palaryn 0.1.0 → 0.3.2

package/src/executor/slack-executor.ts

@@ -0,0 +1,176 @@
+import { WebClient } from '@slack/web-api';
+import { ToolCall } from '../types/tool-call';
+import { ToolOutput } from '../types/tool-result';
+import { ToolExecutor } from './interfaces';
+
+/**
+ * Slack executor using the @slack/web-api WebClient.
+ * Handles tool calls with tool name `slack.*` (e.g., slack.post_message).
+ */
+export class SlackExecutor implements ToolExecutor {
+  private client: WebClient;
+
+  constructor(token: string) {
+    this.client = new WebClient(token);
+  }
+
+  async execute(toolCall: ToolCall): Promise<ToolOutput> {
+    const action = this.resolveAction(toolCall);
+
+    switch (action) {
+      case 'post_message':
+        return this.postMessage(toolCall);
+      case 'update_message':
+        return this.updateMessage(toolCall);
+      case 'add_reaction':
+        return this.addReaction(toolCall);
+      case 'list_channels':
+        return this.listChannels(toolCall);
+      case 'channel_history':
+        return this.channelHistory(toolCall);
+      case 'upload_file':
+        return this.uploadFile(toolCall);
+      default:
+        throw new Error(`Unsupported Slack action: ${action}`);
+    }
+  }
+
+  /**
+   * Resolve the Slack action from either `args.action` or the tool name suffix.
+   * e.g., tool name "slack.post_message" yields action "post_message".
+   */
+  private resolveAction(toolCall: ToolCall): string {
+    if (toolCall.args.action && typeof toolCall.args.action === 'string') {
+      return toolCall.args.action;
+    }
+
+    const toolName = toolCall.tool.name;
+    const dotIndex = toolName.indexOf('.');
+    if (dotIndex !== -1) {
+      return toolName.substring(dotIndex + 1);
+    }
+
+    throw new Error(`Unsupported Slack action: ${toolName}`);
+  }
+
+  // Post a message to a channel
+  private async postMessage(toolCall: ToolCall): Promise<ToolOutput> {
+    const { channel, text, blocks } = toolCall.args;
+
+    if (!channel || typeof channel !== 'string') {
+      throw new Error('Missing or invalid "channel" argument for slack.post_message');
+    }
+    if (!text || typeof text !== 'string') {
+      throw new Error('Missing or invalid "text" argument for slack.post_message');
+    }
+
+    const result = await this.client.chat.postMessage({
+      channel,
+      text,
+      ...(blocks ? { blocks: blocks as unknown[] } : {}),
+    });
+
+    return { http_status: 200, body: result, headers: {} };
+  }
+
+  // Update an existing message
+  private async updateMessage(toolCall: ToolCall): Promise<ToolOutput> {
+    const { channel, ts, text, blocks } = toolCall.args;
+
+    if (!channel || typeof channel !== 'string') {
+      throw new Error('Missing or invalid "channel" argument for slack.update_message');
+    }
+    if (!ts || typeof ts !== 'string') {
+      throw new Error('Missing or invalid "ts" argument for slack.update_message');
+    }
+    if (!text || typeof text !== 'string') {
+      throw new Error('Missing or invalid "text" argument for slack.update_message');
+    }
+
+    const result = await this.client.chat.update({
+      channel,
+      ts,
+      text,
+      ...(blocks ? { blocks: blocks as unknown[] } : {}),
+    });
+
+    return { http_status: 200, body: result, headers: {} };
+  }
+
+  // Add a reaction to a message
+  private async addReaction(toolCall: ToolCall): Promise<ToolOutput> {
+    const { channel, timestamp, name } = toolCall.args;
+
+    if (!channel || typeof channel !== 'string') {
+      throw new Error('Missing or invalid "channel" argument for slack.add_reaction');
+    }
+    if (!timestamp || typeof timestamp !== 'string') {
+      throw new Error('Missing or invalid "timestamp" argument for slack.add_reaction');
+    }
+    if (!name || typeof name !== 'string') {
+      throw new Error('Missing or invalid "name" argument for slack.add_reaction');
+    }
+
+    const result = await this.client.reactions.add({
+      channel,
+      timestamp,
+      name,
+    });
+
+    return { http_status: 200, body: result, headers: {} };
+  }
+
+  // List channels
+  private async listChannels(toolCall: ToolCall): Promise<ToolOutput> {
+    const { types, limit } = toolCall.args;
+
+    const result = await this.client.conversations.list({
+      types: (types as string) || 'public_channel',
+      ...(limit ? { limit: limit as number } : {}),
+    });
+
+    return { http_status: 200, body: result, headers: {} };
+  }
+
+  // Get channel history
+  private async channelHistory(toolCall: ToolCall): Promise<ToolOutput> {
+    const { channel, limit, oldest, latest } = toolCall.args;
+
+    if (!channel || typeof channel !== 'string') {
+      throw new Error('Missing or invalid "channel" argument for slack.channel_history');
+    }
+
+    const result = await this.client.conversations.history({
+      channel,
+      ...(limit ? { limit: limit as number } : {}),
+      ...(oldest ? { oldest: oldest as string } : {}),
+      ...(latest ? { latest: latest as string } : {}),
+    });
+
+    return { http_status: 200, body: result, headers: {} };
+  }
+
+  // Upload a file
+  private async uploadFile(toolCall: ToolCall): Promise<ToolOutput> {
+    const { channels, content, filename, title } = toolCall.args;
+
+    if (!channels || typeof channels !== 'string') {
+      throw new Error('Missing or invalid "channels" argument for slack.upload_file');
+    }
+    if (!content || typeof content !== 'string') {
+      throw new Error('Missing or invalid "content" argument for slack.upload_file');
+    }
+    if (!filename || typeof filename !== 'string') {
+      throw new Error('Missing or invalid "filename" argument for slack.upload_file');
+    }
+
+    const result = await this.client.files.upload({
+      channels,
+      content,
+      filename,
+      ...(title ? { title: title as string } : {}),
+    });
+
+    return { http_status: 200, body: result, headers: {} };
+  }
+}

package/src/executor/sql-executor.ts

@@ -0,0 +1,146 @@
+import { Pool } from 'pg';
+import { ToolCall } from '../types/tool-call';
+import { ToolOutput } from '../types/tool-result';
+import { ToolExecutor } from './interfaces';
+import { SQLExecutorConfig } from '../types/config';
+
+/**
+ * SQL executor for parameterized database queries.
+ * Handles tool calls with tool name `sql.*` (e.g., sql.query, sql.execute).
+ * Enforces read_only mode, table blocklists, and query timeouts.
+ */
+export class SQLExecutor implements ToolExecutor {
+  private pool: Pool;
+  private config: SQLExecutorConfig;
+
+  constructor(config: SQLExecutorConfig) {
+    this.config = config;
+    this.pool = new Pool({
+      connectionString: config.connection_string,
+      statement_timeout: config.timeout_ms,
+    });
+  }
+
+  async execute(toolCall: ToolCall): Promise<ToolOutput> {
+    const action = this.resolveAction(toolCall);
+
+    switch (action) {
+      case 'query':
+        return this.query(toolCall);
+      case 'execute':
+        return this.sqlExecute(toolCall);
+      default:
+        throw new Error(`Unsupported SQL action: ${action}`);
+    }
+  }
+
+  private resolveAction(toolCall: ToolCall): string {
+    if (toolCall.args.action && typeof toolCall.args.action === 'string') {
+      return toolCall.args.action;
+    }
+
+    const toolName = toolCall.tool.name;
+    const dotIndex = toolName.indexOf('.');
+    if (dotIndex !== -1) {
+      return toolName.substring(dotIndex + 1);
+    }
+
+    throw new Error(`Unsupported SQL action: ${toolName}`);
+  }
+
+  /**
+   * Check if the query references any blocked tables.
+   */
+  private checkBlockedTables(query: string): void {
+    const blocked = this.config.blocked_tables;
+    if (!blocked || blocked.length === 0) return;
+
+    // Extract table names from common SQL patterns
+    const tablePatterns = [
+      /\bFROM\s+([a-zA-Z_][\w.]*)/gi,
+      /\bJOIN\s+([a-zA-Z_][\w.]*)/gi,
+      /\bINTO\s+([a-zA-Z_][\w.]*)/gi,
+      /\bUPDATE\s+([a-zA-Z_][\w.]*)/gi,
+      /\bTABLE\s+([a-zA-Z_][\w.]*)/gi,
+    ];
+
+    const referencedTables = new Set<string>();
+    for (const pattern of tablePatterns) {
+      let match;
+      while ((match = pattern.exec(query)) !== null) {
+        referencedTables.add(match[1].toLowerCase());
+      }
+    }
+
+    for (const table of referencedTables) {
+      if (blocked.some(b => table === b.toLowerCase())) {
+        throw new Error(`Access to table "${table}" is blocked`);
+      }
+    }
+  }
+
+  /**
+   * Check if a query is a read-only SELECT statement.
+   */
+  private isReadOnly(query: string): boolean {
+    const trimmed = query.trim().toUpperCase();
+    // Allow SELECT, WITH ... SELECT, EXPLAIN
+    return /^(SELECT|WITH\s|EXPLAIN\s)/i.test(trimmed) &&
+      !/\b(INSERT|UPDATE|DELETE|DROP|ALTER|CREATE|TRUNCATE|GRANT|REVOKE)\b/i.test(trimmed);
+  }
+
+  private async query(toolCall: ToolCall): Promise<ToolOutput> {
+    const { query, params } = toolCall.args;
+
+    if (!query || typeof query !== 'string') {
+      throw new Error('Missing or invalid "query" argument for sql.query');
+    }
+
+    if (!this.isReadOnly(query)) {
+      throw new Error('sql.query only allows read-only (SELECT) statements');
+    }
+
+    this.checkBlockedTables(query);
+
+    const result = await this.pool.query(
+      query,
+      Array.isArray(params) ? params : undefined,
+    );
+
+    const rows = result.rows.slice(0, this.config.max_rows);
+
+    return {
+      body: rows,
+      rows_affected: result.rowCount ?? 0,
+    };
+  }
+
+  private async sqlExecute(toolCall: ToolCall): Promise<ToolOutput> {
+    const { query, params } = toolCall.args;
+
+    if (!query || typeof query !== 'string') {
+      throw new Error('Missing or invalid "query" argument for sql.execute');
+    }
+
+    if (this.config.read_only) {
+      throw new Error('sql.execute is disabled: executor is in read_only mode');
+    }
+
+    this.checkBlockedTables(query);
+
+    const result = await this.pool.query(
+      query,
+      Array.isArray(params) ? params : undefined,
+    );
+
+    return {
+      body: result.rows?.slice(0, this.config.max_rows) ?? [],
+      rows_affected: result.rowCount ?? 0,
+    };
+  }
+
+  /** Close the connection pool. */
+  async close(): Promise<void> {
+    await this.pool.end();
+  }
+}

package/src/executor/websocket-executor.ts

@@ -0,0 +1,211 @@
+import WebSocket from 'ws';
+import * as crypto from 'crypto';
+import { ToolCall } from '../types/tool-call';
+import { ToolOutput } from '../types/tool-result';
+import { ToolExecutor } from './interfaces';
+import { WebSocketExecutorConfig } from '../types/config';
+
+interface ManagedConnection {
+  ws: WebSocket;
+  url: string;
+  createdAt: number;
+}
+
+/**
+ * WebSocket executor for managed WebSocket connections.
+ * Handles tool calls with tool name `ws.*` (e.g., ws.connect, ws.send, ws.close).
+ * Manages a connection pool by connection_id with URL allowlisting.
+ */
+export class WebSocketExecutor implements ToolExecutor {
+  private config: WebSocketExecutorConfig;
+  private connections: Map<string, ManagedConnection> = new Map();
+
+  constructor(config: WebSocketExecutorConfig) {
+    this.config = config;
+  }
+
+  async execute(toolCall: ToolCall): Promise<ToolOutput> {
+    const action = this.resolveAction(toolCall);
+
+    switch (action) {
+      case 'connect':
+        return this.connect(toolCall);
+      case 'send':
+        return this.send(toolCall);
+      case 'close':
+        return this.wsClose(toolCall);
+      default:
+        throw new Error(`Unsupported WebSocket action: ${action}`);
+    }
+  }
+
+  private resolveAction(toolCall: ToolCall): string {
+    if (toolCall.args.action && typeof toolCall.args.action === 'string') {
+      return toolCall.args.action;
+    }
+
+    const toolName = toolCall.tool.name;
+    const dotIndex = toolName.indexOf('.');
+    if (dotIndex !== -1) {
+      return toolName.substring(dotIndex + 1);
+    }
+
+    throw new Error(`Unsupported WebSocket action: ${toolName}`);
+  }
+
+  /**
+   * Check if a URL matches any of the allowed URL patterns.
+   */
+  private isUrlAllowed(url: string): boolean {
+    if (!this.config.allowed_urls || this.config.allowed_urls.length === 0) {
+      return false;
+    }
+
+    for (const pattern of this.config.allowed_urls) {
+      // Convert glob-like pattern to regex
+      const escaped = pattern.replace(/[.+?^${}()|[\]\\]/g, '\\$&').replace(/\*/g, '.*');
+      const regex = new RegExp(`^${escaped}$`);
+      if (regex.test(url)) {
+        return true;
+      }
+    }
+
+    return false;
+  }
+
+  private async connect(toolCall: ToolCall): Promise<ToolOutput> {
+    const { url, connection_id: providedId } = toolCall.args;
+
+    if (!url || typeof url !== 'string') {
+      throw new Error('Missing or invalid "url" argument for ws.connect');
+    }
+
+    if (!this.isUrlAllowed(url)) {
+      throw new Error(`URL "${url}" is not in the allowed URLs list`);
+    }
+
+    const connectionId = (typeof providedId === 'string' ? providedId : null)
+      || crypto.randomUUID();
+
+    return new Promise<ToolOutput>((resolve, reject) => {
+      const timeout = setTimeout(() => {
+        ws.close();
+        reject(new Error(`WebSocket connection timeout after ${this.config.connect_timeout_ms}ms`));
+      }, this.config.connect_timeout_ms);
+
+      const ws = new WebSocket(url, {
+        maxPayload: this.config.max_message_size_bytes,
+      });
+
+      ws.on('open', () => {
+        clearTimeout(timeout);
+        this.connections.set(connectionId, {
+          ws,
+          url,
+          createdAt: Date.now(),
+        });
+
+        resolve({
+          body: { connected: true, connection_id: connectionId },
+          metadata: { url },
+        });
+      });
+
+      ws.on('error', (err: Error) => {
+        clearTimeout(timeout);
+        reject(new Error(`WebSocket connection failed: ${err.message}`));
+      });
+    });
+  }
+
+  private async send(toolCall: ToolCall): Promise<ToolOutput> {
+    const { connection_id, message, wait_for_response } = toolCall.args;
+
+    if (!connection_id || typeof connection_id !== 'string') {
+      throw new Error('Missing or invalid "connection_id" argument for ws.send');
+    }
+
+    if (message === undefined || message === null) {
+      throw new Error('Missing "message" argument for ws.send');
+    }
+
+    const conn = this.connections.get(connection_id);
+    if (!conn) {
+      throw new Error(`No connection found with id "${connection_id}"`);
+    }
+
+    if (conn.ws.readyState !== WebSocket.OPEN) {
+      this.connections.delete(connection_id);
+      throw new Error(`Connection "${connection_id}" is no longer open`);
+    }
+
+    const data = typeof message === 'string' ? message : JSON.stringify(message);
+
+    if (Buffer.byteLength(data) > this.config.max_message_size_bytes) {
+      throw new Error(`Message size exceeds max allowed ${this.config.max_message_size_bytes} bytes`);
+    }
+
+    return new Promise<ToolOutput>((resolve, reject) => {
+      if (wait_for_response) {
+        const responseTimeout = setTimeout(() => {
+          conn.ws.removeAllListeners('message');
+          resolve({
+            body: null,
+            metadata: { connection_id, timeout: true },
+          });
+        }, this.config.connect_timeout_ms);
+
+        conn.ws.once('message', (responseData: WebSocket.Data) => {
+          clearTimeout(responseTimeout);
+          resolve({
+            body: responseData.toString(),
+            metadata: { connection_id },
+          });
+        });
+      }
+
+      conn.ws.send(data, (err?: Error) => {
+        if (err) {
+          reject(new Error(`Failed to send message: ${err.message}`));
+          return;
+        }
+
+        if (!wait_for_response) {
+          resolve({
+            body: { sent: true },
+            metadata: { connection_id },
+          });
+        }
+      });
+    });
+  }
+
+  private async wsClose(toolCall: ToolCall): Promise<ToolOutput> {
+    const { connection_id } = toolCall.args;
+
+    if (!connection_id || typeof connection_id !== 'string') {
+      throw new Error('Missing or invalid "connection_id" argument for ws.close');
+    }
+
+    const conn = this.connections.get(connection_id);
+    if (!conn) {
+      throw new Error(`No connection found with id "${connection_id}"`);
+    }
+
+    conn.ws.close();
+    this.connections.delete(connection_id);
+
+    return {
+      body: { closed: true },
+      metadata: { connection_id },
+    };
+  }
+
+  /** Close all managed connections. */
+  async closeAll(): Promise<void> {
+    for (const [id, conn] of this.connections) {
+      conn.ws.close();
+      this.connections.delete(id);
+    }
+  }
+}

package/src/index.ts

@@ -0,0 +1,24 @@
+export { Gateway, PreExecuteResult } from './server/gateway';
+export { createApp, HealthCheck, HealthCheckResult, CreateAppResult } from './server/app';
+export { sendError, ErrorCode, ErrorResponse } from './server/errors';
+export { PolicyEngine, OPAEngine } from './policy';
+export { DLPScanner, DLPBackend, DLPDetection, RegexDLPBackend, TruffleHogBackend, CompositeDLPScanner } from './dlp';
+export { BudgetManager, CostRecord } from './budget/manager';
+export { UsageExtractor } from './budget/usage-extractor';
+export { AuditLogger } from './audit/logger';
+export { ToolExecutor, ExecutorRegistry, HttpExecutor, NoopExecutor, SlackExecutor } from './executor';
+export { ApprovalManager } from './approval/manager';
+export { ApprovalWebhook } from './approval/webhook';
+export { RateLimiter } from './ratelimit/limiter';
+export { GatewayMetrics } from './metrics';
+export { GatewayTracer, TracingConfig } from './tracing';
+export { DEFAULT_CONFIG } from './config/defaults';
+export { validateConfig, ConfigIssue, ConfigValidationResult } from './config/validate';
+export * from './storage';
+export { MCPBridge, startMCPBridge } from './mcp';
+export { createAdminRouter } from './admin';
+export { parseProxyAuth, ProxyAuthResult } from './middleware/auth';
+export { AnomalyDetector, AnomalyConfig, AnomalyAlert, AnomalyType } from './anomaly';
+export { createForwardProxy, buildToolCallFromProxy, ForwardProxyServer } from './proxy';
+export { SessionReplayEngine, ReplayComparison, ReplayResult } from './replay';
+export * from './types';

package/src/interceptor/index.ts

@@ -0,0 +1 @@
+export { ProviderInterceptor, ProviderToolBlock } from './provider-interceptor';