npm - palaryn - Versions diffs - 0.1.0 → 0.3.2 - Mend

palaryn 0.1.0 → 0.3.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (344) hide show

package/README.md +243 -588
package/dist/sdk/typescript/src/client.js +2 -2
package/dist/sdk/typescript/src/client.js.map +1 -1
package/dist/src/anomaly/detector.d.ts +7 -4
package/dist/src/anomaly/detector.d.ts.map +1 -1
package/dist/src/anomaly/detector.js +22 -12
package/dist/src/anomaly/detector.js.map +1 -1
package/dist/src/audit/logger.d.ts +10 -0
package/dist/src/audit/logger.d.ts.map +1 -1
package/dist/src/audit/logger.js +52 -38
package/dist/src/audit/logger.js.map +1 -1
package/dist/src/auth/routes.d.ts.map +1 -1
package/dist/src/auth/routes.js +35 -0
package/dist/src/auth/routes.js.map +1 -1
package/dist/src/budget/manager.d.ts +5 -0
package/dist/src/budget/manager.d.ts.map +1 -1
package/dist/src/budget/manager.js +32 -0
package/dist/src/budget/manager.js.map +1 -1
package/dist/src/budget/model-pricing.d.ts +20 -0
package/dist/src/budget/model-pricing.d.ts.map +1 -0
package/dist/src/budget/model-pricing.js +107 -0
package/dist/src/budget/model-pricing.js.map +1 -0
package/dist/src/budget/usage-extractor.d.ts +3 -1
package/dist/src/budget/usage-extractor.d.ts.map +1 -1
package/dist/src/budget/usage-extractor.js +47 -3
package/dist/src/budget/usage-extractor.js.map +1 -1
package/dist/src/config/defaults.d.ts.map +1 -1
package/dist/src/config/defaults.js +65 -13
package/dist/src/config/defaults.js.map +1 -1
package/dist/src/dlp/tool-patterns.d.ts +7 -0
package/dist/src/dlp/tool-patterns.d.ts.map +1 -0
package/dist/src/dlp/tool-patterns.js +34 -0
package/dist/src/dlp/tool-patterns.js.map +1 -0
package/dist/src/executor/filesystem-executor.d.ts +28 -0
package/dist/src/executor/filesystem-executor.d.ts.map +1 -0
package/dist/src/executor/filesystem-executor.js +192 -0
package/dist/src/executor/filesystem-executor.js.map +1 -0
package/dist/src/executor/http-executor.d.ts.map +1 -1
package/dist/src/executor/http-executor.js +22 -2
package/dist/src/executor/http-executor.js.map +1 -1
package/dist/src/executor/index.d.ts +4 -0
package/dist/src/executor/index.d.ts.map +1 -1
package/dist/src/executor/index.js +9 -1
package/dist/src/executor/index.js.map +1 -1
package/dist/src/executor/shell-executor.d.ts +22 -0
package/dist/src/executor/shell-executor.d.ts.map +1 -0
package/dist/src/executor/shell-executor.js +119 -0
package/dist/src/executor/shell-executor.js.map +1 -0
package/dist/src/executor/sql-executor.d.ts +29 -0
package/dist/src/executor/sql-executor.d.ts.map +1 -0
package/dist/src/executor/sql-executor.js +114 -0
package/dist/src/executor/sql-executor.js.map +1 -0
package/dist/src/executor/websocket-executor.d.ts +26 -0
package/dist/src/executor/websocket-executor.d.ts.map +1 -0
package/dist/src/executor/websocket-executor.js +205 -0
package/dist/src/executor/websocket-executor.js.map +1 -0
package/dist/src/interceptor/index.d.ts +2 -0
package/dist/src/interceptor/index.d.ts.map +1 -0
package/dist/src/interceptor/index.js +6 -0
package/dist/src/interceptor/index.js.map +1 -0
package/dist/src/interceptor/provider-interceptor.d.ts +36 -0
package/dist/src/interceptor/provider-interceptor.d.ts.map +1 -0
package/dist/src/interceptor/provider-interceptor.js +302 -0
package/dist/src/interceptor/provider-interceptor.js.map +1 -0
package/dist/src/mcp/auth-verifier.d.ts.map +1 -1
package/dist/src/mcp/auth-verifier.js +3 -2
package/dist/src/mcp/auth-verifier.js.map +1 -1
package/dist/src/mcp/bridge.d.ts +14 -10
package/dist/src/mcp/bridge.d.ts.map +1 -1
package/dist/src/mcp/bridge.js +51 -227
package/dist/src/mcp/bridge.js.map +1 -1
package/dist/src/mcp/http-transport.d.ts +2 -0
package/dist/src/mcp/http-transport.d.ts.map +1 -1
package/dist/src/mcp/http-transport.js +117 -66
package/dist/src/mcp/http-transport.js.map +1 -1
package/dist/src/mcp/internal-auth.d.ts +13 -0
package/dist/src/mcp/internal-auth.d.ts.map +1 -0
package/dist/src/mcp/internal-auth.js +12 -0
package/dist/src/mcp/internal-auth.js.map +1 -0
package/dist/src/mcp/tool-definitions.d.ts +41 -0
package/dist/src/mcp/tool-definitions.d.ts.map +1 -0
package/dist/src/mcp/tool-definitions.js +491 -0
package/dist/src/mcp/tool-definitions.js.map +1 -0
package/dist/src/middleware/auth.js.map +1 -1
package/dist/src/middleware/session.js.map +1 -1
package/dist/src/middleware/validate.d.ts +8 -0
package/dist/src/middleware/validate.d.ts.map +1 -1
package/dist/src/middleware/validate.js +45 -0
package/dist/src/middleware/validate.js.map +1 -1
package/dist/src/policy/engine.d.ts +4 -0
package/dist/src/policy/engine.d.ts.map +1 -1
package/dist/src/policy/engine.js +117 -0
package/dist/src/policy/engine.js.map +1 -1
package/dist/src/saas/routes.d.ts.map +1 -1
package/dist/src/saas/routes.js +355 -22
package/dist/src/saas/routes.js.map +1 -1
package/dist/src/server/app.d.ts.map +1 -1
package/dist/src/server/app.js +24 -3
package/dist/src/server/app.js.map +1 -1
package/dist/src/server/gateway.d.ts.map +1 -1
package/dist/src/server/gateway.js +17 -0
package/dist/src/server/gateway.js.map +1 -1
package/dist/src/server/index.d.ts.map +1 -1
package/dist/src/server/index.js +18 -0
package/dist/src/server/index.js.map +1 -1
package/dist/src/storage/interfaces.d.ts +14 -3
package/dist/src/storage/interfaces.d.ts.map +1 -1
package/dist/src/storage/memory.d.ts +2 -0
package/dist/src/storage/memory.d.ts.map +1 -1
package/dist/src/storage/memory.js +6 -0
package/dist/src/storage/memory.js.map +1 -1
package/dist/src/storage/postgres.d.ts +5 -0
package/dist/src/storage/postgres.d.ts.map +1 -1
package/dist/src/storage/postgres.js +16 -0
package/dist/src/storage/postgres.js.map +1 -1
package/dist/src/storage/redis.d.ts +10 -0
package/dist/src/storage/redis.d.ts.map +1 -1
package/dist/src/storage/redis.js +65 -0
package/dist/src/storage/redis.js.map +1 -1
package/dist/src/types/budget.d.ts +4 -0
package/dist/src/types/budget.d.ts.map +1 -1
package/dist/src/types/config.d.ts +58 -0
package/dist/src/types/config.d.ts.map +1 -1
package/dist/src/types/events.d.ts +1 -0
package/dist/src/types/events.d.ts.map +1 -1
package/dist/src/types/policy.d.ts +11 -1
package/dist/src/types/policy.d.ts.map +1 -1
package/dist/src/types/tool-result.d.ts +11 -0
package/dist/src/types/tool-result.d.ts.map +1 -1
package/dist/tests/unit/app-routes.test.d.ts +2 -0
package/dist/tests/unit/app-routes.test.d.ts.map +1 -0
package/dist/tests/unit/app-routes.test.js +715 -0
package/dist/tests/unit/app-routes.test.js.map +1 -0
package/dist/tests/unit/audit-logger.test.js +105 -0
package/dist/tests/unit/audit-logger.test.js.map +1 -1
package/dist/tests/unit/auth-providers.test.d.ts +2 -0
package/dist/tests/unit/auth-providers.test.d.ts.map +1 -0
package/dist/tests/unit/auth-providers.test.js +279 -0
package/dist/tests/unit/auth-providers.test.js.map +1 -0
package/dist/tests/unit/auth-routes-extended.test.d.ts +2 -0
package/dist/tests/unit/auth-routes-extended.test.d.ts.map +1 -0
package/dist/tests/unit/auth-routes-extended.test.js +993 -0
package/dist/tests/unit/auth-routes-extended.test.js.map +1 -0
package/dist/tests/unit/auth-verifier.test.d.ts +2 -0
package/dist/tests/unit/auth-verifier.test.d.ts.map +1 -0
package/dist/tests/unit/auth-verifier.test.js +505 -0
package/dist/tests/unit/auth-verifier.test.js.map +1 -0
package/dist/tests/unit/billing-routes.test.d.ts +2 -0
package/dist/tests/unit/billing-routes.test.d.ts.map +1 -0
package/dist/tests/unit/billing-routes.test.js +432 -0
package/dist/tests/unit/billing-routes.test.js.map +1 -0
package/dist/tests/unit/config-defaults.test.d.ts +2 -0
package/dist/tests/unit/config-defaults.test.d.ts.map +1 -0
package/dist/tests/unit/config-defaults.test.js +119 -0
package/dist/tests/unit/config-defaults.test.js.map +1 -0
package/dist/tests/unit/defaults.test.js +0 -10
package/dist/tests/unit/defaults.test.js.map +1 -1
package/dist/tests/unit/filesystem-executor.test.d.ts +2 -0
package/dist/tests/unit/filesystem-executor.test.d.ts.map +1 -0
package/dist/tests/unit/filesystem-executor.test.js +280 -0
package/dist/tests/unit/filesystem-executor.test.js.map +1 -0
package/dist/tests/unit/gateway-branches.test.d.ts +2 -0
package/dist/tests/unit/gateway-branches.test.d.ts.map +1 -0
package/dist/tests/unit/gateway-branches.test.js +1039 -0
package/dist/tests/unit/gateway-branches.test.js.map +1 -0
package/dist/tests/unit/http-executor-branches.test.d.ts +2 -0
package/dist/tests/unit/http-executor-branches.test.d.ts.map +1 -0
package/dist/tests/unit/http-executor-branches.test.js +495 -0
package/dist/tests/unit/http-executor-branches.test.js.map +1 -0
package/dist/tests/unit/logger.test.d.ts +2 -0
package/dist/tests/unit/logger.test.d.ts.map +1 -0
package/dist/tests/unit/logger.test.js +97 -0
package/dist/tests/unit/logger.test.js.map +1 -0
package/dist/tests/unit/mcp-internal-auth.test.d.ts +2 -0
package/dist/tests/unit/mcp-internal-auth.test.d.ts.map +1 -0
package/dist/tests/unit/mcp-internal-auth.test.js +445 -0
package/dist/tests/unit/mcp-internal-auth.test.js.map +1 -0
package/dist/tests/unit/metrics.test.js +102 -0
package/dist/tests/unit/metrics.test.js.map +1 -1
package/dist/tests/unit/model-pricing.test.d.ts +2 -0
package/dist/tests/unit/model-pricing.test.d.ts.map +1 -0
package/dist/tests/unit/model-pricing.test.js +87 -0
package/dist/tests/unit/model-pricing.test.js.map +1 -0
package/dist/tests/unit/oauth-stores.test.d.ts +2 -0
package/dist/tests/unit/oauth-stores.test.d.ts.map +1 -0
package/dist/tests/unit/oauth-stores.test.js +260 -0
package/dist/tests/unit/oauth-stores.test.js.map +1 -0
package/dist/tests/unit/policy-engine.test.js +466 -0
package/dist/tests/unit/policy-engine.test.js.map +1 -1
package/dist/tests/unit/provider-interceptor.test.d.ts +2 -0
package/dist/tests/unit/provider-interceptor.test.d.ts.map +1 -0
package/dist/tests/unit/provider-interceptor.test.js +472 -0
package/dist/tests/unit/provider-interceptor.test.js.map +1 -0
package/dist/tests/unit/saas-routes-branches.test.d.ts +2 -0
package/dist/tests/unit/saas-routes-branches.test.d.ts.map +1 -0
package/dist/tests/unit/saas-routes-branches.test.js +2165 -0
package/dist/tests/unit/saas-routes-branches.test.js.map +1 -0
package/dist/tests/unit/saas-routes-crud.test.d.ts +2 -0
package/dist/tests/unit/saas-routes-crud.test.d.ts.map +1 -0
package/dist/tests/unit/saas-routes-crud.test.js +332 -0
package/dist/tests/unit/saas-routes-crud.test.js.map +1 -0
package/dist/tests/unit/saas-routes-data.test.d.ts +2 -0
package/dist/tests/unit/saas-routes-data.test.d.ts.map +1 -0
package/dist/tests/unit/saas-routes-data.test.js +405 -0
package/dist/tests/unit/saas-routes-data.test.js.map +1 -0
package/dist/tests/unit/saas-routes.test.js +3 -3
package/dist/tests/unit/saas-routes.test.js.map +1 -1
package/dist/tests/unit/shell-executor.test.d.ts +2 -0
package/dist/tests/unit/shell-executor.test.d.ts.map +1 -0
package/dist/tests/unit/shell-executor.test.js +145 -0
package/dist/tests/unit/shell-executor.test.js.map +1 -0
package/dist/tests/unit/sql-executor.test.d.ts +2 -0
package/dist/tests/unit/sql-executor.test.d.ts.map +1 -0
package/dist/tests/unit/sql-executor.test.js +177 -0
package/dist/tests/unit/sql-executor.test.js.map +1 -0
package/dist/tests/unit/stream-proxy.test.d.ts +2 -0
package/dist/tests/unit/stream-proxy.test.d.ts.map +1 -0
package/dist/tests/unit/stream-proxy.test.js +147 -0
package/dist/tests/unit/stream-proxy.test.js.map +1 -0
package/dist/tests/unit/tool-definitions.test.d.ts +2 -0
package/dist/tests/unit/tool-definitions.test.d.ts.map +1 -0
package/dist/tests/unit/tool-definitions.test.js +184 -0
package/dist/tests/unit/tool-definitions.test.js.map +1 -0
package/dist/tests/unit/usage-extractor.test.js +140 -0
package/dist/tests/unit/usage-extractor.test.js.map +1 -1
package/dist/tests/unit/webhook-handler.test.d.ts +2 -0
package/dist/tests/unit/webhook-handler.test.d.ts.map +1 -0
package/dist/tests/unit/webhook-handler.test.js +453 -0
package/dist/tests/unit/webhook-handler.test.js.map +1 -0
package/dist/tests/unit/webhook-routes.test.d.ts +2 -0
package/dist/tests/unit/webhook-routes.test.d.ts.map +1 -0
package/dist/tests/unit/webhook-routes.test.js +69 -0
package/dist/tests/unit/webhook-routes.test.js.map +1 -0
package/dist/tests/unit/websocket-executor.test.d.ts +2 -0
package/dist/tests/unit/websocket-executor.test.d.ts.map +1 -0
package/dist/tests/unit/websocket-executor.test.js +121 -0
package/dist/tests/unit/websocket-executor.test.js.map +1 -0
package/package.json +8 -2
package/policy-packs/demo_fail.yaml +41 -0
package/policy-packs/full_tools.yaml +136 -0
package/src/admin/index.ts +1 -0
package/src/admin/routes.ts +509 -0
package/src/admin/templates.ts +572 -0
package/src/anomaly/detector.ts +730 -0
package/src/anomaly/index.ts +1 -0
package/src/approval/manager.ts +569 -0
package/src/approval/webhook.ts +133 -0
package/src/audit/logger.ts +490 -0
package/src/auth/index.ts +5 -0
package/src/auth/password.ts +21 -0
package/src/auth/pkce.ts +22 -0
package/src/auth/providers.ts +208 -0
package/src/auth/routes.ts +561 -0
package/src/auth/session.ts +84 -0
package/src/billing/index.ts +6 -0
package/src/billing/plan-enforcer.ts +135 -0
package/src/billing/routes.ts +229 -0
package/src/billing/stripe-client.ts +58 -0
package/src/billing/webhook-handler.ts +182 -0
package/src/billing/webhook-routes.ts +28 -0
package/src/budget/manager.ts +679 -0
package/src/budget/model-pricing.ts +119 -0
package/src/budget/usage-extractor.ts +214 -0
package/src/cli.ts +91 -0
package/src/config/defaults.ts +261 -0
package/src/config/validate.ts +88 -0
package/src/dlp/composite-scanner.ts +213 -0
package/src/dlp/index.ts +9 -0
package/src/dlp/interfaces.ts +34 -0
package/src/dlp/patterns.ts +30 -0
package/src/dlp/prompt-injection-backend.ts +181 -0
package/src/dlp/prompt-injection-patterns.ts +302 -0
package/src/dlp/regex-backend.ts +181 -0
package/src/dlp/scanner.ts +502 -0
package/src/dlp/text-normalizer.ts +225 -0
package/src/dlp/tool-patterns.ts +35 -0
package/src/dlp/trufflehog-backend.ts +190 -0
package/src/executor/filesystem-executor.ts +196 -0
package/src/executor/http-executor.ts +349 -0
package/src/executor/index.ts +9 -0
package/src/executor/interfaces.ts +11 -0
package/src/executor/noop-executor.ts +23 -0
package/src/executor/registry.ts +64 -0
package/src/executor/shell-executor.ts +148 -0
package/src/executor/slack-executor.ts +176 -0
package/src/executor/sql-executor.ts +146 -0
package/src/executor/websocket-executor.ts +211 -0
package/src/index.ts +24 -0
package/src/interceptor/index.ts +1 -0
package/src/interceptor/provider-interceptor.ts +315 -0
package/src/mcp/auth-verifier.ts +152 -0
package/src/mcp/bridge.ts +703 -0
package/src/mcp/http-transport.ts +698 -0
package/src/mcp/index.ts +9 -0
package/src/mcp/internal-auth.ts +14 -0
package/src/mcp/oauth-pages.ts +139 -0
package/src/mcp/oauth-postgres-stores.ts +278 -0
package/src/mcp/oauth-provider.ts +536 -0
package/src/mcp/oauth-stores.ts +202 -0
package/src/mcp/server.ts +55 -0
package/src/mcp/tool-definitions.ts +562 -0
package/src/metrics/collector.ts +357 -0
package/src/metrics/index.ts +1 -0
package/src/middleware/auth.ts +814 -0
package/src/middleware/session.ts +85 -0
package/src/middleware/validate.ts +130 -0
package/src/policy/engine.ts +815 -0
package/src/policy/index.ts +2 -0
package/src/policy/opa-engine.ts +829 -0
package/src/proxy/forward-proxy.ts +649 -0
package/src/proxy/index.ts +1 -0
package/src/ratelimit/limiter.ts +196 -0
package/src/replay/engine.ts +142 -0
package/src/replay/index.ts +1 -0
package/src/saas/index.ts +1 -0
package/src/saas/routes.ts +2178 -0
package/src/server/app.ts +985 -0
package/src/server/errors.ts +49 -0
package/src/server/gateway.ts +1130 -0
package/src/server/index.ts +307 -0
package/src/server/logger.ts +255 -0
package/src/server/stream-proxy.ts +202 -0
package/src/storage/file-persistence.ts +315 -0
package/src/storage/index.ts +4 -0
package/src/storage/interfaces.ts +287 -0
package/src/storage/memory.ts +686 -0
package/src/storage/postgres.ts +1831 -0
package/src/storage/redis.ts +835 -0
package/src/tracing/index.ts +1 -0
package/src/tracing/provider.ts +100 -0
package/src/trust/calculator.ts +141 -0
package/src/trust/index.ts +7 -0
package/src/types/budget.ts +36 -0
package/src/types/config.ts +278 -0
package/src/types/events.ts +41 -0
package/src/types/express.d.ts +14 -0
package/src/types/index.ts +7 -0
package/src/types/policy.ts +83 -0
package/src/types/stripe-config.ts +11 -0
package/src/types/subscription.ts +59 -0
package/src/types/tool-call.ts +47 -0
package/src/types/tool-result.ts +82 -0
package/src/types/user.ts +125 -0
package/tsconfig.json +24 -0

package/src/metrics/collector.ts ADDED Viewed

@@ -0,0 +1,357 @@
+import * as promClient from 'prom-client';
+export class GatewayMetrics {
+  private registry: promClient.Registry;
+  // Counters
+  private requestsTotal: promClient.Counter;
+  private policyDecisionsTotal: promClient.Counter;
+  private dlpDetectionsTotal: promClient.Counter;
+  private budgetBlockedTotal: promClient.Counter;
+  private rateLimitBlockedTotal: promClient.Counter;
+  private idempotencyHitsTotal: promClient.Counter;
+  private executorErrorsTotal: promClient.Counter;
+  // Cost & usage counters
+  private costUsdTotal: promClient.Counter;
+  private tokenUsageTotal: promClient.Counter;
+  // LLM-specific counters/histograms
+  private llmCostUsdTotal: promClient.Counter;
+  private llmTokensTotal: promClient.Counter;
+  private llmRequestsTotal: promClient.Counter;
+  private llmLatencySeconds: promClient.Histogram;
+  // Observability: cache and storage health
+  private cacheHitsTotal: promClient.Counter;
+  private cacheMissesTotal: promClient.Counter;
+  private storageWriteFailuresTotal: promClient.Counter;
+  private dlpTruncatedTotal: promClient.Counter;
+  // Histograms
+  private requestDuration: promClient.Histogram;
+  private costPerRequest: promClient.Histogram;
+  // Gauge
+  private activeApprovals: promClient.Gauge;
+  constructor() {
+    this.registry = new promClient.Registry();
+    // Enable default metrics (process CPU, memory, etc.) with palaryn_ prefix
+    promClient.collectDefaultMetrics({
+      register: this.registry,
+      prefix: 'palaryn_',
+    });
+    // palaryn_requests_total
+    this.requestsTotal = new promClient.Counter({
+      name: 'palaryn_requests_total',
+      help: 'Total number of tool call requests processed by the gateway',
+      labelNames: ['status', 'tool_name', 'capability'],
+      registers: [this.registry],
+    });
+    // palaryn_request_duration_seconds
+    this.requestDuration = new promClient.Histogram({
+      name: 'palaryn_request_duration_seconds',
+      help: 'Duration of tool call request processing in seconds',
+      labelNames: ['status', 'tool_name'],
+      buckets: [0.005, 0.01, 0.025, 0.05, 0.1, 0.25, 0.5, 1, 2.5, 5, 10],
+      registers: [this.registry],
+    });
+    // palaryn_policy_decisions_total
+    this.policyDecisionsTotal = new promClient.Counter({
+      name: 'palaryn_policy_decisions_total',
+      help: 'Total number of policy decisions made',
+      labelNames: ['decision', 'rule_id'],
+      registers: [this.registry],
+    });
+    // palaryn_dlp_detections_total
+    this.dlpDetectionsTotal = new promClient.Counter({
+      name: 'palaryn_dlp_detections_total',
+      help: 'Total number of DLP detections',
+      labelNames: ['detection_type', 'severity'],
+      registers: [this.registry],
+    });
+    // palaryn_budget_blocked_total
+    this.budgetBlockedTotal = new promClient.Counter({
+      name: 'palaryn_budget_blocked_total',
+      help: 'Total number of requests blocked due to budget limits',
+      labelNames: ['reason_type'],
+      registers: [this.registry],
+    });
+    // palaryn_rate_limit_blocked_total
+    this.rateLimitBlockedTotal = new promClient.Counter({
+      name: 'palaryn_rate_limit_blocked_total',
+      help: 'Total number of requests blocked due to rate limiting',
+      labelNames: ['blocked_by'],
+      registers: [this.registry],
+    });
+    // palaryn_idempotency_hits_total
+    this.idempotencyHitsTotal = new promClient.Counter({
+      name: 'palaryn_idempotency_hits_total',
+      help: 'Total number of idempotency cache hits (deduplicated requests)',
+      registers: [this.registry],
+    });
+    // palaryn_active_approvals
+    this.activeApprovals = new promClient.Gauge({
+      name: 'palaryn_active_approvals',
+      help: 'Current number of pending approval requests',
+      registers: [this.registry],
+    });
+    // palaryn_executor_errors_total
+    this.executorErrorsTotal = new promClient.Counter({
+      name: 'palaryn_executor_errors_total',
+      help: 'Total number of executor errors during tool execution',
+      labelNames: ['tool_name', 'error_type'],
+      registers: [this.registry],
+    });
+    // palaryn_cost_usd_total
+    this.costUsdTotal = new promClient.Counter({
+      name: 'palaryn_cost_usd_total',
+      help: 'Total cost in USD tracked by the gateway',
+      labelNames: ['source', 'tool_name'],
+      registers: [this.registry],
+    });
+    // palaryn_token_usage_total
+    this.tokenUsageTotal = new promClient.Counter({
+      name: 'palaryn_token_usage_total',
+      help: 'Total token usage tracked by the gateway',
+      labelNames: ['type', 'tool_name'],
+      registers: [this.registry],
+    });
+    // palaryn_cost_per_request_usd
+    this.costPerRequest = new promClient.Histogram({
+      name: 'palaryn_cost_per_request_usd',
+      help: 'Cost per request in USD',
+      labelNames: ['tool_name'],
+      buckets: [0.0001, 0.001, 0.005, 0.01, 0.05, 0.1, 0.5, 1, 5, 10],
+      registers: [this.registry],
+    });
+    // palaryn_llm_cost_usd_total
+    this.llmCostUsdTotal = new promClient.Counter({
+      name: 'palaryn_llm_cost_usd_total',
+      help: 'Total LLM cost in USD by model and provider',
+      labelNames: ['model', 'provider'],
+      registers: [this.registry],
+    });
+    // palaryn_llm_tokens_total
+    this.llmTokensTotal = new promClient.Counter({
+      name: 'palaryn_llm_tokens_total',
+      help: 'Total LLM tokens by type, model, and provider',
+      labelNames: ['type', 'model', 'provider'],
+      registers: [this.registry],
+    });
+    // palaryn_llm_requests_total
+    this.llmRequestsTotal = new promClient.Counter({
+      name: 'palaryn_llm_requests_total',
+      help: 'Total LLM requests by model, provider, and status',
+      labelNames: ['model', 'provider', 'status'],
+      registers: [this.registry],
+    });
+    // palaryn_llm_latency_seconds
+    this.llmLatencySeconds = new promClient.Histogram({
+      name: 'palaryn_llm_latency_seconds',
+      help: 'LLM request latency in seconds by model and provider',
+      labelNames: ['model', 'provider'],
+      buckets: [0.1, 0.25, 0.5, 1, 2.5, 5, 10, 30, 60],
+      registers: [this.registry],
+    });
+    // palaryn_cache_hits_total
+    this.cacheHitsTotal = new promClient.Counter({
+      name: 'palaryn_cache_hits_total',
+      help: 'Total cache hits by store type',
+      labelNames: ['store'],
+      registers: [this.registry],
+    });
+    // palaryn_cache_misses_total
+    this.cacheMissesTotal = new promClient.Counter({
+      name: 'palaryn_cache_misses_total',
+      help: 'Total cache misses by store type',
+      labelNames: ['store'],
+      registers: [this.registry],
+    });
+    // palaryn_storage_write_failures_total
+    this.storageWriteFailuresTotal = new promClient.Counter({
+      name: 'palaryn_storage_write_failures_total',
+      help: 'Total storage write failures by store and backend',
+      labelNames: ['store', 'backend'],
+      registers: [this.registry],
+    });
+    // palaryn_dlp_truncated_total
+    this.dlpTruncatedTotal = new promClient.Counter({
+      name: 'palaryn_dlp_truncated_total',
+      help: 'Total number of DLP scans that were truncated due to response size limits',
+      registers: [this.registry],
+    });
+  }
+  /**
+   * Record a completed request with its status, tool info, and duration.
+   */
+  recordRequest(status: string, toolName: string, capability: string, durationSeconds: number): void {
+    this.requestsTotal.inc({ status, tool_name: toolName, capability });
+    this.requestDuration.observe({ status, tool_name: toolName }, durationSeconds);
+  }
+  /**
+   * Record a policy engine decision.
+   */
+  recordPolicyDecision(decision: string, ruleId: string): void {
+    this.policyDecisionsTotal.inc({ decision, rule_id: ruleId });
+  }
+  /**
+   * Record a DLP detection event.
+   */
+  recordDLPDetection(detectionType: string, severity: string): void {
+    this.dlpDetectionsTotal.inc({ detection_type: detectionType, severity });
+  }
+  /**
+   * Record a budget block event.
+   */
+  recordBudgetBlock(reasonType: string): void {
+    this.budgetBlockedTotal.inc({ reason_type: reasonType });
+  }
+  /**
+   * Record a rate limit block event.
+   */
+  recordRateLimitBlock(blockedBy: string): void {
+    this.rateLimitBlockedTotal.inc({ blocked_by: blockedBy });
+  }
+  /**
+   * Record an idempotency cache hit.
+   */
+  recordIdempotencyHit(): void {
+    this.idempotencyHitsTotal.inc();
+  }
+  /**
+   * Record an executor error.
+   */
+  recordExecutorError(toolName: string, errorType: string): void {
+    this.executorErrorsTotal.inc({ tool_name: toolName, error_type: errorType });
+  }
+  /**
+   * Set the current count of active (pending) approvals.
+   */
+  setActiveApprovals(count: number): void {
+    this.activeApprovals.set(count);
+  }
+  /**
+   * Record a cost observation.
+   */
+  recordCost(costUsd: number, source: string, toolName: string): void {
+    this.costUsdTotal.inc({ source, tool_name: toolName }, costUsd);
+    this.costPerRequest.observe({ tool_name: toolName }, costUsd);
+  }
+  /**
+   * Record token usage.
+   */
+  recordTokenUsage(type: string, toolName: string, tokens: number): void {
+    this.tokenUsageTotal.inc({ type, tool_name: toolName }, tokens);
+  }
+  /**
+   * Record LLM-specific usage metrics (model, provider, tokens, cost, latency).
+   */
+  recordLLMUsage(params: {
+    model: string;
+    provider: string;
+    inputTokens?: number;
+    outputTokens?: number;
+    costUsd?: number;
+    durationSeconds: number;
+    status: string;
+  }): void {
+    const { model, provider, inputTokens, outputTokens, costUsd, durationSeconds, status } = params;
+    this.llmRequestsTotal.inc({ model, provider, status });
+    this.llmLatencySeconds.observe({ model, provider }, durationSeconds);
+    if (costUsd !== undefined && costUsd > 0) {
+      this.llmCostUsdTotal.inc({ model, provider }, costUsd);
+    }
+    if (inputTokens !== undefined) {
+      this.llmTokensTotal.inc({ type: 'input', model, provider }, inputTokens);
+    }
+    if (outputTokens !== undefined) {
+      this.llmTokensTotal.inc({ type: 'output', model, provider }, outputTokens);
+    }
+  }
+  /**
+   * Record a cache hit for a specific store.
+   */
+  recordCacheHit(store: string): void {
+    this.cacheHitsTotal.inc({ store });
+  }
+  /**
+   * Record a cache miss for a specific store.
+   */
+  recordCacheMiss(store: string): void {
+    this.cacheMissesTotal.inc({ store });
+  }
+  /**
+   * Record a storage write failure.
+   */
+  recordStorageWriteFailure(store: string, backend: string): void {
+    this.storageWriteFailuresTotal.inc({ store, backend });
+  }
+  /**
+   * Record a DLP scan truncation event.
+   */
+  recordDLPTruncation(): void {
+    this.dlpTruncatedTotal.inc();
+  }
+  /**
+   * Get serialized Prometheus metrics for the /metrics endpoint.
+   */
+  async getMetrics(): Promise<string> {
+    return this.registry.metrics();
+  }
+  /**
+   * Get the content type header for Prometheus metrics responses.
+   */
+  getContentType(): string {
+    return this.registry.contentType;
+  }
+  /**
+   * Reset all metrics in the registry. Used during graceful shutdown
+   * to flush metric state before the process exits.
+   */
+  reset(): void {
+    this.registry.resetMetrics();
+  }
+}

package/src/metrics/index.ts ADDED Viewed

	@@ -0,0 +1 @@
1	+ export { GatewayMetrics } from './collector';