE_LIMIT_ACTOR_MAX
+      ? parseInt(process.env.RATE_LIMIT_ACTOR_MAX, 10) : 100,
+    workspace_max_per_window: process.env.RATE_LIMIT_WORKSPACE_MAX
+      ? parseInt(process.env.RATE_LIMIT_WORKSPACE_MAX, 10) : 500,
+    window_ms: process.env.RATE_LIMIT_WINDOW_MS
+      ? parseInt(process.env.RATE_LIMIT_WINDOW_MS, 10) : 60000,
+  },
+  anomaly: {
+    enabled: true,
+    window_ms: 300000, // 5 minutes (shorter for dev testing)
+    z_score_threshold: 2, // Lower threshold for easier testing
+    min_samples: 5,       // Need only 5 data points before detection activates
+    action: 'flag',       // 'flag' adds to result metadata; change to 'block' to deny
+    track_actors: true,
+    track_tools: true,
+    track_workspaces: true,
+  },
+  proxy: {
+    enabled: process.env.PROXY_ENABLED === 'true',
+    port: parseInt(process.env.PROXY_PORT || '3128', 10),
+    passthrough_domains: process.env.PROXY_PASSTHROUGH_DOMAINS
+      ? process.env.PROXY_PASSTHROUGH_DOMAINS.split(',').map(s => s.trim())
+      : undefined,
+    default_workspace_id: process.env.PALARYN_WORKSPACE_ID,
+    default_actor_id: process.env.PALARYN_ACTOR_ID,
+    require_auth: process.env.PROXY_REQUIRE_AUTH !== 'false',
+  },
+  cors_origins: process.env.CORS_ORIGINS
+    ? process.env.CORS_ORIGINS.split(',').map(s => s.trim())
+    : undefined,
+  oauth: {
+    enabled: false,
+    session_secret: '',
+    session_ttl_seconds: 604800,
+  },
+  stripe: readSecret('STRIPE_SECRET_KEY') ? {
+    secret_key: readSecret('STRIPE_SECRET_KEY')!,
+    webhook_secret: readSecret('STRIPE_WEBHOOK_SECRET') || '',
+    price_ids: {
+      pro_monthly: process.env.STRIPE_PRICE_PRO_MONTHLY || '',
+      business_monthly: process.env.STRIPE_PRICE_BUSINESS_MONTHLY || '',
+    },
+    checkout_success_url: process.env.STRIPE_CHECKOUT_SUCCESS_URL,
+    checkout_cancel_url: process.env.STRIPE_CHECKOUT_CANCEL_URL,
+    portal_return_url: process.env.STRIPE_PORTAL_RETURN_URL,
+  } : undefined,
+  frontend: {
+    enabled: process.env.FRONTEND_ENABLED === 'true',
+    build_path: process.env.FRONTEND_BUILD_PATH || './web/dist',
+  },
+  mcp_oauth: process.env.MCP_OAUTH_ENABLED === 'true' ? {
+    enabled: true,
+    base_url: process.env.MCP_OAUTH_BASE_URL,
+    access_token_ttl: process.env.MCP_OAUTH_ACCESS_TOKEN_TTL
+      ? parseInt(process.env.MCP_OAUTH_ACCESS_TOKEN_TTL, 10)
+      : undefined,
+    refresh_token_ttl: process.env.MCP_OAUTH_REFRESH_TOKEN_TTL
+      ? parseInt(process.env.MCP_OAUTH_REFRESH_TOKEN_TTL, 10)
+      : undefined,
+  } : undefined,
+};